init commit

entry/include/base64.h

@@ -0,0 +1,2 @@
+unsigned int b64_encode(const unsigned char* in, unsigned int in_len, unsigned char* out);
+unsigned int b64_decode(const unsigned char* in, unsigned int in_len, unsigned char* out);

entry/include/base_utils.h

@@ -0,0 +1,44 @@
+#pragma once
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <errno.h>
+#include <unistd.h>
+#include <inttypes.h>
+#include <arpa/inet.h>
+#include <netinet/ip6.h>
+#include <net/if.h>
+#include <string.h>
+#include <pthread.h>
+#include "MESA/MESA_handle_logger.h"
+
+#ifndef MAX
+#define MAX(a, b)  	(((a) > (b)) ? (a) : (b))
+#endif
+
+#ifndef MIN
+#define MIN(a, b)  	(((a) < (b)) ? (a) : (b))
+#endif
+
+#define STRING_MAX 128 
+
+#define likely(expr)    __builtin_expect((expr), 1)
+#define unlikely(expr)  __builtin_expect((expr), 0)
+
+#define ALLOC(type, number) ((type *)calloc(sizeof(type), number))
+#define	FREE(p)	{free(*p);*p=NULL;}
+
+#define LOG_ERROR(handler, fmt, ...)															\
+do { 													\
+	MESA_handle_runtime_log(handler, RLOG_LV_FATAL, "kni", fmt, ##__VA_ARGS__); } while(0)			
+
+#define LOG_INFO(handler, fmt, ...)															\
+do { 													\
+	MESA_handle_runtime_log(handler, RLOG_LV_INFO, "kni", fmt, ##__VA_ARGS__); } while(0)			
+
+#define LOG_DEBUG(handler, fmt, ...)															\
+do { 													\
+	MESA_handle_runtime_log(handler, RLOG_LV_DEBUG, "kni", fmt, ##__VA_ARGS__); } while(0)	
+
+	

entry/include/ssl.h

@@ -0,0 +1,230 @@
+
+#ifndef H_SSL_H
+#define H_SSL_H
+
+#include <stdio.h>
+#include <string.h>
+
+#define SSH_H_VERSION_20160910_ADD_CERT				0
+
+#define SSL_KEY 									3
+#define SSL_TRUE 								1
+#define SSL_FLASE 								0
+
+
+#define SSL_INTEREST_KEY		(1<<SSL_INTEREST_KEY_MASK)
+#define SSL_CERTIFICATE			(1<<SSL_CERTIFICATE_MASK)
+#define SSL_CERTIFICATE_DETAIL	(1<<SSL_CERTIFICATE_DETAIL_MASK)
+#define SSL_APPLICATION_DATA	(1<<SSL_APPLICATION_DATA_MASK)
+#define SSL_CLIENT_HELLO		(1<<SSL_CLIENT_HELLO_MASK)
+#define SSL_SERVER_HELLO		(1<<SSL_SERVER_HELLO_MASK)
+#define SSL_VERSION				(1<<SSL_VERSION_MASK)
+
+typedef enum
+{
+	/*1*/
+	SSL_INTEREST_KEY_MASK = 0,
+	SSL_CERTIFICATE_DETAIL_MASK = 1,
+	SSL_CLIENT_HELLO_MASK = 2,	
+	SSL_SERVER_HELLO_MASK= 3,	
+	SSL_CERTIFICATE_MASK,	
+	SSL_APPLICATION_DATA_MASK,
+	SSL_VERSION_MASK,
+}ssl_interested_region;
+
+typedef struct cdata_buf
+{
+	char*					p_data;
+	unsigned int 			data_size;		
+}cdata_buf;
+
+typedef struct _st_random_t
+{
+	unsigned int 			gmt_time;	//4 
+	unsigned char 			random_bytes[28];	//28 byte random_bytes
+}st_random_t;
+
+typedef struct _st_session_t
+{
+	unsigned char 			session_len;	//4 
+	unsigned char*			session_value;	
+}st_session_t;
+
+typedef struct _st_suites_t
+{
+	unsigned short  		suite_len;	//4 
+	unsigned char*			suite_value;	
+}st_suites_t;
+
+typedef struct _st_compress_methods_t
+{
+	unsigned char 			methlen;	
+	unsigned char*			methods;//default 0:null
+}st_compress_methods_t;
+
+//#############################################client hello
+#define CLIENT_HELLO_HDRLEN 		4
+#define MAX_EXTENSION_NUM			16
+#define MAX_EXT_DATA_LEN			256
+#define SERVER_NAME_EXT_TYPE		0x0000
+#define SERVER_NAME_HOST_TYPE 	0x0000
+#define SERVER_NAME_OTHER_TYPE 	0x0008
+
+
+typedef struct _st_client_ext_t
+{
+	unsigned short 			type;
+	unsigned short 			len;
+	unsigned char 			data[MAX_EXT_DATA_LEN];//if longer,cut off
+}__attribute__((packed))st_client_ext_t;
+
+typedef struct _st_client_server_name_t
+{
+	short 					server_name_list_len;
+	unsigned short 			server_name_type;
+	unsigned char 			server_name_len;
+	unsigned char* 			server_name_data;
+}__attribute__((packed))st_client_server_name_t;
+
+
+//client hello info
+typedef struct _st_client_hello_t
+{
+	int 						totallen;	//3 
+	unsigned short 				client_ver;	
+	st_random_t 				random;	//32 byte random,not used currently
+	st_session_t 				session;	
+	st_suites_t 				ciphersuits;
+	st_compress_methods_t 		com_method;	//compress method
+	unsigned short 				extlen;	
+	unsigned short 				ext_num;	//number of extensions
+	st_client_ext_t 			exts[MAX_EXTENSION_NUM];	//extensions content:1 or more extentions
+	unsigned char 				server_name[512];  	// server_name = host_name+...
+}st_client_hello_t;
+
+//#############################################client hello end
+
+//#############################################server hello
+#define  SERVER_HELLO_HDRLEN 4
+
+//client hello info
+typedef struct _st_server_hello_t
+{
+	int 					totallen;	//3 
+	unsigned short 			client_ver;	
+	st_random_t 			random;	//32 byte random,not used currently
+	st_session_t 			session;	
+	st_suites_t 			ciphersuits;
+	st_compress_methods_t 	com_method;	//compress method
+}st_server_hello_t;
+
+//#############################################server hello end
+
+//#############################################certificate
+#define CERTIFICATE_HDRLEN		7
+#define SSL_CERTIFICATE_HDRLEN  3
+//#define SAN_MAXNUM  			128
+
+typedef struct _san_t
+{
+	char 					san[64]; 
+}san_t;
+
+typedef struct _st_san_t
+{
+	int 					count;
+	san_t* 					san_array; 					//ָ<><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
+}st_san_t;
+
+typedef struct _st_cert_t
+{
+	int 					totallen;
+	int 					certlen;
+	char 					SSLVersion[10];   
+	char 					SSLSerialNum[128];
+	char 					SSLAgID [64];     
+	char 					SSLIssuer[512];  	
+	char 					SSLSub[512];    
+	char 					SSLFrom[80];     
+	char 					SSLTo[80];     
+	char 					SSLFPAg[32];  	 	
+	char 					SSLIssuerC[64]; //country  	
+	char 					SSLIssuerO[64]; //organize
+	char 					SSLIssuerCN[64];//cname	
+	char 					SSLSubC[64]; //country  	
+	char 					SSLSubO[64]; //organize
+	char 					SSLSubCN[64];//cname		
+	st_san_t* 				SSLSubAltName;  
+	uint8_t 				cert_type;
+}st_cert_t;
+
+//#############################################certificate end
+
+
+typedef struct _business_infor_t
+{
+	void*						param;
+	unsigned char				return_value;
+}business_infor_t;
+
+typedef struct _ssl_stream_t
+{
+	unsigned long long 			output_region_flag;
+	unsigned char 				link_state;
+	unsigned char 				over_flag;
+	unsigned char 				ucContType;
+	unsigned char 				is_ssl_stream;	
+	unsigned int 				uiSslVersion;
+
+	int 						uiAllMsgLen; //hand shake msg length  
+	int 						uiMsgProcLen;
+	unsigned int 				uiMsgState;   	
+	int 						uiMaxBuffLen;
+
+	
+	cdata_buf*					p_output_buffer;
+	st_client_hello_t*			stClientHello;	
+	st_server_hello_t*			stServerHello;
+	st_cert_t*					stSSLCert;
+
+	business_infor_t*			business;
+
+	char*						pcSslBuffer;	 
+	ssl_interested_region 		output_region_mask;	
+	int 						uiCurBuffLen; 
+}ssl_stream;
+
+/*ssl_read_all_cert<72>еĽṹ<C4BD><E1B9B9>*/
+typedef struct cert_chain_s
+{
+     char* 						cert;
+	 uint32_t					cert_len;
+}cert_chain_t;
+
+/*ssl_read_specific_cert<72><74>cert_type<70>IJ<EFBFBD><C4B2><EFBFBD>*/
+#define CERT_TYPE_INDIVIDUAL		0  //<2F><><EFBFBD><EFBFBD>֤<EFBFBD><D6A4>
+#define CERT_TYPE_ROOT				1  //<2F><>֤<EFBFBD><D6A4>
+#define CERT_TYPE_MIDDLE			2  //<2F>м<EFBFBD>֤<EFBFBD>飬<EFBFBD><E9A3AC><EFBFBD><EFBFBD>֤<EFBFBD><D6A4><EFBFBD><EFBFBD><EFBFBD>ϼ<EFBFBD>֤<EFBFBD><D6A4>
+#define CERT_TYPE_CHAIN				3  //<2F><><EFBFBD><EFBFBD>: <20><>ʽ[len(3bytes)+cert+len(3bytes)+certlen(3bytes)+cert......]
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*return : chain <20><><EFBFBD><EFBFBD>, <20><><EFBFBD>մӸ<D5B4><D3B8><EFBFBD>֤<EFBFBD>鵽<EFBFBD><E9B5BD>֤<EFBFBD><D6A4><EFBFBD><EFBFBD>˳<EFBFBD><CBB3><EFBFBD>洢*/
+int ssl_read_all_cert(const char* conj_cert_buf, uint32_t conj_buflen, cert_chain_t* cert_unit, uint32_t unit_size);
+
+/*return :  1 <20><><EFBFBD>ڣ<EFBFBD>0 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
+int ssl_read_specific_cert(const char* conj_cert_buf, uint32_t conj_buflen, uint8_t cert_type, char** cert, uint32_t* cert_len);
+
+const char* ssl_get_suite(st_suites_t* ciphersuits);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+
+

entry/include/ssl_utils.h

@@ -0,0 +1,50 @@
+#pragma once 
+
+#define EXTENSION_COUNT_MAX 128
+#define CIPHER_SUITE_COUNT_MAX 256
+
+struct cipher_suite
+{
+	uint16_t value;
+	const char* name;
+};
+
+struct tls_extension{
+	int value;
+	const char* name;
+};
+
+enum chello_parse_result
+{
+	CHELLO_PARSE_SUCCESS = 0,
+	CHELLO_PARSE_INVALID_FORMAT = -1,
+	CHELLO_PARSE_NOT_ENOUGH_BUFF = -2
+};
+
+struct ssl_version
+{
+	uint8_t minor;	
+	uint8_t major;
+	uint16_t ossl_format;
+	char str_format[STRING_MAX];
+};
+
+struct ssl_chello
+{
+	struct ssl_version min_version;
+	struct ssl_version max_version;
+	int cipher_suites_count;
+	int extension_count;
+	int cipher_suite_list[CIPHER_SUITE_COUNT_MAX];
+	int extension_list[EXTENSION_COUNT_MAX];
+	char sni[STRING_MAX];
+	char alpn[STRING_MAX];
+};
+
+struct ssl_version_map{
+	int value;
+	const char *name;
+};
+
+void ssl_chello_parse(struct ssl_chello* _chello, const unsigned char* buff, size_t buff_len, enum chello_parse_result* result);
+void ssl_chello_free(struct ssl_chello* chello);