feat: Convert raw bytes or tlsfingerprint record to ClientHelloSpec (#168)

* feat: byte to clienthellospecs conversion * feat: specific case for GREASE and ALPS Will automatically add "h2" to ALPS and write to log when GREASE extension is imported in `ImportTLSClientHello()` * fix: ReadCompressionMethods ReadCompressionMethods didn't advance the s and fails reading extensions * fix: remove debug log * fix: use cryptobyte for internal helper `helper.Uint8to16()` now calls `(*cryptobyte.String).ReadUint16()` * fix: preshared key fingerprinter test updated fingerprinter test to test with PreSharedKey extension * fix: naming of FakePreSharedKeyExt It is a Fake extension since `crypto/tls` doesn't really implement PSK-based resumption and neither do we. * feat: Properly check GREASE Adopted from #148. Co-Authored-By: gfw-report <gfw.report@protonmail.com> * feat: add fakeExtensionEncryptThenMAC And reordered `fakeExtensionDelegatedCredentials`. The new `Fingerprinter` is expected to account for the `fakeExtensionEncryptThenMAC` using a `GenericExtension` when `allowBluntMimicry` is set. Co-Authored-By: gfw-report <gfw.report@protonmail.com> * fix: remove keepPSK and minor - Removed all presence of keepPSK flag. - Added check before using the field of a map. --------- Co-authored-by: gfw-report <gfw.report@protonmail.com>
2025-04-03 20:17:36 +03:00 · 2023-03-09 15:06:43 -07:00 · 2023-03-09 15:06:43 -07:00 · dae72adb81
commit dae72adb81
parent 71b4ad3909
10 changed files with 961 additions and 366 deletions
--- a/u_public.go
+++ b/u_public.go
@ -344,7 +344,7 @@ type PubClientHelloMsg struct {
 	KeyShares                        []KeyShare
 	EarlyData                        bool
 	PskModes                         []uint8
-	PskIdentities                    []pskIdentity
+	PskIdentities                    []PskIdentity
 	PskBinders                       [][]byte
 }

@ -379,7 +379,7 @@ func (chm *PubClientHelloMsg) getPrivatePtr() *clientHelloMsg {
 			keyShares:                        KeyShares(chm.KeyShares).ToPrivate(),
 			earlyData:                        chm.EarlyData,
 			pskModes:                         chm.PskModes,
-			pskIdentities:                    chm.PskIdentities,
+			pskIdentities:                    PskIdentities(chm.PskIdentities).ToPrivate(),
 			pskBinders:                       chm.PskBinders,
 		}
 	}
@ -416,7 +416,7 @@ func (chm *clientHelloMsg) getPublicPtr() *PubClientHelloMsg {
 			KeyShares:                        keyShares(chm.keyShares).ToPublic(),
 			EarlyData:                        chm.earlyData,
 			PskModes:                         chm.pskModes,
-			PskIdentities:                    chm.pskIdentities,
+			PskIdentities:                    pskIdentities(chm.pskIdentities).ToPublic(),
 			PskBinders:                       chm.pskBinders,
 		}
 	}
@ -562,6 +562,32 @@ func (KSS KeyShares) ToPrivate() []keyShare {
 	return kss
 }

+// TLS 1.3 PSK Identity. Can be a Session Ticket, or a reference to a saved
+// session. See RFC 8446, Section 4.2.11.
+type PskIdentity struct {
+	Label               []byte
+	ObfuscatedTicketAge uint32
+}
+
+type PskIdentities []PskIdentity
+type pskIdentities []pskIdentity
+
+func (pss pskIdentities) ToPublic() []PskIdentity {
+	var PSS []PskIdentity
+	for _, ps := range pss {
+		PSS = append(PSS, PskIdentity{Label: ps.label, ObfuscatedTicketAge: ps.obfuscatedTicketAge})
+	}
+	return PSS
+}
+
+func (PSS PskIdentities) ToPrivate() []pskIdentity {
+	var pss []pskIdentity
+	for _, PS := range PSS {
+		pss = append(pss, pskIdentity{label: PS.Label, obfuscatedTicketAge: PS.ObfuscatedTicketAge})
+	}
+	return pss
+}
+
 // ClientSessionState is public, but all its fields are private. Let's add setters, getters and constructor

 // ClientSessionState contains the state needed by clients to resume TLS sessions.