Skip to content

Commit

Permalink
First working version for extension order
Browse files Browse the repository at this point in the history
  • Loading branch information
perklet committed Apr 16, 2024
1 parent 74b8e3b commit a7629ee
Show file tree
Hide file tree
Showing 18 changed files with 181 additions and 50 deletions.
1 change: 1 addition & 0 deletions chrome/curl_chrome100
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,5 @@ dir=${0%/*}
--compressed \
--tlsv1.2 --alps \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_chrome101
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,5 @@ dir=${0%/*}
--compressed \
--tlsv1.2 --alps \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_chrome104
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,5 @@ dir=${0%/*}
--compressed \
--tlsv1.2 --alps \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_chrome107
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,5 @@ dir=${0%/*}
--compressed \
--tlsv1.2 --alps \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_chrome110
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,5 @@ dir=${0%/*}
--compressed \
--tlsv1.2 --alps --tls-permute-extensions \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_chrome116
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,5 @@ dir=${0%/*}
--compressed \
--tlsv1.2 --alps --tls-permute-extensions \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_chrome119
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,5 @@ dir=${0%/*}
--ech GREASE \
--tlsv1.2 --alps --tls-permute-extensions \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_chrome120
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,5 @@ dir=${0%/*}
--ech GREASE \
--tlsv1.2 --alps --tls-permute-extensions \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_chrome99
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,5 @@ dir=${0%/*}
--compressed \
--tlsv1.2 --alps \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_chrome99_android
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,5 @@ dir=${0%/*}
--compressed \
--tlsv1.2 --alps \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_edge101
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,5 @@ dir=${0%/*}
--compressed \
--tlsv1.2 --alps \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_edge99
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,5 @@ dir=${0%/*}
--compressed \
--tlsv1.2 --alps \
--cert-compression brotli \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_safari15_3
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,5 @@ dir=${0%/*}
--http2-window-update 10485760 \
--compressed \
--tlsv1.0 --no-tls-session-ticket \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_safari15_5
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,5 @@ dir=${0%/*}
--compressed \
--tlsv1.0 --no-tls-session-ticket \
--cert-compression zlib \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_safari17_0
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,5 @@ dir=${0%/*}
--compressed \
--tlsv1.0 --no-tls-session-ticket \
--cert-compression zlib \
--tls-grease \
"$@"
1 change: 1 addition & 0 deletions chrome/curl_safari17_2_ios
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,5 @@ dir=${0%/*}
--compressed \
--tlsv1.0 --no-tls-session-ticket \
--cert-compression zlib \
--tls-grease \
"$@"
75 changes: 53 additions & 22 deletions chrome/patches/boringssl-old-ciphers.patch
Original file line number Diff line number Diff line change
Expand Up @@ -33,42 +33,44 @@ index e500dd76e..487945969 100644
// permute extensions. For now, this is only implemented for the ClientHello.
OPENSSL_EXPORT void SSL_set_permute_extensions(SSL *ssl, int enabled);
diff --git a/ssl/extensions.cc b/ssl/extensions.cc
index b13400097..6cd8bd750 100644
index b13400097..a59db770c 100644
--- a/ssl/extensions.cc
+++ b/ssl/extensions.cc
@@ -115,6 +115,7 @@

#include <algorithm>
#include <utility>
+#include <map>

#include <openssl/aead.h>
#include <openssl/bytestring.h>
@@ -3313,6 +3314,7 @@ bool ssl_setup_extension_permutation(SSL_HANDSHAKE *hs) {
@@ -3313,6 +3313,7 @@ bool ssl_setup_extension_permutation(SSL_HANDSHAKE *hs) {
!permutation.Init(kNumExtensions)) {
return false;
}
+ // By default, nothing is permuted.
for (size_t i = 0; i < kNumExtensions; i++) {
permutation[i] = i;
}
@@ -3337,6 +3339,44 @@ static const struct tls_extension *tls_extension_find(uint32_t *out_index,
@@ -3320,6 +3321,11 @@ bool ssl_setup_extension_permutation(SSL_HANDSHAKE *hs) {
// Set element |i| to a randomly-selected element 0 <= j <= i.
std::swap(permutation[i], permutation[seeds[i - 1] % (i + 1)]);
}
+ // fprintf(stderr, "the permuated order is set to:");
+ // for (size_t i = 0; i < kNumExtensions; i++) {
+ // fprintf(stderr, "%d, ", permutation[i]);
+ // }
+ // fprintf(stderr, "\n");
hs->extension_permutation = std::move(permutation);
return true;
}
@@ -3337,6 +3343,50 @@ static const struct tls_extension *tls_extension_find(uint32_t *out_index,
return NULL;
}

+// curl-impersonate: set customized extension order
+//
+// Generate the extension_permutation array from the customized extension order
+// string.
+// Generate the extension_permutation array from a customized extension order string.
+//
+// The customized extension order string is a dash-separated list of
+// extensions. Each extension is a string of the form "extension_name[:index]".
+// The index is optional and defaults to 0.
+// The customized extension order string is a dash-separated list of extensions.
+//
+bool ssl_set_extension_order(SSL_HANDSHAKE *hs) {
+ if (hs->config->extension_order == nullptr) {
+ return true;
+ }
+ // fprintf(stderr, "order %s\n", hs->config->extension_order);
+ Array<uint8_t> order;
+ if (!order.Init(kNumExtensions)) {
+ return false;
Expand All @@ -85,10 +87,18 @@ index b13400097..6cd8bd750 100644
+ while (ext != nullptr) {
+ unsigned ext_index;
+ tls_extension_find(&ext_index, atoi(ext));
+ // fprintf(stderr, "found %d -> %d, ", atoi(ext), ext_index);
+ order[idx] = ext_index;
+ ext = strtok(NULL, delimiter);
+ idx++;
+ }
+ // fprintf(stderr, "\n");
+ // fprintf(stderr, "the order is set to:");
+ // for (size_t i = 0; i < kNumExtensions; i++) {
+ // fprintf(stderr, "%d, ", order[i]);
+ // }
+ // fprintf(stderr, "\n");
+ free(tmp);
+
+ hs->extension_permutation = std::move(order);
+ return true;
Expand All @@ -97,16 +107,29 @@ index b13400097..6cd8bd750 100644
static bool add_padding_extension(CBB *cbb, uint16_t ext, size_t len) {
CBB child;
if (!CBB_add_u16(cbb, ext) || //
@@ -3383,6 +3423,9 @@ static bool ssl_add_clienthello_tlsext_inner(SSL_HANDSHAKE *hs, CBB *out,
@@ -3379,10 +3429,14 @@ static bool ssl_add_clienthello_tlsext_inner(SSL_HANDSHAKE *hs, CBB *out,
}
}

+ fprintf(stderr, "starting to numeratez\n");
for (size_t unpermuted = 0; unpermuted < kNumExtensions; unpermuted++) {
size_t i = hs->extension_permutation.empty()
? unpermuted
: hs->extension_permutation[unpermuted];
+ // curl-impersonate: skip non-exist extensions
+ if (i == 255) { continue; }
+ // end of curl-impersonate
+ fprintf(stderr, "extension %zu,", i);
+ fprintf(stderr, "\n");
+ if (i == 255) { continue; } // curl-impersonate: skip non-exist extensions
const size_t len_before = CBB_len(&extensions);
const size_t len_compressed_before = CBB_len(compressed.get());
if (!kExtensions[i].add_clienthello(hs, &extensions, compressed.get(),
@@ -3492,6 +3546,7 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded,
size_t i = hs->extension_permutation.empty()
? unpermuted
: hs->extension_permutation[unpermuted];
+ if (i == 255) { continue; } // curl-impersonate: skip non-exist extensions
const size_t len_before = CBB_len(&extensions);
if (!kExtensions[i].add_clienthello(hs, &extensions, &extensions, type)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 971ebd0b1..0005c6d79 100644
--- a/ssl/handshake_client.cc
Expand Down Expand Up @@ -445,10 +468,18 @@ index fd8cef95d..3d2c8ff6d 100644
"Not all ciphers are included in the cipher order");

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 58b68e675..d9849f3be 100644
index 58b68e675..15eb823b3 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -3015,6 +3015,12 @@ void SSL_CTX_set_permute_extensions(SSL_CTX *ctx, int enabled) {
@@ -657,6 +657,7 @@ SSL *SSL_new(SSL_CTX *ctx) {
ssl->config->retain_only_sha256_of_client_certs =
ctx->retain_only_sha256_of_client_certs;
ssl->config->permute_extensions = ctx->permute_extensions;
+ ssl->config->extension_order = ctx->extension_order;
ssl->config->aes_hw_override = ctx->aes_hw_override;
ssl->config->aes_hw_override_value = ctx->aes_hw_override_value;
ssl->config->tls13_cipher_policy = ctx->tls13_cipher_policy;
@@ -3015,6 +3016,12 @@ void SSL_CTX_set_permute_extensions(SSL_CTX *ctx, int enabled) {
ctx->permute_extensions = !!enabled;
}

Expand Down
Loading

0 comments on commit a7629ee

Please sign in to comment.