Merge remote-tracking branch 'origin/topic/johanna/tls13'

BIT-1727 #merged * origin/topic/johanna/tls13: Better way to deal with overloaded Assign constructors. A few tabbing fixes in TLS 1.3 support TLS 1.3 support.
2025-10-02 14:48:21 +00:00 · 2016-10-13 15:48:27 -07:00 · 2016-10-13 15:48:27 -07:00 · c9d449e363
commit c9d449e363
parent 38f6ca87ae eb3a3bc807
23 changed files with 449 additions and 83 deletions
--- a/scripts/base/protocols/ssl/consts.bro
+++ b/scripts/base/protocols/ssl/consts.bro
@ -6,6 +6,7 @@ export {
 	const TLSv10 = 0x0301;
 	const TLSv11 = 0x0302;
 	const TLSv12 = 0x0303;
+	const TLSv13 = 0x0304;

 	const DTLSv10 = 0xFEFF;
 	# DTLSv11 does not exist
@ -18,9 +19,16 @@ export {
 		[TLSv10] = "TLSv10",
 		[TLSv11] = "TLSv11",
 		[TLSv12] = "TLSv12",
+		[TLSv13] = "TLSv13",
 		[DTLSv10] = "DTLSv10",
 		[DTLSv12] = "DTLSv12"
-	} &default=function(i: count):string { return fmt("unknown-%d", i); };
+	} &default=function(i: count):string
+		{
+		if ( i/0xFF == 0x7F ) # TLS 1.3 draft
+		  return fmt("TLSv13-draft%d", i % 0x7F );
+
+		return fmt("unknown-%d", i);
+		};

 	## TLS content types:
 	const CHANGE_CIPHER_SPEC = 20;
@ -39,6 +47,8 @@ export {
 	const SERVER_HELLO        = 2;
 	const HELLO_VERIFY_REQUEST = 3; # RFC 6347
 	const SESSION_TICKET      = 4; # RFC 5077
+	const HELLO_RETRY_REQUEST = 6; # draft-ietf-tls-tls13-16
+	const ENCRYPTED_EXTENSIONS = 8; # draft-ietf-tls-tls13-16
 	const CERTIFICATE         = 11;
 	const SERVER_KEY_EXCHANGE = 12;
 	const CERTIFICATE_REQUEST = 13;
@ -49,6 +59,7 @@ export {
 	const CERTIFICATE_URL     = 21; # RFC 3546
 	const CERTIFICATE_STATUS  = 22; # RFC 3546
 	const SUPPLEMENTAL_DATA   = 23; # RFC 4680
+	const KEY_UPDATE          = 24; # draft-ietf-tls-tls13-16

 	## Mapping between numeric codes and human readable strings for alert
 	## levels.
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@ -1,6 +1,7 @@
 ##! Base SSL analysis script.  This script logs information about the SSL/TLS
 ##! handshaking and encryption establishment process.

+@load base/frameworks/notice/weird
@load ./consts

 module SSL;
@ -16,7 +17,9 @@ export {
 		uid:              string           &log;
 		## The connection's 4-tuple of endpoint addresses/ports.
 		id:               conn_id          &log;
-		## SSL/TLS version that the server offered.
+		## Numeric SSL/TLS version that the server chose.
+		version_num:      count            &optional;
+		## SSL/TLS version that the server chose.
 		version:          string           &log &optional;
 		## SSL/TLS cipher suite that the server chose.
 		cipher:           string           &log &optional;
@ -40,6 +43,13 @@ export {
 		## by the client. This value is used to determine if a session
 		## is being resumed. It's not logged.
 		client_key_exchange_seen: bool     &default=F;
+		## Count to track if the server already sent an application data
+		## packet fot TLS 1.3. Used to track when a session was established.
+		server_appdata:   count            &default=0;
+		## Flag to track if the client already sent an application data
+		## packet fot TLS 1.3. Used to track when a session was established.
+		client_appdata:   bool             &default=F;
+
 		## Last alert that was seen during the connection.
 		last_alert:       string           &log &optional;
 		## Next protocol the server chose using the application layer
@ -183,6 +193,7 @@ event ssl_server_hello(c: connection, version: count, possible_ts: time, server_
 	{
 	set_session(c);

+	c$ssl$version_num = version;
 	c$ssl$version = version_strings[version];
 	c$ssl$cipher = cipher_desc[cipher];

@ -197,6 +208,15 @@ event ssl_server_curve(c: connection, curve: count) &priority=5
 	c$ssl$curve = ec_curves[curve];
 	}

+event ssl_extension_key_share(c: connection, is_orig: bool, curves: index_vec)
+	{
+	if ( is_orig || |curves| != 1 )
+		return;
+
+	set_session(c);
+	c$ssl$curve = ec_curves[curves[0]];
+	}
+
 event ssl_extension_server_name(c: connection, is_orig: bool, names: string_vec) &priority=5
 	{
 	set_session(c);
@ -282,6 +302,50 @@ event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &pr
 		}
 	}

+event ssl_application_data(c: connection, is_orig: bool, length: count)
+	{
+	set_session(c);
+
+	if ( ! c$ssl?$version || c$ssl$established )
+		return;
+
+	if ( c$ssl$version_num/0xFF != 0x7F && c$ssl$version_num != TLSv13 )
+		{
+		local wi = Weird::Info($ts=network_time(), $name="ssl_early_application_data", $uid=c$uid, $id=c$id);
+		Weird::weird(wi);
+		return;
+		}
+
+	if ( is_orig )
+		{
+		c$ssl$client_appdata = T;
+		return;
+		}
+
+	if ( c$ssl$client_appdata && c$ssl$server_appdata == 0 )
+		{
+		# something went wrong in the handshake here - we can't say if it was established. Just abort.
+		return;
+		}
+  else if ( ! c$ssl$client_appdata && c$ssl$server_appdata == 0 )
+		{
+		c$ssl$server_appdata = 1;
+		return;
+		}
+	else if ( c$ssl$client_appdata && c$ssl$server_appdata == 1 )
+		{
+		# wait for one more packet before we believe it was established. This one could be an encrypted alert.
+		c$ssl$server_appdata = 2;
+		return;
+		}
+	else if ( c$ssl$client_appdata && c$ssl$server_appdata == 2 )
+		{
+		set_ssl_established(c);
+		event ssl_established(c);
+		return;
+		}
+	}
+
 event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count,
                         reason: string) &priority=5
 	{