1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <unistd.h>
15 #include <time.h>
16 #include <gmssl/tls.h>
17 #include <gmssl/x509.h>
18 #include <gmssl/error.h>
19
20
tls_record_type_name(int type)21 const char *tls_record_type_name(int type)
22 {
23 switch (type) {
24 case TLS_record_change_cipher_spec: return "ChangeCipherSpec";
25 case TLS_record_alert: return "Alert";
26 case TLS_record_handshake: return "Handshake";
27 case TLS_record_application_data: return "ApplicationData";
28 }
29 return NULL;
30 }
31
tls_protocol_name(int protocol)32 const char *tls_protocol_name(int protocol)
33 {
34 switch(protocol) {
35 case TLS_protocol_tlcp: return "TLCP";
36 case TLS_protocol_ssl2: return "SSL2.0";
37 case TLS_protocol_ssl3: return "SSL3.0";
38 case TLS_protocol_tls1: return "TLS1.0";
39 case TLS_protocol_tls11: return "TLS1.1";
40 case TLS_protocol_tls12: return "TLS1.2";
41 case TLS_protocol_tls13: return "TLS1.3";
42 case TLS_protocol_dtls1: return "DTLS1.0";
43 case TLS_protocol_dtls12: return "DTLS1.2";
44 }
45 return NULL;
46 }
47
tls_cipher_suite_name(int cipher)48 const char *tls_cipher_suite_name(int cipher)
49 {
50 switch (cipher) {
51 case TLS_cipher_null_with_null_null: return "TLS_NULL_WITH_NULL_NULL";
52 case TLS_cipher_sm4_gcm_sm3: return "TLS_SM4_GCM_SM3";
53 case TLS_cipher_sm4_ccm_sm3: return "TLS_SM4_CCM_SM3";
54 case TLS_cipher_ecdhe_sm4_cbc_sm3: return "TLS_ECDHE_SM4_CBC_SM3";
55 case TLS_cipher_ecdhe_sm4_gcm_sm3: return "TLS_ECDHE_SM4_GCM_SM3";
56 case TLS_cipher_ecc_sm4_cbc_sm3: return "TLS_ECC_SM4_CBC_SM3";
57 case TLS_cipher_ecc_sm4_gcm_sm3: return "TLS_ECC_SM4_GCM_SM3";
58 case TLS_cipher_ibsdh_sm4_cbc_sm3: return "TLS_IBSDH_SM4_CBC_SM3";
59 case TLS_cipher_ibsdh_sm4_gcm_sm3: return "TLS_IBSDH_SM4_GCM_SM3";
60 case TLS_cipher_ibc_sm4_cbc_sm3: return "TLS_IBC_SM4_CBC_SM3";
61 case TLS_cipher_ibc_sm4_gcm_sm3: return "TLS_IBC_SM4_GCM_SM3";
62 case TLS_cipher_rsa_sm4_cbc_sm3: return "TLS_RSA_SM4_CBC_SM3";
63 case TLS_cipher_rsa_sm4_gcm_sm3: return "TLS_RSA_SM4_GCM_SM3";
64 case TLS_cipher_rsa_sm4_cbc_sha256: return "TLS_RSA_SM4_CBC_SHA256";
65 case TLS_cipher_rsa_sm4_gcm_sha256: return "TLS_RSA_SM4_GCM_SHA256";
66 case TLS_cipher_aes_128_gcm_sha256: return "TLS_AES_128_GCM_SHA256";
67 case TLS_cipher_aes_256_gcm_sha384: return "TLS_AES_256_GCM_SHA384";
68 case TLS_cipher_chacha20_poly1305_sha256: return "TLS_CHACHA20_POLY1305_SHA256";
69 case TLS_cipher_aes_128_ccm_sha256: return "TLS_AES_128_CCM_SHA256";
70 case TLS_cipher_aes_128_ccm_8_sha256: return "TLS_AES_128_CCM_8_SHA256";
71 case TLS_cipher_empty_renegotiation_info_scsv: return "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
72 }
73 return NULL;
74 }
75
tls_compression_method_name(int meth)76 const char *tls_compression_method_name(int meth)
77 {
78 switch (meth) {
79 case 0: return "no_compression";
80 }
81 return NULL;
82 }
83
tls_extension_name(int ext)84 const char *tls_extension_name(int ext)
85 {
86 switch (ext) {
87 case TLS_extension_server_name: return "server_name";
88 case TLS_extension_max_fragment_length: return "max_fragment_length";
89 case TLS_extension_client_certificate_url: return "client_certificate_url";
90 case TLS_extension_trusted_ca_keys: return "trusted_ca_keys";
91 case TLS_extension_truncated_hmac: return "truncated_hmac";
92 case TLS_extension_status_request: return "status_request";
93 case TLS_extension_user_mapping: return "user_mapping";
94 case TLS_extension_client_authz: return "client_authz";
95 case TLS_extension_server_authz: return "server_authz";
96 case TLS_extension_cert_type: return "cert_type";
97 case TLS_extension_supported_groups: return "supported_groups";
98 case TLS_extension_ec_point_formats: return "ec_point_formats";
99 case TLS_extension_srp: return "srp";
100 case TLS_extension_signature_algorithms: return "signature_algorithms";
101 case TLS_extension_use_srtp: return "use_srtp";
102 case TLS_extension_heartbeat: return "heartbeat";
103 case TLS_extension_application_layer_protocol_negotiation: return "application_layer_protocol_negotiation";
104 case TLS_extension_status_request_v2: return "status_request_v2";
105 case TLS_extension_signed_certificate_timestamp: return "signed_certificate_timestamp";
106 case TLS_extension_client_certificate_type: return "client_certificate_type";
107 case TLS_extension_server_certificate_type: return "server_certificate_type";
108 case TLS_extension_padding: return "padding";
109 case TLS_extension_encrypt_then_mac: return "encrypt_then_mac";
110 case TLS_extension_extended_master_secret: return "extended_master_secret";
111 case TLS_extension_token_binding: return "token_binding";
112 case TLS_extension_cached_info: return "cached_info";
113 case TLS_extension_tls_lts: return "tls_lts";
114 case TLS_extension_compress_certificate: return "compress_certificate";
115 case TLS_extension_record_size_limit: return "record_size_limit";
116 case TLS_extension_pwd_protect: return "pwd_protect";
117 case TLS_extension_pwd_clear: return "pwd_clear";
118 case TLS_extension_password_salt: return "password_salt";
119 case TLS_extension_ticket_pinning: return "ticket_pinning";
120 case TLS_extension_tls_cert_with_extern_psk: return "tls_cert_with_extern_psk";
121 case TLS_extension_delegated_credentials: return "delegated_credentials";
122 case TLS_extension_session_ticket: return "session_ticket";
123 case TLS_extension_TLMSP: return "TLMSP";
124 case TLS_extension_TLMSP_proxying: return "TLMSP_proxying";
125 case TLS_extension_TLMSP_delegate: return "TLMSP_delegate";
126 case TLS_extension_supported_ekt_ciphers: return "supported_ekt_ciphers";
127 case TLS_extension_pre_shared_key: return "pre_shared_key";
128 case TLS_extension_early_data: return "early_data";
129 case TLS_extension_supported_versions: return "supported_versions";
130 case TLS_extension_cookie: return "cookie";
131 case TLS_extension_psk_key_exchange_modes: return "psk_key_exchange_modes";
132 case TLS_extension_certificate_authorities: return "certificate_authorities";
133 case TLS_extension_oid_filters: return "oid_filters";
134 case TLS_extension_post_handshake_auth: return "post_handshake_auth";
135 case TLS_extension_signature_algorithms_cert: return "signature_algorithms_cert";
136 case TLS_extension_key_share: return "key_share";
137 case TLS_extension_transparency_info: return "transparency_info";
138 case TLS_extension_connection_id: return "connection_id";
139 case TLS_extension_external_id_hash: return "external_id_hash";
140 case TLS_extension_external_session_id: return "external_session_id";
141 case TLS_extension_quic_transport_parameters: return "quic_transport_parameters";
142 case TLS_extension_ticket_request: return "ticket_request";
143 case TLS_extension_renegotiation_info: return "renegotiation_info";
144 };
145 return NULL;
146 }
147
tls_cert_type_name(int type)148 const char *tls_cert_type_name(int type)
149 {
150 switch (type) {
151 case TLS_cert_type_rsa_sign: return "rsa_sign";
152 case TLS_cert_type_dss_sign: return "dss_sign";
153 case TLS_cert_type_rsa_fixed_dh: return "rsa_fixed_dh";
154 case TLS_cert_type_dss_fixed_dh: return "dss_fixed_dh";
155 case TLS_cert_type_rsa_ephemeral_dh_RESERVED: return "rsa_ephemeral_dh_RESERVED";
156 case TLS_cert_type_dss_ephemeral_dh_RESERVED: return "dss_ephemeral_dh_RESERVED";
157 case TLS_cert_type_fortezza_dms_RESERVED: return "fortezza_dms_RESERVED";
158 case TLS_cert_type_ecdsa_sign: return "ecdsa_sign";
159 case TLS_cert_type_rsa_fixed_ecdh: return "rsa_fixed_ecdh_DEPRECATED";
160 case TLS_cert_type_ecdsa_fixed_ecdh: return "ecdsa_fixed_ecdh_DEPRECATED";
161 case TLS_cert_type_gost_sign256: return "gost_sign256";
162 case TLS_cert_type_gost_sign512: return "gost_sign512";
163 case TLS_cert_type_ibc_params: return "ibc_params";
164 }
165 return NULL;
166 }
167
tls_handshake_type_name(int type)168 const char *tls_handshake_type_name(int type)
169 {
170 switch (type) {
171 case TLS_handshake_hello_request: return "HelloRequest";
172 case TLS_handshake_client_hello: return "ClientHello";
173 case TLS_handshake_server_hello: return "ServerHello";
174 case TLS_handshake_hello_verify_request: return "HelloVerifyRequest";
175 case TLS_handshake_new_session_ticket: return "NewSessionTicket";
176 case TLS_handshake_end_of_early_data: return "EndOfEarlyData";
177 case TLS_handshake_hello_retry_request: return "HelloRetryRequest";
178 case TLS_handshake_encrypted_extensions: return "EncryptedExtensions";
179 case TLS_handshake_certificate: return "Certificate";
180 case TLS_handshake_server_key_exchange: return "ServerKeyExchange";
181 case TLS_handshake_certificate_request: return "CertificateRequest";
182 case TLS_handshake_server_hello_done: return "ServerHelloDone";
183 case TLS_handshake_certificate_verify: return "CertificateVerify";
184 case TLS_handshake_client_key_exchange: return "ClientKeyExchange";
185 case TLS_handshake_finished: return "Finished";
186 case TLS_handshake_certificate_url: return "CertificateUrl";
187 case TLS_handshake_certificate_status: return "CertificateStatus";
188 case TLS_handshake_supplemental_data: return "SupplementalData";
189 case TLS_handshake_key_update: return "KeyUpdate";
190 case TLS_handshake_compressed_certificate: return "CompressedCertificate";
191 case TLS_handshake_ekt_key: return "EktKey";
192 case TLS_handshake_message_hash: return "MessageHash";
193 }
194 return NULL;
195 }
196
tls_alert_level_name(int level)197 const char *tls_alert_level_name(int level)
198 {
199 switch (level) {
200 case TLS_alert_level_warning: return "warning";
201 case TLS_alert_level_fatal: return "fatal";
202 }
203 error_print_msg("unknown alert level %d\n", level);
204 return NULL;
205 }
206
tls_alert_description_text(int description)207 const char *tls_alert_description_text(int description)
208 {
209 switch (description) {
210 case TLS_alert_close_notify: return "close_notify";
211 case TLS_alert_unexpected_message: return "unexpected_message";
212 case TLS_alert_bad_record_mac: return "bad_record_mac";
213 case TLS_alert_decryption_failed: return "decryption_failed";
214 case TLS_alert_record_overflow: return "record_overflow";
215 case TLS_alert_decompression_failure: return "decompression_failure";
216 case TLS_alert_handshake_failure: return "handshake_failure";
217 case TLS_alert_no_certificate: return "no_certificate_RESERVED";
218 case TLS_alert_bad_certificate: return "bad_certificate";
219 case TLS_alert_unsupported_certificate: return "unsupported_certificate";
220 case TLS_alert_certificate_revoked: return "certificate_revoked";
221 case TLS_alert_certificate_expired: return "certificate_expired";
222 case TLS_alert_certificate_unknown: return "certificate_unknown";
223 case TLS_alert_illegal_parameter: return "illegal_parameter";
224 case TLS_alert_unknown_ca: return "unknown_ca";
225 case TLS_alert_access_denied: return "access_denied";
226 case TLS_alert_decode_error: return "decode_error";
227 case TLS_alert_decrypt_error: return "decrypt_error";
228 case TLS_alert_export_restriction: return "export_restriction_RESERVED";
229 case TLS_alert_protocol_version: return "protocol_version";
230 case TLS_alert_insufficient_security: return "insufficient_security";
231 case TLS_alert_internal_error: return "internal_error";
232 case TLS_alert_user_canceled: return "user_canceled";
233 case TLS_alert_no_renegotiation: return "no_renegotiation";
234 case TLS_alert_unsupported_extension: return "unsupported_extension";
235 case TLS_alert_unsupported_site2site: return "unsupported_site2site";
236 case TLS_alert_no_area: return "no_area";
237 case TLS_alert_unsupported_areatype: return "unsupported_areatype";
238 case TLS_alert_bad_ibcparam: return "bad_ibcparam";
239 case TLS_alert_unsupported_ibcparam: return "unsupported_ibcparam";
240 case TLS_alert_identity_need: return "identity_need";
241 }
242 error_print_msg("unknown alert description %d", description);
243 return NULL;
244 }
245
tls_change_cipher_spec_text(int change_cipher_spec)246 const char *tls_change_cipher_spec_text(int change_cipher_spec)
247 {
248 switch (change_cipher_spec) {
249 case TLS_change_cipher_spec: return "change_cipher_spec";
250 }
251 return NULL;
252 }
253
tls_ec_point_format_name(int format)254 const char *tls_ec_point_format_name(int format)
255 {
256 switch (format) {
257 case TLS_point_uncompressed: return "uncompressed";
258 case TLS_point_ansix962_compressed_prime: return "compressed_prime";
259 case TLS_point_ansix962_compressed_char2: return "compressed_char2";
260 }
261 return NULL;
262 }
263
tls_curve_type_name(int type)264 const char *tls_curve_type_name(int type)
265 {
266 switch (type) {
267 case TLS_curve_type_explicit_prime: return "explicit_prime";
268 case TLS_curve_type_explicit_char2: return "explicit_char2";
269 case TLS_curve_type_named_curve: return "named_curve";
270 }
271 return NULL;
272 }
273
274
275 // FIXME: 是否应该将函数名改为 tls_curve_name() 这样和 TLS_curve_xxx 保持一致
tls_named_curve_name(int curve)276 const char *tls_named_curve_name(int curve)
277 {
278 switch (curve) {
279 case TLS_curve_secp256k1: return "secp256k1";
280 case TLS_curve_secp256r1: return "secp256r1";
281 case TLS_curve_secp384r1: return "secp384r1";
282 case TLS_curve_secp521r1: return "secp521r1";
283 case TLS_curve_brainpoolp256r1: return "brainpoolp256r1";
284 case TLS_curve_brainpoolp384r1: return "brainpoolp384r1";
285 case TLS_curve_brainpoolp512r1: return "brainpoolp512r1";
286 case TLS_curve_x25519: return "x25519";
287 case TLS_curve_x448: return "x448";
288 case TLS_curve_brainpoolp256r1tls13: return "brainpoolp256r1tls13";
289 case TLS_curve_brainpoolp384r1tls13: return "brainpoolp384r1tls13";
290 case TLS_curve_brainpoolp512r1tls13: return "brainpoolp512r1tls13";
291 case TLS_curve_sm2p256v1: return "sm2p256v1";
292 }
293 return NULL;
294 }
295
tls_signature_scheme_name(int scheme)296 const char *tls_signature_scheme_name(int scheme)
297 {
298 switch (scheme) {
299 case TLS_sig_rsa_pkcs1_sha1: return "rsa_pkcs1_sha1";
300 case TLS_sig_ecdsa_sha1: return "ecdsa_sha1";
301 case TLS_sig_rsa_pkcs1_sha256: return "rsa_pkcs1_sha256";
302 case TLS_sig_ecdsa_secp256r1_sha256: return "ecdsa_secp256r1_sha256";
303 case TLS_sig_rsa_pkcs1_sha256_legacy: return "rsa_pkcs1_sha256_legacy";
304 case TLS_sig_rsa_pkcs1_sha384: return "rsa_pkcs1_sha384";
305 case TLS_sig_ecdsa_secp384r1_sha384: return "ecdsa_secp384r1_sha384";
306 case TLS_sig_rsa_pkcs1_sha384_legacy: return "rsa_pkcs1_sha384_legacy";
307 case TLS_sig_rsa_pkcs1_sha512: return "rsa_pkcs1_sha512";
308 case TLS_sig_ecdsa_secp521r1_sha512: return "ecdsa_secp521r1_sha512";
309 case TLS_sig_rsa_pkcs1_sha512_legacy: return "rsa_pkcs1_sha512_legacy";
310 case TLS_sig_sm2sig_sm3: return "sm2sig_sm3";
311 case TLS_sig_rsa_pss_rsae_sha256: return "rsa_pss_rsae_sha256";
312 case TLS_sig_rsa_pss_rsae_sha384: return "rsa_pss_rsae_sha384";
313 case TLS_sig_rsa_pss_rsae_sha512: return "rsa_pss_rsae_sha512";
314 case TLS_sig_ed25519: return "ed25519";
315 case TLS_sig_ed448: return "ed448";
316 case TLS_sig_rsa_pss_pss_sha256: return "rsa_pss_pss_sha256";
317 case TLS_sig_rsa_pss_pss_sha384: return "rsa_pss_pss_sha384";
318 case TLS_sig_rsa_pss_pss_sha512: return "rsa_pss_pss_sha512";
319 case TLS_sig_ecdsa_brainpoolP256r1tls13_sha256: return "ecdsa_brainpoolP256r1tls13_sha256";
320 case TLS_sig_ecdsa_brainpoolP384r1tls13_sha384: return "ecdsa_brainpoolP384r1tls13_sha384";
321 case TLS_sig_ecdsa_brainpoolP512r1tls13_sha512: return "ecdsa_brainpoolP512r1tls13_sha512";
322 }
323 return NULL;
324 }
325
tls_random_print(FILE * fp,const uint8_t random[32],int format,int indent)326 int tls_random_print(FILE *fp, const uint8_t random[32], int format, int indent)
327 {
328 int i;
329 time_t gmt_unix_time = 0;
330 const uint8_t *cp = random;
331 size_t len = 4;
332
333 tls_uint32_from_bytes((uint32_t *)&gmt_unix_time, &cp, &len);
334 format_print(fp, format, indent, "Random\n");
335 indent += 4;
336 format_print(fp, format, indent, "gmt_unix_time : %s", ctime(&gmt_unix_time));
337 format_bytes(fp, format, indent, "random", random + 4, 28);
338 return 1;
339 }
340
tls_pre_master_secret_print(FILE * fp,const uint8_t pre_master_secret[48],int format,int indent)341 int tls_pre_master_secret_print(FILE *fp, const uint8_t pre_master_secret[48], int format, int indent)
342 {
343 int protocol = ((int)pre_master_secret[0] << 8) | pre_master_secret[1];
344 format_print(fp, format, indent, "PreMasterSecret\n");
345 indent += 4;
346 format_print(fp, format, indent, "protocol : %s\n", tls_protocol_name(protocol));
347 format_bytes(fp, format, indent, "pre_master_secret", pre_master_secret, 48);
348 return 1;
349 }
350
351 // supported_versions 的格式还受到 handshake_type 影响
tls_extension_print(FILE * fp,int type,const uint8_t * data,size_t datalen,int format,int indent)352 int tls_extension_print(FILE *fp, int type, const uint8_t *data, size_t datalen, int format, int indent)
353 {
354 const uint8_t *p;
355 size_t len;
356
357 format_print(fp, format, indent, "%s (%d)\n", tls_extension_name(type), type);
358 indent += 4;
359
360 switch (type) {
361 case TLS_extension_supported_versions:
362 if (tls_uint16array_from_bytes(&p, &len, &data, &datalen) != 1
363 || tls_length_is_zero(datalen) != 1
364 || len % 2) {
365 error_print();
366 return -1;
367 }
368 while (len) {
369 uint16_t proto;
370 tls_uint16_from_bytes(&proto, &p, &len);
371 format_print(fp, format, indent, "%s (0x%04x)\n",
372 tls_protocol_name(proto), proto);
373 }
374 break;
375 case TLS_extension_supported_groups:
376 if (tls_uint16array_from_bytes(&p, &len, &data, &datalen) != 1
377 || datalen
378 || len % 2) {
379 error_print();
380 return -1;
381 }
382 while (len) {
383 uint16_t curve;
384 tls_uint16_from_bytes(&curve, &p, &len);
385 format_print(fp, format, indent, "%s (%d)\n",
386 tls_named_curve_name(curve), curve);
387 }
388 break;
389 case TLS_extension_ec_point_formats:
390 if (tls_uint8array_from_bytes(&p, &len, &data, &datalen) != 1
391 || datalen) {
392 error_print();
393 return -1;
394 }
395 while (len) {
396 uint8_t point_form;
397 tls_uint8_from_bytes(&point_form, &p, &len);
398 format_print(fp, format, indent, "%s (%d)\n",
399 tls_ec_point_format_name(point_form), point_form);
400 }
401 break;
402 case TLS_extension_signature_algorithms:
403 if (tls_uint16array_from_bytes(&p, &len, &data, &datalen) != 1
404 || datalen
405 || len % 2) {
406 error_print();
407 return -1;
408 }
409 while (len) {
410 uint16_t sig_alg;
411 tls_uint16_from_bytes(&sig_alg, &p, &len);
412 format_print(fp, format, indent, "%s (0x%04x)\n",
413 tls_signature_scheme_name(sig_alg), sig_alg);
414 }
415 break;
416 case TLS_extension_key_share:
417 if (tls_uint16array_from_bytes(&p, &len, &data, &datalen) != 1
418 || datalen) {
419 error_print();
420 return -1;
421 }
422 while (len) {
423 uint16_t group;
424 const uint8_t *key_exch;
425 size_t key_exch_len;
426
427 if (tls_uint16_from_bytes(&group, &p, &len) != 1
428 || tls_uint16array_from_bytes(&key_exch, &key_exch_len, &p, &len) != 1) {
429 error_print();
430 return -1;
431 }
432 format_print(fp, format, indent, "group: %s (%d)\n", tls_named_curve_name(group), group);
433 format_bytes(fp, format, indent, "key_exchange", key_exch, key_exch_len);
434 }
435 break;
436
437 default:
438 format_bytes(fp, format, indent, "raw_data", data, datalen);
439 }
440 return 1;
441 }
442
tls13_extension_print(FILE * fp,int fmt,int ind,int handshake_type,int ext_type,const uint8_t * ext_data,size_t ext_datalen)443 int tls13_extension_print(FILE *fp, int fmt, int ind,
444 int handshake_type, int ext_type, const uint8_t *ext_data, size_t ext_datalen)
445 {
446 switch (ext_type) {
447 case TLS_extension_supported_groups:
448 case TLS_extension_ec_point_formats:
449 case TLS_extension_signature_algorithms:
450 return tls_extension_print(fp, ext_type, ext_data, ext_datalen, fmt, ind);
451 }
452
453 format_print(fp, fmt, ind, "%s (%d)\n", tls_extension_name(ext_type), ext_type);
454 ind += 4;
455
456 switch (ext_type) {
457 case TLS_extension_supported_versions:
458 tls13_supported_versions_ext_print(fp, fmt, ind, handshake_type, ext_data, ext_datalen);
459 break;
460 case TLS_extension_key_share:
461 tls13_key_share_ext_print(fp, fmt, ind, handshake_type, ext_data, ext_datalen);
462 break;
463 default:
464 format_bytes(fp, fmt, ind, "raw_data", ext_data, ext_datalen);
465 }
466 return 1;
467 }
468
tls13_extensions_print(FILE * fp,int fmt,int ind,int handshake_type,const uint8_t * exts,size_t extslen)469 int tls13_extensions_print(FILE *fp, int fmt, int ind,
470 int handshake_type, const uint8_t *exts, size_t extslen)
471 {
472 uint16_t ext_type;
473 const uint8_t *ext_data;
474 size_t ext_datalen;
475
476 if (!exts) {
477 format_print(fp, fmt, ind, "Extensions: (null)\n");
478 return 1;
479 }
480
481 format_print(fp, fmt, ind, "Extensions\n");
482 ind += 4;
483
484 while (extslen > 0) {
485 if (tls_uint16_from_bytes(&ext_type, &exts, &extslen) != 1
486 || tls_uint16array_from_bytes(&ext_data, &ext_datalen, &exts, &extslen) != 1) {
487 error_print();
488 return -1;
489 }
490 if (tls13_extension_print(fp, fmt, ind, handshake_type, ext_type, ext_data, ext_datalen) != 1) {
491 error_print();
492 return -1;
493 }
494 }
495 return 1;
496 }
497
tls_extensions_print(FILE * fp,const uint8_t * exts,size_t extslen,int format,int indent)498 int tls_extensions_print(FILE *fp, const uint8_t *exts, size_t extslen, int format, int indent)
499 {
500 uint16_t ext_type;
501 const uint8_t *ext_data;
502 size_t ext_datalen;
503
504 format_print(fp, format, indent, "Extensions\n");
505 indent += 4;
506 while (extslen > 0) {
507 if (tls_uint16_from_bytes(&ext_type, &exts, &extslen) != 1
508 || tls_uint16array_from_bytes(&ext_data, &ext_datalen, &exts, &extslen) != 1) {
509 error_print();
510 return -1;
511 }
512 if (tls_extension_print(fp, ext_type, ext_data, ext_datalen, format, indent) != 1) {
513 error_print();
514 return -1;
515 }
516 }
517 return 1;
518 }
519
tls_hello_request_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)520 int tls_hello_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
521 {
522 format_print(fp, format, indent, "HelloRequest\n");
523 indent += 4;
524 if (data || datalen > 0) {
525 error_print();
526 return -1;
527 }
528 return 1;
529 }
530
tls_client_hello_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)531 int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
532 {
533 int ret = -1;
534 uint16_t protocol;
535 const uint8_t *random;
536 const uint8_t *session_id;
537 const uint8_t *cipher_suites;
538 const uint8_t *comp_meths;
539 const uint8_t *exts;
540 size_t session_id_len, cipher_suites_len, comp_meths_len, exts_len;
541 size_t i;
542
543 format_print(fp, format, indent, "ClientHello\n"); indent += 4;
544 if (tls_uint16_from_bytes((uint16_t *)&protocol, &data, &datalen) != 1) goto end;
545 format_print(fp, format, indent, "Version: %s (%d.%d)\n",
546 tls_protocol_name(protocol), protocol >> 8, protocol & 0xff);
547 if (tls_array_from_bytes(&random, 32, &data, &datalen) != 1) goto end;
548 tls_random_print(fp, random, format, indent);
549 if (tls_uint8array_from_bytes(&session_id, &session_id_len, &data, &datalen) != 1) goto end;
550 format_bytes(fp, format, indent, "SessionID", session_id, session_id_len);
551 if (tls_uint16array_from_bytes(&cipher_suites, &cipher_suites_len, &data, &datalen) != 1) goto end;
552 format_print(fp, format, indent, "CipherSuites\n");
553 while (cipher_suites_len >= 2) {
554 uint16_t cipher;
555 if (tls_uint16_from_bytes(&cipher, &cipher_suites, &cipher_suites_len) != 1) goto end;
556 format_print(fp, format, indent + 4, "%s (0x%04x)\n",
557 tls_cipher_suite_name(cipher), cipher);
558 }
559 if (cipher_suites_len) {
560 error_print();
561 return -1;
562 }
563 if (tls_uint8array_from_bytes(&comp_meths, &comp_meths_len, &data, &datalen) != 1) goto end;
564 format_print(fp, format, indent, "CompressionMethods\n");
565 for (i = 0; i < comp_meths_len; i++) {
566 format_print(fp, format, indent + 4, "%s (%d)\n",
567 tls_compression_method_name(comp_meths[i]), comp_meths[i]);
568 }
569 if (datalen > 0) {
570 if (tls_uint16array_from_bytes(&exts, &exts_len, &data, &datalen) != 1) goto end;
571 //tls_extensions_print(fp, exts, exts_len, format, indent);
572 tls13_extensions_print(fp, format, indent, TLS_handshake_client_hello, exts, exts_len);
573 }
574 if (datalen > 0) {
575 error_print();
576 return -1;
577 }
578 ret = 1;
579 end:
580 return ret;
581 }
582
tls_server_hello_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)583 int tls_server_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
584 {
585 int ret = -1;
586 uint16_t protocol;
587 const uint8_t *random;
588 const uint8_t *session_id;
589 uint16_t cipher_suite;
590 uint8_t comp_meth;
591 const uint8_t *exts;
592 size_t session_id_len, cipher_suites_len, comp_meths_len, exts_len;
593 size_t i;
594
595 format_print(fp, format, indent, "ServerHello\n"); indent += 4;
596 if (tls_uint16_from_bytes(&protocol, &data, &datalen) != 1) goto bad;
597 format_print(fp, format, indent, "Version: %s (%d.%d)\n",
598 tls_protocol_name(protocol), protocol >> 8, protocol & 0xff);
599 if (tls_array_from_bytes(&random, 32, &data, &datalen) != 1) goto bad;
600 tls_random_print(fp, random, format, indent);
601 if (tls_uint8array_from_bytes(&session_id, &session_id_len, &data, &datalen) != 1) goto bad;
602 format_bytes(fp, format, indent, "SessionID", session_id, session_id_len);
603 if (tls_uint16_from_bytes(&cipher_suite, &data, &datalen) != 1) goto bad;
604 format_print(fp, format, indent, "CipherSuite: %s (0x%04x)\n",
605 tls_cipher_suite_name(cipher_suite), cipher_suite);
606 if (tls_uint8_from_bytes(&comp_meth, &data, &datalen) != 1) goto bad;
607 format_print(fp, format, indent, "CompressionMethod: %s (%d)\n",
608 tls_compression_method_name(comp_meth), comp_meth);
609 if (datalen > 0) {
610 if (tls_uint16array_from_bytes(&exts, &exts_len, &data, &datalen) != 1) goto bad;
611 //format_bytes(fp, format, indent, "Extensions : ", exts, exts_len); // FIXME: extensions_print
612 //tls_extensions_print(fp, exts, exts_len, format, indent);
613 tls13_extensions_print(fp, format, indent, TLS_handshake_server_hello, exts, exts_len);
614 }
615 return 1;
616 bad:
617 error_print();
618 return -1;
619 }
620
tls_certificate_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)621 int tls_certificate_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
622 {
623 int ret;
624 const uint8_t *certs;
625 size_t certslen;
626 const uint8_t *der;
627 size_t derlen;
628
629 if (tls_uint24array_from_bytes(&certs, &certslen, &data, &datalen) != 1) {
630 error_print();
631 return -1;
632 }
633 while (certslen > 0) {
634 if (tls_uint24array_from_bytes(&der, &derlen, &certs, &certslen) != 1) {
635 error_print();
636 return -1;
637 }
638 (void)x509_cert_print(fp, format, indent, "Certificate", der, derlen);
639 (void)x509_cert_to_pem(der, derlen, fp);
640 }
641
642 if (datalen) {
643 error_print();
644 return -1;
645 }
646 return 1;
647 }
648
tls_server_key_exchange_ecdhe_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)649 int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
650 int format, int indent)
651 {
652 uint8_t curve_type;
653 uint16_t curve;
654 const uint8_t *octets;
655 size_t octetslen;
656 uint16_t sig_alg;
657 const uint8_t *sig;
658 size_t siglen;
659
660 format_print(fp, format, indent, "ServerKeyExchange\n");
661 indent += 4;
662 format_print(fp, format, indent, "ServerECDHParams\n");
663 format_print(fp, format, indent + 4, "curve_params\n");
664 if (tls_uint8_from_bytes(&curve_type, &data, &datalen) != 1) {
665 error_print();
666 return -1;
667 }
668 format_print(fp, format, indent + 8, "curve_type: %s (%d)\n",
669 tls_curve_type_name(curve_type), curve_type);
670 if (tls_uint16_from_bytes(&curve, &data, &datalen) != 1) {
671 error_print();
672 return -1;
673 }
674 format_print(fp, format, indent + 8, "named_curve: %s (%d)\n",
675 tls_named_curve_name(curve), curve);
676 if (tls_uint8array_from_bytes(&octets, &octetslen, &data, &datalen) != 1) {
677 error_print();
678 return -1;
679 }
680 format_bytes(fp, format, indent + 4, "point", octets, octetslen);
681 if (tls_uint16_from_bytes(&sig_alg, &data, &datalen) != 1) {
682 error_print();
683 return -1;
684 }
685 format_print(fp, format, indent, "SignatureScheme: %s (0x%04x)\n",
686 tls_signature_scheme_name(sig_alg), sig_alg);
687 if (tls_uint16array_from_bytes(&sig, &siglen, &data, &datalen) != 1) {
688 error_print();
689 return -1;
690 }
691 format_bytes(fp, format, indent, "Siganture", sig, siglen);
692 if (datalen > 0) {
693 error_print();
694 return -1;
695 }
696 return 1;
697 }
698
tls_server_key_exchange_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)699 int tls_server_key_exchange_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
700 {
701 int cipher_suite = (format >> 8) & 0xffff;
702
703 switch (cipher_suite) {
704 case TLS_cipher_ecc_sm4_cbc_sm3:
705 case TLS_cipher_ecc_sm4_gcm_sm3:
706 if (tlcp_server_key_exchange_pke_print(fp, data, datalen, format, indent) != 1) {
707 error_print();
708 return -1;
709 }
710 break;
711 case TLS_cipher_ecdhe_sm4_cbc_sm3:
712 case TLS_cipher_ecdhe_sm4_gcm_sm3:
713 if (tls_server_key_exchange_ecdhe_print(fp, data, datalen, format, indent) != 1) {
714 error_print();
715 return -1;
716 }
717 break;
718 default:
719 error_print();
720 return -1;
721 }
722 return 1;
723 }
724
tls_certificate_subjects_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)725 int tls_certificate_subjects_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
726 {
727 const uint8_t *a;
728 size_t alen;
729
730 format_print(fp, fmt, ind, "%s\n", label);
731 ind += 4;
732
733 while (dlen) {
734 const uint8_t *name;
735 size_t namelen;
736
737 if (tls_uint16array_from_bytes(&a, &alen, &d, &dlen) != 1) {
738 error_print();
739 return -1;
740 }
741 if (asn1_sequence_from_der(&name, &namelen, &a, &alen) != 1
742 || asn1_length_is_zero(alen) != 1) {
743 error_print();
744 return -1;
745 }
746 x509_name_print(fp, fmt, ind, "DistinguishedName", name, namelen);
747 }
748 return 1;
749 }
750
tls_certificate_request_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)751 int tls_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
752 {
753 const uint8_t *cert_types;
754 const uint8_t *ca_names;
755 size_t cert_types_len, ca_names_len, i;
756
757 format_print(fp, format, indent, "CertificateRequest\n"); indent += 4;
758 if (tls_uint8array_from_bytes(&cert_types, &cert_types_len, &data, &datalen) != 1) goto bad;
759 format_print(fp, format, indent, "cert_types\n");
760 while (cert_types_len--) {
761 int cert_type = *cert_types++;
762 format_print(fp, format, indent + 4, "%s (%d)\n", tls_cert_type_name(cert_type), cert_type);
763 }
764 if (tls_uint16array_from_bytes(&ca_names, &ca_names_len, &data, &datalen) != 1) goto bad;
765 tls_certificate_subjects_print(fp, format, indent, "CAnames", ca_names, ca_names_len);
766
767 return 1;
768 bad:
769 error_print();
770 return -1;
771 }
772
tls_server_hello_done_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)773 int tls_server_hello_done_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
774 {
775 if (datalen > 0) {
776 error_print();
777 return -1;
778 }
779 return 1;
780 }
781
tls_client_key_exchange_pke_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)782 int tls_client_key_exchange_pke_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
783 {
784 const uint8_t *enced_pms;
785 size_t enced_pms_len;
786
787 if (tls_uint16array_from_bytes(&enced_pms, &enced_pms_len, &data, &datalen) != 1) {
788 error_print();
789 return -1;
790 }
791 format_bytes(fp, format, indent, "EncryptedPreMasterSecret", enced_pms, enced_pms_len);
792 return 1;
793 }
794
tls_client_key_exchange_ecdhe_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)795 int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
796 int format, int indent)
797 {
798 const uint8_t *octets;
799 size_t octetslen;
800
801 format_print(fp, format, indent, "ClientKeyExchange\n");
802 indent += 4;
803 if (tls_uint8array_from_bytes(&octets, &octetslen, &data, &datalen) != 1) {
804 error_print();
805 return -1;
806 }
807 format_bytes(fp, format, indent, "ecdh_Yc", octets, octetslen);
808 if (datalen > 0) {
809 error_print();
810 return -1;
811 }
812 return 1;
813 }
814
tls_client_key_exchange_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)815 int tls_client_key_exchange_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
816 {
817 int cipher_suite = (format >> 8) & 0xffff;
818 switch (cipher_suite) {
819 case TLS_cipher_ecc_sm4_cbc_sm3:
820 case TLS_cipher_ecc_sm4_gcm_sm3:
821 if (tls_client_key_exchange_pke_print(fp, data, datalen, format, indent) != 1) {
822 error_print();
823 return -1;
824 }
825 break;
826 case TLS_cipher_ecdhe_sm4_cbc_sm3:
827 case TLS_cipher_ecdhe_sm4_gcm_sm3:
828 if (tls_client_key_exchange_ecdhe_print(fp, data, datalen, format, indent) != 1) {
829 error_print();
830 return -1;
831 }
832 break;
833 default:
834 error_print();
835 return -1;
836 }
837 return 1;
838 }
839
tls_certificate_verify_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)840 int tls_certificate_verify_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
841 {
842 format_print(fp, format, indent, "CertificateVerify\n");
843 format_bytes(fp, format, indent + 4, "Signature", data, datalen);
844 return 1;
845 }
846
tls_finished_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)847 int tls_finished_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
848 {
849 format_print(fp, format, indent, "Finished\n");
850 indent += 4;
851 format_bytes(fp, format, indent, "verify_data", data, datalen);
852 return 1;
853 }
854
tls13_handshake_print(FILE * fp,int fmt,int ind,const uint8_t * handshake,size_t handshake_len)855 int tls13_handshake_print(FILE *fp, int fmt, int ind, const uint8_t *handshake, size_t handshake_len)
856 {
857 const uint8_t *p = handshake;
858 size_t len = handshake_len;
859 uint8_t type;
860 const uint8_t *data;
861 size_t datalen;
862
863 if (tls_uint8_from_bytes(&type, &handshake, &handshake_len) != 1
864 || tls_uint24array_from_bytes(&data, &datalen, &handshake, &handshake_len) != 1
865 || tls_length_is_zero(handshake_len) != 1) {
866 error_print();
867 return -1;
868 }
869
870 switch (type) {
871 case TLS_handshake_certificate:
872 case TLS_handshake_certificate_request:
873 case TLS_handshake_certificate_verify:
874 format_print(fp, fmt, ind, "Handshake\n");
875 ind += 4;
876 format_print(fp, fmt, ind, "Type: %s (%d)\n", tls_handshake_type_name(type), type);
877 format_print(fp, fmt, ind, "Length: %zu\n", datalen);
878 break;
879 }
880 switch (type) {
881 case TLS_handshake_certificate:
882 return tls13_certificate_print(fp, fmt, ind, data, datalen);
883 case TLS_handshake_certificate_request:
884 return tls13_certificate_request_print(fp, fmt, ind, data, datalen);
885 case TLS_handshake_certificate_verify:
886 return tls13_certificate_verify_print(fp, fmt, ind, data, datalen);
887 }
888
889 return tls_handshake_print(fp, p, len, fmt, ind);
890 }
891
892 // 这个是有问题的,因为TLS 1.3的证书和TLS 1.2是不一样的
tls_handshake_print(FILE * fp,const uint8_t * handshake,size_t handshakelen,int format,int indent)893 int tls_handshake_print(FILE *fp, const uint8_t *handshake, size_t handshakelen, int format, int indent)
894 {
895 const uint8_t *cp = handshake;
896 uint8_t type;
897 const uint8_t *data;
898 size_t datalen = 0;
899
900 format_print(fp, format, indent, "Handshake\n");
901 indent += 4;
902
903 if (tls_uint8_from_bytes(&type, &cp, &handshakelen) != 1) {
904 error_print();
905 return -1;
906 }
907 format_print(fp, format, indent, "Type: %s (%d)\n", tls_handshake_type_name(type), type);
908 if (tls_uint24_from_bytes((uint24_t *)&datalen, &cp, &handshakelen) != 1) {
909 error_print();
910 return -1;
911 }
912 format_print(fp, format, indent, "Length: %zu\n", datalen);
913
914 if (tls_array_from_bytes(&data, datalen, &cp, &handshakelen) != 1) {
915 error_print();
916 return -1;
917 }
918 switch (type) {
919 case TLS_handshake_hello_request:
920 if (tls_hello_request_print(fp, data, datalen, format, indent) != 1)
921 { error_print(); return -1; } break;
922 case TLS_handshake_client_hello:
923 if (tls_client_hello_print(fp, data, datalen, format, indent) != 1)
924 { error_print(); return -1; } break;
925 case TLS_handshake_server_hello:
926 if (tls_server_hello_print(fp, data, datalen, format, indent) != 1)
927 { error_print(); return -1; } break;
928 case TLS_handshake_encrypted_extensions:
929 tls13_encrypted_extensions_print(fp, format, indent, data, datalen);
930 break;
931
932 case TLS_handshake_certificate:
933 if (tls_certificate_print(fp, data, datalen, format, indent) != 1)
934 { error_print(); return -1; } break;
935 case TLS_handshake_server_key_exchange:
936 if (tls_server_key_exchange_print(fp, data, datalen, format, indent) != 1)
937 { error_print(); return -1; } break;
938 case TLS_handshake_certificate_request:
939 if (tls_certificate_request_print(fp, data, datalen, format, indent) != 1)
940 { error_print(); return -1; } break;
941 case TLS_handshake_server_hello_done:
942 if (tls_server_hello_done_print(fp, data, datalen, format, indent) != 1)
943 { error_print(); return -1; } break;
944 case TLS_handshake_client_key_exchange:
945 if (tls_client_key_exchange_print(fp, data, datalen, format, indent) != 1)
946 { error_print(); return -1; } break;
947 case TLS_handshake_certificate_verify:
948 if (tls_certificate_verify_print(fp, data, datalen, format, indent) != 1)
949 { error_print(); return -1; } break;
950 case TLS_handshake_finished:
951 if (tls_finished_print(fp, data, datalen, format, indent) != 1)
952 { error_print(); return -1; } break;
953 default:
954 error_print();
955 return -1;
956 }
957 return 1;
958 }
959
tls_alert_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)960 int tls_alert_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
961 {
962 if (datalen != 2) {
963 error_print();
964 return -1;
965 }
966 format_print(fp, format, indent, "Alert:\n");
967 indent += 4;
968 format_print(fp, format, indent, "Level: %s (%d)\n", tls_alert_level_name(data[0]), data[0]);
969 format_print(fp, format, indent, "Reason: %s (%d)\n", tls_alert_description_text(data[1]), data[1]);
970 return 1;
971 }
972
tls_change_cipher_spec_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)973 int tls_change_cipher_spec_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
974 {
975 if (datalen != 1) {
976 error_print();
977 return -1;
978 }
979 format_print(fp, format, indent, "ChangeCipherSpec\n");
980 indent += 4;
981 format_print(fp, format, indent, "type : %s (%d)\n", tls_change_cipher_spec_text(data[0]), data[0]);
982 return 1;
983 }
984
tls_application_data_print(FILE * fp,const uint8_t * data,size_t datalen,int format,int indent)985 int tls_application_data_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent)
986 {
987 format_bytes(fp, format, indent, "ApplicationData", data, datalen);
988 return 1;
989 }
990
tls13_record_print(FILE * fp,int format,int indent,const uint8_t * record,size_t recordlen)991 int tls13_record_print(FILE *fp, int format, int indent, const uint8_t *record, size_t recordlen)
992 {
993 const uint8_t *data;
994 size_t datalen;
995 int protocol;
996
997 format |= TLS_cipher_sm4_gcm_sm3 << 8;
998
999 if (!fp || !record || recordlen < 5) {
1000 error_print();
1001 return -1;
1002 }
1003 protocol = tls_record_protocol(record);
1004 format_print(fp, format, indent, "Record\n"); indent += 4;
1005 format_print(fp, format, indent, "ContentType: %s (%d)\n", tls_record_type_name(record[0]), record[0]);
1006 format_print(fp, format, indent, "Version: %s (%d.%d)\n", tls_protocol_name(protocol), protocol >> 8, protocol & 0xff);
1007 format_print(fp, format, indent, "Length: %d\n", tls_record_data_length(record));
1008
1009 data = tls_record_data(record);
1010 datalen = tls_record_data_length(record);
1011
1012 if (recordlen < tls_record_length(record)) {
1013 error_print();
1014 return -1;
1015 }
1016
1017 // 最高字节设置后强制打印记录原始数据
1018 if (format >> 24) {
1019 format_bytes(fp, format, indent, "Data", data, datalen);
1020 fprintf(fp, "\n");
1021 return 1;
1022 }
1023
1024 switch (record[0]) {
1025 case TLS_record_handshake:
1026 tls13_handshake_print(fp, format, indent, data, datalen);
1027 break;
1028 case TLS_record_alert:
1029 if (tls_alert_print(fp, data, datalen, format, indent) != 1) {
1030 error_print();
1031 return -1;
1032 }
1033 break;
1034 case TLS_record_change_cipher_spec:
1035 if (tls_change_cipher_spec_print(fp, data, datalen, format, indent) != 1) {
1036 error_print();
1037 return -1;
1038 }
1039 break;
1040 case TLS_record_application_data:
1041 if (tls_application_data_print(fp, data, datalen, format, indent) != 1) {
1042 error_print();
1043 return -1;
1044 }
1045 break;
1046 default:
1047 error_print();
1048 return -1;
1049 }
1050
1051 recordlen -= tls_record_length(record);
1052 if (recordlen) {
1053 format_print(fp, 0, 0, "DataLeftInRecord: %zu\n", recordlen);
1054 }
1055
1056 fprintf(fp, "\n");
1057 return 1;
1058
1059 }
1060
1061
1062 // 仅从record数据是不能判断这个record是TLS 1.2还是TLS 1.3
1063 // 不同协议上,同名的握手消息,其格式也是不一样的。这真是太恶心了!!!!
1064
1065 // 当消息为ClientKeyExchange,ServerKeyExchange,需要密码套件中的密钥交换算法信息
1066 // 当消息为加密的Finished,记录类型为Handshake,但是记录负载数据中没有Handshake头
1067 // 注意:这里的recordlen 是冗余的,要容忍recordlen的错误
1068 //
1069 // supported_versions 的格式由handshake_type 是否为ClientHello, ServerHello 决定
1070 // record中是包含这个信息的,但是在exts中没有这个信息
tls_record_print(FILE * fp,const uint8_t * record,size_t recordlen,int format,int indent)1071 int tls_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent)
1072 {
1073 const uint8_t *data;
1074 size_t datalen;
1075 int protocol;
1076
1077 if (!fp || !record || recordlen < 5) {
1078 error_print();
1079 return -1;
1080 }
1081 protocol = tls_record_protocol(record);
1082 format_print(fp, format, indent, "Record\n"); indent += 4;
1083 format_print(fp, format, indent, "ContentType: %s (%d)\n", tls_record_type_name(record[0]), record[0]);
1084 format_print(fp, format, indent, "Version: %s (%d.%d)\n", tls_protocol_name(protocol), protocol >> 8, protocol & 0xff);
1085 format_print(fp, format, indent, "Length: %d\n", tls_record_data_length(record));
1086
1087 data = tls_record_data(record);
1088 datalen = tls_record_data_length(record);
1089
1090 if (recordlen < tls_record_length(record)) {
1091 error_print();
1092 return -1;
1093 }
1094
1095 // 最高字节设置后强制打印记录原始数据
1096 if (format >> 24) {
1097 format_bytes(fp, format, indent, "Data", data, datalen);
1098 fprintf(fp, "\n");
1099 return 1;
1100 }
1101
1102 switch (record[0]) {
1103 case TLS_record_handshake:
1104 if (tls_handshake_print(fp, data, datalen, format, indent) != 1) {
1105 error_print();
1106 return -1;
1107 }
1108 break;
1109 case TLS_record_alert:
1110 if (tls_alert_print(fp, data, datalen, format, indent) != 1) {
1111 error_print();
1112 return -1;
1113 }
1114 break;
1115 case TLS_record_change_cipher_spec:
1116 if (tls_change_cipher_spec_print(fp, data, datalen, format, indent) != 1) {
1117 error_print();
1118 return -1;
1119 }
1120 break;
1121 case TLS_record_application_data:
1122 if (tls_application_data_print(fp, data, datalen, format, indent) != 1) {
1123 error_print();
1124 return -1;
1125 }
1126 break;
1127 default:
1128 error_print();
1129 return -1;
1130 }
1131
1132 recordlen -= tls_record_length(record);
1133 if (recordlen) {
1134 format_print(fp, 0, 0, "DataLeftInRecord: %zu\n", recordlen);
1135 }
1136
1137 fprintf(fp, "\n");
1138 return 1;
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167 }
1168
tls_secrets_print(FILE * fp,const uint8_t * pre_master_secret,size_t pre_master_secret_len,const uint8_t client_random[32],const uint8_t server_random[32],const uint8_t master_secret[48],const uint8_t * key_block,size_t key_block_len,int format,int indent)1169 int tls_secrets_print(FILE *fp,
1170 const uint8_t *pre_master_secret, size_t pre_master_secret_len,
1171 const uint8_t client_random[32], const uint8_t server_random[32],
1172 const uint8_t master_secret[48],
1173 const uint8_t *key_block, size_t key_block_len,
1174 int format, int indent)
1175 {
1176 // 应该检查一下key_block_len的值,判断是否支持,或者算法选择, 或者要求输入一个cipher_suite参数
1177 format_bytes(stderr, format, indent, "pre_master_secret", pre_master_secret, pre_master_secret_len);
1178 format_bytes(stderr, format, indent, "client_random", client_random, 32);
1179 format_bytes(stderr, format, indent, "server_random", server_random, 32);
1180 format_bytes(stderr, format, indent, "master_secret", master_secret, 48);
1181 format_bytes(stderr, format, indent, "client_write_mac_key", key_block, 32);
1182 format_bytes(stderr, format, indent, "server_write_mac_key", key_block + 32, 32);
1183 format_bytes(stderr, format, indent, "client_write_enc_key", key_block + 64, 16);
1184 format_bytes(stderr, format, indent, "server_write_enc_key", key_block + 80, 16);
1185 format_print(stderr, format, indent, "\n");
1186 return 1;
1187 }
1188