Print mbedtls version and configuration

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
This commit is contained in:
Piotr Nowicki 2020-03-17 15:36:52 +01:00
parent c7d681c5bd
commit 6b2baf99f1

View File

@ -34,6 +34,22 @@
#define VER_MAJOR 0 #define VER_MAJOR 0
#define VER_MINOR 1 #define VER_MINOR 1
/*
* Flags copied from the mbedTLS library.
*/
#define SESSION_CONFIG_TIME_BIT ( 1 << 0 )
#define SESSION_CONFIG_CRT_BIT ( 1 << 1 )
#define SESSION_CONFIG_CLIENT_TICKET_BIT ( 1 << 2 )
#define SESSION_CONFIG_MFL_BIT ( 1 << 3 )
#define SESSION_CONFIG_TRUNC_HMAC_BIT ( 1 << 4 )
#define SESSION_CONFIG_ETM_BIT ( 1 << 5 )
#define SESSION_CONFIG_TICKET_BIT ( 1 << 6 )
#define CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT ( 1 << 0 )
#define CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT ( 1 << 1 )
#define CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT ( 1 << 2 )
#define CONTEXT_CONFIG_ALPN_BIT ( 1 << 3 )
/* /*
* Global values * Global values
*/ */
@ -189,6 +205,17 @@ void print_hex( const unsigned char *b, size_t len )
fflush(stdout); fflush(stdout);
} }
/*
* Print the input string if the bit is set in the value
*/
void print_if_bit( const char *str, int bit, int val )
{
if( bit & val )
{
printf( "\t%s\n", str );
}
}
/* /*
* Read next base64 code from the 'b64_file'. The 'b64_file' must be opened * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened
* previously. After each call to this function, the internal file position * previously. After each call to this function, the internal file position
@ -269,6 +296,82 @@ size_t read_next_b64_code( unsigned char *b64, size_t max_len )
return 0; return 0;
} }
/*
* This function deserializes and prints to the stdout all obtained information
* about the context from provided data. This function was built based on
* mbedtls_ssl_context_load(). mbedtls_ssl_context_load() could not be used
* due to dependencies on the mbedTLS configuration and the configuration of
* the context when serialization was created.
*
* The data structure in the buffer:
* // session sub-structure
* opaque session<1..2^32-1>; // see mbedtls_ssl_session_save()
* // transform sub-structure
* uint8 random[64]; // ServerHello.random+ClientHello.random
* uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value
* uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use
* // fields from ssl_context
* uint32 badmac_seen; // DTLS: number of records with failing MAC
* uint64 in_window_top; // DTLS: last validated record seq_num
* uint64 in_window; // DTLS: bitmask for replay protection
* uint8 disable_datagram_packing; // DTLS: only one record per datagram
* uint64 cur_out_ctr; // Record layer: outgoing sequence number
* uint16 mtu; // DTLS: path mtu (max outgoing fragment size)
* uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol
*
* /p ssl pointer to serialized session
* /p len number of bytes in the buffer
*/
void print_deserialized_ssl( const unsigned char *ssl, size_t len )
{
/* TODO: which versions are compatible */
/* TODO: add checking len */
const unsigned char *end = ssl + len;
int session_cfg_flag;
int context_cfg_flag;
uint32_t session_len;
printf( "\nMbed TLS version:\n" );
printf( "\tmajor:\t%u\n", (unsigned int) *ssl++ );
printf( "\tminor:\t%u\n", (unsigned int) *ssl++ );
printf( "\tpath:\t%u\n", (unsigned int) *ssl++ );
session_cfg_flag = ( (int) ssl[0] << 8 ) | ( (int) ssl[1] );
ssl += 2;
context_cfg_flag = ( (int) ssl[0] << 16 ) |
( (int) ssl[1] << 8 ) |
( (int) ssl[2] ) ;
ssl += 3;
printf( "\nEnabled session and context configuration:\n" );
printf_dbg( "Session config flags 0x%04X\n", session_cfg_flag );
printf_dbg( "Context config flags 0x%06X\n", context_cfg_flag );
print_if_bit( "MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_TRUNCATED_HMAC", SESSION_CONFIG_TRUNC_HMAC_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_SESSION_TICKETS and client", SESSION_CONFIG_CLIENT_TICKET_BIT, session_cfg_flag );
print_if_bit( "MBEDTLS_SSL_DTLS_CONNECTION_ID", CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT, context_cfg_flag );
print_if_bit( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT, context_cfg_flag );
print_if_bit( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT, context_cfg_flag );
print_if_bit( "MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag );
session_len = ( (uint32_t) ssl[0] << 24 ) |
( (uint32_t) ssl[1] << 16 ) |
( (uint32_t) ssl[2] << 8 ) |
( (uint32_t) ssl[3] );
ssl += 4;
printf_dbg( "session length %u\n", session_len );
printf( "\n" );
}
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
enum { B64BUF_LEN = 4 * 1024 }; enum { B64BUF_LEN = 4 * 1024 };
@ -288,11 +391,11 @@ int main( int argc, char *argv[] )
{ {
int ret; int ret;
b64_counter++; printf( "%u. Desierializing:\n", ++b64_counter );
if( debug ) if( debug )
{ {
printf( "%u. Base64 code:\n", b64_counter ); printf( "\nBase64 code:\n" );
print_b64( b64, b64_len ); print_b64( b64, b64_len );
} }
@ -306,13 +409,12 @@ int main( int argc, char *argv[] )
if( debug ) if( debug )
{ {
printf( "\n Decoded data in hex:\n"); printf( "\nDecoded data in hex:\n");
print_hex( ssl, ssl_len ); print_hex( ssl, ssl_len );
} }
/* TODO: deserializing */ print_deserialized_ssl( ssl, ssl_len );
printf( "\n" );
} }
else else
{ {
@ -321,7 +423,7 @@ int main( int argc, char *argv[] )
} }
} }
printf( "Finish. Found %u base64 codes\n", b64_counter ); printf_dbg( "Finish. Found %u base64 codes\n", b64_counter );
return 0; return 0;
} }