コード例 #1
0
ファイル: ssl_decode.c プロジェクト: plashchynski/libdssl
int ssl3_record_layer_decoder( void* decoder_stack, NM_PacketDir dir,
		u_char* data, uint32_t len, uint32_t* processed )
{
	int rc = DSSL_E_UNSPECIFIED_ERROR;
	uint32_t recLen = 0, totalRecLen = 0;
	uint8_t record_type = 0;
	dssl_decoder_stack* stack = (dssl_decoder_stack*) decoder_stack;
	dssl_decoder* next_decoder = NULL;
	int decrypt_buffer_aquired = 0;
	int decompress_buffer_aquired = 0;
	int i = 0;
	char * data2 = NULL;
	uint32_t recLen2 = 0;
	int block_size = 0;


	DEBUG_TRACE1("ssl_record_layer_decoder - start. len: %d\n", len);

	_ASSERT( stack );
	_ASSERT( processed );
	_ASSERT( stack->sess );

	/*
	for (i=0; i < len; i++)
	{
		printf("0x%02X ", data[i]);
	}
	*/

	if( stack->state > SS_Established )
	{
#ifdef NM_TRACE_SSL_RECORD
		DEBUG_TRACE1( "[!]Unexpected SSL record after %s", 
			( (stack->state == SS_FatalAlert) ? "fatal alert" : "close_notify alert") );
#endif
		return NM_ERROR( DSSL_E_SSL_UNEXPECTED_TRANSMISSION );
	}

	/* special case for a first client hello */
	DEBUG_TRACE1("ssl_record_layer_decoder - version: 0x%02X\n", stack->sess->version);
	if( stack->sess->version == 0 )
	{
		_ASSERT( dir == ePacketDirFromClient );
		rc = ssl_decode_first_client_hello( stack->sess, data, len, processed );
		return rc;
	}

	if( len < SSL3_HEADER_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
	if( data[1] != 3) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR );

	/* Decode record type */
	record_type = data[0];
	totalRecLen = recLen = MAKE_UINT16( data[3], data[4] );
	DEBUG_TRACE1("ssl_record_layer_decoder - record_type: %d\n", record_type);
	DEBUG_TRACE1("ssl_record_layer_decoder - recLen: %d\n", recLen);

	/*
	for (i = 0; i < 128; i++)
	{
		printf("ssl_tls_record_layer_decoder - data before skip header size [%d]: %d\n", i, data[i]);
	}
	*/

	data += SSL3_HEADER_LEN;
	len -= SSL3_HEADER_LEN;

	DEBUG_TRACE1("ssl_record_layer_decoder - len after header adjustments: %d\n", len);
	/*
	for (i=0; i < len; i++)
	{
		printf("0x%02X ", data[i]);
	}
	*/

#ifdef NM_TRACE_SSL_RECORD
	DEBUG_TRACE2( "\n==>Decoding SSL v3 Record, type: %d, len: %d\n{\n", (int) record_type, (int) recLen );
#endif

	rc = DSSL_RC_OK;
	if( len < recLen ) 
	{ 
		rc = DSSL_RC_WOULD_BLOCK; 
		DEBUG_TRACE0("ssl_tls_record_layer_decoder - rc is DSSL_RC_WOULD_BLOCK\n");
	}

	if( rc == DSSL_RC_OK && stack->cipher )
	{
		rc = ssl_decrypt_record( stack, data, recLen, &data, &recLen, &decrypt_buffer_aquired,&block_size );

		DEBUG_TRACE1("ssl_record_layer_decoder - ssl_decrypt_record ret: %d\n", rc);
	}

	/* check if the record length is still within bounds (failed decryption, etc) */
	if( rc == DSSL_RC_OK && (recLen > RFC_2246_MAX_COMPRESSED_LENGTH || 
		recLen > len || (stack->md && recLen < EVP_MD_size(stack->md))) )
	{
		rc = NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH);
	}

	if( rc == DSSL_RC_OK && stack->md )
	{
		u_char mac[EVP_MAX_MD_SIZE];
		u_char* rec_mac = NULL;
		
		DEBUG_TRACE1("ssl_record_layer_decoder - data using len: %d\n", len);
		/*
		for (i=0; i < len; i++)
		{
			printf("0x%02X ", data[i]);
		}
		*/

		recLen -= EVP_MD_size( stack->md );
		rec_mac = data+recLen;

		memset(mac, 0, sizeof(mac) );
		
		// Fix - skip iv for TLS 1.1
		DEBUG_TRACE1("ssl_record_layer_decoder - stack->version: 0x%02X\n", stack->version);
		DEBUG_TRACE1("ssl_record_layer_decoder - block_size: %d\n", block_size);

		if (stack->version > TLS1_VERSION && block_size > 1)
		{
			DEBUG_TRACE0("ssl_record_layer_decoder - activated fix for TLS 1.1 (skip 16 bytes)\n");

			data2 = data + block_size;
			recLen2 = recLen - block_size;
			rc = stack->sess->caclulate_mac_proc( stack, record_type, data2, recLen2, mac );
		}
		else
		{
			rc = stack->sess->caclulate_mac_proc( stack, record_type, data, recLen, mac );
		}

		DEBUG_TRACE1("ssl_record_layer_decoder - caclulate_mac_proc result: %d\n", rc);
		
		if( rc == DSSL_RC_OK )
		{
			DEBUG_TRACE1("ssl_record_layer_decoder - caclulate_mac_proc memcmp size(i.e. EVP_MD_size(stack->md)): %d\n", EVP_MD_size(stack->md));
			DEBUG_TRACE0("ssl_record_layer_decoder - mac vs. rec_mac:\n");
			if (IsDebugEnabled())
			{
				for (i=0; i < EVP_MD_size(stack->md); i++)
				{
					DEBUG_TRACE2("0x%02X vs. 0x%02X\n", mac[i], rec_mac[i]);
				}
			}
			rc = memcmp( mac, rec_mac, EVP_MD_size(stack->md) ) == 0 ? DSSL_RC_OK : NM_ERROR( DSSL_E_SSL_INVALID_MAC );
		}
	}

	if( rc == DSSL_RC_OK && stack->compression_method != 0 )
	{
		rc = ssl_decompress_record( stack, data, recLen, &data, &recLen, &decompress_buffer_aquired );

		DEBUG_TRACE1("ssl_record_layer_decoder - ssl_decompress_record call ended. rc: %d\n", rc);
	}

	if( rc == DSSL_RC_OK )
	{
		DEBUG_TRACE1("ssl_record_layer_decoder - record_type: %d\n", record_type);
		switch( record_type )
		{
			case SSL3_RT_HANDSHAKE:
				DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_HANDSHAKE\n");
				next_decoder = &stack->dhandshake;
				break;

			case SSL3_RT_CHANGE_CIPHER_SPEC:
				DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_CHANGE_CIPHER_SPEC\n");
				next_decoder = &stack->dcss;
				break;

			case SSL3_RT_APPLICATION_DATA:
				DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_APPLICATION_DATA\n");
				next_decoder = &stack->dappdata;
				break;

			case SSL3_RT_ALERT:
				DEBUG_TRACE0("ssl_record_layer_decoder - SSL3_RT_ALERT\n");
				next_decoder = &stack->dalert;
				break;

			default:
				DEBUG_TRACE0("ssl_record_layer_decoder - record_type not found\n");
				rc = NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR );
		}
	}

	if( rc == DSSL_RC_OK )
	{
		_ASSERT( next_decoder != NULL );
		
		DEBUG_TRACE1("ssl_record_layer_decoder - calling dssl_decoder_process. handler is: %x\n", next_decoder->handler);
		
		// Fix - for TLS 1.1 continue
		if (data2 == NULL)
			rc = dssl_decoder_process( next_decoder, dir, data, recLen );
		else
			rc = dssl_decoder_process( next_decoder, dir, data2, recLen2 );

		DEBUG_TRACE1("ssl_record_layer_decoder - dssl_decoder_process ret: %d\n", rc);
	}

	if( rc == DSSL_RC_OK )
	{
		*processed = totalRecLen + SSL3_HEADER_LEN;
	}

	if( decrypt_buffer_aquired )
	{
		ssls_release_decrypt_buffer( stack->sess );
	}

	if( decompress_buffer_aquired )
	{
		ssls_release_decompress_buffer( stack->sess );
	}

#ifdef NM_TRACE_SSL_RECORD
	DEBUG_TRACE1( "\n} rc: %d\n", (int) rc);
#endif

	if( stack->state == SS_SeenCloseNotify )
	{
		stack->sess->flags |= SSF_CLOSE_NOTIFY_RECEIVED;
	} else if ( stack->state == SS_FatalAlert )
	{
		stack->sess->flags |= SSF_FATAL_ALERT_RECEIVED;
	}

	DEBUG_TRACE1("ssl_record_layer_decoder - end. rc = %d\n", rc);

	return rc;
}
コード例 #2
0
ファイル: ssl_decode.c プロジェクト: Correlsense/libdssl
int ssl3_record_layer_decoder( void* decoder_stack, NM_PacketDir dir,
		u_char* data, uint32_t len, uint32_t* processed )
{
	int rc = DSSL_E_UNSPECIFIED_ERROR;
	uint32_t recLen = 0, totalRecLen = 0;
	uint8_t record_type = 0;
	dssl_decoder_stack* stack = (dssl_decoder_stack*) decoder_stack;
	dssl_decoder* next_decoder = NULL;
	int decrypt_buffer_aquired = 0;
	int decompress_buffer_aquired = 0;

	_ASSERT( stack );
	_ASSERT( processed );
	_ASSERT( stack->sess );

	if( stack->state > SS_Established )
	{
#ifdef NM_TRACE_SSL_RECORD
		DEBUG_TRACE1( "[!]Unexpected SSL record after %s", 
			( (stack->state == SS_FatalAlert) ? "fatal alert" : "close_notify alert") );
#endif
		return NM_ERROR( DSSL_E_SSL_UNEXPECTED_TRANSMISSION );
	}

	/* special case for a first client hello */
	if( stack->sess->version == 0 )
	{
		_ASSERT( dir == ePacketDirFromClient );
		rc = ssl_decode_first_client_hello( stack->sess, data, len, processed );
		return rc;
	}

	if( len < SSL3_HEADER_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );
	if( data[1] != 3) return NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR );

	/* Decode record type */
	record_type = data[0];
	totalRecLen = recLen = MAKE_UINT16( data[3], data[4] );

	data += SSL3_HEADER_LEN;
	len -= SSL3_HEADER_LEN;

#ifdef NM_TRACE_SSL_RECORD
	DEBUG_TRACE3( "\n==>Decoding SSL v3 Record from %s, type: %d, len: %d\n{\n", ((dir == ePacketDirFromClient)?"client":"server"), (int) record_type, (int) recLen );
#endif

	rc = DSSL_RC_OK;
	if( len < recLen ) { rc = DSSL_RC_WOULD_BLOCK; }

	if( rc == DSSL_RC_OK && stack->cipher )
	{
		rc = ssl_decrypt_record( stack, data, recLen, &data, &recLen, &decrypt_buffer_aquired );
	}

	/* check if the record length is still within bounds (failed decryption, etc) */
	if( rc == DSSL_RC_OK && (recLen > RFC_2246_MAX_COMPRESSED_LENGTH || 
		recLen > len || (stack->sess->version < TLS1_2_VERSION && stack->md && recLen < EVP_MD_size(stack->md))) )
	{
		rc = NM_ERROR(DSSL_E_SSL_INVALID_RECORD_LENGTH);
	}

	if( rc == DSSL_RC_OK && stack->md )
	{
		u_char mac[EVP_MAX_MD_SIZE*2];
		u_char* rec_mac = NULL;
		int l = EVP_MD_size( stack->md );
		int ivl = EVP_CIPHER_iv_length( stack->cipher->cipher );

		if ( EVP_CIPH_CBC_MODE == stack->sess->cipher_mode || EVP_CIPH_STREAM_CIPHER == stack->sess->cipher_mode )
			recLen -= l;
		rec_mac = data+recLen;

		memset(mac, 0, sizeof(mac) );
		
		/* TLS 1.1 and later: remove explicit IV for non-stream ciphers */
		if ( EVP_CIPH_CBC_MODE == stack->sess->cipher_mode )
		{
			if (stack->sess->version >= TLS1_1_VERSION )
			{
				if (ivl <= recLen) {
					recLen -= ivl;
					data += ivl;
				}
			}
		}

		/* AEAD ciphers have no mac */
		if ( EVP_CIPH_CBC_MODE == stack->sess->cipher_mode || EVP_CIPH_STREAM_CIPHER == stack->sess->cipher_mode )
		{
			rc = stack->sess->caclulate_mac_proc( stack, record_type, data, recLen, mac );

			if( rc == DSSL_RC_OK )
			{
				rc = memcmp( mac, rec_mac, l ) == 0 ? DSSL_RC_OK : NM_ERROR( DSSL_E_SSL_INVALID_MAC );
			}
		}
	}

	if( rc == DSSL_RC_OK && stack->compression_method != 0 )
	{
		rc = ssl_decompress_record( stack, data, recLen, &data, &recLen, &decompress_buffer_aquired );
	}
	
	DEBUG_TRACE_BUF("decompressed", data, recLen);

	if( rc == DSSL_RC_OK )
	{
		switch( record_type )
		{
			case SSL3_RT_HANDSHAKE:
				next_decoder = &stack->dhandshake;
				break;

			case SSL3_RT_CHANGE_CIPHER_SPEC:
				next_decoder = &stack->dcss;
				break;

			case SSL3_RT_APPLICATION_DATA:
				next_decoder = &stack->dappdata;
				break;
			case SSL3_RT_ALERT:
				next_decoder = &stack->dalert;
				break;

			default:
				rc = NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR );
		}
	}

	if( rc == DSSL_RC_OK )
	{
		_ASSERT( next_decoder != NULL );
		rc = dssl_decoder_process( next_decoder, dir, data, recLen );
	}

	if( rc == DSSL_RC_OK )
	{
		*processed = totalRecLen + SSL3_HEADER_LEN;
	}

	if( decrypt_buffer_aquired )
	{
		ssls_release_decrypt_buffer( stack->sess );
	}

	if( decompress_buffer_aquired )
	{
		ssls_release_decompress_buffer( stack->sess );
	}

#ifdef NM_TRACE_SSL_RECORD
	DEBUG_TRACE1( "\n} rc: %d\n", (int) rc);
#endif

	if( stack->state == SS_SeenCloseNotify )
	{
		stack->sess->flags |= SSF_CLOSE_NOTIFY_RECEIVED;
	} else if ( stack->state == SS_FatalAlert )
	{
		stack->sess->flags |= SSF_FATAL_ALERT_RECEIVED;
	}

	return rc;
}
コード例 #3
0
ファイル: ssl_decode_hs.c プロジェクト: Correlsense/libdssl
/* ========== Handshake decoding function ========== */
int ssl3_decode_handshake_record( dssl_decoder_stack* stack, NM_PacketDir dir,
								 u_char* data, uint32_t len, uint32_t* processed )
{
	int rc = DSSL_E_UNSPECIFIED_ERROR;
	uint32_t recLen = 0;
	u_char hs_type = 0;
	u_char* org_data = data;
	DSSL_Session* sess = stack->sess;
	_ASSERT( processed != NULL );
	_ASSERT((sess->flags & SSF_SSLV2_CHALLENGE) == 0);

	if( sess->version == 0 )
	{
		return ssl_decode_first_client_hello( sess, data, len, processed );
	}

	if( len < SSL3_HANDSHAKE_HEADER_LEN ) return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );

	DEBUG_TRACE_BUF("handshake", data, len);
	recLen = (((int32_t)data[1]) << 16) | (((int32_t)data[2]) << 8) | data[3];
	hs_type = data[0];

	data += SSL3_HANDSHAKE_HEADER_LEN;
	len -= SSL3_HANDSHAKE_HEADER_LEN;

	if( len < recLen )return NM_ERROR( DSSL_E_SSL_INVALID_RECORD_LENGTH );

#ifdef NM_TRACE_SSL_HANDSHAKE
	DEBUG_TRACE2( "===>Decoding SSL v3 handshake: %s len: %d...", SSL3_HandshakeTypeToString( hs_type ), (int) recLen );
#endif

	switch( hs_type )
	{
	case SSL3_MT_HELLO_REQUEST:
		rc = ssl3_decode_dummy( sess, data, recLen );
		break;

	case SSL3_MT_CLIENT_HELLO:
		rc = ssl3_decode_client_hello( sess, data, recLen );
		break;

	case SSL3_MT_SERVER_HELLO:
		stack->state = SS_SeenServerHello;
		rc = ssl3_decode_server_hello( sess, data, recLen );
		break;

	case SSL3_MT_CERTIFICATE:
		if( dir == ePacketDirFromServer )
		{
			rc = ssl3_decode_server_certificate( sess, data, recLen );
		}
		else
		{
			rc = ssl3_decode_dummy( sess, data, recLen );
		}
		break;

	case SSL3_MT_SERVER_DONE:
		rc = ssl3_decode_dummy( sess, data, recLen );
		break;

	case SSL3_MT_CLIENT_KEY_EXCHANGE:
		rc = ssl3_decode_client_key_exchange( sess, data, recLen );
		break;

	case SSL3_MT_FINISHED:
		rc = (*sess->decode_finished_proc)( sess, dir, data, recLen );
		if( rc == DSSL_RC_OK ) {
			stack->state = SS_Established;
			ssls_handshake_done( sess );
		}
		break;
		
	case SSL3_MT_CERTIFICATE_STATUS:
		rc = ssl3_decode_dummy( sess, data, recLen );
		break;
	
	case SSL3_MT_SERVER_KEY_EXCHANGE:
		/*at this point it is clear that the session is not decryptable due to ephemeral keys usage.*/
		rc = NM_ERROR( DSSL_E_SSL_CANNOT_DECRYPT_EPHEMERAL );
		break;

	case SSL3_MT_CERTIFICATE_REQUEST:
		/* TODO: track CertificateRequest- client certificate / certificate verify */
		rc = ssl3_decode_dummy( sess, data, recLen );
		break;

	case SSL3_MT_CERTIFICATE_VERIFY:
		/* TODO: track CertificateRequest- client certificate / certificate verify */
		rc = ssl3_decode_dummy( sess, data, recLen );
		break;

	case SSL3_MT_NEWSESSION_TICKET:
		rc = ssl3_decode_new_session_ticket( sess, data, recLen );
		break;

	default:
		rc = NM_ERROR( DSSL_E_SSL_PROTOCOL_ERROR );
		break;
	}

	if( rc == DSSL_RC_OK )
	{
		*processed = recLen + SSL3_HANDSHAKE_HEADER_LEN;

		if( hs_type == SSL3_MT_CLIENT_HELLO ) 
		{
			ssl3_init_handshake_digests( sess );
		}

		if( hs_type != SSL3_MT_HELLO_REQUEST )
		{
			ssl3_update_handshake_digests( sess, org_data, *processed );
		}
	}

#ifdef NM_TRACE_SSL_HANDSHAKE
	if( rc == DSSL_RC_OK )
	{
		DEBUG_TRACE0( "OK\n" );
	}
	else
	{
		DEBUG_TRACE1( "Error! (%d)\n", (int)rc );
	}
#endif

	return rc;
}