feat: add api for setting kyber privkey

mingyech · mingyech · commit c3d56ac3f28a · 2025-06-02T14:18:34.000-06:00
diff --git a/example/chat/dial/main.go b/example/chat/dial/main.go
@@ -2,7 +2,9 @@ package main
 
 import (
 	"context"
+	"crypto/rand"
 	"crypto/x509"
+	"encoding/hex"
 	"encoding/pem"
 	"errors"
 	"flag"
@@ -20,7 +22,7 @@ import (
 func main() {
 	var remoteAddr = flag.String("raddr", "127.0.0.1:6666", "remote address")
 	var localAddr = flag.String("laddr", "127.0.0.1:6667", "remote address")
-	// var pubkey = flag.String("secret", "0b63baad7f2f4bb5b547c53adc0fbb179852910607935e6f4b5639fd989b1156", "shared secret")
+	var pubkey = flag.String("pubkey", "0b63baad7f2f4bb5b547c53adc0fbb179852910607935e6f4b5639fd989b1156", "pubkey")
 	// var covert = flag.String("covert", "1.2.3.4:5678", "covert address")
 	flag.Parse()
 
@@ -44,11 +46,22 @@ func main() {
 
 	// quicSpec.ClientHelloSpec = &chSpec
 
-	kyberClient := kyber.NewClient()
-	kyberServer := kyber.NewServer()
+	clientPrivKey := [32]byte{}
+	if _, err := rand.Read(clientPrivKey[:]); err != nil {
+		panic(err)
+	}
+	kyberClient := kyber.Client{Host: kyber.NewHost(clientPrivKey)}
+
+	pub, err := hex.DecodeString(*pubkey)
+	util.Check(err)
+
+	pub32 := [32]byte{}
+	if n := copy(pub32[:], pub); n != 32 {
+		panic("key len != 32")
+	}
 
 	clientData := []byte("hello world")
-	kyberClient.ComputeSharedKey(kyberServer.GetPublicKey())
+	kyberClient.ComputeSharedKey(pub32)
 	x25519kyber768Parrot := kyberClient.GenKyber(clientData)
 
 	tp := quic.UTransport{
@@ -83,7 +96,7 @@ func main() {
 					},
 					&tls.SupportedCurvesExtension{
 						Curves: []tls.CurveID{
-							tls.X25519Kyber768Draft00,
+							tls.X25519MLKEM768,
 							tls.CurveX25519,
 							tls.CurveSECP256R1,
 							tls.CurveSECP384R1,
@@ -112,7 +125,7 @@ func main() {
 					&tls.KeyShareExtension{
 						KeyShares: []tls.KeyShare{
 							{
-								Group: tls.X25519Kyber768Draft00,
+								Group: tls.X25519MLKEM768,
 								Data:  x25519kyber768Parrot,
 							},
 							{
diff --git a/example/chat/listen/main.go b/example/chat/listen/main.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/pion/dtls/v3/examples/util"
 	quic "github.com/refraction-networking/uquic"
+	"github.com/refraction-networking/uquic/internal/kyber"
 	"github.com/refraction-networking/uquic/qlog"
 	tls "github.com/refraction-networking/utls"
 )
@@ -43,7 +44,10 @@ func main() {
 	priv, err := hex.DecodeString(station_privkey)
 	util.Check(err)
 
-	fmt.Printf("%v\n", priv)
+	priv32 := [32]byte{}
+	if n := copy(priv32[:], priv); n != 32 {
+		panic("key len != 32")
+	}
 
 	pconn, err := net.ListenUDP("udp", addr)
 	util.Check(err)
@@ -56,10 +60,18 @@ func main() {
 		Tracer: qlog.NewTracer(f),
 	}
 
+	kyberServer := kyber.Server{Host: kyber.NewHost(priv32)}
+	fmt.Printf("kyber server pub key: %x\n", kyberServer.GetPublicKey())
+
 	listener, err := tp.ListenEarly(&tls.Config{
 		Certificates:     []tls.Certificate{certificate},
 		NextProtos:       []string{"h3"},
 		CurvePreferences: []tls.CurveID{tls.X25519},
+		GetOscur0KeyShare: func(key *tls.KeyShare) error {
+			data := kyberServer.DecodeKyber(key.Data)
+			fmt.Printf("Data: %s\n", data)
+			return nil
+		},
 	}, &quic.Config{Tracer: qlog.DefaultConnectionTracer})
 	util.Check(err)
 
diff --git a/internal/kyber/main.go b/internal/kyber/main.go
@@ -20,11 +20,9 @@ type Host struct {
 }
 
 // NewHost initializes a Host with an X25519 private key
-func NewHost() *Host {
-	host := &Host{}
-	_, err := rand.Read(host.privateKey[:])
-	if err != nil {
-		panic(err)
+func NewHost(privKey [32]byte) *Host {
+	host := &Host{
+		privateKey: privKey,
 	}
 	curve25519.ScalarBaseMult(&host.publicKey, &host.privateKey)
 	return host
@@ -53,11 +51,6 @@ type Client struct {
 	*Host
 }
 
-// NewClient initializes a Client
-func NewClient() *Client {
-	return &Client{NewHost()}
-}
-
 // GenKyber generates a Kyber-style payload
 func (c *Client) GenKyber(data []byte) []byte {
 	if len(data) > 1121 {
@@ -106,11 +99,6 @@ type Server struct {
 	*Host
 }
 
-// NewServer initializes a Server
-func NewServer() *Server {
-	return &Server{NewHost()}
-}
-
 // DecodeKyber decodes the Kyber-style payload and extracts the original data
 func (s *Server) DecodeKyber(parrot []byte) []byte {
 	var clientPublicKey [32]byte
@@ -239,8 +227,16 @@ func Decode(a []byte, w int) []int {
 
 func main() {
 	for i := 0; i < 10000; i++ {
-		client := NewClient()
-		server := NewServer()
+		privKey := [32]byte{}
+		if _, err := rand.Read(privKey[:]); err != nil {
+			panic(err)
+		}
+		clientPrivKey := [32]byte{}
+		if _, err := rand.Read(clientPrivKey[:]); err != nil {
+			panic(err)
+		}
+		server := &Server{Host: NewHost(privKey)}
+		client := &Client{Host: NewHost(clientPrivKey)}
 
 		clientData := []byte("hello world")
 		client.ComputeSharedKey(server.GetPublicKey())
