diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..5033df7db395cb600dc4a24c17741db6772ee163 Binary files /dev/null and b/.DS_Store differ diff --git a/primary/.DS_Store b/primary/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..7ff01e0a43fb92246e15f42f210ee184dc8ef6fa Binary files /dev/null and b/primary/.DS_Store differ diff --git a/primary/tanghao_HIT_EncrypDNS/.DS_Store b/primary/tanghao_HIT_EncrypDNS/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..81568b8cc4950d05961b14dc87f7c0a5d1dfe6c4 Binary files /dev/null and b/primary/tanghao_HIT_EncrypDNS/.DS_Store differ diff --git a/primary/tanghao_HIT_EncrypDNS/README.md b/primary/tanghao_HIT_EncrypDNS/README.md new file mode 100644 index 0000000000000000000000000000000000000000..c29a4f9af67f1ef4f7c8f7e0410123689401ecd0 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/README.md @@ -0,0 +1,243 @@ + + +# 加密域名解析流量仿真与表征系统 + +本系统实现了对DoH、ESNI和ECH三种加密域名解析流量的仿真,并能够对仿真流量进行捕获并以pcap文件的形式进行存储。针对捕获的流量,表征部分能够对pcap文件进行分流,并针对每个单个流提取侧信道特征。 + +系统中各部分具体实现如下: + +模拟客户端使用域名数据集中的域名构造DNS解析请求,并经由与代理服务器之间通过加密协议(DoH/ESNI/ECH)形成的加密通道发送至代理服务器,随后等待代理服务器返回的加密域名解析应答。在整个过程中,模拟客户端会捕捉与代理服务器之间的所有加密域名解析流量,以pcap文件的形式进行存储。 + +代理服务器等待与客户端之间形成的加密通道传送来的DNS解析请求,将明文形式的DNS解析请求转发至互联网上真实的DNS解析服务器,随后将DNS解析服务器返回的明文DNS响应再经由与客户端之间的加密通道传回客户端,从而完成模拟真实的加密域名解析服务器的过程。 + +DNS服务器选择目前互联网上主要的提供传统的域名解析服务的服务器,系统在具体实现中选择了114 DNS(114.114.114.114)和Ali DNS(223.5.5.5)。 + +### 目录 + +[TOC] + + + +### 运行环境 + +仿真部分:ubuntu 20.04.1 go1.13(ESNI协议仿真) go1.24(DoH、ECH协议仿真) + +表征部分:windows10 python3.8 + +### 文件目录说明 +``` +source +│ +│ +├─client //代理客户端 +│ ├─doh //DoH协议 +│ │ client.go +│ │ go.mod +│ │ go.sum +│ │ server1.crt +│ │ server2.crt +│ │ +│ ├─ech //ECH协议 +│ │ client.go +│ │ go.mod +│ │ go.sum +│ │ server1.crt +│ │ server2.crt +│ │ +│ ├─esni //ESNI协议 +│ │ client.go +│ │ esni.pub +│ │ go.mod +│ │ go.sum +│ │ order.txt +│ │ server1.crt +│ │ server2.crt +│ │ +│ ├─https-doh //Https协议 +│ │ client.go +│ │ server1.crt +│ │ server2.crt +│ │ +│ ├─https-ech //应用ECH扩展的Https协议 +│ │ client.go +│ │ go.mod +│ │ server1.crt +│ │ server2.crt +│ │ +│ └─https-esni //应用ESNI扩展的Https协议 +│ client.go +│ esni.pub +│ go.mod +│ go.sum +│ server1.crt +│ server2.crt +│ +├─dataset //加密域名解析流量特征数据集 +│ doh-https.csv +│ doh.csv +│ ech-https.csv +│ ech.csv +│ esni-https.csv +│ esni.csv +│ +├─feature_process //流量特征提取 +│ feature_process.py //特征提取 +│ traffic_process.py //流量分流 +│ +├─server //代理服务器 +│ ├─doh //DoH协议 +│ │ go.mod +│ │ go.sum +│ │ openssl-server1.cnf +│ │ openssl-server2.cnf +│ │ server.go +│ │ server1.crt +│ │ server1.csr +│ │ server1.key +│ │ server2.crt +│ │ server2.csr +│ │ server2.key +│ │ +│ ├─ech //ECH协议 +│ │ ecdh_private_key.pem +│ │ echutil.go +│ │ go.mod +│ │ go.sum +│ │ openssl-server1.cnf +│ │ openssl-server2.cnf +│ │ server.go +│ │ server1.crt +│ │ server1.csr +│ │ server1.key +│ │ server2.crt +│ │ server2.csr +│ │ server2.key +│ │ +│ ├─esni //ESNI协议 +│ │ │ esni +│ │ │ esni.pub +│ │ │ go.mod +│ │ │ go.sum +│ │ │ openssl-server1.cnf +│ │ │ openssl-server2.cnf +│ │ │ order.txt +│ │ │ server.go +│ │ │ server1.crt +│ │ │ server1.csr +│ │ │ server1.key +│ │ │ server2.crt +│ │ │ server2.csr +│ │ │ server2.key +│ │ │ +│ │ └─esnitool +│ │ esnitool.go +│ │ +│ ├─https-doh //Https协议 +│ │ openssl-server1.cnf +│ │ openssl-server2.cnf +│ │ server.go +│ │ server1.crt +│ │ server1.csr +│ │ server1.key +│ │ server2.crt +│ │ server2.csr +│ │ server2.key +│ │ +│ ├─https-ech //应用ECH扩展的Https协议 +│ │ ecdh_private_key.pem +│ │ echutil.go +│ │ go.mod +│ │ go.sum +│ │ openssl-server1.cnf +│ │ openssl-server2.cnf +│ │ server.go +│ │ server1.crt +│ │ server1.csr +│ │ server1.key +│ │ server2.crt +│ │ server2.csr +│ │ server2.key +│ │ +│ └─https-esni //应用ESNI扩展的Https协议 +│ │ esni +│ │ esni.pub +│ │ go.mod +│ │ go.sum +│ │ openssl-server1.cnf +│ │ openssl-server2.cnf +│ │ server.go +│ │ server1.crt +│ │ server1.csr +│ │ server1.key +│ │ server2.crt +│ │ server2.csr +│ │ server2.key +│ │ +│ └─esnitool +│ esnitool.go +│ go.mod +│ go.sum +│ +└─traffic_capture //流量捕获 + capture.py + +``` + +### 部署与运行 + +代理服务器: + +​ 证书生成命令: + +``` +openssl genrsa -out server1.key 2048 +openssl req -new -key server1.key -out server1.csr -config openssl-server1.cnf +openssl x509 -req -in server1.csr -signkey server1.key -out server1.crt -days 365 -extensions v3_req -extfile openssl-server1.cnf +``` + +​ 服务器运行命令: + +``` +sudo -E go run server.go +``` + +​ ESNI代理服务器运行时额外运行: + +``` +export GOROOT=$(pwd)/.GOROOT +``` + +​ ESNI密钥生成命令: + +``` +go run esnitool.go -esni-keys-file ./esni.pub -esni-private-file ./esni -validity 24h +``` + +代理客户端: + +​ 运行命令: + +``` +sudo -E go run client.go -域名数据集位置- +``` + +​ ESNI代理客户端额外运行: + +``` +export GOROOT=$(pwd)/.GOROOT +``` + +流量处理: + +​ 流量分流: + +``` +python.exe .\traffic_process.py -i 原始pcap文件夹 -o 分流后pcap文件夹 +``` + +​ 特征提取: + +``` +python.exe .\feature_process.py -p pcap文件夹 -d 数据集文件夹 -l 流量标志 +``` + diff --git a/primary/tanghao_HIT_EncrypDNS/client/doh/client.go b/primary/tanghao_HIT_EncrypDNS/client/doh/client.go new file mode 100644 index 0000000000000000000000000000000000000000..52421d46bc8b136cc868348de046be83c2d6186e --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/doh/client.go @@ -0,0 +1,171 @@ +package main + +import ( + "bytes" + "context" + "crypto/tls" + "crypto/x509" + "encoding/csv" + "fmt" + "io" + "log" + "net/http" + "os" + "strings" + "sync" + "time" + + "golang.org/x/net/dns/dnsmessage" +) + +func main() { + if len(os.Args) < 2 { + log.Fatal("Usage: go run main.go ") + } + csvFile := os.Args[1] + + // 打开 CSV 文件 + file, err := os.Open(csvFile) + if err != nil { + log.Fatal(err) + } + defer file.Close() + + reader := csv.NewReader(file) + var domains []string + + // 读取 CSV 文件中的所有域名 + for { + record, err := reader.Read() + if err != nil { + break + } + domains = append(domains, record[0]) + } + + // 使用 WaitGroup 控制并发,每次最多运行 3 个任务 + var wg sync.WaitGroup + sem := make(chan struct{}, 3) + + for _, domain := range domains { + wg.Add(1) + sem <- struct{}{} // 限制并发数 + + go func(d string) { + defer wg.Done() + dohClientStart("www." + d) + <-sem // 释放并发限制 + time.Sleep(500 * time.Millisecond) + }(domain) + } + + wg.Wait() +} + +func dohClientStart(domain string) { + caCert, err := os.ReadFile("server1.crt") + if err != nil { + log.Println(err) + return + } + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) + + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + ServerName: "server1.com", + RootCAs: caCertPool, + }, + DisableKeepAlives: true, + }, + } + + dnsReq := buildDNSRequest(domain) + + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + resp, err := sendDoHRequest(client, ctx, "https://192.168.157.128/dns-query", dnsReq) + if err != nil { + // 忽略超时错误,不终止程序 + if strings.Contains(err.Error(), "context deadline exceeded") { + log.Printf("Timeout error: DoH request to %s for domain %s exceeded time limit", "https://192.168.157.128/dns-query", domain) + return + } + log.Printf("Error sending DoH request: %v", err) + return + } + if resp == nil { + log.Printf("Received nil response for domain: %s", domain) + return + } + defer resp.Body.Close() + + // 解析响应 + err = parseDNSResponse(resp.Body) + if err != nil { + log.Printf("Error parsing DNS response for domain %s: %v", domain, err) + } +} + +func buildDNSRequest(domain string) []byte { + if !strings.HasSuffix(domain, ".") { + domain += "." + } + + msg := dnsmessage.Message{ + Header: dnsmessage.Header{ + RecursionDesired: true, + }, + Questions: []dnsmessage.Question{ + { + Name: dnsmessage.MustNewName(domain), + Type: dnsmessage.TypeA, + Class: dnsmessage.ClassINET, + }, + }, + } + + dnsBytes, err := msg.Pack() + if err != nil { + log.Fatal("Failed to pack DNS message: ", err) + } + return dnsBytes +} + +func sendDoHRequest(client *http.Client, ctx context.Context, url string, dnsRequest []byte) (*http.Response, error) { + req, err := http.NewRequest("POST", url, bytes.NewReader(dnsRequest)) + if err != nil { + return nil, err + } + req.Header.Set("Content-Type", "application/dns-message") + req = req.WithContext(ctx) + + return client.Do(req) +} + +func parseDNSResponse(responseBody io.Reader) error { + dnsRespBytes, err := io.ReadAll(responseBody) + if err != nil { + return fmt.Errorf("failed to read response body: %v", err) + } + + var msg dnsmessage.Message + err = msg.Unpack(dnsRespBytes) + if err != nil { + return fmt.Errorf("failed to unpack DNS response: %v", err) + } + + for _, answer := range msg.Answers { + switch answer.Body.(type) { + case *dnsmessage.AResource: + a := answer.Body.(*dnsmessage.AResource) + fmt.Printf("Domain: %s -> IP Address: %v\n", msg.Questions[0].Name, a.A) + default: + fmt.Printf("Domain: %s -> Other record: %v\n", msg.Questions[0].Name, answer.Body) + } + } + + return nil +} diff --git a/primary/tanghao_HIT_EncrypDNS/client/doh/go.mod b/primary/tanghao_HIT_EncrypDNS/client/doh/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..2b1b0537ec3b23333f0e5f558d6d600a6b2f5ccc --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/doh/go.mod @@ -0,0 +1,5 @@ +module doh + +go 1.24.0 + +require golang.org/x/net v0.35.0 // indirect diff --git a/primary/tanghao_HIT_EncrypDNS/client/doh/go.sum b/primary/tanghao_HIT_EncrypDNS/client/doh/go.sum new file mode 100644 index 0000000000000000000000000000000000000000..f4761f9ab297e7f5ef8181ba9f748ee7c157553a --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/doh/go.sum @@ -0,0 +1,2 @@ +golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= +golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= diff --git a/primary/tanghao_HIT_EncrypDNS/client/doh/server1.crt b/primary/tanghao_HIT_EncrypDNS/client/doh/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..e5861d1b1ec92ff78af39c355f90db6775bb4bb9 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/doh/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUKFr2l54GaKRCHLg5FkYRfPZH8IQwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMjIyMDg0NTE4WhcNMjYw +MjIyMDg0NTE4WjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALCSKnVrSSW0uQX/Isjc85EbMhSrfyXieFGmLiZQ +TeiE2CjI0kQZBYZY/RoEPDDQ64TwbiN8sGuccVzE1ywGQbQBYXTPva531mw9F8fd +AANeJ/frUBrlHwgiezM2pHnYoZp6TetNlZsSWvG9y+f61giTuXfHeculBp0EYh9j +9XLCbrultgLbWtMoV2xcYRKxz/j4OWwiCgLDfGi2UpA/fBXg7RUUdo0qINr1RI38 +GuDpRAaH4shxSl3igx6O9n2kn2+9dLcNkydVBEZQHaheFarQWV+/FC4NkuG8un+Z +iLwICjt8VTY5CUL+gl1prtiQtXRJ25HfYFOtwjNIYkLUnV8CAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAGjC +6y5W6HOA3V/OJ7TfnC727iAR684dZqgLHhlc9tz3OrRGulyV/nsQuBwElu8KgIrT +S83lBJwsvIPYw76GKC017NOVGlwjLAFdb76aH9cetrx5fcgtjBJgqpKj5QCpxdZz +Bz93d/udiXj4hJwVC7owcwQ/uV8xmPyIuyfwiANrFFmg10KtpR6ddXHz6WQYCKIN +qqn+N1WA+S1uGAjoV/VkwpWIYu5hVr2T1eqbYQ4JZT8X8Ch5RDsTcGz0fuldjwYD +oGfXeJpHG180bFBuLqsG02DJyJg+ShjttR8eF1XkbEt/FQaKPwbAHM9+T2+1xEK0 +dnmb0+ptuFTSJudnVm4= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/doh/server2.crt b/primary/tanghao_HIT_EncrypDNS/client/doh/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..c700436894b38c146ad34d9a8c5678a481e0e37b --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/doh/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIULpnUS7TbYaL2/7UtLuGSucOLs4IwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMjIyMDg0NTM3WhcNMjYw +MjIyMDg0NTM3WjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMJ+Z12Qp5jAnphIgVSg4pax1nzFHp0lyEkmE8xO +G4Y/xC7a18sBtyKpAldLWX+ZpuFQW1if+eDYnnYw1D4GIC+hw/EGJaJWteC9drnb +pqj1YXosDVol+f7q89j9SxM/6BG1VwsE1r6+LmFH9kAP3gbPLLosGEn7/o+NIu32 +yx5HxZ/+Ph3abyRRz2wPQ+GmRsrG9xQgul8KYof+hkvMdg+A6CC1lmw10iTGcT18 +5hkkF8xCdbybmEp0gDuz4df91U5l8qmTkLrMgoooWgIHxWhnyeOf/HaVGpeWwnTZ +B7JVwhFw2ox61GsIOvxmgDGkrIIcj9ngkMHTHBuFKQS/jYkCAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBABkJ +8CykogHSOFfPjqXYwCDJKQsOcfIK5DvCO1zWKhmp7oIc+Pamo1qYJzZBEdIVntfV +M7Cevk9xLId3OicHKw0MQq/QVSlj+EcECv3jLSRYqfLNXw6hK0RrHDVOmjpIcPGo +/lNu6plb0MIo9n75KBDH6nt/Zh8feewaDAETOLkKkSU2CDmoYqZ/XGzuNuqIewjZ +VIvsqSImdIomt/RH1Iw2PnDBFSQ0T6aaD26vtE0gYkOeVMdQV2GeV4DMxgPN7IpZ +Ot2jv8KBDQVGwzcsTO0ksivNQJKZ8fTv4vIKNOv8Iw4BSsgvyWZhAJA7XRh/u/eS +Pi5/WUGBqT0DtWl9Xw4= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/ech/client.go b/primary/tanghao_HIT_EncrypDNS/client/ech/client.go new file mode 100644 index 0000000000000000000000000000000000000000..3597f503cee6e2a529634513e25241b61794f8da --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/ech/client.go @@ -0,0 +1,212 @@ +package main + +import ( + "crypto/tls" + "crypto/x509" + "encoding/base64" + "fmt" + "io" + "net/http" + "os" + "bytes" + "log" + "strings" + "encoding/csv" + "context" + "time" + "sync" + + "golang.org/x/net/dns/dnsmessage" +) + +// 外部目标服务器(server0.com)的ECH配置信息 +var ( + echConfig = "AEb+DQBCewAgACCMyX4rqyZYot8XeCJ2bkDtFQT6obsNU0TCHEmzn1MEdAAMAAEAAQABAAIAAQADIAtzZXJ2ZXIwLmNvbQAA" +) + +func main(){ + if len(os.Args) < 2 { + log.Fatal("Usage: go run main.go ") + } + csvFile := os.Args[1] + + // 打开 CSV 文件 + file, err := os.Open(csvFile) + if err != nil { + log.Fatal(err) + } + defer file.Close() + + // 创建CSV阅读器 + reader := csv.NewReader(file) + var domains []string + + // 读取 CSV 文件中的所有域名 + for { + record, err := reader.Read() + if err != nil { + break + } + domains = append(domains, record[0]) + } + + // 使用 WaitGroup 控制并发,每次最多运行 3 个任务 + var wg sync.WaitGroup + sem := make(chan struct{}, 3) + + for _, domain := range domains { + wg.Add(1) + sem <- struct{}{} // 限制并发数 + + go func(d string) { + defer wg.Done() + echClientStart("www." + d) + <-sem // 释放并发限制 + time.Sleep(500 * time.Millisecond) + }(domain) + } + + wg.Wait() + +} + +func echClientStart(domain string) { + + // 解码ECH配置 + echConfigListBytes, err := base64.StdEncoding.DecodeString(echConfig) + if err != nil { + fmt.Printf("Error decoding configlist %v", err) + return + } + + // 配置客户端证书 + caCert, err := os.ReadFile("server1.crt") + if err != nil { + fmt.Println(err) + return + } + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) + + // 配置TLS + tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS13, + MaxVersion: tls.VersionTLS13, + ServerName: "server1.com", + EncryptedClientHelloConfigList: echConfigListBytes, + RootCAs: caCertPool, + } + + // 创建http.client实例 + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: tlsConfig, + DisableKeepAlives: true, + }, + } + + // 构建 DNS 请求 + dnsReq := buildDNSRequest(domain) + + // 创建一个5秒的超时上下文 + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + // 使用超时上下文发送 DoH 请求 + resp, err := sendDoHRequest(client, ctx, "https://192.168.157.128/dns-query", dnsReq) + if err != nil { + // 忽略超时错误,不终止程序 + if strings.Contains(err.Error(), "context deadline exceeded") { + log.Printf("Timeout error: ECH request to %s for domain %s exceeded time limit", "https://192.168.157.128/dns-query", domain) + return + } + log.Printf("Error sending ECH request: %v", err) + return + } + if resp == nil { + log.Printf("Received nil response for domain: %s", domain) + return + } + defer resp.Body.Close() + + // 解析响应 + err = parseDNSResponse(resp.Body) + if err != nil { + log.Printf("Error parsing DNS response for domain %s: %v", domain, err) + } + +} + +// 构建 DNS 请求,查询指定域名 +func buildDNSRequest(domain string) []byte { + // 确保域名以 . 结尾 + if !strings.HasSuffix(domain, ".") { + domain += "." + } + + // 构建 DNS 消息 + msg := dnsmessage.Message{ + Header: dnsmessage.Header{ + RecursionDesired: true, + }, + Questions: []dnsmessage.Question{ + { + Name: dnsmessage.MustNewName(domain), + Type: dnsmessage.TypeA, + Class: dnsmessage.ClassINET, + }, + }, + } + + // 序列化 DNS 消息 + dnsBytes, err := msg.Pack() + if err != nil { + log.Fatal("Failed to pack DNS message: ", err) + } + return dnsBytes +} + +// 发送 DoH 请求 +func sendDoHRequest(client *http.Client, ctx context.Context, url string, dnsRequest []byte) (*http.Response, error) { + // 创建 HTTP POST 请求,正文包含 DNS 请求的二进制数据 + req, err := http.NewRequest("POST", url, bytes.NewReader(dnsRequest)) + if err != nil { + return nil, err + } + + // 设置 HTTP 头部,指定内容类型为 DNS 消息格式 + req.Header.Set("Content-Type", "application/dns-message") + req = req.WithContext(ctx) + + // 发送请求 + return client.Do(req) +} + +// 解析 DNS 响应 +func parseDNSResponse(responseBody io.Reader) error { + // 读取响应的二进制数据 + dnsRespBytes, err := io.ReadAll(responseBody) + if err != nil { + return fmt.Errorf("failed to read response body: %v", err) + } + + // 解析 DNS 响应 + var msg dnsmessage.Message + err = msg.Unpack(dnsRespBytes) + if err != nil { + return fmt.Errorf("failed to unpack DNS response: %v", err) + } + + // 打印响应中的查询结果 + for _, answer := range msg.Answers { + switch answer.Body.(type) { + case *dnsmessage.AResource: + a := answer.Body.(*dnsmessage.AResource) + fmt.Printf("Domain: %s -> IP Address: %v\n", msg.Questions[0].Name, a.A) + default: + fmt.Printf("Domain: %s -> Other record: %v\n", msg.Questions[0].Name, answer.Body) + } + } + + return nil +} \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/client/ech/go.mod b/primary/tanghao_HIT_EncrypDNS/client/ech/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..6566f8b26a025085e35784df2f1c022aa881495e --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/ech/go.mod @@ -0,0 +1,5 @@ +module echdns + +go 1.24.0 + +require golang.org/x/net v0.35.0 // indirect diff --git a/primary/tanghao_HIT_EncrypDNS/client/ech/go.sum b/primary/tanghao_HIT_EncrypDNS/client/ech/go.sum new file mode 100644 index 0000000000000000000000000000000000000000..f4761f9ab297e7f5ef8181ba9f748ee7c157553a --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/ech/go.sum @@ -0,0 +1,2 @@ +golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= +golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= diff --git a/primary/tanghao_HIT_EncrypDNS/client/ech/server1.crt b/primary/tanghao_HIT_EncrypDNS/client/ech/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..16527a177ee9ed3632ceb67dbc70391a948238b4 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/ech/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUZnwMruHiHhaIKzjoLC1lR0bdzdAwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMjIxMDcwNjU0WhcNMjYw +MjIxMDcwNjU0WjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAN05bYtwhd+jyhux/16/PCXNyNbOU8UY7B5YodbI +FMzTrrULbsKJ6yMCXrzoQ/aFfrIRj5rdU7ypkqornXQ2zHH6CD3FtL2ADOd8oHyw +DBK6fjlPJv+5IgQcqDveNvvZm6gz8QAcAJL0RAagQV9JeU5EEyPnukLynJ+w8oMQ +6eilyZYnVoIyaPfI6E214ZzUy7GA90aiEL75WBHyYfpf0HkdK6tyc2rpZUhMKle3 +GkLwmbs5bbg0OhBUzAyaCy3047brB5B8QBLu8lHXbez5gURd1jYFRRtJc4m5zdvh +wd7/i9OKxYc84hD1oqYgL8vGWsHgg+w30cqHr+KVw2KCo28CAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAMMX +KWIROqD1+v/WfNG90juRBLJ6j+dqLjXZ5I1SUKprPFsRRLvF+rUCgTM0kK/zJ/AJ +XK4826I0BlFPWDo85MfnXOz1O+Q4RujA51pLCAJYQIowaTUlEpQe8Lm4V888l8dJ +YV34xCEG5D82srYfPlUyJXYdX/MNffDFpo2I0gqPzIThZviMyyOhPqHXtVCiMRrp +uvnaz/qCh8WRI3z3aZ1HfDRr9SFoECjE0/hE+xkPg8XG892DaxN9YV43G/873lF0 +wf5KoqzL81+sGnLGFvi/fAJj7AQCQr4urBuyU9L18U6U5QJ4yxlL1VRXLGlq7YbU +D6aFWa+aIB7i2PdZ/Z4= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/ech/server2.crt b/primary/tanghao_HIT_EncrypDNS/client/ech/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..a9810c807dee0537189a6c8a12ab5ff3ed5c0f70 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/ech/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUSWM9/NB0BBSRz1yrbvCexXMvWCAwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMjIxMDcwNzEyWhcNMjYw +MjIxMDcwNzEyWjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANM1OQ+fwe7Qvsj0XvmqxyB6TnuE4ikhTIXQlGnO +ZocdFhLk3DzrrgCcmU5hQA/Ye/lBsGHIykaNOiK1X8oPiLx/lOyk6go+hN2a1HpV +EAQW3HzqAsJxv0Dfm2PhGThiayZodyouB/wqjcXljwYycdVa3bGCegHbcp1j2gFN +hsLHNnEWRyeAp/y+b7i5znJ7M9DiWJqIlMvqoe01zUHCfGta+czPmvU/86S7WdDF ++X/IMud+iYWjehUkeiRRMNJraJF5j89Lr2GK/Vz5X+AygBRwqFR/AWI4umMSBbbd +q0cl9N6dGo0dz8zGeN8fWNlyWYqnqy0nuneakIox5SgjCxMCAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBAGhi +2OTSElEH45OAAUlrUdUfZMJnPKGlujyYiqXt7GyuXOmwwjXMTBt+TwJm6pAOvEyZ +SpDYL7X3hCyqfts8VbWjYNFWaExsLEpZHL2UPe+0p/DeAuq34k52Lf0n/91U4L4P +YCfeC+vlykZPeHhPd92kCK5okg1kmH2sOmflDqeNRC6EAdoTPa9BEqlq9WWqvlHU +BK377zfP/CklUG4HxkB7K4JuH512y4WIPtPzXGq8Hq94Gkkc0hYn/ITqEKCvyG8X +3/h9Yw/kt4Vq0hk2jgW2LurnI0C3BSPgEABv16RGnN3/raozj/TEORhukUXQa9qe +pNY4b89HdiG7r0EPkAo= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/esni/client.go b/primary/tanghao_HIT_EncrypDNS/client/esni/client.go new file mode 100644 index 0000000000000000000000000000000000000000..c63436d810df0594ac3845c935b2a676af912293 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/esni/client.go @@ -0,0 +1,243 @@ +package main + +import ( + "bytes" + "crypto/tls" + "crypto/x509" + "encoding/base64" + "errors" + "fmt" + "io" + "io/ioutil" + "log" + "net/http" + "strings" + "time" + "encoding/csv" + "context" + "os" + "sync" + + "golang.org/x/net/dns/dnsmessage" +) + +var namedGroupsToName = map[uint16]string{ + uint16(tls.HybridSIDHp503Curve25519): "X25519-SIDHp503", + uint16(tls.HybridSIKEp503Curve25519): "X25519-SIKEp503", + uint16(tls.X25519): "X25519", + uint16(tls.CurveP256): "P-256", + uint16(tls.CurveP384): "P-384", + uint16(tls.CurveP521): "P-521", +} + +var cipherSuiteIdToName = map[uint16]string{ + tls.TLS_RSA_WITH_AES_128_CBC_SHA: "TLS_RSA_WITH_AES_128_CBC_SHA", + tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + tls.TLS_AES_128_GCM_SHA256: "TLS_AES_128_GCM_SHA256", + tls.TLS_AES_256_GCM_SHA384: "TLS_AES_256_GCM_SHA384", + tls.TLS_CHACHA20_POLY1305_SHA256: "TLS_CHACHA20_POLY1305_SHA256", +} + +func main(){ + if len(os.Args) < 2 { + log.Fatal("Usage: go run main.go ") + } + csvFile := os.Args[1] + + // 打开 CSV 文件 + file, err := os.Open(csvFile) + if err != nil { + log.Fatal(err) + } + defer file.Close() + + // 创建CSV阅读器 + reader := csv.NewReader(file) + var domains []string + + // 读取 CSV 文件中的所有域名 + for { + record, err := reader.Read() + if err != nil { + break + } + domains = append(domains, record[0]) + } + + // 使用 WaitGroup 控制并发,每次最多运行 3 个任务 + var wg sync.WaitGroup + sem := make(chan struct{}, 3) + + for _, domain := range domains { + wg.Add(1) + sem <- struct{}{} // 限制并发数 + + go func(d string) { + defer wg.Done() + esniClientStart("www." + d) + <-sem // 释放并发限制 + time.Sleep(500 * time.Millisecond) + }(domain) + } + + wg.Wait() + +} + +func esniClientStart(domain string) { + + //读取并解析ESNI公钥 + contents, err := ioutil.ReadFile("esni.pub") + if err != nil { + log.Fatalf("Failed to read ESNIKeys: %s", err) + } + esniKeysBytes, err := base64.StdEncoding.DecodeString(string(contents)) + if err != nil { + log.Fatalf("Failed to parse -esni-keys: %s", err) + } + clientESNIKeys,err:=tls.ParseESNIKeys(esniKeysBytes) + if clientESNIKeys == nil { + log.Fatalf("Failed to process ESNI response for host: %s", err) + } + + //配置客户端证书 + caCert, err := ioutil.ReadFile("server1.crt") + if err != nil { + fmt.Println(err) + return + } + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) + + //配置TLS + tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS13, + MaxVersion: tls.VersionTLS13, + ServerName: "server1.com", + ClientESNIKeys:clientESNIKeys, + RootCAs:caCertPool, + } + + //创建http.client实例 + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: tlsConfig, + DisableKeepAlives: true, + }, + } + + // 构建 DNS 请求 + dnsReq := buildDNSRequest(domain) + + // 创建一个5秒的超时上下文 + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + // 使用超时上下文发送 ESNI 请求 + resp, err := sendDoHRequest(client, ctx, "https://192.168.157.128/dns-query", dnsReq) + if err != nil { + // 忽略超时错误,不终止程序 + if strings.Contains(err.Error(), "context deadline exceeded") { + log.Printf("Timeout error: ESNI request to %s for domain %s exceeded time limit", "https://192.168.157.128/dns-query", domain) + return + } + log.Printf("Error sending ESNI request: %v", err) + return + } + if resp == nil { + log.Printf("Received nil response for domain: %s", domain) + return + } + defer resp.Body.Close() + + // 解析响应 + err = parseDNSResponse(resp.Body) + if err != nil { + log.Printf("Error parsing DNS response for domain %s: %v", domain, err) + } + +} + +//根据别名获取实值 +func getIDByName(m map[uint16]string, name string) (uint16, error) { + for key, value := range m { + if value == name { + return key, nil + } + } + return 0, errors.New("Unknown value") +} + +// 构建 DNS 请求,查询指定域名 +func buildDNSRequest(domain string) []byte { + // 确保域名以 . 结尾 + if !strings.HasSuffix(domain, ".") { + domain += "." + } + + // 构建 DNS 消息 + msg := dnsmessage.Message{ + Header: dnsmessage.Header{ + RecursionDesired: true, + }, + Questions: []dnsmessage.Question{ + { + Name: dnsmessage.MustNewName(domain), + Type: dnsmessage.TypeA, + Class: dnsmessage.ClassINET, + }, + }, + } + + // 序列化 DNS 消息 + dnsBytes, err := msg.Pack() + if err != nil { + log.Fatal("Failed to pack DNS message: ", err) + } + return dnsBytes +} + +// 发送 DoH 请求 +func sendDoHRequest(client *http.Client, ctx context.Context, url string, dnsRequest []byte) (*http.Response, error) { + // 创建 HTTP POST 请求,正文包含 DNS 请求的二进制数据 + req, err := http.NewRequest("POST", url, bytes.NewReader(dnsRequest)) + if err != nil { + return nil, err + } + + // 设置 HTTP 头部,指定内容类型为 DNS 消息格式 + req.Header.Set("Content-Type", "application/dns-message") + req = req.WithContext(ctx) + + // 发送请求 + return client.Do(req) +} + +// 解析 DNS 响应 +func parseDNSResponse(responseBody io.Reader) error { + // 读取响应的二进制数据 + dnsRespBytes, err := ioutil.ReadAll(responseBody) + if err != nil { + return fmt.Errorf("failed to read response body: %v", err) + } + + // 解析 DNS 响应 + var msg dnsmessage.Message + err = msg.Unpack(dnsRespBytes) + if err != nil { + return fmt.Errorf("failed to unpack DNS response: %v", err) + } + + // 打印响应中的查询结果 + for _, answer := range msg.Answers { + switch answer.Body.(type) { + case *dnsmessage.AResource: + a := answer.Body.(*dnsmessage.AResource) + fmt.Printf("Domain: %s -> IP Address: %v\n", msg.Questions[0].Name, a.A) + default: + fmt.Printf("Domain: %s -> Other record: %v\n", msg.Questions[0].Name, answer.Body) + } + } + + return nil +} diff --git a/primary/tanghao_HIT_EncrypDNS/client/esni/esni.pub b/primary/tanghao_HIT_EncrypDNS/client/esni/esni.pub new file mode 100644 index 0000000000000000000000000000000000000000..7e767106fefb5a6596d2fd3679b2f8f08e93819b --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/esni/esni.pub @@ -0,0 +1 @@ +/wF4rb+OACQAHQAg6bCH1VM3MX7Tid35wBfnMx7eF6M02A9CdwfwNRpBr2cAAhMBAQQAAAAAZ7VvtAAAAABn7F40AAA= diff --git a/primary/tanghao_HIT_EncrypDNS/client/esni/go.mod b/primary/tanghao_HIT_EncrypDNS/client/esni/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..a61ee0ec42ddc41b58fa4fda61b02fb6fe4a6456 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/esni/go.mod @@ -0,0 +1,11 @@ +module github.com/devopsext/esni-rev-proxy + +go 1.13 + +require ( + github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa // indirect + github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892 // indirect + github.com/paulbellamy/ratecounter v0.2.0 + github.com/prometheus/client_golang v1.5.1 + golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 +) diff --git a/primary/tanghao_HIT_EncrypDNS/client/esni/go.sum b/primary/tanghao_HIT_EncrypDNS/client/esni/go.sum new file mode 100644 index 0000000000000000000000000000000000000000..c9729e71dce5081a8d97fd6e7de8a25b326039ef --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/esni/go.sum @@ -0,0 +1,100 @@ +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa h1:2pQJShMsIfrl5+NnJRzWSmp6FDUZY3LcnviKOYn9qWM= +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa/go.mod h1:o/DcCuWFr9jFzwO+c3y1hhwqKHHKfJ7HvLhWUwRnqfo= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892 h1:UzltRpUK5PPlNYBBBc2ekotYJMIPjga7Wee8ADW3j+I= +github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892/go.mod h1:+liTPsuK0xSOSyNKhVz4h7Khig8zW4NcvxdVbzS0Jyw= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/paulbellamy/ratecounter v0.2.0 h1:2L/RhJq+HA8gBQImDXtLPrDXK5qAj6ozWVK/zFXVJGs= +github.com/paulbellamy/ratecounter v0.2.0/go.mod h1:Hfx1hDpSGoqxkVVpBi/IlYD7kChlfo5C6hzIHwPqfFE= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.5.1 h1:bdHYieyGlH+6OLEk2YQha8THib30KP0/yD0YH9m6xcA= +github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U= +github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 h1:dfGZHvZk057jK2MCeWus/TowKpJ8y4AmooUzdBSR9GU= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82 h1:ywK/j/KkyTHcdyYSZNXGjMwgmDSfjglYZ3vStQ/gSCU= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/primary/tanghao_HIT_EncrypDNS/client/esni/order.txt b/primary/tanghao_HIT_EncrypDNS/client/esni/order.txt new file mode 100644 index 0000000000000000000000000000000000000000..ecc3ec8a48b84633631e90a4f99099fb9e33d60e --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/esni/order.txt @@ -0,0 +1,7 @@ +sudo vim /etc/sudoers + +/usr/local/go/bin + +export GOROOT=$(pwd)/.GOROOT +sudo -E go run server.go +sudo -E go run client.go -data ../data/test-domain.csv -number 1 \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/client/esni/server1.crt b/primary/tanghao_HIT_EncrypDNS/client/esni/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..336785696b410a9db8a25a2d7c05c13f3946210c --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/esni/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUI1htxOu+K5DN8y3U4REFuWd9DbwwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMjIwMTQxMzU5WhcNMjYw +MjIwMTQxMzU5WjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMgHkHcHprUbetE0rsffOADDK5m/8Gse3ZlgqwS4 +KgmEBsNl6L8LFTdScxbxBjCXFut2A67Dqupu5coO8a22FmXvrog1RvwL3gqxGKhz +q7lEsDvkromIRaB9KMqWbpOzvJeR9e6jGLA/IKsSph2XQDSOPWz0Sc3pIHDLSutp +i1aYJLNr7G6nWcMOH2RMQYrRJupYOLyybOtbRNT81YbYZH/j5dt3N1NqpPOrl5bc +UO1IYx5Dc0IUQViUjfaCRICpuFeEz5e9LrBCHcXE6c7AmKSnDJB3eMTc1wKvLQ3M +8lOnZLGE460+VnDkoV36wsCndutyC6VTGlVlfgXNVEl9NLECAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAB3R +1gDV/sVM+x1qMnOSvKfldEDYaW76gXyrLbZf9m66CYMy+2CBQX2+liiyuuH8Rsq8 +P4h9du0QG/j8pvUnNa6Yjjnq3RVYeH6YSnkg5ln2y6S57ALTju1AKpBPz1B0B2O/ +3uetBcmRKGICHih7+RqCnMb/9AspAm6MTTST/SWlkHlvmI7+sJDoMq8fD+jw2AUh +muqwj30a6ma1mblELu1Q5PU3LN2ho2YPTHR/4K7o8LYYj33JM0IUycF7TwY6FUFK +yYZCOxpdJ5v1WY0x8lMjF7LtgyjXc/tv4AQsuUmKGBotwzFpT046juUTFUMXFaef +OvbDct1IHLBsc2ZbuiY= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/esni/server2.crt b/primary/tanghao_HIT_EncrypDNS/client/esni/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..2ff1f58807f8a1386633e0970b96fb3f35c6d059 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/esni/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUd/5f/msqQ2ynp3ajRCVQPyexD0QwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMjIwMTQxNDE2WhcNMjYw +MjIwMTQxNDE2WjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAOzOpMQH+39lDXez5aOeZIJXIEQ2iJ6e489smwm7 +Eld8Cpx5nZM6RuFMHUtZN81PBxan/IINTkzAwhzuqrMv8ZKGl3nCaKqAOTn6tfyu +X1IhdqWqQLxAfOCPr0T0UdQ/xJZr7zCASIYOd6ZQjDpD9a5dlEZcrb0Vn1dMfgTd +ZYiSP30PxpjYltUgCFs/fDB+pM7e/jtEb7Nwad6JeoQqmnhydsiCvc6GCoisnd34 +UQaodJgkf0MZDsruGKbWydQ5jLUnBNOQKikRd87Gh37I6EPsaz44T5dGZg0ToHdX +pzalNdna7rw+CwWYSEO+5rQ0PaiiyNaJDkJTs3PEv3f5dwECAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBAKrL +Yq9eywj6n2UlKIh6hEn6vN3pe8cXkt/dpvmFTOcQ3rG+PPq11XOz0u3alnGc2/7l +iaLJC02tph3IqSBHVDMRvPd6LbCpa3q3AnNN3ZpDog5PObL03slCW5Ns3riBCeFG +ewufm6fMo5mKJRqbH26s4I13S8L/bUYUNeiM9TWYn6QeSFB2HVp1SpWqOiLqWBfq +nRD/h8JyfFeNvfT9NNFqft2qj2+eV1aVJ3JBYYnLNqCvzI2FAUv6pg+BYO9txYnp +25okHH8HilzOhEZbROYdzvQdC9wyEXnAnX3EKfWPOC61uNcDCRC3t/0VcoMTdsjq +bPjvgdocqpEVEN7lFwk= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-doh/client.go b/primary/tanghao_HIT_EncrypDNS/client/https-doh/client.go new file mode 100644 index 0000000000000000000000000000000000000000..a85cbef672102a8cc15cf9222800fc16e9e86402 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-doh/client.go @@ -0,0 +1,103 @@ +package main + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "io/ioutil" + "log" + "net/http" + "context" + "os" + "encoding/csv" + "sync" + "time" +) + +func main() { + if len(os.Args) < 2 { + log.Fatal("Usage: go run main.go ") + } + csvFile := os.Args[1] + + // 打开url数据集文件 + file, err := os.Open(csvFile) + if err != nil { + log.Fatal(err) + } + defer file.Close() + + reader := csv.NewReader(file) + var urls []string + + for { + record, err := reader.Read() + if err != nil { + break + } + urls = append(urls, record[0]) + } + + // 使用 WaitGroup 控制并发,每次最多运行 3 个任务 + var wg sync.WaitGroup + sem := make(chan struct{}, 3) + + for _, url := range urls { + wg.Add(1) + sem <- struct{}{} // 限制并发数 + + go func(u string) { + defer wg.Done() + httpsClientStart(u) + <-sem // 释放并发限制 + time.Sleep(500 * time.Millisecond) + }(url) + } + + wg.Wait() + +} + +func httpsClientStart(url string) { + + // 配置客户端证书 + caCert, err := ioutil.ReadFile("server1.crt") + if err != nil { + log.Fatal("读取CA证书失败:", err) + } + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) + + // 创建客户端并初始化 + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + ServerName: "server1.com", + RootCAs: caCertPool, + }, + DisableKeepAlives: true, + }, + } + + // 创建一个5秒的超时上下文 + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + // 构造代理请求 + proxyReq, _ := http.NewRequest("GET", "https://192.168.157.128/proxy", nil) + proxyReq.Header.Set("X-Target-URL", url) // 设置目标URL + proxyReq.WithContext(ctx) + + // 发送请求 + resp, err := client.Do(proxyReq) + if err != nil { + log.Printf("请求失败:", err) + return + } + defer resp.Body.Close() + + // 读取响应 + body, _ := ioutil.ReadAll(resp.Body) + fmt.Printf("请求url: %s\n",url) + fmt.Printf("响应状态: %s\n内容:\n%s\n", resp.Status, body[:100]) +} \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-doh/server1.crt b/primary/tanghao_HIT_EncrypDNS/client/https-doh/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..e9ffc610dd81b1a69e47320e87129a32933f1149 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-doh/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUcLazvIaPEFvCjVxCKT17XB9BqeMwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMzEwMTIwMTI1WhcNMjYw +MzEwMTIwMTI1WjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANePk1VGUgNxYi67Om5VfCdWqY6n0fsCcxNUiVo3 +lkmnzD/tAV36/eDQFrD+E3ki5/7nxR2xV/UTWFZd7cyJzDOuBJRWHEOxl1hd2AP1 +oi890cCnRH6k30CMBdBxi9/6U78yfYTGDLhtyuAx7DTOUCA0TB4S4zoyqQta/x1c +Y+oESVcUdt1/BCPyQ5/iCOuf0uNRNF/wiVQLkDMjq8YvdpH2uQHVc6vMd9MDK/JS +oURNqiVc/oPSCZqYAOSqNnC8KXuFrnS6v3Y6jsBx2rV2aZVvUVidzTS6ZTj40+Rz +t9q9g6a2JILwV+5x/C/c6Sq1oyNmFA+4tFJSe30bIqYMapkCAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAAAN +dbT9Nw8x79Ft76Rou7TqBlus+4a9ngs7AkFJGn8+yh1sBdmIv3kADnido680ImzL +UflilppisEwF+4IdeSpAnQyIU77XwL/xVhWnLqWRNkS0x1v3Do1TRTG/zd5yJF+C +0yWFyjYwT/WWYqalpG+Ot1Y411DENzxMey6K0B68mVaxHC87f+4nY1kcnea16BVB +jzIrbOA9oDP3r3nwY5lsXCP4EvNHFxlGiyoGhJtuwooAdKQpeG6QqHoIdrLdiWJb +R5z8QXsRZ2LtgqsQ4/rbMY5PONrjPuStoTCeAtLW32ifpQTBdecFa4a5I7kO2inV +dg24zWNQNHYKSiysKEs= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-doh/server2.crt b/primary/tanghao_HIT_EncrypDNS/client/https-doh/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..362e4fad6b3075ff926a0fa7201a2ca4726a2815 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-doh/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUV78URY1oHupdDIg+GShmzPdgxGgwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMzEwMTIwMTQxWhcNMjYw +MzEwMTIwMTQxWjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMbkEqoWOZDRYg5/4kewlFYqBPNTHCtCH3JT1aho +XKS1UHJRxvKtcLZ5FvG8PjHXS5uZxJo0A/s3nBd5u1CdW8MQIOtoHyykgcYG7eke +lEBowuT3QQMK7+cKGJhlPbt/6T+MrTVevrhKX6igAKCki9gMRA6aaF1gckQW4m1i +61Y51FUvz6AbAHuXCmZoAJ7tdEnMPOnU4k7Z7rAy+a7LMWgxgF0/0x8HGy+F6jeU +3FNOPIOA3CkVLI5G2xZ3tjcKxw4CBw3DsyLaX+gG0a+y795+n4FaUzqG1/HWawVQ +rcIXg2feJc8nqNapzOyGhiakOT5REqDY8Nd7oVXtTDN6bcECAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBAMSL +fXY5DnNgjMkkcekQWOshNGQEWNG1LerM1vu1P6GNmU2VkUBBIpx2fb64TE2lqILU +3Yo9wYsVYaBxtqC5EqcqvXt/GyVxcyCVWk/wpAJLGAcwk0J+IzBw0K7qr7B/dcrj +i2TVKs7qpbWSSbM2EZ8Wa7lsciBzGfyNrkLMeA4v6bnk1Vo81x++4RihUp0KcHoq +rq7YLU431tWMaTpLeZ4U2oHM2a4sfrhDgbOJjZzlBvbaQNXHd6VaLAwpp9CsKceR +c17XnoOYKveSDdgnZCWI594YViOWdWXMgDPdTRBzpV/47beqhxG2sGGEUE4f9gnd +gGtdPQ6CjdL9MgWkivI= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-ech/client.go b/primary/tanghao_HIT_EncrypDNS/client/https-ech/client.go new file mode 100644 index 0000000000000000000000000000000000000000..4465a3499c96d05258fdd3915046524b797d37c6 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-ech/client.go @@ -0,0 +1,122 @@ +package main + +import( + "crypto/tls" + "crypto/x509" + "encoding/base64" + "fmt" + "net/http" + "os" + "log" + "encoding/csv" + "context" + "time" + "sync" + "io/ioutil" +) + +// 外部目标服务器(server0.com)的ECH配置信息 +var ( + echConfig = "AEb+DQBCewAgACBLqkoAzquxPXHR8LzH5qZCGo7oegXdBJgO+aTfP10qJAAMAAEAAQABAAIAAQADIAtzZXJ2ZXIwLmNvbQAA" +) + +func main() { + if len(os.Args) < 2 { + log.Fatal("Usage: go run main.go ") + } + csvFile := os.Args[1] + + // 打开url数据集文件 + file, err := os.Open(csvFile) + if err != nil { + log.Fatal(err) + } + defer file.Close() + + reader := csv.NewReader(file) + var urls []string + + for { + record, err := reader.Read() + if err != nil { + break + } + urls = append(urls, record[0]) + } + + // 使用 WaitGroup 控制并发,每次最多运行 3 个任务 + var wg sync.WaitGroup + sem := make(chan struct{}, 3) + + for _, url := range urls { + wg.Add(1) + sem <- struct{}{} // 限制并发数 + + go func(u string) { + defer wg.Done() + httpsClientStart(u) + <-sem // 释放并发限制 + time.Sleep(500 * time.Millisecond) + }(url) + } + + wg.Wait() + +} + +func httpsClientStart(url string) { + + // 解码ECH配置 + echConfigListBytes, err := base64.StdEncoding.DecodeString(echConfig) + if err != nil { + fmt.Printf("Error decoding configlist %v", err) + return + } + + // 配置客户端证书 + caCert, err := ioutil.ReadFile("server1.crt") + if err != nil { + log.Fatal("读取CA证书失败:", err) + } + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) + + // 配置TLS + tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS13, + MaxVersion: tls.VersionTLS13, + ServerName: "server1.com", + EncryptedClientHelloConfigList: echConfigListBytes, + RootCAs: caCertPool, + } + + // 创建http.client实例 + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: tlsConfig, + DisableKeepAlives: true, + }, + } + + // 创建一个5秒的超时上下文 + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + // 构造代理请求 + proxyReq, _ := http.NewRequest("GET", "https://192.168.157.128:443/proxy", nil) + proxyReq.Header.Set("X-Target-URL", url) // 设置目标URL + proxyReq.WithContext(ctx) + + // 发送请求 + resp, err := client.Do(proxyReq) + if err != nil { + log.Printf("请求失败:", err) + return + } + defer resp.Body.Close() + + // 读取响应 + body, _ := ioutil.ReadAll(resp.Body) + fmt.Printf("请求url: %s\n",url) + fmt.Printf("响应状态: %s\n内容:\n%s\n", resp.Status, body[:100]) +} diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-ech/go.mod b/primary/tanghao_HIT_EncrypDNS/client/https-ech/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..99c2991667ff7b5dabfee1dedc24b29a9d39fe7b --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-ech/go.mod @@ -0,0 +1,3 @@ +module https-ech + +go 1.24.0 diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-ech/server1.crt b/primary/tanghao_HIT_EncrypDNS/client/https-ech/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..0cb80e120ebde47a46bf5b0a1cf4f2092fd2fac4 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-ech/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIULN0IY11JKbFV5e2AkfJFgkCQtZ8wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMzE0MDgxMTM5WhcNMjYw +MzE0MDgxMTM5WjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMOgyXimJjXTx6jwBw7EtM6+GxGepoZqiw4z+Vrh ++QMaz8thhzVhZ1opRqM4FuDog9Z/EMldx+dddEbWIVYEhy7eY0lq6/grC1TKPWFf +yzbZvpwMuQhGIs7T6z4I7L4bapauv0dDNR1nzs7H/LQlsYK5p+mCuo8ubxbYzqfR +qhAPQM3QqYUshIlgnlQ3ONJh/wsQqzPiFFrpf9i3GlO0jc/AkIPGCz2LfAmCj5D2 +i/Ke6jaciyYysK9b1upYiqLn0E7oHW3yqXGgEKibpXxkjuwI7pb9B/e8ligMyNKb +RuzBPXGReezyozokKgr0NyPtxsB9eZdwK6uS+bnkgp+69C8CAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAJ76 +gJNo1h4/9eUzDQHI/4u7oSuemFbtGZFIl8R2daJqGbjjEvZBt/4WPs9ZSwlLYCW7 +ANG9fBnHwflfOSE90JJP3lMtWi3DEa4wAg3SEuhU2Im/G3TBORVFr3rwDgKw8370 +GBxOsyuGbjcjtrPphVf+klQMkgRykXUfBAIhuZHba3gA2nDgL5+szJ4+2Mc3Qf44 +/hWuyV8OjkbDsdC/w3pUhRWYpAEaEW1EAgsLvUBnk/UAHfc6FnSO0QWGcl5g40YY +wXyvQaLzrJa0tvWMtvWMS5Pt84rB4C/bJl3PNwQc48wxUz8CoK81igg/iK9N+oEu +WspLPDI9Ew+ejSH/YvM= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-ech/server2.crt b/primary/tanghao_HIT_EncrypDNS/client/https-ech/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..017ea141371fa5325ec786cd8d700b6800f38e5f --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-ech/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUAbwWyv0zj4Cohamktwxd5x6S11MwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMzE0MDgxMTUwWhcNMjYw +MzE0MDgxMTUwWjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMPeY1TwVcrNvNVFwGZEZ+oCuF/IMFi9XZaFlNhP +7W1rPm1+ro0mMHlvNEZQ/U5GuUQaVTPasplbSDPTopxplcVunNPlpozltFKE1guk +hRV9+aI1q0SqEYF1//b2Wrv4Fhka+O+QOi8762HXiTiHwVMHLaHMHybhww4McuYq +6vJOBIzEXhli9t4mmtgfc8tv/yp2oWZoqiH4eLSTGvz33GOKRuEAiVXvTst3bIJY +1U9M5pNUlBCxUsgVgFfPgJmusgFgWAmwmpFMcxqcMLQRTi8hxMHJ2/sGkvFaVEQ5 +Tuvucr9+zDT4ZasfUEz+g9jLrU90TyNB+X1pAzSwnD3fG7kCAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBAJF2 +B6/lr9i7jM1wKEw3bMXtW6Gn7oCTAttOOubQdEgrfIKxDLnDDog1qQpIRtJIQFA/ +6jd4+Fneircq52PR1q+ZLZPM6eoDvdons2kYk5uBsT/L8nTxtOIf5FV6HCdXEhEB +iQmt3XZbuErkbEsPD9FrLfYfLqkm7ClFyy2MfMlbat8Xm2H5+8SUpX+RnuJXVVCq +E7tKeMhmKfKAlv43O6JtjPW+P/O+qWcUgW+yT304i+6ZR++JVATYhLH1MI1oCk7J +CashfQ5um4F3QAn06hwP15A+1RZaBOBIplYIhM4FEPv0oaHHI1MN8YpxwOP5fY8m +HBQlvAexYYMrjp3MVjE= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-esni/client.go b/primary/tanghao_HIT_EncrypDNS/client/https-esni/client.go new file mode 100644 index 0000000000000000000000000000000000000000..3702beefd6b4db5390d51e2b5cee87a5a74b1d3d --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-esni/client.go @@ -0,0 +1,143 @@ +package main + +import ( + "crypto/tls" + "crypto/x509" + "encoding/base64" + "fmt" + "io/ioutil" + "log" + "net/http" + "time" + "encoding/csv" + "context" + "os" + "sync" +) + +var namedGroupsToName = map[uint16]string{ + uint16(tls.HybridSIDHp503Curve25519): "X25519-SIDHp503", + uint16(tls.HybridSIKEp503Curve25519): "X25519-SIKEp503", + uint16(tls.X25519): "X25519", + uint16(tls.CurveP256): "P-256", + uint16(tls.CurveP384): "P-384", + uint16(tls.CurveP521): "P-521", +} + +var cipherSuiteIdToName = map[uint16]string{ + tls.TLS_RSA_WITH_AES_128_CBC_SHA: "TLS_RSA_WITH_AES_128_CBC_SHA", + tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + tls.TLS_AES_128_GCM_SHA256: "TLS_AES_128_GCM_SHA256", + tls.TLS_AES_256_GCM_SHA384: "TLS_AES_256_GCM_SHA384", + tls.TLS_CHACHA20_POLY1305_SHA256: "TLS_CHACHA20_POLY1305_SHA256", +} + +func main() { + if len(os.Args) < 2 { + log.Fatal("Usage: go run main.go ") + } + csvFile := os.Args[1] + + // 打开url数据集文件 + file, err := os.Open(csvFile) + if err != nil { + log.Fatal(err) + } + defer file.Close() + + reader := csv.NewReader(file) + var urls []string + + for { + record, err := reader.Read() + if err != nil { + break + } + urls = append(urls, record[0]) + } + + // 使用 WaitGroup 控制并发,每次最多运行 3 个任务 + var wg sync.WaitGroup + sem := make(chan struct{}, 3) + + for _, url := range urls { + wg.Add(1) + sem <- struct{}{} // 限制并发数 + + go func(u string) { + defer wg.Done() + httpsClientStart(u) + <-sem // 释放并发限制 + time.Sleep(500 * time.Millisecond) + }(url) + } + + wg.Wait() + +} + +func httpsClientStart(url string) { + + //读取并解析ESNI公钥 + contents, err := ioutil.ReadFile("esni.pub") + if err != nil { + log.Fatalf("Failed to read ESNIKeys: %s", err) + } + esniKeysBytes, err := base64.StdEncoding.DecodeString(string(contents)) + if err != nil { + log.Fatalf("Failed to parse -esni-keys: %s", err) + } + clientESNIKeys,err:=tls.ParseESNIKeys(esniKeysBytes) + if clientESNIKeys == nil { + log.Fatalf("Failed to process ESNI response for host: %s", err) + } + + //配置客户端证书 + caCert, err := ioutil.ReadFile("server1.crt") + if err != nil { + fmt.Println(err) + return + } + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM(caCert) + + //配置TLS + tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS13, + MaxVersion: tls.VersionTLS13, + ServerName: "server1.com", + ClientESNIKeys:clientESNIKeys, + RootCAs:caCertPool, + } + + //创建http.client实例 + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: tlsConfig, + DisableKeepAlives: true, + }, + } + + // 创建一个5秒的超时上下文 + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + // 构造代理请求 + proxyReq, _ := http.NewRequest("GET", "https://192.168.157.128:443/proxy", nil) + proxyReq.Header.Set("X-Target-URL", url) // 设置目标URL + proxyReq.WithContext(ctx) + + // 发送请求 + resp, err := client.Do(proxyReq) + if err != nil { + log.Printf("请求失败:", err) + return + } + defer resp.Body.Close() + + // 读取响应 + body, _ := ioutil.ReadAll(resp.Body) + fmt.Printf("请求url: %s\n",url) + fmt.Printf("响应状态: %s\n内容:\n%s\n", resp.Status, body[:100]) + +} \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-esni/esni.pub b/primary/tanghao_HIT_EncrypDNS/client/https-esni/esni.pub new file mode 100644 index 0000000000000000000000000000000000000000..7e767106fefb5a6596d2fd3679b2f8f08e93819b --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-esni/esni.pub @@ -0,0 +1 @@ +/wF4rb+OACQAHQAg6bCH1VM3MX7Tid35wBfnMx7eF6M02A9CdwfwNRpBr2cAAhMBAQQAAAAAZ7VvtAAAAABn7F40AAA= diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-esni/go.mod b/primary/tanghao_HIT_EncrypDNS/client/https-esni/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..a61ee0ec42ddc41b58fa4fda61b02fb6fe4a6456 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-esni/go.mod @@ -0,0 +1,11 @@ +module github.com/devopsext/esni-rev-proxy + +go 1.13 + +require ( + github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa // indirect + github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892 // indirect + github.com/paulbellamy/ratecounter v0.2.0 + github.com/prometheus/client_golang v1.5.1 + golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 +) diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-esni/go.sum b/primary/tanghao_HIT_EncrypDNS/client/https-esni/go.sum new file mode 100644 index 0000000000000000000000000000000000000000..c9729e71dce5081a8d97fd6e7de8a25b326039ef --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-esni/go.sum @@ -0,0 +1,100 @@ +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa h1:2pQJShMsIfrl5+NnJRzWSmp6FDUZY3LcnviKOYn9qWM= +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa/go.mod h1:o/DcCuWFr9jFzwO+c3y1hhwqKHHKfJ7HvLhWUwRnqfo= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892 h1:UzltRpUK5PPlNYBBBc2ekotYJMIPjga7Wee8ADW3j+I= +github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892/go.mod h1:+liTPsuK0xSOSyNKhVz4h7Khig8zW4NcvxdVbzS0Jyw= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/paulbellamy/ratecounter v0.2.0 h1:2L/RhJq+HA8gBQImDXtLPrDXK5qAj6ozWVK/zFXVJGs= +github.com/paulbellamy/ratecounter v0.2.0/go.mod h1:Hfx1hDpSGoqxkVVpBi/IlYD7kChlfo5C6hzIHwPqfFE= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.5.1 h1:bdHYieyGlH+6OLEk2YQha8THib30KP0/yD0YH9m6xcA= +github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U= +github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 h1:dfGZHvZk057jK2MCeWus/TowKpJ8y4AmooUzdBSR9GU= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82 h1:ywK/j/KkyTHcdyYSZNXGjMwgmDSfjglYZ3vStQ/gSCU= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-esni/server1.crt b/primary/tanghao_HIT_EncrypDNS/client/https-esni/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..531c8816dcfa5a375eac1abacb46cc0bddfbf552 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-esni/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIULjxijURoenebATeOr5zdYBR0gnswDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMzE3MDg1NDEzWhcNMjYw +MzE3MDg1NDEzWjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAJLoSR52bZE7HQ/ExoHH+tPvYlziNvaQmlI6Dzwo +zSQBt6x+3o0Prx1uFPhb7Ftgcqm/H+rf/LF0f8tnd43frW6T6ETKhV9Yn25dwtSW +6gjc8O3rzWgNgvLlruhxcpBzv+NsWW5+FZAuBo5Olc8jQg/m4nxFLAJXSD4vvabD +2YfrF2jSjyg/bHgUn8OnSf8j1o0yl7ZzyT9RAgeIp9bxV7B/CFXf91K7fZ1oriFD +mJDCHZSWdK7jVhFg956+gUrI81XRdFP2OvpgRqY+54gDdDrJfGLUCYTswI5MJZtY +USs+FMRyPOtHPBMQNgx/agk49UDdSuFk2XCYyRP1Cl4V/O8CAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAECo +g+qpgzdF6uLW5fvsFjvwJl8zv2fFSjHDbN4Kun7PAAozF5Sdmo2MOgnuiC7M8Mh5 +pZeYEvD04m2P5oeanLKqiTFWfBBECgW/ZKa4E3ShJDAf5tnX9iiUf3UZJP1iiCmU +bNPD0sv+gkWZ01eO5USOACNPbp4pUyn60bF9vRENPNETrW+HuDMelBNpuY01sTdj +b4h47/TaSTNDQM4P5EgcWF+G3AcNQHauHEELYAuxp8B2kn9iVSUxruw5L2i8C5O7 +UkgCVdGswynriRLehCM422aLSNZWcvsrvk+k7HI/YsCgSBDqOF1deK555kJpYde1 +NQfQ0UF70xEqTcpXqII= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/client/https-esni/server2.crt b/primary/tanghao_HIT_EncrypDNS/client/https-esni/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..c8cb7a1d2679a0f02d61e4bb5688c60b4ef9e374 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/client/https-esni/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUTYSu7CPJ+k9a7tbSITZ+hdxh1+wwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMzE3MDg1NDI2WhcNMjYw +MzE3MDg1NDI2WjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKBawT1qvKb6ry3hd+Je4/tEcnrMHtQavfRDM3YJ +OTPjFbKJYkxWfnJBhiUB5kbXfgSU6txZLXAnDqq8TOr0QN8QdOtUWXYeKxnOqm5g +tGwqHMCZ1SsHgar7lThRVKZp3h3VxLvu5L/J8gmpQ0cP57ldX9vFKeLbW4epbJr3 +dNCeS1hE63Qfvksv2xJoZnYfDk6NDOK6T7rCdXiObUSAk8XBlBXyDlB7MKS53XhG +LKYHeTulpJ/wYC1eB1ZPbHty6xJP5r4gDM8uFep54EV7queFt2jm48ilj/9vTecE +jjDTrcoq3X3m2Ud5PEDiD1nvZyzPed6dbIfqKA9Tt+l0jY8CAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBAJ/A +SH0HOah1CKB8HzTugLtXKgNWvTtXqoE0cGXc79yQvF9bn9BJYazxTyilACGSZBEE +yAFohfLmrSDJ6VNLf08rQOaGMMNsdtrVxV2A3x4IdpbtKsFlz8PmzKuEjCJ6pyWR +8Y0HglNUIN+g7U9+qpCz9DWKMvmRhWb1oQ9udtJ6FWUqrKAKRNNsuvwa/1mYm6i4 +PkY06dwu5169ITFzRtaP68pkbofqQhmTrFlLasEslzKY0GQyIkepBF/HH2isgv/e +tcbfqNtvGbkdMZPPsahuEQWthwdLhS0UtSsnqO9yIC0pMTU4bSNbhY8b1bUfWsm2 +nPsgIzQrosRDbNCSwnQ= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/go.mod b/primary/tanghao_HIT_EncrypDNS/server/doh/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..99085add1f0abe23ef4d386b06f8aae3c33a13c5 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/go.mod @@ -0,0 +1,9 @@ +module doh + +go 1.24.0 + +require ( + github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa // indirect + github.com/henrydcase/nobs v0.0.0-20230313231516-25b66236df73 // indirect + golang.org/x/net v0.35.0 // indirect +) diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/go.sum b/primary/tanghao_HIT_EncrypDNS/server/doh/go.sum new file mode 100644 index 0000000000000000000000000000000000000000..04e0611d5a14abbd9b3681a4274f6a26357a9816 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/go.sum @@ -0,0 +1,71 @@ +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa h1:2pQJShMsIfrl5+NnJRzWSmp6FDUZY3LcnviKOYn9qWM= +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa/go.mod h1:o/DcCuWFr9jFzwO+c3y1hhwqKHHKfJ7HvLhWUwRnqfo= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/henrydcase/nobs v0.0.0-20230313231516-25b66236df73 h1:d3rq/Tz+RJ5h1xk6Lt3jbObJN3WhvZm7rV41OCIzUyI= +github.com/henrydcase/nobs v0.0.0-20230313231516-25b66236df73/go.mod h1:ptK2MJqVLVEa/V/oK8n+MEyUDCSjSylW+jeNmCG1DJo= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= +golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/openssl-server1.cnf b/primary/tanghao_HIT_EncrypDNS/server/doh/openssl-server1.cnf new file mode 100644 index 0000000000000000000000000000000000000000..1249b07641a86e5711cd480b43eb1a1ed95eff57 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/openssl-server1.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server1.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server1.com +commonName_default = server1.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server1.com +IP.1 = 192.168.157.129 diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/openssl-server2.cnf b/primary/tanghao_HIT_EncrypDNS/server/doh/openssl-server2.cnf new file mode 100644 index 0000000000000000000000000000000000000000..a3008eedc6335b746e8fb15b9f2f31b088c0eebc --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/openssl-server2.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server2.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server2.com +commonName_default = server2.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server2.com +IP.1 = 192.168.157.130 diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/server.go b/primary/tanghao_HIT_EncrypDNS/server/doh/server.go new file mode 100644 index 0000000000000000000000000000000000000000..2ae6a6f1590fc4896b1a66e7fc3297d11515f81f --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/server.go @@ -0,0 +1,115 @@ +package main + +import ( + "bytes" + "crypto/tls" + "fmt" + "io" + "log" + "net" + "net/http" + + "golang.org/x/net/dns/dnsmessage" +) + +func main() { + + // 启动 HTTPS 服务器,支持动态证书选择 + server := &http.Server{ + Addr: ":443", + TLSConfig: &tls.Config{ + GetCertificate: getCertificateForSNI, + }, + } + + // 注册 DoH 请求处理函数 + http.HandleFunc("/dns-query", handleDoHRequest) + + // 启动 HTTPS 服务器 + log.Println("Starting DoH server on https://localhost:443") + if err := server.ListenAndServeTLS("", ""); err != nil { + log.Fatal("ListenAndServeTLS: ", err) + } +} + +func getCertificateForSNI(helloInfo *tls.ClientHelloInfo) (*tls.Certificate, error) { + switch helloInfo.ServerName { + case "server1.com": + cert, err := tls.LoadX509KeyPair("server1.crt", "server1.key") + return &cert, err // 返回结构体的指针 + case "server2.com": + cert, err := tls.LoadX509KeyPair("server2.crt", "server2.key") + return &cert, err // 返回结构体的指针 + default: + return nil, fmt.Errorf("no certificate found for SNI: %s", helloInfo.ServerName) + } +} + +// 处理 DoH 请求 +func handleDoHRequest(w http.ResponseWriter, req *http.Request) { + // 读取 DoH 请求中的 DNS 消息 + dnsRequest := req.Body + defer dnsRequest.Close() + + // 读取请求中的 DNS 消息内容 + var buf bytes.Buffer + _, err := io.Copy(&buf, dnsRequest) + if err != nil { + log.Println("Failed to read DNS request: ", err) + http.Error(w, "Failed to read DNS request", http.StatusInternalServerError) + return + } + + // 解包 DNS 消息 + var msg dnsmessage.Message + err = msg.Unpack(buf.Bytes()) + if err != nil { + log.Println("Failed to unpack DNS request: ", err) + http.Error(w, "Failed to unpack DNS request", http.StatusInternalServerError) + return + } + + // 向真实的 DNS 服务器发送请求 + dnsResponse, err := sendDNSRequestToRealServer(msg) + if err != nil { + log.Println("Failed to send DNS request to real server: ", err) + http.Error(w, "Failed to get DNS response", http.StatusInternalServerError) + return + } + + // 发送 DNS 响应作为 DoH 响应 + w.Header().Set("Content-Type", "application/dns-message") + w.Write(dnsResponse) +} + +// 向真实的 DNS 服务器发送 DNS 请求 +func sendDNSRequestToRealServer(msg dnsmessage.Message) ([]byte, error) { + // 连接到 DNS 服务器 + dnsServer := "114.114.114.114:53" + conn, err := net.Dial("udp", dnsServer) + if err != nil { + return nil, fmt.Errorf("failed to connect to DNS server: %w", err) + } + defer conn.Close() + + // 将 DNS 消息序列化 + dnsBytes, err := msg.Pack() + if err != nil { + return nil, fmt.Errorf("failed to pack DNS message: %w", err) + } + + // 发送 DNS 请求 + _, err = conn.Write(dnsBytes) + if err != nil { + return nil, fmt.Errorf("failed to send DNS request: %w", err) + } + + // 读取 DNS 响应 + responseBuf := make([]byte, 512) // 假设响应不超过 512 字节 + n, err := conn.Read(responseBuf) + if err != nil { + return nil, fmt.Errorf("failed to read DNS response: %w", err) + } + + return responseBuf[:n], nil +} diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/server1.crt b/primary/tanghao_HIT_EncrypDNS/server/doh/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..e5861d1b1ec92ff78af39c355f90db6775bb4bb9 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUKFr2l54GaKRCHLg5FkYRfPZH8IQwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMjIyMDg0NTE4WhcNMjYw +MjIyMDg0NTE4WjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALCSKnVrSSW0uQX/Isjc85EbMhSrfyXieFGmLiZQ +TeiE2CjI0kQZBYZY/RoEPDDQ64TwbiN8sGuccVzE1ywGQbQBYXTPva531mw9F8fd +AANeJ/frUBrlHwgiezM2pHnYoZp6TetNlZsSWvG9y+f61giTuXfHeculBp0EYh9j +9XLCbrultgLbWtMoV2xcYRKxz/j4OWwiCgLDfGi2UpA/fBXg7RUUdo0qINr1RI38 +GuDpRAaH4shxSl3igx6O9n2kn2+9dLcNkydVBEZQHaheFarQWV+/FC4NkuG8un+Z +iLwICjt8VTY5CUL+gl1prtiQtXRJ25HfYFOtwjNIYkLUnV8CAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAGjC +6y5W6HOA3V/OJ7TfnC727iAR684dZqgLHhlc9tz3OrRGulyV/nsQuBwElu8KgIrT +S83lBJwsvIPYw76GKC017NOVGlwjLAFdb76aH9cetrx5fcgtjBJgqpKj5QCpxdZz +Bz93d/udiXj4hJwVC7owcwQ/uV8xmPyIuyfwiANrFFmg10KtpR6ddXHz6WQYCKIN +qqn+N1WA+S1uGAjoV/VkwpWIYu5hVr2T1eqbYQ4JZT8X8Ch5RDsTcGz0fuldjwYD +oGfXeJpHG180bFBuLqsG02DJyJg+ShjttR8eF1XkbEt/FQaKPwbAHM9+T2+1xEK0 +dnmb0+ptuFTSJudnVm4= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/server1.csr b/primary/tanghao_HIT_EncrypDNS/server/doh/server1.csr new file mode 100644 index 0000000000000000000000000000000000000000..8cb92d9c9e01f3f5c33e18d88c96b44c86bd4f11 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/server1.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCwkip1a0kltLkF/yLI3PORGzIUq38l4nhRpi4m +UE3ohNgoyNJEGQWGWP0aBDww0OuE8G4jfLBrnHFcxNcsBkG0AWF0z72ud9ZsPRfH +3QADXif361Aa5R8IInszNqR52KGaek3rTZWbElrxvcvn+tYIk7l3x3nLpQadBGIf +Y/Vywm67pbYC21rTKFdsXGESsc/4+DlsIgoCw3xotlKQP3wV4O0VFHaNKiDa9USN +/Brg6UQGh+LIcUpd4oMejvZ9pJ9vvXS3DZMnVQRGUB2oXhWq0FlfvxQuDZLhvLp/ +mYi8CAo7fFU2OQlC/oJdaa7YkLV0SduR32BTrcIzSGJC1J1fAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjEuY29thwTAqJ2BMA0GCSqG +SIb3DQEBCwUAA4IBAQA+H0h8dxOaXpw/wH8gMXWI64A0YBogb4zSvW6b5E/xJkWR +kHKgbZm7Ydq5C8lq9615zwfau86u265nu4YQv4DNjAV+7SJLqPFOpyHhBvG5Cs2L +pSBLAV34YKRZFMKK3V/L38ayR90uTh9vMB3c3IM1YxvOyVhlR0u6fkbY5NE69Fki +ABj8rKul34d25xQ8VQgwVOQcYhM0HOj6up7HlLw58+uhh5fs200oWFj8DI9MyX+d +PM6/clqDjtV6W7+GLppn96gNJV8MK/vUolROwnKDeqi210l7D+lrlApRLyWZaSxA +Q+1VwX/cT8D4PqeX8YwmJdM4j+jgDsAreeCqg+Bh +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/server1.key b/primary/tanghao_HIT_EncrypDNS/server/doh/server1.key new file mode 100644 index 0000000000000000000000000000000000000000..6b7ab25f4088ddc1f4e5a63119db7e7f45c338da --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/server1.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAsJIqdWtJJbS5Bf8iyNzzkRsyFKt/JeJ4UaYuJlBN6ITYKMjS +RBkFhlj9GgQ8MNDrhPBuI3ywa5xxXMTXLAZBtAFhdM+9rnfWbD0Xx90AA14n9+tQ +GuUfCCJ7MzakedihmnpN602VmxJa8b3L5/rWCJO5d8d5y6UGnQRiH2P1csJuu6W2 +Atta0yhXbFxhErHP+Pg5bCIKAsN8aLZSkD98FeDtFRR2jSog2vVEjfwa4OlEBofi +yHFKXeKDHo72faSfb710tw2TJ1UERlAdqF4VqtBZX78ULg2S4by6f5mIvAgKO3xV +NjkJQv6CXWmu2JC1dEnbkd9gU63CM0hiQtSdXwIDAQABAoIBAFl9u4dHmQtDTYN8 +jGTBl7Ez124ifY71+YVodHt2uAXhTq1dGzToeaRd9en5u4gCW1xFf4z85W2lHM+n +9GabxTE2ge5yW/DRTBwP2r2xhRAv6JH+8dqvxcqZr1eFmlcnNMDWvCdGa0ztQKrF +R1OMDm7KcHYE4/YS7gcm8ZR3VS+UBIOiDmd6M6p+rLh3hTrMINAGqh28R/pgSWYL +g5ypy9J6Av7Gi4rmikdfUbeNvqEivD0HKEMnwH0k5p+kBLPzpxdn7R9Hxjb+34Gx +Otr6w90pFRXhgq90oOKraRVWM2wVQm10L8sW8XD3fYXLXuAhD14JmHtEEE9GqQiT +cA5A4gECgYEA1z2Kmi91vLEx+y8pt9idA2kDDckDoT/WAYdrzLsgbId+A5LTpzeP +vLK8zSS7e/gVyfDacVJp5WtdQoT4U+/rA55TyGoM7D5WZF8qgOrSnrL8vvTIs6zP +QJ0fodfN1lv0UsobQQoseTBqnHXVupPxx311oTSvsWucvak2A6i14Y0CgYEA0gIA +VXaZM05170w1o2nLF1H/FKq3ByswCl5qwbM63UXVLp7J2wm/tynffKkiHVClYK8N +1YM5L2Qsrw3qNVv3DqlX4YRVM/2sE9BUAUVFL0LyyMq6AqfIzOjF8iz6+1wQZgjh +l+CHaQtbTv02cjTWTStqQD7grEqKawTrdYaBgZsCgYApzikyg09R4/S6PdHThH4S +oH3YWpea5SQyzdOxQxMsITDnjsgPLWp8kxa6nYzQqkHJJD+5TPGGftDxT5RP8URr +QoAxZ++0nvL2sck2muVnr4oJqM+mnkTu3tW7AIhZPyj4P4sFme1DaJT8aKKnh36p +aYPEWNBbHHSoHcqA8W7KLQKBgQDQEbOK+WpobwBiCzvJoHPbsx3ruAiHTb7XRxy2 +tYFI4nuJKUINhucv7ojC1kA6k0CHPmmSdeUekz3CYyL9oxRwrk+n3JkeXeMz7mCM +sbkOTmKFlnYdU2ebvbUBcJdqm5iTv5DkDU2cQehBppdfKAJ7itxGswWfLmteBQ3U +72M4qQKBgQDC/ieKBAQQ567TE348rJhN9UMMrea6GhQSEv1SLRhu4dT5xRyyUG7q +NEzRNc/qBDbp19VHbtMTggZKk1sueTeDatkLzohixR4SnJ8KEY/AudISLmVerTLw +s7cf1e6Z9cB/3tE+3HYsvrwEbN3Iqjf+BEvLtpdEVNm7GAkUsir27A== +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/server2.crt b/primary/tanghao_HIT_EncrypDNS/server/doh/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..c700436894b38c146ad34d9a8c5678a481e0e37b --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIULpnUS7TbYaL2/7UtLuGSucOLs4IwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMjIyMDg0NTM3WhcNMjYw +MjIyMDg0NTM3WjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMJ+Z12Qp5jAnphIgVSg4pax1nzFHp0lyEkmE8xO +G4Y/xC7a18sBtyKpAldLWX+ZpuFQW1if+eDYnnYw1D4GIC+hw/EGJaJWteC9drnb +pqj1YXosDVol+f7q89j9SxM/6BG1VwsE1r6+LmFH9kAP3gbPLLosGEn7/o+NIu32 +yx5HxZ/+Ph3abyRRz2wPQ+GmRsrG9xQgul8KYof+hkvMdg+A6CC1lmw10iTGcT18 +5hkkF8xCdbybmEp0gDuz4df91U5l8qmTkLrMgoooWgIHxWhnyeOf/HaVGpeWwnTZ +B7JVwhFw2ox61GsIOvxmgDGkrIIcj9ngkMHTHBuFKQS/jYkCAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBABkJ +8CykogHSOFfPjqXYwCDJKQsOcfIK5DvCO1zWKhmp7oIc+Pamo1qYJzZBEdIVntfV +M7Cevk9xLId3OicHKw0MQq/QVSlj+EcECv3jLSRYqfLNXw6hK0RrHDVOmjpIcPGo +/lNu6plb0MIo9n75KBDH6nt/Zh8feewaDAETOLkKkSU2CDmoYqZ/XGzuNuqIewjZ +VIvsqSImdIomt/RH1Iw2PnDBFSQ0T6aaD26vtE0gYkOeVMdQV2GeV4DMxgPN7IpZ +Ot2jv8KBDQVGwzcsTO0ksivNQJKZ8fTv4vIKNOv8Iw4BSsgvyWZhAJA7XRh/u/eS +Pi5/WUGBqT0DtWl9Xw4= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/server2.csr b/primary/tanghao_HIT_EncrypDNS/server/doh/server2.csr new file mode 100644 index 0000000000000000000000000000000000000000..d30941d25bb934cd5fd2824d71f950d22dfd3965 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/server2.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDCfmddkKeYwJ6YSIFUoOKWsdZ8xR6dJchJJhPM +ThuGP8Qu2tfLAbciqQJXS1l/mabhUFtYn/ng2J52MNQ+BiAvocPxBiWiVrXgvXa5 +26ao9WF6LA1aJfn+6vPY/UsTP+gRtVcLBNa+vi5hR/ZAD94Gzyy6LBhJ+/6PjSLt +9sseR8Wf/j4d2m8kUc9sD0PhpkbKxvcUILpfCmKH/oZLzHYPgOggtZZsNdIkxnE9 +fOYZJBfMQnW8m5hKdIA7s+HX/dVOZfKpk5C6zIKKKFoCB8VoZ8njn/x2lRqXlsJ0 +2QeyVcIRcNqMetRrCDr8ZoAxpKyCHI/Z4JDB0xwbhSkEv42JAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjIuY29thwTAqJ2CMA0GCSqG +SIb3DQEBCwUAA4IBAQApn0sBJ/ylZn16PXDtCuzB+/MeB6pnkjd2464HjXYbx2VB +VNJR9nMviCIfbmPyZVaatOnsiON9w0cRyzNlF1xMeX/ZpZ/CQ4q0Xy4yNcmbFTWl +CMoSFFwQ1ayUg0Np/y8ld0QM52o87CegoByw6/YHJpsLFnoTE7sCAF4doqOOowtA +EWmlXAe01e+SOWMacyCZgKjgB8Q+GpOczF794w/D02kneB4pH+uxiTFNx2yTlHc8 +2n5C6+EMN+xfiidqkJHn9mwyE2fsoRfPZzNka9oMSTkUWtXo7R3+yx8pleedYDf8 +5JDdw1ogUW21ojBJffnEoRDXwN64E8rP0rhEG44c +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/doh/server2.key b/primary/tanghao_HIT_EncrypDNS/server/doh/server2.key new file mode 100644 index 0000000000000000000000000000000000000000..26c2f6c55cfdfb8c7ee2eda25725440d4b6ea8d6 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/doh/server2.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwn5nXZCnmMCemEiBVKDilrHWfMUenSXISSYTzE4bhj/ELtrX +ywG3IqkCV0tZf5mm4VBbWJ/54NiedjDUPgYgL6HD8QYlola14L12udumqPVheiwN +WiX5/urz2P1LEz/oEbVXCwTWvr4uYUf2QA/eBs8suiwYSfv+j40i7fbLHkfFn/4+ +HdpvJFHPbA9D4aZGysb3FCC6Xwpih/6GS8x2D4DoILWWbDXSJMZxPXzmGSQXzEJ1 +vJuYSnSAO7Ph1/3VTmXyqZOQusyCiihaAgfFaGfJ45/8dpUal5bCdNkHslXCEXDa +jHrUawg6/GaAMaSsghyP2eCQwdMcG4UpBL+NiQIDAQABAoIBAQCg1k88fMdb9s4w +OKVbCsDWxbIN9CTg58G9XBO7PExetJTT+n3Bj2WW8BTTg6g7cSEj6oPfwkutuPUx +4CdkM0Siny+ePesZWIOHmqZ4BEDKMEGv+oYAKq+WM037/1r6TDrpigC1SAceLb/F +CvGFAJonH2RpgNWFOTLGG3zrNM+79UL4pxMuYyt4HBbWkJvCSLcsNg7auF/6rWqk +xJcb/OOUhm+BbS3ZnC07F7jbls3tM427fhq92PXKfFuyb54sJDS1hpokeBC3UoH1 +FXEuRCwYgdUNDNJGlftr2hNfmM5JDpR4DnFgzszsotbfuYvt9rRpkHN1pQC72gZm +hw2KZ2LRAoGBAPniK0tHEgjvU1lzchVF4Zux05FROKS/EYYq039fg7lYL5L3Cov+ +JjZGmEdNHQXp3VTOtDepgJWjfgf1jKLkTpzQS9lt8fiGWw8JXMXeeOnOkgB5a5fj +PZ5QSN/GX4DnaF1D/OX+GOb44HMovII8Rk/ZlK03KLqtqQc1dW0g8SxDAoGBAMdB +JjKx8lEuU4wVfLq8BMn8Q2aWyrW4ssGjD+BbWGcUfsrbRagqfC50N1Ps7/UGcEvs +LG9Bxqrj8ZWywu7IvsRIsNbrBHHB9zx8Djoz+Iq1+odsDCapVWXJGgFSATeUISg7 +zSFIYMRL7uRTigsS0AAcw9UUFQzGIu3Nt/geR6hDAoGBANTUgMF1//NiO+CFRpa9 +1WFxvVwZDKCtKHTYxxjGtn/Hj4WiKfaAefVifVLFaEHgJaaVA8Qg96b8AF0xFB6t +TBOeCexgC2b8sFQHSmAxk1S4n3wN7skIQDQ190u5PyCgeDBvttgBax5WvXz4Jk7a +nZxnGo3J3EPbo4rDSoevNhrXAoGBAISNdKnY80jKNs5EJRvcpJrydKw0uFm3q0Ni +BNfOLLs2STsOMAK1cLM+oOf2AZPRWrdHQDArY8yfo0FhEIjlhvLxIKN46RX8YUsd +hCF4HWm5shaQ7GxzzdnOtLwYH7Mnmf83+Tig+67ajOvcH0NKmpDYkfaYS4CZ9vaY +GkC3dBgdAoGASHbvE2Lvd2r8/wDYzasksSqQwyeeGrxJglmRIu44McLDj80epXs7 +lVkbBUDwxsAWtAb/iQUJdO00367tmClW1g/7jMN2CwFxAjHw60V/U0tK617VZGR1 +iTk27wuycA/2lvTcLbQCq+2r/m5GAVLRow9NflWlT5HhiFvCzT2aRXw= +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/ecdh_private_key.pem b/primary/tanghao_HIT_EncrypDNS/server/ech/ecdh_private_key.pem new file mode 100644 index 0000000000000000000000000000000000000000..043cf1593d06bf1b61e059c08ab3c3308c513124 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/ecdh_private_key.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VuBCIEIEA9iFpCU0KSDdHNgyeLRGoznDXR6OBGYaCJsxHQ6CVr +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/echutil.go b/primary/tanghao_HIT_EncrypDNS/server/ech/echutil.go new file mode 100644 index 0000000000000000000000000000000000000000..2aa116c6ad00734549a8013493fb1d4c554a3c89 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/echutil.go @@ -0,0 +1,99 @@ +package main + +import ( + "crypto/aes" + "crypto/cipher" + "crypto/ecdh" + "slices" + + "golang.org/x/crypto/chacha20poly1305" + "golang.org/x/crypto/cryptobyte" +) + +const ( + AEAD_AES_128_GCM = 0x0001 + AEAD_AES_256_GCM = 0x0002 + AEAD_ChaCha20Poly1305 = 0x0003 + + extensionEncryptedClientHello uint16 = 0xfe0d + DHKEM_X25519_HKDF_SHA256 = 0x0020 + KDF_HKDF_SHA256 = 0x0001 +) + +var aesGCMNew = func(key []byte) (cipher.AEAD, error) { + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + return cipher.NewGCM(block) +} + +var supportedAEADs = map[uint16]struct { + keySize int + nonceSize int + aead func([]byte) (cipher.AEAD, error) +}{ + // RFC 9180, Section 7.3 + AEAD_AES_128_GCM: {keySize: 16, nonceSize: 12, aead: aesGCMNew}, + AEAD_AES_256_GCM: {keySize: 32, nonceSize: 12, aead: aesGCMNew}, + AEAD_ChaCha20Poly1305: {keySize: chacha20poly1305.KeySize, nonceSize: chacha20poly1305.NonceSize, aead: chacha20poly1305.New}, +} + +// Generates a serialized Encrypted Client Hello (ECH) configuration for a given domain +func GetECHConfig(privateKey *ecdh.PrivateKey, domain string) ([]byte, error) { + /// generate the echconfig + var sortedSupportedAEADs []uint16 + for aeadID := range supportedAEADs { + sortedSupportedAEADs = append(sortedSupportedAEADs, aeadID) + } + slices.Sort(sortedSupportedAEADs) + + marshalECHConfig := func(id uint8, pubKey []byte, publicName string, maxNameLen uint8) ([]byte, error) { + builder := cryptobyte.NewBuilder(nil) + builder.AddUint16(extensionEncryptedClientHello) + builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { + builder.AddUint8(id) + builder.AddUint16(DHKEM_X25519_HKDF_SHA256) // The only DHKEM we support + builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { + builder.AddBytes(pubKey) + }) + builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { + for _, aeadID := range sortedSupportedAEADs { + builder.AddUint16(KDF_HKDF_SHA256) // The only KDF we support + builder.AddUint16(aeadID) + } + }) + builder.AddUint8(maxNameLen) + builder.AddUint8LengthPrefixed(func(builder *cryptobyte.Builder) { + builder.AddBytes([]byte(publicName)) + }) + builder.AddUint16(0) // extensions + }) + + return builder.Bytes() + } + + return marshalECHConfig(123, privateKey.PublicKey().Bytes(), domain, 32) +} + +// Generates a serialized list of Encrypted Client Hello (ECH) configuration for a set of domains +func GetECHConfigList(privateKey *ecdh.PrivateKey, domains []string) ([]byte, error) { + + builder := cryptobyte.NewBuilder(nil) + var configs [][]byte + for _, d := range domains { + echConfig, err := GetECHConfig(privateKey, d) + if err != nil { + return nil, err + } + configs = append(configs, echConfig) + } + + builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { + for _, b := range configs { + builder.AddBytes(b) + } + }) + + return builder.Bytes() +} \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/go.mod b/primary/tanghao_HIT_EncrypDNS/server/ech/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..00dcd136f6abce194c24a9daa07677290b726d6e --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/go.mod @@ -0,0 +1,12 @@ +module echdns + +go 1.24.0 + +require ( + github.com/gorilla/mux v1.8.1 // indirect + github.com/salrashid123/go_ech/util v0.0.0-20250114031824-19ddb05a4acb // indirect + golang.org/x/crypto v0.33.0 // indirect + golang.org/x/net v0.35.0 // indirect + golang.org/x/sys v0.30.0 // indirect + golang.org/x/text v0.22.0 // indirect +) diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/go.sum b/primary/tanghao_HIT_EncrypDNS/server/ech/go.sum new file mode 100644 index 0000000000000000000000000000000000000000..fedea9dc7e439afce3de2e34def83c94fb982cba --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/go.sum @@ -0,0 +1,16 @@ +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= +github.com/salrashid123/go_ech/util v0.0.0-20250114031824-19ddb05a4acb h1:aODAJ3XvTMFwKAprG6Hf9aqHRNQXG3A8IoSYvPRLdzc= +github.com/salrashid123/go_ech/util v0.0.0-20250114031824-19ddb05a4acb/go.mod h1:mVab1T87WtrFJ0ZVOGwmx1iyYRxVhzRxtiIoO22pxp0= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= +golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= +golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= +golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/openssl-server1.cnf b/primary/tanghao_HIT_EncrypDNS/server/ech/openssl-server1.cnf new file mode 100644 index 0000000000000000000000000000000000000000..1249b07641a86e5711cd480b43eb1a1ed95eff57 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/openssl-server1.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server1.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server1.com +commonName_default = server1.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server1.com +IP.1 = 192.168.157.129 diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/openssl-server2.cnf b/primary/tanghao_HIT_EncrypDNS/server/ech/openssl-server2.cnf new file mode 100644 index 0000000000000000000000000000000000000000..a3008eedc6335b746e8fb15b9f2f31b088c0eebc --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/openssl-server2.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server2.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server2.com +commonName_default = server2.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server2.com +IP.1 = 192.168.157.130 diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/server.go b/primary/tanghao_HIT_EncrypDNS/server/ech/server.go new file mode 100644 index 0000000000000000000000000000000000000000..9e9cd84cb6fb0428ef27c50d8f0fb502094dcf9d --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/server.go @@ -0,0 +1,167 @@ +package main + +import ( + "crypto/ecdh" + "crypto/tls" + "crypto/x509" + "encoding/pem" + "fmt" + "log" + "net/http" + "os" + "bytes" + "io" + "net" + // "encoding/base64" + + "golang.org/x/net/dns/dnsmessage" +) + +func main() { + + // 读取并解析ECDH私钥 + pemData, err := os.ReadFile("ecdh_private_key.pem") + if err != nil { + fmt.Println("Error reading PEM file:", err) + return + } + block, _ := pem.Decode(pemData) + if block == nil { + fmt.Println("Error decoding PEM block") + return + } + ecdhSKBytes, err := x509.ParsePKCS8PrivateKey(block.Bytes) + if err != nil { + fmt.Println("failed to marshal private key into PKIX format") + return + } + privateKey := ecdhSKBytes.(*ecdh.PrivateKey) + + // 获取ECH配置列表 + // echConfigList, err := GetECHConfigList(privateKey, []string{"server0.com"}) + // if err != nil { + // fmt.Println("failed to get echconfiglist") + // return + // } + // fmt.Println(echConfigList) + + // 获取特定域名的ECH配置信息 + echConfig, err := GetECHConfig(privateKey, "server0.com") + if err != nil { + fmt.Println("failed to get echConfig") + return + } + + // fmt.Printf("ECHConfig: %s\n", base64.StdEncoding.EncodeToString(echConfig)) + // fmt.Printf("echConfigList Std: %s\n", base64.StdEncoding.EncodeToString(echConfigList)) + + // 配置TLS + tlsConfig := &tls.Config{ + GetCertificate: getCertificateForSNI, + MinVersion: tls.VersionTLS13, + MaxVersion: tls.VersionTLS13, + CurvePreferences: []tls.CurveID{}, + EncryptedClientHelloKeys: []tls.EncryptedClientHelloKey{{ + Config: echConfig, + PrivateKey: privateKey.Bytes(), + SendAsRetry: true, + }}, + } + + // 创建一个http.server实例 + server := &http.Server{ + Addr: ":443", + TLSConfig: tlsConfig, + } + + // 注册 DoH 请求处理函数 + http.HandleFunc("/dns-query", handleECHRequest) + + // 启动 HTTPS 服务器 + log.Println("Starting DoH server on https://localhost:443") + if err := server.ListenAndServeTLS("", ""); err != nil { + log.Fatal("ListenAndServeTLS: ", err) + } + +} + +func handleECHRequest(w http.ResponseWriter, r *http.Request) { + // 读取 DoH+Ech 请求中的 DNS 消息 + dnsRequest := r.Body + defer dnsRequest.Close() + + // 读取请求中的 DNS 消息内容 + var buf bytes.Buffer + _, err := io.Copy(&buf, dnsRequest) + if err != nil { + log.Println("Failed to read DNS request: ", err) + http.Error(w, "Failed to read DNS request", http.StatusInternalServerError) + return + } + + // 解包 DNS 消息 + var msg dnsmessage.Message + err = msg.Unpack(buf.Bytes()) + if err != nil { + log.Println("Failed to unpack DNS request: ", err) + http.Error(w, "Failed to unpack DNS request", http.StatusInternalServerError) + return + } + + // 向真实的 DNS 服务器发送请求 + dnsResponse, err := sendDNSRequestToRealServer(msg) + if err != nil { + log.Println("Failed to send DNS request to real server: ", err) + http.Error(w, "Failed to get DNS response", http.StatusInternalServerError) + return + } + + // 发送 DNS 响应作为 DoH 响应 + w.Header().Set("Content-Type", "application/dns-message") + w.Write(dnsResponse) +} + +// 向真实的 DNS 服务器发送 DNS 请求 +func sendDNSRequestToRealServer(msg dnsmessage.Message) ([]byte, error) { + // 连接到 DNS 服务器 + dnsServer := "114.114.114.114:53" + conn, err := net.Dial("udp", dnsServer) + if err != nil { + return nil, fmt.Errorf("failed to connect to DNS server: %w", err) + } + defer conn.Close() + + // 将 DNS 消息序列化 + dnsBytes, err := msg.Pack() + if err != nil { + return nil, fmt.Errorf("failed to pack DNS message: %w", err) + } + + // 发送 DNS 请求 + _, err = conn.Write(dnsBytes) + if err != nil { + return nil, fmt.Errorf("failed to send DNS request: %w", err) + } + + // 读取 DNS 响应 + responseBuf := make([]byte, 512) + n, err := conn.Read(responseBuf) + if err != nil { + return nil, fmt.Errorf("failed to read DNS response: %w", err) + } + + return responseBuf[:n], nil +} + +func getCertificateForSNI(helloInfo *tls.ClientHelloInfo) (*tls.Certificate, error) { + switch helloInfo.ServerName { + case "server1.com": + cert, err := tls.LoadX509KeyPair("server1.crt", "server1.key") + return &cert, err // 返回结构体的指针 + case "server2.com": + cert, err := tls.LoadX509KeyPair("server2.crt", "server2.key") + return &cert, err // 返回结构体的指针 + default: + return nil, fmt.Errorf("no certificate found for SNI: %s", helloInfo.ServerName) + } +} \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/server1.crt b/primary/tanghao_HIT_EncrypDNS/server/ech/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..16527a177ee9ed3632ceb67dbc70391a948238b4 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUZnwMruHiHhaIKzjoLC1lR0bdzdAwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMjIxMDcwNjU0WhcNMjYw +MjIxMDcwNjU0WjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAN05bYtwhd+jyhux/16/PCXNyNbOU8UY7B5YodbI +FMzTrrULbsKJ6yMCXrzoQ/aFfrIRj5rdU7ypkqornXQ2zHH6CD3FtL2ADOd8oHyw +DBK6fjlPJv+5IgQcqDveNvvZm6gz8QAcAJL0RAagQV9JeU5EEyPnukLynJ+w8oMQ +6eilyZYnVoIyaPfI6E214ZzUy7GA90aiEL75WBHyYfpf0HkdK6tyc2rpZUhMKle3 +GkLwmbs5bbg0OhBUzAyaCy3047brB5B8QBLu8lHXbez5gURd1jYFRRtJc4m5zdvh +wd7/i9OKxYc84hD1oqYgL8vGWsHgg+w30cqHr+KVw2KCo28CAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAMMX +KWIROqD1+v/WfNG90juRBLJ6j+dqLjXZ5I1SUKprPFsRRLvF+rUCgTM0kK/zJ/AJ +XK4826I0BlFPWDo85MfnXOz1O+Q4RujA51pLCAJYQIowaTUlEpQe8Lm4V888l8dJ +YV34xCEG5D82srYfPlUyJXYdX/MNffDFpo2I0gqPzIThZviMyyOhPqHXtVCiMRrp +uvnaz/qCh8WRI3z3aZ1HfDRr9SFoECjE0/hE+xkPg8XG892DaxN9YV43G/873lF0 +wf5KoqzL81+sGnLGFvi/fAJj7AQCQr4urBuyU9L18U6U5QJ4yxlL1VRXLGlq7YbU +D6aFWa+aIB7i2PdZ/Z4= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/server1.csr b/primary/tanghao_HIT_EncrypDNS/server/ech/server1.csr new file mode 100644 index 0000000000000000000000000000000000000000..f682c999a272f416c7475b9079d09068ae3708a5 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/server1.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDdOW2LcIXfo8obsf9evzwlzcjWzlPFGOweWKHW +yBTM0661C27CiesjAl686EP2hX6yEY+a3VO8qZKqK510Nsxx+gg9xbS9gAznfKB8 +sAwSun45Tyb/uSIEHKg73jb72ZuoM/EAHACS9EQGoEFfSXlORBMj57pC8pyfsPKD +EOnopcmWJ1aCMmj3yOhNteGc1MuxgPdGohC++VgR8mH6X9B5HSurcnNq6WVITCpX +txpC8Jm7OW24NDoQVMwMmgst9OO26weQfEAS7vJR123s+YFEXdY2BUUbSXOJuc3b +4cHe/4vTisWHPOIQ9aKmIC/LxlrB4IPsN9HKh6/ilcNigqNvAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjEuY29thwTAqJ2BMA0GCSqG +SIb3DQEBCwUAA4IBAQAJTftb3rGi7bX+pcX5YUYQPSxMMgItMANdA7UIr9HmopUz +erC3tD7wPpdNJWg7RMpTTb7OxP6E1GNcZRGOklVysTinReruB3ruK7fhp16ZsTXH +MqxpypsAtpB4Mk4G508+gSHsCbbEq9XGugth2yIVtd3aGTrjKeO0AvD4bwCzoOZC +HLtzsosHUhoiGn9UF3Cm6yQwcqHjSn1e4sgiONINORrSK0WCSLBr1RsEep7DQ2pt +ta27A5m3acjISyWYCsw+75PfIZ0np8RrWcWjCJNc9+1JKIlwI9ns6kuMDbnyuW+5 +VWhZOwOIvPDRbdPF3Ft94Sev+PooWhna1LgJieDo +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/server1.key b/primary/tanghao_HIT_EncrypDNS/server/ech/server1.key new file mode 100644 index 0000000000000000000000000000000000000000..aea75795b5f7d8f4177dba0440c1788e831578af --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/server1.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3Tlti3CF36PKG7H/Xr88Jc3I1s5TxRjsHlih1sgUzNOutQtu +wonrIwJevOhD9oV+shGPmt1TvKmSqiuddDbMcfoIPcW0vYAM53ygfLAMErp+OU8m +/7kiBByoO942+9mbqDPxABwAkvREBqBBX0l5TkQTI+e6QvKcn7DygxDp6KXJlidW +gjJo98joTbXhnNTLsYD3RqIQvvlYEfJh+l/QeR0rq3JzaullSEwqV7caQvCZuzlt +uDQ6EFTMDJoLLfTjtusHkHxAEu7yUddt7PmBRF3WNgVFG0lzibnN2+HB3v+L04rF +hzziEPWipiAvy8ZaweCD7DfRyoev4pXDYoKjbwIDAQABAoIBAQCVEXp4aGU9UoAA +84tRy+j6zFTWMggOmwGYXT8InKAveUCTbFXBLvBMEe/GuXf6aO/7i4vJ3fPsABP9 +KRCbW8Wd086z2UI2I1AOuFLoUjSAdjxR3702ughq3uiaFt3UDUkvKXjvCu90Fra0 +BE6op7je/U4sdpxzOkpB7RktKjuD8NnkB/UZx/Jq3INWZjmyLwhQUxw3He7p0NIT +bT1nmVG/S0bb9rjnKnA+LbxBEkCR0wtyAb29iEz4kGe4yWjM6RI6Mo0b4L1HTkv4 +kXqN/hoA2Vaz4GyRuB6LHwJApiLao9tBE3M4DkVzQu/5Vo0Jn4rhar9s2ir+pY+u +EonI+VMJAoGBAPqkaSQMOcWH+JBA6Fp3mMZs7vleLxuMr2qZdFqIaD+TBFJO/5k1 +Ms586ivT+zfJ6whRqn4L6ofHcPonQQiAi0vCo1FQfIZuY8nt3XxMvRI0R7SrLl72 +bA6z2Obs2NSQR/wJPSn5SAKan0R8wE3PEeR33p2sEatBbKcB19sPgc8jAoGBAOH0 +CJyvnzClcqP8KwbVO2c5FYKmyTF/e5dErtWyTyl6MS8RZFNxR+qtyJkaf6OKVuvP +W5x/GaplVV6KdkghCKZpCcZ6oV9uFtz3iR3glCFjt6ScT49zEVhFpBKC9DMsgsN0 +B0/WXRf8RLEFnChQoU5TNB0alMraDSA397LGT2VFAoGAW0I9nghtiISHdk6Ly1S8 +ZZMIN/eZA1joDdIt0UDVZEBtVGK7IdeC1jgZMzgNwjRcxTym7Rn9nM57Tjm4rhXP +ohgOSu8ZSAEtiDp5aGaweM5cRWYGjkD++yN0mDAoisy1yQi8ImpHU9tknhUmF66L +fzo97f7WuBosK2q6Y2J0Cy0CgYACbVyqUjijjSNuH4dWy3OX6EUS4jfHEFeDiHlY +UlIHYAinOMibHNxo6PT+sAou9413ewLA65ya9/uyyEn8/F3ba8VvHGIfZE9akE4o +xADTWv7eBc/U+qd1C0p36HA3HINLFjP954+Ycl1KiYTj6fnRnZMxvNdcVntNnUxL +31V7AQKBgQDb8xE+46F39GUpV0EhxgA6OvdHAE5wvpx+snPTQN46mmyZAvV+ypkg +0OIpuew4xlrExRh3wTHbvrGbSWvuEeVrmGvpC6AncZuQI2vYgqRgLYqrSILp0lM+ +1la5uyIAK8Cxx+AviCYHYPTCk6cV3sD9VvnT9KIK78ebKpJT+8DjgQ== +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/server2.crt b/primary/tanghao_HIT_EncrypDNS/server/ech/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..a9810c807dee0537189a6c8a12ab5ff3ed5c0f70 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUSWM9/NB0BBSRz1yrbvCexXMvWCAwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMjIxMDcwNzEyWhcNMjYw +MjIxMDcwNzEyWjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANM1OQ+fwe7Qvsj0XvmqxyB6TnuE4ikhTIXQlGnO +ZocdFhLk3DzrrgCcmU5hQA/Ye/lBsGHIykaNOiK1X8oPiLx/lOyk6go+hN2a1HpV +EAQW3HzqAsJxv0Dfm2PhGThiayZodyouB/wqjcXljwYycdVa3bGCegHbcp1j2gFN +hsLHNnEWRyeAp/y+b7i5znJ7M9DiWJqIlMvqoe01zUHCfGta+czPmvU/86S7WdDF ++X/IMud+iYWjehUkeiRRMNJraJF5j89Lr2GK/Vz5X+AygBRwqFR/AWI4umMSBbbd +q0cl9N6dGo0dz8zGeN8fWNlyWYqnqy0nuneakIox5SgjCxMCAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBAGhi +2OTSElEH45OAAUlrUdUfZMJnPKGlujyYiqXt7GyuXOmwwjXMTBt+TwJm6pAOvEyZ +SpDYL7X3hCyqfts8VbWjYNFWaExsLEpZHL2UPe+0p/DeAuq34k52Lf0n/91U4L4P +YCfeC+vlykZPeHhPd92kCK5okg1kmH2sOmflDqeNRC6EAdoTPa9BEqlq9WWqvlHU +BK377zfP/CklUG4HxkB7K4JuH512y4WIPtPzXGq8Hq94Gkkc0hYn/ITqEKCvyG8X +3/h9Yw/kt4Vq0hk2jgW2LurnI0C3BSPgEABv16RGnN3/raozj/TEORhukUXQa9qe +pNY4b89HdiG7r0EPkAo= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/server2.csr b/primary/tanghao_HIT_EncrypDNS/server/ech/server2.csr new file mode 100644 index 0000000000000000000000000000000000000000..5661770e73d2adbb94477ec8132d767a7a5e3c76 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/server2.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDTNTkPn8Hu0L7I9F75qscgek57hOIpIUyF0JRp +zmaHHRYS5Nw8664AnJlOYUAP2Hv5QbBhyMpGjToitV/KD4i8f5TspOoKPoTdmtR6 +VRAEFtx86gLCcb9A35tj4Rk4YmsmaHcqLgf8Ko3F5Y8GMnHVWt2xgnoB23KdY9oB +TYbCxzZxFkcngKf8vm+4uc5yezPQ4liaiJTL6qHtNc1BwnxrWvnMz5r1P/Oku1nQ +xfl/yDLnfomFo3oVJHokUTDSa2iReY/PS69hiv1c+V/gMoAUcKhUfwFiOLpjEgW2 +3atHJfTenRqNHc/MxnjfH1jZclmKp6stJ7p3mpCKMeUoIwsTAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjIuY29thwTAqJ2CMA0GCSqG +SIb3DQEBCwUAA4IBAQBozyeTaGo4mpfApv8CA4zZkC/8a5eKgoSXbXuie+mOESi/ +G6tFMnFq5PacHtyJ6oMSlgFW+8cNDUsnrDXMBP6z60t2rTTgu7cDN3HbmjLz7h6Q +byyWCe3lCoE1aV3sOfxwRLsPC4dsr9qxG3yhvQqzK1zSwEz9eixkeO3jb6R+Ip4X +/OQyXsLpHKpGQYEjnhXsDLNWfIDRr0C/SLNIKDBh5EoKkKG0Q4ERWedjK7Nd03QC +R7+qYWer40dgSQlSKn2r6k/XI+kcFPC8v+ACiDxCoW7gfm/XkTn+KptKvxDQB1kA +3FeQSfwvnHnR2u2OOheG8uwBdN6VSfmmuCIeeQEt +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/ech/server2.key b/primary/tanghao_HIT_EncrypDNS/server/ech/server2.key new file mode 100644 index 0000000000000000000000000000000000000000..4eb4a0cda9e0389ffee6851b7f1060efacd371db --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/ech/server2.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0zU5D5/B7tC+yPRe+arHIHpOe4TiKSFMhdCUac5mhx0WEuTc +POuuAJyZTmFAD9h7+UGwYcjKRo06IrVfyg+IvH+U7KTqCj6E3ZrUelUQBBbcfOoC +wnG/QN+bY+EZOGJrJmh3Ki4H/CqNxeWPBjJx1VrdsYJ6AdtynWPaAU2Gwsc2cRZH +J4Cn/L5vuLnOcnsz0OJYmoiUy+qh7TXNQcJ8a1r5zM+a9T/zpLtZ0MX5f8gy536J +haN6FSR6JFEw0mtokXmPz0uvYYr9XPlf4DKAFHCoVH8BYji6YxIFtt2rRyX03p0a +jR3PzMZ43x9Y2XJZiqerLSe6d5qQijHlKCMLEwIDAQABAoIBADebsL1bW60sCr9Q +D91+SFVVvmopD36yxLoKs7iz3iy+zLwGw7HKf5KrqHWJh1tkrSdwUyc7vX4b2u2e +gWzq8B5pHOW9ed1eno7WIBFhagkZl83PsxBM8IT9GqWOc5xz1TBUmuNhITsUXSV4 +jlKcX3pEJVCCQOtSQvgLfS+QoOWRIUj80uSE0pTNYrGLrpICF+FXf0vlbxfC2epZ +1UEgY5To2dBUV744yahre+t8KygnGz2OtXI0J0sRyZRF2Ahvz/iJeag/k5kFvOJd +KjDBARtu+PPtM5oFhRAT2XowsmwquiDQFO8k6oATBRi3+pSz3429bnjZIlxsiZ9C +DQitLGkCgYEA8ktOcOlCU1bi9CStf9nm7NSZIyV8mKs/5xeZNtxKOCkAWJqX39ub +adlzV3dJZ9o4m8jvTych5jYGxpaOSBB/TA+cA4xUYeLtUt7y1KPUT/mFiEw6TFKs +4X/0MFdsPS2o6a6dtA7Cimr7FlCZG0fWMjtjSgyC0DGCqn9NTfXJRkUCgYEA3yfA +kaKV4Mg3+sVQVGMCqS4svk0cjqIKQ/LEyOochf6Luh5R5qau8LXTb3xV8Ml5wqOg +d7u6e3Kd+ycaVbnPJRehjA7Xu7+6MpGynyW1xL5LXMI5WYR/tbsttwRntAZkVkBF +Gt6lbZLZr0OhNVqt6KWdTg8KFKNPquDlcmCIbXcCgYBE/pi5olKWtLkv2HnnXD9b +1TY+QeB3ANzTi26/pn8j+tj0YiE5R6m7vIYRtBAdGJDiG5e5rGUEzwGi7yBY+Qmm +uRMuF3m33gzCemYfkv9UPrN9mmdHcIt2Mx9v3JUf3q6ozGZv7XwMOmaBdjYDBLPD +3hFp9qIRcufIcTOsLX9BGQKBgQCq1kf6Njn/h8gzVvMUZ2gWFJ90YJxIJY0uT6CP +H4sOmbxmk+enaFvtM4XWh51TZSqt845Zm4I8F5cSOvFSR5lpkBnAm2xU84acSCYy +6C+rmvMe5CH7ghAzFET/I4QwseQGk9VTqLeElzPHlULJEc6pmIBAzgqtmgjXjKyb +T4OiKQKBgC/RRz9kUrO8svfrIB+ljuIebB/03QZmgQW3tlYzKyYi/1LFwM/CCcaU +7g0DynXqmdbUvOS7+pWED0SBDk86yZsv+haPdDK3/fGKwbVI4fDNK4sUBqdSDnqG +WoAXTVCdp25gpAj1icQG+k1OOiXD6d7DUZp9CVMsaae+0DQWu9S7 +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/esni b/primary/tanghao_HIT_EncrypDNS/server/esni/esni new file mode 100644 index 0000000000000000000000000000000000000000..d9d03f38ee693bfe5706d354e510e61b3a62e507 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/esni @@ -0,0 +1 @@ +=34h'72ĂGK!Be3 \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/esni.pub b/primary/tanghao_HIT_EncrypDNS/server/esni/esni.pub new file mode 100644 index 0000000000000000000000000000000000000000..7e767106fefb5a6596d2fd3679b2f8f08e93819b --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/esni.pub @@ -0,0 +1 @@ +/wF4rb+OACQAHQAg6bCH1VM3MX7Tid35wBfnMx7eF6M02A9CdwfwNRpBr2cAAhMBAQQAAAAAZ7VvtAAAAABn7F40AAA= diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/esnitool/esnitool.go b/primary/tanghao_HIT_EncrypDNS/server/esni/esnitool/esnitool.go new file mode 100644 index 0000000000000000000000000000000000000000..2fc64ef81d678308341b8634d1322d6ef0003400 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/esnitool/esnitool.go @@ -0,0 +1,137 @@ +// Standalone utility to generate ESNI keys. +// Can be run independently of tris. +package main + +import ( + "crypto/rand" + "crypto/sha256" + "crypto/tls" + "encoding/base64" + "flag" + "fmt" + "io/ioutil" + "log" + "time" + + "golang.org/x/crypto/cryptobyte" + "golang.org/x/crypto/curve25519" +) + +// Internal definitions, copied from common.go and esni.go + +type keyShare struct { + group tls.CurveID + data []byte +} + +const esniKeysVersionDraft01 uint16 = 0xff01 + +func addUint64(b *cryptobyte.Builder, v uint64) { + b.AddUint32(uint32(v >> 32)) + b.AddUint32(uint32(v)) +} + +// ESNIKeys structure that is exposed through DNS. +type ESNIKeys struct { + version uint16 + checksum [4]uint8 + // (Draft -03 introduces "public_name" here) + keys []keyShare // 16-bit vector length + cipherSuites []uint16 // 16-bit vector length + paddedLength uint16 + notBefore uint64 + notAfter uint64 + extensions []byte // 16-bit vector length. No extensions are defined in draft -01 +} + +func (k *ESNIKeys) serialize() []byte { + var b cryptobyte.Builder + b.AddUint16(k.version) + b.AddBytes(k.checksum[:]) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, ks := range k.keys { + b.AddUint16(uint16(ks.group)) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(ks.data) + }) + } + }) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, cs := range k.cipherSuites { + b.AddUint16(cs) + } + }) + b.AddUint16(k.paddedLength) + addUint64(&b, k.notBefore) + addUint64(&b, k.notAfter) + // No extensions are defined in the initial draft. + b.AddUint16(0) + // Should always succeed as we use simple types only. + return b.BytesOrPanic() +} + +func generateX25519() ([]byte, keyShare) { + var scalar, public [32]byte + if _, err := rand.Read(scalar[:]); err != nil { + panic(err) + } + curve25519.ScalarBaseMult(&public, &scalar) + ks := keyShare{ + group: tls.X25519, + data: public[:], + } + return scalar[:], ks +} + +// Creates a new ESNIKeys structure with a new semi-static key share. +// Returns the private key and a new ESNIKeys structure. +func NewESNIKeys(validity time.Duration) ([]byte, *ESNIKeys) { + serverPrivate, serverKS := generateX25519() + notBefore := time.Now() + notAfter := notBefore.Add(validity) + k := &ESNIKeys{ + version: esniKeysVersionDraft01, + keys: []keyShare{serverKS}, + cipherSuites: []uint16{tls.TLS_AES_128_GCM_SHA256}, + // draft-ietf-tls-esni-01: "If the server supports wildcard names, it SHOULD set this value to 260." + paddedLength: 260, + notBefore: uint64(notBefore.Unix()), + notAfter: uint64(notAfter.Unix()), + } + data := k.serialize() + hash := sha256.New() + hash.Write(data[:2]) // version + hash.Write([]byte{0, 0, 0, 0}) + hash.Write(data[6:]) // fields after checksum + copy(k.checksum[:], hash.Sum(nil)[:4]) + return serverPrivate, k +} + +func main() { + var esniKeysFile, esniPrivateFile string + var validity time.Duration + flag.StringVar(&esniKeysFile, "esni-keys-file", "", "Write base64-encoded ESNI keys to file instead of stdout") + flag.StringVar(&esniPrivateFile, "esni-private-file", "", "Write ESNI private key to file instead of stdout") + flag.DurationVar(&validity, "validity", 24*time.Hour, "Validity period of the keys") + flag.Parse() + + serverPrivate, k := NewESNIKeys(validity) + esniBase64 := base64.StdEncoding.EncodeToString(k.serialize()) + if esniKeysFile == "" { + // draft -01 uses a TXT record instead of a dedicated RR. + fmt.Printf("_esni TXT record: %s\n", esniBase64) + } else { + err := ioutil.WriteFile(esniKeysFile, []byte(esniBase64+"\n"), 0644) + if err != nil { + log.Fatalf("Failed to write %s: %s", esniKeysFile, err) + } + } + if esniPrivateFile == "" { + fmt.Printf("ESNI private key: %x\n", serverPrivate) + } else { + err := ioutil.WriteFile(esniPrivateFile, serverPrivate, 0600) + if err != nil { + log.Fatalf("Failed to write %s: %s", esniPrivateFile, err) + } + } +} diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/go.mod b/primary/tanghao_HIT_EncrypDNS/server/esni/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..a61ee0ec42ddc41b58fa4fda61b02fb6fe4a6456 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/go.mod @@ -0,0 +1,11 @@ +module github.com/devopsext/esni-rev-proxy + +go 1.13 + +require ( + github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa // indirect + github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892 // indirect + github.com/paulbellamy/ratecounter v0.2.0 + github.com/prometheus/client_golang v1.5.1 + golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 +) diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/go.sum b/primary/tanghao_HIT_EncrypDNS/server/esni/go.sum new file mode 100644 index 0000000000000000000000000000000000000000..c9729e71dce5081a8d97fd6e7de8a25b326039ef --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/go.sum @@ -0,0 +1,100 @@ +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa h1:2pQJShMsIfrl5+NnJRzWSmp6FDUZY3LcnviKOYn9qWM= +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa/go.mod h1:o/DcCuWFr9jFzwO+c3y1hhwqKHHKfJ7HvLhWUwRnqfo= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892 h1:UzltRpUK5PPlNYBBBc2ekotYJMIPjga7Wee8ADW3j+I= +github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892/go.mod h1:+liTPsuK0xSOSyNKhVz4h7Khig8zW4NcvxdVbzS0Jyw= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/paulbellamy/ratecounter v0.2.0 h1:2L/RhJq+HA8gBQImDXtLPrDXK5qAj6ozWVK/zFXVJGs= +github.com/paulbellamy/ratecounter v0.2.0/go.mod h1:Hfx1hDpSGoqxkVVpBi/IlYD7kChlfo5C6hzIHwPqfFE= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.5.1 h1:bdHYieyGlH+6OLEk2YQha8THib30KP0/yD0YH9m6xcA= +github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U= +github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 h1:dfGZHvZk057jK2MCeWus/TowKpJ8y4AmooUzdBSR9GU= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82 h1:ywK/j/KkyTHcdyYSZNXGjMwgmDSfjglYZ3vStQ/gSCU= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/openssl-server1.cnf b/primary/tanghao_HIT_EncrypDNS/server/esni/openssl-server1.cnf new file mode 100644 index 0000000000000000000000000000000000000000..1249b07641a86e5711cd480b43eb1a1ed95eff57 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/openssl-server1.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server1.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server1.com +commonName_default = server1.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server1.com +IP.1 = 192.168.157.129 diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/openssl-server2.cnf b/primary/tanghao_HIT_EncrypDNS/server/esni/openssl-server2.cnf new file mode 100644 index 0000000000000000000000000000000000000000..a3008eedc6335b746e8fb15b9f2f31b088c0eebc --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/openssl-server2.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server2.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server2.com +commonName_default = server2.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server2.com +IP.1 = 192.168.157.130 diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/order.txt b/primary/tanghao_HIT_EncrypDNS/server/esni/order.txt new file mode 100644 index 0000000000000000000000000000000000000000..d00a81a3c18ebcc4f2bbf835e800e67056f0900a --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/order.txt @@ -0,0 +1,9 @@ +sudo vim /etc/sudoers + +/usr/local/go/bin + +export GOROOT=$(pwd)/.GOROOT +sudo -E go run server.go + +sudo lsof -i:443 +sudo kill -9 13105 \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/server.go b/primary/tanghao_HIT_EncrypDNS/server/esni/server.go new file mode 100644 index 0000000000000000000000000000000000000000..1df0246b9df2c2f9f6e37a9ed29d63147302a7a4 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/server.go @@ -0,0 +1,148 @@ +package main + +import ( + "bytes" + "crypto/tls" + "encoding/base64" + "fmt" + "io" + "io/ioutil" + "log" + "net" + "net/http" + + "golang.org/x/net/dns/dnsmessage" +) + +func main() { + var err error + + //加载ESNI密钥 + var esniKeys *tls.ESNIKeys + var esniPrivateKey []byte + esniPrivateKey, err = ioutil.ReadFile("esni") + if err != nil { + log.Fatalf("Failed to read ESNI private key: %s", err) + } + contents, err := ioutil.ReadFile("esni.pub") + if err != nil { + log.Fatalf("Failed to read ESNIKeys: %s", err) + } + esniKeysBytes, err := base64.StdEncoding.DecodeString(string(contents)) + if err != nil { + log.Fatal("Bad -esni-keys: %s", err) + } + esniKeys, err = tls.ParseESNIKeys(esniKeysBytes) + if esniKeys == nil { + log.Fatalf("Cannot parse ESNIKeys: %s", err) + } + + //配置TLS + tlsConfig := &tls.Config{ + GetCertificate:getCertificateForSNI, + MinVersion: tls.VersionTLS13, + MaxVersion: tls.VersionTLS13, + CurvePreferences: []tls.CurveID{}, + GetServerESNIKeys:func([]byte) (*tls.ESNIKeys, []byte, error) { return esniKeys, esniPrivateKey, nil }, + Accept0RTTData: true, + } + + //创建一个http.server实例 + server := &http.Server{ + Addr: ":443", + TLSConfig: tlsConfig, + } + + // 注册 DoH 请求处理函数 + http.HandleFunc("/dns-query", handleESNIRequest) + + // 启动 HTTPS 服务器 + log.Println("Starting DoH server on https://localhost:443") + if err := server.ListenAndServeTLS("", ""); err != nil { + log.Fatal("ListenAndServeTLS: ", err) + } + + +} + +// 处理 ESNI 请求 +func handleESNIRequest(w http.ResponseWriter, req *http.Request) { + // 读取 ESNI 请求中的 DNS 消息 + dnsRequest := req.Body + defer dnsRequest.Close() + + // 读取请求中的 DNS 消息内容 + var buf bytes.Buffer + _, err := io.Copy(&buf, dnsRequest) + if err != nil { + log.Println("Failed to read DNS request: ", err) + http.Error(w, "Failed to read DNS request", http.StatusInternalServerError) + return + } + + // 解包 DNS 消息 + var msg dnsmessage.Message + err = msg.Unpack(buf.Bytes()) + if err != nil { + log.Println("Failed to unpack DNS request: ", err) + http.Error(w, "Failed to unpack DNS request", http.StatusInternalServerError) + return + } + + // 向真实的 DNS 服务器发送请求 + dnsResponse, err := sendDNSRequestToRealServer(msg) + if err != nil { + log.Println("Failed to send DNS request to real server: ", err) + http.Error(w, "Failed to get DNS response", http.StatusInternalServerError) + return + } + + // 发送 DNS 响应作为 DoH 响应 + w.Header().Set("Content-Type", "application/dns-message") + w.Write(dnsResponse) +} + +// 向真实的 DNS 服务器发送 DNS 请求 +func sendDNSRequestToRealServer(msg dnsmessage.Message) ([]byte, error) { + // 连接到 DNS 服务器 + dnsServer := "114.114.114.114:53" + conn, err := net.Dial("udp", dnsServer) + if err != nil { + return nil, fmt.Errorf("failed to connect to DNS server: %w", err) + } + defer conn.Close() + + // 将 DNS 消息序列化 + dnsBytes, err := msg.Pack() + if err != nil { + return nil, fmt.Errorf("failed to pack DNS message: %w", err) + } + + // 发送 DNS 请求 + _, err = conn.Write(dnsBytes) + if err != nil { + return nil, fmt.Errorf("failed to send DNS request: %w", err) + } + + // 读取 DNS 响应 + responseBuf := make([]byte, 512) + n, err := conn.Read(responseBuf) + if err != nil { + return nil, fmt.Errorf("failed to read DNS response: %w", err) + } + + return responseBuf[:n], nil +} + +func getCertificateForSNI(helloInfo *tls.ClientHelloInfo) (*tls.Certificate, error) { + switch helloInfo.ServerName { + case "server1.com": + cert, err := tls.LoadX509KeyPair("server1.crt", "server1.key") + return &cert, err // 返回结构体的指针 + case "server2.com": + cert, err := tls.LoadX509KeyPair("server2.crt", "server2.key") + return &cert, err // 返回结构体的指针 + default: + return nil, fmt.Errorf("no certificate found for SNI: %s", helloInfo.ServerName) + } +} diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/server1.crt b/primary/tanghao_HIT_EncrypDNS/server/esni/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..336785696b410a9db8a25a2d7c05c13f3946210c --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUI1htxOu+K5DN8y3U4REFuWd9DbwwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMjIwMTQxMzU5WhcNMjYw +MjIwMTQxMzU5WjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMgHkHcHprUbetE0rsffOADDK5m/8Gse3ZlgqwS4 +KgmEBsNl6L8LFTdScxbxBjCXFut2A67Dqupu5coO8a22FmXvrog1RvwL3gqxGKhz +q7lEsDvkromIRaB9KMqWbpOzvJeR9e6jGLA/IKsSph2XQDSOPWz0Sc3pIHDLSutp +i1aYJLNr7G6nWcMOH2RMQYrRJupYOLyybOtbRNT81YbYZH/j5dt3N1NqpPOrl5bc +UO1IYx5Dc0IUQViUjfaCRICpuFeEz5e9LrBCHcXE6c7AmKSnDJB3eMTc1wKvLQ3M +8lOnZLGE460+VnDkoV36wsCndutyC6VTGlVlfgXNVEl9NLECAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAB3R +1gDV/sVM+x1qMnOSvKfldEDYaW76gXyrLbZf9m66CYMy+2CBQX2+liiyuuH8Rsq8 +P4h9du0QG/j8pvUnNa6Yjjnq3RVYeH6YSnkg5ln2y6S57ALTju1AKpBPz1B0B2O/ +3uetBcmRKGICHih7+RqCnMb/9AspAm6MTTST/SWlkHlvmI7+sJDoMq8fD+jw2AUh +muqwj30a6ma1mblELu1Q5PU3LN2ho2YPTHR/4K7o8LYYj33JM0IUycF7TwY6FUFK +yYZCOxpdJ5v1WY0x8lMjF7LtgyjXc/tv4AQsuUmKGBotwzFpT046juUTFUMXFaef +OvbDct1IHLBsc2ZbuiY= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/server1.csr b/primary/tanghao_HIT_EncrypDNS/server/esni/server1.csr new file mode 100644 index 0000000000000000000000000000000000000000..4ee16c1b2c2d5f43a638c9aa9220697318e97d63 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/server1.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIB5B3B6a1G3rRNK7H3zgAwyuZv/BrHt2ZYKsE +uCoJhAbDZei/CxU3UnMW8QYwlxbrdgOuw6rqbuXKDvGtthZl766INUb8C94KsRio +c6u5RLA75K6JiEWgfSjKlm6Ts7yXkfXuoxiwPyCrEqYdl0A0jj1s9EnN6SBwy0rr +aYtWmCSza+xup1nDDh9kTEGK0SbqWDi8smzrW0TU/NWG2GR/4+XbdzdTaqTzq5eW +3FDtSGMeQ3NCFEFYlI32gkSAqbhXhM+XvS6wQh3FxOnOwJikpwyQd3jE3NcCry0N +zPJTp2SxhOOtPlZw5KFd+sLAp3brcgulUxpVZX4FzVRJfTSxAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjEuY29thwTAqJ2BMA0GCSqG +SIb3DQEBCwUAA4IBAQBz28MUTrdUKS/xJHRi/M1GbrsZz5MXcP+JqnS3POHcdl7y +kSLUlECiGH+AdOfhEsVMWrmBUj1LE0ir1ArR2AuCe+MSgFyE7ZJdWDQhd/h28ugO +SF7YwhCPLyF8xC4gOH6Qq8ytsEMCKsJmgqHcXNsocMvz0wHmPXEuHbabAGmSYqFu +e5tJ/0OKRQOOyLF7a/ENN53aENLmRaZugbIx9WtEfR83fW3Skhrh24J2UBvMVIWR +aE1OEpSJ/2VBFXUQrMblB1uIPcf76FIA/dn9dGg/iKzUv6MH59vV3jH6BSlKTKoZ +CfL1qmM/u2RhBQYFJQKVe3UzTPsh9WkknOM7+12i +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/server1.key b/primary/tanghao_HIT_EncrypDNS/server/esni/server1.key new file mode 100644 index 0000000000000000000000000000000000000000..ac2c12a487212d337352d8620be5f58788c12ded --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/server1.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyAeQdwemtRt60TSux984AMMrmb/wax7dmWCrBLgqCYQGw2Xo +vwsVN1JzFvEGMJcW63YDrsOq6m7lyg7xrbYWZe+uiDVG/AveCrEYqHOruUSwO+Su +iYhFoH0oypZuk7O8l5H17qMYsD8gqxKmHZdANI49bPRJzekgcMtK62mLVpgks2vs +bqdZww4fZExBitEm6lg4vLJs61tE1PzVhthkf+Pl23c3U2qk86uXltxQ7UhjHkNz +QhRBWJSN9oJEgKm4V4TPl70usEIdxcTpzsCYpKcMkHd4xNzXAq8tDczyU6dksYTj +rT5WcOShXfrCwKd263ILpVMaVWV+Bc1USX00sQIDAQABAoIBAHIPLidRa5P12XCV +s9wwwoRcxe3j7rmGXiHpZ1tHkGDgseKVp8PYE/75urqoMTlfzifxoWP0Gu+W0N0I +7HJ7VAZIR6NPjeyG79P06/SSEKeSLVPZsFSoKdu7wpjScrcyVCWxiyTKR3eoZ35l +IefZqTjOquQH4FXTyzXGFjBqfJOhJ1yXJ5fiLcZl7epdQFjJY3Q/eqzBIQR0Kt6R +V/nQXkqfkUX1YnK2tYAhHK8CTDnnRVPGvZxPU+t+3H6iI3y6yi8BJo3/uQXoYz2P +qTbZ8CTfhJ0qL1NRqf8SwXGbKpSHM+IFop5cMic1veE/c1aYle6bzrjB26yHIyBc +Wzm7rUkCgYEA7YMlO/eGqe3SUj7pxGUWO7W5YIhqPBG6ebecNI0+RzWZFdO0G1xA +/PsKtRHSGGrxrRdckrmHsab1bG9FyDiiQUfu0HLYULFSkZt/uiN+itnKE8PXBvJ9 +5KHrM8T2NBGQyRegZAvj+E8Fa1HB3AkhvLh6V2N29ScvzIvm1jFYJrsCgYEA15mC +N9mOVkDCffeIpAs1CFmGLT5hf3DgjEqaOS7sXBoJ9B8eF/pVWLvK5lPjaVnpOCL1 +8EE3U622Jf+J9nyf73OUQnnPUo0kA4pxo9y5TJBnb5u1lOY3c7Vx+IPKEZMy3qwJ +KFejD4/nbJV+1wd0Gr2bqqKqgRG/YBG8ix+JeYMCgYEA4iLhiqzr3FMA0ynvbPxK +JOOq8owvia3ffBAje62XRDl13eBJNVuqzLNAyJGFFZaNMB50F4bp+W1bcrinGjFB +2yHf8TvHVVzfnp8NB27QBufBjPwDeSvcTZkU1Z+MQpsO3UfPgDIKBdtG751SFGvl +YUfLw/SByHxc+EWjrQAiTA0CgYAMZv5ArDkt6QfHK0gm96YTVuMLEz2UkS+5okkA +5RwfqDfOXUPj6TijpBnl6gl48/0gh5JSQc4m+CU0RmDvVvf0VFfBAzTT8N6TfZFP +9dCLAPuSRgjKCfxCobtuqlYjcK5KdOcJ9RCiQorzih4DzJ/3MdUUmcrpJdY2do68 +ChJkdQKBgBDbtwoOhTkh5hodUSWev+AKMBlwzLAKScD837fPTB2uXEtMliKcUalH +GxLsBgeEdhREFlDjuFB1blTNK/pU7UZN6pvHv/OvJleo2qa4ysFo4KlyXS+x3KiA +vnU4KQXhoyQQ5KL854Wg5aY5mij8TACgMqhYuCH57rigkR2tiMvv +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/server2.crt b/primary/tanghao_HIT_EncrypDNS/server/esni/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..2ff1f58807f8a1386633e0970b96fb3f35c6d059 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUd/5f/msqQ2ynp3ajRCVQPyexD0QwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMjIwMTQxNDE2WhcNMjYw +MjIwMTQxNDE2WjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAOzOpMQH+39lDXez5aOeZIJXIEQ2iJ6e489smwm7 +Eld8Cpx5nZM6RuFMHUtZN81PBxan/IINTkzAwhzuqrMv8ZKGl3nCaKqAOTn6tfyu +X1IhdqWqQLxAfOCPr0T0UdQ/xJZr7zCASIYOd6ZQjDpD9a5dlEZcrb0Vn1dMfgTd +ZYiSP30PxpjYltUgCFs/fDB+pM7e/jtEb7Nwad6JeoQqmnhydsiCvc6GCoisnd34 +UQaodJgkf0MZDsruGKbWydQ5jLUnBNOQKikRd87Gh37I6EPsaz44T5dGZg0ToHdX +pzalNdna7rw+CwWYSEO+5rQ0PaiiyNaJDkJTs3PEv3f5dwECAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBAKrL +Yq9eywj6n2UlKIh6hEn6vN3pe8cXkt/dpvmFTOcQ3rG+PPq11XOz0u3alnGc2/7l +iaLJC02tph3IqSBHVDMRvPd6LbCpa3q3AnNN3ZpDog5PObL03slCW5Ns3riBCeFG +ewufm6fMo5mKJRqbH26s4I13S8L/bUYUNeiM9TWYn6QeSFB2HVp1SpWqOiLqWBfq +nRD/h8JyfFeNvfT9NNFqft2qj2+eV1aVJ3JBYYnLNqCvzI2FAUv6pg+BYO9txYnp +25okHH8HilzOhEZbROYdzvQdC9wyEXnAnX3EKfWPOC61uNcDCRC3t/0VcoMTdsjq +bPjvgdocqpEVEN7lFwk= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/server2.csr b/primary/tanghao_HIT_EncrypDNS/server/esni/server2.csr new file mode 100644 index 0000000000000000000000000000000000000000..35b3c5e017bc7050814d9fd45caf39e1a6090019 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/server2.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDszqTEB/t/ZQ13s+WjnmSCVyBENoienuPPbJsJ +uxJXfAqceZ2TOkbhTB1LWTfNTwcWp/yCDU5MwMIc7qqzL/GShpd5wmiqgDk5+rX8 +rl9SIXalqkC8QHzgj69E9FHUP8SWa+8wgEiGDnemUIw6Q/WuXZRGXK29FZ9XTH4E +3WWIkj99D8aY2JbVIAhbP3wwfqTO3v47RG+zcGneiXqEKpp4cnbIgr3OhgqIrJ3d ++FEGqHSYJH9DGQ7K7him1snUOYy1JwTTkCopEXfOxod+yOhD7Gs+OE+XRmYNE6B3 +V6c2pTXZ2u68PgsFmEhDvua0ND2oosjWiQ5CU7NzxL93+XcBAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjIuY29thwTAqJ2CMA0GCSqG +SIb3DQEBCwUAA4IBAQBIscLMyawu8nkdYTguFQZ58dicb7apaadsFE/uM7ey4I2T +b70W/f5ZTGPO/sl4+wgQdQZtYHZMPmGqJyaOwkpfUhGFHp6I7AIOq9A316fauRjq +zXE/matK0bpcuX9L3tOWTF3mFNYU+6TEuzGF9YtRTU6qVE/iObbdp/gW1wRBPdBx +qMiSB9BSu7Oseh0jf/bsWuLwcoKZ7uo+j2CMMehu6NGQYcw7O8pm8NsxH0bx4KcX +y1MfMNxepeO1EyfkGhUZo/akb5CfXUfwvPz1FRSSk+r9I6QVx/uW9N0gAX9zkR49 +HlTbrms9CQq1FOOFtnbRO6kMqneSHfYJNsu5GNL0 +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/esni/server2.key b/primary/tanghao_HIT_EncrypDNS/server/esni/server2.key new file mode 100644 index 0000000000000000000000000000000000000000..faef3523fda7fb772c0d5fcb6176dbede5e82163 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/esni/server2.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA7M6kxAf7f2UNd7Plo55kglcgRDaInp7jz2ybCbsSV3wKnHmd +kzpG4UwdS1k3zU8HFqf8gg1OTMDCHO6qsy/xkoaXecJoqoA5Ofq1/K5fUiF2papA +vEB84I+vRPRR1D/ElmvvMIBIhg53plCMOkP1rl2URlytvRWfV0x+BN1liJI/fQ/G +mNiW1SAIWz98MH6kzt7+O0Rvs3Bp3ol6hCqaeHJ2yIK9zoYKiKyd3fhRBqh0mCR/ +QxkOyu4YptbJ1DmMtScE05AqKRF3zsaHfsjoQ+xrPjhPl0ZmDROgd1enNqU12dru +vD4LBZhIQ77mtDQ9qKLI1okOQlOzc8S/d/l3AQIDAQABAoIBAA+vfGBzuufsVKEK +LHrTAgtUJBIAnroLAkH6CqbxWjyrPbSxpYtb/9fqh8I27ahOxMRuah5fLUGOPw1V +jb8CvPicq6noA7DPf3rkrWtITY4OI2LDzTfq+ZqSSeTCXi018BqamaRXyvX+PVSp +3y/40mwzTKAAgY2VwhExQuOlmpUaIjY8aMBa5KFWcMb+q07VqMFMZ3L+5cLk1/l3 +FVPdlIlaRIxfeu6B5DUVpnsBBg1r+H3EZ+j8UKxX+tbtXYSJ/bxVLiuQG1zOR3tg +35C5y+d8X1uZthY509t1pZ0dXYBkVS7FYt1a+7EOh5ozYH51ZUyelHfKurEKvD2X +DqxGjGUCgYEA9j4BHOLbur3uaR8L+9j9baqGhAf6HHRcqweotTgFstfYCIg7Cj2z +k4OtuQC4jHs2/y95H7uYmyHqab/8kxCzpy1PcW014Oyt5h8Ag27uj9y/8NqsHK+t +0U3wxPFc34yGC+tIJXwsgC0Y8gPh7wxg3IWMyyu8PhOXhulFlTEL6eMCgYEA9jDt +G7gDhkWZ4PbDnMu93QjLyJw9uCkpoc6AIHjZzxlFz5O5gCRw4dH+Jyt52jhojxPQ +XjV1JjC7E8AYZ1zhdv81IrflOtoLNhA7UM8UZWtYL5z7ndNfm85wdgur9Mr6r1Jh +Y3qUC8Hl2fN+sDDEPN42ieHPUg2+hCezOPENAMsCgYBQVbg9OVHgYbiXORbKymcb +0SdjicqyX9AfyDblMGrDhyGm3vMMC0c72BjkI3UR99zgchd9H9HQwsbcS1NWk3tZ +DjI92hha0jyFuBWNy7Iu4yEHrf+6uCHoCBqF1gyrrgfJebAm8pT+GDhsNJIQUCSF +rVharGEUi4XC8PXPj5nIawKBgCJ5PWqJPO0bZ+3JgCC/oumFpsuDnVzhXrQKr4Rc +h9tpJY5omCwqbigg+J7RhrGY/oMyehYHFE1xu3CLkJ9AsU2xdOZUq+Ouzq0WXsf1 +B10gR+v65nz2MUgnAzZ0cfLITYwpU/vTGVIAJ8h6QT44xfHkB+0M0rQhupDU4lLR +5kk7AoGBAN3yLUcSujIkrqL8kVnQ92YTql4x+9eg4SQkeG3bMsxDES6eahPOk3n6 +i2QHCObK4GaILFUOMVGmxHs11PvDDskBSa7D7em54UWbPD4+4JL0jx2ksJMf6KZk +u1n2w1j8mQz/iTSG2gk+3FlVZjfroL/8pa2030JHklndglm5rZgd +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-doh/openssl-server1.cnf b/primary/tanghao_HIT_EncrypDNS/server/https-doh/openssl-server1.cnf new file mode 100644 index 0000000000000000000000000000000000000000..1249b07641a86e5711cd480b43eb1a1ed95eff57 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-doh/openssl-server1.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server1.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server1.com +commonName_default = server1.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server1.com +IP.1 = 192.168.157.129 diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-doh/openssl-server2.cnf b/primary/tanghao_HIT_EncrypDNS/server/https-doh/openssl-server2.cnf new file mode 100644 index 0000000000000000000000000000000000000000..a3008eedc6335b746e8fb15b9f2f31b088c0eebc --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-doh/openssl-server2.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server2.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server2.com +commonName_default = server2.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server2.com +IP.1 = 192.168.157.130 diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-doh/server.go b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server.go new file mode 100644 index 0000000000000000000000000000000000000000..01f96839254c2608e610a84811950b64eb1ae573 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server.go @@ -0,0 +1,100 @@ +package main + +import ( + "crypto/tls" + "fmt" + "io" + "log" + "net/http" + "net/url" + "net/http/cookiejar" + "time" +) + +func main() { + + // 启动 HTTPS 服务器,支持动态证书选择 + server := &http.Server{ + Addr: ":443", + TLSConfig: &tls.Config{ + GetCertificate: getCertificateForSNI, + }, + } + + // 注册 HTTPS 请求处理函数 + http.HandleFunc("/proxy", handleHttpsRequest) + + + // 启动 HTTPS 服务器 + log.Println("Starting HTTPS server on https://localhost:443") + if err := server.ListenAndServeTLS("", ""); err != nil { + log.Fatal("ListenAndServeTLS: ", err) + } +} + +func getCertificateForSNI(helloInfo *tls.ClientHelloInfo) (*tls.Certificate, error) { + switch helloInfo.ServerName { + case "server1.com": + cert, err := tls.LoadX509KeyPair("server1.crt", "server1.key") + return &cert, err // 返回结构体的指针 + case "server2.com": + cert, err := tls.LoadX509KeyPair("server2.crt", "server2.key") + return &cert, err // 返回结构体的指针 + default: + return nil, fmt.Errorf("no certificate found for SNI: %s", helloInfo.ServerName) + } +} + + +func handleHttpsRequest(w http.ResponseWriter, req *http.Request) { + targetURL := req.Header.Get("X-Target-URL") + if targetURL == "" { + http.Error(w, "缺少 X-Target-URL 请求头", http.StatusBadRequest) + return + } + + parsedURL, err := url.Parse(targetURL) + if err != nil { + http.Error(w, "无效的目标URL", http.StatusBadRequest) + return + } + + // 构造新请求 + proxyReq, _ := http.NewRequest(req.Method, targetURL, req.Body) + proxyReq.Header = req.Header.Clone() + proxyReq.Header.Del("Host") + proxyReq.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36") + proxyReq.Header.Set("Accept-Language", "en-US,en;q=0.9") + proxyReq.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8") + proxyReq.Header.Set("Referer", "https://www.google.com/") + proxyReq.Host = parsedURL.Host // 修正Host头 + + // 安全配置TLS客户端 + jar, _ := cookiejar.New(nil) // Cookie持久化 + client := &http.Client{ + Jar: jar, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // 生产环境应使用有效证书 + }, + Timeout: 10 * time.Second, + } + + // 转发请求 + resp, err := client.Do(proxyReq) + if err != nil { + http.Error(w, "转发请求失败: "+err.Error(), http.StatusBadGateway) + return + } + defer resp.Body.Close() + + // 回传响应头 + for k, v := range resp.Header { + w.Header()[k] = v + } + w.WriteHeader(resp.StatusCode) + + // 回传响应内容 + if _, err := io.Copy(w, resp.Body); err != nil { + log.Printf("响应回传错误: %v", err) + } +} \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-doh/server1.crt b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..e9ffc610dd81b1a69e47320e87129a32933f1149 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUcLazvIaPEFvCjVxCKT17XB9BqeMwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMzEwMTIwMTI1WhcNMjYw +MzEwMTIwMTI1WjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANePk1VGUgNxYi67Om5VfCdWqY6n0fsCcxNUiVo3 +lkmnzD/tAV36/eDQFrD+E3ki5/7nxR2xV/UTWFZd7cyJzDOuBJRWHEOxl1hd2AP1 +oi890cCnRH6k30CMBdBxi9/6U78yfYTGDLhtyuAx7DTOUCA0TB4S4zoyqQta/x1c +Y+oESVcUdt1/BCPyQ5/iCOuf0uNRNF/wiVQLkDMjq8YvdpH2uQHVc6vMd9MDK/JS +oURNqiVc/oPSCZqYAOSqNnC8KXuFrnS6v3Y6jsBx2rV2aZVvUVidzTS6ZTj40+Rz +t9q9g6a2JILwV+5x/C/c6Sq1oyNmFA+4tFJSe30bIqYMapkCAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAAAN +dbT9Nw8x79Ft76Rou7TqBlus+4a9ngs7AkFJGn8+yh1sBdmIv3kADnido680ImzL +UflilppisEwF+4IdeSpAnQyIU77XwL/xVhWnLqWRNkS0x1v3Do1TRTG/zd5yJF+C +0yWFyjYwT/WWYqalpG+Ot1Y411DENzxMey6K0B68mVaxHC87f+4nY1kcnea16BVB +jzIrbOA9oDP3r3nwY5lsXCP4EvNHFxlGiyoGhJtuwooAdKQpeG6QqHoIdrLdiWJb +R5z8QXsRZ2LtgqsQ4/rbMY5PONrjPuStoTCeAtLW32ifpQTBdecFa4a5I7kO2inV +dg24zWNQNHYKSiysKEs= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-doh/server1.csr b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server1.csr new file mode 100644 index 0000000000000000000000000000000000000000..ba963dfdda4580c0a32f8ef85ac309cbb3ac1dd5 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server1.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDXj5NVRlIDcWIuuzpuVXwnVqmOp9H7AnMTVIla +N5ZJp8w/7QFd+v3g0Baw/hN5Iuf+58UdsVf1E1hWXe3MicwzrgSUVhxDsZdYXdgD +9aIvPdHAp0R+pN9AjAXQcYvf+lO/Mn2Exgy4bcrgMew0zlAgNEweEuM6MqkLWv8d +XGPqBElXFHbdfwQj8kOf4gjrn9LjUTRf8IlUC5AzI6vGL3aR9rkB1XOrzHfTAyvy +UqFETaolXP6D0gmamADkqjZwvCl7ha50ur92Oo7Acdq1dmmVb1FYnc00umU4+NPk +c7favYOmtiSC8Ffucfwv3OkqtaMjZhQPuLRSUnt9GyKmDGqZAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjEuY29thwTAqJ2BMA0GCSqG +SIb3DQEBCwUAA4IBAQCiM+7IlS2E4GU2RBaySyfR0OgxN4Gpzkqpl2U8JLqJ/NuG +j2bbeeaxi6J4ZFVZN3H3tez6quLL0sHeHKR4Pm+akb/j+tXBY2dlFQBJ6qEZSOkH +oiQGYPYOnkY1XsWWhv6N872ZoS2RTT8NXSL5vZcMF+FQq1xV/wR0ZWe6jknFYXg1 +Ps035cU9nCtgbL9tilh60JeOApxXc6Dt6dAgXzqDAX3FikssbeZaFYLhS/Z63EkM +ZBBrBjoX/MF5qFPJtv/eF96IscITiNqnLw4gLumNhtGl//DH9VW27sGt+AnCIXLg +G6LhTJ0M1dSjVQiDR7dl6AxntrPqdI94UX5ozBnD +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-doh/server1.key b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server1.key new file mode 100644 index 0000000000000000000000000000000000000000..fd1687d7e1396cd2175097032a557d79574fbbd9 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server1.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA14+TVUZSA3FiLrs6blV8J1apjqfR+wJzE1SJWjeWSafMP+0B +Xfr94NAWsP4TeSLn/ufFHbFX9RNYVl3tzInMM64ElFYcQ7GXWF3YA/WiLz3RwKdE +fqTfQIwF0HGL3/pTvzJ9hMYMuG3K4DHsNM5QIDRMHhLjOjKpC1r/HVxj6gRJVxR2 +3X8EI/JDn+II65/S41E0X/CJVAuQMyOrxi92kfa5AdVzq8x30wMr8lKhRE2qJVz+ +g9IJmpgA5Ko2cLwpe4WudLq/djqOwHHatXZplW9RWJ3NNLplOPjT5HO32r2DprYk +gvBX7nH8L9zpKrWjI2YUD7i0UlJ7fRsipgxqmQIDAQABAoIBAAKl09R3UaiTKvaR +/CzAxg6hpOGItC6WIB27qxg9mI39Dqg2XA7wd0/cnnq8FDcns5vQ8v3jYMY035/n +9XTOuIBmAc5kpGI8ezRtqqqZyM01wC7SnyfDFK7xSVz/GA2/QGoXz6zi1eMqDhTk +6BbZ9ef/XHP+HWZomuT10C5nJR8JuqeeyFB0Kd46IXh3dSVBaowr0dIfN4rHbpxE +UhBteZIz12U/FoIV9npkd6qCRvyuOpDyEk21q91fg74cC+ATKTwxIhsno5vWH2hS +0WSZZv2ywWvaOPyTZbzTQkesXQxNNBfwgF/ARLpAoLDS2BPNmqSDCr2WsR6ABOVQ +XIj9inUCgYEA/JorEbjcTM3OlrMozQHFaLgA0pBk3m5QMqpPiryAY2XqrXnI+IeR +OqSLaHFpvREcBL8rZWyEQOVKPHNUWEuP4a20xBddTZhu0N+KoA/ptVTcK/fXn1tR +7oNojkybK0F0hSzfjI5mpVfxhSQrHKQ+Mppz3QXAefTEu2ZmOVuX3/MCgYEA2nXb +GviZEszCJE6xuZ6fpSH5kTaR0Q9mVQs8VPQ0o/hl2jYqc8WhxxX/iVCXAScKc7va +s44/m9q1ZxELdSmdE4mk71x99Q3msfhdTUbY1uI0qIYYRwlOSXsM5jYC7vib3qEV +JG+47eP73zXR8x3xGLoFNygLFWo68PTqYqjhekMCgYEA5l3TGX51qrWmyljpxMzw +s+fbGC0HULNaAFrB38y5aezwcPS4C6/XCpw1ZzLHM93+p3WQphapJmX1pdun+D4x +IafBS3Pja3iw11yGmCLrCKwzfwWwZ2xo9BRzrhK/EFvJYArkdNMJWZEyejHZ/2zq +LEwfjlpIhvBq2l0wrO6TO3ECgYBWt9fs4efplYwvW2mjNDtNEqp9oTrK0SEe+yHM +20+WE0FjGINLh5ULcUkJmgsHMxcsD9Ll2b6YQH4n1pVEwesPWWE2fvGk+AqudNec +mFX1HsAmcWxrrl78PjNFowURFXDSNAEvgIXZMNnHphacOjN9TEJLvcKAkrWo9p+f +4Ef4/wKBgQCbLWWI7mu027DceiIkVEsr3Pexj+JMvvlAF8BGqSnqGHE+lQSthUUe +5Ahu20kK8A4c5bmtn2im4C7PmWWpeNGd3vlf2tymrJU9Dye1HKcqy6Rg8FyIyAJC +r/1V3jwmqIQbicxjn0omFwebc61XYfxOk9koXonYhi72snEec4Gycg== +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-doh/server2.crt b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..362e4fad6b3075ff926a0fa7201a2ca4726a2815 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUV78URY1oHupdDIg+GShmzPdgxGgwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMzEwMTIwMTQxWhcNMjYw +MzEwMTIwMTQxWjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMbkEqoWOZDRYg5/4kewlFYqBPNTHCtCH3JT1aho +XKS1UHJRxvKtcLZ5FvG8PjHXS5uZxJo0A/s3nBd5u1CdW8MQIOtoHyykgcYG7eke +lEBowuT3QQMK7+cKGJhlPbt/6T+MrTVevrhKX6igAKCki9gMRA6aaF1gckQW4m1i +61Y51FUvz6AbAHuXCmZoAJ7tdEnMPOnU4k7Z7rAy+a7LMWgxgF0/0x8HGy+F6jeU +3FNOPIOA3CkVLI5G2xZ3tjcKxw4CBw3DsyLaX+gG0a+y795+n4FaUzqG1/HWawVQ +rcIXg2feJc8nqNapzOyGhiakOT5REqDY8Nd7oVXtTDN6bcECAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBAMSL +fXY5DnNgjMkkcekQWOshNGQEWNG1LerM1vu1P6GNmU2VkUBBIpx2fb64TE2lqILU +3Yo9wYsVYaBxtqC5EqcqvXt/GyVxcyCVWk/wpAJLGAcwk0J+IzBw0K7qr7B/dcrj +i2TVKs7qpbWSSbM2EZ8Wa7lsciBzGfyNrkLMeA4v6bnk1Vo81x++4RihUp0KcHoq +rq7YLU431tWMaTpLeZ4U2oHM2a4sfrhDgbOJjZzlBvbaQNXHd6VaLAwpp9CsKceR +c17XnoOYKveSDdgnZCWI594YViOWdWXMgDPdTRBzpV/47beqhxG2sGGEUE4f9gnd +gGtdPQ6CjdL9MgWkivI= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-doh/server2.csr b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server2.csr new file mode 100644 index 0000000000000000000000000000000000000000..012334ee262ab4d8b612f26813248600b0a43417 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server2.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDG5BKqFjmQ0WIOf+JHsJRWKgTzUxwrQh9yU9Wo +aFyktVByUcbyrXC2eRbxvD4x10ubmcSaNAP7N5wXebtQnVvDECDraB8spIHGBu3p +HpRAaMLk90EDCu/nChiYZT27f+k/jK01Xr64Sl+ooACgpIvYDEQOmmhdYHJEFuJt +YutWOdRVL8+gGwB7lwpmaACe7XRJzDzp1OJO2e6wMvmuyzFoMYBdP9MfBxsvheo3 +lNxTTjyDgNwpFSyORtsWd7Y3CscOAgcNw7Mi2l/oBtGvsu/efp+BWlM6htfx1msF +UK3CF4Nn3iXPJ6jWqczshoYmpDk+URKg2PDXe6FV7Uwzem3BAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjIuY29thwTAqJ2CMA0GCSqG +SIb3DQEBCwUAA4IBAQAnKLnOv3BIqdVur2XvMNPegO66Bedz0aNZjBnnbISJRUtc +o2gKXrHe8QVH6vFpcnlnd+bIX404KCzkdT1lU8RdgrfJSt7q+grXNIFp5oY7Rfmg +VhCLRTSP9pXtvI/KZkFdD3FlYFxth1fthZd3AZ86ksNVCy8WykT4LiALjINw4Tw9 +ORi6JvEEntKvJF4GJcQj0B3LaF83Yd+KXrsF7O9ozGpcMjhckLcdvGxskIwCpCR1 ++P+kRj05ryhdGcrd1XqbAnRq11k9C7cwsjMmgDIYqNTMLeQxZmWQZZI1mrATVWGn +Ofjx+H8U78zZ9HERfVs3zLiVK5y4jlFG7IGUWa0s +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-doh/server2.key b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server2.key new file mode 100644 index 0000000000000000000000000000000000000000..923cd7138c55d430b2d99d3e6de5d53b04291e0a --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-doh/server2.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxuQSqhY5kNFiDn/iR7CUVioE81McK0IfclPVqGhcpLVQclHG +8q1wtnkW8bw+MddLm5nEmjQD+zecF3m7UJ1bwxAg62gfLKSBxgbt6R6UQGjC5PdB +Awrv5woYmGU9u3/pP4ytNV6+uEpfqKAAoKSL2AxEDppoXWByRBbibWLrVjnUVS/P +oBsAe5cKZmgAnu10Scw86dTiTtnusDL5rssxaDGAXT/THwcbL4XqN5TcU048g4Dc +KRUsjkbbFne2NwrHDgIHDcOzItpf6AbRr7Lv3n6fgVpTOobX8dZrBVCtwheDZ94l +zyeo1qnM7IaGJqQ5PlESoNjw13uhVe1MM3ptwQIDAQABAoIBAELOBsrkri9LdTFD +mUDVOe37LTCB4PtSuXdQW3q2my+jy0Kq3zVSNoLEB4Xo4cch9r5sFtJo2FGAa0ij +VdyNDm5ls3j+v0Hie8iFOVJNOCSuS5BW0JpyCQTEqmA92U9qdnEnEmLT0SHbsWfV +XoCW5HYMIKv7B0UeCSN/wExXpo6OQ9AYkIcDEfBPhBCrER7JBAbtj9g7H8L+FUfP +K6R2+2guEeax3XCYNsdO96ravtTaCs0fRwXFStVyno8QJLdg8B0yiWI+xbDczcBI +1zlhZDt9vz920hGCrnSEY0J7q4MkCXj5EfaEyCnzX6Qndxs7Q7BEuW9PjrBhcHXZ +fFhjLPECgYEA+GHbgtnp85YE8668f4WUhLWA8RVqQxcXc+9tejyWR+6c75iip7XJ +h4jaOVm+GOsVK19yuecP3f2637SnFD7fn7q9exmqG95bgGLB+NsHwgnUTod3vNaX +3wIOuidPeBscGXkqEmaofJEC+WKKlLpdmpxShhsCHQWFQCFI1hllnJUCgYEAzP2j +6HyDBvkRammrXgC/2+oZ7oFn0b8g90hpoZg0YOhtVpmcXZZGIbj0htP46UERYSlV +hozRZb7Hx938jFgXtwp7mwciuIVBJfWaWkyepZ2odWiqtpOy3yDkqZyl1jMZdQ/O +Z93IfSuAl+KcfDOCDBtL+Er7fsZAAgPPkdEB1X0CgYEAw9acdjKNNQMPCne2pjFT +pcNaVDvXWeimFEIuppeIwlSQJpXJgcRijtvHfDqXGRyZx2XtlkhqCVVad7H/noXo +Wg+qAJp+tpR+vt6fJDDGkCah3/0N2rW0byA3Lm16Si/N2wPeuT16ESVhG/KnY5cB +4LrqklRPOUS2CJd1z2Gc7XUCgYEAvgSIAaQZmUcbu7aEIbk0H9ibfRj7cdRn7JF1 +SVPbidEqOVJfPelkzTGziZ/IZf/o6lX0b6rtGBGHA2BlEHtAUG4pMgWlS8JKJ7PJ +BtdrYD4Kv/rr9B5peqf1DrykhTAM8xRZ0rIlfNHse96WDBN7A1nyTBDFnDiNcNCz +golp18kCgYARgLEDZGXlJ0ElNZoYc5hvMGLzu7jhpGX9nY/WcS9k1JKUKuh/3J0c +zolRQlb5N49/RNH7tNvDhZ5IyN9mrM44nEjt0S+xTu13cPDoahuRBYd9RyBsfypk +sUOiyZyLuJQxLqeZ6N7Km4m8IrOqYV1weXSEYmvowvkyjNtWUro9eg== +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/ecdh_private_key.pem b/primary/tanghao_HIT_EncrypDNS/server/https-ech/ecdh_private_key.pem new file mode 100644 index 0000000000000000000000000000000000000000..a6ddb08f38b6b22ba3b78d7f3c6c4f6e7f79f630 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/ecdh_private_key.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VuBCIEIOgibLlCGkafwLXz6GppT1xpuSG5qVDcitWnGTSDwxNB +-----END PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/echutil.go b/primary/tanghao_HIT_EncrypDNS/server/https-ech/echutil.go new file mode 100644 index 0000000000000000000000000000000000000000..2aa116c6ad00734549a8013493fb1d4c554a3c89 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/echutil.go @@ -0,0 +1,99 @@ +package main + +import ( + "crypto/aes" + "crypto/cipher" + "crypto/ecdh" + "slices" + + "golang.org/x/crypto/chacha20poly1305" + "golang.org/x/crypto/cryptobyte" +) + +const ( + AEAD_AES_128_GCM = 0x0001 + AEAD_AES_256_GCM = 0x0002 + AEAD_ChaCha20Poly1305 = 0x0003 + + extensionEncryptedClientHello uint16 = 0xfe0d + DHKEM_X25519_HKDF_SHA256 = 0x0020 + KDF_HKDF_SHA256 = 0x0001 +) + +var aesGCMNew = func(key []byte) (cipher.AEAD, error) { + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + return cipher.NewGCM(block) +} + +var supportedAEADs = map[uint16]struct { + keySize int + nonceSize int + aead func([]byte) (cipher.AEAD, error) +}{ + // RFC 9180, Section 7.3 + AEAD_AES_128_GCM: {keySize: 16, nonceSize: 12, aead: aesGCMNew}, + AEAD_AES_256_GCM: {keySize: 32, nonceSize: 12, aead: aesGCMNew}, + AEAD_ChaCha20Poly1305: {keySize: chacha20poly1305.KeySize, nonceSize: chacha20poly1305.NonceSize, aead: chacha20poly1305.New}, +} + +// Generates a serialized Encrypted Client Hello (ECH) configuration for a given domain +func GetECHConfig(privateKey *ecdh.PrivateKey, domain string) ([]byte, error) { + /// generate the echconfig + var sortedSupportedAEADs []uint16 + for aeadID := range supportedAEADs { + sortedSupportedAEADs = append(sortedSupportedAEADs, aeadID) + } + slices.Sort(sortedSupportedAEADs) + + marshalECHConfig := func(id uint8, pubKey []byte, publicName string, maxNameLen uint8) ([]byte, error) { + builder := cryptobyte.NewBuilder(nil) + builder.AddUint16(extensionEncryptedClientHello) + builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { + builder.AddUint8(id) + builder.AddUint16(DHKEM_X25519_HKDF_SHA256) // The only DHKEM we support + builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { + builder.AddBytes(pubKey) + }) + builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { + for _, aeadID := range sortedSupportedAEADs { + builder.AddUint16(KDF_HKDF_SHA256) // The only KDF we support + builder.AddUint16(aeadID) + } + }) + builder.AddUint8(maxNameLen) + builder.AddUint8LengthPrefixed(func(builder *cryptobyte.Builder) { + builder.AddBytes([]byte(publicName)) + }) + builder.AddUint16(0) // extensions + }) + + return builder.Bytes() + } + + return marshalECHConfig(123, privateKey.PublicKey().Bytes(), domain, 32) +} + +// Generates a serialized list of Encrypted Client Hello (ECH) configuration for a set of domains +func GetECHConfigList(privateKey *ecdh.PrivateKey, domains []string) ([]byte, error) { + + builder := cryptobyte.NewBuilder(nil) + var configs [][]byte + for _, d := range domains { + echConfig, err := GetECHConfig(privateKey, d) + if err != nil { + return nil, err + } + configs = append(configs, echConfig) + } + + builder.AddUint16LengthPrefixed(func(builder *cryptobyte.Builder) { + for _, b := range configs { + builder.AddBytes(b) + } + }) + + return builder.Bytes() +} \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/go.mod b/primary/tanghao_HIT_EncrypDNS/server/https-ech/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..719b4c2b1bdf107386751f07d8b26f59030979e9 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/go.mod @@ -0,0 +1,8 @@ +module https-ech + +go 1.24.0 + +require ( + golang.org/x/crypto v0.36.0 // indirect + golang.org/x/sys v0.31.0 // indirect +) diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/go.sum b/primary/tanghao_HIT_EncrypDNS/server/https-ech/go.sum new file mode 100644 index 0000000000000000000000000000000000000000..927b25585c3f8fe1f3c1fc68078350081e9fcba1 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/go.sum @@ -0,0 +1,4 @@ +golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= +golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/openssl-server1.cnf b/primary/tanghao_HIT_EncrypDNS/server/https-ech/openssl-server1.cnf new file mode 100644 index 0000000000000000000000000000000000000000..1249b07641a86e5711cd480b43eb1a1ed95eff57 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/openssl-server1.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server1.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server1.com +commonName_default = server1.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server1.com +IP.1 = 192.168.157.129 diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/openssl-server2.cnf b/primary/tanghao_HIT_EncrypDNS/server/https-ech/openssl-server2.cnf new file mode 100644 index 0000000000000000000000000000000000000000..a3008eedc6335b746e8fb15b9f2f31b088c0eebc --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/openssl-server2.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server2.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server2.com +commonName_default = server2.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server2.com +IP.1 = 192.168.157.130 diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/server.go b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server.go new file mode 100644 index 0000000000000000000000000000000000000000..c5ac627324bdf9cac0b4bdf3b38190dee71e0e31 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server.go @@ -0,0 +1,148 @@ +package main + +import( + "crypto/ecdh" + "crypto/tls" + "crypto/x509" + "encoding/pem" + "fmt" + "log" + "net/http" + "os" + "io" + "net/url" + "net/http/cookiejar" + "time" + // "encoding/base64" +) + +func main(){ + // 读取并解析ECDH私钥 + pemData, err := os.ReadFile("ecdh_private_key.pem") + if err != nil { + fmt.Println("Error reading PEM file:", err) + return + } + block, _ := pem.Decode(pemData) + if block == nil { + fmt.Println("Error decoding PEM block") + return + } + ecdhSKBytes, err := x509.ParsePKCS8PrivateKey(block.Bytes) + if err != nil { + fmt.Println("failed to marshal private key into PKIX format") + return + } + privateKey := ecdhSKBytes.(*ecdh.PrivateKey) + + // 获取ECH配置列表 + // echConfigList, err := GetECHConfigList(privateKey, []string{"server0.com"}) + // if err != nil { + // fmt.Println("failed to get echconfiglist") + // return + // } + + // 获取特定域名的ECH配置信息 + echConfig, err := GetECHConfig(privateKey, "server0.com") + if err != nil { + fmt.Println("failed to get echConfig") + return + } + + // fmt.Printf("ECHConfig: %s\n", base64.StdEncoding.EncodeToString(echConfig)) + // fmt.Printf("echConfigList Std: %s\n", base64.StdEncoding.EncodeToString(echConfigList)) + + // 配置TLS + tlsConfig := &tls.Config{ + GetCertificate: getCertificateForSNI, + MinVersion: tls.VersionTLS13, + MaxVersion: tls.VersionTLS13, + CurvePreferences: []tls.CurveID{}, + EncryptedClientHelloKeys: []tls.EncryptedClientHelloKey{{ + Config: echConfig, + PrivateKey: privateKey.Bytes(), + SendAsRetry: true, + }}, + } + + // 创建一个http.server实例 + server := &http.Server{ + Addr: ":443", + TLSConfig: tlsConfig, + } + + // 注册 HTTPS 请求处理函数 + http.HandleFunc("/proxy", handleHttpsRequest) + + // 启动 HTTPS 服务器 + log.Println("Starting HTTPS server on https://localhost:443") + if err := server.ListenAndServeTLS("", ""); err != nil { + log.Fatal("ListenAndServeTLS: ", err) + } +} + +func getCertificateForSNI(helloInfo *tls.ClientHelloInfo) (*tls.Certificate, error) { + switch helloInfo.ServerName { + case "server1.com": + cert, err := tls.LoadX509KeyPair("server1.crt", "server1.key") + return &cert, err // 返回结构体的指针 + case "server2.com": + cert, err := tls.LoadX509KeyPair("server2.crt", "server2.key") + return &cert, err // 返回结构体的指针 + default: + return nil, fmt.Errorf("no certificate found for SNI: %s", helloInfo.ServerName) + } +} + +func handleHttpsRequest(w http.ResponseWriter, req *http.Request) { + targetURL := req.Header.Get("X-Target-URL") + if targetURL == "" { + http.Error(w, "缺少 X-Target-URL 请求头", http.StatusBadRequest) + return + } + + parsedURL, err := url.Parse(targetURL) + if err != nil { + http.Error(w, "无效的目标URL", http.StatusBadRequest) + return + } + + // 构造新请求 + proxyReq, _ := http.NewRequest(req.Method, targetURL, req.Body) + proxyReq.Header = req.Header.Clone() + proxyReq.Header.Del("Host") + proxyReq.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36") + proxyReq.Header.Set("Accept-Language", "en-US,en;q=0.9") + proxyReq.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8") + proxyReq.Header.Set("Referer", "https://www.google.com/") + proxyReq.Host = parsedURL.Host // 修正Host头 + + // 安全配置TLS客户端 + jar, _ := cookiejar.New(nil) // Cookie持久化 + client := &http.Client{ + Jar: jar, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // 生产环境应使用有效证书 + }, + Timeout: 10 * time.Second, + } + + // 转发请求 + resp, err := client.Do(proxyReq) + if err != nil { + http.Error(w, "转发请求失败: "+err.Error(), http.StatusBadGateway) + return + } + defer resp.Body.Close() + + // 回传响应头 + for k, v := range resp.Header { + w.Header()[k] = v + } + w.WriteHeader(resp.StatusCode) + + // 回传响应内容 + if _, err := io.Copy(w, resp.Body); err != nil { + log.Printf("响应回传错误: %v", err) + } +} diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/server1.crt b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..0cb80e120ebde47a46bf5b0a1cf4f2092fd2fac4 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIULN0IY11JKbFV5e2AkfJFgkCQtZ8wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMzE0MDgxMTM5WhcNMjYw +MzE0MDgxMTM5WjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMOgyXimJjXTx6jwBw7EtM6+GxGepoZqiw4z+Vrh ++QMaz8thhzVhZ1opRqM4FuDog9Z/EMldx+dddEbWIVYEhy7eY0lq6/grC1TKPWFf +yzbZvpwMuQhGIs7T6z4I7L4bapauv0dDNR1nzs7H/LQlsYK5p+mCuo8ubxbYzqfR +qhAPQM3QqYUshIlgnlQ3ONJh/wsQqzPiFFrpf9i3GlO0jc/AkIPGCz2LfAmCj5D2 +i/Ke6jaciyYysK9b1upYiqLn0E7oHW3yqXGgEKibpXxkjuwI7pb9B/e8ligMyNKb +RuzBPXGReezyozokKgr0NyPtxsB9eZdwK6uS+bnkgp+69C8CAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAJ76 +gJNo1h4/9eUzDQHI/4u7oSuemFbtGZFIl8R2daJqGbjjEvZBt/4WPs9ZSwlLYCW7 +ANG9fBnHwflfOSE90JJP3lMtWi3DEa4wAg3SEuhU2Im/G3TBORVFr3rwDgKw8370 +GBxOsyuGbjcjtrPphVf+klQMkgRykXUfBAIhuZHba3gA2nDgL5+szJ4+2Mc3Qf44 +/hWuyV8OjkbDsdC/w3pUhRWYpAEaEW1EAgsLvUBnk/UAHfc6FnSO0QWGcl5g40YY +wXyvQaLzrJa0tvWMtvWMS5Pt84rB4C/bJl3PNwQc48wxUz8CoK81igg/iK9N+oEu +WspLPDI9Ew+ejSH/YvM= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/server1.csr b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server1.csr new file mode 100644 index 0000000000000000000000000000000000000000..3927570f46c7533af91157e2eb638ed5b02f31ff --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server1.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDDoMl4piY108eo8AcOxLTOvhsRnqaGaosOM/la +4fkDGs/LYYc1YWdaKUajOBbg6IPWfxDJXcfnXXRG1iFWBIcu3mNJauv4KwtUyj1h +X8s22b6cDLkIRiLO0+s+COy+G2qWrr9HQzUdZ87Ox/y0JbGCuafpgrqPLm8W2M6n +0aoQD0DN0KmFLISJYJ5UNzjSYf8LEKsz4hRa6X/YtxpTtI3PwJCDxgs9i3wJgo+Q +9ovynuo2nIsmMrCvW9bqWIqi59BO6B1t8qlxoBCom6V8ZI7sCO6W/Qf3vJYoDMjS +m0bswT1xkXns8qM6JCoK9Dcj7cbAfXmXcCurkvm55IKfuvQvAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjEuY29thwTAqJ2BMA0GCSqG +SIb3DQEBCwUAA4IBAQA/tRLaQsyPj19B9axwL9bJmlrHgT0Y4NmV6kTlyQ0oHO7H +Dvg0F9KdH8L7wbBwkkfFeNaJ3LBqUpAHU+CoyTeMxrBJmT2aou0HX1aJY4+w8+wH +KXRHlz6r5xVrNgM2UXHZukzDz63i8V9W3fJio4xiT0wZsZRmed2dA6jo7QTtMZNq +KONDCMkGeCw2hlgDWStlkt8zXpEL8fk4fjXeZHEuZyq2oqrPBOAaO5EFiO05UdDf +tkS/JkZU5q65ftjmUFohkeMRIYuaF0+RkrQAUppWXqKWz/Tm622/yQ1GApbXTKsw +I0qJBtsFoePyZU1ZzUMgyQFwFTQITwmUa/FjSBwC +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/server1.key b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server1.key new file mode 100644 index 0000000000000000000000000000000000000000..25b065fa6f10c94813d80ea57803a9f6751ad72f --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server1.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAw6DJeKYmNdPHqPAHDsS0zr4bEZ6mhmqLDjP5WuH5AxrPy2GH +NWFnWilGozgW4OiD1n8QyV3H5110RtYhVgSHLt5jSWrr+CsLVMo9YV/LNtm+nAy5 +CEYiztPrPgjsvhtqlq6/R0M1HWfOzsf8tCWxgrmn6YK6jy5vFtjOp9GqEA9AzdCp +hSyEiWCeVDc40mH/CxCrM+IUWul/2LcaU7SNz8CQg8YLPYt8CYKPkPaL8p7qNpyL +JjKwr1vW6liKoufQTugdbfKpcaAQqJulfGSO7Ajulv0H97yWKAzI0ptG7ME9cZF5 +7PKjOiQqCvQ3I+3GwH15l3Arq5L5ueSCn7r0LwIDAQABAoIBAB32pKU8HaIk+/He +QdZ7Po5kA9VhDXSNIRtdzpWjAvb8xlMKbyE3+BKRO+aIEskEFB1ofPO6z4GaiNLI +vXZlXydInMCEBfyO6z9jcp9VgtS16UIRmM2xoGc5glCQIWLE5ECMJ3QM0TfdzIlT +jFszYsr5EMTtZxHDNPS05IJD1N58krq2HMLSor7sihixh2A7aju7MbViEhyP8Pru +cV4e6U3GDK6uvaVFTZinOr/rDt1Iis5H4z3T6j5hervhkgO3dch8WFfcl4ASmFn7 +iqwj1Tq9hY85R4JFGCQBaqDN0yy63ww8Ka1Rgf5nHL1Oj03nAOEiJc73gRbHJHRr +tIQQmnECgYEA9nqjybd3vVaJ8vBy3g/wDKpKQAzcSQ0SWQLBHU4byi3UwBh4B9nb +cvpjs/HaxflY+0z/Dk0S50aBezIPdFmTlIdjfbluczUeGqpKE3e2Z5yEFyhSmxVM +0bnwGOGcjqmg5hCoHm6T+WX4xGh3HaPx7BTFjZkcWCPpEJBeztXujfUCgYEAyy9L +5kHp4vUJjDGJFWWyGcbNUZVn10Y9Ogr4lQGCVg3Dwz2rPoFZWpFrlh8wnWpEWYuk +5VDofoZkgW4DQyOZDbjgQsRA5mUOHXUdX9YZSFkWwzb/IL5pLVJgQRlubID+4w5n +WEshHdGxaYAg3WcizY8G2vrgZdwFo7Py7wMm3xMCgYAWazdEnLx2a02m3DoGerqh +3EdepgzPVDIMCJUaHkWm0R5dzpv0UtuEDMRO1LvKcBCo4ur8GQSUJrSWSQpg0dj7 +lIj3IYurTPSNBlowhR4BNJpLJO7GjlxrYxc0nCjKTSGGa5NvGS26bI0BCGN1Pbk+ +ePEzHO8YEUQcrpUBCTJmlQKBgDGxE4Lww965xuf+hWQyRuh+8l/thkPj7b1wSXNH +tzSMkUACqQrUX6ICxqkkX6NgBe9Qc7eRngqzm4j7+thEsH3mpRIvJSAzvsv9hH2X +wv8qqqJ7pNHBP7/R0bCaI6NtuOiW8TdqyGKekiEXMPJ08tILFMYhbRf8Q3TR4awK +vUr5AoGAatzvXQiMiDxVE7Ge73fi3TodkHTN5AgSzAsxR0DzkarQXNG/RAiz4yky +cORtevyLYmfgsqIVvlH6WB0tzV1bf9HcVx7c+MXMtpzvtN7sU/uQLt5Oqv9pv99j +ujGRV69J4G8IczdhU6FHIhQ6vExHCPKLvcd+qskEzAb20qxlcp8= +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/server2.crt b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..017ea141371fa5325ec786cd8d700b6800f38e5f --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUAbwWyv0zj4Cohamktwxd5x6S11MwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMzE0MDgxMTUwWhcNMjYw +MzE0MDgxMTUwWjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMPeY1TwVcrNvNVFwGZEZ+oCuF/IMFi9XZaFlNhP +7W1rPm1+ro0mMHlvNEZQ/U5GuUQaVTPasplbSDPTopxplcVunNPlpozltFKE1guk +hRV9+aI1q0SqEYF1//b2Wrv4Fhka+O+QOi8762HXiTiHwVMHLaHMHybhww4McuYq +6vJOBIzEXhli9t4mmtgfc8tv/yp2oWZoqiH4eLSTGvz33GOKRuEAiVXvTst3bIJY +1U9M5pNUlBCxUsgVgFfPgJmusgFgWAmwmpFMcxqcMLQRTi8hxMHJ2/sGkvFaVEQ5 +Tuvucr9+zDT4ZasfUEz+g9jLrU90TyNB+X1pAzSwnD3fG7kCAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBAJF2 +B6/lr9i7jM1wKEw3bMXtW6Gn7oCTAttOOubQdEgrfIKxDLnDDog1qQpIRtJIQFA/ +6jd4+Fneircq52PR1q+ZLZPM6eoDvdons2kYk5uBsT/L8nTxtOIf5FV6HCdXEhEB +iQmt3XZbuErkbEsPD9FrLfYfLqkm7ClFyy2MfMlbat8Xm2H5+8SUpX+RnuJXVVCq +E7tKeMhmKfKAlv43O6JtjPW+P/O+qWcUgW+yT304i+6ZR++JVATYhLH1MI1oCk7J +CashfQ5um4F3QAn06hwP15A+1RZaBOBIplYIhM4FEPv0oaHHI1MN8YpxwOP5fY8m +HBQlvAexYYMrjp3MVjE= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/server2.csr b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server2.csr new file mode 100644 index 0000000000000000000000000000000000000000..66bc4e67cf201c0abafb4a2735597da301721682 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server2.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDD3mNU8FXKzbzVRcBmRGfqArhfyDBYvV2WhZTY +T+1taz5tfq6NJjB5bzRGUP1ORrlEGlUz2rKZW0gz06KcaZXFbpzT5aaM5bRShNYL +pIUVffmiNatEqhGBdf/29lq7+BYZGvjvkDovO+th14k4h8FTBy2hzB8m4cMODHLm +KuryTgSMxF4ZYvbeJprYH3PLb/8qdqFmaKoh+Hi0kxr899xjikbhAIlV707Ld2yC +WNVPTOaTVJQQsVLIFYBXz4CZrrIBYFgJsJqRTHManDC0EU4vIcTBydv7BpLxWlRE +OU7r7nK/fsw0+GWrH1BM/oPYy61PdE8jQfl9aQM0sJw93xu5AgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjIuY29thwTAqJ2CMA0GCSqG +SIb3DQEBCwUAA4IBAQCt5l3w/ob81ztYStxl8HbuzbjoYALnn37wPXdJ5Sy3WFcQ +RWFigyHeLd47J4sb3PLA402/jT+qvf4qnr6QK+8Wcq0kA7/07CZM3tCoqQQZXQZ6 +AF9Yj23gnouDOXTgCVPUoCs8NOEfXI45UvyhRDD+JsYXXYBzHhBSaF4ecIn7+Xmz +qCTYvkWWdThRxJ0KLOwgMFaTE+HtAL30sZZULxoVuIdR4su2korGjR1gpihkwgTw +/b5f9PJej6FgHdpvrae60YWTqxeuuJbVh8/8P9pRNzWWtGt6SDt6wv/SCyjdyHml +51jguP2K2tTeHAcJ0v/bBfdwUk6idtExvadVtybZ +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-ech/server2.key b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server2.key new file mode 100644 index 0000000000000000000000000000000000000000..d6212a1a18bf3be266bfcd9fbfdac6afebcdfc66 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-ech/server2.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAw95jVPBVys281UXAZkRn6gK4X8gwWL1dloWU2E/tbWs+bX6u +jSYweW80RlD9Tka5RBpVM9qymVtIM9OinGmVxW6c0+WmjOW0UoTWC6SFFX35ojWr +RKoRgXX/9vZau/gWGRr475A6LzvrYdeJOIfBUwctocwfJuHDDgxy5irq8k4EjMRe +GWL23iaa2B9zy2//KnahZmiqIfh4tJMa/PfcY4pG4QCJVe9Oy3dsgljVT0zmk1SU +ELFSyBWAV8+Ama6yAWBYCbCakUxzGpwwtBFOLyHEwcnb+waS8VpURDlO6+5yv37M +NPhlqx9QTP6D2MutT3RPI0H5fWkDNLCcPd8buQIDAQABAoIBAHJnR6+J/SJKjxwm +9J0HIYbedeCEJjD+0lYjye+ap7w8YqdD0iJhhvi2ylqz3XBGANpVYyS5fY3zcjXL +THR9e1xpIjLmNSSg2nVEX11Hh/Aot5FWNaYSi80JJiuScybNXeLmDTaoEEQchHyO +jvi02mdrjuytNBjazro67TWhJb/GaLxJXaueHKtpusABk/ndag8hYPSZWccBBwXo +9zrK2sJOWMKOXXRPHOsSSgE6gviSCvMEZ9eBIeqJRybKzC87codRhHiNtFgraVNy +ZEORghgAN/giOV6qYuq5FkwVPwUp0LeytalMj+nIHRhJIC16L1q/Dp17h+coTIt3 +9Fv8OvECgYEA+ufVwlCbZJLfbnCn/8wXPfRFTImjzMWwy+RhLgc6CX03hL6f5LvL +vzDMDjbQT4YRZOjXUGXg2Y+O7bjP9S4WUoSCVnzY+ND3Uu37F3DGTvJ0Q6ixovUy +SFJgjdaOcthQbHux0RUMqK4I57LD+4B3OevG3haQBmBJwqSfrLzoYZUCgYEAx9h7 +ASnyfBnCYyUkYMz41vTiTUkKnYRVi5URnAo2TL4YhxotcQq0Age5mW5oCfZGN3+g +Dg1fKsF51a234QKBq3LcruwznZ5+g0YyywQ+EmaTCM9as8N7WOss/xKJYVIHQ3e1 +RUBlIECgeJw4WWt5djm1jSlHDN0XoVKRrPsxEJUCgYEAzXU+w6oCNW9X6zXxPDRB +7Ae1H6GuMibISY4wTeK5EcAp0FfQ0xs9EsjAr/sOxbABWmKYvktOvpkh72RhVmJx +AQ1lNbFycv2bKZua+2zr1wYPUsA3BjxG+pYKXtuNNloQMWVxDMdx4EbzH9hxR+fA +uftqk75iHfaHMA5ieq8Ok6kCgYBBf0K5G+1cHPknk1m73BHGKZYtrD2taFy9FYsi +7/nh5v+U79Bq1w4uCCgdECFK+osCz3I+iMVi9uweSwQT28Vx0oBfWAyGoRZnoc8t +2GMblsCjx4m7ltrLRrCFnKan3cGBrC8d1kAOdP/i55hUPjQdukY1UIz3u1JuTehu +oBjxjQKBgQCko+9i1pku6eQGpexf1YDraFxJR9TaC3W2a4SUX9Nt4XY6HUpP7L3e +xjtswODgtZUhksujnf3KcYCiJoBP6dU4dw4+/Ll3H1xR+T4Yv0OhcGBqemL752+d +56EF4pM91dj6O1VTR3/NM0JaE1RKaMFalw2KDzdx+eDNBF48GOmjHQ== +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/esni b/primary/tanghao_HIT_EncrypDNS/server/https-esni/esni new file mode 100644 index 0000000000000000000000000000000000000000..d9d03f38ee693bfe5706d354e510e61b3a62e507 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/esni @@ -0,0 +1 @@ +=34h'72ĂGK!Be3 \ No newline at end of file diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/esni.pub b/primary/tanghao_HIT_EncrypDNS/server/https-esni/esni.pub new file mode 100644 index 0000000000000000000000000000000000000000..7e767106fefb5a6596d2fd3679b2f8f08e93819b --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/esni.pub @@ -0,0 +1 @@ +/wF4rb+OACQAHQAg6bCH1VM3MX7Tid35wBfnMx7eF6M02A9CdwfwNRpBr2cAAhMBAQQAAAAAZ7VvtAAAAABn7F40AAA= diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/esnitool/esnitool.go b/primary/tanghao_HIT_EncrypDNS/server/https-esni/esnitool/esnitool.go new file mode 100644 index 0000000000000000000000000000000000000000..2fc64ef81d678308341b8634d1322d6ef0003400 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/esnitool/esnitool.go @@ -0,0 +1,137 @@ +// Standalone utility to generate ESNI keys. +// Can be run independently of tris. +package main + +import ( + "crypto/rand" + "crypto/sha256" + "crypto/tls" + "encoding/base64" + "flag" + "fmt" + "io/ioutil" + "log" + "time" + + "golang.org/x/crypto/cryptobyte" + "golang.org/x/crypto/curve25519" +) + +// Internal definitions, copied from common.go and esni.go + +type keyShare struct { + group tls.CurveID + data []byte +} + +const esniKeysVersionDraft01 uint16 = 0xff01 + +func addUint64(b *cryptobyte.Builder, v uint64) { + b.AddUint32(uint32(v >> 32)) + b.AddUint32(uint32(v)) +} + +// ESNIKeys structure that is exposed through DNS. +type ESNIKeys struct { + version uint16 + checksum [4]uint8 + // (Draft -03 introduces "public_name" here) + keys []keyShare // 16-bit vector length + cipherSuites []uint16 // 16-bit vector length + paddedLength uint16 + notBefore uint64 + notAfter uint64 + extensions []byte // 16-bit vector length. No extensions are defined in draft -01 +} + +func (k *ESNIKeys) serialize() []byte { + var b cryptobyte.Builder + b.AddUint16(k.version) + b.AddBytes(k.checksum[:]) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, ks := range k.keys { + b.AddUint16(uint16(ks.group)) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + b.AddBytes(ks.data) + }) + } + }) + b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { + for _, cs := range k.cipherSuites { + b.AddUint16(cs) + } + }) + b.AddUint16(k.paddedLength) + addUint64(&b, k.notBefore) + addUint64(&b, k.notAfter) + // No extensions are defined in the initial draft. + b.AddUint16(0) + // Should always succeed as we use simple types only. + return b.BytesOrPanic() +} + +func generateX25519() ([]byte, keyShare) { + var scalar, public [32]byte + if _, err := rand.Read(scalar[:]); err != nil { + panic(err) + } + curve25519.ScalarBaseMult(&public, &scalar) + ks := keyShare{ + group: tls.X25519, + data: public[:], + } + return scalar[:], ks +} + +// Creates a new ESNIKeys structure with a new semi-static key share. +// Returns the private key and a new ESNIKeys structure. +func NewESNIKeys(validity time.Duration) ([]byte, *ESNIKeys) { + serverPrivate, serverKS := generateX25519() + notBefore := time.Now() + notAfter := notBefore.Add(validity) + k := &ESNIKeys{ + version: esniKeysVersionDraft01, + keys: []keyShare{serverKS}, + cipherSuites: []uint16{tls.TLS_AES_128_GCM_SHA256}, + // draft-ietf-tls-esni-01: "If the server supports wildcard names, it SHOULD set this value to 260." + paddedLength: 260, + notBefore: uint64(notBefore.Unix()), + notAfter: uint64(notAfter.Unix()), + } + data := k.serialize() + hash := sha256.New() + hash.Write(data[:2]) // version + hash.Write([]byte{0, 0, 0, 0}) + hash.Write(data[6:]) // fields after checksum + copy(k.checksum[:], hash.Sum(nil)[:4]) + return serverPrivate, k +} + +func main() { + var esniKeysFile, esniPrivateFile string + var validity time.Duration + flag.StringVar(&esniKeysFile, "esni-keys-file", "", "Write base64-encoded ESNI keys to file instead of stdout") + flag.StringVar(&esniPrivateFile, "esni-private-file", "", "Write ESNI private key to file instead of stdout") + flag.DurationVar(&validity, "validity", 24*time.Hour, "Validity period of the keys") + flag.Parse() + + serverPrivate, k := NewESNIKeys(validity) + esniBase64 := base64.StdEncoding.EncodeToString(k.serialize()) + if esniKeysFile == "" { + // draft -01 uses a TXT record instead of a dedicated RR. + fmt.Printf("_esni TXT record: %s\n", esniBase64) + } else { + err := ioutil.WriteFile(esniKeysFile, []byte(esniBase64+"\n"), 0644) + if err != nil { + log.Fatalf("Failed to write %s: %s", esniKeysFile, err) + } + } + if esniPrivateFile == "" { + fmt.Printf("ESNI private key: %x\n", serverPrivate) + } else { + err := ioutil.WriteFile(esniPrivateFile, serverPrivate, 0600) + if err != nil { + log.Fatalf("Failed to write %s: %s", esniPrivateFile, err) + } + } +} diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/esnitool/go.mod b/primary/tanghao_HIT_EncrypDNS/server/https-esni/esnitool/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..b6722706a40e92813ef112c457f835a84079d07e --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/esnitool/go.mod @@ -0,0 +1,9 @@ +module esni + +go 1.13 + +require ( + github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa // indirect + github.com/henrydcase/nobs v0.0.0-20230313231516-25b66236df73 // indirect + golang.org/x/crypto v0.36.0 // indirect +) diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/esnitool/go.sum b/primary/tanghao_HIT_EncrypDNS/server/https-esni/esnitool/go.sum new file mode 100644 index 0000000000000000000000000000000000000000..49977a7062e238fefd52e58c24dc8aaee43e2d7c --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/esnitool/go.sum @@ -0,0 +1,70 @@ +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa h1:2pQJShMsIfrl5+NnJRzWSmp6FDUZY3LcnviKOYn9qWM= +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa/go.mod h1:o/DcCuWFr9jFzwO+c3y1hhwqKHHKfJ7HvLhWUwRnqfo= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/henrydcase/nobs v0.0.0-20230313231516-25b66236df73 h1:d3rq/Tz+RJ5h1xk6Lt3jbObJN3WhvZm7rV41OCIzUyI= +github.com/henrydcase/nobs v0.0.0-20230313231516-25b66236df73/go.mod h1:ptK2MJqVLVEa/V/oK8n+MEyUDCSjSylW+jeNmCG1DJo= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= +golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/go.mod b/primary/tanghao_HIT_EncrypDNS/server/https-esni/go.mod new file mode 100644 index 0000000000000000000000000000000000000000..a61ee0ec42ddc41b58fa4fda61b02fb6fe4a6456 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/go.mod @@ -0,0 +1,11 @@ +module github.com/devopsext/esni-rev-proxy + +go 1.13 + +require ( + github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa // indirect + github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892 // indirect + github.com/paulbellamy/ratecounter v0.2.0 + github.com/prometheus/client_golang v1.5.1 + golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 +) diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/go.sum b/primary/tanghao_HIT_EncrypDNS/server/https-esni/go.sum new file mode 100644 index 0000000000000000000000000000000000000000..c9729e71dce5081a8d97fd6e7de8a25b326039ef --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/go.sum @@ -0,0 +1,100 @@ +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa h1:2pQJShMsIfrl5+NnJRzWSmp6FDUZY3LcnviKOYn9qWM= +github.com/cloudflare/sidh v0.0.0-20190228162259-d2f0f90e08aa/go.mod h1:o/DcCuWFr9jFzwO+c3y1hhwqKHHKfJ7HvLhWUwRnqfo= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892 h1:UzltRpUK5PPlNYBBBc2ekotYJMIPjga7Wee8ADW3j+I= +github.com/henrydcase/nobs v0.0.0-20200305111951-7d891c7eb892/go.mod h1:+liTPsuK0xSOSyNKhVz4h7Khig8zW4NcvxdVbzS0Jyw= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/paulbellamy/ratecounter v0.2.0 h1:2L/RhJq+HA8gBQImDXtLPrDXK5qAj6ozWVK/zFXVJGs= +github.com/paulbellamy/ratecounter v0.2.0/go.mod h1:Hfx1hDpSGoqxkVVpBi/IlYD7kChlfo5C6hzIHwPqfFE= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.5.1 h1:bdHYieyGlH+6OLEk2YQha8THib30KP0/yD0YH9m6xcA= +github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U= +github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU= +golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 h1:dfGZHvZk057jK2MCeWus/TowKpJ8y4AmooUzdBSR9GU= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82 h1:ywK/j/KkyTHcdyYSZNXGjMwgmDSfjglYZ3vStQ/gSCU= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/openssl-server1.cnf b/primary/tanghao_HIT_EncrypDNS/server/https-esni/openssl-server1.cnf new file mode 100644 index 0000000000000000000000000000000000000000..1249b07641a86e5711cd480b43eb1a1ed95eff57 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/openssl-server1.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server1.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server1.com +commonName_default = server1.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server1.com +IP.1 = 192.168.157.129 diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/openssl-server2.cnf b/primary/tanghao_HIT_EncrypDNS/server/https-esni/openssl-server2.cnf new file mode 100644 index 0000000000000000000000000000000000000000..a3008eedc6335b746e8fb15b9f2f31b088c0eebc --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/openssl-server2.cnf @@ -0,0 +1,17 @@ +[ req ] +default_bits = 2048 +default_keyfile = server2.key +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[ req_distinguished_name ] +commonName = server2.com +commonName_default = server2.com +commonName_max = 64 + +[ v3_req ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = server2.com +IP.1 = 192.168.157.130 diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/server.go b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server.go new file mode 100644 index 0000000000000000000000000000000000000000..77ff18ac7cb0f8132e285b4667b040136b77a8fb --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server.go @@ -0,0 +1,131 @@ +package main + +import ( + "crypto/tls" + "encoding/base64" + "fmt" + "io" + "io/ioutil" + "log" + "net/http" + "net/http/cookiejar" + "net/url" + "time" +) + +func main() { + var err error + + //加载ESNI密钥 + var esniKeys *tls.ESNIKeys + var esniPrivateKey []byte + esniPrivateKey, err = ioutil.ReadFile("esni") + if err != nil { + log.Fatalf("Failed to read ESNI private key: %s", err) + } + contents, err := ioutil.ReadFile("esni.pub") + if err != nil { + log.Fatalf("Failed to read ESNIKeys: %s", err) + } + esniKeysBytes, err := base64.StdEncoding.DecodeString(string(contents)) + if err != nil { + log.Fatal("Bad -esni-keys: %s", err) + } + esniKeys, err = tls.ParseESNIKeys(esniKeysBytes) + if esniKeys == nil { + log.Fatalf("Cannot parse ESNIKeys: %s", err) + } + + //配置TLS + tlsConfig := &tls.Config{ + GetCertificate:getCertificateForSNI, + MinVersion: tls.VersionTLS13, + MaxVersion: tls.VersionTLS13, + CurvePreferences: []tls.CurveID{}, + GetServerESNIKeys:func([]byte) (*tls.ESNIKeys, []byte, error) { return esniKeys, esniPrivateKey, nil }, + Accept0RTTData: true, + } + + //创建一个http.server实例 + server := &http.Server{ + Addr: ":443", + TLSConfig: tlsConfig, + } + + // 注册 DoH 请求处理函数 + http.HandleFunc("/proxy", handleHttpsRequest) + + // 启动 HTTPS 服务器 + log.Println("Starting DoH server on https://localhost:443") + if err := server.ListenAndServeTLS("", ""); err != nil { + log.Fatal("ListenAndServeTLS: ", err) + } + + +} + +func getCertificateForSNI(helloInfo *tls.ClientHelloInfo) (*tls.Certificate, error) { + switch helloInfo.ServerName { + case "server1.com": + cert, err := tls.LoadX509KeyPair("server1.crt", "server1.key") + return &cert, err // 返回结构体的指针 + case "server2.com": + cert, err := tls.LoadX509KeyPair("server2.crt", "server2.key") + return &cert, err // 返回结构体的指针 + default: + return nil, fmt.Errorf("no certificate found for SNI: %s", helloInfo.ServerName) + } +} + +func handleHttpsRequest(w http.ResponseWriter, req *http.Request) { + targetURL := req.Header.Get("X-Target-URL") + if targetURL == "" { + http.Error(w, "缺少 X-Target-URL 请求头", http.StatusBadRequest) + return + } + + parsedURL, err := url.Parse(targetURL) + if err != nil { + http.Error(w, "无效的目标URL", http.StatusBadRequest) + return + } + + // 构造新请求 + proxyReq, _ := http.NewRequest(req.Method, targetURL, req.Body) + proxyReq.Header = req.Header.Clone() + proxyReq.Header.Del("Host") + proxyReq.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36") + proxyReq.Header.Set("Accept-Language", "en-US,en;q=0.9") + proxyReq.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8") + proxyReq.Header.Set("Referer", "https://www.google.com/") + proxyReq.Host = parsedURL.Host // 修正Host头 + + // 安全配置TLS客户端 + jar, _ := cookiejar.New(nil) // Cookie持久化 + client := &http.Client{ + Jar: jar, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // 生产环境应使用有效证书 + }, + Timeout: 10 * time.Second, + } + + // 转发请求 + resp, err := client.Do(proxyReq) + if err != nil { + http.Error(w, "转发请求失败: "+err.Error(), http.StatusBadGateway) + return + } + defer resp.Body.Close() + + // 回传响应头 + for k, v := range resp.Header { + w.Header()[k] = v + } + w.WriteHeader(resp.StatusCode) + + // 回传响应内容 + if _, err := io.Copy(w, resp.Body); err != nil { + log.Printf("响应回传错误: %v", err) + } +} diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/server1.crt b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server1.crt new file mode 100644 index 0000000000000000000000000000000000000000..531c8816dcfa5a375eac1abacb46cc0bddfbf552 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server1.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIULjxijURoenebATeOr5zdYBR0gnswDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wHhcNMjUwMzE3MDg1NDEzWhcNMjYw +MzE3MDg1NDEzWjAWMRQwEgYDVQQDDAtzZXJ2ZXIxLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAJLoSR52bZE7HQ/ExoHH+tPvYlziNvaQmlI6Dzwo +zSQBt6x+3o0Prx1uFPhb7Ftgcqm/H+rf/LF0f8tnd43frW6T6ETKhV9Yn25dwtSW +6gjc8O3rzWgNgvLlruhxcpBzv+NsWW5+FZAuBo5Olc8jQg/m4nxFLAJXSD4vvabD +2YfrF2jSjyg/bHgUn8OnSf8j1o0yl7ZzyT9RAgeIp9bxV7B/CFXf91K7fZ1oriFD +mJDCHZSWdK7jVhFg956+gUrI81XRdFP2OvpgRqY+54gDdDrJfGLUCYTswI5MJZtY +USs+FMRyPOtHPBMQNgx/agk49UDdSuFk2XCYyRP1Cl4V/O8CAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMS5jb22HBMConYEwDQYJKoZIhvcNAQELBQADggEBAECo +g+qpgzdF6uLW5fvsFjvwJl8zv2fFSjHDbN4Kun7PAAozF5Sdmo2MOgnuiC7M8Mh5 +pZeYEvD04m2P5oeanLKqiTFWfBBECgW/ZKa4E3ShJDAf5tnX9iiUf3UZJP1iiCmU +bNPD0sv+gkWZ01eO5USOACNPbp4pUyn60bF9vRENPNETrW+HuDMelBNpuY01sTdj +b4h47/TaSTNDQM4P5EgcWF+G3AcNQHauHEELYAuxp8B2kn9iVSUxruw5L2i8C5O7 +UkgCVdGswynriRLehCM422aLSNZWcvsrvk+k7HI/YsCgSBDqOF1deK555kJpYde1 +NQfQ0UF70xEqTcpXqII= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/server1.csr b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server1.csr new file mode 100644 index 0000000000000000000000000000000000000000..8f32feddd41c97512ea6be4973faa36869a5aa31 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server1.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMS5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCS6Ekedm2ROx0PxMaBx/rT72Jc4jb2kJpSOg88 +KM0kAbesft6ND68dbhT4W+xbYHKpvx/q3/yxdH/LZ3eN361uk+hEyoVfWJ9uXcLU +luoI3PDt681oDYLy5a7ocXKQc7/jbFlufhWQLgaOTpXPI0IP5uJ8RSwCV0g+L72m +w9mH6xdo0o8oP2x4FJ/Dp0n/I9aNMpe2c8k/UQIHiKfW8VewfwhV3/dSu32daK4h +Q5iQwh2UlnSu41YRYPeevoFKyPNV0XRT9jr6YEamPueIA3Q6yXxi1AmE7MCOTCWb +WFErPhTEcjzrRzwTEDYMf2oJOPVA3UrhZNlwmMkT9QpeFfzvAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjEuY29thwTAqJ2BMA0GCSqG +SIb3DQEBCwUAA4IBAQB0LcgDkERp1Id8fmqzwrVZ6i5zLDZZek38fXdk13lXbkQ/ +UjSUMqNjJjXMFIILiLnhU8p4FHBIeswi1wGbPFljOGG0siug3kiz3iBa0kh/mxjP +2Z23XLuLuAqu0PCYp/XyuBokUkKoAMIPnKlTWe2pLG2Z/3NnHpJMIJ/vuxxBJ81N +H4qO3Mr0/Nj2GtDWToGQdPoitKrV7nbdYwNRkZZDJGVtPTj2+qgZp/I6mbd9gMg2 +ggDPMnSfZV/cQG5qooi8VhmcQw9fLc4mx4t4sPRi1m3N5RB5PKQg7j4i/vExfkpA +BNLN1HGfCucDnvYdnc96LEXTZ0DoPPDg253lzqyv +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/server1.key b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server1.key new file mode 100644 index 0000000000000000000000000000000000000000..a89c8635299548adde2a20c5795dfc0606d3b5e4 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server1.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAkuhJHnZtkTsdD8TGgcf60+9iXOI29pCaUjoPPCjNJAG3rH7e +jQ+vHW4U+FvsW2Byqb8f6t/8sXR/y2d3jd+tbpPoRMqFX1ifbl3C1JbqCNzw7evN +aA2C8uWu6HFykHO/42xZbn4VkC4Gjk6VzyNCD+bifEUsAldIPi+9psPZh+sXaNKP +KD9seBSfw6dJ/yPWjTKXtnPJP1ECB4in1vFXsH8IVd/3Urt9nWiuIUOYkMIdlJZ0 +ruNWEWD3nr6BSsjzVdF0U/Y6+mBGpj7niAN0Osl8YtQJhOzAjkwlm1hRKz4UxHI8 +60c8ExA2DH9qCTj1QN1K4WTZcJjJE/UKXhX87wIDAQABAoIBAFBrYDuQ0QIDvjD3 +o0NAWgrSrKH0I+pt1kzVA6oHG+VuG0IOYX4O6+nMbSZYC9cpwRszSSGmZAowoBSV +G1lK7QHvbeLaipBbT0t3gEQoKQ2ZBTr5LoSbgOe+3DTahcCV3KF+mqZl1yAKUgRs ++I1f27YgyjMFGsZdSWrhb4xvAhHox6FIJZwshqlbRbhTTlL0eQu47xU7Mc2q+5sX +A38R2EM/EDkSUAhzU5AVITY9okb4kzsp6bwYCJ9qw+RzQmZYCHbp4aS1yXEIwXLF +Na0BEVJyX1i2ATfiqvzOyLjxU/6HjeAolXXRFgK5r93bH3tPRXbwgmjMve7nJZS8 +LltKV4ECgYEAwhRgzJ3ZBi7kvgJLu4p8kUKyCtkV84yfLMKZONjnBW82iDJW2ig3 +VNDPZgS2gtgphce8cT9B3ZAbbZRupuznCKoHECoZOsBtNApLIfoBVnJqkCU4cYrR +xm5crI8pG3PrFRVfkzUIk69L3wo6JwM2h9vEIMrxqssDeZJ0ivMwzJECgYEAwccS +3PgLyNvwqo51ZbWC2aBYOlUHsxkZuDn8Fo1QvbXxOHeMIa9F76HdhKe73NwN6qIW +Hjkv5NtxTNmnDzAccBZhjLubTwNGQdKBzBqP0IVaxXUkcUJu/IatPiMljkG7NJqt +Arg5fiXU0bBcLA7H8AxCV4wGCzMBQX4B1NmM8X8CgYBdKvUxJRF7A2XxxR5gAGI+ +RXs88+uyyC3diemOPanhlPrjtO62uZmeUMNPYTHQbD66pyDSaKCQ4U4Zc6kO3ykl +oqHTY7JK3vdNhSd+PwsHWdPIMOYAs7hyfqZkfDEqqaIPs/v2qf3dD8jnYHx8H/G8 +lIZ5i5Mp/11CrkjeL1Kc0QKBgFR708iNSK4I3jOuKpbufR8e3niIK/Q0xFbiyPqY +IBSmJ4ZD8M+a2DXy715vtuNC+bpLcrM4oZ344rvrxP9FLZDc4Sj3fm4DcnUuLzLq +fbse+QVP3lSW70af/RYzQqN0GweDTFz8LuzF17SYXIdE5nzNC3uZ6+SkFy8Tnf7L +3rxHAoGAb/UPrrUK8DMhk3cksgWct+5vMgmj3Ull8uKAsjxgYMBKDIUe0pyL6n6W +WFBxU1w7UvDgjJEsAmbu69WJjINCAHW2pc0Xw7KfdVYC2WfRvdykZSv1ApCBPCQ4 +5I0YL3h0KTeNh0qohSwylPU1IhHEKDqF4Q2bGgooFJaPX/bYIHo= +-----END RSA PRIVATE KEY----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/server2.crt b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server2.crt new file mode 100644 index 0000000000000000000000000000000000000000..c8cb7a1d2679a0f02d61e4bb5688c60b4ef9e374 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server2.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2jCCAcKgAwIBAgIUTYSu7CPJ+k9a7tbSITZ+hdxh1+wwDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wHhcNMjUwMzE3MDg1NDI2WhcNMjYw +MzE3MDg1NDI2WjAWMRQwEgYDVQQDDAtzZXJ2ZXIyLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKBawT1qvKb6ry3hd+Je4/tEcnrMHtQavfRDM3YJ +OTPjFbKJYkxWfnJBhiUB5kbXfgSU6txZLXAnDqq8TOr0QN8QdOtUWXYeKxnOqm5g +tGwqHMCZ1SsHgar7lThRVKZp3h3VxLvu5L/J8gmpQ0cP57ldX9vFKeLbW4epbJr3 +dNCeS1hE63Qfvksv2xJoZnYfDk6NDOK6T7rCdXiObUSAk8XBlBXyDlB7MKS53XhG +LKYHeTulpJ/wYC1eB1ZPbHty6xJP5r4gDM8uFep54EV7queFt2jm48ilj/9vTecE +jjDTrcoq3X3m2Ud5PEDiD1nvZyzPed6dbIfqKA9Tt+l0jY8CAwEAAaMgMB4wHAYD +VR0RBBUwE4ILc2VydmVyMi5jb22HBMConYIwDQYJKoZIhvcNAQELBQADggEBAJ/A +SH0HOah1CKB8HzTugLtXKgNWvTtXqoE0cGXc79yQvF9bn9BJYazxTyilACGSZBEE +yAFohfLmrSDJ6VNLf08rQOaGMMNsdtrVxV2A3x4IdpbtKsFlz8PmzKuEjCJ6pyWR +8Y0HglNUIN+g7U9+qpCz9DWKMvmRhWb1oQ9udtJ6FWUqrKAKRNNsuvwa/1mYm6i4 +PkY06dwu5169ITFzRtaP68pkbofqQhmTrFlLasEslzKY0GQyIkepBF/HH2isgv/e +tcbfqNtvGbkdMZPPsahuEQWthwdLhS0UtSsnqO9yIC0pMTU4bSNbhY8b1bUfWsm2 +nPsgIzQrosRDbNCSwnQ= +-----END CERTIFICATE----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/server2.csr b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server2.csr new file mode 100644 index 0000000000000000000000000000000000000000..02a349ee12f489834a54dbf4a0c1b512cd4c98c2 --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server2.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwFjEUMBIGA1UEAwwLc2VydmVyMi5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCgWsE9arym+q8t4XfiXuP7RHJ6zB7UGr30QzN2 +CTkz4xWyiWJMVn5yQYYlAeZG134ElOrcWS1wJw6qvEzq9EDfEHTrVFl2HisZzqpu +YLRsKhzAmdUrB4Gq+5U4UVSmad4d1cS77uS/yfIJqUNHD+e5XV/bxSni21uHqWya +93TQnktYROt0H75LL9sSaGZ2Hw5OjQziuk+6wnV4jm1EgJPFwZQV8g5QezCkud14 +RiymB3k7paSf8GAtXgdWT2x7cusST+a+IAzPLhXqeeBFe6rnhbdo5uPIpY//b03n +BI4w063KKt195tlHeTxA4g9Z72csz3nenWyH6igPU7fpdI2PAgMBAAGgLzAtBgkq +hkiG9w0BCQ4xIDAeMBwGA1UdEQQVMBOCC3NlcnZlcjIuY29thwTAqJ2CMA0GCSqG +SIb3DQEBCwUAA4IBAQAN9hiwhh14jXCS/B6YpQA4sNf/rX6mfHFoQI63mCiBVcZT +eDl7OH9ioGNH4LqNvrKoHgHLdy+jsHrDcqhGVgO5Mv0t5zCBycPbDjnKc8Y2G99x +hSuWO5d1JJ2m/cxebbhyWF23v89sMlPYQu2H1S632BXE+Efdx6oEV2NZZYQTeVTp +2a7ermij9GOC356Yx3y6WJXOPQ9GfM9XyyY36ji0f9ZesmueMGKEkCwCqQQwRADi +N3TbgDG6/qNPb51isgHgPMai6hsahTqqqDhEG14z3AHyyGZhx4sKbBx/za362ixR +PLh0GgXCw5juCweEAkkvUIUcxER5pIIJuoYoP1J3 +-----END CERTIFICATE REQUEST----- diff --git a/primary/tanghao_HIT_EncrypDNS/server/https-esni/server2.key b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server2.key new file mode 100644 index 0000000000000000000000000000000000000000..435d67323e7aa745e4dd983b7f31cd20cab518cc --- /dev/null +++ b/primary/tanghao_HIT_EncrypDNS/server/https-esni/server2.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAoFrBPWq8pvqvLeF34l7j+0Ryeswe1Bq99EMzdgk5M+MVsoli +TFZ+ckGGJQHmRtd+BJTq3FktcCcOqrxM6vRA3xB061RZdh4rGc6qbmC0bCocwJnV +KweBqvuVOFFUpmneHdXEu+7kv8nyCalDRw/nuV1f28Up4ttbh6lsmvd00J5LWETr +dB++Sy/bEmhmdh8OTo0M4rpPusJ1eI5tRICTxcGUFfIOUHswpLndeEYspgd5O6Wk +n/BgLV4HVk9se3LrEk/mviAMzy4V6nngRXuq54W3aObjyKWP/29N5wSOMNOtyird +febZR3k8QOIPWe9nLM953p1sh+ooD1O36XSNjwIDAQABAoIBAD0VdUk1ELo3AmZi +3i0wYn5D+6wFd7TqnvOeacsMBmtalNhW90gHJtHVXglY6OSRkCKkq7bWjbWMW0z0 +wAQ8mT2f4joG/rE9GsQQ8uFrGy+c9yjzML3cdSux/IzghnOCHqeU2AWTIjZg8j91 +5/f4+helly97stIFJ5/NDV8W5rvVBpGaz3NL4u6O+b79A0X/0rPd6HtQqj0ZDpZH +bDl/AwoTg2jaKNsAiI47wVmUNSoCz3jYO9HQ4HgsJ+6TL6vJk6RkmcCan3pYpK92 +Z+rIqBNPopJY+EUBbKvjtR4M5kFuy3wWJXZLsyk8X7xRf91ZCPZV83GiGp65mkrz +1pf0eHECgYEAzjU63Qbb2JfFVSZfsqfHvShetM5xW6ALN69zzjPXh9QbwQx07kSX +j6V9HJvwm5pduI9wD0kVg/rP3X30M8YPnf4uAdPtS6rBSZkzEUivDhLNmd21QE50 +3TV9NLS7CDvLNTPs2JlmgiWD8bzz/PPXACI6gAxuITwzm6pnS1WvFVcCgYEAxxMX +Ac131+9X8GnzH+Bl5DhlkgjZkKZYqIzry3efNQ2Az7id+Q7G4/XZ9PhKyrlcpSnu +RItxP2MqMVLFiUG8mhQzofuI1sTfqCY3tdJEwQy2ARPrgLHdQHMWYNX6MUNVt8vD +drN+fWmukSvH9v2QPfLFr7JRn4Q7mTd8MeInrokCgYEAlJCzPSVA5XbLXILONdg9 +xuG8AgYuk7Xl/xOwmqKtKRY/fMGtyTCwBXVUg3UyT9lSprLpKIoeLz1X35tsgpSz +EcBcg0Kd14NJyO3QZiZ4wOn5KV8bxB4CgpGUCJIholf6GvWzMYar3R6MRnE9VESV +5WnDvhe2jMlj4UZPL26nOvcCgYBMczhSqOVtN6091nJXu4Vlr4LSIjPrKPbDQ9sJ +uFabuSPOoceI7fPTd4bMXM3cLHM3unKWQDatcRey+WaC34veYAO0ITTbxZ9eo86h +NK7StF7w6wV11thw98GQTpxWbtVsUAQwgZ4B66PufDG+2IGcSK9CWeieqdl5baV0 +QrWagQKBgECZJt2oVeitLzEzGAsYMcExIeZSUiUZd/Xsqxk+5VTSU+mN2yAB65vA +sY8Uu4jJfmOwZf13AUt9uRLUezMXRr2LdFzF0TA58fkzWpFRIVYDX59MMEgCuRQR +4bsOljnidj3M1/jAL6kEBuvjUmlhlUrIVcpjGg2hGX9fGc3sgRRq +-----END RSA PRIVATE KEY-----