Implement consistent randomized fingerprint (#20)

- Uses a chacha20-based CSPRNG to generate randomized fingeprints - Refactors generation of randomized fingerprints, removing many redundant shuffle functions. - Adds Seed field to ClientHelloID - ClientHelloID.Version is now a string (was uint16)
2025-04-03 20:17:36 +03:00 · 2019-03-06 16:14:34 -07:00 · 2019-03-06 16:14:34 -07:00 · 7c97cdb476
commit 7c97cdb476
parent 1188641a16
8 changed files with 442 additions and 215 deletions
--- a/u_roller.go
+++ b/u_roller.go
@ -12,21 +12,21 @@ type Roller struct {
 	WorkingHelloID      *ClientHelloID
 	TcpDialTimeout      time.Duration
 	TlsHandshakeTimeout time.Duration
+	r                   *prng
 }

 // NewRoller creates Roller object with default range of HelloIDs to cycle through until a
 // working/unblocked one is found.
 func NewRoller() (*Roller, error) {
-	tcpDialTimeoutInc, err := getRandInt(14)
+	r, err := newPRNG()
 	if err != nil {
 		return nil, err
 	}
+
+	tcpDialTimeoutInc := r.Intn(14)
 	tcpDialTimeoutInc = 7 + tcpDialTimeoutInc

-	tlsHandshakeTimeoutInc, err := getRandInt(20)
-	if err != nil {
-		return nil, err
-	}
+	tlsHandshakeTimeoutInc := r.Intn(20)
 	tlsHandshakeTimeoutInc = 11 + tlsHandshakeTimeoutInc

 	return &Roller{
@ -38,6 +38,7 @@ func NewRoller() (*Roller, error) {
 		},
 		TcpDialTimeout:      time.Second * time.Duration(tcpDialTimeoutInc),
 		TlsHandshakeTimeout: time.Second * time.Duration(tlsHandshakeTimeoutInc),
+		r:                   r,
 	}, nil
 }

@ -49,25 +50,32 @@ func NewRoller() (*Roller, error) {
 //    Dial("tcp4", "google.com:443", "google.com")
 //    Dial("tcp", "10.23.144.22:443", "mywebserver.org")
 func (c *Roller) Dial(network, addr, serverName string) (*UConn, error) {
-	helloIDs, err := shuffleClientHelloIDs(c.HelloIDs)
-	if err != nil {
-		return nil, err
-	}
+	helloIDs := make([]ClientHelloID, len(c.HelloIDs))
+	copy(helloIDs, c.HelloIDs)
+	c.r.rand.Shuffle(len(c.HelloIDs), func(i, j int) {
+		helloIDs[i], helloIDs[j] = helloIDs[j], helloIDs[i]
+	})

 	c.HelloIDMu.Lock()
 	workingHelloId := c.WorkingHelloID // keep using same helloID, if it works
 	c.HelloIDMu.Unlock()
 	if workingHelloId != nil {
+		helloIDFound := false
 		for i, ID := range helloIDs {
 			if ID == *workingHelloId {
 				helloIDs[i] = helloIDs[0]
 				helloIDs[0] = *workingHelloId // push working hello ID first
+				helloIDFound = true
 				break
 			}
 		}
+		if !helloIDFound {
+			helloIDs = append([]ClientHelloID{*workingHelloId}, helloIDs...)
+		}
 	}

 	var tcpConn net.Conn
+	var err error
 	for _, helloID := range helloIDs {
 		tcpConn, err = net.DialTimeout(network, addr, c.TcpDialTimeout)
 		if err != nil {
@ -84,23 +92,9 @@ func (c *Roller) Dial(network, addr, serverName string) (*UConn, error) {
 		}

 		c.HelloIDMu.Lock()
-		c.WorkingHelloID = &helloID
+		c.WorkingHelloID = &client.ClientHelloID
 		c.HelloIDMu.Unlock()
 		return client, err
 	}
 	return nil, err
 }
-
-// returns a shuffled copy of input
-func shuffleClientHelloIDs(helloIDs []ClientHelloID) ([]ClientHelloID, error) {
-	perm, err := getRandPerm(len(helloIDs))
-	if err != nil {
-		return nil, err
-	}
-
-	shuffled := make([]ClientHelloID, len(helloIDs))
-	for i, randI := range perm {
-		shuffled[i] = helloIDs[randI]
-	}
-	return shuffled, nil
-}