1 /*
2 * MbedTLS SSL context deserializer from base64 code
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
21
22 #include "mbedtls/build_info.h"
23 #include "mbedtls/debug.h"
24
25 #include <stdio.h>
26 #include <stdlib.h>
27
28 #if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) || \
29 !defined(MBEDTLS_SSL_TLS_C)
main(void)30 int main(void)
31 {
32 printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C and/or "
33 "MBEDTLS_SSL_TLS_C not defined.\n");
34 return 0;
35 }
36 #else
37
38 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
39 #define _CRT_SECURE_NO_DEPRECATE 1
40 #endif
41
42 #include <stdint.h>
43 #include <stdarg.h>
44 #include <string.h>
45 #if defined(MBEDTLS_HAVE_TIME)
46 #include <time.h>
47 #endif
48 #include "mbedtls/ssl.h"
49 #include "mbedtls/error.h"
50 #include "mbedtls/base64.h"
51 #include "mbedtls/md.h"
52 #include "mbedtls/x509_crt.h"
53 #include "mbedtls/ssl_ciphersuites.h"
54
55 /*
56 * This program version
57 */
58 #define PROG_NAME "ssl_context_info"
59 #define VER_MAJOR 0
60 #define VER_MINOR 1
61
62 /*
63 * Flags copied from the Mbed TLS library.
64 */
65 #define SESSION_CONFIG_TIME_BIT (1 << 0)
66 #define SESSION_CONFIG_CRT_BIT (1 << 1)
67 #define SESSION_CONFIG_CLIENT_TICKET_BIT (1 << 2)
68 #define SESSION_CONFIG_MFL_BIT (1 << 3)
69 #define SESSION_CONFIG_TRUNC_HMAC_BIT (1 << 4)
70 #define SESSION_CONFIG_ETM_BIT (1 << 5)
71 #define SESSION_CONFIG_TICKET_BIT (1 << 6)
72
73 #define CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT (1 << 0)
74 #define CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT (1 << 1)
75 #define CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT (1 << 2)
76 #define CONTEXT_CONFIG_ALPN_BIT (1 << 3)
77
78 #define TRANSFORM_RANDBYTE_LEN 64
79
80 /*
81 * Minimum and maximum number of bytes for specific data: context, sessions,
82 * certificates, tickets and buffers in the program. The context and session
83 * size values have been calculated based on the 'print_deserialized_ssl_context()'
84 * and 'print_deserialized_ssl_session()' content.
85 */
86 #define MIN_CONTEXT_LEN 84
87 #define MIN_SESSION_LEN 88
88
89 #define MAX_CONTEXT_LEN 875 /* without session data */
90 #define MAX_SESSION_LEN 109 /* without certificate and ticket data */
91 #define MAX_CERTIFICATE_LEN ((1 << 24) - 1)
92 #define MAX_TICKET_LEN ((1 << 24) - 1)
93
94 #define MIN_SERIALIZED_DATA (MIN_CONTEXT_LEN + MIN_SESSION_LEN)
95 #define MAX_SERIALIZED_DATA (MAX_CONTEXT_LEN + MAX_SESSION_LEN + \
96 MAX_CERTIFICATE_LEN + MAX_TICKET_LEN)
97
98 #define MIN_BASE64_LEN (MIN_SERIALIZED_DATA * 4 / 3)
99 #define MAX_BASE64_LEN (MAX_SERIALIZED_DATA * 4 / 3 + 3)
100
101 /*
102 * A macro that prevents from reading out of the ssl buffer range.
103 */
104 #define CHECK_SSL_END(LEN) \
105 do \
106 { \
107 if (end - ssl < (int) (LEN)) \
108 { \
109 printf_err("%s", buf_ln_err); \
110 return; \
111 } \
112 } while (0)
113
114 /*
115 * Global values
116 */
117 FILE *b64_file = NULL; /* file with base64 codes to deserialize */
118 char conf_keep_peer_certificate = 1; /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE from mbedTLS configuration */
119 char conf_dtls_proto = 1; /* MBEDTLS_SSL_PROTO_DTLS from mbedTLS configuration */
120 char debug = 0; /* flag for debug messages */
121 const char alloc_err[] = "Cannot allocate memory\n";
122 const char buf_ln_err[] = "Buffer does not have enough data to complete the parsing\n";
123
124 /*
125 * Basic printing functions
126 */
print_version()127 void print_version()
128 {
129 printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR);
130 }
131
print_usage()132 void print_usage()
133 {
134 print_version();
135 printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n"
136 "in the text file. The program can deserialize many codes from one file, but they must be\n"
137 "separated, e.g. by a newline.\n\n");
138 printf(
139 "Usage:\n"
140 "\t-f path - Path to the file with base64 code\n"
141 "\t-v - Show version\n"
142 "\t-h - Show this usage\n"
143 "\t-d - Print more information\n"
144 "\t--keep-peer-cert=0 - Use this option if you know that the Mbed TLS library\n"
145 "\t has been compiled with the MBEDTLS_SSL_KEEP_PEER_CERTIFICATE\n"
146 "\t flag. You can also use it if there are some problems with reading\n"
147 "\t the information about certificate\n"
148 "\t--dtls-protocol=0 - Use this option if you know that the Mbed TLS library\n"
149 "\t has been compiled without the MBEDTLS_SSL_PROTO_DTLS flag\n"
150 "\n"
151 );
152 }
153
printf_dbg(const char * str,...)154 void printf_dbg(const char *str, ...)
155 {
156 if (debug) {
157 va_list args;
158 va_start(args, str);
159 printf("debug: ");
160 vprintf(str, args);
161 fflush(stdout);
162 va_end(args);
163 }
164 }
165
166 MBEDTLS_PRINTF_ATTRIBUTE(1, 2)
printf_err(const char * str,...)167 void printf_err(const char *str, ...)
168 {
169 va_list args;
170 va_start(args, str);
171 fflush(stdout);
172 fprintf(stderr, "ERROR: ");
173 vfprintf(stderr, str, args);
174 fflush(stderr);
175 va_end(args);
176 }
177
178 /*
179 * Exit from the program in case of error
180 */
error_exit()181 void error_exit()
182 {
183 if (NULL != b64_file) {
184 fclose(b64_file);
185 }
186 exit(-1);
187 }
188
189 /*
190 * This function takes the input arguments of this program
191 */
parse_arguments(int argc,char * argv[])192 void parse_arguments(int argc, char *argv[])
193 {
194 int i = 1;
195
196 if (argc < 2) {
197 print_usage();
198 error_exit();
199 }
200
201 while (i < argc) {
202 if (strcmp(argv[i], "-d") == 0) {
203 debug = 1;
204 } else if (strcmp(argv[i], "-h") == 0) {
205 print_usage();
206 } else if (strcmp(argv[i], "-v") == 0) {
207 print_version();
208 } else if (strcmp(argv[i], "-f") == 0) {
209 if (++i >= argc) {
210 printf_err("File path is empty\n");
211 error_exit();
212 }
213
214 if (NULL != b64_file) {
215 printf_err("Cannot specify more than one file with -f\n");
216 error_exit();
217 }
218
219 if ((b64_file = fopen(argv[i], "r")) == NULL) {
220 printf_err("Cannot find file \"%s\"\n", argv[i]);
221 error_exit();
222 }
223 } else if (strcmp(argv[i], "--keep-peer-cert=0") == 0) {
224 conf_keep_peer_certificate = 0;
225 } else if (strcmp(argv[i], "--dtls-protocol=0") == 0) {
226 conf_dtls_proto = 0;
227 } else {
228 print_usage();
229 error_exit();
230 }
231
232 i++;
233 }
234 }
235
236 /*
237 * This function prints base64 code to the stdout
238 */
print_b64(const uint8_t * b,size_t len)239 void print_b64(const uint8_t *b, size_t len)
240 {
241 size_t i = 0;
242 const uint8_t *end = b + len;
243 printf("\t");
244 while (b < end) {
245 if (++i > 75) {
246 printf("\n\t");
247 i = 0;
248 }
249 printf("%c", *b++);
250 }
251 printf("\n");
252 fflush(stdout);
253 }
254
255 /*
256 * This function prints hex code from the buffer to the stdout.
257 *
258 * /p b buffer with data to print
259 * /p len number of bytes to print
260 * /p in_line number of bytes in one line
261 * /p prefix prefix for the new lines
262 */
print_hex(const uint8_t * b,size_t len,const size_t in_line,const char * prefix)263 void print_hex(const uint8_t *b, size_t len,
264 const size_t in_line, const char *prefix)
265 {
266 size_t i = 0;
267 const uint8_t *end = b + len;
268
269 if (prefix == NULL) {
270 prefix = "";
271 }
272
273 while (b < end) {
274 if (++i > in_line) {
275 printf("\n%s", prefix);
276 i = 1;
277 }
278 printf("%02X ", (uint8_t) *b++);
279 }
280 printf("\n");
281 fflush(stdout);
282 }
283
284 /*
285 * Print the value of time_t in format e.g. 2020-01-23 13:05:59
286 */
print_time(const uint64_t * time)287 void print_time(const uint64_t *time)
288 {
289 #if defined(MBEDTLS_HAVE_TIME)
290 char buf[20];
291 struct tm *t = gmtime((time_t *) time);
292 static const char format[] = "%Y-%m-%d %H:%M:%S";
293 if (NULL != t) {
294 strftime(buf, sizeof(buf), format, t);
295 printf("%s\n", buf);
296 } else {
297 printf("unknown\n");
298 }
299 #else
300 (void) time;
301 printf("not supported\n");
302 #endif
303 }
304
305 /*
306 * Print the input string if the bit is set in the value
307 */
print_if_bit(const char * str,int bit,int val)308 void print_if_bit(const char *str, int bit, int val)
309 {
310 if (bit & val) {
311 printf("\t%s\n", str);
312 }
313 }
314
315 /*
316 * Return pointer to hardcoded "enabled" or "disabled" depending on the input value
317 */
get_enabled_str(int is_en)318 const char *get_enabled_str(int is_en)
319 {
320 return (is_en) ? "enabled" : "disabled";
321 }
322
323 /*
324 * Return pointer to hardcoded MFL string value depending on the MFL code at the input
325 */
get_mfl_str(int mfl_code)326 const char *get_mfl_str(int mfl_code)
327 {
328 switch (mfl_code) {
329 case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
330 return "none";
331 case MBEDTLS_SSL_MAX_FRAG_LEN_512:
332 return "512";
333 case MBEDTLS_SSL_MAX_FRAG_LEN_1024:
334 return "1024";
335 case MBEDTLS_SSL_MAX_FRAG_LEN_2048:
336 return "2048";
337 case MBEDTLS_SSL_MAX_FRAG_LEN_4096:
338 return "4096";
339 default:
340 return "error";
341 }
342 }
343
344 /*
345 * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened
346 * previously. After each call to this function, the internal file position
347 * indicator of the global b64_file is advanced.
348 *
349 * Note - This function checks the size of the input buffer and if necessary,
350 * increases it to the maximum MAX_BASE64_LEN
351 *
352 * /p b64 pointer to the pointer of the buffer for input data
353 * /p max_len pointer to the current buffer capacity. It can be changed if
354 * the buffer needs to be increased
355 *
356 * \retval number of bytes written in to the b64 buffer or 0 in case no more
357 * data was found
358 */
read_next_b64_code(uint8_t ** b64,size_t * max_len)359 size_t read_next_b64_code(uint8_t **b64, size_t *max_len)
360 {
361 int valid_balance = 0; /* balance between valid and invalid characters */
362 size_t len = 0;
363 char pad = 0;
364 int c = 0;
365
366 while (EOF != c) {
367 char c_valid = 0;
368
369 c = fgetc(b64_file);
370
371 if (pad > 0) {
372 if (c == '=' && pad == 1) {
373 c_valid = 1;
374 pad = 2;
375 }
376 } else if ((c >= 'A' && c <= 'Z') ||
377 (c >= 'a' && c <= 'z') ||
378 (c >= '0' && c <= '9') ||
379 c == '+' || c == '/') {
380 c_valid = 1;
381 } else if (c == '=') {
382 c_valid = 1;
383 pad = 1;
384 } else if (c == '-') {
385 c = '+';
386 c_valid = 1;
387 } else if (c == '_') {
388 c = '/';
389 c_valid = 1;
390 }
391
392 if (c_valid) {
393 /* A string of characters that could be a base64 code. */
394 valid_balance++;
395
396 if (len < *max_len) {
397 (*b64)[len++] = c;
398 } else if (*max_len < MAX_BASE64_LEN) {
399 /* Current buffer is too small, but can be resized. */
400 void *ptr;
401 size_t new_size = (MAX_BASE64_LEN - 4096 > *max_len) ?
402 *max_len + 4096 : MAX_BASE64_LEN;
403
404 ptr = realloc(*b64, new_size);
405 if (NULL == ptr) {
406 printf_err(alloc_err);
407 return 0;
408 }
409 *b64 = ptr;
410 *max_len = new_size;
411 (*b64)[len++] = c;
412 } else {
413 /* Too much data so it will be treated as invalid */
414 len++;
415 }
416 } else if (len > 0) {
417 /* End of a string that could be a base64 code, but need to check
418 * that the length of the characters is correct. */
419
420 valid_balance--;
421
422 if (len < MIN_CONTEXT_LEN) {
423 printf_dbg("The code found is too small to be a SSL context.\n");
424 len = pad = 0;
425 } else if (len > *max_len) {
426 printf_err("The code found is too large by %" MBEDTLS_PRINTF_SIZET " bytes.\n",
427 len - *max_len);
428 len = pad = 0;
429 } else if (len % 4 != 0) {
430 printf_err("The length of the base64 code found should be a multiple of 4.\n");
431 len = pad = 0;
432 } else {
433 /* Base64 code with valid character length. */
434 return len;
435 }
436 } else {
437 valid_balance--;
438 }
439
440 /* Detection of potentially wrong file format like: binary, zip, ISO, etc. */
441 if (valid_balance < -100) {
442 printf_err("Too many bad symbols detected. File check aborted.\n");
443 return 0;
444 }
445 }
446
447 printf_dbg("End of file\n");
448 return 0;
449 }
450
451 #if !defined(MBEDTLS_X509_REMOVE_INFO)
452 /*
453 * This function deserializes and prints to the stdout all obtained information
454 * about the certificates from provided data.
455 *
456 * /p ssl pointer to serialized certificate
457 * /p len number of bytes in the buffer
458 */
print_deserialized_ssl_cert(const uint8_t * ssl,uint32_t len)459 void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len)
460 {
461 enum { STRLEN = 4096 };
462 mbedtls_x509_crt crt;
463 int ret;
464 char str[STRLEN];
465
466 printf("\nCertificate:\n");
467
468 mbedtls_x509_crt_init(&crt);
469 ret = mbedtls_x509_crt_parse_der(&crt, ssl, len);
470 if (0 != ret) {
471 mbedtls_strerror(ret, str, STRLEN);
472 printf_err("Invalid format of X.509 - %s\n", str);
473 printf("Cannot deserialize:\n\t");
474 print_hex(ssl, len, 25, "\t");
475 } else {
476 mbedtls_x509_crt *current = &crt;
477
478 while (current != NULL) {
479 ret = mbedtls_x509_crt_info(str, STRLEN, "\t", current);
480 if (0 > ret) {
481 mbedtls_strerror(ret, str, STRLEN);
482 printf_err("Cannot write to the output - %s\n", str);
483 } else {
484 printf("%s", str);
485 }
486
487 current = current->next;
488
489 if (current) {
490 printf("\n");
491 }
492
493 }
494 }
495
496 mbedtls_x509_crt_free(&crt);
497 }
498 #endif /* !MBEDTLS_X509_REMOVE_INFO */
499
500 /*
501 * This function deserializes and prints to the stdout all obtained information
502 * about the session from provided data. This function was built based on
503 * mbedtls_ssl_session_load(). mbedtls_ssl_session_load() could not be used
504 * due to dependencies on the mbedTLS configuration.
505 *
506 * The data structure in the buffer:
507 * uint64 start_time;
508 * uint8 ciphersuite[2]; // defined by the standard
509 * uint8 compression; // 0 or 1
510 * uint8 session_id_len; // at most 32
511 * opaque session_id[32];
512 * opaque master[48]; // fixed length in the standard
513 * uint32 verify_result;
514 * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
515 * opaque ticket<0..2^24-1>; // length 0 means no ticket
516 * uint32 ticket_lifetime;
517 * uint8 mfl_code; // up to 255 according to standard
518 * uint8 trunc_hmac; // 0 or 1
519 * uint8 encrypt_then_mac; // 0 or 1
520 *
521 * /p ssl pointer to serialized session
522 * /p len number of bytes in the buffer
523 * /p session_cfg_flag session configuration flags
524 */
print_deserialized_ssl_session(const uint8_t * ssl,uint32_t len,int session_cfg_flag)525 void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len,
526 int session_cfg_flag)
527 {
528 const struct mbedtls_ssl_ciphersuite_t *ciphersuite_info;
529 int ciphersuite_id;
530 uint32_t cert_len, ticket_len;
531 uint32_t verify_result, ticket_lifetime;
532 const uint8_t *end = ssl + len;
533
534 printf("\nSession info:\n");
535
536 if (session_cfg_flag & SESSION_CONFIG_TIME_BIT) {
537 uint64_t start;
538 CHECK_SSL_END(8);
539 start = ((uint64_t) ssl[0] << 56) |
540 ((uint64_t) ssl[1] << 48) |
541 ((uint64_t) ssl[2] << 40) |
542 ((uint64_t) ssl[3] << 32) |
543 ((uint64_t) ssl[4] << 24) |
544 ((uint64_t) ssl[5] << 16) |
545 ((uint64_t) ssl[6] << 8) |
546 ((uint64_t) ssl[7]);
547 ssl += 8;
548 printf("\tstart time : ");
549 print_time(&start);
550 }
551
552 CHECK_SSL_END(2);
553 ciphersuite_id = ((int) ssl[0] << 8) | (int) ssl[1];
554 printf_dbg("Ciphersuite ID: %d\n", ciphersuite_id);
555 ssl += 2;
556
557 ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
558 if (ciphersuite_info == NULL) {
559 printf_err("Cannot find ciphersuite info\n");
560 } else {
561 const mbedtls_cipher_info_t *cipher_info;
562 #if defined(MBEDTLS_MD_C)
563 const mbedtls_md_info_t *md_info;
564 #endif
565
566 printf("\tciphersuite : %s\n", ciphersuite_info->name);
567 printf("\tcipher flags : 0x%02X\n", ciphersuite_info->flags);
568
569 cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
570 if (cipher_info == NULL) {
571 printf_err("Cannot find cipher info\n");
572 } else {
573 printf("\tcipher : %s\n", cipher_info->name);
574 }
575 #if defined(MBEDTLS_MD_C)
576 md_info = mbedtls_md_info_from_type(ciphersuite_info->mac);
577 if (md_info == NULL) {
578 printf_err("Cannot find Message-Digest info\n");
579 } else {
580 printf("\tMessage-Digest : %s\n", mbedtls_md_get_name(md_info));
581 }
582 #endif /* MBEDTLS_MD_C */
583 }
584
585 CHECK_SSL_END(1);
586 printf("\tcompression : %s\n", get_enabled_str(*ssl++));
587
588 /* Note - Here we can get session ID length from serialized data, but we
589 * use hardcoded 32-bytes length. This approach was taken from
590 * 'mbedtls_ssl_session_load()'. */
591 CHECK_SSL_END(1 + 32);
592 printf_dbg("Session id length: %u\n", (uint32_t) *ssl++);
593 printf("\tsession ID : ");
594 print_hex(ssl, 32, 16, "\t ");
595 ssl += 32;
596
597 printf("\tmaster secret : ");
598 CHECK_SSL_END(48);
599 print_hex(ssl, 48, 16, "\t ");
600 ssl += 48;
601
602 CHECK_SSL_END(4);
603 verify_result = ((uint32_t) ssl[0] << 24) |
604 ((uint32_t) ssl[1] << 16) |
605 ((uint32_t) ssl[2] << 8) |
606 ((uint32_t) ssl[3]);
607 ssl += 4;
608 printf("\tverify result : 0x%08X\n", verify_result);
609
610 if (SESSION_CONFIG_CRT_BIT & session_cfg_flag) {
611 if (conf_keep_peer_certificate) {
612 CHECK_SSL_END(3);
613 cert_len = ((uint32_t) ssl[0] << 16) |
614 ((uint32_t) ssl[1] << 8) |
615 ((uint32_t) ssl[2]);
616 ssl += 3;
617 printf_dbg("Certificate length: %u\n", cert_len);
618
619 if (cert_len > 0) {
620 CHECK_SSL_END(cert_len);
621 #if !defined(MBEDTLS_X509_REMOVE_INFO)
622 print_deserialized_ssl_cert(ssl, cert_len);
623 #endif
624 ssl += cert_len;
625 }
626 } else {
627 printf("\tPeer digest : ");
628
629 CHECK_SSL_END(1);
630 switch ((mbedtls_md_type_t) *ssl++) {
631 case MBEDTLS_MD_NONE:
632 printf("none\n");
633 break;
634 case MBEDTLS_MD_MD5:
635 printf("MD5\n");
636 break;
637 case MBEDTLS_MD_SHA1:
638 printf("SHA1\n");
639 break;
640 case MBEDTLS_MD_SHA224:
641 printf("SHA224\n");
642 break;
643 case MBEDTLS_MD_SHA256:
644 printf("SHA256\n");
645 break;
646 case MBEDTLS_MD_SHA384:
647 printf("SHA384\n");
648 break;
649 case MBEDTLS_MD_SHA512:
650 printf("SHA512\n");
651 break;
652 case MBEDTLS_MD_RIPEMD160:
653 printf("RIPEMD160\n");
654 break;
655 default:
656 printf("undefined or erroneous\n");
657 break;
658 }
659
660 CHECK_SSL_END(1);
661 cert_len = (uint32_t) *ssl++;
662 printf_dbg("Message-Digest length: %u\n", cert_len);
663
664 if (cert_len > 0) {
665 printf("\tPeer digest cert : ");
666 CHECK_SSL_END(cert_len);
667 print_hex(ssl, cert_len, 16, "\t ");
668 ssl += cert_len;
669 }
670 }
671 }
672
673 if (SESSION_CONFIG_CLIENT_TICKET_BIT & session_cfg_flag) {
674 printf("\nTicket:\n");
675
676 CHECK_SSL_END(3);
677 ticket_len = ((uint32_t) ssl[0] << 16) |
678 ((uint32_t) ssl[1] << 8) |
679 ((uint32_t) ssl[2]);
680 ssl += 3;
681 printf_dbg("Ticket length: %u\n", ticket_len);
682
683 if (ticket_len > 0) {
684 printf("\t");
685 CHECK_SSL_END(ticket_len);
686 print_hex(ssl, ticket_len, 22, "\t");
687 ssl += ticket_len;
688 printf("\n");
689 }
690
691 CHECK_SSL_END(4);
692 ticket_lifetime = ((uint32_t) ssl[0] << 24) |
693 ((uint32_t) ssl[1] << 16) |
694 ((uint32_t) ssl[2] << 8) |
695 ((uint32_t) ssl[3]);
696 ssl += 4;
697 printf("\tlifetime : %u sec.\n", ticket_lifetime);
698 }
699
700 if (ssl < end) {
701 printf("\nSession others:\n");
702 }
703
704 if (SESSION_CONFIG_MFL_BIT & session_cfg_flag) {
705 CHECK_SSL_END(1);
706 printf("\tMFL : %s\n", get_mfl_str(*ssl++));
707 }
708
709 if (SESSION_CONFIG_TRUNC_HMAC_BIT & session_cfg_flag) {
710 CHECK_SSL_END(1);
711 printf("\tnegotiate truncated HMAC : %s\n", get_enabled_str(*ssl++));
712 }
713
714 if (SESSION_CONFIG_ETM_BIT & session_cfg_flag) {
715 CHECK_SSL_END(1);
716 printf("\tEncrypt-then-MAC : %s\n", get_enabled_str(*ssl++));
717 }
718
719 if (0 != (end - ssl)) {
720 printf_err("%i bytes left to analyze from session\n", (int32_t) (end - ssl));
721 }
722 }
723
724 /*
725 * This function deserializes and prints to the stdout all obtained information
726 * about the context from provided data. This function was built based on
727 * mbedtls_ssl_context_load(). mbedtls_ssl_context_load() could not be used
728 * due to dependencies on the mbedTLS configuration and the configuration of
729 * the context when serialization was created.
730 *
731 * The data structure in the buffer:
732 * // header
733 * uint8 version[3];
734 * uint8 configuration[5];
735 * // session sub-structure
736 * uint32_t session_len;
737 * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save()
738 * // transform sub-structure
739 * uint8 random[64]; // ServerHello.random+ClientHello.random
740 * uint8 in_cid_len;
741 * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value
742 * uint8 out_cid_len;
743 * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use
744 * // fields from ssl_context
745 * uint32 badmac_seen; // DTLS: number of records with failing MAC
746 * uint64 in_window_top; // DTLS: last validated record seq_num
747 * uint64 in_window; // DTLS: bitmask for replay protection
748 * uint8 disable_datagram_packing; // DTLS: only one record per datagram
749 * uint64 cur_out_ctr; // Record layer: outgoing sequence number
750 * uint16 mtu; // DTLS: path mtu (max outgoing fragment size)
751 * uint8 alpn_chosen_len;
752 * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol
753 *
754 * /p ssl pointer to serialized session
755 * /p len number of bytes in the buffer
756 */
print_deserialized_ssl_context(const uint8_t * ssl,size_t len)757 void print_deserialized_ssl_context(const uint8_t *ssl, size_t len)
758 {
759 const uint8_t *end = ssl + len;
760 uint32_t session_len;
761 int session_cfg_flag;
762 int context_cfg_flag;
763
764 printf("\nMbed TLS version:\n");
765
766 CHECK_SSL_END(3 + 2 + 3);
767
768 printf("\tmajor %u\n", (uint32_t) *ssl++);
769 printf("\tminor %u\n", (uint32_t) *ssl++);
770 printf("\tpath %u\n", (uint32_t) *ssl++);
771
772 printf("\nEnabled session and context configuration:\n");
773
774 session_cfg_flag = ((int) ssl[0] << 8) | ((int) ssl[1]);
775 ssl += 2;
776
777 context_cfg_flag = ((int) ssl[0] << 16) |
778 ((int) ssl[1] << 8) |
779 ((int) ssl[2]);
780 ssl += 3;
781
782 printf_dbg("Session config flags 0x%04X\n", session_cfg_flag);
783 printf_dbg("Context config flags 0x%06X\n", context_cfg_flag);
784
785 print_if_bit("MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag);
786 print_if_bit("MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag);
787 print_if_bit("MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag);
788 print_if_bit("MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag);
789 print_if_bit("MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag);
790 print_if_bit("MBEDTLS_SSL_SESSION_TICKETS and client",
791 SESSION_CONFIG_CLIENT_TICKET_BIT,
792 session_cfg_flag);
793
794 print_if_bit("MBEDTLS_SSL_DTLS_CONNECTION_ID",
795 CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT,
796 context_cfg_flag);
797 print_if_bit("MBEDTLS_SSL_DTLS_ANTI_REPLAY",
798 CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT,
799 context_cfg_flag);
800 print_if_bit("MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag);
801
802 CHECK_SSL_END(4);
803 session_len = ((uint32_t) ssl[0] << 24) |
804 ((uint32_t) ssl[1] << 16) |
805 ((uint32_t) ssl[2] << 8) |
806 ((uint32_t) ssl[3]);
807 ssl += 4;
808 printf_dbg("Session length %u\n", session_len);
809
810 CHECK_SSL_END(session_len);
811 print_deserialized_ssl_session(ssl, session_len, session_cfg_flag);
812 ssl += session_len;
813
814 printf("\nRandom bytes:\n\t");
815
816 CHECK_SSL_END(TRANSFORM_RANDBYTE_LEN);
817 print_hex(ssl, TRANSFORM_RANDBYTE_LEN, 22, "\t");
818 ssl += TRANSFORM_RANDBYTE_LEN;
819
820 printf("\nContext others:\n");
821
822 if (CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT & context_cfg_flag) {
823 uint8_t cid_len;
824
825 CHECK_SSL_END(1);
826 cid_len = *ssl++;
827 printf_dbg("In CID length %u\n", (uint32_t) cid_len);
828
829 printf("\tin CID : ");
830 if (cid_len > 0) {
831 CHECK_SSL_END(cid_len);
832 print_hex(ssl, cid_len, 20, "\t");
833 ssl += cid_len;
834 } else {
835 printf("none\n");
836 }
837
838 CHECK_SSL_END(1);
839 cid_len = *ssl++;
840 printf_dbg("Out CID length %u\n", (uint32_t) cid_len);
841
842 printf("\tout CID : ");
843 if (cid_len > 0) {
844 CHECK_SSL_END(cid_len);
845 print_hex(ssl, cid_len, 20, "\t");
846 ssl += cid_len;
847 } else {
848 printf("none\n");
849 }
850 }
851
852 if (CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT & context_cfg_flag) {
853 uint32_t badmac_seen;
854
855 CHECK_SSL_END(4);
856 badmac_seen = ((uint32_t) ssl[0] << 24) |
857 ((uint32_t) ssl[1] << 16) |
858 ((uint32_t) ssl[2] << 8) |
859 ((uint32_t) ssl[3]);
860 ssl += 4;
861 printf("\tbad MAC seen number : %u\n", badmac_seen);
862
863 /* value 'in_window_top' from mbedtls_ssl_context */
864 printf("\tlast validated record sequence no. : ");
865 CHECK_SSL_END(8);
866 print_hex(ssl, 8, 20, "");
867 ssl += 8;
868
869 /* value 'in_window' from mbedtls_ssl_context */
870 printf("\tbitmask for replay detection : ");
871 CHECK_SSL_END(8);
872 print_hex(ssl, 8, 20, "");
873 ssl += 8;
874 }
875
876 if (conf_dtls_proto) {
877 CHECK_SSL_END(1);
878 printf("\tDTLS datagram packing : %s\n",
879 get_enabled_str(!(*ssl++)));
880 }
881
882 /* value 'cur_out_ctr' from mbedtls_ssl_context */
883 printf("\toutgoing record sequence no. : ");
884 CHECK_SSL_END(8);
885 print_hex(ssl, 8, 20, "");
886 ssl += 8;
887
888 if (conf_dtls_proto) {
889 uint16_t mtu;
890 CHECK_SSL_END(2);
891 mtu = (ssl[0] << 8) | ssl[1];
892 ssl += 2;
893 printf("\tMTU : %u\n", mtu);
894 }
895
896
897 if (CONTEXT_CONFIG_ALPN_BIT & context_cfg_flag) {
898 uint8_t alpn_len;
899
900 CHECK_SSL_END(1);
901 alpn_len = *ssl++;
902 printf_dbg("ALPN length %u\n", (uint32_t) alpn_len);
903
904 printf("\tALPN negotiation : ");
905 CHECK_SSL_END(alpn_len);
906 if (alpn_len > 0) {
907 if (strlen((const char *) ssl) == alpn_len) {
908 printf("%s\n", ssl);
909 } else {
910 printf("\n");
911 printf_err("\tALPN negotiation is incorrect\n");
912 }
913 ssl += alpn_len;
914 } else {
915 printf("not selected\n");
916 }
917 }
918
919 if (0 != (end - ssl)) {
920 printf_err("%i bytes left to analyze from context\n", (int32_t) (end - ssl));
921 }
922 printf("\n");
923 }
924
main(int argc,char * argv[])925 int main(int argc, char *argv[])
926 {
927 enum { SSL_INIT_LEN = 4096 };
928
929 uint32_t b64_counter = 0;
930 uint8_t *b64_buf = NULL;
931 uint8_t *ssl_buf = NULL;
932 size_t b64_max_len = SSL_INIT_LEN;
933 size_t ssl_max_len = SSL_INIT_LEN;
934 size_t ssl_len = 0;
935
936 /* The 'b64_file' is opened when parsing arguments to check that the
937 * file name is correct */
938 parse_arguments(argc, argv);
939
940 if (NULL != b64_file) {
941 b64_buf = malloc(SSL_INIT_LEN);
942 ssl_buf = malloc(SSL_INIT_LEN);
943
944 if (NULL == b64_buf || NULL == ssl_buf) {
945 printf_err(alloc_err);
946 fclose(b64_file);
947 b64_file = NULL;
948 }
949 }
950
951 while (NULL != b64_file) {
952 size_t b64_len = read_next_b64_code(&b64_buf, &b64_max_len);
953 if (b64_len > 0) {
954 int ret;
955 size_t ssl_required_len = b64_len * 3 / 4 + 1;
956
957 /* Allocate more memory if necessary. */
958 if (ssl_required_len > ssl_max_len) {
959 void *ptr = realloc(ssl_buf, ssl_required_len);
960 if (NULL == ptr) {
961 printf_err(alloc_err);
962 fclose(b64_file);
963 b64_file = NULL;
964 break;
965 }
966 ssl_buf = ptr;
967 ssl_max_len = ssl_required_len;
968 }
969
970 printf("\nDeserializing number %u:\n", ++b64_counter);
971
972 printf("\nBase64 code:\n");
973 print_b64(b64_buf, b64_len);
974
975 ret = mbedtls_base64_decode(ssl_buf, ssl_max_len, &ssl_len, b64_buf, b64_len);
976 if (ret != 0) {
977 mbedtls_strerror(ret, (char *) b64_buf, b64_max_len);
978 printf_err("base64 code cannot be decoded - %s\n", b64_buf);
979 continue;
980 }
981
982 if (debug) {
983 printf("\nDecoded data in hex:\n\t");
984 print_hex(ssl_buf, ssl_len, 25, "\t");
985 }
986
987 print_deserialized_ssl_context(ssl_buf, ssl_len);
988
989 } else {
990 fclose(b64_file);
991 b64_file = NULL;
992 }
993 }
994
995 free(b64_buf);
996 free(ssl_buf);
997
998 if (b64_counter > 0) {
999 printf_dbg("Finished. Found %u base64 codes\n", b64_counter);
1000 } else {
1001 printf("Finished. No valid base64 code found\n");
1002 }
1003
1004 return 0;
1005 }
1006
1007 #endif /* MBEDTLS_X509_CRT_PARSE_C */
1008
