Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add configure option to enable/disable spicy SSL

Browse source 
Spicy SSL is now only enabled when specifying the --enable-spicy-ssl
configure-time option.

This should allow merging this into Zeek on an experimental basis.
This commit is contained in:
Johanna Amann 2024-06-04 14:13:59 +01:00
parent adab894d31
commit 4cce4a4c5f
6 changed files with 131 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

3
ci/test.sh
View file

@ -4,9 +4,6 @@
# The parallelism level when running tests locally is $1 if provided, else
# the value of `nproc` if available, otherwise just a single core.
# just for testing, report success
exit 0
result=0
BTEST=$(pwd)/auxil/btest/btest

3
cmake_templates/zeek-config.h.in
View file

@ -244,6 +244,9 @@
/* Enable/disable ZAM profiling capability */
#cmakedefine ENABLE_ZAM_PROFILE
/* Enable/disable the Spicy SSL analyzer */
#cmakedefine ENABLE_SPICY_SSL
/* String with host architecture (e.g., "linux-x86_64") */
#define HOST_ARCHITECTURE "@HOST_ARCHITECTURE@"

4
configure vendored
View file

@ -69,6 +69,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
--enable-static-broker build Broker statically (ignored if --with-broker is specified)
--enable-werror build with -Werror
--enable-ZAM-profiling build with ZAM profiling enabled (--enable-debug implies this)
--enable-spicy-ssl build with spicy SSL/TLS analyzer (conflicts with --disable-spicy)
--disable-af-packet don't include native AF_PACKET support (Linux only)
--disable-auxtools don't build or install auxiliary tools
--disable-broker-tests don't try to build Broker unit tests
@ -310,6 +311,9 @@ while [ $# -ne 0 ]; do
--enable-ZAM-profiling)
append_cache_entry ENABLE_ZAM_PROFILE BOOL true
;;
--enable-spicy-ssl)
append_cache_entry ENABLE_SPICY_SSL BOOL true
;;
--disable-af-packet)
append_cache_entry DISABLE_AF_PACKET BOOL true
;;

64
src/analyzer/protocol/ssl/CMakeLists.txt
View file

@ -1,37 +1,39 @@
add_subdirectory(spicy)
zeek_add_plugin(
if (NOT ENABLE_SPICY_SSL)
zeek_add_plugin(
Zeek
SSL
SOURCES
# SSL.cc
# DTLS.cc
SSL.cc
DTLS.cc
Plugin.cc
BIFS
# types.bif
# events.bif
types.bif
events.bif
functions.bif
# consts.bif
# PAC
# tls-handshake.pac
# tls-handshake-protocol.pac
# tls-handshake-analyzer.pac
# ssl-defs.pac
# proc-certificate.pac
# tls-handshake-signed_certificate_timestamp.pac
# PAC
# ssl.pac
# ssl-dtls-analyzer.pac
# ssl-analyzer.pac
# ssl-dtls-protocol.pac
# ssl-protocol.pac
# ssl-defs.pac
# proc-certificate.pac
# PAC
# dtls.pac
# ssl-dtls-analyzer.pac
# dtls-analyzer.pac
# ssl-dtls-protocol.pac
# dtls-protocol.pac
# ssl-defs.pac)
)
consts.bif
PAC
tls-handshake.pac
tls-handshake-protocol.pac
tls-handshake-analyzer.pac
ssl-defs.pac
proc-certificate.pac
tls-handshake-signed_certificate_timestamp.pac
PAC
ssl.pac
ssl-dtls-analyzer.pac
ssl-analyzer.pac
ssl-dtls-protocol.pac
ssl-protocol.pac
ssl-defs.pac
proc-certificate.pac
PAC
dtls.pac
ssl-dtls-analyzer.pac
dtls-analyzer.pac
ssl-dtls-protocol.pac
dtls-protocol.pac
ssl-defs.pac)
else ()
add_subdirectory(spicy)
zeek_add_plugin(Zeek SSL SOURCES Plugin.cc BIFS functions.bif)
endif ()

16
src/analyzer/protocol/ssl/Plugin.cc
View file

@ -2,17 +2,23 @@
#include "zeek/plugin/Plugin.h"
// #include "zeek/analyzer/Component.h"
// #include "zeek/analyzer/protocol/ssl/DTLS.h"
// #include "zeek/analyzer/protocol/ssl/SSL.h"
#include "zeek/zeek-config.h"
#ifndef ENABLE_SPICY_SSL
#include "zeek/analyzer/Component.h"
#include "zeek/analyzer/protocol/ssl/DTLS.h"
#include "zeek/analyzer/protocol/ssl/SSL.h"
#endif
namespace zeek::plugin::detail::Zeek_SSL {
class Plugin : public zeek::plugin::Plugin {
public:
zeek::plugin::Configuration Configure() override {
// AddComponent(new zeek::analyzer::Component("SSL", zeek::analyzer::ssl::SSL_Analyzer::Instantiate));
// AddComponent(new zeek::analyzer::Component("DTLS", zeek::analyzer::dtls::DTLS_Analyzer::Instantiate));
#ifndef ENABLE_SPICY_SSL
AddComponent(new zeek::analyzer::Component("SSL", zeek::analyzer::ssl::SSL_Analyzer::Instantiate));
AddComponent(new zeek::analyzer::Component("DTLS", zeek::analyzer::dtls::DTLS_Analyzer::Instantiate));
#endif
zeek::plugin::Configuration config;
config.name = "Zeek::SSL";

135
src/analyzer/protocol/ssl/functions.bif
View file

@ -1,70 +1,83 @@
%%{
#include <openssl/x509.h>
// #include "zeek/analyzer/protocol/ssl/SSL.h"
#include "zeek/Reporter.h"
#include "zeek/zeek-config.h"
#ifndef ENABLE_SPICY_SSL
#include "zeek/analyzer/protocol/ssl/SSL.h"
#endif
%%}
# ## Sets if the SSL analyzer should consider the connection established (handshake
# ## finished successfully).
# ##
# ## c: The SSL connection.
# ##
# ## Returns: T on success, F on failure.
# function set_ssl_established%(c: connection%): bool
# %{
# zeek::analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
#
# if ( sa )
# {
# static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->StartEncryption();
# return zeek::val_mgr->True();
# }
#
# return zeek::val_mgr->False();
# %}
#
# ## Set the secret that should be used to derive keys for the connection.
# ## (For TLS 1.2 this is the pre-master secret).
# ##
# ## c: The affected connection
# ##
# ## secret: secret to set
# ##
# ## Returns: T on success, F on failure.
# function set_secret%(c: connection, secret: string%): bool
# %{
# analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
#
# if ( sa )
# {
# static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->SetSecret(*secret);
# return zeek::val_mgr->True();
# }
#
# return zeek::val_mgr->False();
# %}
#
# ## Set the decryption keys that should be used to decrypt
# ## TLS application data in the connection.
# ##
# ## c: The affected connection
# ##
# ## keys: The key buffer as derived via TLS PRF.
# ##
# ## Returns: T on success, F on failure.
# function set_keys%(c: connection, keys: string%): bool
# %{
# analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
#
# if ( sa )
# {
# static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->SetKeys(*keys);
# return zeek::val_mgr->True();
# }
#
# return zeek::val_mgr->False();
# %}
## Sets if the SSL analyzer should consider the connection established (handshake
## finished successfully).
##
## c: The SSL connection.
##
## Returns: T on success, F on failure.
function set_ssl_established%(c: connection%): bool
%{
#ifndef ENABLE_SPICY_SSL
/* not implemented for spicy ssl */
zeek::analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
if ( sa )
{
static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->StartEncryption();
return zeek::val_mgr->True();
}
#endif
return zeek::val_mgr->False();
%}
## Set the secret that should be used to derive keys for the connection.
## (For TLS 1.2 this is the pre-master secret).
##
## c: The affected connection
##
## secret: secret to set
##
## Returns: T on success, F on failure.
function set_secret%(c: connection, secret: string%): bool
%{
#ifndef ENABLE_SPICY_SSL
/* not implemented for spicy ssl */
analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
if ( sa )
{
static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->SetSecret(*secret);
return zeek::val_mgr->True();
}
#endif
return zeek::val_mgr->False();
%}
## Set the decryption keys that should be used to decrypt
## TLS application data in the connection.
##
## c: The affected connection
##
## keys: The key buffer as derived via TLS PRF.
##
## Returns: T on success, F on failure.
function set_keys%(c: connection, keys: string%): bool
%{
#ifndef ENABLE_SPICY_SSL
/* not implemented for spicy ssl */
analyzer::Analyzer* sa = c->FindAnalyzer("SSL");
if ( sa )
{
static_cast<zeek::analyzer::ssl::SSL_Analyzer*>(sa)->SetKeys(*keys);
return zeek::val_mgr->True();
}
#endif
return zeek::val_mgr->False();
%}
## Decodes a DER-encoded distinguished name into an ASCII string,
## using the RFC2253 representation