Home Explore Help
Sign In
cbocovic
/
slitheen
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

added a check for the certificate status hs message

cecylia 7 years ago
parent
c7aadd6530
commit
ee670440de
3 changed files with 30 additions and 9 deletions
Split View Show Diff Stats
  1. 5 5
      relay_station/crypto.c
  2. 24 4
      relay_station/flow.c
  3. 1 0
      relay_station/flow.h

+ 5 - 5
relay_station/crypto.c
View File 

@@ -578,13 +578,13 @@ int compute_master_secret(flow *f){
 
 			NULL, 0, NULL, 0, NULL, 0,
 
 			buf, bytes);
 
 
-	#ifdef DEBUG
 
-		printf("Generated the following rand bytes: ");
 
+#ifdef DEBUG_HS
 
+		printf("Generated the client private key [len: %d]: ", bytes);
 
 		for(int i=0; i< bytes; i++){
 
 			printf(" %02x ", buf[i]);
 
 		}
 
 		printf("\n");
 
-	#endif
 
+#endif
 
 
 		if (!BN_bin2bn(buf, bytes, priv_key))
 
 			goto err;
 
@@ -1364,9 +1364,9 @@ void check_handshake(struct packet_info *info){
 
 		res = check_tag(key, privkey, p, (const byte *)context, sizeof(context));
 
 		if (!res) {
 
 
-#ifdef DEBUG
 
+#ifdef DEBUG_HS
 
 			printf("Received tagged flow! (key =");
 
-			for(i=0; i<16;i++){
 
+			for(int i=0; i<16;i++){
 
 			    printf(" %02x", key[i]);
 
 			}
 
 			printf(")\n");

+ 24 - 4
relay_station/flow.c
View File 

@@ -191,11 +191,19 @@ int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
 
 	switch(record_hdr->type){
 
 		case HS:
 
 			p = record;
 
+#ifdef DEBUG_HS
 
+                        printf("Received handshake packet  (%x:%d -> %x:%d) (incoming: %d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), incoming);
 
+                        for(int i=0; i< record_len; i++){
 
+                            printf("%02x ", p[i]);
 
+                        }
 
+                        printf("\n");
 
+#endif
 
 			p += RECORD_HEADER_LEN;
 
 
+
 
 			if((incoming && f->in_encrypted) || (!incoming && f->out_encrypted)){
 
 #ifdef DEBUG_HS
 
-				printf("Decrypting finished (%d bytes) (%x:%d -> %x:%d)\n", record_len - RECORD_HEADER_LEN, f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
 
+				printf("Decrypting finished (%d bytes) (%x:%d -> %x:%d) (incoming: %d)\n", record_len - RECORD_HEADER_LEN, f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), incoming);
 
 				printf("Finished ciphertext:\n");
 
 				for(int i=0; i< record_len; i++){
 
 					printf("%02x ", record[i]);
 
@@ -204,7 +212,12 @@ int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
 
 #endif
 
 				int32_t n = encrypt(f, p, p, record_len - RECORD_HEADER_LEN, incoming, 0x16, 0, 0);
 
 				if(n<=0){
 
-					printf("Error decrypting finished  (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
 
+                                    printf("Error decrypting finished  (%x:%d -> %x:%d) (incoming: %d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port), incoming);
 
+                                    printf("record:\n");
 
+                                    for(int i=0; i< 12; i++){
 
+                                            printf("%02x ", p[i]);
 
+                                    }
 
+
 
 				}
 
 #ifdef DEBUG_HS
 
 				printf("Finished decrypted: (%x:%d -> %x:%d)\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
 
@@ -274,12 +287,20 @@ int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
 
 					printf("Received cert\n");
 
 #endif
 
 					break;
 
+                                case TLS_CERT_STATUS:
 
+                                        printf("Received certificate status\n");
 
+                                        break;
 
 				case TLS_SRVR_KEYEX:
 
 #ifdef DEBUG_HS
 
 					printf("Received server keyex\n");
 
 #endif
 
 					if(extract_parameters(f, p)){
 
 						printf("Error extracting params\n");
 
+                                                printf("Message:\n");
 
+                                                for(int i=0; i< RECORD_LEN(record_hdr); i++){
 
+                                                    printf("%02x ", p[i]);
 
+                                                }
 
+                                                printf("\n");
 
 						remove_flow(f);
 
 						goto err;
 
 					}
 
@@ -349,7 +370,7 @@ int update_flow(flow *f, uint8_t *record, uint8_t incoming) {
 
 
 					break;
 
 				default:
 
-					printf("Error? (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
 
+					printf("Error: unrecognized hs message? (%x:%d -> %x:%d)...\n", f->src_ip.s_addr, ntohs(f->src_port), f->dst_ip.s_addr, ntohs(f->dst_port));
 
 					remove_flow(f);
 
 					goto err;
 
 			}
 
@@ -652,7 +673,6 @@ flow *check_flow(struct packet_info *info){
 
 
 	if(found != NULL){
 
             found->ref_ctr++;
 
-            printf("Acquiring flow (%p ref ctr %d)\n", found, found->ref_ctr);
 
 	}
 
 
 	sem_post(&flow_table_lock);

+ 1 - 0
relay_station/flow.h
View File 

@@ -50,6 +50,7 @@
 
 #define TLS_CERT_VERIFY 0x0f
 
 #define TLS_CLNT_KEYEX 0x10
 
 #define TLS_FINISHED 0x14
 
+#define TLS_CERT_STATUS 0x16
 
 
 struct client_st;
 
 typedef struct client_st client;