2020-11-25 14:01:53 +03:00
|
|
|
package tls
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/tls"
|
|
|
|
|
2021-03-29 13:08:29 +03:00
|
|
|
utls "github.com/refraction-networking/utls"
|
2020-12-04 04:36:16 +03:00
|
|
|
"github.com/xtls/xray-core/common/buf"
|
|
|
|
"github.com/xtls/xray-core/common/net"
|
2020-11-25 14:01:53 +03:00
|
|
|
)
|
|
|
|
|
2020-12-04 04:36:16 +03:00
|
|
|
//go:generate go run github.com/xtls/xray-core/common/errors/errorgen
|
2020-11-25 14:01:53 +03:00
|
|
|
|
2021-10-19 19:57:14 +03:00
|
|
|
var _ buf.Writer = (*Conn)(nil)
|
2020-11-25 14:01:53 +03:00
|
|
|
|
|
|
|
type Conn struct {
|
|
|
|
*tls.Conn
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Conn) WriteMultiBuffer(mb buf.MultiBuffer) error {
|
|
|
|
mb = buf.Compact(mb)
|
|
|
|
mb, err := buf.WriteMultiBuffer(c, mb)
|
|
|
|
buf.ReleaseMulti(mb)
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Conn) HandshakeAddress() net.Address {
|
|
|
|
if err := c.Handshake(); err != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
state := c.ConnectionState()
|
|
|
|
if state.ServerName == "" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return net.ParseAddress(state.ServerName)
|
|
|
|
}
|
|
|
|
|
2022-10-13 15:04:00 +03:00
|
|
|
func (c *Conn) NegotiatedProtocol() (name string, mutual bool) {
|
|
|
|
state := c.ConnectionState()
|
|
|
|
return state.NegotiatedProtocol, state.NegotiatedProtocolIsMutual
|
|
|
|
}
|
|
|
|
|
2020-11-25 14:01:53 +03:00
|
|
|
// Client initiates a TLS client handshake on the given connection.
|
|
|
|
func Client(c net.Conn, config *tls.Config) net.Conn {
|
|
|
|
tlsConn := tls.Client(c, config)
|
|
|
|
return &Conn{Conn: tlsConn}
|
|
|
|
}
|
|
|
|
|
2021-04-01 12:15:18 +03:00
|
|
|
// Server initiates a TLS server handshake on the given connection.
|
|
|
|
func Server(c net.Conn, config *tls.Config) net.Conn {
|
|
|
|
tlsConn := tls.Server(c, config)
|
|
|
|
return &Conn{Conn: tlsConn}
|
|
|
|
}
|
|
|
|
|
|
|
|
type UConn struct {
|
|
|
|
*utls.UConn
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *UConn) HandshakeAddress() net.Address {
|
|
|
|
if err := c.Handshake(); err != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
state := c.ConnectionState()
|
|
|
|
if state.ServerName == "" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return net.ParseAddress(state.ServerName)
|
2021-03-29 13:08:29 +03:00
|
|
|
}
|
|
|
|
|
2022-10-18 17:34:41 +03:00
|
|
|
// WebsocketHandshake basically calls UConn.Handshake inside it but it will only send
|
|
|
|
// http/1.1 in its ALPN.
|
|
|
|
func (c *UConn) WebsocketHandshake() error {
|
|
|
|
// Build the handshake state. This will apply every variable of the TLS of the
|
|
|
|
// fingerprint in the UConn
|
|
|
|
if err := c.BuildHandshakeState(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
// Iterate over extensions and check for utls.ALPNExtension
|
|
|
|
hasALPNExtension := false
|
|
|
|
for _, extension := range c.Extensions {
|
|
|
|
if alpn, ok := extension.(*utls.ALPNExtension); ok {
|
|
|
|
hasALPNExtension = true
|
|
|
|
alpn.AlpnProtocols = []string{"http/1.1"}
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !hasALPNExtension { // Append extension if doesn't exists
|
|
|
|
c.Extensions = append(c.Extensions, &utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}})
|
|
|
|
}
|
|
|
|
// Rebuild the client hello and do the handshake
|
|
|
|
if err := c.BuildHandshakeState(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return c.Handshake()
|
|
|
|
}
|
|
|
|
|
2022-10-13 15:04:00 +03:00
|
|
|
func (c *UConn) NegotiatedProtocol() (name string, mutual bool) {
|
|
|
|
state := c.ConnectionState()
|
|
|
|
return state.NegotiatedProtocol, state.NegotiatedProtocolIsMutual
|
|
|
|
}
|
|
|
|
|
2021-04-01 12:15:18 +03:00
|
|
|
func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) net.Conn {
|
|
|
|
utlsConn := utls.UClient(c, copyConfig(config), *fingerprint)
|
|
|
|
return &UConn{UConn: utlsConn}
|
|
|
|
}
|
|
|
|
|
|
|
|
func copyConfig(c *tls.Config) *utls.Config {
|
2020-11-25 14:01:53 +03:00
|
|
|
return &utls.Config{
|
2021-03-29 13:08:29 +03:00
|
|
|
RootCAs: c.RootCAs,
|
2020-11-25 14:01:53 +03:00
|
|
|
ServerName: c.ServerName,
|
|
|
|
InsecureSkipVerify: c.InsecureSkipVerify,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-04-01 12:15:18 +03:00
|
|
|
var Fingerprints = map[string]*utls.ClientHelloID{
|
|
|
|
"chrome": &utls.HelloChrome_Auto,
|
|
|
|
"firefox": &utls.HelloFirefox_Auto,
|
|
|
|
"safari": &utls.HelloIOS_Auto,
|
|
|
|
"randomized": &utls.HelloRandomized,
|
2020-11-25 14:01:53 +03:00
|
|
|
}
|
2022-10-13 15:04:00 +03:00
|
|
|
|
|
|
|
type Interface interface {
|
|
|
|
net.Conn
|
|
|
|
Handshake() error
|
|
|
|
VerifyHostname(host string) error
|
|
|
|
NegotiatedProtocol() (name string, mutual bool)
|
|
|
|
}
|