chore: static calc extension permutation (#184)

0x676e67 · Dec 20, 2024 · 1da5d42 · 1da5d42
1 parent 5a92fa5
commit 1da5d42
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 7 deletions.
diff --git a/src/tls/impersonate/firefox.rs b/src/tls/impersonate/firefox.rs
@@ -90,6 +90,8 @@ fn header_initializer_with_zstd(ua: &'static str) -> HeaderMap {
 
 // ============== tls settings ==============
 mod tls {
+    use std::sync::LazyLock;
+
     use crate::tls::impersonate::tls_imports::*;
 
     pub const OLD_CURVES: &[SslCurve] = &[
@@ -163,7 +165,7 @@ mod tls {
 
     pub const RECORD_SIZE_LIMIT: u16 = 0x4001;
 
-    pub const EXTENSION_PERMUTATION: &[ExtensionType] = &[
+    pub const EXTENSIONS: &[ExtensionType] = &[
         ExtensionType::SERVER_NAME,
         ExtensionType::EXTENDED_MASTER_SECRET,
         ExtensionType::RENEGOTIATE,
@@ -182,6 +184,20 @@ mod tls {
         ExtensionType::ENCRYPTED_CLIENT_HELLO,
     ];
 
+    pub static EXTENSION_PERMUTATION_INDICES: LazyLock<[u8; EXTENSIONS.len()]> =
+        LazyLock::new(|| {
+            let mut indices = [0u8; EXTENSIONS.len()];
+            for (i, &ext) in EXTENSIONS.iter().enumerate() {
+                if let Some(idx) = ExtensionType::BORING_SSLEXTENSION_PERMUTATION
+                    .iter()
+                    .position(|&e| e == ext)
+                {
+                    indices[i] = idx as u8;
+                }
+            }
+            indices
+        });
+
     #[derive(TypedBuilder)]
     pub struct FirefoxTlsSettings {
         // TLS curves
@@ -225,8 +241,8 @@ mod tls {
         cert_compression_algorithm: Option<&'static [CertCompressionAlgorithm]>,
 
         // TLS extension permutation
-        #[builder(default = EXTENSION_PERMUTATION, setter(into))]
-        extension_permutation: &'static [ExtensionType],
+        #[builder(default = &*EXTENSION_PERMUTATION_INDICES, setter(into))]
+        extension_permutation_indices: &'static [u8],
     }
 
     impl From<FirefoxTlsSettings> for TlsSettings {
@@ -246,7 +262,7 @@ mod tls {
                 .key_shares_length_limit(val.key_shares_length_limit)
                 .pre_shared_key(val.pre_shared_key)
                 .psk_skip_session_ticket(val.psk_skip_session_tickets)
-                .extension_permutation(Cow::Borrowed(val.extension_permutation))
+                .extension_permutation_indices(Cow::Borrowed(val.extension_permutation_indices))
                 .build()
         }
     }

diff --git a/src/tls/mod.rs b/src/tls/mod.rs
@@ -174,8 +174,13 @@ fn connect_layer(settings: TlsSettings) -> TlsResult<HttpsLayer> {
     }
 
     // Set the extension permutation if it is set.
-    if let Some(extension_permutation) = settings.extension_permutation {
-        connector.set_extension_permutation(extension_permutation.as_ref())?;
+    if let Some(extensions) = settings.extension_permutation {
+        connector.set_extension_permutation(extensions.as_ref())?;
+    }
+
+    // Set the extension permutation index if it is set.
+    if let Some(indices) = settings.extension_permutation_indices {
+        connector.set_extension_permutation_indices(indices.as_ref())?;
     }
 
     // Conditionally configure the TLS builder based on the "boring-tls-native-roots" feature.

diff --git a/src/tls/settings.rs b/src/tls/settings.rs
@@ -191,6 +191,10 @@ pub struct TlsSettings {
     /// The extension permutation.
     #[builder(default, setter(into))]
     pub extension_permutation: Option<Cow<'static, [ExtensionType]>>,
+
+    /// The extension permutation index.
+    #[builder(default, setter(into))]
+    pub extension_permutation_indices: Option<Cow<'static, [u8]>>,
 }
 
 impl_debug!(
@@ -215,7 +219,9 @@ impl_debug!(
         cert_compression_algorithm,
         record_size_limit,
         key_shares_length_limit,
-        psk_skip_session_ticket
+        psk_skip_session_ticket,
+        extension_permutation,
+        extension_permutation_indices
     }
 );