From 3fe91d982237c5dc711b24a25a749aace888d0c1 Mon Sep 17 00:00:00 2001 From: sergeyfrolov Date: Mon, 4 Feb 2019 13:41:38 -0700 Subject: [PATCH] Fix intermittent issues with Randomized parrot (#19) Fix intermittent issues with Randomized parrot --- examples/examples.go | 2 +- u_conn.go | 4 ++-- u_parrots.go | 12 ++++++++---- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/examples/examples.go b/examples/examples.go index 6a89595..a84ab5c 100644 --- a/examples/examples.go +++ b/examples/examples.go @@ -270,7 +270,7 @@ func forgeConn() { serverConn, clientConn := net.Pipe() - clientUtls.SetNetConn(clientConn) + clientUtls.SetUnderlyingConn(clientConn) hs := clientUtls.HandshakeState serverTls := tls.MakeConnWithCompleteHandshake(serverConn, hs.ServerHello.Vers, hs.ServerHello.CipherSuite, diff --git a/u_conn.go b/u_conn.go index 516d6f7..73fdb82 100644 --- a/u_conn.go +++ b/u_conn.go @@ -500,8 +500,8 @@ func (uconn *UConn) SetUnderlyingConn(c net.Conn) { uconn.Conn.conn = c } -func (uconn *UConn) SetNetConn(c net.Conn) { - uconn.Conn.conn = c +func (uconn *UConn) GetUnderlyingConn() net.Conn { + return uconn.Conn.conn } // MakeConnWithCompleteHandshake allows to forge both server and client side TLS connections. diff --git a/u_parrots.go b/u_parrots.go index 757241d..a2ee775 100644 --- a/u_parrots.go +++ b/u_parrots.go @@ -534,10 +534,11 @@ func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, erro if tossBiasedCoin(0.59) { sigAndHashAlgos = append(sigAndHashAlgos, ECDSAWithP521AndSHA512) } - if tossBiasedCoin(0.51) { - // these usually go together + if tossBiasedCoin(0.51) || p.TLSVersMax == VersionTLS13 { + // https://tools.ietf.org/html/rfc8446 says "...RSASSA-PSS (which is mandatory in TLS 1.3)..." sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA256) if tossBiasedCoin(0.9) { + // these usually go together sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA384) sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA512) } @@ -606,8 +607,11 @@ func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, erro ks := KeyShareExtension{[]KeyShare{ {Group: X25519}, // the key for the group will be generated later }} - if tossBiasedCoin(0.5) { - ks.KeyShares = append(ks.KeyShares, KeyShare{Group: CurveP256}) + if tossBiasedCoin(0.25) { + // do not ADD second keyShare because crypto/tls does not support multiple ecdheParams + // TODO: add it back when they implement multiple keyShares, or implement it oursevles + // ks.KeyShares = append(ks.KeyShares, KeyShare{Group: CurveP256}) + ks.KeyShares[0].Group = CurveP256 } pskExchangeModes := PSKKeyExchangeModesExtension{[]uint8{pskModeDHE}} supportedVersionsExt := SupportedVersionsExtension{