Archives/Cloak
2
0
Fork 0
mirror of https://github.com/cbeuw/Cloak.git synced 2024-11-15 18:13:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

variable cert length in TLS server response

Browse Source
This commit is contained in:
Andy Wang 2020-03-16 11:39:27 +00:00
parent e33afb258a
commit 85e95de69c
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/server/TLSAux.go
View File

@ -7,6 +7,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"github.com/cbeuw/Cloak/internal/util" "github.com/cbeuw/Cloak/internal/util"
"math/rand"
) )
// ClientHello contains every field in a ClientHello message // ClientHello contains every field in a ClientHello message
@ -205,7 +206,12 @@ func composeReply(ch *ClientHello, sharedSecret []byte, sessionKey []byte) ([]by
} }
shBytes := addRecordLayer(sh, []byte{0x16}, TLS12) shBytes := addRecordLayer(sh, []byte{0x16}, TLS12)
ccsBytes := addRecordLayer([]byte{0x01}, []byte{0x14}, TLS12) ccsBytes := addRecordLayer([]byte{0x01}, []byte{0x14}, TLS12)
cert := make([]byte, 68) // TODO: add some different lengths maybe?
// the cert length needs to be the same for all handshakes belonging to the same session
// we can use sessionKey as a seed here to ensure consistency
possibleCertLengths := []int{42, 27, 68, 59, 36, 44, 46}
rand.Seed(int64(sessionKey[0]))
cert := make([]byte, rand.Intn(len(possibleCertLengths)))
util.CryptoRandRead(cert) util.CryptoRandRead(cert)
encryptedCertBytes := addRecordLayer(cert, []byte{0x17}, TLS12) encryptedCertBytes := addRecordLayer(cert, []byte{0x17}, TLS12)
ret := append(shBytes, ccsBytes...) ret := append(shBytes, ccsBytes...)