diff --git a/go.mod b/go.mod index eb949cd5..9d26656e 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( github.com/metacubex/sing-wireguard v0.0.0-20250503063753-2dc62acc626f github.com/metacubex/smux v0.0.0-20250503055512-501391591dee github.com/metacubex/tfo-go v0.0.0-20250516165257-e29c16ae41d4 - github.com/metacubex/utls v1.8.1-0.20250811145843-49b4f106169a + github.com/metacubex/utls v1.8.1-0.20250823120917-12f5ba126142 github.com/metacubex/wireguard-go v0.0.0-20250820062549-a6cecdd7f57f github.com/miekg/dns v1.1.63 // lastest version compatible with golang1.20 github.com/mroth/weightedrand/v2 v2.1.0 diff --git a/go.sum b/go.sum index ca829a3f..47b12b38 100644 --- a/go.sum +++ b/go.sum @@ -139,8 +139,8 @@ github.com/metacubex/smux v0.0.0-20250503055512-501391591dee h1:lp6hJ+4wCLZu113a github.com/metacubex/smux v0.0.0-20250503055512-501391591dee/go.mod h1:4bPD8HWx9jPJ9aE4uadgyN7D1/Wz3KmPy+vale8sKLE= github.com/metacubex/tfo-go v0.0.0-20250516165257-e29c16ae41d4 h1:j1VRTiC9JLR4nUbSikx9OGdu/3AgFDqgcLj4GoqyQkc= github.com/metacubex/tfo-go v0.0.0-20250516165257-e29c16ae41d4/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw= -github.com/metacubex/utls v1.8.1-0.20250811145843-49b4f106169a h1:IIzlVmDoB4+7b0BUcLZaY5+AirhhLFep3PhwkAFMRnQ= -github.com/metacubex/utls v1.8.1-0.20250811145843-49b4f106169a/go.mod h1:FdjYzVfCtgtna19hX0ER1Xsa5uJInwdQ4IcaaI98lEQ= +github.com/metacubex/utls v1.8.1-0.20250823120917-12f5ba126142 h1:csEbKOzRAxJXffOeZnnS3/kA/F55JiTbKv5jcYqCXms= +github.com/metacubex/utls v1.8.1-0.20250823120917-12f5ba126142/go.mod h1:67I3skhEY4Sya8f1YxELwWPoeQdXqZCrWNYLvq8gn2U= github.com/metacubex/wireguard-go v0.0.0-20250820062549-a6cecdd7f57f h1:FGBPRb1zUabhPhDrlKEjQ9lgIwQ6cHL4x8M9lrERhbk= github.com/metacubex/wireguard-go v0.0.0-20250820062549-a6cecdd7f57f/go.mod h1:oPGcV994OGJedmmxrcK9+ni7jUEMGhR+uVQAdaduIP4= github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY= diff --git a/transport/vless/encryption/common.go b/transport/vless/encryption/common.go index 84784cb2..6de09c63 100644 --- a/transport/vless/encryption/common.go +++ b/transport/vless/encryption/common.go @@ -10,8 +10,8 @@ import ( "math/big" "net" + "github.com/metacubex/utls/hkdf" "golang.org/x/crypto/chacha20poly1305" - "golang.org/x/crypto/hkdf" "golang.org/x/crypto/sha3" ) @@ -81,8 +81,7 @@ func ReadAndDiscardPaddings(conn net.Conn, aead cipher.AEAD, nonce []byte) (h [] } func NewAEAD(c byte, secret, salt, info []byte) (aead cipher.AEAD) { - key := make([]byte, 32) - hkdf.New(sha3.New256, secret, salt, info).Read(key) + key, _ := hkdf.Key(sha3.New256, secret, salt, string(info), 32) if c&1 == 1 { block, _ := aes.NewCipher(key) aead, _ = cipher.NewGCM(block) diff --git a/transport/vless/encryption/xor.go b/transport/vless/encryption/xor.go index a97bb871..44f22528 100644 --- a/transport/vless/encryption/xor.go +++ b/transport/vless/encryption/xor.go @@ -9,7 +9,7 @@ import ( "io" "net" - "golang.org/x/crypto/hkdf" + "github.com/metacubex/utls/hkdf" "golang.org/x/crypto/sha3" ) @@ -38,7 +38,7 @@ func NewCTR(key, iv []byte, isServer bool) cipher.Stream { if isServer { info = "SERVER" // avoids attackers sending traffic back to the client, though the encryption layer has its own protection } - hkdf.New(sha3.New256, key, iv, []byte(info)).Read(key) // avoids using pKey directly if attackers sent the basepoint, or whaterver they like + key, _ = hkdf.Key(sha3.New256, key, iv, info, 32) // avoids using pKey directly if attackers sent the basepoint, or whaterver they like block, _ := aes.NewCipher(key) return cipher.NewCTR(block, iv) }