mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 03:57:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

feat: add GREASEEncryptedClientHelloExtension (#266)

Browse source 
* dicttls: update ECH-related entries

* wip: GREASE ECH extension

* new: GREASE ECH extension

* fix: GREASE ECH Read must succeed with io.EOF

* new: GREASE ECH multiple payload len

* new: parse ECH in EncryptedExtensions

* fix: ECHConfig Length always 0

* new: GREASE ECH parrots

* new: (*Config).ECHConfigs

Add (*Config).ECHConfigs for future full ECH extension.

* new: add GREASE ECH example

Add an incomplete example of using GREASE ECH extension (Chrome 120 parrot).

* fix: invalid httpGetOverConn call

fix a problem in old example where httpGetOverConn was called with uTlsConn.HandshakeState.ServerHello.AlpnProtocol, which will not be populated in case TLS 1.3 is used.

* new: possible InnerClientHello length
This commit is contained in:
Gaukas Wang 2023-12-13 19:50:50 -07:00 committed by GitHub
parent 9521fba944
commit b4de442d02
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 925 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

62
u_hpke.go Normal file
View file

@ -0,0 +1,62 @@
package tls
import (
"errors"
"fmt"
"github.com/cloudflare/circl/hpke"
"github.com/cloudflare/circl/kem"
)
type HPKERawPublicKey = []byte
type HPKE_KEM_ID = uint16 // RFC 9180
type HPKE_KDF_ID = uint16 // RFC 9180
type HPKE_AEAD_ID = uint16 // RFC 9180
type HPKESymmetricCipherSuite struct {
KdfId HPKE_KDF_ID
AeadId HPKE_AEAD_ID
}
type HPKEKeyConfig struct {
ConfigId uint8
KemId HPKE_KEM_ID
PublicKey kem.PublicKey
rawPublicKey HPKERawPublicKey
CipherSuites []HPKESymmetricCipherSuite
}
var defaultHPKESuite hpke.Suite
func init() {
var err error
defaultHPKESuite, err = hpkeAssembleSuite(
uint16(hpke.KEM_X25519_HKDF_SHA256),
uint16(hpke.KDF_HKDF_SHA256),
uint16(hpke.AEAD_AES128GCM),
)
if err != nil {
panic(fmt.Sprintf("hpke: mandatory-to-implement cipher suite not supported: %s", err))
}
}
func hpkeAssembleSuite(kemId, kdfId, aeadId uint16) (hpke.Suite, error) {
kem := hpke.KEM(kemId)
if !kem.IsValid() {
return hpke.Suite{}, errors.New("KEM is not supported")
}
kdf := hpke.KDF(kdfId)
if !kdf.IsValid() {
return hpke.Suite{}, errors.New("KDF is not supported")
}
aead := hpke.AEAD(aeadId)
if !aead.IsValid() {
return hpke.Suite{}, errors.New("AEAD is not supported")
}
return hpke.NewSuite(kem, kdf, aead), nil
}
var dummyX25519PublicKey = []byte{
143, 38, 37, 36, 12, 6, 229, 30, 140, 27, 167, 73, 26, 100, 203, 107, 216,
81, 163, 222, 52, 211, 54, 210, 46, 37, 78, 216, 157, 97, 241, 244,
}