mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 12:37:35 +03:00
Code Issues Projects Releases Packages Wiki Activity

Fix intermittent issues with Randomized parrot (#19)

Browse source 
Fix intermittent issues with Randomized parrot
This commit is contained in:
sergeyfrolov 2019-02-04 13:41:38 -07:00 committed by GitHub
parent 323a55944c
commit 3fe91d9822
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
examples/examples.go
View file

@ -270,7 +270,7 @@ func forgeConn() {
serverConn, clientConn := net.Pipe() serverConn, clientConn := net.Pipe()
clientUtls.SetNetConn(clientConn) clientUtls.SetUnderlyingConn(clientConn)
hs := clientUtls.HandshakeState hs := clientUtls.HandshakeState
serverTls := tls.MakeConnWithCompleteHandshake(serverConn, hs.ServerHello.Vers, hs.ServerHello.CipherSuite, serverTls := tls.MakeConnWithCompleteHandshake(serverConn, hs.ServerHello.Vers, hs.ServerHello.CipherSuite,

4
u_conn.go
View file

@ -500,8 +500,8 @@ func (uconn *UConn) SetUnderlyingConn(c net.Conn) {
uconn.Conn.conn = c uconn.Conn.conn = c
} }
func (uconn *UConn) SetNetConn(c net.Conn) { func (uconn *UConn) GetUnderlyingConn() net.Conn {
uconn.Conn.conn = c return uconn.Conn.conn
} }
// MakeConnWithCompleteHandshake allows to forge both server and client side TLS connections. // MakeConnWithCompleteHandshake allows to forge both server and client side TLS connections.

12
u_parrots.go
View file

@ -534,10 +534,11 @@ func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, erro
if tossBiasedCoin(0.59) { if tossBiasedCoin(0.59) {
sigAndHashAlgos = append(sigAndHashAlgos, ECDSAWithP521AndSHA512) sigAndHashAlgos = append(sigAndHashAlgos, ECDSAWithP521AndSHA512)
} }
if tossBiasedCoin(0.51) { if tossBiasedCoin(0.51) || p.TLSVersMax == VersionTLS13 {
// these usually go together // https://tools.ietf.org/html/rfc8446 says "...RSASSA-PSS (which is mandatory in TLS 1.3)..."
sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA256) sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA256)
if tossBiasedCoin(0.9) { if tossBiasedCoin(0.9) {
// these usually go together
sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA384) sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA384)
sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA512) sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA512)
} }
@ -606,8 +607,11 @@ func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, erro
ks := KeyShareExtension{[]KeyShare{ ks := KeyShareExtension{[]KeyShare{
{Group: X25519}, // the key for the group will be generated later {Group: X25519}, // the key for the group will be generated later
}} }}
if tossBiasedCoin(0.5) { if tossBiasedCoin(0.25) {
ks.KeyShares = append(ks.KeyShares, KeyShare{Group: CurveP256}) // do not ADD second keyShare because crypto/tls does not support multiple ecdheParams
// TODO: add it back when they implement multiple keyShares, or implement it oursevles
// ks.KeyShares = append(ks.KeyShares, KeyShare{Group: CurveP256})
ks.KeyShares[0].Group = CurveP256
} }
pskExchangeModes := PSKKeyExchangeModesExtension{[]uint8{pskModeDHE}} pskExchangeModes := PSKKeyExchangeModesExtension{[]uint8{pskModeDHE}}
supportedVersionsExt := SupportedVersionsExtension{ supportedVersionsExt := SupportedVersionsExtension{