Commit graph

10 commits

Author SHA1 Message Date
Johanna Amann
e14eddeb97 SSL Analyzer: track connection direction by messages
This PR changes the way in which the SSL analyzer tracks the direction
of connections. So far, the SSL analyzer assumed that the originator of
a connection would send the client hello (and other associated
client-side events), and that the responder would be the SSL servers.

In some circumstances this is not true, and the initiator of a
connection is the server, with the responder being the client. So far
this confused some of the internal statekeeping logic and could lead to
mis-parsing of extensions.

This reversal of roles can happen in DTLS, if a connection uses STUN -
and potentially in some StartTLS protocols.

This PR tracks the direction of a TLS connection using the hello
request, client hello and server hello handshake messages. Furthermore,
it changes the SSL events from providing is_orig to providing is_client,
where is_client is true for the client_side of a connection. Since the
argument positioning in the event has not changed, old scripts will
continue to work seamlessly - the new semantics are what everyone
writing SSL scripts will have expected in any case.

There is a new event that is raised when a connection is flipped. A
weird is raised if a flip happens repeatedly.

Addresses GH-2198.
2022-06-24 18:35:44 +01:00
Johanna Amann
590d4aa13e TLS decryption: add test, fix small issues
Add a test loading keys from an external file. Make some debug messages
slightly better and remove unnecessary debug output.
2022-03-01 17:45:11 +00:00
Johanna Amann
1c9ea09d9f Address PR feedback
This addresses feedback to GH-1814. The most significant change is the
fact that the ChipertextRecord now can remain &transient - which might
lead to improved speed.
2022-02-23 11:31:21 +00:00
Johanna Amann
b78f30339f TLS decryption: refactoring, more comments, less bare pointers
This commit refactors TLS decryption, adds more comments in scripts and
in C++ source-code, and removes use of bare pointers, instead relying
more on stl data types.
2022-01-17 15:04:44 +00:00
Johanna Amann
4204615997 SSL decryption: small style changes, a bit of documentation 2022-01-05 15:44:36 +00:00
Johanna Amann
fe4e06e8ca TLS decryption: remove payload from ssl_encrypted_data again.
There is no reason to make the payload available in the event - it is
still encrypted.
2021-10-19 17:36:48 +02:00
Florian Wilkens
febc69d320 analyzer/ssl: cleanup SSL_Analyzer
- make TLS12 PRF a member function of the analyzer
- use std::string in PRF
- use StringValPtr instead of zeek::StringVal
- replace malloc/free with C++ style allocations
2021-05-11 19:12:16 +02:00
Florian Wilkens
c1c0cb6f3c analyzer/ssl: Formatting, printf -> DBG_LOG, namespacing 2021-05-05 15:58:15 +02:00
Florian Wilkens
f73935aa45 ssl/decryption.zeek: cleanup 2021-05-05 15:41:36 +02:00
Florian Wilkens
2d950ffde9 ssl: rudimentary decryption for TLS 1.2
Several limitations still apply:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is the only supported cipher suite
- Some tests are broken due to a failing assertion regarding bytestring
- No newly written tests for decryption (the patch was tested extensively for our paper)
- Several small open technical questions marked with FIXME
- Architecture in the ssl module might not be optimal
2021-04-19 17:38:02 +02:00