mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

Implement uconn.RemoveSNIExtension() (#51)

Browse source 
Authored by: https://github.com/max-b
Co-authored-by: Myles Horton <myles@getlantern.org>
Co-authored-by: Willie Forkner <1120829+forkner@users.noreply.github.com>
This commit is contained in:
maxb 2020-07-28 18:25:16 -07:00 committed by GitHub
parent 02675388fe
commit dc2ae3bffe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 162 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

109
testdata/Client-TLSv12-UTLS-ECDHE-RSA-AES128-GCM-SHA256-Chrome-70-OmitSNI vendored Normal file
View file

@ -0,0 +1,109 @@
>>> Flow 1 (client to server)
00000000 16 03 01 02 00 01 00 01 fc 03 03 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 |........... ....|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 22 0a 0a |............."..|
00000050 13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 |.......+./.,.0..|
00000060 cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 00 0a |.........../.5..|
00000070 01 00 01 91 0a 0a 00 00 ff 01 00 01 00 00 00 00 |................|
00000080 05 00 03 00 00 00 00 17 00 00 00 23 00 00 00 0d |...........#....|
00000090 00 14 00 12 04 03 08 04 04 01 05 03 08 05 05 01 |................|
000000a0 08 06 06 01 02 01 00 05 00 05 01 00 00 00 00 00 |................|
000000b0 12 00 00 00 10 00 0e 00 0c 02 68 32 08 68 74 74 |..........h2.htt|
000000c0 70 2f 31 2e 31 75 50 00 00 00 0b 00 02 01 00 00 |p/1.1uP.........|
000000d0 33 00 2b 00 29 0a 0a 00 01 00 00 1d 00 20 2f e5 |3.+.)........ /.|
000000e0 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff |}.G.bC.(.._.).0.|
000000f0 f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 00 2d |........._X.;t.-|
00000100 00 02 01 01 00 2b 00 0b 0a 0a 0a 03 04 03 03 03 |.....+..........|
00000110 02 03 01 00 0a 00 0a 00 08 0a 0a 00 1d 00 17 00 |................|
00000120 18 00 1b 00 03 02 00 02 1a 1a 00 01 00 00 15 00 |................|
00000130 d4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000200 00 00 00 00 00 |.....|
>>> Flow 2 (server to client)
00000000 16 03 03 00 5d 02 00 00 59 03 03 06 bb 2c 4d 12 |....]...Y....,M.|
00000010 6e 2a 6e eb cc 49 a9 d6 d5 65 ef f2 16 80 9b 48 |n*n..I...e.....H|
00000020 84 a4 7e 79 43 97 91 90 b6 33 6f 20 03 ef ac 2c |..~yC....3o ...,|
00000030 6b 3f 5e 39 99 f9 1d 77 de 85 52 fb 38 f7 14 c1 |k?^9...w..R.8...|
00000040 37 ab ff 68 4e 8b a1 6c f5 92 64 70 c0 2f 00 00 |7..hN..l..dp./..|
00000050 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 |................|
00000060 00 00 16 03 03 02 59 0b 00 02 55 00 02 52 00 02 |......Y...U..R..|
00000070 4f 30 82 02 4b 30 82 01 b4 a0 03 02 01 02 02 09 |O0..K0..........|
00000080 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 09 2a 86 48 |....?.[..0...*.H|
00000090 86 f7 0d 01 01 0b 05 00 30 1f 31 0b 30 09 06 03 |........0.1.0...|
000000a0 55 04 0a 13 02 47 6f 31 10 30 0e 06 03 55 04 03 |U....Go1.0...U..|
000000b0 13 07 47 6f 20 52 6f 6f 74 30 1e 17 0d 31 36 30 |..Go Root0...160|
000000c0 31 30 31 30 30 30 30 30 30 5a 17 0d 32 35 30 31 |101000000Z..2501|
000000d0 30 31 30 30 30 30 30 30 5a 30 1a 31 0b 30 09 06 |01000000Z0.1.0..|
000000e0 03 55 04 0a 13 02 47 6f 31 0b 30 09 06 03 55 04 |.U....Go1.0...U.|
000000f0 03 13 02 47 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |...Go0..0...*.H.|
00000100 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....|
00000110 81 00 db 46 7d 93 2e 12 27 06 48 bc 06 28 21 ab |...F}...'.H..(!.|
00000120 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 47 a5 08 0d |~...]..RE.z6G...|
00000130 92 42 5b c2 81 c0 be 97 79 98 40 fb 4f 6d 14 fd |.B[.....y.@.Om..|
00000140 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a |+.....g....."8.J|
00000150 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 |.ts+.4......t{.X|
00000160 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c |.la<..A..++$#w[.|
00000170 3b bd 75 5d ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 |;.u]. T..c...$..|
00000180 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 62 f4 14 c8 |..P....C...ub...|
00000190 52 d7 02 03 01 00 01 a3 81 93 30 81 90 30 0e 06 |R.........0..0..|
000001a0 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 |.U...........0..|
000001b0 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 |.U.%..0...+.....|
000001c0 03 01 06 08 2b 06 01 05 05 07 03 02 30 0c 06 03 |....+.......0...|
000001d0 55 1d 13 01 01 ff 04 02 30 00 30 19 06 03 55 1d |U.......0.0...U.|
000001e0 0e 04 12 04 10 9f 91 16 1f 43 43 3e 49 a6 de 6d |.........CC>I..m|
000001f0 b6 80 d7 9f 60 30 1b 06 03 55 1d 23 04 14 30 12 |....`0...U.#..0.|
00000200 80 10 48 13 49 4d 13 7e 16 31 bb a3 01 d5 ac ab |..H.IM.~.1......|
00000210 6e 7b 30 19 06 03 55 1d 11 04 12 30 10 82 0e 65 |n{0...U....0...e|
00000220 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 |xample.golang0..|
00000230 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 |.*.H............|
00000240 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed |.0.@+[P.a...SX..|
00000250 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 |.(.X..8....1Z..f|
00000260 3d 43 d3 2d d9 0b f2 97 df d3 20 64 38 92 24 3a |=C.-...... d8.$:|
00000270 00 bc cf 9c 7d b7 40 20 01 5f aa d3 16 61 09 a2 |....}.@ ._...a..|
00000280 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed |v......\.....l..|
00000290 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 |s..Cw.......@.a.|
000002a0 4c 72 2b 9d ae db 46 06 06 4d f4 c1 b3 3e c0 d1 |Lr+...F..M...>..|
000002b0 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 |.B...=.`.\!.;...|
000002c0 16 03 03 00 ac 0c 00 00 a8 03 00 1d 20 5c de 55 |............ \.U|
000002d0 3e c1 ad 72 ba ed 0e 25 6c a4 04 6a fd bf 76 2e |>..r...%l..j..v.|
000002e0 f3 e5 be 47 24 1d 26 2a 3b 18 f6 35 76 08 04 00 |...G$.&*;..5v...|
000002f0 80 a6 76 6c 19 da 6e 4a 1f c3 a4 cc 3a ac e0 7f |..vl..nJ....:...|
00000300 4f 36 57 96 15 17 85 3e 3b 59 17 cc 16 46 4a 28 |O6W....>;Y...FJ(|
00000310 3a ab f6 50 e6 2e 40 a1 44 25 22 4b 3c 7b ad ba |:..P..@.D%"K<{..|
00000320 30 c9 d3 a5 c4 b0 db c3 59 a1 66 cb 11 fa fc be |0.......Y.f.....|
00000330 89 2d 50 d2 a5 c0 c5 f2 64 40 50 11 ee 58 94 00 |.-P.....d@P..X..|
00000340 70 2f 7f b6 a8 fa f5 d5 66 94 ab fe 32 53 32 95 |p/......f...2S2.|
00000350 87 8d 6d 20 75 18 74 7f cd e6 99 48 2d 9c c5 9f |..m u.t....H-...|
00000360 49 93 28 b7 15 7d 07 82 40 10 be c7 2c bc e1 0f |I.(..}..@...,...|
00000370 c1 16 03 03 00 04 0e 00 00 00 |..........|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 ec 05 89 |....(...........|
00000040 3a db 03 66 f9 69 17 30 51 d6 11 78 5e ed 02 e2 |:..f.i.0Q..x^...|
00000050 6d ef e2 9a 4d 90 90 ec 9f 01 ec cd e6 |m...M........|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 28 e9 80 13 12 cd |..........(.....|
00000010 84 99 bb c1 f2 5b d3 df 68 b4 34 ec 4c d9 37 91 |.....[..h.4.L.7.|
00000020 26 d5 4e 12 54 49 03 65 75 05 82 c9 18 23 7b 14 |&.N.TI.eu....#{.|
00000030 48 97 ab |H..|
>>> Flow 5 (client to server)
00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 7a 74 6f |.............zto|
00000010 72 f9 38 25 e5 6b fb 9a 27 ef a9 04 7b 03 b9 e0 |r.8%.k..'...{...|
00000020 77 8b 36 15 03 03 00 1a 00 00 00 00 00 00 00 02 |w.6.............|
00000030 2f f0 98 5c 7a f9 0a f8 56 16 44 1f d4 b1 9e e0 |/..\z...V.D.....|
00000040 08 02 |..|

25
u_conn.go
View file

@ -30,6 +30,8 @@ type UConn struct {
GetSessionID func(ticket []byte) [32]byte
greaseSeed [ssl_grease_last_index]uint16
omitSNIExtension bool
}
// UClient returns a new uTLS client, with behavior depending on clientHelloID.
@ -78,6 +80,9 @@ func (uconn *UConn) BuildHandshakeState() error {
if err != nil {
return err
}
if uconn.omitSNIExtension {
uconn.removeSNIExtension()
}
}
err := uconn.ApplyConfig()
@ -162,6 +167,26 @@ func (uconn *UConn) SetSNI(sni string) {
}
}
// RemoveSNIExtension removes SNI from the list of extensions sent in ClientHello
// It returns an error when used with HelloGolang ClientHelloID
func (uconn *UConn) RemoveSNIExtension() error {
if uconn.ClientHelloID == HelloGolang {
return fmt.Errorf("Cannot call RemoveSNIExtension on a UConn with a HelloGolang ClientHelloID")
}
uconn.omitSNIExtension = true
return nil
}
func (uconn *UConn) removeSNIExtension() {
filteredExts := make([]TLSExtension, 0, len(uconn.Extensions))
for _, e := range uconn.Extensions {
if _, ok := e.(*SNIExtension); !ok {
filteredExts = append(filteredExts, e)
}
}
uconn.Extensions = filteredExts
}
// Handshake runs the client handshake using given clientHandshakeState
// Requires hs.hello, and, optionally, hs.session to be set.
func (c *UConn) Handshake() error {

33
u_conn_test.go
View file

@ -159,6 +159,21 @@ func TestUTLSHelloRetryRequest(t *testing.T) {
runUTLSClientTestTLS13(t, test, helloID)
}
func TestUTLSRemoveSNIExtension(t *testing.T) {
helloID := HelloChrome_70
config := getUTLSTestConfig()
opensslCipherName := "ECDHE-RSA-AES128-GCM-SHA256"
test := &clientTest{
name: "UTLS-" + opensslCipherName + "-" + helloID.Str() + "-OmitSNI",
args: []string{"-cipher", opensslCipherName},
config: config,
}
runUTLSClientTestForVersion(t, test, "TLSv12-", "-tls1_2", helloID, true)
}
/*
*
HELPER FUNCTIONS BELOW
@ -364,7 +379,7 @@ func testUTLSHandshakeClientECDHE_ECDSA_WITH_CHACHA20_POLY1305(t *testing.T, hel
runUTLSClientTestTLS12(t, test, helloID)
}
func runUTLSClientTestForVersion(t *testing.T, template *clientTest, prefix, option string, helloID ClientHelloID) {
func runUTLSClientTestForVersion(t *testing.T, template *clientTest, prefix, option string, helloID ClientHelloID, omitSNI bool) {
test := *template
test.name = prefix + test.name
if len(test.args) == 0 {
@ -372,18 +387,18 @@ func runUTLSClientTestForVersion(t *testing.T, template *clientTest, prefix, opt
}
test.args = append([]string(nil), test.args...)
test.args = append(test.args, option)
test.runUTLS(t, *update, helloID)
test.runUTLS(t, *update, helloID, false)
}
func runUTLSClientTestTLS12(t *testing.T, template *clientTest, helloID ClientHelloID) {
runUTLSClientTestForVersion(t, template, "TLSv12-", "-tls1_2", helloID)
runUTLSClientTestForVersion(t, template, "TLSv12-", "-tls1_2", helloID, false)
}
func runUTLSClientTestTLS13(t *testing.T, template *clientTest, helloID ClientHelloID) {
runUTLSClientTestForVersion(t, template, "TLSv13-", "-tls1_3", helloID)
runUTLSClientTestForVersion(t, template, "TLSv13-", "-tls1_3", helloID, false)
}
func (test *clientTest) runUTLS(t *testing.T, write bool, helloID ClientHelloID) {
func (test *clientTest) runUTLS(t *testing.T, write bool, helloID ClientHelloID, omitSNIExtension bool) {
checkOpenSSLVersion(t)
var clientConn, serverConn net.Conn
@ -409,6 +424,14 @@ func (test *clientTest) runUTLS(t *testing.T, write bool, helloID ClientHelloID)
return
}
client := UClient(clientConn, config, helloID)
if omitSNIExtension {
if err := client.RemoveSNIExtension(); err != nil {
t.Error("Failed to remove SNI extension")
return
}
}
if strings.HasPrefix(test.name, "TLSv12-UTLS-setclienthello-") {
err := client.BuildHandshakeState()
if err != nil {