Merge remote-tracking branch 'origin/topic/johanna/ssl_signature_details'

Closes BIT-1897.

* origin/topic/johanna/ssl_signature_details:
  Make parsing of ServerKeyExchange work for D(TLS) < 1.2.
  Add more details to ssl_server_signature.

testing/btest/scripts/base/protocols/ssl/basic.test

@@ -3,3 +3,4 @@
 # @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
 # @TEST-EXEC: btest-diff ssl.log
 # @TEST-EXEC: btest-diff x509.log
+# @TEST-EXEC: test ! -f dpd.log

testing/btest/scripts/base/protocols/ssl/dtls.test

@@ -1,5 +1,10 @@
 # This tests a normal SSL connection and the log it outputs.
 
-# @TEST-EXEC: bro -r $TRACES/tls/dtls-openssl.pcap %INPUT
+# @TEST-EXEC: bro -r $TRACES/tls/dtls1_0.pcap %INPUT
 # @TEST-EXEC: btest-diff ssl.log
 # @TEST-EXEC: btest-diff x509.log
+# @TEST-EXEC: bro -r $TRACES/tls/dtls1_2.pcap %INPUT
+# @TEST-EXEC: cp ssl.log ssl1_2.log
+# @TEST-EXEC: cp x509.log x5091_2.log
+# @TEST-EXEC: btest-diff ssl1_2.log
+# @TEST-EXEC: btest-diff x5091_2.log

testing/btest/scripts/base/protocols/ssl/keyexchange.test

@@ -4,6 +4,12 @@
 # @TEST-EXEC: cat ssl.log >> ssl-all.log
 # @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT
 # @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: bro -r $TRACES/tls/tls1_1.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: bro -r $TRACES/tls/dtls1_0.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: bro -r $TRACES/tls/dtls1_2.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
 # @TEST-EXEC: btest-diff ssl-all.log
 
 # Test the new client and server key exchange events.
@@ -28,6 +34,8 @@ export {
 		server_dh_q: string &log &optional;
 		server_dh_Ys: string &log &optional;
 		server_ecdh_point: string &log &optional;
+		server_signature_sig_alg: count &log &optional;
+		server_signature_hash_alg: count &log &optional;
 		server_signature: string &log &optional;
 
 		# ServerCertificate
@@ -91,10 +99,12 @@ event ssl_ecdh_server_params(c: connection, curve: count, point: string) &priori
 	c$ssl$server_ecdh_point = bytestring_to_hexstr(point);
 	}
 
-event ssl_server_signature(c: connection, signed_params: string) &priority=5
+event ssl_server_signature(c: connection, signature_and_hashalgorithm: SSL::SignatureAndHashAlgorithm, signature: string) &priority=5
 	{
 	set_session(c);
-	c$ssl$server_signature = bytestring_to_hexstr(signed_params);
+	c$ssl$server_signature_sig_alg = signature_and_hashalgorithm$SignatureAlgorithm;
+	c$ssl$server_signature_hash_alg = signature_and_hashalgorithm$HashAlgorithm;
+	c$ssl$server_signature = bytestring_to_hexstr(signature);
 	}
 
 event ssl_rsa_client_pms(c: connection, pms: string) &priority=5

testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test

@@ -1,5 +1,15 @@
 # @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT
+#
+# The following file contains a tls 1.0 connection with a SCT in a TLS extension.
+# This is interesting because the digitally-signed struct in TLS 1.0 does not come
+# with a SignatureAndHashAlgorithm structure. The digitally-signed struct in the
+# SCT is, however, based on the TLS 1.2 RFC, no matter which version of TLS one
+# uses in the end. So this one does have a Signature/Hash alg, even if the protocol
+# itself does not carry it in the same struct.
+#
+# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp_tls1_0.pcap %INPUT
 # @TEST-EXEC: btest-diff .stdout
+# @TEST-EXEC: test ! -f dpd.log
 
 export {
 	type LogInfo: record {

testing/btest/scripts/base/protocols/ssl/tls1_1.test

@@ -0,0 +1,6 @@
+# This tests a normal SSL connection and the log it outputs.
+
+# @TEST-EXEC: bro -r $TRACES/tls/tls1_1.pcap %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff x509.log
+# @TEST-EXEC: test ! -f dpd.log