Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: correct ssl_st member offsets #184

Merged
merged 5 commits into from
Sep 2, 2022
Merged

Fix: correct ssl_st member offsets #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
22929bc
fix: unify comment fmt
blaisewang Aug 25, 2022
eb0b5f4
fix: key log file label
blaisewang Aug 25, 2022
620a3f5
fix: ssl_st members' offsets
blaisewang Aug 29, 2022
1b5f100
fix: use correct hash in expandLabel
blaisewang Aug 29, 2022
05921c7
fix: better use of switch case pointed by cfc4n
blaisewang Aug 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 5 additions & 11 deletions kern/masterkey_kern.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,26 +77,20 @@
unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE];
*/

// session->cipher 在 SSL_SESSION 中的偏移量
#define CIPHER_OFFSET 0xEC

// ssl_cipher_st-> id 在 ssl_cipher_st 中的偏移量
#define CIPHER_ID_OFFSET 0x18

// ssl->handshake_secret 在 ssl_st 中的偏移量
#define HANDSHAKE_SECRET_OFFSET 0x13C // 316
#define HANDSHAKE_SECRET_OFFSET 0x17C // 380

// ssl->master_secret 在 ssl_st 中的偏移量
#define MASTER_SECRET_OFFSET 0x17C // 380
#define MASTER_SECRET_OFFSET 0x1BC // 444

// ssl->server_finished_hash 在 ssl_st 中的偏移量
#define SERVER_FINISHED_HASH_OFFSET 0x27C // 636
#define SERVER_FINISHED_HASH_OFFSET 0x2BC // 700

// ssl->handshake_traffic_hash 在 ssl_st 中的偏移量
#define HANDSHAKE_TRAFFIC_HASH_OFFSET 0x2BC // 700
#define HANDSHAKE_TRAFFIC_HASH_OFFSET 0x2FC // 764

// ssl->exporter_master_secret 在 ssl_st 中的偏移量
#define EXPORTER_MASTER_SECRET_OFFSET 0x37C // 892
#define EXPORTER_MASTER_SECRET_OFFSET 0x3BC // 956

struct mastersecret_t {
// TLS 1.2 or older
Expand Down
14 changes: 12 additions & 2 deletions pkg/util/hkdf/hkdf.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ package hkdf

import (
"crypto"
"fmt"
"golang.org/x/crypto/cryptobyte"
"golang.org/x/crypto/hkdf"
"hash"
Expand Down Expand Up @@ -48,7 +49,7 @@ const (
TLS_CHACHA20_POLY1305_SHA256 uint16 = 0x1303
)

//expandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1.
// expandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1.
func expandLabel(secret []byte, label string, context []byte, length int) []byte {
var hkdfLabel cryptobyte.Builder
hkdfLabel.AddUint16(uint16(length))
Expand All @@ -60,7 +61,16 @@ func expandLabel(secret []byte, label string, context []byte, length int) []byte
b.AddBytes(context)
})
out := make([]byte, length)
transcript := crypto.SHA256 // TODO fixme : use cipher_id argument

var transcript crypto.Hash
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do not use cipher_id argument?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would say that adding parameters to the method feels a bit redundant, especially doing cipher_id bitwise operation twice. The kind of crypto.Hash can be easily deduced from the size parameter. But I am not a Golang expert, I am not sure the best practice to do this. If you insist, I'll go with your way.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in ssl/ssl_local.h line 418 ,

/* used to hold info on the particular ciphers used */
struct ssl_cipher_st {
    uint32_t valid;
    const char *name;           /* text name */
    const char *stdname;        /* RFC name */
    uint32_t id;                /* id, 4 bytes, first is version */
    /*
     * changed in 1.0.0: these four used to be portions of a single value
     * 'algorithms'
     */
    uint32_t algorithm_mkey;    /* key exchange algorithm */

cipher_id means algorithm type. so use this method is a best way.

var transcript hash.Hash
	// test with different cipher_id
	switch cipher_id & 0x0000FFFF {
	case 0x1301:
		t.Log("TLS_AES_128_GCM_SHA256")
		transcript = crypto.SHA256.New()
	case 0x1302:
		t.Log("TLS_AES_256_GCM_SHA384")
		transcript = crypto.SHA384.New()
	case 0x1303:
		t.Log("TLS_CHACHA20_POLY1305_SHA256")
		transcript = crypto.SHA256.New()
	default:
		t.Log("Unknown cipher")
	}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was too busy last week. I will open another PR to fix this later

switch length {
case 32:
transcript = crypto.SHA256
case 48:
transcript = crypto.SHA384
default:
panic(fmt.Sprintf("non-tls 1.3 hash found, length: %d", length))
}
n, err := hkdf.Expand(transcript.New, secret, hkdfLabel.BytesOrPanic()).Read(out)
if err != nil || n != length {
panic("tls: HKDF-Expand-Label invocation failed unexpectedly")
Expand Down
10 changes: 4 additions & 6 deletions user/module/probe_openssl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ type MOpenSSLProbe struct {
tcPacketLocker *sync.Mutex
}

//对象初始化
// 对象初始化
func (this *MOpenSSLProbe) Init(ctx context.Context, logger *log.Logger, conf config.IConfig) error {
this.Module.Init(ctx, logger)
this.conf = conf
Expand Down Expand Up @@ -197,7 +197,7 @@ func (this *MOpenSSLProbe) Close() error {
return this.Module.Close()
}

// 通过elf的常量替换方式传递数据
// 通过elf的常量替换方式传递数据
func (this *MOpenSSLProbe) constantEditor() []manager.ConstantEditor {
var editor = []manager.ConstantEditor{
{
Expand Down Expand Up @@ -491,12 +491,10 @@ func (this *MOpenSSLProbe) saveMasterSecret(secretEvent *event.MasterSecretEvent
var transcript hash.Hash
// check crypto type
switch uint16(secretEvent.CipherId & 0x0000FFFF) {
case hkdf.TLS_AES_128_GCM_SHA256:
case hkdf.TLS_AES_128_GCM_SHA256, hkdf.TLS_CHACHA20_POLY1305_SHA256:
transcript = crypto.SHA256.New()
case hkdf.TLS_AES_256_GCM_SHA384:
transcript = crypto.SHA384.New()
case hkdf.TLS_CHACHA20_POLY1305_SHA256:
transcript = crypto.SHA256.New()
default:
this.logger.Printf("non-tls 1.3 ciphersuite in tls13_hkdf_expand, CipherId: %d", secretEvent.CipherId)
return
Expand All @@ -506,7 +504,7 @@ func (this *MOpenSSLProbe) saveMasterSecret(secretEvent *event.MasterSecretEvent
b = bytes.NewBufferString(fmt.Sprintf("%s %02x %02x\n", hkdf.KeyLogLabelClientHandshake, secretEvent.ClientRandom, clientSecret))

serverHandshakeSecret := hkdf.DeriveSecret(secretEvent.HandshakeSecret[:], hkdf.ServerHandshakeTrafficLabel, transcript)
b.WriteString(fmt.Sprintf("%s %02x %02x\n", hkdf.KeyLogLabelClientHandshake, secretEvent.ClientRandom, serverHandshakeSecret))
b.WriteString(fmt.Sprintf("%s %02x %02x\n", hkdf.KeyLogLabelServerHandshake, secretEvent.ClientRandom, serverHandshakeSecret))

transcript.Reset()
transcript.Write(secretEvent.ServerFinishedHash[:])
Expand Down