From dc2ae3bffec9e497cbecf6df7f413f740a0ad7b2 Mon Sep 17 00:00:00 2001
From: maxb <max-b@users.noreply.github.com>
Date: Tue, 28 Jul 2020 18:25:16 -0700
Subject: [PATCH] Implement uconn.RemoveSNIExtension() (#51)

Authored by: https://github.com/max-b
Co-authored-by: Myles Horton <myles@getlantern.org>
Co-authored-by: Willie Forkner <1120829+forkner@users.noreply.github.com>
---
 ...HE-RSA-AES128-GCM-SHA256-Chrome-70-OmitSNI | 109 ++++++++++++++++++
 u_conn.go                                     |  25 ++++
 u_conn_test.go                                |  33 +++++-
 3 files changed, 162 insertions(+), 5 deletions(-)
 create mode 100644 testdata/Client-TLSv12-UTLS-ECDHE-RSA-AES128-GCM-SHA256-Chrome-70-OmitSNI

diff --git a/testdata/Client-TLSv12-UTLS-ECDHE-RSA-AES128-GCM-SHA256-Chrome-70-OmitSNI b/testdata/Client-TLSv12-UTLS-ECDHE-RSA-AES128-GCM-SHA256-Chrome-70-OmitSNI
new file mode 100644
index 0000000..6b299ce
--- /dev/null
+++ b/testdata/Client-TLSv12-UTLS-ECDHE-RSA-AES128-GCM-SHA256-Chrome-70-OmitSNI
@@ -0,0 +1,109 @@
+>>> Flow 1 (client to server)
+00000000  16 03 01 02 00 01 00 01  fc 03 03 00 00 00 00 00  |................|
+00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
+00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 22 0a 0a  |............."..|
+00000050  13 01 13 02 13 03 c0 2b  c0 2f c0 2c c0 30 cc a9  |.......+./.,.0..|
+00000060  cc a8 c0 13 c0 14 00 9c  00 9d 00 2f 00 35 00 0a  |.........../.5..|
+00000070  01 00 01 91 0a 0a 00 00  ff 01 00 01 00 00 00 00  |................|
+00000080  05 00 03 00 00 00 00 17  00 00 00 23 00 00 00 0d  |...........#....|
+00000090  00 14 00 12 04 03 08 04  04 01 05 03 08 05 05 01  |................|
+000000a0  08 06 06 01 02 01 00 05  00 05 01 00 00 00 00 00  |................|
+000000b0  12 00 00 00 10 00 0e 00  0c 02 68 32 08 68 74 74  |..........h2.htt|
+000000c0  70 2f 31 2e 31 75 50 00  00 00 0b 00 02 01 00 00  |p/1.1uP.........|
+000000d0  33 00 2b 00 29 0a 0a 00  01 00 00 1d 00 20 2f e5  |3.+.)........ /.|
+000000e0  7d a3 47 cd 62 43 15 28  da ac 5f bb 29 07 30 ff  |}.G.bC.(.._.).0.|
+000000f0  f6 84 af c4 cf c2 ed 90  99 5f 58 cb 3b 74 00 2d  |........._X.;t.-|
+00000100  00 02 01 01 00 2b 00 0b  0a 0a 0a 03 04 03 03 03  |.....+..........|
+00000110  02 03 01 00 0a 00 0a 00  08 0a 0a 00 1d 00 17 00  |................|
+00000120  18 00 1b 00 03 02 00 02  1a 1a 00 01 00 00 15 00  |................|
+00000130  d4 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000190  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+000001b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+000001c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+000001e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000200  00 00 00 00 00                                    |.....|
+>>> Flow 2 (server to client)
+00000000  16 03 03 00 5d 02 00 00  59 03 03 06 bb 2c 4d 12  |....]...Y....,M.|
+00000010  6e 2a 6e eb cc 49 a9 d6  d5 65 ef f2 16 80 9b 48  |n*n..I...e.....H|
+00000020  84 a4 7e 79 43 97 91 90  b6 33 6f 20 03 ef ac 2c  |..~yC....3o ...,|
+00000030  6b 3f 5e 39 99 f9 1d 77  de 85 52 fb 38 f7 14 c1  |k?^9...w..R.8...|
+00000040  37 ab ff 68 4e 8b a1 6c  f5 92 64 70 c0 2f 00 00  |7..hN..l..dp./..|
+00000050  11 ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 17  |................|
+00000060  00 00 16 03 03 02 59 0b  00 02 55 00 02 52 00 02  |......Y...U..R..|
+00000070  4f 30 82 02 4b 30 82 01  b4 a0 03 02 01 02 02 09  |O0..K0..........|
+00000080  00 e8 f0 9d 3f e2 5b ea  a6 30 0d 06 09 2a 86 48  |....?.[..0...*.H|
+00000090  86 f7 0d 01 01 0b 05 00  30 1f 31 0b 30 09 06 03  |........0.1.0...|
+000000a0  55 04 0a 13 02 47 6f 31  10 30 0e 06 03 55 04 03  |U....Go1.0...U..|
+000000b0  13 07 47 6f 20 52 6f 6f  74 30 1e 17 0d 31 36 30  |..Go Root0...160|
+000000c0  31 30 31 30 30 30 30 30  30 5a 17 0d 32 35 30 31  |101000000Z..2501|
+000000d0  30 31 30 30 30 30 30 30  5a 30 1a 31 0b 30 09 06  |01000000Z0.1.0..|
+000000e0  03 55 04 0a 13 02 47 6f  31 0b 30 09 06 03 55 04  |.U....Go1.0...U.|
+000000f0  03 13 02 47 6f 30 81 9f  30 0d 06 09 2a 86 48 86  |...Go0..0...*.H.|
+00000100  f7 0d 01 01 01 05 00 03  81 8d 00 30 81 89 02 81  |...........0....|
+00000110  81 00 db 46 7d 93 2e 12  27 06 48 bc 06 28 21 ab  |...F}...'.H..(!.|
+00000120  7e c4 b6 a2 5d fe 1e 52  45 88 7a 36 47 a5 08 0d  |~...]..RE.z6G...|
+00000130  92 42 5b c2 81 c0 be 97  79 98 40 fb 4f 6d 14 fd  |.B[.....y.@.Om..|
+00000140  2b 13 8b c2 a5 2e 67 d8  d4 09 9e d6 22 38 b7 4a  |+.....g....."8.J|
+00000150  0b 74 73 2b c2 34 f1 d1  93 e5 96 d9 74 7b f3 58  |.ts+.4......t{.X|
+00000160  9f 6c 61 3c c0 b0 41 d4  d9 2b 2b 24 23 77 5b 1c  |.la<..A..++$#w[.|
+00000170  3b bd 75 5d ce 20 54 cf  a1 63 87 1d 1e 24 c4 f3  |;.u]. T..c...$..|
+00000180  1d 1a 50 8b aa b6 14 43  ed 97 a7 75 62 f4 14 c8  |..P....C...ub...|
+00000190  52 d7 02 03 01 00 01 a3  81 93 30 81 90 30 0e 06  |R.........0..0..|
+000001a0  03 55 1d 0f 01 01 ff 04  04 03 02 05 a0 30 1d 06  |.U...........0..|
+000001b0  03 55 1d 25 04 16 30 14  06 08 2b 06 01 05 05 07  |.U.%..0...+.....|
+000001c0  03 01 06 08 2b 06 01 05  05 07 03 02 30 0c 06 03  |....+.......0...|
+000001d0  55 1d 13 01 01 ff 04 02  30 00 30 19 06 03 55 1d  |U.......0.0...U.|
+000001e0  0e 04 12 04 10 9f 91 16  1f 43 43 3e 49 a6 de 6d  |.........CC>I..m|
+000001f0  b6 80 d7 9f 60 30 1b 06  03 55 1d 23 04 14 30 12  |....`0...U.#..0.|
+00000200  80 10 48 13 49 4d 13 7e  16 31 bb a3 01 d5 ac ab  |..H.IM.~.1......|
+00000210  6e 7b 30 19 06 03 55 1d  11 04 12 30 10 82 0e 65  |n{0...U....0...e|
+00000220  78 61 6d 70 6c 65 2e 67  6f 6c 61 6e 67 30 0d 06  |xample.golang0..|
+00000230  09 2a 86 48 86 f7 0d 01  01 0b 05 00 03 81 81 00  |.*.H............|
+00000240  9d 30 cc 40 2b 5b 50 a0  61 cb ba e5 53 58 e1 ed  |.0.@+[P.a...SX..|
+00000250  83 28 a9 58 1a a9 38 a4  95 a1 ac 31 5a 1a 84 66  |.(.X..8....1Z..f|
+00000260  3d 43 d3 2d d9 0b f2 97  df d3 20 64 38 92 24 3a  |=C.-...... d8.$:|
+00000270  00 bc cf 9c 7d b7 40 20  01 5f aa d3 16 61 09 a2  |....}.@ ._...a..|
+00000280  76 fd 13 c3 cc e1 0c 5c  ee b1 87 82 f1 6c 04 ed  |v......\.....l..|
+00000290  73 bb b3 43 77 8d 0c 1c  f1 0f a1 d8 40 83 61 c9  |s..Cw.......@.a.|
+000002a0  4c 72 2b 9d ae db 46 06  06 4d f4 c1 b3 3e c0 d1  |Lr+...F..M...>..|
+000002b0  bd 42 d4 db fe 3d 13 60  84 5c 21 d3 3b e9 fa e7  |.B...=.`.\!.;...|
+000002c0  16 03 03 00 ac 0c 00 00  a8 03 00 1d 20 5c de 55  |............ \.U|
+000002d0  3e c1 ad 72 ba ed 0e 25  6c a4 04 6a fd bf 76 2e  |>..r...%l..j..v.|
+000002e0  f3 e5 be 47 24 1d 26 2a  3b 18 f6 35 76 08 04 00  |...G$.&*;..5v...|
+000002f0  80 a6 76 6c 19 da 6e 4a  1f c3 a4 cc 3a ac e0 7f  |..vl..nJ....:...|
+00000300  4f 36 57 96 15 17 85 3e  3b 59 17 cc 16 46 4a 28  |O6W....>;Y...FJ(|
+00000310  3a ab f6 50 e6 2e 40 a1  44 25 22 4b 3c 7b ad ba  |:..P..@.D%"K<{..|
+00000320  30 c9 d3 a5 c4 b0 db c3  59 a1 66 cb 11 fa fc be  |0.......Y.f.....|
+00000330  89 2d 50 d2 a5 c0 c5 f2  64 40 50 11 ee 58 94 00  |.-P.....d@P..X..|
+00000340  70 2f 7f b6 a8 fa f5 d5  66 94 ab fe 32 53 32 95  |p/......f...2S2.|
+00000350  87 8d 6d 20 75 18 74 7f  cd e6 99 48 2d 9c c5 9f  |..m u.t....H-...|
+00000360  49 93 28 b7 15 7d 07 82  40 10 be c7 2c bc e1 0f  |I.(..}..@...,...|
+00000370  c1 16 03 03 00 04 0e 00  00 00                    |..........|
+>>> Flow 3 (client to server)
+00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
+00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
+00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
+00000030  16 03 03 00 28 00 00 00  00 00 00 00 00 ec 05 89  |....(...........|
+00000040  3a db 03 66 f9 69 17 30  51 d6 11 78 5e ed 02 e2  |:..f.i.0Q..x^...|
+00000050  6d ef e2 9a 4d 90 90 ec  9f 01 ec cd e6           |m...M........|
+>>> Flow 4 (server to client)
+00000000  14 03 03 00 01 01 16 03  03 00 28 e9 80 13 12 cd  |..........(.....|
+00000010  84 99 bb c1 f2 5b d3 df  68 b4 34 ec 4c d9 37 91  |.....[..h.4.L.7.|
+00000020  26 d5 4e 12 54 49 03 65  75 05 82 c9 18 23 7b 14  |&.N.TI.eu....#{.|
+00000030  48 97 ab                                          |H..|
+>>> Flow 5 (client to server)
+00000000  17 03 03 00 1e 00 00 00  00 00 00 00 01 7a 74 6f  |.............zto|
+00000010  72 f9 38 25 e5 6b fb 9a  27 ef a9 04 7b 03 b9 e0  |r.8%.k..'...{...|
+00000020  77 8b 36 15 03 03 00 1a  00 00 00 00 00 00 00 02  |w.6.............|
+00000030  2f f0 98 5c 7a f9 0a f8  56 16 44 1f d4 b1 9e e0  |/..\z...V.D.....|
+00000040  08 02                                             |..|
diff --git a/u_conn.go b/u_conn.go
index 2706373..c3dfffe 100644
--- a/u_conn.go
+++ b/u_conn.go
@@ -30,6 +30,8 @@ type UConn struct {
 	GetSessionID func(ticket []byte) [32]byte
 
 	greaseSeed [ssl_grease_last_index]uint16
+
+	omitSNIExtension bool
 }
 
 // UClient returns a new uTLS client, with behavior depending on clientHelloID.
@@ -78,6 +80,9 @@ func (uconn *UConn) BuildHandshakeState() error {
 			if err != nil {
 				return err
 			}
+			if uconn.omitSNIExtension {
+				uconn.removeSNIExtension()
+			}
 		}
 
 		err := uconn.ApplyConfig()
@@ -162,6 +167,26 @@ func (uconn *UConn) SetSNI(sni string) {
 	}
 }
 
+// RemoveSNIExtension removes SNI from the list of extensions sent in ClientHello
+// It returns an error when used with HelloGolang ClientHelloID
+func (uconn *UConn) RemoveSNIExtension() error {
+	if uconn.ClientHelloID == HelloGolang {
+		return fmt.Errorf("Cannot call RemoveSNIExtension on a UConn with a HelloGolang ClientHelloID")
+	}
+	uconn.omitSNIExtension = true
+	return nil
+}
+
+func (uconn *UConn) removeSNIExtension() {
+	filteredExts := make([]TLSExtension, 0, len(uconn.Extensions))
+	for _, e := range uconn.Extensions {
+		if _, ok := e.(*SNIExtension); !ok {
+			filteredExts = append(filteredExts, e)
+		}
+	}
+	uconn.Extensions = filteredExts
+}
+
 // Handshake runs the client handshake using given clientHandshakeState
 // Requires hs.hello, and, optionally, hs.session to be set.
 func (c *UConn) Handshake() error {
diff --git a/u_conn_test.go b/u_conn_test.go
index cba57af..e30c385 100644
--- a/u_conn_test.go
+++ b/u_conn_test.go
@@ -159,6 +159,21 @@ func TestUTLSHelloRetryRequest(t *testing.T) {
 	runUTLSClientTestTLS13(t, test, helloID)
 }
 
+func TestUTLSRemoveSNIExtension(t *testing.T) {
+	helloID := HelloChrome_70
+
+	config := getUTLSTestConfig()
+
+	opensslCipherName := "ECDHE-RSA-AES128-GCM-SHA256"
+	test := &clientTest{
+		name:   "UTLS-" + opensslCipherName + "-" + helloID.Str() + "-OmitSNI",
+		args:   []string{"-cipher", opensslCipherName},
+		config: config,
+	}
+
+	runUTLSClientTestForVersion(t, test, "TLSv12-", "-tls1_2", helloID, true)
+}
+
 /*
 *
  HELPER FUNCTIONS BELOW
@@ -364,7 +379,7 @@ func testUTLSHandshakeClientECDHE_ECDSA_WITH_CHACHA20_POLY1305(t *testing.T, hel
 	runUTLSClientTestTLS12(t, test, helloID)
 }
 
-func runUTLSClientTestForVersion(t *testing.T, template *clientTest, prefix, option string, helloID ClientHelloID) {
+func runUTLSClientTestForVersion(t *testing.T, template *clientTest, prefix, option string, helloID ClientHelloID, omitSNI bool) {
 	test := *template
 	test.name = prefix + test.name
 	if len(test.args) == 0 {
@@ -372,18 +387,18 @@ func runUTLSClientTestForVersion(t *testing.T, template *clientTest, prefix, opt
 	}
 	test.args = append([]string(nil), test.args...)
 	test.args = append(test.args, option)
-	test.runUTLS(t, *update, helloID)
+	test.runUTLS(t, *update, helloID, false)
 }
 
 func runUTLSClientTestTLS12(t *testing.T, template *clientTest, helloID ClientHelloID) {
-	runUTLSClientTestForVersion(t, template, "TLSv12-", "-tls1_2", helloID)
+	runUTLSClientTestForVersion(t, template, "TLSv12-", "-tls1_2", helloID, false)
 }
 
 func runUTLSClientTestTLS13(t *testing.T, template *clientTest, helloID ClientHelloID) {
-	runUTLSClientTestForVersion(t, template, "TLSv13-", "-tls1_3", helloID)
+	runUTLSClientTestForVersion(t, template, "TLSv13-", "-tls1_3", helloID, false)
 }
 
-func (test *clientTest) runUTLS(t *testing.T, write bool, helloID ClientHelloID) {
+func (test *clientTest) runUTLS(t *testing.T, write bool, helloID ClientHelloID, omitSNIExtension bool) {
 	checkOpenSSLVersion(t)
 
 	var clientConn, serverConn net.Conn
@@ -409,6 +424,14 @@ func (test *clientTest) runUTLS(t *testing.T, write bool, helloID ClientHelloID)
 		return
 	}
 	client := UClient(clientConn, config, helloID)
+
+	if omitSNIExtension {
+		if err := client.RemoveSNIExtension(); err != nil {
+			t.Error("Failed to remove SNI extension")
+			return
+		}
+	}
+
 	if strings.HasPrefix(test.name, "TLSv12-UTLS-setclienthello-") {
 		err := client.BuildHandshakeState()
 		if err != nil {