Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Prepared the old analyzer for extracting SSL extensions.

Browse source
This commit is contained in:
Seth Hall 2011-01-19 11:46:35 -05:00
parent 7ffbac68a4
commit c7a5bf071d
3 changed files with 72 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

44
src/SSLCiphers.cc
View file

@ -319,52 +319,52 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
168, 168,
160 160
}, },
{ TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, { TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
SSL_CIPHER_TYPE_STREAM, SSL_CIPHER_TYPE_STREAM,
SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_RC4, SSL_CIPHER_RC4,
SSL_MAC_MD5, SSL_MAC_MD5,
SSL_KEY_EXCHANGE_DH_ANON_EXPORT, SSL_KEY_EXCHANGE_DH_anon_EXPORT,
0, 0,
40, 40,
128 128
}, },
{ TLS_DH_ANON_WITH_RC4_128_MD5, { TLS_DH_anon_WITH_RC4_128_MD5,
SSL_CIPHER_TYPE_STREAM, SSL_CIPHER_TYPE_STREAM,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_RC4, SSL_CIPHER_RC4,
SSL_MAC_MD5, SSL_MAC_MD5,
SSL_KEY_EXCHANGE_DH_ANON, SSL_KEY_EXCHANGE_DH_anon,
0, 0,
128, 128,
128 128
}, },
{ TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, { TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK, SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_DES40, SSL_CIPHER_DES40,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON, SSL_KEY_EXCHANGE_DH_anon,
0, 0,
40, 40,
160 160
}, },
{ TLS_DH_ANON_WITH_DES_CBC_SHA, { TLS_DH_anon_WITH_DES_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK, SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_DES, SSL_CIPHER_DES,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON, SSL_KEY_EXCHANGE_DH_anon,
0, 0,
56, 56,
160 160
}, },
{ TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, { TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK, SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_3DES, SSL_CIPHER_3DES,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON, SSL_KEY_EXCHANGE_DH_anon,
0, 0,
168, 168,
160 160
@ -522,12 +522,12 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
128, 128,
160 160
}, },
{ TLS_DH_ANON_WITH_AES_128_CBC_SHA, { TLS_DH_anon_WITH_AES_128_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK, SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES, SSL_CIPHER_AES,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON, SSL_KEY_EXCHANGE_DH_anon,
0, 0,
128, 128,
160 160
@ -582,12 +582,12 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
256, 256,
160 160
}, },
{ TLS_DH_ANON_WITH_AES_256_CBC_SHA, { TLS_DH_anon_WITH_AES_256_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK, SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES, SSL_CIPHER_AES,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON, SSL_KEY_EXCHANGE_DH_anon,
0, 0,
256, 256,
160 160
@ -647,7 +647,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA, SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON, SSL_KEY_EXCHANGE_DH_anon,
0, 0,
128, 128,
160 160
@ -707,7 +707,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_CAMELLIA, SSL_CIPHER_CAMELLIA,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON, SSL_KEY_EXCHANGE_DH_anon,
0, 0,
256, 256,
160 160
@ -917,7 +917,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_3DES, SSL_CIPHER_3DES,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_ANON, SSL_KEY_EXCHANGE_ECDH_anon,
0, 0,
168, 168,
160 160
@ -927,7 +927,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES, SSL_CIPHER_AES,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_ANON, SSL_KEY_EXCHANGE_ECDH_anon,
0, 0,
128, 128,
160 160
@ -937,7 +937,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_AES, SSL_CIPHER_AES,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_ANON, SSL_KEY_EXCHANGE_ECDH_anon,
0, 0,
256, 256,
160 160
@ -947,7 +947,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_NULL, SSL_CIPHER_NULL,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_ANON, SSL_KEY_EXCHANGE_ECDH_anon,
0, 0,
0, 0,
160 160
@ -957,7 +957,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_RC4, SSL_CIPHER_RC4,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_ECDH_ANON, SSL_KEY_EXCHANGE_ECDH_anon,
0, 0,
128, 128,
160 160
@ -1017,7 +1017,7 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31, SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_SEED, SSL_CIPHER_SEED,
SSL_MAC_SHA, SSL_MAC_SHA,
SSL_KEY_EXCHANGE_DH_ANON, SSL_KEY_EXCHANGE_DH_anon,
0, 0,
128, 128,
160 160

48
src/SSLCiphers.h
View file

@ -51,11 +51,11 @@ enum SSL3_1_CipherSpec {
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015, TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017, TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018, TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019, TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A, TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A,
TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B, TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
// --- special SSLv3 ciphers // --- special SSLv3 ciphers
SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C, SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C,
SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D, SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D,
@ -82,13 +82,13 @@ enum SSL3_1_CipherSpec {
TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031, TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034, TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036, TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037, TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A, TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
TLS_RSA_WITH_NULL_SHA256 = 0x003B, TLS_RSA_WITH_NULL_SHA256 = 0x003B,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
@ -101,7 +101,7 @@ enum SSL3_1_CipherSpec {
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043,
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045,
TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046, TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046,
// -- Non-RFC. Widely deployed implementation (ciphers not fully described in SSLCiphers.cc) // -- Non-RFC. Widely deployed implementation (ciphers not fully described in SSLCiphers.cc)
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060, TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060,
TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061, TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061,
@ -116,15 +116,15 @@ enum SSL3_1_CipherSpec {
TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069, TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C, TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D, TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
// -- RFC 5932 // -- RFC 5932
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084,
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085,
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088,
TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089, TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089,
// -- RFC 4279 (ciphers not fully described in SSLCiphers.cc) // -- RFC 4279 (ciphers not fully described in SSLCiphers.cc)
TLS_PSK_WITH_RC4_128_SHA = 0x008A, TLS_PSK_WITH_RC4_128_SHA = 0x008A,
TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
@ -144,7 +144,7 @@ enum SSL3_1_CipherSpec {
TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098, TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098,
TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099, TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099,
TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A, TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B, TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B,
// -- RFC 5288 (ciphers not fully described in SSLCiphers.cc) // -- RFC 5288 (ciphers not fully described in SSLCiphers.cc)
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
@ -156,8 +156,8 @@ enum SSL3_1_CipherSpec {
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4, TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5, TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6, TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7, TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
// -- RFC 5487 (ciphers not fully described in SSLCiphers.cc) // -- RFC 5487 (ciphers not fully described in SSLCiphers.cc)
TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
@ -183,13 +183,13 @@ enum SSL3_1_CipherSpec {
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC,
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE,
TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF, TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF,
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0,
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1,
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5, TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
// -- RFC 4492 // -- RFC 4492
TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001, TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002, TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
@ -211,11 +211,11 @@ enum SSL3_1_CipherSpec {
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015, TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016, TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018, TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019, TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
// -- RFC 5054 (ciphers not fully described in SSLCiphers.cc) // -- RFC 5054 (ciphers not fully described in SSLCiphers.cc)
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A, TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A,
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B, TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B,
@ -299,8 +299,8 @@ enum SSL_KeyExchangeAlgorithm {
SSL_KEY_EXCHANGE_DHE_DSS_EXPORT, SSL_KEY_EXCHANGE_DHE_DSS_EXPORT,
SSL_KEY_EXCHANGE_DHE_RSA, SSL_KEY_EXCHANGE_DHE_RSA,
SSL_KEY_EXCHANGE_DHE_RSA_EXPORT, SSL_KEY_EXCHANGE_DHE_RSA_EXPORT,
SSL_KEY_EXCHANGE_DH_ANON, SSL_KEY_EXCHANGE_DH_anon,
SSL_KEY_EXCHANGE_DH_ANON_EXPORT, SSL_KEY_EXCHANGE_DH_anon_EXPORT,
SSL_KEY_EXCHANGE_FORTEZZA_KEA, SSL_KEY_EXCHANGE_FORTEZZA_KEA,
// --- new 56 bit export ciphers // --- new 56 bit export ciphers
SSL_KEY_EXCHANGE_RSA_EXPORT1024, SSL_KEY_EXCHANGE_RSA_EXPORT1024,
@ -310,7 +310,7 @@ enum SSL_KeyExchangeAlgorithm {
SSL_KEY_EXCHANGE_ECDHE_ECDSA, SSL_KEY_EXCHANGE_ECDHE_ECDSA,
SSL_KEY_EXCHANGE_ECDH_RSA, SSL_KEY_EXCHANGE_ECDH_RSA,
SSL_KEY_EXCHANGE_ECDHE_RSA, SSL_KEY_EXCHANGE_ECDHE_RSA,
SSL_KEY_EXCHANGE_ECDH_ANON, SSL_KEY_EXCHANGE_ECDH_anon,
}; };
#if 0 #if 0

46
src/SSLv3.cc
View file

@ -195,7 +195,7 @@ void SSLv3_Interpreter::printStats()
printf( "SSLv3x:\n" ); printf( "SSLv3x:\n" );
printf( "Note: Because handshake messages may be coalesced into a \n"); printf( "Note: Because handshake messages may be coalesced into a \n");
printf( " single SSLv3x record, the number of total messages for SSLv3x plus \n"); printf( " single SSLv3x record, the number of total messages for SSLv3x plus \n");
printf( " the number of total records seen for SSLv2 won't match \n"); printf( " the number of total records seen for SSLv3 won't match \n");
printf( " SSLProxy_Analyzer::totalRecords! \n"); printf( " SSLProxy_Analyzer::totalRecords! \n");
printf( "total connections = %u\n", totalConnections ); printf( "total connections = %u\n", totalConnections );
printf( "opened connections (complete handshake) = %u\n", openedConnections ); printf( "opened connections (complete handshake) = %u\n", openedConnections );
@ -554,7 +554,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
} }
else else
{ {
if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 ) if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
{ {
if ( rec->length < 2 ) if ( rec->length < 2 )
{ {
@ -595,11 +595,11 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
switch (cipherSuite) switch (cipherSuite)
{ {
case TLS_NULL_WITH_NULL_NULL: case TLS_NULL_WITH_NULL_NULL:
case TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5: case TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:
case TLS_DH_ANON_WITH_RC4_128_MD5: case TLS_DH_anon_WITH_RC4_128_MD5:
case TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA: case TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
case TLS_DH_ANON_WITH_DES_CBC_SHA: case TLS_DH_anon_WITH_DES_CBC_SHA:
case TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA: case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
{ {
Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!"); Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!");
break; break;
@ -618,7 +618,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
break; break;
} }
if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT ) if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT )
Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!"); Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!");
// FIXME: Insert weird checks! // FIXME: Insert weird checks!
@ -654,7 +654,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
} }
else else
{ {
if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 ) if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
{ {
if ( rec->length < 2 ) if ( rec->length < 2 )
{ {
@ -1328,7 +1328,9 @@ int SSLv3_HandshakeRecord::checkClientHello()
version != SSLProxy_Analyzer::SSLv31 ) version != SSLProxy_Analyzer::SSLv31 )
endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Client hello!"); endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Client hello!");
uint8 sessionIDLength = uint8(data[38]); uint16 offset = 38;
uint8 sessionIDLength = uint8(data[offset]);
offset += (1 + sessionIDLength);
if ( sessionIDLength > 32 ) if ( sessionIDLength > 32 )
{ {
endp->Interpreter()->Weird("SSLv3x: SessionID too long in Client hello!"); endp->Interpreter()->Weird("SSLv3x: SessionID too long in Client hello!");
@ -1336,33 +1338,37 @@ int SSLv3_HandshakeRecord::checkClientHello()
} }
uint16 cipherSuiteLength = uint16 cipherSuiteLength =
uint16(data[39 + sessionIDLength] << 8 ) | uint16(data[offset] << 8) | data[offset+1];
data[40 + sessionIDLength]; offset += (2 + cipherSuiteLength);
if ( cipherSuiteLength < 2 ) if ( cipherSuiteLength < 2 )
endp->Interpreter()->Weird("SSLv3x: CipherSuite length too small!"); endp->Interpreter()->Weird("SSLv3x: CipherSuite length too small!");
if ( cipherSuiteLength + sessionIDLength + 41 > recordLength ) if ( offset > recordLength )
{ {
endp->Interpreter()->Weird("SSLv3x: Client hello too small, corrupt length fields!"); endp->Interpreter()->Weird("SSLv3x: Client hello too small, corrupt length fields!");
return 0; return 0;
} }
uint8 compressionMethodLength = uint8 compressionMethodLength = uint8(data[offset]);
uint8(data[41 + sessionIDLength + cipherSuiteLength]); offset += (1 + compressionMethodLength);
if ( compressionMethodLength < 1 ) if ( compressionMethodLength < 1 )
endp->Interpreter()->Weird("SSLv3x: CompressionMethod length too small!"); endp->Interpreter()->Weird("SSLv3x: CompressionMethod length too small!");
if ( sessionIDLength + cipherSuiteLength + if ( offset != length )
compressionMethodLength + 38 != length )
{ {
uint16 sslExtensionsLength = uint16 sslExtensionsLength =
uint16(data[41 + sessionIDLength + cipherSuiteLength + compressionMethodLength + 1 ] << 8 ) | data[41 + sessionIDLength + cipherSuiteLength + compressionMethodLength + 2 ]; uint16(data[offset] << 8 ) | data[offset+1];
offset += 2;
if ( sslExtensionsLength < 4 ) if ( sslExtensionsLength < 4 )
endp->Interpreter()->Weird("SSLv3x: Extensions length too small!"); endp->Interpreter()->Weird("SSLv3x: Extensions length too small!");
if ( sessionIDLength + cipherSuiteLength +
compressionMethodLength + 2 + sslExtensionsLength + 38 != length ) // TODO: extract SSL extensions here
offset += sslExtensionsLength;
if ( offset != length+4 )
{ {
endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!"); endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!");
return 0; return 0;