github.com/xmplusdev/xray-core@v1.8.10/transport/internet/tls/tls.go (about) 1 package tls 2 3 import ( 4 "context" 5 "crypto/rand" 6 "crypto/tls" 7 "math/big" 8 "time" 9 10 utls "github.com/refraction-networking/utls" 11 "github.com/xmplusdev/xray-core/common/buf" 12 "github.com/xmplusdev/xray-core/common/net" 13 ) 14 15 //go:generate go run github.com/xmplusdev/xray-core/common/errors/errorgen 16 17 type Interface interface { 18 net.Conn 19 HandshakeContext(ctx context.Context) error 20 VerifyHostname(host string) error 21 NegotiatedProtocol() (name string, mutual bool) 22 } 23 24 var _ buf.Writer = (*Conn)(nil) 25 26 type Conn struct { 27 *tls.Conn 28 } 29 30 const tlsCloseTimeout = 250 * time.Millisecond 31 32 func (c *Conn) Close() error { 33 timer := time.AfterFunc(tlsCloseTimeout, func() { 34 c.Conn.NetConn().Close() 35 }) 36 defer timer.Stop() 37 return c.Conn.Close() 38 } 39 40 func (c *Conn) WriteMultiBuffer(mb buf.MultiBuffer) error { 41 mb = buf.Compact(mb) 42 mb, err := buf.WriteMultiBuffer(c, mb) 43 buf.ReleaseMulti(mb) 44 return err 45 } 46 47 func (c *Conn) HandshakeAddressContext(ctx context.Context) net.Address { 48 if err := c.HandshakeContext(ctx); err != nil { 49 return nil 50 } 51 state := c.ConnectionState() 52 if state.ServerName == "" { 53 return nil 54 } 55 return net.ParseAddress(state.ServerName) 56 } 57 58 func (c *Conn) NegotiatedProtocol() (name string, mutual bool) { 59 state := c.ConnectionState() 60 return state.NegotiatedProtocol, state.NegotiatedProtocolIsMutual 61 } 62 63 // Client initiates a TLS client handshake on the given connection. 64 func Client(c net.Conn, config *tls.Config) net.Conn { 65 tlsConn := tls.Client(c, config) 66 return &Conn{Conn: tlsConn} 67 } 68 69 // Server initiates a TLS server handshake on the given connection. 70 func Server(c net.Conn, config *tls.Config) net.Conn { 71 tlsConn := tls.Server(c, config) 72 return &Conn{Conn: tlsConn} 73 } 74 75 type UConn struct { 76 *utls.UConn 77 } 78 79 func (c *UConn) Close() error { 80 timer := time.AfterFunc(tlsCloseTimeout, func() { 81 c.Conn.NetConn().Close() 82 }) 83 defer timer.Stop() 84 return c.Conn.Close() 85 } 86 87 func (c *UConn) HandshakeAddressContext(ctx context.Context) net.Address { 88 if err := c.HandshakeContext(ctx); err != nil { 89 return nil 90 } 91 state := c.ConnectionState() 92 if state.ServerName == "" { 93 return nil 94 } 95 return net.ParseAddress(state.ServerName) 96 } 97 98 // WebsocketHandshake basically calls UConn.Handshake inside it but it will only send 99 // http/1.1 in its ALPN. 100 func (c *UConn) WebsocketHandshakeContext(ctx context.Context) error { 101 // Build the handshake state. This will apply every variable of the TLS of the 102 // fingerprint in the UConn 103 if err := c.BuildHandshakeState(); err != nil { 104 return err 105 } 106 // Iterate over extensions and check for utls.ALPNExtension 107 hasALPNExtension := false 108 for _, extension := range c.Extensions { 109 if alpn, ok := extension.(*utls.ALPNExtension); ok { 110 hasALPNExtension = true 111 alpn.AlpnProtocols = []string{"http/1.1"} 112 break 113 } 114 } 115 if !hasALPNExtension { // Append extension if doesn't exists 116 c.Extensions = append(c.Extensions, &utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}}) 117 } 118 // Rebuild the client hello and do the handshake 119 if err := c.BuildHandshakeState(); err != nil { 120 return err 121 } 122 return c.HandshakeContext(ctx) 123 } 124 125 func (c *UConn) NegotiatedProtocol() (name string, mutual bool) { 126 state := c.ConnectionState() 127 return state.NegotiatedProtocol, state.NegotiatedProtocolIsMutual 128 } 129 130 func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) net.Conn { 131 utlsConn := utls.UClient(c, copyConfig(config), *fingerprint) 132 return &UConn{UConn: utlsConn} 133 } 134 135 func copyConfig(c *tls.Config) *utls.Config { 136 return &utls.Config{ 137 RootCAs: c.RootCAs, 138 ServerName: c.ServerName, 139 InsecureSkipVerify: c.InsecureSkipVerify, 140 VerifyPeerCertificate: c.VerifyPeerCertificate, 141 KeyLogWriter: c.KeyLogWriter, 142 } 143 } 144 145 func init() { 146 bigInt, _ := rand.Int(rand.Reader, big.NewInt(int64(len(ModernFingerprints)))) 147 stopAt := int(bigInt.Int64()) 148 i := 0 149 for _, v := range ModernFingerprints { 150 if i == stopAt { 151 PresetFingerprints["random"] = v 152 break 153 } 154 i++ 155 } 156 weights := utls.DefaultWeights 157 weights.TLSVersMax_Set_VersionTLS13 = 1 158 weights.FirstKeyShare_Set_CurveP256 = 0 159 randomized := utls.HelloRandomized 160 randomized.Seed, _ = utls.NewPRNGSeed() 161 randomized.Weights = &weights 162 PresetFingerprints["randomized"] = &randomized 163 } 164 165 func GetFingerprint(name string) (fingerprint *utls.ClientHelloID) { 166 if name == "" { 167 return 168 } 169 if fingerprint = PresetFingerprints[name]; fingerprint != nil { 170 return 171 } 172 if fingerprint = ModernFingerprints[name]; fingerprint != nil { 173 return 174 } 175 if fingerprint = OtherFingerprints[name]; fingerprint != nil { 176 return 177 } 178 return 179 } 180 181 var PresetFingerprints = map[string]*utls.ClientHelloID{ 182 // Recommended preset options in GUI clients 183 "chrome": &utls.HelloChrome_Auto, 184 "firefox": &utls.HelloFirefox_Auto, 185 "safari": &utls.HelloSafari_Auto, 186 "ios": &utls.HelloIOS_Auto, 187 "android": &utls.HelloAndroid_11_OkHttp, 188 "edge": &utls.HelloEdge_Auto, 189 "360": &utls.Hello360_Auto, 190 "qq": &utls.HelloQQ_Auto, 191 "random": nil, 192 "randomized": nil, 193 } 194 195 var ModernFingerprints = map[string]*utls.ClientHelloID{ 196 // One of these will be chosen as `random` at startup 197 "hellofirefox_99": &utls.HelloFirefox_99, 198 "hellofirefox_102": &utls.HelloFirefox_102, 199 "hellofirefox_105": &utls.HelloFirefox_105, 200 "hellochrome_83": &utls.HelloChrome_83, 201 "hellochrome_87": &utls.HelloChrome_87, 202 "hellochrome_96": &utls.HelloChrome_96, 203 "hellochrome_100": &utls.HelloChrome_100, 204 "hellochrome_102": &utls.HelloChrome_102, 205 "hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle, 206 "helloios_13": &utls.HelloIOS_13, 207 "helloios_14": &utls.HelloIOS_14, 208 "helloedge_85": &utls.HelloEdge_85, 209 "helloedge_106": &utls.HelloEdge_106, 210 "hellosafari_16_0": &utls.HelloSafari_16_0, 211 "hello360_11_0": &utls.Hello360_11_0, 212 "helloqq_11_1": &utls.HelloQQ_11_1, 213 } 214 215 var OtherFingerprints = map[string]*utls.ClientHelloID{ 216 // Golang, randomized, auto, and fingerprints that are too old 217 "hellogolang": &utls.HelloGolang, 218 "hellorandomized": &utls.HelloRandomized, 219 "hellorandomizedalpn": &utls.HelloRandomizedALPN, 220 "hellorandomizednoalpn": &utls.HelloRandomizedNoALPN, 221 "hellofirefox_auto": &utls.HelloFirefox_Auto, 222 "hellofirefox_55": &utls.HelloFirefox_55, 223 "hellofirefox_56": &utls.HelloFirefox_56, 224 "hellofirefox_63": &utls.HelloFirefox_63, 225 "hellofirefox_65": &utls.HelloFirefox_65, 226 "hellochrome_auto": &utls.HelloChrome_Auto, 227 "hellochrome_58": &utls.HelloChrome_58, 228 "hellochrome_62": &utls.HelloChrome_62, 229 "hellochrome_70": &utls.HelloChrome_70, 230 "hellochrome_72": &utls.HelloChrome_72, 231 "helloios_auto": &utls.HelloIOS_Auto, 232 "helloios_11_1": &utls.HelloIOS_11_1, 233 "helloios_12_1": &utls.HelloIOS_12_1, 234 "helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp, 235 "helloedge_auto": &utls.HelloEdge_Auto, 236 "hellosafari_auto": &utls.HelloSafari_Auto, 237 "hello360_auto": &utls.Hello360_Auto, 238 "hello360_7_5": &utls.Hello360_7_5, 239 "helloqq_auto": &utls.HelloQQ_Auto, 240 }