debugged record reassembly

server/flow.c

@@ -56,23 +56,12 @@ int update_flow(flow *f) {
 	int record_len;
 	int data_len;
 
-	if (record_hdr->type != HS){
-		if(record_hdr->type == APP){
-			printf("Received application data!\n");
-		}
-		//TODO: later figure this out, for now delete
-		f->packet_chain = f->packet_chain->next;
-		if( f->packet_chain != NULL){
-			update_flow(f);
-		}
-		return 0;
-	}
-	/* This is a TLS handshake */
+
 	//printf("record version(major): %d.\n", (record_hdr->version&0xFF00)>>8);
 	//printf("record version(minor): %d.\n", record_hdr->version&0xFF);
 	//printf("record length: %d.\n", RECORD_LEN(record_hdr));
 
-	record_len = RECORD_LEN(record_hdr);
+	record_len = RECORD_LEN(record_hdr)+RECORD_HEADER_LEN;
 	data_len = f->packet_chain->data_len;
 	packet *current = f->packet_chain;
 	record = calloc(1, record_len);
@@ -103,59 +92,82 @@ int update_flow(flow *f) {
 		data_len += current->data_len;
 	}
 
-	p = record;
-	p += RECORD_HEADER_LEN;
-	handshake_hdr = (struct handshake_header*) p;
-
-	int size_hs = HANDSHAKE_MESSAGE_LEN(handshake_hdr);
-	printf("Handshake Message:\n");
-	f->state = handshake_hdr->type;
-
-#define TLS_CERT 0x0b
-#define TLS_SRVR_KEYEX 0x0c
-#define TLS_CERT_REQ 0x0d
-#define TLS_SRVR_HELLO_DONE 0x0e
-#define TLS_CERT_VERIFY 0x0f
-#define TLS_CLNT_KEYEX 0x10
-#define TLS_FINISHED 0x14
-
-	/* Now see if there's anything extra to do */
-	switch(f->state){
-	/* Checks to see if this is a possibly tagged hello msg */
-		case TLS_CLNT_HELLO: 
-			/* Expecting server hello msg */
-			printf("Received client hello!\n");
-				break;
-		case TLS_SERV_HELLO:
-			printf("Received server hello!\n");
-				break;
-		case TLS_NEW_SESS:
-			printf("Received new session!\n");
-				break;
-		case TLS_CERT:
-			printf("Received certificate!\n");
-			/* Need to extract server params */
-				break;
-		case TLS_SRVR_KEYEX:
-			printf("Received server key exchange!\n");
-				break;
-		case TLS_CERT_REQ:
-			printf("Received certificate request!\n");
-				break;
-		case TLS_SRVR_HELLO_DONE:
-			printf("Received server hello done!\n");
-				break;
-		case TLS_CERT_VERIFY:
-			printf("Received certificate verify!\n");
-				break;
-		case TLS_CLNT_KEYEX:
-			printf("Received client key exchange!\n");
-				break;
-		case TLS_FINISHED:
-			printf("Received finished message!\n");
-				break;
+	switch(record_hdr->type){
+		case HS:
+			p = record;
+			p += RECORD_HEADER_LEN;
+			handshake_hdr = (struct handshake_header*) p;
+
+			int size_hs = HANDSHAKE_MESSAGE_LEN(handshake_hdr);
+			printf("Handshake Message:\n");
+			f->state = handshake_hdr->type;
+
+			/* Now see if there's anything extra to do */
+			switch(f->state){
+			/* Checks to see if this is a possibly tagged hello msg */
+				case TLS_CLNT_HELLO: 
+					/* Expecting server hello msg */
+					printf("Received client hello!\n");
+					break;
+				case TLS_SERV_HELLO:
+					printf("Received server hello!\n");
+					break;
+				case TLS_NEW_SESS:
+					printf("Received new session ticket!\n");
+					break;
+				case TLS_CERT:
+					printf("Received certificate!\n");
+					/* Need to extract server params */
+					break;
+				case TLS_SRVR_KEYEX:
+					printf("Received server key exchange!\n");
+					break;
+				case TLS_CERT_REQ:
+					printf("Received certificate request!\n");
+					break;
+				case TLS_SRVR_HELLO_DONE:
+					printf("Received server hello done!\n");
+					break;
+				case TLS_CERT_VERIFY:
+					printf("Received certificate verify!\n");
+					break;
+				case TLS_CLNT_KEYEX:
+					printf("Received client key exchange!\n");
+					break;
+				case TLS_FINISHED:
+					printf("Received finished message!\n");
+					break;
+				default:
+					if(f->encrypted){
+						printf("Received encrypted finished!\n");
+					} else {
+						printf("Error?\n");
+					}
+					break;
+			}
+			break;
+		case APP:
+			printf("Application Data\n");
+			break;
+		case CCS:
+			printf("Change of Cipher Spec\n");
+			f->encrypted = 1;
+			break;
+		case A:
+			printf("Alert\n");
+			break;
+		case HB:
+			printf("Heartbeat\n");
+			break;
+		default:
+			printf("Error: Not a Record\n");
+			//TODO: later figure this out, for now delete
+			f->packet_chain = f->packet_chain->next;
+			if( f->packet_chain != NULL){
+				update_flow(f);
+			}
+			return 0;
 	}
-	record_len += RECORD_HEADER_LEN;
 
 	if(record_len == data_len){
 		/* record ended on packet boundary */
@@ -166,7 +178,7 @@ int update_flow(flow *f) {
 		f->packet_chain = current; //TODO: make current
 		current->data = current->data + (current->data_len - (data_len - record_len));
 		current->data_len = data_len - record_len;
-		//printf("more records? extra: %d\n", current->data_len);
+		printf("more records? extra: %d\n", current->data_len);
 		update_flow(f);
 	}
 

server/slitheen-proxy.c

@@ -324,11 +324,12 @@ void process_packet(const u_char *packet){
 			printf("TLS finished received.\n");
 		} else {
 			//check to see if tls_finished message
+			if(observed->encrypted){ /* decrypt tls finished message */
+				printf("MESSAGE ENCRYPTED\n");
+			}
 			if((observed->state == TLS_NEW_SESS) && !observed->encrypted){
-				//packet should be encrypted
+				//next packet should be encrypted
 				observed->encrypted = 1;
-			} else if(observed->encrypted){ /* decrypt tls finished message */
-				printf("need to decrypt this finished message\n");
 			}
 
 		}

server/slitheen.h

@@ -61,10 +61,9 @@ struct __attribute__((__packed__)) record_header {
 	u_char type;
 #define HS 0x16
 	u_short version;
-	u_char len1;
-	u_char len2;
+	u_short len;
 };
-#define RECORD_LEN(rec)		(((rec)->len1) << 8)+((rec)->len2)
+#define RECORD_LEN(rec)		(htons(rec->len))
 
 struct __attribute__((__packed__)) handshake_header {
 	u_char type; /*Handshake message type */