Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 899ede2880
Branches Tags
ydb
/
contrib
/
restricted
/
aws
/
s2n
/
api
/
unstable
/
fingerprint.h

fingerprint.h 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. /*
    2. 

  2. * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    3. 

  3. *
    4. 

  4. * Licensed under the Apache License, Version 2.0 (the "License").
    5. 

  5. * You may not use this file except in compliance with the License.
    6. 

  6. * A copy of the License is located at
    7. 

  7. *
    8. 

  8. *  http://aws.amazon.com/apache2.0
    9. 

  9. *
    10. 

  10. * or in the "license" file accompanying this file. This file is distributed
    11. 

  11. * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
    12. 

  12. * express or implied. See the License for the specific language governing
    13. 

  13. * permissions and limitations under the License.
    14. 

  14. */
    15. 

  15. 

  16. #pragma once
    17. 

  17. 

  18. #include <s2n.h>
    19. 

  19. 

  20. /**
    21. 

  21.  * @file fingerprint.h
    22. 

  22.  *
    23. 

  23.  * The following APIs enable applications to calculate fingerprints to
    24. 

  24.  * identify ClientHellos.
    25. 

  25.  *
    26. 

  26.  * The fingerprinting APIs are currently considered unstable. They will be finalized
    27. 

  27.  * and marked as stable after an initial customer integration and feedback.
    28. 

  28.  */
    29. 

  29. 

  30. typedef enum {
    31. 

  31.     /*
    32. 

  32.      * The current standard open source fingerprinting method.
    33. 

  33.      * See https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967.
    34. 

  34.      */
    35. 

  35.     S2N_FINGERPRINT_JA3,
    36. 

  36. } s2n_fingerprint_type;
    37. 

  37. 

  38. /**
    39. 

  39.  * Calculates a fingerprint hash for a given ClientHello.
    40. 

  40.  *
    41. 

  41.  * Currently the only type supported is S2N_FINGERPRINT_JA3, which uses MD5 and
    42. 

  42.  * requires at least 16 bytes of memory.
    43. 

  43.  *
    44. 

  44.  * @param ch The ClientHello to fingerprint.
    45. 

  45.  * @param type The algorithm to use for the fingerprint. Currently only JA3 is supported.
    46. 

  46.  * @param max_hash_size The maximum size of data that may be written to `hash`.
    47. 

  47.  * If too small for the requested hash, an S2N_ERR_T_USAGE error will occur.
    48. 

  48.  * @param hash The location that the requested hash will be written to.
    49. 

  49.  * @param hash_size The actual size of the data written to `hash`.
    50. 

  50.  * @param str_size The actual size of the full string associated with this hash.
    51. 

  51.  * This size can be used to ensure that sufficient memory is provided for the
    52. 

  52.  * output of `s2n_client_hello_get_fingerprint_string`.
    53. 

  53.  * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
    54. 

  54.  */
    55. 

  55. S2N_API int s2n_client_hello_get_fingerprint_hash(struct s2n_client_hello *ch,
    56. 

  56.         s2n_fingerprint_type type, uint32_t max_hash_size,
    57. 

  57.         uint8_t *hash, uint32_t *hash_size, uint32_t *str_size);
    58. 

  58. 

  59. /**
    60. 

  60.  * Calculates a full, variable-length fingerprint string for a given ClientHello.
    61. 

  61.  *
    62. 

  62.  * Because the length of the string is variable and unknown until the string is
    63. 

  63.  * calculated, `s2n_client_hello_get_fingerprint_hash` can be called first to
    64. 

  64.  * determine `max_size` and ensure `output` is sufficiently large.
    65. 

  65.  *
    66. 

  66.  * @param ch The ClientHello to fingerprint.
    67. 

  67.  * @param type The algorithm to use for the fingerprint. Currently only JA3 is supported.
    68. 

  68.  * @param max_size The maximum size of data that may be written to `output`.
    69. 

  69.  * If too small for the requested string, an S2N_ERR_T_USAGE error will occur.
    70. 

  70.  * @param output The location that the requested string will be written to.
    71. 

  71.  * @param output_size The actual size of the data written to `output`.
    72. 

  72.  * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
    73. 

  73.  */
    74. 

  74. S2N_API int s2n_client_hello_get_fingerprint_string(struct s2n_client_hello *ch,
    75. 

  75.         s2n_fingerprint_type type, uint32_t max_size,
    76. 

  76.         uint8_t *output, uint32_t *output_size);
    77. 

  77. 

  78. /**
    79. 

  79.  * Creates an s2n_client_hello from bytes representing a ClientHello message.
    80. 

  80.  *
    81. 

  81.  * Unlike s2n_connection_get_client_hello, the s2n_client_hello returned by this
    82. 

  82.  * method is owned by the application and must be freed with s2n_client_hello_free.
    83. 

  83.  *
    84. 

  84.  * This method does not support SSLv2 ClientHellos.
    85. 

  85.  *
    86. 

  86.  * @param bytes The raw bytes representing the ClientHello.
    87. 

  87.  * @param size The size of raw_message.
    88. 

  88.  * @returns A new s2n_client_hello on success, or NULL on failure.
    89. 

  89.  */
    90. 

  90. S2N_API struct s2n_client_hello *s2n_client_hello_parse_message(const uint8_t *bytes, uint32_t size);
    91. 

  91. 

  92. /**
    93. 

  93.  * Frees an s2n_client_hello structure.
    94. 

  94.  *
    95. 

  95.  * This method should be called to free s2n_client_hellos returned by
    96. 

  96.  * s2n_client_hello_parse_message. It will error if passed an s2n_client_hello
    97. 

  97.  * returned by s2n_connection_get_client_hello and owned by the connection.
    98. 

  98.  *
    99. 

  99.  * @param ch The structure to be freed.
    100. 

  100.  * @returns S2N_SUCCESS on success, S2N_FAILURE on failure.
    101. 

  101.  */
    102. 

  102. S2N_API int s2n_client_hello_free(struct s2n_client_hello **ch);
    103.