feat(singbox-aura,tools): Go port of Aura UDP client + KAT bridge to Rust
Lays the foundation for sing-box mobile clients (Option B from
docs/sing-box.md): an independent Go module that speaks the AuraVPN wire
protocol byte-for-byte. Proof of equivalence is in KAT tests cross-loaded
from a Rust-side deterministic vector exporter.
- tools/export-kat (new Rust bin in workspace): captures a handshake +
derived keys + a sealed datagram record + a knock token using seeded
RNGs (rand::rngs::StdRng + ml-kem's *_deterministic public API), emits
JSON. Reproducible byte-for-byte.
- singbox-aura/ (new Go module, ~3000 LOC, 22 files):
- aura/frame: 5-byte protocol header + Frame{Data,Ping,Pong,Close,
Control} + magic envelope (0xAA,0xAA,0xC0,0x01) — encode/decode
matching aura-proto::frame.
- aura/crypto: hybrid X25519 + ML-KEM-768 (stdlib crypto/ecdh +
crypto/mlkem on Go 1.24+; falls back to circl on older Go via a
documented swap), HKDF-SHA256 derive_session_keys, ChaCha20-Poly1305
with the **LE(u64 counter) || [0;4]** nonce scheme that matches
aura-crypto::AeadKey/AeadSession.
- aura/handshake: client_handshake state machine reproducing protocol.md
§6.2 exactly (CH→SH→ServerAuth→ClientAuth→Finished×2; transcript hash;
ECDSA-P256 transcript signature; HMAC-SHA256 Finished).
- aura/session: DatagramSender/Receiver + 64-wide sliding replay window.
- aura/transport: reliable HS-adapter (DTLS-flight retransmit) + UDP
datagram data path + 16-byte HMAC port-knock with ±1-minute window.
- aura/outbound: sing-box-shaped shim (interface signatures only — sing-
box upstream registration is one more step, documented in README).
- cmd/aura-client: standalone Go binary; reads client.toml via
pelletier/go-toml/v2 and connects to a real aura server. Validates
end-to-end interop with the Rust side.
- KAT: 6 comparisons against Rust vectors — session_keys (HKDF), hybrid
KEM ek/encaps roundtrip, c2s + s2c Finished HMAC, sealed datagram
record at seq=2 (incl. 16-byte Poly1305 tag), knock token. All byte-
for-byte.
Go: 29 tests across 5 packages, all green. Only deps: golang.org/x/crypto
and pelletier/go-toml/v2. Rust: 293 tests still green; tools/export-kat
added to workspace members.
v1 limits documented in singbox-aura/README.md: UDP-only (no TCP/QUIC
fallback yet), no cell padding / cover traffic, no relay/exit role, no
multi-hop, sing-box upstream-registration sketch (vendor sagernet/sing-box +
init() RegisterOutbound) for follow-up.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
xah30
@@ -0,0 +1,99 @@
|
||||
// Package outbound is a thin sing-box-shaped wrapper around the Aura UDP client. It does NOT
|
||||
// import github.com/sagernet/sing-box — keeping the dependency footprint small and the build
|
||||
// self-contained for v1. The interface is shaped after sing-box's outbound (Network,
|
||||
// DialContext, ListenPacket) so a follow-up patch can register this as a real outbound by
|
||||
// vendoring the sing-box module + filling in the missing glue.
|
||||
//
|
||||
// See README.md for the concrete integration steps.
|
||||
package outbound
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/aura/singbox-aura/aura/handshake"
|
||||
"github.com/aura/singbox-aura/aura/transport"
|
||||
)
|
||||
|
||||
// Tag is the identifier this outbound advertises to a sing-box router. Real registration would
|
||||
// set it on the outbound options struct.
|
||||
const Tag = "aura"
|
||||
|
||||
// Network returns the sing-box network type. Aura is connection-oriented over UDP underneath
|
||||
// but the application-layer abstraction is reliable+ordered for streams (TCP-like) and
|
||||
// best-effort for datagrams (UDP-like), so we expose UDP here — matches how the QUIC outbound
|
||||
// is registered.
|
||||
func Network() []string { return []string{"udp"} }
|
||||
|
||||
// Outbound is the per-server configuration that a sing-box-style host instantiates once per
|
||||
// upstream. One Outbound can dial many short-lived connections.
|
||||
type Outbound struct {
|
||||
ServerAddr string // e.g. "203.0.113.10:443"
|
||||
HSConfig *handshake.ClientConfig // CA + leaf cert + leaf key + expected server SNI
|
||||
Opts *transport.Options // optional knock + handshake timers
|
||||
}
|
||||
|
||||
// DialContext opens an Aura UDP connection to the upstream and wraps it as a net.PacketConn
|
||||
// for the sing-box stack to write IP packets to. `network` must be "udp"/"udp4"/"udp6";
|
||||
// `destination` is the application target the sing-box router computed (unused by v1 — Aura
|
||||
// carries opaque IP packets, not per-flow destinations).
|
||||
func (o *Outbound) DialContext(ctx context.Context, network, destination string) (net.PacketConn, error) {
|
||||
switch network {
|
||||
case "udp", "udp4", "udp6":
|
||||
default:
|
||||
return nil, fmt.Errorf("aura/outbound: unsupported network %q", network)
|
||||
}
|
||||
if o.ServerAddr == "" {
|
||||
return nil, errors.New("aura/outbound: ServerAddr is empty")
|
||||
}
|
||||
if o.HSConfig == nil {
|
||||
return nil, errors.New("aura/outbound: HSConfig is nil")
|
||||
}
|
||||
conn, err := transport.Dial(ctx, o.ServerAddr, o.HSConfig, o.Opts)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &packetConnAdapter{conn: conn, dest: destination}, nil
|
||||
}
|
||||
|
||||
// ListenPacket is the same call shape sing-box uses for inbound-style transports; for an
|
||||
// outbound this is a convenience that delegates to DialContext.
|
||||
func (o *Outbound) ListenPacket(ctx context.Context, destination string) (net.PacketConn, error) {
|
||||
return o.DialContext(ctx, "udp", destination)
|
||||
}
|
||||
|
||||
// packetConnAdapter exposes a transport.Connection as net.PacketConn. ReadFrom returns the
|
||||
// next inner IP payload and a placeholder *net.UDPAddr (Aura tunnels opaque IP packets — the
|
||||
// concrete destination addr is decoded by the upper layer). WriteTo simply ships the payload.
|
||||
type packetConnAdapter struct {
|
||||
conn *transport.Connection
|
||||
dest string
|
||||
}
|
||||
|
||||
func (p *packetConnAdapter) ReadFrom(buf []byte) (int, net.Addr, error) {
|
||||
pkt, err := p.conn.Recv()
|
||||
if err != nil {
|
||||
return 0, nil, err
|
||||
}
|
||||
n := copy(buf, pkt)
|
||||
// We do not have a real source addr at this layer; report the peer's identity as a fake
|
||||
// UDP address so any sing-box code that logs addr.String() gets something sensible.
|
||||
addr, _ := net.ResolveUDPAddr("udp", p.dest)
|
||||
return n, addr, nil
|
||||
}
|
||||
|
||||
func (p *packetConnAdapter) WriteTo(buf []byte, _ net.Addr) (int, error) {
|
||||
if err := p.conn.Send(buf); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
return len(buf), nil
|
||||
}
|
||||
|
||||
func (p *packetConnAdapter) Close() error { return p.conn.Close() }
|
||||
func (p *packetConnAdapter) LocalAddr() net.Addr { return &net.UDPAddr{IP: net.IPv4zero} }
|
||||
func (p *packetConnAdapter) SetDeadline(_ time.Time) error { return nil }
|
||||
func (p *packetConnAdapter) SetReadDeadline(_ time.Time) error { return nil }
|
||||
func (p *packetConnAdapter) SetWriteDeadline(_ time.Time) error { return nil }
|
||||
Reference in New Issue
Block a user