From 5f93ff6c3a97deef7f6bcf5a41adb466da4a81a0 Mon Sep 17 00:00:00 2001
From: RPRX <63339210+RPRX@users.noreply.github.com>
Date: Sat, 26 Jul 2025 08:36:58 +0000
Subject: [PATCH] REALITY config: `mldsa65Seed` and `privateKey` can not be the
 same value

Otherwise the point of using ML-DSA-65 is lost.
---
 infra/conf/transport_internet.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go
index 8e1ab9e3..d72abd11 100644
--- a/infra/conf/transport_internet.go
+++ b/infra/conf/transport_internet.go
@@ -613,6 +613,9 @@ func (c *REALITYConfig) Build() (proto.Message, error) {
 		config.MaxTimeDiff = c.MaxTimeDiff
 
 		if c.Mldsa65Seed != "" {
+			if c.Mldsa65Seed == c.PrivateKey {
+				return nil, errors.New(`"mldsa65Seed" and "privateKey" can not be the same value: `, c.Mldsa65Seed)
+			}
 			if config.Mldsa65Seed, err = base64.RawURLEncoding.DecodeString(c.Mldsa65Seed); err != nil || len(config.Mldsa65Seed) != 32 {
 				return nil, errors.New(`invalid "mldsa65Seed": `, c.Mldsa65Seed)
 			}