gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改chello_parse函数,支持解析supported_versions, supported_groups,signature_algorithms,修改cipher_suites解析结果为原始报文

Browse Source
This commit is contained in:
崔一鸣
2019-05-24 20:21:55 +08:00
parent 7a8561ae5a
commit 75208aad0f
4 changed files with 360 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
platform/CMakeLists.txt
View File

@@ -1,5 +1,5 @@
add_executable(tfe src/key_keeper.cpp src/kni_acceptor.cpp src/ssl_stream.cpp
src/ssl_sess_cache.cpp src/ssl_sess_ticket.cpp src/ssl_service_cache.cpp
src/ssl_sess_cache.cpp src/ssl_service_cache.cpp
src/ssl_trusted_cert_storage.cpp src/ev_root_ca_metadata.cpp src/ssl_utils.cpp
src/tcp_stream.cpp src/main.cpp src/proxy.cpp)
@@ -34,15 +34,11 @@ if(ENABLE_PLUGIN_PANGU_HTTP)
target_link_libraries(tfe -Wl,--whole-archive pangu-http -Wl,--no-whole-archive)
endif()
if(ENABLE_PLUGIN_HTTP2)
target_link_libraries(tfe -Wl,--whole-archive http2 -Wl,--no-whole-archive)
endif()
if(ENABLE_PLUGIN_SSL_POLICY)
target_link_libraries(tfe -Wl,--whole-archive ssl-policy -Wl,--no-whole-archive)
endif()
install(TARGETS tfe RUNTIME DESTINATION bin COMPONENT Program)
#### test_key_keeper
@@ -84,19 +80,19 @@ install(TARGETS tfe RUNTIME DESTINATION bin COMPONENT Program)
# MESA_field_stat)
#
#### test_chello_parse
#add_executable(test_chello_parse test/test_chello_parse.cpp src/ssl_utils.cpp)
#
#target_include_directories(test_chello_parse PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include/internal)
#
#target_link_libraries(test_chello_parse common)
#target_link_libraries(test_chello_parse pthread dl
# openssl-ssl-static
# openssl-crypto-static
# pthread libevent-static
# libevent-static-openssl
# libevent-static-pthreads
# MESA_handle_logger
# MESA_prof_load
# MESA_htable wiredcfg
# cjson
# MESA_field_stat)
add_executable(test_chello_parse test/test_chello_parse.cpp src/ssl_utils.cpp)
target_include_directories(test_chello_parse PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include/internal)
target_link_libraries(test_chello_parse common)
target_link_libraries(test_chello_parse pthread dl
openssl-ssl-static
openssl-crypto-static
pthread libevent-static
libevent-static-openssl
libevent-static-pthreads
MESA_handle_logger
MESA_prof_load
MESA_htable wiredcfg
cjson
MESA_field_stat)

14
platform/include/internal/ssl_utils.h
View File

@@ -191,7 +191,7 @@ enum chello_parse_result
struct ssl_version
{
uint8_t minor;
uint8_t minor;
uint8_t major;
uint16_t ossl_format;
};
@@ -201,10 +201,14 @@ struct ssl_chello
struct ssl_version min_version;
struct ssl_version max_version;
char* sni;
char* alpn;
char* cipher_suites;
char* cipher_suites_tls13;
char *sni;
char *alpn;
char *sign_algos;
uint16_t sign_algos_len;
char *supported_groups;
uint16_t supported_groups_len;
char *cipher_suites;
uint16_t cipher_suites_len;
};
struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, int parse_cipher, enum chello_parse_result* result);

439
platform/src/ssl_utils.cpp
View File

@@ -1073,7 +1073,7 @@ char* ssl_X509_print_name(X509_NAME* name)
// Now, put the name line into the BIO.
X509_NAME_print_ex(name_Bio, name, 0, XN_FLAG_ONELINE);
// Obtain a reference to the data and copy out
// Obtain a reference to the data and copy out
// just the length of the data.
char *data_start = NULL;
char *name_string = NULL;
@@ -1723,241 +1723,190 @@ int ssl_is_ocspreq(const unsigned char * buf, size_t sz)
return 1;
}
struct cipher_suite
{
int value;
const char* name;
};
struct cipher_suite cipher_suite_list[] =
{
{0xC030, "ECDHE-RSA-AES256-GCM-SHA384"},
{0xC02C, "ECDHE-ECDSA-AES256-GCM-SHA384"},
{0xC028, "ECDHE-RSA-AES256-SHA384"},
{0xC024, "ECDHE-ECDSA-AES256-SHA384"},
{0xC014, "ECDHE-RSA-AES256-SHA"},
{0xC00A, "ECDHE-ECDSA-AES256-SHA"},
{0x00A5, "DH-DSS-AES256-GCM-SHA384"},
{0x00A3, "DHE-DSS-AES256-GCM-SHA384"},
{0x00A1, "DH-RSA-AES256-GCM-SHA384"},
{0x009F, "DHE-RSA-AES256-GCM-SHA384"},
{0x006B, "DHE-RSA-AES256-SHA256"},
{0x006A, "DHE-DSS-AES256-SHA256"},
{0x0069, "DH-RSA-AES256-SHA256"},
{0x0068, "DH-DSS-AES256-SHA256"},
{0x0039, "DHE-RSA-AES256-SHA"},
{0x0038, "DHE-DSS-AES256-SHA"},
{0x0037, "DH-RSA-AES256-SHA"},
{0x0036, "DH-DSS-AES256-SHA"},
{0x0088, "DHE-RSA-CAMELLIA256-SHA"},
{0x0087, "DHE-DSS-CAMELLIA256-SHA"},
{0x0086, "DH-RSA-CAMELLIA256-SHA"},
{0x0085, "DH-DSS-CAMELLIA256-SHA"},
{0xC019, "AECDH-AES256-SHA"},
{0x00A7, "ADH-AES256-GCM-SHA384"},
{0x006D, "ADH-AES256-SHA256"},
{0x003A, "ADH-AES256-SHA"},
{0x0089, "ADH-CAMELLIA256-SHA"},
{0xC032, "ECDH-RSA-AES256-GCM-SHA384"},
{0xC02E, "ECDH-ECDSA-AES256-GCM-SHA384"},
{0xC02A, "ECDH-RSA-AES256-SHA384"},
{0xC026, "ECDH-ECDSA-AES256-SHA384"},
{0xC00F, "ECDH-RSA-AES256-SHA"},
{0xC005, "ECDH-ECDSA-AES256-SHA"},
{0x009D, "AES256-GCM-SHA384"},
{0x003D, "AES256-SHA256"},
{0x0035, "AES256-SHA"},
{0x0084, "CAMELLIA256-SHA"},
{0x008D, "PSK-AES256-CBC-SHA"},
{0xC02F, "ECDHE-RSA-AES128-GCM-SHA256"},
{0xC02B, "ECDHE-ECDSA-AES128-GCM-SHA256"},
{0xC027, "ECDHE-RSA-AES128-SHA256"},
{0xC023, "ECDHE-ECDSA-AES128-SHA256"},
{0xC013, "ECDHE-RSA-AES128-SHA"},
{0xC009, "ECDHE-ECDSA-AES128-SHA"},
{0x00A4, "DH-DSS-AES128-GCM-SHA256"},
{0x00A2, "DHE-DSS-AES128-GCM-SHA256"},
{0x00A0, "DH-RSA-AES128-GCM-SHA256"},
{0x009E, "DHE-RSA-AES128-GCM-SHA256"},
{0x0067, "DHE-RSA-AES128-SHA256"},
{0x0040, "DHE-DSS-AES128-SHA256"},
{0x003F, "DH-RSA-AES128-SHA256"},
{0x003E, "DH-DSS-AES128-SHA256"},
{0x0033, "DHE-RSA-AES128-SHA"},
{0x0032, "DHE-DSS-AES128-SHA"},
{0x0031, "DH-RSA-AES128-SHA"},
{0x0030, "DH-DSS-AES128-SHA"},
{0x009A, "DHE-RSA-SEED-SHA"},
{0x0099, "DHE-DSS-SEED-SHA"},
{0x0098, "DH-RSA-SEED-SHA"},
{0x0097, "DH-DSS-SEED-SHA"},
{0x0045, "DHE-RSA-CAMELLIA128-SHA"},
{0x0044, "DHE-DSS-CAMELLIA128-SHA"},
{0x0043, "DH-RSA-CAMELLIA128-SHA"},
{0x0042, "DH-DSS-CAMELLIA128-SHA"},
{0xC018, "AECDH-AES128-SHA"},
{0x00A6, "ADH-AES128-GCM-SHA256"},
{0x006C, "ADH-AES128-SHA256"},
{0x0034, "ADH-AES128-SHA"},
{0x009B, "ADH-SEED-SHA"},
{0x0046, "ADH-CAMELLIA128-SHA"},
{0xC031, "ECDH-RSA-AES128-GCM-SHA256"},
{0xC02D, "ECDH-ECDSA-AES128-GCM-SHA256"},
{0xC029, "ECDH-RSA-AES128-SHA256"},
{0xC025, "ECDH-ECDSA-AES128-SHA256"},
{0xC00E, "ECDH-RSA-AES128-SHA"},
{0xC004, "ECDH-ECDSA-AES128-SHA"},
{0x009C, "AES128-GCM-SHA256"},
{0x003C, "AES128-SHA256"},
{0x002F, "AES128-SHA"},
{0x0096, "SEED-SHA"},
{0x0041, "CAMELLIA128-SHA"},
{0x008C, "PSK-AES128-CBC-SHA"},
{0xC012, "ECDHE-RSA-DES-CBC3-SHA"},
{0xC008, "ECDHE-ECDSA-DES-CBC3-SHA"},
{0x0016, "EDH-RSA-DES-CBC3-SHA"},
{0x0013, "EDH-DSS-DES-CBC3-SHA"},
{0x0010, "DH-RSA-DES-CBC3-SHA"},
{0x000D, "DH-DSS-DES-CBC3-SHA"},
{0xC017, "AECDH-DES-CBC3-SHA"},
{0x001B, "ADH-DES-CBC3-SHA"},
{0xC00D, "ECDH-RSA-DES-CBC3-SHA"},
{0xC003, "ECDH-ECDSA-DES-CBC3-SHA"},
{0x000A, "DES-CBC3-SHA"},
{0x0007, "IDEA-CBC-SHA"},
{0x008B, "PSK-3DES-EDE-CBC-SHA"},
{0x0021, "KRB5-IDEA-CBC-SHA"},
{0x001F, "KRB5-DES-CBC3-SHA"},
{0x0025, "KRB5-IDEA-CBC-MD5"},
{0x0023, "KRB5-DES-CBC3-MD5"},
{0xC011, "ECDHE-RSA-RC4-SHA"},
{0xC007, "ECDHE-ECDSA-RC4-SHA"},
{0xC016, "AECDH-RC4-SHA"},
{0x0018, "ADH-RC4-MD5"},
{0xC00C, "ECDH-RSA-RC4-SHA"},
{0xC002, "ECDH-ECDSA-RC4-SHA"},
{0x0005, "RC4-SHA"},
{0x0004, "RC4-MD5"},
{0x008A, "PSK-RC4-SHA"},
{0x0020, "KRB5-RC4-SHA"},
{0x0024, "KRB5-RC4-MD5"},
{0xC010, "ECDHE-RSA-NULL-SHA"},
{0xC006, "ECDHE-ECDSA-NULL-SHA"},
{0xC015, "AECDH-NULL-SHA"},
{0xC00B, "ECDH-RSA-NULL-SHA"},
{0xC001, "ECDH-ECDSA-NULL-SHA"},
{0x003B, "NULL-SHA256"},
{0x0002, "NULL-SHA"},
{0x0001, "NULL-MD5"}
};
struct cipher_suite cipher_suite_list_tls13[] =
{
{0x1301, "TLS_AES_128_GCM_SHA256"},
{0x1302, "TLS_AES_256_GCM_SHA384"},
{0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
{0x1304, "TLS_AES_128_CCM_SHA256"},
{0x1305, "TLS_AES_128_CCM_8_SHA256"}
};
void ssl_chello_free(struct ssl_chello* chello)
{
if(chello==NULL)
if(chello == NULL)
{
return;
}
free(chello->sni);
FREE(&(chello->sni));
chello->sni = NULL;
free(chello->alpn);
FREE(&(chello->alpn));
chello->alpn = NULL;
free(chello->cipher_suites);
FREE(&(chello->sign_algos));
chello->sign_algos = NULL;
FREE(&(chello->supported_groups));
chello->supported_groups = NULL;
FREE(&(chello->cipher_suites));
chello->cipher_suites = NULL;
free(chello->cipher_suites_tls13);
chello->cipher_suites_tls13 = NULL;
free(chello);
FREE(&chello);
}
static char* parse_alpn_extension(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result)
{
size_t pos = 0;
size_t len = ((size_t)buff[pos] << 8) + (size_t)buff[pos + 1];
if(2 + len != buff_len)
{
*result = CHELLO_PARSE_INVALID_FORMAT;
return NULL;
}
char* alpn = ALLOC(char, len + 1);
strncpy((char*)alpn, (const char*)buff + 2, len);
alpn[len] = '\0';
*result = CHELLO_PARSE_SUCCESS;
return alpn;
}
static char* parse_server_name_extension(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result)
static int parse_server_name_extension(const unsigned char *buff, uint16_t buff_len, struct ssl_chello* chello)
{
size_t pos = 2; /* skip server name list length */
size_t len;
char* sni = NULL;
uint16_t len;
char *sni = NULL;
while (pos + 3 < buff_len)
{
len = ((size_t)buff[pos + 1] << 8) + (size_t)buff[pos + 2];
len = (buff[pos + 1] << 8) | buff[pos + 2];
if (pos + 3 + len > buff_len)
{
*result = CHELLO_PARSE_INVALID_FORMAT;
return NULL;
chello->sni = sni;
return CHELLO_PARSE_INVALID_FORMAT;
}
switch (buff[pos])
{
case 0x00: /* host_name */
sni = (char*)malloc(len + 1);
sni = ALLOC(char, len + 1);
strncpy(sni, (const char*)buff + pos + 3, len);
sni[len] = '\0';
*result = CHELLO_PARSE_SUCCESS;
chello->sni = sni;
return CHELLO_PARSE_SUCCESS;
}
pos += 3 + len;
}
chello->sni = sni;
if (pos != buff_len)
{
*result = CHELLO_PARSE_INVALID_FORMAT;
return CHELLO_PARSE_INVALID_FORMAT;
}
return sni;
return CHELLO_PARSE_SUCCESS;
}
static enum chello_parse_result parse_extensions(const unsigned char* buff, size_t buff_len, struct ssl_chello* chello) {
size_t pos = 0;
static int parse_alpn_extension(const unsigned char* buff, uint16_t buff_len, struct ssl_chello* chello)
{
int pos = 0;
uint16_t len = (buff[pos] << 8) | buff[pos + 1];
char *alpn = NULL;
if(2 + len != buff_len)
{
chello->alpn = alpn;
return CHELLO_PARSE_INVALID_FORMAT;
}
alpn = ALLOC(char, len + 1);
strncpy((char*)alpn, (const char*)buff + 2, len);
alpn[len] = '\0';
chello->alpn = alpn;
return CHELLO_PARSE_SUCCESS;
}
static int parse_supported_versions_extension(const unsigned char* buff, uint16_t buff_len, struct ssl_chello* chello)
{
if(buff_len < 1)
{
return CHELLO_PARSE_INVALID_FORMAT;
}
uint8_t len = buff[0];
if(len + 1 > buff_len || len % 2 != 0)
{
return CHELLO_PARSE_INVALID_FORMAT;
}
uint16_t max_version = 0x0000, min_version = 0xffff;
for(int i = 1; i < len; i+=2)
{
uint16_t version = buff[i] << 8 | buff[i + 1];
//unknown version
if(version < 0x0300 || version > 0x0304)
{
continue;
}
if(version > max_version)
{
max_version = version;
}
if(version < min_version)
{
min_version = version;
}
}
if(max_version != 0x0000)
{
chello->max_version.ossl_format = max_version;
chello->max_version.major = (max_version >> 8);
chello->max_version.minor = max_version & 0x00ff;
chello->min_version.ossl_format = min_version;
chello->min_version.major = (min_version >> 8);
chello->min_version.minor = min_version & 0x00ff;
}
return CHELLO_PARSE_SUCCESS;
}
static int parse_sign_algos_extension(const unsigned char* buff, uint16_t buff_len, struct ssl_chello* chello)
{
if(buff_len < 2)
{
return CHELLO_PARSE_INVALID_FORMAT;
}
uint16_t len = (buff[0] << 8) | buff[1];
if(len + 2 > buff_len)
{
return CHELLO_PARSE_INVALID_FORMAT;
}
char *sign_algos = ALLOC(char, len);
memcpy(sign_algos, (void*)(buff + 2), len);
chello->sign_algos = sign_algos;
chello->sign_algos_len = len;
return CHELLO_PARSE_SUCCESS;
}
static int parse_supported_groups_extension(const unsigned char* buff, uint16_t buff_len, struct ssl_chello* chello)
{
if(buff_len < 2)
{
return CHELLO_PARSE_INVALID_FORMAT;
}
uint16_t len = (buff[0] << 8) | buff[1];
if(len + 2 > buff_len)
{
return CHELLO_PARSE_INVALID_FORMAT;
}
char *supported_groups = ALLOC(char, len);
memcpy(supported_groups, (void*)(buff + 2), len);
chello->supported_groups = supported_groups;
chello->supported_groups_len = len;
return CHELLO_PARSE_SUCCESS;
}
static int parse_extensions(const unsigned char *buff, uint16_t buff_len, struct ssl_chello *chello) {
uint16_t pos = 0;
/* Parse each 4 bytes for the extension header */
while (pos + 4 <= buff_len)
{
size_t len = ((size_t)buff[pos + 2] << 8) + (size_t)buff[pos + 3];
/* Check if it's a server name extension */
if (buff[pos] == 0x00 && buff[pos + 1] == 0x00)
uint16_t len = (buff[pos + 2] << 8) | buff[pos + 3];
if (pos + 4 + len > buff_len)
{
if (pos + 4 + len > buff_len)
{
return CHELLO_PARSE_INVALID_FORMAT;
}
enum chello_parse_result result = CHELLO_PARSE_SUCCESS;
chello->sni = parse_server_name_extension(buff + pos + 4, len, &result);
if(result != CHELLO_PARSE_SUCCESS)
{
return result;
}
}
/* Check if it's a alpn extension */
if (buff[pos] == 0x00 && buff[pos + 1] == 0x10)
return CHELLO_PARSE_INVALID_FORMAT;
}
uint16_t extension_type = (buff[pos] << 8) | buff[pos + 1];
int result = CHELLO_PARSE_SUCCESS;
switch(extension_type){
//server name extension
case 0x0000:
result = parse_server_name_extension(buff + pos + 4, len, chello);
break;
//alpn extension
case 0x0010:
result = parse_alpn_extension(buff + pos + 4, len, chello);
break;
//supported versions extension
case 0x002b:
result = parse_supported_versions_extension(buff + pos + 4, len, chello);
break;
//signature algorithms extension
case 0x000d:
result = parse_sign_algos_extension(buff + pos + 4, len, chello);
break;
//supported groups extensions
case 0x000a:
result = parse_supported_groups_extension(buff + pos + 4, len, chello);
break;
default:
break;
}
if(result != CHELLO_PARSE_SUCCESS)
{
if (pos + 4 + len > buff_len)
{
return CHELLO_PARSE_INVALID_FORMAT;
}
enum chello_parse_result result = CHELLO_PARSE_SUCCESS;
chello->alpn = parse_alpn_extension(buff + pos + 4, len, &result);
if(result != CHELLO_PARSE_SUCCESS)
{
return result;
}
return result;
}
pos += (4 + len);
}
@@ -1969,50 +1918,6 @@ static enum chello_parse_result parse_extensions(const unsigned char* buff, size
return CHELLO_PARSE_SUCCESS;
}
static char* parse_cipher_suites(struct cipher_suite* _cipher_suite_list, int n, const unsigned char* buff, size_t buff_len, enum chello_parse_result* result)
{
char* cipher_suites_str = (char* )malloc(TFE_STRING_MAX);
cipher_suites_str[0] = '\0';
size_t pos = 0;
int flag = 0;
while(pos < buff_len)
{
int i = 0;
for(i = 0;i < n; i++)
{
int val = (buff[pos] << 8) + buff[pos + 1];
if(_cipher_suite_list[i].value == val)
{
if(strnlen(_cipher_suite_list[i].name, TFE_STRING_MAX) + strnlen(cipher_suites_str, TFE_STRING_MAX) + 1 > TFE_STRING_MAX)
{
flag = 1;
break;
}
strncat(cipher_suites_str, _cipher_suite_list[i].name, TFE_STRING_MAX);
strncat(cipher_suites_str, ":", TFE_STRING_MAX);
}
}
pos += 2;
if(flag == 1)
{
break;
}
}
int len = strnlen(cipher_suites_str, TFE_STRING_MAX);
if(len > 0)
{
cipher_suites_str[len-1] = '\0';
}
if(pos != buff_len && flag == 0)
{
*result = CHELLO_PARSE_INVALID_FORMAT;
free(cipher_suites_str);
return NULL;
}
*result = CHELLO_PARSE_SUCCESS;
return cipher_suites_str;
}
struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, int parse_cipher, enum chello_parse_result* result)
{
int n=0;
@@ -2089,6 +1994,19 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
*result = CHELLO_PARSE_INVALID_FORMAT;
return NULL;
}
struct ssl_version min_version;
struct ssl_version max_version;
char *sni;
char *alpn;
char *sign_algos;
uint16_t sign_algos_len;
char *supported_groups;
uint16_t supported_groups_len;
char *cipher_suites;
uint16_t cipher_suites_len;
struct ssl_chello* _chello = (struct ssl_chello*)ALLOC(struct ssl_chello, 1);
_chello->min_version.major = buff[1];
_chello->min_version.minor = buff[2];
@@ -2098,7 +2016,12 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
_chello->sni = NULL;
_chello->alpn = NULL;
_chello->cipher_suites = NULL;
_chello->cipher_suites_tls13 = NULL;
_chello->cipher_suites_len = 0;
_chello->sign_algos = NULL;
_chello->sign_algos_len = 0;
_chello->supported_groups = NULL;
_chello->supported_groups_len = 0;
/* TLS record length */
size_t len = ((size_t)buff[3] << 8) + (size_t)buff[4] + 5;
if (buff_len < len)
@@ -2145,28 +2068,20 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
}
len = ((size_t)buff[pos] << 8) + (size_t)buff[pos + 1];
pos += 2;
if(pos + len > buff_len)
if(pos + len > buff_len || len % 2 != 0)
{
*result = CHELLO_PARSE_INVALID_FORMAT;
return _chello;
}
if(parse_cipher)
{
n = sizeof(cipher_suite_list) / sizeof(struct cipher_suite);
_chello->cipher_suites = parse_cipher_suites(cipher_suite_list, n, buff + pos, len, result);
if(*result != CHELLO_PARSE_SUCCESS)
{
return _chello;
}
n = sizeof(cipher_suite_list_tls13) / sizeof(struct cipher_suite);
_chello->cipher_suites_tls13 = parse_cipher_suites(cipher_suite_list_tls13, n, buff + pos, len, result);
if(*result != CHELLO_PARSE_SUCCESS)
{
return _chello;
}
char* cipher_suites = ALLOC(char, len);
memcpy(cipher_suites, (void*)(buff + pos), len);
_chello->cipher_suites = cipher_suites;
_chello->cipher_suites_len = len;
}
pos += len;
/* Compression Methods */
if (pos >= buff_len)
{
@@ -2202,8 +2117,8 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
*result = CHELLO_PARSE_INVALID_FORMAT;
return _chello;
}
enum chello_parse_result rtn = parse_extensions(buff + pos, len, _chello);
*result = rtn;
int ret = parse_extensions(buff + pos, len, _chello);
*result = (enum chello_parse_result)ret;
return _chello;
}
}

229
platform/test/test_chello_parse.cpp
View File

@@ -22,9 +22,8 @@ char* parse_alpn(const char* alpn)
result[size2] = '\0';
return result;
}
int main()
{
int ssl2_test(){
//ssl2.0
unsigned char buff[] =
{
@@ -51,7 +50,9 @@ int main()
printf("\n\n");
ssl_chello_free(chello);
chello = NULL;
}
int ssl3_test(){
//ssl3.0, no extensions
unsigned char buff1[] =
{
@@ -73,85 +74,169 @@ int main()
printf("min version is %d, %d\n", chello1->min_version.major, chello1->min_version.minor);
printf("max version: %d, %d\n", chello1->max_version.major, chello1->max_version.minor);
printf("cipher suites is %s\n", chello1->cipher_suites);
if(chello1->cipher_suites_tls13)
{
printf("cipher suites for tls1.3 is %s\n", chello1->cipher_suites_tls13);
}
printf("\n\n");
ssl_chello_free(chello1);
chello1 = NULL;
}
int tls12_test(){
//tls1.2
unsigned char buff2[] =
unsigned char buff[] =
{
0x16, 0x03, 0x01, 0x02, 0x00, 0x01, 0x00, 0x01, 0xfc, 0x03,
0x03, 0x30, 0x6d, 0x1d, 0xd5, 0x0d, 0xa6, 0x1e, 0x0b, 0xe6,
0xf7, 0xf0, 0xd3, 0xfa, 0x14, 0xdc, 0x80, 0x24, 0xe5, 0x34,
0x2d, 0x9c, 0x68, 0x6b, 0x0a, 0x40, 0x59, 0xc6, 0x2c, 0xbb,
0xf1, 0x04, 0xee, 0x20, 0xc4, 0x33, 0x03, 0x91, 0xa9, 0x0d,
0xfa, 0xae, 0x93, 0x9b, 0xbe, 0x22, 0x7c, 0x99, 0x5f, 0xaf,
0xdc, 0xe1, 0x14, 0xab, 0xbc, 0x57, 0x1f, 0x7f, 0xe0, 0x5c,
0x59, 0xe3, 0x8b, 0xaa, 0x70, 0xf8, 0x00, 0x22, 0x5a, 0x5a,
0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, 0xc0, 0x2f,
0xc0, 0x2c, 0xc0, 0x30, 0xcc, 0xa9, 0xcc, 0xa8, 0xc0, 0x13,
0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35,
0x00, 0x0a, 0x01, 0x00, 0x01, 0x91, 0xea, 0xea, 0x00, 0x00,
0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00,
0x10, 0x00, 0x00, 0x0d, 0x77, 0x77, 0x77, 0x2e, 0x62, 0x61,
0x69, 0x64, 0x75, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x17, 0x00,
0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00,
0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08,
0x05, 0x05, 0x01, 0x08, 0x06, 0x06, 0x01, 0x02, 0x01, 0x00,
0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12,
0x00, 0x00, 0x00, 0x10, 0x00, 0x0e, 0x00, 0x0c, 0x02, 0x68,
0x32, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
0x75, 0x50, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
0x00, 0x33, 0x00, 0x2b, 0x00, 0x29, 0xea, 0xea, 0x00, 0x01,
0x00, 0x00, 0x1d, 0x00, 0x20, 0x1b, 0xae, 0xc9, 0x4f, 0x17,
0x30, 0xf2, 0xec, 0x4c, 0xc1, 0xdb, 0xf7, 0xe4, 0x72, 0xad,
0x22, 0xa8, 0xe9, 0x2c, 0x67, 0x4d, 0x8a, 0x87, 0x22, 0xd1,
0x65, 0x2f, 0x08, 0xef, 0x01, 0xd9, 0x73, 0x00, 0x2d, 0x00,
0x02, 0x01, 0x01, 0x00, 0x2b, 0x00, 0x0b, 0x0a, 0x1a, 0x1a,
0x7f, 0x17, 0x03, 0x03, 0x03, 0x02, 0x03, 0x01, 0x00, 0x0a,
0x00, 0x0a, 0x00, 0x08, 0xea, 0xea, 0x00, 0x1d, 0x00, 0x17,
0x00, 0x18, 0x00, 0x1b, 0x00, 0x03, 0x02, 0x00, 0x02, 0xaa,
0xaa, 0x00, 0x01, 0x00, 0x00, 0x15, 0x00, 0xc7, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
0x16, 0x03, 0x01, 0x00, 0xd7, 0x01, 0x00, 0x00, 0xd3, 0x03, 0x03, 0x5c, 0xe7, 0x91, 0x0d, 0x99,
0x76, 0x7d, 0x0c, 0xce, 0x84, 0xe0, 0x14, 0x91, 0x07, 0xe4, 0x71, 0x29, 0x97, 0x0a, 0x27, 0xae,
0xff, 0xe7, 0xde, 0x90, 0xd7, 0x01, 0x93, 0x8b, 0x53, 0x7f, 0x0a, 0x20, 0x45, 0x90, 0x72, 0xd8,
0xfa, 0xcf, 0x55, 0x2d, 0x87, 0x84, 0x57, 0xb6, 0xfb, 0xff, 0x3a, 0x1c, 0x00, 0x8a, 0x81, 0x27,
0xe1, 0x75, 0x1f, 0x97, 0xfd, 0xb1, 0x51, 0x0b, 0x73, 0xa4, 0xe3, 0xff, 0x00, 0x3a, 0x00, 0xff,
0xc0, 0x2c, 0xc0, 0x2b, 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x08, 0xc0, 0x30,
0xc0, 0x2f, 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x12, 0x00, 0x9f, 0x00, 0x9e,
0x00, 0x6b, 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x16, 0x00, 0x9d, 0x00, 0x9c, 0x00, 0x3d,
0x00, 0x3c, 0x00, 0x35, 0x00, 0x2f, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, 0x13,
0x00, 0x11, 0x00, 0x00, 0x0e, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x73, 0x74, 0x6e, 0x65, 0x74,
0x2e, 0x63, 0x6e, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x02, 0x01, 0x05,
0x01, 0x06, 0x01, 0x04, 0x03, 0x02, 0x03, 0x05, 0x03, 0x06, 0x03, 0x00, 0x05, 0x00, 0x05, 0x01,
0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00,
};
size_t buff2_len = sizeof(buff2) / sizeof(char);
enum chello_parse_result result2;
struct ssl_chello* chello2 = ssl_chello_parse(buff2, buff2_len, 1, &result2);
int len = sizeof(buff);
enum chello_parse_result result;
struct ssl_chello* chello = ssl_chello_parse(buff, len, 1, &result);
printf("---------------------------tls1.2 --------------------------------\n");
printf("result is %d\n", result2);
printf("min version: %d, %d, ossl format: %x\n", chello2->min_version.major, chello2->min_version.minor, chello2->min_version.ossl_format);
printf("max version: %d, %d, ossl format: %x\n", chello2->max_version.major, chello2->max_version.minor, chello2->max_version.ossl_format);
printf("cipher suites: %s\n", chello2->cipher_suites);
printf("cipher suites for tls1.3: %s\n", chello2->cipher_suites_tls13);
printf("sni: %s\n", chello2->sni);
char* alpn = parse_alpn((char*)chello2->alpn);
printf("result is %d\n", result);
printf("min version: %d, %d, ossl format: %x\n", chello->min_version.major, chello->min_version.minor, chello->min_version.ossl_format);
printf("max version: %d, %d, ossl format: %x\n", chello->max_version.major, chello->max_version.minor, chello->max_version.ossl_format);
unsigned char cipher_suites[1024];
memcpy(cipher_suites, chello->cipher_suites, chello->cipher_suites_len);
printf("cipher suites: \n", chello->cipher_suites);
for(int i = 0; i < chello->cipher_suites_len; i++){
printf("0x%02x ", cipher_suites[i]);
}
printf("\n");
printf("sni: %s\n", chello->sni);
if(chello->alpn == NULL){
printf("no alpn\n");
}
else{
char* alpn = parse_alpn((char*)chello->alpn);
printf("alpn: %s\n", alpn);
free(alpn);
alpn = NULL;
}
unsigned char sign_algos[1024];
if(chello->sign_algos == NULL){
printf("no signature algorithms\n");
}
else{
memcpy(sign_algos, chello->sign_algos, chello->sign_algos_len);
printf("signature algorithms is: \n");
for(int i = 0; i < chello->sign_algos_len; i++){
printf("0x%02x ", sign_algos[i]);
}
}
printf("\n");
unsigned char supported_groups[1024];
if(chello->supported_groups == NULL){
printf("no supported groups\n");
}
else{
memcpy(supported_groups, chello->supported_groups, chello->supported_groups_len);
printf("supported groups is \n", supported_groups);
for(int i = 0; i < chello->supported_groups_len; i++){
printf("0x%02x ", supported_groups[i]);
}
}
printf("\n\n");
ssl_chello_free(chello);
chello = NULL;
}
int tls13_test(){
unsigned char buff[] =
{
0x16, 0x03, 0x01, 0x02, 0x00, 0x01, 0x00, 0x01, 0xfc, 0x03, 0x03, 0x90, 0x44, 0x3f,
0xb1, 0x87, 0x73, 0x78, 0x0d, 0xa6, 0x41, 0x77, 0x4d, 0xee, 0xf4, 0xe0, 0x98, 0x2a, 0xbf, 0x8e,
0x61, 0x51, 0xe7, 0xde, 0xee, 0xc1, 0x4a, 0x24, 0x86, 0x93, 0x0c, 0xfd, 0x03, 0x20, 0xb8, 0xcb,
0x65, 0xb4, 0x5a, 0xd7, 0x70, 0x60, 0x60, 0x59, 0x97, 0xf8, 0x0b, 0x5f, 0xe4, 0x98, 0x0c, 0x05,
0xe2, 0xc1, 0x1c, 0xd5, 0x63, 0x05, 0x81, 0xcd, 0x6f, 0xfd, 0x1c, 0x35, 0x16, 0xde, 0x00, 0x22,
0x6a, 0x6a, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2b, 0xc0, 0x2f, 0xc0, 0x2c, 0xc0, 0x30,
0xcc, 0xa9, 0xcc, 0xa8, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x2f, 0x00, 0x35,
0x00, 0x0a, 0x01, 0x00, 0x01, 0x91, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x00, 0x21, 0x00, 0x1f,
0x00, 0x00, 0x1c, 0x73, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x68, 0x6b, 0x67, 0x33,
0x2d, 0x32, 0x2e, 0x78, 0x78, 0x2e, 0x66, 0x62, 0x63, 0x64, 0x6e, 0x2e, 0x6e, 0x65, 0x74, 0x00,
0x17, 0x00, 0x00, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0xda, 0xda,
0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00,
0x00, 0x10, 0x00, 0x0e, 0x00, 0x0c, 0x02, 0x68, 0x32, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31,
0x2e, 0x31, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00,
0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05, 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06,
0x01, 0x02, 0x01, 0x00, 0x12, 0x00, 0x00, 0x00, 0x33, 0x00, 0x2b, 0x00, 0x29, 0xda, 0xda, 0x00,
0x01, 0x00, 0x00, 0x1d, 0x00, 0x20, 0x9a, 0x7a, 0x5b, 0xbc, 0x80, 0x71, 0x71, 0xaa, 0x36, 0xf0,
0x74, 0x91, 0x5d, 0xaf, 0x8e, 0xda, 0xa3, 0x70, 0xbf, 0x14, 0xe4, 0xd4, 0x06, 0x2a, 0x54, 0x23,
0x5c, 0x91, 0xfb, 0x78, 0x04, 0x62, 0x00, 0x2d, 0x00, 0x02, 0x01, 0x01, 0x00, 0x2b, 0x00, 0x0b,
0x0a, 0x1a, 0x1a, 0x03, 0x04, 0x03, 0x03, 0x03, 0x02, 0x03, 0x01, 0x00, 0x1b, 0x00, 0x03, 0x02,
0x00, 0x02, 0x1a, 0x1a, 0x00, 0x01, 0x00, 0x00, 0x15, 0x00, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x29, 0x00, 0x99, 0x00, 0x74,
0x00, 0x6e, 0xe7, 0xa7, 0x7b, 0x46, 0xa1, 0x9a, 0x34, 0xb9, 0x5a, 0xf6, 0x90, 0x80, 0x1d, 0xa5,
0xb6, 0x8a, 0x5f, 0x01, 0x1a, 0x23, 0x17, 0x80, 0xe3, 0x2a, 0x93, 0x29, 0x2f, 0x74, 0x71, 0x9c,
0x74, 0x99, 0x00, 0x00, 0x00, 0x00, 0x84, 0x89, 0xb4, 0x19, 0x04, 0xf8, 0xee, 0xb1, 0x0d, 0xc5,
0xf6, 0x91, 0x4d, 0x8e, 0x2e, 0x90, 0x87, 0xb3, 0x7b, 0xce, 0xc1, 0x9b, 0xa0, 0xe3, 0x7b, 0xf7,
0x02, 0x19, 0xf0, 0xf0, 0xcd, 0xd5, 0x37, 0x96, 0xce, 0x22, 0x10, 0xbf, 0xae, 0x2b, 0x6e, 0x94,
0xa9, 0x68, 0x38, 0xd1, 0x8b, 0x17, 0x83, 0x8c, 0x14, 0xec, 0xb5, 0xcd, 0x0d, 0x4b, 0x6b, 0x8f,
0xb8, 0xc0, 0xd3, 0xf8, 0x71, 0xe8, 0xd1, 0xbc, 0xfa, 0xdf, 0x88, 0x12, 0xe8, 0x95, 0xdf, 0x93,
0x31, 0x7f, 0x35, 0x17, 0x00, 0x21, 0x20, 0xa1, 0xcd, 0x5f, 0xd3, 0xe4, 0xd5, 0xd1, 0xfa, 0x65,
0x8e, 0xed, 0x02, 0xa2, 0xc8, 0xd2, 0x12, 0xf4, 0xfd, 0x96, 0x42, 0x2c, 0xe0, 0x02, 0x52, 0x7e,
0xce, 0x90, 0x80, 0xf0, 0xc6, 0xc6, 0x42
};
int len = sizeof(buff);
enum chello_parse_result result;
struct ssl_chello* chello = ssl_chello_parse(buff, len, 1, &result);
printf("---------------------------tls1.3 --------------------------------\n");
printf("min version: %d, %d, ossl format: %x\n", chello->min_version.major, chello->min_version.minor, chello->min_version.ossl_format);
printf("max version: %d, %d, ossl format: %x\n", chello->max_version.major, chello->max_version.minor, chello->max_version.ossl_format);
unsigned char cipher_suites[1024];
memcpy(cipher_suites, chello->cipher_suites, chello->cipher_suites_len);
printf("cipher suites: \n", chello->cipher_suites);
for(int i = 0; i < chello->cipher_suites_len; i++){
printf("0x%02x ", cipher_suites[i]);
}
printf("\n");
printf("sni: %s\n", chello->sni);
char* alpn = parse_alpn((char*)chello->alpn);
printf("alpn: %s\n", alpn);
free(alpn);
alpn = NULL;
printf("\n\n");
ssl_chello_free(chello2);
chello2 = NULL;
unsigned char sign_algos[1024];
memcpy(sign_algos, chello->sign_algos, chello->sign_algos_len);
printf("signature algorithms is: \n");
for(int i = 0; i < chello->sign_algos_len; i++){
printf("0x%02x ", sign_algos[i]);
}
printf("\n");
unsigned char supported_groups[1024];
memcpy(supported_groups, chello->supported_groups, chello->supported_groups_len);
supported_groups[chello->supported_groups_len] = '\0';
printf("supported groups is \n", supported_groups);
for(int i = 0; i < chello->supported_groups_len; i++){
printf("0x%02x ", supported_groups[i]);
}
printf("\n");
ssl_chello_free(chello);
chello = NULL;
}
int main()
{
tls12_test();
tls13_test();
}