* wip: staging work
* wip: staging work
* feat: ClientHello JSON Unmarshaler
Allowing unmarshalling a JSON object into a ClientHelloSpec.
* feat: ClientHello JSON Unmarshaler rev
- Revised JSON ClientHello format
- Implemented `TLSExtensionJSON` interface for some more extensions
* feat: byte to clienthellospecs conversion
* feat: specific case for GREASE and ALPS
Will automatically add "h2" to ALPS and write to log when GREASE extension is imported in `ImportTLSClientHello()`
* fix: ReadCompressionMethods
ReadCompressionMethods didn't advance the s and fails reading extensions
* fix: remove debug log
* fix: use cryptobyte for internal helper
`helper.Uint8to16()` now calls `(*cryptobyte.String).ReadUint16()`
* fix: preshared key fingerprinter test
updated fingerprinter test to test with PreSharedKey extension
* fix: naming of FakePreSharedKeyExt
It is a Fake extension since `crypto/tls` doesn't really implement PSK-based resumption and neither do we.
* feat: Properly check GREASE
Adopted from #148.
Co-Authored-By: gfw-report <gfw.report@protonmail.com>
* feat: add fakeExtensionEncryptThenMAC
And reordered `fakeExtensionDelegatedCredentials`.
The new `Fingerprinter` is expected to account for the `fakeExtensionEncryptThenMAC` using a `GenericExtension` when `allowBluntMimicry` is set.
Co-Authored-By: gfw-report <gfw.report@protonmail.com>
* fix: remove keepPSK and minor
- Removed all presence of keepPSK flag.
- Added check before using the field of a map.
---------
Co-authored-by: gfw-report <gfw.report@protonmail.com>
* refactor: split `CompressCertExtension` changes
- Split most of changes for `CompressCertExtension` made to `crypto/tls` files out and moved them to `u_` files.
- Edited some `crypto/tls` files to achieve better programmability for uTLS.
- Minor styling fix.
* feat: implement ALPS Extension draft
- Made necessary modifications to existing types to support ALPS.
- Ported `ApplicationSettingsExtension` implementation from `ulixee/utls` by @blakebyrnes with some adaptation.
Co-Authored-By: Blake Byrnes <115056+blakebyrnes@users.noreply.github.com>
* feat: utlsFakeCustomExtension in ALPS
- Introducing `utlsFakeCustomExtension` to enable implementation for custom extensions to be exchanged via ALPS.
- currently it doesn't do anything.
Co-Authored-By: Blake Byrnes <115056+blakebyrnes@users.noreply.github.com>
* fix: magic number in `StatusRequestV2Extension`
- Fixed magic number `17` in `StatusRequestV2Extension` with pre-defined enum `extensionStatusRequestV2`.
Co-authored-by: Blake Byrnes <115056+blakebyrnes@users.noreply.github.com>
* Add new ClientHellos
Also add faked support for token binding, ALPS, and delegated credentials
* Remove FakeALPSExtension in favor of existing ApplicationSettingsExtension
* Implement certificate compression
Certificate compression is defined in RFC 8879:
https://datatracker.ietf.org/doc/html/rfc8879
This implementation is client-side only, for server certificates.
* Fix missing LOC
* Add more fingerprints
* Implement ALPS extension
* Merge commit fcaacdbbe7
- At this commit, github.com/Noooste/utls remained at the original upstream LICENSE
* added HelloChrome102 and HelloFirefox102
* Randomly include ALPS in HelloRandomized
Co-authored-by: Harry Harpham <harry@getlantern.org>
Co-authored-by: Sleeyax <yourd3veloper@gmail.com>
Co-authored-by: Rod Hynes <rod-hynes@users.noreply.github.com>
SNIExtension was previously marshalling both ip addresses and empty
strings, which are not allowed. See RFC 6066, Section 3.
All of the utls specific testdata replays needed to be rebuilt to
properly accomodate this change since they had previously been including
empty server name extension values
Addresses https://github.com/refraction-networking/utls/issues/96
Renegotiation:
- Disallow specifying the body of Renegotiation extensions to
avoid assumption that it will be verified.
- Marshal the extension, if it is present in the uconn.Extensions list,
even if Renegotiation is set to Never.
Exports all unexported uTLS extension fields.
Fixes#33
Update fingerprints + add default spec version
* Adds fingerprints for Chrome 75, iOS 12.1, and Firefox 65(=Firefox 63)
* If min/max tls versions are not explicitly specified in the ClientHelloSpec,
uTLS will try to parse versions from SupportedVersions extension,
and fallback to [TLS 1.0, TLS 1.2] if SupportedVersions is absent.
* Adds mimicked FakeRecordSizeLimitExtension and FakeCertCompressionAlgsExtension
to be used instead of GenericExtension{} for clarity and extensibility
(we are ready to use those with Firefox and Chrome fps with correct values
whenever actual functionality is implemented)
* SetTLSVers: parse the right extensions + cosmetics
Adds support for following TLS 1.3 extensions:
- PSKKeyExchangeModes
- SupportedVersions
- KeyShare
and uses them to implement newest Chrome and Firefox parrots.
Tests for default Golang uTLS were regenerated because
they previously used TLS-1.2 as max version.
I tested all fingerprints and confirmed that Chrome and Firefox are
working as intended.
Android fingerprints were grossly unpopular, which could a result of
incorrect merge, but either way we'll remove them for now.
The root cause of races is that global variables supportedSignatureAlgorithms and
cipherSuites are used both to form handshake and to check whether or not
peer responded with supported algorithm.
In this patch I create separate variables for this purpose.
Updated tests for kicks.
Finally, go fmt.
