update: configurable uTLS (#1)

Signed-off-by: Gaukas Wang <[email protected]>
refraction-networking · Feb 22, 2024 · ad284bc · ad284bc
1 parent f269a90
commit ad284bc
Show file tree

Hide file tree

Showing 7 changed files with 411 additions and 9 deletions.
diff --git a/tinygo/v0/examples/go.mod b/tinygo/v0/examples/go.mod
@@ -7,13 +7,15 @@ replace golang.org/x/sys v0.16.0 => ./replace/x/sys
 replace github.com/refraction-networking/watm => ../../../
 
 require (
-	github.com/refraction-networking/utls v1.6.2-wasm
+	github.com/CosmWasm/tinyjson v0.9.0
+	github.com/refraction-networking/utls v1.6.3-wasm
 	github.com/refraction-networking/watm v0.0.0-00010101000000-000000000000
 )
 
 require (
 	github.com/andybalholm/brotli v1.0.6 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
 	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/quic-go/quic-go v0.40.1 // indirect
 	golang.org/x/crypto v0.18.0 // indirect

diff --git a/tinygo/v0/examples/go.sum b/tinygo/v0/examples/go.sum
@@ -1,3 +1,5 @@
+github.com/CosmWasm/tinyjson v0.9.0 h1:sPjgikATp5W0vD/v/Qz99uQ6G/lh/SuK0Wfskqua4Co=
+github.com/CosmWasm/tinyjson v0.9.0/go.mod h1:5+7QnSKrkIWnpIdhUT2t2EYzXnII3/3MlM0oDsBSbc8=
 github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI=
 github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
@@ -6,14 +8,16 @@ github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
 github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
 github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
 github.com/quic-go/quic-go v0.40.1 h1:X3AGzUNFs0jVuO3esAGnTfvdgvL4fq655WaOi1snv1Q=
 github.com/quic-go/quic-go v0.40.1/go.mod h1:PeN7kuVJ4xZbxSv/4OX6S1USOX8MJvydwpTx31vx60c=
-github.com/refraction-networking/utls v1.6.2-wasm h1:drfuC2K0ooAWqEBc6fpZvFOO6O2go3jbd29UlrbUcjU=
-github.com/refraction-networking/utls v1.6.2-wasm/go.mod h1:yil9+7qSl+gBwJqztoQseO6Pr3h62pQoY1lXiNR/FPs=
+github.com/refraction-networking/utls v1.6.3-wasm h1:QJQk3ZGZzKFPHxSQ/DP/xqiIwArB9Lw8AweGyqL6kE0=
+github.com/refraction-networking/utls v1.6.3-wasm/go.mod h1:yil9+7qSl+gBwJqztoQseO6Pr3h62pQoY1lXiNR/FPs=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=

diff --git a/tinygo/v0/examples/utls/README.md b/tinygo/v0/examples/utls/README.md
@@ -6,10 +6,6 @@ This example shows how to build a fully functional TLS client with TinyGo from [
 
 Go 1.20/1.21 is required to build this example until TinyGo supports Go 1.22.
 
-```bash
-tinygo build -o utls.wasm -target=wasi -scheduler=asyncify -gc=conservative -tags=purego .
-```
-
 ### Debug
 
 ```bash

diff --git a/tinygo/v0/examples/utls/lib/lib.go b/tinygo/v0/examples/utls/lib/lib.go
@@ -0,0 +1,63 @@
+package lib
+
+import (
+	tls "github.com/refraction-networking/utls"
+)
+
+//tinyjson:json
+type TLSConfig struct {
+	NextProtos                  []string          `json:"next_protos"`
+	ApplicationSettings         map[string][]byte `json:"application_settings"`
+	ServerName                  string            `json:"server_name"`
+	InsecureSkipVerify          bool              `json:"insecure_skip_verify"`
+	InsecureSkipTimeVerify      bool              `json:"insecure_skip_time_verify"`
+	OmitEmptyPsk                bool              `json:"omit_empty_psk"`
+	InsecureServerNameToVerify  string            `json:"insecure_server_name_to_verify"`
+	SessionTicketsDisabled      bool              `json:"session_tickets_disabled"`
+	PQSignatureSchemesEnabled   bool              `json:"pq_signature_schemes_enabled"`
+	DynamicRecordSizingDisabled bool              `json:"dynamic_record_sizing_disabled"`
+	ECHConfigs                  []byte            `json:"ech_configs"`
+}
+
+//tinyjson:json
+type Configurables struct {
+	TLSConfig     *TLSConfig `json:"tls_config"`      // will be converted to tls.Config
+	ClientHelloID string     `json:"client_hello_id"` // will be converted to tls.ClientHelloID
+}
+
+func (c *Configurables) GetTLSConfig() *tls.Config {
+	config := &tls.Config{
+		NextProtos:                  c.TLSConfig.NextProtos,
+		ApplicationSettings:         c.TLSConfig.ApplicationSettings,
+		ServerName:                  c.TLSConfig.ServerName,
+		InsecureSkipVerify:          c.TLSConfig.InsecureSkipVerify,
+		InsecureSkipTimeVerify:      c.TLSConfig.InsecureSkipTimeVerify,
+		OmitEmptyPsk:                c.TLSConfig.OmitEmptyPsk,
+		InsecureServerNameToVerify:  c.TLSConfig.InsecureServerNameToVerify,
+		SessionTicketsDisabled:      c.TLSConfig.SessionTicketsDisabled,
+		PQSignatureSchemesEnabled:   c.TLSConfig.PQSignatureSchemesEnabled,
+		DynamicRecordSizingDisabled: c.TLSConfig.DynamicRecordSizingDisabled,
+	}
+
+	echConfigs, err := tls.UnmarshalECHConfigs(c.TLSConfig.ECHConfigs)
+	if err == nil { // otherwise do we need to return an error or just ignore it?
+		config.ECHConfigs = echConfigs
+	}
+
+	return config
+}
+
+func (c *Configurables) GetClientHelloID() tls.ClientHelloID {
+	switch c.ClientHelloID {
+	case "HelloChrome_Auto", "HelloChrome", "Chrome", "chrome":
+		return tls.HelloChrome_Auto
+	case "HelloEdge_Auto", "HelloEdge", "Edge", "edge":
+		return tls.HelloEdge_Auto
+	case "HelloFirefox_Auto", "HelloFirefox", "Firefox", "firefox":
+		return tls.HelloFirefox_Auto
+	case "HelloSafari_Auto", "HelloSafari", "Safari", "safari":
+		return tls.HelloSafari_Auto
+	default:
+		panic("unknown client hello id")
+	}
+}
-Original file line number
+Diff line change
@@ Expand Up @@
     Go 1.20/1.21 is required to build this example until TinyGo supports Go 1.22.
-    ```bash
-    tinygo build -o utls.wasm -target=wasi -scheduler=asyncify -gc=conservative -tags=purego .
-    ```
     ### Debug
     ```bash
@@ Expand Down @@