Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

analyzer/ssl: Formatting, printf -> DBG_LOG, namespacing

Browse source
This commit is contained in:
Florian Wilkens 2021-05-05 15:46:20 +02:00
parent f73935aa45
commit c1c0cb6f3c
3 changed files with 21 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/policy/protocols/ssl/decryption.zeek
View file

@ -53,14 +53,14 @@ event zeek_init()
} }
} }
event SSL::add_keys(client_random: string, keys: string) event SSL::add_keys(client_random: string, val: string)
{ {
SSL::keys[client_random] = keys; SSL::keys[client_random] = val;
} }
event SSL::add_secret(client_random: string, secret: string) event SSL::add_secret(client_random: string, val: string)
{ {
SSL::secrets[client_random] = secret; SSL::secrets[client_random] = val;
} }
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)

27
src/analyzer/protocol/ssl/SSL.cc
View file

@ -13,16 +13,6 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/kdf.h> #include <openssl/kdf.h>
#define MSB(a) ((a>>8)&0xff)
#define LSB(a) (a&0xff)
static void fmt_seq(uint32_t num, u_char* buf)
{
memset(buf, 0, 8);
uint32_t netnum = htonl(num);
memcpy(buf+4, &netnum, 4);
}
static void print_hex(std::string name, u_char* data, int len) static void print_hex(std::string name, u_char* data, int len)
{ {
int i = 0; int i = 0;
@ -78,6 +68,16 @@ abort:
namespace zeek::analyzer::ssl { namespace zeek::analyzer::ssl {
#define MSB(a) ((a>>8)&0xff)
#define LSB(a) (a&0xff)
static void fmt_seq(uint32_t num, u_char* buf)
{
memset(buf, 0, 8);
uint32_t netnum = htonl(num);
memcpy(buf+4, &netnum, 4);
}
SSL_Analyzer::SSL_Analyzer(Connection* c) SSL_Analyzer::SSL_Analyzer(Connection* c)
: analyzer::tcp::TCP_ApplicationAnalyzer("SSL", c) : analyzer::tcp::TCP_ApplicationAnalyzer("SSL", c)
{ {
@ -193,15 +193,14 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
auto cipher = handshake_interp->chosen_cipher(); auto cipher = handshake_interp->chosen_cipher();
if ( cipher != 0xC030 ) if ( cipher != 0xC030 )
{ {
//printf("Unsupported cipher suite: %d\n", cipher); DBG_LOG(DBG_ANALYZER, "Unsupported cipher suite: %d\n", cipher);
return false; return false;
} }
// Neither secret or key present: abort // Neither secret or key present: abort
if ( secret->Len() == 0 && keys->Len() == 0 ) if ( secret->Len() == 0 && keys->Len() == 0 )
{ {
// FIXME: this is just for debugging DBG_LOG(DBG_ANALYZER, "Could not decrypt packet due to missing key\n");
printf("Could not decrypt packet (missing key):\n");
print_hex("->client_random:", handshake_interp->client_random().data(), handshake_interp->client_random().length()); print_hex("->client_random:", handshake_interp->client_random().data(), handshake_interp->client_random().length());
return false; return false;
} }
@ -293,7 +292,7 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
int res = 0; int res = 0;
if ( ! (res = EVP_DecryptFinal(ctx, NULL, &res)) ) if ( ! (res = EVP_DecryptFinal(ctx, NULL, &res)) )
{ {
printf("Decryption failed with return code %d. Invalid key?\n", res); DBG_LOG(DBG_ANALYZER, "Decryption failed with return code: %d. Invalid key?\n", res);
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
free(decrypted); free(decrypted);
return false; return false;