mirror of
https://github.com/XTLS/REALITY.git
synced 2025-08-22 14:38:35 +00:00
REALITY protocol: Add optional Post-Quantum ML-DSA-65 signature to cert's ExtraExtensions
This commit is contained in:
RPRX
GitHub
parent
69a94c6c1d
commit
69793c8640
@ -562,6 +562,8 @@ type Config struct {
|
||||
MaxTimeDiff time.Duration
|
||||
ShortIds map[[8]byte]bool
|
||||
|
||||
Mldsa65Key []byte
|
||||
|
||||
LimitFallbackUpload LimitFallback
|
||||
LimitFallbackDownload LimitFallback
|
||||
|
||||
|
||||
5
go.mod
5
go.mod
@ -3,9 +3,10 @@ module github.com/xtls/reality
|
||||
go 1.24
|
||||
|
||||
require (
|
||||
github.com/cloudflare/circl v1.6.1
|
||||
github.com/juju/ratelimit v1.0.2
|
||||
github.com/pires/go-proxyproto v0.8.1
|
||||
github.com/refraction-networking/utls v1.7.3
|
||||
golang.org/x/crypto v0.39.0
|
||||
golang.org/x/sys v0.33.0
|
||||
golang.org/x/crypto v0.40.0
|
||||
golang.org/x/sys v0.34.0
|
||||
)
|
||||
|
||||
10
go.sum
10
go.sum
@ -1,10 +1,12 @@
|
||||
github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
|
||||
github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
|
||||
github.com/juju/ratelimit v1.0.2 h1:sRxmtRiajbvrcLQT7S+JbqU0ntsb9W2yhSdNN8tWfaI=
|
||||
github.com/juju/ratelimit v1.0.2/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk=
|
||||
github.com/pires/go-proxyproto v0.8.1 h1:9KEixbdJfhrbtjpz/ZwCdWDD2Xem0NZ38qMYaASJgp0=
|
||||
github.com/pires/go-proxyproto v0.8.1/go.mod h1:ZKAAyp3cgy5Y5Mo4n9AlScrkCZwUy0g3Jf+slqQVcuU=
|
||||
github.com/refraction-networking/utls v1.7.3 h1:L0WRhHY7Oq1T0zkdzVZMR6zWZv+sXbHB9zcuvsAEqCo=
|
||||
github.com/refraction-networking/utls v1.7.3/go.mod h1:TUhh27RHMGtQvjQq+RyO11P6ZNQNBb3N0v7wsEjKAIQ=
|
||||
golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
|
||||
golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
|
||||
golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
|
||||
golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
|
||||
golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
|
||||
golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
|
||||
golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
|
||||
@ -16,6 +16,7 @@ import (
|
||||
"crypto/rsa"
|
||||
"crypto/sha512"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"fmt"
|
||||
@ -26,6 +27,7 @@ import (
|
||||
"sort"
|
||||
"time"
|
||||
|
||||
"github.com/cloudflare/circl/sign/mldsa/mldsa65"
|
||||
"github.com/xtls/reality/fips140tls"
|
||||
"github.com/xtls/reality/hpke"
|
||||
"github.com/xtls/reality/tls13"
|
||||
@ -72,12 +74,15 @@ type serverHandshakeStateTLS13 struct {
|
||||
var (
|
||||
ed25519Priv ed25519.PrivateKey
|
||||
signedCert []byte
|
||||
signedCertMldsa65 []byte
|
||||
)
|
||||
|
||||
func init() {
|
||||
certificate := x509.Certificate{SerialNumber: &big.Int{}}
|
||||
certificateMldsa65 := x509.Certificate{SerialNumber: &big.Int{}, ExtraExtensions: []pkix.Extension{{Id: []int{0, 0}, Value: empty[:3309]}}}
|
||||
_, ed25519Priv, _ = ed25519.GenerateKey(rand.Reader)
|
||||
signedCert, _ = x509.CreateCertificate(rand.Reader, &certificate, &certificate, ed25519.PublicKey(ed25519Priv[32:]), ed25519Priv)
|
||||
signedCertMldsa65, _ = x509.CreateCertificate(rand.Reader, &certificateMldsa65, &certificateMldsa65, ed25519.PublicKey(ed25519Priv[32:]), ed25519Priv)
|
||||
}
|
||||
|
||||
func (hs *serverHandshakeStateTLS13) handshake() error {
|
||||
@ -90,6 +95,10 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
|
||||
}
|
||||
*/
|
||||
{
|
||||
if c.config.Show {
|
||||
fmt.Printf("REALITY remoteAddr: %v\tusing X25519MLKEM768: %v\n", c.RemoteAddr().String(), hs.hello.serverShare.group == X25519MLKEM768)
|
||||
}
|
||||
|
||||
hs.suite = cipherSuiteTLS13ByID(hs.hello.cipherSuite)
|
||||
c.cipherSuite = hs.suite.id
|
||||
hs.transcript = hs.suite.hash.New()
|
||||
@ -130,14 +139,30 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
|
||||
}
|
||||
*/
|
||||
{
|
||||
signedCert := append([]byte{}, signedCert...)
|
||||
if c.config.Show {
|
||||
fmt.Printf("REALITY remoteAddr: %v\tusing ML-DSA-65: %v\n", c.RemoteAddr().String(), len(c.config.Mldsa65Key) > 0)
|
||||
}
|
||||
|
||||
var cert []byte
|
||||
if len(c.config.Mldsa65Key) > 0 {
|
||||
cert = bytes.Clone(signedCertMldsa65)
|
||||
} else {
|
||||
cert = bytes.Clone(signedCert)
|
||||
}
|
||||
|
||||
h := hmac.New(sha512.New, c.AuthKey)
|
||||
h.Write(ed25519Priv[32:])
|
||||
h.Sum(signedCert[:len(signedCert)-64])
|
||||
h.Sum(cert[:len(cert)-64])
|
||||
|
||||
if len(c.config.Mldsa65Key) > 0 {
|
||||
h.Write(hs.clientHello.original)
|
||||
h.Write(hs.hello.original)
|
||||
key, _ := mldsa65.Scheme().UnmarshalBinaryPrivateKey(c.config.Mldsa65Key)
|
||||
mldsa65.SignTo(key.(*mldsa65.PrivateKey), h.Sum(nil), nil, false, cert[126:]) // fixed location
|
||||
}
|
||||
|
||||
hs.cert = &Certificate{
|
||||
Certificate: [][]byte{signedCert},
|
||||
Certificate: [][]byte{cert},
|
||||
PrivateKey: ed25519Priv,
|
||||
}
|
||||
hs.sigAlg = Ed25519
|
||||
|
||||
Loading…
Reference in New Issue
Block a user