From ed3196be2e85f96aef9e65ba3565ffbb20f9055e Mon Sep 17 00:00:00 2001
From: ospab <ospab@ospab.host>
Date: Mon, 25 May 2026 22:20:39 +0300
Subject: [PATCH] Generate Reality keys upon --init server

---
 ostp/Cargo.toml  |  1 +
 ostp/src/main.rs | 25 +++++++++++++++++++++----
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/ostp/Cargo.toml b/ostp/Cargo.toml
index bc5ff9e..5ec9c6e 100644
--- a/ostp/Cargo.toml
+++ b/ostp/Cargo.toml
@@ -18,3 +18,4 @@ rand.workspace = true
 url = "2.5"
 tracing.workspace = true
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+snow.workspace = true
diff --git a/ostp/src/main.rs b/ostp/src/main.rs
index 9c7396b..e5c1582 100644
--- a/ostp/src/main.rs
+++ b/ostp/src/main.rs
@@ -117,6 +117,22 @@ fn generate_secure_key(format_type: &str) -> String {
     }
 }
 
+fn generate_reality_keys() -> (String, String, String) {
+    use rand::RngCore;
+    use base64::Engine;
+    
+    let builder = snow::Builder::new("Noise_NN_25519_ChaChaPoly_BLAKE2s".parse().unwrap());
+    let keypair = builder.generate_keypair().expect("failed to generate reality keys");
+    let priv_b64 = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(&keypair.private);
+    let pub_b64 = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(&keypair.public);
+    
+    let mut sid_bytes = [0u8; 8];
+    rand::thread_rng().fill_bytes(&mut sid_bytes);
+    let sid_hex = sid_bytes.iter().map(|b| format!("{:02x}", b)).collect::<String>();
+    
+    (priv_b64, pub_b64, sid_hex)
+}
+
 fn parse_outbound_action(value: Option<String>) -> ostp_server::OutboundAction {
     match value.as_deref() {
         Some("direct") => ostp_server::OutboundAction::Direct,
@@ -467,6 +483,7 @@ async fn run_app() -> Result<()> {
         let is_server = mode_str == "server";
         let key = generate_secure_key("hex");
         let content = if is_server {
+            let (priv_key, pub_key, sid) = generate_reality_keys();
             format!(r#"{{
   // OSTP Server Configuration
   "mode": "server",
@@ -516,13 +533,13 @@ async fn run_app() -> Result<()> {
   "reality": {{
     "enabled": false,
     "dest": "www.microsoft.com:443",
-    "private_key": "",
-    "pbk": "",
-    "sid": "",
+    "private_key": "{}",
+    "pbk": "{}",
+    "sid": "{}",
     "sni_list": ["www.microsoft.com"]
   }},
   "debug": false
-}}"#, key)
+}}"#, key, priv_key, pub_key, sid)
         } else {
             format!(r#"{{
   // OSTP Client Configuration