1 /* 2 SSL Sniffer V1.21. 3 ---------------------------------------------- 4 Written by: Eu-Jin Goh (eujin@cs.stanford.edu) 5 Stanford University October 2000 6 7 Copyright (C) 2000 Eu-Jin Goh 8 9 This program is free software; you can redistribute it and/or 10 modify it under the terms of the GNU General Public License 11 as published by the Free Software Foundation; either version 2 12 of the License, or (at your option) any later version. 13 14 This program is distributed in the hope that it will be useful, 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 GNU General Public License for more details. 18 19 You should have received a copy of the GNU General Public License 20 along with this program; if not, write to the Free Software 21 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 22 USA. 23 */ 24 25 #ifndef SSLSNIFFER_H 26 #define SSLSNIFFER_H 27 28 #ifndef true 29 #define true 1 30 #endif 31 32 #ifndef false 33 #define false 0 34 #endif 35 36 #define SUCCESS 0 37 #define FAILURE 1 38 39 /* command line flags */ 40 #define SNIFFER_ARGV_PORT "-p" 41 #define SNIFFER_ARGV_NO_PROXY "-np" 42 43 /* default port that the sniffer listens on if no port is given */ 44 #define DEFAULT_PORT 8888 45 46 #define BUFFER_SIZE 2048 47 48 /* Protocol Versions */ 49 #define TLS_MAJOR 3 50 #define TLS_MINOR 1 51 #define SSL_MAJOR 3 52 #define SSL_MINOR 0 53 54 /* ------------------------- TLS ------------------------- */ 55 56 /* Content Types */ 57 #define TLS_RECORD_TYPE_CHANGE_CIPHER_SPEC 20 58 #define TLS_RECORD_TYPE_ALERT 21 59 #define TLS_RECORD_TYPE_HANDSHAKE 22 60 #define TLS_RECORD_TYPE_APPLICATION_DATA 23 61 62 /* TLS Alert Protocol msg types */ 63 #define TLS_ALERT_LEVEL_WARNING 1 64 #define TLS_ALERT_LEVEL_FATAL 2 65 #define TLS_ALERT_TYPE_CLOSE_NOTIFY 0 66 #define TLS_ALERT_TYPE_UNEXPECTED_MESSAGE 10 67 #define TLS_ALERT_TYPE_BAD_RECORD_MAC 20 68 #define TLS_ALERT_TYPE_DECRYPTION_FAILED 21 69 #define TLS_ALERT_TYPE_RECORD_OVERFLOW 22 70 #define TLS_ALERT_TYPE_DECOMPRESSION_FAILURE 30 71 #define TLS_ALERT_TYPE_HANDSHAKE_FAILURE 40 72 #define TLS_ALERT_TYPE_BAD_CERTIFICATE 42 73 #define TLS_ALERT_TYPE_UNSUPPORTED_CERTIFICATE 43 74 #define TLS_ALERT_TYPE_CERTIFICATE_REVOKED 44 75 #define TLS_ALERT_TYPE_CERTIFICATE_EXPIRED 45 76 #define TLS_ALERT_TYPE_CERTIFICATE_UNKNOWN 46 77 #define TLS_ALERT_TYPE_ILLEGAL_PARAMETER 47 78 #define TLS_ALERT_TYPE_UNKNOWN_CA 48 79 #define TLS_ALERT_TYPE_ACCESS_DENIED 49 80 #define TLS_ALERT_TYPE_DECODE_ERROR 50 81 #define TLS_ALERT_TYPE_DECRYPT_ERROR 51 82 #define TLS_ALERT_TYPE_EXPORT_RESTRICTION 60 83 #define TLS_ALERT_TYPE_PROTOCOL_VERSION 70 84 #define TLS_ALERT_TYPE_INSUFFICIENT_SECURITY 71 85 #define TLS_ALERT_TYPE_INTERNAL_ERROR 80 86 #define TLS_ALERT_TYPE_USER_CANCELED 90 87 #define TLS_ALERT_TYPE_NO_RENEGOTIATION 100 88 89 /* TLS Handshake protocol msg types */ 90 #define TLS_HANDSHAKE_TYPE_HELLO_REQUEST 0 91 #define TLS_HANDSHAKE_TYPE_CLIENT_HELLO 1 92 #define TLS_HANDSHAKE_TYPE_SERVER_HELLO 2 93 #define TLS_HANDSHAKE_TYPE_CERTIFICATE 11 94 #define TLS_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE 12 95 #define TLS_HANDSHAKE_TYPE_CERTIFICATE_REQUEST 13 96 #define TLS_HANDSHAKE_TYPE_SERVER_HELLO_DONE 14 97 #define TLS_HANDSHAKE_TYPE_CERTIFICATE_VERIFY 15 98 #define TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE 16 99 #define TLS_HANDSHAKE_TYPE_FINISHED 20 100 101 /* TLS Record Header Definitions */ 102 103 #define TLS_RECORD_HEADER_SIZE 5 104 105 /* extract length field from TLS record */ 106 #define TLS_RECORD_LENGTH_OFFSET 3 107 108 /* extract encapsulated data from Record */ 109 #define TLS_RECORD_DATA_OFFSET 5 110 111 /* Offset for the major version of the protocol */ 112 #define TLS_RECORD_PROTOCOL_MAJ_VERSION_OFFSET 1 113 114 /* Offset for the minor version of the protocol */ 115 #define TLS_RECORD_PROTOCOL_MIN_VERSION_OFFSET 2 116 117 /* handshake packet offset */ 118 #define TLS_HANDSHAKE_HEADER_SIZE 4 119 120 /* Handshake Hello Message Offsets from beginning of packet */ 121 #define SESSION_ID_OFFSET 34 122 123 //#define RSA_ENCRYPT_PREMASTER_SECRET_LEN 46 124 125 /* ------------------------- SSLV2 ------------------------- */ 126 127 /* SSL2 Message types */ 128 #define SSL2_MT_ERROR 0 129 #define SSL2_MT_CLIENT_HELLO 1 130 #define SSL2_MT_CLIENT_MASTER_KEY 2 131 #define SSL2_MT_CLIENT_FINISHED 3 132 #define SSL2_MT_SERVER_HELLO 4 133 #define SSL2_MT_SERVER_VERIFY 5 134 #define SSL2_MT_SERVER_FINISHED 6 135 #define SSL2_MT_REQUEST_CERTIFICATE 7 136 #define SSL2_MT_CLIENT_CERTIFICATE 8 137 138 /* SSL2 Error Codes */ 139 #define SSL2_PE_NO_CIPHER 0x0001 140 #define SSL2_PE_NO_CERTIFICATE 0x0002 141 #define SSL2_PE_BAD_CERTIFICATE 0x0004 142 #define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 143 144 /* SSL2 record header offsets */ 145 #define SSL2_2BYTE_RECORD_HEADER_SIZE 2 146 #define SSL2_3BYTE_RECORD_HEADER_SIZE 3 147 148 #define SSL2_ONE_CIPHER_SUITE_LEN 3 149 150 /* SSL2 Client Hello Offsets */ 151 #define SSL2_MSG_TYPE_OFFSET 2 152 #define SSL2_CLIENT_HELLO_MAJOR_VER_OFFSET 3 153 #define SSL2_CLIENT_HELLO_MINOR_VER_OFFSET 4 154 155 #define SSL2_CLIENT_HELLO_CIPHER_SPEC_LEN_OFFSET 3 156 #define SSL2_CLIENT_HELLO_SESSION_ID_LEN_OFFSET 5 157 #define SSL2_CLIENT_HELLO_CHALLENGE_LEN_OFFSET 7 158 #define SSL2_CLIENT_HELLO_CIPHER_SPEC_OFFSET 9 159 160 /* SSL2 Server Hello Offsets */ 161 #define SSL2_SERVER_HELLO_CERT_DATA_OFFSET 11 162 163 /* ------------ Macro Functions --------------------- */ 164 165 #define MAX(x,y) ((x) >= (y) ? (x) : (y)) 166 167 /* taken from openssl:ssl_locl.h */ 168 169 #define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \ 170 (((unsigned long)(c[1]))<< 8)| \ 171 (((unsigned long)(c[2])) )),c+=3) 172 173 174 /* ----------------- Structs -------------------------*/ 175 176 /* ssl version numbers */ 177 #define VERSION_SSL2 0 178 #define VERSION_SSL3 1 179 #define VERSION_TLS 2 180 181 /* offsets into the recv_change_cipher */ 182 #define SERVER_RECV_CHANGE_CIPHER 0 183 #define CLIENT_RECV_CHANGE_CIPHER 1 184 185 /* key exchange algorithm */ 186 #define RSA 1 187 #define DH 2 188 189 /* 190 struct containing the data for a connection 191 */ 192 typedef struct ssl_connection 193 { 194 int client_fd; /* socket descriptor for the client */ 195 int server_fd; 196 int read_fd; /* which socket to read from */ 197 int write_fd; /* which socket to write to */ 198 199 int ssl_version; 200 201 /* TLS */ 202 char recv_client_hello; /* flags if we've received the client hello */ 203 char recv_server_hello; /* need this to catch case of server doing only v2 */ 204 205 char recv_change_cipher[2]; /* set to 1 when change cipher 206 packet received */ 207 char *recv_change; /* which change cipher entry to set */ 208 char keyxchange_alg; /* key exchange algorithm used */ 209 210 211 /* SSL2 */ 212 int ssl2_record_hdr_len; /* whether record sent is padded */ 213 unsigned char ssl2_padding_len; /* specified in a 3 bytes record hdr */ 214 char ssl2_packets_encrypted; /* all packets will be encrypted. no parsing */ 215 216 char *record; 217 unsigned int record_len; 218 } 219 ssl_connection; 220 221 /* 222 taken from dan boneh's utl_cert.h 223 224 for extracting and printing out the information obtained from the 225 certificate 226 */ 227 228 typedef struct utl_cert_info 229 { 230 int keysize; 231 232 char notAfter[64]; 233 char notBefore[64]; 234 235 X509_NAME *subj; 236 char subj_DistName[256]; 237 238 X509_NAME *issuer; 239 char issuer_DistName[256]; 240 241 } 242 UTL_CERT_INFO; 243 244 /* 245 for storing the parameters specified on the command line 246 */ 247 typedef struct argv_params 248 { 249 short local_port; 250 251 char proxy; /* boolean. */ 252 char *remote_host_name_or_ip; 253 short remote_port; 254 } 255 argv_params; 256 257 #endif /* SSLSNIFFER_H */ 258