forked from mosajjal/sniproxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathparser.go
150 lines (128 loc) · 4.12 KB
/
parser.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/* {{{ Copyright 2017 Paul Tagliamonte
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License. }}} */
package main
import "fmt"
var tlsHeaderLength = 5
// GetHostname :This function is basically all most folks want to invoke out of this
// jumble of bits. This will take an incoming TLS Client Hello (including
// all the fuzzy bits at the beginning of it - fresh out of the socket) and
// go ahead and give us the SNI Name they want.
func GetHostname(data []byte) (string, error) {
if len(data) == 0 || data[0] != 0x16 {
return "", fmt.Errorf("Doesn't look like a TLS Client Hello")
}
extensions, err := GetExtensionBlock(data)
if err != nil {
return "", err
}
sn, err := GetSNBlock(extensions)
if err != nil {
return "", err
}
sni, err := GetSNIBlock(sn)
if err != nil {
return "", err
}
return string(sni), nil
}
/* Return the length computed from the two octets starting at index */
func lengthFromData(data []byte, index int) int {
b1 := int(data[index])
b2 := int(data[index+1])
return (b1 << 8) + b2
}
// GetSNIBlock :Given a Server Name TLS Extension block, parse out and return the SNI
// (Server Name Indication) payload
func GetSNIBlock(data []byte) ([]byte, error) {
index := 0
for {
if index >= len(data) {
break
}
length := lengthFromData(data, index)
endIndex := index + 2 + length
if data[index+2] == 0x00 { /* SNI */
sni := data[index+3:]
sniLength := lengthFromData(sni, 0)
return sni[2 : sniLength+2], nil
}
index = endIndex
}
return []byte{}, fmt.Errorf(
"Finished parsing the SN block without finding an SNI",
)
}
// GetSNBlock :Given a TLS Extensions data block, go ahead and find the SN block
func GetSNBlock(data []byte) ([]byte, error) {
index := 0
if len(data) < 2 {
return []byte{}, fmt.Errorf("Not enough bytes to be an SN block")
}
extensionLength := lengthFromData(data, index)
if extensionLength+2 > len(data) {
return []byte{}, fmt.Errorf("Extension looks bonkers")
}
data = data[2 : extensionLength+2]
for {
if index+4 >= len(data) {
break
}
length := lengthFromData(data, index+2)
endIndex := index + 4 + length
if data[index] == 0x00 && data[index+1] == 0x00 {
return data[index+4 : endIndex], nil
}
index = endIndex
}
return []byte{}, fmt.Errorf(
"Finished parsing the Extension block without finding an SN block",
)
}
// GetExtensionBlock :Given a raw TLS Client Hello, go ahead and find all the Extensions
func GetExtensionBlock(data []byte) ([]byte, error) {
/* data[0] - content type
* data[1], data[2] - major/minor version
* data[3], data[4] - total length
* data[...38+5] - start of SessionID (length bit)
* data[38+5] - length of SessionID
*/
var index = tlsHeaderLength + 38
if len(data) <= index+1 {
return []byte{}, fmt.Errorf("Not enough bits to be a Client Hello")
}
/* Index is at SessionID Length bit */
if newIndex := index + 1 + int(data[index]); (newIndex + 2) < len(data) {
index = newIndex
} else {
return []byte{}, fmt.Errorf("Not enough bytes for the SessionID")
}
/* Index is at Cipher List Length bits */
if newIndex := (index + 2 + lengthFromData(data, index)); (newIndex + 1) < len(data) {
index = newIndex
} else {
return []byte{}, fmt.Errorf("Not enough bytes for the Cipher List")
}
/* Index is now at the compression length bit */
if newIndex := index + 1 + int(data[index]); newIndex < len(data) {
index = newIndex
} else {
return []byte{}, fmt.Errorf("Not enough bytes for the compression length")
}
/* Now we're at the Extension start */
if len(data[index:]) == 0 {
return nil, fmt.Errorf("No extensions")
}
return data[index:], nil
}
// vim: foldmethod=marker