void writer_simple_encrypt_key(uint8_t *inkey, int inkeylen, char *outkeyhex)
{
uint8_t ciphertext[1024];
int len, ciphertext_len;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
EVP_EncryptInit_ex(ctx, EVP_aes_192_cbc(), NULL, simpleKEK, simpleIV);
if (!EVP_EncryptUpdate(ctx, ciphertext, &len, inkey, inkeylen))
LOGEXIT("Encrypting key failed");
ciphertext_len = len;
EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
ciphertext_len += len;
EVP_CIPHER_CTX_free(ctx);
moloch_sprint_hex_string(outkeyhex, ciphertext, ciphertext_len);
}
void writer_simple_write(const MolochSession_t * const session, MolochPacket_t * const packet)
{
char dekhex[1024];
int thread = session->thread;
char *name = 0;
if (!currentInfo[thread]) {
MolochSimple_t *info = currentInfo[thread] = writer_simple_alloc(thread, NULL);
switch(simpleMode) {
case MOLOCH_SIMPLE_NORMAL:
name = moloch_db_create_file(packet->ts.tv_sec, NULL, 0, 0, &info->file->id);
break;
case MOLOCH_SIMPLE_XOR2048:
RAND_bytes(info->file->dek, 256);
writer_simple_encrypt_key(info->file->dek, 256, dekhex);
name = moloch_db_create_file_full(packet->ts.tv_sec, NULL, 0, 0, &info->file->id,
"encoding", "xor-2048",
"dek", dekhex,
"kekId", simpleKEKId,
NULL);
break;
case MOLOCH_SIMPLE_AES256CTR: {
uint8_t dek[32];
uint8_t iv[16];
char ivhex[33];
RAND_bytes(iv, 8);
memset(iv+8, 0, 8);
writer_simple_encrypt_key(dek, 32, dekhex);
moloch_sprint_hex_string(ivhex, iv, 8);
EVP_EncryptInit(info->file->cipher_ctx, cipher, dek, iv);
name = moloch_db_create_file_full(packet->ts.tv_sec, NULL, 0, 0, &info->file->id,
"encoding", "aes-256-ctr",
"iv", ivhex,
"dek", dekhex,
"kekId", simpleKEKId,
NULL);
break;
}
default:
LOGEXIT("Unknown simpleMode %d", simpleMode);
}
int options = O_NOATIME | O_WRONLY | O_CREAT | O_TRUNC;
#ifdef O_DIRECT
options |= O_DIRECT;
#else
LOG("No O_DIRECT");
#endif
currentInfo[thread]->file->fd = open(name, options, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
if (currentInfo[thread]->file->fd < 0) {
LOG("ERROR - pcap open failed - Couldn't open file: '%s' with %s (%d)", name, strerror(errno), errno);
exit(2);
}
info->file->pos = currentInfo[thread]->bufpos = 24;
memcpy(info->buf, &pcapFileHeader, 24);
if (config.debug)
LOG("opened %d %s %d", thread, name, info->file->fd);
g_free(name);
}
packet->writerFileNum = currentInfo[thread]->file->id;
packet->writerFilePos = currentInfo[thread]->file->pos;
struct pcap_sf_pkthdr hdr;
hdr.ts.tv_sec = packet->ts.tv_sec;
hdr.ts.tv_usec = packet->ts.tv_usec;
hdr.caplen = packet->pktlen;
hdr.pktlen = packet->pktlen;
memcpy(currentInfo[thread]->buf+currentInfo[thread]->bufpos, &hdr, 16);
currentInfo[thread]->bufpos += 16;
memcpy(currentInfo[thread]->buf+currentInfo[thread]->bufpos, packet->pkt, packet->pktlen);
currentInfo[thread]->bufpos += packet->pktlen;
currentInfo[thread]->file->pos += 16 + packet->pktlen;
if (currentInfo[thread]->bufpos > config.pcapWriteSize) {
writer_simple_process_buf(thread, 0);
} else if (currentInfo[thread]->file->pos >= config.maxFileSizeB) {
writer_simple_process_buf(thread, 1);
}
}
char *moloch_session_id_string (char *sessionId, char *buf)
{
// ALW: Rewrite to make pretty
return moloch_sprint_hex_string(buf, (uint8_t *)sessionId, sessionId[0]);
}
