kern: capture https plaintext failed with boringssl TLS 1.3 on android #271

cli/cmd/tls.go

@@ -57,7 +57,6 @@ func init() {
 	opensslCmd.PersistentFlags().StringVar(&gc.Curlpath, "wget", "", "wget file path, default: /usr/bin/wget. (Deprecated)")
 	opensslCmd.PersistentFlags().StringVar(&nc.Firefoxpath, "firefox", "", "firefox file path, default: /usr/lib/firefox/firefox. (Deprecated)")
 	opensslCmd.PersistentFlags().StringVar(&nc.Nsprpath, "nspr", "", "libnspr44.so file path, will automatically find it from curl default.")
-	opensslCmd.PersistentFlags().StringVar(&oc.Pthread, "pthread", "", "libpthread.so file path, use to hook connect to capture socket FD.will automatically find it from curl. (Deprecated)")
 	opensslCmd.PersistentFlags().StringVar(&goc.Path, "gobin", "", "path to binary built with Go toolchain.")
 	opensslCmd.PersistentFlags().StringVarP(&oc.Write, "write", "w", "", "write the  raw packets to file as pcapng format.")
 	opensslCmd.PersistentFlags().StringVarP(&oc.Ifname, "ifname", "i", "", "(TC Classifier) Interface name on which the probe will be attached.")

kern/README.md

@@ -115,3 +115,74 @@ struct bio_st {
     CRYPTO_EX_DATA ex_data;
 };
 ```
+
+## master secrets 
+
+| openssl label name          | openssl struct                  | Label Name                      | boringssl struct              |     |
+|-----------------------------|---------------------------------|---------------------------------|-------------------------------|-----|
+| MASTER_SECRET_LABEL         | s->session->master_key          | CLIENT_RANDOM                   | session->secret               |     |     
+| EXPORTER_SECRET             | s->exporter_master_secret       | EXPORTER_SECRET                 | ssl->s3->exporter_secret      |     |     
+| EARLY_EXPORTER_SECRET_LABEL | s->early_exporter_master_secret | EARLY_EXPORTER_SECRET           | -                             |     |     
+| SERVER_APPLICATION_LABEL    | s->server_app_traffic_secret    | SERVER_TRAFFIC_SECRET_0         | hs->server_traffic_secret_0() |     |     
+| CLIENT_APPLICATION_LABEL    | s->client_app_traffic_secret    | CLIENT_TRAFFIC_SECRET_0         | hs->client_traffic_secret_0() |     |     
+| SERVER_HANDSHAKE_LABEL      |                                 | SERVER_HANDSHAKE_TRAFFIC_SECRET | hs->server_handshake_secret() |     |     
+| CLIENT_HANDSHAKE_LABEL      |                                 | CLIENT_HANDSHAKE_TRAFFIC_SECRET | hs->client_handshake_secret() |     |     
+| CLIENT_EARLY_LABEL          |                                 | CLIENT_EARLY_TRAFFIC_SECRET     | hs->early_traffic_secret()    |     |     
+
+### EARLY_EXPORTER_SECRET_LABEL  EXPORTER_SECRET_LABEL
+-
+
+### SERVER_APPLICATION_LABEL
+insecret = s->master_secret;
+label = server_application_traffic;
+labellen = sizeof(server_application_traffic) - 1;
+log_label = SERVER_APPLICATION_LABEL;
+
+### CLIENT_APPLICATION_LABEL
+insecret = s->master_secret;
+label = client_application_traffic;
+labellen = sizeof(client_application_traffic) - 1;
+log_label = CLIENT_APPLICATION_LABEL;
+
+### SERVER_HANDSHAKE_LABEL
+insecret = s->handshake_secret;
+finsecret = s->server_finished_secret;
+finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+label = server_handshake_traffic;
+labellen = sizeof(server_handshake_traffic) - 1;
+log_label = SERVER_HANDSHAKE_LABEL;
+
+**再计算**
+memcpy(s->handshake_traffic_hash, hashval, hashlen);
+derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
+insecret, hash, label, labellen, secret, iv,
+ciph_ctx)
+
+### SERVER_HANDSHAKE_LABEL
+insecret = s->handshake_secret;
+finsecret = s->server_finished_secret;
+finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+label = server_handshake_traffic;
+labellen = sizeof(server_handshake_traffic) - 1;
+log_label = SERVER_HANDSHAKE_LABEL;
+
+**再计算**
+memcpy(s->handshake_traffic_hash, hashval, hashlen);
+derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
+insecret, hash, label, labellen, secret, iv,
+ciph_ctx)
+
+### CLIENT_HANDSHAKE_LABEL
+insecret = s->handshake_secret;
+finsecret = s->client_finished_secret;
+finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+label = client_handshake_traffic;
+labellen = sizeof(client_handshake_traffic) - 1;
+log_label = CLIENT_HANDSHAKE_LABEL;
+hash = s->handshake_traffic_hash;
+
+### CLIENT_EARLY_LABEL
+insecret = s->early_secret;
+label = client_early_traffic;
+labellen = sizeof(client_early_traffic) - 1;
+log_label = CLIENT_EARLY_LABEL;

kern/boringssl_1_1_1_kern.c

@@ -1,100 +1,50 @@
-#ifndef ECAPTURE_BORINGSSL_1_1_1_H
-#define ECAPTURE_BORINGSSL_1_1_1_H
+#ifndef ECAPTURE_BORINGSSL_1_1_1_KERN_H
+#define ECAPTURE_BORINGSSL_1_1_1_KERN_H
 
-/* OPENSSL_VERSION_TEXT: OpenSSL 1.1.1 (compatible; BoringSSL), OPENSSL_VERSION_NUMBER:0x1010107f */
+/* OPENSSL_VERSION_TEXT: OpenSSL 1.1.1 (compatible; BoringSSL), OPENSSL_VERSION_NUMBER: 269488255 */
 
-//------------------------------------------
-// android boringssl 版本
-// ssl->version 在 ssl_st 结构体中的偏移量
-#define SSL_ST_VERSION 16
+// ssl_st->version
+#define SSL_ST_VERSION 0x10
 
-// ssl->session 在 ssl_st 结构中的偏移量
-#define SSL_ST_SESSION 88
+// ssl_st->session
+#define SSL_ST_SESSION 0x58
 
-// session->secret 在 SSL_SESSION 中的偏移量
-#define SSL_SESSION_ST_MASTER_KEY 16
+// ssl_st->s3
+#define SSL_ST_S3 0x30
 
-// ssl->s3 在 ssl_st中的偏移量
-#define SSL_ST_S3 48
+// ssl_session_st->secret
+#define SSL_SESSION_ST_SECRET 0x10
 
-// s3->hs 在 ssl3_state_st 中的偏移量
-#define SSL_HS_OFFSET 272
+// ssl_session_st->secret_length
+#define SSL_SESSION_ST_SECRET_LENGTH 0xc
 
-// hs->established_session 在 SSL_HANDSHAKE 中的偏移量
-#define SSL_ESTABLISHED_SESSION_OFFSET 456
+// ssl_session_st->cipher
+#define SSL_SESSION_ST_CIPHER 0xd0
 
-// hs->new_session 在 SSL_HANDSHAKE 中的偏移量
-#define SSL_HS_NEW_SESSION_OFFSET 656
+// ssl_cipher_st->id
+#define SSL_CIPHER_ST_ID 0x10
 
-// hs->early_session 在 SSL_HANDSHAKE 中的偏移量
-#define SSL_HS_EARLY_SESSION_OFFSET 664
+// bssl::SSL3_STATE->hs
+#define BSSL__SSL3_STATE_HS 0x110
 
-// s3->client_random 在 ssl3_state_st 中的偏移量
-#define SSL_S3_CLIENT_RANDOM_OFFSET 48
+// bssl::SSL3_STATE->client_random
+#define BSSL__SSL3_STATE_CLIENT_RANDOM 0x30
 
+// bssl::SSL_HANDSHAKE->new_session
+#define BSSL__SSL_HANDSHAKE_NEW_SESSION 0x5d8
 
-////////// TLS 1.2 or older /////////
+// bssl::SSL_HANDSHAKE->early_session
+#define BSSL__SSL_HANDSHAKE_EARLY_SESSION 0x5e0
 
-// session->cipher 在 SSL_SESSION 中的偏移量
-#define SSL_SESSION_ST_CIPHER 496
+// bssl::SSL3_STATE->established_session
+#define BSSL__SSL3_STATE_ESTABLISHED_SESSION 0x1c8
 
-// session->cipher_id 在 SSL_SESSION 中的偏移量
-#define SSL_SESSION_ST_CIPHER_ID 0x1f8
+// bssl::SSL_HANDSHAKE->max_version
+#define BSSL__SSL_HANDSHAKE_MAX_VERSION 0x1e
 
-// cipher->id 在 ssl_cipher_st 中的偏移量
-#define SSL_CIPHER_ST_ID 0x18
-
-/*
-  size_t hash_len_ = 0;
-  uint8_t secret_[SSL_MAX_MD_SIZE] = {0};
-  uint8_t early_traffic_secret_[SSL_MAX_MD_SIZE] = {0};
-  uint8_t client_handshake_secret_[SSL_MAX_MD_SIZE] = {0};
-  uint8_t server_handshake_secret_[SSL_MAX_MD_SIZE] = {0};
-  uint8_t client_traffic_secret_0_[SSL_MAX_MD_SIZE] = {0};
-  uint8_t server_traffic_secret_0_[SSL_MAX_MD_SIZE] = {0};
-  uint8_t expected_client_finished_[SSL_MAX_MD_SIZE] = {0};
-  */
-// bssl::SSL_HANDSHAKE_max_version = 30
-
-///////////////////////////  NEW   ///////////////////////////
-// bssl::SSL_HANDSHAKE->secret_
-#define SSL_HANDSHAKE_SECRET_ = 40
-
-// bssl::SSL_HANDSHAKE->early_traffic_secret_
-#define SSL_HANDSHAKE_EARLY_TRAFFIC_SECRET_ = 88
-
-// bssl::SSL_HANDSHAKE->client_handshake_secret_
-#define SSL_HANDSHAKE_CLIENT_HANDSHAKE_SECRET_ = 136
-
-// bssl::SSL_HANDSHAKE->server_handshake_secret_
-#define SSL_HANDSHAKE_SERVER_HANDSHAKE_SECRET_ = 184
-
-// bssl::SSL_HANDSHAKE->client_traffic_secret_0_
-#define SSL_HANDSHAKE_CLIENT_TRAFFIC_SECRET_0_ = 232
-
-// bssl::SSL_HANDSHAKE->server_traffic_secret_0_
-#define SSL_HANDSHAKE_SERVER_TRAFFIC_SECRET_0_ = 280
-
-// bssl::SSL_HANDSHAKE->expected_client_finished_
-#define SSL_HANDSHAKE_EXPECTED_CLIENT_FINISHED_ = 328
-///////////////////////////  END   ///////////////////////////
-
-// ssl->handshake_secret 在 ssl_st 中的偏移量
-#define SSL_ST_HANDSHAKE_SECRET 0x17c  // 380
-
-// ssl->handshake_traffic_hash 在 ssl_st 中的偏移量
-#define SSL_ST_HANDSHAKE_TRAFFIC_HASH 0x2fc  // 764
-
-// ssl_st->client_app_traffic_secret
-#define SSL_ST_CLIENT_APP_TRAFFIC_SECRET 0x33c  // 828
-
-// ssl_st->server_app_traffic_secret
-#define SSL_ST_SERVER_APP_TRAFFIC_SECRET 0x37c  // 892
-
-// ssl->exporter_master_secret 在 ssl_st 中的偏移量
-#define SSL_ST_EXPORTER_MASTER_SECRET 0x3bc  // 956
+#include "boringssl_const.h"
+#include "boringssl_masterkey.h"
+#include "openssl.h"
 
 #endif
 
-#include "openssl.h"
-#include "boringssl_masterkey.h"

kern/boringssl_const.h

@@ -0,0 +1,36 @@
+#ifndef ECAPTURE_BORINGSSL_CONST_H
+#define ECAPTURE_BORINGSSL_CONST_H
+
+/////////////////////////////////////////// DON'T REMOVE THIS CODE BLOCK. //////////////////////////////////////////
+
+// memory layout from boringssl repo  ssl/internal.h line 1720
+// struct of struct SSL_HANDSHAKE
+
+// SSL_MAX_MD_SIZE is size of the largest hash function used in TLS, SHA-384.
+#define SSL_MAX_MD_SIZE 48
+
+// ssl_st->s3->hs
+// bssl::SSL_HANDSHAKE->secret_
+#define SSL_HANDSHAKE_SECRET_ BSSL__SSL_HANDSHAKE_MAX_VERSION+8+SSL_MAX_MD_SIZE*0
+
+// bssl::SSL_HANDSHAKE->early_traffic_secret_
+#define SSL_HANDSHAKE_EARLY_TRAFFIC_SECRET_ BSSL__SSL_HANDSHAKE_MAX_VERSION+8+SSL_MAX_MD_SIZE*1
+
+// bssl::SSL_HANDSHAKE->client_handshake_secret_
+#define SSL_HANDSHAKE_CLIENT_HANDSHAKE_SECRET_ BSSL__SSL_HANDSHAKE_MAX_VERSION+8+SSL_MAX_MD_SIZE*2
+
+// bssl::SSL_HANDSHAKE->server_handshake_secret_
+#define SSL_HANDSHAKE_SERVER_HANDSHAKE_SECRET_ BSSL__SSL_HANDSHAKE_MAX_VERSION+8+SSL_MAX_MD_SIZE*3
+
+// bssl::SSL_HANDSHAKE->client_traffic_secret_0_
+#define SSL_HANDSHAKE_CLIENT_TRAFFIC_SECRET_0_ BSSL__SSL_HANDSHAKE_MAX_VERSION+8+SSL_MAX_MD_SIZE*4
+
+// bssl::SSL_HANDSHAKE->server_traffic_secret_0_
+#define SSL_HANDSHAKE_SERVER_TRAFFIC_SECRET_0_ BSSL__SSL_HANDSHAKE_MAX_VERSION+8+SSL_MAX_MD_SIZE*5
+
+// bssl::SSL_HANDSHAKE->expected_client_finished_
+#define SSL_HANDSHAKE_EXPECTED_CLIENT_FINISHED_ BSSL__SSL_HANDSHAKE_MAX_VERSION+8+SSL_MAX_MD_SIZE*6
+
+///////////////////////////  END   ///////////////////////////
+
+#endif