Use X25519 for XOR; Add "divide" (ECH, before and includes type 0); Change config format

https://github.com/XTLS/Xray-core/pull/4952#issuecomment-3207449672
2025-08-23 10:06:48 +08:00 · 2025-08-20 18:17:35 +00:00
parent 84835bec7d
commit 373558ed7a
16 changed files with 225 additions and 159 deletions
--- a/main/commands/all/curve25519.go
+++ b/main/commands/all/curve25519.go
@@ -1,17 +1,13 @@
 package all

 import (
+	"crypto/ecdh"
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
-
-	"golang.org/x/crypto/curve25519"
 )

 func Curve25519Genkey(StdEncoding bool, input_base64 string) {
-	var output string
-	var err error
-	var privateKey, publicKey []byte
 	var encoding *base64.Encoding
 	if *input_stdEncoding || StdEncoding {
 		encoding = base64.StdEncoding
@@ -19,24 +15,17 @@ func Curve25519Genkey(StdEncoding bool, input_base64 string) {
 		encoding = base64.RawURLEncoding
 	}

+	var privateKey []byte
 	if len(input_base64) > 0 {
-		privateKey, err = encoding.DecodeString(input_base64)
-		if err != nil {
-			output = err.Error()
-			goto out
-		}
-		if len(privateKey) != curve25519.ScalarSize {
-			output = "Invalid length of private key."
-			goto out
+		privateKey, _ = encoding.DecodeString(input_base64)
+		if len(privateKey) != 32 {
+			fmt.Println("Invalid length of X25519 private key.")
+			return
 		}
 	}
-
 	if privateKey == nil {
-		privateKey = make([]byte, curve25519.ScalarSize)
-		if _, err = rand.Read(privateKey); err != nil {
-			output = err.Error()
-			goto out
-		}
+		privateKey = make([]byte, 32)
+		rand.Read(privateKey)
 	}

 	// Modify random bytes using algorithm described at:
@@ -45,14 +34,12 @@ func Curve25519Genkey(StdEncoding bool, input_base64 string) {
 	privateKey[31] &= 127
 	privateKey[31] |= 64

-	if publicKey, err = curve25519.X25519(privateKey, curve25519.Basepoint); err != nil {
-		output = err.Error()
-		goto out
+	key, err := ecdh.X25519().NewPrivateKey(privateKey)
+	if err != nil {
+		fmt.Println(err.Error())
+		return
 	}
-
-	output = fmt.Sprintf("Private key: %v\nPublic key: %v",
+	fmt.Printf("PrivateKey: %v\nPassword: %v",
 		encoding.EncodeToString(privateKey),
-		encoding.EncodeToString(publicKey))
-out:
-	fmt.Println(output)
+		encoding.EncodeToString(key.PublicKey().Bytes()))
 }
--- a/main/commands/all/mlkem768.go
+++ b/main/commands/all/mlkem768.go
@@ -3,6 +3,7 @@ package all
 import (
 	"crypto/mlkem"
 	"crypto/rand"
+	"crypto/sha3"
 	"encoding/base64"
 	"fmt"

@@ -40,8 +41,10 @@ func executeMLKEM768(cmd *base.Command, args []string) {
 		rand.Read(seed[:])
 	}
 	key, _ := mlkem.NewDecapsulationKey768(seed[:])
-	pub := key.EncapsulationKey()
-	fmt.Printf("Seed: %v\nClient: %v",
+	client := key.EncapsulationKey().Bytes()
+	hash32 := sha3.Sum256(client)
+	fmt.Printf("Seed: %v\nClient: %v\nHash11: %v",
 		base64.RawURLEncoding.EncodeToString(seed[:]),
-		base64.RawURLEncoding.EncodeToString(pub.Bytes()))
+		base64.RawURLEncoding.EncodeToString(client),
+		base64.RawURLEncoding.EncodeToString(hash32[:11]))
 }
--- a/main/commands/all/x25519.go
+++ b/main/commands/all/x25519.go
@@ -6,9 +6,9 @@ import (

 var cmdX25519 = &base.Command{
 	UsageLine: `{{.Exec}} x25519 [-i "private key (base64.RawURLEncoding)"] [--std-encoding]`,
-	Short:     `Generate key pair for X25519 key exchange (REALITY)`,
+	Short:     `Generate key pair for X25519 key exchange (VLESS, REALITY)`,
 	Long: `
-Generate key pair for X25519 key exchange (REALITY).
+Generate key pair for X25519 key exchange (VLESS, REALITY).

 Random: {{.Exec}} x25519