+tls13 extensions; +Chrome 70, Firefox 63 parrots

Adds support for following TLS 1.3 extensions: - PSKKeyExchangeModes - SupportedVersions - KeyShare and uses them to implement newest Chrome and Firefox parrots. Tests for default Golang uTLS were regenerated because they previously used TLS-1.2 as max version.
2025-04-04 04:27:36 +03:00 · 2018-12-07 18:30:34 -07:00 · 2018-12-07 18:30:34 -07:00 · b84d7d5f05
commit b84d7d5f05
parent 04ef89985b
36 changed files with 3149 additions and 335 deletions
--- a/u_public.go
+++ b/u_public.go
@ -330,7 +330,7 @@ type ClientHelloMsg struct {
 	SupportedSignatureAlgorithmsCert []SignatureScheme
 	SupportedVersions                []uint16
 	Cookie                           []byte
-	KeyShares                        []keyShare
+	KeyShares                        []KeyShare
 	EarlyData                        bool
 	PskModes                         []uint8
 	PskIdentities                    []pskIdentity
@ -365,7 +365,7 @@ func (chm *ClientHelloMsg) getPrivatePtr() *clientHelloMsg {
 			supportedSignatureAlgorithmsCert: chm.SupportedSignatureAlgorithmsCert,
 			supportedVersions:                chm.SupportedVersions,
 			cookie:                           chm.Cookie,
-			keyShares:                        chm.KeyShares,
+			keyShares:                        KeyShares(chm.KeyShares).ToPrivate(),
 			earlyData:                        chm.EarlyData,
 			pskModes:                         chm.PskModes,
 			pskIdentities:                    chm.PskIdentities,
@ -402,7 +402,7 @@ func (chm *clientHelloMsg) getPublicPtr() *ClientHelloMsg {
 			SupportedSignatureAlgorithmsCert: chm.supportedSignatureAlgorithmsCert,
 			SupportedVersions:                chm.supportedVersions,
 			Cookie:                           chm.cookie,
-			KeyShares:                        chm.keyShares,
+			KeyShares:                        keyShares(chm.keyShares).ToPublic(),
 			EarlyData:                        chm.earlyData,
 			PskModes:                         chm.pskModes,
 			PskIdentities:                    chm.pskIdentities,
@ -511,6 +511,30 @@ func (fh *finishedHash) getPublicPtr() *FinishedHash {
 	}
 }

+// TLS 1.3 Key Share. See RFC 8446, Section 4.2.8.
+type KeyShare struct {
+	Group CurveID
+	Data  []byte
+}
+
+type KeyShares []KeyShare
+type keyShares []keyShare
+
+func (kss keyShares) ToPublic() []KeyShare {
+	var KSS []KeyShare
+	for _, ks := range kss {
+		KSS = append(KSS, KeyShare{Data: ks.data, Group: ks.group})
+	}
+	return KSS
+}
+func (KSS KeyShares) ToPrivate() []keyShare {
+	var kss []keyShare
+	for _, KS := range KSS {
+		kss = append(kss, keyShare{data: KS.Data, group: KS.Group})
+	}
+	return kss
+}
+
 // ClientSessionState is public, but all its fields are private. Let's add setters, getters and constructor

 // ClientSessionState contains the state needed by clients to resume TLS sessions.