mirror of
https://github.com/adulau/ssldump.git
synced 2024-12-27 18:36:01 +00:00
745 lines
19 KiB
C
745 lines
19 KiB
C
/**
|
|
sslprint.c
|
|
|
|
|
|
Copyright (C) 1999-2000 RTFM, Inc.
|
|
All Rights Reserved
|
|
|
|
This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla
|
|
<ekr@rtfm.com> and licensed by RTFM, Inc.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions
|
|
are met:
|
|
1. Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer.
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
3. All advertising materials mentioning features or use of this software
|
|
must display the following acknowledgement:
|
|
|
|
This product includes software developed by Eric Rescorla for
|
|
RTFM, Inc.
|
|
|
|
4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be
|
|
used to endorse or promote products derived from this
|
|
software without specific prior written permission.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND
|
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH
|
|
DAMAGE.
|
|
|
|
$Id: sslprint.c,v 1.8 2002/08/17 01:33:17 ekr Exp $
|
|
|
|
|
|
ekr@rtfm.com Tue Jan 12 18:06:39 1999
|
|
*/
|
|
|
|
#include <json.h>
|
|
#include <ctype.h>
|
|
#include <stdarg.h>
|
|
#include "network.h"
|
|
#include "ssl_h.h"
|
|
#include "sslprint.h"
|
|
#include "ssl.enums.h"
|
|
#include "ssldecode.h"
|
|
|
|
extern decoder ContentType_decoder[];
|
|
extern decoder HandshakeType_decoder[];
|
|
|
|
#define BYTES_NEEDED(x) \
|
|
(x <= 255) ? 1 : ((x <= (1 << 16)) ? 2 : (x <= (1 << 24) ? 3 : 4))
|
|
|
|
int process_beginning_plaintext(ssl_obj *ssl, segment *seg, int direction) {
|
|
Data d;
|
|
if(seg->len == 0)
|
|
return SSL_NO_DATA;
|
|
|
|
d.data = seg->data;
|
|
d.len = seg->len;
|
|
|
|
/* this looks like SSL data. Ignore it*/
|
|
if(d.data[0] == 0x16)
|
|
return SSL_BAD_CONTENT_TYPE;
|
|
|
|
if(logger)
|
|
logger->vtbl->data(ssl->logger_obj, d.data, d.len, direction);
|
|
|
|
P_(P_AD) {
|
|
ssl_print_timestamp(ssl, &seg->p->ts);
|
|
|
|
ssl_print_direction_indicator(ssl, direction);
|
|
|
|
print_data(ssl, &d);
|
|
LF;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int process_v2_hello(ssl_obj *ssl, segment *seg) {
|
|
int r;
|
|
int rec_len;
|
|
int _status;
|
|
UINT4 cs_len;
|
|
UINT4 sid_len;
|
|
UINT4 chall_len;
|
|
UINT4 ver;
|
|
Data d;
|
|
Data chall;
|
|
UCHAR random[32];
|
|
|
|
if(seg->len == 0)
|
|
ABORT(SSL_NO_DATA);
|
|
|
|
d.data = seg->data;
|
|
d.len = seg->len;
|
|
|
|
/* First check the message length. */
|
|
if(d.len < 4)
|
|
ABORT(SSL_BAD_CONTENT_TYPE);
|
|
rec_len = ((d.data[0] & 0x7f) << 8) | (d.data[1]);
|
|
d.data += 2;
|
|
d.len -= 2;
|
|
|
|
if(d.len != rec_len) /* Whatever this is it isn't valid SSLv2*/
|
|
ABORT(SSL_BAD_CONTENT_TYPE);
|
|
|
|
/* If msg_type==1 then we've got a v2 message (or trash)*/
|
|
if(*d.data++ != 1)
|
|
ABORT(SSL_BAD_CONTENT_TYPE);
|
|
d.len--;
|
|
|
|
SSL_DECODE_UINT16_ABORT(ssl, "Version number", P_DC, &d, &ver);
|
|
/* We can't handle real v2 clients*/
|
|
if(ver <= 2) {
|
|
explain(ssl, "Version 2 Client.\n");
|
|
ABORT(SSL_BAD_DATA);
|
|
}
|
|
|
|
ssl->cur_json_st = json_object_new_object();
|
|
ssl_print_record_num(ssl);
|
|
ssl_print_timestamp(ssl, &seg->p->ts);
|
|
ssl_print_direction_indicator(ssl, DIR_I2R);
|
|
explain(ssl, " SSLv2 compatible client hello\n");
|
|
json_object_object_add(ssl->cur_json_st, "msg_type",
|
|
json_object_new_string("Handshake"));
|
|
json_object_object_add(ssl->cur_json_st, "handshake_type",
|
|
json_object_new_string("ClientHello_v2_compat"));
|
|
|
|
INDENT_INCR;
|
|
|
|
P_(P_HL) {
|
|
explain(ssl, "Version %d.%d ", (ver >> 8) & 0xff, ver & 0xff);
|
|
LF;
|
|
}
|
|
SSL_DECODE_UINT16_ABORT(ssl, "cipher_spec_length", P_DC, &d, &cs_len);
|
|
SSL_DECODE_UINT16_ABORT(ssl, "session_id_length", P_DC, &d, &sid_len);
|
|
SSL_DECODE_UINT16_ABORT(ssl, "challenge_length", P_DC, &d, &chall_len);
|
|
|
|
if(cs_len % 3) {
|
|
fprintf(stderr, "Bad cipher spec length %d\n", cs_len);
|
|
ABORT(SSL_BAD_DATA);
|
|
}
|
|
P_(P_HL) { explain(ssl, "cipher suites\n"); }
|
|
|
|
for(; cs_len; cs_len -= 3) {
|
|
UINT4 val;
|
|
|
|
SSL_DECODE_UINT24_ABORT(ssl, 0, 0, &d, &val);
|
|
ssl_print_cipher_suite(ssl, ver, P_HL, val);
|
|
P_(P_HL) { explain(ssl, "\n"); }
|
|
}
|
|
|
|
if(sid_len != 0) {
|
|
fprintf(stderr, "Session ID field should be zero length\n");
|
|
ABORT(SSL_BAD_DATA);
|
|
}
|
|
|
|
if(chall_len < 16 || chall_len > 32) {
|
|
fprintf(stderr, "Invalid challenge length %d\n", chall_len);
|
|
ABORT(SSL_BAD_DATA);
|
|
}
|
|
|
|
SSL_DECODE_OPAQUE_ARRAY_ABORT(ssl, 0, chall_len, 0, &d, &chall);
|
|
P_(P_DC) { exdump(ssl, "Challenge", &chall); }
|
|
|
|
memset(random, 0, 32);
|
|
memcpy(random + (32 - chall_len), chall.data, chall_len);
|
|
|
|
ssl_set_client_random(ssl->decoder, random, 32);
|
|
ssl->i_state = SSL_ST_HANDSHAKE;
|
|
|
|
P_(SSL_PRINT_HEXDUMP) {
|
|
Data d;
|
|
|
|
INIT_DATA(d, seg->data, seg->len);
|
|
exdump(ssl, "Packet data", &d);
|
|
LF;
|
|
LF;
|
|
}
|
|
|
|
INDENT_POP;
|
|
|
|
_status = 0;
|
|
|
|
abort:
|
|
if(ssl->cur_json_st) {
|
|
if(SSL_print_flags & SSL_PRINT_JSON)
|
|
printf("%s\n", json_object_to_json_string(ssl->cur_json_st));
|
|
json_object_put(ssl->cur_json_st);
|
|
ssl->cur_json_st = NULL;
|
|
}
|
|
|
|
return _status;
|
|
}
|
|
|
|
int ssl_decode_switch(ssl_obj *ssl,
|
|
decoder *dtable,
|
|
int value,
|
|
int dir,
|
|
segment *seg,
|
|
Data *data) {
|
|
while(dtable && dtable->type != -1 && dtable->name != NULL) {
|
|
if(dtable->type == value) {
|
|
INDENT_INCR;
|
|
explain(ssl, "%s", dtable->name);
|
|
if(dtable->print) {
|
|
INDENT_INCR;
|
|
dtable->print(ssl, dir, seg, data);
|
|
INDENT_POP;
|
|
}
|
|
INDENT_POP;
|
|
return 0;
|
|
}
|
|
dtable++;
|
|
}
|
|
|
|
ERETURN(R_NOT_FOUND);
|
|
}
|
|
|
|
int ssl_expand_record(ssl_obj *ssl,
|
|
segment *q,
|
|
int direction,
|
|
UCHAR *data,
|
|
int len) {
|
|
int r;
|
|
Data d;
|
|
UINT4 ct, vermaj, vermin, length;
|
|
int version;
|
|
char verstr[8];
|
|
char enumstr[20];
|
|
struct json_object *jobj;
|
|
jobj = ssl->cur_json_st;
|
|
|
|
d.data = data;
|
|
d.len = len;
|
|
|
|
/*This should be mapped to an enum*/
|
|
SSL_DECODE_UINT8(ssl, 0, 0, &d, &ct);
|
|
SSL_DECODE_UINT8(ssl, 0, 0, &d, &vermaj);
|
|
SSL_DECODE_UINT8(ssl, 0, 0, &d, &vermin);
|
|
SSL_DECODE_UINT16(ssl, 0, 0, &d, &length);
|
|
|
|
if(d.len != length) {
|
|
explain(ssl, " Short record: %u bytes available (expecting: %u)\n", length,
|
|
d.len);
|
|
return 0;
|
|
}
|
|
version = ssl->version ? ssl->version : (vermaj * 256 + vermin);
|
|
|
|
P_(P_RH) {
|
|
explain(ssl, " V%d.%d(%d)", (version >> 8) & 0xff, version & 0xff, length);
|
|
json_object_object_add(jobj, "record_len", json_object_new_int(length));
|
|
snprintf(verstr, 8, "%d.%d", (version >> 8) & 0xff, version & 0xff);
|
|
json_object_object_add(jobj, "record_ver", json_object_new_string(verstr));
|
|
}
|
|
|
|
r = ssl_decode_record(ssl, ssl->decoder, direction, ct, version, &d);
|
|
if(r == SSL_BAD_MAC) {
|
|
explain(ssl, " bad MAC\n");
|
|
return 0;
|
|
}
|
|
|
|
if(r) {
|
|
if(!(SSL_print_flags & SSL_PRINT_JSON))
|
|
if((r = ssl_print_enum(ssl, 0, ContentType_decoder, ct))) {
|
|
printf(" unknown record type: %d\n", ct);
|
|
ERETURN(r);
|
|
}
|
|
if((r = ssl_get_enum_str(ssl, enumstr, ContentType_decoder, ct))) {
|
|
strncpy(enumstr, "Unknown", 20);
|
|
}
|
|
|
|
json_object_object_add(jobj, "msg_type", json_object_new_string(enumstr));
|
|
|
|
if(!(SSL_print_flags & SSL_PRINT_JSON))
|
|
LF;
|
|
} else {
|
|
// try to save unencrypted data to logger
|
|
// we must save record with type "application_data" (this is unencrypted
|
|
// data)
|
|
if(ct == 23) {
|
|
if(logger) {
|
|
logger->vtbl->data(ssl->logger_obj, d.data, d.len, direction);
|
|
}
|
|
if(ssl->version == TLSV13_VERSION) {
|
|
ct = d.data[--d.len]; // In TLS 1.3 ct is stored in the end for
|
|
// encrypted records
|
|
}
|
|
}
|
|
if((r = ssl_decode_switch(ssl, ContentType_decoder, ct, direction, q,
|
|
&d))) {
|
|
if(!(SSL_print_flags & SSL_PRINT_JSON))
|
|
printf(" unknown record type: %d\n", ct);
|
|
ERETURN(r);
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ssl_decode_uintX(ssl_obj *ssl,
|
|
char *name,
|
|
int size,
|
|
UINT4 p,
|
|
Data *data,
|
|
UINT4 *x) {
|
|
UINT4 v = 0;
|
|
UINT4 _x;
|
|
|
|
if(!x)
|
|
x = &_x;
|
|
|
|
if(size > data->len) {
|
|
fprintf(stderr, "Short read: %d bytes available (expecting %d)\n",
|
|
data->len, size);
|
|
ERETURN(R_EOD);
|
|
}
|
|
|
|
while(size--) {
|
|
v <<= 8;
|
|
v |= *(data->data)++;
|
|
data->len--;
|
|
}
|
|
|
|
P_(p) { explain(ssl, "%s = %d\n", name, *x); }
|
|
*x = v;
|
|
return 0;
|
|
}
|
|
|
|
int ssl_decode_opaque_array(ssl_obj *ssl,
|
|
char *name,
|
|
int size,
|
|
UINT4 p,
|
|
Data *data,
|
|
Data *x) {
|
|
UINT4 len;
|
|
char n[1000];
|
|
int r;
|
|
Data _x;
|
|
|
|
if(!x)
|
|
x = &_x;
|
|
|
|
sprintf(n, "%s (length)", name ? name : "<unknown>");
|
|
if(size < 0) {
|
|
size *= -1;
|
|
if((r = ssl_decode_uintX(ssl, n, BYTES_NEEDED(size), P_DC, data, &len)))
|
|
ERETURN(r);
|
|
} else {
|
|
len = size;
|
|
}
|
|
|
|
if(len > data->len) {
|
|
fprintf(stderr, "Not enough data. Found %d bytes (expecting %d)\n",
|
|
data->len, size);
|
|
ERETURN(R_EOD);
|
|
}
|
|
|
|
x->data = data->data;
|
|
x->len = len;
|
|
data->data += len;
|
|
data->len -= len;
|
|
|
|
P_(p) { exdump(ssl, name, x); }
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ssl_lookup_enum(ssl_obj *ssl, decoder *dtable, UINT4 val, char **ptr) {
|
|
while(dtable && dtable->type != -1) {
|
|
if(dtable->type == val) {
|
|
*ptr = dtable->name;
|
|
return 0;
|
|
}
|
|
dtable++;
|
|
}
|
|
|
|
return R_NOT_FOUND;
|
|
}
|
|
|
|
int ssl_decode_enum(ssl_obj *ssl,
|
|
char *name,
|
|
int size,
|
|
decoder *dtable,
|
|
UINT4 p,
|
|
Data *data,
|
|
UINT4 *x) {
|
|
int r;
|
|
UINT4 _x;
|
|
|
|
if(!x)
|
|
x = &_x;
|
|
|
|
if((r = ssl_decode_uintX(ssl, name, size, 0, data, x)))
|
|
ERETURN(r);
|
|
|
|
P_(p) {
|
|
if(!(SSL_print_flags & SSL_PRINT_JSON))
|
|
if((r = ssl_print_enum(ssl, name, dtable, *x)))
|
|
ERETURN(r);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ssl_print_enum(ssl_obj *ssl, char *name, decoder *dtable, UINT4 value) {
|
|
if(name)
|
|
explain(ssl, "%s ", name);
|
|
INDENT;
|
|
|
|
while(dtable && dtable->type != -1) {
|
|
if(dtable->type == value) {
|
|
INDENT_INCR;
|
|
explain(ssl, "%s", dtable->name);
|
|
INDENT_POP;
|
|
return 0;
|
|
}
|
|
dtable++;
|
|
}
|
|
LF;
|
|
return R_NOT_FOUND;
|
|
}
|
|
|
|
int ssl_get_enum_str(ssl_obj *ssl, char *outstr, decoder *dtable, UINT4 value) {
|
|
while(dtable && dtable->type != -1) {
|
|
if(dtable->type == value) {
|
|
strncpy(outstr, dtable->name, 20);
|
|
return 0;
|
|
}
|
|
dtable++;
|
|
}
|
|
return R_NOT_FOUND;
|
|
}
|
|
|
|
int explain(ssl_obj *ssl, char *format, ...) {
|
|
va_list ap;
|
|
if(!(SSL_print_flags & SSL_PRINT_JSON)) {
|
|
va_start(ap, format);
|
|
|
|
P_(P_NR) {
|
|
if(ssl->record_encryption == REC_DECRYPTED_CIPHERTEXT)
|
|
printf("\\f(CI");
|
|
else
|
|
printf("\\fC");
|
|
}
|
|
INDENT;
|
|
|
|
vprintf(format, ap);
|
|
va_end(ap);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int exdump(ssl_obj *ssl, char *name, Data *data) {
|
|
int i;
|
|
if(!(SSL_print_flags & SSL_PRINT_JSON)) {
|
|
if(name) {
|
|
explain(ssl, "%s[%d]=\n", name, data->len);
|
|
INDENT_INCR;
|
|
}
|
|
P_(P_NR) { printf("\\f(CB"); }
|
|
for(i = 0; i < data->len; i++) {
|
|
if(!i)
|
|
INDENT;
|
|
|
|
if((data->len > 8) && i && !(i % 16)) {
|
|
LF;
|
|
INDENT;
|
|
}
|
|
printf("%.2x ", data->data[i] & 255);
|
|
}
|
|
P_(P_NR) { printf("\\fR"); }
|
|
if(name)
|
|
INDENT_POP;
|
|
LF;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int exstr(ssl_obj *ssl, char *outstr, Data *data) {
|
|
int i;
|
|
|
|
char *ptr = outstr;
|
|
for(i = 0; i < data->len; i++) {
|
|
sprintf(ptr, "%.2x", data->data[i] & 255);
|
|
ptr += 2;
|
|
if(i < data->len - 1) {
|
|
sprintf(ptr, ":");
|
|
++ptr;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int combodump(ssl_obj *ssl, char *name, Data *data) {
|
|
UCHAR *ptr = data->data;
|
|
int len = data->len;
|
|
|
|
if(name) {
|
|
explain(ssl, "%s[%d]=\n", name, data->len);
|
|
INDENT_INCR;
|
|
}
|
|
while(len) {
|
|
int i;
|
|
int bytes = MIN(len, 16);
|
|
|
|
INDENT;
|
|
|
|
P_(P_NR) {
|
|
if(ssl->record_encryption == REC_DECRYPTED_CIPHERTEXT)
|
|
printf("\\f[CBI]");
|
|
else
|
|
printf("\\f(CB");
|
|
}
|
|
|
|
for(i = 0; i < bytes; i++)
|
|
printf("%.2x ", ptr[i] & 255);
|
|
/* Fill */
|
|
for(i = 0; i < (16 - bytes); i++)
|
|
printf(" ");
|
|
printf(" ");
|
|
|
|
P_(P_NR) {
|
|
if(ssl->record_encryption == REC_DECRYPTED_CIPHERTEXT)
|
|
printf("\\f[CI]");
|
|
else
|
|
printf("\\f(C");
|
|
}
|
|
|
|
for(i = 0; i < bytes; i++) {
|
|
if(isprint(ptr[i]))
|
|
printf("%c", ptr[i]);
|
|
else
|
|
printf(".");
|
|
}
|
|
LF;
|
|
|
|
len -= bytes;
|
|
ptr += bytes;
|
|
}
|
|
P_(P_NR) { printf("\\fR"); }
|
|
if(name)
|
|
INDENT_POP;
|
|
return 0;
|
|
}
|
|
|
|
int print_data(ssl_obj *ssl, Data *d) {
|
|
int i, bit8 = 0;
|
|
|
|
LF;
|
|
for(i = 0; i < d->len; i++) {
|
|
if(d->data[i] == 0 ||
|
|
(!isprint(d->data[i]) && !strchr("\r\n\t", d->data[i]))) {
|
|
bit8 = 1;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if(bit8) {
|
|
INDENT;
|
|
printf("---------------------------------------------------------------\n");
|
|
P_(P_HO) { exdump(ssl, 0, d); }
|
|
else {
|
|
combodump(ssl, 0, d);
|
|
}
|
|
INDENT;
|
|
printf("---------------------------------------------------------------\n");
|
|
|
|
} else {
|
|
int nl = 1;
|
|
INDENT;
|
|
printf("---------------------------------------------------------------\n");
|
|
if(SSL_print_flags & SSL_PRINT_NROFF) {
|
|
if(ssl->process_ciphertext & ssl->direction)
|
|
printf("\\f[CI]");
|
|
else
|
|
printf("\\f(C");
|
|
}
|
|
|
|
INDENT;
|
|
for(i = 0; i < d->len; i++) {
|
|
/* Escape leading . */
|
|
if(nl == 1 && (SSL_print_flags & SSL_PRINT_NROFF) && (d->data[i] == '.'))
|
|
printf("\\&");
|
|
nl = 0;
|
|
|
|
putchar(d->data[i]);
|
|
if(d->data[i] == '\n') {
|
|
nl = 1;
|
|
INDENT;
|
|
}
|
|
}
|
|
printf("---------------------------------------------------------------\n");
|
|
if(SSL_print_flags & SSL_PRINT_NROFF) {
|
|
printf("\\f(R");
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
int ssl_print_direction_indicator(ssl_obj *ssl, int dir) {
|
|
struct json_object *jobj;
|
|
#if 0
|
|
if(dir==DIR_I2R){
|
|
explain(ssl,"%s(%d) > %s>%d",
|
|
ssl->client_name,ssl->client_port,ssl->server_name,ssl->server_port);
|
|
}
|
|
else{
|
|
explain(ssl,"%s(%d) > %s>%d",
|
|
ssl->client_name,ssl->client_port,ssl->server_name,ssl->server_port);
|
|
}
|
|
#else
|
|
|
|
jobj = ssl->cur_json_st;
|
|
|
|
if(dir == DIR_I2R) {
|
|
explain(ssl, "C>S");
|
|
if(jobj) {
|
|
json_object_object_add(jobj, "src_name",
|
|
json_object_new_string(ssl->client_name));
|
|
json_object_object_add(jobj, "src_ip",
|
|
json_object_new_string(ssl->client_ip));
|
|
json_object_object_add(jobj, "src_port",
|
|
json_object_new_int(ssl->client_port));
|
|
json_object_object_add(jobj, "dst_name",
|
|
json_object_new_string(ssl->server_name));
|
|
json_object_object_add(jobj, "dst_ip",
|
|
json_object_new_string(ssl->server_ip));
|
|
json_object_object_add(jobj, "dst_port",
|
|
json_object_new_int(ssl->server_port));
|
|
}
|
|
} else {
|
|
explain(ssl, "S>C");
|
|
if(jobj) {
|
|
json_object_object_add(jobj, "src_name",
|
|
json_object_new_string(ssl->server_name));
|
|
json_object_object_add(jobj, "src_ip",
|
|
json_object_new_string(ssl->server_ip));
|
|
json_object_object_add(jobj, "src_port",
|
|
json_object_new_int(ssl->server_port));
|
|
json_object_object_add(jobj, "dst_name",
|
|
json_object_new_string(ssl->client_name));
|
|
json_object_object_add(jobj, "dst_ip",
|
|
json_object_new_string(ssl->client_ip));
|
|
json_object_object_add(jobj, "dst_port",
|
|
json_object_new_int(ssl->client_port));
|
|
}
|
|
}
|
|
#endif
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ssl_print_timestamp(ssl_obj *ssl, struct timeval *ts) {
|
|
struct timeval dt;
|
|
int r;
|
|
|
|
char ts_str[40];
|
|
struct json_object *jobj;
|
|
jobj = ssl->cur_json_st;
|
|
|
|
if(jobj) {
|
|
snprintf(ts_str, 40, "%lld%c%4.4lld", (long long)ts->tv_sec, '.',
|
|
(long long)ts->tv_usec / 100);
|
|
json_object *j_ts_str = json_object_new_string(ts_str);
|
|
json_object_object_add(jobj, "timestamp", j_ts_str);
|
|
}
|
|
if(SSL_print_flags & SSL_PRINT_TIMESTAMP_ABSOLUTE) {
|
|
if(!(SSL_print_flags & SSL_PRINT_JSON))
|
|
explain(ssl, "%lld%c%4.4lld ", (long long)ts->tv_sec, '.',
|
|
(long long)ts->tv_usec / 100);
|
|
} else {
|
|
if((r = timestamp_diff(ts, &ssl->time_start, &dt)))
|
|
ERETURN(r);
|
|
if(!(SSL_print_flags & SSL_PRINT_JSON))
|
|
explain(ssl, "%lld%c%4.4lld ", (long long)dt.tv_sec, '.',
|
|
(long long)dt.tv_usec / 100);
|
|
}
|
|
|
|
if((r = timestamp_diff(ts, &ssl->time_last, &dt))) {
|
|
ERETURN(r);
|
|
}
|
|
if(!(SSL_print_flags & SSL_PRINT_JSON))
|
|
explain(ssl, "(%lld%c%4.4lld) ", (long long)dt.tv_sec, '.',
|
|
(long long)dt.tv_usec / 100);
|
|
|
|
memcpy(&ssl->time_last, ts, sizeof(struct timeval));
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ssl_print_record_num(ssl_obj *ssl) {
|
|
struct json_object *jobj;
|
|
jobj = ssl->cur_json_st;
|
|
|
|
ssl->record_count++;
|
|
if(!(SSL_print_flags & SSL_PRINT_JSON)) {
|
|
if(SSL_print_flags & SSL_PRINT_NROFF) {
|
|
printf("\\fI%d %d\\fR %s", ssl->conn->conn_number, ssl->record_count,
|
|
ssl->record_count < 10 ? " " : "");
|
|
} else {
|
|
printf("%d %d %s", ssl->conn->conn_number, ssl->record_count,
|
|
ssl->record_count < 10 ? " " : "");
|
|
}
|
|
}
|
|
json_object_object_add(jobj, "connection_number",
|
|
json_object_new_int(ssl->conn->conn_number));
|
|
json_object_object_add(jobj, "record_count",
|
|
json_object_new_int(ssl->record_count));
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ssl_print_cipher_suite(ssl_obj *ssl, int version, int p, UINT4 val) {
|
|
char *str;
|
|
char *prefix = version <= 0x300 ? "SSL_" : "TLS_";
|
|
int r;
|
|
|
|
P_(p) {
|
|
if((r = ssl_lookup_enum(ssl, cipher_suite_decoder, val, &str))) {
|
|
explain(ssl, "Unknown value 0x%x", val);
|
|
return 0;
|
|
}
|
|
|
|
/* Now the tricky bit. If the cipher suite begins with TLS_
|
|
and the version is SSLv3 then we replace it with SSL_*/
|
|
if(!strncmp(str, "TLS_", 4)) {
|
|
explain(ssl, "%s%s", prefix, str + 4);
|
|
} else {
|
|
explain(ssl, "%s", str);
|
|
}
|
|
}
|
|
return 0;
|
|
}
|