Shikong/Clash.Meta
1
0
Fork 0
mirror of https://gitclone.com/github.com/MetaCubeX/Clash.Meta synced 2024-11-14 05:11:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: Cleanup REALITY code

Browse Source
This commit is contained in:
H1JK 2023-03-11 12:23:27 +08:00
parent 07f3cd2ae5
commit ae4d114802
3 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
adapter/outbound/reality.go
View File

@ -24,8 +24,8 @@ func (o RealityOptions) Parse() (*tlsC.RealityConfig, error) {
return nil, errors.New("invalid REALITY public key")
}
config.ShortID, err = hex.DecodeString(o.ShortID)
if err != nil {
n, err = hex.Decode(config.ShortID[:], []byte(o.ShortID))
if err != nil || n > tlsC.RealityMaxShortIDLen {
return nil, errors.New("invalid REALITY short ID")
}

8
common/utils/must.go Normal file
View File

@ -0,0 +1,8 @@
package utils
func MustOK[T any](result T, ok bool) T {
if ok {
return result
}
panic("operation failed")
}

15
component/tls/reality.go
View File

@ -20,6 +20,7 @@ import (
"time"
"unsafe"
"github.com/Dreamacro/clash/common/utils"
"github.com/Dreamacro/clash/log"
utls "github.com/sagernet/utls"
@ -29,9 +30,11 @@ import (
"golang.org/x/net/http2"
)
const RealityMaxShortIDLen = 8
type RealityConfig struct {
PublicKey [curve25519.ScalarSize]byte
ShortID []byte
ShortID [RealityMaxShortIDLen]byte
}
func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string, tlsConfig *tls.Config, realityConfig *RealityConfig) (net.Conn, error) {
@ -73,7 +76,7 @@ func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string
hello.SessionId[0] = 1
hello.SessionId[1] = 7
hello.SessionId[2] = 5
copy(hello.SessionId[8:], realityConfig.ShortID)
copy(hello.SessionId[8:], realityConfig.ShortID[:])
//log.Debugln("REALITY hello.sessionId[:16]: %v", hello.SessionId[:16])
@ -112,7 +115,7 @@ func GetRealityConn(ctx context.Context, conn net.Conn, ClientFingerprint string
func realityClientFallback(uConn net.Conn, serverName string, fingerprint utls.ClientHelloID) {
defer uConn.Close()
client := &http.Client{
client := http.Client{
Transport: &http2.Transport{
DialTLSContext: func(ctx context.Context, network, addr string, config *tls.Config) (net.Conn, error) {
return uConn, nil
@ -139,9 +142,11 @@ type realityVerifier struct {
verified bool
}
var pOffset = utils.MustOK(reflect.TypeOf((*utls.UConn)(nil)).Elem().FieldByName("peerCertificates")).Offset
func (c *realityVerifier) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
p, _ := reflect.TypeOf(c.Conn).Elem().FieldByName("peerCertificates")
certs := *(*([]*x509.Certificate))(unsafe.Pointer(uintptr(unsafe.Pointer(c.Conn)) + p.Offset))
//p, _ := reflect.TypeOf(c.Conn).Elem().FieldByName("peerCertificates")
certs := *(*[]*x509.Certificate)(unsafe.Pointer(uintptr(unsafe.Pointer(c.Conn)) + pOffset))
if pub, ok := certs[0].PublicKey.(ed25519.PublicKey); ok {
h := hmac.New(sha512.New, c.authKey)
h.Write(pub)