Use SRTP profiles exported from covert-dtls

client/lib/webrtc.go

@@ -18,6 +18,7 @@ import (
 	"github.com/pion/webrtc/v4"
 	"github.com/theodorsm/covert-dtls/pkg/mimicry"
 	"github.com/theodorsm/covert-dtls/pkg/randomize"
+	"github.com/theodorsm/covert-dtls/pkg/utils"
 
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/event"
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/proxy"
@@ -256,14 +257,7 @@ func (c *WebRTCPeer) preparePeerConnection(
 		s.SetDTLSClientHelloMessageHook(rand.Hook)
 	} else if dtlsMimic {
 		mimic := &mimicry.MimickedClientHello{}
-		profiles := []dtls.SRTPProtectionProfile{
+		profiles := utils.DefaultSRTPProtectionProfiles()
-			dtls.SRTP_AES128_CM_HMAC_SHA1_80,
-			dtls.SRTP_AES128_CM_HMAC_SHA1_32,
-			dtls.SRTP_AEAD_AES_128_GCM,
-			dtls.SRTP_AEAD_AES_256_GCM,
-			dtls.SRTP_AES256_CM_SHA1_32,
-			dtls.SRTP_AES256_CM_SHA1_80,
-		}
 		s.SetSRTPProtectionProfiles(profiles...)
 		s.SetDTLSClientHelloMessageHook(mimic.Hook)
 	}

go.mod

@@ -21,7 +21,7 @@ require (
 	github.com/refraction-networking/utls v1.6.7
 	github.com/smartystreets/goconvey v1.8.1
 	github.com/stretchr/testify v1.10.0
-	github.com/theodorsm/covert-dtls v0.0.2-0.20241201194039-050c26fb1e5f
+	github.com/theodorsm/covert-dtls v0.0.2-0.20241215210721-995fe9f65413
 	github.com/txthinking/socks5 v0.0.0-20230325130024-4230056ae301
 	github.com/xtaci/kcp-go/v5 v5.6.8
 	github.com/xtaci/smux v1.5.31

go.sum

@@ -163,8 +163,8 @@ github.com/templexxx/cpu v0.1.0 h1:wVM+WIJP2nYaxVxqgHPD4wGA2aJ9rvrQRV8CvFzNb40=
 github.com/templexxx/cpu v0.1.0/go.mod h1:w7Tb+7qgcAlIyX4NhLuDKt78AHA5SzPmq0Wj6HiEnnk=
 github.com/templexxx/xorsimd v0.4.2 h1:ocZZ+Nvu65LGHmCLZ7OoCtg8Fx8jnHKK37SjvngUoVI=
 github.com/templexxx/xorsimd v0.4.2/go.mod h1:HgwaPoDREdi6OnULpSfxhzaiiSUY4Fi3JPn1wpt28NI=
-github.com/theodorsm/covert-dtls v0.0.2-0.20241201194039-050c26fb1e5f h1:+x3jtBX9WWEXSkdcoyw1Ryztrc0SJbfLD8r7ELR7NwU=
+github.com/theodorsm/covert-dtls v0.0.2-0.20241215210721-995fe9f65413 h1:gR1xoHiOzqQ4bm5EPFk1YVVYNJlPSrz5zu+/yVwNV0A=
-github.com/theodorsm/covert-dtls v0.0.2-0.20241201194039-050c26fb1e5f/go.mod h1:U3A87xJnEsomZcftqJ0QpM1MRiLIxNveypK4VGFp1jk=
+github.com/theodorsm/covert-dtls v0.0.2-0.20241215210721-995fe9f65413/go.mod h1:0Gj7OgRe9suVAMrNuuxMczZWVpa4LLuRjduo9d5g6Tc=
 github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
 github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
 github.com/txthinking/runnergroup v0.0.0-20210608031112-152c7c4432bf h1:7PflaKRtU4np/epFxRXlFhlzLXZzKFrH5/I4so5Ove0=

proxy/lib/snowflake.go

@@ -30,7 +30,6 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
-	"github.com/pion/ice/v4"
 	"io"
 	"log"
 	"net"
@@ -40,12 +39,15 @@ import (
 	"sync"
 	"time"
 
+	"github.com/pion/ice/v4"
+
 	"github.com/gorilla/websocket"
 	"github.com/pion/dtls/v3"
 	"github.com/pion/transport/v3/stdnet"
 	"github.com/pion/webrtc/v4"
 	"github.com/theodorsm/covert-dtls/pkg/mimicry"
 	"github.com/theodorsm/covert-dtls/pkg/randomize"
+	"github.com/theodorsm/covert-dtls/pkg/utils"
 
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/event"
 	"gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/v2/common/messages"
@@ -434,14 +436,7 @@ func (sf *SnowflakeProxy) makeWebRTCAPI() *webrtc.API {
 		settingsEngine.SetDTLSClientHelloMessageHook(rand.Hook)
 	} else if sf.DTLSMimic {
 		mimic := &mimicry.MimickedClientHello{}
-		profiles := []dtls.SRTPProtectionProfile{
+		profiles := utils.DefaultSRTPProtectionProfiles()
-			dtls.SRTP_AES128_CM_HMAC_SHA1_80,
-			dtls.SRTP_AES128_CM_HMAC_SHA1_32,
-			dtls.SRTP_AEAD_AES_128_GCM,
-			dtls.SRTP_AEAD_AES_256_GCM,
-			dtls.SRTP_AES256_CM_SHA1_32,
-			dtls.SRTP_AES256_CM_SHA1_80,
-		}
 		settingsEngine.SetSRTPProtectionProfiles(profiles...)
 		settingsEngine.SetDTLSClientHelloMessageHook(mimic.Hook)
 	}