Home Explore Help
Sign In
wytfy
/
v2ray-core
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5d9e2e69a9
Branches Tags
v2ray-core
/
external
/
github.com
/
refraction-networking
/
utls
/
u_common.go

u_common.go 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 
  1. // Copyright 2017 Google Inc. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package tls
    6. 

  6. 

  7. import (
    8. 

  8. 	"crypto/hmac"
    9. 

  9. 	"crypto/sha512"
    10. 

  10. 	"fmt"
    11. 

  11. )
    12. 

  12. 

  13. // Naming convention:
    14. 

  14. // Unsupported things are prefixed with "Fake"
    15. 

  15. // Things, supported by utls, but not crypto/tls' are prefixed with "utls"
    16. 

  16. // Supported things, that have changed their ID are prefixed with "Old"
    17. 

  17. // Supported but disabled things are prefixed with "Disabled". We will _enable_ them.
    18. 

  18. const (
    19. 

  19. 	utlsExtensionPadding              uint16 = 21
    20. 

  20. 	utlsExtensionExtendedMasterSecret uint16 = 23 // https://tools.ietf.org/html/rfc7627
    21. 

  21. 

  22. 	// extensions with 'fake' prefix break connection, if server echoes them back
    23. 

  23. 	fakeExtensionChannelID uint16 = 30032 // not IANA assigned
    24. 

  24. 

  25. 	fakeCertCompressionAlgs uint16 = 0x001b
    26. 

  26. 	fakeRecordSizeLimit     uint16 = 0x001c
    27. 

  27. )
    28. 

  28. 

  29. const (
    30. 

  30. 	OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = uint16(0xcc13)
    31. 

  31. 	OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = uint16(0xcc14)
    32. 

  32. 

  33. 	DISABLED_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = uint16(0xc024)
    34. 

  34. 	DISABLED_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   = uint16(0xc028)
    35. 

  35. 	DISABLED_TLS_RSA_WITH_AES_256_CBC_SHA256         = uint16(0x003d)
    36. 

  36. 

  37. 	FAKE_OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = uint16(0xcc15) // we can try to craft these ciphersuites
    38. 

  38. 	FAKE_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256           = uint16(0x009e) // from existing pieces, if needed
    39. 

  39. 

  40. 	FAKE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA  = uint16(0x0033)
    41. 

  41. 	FAKE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA  = uint16(0x0039)
    42. 

  42. 	FAKE_TLS_RSA_WITH_RC4_128_MD5          = uint16(0x0004)
    43. 

  43. 	FAKE_TLS_EMPTY_RENEGOTIATION_INFO_SCSV = uint16(0x00ff)
    44. 

  44. )
    45. 

  45. 

  46. // newest signatures
    47. 

  47. var (
    48. 

  48. 	FakePKCS1WithSHA224 SignatureScheme = 0x0301
    49. 

  49. 	FakeECDSAWithSHA224 SignatureScheme = 0x0303
    50. 

  50. 

  51. 	// fakeEd25519 = SignatureAndHash{0x08, 0x07}
    52. 

  52. 	// fakeEd448 = SignatureAndHash{0x08, 0x08}
    53. 

  53. )
    54. 

  54. 

  55. // fake curves(groups)
    56. 

  56. var (
    57. 

  57. 	FakeFFDHE2048 = uint16(0x0100)
    58. 

  58. 	FakeFFDHE3072 = uint16(0x0101)
    59. 

  59. )
    60. 

  60. 

  61. type ClientHelloID struct {
    62. 

  62. 	Browser string
    63. 

  63. 	Version uint16
    64. 

  64. 	// TODO: consider adding OS?
    65. 

  65. }
    66. 

  66. 

  67. func (p *ClientHelloID) Str() string {
    68. 

  68. 	return fmt.Sprintf("%s-%d", p.Browser, p.Version)
    69. 

  69. }
    70. 

  70. 

  71. const (
    72. 

  72. 	helloGolang     = "Golang"
    73. 

  73. 	helloRandomized = "Randomized"
    74. 

  74. 	helloCustom     = "Custom"
    75. 

  75. 	helloFirefox    = "Firefox"
    76. 

  76. 	helloChrome     = "Chrome"
    77. 

  77. 	helloIOS        = "iOS"
    78. 

  78. 	helloAndroid    = "Android"
    79. 

  79. )
    80. 

  80. 

  81. const (
    82. 

  82. 	helloAutoVers = iota
    83. 

  83. 	helloRandomizedALPN
    84. 

  84. 	helloRandomizedNoALPN
    85. 

  85. )
    86. 

  86. 

  87. type ClientHelloSpec struct {
    88. 

  88. 	CipherSuites       []uint16       // nil => default
    89. 

  89. 	CompressionMethods []uint8        // nil => no compression
    90. 

  90. 	Extensions         []TLSExtension // nil => no extensions
    91. 

  91. 

  92. 	TLSVersMin uint16 // [1.0-1.3]
    93. 

  93. 	TLSVersMax uint16 // [1.2-1.3]
    94. 

  94. 

  95. 	// GreaseStyle: currently only random
    96. 

  96. 	// sessionID may or may not depend on ticket; nil => random
    97. 

  97. 	GetSessionID func(ticket []byte) [32]byte
    98. 

  98. 

  99. 	// TLSFingerprintLink string // ?? link to tlsfingerprint.io for informational purposes
    100. 

  100. }
    101. 

  101. 

  102. var (
    103. 

  103. 	// HelloGolang will use default "crypto/tls" handshake marshaling codepath, which WILL
    104. 

  104. 	// overwrite your changes to Hello(Config, Session are fine).
    105. 

  105. 	// You might want to call BuildHandshakeState() before applying any changes.
    106. 

  106. 	// UConn.Extensions will be completely ignored.
    107. 

  107. 	HelloGolang = ClientHelloID{helloGolang, helloAutoVers}
    108. 

  108. 

  109. 	// HelloCustom will prepare ClientHello with empty uconn.Extensions so you can fill it with
    110. 

  110. 	// TLSExtensions manually or use ApplyPreset function
    111. 

  111. 	HelloCustom = ClientHelloID{helloCustom, helloAutoVers}
    112. 

  112. 

  113. 	// HelloRandomized* randomly adds/reorders extensions, ciphersuites, etc.
    114. 

  114. 	HelloRandomized       = ClientHelloID{helloRandomized, helloAutoVers}
    115. 

  115. 	HelloRandomizedALPN   = ClientHelloID{helloRandomized, helloRandomizedALPN}
    116. 

  116. 	HelloRandomizedNoALPN = ClientHelloID{helloRandomized, helloRandomizedNoALPN}
    117. 

  117. 

  118. 	// The rest will will parrot given browser.
    119. 

  119. 	HelloFirefox_Auto = HelloFirefox_63
    120. 

  120. 	HelloFirefox_55   = ClientHelloID{helloFirefox, 55}
    121. 

  121. 	HelloFirefox_56   = ClientHelloID{helloFirefox, 56}
    122. 

  122. 	HelloFirefox_63   = ClientHelloID{helloFirefox, 63}
    123. 

  123. 

  124. 	HelloChrome_Auto = HelloChrome_70
    125. 

  125. 	HelloChrome_58   = ClientHelloID{helloChrome, 58}
    126. 

  126. 	HelloChrome_62   = ClientHelloID{helloChrome, 62}
    127. 

  127. 	HelloChrome_70   = ClientHelloID{helloChrome, 70}
    128. 

  128. 

  129. 	HelloIOS_Auto = HelloIOS_11_1
    130. 

  130. 	HelloIOS_11_1 = ClientHelloID{helloIOS, 111}
    131. 

  131. )
    132. 

  132. 

  133. // based on spec's GreaseStyle, GREASE_PLACEHOLDER may be replaced by another GREASE value
    134. 

  134. // https://tools.ietf.org/html/draft-ietf-tls-grease-01
    135. 

  135. const GREASE_PLACEHOLDER = 0x0a0a
    136. 

  136. 

  137. // utlsMacSHA384 returns a SHA-384 based MAC. These are only supported in TLS 1.2
    138. 

  138. // so the given version is ignored.
    139. 

  139. func utlsMacSHA384(version uint16, key []byte) macFunction {
    140. 

  140. 	return tls10MAC{h: hmac.New(sha512.New384, key)}
    141. 

  141. }
    142. 

  142. 

  143. var utlsSupportedCipherSuites []*cipherSuite
    144. 

  144. 

  145. func init() {
    146. 

  146. 	utlsSupportedCipherSuites = append(cipherSuites, []*cipherSuite{
    147. 

  147. 		{OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheRSAKA,
    148. 

  148. 			suiteECDHE | suiteTLS12 | suiteDefaultOff, nil, nil, aeadChaCha20Poly1305},
    149. 

  149. 		{OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 32, 0, 12, ecdheECDSAKA,
    150. 

  150. 			suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, nil, nil, aeadChaCha20Poly1305},
    151. 

  151. 	}...)
    152. 

  152. }
    153. 

  153. 

  154. // EnableWeakCiphers allows utls connections to continue in some cases, when weak cipher was chosen.
    155. 

  155. // This provides better compatibility with servers on the web, but weakens security. Feel free
    156. 

  156. // to use this option if you establish additional secure connection inside of utls connection.
    157. 

  157. // This option does not change the shape of parrots (i.e. same ciphers will be offered either way).
    158. 

  158. // Must be called before establishing any connections.
    159. 

  159. func EnableWeakCiphers() {
    160. 

  160. 	utlsSupportedCipherSuites = append(cipherSuites, []*cipherSuite{
    161. 

  161. 		{DISABLED_TLS_RSA_WITH_AES_256_CBC_SHA256, 32, 32, 16, rsaKA,
    162. 

  162. 			suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil},
    163. 

  163. 

  164. 		{DISABLED_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheECDSAKA,
    165. 

  165. 			suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff | suiteSHA384, cipherAES, utlsMacSHA384, nil},
    166. 

  166. 		{DISABLED_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 32, 48, 16, ecdheRSAKA,
    167. 

  167. 			suiteECDHE | suiteTLS12 | suiteDefaultOff | suiteSHA384, cipherAES, utlsMacSHA384, nil},
    168. 

  168. 	}...)
    169. 

  169. }
    170.