From 6dd43caae9de7ccddf9021b2537ab28529809757 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Thu, 27 Jun 2024 15:05:02 +0200 Subject: [PATCH 1/3] wolfSSL_SNI_GetRequest working, fixing up wolfSSL_SNI_GetFromBuffer --- .../wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 31 +++++++++++++++++++ wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | 27 ++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 7552777ab..5253a5bfa 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -155,6 +155,7 @@ public class wolfSSL_TLS_CSHarp Console.WriteLine("Started TCP and waiting for a connection"); fd = tcp.AcceptSocket(); + ssl = wolfssl.new_ssl(ctx); if (ssl == IntPtr.Zero) { @@ -208,6 +209,16 @@ public class wolfSSL_TLS_CSHarp return; } + /* get and print sni used by the client */ + if (haveSNI(args)) { + IntPtr data = IntPtr.Zero; + + ushort size = wolfssl.SNI_GetRequest(ssl, 0, ref data); + string dataStr = Marshal.PtrToStringAnsi(data); + Console.WriteLine("(SNI_GetRequest) Size of SNI used by client: " + size); + Console.WriteLine("(SNI_GetRequest) SNI used by client: " + dataStr); + } + /* print out results of TLS/SSL accept */ Console.WriteLine("SSL version is " + wolfssl.get_version(ssl)); Console.WriteLine("SSL cipher suite is " + wolfssl.get_current_cipher(ssl)); @@ -222,6 +233,26 @@ public class wolfSSL_TLS_CSHarp } Console.WriteLine(buff); + /* get and print sni used by the client and also their message */ + if (haveSNI(args)) { + IntPtr result = Marshal.AllocHGlobal(32); + IntPtr inOutSz = Marshal.AllocHGlobal(sizeof(int)); + Marshal.WriteInt32(inOutSz, 32); + + int ret = wolfssl.SNI_GetFromBuffer(buff, 1024, 0, result, inOutSz); + + if (ret != wolfssl.SUCCESS) { + Console.WriteLine("Error on reading SNI from buffer, ret value = " + ret); + tcp.Stop(); + clean(ssl, ctx); + return; + } + + string dataStr = Marshal.PtrToStringAnsi(result); + Console.WriteLine("(SNI_GetFromBuffer) SNI used by client: " + dataStr); + } + + if (wolfssl.write(ssl, reply, reply.Length) != reply.Length) { Console.WriteLine("Error in write"); diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index 7b7ec1e23..8895c48f5 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -330,6 +330,10 @@ namespace wolfSSL.CSharp { private extern static int wolfSSL_CTX_UseSNI(IntPtr ctx, byte type, IntPtr data, ushort size); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wolfSSL_UseSNI(IntPtr ssl, byte type, IntPtr data, ushort size); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static ushort wolfSSL_SNI_GetRequest(IntPtr ssl, byte type, ref IntPtr data); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wolfSSL_SNI_GetFromBuffer(StringBuilder clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz); /******************************** * SSL Structure @@ -1200,6 +1204,29 @@ namespace wolfSSL.CSharp { } } + public static ushort SNI_GetRequest(IntPtr ssl, byte type, ref IntPtr data) + { + try { + GCHandle gch = GCHandle.FromIntPtr(ssl); + ssl_handle handles = (ssl_handle)gch.Target; + + return wolfSSL_SNI_GetRequest(handles.get_ssl(), type, ref data); + } catch (Exception e) { + log(ERROR_LOG, "wolfssl sni get request error: " + e.ToString()); + return ushort.MaxValue; + } + } + + public static int SNI_GetFromBuffer(StringBuilder clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz) + { + try { + return wolfSSL_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz); + } catch(Exception e) { + log(ERROR_LOG, "wolfssl sni get from buffer error: " + e.ToString()); + return FAILURE; + } + } + /// /// Set identity hint to use /// From 97adb4be6e7a797c557d56fbb18cc62453dd7a78 Mon Sep 17 00:00:00 2001 From: gasbytes Date: Thu, 27 Jun 2024 17:03:05 +0200 Subject: [PATCH 2/3] fixed wolfSSL_SNI_GetFromBuffer --- .../wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 23 ++++++++++++++----- wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | 4 ++-- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index 5253a5bfa..b8eafb8c5 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -224,7 +224,7 @@ public class wolfSSL_TLS_CSHarp Console.WriteLine("SSL cipher suite is " + wolfssl.get_current_cipher(ssl)); /* read and print out the message then reply */ - if (wolfssl.read(ssl, buff, 1023) < 0) + if (wolfssl.read(ssl, buff, 1024) < 0) { Console.WriteLine("Error in read"); tcp.Stop(); @@ -233,13 +233,24 @@ public class wolfSSL_TLS_CSHarp } Console.WriteLine(buff); - /* get and print sni used by the client and also their message */ + /* get and print sni from a sample buffer, can be used by using the raw client hello */ if (haveSNI(args)) { IntPtr result = Marshal.AllocHGlobal(32); IntPtr inOutSz = Marshal.AllocHGlobal(sizeof(int)); Marshal.WriteInt32(inOutSz, 32); + byte [] buffer = { /* www.paypal.com */ + 0x16, 0x03, 0x03, 0x00, 0x64, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c, + 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca, + 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5, + 0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b, + 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35, + 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21, + 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77, + 0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00, + 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 + }; - int ret = wolfssl.SNI_GetFromBuffer(buff, 1024, 0, result, inOutSz); + int ret = wolfssl.SNI_GetFromBuffer(buffer, 1024, 0, result, inOutSz); if (ret != wolfssl.SUCCESS) { Console.WriteLine("Error on reading SNI from buffer, ret value = " + ret); @@ -248,10 +259,10 @@ public class wolfSSL_TLS_CSHarp return; } - string dataStr = Marshal.PtrToStringAnsi(result); - Console.WriteLine("(SNI_GetFromBuffer) SNI used by client: " + dataStr); - } + string resultStr = Marshal.PtrToStringAnsi(result); + Console.WriteLine("(SNI_GetFromBuffer) SNI used by client: " + resultStr); + } if (wolfssl.write(ssl, reply, reply.Length) != reply.Length) { diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs index 8895c48f5..1458d0008 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs @@ -333,7 +333,7 @@ namespace wolfSSL.CSharp { [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static ushort wolfSSL_SNI_GetRequest(IntPtr ssl, byte type, ref IntPtr data); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private extern static int wolfSSL_SNI_GetFromBuffer(StringBuilder clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz); + private extern static int wolfSSL_SNI_GetFromBuffer(byte[] clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz); /******************************** * SSL Structure @@ -1217,7 +1217,7 @@ namespace wolfSSL.CSharp { } } - public static int SNI_GetFromBuffer(StringBuilder clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz) + public static int SNI_GetFromBuffer(byte []clientHello, uint helloSz, byte type, IntPtr sni, IntPtr inOutSz) { try { return wolfSSL_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz); From 91cad98d67afd90b819859c64bb232dbeabcccbf Mon Sep 17 00:00:00 2001 From: gasbytes Date: Thu, 27 Jun 2024 17:35:43 +0200 Subject: [PATCH 3/3] 1023 <- 1024, changed buffer to textmate --- .../wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs index b8eafb8c5..386f9d6e3 100644 --- a/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs +++ b/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs @@ -224,7 +224,7 @@ public class wolfSSL_TLS_CSHarp Console.WriteLine("SSL cipher suite is " + wolfssl.get_current_cipher(ssl)); /* read and print out the message then reply */ - if (wolfssl.read(ssl, buff, 1024) < 0) + if (wolfssl.read(ssl, buff, 1023) < 0) { Console.WriteLine("Error in read"); tcp.Stop(); @@ -238,16 +238,24 @@ public class wolfSSL_TLS_CSHarp IntPtr result = Marshal.AllocHGlobal(32); IntPtr inOutSz = Marshal.AllocHGlobal(sizeof(int)); Marshal.WriteInt32(inOutSz, 32); - byte [] buffer = { /* www.paypal.com */ - 0x16, 0x03, 0x03, 0x00, 0x64, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c, - 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca, - 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5, - 0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b, - 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35, - 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21, - 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77, - 0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00, - 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 + byte []buffer = { /* from TextMate website client hello example */ + 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52, + 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b, + 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f, + 0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff, + 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08, + 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12, + 0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04, + 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d, + 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35, + 0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16, + 0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b, + 0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b, + 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69, + 0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72, + 0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, + 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00, + 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03 }; int ret = wolfssl.SNI_GetFromBuffer(buffer, 1024, 0, result, inOutSz);