diff --git a/component/generator/cmd.go b/component/generator/cmd.go index 320bb11d..06b0b5b3 100644 --- a/component/generator/cmd.go +++ b/component/generator/cmd.go @@ -12,7 +12,7 @@ import ( func Main(args []string) { if len(args) < 1 { - panic("Using: generate uuid/reality-keypair/wg-keypair/ech-keypair/vless-mlkem768/vless-x25519") + panic("Using: generate uuid/reality-keypair/wg-keypair/ech-keypair/vless-mlkem768/vless-x25519/sudoku-keypair") } switch args[0] { case "uuid": @@ -69,5 +69,19 @@ func Main(args []string) { fmt.Println("PrivateKey: " + privateKeyBase64) fmt.Println("Password: " + passwordBase64) fmt.Println("Hash32: " + hash32Base64) + case "sudoku-keypair": + // Generate Master Key + masterPrivate, masterPublic, err := GenerateSudokuMasterKey() + if err != nil { + panic(err) + } + // Split the master private key to get Available Private Key + availablePrivateKey, err := SplitSudokuPrivateKey(masterPrivate) + if err != nil { + panic(err) + } + // Output: Available Private Key for client, Master Public Key for server + fmt.Println("PrivateKey: " + availablePrivateKey) + fmt.Println("PublicKey: " + EncodeSudokuPoint(masterPublic)) } } diff --git a/component/generator/x25519.go b/component/generator/x25519.go index e99fff2b..cb1f9844 100644 --- a/component/generator/x25519.go +++ b/component/generator/x25519.go @@ -3,6 +3,9 @@ package generator import ( "crypto/ecdh" "crypto/rand" + "encoding/hex" + + "filippo.io/edwards25519" ) const X25519KeySize = 32 @@ -25,3 +28,60 @@ func GenX25519PrivateKey() (*ecdh.PrivateKey, error) { return ecdh.X25519().NewPrivateKey(privateKey[:]) } + +// GenerateSudokuMasterKey generates a random master private key (scalar) and its public key (point) +func GenerateSudokuMasterKey() (*edwards25519.Scalar, *edwards25519.Point, error) { + // 1. Generate random scalar x (32 bytes) + var seed [64]byte + if _, err := rand.Read(seed[:]); err != nil { + return nil, nil, err + } + + x, err := edwards25519.NewScalar().SetUniformBytes(seed[:]) + if err != nil { + return nil, nil, err + } + + // 2. Calculate Public Key P = x * G + P := new(edwards25519.Point).ScalarBaseMult(x) + + return x, P, nil +} + +// SplitSudokuPrivateKey takes a master private key x and returns a new random split key (r, k) +// such that x = r + k (mod L). +// Returns hex encoded string of r || k (64 bytes) +func SplitSudokuPrivateKey(x *edwards25519.Scalar) (string, error) { + // 1. Generate random r (32 bytes) + var seed [64]byte + if _, err := rand.Read(seed[:]); err != nil { + return "", err + } + r, err := edwards25519.NewScalar().SetUniformBytes(seed[:]) + if err != nil { + return "", err + } + + // 2. Calculate k = x - r (mod L) + k := new(edwards25519.Scalar).Subtract(x, r) + + // 3. Encode r and k + rBytes := r.Bytes() + kBytes := k.Bytes() + + full := make([]byte, 64) + copy(full[:32], rBytes) + copy(full[32:], kBytes) + + return hex.EncodeToString(full), nil +} + +// EncodeSudokuPoint returns the hex string of the compressed point +func EncodeSudokuPoint(p *edwards25519.Point) string { + return hex.EncodeToString(p.Bytes()) +} + +// EncodeSudokuScalar returns the hex string of the scalar +func EncodeSudokuScalar(s *edwards25519.Scalar) string { + return hex.EncodeToString(s.Bytes()) +} diff --git a/docs/config.yaml b/docs/config.yaml index bef2c659..2f959f33 100644 --- a/docs/config.yaml +++ b/docs/config.yaml @@ -1587,7 +1587,6 @@ listeners: aead-method: chacha20-poly1305 # 支持chacha20-poly1305或者aes-128-gcm以及none,sudoku的混淆层可以确保none情况下数据安全 padding-min: 1 # 填充最小长度 padding-max: 15 # 填充最大长度,均不建议过大 - seed: "" # 如果你不使用ED25519密钥对,就请填入uuid,否则仍然是公钥 table-type: prefer_ascii # 可选值:prefer_ascii、prefer_entropy 前者全ascii映射,后者保证熵值(汉明1)低于3 handshake-timeout: 5 # optional diff --git a/listener/config/sudoku.go b/listener/config/sudoku.go index 855795f1..79aadf5d 100644 --- a/listener/config/sudoku.go +++ b/listener/config/sudoku.go @@ -11,7 +11,6 @@ type SudokuServer struct { AEADMethod string `json:"aead-method,omitempty"` PaddingMin *int `json:"padding-min,omitempty"` PaddingMax *int `json:"padding-max,omitempty"` - Seed string `json:"seed,omitempty"` TableType string `json:"table-type,omitempty"` HandshakeTimeoutSecond *int `json:"handshake-timeout,omitempty"` } diff --git a/listener/inbound/sudoku.go b/listener/inbound/sudoku.go index d6e84af3..bc08772a 100644 --- a/listener/inbound/sudoku.go +++ b/listener/inbound/sudoku.go @@ -19,7 +19,6 @@ type SudokuOption struct { AEADMethod string `inbound:"aead-method,omitempty"` PaddingMin *int `inbound:"padding-min,omitempty"` PaddingMax *int `inbound:"padding-max,omitempty"` - Seed string `inbound:"seed,omitempty"` TableType string `inbound:"table-type,omitempty"` // "prefer_ascii" or "prefer_entropy" HandshakeTimeoutSecond *int `inbound:"handshake-timeout,omitempty"` } @@ -53,7 +52,6 @@ func NewSudoku(options *SudokuOption) (*Sudoku, error) { AEADMethod: options.AEADMethod, PaddingMin: options.PaddingMin, PaddingMax: options.PaddingMax, - Seed: options.Seed, TableType: options.TableType, } if options.HandshakeTimeoutSecond != nil { diff --git a/listener/sudoku/server.go b/listener/sudoku/server.go index 87b2abd9..ce2b09af 100644 --- a/listener/sudoku/server.go +++ b/listener/sudoku/server.go @@ -71,17 +71,12 @@ func New(config LC.SudokuServer, tunnel C.Tunnel, additions ...inbound.Addition) return nil, err } - seed := config.Seed - if seed == "" { - seed = config.Key - } - tableType := strings.ToLower(config.TableType) if tableType == "" { tableType = "prefer_ascii" } - table := sudokuobfs.NewTable(seed, tableType) + table := sudokuobfs.NewTable(config.Key, tableType) defaultConf := apis.DefaultConfig() paddingMin := defaultConf.PaddingMin