mirror of
https://github.com/adulau/ssldump.git
synced 2024-11-07 12:06:27 +00:00
420 lines
12 KiB
Text
420 lines
12 KiB
Text
|
select {
|
||
|
ChangeCipherSpec(20)
|
||
|
{@
|
||
|
ssl_process_change_cipher_spec(ssl,ssl->decoder,dir);
|
||
|
|
||
|
if(dir==DIR_I2R){
|
||
|
ssl->i_state=SSL_ST_SENT_CHANGE_CIPHER_SPEC;
|
||
|
}
|
||
|
else{
|
||
|
ssl->r_state=SSL_ST_SENT_CHANGE_CIPHER_SPEC;
|
||
|
}
|
||
|
|
||
|
printf("\n");
|
||
|
return(0);
|
||
|
@}
|
||
|
, Alert(21)
|
||
|
{@
|
||
|
int r;
|
||
|
|
||
|
if(ssl->record_encryption==REC_CIPHERTEXT){
|
||
|
printf("\n");
|
||
|
return(0);
|
||
|
}
|
||
|
|
||
|
if(data->len!=2){
|
||
|
fprintf(stderr,"Wrong length for alert message: %d\n",
|
||
|
data->len);
|
||
|
ERETURN(R_EOD);
|
||
|
}
|
||
|
|
||
|
P_(P_HL){
|
||
|
printf("\n");
|
||
|
SSL_DECODE_ENUM(ssl,"level",1,AlertLevel_decoder,P_HL,data,0);
|
||
|
printf("\n");
|
||
|
SSL_DECODE_ENUM(ssl,"value",1,AlertDescription_decoder,P_HL,data,0);
|
||
|
printf("\n");
|
||
|
}
|
||
|
else {
|
||
|
SSL_DECODE_ENUM(ssl,0,1,AlertLevel_decoder,SSL_PRINT_ALL,data,0);
|
||
|
SSL_DECODE_ENUM(ssl,0,1,AlertDescription_decoder,SSL_PRINT_ALL,data,0);
|
||
|
printf("\n");
|
||
|
}
|
||
|
return(0);
|
||
|
|
||
|
@},
|
||
|
Handshake(22)
|
||
|
{@
|
||
|
extern decoder HandshakeType_decoder[];
|
||
|
int r;
|
||
|
UINT4 t,l;
|
||
|
int rs=0;
|
||
|
Data d;
|
||
|
|
||
|
if(ssl->record_encryption==REC_CIPHERTEXT){
|
||
|
printf("\n");
|
||
|
return(0);
|
||
|
}
|
||
|
|
||
|
while(data->len>0){
|
||
|
SSL_DECODE_UINT8(ssl,0,0,data,&t);
|
||
|
SSL_DECODE_UINT24(ssl,0,0,data,&l);
|
||
|
|
||
|
if(data->len<l){
|
||
|
fprintf(stderr,"Error: short handshake length: expected %d got %d\n",
|
||
|
l,data->len);
|
||
|
ERETURN(R_EOD);
|
||
|
}
|
||
|
|
||
|
d.data=data->data;
|
||
|
d.len=l;
|
||
|
data->len-=l;
|
||
|
data->data+=l;
|
||
|
P_(P_HL){
|
||
|
if(!rs){
|
||
|
printf("\n");
|
||
|
rs=1;
|
||
|
}
|
||
|
}
|
||
|
ssl_decode_switch(ssl,HandshakeType_decoder,t,dir,seg,&d);
|
||
|
}
|
||
|
return(0);
|
||
|
@},
|
||
|
application_data(23)
|
||
|
{@
|
||
|
int r;
|
||
|
Data d;
|
||
|
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"data",data->len,0,data,&d);
|
||
|
|
||
|
P_(P_AD){
|
||
|
print_data(ssl,&d);
|
||
|
}
|
||
|
else {
|
||
|
printf("\n");
|
||
|
}
|
||
|
return(0);
|
||
|
@}
|
||
|
, (255)
|
||
|
} ContentType;
|
||
|
|
||
|
select {
|
||
|
HelloRequest(0)
|
||
|
{@
|
||
|
printf("\n");
|
||
|
@},
|
||
|
ClientHello(1)
|
||
|
{@
|
||
|
UINT4 vj,vn,cs,cslen,complen,comp;
|
||
|
Data session_id,random;
|
||
|
int r;
|
||
|
|
||
|
extern decoder cipher_suite_decoder[];
|
||
|
extern decoder compression_method_decoder[];
|
||
|
|
||
|
printf("\n");
|
||
|
SSL_DECODE_UINT8(ssl,0,0,data,&vj);
|
||
|
SSL_DECODE_UINT8(ssl,0,0,data,&vn);
|
||
|
|
||
|
P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn);
|
||
|
printf("\n");
|
||
|
}
|
||
|
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&random);
|
||
|
ssl_set_client_random(ssl->decoder,random.data,random.len);
|
||
|
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,0,data,&session_id);
|
||
|
ssl_set_client_session_id(ssl->decoder,session_id.data,session_id.len);
|
||
|
|
||
|
P_(P_HL){
|
||
|
if(session_id.len)
|
||
|
exdump(ssl,"resume ",&session_id);
|
||
|
}
|
||
|
|
||
|
P_(P_HL){
|
||
|
SSL_DECODE_UINT16(ssl,"cipher Suites len",0,data,&cslen);
|
||
|
explain(ssl,"cipher suites\n");
|
||
|
|
||
|
for(;cslen;cslen-=2){
|
||
|
ssl_decode_enum(ssl,0,2,cipher_suite_decoder,
|
||
|
0,data,&cs);
|
||
|
ssl_print_cipher_suite(ssl,(vj<<8)|vn,P_HL,cs);
|
||
|
printf("\n");
|
||
|
}
|
||
|
}
|
||
|
|
||
|
SSL_DECODE_UINT8(ssl,"compressionMethod len",0,data,&complen);
|
||
|
if(complen){
|
||
|
explain(ssl,"compression methods\n");
|
||
|
for(;complen;complen--){
|
||
|
SSL_DECODE_ENUM(ssl,0,1,compression_method_decoder,P_HL,data,&comp);
|
||
|
printf("\n");
|
||
|
}
|
||
|
}
|
||
|
return(0);
|
||
|
@},
|
||
|
ServerHello(2)
|
||
|
{@
|
||
|
int r;
|
||
|
Data rnd,session_id;
|
||
|
UINT4 vj,vn;
|
||
|
printf("\n");
|
||
|
SSL_DECODE_UINT8(ssl,0,0,data,&vj);
|
||
|
SSL_DECODE_UINT8(ssl,0,0,data,&vn);
|
||
|
|
||
|
ssl->version=vj*256+vn;
|
||
|
P_(P_HL) {explain(ssl,"Version %d.%d ",vj,vn);
|
||
|
printf("\n");
|
||
|
}
|
||
|
|
||
|
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"random",32,P_ND,data,&rnd);
|
||
|
ssl_set_server_random(ssl->decoder,rnd.data,rnd.len);
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"session_id",-32,P_HL,data,&session_id);
|
||
|
SSL_DECODE_ENUM(ssl,"cipherSuite",2,cipher_suite_decoder,
|
||
|
0,data,&ssl->cipher_suite);
|
||
|
P_(P_HL){
|
||
|
explain(ssl,"cipherSuite ");
|
||
|
ssl_print_cipher_suite(ssl,ssl->version,P_HL,ssl->cipher_suite);
|
||
|
}
|
||
|
ssl_find_cipher(ssl->cipher_suite,&ssl->cs);
|
||
|
|
||
|
ssl_process_server_session_id(ssl,ssl->decoder,session_id.data,
|
||
|
session_id.len);
|
||
|
|
||
|
P_(P_HL) printf("\n");
|
||
|
SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0);
|
||
|
P_(P_HL) printf("\n");
|
||
|
return(0);
|
||
|
@},
|
||
|
Certificate(11)
|
||
|
{@
|
||
|
UINT4 len;
|
||
|
Data cert;
|
||
|
int r;
|
||
|
|
||
|
printf("\n");
|
||
|
SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len);
|
||
|
|
||
|
while(len){
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate",-((1<<23)-1),
|
||
|
0,data,&cert);
|
||
|
sslx_print_certificate(ssl,&cert,P_ND);
|
||
|
len-=(cert.len + 3);
|
||
|
}
|
||
|
|
||
|
return(0);
|
||
|
@},
|
||
|
ServerKeyExchange (12)
|
||
|
{@
|
||
|
int r;
|
||
|
|
||
|
printf("\n");
|
||
|
|
||
|
if(ssl->cs){
|
||
|
P_(P_ND){
|
||
|
explain(ssl,"params\n");
|
||
|
}
|
||
|
INDENT_INCR;
|
||
|
|
||
|
switch(ssl->cs->kex){
|
||
|
case KEX_DH:
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_p",-((1<<15)-1),P_ND,data,0);
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_g",-((1<<15)-1),P_ND,data,0);
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"DH_Ys",-((1<<15)-1),P_ND,data,0);
|
||
|
break;
|
||
|
case KEX_RSA:
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"RSA_modulus",-((1<<15)-1),P_ND,data,0);
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"RSA_exponent",-((1<<15)-1),P_ND,data,0);
|
||
|
break;
|
||
|
}
|
||
|
INDENT_POP;
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"signature",-((1<<15)-1),P_ND,data,0);
|
||
|
}
|
||
|
|
||
|
return(0);
|
||
|
@}
|
||
|
,
|
||
|
CertificateRequest(13)
|
||
|
{@
|
||
|
UINT4 len;
|
||
|
Data ca;
|
||
|
int r;
|
||
|
|
||
|
printf("\n");
|
||
|
SSL_DECODE_UINT8(ssl,"certificate_types len",0,data,&len);
|
||
|
for(;len;len--){
|
||
|
SSL_DECODE_ENUM(ssl,"certificate_types",1,
|
||
|
client_certificate_type_decoder, P_HL,data,0);
|
||
|
P_(P_HL){
|
||
|
printf("\n");
|
||
|
}
|
||
|
};
|
||
|
|
||
|
SSL_DECODE_UINT16(ssl,"certificate_authorities len",0,data,&len);
|
||
|
while(len){
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"certificate_authorities",
|
||
|
-((1<<15)-1),0,data,&ca);
|
||
|
explain(ssl,"certificate_authority\n");
|
||
|
INDENT_INCR;
|
||
|
sslx_print_dn(ssl,&ca,P_HL);
|
||
|
INDENT_POP;
|
||
|
len-=(ca.len + 2);
|
||
|
}
|
||
|
return(0);
|
||
|
@}
|
||
|
, ServerHelloDone(14)
|
||
|
{@
|
||
|
printf("\n");
|
||
|
@},
|
||
|
CertificateVerify(15)
|
||
|
{@
|
||
|
int r;
|
||
|
printf("\n");
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0);
|
||
|
return(0);
|
||
|
@}
|
||
|
,
|
||
|
ClientKeyExchange(16)
|
||
|
{@
|
||
|
int r;
|
||
|
Data pms;
|
||
|
|
||
|
printf("\n");
|
||
|
if(ssl->cs){
|
||
|
switch(ssl->cs->kex){
|
||
|
|
||
|
case KEX_RSA:
|
||
|
if(ssl->version > 768) {
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",-(1<<15-1),
|
||
|
P_ND,data,&pms);
|
||
|
|
||
|
}
|
||
|
else {
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"EncryptedPreMasterSecret",data->len,P_ND,data,&pms);
|
||
|
}
|
||
|
ssl_process_client_key_exchange(ssl,
|
||
|
ssl->decoder,pms.data,pms.len);
|
||
|
|
||
|
break;
|
||
|
case KEX_DH:
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"DiffieHellmanClientPublicValue",
|
||
|
-(1<<15-1),P_HL,data,0);
|
||
|
}
|
||
|
}
|
||
|
return(0);
|
||
|
@}
|
||
|
,
|
||
|
Finished(20)
|
||
|
{@
|
||
|
int r;
|
||
|
|
||
|
printf("\n");
|
||
|
switch(ssl->version){
|
||
|
case 0x300:
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"md5_hash",16,P_ND,data,0);
|
||
|
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"sha_hash",20,P_ND,data,0);
|
||
|
break;
|
||
|
case 0x301:
|
||
|
SSL_DECODE_OPAQUE_ARRAY(ssl,"verify_data",12,P_ND,data,0);
|
||
|
P_(P_ND)
|
||
|
printf("\n");
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
return (0);
|
||
|
@}
|
||
|
, (255)
|
||
|
} HandshakeType;
|
||
|
|
||
|
constant {
|
||
|
CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00,0x01 };
|
||
|
CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00,0x02 };
|
||
|
CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 };
|
||
|
CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 };
|
||
|
CipherSuite TLS_RSA_WITH_RC4_128_SHA = { 0x00,0x05 };
|
||
|
CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 };
|
||
|
CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 };
|
||
|
CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 };
|
||
|
CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 };
|
||
|
CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A };
|
||
|
CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0B };
|
||
|
CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C };
|
||
|
CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D };
|
||
|
CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0E };
|
||
|
CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F };
|
||
|
CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 };
|
||
|
CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x11 };
|
||
|
CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 };
|
||
|
CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 };
|
||
|
CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x14 };
|
||
|
CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 };
|
||
|
CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 };
|
||
|
CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x17 };
|
||
|
CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 };
|
||
|
CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 };
|
||
|
CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
|
||
|
CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B };
|
||
|
CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 };
|
||
|
CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 };
|
||
|
CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 };
|
||
|
CipherSuite TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x63 };
|
||
|
CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = { 0x00,0x64 };
|
||
|
CipherSuite TLS_DHE_DSS_WITH_RC2_56_CBC_SHA = { 0x00,0x65 };
|
||
|
CipherSuite TLS_DHE_DSS_WITH_RC4_128_SHA = { 0x00,0x66 };
|
||
|
CipherSuite TLS_DHE_DSS_WITH_NULL_SHA = { 0x00,0x67 };
|
||
|
CipherSuite SSL2_CK_RC4 = { 0x01,0x00,0x80};
|
||
|
CipherSuite SSL2_CK_RC4_EXPORT40 = { 0x02,0x00,0x80};
|
||
|
CipherSuite SSL2_CK_RC2 = { 0x03,0x00,0x80};
|
||
|
CipherSuite SSL2_CK_RC2_EXPORT40 = { 0x04,0x00,0x80};
|
||
|
CipherSuite SSL2_CK_IDEA = { 0x05,0x00,0x80};
|
||
|
CipherSuite SSL2_CK_DES = { 0x06,0x00,0x40};
|
||
|
CipherSuite SSL2_CK_RC464 = { 0x08,0x00,0x80};
|
||
|
CipherSuite SSL2_CK_3DES = { 0x07,0x00,0xc0};
|
||
|
CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = {0x00,0x4a};
|
||
|
CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = {0x00,0x48};
|
||
|
CipherSuite SSL_RSA_WITH_RC2_CBC_MD5 = {0xff,0x80};
|
||
|
CipherSuite TLS_ECDH_ECDSA_WITH_DES_CBC_SHA = {0x00,0x49};
|
||
|
CipherSuite TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA={0xff,0x85};
|
||
|
CipherSuite TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA={0xff,0x84};
|
||
|
} cipher_suite;
|
||
|
|
||
|
|
||
|
select { warning(1), fatal(2), (255) } AlertLevel;
|
||
|
select {
|
||
|
close_notify(0),
|
||
|
unexpected_message(10),
|
||
|
bad_record_mac(20),
|
||
|
decryption_failed(21),
|
||
|
record_overflow(22),
|
||
|
decompression_failure(30),
|
||
|
handshake_failure(40),
|
||
|
bad_certificate(42),
|
||
|
unsupported_certificate(43),
|
||
|
certificate_revoked(44),
|
||
|
certificate_expired(45),
|
||
|
certificate_unknown(46),
|
||
|
illegal_parameter(47),
|
||
|
unknown_ca(48),
|
||
|
access_denied(49),
|
||
|
decode_error(50),
|
||
|
decrypt_error(51),
|
||
|
export_restriction(60),
|
||
|
protocol_version(70),
|
||
|
insufficient_security(71),
|
||
|
internal_error(80),
|
||
|
user_canceled(90),
|
||
|
no_renegotiation(100),
|
||
|
(255)
|
||
|
} AlertDescription;
|
||
|
|
||
|
constant {
|
||
|
CompressionMethod NULL={0};
|
||
|
} compression_method;
|
||
|
|
||
|
select {
|
||
|
rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
|
||
|
(255)
|
||
|
} client_certificate_type;
|