github.com/xraypb/Xray-core@v1.8.1/transport/internet/tls/tls.go (about)

     1  package tls
     2  
     3  import (
     4  	"crypto/rand"
     5  	"crypto/tls"
     6  	"math/big"
     7  
     8  	utls "github.com/refraction-networking/utls"
     9  	"github.com/xraypb/Xray-core/common/buf"
    10  	"github.com/xraypb/Xray-core/common/net"
    11  )
    12  
    13  //go:generate go run github.com/xraypb/Xray-core/common/errors/errorgen
    14  
    15  type Interface interface {
    16  	net.Conn
    17  	Handshake() error
    18  	VerifyHostname(host string) error
    19  	NegotiatedProtocol() (name string, mutual bool)
    20  }
    21  
    22  var _ buf.Writer = (*Conn)(nil)
    23  
    24  type Conn struct {
    25  	*tls.Conn
    26  }
    27  
    28  func (c *Conn) WriteMultiBuffer(mb buf.MultiBuffer) error {
    29  	mb = buf.Compact(mb)
    30  	mb, err := buf.WriteMultiBuffer(c, mb)
    31  	buf.ReleaseMulti(mb)
    32  	return err
    33  }
    34  
    35  func (c *Conn) HandshakeAddress() net.Address {
    36  	if err := c.Handshake(); err != nil {
    37  		return nil
    38  	}
    39  	state := c.ConnectionState()
    40  	if state.ServerName == "" {
    41  		return nil
    42  	}
    43  	return net.ParseAddress(state.ServerName)
    44  }
    45  
    46  func (c *Conn) NegotiatedProtocol() (name string, mutual bool) {
    47  	state := c.ConnectionState()
    48  	return state.NegotiatedProtocol, state.NegotiatedProtocolIsMutual
    49  }
    50  
    51  // Client initiates a TLS client handshake on the given connection.
    52  func Client(c net.Conn, config *tls.Config) net.Conn {
    53  	tlsConn := tls.Client(c, config)
    54  	return &Conn{Conn: tlsConn}
    55  }
    56  
    57  // Server initiates a TLS server handshake on the given connection.
    58  func Server(c net.Conn, config *tls.Config) net.Conn {
    59  	tlsConn := tls.Server(c, config)
    60  	return &Conn{Conn: tlsConn}
    61  }
    62  
    63  type UConn struct {
    64  	*utls.UConn
    65  }
    66  
    67  func (c *UConn) HandshakeAddress() net.Address {
    68  	if err := c.Handshake(); err != nil {
    69  		return nil
    70  	}
    71  	state := c.ConnectionState()
    72  	if state.ServerName == "" {
    73  		return nil
    74  	}
    75  	return net.ParseAddress(state.ServerName)
    76  }
    77  
    78  // WebsocketHandshake basically calls UConn.Handshake inside it but it will only send
    79  // http/1.1 in its ALPN.
    80  func (c *UConn) WebsocketHandshake() error {
    81  	// Build the handshake state. This will apply every variable of the TLS of the
    82  	// fingerprint in the UConn
    83  	if err := c.BuildHandshakeState(); err != nil {
    84  		return err
    85  	}
    86  	// Iterate over extensions and check for utls.ALPNExtension
    87  	hasALPNExtension := false
    88  	for _, extension := range c.Extensions {
    89  		if alpn, ok := extension.(*utls.ALPNExtension); ok {
    90  			hasALPNExtension = true
    91  			alpn.AlpnProtocols = []string{"http/1.1"}
    92  			break
    93  		}
    94  	}
    95  	if !hasALPNExtension { // Append extension if doesn't exists
    96  		c.Extensions = append(c.Extensions, &utls.ALPNExtension{AlpnProtocols: []string{"http/1.1"}})
    97  	}
    98  	// Rebuild the client hello and do the handshake
    99  	if err := c.BuildHandshakeState(); err != nil {
   100  		return err
   101  	}
   102  	return c.Handshake()
   103  }
   104  
   105  func (c *UConn) NegotiatedProtocol() (name string, mutual bool) {
   106  	state := c.ConnectionState()
   107  	return state.NegotiatedProtocol, state.NegotiatedProtocolIsMutual
   108  }
   109  
   110  func UClient(c net.Conn, config *tls.Config, fingerprint *utls.ClientHelloID) net.Conn {
   111  	utlsConn := utls.UClient(c, copyConfig(config), *fingerprint)
   112  	return &UConn{UConn: utlsConn}
   113  }
   114  
   115  func copyConfig(c *tls.Config) *utls.Config {
   116  	return &utls.Config{
   117  		RootCAs:               c.RootCAs,
   118  		ServerName:            c.ServerName,
   119  		InsecureSkipVerify:    c.InsecureSkipVerify,
   120  		VerifyPeerCertificate: c.VerifyPeerCertificate,
   121  	}
   122  }
   123  
   124  func init() {
   125  	bigInt, _ := rand.Int(rand.Reader, big.NewInt(int64(len(ModernFingerprints))))
   126  	stopAt := int(bigInt.Int64())
   127  	i := 0
   128  	for _, v := range ModernFingerprints {
   129  		if i == stopAt {
   130  			PresetFingerprints["random"] = v
   131  			break
   132  		}
   133  		i++
   134  	}
   135  	weights := utls.DefaultWeights
   136  	weights.TLSVersMax_Set_VersionTLS13 = 1
   137  	weights.FirstKeyShare_Set_CurveP256 = 0
   138  	randomized := utls.HelloRandomized
   139  	randomized.Seed, _ = utls.NewPRNGSeed()
   140  	randomized.Weights = &weights
   141  	PresetFingerprints["randomized"] = &randomized
   142  }
   143  
   144  func GetFingerprint(name string) (fingerprint *utls.ClientHelloID) {
   145  	if name == "" {
   146  		return
   147  	}
   148  	if fingerprint = PresetFingerprints[name]; fingerprint != nil {
   149  		return
   150  	}
   151  	if fingerprint = ModernFingerprints[name]; fingerprint != nil {
   152  		return
   153  	}
   154  	if fingerprint = OtherFingerprints[name]; fingerprint != nil {
   155  		return
   156  	}
   157  	return
   158  }
   159  
   160  var PresetFingerprints = map[string]*utls.ClientHelloID{
   161  	// Recommended preset options in GUI clients
   162  	"chrome":     &utls.HelloChrome_Auto,
   163  	"firefox":    &utls.HelloFirefox_Auto,
   164  	"safari":     &utls.HelloSafari_Auto,
   165  	"ios":        &utls.HelloIOS_Auto,
   166  	"android":    &utls.HelloAndroid_11_OkHttp,
   167  	"edge":       &utls.HelloEdge_Auto,
   168  	"360":        &utls.Hello360_Auto,
   169  	"qq":         &utls.HelloQQ_Auto,
   170  	"random":     nil,
   171  	"randomized": nil,
   172  }
   173  
   174  var ModernFingerprints = map[string]*utls.ClientHelloID{
   175  	// One of these will be chosen as `random` at startup
   176  	"hellofirefox_99":         &utls.HelloFirefox_99,
   177  	"hellofirefox_102":        &utls.HelloFirefox_102,
   178  	"hellofirefox_105":        &utls.HelloFirefox_105,
   179  	"hellochrome_83":          &utls.HelloChrome_83,
   180  	"hellochrome_87":          &utls.HelloChrome_87,
   181  	"hellochrome_96":          &utls.HelloChrome_96,
   182  	"hellochrome_100":         &utls.HelloChrome_100,
   183  	"hellochrome_102":         &utls.HelloChrome_102,
   184  	"hellochrome_106_shuffle": &utls.HelloChrome_106_Shuffle,
   185  	"helloios_13":             &utls.HelloIOS_13,
   186  	"helloios_14":             &utls.HelloIOS_14,
   187  	"helloedge_85":            &utls.HelloEdge_85,
   188  	"helloedge_106":           &utls.HelloEdge_106,
   189  	"hellosafari_16_0":        &utls.HelloSafari_16_0,
   190  	"hello360_11_0":           &utls.Hello360_11_0,
   191  	"helloqq_11_1":            &utls.HelloQQ_11_1,
   192  }
   193  
   194  var OtherFingerprints = map[string]*utls.ClientHelloID{
   195  	// Golang, randomized, auto, and fingerprints that are too old
   196  	"hellogolang":            &utls.HelloGolang,
   197  	"hellorandomized":        &utls.HelloRandomized,
   198  	"hellorandomizedalpn":    &utls.HelloRandomizedALPN,
   199  	"hellorandomizednoalpn":  &utls.HelloRandomizedNoALPN,
   200  	"hellofirefox_auto":      &utls.HelloFirefox_Auto,
   201  	"hellofirefox_55":        &utls.HelloFirefox_55,
   202  	"hellofirefox_56":        &utls.HelloFirefox_56,
   203  	"hellofirefox_63":        &utls.HelloFirefox_63,
   204  	"hellofirefox_65":        &utls.HelloFirefox_65,
   205  	"hellochrome_auto":       &utls.HelloChrome_Auto,
   206  	"hellochrome_58":         &utls.HelloChrome_58,
   207  	"hellochrome_62":         &utls.HelloChrome_62,
   208  	"hellochrome_70":         &utls.HelloChrome_70,
   209  	"hellochrome_72":         &utls.HelloChrome_72,
   210  	"helloios_auto":          &utls.HelloIOS_Auto,
   211  	"helloios_11_1":          &utls.HelloIOS_11_1,
   212  	"helloios_12_1":          &utls.HelloIOS_12_1,
   213  	"helloandroid_11_okhttp": &utls.HelloAndroid_11_OkHttp,
   214  	"helloedge_auto":         &utls.HelloEdge_Auto,
   215  	"hellosafari_auto":       &utls.HelloSafari_Auto,
   216  	"hello360_auto":          &utls.Hello360_Auto,
   217  	"hello360_7_5":           &utls.Hello360_7_5,
   218  	"helloqq_auto":           &utls.HelloQQ_Auto,
   219  }