From 8caebb484dd99c5053328960829db1e2008f6dfc Mon Sep 17 00:00:00 2001
From: theodorsm <theodor@midtlien.com>
Date: Sun, 15 Dec 2024 22:15:05 +0100
Subject: [PATCH] Use SRTP profiles exported from covert-dtls

---
 client/lib/webrtc.go   | 10 ++--------
 go.mod                 |  2 +-
 go.sum                 |  4 ++--
 proxy/lib/snowflake.go | 13 ++++---------
 4 files changed, 9 insertions(+), 20 deletions(-)

diff --git a/client/lib/webrtc.go b/client/lib/webrtc.go
index fdbbb31..fbe4fbf 100644
--- a/client/lib/webrtc.go
+++ b/client/lib/webrtc.go
@@ -18,6 +18,7 @@ import (
 	"github.com/pion/webrtc/v4"
 	"github.com/theodorsm/covert-dtls/pkg/mimicry"
 	"github.com/theodorsm/covert-dtls/pkg/randomize"
+	"github.com/theodorsm/covert-dtls/pkg/utils"
 
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/event"
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/proxy"
@@ -256,14 +257,7 @@ func (c *WebRTCPeer) preparePeerConnection(
 		s.SetDTLSClientHelloMessageHook(rand.Hook)
 	} else if dtlsMimic {
 		mimic := &mimicry.MimickedClientHello{}
-		profiles := []dtls.SRTPProtectionProfile{
-			dtls.SRTP_AES128_CM_HMAC_SHA1_80,
-			dtls.SRTP_AES128_CM_HMAC_SHA1_32,
-			dtls.SRTP_AEAD_AES_128_GCM,
-			dtls.SRTP_AEAD_AES_256_GCM,
-			dtls.SRTP_AES256_CM_SHA1_32,
-			dtls.SRTP_AES256_CM_SHA1_80,
-		}
+		profiles := utils.DefaultSRTPProtectionProfiles()
 		s.SetSRTPProtectionProfiles(profiles...)
 		s.SetDTLSClientHelloMessageHook(mimic.Hook)
 	}
diff --git a/go.mod b/go.mod
index 61686a8..824b291 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/refraction-networking/utls v1.6.7
 	github.com/smartystreets/goconvey v1.8.1
 	github.com/stretchr/testify v1.10.0
-	github.com/theodorsm/covert-dtls v0.0.2-0.20241201194039-050c26fb1e5f
+	github.com/theodorsm/covert-dtls v0.0.2-0.20241215210721-995fe9f65413
 	github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301
 	github.com/xtaci/kcp-go/v5 v5.6.8
 	github.com/xtaci/smux v1.5.31
diff --git a/go.sum b/go.sum
index 12541b6..4d8b993 100644
--- a/go.sum
+++ b/go.sum
@@ -163,8 +163,8 @@ github.com/templexxx/cpu v0.1.0 h1:wVM+WIJP2nYaxVxqgHPD4wGA2aJ9rvrQRV8CvFzNb40=
 github.com/templexxx/cpu v0.1.0/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
 github.com/templexxx/xorsimd v0.4.2 h1:ocZZ+Nvu65LGHmCLZ7OoCtg8Fx8jnHKK37SjvngUoVI=
 github.com/templexxx/xorsimd v0.4.2/go.mod h1:HgwaPoDREdi6OnULpSfxhzaiiSUY4Fi3JPn1wpt28NI=
-github.com/theodorsm/covert-dtls v0.0.2-0.20241201194039-050c26fb1e5f h1:+x3jtBX9WWEXSkdcoyw1Ryztrc0SJbfLD8r7ELR7NwU=
-github.com/theodorsm/covert-dtls v0.0.2-0.20241201194039-050c26fb1e5f/go.mod h1:U3A87xJnEsomZcftqJ0QpM1MRiLIxNveypK4VGFp1jk=
+github.com/theodorsm/covert-dtls v0.0.2-0.20241215210721-995fe9f65413 h1:gR1xoHiOzqQ4bm5EPFk1YVVYNJlPSrz5zu+/yVwNV0A=
+github.com/theodorsm/covert-dtls v0.0.2-0.20241215210721-995fe9f65413/go.mod h1:0Gj7OgRe9suVAMrNuuxMczZWVpa4LLuRjduo9d5g6Tc=
 github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
 github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
 github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf h1:7PflaKRtU4np/epFxRXlFhlzLXZzKFrH5/I4so5Ove0=
diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go
index d9af4ae..396acb5 100644
--- a/proxy/lib/snowflake.go
+++ b/proxy/lib/snowflake.go
@@ -30,7 +30,6 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
-	"github.com/pion/ice/v4"
 	"io"
 	"log"
 	"net"
@@ -40,12 +39,15 @@ import (
 	"sync"
 	"time"
 
+	"github.com/pion/ice/v4"
+
 	"github.com/gorilla/websocket"
 	"github.com/pion/dtls/v3"
 	"github.com/pion/transport/v3/stdnet"
 	"github.com/pion/webrtc/v4"
 	"github.com/theodorsm/covert-dtls/pkg/mimicry"
 	"github.com/theodorsm/covert-dtls/pkg/randomize"
+	"github.com/theodorsm/covert-dtls/pkg/utils"
 
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/event"
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/messages"
@@ -434,14 +436,7 @@ func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API {
 		settingsEngine.SetDTLSClientHelloMessageHook(rand.Hook)
 	} else if sf.DTLSMimic {
 		mimic := &mimicry.MimickedClientHello{}
-		profiles := []dtls.SRTPProtectionProfile{
-			dtls.SRTP_AES128_CM_HMAC_SHA1_80,
-			dtls.SRTP_AES128_CM_HMAC_SHA1_32,
-			dtls.SRTP_AEAD_AES_128_GCM,
-			dtls.SRTP_AEAD_AES_256_GCM,
-			dtls.SRTP_AES256_CM_SHA1_32,
-			dtls.SRTP_AES256_CM_SHA1_80,
-		}
+		profiles := utils.DefaultSRTPProtectionProfiles()
 		settingsEngine.SetSRTPProtectionProfiles(profiles...)
 		settingsEngine.SetDTLSClientHelloMessageHook(mimic.Hook)
 	}