psk, pq, ech and some more stuff;

cffi_dist/build.sh

@@ -9,10 +9,10 @@ GOOS=darwin CGO_ENABLED=1 GOARCH=amd64 go build -buildmode=c-shared -o ./dist/tl
 echo 'Build Linux ARM64'
 # CC is needed when you cross compile from OSX to Linux
 # On Macos:
-# GOOS=linux CGO_ENABLED=1 GOARCH=arm64 CC="aarch64-unknown-linux-gnu-gcc" go build -buildmode=c-shared -o ./dist/tls-client-linux-arm64-$1.so
+GOOS=linux CGO_ENABLED=1 GOARCH=arm64 CC="aarch64-unknown-linux-gnu-gcc" go build -buildmode=c-shared -o ./dist/tls-client-linux-arm64-$1.so
 
 # On Linux:
-GOOS=linux CGO_ENABLED=1 GOARCH=arm64 CC="aarch64-linux-gnu-gcc" go build -buildmode=c-shared -o ./dist/tls-client-linux-arm64-$1.so
+#GOOS=linux CGO_ENABLED=1 GOARCH=arm64 CC="aarch64-linux-gnu-gcc" go build -buildmode=c-shared -o ./dist/tls-client-linux-arm64-$1.so
 
 echo 'Build Linux ARMv7'
 # CC is needed when you cross compile from OSX to Linux

cffi_src/factory.go

@@ -5,12 +5,13 @@ import (
 	"bytes"
 	"encoding/base64"
 	"fmt"
-	"github.com/bogdanfinn/tls-client/profiles"
 	"io"
 	"net"
 	"os"
 	"sync"
 
+	"github.com/bogdanfinn/tls-client/profiles"
+
 	http "github.com/bogdanfinn/fhttp"
 	"github.com/bogdanfinn/fhttp/cookiejar"
 	"github.com/bogdanfinn/fhttp/http2"
@@ -30,7 +31,7 @@ func RemoveSession(sessionId string) {
 	defer clientsLock.Unlock()
 	client, ok := clients[sessionId]
 	if !ok {
-             return
+		return
 	}
 	client.CloseIdleConnections()
 
@@ -390,7 +391,7 @@ func getTlsClient(requestInput RequestInput, sessionId string, withSession bool)
 }
 
 func getCustomTlsClientProfile(customClientDefinition *CustomTlsClient) (tls.ClientHelloID, map[http2.SettingID]uint32, []http2.SettingID, []string, uint32, []http2.Priority, *http2.PriorityParam, error) {
-	specFactory, err := tls_client.GetSpecFactoryFromJa3String(customClientDefinition.Ja3String, customClientDefinition.SupportedSignatureAlgorithms, customClientDefinition.SupportedDelegatedCredentialsAlgorithms, customClientDefinition.SupportedVersions, customClientDefinition.KeyShareCurves, customClientDefinition.CertCompressionAlgo)
+	specFactory, err := tls_client.GetSpecFactoryFromJa3String(customClientDefinition.Ja3String, customClientDefinition.SupportedSignatureAlgorithms, customClientDefinition.SupportedDelegatedCredentialsAlgorithms, customClientDefinition.SupportedVersions, customClientDefinition.KeyShareCurves, customClientDefinition.ECHCandidateCipherSuites.Translate(), customClientDefinition.ECHCandidatePayloads, customClientDefinition.CertCompressionAlgo)
 	if err != nil {
 		return tls.ClientHelloID{}, nil, nil, nil, 0, nil, nil, err
 	}

cffi_src/types.go

@@ -4,6 +4,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"time"
+
+	tls_client "github.com/bogdanfinn/tls-client"
 )
 
 type TLSClientError struct {
@@ -83,18 +85,39 @@ type RequestInput struct {
 
 // CustomTlsClient contains custom TLS specifications to construct a client from.
 type CustomTlsClient struct {
-	CertCompressionAlgo                     string            `json:"certCompressionAlgo"`
-	ConnectionFlow                          uint32            `json:"connectionFlow"`
-	H2Settings                              map[string]uint32 `json:"h2Settings"`
-	H2SettingsOrder                         []string          `json:"h2SettingsOrder"`
-	HeaderPriority                          *PriorityParam    `json:"headerPriority"`
-	Ja3String                               string            `json:"ja3String"`
-	KeyShareCurves                          []string          `json:"keyShareCurves"`
-	PriorityFrames                          []PriorityFrames  `json:"priorityFrames"`
-	PseudoHeaderOrder                       []string          `json:"pseudoHeaderOrder"`
-	SupportedDelegatedCredentialsAlgorithms []string          `json:"supportedDelegatedCredentialsAlgorithms"`
-	SupportedSignatureAlgorithms            []string          `json:"supportedSignatureAlgorithms"`
-	SupportedVersions                       []string          `json:"supportedVersions"`
+	CertCompressionAlgo                     string                `json:"certCompressionAlgo"`
+	ConnectionFlow                          uint32                `json:"connectionFlow"`
+	H2Settings                              map[string]uint32     `json:"h2Settings"`
+	H2SettingsOrder                         []string              `json:"h2SettingsOrder"`
+	HeaderPriority                          *PriorityParam        `json:"headerPriority"`
+	Ja3String                               string                `json:"ja3String"`
+	KeyShareCurves                          []string              `json:"keyShareCurves"`
+	ECHCandidatePayloads                    []uint16              `json:"ECHCandidatePayloads"`
+	ECHCandidateCipherSuites                CandidateCipherSuites `json:"ECHCandidateCipherSuites"`
+	PriorityFrames                          []PriorityFrames      `json:"priorityFrames"`
+	PseudoHeaderOrder                       []string              `json:"pseudoHeaderOrder"`
+	SupportedDelegatedCredentialsAlgorithms []string              `json:"supportedDelegatedCredentialsAlgorithms"`
+	SupportedSignatureAlgorithms            []string              `json:"supportedSignatureAlgorithms"`
+	SupportedVersions                       []string              `json:"supportedVersions"`
+}
+
+type CandidateCipherSuites []CandidateCipherSuite
+
+func (c CandidateCipherSuites) Translate() []tls_client.CandidateCipherSuites {
+	suites := make([]tls_client.CandidateCipherSuites, len(c))
+	for i, suite := range c {
+		suites[i] = tls_client.CandidateCipherSuites{
+			KdfId:  suite.KdfId,
+			AeadId: suite.AeadId,
+		}
+	}
+
+	return suites
+}
+
+type CandidateCipherSuite struct {
+	KdfId  string `json:"kdfId"`
+	AeadId string `json:"aeadId"`
 }
 
 // TransportOptions contains settings for the underlying http transport of the tls client

client_options.go

@@ -49,6 +49,7 @@ type httpClientConfig struct {
 	forceHttp1                  bool
 	timeout                     time.Duration
 	localAddr                   *net.TCPAddr
+
 	// Establish a connection to origin server via ipv4 only
 	disableIPV6 bool
 	dialer      net.Dialer