diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 78b6bdd645..69f399c9dc 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -147,7 +147,7 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val) #ifndef OPENSSL_NO_EC else if ( pkey->type == EVP_PKEY_EC ) { - pX509Cert->Assign(8, new StringVal("dsa")); + pX509Cert->Assign(8, new StringVal("ecdsa")); pX509Cert->Assign(11, KeyCurve(pkey)); } #endif diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.ecdsa/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.ecdsa/ssl.log new file mode 100644 index 0000000000..66b30f7b7f --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ecdsa/ssl.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2014-11-25-19-14-54 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string +1416942644.508914 CXWv6p3arKYeMETxOg 192.168.4.149 49422 23.92.19.75 443 TLSv12 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 secp384r1 - F - - T Fi6J8q3lDJpbQWAnvi,FDXMnz1NjsQeaBxCU (empty) CN=pantz.org,OU=PositiveSSL,OU=Domain Control Validated CN=COMODO ECC Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - - +#close 2014-11-25-19-14-54 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.ecdsa/x509.log b/testing/btest/Baseline/scripts.base.protocols.ssl.ecdsa/x509.log new file mode 100644 index 0000000000..efed125f6a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ecdsa/x509.log @@ -0,0 +1,11 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path x509 +#open 2014-11-25-19-15-51 +#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len +#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count +1416942644.593119 Fi6J8q3lDJpbQWAnvi 3 F0AFBBF558BF4D1B71FED9CB33793EE4 CN=pantz.org,OU=PositiveSSL,OU=Domain Control Validated CN=COMODO ECC Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB 1415404800.000000 1573171199.000000 id-ecPublicKey ecdsa-with-SHA256 ecdsa 384 - secp384r1 pantz.org,www.pantz.org - - - F - +1416942644.593119 FDXMnz1NjsQeaBxCU 3 510601E63B50673C55EE4E19DA304CA8 CN=COMODO ECC Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB 1394668800.000000 1868054399.000000 id-ecPublicKey ecdsa-with-SHA384 ecdsa 256 - prime256v1 - - - - T 0 +#close 2014-11-25-19-15-52 diff --git a/testing/btest/Traces/tls/ecdsa-cert.pcap b/testing/btest/Traces/tls/ecdsa-cert.pcap new file mode 100644 index 0000000000..8ad7fb70af Binary files /dev/null and b/testing/btest/Traces/tls/ecdsa-cert.pcap differ diff --git a/testing/btest/scripts/base/protocols/ssl/ecdsa.test b/testing/btest/scripts/base/protocols/ssl/ecdsa.test new file mode 100644 index 0000000000..a2db7c2cb5 --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssl/ecdsa.test @@ -0,0 +1,3 @@ +# @TEST-EXEC: bro -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT +# @TEST-EXEC: btest-diff ssl.log +# @TEST-EXEC: btest-diff x509.log