mirror of
https://github.com/XTLS/REALITY.git
synced 2025-08-22 14:38:35 +00:00
REALITY protocol: Add optional Post-Quantum ML-DSA-65 signature to cert's ExtraExtensions
This commit is contained in:
RPRX
GitHub
parent
69a94c6c1d
commit
69793c8640
@ -562,6 +562,8 @@ type Config struct {
|
|||||||
MaxTimeDiff time.Duration
|
MaxTimeDiff time.Duration
|
||||||
ShortIds map[[8]byte]bool
|
ShortIds map[[8]byte]bool
|
||||||
|
|
||||||
|
Mldsa65Key []byte
|
||||||
|
|
||||||
LimitFallbackUpload LimitFallback
|
LimitFallbackUpload LimitFallback
|
||||||
LimitFallbackDownload LimitFallback
|
LimitFallbackDownload LimitFallback
|
||||||
|
|
||||||
|
|||||||
5
go.mod
5
go.mod
@ -3,9 +3,10 @@ module github.com/xtls/reality
|
|||||||
go 1.24
|
go 1.24
|
||||||
|
|
||||||
require (
|
require (
|
||||||
|
github.com/cloudflare/circl v1.6.1
|
||||||
github.com/juju/ratelimit v1.0.2
|
github.com/juju/ratelimit v1.0.2
|
||||||
github.com/pires/go-proxyproto v0.8.1
|
github.com/pires/go-proxyproto v0.8.1
|
||||||
github.com/refraction-networking/utls v1.7.3
|
github.com/refraction-networking/utls v1.7.3
|
||||||
golang.org/x/crypto v0.39.0
|
golang.org/x/crypto v0.40.0
|
||||||
golang.org/x/sys v0.33.0
|
golang.org/x/sys v0.34.0
|
||||||
)
|
)
|
||||||
|
|||||||
10
go.sum
10
go.sum
@ -1,10 +1,12 @@
|
|||||||
|
github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
|
||||||
|
github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
|
||||||
github.com/juju/ratelimit v1.0.2 h1:sRxmtRiajbvrcLQT7S+JbqU0ntsb9W2yhSdNN8tWfaI=
|
github.com/juju/ratelimit v1.0.2 h1:sRxmtRiajbvrcLQT7S+JbqU0ntsb9W2yhSdNN8tWfaI=
|
||||||
github.com/juju/ratelimit v1.0.2/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk=
|
github.com/juju/ratelimit v1.0.2/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk=
|
||||||
github.com/pires/go-proxyproto v0.8.1 h1:9KEixbdJfhrbtjpz/ZwCdWDD2Xem0NZ38qMYaASJgp0=
|
github.com/pires/go-proxyproto v0.8.1 h1:9KEixbdJfhrbtjpz/ZwCdWDD2Xem0NZ38qMYaASJgp0=
|
||||||
github.com/pires/go-proxyproto v0.8.1/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
|
github.com/pires/go-proxyproto v0.8.1/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
|
||||||
github.com/refraction-networking/utls v1.7.3 h1:L0WRhHY7Oq1T0zkdzVZMR6zWZv+sXbHB9zcuvsAEqCo=
|
github.com/refraction-networking/utls v1.7.3 h1:L0WRhHY7Oq1T0zkdzVZMR6zWZv+sXbHB9zcuvsAEqCo=
|
||||||
github.com/refraction-networking/utls v1.7.3/go.mod h1:TUhh27RHMGtQvjQq+RyO11P6ZNQNBb3N0v7wsEjKAIQ=
|
github.com/refraction-networking/utls v1.7.3/go.mod h1:TUhh27RHMGtQvjQq+RyO11P6ZNQNBb3N0v7wsEjKAIQ=
|
||||||
golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
|
golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
|
||||||
golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
|
golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
|
||||||
golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
|
golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
|
||||||
golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||||
|
|||||||
@ -16,6 +16,7 @@ import (
|
|||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"crypto/sha512"
|
"crypto/sha512"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
|
"crypto/x509/pkix"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
@ -26,6 +27,7 @@ import (
|
|||||||
"sort"
|
"sort"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/cloudflare/circl/sign/mldsa/mldsa65"
|
||||||
"github.com/xtls/reality/fips140tls"
|
"github.com/xtls/reality/fips140tls"
|
||||||
"github.com/xtls/reality/hpke"
|
"github.com/xtls/reality/hpke"
|
||||||
"github.com/xtls/reality/tls13"
|
"github.com/xtls/reality/tls13"
|
||||||
@ -70,14 +72,17 @@ type serverHandshakeStateTLS13 struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
ed25519Priv ed25519.PrivateKey
|
ed25519Priv ed25519.PrivateKey
|
||||||
signedCert []byte
|
signedCert []byte
|
||||||
|
signedCertMldsa65 []byte
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
certificate := x509.Certificate{SerialNumber: &big.Int{}}
|
certificate := x509.Certificate{SerialNumber: &big.Int{}}
|
||||||
|
certificateMldsa65 := x509.Certificate{SerialNumber: &big.Int{}, ExtraExtensions: []pkix.Extension{{Id: []int{0, 0}, Value: empty[:3309]}}}
|
||||||
_, ed25519Priv, _ = ed25519.GenerateKey(rand.Reader)
|
_, ed25519Priv, _ = ed25519.GenerateKey(rand.Reader)
|
||||||
signedCert, _ = x509.CreateCertificate(rand.Reader, &certificate, &certificate, ed25519.PublicKey(ed25519Priv[32:]), ed25519Priv)
|
signedCert, _ = x509.CreateCertificate(rand.Reader, &certificate, &certificate, ed25519.PublicKey(ed25519Priv[32:]), ed25519Priv)
|
||||||
|
signedCertMldsa65, _ = x509.CreateCertificate(rand.Reader, &certificateMldsa65, &certificateMldsa65, ed25519.PublicKey(ed25519Priv[32:]), ed25519Priv)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (hs *serverHandshakeStateTLS13) handshake() error {
|
func (hs *serverHandshakeStateTLS13) handshake() error {
|
||||||
@ -90,6 +95,10 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
|
|||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
{
|
{
|
||||||
|
if c.config.Show {
|
||||||
|
fmt.Printf("REALITY remoteAddr: %v\tusing X25519MLKEM768: %v\n", c.RemoteAddr().String(), hs.hello.serverShare.group == X25519MLKEM768)
|
||||||
|
}
|
||||||
|
|
||||||
hs.suite = cipherSuiteTLS13ByID(hs.hello.cipherSuite)
|
hs.suite = cipherSuiteTLS13ByID(hs.hello.cipherSuite)
|
||||||
c.cipherSuite = hs.suite.id
|
c.cipherSuite = hs.suite.id
|
||||||
hs.transcript = hs.suite.hash.New()
|
hs.transcript = hs.suite.hash.New()
|
||||||
@ -130,14 +139,30 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
|
|||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
{
|
{
|
||||||
signedCert := append([]byte{}, signedCert...)
|
if c.config.Show {
|
||||||
|
fmt.Printf("REALITY remoteAddr: %v\tusing ML-DSA-65: %v\n", c.RemoteAddr().String(), len(c.config.Mldsa65Key) > 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
var cert []byte
|
||||||
|
if len(c.config.Mldsa65Key) > 0 {
|
||||||
|
cert = bytes.Clone(signedCertMldsa65)
|
||||||
|
} else {
|
||||||
|
cert = bytes.Clone(signedCert)
|
||||||
|
}
|
||||||
|
|
||||||
h := hmac.New(sha512.New, c.AuthKey)
|
h := hmac.New(sha512.New, c.AuthKey)
|
||||||
h.Write(ed25519Priv[32:])
|
h.Write(ed25519Priv[32:])
|
||||||
h.Sum(signedCert[:len(signedCert)-64])
|
h.Sum(cert[:len(cert)-64])
|
||||||
|
|
||||||
|
if len(c.config.Mldsa65Key) > 0 {
|
||||||
|
h.Write(hs.clientHello.original)
|
||||||
|
h.Write(hs.hello.original)
|
||||||
|
key, _ := mldsa65.Scheme().UnmarshalBinaryPrivateKey(c.config.Mldsa65Key)
|
||||||
|
mldsa65.SignTo(key.(*mldsa65.PrivateKey), h.Sum(nil), nil, false, cert[126:]) // fixed location
|
||||||
|
}
|
||||||
|
|
||||||
hs.cert = &Certificate{
|
hs.cert = &Certificate{
|
||||||
Certificate: [][]byte{signedCert},
|
Certificate: [][]byte{cert},
|
||||||
PrivateKey: ed25519Priv,
|
PrivateKey: ed25519Priv,
|
||||||
}
|
}
|
||||||
hs.sigAlg = Ed25519
|
hs.sigAlg = Ed25519
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user