gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

split SNI and ECH extensions in the ClientHello (#5107)

Browse Source 
* create a new type for crypto stream used for Initial data

This currently the exact same implementation as the other
streams, thus no functional change is expected.

* handshake: implement a function to find the SNI and the ECH extension

* move the SNI parsing logic to the quic package

* implement splitting logic

* generalize cutting logic

* introduce QUIC_GO_DISABLE_CLIENTHELLO_SCRAMBLING

* improve testing
This commit is contained in:
Marten Seemann
2025-05-05 19:04:10 +08:00
committed by GitHub
parent 11ccfff388
commit 57e46f8a4c
11 changed files with 851 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crypto_stream_manager.go
View File

@@ -8,13 +8,13 @@ import (
)
type cryptoStreamManager struct {
initialStream *cryptoStream
initialStream *initialCryptoStream
handshakeStream *cryptoStream
oneRTTStream *cryptoStream
}
func newCryptoStreamManager(
initialStream *cryptoStream,
initialStream *initialCryptoStream,
handshakeStream *cryptoStream,
oneRTTStream *cryptoStream,
) *cryptoStreamManager {
@@ -26,35 +26,31 @@ func newCryptoStreamManager(
}
func (m *cryptoStreamManager) HandleCryptoFrame(frame *wire.CryptoFrame, encLevel protocol.EncryptionLevel) error {
var str *cryptoStream
//nolint:exhaustive // CRYPTO frames cannot be sent in 0-RTT packets.
switch encLevel {
case protocol.EncryptionInitial:
str = m.initialStream
return m.initialStream.HandleCryptoFrame(frame)
case protocol.EncryptionHandshake:
str = m.handshakeStream
return m.handshakeStream.HandleCryptoFrame(frame)
case protocol.Encryption1RTT:
str = m.oneRTTStream
return m.oneRTTStream.HandleCryptoFrame(frame)
default:
return fmt.Errorf("received CRYPTO frame with unexpected encryption level: %s", encLevel)
}
return str.HandleCryptoFrame(frame)
}
func (m *cryptoStreamManager) GetCryptoData(encLevel protocol.EncryptionLevel) []byte {
var str *cryptoStream
//nolint:exhaustive // CRYPTO frames cannot be sent in 0-RTT packets.
switch encLevel {
case protocol.EncryptionInitial:
str = m.initialStream
return m.initialStream.GetCryptoData()
case protocol.EncryptionHandshake:
str = m.handshakeStream
return m.handshakeStream.GetCryptoData()
case protocol.Encryption1RTT:
str = m.oneRTTStream
return m.oneRTTStream.GetCryptoData()
default:
panic(fmt.Sprintf("received CRYPTO frame with unexpected encryption level: %s", encLevel))
}
return str.GetCryptoData()
}
func (m *cryptoStreamManager) GetPostHandshakeData(maxSize protocol.ByteCount) *wire.CryptoFrame {