From 72d170aec2d52a0fe9a34a2b3d81e5369b2cc129 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=B4=94=E4=B8=80=E9=B8=A3?= <cuiyiming@iie.ac.cn>
Date: Fri, 24 May 2019 23:15:58 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0ssl=5Fcipher=5Fsuites=5Fconve?=
 =?UTF-8?q?rt=E5=87=BD=E6=95=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 platform/include/internal/ssl_utils.h |   3 +
 platform/src/ssl_utils.cpp            | 213 +++++++++++++++++++++++++-
 platform/test/test_chello_parse.cpp   |  22 ++-
 3 files changed, 233 insertions(+), 5 deletions(-)

diff --git a/platform/include/internal/ssl_utils.h b/platform/include/internal/ssl_utils.h
index 1325850..8e5a3e3 100644
--- a/platform/include/internal/ssl_utils.h
+++ b/platform/include/internal/ssl_utils.h
@@ -214,4 +214,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
 
 void ssl_chello_free(struct ssl_chello* chello);
 
+int ssl_cipher_suites_convert(const char *source, int source_len, char *target_common, char *target_tls13);
+
+
 #endif /* !SSL_H */
diff --git a/platform/src/ssl_utils.cpp b/platform/src/ssl_utils.cpp
index 4be4069..b1fb15e 100644
--- a/platform/src/ssl_utils.cpp
+++ b/platform/src/ssl_utils.cpp
@@ -1805,7 +1805,7 @@ static int parse_supported_versions_extension(const unsigned char* buff, uint16_
 	uint16_t max_version = 0x0000, min_version = 0xffff;
 	for(int i = 1; i < len; i+=2)
 	{
-		uint16_t version = buff[i] << 8 | buff[i + 1];
+		uint16_t version = (buff[i] << 8) | buff[i + 1];
 		//unknown version
 		if(version < 0x0300 || version > 0x0304)
 		{
@@ -2109,3 +2109,214 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
 		return _chello;
 	}
 }
+
+struct cipher_suite
+{
+	uint16_t value;
+	const char* name;
+};
+
+struct cipher_suite cipher_suite_list[] =
+{
+	{0xC030, "ECDHE-RSA-AES256-GCM-SHA384"},
+	{0xC02C, "ECDHE-ECDSA-AES256-GCM-SHA384"},
+	{0xC028, "ECDHE-RSA-AES256-SHA384"},
+	{0xC024, "ECDHE-ECDSA-AES256-SHA384"},
+	{0xC014, "ECDHE-RSA-AES256-SHA"},
+	{0xC00A, "ECDHE-ECDSA-AES256-SHA"},
+	{0x00A5, "DH-DSS-AES256-GCM-SHA384"},
+	{0x00A3, "DHE-DSS-AES256-GCM-SHA384"},
+	{0x00A1, "DH-RSA-AES256-GCM-SHA384"},
+	{0x009F, "DHE-RSA-AES256-GCM-SHA384"},
+	{0x006B, "DHE-RSA-AES256-SHA256"},
+	{0x006A, "DHE-DSS-AES256-SHA256"},
+	{0x0069, "DH-RSA-AES256-SHA256"},
+	{0x0068, "DH-DSS-AES256-SHA256"},
+	{0x0039, "DHE-RSA-AES256-SHA"},
+	{0x0038, "DHE-DSS-AES256-SHA"},
+	{0x0037, "DH-RSA-AES256-SHA"},
+	{0x0036, "DH-DSS-AES256-SHA"},
+	{0x0088, "DHE-RSA-CAMELLIA256-SHA"},
+	{0x0087, "DHE-DSS-CAMELLIA256-SHA"},
+	{0x0086, "DH-RSA-CAMELLIA256-SHA"},
+	{0x0085, "DH-DSS-CAMELLIA256-SHA"},
+	{0xC019, "AECDH-AES256-SHA"},
+	{0x00A7, "ADH-AES256-GCM-SHA384"},
+	{0x006D, "ADH-AES256-SHA256"},
+	{0x003A, "ADH-AES256-SHA"},
+	{0x0089, "ADH-CAMELLIA256-SHA"},
+	{0xC032, "ECDH-RSA-AES256-GCM-SHA384"},
+	{0xC02E, "ECDH-ECDSA-AES256-GCM-SHA384"},
+	{0xC02A, "ECDH-RSA-AES256-SHA384"},
+	{0xC026, "ECDH-ECDSA-AES256-SHA384"},
+	{0xC00F, "ECDH-RSA-AES256-SHA"},
+	{0xC005, "ECDH-ECDSA-AES256-SHA"},
+	{0x009D, "AES256-GCM-SHA384"},
+	{0x003D, "AES256-SHA256"},
+	{0x0035, "AES256-SHA"},
+	{0x0084, "CAMELLIA256-SHA"},
+	{0x008D, "PSK-AES256-CBC-SHA"},
+	{0xC02F, "ECDHE-RSA-AES128-GCM-SHA256"},
+	{0xC02B, "ECDHE-ECDSA-AES128-GCM-SHA256"},
+	{0xC027, "ECDHE-RSA-AES128-SHA256"},
+	{0xC023, "ECDHE-ECDSA-AES128-SHA256"},
+	{0xC013, "ECDHE-RSA-AES128-SHA"},
+	{0xC009, "ECDHE-ECDSA-AES128-SHA"},
+	{0x00A4, "DH-DSS-AES128-GCM-SHA256"},
+	{0x00A2, "DHE-DSS-AES128-GCM-SHA256"},
+	{0x00A0, "DH-RSA-AES128-GCM-SHA256"},
+	{0x009E, "DHE-RSA-AES128-GCM-SHA256"},
+	{0x0067, "DHE-RSA-AES128-SHA256"},
+	{0x0040, "DHE-DSS-AES128-SHA256"},
+	{0x003F, "DH-RSA-AES128-SHA256"},
+	{0x003E, "DH-DSS-AES128-SHA256"},
+	{0x0033, "DHE-RSA-AES128-SHA"},
+	{0x0032, "DHE-DSS-AES128-SHA"},
+	{0x0031, "DH-RSA-AES128-SHA"},
+	{0x0030, "DH-DSS-AES128-SHA"},
+	{0x009A, "DHE-RSA-SEED-SHA"},
+	{0x0099, "DHE-DSS-SEED-SHA"},
+	{0x0098, "DH-RSA-SEED-SHA"},
+	{0x0097, "DH-DSS-SEED-SHA"},
+	{0x0045, "DHE-RSA-CAMELLIA128-SHA"},
+	{0x0044, "DHE-DSS-CAMELLIA128-SHA"},
+	{0x0043, "DH-RSA-CAMELLIA128-SHA"},
+	{0x0042, "DH-DSS-CAMELLIA128-SHA"},
+	{0xC018, "AECDH-AES128-SHA"},
+	{0x00A6, "ADH-AES128-GCM-SHA256"},
+	{0x006C, "ADH-AES128-SHA256"},
+	{0x0034, "ADH-AES128-SHA"},
+	{0x009B, "ADH-SEED-SHA"},
+	{0x0046, "ADH-CAMELLIA128-SHA"},
+	{0xC031, "ECDH-RSA-AES128-GCM-SHA256"},
+	{0xC02D, "ECDH-ECDSA-AES128-GCM-SHA256"},
+	{0xC029, "ECDH-RSA-AES128-SHA256"},
+	{0xC025, "ECDH-ECDSA-AES128-SHA256"},
+	{0xC00E, "ECDH-RSA-AES128-SHA"},
+	{0xC004, "ECDH-ECDSA-AES128-SHA"},
+	{0x009C, "AES128-GCM-SHA256"},
+	{0x003C, "AES128-SHA256"},
+	{0x002F, "AES128-SHA"},
+	{0x0096, "SEED-SHA"},
+	{0x0041, "CAMELLIA128-SHA"},
+	{0x008C, "PSK-AES128-CBC-SHA"},
+	{0xC012, "ECDHE-RSA-DES-CBC3-SHA"},
+	{0xC008, "ECDHE-ECDSA-DES-CBC3-SHA"},
+	{0x0016, "EDH-RSA-DES-CBC3-SHA"},
+	{0x0013, "EDH-DSS-DES-CBC3-SHA"},
+	{0x0010, "DH-RSA-DES-CBC3-SHA"},
+	{0x000D, "DH-DSS-DES-CBC3-SHA"},
+	{0xC017, "AECDH-DES-CBC3-SHA"},
+	{0x001B, "ADH-DES-CBC3-SHA"},
+	{0xC00D, "ECDH-RSA-DES-CBC3-SHA"},
+	{0xC003, "ECDH-ECDSA-DES-CBC3-SHA"},
+	{0x000A, "DES-CBC3-SHA"},
+	{0x0007, "IDEA-CBC-SHA"},
+	{0x008B, "PSK-3DES-EDE-CBC-SHA"},
+	{0x0021, "KRB5-IDEA-CBC-SHA"},
+	{0x001F, "KRB5-DES-CBC3-SHA"},
+	{0x0025, "KRB5-IDEA-CBC-MD5"},
+	{0x0023, "KRB5-DES-CBC3-MD5"},
+	{0xC011, "ECDHE-RSA-RC4-SHA"},
+	{0xC007, "ECDHE-ECDSA-RC4-SHA"},
+	{0xC016, "AECDH-RC4-SHA"},
+	{0x0018, "ADH-RC4-MD5"},
+	{0xC00C, "ECDH-RSA-RC4-SHA"},
+	{0xC002, "ECDH-ECDSA-RC4-SHA"},
+	{0x0005, "RC4-SHA"},
+	{0x0004, "RC4-MD5"},
+	{0x008A, "PSK-RC4-SHA"},
+	{0x0020, "KRB5-RC4-SHA"},
+	{0x0024, "KRB5-RC4-MD5"},
+	{0xC010, "ECDHE-RSA-NULL-SHA"},
+	{0xC006, "ECDHE-ECDSA-NULL-SHA"},
+	{0xC015, "AECDH-NULL-SHA"},
+	{0xC00B, "ECDH-RSA-NULL-SHA"},
+	{0xC001, "ECDH-ECDSA-NULL-SHA"},
+	{0x003B, "NULL-SHA256"},
+	{0x0002, "NULL-SHA"},
+	{0x0001, "NULL-MD5"}
+};
+
+struct cipher_suite cipher_suite_list_tls13[] =
+{
+	{0x1301, "TLS_AES_128_GCM_SHA256"},
+	{0x1302, "TLS_AES_256_GCM_SHA384"},
+	{0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
+	{0x1304, "TLS_AES_128_CCM_SHA256"},
+	{0x1305, "TLS_AES_128_CCM_8_SHA256"}
+};
+
+int cipher_suites_convert_helper(uint16_t value, char *name)
+{
+	int n1 = sizeof(cipher_suite_list) / sizeof(struct cipher_suite);
+	int n2 = sizeof(cipher_suite_list_tls13) / sizeof(struct cipher_suite);
+	for(int i = 0; i < n1; i++)
+	{
+		if(value == cipher_suite_list[i].value)
+		{
+			memcpy(name, cipher_suite_list[i].name, strnlen(cipher_suite_list[i].name, TFE_STRING_MAX));
+			return 1;
+		}
+	}
+	for(int i = 0; i < n2; i++)
+	{
+		if(value == cipher_suite_list_tls13[i].value)
+		{
+			memcpy(name, cipher_suite_list_tls13[i].name, strnlen(cipher_suite_list_tls13[i].name, TFE_STRING_MAX));
+			return 2;
+		}
+	}
+	return -1;
+}
+
+int ssl_cipher_suites_convert(const char *source, int source_len, char *target_common, char *target_tls13)
+{
+	int target_common_reach_max = 0;
+	int target_tls13_reach_max = 0;
+	for(int i = 0; i < source_len - 1;)
+	{
+		uint16_t val = (source[i] << 8) | source[i + 1];
+		char name[TFE_SYMBOL_MAX] = "";
+		int ret = cipher_suites_convert_helper(val, name);
+		//target common
+		if(ret == 1 && target_common_reach_max == 0)
+		{
+			if(strnlen(name, TFE_STRING_MAX) + strnlen(target_common, TFE_STRING_MAX) + 1 > TFE_STRING_MAX)
+			{
+				target_common_reach_max = 1;
+			}
+			else
+			{
+				strncat(target_common, name, TFE_STRING_MAX);
+				strncat(target_common, ":", TFE_STRING_MAX);
+			}
+		}
+		//target_tls13
+		if(ret == 2 && target_tls13_reach_max == 0)
+		{
+			if(strnlen(name, TFE_STRING_MAX) + strnlen(target_tls13, TFE_STRING_MAX) + 1 > TFE_STRING_MAX)
+			{
+				target_tls13_reach_max = 1;
+			}
+			else
+			{
+				strncat(target_tls13, name, TFE_STRING_MAX);
+				strncat(target_tls13, ":", TFE_STRING_MAX);
+			}
+		}
+		i += 2;
+	}
+	int len1 = strnlen(target_common, TFE_STRING_MAX);
+	if(len1 > 0)
+	{
+		target_common[len1 - 1] = '\0';
+	}
+	int len2 = strnlen(target_tls13, TFE_STRING_MAX);
+	if(len2 > 0)
+	{
+		target_tls13[len2 - 1] = '\0';
+	}
+	return 0;
+}
+
diff --git a/platform/test/test_chello_parse.cpp b/platform/test/test_chello_parse.cpp
index 42cd30f..16e5077 100644
--- a/platform/test/test_chello_parse.cpp
+++ b/platform/test/test_chello_parse.cpp
@@ -50,6 +50,7 @@ int ssl2_test(){
 	printf("\n\n");
 	ssl_chello_free(chello);
 	chello = NULL;
+	return 0;
 }
 
 int ssl3_test(){
@@ -77,6 +78,7 @@ int ssl3_test(){
 	printf("\n\n");
 	ssl_chello_free(chello1);
 	chello1 = NULL;
+	return 0;
 }
 
 int tls12_test(){
@@ -108,11 +110,16 @@ int tls12_test(){
 
 	unsigned char cipher_suites[1024];
 	memcpy(cipher_suites, chello->cipher_suites, chello->cipher_suites_len);
-	printf("cipher suites:  \n", chello->cipher_suites);
+	char target_common[1024], target_tls13[1024];
+	ssl_cipher_suites_convert(chello->cipher_suites, chello->cipher_suites_len, target_common, target_tls13);
+	printf("cipher suites:  \n");
 	for(int i = 0; i < chello->cipher_suites_len; i++){
 		printf("0x%02x ", cipher_suites[i]);
 	}
 	printf("\n");
+	printf("target_common: %s\n", target_common);
+	printf("target_tls13: %s\n", target_tls13);
+	printf("\n");
 
 	printf("sni:  %s\n", chello->sni);
 
@@ -145,7 +152,7 @@ int tls12_test(){
 	}
 	else{
 		memcpy(supported_groups, chello->supported_groups, chello->supported_groups_len);
-		printf("supported groups is \n", supported_groups);
+		printf("supported groups is:\n");
 		for(int i = 0; i < chello->supported_groups_len; i++){
 			printf("0x%02x ", supported_groups[i]);
 		}
@@ -153,6 +160,7 @@ int tls12_test(){
 	printf("\n\n");
 	ssl_chello_free(chello);
 	chello = NULL;
+	return 0;
 }
 
 int tls13_test(){
@@ -201,11 +209,16 @@ int tls13_test(){
 
 	unsigned char cipher_suites[1024];
 	memcpy(cipher_suites, chello->cipher_suites, chello->cipher_suites_len);
-	printf("cipher suites:  \n", chello->cipher_suites);
+	char target_common[1024], target_tls13[1024];
+	ssl_cipher_suites_convert(chello->cipher_suites, chello->cipher_suites_len, target_common, target_tls13);
+	printf("cipher suites:  \n");
 	for(int i = 0; i < chello->cipher_suites_len; i++){
 		printf("0x%02x ", cipher_suites[i]);
 	}
 	printf("\n");
+	printf("target_common: %s\n", target_common);
+	printf("target_tls13: %s\n", target_tls13);
+	printf("\n");
 
 	printf("sni:  %s\n", chello->sni);
 
@@ -225,7 +238,7 @@ int tls13_test(){
 	unsigned char supported_groups[1024];
 	memcpy(supported_groups, chello->supported_groups, chello->supported_groups_len);
 	supported_groups[chello->supported_groups_len] = '\0';
-	printf("supported groups is \n", supported_groups);
+	printf("supported groups is: \n");
 	for(int i = 0; i < chello->supported_groups_len; i++){
 		printf("0x%02x ", supported_groups[i]);
 	}
@@ -233,6 +246,7 @@ int tls13_test(){
 
 	ssl_chello_free(chello);
 	chello = NULL;
+	return 0;
 }
 
 int main()