Parse pre-shared-key extension.

No documentation yet...
2025-10-17 14:08:20 +00:00 · 2019-04-22 23:02:08 +02:00 · 2019-04-22 23:02:08 +02:00 · e85a016521
commit e85a016521
parent 5ba46eaa71
8 changed files with 162 additions and 3 deletions
--- a/src/analyzer/protocol/ssl/events.bif
+++ b/src/analyzer/protocol/ssl/events.bif
@ -182,6 +182,9 @@ event ssl_extension_signature_algorithm%(c: connection, is_orig: bool, signature
 ##    ssl_rsa_client_pms ssl_server_signature
 event ssl_extension_key_share%(c: connection, is_orig: bool, curves: index_vec%);

+event ssl_extension_pre_shared_key_client_hello%(c: connection, is_orig: bool, identities: psk_identity_vec, binders: string_vec%);
+event ssl_extension_pre_shared_key_server_hello%(c: connection, is_orig: bool, selected_identity: count%);
+
 ## Generated if a named curve is chosen by the server for an SSL/TLS connection.
 ## The curve is sent by the server in the ServerKeyExchange message as defined
 ## in :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen.
--- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
@ -411,6 +411,50 @@ refine connection Handshake_Conn += {
 		return true;
 		%}

+	function proc_pre_shared_key_server_hello(rec: HandshakeRecord, identities: PSKIdentitiesList, binders: PSKBindersList) : bool
+		%{
+		if ( ! ssl_extension_pre_shared_key_server_hello )
+			return true;
+
+		VectorVal* slist = new VectorVal(internal_type("psk_identity_vec")->AsVectorType());
+
+		if ( identities && identities->identities() )
+			{
+			uint32 i = 0;
+			for ( auto&& identity : *(identities->identities()) )
+				{
+				RecordVal* el = new RecordVal(BifType::Record::SSL::PSKIdentity);
+				el->Assign(0, new StringVal(identity->identity().length(), (const char*) identity->identity().data()));
+				el->Assign(1, val_mgr->GetCount(identity->obfuscated_ticket_age()));
+				slist->Assign(i++, el);
+				}
+			}
+
+		VectorVal* blist = new VectorVal(internal_type("string_vec")->AsVectorType());
+		if ( binders && binders->binders() )
+			{
+			uint32 i = 0;
+			for ( auto&& binder : *(binders->binders()) )
+				blist->Assign(i++, new StringVal(binder->binder().length(), (const char*) binder->binder().data()));
+			}
+
+		BifEvent::generate_ssl_extension_pre_shared_key_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
+			${rec.is_orig}, slist, blist);
+
+		return true;
+		%}
+
+	function proc_pre_shared_key_client_hello(rec: HandshakeRecord, selected_identity: uint16) : bool
+		%{
+		if ( ! ssl_extension_pre_shared_key_client_hello )
+			return true;
+
+		BifEvent::generate_ssl_extension_pre_shared_key_server_hello(bro_analyzer(),
+			bro_analyzer()->Conn(), ${rec.is_orig}, selected_identity);
+
+		return true;
+		%}
+
 };

 refine typeattr ClientHello += &let {
@ -520,6 +564,14 @@ refine typeattr PSKKeyExchangeModes += &let {
 	proc : bool = $context.connection.proc_psk_key_exchange_modes(rec, modes);
 };

+refine typeattr OfferedPsks += &let {
+	proc : bool = $context.connection.proc_pre_shared_key_server_hello(rec, identities, binders);
+};
+
+refine typeattr SelectedPreSharedKeyIdentity += &let {
+	proc : bool = $context.connection.proc_pre_shared_key_client_hello(rec, selected_identity);
+};
+
 refine typeattr Handshake += &let {
 	proc : bool = $context.connection.proc_handshake(rec.is_orig, rec.msg_type, rec.msg_length);
 };
--- a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac
@ -778,6 +778,7 @@ type SSLExtension(rec: HandshakeRecord) = record {
 		EXT_KEY_SHARE -> key_share: KeyShare(rec)[] &until($element == 0 || $element != 0);
 		EXT_SUPPORTED_VERSIONS -> supported_versions_selector: SupportedVersionsSelector(rec, data_len)[] &until($element == 0 || $element != 0);
 		EXT_PSK_KEY_EXCHANGE_MODES -> psk_key_exchange_modes: PSKKeyExchangeModes(rec)[] &until($element == 0 || $element != 0);
+		EXT_PRE_SHARED_KEY -> pre_shared_key: PreSharedKey(rec)[] &until($element == 0 || $element != 0);
 		default -> data: bytestring &restofdata;
 	};
 } &length=data_len+4 &exportsourcedata;
@ -864,6 +865,43 @@ type KeyShare(rec: HandshakeRecord) = case rec.msg_type of {
 	default -> other : bytestring &restofdata &transient;
 };

+type SelectedPreSharedKeyIdentity(rec: HandshakeRecord) = record {
+	selected_identity: uint16;
+};
+
+type PSKIdentity() = record {
+	length: uint16;
+	identity: bytestring &length=length;
+	obfuscated_ticket_age: uint32;
+};
+
+type PSKIdentitiesList() = record {
+	length: uint16;
+	identities: PSKIdentity[] &until($input.length() == 0);
+} &length=length+2;
+
+type PSKBinder() = record {
+	length: uint8;
+	binder: bytestring &length=length;
+};
+
+type PSKBindersList() = record {
+	length: uint16;
+	binders: PSKBinder[] &until($input.length() == 0);
+} &length=length+2;
+
+type OfferedPsks(rec: HandshakeRecord) = record {
+	identities: PSKIdentitiesList;
+	binders: PSKBindersList;
+};
+
+type PreSharedKey(rec: HandshakeRecord) = case rec.msg_type of {
+	CLIENT_HELLO -> offered_psks : OfferedPsks(rec);
+	SERVER_HELLO -> selected_identity : SelectedPreSharedKeyIdentity(rec);
+	# ... well, we don't parse hello retry requests yet, because I don't have an example of them on the wire.
+	default -> other : bytestring &restofdata &transient;
+};
+
 type SignatureAlgorithm(rec: HandshakeRecord) = record {
 	length: uint16;
 	supported_signature_algorithms: SignatureAndHashAlgorithm[] &until($input.length() == 0);
--- a/src/analyzer/protocol/ssl/types.bif
+++ b/src/analyzer/protocol/ssl/types.bif
@ -1,5 +1,6 @@
 module SSL;

 type SignatureAndHashAlgorithm: record;
+type PSKIdentity: record;

 module GLOBAL;