1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
|
#ifndef H_SSL_H
#define H_SSL_H
#include <stdio.h>
#include <string.h>
#define SSH_H_VERSION_20210805_ssl20 0
#define SSL_KEY 3
#define SSL_TRUE 1
#define SSL_FLASE 0
#define SSL_INTEREST_KEY (1<<SSL_INTEREST_KEY_MASK)
#define SSL_CERTIFICATE (1<<SSL_CERTIFICATE_MASK)
#define SSL_CERTIFICATE_DETAIL (1<<SSL_CERTIFICATE_DETAIL_MASK)
#define SSL_APPLICATION_DATA (1<<SSL_APPLICATION_DATA_MASK)
#define SSL_CLIENT_HELLO (1<<SSL_CLIENT_HELLO_MASK)
#define SSL_SERVER_HELLO (1<<SSL_SERVER_HELLO_MASK)
#define SSL_VERSION (1<<SSL_VERSION_MASK)
#define SSL_ALERT (1<<SSL_ALERT_MASK)
#define SSL_NEW_SESSION_TICKET (1<<SSL_NEW_SESSION_TICKET_MASK)
/**SSL versions, variate uiSslVersion in ssl_stream**/
#define UNKNOWN_VERSION 0x0000
#define SSLV3_VERSION 0x0300
#define SSLV2_VERSION 0x0002
#define TLSV1_0_VERSION 0x0301
#define TLSV1_1_VERSION 0x0302
#define TLSV1_2_VERSION 0x0303
#define DTLSV1_0_VERSION 0xfeff
#define DTLSV1_0_VERSION_NOT 0x0100
typedef enum
{
/*1*/
SSL_INTEREST_KEY_MASK = 0,
SSL_CERTIFICATE_DETAIL_MASK = 1,
SSL_CLIENT_HELLO_MASK = 2,
SSL_SERVER_HELLO_MASK= 3,
SSL_CERTIFICATE_MASK,
SSL_APPLICATION_DATA_MASK,
SSL_VERSION_MASK,
SSL_ALERT_MASK,
SSL_NEW_SESSION_TICKET_MASK,
}ssl_interested_region;
typedef struct cdata_buf
{
char* p_data;
unsigned int data_size;
}cdata_buf;
typedef struct _st_random_t
{
unsigned int gmt_time; //4
unsigned char random_bytes[28]; //28 byte random_bytes
}st_random_t;
typedef struct _st_session_t
{
unsigned char session_len; //4
unsigned char* session_value;
}st_session_t;
typedef struct _st_suites_t
{
unsigned short suites_len; //4
unsigned char* suites_value; //ciphersuites list, split into 2 bytes and get suite name by "ssl_get_suite"
}st_suites_t;
typedef struct _st_compress_methods_t
{
unsigned char methlen;
unsigned char* methods; //default 0:null
}st_compress_methods_t;
typedef struct _st_session_tciket_t
{
unsigned char ticketlen;
unsigned char* ticket; //default 0:null
}st_session_tciket_t;
#define SUITE_VALUELEN 2
#define KEY_EXCHANGELEN_LEN 4
#define RECORD_DIGESTLEN_LEN 2
#define ESNILEN_LEN 2
typedef struct _st_esni_t
{
unsigned short key_exchange_group;
unsigned short key_exchange_len;
unsigned char* key_exchange;
unsigned char* record_digest;
unsigned short record_digest_len;
unsigned short esni_len;
unsigned char* esni;
unsigned char* suite_value; //get suite name by "ssl_get_suite"function
}st_esni_t;
//#############################################client hello
#define MAX_EXTENSION_NUM 16
#define MAX_EXT_DATA_LEN 256
#define SERVER_NAME_EXT_TYPE 0x0000
#define SERVER_NAME_HOST_TYPE 0x0000
#define SERVER_NAME_OTHER_TYPE 0x0008
#define SESSION_TICKET_EXT_TYPE 0x0023
#define ENCRPTED_SERVER_NAME_EXT_TYPE 0xFFCE
/*important extension in clientHello: alpn(application_layer_protocol_negotiation) */
#define ALPN_EXT_TYPE 0x0010
typedef struct _st_ext_t
{
unsigned short type;
unsigned short len;
unsigned char* data;
}st_ext_t;
//client hello info
typedef struct _st_client_hello_t
{
int totallen; //3
unsigned short client_ver;
st_random_t random; //32 byte random,not used currently
st_session_t session;
st_suites_t ciphersuites;
st_compress_methods_t com_method; //compress method
unsigned short extlen;
unsigned short ext_num; //number of extensions
st_ext_t exts[MAX_EXTENSION_NUM]; //extensions content:1 or more extentions
unsigned char server_name[512]; // server_name = host_name+...
st_session_tciket_t session_ticket;
st_esni_t encrypted_server_name;
}st_client_hello_t;
//#############################################client hello end
//#############################################server hello
#define SERVER_HELLO_HDRLEN 4
//client hello info
typedef struct _st_server_hello_t
{
int totallen; //3
unsigned short server_ver;
st_random_t random; //32 byte random,not used currently
st_session_t session;
st_suites_t ciphersuites;
st_compress_methods_t com_method; //compress method
unsigned short extlen; //the length of all extensions
unsigned short ext_num; //the number of extensions
st_ext_t exts[MAX_EXTENSION_NUM]; //the content of extensions :1 or more extentions
}st_server_hello_t;
//#############################################server hello end
//#############################################new session ticket
#define SESSION_TICKET_HDRLEN 4
//client hello info
typedef struct _st_new_session_ticket_t
{
int totallen; //3 bytes
int lifttime; //second
int ticket_len; //3 bytes
unsigned char* ticket;
}st_new_session_ticket_t;
//#############################################new session ticket end
//#############################################certificate
#define CERTIFICATE_HDRLEN 7
#define SSL_CERTIFICATE_HDRLEN 3
//#define SAN_MAXNUM 128
typedef struct _san_t
{
char san[64];
}san_t;
typedef struct _st_san_t
{
int count;
san_t* san_array; //ָ������
}st_san_t;
typedef struct _st_cert_t
{
int totallen;
int certlen;
char SSLVersion[10];
char SSLSerialNum[128];
char SSLAgID [64];
char SSLIssuer[512]; //commonName + organizationName + organizationalUnitName + localityName + streetAddress + stateOrProvinceName + countryName
char SSLSub[512]; //commonName + organizationName + organizationalUnitName + localityName + streetAddress + stateOrProvinceName + countryName
char SSLFrom[80];
char SSLTo[80];
char SSLFPAg[32];
char SSLIssuerC[64]; //countryName
char SSLIssuerO[64]; //organizationName
char SSLIssuerCN[64];//commonName
char SSLSubC[64]; //countryName
char SSLSubO[64]; //organizationName
char SSLSubCN[64];//commonName
st_san_t* SSLSubAltName;
uint8_t cert_type;
unsigned char* SSLSubKey;
int SSLSubKeyLen;
uint8_t SSLSerialNumLen;
char SSLIssuerP[64];//stateOrProvinceName
char SSLIssuerS[64];//streetAddress
char SSLIssuerL[64];//localityName
char SSLIssuerU[64];//organizationalUnitName
char SSLSubP[64];//stateOrProvinceName
char SSLSubS[64];//streetAddress
char SSLSubL[64];//localityName
char SSLSubU[64];//organizationalUnitName
}st_cert_t;
//#############################################certificate end
typedef struct _business_infor_t
{
void* param;
unsigned char return_value;
}business_infor_t;
typedef struct _ssl_stream_t
{
unsigned long long output_region_flag;
unsigned char link_state;
unsigned char over_flag;
unsigned char ucContType;
unsigned char is_ssl_stream;
unsigned short uiSslVersion; //SSL versions, definition like TLSV1_2_VERSION in ssl.h
int uiAllMsgLen; //hand shake msg length
int uiMsgProcLen;
unsigned int uiMsgState;
int uiMaxBuffLen;
cdata_buf* p_output_buffer;
st_client_hello_t* stClientHello;
st_server_hello_t* stServerHello;
st_cert_t* stSSLCert;
business_infor_t* business;
char* pcSslBuffer;
ssl_interested_region output_region_mask;
int uiCurBuffLen;
st_new_session_ticket_t* stNewSessionTicket;
unsigned char first_pkt_flag;
}ssl_stream;
/*ssl_read_all_cert�еĽṹ��*/
typedef struct cert_chain_s
{
char* cert;
uint32_t cert_len;
}cert_chain_t;
/*ssl_get_alpn_list?D��??��11��?*/
typedef struct alpn_list_s
{
char* alpn; //pointer to exts
uint32_t alpn_len;
}alpn_list_t;
/*ssl_read_specific_cert��cert_type�IJ���*/
#define CERT_TYPE_INDIVIDUAL 0 //����֤��
#define CERT_TYPE_ROOT 1 //��֤��
#define CERT_TYPE_MIDDLE 2 //�м�֤�飬����֤����ϼ�֤��
#define CERT_TYPE_CHAIN 3 //����: ��ʽ[len(3bytes)+cert+len(3bytes)+certlen(3bytes)+cert......]
#ifdef __cplusplus
extern "C" {
#endif
/*return : chain ����, ���մӸ���֤�鵽��֤���˳��洢*/
int ssl_read_all_cert(const char* conj_cert_buf, uint32_t conj_buflen, cert_chain_t* cert_unit, uint32_t unit_size);
/*return : 1 ���ڣ�0 ������*/
int ssl_read_specific_cert(const char* conj_cert_buf, uint32_t conj_buflen, uint8_t cert_type, char** cert, uint32_t* cert_len);
/*Obtain suite name like "TLS_RSA_WITH_AES_128_CBC_SHA" by suite_value; Each suite should be 2 bytes*/
const char* ssl_get_suite_name(unsigned char* suite_value, unsigned short suite_len);
/*Obtain version name like "TLS1.2" by version*/
const char* ssl_get_version_name(unsigned short version);
/*Obtain alpl list by */
/*
input: stClientHello; alpn_list is applied by user
output: put the results in alpn_list
return: the number of alpn
*/
int ssl_get_alpn_list(alpn_list_t* alpn_list, int alpn_size, st_ext_t* exts, unsigned short ext_num);
const char* ssl_get_suite(st_suites_t* ciphersuits);
struct _ssl_ja3_info_t
{
int sni_len;
int fp_len;
char *sni;
char *fp;
};
int ssl_ja3_init(void);
struct _ssl_ja3_info_t *ssl_get_ja3_fingerprint(struct streaminfo *stream, unsigned char *payload, int payload_len, int thread_seq);
#ifdef __cplusplus
}
#endif
#endif
|
