blob: 99af3aeb3badcdc27e3c5d2edcc997e5ca724872 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
#pragma once
#include <stdint.h>
#include <stddef.h>
#include <uthash/utarray.h>
#include "ssl_decoder.h"
#define SSL_DECODER_TOML_PATH "etc/ssl/ssl_decoder.toml"
#define SSL_DECODER_FALSE 0
#define SSL_DECODER_TRUE 1
#define SSL_DECODER_CONTINUE 2
#define SSL_UUID_BYTES_SZ 16
#define SSL_RANDOM_TIME_LEN 4
#define SSL_RANDOM_SIZE 28
#define SSL_HANDSHAKE_ENCRYPTED_MESSAGE 0
#define SSL_HANDSHAKE_CLIENT_HELLO 1
#define SSL_HANDSHAKE_SERVER_HELLO 2
#define SSL_HANDSHAKE_CERTIFICATE 11
#define SSL_HANDSHAKE_SERVER_KEY_EXCHANGE 12
#define SSL_CONTENT_TYPE_HANDSHAKE 0x16
#define SSL_CONTENT_TYPE_ALERT 0x15
#define SSL_CONTENT_TYPE_APPLICATION_DATA 0x17
#define SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC 0x14
#define ALPN_EXT_TYPE 0x0010
#define SERVER_NAME_EXT_TYPE 0x0000
#define SERVER_NAME_HOST_TYPE 0x0000
#define SERVER_NAME_OTHER_TYPE 0x0008
#define SESSION_TICKET_EXT_TYPE 0x0023
#define ENCRPTED_SERVER_NAME_EXT_TYPE 0xFFCE
#define ENCRPTED_CLIENT_HELLO_EXT_TYPE 0xFE0D
#define EC_POINT_FORMATS_EXT_TYPE 0x000B
// https://datatracker.ietf.org/doc/html/rfc7919
// Supported Groups
#define SUPPORTED_GROUPS_EXT_TYPE 0x000A
#define SSL_CERTIFICATE_NUM_MAX 8
#define SSL_CERTIFICATE_VERSION_MAX 3
#define SSL_DECODER_VERSION_UNKNOWN 0x0000
#define SSL_DECODER_VERSION_SSL_V2_0 0x0002
#define SSL_DECODER_VERSION_SSL_V3_0 0x0300
#define SSL_DECODER_VERSION_TLS_V1_0 0x0301
#define SSL_DECODER_VERSION_TLS_V1_1 0x0302
#define SSL_DECODER_VERSION_TLS_V1_2 0x0303
#define SSL_DECODER_VERSION_TLS_V1_3 0x0304
#define SSL_DECODER_VERSION_TLCP_V1_0 0x0101
#define SSL_DECODER_NONE 0x00
#define SSL_DECODER_L1V 0x01
#define SSL_DECODER_L2V 0x02
#define SSL_DECODER_L2TV 0x03
struct ssl_decoder_ltv
{
uint16_t type; // marco SSL_DECODER*
uint16_t vtype;
union
{
uint8_t lv_u8;
uint16_t lv_u16;
uint32_t lv_u32;
};
uint8_t *value;
};
enum SSL_HELLO_LTV
{
SSL_HELLO_LTV_UNKNOWN=0,
SSL_HELLO_LTV_RANDOM_BYTES,
SSL_HELLO_LTV_SESSION,
SSL_HELLO_LTV_CIPERSUITES,
SSL_HELLO_LTV_COMPRESS_METHOD,
SSL_HELLO_LTV_MAX,
};
struct ssl_client_hello
{
uint16_t version;
uint32_t random_gmt_time;
UT_array *extensions;
struct ssl_decoder_ltv ja3;
struct ssl_decoder_ltv *sni;
struct ssl_decoder_ltv *ech;
struct ssl_decoder_ltv *esni;
struct ssl_decoder_ltv ltv[SSL_HELLO_LTV_MAX];
};
struct ssl_server_hello
{
uint16_t version;
uint32_t random_gmt_time;
UT_array *extensions;
struct ssl_decoder_ltv ja3s;
struct ssl_decoder_ltv ltv[SSL_HELLO_LTV_MAX];
};
struct ssl_new_session_ticket
{
int total_len; //3 bytes
int lift_time; //second
int ticket_len; //3 bytes
unsigned char* ticket;
};
#define MAX_ALTER_NAME_LEN 64
struct ssl_subject_alter_name
{
int num;
int offset;
char (*name)[MAX_ALTER_NAME_LEN];
};
#define MAX_RDN_SEQUENCE_LEN 64
#define MAX_RDN_SEQUENCE_LIST_LEN 512
struct ssl_rdn_sequence
{
char common[MAX_RDN_SEQUENCE_LEN]; //commonName
char country[MAX_RDN_SEQUENCE_LEN]; //countryName
char locality[MAX_RDN_SEQUENCE_LEN]; //localityName
char postal_code[MAX_RDN_SEQUENCE_LEN]; // postalCode
char organization[MAX_RDN_SEQUENCE_LEN]; //organizationName
char street_address[MAX_RDN_SEQUENCE_LEN]; //streetAddress
char state_or_Province[MAX_RDN_SEQUENCE_LEN]; //stateOrProvinceName
char organizational_unit[MAX_RDN_SEQUENCE_LEN]; //organizationalUnitName
char rdn_sequence_list[MAX_RDN_SEQUENCE_LIST_LEN]; //commonName + organizationName + organizationalUnitName + localityName + streetAddress + stateOrProvinceName + countryName
};
#define MAX_VALIDITY_LEN 80
struct ssl_validity
{
char before[MAX_VALIDITY_LEN];
char after[MAX_VALIDITY_LEN];
};
struct ssl_subject_public_key
{
int len;
char*value;
};
#define MAX_SERIAL_NUMBER_LEN 128
struct ssl_serial_number
{
unsigned char len;
char value[MAX_SERIAL_NUMBER_LEN];
};
#define MAX_SIGNATURE_ALGORITHM_ID_LEN 64
struct ssl_signature_algorithm_id
{
unsigned char len;
char value[MAX_SIGNATURE_ALGORITHM_ID_LEN];
};
#define MAX_ALGORITHM_IDENTIFIER 64
struct ssl_algorithm_identifier
{
unsigned char len;
char value[MAX_ALGORITHM_IDENTIFIER];
};
struct ssl_certificate
{
uint16_t version;
enum ssl_certificate_type type;
struct ssl_validity validity;
struct ssl_serial_number serial;
struct ssl_rdn_sequence issuer;
struct ssl_rdn_sequence subject;
struct ssl_subject_public_key subject_key;
struct ssl_subject_alter_name subject_alter;
struct ssl_algorithm_identifier algorithm_identifier;
struct ssl_signature_algorithm_id signature_algorithm;
};
#define SSL_MESSAGE_MAGIC 0xEF53534C
struct ssl_message
{
uint32_t magic;
enum ssl_message_type type;
char uuid_bytes[SSL_UUID_BYTES_SZ];
struct session *ss;
struct ssl_decoder_plugin_env *plugin_env;
size_t data_sz;
union
{
struct ssl_client_hello *chello;
struct ssl_server_hello *shello;
struct ssl_certificate *certificate;
void *data;
};
};
|
