From e85a016521cf2daf613671cd6d03ec380f94810f Mon Sep 17 00:00:00 2001
From: Johanna Amann <johanna@icir.org>
Date: Mon, 22 Apr 2019 23:02:08 +0200
Subject: [PATCH] Parse pre-shared-key extension.

No documentation yet...
---
 scripts/base/init-bare.zeek                   |   6 ++
 src/analyzer/protocol/ssl/events.bif          |   3 +
 .../protocol/ssl/tls-handshake-analyzer.pac   |  52 ++++++++++++++++++
 .../protocol/ssl/tls-handshake-protocol.pac   |  38 +++++++++++++
 src/analyzer/protocol/ssl/types.bif           |   1 +
 .../.stdout                                   |  51 ++++++++++++++++-
 .../Traces/tls/tls13_psk_succesfull.pcap      | Bin 0 -> 4088 bytes
 .../protocols/ssl/tls-extension-events.test   |  14 ++++-
 8 files changed, 162 insertions(+), 3 deletions(-)
 create mode 100644 testing/btest/Traces/tls/tls13_psk_succesfull.pcap

diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek
index 4575b3a694..cc328cd9aa 100644
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@@ -4170,6 +4170,10 @@ export {
 		SignatureAlgorithm: count; ##< Signature algorithm number
 	};
 
+	type PSKIdentity: record {
+		identity: string; ##< PSK identity
+		obfuscated_ticket_age: count;
+	};
 
 ## Number of non-DTLS frames that can occur in a DTLS connection before
 ## parsing of the connection is suspended.
@@ -4191,6 +4195,8 @@ module GLOBAL;
 ##    directly and then remove this alias.
 type signature_and_hashalgorithm_vec: vector of SSL::SignatureAndHashAlgorithm;
 
+type psk_identity_vec: vector of SSL::PSKIdentity;
+
 module X509;
 export {
 	type Certificate: record {
diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif
index 2ef675554f..774017eb9f 100644
--- a/src/analyzer/protocol/ssl/events.bif
+++ b/src/analyzer/protocol/ssl/events.bif
@@ -182,6 +182,9 @@ event ssl_extension_signature_algorithm%(c: connection, is_orig: bool, signature
 ##    ssl_rsa_client_pms ssl_server_signature
 event ssl_extension_key_share%(c: connection, is_orig: bool, curves: index_vec%);
 
+event ssl_extension_pre_shared_key_client_hello%(c: connection, is_orig: bool, identities: psk_identity_vec, binders: string_vec%);
+event ssl_extension_pre_shared_key_server_hello%(c: connection, is_orig: bool, selected_identity: count%);
+
 ## Generated if a named curve is chosen by the server for an SSL/TLS connection.
 ## The curve is sent by the server in the ServerKeyExchange message as defined
 ## in :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen.
diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
index 5cf250c366..8e0ae84455 100644
--- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
@@ -411,6 +411,50 @@ refine connection Handshake_Conn += {
 		return true;
 		%}
 
+	function proc_pre_shared_key_server_hello(rec: HandshakeRecord, identities: PSKIdentitiesList, binders: PSKBindersList) : bool
+		%{
+		if ( ! ssl_extension_pre_shared_key_server_hello )
+			return true;
+
+		VectorVal* slist = new VectorVal(internal_type("psk_identity_vec")->AsVectorType());
+
+		if ( identities && identities->identities() )
+			{
+			uint32 i = 0;
+			for ( auto&& identity : *(identities->identities()) )
+				{
+				RecordVal* el = new RecordVal(BifType::Record::SSL::PSKIdentity);
+				el->Assign(0, new StringVal(identity->identity().length(), (const char*) identity->identity().data()));
+				el->Assign(1, val_mgr->GetCount(identity->obfuscated_ticket_age()));
+				slist->Assign(i++, el);
+				}
+			}
+
+		VectorVal* blist = new VectorVal(internal_type("string_vec")->AsVectorType());
+		if ( binders && binders->binders() )
+			{
+			uint32 i = 0;
+			for ( auto&& binder : *(binders->binders()) )
+				blist->Assign(i++, new StringVal(binder->binder().length(), (const char*) binder->binder().data()));
+			}
+
+		BifEvent::generate_ssl_extension_pre_shared_key_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
+			${rec.is_orig}, slist, blist);
+
+		return true;
+		%}
+
+	function proc_pre_shared_key_client_hello(rec: HandshakeRecord, selected_identity: uint16) : bool
+		%{
+		if ( ! ssl_extension_pre_shared_key_client_hello )
+			return true;
+
+		BifEvent::generate_ssl_extension_pre_shared_key_server_hello(bro_analyzer(),
+			bro_analyzer()->Conn(), ${rec.is_orig}, selected_identity);
+
+		return true;
+		%}
+
 };
 
 refine typeattr ClientHello += &let {
@@ -520,6 +564,14 @@ refine typeattr PSKKeyExchangeModes += &let {
 	proc : bool = $context.connection.proc_psk_key_exchange_modes(rec, modes);
 };
 
+refine typeattr OfferedPsks += &let {
+	proc : bool = $context.connection.proc_pre_shared_key_server_hello(rec, identities, binders);
+};
+
+refine typeattr SelectedPreSharedKeyIdentity += &let {
+	proc : bool = $context.connection.proc_pre_shared_key_client_hello(rec, selected_identity);
+};
+
 refine typeattr Handshake += &let {
 	proc : bool = $context.connection.proc_handshake(rec.is_orig, rec.msg_type, rec.msg_length);
 };
diff --git a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac
index f141a6e9b0..e3b2b88aeb 100644
--- a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac
@@ -778,6 +778,7 @@ type SSLExtension(rec: HandshakeRecord) = record {
 		EXT_KEY_SHARE -> key_share: KeyShare(rec)[] &until($element == 0 || $element != 0);
 		EXT_SUPPORTED_VERSIONS -> supported_versions_selector: SupportedVersionsSelector(rec, data_len)[] &until($element == 0 || $element != 0);
 		EXT_PSK_KEY_EXCHANGE_MODES -> psk_key_exchange_modes: PSKKeyExchangeModes(rec)[] &until($element == 0 || $element != 0);
+		EXT_PRE_SHARED_KEY -> pre_shared_key: PreSharedKey(rec)[] &until($element == 0 || $element != 0);
 		default -> data: bytestring &restofdata;
 	};
 } &length=data_len+4 &exportsourcedata;
@@ -864,6 +865,43 @@ type KeyShare(rec: HandshakeRecord) = case rec.msg_type of {
 	default -> other : bytestring &restofdata &transient;
 };
 
+type SelectedPreSharedKeyIdentity(rec: HandshakeRecord) = record {
+	selected_identity: uint16;
+};
+
+type PSKIdentity() = record {
+	length: uint16;
+	identity: bytestring &length=length;
+	obfuscated_ticket_age: uint32;
+};
+
+type PSKIdentitiesList() = record {
+	length: uint16;
+	identities: PSKIdentity[] &until($input.length() == 0);
+} &length=length+2;
+
+type PSKBinder() = record {
+	length: uint8;
+	binder: bytestring &length=length;
+};
+
+type PSKBindersList() = record {
+	length: uint16;
+	binders: PSKBinder[] &until($input.length() == 0);
+} &length=length+2;
+
+type OfferedPsks(rec: HandshakeRecord) = record {
+	identities: PSKIdentitiesList;
+	binders: PSKBindersList;
+};
+
+type PreSharedKey(rec: HandshakeRecord) = case rec.msg_type of {
+	CLIENT_HELLO -> offered_psks : OfferedPsks(rec);
+	SERVER_HELLO -> selected_identity : SelectedPreSharedKeyIdentity(rec);
+	# ... well, we don't parse hello retry requests yet, because I don't have an example of them on the wire.
+	default -> other : bytestring &restofdata &transient;
+};
+
 type SignatureAlgorithm(rec: HandshakeRecord) = record {
 	length: uint16;
 	supported_signature_algorithms: SignatureAndHashAlgorithm[] &until($input.length() == 0);
diff --git a/src/analyzer/protocol/ssl/types.bif b/src/analyzer/protocol/ssl/types.bif
index a6f7f069cf..c2bce5a44f 100644
--- a/src/analyzer/protocol/ssl/types.bif
+++ b/src/analyzer/protocol/ssl/types.bif
@@ -1,5 +1,6 @@
 module SSL;
 
 type SignatureAndHashAlgorithm: record;
+type PSKIdentity: record;
 
 module GLOBAL;
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout
index 7347ea650f..a840e43bf4 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls-extension-events/.stdout
@@ -45,7 +45,7 @@ sha1, dsa
 sha256, dsa
 sha384, dsa
 sha512, dsa
-supported_versions(, 192.168.6.240, 139.162.123.134
+supported_versions, 192.168.6.240, 139.162.123.134
 TLSv13-draft19
 TLSv12
 TLSv11
@@ -78,7 +78,7 @@ sha1, dsa
 sha256, dsa
 sha384, dsa
 sha512, dsa
-supported_versions(, 192.168.6.240, 139.162.123.134
+supported_versions, 192.168.6.240, 139.162.123.134
 TLSv13-draft19
 TLSv12
 TLSv11
@@ -86,3 +86,50 @@ TLSv10
 psk_key_exchange_modes, 192.168.6.240, 139.162.123.134
 1
 0
+pre_shared_key client hello, 192.168.6.240, 139.162.123.134, [[identity=\x01\xf3\x88\x12\xae\xeb\x13\x01\xed]\xcf\x0b\x8f\xad\xf2\xc1I\x9f-\xfa\xe1\x98\x9f\xb7\x82@\x81Or\x0e\xbe\xfc\xa3\xbc\x8f\x03\x86\xf1\x8e\xae\xd7\xe5\xa2\xee\xf3\xde\xb7\xa5\xf6\\xeb\x18^ICPm!|\x09\xe0NE\xe8\x0f\xda\xf8\xf2\xa8s\x84\x17>\xe5\xd9!\x19\x09\xfe\xdb\xa87\x05\xd7\xd06JG\xeb\xad\xf9\xf8\x13?#\xdc\xe7J\xad\x14\xbfS.\x98\xd8\xd2r\x01\xef\xc5\x0c_\xdf\xc9[7\xa7l\xa7\xa0\xb5\xda\x83\x16\x10\xa1\xdb\xe2<j\xfeN=uU\xd3\xf3[\x021\xb1\xff\xcc\xbbZ\x1d\xab\x14=\xca\x80\x07!d\x06\xbe\xc6\x90\x94\x92S\xcfu\x8e\x92_/\xc9\xf0H\xf3\xd0\xfa\xeb\xb6&, obfuscated_ticket_age=1415540021]], [\xdcJ$\x00L\x12\x87\x929wEed\xbd\xf6\xcb4\x04ip5\x95\xe2X\xca[Kx}\xadHY\xae\xab\xedz\xb3\xcaK=\xa0\x09ER\x0a\x8dO\xe4]
+pre_shared_key server hello, 192.168.6.240, 139.162.123.134, 0
+Point formats, 192.168.178.80, 174.138.9.219, T
+uncompressed
+ansiX962_compressed_prime
+ansiX962_compressed_char2
+Curves, 192.168.178.80, 174.138.9.219
+x25519
+secp256r1
+x448
+secp521r1
+secp384r1
+signature_algorithm, 192.168.178.80, 174.138.9.219
+sha256, ecdsa
+sha384, ecdsa
+sha512, ecdsa
+Intrinsic, ed25519
+Intrinsic, ed448
+Intrinsic, rsa_pss_sha256
+Intrinsic, rsa_pss_sha384
+Intrinsic, rsa_pss_sha512
+Intrinsic, rsa_pss_sha256
+Intrinsic, rsa_pss_sha384
+Intrinsic, rsa_pss_sha512
+sha256, rsa
+sha384, rsa
+sha512, rsa
+sha224, ecdsa
+sha1, ecdsa
+sha224, rsa
+sha1, rsa
+sha224, dsa
+sha1, dsa
+sha256, dsa
+sha384, dsa
+sha512, dsa
+supported_versions, 192.168.178.80, 174.138.9.219
+TLSv13
+TLSv12
+TLSv11
+TLSv10
+psk_key_exchange_modes, 192.168.178.80, 174.138.9.219
+1
+pre_shared_key client hello, 192.168.178.80, 174.138.9.219, [[identity=Client_identity, obfuscated_ticket_age=0]], [\xdbm7\xb6\xb9\xa3\xb29C\xb5\xa3\xa4\8\x95\x94o\x8d'\xd7\x99\x91R\xea\xcb\xa82\x9cb$e\xe9]
+supported_versions, 192.168.178.80, 174.138.9.219
+TLSv13
+pre_shared_key server hello, 192.168.178.80, 174.138.9.219, 0
diff --git a/testing/btest/Traces/tls/tls13_psk_succesfull.pcap b/testing/btest/Traces/tls/tls13_psk_succesfull.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..cdf7fcf132e77c678a97583223da93134b69cbc2
GIT binary patch
literal 4088
zcmb7{3tUun7RS%McNhkchaxW@I4~v{ItT)SK+S^2N93g`E0_TSEvzsQLh7bD61G|+
zK2{bVC@A9!g4joqwngh&7ABY=A+|b+t-^|BrsM;1+;e7zmKnhG|KZGi{ki||{hi-A
zbI07$(!2x!B7;1}Ft~l99}L*R^3>$q^enkJEj1}6HAlQOBP)3sP5~B7VWq!cf}aln
z2UajEDQ88xT<qm9^_5P;>jIbwxyjind70T__l)$V*~v-S;<r+Bmeb9=r2bMb@zkl}
zKV)ZTr2ck#Mu61Ycbe2|GA)3En21NL-_l)Kj8r+T@Y{I>B7j{fF^M26J5|1Xc?Qn1
zf%V~%J#ndl4eOs2^uefRSNb2CE5z7N2RK^ZGl9oHm#d?2pQ5DUAMQaO8*XZH!)J<M
zHh_%&WJ2qBzT#+1&HHATTbr1ANyiOmoD3hbPo4<lab<x?EyHm_h7p;2L(d7iCSd84
zQ3z;*Y{ZUR{jmVIBJC9&3o-4`9}`p6TPpQ@Jf_gm=*YB8LB!-Ibb6h5h>NLjZEAIi
z%0R9OWur73);-cPRSQ^=d1A!qhs1<@rkC0>6Rvxj1{!ja#zS!t4{>e4pg~+}<O;!k
zia}bTxH8h}4I`~4AX}!wMr41`23OW;bcMJKIas{sP#m;AafoRG4&vCmN~Qi5!6}S6
zm_{9k<@q5w97XoB&kZ^3IfmKB08_|u54u(@ihEp~mQ;6DHRqU9PIu$Kc6@p*FYrG;
zJFR0UxO^ZEEAY4~UAuCpGB5OTL`AGLsPl;P#>&55iQQf9UG?~KDdgC)wwx`)PvNIQ
zX;WoWMbjbPgZG5J{6yXzmhlqa4gSQN^P?evH{)$#Ivj?orkbY1P1UdmDx0dH8V;fP
zD<Bwxcz@mxK7wOV1Y5xuj=&~<2JZ`Xa1<@P1w5e!l<)*aXax%paKNx&4kIweg9A8&
z6F7ndC9}tHz_5gAAQf;XoRAZlibNtak-5l1BoLX1gaXEd5u!<0j$>GcV_8<fny^9^
zJituE2{^jKz*Jxv29YPhL|j5FESTanW>@Q1;3>_icRZ*JnOBzeVn)Z>T&s*z$A9$7
zgvr<k?7%uSBRy4~n~<J@pXs@)kOaU*d^vMQ-N)re1456Nt6uXj+Mcz^t$pX#`Q42b
z-X%*XrryL!&r(0+3-ZSnx+@Oy$GOKUbvW)*45}ZW;%KU$e0!t%$&_?-)+ub5-l`m(
zKN2JC#$xSU36-hVn3Yvz81kU%L;96Ch$oFE;2@qvjY=)SV+vy)#;!Pqc-Hw0$>YfM
z9!)dkvFA8Y;8U;WxZ|JaYZ@m0q-<||P;ug%`$hhAL&~ItOT7tO-L0%G3)cLuUu`++
ziXOmn0?ey6t0voh^7y-lSNx)CKQ`xJ{NysXZSO>{{q9}K<uCm9{msG(vx<w4MhJ#+
zz)y!(afR#KMH;6<w|vcKniJznKXfX0>b9b5zVBRJz0u_5Gk=CJr51L_ZWoT<8M~m@
z-sP2^HO+UwzjgZlOR6>HVEt|BejDF7)BU%D9oa{X8x8V4oX(`LaevB3okLJ_3gf;&
z&0jV|f9kAjb%~C`{xnMUN1e`?a}DL*FyHvhL*~1`Kb^trG$`M$a6p}p`xJvXa`haO
z4EvLw!%;M95q_KL`=plR|5E#Q{cz-=>}~HGi|al<|8sqT&w^Rbk2VG@9cfk)&^#vL
zY;Q+lzH;}<+6!s-`d+oP{jc=imGBYB@GNyi{G_LX1jj+ou~>0H9e~FagM2F~o~QNg
z3x>Xpj>0;+uR!0fQ|g`rwG1Xr$q?OsZ82e$N}u|I!nr9`eC5i>8k@A_ndkm3t3BJ}
zCN`b!&nZ+ZEaVp!rCeRM$7z3S(QLE!u$H{9_Z_bYcV*14t=c?k%SUtM<9A2DF1OpP
zNcTQn`@sI2o`SuuwQ&I>!Z#^zCXRjga^aS$n$TYZyB79d%^!7l3E#kTCU?HLmmGJZ
z)PJ+GzSVwq%p=*M-kJ>?HCJ3`rO#dvcbl)RxLEp~IQUlR?)LVZTP2;%X39^~*wLO7
zUpTq`XjpF7f_T}*_G{k@lBTS<-j;XwLU6Wg=!BQW4ua!5?m6vUct>zH{F|1z-ny3k
z|8!U=l(f{}3~3(so(qp!4%DCI9qN0IbT{_%C#Zi2&ZijUqv8B~zttrs82xOuzq{W@
zzc^D43^~|gIQsouhSzD34?0(!R4>MTia{KadOt@R`B}%|D6;y?ync?pDa1iO7@akv
zsAoy@`Zr&Bcs*$$ze^sWw13k;r{Va@kb!g>*ze^<pFFMK&)4>QTSK451WP))tf}9Z
z;5#kVTVll6N^j_!GJft(w=bJZP8#YpT;BToeKj)CAibJ0+SG60K811JKuqzg+Pb+v
zBoEe2WqUu5OFr>vn{4FmJ<jqw9*^$r3OVDtO|xsm{gjZRzUgT*tHav9UM+t%R$?^v
z*bQWTUXOKIqsQXNWADf4SiKqMrNjuAd_#`ma!4LSJr!cy8o#^aDWLPjS%yJ_G_^V3
zt;Uyapcv%A2)zfR3_YmlL=S4r`#FW>#7Uak?)$;BsH@|%UxR*3Jo(zLul{~_{0BOI
zZLVSXclI)5FxD{;`JP)xH?58%MOFnD4EdgoqrX-M*20dcTTiQn1=?B|Y2>{)tOYl!
zh4om?x>|4>=gkPq`%W)8>>`W*Nymea4fI<^tB*qW+h*Wznf_WB$n#>%Q+Z;wJk~}$
z@yO$@<(X^9b70)1OOat&q?UgD=jAD$_f(#RS{@rC9-TfTQ6F^LKz$aSa%`I&-DCND
oJd`&Y<m(pXd2Zjhqi^D={?<C_craI|5+mHk={SDRzqJ1U0I1DVbpQYW

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test b/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test
index b8f3d42242..59209910a6 100644
--- a/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test
+++ b/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test
@@ -1,5 +1,6 @@
 # @TEST-EXEC: bro -C -r $TRACES/tls/chrome-34-google.trace %INPUT
 # @TEST-EXEC: bro -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT
+# @TEST-EXEC: bro -C -r $TRACES/tls/tls13_psk_succesfull.pcap %INPUT
 # @TEST-EXEC: btest-diff .stdout
 
 event ssl_extension_elliptic_curves(c: connection, is_orig: bool, curves: index_vec)
@@ -37,7 +38,7 @@ event ssl_extension_signature_algorithm(c: connection, is_orig: bool, signature_
 
 event ssl_extension_supported_versions(c: connection, is_orig: bool, versions: index_vec)
 	{
-	print "supported_versions(", c$id$orig_h, c$id$resp_h;
+	print "supported_versions", c$id$orig_h, c$id$resp_h;
 	for ( i in versions )
 		print SSL::version_strings[versions[i]];
 	}
@@ -48,3 +49,14 @@ event ssl_extension_psk_key_exchange_modes(c: connection, is_orig: bool, modes:
 	for ( i in modes )
 		print modes[i];
 	}
+
+event ssl_extension_pre_shared_key_client_hello(c: connection, is_orig: bool, identities: psk_identity_vec, binders: string_vec)
+	{
+	print "pre_shared_key client hello", c$id$orig_h, c$id$resp_h, identities, binders;
+
+	}
+
+event ssl_extension_pre_shared_key_server_hello(c: connection, is_orig: bool, selected_identity: count)
+	{
+	print "pre_shared_key server hello", c$id$orig_h, c$id$resp_h, selected_identity;
+	}