From 7f778a4e2f123dc03fe57fbf24da59dcaf270f8a Mon Sep 17 00:00:00 2001 From: RPRX <63339210+RPRX@users.noreply.github.com> Date: Wed, 13 Aug 2025 21:37:06 +0000 Subject: [PATCH] SHA256(nfsEKeyBytes) for XOR's key https://github.com/XTLS/Xray-core/pull/4952#issuecomment-3185590465 --- proxy/vless/encryption/client.go | 19 ++++++++++--------- proxy/vless/encryption/server.go | 17 +++++++++-------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/proxy/vless/encryption/client.go b/proxy/vless/encryption/client.go index a51f2930..2faf745a 100644 --- a/proxy/vless/encryption/client.go +++ b/proxy/vless/encryption/client.go @@ -5,6 +5,7 @@ import ( "crypto/cipher" "crypto/mlkem" "crypto/rand" + "crypto/sha256" "io" "net" "sync" @@ -25,13 +26,13 @@ func init() { type ClientInstance struct { sync.RWMutex - nfsEKey *mlkem.EncapsulationKey768 - nfsEKeyBytes []byte - xor uint32 - minutes time.Duration - expire time.Time - baseKey []byte - ticket []byte + nfsEKey *mlkem.EncapsulationKey768 + nfsEKeySha256 [32]byte + xor uint32 + minutes time.Duration + expire time.Time + baseKey []byte + ticket []byte } type ClientConn struct { @@ -50,7 +51,7 @@ type ClientConn struct { func (i *ClientInstance) Init(nfsEKeyBytes []byte, xor uint32, minutes time.Duration) (err error) { i.nfsEKey, err = mlkem.NewEncapsulationKey768(nfsEKeyBytes) if xor > 0 { - i.nfsEKeyBytes = nfsEKeyBytes + i.nfsEKeySha256 = sha256.Sum256(nfsEKeyBytes) i.xor = xor } i.minutes = minutes @@ -62,7 +63,7 @@ func (i *ClientInstance) Handshake(conn net.Conn) (net.Conn, error) { return nil, errors.New("uninitialized") } if i.xor > 0 { - conn = NewXorConn(conn, i.nfsEKeyBytes) + conn = NewXorConn(conn, i.nfsEKeySha256[:]) } c := &ClientConn{Conn: conn} diff --git a/proxy/vless/encryption/server.go b/proxy/vless/encryption/server.go index 99b73ce4..49e0b9df 100644 --- a/proxy/vless/encryption/server.go +++ b/proxy/vless/encryption/server.go @@ -5,6 +5,7 @@ import ( "crypto/cipher" "crypto/mlkem" "crypto/rand" + "crypto/sha256" "io" "net" "sync" @@ -23,12 +24,12 @@ type ServerSession struct { type ServerInstance struct { sync.RWMutex - nfsDKey *mlkem.DecapsulationKey768 - nfsEKeyBytes []byte - xor uint32 - minutes time.Duration - sessions map[[21]byte]*ServerSession - closed bool + nfsDKey *mlkem.DecapsulationKey768 + nfsEKeySha256 [32]byte + xor uint32 + minutes time.Duration + sessions map[[21]byte]*ServerSession + closed bool } type ServerConn struct { @@ -47,7 +48,7 @@ type ServerConn struct { func (i *ServerInstance) Init(nfsDKeySeed []byte, xor uint32, minutes time.Duration) (err error) { i.nfsDKey, err = mlkem.NewDecapsulationKey768(nfsDKeySeed) if xor > 0 { - i.nfsEKeyBytes = i.nfsDKey.EncapsulationKey().Bytes() + i.nfsEKeySha256 = sha256.Sum256(i.nfsDKey.EncapsulationKey().Bytes()) i.xor = xor } if minutes > 0 { @@ -86,7 +87,7 @@ func (i *ServerInstance) Handshake(conn net.Conn) (net.Conn, error) { return nil, errors.New("uninitialized") } if i.xor > 0 { - conn = NewXorConn(conn, i.nfsEKeyBytes) + conn = NewXorConn(conn, i.nfsEKeySha256[:]) } c := &ServerConn{Conn: conn}