enoch/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-08-22 09:36:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

SHA256(nfsEKeyBytes) for XOR's key

Browse Source 
https://github.com/XTLS/Xray-core/pull/4952#issuecomment-3185590465
This commit is contained in:
RPRX
2025-08-13 21:37:06 +00:00
committed by GitHub
parent 09cc92c61d
commit 7f778a4e2f
2 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
proxy/vless/encryption/client.go
View File

@@ -5,6 +5,7 @@ import (
"crypto/cipher" "crypto/cipher"
"crypto/mlkem" "crypto/mlkem"
"crypto/rand" "crypto/rand"
"crypto/sha256"
"io" "io"
"net" "net"
"sync" "sync"
@@ -26,7 +27,7 @@ func init() {
type ClientInstance struct { type ClientInstance struct {
sync.RWMutex sync.RWMutex
nfsEKey *mlkem.EncapsulationKey768 nfsEKey *mlkem.EncapsulationKey768
nfsEKeyBytes []byte nfsEKeySha256 [32]byte
xor uint32 xor uint32
minutes time.Duration minutes time.Duration
expire time.Time expire time.Time
@@ -50,7 +51,7 @@ type ClientConn struct {
func (i *ClientInstance) Init(nfsEKeyBytes []byte, xor uint32, minutes time.Duration) (err error) { func (i *ClientInstance) Init(nfsEKeyBytes []byte, xor uint32, minutes time.Duration) (err error) {
i.nfsEKey, err = mlkem.NewEncapsulationKey768(nfsEKeyBytes) i.nfsEKey, err = mlkem.NewEncapsulationKey768(nfsEKeyBytes)
if xor > 0 { if xor > 0 {
i.nfsEKeyBytes = nfsEKeyBytes i.nfsEKeySha256 = sha256.Sum256(nfsEKeyBytes)
i.xor = xor i.xor = xor
} }
i.minutes = minutes i.minutes = minutes
@@ -62,7 +63,7 @@ func (i *ClientInstance) Handshake(conn net.Conn) (net.Conn, error) {
return nil, errors.New("uninitialized") return nil, errors.New("uninitialized")
} }
if i.xor > 0 { if i.xor > 0 {
conn = NewXorConn(conn, i.nfsEKeyBytes) conn = NewXorConn(conn, i.nfsEKeySha256[:])
} }
c := &ClientConn{Conn: conn} c := &ClientConn{Conn: conn}

7
proxy/vless/encryption/server.go
View File

@@ -5,6 +5,7 @@ import (
"crypto/cipher" "crypto/cipher"
"crypto/mlkem" "crypto/mlkem"
"crypto/rand" "crypto/rand"
"crypto/sha256"
"io" "io"
"net" "net"
"sync" "sync"
@@ -24,7 +25,7 @@ type ServerSession struct {
type ServerInstance struct { type ServerInstance struct {
sync.RWMutex sync.RWMutex
nfsDKey *mlkem.DecapsulationKey768 nfsDKey *mlkem.DecapsulationKey768
nfsEKeyBytes []byte nfsEKeySha256 [32]byte
xor uint32 xor uint32
minutes time.Duration minutes time.Duration
sessions map[[21]byte]*ServerSession sessions map[[21]byte]*ServerSession
@@ -47,7 +48,7 @@ type ServerConn struct {
func (i *ServerInstance) Init(nfsDKeySeed []byte, xor uint32, minutes time.Duration) (err error) { func (i *ServerInstance) Init(nfsDKeySeed []byte, xor uint32, minutes time.Duration) (err error) {
i.nfsDKey, err = mlkem.NewDecapsulationKey768(nfsDKeySeed) i.nfsDKey, err = mlkem.NewDecapsulationKey768(nfsDKeySeed)
if xor > 0 { if xor > 0 {
i.nfsEKeyBytes = i.nfsDKey.EncapsulationKey().Bytes() i.nfsEKeySha256 = sha256.Sum256(i.nfsDKey.EncapsulationKey().Bytes())
i.xor = xor i.xor = xor
} }
if minutes > 0 { if minutes > 0 {
@@ -86,7 +87,7 @@ func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) {
return nil, errors.New("uninitialized") return nil, errors.New("uninitialized")
} }
if i.xor > 0 { if i.xor > 0 {
conn = NewXorConn(conn, i.nfsEKeyBytes) conn = NewXorConn(conn, i.nfsEKeySha256[:])
} }
c := &ServerConn{Conn: conn} c := &ServerConn{Conn: conn}