feat : support openssl 1.1.0* and 1.0.2*

Makefile

@@ -191,6 +191,8 @@ TARGETS := kern/openssl_1_1_1a
 TARGETS += kern/openssl_1_1_1b
 TARGETS += kern/openssl_1_1_1d
 TARGETS += kern/openssl_1_1_1j
+TARGETS += kern/openssl_1_1_0a
+TARGETS += kern/openssl_1_0_2a
 TARGETS += kern/openssl_3_0_0
 TARGETS += kern/boringssl_1_1_1
 TARGETS += kern/bash

cli/cmd/tls.go

@@ -29,14 +29,13 @@ var opensslCmd = &cobra.Command{
 	Use:     "tls",
 	Aliases: []string{"openssl", "gnutls", "nss"},
 	Short:   "use to capture tls/ssl text content without CA cert. (Support Linux 4.18/Android 5.4)",
-	Long: `use eBPF uprobe/TC to capture process event data and network data,do not used libpcap.
+	Long: `use eBPF uprobe/TC to capture process event data and network data.also support pcap-NG format.
 ecapture tls
 ecapture tls --hex --pid=3423
 ecapture tls -l save.log --pid=3423
 ecapture tls --libssl=/lib/x86_64-linux-gnu/libssl.so.1.1
 ecapture tls -w save_3_0_5.pcapng --ssl_version="openssl 3.0.5" --libssl=/lib/x86_64-linux-gnu/libssl.so.3 
 ecapture tls -w save_android.pcapng -i wlan0 --libssl=/apex/com.android.conscrypt/lib64/libssl.so --ssl_version="boringssl 1.1.1" --port 443
-.
 `,
 	Run: openSSLCommandFunc,
 }

kern/openssl_1_0_2a_kern.c

@@ -0,0 +1,41 @@
+#ifndef ECAPTURE_OPENSSL_1_0_2_A_KERN_H
+#define ECAPTURE_OPENSSL_1_0_2_A_KERN_H
+
+/* OPENSSL_VERSION_TEXT: OpenSSL 1.0.2u  20 Dec 2019, OPENSSL_VERSION_NUMBER: 268443999 */
+
+// ssl_st->version
+#define SSL_ST_VERSION 0x0
+
+// ssl_st->session
+#define SSL_ST_SESSION 0x130
+
+// ssl_st->s3
+#define SSL_ST_S3 0x80
+
+// ssl_session_st->master_key
+#define SSL_SESSION_ST_MASTER_KEY 0x14
+
+// ssl3_state_st->client_random
+#define SSL3_STATE_ST_CLIENT_RANDOM 0xc4
+
+// ssl_session_st->cipher
+#define SSL_SESSION_ST_CIPHER 0xe0
+
+// ssl_session_st->cipher_id
+#define SSL_SESSION_ST_CIPHER_ID 0xe8
+
+// ssl_cipher_st->id
+#define SSL_CIPHER_ST_ID 0x10
+
+// openssl 1.0.2 does not support TLS 1.3, set 0 default
+#define SSL_ST_HANDSHAKE_SECRET 0
+#define SSL_ST_MASTER_SECRET 0
+#define SSL_ST_SERVER_FINISHED_HASH 0
+#define SSL_ST_HANDSHAKE_TRAFFIC_HASH 0
+#define SSL_ST_EXPORTER_MASTER_SECRET 0
+
+#include "openssl.h"
+#include "openssl_masterkey.h"
+
+#endif
+

kern/openssl_1_1_0a_kern.c

@@ -0,0 +1,41 @@
+#ifndef ECAPTURE_OPENSSL_1_1_0_A_KERN_H
+#define ECAPTURE_OPENSSL_1_1_0_A_KERN_H
+
+/* OPENSSL_VERSION_TEXT: OpenSSL 1.1.0l  10 Sep 2019, OPENSSL_VERSION_NUMBER: 269484239 */
+
+// ssl_st->version
+#define SSL_ST_VERSION 0x0
+
+// ssl_st->session
+#define SSL_ST_SESSION 0x178
+
+// ssl_st->s3
+#define SSL_ST_S3 0x90
+
+// ssl_session_st->master_key
+#define SSL_SESSION_ST_MASTER_KEY 0x8
+
+// ssl3_state_st->client_random
+#define SSL3_STATE_ST_CLIENT_RANDOM 0xb0
+
+// ssl_session_st->cipher
+#define SSL_SESSION_ST_CIPHER 0xd8
+
+// ssl_session_st->cipher_id
+#define SSL_SESSION_ST_CIPHER_ID 0xe0
+
+// ssl_cipher_st->id
+#define SSL_CIPHER_ST_ID 0x10
+
+// openssl 1.1.0 does not support TLS 1.3, set 0 default
+#define SSL_ST_HANDSHAKE_SECRET 0
+#define SSL_ST_MASTER_SECRET 0
+#define SSL_ST_SERVER_FINISHED_HASH 0
+#define SSL_ST_HANDSHAKE_TRAFFIC_HASH 0
+#define SSL_ST_EXPORTER_MASTER_SECRET 0
+
+#include "openssl.h"
+#include "openssl_masterkey.h"
+
+#endif
+

user/module/probe_openssl.go

@@ -24,10 +24,7 @@ import (
 )
 
 const (
-	ConnNotFound               = "[ADDR_NOT_FOUND]"
-	LinuxDefauleFilename_1_1_1 = "linux_default_1_1_1"
-	LinuxDefauleFilename_3_0   = "linux_default_3_0"
-	AndroidDefauleFilename     = "android_default"
+	ConnNotFound = "[ADDR_NOT_FOUND]"
 )
 
 type Tls13MasterSecret struct {

user/module/probe_openssl_lib.go

@@ -12,13 +12,28 @@ import (
 )
 
 const (
+	LinuxDefauleFilename_1_0_2 = "linux_default_1_0_2"
+	LinuxDefauleFilename_1_1_0 = "linux_default_1_1_0"
+	LinuxDefauleFilename_1_1_1 = "linux_default_1_1_1"
+	LinuxDefauleFilename_3_0   = "linux_default_3_0"
+	AndroidDefauleFilename     = "android_default"
+)
+
+const (
+	MaxSupportedOpenSSL102Version = 'u'
+	MaxSupportedOpenSSL110Version = 'l'
 	MaxSupportedOpenSSL111Version = 's'
 	MaxSupportedOpenSSL30Version  = '7'
 )
 
 // initOpensslOffset initial BpfMap
 func (this *MOpenSSLProbe) initOpensslOffset() {
 	this.sslVersionBpfMap = map[string]string{
+		// openssl 1.0.2*
+		LinuxDefauleFilename_1_0_2: "openssl_1_0_2a_kern.o",
+
+		// openssl 1.1.0*
+		LinuxDefauleFilename_1_1_0: "openssl_1_1_0a_kern.o",
 
 		// openssl 1.1.1*
 		LinuxDefauleFilename_1_1_1: "openssl_1_1_1j_kern.o",
@@ -53,6 +68,17 @@ func (this *MOpenSSLProbe) initOpensslOffset() {
 	for ch := '0'; ch <= MaxSupportedOpenSSL30Version; ch++ {
 		this.sslVersionBpfMap["openssl 3.0."+string(ch)] = "openssl_3_0_0_kern.o"
 	}
+
+	// openssl 1.1.0a - 1.1.0l
+	for ch := 'a'; ch <= MaxSupportedOpenSSL110Version; ch++ {
+		this.sslVersionBpfMap["openssl 1.1.0"+string(ch)] = "openssl_1_1_1a_kern.o"
+	}
+
+	// openssl 1.0.2a - 1.0.2u
+	for ch := 'a'; ch <= MaxSupportedOpenSSL102Version; ch++ {
+		this.sslVersionBpfMap["openssl 1.0.2"+string(ch)] = "openssl_1_0_2a_kern.o"
+	}
+
 }
 
 func (this *MOpenSSLProbe) detectOpenssl(soPath string) error {

utils/openssl_1_0_2_offset.c

@@ -0,0 +1,45 @@
+#include <ctype.h>
+#include <stdio.h>
+#include <stddef.h>
+#include <openssl/crypto.h>
+
+#include <ssl/ssl_locl.h>
+
+#define SSL_STRUCT_OFFSETS              \
+    X(ssl_st, version)                  \
+    X(ssl_st, session)                  \
+    X(ssl_st, s3)                       \
+    X(ssl_session_st, master_key)       \
+    X(ssl3_state_st, client_random)     \
+    X(ssl_session_st, cipher)           \
+    X(ssl_session_st, cipher_id)        \
+    X(ssl_cipher_st, id)
+
+void toUpper(char *s) {
+    int i = 0;
+    while (s[i] != '\0') {
+        putchar(toupper(s[i]));
+        i++;
+    }
+}
+
+void format(char *struct_name, char *field_name, size_t offset) {
+    printf("// %s->%s\n", struct_name, field_name);
+    printf("#define ");
+    toUpper(struct_name);
+    printf("_");
+    toUpper(field_name);
+    printf(" 0x%lx\n\n", offset);
+}
+
+int main() {
+    printf("/* OPENSSL_VERSION_TEXT: %s, OPENSSL_VERSION_NUMBER: %ld */\n\n",
+           OPENSSL_VERSION_TEXT, OPENSSL_VERSION_NUMBER);
+
+#define X(struct_name, field_name)      \
+    format(#struct_name, #field_name, offsetof(struct struct_name, field_name));
+    SSL_STRUCT_OFFSETS
+#undef X
+
+    return 0;
+}

utils/openssl_1_1_0_offset.c

@@ -0,0 +1,45 @@
+#include <ctype.h>
+#include <stdio.h>
+#include <stddef.h>
+#include <openssl/crypto.h>
+
+#include <ssl/ssl_locl.h>
+
+#define SSL_STRUCT_OFFSETS              \
+    X(ssl_st, version)                  \
+    X(ssl_st, session)                  \
+    X(ssl_st, s3)                       \
+    X(ssl_session_st, master_key)       \
+    X(ssl3_state_st, client_random)     \
+    X(ssl_session_st, cipher)           \
+    X(ssl_session_st, cipher_id)        \
+    X(ssl_cipher_st, id)
+
+void toUpper(char *s) {
+    int i = 0;
+    while (s[i] != '\0') {
+        putchar(toupper(s[i]));
+        i++;
+    }
+}
+
+void format(char *struct_name, char *field_name, size_t offset) {
+    printf("// %s->%s\n", struct_name, field_name);
+    printf("#define ");
+    toUpper(struct_name);
+    printf("_");
+    toUpper(field_name);
+    printf(" 0x%lx\n\n", offset);
+}
+
+int main() {
+    printf("/* OPENSSL_VERSION_TEXT: %s, OPENSSL_VERSION_NUMBER: %ld */\n\n",
+           OPENSSL_VERSION_TEXT, OPENSSL_VERSION_NUMBER);
+
+#define X(struct_name, field_name)      \
+    format(#struct_name, #field_name, offsetof(struct struct_name, field_name));
+    SSL_STRUCT_OFFSETS
+#undef X
+
+    return 0;
+}

utils/openssl_offset_1.0.2.sh

@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+set -e
+
+PROJECT_ROOT_DIR=$(pwd)
+OPENSSL_DIR="${PROJECT_ROOT_DIR}/deps/openssl"
+OUTPUT_DIR="${PROJECT_ROOT_DIR}/kern"
+
+if [[ ! -f "go.mod" ]]; then
+  echo "Run the script from the project root directory"
+  exit 1
+fi
+
+# skip cloning if the header file of the max supported version is already generated
+if [[ ! -f "${OUTPUT_DIR}/openssl_1_0_2a_kern.c" ]]; then
+  # skip cloning if the openssl directory already exists
+  if [[ ! -d "${OPENSSL_DIR}" ]]; then
+    git clone https://github.com/openssl/openssl.git ${OPENSSL_DIR}
+  fi
+fi
+
+function run() {
+  git fetch --tags
+  cp -f ${PROJECT_ROOT_DIR}/utils/openssl_1_0_2_offset.c ${OPENSSL_DIR}/offset.c
+  declare -A sslVerMap=()
+#  sslVerMap[""]=""
+  sslVerMap["a"]="a"
+
+  sslVerMap["b"]="a"
+  sslVerMap["c"]="a"
+
+  sslVerMap["d"]="a"
+  sslVerMap["e"]="a"
+  sslVerMap["f"]="a"
+  sslVerMap["g"]="a"
+  sslVerMap["h"]="a"
+  sslVerMap["i"]="a"
+
+  sslVerMap["j"]="a"
+  sslVerMap["k"]="a"
+  sslVerMap["l"]="a"
+  sslVerMap["m"]="a"
+  sslVerMap["n"]="a"
+  sslVerMap["o"]="a"
+  sslVerMap["p"]="a"
+  sslVerMap["q"]="a"
+  sslVerMap["r"]="a"
+  sslVerMap["s"]="a"
+  sslVerMap["t"]="a"
+  sslVerMap["u"]="a"
+
+
+#  exit 0
+#  for ver in {a..r}; do
+  for ver in ${!sslVerMap[@]}; do
+    tag="OpenSSL_1_0_2${ver}"
+    val=${sslVerMap[$ver]}
+    header_file="${OUTPUT_DIR}/openssl_1_0_2${val}_kern.c"
+    header_define="OPENSSL_1_0_2_$(echo ${val} | tr "[:lower:]" "[:upper:]")_KERN_H"
+
+    if [[ -f ${header_file} ]]; then
+      echo "Skip ${header_file}"
+      continue
+    fi
+
+    git checkout ${tag}
+    echo "Generating ${header_file}"
+
+    ./config
+
+    clang -I include/ -I . offset.c -o offset $flag
+
+    echo -e "#ifndef ECAPTURE_${header_define}" >${header_file}
+    echo -e "#define ECAPTURE_${header_define}\n" >>${header_file}
+    ./offset >>${header_file}
+    echo -e "// openssl 1.0.2 does not support TLS 1.3, set 0 default" >>${header_file}
+    echo -e "#define SSL_ST_HANDSHAKE_SECRET 0" >>${header_file}
+    echo -e "#define SSL_ST_MASTER_SECRET 0" >>${header_file}
+    echo -e "#define SSL_ST_SERVER_FINISHED_HASH 0" >>${header_file}
+    echo -e "#define SSL_ST_HANDSHAKE_TRAFFIC_HASH 0" >>${header_file}
+    echo -e "#define SSL_ST_EXPORTER_MASTER_SECRET 0\n" >>${header_file}
+    echo -e "#include \"openssl.h\"" >>${header_file}
+    echo -e "#include \"openssl_masterkey.h\"" >>${header_file}
+    echo -e "\n#endif\n" >>${header_file}
+
+    # clean up
+    make clean
+
+  done
+
+  rm offset.c
+}
+
+pushd ${OPENSSL_DIR}
+(run)
+[[ "$?" != 0 ]] && popd
+popd