Implement consistent randomized fingerprint (#20)

- Uses a chacha20-based CSPRNG to generate randomized fingeprints - Refactors generation of randomized fingerprints, removing many redundant shuffle functions. - Adds Seed field to ClientHelloID - ClientHelloID.Version is now a string (was uint16)
2025-04-03 03:57:36 +03:00 · 2019-03-06 16:14:34 -07:00 · 2019-03-06 16:14:34 -07:00 · 7c97cdb476
commit 7c97cdb476
parent 1188641a16
8 changed files with 442 additions and 215 deletions
--- a/u_parrots.go
+++ b/u_parrots.go
@ -5,16 +5,13 @@
 package tls

 import (
-	"crypto/rand"
 	"crypto/sha256"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
-	"math/big"
 	"sort"
 	"strconv"
-	"time"
 )

 func utlsIdToSpec(id ClientHelloID) (ClientHelloSpec, error) {
@ -326,25 +323,15 @@ func utlsIdToSpec(id ClientHelloID) (ClientHelloSpec, error) {

 func (uconn *UConn) applyPresetByID(id ClientHelloID) (err error) {
 	var spec ClientHelloSpec
+	uconn.ClientHelloID = id
 	// choose/generate the spec
-	switch id {
-	case HelloRandomized:
-		if tossBiasedCoin(0.5) {
-			return uconn.applyPresetByID(HelloRandomizedALPN)
-		} else {
-			return uconn.applyPresetByID(HelloRandomizedNoALPN)
-		}
-	case HelloRandomizedALPN:
-		spec, err = uconn.generateRandomizedSpec(true)
+	switch id.Client {
+	case helloRandomized, helloRandomizedNoALPN, helloRandomizedALPN:
+		spec, err = uconn.generateRandomizedSpec()
 		if err != nil {
 			return err
 		}
-	case HelloRandomizedNoALPN:
-		spec, err = uconn.generateRandomizedSpec(false)
-		if err != nil {
-			return err
-		}
-	case HelloCustom:
+	case helloCustom:
 		return nil

 	default:
@ -354,7 +341,6 @@ func (uconn *UConn) applyPresetByID(id ClientHelloID) (err error) {
 		}
 	}

-	uconn.clientHelloID = id
 	return uconn.ApplyPreset(&spec)
 }

@ -486,24 +472,51 @@ func (uconn *UConn) ApplyPreset(p *ClientHelloSpec) error {
 	return nil
 }

-func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, error) {
+func (uconn *UConn) generateRandomizedSpec() (ClientHelloSpec, error) {
 	p := ClientHelloSpec{}

+	if uconn.ClientHelloID.Seed == nil {
+		seed, err := NewPRNGSeed()
+		if err != nil {
+			return p, err
+		}
+		uconn.ClientHelloID.Seed = seed
+	}
+
+	r := newPRNGWithSeed(uconn.ClientHelloID.Seed)
+
+	id := uconn.ClientHelloID
+
+	var WithALPN bool
+	switch id.Client {
+	case helloRandomizedALPN:
+		WithALPN = true
+	case helloRandomizedNoALPN:
+		WithALPN = false
+	case helloRandomized:
+		if r.FlipWeightedCoin(0.7) {
+			WithALPN = true
+		} else {
+			WithALPN = false
+		}
+	default:
+		return p, fmt.Errorf("using non-randomized ClientHelloID %v to generate randomized spec", id.Client)
+	}
+
 	p.CipherSuites = make([]uint16, len(defaultCipherSuites()))
 	copy(p.CipherSuites, defaultCipherSuites())
-	shuffledSuites, err := shuffledCiphers()
+	shuffledSuites, err := shuffledCiphers(r)
 	if err != nil {
 		return p, err
 	}

-	if tossBiasedCoin(0.4) {
+	if r.FlipWeightedCoin(0.4) {
 		p.TLSVersMin = VersionTLS10
 		p.TLSVersMax = VersionTLS13
 		tls13ciphers := defaultCipherSuitesTLS13()
-		err = shuffleUInts16(tls13ciphers)
-		if err != nil {
-			return p, err
-		}
+		r.rand.Shuffle(len(tls13ciphers), func(i, j int) {
+			tls13ciphers[i], tls13ciphers[j] = tls13ciphers[j], tls13ciphers[i]
+		})
 		// appending TLS 1.3 ciphers before TLS 1.2, since that's what popular implementations do
 		shuffledSuites = append(tls13ciphers, shuffledSuites...)

@ -514,7 +527,7 @@ func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, erro
 		p.TLSVersMax = VersionTLS12
 	}

-	p.CipherSuites = removeRandomCiphers(shuffledSuites, 0.4)
+	p.CipherSuites = removeRandomCiphers(r, shuffledSuites, 0.4)

 	sni := SNIExtension{uconn.config.ServerName}
 	sessionTicket := SessionTicketExtension{Session: uconn.HandshakeState.Session}
@ -528,26 +541,25 @@ func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, erro
 		PKCS1WithSHA512,
 	}

-	if tossBiasedCoin(0.63) {
+	if r.FlipWeightedCoin(0.63) {
 		sigAndHashAlgos = append(sigAndHashAlgos, ECDSAWithSHA1)
 	}
-	if tossBiasedCoin(0.59) {
+	if r.FlipWeightedCoin(0.59) {
 		sigAndHashAlgos = append(sigAndHashAlgos, ECDSAWithP521AndSHA512)
 	}
-	if tossBiasedCoin(0.51) || p.TLSVersMax == VersionTLS13 {
+	if r.FlipWeightedCoin(0.51) || p.TLSVersMax == VersionTLS13 {
 		// https://tools.ietf.org/html/rfc8446 says "...RSASSA-PSS (which is mandatory in TLS 1.3)..."
 		sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA256)
-		if tossBiasedCoin(0.9) {
+		if r.FlipWeightedCoin(0.9) {
 			// these usually go together
 			sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA384)
 			sigAndHashAlgos = append(sigAndHashAlgos, PSSWithSHA512)
 		}
 	}

-	err = shuffleSignatures(sigAndHashAlgos)
-	if err != nil {
-		return p, err
-	}
+	r.rand.Shuffle(len(sigAndHashAlgos), func(i, j int) {
+		sigAndHashAlgos[i], sigAndHashAlgos[j] = sigAndHashAlgos[j], sigAndHashAlgos[i]
+	})
 	sigAndHash := SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: sigAndHashAlgos}

 	status := StatusRequestExtension{}
@ -556,11 +568,11 @@ func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, erro
 	points := SupportedPointsExtension{SupportedPoints: []byte{pointFormatUncompressed}}

 	curveIDs := []CurveID{}
-	if tossBiasedCoin(0.71) || p.TLSVersMax == VersionTLS13 {
+	if r.FlipWeightedCoin(0.71) || p.TLSVersMax == VersionTLS13 {
 		curveIDs = append(curveIDs, X25519)
 	}
 	curveIDs = append(curveIDs, CurveP256, CurveP384)
-	if tossBiasedCoin(0.46) {
+	if r.FlipWeightedCoin(0.46) {
 		curveIDs = append(curveIDs, CurveP521)
 	}

@ -586,28 +598,28 @@ func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, erro
 		p.Extensions = append(p.Extensions, &alpn)
 	}

-	if tossBiasedCoin(0.62) || p.TLSVersMax == VersionTLS13 {
+	if r.FlipWeightedCoin(0.62) || p.TLSVersMax == VersionTLS13 {
 		// always include for TLS 1.3, since TLS 1.3 ClientHellos are often over 256 bytes
 		// and that's when padding is required to work around buggy middleboxes
 		p.Extensions = append(p.Extensions, &padding)
 	}
-	if tossBiasedCoin(0.74) {
+	if r.FlipWeightedCoin(0.74) {
 		p.Extensions = append(p.Extensions, &status)
 	}
-	if tossBiasedCoin(0.46) {
+	if r.FlipWeightedCoin(0.46) {
 		p.Extensions = append(p.Extensions, &sct)
 	}
-	if tossBiasedCoin(0.75) {
+	if r.FlipWeightedCoin(0.75) {
 		p.Extensions = append(p.Extensions, &reneg)
 	}
-	if tossBiasedCoin(0.77) {
+	if r.FlipWeightedCoin(0.77) {
 		p.Extensions = append(p.Extensions, &ems)
 	}
 	if p.TLSVersMax == VersionTLS13 {
 		ks := KeyShareExtension{[]KeyShare{
 			{Group: X25519}, // the key for the group will be generated later
 		}}
-		if tossBiasedCoin(0.25) {
+		if r.FlipWeightedCoin(0.25) {
 			// do not ADD second keyShare because crypto/tls does not support multiple ecdheParams
 			// TODO: add it back when they implement multiple keyShares, or implement it oursevles
 			// ks.KeyShares = append(ks.KeyShares, KeyShare{Group: CurveP256})
@ -619,10 +631,9 @@ func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, erro
 		}
 		p.Extensions = append(p.Extensions, &ks, &pskExchangeModes, &supportedVersionsExt)
 	}
-	err = shuffleTLSExtensions(p.Extensions)
-	if err != nil {
-		return p, err
-	}
+	r.rand.Shuffle(len(p.Extensions), func(i, j int) {
+		p.Extensions[i], p.Extensions[j] = p.Extensions[j], p.Extensions[i]
+	})
 	err = uconn.SetTLSVers(p.TLSVersMin, p.TLSVersMax)
 	if err != nil {
 		return p, err
@ -631,26 +642,7 @@ func (uconn *UConn) generateRandomizedSpec(WithALPN bool) (ClientHelloSpec, erro
 	return p, nil
 }

-func tossBiasedCoin(probability float32) bool {
-	// probability is expected to be in [0,1]
-	// this function never returns errors for ease of use
-	const precision = 0xffff
-	threshold := float32(precision) * probability
-	value, err := getRandInt(precision)
-	if err != nil {
-		// I doubt that this code will ever actually be used, as other functions are expected to complain
-		// about used source of entropy. Nonetheless, this is more than enough for given purpose
-		return ((time.Now().Unix() & 1) == 0)
-	}
-
-	if float32(value) <= threshold {
-		return true
-	} else {
-		return false
-	}
-}
-
-func removeRandomCiphers(s []uint16, maxRemovalProbability float32) []uint16 {
+func removeRandomCiphers(r *prng, s []uint16, maxRemovalProbability float64) []uint16 {
 	// removes elements in place
 	// probability to remove increases for further elements
 	// never remove first cipher
@ -659,10 +651,10 @@ func removeRandomCiphers(s []uint16, maxRemovalProbability float32) []uint16 {
 	}

 	// remove random elements
-	floatLen := float32(len(s))
+	floatLen := float64(len(s))
 	sliceLen := len(s)
 	for i := 1; i < sliceLen; i++ {
-		if tossBiasedCoin(maxRemovalProbability * float32(i) / floatLen) {
+		if r.FlipWeightedCoin(maxRemovalProbability * float64(i) / floatLen) {
 			s = append(s[:i], s[i+1:]...)
 			sliceLen--
 			i--
@ -671,46 +663,9 @@ func removeRandomCiphers(s []uint16, maxRemovalProbability float32) []uint16 {
 	return s[:sliceLen]
 }

-func removeRC4Ciphers(s []uint16) []uint16 {
-	// removes elements in place
-	sliceLen := len(s)
-	for i := 0; i < sliceLen; i++ {
-		cipher := s[i]
-		if cipher == TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ||
-			cipher == TLS_ECDHE_RSA_WITH_RC4_128_SHA ||
-			cipher == TLS_RSA_WITH_RC4_128_SHA {
-			s = append(s[:i], s[i+1:]...)
-			sliceLen--
-			i--
-		}
-	}
-	return s[:sliceLen]
-}
-
-func getRandInt(max int) (int, error) {
-	bigInt, err := rand.Int(rand.Reader, big.NewInt(int64(max)))
-	return int(bigInt.Int64()), err
-}
-
-func getRandPerm(n int) ([]int, error) {
-	permArray := make([]int, n)
-	for i := 1; i < n; i++ {
-		j, err := getRandInt(i + 1)
-		if err != nil {
-			return permArray, err
-		}
-		permArray[i] = permArray[j]
-		permArray[j] = i
-	}
-	return permArray, nil
-}
-
-func shuffledCiphers() ([]uint16, error) {
+func shuffledCiphers(r *prng) ([]uint16, error) {
 	ciphers := make(sortableCiphers, len(cipherSuites))
-	perm, err := getRandPerm(len(cipherSuites))
-	if err != nil {
-		return nil, err
-	}
+	perm := r.Perm(len(cipherSuites))
 	for i, suite := range cipherSuites {
 		ciphers[i] = sortableCipher{suite: suite.id,
 			isObsolete: ((suite.flags & suiteTLS12) == 0),
@ -754,41 +709,18 @@ func (ciphers sortableCiphers) GetCiphers() []uint16 {
 	return cipherIDs
 }

-// so much for generics
-func shuffleTLSExtensions(s []TLSExtension) error {
-	// shuffles array in place
-	perm, err := getRandPerm(len(s))
-	if err != nil {
-		return err
+func removeRC4Ciphers(s []uint16) []uint16 {
+	// removes elements in place
+	sliceLen := len(s)
+	for i := 0; i < sliceLen; i++ {
+		cipher := s[i]
+		if cipher == TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ||
+			cipher == TLS_ECDHE_RSA_WITH_RC4_128_SHA ||
+			cipher == TLS_RSA_WITH_RC4_128_SHA {
+			s = append(s[:i], s[i+1:]...)
+			sliceLen--
+			i--
+		}
 	}
-	for i := range s {
-		s[i], s[perm[i]] = s[perm[i]], s[i]
-	}
-	return nil
-}
-
-// so much for generics
-func shuffleSignatures(s []SignatureScheme) error {
-	// shuffles array in place
-	perm, err := getRandPerm(len(s))
-	if err != nil {
-		return err
-	}
-	for i := range s {
-		s[i], s[perm[i]] = s[perm[i]], s[i]
-	}
-	return nil
-}
-
-// so much for generics
-func shuffleUInts16(s []uint16) error {
-	// shuffles array in place
-	perm, err := getRandPerm(len(s))
-	if err != nil {
-		return err
-	}
-	for i := range s {
-		s[i], s[perm[i]] = s[perm[i]], s[i]
-	}
-	return nil
+	return s[:sliceLen]
 }