refactor: separate out ja3 specific logic #4578
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lrstewart
force-pushed
the
ja4_1
branch
3 times, most recently
from
9cb5a88 to
c79dc43
Compare
goatgoose
reviewed
Jun 4, 2024
| POSIX_GUARD_RESULT(s2n_fingerprint_hash_flush(&md5_hash, &string_stuffer)); | ||
| DEFER_CLEANUP(struct s2n_hash_state hash_state = { 0 }, s2n_hash_free); | ||
| POSIX_GUARD(s2n_hash_new(&hash_state)); | ||
| s2n_hash_allow_md5_for_fips(&hash_state); |
There was a problem hiding this comment.
Is the error being intentionally ignored here to avoid the s2n_is_in_fips_mode() check? Would it be better to just have s2n_digest_allow_md5_for_fips() no-op when s2n-tls isn't in FIPS mode?
goatgoose
reviewed
Jun 10, 2024
goatgoose
approved these changes
Jun 16, 2024
maddeleine
reviewed
Jun 18, 2024
maddeleine
approved these changes
Jun 24, 2024
maddeleine
approved these changes
Jun 25, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
Moving towards adding JA4 support.
I split the JA3-specific logic into a separate file. As part of that, I also better encapsulated the logic that calculates either a digest or a full string for a given hash, because JA4 will need to reuse that logic (JA4 includes two different digests, concatenated).
Other than the hashing, JA3 and JA4 share very little. JA3 uses decimal, JA4 uses hex. The separators are also different.
This is an example JA3 fingerprint:
While this is an example JA4 fingerprint:
Callouts
The diff is really not good, but I can't figure out how to improve it. If it's completely unreadable, I could just rename "s2n_fingerprint.c" to "s2n_fingerprint_common.c" to avoid the messy diff. I could then rename it back in a later PR.
Testing:
The existing "s2n_fingerprint_ja3_test" tests continue to pass with the refactor. I also added some "s2n_fingerprint_test" tests for the hashing + grease value detection.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.