notify/client_legacy_security.go

package notify

import (
	"b612.me/starcrypto"
	"errors"
	"fmt"
	"math/rand"
	"time"
)

// Deprecated: ExchangeKey drives the legacy RSA-based key exchange flow.
// Prefer UseModernPSKClient.
func (c *ClientCommon) ExchangeKey(newKey []byte) error {
	pubKey, err := starcrypto.DecodeRsaPublicKey(c.handshakeRsaPubKey)
	if err != nil {
		return err
	}
	newSendKey, err := starcrypto.RSAEncrypt(pubKey, newKey)
	if err != nil {
		return err
	}
	data, err := c.sendWait(TransferMsg{
		ID:    19961127,
		Key:   "sirius",
		Value: newSendKey,
		Type:  MSG_KEY_CHANGE,
	}, time.Second*10)
	if err != nil {
		return err
	}
	if string(data.Value) != "success" {
		return errors.New("cannot exchange new aes-key")
	}
	profile := c.clientTransportProtectionSnapshot()
	profile.mode = ProtectionManaged
	profile.secretKey = cloneTransportProtectionKey(newKey)
	profile.runtime = nil
	c.setClientTransportProtectionProfile(profile)
	time.Sleep(time.Millisecond * 100)
	return nil
}

// Deprecated: aesRsaHello is the legacy RSA-based key exchange bootstrap.
func aesRsaHello(c Client) error {
	newAesKey := []byte(fmt.Sprintf("%d%d%d%s", time.Now().UnixNano(), rand.Int63(), rand.Int63(), "b612.me"))
	newAesKey = []byte(starcrypto.Md5Str(newAesKey))
	return c.ExchangeKey(newAesKey)
}
feat(notify): 重构通信内核并补齐 stream/bulk/record/transfer 能力 - 引入 LogicalConn/TransportConn 分层，ClientConn 保留兼容适配层 - 新增 Stream、Bulk、RecordStream 三条数据面能力及对应控制路径 - 完成 transfer/file 传输内核与状态快照、诊断能力 - 补齐 reconnect、inbound dispatcher、modern psk 等基础模块 - 增加大规模回归、并发与基准测试覆盖 - 更新依赖库 2026-04-15 15:24:36 +08:00			`package notify`

			`import (`
			`"b612.me/starcrypto"`
			`"errors"`
			`"fmt"`
			`"math/rand"`
			`"time"`
			`)`

			`// Deprecated: ExchangeKey drives the legacy RSA-based key exchange flow.`
			`// Prefer UseModernPSKClient.`
			`func (c *ClientCommon) ExchangeKey(newKey []byte) error {`
			`pubKey, err := starcrypto.DecodeRsaPublicKey(c.handshakeRsaPubKey)`
			`if err != nil {`
			`return err`
			`}`
			`newSendKey, err := starcrypto.RSAEncrypt(pubKey, newKey)`
			`if err != nil {`
			`return err`
			`}`
			`data, err := c.sendWait(TransferMsg{`
			`ID: 19961127,`
			`Key: "sirius",`
			`Value: newSendKey,`
			`Type: MSG_KEY_CHANGE,`
			`}, time.Second*10)`
			`if err != nil {`
			`return err`
			`}`
			`if string(data.Value) != "success" {`
			`return errors.New("cannot exchange new aes-key")`
			`}`
feat(transport): 完成安全架构拆分并收口 stream/bulk 传输优化 - 新增 managed/external/nested 三种传输保护模式 - 新增 peer attach 显式认证、抗重放、channel binding 和可选前向保密协商 - 明确单连接注入与可重拨连接源的语义边界 - 禁止 ConnectByConn 场景下 dedicated bulk 走 sidecar，auto 模式自动回退 shared - 修正 dedicated attach 在 bootstrap/steady profile 切换下的处理逻辑 - 优化 shared bulk super-batch 与批量 framed write 路径 - 降低 stream/bulk fast path 的复制和分发损耗 - 补齐 benchmark、回归测试、运行时快照和 README 文档 2026-04-20 16:35:44 +08:00			`profile := c.clientTransportProtectionSnapshot()`
			`profile.mode = ProtectionManaged`
			`profile.secretKey = cloneTransportProtectionKey(newKey)`
			`profile.runtime = nil`
			`c.setClientTransportProtectionProfile(profile)`
feat(notify): 重构通信内核并补齐 stream/bulk/record/transfer 能力 - 引入 LogicalConn/TransportConn 分层，ClientConn 保留兼容适配层 - 新增 Stream、Bulk、RecordStream 三条数据面能力及对应控制路径 - 完成 transfer/file 传输内核与状态快照、诊断能力 - 补齐 reconnect、inbound dispatcher、modern psk 等基础模块 - 增加大规模回归、并发与基准测试覆盖 - 更新依赖库 2026-04-15 15:24:36 +08:00			`time.Sleep(time.Millisecond * 100)`
			`return nil`
			`}`

			`// Deprecated: aesRsaHello is the legacy RSA-based key exchange bootstrap.`
			`func aesRsaHello(c Client) error {`
			`newAesKey := []byte(fmt.Sprintf("%d%d%d%s", time.Now().UnixNano(), rand.Int63(), rand.Int63(), "b612.me"))`
			`newAesKey = []byte(starcrypto.Md5Str(newAesKey))`
			`return c.ExchangeKey(newAesKey)`
			`}`