feat(encrypt): Add XOR and ChaCha20 encryption with low-end device optimization and openssl support. (#1186)

Add ChaCha20 XOR algorithm, extend AES-GCM-256 capabilities, and integrate OpenSSL support. --------- Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn>
2025-12-12 12:47:25 +08:00 · 2025-08-09 18:53:55 +08:00
parent 7de4b33dd1
commit 0087ac3ffc
13 changed files with 720 additions and 31 deletions
--- a/easytier/src/easytier-core.rs
+++ b/easytier/src/easytier-core.rs
@@ -18,8 +18,9 @@ use clap_complete::Shell;
 use easytier::{
    common::{
        config::{
-            ConfigLoader, ConsoleLoggerConfig, FileLoggerConfig, LoggingConfigLoader,
-            NetworkIdentity, PeerConfig, PortForwardConfig, TomlConfigLoader, VpnPortalConfig,
+            get_avaliable_encrypt_methods, ConfigLoader, ConsoleLoggerConfig, FileLoggerConfig,
+            LoggingConfigLoader, NetworkIdentity, PeerConfig, PortForwardConfig, TomlConfigLoader,
+            VpnPortalConfig,
        },
        constants::EASYTIER_VERSION,
        global_ctx::GlobalCtx,
@@ -283,6 +284,15 @@ struct NetworkOptions {
    )]
    disable_encryption: Option<bool>,

+    #[arg(
+        long,
+        env = "ET_ENCRYPTION_ALGORITHM",
+        help = t!("core_clap.encryption_algorithm").to_string(),
+        default_value = "aes-gcm",
+        value_parser = get_avaliable_encrypt_methods()
+    )]
+    encryption_algorithm: Option<String>,
+
    #[arg(
        long,
        env = "ET_MULTI_THREAD",
@@ -846,6 +856,9 @@ impl NetworkOptions {
        if let Some(v) = self.disable_encryption {
            f.enable_encryption = !v;
        }
+        if let Some(algorithm) = &self.encryption_algorithm {
+            f.encryption_algorithm = algorithm.clone();
+        }
        if let Some(v) = self.disable_ipv6 {
            f.enable_ipv6 = !v;
        }
@@ -894,7 +907,9 @@ impl NetworkOptions {
            .unwrap_or(f.foreign_relay_bps_limit);
        f.multi_thread_count = self.multi_thread_count.unwrap_or(f.multi_thread_count);
        f.disable_relay_kcp = self.disable_relay_kcp.unwrap_or(f.disable_relay_kcp);
-        f.enable_relay_foreign_network_kcp = self.enable_relay_foreign_network_kcp.unwrap_or(f.enable_relay_foreign_network_kcp);
+        f.enable_relay_foreign_network_kcp = self
+            .enable_relay_foreign_network_kcp
+            .unwrap_or(f.enable_relay_foreign_network_kcp);
        cfg.set_flags(f);

        if !self.exit_nodes.is_empty() {