mirror of
https://github.com/SagerNet/sing-shadowtls.git
synced 2025-03-31 10:47:35 +03:00
Fix TLS12 support for v3 client
This commit is contained in:
世界
parent
74b210a0e6
commit
ebadc7615d
2 changed files with 15 additions and 5 deletions
11
client.go
11
client.go
|
|
@ -20,6 +20,7 @@ type ClientConfig struct {
|
|||
Password string
|
||||
Server M.Socksaddr
|
||||
Dialer N.Dialer
|
||||
StrictMode bool
|
||||
TLSHandshake TLSHandshakeFunc
|
||||
Logger logger.ContextLogger
|
||||
}
|
||||
|
|
@ -27,6 +28,7 @@ type ClientConfig struct {
|
|||
type Client struct {
|
||||
version int
|
||||
password string
|
||||
strictMode bool
|
||||
server M.Socksaddr
|
||||
dialer N.Dialer
|
||||
tlsHandshake TLSHandshakeFunc
|
||||
|
|
@ -37,6 +39,7 @@ func NewClient(config ClientConfig) (*Client, error) {
|
|||
client := &Client{
|
||||
version: config.Version,
|
||||
password: config.Password,
|
||||
strictMode: config.StrictMode,
|
||||
server: config.Server,
|
||||
dialer: config.Dialer,
|
||||
tlsHandshake: config.TLSHandshake,
|
||||
|
|
@ -103,9 +106,11 @@ func (c *Client) DialContextConn(ctx context.Context, conn net.Conn) (net.Conn,
|
|||
return nil, err
|
||||
}
|
||||
c.logger.TraceContext(ctx, "handshake success")
|
||||
authorized, serverRandom, readHMAC := stream.Authorized()
|
||||
if !authorized {
|
||||
return nil, E.New("traffic hijacked or TLS1.3 is not supported")
|
||||
isTLS13, authorized, serverRandom, readHMAC := stream.Authorized()
|
||||
if c.strictMode && !isTLS13 {
|
||||
return nil, E.New("TLS1.3 is not supported")
|
||||
} else if !authorized {
|
||||
return nil, E.New("traffic hijacked")
|
||||
}
|
||||
if debug.Enabled {
|
||||
c.logger.TraceContext(ctx, "authorized, server random extracted: ", hex.EncodeToString(serverRandom))
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ type streamWrapper struct {
|
|||
serverRandom []byte
|
||||
readHMAC hash.Hash
|
||||
readHMACKey []byte
|
||||
isTLS13 bool
|
||||
authorized bool
|
||||
}
|
||||
|
||||
|
|
@ -51,8 +52,8 @@ func newStreamWrapper(conn net.Conn, password string) *streamWrapper {
|
|||
}
|
||||
}
|
||||
|
||||
func (w *streamWrapper) Authorized() (bool, []byte, hash.Hash) {
|
||||
return w.authorized, w.serverRandom, w.readHMAC
|
||||
func (w *streamWrapper) Authorized() (bool, bool, []byte, hash.Hash) {
|
||||
return w.isTLS13, w.authorized, w.serverRandom, w.readHMAC
|
||||
}
|
||||
|
||||
func (w *streamWrapper) Read(p []byte) (n int, err error) {
|
||||
|
|
@ -84,6 +85,10 @@ func (w *streamWrapper) Read(p []byte) (n int, err error) {
|
|||
w.readHMAC = hmac.New(sha1.New, []byte(w.password))
|
||||
w.readHMAC.Write(w.serverRandom)
|
||||
w.readHMACKey = kdf(w.password, w.serverRandom)
|
||||
w.isTLS13 = isServerHelloSupportTLS13(buffer[5:])
|
||||
if !w.isTLS13 {
|
||||
w.authorized = true
|
||||
}
|
||||
}
|
||||
case applicationData:
|
||||
w.authorized = false
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue