mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 12:38:20 +00:00
Merge remote-tracking branch 'origin/topic/johanna/tls-more-data'
* origin/topic/johanna/tls-more-data: Update NEWS for ssl changes. SSL: test updates for record_layer version Final touches to SSL events with record layer version. Introduce ssl_plaintext_data event. Add record layer version to event ssl_encrypted_data. Add compression methods to ssl_client_hello event.
This commit is contained in:
Jon Siwek
commit
7e6fc58ab4
36 changed files with 333 additions and 132 deletions
14
testing/btest/scripts/base/protocols/ssl/comp_methods.test
Normal file
14
testing/btest/scripts/base/protocols/ssl/comp_methods.test
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
# This tests that the values sent for compression methods are correct.
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
|
||||
{
|
||||
print comp_methods;
|
||||
}
|
||||
|
||||
event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count)
|
||||
{
|
||||
print comp_method;
|
||||
}
|
||||
|
|
@ -14,7 +14,7 @@ event bro_init()
|
|||
print "Start test run";
|
||||
}
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) &priority=5
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5
|
||||
{
|
||||
print "Client hello", c$id$orig_h, c$id$resp_h, version;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
# @TEST-EXEC: touch dpd.log
|
||||
# @TEST-EXEC: btest-diff dpd.log
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec)
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
|
||||
{
|
||||
print version, client_random, session_id, ciphers;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,7 +22,12 @@ event ssl_change_cipher_spec(c: connection, is_orig: bool)
|
|||
print "CCS", c$id$orig_h, c$id$resp_h, is_orig;
|
||||
}
|
||||
|
||||
event ssl_encrypted_data(c: connection, is_orig: bool, content_type: count, length: count)
|
||||
event ssl_plaintext_data(c: connection, is_orig: bool, record_version: count, content_type: count, length: count)
|
||||
{
|
||||
print "Encrypted data", c$id$orig_h, c$id$resp_h, is_orig, content_type, length;
|
||||
print "Plaintext data", c$id$orig_h, c$id$resp_h, is_orig, SSL::version_strings[record_version], content_type, length;
|
||||
}
|
||||
|
||||
event ssl_encrypted_data(c: connection, is_orig: bool, record_version: count, content_type: count, length: count)
|
||||
{
|
||||
print "Encrypted data", c$id$orig_h, c$id$resp_h, is_orig, SSL::version_strings[record_version], content_type, length;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,10 +23,12 @@ module SSL;
|
|||
export {
|
||||
redef record Info += {
|
||||
# ClientHello
|
||||
client_record_version: string &log &optional;
|
||||
client_random: string &log &optional;
|
||||
client_cipher_suites: string &log &optional;
|
||||
|
||||
# ServerHello
|
||||
server_record_version: string &log &optional;
|
||||
server_random: string &log &optional;
|
||||
|
||||
# ServerKeyExchange
|
||||
|
|
@ -62,10 +64,11 @@ event ssl_established(c: connection) &priority=5
|
|||
c$ssl$server_cert_sha1 = c$ssl$cert_chain[0]$sha1;
|
||||
}
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) &priority=5
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5
|
||||
{
|
||||
set_session(c);
|
||||
c$ssl$client_random = bytestring_to_hexstr(client_random);
|
||||
c$ssl$client_record_version = SSL::version_strings[record_version];
|
||||
|
||||
local ciphers_str = "";
|
||||
for (i in ciphers)
|
||||
|
|
@ -79,10 +82,11 @@ event ssl_client_hello(c: connection, version: count, possible_ts: time, client_
|
|||
c$ssl$client_cipher_suites = ciphers_str;
|
||||
}
|
||||
|
||||
event ssl_server_hello(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=5
|
||||
event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=5
|
||||
{
|
||||
set_session(c);
|
||||
c$ssl$server_random = bytestring_to_hexstr(server_random);
|
||||
c$ssl$server_record_version = SSL::version_strings[record_version];
|
||||
}
|
||||
|
||||
event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) &priority=5
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec)
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
|
||||
{
|
||||
print fmt("Got %d cipher suites", |ciphers|);
|
||||
for ( i in ciphers )
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec)
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
|
||||
{
|
||||
print client_random;
|
||||
}
|
||||
|
||||
event ssl_server_hello(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count)
|
||||
|
||||
event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count)
|
||||
{
|
||||
print server_random;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,14 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff x509.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5
|
||||
{
|
||||
print "client", SSL::version_strings[record_version], SSL::version_strings[version];
|
||||
}
|
||||
|
||||
event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=5
|
||||
{
|
||||
print "server", SSL::version_strings[record_version], SSL::version_strings[version];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@
|
|||
# @TEST-EXEC: btest-diff ssl-out.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
redef SSL::disable_analyzer_after_detection=F;
|
||||
|
||||
event ssl_extension_key_share(c: connection, is_orig: bool, curves: index_vec)
|
||||
{
|
||||
print "key_share", c$id, is_orig;
|
||||
|
|
@ -23,7 +25,17 @@ event ssl_established(c: connection)
|
|||
print "established", c$id;
|
||||
}
|
||||
|
||||
event ssl_encrypted_data(c: connection, is_orig: bool, content_type: count, length: count)
|
||||
event ssl_encrypted_data(c: connection, is_orig: bool, record_version: count, content_type: count, length: count)
|
||||
{
|
||||
print "encrypted", c$id, is_orig, content_type;
|
||||
print "encrypted", c$id, is_orig, SSL::version_strings[record_version], content_type;
|
||||
}
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5
|
||||
{
|
||||
print "client", SSL::version_strings[record_version], SSL::version_strings[version];
|
||||
}
|
||||
|
||||
event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=5
|
||||
{
|
||||
print "server", SSL::version_strings[record_version], SSL::version_strings[version];
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue