include extensions in output

2024-11-21 17:07:04 +00:00 · 2018-06-19 09:17:19 -05:00 · 2018-06-19 09:17:19 -05:00 · 157a906228
commit 157a906228
parent 430d57af39
1 changed files with 211 additions and 2 deletions
--- a/ssl/ssl.enums.c
+++ b/ssl/ssl.enums.c
@ -174,12 +174,13 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data)
  {


-    UINT4 vj,vn,cs,cslen,complen,comp,odd;
+    UINT4 vj,vn,cs,cslen,complen,comp,odd,exlen,ex;
    Data session_id,random;
    int r;

    extern decoder cipher_suite_decoder[];
-    extern decoder compression_method_decoder[];    
+    extern decoder compression_method_decoder[];
+    extern decoder extension_decoder[];
 	
    printf("\n");			    
    SSL_DECODE_UINT8(ssl,0,0,data,&vj);
@ -226,6 +227,22 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data)
        printf("\n");
      }
    }
+
+    /* TODO: add code to print Extensions */
+    SSL_DECODE_UINT16(ssl,"extensions len",0,data,&exlen);
+    if (exlen) {
+      explain(ssl , "extensions\n");
+      while(data->len) {
+	SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex);
+	if (ssl_decode_switch(ssl,extension_decoder,ex,dir,seg,data) == R_NOT_FOUND) {
+	  P_(P_RH){
+	    explain(ssl, "Extension type: %s not yet implemented in ssldump", ex);
+	  }
+	  continue;
+	}
+	printf("\n");
+      }
+    }
    return(0);

  }
@ -2403,3 +2420,195 @@ decoder client_certificate_type_decoder[]={
 {-1}
 };

+static int decode_extension_server_name(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+static int decode_extension_max_fragment_length(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+static int decode_extension_client_certificate_url(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+static int decode_extension_trusted_ca_keys(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+static int decode_extension_truncated_hmac(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+static int decode_extension_status_request(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+static int decode_extension_signature_algorithms(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+static int decode_extension_application_layer_protocol_negotiation(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+static int decode_extension_encrypt_then_mac(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+static int decode_extension_extended_master_secret(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+static int decode_extension_next_protocol_negotiation(ssl,dir,seg,data)
+  ssl_obj *ssl;
+  int dir;
+  segment *seg;
+  Data *data;
+  {
+    int l,r;
+    SSL_DECODE_UINT16(ssl,"extension length",0,data,&l);
+    data->len-=l;
+    data->data+=l;
+    return(0);
+  }
+
+decoder extension_decoder[] = {
+	{
+		0,
+		"server_name",
+		decode_extension_server_name
+	},
+	{
+		1,
+		"max_fragment_length",
+		decode_extension_max_fragment_length
+	},
+	{
+		2,
+		"client_certificate_url",
+		decode_extension_client_certificate_url
+	},
+	{
+		3,
+		"trusted_ca_keys",
+		decode_extension_trusted_ca_keys
+	},
+	{
+		4,
+		"truncated_hmac",
+		decode_extension_truncated_hmac
+	},
+	{
+		5,
+		"status_request",
+		decode_extension_status_request
+	},
+	{
+		13,
+		"signature_algorithms",
+		decode_extension_signature_algorithms
+	},
+	{
+		16,
+		"application_layer_protocol_negotiation",
+		decode_extension_application_layer_protocol_negotiation
+	},
+	{
+		22,
+		"encrypt_then_mac",
+		decode_extension_encrypt_then_mac
+	},
+	{
+		23,
+		"extended_master_secret",
+		decode_extension_extended_master_secret
+	},
+	{
+		13172,
+		"next_protocol_negotiation",
+		decode_extension_next_protocol_negotiation
+	},
+
+{-1}
+};