From 597c373fa0b947ee2da2c5e4a65dcdf5f0c5b40e Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Sat, 26 Apr 2014 09:48:36 -0700 Subject: [PATCH 1/6] Log chosen curve when using ec cipher suite in TLS. --- scripts/base/protocols/ssl/main.bro | 9 + src/analyzer/protocol/ssl/events.bif | 20 +- src/analyzer/protocol/ssl/ssl-analyzer.pac | 13 + src/analyzer/protocol/ssl/ssl-defs.pac | 352 ++++++++++++++++++ src/analyzer/protocol/ssl/ssl-protocol.pac | 60 ++- .../ssl.log | 12 +- .../scripts.base.protocols.ssl.basic/ssl.log | 10 +- .../scripts.base.protocols.ssl.ecdhe/ssl.log | 10 + .../scripts.base.protocols.ssl.ecdhe/x509.log | 12 + .../ssl.log | 10 +- .../ssl.log | 10 +- .../ssl.log | 12 +- .../ssl.log | 12 +- testing/btest/Traces/tls/ecdhe.pcap | Bin 0 -> 7510 bytes .../scripts/base/protocols/ssl/ecdhe.test | 3 + 15 files changed, 505 insertions(+), 40 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/ssl.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/x509.log create mode 100644 testing/btest/Traces/tls/ecdhe.pcap create mode 100644 testing/btest/scripts/base/protocols/ssl/ecdhe.test diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index e3c3320f74..f1315f8c85 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -19,6 +19,8 @@ export { version: string &log &optional; ## SSL/TLS cipher suite that the server chose. cipher: string &log &optional; + ## Elliptic curve the server chose when using ECDH/ECDHE. + curve: string &log &optional; ## Value of the Server Name Indicator SSL/TLS extension. It ## indicates the server name that the client was requesting. server_name: string &log &optional; @@ -159,6 +161,13 @@ event ssl_server_hello(c: connection, version: count, possible_ts: time, server_ c$ssl$cipher = cipher_desc[cipher]; } +event ssl_server_curve(c: connection, curve: count) &priority=5 + { + set_session(c); + + c$ssl$curve = ec_curves[curve]; + } + event ssl_extension_server_name(c: connection, is_orig: bool, names: string_vec) &priority=5 { set_session(c); diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 555168e82f..54bb0715d2 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -58,7 +58,7 @@ event ssl_client_hello%(c: connection, version: count, possible_ts: time, client ## standardized as part of the SSL/TLS protocol. ## ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension -## ssl_session_ticket_handshake x509_certificate +## ssl_session_ticket_handshake x509_certificate ssl_server_curve event ssl_server_hello%(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count%); ## Generated for SSL/TLS extensions seen in an initial handshake. SSL/TLS @@ -97,7 +97,7 @@ event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%); ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_ec_point_formats ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name +## ssl_extension_server_name ssl_server_curve event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index_vec%); ## Generated for an SSL/TLS Supported Point Formats extension. This TLS extension @@ -114,9 +114,23 @@ event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello ## ssl_session_ticket_handshake ssl_extension ## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation -## ssl_extension_server_name +## ssl_extension_server_name ssl_server_curve event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_formats: index_vec%); +## Generated a named curve is chosen by the server for the SSL/TLS connection. The +## curve is sent by the server in the ServerKeyExchange message as defined in +## :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen. +## +## c: The connection. +## +## point_formats: List of supported point formats. +## +## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## ssl_session_ticket_handshake ssl_extension +## ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation +## ssl_extension_server_name +event ssl_server_curve%(c: connection, curve: count%); + ## Generated for an SSL/TLS Application-Layer Protocol Negotiation extension. ## This TLS extension is defined in draft-ietf-tls-applayerprotoneg and sent in ## the initial handshake. It contains the list of client supported application diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac index 62300557da..071edf2eac 100644 --- a/src/analyzer/protocol/ssl/ssl-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac @@ -400,6 +400,15 @@ refine connection SSL_Conn += { return true; %} + + function proc_ec_server_key_exchange(rec: SSLRecord, curve_type: uint8, curve: uint16) : bool + %{ + if ( curve_type == NAMED_CURVE ) + BifEvent::generate_ssl_server_curve(bro_analyzer(), + bro_analyzer()->Conn(), curve); + + return true; + %} }; refine typeattr Alert += &let { @@ -488,3 +497,7 @@ refine typeattr ServerNameExt += &let { refine typeattr CertificateStatus += &let { proc : bool = $context.connection.proc_certificate_status(rec, status_type, response); }; + +refine typeattr EcServerKeyExchange += &let { + proc : bool = $context.connection.proc_ec_server_key_exchange(rec, curve_type, curve); +}; diff --git a/src/analyzer/protocol/ssl/ssl-defs.pac b/src/analyzer/protocol/ssl/ssl-defs.pac index 24827d3621..2b55e53b25 100644 --- a/src/analyzer/protocol/ssl/ssl-defs.pac +++ b/src/analyzer/protocol/ssl/ssl-defs.pac @@ -60,3 +60,355 @@ enum SSLExtensions { EXT_PADDING = 35655, EXT_RENEGOTIATION_INFO = 65281 }; + +enum ECCurveType { + EXPLICIT_PRIME = 1, + EXPLICIT_CHAR = 2, + NAMED_CURVE = 3 +}; + +enum TLSCiphers { + NO_CHOSEN_CIPHER = 0xFFFFFF, + TLS_NULL_WITH_NULL_NULL = 0x0000, + TLS_RSA_WITH_NULL_MD5 = 0x0001, + TLS_RSA_WITH_NULL_SHA = 0x0002, + TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003, + TLS_RSA_WITH_RC4_128_MD5 = 0x0004, + TLS_RSA_WITH_RC4_128_SHA = 0x0005, + TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006, + TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007, + TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008, + TLS_RSA_WITH_DES_CBC_SHA = 0x0009, + TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, + TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B, + TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C, + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D, + TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E, + TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F, + TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010, + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011, + TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, + TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017, + TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019, + TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A, + TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B, + TLS_KRB5_WITH_DES_CBC_SHA = 0x001E, + TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F, + TLS_KRB5_WITH_RC4_128_SHA = 0x0020, + TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021, + TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022, + TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023, + TLS_KRB5_WITH_RC4_128_MD5 = 0x0024, + TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027, + TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028, + TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029, + TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A, + TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B, + TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, + TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030, + TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, + TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034, + TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, + TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, + TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, + TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A, + TLS_RSA_WITH_NULL_SHA256 = 0x003B, + TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, + TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, + TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E, + TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041, + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042, + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045, + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046, + TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060, + TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061, + TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062, + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063, + TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064, + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065, + TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, + TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068, + TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, + TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C, + TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D, + # draft-ietf-tls-openpgp-keys-06 + TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD = 0x0072, + TLS_DHE_DSS_WITH_AES_128_CBC_RMD = 0x0073, + TLS_DHE_DSS_WITH_AES_256_CBC_RMD = 0x0074, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD = 0x0077, + TLS_DHE_RSA_WITH_AES_128_CBC_RMD = 0x0078, + TLS_DHE_RSA_WITH_AES_256_CBC_RMD = 0x0079, + TLS_RSA_WITH_3DES_EDE_CBC_RMD = 0x007C, + TLS_RSA_WITH_AES_128_CBC_RMD = 0x007D, + TLS_RSA_WITH_AES_256_CBC_RMD = 0x007E, + # draft-chudov-cryptopro-cptls-04 + TLS_GOSTR341094_WITH_28147_CNT_IMIT = 0x0080, + TLS_GOSTR341001_WITH_28147_CNT_IMIT = 0x0081, + TLS_GOSTR341094_WITH_NULL_GOSTR3411 = 0x0082, + TLS_GOSTR341001_WITH_NULL_GOSTR3411 = 0x0083, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084, + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085, + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088, + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089, + TLS_PSK_WITH_RC4_128_SHA = 0x008A, + TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, + TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, + TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, + TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E, + TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, + TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092, + TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095, + TLS_RSA_WITH_SEED_CBC_SHA = 0x0096, + TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097, + TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098, + TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099, + TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A, + TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B, + TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, + TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, + TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0, + TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, + TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4, + TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5, + TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6, + TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7, + TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, + TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB, + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC, + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD, + TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, + TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, + TLS_PSK_WITH_NULL_SHA256 = 0x00B0, + TLS_PSK_WITH_NULL_SHA384 = 0x00B1, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3, + TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4, + TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5, + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6, + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7, + TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8, + TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9, + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA, + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB, + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE, + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0, + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1, + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4, + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5, + # draft-bmoeller-tls-downgrade-scsv-01 + TLS_FALLBACK_SCSV = 0x5600, + # RFC 4492 + TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001, + TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005, + TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, + TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B, + TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F, + TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010, + TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, + TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015, + TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016, + TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017, + TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018, + TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019, + TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A, + TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B, + TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C, + TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D, + TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E, + TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F, + TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020, + TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021, + TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C, + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D, + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030, + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031, + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032, + TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033, + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038, + TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039, + TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A, + TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B, + # RFC 6209 + TLS_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC03C, + TLS_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC03D, + TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC03E, + TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC03F, + TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC040, + TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC041, + TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC042, + TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC043, + TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC044, + TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC045, + TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256 = 0xC046, + TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384 = 0xC047, + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC048, + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC049, + TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC04A, + TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC04B, + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04C, + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04D, + TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04E, + TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04F, + TLS_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC050, + TLS_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC051, + TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC052, + TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC053, + TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC054, + TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC055, + TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056, + TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057, + TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC058, + TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC059, + TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256 = 0xC05A, + TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384 = 0xC05B, + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05C, + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05D, + TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05E, + TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05F, + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC060, + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC061, + TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC062, + TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC063, + TLS_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC064, + TLS_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC065, + TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC066, + TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC067, + TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC068, + TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC069, + TLS_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06A, + TLS_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06B, + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06C, + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06D, + TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06E, + TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06F, + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC070, + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC071, + # RFC 6367 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC072, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC073, + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC074, + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC075, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC076, + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC077, + TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC078, + TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC079, + TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07A, + TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07B, + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07C, + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07D, + TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07E, + TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07F, + TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080, + TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081, + TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC082, + TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC083, + TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256 = 0xC084, + TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 = 0xC085, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087, + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC088, + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC089, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08A, + TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08B, + TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08C, + TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08D, + TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08E, + TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08F, + TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090, + TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091, + TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC092, + TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC093, + TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC094, + TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC095, + TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC096, + TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC097, + TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC098, + TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC099, + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC09A, + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC09B, + # RFC 6655 + TLS_RSA_WITH_AES_128_CCM = 0xC09C, + TLS_RSA_WITH_AES_256_CCM = 0xC09D, + TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E, + TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F, + TLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0, + TLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1, + TLS_DHE_RSA_WITH_AES_128_CCM_8 = 0xC0A2, + TLS_DHE_RSA_WITH_AES_256_CCM_8 = 0xC0A3, + TLS_PSK_WITH_AES_128_CCM = 0xC0A4, + TLS_PSK_WITH_AES_256_CCM = 0xC0A5, + TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6, + TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7, + TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8, + TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9, + TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA, + TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB, + # draft-agl-tls-chacha20poly1305-02 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC13, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC15 +}; diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index a3729826c4..a44516dc6b 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -302,9 +302,11 @@ type ServerHello(rec: SSLRecord) = record { # of the following fields. ext_len: uint16[] &until($element == 0 || $element != 0); extensions : SSLExtension(rec)[] &until($input.length() == 0); +} &let { + cipher_set : bool = + $context.connection.set_cipher(cipher_suite[0]); }; - ###################################################################### # V2 Server Hello (SSLv2 2.6.) ###################################################################### @@ -351,11 +353,51 @@ type CertificateStatus(rec: SSLRecord) = record { # V3 Server Key Exchange Message (7.4.3.) ###################################################################### -# For now ignore details; just eat up complete message -type ServerKeyExchange(rec: SSLRecord) = record { - key : bytestring &restofdata &transient; +# Usually, the server key exchange does not contain any information +# that we are interested in. +# +# The one exception is when we are using an elliptic curve cipher suite. +# In this case, we can extract the final chosen cipher from here. +type ServerKeyExchange(rec: SSLRecord) = case $context.connection.chosen_cipher() of { + TLS_ECDH_ECDSA_WITH_NULL_SHA, + TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_NULL_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_RSA_WITH_NULL_SHA, + TLS_ECDH_RSA_WITH_RC4_128_SHA, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_NULL_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_ANON_WITH_NULL_SHA, + TLS_ECDH_ANON_WITH_RC4_128_SHA, + TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ANON_WITH_AES_128_CBC_SHA, + TLS_ECDH_ANON_WITH_AES_256_CBC_SHA + -> ec_server_key_exchange : EcServerKeyExchange(rec); + + default + -> key : bytestring &restofdata &transient; }; +# For the moment, we really only are interested in the curve name. If it +# is not set (if the server sends explicit parameters), we do not bother. +# We also do not parse the actual signature data following the named curve. +type EcServerKeyExchange(rec: SSLRecord) = record { + curve_type: uint8; + curve: uint16; # only if curve_type = 3 + data: bytestring &restofdata &transient; +}; ###################################################################### # V3 Certificate Request (7.4.4.) @@ -501,14 +543,24 @@ refine connection SSL_Conn += { int client_state_; int server_state_; int record_layer_version_; + uint32 chosen_cipher_; %} %init{ server_state_ = STATE_CLEAR; client_state_ = STATE_CLEAR; record_layer_version_ = UNKNOWN_VERSION; + chosen_cipher_ = NO_CHOSEN_CIPHER; %} + function chosen_cipher() : int %{ return chosen_cipher_; %} + + function set_cipher(cipher: int64) : bool + %{ + chosen_cipher_ = cipher; + return true; + %} + function determine_ssl_record_layer(head0 : uint8, head1 : uint8, head2 : uint8, head3: uint8, head4: uint8) : int %{ diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log index 3b04596f6f..5fb15d53ae 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path ssl -#open 2014-03-13-20-45-24 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer -#types time string addr port addr port string string string string string bool vector[string] vector[string] string string string string -1348168976.508038 CXWv6p3arKYeMETxOg 192.168.57.103 60108 192.168.57.101 2811 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - - T FBtbj87tgpyeDSj31,F8TfgZ31c1dFu8Kt2k FVNYOh2BeQBb7MpCPe,FwjBou1e5DbpE0eOgk,FbYQmk4x4M4Bx3PZme CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid -1348168976.551422 CjhGID4nQcgTWjvg4c 192.168.57.103 35391 192.168.57.101 55968 TLSv10 TLS_RSA_WITH_NULL_SHA - - - T F4SSqN31HDIrrH5Q8h,FJHp5Pf6VLQsRQK3,FHACqa3dX9BXRV2av,FNnDVT1NURRWeoLLN3 FFWYVj4BcvQb35WIaf,Fj16G835fnJgnVlKU6,FGONoc1Nj0Ka5zlxDa CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid -#close 2014-03-13-20-45-24 +#open 2014-04-26-16-44-47 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string string string bool vector[string] vector[string] string string string string +1348168976.508038 CXWv6p3arKYeMETxOg 192.168.57.103 60108 192.168.57.101 2811 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - - - T FBtbj87tgpyeDSj31,F8TfgZ31c1dFu8Kt2k FVNYOh2BeQBb7MpCPe,FwjBou1e5DbpE0eOgk,FbYQmk4x4M4Bx3PZme CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid +1348168976.551422 CjhGID4nQcgTWjvg4c 192.168.57.103 35391 192.168.57.101 55968 TLSv10 TLS_RSA_WITH_NULL_SHA - - - - T F4SSqN31HDIrrH5Q8h,FJHp5Pf6VLQsRQK3,FHACqa3dX9BXRV2av,FNnDVT1NURRWeoLLN3 FFWYVj4BcvQb35WIaf,Fj16G835fnJgnVlKU6,FGONoc1Nj0Ka5zlxDa CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid +#close 2014-04-26-16-44-47 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log index 455d8606e8..7834e74868 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path ssl -#open 2014-03-13-20-45-46 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer -#types time string addr port addr port string string string string string bool vector[string] vector[string] string string string string -1335538392.319381 CXWv6p3arKYeMETxOg 192.168.1.105 62045 74.125.224.79 443 TLSv10 TLS_ECDHE_RSA_WITH_RC4_128_SHA ssl.gstatic.com - - T F6wfNWn8LR755SYo7,FJl60T1mOolaez9T0h (empty) CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US - - -#close 2014-03-13-20-45-46 +#open 2014-04-26-16-45-01 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string string string bool vector[string] vector[string] string string string string +1335538392.319381 CXWv6p3arKYeMETxOg 192.168.1.105 62045 74.125.224.79 443 TLSv10 TLS_ECDHE_RSA_WITH_RC4_128_SHA secp256r1 ssl.gstatic.com - - T F6wfNWn8LR755SYo7,FJl60T1mOolaez9T0h (empty) CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US - - +#close 2014-04-26-16-45-01 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/ssl.log new file mode 100644 index 0000000000..66ea42be70 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/ssl.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2014-04-26-16-39-57 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string string string bool vector[string] vector[string] string string string string +1398529018.678827 CXWv6p3arKYeMETxOg 192.168.18.50 56981 74.125.239.97 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - - - T FDy6ve1m58lwPRfhE9,FnGjwc1EVGk5x0WZk5,F2T07R1XZFCmeWafv2 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - +#close 2014-04-26-16-39-57 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/x509.log b/testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/x509.log new file mode 100644 index 0000000000..e8813fb60a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/x509.log @@ -0,0 +1,12 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path x509 +#open 2014-04-26-16-39-57 +#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len +#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count +1398529018.711296 FDy6ve1m58lwPRfhE9 3 1E58FDC12DE4C703 CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US 1397045108.000000 1404777600.000000 rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - *.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com - - - F - +1398529018.711296 FnGjwc1EVGk5x0WZk5 3 023A69 CN=Google Internet Authority G2,O=Google Inc,C=US CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US 1365174955.000000 1428160555.000000 rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T 0 +1398529018.711296 F2T07R1XZFCmeWafv2 3 12BBE6 CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US OU=Equifax Secure Certificate Authority,O=Equifax,C=US 1021953600.000000 1534824000.000000 rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - +#close 2014-04-26-16-39-57 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-handshake-failure/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-handshake-failure/ssl.log index 88f3c2126e..082106e89e 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-handshake-failure/ssl.log +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-handshake-failure/ssl.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path ssl -#open 2014-03-13-20-46-30 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer -#types time string addr port addr port string string string string string bool vector[string] vector[string] string string string string -1393957586.786031 CXWv6p3arKYeMETxOg 192.168.4.149 53525 74.125.239.37 443 - - - - handshake_failure F - - - - - - -#close 2014-03-13-20-46-30 +#open 2014-04-26-16-45-16 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string string string bool vector[string] vector[string] string string string string +1393957586.786031 CXWv6p3arKYeMETxOg 192.168.4.149 53525 74.125.239.37 443 - - - - - handshake_failure F - - - - - - +#close 2014-04-26-16-45-16 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/ssl.log index 0bb8b5810d..ab1345d0cc 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/ssl.log +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/ssl.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path ssl -#open 2014-03-13-20-46-09 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer -#types time string addr port addr port string string string string string bool vector[string] vector[string] string string string string -1357328848.549370 CXWv6p3arKYeMETxOg 10.0.0.80 56637 68.233.76.12 443 TLSv12 TLS_RSA_WITH_RC4_128_MD5 - - - T FlnQzb2dJK4p9jXwmd,FaDzX22O4j3kFF6Jqg,F9Tsjm3OdCmGGw43Yh (empty) CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - - -#close 2014-03-13-20-46-09 +#open 2014-04-26-16-45-09 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string string string bool vector[string] vector[string] string string string string +1357328848.549370 CXWv6p3arKYeMETxOg 10.0.0.80 56637 68.233.76.12 443 TLSv12 TLS_RSA_WITH_RC4_128_MD5 - - - - T FlnQzb2dJK4p9jXwmd,FaDzX22O4j3kFF6Jqg,F9Tsjm3OdCmGGw43Yh (empty) CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - - +#close 2014-04-26-16-45-09 diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log index ec0a90929b..da805fd35d 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log +++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path ssl -#open 2014-03-13-21-47-24 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer -#types time string addr port addr port string string string string string bool vector[string] vector[string] string string string string -1394747126.855035 CXWv6p3arKYeMETxOg 192.168.4.149 60623 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - - T FlaIzV19yTmBYwWwc6,F0BeiV3cMsGkNML0P2,F6PfYi2WUoPdIJrhpg (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - -1394747129.505622 CjhGID4nQcgTWjvg4c 192.168.4.149 60624 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - - T FOye6a4kt8a7QChqw3,FytlLr3jOQenFAVtYi,FEmnxy4DGbxkmtQJS1 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - -#close 2014-03-13-21-47-24 +#open 2014-04-26-16-45-23 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string string string bool vector[string] vector[string] string string string string +1394747126.855035 CXWv6p3arKYeMETxOg 192.168.4.149 60623 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - - - T FlaIzV19yTmBYwWwc6,F0BeiV3cMsGkNML0P2,F6PfYi2WUoPdIJrhpg (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - +1394747129.505622 CjhGID4nQcgTWjvg4c 192.168.4.149 60624 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - - - T FOye6a4kt8a7QChqw3,FytlLr3jOQenFAVtYi,FEmnxy4DGbxkmtQJS1 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - +#close 2014-04-26-16-45-23 diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log index 16fcee9111..7965e3be89 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log +++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path ssl -#open 2014-03-13-21-53-03 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status -#types time string addr port addr port string string string string string bool vector[string] vector[string] string string string string string -1394745602.951961 CXWv6p3arKYeMETxOg 192.168.4.149 60539 87.98.220.10 443 TLSv10 TLS_DHE_RSA_WITH_AES_256_CBC_SHA - - - T F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl (empty) CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - - certificate has expired -1394745618.791420 CjhGID4nQcgTWjvg4c 192.168.4.149 60540 122.1.240.204 443 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - - T F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h (empty) CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US - - ok -#close 2014-03-13-21-53-03 +#open 2014-04-26-16-45-32 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status +#types time string addr port addr port string string string string string string bool vector[string] vector[string] string string string string string +1394745602.951961 CXWv6p3arKYeMETxOg 192.168.4.149 60539 87.98.220.10 443 TLSv10 TLS_DHE_RSA_WITH_AES_256_CBC_SHA - - - - T F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl (empty) CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - - certificate has expired +1394745618.791420 CjhGID4nQcgTWjvg4c 192.168.4.149 60540 122.1.240.204 443 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - - - T F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h (empty) CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US - - ok +#close 2014-04-26-16-45-32 diff --git a/testing/btest/Traces/tls/ecdhe.pcap b/testing/btest/Traces/tls/ecdhe.pcap new file mode 100644 index 0000000000000000000000000000000000000000..e37df374e0271a643d49fea1c67e03e00a158a63 GIT binary patch literal 7510 zcmb_h2{@G9+ka*?#?II)Q#19(Q7mv_F%0j_UOfC62d0NFs0h0l-$WPvY573E0lFWdf!(wvOC zz~xD2&wF3RM?Zo^6NsLbZ!8dWFcKcId%7DDvI3|` zn`F14;zh)6(uN6ka{;<$lq6aI_y*vC5qlpY$OvMtI}vIHXh@rc*eLV@K~C87dZ zU%OKfQ4WKG(t(ptU@)H)LR0I4c=kN?Lu(>>PO~Wlr@x6Ri&#D}bp43!pOS&Qib&8f z8uSi;L?A2%LZKldWC-a);*c1m2y~*50wfG{a*#YkfbftIM1o{NL~)QbBm-iJhA@x> zBne4Ds=#_Nhz!lZqwr`v28Y6-aUeEWG!}zFVbB;18ihuqk=`g2GHX=jFF#I-kfF^G zKSEs-BBbdm8mkc{iB7w&J2GqF!;K(1j}XKgkBLwf4&t|oh`2j8Aoq;$+Md5dRFxV- z^gs~hFc@ed$R<+^#@YS(_YIc@>fhh{vUz=MqsGS!rJbJn#Q`co{YwgTSqmWGMM!EG zh2-|A8-Y6jg7^y&NW2jee+&s(!(5@oFc&|Y$M*zb#=4<<+V9FRuozxgbC>&d`Uh(MGf+A*0v3>tZ9AXQHtRz;K;nQ3E64viH^ z2q%!moH7dW zlGQD$v45k=V+k!W?pKUYbh&7?o44{#+z$o%smRD&WhYDRyiBz9k<#?}HXZTB{iHBf zJ9q6)v8#>^_ihhlA4cc|dzfsXJkXHO)qJk)VhNa>cf)X6s|9&U1; zGdT3}Y5SHYiD2Uhk86#Ki(4`ELv>dp_Wq5c1;v`xbPxCP#P-IvpSW@+uB}eq^^K|N z{Va-=d)odBtPD$n^S5xft-7}p3CfASgi@o*hp!oPvPE-eDhI!={cd$C6Bd#w(zqHW z$!433<{zJ`p^Su<3hrf*3_Xgm?2){b)fG^(6lLm6h;Jx zPG$2kL`L;GR0?;Tz~GAi`h}@O4-}OBf&}Fdf3C#1{sB4^)(+T|Xbv!``#v4YO$}HG-G~-byEW+*UpZM}X10RD3y{ATwRvAbkA>SOt+(u?nzU z6lvK@yqxmwufA79|Bb$O%TuYqEm{|rM>>$PlCU^&y!JFS{E2DQXg~A_c~IUgxolV zyK#O-^eSO1R(+quir~n;A@c)j9~_{0gR4tEbjDg3wpeN6_+<-9oaw zqVnO$Fv-Nc;BDuPO0Sf4_XOV4IaFv*c$R_oj`wG*{$b*jTwT0X^{_?7p%t#0x2yXr zLeFlwvsv`+K=ed)^_X>XM$Cf9xgw8Ddgr+XL5qb2d7NZF`;mA>h8M zsj=JJ#Z_%3-v;Y)d*hcK|KJxpBjo6@E{dt=JyK{a^u^XIeTlzRm7JVo!pcrzOM_|h zTc^u>se5^XPS4Xg5Ln#}RQ}<&yP? z>zUluv3^r&3oc5!#N+Vd+wS%zz0Tj%S_cmPBU@6_>nzs0Y%qOI^Y%MDe`Z`!t)t2u z7-P{yU^_7)hs_q8nU7B>TrP#}*sj*x`h8F@c;N8k&0lnuU9_sNY%lRsx?JV_Qg-=X zm2yRjN_A?^BC1xb5uFxWuK2)qR-be7owrfTBuh0v7Nn4+%1n<*VtL(^Ey?Qp99DA38x>U!;}-Ljt5X_Tg#5)!fbn2WgS|8? zj_4$i1&#$>~j9d-4$6bn>ad_$fY0YIdF`>4ZsGzA7(d-K|SI zVyp^SO*0x3jPWV2yOYi54=G!%`!TEBztF^^&RjiEy2HaK)Yc-giBujg)|u?xl(35# zl~LfTpS)Ze_}NZ{L2(?%4+Jr)i3sU{lK|2todn1~tHrQj zwJ2M}uNDgEwAK>AYGJbFt8LwM>C{zsYAps`e&9V8G);3YJmR#KxmNS}sdGnO?Bm=| zzSA9;EHf41NXe>KjmqU8)Oe6XVFaP2(8!X0uE|l>07N6>B>Qnu0Z8LXo)BzWD^`h_ojsFX@hzOG$Jx;KQ&}$8a0GP zBU{s09J)6hY!7I^P7(-p!QcR)uLt-Fd=Tm~flbE5{|Y_+C(dfBQlP>^z4EF`t~=ac zEnt|u3%(wHu;F$_uZ>QR?ZY6>~318>uox>5Es5T)uat~-ET*5R%^-T?7u!m zy^EhCk*5BnGv-TP_QA5F53Ll8NU3>8Z4c?Js_2Qcz9*NwR@?DYymr) z`)`u^NU}!Hifl8tvdRzMedwZ9U7ND#q=r}3t4A@4!4(dz4Ue~;RjhVtF8^5XVdDIL z!>WDSKO9w!2fbS>6S7Pdq3g+L(}N=7KTLG$rsIx(UAc%UAvFEsycq{Jo4)Bcc9t=1 z@X*kDzA%SWsNbQ0nX?)j{65!UVT;KvA>&xjlM(H5aPOuft+rtQci(?MtihwQE!*ORh3FnwZ`&jnz*6)_>VG11Xb zXp3~9!*V(4T`>M~G@+)OP*xVa!@KK#XM?%QaCdjP!xL+hziz_Y6>42#PWe?DOPy@9 z_s$H6ydl$I_hYZy2KL~EXUh7DCb=nwq;p5=J2Iz{2urWsdVla!jB&?wS7t@iZ8kOW zUF6n9vnm$~b#5}@oP3LMbjY}Pw2SgNcCj=#)}vO6La3z}NZt~AFDzGnai_xmSeMI% z;_YSk1`U>POf_kBx|TVuFzd`U&1JLHl7eUWeGEygXB{el#aMGJD^^ErIPHEyqi!~Q zLkJWN=vKm$qdDmY##=tys0NT??pI{tzbXY9n`YZDNcg)T@1nxpSI>OtTj~#|yo{6^ zYPs5&WX{~kYF#WYHe~6uGqcO=>9r>w!KK?~rdY6ylV!Zaf1Kw%-!!e3s5{SHNhC%% zA;SNf^9g%z(_Hka-L>6!eWmrBtam8ue3iT?f6PpBOHJkcgS8@#$5#ixMA$PQuxAn2 zQ6p_4dqS6O!6gT{J7Wm4XVu8f3}8>vHbM5R*_^LTRu3*>wEwFd>nG7Sw6jL}VLJC# zlK%yI#^PvJBtdcx2A_M=YAEXU(04PZ53h~y2U;CUKDYTT4WBFT*^s6utBo!UcN{#Y zF0GjVvTercK}t!f`C$~f-`B3HWN{u*^ZsgC{WS$VbCCm3GOH@v1hfYBI>;sE2!EvCwte_)%dz4 z_dYFlQ0`P)Dd|*tH@#_fXKlHKr%1r72+QwXdo*IZ?kTy=)Z=BEq|R6>t;Qk&C=?0- zv=~?uUVz)VaCXCA@ZO z#d>`={T9X6Tb>H>>QLT{#NvUq$XKnPlv{?j;Jyvy);|++D+g5O+sLio>1SiPwGG_S z^&p6GHh)CK@DbboH;9sMB9H~ha->bP5v6a7MG*C-wh`n%#zoLZ#B~?IJLe!&d=ZrO z*=}EupTng@`EQ5cDyGeu-86jd9WS*0SlhGitBTf#rfVJ@v?QG8iMNIF#DxPZaP{6_ z9=ga>402b|IWKX7wl?Nl=jU$i{M3!w8iBl zct%~%Eqpz{{ne7C<6`d9@Rpky&``PJZ!6o4&)vLUEGD`K$34ivwFEGN;4mlUFBY8I z!UgWI$I9TYXM2qPVXtsW@(S<0FjwQj49mtFNQAtBKYzc!v;KtScDwR~+`et#U!4tB zOLttrXl`eVf!y9U2oO8GQBW9IDM*{NTIgH+5yX7IDG|YHsaQ9Pn7bT7lm`)lyDu*N zw@z3(yZ41l?&>_9&uitIt7~_M*8PpjNk1bMWAHL@*wcUCzWhR8lWD8%-5(-m;LA{u z5J(cFO-vN%yDiv!f@Gd4n0nROAenojK%zYOI+`dSnw8aamm_8rwf7nBXNIS-i`QJw zSYP^eAAS2di@3P5#)4kUIc17n@j3^47P`Kj?K{8Rk*W4EfV8ai$%CZ@5j@2MMK+rX z<`*mVheqj3WU$5Z+PscwFxNbdFwDO4`W4S;=VMRz@~p_Dq(O1n1J8>iqU~%U$B!Wx2v3r<`*3_HK@(Q6$gNBpaXa z-_YZ`_TQy5--_LBxOXhFV&2z1m1nzdvM;q@j}IYkxeVMg8t+MNF|@_=-SS@0Esy;9 zZjnN#9a9r@3xZfS4slYv4YezgctaKw;@xB5|HvO?(3h<@#^O!&to+c7Aj0LpY@Cd! zWriT4>!v_tfPZnIt>-2qrUAs?=j0JR1TiIRN<@&8%_4$`vPe!osazeT@B?R9Q_A3$ zZRqQJx0ZM`+efONeKPG?YgA`OU6dHFNn`rwfbWub$cyA$k%{H}abjlQ5Hr5W2%51I z9Ht&IqNKpYID%&IT{RCq_D9{Ma9Y?3@x$3TA)E{(oPPnzKK~ODIKB^LITifLL39<} zsR7z-1U(C&|K4r7UWmOvf(7l3MMBGnQY1q!pN`qP4H@D8?6!kCf1D(NKgp+)C%JPr kf0Bzv%=q0TgShBFtq5U0`kSfHk*aqzdlbD*9C6|Q0AR(M9{>OV literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/protocols/ssl/ecdhe.test b/testing/btest/scripts/base/protocols/ssl/ecdhe.test new file mode 100644 index 0000000000..bd1bd2cb96 --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssl/ecdhe.test @@ -0,0 +1,3 @@ +# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: btest-diff ssl.log +# @TEST-EXEC: btest-diff x509.log From 24b63f5fc8f9526d902137813fabb692a5fd9478 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Sat, 26 Apr 2014 09:53:18 -0700 Subject: [PATCH 2/6] Forgot a few ciphers in the EC list... --- src/analyzer/protocol/ssl/ssl-protocol.pac | 69 +++++++++++++++++++++- 1 file changed, 66 insertions(+), 3 deletions(-) diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index a44516dc6b..f84befe695 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -98,7 +98,7 @@ type ServerName() = record { name_type: uint8; # has to be 0 for host-name name: case name_type of { 0 -> host_name: ServerNameHostName; - default -> data : bytestring &restofdata; # unknown name + default -> data : bytestring &restofdata &transient; # unknown name }; }; @@ -119,7 +119,7 @@ type ServerNameExt(rec: SSLRecord) = record { # status_type: uint8; # 1 -> ocsp # req: case status_type of { # 1 -> ocsp_status_request: OcspStatusRequest(rec); -# default -> data : bytestring &restofdata; # unknown +# default -> data : bytestring &restofdata &transient; # unknown # }; #}; @@ -383,7 +383,70 @@ type ServerKeyExchange(rec: SSLRecord) = case $context.connection.chosen_cipher( TLS_ECDH_ANON_WITH_RC4_128_SHA, TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ANON_WITH_AES_128_CBC_SHA, - TLS_ECDH_ANON_WITH_AES_256_CBC_SHA + TLS_ECDH_ANON_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_PSK_WITH_RC4_128_SHA, + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_PSK_WITH_NULL_SHA, + TLS_ECDHE_PSK_WITH_NULL_SHA256, + TLS_ECDHE_PSK_WITH_NULL_SHA384, + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, + TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, + TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, + TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, + TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, + TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -> ec_server_key_exchange : EcServerKeyExchange(rec); default From b1a2bccdc747750a94c396b07119bb14fcb800c9 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Sat, 26 Apr 2014 14:51:08 -0700 Subject: [PATCH 3/6] Add a few more ciphers Bro did not know at all so far. --- scripts/base/protocols/ssl/consts.bro | 8 ++++++++ src/analyzer/protocol/ssl/ssl-defs.pac | 4 ++++ src/analyzer/protocol/ssl/ssl-protocol.pac | 4 ++++ 3 files changed, 16 insertions(+) diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro index e60363e14c..e1b366130f 100644 --- a/scripts/base/protocols/ssl/consts.bro +++ b/scripts/base/protocols/ssl/consts.bro @@ -487,6 +487,10 @@ export { const TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9; const TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA; const TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB; + const TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC; + const TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD; + const TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE; + const TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF; # draft-agl-tls-chacha20poly1305-02 const TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC13; const TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14; @@ -850,6 +854,10 @@ export { [TLS_PSK_WITH_AES_256_CCM_8] = "TLS_PSK_WITH_AES_256_CCM_8", [TLS_PSK_DHE_WITH_AES_128_CCM_8] = "TLS_PSK_DHE_WITH_AES_128_CCM_8", [TLS_PSK_DHE_WITH_AES_256_CCM_8] = "TLS_PSK_DHE_WITH_AES_256_CCM_8", + [TLS_ECDHE_ECDSA_WITH_AES_128_CCM] = "TLS_ECDHE_ECDSA_WITH_AES_128_CCM", + [TLS_ECDHE_ECDSA_WITH_AES_256_CCM] = "TLS_ECDHE_ECDSA_WITH_AES_256_CCM", + [TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8] = "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", + [TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8] = "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", [TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", [TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", [TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", diff --git a/src/analyzer/protocol/ssl/ssl-defs.pac b/src/analyzer/protocol/ssl/ssl-defs.pac index 2b55e53b25..a4074443b9 100644 --- a/src/analyzer/protocol/ssl/ssl-defs.pac +++ b/src/analyzer/protocol/ssl/ssl-defs.pac @@ -407,6 +407,10 @@ enum TLSCiphers { TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9, TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA, TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC, + TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE, + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF, # draft-agl-tls-chacha20poly1305-02 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC13, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14, diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index f84befe695..e19fdb6aac 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -445,6 +445,10 @@ type ServerKeyExchange(rec: SSLRecord) = case $context.connection.chosen_cipher( TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -> ec_server_key_exchange : EcServerKeyExchange(rec); From fb56b22cffdf8603404da367fac097b71b3bf36f Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Sat, 26 Apr 2014 23:48:47 -0700 Subject: [PATCH 4/6] Add DH support to SSL analyzer. When using DHE or DH-Anon, sever key parameters are now available in scriptland. Also add script to alert on weak certificate keys or weak dh-params. --- scripts/policy/protocols/ssl/weak-keys.bro | 90 +++++++++++++ scripts/test-all-policy.bro | 1 + src/analyzer/protocol/ssl/events.bif | 19 ++- src/analyzer/protocol/ssl/ssl-analyzer.pac | 17 +++ src/analyzer/protocol/ssl/ssl-protocol.pac | 121 +++++++++++++++++- .../scripts.base.protocols.ssl.dhe/.stdout | 1 + .../scripts.base.protocols.ssl.dhe/ssl.log | 10 ++ .../ssl.log | 8 +- .../notice-1.log | 12 ++ testing/btest/Traces/tls/dhe.pcap | Bin 0 -> 6929 bytes .../btest/scripts/base/protocols/ssl/dhe.test | 8 ++ .../policy/protocols/ssl/weak-keys.bro | 8 ++ 12 files changed, 288 insertions(+), 7 deletions(-) create mode 100644 scripts/policy/protocols/ssl/weak-keys.bro create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.dhe/.stdout create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.dhe/ssl.log create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-1.log create mode 100644 testing/btest/Traces/tls/dhe.pcap create mode 100644 testing/btest/scripts/base/protocols/ssl/dhe.test create mode 100644 testing/btest/scripts/policy/protocols/ssl/weak-keys.bro diff --git a/scripts/policy/protocols/ssl/weak-keys.bro b/scripts/policy/protocols/ssl/weak-keys.bro new file mode 100644 index 0000000000..27cfb31554 --- /dev/null +++ b/scripts/policy/protocols/ssl/weak-keys.bro @@ -0,0 +1,90 @@ +##! Generate notices when SSL/TLS connections use certificates or DH parameters +##! that have potentially unsafe key lengths. + +@load base/protocols/ssl +@load base/frameworks/notice +@load base/utils/directions-and-hosts + +module SSL; + +export { + redef enum Notice::Type += { + ## Indicates that a server is using a potentially unsafe key. + SSL_Weak_Key, + }; + + ## The category of hosts you would like to be notified about which have + ## certificates that are going to be expiring soon. By default, these + ## notices will be suppressed by the notice framework for 1 day after + ## a particular certificate has had a notice generated. + ## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS + const notify_weak_keys = LOCAL_HOSTS &redef; + + ## The minimal key length in bits that is considered to be safe. Any + ## shorter (non-EC) key lengths will trigger the notice. + const notify_minimal_key_length = 1024 &redef; + + ## Warn if the DH key length is smaller than the certificate key length. + ## This is potentially unsafe, because it gives a wrong impression of safety + ## due to the certificate key length. + ## However, it is very common and cannot be avoided in some settings (e.g. with + ## old jave clients). + const notify_dh_length_shorter_cert_length = T &redef; +} + +## We check key lengths only for DSA or RSA certificates. For others, we do +## not know what is safe (e.g. EC is safe even with very short key lengths). + +event ssl_established(c: connection) &priority=3 + { + # If there are no certificates or we are not interested in the server, just return. + if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 || + ! addr_matches_host(c$id$resp_h, notify_weak_keys) ) + return; + + local fuid = c$ssl$cert_chain_fuids[0]; + local cert = c$ssl$cert_chain[0]$x509$certificate; + if ( !cert?$key_type || !cert?$key_length ) + return; + if ( cert$key_type != "dsa" && cert$key_type != "rsa" ) + return; + + local key_length = cert$key_length; + + if ( key_length < notify_minimal_key_length ) + NOTICE([$note=SSL_Weak_Key, + $msg=fmt("Host uses weak certificate with %d bit key", key_length), + $conn=c, $suppress_for=1day, + $identifier=cat(c$id$orig_h, c$id$orig_p, key_length) + ]); + } + +event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) &priority=3 + { + if ( ! addr_matches_host(c$id$resp_h, notify_weak_keys) ) + return; + + local key_length = |Ys|*8; # key length in bits + if ( key_length < notify_minimal_key_length ) + NOTICE([$note=SSL_Weak_Key, + $msg=fmt("Host uses weak DH parameters with %d key bits", key_length), + $conn=c, $suppress_for=1day, + $identifier=cat(c$id$orig_h, c$id$orig_p, key_length) + ]); + + if ( notify_dh_length_shorter_cert_length && + c?$ssl && c$ssl?$cert_chain && |c$ssl$cert_chain| > 0 && c$ssl$cert_chain[0]?$x509 && + c$ssl$cert_chain[0]$x509?$certificate && c$ssl$cert_chain[0]$x509$certificate?$key_type && + ( c$ssl$cert_chain[0]$x509$certificate$key_type == "rsa" || + c$ssl$cert_chain[0]$x509$certificate$key_type == "dsa" ) ) + { + if ( c$ssl$cert_chain[0]$x509$certificate?$key_length && + c$ssl$cert_chain[0]$x509$certificate$key_length > key_length ) + NOTICE([$note=SSL_Weak_Key, + $msg=fmt("DH key length of %d bits is smaller certificate key length of %d bits", + key_length, c$ssl$cert_chain[0]$x509$certificate$key_length), + $conn=c, $suppress_for=1day, + $identifier=cat(c$id$orig_h, c$id$orig_p) + ]); + } + } diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index 5c6ed286fb..43dc6b9dce 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -90,6 +90,7 @@ @load protocols/ssl/log-hostcerts-only.bro #@load protocols/ssl/notary.bro @load protocols/ssl/validate-certs.bro +@load protocols/ssl/weak-keys.bro @load tuning/__load__.bro @load tuning/defaults/__load__.bro @load tuning/defaults/extracted_file_limits.bro diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif index 54bb0715d2..46747ecb58 100644 --- a/src/analyzer/protocol/ssl/events.bif +++ b/src/analyzer/protocol/ssl/events.bif @@ -59,6 +59,7 @@ event ssl_client_hello%(c: connection, version: count, possible_ts: time, client ## ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension ## ssl_session_ticket_handshake x509_certificate ssl_server_curve +## ssl_dh_server_params event ssl_server_hello%(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count%); ## Generated for SSL/TLS extensions seen in an initial handshake. SSL/TLS @@ -117,7 +118,7 @@ event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index ## ssl_extension_server_name ssl_server_curve event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_formats: index_vec%); -## Generated a named curve is chosen by the server for the SSL/TLS connection. The +## Generated if a named curve is chosen by the server for the SSL/TLS connection. The ## curve is sent by the server in the ServerKeyExchange message as defined in ## :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen. ## @@ -131,6 +132,22 @@ event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_format ## ssl_extension_server_name event ssl_server_curve%(c: connection, curve: count%); +## Generated if a server uses a DH-anon or DHE cipher suite. This event contains +## the server DH parameters, which are sent in the ServerKeyExchange message as +## defined in :rfc:`5246`. +## +## c: The connection. +## +## p: The DH prime modulus. +## +## q: The DH generator. +## +## Ys: The server's DH public key. +## +## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello +## ssl_session_ticket_handshake ssl_server_curve +event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%); + ## Generated for an SSL/TLS Application-Layer Protocol Negotiation extension. ## This TLS extension is defined in draft-ietf-tls-applayerprotoneg and sent in ## the initial handshake. It contains the list of client supported application diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac index 071edf2eac..ef1d862b87 100644 --- a/src/analyzer/protocol/ssl/ssl-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac @@ -409,6 +409,19 @@ refine connection SSL_Conn += { return true; %} + + function proc_dh_server_key_exchange(rec: SSLRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool + %{ + BifEvent::generate_ssl_dh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), + new StringVal(p.length(), (const char*) p.data()), + new StringVal(g.length(), (const char*) g.data()), + new StringVal(Ys.length(), (const char*) Ys.data()) + ); + + return true; + %} + }; refine typeattr Alert += &let { @@ -501,3 +514,7 @@ refine typeattr CertificateStatus += &let { refine typeattr EcServerKeyExchange += &let { proc : bool = $context.connection.proc_ec_server_key_exchange(rec, curve_type, curve); }; + +refine typeattr DhServerKeyExchange += &let { + proc : bool = $context.connection.proc_dh_server_key_exchange(rec, dh_p, dh_g, dh_Ys); +}; diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index e19fdb6aac..840aca4b84 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -356,8 +356,9 @@ type CertificateStatus(rec: SSLRecord) = record { # Usually, the server key exchange does not contain any information # that we are interested in. # -# The one exception is when we are using an elliptic curve cipher suite. -# In this case, we can extract the final chosen cipher from here. +# The exception is when we are using an ECDHE, DHE or DH-Anon suite. +# In this case, we can extract information about the chosen cipher from +# here. type ServerKeyExchange(rec: SSLRecord) = case $context.connection.chosen_cipher() of { TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, @@ -453,6 +454,109 @@ type ServerKeyExchange(rec: SSLRecord) = case $context.connection.chosen_cipher( TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -> ec_server_key_exchange : EcServerKeyExchange(rec); + # DHE suites + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_DSS_WITH_DES_CBC_SHA, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_RSA_WITH_DES_CBC_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + TLS_DHE_DSS_WITH_RC4_128_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD, + TLS_DHE_DSS_WITH_AES_128_CBC_RMD, + TLS_DHE_DSS_WITH_AES_256_CBC_RMD, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD, + TLS_DHE_RSA_WITH_AES_128_CBC_RMD, + TLS_DHE_RSA_WITH_AES_256_CBC_RMD, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_DHE_PSK_WITH_RC4_128_SHA, + TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS_DHE_DSS_WITH_SEED_CBC_SHA, + TLS_DHE_RSA_WITH_SEED_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS_DHE_PSK_WITH_NULL_SHA256, + TLS_DHE_PSK_WITH_NULL_SHA384, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, + TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, + TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, + TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, + TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, + TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256, + TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384, + TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, + TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, + TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS_DHE_RSA_WITH_AES_128_CCM, + TLS_DHE_RSA_WITH_AES_256_CCM, + TLS_DHE_RSA_WITH_AES_128_CCM_8, + TLS_DHE_RSA_WITH_AES_256_CCM_8, + TLS_DHE_PSK_WITH_AES_128_CCM, + TLS_DHE_PSK_WITH_AES_256_CCM, + TLS_PSK_DHE_WITH_AES_128_CCM_8, + TLS_PSK_DHE_WITH_AES_256_CCM_8, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + # DH-anon suites + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + TLS_DH_ANON_WITH_RC4_128_MD5, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_ANON_WITH_DES_CBC_SHA, + TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, + TLS_DH_ANON_WITH_AES_128_CBC_SHA, + TLS_DH_ANON_WITH_AES_256_CBC_SHA, + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA, + TLS_DH_ANON_WITH_AES_128_CBC_SHA256, + TLS_DH_ANON_WITH_AES_256_CBC_SHA256, + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA, + TLS_DH_ANON_WITH_SEED_CBC_SHA, + TLS_DH_ANON_WITH_AES_128_GCM_SHA256, + TLS_DH_ANON_WITH_AES_256_GCM_SHA384, + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256, + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256, + TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256, + TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384, + TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256, + TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384, + TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256, + TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 + # DH non-anon suites do not send a ServerKeyExchange + -> dh_server_key_exchange : DhServerKeyExchange(rec); + default -> key : bytestring &restofdata &transient; }; @@ -466,6 +570,19 @@ type EcServerKeyExchange(rec: SSLRecord) = record { data: bytestring &restofdata &transient; }; +# For both, dh_anon and dhe the ServerKeyExchange starts with a ServerDHParams +# structure. After that, they start to differ, but we do not care about that. +type DhServerKeyExchange(rec: SSLRecord) = record { + dh_p_length: uint16; + dh_p: bytestring &length=dh_p_length; + dh_g_length: uint16; + dh_g: bytestring &length=dh_g_length; + dh_Ys_length: uint16; + dh_Ys: bytestring &length=dh_Ys_length; + data: bytestring &restofdata &transient; +}; + + ###################################################################### # V3 Certificate Request (7.4.4.) ###################################################################### diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dhe/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.dhe/.stdout new file mode 100644 index 0000000000..c2cc676ec1 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.dhe/.stdout @@ -0,0 +1 @@ +key length in bits, 1024 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dhe/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.dhe/ssl.log new file mode 100644 index 0000000000..652f3b3df7 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.dhe/ssl.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2014-04-27-00-52-03 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string string string bool vector[string] vector[string] string string string string +1398558136.319509 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 TLSv12 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - - - - T F6fLv13PBYz8MNqx68,F8cTDl1penwXxGu4K7 (empty) emailAddress=denicadmmail@arcor.de,CN=www.lilawelt.net,C=US CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL - - +#close 2014-04-27-00-52-03 diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log index da805fd35d..b09bd04350 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log +++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path ssl -#open 2014-04-26-16-45-23 +#open 2014-04-27-06-48-05 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name session_id last_alert established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer #types time string addr port addr port string string string string string string bool vector[string] vector[string] string string string string -1394747126.855035 CXWv6p3arKYeMETxOg 192.168.4.149 60623 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - - - T FlaIzV19yTmBYwWwc6,F0BeiV3cMsGkNML0P2,F6PfYi2WUoPdIJrhpg (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - -1394747129.505622 CjhGID4nQcgTWjvg4c 192.168.4.149 60624 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - - - T FOye6a4kt8a7QChqw3,FytlLr3jOQenFAVtYi,FEmnxy4DGbxkmtQJS1 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - -#close 2014-04-26-16-45-23 +1394747126.855035 CXWv6p3arKYeMETxOg 192.168.4.149 60623 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 secp256r1 - - - T FlaIzV19yTmBYwWwc6,F0BeiV3cMsGkNML0P2,F6PfYi2WUoPdIJrhpg (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - +1394747129.505622 CjhGID4nQcgTWjvg4c 192.168.4.149 60624 74.125.239.129 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 secp256r1 - - - T FOye6a4kt8a7QChqw3,FytlLr3jOQenFAVtYi,FEmnxy4DGbxkmtQJS1 (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - - +#close 2014-04-27-06-48-05 diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-1.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-1.log new file mode 100644 index 0000000000..a8784bd8c8 --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-1.log @@ -0,0 +1,12 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path notice +#open 2014-04-27-06-41-50 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude +#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double +1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::SSL_Weak_Key Host uses weak DH parameters with 1024 key bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - - +1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::SSL_Weak_Key DH key length of 1024 bits is smaller certificate key length of 2048 bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - - +1398558136.542637 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::SSL_Weak_Key Host uses weak certificate with 2048 bit key - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - - +#close 2014-04-27-06-41-50 diff --git a/testing/btest/Traces/tls/dhe.pcap b/testing/btest/Traces/tls/dhe.pcap new file mode 100644 index 0000000000000000000000000000000000000000..d5e034ef849d9b23bd713a69d6bcb69600ac3560 GIT binary patch literal 6929 zcmd5=dpML^`+nb7ZS7*hwXdB9#cGq9n14Z@t8q?Aq7wy1qYtu4`Rpy|dQ6?sc!{xu18|gW5A07zhVV z{f&=95DYq14xZ!(Z5U_`_>4B6&E-M|d472Ta&%Dv$P$9g6G`TfIi9F{B~Nm3W*a7F z&=S5FuBCYcMJmILk4FF`434h?#$s_WEHFngHAVsb4u_dU4{gUmwxEx;N!-ab06GCO z0SiEj@J;3@GP(kManKUepTP%KxS1|#6h9y_iH^ev%)!5|W~1m}B`nI@>nRRe2~g2C zi?^Pe9?E-*-VeNQ0(3lAoSJpGfXE(L?50+3l1jwBu1D>bgUXE^ZbKvQeEoNvxuv=1(W#D_)^H#fv=Fdl=)^1*x#t@n>L}t0X+1Y51ME{BJw>^Jd7fq7Wo-sW#Kep zGKwgJ#X`$KG#Fs9WKV~3PlMlgAD@>cpq%DLeXr=FZi3tBW+Zy*aCIG74FW1aqT?_c zo2U%v7QuAkC?QCg2MI?&_!S5bzZ~K5X{JxefE5e7jfmg{b)u}JhDBglhz~*{_mhMW zK|FRH4ljkVu_wtO(r9Onln9waVR0-10|@pUA0kN?`3-$8B&9~CQG;1D!YaBiokL*| zENCnaeKVa(;m`x&mnyILXP`{eB9m3lWfIfkeWH=oggP1CyWe^Pw0K5gi(;nB3yP4CG;iu;%68?<%y_?jy@NnEB&B>FI1b>ACx1!pZutRFaPSr2wJvl0i~o_;YqfSk7WjO3=br%|QO-S78W z^~tY=C0->Tb@~|wq$PZchv`Ikm}e7lq9ldGAP^!1bXO9?;XsPzAyQ~Z6DN$!!3*f( zVLm>7EQ~0j4@Ge@IOz`^A=`@cBfJ-wzOd?$fO#^TSgwc)`n5Vv4w2zX_pQ`xI8s)4 z^5Z;zf#G@|V!!AD%ZYeXlEA4U1m3LE(m3Zl>lBn*KQNZ|O<2vbSoN@37_C>#`!Mf)R|&Y}g-m>f1CaP!2l|E|4)Fv)TO z7{{Pfm{b}ekjV%mYz|~ijHH7sWBP!lf`VB=fovLq&Ln`n1x<~e!~=7~P!>U8_hE!U zZwB3WVsSPR(MNSv!4Z)Kh)(+abgd|jZ*oytjG1y#SscFw}i9{ev zryd}1)WUBVfmC+TOb~Xk_aZ9l6r@G$2~Su=r64P(r(&WEzD=djDKlrH60;Y9`NYZj z#L4+YDg_YYAnNEoByoy}LX_Ok4*Yu~0M-bM0ERq#+oX@UoJt~JAa0(QuQE<8$fqt7 z7jXARonQ9QFP%Se!uf?~I)6^dR4u8#IMey%86I1SX03Y|XOVnO%VOw}TZRQIOWomp zm3#e$Hm{uM5C=6@+}yHV3(~!e@7`{@td=hqC4ax0F%l#HxmsA$)6Hx@f1+{Qv5=y> zt}nVQfo%7 zF~|7N`D64Gamv5B^gzd*cf6&U@yvW5>ysQhjb8a}5+3lF-)<9gd7eNHWBV3Axh`2H zkD+)7Zv?869>T*ZPF5vY?t9_+Kuy~Doyq^NO44tLHV6SwlKwq&K@9@s23f4P7}3`w z8KO1l`|kg@lKF2XtTN_CQNN(`R{o*{YQx7>a&o)5t}2I0I-*AxJ5@AU;Rm|;y@Eu= zhn23}6*th^<1Us^wChHZo3q&kquwt)xf(Cba|A-JBrs3t1UQ&6DTFy~8=f}qq?Vhm z9vf9%E7x)d$$87qG!BZc7#Zz*$1~vzOc>63G6zvU%pT*fYw_Y9S95bN!MDantJBN6 zbRNCl)mT0FM_Z8le6dn@qaaI3GsNMJajEP}vD@kS8?6gYQ=D$=-7)d373vkgvOjeI zi}fBm!!TuuzEiZ&xn(W7e(5!m>R;kl7etS_Bsr@%n~)?^BYLi+XK#4;;-Klk!@Q1` zAX5Id@_VHL1KnjM(aeN3C{6j?12V&?0P|INacV+7ztJ3#n zYmHF9LYBElwk$mwsnhebXjoD50ogp|R>1k(5jPNa-%27dzIi`2K45bTrw3x9RDb4C z?9J?Nj^=^#R>8R-&WLupX1e;n&td#9aF&Hnfdl{MqUZ!%7!ryEe_uagWb^;Idg@JW z3{>0sKie2usixisCu;6@@2S8Ousra(uPSI`n!T6#TqxGMmE>@6*mZqoN0ayZS7%)Z z_gDrSzjRW;#dfE=oAy8@dm8>8Ct!VU7h^hZ9AbSw<XQ`HNg9oL`P#684(u{EFMZI7mAdg|D;P zx&33dh>dbm@37?6`tgt)O{<2%VExM}=iFra3Ou(4z9A!}uW=6b`IyduN}S{;oqWIRj)3G!Qn?J5U4@}ha|1|GWewlqZx$mI$v$`c` ztw#-P705YDgd1Y+*v!2XLo$iK!fK(}IqUCREwSqS@&of}Ii_JJJOx($R$QhpK~!B+ z)z~9$x^efe^4glN#v5M+?Kpz%@5`IyO}QeOLh=JfJ=beWU#PcHUL5yi5@KwK>RZlu zU$v|_SsI)BUd{OP&KL0w+vNYYweM`)>1DeM`&PSI{e*v9#fHqs{S4l3?ZNUUX7=K7 z{TG9^8%uWO=H2zk1wWTCV!{wc2;yG6w6N~cYEJwPi!VdmSNGZ;yPX>Ht5|3!@a{pM zSh%%ixtedfy@TqHIq5&Td$<2Yy0$H~P}yzttIghqPaCCu*SGR34Orgm@K1$c z48$$nWdD@0?OL&!_sBC|_o=NJe~Hz9*m9{_N)o#?XnR2i>xz*=b&tvN-*-p{`BxP> z2(~Z1o~)clk*OhNJQo{;_ypt%^O1W*By7FfEhM3fpz{8@xN{0n%)5H6i zrP2~vw-of%yYjN?ht!|x20aYOmNkvivM7#OmGs^=u{u}6^KEPNL&8gq5n1`2Z@j%m zC3oF-?L4`#z-FcG%EHX&4PB z4VS%3lB1SCkgqhftf&2Xi|@*ojVpHzjW5Y~n6#UMIh;`zm!GrO{(!IVI=>gS>&qL= z_3?>+oxW*r*TD>VJyzAWod{v)Cs0V?U6MifOkqT7!Whaeurb@9x2nV)iCg@XF< zU1O)lLuuz)7k;%*x!+D`OVV%F5c0EHTejEof!$VqCqqRqwWHX38&v)8UDn*#88ngy z%SNQPOW+k?_MM2X7W2+r`|F8$HETt%*h5-I(MZirlk_&P*2YYX@`-fKs(>pOqD!*9 z6IN&46Fb5Ryp#Xe@m0H|0hNg>4aoc~lQJ&7bp05$t0C;cn^^n~V&>Ar$=!NU0Y{A9 z_>EQ*@3!Q3MYqo9zgLbF-KctVx;b0E`Qi~iuYu_F8-9NTpvo6p2|y-5BeeZ!+AvWu z88z**RWnVy^liA7Hq4ddKa#g=+O*5Td5WSs6@WWJaQy`@fYR%wa0}P%>tc@lJ$kgL zxn-olgJCG(VKTNtL1l}a|D8ddokYEwHe01^tD)m9=ld>gUpcf~wb-L2?cuW41@eT9 z3a9q;cd>Ors`p4oE**!9r7e>WBkJn2M&kFroSn@6&4g4V)*D? zlz@z(k!+Kl$hgg5mVnjbO(`WB43VSbbHXj0qGP2sKA*WGzqgyT^t@92H7Uk-T5c1u zaP76W&g0vhSYXwJQP)j26C8=?unTo&y|+Dkkrxt;Xv~!*&x|>37}HOUXK)&c4N^AFXVdxT| zgtl3Kod#-;BL6VrxO01TkN9o7a7WxkC{K5M z?0k`~!TvO1Z~TM7ZVHoag|9YYkW$gTkV8eG^&t4sHY)*a6jLS=AZ=y>l=XlF*p4Q^ zc+=!w@UO4p6;o5z02;73S!z%?o?y5-Pdl5N+P4ZT=()^t&m2p9MjF(p!N&sE6_DlZ*qsYKIvbs8BJ(PiWA863 zB3c_syfyZDrfVv6;V+#UnG~%TQE~9aXzu*pc!MyJW>TQ5*#UH2c1_k8l&<#p9u zdZzwvlt-uNe0bEj1T*-RI{>+uConAOgaCLh#={GYiA-(NcDNU1uP$Q zGODo-Ql&ikP2uHvpEvF6-S|{4aF&qd2doPBH=M^AIadWa&fV2^AXOFJSOTE&bE)hm zXoS4`fkqjoA8bs507+`jq;Ux#-o6X2@WJ_`ZB`7-=g&i9;C9i>7&x;S42GOQO^Ndc eh67MU8h(kAKY>#CZz%nZzeFjRKq>eY%6|Z?SPkO< literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/protocols/ssl/dhe.test b/testing/btest/scripts/base/protocols/ssl/dhe.test new file mode 100644 index 0000000000..f41cb70fab --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssl/dhe.test @@ -0,0 +1,8 @@ +# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: btest-diff .stdout +# @TEST-EXEC: btest-diff ssl.log + +event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) + { + print "key length in bits", |Ys|*8; + } diff --git a/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro b/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro new file mode 100644 index 0000000000..ba07b6e647 --- /dev/null +++ b/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro @@ -0,0 +1,8 @@ +# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: mv notice.log notice-1.log +# @TEST-EXEC: btest-diff notice-1.log + +@load protocols/ssl/weak-keys + +redef SSL::notify_weak_keys = ALL_HOSTS; +redef SSL::notify_minimal_key_length = 4096; From ef5b021e77c04bcb1921b39dbffa975fc9722a4c Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Sun, 27 Apr 2014 00:09:00 -0700 Subject: [PATCH 5/6] Polish changes for ecdhe/dhe --- scripts/policy/protocols/ssl/weak-keys.bro | 30 +++++++++---------- src/analyzer/protocol/ssl/ssl-defs.pac | 2 +- src/analyzer/protocol/ssl/ssl-protocol.pac | 4 +-- .../{notice-1.log => notice.log} | 10 +++---- .../policy/protocols/ssl/weak-keys.bro | 3 +- 5 files changed, 24 insertions(+), 25 deletions(-) rename testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/{notice-1.log => notice.log} (55%) diff --git a/scripts/policy/protocols/ssl/weak-keys.bro b/scripts/policy/protocols/ssl/weak-keys.bro index 27cfb31554..f8a7b504b3 100644 --- a/scripts/policy/protocols/ssl/weak-keys.bro +++ b/scripts/policy/protocols/ssl/weak-keys.bro @@ -10,7 +10,7 @@ module SSL; export { redef enum Notice::Type += { ## Indicates that a server is using a potentially unsafe key. - SSL_Weak_Key, + Weak_Key, }; ## The category of hosts you would like to be notified about which have @@ -52,10 +52,10 @@ event ssl_established(c: connection) &priority=3 local key_length = cert$key_length; if ( key_length < notify_minimal_key_length ) - NOTICE([$note=SSL_Weak_Key, + NOTICE([$note=Weak_Key, $msg=fmt("Host uses weak certificate with %d bit key", key_length), - $conn=c, $suppress_for=1day, - $identifier=cat(c$id$orig_h, c$id$orig_p, key_length) + $conn=c, $suppress_for=1day, + $identifier=cat(c$id$orig_h, c$id$orig_p, key_length) ]); } @@ -66,25 +66,25 @@ event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) &pri local key_length = |Ys|*8; # key length in bits if ( key_length < notify_minimal_key_length ) - NOTICE([$note=SSL_Weak_Key, - $msg=fmt("Host uses weak DH parameters with %d key bits", key_length), - $conn=c, $suppress_for=1day, - $identifier=cat(c$id$orig_h, c$id$orig_p, key_length) + NOTICE([$note=Weak_Key, + $msg=fmt("Host uses weak DH parameters with %d key bits", key_length), + $conn=c, $suppress_for=1day, + $identifier=cat(c$id$orig_h, c$id$orig_p, key_length) ]); if ( notify_dh_length_shorter_cert_length && c?$ssl && c$ssl?$cert_chain && |c$ssl$cert_chain| > 0 && c$ssl$cert_chain[0]?$x509 && c$ssl$cert_chain[0]$x509?$certificate && c$ssl$cert_chain[0]$x509$certificate?$key_type && - ( c$ssl$cert_chain[0]$x509$certificate$key_type == "rsa" || - c$ssl$cert_chain[0]$x509$certificate$key_type == "dsa" ) ) + ( c$ssl$cert_chain[0]$x509$certificate$key_type == "rsa" || + c$ssl$cert_chain[0]$x509$certificate$key_type == "dsa" ) ) { if ( c$ssl$cert_chain[0]$x509$certificate?$key_length && c$ssl$cert_chain[0]$x509$certificate$key_length > key_length ) - NOTICE([$note=SSL_Weak_Key, - $msg=fmt("DH key length of %d bits is smaller certificate key length of %d bits", - key_length, c$ssl$cert_chain[0]$x509$certificate$key_length), - $conn=c, $suppress_for=1day, - $identifier=cat(c$id$orig_h, c$id$orig_p) + NOTICE([$note=Weak_Key, + $msg=fmt("DH key length of %d bits is smaller certificate key length of %d bits", + key_length, c$ssl$cert_chain[0]$x509$certificate$key_length), + $conn=c, $suppress_for=1day, + $identifier=cat(c$id$orig_h, c$id$orig_p) ]); } } diff --git a/src/analyzer/protocol/ssl/ssl-defs.pac b/src/analyzer/protocol/ssl/ssl-defs.pac index a4074443b9..29eb1d1fb9 100644 --- a/src/analyzer/protocol/ssl/ssl-defs.pac +++ b/src/analyzer/protocol/ssl/ssl-defs.pac @@ -62,7 +62,7 @@ enum SSLExtensions { }; enum ECCurveType { - EXPLICIT_PRIME = 1, + EXPLICIT_PRIME = 1, EXPLICIT_CHAR = 2, NAMED_CURVE = 3 }; diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index 840aca4b84..af220f39de 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -566,7 +566,7 @@ type ServerKeyExchange(rec: SSLRecord) = case $context.connection.chosen_cipher( # We also do not parse the actual signature data following the named curve. type EcServerKeyExchange(rec: SSLRecord) = record { curve_type: uint8; - curve: uint16; # only if curve_type = 3 + curve: uint16; # only if curve_type = 3 (NAMED_CURVE) data: bytestring &restofdata &transient; }; @@ -739,7 +739,7 @@ refine connection SSL_Conn += { function chosen_cipher() : int %{ return chosen_cipher_; %} - function set_cipher(cipher: int64) : bool + function set_cipher(cipher: uint32) : bool %{ chosen_cipher_ = cipher; return true; diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-1.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice.log similarity index 55% rename from testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-1.log rename to testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice.log index a8784bd8c8..b44fb54b70 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-1.log +++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path notice -#open 2014-04-27-06-41-50 +#open 2014-04-27-07-15-32 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude #types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double -1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::SSL_Weak_Key Host uses weak DH parameters with 1024 key bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - - -1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::SSL_Weak_Key DH key length of 1024 bits is smaller certificate key length of 2048 bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - - -1398558136.542637 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::SSL_Weak_Key Host uses weak certificate with 2048 bit key - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - - -#close 2014-04-27-06-41-50 +1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak DH parameters with 1024 key bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - - +1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key DH key length of 1024 bits is smaller certificate key length of 2048 bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - - +1398558136.542637 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 2048 bit key - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - - +#close 2014-04-27-07-15-32 diff --git a/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro b/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro index ba07b6e647..42ef2ecc16 100644 --- a/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro +++ b/testing/btest/scripts/policy/protocols/ssl/weak-keys.bro @@ -1,6 +1,5 @@ # @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT -# @TEST-EXEC: mv notice.log notice-1.log -# @TEST-EXEC: btest-diff notice-1.log +# @TEST-EXEC: btest-diff notice.log @load protocols/ssl/weak-keys From 7d0e5067c76ce5f3719cb203a1b692f78b64eecf Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Sun, 27 Apr 2014 16:25:32 -0700 Subject: [PATCH 6/6] fix broxygen errors --- scripts/policy/protocols/ssl/weak-keys.bro | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/policy/protocols/ssl/weak-keys.bro b/scripts/policy/protocols/ssl/weak-keys.bro index f8a7b504b3..a6f96bfd53 100644 --- a/scripts/policy/protocols/ssl/weak-keys.bro +++ b/scripts/policy/protocols/ssl/weak-keys.bro @@ -32,9 +32,9 @@ export { const notify_dh_length_shorter_cert_length = T &redef; } -## We check key lengths only for DSA or RSA certificates. For others, we do -## not know what is safe (e.g. EC is safe even with very short key lengths). - +# We check key lengths only for DSA or RSA certificates. For others, we do +# not know what is safe (e.g. EC is safe even with very short key lengths). +# event ssl_established(c: connection) &priority=3 { # If there are no certificates or we are not interested in the server, just return.