mirror of
https://github.com/XTLS/Xray-core.git
synced 2026-07-02 09:48:43 +00:00
VLESS protocol: Add lightweight, Post-Quantum ML-KEM-768-based PFS 1-RTT / anti-replay 0-RTT AEAD Encryption (#5067)
https://opensea.io/collection/vless
This commit is contained in:
@@ -17,5 +17,6 @@ func init() {
|
||||
cmdX25519,
|
||||
cmdWG,
|
||||
cmdMLDSA65,
|
||||
cmdMLKEM768,
|
||||
)
|
||||
}
|
||||
|
||||
@@ -1,17 +1,15 @@
|
||||
package all
|
||||
|
||||
import (
|
||||
"crypto/ecdh"
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
|
||||
"golang.org/x/crypto/curve25519"
|
||||
"lukechampine.com/blake3"
|
||||
)
|
||||
|
||||
func Curve25519Genkey(StdEncoding bool, input_base64 string) {
|
||||
var output string
|
||||
var err error
|
||||
var privateKey, publicKey []byte
|
||||
var encoding *base64.Encoding
|
||||
if *input_stdEncoding || StdEncoding {
|
||||
encoding = base64.StdEncoding
|
||||
@@ -19,40 +17,35 @@ func Curve25519Genkey(StdEncoding bool, input_base64 string) {
|
||||
encoding = base64.RawURLEncoding
|
||||
}
|
||||
|
||||
var privateKey []byte
|
||||
if len(input_base64) > 0 {
|
||||
privateKey, err = encoding.DecodeString(input_base64)
|
||||
if err != nil {
|
||||
output = err.Error()
|
||||
goto out
|
||||
}
|
||||
if len(privateKey) != curve25519.ScalarSize {
|
||||
output = "Invalid length of private key."
|
||||
goto out
|
||||
privateKey, _ = encoding.DecodeString(input_base64)
|
||||
if len(privateKey) != 32 {
|
||||
fmt.Println("Invalid length of X25519 private key.")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if privateKey == nil {
|
||||
privateKey = make([]byte, curve25519.ScalarSize)
|
||||
if _, err = rand.Read(privateKey); err != nil {
|
||||
output = err.Error()
|
||||
goto out
|
||||
}
|
||||
privateKey = make([]byte, 32)
|
||||
rand.Read(privateKey)
|
||||
}
|
||||
|
||||
// Modify random bytes using algorithm described at:
|
||||
// https://cr.yp.to/ecdh.html.
|
||||
// https://cr.yp.to/ecdh.html
|
||||
// (Just to make sure printing the real private key)
|
||||
privateKey[0] &= 248
|
||||
privateKey[31] &= 127
|
||||
privateKey[31] |= 64
|
||||
|
||||
if publicKey, err = curve25519.X25519(privateKey, curve25519.Basepoint); err != nil {
|
||||
output = err.Error()
|
||||
goto out
|
||||
key, err := ecdh.X25519().NewPrivateKey(privateKey)
|
||||
if err != nil {
|
||||
fmt.Println(err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
output = fmt.Sprintf("Private key: %v\nPublic key: %v",
|
||||
password := key.PublicKey().Bytes()
|
||||
hash32 := blake3.Sum256(password)
|
||||
fmt.Printf("PrivateKey: %v\nPassword: %v\nHash32: %v",
|
||||
encoding.EncodeToString(privateKey),
|
||||
encoding.EncodeToString(publicKey))
|
||||
out:
|
||||
fmt.Println(output)
|
||||
encoding.EncodeToString(password),
|
||||
encoding.EncodeToString(hash32[:]))
|
||||
}
|
||||
|
||||
@@ -11,9 +11,9 @@ import (
|
||||
|
||||
var cmdMLDSA65 = &base.Command{
|
||||
UsageLine: `{{.Exec}} mldsa65 [-i "seed (base64.RawURLEncoding)"]`,
|
||||
Short: `Generate key pair for ML-DSA-65 post-quantum signature`,
|
||||
Short: `Generate key pair for ML-DSA-65 post-quantum signature (REALITY)`,
|
||||
Long: `
|
||||
Generate key pair for ML-DSA-65 post-quantum signature.
|
||||
Generate key pair for ML-DSA-65 post-quantum signature (REALITY).
|
||||
|
||||
Random: {{.Exec}} mldsa65
|
||||
|
||||
@@ -25,12 +25,16 @@ func init() {
|
||||
cmdMLDSA65.Run = executeMLDSA65 // break init loop
|
||||
}
|
||||
|
||||
var input_seed = cmdMLDSA65.Flag.String("i", "", "")
|
||||
var input_mldsa65 = cmdMLDSA65.Flag.String("i", "", "")
|
||||
|
||||
func executeMLDSA65(cmd *base.Command, args []string) {
|
||||
var seed [32]byte
|
||||
if len(*input_seed) > 0 {
|
||||
s, _ := base64.RawURLEncoding.DecodeString(*input_seed)
|
||||
if len(*input_mldsa65) > 0 {
|
||||
s, _ := base64.RawURLEncoding.DecodeString(*input_mldsa65)
|
||||
if len(s) != 32 {
|
||||
fmt.Println("Invalid length of ML-DSA-65 seed.")
|
||||
return
|
||||
}
|
||||
seed = [32]byte(s)
|
||||
} else {
|
||||
rand.Read(seed[:])
|
||||
|
||||
@@ -0,0 +1,50 @@
|
||||
package all
|
||||
|
||||
import (
|
||||
"crypto/mlkem"
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
|
||||
"github.com/xtls/xray-core/main/commands/base"
|
||||
"lukechampine.com/blake3"
|
||||
)
|
||||
|
||||
var cmdMLKEM768 = &base.Command{
|
||||
UsageLine: `{{.Exec}} mlkem768 [-i "seed (base64.RawURLEncoding)"]`,
|
||||
Short: `Generate key pair for ML-KEM-768 post-quantum key exchange (VLESS)`,
|
||||
Long: `
|
||||
Generate key pair for ML-KEM-768 post-quantum key exchange (VLESS).
|
||||
|
||||
Random: {{.Exec}} mlkem768
|
||||
|
||||
From seed: {{.Exec}} mlkem768 -i "seed (base64.RawURLEncoding)"
|
||||
`,
|
||||
}
|
||||
|
||||
func init() {
|
||||
cmdMLKEM768.Run = executeMLKEM768 // break init loop
|
||||
}
|
||||
|
||||
var input_mlkem768 = cmdMLKEM768.Flag.String("i", "", "")
|
||||
|
||||
func executeMLKEM768(cmd *base.Command, args []string) {
|
||||
var seed [64]byte
|
||||
if len(*input_mlkem768) > 0 {
|
||||
s, _ := base64.RawURLEncoding.DecodeString(*input_mlkem768)
|
||||
if len(s) != 64 {
|
||||
fmt.Println("Invalid length of ML-KEM-768 seed.")
|
||||
return
|
||||
}
|
||||
seed = [64]byte(s)
|
||||
} else {
|
||||
rand.Read(seed[:])
|
||||
}
|
||||
key, _ := mlkem.NewDecapsulationKey768(seed[:])
|
||||
client := key.EncapsulationKey().Bytes()
|
||||
hash32 := blake3.Sum256(client)
|
||||
fmt.Printf("Seed: %v\nClient: %v\nHash32: %v",
|
||||
base64.RawURLEncoding.EncodeToString(seed[:]),
|
||||
base64.RawURLEncoding.EncodeToString(client),
|
||||
base64.RawURLEncoding.EncodeToString(hash32[:]))
|
||||
}
|
||||
@@ -9,9 +9,9 @@ import (
|
||||
|
||||
var cmdUUID = &base.Command{
|
||||
UsageLine: `{{.Exec}} uuid [-i "example"]`,
|
||||
Short: `Generate UUIDv4 or UUIDv5`,
|
||||
Short: `Generate UUIDv4 or UUIDv5 (VLESS)`,
|
||||
Long: `
|
||||
Generate UUIDv4 or UUIDv5.
|
||||
Generate UUIDv4 or UUIDv5 (VLESS).
|
||||
|
||||
UUIDv4 (random): {{.Exec}} uuid
|
||||
|
||||
|
||||
@@ -6,9 +6,9 @@ import (
|
||||
|
||||
var cmdWG = &base.Command{
|
||||
UsageLine: `{{.Exec}} wg [-i "private key (base64.StdEncoding)"]`,
|
||||
Short: `Generate key pair for wireguard key exchange`,
|
||||
Short: `Generate key pair for X25519 key exchange (WireGuard)`,
|
||||
Long: `
|
||||
Generate key pair for wireguard key exchange.
|
||||
Generate key pair for X25519 key exchange (WireGuard).
|
||||
|
||||
Random: {{.Exec}} wg
|
||||
|
||||
|
||||
@@ -6,9 +6,9 @@ import (
|
||||
|
||||
var cmdX25519 = &base.Command{
|
||||
UsageLine: `{{.Exec}} x25519 [-i "private key (base64.RawURLEncoding)"] [--std-encoding]`,
|
||||
Short: `Generate key pair for x25519 key exchange`,
|
||||
Short: `Generate key pair for X25519 key exchange (VLESS, REALITY)`,
|
||||
Long: `
|
||||
Generate key pair for x25519 key exchange.
|
||||
Generate key pair for X25519 key exchange (VLESS, REALITY).
|
||||
|
||||
Random: {{.Exec}} x25519
|
||||
|
||||
|
||||
Reference in New Issue
Block a user