mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
Merge branch 'golang-tls-upstream', remove Android
I tested all fingerprints and confirmed that Chrome and Firefox are working as intended. Android fingerprints were grossly unpopular, which could a result of incorrect merge, but either way we'll remove them for now.
This commit is contained in:
Sergey Frolov
commit
9656990081
114 changed files with 4011 additions and 4132 deletions
|
|
@ -25,7 +25,7 @@ type clientHelloMsg struct {
|
|||
supportedPoints []uint8
|
||||
ticketSupported bool
|
||||
sessionTicket []uint8
|
||||
signatureAndHashes []signatureAndHash
|
||||
supportedSignatureAlgorithms []SignatureScheme
|
||||
secureRenegotiation []byte
|
||||
secureRenegotiationSupported bool
|
||||
alpnProtocols []string
|
||||
|
|
@ -51,7 +51,7 @@ func (m *clientHelloMsg) equal(i interface{}) bool {
|
|||
bytes.Equal(m.supportedPoints, m1.supportedPoints) &&
|
||||
m.ticketSupported == m1.ticketSupported &&
|
||||
bytes.Equal(m.sessionTicket, m1.sessionTicket) &&
|
||||
eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) &&
|
||||
eqSignatureAlgorithms(m.supportedSignatureAlgorithms, m1.supportedSignatureAlgorithms) &&
|
||||
m.secureRenegotiationSupported == m1.secureRenegotiationSupported &&
|
||||
bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) &&
|
||||
eqStrings(m.alpnProtocols, m1.alpnProtocols)
|
||||
|
|
@ -88,8 +88,8 @@ func (m *clientHelloMsg) marshal() []byte {
|
|||
extensionsLength += len(m.sessionTicket)
|
||||
numExtensions++
|
||||
}
|
||||
if len(m.signatureAndHashes) > 0 {
|
||||
extensionsLength += 2 + 2*len(m.signatureAndHashes)
|
||||
if len(m.supportedSignatureAlgorithms) > 0 {
|
||||
extensionsLength += 2 + 2*len(m.supportedSignatureAlgorithms)
|
||||
numExtensions++
|
||||
}
|
||||
if m.secureRenegotiationSupported {
|
||||
|
|
@ -193,7 +193,7 @@ func (m *clientHelloMsg) marshal() []byte {
|
|||
z = z[9:]
|
||||
}
|
||||
if len(m.supportedCurves) > 0 {
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.5.1
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.5.1
|
||||
z[0] = byte(extensionSupportedCurves >> 8)
|
||||
z[1] = byte(extensionSupportedCurves)
|
||||
l := 2 + 2*len(m.supportedCurves)
|
||||
|
|
@ -210,7 +210,7 @@ func (m *clientHelloMsg) marshal() []byte {
|
|||
}
|
||||
}
|
||||
if len(m.supportedPoints) > 0 {
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.5.2
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.5.2
|
||||
z[0] = byte(extensionSupportedPoints >> 8)
|
||||
z[1] = byte(extensionSupportedPoints)
|
||||
l := 1 + len(m.supportedPoints)
|
||||
|
|
@ -225,7 +225,7 @@ func (m *clientHelloMsg) marshal() []byte {
|
|||
}
|
||||
}
|
||||
if m.ticketSupported {
|
||||
// http://tools.ietf.org/html/rfc5077#section-3.2
|
||||
// https://tools.ietf.org/html/rfc5077#section-3.2
|
||||
z[0] = byte(extensionSessionTicket >> 8)
|
||||
z[1] = byte(extensionSessionTicket)
|
||||
l := len(m.sessionTicket)
|
||||
|
|
@ -235,11 +235,11 @@ func (m *clientHelloMsg) marshal() []byte {
|
|||
copy(z, m.sessionTicket)
|
||||
z = z[len(m.sessionTicket):]
|
||||
}
|
||||
if len(m.signatureAndHashes) > 0 {
|
||||
if len(m.supportedSignatureAlgorithms) > 0 {
|
||||
// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
||||
z[0] = byte(extensionSignatureAlgorithms >> 8)
|
||||
z[1] = byte(extensionSignatureAlgorithms)
|
||||
l := 2 + 2*len(m.signatureAndHashes)
|
||||
l := 2 + 2*len(m.supportedSignatureAlgorithms)
|
||||
z[2] = byte(l >> 8)
|
||||
z[3] = byte(l)
|
||||
z = z[4:]
|
||||
|
|
@ -248,9 +248,9 @@ func (m *clientHelloMsg) marshal() []byte {
|
|||
z[0] = byte(l >> 8)
|
||||
z[1] = byte(l)
|
||||
z = z[2:]
|
||||
for _, sigAndHash := range m.signatureAndHashes {
|
||||
z[0] = sigAndHash.hash
|
||||
z[1] = sigAndHash.signature
|
||||
for _, sigAlgo := range m.supportedSignatureAlgorithms {
|
||||
z[0] = byte(sigAlgo >> 8)
|
||||
z[1] = byte(sigAlgo)
|
||||
z = z[2:]
|
||||
}
|
||||
}
|
||||
|
|
@ -345,7 +345,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
|
|||
m.ocspStapling = false
|
||||
m.ticketSupported = false
|
||||
m.sessionTicket = nil
|
||||
m.signatureAndHashes = nil
|
||||
m.supportedSignatureAlgorithms = nil
|
||||
m.alpnProtocols = nil
|
||||
m.scts = false
|
||||
|
||||
|
|
@ -415,7 +415,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
|
|||
case extensionStatusRequest:
|
||||
m.ocspStapling = length > 0 && data[0] == statusTypeOCSP
|
||||
case extensionSupportedCurves:
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.5.1
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.5.1
|
||||
if length < 2 {
|
||||
return false
|
||||
}
|
||||
|
|
@ -431,7 +431,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
|
|||
d = d[2:]
|
||||
}
|
||||
case extensionSupportedPoints:
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.5.2
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.5.2
|
||||
if length < 1 {
|
||||
return false
|
||||
}
|
||||
|
|
@ -442,7 +442,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
|
|||
m.supportedPoints = make([]uint8, l)
|
||||
copy(m.supportedPoints, data[1:])
|
||||
case extensionSessionTicket:
|
||||
// http://tools.ietf.org/html/rfc5077#section-3.2
|
||||
// https://tools.ietf.org/html/rfc5077#section-3.2
|
||||
m.ticketSupported = true
|
||||
m.sessionTicket = data[:length]
|
||||
case extensionSignatureAlgorithms:
|
||||
|
|
@ -456,10 +456,9 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
|
|||
}
|
||||
n := l / 2
|
||||
d := data[2:]
|
||||
m.signatureAndHashes = make([]signatureAndHash, n)
|
||||
for i := range m.signatureAndHashes {
|
||||
m.signatureAndHashes[i].hash = d[0]
|
||||
m.signatureAndHashes[i].signature = d[1]
|
||||
m.supportedSignatureAlgorithms = make([]SignatureScheme, n)
|
||||
for i := range m.supportedSignatureAlgorithms {
|
||||
m.supportedSignatureAlgorithms[i] = SignatureScheme(d[0])<<8 | SignatureScheme(d[1])
|
||||
d = d[2:]
|
||||
}
|
||||
case extensionRenegotiationInfo:
|
||||
|
|
@ -1212,9 +1211,9 @@ type certificateRequestMsg struct {
|
|||
// 1.2.
|
||||
hasSignatureAndHash bool
|
||||
|
||||
certificateTypes []byte
|
||||
signatureAndHashes []signatureAndHash
|
||||
certificateAuthorities [][]byte
|
||||
certificateTypes []byte
|
||||
supportedSignatureAlgorithms []SignatureScheme
|
||||
certificateAuthorities [][]byte
|
||||
}
|
||||
|
||||
func (m *certificateRequestMsg) equal(i interface{}) bool {
|
||||
|
|
@ -1226,7 +1225,7 @@ func (m *certificateRequestMsg) equal(i interface{}) bool {
|
|||
return bytes.Equal(m.raw, m1.raw) &&
|
||||
bytes.Equal(m.certificateTypes, m1.certificateTypes) &&
|
||||
eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) &&
|
||||
eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes)
|
||||
eqSignatureAlgorithms(m.supportedSignatureAlgorithms, m1.supportedSignatureAlgorithms)
|
||||
}
|
||||
|
||||
func (m *certificateRequestMsg) marshal() (x []byte) {
|
||||
|
|
@ -1234,7 +1233,7 @@ func (m *certificateRequestMsg) marshal() (x []byte) {
|
|||
return m.raw
|
||||
}
|
||||
|
||||
// See http://tools.ietf.org/html/rfc4346#section-7.4.4
|
||||
// See https://tools.ietf.org/html/rfc4346#section-7.4.4
|
||||
length := 1 + len(m.certificateTypes) + 2
|
||||
casLength := 0
|
||||
for _, ca := range m.certificateAuthorities {
|
||||
|
|
@ -1243,7 +1242,7 @@ func (m *certificateRequestMsg) marshal() (x []byte) {
|
|||
length += casLength
|
||||
|
||||
if m.hasSignatureAndHash {
|
||||
length += 2 + 2*len(m.signatureAndHashes)
|
||||
length += 2 + 2*len(m.supportedSignatureAlgorithms)
|
||||
}
|
||||
|
||||
x = make([]byte, 4+length)
|
||||
|
|
@ -1258,13 +1257,13 @@ func (m *certificateRequestMsg) marshal() (x []byte) {
|
|||
y := x[5+len(m.certificateTypes):]
|
||||
|
||||
if m.hasSignatureAndHash {
|
||||
n := len(m.signatureAndHashes) * 2
|
||||
n := len(m.supportedSignatureAlgorithms) * 2
|
||||
y[0] = uint8(n >> 8)
|
||||
y[1] = uint8(n)
|
||||
y = y[2:]
|
||||
for _, sigAndHash := range m.signatureAndHashes {
|
||||
y[0] = sigAndHash.hash
|
||||
y[1] = sigAndHash.signature
|
||||
for _, sigAlgo := range m.supportedSignatureAlgorithms {
|
||||
y[0] = uint8(sigAlgo >> 8)
|
||||
y[1] = uint8(sigAlgo)
|
||||
y = y[2:]
|
||||
}
|
||||
}
|
||||
|
|
@ -1321,11 +1320,10 @@ func (m *certificateRequestMsg) unmarshal(data []byte) bool {
|
|||
if len(data) < int(sigAndHashLen) {
|
||||
return false
|
||||
}
|
||||
numSigAndHash := sigAndHashLen / 2
|
||||
m.signatureAndHashes = make([]signatureAndHash, numSigAndHash)
|
||||
for i := range m.signatureAndHashes {
|
||||
m.signatureAndHashes[i].hash = data[0]
|
||||
m.signatureAndHashes[i].signature = data[1]
|
||||
numSigAlgos := sigAndHashLen / 2
|
||||
m.supportedSignatureAlgorithms = make([]SignatureScheme, numSigAlgos)
|
||||
for i := range m.supportedSignatureAlgorithms {
|
||||
m.supportedSignatureAlgorithms[i] = SignatureScheme(data[0])<<8 | SignatureScheme(data[1])
|
||||
data = data[2:]
|
||||
}
|
||||
}
|
||||
|
|
@ -1364,7 +1362,7 @@ func (m *certificateRequestMsg) unmarshal(data []byte) bool {
|
|||
type certificateVerifyMsg struct {
|
||||
raw []byte
|
||||
hasSignatureAndHash bool
|
||||
signatureAndHash signatureAndHash
|
||||
signatureAlgorithm SignatureScheme
|
||||
signature []byte
|
||||
}
|
||||
|
||||
|
|
@ -1376,8 +1374,7 @@ func (m *certificateVerifyMsg) equal(i interface{}) bool {
|
|||
|
||||
return bytes.Equal(m.raw, m1.raw) &&
|
||||
m.hasSignatureAndHash == m1.hasSignatureAndHash &&
|
||||
m.signatureAndHash.hash == m1.signatureAndHash.hash &&
|
||||
m.signatureAndHash.signature == m1.signatureAndHash.signature &&
|
||||
m.signatureAlgorithm == m1.signatureAlgorithm &&
|
||||
bytes.Equal(m.signature, m1.signature)
|
||||
}
|
||||
|
||||
|
|
@ -1386,7 +1383,7 @@ func (m *certificateVerifyMsg) marshal() (x []byte) {
|
|||
return m.raw
|
||||
}
|
||||
|
||||
// See http://tools.ietf.org/html/rfc4346#section-7.4.8
|
||||
// See https://tools.ietf.org/html/rfc4346#section-7.4.8
|
||||
siglength := len(m.signature)
|
||||
length := 2 + siglength
|
||||
if m.hasSignatureAndHash {
|
||||
|
|
@ -1399,8 +1396,8 @@ func (m *certificateVerifyMsg) marshal() (x []byte) {
|
|||
x[3] = uint8(length)
|
||||
y := x[4:]
|
||||
if m.hasSignatureAndHash {
|
||||
y[0] = m.signatureAndHash.hash
|
||||
y[1] = m.signatureAndHash.signature
|
||||
y[0] = uint8(m.signatureAlgorithm >> 8)
|
||||
y[1] = uint8(m.signatureAlgorithm)
|
||||
y = y[2:]
|
||||
}
|
||||
y[0] = uint8(siglength >> 8)
|
||||
|
|
@ -1426,8 +1423,7 @@ func (m *certificateVerifyMsg) unmarshal(data []byte) bool {
|
|||
|
||||
data = data[4:]
|
||||
if m.hasSignatureAndHash {
|
||||
m.signatureAndHash.hash = data[0]
|
||||
m.signatureAndHash.signature = data[1]
|
||||
m.signatureAlgorithm = SignatureScheme(data[0])<<8 | SignatureScheme(data[1])
|
||||
data = data[2:]
|
||||
}
|
||||
|
||||
|
|
@ -1465,7 +1461,7 @@ func (m *newSessionTicketMsg) marshal() (x []byte) {
|
|||
return m.raw
|
||||
}
|
||||
|
||||
// See http://tools.ietf.org/html/rfc5077#section-3.3
|
||||
// See https://tools.ietf.org/html/rfc5077#section-3.3
|
||||
ticketLen := len(m.ticket)
|
||||
length := 2 + 4 + ticketLen
|
||||
x = make([]byte, 4+length)
|
||||
|
|
@ -1563,13 +1559,12 @@ func eqByteSlices(x, y [][]byte) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
func eqSignatureAndHashes(x, y []signatureAndHash) bool {
|
||||
func eqSignatureAlgorithms(x, y []SignatureScheme) bool {
|
||||
if len(x) != len(y) {
|
||||
return false
|
||||
}
|
||||
for i, v := range x {
|
||||
v2 := y[i]
|
||||
if v.hash != v2.hash || v.signature != v2.signature {
|
||||
if v != y[i] {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue