Use X25519 for XOR; Add "divide" (ECH, before and includes type 0); Change config format

https://github.com/XTLS/Xray-core/pull/4952#issuecomment-3207449672
This commit is contained in:
RPRX
2025-08-20 18:17:35 +00:00
committed by GitHub
parent 84835bec7d
commit 373558ed7a
16 changed files with 225 additions and 159 deletions

View File

@@ -3,6 +3,7 @@ package encryption
import (
"bytes"
"crypto/cipher"
"crypto/ecdh"
"crypto/mlkem"
"crypto/rand"
"crypto/sha3"
@@ -27,7 +28,8 @@ type ServerInstance struct {
sync.RWMutex
nfsDKey *mlkem.DecapsulationKey768
hash11 [11]byte // no more capacity
xorKey []byte
xorMode uint32
xorSKey *ecdh.PrivateKey
minutes time.Duration
sessions map[[32]byte]*ServerSession
closed bool
@@ -46,23 +48,24 @@ type ServerConn struct {
nonce []byte
}
func (i *ServerInstance) Init(nfsDKeySeed []byte, xor uint32, minutes time.Duration) (err error) {
func (i *ServerInstance) Init(nfsDKeySeed, xorSKeyBytes []byte, xorMode, minutes uint32) (err error) {
if i.nfsDKey != nil {
err = errors.New("already initialized")
return
}
i.nfsDKey, err = mlkem.NewDecapsulationKey768(nfsDKeySeed)
if err != nil {
if i.nfsDKey, err = mlkem.NewDecapsulationKey768(nfsDKeySeed); err != nil {
return
}
hash32 := sha3.Sum256(i.nfsDKey.EncapsulationKey().Bytes())
copy(i.hash11[:], hash32[:])
if xor > 0 {
xorKey := sha3.Sum256(i.nfsDKey.EncapsulationKey().Bytes())
i.xorKey = xorKey[:]
if xorMode > 0 {
i.xorMode = xorMode
if i.xorSKey, err = ecdh.X25519().NewPrivateKey(xorSKeyBytes); err != nil {
return
}
}
if minutes > 0 {
i.minutes = minutes
i.minutes = time.Duration(minutes) * time.Minute
i.sessions = make(map[[32]byte]*ServerSession)
go func() {
for {
@@ -96,8 +99,11 @@ func (i *ServerInstance) Handshake(conn net.Conn) (*ServerConn, error) {
if i.nfsDKey == nil {
return nil, errors.New("uninitialized")
}
if i.xorKey != nil {
conn = NewXorConn(conn, i.xorKey)
if i.xorMode > 0 {
var err error
if conn, err = NewXorConn(conn, i.xorMode, nil, i.xorSKey); err != nil {
return nil, err
}
}
c := &ServerConn{Conn: conn}
@@ -168,7 +174,7 @@ func (i *ServerInstance) Handshake(conn net.Conn) (*ServerConn, error) {
pfsKey, encapsulatedPfsKey := pfsEKey.Encapsulate()
c.baseKey = append(pfsKey, nfsKey...)
c.ticket = append(i.hash11[:], NewAead(c.cipher, c.baseKey, encapsulatedPfsKey, encapsulatedNfsKey).Seal(nil, peerClientHello[:12], []byte("VLESS"), pfsEKeyBytes)...)
c.ticket = append(i.hash11[:], NewAEAD(c.cipher, c.baseKey, encapsulatedPfsKey, encapsulatedNfsKey).Seal(nil, peerClientHello[:12], []byte("VLESS"), pfsEKeyBytes)...)
paddingLen := crypto.RandBetween(100, 1000)
@@ -222,7 +228,7 @@ func (c *ServerConn) Read(b []byte) (int, error) {
}
c.peerRandom = peerTicketHello[32:]
}
c.peerAead = NewAead(c.cipher, c.baseKey, c.peerRandom, c.ticket)
c.peerAead = NewAEAD(c.cipher, c.baseKey, c.peerRandom, c.ticket)
c.peerNonce = make([]byte, 12)
}
if len(c.PeerCache) != 0 {
@@ -247,7 +253,7 @@ func (c *ServerConn) Read(b []byte) (int, error) {
}
var peerAead cipher.AEAD
if bytes.Equal(c.peerNonce, MaxNonce) {
peerAead = NewAead(c.cipher, c.baseKey, peerData, h)
peerAead = NewAEAD(c.cipher, c.baseKey, peerData, h)
}
_, err = c.peerAead.Open(dst[:0], c.peerNonce, peerData, h)
if peerAead != nil {
@@ -283,7 +289,7 @@ func (c *ServerConn) Write(b []byte) (int, error) {
EncodeHeader(data, 0, 32)
rand.Read(data[5 : 5+32])
EncodeHeader(data[5+32:], 23, len(b)+16)
c.aead = NewAead(c.cipher, c.baseKey, data[5:5+32], c.peerRandom)
c.aead = NewAEAD(c.cipher, c.baseKey, data[5:5+32], c.peerRandom)
c.nonce = make([]byte, 12)
c.aead.Seal(data[:5+32+5], c.nonce, b, data[5+32:5+32+5])
} else {
@@ -291,7 +297,7 @@ func (c *ServerConn) Write(b []byte) (int, error) {
EncodeHeader(data, 23, len(b)+16)
c.aead.Seal(data[:5], c.nonce, b, data[:5])
if bytes.Equal(c.nonce, MaxNonce) {
c.aead = NewAead(c.cipher, c.baseKey, data[5:], data[:5])
c.aead = NewAEAD(c.cipher, c.baseKey, data[5:], data[:5])
}
}
IncreaseNonce(c.nonce)