Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Address PR feedback

Browse source 
This addresses feedback to GH-1814. The most significant change is the
fact that the ChipertextRecord now can remain &transient - which might
lead to improved speed.
This commit is contained in:
Johanna Amann 2022-02-23 11:31:21 +00:00
parent b78f30339f
commit 1c9ea09d9f
5 changed files with 24 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

16
scripts/policy/protocols/ssl/decryption.zeek
View file

@ -1,9 +1,9 @@
##! This script allows for the decryption of certain TLS 1.2 connection, if the user is in possession
##! This script allows for the decryption of certain TLS 1.2 connections, if the user is in possession
##! of the private key material for the session. Key material can either be provided via a file (useful
##! for processing trace files) or via sending events via broker (for live decoding).
##! for processing trace files) or via sending events via Broker (for live decoding).
##!
##! Please note that this feature is experimental and can change without guarantees to our typical
##! deprecation tieline. Please also note that currently only TLS 1.2 connections that use the
##! deprecation timeline. Please also note that currently only TLS 1.2 connections that use the
##! TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite are supported.
@load base/frameworks/input
@ -26,19 +26,19 @@ export {
## Secrets expire after this time of not being used.
const secret_expiration = 5 mins &redef;
## This event can be triggered, e.g., via broker to add known keys to the TLS key database.
## This event can be triggered, e.g., via Broker to add known keys to the TLS key database.
##
## client_random: client random for which the key is set
##
## keys: key material
global add_keys: event(client_random: string, keys: string);
## This event can be triggered, e.g., via broker to add known secrets to the TLS secret datbase.
## This event can be triggered, e.g., via Broker to add known secrets to the TLS secret datbase.
##
## client_random: client random for which the secret is set
##
## secrets: derived TLS secrets material
global add_secret: event(client_random: string, secret: string);
global add_secret: event(client_random: string, secrets: string);
}
@if ( keylog_file == "" )
@ -47,8 +47,8 @@ export {
global secrets: table[string] of string = {} &redef;
global keys: table[string] of string = {} &redef;
@else
#global secrets: table[string] of string = {} &read_expire=secret_expiration &redef;
#global keys: table[string] of string = {} &read_expire=secret_expiration &redef;
global secrets: table[string] of string = {} &read_expire=secret_expiration &redef;
global keys: table[string] of string = {} &read_expire=secret_expiration &redef;
@endif