int ssl3_record_layer_decoder( void* decoder_stack, NM_PacketDir dir, u_char* data, uint32_t len, uint32_t* processed ) { int rc = DSSL_E_UNSPECIFIED_ERROR; uint32_t recLen = 0, totalRecLen = 0; uint8_t record_type = 0; dssl_decoder_stack* stack = (dssl_decoder_stack*) decoder_stack; dssl_decoder* next_decoder = NULL; int decrypt_buffer_aquired = 0; int decompress_buffer_aquired = 0; int i = 0; char * data2 = NULL; uint32_t recLen2 = 0; int block_size = 0; DEBUG_TRACE1("ssl_record_layer_decoder - start. len: %d\n", len); _ASSERT( stack ); _ASSERT( processed ); _ASSERT( stack->sess ); /* for (i=0; i < len; i++) { printf("0x%02X ", data[i]); } */ if( stack->state > SS_Established ) { #ifdef NM_TRACE_SSL_RECORD DEBUG_TRACE1( "[!]Unexpected SSL record after %s", ( (stack->state == SS_FatalAlert) ? "fatal alert" : "close_notify alert") ); #endif return NM_ERROR( DSSL_E_SSL_UNEXPECTED_TRANSMISSION ); } /* special case for a first client hello */ DEBUG_TRACE1("ssl_record_layer_decoder - version: 0x%02X\n", stack->sess->version); if( stack->sess->version == 0 ) { _ASSERT( dir == ePacketDirFromClient ); rc = ssl_decode_first_client_hello( stack->sess, data, len, processed ); return rc; } if( len < SSL3_HEADER_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); if( data[1] != 3) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); /* Decode record type */ record_type = data[0]; totalRecLen = recLen = MAKE_UINT16( data[3], data[4] ); DEBUG_TRACE1("ssl_record_layer_decoder - record_type: %d\n", record_type); DEBUG_TRACE1("ssl_record_layer_decoder - recLen: %d\n", recLen); /* for (i = 0; i < 128; i++) { printf("ssl_tls_record_layer_decoder - data before skip header size [%d]: %d\n", i, data[i]); } */ data += SSL3_HEADER_LEN; len -= SSL3_HEADER_LEN; DEBUG_TRACE1("ssl_record_layer_decoder - len after header adjustments: %d\n", len); /* for (i=0; i < len; i++) { printf("0x%02X ", data[i]); } */ #ifdef NM_TRACE_SSL_RECORD DEBUG_TRACE2( "\n==>Decoding SSL v3 Record, type: %d, len: %d\n{\n", (int) record_type, (int) recLen ); #endif rc = DSSL_RC_OK; if( len < recLen ) { rc = DSSL_RC_WOULD_BLOCK; DEBUG_TRACE0("ssl_tls_record_layer_decoder - rc is DSSL_RC_WOULD_BLOCK\n"); } if( rc == DSSL_RC_OK && stack->cipher ) { rc = ssl_decrypt_record( stack, data, recLen, &data, &recLen, &decrypt_buffer_aquired,&block_size ); DEBUG_TRACE1("ssl_record_layer_decoder - ssl_decrypt_record ret: %d\n", rc); } /* check if the record length is still within bounds (failed decryption, etc) */ if( rc == DSSL_RC_OK && (recLen > RFC_2246_MAX_COMPRESSED_LENGTH || recLen > len || (stack->md && recLen < EVP_MD_size(stack->md))) ) { rc = NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH); } if( rc == DSSL_RC_OK && stack->md ) { u_char mac[EVP_MAX_MD_SIZE]; u_char* rec_mac = NULL; DEBUG_TRACE1("ssl_record_layer_decoder - data using len: %d\n", len); /* for (i=0; i < len; i++) { printf("0x%02X ", data[i]); } */ recLen -= EVP_MD_size( stack->md ); rec_mac = data+recLen; memset(mac, 0, sizeof(mac) ); // Fix - skip iv for TLS 1.1 DEBUG_TRACE1("ssl_record_layer_decoder - stack->version: 0x%02X\n", stack->version); DEBUG_TRACE1("ssl_record_layer_decoder - block_size: %d\n", block_size); if (stack->version > TLS1_VERSION && block_size > 1) { DEBUG_TRACE0("ssl_record_layer_decoder - activated fix for TLS 1.1 (skip 16 bytes)\n"); data2 = data + block_size; recLen2 = recLen - block_size; rc = stack->sess->caclulate_mac_proc( stack, record_type, data2, recLen2, mac ); } else { rc = stack->sess->caclulate_mac_proc( stack, record_type, data, recLen, mac ); } DEBUG_TRACE1("ssl_record_layer_decoder - caclulate_mac_proc result: %d\n", rc); if( rc == DSSL_RC_OK ) { DEBUG_TRACE1("ssl_record_layer_decoder - caclulate_mac_proc memcmp size(i.e. EVP_MD_size(stack->md)): %d\n", EVP_MD_size(stack->md)); DEBUG_TRACE0("ssl_record_layer_decoder - mac vs. rec_mac:\n"); if (IsDebugEnabled()) { for (i=0; i < EVP_MD_size(stack->md); i++) { DEBUG_TRACE2("0x%02X vs. 0x%02X\n", mac[i], rec_mac[i]); } } rc = memcmp( mac, rec_mac, EVP_MD_size(stack->md) ) == 0 ? DSSL_RC_OK : NM_ERROR( DSSL_E_SSL_INVALID_MAC ); } } if( rc == DSSL_RC_OK && stack->compression_method != 0 ) { rc = ssl_decompress_record( stack, data, recLen, &data, &recLen, &decompress_buffer_aquired ); DEBUG_TRACE1("ssl_record_layer_decoder - ssl_decompress_record call ended. rc: %d\n", rc); } if( rc == DSSL_RC_OK ) { DEBUG_TRACE1("ssl_record_layer_decoder - record_type: %d\n", record_type); switch( record_type ) { case SSL3_RT_HANDSHAKE: DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_HANDSHAKE\n"); next_decoder = &stack->dhandshake; break; case SSL3_RT_CHANGE_CIPHER_SPEC: DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_CHANGE_CIPHER_SPEC\n"); next_decoder = &stack->dcss; break; case SSL3_RT_APPLICATION_DATA: DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_APPLICATION_DATA\n"); next_decoder = &stack->dappdata; break; case SSL3_RT_ALERT: DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_ALERT\n"); next_decoder = &stack->dalert; break; default: DEBUG_TRACE0("ssl_record_layer_decoder - record_type not found\n"); rc = NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); } } if( rc == DSSL_RC_OK ) { _ASSERT( next_decoder != NULL ); DEBUG_TRACE1("ssl_record_layer_decoder - calling dssl_decoder_process. handler is: %x\n", next_decoder->handler); // Fix - for TLS 1.1 continue if (data2 == NULL) rc = dssl_decoder_process( next_decoder, dir, data, recLen ); else rc = dssl_decoder_process( next_decoder, dir, data2, recLen2 ); DEBUG_TRACE1("ssl_record_layer_decoder - dssl_decoder_process ret: %d\n", rc); } if( rc == DSSL_RC_OK ) { *processed = totalRecLen + SSL3_HEADER_LEN; } if( decrypt_buffer_aquired ) { ssls_release_decrypt_buffer( stack->sess ); } if( decompress_buffer_aquired ) { ssls_release_decompress_buffer( stack->sess ); } #ifdef NM_TRACE_SSL_RECORD DEBUG_TRACE1( "\n} rc: %d\n", (int) rc); #endif if( stack->state == SS_SeenCloseNotify ) { stack->sess->flags |= SSF_CLOSE_NOTIFY_RECEIVED; } else if ( stack->state == SS_FatalAlert ) { stack->sess->flags |= SSF_FATAL_ALERT_RECEIVED; } DEBUG_TRACE1("ssl_record_layer_decoder - end. rc = %d\n", rc); return rc; }
int ssl3_record_layer_decoder( void* decoder_stack, NM_PacketDir dir, u_char* data, uint32_t len, uint32_t* processed ) { int rc = DSSL_E_UNSPECIFIED_ERROR; uint32_t recLen = 0, totalRecLen = 0; uint8_t record_type = 0; dssl_decoder_stack* stack = (dssl_decoder_stack*) decoder_stack; dssl_decoder* next_decoder = NULL; int decrypt_buffer_aquired = 0; int decompress_buffer_aquired = 0; _ASSERT( stack ); _ASSERT( processed ); _ASSERT( stack->sess ); if( stack->state > SS_Established ) { #ifdef NM_TRACE_SSL_RECORD DEBUG_TRACE1( "[!]Unexpected SSL record after %s", ( (stack->state == SS_FatalAlert) ? "fatal alert" : "close_notify alert") ); #endif return NM_ERROR( DSSL_E_SSL_UNEXPECTED_TRANSMISSION ); } /* special case for a first client hello */ if( stack->sess->version == 0 ) { _ASSERT( dir == ePacketDirFromClient ); rc = ssl_decode_first_client_hello( stack->sess, data, len, processed ); return rc; } if( len < SSL3_HEADER_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); if( data[1] != 3) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); /* Decode record type */ record_type = data[0]; totalRecLen = recLen = MAKE_UINT16( data[3], data[4] ); data += SSL3_HEADER_LEN; len -= SSL3_HEADER_LEN; #ifdef NM_TRACE_SSL_RECORD DEBUG_TRACE3( "\n==>Decoding SSL v3 Record from %s, type: %d, len: %d\n{\n", ((dir == ePacketDirFromClient)?"client":"server"), (int) record_type, (int) recLen ); #endif rc = DSSL_RC_OK; if( len < recLen ) { rc = DSSL_RC_WOULD_BLOCK; } if( rc == DSSL_RC_OK && stack->cipher ) { rc = ssl_decrypt_record( stack, data, recLen, &data, &recLen, &decrypt_buffer_aquired ); } /* check if the record length is still within bounds (failed decryption, etc) */ if( rc == DSSL_RC_OK && (recLen > RFC_2246_MAX_COMPRESSED_LENGTH || recLen > len || (stack->sess->version < TLS1_2_VERSION && stack->md && recLen < EVP_MD_size(stack->md))) ) { rc = NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH); } if( rc == DSSL_RC_OK && stack->md ) { u_char mac[EVP_MAX_MD_SIZE*2]; u_char* rec_mac = NULL; int l = EVP_MD_size( stack->md ); int ivl = EVP_CIPHER_iv_length( stack->cipher->cipher ); if ( EVP_CIPH_CBC_MODE == stack->sess->cipher_mode || EVP_CIPH_STREAM_CIPHER == stack->sess->cipher_mode ) recLen -= l; rec_mac = data+recLen; memset(mac, 0, sizeof(mac) ); /* TLS 1.1 and later: remove explicit IV for non-stream ciphers */ if ( EVP_CIPH_CBC_MODE == stack->sess->cipher_mode ) { if (stack->sess->version >= TLS1_1_VERSION ) { if (ivl <= recLen) { recLen -= ivl; data += ivl; } } } /* AEAD ciphers have no mac */ if ( EVP_CIPH_CBC_MODE == stack->sess->cipher_mode || EVP_CIPH_STREAM_CIPHER == stack->sess->cipher_mode ) { rc = stack->sess->caclulate_mac_proc( stack, record_type, data, recLen, mac ); if( rc == DSSL_RC_OK ) { rc = memcmp( mac, rec_mac, l ) == 0 ? DSSL_RC_OK : NM_ERROR( DSSL_E_SSL_INVALID_MAC ); } } } if( rc == DSSL_RC_OK && stack->compression_method != 0 ) { rc = ssl_decompress_record( stack, data, recLen, &data, &recLen, &decompress_buffer_aquired ); } DEBUG_TRACE_BUF("decompressed", data, recLen); if( rc == DSSL_RC_OK ) { switch( record_type ) { case SSL3_RT_HANDSHAKE: next_decoder = &stack->dhandshake; break; case SSL3_RT_CHANGE_CIPHER_SPEC: next_decoder = &stack->dcss; break; case SSL3_RT_APPLICATION_DATA: next_decoder = &stack->dappdata; break; case SSL3_RT_ALERT: next_decoder = &stack->dalert; break; default: rc = NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); } } if( rc == DSSL_RC_OK ) { _ASSERT( next_decoder != NULL ); rc = dssl_decoder_process( next_decoder, dir, data, recLen ); } if( rc == DSSL_RC_OK ) { *processed = totalRecLen + SSL3_HEADER_LEN; } if( decrypt_buffer_aquired ) { ssls_release_decrypt_buffer( stack->sess ); } if( decompress_buffer_aquired ) { ssls_release_decompress_buffer( stack->sess ); } #ifdef NM_TRACE_SSL_RECORD DEBUG_TRACE1( "\n} rc: %d\n", (int) rc); #endif if( stack->state == SS_SeenCloseNotify ) { stack->sess->flags |= SSF_CLOSE_NOTIFY_RECEIVED; } else if ( stack->state == SS_FatalAlert ) { stack->sess->flags |= SSF_FATAL_ALERT_RECEIVED; } return rc; }
/* ========== Handshake decoding function ========== */ int ssl3_decode_handshake_record( dssl_decoder_stack* stack, NM_PacketDir dir, u_char* data, uint32_t len, uint32_t* processed ) { int rc = DSSL_E_UNSPECIFIED_ERROR; uint32_t recLen = 0; u_char hs_type = 0; u_char* org_data = data; DSSL_Session* sess = stack->sess; _ASSERT( processed != NULL ); _ASSERT((sess->flags & SSF_SSLV2_CHALLENGE) == 0); if( sess->version == 0 ) { return ssl_decode_first_client_hello( sess, data, len, processed ); } if( len < SSL3_HANDSHAKE_HEADER_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); DEBUG_TRACE_BUF("handshake", data, len); recLen = (((int32_t)data[1]) << 16) | (((int32_t)data[2]) << 8) | data[3]; hs_type = data[0]; data += SSL3_HANDSHAKE_HEADER_LEN; len -= SSL3_HANDSHAKE_HEADER_LEN; if( len < recLen )return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH ); #ifdef NM_TRACE_SSL_HANDSHAKE DEBUG_TRACE2( "===>Decoding SSL v3 handshake: %s len: %d...", SSL3_HandshakeTypeToString( hs_type ), (int) recLen ); #endif switch( hs_type ) { case SSL3_MT_HELLO_REQUEST: rc = ssl3_decode_dummy( sess, data, recLen ); break; case SSL3_MT_CLIENT_HELLO: rc = ssl3_decode_client_hello( sess, data, recLen ); break; case SSL3_MT_SERVER_HELLO: stack->state = SS_SeenServerHello; rc = ssl3_decode_server_hello( sess, data, recLen ); break; case SSL3_MT_CERTIFICATE: if( dir == ePacketDirFromServer ) { rc = ssl3_decode_server_certificate( sess, data, recLen ); } else { rc = ssl3_decode_dummy( sess, data, recLen ); } break; case SSL3_MT_SERVER_DONE: rc = ssl3_decode_dummy( sess, data, recLen ); break; case SSL3_MT_CLIENT_KEY_EXCHANGE: rc = ssl3_decode_client_key_exchange( sess, data, recLen ); break; case SSL3_MT_FINISHED: rc = (*sess->decode_finished_proc)( sess, dir, data, recLen ); if( rc == DSSL_RC_OK ) { stack->state = SS_Established; ssls_handshake_done( sess ); } break; case SSL3_MT_CERTIFICATE_STATUS: rc = ssl3_decode_dummy( sess, data, recLen ); break; case SSL3_MT_SERVER_KEY_EXCHANGE: /*at this point it is clear that the session is not decryptable due to ephemeral keys usage.*/ rc = NM_ERROR( DSSL_E_SSL_CANNOT_DECRYPT_EPHEMERAL ); break; case SSL3_MT_CERTIFICATE_REQUEST: /* TODO: track CertificateRequest- client certificate / certificate verify */ rc = ssl3_decode_dummy( sess, data, recLen ); break; case SSL3_MT_CERTIFICATE_VERIFY: /* TODO: track CertificateRequest- client certificate / certificate verify */ rc = ssl3_decode_dummy( sess, data, recLen ); break; case SSL3_MT_NEWSESSION_TICKET: rc = ssl3_decode_new_session_ticket( sess, data, recLen ); break; default: rc = NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR ); break; } if( rc == DSSL_RC_OK ) { *processed = recLen + SSL3_HANDSHAKE_HEADER_LEN; if( hs_type == SSL3_MT_CLIENT_HELLO ) { ssl3_init_handshake_digests( sess ); } if( hs_type != SSL3_MT_HELLO_REQUEST ) { ssl3_update_handshake_digests( sess, org_data, *processed ); } } #ifdef NM_TRACE_SSL_HANDSHAKE if( rc == DSSL_RC_OK ) { DEBUG_TRACE0( "OK\n" ); } else { DEBUG_TRACE1( "Error! (%d)\n", (int)rc ); } #endif return rc; }