9 лет назад · d94e49ea7e
--- a/psiphon/common/tls/obfuscated.go
+++ b/psiphon/common/tls/obfuscated.go
@@ -21,6 +21,7 @@ package tls
 
				 
			
 
				 import (
			
 
				 	"crypto/rand"
			
 
				+	"math/big"
			
 
				 )
			
 
				 
			
 
				 // [Psiphon]
			
@@ -94,11 +95,19 @@ func (cache *obfuscatedClientSessionCache) Get(key string) (*ClientSessionState,
 
				 
			
 
				 func newObfuscatedClientSessionState(sharedSecret [32]byte) (*ClientSessionState, error) {
			
 
				 
			
 
				+	// Pad golang TLS session ticket to a more typical size.
			
 
				+	paddingSize := 72
			
 
				+	randomInt, err := rand.Int(rand.Reader, big.NewInt(18))
			
 
				+	if err != nil {
			
 
				+		return nil, err
			
 
				+	}
			
 
				+	paddingSize += int(randomInt.Int64()) * 2
			
 
				+
			
 
				 	// Create a session ticket that wasn't actually issued by the server.
			
 
				 	vers := uint16(VersionTLS12)
			
 
				 	cipherSuite := TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
			
 
				 	masterSecret := make([]byte, masterSecretLength)
			
 
				-	_, err := rand.Read(masterSecret)
			
 
				+	_, err = rand.Read(masterSecret)
			
 
				 	if err != nil {
			
 
				 		return nil, err
			
 
				 	}
			
@@ -107,6 +116,7 @@ func newObfuscatedClientSessionState(sharedSecret [32]byte) (*ClientSessionState
 
				 		cipherSuite:  cipherSuite,
			
 
				 		masterSecret: masterSecret,
			
 
				 		certificates: nil,
			
 
				+		paddingSize:  paddingSize,
			
 
				 	}
			
 
				 	c := &Conn{
			
 
				 		config: &Config{
			
--- a/psiphon/common/tls/ticket.go
+++ b/psiphon/common/tls/ticket.go
@@ -25,6 +25,10 @@ type sessionState struct {
 
				 	// usedOldKey is true if the ticket from which this session came from
			
 
				 	// was encrypted with an older key and thus should be refreshed.
			
 
				 	usedOldKey bool
			
 
				+
			
 
				+	// [Psiphon]
			
 
				+	// Padding for obfuscated session tickets
			
 
				+	paddingSize int
			
 
				 }
			
 
				 
			
 
				 func (s *sessionState) equal(i interface{}) bool {
			
@@ -58,6 +62,10 @@ func (s *sessionState) marshal() []byte {
 
				 		length += 4 + len(cert)
			
 
				 	}
			
 
				 
			
 
				+	// [Psiphon]
			
 
				+	// Add padding for obfuscated session tickets
			
 
				+	length += s.paddingSize
			
 
				+
			
 
				 	ret := make([]byte, length)
			
 
				 	x := ret
			
 
				 	x[0] = byte(s.vers >> 8)
			
@@ -126,7 +134,11 @@ func (s *sessionState) unmarshal(data []byte) bool {
 
				 		data = data[certLen:]
			
 
				 	}
			
 
				 
			
 
				-	return len(data) == 0
			
 
				+	// [Psiphon]
			
 
				+	// Ignore padding for obfuscated session tickets
			
 
				+	//return len(data) == 0
			
 
				+	return true
			
 
				+
			
 
				 }
			
 
				 
			
 
				 func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) {