xah30/AuraVPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(singbox-aura,tools): Go port of Aura UDP client + KAT bridge to Rust

Browse Source 
Lays the foundation for sing-box mobile clients (Option B from
docs/sing-box.md): an independent Go module that speaks the AuraVPN wire
protocol byte-for-byte. Proof of equivalence is in KAT tests cross-loaded
from a Rust-side deterministic vector exporter.

- tools/export-kat (new Rust bin in workspace): captures a handshake +
  derived keys + a sealed datagram record + a knock token using seeded
  RNGs (rand::rngs::StdRng + ml-kem's *_deterministic public API), emits
  JSON. Reproducible byte-for-byte.
- singbox-aura/ (new Go module, ~3000 LOC, 22 files):
  - aura/frame: 5-byte protocol header + Frame{Data,Ping,Pong,Close,
    Control} + magic envelope (0xAA,0xAA,0xC0,0x01) — encode/decode
    matching aura-proto::frame.
  - aura/crypto: hybrid X25519 + ML-KEM-768 (stdlib crypto/ecdh +
    crypto/mlkem on Go 1.24+; falls back to circl on older Go via a
    documented swap), HKDF-SHA256 derive_session_keys, ChaCha20-Poly1305
    with the **LE(u64 counter) || [0;4]** nonce scheme that matches
    aura-crypto::AeadKey/AeadSession.
  - aura/handshake: client_handshake state machine reproducing protocol.md
    §6.2 exactly (CH→SH→ServerAuth→ClientAuth→Finished×2; transcript hash;
    ECDSA-P256 transcript signature; HMAC-SHA256 Finished).
  - aura/session: DatagramSender/Receiver + 64-wide sliding replay window.
  - aura/transport: reliable HS-adapter (DTLS-flight retransmit) + UDP
    datagram data path + 16-byte HMAC port-knock with ±1-minute window.
  - aura/outbound: sing-box-shaped shim (interface signatures only — sing-
    box upstream registration is one more step, documented in README).
  - cmd/aura-client: standalone Go binary; reads client.toml via
    pelletier/go-toml/v2 and connects to a real aura server. Validates
    end-to-end interop with the Rust side.
- KAT: 6 comparisons against Rust vectors — session_keys (HKDF), hybrid
  KEM ek/encaps roundtrip, c2s + s2c Finished HMAC, sealed datagram
  record at seq=2 (incl. 16-byte Poly1305 tag), knock token. All byte-
  for-byte.

Go: 29 tests across 5 packages, all green. Only deps: golang.org/x/crypto
and pelletier/go-toml/v2. Rust: 293 tests still green; tools/export-kat
added to workspace members.

v1 limits documented in singbox-aura/README.md: UDP-only (no TCP/QUIC
fallback yet), no cell padding / cover traffic, no relay/exit role, no
multi-hop, sing-box upstream-registration sketch (vendor sagernet/sing-box +
init() RegisterOutbound) for follow-up.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
xah30
2026-05-27 21:14:23 +03:00
parent 5ea643a9e5
commit a070da0be9
26 changed files with 3425 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
singbox-aura/kat/vectors.json
+32
View File
@@ -0,0 +1,32 @@
{
"ca_fingerprint": "415552412d43412d46494e4745525052494e542d46495845442d33322d425954",
"client_x25519_priv": "415552412d5832353531392d434c49454e542d505249562d534545442d2d3332",
"client_x25519_pub": "a36057cebbd709d61bff0abcdbbd12623630499d32f360bf2faeb31ce964d12c",
"client_kyber_priv": "d4e4adbcd38630006ffc613c59832afb686e8facbc40e1a31ec20c505b0b2a966b01269a65e8774b183bbe596843c32b998c1d5cdcb8cd3c0803cac242f2692b1b973e730f1094a6ad295a29793ebf6627c966006169a2299572926b1268fc39c2662ba4b676a6f88773f4c579542ed03c8c25455237b7285e2290212c61446472a3f16bfa3088ac28b4e313ce64c24dacd07843494407dbb62f87ac6f350a9ff11eb8f390a1c45c4f9b822848960f0c4219c59acf99beefd4412ea5a1c83436e626c98b025d48444002a94e57498c2f04897873c9324cb0ba6798c91193ddcc14c849c90e0718d339b051317462864f9680089df4cecc467d50197d1752b76db254bbb05f5cb1b1a46557667ca82b469ea18ccf7487862a59a7235aad2f2a04f0f7412be43418949f312cb2d0e8287ae437bd0b70e7a47ce2d5a1a0648321819094a59720219bdf20a08a788e6b788634f00ef29658a4b10f31530538da78245cc195ac87dc61cb1dbc61a6763a261c3e94924729159c6346738b2144aff202de55b124367308f19c2985b5da4c6e34e260f02a99f6890aabd9691415062c699f675b1bc8c39df6351bc5d2117fec43f76a10ef58908ffb66887a4947630f5d39aafe96781644a67892be6243027b8770520c334f2b5d54b970b418557b695eb0c37f979aa98076765d30973f0405a36309c0da9758400b9c234e5659744dcc8b8c8548a74aab350a447ae654ba79afd531ca515a51f5b77f3be8b1e204a317a1824ab996a22c4efeeabd39b6b60554ba3a4c73dd263acdb77c6dba46196468c5a4c3b14800edf255bcd5a258781a03025a0b57006f52311f55bf1b2c4735466851309513662470737c5d01b466f34668b86b5ce60d4266b2c4d761c122033cb990db947997da2cf15968faa091c699638dfb829d53bba5c756bc849a495052b24ba7eab6434151259815782846cac0e3ad7e0b75eee65b816812e456a2561394c7bb757f4319270ca61471ac25a9109883b77230a262a53135f72966081ca73b6d0b6a104b376f2ac47d53f8bfbf1b9866024aa2769e0ddab6a4e2b465a5020d56ba4d408ea86c408d7a6b76bc39f46747b469a417647cc0a00969f72aae4197a5d9bccda88a3fd8c17fb07094ba77fe458065e0834b298efb94bebca6829a613166e472f967c80499975b983553159c5307b342303a8d863580d2ba65d546271ba2bb8a10d9aabfa2300ee619a5b73627e81a7fa5a8807bf39b0450b4689540242191bd9562b6a45f3442352e90b4ad387d29677e4c35a763a28615369351405a8f78b0c5faafc4ea8eb40b2af83039e186c8b0d5b181955365365c1b93432281444a4c0e425661627117d9cbce6c693b266a7949238c519526fa861c02104983095dfd687b60e4294437ca1c5c8d79bb94ab062723dc060eb93d2f1797d01207bf172882d90b0d405a6ce8068de06adf32a704595533780f06973ea295bd5807636ae1b7167a21e5bcc042837bc45899d717b74e415c598b2fb3b35133281e1b08d040124cdc67b37846b95f79730a2532a122a77f1076f5889deb75296cba2aa6a000608966bd321e9a85055f076e780599bcb75448d74316eac17eea3c2ed929fde98f732a3c31e67b5c9362a539466b0a5282f9919ffcce59158ce1b1119fcbb034ab37a6f9649168849c0919bcc27a62681d98d960bd314a8dfcb28959439b275548c488792931eed11b12fc9fe8a60c91810a22ba3f1ce090f00bc23f35b2f50a63c5415432c05d38c773a63cb90615b684979ad3009f59c88b1f2634d46329a33c9a00563dcd3851ca179ef14c8361da471f6786e1bba262877bd8c94063a05caac7034f685237fa532ef46ff1575228b9a318c5350a03876f8367846b4d1524a08476497fd85c6b707af561b558a9745de563ff63a7f6c5ca29515793502bcb01814aeb6aa7a12f0156cd4b00b143bc2bc7ca0839c85de6a826bc6a7ca2a73ebe6b81c9422fa77358dc4030404b4ab2e759a5d72b65d385b737b1c8da67d9dca02fb7968e15c40eb28f3a24a0c9637536f7040493b59146b59a18a4de67887b29a0d082a6185a119831a4c2628d2c160a89346e8b11999d4b8b6959060f2bb17ad008f4b7b9c0cc45e6b8c05ef32b3201996ee43135e9ce13208b9604c6b4d219b5c87eb9c65c6ce1bc9b4c7de1160803c92edca598ed34433b5cb66f816f678308e84b3586057ac90698c9b4a6d07495e628b14f027ca662a8cabacf106781ee4a7ef8f7a2deb96f7518aefd429a3439c55ed89313e503c82a02dba20882fb36f5c8cb1d44948651a6303aa612fb395d065318343f6de57e78e0bcb7562049f068a140621a506d1120742ecbc55bb778642baa516127a040b91aab250ab20082d0807a134b681c1a555a2903fc1de2a21e3c128f78b76cfb31ba5933cb7cf43d4ba66628065cd5a622e5e0840f210be055b49b5017e21ac117e61c9be5cb0882b911c93da1a0c97f0934a5d446d506939193177f6bae69f162f282c42df10026111917dc6964bc269db280bddc405e66bcff378019f4a405dc180e649e436728b03a1a7583935c4c2cf891126efa870bb318bd7528ee9c8f4d71c8a1989e2b29ce0f836e228814880295f9dc8217f5bdf561843f1c92294a878481a3f7d265e4cccc8f849126f51fe40c5ea335b84d32ceb95670321706fa3c0bddf4664c7925db4248d59a084b10b0712832621616aa1210c57a3017e2a5247a211a95a7f8f8b5d324178f67030fd302f818924ba551f97c9434693641c59f6e338f34179dd48738d0d2c399165ea2377ec1d5c4608c4660a44301e8b397c14a8fca0475c98968f9b7e020634714b593915e4f743cc46393f3092a56e3bd155b5c484b6affb94141e3bb3f29501e43af24ec6167683f424ca1b50a91c7fc944ec8a44e0b9bcc77b1e9a2bbd5b412de223f939890c05a210aa1bcb5c6cef23a528d37751aaa786d0a550d6185ca1aaabb280ec23660cce2b8e7a8a8f3c1a1289226df87ba40b83ca12ab6e00845a07abcd1b5c0caba16942044f97617df5551c8494a35ecc000673fad808729d93b754ac74d4647530998917952a1d6654d85c702899383263c1d48bf194045afa49f04d8145a134d2a238e288a6df20050c59625c1c7baebb0adc1e0a17f9644f8b6290a38279a020402b23836272feea80790b8347e7b575a894ff9d33091b58e541475e571103db94b0875cd327460f89744e530fd815d2955b73623a72f61a0ba7467b610e9f8dee426fae6cbbf87d6bc28954dd2becf2412b3f43da56a93944970b612cde98ca3a81dd6caa71a2535c2b4415552412d4d4c4b454d2d5a534545442d434c49454e542d2d46495845443332",
"client_kyber_pub": "2ed929fde98f732a3c31e67b5c9362a539466b0a5282f9919ffcce59158ce1b1119fcbb034ab37a6f9649168849c0919bcc27a62681d98d960bd314a8dfcb28959439b275548c488792931eed11b12fc9fe8a60c91810a22ba3f1ce090f00bc23f35b2f50a63c5415432c05d38c773a63cb90615b684979ad3009f59c88b1f2634d46329a33c9a00563dcd3851ca179ef14c8361da471f6786e1bba262877bd8c94063a05caac7034f685237fa532ef46ff1575228b9a318c5350a03876f8367846b4d1524a08476497fd85c6b707af561b558a9745de563ff63a7f6c5ca29515793502bcb01814aeb6aa7a12f0156cd4b00b143bc2bc7ca0839c85de6a826bc6a7ca2a73ebe6b81c9422fa77358dc4030404b4ab2e759a5d72b65d385b737b1c8da67d9dca02fb7968e15c40eb28f3a24a0c9637536f7040493b59146b59a18a4de67887b29a0d082a6185a119831a4c2628d2c160a89346e8b11999d4b8b6959060f2bb17ad008f4b7b9c0cc45e6b8c05ef32b3201996ee43135e9ce13208b9604c6b4d219b5c87eb9c65c6ce1bc9b4c7de1160803c92edca598ed34433b5cb66f816f678308e84b3586057ac90698c9b4a6d07495e628b14f027ca662a8cabacf106781ee4a7ef8f7a2deb96f7518aefd429a3439c55ed89313e503c82a02dba20882fb36f5c8cb1d44948651a6303aa612fb395d065318343f6de57e78e0bcb7562049f068a140621a506d1120742ecbc55bb778642baa516127a040b91aab250ab20082d0807a134b681c1a555a2903fc1de2a21e3c128f78b76cfb31ba5933cb7cf43d4ba66628065cd5a622e5e0840f210be055b49b5017e21ac117e61c9be5cb0882b911c93da1a0c97f0934a5d446d506939193177f6bae69f162f282c42df10026111917dc6964bc269db280bddc405e66bcff378019f4a405dc180e649e436728b03a1a7583935c4c2cf891126efa870bb318bd7528ee9c8f4d71c8a1989e2b29ce0f836e228814880295f9dc8217f5bdf561843f1c92294a878481a3f7d265e4cccc8f849126f51fe40c5ea335b84d32ceb95670321706fa3c0bddf4664c7925db4248d59a084b10b0712832621616aa1210c57a3017e2a5247a211a95a7f8f8b5d324178f67030fd302f818924ba551f97c9434693641c59f6e338f34179dd48738d0d2c399165ea2377ec1d5c4608c4660a44301e8b397c14a8fca0475c98968f9b7e020634714b593915e4f743cc46393f3092a56e3bd155b5c484b6affb94141e3bb3f29501e43af24ec6167683f424ca1b50a91c7fc944ec8a44e0b9bcc77b1e9a2bbd5b412de223f939890c05a210aa1bcb5c6cef23a528d37751aaa786d0a550d6185ca1aaabb280ec23660cce2b8e7a8a8f3c1a1289226df87ba40b83ca12ab6e00845a07abcd1b5c0caba16942044f97617df5551c8494a35ecc000673fad808729d93b754ac74d4647530998917952a1d6654d85c702899383263c1d48bf194045afa49f04d8145a134d2a238e288a6df20050c59625c1c7baebb0adc1e0a17f9644f8b6290a38279a020402b23836272feea80790b8347e7b575a894ff9d33091b58e541475e571103db94b0875cd327460f89744e530fd815d2955b73623a72f61a0ba7467b610e9f8dee426fae6cbbf87d6bc28",
"server_x25519_eph_priv": "415552412d5832353531392d5345525645522d4550482d534545442d2d333242",
"server_x25519_eph_pub": "b1303a433b3c3f6f13b39abf9734a28b686718b46661d399a576fcd8ec413338",
"server_kyber_ct": "3edc283010a7e438e6859bb2f43eff22c713593ea0e91ce22b8c6c979b05111dd8913ac4e9e6ee55e5605887d4cf062eabebadec9e92704ea3735479a6049dde3dfb3e7a43f721f279cae3bed5f2ba458bfec2bda507e74ce39436b7b47fe5720610a05ba968ce6b55df364ed6b8dddd7c14d6178f7f5e92a0ffc66b43215b1e3f4bf9646abcded39d7d7afb9f3b41f23f05de9b0ce0e89de38f4066aff848b77820223f5cd0e767ad68872de91faaa602bf23786ea64d8f6fc245aed15a102c5661fd4a1806055177395d4a2ba390150ed500a7639b0dd2026dd0c0482ec59714a2ac5be1be3a6704a4e37ff6668c952f231febe3f3e78d5d418ef012aafdbcdd2ae5aaa75a09d0a518044906d3d0a6e1511fb18420860dd01e1c9d14662016690e6d89004f484b700cb06b92bd2a55f2e361b3268727839912359d8fcf909fc717ce8126c74ef1f61058d9d1b2af46169f3850b7a29b2178b0c0b356f7224afde9475d2a3b1bad7ddec8f0fbb9fa96c9e7c37a421131c30df223366516b1651c8341c0483475c73cd24d6a417eeec80f80d50ef388dcb5bb5ae79e8589c9a7f2ed45dd4adc0d4f95c46b4098c5c7fc7d38f52ce5675911e9f426ae458dae9bfecbfde5556a2a68094084ac4136233651897f393700e7e28d4323fe41ac33b29b0d71a4c4b56ae8ad0a422a3726c696de5f0ce3b78d13f7c9bbabba035291d222551d418c9eaa0048d1851e066b0a718035ce694e0a7253617c0fffbc8688e263283c945482f3a07edc91f262061c326c08c2e55909d6224d5db17e47ff47c721364eaf0bbe6a30ebc9f9d5be377428fd42ba1bff6edebc3d7be925ff30b8c7c842d633c1a01f914835c1d4f0c9eb5fd4685e8cf0dabbdc0fc2b7c67b31fcc31412d64c8c59c2e905bb7ff820f716b84d6f1a4b63e452fa1c7bb1db6bb80fa85fda042327a61da24168c8d8ca5af0fa8a19851f04441d8648d31f70b9936a03d3220e421010740ff4074105aa6f0e4efad788d1dfd7fdbd05f4ce99e25454379f355aee3e358ee1b7618de58275cea6e0570f7da66b27f75a61fb263df9501a03d86bc313ce77bf4c8eafd8ad94c1ef4e9be2dbdd710a70656864fb86075ff14aa06e36f505791d81ea6eb466058751a14ee2e2e1cac25c98bf7eb125bca60f1d5490020342a15bea53771388883d9df237efdb44cd4f207e4b319c994bd7642a5cd9cd99003457904f45982814f16a8e0bcd1774a84b603bc0b3da87dade93dcd69ffe1b1b35c143aa76639dd132f1571bda620e9d1f5f1394ce1a356c856c5b6faaa878b919d242be6a8a1096c5aa94078802c9502d46a699ec5eb4e9ad703d98b5ec6dec1b9341f33b9893d29a9a3948d3a2b75fff89dc9ce0310b33556561fa4ae9cf545e06cf3bb78a9d1028f48929601b151ba958f56e453b0759f3cfffaa2d0e18ef22d2c9f0e68682d2ff21f04bef6094d641a1cf9c6d08681e4b061d483c46c2e77a81854314c5862d8a885d738df0f6d6b213514d523c38f3e5a1",
"client_nonce": "415552412d434c49454e542d48414e445348414b452d4e4f4e43452d33322d42",
"server_nonce": "415552412d5345525645522d48414e445348414b452d4e4f4e43452d33322d42",
"x25519_ss": "bf5076a10034b60e0bb5e076454e45d054cf778268f1e324e013b6979a916e5d",
"kyber_ss": "7791fdae4ee8a2ce45f522c5426d46c1cde0161296018ac8d97559a7d1e45027",
"session_keys": {
"c2s": "9388e8a0998c32a171600be662ff981ba37a23effab5f68a3b16515b4b55d068",
"s2c": "0f126623e0d3eec7e5d8f02192abcb5f26ccc33c9601cce871493b68122e55ff"
},
"transcript_hash": "1d55f1c39e715ba9bd5137ddb6204ed879d57440d34a6a695d35493a47cf2dee",
"client_finished_hmac": "e75d443a83a5f1d620fe3d9566bc1e450f48e79905c413318ef23ef5d629dfff",
"server_finished_hmac": "ceb8657cd88fa7bc29852faab7fc34fd2e52e193d74cca9e33ca62743c4ba838",
"datagram_test": {
"seq": 2,
"frame": "010000000068656c6c6f",
"key": "9388e8a0998c32a171600be662ff981ba37a23effab5f68a3b16515b4b55d068",
"sealed_record": "000000000000000248e5a7f448aabf18b62ca6821ccd28dbbd8c4a90d1dd03d06012"
},
"knock_test": {
"ca_fingerprint": "415552412d43412d46494e4745525052494e542d46495845442d33322d425954",
"unix_minute": 29000000,
"knock": "cab8819726c26d311faa81a834c72593"
}
}