wip: staging work

2025-04-04 04:27:36 +03:00 · 2023-03-13 15:31:43 -06:00 · 2023-03-13 15:31:43 -06:00 · 54bb4cd3f7
commit 54bb4cd3f7
parent 7ec8b3a298
3 changed files with 277 additions and 119 deletions
--- a/u_clienthello_json.go
+++ b/u_clienthello_json.go
@ -1,112 +0,0 @@
-package tls
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-)
-
-var ErrNoExtensionID = errors.New("no extension ID in JSON object")
-
-type JSONClientHelloSpec struct {
-	CipherSuites []struct {
-		ID   uint16 `json:"id"`
-		Name string `json:"name,omitempty"` // optional
-	} `json:"cipher_suites"`
-	CompressionMethods []struct {
-		ID   uint8  `json:"id"`
-		Name string `json:"name,omitempty"` // optional
-	} `json:"compression_methods"`
-	Extensions []TLSExtensionJSONUnmarshaler `json:"extensions"`
-	TLSVersMin uint16                        `json:"min_vers,omitempty"` // optional
-	TLSVersMax uint16                        `json:"max_vers,omitempty"` // optional
-}
-
-type TLSExtensionJSONUnmarshaler struct {
-	id             uint16
-	name           string // optional
-	data           []byte // unknown ext
-	unmarshalInput []byte // debug
-	tlsExtension   TLSExtension
-}
-
-func (e *TLSExtensionJSONUnmarshaler) UnmarshalJSON(raw []byte) error {
-	e.unmarshalInput = raw
-
-	// First unmarshal the ID and Name (metadata)
-	var metadata struct {
-		ID   uint16 `json:"id"`
-		Name string `json:"name,omitempty"` // optional
-		Data []byte `json:"data,omitempty"` // optional, for UNKNOWN extensions
-	}
-	metadata.ID = 0xFFFF // invalid ID to detect if set
-
-	if err := json.Unmarshal(raw, &metadata); err != nil {
-		return err
-	}
-
-	if metadata.ID == 0xFFFF {
-		return ErrNoExtensionID // no ID in JSON object (so default value was used)
-	}
-	e.id = metadata.ID
-	e.name = metadata.Name
-	e.data = metadata.Data
-
-	// get extension type from ID
-	ext := ExtensionFromID(e.id)
-	if ext == nil {
-		return fmt.Errorf("unknown extension ID: %d", e.id)
-	}
-
-	if e.tlsExtension == nil {
-		e.fallbackToGenericExtension()
-	}
-
-	return nil
-}
-
-func (e *TLSExtensionJSONUnmarshaler) fallbackToGenericExtension() {
-	var warningMsg string = "WARNING: extension "
-	warningMsg += fmt.Sprintf("%d ", e.id)
-	if len(e.name) > 0 {
-		warningMsg += fmt.Sprintf("(%s) ", e.name)
-	}
-	warningMsg += "is falling back to generic extension"
-	if len(e.data) == 0 {
-		warningMsg += " with no data"
-	}
-	warningMsg += "\n"
-
-	// fallback to generic extension
-	genericExt := &GenericExtension{e.id, e.data}
-	e.tlsExtension = genericExt
-}
-
-/*
-{
-	"cipher_suites": [
-		{"id": 0x1301, "name": "TLS_AES_128_GCM_SHA256"},
-		{"id": 0x1302, "name": "TLS_AES_256_GCM_SHA384"}
-	],
-	"compression_methods": [
-		{"id": 0x00, "name": "null"}
-	],
-	"extensions": [
-		{"id": 0x7a7a, "name": "GREASE"}, // grease, id could be any 0xNaNa where N in 0~f
-		{"id": 0x0000, "name": "server_name"}, // don't use SNI's data
-		{"id": 0x0017, "name": "extended_master_secret"}, // no data
-		{"id": 0xff01, "name": "renegotiation_info", "renegotiation": 1},
-		{"id": 0x000a, "name": "supported_groups", "named_group_list": [
-			{"id": 0x1a1a, "name": "GREASE"},
-			{"id": 0x001d, "name": "x25519"},
-			{"id": 0x0017, "name": "secp256r1"},
-			{"id": 0x0018, "name": "secp384r1"}
-		]},
-		{"id": 0x0010, "name": "application_layer_protocol_negotiation", "protocol_name_list": [
-			"h2",
-			"http/1.1"
-		]},
-		...
-	]
-}
-*/
--- a/u_json_unmarshaler.go
+++ b/u_json_unmarshaler.go
@ -0,0 +1,168 @@
+package tls
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+)
+
+var ErrNoExtensionID = errors.New("no extension ID in JSON object")
+
+type ClientHelloSpecJSONUnmarshaler struct {
+	CipherSuites       *CipherSuitesJSONUnmarshaler       `json:"cipher_suites"`
+	CompressionMethods *CompressionMethodsJSONUnmarshaler `json:"compression_methods"`
+	Extensions         *TLSExtensionsJSONUnmarshaler      `json:"extensions"`
+	TLSVersMin         uint16                             `json:"min_vers,omitempty"` // optional
+	TLSVersMax         uint16                             `json:"max_vers,omitempty"` // optional
+}
+
+type CipherSuitesJSONUnmarshaler struct {
+	cipherSuites []uint16
+}
+
+func (c *CipherSuitesJSONUnmarshaler) UnmarshalJSON(jsonStr []byte) error {
+	var accepters []struct {
+		ID   uint16 `json:"id"`
+		Name string `json:"name,omitempty"` // optional
+	}
+	if err := json.Unmarshal(jsonStr, &accepters); err != nil {
+		return err
+	}
+
+	var ciphers []uint16 = make([]uint16, 0, len(accepters))
+	for _, accepter := range accepters {
+		ciphers = append(ciphers, unGREASEUint16(accepter.ID))
+	}
+
+	c.cipherSuites = ciphers
+	return nil
+}
+
+type CompressionMethodsJSONUnmarshaler struct {
+	compressionMethods []uint8
+}
+
+func (c *CompressionMethodsJSONUnmarshaler) UnmarshalJSON(jsonStr []byte) error {
+	var accepters []struct {
+		ID   uint8  `json:"id"`
+		Name string `json:"name,omitempty"` // optional
+	}
+	if err := json.Unmarshal(jsonStr, &accepters); err != nil {
+		return err
+	}
+
+	var compressions []uint8 = make([]uint8, 0, len(accepters))
+	for _, accepter := range accepters {
+		compressions = append(compressions, accepter.ID)
+	}
+
+	c.compressionMethods = compressions
+	return nil
+}
+
+type TLSExtensionsJSONUnmarshaler struct {
+	extensions []TLSExtensionJSON
+}
+
+func (e *TLSExtensionsJSONUnmarshaler) UnmarshalJSON(jsonStr []byte) error {
+	var accepters []tlsExtensionJSONAccepter
+	if err := json.Unmarshal(jsonStr, &accepters); err != nil {
+		return err
+	}
+
+	var exts []TLSExtensionJSON = make([]TLSExtensionJSON, 0, len(accepters))
+	for _, accepter := range accepters {
+		var extID uint16 = accepter.idNameObj.ID
+		var extName string = accepter.idNameObj.Name
+
+		// get extension type from ID
+		var ext TLSExtension = ExtensionFromID(extID)
+		if ext == nil {
+			// fallback to generic extension
+			ext = genericExtension(extID, extName)
+		}
+
+		if extJsonCompatible, ok := ext.(TLSExtensionJSON); ok {
+			exts = append(exts, extJsonCompatible)
+		} else {
+			return fmt.Errorf("extension %d (%s) is not JSON compatible", extID, extName)
+		}
+	}
+
+	// unmashal extensions
+	for idx, ext := range exts {
+		// json.Unmarshal will call the UnmarshalJSON method of the extension
+		if err := json.Unmarshal(accepters[idx].jsonStr, ext); err != nil {
+			return err
+		}
+	}
+
+	e.extensions = exts
+	return nil
+}
+
+func genericExtension(id uint16, name string) TLSExtension {
+	var warningMsg string = "WARNING: extension "
+	warningMsg += fmt.Sprintf("%d ", id)
+	if len(name) > 0 {
+		warningMsg += fmt.Sprintf("(%s) ", name)
+	}
+	warningMsg += "is falling back to generic extension"
+	warningMsg += "\n"
+
+	// fallback to generic extension
+	return &GenericExtension{Id: id}
+}
+
+type tlsExtensionJSONAccepter struct {
+	idNameObj struct {
+		ID   uint16 `json:"id"`
+		Name string `json:"name,omitempty"`
+	}
+	jsonStr []byte
+}
+
+func (t *tlsExtensionJSONAccepter) UnmarshalJSON(jsonStr []byte) error {
+	t.jsonStr = make([]byte, len(jsonStr))
+	copy(t.jsonStr, jsonStr)
+	return json.Unmarshal(jsonStr, &t.idNameObj)
+}
+
+/*
+{
+	"cipher_suites": [
+		{"id": 0x1301, "name": "TLS_AES_128_GCM_SHA256"},
+		{"id": 0x1302, "name": "TLS_AES_256_GCM_SHA384"}
+	],
+	"compression_methods": [
+		{"id": 0x00, "name": "null"}
+	],
+	"extensions": [
+		{"id": 0x7a7a, "name": "GREASE", "data": []}, // grease, id could be any 0xNaNa where N in 0~f, data is an optional byte slice
+		{"id": 0x0000, "name": "server_name"}, // SNI may(should) have data but will be ignored
+		{"id": 0x0017, "name": "extended_master_secret"}, // always no data
+		{"id": 0xff01, "name": "renegotiation_info", "renegotiated_connection": []}, // no data for initial ClientHello
+		{"id": 0x000a, "name": "supported_groups", "named_group_list": [
+			{"id": 0x1a1a, "name": "GREASE"},
+			{"id": 0x001d, "name": "x25519"},
+			{"id": 0x0017, "name": "secp256r1"},
+			{"id": 0x0018, "name": "secp384r1"}
+		]},
+		{"id": 0x000b, "name": "ec_point_formats", "ec_point_format_list": [
+			{"id": 0x00, "name": "uncompressed"},
+		]},
+		{"id": 0x0023, "name": "session_ticket"}, // always no data
+		{"id": 0x0010, "name": "application_layer_protocol_negotiation", "protocol_name_list": [
+			"h2",
+			"http/1.1"
+		]},
+		{"id": 0x0005, "name": "status_request"}, // always no data
+		{"id": 0x000d, "name": "signature_algorithms", "supported_signature_algorithms": [
+			{"id": 0x0403, "name": "ecdsa_secp256r1_sha256"},
+			{"id": 0x0804, "name": "rsa_pss_rsae_sha256"},
+			...
+		]},
+		...
+	]
+}
+*/
--- a/u_tls_extensions.go
+++ b/u_tls_extensions.go
@ -5,6 +5,7 @@
 package tls

 import (
+	"encoding/json"
 	"errors"
 	"io"
 	"strings"
@ -219,6 +220,10 @@ func (e *SNIExtension) Write(b []byte) (int, error) {
 	return fullLen, nil
 }

+func (e *SNIExtension) UnmarshalJSON(_ []byte) error {
+	return nil // no-op
+}
+
 type StatusRequestExtension struct {
 }

@ -265,6 +270,10 @@ func (e *StatusRequestExtension) Write(b []byte) (int, error) {
 	return fullLen, nil
 }

+func (e *StatusRequestExtension) UnmarshalJSON(_ []byte) error {
+	return nil // no-op
+}
+
 type StatusRequestV2Extension struct {
 }

@ -369,6 +378,23 @@ func (e *SupportedCurvesExtension) Write(b []byte) (int, error) {
 	return fullLen, nil
 }

+func (e *SupportedCurvesExtension) UnmarshalJSON(data []byte) error {
+	var namedGroupList struct {
+		NamedGroups []struct {
+			ID   uint16 `json:"id"`
+			Name string `json:"name,omitempty"`
+		} `json:"named_group_list"`
+	}
+	if err := json.Unmarshal(data, &namedGroupList); err != nil {
+		return err
+	}
+
+	for _, namedGroup := range namedGroupList.NamedGroups {
+		e.Curves = append(e.Curves, CurveID(unGREASEUint16(namedGroup.ID)))
+	}
+	return nil
+}
+
 type SupportedPointsExtension struct {
 	SupportedPoints []uint8
 }
@ -398,6 +424,23 @@ func (e *SupportedPointsExtension) Read(b []byte) (int, error) {
 	return e.Len(), io.EOF
 }

+func (e *SupportedPointsExtension) UnmarshalJSON(data []byte) error {
+	var pointFormatList struct {
+		PointFormats []struct {
+			ID   uint8  `json:"id"`
+			Name string `json:"name,omitempty"`
+		} `json:"ec_point_format_list"`
+	}
+	if err := json.Unmarshal(data, &pointFormatList); err != nil {
+		return err
+	}
+
+	for _, pointFormat := range pointFormatList.PointFormats {
+		e.SupportedPoints = append(e.SupportedPoints, pointFormat.ID)
+	}
+	return nil
+}
+
 func (e *SupportedPointsExtension) Write(b []byte) (int, error) {
 	fullLen := len(b)
 	extData := cryptobyte.String(b)
@ -521,7 +564,15 @@ func (e *SignatureAlgorithmsCertExtension) Write(b []byte) (int, error) {
 type RenegotiationInfoExtension struct {
 	// Renegotiation field limits how many times client will perform renegotiation: no limit, once, or never.
 	// The extension still will be sent, even if Renegotiation is set to RenegotiateNever.
-	Renegotiation RenegotiationSupport
+	Renegotiation RenegotiationSupport // [UTLS] added for internal use only
+
+	// RenegotiatedConnection is not yet properly handled, now we
+	// are just copying it to the client hello.
+	//
+	// If this is the initial handshake for a connection, then the
+	// "renegotiated_connection" field is of zero length in both the
+	// ClientHello and the ServerHello.
+	// RenegotiatedConnection []byte
 }

 func (e *RenegotiationInfoExtension) writeToUConn(uc *UConn) error {
@ -538,7 +589,7 @@ func (e *RenegotiationInfoExtension) writeToUConn(uc *UConn) error {
 }

 func (e *RenegotiationInfoExtension) Len() int {
-	return 5
+	return 5 // + len(e.RenegotiatedConnection)
 }

 func (e *RenegotiationInfoExtension) Read(b []byte) (int, error) {
@ -546,25 +597,36 @@ func (e *RenegotiationInfoExtension) Read(b []byte) (int, error) {
 		return 0, io.ErrShortBuffer
 	}

-	var extInnerBody []byte // inner body is empty
-	innerBodyLen := len(extInnerBody)
-	extBodyLen := innerBodyLen + 1
+	// dataLen := len(e.RenegotiatedConnection)
+	extBodyLen := 1 // + len(dataLen)

 	b[0] = byte(extensionRenegotiationInfo >> 8)
 	b[1] = byte(extensionRenegotiationInfo & 0xff)
 	b[2] = byte(extBodyLen >> 8)
 	b[3] = byte(extBodyLen)
-	b[4] = byte(innerBodyLen)
-	copy(b[5:], extInnerBody)
+	// b[4] = byte(dataLen)
+	// copy(b[5:], e.RenegotiatedConnection)

 	return e.Len(), io.EOF
 }

 func (e *RenegotiationInfoExtension) Write(_ []byte) (int, error) {
 	e.Renegotiation = RenegotiateOnceAsClient // none empty or other modes are unsupported
+	// extData := cryptobyte.String(b)
+	// var renegotiatedConnection cryptobyte.String
+	// if !extData.ReadUint8LengthPrefixed(&renegotiatedConnection) || !extData.Empty() {
+	// 	return 0, errors.New("unable to read renegotiation info extension data")
+	// }
+	// e.RenegotiatedConnection = make([]byte, len(renegotiatedConnection))
+	// copy(e.RenegotiatedConnection, renegotiatedConnection)
 	return 0, nil
 }

+func (e *RenegotiationInfoExtension) UnmarshalJSON(_ []byte) error {
+	e.Renegotiation = RenegotiateOnceAsClient
+	return nil
+}
+
 type ALPNExtension struct {
 	AlpnProtocols []string
 }
@ -632,6 +694,19 @@ func (e *ALPNExtension) Write(b []byte) (int, error) {
 	return fullLen, nil
 }

+func (e *ALPNExtension) UnmarshalJSON(b []byte) error {
+	var protocolNameList struct {
+		ProtocolNames []string `json:"protocol_name_list"`
+	}
+
+	if err := json.Unmarshal(b, &protocolNameList); err != nil {
+		return err
+	}
+
+	e.AlpnProtocols = protocolNameList.ProtocolNames
+	return nil
+}
+
 // ApplicationSettingsExtension represents the TLS ALPS extension.
 // At the time of this writing, this extension is currently a draft:
 // https://datatracker.ietf.org/doc/html/draft-vvv-tls-alps-01
@ -771,6 +846,10 @@ func (e *SessionTicketExtension) Write(_ []byte) (int, error) {
 	return 0, nil
 }

+func (e *SessionTicketExtension) UnmarshalJSON(_ []byte) error {
+	return nil // no-op
+}
+
 // GenericExtension allows to include in ClientHello arbitrary unsupported extensions.
 type GenericExtension struct {
 	Id   uint16
@ -830,6 +909,10 @@ func (e *UtlsExtendedMasterSecretExtension) Write(_ []byte) (int, error) {
 	return 0, nil
 }

+func (e *UtlsExtendedMasterSecretExtension) UnmarshalJSON(_ []byte) error {
+	return nil // no-op
+}
+
 var extendedMasterSecretLabel = []byte("extended master secret")

 // extendedMasterFromPreMasterSecret generates the master secret from the pre-master
@ -899,6 +982,25 @@ func (e *UtlsGREASEExtension) Write(b []byte) (int, error) {
 	return n, nil
 }

+func (e *UtlsGREASEExtension) UnmarshalJSON(b []byte) error {
+	var jsonObj struct {
+		Id   uint16 `json:"id"`
+		Data []byte `json:"data"`
+	}
+
+	if err := json.Unmarshal(b, &jsonObj); err != nil {
+		return err
+	}
+
+	if isGREASEUint16(jsonObj.Id) {
+		e.Value = GREASE_PLACEHOLDER
+		e.Body = jsonObj.Data
+		return nil
+	} else {
+		return errors.New("GREASE extension id must be a GREASE value")
+	}
+}
+
 type UtlsPaddingExtension struct {
 	PaddingLen int
 	WillPad    bool // set to false to disable extension