I have a need to access the encryption (cipher, write) keys that are generated from the master key that is generated from the OpenSSL C API. I know I can access the master key using the SSL struct as follows:
ssl->session->master_key
Unfortunately looking at the OpenSSL code has not gotten me very far as the API is not very well documented and looking at GDB has been a pain as well. Are they exposed anywhere?
Thanks
I am working on the same thing as well.
Well for the SSlv3 connections, you can access the key block by,
ssl->s3->tmp.key_block
However, I managed to get this at the end of ssl3_setup_key_block method which is defined in s3_enc.c file. I mean I changed the source code and recompiled openssl. So I don't know yet if it changes or becomes lost after returning from that function.
This key block is a string and as defined in http://www.ietf.org/rfc/rfc2246.txt its structure is;
{
clientWriteMACSecret,
serverWriteMACSecret,
clientWriteKey,
serverWriteKey,
clientWriteIV,
serverWriteIV
}
The length of each section varies depending on the used cipher suite.
For SSLv2 connections I suppose you can again access these areas by calling ssl->s2->something as well. s2 is an object of ssl2_state_st structure which is defined in ssl2.h. You can look that up from there.
I don't know how it is for TLSv1 connections. But there is also a d1 variable in the SSL structure.
As a personal note, openssl source code is really a bunch of trash. No good code comments, no good documentation. Wandering inside the source code in order to find the simplest thing is a pain.
Related
I've got this ancient C code that I didn't write, but I need to re-compile against newer OpenSSL with opaque structures. I've updated most of the direct struct access to use the getter functions. This is my first time working directly with the OpenSSL library in C.
I am struggling to complete the final portion of this work, which is to get the following struct members in ASN.1 format as another function needs ASN1_OBJECT passed to it:
cert->cert_info->signature->algorithm
cert->cert_info->key->algor->algorithm
I used X509_get0_tbs_sigalg(cert) to get the signature algorithm from cert, but I couldn't figure out from the i2d_* function manpage what the best practice for getting this to ASN.1 format is. I tried a couple things and felt I was just digging myself into a further hole by potentially doing it wrong.
And I couldn't find a direct way to get the key algorithm at all, I'm guessing I need to get something intermediate first?
I could potentially ditch the other function that requires an ASN1_OBJECT, although I'd like to leave that part of the code alone. Even if I did get rid of the other function that requires ASN1_OBJECT, I would still need the algorithms in string format.
Any suggestions? Thanks!
X509_get0_tbs_sigalg() returns an X509_ALGOR structure. From that you can get an ASN1_OBJECT from it using X509_ALGOR_get0.
https://www.openssl.org/docs/man1.1.1/man3/X509_ALGOR_get0.html
To get the key algorithm first get the key as an X509_PUBKEY object using X509_get_X509_PUBKEY():
https://www.openssl.org/docs/man1.1.1/man3/X509_get_X509_PUBKEY.html
From there you can use X509_PUBKEY_get0_param to get the key algorithm:
https://www.openssl.org/docs/man1.1.1/man3/X509_PUBKEY_get0_param.html
I've finally managed to get code working to validate a CMS signature in Swift using OpenSSL's CMS_Verify method. Now I would like to use the STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) method to get the certificates used to sign the message. In Swift, the data type for that call would be UnsafeMutablePointer<stack_st_X509>. I'm able to get a value back for that call, so I know it's succeeding. What I don't know, is how to extract the contents of it?
I was reading the STACK API docs and it appears that access to the contents of an OpenSSL stack value is accomplished using a bunch of macros in the OpenSSL code. These macros are not carried over in Swift, however.
Does anyone know how I can go about accessing the stack_st_x509 data in Swift? I'm not terribly familiar with the OpenSSL APIs so I'm somewhat stuck.
If macros are the only way to access the data you cannot do so from swift. You must write C or Objective-C code that gets the data out that you are interested in.
You can then call these wrapper functions from swift to get your data.
Is there a facility for the C language that allows run-time struct introspection?
The context is this:
I've got a daemon that responds to external events, and for each event we carry around an execution context struct (the "context"). The context is big and messy, and contains references to all sorts of state.
Once the event has been handled, I would like to be able to run the context through a filter, and if it matches some set of criteria, drop a log message to help with debugging. However, since I hope to use this for field debugging, I won't know what criteria will be useful to filter on until run time.
My ideal solution would allow the user to, essentially, write a C-style boolean expression and have the program use that. Something like:
activate_filter context.response_time > 4.2 && context.event.event_type == foo_event
Ideas that have been tossed around so far include:
Providing a limited set of fields that we know how to access.
Wrapping all the relevant structs in some sort of macro that generates introspection tools at run time.
Writing a python script that knows where (versioned) headers live, generates C code and compiles it to a dll, which the daemon then loads and uses as a filter. Obviously this approach has some extra security considerations.
Before I start in on some crazy design goose chase, does anyone know of examples of this sort of thing in the wild? I've dome some googling but haven't come up with much.
I would also suggest tackling this issue from another angle. The key words in your question are:
The context is big and messy
And that's where the issue is. Once you clean this up, you'll probably be able to come up with a clean logging facility.
Consider redefining all the fields in your context struct in some easy, pliable format, like XML. A simple `XML schema, that lists all the members of the struct, their types, and maybe some other metadata, even a comment that documents this field.
Then, throw together a quick and dirty stylesheet that reads the XML file and generates a compilable C struct, that your code actually uses. Then, a different stylesheet that cranks out robo-generated code that enumerates each field in the struct, and generates the code to convert each field into a string.
From that, bolting on a logging facility of some kind, with a user-provided filtering string becomes an easier task. You do have to come up with some way of parsing an arbitrary filtering string. Knowledge of lex and yacc would come in handy.
Things of this nature have been done before.
The XCB library is a C client library for the X11 protocol. The protocol defines various kinds of binary messages which are essentially simple structs that the client and the server toss to each other, over a socket. The way that libxcb is implemented, is that all X11 messages and all datatypes inside them are described in an XML definition, and a stylesheet robo-generates C struct definitions, and the code to parse them out, and provide a fairly clean C API to parse and generate X11 messages.
You are probably approaching this problem from a wrong side.
Logging is typically used to facilitate debugging. The program writes all sorts of events to a log file. To extract interesting entries filtering is applied to the log file.
Sometimes a program generates just too much events; logging libraries usually address this issues by offering verbosity control. Basically a logging function takes an additional parameter telling the verbosity level of the current message. If the value is above the globally configured threshold the message gets discarded. Some libraries even allow to control verbosity level on a per-module basis (Ex: google log).
Another possible approach is to leverage the power of a debugger since the debugger has access to all sorts of meta information. One can create a conditional breakpoint testing variables in scope for arbitrary conditions. Once the program stops any information could be extracted from the scope. This can be automated using scripting facilities provided by a debugger (gdb has great ones).
Finally there are tools generating glue code to use C libraries from scripting languages. One example is SWIG. It analyzes a header file and generates code allowing a scripting language to invoke functions, access structure fields, etc.
Your filter expression will become a program in, say, Lua (other scripting languages are supported as well). You invoke this program passing in the pointer to execution context struct (the "context"). Thanks to the accessors generated by SWIG Lua program can examine any field in the structure.
I generated introspection out of SWIG-CSV parser.
Suppose the C code contains structure like the following,
class Bike {
public:
int color; // color of the bike
int gearCount; // number of configurable gear
Bike() {
// bla bla
}
~Bike() {
// bla bla
}
void operate() {
// bla bla
}
};
Then it will generate the following CSV metadata,
Bike|color|int|variable|public|
Bike|gearCount|int|variable|public|
Bike|operate|void|function|public|f().
Now it is easy to parse the CSV file with python or C/C++ if needed.
import csv
with open('bike.csv', 'rb') as csvfile:
bike_metadata = csv.reader(csvfile, delimiter='|')
# do your thing
I know that the password field in /etc/shadow is prefixed with ${number}$ if it is not simply DES encrypted. What I am not able to find is a table that correlates the type of encryption to a given number.
For instance, $1$ would indicate MD5. Its the rest that escape me (i.e. SHA1, SHA256, Twofish, Blowfish, etc)
I've gone through the source to passwd and chpasswd as well as glib, but I'm not finding what I'm looking for.
Would someone mind sharing a link to a web page, or even a clue as to where In glib I might find such a table? I need to progmatically update passwords from within a program without using system() or exec*() calls. I'd like to write original code because I want to keep a uniform 3 clause BSD license and full copyright over my code.
Forgive me if this is a duplicate. I found lots of questions regarding how to parse /etc/shadow, but none that specifically ask how to identify the encryption type of the second field.
Edit:
For reference, here is the announcement from the discussion group that moved forward implementing SHA (over DES) with support for BSD Blowfish.
The crypt(3) man page describes it in the NOTES section.
I'm looking for a list of win32 API in some "database"/XML format.
I'd need it to easily create a "conversion layer" between win32 API and the higher level language I'm using (harbour/xharbour). Since this runs Pcode, it is necessary to transform parameters to C standard...
Instead of doing manual code write, I'd like to automate the process...
just for example, the windows API definition (taken from MSDN)
DWORD WINAPI GetSysColor(
__in int nIndex
);
should be transformed in
HB_FUNC( GETSYSCOLOR )
{
hb_retnl( (LONG) GetSysColor( hb_parni( 1 ) ) );
}
AFAIK, pinvoke.net only stores text data with the PInvoke definition for the call. Not very useful if what you want is something to use as a pre-parsed database of APIs.
Probably you could create an small parser that will take the include file and translate it to what you need. In that case, I'd recommend using lcc-win32's include files, as they are pretty much fat-free/no-BS version of the SDK headers (they don't come with a bunch of special reserved words you'd have to ignore, etc.)
Of course, you have Microsoft Platform SDK, but it is in raw .h C code, so hard to parse!
Similar work have been done by VB users (and Delphi users and probably for some other languages), for example ApiViewer has such database, but in some proprietary binary format (.apv extension), so you might have to reverse-engineer it.
Similarly, there is an API-Guide, which was hosted at Allapi.net but the later seems to be a parking site now. It used .api files (again binary-proprietary).
About the closest thing I know of would be: http://pinvoke.net/
Maybe they would share their data with you?
They have a VS tool that accesses this data, so it may be a webservice. You might even be able to sniff that out.
There seems to be some database (and an app for using it, named "PInvoke Interop Assistant") at:
https://github.com/jaredpar/pinvoke/tree/master/StorageGenerator/Data
although I'm not sure what's the license for now — thus I've asked the authors.