Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add configure option to enable/disable spicy SSL

Browse source 
Spicy SSL is now only enabled when specifying the --enable-spicy-ssl
configure-time option.

This should allow merging this into Zeek on an experimental basis.
This commit is contained in:
Johanna Amann 2024-06-04 14:13:59 +01:00
parent adab894d31
commit 4cce4a4c5f
6 changed files with 131 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

3
ci/test.sh
View file

@ -4,9 +4,6 @@
# The parallelism level when running tests locally is $1 if provided, else # The parallelism level when running tests locally is $1 if provided, else
# the value of `nproc` if available, otherwise just a single core. # the value of `nproc` if available, otherwise just a single core.
# just for testing, report success
exit 0
result=0 result=0
BTEST=$(pwd)/auxil/btest/btest BTEST=$(pwd)/auxil/btest/btest

3
cmake_templates/zeek-config.h.in
View file

@ -244,6 +244,9 @@
/* Enable/disable ZAM profiling capability */ /* Enable/disable ZAM profiling capability */
#cmakedefine ENABLE_ZAM_PROFILE #cmakedefine ENABLE_ZAM_PROFILE
/* Enable/disable the Spicy SSL analyzer */
#cmakedefine ENABLE_SPICY_SSL
/* String with host architecture (e.g., "linux-x86_64") */ /* String with host architecture (e.g., "linux-x86_64") */
#define HOST_ARCHITECTURE "@HOST_ARCHITECTURE@" #define HOST_ARCHITECTURE "@HOST_ARCHITECTURE@"

4
configure vendored
View file

@ -69,6 +69,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
--enable-static-broker build Broker statically (ignored if --with-broker is specified) --enable-static-broker build Broker statically (ignored if --with-broker is specified)
--enable-werror build with -Werror --enable-werror build with -Werror
--enable-ZAM-profiling build with ZAM profiling enabled (--enable-debug implies this) --enable-ZAM-profiling build with ZAM profiling enabled (--enable-debug implies this)
--enable-spicy-ssl build with spicy SSL/TLS analyzer (conflicts with --disable-spicy)
--disable-af-packet don't include native AF_PACKET support (Linux only) --disable-af-packet don't include native AF_PACKET support (Linux only)
--disable-auxtools don't build or install auxiliary tools --disable-auxtools don't build or install auxiliary tools
--disable-broker-tests don't try to build Broker unit tests --disable-broker-tests don't try to build Broker unit tests
@ -310,6 +311,9 @@ while [ $# -ne 0 ]; do
--enable-ZAM-profiling) --enable-ZAM-profiling)
append_cache_entry ENABLE_ZAM_PROFILE BOOL true append_cache_entry ENABLE_ZAM_PROFILE BOOL true
;; ;;
--enable-spicy-ssl)
append_cache_entry ENABLE_SPICY_SSL BOOL true
;;
--disable-af-packet) --disable-af-packet)
append_cache_entry DISABLE_AF_PACKET BOOL true append_cache_entry DISABLE_AF_PACKET BOOL true
;; ;;

76
src/analyzer/protocol/ssl/CMakeLists.txt
View file

@ -1,37 +1,39 @@
add_subdirectory(spicy) if (NOT ENABLE_SPICY_SSL)
zeek_add_plugin(
zeek_add_plugin( Zeek
Zeek SSL
SSL SOURCES
SOURCES SSL.cc
# SSL.cc DTLS.cc
# DTLS.cc Plugin.cc
Plugin.cc BIFS
BIFS types.bif
# types.bif events.bif
# events.bif functions.bif
functions.bif consts.bif
# consts.bif PAC
# PAC tls-handshake.pac
# tls-handshake.pac tls-handshake-protocol.pac
# tls-handshake-protocol.pac tls-handshake-analyzer.pac
# tls-handshake-analyzer.pac ssl-defs.pac
# ssl-defs.pac proc-certificate.pac
# proc-certificate.pac tls-handshake-signed_certificate_timestamp.pac
# tls-handshake-signed_certificate_timestamp.pac PAC
# PAC ssl.pac
# ssl.pac ssl-dtls-analyzer.pac
# ssl-dtls-analyzer.pac ssl-analyzer.pac
# ssl-analyzer.pac ssl-dtls-protocol.pac
# ssl-dtls-protocol.pac ssl-protocol.pac
# ssl-protocol.pac ssl-defs.pac
# ssl-defs.pac proc-certificate.pac
# proc-certificate.pac PAC
# PAC dtls.pac
# dtls.pac ssl-dtls-analyzer.pac
# ssl-dtls-analyzer.pac dtls-analyzer.pac
# dtls-analyzer.pac ssl-dtls-protocol.pac
# ssl-dtls-protocol.pac dtls-protocol.pac
# dtls-protocol.pac ssl-defs.pac)
# ssl-defs.pac) else ()
) add_subdirectory(spicy)
zeek_add_plugin(Zeek SSL SOURCES Plugin.cc BIFS functions.bif)
endif ()

16
src/analyzer/protocol/ssl/Plugin.cc
View file

@ -2,17 +2,23 @@
#include "zeek/plugin/Plugin.h" #include "zeek/plugin/Plugin.h"
// #include "zeek/analyzer/Component.h" #include "zeek/zeek-config.h"
// #include "zeek/analyzer/protocol/ssl/DTLS.h"
// #include "zeek/analyzer/protocol/ssl/SSL.h" #ifndef ENABLE_SPICY_SSL
#include "zeek/analyzer/Component.h"
#include "zeek/analyzer/protocol/ssl/DTLS.h"
#include "zeek/analyzer/protocol/ssl/SSL.h"
#endif
namespace zeek::plugin::detail::Zeek_SSL { namespace zeek::plugin::detail::Zeek_SSL {
class Plugin : public zeek::plugin::Plugin { class Plugin : public zeek::plugin::Plugin {
public: public:
zeek::plugin::Configuration Configure() override { zeek::plugin::Configuration Configure() override {
// AddComponent(new zeek::analyzer::Component("SSL", zeek::analyzer::ssl::SSL_Analyzer::Instantiate)); #ifndef ENABLE_SPICY_SSL
// AddComponent(new zeek::analyzer::Component("DTLS", zeek::analyzer::dtls::DTLS_Analyzer::Instantiate)); AddComponent(new zeek::analyzer::Component("SSL", zeek::analyzer::ssl::SSL_Analyzer::Instantiate));
AddComponent(new zeek::analyzer::Component("DTLS", zeek::analyzer::dtls::DTLS_Analyzer::Instantiate));
#endif
zeek::plugin::Configuration config; zeek::plugin::Configuration config;
config.name = "Zeek::SSL"; config.name = "Zeek::SSL";

135
src/analyzer/protocol/ssl/functions.bif
View file

@ -1,70 +1,83 @@
%%{ %%{
#include <openssl/x509.h> #include <openssl/x509.h>
// #include "zeek/analyzer/protocol/ssl/SSL.h"
#include "zeek/Reporter.h" #include "zeek/Reporter.h"
#include "zeek/zeek-config.h"
#ifndef ENABLE_SPICY_SSL
#include "zeek/analyzer/protocol/ssl/SSL.h"
#endif
%%} %%}
# ## Sets if the SSL analyzer should consider the connection established (handshake ## Sets if the SSL analyzer should consider the connection established (handshake
# ## finished successfully). ## finished successfully).
# ## ##
# ## c: The SSL connection. ## c: The SSL connection.
# ## ##
# ## Returns: T on success, F on failure. ## Returns: T on success, F on failure.
# function set_ssl_established%(c: connection%): bool function set_ssl_established%(c: connection%): bool
# %{ %{
# zeek::analyzer::Analyzer* sa = c->FindAnalyzer("SSL"); #ifndef ENABLE_SPICY_SSL
# /* not implemented for spicy ssl */
# if ( sa ) zeek::analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
# {
# static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->StartEncryption(); if ( sa )
# return zeek::val_mgr->True(); {
# } static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->StartEncryption();
# return zeek::val_mgr->True();
# return zeek::val_mgr->False(); }
# %} #endif
#
# ## Set the secret that should be used to derive keys for the connection. return zeek::val_mgr->False();
# ## (For TLS 1.2 this is the pre-master secret). %}
# ##
# ## c: The affected connection ## Set the secret that should be used to derive keys for the connection.
# ## ## (For TLS 1.2 this is the pre-master secret).
# ## secret: secret to set ##
# ## ## c: The affected connection
# ## Returns: T on success, F on failure. ##
# function set_secret%(c: connection, secret: string%): bool ## secret: secret to set
# %{ ##
# analyzer::Analyzer* sa = c->FindAnalyzer("SSL"); ## Returns: T on success, F on failure.
# function set_secret%(c: connection, secret: string%): bool
# if ( sa ) %{
# { #ifndef ENABLE_SPICY_SSL
# static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->SetSecret(*secret); /* not implemented for spicy ssl */
# return zeek::val_mgr->True(); analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
# }
# if ( sa )
# return zeek::val_mgr->False(); {
# %} static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->SetSecret(*secret);
# return zeek::val_mgr->True();
# ## Set the decryption keys that should be used to decrypt }
# ## TLS application data in the connection. #endif
# ##
# ## c: The affected connection return zeek::val_mgr->False();
# ## %}
# ## keys: The key buffer as derived via TLS PRF.
# ## ## Set the decryption keys that should be used to decrypt
# ## Returns: T on success, F on failure. ## TLS application data in the connection.
# function set_keys%(c: connection, keys: string%): bool ##
# %{ ## c: The affected connection
# analyzer::Analyzer* sa = c->FindAnalyzer("SSL"); ##
# ## keys: The key buffer as derived via TLS PRF.
# if ( sa ) ##
# { ## Returns: T on success, F on failure.
# static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->SetKeys(*keys); function set_keys%(c: connection, keys: string%): bool
# return zeek::val_mgr->True(); %{
# } #ifndef ENABLE_SPICY_SSL
# /* not implemented for spicy ssl */
# return zeek::val_mgr->False(); analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
# %}
if ( sa )
{
static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->SetKeys(*keys);
return zeek::val_mgr->True();
}
#endif
return zeek::val_mgr->False();
%}
## Decodes a DER-encoded distinguished name into an ASCII string, ## Decodes a DER-encoded distinguished name into an ASCII string,
## using the RFC2253 representation ## using the RFC2253 representation