Add support for OuterSni field

* Add extra handshake that uses a different outer SNI field
ooni · Nov 8, 2024 · 186df09 · 186df09
1 parent 3fa848b
commit 186df09
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 7 deletions.
diff --git a/internal/experiment/echcheck/measure.go b/internal/experiment/echcheck/measure.go
@@ -92,14 +92,22 @@ func (m *Measurer) Run(
 		return netxlite.NewErrWrapper(netxlite.ClassifyGenericError, netxlite.ConnectOperation, err)
 	}
 
+	ol = logx.NewOperationLogger(args.Session.Logger(), "echcheck: TCPConnect#3 %s", address)
+	conn3, err := dialer.DialContext(ctx, "tcp", address)
+	ol.Stop(err)
+	if err != nil {
+		return netxlite.NewErrWrapper(netxlite.ClassifyGenericError, netxlite.ConnectOperation, err)
+	}
+
 	// 3. Conduct and measure control and target TLS handshakes in parallel
-	controlChannel := make(chan model.ArchivalTLSOrQUICHandshakeResult)
-	targetChannel := make(chan model.ArchivalTLSOrQUICHandshakeResult)
+	noEchChannel := make(chan model.ArchivalTLSOrQUICHandshakeResult)
+	echWithMatchingOuterSniChannel := make(chan model.ArchivalTLSOrQUICHandshakeResult)
+	echWithExampleOuterSniChannel := make(chan model.ArchivalTLSOrQUICHandshakeResult)
 	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
 	defer cancel()
 
 	go func() {
-		controlChannel <- *handshake(
+		noEchChannel <- *handshake(
 			ctx,
 			conn,
 			args.Measurement.MeasurementStartTimeSaved,
@@ -110,7 +118,7 @@ func (m *Measurer) Run(
 	}()
 
 	go func() {
-		targetChannel <- *handshakeWithEch(
+		echWithMatchingOuterSniChannel <- *handshakeWithEch(
 			ctx,
 			conn2,
 			args.Measurement.MeasurementStartTimeSaved,
@@ -120,10 +128,29 @@ func (m *Measurer) Run(
 		)
 	}()
 
-	control := <-controlChannel
-	target := <-targetChannel
+	exampleSni := "cloudflare.com"
+	go func() {
+		echWithExampleOuterSniChannel <- *handshakeWithEch(
+			ctx,
+			conn3,
+			args.Measurement.MeasurementStartTimeSaved,
+			address,
+			exampleSni,
+			args.Session.Logger(),
+		)
+	}()
 
-	args.Measurement.TestKeys = TestKeys{TLSHandshakes: []*model.ArchivalTLSOrQUICHandshakeResult{&control, &target}}
+	noEch := <-noEchChannel
+	echWithMatchingOuterSni := <-echWithMatchingOuterSniChannel
+	echWithMatchingOuterSni.ServerName = parsed.Host
+	echWithMatchingOuterSni.OuterServerName = parsed.Host
+	echWithExampleOuterSni := <-echWithExampleOuterSniChannel
+	echWithExampleOuterSni.ServerName = parsed.Host
+	echWithExampleOuterSni.OuterServerName = exampleSni
+
+	args.Measurement.TestKeys = TestKeys{TLSHandshakes: []*model.ArchivalTLSOrQUICHandshakeResult{
+		&noEch, &echWithMatchingOuterSni, &echWithExampleOuterSni,
+	}}
 
 	return nil
 }

diff --git a/internal/model/archival.go b/internal/model/archival.go
@@ -248,6 +248,7 @@ type ArchivalTLSOrQUICHandshakeResult struct {
 	NoTLSVerify        bool                 `json:"no_tls_verify"`
 	PeerCertificates   []ArchivalBinaryData `json:"peer_certificates"`
 	ServerName         string               `json:"server_name"`
+	OuterServerName    string               `json:"outer_server_name,omitempty"`
 	ECHConfig          string               `json:"echconfig,omitempty"`
 	T0                 float64              `json:"t0,omitempty"`
 	T                  float64              `json:"t"`