ei
/
mtg
огледало от https://github.com/9seconds/mtg
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Версии 48 Уики Activity
Highly-opinionated (ex-bullshit-free) MTPROTO proxy for Telegram. If you use v1.0 or upgrade broke you proxy, please read the chapter Version 2
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1077 Ревизии
4 Клонове
ИН на ревизия: 38abee7d7f
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '38abee7d7f'
${ noResults }
mtg/mtglib/internal/tls/fake/server_side.go

server_side.go 4.4KB
История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162 
  1. package fake

  2. 

  3. import (

  4. 	"bytes"

  5. 	"crypto/hmac"

  6. 	"crypto/rand"

  7. 	"crypto/sha256"

  8. 	"encoding/binary"

  9. 	"io"

  10. 	rnd "math/rand/v2"

  11. 

  12. 	"github.com/9seconds/mtg/v2/mtglib/internal/tls"

  13. 	"golang.org/x/crypto/curve25519"

  14. )

  15. 

  16. // NoiseParams controls the size of the fake ApplicationData record

  17. // in ServerHello. If Mean is 0, the legacy random range (2500-4700)

  18. // is used.

  19. type NoiseParams struct {

  20. 	Mean   int

  21. 	Jitter int

  22. }

  23. 

  24. const (

  25. 	TypeHandshakeServer = 0x02

  26. 	ChangeCipherValue   = 0x01

  27. 

  28. 	EllipticCurveLen = 32

  29. )

  30. 

  31. var serverHelloSuffix = []byte{

  32. 	0x00,       // no compression

  33. 	0x00, 0x2e, // 46 bytes of data

  34. 	0x00, 0x2b, // Extension - Supported Versions

  35. 	0x00, 0x02, // 2 bytes are following

  36. 	0x03, 0x04, // TLS 1.3

  37. 	0x00, 0x33, // Extension - Key Share

  38. 	0x00, 0x24, // 36 bytes

  39. 	0x00, 0x1d, // x25519 curve

  40. 	0x00, 0x20, // 32 bytes of key

  41. }

  42. 

  43. func SendServerHello(w io.Writer, secret []byte, clientHello *ClientHello, noise NoiseParams) error {

  44. 	buf := &bytes.Buffer{}

  45. 	buf.Grow(tls.MaxRecordSize)

  46. 

  47. 	generateServerHello(buf, clientHello)

  48. 	generateChangeCipherValue(buf)

  49. 	generateNoise(buf, noise)

  50. 

  51. 	packet := buf.Bytes()

  52. 	digest := hmac.New(sha256.New, secret)

  53. 

  54. 	digest.Write(clientHello.Random[:])

  55. 	digest.Write(packet)

  56. 	copy(packet[RandomOffset:], digest.Sum(nil))

  57. 

  58. 	_, err := w.Write(packet)

  59. 

  60. 	return err

  61. }

  62. 

  63. func generateServerHello(buf *bytes.Buffer, hello *ClientHello) {

  64. 	payload := acquireBuffer()

  65. 	defer releaseBuffer(payload)

  66. 

  67. 	generateServerHelloPayload(payload, hello)

  68. 

  69. 	// 16 - type is 0x16 (handshake record)

  70. 	// 03 03 - legacy protocol version of "3,3" (TLS 1.2)

  71. 	// 00 7a - 0x7A (122) bytes of handshake message follows

  72. 

  73. 	// 16 - type is 0x16 (handshake record)

  74. 	buf.WriteByte(tls.TypeHandshake)

  75. 	// 03 03 - legacy protocol version of "3,3" (TLS 1.2)

  76. 	buf.Write(tls.TLSVersion[:])

  77. 	// 00 7a - 0x7A (122) bytes of handshake message follows

  78. 	binary.Write(buf, binary.BigEndian, uint16(payload.Len())) //nolint: errcheck

  79. 

  80. 	payload.WriteTo(buf) //nolint: errcheck

  81. }

  82. 

  83. func generateServerHelloPayload(buf *bytes.Buffer, hello *ClientHello) {

  84. 	data := [4]byte{}

  85. 

  86. 	payload := acquireBuffer()

  87. 	defer releaseBuffer(payload)

  88. 

  89. 	generateServerHelloHandshakePayload(payload, hello)

  90. 

  91. 	// 02 - handshake message type 0x02 (server hello)

  92. 	// 00 00 76 - 0x76 (118) bytes of server hello data follows

  93. 	buf.WriteByte(TypeHandshakeServer)

  94. 	// 00 00 76 - 0x76 (118) bytes of server hello data follows

  95. 	binary.BigEndian.PutUint32(data[:], uint32(payload.Len()))

  96. 	buf.Write(data[1:])

  97. 

  98. 	payload.WriteTo(buf) //nolint: errcheck

  99. }

  100. 

  101. func generateServerHelloHandshakePayload(buf *bytes.Buffer, hello *ClientHello) {

  102. 	//  The unusual version number ("3,3" representing TLS 1.2) is due to

  103. 	// TLS 1.0 being a minor revision of the SSL 3.0 protocol. Therefore

  104. 	// TLS 1.0 is represented by "3,1", TLS 1.1 is "3,2", and so on.

  105. 	buf.Write(tls.TLSVersion[:])

  106. 

  107. 	buf.Write(emptyRandom[:])

  108. 

  109. 	// 20 - 0x20 (32) bytes of session ID follow

  110. 	// e0 e1 ... fe ff - session ID copied from Client Hello

  111. 	buf.WriteByte(byte(len(hello.SessionID)))

  112. 	buf.Write(hello.SessionID)

  113. 

  114. 	binary.Write(buf, binary.BigEndian, hello.CipherSuite) //nolint: errcheck

  115. 

  116. 	buf.Write(serverHelloSuffix)

  117. 

  118. 	scalar := [EllipticCurveLen]byte{}

  119. 

  120. 	if _, err := rand.Read(scalar[:]); err != nil {

  121. 		panic(err)

  122. 	}

  123. 

  124. 	curve, _ := curve25519.X25519(scalar[:], curve25519.Basepoint)

  125. 	buf.Write(curve)

  126. }

  127. 

  128. func generateChangeCipherValue(buf *bytes.Buffer) {

  129. 	buf.WriteByte(tls.TypeChangeCipherSpec)

  130. 	buf.Write(tls.TLSVersion[:])

  131. 	binary.Write(buf, binary.BigEndian, uint16(1)) //nolint: errcheck

  132. 	buf.WriteByte(ChangeCipherValue)

  133. }

  134. 

  135. // generateNoise writes a single ApplicationData record mimicking the combined

  136. // size of a real TLS 1.3 encrypted server handshake (EncryptedExtensions +

  137. // Certificate chain + CertificateVerify + Finished).

  138. //

  139. // NOTE: Must be exactly ONE ApplicationData record — the Telegram client reads

  140. // ServerHello + CCS + 1 ApplicationData and computes HMAC over all three.

  141. // Multiple records would cause HMAC mismatch and connection failure.

  142. func generateNoise(buf *bytes.Buffer, noise NoiseParams) {

  143. 	var size int

  144. 

  145. 	if noise.Mean > 0 && noise.Jitter > 0 {

  146. 		// Calibrated: use measured cert chain size ± jitter.

  147. 		size = noise.Mean - noise.Jitter + rnd.IntN(2*noise.Jitter)

  148. 		if size < 1000 {

  149. 			size = 1000

  150. 		}

  151. 	} else {

  152. 		// Legacy fallback: random in 2500-4700 range.

  153. 		size = 2500 + rnd.IntN(2200)

  154. 	}

  155. 

  156. 	data := make([]byte, size)

  157. 	if _, err := rand.Read(data); err != nil {

  158. 		panic(err)

  159. 	}

  160. 

  161. 	tls.WriteRecord(buf, data) //nolint: errcheck

  162. }