mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 03:57:36 +03:00
Add MakeConnWithCompleteHandshake function (#18)
Add MakeConnWithCompleteHandshake function + regression test and usage example
This commit is contained in:
Eric Wustrow
sergeyfrolov
parent
a89e7e6da4
commit
323a55944c
4 changed files with 162 additions and 4 deletions
56
u_conn.go
56
u_conn.go
|
|
@ -496,6 +496,62 @@ func (uconn *UConn) SetTLSVers(minTLSVers, maxTLSVers uint16) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (uconn *UConn) SetUnderlyingConn(c net.Conn) {
|
||||
uconn.Conn.conn = c
|
||||
}
|
||||
|
||||
func (uconn *UConn) SetNetConn(c net.Conn) {
|
||||
uconn.Conn.conn = c
|
||||
}
|
||||
|
||||
// MakeConnWithCompleteHandshake allows to forge both server and client side TLS connections.
|
||||
// Major Hack Alert.
|
||||
func MakeConnWithCompleteHandshake(tcpConn net.Conn, version uint16, cipherSuite uint16, masterSecret []byte, clientRandom []byte, serverRandom []byte, isClient bool) *Conn {
|
||||
tlsConn := &Conn{conn: tcpConn, config: &Config{}, isClient: isClient}
|
||||
cs := cipherSuiteByID(cipherSuite)
|
||||
|
||||
// This is mostly borrowed from establishKeys()
|
||||
clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV :=
|
||||
keysFromMasterSecret(version, cs, masterSecret, clientRandom, serverRandom,
|
||||
cs.macLen, cs.keyLen, cs.ivLen)
|
||||
|
||||
var clientCipher, serverCipher interface{}
|
||||
var clientHash, serverHash macFunction
|
||||
if cs.cipher != nil {
|
||||
clientCipher = cs.cipher(clientKey, clientIV, true /* for reading */)
|
||||
clientHash = cs.mac(version, clientMAC)
|
||||
serverCipher = cs.cipher(serverKey, serverIV, false /* not for reading */)
|
||||
serverHash = cs.mac(version, serverMAC)
|
||||
} else {
|
||||
clientCipher = cs.aead(clientKey, clientIV)
|
||||
serverCipher = cs.aead(serverKey, serverIV)
|
||||
}
|
||||
|
||||
if isClient {
|
||||
tlsConn.in.prepareCipherSpec(version, serverCipher, serverHash)
|
||||
tlsConn.out.prepareCipherSpec(version, clientCipher, clientHash)
|
||||
} else {
|
||||
tlsConn.in.prepareCipherSpec(version, clientCipher, clientHash)
|
||||
tlsConn.out.prepareCipherSpec(version, serverCipher, serverHash)
|
||||
}
|
||||
|
||||
// skip the handshake states
|
||||
tlsConn.handshakeStatus = 1
|
||||
tlsConn.cipherSuite = cipherSuite
|
||||
tlsConn.haveVers = true
|
||||
tlsConn.vers = version
|
||||
|
||||
// Update to the new cipher specs
|
||||
// and consume the finished messages
|
||||
tlsConn.in.changeCipherSpec()
|
||||
tlsConn.out.changeCipherSpec()
|
||||
|
||||
tlsConn.in.incSeq()
|
||||
tlsConn.out.incSeq()
|
||||
|
||||
return tlsConn
|
||||
}
|
||||
|
||||
func makeSupportedVersions(minVers, maxVers uint16) []uint16 {
|
||||
a := make([]uint16, maxVers-minVers+1)
|
||||
for i := range a {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue