1 /*
2 SSL Sniffer V1.21.
3 ----------------------------------------------
4 Written by: Eu-Jin Goh (eujin@cs.stanford.edu)
5 Stanford University October 2000
6
7 Copyright (C) 2000 Eu-Jin Goh
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
22 02111-1307, USA.
23
24 ----------------------------------------------
25
26 See the README for program notes.
27 */
28
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <unistd.h>
33 #include <fcntl.h>
34
35 #include <sys/types.h>
36 #include <sys/stat.h>
37 #include <sys/errno.h>
38 #include <sys/select.h>
39 #include <sys/socket.h>
40
41 #include <netinet/in.h>
42 #include <arpa/inet.h>
43 #include <netdb.h>
44
45 #include <openssl/x509.h>
46 #include <openssl/ssl.h>
47 #include <openssl/bio.h>
48 #include <openssl/asn1.h>
49
50
51 #include "sslsniffer.h"
52 #include "general_utilities.h"
53 #include "net_utilities.h"
54
55 #ifndef INADDR_NONE
56 #define INADDR_NONE 0xffffffff /* should be in <netinet/in.h> */
57 #endif
58
59 /* function declarations */
60 static int PopulateArgvParams(argv_params *argv_p, int argc, char **argv);
61 static int InitSSLSniffer(struct sockaddr_in *servAddr, argv_params *argv_p);
62
63 static int WaitForConnection(int listenfd, argv_params *argv_p);
64 static int WaitForClient(struct sockaddr_in *fromAddr, int listenfd);
65 static int ParseCONNECT(char *buffer, struct sockaddr_in *toAddr,
66 int client_fd);
67
68
69 static void DoOneSSLConnection(int client_fd, int server_fd);
70 static void Setfds(fd_set *fds, ssl_connection *ssl_conn);
71
72 static int ClientHelloRead(ssl_connection *ssl_conn);
73 static int ReadOneTLSRecord(ssl_connection *ssl_conn);
74 static int ReadOneSSL2Record(ssl_connection *ssl_conn);
75 static int ServerRead(ssl_connection *ssl_conn);
76 static int ClientRead(ssl_connection *ssl_conn);
77 /*
78 before calling this function, the record len of the ssl_conn should
79 be the total num of bytes to be read including the previously read
80 bytes
81 */
82 static int ReadRecordData(ssl_connection *ssl_conn,
83 char *prev_read_buf,
84 int num_prev_read_bytes);
85
86
87 /* SSL3 / TLS */
88 static int ProcessTLSPacketType(ssl_connection *ssl_conn);
89 static void ProcessTLSAlertMessage(ssl_connection *ssl_conn);
90 static void ProcessTLSHandshakeMessage(ssl_connection *ssl_conn);
91
92 static void ProcessTLSClientHello(char *buffer);
93 static char *ProcessTLSHello(char *buffer);
94
95 static void ProcessServerHello(char *buffer, ssl_connection *ssl_conn);
96 static void ProcessTLSCipherSuite(char byte1, char byte2);
97 static void DetermineTLSKeyExchangeAlgorithm(char byte1, ssl_connection *ssl_conn);
98
99 static void ProcessCertificateChain(char *buffer, ssl_connection *ssl_conn);
100 static void ProcessCertificate(X509 *x);
101 static void PrintCertificateInfo(UTL_CERT_INFO *buf, EVP_PKEY *key);
102
103 static void ProcessCertificateRequest(char *buffer, ssl_connection *ssl_conn);
104
105 static void ProcessTLSServerKeyExchange(char *buffer, ssl_connection *ssl_conn);
106 static char *ExtractParams(char *params, char *type);
107
108 static void ProcessTLSClientKeyExchange(char *buffer, ssl_connection *ssl_conn);
109
110
111 /* SSL2 */
112 static int ProcessOneSSL2Record(ssl_connection *ssl_conn);
113 static void ProcessSSLV2ClientMasterKey(ssl_connection *ssl_conn);
114 static void ProcessSSLV2OneCipherSuite(char byte1, char byte2, char byte3);
115 static void ProcessSSLV2ClientHello(ssl_connection *ssl_conn);
116 static void ProcessSSLV2CipherSuiteData(char *cipher_suite_data,
117 unsigned short data_len);
118 static int IsV2ClientHello(char *record_hdr);
119 static void ProcessSSLV2ServerHello(ssl_connection *ssl_conn);
120 static void ProcessSSLV2Error(ssl_connection *ssl_conn);
121
122 #if 0
123 static void ProcessSSLV2ClientFinished(ssl_connection *ssl_conn);
124 static void ProcessSSLV2ClientCertificate(ssl_connection *ssl_conn);
125 #endif
126
127 /* Utility functions */
128 void CloseSocket(int sock);
129 short TwoBytesToInt(char *buffer);
130 unsigned int ThreeBytesToInt(char *buffer);
131
132 /* main program */
133 int
main(int argc,char ** argv)134 main (int argc, char **argv)
135 {
136 struct sockaddr_in serv_addr; /* proxy server address */
137 int sock; /* our socket handler */
138 argv_params argv_p;
139
140 /* get all the params first */
141 if(PopulateArgvParams(&argv_p, argc, argv) < 0)
142 {
143 return FAILURE;
144 }
145
146 sock = InitSSLSniffer(&serv_addr, &argv_p);
147
148 /* loop till a client connects successfully */
149 while(1)
150 {
151 if(WaitForConnection(sock, &argv_p) < 0)
152 {
153 printf("\n--------------------------------------------------------\n\n");
154 }
155 }
156 CloseSocket(sock);
157 return SUCCESS;
158 }
159
160 static int
PopulateArgvParams(argv_params * argv_p,int argc,char ** argv)161 PopulateArgvParams(argv_params *argv_p, int argc, char **argv)
162 {
163 int num_args = argc - 1;
164 char **cur_argv = &(argv[1]);
165 int change;
166
167 /* set it to the default port first */
168 argv_p->local_port = (short) DEFAULT_PORT;
169 argv_p->proxy = 1;
170
171 /* iterate over the arguments, setting the appropriate fields */
172 for(num_args = argc - 1; num_args > 0; )
173 {
174 if(strcmp(cur_argv[0], SNIFFER_ARGV_PORT) == 0)
175 {
176 /* next argv should be the the port */
177 if(num_args < 2)
178 {
179 goto error;
180 }
181 argv_p->local_port = (short) atoi(cur_argv[1]);
182 change = 2;
183 }
184 else if(strcmp(cur_argv[0], SNIFFER_ARGV_NO_PROXY) == 0)
185 {
186 /* need to specify the hostname and remote port */
187 if(num_args < 3)
188 {
189 goto error;
190 }
191 argv_p->remote_port = (short) atoi(cur_argv[1]);
192 argv_p->remote_host_name_or_ip = cur_argv[2];
193 argv_p->proxy = 0;
194 change = 3;
195 }
196 else
197 {
198 goto error;
199 }
200 num_args -= change;
201 cur_argv += change;
202 }
203
204 return 1;
205
206 error:
207 printf("Usage: sslsniffer [-p <local port>] [-np <remote port> <remote hostname/ip>]\n");
208 return -1;
209 }
210
211 /*
212 Initializes the server socket. The socket is set to be reusable. If
213 no port number is specified, the default one is used.
214
215 returns the socket number that it is listening to.
216 */
217 static int
InitSSLSniffer(struct sockaddr_in * serv_addr,argv_params * argv_p)218 InitSSLSniffer(struct sockaddr_in *serv_addr, argv_params *argv_p)
219 {
220 int listen_fd;
221
222 /* first set up the listening socket */
223
224 listen_fd = utlnet_CreateIPV4StreamSocket();
225
226 utlnet_InitIPV4ServerSockAddrStruct(serv_addr, argv_p->local_port,
227 INADDR_ANY);
228
229 (void) utlnet_InitIPV4ServerSocket(listen_fd, serv_addr, 5, REUSABLE);
230
231 /* print credits! */
232 printf("\nSSLV3/TLS Sniffer 1.1 written by Eu-Jin Goh\n"
233 "Stanford University Applied Crypto Group\n");
234 printf("\nSSL Sniffer listening on port number %d\n",
235 argv_p->local_port);
236
237 /* print out an extra line of info for no proxy connections */
238 if(argv_p->proxy)
239 {
240 printf("\n");
241 }
242 else
243 {
244 printf("Will connect incoming connections to %s on port %d\n\n",
245 argv_p->remote_host_name_or_ip, argv_p->remote_port);
246 }
247
248 return listen_fd;
249 }
250
251
252 /*
253 waits till a client connects to the proxy server. It first tries to
254 read from the client socket and parse the information assuming that
255 the first request is a CONNECT command.
256
257 It then uses the information contained in the request to connect to
258 the server and if successful, replies to the client with a 200
259 status code. Otherwise, it replies with a 400 if the request is not
260 the CONNECT command in the proper format and a 404 if it cannot
261 connect to the dest.
262
263 returns 0 or 1 depending on whether the client connected
264 successfully.
265 */
266 static int
WaitForConnection(int listen_fd,argv_params * argv_p)267 WaitForConnection(int listen_fd, argv_params *argv_p)
268 {
269 int bytes_read=0;
270 int client_fd; /* socket for the client */
271 int server_fd = -1;
272 struct sockaddr_in from_addr;
273 struct sockaddr_in to_addr;
274 char buffer[BUFFER_SIZE];
275
276 /* blocks till a client tries to connect to the proxy server */
277 client_fd = WaitForClient(&from_addr, listen_fd);
278
279 /* if the no_proxy flag was not given, we assume a CONNECT will be sent */
280 if(argv_p->proxy)
281 {
282 /* read and print from client socket */
283 if((bytes_read = utlnet_ReadFromSocket(client_fd, buffer, BUFFER_SIZE)) < 0)
284 {
285 goto error;
286 }
287
288 buffer[bytes_read] = '\0'; /* null terminate the string */
289 printf("\nRead %d bytes from CONNECT request:\n%s", bytes_read, buffer);
290
291 /* obtain dest address and port */
292 if(ParseCONNECT(buffer, &to_addr, client_fd) < 0)
293 {
294 goto error;
295 }
296 }
297 else /* otherwise, this is a direct connection */
298 {
299 if(utlnet_InitIPV4ClientSockAddrStruct(&to_addr,
300 argv_p->remote_port,
301 argv_p->remote_host_name_or_ip) < 0)
302 {
303 goto error;
304 }
305 }
306
307 /* connect to destination */
308 server_fd = utlnet_CreateIPV4StreamSocket();
309 if(utlnet_IPV4Connect(server_fd, &to_addr) < 0)
310 {
311 perror("WaitForConnection");
312
313 /* only send back a 404 if this is a proxied connection */
314 if(argv_p->proxy)
315 {
316 sprintf(buffer,"HTTP/1.0 404 Unable to Connect\r\n\r\n");
317 printf("Writing to socket: %s",buffer);
318 (void) utlnet_WriteToSocket(client_fd, buffer, strlen(buffer));
319 }
320 goto error;
321 }
322
323 /*
324 once connected, reply to client that connection is established.
325 only send it back if this is a proxied connection
326 */
327 if(argv_p->proxy)
328 {
329 sprintf(buffer,"HTTP/1.0 200 Connection Established\r\n\r\n");
330 printf("Sending back to client: %s",buffer);
331 if(utlnet_WriteToSocket(client_fd, buffer, strlen(buffer)) < 0)
332 {
333 goto error;
334 }
335 }
336
337 /* handles this TLS Connection */
338 DoOneSSLConnection(client_fd, server_fd);
339
340 return 1;
341
342 error:
343 CloseSocket(client_fd);
344 if(server_fd >= 0)
345 {
346 CloseSocket(server_fd);
347 }
348 return -1;
349 }
350
351
352 /*
353 accept blocks till a client tries to connect to the proxy server. it
354 then prints out where the connection is originating from (hostname
355 and port)
356
357 returns the socket descriptor for the connection.
358 */
359 static int
WaitForClient(struct sockaddr_in * from_addr,int listen_fd)360 WaitForClient(struct sockaddr_in *from_addr, int listen_fd)
361 {
362 int conn_fd;
363 struct hostent *name;
364
365 conn_fd = utlnet_Accept(listen_fd, from_addr);
366
367 /* print out where connection originates from */
368 name = utlnet_GetHostName(from_addr);
369
370 if(name != NULL)
371 {
372 printf("--------------------------------------------------------\n");
373 printf("Received connection from %s, port %d\n",
374 name->h_name,ntohs(from_addr->sin_port));
375 }
376 else
377 {
378 printf("Cannot resolve IP of incoming connection\n");
379 }
380
381 return conn_fd;
382 }
383
384
385 /*
386 Parses the first message that is sent to the proxy server. It is
387 assumed to be in the following format: CONNECT IPADDRESS:PORT
388
389 extracts the IPADDRESS and stores it in the sockaddr_in as a binary
390 address, together with the port number.
391
392 returns 1 or 0 depending on whether it was successful in parsing.
393 */
394 int
ParseCONNECT(char * buffer,struct sockaddr_in * to_addr,int client_fd)395 ParseCONNECT(char *buffer, struct sockaddr_in *to_addr, int client_fd)
396 {
397 char *start,*end;
398 char *host_name = NULL;
399 char *port = NULL;
400 char temp[BUFFER_SIZE];
401 int return_value = 1;
402
403 start = strchr(buffer, ' '); /* location of first space */
404 end = strchr(buffer, ':'); /* location of ':' */
405
406 /* check that the connect request conforms to the expected spec */
407 if(start == NULL || end == NULL)
408 {
409 sprintf(temp,"HTTP/1.0 400 Bad Request\r\n\r\n");
410 printf("Sending to client: %s", temp);
411 utlnet_WriteToSocket(client_fd, temp, strlen(temp));
412
413 return_value = -1;
414 goto error;
415 }
416
417 /* obtain the host_name */
418 host_name = (char *) utl_GetMem((end - start) / sizeof(char));
419 ++start; /* makes it point to the first char */
420 strncpy(host_name, start, end-start);
421 host_name[end-start] = '\0';
422
423 /* obtain the port number */
424 start = strchr(end, ' ');
425 port = (char *) utl_GetMem((start - end) / sizeof(char));
426 ++end;
427 strncpy(port, end, start - end);
428 port[start-end] = '\0';
429
430 printf("Destination hostname is %s, port is %s\n", host_name, port);
431
432 /* initialize fields in sockaddr_in */
433 if(utlnet_InitIPV4ClientSockAddrStruct(to_addr, atoi(port), host_name) < 0)
434 {
435 return_value = -1;
436 goto error;
437 }
438
439 error:
440 free(host_name);
441 free(port);
442 return return_value;
443 }
444
445 /*
446 Performs the proxy operations for one TLS connection. Sits in the
447 middle the connection and transfers the data from client to server
448 and vice versa.
449
450 Processes the data that the client and server send to each other to
451 determine at which stage of the TLS protocol the connection is in.
452
453 the ssl_conn is always set to assume a client to server connection
454 */
455
456 static void
DoOneSSLConnection(int client_fd,int server_fd)457 DoOneSSLConnection(int client_fd, int server_fd)
458 {
459 int bytes_read = 0;
460 fd_set fds;
461 ssl_connection ssl_conn;
462
463 /*
464 initialize the ssl_conn to default values for TLS
465 default is doing a client to server connection
466 */
467 ssl_conn.client_fd = client_fd;
468 ssl_conn.server_fd = server_fd;
469 ssl_conn.read_fd = ssl_conn.client_fd;
470 ssl_conn.write_fd = ssl_conn.server_fd;
471 ssl_conn.recv_client_hello = 0;
472 ssl_conn.recv_server_hello = 0;
473 ssl_conn.recv_change_cipher[SERVER_RECV_CHANGE_CIPHER] = 0;
474 ssl_conn.recv_change_cipher[CLIENT_RECV_CHANGE_CIPHER] = 0;
475 ssl_conn.recv_change =
476 &(ssl_conn.recv_change_cipher[CLIENT_RECV_CHANGE_CIPHER]);
477
478 /* these are the default values for SSL2 */
479 ssl_conn.ssl2_packets_encrypted = 0;
480
481 /*
482 sits in this while loop transferring and processing data till one of
483 the sockets close
484 */
485 while(true)
486 {
487 Setfds(&fds, &ssl_conn);
488 switch(select( MAX(ssl_conn.client_fd, ssl_conn.server_fd) + 1,
489 &fds, NULL, NULL, NULL))
490 {
491
492 case -1:
493
494 /* select error */
495 perror("DoOneSSLConnection");
496 return;
497
498 default:
499
500 /* figure out which socket has stuff to read and take the
501 appropriate action */
502 if(FD_ISSET(ssl_conn.server_fd, &fds))
503 {
504 printf("\n\nReading from SERVER socket\n");;
505 bytes_read = ServerRead(&ssl_conn);
506 }
507 else if(FD_ISSET(ssl_conn.client_fd, &fds))
508 {
509 printf("\n\nReading from CLIENT socket\n");
510
511 /*
512 client hellos are handled differently, we want to pull
513 off the protocol versions and stuff like that here
514 */
515 if(!ssl_conn.recv_client_hello)
516 {
517 bytes_read = ClientHelloRead(&ssl_conn);
518 }
519 else
520 {
521 bytes_read = ClientRead(&ssl_conn);
522 }
523 }
524 }
525
526 /* either error or no bytes read */
527 if(bytes_read <= 0)
528 {
529 printf("\nClose connections\n\n");
530 CloseSocket(ssl_conn.server_fd);
531 CloseSocket(ssl_conn.client_fd);
532 break;
533 }
534
535 }
536 }
537
538 /*
539 Sets the fd_set for use in the select function
540 */
541 static void
Setfds(fd_set * fds,ssl_connection * ssl_conn)542 Setfds(fd_set *fds, ssl_connection *ssl_conn)
543 {
544 FD_ZERO(fds);
545 FD_SET(ssl_conn->server_fd, fds);
546 FD_SET(ssl_conn->client_fd, fds);
547 }
548
549 /*
550 Handles client hellos. This needs to be separated out from the
551 normal processing because of the V23 client hellos that get sent.
552 We figure out whether it's a V2 or V3 connection here.
553
554 It also writes the entire packet to the hello socket when it is done
555 processing it.
556
557 returns the number of bytes written to the server.
558 */
559 static int
ClientHelloRead(ssl_connection * ssl_conn)560 ClientHelloRead(ssl_connection *ssl_conn)
561 {
562 char record_hdr_buf[TLS_RECORD_HEADER_SIZE];
563 int bytes_read = 0;
564
565 /* we need to figure out whether its V2, V3 or V23 */
566
567 /* pull off the first three bytes */
568 if((bytes_read =
569 utlnet_ReadnBytesFromSocket(ssl_conn->client_fd, record_hdr_buf, TLS_RECORD_HEADER_SIZE)) < 0)
570 {
571 goto end;
572 }
573
574 /* first check if it's a V2 client hello */
575 if(IsV2ClientHello(record_hdr_buf))
576 {
577 /* read the rest of the record from the socket */
578 ssl_conn->record_len = (((record_hdr_buf[0] & 0x7f) << 8)
579 | ((unsigned char) record_hdr_buf[1]))
580 + SSL2_2BYTE_RECORD_HEADER_SIZE;
581
582 if((bytes_read = ReadRecordData(ssl_conn, record_hdr_buf, TLS_RECORD_HEADER_SIZE)) < 0)
583 {
584 goto end;
585 }
586
587 /* set the right values in the ssl_conn */
588 if(ssl_conn->record[SSL2_CLIENT_HELLO_MAJOR_VER_OFFSET] == TLS_MAJOR)
589 {
590 ssl_conn->ssl_version = VERSION_SSL3;
591 }
592 else
593 {
594 ssl_conn->ssl_version = VERSION_SSL2;
595 }
596
597 /* do the printing out */
598 ProcessSSLV2ClientHello(ssl_conn);
599 }
600 else
601 {
602 /* if not ssl2, assume this is a ssl3/tls packet */
603
604 /* read the rest of the record */
605 ssl_conn->record_len = TwoBytesToInt(&(record_hdr_buf[TLS_RECORD_LENGTH_OFFSET]))
606 + TLS_RECORD_HEADER_SIZE;
607 if((bytes_read = ReadRecordData(ssl_conn, record_hdr_buf, TLS_RECORD_HEADER_SIZE))
608 < 0)
609 {
610 goto end;
611 }
612
613 /* verify that the major version is right */
614 if(ssl_conn->record[TLS_RECORD_PROTOCOL_MAJ_VERSION_OFFSET] != TLS_MAJOR)
615 {
616 printf(" ERR Invalid protocol version received in record header.\n");
617 goto end;
618 }
619
620 if(ssl_conn->record[TLS_RECORD_PROTOCOL_MIN_VERSION_OFFSET] == TLS_MINOR)
621 {
622 ssl_conn->ssl_version = VERSION_TLS;
623 }
624 else if(ssl_conn->record[TLS_RECORD_PROTOCOL_MIN_VERSION_OFFSET] == SSL_MINOR)
625 {
626 ssl_conn->ssl_version = VERSION_SSL3;
627 }
628 else
629 {
630 printf(" ERR Invalid protocol version received in record header.\n");
631 goto end;
632 }
633
634 /* process it */
635 ProcessTLSClientHello(ssl_conn->record + TLS_RECORD_HEADER_SIZE);
636 }
637
638 /* flag it as having received a client hello */
639 ssl_conn->recv_client_hello = 1;
640
641 /* send the data over to the server, use bytes read as a return value */
642 bytes_read = utlnet_WritenBytesToSocket(ssl_conn->server_fd,
643 ssl_conn->record,
644 ssl_conn->record_len);
645
646 end:
647 return bytes_read;
648 }
649
650
651 /*
652 Reads from the server socket and writes it to the client one. We
653 need to flip some values to do the server read and then reset them
654 when we are done.
655
656 returns the return code from ClientRead.
657 */
658 static int
ServerRead(ssl_connection * ssl_conn)659 ServerRead(ssl_connection *ssl_conn)
660 {
661 int return_val;
662
663 /* set the appropriate read and write sockets */
664 ssl_conn->read_fd = ssl_conn->server_fd;
665 ssl_conn->write_fd = ssl_conn->client_fd;
666
667 /* set the right change cipher */
668 ssl_conn->recv_change =
669 &(ssl_conn->recv_change_cipher[SERVER_RECV_CHANGE_CIPHER]);
670
671 /* leverage client read */
672 return_val = ClientRead(ssl_conn);
673
674 /* revert back to the default values */
675 ssl_conn->recv_change =
676 &(ssl_conn->recv_change_cipher[CLIENT_RECV_CHANGE_CIPHER]);
677 ssl_conn->read_fd = ssl_conn->client_fd;
678 ssl_conn->write_fd = ssl_conn->server_fd;
679
680 return return_val;
681 }
682
683 /*
684 Called by DoOneSSLConnection to read from the client socket within the
685 select loop. Reads from the client socket and writes the data to the server
686 socket.
687
688 It reads sockets of up to any size using dynamically allocated memory.
689 */
690 static int
ClientRead(ssl_connection * ssl_conn)691 ClientRead(ssl_connection *ssl_conn)
692 {
693 int bytes_read = 0;
694 char buf[1];
695
696 /* we process SSLV2 and TLS connections differently */
697 if(ssl_conn->ssl_version != VERSION_SSL2)
698 {
699 /*
700 this catches the case where the client initially sends a V2 hello
701 with version 3 but the server can only do V2 and hence replies in
702 V2
703 */
704 if(!ssl_conn->recv_server_hello)
705 {
706 /* peek at the first byte to ensure that it's not a V2 server hello */
707 if(utlnet_PeekAtnBytesFromSocket(ssl_conn->read_fd, buf, 1) < 0)
708 {
709 return -1;
710 }
711 if(buf[0] & 0x80)
712 {
713 ssl_conn->ssl_version = VERSION_SSL2;
714 return ClientRead(ssl_conn);
715 }
716 }
717
718 /* TLS connection */
719 if((bytes_read = ReadOneTLSRecord(ssl_conn)) > 0)
720 {
721 /* processes the packet */
722 ProcessTLSPacketType(ssl_conn);
723 }
724 }
725 else
726 {
727 /* SSLV2 connection */
728 if((bytes_read = ReadOneSSL2Record(ssl_conn)) > 0)
729 {
730 ProcessOneSSL2Record(ssl_conn);
731 }
732 }
733
734 /* sends it to the other end if there is something to send */
735 if(bytes_read > 0)
736 {
737 bytes_read = utlnet_WriteToSocket(ssl_conn->write_fd,
738 ssl_conn->record,
739 ssl_conn->record_len);
740 }
741
742 if(ssl_conn->record_len != 0 && ssl_conn->record != NULL)
743 {
744 free(ssl_conn->record);
745 }
746
747 return bytes_read;
748 }
749
750
751 /*
752 Called by ClientRead. Reads from the socket till one complete
753 Record has been read in and then returns the buffer.
754
755 returns the number of bytes read.
756 */
757 static int
ReadOneTLSRecord(ssl_connection * ssl_conn)758 ReadOneTLSRecord(ssl_connection *ssl_conn)
759 {
760 int bytes_read;
761 char record_hdr_buf[TLS_RECORD_HEADER_SIZE];
762 short record_len;
763
764 ssl_conn->record_len = 0;
765 ssl_conn->record = NULL;
766
767 /* read in just the record header */
768 if((bytes_read = utlnet_ReadnBytesFromSocket(ssl_conn->read_fd,
769 record_hdr_buf,
770 TLS_RECORD_HEADER_SIZE)) <= 0)
771 {
772 return bytes_read;
773 }
774
775 /* find out how big this record is and allocate mem for it */
776 record_len = TwoBytesToInt(&(record_hdr_buf[TLS_RECORD_LENGTH_OFFSET]));
777
778 ssl_conn->record_len = (int) record_len + TLS_RECORD_HEADER_SIZE;
779
780 return ReadRecordData(ssl_conn, record_hdr_buf, TLS_RECORD_HEADER_SIZE);
781 }
782
783 static int
ReadOneSSL2Record(ssl_connection * ssl_conn)784 ReadOneSSL2Record(ssl_connection *ssl_conn)
785 {
786 char record_hdr_buf[SSL2_2BYTE_RECORD_HEADER_SIZE];
787 int bytes_read = 0;
788
789 ssl_conn->record_len = 0;
790 ssl_conn->record = NULL;
791
792 /* read in the first two bytes and check how long the record is */
793 if((bytes_read = utlnet_ReadnBytesFromSocket(ssl_conn->read_fd,
794 record_hdr_buf,
795 SSL2_2BYTE_RECORD_HEADER_SIZE))
796 <= 0)
797 {
798 return bytes_read;
799 }
800
801 /* check how long header length is */
802 if(record_hdr_buf[0] & 0x80)
803 {
804 /* 2 bytes */
805 ssl_conn->ssl2_record_hdr_len = SSL2_2BYTE_RECORD_HEADER_SIZE;
806 ssl_conn->record_len =
807 (((((unsigned int) record_hdr_buf[0]) & 0x7f) << 8) |
808 ((unsigned char) record_hdr_buf[1]) )
809 + SSL2_2BYTE_RECORD_HEADER_SIZE;
810 }
811 else
812 {
813 /* 3 bytes */
814 ssl_conn->ssl2_record_hdr_len = SSL2_3BYTE_RECORD_HEADER_SIZE;
815 ssl_conn->record_len =
816 ((((unsigned int) record_hdr_buf[0] & 0x3f) << 8)
817 | ((unsigned char) record_hdr_buf[1]))
818 + SSL2_3BYTE_RECORD_HEADER_SIZE;
819 }
820
821 /* read the rest of the record in */
822 if((bytes_read = ReadRecordData(ssl_conn,
823 record_hdr_buf,
824 SSL2_2BYTE_RECORD_HEADER_SIZE)) <= 0)
825 {
826 return bytes_read;
827 }
828
829 /* if it's padded, get the padding length */
830 if(ssl_conn->ssl2_record_hdr_len == SSL2_3BYTE_RECORD_HEADER_SIZE)
831 {
832 ssl_conn->ssl2_padding_len = (unsigned char) ssl_conn->record[2];
833 }
834
835 return bytes_read;
836 }
837
838 /*
839 reads the rest of the record in. usually called after having read
840 the record header in.
841
842 the record len of the ssl_conn should be set to the total num of
843 bytes to be read including the previously read bytes before calling
844 this function.
845
846 returns the number of bytes read.
847 */
ReadRecordData(ssl_connection * ssl_conn,char * prev_read_buf,int num_prev_read_bytes)848 static int ReadRecordData(ssl_connection *ssl_conn,
849 char *prev_read_buf,
850 int num_prev_read_bytes)
851 {
852 int bytes_read;
853
854 ssl_conn->record = (char *) utl_GetMem(ssl_conn->record_len);
855
856 /* copy the previous bytes over */
857 memcpy(ssl_conn->record, prev_read_buf, num_prev_read_bytes);
858
859 /* then read the rest of the buffer in */
860 if((bytes_read =
861 utlnet_ReadnBytesFromSocket(ssl_conn->read_fd,
862 ssl_conn->record + num_prev_read_bytes,
863 ssl_conn->record_len - num_prev_read_bytes))
864 <= 0)
865 {
866 goto end;
867 }
868
869 return ssl_conn->record_len;
870
871 end:
872 free(ssl_conn->record); /* cannot be null */
873 return bytes_read;
874 }
875
876
877 /* ------------------------ SSL3 / TLS ------------------------ */
878
879 /*
880 Handles TLS packets that it reads from the socket. there might be
881 more than one packet in the data that it reads and so it has to
882 handle those cases. Also application data does not come in nice big
883 packets and might be passed to the proxy in fragments and we handle
884 that too. Determines the kind of packet that has been sent. Handles
885 TLS Record Headers.
886
887 If the data is encrypted, then no further processing is done. This is
888 signalled by the recv_change_cipher argument
889
890 returns the content type.
891 */
892
893 static int
ProcessTLSPacketType(ssl_connection * ssl_conn)894 ProcessTLSPacketType(ssl_connection *ssl_conn)
895 {
896 int i;
897 char *rec_hdr = ssl_conn->record;
898 char *c = (char *) rec_hdr;
899
900 /* print out protocol version */
901 printf("From Record Header -- Protocol Version: %d.%d\n",
902 rec_hdr[1], rec_hdr[2]);
903
904 printf(" Record Length: %d\n",
905 ssl_conn->record_len - TLS_RECORD_HEADER_SIZE);
906
907 switch( (unsigned int) rec_hdr[0])
908 {
909 case TLS_RECORD_TYPE_CHANGE_CIPHER_SPEC:
910
911 printf("Received a CHANGE_CIPHER_SPEC packet:\n"
912 "Further packets will be encrypted ... ");
913
914 /* signals that no more processing is to be done */
915 *(ssl_conn->recv_change) = (char) 1;
916 break;
917
918 case TLS_RECORD_TYPE_ALERT:
919
920 printf("Received an ALERT packet ...\n");
921
922 /* only process if we have not received the change cipher spec */
923 if(!(*(ssl_conn->recv_change)))
924 {
925 ProcessTLSAlertMessage(ssl_conn);
926 }
927 else
928 {
929 printf("Packet is encrypted.");
930 }
931 break;
932
933 case TLS_RECORD_TYPE_HANDSHAKE:
934
935 printf("Received a HANDSHAKE packet ...\n");
936
937 /* only process if we have not received the change cipher spec */
938 if(!(*(ssl_conn->recv_change)))
939 {
940 ProcessTLSHandshakeMessage(ssl_conn);
941 }
942 else
943 {
944 printf("Packet is encrypted.");
945 }
946 break;
947
948 case TLS_RECORD_TYPE_APPLICATION_DATA:
949
950 printf("Received APPLICATION DATA packet ...\n");
951 if(*(ssl_conn->recv_change))
952 {
953 printf("Packet is encrypted.");
954 }
955 break;
956
957 default:
958
959 if(ssl_conn->recv_server_hello)
960 {
961 printf("Received Unrecognised TLS packet, type %d\n",
962 rec_hdr[0]);
963 printf("First 30 bytes of data from packet\n");
964 for(i = 0; i < 30; i++, c++)
965 {
966 printf("%d ",*c);
967 }
968 printf("\n\n");
969 }
970 return -1;
971 }
972
973 return rec_hdr[0];
974 }
975
976 /*
977 Takes in an alert struct and prints out the level of the alert and also
978 the description of the alert.
979 */
980 static void
ProcessTLSAlertMessage(ssl_connection * ssl_conn)981 ProcessTLSAlertMessage(ssl_connection *ssl_conn)
982 {
983 char *str;
984 char *alert_data = ssl_conn->record + TLS_RECORD_HEADER_SIZE;
985
986 if( (unsigned int) alert_data[0] == TLS_ALERT_LEVEL_WARNING)
987 {
988 printf("Alert Level: Warning -- ");
989 }
990 else if( (unsigned int) alert_data[0] == TLS_ALERT_LEVEL_FATAL)
991 {
992 printf("Alert Level: Fatal -- ");
993 }
994
995 switch( (unsigned int) alert_data[1])
996 {
997 case TLS_ALERT_TYPE_CLOSE_NOTIFY:
998 str = "CLOSE_NOTIFY\n";
999 break;
1000 case TLS_ALERT_TYPE_UNEXPECTED_MESSAGE:
1001 str = "UNEXPECTED_MESSAGE\n";
1002 break;
1003 case TLS_ALERT_TYPE_BAD_RECORD_MAC:
1004 str = "BAD_RECORD_MAC\n";
1005 break;
1006 case TLS_ALERT_TYPE_DECRYPTION_FAILED:
1007 str = "DECRYPTION_FAILED\n";
1008 break;
1009 case TLS_ALERT_TYPE_RECORD_OVERFLOW:
1010 str = "RECORD_OVERFLOW\n";
1011 break;
1012 case TLS_ALERT_TYPE_DECOMPRESSION_FAILURE:
1013 str = "DECOMPRESSION_FAILURE\n";
1014 break;
1015 case TLS_ALERT_TYPE_HANDSHAKE_FAILURE:
1016 str = "HANDSHAKE_FAILURE\n";
1017 break;
1018 case TLS_ALERT_TYPE_BAD_CERTIFICATE:
1019 str = "BAD_CERTIFICATE\n";
1020 break;
1021 case TLS_ALERT_TYPE_UNSUPPORTED_CERTIFICATE:
1022 str = "UNSUPPORTED_CERTIFICATE\n";
1023 break;
1024 case TLS_ALERT_TYPE_CERTIFICATE_REVOKED:
1025 str = "CERTIFICATE_REVOKED\n";
1026 break;
1027 case TLS_ALERT_TYPE_CERTIFICATE_EXPIRED:
1028 str = "CERTIFICATE_EXPIRED\n";
1029 break;
1030 case TLS_ALERT_TYPE_CERTIFICATE_UNKNOWN:
1031 str = "CERTIFICATE_UNKNOWN\n";
1032 break;
1033 case TLS_ALERT_TYPE_ILLEGAL_PARAMETER:
1034 str = "ILLEGAL_PARAMETER\n";
1035 break;
1036 case TLS_ALERT_TYPE_UNKNOWN_CA:
1037 str = "UNKNOWN_CA\n";
1038 break;
1039 case TLS_ALERT_TYPE_ACCESS_DENIED:
1040 str = "ACCESS_DENIED\n";
1041 break;
1042 case TLS_ALERT_TYPE_DECODE_ERROR:
1043 str = "DECODE_ERROR\n";
1044 break;
1045 case TLS_ALERT_TYPE_DECRYPT_ERROR:
1046 str = "DECRYPT_ERROR\n";
1047 break;
1048 case TLS_ALERT_TYPE_EXPORT_RESTRICTION:
1049 str = "EXPORT_RESTRICTION\n";
1050 break;
1051 case TLS_ALERT_TYPE_PROTOCOL_VERSION:
1052 str = "PROTOCOL_VERSION\n";
1053 break;
1054 case TLS_ALERT_TYPE_INSUFFICIENT_SECURITY:
1055 str = "INSUFFICIENT_SECURITY\n";
1056 break;
1057 case TLS_ALERT_TYPE_INTERNAL_ERROR:
1058 str = "INTERNAL_ERROR\n";
1059 break;
1060 case TLS_ALERT_TYPE_USER_CANCELED:
1061 str = "USER_CANCELLED\n";
1062 break;
1063 case TLS_ALERT_TYPE_NO_RENEGOTIATION:
1064 str = "NO_RENEGOTIATION\n";
1065 break;
1066 default:
1067 printf("No such alert code %d\n", (unsigned int) alert_data[1]);
1068 return;
1069 }
1070 printf("%s\n",str);
1071 }
1072
1073 /*
1074 Pass in the data segment containing the handshake data extracted from
1075 the TLS Record. Determines the type and takes the appropriate action.
1076 Mostly just prints out the Handshake request.
1077 */
1078 static void
ProcessTLSHandshakeMessage(ssl_connection * ssl_conn)1079 ProcessTLSHandshakeMessage(ssl_connection *ssl_conn)
1080 {
1081 char *cur_handshake_packet;
1082 int bytes_processed = 0;
1083 int total_bytes_to_process = ssl_conn->record_len - TLS_RECORD_HEADER_SIZE;
1084 int handshake_packet_len;
1085
1086 /* move to the first record */
1087 cur_handshake_packet = ssl_conn->record + TLS_RECORD_HEADER_SIZE;
1088
1089 /*
1090 want to keep looping till we've processed all the handshake packets
1091 in a single record. this deals with the multiple handshake packets
1092 in one single record
1093 */
1094 while(bytes_processed < total_bytes_to_process)
1095 {
1096 /* process the current handshake packet */
1097 printf("HandShake Packet Type :- ");
1098
1099 switch(cur_handshake_packet[0])
1100 {
1101 case TLS_HANDSHAKE_TYPE_HELLO_REQUEST:
1102
1103 printf("Hello Request\n");
1104 break;
1105
1106 case TLS_HANDSHAKE_TYPE_CLIENT_HELLO:
1107
1108 printf("SSLV3/TLS Client Hello\n");
1109 ProcessTLSClientHello(cur_handshake_packet);
1110 break;
1111
1112 case TLS_HANDSHAKE_TYPE_SERVER_HELLO:
1113
1114 printf("Server Hello\n");
1115 ProcessServerHello(cur_handshake_packet, ssl_conn);
1116 ssl_conn->recv_server_hello = 1;
1117 break;
1118
1119 case TLS_HANDSHAKE_TYPE_CERTIFICATE:
1120
1121 printf("Certificate\n");
1122 ProcessCertificateChain(cur_handshake_packet, ssl_conn);
1123 break;
1124
1125 case TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE:
1126
1127 printf("Server Key Exchange\n");
1128 ProcessTLSServerKeyExchange(cur_handshake_packet, ssl_conn);
1129 break;
1130
1131 case TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST:
1132
1133 printf("Certificate request\n");
1134 ProcessCertificateRequest(cur_handshake_packet, ssl_conn);
1135 break;
1136
1137 case TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE:
1138
1139 printf("Server hello done\n");
1140 break;
1141
1142 case TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY:
1143
1144 printf("Certificate verify\n");
1145 break;
1146
1147 case TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE:
1148
1149 printf("Client key exchange\n");
1150 ProcessTLSClientKeyExchange(cur_handshake_packet, ssl_conn);
1151 break;
1152
1153 case TLS_HANDSHAKE_TYPE_FINISHED:
1154
1155 printf("Finished Handshake!\n");
1156 break;
1157
1158 default:
1159 printf("Can't recognise Handshake request type %d!\n",cur_handshake_packet[0]);
1160 }
1161
1162 /*
1163 pull out the content length of the handshake packet and add it to
1164 both the bytes processed and also the currentpacket pointer
1165 */
1166 handshake_packet_len = ThreeBytesToInt(&(cur_handshake_packet[1]));
1167 bytes_processed += handshake_packet_len + TLS_HANDSHAKE_HEADER_SIZE;
1168 cur_handshake_packet += handshake_packet_len + TLS_HANDSHAKE_HEADER_SIZE;
1169
1170 /* just for formatting reasons */
1171 if(bytes_processed < total_bytes_to_process)
1172 {
1173 printf("\n");
1174 }
1175 }
1176 }
1177
1178 /*
1179 Given the handshake packet containing the Client Hello message, this
1180 processes it to obtain the protocol version, session ID and the list of
1181 cipher suite that the client can use.
1182 */
1183 static void
ProcessTLSClientHello(char * buffer)1184 ProcessTLSClientHello(char *buffer)
1185 {
1186 char *ptr; /* points at cipher suite */
1187 short cipher_suite_len;
1188 int i;
1189
1190 printf("From Client Hello -- ");
1191 ptr = ProcessTLSHello(buffer);
1192
1193 memcpy(&cipher_suite_len, ptr, 2);
1194 cipher_suite_len = ntohs(cipher_suite_len);
1195 printf("Cipher suite length is %d bytes ... number of cipher suites %d\n",
1196 cipher_suite_len,cipher_suite_len / 2);
1197
1198 ptr += 2; /* advance over the length field of cipher suite */
1199
1200 printf("List of cipher suites are -- \n");
1201 for(i = 0; i < cipher_suite_len; i += 2)
1202 ProcessTLSCipherSuite(ptr[i], ptr[i + 1]);
1203
1204 }
1205
1206 /*
1207 Given the handshake packet containing either the ClientHello or ServerHello
1208 message, it extracts the protocol version, the session ID which is
1209 printed byte by byte in hex and returns the a pointer to the length field
1210 of the cipher suite.
1211 */
1212 static char *
ProcessTLSHello(char * buffer)1213 ProcessTLSHello(char *buffer)
1214 {
1215 char *temp, *ptr = buffer + TLS_HANDSHAKE_HEADER_SIZE;
1216 int i;
1217 unsigned int byte;
1218
1219 /* print out protocol version */
1220 printf("Protocol Version %d.%d\n",(int)ptr[0],(int)ptr[1]);
1221
1222 ptr += SESSION_ID_OFFSET; /* skip over random and protocol version field */
1223
1224 /*
1225 sesssion ID in a hello record is only max 32 bytes => need 1
1226 byte session ID
1227 */
1228 printf("Length of session ID -- %d bytes\n",(int) (*ptr));
1229
1230 /*
1231 nothing big enough to hold a number of 32 bytes so just iterate
1232 over the chars and print them
1233 */
1234 printf("Session ID --\n 0x");
1235
1236 for(i = 0, temp = ptr + 1; i < *ptr; i++, temp++)
1237 {
1238 byte = 0;
1239 memcpy(&byte, temp, 1);
1240 printf("%2.2x",byte);
1241 }
1242 printf("\n");
1243
1244 /* skip over the number of bytes in the session ID field */
1245 ptr += ((*ptr) + 1); /* now pointing at cipher suite */
1246
1247 return ptr;
1248 }
1249
1250 /*
1251 Given the handshake packet containing the Server Hello message, this
1252 processes it to obtain the protocol version, session ID and the
1253 cipher suite that is to be used.
1254 */
1255 static void
ProcessServerHello(char * buffer,ssl_connection * ssl_conn)1256 ProcessServerHello(char *buffer, ssl_connection *ssl_conn)
1257 {
1258 char *ptr;
1259
1260 printf("From Server Hello -- ");
1261 ptr = ProcessTLSHello(buffer); /* points at cipher suite */
1262 printf("Cipher Suite is -- \n");
1263 ProcessTLSCipherSuite(ptr[0], ptr[1]);
1264
1265 DetermineTLSKeyExchangeAlgorithm(ptr[1], ssl_conn);
1266 }
1267
1268 /*
1269 Examines the bytes given and prints out the cipher suite that is
1270 being used.
1271 */
1272 static void
ProcessTLSCipherSuite(char byte1,char byte2)1273 ProcessTLSCipherSuite(char byte1,char byte2)
1274 {
1275 char *name;
1276
1277 if(byte1 == (char)0xff)
1278 {
1279 printf(" Hex Code:");
1280 utl_PrintCharAsHex(byte1);
1281 utl_PrintCharAsHex(byte2);
1282 printf("\n Type: Unknown Cipher Suite\n");
1283 return;
1284 }
1285
1286 /* done because 0x will only be prefixed to a non zero result. */
1287 printf(" Hex Code:");
1288 utl_PrintCharAsHex(byte1);
1289 utl_PrintCharAsHex(byte2);
1290 printf("\n Type: ");
1291
1292 switch(byte2)
1293 {
1294 case 0x00:
1295 name = "No encryption";
1296 break;
1297 case 0x01:
1298 name = "RSA with hash function MD5";
1299 break;
1300 case 0x02:
1301 name = "RSA with SHA";
1302 break;
1303 case 0x03:
1304 name = "RSA EXPORT with 40 bit RC4 and hash function MD5";
1305 break;
1306 case 0x04:
1307 name = "RSA with 128 bit RC4 and hash function MD5";
1308 break;
1309 case 0x05:
1310 name = "RSA with 128 bit RC4 and hash function SHA";
1311 break;
1312 case 0x06:
1313 name = "RSA EXPORT with 40 bit RC2 in CBC mode and hash function MD5";
1314 break;
1315 case 0x07:
1316 name = "RSA with IDEA in CBC mode and hash function SHA";
1317 break;
1318 case 0x08:
1319 name = "RSA EXPORT with 40 bit DES in CBC mode and hash function SHA";
1320 break;
1321 case 0x09:
1322 name = "RSA with DES in CBC mode and hash function SHA";
1323 break;
1324 case 0x0A:
1325 name = "RSA with 3DES EDE in CBC mode and hash function SHA";
1326 break;
1327 case 0x0B:
1328 name = "DH DSS EXPORT with 40 bit DES in CBC mode and hash function SHA";
1329 break;
1330 case 0x0C:
1331 name = "DH DSS with DES in CBC mode and hash function SHA";
1332 break;
1333 case 0x0D:
1334 name = "DH DSS with 3DES EDE in CBC mode and hash function SHA";
1335 break;
1336 case 0x0E:
1337 name = "DH RSA EXPORT with 40 bit DES in CBC mode and hash function SHA";
1338 break;
1339 case 0x0F:
1340 name = "DH RSA with DES in CBC mode and hash function SHA";
1341 break;
1342 case 0x10:
1343 name = "DH RSA with 3DES EDE in CBC mode and hash function SHA";
1344 break;
1345 case 0x11:
1346 name = "DHE DSS EXPORT with 40 bit DES in CBC mode and hash function SHA";
1347 break;
1348 case 0x12:
1349 name = "DHE DSS with DES in CBC mode and hash function SHA";
1350 break;
1351 case 0x13:
1352 name = "DHE DSS with 3DES EDE in CBC mode and hash function SHA";
1353 break;
1354 case 0x14:
1355 name = "RSA EXPORT with 40 bit DES in CBC mode and hash function SHA";
1356 break;
1357 case 0x15:
1358 name = "DHE RSA with DES in CBC mode and hash function SHA";
1359 break;
1360 case 0x16:
1361 name = "DHE RSA with 3DES EDE in CBC mode and hash function SHA";
1362 break;
1363 case 0x17:
1364 name = "Anonymous DH EXPORT with 40 bit RC4 and hash function MD5";
1365 break;
1366 case 0x18:
1367 name = "Anonymous DH with 128 bit RC4 and hash function MD5";
1368 break;
1369 case 0x19:
1370 name = "Anonymous DH EXPORT with 40 bit DES in CBC mode and hash function SHA";
1371 break;
1372 case 0x1A:
1373 name = "Anonymous DH with DES in CBC mode and hash function SHA";
1374 break;
1375 case 0x1B:
1376 name = "Anonymous DH with 3DES EDE in CBC mode and hash function SHA";
1377 break;
1378
1379 /* Elliptic Curve Cipher Suites */
1380
1381 case 0x34:
1382 name = "Elliptic Curve DHE DSS and hash function SHA";
1383 break;
1384 case 0x36:
1385 name = "Elliptic Curve DHE DSS with 128 bit RC4 and hash function SHA";
1386 break;
1387 case 0x37:
1388 name = "Elliptic Curve DHE DSS with DES CBC and hash function SHA";
1389 break;
1390 case 0x38:
1391 name = "Elliptic Curve DHE DSS with 3DES EDE CBC and hash function SHA";
1392 break;
1393 case 0x39:
1394 name = "Elliptic Curve DHE DSS Export with 40 bit DES CBC and hash function SHA";
1395 break;
1396 case 0x40:
1397 name = "Elliptic Curve DHE DSS Export with 40 bit RC4 and hash function SHA";
1398 break;
1399 case 0x60:
1400 name = "RSA Export with 56 bit RC4 and hash function MD5";
1401 break;
1402 case 0x61:
1403 name = "RSA Export with 56 bit RC2 CBC and hash function MD5";
1404 break;
1405 case 0x62:
1406 name = "RSA Export with DES CBC and hash function SHA";
1407 break;
1408 case 0x63:
1409 name = "DHE DSS Export with DES CBC and hash function SHA";
1410 break;
1411 case 0x64:
1412 name = "RSA Export with 56 bit RC4 and hash function SHA";
1413 break;
1414 case 0x65:
1415 name = "DHE DSS Export with 56 bit RC4 and hash function SHA";
1416 break;
1417 case 0x66:
1418 name = "DHE DSS with 128 bit RC4 and hash function SHA";
1419 break;
1420 default:
1421 printf("Unknown Cipher Suite\n");
1422 return;
1423 }
1424 printf("%s\n",name);
1425 }
1426
1427 /*
1428 Determines if the algorithm is using DH or RSA and returns the value
1429 through keyxchange_alg field of the ssl_conn struct.
1430 */
1431 static void
DetermineTLSKeyExchangeAlgorithm(char byte1,ssl_connection * ssl_conn)1432 DetermineTLSKeyExchangeAlgorithm(char byte1, ssl_connection *ssl_conn)
1433 {
1434 switch(byte1)
1435 {
1436 case 0x01: case 0x02: case 0x03: case 0x04: case 0x05: case 0x06:
1437 case 0x07: case 0x08: case 0x09: case 0x0A: case 0x14:
1438 case 0x60: case 0x61: case 0x62: case 0x64:
1439 ssl_conn->keyxchange_alg = RSA; break;
1440 case 0x0B: case 0x0C: case 0x0D: case 0x0E: case 0x0F: case 0x10:
1441 case 0x11: case 0x12: case 0x13:
1442 case 0x15: case 0x16: case 0x17: case 0x18: case 0x19: case 0x1A:
1443 case 0x1B:
1444 case 0x34: case 0x35: case 0x36: case 0x37: case 0x38: case 0x39:
1445 case 0x40:
1446 case 0x63: case 0x65: case 0x66:
1447 ssl_conn->keyxchange_alg = DH; break;
1448 default:
1449 printf("Error: no such key exchange algorithm\n");
1450 }
1451 }
1452
1453
1454 /*
1455 processes the certificates that the server might send to the client.
1456 uses code from the openssl library.
1457
1458 This should not be used for a SSLV2 certificate data because it
1459 seems like V2 does not support cert chains.
1460 */
1461 static void
ProcessCertificateChain(char * buffer,ssl_connection * ssl_conn)1462 ProcessCertificateChain(char *buffer, ssl_connection *ssl_conn)
1463 {
1464 X509 *cert = NULL;
1465 unsigned long nc, llen, l;
1466 unsigned char *p,*d,*q;
1467
1468 /* from openssl, including naming conventions */
1469
1470 /* these pointers are different depending on what version of ssl */
1471 if(ssl_conn->ssl_version == VERSION_TLS ||
1472 ssl_conn->ssl_version == VERSION_SSL3)
1473 {
1474 d = p = (unsigned char *) (buffer + TLS_HANDSHAKE_HEADER_SIZE);
1475 }
1476 else
1477 {
1478 printf(" ERR Incorrect SSL version in record header for certificate.\n");
1479 return;
1480 }
1481
1482 n2l3(p, llen);
1483
1484 for (nc = 0; nc < llen; )
1485 {
1486 n2l3(p, l);
1487
1488 if ((l + nc + 3) > llen)
1489 {
1490 printf(" ERR Certificate length mismatch\n");
1491 return;
1492 }
1493
1494 q = p;
1495
1496 cert = d2i_X509(NULL, &q, l); /* grab the current cert */
1497
1498 if (cert == NULL)
1499 {
1500 printf(" ERR Bad Certificate\n");
1501 return;
1502 }
1503 if (q != (p + l))
1504 {
1505 printf(" ERR in Certificate Decode\n");
1506 return;
1507 }
1508
1509 ProcessCertificate(cert);
1510
1511 cert = NULL;
1512 nc += l + 3;
1513 p = q;
1514 }
1515 }
1516
1517 /*
1518 takes the X509 certificate and parses out the information into a
1519 UTL_CERT_INFO struct. Taken from Dan Boneh's utl_cert.c
1520 */
1521 static void
ProcessCertificate(X509 * x)1522 ProcessCertificate(X509 *x)
1523 {
1524 UTL_CERT_INFO buf;
1525 BIO *mem = NULL;
1526 EVP_PKEY *key;
1527
1528 if ((mem=BIO_new(BIO_s_mem())) == NULL)
1529 {
1530 printf("ERR Unable to create new BIO\n");
1531 return;
1532 }
1533
1534 /* Extract and process validity periods */
1535 ASN1_UTCTIME_print(mem, X509_get_notAfter(x));
1536 BIO_gets(mem, buf.notAfter, sizeof(buf.notAfter));
1537 ASN1_UTCTIME_print(mem, X509_get_notBefore(x));
1538 BIO_gets(mem, buf.notBefore, sizeof(buf.notBefore));
1539
1540 /* Extract and process subject name */
1541 buf.subj = X509_get_subject_name(x);
1542 X509_NAME_oneline(buf.subj,
1543 buf.subj_DistName, sizeof(buf.subj_DistName) );
1544
1545 /* Extract and process issuer name */
1546 buf.issuer = X509_get_issuer_name(x);
1547 X509_NAME_oneline(buf.issuer,
1548 buf.issuer_DistName, sizeof(buf.issuer_DistName) );
1549
1550 /* get the key size */
1551 key = X509_get_pubkey(x);
1552
1553 PrintCertificateInfo(&buf,key);
1554
1555 BIO_free(mem);
1556 EVP_PKEY_free(key);
1557 }
1558
1559
1560 /*
1561 takes the info from utl_cert_info and prints out the info.
1562 also prints out the key size and type of key exchange mechanism.
1563 key handling taken from Dan Boneh's utl_cert.c
1564 */
1565 static void
PrintCertificateInfo(UTL_CERT_INFO * buf,EVP_PKEY * key)1566 PrintCertificateInfo(UTL_CERT_INFO *buf, EVP_PKEY *key)
1567 {
1568 printf(" CERTIFICATE INFORMATION :- \n");
1569 printf(" Validity -- Not After %s\n",buf->notAfter);
1570 printf(" Not Before %s\n",buf->notBefore);
1571 printf(" Subject Distinguished Name -- \n %s\n",buf->subj_DistName);
1572 printf(" Issuer Distinguished Name -- \n %s\n",buf->issuer_DistName);
1573
1574 if (key == NULL) return;
1575
1576 switch (EVP_PKEY_id(key))
1577 {
1578 case EVP_PKEY_RSA:
1579 #if OPENSSL_VERSION_NUMBER < 0x10100005L
1580 buf->keysize = RSA_size(key->pkey.rsa)*8;
1581 #else
1582 buf->keysize = RSA_size(EVP_PKEY_get0_RSA(key))*8;
1583 #endif
1584 printf(" RSA Public key size %d bits\n\n",buf->keysize);
1585 break;
1586 case EVP_PKEY_DSA:
1587 #if OPENSSL_VERSION_NUMBER < 0x10100005L
1588 buf->keysize = DSA_size(key->pkey.dsa)*8;
1589 #else
1590 buf->keysize = DSA_size(EVP_PKEY_get0_DSA(key))*8;
1591 #endif
1592 printf(" DSS Public key size %d bits\n\n",buf->keysize);
1593 break;
1594 default:
1595 printf(" Unknown key type\n\n");
1596 }
1597 }
1598
1599
1600 /*
1601 prints out the types of certificates requested. At present just
1602 dumps out the distinguished names of the CA as a string.
1603 */
1604 static void
ProcessCertificateRequest(char * buffer,ssl_connection * ssl_conn)1605 ProcessCertificateRequest(char *buffer, ssl_connection *ssl_conn)
1606 {
1607 char *data = buffer + TLS_HANDSHAKE_HEADER_SIZE;
1608 char *temp;
1609 unsigned int cert_type_len = 0;
1610 int i;
1611 unsigned int len = ThreeBytesToInt(buffer + 1);
1612
1613 printf("Types of certificates requested --\n");
1614 memcpy(&cert_type_len, data, 1);
1615
1616 for(i = 0, data++; i < cert_type_len; i++, data++)
1617 {
1618 switch(*data)
1619 {
1620 case 1:
1621 printf("\tRSA certificate\n");
1622 break;
1623 case 2:
1624 printf("\tDSS certificate\n");
1625 break;
1626 case 3:
1627 printf("\tRSA certificate with fixed DH parameters\n");
1628 break;
1629 case 4:
1630 printf("\tDSS certificate with fixed DH parameters\n");
1631 break;
1632 default:
1633 printf("\tUnknown certificate requested\n");
1634 break;
1635 }
1636 }
1637
1638 /* print out the distinguished names of the CA */
1639 len -= cert_type_len;
1640 temp = (char *) utl_GetMem(len + 1);
1641 memcpy(temp, data, len);
1642 temp[len] = '\0';
1643 printf("Distinguished Names of CA's -- %s", temp);
1644
1645 free(temp);
1646 }
1647
1648 /*
1649 processes the server key exchange to obtain the parameters.
1650 depending on whether the algorithm is RSA or DSS, different
1651 params will be printed out.
1652 */
1653 static void
ProcessTLSServerKeyExchange(char * buffer,ssl_connection * ssl_conn)1654 ProcessTLSServerKeyExchange(char *buffer, ssl_connection *ssl_conn)
1655 {
1656 char *data = buffer + TLS_HANDSHAKE_HEADER_SIZE;
1657
1658 switch(ssl_conn->keyxchange_alg)
1659 {
1660 case RSA:
1661 data = ExtractParams(data, "RSA Modulus");
1662 ExtractParams(data, "RSA Exponent");
1663 break;
1664 case DH:
1665 data = ExtractParams(data, "DH Prime Modulus p");
1666 data = ExtractParams(data, "DH Generator g");
1667 data = ExtractParams(data, "DH public value (g^X mod p)");
1668 break;
1669 }
1670 }
1671
1672 /*
1673 prints out the data in hex of the parameters. assumes that the length
1674 of the data is given by the first 2 bytes.
1675 */
1676 static char *
ExtractParams(char * params,char * type)1677 ExtractParams(char *params, char *type)
1678 {
1679 unsigned short param_len = TwoBytesToInt(params);
1680 char *start = params;
1681 int i;
1682 unsigned int byte;
1683
1684 printf("Length of %s -- %d\n", type, param_len);
1685 printf("%s --\n 0x",type);
1686
1687 /* skip over two byte length field */
1688 for(i = 0, params += 2; i < param_len; i++, params++)
1689 {
1690 byte = 0; memcpy(&byte, params, 1);
1691 printf("%2.2x", byte);
1692 }
1693 printf("\n");
1694 return (start + 2 + param_len);
1695 }
1696
1697 /*
1698 Using the keyxchange_alg field of the ssl_conn passed in, will
1699 process and print out the appropriate information. For RSA, prints
1700 out the RSA encrypted premaster secret and for DH, prints out the
1701 public value.
1702 */
1703 static void
ProcessTLSClientKeyExchange(char * buffer,ssl_connection * ssl_conn)1704 ProcessTLSClientKeyExchange(char *buffer, ssl_connection *ssl_conn)
1705 {
1706 char *ptr = buffer + TLS_HANDSHAKE_HEADER_SIZE;
1707 int i;
1708 unsigned int len = ThreeBytesToInt(buffer+1);
1709 unsigned int byte = 0;
1710
1711 switch(ssl_conn->keyxchange_alg)
1712 {
1713 case RSA:
1714
1715 printf("Length of RSA Encrypted PreMaster Secret -- %d bytes\n",len);
1716 printf("RSA Encrypted PreMaster Secret --\n 0x");
1717
1718 /* 1 for first byte specifying type and 3 for length field */
1719 for(i = 0, ptr += 4; i < len; i++, ptr++)
1720 {
1721 byte = 0; memcpy(&byte, ptr, 1);
1722 printf("%2.2x", byte);
1723 }
1724 printf("\n");
1725 break;
1726 case DH:
1727 if(!len)
1728 {
1729 ExtractParams(ptr,"DH public value");
1730 }
1731 else
1732 {
1733 printf("DH public key is implicit in client certificate\n");
1734 }
1735 break;
1736 default:
1737 printf("Unable to process Client Key Exchange %d\n", ssl_conn->keyxchange_alg);
1738 }
1739 }
1740
1741
1742 /* ---------------------------- SSL2 -------------------------------- */
1743
1744
1745 static int
ProcessOneSSL2Record(ssl_connection * ssl_conn)1746 ProcessOneSSL2Record(ssl_connection *ssl_conn)
1747 {
1748 /* print out protocol version */
1749 printf("Protocol Version: SSLV2\n");
1750 printf("From Record Header -- Record Length: %d\n",
1751 ssl_conn->record_len - ssl_conn->ssl2_record_hdr_len );
1752
1753 /* print out padding length if record was padded */
1754 if(ssl_conn->ssl2_record_hdr_len == SSL2_3BYTE_RECORD_HEADER_SIZE)
1755 {
1756 printf(" Padding Length: %d\n",
1757 ssl_conn->ssl2_padding_len);
1758 }
1759
1760 /*
1761 the packet is encrypted. we cannot even parse to determine the
1762 content type
1763 */
1764 if(ssl_conn->ssl2_packets_encrypted)
1765 {
1766 printf("Packet is encrypted.\n");
1767 return 1;
1768 }
1769
1770 switch(ssl_conn->record[ssl_conn->ssl2_record_hdr_len])
1771 {
1772 case SSL2_MT_CLIENT_MASTER_KEY:
1773
1774 ProcessSSLV2ClientMasterKey(ssl_conn);
1775
1776 /* all further packets will be encrypted */
1777 ssl_conn->ssl2_packets_encrypted = 1;
1778
1779 break;
1780
1781 case SSL2_MT_CLIENT_HELLO:
1782
1783 /* this should never be called though */
1784 ProcessSSLV2ClientHello(ssl_conn);
1785 break;
1786
1787 case SSL2_MT_SERVER_HELLO:
1788
1789 /*
1790 check if we should expect a client master key packet next by
1791 looking at the resume hit char
1792 */
1793 if(ssl_conn->record[ssl_conn->ssl2_record_hdr_len + 1] != 0)
1794 {
1795 /* since the session id hit, all further packets will be encrypted */
1796 ssl_conn->ssl2_packets_encrypted = 1;
1797 }
1798 ProcessSSLV2ServerHello(ssl_conn);
1799 break;
1800
1801 case SSL2_MT_ERROR:
1802
1803 ProcessSSLV2Error(ssl_conn);
1804 break;
1805 /*
1806 these are all sent encrypted. since we are only parsing in this
1807 version, we cannot do anything since we don't even know the kind of
1808 packet this is
1809
1810 case SSL2_MT_CLIENT_FINISHED:
1811
1812 ProcessSSLV2ClientFinished(ssl_conn);
1813 break;
1814
1815 case SSL2_MT_SERVER_VERIFY:
1816
1817 break;
1818 case SSL2_MT_SERVER_FINISHED:
1819
1820 break;
1821 case SSL2_MT_REQUEST_CERTIFICATE:
1822
1823 break;
1824 case SSL2_MT_CLIENT_CERTIFICATE:
1825
1826 ProcessSSLV2ClientCertificate(ssl_conn);
1827 break;
1828 */
1829 default:
1830 printf("Received Unknown packet type.\n");
1831 return -1;
1832 }
1833
1834 //printf("\n");
1835 return 1;
1836 }
1837
1838 /*
1839 Processes the client master key packet.
1840 */
1841 static void
ProcessSSLV2ClientMasterKey(ssl_connection * ssl_conn)1842 ProcessSSLV2ClientMasterKey(ssl_connection *ssl_conn)
1843 {
1844 unsigned short clear_key_data_len = 0;
1845 unsigned short encrypted_key_data_len = 0;
1846 unsigned short key_arg_data_len = 0;
1847 char *record = ssl_conn->record;
1848
1849 printf("Received Client Master Key Packet --\n");
1850 printf("Cipher Suite --\n");
1851
1852 ProcessSSLV2OneCipherSuite(record[1], record[2], record[3]);
1853
1854 clear_key_data_len =
1855 (((unsigned short) record[4]) << 8) | ((unsigned char) record[5]);
1856 encrypted_key_data_len =
1857 (((unsigned short) record[6]) << 8) | ((unsigned char) record[7]);
1858 key_arg_data_len =
1859 (((unsigned short) record[8]) << 8) | ((unsigned char) record[9]);
1860
1861 printf("Clear Key Data Length -- %hu\n", clear_key_data_len);
1862 printf("Encrypted Key Data Length -- %hu\n", encrypted_key_data_len);
1863 printf("Key Arg Data Length -- %hu\n", encrypted_key_data_len);
1864 printf("All further packets will be encrypted.\n");
1865 }
1866
1867 /*
1868 Examines the bytes given and prints out the cipher suite that is being
1869 used. This is used when a SSLV2 client hello is being processed.
1870 */
1871 static void
ProcessSSLV2OneCipherSuite(char byte1,char byte2,char byte3)1872 ProcessSSLV2OneCipherSuite(char byte1, char byte2, char byte3)
1873 {
1874 char unknown = 0;
1875
1876 if(byte1 == 0x00) /* TLS Ciphers used */
1877 {
1878 ProcessTLSCipherSuite(byte2,byte3);
1879 return;
1880 }
1881
1882 printf(" Hex Code:");
1883 utl_PrintCharAsHex(byte1);
1884 utl_PrintCharAsHex(byte2);
1885 utl_PrintCharAsHex(byte3);
1886 printf("\n Type: ");
1887
1888 switch((unsigned char) byte1)
1889 {
1890 case 0x01:
1891 if(byte3 == (char) 0x80)
1892 {
1893 printf("RSA with 128 bit RC4 and hash function MD5\n");
1894 }
1895 else
1896 {
1897 unknown = 1;
1898 }
1899 break;
1900 case 0x02:
1901 if(byte3 == (char) 0x80)
1902 {
1903 printf("RSA Export with 40 bit RC4 and hash function MD5\n");
1904 }
1905 else
1906 {
1907 unknown = 1;
1908 }
1909 break;
1910 case 0x03:
1911 if(byte3 == (char) 0x80)
1912 {
1913 printf("RSA with 128 bit RC2 CBC and hash function MD5\n");
1914 }
1915 else
1916 {
1917 unknown = 1;
1918 }
1919 break;
1920 case 0x04:
1921 if(byte3 == (char) 0x80)
1922 {
1923 printf("RSA Export with 40 bit RC2 and hash function MD5\n");
1924 }
1925 else
1926 {
1927 unknown = 1;
1928 }
1929 break;
1930 case 0x05:
1931 if(byte3 == (char) 0x80)
1932 {
1933 if(byte2 == (char) 0x00)
1934 {
1935 printf("RSA with 128 bit IDEA CBC and hash function MD5\n");
1936 }
1937 else
1938 {
1939 printf("RSA with 128 bit IDEA CBC and hash function SHA\n");
1940 }
1941 }
1942 else
1943 {
1944 unknown = 1;
1945 }
1946 break;
1947 case 0x06:
1948 if(byte3 == (char) 0x40)
1949 {
1950 printf("RSA with 64 bit DES CBC and hash function MD5\n");
1951 }
1952 else
1953 {
1954 unknown = 1;
1955 }
1956 break;
1957 case 0x07:
1958 if(byte3 == (char) 0xC0)
1959 {
1960 if(byte2 == (char) 0x00)
1961 {
1962 printf("RSA with 192 bit 3DES EDE CBC and hash function MD5\n");
1963 }
1964 else
1965 {
1966 printf("RSA with 192 bit 3DES EDE CBC and hash function SHA\n");
1967 }
1968 }
1969 else
1970 {
1971 unknown = 1;
1972 }
1973 break;
1974 case 0xff:
1975 if(byte3 == 0x00)
1976 {
1977 printf("RSA with 64 bit DES CFB with hash function MD5\n");
1978 }
1979 else
1980 {
1981 printf("No Cipher Suite\n");
1982 }
1983 break;
1984 default:
1985 unknown = 1;
1986 }
1987
1988 if(unknown)
1989 {
1990 printf("Unknown SSLV2 cipher used\n");
1991 }
1992 }
1993
1994 /*
1995 Processes the SSLV2 Client Hello message. This message is only sent by
1996 clients that support both TLS1.0 and SSLV2. Appendix E RFC 2246.
1997
1998 Assumes that the buffer points to the record type which is 2 bytes
1999 after the start of the packet. -- not any more.
2000 Now assumes starts at record beginning.
2001 */
2002 static void
ProcessSSLV2ClientHello(ssl_connection * ssl_conn)2003 ProcessSSLV2ClientHello(ssl_connection *ssl_conn)
2004 {
2005 char *buffer =
2006 ssl_conn->record + SSL2_2BYTE_RECORD_HEADER_SIZE; /* skip over record */
2007 short cipher_spec_len =
2008 TwoBytesToInt(&(buffer[SSL2_CLIENT_HELLO_CIPHER_SPEC_LEN_OFFSET]));
2009 short session_id_len =
2010 TwoBytesToInt(&(buffer[SSL2_CLIENT_HELLO_SESSION_ID_LEN_OFFSET]));
2011 short challenge_len =
2012 TwoBytesToInt(&(buffer[SSL2_CLIENT_HELLO_CHALLENGE_LEN_OFFSET]));
2013 char *ptr;
2014 int session_id_offset =
2015 cipher_spec_len + SSL2_CLIENT_HELLO_CIPHER_SPEC_OFFSET;
2016 int i;
2017 unsigned int byte;
2018
2019 printf("Received SSLV2 Client Hello ...\n");
2020 printf("\nFrom Client Hello -- Protocol Version: %d.%d\n",
2021 buffer[1], buffer[2]);
2022
2023 printf("Session ID Length -- %hd bytes\n", session_id_len);
2024 printf("Session ID --\n");
2025 for(i = 0, ptr = buffer + session_id_offset;
2026 i < session_id_len;
2027 i++, ptr++)
2028 {
2029 byte = 0;
2030 memcpy(&byte, ptr, 1);
2031 printf("%.2x", byte);
2032 }
2033
2034 ProcessSSLV2CipherSuiteData(buffer + SSL2_CLIENT_HELLO_CIPHER_SPEC_OFFSET,
2035 cipher_spec_len);
2036
2037 printf("Challenge Length -- %hd bytes\n", challenge_len);
2038 }
2039
2040 /*
2041 Processes all the cipher suite data
2042 */
2043 static void
ProcessSSLV2CipherSuiteData(char * cipher_suite_data,unsigned short data_len)2044 ProcessSSLV2CipherSuiteData(char *cipher_suite_data,
2045 unsigned short data_len)
2046 {
2047 int i;
2048 char *ptr;
2049
2050 printf("Cipher Suite Length %hd bytes ... number of cipher suites %d\n",
2051 data_len, data_len / SSL2_ONE_CIPHER_SUITE_LEN);
2052 printf("Cipher Suite List is -- \n");
2053 for(i = 0, ptr = cipher_suite_data;
2054 i < data_len;
2055 i += SSL2_ONE_CIPHER_SUITE_LEN, ptr += SSL2_ONE_CIPHER_SUITE_LEN)
2056 {
2057 ProcessSSLV2OneCipherSuite(ptr[0], ptr[1], ptr[2]);
2058 }
2059 }
2060
2061 /*
2062 Checks if the record hdr is a v2 client hello. we don't have to
2063 worry about the padding byte because a client hello is always in
2064 plain text.
2065 */
2066 static int
IsV2ClientHello(char * record_hdr)2067 IsV2ClientHello(char *record_hdr)
2068 {
2069 return((record_hdr[0] & 0x80) &&
2070 (record_hdr[SSL2_MSG_TYPE_OFFSET] == SSL2_MT_CLIENT_HELLO));
2071 }
2072
2073 /*
2074 prints out the relevant information for a server hello
2075 */
2076 static void
ProcessSSLV2ServerHello(ssl_connection * ssl_conn)2077 ProcessSSLV2ServerHello(ssl_connection *ssl_conn)
2078 {
2079 char session_id_hit = 0;
2080 char certificate_type;
2081 unsigned short server_version;
2082 unsigned short certificate_len;
2083 unsigned short cipher_spec_len;
2084 unsigned short connection_id_len;
2085 char *record_data = ssl_conn->record + ssl_conn->ssl2_record_hdr_len;
2086 char *cert_data = record_data + SSL2_SERVER_HELLO_CERT_DATA_OFFSET;
2087 char *cipher_spec_data;
2088
2089 X509 *cert;
2090
2091 printf("Received Server Hello Packet --\n");
2092
2093 /* first pull out all the data */
2094 session_id_hit = record_data[1];
2095 certificate_type = record_data[2];
2096 server_version = ((unsigned short) (record_data[3] << 8)) |
2097 ((unsigned char) record_data[4]);
2098 certificate_len = ((unsigned short) (record_data[5] << 8)) |
2099 ((unsigned char) record_data[6]);
2100 cipher_spec_len = ((unsigned short) (record_data[7] << 8)) |
2101 ((unsigned char) record_data[8]);
2102 connection_id_len = ((unsigned short) (record_data[9] << 8)) |
2103 ((unsigned char) record_data[10]);
2104
2105 cipher_spec_data = cert_data + certificate_len;
2106
2107 printf("Server version is %hu\n", server_version);
2108
2109 if(session_id_hit)
2110 {
2111 printf("Session ID matched previous session - SSL2 Resume\n"
2112 "All further packets will be encrypted\n");
2113 return; /* all the other fields will be empty */
2114 }
2115 else
2116 {
2117 printf("Session ID did not match any previous session - No Resume\n");
2118 }
2119
2120 /*
2121 it appears that V2 doesn't seem to support the chain the same way
2122 as TLS. In fact, it doesn't seem to support any chains at all.
2123 ProcessCertificateChain(cert_data, ssl_conn);
2124 */
2125
2126 /* extract and print out the cert */
2127 cert = d2i_X509(NULL, (unsigned char **) &cert_data, certificate_len);
2128 ProcessCertificate(cert);
2129
2130 ProcessSSLV2CipherSuiteData(cipher_spec_data, cipher_spec_len);
2131
2132 printf("Connection ID len is %hu\n", connection_id_len);
2133 }
2134
2135 /*
2136 prints out the relevant information for a server hello
2137 */
2138 static void
ProcessSSLV2Error(ssl_connection * ssl_conn)2139 ProcessSSLV2Error(ssl_connection *ssl_conn)
2140 {
2141 char *record_data = ssl_conn->record + ssl_conn->ssl2_record_hdr_len;
2142 unsigned short error_code;
2143
2144
2145 printf("Received SSLV2 Error -- \n");
2146
2147 error_code = (record_data[1] << 8) | ((unsigned char) record_data[2]);
2148
2149 printf("Error Code is %hu -- ", error_code);
2150
2151 switch(error_code)
2152 {
2153 case SSL2_PE_NO_CIPHER:
2154
2155 printf("No common ciphers supported.\n");
2156 break;
2157
2158 case SSL2_PE_NO_CERTIFICATE:
2159
2160 printf("No certificate sent by client.\n");
2161 break;
2162
2163 case SSL2_PE_BAD_CERTIFICATE:
2164
2165 printf("Bad certificate sent.\n");
2166 break;
2167
2168 case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
2169
2170 printf("Unsupported certificate type.\n");
2171 break;
2172
2173 default:
2174
2175 printf("Unknown error.\n");
2176 break;
2177 }
2178 }
2179
2180 #if 0
2181 /*
2182 Since we are only parsing it and it is sent encrypted, we can't do
2183 very much here
2184 */
2185 static void
2186 ProcessSSLV2ClientFinished(ssl_connection *ssl_conn)
2187 {
2188 printf("Received SSLV2 Client Finished -- \n"
2189 "Packet is encrypted\n");
2190 }
2191
2192 /*
2193 Since we are only parsing it and it is sent encrypted, we can't do
2194 very much here
2195 */
2196 static void
2197 ProcessSSLV2ClientCertificate(ssl_connection *ssl_conn)
2198 {
2199 printf("Received SSLV2 Client Certificate --\n"
2200 "Packet is encrypted\n\n");
2201 }
2202 #endif
2203
2204 /* --------------------- UTILITIES ---------------------------------- */
2205
2206
2207 /*
2208 A wrapper for close that does some error checking.
2209 */
2210 void
CloseSocket(int sock)2211 CloseSocket(int sock)
2212 {
2213 if(close(sock) < 0 )
2214 {
2215 perror("Close socket error");
2216 exit(FAILURE);
2217 }
2218 }
2219
2220 /*
2221 used for converting the short in 2 byte length fields to an
2222 int. returns the value as a short in the host byte order.
2223
2224 can't dereference a short directly because it might not be word
2225 aligned.
2226 */
2227 short
TwoBytesToInt(char * buffer)2228 TwoBytesToInt(char *buffer)
2229 {
2230 int i;
2231 char *temp;
2232 short len = 0;
2233
2234 /* get the length of the message */
2235 temp = (char *) &len;
2236 for(i = 0; i < 2; i++) /* 2 is the size of the length field */
2237 {
2238 memcpy(&(temp[i]), buffer + i, 1);
2239 }
2240
2241 return ntohs(len);
2242 }
2243
2244 /*
2245 used for converting the 3 byte field in the handshake packet that
2246 represents the length of the packet to an int
2247 */
2248 unsigned int
ThreeBytesToInt(char * buffer)2249 ThreeBytesToInt(char *buffer)
2250 {
2251 int i;
2252 char *temp;
2253 unsigned int len = 0;
2254
2255 /* get the length of the message */
2256 temp = (char *) &len;
2257 for(i = 0; i < 3; i++) /* 3 is the size of the length field */
2258 {
2259 memcpy(&(temp[i]), buffer + 2 - i, 1);
2260 }
2261
2262 return len;
2263 }
2264