enoch/Xray-core
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-08-22 01:26:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add optional aes128xor layer

Browse Source 
https://github.com/XTLS/Xray-core/pull/4952#issuecomment-3172703168
This commit is contained in:
RPRX
2025-08-11 12:07:00 +00:00
committed by GitHub
parent 2e6a88307c
commit 7ffb555fc8
11 changed files with 146 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
infra/conf/vless.go
View File

@@ -75,8 +75,8 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
config.Decryption = c.Decryption config.Decryption = c.Decryption
if !func() bool { if !func() bool {
s := strings.Split(config.Decryption, "-mlkem768seed-") s := strings.SplitN(config.Decryption, "-", 4)
if len(s) != 2 { if len(s) != 4 || s[2] != "mlkem768seed" {
return false return false
} }
if s[0] != "1rtt" { if s[0] != "1rtt" {
@@ -90,11 +90,18 @@ func (c *VLessInboundConfig) Build() (proto.Message, error) {
} }
config.Minutes = uint32(i) config.Minutes = uint32(i)
} }
b, err := base64.RawURLEncoding.DecodeString(s[1]) switch s[1] {
case "vless":
case "aes128xor":
config.Xor = 1
default:
return false
}
b, err := base64.RawURLEncoding.DecodeString(s[3])
if len(b) != 64 || err != nil { if len(b) != 64 || err != nil {
return false return false
} }
config.Decryption = s[1] config.Decryption = s[3]
return true return true
}() && config.Decryption != "none" { }() && config.Decryption != "none" {
if config.Decryption == "" { if config.Decryption == "" {
@@ -216,8 +223,8 @@ func (c *VLessOutboundConfig) Build() (proto.Message, error) {
} }
if !func() bool { if !func() bool {
s := strings.Split(account.Encryption, "-mlkem768client-") s := strings.SplitN(account.Encryption, "-", 4)
if len(s) != 2 { if len(s) != 4 || s[2] != "mlkem768client" {
return false return false
} }
if s[0] != "1rtt" { if s[0] != "1rtt" {
@@ -231,11 +238,18 @@ func (c *VLessOutboundConfig) Build() (proto.Message, error) {
} }
account.Minutes = uint32(i) account.Minutes = uint32(i)
} }
b, err := base64.RawURLEncoding.DecodeString(s[1]) switch s[1] {
case "vless":
case "aes128xor":
account.Xor = 1
default:
return false
}
b, err := base64.RawURLEncoding.DecodeString(s[3])
if len(b) != 1184 || err != nil { if len(b) != 1184 || err != nil {
return false return false
} }
account.Encryption = s[1] account.Encryption = s[3]
return true return true
}() && account.Encryption != "none" { }() && account.Encryption != "none" {
if account.Encryption == "" { if account.Encryption == "" {

3
proxy/vless/account.go
View File

@@ -18,6 +18,7 @@ func (a *Account) AsAccount() (protocol.Account, error) {
ID: protocol.NewID(id), ID: protocol.NewID(id),
Flow: a.Flow, // needs parser here? Flow: a.Flow, // needs parser here?
Encryption: a.Encryption, // needs parser here? Encryption: a.Encryption, // needs parser here?
Xor: a.Xor,
Minutes: a.Minutes, Minutes: a.Minutes,
}, nil }, nil
} }
@@ -30,6 +31,7 @@ type MemoryAccount struct {
Flow string Flow string
Encryption string Encryption string
Xor uint32
Minutes uint32 Minutes uint32
} }
@@ -47,6 +49,7 @@ func (a *MemoryAccount) ToProto() proto.Message {
Id: a.ID.String(), Id: a.ID.String(),
Flow: a.Flow, Flow: a.Flow,
Encryption: a.Encryption, Encryption: a.Encryption,
Xor: a.Xor,
Minutes: a.Minutes, Minutes: a.Minutes,
} }
} }

31
proxy/vless/account.pb.go
View File

@@ -30,7 +30,8 @@ type Account struct {
// Flow settings. May be "xtls-rprx-vision". // Flow settings. May be "xtls-rprx-vision".
Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"` Flow string `protobuf:"bytes,2,opt,name=flow,proto3" json:"flow,omitempty"`
Encryption string `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"` Encryption string `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"`
Minutes uint32 `protobuf:"varint,4,opt,name=minutes,proto3" json:"minutes,omitempty"` Xor uint32 `protobuf:"varint,4,opt,name=xor,proto3" json:"xor,omitempty"`
Minutes uint32 `protobuf:"varint,5,opt,name=minutes,proto3" json:"minutes,omitempty"`
} }
func (x *Account) Reset() { func (x *Account) Reset() {
@@ -84,6 +85,13 @@ func (x *Account) GetEncryption() string {
return "" return ""
} }
func (x *Account) GetXor() uint32 {
if x != nil {
return x.Xor
}
return 0
}
func (x *Account) GetMinutes() uint32 { func (x *Account) GetMinutes() uint32 {
if x != nil { if x != nil {
return x.Minutes return x.Minutes
@@ -96,20 +104,21 @@ var File_proxy_vless_account_proto protoreflect.FileDescriptor
var file_proxy_vless_account_proto_rawDesc = []byte{ var file_proxy_vless_account_proto_rawDesc = []byte{
0x0a, 0x19, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6c, 0x65, 0x73, 0x73, 0x2f, 0x61, 0x63, 0x0a, 0x19, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6c, 0x65, 0x73, 0x73, 0x2f, 0x61, 0x63,
0x63, 0x6f, 0x75, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x78, 0x72, 0x61, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x78, 0x72, 0x61,
0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6c, 0x65, 0x73, 0x73, 0x22, 0x67, 0x0a, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6c, 0x65, 0x73, 0x73, 0x22, 0x79, 0x0a,
0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01,
0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x6c, 0x6f, 0x77,
0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x12, 0x1e, 0x0a, 0x0a, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x6c, 0x6f, 0x77, 0x12, 0x1e, 0x0a, 0x0a,
0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
0x52, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03,
0x6d, 0x69, 0x6e, 0x75, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x6d, 0x78, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x78, 0x6f, 0x72, 0x12, 0x18,
0x69, 0x6e, 0x75, 0x74, 0x65, 0x73, 0x42, 0x52, 0x0a, 0x14, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x0a, 0x07, 0x6d, 0x69, 0x6e, 0x75, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52,
0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6c, 0x65, 0x73, 0x73, 0x50, 0x01, 0x07, 0x6d, 0x69, 0x6e, 0x75, 0x74, 0x65, 0x73, 0x42, 0x52, 0x0a, 0x14, 0x63, 0x6f, 0x6d, 0x2e,
0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6c, 0x65, 0x73, 0x73,
0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x50, 0x01, 0x5a, 0x25, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78,
0x79, 0x2f, 0x76, 0x6c, 0x65, 0x73, 0x73, 0xaa, 0x02, 0x10, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72,
0x72, 0x6f, 0x78, 0x79, 0x2e, 0x56, 0x6c, 0x65, 0x73, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6c, 0x65, 0x73, 0x73, 0xaa, 0x02, 0x10, 0x58, 0x72, 0x61, 0x79,
0x6f, 0x33, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x56, 0x6c, 0x65, 0x73, 0x73, 0x62, 0x06, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x33,
} }
var ( var (

3
proxy/vless/account.proto
View File

@@ -13,5 +13,6 @@ message Account {
string flow = 2; string flow = 2;
string encryption = 3; string encryption = 3;
uint32 minutes = 4; uint32 xor = 4;
uint32 minutes = 5;
} }

7
proxy/vless/encryption/client.go
View File

@@ -28,6 +28,7 @@ func init() {
type ClientInstance struct { type ClientInstance struct {
sync.RWMutex sync.RWMutex
eKeyNfs *mlkem.EncapsulationKey768 eKeyNfs *mlkem.EncapsulationKey768
xor uint32
minutes time.Duration minutes time.Duration
expire time.Time expire time.Time
baseKey []byte baseKey []byte
@@ -47,8 +48,9 @@ type ClientConn struct {
peerCache []byte peerCache []byte
} }
func (i *ClientInstance) Init(eKeyNfsData []byte, minutes time.Duration) (err error) { func (i *ClientInstance) Init(eKeyNfsData []byte, xor uint32, minutes time.Duration) (err error) {
i.eKeyNfs, err = mlkem.NewEncapsulationKey768(eKeyNfsData) i.eKeyNfs, err = mlkem.NewEncapsulationKey768(eKeyNfsData)
i.xor = xor
i.minutes = minutes i.minutes = minutes
return return
} }
@@ -57,6 +59,9 @@ func (i *ClientInstance) Handshake(conn net.Conn) (net.Conn, error) {
if i.eKeyNfs == nil { if i.eKeyNfs == nil {
return nil, errors.New("uninitialized") return nil, errors.New("uninitialized")
} }
if i.xor == 1 {
conn = NewXorConn(conn, i.eKeyNfs.Bytes())
}
c := &ClientConn{Conn: conn} c := &ClientConn{Conn: conn}
if i.minutes > 0 { if i.minutes > 0 {

7
proxy/vless/encryption/server.go
View File

@@ -26,6 +26,7 @@ type ServerSession struct {
type ServerInstance struct { type ServerInstance struct {
sync.RWMutex sync.RWMutex
dKeyNfs *mlkem.DecapsulationKey768 dKeyNfs *mlkem.DecapsulationKey768
xor uint32
minutes time.Duration minutes time.Duration
sessions map[[21]byte]*ServerSession sessions map[[21]byte]*ServerSession
} }
@@ -43,8 +44,9 @@ type ServerConn struct {
nonce []byte nonce []byte
} }
func (i *ServerInstance) Init(dKeyNfsData []byte, minutes time.Duration) (err error) { func (i *ServerInstance) Init(dKeyNfsData []byte, xor uint32, minutes time.Duration) (err error) {
i.dKeyNfs, err = mlkem.NewDecapsulationKey768(dKeyNfsData) i.dKeyNfs, err = mlkem.NewDecapsulationKey768(dKeyNfsData)
i.xor = xor
if minutes > 0 { if minutes > 0 {
i.minutes = minutes i.minutes = minutes
i.sessions = make(map[[21]byte]*ServerSession) i.sessions = make(map[[21]byte]*ServerSession)
@@ -69,6 +71,9 @@ func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) {
if i.dKeyNfs == nil { if i.dKeyNfs == nil {
return nil, errors.New("uninitialized") return nil, errors.New("uninitialized")
} }
if i.xor == 1 {
conn = NewXorConn(conn, i.dKeyNfs.EncapsulationKey().Bytes())
}
c := &ServerConn{Conn: conn} c := &ServerConn{Conn: conn}
peerTicketHello := make([]byte, 21+32) peerTicketHello := make([]byte, 21+32)

63
proxy/vless/encryption/xor.go Normal file
View File

@@ -0,0 +1,63 @@
package encryption
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"io"
"net"
)
type XorConn struct {
net.Conn
key []byte
ctr cipher.Stream
peerCtr cipher.Stream
}
func NewXorConn(conn net.Conn, key []byte) *XorConn {
return &XorConn{Conn: conn, key: key[:16]}
}
func (c *XorConn) Write(b []byte) (int, error) {
if len(b) == 0 {
return 0, nil
}
var iv []byte
if c.ctr == nil {
block, _ := aes.NewCipher(c.key)
iv = make([]byte, 16)
rand.Read(iv)
c.ctr = cipher.NewCTR(block, iv)
}
c.ctr.XORKeyStream(b, b) // caller MUST discard b
if iv != nil {
b = append(iv, b...)
}
if _, err := c.Conn.Write(b); err != nil {
return 0, err
}
if iv != nil {
b = b[16:]
}
return len(b), nil
}
func (c *XorConn) Read(b []byte) (int, error) {
if len(b) == 0 {
return 0, nil
}
if c.peerCtr == nil {
peerIv := make([]byte, 16)
if _, err := io.ReadFull(c.Conn, peerIv); err != nil {
return 0, err
}
block, _ := aes.NewCipher(c.key)
c.peerCtr = cipher.NewCTR(block, peerIv)
}
n, err := c.Conn.Read(b)
if n > 0 {
c.peerCtr.XORKeyStream(b[:n], b[:n])
}
return n, err
}

31
proxy/vless/inbound/config.pb.go
View File

@@ -114,7 +114,8 @@ type Config struct {
Clients []*protocol.User `protobuf:"bytes,1,rep,name=clients,proto3" json:"clients,omitempty"` Clients []*protocol.User `protobuf:"bytes,1,rep,name=clients,proto3" json:"clients,omitempty"`
Fallbacks []*Fallback `protobuf:"bytes,2,rep,name=fallbacks,proto3" json:"fallbacks,omitempty"` Fallbacks []*Fallback `protobuf:"bytes,2,rep,name=fallbacks,proto3" json:"fallbacks,omitempty"`
Decryption string `protobuf:"bytes,3,opt,name=decryption,proto3" json:"decryption,omitempty"` Decryption string `protobuf:"bytes,3,opt,name=decryption,proto3" json:"decryption,omitempty"`
Minutes uint32 `protobuf:"varint,4,opt,name=minutes,proto3" json:"minutes,omitempty"` Xor uint32 `protobuf:"varint,4,opt,name=xor,proto3" json:"xor,omitempty"`
Minutes uint32 `protobuf:"varint,5,opt,name=minutes,proto3" json:"minutes,omitempty"`
} }
func (x *Config) Reset() { func (x *Config) Reset() {
@@ -168,6 +169,13 @@ func (x *Config) GetDecryption() string {
return "" return ""
} }
func (x *Config) GetXor() uint32 {
if x != nil {
return x.Xor
}
return 0
}
func (x *Config) GetMinutes() uint32 { func (x *Config) GetMinutes() uint32 {
if x != nil { if x != nil {
return x.Minutes return x.Minutes
@@ -191,7 +199,7 @@ var file_proxy_vless_inbound_config_proto_rawDesc = []byte{
0x68, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x74, 0x18, 0x05, 0x20, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x65, 0x73, 0x74, 0x18, 0x05, 0x20,
0x01, 0x28, 0x09, 0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76, 0x65, 0x01, 0x28, 0x09, 0x52, 0x04, 0x64, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x78, 0x76, 0x65,
0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x78, 0x76, 0x65, 0x72, 0x22, 0xba, 0x01, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x78, 0x76, 0x65, 0x72, 0x22, 0xcc, 0x01,
0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x34, 0x0a, 0x07, 0x63, 0x6c, 0x69, 0x65, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x34, 0x0a, 0x07, 0x63, 0x6c, 0x69, 0x65,
0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x78, 0x72, 0x61, 0x79,
0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
@@ -202,15 +210,16 @@ var file_proxy_vless_inbound_config_proto_rawDesc = []byte{
0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, 0x09, 0x66, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x52, 0x09, 0x66, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x73,
0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03,
0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e,
0x12, 0x18, 0x0a, 0x07, 0x6d, 0x69, 0x6e, 0x75, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x12, 0x10, 0x0a, 0x03, 0x78, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x78,
0x0d, 0x52, 0x07, 0x6d, 0x69, 0x6e, 0x75, 0x74, 0x65, 0x73, 0x42, 0x6a, 0x0a, 0x1c, 0x63, 0x6f, 0x6f, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x69, 0x6e, 0x75, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20,
0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76, 0x6c, 0x65, 0x01, 0x28, 0x0d, 0x52, 0x07, 0x6d, 0x69, 0x6e, 0x75, 0x74, 0x65, 0x73, 0x42, 0x6a, 0x0a, 0x1c,
0x73, 0x73, 0x2e, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x76,
0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, 0x6c, 0x65, 0x73, 0x73, 0x2e, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x50, 0x01, 0x5a, 0x2d,
0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x76, 0x6c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f,
0x65, 0x73, 0x73, 0x2f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0xaa, 0x02, 0x18, 0x58, 0x72, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f,
0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x56, 0x6c, 0x65, 0x73, 0x73, 0x2e, 0x49, 0x76, 0x6c, 0x65, 0x73, 0x73, 0x2f, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0xaa, 0x02, 0x18,
0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x56, 0x6c, 0x65, 0x73, 0x73,
0x2e, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
} }
var ( var (

3
proxy/vless/inbound/config.proto
View File

@@ -22,5 +22,6 @@ message Config {
repeated Fallback fallbacks = 2; repeated Fallback fallbacks = 2;
string decryption = 3; string decryption = 3;
uint32 minutes = 4; uint32 xor = 4;
uint32 minutes = 5;
} }

2
proxy/vless/inbound/inbound.go
View File

@@ -87,7 +87,7 @@ func New(ctx context.Context, config *Config, dc dns.Client, validator vless.Val
d, _ := base64.RawURLEncoding.DecodeString(config.Decryption) d, _ := base64.RawURLEncoding.DecodeString(config.Decryption)
if len(d) == 64 { if len(d) == 64 {
handler.decryption = &encryption.ServerInstance{} handler.decryption = &encryption.ServerInstance{}
if err := handler.decryption.Init(d, time.Duration(config.Minutes)*time.Minute); err != nil { if err := handler.decryption.Init(d, config.Xor, time.Duration(config.Minutes)*time.Minute); err != nil {
return nil, errors.New("failed to use mlkem768seed").Base(err).AtError() return nil, errors.New("failed to use mlkem768seed").Base(err).AtError()
} }
} }

2
proxy/vless/outbound/outbound.go
View File

@@ -71,7 +71,7 @@ func New(ctx context.Context, config *Config) (*Handler, error) {
e, _ := base64.RawURLEncoding.DecodeString(a.Encryption) e, _ := base64.RawURLEncoding.DecodeString(a.Encryption)
if len(e) == 1184 { if len(e) == 1184 {
handler.encryption = &encryption.ClientInstance{} handler.encryption = &encryption.ClientInstance{}
if err := handler.encryption.Init(e, time.Duration(a.Minutes)*time.Minute); err != nil { if err := handler.encryption.Init(e, a.Xor, time.Duration(a.Minutes)*time.Minute); err != nil {
return nil, errors.New("failed to use mlkem768client").Base(err).AtError() return nil, errors.New("failed to use mlkem768client").Base(err).AtError()
} }
} }