Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: minor fixes for common fingerprint code #4712

Merged
merged 6 commits into from
Aug 23, 2024
Merged

refactor: minor fixes for common fingerprint code #4712

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e5a5b6e
refactor: minor fixes for common fingerprint code
lrstewart Aug 19, 2024
d3efe62
Add missing ENSURE_REF
lrstewart Aug 21, 2024
1160b8a
Update tls/s2n_fingerprint.c
lrstewart Aug 21, 2024
82db94d
Merge branch 'main' into ja4_3
lrstewart Aug 22, 2024
a7d526d
Merge branch 'main' into ja4_3
lrstewart Aug 22, 2024
8b69ca1
Merge branch 'main' into ja4_3
lrstewart Aug 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 22 additions & 15 deletions tests/unit/s2n_fingerprint_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,10 +214,10 @@ int main(int argc, char **argv)
{
/* Safety */
{
uint8_t output_value[1] = { 0 };
EXPECT_ERROR_WITH_ERRNO(
s2n_fingerprint_hash_digest(NULL, output_value, sizeof(output_value)),
S2N_ERR_NULL);
struct s2n_fingerprint_hash hash = { 0 };
struct s2n_blob output = { 0 };
EXPECT_ERROR_WITH_ERRNO(s2n_fingerprint_hash_digest(NULL, &output), S2N_ERR_NULL);
EXPECT_ERROR_WITH_ERRNO(s2n_fingerprint_hash_digest(&hash, NULL), S2N_ERR_NULL);
};

/* Digest successfully calculated */
Expand All @@ -229,10 +229,13 @@ int main(int argc, char **argv)
EXPECT_OK(s2n_fingerprint_hash_add_str(&hash, test_str, test_str_len));
EXPECT_EQUAL(hash.hash->currently_in_hash, test_str_len);

uint8_t actual_digest[sizeof(test_str_digest)] = { 0 };
EXPECT_OK(s2n_fingerprint_hash_digest(&hash, actual_digest, sizeof(actual_digest)));
EXPECT_BYTEARRAY_EQUAL(actual_digest, test_str_digest, sizeof(test_str_digest));
EXPECT_EQUAL(hash.bytes_digested, test_str_len);
uint8_t digest_bytes[sizeof(test_str_digest)] = { 0 };
struct s2n_blob actual_digest = { 0 };
EXPECT_SUCCESS(s2n_blob_init(&actual_digest, digest_bytes, sizeof(digest_bytes)));

EXPECT_OK(s2n_fingerprint_hash_digest(&hash, &actual_digest));
EXPECT_BYTEARRAY_EQUAL(test_str_digest, actual_digest.data, actual_digest.size);
EXPECT_EQUAL(test_str_len, hash.bytes_digested);
};

/* Hash can be reused after digest */
Expand All @@ -243,10 +246,14 @@ int main(int argc, char **argv)

const size_t count = 10;
for (size_t i = 0; i < count; i++) {
uint8_t actual_digest[sizeof(test_str_digest)] = { 0 };
uint8_t digest_bytes[sizeof(test_str_digest)] = { 0 };
struct s2n_blob actual_digest = { 0 };
EXPECT_SUCCESS(s2n_blob_init(&actual_digest, digest_bytes, sizeof(digest_bytes)));

EXPECT_OK(s2n_fingerprint_hash_add_str(&hash, test_str, test_str_len));
EXPECT_OK(s2n_fingerprint_hash_digest(&hash, actual_digest, sizeof(actual_digest)));
EXPECT_BYTEARRAY_EQUAL(actual_digest, test_str_digest, sizeof(test_str_digest));
EXPECT_OK(s2n_fingerprint_hash_digest(&hash, &actual_digest));

EXPECT_BYTEARRAY_EQUAL(test_str_digest, actual_digest.data, actual_digest.size);
}
EXPECT_EQUAL(hash.bytes_digested, test_str_len * count);
};
Expand All @@ -271,10 +278,10 @@ int main(int argc, char **argv)

/* Test s2n_assert_grease_value */
{
EXPECT_TRUE(s2n_is_grease_value(0x0A0A));
EXPECT_TRUE(s2n_is_grease_value(0xFAFA));
EXPECT_FALSE(s2n_is_grease_value(0x0000));
EXPECT_FALSE(s2n_is_grease_value(0x0001));
EXPECT_TRUE(s2n_fingerprint_is_grease_value(0x0A0A));
EXPECT_TRUE(s2n_fingerprint_is_grease_value(0xFAFA));
EXPECT_FALSE(s2n_fingerprint_is_grease_value(0x0000));
EXPECT_FALSE(s2n_fingerprint_is_grease_value(0x0001));
};

/* Test s2n_fingerprint_new / s2n_fingerprint_free */
Expand Down
7 changes: 4 additions & 3 deletions tls/s2n_fingerprint.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ static S2N_RESULT s2n_assert_grease_value(uint16_t val)
*= https://raw.githubusercontent.com/FoxIO-LLC/ja4/v0.18.2/technical_details/JA4.md#details
*# The program needs to ignore GREASE values anywhere it sees them
*/
bool s2n_is_grease_value(uint16_t val)
bool s2n_fingerprint_is_grease_value(uint16_t val)
{
return s2n_result_is_ok(s2n_assert_grease_value(val));
}
Expand Down Expand Up @@ -247,16 +247,17 @@ S2N_RESULT s2n_fingerprint_hash_add_bytes(struct s2n_fingerprint_hash *hash,
return S2N_RESULT_OK;
}

S2N_RESULT s2n_fingerprint_hash_digest(struct s2n_fingerprint_hash *hash, uint8_t *out, size_t out_size)
S2N_RESULT s2n_fingerprint_hash_digest(struct s2n_fingerprint_hash *hash, struct s2n_blob *out)
{
RESULT_ENSURE_REF(hash);
RESULT_ENSURE_REF(hash->hash);
lrstewart marked this conversation as resolved.
Show resolved Hide resolved
RESULT_ENSURE_REF(out);

uint64_t bytes = 0;
RESULT_GUARD_POSIX(s2n_hash_get_currently_in_hash_total(hash->hash, &bytes));
hash->bytes_digested += bytes;

RESULT_GUARD_POSIX(s2n_hash_digest(hash->hash, out, out_size));
RESULT_GUARD_POSIX(s2n_hash_digest(hash->hash, out->data, out->size));
RESULT_GUARD_POSIX(s2n_hash_reset(hash->hash));
return S2N_RESULT_OK;
}
Expand Down
4 changes: 2 additions & 2 deletions tls/s2n_fingerprint.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ struct s2n_fingerprint_hash {
S2N_RESULT s2n_fingerprint_hash_add_char(struct s2n_fingerprint_hash *hash, char c);
lrstewart marked this conversation as resolved.
Show resolved Hide resolved
S2N_RESULT s2n_fingerprint_hash_add_str(struct s2n_fingerprint_hash *hash, const char *str, size_t str_size);
S2N_RESULT s2n_fingerprint_hash_add_bytes(struct s2n_fingerprint_hash *hash, const uint8_t *b, size_t size);
S2N_RESULT s2n_fingerprint_hash_digest(struct s2n_fingerprint_hash *hash, uint8_t *out, size_t out_size);
S2N_RESULT s2n_fingerprint_hash_digest(struct s2n_fingerprint_hash *hash, struct s2n_blob *out);
bool s2n_fingerprint_hash_do_digest(struct s2n_fingerprint_hash *hash);

struct s2n_fingerprint_method {
Expand All @@ -52,6 +52,6 @@ struct s2n_fingerprint_method {
extern struct s2n_fingerprint_method ja3_fingerprint;
extern struct s2n_fingerprint_method ja4_fingerprint;

bool s2n_is_grease_value(uint16_t val);
bool s2n_fingerprint_is_grease_value(uint16_t val);
S2N_RESULT s2n_fingerprint_parse_extension(struct s2n_stuffer *input, uint16_t *iana);
S2N_RESULT s2n_fingerprint_get_legacy_version(struct s2n_client_hello *ch, uint16_t *version);
5 changes: 2 additions & 3 deletions tls/s2n_fingerprint_ja3.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,9 @@ static S2N_RESULT s2n_fingerprint_ja3_digest(struct s2n_fingerprint_hash *hash,
}

uint8_t digest_bytes[MD5_DIGEST_LENGTH] = { 0 };
RESULT_GUARD(s2n_fingerprint_hash_digest(hash, digest_bytes, sizeof(digest_bytes)));

struct s2n_blob digest = { 0 };
RESULT_GUARD_POSIX(s2n_blob_init(&digest, digest_bytes, sizeof(digest_bytes)));
RESULT_GUARD(s2n_fingerprint_hash_digest(hash, &digest));
RESULT_GUARD(s2n_stuffer_write_hex(out, &digest));

return S2N_RESULT_OK;
Expand All @@ -44,7 +43,7 @@ static S2N_RESULT s2n_fingerprint_ja3_digest(struct s2n_fingerprint_hash *hash,
static S2N_RESULT s2n_fingerprint_ja3_iana(struct s2n_fingerprint_hash *hash,
bool *is_list, uint16_t iana)
{
if (s2n_is_grease_value(iana)) {
if (s2n_fingerprint_is_grease_value(iana)) {
return S2N_RESULT_OK;
}

Expand Down
10 changes: 5 additions & 5 deletions tls/s2n_fingerprint_ja4.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ static S2N_RESULT s2n_fingerprint_ja4_digest(struct s2n_fingerprint_hash *hash,
uint8_t digest_bytes[SHA256_DIGEST_LENGTH] = { 0 };
struct s2n_blob digest = { 0 };
RESULT_GUARD_POSIX(s2n_blob_init(&digest, digest_bytes, sizeof(digest_bytes)));
RESULT_GUARD(s2n_fingerprint_hash_digest(hash, digest.data, digest.size));
RESULT_GUARD(s2n_fingerprint_hash_digest(hash, &digest));

/* JA4 digests are truncated */
RESULT_ENSURE_LTE(S2N_JA4_DIGEST_BYTE_LIMIT, digest.size);
Expand Down Expand Up @@ -162,7 +162,7 @@ static S2N_RESULT s2n_fingerprint_get_extension_version(struct s2n_client_hello
*= https://raw.githubusercontent.com/FoxIO-LLC/ja4/v0.18.2/technical_details/JA4.md#tls-version
*# Remember to ignore GREASE values.
*/
if (s2n_is_grease_value(version)) {
if (s2n_fingerprint_is_grease_value(version)) {
continue;
}
/**
Expand Down Expand Up @@ -344,7 +344,7 @@ static S2N_RESULT s2n_fingerprint_ja4_ciphers(struct s2n_fingerprint_hash *hash,
*= https://raw.githubusercontent.com/FoxIO-LLC/ja4/v0.18.2/technical_details/JA4.md#number-of-ciphers
*# Remember, ignore GREASE values. They don’t count.
*/
if (s2n_is_grease_value(iana)) {
if (s2n_fingerprint_is_grease_value(iana)) {
continue;
}
RESULT_GUARD(s2n_stuffer_write_uint16_hex(iana_list, iana));
Expand Down Expand Up @@ -409,7 +409,7 @@ static S2N_RESULT s2n_fingerprint_ja4_extensions(struct s2n_fingerprint_hash *ha
*= https://raw.githubusercontent.com/FoxIO-LLC/ja4/v0.18.2/technical_details/JA4.md#number-of-extensions
*# Ignore GREASE.
*/
if (s2n_is_grease_value(iana)) {
if (s2n_fingerprint_is_grease_value(iana)) {
continue;
}

Expand Down Expand Up @@ -470,7 +470,7 @@ static S2N_RESULT s2n_fingerprint_ja4_sig_algs(struct s2n_fingerprint_hash *hash
while (s2n_stuffer_data_available(&sig_algs)) {
uint16_t iana = 0;
RESULT_GUARD_POSIX(s2n_stuffer_read_uint16(&sig_algs, &iana));
if (s2n_is_grease_value(iana)) {
if (s2n_fingerprint_is_grease_value(iana)) {
continue;
}
if (is_first) {
Expand Down
Loading