mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
new ClientHellos and Extensions (#116)
* Implement certificate compression
Certificate compression is defined in RFC 8879:
https://datatracker.ietf.org/doc/html/rfc8879
This implementation is client-side only, for server certificates.
* Fix missing LOC
* Add more fingerprints
* Implement ALPS extension
* Merge commit fcaacdbbe7
- At this commit, github.com/Noooste/utls remained at the original upstream LICENSE
* added HelloChrome102 and HelloFirefox102
* Randomly include ALPS in HelloRandomized
Co-authored-by: Harry Harpham <harry@getlantern.org>
Co-authored-by: Sleeyax <yourd3veloper@gmail.com>
Co-authored-by: Rod Hynes <rod-hynes@users.noreply.github.com>
This commit is contained in:
rp-psiphon
GitHub
parent
4d3785b233
commit
f781b699a2
5 changed files with 884 additions and 14 deletions
|
|
@ -79,7 +79,7 @@ func (e *SNIExtension) Read(b []byte) (int, error) {
|
|||
b[0] = byte(extensionServerName >> 8)
|
||||
b[1] = byte(extensionServerName)
|
||||
b[2] = byte((len(hostName) + 5) >> 8)
|
||||
b[3] = byte((len(hostName) + 5))
|
||||
b[3] = byte(len(hostName) + 5)
|
||||
b[4] = byte((len(hostName) + 3) >> 8)
|
||||
b[5] = byte(len(hostName) + 3)
|
||||
// b[6] Server Name Type: host_name (0)
|
||||
|
|
@ -115,6 +115,36 @@ func (e *StatusRequestExtension) Read(b []byte) (int, error) {
|
|||
return e.Len(), io.EOF
|
||||
}
|
||||
|
||||
type StatusRequestV2Extension struct {
|
||||
}
|
||||
|
||||
func (e *StatusRequestV2Extension) writeToUConn(uc *UConn) error {
|
||||
uc.HandshakeState.Hello.OcspStapling = true
|
||||
return nil
|
||||
}
|
||||
|
||||
func (e *StatusRequestV2Extension) Len() int {
|
||||
return 13
|
||||
}
|
||||
|
||||
func (e *StatusRequestV2Extension) Read(b []byte) (int, error) {
|
||||
if len(b) < e.Len() {
|
||||
return 0, io.ErrShortBuffer
|
||||
}
|
||||
// RFC 4366, section 3.6
|
||||
b[0] = byte(17 >> 8)
|
||||
b[1] = byte(17)
|
||||
b[2] = 0
|
||||
b[3] = 9
|
||||
b[4] = 0
|
||||
b[5] = 7
|
||||
b[6] = 2 // OCSP type
|
||||
b[7] = 0
|
||||
b[8] = 4
|
||||
// Two zero valued uint16s for the two lengths.
|
||||
return e.Len(), io.EOF
|
||||
}
|
||||
|
||||
type SupportedCurvesExtension struct {
|
||||
Curves []CurveID
|
||||
}
|
||||
|
|
@ -137,9 +167,9 @@ func (e *SupportedCurvesExtension) Read(b []byte) (int, error) {
|
|||
b[0] = byte(extensionSupportedCurves >> 8)
|
||||
b[1] = byte(extensionSupportedCurves)
|
||||
b[2] = byte((2 + 2*len(e.Curves)) >> 8)
|
||||
b[3] = byte((2 + 2*len(e.Curves)))
|
||||
b[3] = byte(2 + 2*len(e.Curves))
|
||||
b[4] = byte((2 * len(e.Curves)) >> 8)
|
||||
b[5] = byte((2 * len(e.Curves)))
|
||||
b[5] = byte(2 * len(e.Curves))
|
||||
for i, curve := range e.Curves {
|
||||
b[6+2*i] = byte(curve >> 8)
|
||||
b[7+2*i] = byte(curve)
|
||||
|
|
@ -168,8 +198,8 @@ func (e *SupportedPointsExtension) Read(b []byte) (int, error) {
|
|||
b[0] = byte(extensionSupportedPoints >> 8)
|
||||
b[1] = byte(extensionSupportedPoints)
|
||||
b[2] = byte((1 + len(e.SupportedPoints)) >> 8)
|
||||
b[3] = byte((1 + len(e.SupportedPoints)))
|
||||
b[4] = byte((len(e.SupportedPoints)))
|
||||
b[3] = byte(1 + len(e.SupportedPoints))
|
||||
b[4] = byte(len(e.SupportedPoints))
|
||||
for i, pointFormat := range e.SupportedPoints {
|
||||
b[5+i] = pointFormat
|
||||
}
|
||||
|
|
@ -197,9 +227,40 @@ func (e *SignatureAlgorithmsExtension) Read(b []byte) (int, error) {
|
|||
b[0] = byte(extensionSignatureAlgorithms >> 8)
|
||||
b[1] = byte(extensionSignatureAlgorithms)
|
||||
b[2] = byte((2 + 2*len(e.SupportedSignatureAlgorithms)) >> 8)
|
||||
b[3] = byte((2 + 2*len(e.SupportedSignatureAlgorithms)))
|
||||
b[3] = byte(2 + 2*len(e.SupportedSignatureAlgorithms))
|
||||
b[4] = byte((2 * len(e.SupportedSignatureAlgorithms)) >> 8)
|
||||
b[5] = byte((2 * len(e.SupportedSignatureAlgorithms)))
|
||||
b[5] = byte(2 * len(e.SupportedSignatureAlgorithms))
|
||||
for i, sigAndHash := range e.SupportedSignatureAlgorithms {
|
||||
b[6+2*i] = byte(sigAndHash >> 8)
|
||||
b[7+2*i] = byte(sigAndHash)
|
||||
}
|
||||
return e.Len(), io.EOF
|
||||
}
|
||||
|
||||
type SignatureAlgorithmsCertExtension struct {
|
||||
SupportedSignatureAlgorithms []SignatureScheme
|
||||
}
|
||||
|
||||
func (e *SignatureAlgorithmsCertExtension) writeToUConn(uc *UConn) error {
|
||||
uc.HandshakeState.Hello.SupportedSignatureAlgorithms = e.SupportedSignatureAlgorithms
|
||||
return nil
|
||||
}
|
||||
|
||||
func (e *SignatureAlgorithmsCertExtension) Len() int {
|
||||
return 6 + 2*len(e.SupportedSignatureAlgorithms)
|
||||
}
|
||||
|
||||
func (e *SignatureAlgorithmsCertExtension) Read(b []byte) (int, error) {
|
||||
if len(b) < e.Len() {
|
||||
return 0, io.ErrShortBuffer
|
||||
}
|
||||
// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
||||
b[0] = byte(extensionSignatureAlgorithmsCert >> 8)
|
||||
b[1] = byte(extensionSignatureAlgorithmsCert)
|
||||
b[2] = byte((2 + 2*len(e.SupportedSignatureAlgorithms)) >> 8)
|
||||
b[3] = byte(2 + 2*len(e.SupportedSignatureAlgorithms))
|
||||
b[4] = byte((2 * len(e.SupportedSignatureAlgorithms)) >> 8)
|
||||
b[5] = byte(2 * len(e.SupportedSignatureAlgorithms))
|
||||
for i, sigAndHash := range e.SupportedSignatureAlgorithms {
|
||||
b[6+2*i] = byte(sigAndHash >> 8)
|
||||
b[7+2*i] = byte(sigAndHash)
|
||||
|
|
@ -295,6 +356,52 @@ func (e *ALPNExtension) Read(b []byte) (int, error) {
|
|||
return e.Len(), io.EOF
|
||||
}
|
||||
|
||||
type ApplicationSettingsExtension struct {
|
||||
SupportedProtocols []string
|
||||
}
|
||||
|
||||
func (e *ApplicationSettingsExtension) writeToUConn(uc *UConn) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (e *ApplicationSettingsExtension) Len() int {
|
||||
bLen := 2 + 2 + 2 // Type + Length + ALPS Extension length
|
||||
for _, s := range e.SupportedProtocols {
|
||||
bLen += 1 + len(s) // Supported ALPN Length + actual length of protocol
|
||||
}
|
||||
return bLen
|
||||
}
|
||||
|
||||
func (e *ApplicationSettingsExtension) Read(b []byte) (int, error) {
|
||||
if len(b) < e.Len() {
|
||||
return 0, io.ErrShortBuffer
|
||||
}
|
||||
|
||||
// Read Type.
|
||||
b[0] = byte(extensionALPS >> 8) // hex: 44 dec: 68
|
||||
b[1] = byte(extensionALPS & 0xff) // hex: 69 dec: 105
|
||||
|
||||
lengths := b[2:] // get the remaining buffer without Type
|
||||
b = b[6:] // set the buffer to the buffer without Type, Length and ALPS Extension Length (so only the Supported ALPN list remains)
|
||||
|
||||
stringsLength := 0
|
||||
for _, s := range e.SupportedProtocols {
|
||||
l := len(s) // Supported ALPN Length
|
||||
b[0] = byte(l) // Supported ALPN Length in bytes hex: 02 dec: 2
|
||||
copy(b[1:], s) // copy the Supported ALPN as bytes to the buffer
|
||||
b = b[1+l:] // set the buffer to the buffer without the Supported ALPN Length and Supported ALPN (so we can continue to the next protocol in this loop)
|
||||
stringsLength += 1 + l // Supported ALPN Length (the field itself) + Supported ALPN Length (the value)
|
||||
}
|
||||
|
||||
lengths[2] = byte(stringsLength >> 8) // ALPS Extension Length hex: 00 dec: 0
|
||||
lengths[3] = byte(stringsLength) // ALPS Extension Length hex: 03 dec: 3
|
||||
stringsLength += 2 // plus ALPS Extension Length field length
|
||||
lengths[0] = byte(stringsLength >> 8) // Length hex:00 dec: 0
|
||||
lengths[1] = byte(stringsLength) // Length hex: 05 dec: 5
|
||||
|
||||
return e.Len(), io.EOF
|
||||
}
|
||||
|
||||
type SCTExtension struct {
|
||||
}
|
||||
|
||||
|
|
@ -598,9 +705,9 @@ func (e *KeyShareExtension) Read(b []byte) (int, error) {
|
|||
b[1] = byte(extensionKeyShare)
|
||||
keySharesLen := e.keySharesLen()
|
||||
b[2] = byte((keySharesLen + 2) >> 8)
|
||||
b[3] = byte((keySharesLen + 2))
|
||||
b[3] = byte(keySharesLen + 2)
|
||||
b[4] = byte((keySharesLen) >> 8)
|
||||
b[5] = byte((keySharesLen))
|
||||
b[5] = byte(keySharesLen)
|
||||
|
||||
i := 6
|
||||
for _, ks := range e.KeyShares {
|
||||
|
|
@ -642,7 +749,7 @@ func (e *PSKKeyExchangeModesExtension) Read(b []byte) (int, error) {
|
|||
|
||||
modesLen := len(e.Modes)
|
||||
b[2] = byte((modesLen + 1) >> 8)
|
||||
b[3] = byte((modesLen + 1))
|
||||
b[3] = byte(modesLen + 1)
|
||||
b[4] = byte(modesLen)
|
||||
|
||||
if len(e.Modes) > 0 {
|
||||
|
|
@ -682,7 +789,7 @@ func (e *SupportedVersionsExtension) Read(b []byte) (int, error) {
|
|||
b[0] = byte(extensionSupportedVersions >> 8)
|
||||
b[1] = byte(extensionSupportedVersions)
|
||||
b[2] = byte((extLen + 1) >> 8)
|
||||
b[3] = byte((extLen + 1))
|
||||
b[3] = byte(extLen + 1)
|
||||
b[4] = byte(extLen)
|
||||
|
||||
i := 5
|
||||
|
|
@ -775,3 +882,32 @@ func (e *FakeRecordSizeLimitExtension) Read(b []byte) (int, error) {
|
|||
b[5] = byte(e.Limit & 0xff)
|
||||
return e.Len(), io.EOF
|
||||
}
|
||||
|
||||
type DelegatedCredentialsExtension struct {
|
||||
AlgorithmsSignature []SignatureScheme
|
||||
}
|
||||
|
||||
func (e *DelegatedCredentialsExtension) writeToUConn(uc *UConn) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (e *DelegatedCredentialsExtension) Len() int {
|
||||
return 6 + 2*len(e.AlgorithmsSignature)
|
||||
}
|
||||
|
||||
func (e *DelegatedCredentialsExtension) Read(b []byte) (int, error) {
|
||||
if len(b) < e.Len() {
|
||||
return 0, io.ErrShortBuffer
|
||||
}
|
||||
b[0] = byte(extensionDelegatedCredentials >> 8)
|
||||
b[1] = byte(extensionDelegatedCredentials)
|
||||
b[2] = byte((2 + 2*len(e.AlgorithmsSignature)) >> 8)
|
||||
b[3] = byte(2 + 2*len(e.AlgorithmsSignature))
|
||||
b[4] = byte((2 * len(e.AlgorithmsSignature)) >> 8)
|
||||
b[5] = byte(2 * len(e.AlgorithmsSignature))
|
||||
for i, sigAndHash := range e.AlgorithmsSignature {
|
||||
b[6+2*i] = byte(sigAndHash >> 8)
|
||||
b[7+2*i] = byte(sigAndHash)
|
||||
}
|
||||
return e.Len(), io.EOF
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue