Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kern : support boringssl offset for Android 12. #181

Merged
merged 1 commit into from
Aug 21, 2022
Merged

kern : support boringssl offset for Android 12. #181

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,11 @@ ifeq ($(DEBUG),1)
DEBUG_PRINT := -DDEBUG_PRINT
endif

BORINGSSL_FLAGS ?=
TARGET_TAG ?= linux
ifeq ($(ANDROID),1)
TARGET_TAG := androidgki
BORINGSSL_FLAGS := -DBORINGSSL
endif

EXTRA_CFLAGS ?= -O2 -mcpu=v1 \
Expand Down Expand Up @@ -89,8 +91,8 @@ CLANG_VERSION = $(shell $(CMD_CLANG) --version 2>/dev/null | \
| .check_$(CMD_CLANG)
#
@echo $(shell date)
@if [ ${CLANG_VERSION} -lt 9 ]; then
echo -n "you MUST use clang 9 or newer, "
@if [ ${CLANG_VERSION} -lt 12 ]; then
echo -n "you MUST use clang 12 or newer, "
echo "your current clang version is ${CLANG_VERSION}"
exit 1
fi
Expand Down Expand Up @@ -290,6 +292,7 @@ $(KERN_OBJECTS): %.o: %.c \
$(CMD_CLANG) -D__TARGET_ARCH_$(LINUX_ARCH) \
$(EXTRA_CFLAGS) \
$(BPFHEADER) \
$(BORINGSSL_FLAGS) \
-target bpfel -c $< -o $(subst kern/,user/bytecode/,$@) \
-fno-ident -fdebug-compilation-dir . -g -D__BPF_TARGET_MISSING="GCC error \"The eBPF is using target specific macros, please provide -target\"" \
-MD -MP
Expand Down Expand Up @@ -341,6 +344,7 @@ $(KERN_OBJECTS_NOCORE): %.nocore: %.c \
-I $(KERN_BUILD_PATH)/include/generated/uapi \
$(EXTRA_CFLAGS_NOCORE) \
$(KERNEL_LESS_5_2_FLAGS) \
$(BORINGSSL_FLAGS) \
-c $< \
-o - |$(CMD_LLC) \
-march=bpf \
Expand Down
30 changes: 28 additions & 2 deletions kern/masterkey_kern.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,11 @@
* openssl 1.1.1.X 版本相关的常量
* 参考:https://wiki.openssl.org/index.php/TLS1.3
*/
#ifndef BORINGSSL
//------------------------------------------

////////// TLS 1.2 or older /////////
// ssl->version 在 ssl_st 结构体中的偏移量
#define SSL_VERSION_OFFSET 0
// ssl->session 在 ssl_st 结构中的偏移量
#define SSL_SESSION_OFFSET 0x510

Expand All @@ -25,6 +28,27 @@

// s3->client_random 在 ssl3_state_st 中的偏移量
#define SSL_S3_CLIENT_RANDOM_OFFSET 0xD8
//------------------------------------------
#else
// android boringssl 版本
// ssl->version 在 ssl_st 结构体中的偏移量
#define SSL_VERSION_OFFSET 16

// ssl->session 在 ssl_st 结构中的偏移量
#define SSL_SESSION_OFFSET 88

// session->secret 在 SSL_SESSION 中的偏移量
#define MASTER_KEY_OFFSET 16

// ssl->s3 在 ssl_st中的偏移量
#define SSL_S3_OFFSET 48

// s3->client_random 在 ssl3_state_st 中的偏移量
#define SSL_S3_CLIENT_RANDOM_OFFSET 48
#endif

////////// TLS 1.2 or older /////////


// session->cipher 在 SSL_SESSION 中的偏移量
#define SESSION_CIPHER_OFFSET 496
Expand Down Expand Up @@ -162,13 +186,15 @@ int probe_ssl_master_key(struct pt_regs *ctx) {
debug_bpf_printk("mastersecret is null\n");
return 0;
}
u64 *ssl_version_ptr = (u64 *)(ssl_st_ptr + SSL_VERSION_OFFSET);
// Get a ssl_session_st pointer
u64 *ssl_session_st_ptr = (u64 *)(ssl_st_ptr + SSL_SESSION_OFFSET);
u64 *ssl_s3_st_ptr = (u64 *)(ssl_st_ptr + SSL_S3_OFFSET);

// Get SSL->version pointer
int version;
int ret =
bpf_probe_read_user(&version, sizeof(version), (void *)ssl_st_ptr);
bpf_probe_read_user(&version, sizeof(version), (void *)ssl_version_ptr);
if (ret) {
debug_bpf_printk("bpf_probe_read tls_version failed, ret :%d\n", ret);
return 0;
Expand Down