From 157a906228a5b384100e9abe02b612ab23287a84 Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Tue, 19 Jun 2018 09:17:19 -0500 Subject: [PATCH 01/13] include extensions in output --- ssl/ssl.enums.c | 213 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 211 insertions(+), 2 deletions(-) diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index 57bf9a9..45e6cca 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -174,12 +174,13 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) { - UINT4 vj,vn,cs,cslen,complen,comp,odd; + UINT4 vj,vn,cs,cslen,complen,comp,odd,exlen,ex; Data session_id,random; int r; extern decoder cipher_suite_decoder[]; - extern decoder compression_method_decoder[]; + extern decoder compression_method_decoder[]; + extern decoder extension_decoder[]; printf("\n"); SSL_DECODE_UINT8(ssl,0,0,data,&vj); @@ -226,6 +227,22 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) printf("\n"); } } + + /* TODO: add code to print Extensions */ + SSL_DECODE_UINT16(ssl,"extensions len",0,data,&exlen); + if (exlen) { + explain(ssl , "extensions\n"); + while(data->len) { + SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex); + if (ssl_decode_switch(ssl,extension_decoder,ex,dir,seg,data) == R_NOT_FOUND) { + P_(P_RH){ + explain(ssl, "Extension type: %s not yet implemented in ssldump", ex); + } + continue; + } + printf("\n"); + } + } return(0); } @@ -2403,3 +2420,195 @@ decoder client_certificate_type_decoder[]={ {-1} }; +static int decode_extension_server_name(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } +static int decode_extension_max_fragment_length(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } +static int decode_extension_client_certificate_url(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } +static int decode_extension_trusted_ca_keys(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } +static int decode_extension_truncated_hmac(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } +static int decode_extension_status_request(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } +static int decode_extension_signature_algorithms(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } +static int decode_extension_application_layer_protocol_negotiation(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } +static int decode_extension_encrypt_then_mac(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } +static int decode_extension_extended_master_secret(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } +static int decode_extension_next_protocol_negotiation(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } + +decoder extension_decoder[] = { + { + 0, + "server_name", + decode_extension_server_name + }, + { + 1, + "max_fragment_length", + decode_extension_max_fragment_length + }, + { + 2, + "client_certificate_url", + decode_extension_client_certificate_url + }, + { + 3, + "trusted_ca_keys", + decode_extension_trusted_ca_keys + }, + { + 4, + "truncated_hmac", + decode_extension_truncated_hmac + }, + { + 5, + "status_request", + decode_extension_status_request + }, + { + 13, + "signature_algorithms", + decode_extension_signature_algorithms + }, + { + 16, + "application_layer_protocol_negotiation", + decode_extension_application_layer_protocol_negotiation + }, + { + 22, + "encrypt_then_mac", + decode_extension_encrypt_then_mac + }, + { + 23, + "extended_master_secret", + decode_extension_extended_master_secret + }, + { + 13172, + "next_protocol_negotiation", + decode_extension_next_protocol_negotiation + }, + +{-1} +}; From 1086c102d60d3136e92354a2ff1a528c35563a52 Mon Sep 17 00:00:00 2001 From: Mathew Marcus Date: Tue, 19 Jun 2018 17:37:19 -0500 Subject: [PATCH 02/13] record handshake messages for session hash --- ssl/ssl.enums.c | 70 +++++++++++++++++++++++++++++++++++++++---------- ssl/ssldecode.c | 34 ++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 14 deletions(-) diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index 45e6cca..1d2897f 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -6,6 +6,7 @@ #include #endif #include "ssl.enums.h" +static int decode_extension(ssl,dir,seg,data); static int decode_ContentType_ChangeCipherSpec(ssl,dir,seg,data) ssl_obj *ssl; int dir; @@ -182,7 +183,8 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) extern decoder compression_method_decoder[]; extern decoder extension_decoder[]; - printf("\n"); + printf("\n"); + ssl_update_session_hash(ssl,data); SSL_DECODE_UINT8(ssl,0,0,data,&vj); SSL_DECODE_UINT8(ssl,0,0,data,&vn); @@ -233,14 +235,15 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) if (exlen) { explain(ssl , "extensions\n"); while(data->len) { - SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex); - if (ssl_decode_switch(ssl,extension_decoder,ex,dir,seg,data) == R_NOT_FOUND) { - P_(P_RH){ - explain(ssl, "Extension type: %s not yet implemented in ssldump", ex); - } - continue; - } - printf("\n"); + SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex); + if (ssl_decode_switch(ssl,extension_decoder,ex,dir,seg,data) == R_NOT_FOUND) { + decode_extension(ssl,dir,seg,data); + P_(P_RH){ + explain(ssl, "Extension type: %s not yet implemented in ssldump", ex); + } + continue; + } + printf("\n"); } } return(0); @@ -253,11 +256,14 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) Data *data; { - int r; Data rnd,session_id; - UINT4 vj,vn; - printf("\n"); + UINT4 vj,vn,exlen,ex; + + extern decoder extension_decoder[]; + + printf("\n"); + ssl_update_session_hash(ssl,data); SSL_DECODE_UINT8(ssl,0,0,data,&vj); SSL_DECODE_UINT8(ssl,0,0,data,&vn); @@ -283,7 +289,25 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) P_(P_HL) printf("\n"); SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0); - P_(P_HL) printf("\n"); + P_(P_HL) printf("\n"); + + /* TODO: add code to print Extensions */ + SSL_DECODE_UINT16(ssl,"extensions len",0,data,&exlen); + if (exlen) { + explain(ssl , "extensions\n"); + while(data->len) { + SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex); + if (ssl_decode_switch(ssl,extension_decoder,ex,dir,seg,data) == R_NOT_FOUND) { + decode_extension(ssl,dir,seg,data); + P_(P_RH){ + explain(ssl, "Extension type: %s not yet implemented in ssldump", ex); + } + continue; + } + printf("\n"); + } + } + return(0); } @@ -300,6 +324,7 @@ static int decode_HandshakeType_Certificate(ssl,dir,seg,data) int r; printf("\n"); + ssl_update_session_hash(ssl,data); SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len); while(len){ @@ -323,7 +348,7 @@ static int decode_HandshakeType_ServerKeyExchange(ssl,dir,seg,data) int r; printf("\n"); - + ssl_update_session_hash(ssl,data); if(ssl->cs){ P_(P_ND){ explain(ssl,"params\n"); @@ -361,6 +386,7 @@ static int decode_HandshakeType_CertificateRequest(ssl,dir,seg,data) int r; printf("\n"); + ssl_update_session_hash(ssl,data); SSL_DECODE_UINT8(ssl,"certificate_types len",0,data,&len); for(;len;len--){ SSL_DECODE_ENUM(ssl,"certificate_types",1, @@ -392,6 +418,7 @@ static int decode_HandshakeType_ServerHelloDone(ssl,dir,seg,data) printf("\n"); + ssl_update_session_hash(ssl,data); return(0); } @@ -405,6 +432,7 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) int r; printf("\n"); + ssl_update_session_hash(ssl,data); SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0); return(0); @@ -421,6 +449,7 @@ static int decode_HandshakeType_ClientKeyExchange(ssl,dir,seg,data) Data pms; printf("\n"); + ssl_update_session_hash(ssl,data); if(ssl->cs){ switch(ssl->cs->kex){ @@ -2552,6 +2581,19 @@ static int decode_extension_next_protocol_negotiation(ssl,dir,seg,data) data->data+=l; return(0); } +static int decode_extension(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } + decoder extension_decoder[] = { { diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index 787a28f..ba25c71 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -91,6 +91,7 @@ struct ssl_decoder_ { int ephemeral_rsa; Data *PMS; Data *MS; + Data *handshake_messages; ssl_rec_decoder *c_to_s; ssl_rec_decoder *s_to_c; ssl_rec_decoder *c_to_s_n; @@ -214,6 +215,7 @@ int ssl_decoder_destroy(dp) r_data_destroy(&d->session_id); r_data_destroy(&d->PMS); r_data_destroy(&d->MS); + r_data_destroy(&d->handshake_messages); ssl_destroy_rec_decoder(&d->c_to_s); ssl_destroy_rec_decoder(&d->c_to_s_n); ssl_destroy_rec_decoder(&d->s_to_c); @@ -564,6 +566,38 @@ int ssl_process_client_key_exchange(ssl,d,msg,len) } + + +int ssl_update_session_hash(ssl,data) + ssl_obj *ssl; + Data *data; + { + Data *hms; + UCHAR *d; + int l,r,_status; + + hms = ssl->decoder->handshake_messages; + d = data->data-4; + l = data->len+4; + + if(hms){ + if(!(hms->data = realloc(hms->data,l+hms->len))) + ABORT(R_NO_MEMORY); + + memcpy(hms->data+hms->len,d,l); + hms->len+=l; + } + else{ + if(r=r_data_create(&hms,d,l)) + ABORT(r); + ssl->decoder->handshake_messages=hms; + } + + _status=0; + abort: + return(_status); + } + #ifdef OPENSSL static int tls_P_hash(ssl,secret,seed,md,out) ssl_obj *ssl; From 919684d5ae59bf02d1e5cfc7c6b5e87ec414844e Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Wed, 20 Jun 2018 08:27:53 -0500 Subject: [PATCH 03/13] rename functions --- ssl/ssl.enums.c | 128 ++++++------------------------------------------ ssl/ssldecode.c | 2 +- 2 files changed, 17 insertions(+), 113 deletions(-) diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index 1d2897f..3913c35 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -184,7 +184,7 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) extern decoder extension_decoder[]; printf("\n"); - ssl_update_session_hash(ssl,data); + ssl_update_handshake_messages(ssl,data); SSL_DECODE_UINT8(ssl,0,0,data,&vj); SSL_DECODE_UINT8(ssl,0,0,data,&vn); @@ -263,7 +263,7 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) extern decoder extension_decoder[]; printf("\n"); - ssl_update_session_hash(ssl,data); + ssl_update_handshake_messages(ssl,data); SSL_DECODE_UINT8(ssl,0,0,data,&vj); SSL_DECODE_UINT8(ssl,0,0,data,&vn); @@ -324,7 +324,7 @@ static int decode_HandshakeType_Certificate(ssl,dir,seg,data) int r; printf("\n"); - ssl_update_session_hash(ssl,data); + ssl_update_handshake_messages(ssl,data); SSL_DECODE_UINT24(ssl,"certificates len",0,data,&len); while(len){ @@ -348,7 +348,7 @@ static int decode_HandshakeType_ServerKeyExchange(ssl,dir,seg,data) int r; printf("\n"); - ssl_update_session_hash(ssl,data); + ssl_update_handshake_messages(ssl,data); if(ssl->cs){ P_(P_ND){ explain(ssl,"params\n"); @@ -386,7 +386,7 @@ static int decode_HandshakeType_CertificateRequest(ssl,dir,seg,data) int r; printf("\n"); - ssl_update_session_hash(ssl,data); + ssl_update_handshake_messages(ssl,data); SSL_DECODE_UINT8(ssl,"certificate_types len",0,data,&len); for(;len;len--){ SSL_DECODE_ENUM(ssl,"certificate_types",1, @@ -418,7 +418,7 @@ static int decode_HandshakeType_ServerHelloDone(ssl,dir,seg,data) printf("\n"); - ssl_update_session_hash(ssl,data); + ssl_update_handshake_messages(ssl,data); return(0); } @@ -432,7 +432,7 @@ static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) int r; printf("\n"); - ssl_update_session_hash(ssl,data); + ssl_update_handshake_messages(ssl,data); SSL_DECODE_OPAQUE_ARRAY(ssl,"Signature",-(1<<15-1),P_HL,data,0); return(0); @@ -449,7 +449,7 @@ static int decode_HandshakeType_ClientKeyExchange(ssl,dir,seg,data) Data pms; printf("\n"); - ssl_update_session_hash(ssl,data); + ssl_update_handshake_messages(ssl,data); if(ssl->cs){ switch(ssl->cs->kex){ @@ -2461,90 +2461,6 @@ static int decode_extension_server_name(ssl,dir,seg,data) data->data+=l; return(0); } -static int decode_extension_max_fragment_length(ssl,dir,seg,data) - ssl_obj *ssl; - int dir; - segment *seg; - Data *data; - { - int l,r; - SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); - data->len-=l; - data->data+=l; - return(0); - } -static int decode_extension_client_certificate_url(ssl,dir,seg,data) - ssl_obj *ssl; - int dir; - segment *seg; - Data *data; - { - int l,r; - SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); - data->len-=l; - data->data+=l; - return(0); - } -static int decode_extension_trusted_ca_keys(ssl,dir,seg,data) - ssl_obj *ssl; - int dir; - segment *seg; - Data *data; - { - int l,r; - SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); - data->len-=l; - data->data+=l; - return(0); - } -static int decode_extension_truncated_hmac(ssl,dir,seg,data) - ssl_obj *ssl; - int dir; - segment *seg; - Data *data; - { - int l,r; - SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); - data->len-=l; - data->data+=l; - return(0); - } -static int decode_extension_status_request(ssl,dir,seg,data) - ssl_obj *ssl; - int dir; - segment *seg; - Data *data; - { - int l,r; - SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); - data->len-=l; - data->data+=l; - return(0); - } -static int decode_extension_signature_algorithms(ssl,dir,seg,data) - ssl_obj *ssl; - int dir; - segment *seg; - Data *data; - { - int l,r; - SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); - data->len-=l; - data->data+=l; - return(0); - } -static int decode_extension_application_layer_protocol_negotiation(ssl,dir,seg,data) - ssl_obj *ssl; - int dir; - segment *seg; - Data *data; - { - int l,r; - SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); - data->len-=l; - data->data+=l; - return(0); - } static int decode_extension_encrypt_then_mac(ssl,dir,seg,data) ssl_obj *ssl; int dir; @@ -2569,18 +2485,6 @@ static int decode_extension_extended_master_secret(ssl,dir,seg,data) data->data+=l; return(0); } -static int decode_extension_next_protocol_negotiation(ssl,dir,seg,data) - ssl_obj *ssl; - int dir; - segment *seg; - Data *data; - { - int l,r; - SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); - data->len-=l; - data->data+=l; - return(0); - } static int decode_extension(ssl,dir,seg,data) ssl_obj *ssl; int dir; @@ -2604,37 +2508,37 @@ decoder extension_decoder[] = { { 1, "max_fragment_length", - decode_extension_max_fragment_length + decode_extension }, { 2, "client_certificate_url", - decode_extension_client_certificate_url + decode_extension }, { 3, "trusted_ca_keys", - decode_extension_trusted_ca_keys + decode_extension }, { 4, "truncated_hmac", - decode_extension_truncated_hmac + decode_extension }, { 5, "status_request", - decode_extension_status_request + decode_extension }, { 13, "signature_algorithms", - decode_extension_signature_algorithms + decode_extension }, { 16, "application_layer_protocol_negotiation", - decode_extension_application_layer_protocol_negotiation + decode_extension }, { 22, @@ -2649,7 +2553,7 @@ decoder extension_decoder[] = { { 13172, "next_protocol_negotiation", - decode_extension_next_protocol_negotiation + decode_extension }, {-1} diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index ba25c71..08f96a6 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -568,7 +568,7 @@ int ssl_process_client_key_exchange(ssl,d,msg,len) -int ssl_update_session_hash(ssl,data) +int ssl_update_handshake_messages(ssl,data) ssl_obj *ssl; Data *data; { From a066b61dfe25c68aee02e7354e7d207f825b592d Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Wed, 20 Jun 2018 09:06:09 -0500 Subject: [PATCH 04/13] added handler for extended master secret extension --- ssl/ssl.enums.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index 3913c35..286a00d 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -2479,10 +2479,15 @@ static int decode_extension_extended_master_secret(ssl,dir,seg,data) segment *seg; Data *data; { - int l,r; + int l,r,*ems; + + ems=&ssl->decoder->extended_master_secret; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); data->len-=l; data->data+=l; + + *ems=dir==DIR_I2R?1:*ems==1; return(0); } static int decode_extension(ssl,dir,seg,data) From 193c6001086920c0623593aba373f948aa275f8d Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Wed, 20 Jun 2018 09:06:45 -0500 Subject: [PATCH 05/13] moved struct ssl_decoder_ definition into header file because we need it in ssl.enums.c --- ssl/ssldecode.c | 17 ----------------- ssl/ssldecode.h | 19 ++++++++++++++++++- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index 08f96a6..e07cb2b 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -55,7 +55,6 @@ #include #endif #include "ssldecode.h" -#include "ssl_rec.h" #include "r_assoc.h" static char *RCSSTRING="$Id: ssldecode.c,v 1.9 2002/08/17 01:33:17 ekr Exp $"; @@ -82,22 +81,6 @@ struct ssl_decode_ctx_ { #endif }; -struct ssl_decoder_ { - ssl_decode_ctx *ctx; - Data *session_id; - SSL_CipherSuite *cs; - Data *client_random; - Data *server_random; - int ephemeral_rsa; - Data *PMS; - Data *MS; - Data *handshake_messages; - ssl_rec_decoder *c_to_s; - ssl_rec_decoder *s_to_c; - ssl_rec_decoder *c_to_s_n; - ssl_rec_decoder *s_to_c_n; -}; - #ifdef OPENSSL static int tls_P_hash PROTO_LIST((ssl_obj *ssl,Data *secret,Data *seed, diff --git a/ssl/ssldecode.h b/ssl/ssldecode.h index e47f836..b7442cf 100644 --- a/ssl/ssldecode.h +++ b/ssl/ssldecode.h @@ -43,13 +43,30 @@ ekr@rtfm.com Thu Apr 1 15:02:02 1999 */ - +#include "ssl_rec.h" #ifndef _ssldecode_h #define _ssldecode_h #define CRDUMP(a,b,c) P_(P_CR) {Data d; d.data=b; d.len=c; exdump(ssl,a,&d); printf("\n");} #define CRDUMPD(a,b) P_(P_CR) {exdump(ssl,a,b);printf("\n");} +struct ssl_decoder_ { + ssl_decode_ctx *ctx; + Data *session_id; + SSL_CipherSuite *cs; + Data *client_random; + Data *server_random; + int ephemeral_rsa; + Data *PMS; + Data *MS; + Data *handshake_messages; + int extended_master_secret; + ssl_rec_decoder *c_to_s; + ssl_rec_decoder *s_to_c; + ssl_rec_decoder *c_to_s_n; + ssl_rec_decoder *s_to_c_n; +}; + int ssl_decode_ctx_create PROTO_LIST((ssl_decode_ctx **ctx, char *keyfile,char *password)); int ssl_decoder_destroy PROTO_LIST((ssl_decoder **dp)); From 83627b7c8f249aa1ebfa0a9cb06bd611d9994170 Mon Sep 17 00:00:00 2001 From: Mathew Marcus Date: Wed, 20 Jun 2018 10:28:35 -0500 Subject: [PATCH 06/13] Revert "moved struct ssl_decoder_ definition into header file because we need it in ssl.enums.c" This reverts commit 193c6001086920c0623593aba373f948aa275f8d. --- ssl/ssldecode.c | 17 +++++++++++++++++ ssl/ssldecode.h | 19 +------------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index e07cb2b..08f96a6 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -55,6 +55,7 @@ #include #endif #include "ssldecode.h" +#include "ssl_rec.h" #include "r_assoc.h" static char *RCSSTRING="$Id: ssldecode.c,v 1.9 2002/08/17 01:33:17 ekr Exp $"; @@ -81,6 +82,22 @@ struct ssl_decode_ctx_ { #endif }; +struct ssl_decoder_ { + ssl_decode_ctx *ctx; + Data *session_id; + SSL_CipherSuite *cs; + Data *client_random; + Data *server_random; + int ephemeral_rsa; + Data *PMS; + Data *MS; + Data *handshake_messages; + ssl_rec_decoder *c_to_s; + ssl_rec_decoder *s_to_c; + ssl_rec_decoder *c_to_s_n; + ssl_rec_decoder *s_to_c_n; +}; + #ifdef OPENSSL static int tls_P_hash PROTO_LIST((ssl_obj *ssl,Data *secret,Data *seed, diff --git a/ssl/ssldecode.h b/ssl/ssldecode.h index b7442cf..e47f836 100644 --- a/ssl/ssldecode.h +++ b/ssl/ssldecode.h @@ -43,30 +43,13 @@ ekr@rtfm.com Thu Apr 1 15:02:02 1999 */ -#include "ssl_rec.h" + #ifndef _ssldecode_h #define _ssldecode_h #define CRDUMP(a,b,c) P_(P_CR) {Data d; d.data=b; d.len=c; exdump(ssl,a,&d); printf("\n");} #define CRDUMPD(a,b) P_(P_CR) {exdump(ssl,a,b);printf("\n");} -struct ssl_decoder_ { - ssl_decode_ctx *ctx; - Data *session_id; - SSL_CipherSuite *cs; - Data *client_random; - Data *server_random; - int ephemeral_rsa; - Data *PMS; - Data *MS; - Data *handshake_messages; - int extended_master_secret; - ssl_rec_decoder *c_to_s; - ssl_rec_decoder *s_to_c; - ssl_rec_decoder *c_to_s_n; - ssl_rec_decoder *s_to_c_n; -}; - int ssl_decode_ctx_create PROTO_LIST((ssl_decode_ctx **ctx, char *keyfile,char *password)); int ssl_decoder_destroy PROTO_LIST((ssl_decoder **dp)); From 1a7113a0ecd06f51debcccc2bfef5b5798078393 Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Fri, 22 Jun 2018 07:18:39 -0500 Subject: [PATCH 07/13] added struct to store extensions --- ssl/ssl_h.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h index c166df5..0f5343e 100644 --- a/ssl/ssl_h.h +++ b/ssl/ssl_h.h @@ -86,6 +86,7 @@ typedef struct ssl_obj_ { struct timeval time_last; ssl_decode_ctx *ssl_ctx; ssl_decoder *decoder; + ssl_extensions extensions; int process_ciphertext; @@ -107,6 +108,10 @@ typedef struct decoder_ { int (*print) PROTO_LIST((ssl_obj *,int direction,segment *seg,Data *data)); } decoder; +typedef struct ssl_extensions_ { + int extended_master_secret; +} ssl_extensions; + #define SSL_NO_DATA 1 #define SSL_BAD_CONTENT_TYPE 2 #define SSL_BAD_PMS 3 From 5d804ef1a4635a06d258207e889a6c3adb3271fb Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Fri, 22 Jun 2018 07:18:39 -0500 Subject: [PATCH 08/13] added struct to store extensions --- ssl/ssl.enums.c | 2 +- ssl/ssl_analyze.c | 6 +++++- ssl/ssl_h.h | 6 +++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index 286a00d..5b5128f 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -2481,7 +2481,7 @@ static int decode_extension_extended_master_secret(ssl,dir,seg,data) { int l,r,*ems; - ems=&ssl->decoder->extended_master_secret; + ems=&ssl->extensions->extended_master_secret; SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); data->len-=l; diff --git a/ssl/ssl_analyze.c b/ssl/ssl_analyze.c index dde5b54..67b1f73 100644 --- a/ssl/ssl_analyze.c +++ b/ssl/ssl_analyze.c @@ -265,6 +265,9 @@ static int create_ssl_analyzer(handle,ctx,conn,objp,i_addr,i_port,r_addr,r_port, if(r=ssl_decoder_create(&obj->decoder,obj->ssl_ctx)) ABORT(r); + + if (!(obj->extensions=malloc(sizeof(ssl_extensions)))) + ABORT(R_NO_MEMORY); *objp=(proto_obj *)obj; @@ -291,7 +294,8 @@ static int destroy_ssl_analyzer(objp) free_r_queue(obj->r2i_queue); ssl_decoder_destroy(&obj->decoder); free(obj->client_name); - free(obj->server_name); + free(obj->server_name); + free(obj->extensions); free(*objp); *objp=0; diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h index 0f5343e..34f6539 100644 --- a/ssl/ssl_h.h +++ b/ssl/ssl_h.h @@ -67,6 +67,10 @@ typedef struct d_queue_ { int offset; /*How far into the first segment this record starts*/ } r_queue; +typedef struct ssl_extensions_ { + int extended_master_secret; +} ssl_extensions; + typedef struct ssl_obj_ { tcp_conn *conn; int r_state; @@ -86,7 +90,7 @@ typedef struct ssl_obj_ { struct timeval time_last; ssl_decode_ctx *ssl_ctx; ssl_decoder *decoder; - ssl_extensions extensions; + ssl_extensions *extensions; int process_ciphertext; From b4cd538dfae05fc257f908298894ed4a7bd2ff67 Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Fri, 22 Jun 2018 14:54:22 -0500 Subject: [PATCH 09/13] calculate session hash --- ssl/ssldecode.c | 108 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 73 insertions(+), 35 deletions(-) diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index 08f96a6..fa8d8ef 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -92,6 +92,7 @@ struct ssl_decoder_ { Data *PMS; Data *MS; Data *handshake_messages; + Data *session_hash; ssl_rec_decoder *c_to_s; ssl_rec_decoder *s_to_c; ssl_rec_decoder *c_to_s_n; @@ -112,6 +113,8 @@ static int ssl3_generate_export_iv PROTO_LIST((ssl_obj *ssl, Data *rnd1,Data *rnd2,Data *out)); static int ssl_generate_keying_material PROTO_LIST((ssl_obj *ssl, ssl_decoder *d)); +static int ssl_generate_session_hash PROTO_LIST((ssl_obj *ssl, + ssl_decoder *d)); #endif static int ssl_create_session_lookup_key PROTO_LIST((ssl_obj *ssl, @@ -216,6 +219,7 @@ int ssl_decoder_destroy(dp) r_data_destroy(&d->PMS); r_data_destroy(&d->MS); r_data_destroy(&d->handshake_messages); + r_data_destroy(&d->session_hash); ssl_destroy_rec_decoder(&d->c_to_s); ssl_destroy_rec_decoder(&d->c_to_s_n); ssl_destroy_rec_decoder(&d->s_to_c); @@ -384,6 +388,35 @@ int ssl_decode_record(ssl,dec,direction,ct,version,d) #endif } +int ssl_update_handshake_messages(ssl,data) + ssl_obj *ssl; + Data *data; + { + Data *hms; + UCHAR *d; + int l,r,_status; + + hms = ssl->decoder->handshake_messages; + d = data->data-4; + l = data->len+4; + + if(hms){ + if(!(hms->data = realloc(hms->data,l+hms->len))) + ABORT(R_NO_MEMORY); + + memcpy(hms->data+hms->len,d,l); + hms->len+=l; + } + else{ + if(r=r_data_create(&hms,d,l)) + ABORT(r); + ssl->decoder->handshake_messages=hms; + } + + _status=0; + abort: + return(_status); + } static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl) ssl_obj *ssl; @@ -567,37 +600,6 @@ int ssl_process_client_key_exchange(ssl,d,msg,len) } - -int ssl_update_handshake_messages(ssl,data) - ssl_obj *ssl; - Data *data; - { - Data *hms; - UCHAR *d; - int l,r,_status; - - hms = ssl->decoder->handshake_messages; - d = data->data-4; - l = data->len+4; - - if(hms){ - if(!(hms->data = realloc(hms->data,l+hms->len))) - ABORT(R_NO_MEMORY); - - memcpy(hms->data+hms->len,d,l); - hms->len+=l; - } - else{ - if(r=r_data_create(&hms,d,l)) - ABORT(r); - ssl->decoder->handshake_messages=hms; - } - - _status=0; - abort: - return(_status); - } - #ifdef OPENSSL static int tls_P_hash(ssl,secret,seed,md,out) ssl_obj *ssl; @@ -854,10 +856,13 @@ static int ssl_generate_keying_material(ssl,d) if(!d->MS){ if(r=r_data_alloc(&d->MS,48)) ABORT(r); - - if(r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random, - d->MS)) - ABORT(r); + + if (ssl->extensions->extended_master_secret) + ssl_generate_session_hash(ssl,d); + else + if(r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random, + d->MS)) + ABORT(r); CRDUMPD("MS",d->MS); } @@ -992,4 +997,37 @@ static int ssl_generate_keying_material(ssl,d) return(_status); } +static int ssl_generate_session_hash(ssl,d) + ssl_obj *ssl; + ssl_decoder *d; + /* Data **sh; */ + { + UCHAR *out[32]; + int dgi; + unsigned int len; + const EVP_MD *md; + EVP_MD_CTX dgictx; + + switch(ssl->version){ + case TLSV12_VERSION: + dgi = MAX(DIG_SHA256, ssl->cs->dig)-0x40; + if ((md=EVP_get_digestbyname(digests[dgi])) == NULL) { + DBG((0,"Cannot get EVP for digest %s, openssl library current?", + digests[dgi])); + ERETURN(SSL_BAD_MAC); + } + break; + case SSLV3_VERSION: + case TLSV1_VERSION: + case TLSV11_VERSION: + default: + exit(1); + /* ABORT(SSL_CANT_DO_CIPHER); */ + } + + EVP_DigestInit(&dgictx, md); + EVP_DigestUpdate(&dgictx, d->handshake_messages->data, d->handshake_messages->len); + EVP_DigestFinal(&dgictx, out, &len); + exit(0); + } #endif From 0d0a0b79b79c97129fd5dfc980657d67b06bdf02 Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Sun, 24 Jun 2018 12:37:19 -0500 Subject: [PATCH 10/13] finished support for extended master secret --- ssl/ssl_h.h | 4 --- ssl/ssldecode.c | 69 +++++++++++++++++++++++++++++++------------------ ssl/ssldecode.h | 3 ++- 3 files changed, 46 insertions(+), 30 deletions(-) diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h index 34f6539..d8765ec 100644 --- a/ssl/ssl_h.h +++ b/ssl/ssl_h.h @@ -112,10 +112,6 @@ typedef struct decoder_ { int (*print) PROTO_LIST((ssl_obj *,int direction,segment *seg,Data *data)); } decoder; -typedef struct ssl_extensions_ { - int extended_master_secret; -} ssl_extensions; - #define SSL_NO_DATA 1 #define SSL_BAD_CONTENT_TYPE 2 #define SSL_BAD_PMS 3 diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index fa8d8ef..3139a79 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -392,9 +392,10 @@ int ssl_update_handshake_messages(ssl,data) ssl_obj *ssl; Data *data; { +#ifdef OPENSSL Data *hms; UCHAR *d; - int l,r,_status; + int l,r; hms = ssl->decoder->handshake_messages; d = data->data-4; @@ -402,20 +403,19 @@ int ssl_update_handshake_messages(ssl,data) if(hms){ if(!(hms->data = realloc(hms->data,l+hms->len))) - ABORT(R_NO_MEMORY); + ERETURN(R_NO_MEMORY); memcpy(hms->data+hms->len,d,l); hms->len+=l; } else{ if(r=r_data_create(&hms,d,l)) - ABORT(r); + ERETURN(r); ssl->decoder->handshake_messages=hms; } +#endif + return(0); - _status=0; - abort: - return(_status); } static int ssl_create_session_lookup_key(ssl,id,idlen,keyp,keyl) @@ -846,7 +846,7 @@ static int ssl_generate_keying_material(ssl,d) ssl_obj *ssl; ssl_decoder *d; { - Data *key_block=0; + Data *key_block=0,temp; UCHAR _iv_c[8],_iv_s[8]; UCHAR _key_c[16],_key_s[16]; int needed; @@ -857,8 +857,13 @@ static int ssl_generate_keying_material(ssl,d) if(r=r_data_alloc(&d->MS,48)) ABORT(r); - if (ssl->extensions->extended_master_secret) + if (ssl->extensions->extended_master_secret) { ssl_generate_session_hash(ssl,d); + temp.len=0; + if(r=PRF(ssl,d->PMS,"extended master secret",d->session_hash,&temp, + d->MS)) + ABORT(r); + } else if(r=PRF(ssl,d->PMS,"master secret",d->client_random,d->server_random, d->MS)) @@ -1000,34 +1005,48 @@ static int ssl_generate_keying_material(ssl,d) static int ssl_generate_session_hash(ssl,d) ssl_obj *ssl; ssl_decoder *d; - /* Data **sh; */ { - UCHAR *out[32]; - int dgi; + int r,_status,dgi; unsigned int len; const EVP_MD *md; EVP_MD_CTX dgictx; + if(r=r_data_alloc(&d->session_hash,EVP_MAX_MD_SIZE)) + ABORT(r); + switch(ssl->version){ - case TLSV12_VERSION: - dgi = MAX(DIG_SHA256, ssl->cs->dig)-0x40; - if ((md=EVP_get_digestbyname(digests[dgi])) == NULL) { - DBG((0,"Cannot get EVP for digest %s, openssl library current?", - digests[dgi])); - ERETURN(SSL_BAD_MAC); - } - break; + case TLSV12_VERSION: + dgi = MAX(DIG_SHA256,ssl->cs->dig)-0x40; + if ((md=EVP_get_digestbyname(digests[dgi])) == NULL) { + DBG((0,"Cannot get EVP for digest %s, openssl library current?", + digests[dgi])); + ERETURN(SSL_BAD_MAC); + } + + EVP_DigestInit(&dgictx,md); + EVP_DigestUpdate(&dgictx,d->handshake_messages->data,d->handshake_messages->len); + EVP_DigestFinal(&dgictx,d->session_hash->data,&d->session_hash->len); + + break; case SSLV3_VERSION: case TLSV1_VERSION: case TLSV11_VERSION: + EVP_DigestInit(&dgictx,EVP_get_digestbyname("MD5")); + EVP_DigestUpdate(&dgictx,d->handshake_messages->data,d->handshake_messages->len); + EVP_DigestFinal_ex(&dgictx,d->session_hash->data,&d->session_hash->len); + + EVP_DigestInit(&dgictx,EVP_get_digestbyname("SHA1")); + EVP_DigestUpdate(&dgictx,d->handshake_messages->data,d->handshake_messages->len); + EVP_DigestFinal(&dgictx,d->session_hash->data+d->session_hash->len,&len); + + d->session_hash->len+=len; + break; default: - exit(1); - /* ABORT(SSL_CANT_DO_CIPHER); */ + ABORT(SSL_CANT_DO_CIPHER); } - EVP_DigestInit(&dgictx, md); - EVP_DigestUpdate(&dgictx, d->handshake_messages->data, d->handshake_messages->len); - EVP_DigestFinal(&dgictx, out, &len); - exit(0); + _status=0; + abort: + return(_status); } #endif diff --git a/ssl/ssldecode.h b/ssl/ssldecode.h index e47f836..88c7291 100644 --- a/ssl/ssldecode.h +++ b/ssl/ssldecode.h @@ -66,7 +66,8 @@ int ssl_process_client_key_exchange PROTO_LIST((struct ssl_obj_ *, ssl_decoder *d,UCHAR *msg,int len)); int ssl_process_change_cipher_spec PROTO_LIST((ssl_obj *ssl, ssl_decoder *d,int direction)); - +int ssl_update_handshake_messages PROTO_LIST((ssl_obj *ssl, + Data *data)); int ssl_decode_record PROTO_LIST((ssl_obj *ssl,ssl_decoder *dec,int direction, int ct,int version,Data *d)); From 57fc64ac77cb243d0bed46242bc2b8a8896a5f99 Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Sun, 24 Jun 2018 21:08:05 -0500 Subject: [PATCH 11/13] added support for encrypt-then-mac --- ssl/ssl.enums.c | 9 +++- ssl/ssl_h.h | 1 + ssl/ssl_rec.c | 112 ++++++++++++++++++++++++++++++++++-------------- 3 files changed, 89 insertions(+), 33 deletions(-) diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index 5b5128f..db0fec8 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -2467,10 +2467,15 @@ static int decode_extension_encrypt_then_mac(ssl,dir,seg,data) segment *seg; Data *data; { - int l,r; + int l,r,*etm; + + etm=&ssl->extensions->encrypt_then_mac; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); data->len-=l; data->data+=l; + + *etm=dir==DIR_I2R?1:*etm==1; return(0); } static int decode_extension_extended_master_secret(ssl,dir,seg,data) @@ -2508,7 +2513,7 @@ decoder extension_decoder[] = { { 0, "server_name", - decode_extension_server_name + decode_extension, }, { 1, diff --git a/ssl/ssl_h.h b/ssl/ssl_h.h index d8765ec..4a64ede 100644 --- a/ssl/ssl_h.h +++ b/ssl/ssl_h.h @@ -68,6 +68,7 @@ typedef struct d_queue_ { } r_queue; typedef struct ssl_extensions_ { + int encrypt_then_mac; int extended_master_secret; } ssl_extensions; diff --git a/ssl/ssl_rec.c b/ssl/ssl_rec.c index 85b46a2..62b575a 100644 --- a/ssl/ssl_rec.c +++ b/ssl/ssl_rec.c @@ -94,7 +94,7 @@ char *ciphers[]={ static int tls_check_mac PROTO_LIST((ssl_rec_decoder *d,int ct, - int ver,UCHAR *data,UINT4 datalen,UCHAR *mac)); + int ver,UCHAR *data,UINT4 datalen,UCHAR *iv,UINT4 ivlen,UCHAR *mac)); static int fmt_seq PROTO_LIST((UINT4 num,UCHAR *buf)); int ssl_create_rec_decoder(dp,cs,mk,sk,iv) @@ -161,7 +161,8 @@ int ssl_destroy_rec_decoder(dp) *dp=0; return(0); } - + + int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) ssl_obj *ssl; ssl_rec_decoder *d; @@ -174,50 +175,91 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl) { #ifdef OPENSSL int pad; - int r; - UCHAR *mac; + int r,encpadl; + UCHAR *mac,*iv; CRDUMP("Ciphertext",in,inl); - /* First decrypt*/ - EVP_Cipher(d->evp,out,in,inl); - CRDUMP("Plaintext",out,inl); - *outl=inl; - - /* Now strip off the padding*/ - if(d->cs->block>1){ - pad=out[inl-1]; - *outl-=(pad+1); - } + if(ssl->extensions->encrypt_then_mac){ + *outl=inl; - /* And the MAC */ - *outl-=d->cs->dig_len; - mac=out+(*outl); - CRDUMP("Record data",out,*outl); + /* First strip off the MAC */ + *outl-=d->cs->dig_len; + mac=in+(*outl); - /* Now check the MAC */ - if(ssl->version==0x300){ - if(r=ssl3_check_mac(d,ct,version,out,*outl,mac)) - ERETURN(r); - } - else{ + encpadl=*outl; + /* Now decrypt */ + EVP_Cipher(d->evp,out,in,*outl); + CRDUMP("Plaintext",out,*outl); + + /* And then strip off the padding*/ + if(d->cs->block>1){ + pad=out[*outl-1]; + *outl-=(pad+1); + } /* TLS 1.1 and beyond: remove explicit IV, only used with * non-stream ciphers. */ if (ssl->version>=0x0302 && ssl->cs->block > 1) { UINT4 blk = ssl->cs->block; if (blk <= *outl) { - *outl-=blk; - memmove(out, out+blk, *outl); + *outl-=blk; + memmove(out, out+blk, *outl); } else { DBG((0,"Block size greater than Plaintext!")); ERETURN(SSL_BAD_MAC); } + + if(r=tls_check_mac(d,ct,version,in+blk,encpadl,in,blk,mac)) + ERETURN(r); + } - if(r=tls_check_mac(d,ct,version,out,*outl,mac)) - ERETURN(r); + else + if(r=tls_check_mac(d,ct,version,in,encpadl,NULL,0,mac)) + ERETURN(r); + } + else { + /* First decrypt*/ + EVP_Cipher(d->evp,out,in,inl); + + CRDUMP("Plaintext",out,inl); + *outl=inl; + /* Now strip off the padding*/ + if(d->cs->block>1){ + pad=out[inl-1]; + *outl-=(pad+1); + } + + /* And the MAC */ + *outl-=d->cs->dig_len; + mac=out+(*outl); + CRDUMP("Record data",out,*outl); + + /* Now check the MAC */ + if(ssl->version==0x300){ + if(r=ssl3_check_mac(d,ct,version,out,*outl,mac)) + ERETURN(r); + } + else{ + /* TLS 1.1 and beyond: remove explicit IV, only used with + * non-stream ciphers. */ + if (ssl->version>=0x0302 && ssl->cs->block > 1) { + UINT4 blk = ssl->cs->block; + if (blk <= *outl) { + *outl-=blk; + memmove(out, out+blk, *outl); + } + else { + DBG((0,"Block size greater than Plaintext!")); + ERETURN(SSL_BAD_MAC); + } + } + if(r=tls_check_mac(d,ct,version,out,*outl,NULL,0,mac)) + ERETURN(r); + } + } #endif return(0); } @@ -241,13 +283,15 @@ static int fmt_seq(num,buf) return(0); } - -static int tls_check_mac(d,ct,ver,data,datalen,mac) + +static int tls_check_mac(d,ct,ver,data,datalen,iv,ivlen,mac) ssl_rec_decoder *d; int ct; int ver; UCHAR *data; UINT4 datalen; + UCHAR *iv; + UINT4 ivlen; UCHAR *mac; { HMAC_CTX hm; @@ -272,7 +316,13 @@ static int tls_check_mac(d,ct,ver,data,datalen,mac) buf[1]=LSB(datalen); HMAC_Update(&hm,buf,2); - HMAC_Update(&hm,data,datalen); + /* for encrypt-then-mac with an explicit IV */ + if(ivlen && iv){ + HMAC_Update(&hm,iv,ivlen); + HMAC_Update(&hm,data,datalen-ivlen); + } + else + HMAC_Update(&hm,data,datalen); HMAC_Final(&hm,buf,&l); if(memcmp(mac,buf,l)) From 4765bb22d19bcdf425759c21004b05f10f9a30f7 Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Sun, 24 Jun 2018 22:57:40 -0500 Subject: [PATCH 12/13] added support for SNI --- ssl/ssl.enums.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 67 insertions(+), 4 deletions(-) diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index db0fec8..20f4e54 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -7,6 +7,7 @@ #endif #include "ssl.enums.h" static int decode_extension(ssl,dir,seg,data); +static int decode_server_name(ssl,dir,seg,data); static int decode_ContentType_ChangeCipherSpec(ssl,dir,seg,data) ssl_obj *ssl; int dir; @@ -2455,10 +2456,34 @@ static int decode_extension_server_name(ssl,dir,seg,data) segment *seg; Data *data; { - int l,r; + UINT4 t; + int l,r,p; + + extern decoder server_name_type_decoder[]; + SSL_DECODE_UINT16(ssl,"extension length",0,data,&l); - data->len-=l; - data->data+=l; + + if(dir==DIR_I2R){ + SSL_DECODE_UINT16(ssl,"server name list length",0,data,&l); + printf("\n"); + while(l) { + p=data->len; + SSL_DECODE_UINT8(ssl, "server name type", 0, data, &t); + + if (ssl_decode_switch(ssl,server_name_type_decoder,t,dir,seg,data) == R_NOT_FOUND) { + decode_server_name(ssl,dir,seg,data); + P_(P_RH){ + explain(ssl, "Server Name type: %s not yet implemented in ssldump", t); + } + continue; + } + l-=(p-data->len); + } + } + else{ + data->len-=l; + data->data+=l; + } return(0); } static int decode_extension_encrypt_then_mac(ssl,dir,seg,data) @@ -2513,7 +2538,7 @@ decoder extension_decoder[] = { { 0, "server_name", - decode_extension, + decode_extension_server_name, }, { 1, @@ -2568,3 +2593,41 @@ decoder extension_decoder[] = { {-1} }; + +static int decode_server_name_type_host_name(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"server name length",0,data,&l); + printf(": %.*s",l,data->data); + + /* Possibly use data->data to set/modify ssl->server_name */ + + data->len-=l; + data->data+=l; + return(0); + } +static int decode_server_name(ssl,dir,seg,data) + ssl_obj *ssl; + int dir; + segment *seg; + Data *data; + { + int l,r; + SSL_DECODE_UINT16(ssl,"server name length",0,data,&l); + data->len-=l; + data->data+=l; + return(0); + } + +decoder server_name_type_decoder[]={ + { + 0, + "host_name", + decode_server_name_type_host_name + }, +{-1} +}; From 7589ee5eb02284591dab19f47fdd89748b6622eb Mon Sep 17 00:00:00 2001 From: mathewmarcus Date: Sun, 24 Jun 2018 23:43:19 -0500 Subject: [PATCH 13/13] code cleanup --- ssl/ssl.enums.c | 2 -- ssl/ssldecode.c | 6 ++++-- ssl/ssldecode.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c index 20f4e54..78cf07d 100644 --- a/ssl/ssl.enums.c +++ b/ssl/ssl.enums.c @@ -231,7 +231,6 @@ static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) } } - /* TODO: add code to print Extensions */ SSL_DECODE_UINT16(ssl,"extensions len",0,data,&exlen); if (exlen) { explain(ssl , "extensions\n"); @@ -292,7 +291,6 @@ static int decode_HandshakeType_ServerHello(ssl,dir,seg,data) SSL_DECODE_ENUM(ssl,"compressionMethod",1,compression_method_decoder,P_HL,data,0); P_(P_HL) printf("\n"); - /* TODO: add code to print Extensions */ SSL_DECODE_UINT16(ssl,"extensions len",0,data,&exlen); if (exlen) { explain(ssl , "extensions\n"); diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c index 3139a79..ff094ff 100644 --- a/ssl/ssldecode.c +++ b/ssl/ssldecode.c @@ -114,7 +114,7 @@ static int ssl3_generate_export_iv PROTO_LIST((ssl_obj *ssl, static int ssl_generate_keying_material PROTO_LIST((ssl_obj *ssl, ssl_decoder *d)); static int ssl_generate_session_hash PROTO_LIST((ssl_obj *ssl, - ssl_decoder *d)); + ssl_decoder *d)); #endif static int ssl_create_session_lookup_key PROTO_LIST((ssl_obj *ssl, @@ -858,7 +858,9 @@ static int ssl_generate_keying_material(ssl,d) ABORT(r); if (ssl->extensions->extended_master_secret) { - ssl_generate_session_hash(ssl,d); + if(r=ssl_generate_session_hash(ssl,d)) + ABORT(r); + temp.len=0; if(r=PRF(ssl,d->PMS,"extended master secret",d->session_hash,&temp, d->MS)) diff --git a/ssl/ssldecode.h b/ssl/ssldecode.h index 88c7291..3ef9226 100644 --- a/ssl/ssldecode.h +++ b/ssl/ssldecode.h @@ -67,7 +67,7 @@ int ssl_process_client_key_exchange PROTO_LIST((struct ssl_obj_ *, int ssl_process_change_cipher_spec PROTO_LIST((ssl_obj *ssl, ssl_decoder *d,int direction)); int ssl_update_handshake_messages PROTO_LIST((ssl_obj *ssl, - Data *data)); + Data *data)); int ssl_decode_record PROTO_LIST((ssl_obj *ssl,ssl_decoder *dec,int direction, int ct,int version,Data *d));