diff --git a/kern/masterkey_kern.h b/kern/masterkey_kern.h index d8761542a..49410da8f 100644 --- a/kern/masterkey_kern.h +++ b/kern/masterkey_kern.h @@ -77,26 +77,20 @@ unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; */ -// session->cipher 在 SSL_SESSION 中的偏移量 -#define CIPHER_OFFSET 0xEC - -// ssl_cipher_st-> id 在 ssl_cipher_st 中的偏移量 -#define CIPHER_ID_OFFSET 0x18 - // ssl->handshake_secret 在 ssl_st 中的偏移量 -#define HANDSHAKE_SECRET_OFFSET 0x13C // 316 +#define HANDSHAKE_SECRET_OFFSET 0x17C // 380 // ssl->master_secret 在 ssl_st 中的偏移量 -#define MASTER_SECRET_OFFSET 0x17C // 380 +#define MASTER_SECRET_OFFSET 0x1BC // 444 // ssl->server_finished_hash 在 ssl_st 中的偏移量 -#define SERVER_FINISHED_HASH_OFFSET 0x27C // 636 +#define SERVER_FINISHED_HASH_OFFSET 0x2BC // 700 // ssl->handshake_traffic_hash 在 ssl_st 中的偏移量 -#define HANDSHAKE_TRAFFIC_HASH_OFFSET 0x2BC // 700 +#define HANDSHAKE_TRAFFIC_HASH_OFFSET 0x2FC // 764 // ssl->exporter_master_secret 在 ssl_st 中的偏移量 -#define EXPORTER_MASTER_SECRET_OFFSET 0x37C // 892 +#define EXPORTER_MASTER_SECRET_OFFSET 0x3BC // 956 struct mastersecret_t { // TLS 1.2 or older diff --git a/pkg/util/hkdf/hkdf.go b/pkg/util/hkdf/hkdf.go index 38209ebd7..7b0da4a63 100644 --- a/pkg/util/hkdf/hkdf.go +++ b/pkg/util/hkdf/hkdf.go @@ -15,6 +15,7 @@ package hkdf import ( "crypto" + "fmt" "golang.org/x/crypto/cryptobyte" "golang.org/x/crypto/hkdf" "hash" @@ -48,7 +49,7 @@ const ( TLS_CHACHA20_POLY1305_SHA256 uint16 = 0x1303 ) -//expandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1. +// expandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1. func expandLabel(secret []byte, label string, context []byte, length int) []byte { var hkdfLabel cryptobyte.Builder hkdfLabel.AddUint16(uint16(length)) @@ -60,7 +61,16 @@ func expandLabel(secret []byte, label string, context []byte, length int) []byte b.AddBytes(context) }) out := make([]byte, length) - transcript := crypto.SHA256 // TODO fixme : use cipher_id argument + + var transcript crypto.Hash + switch length { + case 32: + transcript = crypto.SHA256 + case 48: + transcript = crypto.SHA384 + default: + panic(fmt.Sprintf("non-tls 1.3 hash found, length: %d", length)) + } n, err := hkdf.Expand(transcript.New, secret, hkdfLabel.BytesOrPanic()).Read(out) if err != nil || n != length { panic("tls: HKDF-Expand-Label invocation failed unexpectedly") diff --git a/user/module/probe_openssl.go b/user/module/probe_openssl.go index 63b124404..0d71794b8 100644 --- a/user/module/probe_openssl.go +++ b/user/module/probe_openssl.go @@ -77,7 +77,7 @@ type MOpenSSLProbe struct { tcPacketLocker *sync.Mutex } -//对象初始化 +// 对象初始化 func (this *MOpenSSLProbe) Init(ctx context.Context, logger *log.Logger, conf config.IConfig) error { this.Module.Init(ctx, logger) this.conf = conf @@ -197,7 +197,7 @@ func (this *MOpenSSLProbe) Close() error { return this.Module.Close() } -// 通过elf的常量替换方式传递数据 +// 通过elf的常量替换方式传递数据 func (this *MOpenSSLProbe) constantEditor() []manager.ConstantEditor { var editor = []manager.ConstantEditor{ { @@ -491,12 +491,10 @@ func (this *MOpenSSLProbe) saveMasterSecret(secretEvent *event.MasterSecretEvent var transcript hash.Hash // check crypto type switch uint16(secretEvent.CipherId & 0x0000FFFF) { - case hkdf.TLS_AES_128_GCM_SHA256: + case hkdf.TLS_AES_128_GCM_SHA256, hkdf.TLS_CHACHA20_POLY1305_SHA256: transcript = crypto.SHA256.New() case hkdf.TLS_AES_256_GCM_SHA384: transcript = crypto.SHA384.New() - case hkdf.TLS_CHACHA20_POLY1305_SHA256: - transcript = crypto.SHA256.New() default: this.logger.Printf("non-tls 1.3 ciphersuite in tls13_hkdf_expand, CipherId: %d", secretEvent.CipherId) return @@ -506,7 +504,7 @@ func (this *MOpenSSLProbe) saveMasterSecret(secretEvent *event.MasterSecretEvent b = bytes.NewBufferString(fmt.Sprintf("%s %02x %02x\n", hkdf.KeyLogLabelClientHandshake, secretEvent.ClientRandom, clientSecret)) serverHandshakeSecret := hkdf.DeriveSecret(secretEvent.HandshakeSecret[:], hkdf.ServerHandshakeTrafficLabel, transcript) - b.WriteString(fmt.Sprintf("%s %02x %02x\n", hkdf.KeyLogLabelClientHandshake, secretEvent.ClientRandom, serverHandshakeSecret)) + b.WriteString(fmt.Sprintf("%s %02x %02x\n", hkdf.KeyLogLabelServerHandshake, secretEvent.ClientRandom, serverHandshakeSecret)) transcript.Reset() transcript.Write(secretEvent.ServerFinishedHash[:])