github
/
Xray-core
mirror of https://github.com/XTLS/Xray-core
1
0
Fork 0
Code Issues Releases Wiki Activity

Restore ECHConfig from keysets

pull/3813/head
风扇滑翔翼 2025-07-26 05:18:27 +00:00 committed by GitHub
parent cb72a79f5b
commit a3e347b27e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 41 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
main/commands/all/tls/ech.go
View File

@ -13,13 +13,14 @@ import (
) )
var cmdECH = &base.Command{ var cmdECH = &base.Command{
UsageLine: `{{.Exec}} tls ech [--serverName (string)] [--pem]`, UsageLine: `{{.Exec}} tls ech [--serverName (string)] [--pem] [-i "ECHSeverKeys (base64.StdEncoding)"]`,
Short: `Generate TLS-ECH certificates`, Short: `Generate TLS-ECH certificates`,
Long: ` Long: `
Generate TLS-ECH certificates. Generate TLS-ECH certificates.
Set serverName to your custom string: {{.Exec}} tls ech --serverName (string) Set serverName to your custom string: {{.Exec}} tls ech --serverName (string)
Generate into pem format: {{.Exec}} tls ech --pem Generate into pem format: {{.Exec}} tls ech --pem
Restore ECHConfigs from ECHSeverKeys: {{.Exec}} tls ech -i "ECHSeverKeys (base64.StdEncoding)"
`, // Enable PQ signature schemes: {{.Exec}} tls ech --pq-signature-schemes-enabled `, // Enable PQ signature schemes: {{.Exec}} tls ech --pq-signature-schemes-enabled
} }
@ -27,7 +28,9 @@ func init() {
cmdECH.Run = executeECH cmdECH.Run = executeECH
} }
var input_pqSignatureSchemesEnabled = cmdECH.Flag.Bool("pqSignatureSchemesEnabled", false, "") var input_echSeverKeys = cmdECH.Flag.String("i", "", "ECHSeverKeys (base64.StdEncoding)")
// var input_pqSignatureSchemesEnabled = cmdECH.Flag.Bool("pqSignatureSchemesEnabled", false, "")
var input_serverName = cmdECH.Flag.String("serverName", "cloudflare-ech.com", "") var input_serverName = cmdECH.Flag.String("serverName", "cloudflare-ech.com", "")
var input_pem = cmdECH.Flag.Bool("pem", false, "True == turn on pem output") var input_pem = cmdECH.Flag.Bool("pem", false, "True == turn on pem output")
@ -40,21 +43,43 @@ func executeECH(cmd *base.Command, args []string) {
kem = hpke.DHKEM_X25519_HKDF_SHA256 kem = hpke.DHKEM_X25519_HKDF_SHA256
// } // }
echKeySet, priv, err := tls.GenerateECHKeySet(0, *input_serverName, kem) echConfig, priv, err := tls.GenerateECHKeySet(0, *input_serverName, kem)
common.Must(err) common.Must(err)
configBytes, _ := tls.MarshalBinary(echKeySet) var configBuffer, keyBuffer []byte
if *input_echSeverKeys == "" {
configBytes, _ := tls.MarshalBinary(echConfig)
var b cryptobyte.Builder var b cryptobyte.Builder
b.AddUint16LengthPrefixed(func(child *cryptobyte.Builder) { b.AddUint16LengthPrefixed(func(child *cryptobyte.Builder) {
child.AddBytes(configBytes) child.AddBytes(configBytes)
}) })
configBuffer, _ := b.Bytes() configBuffer, _ = b.Bytes()
var b2 cryptobyte.Builder var b2 cryptobyte.Builder
b2.AddUint16(uint16(len(priv))) b2.AddUint16(uint16(len(priv)))
b2.AddBytes(priv) b2.AddBytes(priv)
b2.AddUint16(uint16(len(configBytes))) b2.AddUint16(uint16(len(configBytes)))
b2.AddBytes(configBytes) b2.AddBytes(configBytes)
keyBuffer, _ := b2.Bytes() keyBuffer, _ = b2.Bytes()
} else {
keySetsByte, err := base64.StdEncoding.DecodeString(*input_echSeverKeys)
if err != nil {
os.Stdout.WriteString("Failed to decode ECHSeverKeys: " + err.Error() + "\n")
return
}
keyBuffer = keySetsByte
KeySets, err := tls.ConvertToGoECHKeys(keySetsByte)
if err != nil {
os.Stdout.WriteString("Failed to decode ECHSeverKeys: " + err.Error() + "\n")
return
}
var b cryptobyte.Builder
for _, keySet := range KeySets {
b.AddUint16LengthPrefixed(func(child *cryptobyte.Builder) {
child.AddBytes(keySet.Config)
})
}
configBuffer, _ = b.Bytes()
}
if *input_pem { if *input_pem {
configPEM := string(pem.EncodeToMemory(&pem.Block{Type: "ECH CONFIGS", Bytes: configBuffer})) configPEM := string(pem.EncodeToMemory(&pem.Block{Type: "ECH CONFIGS", Bytes: configBuffer}))