gfwleak/mesa-platform-quic
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'feature-use-nginx-quic' into 'master'

Browse Source 
TSG-8455 基于Nginx-QUIC和OpenSSL重构QUIC解析层

See merge request MESA_Platform/quic!3
This commit is contained in:
刘学利
2021-11-12 08:39:24 +00:00
parent 6e3830983c 3605410615
commit d76065f87e
17 changed files with 1226 additions and 1476 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab-ci.yml
View File

@@ -3,7 +3,7 @@ variables:
GIT_STRATEGY: "clone"
BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
INSTALL_PREFIX: "/opt/MESA/lib/"
INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp-devel framework_env libMESA_prof_load-devel sapp-devel openssl-devel glib2-devel libasan libbreakpad_mini-devel libMESA_htable-devel systemd-devel
INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp-devel framework_env libMESA_prof_load-devel sapp-devel glib2-devel libasan libbreakpad_mini-devel libMESA_htable-devel systemd-devel
stages:
- build

8
CMakeLists.txt
View File

@@ -32,21 +32,19 @@ set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)
include_directories(include)
include_directories(/opt/MESA/include/MESA/)
include_directories(/usr/include/glib-2.0/)
#include_directories(/usr/include/glib-2.0/include/)
include_directories(/usr/lib64/glib-2.0/include)
add_subdirectory(support)
file(GLOB SRC
"src/*.cpp"
)
set(DEPEND_DYN_LIB ssl crypto MESA_handle_logger)
set(DEPEND_DYN_LIB MESA_handle_logger)
# Shared Library Output
add_library(quic SHARED ${SRC})
set_target_properties(quic PROPERTIES LINK_FLAGS "-Wl,--version-script=${PROJECT_SOURCE_DIR}/src/version.map")
set_target_properties(quic PROPERTIES PREFIX "")
target_link_libraries(quic ${DNS_DEPEND_DYN_LIB} glib-2.0 pthread -Wl,--whole-archive libgpg-error-static -Wl,--no-whole-archive libgcrypt-static)
target_link_libraries(quic ${DNS_DEPEND_DYN_LIB} pthread -Wl,--no-whole-archive openssl-crypto-static -Wl,--no-whole-archive openssl-ssl-static)
set_target_properties(quic PROPERTIES OUTPUT_NAME ${lib_name})
enable_testing()

55
src/Makefile
View File

@@ -1,55 +0,0 @@
CC = gcc
CCC = g++
INCLUDES = -I/opt/MESA/include/ -I/home/sjzn/workspace/iquic_ngtcp2/openssl/build/include
LIB = -L./opt/MESA/lib/ -L/home/sjzn/workspace/iquic_ngtcp2/openssl/build/lib -lssl -lcrypto
#CFLAGS = -g3 -Wall -fPIC $(INCLUDES)
#CCCFLAGS = -std=c++11 -g3 -Wall -fPIC $(INCLUDES)
CFLAGS = -g3 -Wall -fPIC
CCCFLAGS = -std=c++11 -g3 -Wall -fPIC
TARGET = quic.so
INF = quic.inf
INSTALL_TARGET=$(TARGET)
LIB_FILE = $(wildcard ../lib/*.a)
SOURCES = $(wildcard *.c) $(wildcard gquic/*.c)
OBJECTS = $(SOURCES:.c=.o)
DEPS = $(SOURCES:.c=.d)
all:$(TARGET)
$(TARGET):$(OBJECTS) $(LIB_FILE)
$(CCC) -shared $(CFLAGS) $(OBJECTS) $(LIB) -o $@
cp $(TARGET) ../bin/
%.o:%.c
$(CC) -c -o $@ $(CFLAGS) $< $(INCLUDES)
%.o:%.cpp
$(CCC) -c -o $@ $(CCCFLAGS) $< $(INCLUDES)
-include $(DEPS)
clean :
rm -f $(OBJECTS) $(DEPS) $(TARGET)
help:
@echo "-------OBJECTS--------" $(OBJECTS)
PLUGIN_PATH=./plug/protocol
CONFLIST_NAME=conflist_protocol.inf
PLUGIN_DIR_NAME=quic
PLUGIN_INF_NAME=quic.inf
PAPP_PATH=/home/sjzn/gitFile/ceiec/sapp
TARGET_DIR=$(PAPP_PATH)/$(PLUGIN_PATH)/$(PLUGIN_DIR_NAME)/
INSERT_FILE=$(PAPP_PATH)/$(PLUGIN_PATH)/$(CONFLIST_NAME)
INSERT_CONTENT=$(PLUGIN_PATH)/$(PLUGIN_DIR_NAME)/$(PLUGIN_INF_NAME)
install:
mkdir -p $(TARGET_DIR)
cp -r ../bin/*.inf $(TARGET_DIR)
cp -r ../bin/*.so $(TARGET_DIR)
@ret=`cat $(INSERT_FILE)|grep $(INSERT_CONTENT)|wc -l`;if [ $$ret -eq 0 ];then echo $(INSERT_CONTENT) >>$(INSERT_FILE);fi
CONF_DIR=$(PAPP_PATH)/conf/
conf:
mkdir -p $(CONF_DIR)
cp -r ../bin/quic $(CONF_DIR)

213
src/pint.h
View File

@@ -1,213 +0,0 @@
/* pint.h
* Definitions for extracting and translating integers safely and portably
* via pointers.
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef __PINT_H__
#define __PINT_H__
#include <glib.h>
/* Routines that take a possibly-unaligned pointer to a 16-bit, 24-bit,
* 32-bit, 40-bit, ... 64-bit integral quantity, in a particular byte
* order, and fetch the value and return it in host byte order.
*
* The pntohN() routines fetch big-endian values; the pletohN() routines
* fetch little-endian values.
*/
static inline guint16 pntoh16(const void *p)
{
return (guint16)*((const guint8 *)(p)+0)<<8|
(guint16)*((const guint8 *)(p)+1)<<0;
}
static inline guint32 pntoh24(const void *p)
{
return (guint32)*((const guint8 *)(p)+0)<<16|
(guint32)*((const guint8 *)(p)+1)<<8|
(guint32)*((const guint8 *)(p)+2)<<0;
}
static inline guint32 pntoh32(const void *p)
{
return (guint32)*((const guint8 *)(p)+0)<<24|
(guint32)*((const guint8 *)(p)+1)<<16|
(guint32)*((const guint8 *)(p)+2)<<8|
(guint32)*((const guint8 *)(p)+3)<<0;
}
static inline guint64 pntoh40(const void *p)
{
return (guint64)*((const guint8 *)(p)+0)<<32|
(guint64)*((const guint8 *)(p)+1)<<24|
(guint64)*((const guint8 *)(p)+2)<<16|
(guint64)*((const guint8 *)(p)+3)<<8|
(guint64)*((const guint8 *)(p)+4)<<0;
}
static inline guint64 pntoh48(const void *p)
{
return (guint64)*((const guint8 *)(p)+0)<<40|
(guint64)*((const guint8 *)(p)+1)<<32|
(guint64)*((const guint8 *)(p)+2)<<24|
(guint64)*((const guint8 *)(p)+3)<<16|
(guint64)*((const guint8 *)(p)+4)<<8|
(guint64)*((const guint8 *)(p)+5)<<0;
}
static inline guint64 pntoh56(const void *p)
{
return (guint64)*((const guint8 *)(p)+0)<<48|
(guint64)*((const guint8 *)(p)+1)<<40|
(guint64)*((const guint8 *)(p)+2)<<32|
(guint64)*((const guint8 *)(p)+3)<<24|
(guint64)*((const guint8 *)(p)+4)<<16|
(guint64)*((const guint8 *)(p)+5)<<8|
(guint64)*((const guint8 *)(p)+6)<<0;
}
static inline guint64 pntoh64(const void *p)
{
return (guint64)*((const guint8 *)(p)+0)<<56|
(guint64)*((const guint8 *)(p)+1)<<48|
(guint64)*((const guint8 *)(p)+2)<<40|
(guint64)*((const guint8 *)(p)+3)<<32|
(guint64)*((const guint8 *)(p)+4)<<24|
(guint64)*((const guint8 *)(p)+5)<<16|
(guint64)*((const guint8 *)(p)+6)<<8|
(guint64)*((const guint8 *)(p)+7)<<0;
}
static inline guint16 pletoh16(const void *p)
{
return (guint16)*((const guint8 *)(p)+1)<<8|
(guint16)*((const guint8 *)(p)+0)<<0;
}
static inline guint32 pletoh24(const void *p)
{
return (guint32)*((const guint8 *)(p)+2)<<16|
(guint32)*((const guint8 *)(p)+1)<<8|
(guint32)*((const guint8 *)(p)+0)<<0;
}
static inline guint32 pletoh32(const void *p)
{
return (guint32)*((const guint8 *)(p)+3)<<24|
(guint32)*((const guint8 *)(p)+2)<<16|
(guint32)*((const guint8 *)(p)+1)<<8|
(guint32)*((const guint8 *)(p)+0)<<0;
}
static inline guint64 pletoh40(const void *p)
{
return (guint64)*((const guint8 *)(p)+4)<<32|
(guint64)*((const guint8 *)(p)+3)<<24|
(guint64)*((const guint8 *)(p)+2)<<16|
(guint64)*((const guint8 *)(p)+1)<<8|
(guint64)*((const guint8 *)(p)+0)<<0;
}
static inline guint64 pletoh48(const void *p)
{
return (guint64)*((const guint8 *)(p)+5)<<40|
(guint64)*((const guint8 *)(p)+4)<<32|
(guint64)*((const guint8 *)(p)+3)<<24|
(guint64)*((const guint8 *)(p)+2)<<16|
(guint64)*((const guint8 *)(p)+1)<<8|
(guint64)*((const guint8 *)(p)+0)<<0;
}
static inline guint64 pletoh56(const void *p)
{
return (guint64)*((const guint8 *)(p)+6)<<48|
(guint64)*((const guint8 *)(p)+5)<<40|
(guint64)*((const guint8 *)(p)+4)<<32|
(guint64)*((const guint8 *)(p)+3)<<24|
(guint64)*((const guint8 *)(p)+2)<<16|
(guint64)*((const guint8 *)(p)+1)<<8|
(guint64)*((const guint8 *)(p)+0)<<0;
}
static inline guint64 pletoh64(const void *p)
{
return (guint64)*((const guint8 *)(p)+7)<<56|
(guint64)*((const guint8 *)(p)+6)<<48|
(guint64)*((const guint8 *)(p)+5)<<40|
(guint64)*((const guint8 *)(p)+4)<<32|
(guint64)*((const guint8 *)(p)+3)<<24|
(guint64)*((const guint8 *)(p)+2)<<16|
(guint64)*((const guint8 *)(p)+1)<<8|
(guint64)*((const guint8 *)(p)+0)<<0;
}
/* Pointer routines to put items out in a particular byte order.
* These will work regardless of the byte alignment of the pointer.
*/
static inline void phton16(guint8 *p, guint16 v)
{
p[0] = (guint8)(v >> 8);
p[1] = (guint8)(v >> 0);
}
static inline void phton32(guint8 *p, guint32 v)
{
p[0] = (guint8)(v >> 24);
p[1] = (guint8)(v >> 16);
p[2] = (guint8)(v >> 8);
p[3] = (guint8)(v >> 0);
}
static inline void phton64(guint8 *p, guint64 v) {
p[0] = (guint8)(v >> 56);
p[1] = (guint8)(v >> 48);
p[2] = (guint8)(v >> 40);
p[3] = (guint8)(v >> 32);
p[4] = (guint8)(v >> 24);
p[5] = (guint8)(v >> 16);
p[6] = (guint8)(v >> 8);
p[7] = (guint8)(v >> 0);
}
static inline void phtole32(guint8 *p, guint32 v) {
p[0] = (guint8)(v >> 0);
p[1] = (guint8)(v >> 8);
p[2] = (guint8)(v >> 16);
p[3] = (guint8)(v >> 24);
}
static inline void phtole64(guint8 *p, guint64 v) {
p[0] = (guint8)(v >> 0);
p[1] = (guint8)(v >> 8);
p[2] = (guint8)(v >> 16);
p[3] = (guint8)(v >> 24);
p[4] = (guint8)(v >> 32);
p[5] = (guint8)(v >> 40);
p[6] = (guint8)(v >> 48);
p[7] = (guint8)(v >> 56);
}
/* Subtract two guint32s with respect to wraparound */
#define guint32_wraparound_diff(higher, lower) ((higher>lower)?(higher-lower):(higher+0xffffffff-lower+1))
#endif /* PINT_H */
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local Variables:
* c-basic-offset: 4
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* ex: set shiftwidth=4 tabstop=8 expandtab:
* :indentSize=4:tabSize=8:noTabs=true:
*/

1899
src/quic_deprotection.cpp
View File

File diff suppressed because it is too large Load Diff

126
src/quic_deprotection.h
View File

@@ -1,24 +1,116 @@
/**
* parser-quic.h
*
* Created on 2020-11-26
* @author: qyc
*
*
*/
#ifndef PARSER_QUIC_H
#define PARSER_QUIC_H
#ifndef _QUIC_DEPROTECTION_H
#define _QUIC_DEPROTECTION_H
#ifdef __cplusplus
extern "C" {
#ifdef __cpluscplus
extern "C"
{
#endif
/*ret: 1 sucess*/
int quic_deprotection(const char *payload, unsigned int length, unsigned char *out, unsigned int *out_length);
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <fcntl.h>
#include <signal.h>
#include <sys/stat.h>
#include <arpa/inet.h>
int gcry_init();
#ifdef __cplusplus
#ifdef DEBUG_SWITCH
#define LOG_DEBUG(format, ...) \
{ \
fprintf(stdout, format "\n", ##__VA_ARGS__); \
fflush(stdout); \
}
#define LOG_WARN(format, ...) \
{ \
fprintf(stderr, format "\n", ##__VA_ARGS__); \
fflush(stderr); \
}
#define LOG_ERROR(format, ...) \
{ \
fprintf(stderr, format "\n", ##__VA_ARGS__); \
fflush(stderr); \
}
#else
#define LOG_DEBUG(format, ...)
#define LOG_WARN(format, ...)
#define LOG_ERROR(format, ...)
#endif
#define QUIC_MAX_UDP_PAYLOAD_SIZE 65527
#define quic_string(str) \
{ \
sizeof(str) - 1, (u_char *)str \
}
typedef struct
{
size_t len;
u_char *data;
} quic_str_t;
typedef struct quic_secret_s
{
quic_str_t secret;
quic_str_t key;
quic_str_t iv;
quic_str_t hp;
} quic_secret_t;
typedef enum
{
ssl_encryption_initial = 0,
ssl_encryption_early_data = 1,
ssl_encryption_handshake = 2,
ssl_encryption_application = 3,
} ssl_encryption_level_t;
typedef enum
{
LONG = 0,
SHORT = 1,
} quic_header_type;
typedef struct
{
quic_secret_t client_secret;
ssl_encryption_level_t level; // QUIC Packet Process Level
quic_header_type header_type; // QUIC Packet Header Type
uint32_t version; // QUIC Version
uint8_t flags; // QUIC Flags
u_char *data; // QUIC Packet Data
size_t len; // QUIC Packet Length
u_char *pos; // Process Ptr
uint64_t largest_pkt_num;
quic_str_t dcid; // QUIC DCID
quic_str_t scid; // QUIC SCID
quic_str_t token; // QUIC TOKEN
size_t pkt_len;
uint64_t pkt_num; // QUIC Packet Number
u_char *plaintext;
quic_str_t payload; // Decrypted data
unsigned key_phase : 1;
} quic_dpt_t;
quic_dpt_t *quic_deprotection_new(void);
void quic_deprotection_free(quic_dpt_t *dpt);
void quic_deprotection_dump(quic_dpt_t *dpt);
int quic_deprotection(quic_dpt_t *dpt, const u_char *payload, size_t payload_len);
#ifdef __cpluscplus
}
#endif
#endif //PARSER_QUIC_H
#endif

136
src/quic_deprotection_utils.cpp
View File

@@ -1,136 +0,0 @@
/**
* utils.c
*
* Created on 2020-11-27
* @author: qyc
*
* @explain:
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "pint.h"
#include "quic_deprotection_utils.h"
#include "quic_deprotection_wsgcrypt.h"
/*
* Computes HKDF-Expand-Label(Secret, Label, Hash(context_value), Length) with a
* custom label prefix. If "context_hash" is NULL, then an empty context is
* used. Otherwise it must have the same length as the hash algorithm output.
*/
static gboolean tls13_hkdf_expand_label_context(int md, const StringInfo *secret, const char *label_prefix, const char *label, const guint8 *context_hash, guint8 context_length, guint16 out_len, guchar **out)
{
/* RFC 8446 Section 7.1:
* HKDF-Expand-Label(Secret, Label, Context, Length) =
* HKDF-Expand(Secret, HkdfLabel, Length)
* struct {
* uint16 length = Length;
* opaque label<7..255> = "tls13 " + Label; // "tls13 " is label prefix.
* opaque context<0..255> = Context;
* } HkdfLabel;
*
* RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF):
* HKDF-Expand(PRK, info, L) -> OKM
*/
gcry_error_t err;
const guint label_prefix_length = (guint)strlen(label_prefix);
const guint label_length = (guint)strlen(label);
// Some sanity checks
g_assert(label_length > 0 && label_prefix_length + label_length <= 255);
// info = HkdfLabel { length, label, context }
GByteArray *info = g_byte_array_new();
const guint16 length = g_htons(out_len);
g_byte_array_append(info, (const guint8 *)&length, sizeof(length));
const guint8 label_vector_length = label_prefix_length + label_length;
g_byte_array_append(info, &label_vector_length, 1);
g_byte_array_append(info, (const guint8 *)label_prefix, label_prefix_length);
g_byte_array_append(info, (const guint8 *)label, label_length);
g_byte_array_append(info, &context_length, 1);
if (context_length)
g_byte_array_append(info, context_hash, context_length);
*out = (guchar *)g_malloc(out_len);
err = hkdf_expand(md, secret->data, secret->data_len, info->data, info->len, *out, out_len);
g_byte_array_free(info, TRUE);
if (err) {
printf("%s failed %d: %s\n", G_STRFUNC, md, gcry_strerror(err));
g_free(*out);
*out = NULL;
return FALSE;
}
return TRUE;
}
gboolean tls13_hkdf_expand_label(int md, const StringInfo *secret, const char *label_prefix, const char *label, guint16 out_len, guchar **out)
{
return tls13_hkdf_expand_label_context(md, secret, label_prefix, label, NULL, 0, out_len, out);
}
static guint8 tvb_get_guint8(const char *tvb, const gint offset)
{
const guint8 *ptr;
ptr = (guint8 *)tvb + offset;
return *ptr;
}
static guint16 tvb_get_ntohs(const char *tvb, const gint offset)
{
const guint8 *ptr;
ptr = (guint8 *)tvb + offset;
return pntoh16(ptr);
}
static guint32 tvb_get_ntohl(const char *tvb, const gint offset)
{
const guint8 *ptr;
ptr = (guint8 *)tvb + offset;
return pntoh32(ptr);
}
static guint64 tvb_get_ntoh64(const char *tvb, const gint offset)
{
const guint8 *ptr;
ptr = (guint8 *)tvb + offset;
return pntoh64(ptr);
}
guint tvb_get_varint(const char *tvb, guint offset, guint maxlen, guint64 *value, const guint encoding)
{
*value = 0;
if (encoding & ENC_VARINT_QUIC) {
// calculate variable length
*value = tvb_get_guint8(tvb, offset);
switch((*value) >> 6) {
case 0: /* 0b00 => 1 byte length (6 bits Usable) */
(*value) &= 0x3F;
return 1;
case 1: /* 0b01 => 2 bytes length (14 bits Usable) */
*value = tvb_get_ntohs(tvb, offset) & 0x3FFF;
return 2;
case 2: /* 0b10 => 4 bytes length (30 bits Usable) */
*value = tvb_get_ntohl(tvb, offset) & 0x3FFFFFFF;
return 4;
case 3: /* 0b11 => 8 bytes length (62 bits Usable) */
*value = tvb_get_ntoh64(tvb, offset) & G_GUINT64_CONSTANT(0x3FFFFFFFFFFFFFFF);
return 8;
default: /* No Possible */
g_assert_not_reached();
break;
}
}
// 10 bytes scanned, but no bytes' msb is zero
return 0;
}

43
src/quic_deprotection_utils.h
View File

@@ -1,43 +0,0 @@
/**
* utils.h
*
* Created on 2020-11-27
* @author: qyc
*
* @explain:
*/
#ifndef UTILS_H
#define UTILS_H
#ifdef __cplusplus
extern "C" {
#endif
#include "glib.h"
/*
* Decodes a variable-length integer used in QUIC protocol
* See https://tools.ietf.org/html/draft-ietf-quic-transport-08#section-8.1
*/
#define ENC_VARINT_QUIC 0x00000004
/* Explicit and implicit nonce length (RFC 5116 - Section 3.2.1) */
#define TLS13_AEAD_NONCE_LENGTH 12
/* XXX Should we use GByteArray instead? */
typedef struct _StringInfo {
// Backing storage which may be larger than data_len
guchar *data;
// Length of the meaningful part of data
guint data_len;
} StringInfo;
gboolean tls13_hkdf_expand_label(int md, const StringInfo *secret, const char *label_prefix, const char *label, guint16 out_len, guchar **out);
guint tvb_get_varint(const char *tvb, guint offset, guint maxlen, guint64 *value, const guint encoding);
#ifdef __cplusplus
}
#endif
#endif //UTILS_H

69
src/quic_deprotection_wsgcrypt.cpp
View File

@@ -1,69 +0,0 @@
/**
* wsgcrypt.c
*
* Created on 2020-11-26
* @author: qyc
*
* @explain:
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "quic_deprotection_wsgcrypt.h"
gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen)
{
gcry_md_hd_t hmac_handle;
gcry_error_t result = gcry_md_open(&hmac_handle, algo, GCRY_MD_FLAG_HMAC);
if (result) {
return result;
}
result = gcry_md_setkey(hmac_handle, key, keylen);
if (result) {
gcry_md_close(hmac_handle);
return result;
}
gcry_md_write(hmac_handle, buffer, length);
memcpy(digest, gcry_md_read(hmac_handle, 0), gcry_md_get_algo_dlen(algo));
gcry_md_close(hmac_handle);
return GPG_ERR_NO_ERROR;
}
gcry_error_t hkdf_expand(int hashalgo, const guint8 *prk, guint prk_len, const guint8 *info, guint info_len, guint8 *out, guint out_len)
{
// Current maximum hash output size: 48 bytes for SHA-384.
guchar lastoutput[48];
gcry_md_hd_t h;
gcry_error_t err;
const guint hash_len = gcry_md_get_algo_dlen(hashalgo);
// Some sanity checks
if (!(out_len > 0 && out_len <= 255 * hash_len) || !(hash_len > 0 && hash_len <= sizeof(lastoutput)))
return GPG_ERR_INV_ARG;
err = gcry_md_open(&h, hashalgo, GCRY_MD_FLAG_HMAC);
if (err)
return err;
guint offset;
for (offset = 0; offset < out_len; offset += hash_len) {
gcry_md_reset(h);
// Set PRK
gcry_md_setkey(h, prk, prk_len);
if (offset > 0)
// T(1..N)
gcry_md_write(h, lastoutput, hash_len);
// info
gcry_md_write(h, info, info_len);
// constant 0x01..N
gcry_md_putc(h, (guint8)(offset / hash_len + 1));
memcpy(lastoutput, gcry_md_read(h, hashalgo), hash_len);
memcpy(out + offset, lastoutput, MIN(hash_len, out_len - offset));
}
gcry_md_close(h);
return 0;
}

78
src/quic_deprotection_wsgcrypt.h
View File

@@ -1,78 +0,0 @@
/**
* wsgcrypt.h
*
* Created on 2020-11-26
* @author: qyc
*
* @explain:
*/
#ifndef WSGCRYPT_H
#define WSGCRYPT_H
#ifdef __cplusplus
extern "C" {
#endif
#include "gcrypt.h"
#include "glib.h"
/*
* Define HAVE_LIBGCRYPT_AEAD here, because it's used in several source
* files.
*/
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
/* Whether to provide support for authentication in addition to decryption. */
#define HAVE_LIBGCRYPT_AEAD
#endif
/*
* Define some other "do we have?" items as well.
*/
#if GCRYPT_VERSION_NUMBER >= 0x010700 /* 1.7.0 */
/* Whether ChaCh20 PNE can be supported. */
#define HAVE_LIBGCRYPT_CHACHA20
/* Whether AEAD_CHACHA20_POLY1305 can be supported. */
#define HAVE_LIBGCRYPT_CHACHA20_POLY1305
#endif
#define HASH_SHA2_256_LENGTH 32
/* Convenience function to calculate the HMAC from the data in BUFFER
of size LENGTH with key KEY of size KEYLEN using the algorithm ALGO avoiding the creating of a
hash object. The hash is returned in the caller provided buffer
DIGEST which must be large enough to hold the digest of the given
algorithm. */
gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen);
/**
* RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF):
* HKDF-Expand(PRK, info, L) -> OKM
*
* @param hashalgo [in] Libgcrypt hash algorithm identifier.
* @param prk [in] Pseudo-random key.
* @param prk_len [in] Length of prk.
* @param info [in] Optional context (can be NULL if info_len is zero).
* @param info_len [in] Length of info.
* @param out [out] Output keying material.
* @param out_len [in] Size of output keying material.
* @return 0 on success and an error code otherwise.
*/
gcry_error_t hkdf_expand(int hashalgo, const guint8 *prk, guint prk_len, const guint8 *info, guint info_len, guint8 *out, guint out_len);
/*
* Calculate HKDF-Extract(salt, IKM) -> PRK according to RFC 5869.
* Caller MUST ensure that 'prk' is large enough to store the digest from hash
* algorithm 'hashalgo' (e.g. 32 bytes for SHA-256).
*/
static inline gcry_error_t hkdf_extract(int hashalgo, const guint8 *salt, size_t salt_len, const guint8 *ikm, size_t ikm_len, guint8 *prk)
{
/* PRK = HMAC-Hash(salt, IKM) where salt is key, and IKM is input. */
return ws_hmac_buffer(hashalgo, prk, ikm, ikm_len, salt, salt_len);
}
#ifdef __cplusplus
}
#endif
#endif //WSGCRYPT_H

2
src/quic_entry.cpp
View File

@@ -246,8 +246,6 @@ extern "C" int QUIC_INIT(void)
return -1;
}
gcry_init();
return 0;
}

14
src/quic_process.cpp
View File

@@ -426,7 +426,7 @@ int parse_tls_client_hello(struct quic_client_hello **client_hello, const char *
int parse_result=PARSE_RESULT_VERSION;
unsigned short one_ext_type=0, one_ext_len=0, extension_total_len=0;
if(payload_len-payload_offset<=sizeof(struct quic_client_hello_msg_hdr))
if(payload_len-payload_offset<=(int)sizeof(struct quic_client_hello_msg_hdr))
{
return PARSE_RESULT_VERSION;
}
@@ -756,8 +756,6 @@ enum QUIC_VERSION is_quic_protocol(const char *payload, int payload_len, int *pa
unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *payload, int payload_len, int thread_seq)
{
int ret=0, payload_offset=0;
unsigned char decrypt_payload[2048]={0};
unsigned int decrypt_payload_len=sizeof(decrypt_payload);
enum QUIC_VERSION quic_version=QUIC_VERSION_UNKNOWN;
if(payload==NULL || payload_len<=0)
@@ -786,16 +784,20 @@ unsigned char parse_quic_all_version(struct quic_info *quic_info, const char *pa
&& g_quic_param.decrypted_switch>0
)
{
ret=quic_deprotection(payload, payload_len, decrypt_payload, &decrypt_payload_len);
if(ret!=1 || decrypt_payload_len<=0)
quic_dpt_t *dpt = quic_deprotection_new();
if (quic_deprotection(dpt, (const u_char *)payload, payload_len) != 0)
{
quic_deprotection_free(dpt);
return PARSE_RESULT_VERSION;
}
if(g_quic_param.decrypted_switch==2)
{
return parse_quic_decrypted_payload(quic_info, (const char *)decrypt_payload, decrypt_payload_len, thread_seq);
ret = parse_quic_decrypted_payload(quic_info, (const char *)dpt->payload.data, dpt->payload.len, thread_seq);
quic_deprotection_free(dpt);
return ret;
}
quic_deprotection_free(dpt);
}
else
{

9
src/version.map Normal file
View File

@@ -0,0 +1,9 @@
VERS_2.4{
global:
extern "C++" {
QUIC_*;
*quic_version_int2string*;
*quic_protocol_identify*;
};
local: *;
};

48
support/CMakeLists.txt
View File

@@ -1,34 +1,28 @@
# CMakeFiles for 3rd vendor library
include(ExternalProject)
### libgpg-error
ExternalProject_Add(libgpg-error PREFIX libgpg-error
URL ${CMAKE_CURRENT_SOURCE_DIR}/libgpg-error-1.42.tar.bz2
URL_MD5 133fed221ba8f63f5842858a1ff67cb3
BUILD_COMMAND ""
CONFIGURE_COMMAND CPPFLAGS=-fPIC ./configure --enable-static --prefix=<INSTALL_DIR> CFLAGS=-fPIC CXXFLAGS=-fPIC LDFLAGS=-fPIC
### OpenSSL 1.1.1
ExternalProject_Add(OpenSSL PREFIX openssl
URL ${CMAKE_CURRENT_SOURCE_DIR}/openssl-1.1.1l.tar.gz
URL_MD5 ac0d4387f3ba0ad741b0580dd45f6ff3
CONFIGURE_COMMAND ./Configure linux-x86_64 --prefix=<INSTALL_DIR> --openssldir=<INSTALL_DIR>/lib/ssl enable-ec_nistp_64_gcc_128 no-shared
BUILD_COMMAND ${MAKE_COMMAND}
INSTALL_COMMAND make install_sw
BUILD_IN_SOURCE 1)
ExternalProject_Get_Property(libgpg-error INSTALL_DIR)
ExternalProject_Get_Property(OpenSSL INSTALL_DIR)
set(OPENSSL_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
set(OPENSSL_LINK_DIRECTORIES ${INSTALL_DIR}/lib)
set(OPENSSL_PKGCONFIG_PATH ${INSTALL_DIR}/lib/pkgconfig/)
file(MAKE_DIRECTORY ${INSTALL_DIR}/include)
add_library(libgpg-error-static STATIC IMPORTED GLOBAL)
add_dependencies(libgpg-error-static libgpg-error)
set_property(TARGET libgpg-error-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libgpg-error.a)
set_property(TARGET libgpg-error-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include/)
add_library(openssl-crypto-static STATIC IMPORTED GLOBAL)
add_dependencies(openssl-crypto-static OpenSSL)
set_property(TARGET openssl-crypto-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libcrypto.a)
set_property(TARGET openssl-crypto-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
### libgcrypt
ExternalProject_Add(libgcrypt PREFIX libgcrypt
URL ${CMAKE_CURRENT_SOURCE_DIR}/libgcrypt-1.9.4.tar.bz2
URL_MD5 edc7becfe09c75d8f95ff7623e40c52e
BUILD_COMMAND ""
DEPENDS libgpg-error-static
CONFIGURE_COMMAND CPPFLAGS=-fPIC ./configure --enable-static --disable-doc --prefix=<INSTALL_DIR> --with-libgpg-error-prefix=${CMAKE_CURRENT_BINARY_DIR}/libgpg-error/ CFLAGS=-fPIC CXXFLAGS=-fPIC LDFLAGS=-fPIC
BUILD_IN_SOURCE 1)
ExternalProject_Get_Property(libgcrypt INSTALL_DIR)
file(MAKE_DIRECTORY ${INSTALL_DIR}/include)
add_library(libgcrypt-static STATIC IMPORTED GLOBAL)
add_dependencies(libgcrypt-static libgcrypt)
set_property(TARGET libgcrypt-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libgcrypt.a)
set_property(TARGET libgcrypt-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include/)
add_library(openssl-ssl-static STATIC IMPORTED GLOBAL)
add_dependencies(openssl-ssl-static OpenSSL)
set_property(TARGET openssl-ssl-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libssl.a)
set_property(TARGET openssl-ssl-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)

BIN
support/libgcrypt-1.9.4.tar.bz2
View File

Binary file not shown.

BIN
support/libgpg-error-1.42.tar.bz2
View File

Binary file not shown.

BIN
support/openssl-1.1.1l.tar.gz Normal file
View File

Binary file not shown.