ei
/
mtg
espelhamento de https://github.com/9seconds/mtg
Observar 1
Favorito 0
Fork 0
Código Issues 0 Versões 48 Wiki Atividade
Highly-opinionated (ex-bullshit-free) MTPROTO proxy for Telegram. If you use v1.0 or upgrade broke you proxy, please read the chapter Version 2
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
997 Commits
4 Branches
Tag: 30aa9d3a44
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 30aa9d3a44
${ noResults }
mtg/mtglib/internal/tls/fake/client_side.go

client_side.go 8.4KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309 
  1. package fake

  2. 

  3. import (

  4. 	"bytes"

  5. 	"crypto/hmac"

  6. 	"crypto/sha256"

  7. 	"crypto/subtle"

  8. 	"encoding/binary"

  9. 	"fmt"

  10. 	"io"

  11. 	"net"

  12. 	"slices"

  13. 	"time"

  14. 

  15. 	"github.com/9seconds/mtg/v2/mtglib/internal/tls"

  16. )

  17. 

  18. const (

  19. 	TypeHandshakeClient = 0x01

  20. 

  21. 	RandomLen = 32

  22. 	// record_type(1) + version(2) + size(2) + handshake_type(1) + uint24_length(3) + client_version(2)

  23. 	RandomOffset = 1 + 2 + 2 + 1 + 3 + 2

  24. 

  25. 	sniDNSNamesListType = 0

  26. )

  27. 

  28. var (

  29. 	emptyRandom = [RandomLen]byte{}

  30. 	extTypeSNI  = [2]byte{}

  31. )

  32. 

  33. type ClientHello struct {

  34. 	Random      [RandomLen]byte

  35. 	SessionID   []byte

  36. 	CipherSuite uint16

  37. }

  38. 

  39. func ReadClientHello(

  40. 	conn net.Conn,

  41. 	secret []byte,

  42. 	hostname string,

  43. 	tolerateTimeSkewness time.Duration,

  44. ) (*ClientHello, error) {

  45. 	if err := conn.SetReadDeadline(time.Now().Add(ClientHelloReadTimeout)); err != nil {

  46. 		return nil, fmt.Errorf("cannot set read deadline: %w", err)

  47. 	}

  48. 	defer conn.SetReadDeadline(resetDeadline) //nolint: errcheck

  49. 

  50. 	// This is how FakeTLS is organized:

  51. 	//  1. We create sha256 HMAC with a given secret

  52. 	//  2. We dump there a whole TLS frame except of the fact that random

  53. 	//     is filled with all zeroes

  54. 	//  3. Digest is computed. This digest should be XORed with

  55. 	//     original client random

  56. 	//  4. New digest should be all 0 except of last 4 bytes

  57. 	//  5. Last 4 bytes are little endian uint32 of UNIX timestamp when

  58. 	//     this message was created.

  59. 	handshakeCopyBuf := &bytes.Buffer{}

  60. 	reader := io.TeeReader(conn, handshakeCopyBuf)

  61. 

  62. 	reader, err := parseTLSHeader(reader)

  63. 	if err != nil {

  64. 		return nil, fmt.Errorf("cannot parse tls header: %w", err)

  65. 	}

  66. 

  67. 	reader, err = parseHandshakeHeader(reader)

  68. 	if err != nil {

  69. 		return nil, fmt.Errorf("cannot parse handshake header: %w", err)

  70. 	}

  71. 

  72. 	hello, err := parseHandshake(reader)

  73. 	if err != nil {

  74. 		return nil, fmt.Errorf("cannot parse handshake: %w", err)

  75. 	}

  76. 

  77. 	sniHostnames, err := parseSNI(reader)

  78. 	if err != nil {

  79. 		return nil, fmt.Errorf("cannot parse SNI: %w", err)

  80. 	}

  81. 

  82. 	if !slices.Contains(sniHostnames, hostname) {

  83. 		return nil, fmt.Errorf("cannot find %s in %v", hostname, sniHostnames)

  84. 	}

  85. 

  86. 	digest := hmac.New(sha256.New, secret)

  87. 	// we write a copy of the handshake with client random all nullified.

  88. 	digest.Write(handshakeCopyBuf.Next(RandomOffset))

  89. 	handshakeCopyBuf.Next(RandomLen)

  90. 	digest.Write(emptyRandom[:])

  91. 	digest.Write(handshakeCopyBuf.Bytes())

  92. 

  93. 	computed := digest.Sum(nil)

  94. 

  95. 	for i := range RandomLen {

  96. 		computed[i] ^= hello.Random[i]

  97. 	}

  98. 

  99. 	if subtle.ConstantTimeCompare(emptyRandom[:RandomLen-4], computed[:RandomLen-4]) != 1 {

  100. 		return nil, ErrBadDigest

  101. 	}

  102. 

  103. 	timestamp := int64(binary.LittleEndian.Uint32(computed[RandomLen-4:]))

  104. 	createdAt := time.Unix(timestamp, 0)

  105. 

  106. 	if tdiff := time.Since(createdAt).Abs(); tdiff > tolerateTimeSkewness {

  107. 		return nil, fmt.Errorf("timestamp %q is too old %s", createdAt, tdiff)

  108. 	}

  109. 

  110. 	return hello, nil

  111. }

  112. 

  113. func parseTLSHeader(r io.Reader) (io.Reader, error) {

  114. 	// record_type(1) + version(2) + size(2)

  115. 	//   16 - type is 0x16 (handshake record)

  116. 	//   03 01 - protocol version is "3,1" (also known as TLS 1.0)

  117. 	//   00 f8 - 0xF8 (248) bytes of handshake message follows

  118. 	header := [1 + 2 + 2]byte{}

  119. 

  120. 	if _, err := io.ReadFull(r, header[:]); err != nil {

  121. 		return nil, fmt.Errorf("cannot read record header: %w", err)

  122. 	}

  123. 

  124. 	if header[0] != tls.TypeHandshake {

  125. 		return nil, fmt.Errorf("unexpected record type %#x", header[0])

  126. 	}

  127. 

  128. 	if header[1] != 3 || header[2] != 1 {

  129. 		return nil, fmt.Errorf("unexpected protocol version %#x %#x", header[1], header[2])

  130. 	}

  131. 

  132. 	length := int64(binary.BigEndian.Uint16(header[3:]))

  133. 	buf := &bytes.Buffer{}

  134. 

  135. 	_, err := io.CopyN(buf, r, length)

  136. 

  137. 	return buf, err

  138. }

  139. 

  140. func parseHandshakeHeader(r io.Reader) (io.Reader, error) {

  141. 	// type(1) + size(3 / uint24)

  142. 	// 01 - handshake message type 0x01 (client hello)

  143. 	// 00 00 f4 - 0xF4 (244) bytes of client hello data follows

  144. 	header := [1 + 3]byte{}

  145. 

  146. 	if _, err := io.ReadFull(r, header[:]); err != nil {

  147. 		return nil, fmt.Errorf("cannot read handshake header: %w", err)

  148. 	}

  149. 

  150. 	if header[0] != TypeHandshakeClient {

  151. 		return nil, fmt.Errorf("incorrect handshake type: %#x", header[0])

  152. 	}

  153. 

  154. 	// unfortunately there is not uint24 in golang, so we just reust header

  155. 	header[0] = 0

  156. 

  157. 	length := int64(binary.BigEndian.Uint32(header[:]))

  158. 	buf := &bytes.Buffer{}

  159. 

  160. 	_, err := io.CopyN(buf, r, length)

  161. 

  162. 	return buf, err

  163. }

  164. 

  165. func parseHandshake(r io.Reader) (*ClientHello, error) {

  166. 	//  A protocol version of "3,3" (meaning TLS 1.2) is given.

  167. 	header := [2]byte{}

  168. 

  169. 	if _, err := io.ReadFull(r, header[:]); err != nil {

  170. 		return nil, fmt.Errorf("cannot read client version: %w", err)

  171. 	}

  172. 

  173. 	hello := &ClientHello{}

  174. 

  175. 	if _, err := io.ReadFull(r, hello.Random[:]); err != nil {

  176. 		return nil, fmt.Errorf("cannot read client random: %w", err)

  177. 	}

  178. 

  179. 	if _, err := io.ReadFull(r, header[:1]); err != nil {

  180. 		return nil, fmt.Errorf("cannot read session ID length: %w", err)

  181. 	}

  182. 

  183. 	hello.SessionID = make([]byte, int(header[0]))

  184. 

  185. 	if _, err := io.ReadFull(r, hello.SessionID); err != nil {

  186. 		return nil, fmt.Errorf("cannot read session id: %w", err)

  187. 	}

  188. 

  189. 	if _, err := io.ReadFull(r, header[:]); err != nil {

  190. 		return nil, fmt.Errorf("cannot read cipher suite length: %w", err)

  191. 	}

  192. 

  193. 	cipherSuiteLen := int64(binary.BigEndian.Uint16(header[:]))

  194. 

  195. 	// we do not care about picking up any cipher. we pick the first one,

  196. 	// so it is always should be present.

  197. 	if _, err := io.ReadFull(r, header[:]); err != nil {

  198. 		return nil, fmt.Errorf("cannot read first cipher suite: %w", err)

  199. 	}

  200. 

  201. 	hello.CipherSuite = binary.BigEndian.Uint16(header[:])

  202. 

  203. 	if _, err := io.CopyN(io.Discard, r, cipherSuiteLen-2); err != nil {

  204. 		return nil, fmt.Errorf("cannot skip remaining cipher suites: %w", err)

  205. 	}

  206. 

  207. 	if _, err := io.ReadFull(r, header[:1]); err != nil {

  208. 		return nil, fmt.Errorf("cannot read compression methods length: %w", err)

  209. 	}

  210. 

  211. 	if _, err := io.CopyN(io.Discard, r, int64(header[0])); err != nil {

  212. 		return nil, fmt.Errorf("cannot skip compression methods: %w", err)

  213. 	}

  214. 

  215. 	return hello, nil

  216. }

  217. 

  218. func parseSNI(r io.Reader) ([]string, error) {

  219. 	header := [2]byte{}

  220. 

  221. 	if _, err := io.ReadFull(r, header[:]); err != nil {

  222. 		return nil, fmt.Errorf("cannot read length of TLS extensions: %w", err)

  223. 	}

  224. 

  225. 	extensionsLength := int64(binary.BigEndian.Uint16(header[:]))

  226. 	buf := &bytes.Buffer{}

  227. 	buf.Grow(int(extensionsLength))

  228. 

  229. 	if _, err := io.CopyN(buf, r, extensionsLength); err != nil {

  230. 		return nil, fmt.Errorf("cannot read extensions: %w", err)

  231. 	}

  232. 

  233. 	for buf.Len() > 0 {

  234. 		// 00 00 - assigned value for extension "server name"

  235. 		// 00 18 - 0x18 (24) bytes of "server name" extension data follows

  236. 		// 00 16 - 0x16 (22) bytes of first (and only) list entry follows

  237. 		// 00 - list entry is type 0x00 "DNS hostname"

  238. 		// 00 13 - 0x13 (19) bytes of hostname follows

  239. 		// 65 78 61 ... 6e 65 74 - "example.ulfheim.net"

  240. 

  241. 		// 00 00 - assigned value for extension "server name"

  242. 		extTypeB := buf.Next(2)

  243. 		if len(extTypeB) != 2 {

  244. 			return nil, fmt.Errorf("cannot read extension type: %v", extTypeB)

  245. 		}

  246. 

  247. 		// 00 18 - 0x18 (24) bytes of "server name" extension data follows

  248. 		lengthB := buf.Next(2)

  249. 		if len(lengthB) != 2 {

  250. 			return nil, fmt.Errorf("cannot read extension %v length: %v", extTypeB, lengthB)

  251. 		}

  252. 		length := int(binary.BigEndian.Uint16(lengthB))

  253. 

  254. 		extDataB := buf.Next(length)

  255. 		if len(extDataB) != length {

  256. 			return nil, fmt.Errorf("cannot read extension %v data: len %d != %d", extTypeB, length, len(extDataB))

  257. 		}

  258. 

  259. 		if !bytes.Equal(extTypeB, extTypeSNI[:]) {

  260. 			continue

  261. 		}

  262. 

  263. 		buf.Reset()

  264. 		buf.Write(extDataB)

  265. 

  266. 		// 00 16 - 0x16 (22) bytes of first (and only) list entry follows

  267. 		lengthB = buf.Next(2)

  268. 		if len(lengthB) != 2 {

  269. 			return nil, fmt.Errorf("cannot read the length of the SNI record: %v", lengthB)

  270. 		}

  271. 

  272. 		length = int(binary.BigEndian.Uint16(lengthB))

  273. 		if length == 0 {

  274. 			return nil, nil

  275. 		}

  276. 

  277. 		listType, err := buf.ReadByte()

  278. 		if err != nil {

  279. 			return nil, fmt.Errorf("cannot read SNI list type: %w", err)

  280. 		}

  281. 

  282. 		// 00 - list entry is type 0x00 "DNS hostname"

  283. 		if listType != sniDNSNamesListType {

  284. 			return nil, fmt.Errorf("incorrect SNI list type %#x", listType)

  285. 		}

  286. 

  287. 		names := []string{}

  288. 

  289. 		for buf.Len() > 0 {

  290. 			// 00 13 - 0x13 (19) bytes of hostname follows

  291. 			lengthB = buf.Next(2)

  292. 			if len(lengthB) != 2 {

  293. 				return nil, fmt.Errorf("incorrect length of the hostname: %v", lengthB)

  294. 			}

  295. 			length = int(binary.BigEndian.Uint16(lengthB))

  296. 

  297. 			name := buf.Next(length)

  298. 			if len(name) != length {

  299. 				return nil, fmt.Errorf("incorrect length of SNI hostname: len %d != %d", length, len(name))

  300. 			}

  301. 

  302. 			names = append(names, string(name))

  303. 		}

  304. 

  305. 		return names, nil

  306. 	}

  307. 

  308. 	return nil, nil

  309. }