diff --git a/adapter/outbound/vless.go b/adapter/outbound/vless.go index bacc41fc..a371b99a 100644 --- a/adapter/outbound/vless.go +++ b/adapter/outbound/vless.go @@ -475,7 +475,7 @@ func NewVless(option VlessOption) (*Vless, error) { if err != nil { return nil, fmt.Errorf("invaild vless encryption value: %s", option.Encryption) } - if len(b) == 1184 { + if len(b) == encryption.MLKEM768ClientLength { v.encryption = &encryption.ClientInstance{} if err = v.encryption.Init(b, time.Duration(minutes)*time.Minute); err != nil { return nil, fmt.Errorf("failed to use mlkem768seed: %w", err) diff --git a/component/generater/cmd.go b/component/generater/cmd.go index 9df56a5a..2bd5b9cd 100644 --- a/component/generater/cmd.go +++ b/component/generater/cmd.go @@ -51,11 +51,11 @@ func Main(args []string) { if len(args) > 1 { seed = args[1] } - seedBase64, pubBase64, err := encryption.GenMLKEM768(seed) + seedBase64, clientBase64, err := encryption.GenMLKEM768(seed) if err != nil { panic(err) } fmt.Println("Seed: " + seedBase64) - fmt.Println("Client: " + pubBase64) + fmt.Println("Client: " + clientBase64) } } diff --git a/go.sum b/go.sum index 2adede6c..d9018ba7 100644 --- a/go.sum +++ b/go.sum @@ -139,8 +139,6 @@ github.com/metacubex/smux v0.0.0-20250503055512-501391591dee h1:lp6hJ+4wCLZu113a github.com/metacubex/smux v0.0.0-20250503055512-501391591dee/go.mod h1:4bPD8HWx9jPJ9aE4uadgyN7D1/Wz3KmPy+vale8sKLE= github.com/metacubex/tfo-go v0.0.0-20250516165257-e29c16ae41d4 h1:j1VRTiC9JLR4nUbSikx9OGdu/3AgFDqgcLj4GoqyQkc= github.com/metacubex/tfo-go v0.0.0-20250516165257-e29c16ae41d4/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw= -github.com/metacubex/utls v1.8.0 h1:mSYi6FMnmc5riARl5UZDmWVy710z+P5b7xuGW0lV9ac= -github.com/metacubex/utls v1.8.0/go.mod h1:FdjYzVfCtgtna19hX0ER1Xsa5uJInwdQ4IcaaI98lEQ= github.com/metacubex/utls v1.8.1-0.20250810142204-d0e55ab2e852 h1:MLHUGmASNH7/AeoGmSrVM2RutRZAqIDSbQWBp0P7ItE= github.com/metacubex/utls v1.8.1-0.20250810142204-d0e55ab2e852/go.mod h1:FdjYzVfCtgtna19hX0ER1Xsa5uJInwdQ4IcaaI98lEQ= github.com/metacubex/wireguard-go v0.0.0-20240922131502-c182e7471181 h1:hJLQviGySBuaynlCwf/oYgIxbVbGRUIKZCxdya9YrbQ= diff --git a/listener/inbound/vless_test.go b/listener/inbound/vless_test.go index fdb8905c..a6e0d58b 100644 --- a/listener/inbound/vless_test.go +++ b/listener/inbound/vless_test.go @@ -89,7 +89,7 @@ func TestInboundVless_TLS(t *testing.T) { } func TestInboundVless_Encryption(t *testing.T) { - seedBase64, pubBase64, err := encryption.GenMLKEM768("") + seedBase64, clientBase64, err := encryption.GenMLKEM768("") if err != nil { t.Fatal(err) return @@ -98,7 +98,7 @@ func TestInboundVless_Encryption(t *testing.T) { Decryption: "10min-mlkem768seed-" + seedBase64, } outboundOptions := outbound.VlessOption{ - Encryption: "8min-mlkem768client-" + pubBase64, + Encryption: "8min-mlkem768client-" + clientBase64, } testInboundVless(t, inboundOptions, outboundOptions) } diff --git a/listener/sing_vless/server.go b/listener/sing_vless/server.go index a8165083..cdf453b5 100644 --- a/listener/sing_vless/server.go +++ b/listener/sing_vless/server.go @@ -107,7 +107,7 @@ func New(config LC.VlessServer, tunnel C.Tunnel, additions ...inbound.Addition) if err != nil { return nil, fmt.Errorf("invaild vless decryption value: %s", config.Decryption) } - if len(b) == 64 { + if len(b) == encryption.MLKEM768SeedLength { sl.decryption = &encryption.ServerInstance{} if err = sl.decryption.Init(b, time.Duration(minutes)*time.Minute); err != nil { return nil, fmt.Errorf("failed to use mlkem768seed: %w", err) diff --git a/transport/vless/encryption/key.go b/transport/vless/encryption/key.go index 46b53163..69b52895 100644 --- a/transport/vless/encryption/key.go +++ b/transport/vless/encryption/key.go @@ -8,7 +8,10 @@ import ( "github.com/metacubex/utls/mlkem" ) -func GenMLKEM768(seedStr string) (seedBase64, pubBase64 string, err error) { +const MLKEM768SeedLength = mlkem.SeedSize +const MLKEM768ClientLength = mlkem.EncapsulationKeySize768 + +func GenMLKEM768(seedStr string) (seedBase64, clientBase64 string, err error) { var seed [64]byte if len(seedStr) > 0 { s, _ := base64.RawURLEncoding.DecodeString(seedStr) @@ -27,6 +30,6 @@ func GenMLKEM768(seedStr string) (seedBase64, pubBase64 string, err error) { key, _ := mlkem.NewDecapsulationKey768(seed[:]) pub := key.EncapsulationKey() seedBase64 = base64.RawURLEncoding.EncodeToString(seed[:]) - pubBase64 = base64.RawURLEncoding.EncodeToString(pub.Bytes()) + clientBase64 = base64.RawURLEncoding.EncodeToString(pub.Bytes()) return }