modified proxy code to write hellos to file

client/Makefile

@@ -6,8 +6,8 @@ all: $(TARGETS)
 
 rclient.o ptwist168.o testget.o:: ptwist.h
 
-testget: testget.o rclient.o ptwist168.o ptwist.h 
-	gcc -g -o $@ $^ -L../../../openssl/run/lib -lssl -lcrypto -ldl
+testget: testget.o rclient.o ptwist168.o ptwist.h
+	gcc -g -o $@ $^ -I/home/cbocovic/Documents/openssl/run/include/openssl libssl.a libcrypto.a -ldl
 
 clean:
 	-rm *.o

client/ptwist168.c

@@ -104,19 +104,19 @@ typedef coord point[3];
 #include <stdio.h>
 #include <stdlib.h>
 
-static void dump_coord(const char *label, const coord c)
+/*static void dump_coord(const char *label, const coord c)
 {
     if (label) fprintf(stderr, "%s: ", label);
     printf("%016lx %016lx %016lx\n", c[2], c[1], c[0]);
-}
+}*/
 
-static void dump_point(const char *label, point p)
+/*static void dump_point(const char *label, point p)
 {
     if (label) fprintf(stderr, "%s:\n", label);
     dump_coord(" x", p[0]);
     dump_coord(" y", p[1]);
     dump_coord(" z", p[2]);
-}
+}*/
 
 /* Field element represented as a byte arrary.
  * 21*8 = 168 bits is also the group order size for the elliptic curve.  */
@@ -841,7 +841,7 @@ static void point_add(fslice x3[3], fslice y3[3], fslice z3[3],
 	select_conditional(z3, zout, z1, 3, z2_is_zero);
 	}
 
-static void affine(point P)
+/*static void affine(point P)
 {
     coord z1, z2, xin, yin;
     uint128_t tmp[7];
@@ -856,7 +856,7 @@ static void affine(point P)
     felem_contract(P[1], yin);
     memset(P[2], 0, sizeof(coord));
     P[2][0] = 1;
-}
+}*/
 
 static void affine_x(coord out, point P)
 {

client/rclient.c

@@ -126,8 +126,9 @@ static void gen_tag(byte *tag, byte key[16],
 int tag_hello(unsigned char *target)
 {
     FILE *fp;
-    int res;
+    int res, i;
     byte *tag;
+	char output[PTWIST_TAG_BYTES+1];
 
     /* Create the generators */
     memset(maingen, 0, PTWIST_BYTES);
@@ -156,6 +157,16 @@ int tag_hello(unsigned char *target)
 	tag = target;
 
 	gen_tag(tag, key, (const byte *)"context", 7);
+    fp = fopen("tags", "wb");
+    if (fp == NULL) {
+		perror("fopen");
+		exit(1);
+    }
+	for(i=0; i< PTWIST_TAG_BYTES; i++){
+		fprintf(fp, "%02x ", tag[i]);
+	}
+	printf("\n");
+	fclose(fp);
 
     return 0;
 }

client/testget.c

@@ -29,13 +29,13 @@ typedef struct {
 
 int tag_flow(SSL *s){
 	unsigned char *result;
-	int len, i;
+	int len;
 
 	result = s->s3->client_random;
 	len = sizeof(s->s3->client_random);
 
-	if(len > PTWIST_TAG_BYTES) {
-		printf("Uhoh");
+	if(len < PTWIST_TAG_BYTES) {
+		printf("Uhoh\n");
 		return 1;
 	}
 	tag_hello((byte *) result);
@@ -93,11 +93,11 @@ connection *sslConnect (void)
       // Register the available ciphers and digests
       SSL_library_init();
 
-      // New context saying we are a client, and using SSL 2 or 3
-      c->sslContext = SSL_CTX_new (SSLv23_client_method ());
+      // New context saying we are a client, and using TLSv1.2
+      c->sslContext = SSL_CTX_new (TLSv1_2_method());
 
 	  //Tag the client hello message with Telex tag
-	  SSL_CTX_set_client_hello_callback(c->sslContext, tag_hello);
+	  SSL_CTX_set_client_hello_callback(c->sslContext, tag_flow);
       if (c->sslContext == NULL)
         ERR_print_errors_fp (stderr);
 

server/slitheen-proxy.c

@@ -3,18 +3,56 @@
 
 #define macaddr "08:00:27:e8:9d:d4"
 
+//Definitions for parsing packet data
+#define ETHER_ADDR_LEN 6
+#define ETHER_HDR_LEN  2*ETHER_ADDR_LEN + 2
+#define RECORD_HDR 5
+#define CLIENT_HELLO_HDR 4
+#define CLIENT_HELLO_RAND 32
+
 void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
 
+//TODO: look for slitheen tag. The ClientHello message starts at offset 0x4d of packet after TCP 3-way handshake and has flag [P.].
+//For now, write *all* clientHello msgs to a file
 void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet){
 	pcap_t *handle;
 	char errbuf[BUFSIZ];
 	char *writedev = args;
 	int i;
+	unsigned char *p;
+	FILE *fp;
 
 	handle = pcap_open_live(writedev, BUFSIZ, 1, 1000, errbuf);
 	if (handle == NULL){
 		fprintf(stderr, "Couldn't open device %s: %s\n", writedev, errbuf);
 	}
+	/* check for clientHello */
+	p = packet;
+	p += ETHER_HDR_LEN; //skip ethernet header
+	p += (p[0] & 0x0f)*4;	//skip IP header
+	p += 12; //skip first part of TCP header
+	p += (p[0] >> 4)*4 - 12; //skip rest of TCP header
+	//check for handshake message
+	if (p[0] == 0x16){
+		p += RECORD_HDR;
+		if (p[0] == 0x01){
+			p += CLIENT_HELLO_HDR;
+			p += 2; //dunno what these are
+			//now pointing to hello random :D
+			fp = fopen("tags", "wb");
+			if (fp == NULL) {
+				perror("fopen");
+				exit(1);
+			}
+			//Write ClientHello random nonce to file
+			for(i=0; i< 32; i++){
+				fprintf(fp, "%02x ", tag[i]);
+			}
+			printf("\n");
+			//fwrite(tag, CLIENT_HELLO_RAND, 1, fp);
+			fclose(fp);
+		}
+	}	
 
 	if((pcap_inject(handle, packet, header->len)) < 0 ){
 		fprintf(stderr, "Error: %s\n", pcap_geterr(handle));