Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support all Openssl 1.1.1x version #236

Merged
merged 16 commits into from
Oct 18, 2022
Merged

support all Openssl 1.1.1x version #236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
76a37f5
kern : support openssl 1.1.1a lib.
cfc4n Oct 12, 2022
6215e8e
kern : add openssl offset calculation shell.
cfc4n Oct 12, 2022
90f88c5
kern : support openssl 1.1.1b-c lib.
cfc4n Oct 13, 2022
bac7f63
kern : support openssl 1.1.1d-j lib.
cfc4n Oct 13, 2022
f78de0b
kern : support openssl 1.1.1j-q lib.
cfc4n Oct 13, 2022
78334b5
user : support openssl version detection and ebpf code file.
cfc4n Oct 13, 2022
2b898cb
kern : support boringssl(openssl) 1.1.1 lib.
cfc4n Oct 13, 2022
c35fbad
script : support boringssl(openssl) offset calculator.
cfc4n Oct 13, 2022
ce4fbda
kern : split boringssl and openssl
cfc4n Oct 14, 2022
c8f1160
kern : remove unused code block.
cfc4n Oct 15, 2022
89b010e
Merge : resolve conflicts
cfc4n Oct 16, 2022
c5328e0
user : auto detect ssl version.
cfc4n Oct 16, 2022
333edc5
user : update help command desc.
cfc4n Oct 17, 2022
69463ef
kern : rename constant SSL_ST_SERVER_FINISHED_SECRET to SSL_ST_SERVER…
cfc4n Oct 18, 2022
0787fd6
kern : update tls 1.3 master secrets offset of boringssl 1.1.1
cfc4n Oct 18, 2022
5e1e342
kern : remove BORINGSSL defined logic code.
cfc4n Oct 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,11 @@ BPF_NOCORE_TAG = $(subst .,_,$(KERN_RELEASE)).$(subst .,_,$(VERSION))
# BPF Source file
#

TARGETS := kern/openssl
TARGETS := kern/openssl_1.1.1a
TARGETS += kern/openssl_1.1.1b-c
TARGETS += kern/openssl_1.1.1d-i
TARGETS += kern/openssl_1.1.1j-q
TARGETS += kern/boringssl_1.1.1
TARGETS += kern/bash
TARGETS += kern/gnutls
TARGETS += kern/nspr
Expand Down
9 changes: 7 additions & 2 deletions cli/cmd/tls.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package cmd

import (
"context"
"ecapture/pkg/util/kernel"
"ecapture/user/config"
"ecapture/user/module"
"errors"
Expand Down Expand Up @@ -46,6 +47,7 @@ func init() {
opensslCmd.PersistentFlags().StringVarP(&oc.Write, "write", "w", "", "write the raw packets to file as pcapng format.")
opensslCmd.PersistentFlags().StringVarP(&oc.Ifname, "ifname", "i", "", "(TC Classifier) Interface name on which the probe will be attached.")
opensslCmd.PersistentFlags().Uint16Var(&oc.Port, "port", 443, "port number to capture, default:443.")
opensslCmd.PersistentFlags().StringVar(&oc.SslVersion, "ssl_version", "", "openssl/boringssl version, e.g: --ssl_version=\"OpenSSL 1.1.1g\" or --ssl_version=\"BoringSSL 1.1.1\"")

rootCmd.AddCommand(opensslCmd)
}
Expand All @@ -71,8 +73,11 @@ func openSSLCommandFunc(command *cobra.Command, args []string) {
}
logger.SetOutput(f)
}
logger.Printf("ECAPTURE :: %s Version :%s", cliName, GitVersion)
logger.Printf("ECAPTURE :: Pid Info :%d", os.Getpid())
logger.Printf("ECAPTURE :: %s Version : %s", cliName, GitVersion)
logger.Printf("ECAPTURE :: Pid Info : %d", os.Getpid())
var version kernel.Version
version, err = kernel.HostVersion()
logger.Printf("ECAPTURE :: Kernel Info : %s", version.String())

modNames := []string{module.MODULE_NAME_OPENSSL, module.MODULE_NAME_GNUTLS, module.MODULE_NAME_NSPR, module.MODULE_NAME_GOSSL}

Expand Down
101 changes: 101 additions & 0 deletions kern/boringssl_1.1.1_kern.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
#ifndef ECAPTURE_BORINGSSL_1_1_1_H
#define ECAPTURE_BORINGSSL_1_1_1_H

/* OPENSSL_VERSION_TEXT: OpenSSL 1.1.1 (compatible; BoringSSL), OPENSSL_VERSION_NUMBER:0x1010107f */

//------------------------------------------
// android boringssl 版本
// ssl->version 在 ssl_st 结构体中的偏移量
#define SSL_ST_VERSION 16

// ssl->session 在 ssl_st 结构中的偏移量
#define SSL_ST_SESSION 88

// session->secret 在 SSL_SESSION 中的偏移量
#define SSL_SESSION_ST_MASTER_KEY 16

// ssl->s3 在 ssl_st中的偏移量
#define SSL_ST_S3 48

// s3->hs 在 ssl3_state_st 中的偏移量
#define SSL_HS_OFFSET 272

// hs->established_session 在 SSL_HANDSHAKE 中的偏移量
#define SSL_ESTABLISHED_SESSION_OFFSET 456

// hs->new_session 在 SSL_HANDSHAKE 中的偏移量
#define SSL_HS_NEW_SESSION_OFFSET 656

// hs->early_session 在 SSL_HANDSHAKE 中的偏移量
#define SSL_HS_EARLY_SESSION_OFFSET 664

// s3->client_random 在 ssl3_state_st 中的偏移量
#define SSL_S3_CLIENT_RANDOM_OFFSET 48


////////// TLS 1.2 or older /////////

// session->cipher 在 SSL_SESSION 中的偏移量
#define SSL_SESSION_ST_CIPHER 496

// session->cipher_id 在 SSL_SESSION 中的偏移量
#define SSL_SESSION_ST_CIPHER_ID 0x1f8

// cipher->id 在 ssl_cipher_st 中的偏移量
#define SSL_CIPHER_ST_ID 0x18

/*
size_t hash_len_ = 0;
uint8_t secret_[SSL_MAX_MD_SIZE] = {0};
uint8_t early_traffic_secret_[SSL_MAX_MD_SIZE] = {0};
uint8_t client_handshake_secret_[SSL_MAX_MD_SIZE] = {0};
uint8_t server_handshake_secret_[SSL_MAX_MD_SIZE] = {0};
uint8_t client_traffic_secret_0_[SSL_MAX_MD_SIZE] = {0};
uint8_t server_traffic_secret_0_[SSL_MAX_MD_SIZE] = {0};
uint8_t expected_client_finished_[SSL_MAX_MD_SIZE] = {0};
*/
// bssl::SSL_HANDSHAKE_max_version = 30

/////////////////////////// NEW ///////////////////////////
// bssl::SSL_HANDSHAKE->secret_
#define SSL_HANDSHAKE_SECRET_ = 40

// bssl::SSL_HANDSHAKE->early_traffic_secret_
#define SSL_HANDSHAKE_EARLY_TRAFFIC_SECRET_ = 88

// bssl::SSL_HANDSHAKE->client_handshake_secret_
#define SSL_HANDSHAKE_CLIENT_HANDSHAKE_SECRET_ = 136

// bssl::SSL_HANDSHAKE->server_handshake_secret_
#define SSL_HANDSHAKE_SERVER_HANDSHAKE_SECRET_ = 184

// bssl::SSL_HANDSHAKE->client_traffic_secret_0_
#define SSL_HANDSHAKE_CLIENT_TRAFFIC_SECRET_0_ = 232

// bssl::SSL_HANDSHAKE->server_traffic_secret_0_
#define SSL_HANDSHAKE_SERVER_TRAFFIC_SECRET_0_ = 280

// bssl::SSL_HANDSHAKE->expected_client_finished_
#define SSL_HANDSHAKE_EXPECTED_CLIENT_FINISHED_ = 328
/////////////////////////// END ///////////////////////////

// ssl->handshake_secret 在 ssl_st 中的偏移量
#define SSL_ST_HANDSHAKE_SECRET 0x17C // 380

// ssl->master_secret 在 ssl_st 中的偏移量
#define SSL_ST_MASTER_SECRET 0x1BC // 444

// ssl->server_finished_hash 在 ssl_st 中的偏移量
#define SSL_ST_SERVER_FINISHED_HASH 0x2BC // 700

// ssl->handshake_traffic_hash 在 ssl_st 中的偏移量
#define SSL_ST_HANDSHAKE_TRAFFIC_HASH 0x2FC // 764

// ssl->exporter_master_secret 在 ssl_st 中的偏移量
#define SSL_ST_EXPORTER_MASTER_SECRET 0x3BC // 956

#include "openssl.h"
#include "boringssl_masterkey.h"


#endif
Loading