Clear direct dependencies on other ECH package

2025-06-03 01:48:40 +00:00 · 2025-05-18 17:13:16 -04:00 · 2025-05-18 17:13:16 -04:00 · ef7852c030
commit ef7852c030
parent cd3fabe9bd
4 changed files with 139 additions and 44 deletions
--- a/transport/internet/tls/ech.go
+++ b/transport/internet/tls/ech.go
@ -3,18 +3,24 @@ package tls
 import (
 	"bytes"
 	"context"
+	"crypto/ecdh"
+	"crypto/rand"
 	"crypto/tls"
+	"encoding/base64"
+	"encoding/binary"
 	"io"
 	"net/http"
 	"strings"
 	"sync"
 	"time"

-	"github.com/OmarTariq612/goech"
 	"github.com/miekg/dns"
+	"github.com/xtls/reality"
+	"github.com/xtls/reality/hpke"
 	"github.com/xtls/xray-core/common/errors"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/transport/internet"
+	"golang.org/x/crypto/cryptobyte"
 )

 func ApplyECH(c *Config, config *tls.Config) error {
@ -48,11 +54,10 @@ func ApplyECH(c *Config, config *tls.Config) error {
 				return err
 			}
 		} else {
-			ECHConfigList, err := goech.ECHConfigListFromBase64(c.EchConfigList)
+			ECHConfig, err = base64.StdEncoding.DecodeString(c.EchConfigList)
 			if err != nil {
 				return errors.New("Failed to unmarshal ECHConfigList: ", err)
 			}
-			ECHConfig, _ = ECHConfigList.MarshalBinary()
 		}

 		config.EncryptedClientHelloConfigList = ECHConfig
@ -60,22 +65,11 @@ func ApplyECH(c *Config, config *tls.Config) error {

 	// for server
 	if len(c.EchKeySets) != 0 {
-		var keys []tls.EncryptedClientHelloKey
-		KeySets, err := goech.UnmarshalECHKeySetList(c.EchKeySets)
+		KeySets, err := ConvertToGoECHKeys(c.EchKeySets)
 		if err != nil {
 			return errors.New("Failed to unmarshal ECHKeySetList: ", err)
 		}
-		for idx, keySet := range KeySets {
-			ECHConfig, err := keySet.ECHConfig.MarshalBinary()
-			ECHPrivateKey, err := keySet.PrivateKey.MarshalBinary()
-			if err != nil {
-				return errors.New("Failed to marshal ECHKey in index: ", idx, "with err: ", err)
-			}
-			keys = append(keys, tls.EncryptedClientHelloKey{
-				Config:     ECHConfig,
-				PrivateKey: ECHPrivateKey})
-		}
-		config.EncryptedClientHelloKeys = keys
+		config.EncryptedClientHelloKeys = KeySets
 	}
 	
 	return nil
@ -237,3 +231,104 @@ func dnsQuery(server string, domain string) ([]byte, uint32, error) {
 	}
 	return []byte{}, 0, errors.New("no ech record found")
 }
+
+// reference github.com/OmarTariq612/goech
+func MarshalBinary(ech reality.EchConfig) ([]byte, error) {
+	var b cryptobyte.Builder
+	b.AddUint16(ech.Version)
+	b.AddUint16LengthPrefixed(func(child *cryptobyte.Builder) {
+		child.AddUint8(ech.ConfigID)
+		child.AddUint16(ech.KemID)
+		child.AddUint16(uint16(len(ech.PublicKey)))
+		child.AddBytes(ech.PublicKey)
+		child.AddUint16LengthPrefixed(func(child *cryptobyte.Builder) {
+			for _, cipherSuite := range ech.SymmetricCipherSuite {
+				child.AddUint16(cipherSuite.KDFID)
+				child.AddUint16(cipherSuite.AEADID)
+			}
+		})
+		child.AddUint8(ech.MaxNameLength)
+		child.AddUint8(uint8(len(ech.PublicName)))
+		child.AddBytes(ech.PublicName)
+		child.AddUint16LengthPrefixed(func(child *cryptobyte.Builder) {
+			for _, extention := range ech.Extensions {
+				child.AddUint16(extention.Type)
+				child.AddBytes(extention.Data)
+			}
+		})
+	})
+	return b.Bytes()
+}
+
+var ErrInvalidLen = errors.New("goech: invalid length")
+
+func ConvertToGoECHKeys(data []byte) ([]tls.EncryptedClientHelloKey, error) {
+	var keys []tls.EncryptedClientHelloKey
+	s := cryptobyte.String(data)
+	for !s.Empty() {
+		if len(s) < 2 {
+			return keys, ErrInvalidLen
+		}
+		keyLength := int(binary.BigEndian.Uint16(s[:2]))
+		if len(s) < keyLength+4 {
+			return keys, ErrInvalidLen
+		}
+		configLength := int(binary.BigEndian.Uint16(s[keyLength+2 : keyLength+4]))
+		if len(s) < 2+keyLength+2+configLength {
+			return keys, ErrInvalidLen
+		}
+		child := cryptobyte.String(s[:2+keyLength+2+configLength])
+		var (
+			sk, config cryptobyte.String
+		)
+		if !child.ReadUint16LengthPrefixed(&sk) || !child.ReadUint16LengthPrefixed(&config) || !child.Empty() {
+			return keys, ErrInvalidLen
+		}
+		if !s.Skip(2 + keyLength + 2 + configLength) {
+			return keys, ErrInvalidLen
+		}
+		keys = append(keys, tls.EncryptedClientHelloKey{
+			Config:     config,
+			PrivateKey: sk,
+		})
+	}
+	return keys, nil
+}
+
+const ExtensionEncryptedClientHello = 0xfe0d
+const KDF_HKDF_SHA384 = 0x0002
+const KDF_HKDF_SHA512 = 0x0003
+
+func GenerateECHKeySet(configID uint8, domain string, kem uint16) (reality.EchConfig, []byte, error) {
+	config := reality.EchConfig{
+		Version:              ExtensionEncryptedClientHello,
+		ConfigID:             configID,
+		PublicName:           []byte(domain),
+		KemID:                kem,
+		SymmetricCipherSuite: []reality.EchCipher{
+			{KDFID: hpke.KDF_HKDF_SHA256, AEADID: hpke.AEAD_AES_128_GCM},
+			{KDFID: hpke.KDF_HKDF_SHA256, AEADID: hpke.AEAD_AES_256_GCM},
+			{KDFID: hpke.KDF_HKDF_SHA256, AEADID: hpke.AEAD_ChaCha20Poly1305},
+			{KDFID: KDF_HKDF_SHA384, AEADID: hpke.AEAD_AES_128_GCM},
+			{KDFID: KDF_HKDF_SHA384, AEADID: hpke.AEAD_AES_256_GCM},
+			{KDFID: KDF_HKDF_SHA384, AEADID: hpke.AEAD_ChaCha20Poly1305},
+			{KDFID: KDF_HKDF_SHA512, AEADID: hpke.AEAD_AES_128_GCM},
+			{KDFID: KDF_HKDF_SHA512, AEADID: hpke.AEAD_AES_256_GCM},
+			{KDFID: KDF_HKDF_SHA512, AEADID: hpke.AEAD_ChaCha20Poly1305},
+		},
+		MaxNameLength:        0,
+		Extensions:           nil,
+	}
+	// if kem == hpke.DHKEM_X25519_HKDF_SHA256 {
+		curve := ecdh.X25519()
+		priv := make([]byte, 32) //x25519
+		_, err := io.ReadFull(rand.Reader, priv)
+		if err != nil {
+			return config, nil, err
+		}
+		privKey, _ := curve.NewPrivateKey(priv)
+		config.PublicKey = privKey.PublicKey().Bytes();
+		return config, priv, nil
+	// }
+	// TODO: add mlkem768 (former kyber768 draft00). The golang mlkem private key is 64 bytes seed?
+}