VLESS protocol: Add lightweight, Post-Quantum ML-KEM-768-based PFS 1-RTT / anti-replay 0-RTT AEAD Encryption (#5067)

https://opensea.io/collection/vless
This commit is contained in:
RPRX
2025-08-28 04:55:36 +00:00
parent c2141f09e7
commit 7951a5c4bf
22 changed files with 1161 additions and 119 deletions
+20 -27
View File
@@ -1,17 +1,15 @@
package all
import (
"crypto/ecdh"
"crypto/rand"
"encoding/base64"
"fmt"
"golang.org/x/crypto/curve25519"
"lukechampine.com/blake3"
)
func Curve25519Genkey(StdEncoding bool, input_base64 string) {
var output string
var err error
var privateKey, publicKey []byte
var encoding *base64.Encoding
if *input_stdEncoding || StdEncoding {
encoding = base64.StdEncoding
@@ -19,40 +17,35 @@ func Curve25519Genkey(StdEncoding bool, input_base64 string) {
encoding = base64.RawURLEncoding
}
var privateKey []byte
if len(input_base64) > 0 {
privateKey, err = encoding.DecodeString(input_base64)
if err != nil {
output = err.Error()
goto out
}
if len(privateKey) != curve25519.ScalarSize {
output = "Invalid length of private key."
goto out
privateKey, _ = encoding.DecodeString(input_base64)
if len(privateKey) != 32 {
fmt.Println("Invalid length of X25519 private key.")
return
}
}
if privateKey == nil {
privateKey = make([]byte, curve25519.ScalarSize)
if _, err = rand.Read(privateKey); err != nil {
output = err.Error()
goto out
}
privateKey = make([]byte, 32)
rand.Read(privateKey)
}
// Modify random bytes using algorithm described at:
// https://cr.yp.to/ecdh.html.
// https://cr.yp.to/ecdh.html
// (Just to make sure printing the real private key)
privateKey[0] &= 248
privateKey[31] &= 127
privateKey[31] |= 64
if publicKey, err = curve25519.X25519(privateKey, curve25519.Basepoint); err != nil {
output = err.Error()
goto out
key, err := ecdh.X25519().NewPrivateKey(privateKey)
if err != nil {
fmt.Println(err.Error())
return
}
output = fmt.Sprintf("Private key: %v\nPublic key: %v",
password := key.PublicKey().Bytes()
hash32 := blake3.Sum256(password)
fmt.Printf("PrivateKey: %v\nPassword: %v\nHash32: %v",
encoding.EncodeToString(privateKey),
encoding.EncodeToString(publicKey))
out:
fmt.Println(output)
encoding.EncodeToString(password),
encoding.EncodeToString(hash32[:]))
}