mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 03:57:36 +03:00
feat: add GREASEEncryptedClientHelloExtension (#266)
* dicttls: update ECH-related entries * wip: GREASE ECH extension * new: GREASE ECH extension * fix: GREASE ECH Read must succeed with io.EOF * new: GREASE ECH multiple payload len * new: parse ECH in EncryptedExtensions * fix: ECHConfig Length always 0 * new: GREASE ECH parrots * new: (*Config).ECHConfigs Add (*Config).ECHConfigs for future full ECH extension. * new: add GREASE ECH example Add an incomplete example of using GREASE ECH extension (Chrome 120 parrot). * fix: invalid httpGetOverConn call fix a problem in old example where httpGetOverConn was called with uTlsConn.HandshakeState.ServerHello.AlpnProtocol, which will not be populated in case TLS 1.3 is used. * new: possible InnerClientHello length
This commit is contained in:
Gaukas Wang
GitHub
parent
9521fba944
commit
b4de442d02
19 changed files with 925 additions and 51 deletions
15
u_conn.go
15
u_conn.go
|
|
@ -48,6 +48,9 @@ type UConn struct {
|
|||
// algorithms, as specified in the ClientHello. This is only relevant client-side, for the
|
||||
// server certificate. All other forms of certificate compression are unsupported.
|
||||
certCompressionAlgs []CertCompressionAlgo
|
||||
|
||||
// ech extension is a shortcut to the ECH extension in the Extensions slice if there is one.
|
||||
ech ECHExtension
|
||||
}
|
||||
|
||||
// UClient returns a new uTLS client, with behavior depending on clientHelloID.
|
||||
|
|
@ -616,13 +619,19 @@ func (uconn *UConn) ApplyConfig() error {
|
|||
}
|
||||
|
||||
func (uconn *UConn) MarshalClientHello() error {
|
||||
if uconn.ech != nil {
|
||||
if err := uconn.ech.Configure(uconn.config.ECHConfigs); err != nil {
|
||||
return err
|
||||
}
|
||||
return uconn.ech.MarshalClientHello(uconn)
|
||||
}
|
||||
hello := uconn.HandshakeState.Hello
|
||||
headerLength := 2 + 32 + 1 + len(hello.SessionId) +
|
||||
2 + len(hello.CipherSuites)*2 +
|
||||
1 + len(hello.CompressionMethods)
|
||||
|
||||
extensionsLen := 0
|
||||
var paddingExt *UtlsPaddingExtension
|
||||
var paddingExt *UtlsPaddingExtension // reference to padding extension, if present
|
||||
for _, ext := range uconn.Extensions {
|
||||
if pe, ok := ext.(*UtlsPaddingExtension); !ok {
|
||||
// If not padding - just add length of extension to total length
|
||||
|
|
@ -859,6 +868,7 @@ func (c *Conn) utlsHandshakeMessageType(msgType byte) (handshakeMessage, error)
|
|||
// Extending (*Conn).connectionStateLocked()
|
||||
func (c *Conn) utlsConnectionStateLocked(state *ConnectionState) {
|
||||
state.PeerApplicationSettings = c.utls.peerApplicationSettings
|
||||
state.ECHRetryConfigs = c.utls.echRetryConfigs
|
||||
}
|
||||
|
||||
type utlsConnExtraFields struct {
|
||||
|
|
@ -867,5 +877,8 @@ type utlsConnExtraFields struct {
|
|||
peerApplicationSettings []byte
|
||||
localApplicationSettings []byte
|
||||
|
||||
// Encrypted Client Hello (ECH)
|
||||
echRetryConfigs []ECHConfig
|
||||
|
||||
sessionController *sessionController
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue