Compare commits

...

16 Commits

Author SHA1 Message Date
wenyifan 490e6b40f5 Merge branch 'refs/heads/master' into dev 2024-08-07 09:40:23 +08:00
wenyifan fa16373d66 Merge branch 'refs/heads/master' into dev 2024-08-02 09:32:12 +08:00
wenyifan f73960ad36 Merge branch 'refs/heads/master' into dev 2024-07-17 15:17:00 +08:00
wenyifan 3c1985e980 Merge branch 'refs/heads/master' into dev 2024-07-05 13:45:23 +08:00
wenyifan 423dd1e35d Merge branch 'master' into dev
# Conflicts:
#	go.mod
#	go.sum
2024-06-19 10:10:55 +08:00
wenyifan 63ad7f2354 Merge branch 'master' into dev 2024-02-02 14:08:43 +08:00
wenyifan 5cc2c3de82 Merge branch 'master' into dev 2024-01-29 09:21:54 +08:00
wenyifan bb1a9908d4 Merge branch 'master' into dev 2024-01-18 09:24:27 +08:00
wenyifan 4e1a70ec6d Merge branch 'master' into dev 2023-12-28 17:33:48 +08:00
wenyifan 590a6ae6ff Merge branch 'master' into dev 2023-12-21 17:47:19 +08:00
wenyifan 116c7b51fe Merge branch 'master' into dev 2023-11-21 10:20:05 +08:00
wenyifan 42a4ccb24c Merge branch 'master' into dev 2023-11-17 13:25:11 +08:00
wenyifan 34b9e3b16e utls 2023-11-15 17:49:38 +08:00
wenyifan 3038eb66d8 utls 2023-11-15 15:45:09 +08:00
wenyifan 52aa2027d0 Merge branch 'master' into dev 2023-11-15 10:35:36 +08:00
wenyifan 6108000cce utls 2023-11-14 00:32:42 +08:00
7 changed files with 179 additions and 9 deletions
+15 -2
View File
@@ -2,8 +2,8 @@ package mtls
import ( import (
"context" "context"
"crypto/tls"
"errors" "errors"
tls "github.com/refraction-networking/utls"
"net" "net"
"sync" "sync"
"time" "time"
@@ -123,7 +123,20 @@ func (d *mtlsDialer) Handshake(ctx context.Context, conn net.Conn, options ...di
} }
func (d *mtlsDialer) initSession(ctx context.Context, conn net.Conn) (*muxSession, error) { func (d *mtlsDialer) initSession(ctx context.Context, conn net.Conn) (*muxSession, error) {
tlsConn := tls.Client(conn, d.options.TLSConfig) tlsConfig := d.options.TLSConfig
var utlsConf = &tls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName, ClientAuth: tls.ClientAuthType(tlsConfig.ClientAuth), ClientCAs: tlsConfig.ClientCAs, RootCAs: tlsConfig.RootCAs}
if len(tlsConfig.Certificates) > 0 {
for _, certificate := range tlsConfig.Certificates {
utlsConf.Certificates = append(utlsConf.Certificates, tls.Certificate{
Certificate: certificate.Certificate,
PrivateKey: certificate.PrivateKey,
OCSPStaple: certificate.OCSPStaple,
SignedCertificateTimestamps: certificate.SignedCertificateTimestamps,
Leaf: certificate.Leaf,
})
}
}
tlsConn := tls.UClient(conn, utlsConf, tls.HelloChrome_Auto)
if err := tlsConn.HandshakeContext(ctx); err != nil { if err := tlsConn.HandshakeContext(ctx); err != nil {
return nil, err return nil, err
} }
+29
View File
@@ -3,6 +3,8 @@ package mws
import ( import (
"context" "context"
"errors" "errors"
"github.com/go-gost/x/util"
tls "github.com/refraction-networking/utls"
"net" "net"
"net/url" "net/url"
"sync" "sync"
@@ -158,6 +160,33 @@ func (d *mwsDialer) initSession(ctx context.Context, host string, conn net.Conn,
if d.tlsEnabled { if d.tlsEnabled {
url.Scheme = "wss" url.Scheme = "wss"
dialer.TLSClientConfig = d.options.TLSConfig dialer.TLSClientConfig = d.options.TLSConfig
tlsConfig := d.options.TLSConfig
dialer.NetDialTLSContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
utlsConf := &tls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName, ClientAuth: tls.ClientAuthType(tlsConfig.ClientAuth), ClientCAs: tlsConfig.ClientCAs, RootCAs: tlsConfig.RootCAs}
if len(tlsConfig.Certificates) > 0 {
for _, certificate := range tlsConfig.Certificates {
utlsConf.Certificates = append(utlsConf.Certificates, tls.Certificate{
Certificate: certificate.Certificate,
PrivateKey: certificate.PrivateKey,
OCSPStaple: certificate.OCSPStaple,
SignedCertificateTimestamps: certificate.SignedCertificateTimestamps,
Leaf: certificate.Leaf,
})
}
}
var client *tls.UConn
if d.md.useH2 {
client = tls.UClient(conn, utlsConf, tls.HelloChrome_Auto)
} else {
client = tls.UClient(conn, utlsConf, tls.HelloCustom)
client.ApplyPreset(util.NewWsSpec())
}
err := client.Handshake()
if err != nil {
return nil, err
}
return client, nil
}
} }
if d.md.handshakeTimeout > 0 { if d.md.handshakeTimeout > 0 {
+4
View File
@@ -27,6 +27,9 @@ type metadata struct {
header http.Header header http.Header
keepaliveInterval time.Duration keepaliveInterval time.Duration
muxCfg *mux.Config muxCfg *mux.Config
//Evan Enhanced
useH2 bool
} }
func (d *mwsDialer) parseMetadata(md mdata.Metadata) (err error) { func (d *mwsDialer) parseMetadata(md mdata.Metadata) (err error) {
@@ -67,5 +70,6 @@ func (d *mwsDialer) parseMetadata(md mdata.Metadata) (err error) {
} }
} }
d.md.useH2 = mdutil.GetBool(md, "h2")
return return
} }
+15 -3
View File
@@ -2,7 +2,7 @@ package tls
import ( import (
"context" "context"
"crypto/tls" tls "github.com/refraction-networking/utls"
"net" "net"
"time" "time"
@@ -57,8 +57,20 @@ func (d *tlsDialer) Handshake(ctx context.Context, conn net.Conn, options ...dia
conn.SetDeadline(time.Now().Add(d.md.handshakeTimeout)) conn.SetDeadline(time.Now().Add(d.md.handshakeTimeout))
defer conn.SetDeadline(time.Time{}) defer conn.SetDeadline(time.Time{})
} }
tlsConfig := d.options.TLSConfig
tlsConn := tls.Client(conn, d.options.TLSConfig) utlsConf := &tls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName, ClientAuth: tls.ClientAuthType(tlsConfig.ClientAuth), ClientCAs: tlsConfig.ClientCAs, RootCAs: tlsConfig.RootCAs}
if len(tlsConfig.Certificates) > 0 {
for _, certificate := range tlsConfig.Certificates {
utlsConf.Certificates = append(utlsConf.Certificates, tls.Certificate{
Certificate: certificate.Certificate,
PrivateKey: certificate.PrivateKey,
OCSPStaple: certificate.OCSPStaple,
SignedCertificateTimestamps: certificate.SignedCertificateTimestamps,
Leaf: certificate.Leaf,
})
}
}
tlsConn := tls.UClient(conn, utlsConf, tls.HelloChrome_Auto)
if err := tlsConn.HandshakeContext(ctx); err != nil { if err := tlsConn.HandshakeContext(ctx); err != nil {
conn.Close() conn.Close()
return nil, err return nil, err
+36 -4
View File
@@ -2,6 +2,8 @@ package ws
import ( import (
"context" "context"
"github.com/go-gost/x/util"
tls "github.com/refraction-networking/utls"
"net" "net"
"net/url" "net/url"
"time" "time"
@@ -91,13 +93,43 @@ func (d *wsDialer) Handshake(ctx context.Context, conn net.Conn, options ...dial
}, },
} }
url := url.URL{Scheme: "ws", Host: host, Path: d.md.path} urlObj := url.URL{Scheme: "ws", Host: host, Path: d.md.path}
if d.tlsEnabled { if d.tlsEnabled {
url.Scheme = "wss" urlObj.Scheme = "wss"
dialer.TLSClientConfig = d.options.TLSConfig dialer.TLSClientConfig = d.options.TLSConfig
tlsConfig := d.options.TLSConfig
dialer.NetDialTLSContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
utlsConf := &tls.Config{InsecureSkipVerify: tlsConfig.InsecureSkipVerify, ServerName: tlsConfig.ServerName, ClientAuth: tls.ClientAuthType(tlsConfig.ClientAuth), ClientCAs: tlsConfig.ClientCAs, RootCAs: tlsConfig.RootCAs}
if len(tlsConfig.Certificates) > 0 {
for _, certificate := range tlsConfig.Certificates {
utlsConf.Certificates = append(utlsConf.Certificates, tls.Certificate{
Certificate: certificate.Certificate,
PrivateKey: certificate.PrivateKey,
OCSPStaple: certificate.OCSPStaple,
SignedCertificateTimestamps: certificate.SignedCertificateTimestamps,
Leaf: certificate.Leaf,
})
}
}
var client *tls.UConn
if d.md.useH2 {
client = tls.UClient(conn, utlsConf, tls.HelloChrome_Auto)
} else {
client = tls.UClient(conn, utlsConf, tls.HelloCustom)
client.ApplyPreset(util.NewWsSpec())
}
err := client.Handshake()
if err != nil {
return nil, err
}
return client, nil
}
} }
urlStr, errUnescape := url.QueryUnescape(urlObj.String())
c, resp, err := dialer.DialContext(ctx, url.String(), d.md.header) if errUnescape != nil {
d.options.Logger.Debugf("[ws] URL QueryUnescape Error URL.String() -> %s", urlObj.String())
}
c, resp, err := dialer.DialContext(ctx, urlStr, d.md.header)
if err != nil { if err != nil {
return nil, err return nil, err
} }
+4
View File
@@ -25,6 +25,9 @@ type metadata struct {
header http.Header header http.Header
keepaliveInterval time.Duration keepaliveInterval time.Duration
//Evan Enhance
useH2 bool
} }
func (d *wsDialer) parseMetadata(md mdata.Metadata) (err error) { func (d *wsDialer) parseMetadata(md mdata.Metadata) (err error) {
@@ -56,5 +59,6 @@ func (d *wsDialer) parseMetadata(md mdata.Metadata) (err error) {
} }
} }
d.md.useH2 = mdutil.GetBool(md, "h2")
return return
} }
+76
View File
@@ -0,0 +1,76 @@
package util
import tls "github.com/refraction-networking/utls"
func NewWsSpec() *tls.ClientHelloSpec {
return &tls.ClientHelloSpec{
CipherSuites: []uint16{
tls.GREASE_PLACEHOLDER,
tls.TLS_AES_128_GCM_SHA256,
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_CHACHA20_POLY1305_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
CompressionMethods: []byte{
0x00, // compressionNone
},
Extensions: []tls.TLSExtension{
&tls.UtlsGREASEExtension{},
&tls.SNIExtension{},
&tls.ExtendedMasterSecretExtension{},
&tls.RenegotiationInfoExtension{Renegotiation: tls.RenegotiateOnceAsClient},
&tls.SupportedCurvesExtension{[]tls.CurveID{
tls.GREASE_PLACEHOLDER,
tls.X25519,
tls.CurveP256,
tls.CurveP384,
}},
&tls.SupportedPointsExtension{SupportedPoints: []byte{
0x00, // pointFormatUncompressed
}},
&tls.SessionTicketExtension{},
&tls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}},
&tls.StatusRequestExtension{},
&tls.SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []tls.SignatureScheme{
tls.ECDSAWithP256AndSHA256,
tls.PSSWithSHA256,
tls.PKCS1WithSHA256,
tls.ECDSAWithP384AndSHA384,
tls.PSSWithSHA384,
tls.PKCS1WithSHA384,
tls.PSSWithSHA512,
tls.PKCS1WithSHA512,
}},
&tls.SCTExtension{},
&tls.KeyShareExtension{[]tls.KeyShare{
{Group: tls.CurveID(tls.GREASE_PLACEHOLDER), Data: []byte{0}},
{Group: tls.X25519},
}},
&tls.PSKKeyExchangeModesExtension{[]uint8{
tls.PskModeDHE,
}},
&tls.SupportedVersionsExtension{[]uint16{
tls.GREASE_PLACEHOLDER,
tls.VersionTLS13,
tls.VersionTLS12,
}},
&tls.UtlsCompressCertExtension{[]tls.CertCompressionAlgo{
tls.CertCompressionBrotli,
}},
&tls.ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}},
&tls.UtlsGREASEExtension{},
&tls.UtlsPaddingExtension{GetPaddingLen: tls.BoringPaddingStyle},
},
}
}