mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 20:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

Fix statefulness

Browse source
This commit is contained in:
Sergey Frolov 2018-07-28 18:39:50 -04:00 committed by sergeyfrolov
parent 03d875d854
commit 2551de140c
3 changed files with 161 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

5
u_common.go
View file

@ -127,8 +127,6 @@ func utlsMacSHA384(version uint16, key []byte) macFunction {
var utlsSupportedCipherSuites []*cipherSuite var utlsSupportedCipherSuites []*cipherSuite
var utlsIdToSpec map[ClientHelloID]ClientHelloSpec
func init() { func init() {
utlsSupportedCipherSuites = append(cipherSuites, []*cipherSuite{ utlsSupportedCipherSuites = append(cipherSuites, []*cipherSuite{
{OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheRSAKA, {OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheRSAKA,
@ -136,9 +134,6 @@ func init() {
{OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheECDSAKA, {OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheECDSAKA,
suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, nil, nil, aeadChaCha20Poly1305}, suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, nil, nil, aeadChaCha20Poly1305},
}...) }...)
utlsIdToSpec = make(map[ClientHelloID]ClientHelloSpec)
initParrots()
} }
// EnableWeakCiphers allows utls connections to continue in some cases, when weak cipher was chosen. // EnableWeakCiphers allows utls connections to continue in some cases, when weak cipher was chosen.

1
u_conn.go
View file

@ -65,6 +65,7 @@ func (uconn *UConn) BuildHandshakeState() error {
if err != nil { if err != nil {
return err return err
} }
err = uconn.ApplyConfig() err = uconn.ApplyConfig()
if err != nil { if err != nil {
return err return err

37
u_parrots.go
View file

@ -16,9 +16,10 @@ import (
"time" "time"
) )
func initParrots() { func utlsIdToSpec(id ClientHelloID) (ClientHelloSpec, error) {
// TODO: auto switch id {
utlsIdToSpec[HelloChrome_58] = ClientHelloSpec{ case HelloChrome_58, HelloChrome_62:
return ClientHelloSpec{
CipherSuites: []uint16{ CipherSuites: []uint16{
GREASE_PLACEHOLDER, GREASE_PLACEHOLDER,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@ -64,10 +65,9 @@ func initParrots() {
&UtlsPaddingExtension{GetPaddingLen: BoringPaddingStyle}, &UtlsPaddingExtension{GetPaddingLen: BoringPaddingStyle},
}, },
GetSessionID: sha256.Sum256, GetSessionID: sha256.Sum256,
} }, nil
utlsIdToSpec[HelloChrome_62] = utlsIdToSpec[HelloChrome_58] case HelloFirefox_55, HelloFirefox_56:
return ClientHelloSpec{
utlsIdToSpec[HelloFirefox_55] = ClientHelloSpec{
CipherSuites: []uint16{ CipherSuites: []uint16{
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@ -111,10 +111,9 @@ func initParrots() {
&UtlsPaddingExtension{GetPaddingLen: BoringPaddingStyle}, &UtlsPaddingExtension{GetPaddingLen: BoringPaddingStyle},
}, },
GetSessionID: nil, GetSessionID: nil,
} }, nil
utlsIdToSpec[HelloFirefox_56] = utlsIdToSpec[HelloFirefox_55] case HelloIOS_11_1:
return ClientHelloSpec{
utlsIdToSpec[HelloIOS_11_1] = ClientHelloSpec{
CipherSuites: []uint16{ CipherSuites: []uint16{
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@ -169,6 +168,9 @@ func initParrots() {
CurveP521, CurveP521,
}}, }},
}, },
}, nil
default:
return ClientHelloSpec{}, errors.New("ClientHello ID " + id.Str() + " is unknown")
} }
} }
@ -196,10 +198,9 @@ func (uconn *UConn) applyPresetByID(id ClientHelloID) (err error) {
return nil return nil
default: default:
var specFound bool spec, err = utlsIdToSpec(id)
spec, specFound = utlsIdToSpec[id] if err != nil {
if !specFound { return err
return errors.New("Unknown ClientHelloID: " + id.Str())
} }
} }
@ -250,7 +251,8 @@ func (uconn *UConn) ApplyPreset(p *ClientHelloSpec) error {
uconn.greaseSeed[ssl_grease_extension2] ^= 0x1010 uconn.greaseSeed[ssl_grease_extension2] ^= 0x1010
} }
hello.CipherSuites = p.CipherSuites hello.CipherSuites = make([]uint16, len(p.CipherSuites))
copy(hello.CipherSuites, p.CipherSuites)
for i := range hello.CipherSuites { for i := range hello.CipherSuites {
if hello.CipherSuites[i] == GREASE_PLACEHOLDER { if hello.CipherSuites[i] == GREASE_PLACEHOLDER {
hello.CipherSuites[i] = GetBoringGREASEValue(uconn.greaseSeed, ssl_grease_cipher) hello.CipherSuites[i] = GetBoringGREASEValue(uconn.greaseSeed, ssl_grease_cipher)
@ -258,7 +260,8 @@ func (uconn *UConn) ApplyPreset(p *ClientHelloSpec) error {
} }
uconn.GetSessionID = p.GetSessionID uconn.GetSessionID = p.GetSessionID
uconn.Extensions = p.Extensions uconn.Extensions = make([]TLSExtension, len(p.Extensions))
copy(uconn.Extensions, p.Extensions)
for _, e := range uconn.Extensions { for _, e := range uconn.Extensions {
switch ext := e.(type) { switch ext := e.(type) {