gaukas · gaukas · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023
diff --git a/README.md b/README.md
@@ -2,6 +2,7 @@
 ![Go Build Status](https://github.com/gaukas/clienthellod/actions/workflows/go.yml/badge.svg)
 [![Go Report Card](https://goreportcard.com/badge/github.com/gaukas/clienthellod)](https://goreportcard.com/report/github.com/gaukas/clienthellod)
 [![DeepSource](https://app.deepsource.com/gh/gaukas/clienthellod.svg/?label=active+issues&show_trend=true&token=GugDSBnYAxAF25QNpfyAO5d2)](https://app.deepsource.com/gh/gaukas/clienthellod/)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fgaukas%2Fclienthellod.svg?type=shield&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fgaukas%2Fclienthellod?ref=badge_shield&issueType=license)
 
 ClientHello Parser/Resolver as a Service from [tlsfingerprint.io](https://tlsfingerprint.io).
 
@@ -148,3 +149,8 @@ A sample Caddyfile is provided below.
 }
 ```
 
+## License
+
+This project is developed and distributed under Apache-2.0 license. 
+
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fgaukas%2Fclienthellod.svg?type=large&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fgaukas%2Fclienthellod?ref=badge_large&issueType=license)
diff --git a/clienthello.go b/clienthello.go
@@ -106,6 +106,21 @@ func (ch *ClientHello) ParseClientHello() error {
 	ch.CipherSuites = chs.CipherSuites
 	ch.CompressionMethods = chs.CompressionMethods
 
+	// parse extensions
+	ch.parseExtensions(chs)
+
+	// Call uTLS to parse the raw bytes into ClientHelloMsg
+	chm := tls.UnmarshalClientHello(ch.raw[5:])
+	if chm == nil {
+		return errors.New("failed to parse ClientHello, (*tls.ClientHelloInfo).Unmarshal(): nil")
+	}
+	ch.ServerName = chm.ServerName
+
+	// In the end parse extra information from raw
+	return ch.parseExtra()
+}
+
+func (ch *ClientHello) parseExtensions(chs *tls.ClientHelloSpec) {
 	for _, ext := range chs.Extensions {
 		switch ext := ext.(type) {
 		case *tls.SupportedCurvesExtension:
@@ -159,16 +174,6 @@ func (ch *ClientHello) ParseClientHello() error {
 			}
 		}
 	}
-
-	// Call uTLS to parse the raw bytes into ClientHelloMsg
-	chm := tls.UnmarshalClientHello(ch.raw[5:])
-	if chm == nil {
-		return errors.New("failed to parse ClientHello, (*tls.ClientHelloInfo).Unmarshal(): nil")
-	}
-	ch.ServerName = chm.ServerName
-
-	// In the end parse extra information from raw
-	return ch.parseExtra()
 }
 
 // parseExtra parses extra information from raw bytes which couldn't be parsed by uTLS.
@@ -213,6 +218,22 @@ func (ch *ClientHello) parseExtra() error {
 		return errors.New("unable to read extensions data")
 	}
 
+	err := ch.parseExtensionsExtra(extensions)
+	if err != nil {
+		return fmt.Errorf("failed to parse extensions, parseExtensionsExtra(): %w", err)
+	}
+
+	// sort ch.Extensions and put result to ch.ExtensionsNormalized
+	ch.ExtensionsNormalized = make([]uint16, len(ch.Extensions))
+	copy(ch.ExtensionsNormalized, ch.Extensions)
+	sort.Slice(ch.ExtensionsNormalized, func(i, j int) bool {
+		return ch.ExtensionsNormalized[i] < ch.ExtensionsNormalized[j]
+	})
+
+	return nil
+}
+
+func (ch *ClientHello) parseExtensionsExtra(extensions cryptobyte.String) error {
 	var extensionIDs []uint16
 	for !extensions.Empty() {
 		var extensionID uint16
@@ -224,47 +245,48 @@ func (ch *ClientHello) parseExtra() error {
 			return errors.New("unable to read extension data")
 		}
 
-		switch extensionID {
-		case 16: // ALPN
-			ch.alpnWithLengths = extensionData
-		case 51: // keyshare
-			if !extensionData.Skip(2) {
-				return errors.New("unable to skip keyshare total length")
+		extensionID, err := ch.parseExtensionExtra(extensionID, extensionData)
+		if err != nil {
+			return fmt.Errorf("failed to parse extension, parseExtensionExtra(): %w", err)
+		}
+		extensionIDs = append(extensionIDs, extensionID) // extension ID might need to be overridden by parseExtensionExtra() in case of GREASE
+	}
+	ch.Extensions = extensionIDs
+
+	return nil
+}
+
+func (ch *ClientHello) parseExtensionExtra(extensionID uint16, extensionData cryptobyte.String) (uint16, error) {
+	switch extensionID {
+	case 16: // ALPN
+		ch.alpnWithLengths = extensionData
+	case 51: // keyshare
+		if !extensionData.Skip(2) {
+			return 0, errors.New("unable to skip keyshare total length")
+		}
+		for !extensionData.Empty() {
+			var group uint16
+			var length uint16
+			if !extensionData.ReadUint16(&group) || !extensionData.ReadUint16(&length) {
+				return 0, errors.New("unable to read keyshare group")
 			}
-			for !extensionData.Empty() {
-				var group uint16
-				var length uint16
-				if !extensionData.ReadUint16(&group) || !extensionData.ReadUint16(&length) {
-					return errors.New("unable to read keyshare group")
-				}
-				if utils.IsGREASEUint16(group) {
-					group = tls.GREASE_PLACEHOLDER
-				}
-				ch.keyshareGroupsWithLengths = append(ch.keyshareGroupsWithLengths, group)
-				ch.keyshareGroupsWithLengths = append(ch.keyshareGroupsWithLengths, length)
-
-				if !extensionData.Skip(int(length)) {
-					return errors.New("unable to skip keyshare data")
-				}
+			if utils.IsGREASEUint16(group) {
+				group = tls.GREASE_PLACEHOLDER
 			}
-		default:
-			if utils.IsGREASEUint16(extensionID) {
-				extensionIDs = append(extensionIDs, tls.GREASE_PLACEHOLDER)
-				continue
+			ch.keyshareGroupsWithLengths = append(ch.keyshareGroupsWithLengths, group)
+			ch.keyshareGroupsWithLengths = append(ch.keyshareGroupsWithLengths, length)
+
+			if !extensionData.Skip(int(length)) {
+				return 0, errors.New("unable to skip keyshare data")
 			}
 		}
-		extensionIDs = append(extensionIDs, extensionID)
+	default:
+		if utils.IsGREASEUint16(extensionID) {
+			return tls.GREASE_PLACEHOLDER, nil
+		}
 	}
-	ch.Extensions = extensionIDs
 
-	// sort ch.Extensions and put result to ch.ExtensionsNormalized
-	ch.ExtensionsNormalized = make([]uint16, len(ch.Extensions))
-	copy(ch.ExtensionsNormalized, ch.Extensions)
-	sort.Slice(ch.ExtensionsNormalized, func(i, j int) bool {
-		return ch.ExtensionsNormalized[i] < ch.ExtensionsNormalized[j]
-	})
-
-	return nil
+	return extensionID, nil
 }
 
 // FingerprintNID calculates fingerprint Numerical ID of ClientHello.