代码重构,性能优化

author: 刘学利 <[email protected]> 2023-07-03 13:39:18 +0000
committer: 刘学利 <[email protected]> 2023-07-03 13:39:18 +0000
commit: 21950877e691e1b52038d6cffa3914b944c9dfe9 (patch)
tree: 9242fffc06ccc2bd89381f2e1e13067ac2ebab3e /include
parent: fda2e4a435d7dbfce8d0ab1f2d02176255a77652 (diff)
1 files changed, 244 insertions, 0 deletions
diff --git a/include/ssl.h b/include/ssl.h
new file mode 100644
index 0000000..96d2835
--- /dev/null
+++ b/include/ssl.h
@@ -0,0 +1,244 @@
+#pragma once
+
+enum ssl_interested_region
+{
+	/*1*/
+	SSL_INTEREST_KEY_MASK = 0,
+	SSL_CERTIFICATE_DETAIL_MASK = 1,
+	SSL_CLIENT_HELLO_MASK = 2,
+	SSL_SERVER_HELLO_MASK= 3,
+	SSL_CERTIFICATE_MASK,
+	SSL_APPLICATION_DATA_MASK,
+	SSL_VERSION_MASK,
+	SSL_ALERT_MASK,
+	SSL_NEW_SESSION_TICKET_MASK,
+};
+
+#define SSL_INTEREST_KEY		(1<<SSL_INTEREST_KEY_MASK)
+#define SSL_CERTIFICATE			(1<<SSL_CERTIFICATE_MASK)
+#define SSL_CERTIFICATE_DETAIL	(1<<SSL_CERTIFICATE_DETAIL_MASK)
+#define SSL_APPLICATION_DATA	(1<<SSL_APPLICATION_DATA_MASK)
+#define SSL_CLIENT_HELLO		(1<<SSL_CLIENT_HELLO_MASK)
+#define SSL_SERVER_HELLO		(1<<SSL_SERVER_HELLO_MASK)
+#define SSL_VERSION				(1<<SSL_VERSION_MASK)
+#define SSL_ALERT				(1<<SSL_ALERT_MASK)
+#define SSL_NEW_SESSION_TICKET	(1<<SSL_NEW_SESSION_TICKET_MASK)
+
+#define UNKNOWN_VERSION		0x0000
+#define SSLV3_VERSION		0x0300
+#define SSLV2_VERSION		0x0002
+#define TLSV1_0_VERSION		0x0301
+#define TLSV1_1_VERSION		0x0302
+#define TLSV1_2_VERSION		0x0303
+#define DTLSV1_0_VERSION	0xfeff
+#define DTLSV1_0_VERSION_NOT 0x0100
+
+struct cdata_buf
+{
+	char* p_data;
+	unsigned int data_size;
+};
+
+struct ssl_l1v
+{
+	unsigned char len;
+	unsigned char *value;
+};
+
+struct ssl_l2v
+{
+	unsigned short len;
+	unsigned char *value;
+};
+
+struct ssl_l2tv
+{
+	unsigned short len;
+	unsigned short type;
+	unsigned char *value;
+};
+
+struct ssl_random
+{
+	unsigned int gmt_time;
+	struct ssl_l1v bytes;
+};
+
+struct ssl_encrypt_server_name
+{
+	unsigned char is_esni;
+	unsigned short key_exchange_group;
+	struct ssl_l2v esni;
+	struct ssl_l2v suite; //get suite name by "ssl_get_suite"function
+	struct ssl_l2v key_exchange;
+	struct ssl_l2v record_digest;
+};
+
+#define MAX_EXTENSION_NUM	16
+struct ssl_extenstions
+{
+	unsigned short len;
+	unsigned short num;
+	struct ssl_l2tv extension[MAX_EXTENSION_NUM];
+};
+
+#define	MAX_SERVER_NAME_LEN	512
+struct ssl_client_hello
+{
+	int total_len; //3
+	unsigned short version;
+	struct ssl_random random;
+	struct ssl_l1v session;
+	struct ssl_l2v ciphersuites;
+	struct ssl_l1v compress_method;
+	struct ssl_l2tv *encrypt_chello;
+	struct ssl_l2tv *session_ticket;
+	struct ssl_l2tv *alpn;
+	struct ssl_extenstions extensions;
+	struct ssl_encrypt_server_name esni;
+	char server_name[MAX_SERVER_NAME_LEN];
+};
+
+#define MAX_JA3S_FINGERPRINT_LEN		128
+struct ssl_ja3s_info
+{
+	int fingerprint_md5_len;
+	char fingerprint_md5[MAX_JA3S_FINGERPRINT_LEN];
+};
+struct ssl_server_hello
+{
+	int total_len;	//3 
+	unsigned short version;
+	unsigned short extension_len;
+	unsigned short extension_num;
+	struct ssl_ja3s_info ja3s;
+	struct ssl_random random;
+	struct ssl_l1v session;
+	struct ssl_l2v ciphersuites;
+	struct ssl_l1v compress_method;
+	struct ssl_extenstions extensions;
+};
+
+struct ssl_new_session_ticket
+{
+	int total_len;	//3 bytes
+	int lift_time;	//second
+	int ticket_len;	//3 bytes
+	unsigned char* ticket;
+};
+
+#define MAX_ALTER_NAME_LEN		64
+struct ssl_subject_alter_name
+{
+	int num;
+	char (*name)[MAX_ALTER_NAME_LEN];
+};
+
+#define MAX_RDN_SEQUENCE_LEN		64
+#define MAX_RDN_SEQUENCE_LIST_LEN	512
+struct ssl_rdn_sequence
+{
+	char common[MAX_RDN_SEQUENCE_LEN];				//commonName
+	char country[MAX_RDN_SEQUENCE_LEN];				//countryName
+	char locality[MAX_RDN_SEQUENCE_LEN];				//localityName
+	char postal_code[MAX_RDN_SEQUENCE_LEN];			// postalCode
+	char organization[MAX_RDN_SEQUENCE_LEN];			//organizationName
+	char street_address[MAX_RDN_SEQUENCE_LEN];		//streetAddress
+	char state_or_Province[MAX_RDN_SEQUENCE_LEN];		//stateOrProvinceName
+	char organizational_unit[MAX_RDN_SEQUENCE_LEN];	//organizationalUnitName
+	char rdn_sequence_list[MAX_RDN_SEQUENCE_LIST_LEN];  //commonName +  organizationName + organizationalUnitName + localityName + streetAddress + stateOrProvinceName + countryName	
+};
+
+#define	MAX_VALIDITY_LEN	80
+struct ssl_validity
+{
+	char before[MAX_VALIDITY_LEN];
+	char after[MAX_VALIDITY_LEN];
+};
+
+struct ssl_subject_public_key
+{
+	int len;
+	char*value;
+};
+
+#define MAX_SERIAL_NUMBER_LEN	128
+struct ssl_serial_number
+{
+	unsigned char len;
+	char value[MAX_SERIAL_NUMBER_LEN];
+};
+
+#define MAX_SIGNATURE_ALGORITHM_ID_LEN	64
+struct ssl_signature_algorithm_id
+{
+	unsigned char len;
+	char value[MAX_SIGNATURE_ALGORITHM_ID_LEN];
+};
+
+#define MAX_ALGORITHM_IDENTIFIER	64
+struct ssl_algorithm_identifier
+{
+	unsigned char len;
+	char value[MAX_ALGORITHM_IDENTIFIER];
+};
+
+struct ssl_certificate
+{
+	int total_len;
+	int cert_len;
+	char cert_type;
+	
+	struct ssl_l1v version;
+	struct ssl_validity validity;
+	struct ssl_serial_number serial;
+	struct ssl_rdn_sequence issuer;
+	struct ssl_rdn_sequence subject;
+	
+	struct ssl_subject_public_key subject_key;
+	struct ssl_subject_alter_name subject_alter;
+	struct ssl_algorithm_identifier algorithm_identifier;
+	struct ssl_signature_algorithm_id signature_algorithm;
+};
+
+struct ssl_stream
+{
+	struct ssl_client_hello* chello;
+	struct ssl_server_hello* shello;
+	struct ssl_certificate *certificate;
+	struct ssl_new_session_ticket *new_session_ticket;
+};
+
+struct ssl_certificate_chain
+{
+	char* cert;
+	uint32_t cert_len;
+};
+
+struct ssl_alpn_list
+{
+	 char* alpn; //pointer to exts
+	 uint32_t alpn_len;
+};
+
+#define CERT_TYPE_INDIVIDUAL		0
+#define CERT_TYPE_ROOT				1
+#define CERT_TYPE_MIDDLE			2
+#define CERT_TYPE_CHAIN				3
+
+const char* ssl_get_suite(struct ssl_l2v* ciphersuits);
+const char* ssl_get_version_name(unsigned short version);
+const char* ssl_get_suite_name(unsigned char* suite_value, unsigned short suite_len);
+int ssl_get_alpn_list(struct ssl_l2tv *extension_alpn, struct ssl_alpn_list* alpn_list, int alpn_size);
+int ssl_read_specific_cert(const char* conj_cert_buf, uint32_t conj_buflen, uint8_t cert_type, char** cert, uint32_t* cert_len);
+int ssl_read_all_cert(const char* conj_cert_buf, uint32_t conj_buflen, struct ssl_certificate_chain* cert_unit, uint32_t unit_size);
+
+struct ssl_ja3_info
+{
+	int sni_len;
+	int fp_len;
+	char *sni;
+	char *fp;
+};
+
+struct ssl_ja3_info *ssl_get_ja3_fingerprint(struct streaminfo *stream, unsigned char *payload, int payload_len, int thread_seq);
+\ No newline at end of file
author	刘学利 <[email protected]>	2023-07-03 13:39:18 +0000
committer	刘学利 <[email protected]>	2023-07-03 13:39:18 +0000
commit	21950877e691e1b52038d6cffa3914b944c9dfe9 (patch)
tree	9242fffc06ccc2bd89381f2e1e13067ac2ebab3e /include
parent	fda2e4a435d7dbfce8d0ab1f2d02176255a77652 (diff)