stellar-ssl-decoder/src/ssl_internal.h

#pragma once

#include <stdint.h>
#include <stddef.h>

#include <uthash/utarray.h>
#include "ssl_decoder.h"

#define	SSL_DECODER_TOML_PATH	"conf/ssl/ssl_decoder.toml"

#define SSL_DECODER_FALSE 0
#define SSL_DECODER_TRUE 1

#define SSL_UUID_BYTES_SZ   16

#define SSL_RANDOM_TIME_LEN 4
#define SSL_RANDOM_SIZE		28

#define SSL_HANDSHAKE_CLIENT_HELLO	1
#define SSL_HANDSHAKE_SERVER_HELLO	2
#define SSL_HANDSHAKE_CERTIFICATE	11
#define SSL_HANDSHAKE_SERVER_KEY_EXCHANGE	12

#define	SSL_CONTENT_TYPE_HANDSHAKE	0x16
#define	SSL_CONTENT_TYPE_ALERT		0x15
#define	SSL_CONTENT_TYPE_APPLICATION_DATA	0x17
#define	SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC	0x14

#define ALPN_EXT_TYPE					0x0010
#define SERVER_NAME_EXT_TYPE			0x0000
#define SERVER_NAME_HOST_TYPE 			0x0000
#define SERVER_NAME_OTHER_TYPE 			0x0008
#define SESSION_TICKET_EXT_TYPE 		0x0023
#define ENCRPTED_SERVER_NAME_EXT_TYPE	0xFFCE
#define ENCRPTED_CLIENT_HELLO_EXT_TYPE	0xFE0D
#define	EC_POINT_FORMATS_EXT_TYPE		0x000B

// https://datatracker.ietf.org/doc/html/rfc7919
// Supported Groups
#define SUPPORTED_GROUPS_EXT_TYPE		0x000A


#define SSL_CERTIFICATE_NUM_MAX	8
#define SSL_CERTIFICATE_VERSION_MAX	3

#define SSL_DECODER_VERSION_UNKNOWN		0x0000
#define SSL_DECODER_VERSION_SSL_V2_0	0x0002
#define SSL_DECODER_VERSION_SSL_V3_0	0x0300
#define SSL_DECODER_VERSION_TLS_V1_0	0x0301
#define SSL_DECODER_VERSION_TLS_V1_1	0x0302
#define SSL_DECODER_VERSION_TLS_V1_2	0x0303
#define SSL_DECODER_VERSION_TLS_V1_3	0x0304
#define SSL_DECODER_VERSION_TLCP_V1_0	0x0101

#define	SSL_DECODER_NONE	0x00
#define	SSL_DECODER_L1V		0x01
#define	SSL_DECODER_L2V		0x02
#define	SSL_DECODER_L2TV	0x03

struct ssl_decoder_ltv
{
	uint16_t type;	// marco SSL_DECODER*
	uint16_t vtype;
	union
	{
		uint8_t lv_u8;
		uint16_t lv_u16;
		uint32_t lv_u32;
	};

	uint8_t *value;
};

enum SSL_HELLO_LTV
{
	SSL_HELLO_LTV_UNKNOWN=0,	
	SSL_HELLO_LTV_RANDOM_BYTES,
	SSL_HELLO_LTV_SESSION,
	SSL_HELLO_LTV_CIPERSUITES,
	SSL_HELLO_LTV_COMPRESS_METHOD,
	SSL_HELLO_LTV_MAX,
};

struct ssl_client_hello
{
	uint16_t version;
	uint32_t random_gmt_time;
	
	UT_array *extensions;
	struct ssl_decoder_ltv ja3;
	struct ssl_decoder_ltv *sni;
	struct ssl_decoder_ltv *ech;
	struct ssl_decoder_ltv *esni;
	struct ssl_decoder_ltv ltv[SSL_HELLO_LTV_MAX];
};

struct ssl_server_hello
{
	uint16_t version;
	uint32_t random_gmt_time;
	
	UT_array *extensions;
	struct ssl_decoder_ltv ja3s;
	struct ssl_decoder_ltv ltv[SSL_HELLO_LTV_MAX];
};

struct ssl_new_session_ticket
{
	int total_len;	//3 bytes
	int lift_time;	//second
	int ticket_len;	//3 bytes
	unsigned char* ticket;
};

#define MAX_ALTER_NAME_LEN		64
struct ssl_subject_alter_name
{
	int num;
	char (*name)[MAX_ALTER_NAME_LEN];
};

#define MAX_RDN_SEQUENCE_LEN		64
#define MAX_RDN_SEQUENCE_LIST_LEN	512
struct ssl_rdn_sequence
{
	char common[MAX_RDN_SEQUENCE_LEN];				//commonName
	char country[MAX_RDN_SEQUENCE_LEN];				//countryName
	char locality[MAX_RDN_SEQUENCE_LEN];				//localityName
	char postal_code[MAX_RDN_SEQUENCE_LEN];			// postalCode
	char organization[MAX_RDN_SEQUENCE_LEN];			//organizationName
	char street_address[MAX_RDN_SEQUENCE_LEN];		//streetAddress
	char state_or_Province[MAX_RDN_SEQUENCE_LEN];		//stateOrProvinceName
	char organizational_unit[MAX_RDN_SEQUENCE_LEN];	//organizationalUnitName
	char rdn_sequence_list[MAX_RDN_SEQUENCE_LIST_LEN];  //commonName +  organizationName + organizationalUnitName + localityName + streetAddress + stateOrProvinceName + countryName	
};

#define	MAX_VALIDITY_LEN	80
struct ssl_validity
{
	char before[MAX_VALIDITY_LEN];
	char after[MAX_VALIDITY_LEN];
};

struct ssl_subject_public_key
{
	int len;
	char*value;
};

#define MAX_SERIAL_NUMBER_LEN	128
struct ssl_serial_number
{
	unsigned char len;
	char value[MAX_SERIAL_NUMBER_LEN];
};

#define MAX_SIGNATURE_ALGORITHM_ID_LEN	64
struct ssl_signature_algorithm_id
{
	unsigned char len;
	char value[MAX_SIGNATURE_ALGORITHM_ID_LEN];
};

#define MAX_ALGORITHM_IDENTIFIER	64
struct ssl_algorithm_identifier
{
	unsigned char len;
	char value[MAX_ALGORITHM_IDENTIFIER];
};

struct ssl_certificate
{
	uint16_t version;
	enum ssl_certificate_type type;
	struct ssl_validity validity;
	struct ssl_serial_number serial;
	struct ssl_rdn_sequence issuer;
	struct ssl_rdn_sequence subject;
	
	struct ssl_subject_public_key subject_key;
	struct ssl_subject_alter_name subject_alter;
	struct ssl_algorithm_identifier algorithm_identifier;
	struct ssl_signature_algorithm_id signature_algorithm;
};


#define SSL_MESSAGE_MAGIC	0xEF53534C

struct ssl_message 
{
	uint32_t magic;
    enum ssl_message_type type;
	char uuid_bytes[SSL_UUID_BYTES_SZ];
	struct session *ss;
	struct ssl_decoder_plugin_env *plugin_env;
	union
	{
		struct ssl_client_hello *chello;
		struct ssl_server_hello *shello;
		struct ssl_certificate *certificate;
		void *data;
	};
	
};
Feature: SSL Decoder create version 2024-08-05 10:04:16 +00:00			`#pragma once`

			`#include <stdint.h>`
			`#include <stddef.h>`

			`#include <uthash/utarray.h>`
Feature: certificate decode 2024-08-06 05:51:48 +00:00			`#include "ssl_decoder.h"`

			`#define SSL_DECODER_TOML_PATH "conf/ssl/ssl_decoder.toml"`

			`#define SSL_DECODER_FALSE 0`
			`#define SSL_DECODER_TRUE 1`

			`#define SSL_UUID_BYTES_SZ 16`

			`#define SSL_RANDOM_TIME_LEN 4`
			`#define SSL_RANDOM_SIZE 28`

			`#define SSL_HANDSHAKE_CLIENT_HELLO 1`
			`#define SSL_HANDSHAKE_SERVER_HELLO 2`
			`#define SSL_HANDSHAKE_CERTIFICATE 11`
			`#define SSL_HANDSHAKE_SERVER_KEY_EXCHANGE 12`

			`#define SSL_CONTENT_TYPE_HANDSHAKE 0x16`
			`#define SSL_CONTENT_TYPE_ALERT 0x15`
			`#define SSL_CONTENT_TYPE_APPLICATION_DATA 0x17`
			`#define SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC 0x14`

			`#define ALPN_EXT_TYPE 0x0010`
			`#define SERVER_NAME_EXT_TYPE 0x0000`
			`#define SERVER_NAME_HOST_TYPE 0x0000`
			`#define SERVER_NAME_OTHER_TYPE 0x0008`
			`#define SESSION_TICKET_EXT_TYPE 0x0023`
			`#define ENCRPTED_SERVER_NAME_EXT_TYPE 0xFFCE`
			`#define ENCRPTED_CLIENT_HELLO_EXT_TYPE 0xFE0D`
			`#define EC_POINT_FORMATS_EXT_TYPE 0x000B`

			`// https://datatracker.ietf.org/doc/html/rfc7919`
			`// Supported Groups`
			`#define SUPPORTED_GROUPS_EXT_TYPE 0x000A`


			`#define SSL_CERTIFICATE_NUM_MAX 8`
			`#define SSL_CERTIFICATE_VERSION_MAX 3`
Feature: SSL Decoder create version 2024-08-05 10:04:16 +00:00
			`#define SSL_DECODER_VERSION_UNKNOWN 0x0000`
			`#define SSL_DECODER_VERSION_SSL_V2_0 0x0002`
			`#define SSL_DECODER_VERSION_SSL_V3_0 0x0300`
			`#define SSL_DECODER_VERSION_TLS_V1_0 0x0301`
			`#define SSL_DECODER_VERSION_TLS_V1_1 0x0302`
			`#define SSL_DECODER_VERSION_TLS_V1_2 0x0303`
			`#define SSL_DECODER_VERSION_TLS_V1_3 0x0304`
			`#define SSL_DECODER_VERSION_TLCP_V1_0 0x0101`

			`#define SSL_DECODER_NONE 0x00`
			`#define SSL_DECODER_L1V 0x01`
			`#define SSL_DECODER_L2V 0x02`
			`#define SSL_DECODER_L2TV 0x03`

			`struct ssl_decoder_ltv`
			`{`
			`uint16_t type; // marco SSL_DECODER*`
			`uint16_t vtype;`
			`union`
			`{`
			`uint8_t lv_u8;`
			`uint16_t lv_u16;`
			`uint32_t lv_u32;`
			`};`

			`uint8_t *value;`
			`};`

			`enum SSL_HELLO_LTV`
			`{`
			`SSL_HELLO_LTV_UNKNOWN=0,`
			`SSL_HELLO_LTV_RANDOM_BYTES,`
			`SSL_HELLO_LTV_SESSION,`
			`SSL_HELLO_LTV_CIPERSUITES,`
			`SSL_HELLO_LTV_COMPRESS_METHOD,`
			`SSL_HELLO_LTV_MAX,`
			`};`

			`struct ssl_client_hello`
			`{`
			`uint16_t version;`
			`uint32_t random_gmt_time;`

			`UT_array *extensions;`
			`struct ssl_decoder_ltv ja3;`
			`struct ssl_decoder_ltv *sni;`
			`struct ssl_decoder_ltv *ech;`
			`struct ssl_decoder_ltv *esni;`
			`struct ssl_decoder_ltv ltv[SSL_HELLO_LTV_MAX];`
			`};`

			`struct ssl_server_hello`
			`{`
			`uint16_t version;`
			`uint32_t random_gmt_time;`

			`UT_array *extensions;`
Feature: server hello decode 2024-08-06 00:59:57 +00:00			`struct ssl_decoder_ltv ja3s;`
Feature: SSL Decoder create version 2024-08-05 10:04:16 +00:00			`struct ssl_decoder_ltv ltv[SSL_HELLO_LTV_MAX];`
			`};`

			`struct ssl_new_session_ticket`
			`{`
			`int total_len; //3 bytes`
			`int lift_time; //second`
			`int ticket_len; //3 bytes`
			`unsigned char* ticket;`
			`};`

			`#define MAX_ALTER_NAME_LEN 64`
			`struct ssl_subject_alter_name`
			`{`
			`int num;`
			`char (*name)[MAX_ALTER_NAME_LEN];`
			`};`

			`#define MAX_RDN_SEQUENCE_LEN 64`
			`#define MAX_RDN_SEQUENCE_LIST_LEN 512`
			`struct ssl_rdn_sequence`
			`{`
			`char common[MAX_RDN_SEQUENCE_LEN]; //commonName`
			`char country[MAX_RDN_SEQUENCE_LEN]; //countryName`
			`char locality[MAX_RDN_SEQUENCE_LEN]; //localityName`
			`char postal_code[MAX_RDN_SEQUENCE_LEN]; // postalCode`
			`char organization[MAX_RDN_SEQUENCE_LEN]; //organizationName`
			`char street_address[MAX_RDN_SEQUENCE_LEN]; //streetAddress`
			`char state_or_Province[MAX_RDN_SEQUENCE_LEN]; //stateOrProvinceName`
			`char organizational_unit[MAX_RDN_SEQUENCE_LEN]; //organizationalUnitName`
			`char rdn_sequence_list[MAX_RDN_SEQUENCE_LIST_LEN]; //commonName + organizationName + organizationalUnitName + localityName + streetAddress + stateOrProvinceName + countryName`
			`};`

			`#define MAX_VALIDITY_LEN 80`
			`struct ssl_validity`
			`{`
			`char before[MAX_VALIDITY_LEN];`
			`char after[MAX_VALIDITY_LEN];`
			`};`

			`struct ssl_subject_public_key`
			`{`
			`int len;`
			`char*value;`
			`};`

			`#define MAX_SERIAL_NUMBER_LEN 128`
			`struct ssl_serial_number`
			`{`
			`unsigned char len;`
			`char value[MAX_SERIAL_NUMBER_LEN];`
			`};`

			`#define MAX_SIGNATURE_ALGORITHM_ID_LEN 64`
			`struct ssl_signature_algorithm_id`
			`{`
			`unsigned char len;`
			`char value[MAX_SIGNATURE_ALGORITHM_ID_LEN];`
			`};`

			`#define MAX_ALGORITHM_IDENTIFIER 64`
			`struct ssl_algorithm_identifier`
			`{`
			`unsigned char len;`
			`char value[MAX_ALGORITHM_IDENTIFIER];`
			`};`

			`struct ssl_certificate`
			`{`
Feature: certificate decode 2024-08-06 05:51:48 +00:00			`uint16_t version;`
			`enum ssl_certificate_type type;`
Feature: SSL Decoder create version 2024-08-05 10:04:16 +00:00			`struct ssl_validity validity;`
			`struct ssl_serial_number serial;`
			`struct ssl_rdn_sequence issuer;`
			`struct ssl_rdn_sequence subject;`

			`struct ssl_subject_public_key subject_key;`
			`struct ssl_subject_alter_name subject_alter;`
			`struct ssl_algorithm_identifier algorithm_identifier;`
			`struct ssl_signature_algorithm_id signature_algorithm;`
			`};`
Feature: certificate decode 2024-08-06 05:51:48 +00:00

			`#define SSL_MESSAGE_MAGIC 0xEF53534C`

			`struct ssl_message`
			`{`
			`uint32_t magic;`
			`enum ssl_message_type type;`
			`char uuid_bytes[SSL_UUID_BYTES_SZ];`
			`struct session *ss;`
			`struct ssl_decoder_plugin_env *plugin_env;`
			`union`
			`{`
			`struct ssl_client_hello *chello;`
			`struct ssl_server_hello *shello;`
			`struct ssl_certificate *certificate;`
			`void *data;`
			`};`

			`};`