astelm/telemt
1
0
Fork 0
mirror of https://github.com/telemt/telemt.git synced 2026-04-15 09:34:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Normalize IP + Masking + TLS

Browse Source
This commit is contained in:
Alexey
2026-02-20 16:32:14 +03:00
parent be2ec4b9b4
commit 2ea4c83d9d
7 changed files with 104 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/protocol/tls.rs
View File

@@ -351,6 +351,9 @@ pub fn build_server_hello(
fake_cert_len: usize,
rng: &SecureRandom,
) -> Vec<u8> {
const MIN_APP_DATA: usize = 64;
const MAX_APP_DATA: usize = 16640; // RFC 8446 §5.2 upper bound
let fake_cert_len = fake_cert_len.max(MIN_APP_DATA).min(MAX_APP_DATA);
let x25519_key = gen_fake_x25519_key(rng);
// Build ServerHello
@@ -373,7 +376,13 @@ pub fn build_server_hello(
app_data_record.push(TLS_RECORD_APPLICATION);
app_data_record.extend_from_slice(&TLS_VERSION);
app_data_record.extend_from_slice(&(fake_cert_len as u16).to_be_bytes());
app_data_record.extend_from_slice(&fake_cert);
if fake_cert_len > 17 {
app_data_record.extend_from_slice(&fake_cert[..fake_cert_len - 17]);
app_data_record.push(0x16); // inner content type marker
app_data_record.extend_from_slice(&rng.bytes(16)); // AEAD-like tag mimic
} else {
app_data_record.extend_from_slice(&fake_cert);
}
// Combine all records
let mut response = Vec::with_capacity(