From c1c0cb6f3c4c4963f9a47c44008b60f6a3907cb8 Mon Sep 17 00:00:00 2001 From: Florian Wilkens Date: Wed, 5 May 2021 15:46:20 +0200 Subject: [PATCH] analyzer/ssl: Formatting, printf -> DBG_LOG, namespacing --- scripts/policy/protocols/ssl/decryption.zeek | 8 +++--- src/analyzer/protocol/ssl/DTLS.cc | 8 +++--- src/analyzer/protocol/ssl/SSL.cc | 27 ++++++++++---------- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/scripts/policy/protocols/ssl/decryption.zeek b/scripts/policy/protocols/ssl/decryption.zeek index 982dc12154..1bd5eed622 100644 --- a/scripts/policy/protocols/ssl/decryption.zeek +++ b/scripts/policy/protocols/ssl/decryption.zeek @@ -53,14 +53,14 @@ event zeek_init() } } -event SSL::add_keys(client_random: string, keys: string) +event SSL::add_keys(client_random: string, val: string) { - SSL::keys[client_random] = keys; + SSL::keys[client_random] = val; } -event SSL::add_secret(client_random: string, secret: string) +event SSL::add_secret(client_random: string, val: string) { - SSL::secrets[client_random] = secret; + SSL::secrets[client_random] = val; } event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) diff --git a/src/analyzer/protocol/ssl/DTLS.cc b/src/analyzer/protocol/ssl/DTLS.cc index ee823148bd..faded0d56d 100644 --- a/src/analyzer/protocol/ssl/DTLS.cc +++ b/src/analyzer/protocol/ssl/DTLS.cc @@ -49,9 +49,9 @@ void DTLS_Analyzer::EndOfData(bool is_orig) } uint16_t DTLS_Analyzer::GetNegotiatedVersion() const - { - return handshake_interp->chosen_version(); - } + { + return handshake_interp->chosen_version(); + } void DTLS_Analyzer::SendHandshake(uint16_t raw_tls_version, uint8_t msg_type, uint32_t length, const u_char* begin, const u_char* end, bool orig) { @@ -74,7 +74,7 @@ void DTLS_Analyzer::SendHandshake(uint16_t raw_tls_version, uint8_t msg_type, ui bool DTLS_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool is_orig, uint8_t content_type, uint16_t raw_tls_version) { - // noop for now as DTLS decryption is currently not supported + // noop for now as DTLS decryption is currently not supported } } // namespace zeek::analyzer::dtls diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc index 6fd2349fa1..6f92bdbfcf 100644 --- a/src/analyzer/protocol/ssl/SSL.cc +++ b/src/analyzer/protocol/ssl/SSL.cc @@ -13,16 +13,6 @@ #include #include -#define MSB(a) ((a>>8)&0xff) -#define LSB(a) (a&0xff) - -static void fmt_seq(uint32_t num, u_char* buf) - { - memset(buf, 0, 8); - uint32_t netnum = htonl(num); - memcpy(buf+4, &netnum, 4); - } - static void print_hex(std::string name, u_char* data, int len) { int i = 0; @@ -78,6 +68,16 @@ abort: namespace zeek::analyzer::ssl { +#define MSB(a) ((a>>8)&0xff) +#define LSB(a) (a&0xff) + +static void fmt_seq(uint32_t num, u_char* buf) + { + memset(buf, 0, 8); + uint32_t netnum = htonl(num); + memcpy(buf+4, &netnum, 4); + } + SSL_Analyzer::SSL_Analyzer(Connection* c) : analyzer::tcp::TCP_ApplicationAnalyzer("SSL", c) { @@ -193,15 +193,14 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i auto cipher = handshake_interp->chosen_cipher(); if ( cipher != 0xC030 ) { - //printf("Unsupported cipher suite: %d\n", cipher); + DBG_LOG(DBG_ANALYZER, "Unsupported cipher suite: %d\n", cipher); return false; } // Neither secret or key present: abort if ( secret->Len() == 0 && keys->Len() == 0 ) { - // FIXME: this is just for debugging - printf("Could not decrypt packet (missing key):\n"); + DBG_LOG(DBG_ANALYZER, "Could not decrypt packet due to missing key\n"); print_hex("->client_random:", handshake_interp->client_random().data(), handshake_interp->client_random().length()); return false; } @@ -293,7 +292,7 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i int res = 0; if ( ! (res = EVP_DecryptFinal(ctx, NULL, &res)) ) { - printf("Decryption failed with return code %d. Invalid key?\n", res); + DBG_LOG(DBG_ANALYZER, "Decryption failed with return code: %d. Invalid key?\n", res); EVP_CIPHER_CTX_free(ctx); free(decrypted); return false;