Skip to content

Commit

Permalink
fix(tunnel): sni not set properly
Browse files Browse the repository at this point in the history
  • Loading branch information
@Gowee
Gowee committed Oct 9, 2022
1 parent 6b13a87 commit 1441e4c
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 12 deletions.
2 changes: 1 addition & 1 deletion tunnel/src/client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ impl Client {
// .expect("TLS config valid");
let mut sm2_point = vec![0u8; 65];
rand::thread_rng().fill(sm2_point.as_mut_slice());
let ch = generate_rfc8998_client_hello(random, session_id, sm2_point);
let ch = generate_rfc8998_client_hello(random, session_id, &self.server_name, sm2_point);
let ch = PlainMessage::from(ch).into_unencrypted_opaque();
// let mut buf: Vec<MaybeUninit<u8>> =
// Vec::with_capacity(TLS_RECORD_HEADER_LENGTH + MAXIMUM_CIPHERTEXT_LENGTH);
Expand Down
45 changes: 34 additions & 11 deletions tunnel/src/rfc8998.rs
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,17 @@
use hex_literal::hex;

use rustls::internal::msgs::{
base::{Payload, PayloadU16},
codec::Codec,
handshake::{ClientExtension, ServerExtension},
message::{Message, MessagePayload},
use rustls::{
internal::msgs::{
base::{Payload, PayloadU16},
codec::Codec,
handshake::{ClientExtension, ServerExtension, ServerName as HsServerName},
message::{Message, MessagePayload},
},
ServerName,
};

use crate::utils::{parse_tls_plain_message, TlsMessageExt};

// lazy_static! {
// pub static ref RFC8998_CLIENT_HELLO_BOILERPLATE: Message = load_rfc8998_client_hello_boilerplate();
// }

fn load_rfc8998_client_hello_boilerplate() -> Message {
let dump = hex!("1603010102 // TLS header
010000fe0303 // handshake header
Expand All @@ -25,21 +24,44 @@ fn load_rfc8998_client_hello_boilerplate() -> Message {
// several extensions
000a000400020029002300000016000000170000000d0020001e0403050306030708080708080809080a080b080408050806040105010601002b0003020304002d00020101
// KeyShare: SM2
003300470045002900 41 0425b84ede0185816959c7498398203011d46274d4b1bc06c630da6fd8e1e474ed713bb2f48301c880dec0abbd9d6c45ae7a7cbc511c2ad34fc3c9a499e8c3c1ea
003300470045002900 41 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
");
parse_tls_plain_message(&dump).expect("Dump valid")
}

pub fn generate_rfc8998_client_hello(
client_random: [u8; 32],
session_id: [u8; 32],
server_name: &ServerName,
sm2_point: Vec<u8>,
) -> Message {
let sni = match server_name {
ServerName::DnsName(ref dns_name) => Some(dns_name.as_ref()),
ServerName::IpAddress(_) => None,
_ => unreachable!(),
};
let mut message = load_rfc8998_client_hello_boilerplate();
let mut chp = message.as_client_hello_payload_mut().unwrap();
chp.random = client_random.into();
chp.session_id = session_id.as_slice().into();
for extension in chp.extensions.iter_mut() {
match extension {
ClientExtension::KeyShare(entries) => {
entries[0].payload = PayloadU16(sm2_point);
break;
}
ClientExtension::ServerName(inner) => {
if let Some(sni) = sni {
// some types and contruct method are private, just use Codec to create it
let mut s = vec![0u8; 3 + sni.len()];
// s[0] = 0x00;
s[1..3].copy_from_slice(&(sni.len() as u16).to_be_bytes());
s[3..].copy_from_slice(sni.as_bytes());
inner[0] = HsServerName::read_bytes(&s).expect("not valid server name");
}
}
_ => {}
}
if let ClientExtension::KeyShare(entries) = extension {
entries[0].payload = PayloadU16(sm2_point);
break;
Expand All @@ -60,7 +82,7 @@ fn load_rfc8998_server_hello_boilerplate() -> Message {
004f // extensions length
002b00020304 // supported versions
// KeyShare: SM2
0033 0045 00290041040af9e9eedb33b97df90dd8af4889a485fda30467cac0badf7a27e87f2c8269e0460b3392d15fbb9e48e89b255358158db2f7872f1e3c3f82357eb66eec0662a5");
0033 0045 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000");

parse_tls_plain_message(&dump).expect("Dump valid")
}
Expand All @@ -85,6 +107,7 @@ pub fn generate_rfc8998_server_hello(
}

fn update_message_encoded(message: &mut Message) {
// payload are stored twice, encoded should also be updated after updating parsed
if let MessagePayload::Handshake {
ref mut parsed,
ref mut encoded,
Expand Down

0 comments on commit 1441e4c

Please sign in to comment.