mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-06 13:37:36 +03:00
3d7eea3346
* Updates PSK implementations for more comprehensible interfaces when applying preset/json/raw fingerprints. * Revert FakePreSharedKeyExtension to the old implementation. Add binder size checking. * Implement TLS-PSK example New bug: setting `tls.Config.ClientSessionCache` will cause PSK to fail. Currently users must set only `tls.UtlsPreSharedKeyExtension.ClientSessionCacheOverride`.
115 lines
3 KiB
Go
115 lines
3 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"strings"
|
|
"time"
|
|
|
|
tls "github.com/refraction-networking/utls"
|
|
)
|
|
|
|
type ClientSessionCache struct {
|
|
sessionKeyMap map[string]*tls.ClientSessionState
|
|
}
|
|
|
|
func NewClientSessionCache() tls.ClientSessionCache {
|
|
return &ClientSessionCache{
|
|
sessionKeyMap: make(map[string]*tls.ClientSessionState),
|
|
}
|
|
}
|
|
|
|
func (csc *ClientSessionCache) Get(sessionKey string) (session *tls.ClientSessionState, ok bool) {
|
|
if session, ok = csc.sessionKeyMap[sessionKey]; ok {
|
|
fmt.Printf("Getting session for %s\n", sessionKey)
|
|
return session, true
|
|
}
|
|
fmt.Printf("Missing session for %s\n", sessionKey)
|
|
return nil, false
|
|
}
|
|
|
|
func (csc *ClientSessionCache) Put(sessionKey string, cs *tls.ClientSessionState) {
|
|
if csc.sessionKeyMap == nil {
|
|
fmt.Printf("Deleting session for %s\n", sessionKey)
|
|
delete(csc.sessionKeyMap, sessionKey)
|
|
} else {
|
|
fmt.Printf("Putting session for %s\n", sessionKey)
|
|
csc.sessionKeyMap[sessionKey] = cs
|
|
}
|
|
}
|
|
|
|
func main() {
|
|
const serverAddr string = "refraction.network:443"
|
|
csc := NewClientSessionCache()
|
|
tcpConn, err := net.Dial("tcp", serverAddr)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
// Everything below this line is brought to you by uTLS API, enjoy!
|
|
|
|
// use chs
|
|
tlsConn := tls.UClient(tcpConn, &tls.Config{
|
|
ServerName: strings.Split(serverAddr, ":")[0],
|
|
// NextProtos: []string{"h2", "http/1.1"},
|
|
ClientSessionCache: csc, // set this so session tickets will be saved
|
|
}, tls.HelloChrome_100)
|
|
|
|
// HS
|
|
err = tlsConn.Handshake()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
if tlsConn.ConnectionState().HandshakeComplete {
|
|
fmt.Println("Handshake complete")
|
|
fmt.Printf("TLS Version: %04x\n", tlsConn.ConnectionState().Version)
|
|
if tlsConn.ConnectionState().Version != tls.VersionTLS13 {
|
|
fmt.Printf("Only TLS 1.3 suppports PSK\n")
|
|
return
|
|
}
|
|
|
|
if tlsConn.HandshakeState.State13.UsingPSK {
|
|
panic("unintended using of PSK happened...")
|
|
} else {
|
|
fmt.Println("First connection, no PSK to use.")
|
|
}
|
|
|
|
tlsConn.SetReadDeadline(time.Now().Add(1 * time.Second))
|
|
tlsConn.Read(make([]byte, 1024)) // trigger a read so NewSessionTicket gets handled
|
|
}
|
|
tlsConn.Close()
|
|
|
|
tcpConnPSK, err := net.Dial("tcp", serverAddr)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
tlsConnPSK := tls.UClient(tcpConnPSK, &tls.Config{
|
|
ServerName: strings.Split(serverAddr, ":")[0],
|
|
// ClientSessionCache: csc, // set this will cause PSK to fail. This is a bug...
|
|
}, tls.HelloChrome_100_PSK, &tls.UtlsPreSharedKeyExtension{
|
|
ClientSessionCacheOverride: csc, // ONLY set your own ClientSessionCache here if you want to use PSK
|
|
})
|
|
|
|
// HS
|
|
err = tlsConnPSK.Handshake()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
if tlsConnPSK.ConnectionState().HandshakeComplete {
|
|
fmt.Println("Handshake complete")
|
|
fmt.Printf("TLS Version: %04x\n", tlsConnPSK.ConnectionState().Version)
|
|
if tlsConnPSK.ConnectionState().Version != tls.VersionTLS13 {
|
|
fmt.Printf("Only TLS 1.3 suppports PSK\n")
|
|
return
|
|
}
|
|
|
|
if tlsConnPSK.HandshakeState.State13.UsingPSK {
|
|
fmt.Println("PSK used!")
|
|
} else {
|
|
panic("PSK not used for a resumption session!")
|
|
}
|
|
}
|
|
}
|