diff --git a/go.mod b/go.mod index b92dff14..de5eacdc 100644 --- a/go.mod +++ b/go.mod @@ -19,10 +19,12 @@ require ( github.com/metacubex/blake3 v0.1.0 github.com/metacubex/chacha v0.1.5 github.com/metacubex/chi v0.1.0 + github.com/metacubex/cpu v0.1.0 github.com/metacubex/fswatch v0.1.1 github.com/metacubex/gopacket v1.1.20-0.20230608035415-7e2f98a3e759 github.com/metacubex/http v0.1.0 github.com/metacubex/kcp-go v0.0.0-20251111012849-7455698490e9 + github.com/metacubex/mlkem v0.1.0 github.com/metacubex/quic-go v0.57.1-0.20251217071004-e89f497a2e72 github.com/metacubex/randv2 v0.2.0 github.com/metacubex/restls-client-go v0.1.7 @@ -90,11 +92,9 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mdlayher/socket v0.4.1 // indirect github.com/metacubex/ascon v0.1.0 // indirect - github.com/metacubex/cpu v0.1.0 // indirect github.com/metacubex/gvisor v0.0.0-20250919004547-6122b699a301 // indirect github.com/metacubex/hkdf v0.1.0 // indirect github.com/metacubex/hpke v0.1.0 // indirect - github.com/metacubex/mlkem v0.1.0 // indirect github.com/metacubex/nftables v0.0.0-20250503052935-30a69ab87793 // indirect github.com/metacubex/qpack v0.6.0 // indirect github.com/metacubex/yamux v0.0.0-20250918083631-dd5f17c0be49 // indirect diff --git a/transport/vless/encryption/client.go b/transport/vless/encryption/client.go index bcfce08e..03769f9d 100644 --- a/transport/vless/encryption/client.go +++ b/transport/vless/encryption/client.go @@ -7,12 +7,23 @@ import ( "errors" "io" "net" + "runtime" "sync" "time" "github.com/metacubex/blake3" - utls "github.com/metacubex/utls" - "github.com/metacubex/utls/mlkem" + "github.com/metacubex/cpu" + "github.com/metacubex/mlkem" +) + +var ( + // Keep in sync with crypto/internal/fips140/aes/gcm.supportsAESGCM. + hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ && cpu.X86.HasSSE41 && cpu.X86.HasSSSE3 + hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL + hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCTR && cpu.S390X.HasGHASH + hasGCMAsmPPC64 = runtime.GOARCH == "ppc64" || runtime.GOARCH == "ppc64le" + + HasAESGCMHardwareSupport = hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X || hasGCMAsmPPC64 ) type ClientInstance struct { @@ -66,7 +77,7 @@ func (i *ClientInstance) Handshake(conn net.Conn) (*CommonConn, error) { if i.NfsPKeys == nil { return nil, errors.New("uninitialized") } - c := NewCommonConn(conn, utls.HasAESGCMHardwareSupport()) + c := NewCommonConn(conn, HasAESGCMHardwareSupport) ivAndRealysLength := 16 + i.RelaysLength pfsKeyExchangeLength := 18 + 1184 + 32 + 16 diff --git a/transport/vless/encryption/client_test.go b/transport/vless/encryption/client_test.go index 793d0191..c61069e0 100644 --- a/transport/vless/encryption/client_test.go +++ b/transport/vless/encryption/client_test.go @@ -4,17 +4,15 @@ import ( "fmt" "runtime" "testing" - - utls "github.com/metacubex/utls" ) func TestHasAESGCMHardwareSupport(t *testing.T) { - fmt.Println("HasAESGCMHardwareSupport:", utls.HasAESGCMHardwareSupport()) + fmt.Println("HasAESGCMHardwareSupport:", HasAESGCMHardwareSupport) if runtime.GOARCH == "arm64" && runtime.GOOS == "darwin" { // It should be supported starting from Apple Silicon M1 // https://github.com/golang/go/blob/go1.25.0/src/internal/cpu/cpu_arm64_darwin.go#L26-L30 - if !utls.HasAESGCMHardwareSupport() { + if !HasAESGCMHardwareSupport { t.Errorf("For ARM64 Darwin platforms (excluding iOS), AES GCM hardware acceleration should always be available.") } } diff --git a/transport/vless/encryption/key.go b/transport/vless/encryption/key.go index af9ac033..98dd241c 100644 --- a/transport/vless/encryption/key.go +++ b/transport/vless/encryption/key.go @@ -7,7 +7,7 @@ import ( "fmt" "github.com/metacubex/blake3" - "github.com/metacubex/utls/mlkem" + "github.com/metacubex/mlkem" ) const MLKEM768SeedLength = mlkem.SeedSize diff --git a/transport/vless/encryption/server.go b/transport/vless/encryption/server.go index 71185698..7d0e86e9 100644 --- a/transport/vless/encryption/server.go +++ b/transport/vless/encryption/server.go @@ -13,7 +13,7 @@ import ( "time" "github.com/metacubex/blake3" - "github.com/metacubex/utls/mlkem" + "github.com/metacubex/mlkem" ) type ServerSession struct {