record handshake messages for session hash

This commit is contained in:
Mathew Marcus 2018-06-19 17:37:19 -05:00 committed by mathewmarcus
parent 157a906228
commit 1086c102d6
2 changed files with 90 additions and 14 deletions

View file

@ -6,6 +6,7 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
#endif #endif
#include "ssl.enums.h" #include "ssl.enums.h"
static int decode_extension(ssl,dir,seg,data);
static int decode_ContentType_ChangeCipherSpec(ssl,dir,seg,data) static int decode_ContentType_ChangeCipherSpec(ssl,dir,seg,data)
ssl_obj *ssl; ssl_obj *ssl;
int dir; int dir;
@ -183,6 +184,7 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data)
extern decoder extension_decoder[]; extern decoder extension_decoder[];
printf("\n"); printf("\n");
ssl_update_session_hash(ssl,data);
SSL_DECODE_UINT8(ssl,0,0,data,&vj); SSL_DECODE_UINT8(ssl,0,0,data,&vj);
SSL_DECODE_UINT8(ssl,0,0,data,&vn); SSL_DECODE_UINT8(ssl,0,0,data,&vn);
@ -233,14 +235,15 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data)
if (exlen) { if (exlen) {
explain(ssl , "extensions\n"); explain(ssl , "extensions\n");
while(data->len) { while(data->len) {
SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex); SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex);
if (ssl_decode_switch(ssl,extension_decoder,ex,dir,seg,data) == R_NOT_FOUND) { if (ssl_decode_switch(ssl,extension_decoder,ex,dir,seg,data) == R_NOT_FOUND) {
P_(P_RH){ decode_extension(ssl,dir,seg,data);
explain(ssl, "Extension type: %s not yet implemented in ssldump", ex); P_(P_RH){
} explain(ssl, "Extension type: %s not yet implemented in ssldump", ex);
continue; }
} continue;
printf("\n"); }
printf("\n");
} }
} }
return(0); return(0);
@ -253,11 +256,14 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data)
Data *data; Data *data;
{ {
int r; int r;
Data rnd,session_id; Data rnd,session_id;
UINT4 vj,vn; UINT4 vj,vn,exlen,ex;
extern decoder extension_decoder[];
printf("\n"); printf("\n");
ssl_update_session_hash(ssl,data);
SSL_DECODE_UINT8(ssl,0,0,data,&vj); SSL_DECODE_UINT8(ssl,0,0,data,&vj);
SSL_DECODE_UINT8(ssl,0,0,data,&vn); SSL_DECODE_UINT8(ssl,0,0,data,&vn);
@ -284,6 +290,24 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data)
P_(P_HL) printf("\n"); P_(P_HL) printf("\n");
SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0); SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0);
P_(P_HL) printf("\n"); P_(P_HL) printf("\n");
/* TODO: add code to print Extensions */
SSL_DECODE_UINT16(ssl,"extensions len",0,data,&exlen);
if (exlen) {
explain(ssl , "extensions\n");
while(data->len) {
SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex);
if (ssl_decode_switch(ssl,extension_decoder,ex,dir,seg,data) == R_NOT_FOUND) {
decode_extension(ssl,dir,seg,data);
P_(P_RH){
explain(ssl, "Extension type: %s not yet implemented in ssldump", ex);
}
continue;
}
printf("\n");
}
}
return(0); return(0);
} }
@ -300,6 +324,7 @@ static int decode_HandshakeType_Certificate(ssl,dir,seg,data)
int r; int r;
printf("\n"); printf("\n");
ssl_update_session_hash(ssl,data);
SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len); SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len);
while(len){ while(len){
@ -323,7 +348,7 @@ static int decode_HandshakeType_ServerKeyExchange(ssl,dir,seg,data)
int r; int r;
printf("\n"); printf("\n");
ssl_update_session_hash(ssl,data);
if(ssl->cs){ if(ssl->cs){
P_(P_ND){ P_(P_ND){
explain(ssl,"params\n"); explain(ssl,"params\n");
@ -361,6 +386,7 @@ static int decode_HandshakeType_CertificateRequest(ssl,dir,seg,data)
int r; int r;
printf("\n"); printf("\n");
ssl_update_session_hash(ssl,data);
SSL_DECODE_UINT8(ssl,"certificate_types len",0,data,&len); SSL_DECODE_UINT8(ssl,"certificate_types len",0,data,&len);
for(;len;len--){ for(;len;len--){
SSL_DECODE_ENUM(ssl,"certificate_types",1, SSL_DECODE_ENUM(ssl,"certificate_types",1,
@ -392,6 +418,7 @@ static int decode_HandshakeType_ServerHelloDone(ssl,dir,seg,data)
printf("\n"); printf("\n");
ssl_update_session_hash(ssl,data);
return(0); return(0);
} }
@ -405,6 +432,7 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data)
int r; int r;
printf("\n"); printf("\n");
ssl_update_session_hash(ssl,data);
SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0); SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0);
return(0); return(0);
@ -421,6 +449,7 @@ static int decode_HandshakeType_ClientKeyExchange(ssl,dir,seg,data)
Data pms; Data pms;
printf("\n"); printf("\n");
ssl_update_session_hash(ssl,data);
if(ssl->cs){ if(ssl->cs){
switch(ssl->cs->kex){ switch(ssl->cs->kex){
@ -2552,6 +2581,19 @@ static int decode_extension_next_protocol_negotiation(ssl,dir,seg,data)
data->data+=l; data->data+=l;
return(0); return(0);
} }
static int decode_extension(ssl,dir,seg,data)
ssl_obj *ssl;
int dir;
segment *seg;
Data *data;
{
int l,r;
SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
data->len-=l;
data->data+=l;
return(0);
}
decoder extension_decoder[] = { decoder extension_decoder[] = {
{ {

View file

@ -91,6 +91,7 @@ struct ssl_decoder_ {
int ephemeral_rsa; int ephemeral_rsa;
Data *PMS; Data *PMS;
Data *MS; Data *MS;
Data *handshake_messages;
ssl_rec_decoder *c_to_s; ssl_rec_decoder *c_to_s;
ssl_rec_decoder *s_to_c; ssl_rec_decoder *s_to_c;
ssl_rec_decoder *c_to_s_n; ssl_rec_decoder *c_to_s_n;
@ -214,6 +215,7 @@ int ssl_decoder_destroy(dp)
r_data_destroy(&d->session_id); r_data_destroy(&d->session_id);
r_data_destroy(&d->PMS); r_data_destroy(&d->PMS);
r_data_destroy(&d->MS); r_data_destroy(&d->MS);
r_data_destroy(&d->handshake_messages);
ssl_destroy_rec_decoder(&d->c_to_s); ssl_destroy_rec_decoder(&d->c_to_s);
ssl_destroy_rec_decoder(&d->c_to_s_n); ssl_destroy_rec_decoder(&d->c_to_s_n);
ssl_destroy_rec_decoder(&d->s_to_c); ssl_destroy_rec_decoder(&d->s_to_c);
@ -564,6 +566,38 @@ int ssl_process_client_key_exchange(ssl,d,msg,len)
} }
int ssl_update_session_hash(ssl,data)
ssl_obj *ssl;
Data *data;
{
Data *hms;
UCHAR *d;
int l,r,_status;
hms = ssl->decoder->handshake_messages;
d = data->data-4;
l = data->len+4;
if(hms){
if(!(hms->data = realloc(hms->data,l+hms->len)))
ABORT(R_NO_MEMORY);
memcpy(hms->data+hms->len,d,l);
hms->len+=l;
}
else{
if(r=r_data_create(&hms,d,l))
ABORT(r);
ssl->decoder->handshake_messages=hms;
}
_status=0;
abort:
return(_status);
}
#ifdef OPENSSL #ifdef OPENSSL
static int tls_P_hash(ssl,secret,seed,md,out) static int tls_P_hash(ssl,secret,seed,md,out)
ssl_obj *ssl; ssl_obj *ssl;