diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt index d3db8e3..f1f4ffa 100644 --- a/platform/CMakeLists.txt +++ b/platform/CMakeLists.txt @@ -1,5 +1,5 @@ add_executable(tfe src/key_keeper.cpp src/kni_acceptor.cpp src/ssl_stream.cpp - src/ssl_sess_cache.cpp src/ssl_sess_ticket.cpp src/ssl_service_cache.cpp + src/ssl_sess_cache.cpp src/ssl_service_cache.cpp src/ssl_trusted_cert_storage.cpp src/ev_root_ca_metadata.cpp src/ssl_utils.cpp src/tcp_stream.cpp src/main.cpp src/proxy.cpp) @@ -34,15 +34,11 @@ if(ENABLE_PLUGIN_PANGU_HTTP) target_link_libraries(tfe -Wl,--whole-archive pangu-http -Wl,--no-whole-archive) endif() -if(ENABLE_PLUGIN_HTTP2) - target_link_libraries(tfe -Wl,--whole-archive http2 -Wl,--no-whole-archive) -endif() if(ENABLE_PLUGIN_SSL_POLICY) target_link_libraries(tfe -Wl,--whole-archive ssl-policy -Wl,--no-whole-archive) endif() - install(TARGETS tfe RUNTIME DESTINATION bin COMPONENT Program) #### test_key_keeper @@ -84,19 +80,19 @@ install(TARGETS tfe RUNTIME DESTINATION bin COMPONENT Program) # MESA_field_stat) # #### test_chello_parse -#add_executable(test_chello_parse test/test_chello_parse.cpp src/ssl_utils.cpp) -# -#target_include_directories(test_chello_parse PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include/internal) -# -#target_link_libraries(test_chello_parse common) -#target_link_libraries(test_chello_parse pthread dl -# openssl-ssl-static -# openssl-crypto-static -# pthread libevent-static -# libevent-static-openssl -# libevent-static-pthreads -# MESA_handle_logger -# MESA_prof_load -# MESA_htable wiredcfg -# cjson -# MESA_field_stat) +add_executable(test_chello_parse test/test_chello_parse.cpp src/ssl_utils.cpp) + +target_include_directories(test_chello_parse PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include/internal) + +target_link_libraries(test_chello_parse common) +target_link_libraries(test_chello_parse pthread dl + openssl-ssl-static + openssl-crypto-static + pthread libevent-static + libevent-static-openssl + libevent-static-pthreads + MESA_handle_logger + MESA_prof_load + MESA_htable wiredcfg + cjson + MESA_field_stat) diff --git a/platform/include/internal/ssl_utils.h b/platform/include/internal/ssl_utils.h index cd6dcf7..1325850 100644 --- a/platform/include/internal/ssl_utils.h +++ b/platform/include/internal/ssl_utils.h @@ -191,7 +191,7 @@ enum chello_parse_result struct ssl_version { - uint8_t minor; + uint8_t minor; uint8_t major; uint16_t ossl_format; }; @@ -201,10 +201,14 @@ struct ssl_chello struct ssl_version min_version; struct ssl_version max_version; - char* sni; - char* alpn; - char* cipher_suites; - char* cipher_suites_tls13; + char *sni; + char *alpn; + char *sign_algos; + uint16_t sign_algos_len; + char *supported_groups; + uint16_t supported_groups_len; + char *cipher_suites; + uint16_t cipher_suites_len; }; struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, int parse_cipher, enum chello_parse_result* result); diff --git a/platform/src/ssl_utils.cpp b/platform/src/ssl_utils.cpp index b2680a0..b91bf4b 100644 --- a/platform/src/ssl_utils.cpp +++ b/platform/src/ssl_utils.cpp @@ -1073,7 +1073,7 @@ char* ssl_X509_print_name(X509_NAME* name) // Now, put the name line into the BIO. X509_NAME_print_ex(name_Bio, name, 0, XN_FLAG_ONELINE); - // Obtain a reference to the data and copy out + // Obtain a reference to the data and copy out // just the length of the data. char *data_start = NULL; char *name_string = NULL; @@ -1723,241 +1723,190 @@ int ssl_is_ocspreq(const unsigned char * buf, size_t sz) return 1; } - -struct cipher_suite -{ - int value; - const char* name; -}; - -struct cipher_suite cipher_suite_list[] = -{ - {0xC030, "ECDHE-RSA-AES256-GCM-SHA384"}, - {0xC02C, "ECDHE-ECDSA-AES256-GCM-SHA384"}, - {0xC028, "ECDHE-RSA-AES256-SHA384"}, - {0xC024, "ECDHE-ECDSA-AES256-SHA384"}, - {0xC014, "ECDHE-RSA-AES256-SHA"}, - {0xC00A, "ECDHE-ECDSA-AES256-SHA"}, - {0x00A5, "DH-DSS-AES256-GCM-SHA384"}, - {0x00A3, "DHE-DSS-AES256-GCM-SHA384"}, - {0x00A1, "DH-RSA-AES256-GCM-SHA384"}, - {0x009F, "DHE-RSA-AES256-GCM-SHA384"}, - {0x006B, "DHE-RSA-AES256-SHA256"}, - {0x006A, "DHE-DSS-AES256-SHA256"}, - {0x0069, "DH-RSA-AES256-SHA256"}, - {0x0068, "DH-DSS-AES256-SHA256"}, - {0x0039, "DHE-RSA-AES256-SHA"}, - {0x0038, "DHE-DSS-AES256-SHA"}, - {0x0037, "DH-RSA-AES256-SHA"}, - {0x0036, "DH-DSS-AES256-SHA"}, - {0x0088, "DHE-RSA-CAMELLIA256-SHA"}, - {0x0087, "DHE-DSS-CAMELLIA256-SHA"}, - {0x0086, "DH-RSA-CAMELLIA256-SHA"}, - {0x0085, "DH-DSS-CAMELLIA256-SHA"}, - {0xC019, "AECDH-AES256-SHA"}, - {0x00A7, "ADH-AES256-GCM-SHA384"}, - {0x006D, "ADH-AES256-SHA256"}, - {0x003A, "ADH-AES256-SHA"}, - {0x0089, "ADH-CAMELLIA256-SHA"}, - {0xC032, "ECDH-RSA-AES256-GCM-SHA384"}, - {0xC02E, "ECDH-ECDSA-AES256-GCM-SHA384"}, - {0xC02A, "ECDH-RSA-AES256-SHA384"}, - {0xC026, "ECDH-ECDSA-AES256-SHA384"}, - {0xC00F, "ECDH-RSA-AES256-SHA"}, - {0xC005, "ECDH-ECDSA-AES256-SHA"}, - {0x009D, "AES256-GCM-SHA384"}, - {0x003D, "AES256-SHA256"}, - {0x0035, "AES256-SHA"}, - {0x0084, "CAMELLIA256-SHA"}, - {0x008D, "PSK-AES256-CBC-SHA"}, - {0xC02F, "ECDHE-RSA-AES128-GCM-SHA256"}, - {0xC02B, "ECDHE-ECDSA-AES128-GCM-SHA256"}, - {0xC027, "ECDHE-RSA-AES128-SHA256"}, - {0xC023, "ECDHE-ECDSA-AES128-SHA256"}, - {0xC013, "ECDHE-RSA-AES128-SHA"}, - {0xC009, "ECDHE-ECDSA-AES128-SHA"}, - {0x00A4, "DH-DSS-AES128-GCM-SHA256"}, - {0x00A2, "DHE-DSS-AES128-GCM-SHA256"}, - {0x00A0, "DH-RSA-AES128-GCM-SHA256"}, - {0x009E, "DHE-RSA-AES128-GCM-SHA256"}, - {0x0067, "DHE-RSA-AES128-SHA256"}, - {0x0040, "DHE-DSS-AES128-SHA256"}, - {0x003F, "DH-RSA-AES128-SHA256"}, - {0x003E, "DH-DSS-AES128-SHA256"}, - {0x0033, "DHE-RSA-AES128-SHA"}, - {0x0032, "DHE-DSS-AES128-SHA"}, - {0x0031, "DH-RSA-AES128-SHA"}, - {0x0030, "DH-DSS-AES128-SHA"}, - {0x009A, "DHE-RSA-SEED-SHA"}, - {0x0099, "DHE-DSS-SEED-SHA"}, - {0x0098, "DH-RSA-SEED-SHA"}, - {0x0097, "DH-DSS-SEED-SHA"}, - {0x0045, "DHE-RSA-CAMELLIA128-SHA"}, - {0x0044, "DHE-DSS-CAMELLIA128-SHA"}, - {0x0043, "DH-RSA-CAMELLIA128-SHA"}, - {0x0042, "DH-DSS-CAMELLIA128-SHA"}, - {0xC018, "AECDH-AES128-SHA"}, - {0x00A6, "ADH-AES128-GCM-SHA256"}, - {0x006C, "ADH-AES128-SHA256"}, - {0x0034, "ADH-AES128-SHA"}, - {0x009B, "ADH-SEED-SHA"}, - {0x0046, "ADH-CAMELLIA128-SHA"}, - {0xC031, "ECDH-RSA-AES128-GCM-SHA256"}, - {0xC02D, "ECDH-ECDSA-AES128-GCM-SHA256"}, - {0xC029, "ECDH-RSA-AES128-SHA256"}, - {0xC025, "ECDH-ECDSA-AES128-SHA256"}, - {0xC00E, "ECDH-RSA-AES128-SHA"}, - {0xC004, "ECDH-ECDSA-AES128-SHA"}, - {0x009C, "AES128-GCM-SHA256"}, - {0x003C, "AES128-SHA256"}, - {0x002F, "AES128-SHA"}, - {0x0096, "SEED-SHA"}, - {0x0041, "CAMELLIA128-SHA"}, - {0x008C, "PSK-AES128-CBC-SHA"}, - {0xC012, "ECDHE-RSA-DES-CBC3-SHA"}, - {0xC008, "ECDHE-ECDSA-DES-CBC3-SHA"}, - {0x0016, "EDH-RSA-DES-CBC3-SHA"}, - {0x0013, "EDH-DSS-DES-CBC3-SHA"}, - {0x0010, "DH-RSA-DES-CBC3-SHA"}, - {0x000D, "DH-DSS-DES-CBC3-SHA"}, - {0xC017, "AECDH-DES-CBC3-SHA"}, - {0x001B, "ADH-DES-CBC3-SHA"}, - {0xC00D, "ECDH-RSA-DES-CBC3-SHA"}, - {0xC003, "ECDH-ECDSA-DES-CBC3-SHA"}, - {0x000A, "DES-CBC3-SHA"}, - {0x0007, "IDEA-CBC-SHA"}, - {0x008B, "PSK-3DES-EDE-CBC-SHA"}, - {0x0021, "KRB5-IDEA-CBC-SHA"}, - {0x001F, "KRB5-DES-CBC3-SHA"}, - {0x0025, "KRB5-IDEA-CBC-MD5"}, - {0x0023, "KRB5-DES-CBC3-MD5"}, - {0xC011, "ECDHE-RSA-RC4-SHA"}, - {0xC007, "ECDHE-ECDSA-RC4-SHA"}, - {0xC016, "AECDH-RC4-SHA"}, - {0x0018, "ADH-RC4-MD5"}, - {0xC00C, "ECDH-RSA-RC4-SHA"}, - {0xC002, "ECDH-ECDSA-RC4-SHA"}, - {0x0005, "RC4-SHA"}, - {0x0004, "RC4-MD5"}, - {0x008A, "PSK-RC4-SHA"}, - {0x0020, "KRB5-RC4-SHA"}, - {0x0024, "KRB5-RC4-MD5"}, - {0xC010, "ECDHE-RSA-NULL-SHA"}, - {0xC006, "ECDHE-ECDSA-NULL-SHA"}, - {0xC015, "AECDH-NULL-SHA"}, - {0xC00B, "ECDH-RSA-NULL-SHA"}, - {0xC001, "ECDH-ECDSA-NULL-SHA"}, - {0x003B, "NULL-SHA256"}, - {0x0002, "NULL-SHA"}, - {0x0001, "NULL-MD5"} -}; - -struct cipher_suite cipher_suite_list_tls13[] = -{ - {0x1301, "TLS_AES_128_GCM_SHA256"}, - {0x1302, "TLS_AES_256_GCM_SHA384"}, - {0x1303, "TLS_CHACHA20_POLY1305_SHA256"}, - {0x1304, "TLS_AES_128_CCM_SHA256"}, - {0x1305, "TLS_AES_128_CCM_8_SHA256"} -}; - - void ssl_chello_free(struct ssl_chello* chello) { - if(chello==NULL) + if(chello == NULL) { return; } - free(chello->sni); + FREE(&(chello->sni)); chello->sni = NULL; - free(chello->alpn); + FREE(&(chello->alpn)); chello->alpn = NULL; - free(chello->cipher_suites); + FREE(&(chello->sign_algos)); + chello->sign_algos = NULL; + FREE(&(chello->supported_groups)); + chello->supported_groups = NULL; + FREE(&(chello->cipher_suites)); chello->cipher_suites = NULL; - free(chello->cipher_suites_tls13); - chello->cipher_suites_tls13 = NULL; - free(chello); + FREE(&chello); } -static char* parse_alpn_extension(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result) -{ - size_t pos = 0; - size_t len = ((size_t)buff[pos] << 8) + (size_t)buff[pos + 1]; - if(2 + len != buff_len) - { - *result = CHELLO_PARSE_INVALID_FORMAT; - return NULL; - } - char* alpn = ALLOC(char, len + 1); - strncpy((char*)alpn, (const char*)buff + 2, len); - alpn[len] = '\0'; - *result = CHELLO_PARSE_SUCCESS; - return alpn; -} - -static char* parse_server_name_extension(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result) +static int parse_server_name_extension(const unsigned char *buff, uint16_t buff_len, struct ssl_chello* chello) { size_t pos = 2; /* skip server name list length */ - size_t len; - char* sni = NULL; + uint16_t len; + char *sni = NULL; while (pos + 3 < buff_len) { - len = ((size_t)buff[pos + 1] << 8) + (size_t)buff[pos + 2]; + len = (buff[pos + 1] << 8) | buff[pos + 2]; if (pos + 3 + len > buff_len) { - *result = CHELLO_PARSE_INVALID_FORMAT; - return NULL; + chello->sni = sni; + return CHELLO_PARSE_INVALID_FORMAT; } switch (buff[pos]) { case 0x00: /* host_name */ - sni = (char*)malloc(len + 1); + sni = ALLOC(char, len + 1); strncpy(sni, (const char*)buff + pos + 3, len); sni[len] = '\0'; - *result = CHELLO_PARSE_SUCCESS; + chello->sni = sni; + return CHELLO_PARSE_SUCCESS; } pos += 3 + len; } + chello->sni = sni; if (pos != buff_len) { - *result = CHELLO_PARSE_INVALID_FORMAT; + return CHELLO_PARSE_INVALID_FORMAT; } - return sni; + return CHELLO_PARSE_SUCCESS; } -static enum chello_parse_result parse_extensions(const unsigned char* buff, size_t buff_len, struct ssl_chello* chello) { - size_t pos = 0; +static int parse_alpn_extension(const unsigned char* buff, uint16_t buff_len, struct ssl_chello* chello) +{ + int pos = 0; + uint16_t len = (buff[pos] << 8) | buff[pos + 1]; + char *alpn = NULL; + if(2 + len != buff_len) + { + chello->alpn = alpn; + return CHELLO_PARSE_INVALID_FORMAT; + } + alpn = ALLOC(char, len + 1); + strncpy((char*)alpn, (const char*)buff + 2, len); + alpn[len] = '\0'; + chello->alpn = alpn; + return CHELLO_PARSE_SUCCESS; +} + +static int parse_supported_versions_extension(const unsigned char* buff, uint16_t buff_len, struct ssl_chello* chello) +{ + if(buff_len < 1) + { + return CHELLO_PARSE_INVALID_FORMAT; + } + uint8_t len = buff[0]; + if(len + 1 > buff_len || len % 2 != 0) + { + return CHELLO_PARSE_INVALID_FORMAT; + } + uint16_t max_version = 0x0000, min_version = 0xffff; + for(int i = 1; i < len; i+=2) + { + uint16_t version = buff[i] << 8 | buff[i + 1]; + //unknown version + if(version < 0x0300 || version > 0x0304) + { + continue; + } + if(version > max_version) + { + max_version = version; + } + if(version < min_version) + { + min_version = version; + } + } + if(max_version != 0x0000) + { + chello->max_version.ossl_format = max_version; + chello->max_version.major = (max_version >> 8); + chello->max_version.minor = max_version & 0x00ff; + chello->min_version.ossl_format = min_version; + chello->min_version.major = (min_version >> 8); + chello->min_version.minor = min_version & 0x00ff; + } + return CHELLO_PARSE_SUCCESS; +} + +static int parse_sign_algos_extension(const unsigned char* buff, uint16_t buff_len, struct ssl_chello* chello) +{ + if(buff_len < 2) + { + return CHELLO_PARSE_INVALID_FORMAT; + } + uint16_t len = (buff[0] << 8) | buff[1]; + if(len + 2 > buff_len) + { + return CHELLO_PARSE_INVALID_FORMAT; + } + char *sign_algos = ALLOC(char, len); + memcpy(sign_algos, (void*)(buff + 2), len); + chello->sign_algos = sign_algos; + chello->sign_algos_len = len; + return CHELLO_PARSE_SUCCESS; +} + +static int parse_supported_groups_extension(const unsigned char* buff, uint16_t buff_len, struct ssl_chello* chello) +{ + if(buff_len < 2) + { + return CHELLO_PARSE_INVALID_FORMAT; + } + uint16_t len = (buff[0] << 8) | buff[1]; + if(len + 2 > buff_len) + { + return CHELLO_PARSE_INVALID_FORMAT; + } + char *supported_groups = ALLOC(char, len); + memcpy(supported_groups, (void*)(buff + 2), len); + chello->supported_groups = supported_groups; + chello->supported_groups_len = len; + return CHELLO_PARSE_SUCCESS; +} + +static int parse_extensions(const unsigned char *buff, uint16_t buff_len, struct ssl_chello *chello) { + uint16_t pos = 0; /* Parse each 4 bytes for the extension header */ while (pos + 4 <= buff_len) { - size_t len = ((size_t)buff[pos + 2] << 8) + (size_t)buff[pos + 3]; - /* Check if it's a server name extension */ - if (buff[pos] == 0x00 && buff[pos + 1] == 0x00) + uint16_t len = (buff[pos + 2] << 8) | buff[pos + 3]; + if (pos + 4 + len > buff_len) { - if (pos + 4 + len > buff_len) - { - return CHELLO_PARSE_INVALID_FORMAT; - } - enum chello_parse_result result = CHELLO_PARSE_SUCCESS; - chello->sni = parse_server_name_extension(buff + pos + 4, len, &result); - if(result != CHELLO_PARSE_SUCCESS) - { - return result; - } - } - /* Check if it's a alpn extension */ - if (buff[pos] == 0x00 && buff[pos + 1] == 0x10) + return CHELLO_PARSE_INVALID_FORMAT; + } + uint16_t extension_type = (buff[pos] << 8) | buff[pos + 1]; + int result = CHELLO_PARSE_SUCCESS; + switch(extension_type){ + //server name extension + case 0x0000: + result = parse_server_name_extension(buff + pos + 4, len, chello); + break; + //alpn extension + case 0x0010: + result = parse_alpn_extension(buff + pos + 4, len, chello); + break; + //supported versions extension + case 0x002b: + result = parse_supported_versions_extension(buff + pos + 4, len, chello); + break; + //signature algorithms extension + case 0x000d: + result = parse_sign_algos_extension(buff + pos + 4, len, chello); + break; + //supported groups extensions + case 0x000a: + result = parse_supported_groups_extension(buff + pos + 4, len, chello); + break; + default: + break; + } + if(result != CHELLO_PARSE_SUCCESS) { - if (pos + 4 + len > buff_len) - { - return CHELLO_PARSE_INVALID_FORMAT; - } - enum chello_parse_result result = CHELLO_PARSE_SUCCESS; - chello->alpn = parse_alpn_extension(buff + pos + 4, len, &result); - if(result != CHELLO_PARSE_SUCCESS) - { - return result; - } + return result; } pos += (4 + len); } @@ -1969,50 +1918,6 @@ static enum chello_parse_result parse_extensions(const unsigned char* buff, size return CHELLO_PARSE_SUCCESS; } -static char* parse_cipher_suites(struct cipher_suite* _cipher_suite_list, int n, const unsigned char* buff, size_t buff_len, enum chello_parse_result* result) -{ - char* cipher_suites_str = (char* )malloc(TFE_STRING_MAX); - cipher_suites_str[0] = '\0'; - size_t pos = 0; - int flag = 0; - while(pos < buff_len) - { - int i = 0; - for(i = 0;i < n; i++) - { - int val = (buff[pos] << 8) + buff[pos + 1]; - if(_cipher_suite_list[i].value == val) - { - if(strnlen(_cipher_suite_list[i].name, TFE_STRING_MAX) + strnlen(cipher_suites_str, TFE_STRING_MAX) + 1 > TFE_STRING_MAX) - { - flag = 1; - break; - } - strncat(cipher_suites_str, _cipher_suite_list[i].name, TFE_STRING_MAX); - strncat(cipher_suites_str, ":", TFE_STRING_MAX); - } - } - pos += 2; - if(flag == 1) - { - break; - } - } - int len = strnlen(cipher_suites_str, TFE_STRING_MAX); - if(len > 0) - { - cipher_suites_str[len-1] = '\0'; - } - if(pos != buff_len && flag == 0) - { - *result = CHELLO_PARSE_INVALID_FORMAT; - free(cipher_suites_str); - return NULL; - } - *result = CHELLO_PARSE_SUCCESS; - return cipher_suites_str; -} - struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, int parse_cipher, enum chello_parse_result* result) { int n=0; @@ -2089,6 +1994,19 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, *result = CHELLO_PARSE_INVALID_FORMAT; return NULL; } + + struct ssl_version min_version; + struct ssl_version max_version; + + char *sni; + char *alpn; + char *sign_algos; + uint16_t sign_algos_len; + char *supported_groups; + uint16_t supported_groups_len; + char *cipher_suites; + uint16_t cipher_suites_len; + struct ssl_chello* _chello = (struct ssl_chello*)ALLOC(struct ssl_chello, 1); _chello->min_version.major = buff[1]; _chello->min_version.minor = buff[2]; @@ -2098,7 +2016,12 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, _chello->sni = NULL; _chello->alpn = NULL; _chello->cipher_suites = NULL; - _chello->cipher_suites_tls13 = NULL; + _chello->cipher_suites_len = 0; + _chello->sign_algos = NULL; + _chello->sign_algos_len = 0; + _chello->supported_groups = NULL; + _chello->supported_groups_len = 0; + /* TLS record length */ size_t len = ((size_t)buff[3] << 8) + (size_t)buff[4] + 5; if (buff_len < len) @@ -2145,28 +2068,20 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, } len = ((size_t)buff[pos] << 8) + (size_t)buff[pos + 1]; pos += 2; - if(pos + len > buff_len) + if(pos + len > buff_len || len % 2 != 0) { *result = CHELLO_PARSE_INVALID_FORMAT; return _chello; } if(parse_cipher) { - n = sizeof(cipher_suite_list) / sizeof(struct cipher_suite); - _chello->cipher_suites = parse_cipher_suites(cipher_suite_list, n, buff + pos, len, result); - if(*result != CHELLO_PARSE_SUCCESS) - { - return _chello; - } - n = sizeof(cipher_suite_list_tls13) / sizeof(struct cipher_suite); - _chello->cipher_suites_tls13 = parse_cipher_suites(cipher_suite_list_tls13, n, buff + pos, len, result); - if(*result != CHELLO_PARSE_SUCCESS) - { - return _chello; - } + char* cipher_suites = ALLOC(char, len); + memcpy(cipher_suites, (void*)(buff + pos), len); + _chello->cipher_suites = cipher_suites; + _chello->cipher_suites_len = len; } pos += len; - + /* Compression Methods */ if (pos >= buff_len) { @@ -2202,8 +2117,8 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, *result = CHELLO_PARSE_INVALID_FORMAT; return _chello; } - enum chello_parse_result rtn = parse_extensions(buff + pos, len, _chello); - *result = rtn; + int ret = parse_extensions(buff + pos, len, _chello); + *result = (enum chello_parse_result)ret; return _chello; } } diff --git a/platform/test/test_chello_parse.cpp b/platform/test/test_chello_parse.cpp index 0844e69..42cd30f 100644 --- a/platform/test/test_chello_parse.cpp +++ b/platform/test/test_chello_parse.cpp @@ -22,9 +22,8 @@ char* parse_alpn(const char* alpn) result[size2] = '\0'; return result; } -int main() -{ +int ssl2_test(){ //ssl2.0 unsigned char buff[] = { @@ -51,7 +50,9 @@ int main() printf("\n\n"); ssl_chello_free(chello); chello = NULL; +} +int ssl3_test(){ //ssl3.0, no extensions unsigned char buff1[] = { @@ -73,85 +74,169 @@ int main() printf("min version is %d, %d\n", chello1->min_version.major, chello1->min_version.minor); printf("max version: %d, %d\n", chello1->max_version.major, chello1->max_version.minor); printf("cipher suites is %s\n", chello1->cipher_suites); - if(chello1->cipher_suites_tls13) - { - printf("cipher suites for tls1.3 is %s\n", chello1->cipher_suites_tls13); - } printf("\n\n"); ssl_chello_free(chello1); chello1 = NULL; +} +int tls12_test(){ //tls1.2 - unsigned char buff2[] = + unsigned char buff[] = { - 0x16, 0x03, 0x01, 0x02, 0x00, 0x01, 0x00, 0x01, 0xfc, 0x03, - 0x03, 0x30, 0x6d, 0x1d, 0xd5, 0x0d, 0xa6, 0x1e, 0x0b, 0xe6, - 0xf7, 0xf0, 0xd3, 0xfa, 0x14, 0xdc, 0x80, 0x24, 0xe5, 0x34, - 0x2d, 0x9c, 0x68, 0x6b, 0x0a, 0x40, 0x59, 0xc6, 0x2c, 0xbb, - 0xf1, 0x04, 0xee, 0x20, 0xc4, 0x33, 0x03, 0x91, 0xa9, 0x0d, - 0xfa, 0xae, 0x93, 0x9b, 0xbe, 0x22, 0x7c, 0x99, 0x5f, 0xaf, - 0xdc, 0xe1, 0x14, 0xab, 0xbc, 0x57, 0x1f, 0x7f, 0xe0, 0x5c, - 0x59, 0xe3, 0x8b, 0xaa, 0x70, 0xf8, 0x00, 0x22, 0x5a, 0x5a, - 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, 0xc0, 0x2f, - 0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, 0xcc, 0xa8, 0xc0, 0x13, - 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, - 0x00, 0x0a, 0x01, 0x00, 0x01, 0x91, 0xea, 0xea, 0x00, 0x00, - 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, - 0x10, 0x00, 0x00, 0x0d, 0x77, 0x77, 0x77, 0x2e, 0x62, 0x61, - 0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x17, 0x00, - 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, - 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, - 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00, - 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, - 0x00, 0x00, 0x00, 0x10, 0x00, 0x0e, 0x00, 0x0c, 0x02, 0x68, - 0x32, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, - 0x75, 0x50, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, - 0x00, 0x33, 0x00, 0x2b, 0x00, 0x29, 0xea, 0xea, 0x00, 0x01, - 0x00, 0x00, 0x1d, 0x00, 0x20, 0x1b, 0xae, 0xc9, 0x4f, 0x17, - 0x30, 0xf2, 0xec, 0x4c, 0xc1, 0xdb, 0xf7, 0xe4, 0x72, 0xad, - 0x22, 0xa8, 0xe9, 0x2c, 0x67, 0x4d, 0x8a, 0x87, 0x22, 0xd1, - 0x65, 0x2f, 0x08, 0xef, 0x01, 0xd9, 0x73, 0x00, 0x2d, 0x00, - 0x02, 0x01, 0x01, 0x00, 0x2b, 0x00, 0x0b, 0x0a, 0x1a, 0x1a, - 0x7f, 0x17, 0x03, 0x03, 0x03, 0x02, 0x03, 0x01, 0x00, 0x0a, - 0x00, 0x0a, 0x00, 0x08, 0xea, 0xea, 0x00, 0x1d, 0x00, 0x17, - 0x00, 0x18, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, 0x02, 0xaa, - 0xaa, 0x00, 0x01, 0x00, 0x00, 0x15, 0x00, 0xc7, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + 0x16, 0x03, 0x01, 0x00, 0xd7, 0x01, 0x00, 0x00, 0xd3, 0x03, 0x03, 0x5c, 0xe7, 0x91, 0x0d, 0x99, + 0x76, 0x7d, 0x0c, 0xce, 0x84, 0xe0, 0x14, 0x91, 0x07, 0xe4, 0x71, 0x29, 0x97, 0x0a, 0x27, 0xae, + 0xff, 0xe7, 0xde, 0x90, 0xd7, 0x01, 0x93, 0x8b, 0x53, 0x7f, 0x0a, 0x20, 0x45, 0x90, 0x72, 0xd8, + 0xfa, 0xcf, 0x55, 0x2d, 0x87, 0x84, 0x57, 0xb6, 0xfb, 0xff, 0x3a, 0x1c, 0x00, 0x8a, 0x81, 0x27, + 0xe1, 0x75, 0x1f, 0x97, 0xfd, 0xb1, 0x51, 0x0b, 0x73, 0xa4, 0xe3, 0xff, 0x00, 0x3a, 0x00, 0xff, + 0xc0, 0x2c, 0xc0, 0x2b, 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x08, 0xc0, 0x30, + 0xc0, 0x2f, 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x12, 0x00, 0x9f, 0x00, 0x9e, + 0x00, 0x6b, 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x16, 0x00, 0x9d, 0x00, 0x9c, 0x00, 0x3d, + 0x00, 0x3c, 0x00, 0x35, 0x00, 0x2f, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, 0x13, + 0x00, 0x11, 0x00, 0x00, 0x0e, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x73, 0x74, 0x6e, 0x65, 0x74, + 0x2e, 0x63, 0x6e, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, + 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x02, 0x01, 0x05, + 0x01, 0x06, 0x01, 0x04, 0x03, 0x02, 0x03, 0x05, 0x03, 0x06, 0x03, 0x00, 0x05, 0x00, 0x05, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, }; - size_t buff2_len = sizeof(buff2) / sizeof(char); - enum chello_parse_result result2; - struct ssl_chello* chello2 = ssl_chello_parse(buff2, buff2_len, 1, &result2); + int len = sizeof(buff); + enum chello_parse_result result; + struct ssl_chello* chello = ssl_chello_parse(buff, len, 1, &result); printf("---------------------------tls1.2 --------------------------------\n"); - printf("result is %d\n", result2); - printf("min version: %d, %d, ossl format: %x\n", chello2->min_version.major, chello2->min_version.minor, chello2->min_version.ossl_format); - printf("max version: %d, %d, ossl format: %x\n", chello2->max_version.major, chello2->max_version.minor, chello2->max_version.ossl_format); - printf("cipher suites: %s\n", chello2->cipher_suites); - printf("cipher suites for tls1.3: %s\n", chello2->cipher_suites_tls13); - printf("sni: %s\n", chello2->sni); - char* alpn = parse_alpn((char*)chello2->alpn); + printf("result is %d\n", result); + printf("min version: %d, %d, ossl format: %x\n", chello->min_version.major, chello->min_version.minor, chello->min_version.ossl_format); + printf("max version: %d, %d, ossl format: %x\n", chello->max_version.major, chello->max_version.minor, chello->max_version.ossl_format); + + unsigned char cipher_suites[1024]; + memcpy(cipher_suites, chello->cipher_suites, chello->cipher_suites_len); + printf("cipher suites: \n", chello->cipher_suites); + for(int i = 0; i < chello->cipher_suites_len; i++){ + printf("0x%02x ", cipher_suites[i]); + } + printf("\n"); + + printf("sni: %s\n", chello->sni); + + if(chello->alpn == NULL){ + printf("no alpn\n"); + } + else{ + char* alpn = parse_alpn((char*)chello->alpn); + printf("alpn: %s\n", alpn); + free(alpn); + alpn = NULL; + } + + unsigned char sign_algos[1024]; + if(chello->sign_algos == NULL){ + printf("no signature algorithms\n"); + } + else{ + memcpy(sign_algos, chello->sign_algos, chello->sign_algos_len); + printf("signature algorithms is: \n"); + for(int i = 0; i < chello->sign_algos_len; i++){ + printf("0x%02x ", sign_algos[i]); + } + } + printf("\n"); + + unsigned char supported_groups[1024]; + if(chello->supported_groups == NULL){ + printf("no supported groups\n"); + } + else{ + memcpy(supported_groups, chello->supported_groups, chello->supported_groups_len); + printf("supported groups is \n", supported_groups); + for(int i = 0; i < chello->supported_groups_len; i++){ + printf("0x%02x ", supported_groups[i]); + } + } + printf("\n\n"); + ssl_chello_free(chello); + chello = NULL; +} + +int tls13_test(){ + unsigned char buff[] = + { + 0x16, 0x03, 0x01, 0x02, 0x00, 0x01, 0x00, 0x01, 0xfc, 0x03, 0x03, 0x90, 0x44, 0x3f, + 0xb1, 0x87, 0x73, 0x78, 0x0d, 0xa6, 0x41, 0x77, 0x4d, 0xee, 0xf4, 0xe0, 0x98, 0x2a, 0xbf, 0x8e, + 0x61, 0x51, 0xe7, 0xde, 0xee, 0xc1, 0x4a, 0x24, 0x86, 0x93, 0x0c, 0xfd, 0x03, 0x20, 0xb8, 0xcb, + 0x65, 0xb4, 0x5a, 0xd7, 0x70, 0x60, 0x60, 0x59, 0x97, 0xf8, 0x0b, 0x5f, 0xe4, 0x98, 0x0c, 0x05, + 0xe2, 0xc1, 0x1c, 0xd5, 0x63, 0x05, 0x81, 0xcd, 0x6f, 0xfd, 0x1c, 0x35, 0x16, 0xde, 0x00, 0x22, + 0x6a, 0x6a, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30, + 0xcc, 0xa9, 0xcc, 0xa8, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35, + 0x00, 0x0a, 0x01, 0x00, 0x01, 0x91, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x00, 0x21, 0x00, 0x1f, + 0x00, 0x00, 0x1c, 0x73, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x68, 0x6b, 0x67, 0x33, + 0x2d, 0x32, 0x2e, 0x78, 0x78, 0x2e, 0x66, 0x62, 0x63, 0x64, 0x6e, 0x2e, 0x6e, 0x65, 0x74, 0x00, + 0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0xda, 0xda, + 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, + 0x00, 0x10, 0x00, 0x0e, 0x00, 0x0c, 0x02, 0x68, 0x32, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, + 0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, + 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06, + 0x01, 0x02, 0x01, 0x00, 0x12, 0x00, 0x00, 0x00, 0x33, 0x00, 0x2b, 0x00, 0x29, 0xda, 0xda, 0x00, + 0x01, 0x00, 0x00, 0x1d, 0x00, 0x20, 0x9a, 0x7a, 0x5b, 0xbc, 0x80, 0x71, 0x71, 0xaa, 0x36, 0xf0, + 0x74, 0x91, 0x5d, 0xaf, 0x8e, 0xda, 0xa3, 0x70, 0xbf, 0x14, 0xe4, 0xd4, 0x06, 0x2a, 0x54, 0x23, + 0x5c, 0x91, 0xfb, 0x78, 0x04, 0x62, 0x00, 0x2d, 0x00, 0x02, 0x01, 0x01, 0x00, 0x2b, 0x00, 0x0b, + 0x0a, 0x1a, 0x1a, 0x03, 0x04, 0x03, 0x03, 0x03, 0x02, 0x03, 0x01, 0x00, 0x1b, 0x00, 0x03, 0x02, + 0x00, 0x02, 0x1a, 0x1a, 0x00, 0x01, 0x00, 0x00, 0x15, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x99, 0x00, 0x74, + 0x00, 0x6e, 0xe7, 0xa7, 0x7b, 0x46, 0xa1, 0x9a, 0x34, 0xb9, 0x5a, 0xf6, 0x90, 0x80, 0x1d, 0xa5, + 0xb6, 0x8a, 0x5f, 0x01, 0x1a, 0x23, 0x17, 0x80, 0xe3, 0x2a, 0x93, 0x29, 0x2f, 0x74, 0x71, 0x9c, + 0x74, 0x99, 0x00, 0x00, 0x00, 0x00, 0x84, 0x89, 0xb4, 0x19, 0x04, 0xf8, 0xee, 0xb1, 0x0d, 0xc5, + 0xf6, 0x91, 0x4d, 0x8e, 0x2e, 0x90, 0x87, 0xb3, 0x7b, 0xce, 0xc1, 0x9b, 0xa0, 0xe3, 0x7b, 0xf7, + 0x02, 0x19, 0xf0, 0xf0, 0xcd, 0xd5, 0x37, 0x96, 0xce, 0x22, 0x10, 0xbf, 0xae, 0x2b, 0x6e, 0x94, + 0xa9, 0x68, 0x38, 0xd1, 0x8b, 0x17, 0x83, 0x8c, 0x14, 0xec, 0xb5, 0xcd, 0x0d, 0x4b, 0x6b, 0x8f, + 0xb8, 0xc0, 0xd3, 0xf8, 0x71, 0xe8, 0xd1, 0xbc, 0xfa, 0xdf, 0x88, 0x12, 0xe8, 0x95, 0xdf, 0x93, + 0x31, 0x7f, 0x35, 0x17, 0x00, 0x21, 0x20, 0xa1, 0xcd, 0x5f, 0xd3, 0xe4, 0xd5, 0xd1, 0xfa, 0x65, + 0x8e, 0xed, 0x02, 0xa2, 0xc8, 0xd2, 0x12, 0xf4, 0xfd, 0x96, 0x42, 0x2c, 0xe0, 0x02, 0x52, 0x7e, + 0xce, 0x90, 0x80, 0xf0, 0xc6, 0xc6, 0x42 + }; + int len = sizeof(buff); + enum chello_parse_result result; + struct ssl_chello* chello = ssl_chello_parse(buff, len, 1, &result); + printf("---------------------------tls1.3 --------------------------------\n"); + printf("min version: %d, %d, ossl format: %x\n", chello->min_version.major, chello->min_version.minor, chello->min_version.ossl_format); + printf("max version: %d, %d, ossl format: %x\n", chello->max_version.major, chello->max_version.minor, chello->max_version.ossl_format); + + unsigned char cipher_suites[1024]; + memcpy(cipher_suites, chello->cipher_suites, chello->cipher_suites_len); + printf("cipher suites: \n", chello->cipher_suites); + for(int i = 0; i < chello->cipher_suites_len; i++){ + printf("0x%02x ", cipher_suites[i]); + } + printf("\n"); + + printf("sni: %s\n", chello->sni); + + char* alpn = parse_alpn((char*)chello->alpn); printf("alpn: %s\n", alpn); free(alpn); alpn = NULL; - printf("\n\n"); - ssl_chello_free(chello2); - chello2 = NULL; + + unsigned char sign_algos[1024]; + memcpy(sign_algos, chello->sign_algos, chello->sign_algos_len); + printf("signature algorithms is: \n"); + for(int i = 0; i < chello->sign_algos_len; i++){ + printf("0x%02x ", sign_algos[i]); + } + printf("\n"); + + unsigned char supported_groups[1024]; + memcpy(supported_groups, chello->supported_groups, chello->supported_groups_len); + supported_groups[chello->supported_groups_len] = '\0'; + printf("supported groups is \n", supported_groups); + for(int i = 0; i < chello->supported_groups_len; i++){ + printf("0x%02x ", supported_groups[i]); + } + printf("\n"); + + ssl_chello_free(chello); + chello = NULL; +} + +int main() +{ + tls12_test(); + tls13_test(); }