d 0773d / CyaSSL

Fork of CyaSSL for my specific settings

Dependents:   CyaSSL_Example

Fork of CyaSSL by wolf SSL

src/sniffer.c@4:28ac50e1d49c, 2015-03-03 (annotated)

Committer:
d0773d
Date:
Tue Mar 03 22:52:52 2015 +0000
Revision:
4:28ac50e1d49c
Parent:
0:1239e9b70ca2 
CyaSSL example

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:1239e9b70ca2 1 /* sniffer.c
wolfSSL 0:1239e9b70ca2 2 *
wolfSSL 0:1239e9b70ca2 3 * Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL 0:1239e9b70ca2 4 *
wolfSSL 0:1239e9b70ca2 5 * This file is part of CyaSSL.
wolfSSL 0:1239e9b70ca2 6 *
wolfSSL 0:1239e9b70ca2 7 * CyaSSL is free software; you can redistribute it and/or modify
wolfSSL 0:1239e9b70ca2 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:1239e9b70ca2 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:1239e9b70ca2 10 * (at your option) any later version.
wolfSSL 0:1239e9b70ca2 11 *
wolfSSL 0:1239e9b70ca2 12 * CyaSSL is distributed in the hope that it will be useful,
wolfSSL 0:1239e9b70ca2 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:1239e9b70ca2 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:1239e9b70ca2 15 * GNU General Public License for more details.
wolfSSL 0:1239e9b70ca2 16 *
wolfSSL 0:1239e9b70ca2 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:1239e9b70ca2 18 * along with this program; if not, write to the Free Software
wolfSSL 0:1239e9b70ca2 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:1239e9b70ca2 20 */
wolfSSL 0:1239e9b70ca2 21
wolfSSL 0:1239e9b70ca2 22
wolfSSL 0:1239e9b70ca2 23
wolfSSL 0:1239e9b70ca2 24 #ifdef HAVE_CONFIG_H
wolfSSL 0:1239e9b70ca2 25 #include <config.h>
wolfSSL 0:1239e9b70ca2 26 #endif
wolfSSL 0:1239e9b70ca2 27
wolfSSL 0:1239e9b70ca2 28 #include <cyassl/ctaocrypt/settings.h>
wolfSSL 0:1239e9b70ca2 29
wolfSSL 0:1239e9b70ca2 30 #ifdef CYASSL_SNIFFER
wolfSSL 0:1239e9b70ca2 31
wolfSSL 0:1239e9b70ca2 32 #include <assert.h>
wolfSSL 0:1239e9b70ca2 33 #include <time.h>
wolfSSL 0:1239e9b70ca2 34
wolfSSL 0:1239e9b70ca2 35 #ifndef _WIN32
wolfSSL 0:1239e9b70ca2 36 #include <arpa/inet.h>
wolfSSL 0:1239e9b70ca2 37 #endif
wolfSSL 0:1239e9b70ca2 38
wolfSSL 0:1239e9b70ca2 39 #ifdef _WIN32
wolfSSL 0:1239e9b70ca2 40 #define SNPRINTF _snprintf
wolfSSL 0:1239e9b70ca2 41 #else
wolfSSL 0:1239e9b70ca2 42 #define SNPRINTF snprintf
wolfSSL 0:1239e9b70ca2 43 #endif
wolfSSL 0:1239e9b70ca2 44
wolfSSL 0:1239e9b70ca2 45 #include <cyassl/openssl/ssl.h>
wolfSSL 0:1239e9b70ca2 46 #include <cyassl/internal.h>
wolfSSL 0:1239e9b70ca2 47 #include <cyassl/error-ssl.h>
wolfSSL 0:1239e9b70ca2 48 #include <cyassl/sniffer.h>
wolfSSL 0:1239e9b70ca2 49 #include <cyassl/sniffer_error.h>
wolfSSL 0:1239e9b70ca2 50
wolfSSL 0:1239e9b70ca2 51
wolfSSL 0:1239e9b70ca2 52 #ifndef min
wolfSSL 0:1239e9b70ca2 53
wolfSSL 0:1239e9b70ca2 54 static INLINE word32 min(word32 a, word32 b)
wolfSSL 0:1239e9b70ca2 55 {
wolfSSL 0:1239e9b70ca2 56 return a > b ? b : a;
wolfSSL 0:1239e9b70ca2 57 }
wolfSSL 0:1239e9b70ca2 58
wolfSSL 0:1239e9b70ca2 59 #endif
wolfSSL 0:1239e9b70ca2 60
wolfSSL 0:1239e9b70ca2 61
wolfSSL 0:1239e9b70ca2 62 /* Misc constants */
wolfSSL 0:1239e9b70ca2 63 enum {
wolfSSL 0:1239e9b70ca2 64 MAX_SERVER_ADDRESS = 128, /* maximum server address length */
wolfSSL 0:1239e9b70ca2 65 MAX_ERROR_LEN = 80, /* maximum error length */
wolfSSL 0:1239e9b70ca2 66 ETHER_IF_ADDR_LEN = 6, /* ethernet interface address length */
wolfSSL 0:1239e9b70ca2 67 LOCAL_IF_ADDR_LEN = 4, /* localhost interface address length, !windows */
wolfSSL 0:1239e9b70ca2 68 TCP_PROTO = 6, /* TCP_PROTOCOL */
wolfSSL 0:1239e9b70ca2 69 IP_HDR_SZ = 20, /* IP header legnth, min */
wolfSSL 0:1239e9b70ca2 70 TCP_HDR_SZ = 20, /* TCP header legnth, min */
wolfSSL 0:1239e9b70ca2 71 IPV4 = 4, /* IP version 4 */
wolfSSL 0:1239e9b70ca2 72 TCP_PROTOCOL = 6, /* TCP Protocol id */
wolfSSL 0:1239e9b70ca2 73 TRACE_MSG_SZ = 80, /* Trace Message buffer size */
wolfSSL 0:1239e9b70ca2 74 HASH_SIZE = 499, /* Session Hash Table Rows */
wolfSSL 0:1239e9b70ca2 75 PSEUDO_HDR_SZ = 12, /* TCP Pseudo Header size in bytes */
wolfSSL 0:1239e9b70ca2 76 FATAL_ERROR_STATE = 1, /* SnifferSession fatal error state */
wolfSSL 0:1239e9b70ca2 77 SNIFFER_TIMEOUT = 900, /* Cache unclosed Sessions for 15 minutes */
wolfSSL 0:1239e9b70ca2 78 TICKET_HINT_LEN = 4, /* Session Ticket Hint length */
wolfSSL 0:1239e9b70ca2 79 EXT_TYPE_SZ = 2, /* Extension length */
wolfSSL 0:1239e9b70ca2 80 MAX_INPUT_SZ = MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA +
wolfSSL 0:1239e9b70ca2 81 MTU_EXTRA, /* Max input sz of reassembly */
wolfSSL 0:1239e9b70ca2 82 TICKET_EXT_ID = 0x23 /* Session Ticket Extension ID */
wolfSSL 0:1239e9b70ca2 83 };
wolfSSL 0:1239e9b70ca2 84
wolfSSL 0:1239e9b70ca2 85
wolfSSL 0:1239e9b70ca2 86 #ifdef _WIN32
wolfSSL 0:1239e9b70ca2 87
wolfSSL 0:1239e9b70ca2 88 static HMODULE dllModule; /* for error string resources */
wolfSSL 0:1239e9b70ca2 89
wolfSSL 0:1239e9b70ca2 90 BOOL APIENTRY DllMain( HMODULE hModule,
wolfSSL 0:1239e9b70ca2 91 DWORD ul_reason_for_call,
wolfSSL 0:1239e9b70ca2 92 LPVOID lpReserved
wolfSSL 0:1239e9b70ca2 93 )
wolfSSL 0:1239e9b70ca2 94 {
wolfSSL 0:1239e9b70ca2 95 static int didInit = 0;
wolfSSL 0:1239e9b70ca2 96
wolfSSL 0:1239e9b70ca2 97 switch (ul_reason_for_call)
wolfSSL 0:1239e9b70ca2 98 {
wolfSSL 0:1239e9b70ca2 99 case DLL_PROCESS_ATTACH:
wolfSSL 0:1239e9b70ca2 100 if (didInit == 0) {
wolfSSL 0:1239e9b70ca2 101 dllModule = hModule;
wolfSSL 0:1239e9b70ca2 102 ssl_InitSniffer();
wolfSSL 0:1239e9b70ca2 103 didInit = 1;
wolfSSL 0:1239e9b70ca2 104 }
wolfSSL 0:1239e9b70ca2 105 break;
wolfSSL 0:1239e9b70ca2 106 case DLL_THREAD_ATTACH:
wolfSSL 0:1239e9b70ca2 107 break;
wolfSSL 0:1239e9b70ca2 108 case DLL_THREAD_DETACH:
wolfSSL 0:1239e9b70ca2 109 break;
wolfSSL 0:1239e9b70ca2 110 case DLL_PROCESS_DETACH:
wolfSSL 0:1239e9b70ca2 111 if (didInit) {
wolfSSL 0:1239e9b70ca2 112 ssl_FreeSniffer();
wolfSSL 0:1239e9b70ca2 113 didInit = 0;
wolfSSL 0:1239e9b70ca2 114 }
wolfSSL 0:1239e9b70ca2 115 break;
wolfSSL 0:1239e9b70ca2 116 }
wolfSSL 0:1239e9b70ca2 117 return TRUE;
wolfSSL 0:1239e9b70ca2 118 }
wolfSSL 0:1239e9b70ca2 119
wolfSSL 0:1239e9b70ca2 120 #endif /* _WIN32 */
wolfSSL 0:1239e9b70ca2 121
wolfSSL 0:1239e9b70ca2 122
wolfSSL 0:1239e9b70ca2 123 static int TraceOn = 0; /* Trace is off by default */
wolfSSL 0:1239e9b70ca2 124 static FILE* TraceFile = 0;
wolfSSL 0:1239e9b70ca2 125
wolfSSL 0:1239e9b70ca2 126
wolfSSL 0:1239e9b70ca2 127 /* windows uses .rc table for this */
wolfSSL 0:1239e9b70ca2 128 #ifndef _WIN32
wolfSSL 0:1239e9b70ca2 129
wolfSSL 0:1239e9b70ca2 130 static const char* const msgTable[] =
wolfSSL 0:1239e9b70ca2 131 {
wolfSSL 0:1239e9b70ca2 132 /* 1 */
wolfSSL 0:1239e9b70ca2 133 "Out of Memory",
wolfSSL 0:1239e9b70ca2 134 "New SSL Sniffer Server Registered",
wolfSSL 0:1239e9b70ca2 135 "Checking IP Header",
wolfSSL 0:1239e9b70ca2 136 "SSL Sniffer Server Not Registered",
wolfSSL 0:1239e9b70ca2 137 "Checking TCP Header",
wolfSSL 0:1239e9b70ca2 138
wolfSSL 0:1239e9b70ca2 139 /* 6 */
wolfSSL 0:1239e9b70ca2 140 "SSL Sniffer Server Port Not Registered",
wolfSSL 0:1239e9b70ca2 141 "RSA Private Decrypt Error",
wolfSSL 0:1239e9b70ca2 142 "RSA Private Decode Error",
wolfSSL 0:1239e9b70ca2 143 "Set Cipher Spec Error",
wolfSSL 0:1239e9b70ca2 144 "Server Hello Input Malformed",
wolfSSL 0:1239e9b70ca2 145
wolfSSL 0:1239e9b70ca2 146 /* 11 */
wolfSSL 0:1239e9b70ca2 147 "Couldn't Resume Session Error",
wolfSSL 0:1239e9b70ca2 148 "Server Did Resumption",
wolfSSL 0:1239e9b70ca2 149 "Client Hello Input Malformed",
wolfSSL 0:1239e9b70ca2 150 "Client Trying to Resume",
wolfSSL 0:1239e9b70ca2 151 "Handshake Input Malformed",
wolfSSL 0:1239e9b70ca2 152
wolfSSL 0:1239e9b70ca2 153 /* 16 */
wolfSSL 0:1239e9b70ca2 154 "Got Hello Verify msg",
wolfSSL 0:1239e9b70ca2 155 "Got Server Hello msg",
wolfSSL 0:1239e9b70ca2 156 "Got Cert Request msg",
wolfSSL 0:1239e9b70ca2 157 "Got Server Key Exchange msg",
wolfSSL 0:1239e9b70ca2 158 "Got Cert msg",
wolfSSL 0:1239e9b70ca2 159
wolfSSL 0:1239e9b70ca2 160 /* 21 */
wolfSSL 0:1239e9b70ca2 161 "Got Server Hello Done msg",
wolfSSL 0:1239e9b70ca2 162 "Got Finished msg",
wolfSSL 0:1239e9b70ca2 163 "Got Client Hello msg",
wolfSSL 0:1239e9b70ca2 164 "Got Client Key Exchange msg",
wolfSSL 0:1239e9b70ca2 165 "Got Cert Verify msg",
wolfSSL 0:1239e9b70ca2 166
wolfSSL 0:1239e9b70ca2 167 /* 26 */
wolfSSL 0:1239e9b70ca2 168 "Got Unknown Handshake msg",
wolfSSL 0:1239e9b70ca2 169 "New SSL Sniffer Session created",
wolfSSL 0:1239e9b70ca2 170 "Couldn't create new SSL",
wolfSSL 0:1239e9b70ca2 171 "Got a Packet to decode",
wolfSSL 0:1239e9b70ca2 172 "No data present",
wolfSSL 0:1239e9b70ca2 173
wolfSSL 0:1239e9b70ca2 174 /* 31 */
wolfSSL 0:1239e9b70ca2 175 "Session Not Found",
wolfSSL 0:1239e9b70ca2 176 "Got an Old Client Hello msg",
wolfSSL 0:1239e9b70ca2 177 "Old Client Hello Input Malformed",
wolfSSL 0:1239e9b70ca2 178 "Old Client Hello OK",
wolfSSL 0:1239e9b70ca2 179 "Bad Old Client Hello",
wolfSSL 0:1239e9b70ca2 180
wolfSSL 0:1239e9b70ca2 181 /* 36 */
wolfSSL 0:1239e9b70ca2 182 "Bad Record Header",
wolfSSL 0:1239e9b70ca2 183 "Record Header Input Malformed",
wolfSSL 0:1239e9b70ca2 184 "Got a HandShake msg",
wolfSSL 0:1239e9b70ca2 185 "Bad HandShake msg",
wolfSSL 0:1239e9b70ca2 186 "Got a Change Cipher Spec msg",
wolfSSL 0:1239e9b70ca2 187
wolfSSL 0:1239e9b70ca2 188 /* 41 */
wolfSSL 0:1239e9b70ca2 189 "Got Application Data msg",
wolfSSL 0:1239e9b70ca2 190 "Bad Application Data",
wolfSSL 0:1239e9b70ca2 191 "Got an Alert msg",
wolfSSL 0:1239e9b70ca2 192 "Another msg to Process",
wolfSSL 0:1239e9b70ca2 193 "Removing Session From Table",
wolfSSL 0:1239e9b70ca2 194
wolfSSL 0:1239e9b70ca2 195 /* 46 */
wolfSSL 0:1239e9b70ca2 196 "Bad Key File",
wolfSSL 0:1239e9b70ca2 197 "Wrong IP Version",
wolfSSL 0:1239e9b70ca2 198 "Wrong Protocol type",
wolfSSL 0:1239e9b70ca2 199 "Packet Short for header processing",
wolfSSL 0:1239e9b70ca2 200 "Got Unknown Record Type",
wolfSSL 0:1239e9b70ca2 201
wolfSSL 0:1239e9b70ca2 202 /* 51 */
wolfSSL 0:1239e9b70ca2 203 "Can't Open Trace File",
wolfSSL 0:1239e9b70ca2 204 "Session in Fatal Error State",
wolfSSL 0:1239e9b70ca2 205 "Partial SSL record received",
wolfSSL 0:1239e9b70ca2 206 "Buffer Error, malformed input",
wolfSSL 0:1239e9b70ca2 207 "Added to Partial Input",
wolfSSL 0:1239e9b70ca2 208
wolfSSL 0:1239e9b70ca2 209 /* 56 */
wolfSSL 0:1239e9b70ca2 210 "Received a Duplicate Packet",
wolfSSL 0:1239e9b70ca2 211 "Received an Out of Order Packet",
wolfSSL 0:1239e9b70ca2 212 "Received an Overlap Duplicate Packet",
wolfSSL 0:1239e9b70ca2 213 "Received an Overlap Reassembly Begin Duplicate Packet",
wolfSSL 0:1239e9b70ca2 214 "Received an Overlap Reassembly End Duplicate Packet",
wolfSSL 0:1239e9b70ca2 215
wolfSSL 0:1239e9b70ca2 216 /* 61 */
wolfSSL 0:1239e9b70ca2 217 "Missed the Client Hello Entirely",
wolfSSL 0:1239e9b70ca2 218 "Got Hello Request msg",
wolfSSL 0:1239e9b70ca2 219 "Got Session Ticket msg",
wolfSSL 0:1239e9b70ca2 220 "Bad Input",
wolfSSL 0:1239e9b70ca2 221 "Bad Decrypt Type",
wolfSSL 0:1239e9b70ca2 222
wolfSSL 0:1239e9b70ca2 223 /* 66 */
wolfSSL 0:1239e9b70ca2 224 "Bad Finished Message Processing",
wolfSSL 0:1239e9b70ca2 225 "Bad Compression Type",
wolfSSL 0:1239e9b70ca2 226 "Bad DeriveKeys Error",
wolfSSL 0:1239e9b70ca2 227 "Saw ACK for Missing Packet Error",
wolfSSL 0:1239e9b70ca2 228 "Bad Decrypt Operation"
wolfSSL 0:1239e9b70ca2 229 };
wolfSSL 0:1239e9b70ca2 230
wolfSSL 0:1239e9b70ca2 231
wolfSSL 0:1239e9b70ca2 232 /* *nix version uses table above */
wolfSSL 0:1239e9b70ca2 233 static void GetError(int idx, char* str)
wolfSSL 0:1239e9b70ca2 234 {
wolfSSL 0:1239e9b70ca2 235 XSTRNCPY(str, msgTable[idx - 1], MAX_ERROR_LEN);
wolfSSL 0:1239e9b70ca2 236 }
wolfSSL 0:1239e9b70ca2 237
wolfSSL 0:1239e9b70ca2 238
wolfSSL 0:1239e9b70ca2 239 #else /* _WIN32 */
wolfSSL 0:1239e9b70ca2 240
wolfSSL 0:1239e9b70ca2 241
wolfSSL 0:1239e9b70ca2 242 /* Windows version uses .rc table */
wolfSSL 0:1239e9b70ca2 243 static void GetError(int idx, char* buffer)
wolfSSL 0:1239e9b70ca2 244 {
wolfSSL 0:1239e9b70ca2 245 if (!LoadStringA(dllModule, idx, buffer, MAX_ERROR_LEN))
wolfSSL 0:1239e9b70ca2 246 buffer[0] = 0;
wolfSSL 0:1239e9b70ca2 247 }
wolfSSL 0:1239e9b70ca2 248
wolfSSL 0:1239e9b70ca2 249
wolfSSL 0:1239e9b70ca2 250 #endif /* _WIN32 */
wolfSSL 0:1239e9b70ca2 251
wolfSSL 0:1239e9b70ca2 252
wolfSSL 0:1239e9b70ca2 253 /* Packet Buffer for reassembly list and ready list */
wolfSSL 0:1239e9b70ca2 254 typedef struct PacketBuffer {
wolfSSL 0:1239e9b70ca2 255 word32 begin; /* relative sequence begin */
wolfSSL 0:1239e9b70ca2 256 word32 end; /* relative sequence end */
wolfSSL 0:1239e9b70ca2 257 byte* data; /* actual data */
wolfSSL 0:1239e9b70ca2 258 struct PacketBuffer* next; /* next on reassembly list or ready list */
wolfSSL 0:1239e9b70ca2 259 } PacketBuffer;
wolfSSL 0:1239e9b70ca2 260
wolfSSL 0:1239e9b70ca2 261
wolfSSL 0:1239e9b70ca2 262 /* Sniffer Server holds info for each server/port monitored */
wolfSSL 0:1239e9b70ca2 263 typedef struct SnifferServer {
wolfSSL 0:1239e9b70ca2 264 SSL_CTX* ctx; /* SSL context */
wolfSSL 0:1239e9b70ca2 265 char address[MAX_SERVER_ADDRESS]; /* passed in server address */
wolfSSL 0:1239e9b70ca2 266 word32 server; /* netowrk order address */
wolfSSL 0:1239e9b70ca2 267 int port; /* server port */
wolfSSL 0:1239e9b70ca2 268 struct SnifferServer* next; /* for list */
wolfSSL 0:1239e9b70ca2 269 } SnifferServer;
wolfSSL 0:1239e9b70ca2 270
wolfSSL 0:1239e9b70ca2 271
wolfSSL 0:1239e9b70ca2 272 /* Session Flags */
wolfSSL 0:1239e9b70ca2 273 typedef struct Flags {
wolfSSL 0:1239e9b70ca2 274 byte side; /* which end is current packet headed */
wolfSSL 0:1239e9b70ca2 275 byte serverCipherOn; /* indicates whether cipher is active */
wolfSSL 0:1239e9b70ca2 276 byte clientCipherOn; /* indicates whether cipher is active */
wolfSSL 0:1239e9b70ca2 277 byte resuming; /* did this session come from resumption */
wolfSSL 0:1239e9b70ca2 278 byte cached; /* have we cached this session yet */
wolfSSL 0:1239e9b70ca2 279 byte clientHello; /* processed client hello yet, for SSLv2 */
wolfSSL 0:1239e9b70ca2 280 byte finCount; /* get both FINs before removing */
wolfSSL 0:1239e9b70ca2 281 byte fatalError; /* fatal error state */
wolfSSL 0:1239e9b70ca2 282 } Flags;
wolfSSL 0:1239e9b70ca2 283
wolfSSL 0:1239e9b70ca2 284
wolfSSL 0:1239e9b70ca2 285 /* Out of Order FIN caputre */
wolfSSL 0:1239e9b70ca2 286 typedef struct FinCaputre {
wolfSSL 0:1239e9b70ca2 287 word32 cliFinSeq; /* client relative sequence FIN 0 is no */
wolfSSL 0:1239e9b70ca2 288 word32 srvFinSeq; /* server relative sequence FIN, 0 is no */
wolfSSL 0:1239e9b70ca2 289 byte cliCounted; /* did we count yet, detects duplicates */
wolfSSL 0:1239e9b70ca2 290 byte srvCounted; /* did we count yet, detects duplicates */
wolfSSL 0:1239e9b70ca2 291 } FinCaputre;
wolfSSL 0:1239e9b70ca2 292
wolfSSL 0:1239e9b70ca2 293
wolfSSL 0:1239e9b70ca2 294 /* Sniffer Session holds info for each client/server SSL/TLS session */
wolfSSL 0:1239e9b70ca2 295 typedef struct SnifferSession {
wolfSSL 0:1239e9b70ca2 296 SnifferServer* context; /* server context */
wolfSSL 0:1239e9b70ca2 297 SSL* sslServer; /* SSL server side decode */
wolfSSL 0:1239e9b70ca2 298 SSL* sslClient; /* SSL client side decode */
wolfSSL 0:1239e9b70ca2 299 word32 server; /* server address in network byte order */
wolfSSL 0:1239e9b70ca2 300 word32 client; /* client address in network byte order */
wolfSSL 0:1239e9b70ca2 301 word16 srvPort; /* server port */
wolfSSL 0:1239e9b70ca2 302 word16 cliPort; /* client port */
wolfSSL 0:1239e9b70ca2 303 word32 cliSeqStart; /* client start sequence */
wolfSSL 0:1239e9b70ca2 304 word32 srvSeqStart; /* server start sequence */
wolfSSL 0:1239e9b70ca2 305 word32 cliExpected; /* client expected sequence (relative) */
wolfSSL 0:1239e9b70ca2 306 word32 srvExpected; /* server expected sequence (relative) */
wolfSSL 0:1239e9b70ca2 307 FinCaputre finCaputre; /* retain out of order FIN s */
wolfSSL 0:1239e9b70ca2 308 Flags flags; /* session flags */
wolfSSL 0:1239e9b70ca2 309 time_t lastUsed; /* last used ticks */
wolfSSL 0:1239e9b70ca2 310 PacketBuffer* cliReassemblyList; /* client out of order packets */
wolfSSL 0:1239e9b70ca2 311 PacketBuffer* srvReassemblyList; /* server out of order packets */
wolfSSL 0:1239e9b70ca2 312 struct SnifferSession* next; /* for hash table list */
wolfSSL 0:1239e9b70ca2 313 byte* ticketID; /* mac ID of session ticket */
wolfSSL 0:1239e9b70ca2 314 } SnifferSession;
wolfSSL 0:1239e9b70ca2 315
wolfSSL 0:1239e9b70ca2 316
wolfSSL 0:1239e9b70ca2 317 /* Sniffer Server List and mutex */
wolfSSL 0:1239e9b70ca2 318 static SnifferServer* ServerList = 0;
wolfSSL 0:1239e9b70ca2 319 static CyaSSL_Mutex ServerListMutex;
wolfSSL 0:1239e9b70ca2 320
wolfSSL 0:1239e9b70ca2 321
wolfSSL 0:1239e9b70ca2 322 /* Session Hash Table, mutex, and count */
wolfSSL 0:1239e9b70ca2 323 static SnifferSession* SessionTable[HASH_SIZE];
wolfSSL 0:1239e9b70ca2 324 static CyaSSL_Mutex SessionMutex;
wolfSSL 0:1239e9b70ca2 325 static int SessionCount = 0;
wolfSSL 0:1239e9b70ca2 326
wolfSSL 0:1239e9b70ca2 327
wolfSSL 0:1239e9b70ca2 328 /* Initialize overall Sniffer */
wolfSSL 0:1239e9b70ca2 329 void ssl_InitSniffer(void)
wolfSSL 0:1239e9b70ca2 330 {
wolfSSL 0:1239e9b70ca2 331 CyaSSL_Init();
wolfSSL 0:1239e9b70ca2 332 InitMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 333 InitMutex(&SessionMutex);
wolfSSL 0:1239e9b70ca2 334 }
wolfSSL 0:1239e9b70ca2 335
wolfSSL 0:1239e9b70ca2 336
wolfSSL 0:1239e9b70ca2 337 /* Free Sniffer Server's resources/self */
wolfSSL 0:1239e9b70ca2 338 static void FreeSnifferServer(SnifferServer* srv)
wolfSSL 0:1239e9b70ca2 339 {
wolfSSL 0:1239e9b70ca2 340 if (srv)
wolfSSL 0:1239e9b70ca2 341 SSL_CTX_free(srv->ctx);
wolfSSL 0:1239e9b70ca2 342 free(srv);
wolfSSL 0:1239e9b70ca2 343 }
wolfSSL 0:1239e9b70ca2 344
wolfSSL 0:1239e9b70ca2 345
wolfSSL 0:1239e9b70ca2 346 /* free PacketBuffer's resources/self */
wolfSSL 0:1239e9b70ca2 347 static void FreePacketBuffer(PacketBuffer* del)
wolfSSL 0:1239e9b70ca2 348 {
wolfSSL 0:1239e9b70ca2 349 if (del) {
wolfSSL 0:1239e9b70ca2 350 free(del->data);
wolfSSL 0:1239e9b70ca2 351 free(del);
wolfSSL 0:1239e9b70ca2 352 }
wolfSSL 0:1239e9b70ca2 353 }
wolfSSL 0:1239e9b70ca2 354
wolfSSL 0:1239e9b70ca2 355
wolfSSL 0:1239e9b70ca2 356 /* remove PacketBuffer List */
wolfSSL 0:1239e9b70ca2 357 static void FreePacketList(PacketBuffer* in)
wolfSSL 0:1239e9b70ca2 358 {
wolfSSL 0:1239e9b70ca2 359 if (in) {
wolfSSL 0:1239e9b70ca2 360 PacketBuffer* del;
wolfSSL 0:1239e9b70ca2 361 PacketBuffer* packet = in;
wolfSSL 0:1239e9b70ca2 362
wolfSSL 0:1239e9b70ca2 363 while (packet) {
wolfSSL 0:1239e9b70ca2 364 del = packet;
wolfSSL 0:1239e9b70ca2 365 packet = packet->next;
wolfSSL 0:1239e9b70ca2 366 FreePacketBuffer(del);
wolfSSL 0:1239e9b70ca2 367 }
wolfSSL 0:1239e9b70ca2 368 }
wolfSSL 0:1239e9b70ca2 369 }
wolfSSL 0:1239e9b70ca2 370
wolfSSL 0:1239e9b70ca2 371
wolfSSL 0:1239e9b70ca2 372 /* Free Sniffer Session's resources/self */
wolfSSL 0:1239e9b70ca2 373 static void FreeSnifferSession(SnifferSession* session)
wolfSSL 0:1239e9b70ca2 374 {
wolfSSL 0:1239e9b70ca2 375 if (session) {
wolfSSL 0:1239e9b70ca2 376 SSL_free(session->sslClient);
wolfSSL 0:1239e9b70ca2 377 SSL_free(session->sslServer);
wolfSSL 0:1239e9b70ca2 378
wolfSSL 0:1239e9b70ca2 379 FreePacketList(session->cliReassemblyList);
wolfSSL 0:1239e9b70ca2 380 FreePacketList(session->srvReassemblyList);
wolfSSL 0:1239e9b70ca2 381
wolfSSL 0:1239e9b70ca2 382 free(session->ticketID);
wolfSSL 0:1239e9b70ca2 383 }
wolfSSL 0:1239e9b70ca2 384 free(session);
wolfSSL 0:1239e9b70ca2 385 }
wolfSSL 0:1239e9b70ca2 386
wolfSSL 0:1239e9b70ca2 387
wolfSSL 0:1239e9b70ca2 388 /* Free overall Sniffer */
wolfSSL 0:1239e9b70ca2 389 void ssl_FreeSniffer(void)
wolfSSL 0:1239e9b70ca2 390 {
wolfSSL 0:1239e9b70ca2 391 SnifferServer* srv;
wolfSSL 0:1239e9b70ca2 392 SnifferServer* removeServer;
wolfSSL 0:1239e9b70ca2 393 SnifferSession* session;
wolfSSL 0:1239e9b70ca2 394 SnifferSession* removeSession;
wolfSSL 0:1239e9b70ca2 395 int i;
wolfSSL 0:1239e9b70ca2 396
wolfSSL 0:1239e9b70ca2 397 LockMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 398 LockMutex(&SessionMutex);
wolfSSL 0:1239e9b70ca2 399
wolfSSL 0:1239e9b70ca2 400 srv = ServerList;
wolfSSL 0:1239e9b70ca2 401 while (srv) {
wolfSSL 0:1239e9b70ca2 402 removeServer = srv;
wolfSSL 0:1239e9b70ca2 403 srv = srv->next;
wolfSSL 0:1239e9b70ca2 404 FreeSnifferServer(removeServer);
wolfSSL 0:1239e9b70ca2 405 }
wolfSSL 0:1239e9b70ca2 406
wolfSSL 0:1239e9b70ca2 407 for (i = 0; i < HASH_SIZE; i++) {
wolfSSL 0:1239e9b70ca2 408 session = SessionTable[i];
wolfSSL 0:1239e9b70ca2 409 while (session) {
wolfSSL 0:1239e9b70ca2 410 removeSession = session;
wolfSSL 0:1239e9b70ca2 411 session = session->next;
wolfSSL 0:1239e9b70ca2 412 FreeSnifferSession(removeSession);
wolfSSL 0:1239e9b70ca2 413 }
wolfSSL 0:1239e9b70ca2 414 }
wolfSSL 0:1239e9b70ca2 415
wolfSSL 0:1239e9b70ca2 416 UnLockMutex(&SessionMutex);
wolfSSL 0:1239e9b70ca2 417 UnLockMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 418
wolfSSL 0:1239e9b70ca2 419 FreeMutex(&SessionMutex);
wolfSSL 0:1239e9b70ca2 420 FreeMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 421
wolfSSL 0:1239e9b70ca2 422 if (TraceFile) {
wolfSSL 0:1239e9b70ca2 423 TraceOn = 0;
wolfSSL 0:1239e9b70ca2 424 fclose(TraceFile);
wolfSSL 0:1239e9b70ca2 425 TraceFile = NULL;
wolfSSL 0:1239e9b70ca2 426 }
wolfSSL 0:1239e9b70ca2 427
wolfSSL 0:1239e9b70ca2 428 CyaSSL_Cleanup();
wolfSSL 0:1239e9b70ca2 429 }
wolfSSL 0:1239e9b70ca2 430
wolfSSL 0:1239e9b70ca2 431
wolfSSL 0:1239e9b70ca2 432 /* Initialize a SnifferServer */
wolfSSL 0:1239e9b70ca2 433 static void InitSnifferServer(SnifferServer* sniffer)
wolfSSL 0:1239e9b70ca2 434 {
wolfSSL 0:1239e9b70ca2 435 sniffer->ctx = 0;
wolfSSL 0:1239e9b70ca2 436 XMEMSET(sniffer->address, 0, MAX_SERVER_ADDRESS);
wolfSSL 0:1239e9b70ca2 437 sniffer->server = 0;
wolfSSL 0:1239e9b70ca2 438 sniffer->port = 0;
wolfSSL 0:1239e9b70ca2 439 sniffer->next = 0;
wolfSSL 0:1239e9b70ca2 440 }
wolfSSL 0:1239e9b70ca2 441
wolfSSL 0:1239e9b70ca2 442
wolfSSL 0:1239e9b70ca2 443 /* Initialize session flags */
wolfSSL 0:1239e9b70ca2 444 static void InitFlags(Flags* flags)
wolfSSL 0:1239e9b70ca2 445 {
wolfSSL 0:1239e9b70ca2 446 flags->side = 0;
wolfSSL 0:1239e9b70ca2 447 flags->serverCipherOn = 0;
wolfSSL 0:1239e9b70ca2 448 flags->clientCipherOn = 0;
wolfSSL 0:1239e9b70ca2 449 flags->resuming = 0;
wolfSSL 0:1239e9b70ca2 450 flags->cached = 0;
wolfSSL 0:1239e9b70ca2 451 flags->clientHello = 0;
wolfSSL 0:1239e9b70ca2 452 flags->finCount = 0;
wolfSSL 0:1239e9b70ca2 453 flags->fatalError = 0;
wolfSSL 0:1239e9b70ca2 454 }
wolfSSL 0:1239e9b70ca2 455
wolfSSL 0:1239e9b70ca2 456
wolfSSL 0:1239e9b70ca2 457 /* Initialize FIN Capture */
wolfSSL 0:1239e9b70ca2 458 static void InitFinCapture(FinCaputre* cap)
wolfSSL 0:1239e9b70ca2 459 {
wolfSSL 0:1239e9b70ca2 460 cap->cliFinSeq = 0;
wolfSSL 0:1239e9b70ca2 461 cap->srvFinSeq = 0;
wolfSSL 0:1239e9b70ca2 462 cap->cliCounted = 0;
wolfSSL 0:1239e9b70ca2 463 cap->srvCounted = 0;
wolfSSL 0:1239e9b70ca2 464 }
wolfSSL 0:1239e9b70ca2 465
wolfSSL 0:1239e9b70ca2 466
wolfSSL 0:1239e9b70ca2 467 /* Initialize a Sniffer Session */
wolfSSL 0:1239e9b70ca2 468 static void InitSession(SnifferSession* session)
wolfSSL 0:1239e9b70ca2 469 {
wolfSSL 0:1239e9b70ca2 470 session->context = 0;
wolfSSL 0:1239e9b70ca2 471 session->sslServer = 0;
wolfSSL 0:1239e9b70ca2 472 session->sslClient = 0;
wolfSSL 0:1239e9b70ca2 473 session->server = 0;
wolfSSL 0:1239e9b70ca2 474 session->client = 0;
wolfSSL 0:1239e9b70ca2 475 session->srvPort = 0;
wolfSSL 0:1239e9b70ca2 476 session->cliPort = 0;
wolfSSL 0:1239e9b70ca2 477 session->cliSeqStart = 0;
wolfSSL 0:1239e9b70ca2 478 session->srvSeqStart = 0;
wolfSSL 0:1239e9b70ca2 479 session->cliExpected = 0;
wolfSSL 0:1239e9b70ca2 480 session->srvExpected = 0;
wolfSSL 0:1239e9b70ca2 481 session->lastUsed = 0;
wolfSSL 0:1239e9b70ca2 482 session->cliReassemblyList = 0;
wolfSSL 0:1239e9b70ca2 483 session->srvReassemblyList = 0;
wolfSSL 0:1239e9b70ca2 484 session->next = 0;
wolfSSL 0:1239e9b70ca2 485 session->ticketID = 0;
wolfSSL 0:1239e9b70ca2 486
wolfSSL 0:1239e9b70ca2 487 InitFlags(&session->flags);
wolfSSL 0:1239e9b70ca2 488 InitFinCapture(&session->finCaputre);
wolfSSL 0:1239e9b70ca2 489 }
wolfSSL 0:1239e9b70ca2 490
wolfSSL 0:1239e9b70ca2 491
wolfSSL 0:1239e9b70ca2 492 /* IP Info from IP Header */
wolfSSL 0:1239e9b70ca2 493 typedef struct IpInfo {
wolfSSL 0:1239e9b70ca2 494 int length; /* length of this header */
wolfSSL 0:1239e9b70ca2 495 int total; /* total length of fragment */
wolfSSL 0:1239e9b70ca2 496 word32 src; /* network order source address */
wolfSSL 0:1239e9b70ca2 497 word32 dst; /* network order destination address */
wolfSSL 0:1239e9b70ca2 498 } IpInfo;
wolfSSL 0:1239e9b70ca2 499
wolfSSL 0:1239e9b70ca2 500
wolfSSL 0:1239e9b70ca2 501 /* TCP Info from TCP Header */
wolfSSL 0:1239e9b70ca2 502 typedef struct TcpInfo {
wolfSSL 0:1239e9b70ca2 503 int srcPort; /* source port */
wolfSSL 0:1239e9b70ca2 504 int dstPort; /* source port */
wolfSSL 0:1239e9b70ca2 505 int length; /* length of this header */
wolfSSL 0:1239e9b70ca2 506 word32 sequence; /* sequence number */
wolfSSL 0:1239e9b70ca2 507 word32 ackNumber; /* ack number */
wolfSSL 0:1239e9b70ca2 508 byte fin; /* FIN set */
wolfSSL 0:1239e9b70ca2 509 byte rst; /* RST set */
wolfSSL 0:1239e9b70ca2 510 byte syn; /* SYN set */
wolfSSL 0:1239e9b70ca2 511 byte ack; /* ACK set */
wolfSSL 0:1239e9b70ca2 512 } TcpInfo;
wolfSSL 0:1239e9b70ca2 513
wolfSSL 0:1239e9b70ca2 514
wolfSSL 0:1239e9b70ca2 515 /* Tcp Pseudo Header for Checksum calculation */
wolfSSL 0:1239e9b70ca2 516 typedef struct TcpPseudoHdr {
wolfSSL 0:1239e9b70ca2 517 word32 src; /* source address */
wolfSSL 0:1239e9b70ca2 518 word32 dst; /* destination address */
wolfSSL 0:1239e9b70ca2 519 byte rsv; /* reserved, always 0 */
wolfSSL 0:1239e9b70ca2 520 byte protocol; /* IP protocol */
wolfSSL 0:1239e9b70ca2 521 word16 legnth; /* tcp header length + data length (doesn't include */
wolfSSL 0:1239e9b70ca2 522 /* pseudo header length) network order */
wolfSSL 0:1239e9b70ca2 523 } TcpPseudoHdr;
wolfSSL 0:1239e9b70ca2 524
wolfSSL 0:1239e9b70ca2 525
wolfSSL 0:1239e9b70ca2 526 /* Password Setting Callback */
wolfSSL 0:1239e9b70ca2 527 static int SetPassword(char* passwd, int sz, int rw, void* userdata)
wolfSSL 0:1239e9b70ca2 528 {
wolfSSL 0:1239e9b70ca2 529 (void)rw;
wolfSSL 0:1239e9b70ca2 530 XSTRNCPY(passwd, userdata, sz);
wolfSSL 0:1239e9b70ca2 531 return (int)XSTRLEN(userdata);
wolfSSL 0:1239e9b70ca2 532 }
wolfSSL 0:1239e9b70ca2 533
wolfSSL 0:1239e9b70ca2 534
wolfSSL 0:1239e9b70ca2 535 /* Ethernet Header */
wolfSSL 0:1239e9b70ca2 536 typedef struct EthernetHdr {
wolfSSL 0:1239e9b70ca2 537 byte dst[ETHER_IF_ADDR_LEN]; /* destination host address */
wolfSSL 0:1239e9b70ca2 538 byte src[ETHER_IF_ADDR_LEN]; /* source host address */
wolfSSL 0:1239e9b70ca2 539 word16 type; /* IP, ARP, etc */
wolfSSL 0:1239e9b70ca2 540 } EthernetHdr;
wolfSSL 0:1239e9b70ca2 541
wolfSSL 0:1239e9b70ca2 542
wolfSSL 0:1239e9b70ca2 543 /* IP Header */
wolfSSL 0:1239e9b70ca2 544 typedef struct IpHdr {
wolfSSL 0:1239e9b70ca2 545 byte ver_hl; /* version/header length */
wolfSSL 0:1239e9b70ca2 546 byte tos; /* type of service */
wolfSSL 0:1239e9b70ca2 547 word16 length; /* total length */
wolfSSL 0:1239e9b70ca2 548 word16 id; /* identification */
wolfSSL 0:1239e9b70ca2 549 word16 offset; /* fragment offset field */
wolfSSL 0:1239e9b70ca2 550 byte ttl; /* time to live */
wolfSSL 0:1239e9b70ca2 551 byte protocol; /* protocol */
wolfSSL 0:1239e9b70ca2 552 word16 sum; /* checksum */
wolfSSL 0:1239e9b70ca2 553 word32 src; /* source address */
wolfSSL 0:1239e9b70ca2 554 word32 dst; /* destination address */
wolfSSL 0:1239e9b70ca2 555 } IpHdr;
wolfSSL 0:1239e9b70ca2 556
wolfSSL 0:1239e9b70ca2 557
wolfSSL 0:1239e9b70ca2 558 #define IP_HL(ip) ( (((ip)->ver_hl) & 0x0f) * 4)
wolfSSL 0:1239e9b70ca2 559 #define IP_V(ip) ( ((ip)->ver_hl) >> 4)
wolfSSL 0:1239e9b70ca2 560
wolfSSL 0:1239e9b70ca2 561 /* TCP Header */
wolfSSL 0:1239e9b70ca2 562 typedef struct TcpHdr {
wolfSSL 0:1239e9b70ca2 563 word16 srcPort; /* source port */
wolfSSL 0:1239e9b70ca2 564 word16 dstPort; /* destination port */
wolfSSL 0:1239e9b70ca2 565 word32 sequence; /* sequence number */
wolfSSL 0:1239e9b70ca2 566 word32 ack; /* acknoledgment number */
wolfSSL 0:1239e9b70ca2 567 byte offset; /* data offset, reserved */
wolfSSL 0:1239e9b70ca2 568 byte flags; /* option flags */
wolfSSL 0:1239e9b70ca2 569 word16 window; /* window */
wolfSSL 0:1239e9b70ca2 570 word16 sum; /* checksum */
wolfSSL 0:1239e9b70ca2 571 word16 urgent; /* urgent pointer */
wolfSSL 0:1239e9b70ca2 572 } TcpHdr;
wolfSSL 0:1239e9b70ca2 573
wolfSSL 0:1239e9b70ca2 574 #define TCP_LEN(tcp) ( (((tcp)->offset & 0xf0) >> 4) * 4)
wolfSSL 0:1239e9b70ca2 575 #define TCP_FIN 0x01
wolfSSL 0:1239e9b70ca2 576 #define TCP_SYN 0x02
wolfSSL 0:1239e9b70ca2 577 #define TCP_RST 0x04
wolfSSL 0:1239e9b70ca2 578 #define TCP_ACK 0x10
wolfSSL 0:1239e9b70ca2 579
wolfSSL 0:1239e9b70ca2 580
wolfSSL 0:1239e9b70ca2 581
wolfSSL 0:1239e9b70ca2 582
wolfSSL 0:1239e9b70ca2 583
wolfSSL 0:1239e9b70ca2 584 /* Use platform specific GetError to write to tracfile if tracing */
wolfSSL 0:1239e9b70ca2 585 static void Trace(int idx)
wolfSSL 0:1239e9b70ca2 586 {
wolfSSL 0:1239e9b70ca2 587 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 588 char myBuffer[MAX_ERROR_LEN];
wolfSSL 0:1239e9b70ca2 589 GetError(idx, myBuffer);
wolfSSL 0:1239e9b70ca2 590 fprintf(TraceFile, "\t%s\n", myBuffer);
wolfSSL 0:1239e9b70ca2 591 #ifdef DEBUG_SNIFFER
wolfSSL 0:1239e9b70ca2 592 fprintf(stderr, "\t%s\n", myBuffer);
wolfSSL 0:1239e9b70ca2 593 #endif
wolfSSL 0:1239e9b70ca2 594 }
wolfSSL 0:1239e9b70ca2 595 }
wolfSSL 0:1239e9b70ca2 596
wolfSSL 0:1239e9b70ca2 597
wolfSSL 0:1239e9b70ca2 598 /* Show TimeStamp for beginning of packet Trace */
wolfSSL 0:1239e9b70ca2 599 static void TraceHeader(void)
wolfSSL 0:1239e9b70ca2 600 {
wolfSSL 0:1239e9b70ca2 601 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 602 time_t ticks = time(NULL);
wolfSSL 0:1239e9b70ca2 603 fprintf(TraceFile, "\n%s", ctime(&ticks));
wolfSSL 0:1239e9b70ca2 604 }
wolfSSL 0:1239e9b70ca2 605 }
wolfSSL 0:1239e9b70ca2 606
wolfSSL 0:1239e9b70ca2 607
wolfSSL 0:1239e9b70ca2 608 /* Show Set Server info for Trace */
wolfSSL 0:1239e9b70ca2 609 static void TraceSetServer(const char* srv, int port, const char* keyFile)
wolfSSL 0:1239e9b70ca2 610 {
wolfSSL 0:1239e9b70ca2 611 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 612 fprintf(TraceFile, "\tTrying to install a new Sniffer Server with\n");
wolfSSL 0:1239e9b70ca2 613 fprintf(TraceFile, "\tserver: %s, port: %d, keyFile: %s\n", srv, port,
wolfSSL 0:1239e9b70ca2 614 keyFile);
wolfSSL 0:1239e9b70ca2 615 }
wolfSSL 0:1239e9b70ca2 616 }
wolfSSL 0:1239e9b70ca2 617
wolfSSL 0:1239e9b70ca2 618
wolfSSL 0:1239e9b70ca2 619 /* Trace got packet number */
wolfSSL 0:1239e9b70ca2 620 static void TracePacket(void)
wolfSSL 0:1239e9b70ca2 621 {
wolfSSL 0:1239e9b70ca2 622 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 623 static word32 packetNumber = 0;
wolfSSL 0:1239e9b70ca2 624 fprintf(TraceFile, "\tGot a Packet to decode, packet %u\n",
wolfSSL 0:1239e9b70ca2 625 ++packetNumber);
wolfSSL 0:1239e9b70ca2 626 }
wolfSSL 0:1239e9b70ca2 627 }
wolfSSL 0:1239e9b70ca2 628
wolfSSL 0:1239e9b70ca2 629
wolfSSL 0:1239e9b70ca2 630 /* Convert network byte order address into human readable */
wolfSSL 0:1239e9b70ca2 631 static char* IpToS(word32 addr, char* str)
wolfSSL 0:1239e9b70ca2 632 {
wolfSSL 0:1239e9b70ca2 633 byte* p = (byte*)&addr;
wolfSSL 0:1239e9b70ca2 634
wolfSSL 0:1239e9b70ca2 635 SNPRINTF(str, TRACE_MSG_SZ, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
wolfSSL 0:1239e9b70ca2 636
wolfSSL 0:1239e9b70ca2 637 return str;
wolfSSL 0:1239e9b70ca2 638 }
wolfSSL 0:1239e9b70ca2 639
wolfSSL 0:1239e9b70ca2 640
wolfSSL 0:1239e9b70ca2 641 /* Show destination and source address from Ip Hdr for packet Trace */
wolfSSL 0:1239e9b70ca2 642 static void TraceIP(IpHdr* iphdr)
wolfSSL 0:1239e9b70ca2 643 {
wolfSSL 0:1239e9b70ca2 644 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 645 char src[TRACE_MSG_SZ];
wolfSSL 0:1239e9b70ca2 646 char dst[TRACE_MSG_SZ];
wolfSSL 0:1239e9b70ca2 647 fprintf(TraceFile, "\tdst:%s src:%s\n", IpToS(iphdr->dst, dst),
wolfSSL 0:1239e9b70ca2 648 IpToS(iphdr->src, src));
wolfSSL 0:1239e9b70ca2 649 }
wolfSSL 0:1239e9b70ca2 650 }
wolfSSL 0:1239e9b70ca2 651
wolfSSL 0:1239e9b70ca2 652
wolfSSL 0:1239e9b70ca2 653 /* Show destination and source port from Tcp Hdr for packet Trace */
wolfSSL 0:1239e9b70ca2 654 static void TraceTcp(TcpHdr* tcphdr)
wolfSSL 0:1239e9b70ca2 655 {
wolfSSL 0:1239e9b70ca2 656 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 657 fprintf(TraceFile, "\tdstPort:%u srcPort:%u\n", ntohs(tcphdr->dstPort),
wolfSSL 0:1239e9b70ca2 658 ntohs(tcphdr->srcPort));
wolfSSL 0:1239e9b70ca2 659 }
wolfSSL 0:1239e9b70ca2 660 }
wolfSSL 0:1239e9b70ca2 661
wolfSSL 0:1239e9b70ca2 662
wolfSSL 0:1239e9b70ca2 663 /* Show sequence and payload length for Trace */
wolfSSL 0:1239e9b70ca2 664 static void TraceSequence(word32 seq, int len)
wolfSSL 0:1239e9b70ca2 665 {
wolfSSL 0:1239e9b70ca2 666 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 667 fprintf(TraceFile, "\tSequence:%u, payload length:%d\n", seq, len);
wolfSSL 0:1239e9b70ca2 668 }
wolfSSL 0:1239e9b70ca2 669 }
wolfSSL 0:1239e9b70ca2 670
wolfSSL 0:1239e9b70ca2 671
wolfSSL 0:1239e9b70ca2 672 /* Show sequence and payload length for Trace */
wolfSSL 0:1239e9b70ca2 673 static void TraceAck(word32 ack, word32 expected)
wolfSSL 0:1239e9b70ca2 674 {
wolfSSL 0:1239e9b70ca2 675 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 676 fprintf(TraceFile, "\tAck:%u Expected:%u\n", ack, expected);
wolfSSL 0:1239e9b70ca2 677 }
wolfSSL 0:1239e9b70ca2 678 }
wolfSSL 0:1239e9b70ca2 679
wolfSSL 0:1239e9b70ca2 680
wolfSSL 0:1239e9b70ca2 681 /* Show relative expected and relative received sequences */
wolfSSL 0:1239e9b70ca2 682 static void TraceRelativeSequence(word32 expected, word32 got)
wolfSSL 0:1239e9b70ca2 683 {
wolfSSL 0:1239e9b70ca2 684 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 685 fprintf(TraceFile, "\tExpected sequence:%u, received sequence:%u\n",
wolfSSL 0:1239e9b70ca2 686 expected, got);
wolfSSL 0:1239e9b70ca2 687 }
wolfSSL 0:1239e9b70ca2 688 }
wolfSSL 0:1239e9b70ca2 689
wolfSSL 0:1239e9b70ca2 690
wolfSSL 0:1239e9b70ca2 691 /* Show server sequence startup from SYN */
wolfSSL 0:1239e9b70ca2 692 static void TraceServerSyn(word32 seq)
wolfSSL 0:1239e9b70ca2 693 {
wolfSSL 0:1239e9b70ca2 694 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 695 fprintf(TraceFile, "\tServer SYN, Sequence Start:%u\n", seq);
wolfSSL 0:1239e9b70ca2 696 }
wolfSSL 0:1239e9b70ca2 697 }
wolfSSL 0:1239e9b70ca2 698
wolfSSL 0:1239e9b70ca2 699
wolfSSL 0:1239e9b70ca2 700 /* Show client sequence startup from SYN */
wolfSSL 0:1239e9b70ca2 701 static void TraceClientSyn(word32 seq)
wolfSSL 0:1239e9b70ca2 702 {
wolfSSL 0:1239e9b70ca2 703 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 704 fprintf(TraceFile, "\tClient SYN, Sequence Start:%u\n", seq);
wolfSSL 0:1239e9b70ca2 705 }
wolfSSL 0:1239e9b70ca2 706 }
wolfSSL 0:1239e9b70ca2 707
wolfSSL 0:1239e9b70ca2 708
wolfSSL 0:1239e9b70ca2 709 /* Show client FIN capture */
wolfSSL 0:1239e9b70ca2 710 static void TraceClientFin(word32 finSeq, word32 relSeq)
wolfSSL 0:1239e9b70ca2 711 {
wolfSSL 0:1239e9b70ca2 712 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 713 fprintf(TraceFile, "\tClient FIN capture:%u, current SEQ:%u\n",
wolfSSL 0:1239e9b70ca2 714 finSeq, relSeq);
wolfSSL 0:1239e9b70ca2 715 }
wolfSSL 0:1239e9b70ca2 716 }
wolfSSL 0:1239e9b70ca2 717
wolfSSL 0:1239e9b70ca2 718
wolfSSL 0:1239e9b70ca2 719 /* Show server FIN capture */
wolfSSL 0:1239e9b70ca2 720 static void TraceServerFin(word32 finSeq, word32 relSeq)
wolfSSL 0:1239e9b70ca2 721 {
wolfSSL 0:1239e9b70ca2 722 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 723 fprintf(TraceFile, "\tServer FIN capture:%u, current SEQ:%u\n",
wolfSSL 0:1239e9b70ca2 724 finSeq, relSeq);
wolfSSL 0:1239e9b70ca2 725 }
wolfSSL 0:1239e9b70ca2 726 }
wolfSSL 0:1239e9b70ca2 727
wolfSSL 0:1239e9b70ca2 728
wolfSSL 0:1239e9b70ca2 729 /* Show number of SSL data bytes decoded, could be 0 (ok) */
wolfSSL 0:1239e9b70ca2 730 static void TraceGotData(int bytes)
wolfSSL 0:1239e9b70ca2 731 {
wolfSSL 0:1239e9b70ca2 732 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 733 fprintf(TraceFile, "\t%d bytes of SSL App data processed\n", bytes);
wolfSSL 0:1239e9b70ca2 734 }
wolfSSL 0:1239e9b70ca2 735 }
wolfSSL 0:1239e9b70ca2 736
wolfSSL 0:1239e9b70ca2 737
wolfSSL 0:1239e9b70ca2 738 /* Show bytes added to old SSL App data */
wolfSSL 0:1239e9b70ca2 739 static void TraceAddedData(int newBytes, int existingBytes)
wolfSSL 0:1239e9b70ca2 740 {
wolfSSL 0:1239e9b70ca2 741 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 742 fprintf(TraceFile,
wolfSSL 0:1239e9b70ca2 743 "\t%d bytes added to %d exisiting bytes in User Buffer\n",
wolfSSL 0:1239e9b70ca2 744 newBytes, existingBytes);
wolfSSL 0:1239e9b70ca2 745 }
wolfSSL 0:1239e9b70ca2 746 }
wolfSSL 0:1239e9b70ca2 747
wolfSSL 0:1239e9b70ca2 748
wolfSSL 0:1239e9b70ca2 749 /* Show Stale Session */
wolfSSL 0:1239e9b70ca2 750 static void TraceStaleSession(void)
wolfSSL 0:1239e9b70ca2 751 {
wolfSSL 0:1239e9b70ca2 752 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 753 fprintf(TraceFile, "\tFound a stale session\n");
wolfSSL 0:1239e9b70ca2 754 }
wolfSSL 0:1239e9b70ca2 755 }
wolfSSL 0:1239e9b70ca2 756
wolfSSL 0:1239e9b70ca2 757
wolfSSL 0:1239e9b70ca2 758 /* Show Finding Stale Sessions */
wolfSSL 0:1239e9b70ca2 759 static void TraceFindingStale(void)
wolfSSL 0:1239e9b70ca2 760 {
wolfSSL 0:1239e9b70ca2 761 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 762 fprintf(TraceFile, "\tTrying to find Stale Sessions\n");
wolfSSL 0:1239e9b70ca2 763 }
wolfSSL 0:1239e9b70ca2 764 }
wolfSSL 0:1239e9b70ca2 765
wolfSSL 0:1239e9b70ca2 766
wolfSSL 0:1239e9b70ca2 767 /* Show Removed Session */
wolfSSL 0:1239e9b70ca2 768 static void TraceRemovedSession(void)
wolfSSL 0:1239e9b70ca2 769 {
wolfSSL 0:1239e9b70ca2 770 if (TraceOn) {
wolfSSL 0:1239e9b70ca2 771 fprintf(TraceFile, "\tRemoved it\n");
wolfSSL 0:1239e9b70ca2 772 }
wolfSSL 0:1239e9b70ca2 773 }
wolfSSL 0:1239e9b70ca2 774
wolfSSL 0:1239e9b70ca2 775
wolfSSL 0:1239e9b70ca2 776 /* Set user error string */
wolfSSL 0:1239e9b70ca2 777 static void SetError(int idx, char* error, SnifferSession* session, int fatal)
wolfSSL 0:1239e9b70ca2 778 {
wolfSSL 0:1239e9b70ca2 779 GetError(idx, error);
wolfSSL 0:1239e9b70ca2 780 Trace(idx);
wolfSSL 0:1239e9b70ca2 781 if (session && fatal == FATAL_ERROR_STATE)
wolfSSL 0:1239e9b70ca2 782 session->flags.fatalError = 1;
wolfSSL 0:1239e9b70ca2 783 }
wolfSSL 0:1239e9b70ca2 784
wolfSSL 0:1239e9b70ca2 785
wolfSSL 0:1239e9b70ca2 786 /* See if this IPV4 network order address has been registered */
wolfSSL 0:1239e9b70ca2 787 /* return 1 is true, 0 is false */
wolfSSL 0:1239e9b70ca2 788 static int IsServerRegistered(word32 addr)
wolfSSL 0:1239e9b70ca2 789 {
wolfSSL 0:1239e9b70ca2 790 int ret = 0; /* false */
wolfSSL 0:1239e9b70ca2 791 SnifferServer* sniffer;
wolfSSL 0:1239e9b70ca2 792
wolfSSL 0:1239e9b70ca2 793 LockMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 794
wolfSSL 0:1239e9b70ca2 795 sniffer = ServerList;
wolfSSL 0:1239e9b70ca2 796 while (sniffer) {
wolfSSL 0:1239e9b70ca2 797 if (sniffer->server == addr) {
wolfSSL 0:1239e9b70ca2 798 ret = 1;
wolfSSL 0:1239e9b70ca2 799 break;
wolfSSL 0:1239e9b70ca2 800 }
wolfSSL 0:1239e9b70ca2 801 sniffer = sniffer->next;
wolfSSL 0:1239e9b70ca2 802 }
wolfSSL 0:1239e9b70ca2 803
wolfSSL 0:1239e9b70ca2 804 UnLockMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 805
wolfSSL 0:1239e9b70ca2 806 return ret;
wolfSSL 0:1239e9b70ca2 807 }
wolfSSL 0:1239e9b70ca2 808
wolfSSL 0:1239e9b70ca2 809
wolfSSL 0:1239e9b70ca2 810 /* See if this port has been registered to watch */
wolfSSL 0:1239e9b70ca2 811 /* return 1 is true, 0 is false */
wolfSSL 0:1239e9b70ca2 812 static int IsPortRegistered(word32 port)
wolfSSL 0:1239e9b70ca2 813 {
wolfSSL 0:1239e9b70ca2 814 int ret = 0; /* false */
wolfSSL 0:1239e9b70ca2 815 SnifferServer* sniffer;
wolfSSL 0:1239e9b70ca2 816
wolfSSL 0:1239e9b70ca2 817 LockMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 818
wolfSSL 0:1239e9b70ca2 819 sniffer = ServerList;
wolfSSL 0:1239e9b70ca2 820 while (sniffer) {
wolfSSL 0:1239e9b70ca2 821 if (sniffer->port == (int)port) {
wolfSSL 0:1239e9b70ca2 822 ret = 1;
wolfSSL 0:1239e9b70ca2 823 break;
wolfSSL 0:1239e9b70ca2 824 }
wolfSSL 0:1239e9b70ca2 825 sniffer = sniffer->next;
wolfSSL 0:1239e9b70ca2 826 }
wolfSSL 0:1239e9b70ca2 827
wolfSSL 0:1239e9b70ca2 828 UnLockMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 829
wolfSSL 0:1239e9b70ca2 830 return ret;
wolfSSL 0:1239e9b70ca2 831 }
wolfSSL 0:1239e9b70ca2 832
wolfSSL 0:1239e9b70ca2 833
wolfSSL 0:1239e9b70ca2 834 /* Get SnifferServer from IP and Port */
wolfSSL 0:1239e9b70ca2 835 static SnifferServer* GetSnifferServer(IpInfo* ipInfo, TcpInfo* tcpInfo)
wolfSSL 0:1239e9b70ca2 836 {
wolfSSL 0:1239e9b70ca2 837 SnifferServer* sniffer;
wolfSSL 0:1239e9b70ca2 838
wolfSSL 0:1239e9b70ca2 839 LockMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 840
wolfSSL 0:1239e9b70ca2 841 sniffer = ServerList;
wolfSSL 0:1239e9b70ca2 842 while (sniffer) {
wolfSSL 0:1239e9b70ca2 843 if (sniffer->port == tcpInfo->srcPort && sniffer->server == ipInfo->src)
wolfSSL 0:1239e9b70ca2 844 break;
wolfSSL 0:1239e9b70ca2 845 if (sniffer->port == tcpInfo->dstPort && sniffer->server == ipInfo->dst)
wolfSSL 0:1239e9b70ca2 846 break;
wolfSSL 0:1239e9b70ca2 847 sniffer = sniffer->next;
wolfSSL 0:1239e9b70ca2 848 }
wolfSSL 0:1239e9b70ca2 849
wolfSSL 0:1239e9b70ca2 850 UnLockMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 851
wolfSSL 0:1239e9b70ca2 852 return sniffer;
wolfSSL 0:1239e9b70ca2 853 }
wolfSSL 0:1239e9b70ca2 854
wolfSSL 0:1239e9b70ca2 855
wolfSSL 0:1239e9b70ca2 856 /* Hash the Session Info, return hash row */
wolfSSL 0:1239e9b70ca2 857 static word32 SessionHash(IpInfo* ipInfo, TcpInfo* tcpInfo)
wolfSSL 0:1239e9b70ca2 858 {
wolfSSL 0:1239e9b70ca2 859 word32 hash = ipInfo->src * ipInfo->dst;
wolfSSL 0:1239e9b70ca2 860 hash *= tcpInfo->srcPort * tcpInfo->dstPort;
wolfSSL 0:1239e9b70ca2 861
wolfSSL 0:1239e9b70ca2 862 return hash % HASH_SIZE;
wolfSSL 0:1239e9b70ca2 863 }
wolfSSL 0:1239e9b70ca2 864
wolfSSL 0:1239e9b70ca2 865
wolfSSL 0:1239e9b70ca2 866 /* Get Exisiting SnifferSession from IP and Port */
wolfSSL 0:1239e9b70ca2 867 static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
wolfSSL 0:1239e9b70ca2 868 {
wolfSSL 0:1239e9b70ca2 869 SnifferSession* session;
wolfSSL 0:1239e9b70ca2 870 time_t currTime = time(NULL);
wolfSSL 0:1239e9b70ca2 871 word32 row = SessionHash(ipInfo, tcpInfo);
wolfSSL 0:1239e9b70ca2 872
wolfSSL 0:1239e9b70ca2 873 assert(row <= HASH_SIZE);
wolfSSL 0:1239e9b70ca2 874
wolfSSL 0:1239e9b70ca2 875 LockMutex(&SessionMutex);
wolfSSL 0:1239e9b70ca2 876
wolfSSL 0:1239e9b70ca2 877 session = SessionTable[row];
wolfSSL 0:1239e9b70ca2 878 while (session) {
wolfSSL 0:1239e9b70ca2 879 if (session->server == ipInfo->src && session->client == ipInfo->dst &&
wolfSSL 0:1239e9b70ca2 880 session->srvPort == tcpInfo->srcPort &&
wolfSSL 0:1239e9b70ca2 881 session->cliPort == tcpInfo->dstPort)
wolfSSL 0:1239e9b70ca2 882 break;
wolfSSL 0:1239e9b70ca2 883 if (session->client == ipInfo->src && session->server == ipInfo->dst &&
wolfSSL 0:1239e9b70ca2 884 session->cliPort == tcpInfo->srcPort &&
wolfSSL 0:1239e9b70ca2 885 session->srvPort == tcpInfo->dstPort)
wolfSSL 0:1239e9b70ca2 886 break;
wolfSSL 0:1239e9b70ca2 887
wolfSSL 0:1239e9b70ca2 888 session = session->next;
wolfSSL 0:1239e9b70ca2 889 }
wolfSSL 0:1239e9b70ca2 890
wolfSSL 0:1239e9b70ca2 891 if (session)
wolfSSL 0:1239e9b70ca2 892 session->lastUsed= currTime; /* keep session alive, remove stale will */
wolfSSL 0:1239e9b70ca2 893 /* leave alone */
wolfSSL 0:1239e9b70ca2 894 UnLockMutex(&SessionMutex);
wolfSSL 0:1239e9b70ca2 895
wolfSSL 0:1239e9b70ca2 896 /* determine side */
wolfSSL 0:1239e9b70ca2 897 if (session) {
wolfSSL 0:1239e9b70ca2 898 if (ipInfo->dst == session->context->server &&
wolfSSL 0:1239e9b70ca2 899 tcpInfo->dstPort == session->context->port)
wolfSSL 0:1239e9b70ca2 900 session->flags.side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 901 else
wolfSSL 0:1239e9b70ca2 902 session->flags.side = CYASSL_CLIENT_END;
wolfSSL 0:1239e9b70ca2 903 }
wolfSSL 0:1239e9b70ca2 904
wolfSSL 0:1239e9b70ca2 905 return session;
wolfSSL 0:1239e9b70ca2 906 }
wolfSSL 0:1239e9b70ca2 907
wolfSSL 0:1239e9b70ca2 908
wolfSSL 0:1239e9b70ca2 909 /* Sets the private key for a specific server and port */
wolfSSL 0:1239e9b70ca2 910 /* returns 0 on success, -1 on error */
wolfSSL 0:1239e9b70ca2 911 int ssl_SetPrivateKey(const char* serverAddress, int port, const char* keyFile,
wolfSSL 0:1239e9b70ca2 912 int typeKey, const char* password, char* error)
wolfSSL 0:1239e9b70ca2 913 {
wolfSSL 0:1239e9b70ca2 914 int ret;
wolfSSL 0:1239e9b70ca2 915 int type = (typeKey == FILETYPE_PEM) ? SSL_FILETYPE_PEM :
wolfSSL 0:1239e9b70ca2 916 SSL_FILETYPE_ASN1;
wolfSSL 0:1239e9b70ca2 917 SnifferServer* sniffer;
wolfSSL 0:1239e9b70ca2 918
wolfSSL 0:1239e9b70ca2 919 TraceHeader();
wolfSSL 0:1239e9b70ca2 920 TraceSetServer(serverAddress, port, keyFile);
wolfSSL 0:1239e9b70ca2 921
wolfSSL 0:1239e9b70ca2 922 sniffer = (SnifferServer*)malloc(sizeof(SnifferServer));
wolfSSL 0:1239e9b70ca2 923 if (sniffer == NULL) {
wolfSSL 0:1239e9b70ca2 924 SetError(MEMORY_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 925 return -1;
wolfSSL 0:1239e9b70ca2 926 }
wolfSSL 0:1239e9b70ca2 927 InitSnifferServer(sniffer);
wolfSSL 0:1239e9b70ca2 928
wolfSSL 0:1239e9b70ca2 929 XSTRNCPY(sniffer->address, serverAddress, MAX_SERVER_ADDRESS);
wolfSSL 0:1239e9b70ca2 930 sniffer->server = inet_addr(sniffer->address);
wolfSSL 0:1239e9b70ca2 931 sniffer->port = port;
wolfSSL 0:1239e9b70ca2 932
wolfSSL 0:1239e9b70ca2 933 /* start in client mode since SSL_new needs a cert for server */
wolfSSL 0:1239e9b70ca2 934 sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
wolfSSL 0:1239e9b70ca2 935 if (!sniffer->ctx) {
wolfSSL 0:1239e9b70ca2 936 SetError(MEMORY_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 937 FreeSnifferServer(sniffer);
wolfSSL 0:1239e9b70ca2 938 return -1;
wolfSSL 0:1239e9b70ca2 939 }
wolfSSL 0:1239e9b70ca2 940
wolfSSL 0:1239e9b70ca2 941 if (password){
wolfSSL 0:1239e9b70ca2 942 SSL_CTX_set_default_passwd_cb(sniffer->ctx, SetPassword);
wolfSSL 0:1239e9b70ca2 943 SSL_CTX_set_default_passwd_cb_userdata(sniffer->ctx, (void*)password);
wolfSSL 0:1239e9b70ca2 944 }
wolfSSL 0:1239e9b70ca2 945 ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
wolfSSL 0:1239e9b70ca2 946 if (ret != SSL_SUCCESS) {
wolfSSL 0:1239e9b70ca2 947 SetError(KEY_FILE_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 948 FreeSnifferServer(sniffer);
wolfSSL 0:1239e9b70ca2 949 return -1;
wolfSSL 0:1239e9b70ca2 950 }
wolfSSL 0:1239e9b70ca2 951 Trace(NEW_SERVER_STR);
wolfSSL 0:1239e9b70ca2 952
wolfSSL 0:1239e9b70ca2 953 LockMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 954
wolfSSL 0:1239e9b70ca2 955 sniffer->next = ServerList;
wolfSSL 0:1239e9b70ca2 956 ServerList = sniffer;
wolfSSL 0:1239e9b70ca2 957
wolfSSL 0:1239e9b70ca2 958 UnLockMutex(&ServerListMutex);
wolfSSL 0:1239e9b70ca2 959
wolfSSL 0:1239e9b70ca2 960 return 0;
wolfSSL 0:1239e9b70ca2 961 }
wolfSSL 0:1239e9b70ca2 962
wolfSSL 0:1239e9b70ca2 963
wolfSSL 0:1239e9b70ca2 964 /* Check IP Header for IPV4, TCP, and a registered server address */
wolfSSL 0:1239e9b70ca2 965 /* returns 0 on success, -1 on error */
wolfSSL 0:1239e9b70ca2 966 static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
wolfSSL 0:1239e9b70ca2 967 {
wolfSSL 0:1239e9b70ca2 968 int version = IP_V(iphdr);
wolfSSL 0:1239e9b70ca2 969
wolfSSL 0:1239e9b70ca2 970 TraceIP(iphdr);
wolfSSL 0:1239e9b70ca2 971 Trace(IP_CHECK_STR);
wolfSSL 0:1239e9b70ca2 972
wolfSSL 0:1239e9b70ca2 973 if (version != IPV4) {
wolfSSL 0:1239e9b70ca2 974 SetError(BAD_IPVER_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 975 return -1;
wolfSSL 0:1239e9b70ca2 976 }
wolfSSL 0:1239e9b70ca2 977
wolfSSL 0:1239e9b70ca2 978 if (iphdr->protocol != TCP_PROTOCOL) {
wolfSSL 0:1239e9b70ca2 979 SetError(BAD_PROTO_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 980 return -1;
wolfSSL 0:1239e9b70ca2 981 }
wolfSSL 0:1239e9b70ca2 982
wolfSSL 0:1239e9b70ca2 983 if (!IsServerRegistered(iphdr->src) && !IsServerRegistered(iphdr->dst)) {
wolfSSL 0:1239e9b70ca2 984 SetError(SERVER_NOT_REG_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 985 return -1;
wolfSSL 0:1239e9b70ca2 986 }
wolfSSL 0:1239e9b70ca2 987
wolfSSL 0:1239e9b70ca2 988 info->length = IP_HL(iphdr);
wolfSSL 0:1239e9b70ca2 989 info->total = ntohs(iphdr->length);
wolfSSL 0:1239e9b70ca2 990 info->src = iphdr->src;
wolfSSL 0:1239e9b70ca2 991 info->dst = iphdr->dst;
wolfSSL 0:1239e9b70ca2 992
wolfSSL 0:1239e9b70ca2 993 if (info->total == 0)
wolfSSL 0:1239e9b70ca2 994 info->total = length; /* reassembled may be off */
wolfSSL 0:1239e9b70ca2 995
wolfSSL 0:1239e9b70ca2 996 return 0;
wolfSSL 0:1239e9b70ca2 997 }
wolfSSL 0:1239e9b70ca2 998
wolfSSL 0:1239e9b70ca2 999
wolfSSL 0:1239e9b70ca2 1000 /* Check TCP Header for a registered port */
wolfSSL 0:1239e9b70ca2 1001 /* returns 0 on success, -1 on error */
wolfSSL 0:1239e9b70ca2 1002 static int CheckTcpHdr(TcpHdr* tcphdr, TcpInfo* info, char* error)
wolfSSL 0:1239e9b70ca2 1003 {
wolfSSL 0:1239e9b70ca2 1004 TraceTcp(tcphdr);
wolfSSL 0:1239e9b70ca2 1005 Trace(TCP_CHECK_STR);
wolfSSL 0:1239e9b70ca2 1006 info->srcPort = ntohs(tcphdr->srcPort);
wolfSSL 0:1239e9b70ca2 1007 info->dstPort = ntohs(tcphdr->dstPort);
wolfSSL 0:1239e9b70ca2 1008 info->length = TCP_LEN(tcphdr);
wolfSSL 0:1239e9b70ca2 1009 info->sequence = ntohl(tcphdr->sequence);
wolfSSL 0:1239e9b70ca2 1010 info->fin = tcphdr->flags & TCP_FIN;
wolfSSL 0:1239e9b70ca2 1011 info->rst = tcphdr->flags & TCP_RST;
wolfSSL 0:1239e9b70ca2 1012 info->syn = tcphdr->flags & TCP_SYN;
wolfSSL 0:1239e9b70ca2 1013 info->ack = tcphdr->flags & TCP_ACK;
wolfSSL 0:1239e9b70ca2 1014 if (info->ack)
wolfSSL 0:1239e9b70ca2 1015 info->ackNumber = ntohl(tcphdr->ack);
wolfSSL 0:1239e9b70ca2 1016
wolfSSL 0:1239e9b70ca2 1017 if (!IsPortRegistered(info->srcPort) && !IsPortRegistered(info->dstPort)) {
wolfSSL 0:1239e9b70ca2 1018 SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 1019 return -1;
wolfSSL 0:1239e9b70ca2 1020 }
wolfSSL 0:1239e9b70ca2 1021
wolfSSL 0:1239e9b70ca2 1022 return 0;
wolfSSL 0:1239e9b70ca2 1023 }
wolfSSL 0:1239e9b70ca2 1024
wolfSSL 0:1239e9b70ca2 1025
wolfSSL 0:1239e9b70ca2 1026 /* Decode Record Layer Header */
wolfSSL 0:1239e9b70ca2 1027 static int GetRecordHeader(const byte* input, RecordLayerHeader* rh, int* size)
wolfSSL 0:1239e9b70ca2 1028 {
wolfSSL 0:1239e9b70ca2 1029 XMEMCPY(rh, input, RECORD_HEADER_SZ);
wolfSSL 0:1239e9b70ca2 1030 *size = (rh->length[0] << 8) | rh->length[1];
wolfSSL 0:1239e9b70ca2 1031
wolfSSL 0:1239e9b70ca2 1032 if (*size > (MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA))
wolfSSL 0:1239e9b70ca2 1033 return LENGTH_ERROR;
wolfSSL 0:1239e9b70ca2 1034
wolfSSL 0:1239e9b70ca2 1035 return 0;
wolfSSL 0:1239e9b70ca2 1036 }
wolfSSL 0:1239e9b70ca2 1037
wolfSSL 0:1239e9b70ca2 1038
wolfSSL 0:1239e9b70ca2 1039 /* Process Client Key Exchange, RSA only */
wolfSSL 0:1239e9b70ca2 1040 static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
wolfSSL 0:1239e9b70ca2 1041 SnifferSession* session, char* error)
wolfSSL 0:1239e9b70ca2 1042 {
wolfSSL 0:1239e9b70ca2 1043 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 1044 RsaKey key;
wolfSSL 0:1239e9b70ca2 1045 int ret;
wolfSSL 0:1239e9b70ca2 1046
wolfSSL 0:1239e9b70ca2 1047 ret = InitRsaKey(&key, 0);
wolfSSL 0:1239e9b70ca2 1048 if (ret == 0)
wolfSSL 0:1239e9b70ca2 1049 ret = RsaPrivateKeyDecode(session->context->ctx->privateKey.buffer,
wolfSSL 0:1239e9b70ca2 1050 &idx, &key, session->context->ctx->privateKey.length);
wolfSSL 0:1239e9b70ca2 1051 if (ret == 0) {
wolfSSL 0:1239e9b70ca2 1052 int length = RsaEncryptSize(&key);
wolfSSL 0:1239e9b70ca2 1053
wolfSSL 0:1239e9b70ca2 1054 if (IsTLS(session->sslServer))
wolfSSL 0:1239e9b70ca2 1055 input += 2; /* tls pre length */
wolfSSL 0:1239e9b70ca2 1056
wolfSSL 0:1239e9b70ca2 1057 if (length > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1058 SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1059 FreeRsaKey(&key);
wolfSSL 0:1239e9b70ca2 1060 return -1;
wolfSSL 0:1239e9b70ca2 1061 }
wolfSSL 0:1239e9b70ca2 1062 ret = RsaPrivateDecrypt(input, length,
wolfSSL 0:1239e9b70ca2 1063 session->sslServer->arrays->preMasterSecret,SECRET_LEN, &key);
wolfSSL 0:1239e9b70ca2 1064
wolfSSL 0:1239e9b70ca2 1065 if (ret != SECRET_LEN) {
wolfSSL 0:1239e9b70ca2 1066 SetError(RSA_DECRYPT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1067 FreeRsaKey(&key);
wolfSSL 0:1239e9b70ca2 1068 return -1;
wolfSSL 0:1239e9b70ca2 1069 }
wolfSSL 0:1239e9b70ca2 1070 ret = 0; /* not in error state */
wolfSSL 0:1239e9b70ca2 1071 session->sslServer->arrays->preMasterSz = SECRET_LEN;
wolfSSL 0:1239e9b70ca2 1072
wolfSSL 0:1239e9b70ca2 1073 /* store for client side as well */
wolfSSL 0:1239e9b70ca2 1074 XMEMCPY(session->sslClient->arrays->preMasterSecret,
wolfSSL 0:1239e9b70ca2 1075 session->sslServer->arrays->preMasterSecret, SECRET_LEN);
wolfSSL 0:1239e9b70ca2 1076 session->sslClient->arrays->preMasterSz = SECRET_LEN;
wolfSSL 0:1239e9b70ca2 1077
wolfSSL 0:1239e9b70ca2 1078 #ifdef SHOW_SECRETS
wolfSSL 0:1239e9b70ca2 1079 {
wolfSSL 0:1239e9b70ca2 1080 int i;
wolfSSL 0:1239e9b70ca2 1081 printf("pre master secret: ");
wolfSSL 0:1239e9b70ca2 1082 for (i = 0; i < SECRET_LEN; i++)
wolfSSL 0:1239e9b70ca2 1083 printf("%02x", session->sslServer->arrays->preMasterSecret[i]);
wolfSSL 0:1239e9b70ca2 1084 printf("\n");
wolfSSL 0:1239e9b70ca2 1085 }
wolfSSL 0:1239e9b70ca2 1086 #endif
wolfSSL 0:1239e9b70ca2 1087 }
wolfSSL 0:1239e9b70ca2 1088 else {
wolfSSL 0:1239e9b70ca2 1089 SetError(RSA_DECODE_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1090 FreeRsaKey(&key);
wolfSSL 0:1239e9b70ca2 1091 return -1;
wolfSSL 0:1239e9b70ca2 1092 }
wolfSSL 0:1239e9b70ca2 1093
wolfSSL 0:1239e9b70ca2 1094 if (SetCipherSpecs(session->sslServer) != 0) {
wolfSSL 0:1239e9b70ca2 1095 SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1096 FreeRsaKey(&key);
wolfSSL 0:1239e9b70ca2 1097 return -1;
wolfSSL 0:1239e9b70ca2 1098 }
wolfSSL 0:1239e9b70ca2 1099
wolfSSL 0:1239e9b70ca2 1100 if (SetCipherSpecs(session->sslClient) != 0) {
wolfSSL 0:1239e9b70ca2 1101 SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1102 FreeRsaKey(&key);
wolfSSL 0:1239e9b70ca2 1103 return -1;
wolfSSL 0:1239e9b70ca2 1104 }
wolfSSL 0:1239e9b70ca2 1105
wolfSSL 0:1239e9b70ca2 1106 MakeMasterSecret(session->sslServer);
wolfSSL 0:1239e9b70ca2 1107 MakeMasterSecret(session->sslClient);
wolfSSL 0:1239e9b70ca2 1108 #ifdef SHOW_SECRETS
wolfSSL 0:1239e9b70ca2 1109 {
wolfSSL 0:1239e9b70ca2 1110 int i;
wolfSSL 0:1239e9b70ca2 1111 printf("server master secret: ");
wolfSSL 0:1239e9b70ca2 1112 for (i = 0; i < SECRET_LEN; i++)
wolfSSL 0:1239e9b70ca2 1113 printf("%02x", session->sslServer->arrays->masterSecret[i]);
wolfSSL 0:1239e9b70ca2 1114 printf("\n");
wolfSSL 0:1239e9b70ca2 1115
wolfSSL 0:1239e9b70ca2 1116 printf("client master secret: ");
wolfSSL 0:1239e9b70ca2 1117 for (i = 0; i < SECRET_LEN; i++)
wolfSSL 0:1239e9b70ca2 1118 printf("%02x", session->sslClient->arrays->masterSecret[i]);
wolfSSL 0:1239e9b70ca2 1119 printf("\n");
wolfSSL 0:1239e9b70ca2 1120
wolfSSL 0:1239e9b70ca2 1121 printf("server suite = %d\n", session->sslServer->options.cipherSuite);
wolfSSL 0:1239e9b70ca2 1122 printf("client suite = %d\n", session->sslClient->options.cipherSuite);
wolfSSL 0:1239e9b70ca2 1123 }
wolfSSL 0:1239e9b70ca2 1124 #endif
wolfSSL 0:1239e9b70ca2 1125
wolfSSL 0:1239e9b70ca2 1126 FreeRsaKey(&key);
wolfSSL 0:1239e9b70ca2 1127 return ret;
wolfSSL 0:1239e9b70ca2 1128 }
wolfSSL 0:1239e9b70ca2 1129
wolfSSL 0:1239e9b70ca2 1130
wolfSSL 0:1239e9b70ca2 1131 /* Process Session Ticket */
wolfSSL 0:1239e9b70ca2 1132 static int ProcessSessionTicket(const byte* input, int* sslBytes,
wolfSSL 0:1239e9b70ca2 1133 SnifferSession* session, char* error)
wolfSSL 0:1239e9b70ca2 1134 {
wolfSSL 0:1239e9b70ca2 1135 word16 len;
wolfSSL 0:1239e9b70ca2 1136
wolfSSL 0:1239e9b70ca2 1137 /* make sure can read through hint and len */
wolfSSL 0:1239e9b70ca2 1138 if (TICKET_HINT_LEN + LENGTH_SZ > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1139 SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1140 return -1;
wolfSSL 0:1239e9b70ca2 1141 }
wolfSSL 0:1239e9b70ca2 1142
wolfSSL 0:1239e9b70ca2 1143 input += TICKET_HINT_LEN; /* skip over hint */
wolfSSL 0:1239e9b70ca2 1144 *sslBytes -= TICKET_HINT_LEN;
wolfSSL 0:1239e9b70ca2 1145
wolfSSL 0:1239e9b70ca2 1146 len = (word16)((input[0] << 8) | input[1]);
wolfSSL 0:1239e9b70ca2 1147 input += LENGTH_SZ;
wolfSSL 0:1239e9b70ca2 1148 *sslBytes -= LENGTH_SZ;
wolfSSL 0:1239e9b70ca2 1149
wolfSSL 0:1239e9b70ca2 1150 /* make sure can read through ticket */
wolfSSL 0:1239e9b70ca2 1151 if (len > *sslBytes || len < ID_LEN) {
wolfSSL 0:1239e9b70ca2 1152 SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1153 return -1;
wolfSSL 0:1239e9b70ca2 1154 }
wolfSSL 0:1239e9b70ca2 1155
wolfSSL 0:1239e9b70ca2 1156 /* store session with macID as sessionID */
wolfSSL 0:1239e9b70ca2 1157 session->sslServer->options.haveSessionId = 1;
wolfSSL 0:1239e9b70ca2 1158 XMEMCPY(session->sslServer->arrays->sessionID, input + len - ID_LEN,ID_LEN);
wolfSSL 0:1239e9b70ca2 1159
wolfSSL 0:1239e9b70ca2 1160 return 0;
wolfSSL 0:1239e9b70ca2 1161 }
wolfSSL 0:1239e9b70ca2 1162
wolfSSL 0:1239e9b70ca2 1163
wolfSSL 0:1239e9b70ca2 1164 /* Process Server Hello */
wolfSSL 0:1239e9b70ca2 1165 static int ProcessServerHello(const byte* input, int* sslBytes,
wolfSSL 0:1239e9b70ca2 1166 SnifferSession* session, char* error)
wolfSSL 0:1239e9b70ca2 1167 {
wolfSSL 0:1239e9b70ca2 1168 ProtocolVersion pv;
wolfSSL 0:1239e9b70ca2 1169 byte b;
wolfSSL 0:1239e9b70ca2 1170 int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
wolfSSL 0:1239e9b70ca2 1171 int doResume = 0;
wolfSSL 0:1239e9b70ca2 1172
wolfSSL 0:1239e9b70ca2 1173 /* make sure we didn't miss ClientHello */
wolfSSL 0:1239e9b70ca2 1174 if (session->flags.clientHello == 0) {
wolfSSL 0:1239e9b70ca2 1175 SetError(MISSED_CLIENT_HELLO_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1176 return -1;
wolfSSL 0:1239e9b70ca2 1177 }
wolfSSL 0:1239e9b70ca2 1178
wolfSSL 0:1239e9b70ca2 1179 /* make sure can read through session len */
wolfSSL 0:1239e9b70ca2 1180 if (toRead > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1181 SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1182 return -1;
wolfSSL 0:1239e9b70ca2 1183 }
wolfSSL 0:1239e9b70ca2 1184
wolfSSL 0:1239e9b70ca2 1185 XMEMCPY(&pv, input, VERSION_SZ);
wolfSSL 0:1239e9b70ca2 1186 input += VERSION_SZ;
wolfSSL 0:1239e9b70ca2 1187 *sslBytes -= VERSION_SZ;
wolfSSL 0:1239e9b70ca2 1188
wolfSSL 0:1239e9b70ca2 1189 session->sslServer->version = pv;
wolfSSL 0:1239e9b70ca2 1190 session->sslClient->version = pv;
wolfSSL 0:1239e9b70ca2 1191
wolfSSL 0:1239e9b70ca2 1192 XMEMCPY(session->sslServer->arrays->serverRandom, input, RAN_LEN);
wolfSSL 0:1239e9b70ca2 1193 XMEMCPY(session->sslClient->arrays->serverRandom, input, RAN_LEN);
wolfSSL 0:1239e9b70ca2 1194 input += RAN_LEN;
wolfSSL 0:1239e9b70ca2 1195 *sslBytes -= RAN_LEN;
wolfSSL 0:1239e9b70ca2 1196
wolfSSL 0:1239e9b70ca2 1197 b = *input++;
wolfSSL 0:1239e9b70ca2 1198 *sslBytes -= 1;
wolfSSL 0:1239e9b70ca2 1199
wolfSSL 0:1239e9b70ca2 1200 /* make sure can read through compression */
wolfSSL 0:1239e9b70ca2 1201 if ( (b + SUITE_LEN + ENUM_LEN) > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1202 SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1203 return -1;
wolfSSL 0:1239e9b70ca2 1204 }
wolfSSL 0:1239e9b70ca2 1205 if (b) {
wolfSSL 0:1239e9b70ca2 1206 XMEMCPY(session->sslServer->arrays->sessionID, input, ID_LEN);
wolfSSL 0:1239e9b70ca2 1207 session->sslServer->options.haveSessionId = 1;
wolfSSL 0:1239e9b70ca2 1208 }
wolfSSL 0:1239e9b70ca2 1209 input += b;
wolfSSL 0:1239e9b70ca2 1210 *sslBytes -= b;
wolfSSL 0:1239e9b70ca2 1211
wolfSSL 0:1239e9b70ca2 1212 /* cipher suite */
wolfSSL 0:1239e9b70ca2 1213 b = *input++; /* first byte, ECC or not */
wolfSSL 0:1239e9b70ca2 1214 session->sslServer->options.cipherSuite0 = b;
wolfSSL 0:1239e9b70ca2 1215 session->sslClient->options.cipherSuite0 = b;
wolfSSL 0:1239e9b70ca2 1216 b = *input++;
wolfSSL 0:1239e9b70ca2 1217 session->sslServer->options.cipherSuite = b;
wolfSSL 0:1239e9b70ca2 1218 session->sslClient->options.cipherSuite = b;
wolfSSL 0:1239e9b70ca2 1219 *sslBytes -= SUITE_LEN;
wolfSSL 0:1239e9b70ca2 1220
wolfSSL 0:1239e9b70ca2 1221 /* compression */
wolfSSL 0:1239e9b70ca2 1222 b = *input++;
wolfSSL 0:1239e9b70ca2 1223 *sslBytes -= ENUM_LEN;
wolfSSL 0:1239e9b70ca2 1224
wolfSSL 0:1239e9b70ca2 1225 if (b) {
wolfSSL 0:1239e9b70ca2 1226 SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1227 return -1;
wolfSSL 0:1239e9b70ca2 1228 }
wolfSSL 0:1239e9b70ca2 1229
wolfSSL 0:1239e9b70ca2 1230 if (session->sslServer->options.haveSessionId &&
wolfSSL 0:1239e9b70ca2 1231 XMEMCMP(session->sslServer->arrays->sessionID,
wolfSSL 0:1239e9b70ca2 1232 session->sslClient->arrays->sessionID, ID_LEN) == 0)
wolfSSL 0:1239e9b70ca2 1233 doResume = 1;
wolfSSL 0:1239e9b70ca2 1234 else if (session->sslClient->options.haveSessionId == 0 &&
wolfSSL 0:1239e9b70ca2 1235 session->sslServer->options.haveSessionId == 0 &&
wolfSSL 0:1239e9b70ca2 1236 session->ticketID)
wolfSSL 0:1239e9b70ca2 1237 doResume = 1;
wolfSSL 0:1239e9b70ca2 1238
wolfSSL 0:1239e9b70ca2 1239 if (session->ticketID && doResume) {
wolfSSL 0:1239e9b70ca2 1240 /* use ticketID to retrieve from session, prefer over sessionID */
wolfSSL 0:1239e9b70ca2 1241 XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN);
wolfSSL 0:1239e9b70ca2 1242 session->sslServer->options.haveSessionId = 1; /* may not have
wolfSSL 0:1239e9b70ca2 1243 actual sessionID */
wolfSSL 0:1239e9b70ca2 1244 }
wolfSSL 0:1239e9b70ca2 1245
wolfSSL 0:1239e9b70ca2 1246 if (doResume ) {
wolfSSL 0:1239e9b70ca2 1247 int ret = 0;
wolfSSL 0:1239e9b70ca2 1248 SSL_SESSION* resume = GetSession(session->sslServer,
wolfSSL 0:1239e9b70ca2 1249 session->sslServer->arrays->masterSecret);
wolfSSL 0:1239e9b70ca2 1250 if (resume == NULL) {
wolfSSL 0:1239e9b70ca2 1251 SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1252 return -1;
wolfSSL 0:1239e9b70ca2 1253 }
wolfSSL 0:1239e9b70ca2 1254 /* make sure client has master secret too */
wolfSSL 0:1239e9b70ca2 1255 XMEMCPY(session->sslClient->arrays->masterSecret,
wolfSSL 0:1239e9b70ca2 1256 session->sslServer->arrays->masterSecret, SECRET_LEN);
wolfSSL 0:1239e9b70ca2 1257 session->flags.resuming = 1;
wolfSSL 0:1239e9b70ca2 1258
wolfSSL 0:1239e9b70ca2 1259 Trace(SERVER_DID_RESUMPTION_STR);
wolfSSL 0:1239e9b70ca2 1260 if (SetCipherSpecs(session->sslServer) != 0) {
wolfSSL 0:1239e9b70ca2 1261 SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1262 return -1;
wolfSSL 0:1239e9b70ca2 1263 }
wolfSSL 0:1239e9b70ca2 1264
wolfSSL 0:1239e9b70ca2 1265 if (SetCipherSpecs(session->sslClient) != 0) {
wolfSSL 0:1239e9b70ca2 1266 SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1267 return -1;
wolfSSL 0:1239e9b70ca2 1268 }
wolfSSL 0:1239e9b70ca2 1269
wolfSSL 0:1239e9b70ca2 1270 if (session->sslServer->options.tls) {
wolfSSL 0:1239e9b70ca2 1271 ret = DeriveTlsKeys(session->sslServer);
wolfSSL 0:1239e9b70ca2 1272 ret += DeriveTlsKeys(session->sslClient);
wolfSSL 0:1239e9b70ca2 1273 }
wolfSSL 0:1239e9b70ca2 1274 else {
wolfSSL 0:1239e9b70ca2 1275 ret = DeriveKeys(session->sslServer);
wolfSSL 0:1239e9b70ca2 1276 ret += DeriveKeys(session->sslClient);
wolfSSL 0:1239e9b70ca2 1277 }
wolfSSL 0:1239e9b70ca2 1278 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 1279 SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1280 return -1;
wolfSSL 0:1239e9b70ca2 1281 }
wolfSSL 0:1239e9b70ca2 1282 }
wolfSSL 0:1239e9b70ca2 1283 #ifdef SHOW_SECRETS
wolfSSL 0:1239e9b70ca2 1284 {
wolfSSL 0:1239e9b70ca2 1285 int i;
wolfSSL 0:1239e9b70ca2 1286 printf("cipher suite = 0x%02x\n",
wolfSSL 0:1239e9b70ca2 1287 session->sslServer->options.cipherSuite);
wolfSSL 0:1239e9b70ca2 1288 printf("server random: ");
wolfSSL 0:1239e9b70ca2 1289 for (i = 0; i < RAN_LEN; i++)
wolfSSL 0:1239e9b70ca2 1290 printf("%02x", session->sslServer->arrays->serverRandom[i]);
wolfSSL 0:1239e9b70ca2 1291 printf("\n");
wolfSSL 0:1239e9b70ca2 1292 }
wolfSSL 0:1239e9b70ca2 1293 #endif
wolfSSL 0:1239e9b70ca2 1294 return 0;
wolfSSL 0:1239e9b70ca2 1295 }
wolfSSL 0:1239e9b70ca2 1296
wolfSSL 0:1239e9b70ca2 1297
wolfSSL 0:1239e9b70ca2 1298 /* Process normal Client Hello */
wolfSSL 0:1239e9b70ca2 1299 static int ProcessClientHello(const byte* input, int* sslBytes,
wolfSSL 0:1239e9b70ca2 1300 SnifferSession* session, char* error)
wolfSSL 0:1239e9b70ca2 1301 {
wolfSSL 0:1239e9b70ca2 1302 byte bLen;
wolfSSL 0:1239e9b70ca2 1303 word16 len;
wolfSSL 0:1239e9b70ca2 1304 int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
wolfSSL 0:1239e9b70ca2 1305
wolfSSL 0:1239e9b70ca2 1306 session->flags.clientHello = 1; /* don't process again */
wolfSSL 0:1239e9b70ca2 1307
wolfSSL 0:1239e9b70ca2 1308 /* make sure can read up to session len */
wolfSSL 0:1239e9b70ca2 1309 if (toRead > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1310 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1311 return -1;
wolfSSL 0:1239e9b70ca2 1312 }
wolfSSL 0:1239e9b70ca2 1313
wolfSSL 0:1239e9b70ca2 1314 /* skip, get negotiated one from server hello */
wolfSSL 0:1239e9b70ca2 1315 input += VERSION_SZ;
wolfSSL 0:1239e9b70ca2 1316 *sslBytes -= VERSION_SZ;
wolfSSL 0:1239e9b70ca2 1317
wolfSSL 0:1239e9b70ca2 1318 XMEMCPY(session->sslServer->arrays->clientRandom, input, RAN_LEN);
wolfSSL 0:1239e9b70ca2 1319 XMEMCPY(session->sslClient->arrays->clientRandom, input, RAN_LEN);
wolfSSL 0:1239e9b70ca2 1320
wolfSSL 0:1239e9b70ca2 1321 input += RAN_LEN;
wolfSSL 0:1239e9b70ca2 1322 *sslBytes -= RAN_LEN;
wolfSSL 0:1239e9b70ca2 1323
wolfSSL 0:1239e9b70ca2 1324 /* store session in case trying to resume */
wolfSSL 0:1239e9b70ca2 1325 bLen = *input++;
wolfSSL 0:1239e9b70ca2 1326 *sslBytes -= ENUM_LEN;
wolfSSL 0:1239e9b70ca2 1327 if (bLen) {
wolfSSL 0:1239e9b70ca2 1328 if (ID_LEN > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1329 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1330 return -1;
wolfSSL 0:1239e9b70ca2 1331 }
wolfSSL 0:1239e9b70ca2 1332 Trace(CLIENT_RESUME_TRY_STR);
wolfSSL 0:1239e9b70ca2 1333 XMEMCPY(session->sslClient->arrays->sessionID, input, ID_LEN);
wolfSSL 0:1239e9b70ca2 1334 session->sslClient->options.haveSessionId = 1;
wolfSSL 0:1239e9b70ca2 1335 }
wolfSSL 0:1239e9b70ca2 1336 #ifdef SHOW_SECRETS
wolfSSL 0:1239e9b70ca2 1337 {
wolfSSL 0:1239e9b70ca2 1338 int i;
wolfSSL 0:1239e9b70ca2 1339 printf("client random: ");
wolfSSL 0:1239e9b70ca2 1340 for (i = 0; i < RAN_LEN; i++)
wolfSSL 0:1239e9b70ca2 1341 printf("%02x", session->sslServer->arrays->clientRandom[i]);
wolfSSL 0:1239e9b70ca2 1342 printf("\n");
wolfSSL 0:1239e9b70ca2 1343 }
wolfSSL 0:1239e9b70ca2 1344 #endif
wolfSSL 0:1239e9b70ca2 1345
wolfSSL 0:1239e9b70ca2 1346 input += bLen;
wolfSSL 0:1239e9b70ca2 1347 *sslBytes -= bLen;
wolfSSL 0:1239e9b70ca2 1348
wolfSSL 0:1239e9b70ca2 1349 /* skip cipher suites */
wolfSSL 0:1239e9b70ca2 1350 /* make sure can read len */
wolfSSL 0:1239e9b70ca2 1351 if (SUITE_LEN > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1352 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1353 return -1;
wolfSSL 0:1239e9b70ca2 1354 }
wolfSSL 0:1239e9b70ca2 1355 len = (word16)((input[0] << 8) | input[1]);
wolfSSL 0:1239e9b70ca2 1356 input += SUITE_LEN;
wolfSSL 0:1239e9b70ca2 1357 *sslBytes -= SUITE_LEN;
wolfSSL 0:1239e9b70ca2 1358 /* make sure can read suites + comp len */
wolfSSL 0:1239e9b70ca2 1359 if (len + ENUM_LEN > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1360 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1361 return -1;
wolfSSL 0:1239e9b70ca2 1362 }
wolfSSL 0:1239e9b70ca2 1363 input += len;
wolfSSL 0:1239e9b70ca2 1364 *sslBytes -= len;
wolfSSL 0:1239e9b70ca2 1365
wolfSSL 0:1239e9b70ca2 1366 /* skip compression */
wolfSSL 0:1239e9b70ca2 1367 bLen = *input++;
wolfSSL 0:1239e9b70ca2 1368 *sslBytes -= ENUM_LEN;
wolfSSL 0:1239e9b70ca2 1369 /* make sure can read len */
wolfSSL 0:1239e9b70ca2 1370 if (bLen > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1371 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1372 return -1;
wolfSSL 0:1239e9b70ca2 1373 }
wolfSSL 0:1239e9b70ca2 1374 input += bLen;
wolfSSL 0:1239e9b70ca2 1375 *sslBytes -= bLen;
wolfSSL 0:1239e9b70ca2 1376
wolfSSL 0:1239e9b70ca2 1377 if (*sslBytes == 0) {
wolfSSL 0:1239e9b70ca2 1378 /* no extensions */
wolfSSL 0:1239e9b70ca2 1379 return 0;
wolfSSL 0:1239e9b70ca2 1380 }
wolfSSL 0:1239e9b70ca2 1381
wolfSSL 0:1239e9b70ca2 1382 /* skip extensions until session ticket */
wolfSSL 0:1239e9b70ca2 1383 /* make sure can read len */
wolfSSL 0:1239e9b70ca2 1384 if (SUITE_LEN > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1385 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1386 return -1;
wolfSSL 0:1239e9b70ca2 1387 }
wolfSSL 0:1239e9b70ca2 1388 len = (word16)((input[0] << 8) | input[1]);
wolfSSL 0:1239e9b70ca2 1389 input += SUITE_LEN;
wolfSSL 0:1239e9b70ca2 1390 *sslBytes -= SUITE_LEN;
wolfSSL 0:1239e9b70ca2 1391 /* make sure can read through all extensions */
wolfSSL 0:1239e9b70ca2 1392 if (len > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1393 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1394 return -1;
wolfSSL 0:1239e9b70ca2 1395 }
wolfSSL 0:1239e9b70ca2 1396
wolfSSL 0:1239e9b70ca2 1397 while (len > EXT_TYPE_SZ + LENGTH_SZ) {
wolfSSL 0:1239e9b70ca2 1398 byte extType[EXT_TYPE_SZ];
wolfSSL 0:1239e9b70ca2 1399 word16 extLen;
wolfSSL 0:1239e9b70ca2 1400
wolfSSL 0:1239e9b70ca2 1401 extType[0] = input[0];
wolfSSL 0:1239e9b70ca2 1402 extType[1] = input[1];
wolfSSL 0:1239e9b70ca2 1403 input += EXT_TYPE_SZ;
wolfSSL 0:1239e9b70ca2 1404 *sslBytes -= EXT_TYPE_SZ;
wolfSSL 0:1239e9b70ca2 1405
wolfSSL 0:1239e9b70ca2 1406 extLen = (word16)((input[0] << 8) | input[1]);
wolfSSL 0:1239e9b70ca2 1407 input += LENGTH_SZ;
wolfSSL 0:1239e9b70ca2 1408 *sslBytes -= LENGTH_SZ;
wolfSSL 0:1239e9b70ca2 1409
wolfSSL 0:1239e9b70ca2 1410 /* make sure can read through individual extension */
wolfSSL 0:1239e9b70ca2 1411 if (extLen > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1412 SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1413 return -1;
wolfSSL 0:1239e9b70ca2 1414 }
wolfSSL 0:1239e9b70ca2 1415
wolfSSL 0:1239e9b70ca2 1416 if (extType[0] == 0x00 && extType[1] == TICKET_EXT_ID) {
wolfSSL 0:1239e9b70ca2 1417
wolfSSL 0:1239e9b70ca2 1418 /* make sure can read through ticket if there is a non blank one */
wolfSSL 0:1239e9b70ca2 1419 if (extLen && extLen < ID_LEN) {
wolfSSL 0:1239e9b70ca2 1420 SetError(CLIENT_HELLO_INPUT_STR, error, session,
wolfSSL 0:1239e9b70ca2 1421 FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1422 return -1;
wolfSSL 0:1239e9b70ca2 1423 }
wolfSSL 0:1239e9b70ca2 1424
wolfSSL 0:1239e9b70ca2 1425 if (extLen) {
wolfSSL 0:1239e9b70ca2 1426 if (session->ticketID == 0) {
wolfSSL 0:1239e9b70ca2 1427 session->ticketID = (byte*)malloc(ID_LEN);
wolfSSL 0:1239e9b70ca2 1428 if (session->ticketID == 0) {
wolfSSL 0:1239e9b70ca2 1429 SetError(MEMORY_STR, error, session,
wolfSSL 0:1239e9b70ca2 1430 FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1431 return -1;
wolfSSL 0:1239e9b70ca2 1432 }
wolfSSL 0:1239e9b70ca2 1433 }
wolfSSL 0:1239e9b70ca2 1434 XMEMCPY(session->ticketID, input + extLen - ID_LEN, ID_LEN);
wolfSSL 0:1239e9b70ca2 1435 }
wolfSSL 0:1239e9b70ca2 1436 }
wolfSSL 0:1239e9b70ca2 1437
wolfSSL 0:1239e9b70ca2 1438 input += extLen;
wolfSSL 0:1239e9b70ca2 1439 *sslBytes -= extLen;
wolfSSL 0:1239e9b70ca2 1440 len -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
wolfSSL 0:1239e9b70ca2 1441 }
wolfSSL 0:1239e9b70ca2 1442
wolfSSL 0:1239e9b70ca2 1443 return 0;
wolfSSL 0:1239e9b70ca2 1444 }
wolfSSL 0:1239e9b70ca2 1445
wolfSSL 0:1239e9b70ca2 1446
wolfSSL 0:1239e9b70ca2 1447 /* Process Finished */
wolfSSL 0:1239e9b70ca2 1448 static int ProcessFinished(const byte* input, int size, int* sslBytes,
wolfSSL 0:1239e9b70ca2 1449 SnifferSession* session, char* error)
wolfSSL 0:1239e9b70ca2 1450 {
wolfSSL 0:1239e9b70ca2 1451 SSL* ssl;
wolfSSL 0:1239e9b70ca2 1452 word32 inOutIdx = 0;
wolfSSL 0:1239e9b70ca2 1453 int ret;
wolfSSL 0:1239e9b70ca2 1454
wolfSSL 0:1239e9b70ca2 1455 if (session->flags.side == CYASSL_SERVER_END)
wolfSSL 0:1239e9b70ca2 1456 ssl = session->sslServer;
wolfSSL 0:1239e9b70ca2 1457 else
wolfSSL 0:1239e9b70ca2 1458 ssl = session->sslClient;
wolfSSL 0:1239e9b70ca2 1459
wolfSSL 0:1239e9b70ca2 1460 ret = DoFinished(ssl, input, &inOutIdx, (word32) size, (word32) *sslBytes,
wolfSSL 0:1239e9b70ca2 1461 SNIFF);
wolfSSL 0:1239e9b70ca2 1462 *sslBytes -= (int)inOutIdx;
wolfSSL 0:1239e9b70ca2 1463
wolfSSL 0:1239e9b70ca2 1464 if (ret < 0) {
wolfSSL 0:1239e9b70ca2 1465 SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1466 return ret;
wolfSSL 0:1239e9b70ca2 1467 }
wolfSSL 0:1239e9b70ca2 1468
wolfSSL 0:1239e9b70ca2 1469 if (ret == 0 && session->flags.cached == 0) {
wolfSSL 0:1239e9b70ca2 1470 if (session->sslServer->options.haveSessionId) {
wolfSSL 0:1239e9b70ca2 1471 CYASSL_SESSION* sess = GetSession(session->sslServer, NULL);
wolfSSL 0:1239e9b70ca2 1472 if (sess == NULL)
wolfSSL 0:1239e9b70ca2 1473 AddSession(session->sslServer); /* don't re add */
wolfSSL 0:1239e9b70ca2 1474 session->flags.cached = 1;
wolfSSL 0:1239e9b70ca2 1475 }
wolfSSL 0:1239e9b70ca2 1476 }
wolfSSL 0:1239e9b70ca2 1477
wolfSSL 0:1239e9b70ca2 1478 FreeHandshakeResources(ssl);
wolfSSL 0:1239e9b70ca2 1479
wolfSSL 0:1239e9b70ca2 1480 return ret;
wolfSSL 0:1239e9b70ca2 1481 }
wolfSSL 0:1239e9b70ca2 1482
wolfSSL 0:1239e9b70ca2 1483
wolfSSL 0:1239e9b70ca2 1484 /* Process HandShake input */
wolfSSL 0:1239e9b70ca2 1485 static int DoHandShake(const byte* input, int* sslBytes,
wolfSSL 0:1239e9b70ca2 1486 SnifferSession* session, char* error)
wolfSSL 0:1239e9b70ca2 1487 {
wolfSSL 0:1239e9b70ca2 1488 byte type;
wolfSSL 0:1239e9b70ca2 1489 int size;
wolfSSL 0:1239e9b70ca2 1490 int ret = 0;
wolfSSL 0:1239e9b70ca2 1491
wolfSSL 0:1239e9b70ca2 1492 if (*sslBytes < HANDSHAKE_HEADER_SZ) {
wolfSSL 0:1239e9b70ca2 1493 SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1494 return -1;
wolfSSL 0:1239e9b70ca2 1495 }
wolfSSL 0:1239e9b70ca2 1496 type = input[0];
wolfSSL 0:1239e9b70ca2 1497 size = (input[1] << 16) | (input[2] << 8) | input[3];
wolfSSL 0:1239e9b70ca2 1498
wolfSSL 0:1239e9b70ca2 1499 input += HANDSHAKE_HEADER_SZ;
wolfSSL 0:1239e9b70ca2 1500 *sslBytes -= HANDSHAKE_HEADER_SZ;
wolfSSL 0:1239e9b70ca2 1501
wolfSSL 0:1239e9b70ca2 1502 if (*sslBytes < size) {
wolfSSL 0:1239e9b70ca2 1503 SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1504 return -1;
wolfSSL 0:1239e9b70ca2 1505 }
wolfSSL 0:1239e9b70ca2 1506
wolfSSL 0:1239e9b70ca2 1507 switch (type) {
wolfSSL 0:1239e9b70ca2 1508 case hello_verify_request:
wolfSSL 0:1239e9b70ca2 1509 Trace(GOT_HELLO_VERIFY_STR);
wolfSSL 0:1239e9b70ca2 1510 break;
wolfSSL 0:1239e9b70ca2 1511 case hello_request:
wolfSSL 0:1239e9b70ca2 1512 Trace(GOT_HELLO_REQUEST_STR);
wolfSSL 0:1239e9b70ca2 1513 break;
wolfSSL 0:1239e9b70ca2 1514 case session_ticket:
wolfSSL 0:1239e9b70ca2 1515 Trace(GOT_SESSION_TICKET_STR);
wolfSSL 0:1239e9b70ca2 1516 ret = ProcessSessionTicket(input, sslBytes, session, error);
wolfSSL 0:1239e9b70ca2 1517 break;
wolfSSL 0:1239e9b70ca2 1518 case server_hello:
wolfSSL 0:1239e9b70ca2 1519 Trace(GOT_SERVER_HELLO_STR);
wolfSSL 0:1239e9b70ca2 1520 ret = ProcessServerHello(input, sslBytes, session, error);
wolfSSL 0:1239e9b70ca2 1521 break;
wolfSSL 0:1239e9b70ca2 1522 case certificate_request:
wolfSSL 0:1239e9b70ca2 1523 Trace(GOT_CERT_REQ_STR);
wolfSSL 0:1239e9b70ca2 1524 break;
wolfSSL 0:1239e9b70ca2 1525 case server_key_exchange:
wolfSSL 0:1239e9b70ca2 1526 Trace(GOT_SERVER_KEY_EX_STR);
wolfSSL 0:1239e9b70ca2 1527 /* can't know temp key passively */
wolfSSL 0:1239e9b70ca2 1528 SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1529 ret = -1;
wolfSSL 0:1239e9b70ca2 1530 break;
wolfSSL 0:1239e9b70ca2 1531 case certificate:
wolfSSL 0:1239e9b70ca2 1532 Trace(GOT_CERT_STR);
wolfSSL 0:1239e9b70ca2 1533 break;
wolfSSL 0:1239e9b70ca2 1534 case server_hello_done:
wolfSSL 0:1239e9b70ca2 1535 Trace(GOT_SERVER_HELLO_DONE_STR);
wolfSSL 0:1239e9b70ca2 1536 break;
wolfSSL 0:1239e9b70ca2 1537 case finished:
wolfSSL 0:1239e9b70ca2 1538 Trace(GOT_FINISHED_STR);
wolfSSL 0:1239e9b70ca2 1539 ret = ProcessFinished(input, size, sslBytes, session, error);
wolfSSL 0:1239e9b70ca2 1540 break;
wolfSSL 0:1239e9b70ca2 1541 case client_hello:
wolfSSL 0:1239e9b70ca2 1542 Trace(GOT_CLIENT_HELLO_STR);
wolfSSL 0:1239e9b70ca2 1543 ret = ProcessClientHello(input, sslBytes, session, error);
wolfSSL 0:1239e9b70ca2 1544 break;
wolfSSL 0:1239e9b70ca2 1545 case client_key_exchange:
wolfSSL 0:1239e9b70ca2 1546 Trace(GOT_CLIENT_KEY_EX_STR);
wolfSSL 0:1239e9b70ca2 1547 ret = ProcessClientKeyExchange(input, sslBytes, session, error);
wolfSSL 0:1239e9b70ca2 1548 break;
wolfSSL 0:1239e9b70ca2 1549 case certificate_verify:
wolfSSL 0:1239e9b70ca2 1550 Trace(GOT_CERT_VER_STR);
wolfSSL 0:1239e9b70ca2 1551 break;
wolfSSL 0:1239e9b70ca2 1552 default:
wolfSSL 0:1239e9b70ca2 1553 SetError(GOT_UNKNOWN_HANDSHAKE_STR, error, session, 0);
wolfSSL 0:1239e9b70ca2 1554 return -1;
wolfSSL 0:1239e9b70ca2 1555 }
wolfSSL 0:1239e9b70ca2 1556
wolfSSL 0:1239e9b70ca2 1557 return ret;
wolfSSL 0:1239e9b70ca2 1558 }
wolfSSL 0:1239e9b70ca2 1559
wolfSSL 0:1239e9b70ca2 1560
wolfSSL 0:1239e9b70ca2 1561 /* Decrypt input into plain output, 0 on success */
wolfSSL 0:1239e9b70ca2 1562 static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
wolfSSL 0:1239e9b70ca2 1563 {
wolfSSL 0:1239e9b70ca2 1564 int ret = 0;
wolfSSL 0:1239e9b70ca2 1565
wolfSSL 0:1239e9b70ca2 1566 switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL 0:1239e9b70ca2 1567 #ifdef BUILD_ARC4
wolfSSL 0:1239e9b70ca2 1568 case cyassl_rc4:
wolfSSL 0:1239e9b70ca2 1569 Arc4Process(ssl->decrypt.arc4, output, input, sz);
wolfSSL 0:1239e9b70ca2 1570 break;
wolfSSL 0:1239e9b70ca2 1571 #endif
wolfSSL 0:1239e9b70ca2 1572
wolfSSL 0:1239e9b70ca2 1573 #ifdef BUILD_DES3
wolfSSL 0:1239e9b70ca2 1574 case cyassl_triple_des:
wolfSSL 0:1239e9b70ca2 1575 ret = Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
wolfSSL 0:1239e9b70ca2 1576 break;
wolfSSL 0:1239e9b70ca2 1577 #endif
wolfSSL 0:1239e9b70ca2 1578
wolfSSL 0:1239e9b70ca2 1579 #ifdef BUILD_AES
wolfSSL 0:1239e9b70ca2 1580 case cyassl_aes:
wolfSSL 0:1239e9b70ca2 1581 ret = AesCbcDecrypt(ssl->decrypt.aes, output, input, sz);
wolfSSL 0:1239e9b70ca2 1582 break;
wolfSSL 0:1239e9b70ca2 1583 #endif
wolfSSL 0:1239e9b70ca2 1584
wolfSSL 0:1239e9b70ca2 1585 #ifdef HAVE_HC128
wolfSSL 0:1239e9b70ca2 1586 case cyassl_hc128:
wolfSSL 0:1239e9b70ca2 1587 Hc128_Process(ssl->decrypt.hc128, output, input, sz);
wolfSSL 0:1239e9b70ca2 1588 break;
wolfSSL 0:1239e9b70ca2 1589 #endif
wolfSSL 0:1239e9b70ca2 1590
wolfSSL 0:1239e9b70ca2 1591 #ifdef BUILD_RABBIT
wolfSSL 0:1239e9b70ca2 1592 case cyassl_rabbit:
wolfSSL 0:1239e9b70ca2 1593 RabbitProcess(ssl->decrypt.rabbit, output, input, sz);
wolfSSL 0:1239e9b70ca2 1594 break;
wolfSSL 0:1239e9b70ca2 1595 #endif
wolfSSL 0:1239e9b70ca2 1596
wolfSSL 0:1239e9b70ca2 1597 #ifdef HAVE_CAMELLIA
wolfSSL 0:1239e9b70ca2 1598 case cyassl_camellia:
wolfSSL 0:1239e9b70ca2 1599 CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz);
wolfSSL 0:1239e9b70ca2 1600 break;
wolfSSL 0:1239e9b70ca2 1601 #endif
wolfSSL 0:1239e9b70ca2 1602
wolfSSL 0:1239e9b70ca2 1603 default:
wolfSSL 0:1239e9b70ca2 1604 Trace(BAD_DECRYPT_TYPE);
wolfSSL 0:1239e9b70ca2 1605 ret = -1;
wolfSSL 0:1239e9b70ca2 1606 break;
wolfSSL 0:1239e9b70ca2 1607 }
wolfSSL 0:1239e9b70ca2 1608
wolfSSL 0:1239e9b70ca2 1609 return ret;
wolfSSL 0:1239e9b70ca2 1610 }
wolfSSL 0:1239e9b70ca2 1611
wolfSSL 0:1239e9b70ca2 1612
wolfSSL 0:1239e9b70ca2 1613 /* Decrypt input message into output, adjust output steam if needed */
wolfSSL 0:1239e9b70ca2 1614 static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz,
wolfSSL 0:1239e9b70ca2 1615 byte* output, int* error)
wolfSSL 0:1239e9b70ca2 1616 {
wolfSSL 0:1239e9b70ca2 1617 int ivExtra = 0;
wolfSSL 0:1239e9b70ca2 1618
wolfSSL 0:1239e9b70ca2 1619 int ret = Decrypt(ssl, output, input, sz);
wolfSSL 0:1239e9b70ca2 1620 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 1621 *error = ret;
wolfSSL 0:1239e9b70ca2 1622 return NULL;
wolfSSL 0:1239e9b70ca2 1623 }
wolfSSL 0:1239e9b70ca2 1624 ssl->keys.encryptSz = sz;
wolfSSL 0:1239e9b70ca2 1625 if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) {
wolfSSL 0:1239e9b70ca2 1626 output += ssl->specs.block_size; /* go past TLSv1.1 IV */
wolfSSL 0:1239e9b70ca2 1627 ivExtra = ssl->specs.block_size;
wolfSSL 0:1239e9b70ca2 1628 }
wolfSSL 0:1239e9b70ca2 1629
wolfSSL 0:1239e9b70ca2 1630 ssl->keys.padSz = ssl->specs.hash_size;
wolfSSL 0:1239e9b70ca2 1631
wolfSSL 0:1239e9b70ca2 1632 if (ssl->specs.cipher_type == block)
wolfSSL 0:1239e9b70ca2 1633 ssl->keys.padSz += *(output + sz - ivExtra - 1) + 1;
wolfSSL 0:1239e9b70ca2 1634
wolfSSL 0:1239e9b70ca2 1635 return output;
wolfSSL 0:1239e9b70ca2 1636 }
wolfSSL 0:1239e9b70ca2 1637
wolfSSL 0:1239e9b70ca2 1638
wolfSSL 0:1239e9b70ca2 1639 /* remove session from table, use rowHint if no info (means we have a lock) */
wolfSSL 0:1239e9b70ca2 1640 static void RemoveSession(SnifferSession* session, IpInfo* ipInfo,
wolfSSL 0:1239e9b70ca2 1641 TcpInfo* tcpInfo, word32 rowHint)
wolfSSL 0:1239e9b70ca2 1642 {
wolfSSL 0:1239e9b70ca2 1643 SnifferSession* previous = 0;
wolfSSL 0:1239e9b70ca2 1644 SnifferSession* current;
wolfSSL 0:1239e9b70ca2 1645 word32 row = rowHint;
wolfSSL 0:1239e9b70ca2 1646 int haveLock = 0;
wolfSSL 0:1239e9b70ca2 1647
wolfSSL 0:1239e9b70ca2 1648 if (ipInfo && tcpInfo)
wolfSSL 0:1239e9b70ca2 1649 row = SessionHash(ipInfo, tcpInfo);
wolfSSL 0:1239e9b70ca2 1650 else
wolfSSL 0:1239e9b70ca2 1651 haveLock = 1;
wolfSSL 0:1239e9b70ca2 1652
wolfSSL 0:1239e9b70ca2 1653 assert(row <= HASH_SIZE);
wolfSSL 0:1239e9b70ca2 1654 Trace(REMOVE_SESSION_STR);
wolfSSL 0:1239e9b70ca2 1655
wolfSSL 0:1239e9b70ca2 1656 if (!haveLock)
wolfSSL 0:1239e9b70ca2 1657 LockMutex(&SessionMutex);
wolfSSL 0:1239e9b70ca2 1658
wolfSSL 0:1239e9b70ca2 1659 current = SessionTable[row];
wolfSSL 0:1239e9b70ca2 1660
wolfSSL 0:1239e9b70ca2 1661 while (current) {
wolfSSL 0:1239e9b70ca2 1662 if (current == session) {
wolfSSL 0:1239e9b70ca2 1663 if (previous)
wolfSSL 0:1239e9b70ca2 1664 previous->next = current->next;
wolfSSL 0:1239e9b70ca2 1665 else
wolfSSL 0:1239e9b70ca2 1666 SessionTable[row] = current->next;
wolfSSL 0:1239e9b70ca2 1667 FreeSnifferSession(session);
wolfSSL 0:1239e9b70ca2 1668 TraceRemovedSession();
wolfSSL 0:1239e9b70ca2 1669 break;
wolfSSL 0:1239e9b70ca2 1670 }
wolfSSL 0:1239e9b70ca2 1671 previous = current;
wolfSSL 0:1239e9b70ca2 1672 current = current->next;
wolfSSL 0:1239e9b70ca2 1673 }
wolfSSL 0:1239e9b70ca2 1674
wolfSSL 0:1239e9b70ca2 1675 if (!haveLock)
wolfSSL 0:1239e9b70ca2 1676 UnLockMutex(&SessionMutex);
wolfSSL 0:1239e9b70ca2 1677 }
wolfSSL 0:1239e9b70ca2 1678
wolfSSL 0:1239e9b70ca2 1679
wolfSSL 0:1239e9b70ca2 1680 /* Remove stale sessions from the Session Table, have a lock */
wolfSSL 0:1239e9b70ca2 1681 static void RemoveStaleSessions(void)
wolfSSL 0:1239e9b70ca2 1682 {
wolfSSL 0:1239e9b70ca2 1683 word32 i;
wolfSSL 0:1239e9b70ca2 1684 SnifferSession* session;
wolfSSL 0:1239e9b70ca2 1685
wolfSSL 0:1239e9b70ca2 1686 for (i = 0; i < HASH_SIZE; i++) {
wolfSSL 0:1239e9b70ca2 1687 session = SessionTable[i];
wolfSSL 0:1239e9b70ca2 1688 while (session) {
wolfSSL 0:1239e9b70ca2 1689 SnifferSession* next = session->next;
wolfSSL 0:1239e9b70ca2 1690 if (time(NULL) >= session->lastUsed + SNIFFER_TIMEOUT) {
wolfSSL 0:1239e9b70ca2 1691 TraceStaleSession();
wolfSSL 0:1239e9b70ca2 1692 RemoveSession(session, NULL, NULL, i);
wolfSSL 0:1239e9b70ca2 1693 }
wolfSSL 0:1239e9b70ca2 1694 session = next;
wolfSSL 0:1239e9b70ca2 1695 }
wolfSSL 0:1239e9b70ca2 1696 }
wolfSSL 0:1239e9b70ca2 1697 }
wolfSSL 0:1239e9b70ca2 1698
wolfSSL 0:1239e9b70ca2 1699
wolfSSL 0:1239e9b70ca2 1700 /* Create a new Sniffer Session */
wolfSSL 0:1239e9b70ca2 1701 static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL 0:1239e9b70ca2 1702 char* error)
wolfSSL 0:1239e9b70ca2 1703 {
wolfSSL 0:1239e9b70ca2 1704 SnifferSession* session = 0;
wolfSSL 0:1239e9b70ca2 1705 int row;
wolfSSL 0:1239e9b70ca2 1706
wolfSSL 0:1239e9b70ca2 1707 Trace(NEW_SESSION_STR);
wolfSSL 0:1239e9b70ca2 1708 /* create a new one */
wolfSSL 0:1239e9b70ca2 1709 session = (SnifferSession*)malloc(sizeof(SnifferSession));
wolfSSL 0:1239e9b70ca2 1710 if (session == NULL) {
wolfSSL 0:1239e9b70ca2 1711 SetError(MEMORY_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 1712 return 0;
wolfSSL 0:1239e9b70ca2 1713 }
wolfSSL 0:1239e9b70ca2 1714 InitSession(session);
wolfSSL 0:1239e9b70ca2 1715 session->server = ipInfo->dst;
wolfSSL 0:1239e9b70ca2 1716 session->client = ipInfo->src;
wolfSSL 0:1239e9b70ca2 1717 session->srvPort = (word16)tcpInfo->dstPort;
wolfSSL 0:1239e9b70ca2 1718 session->cliPort = (word16)tcpInfo->srcPort;
wolfSSL 0:1239e9b70ca2 1719 session->cliSeqStart = tcpInfo->sequence;
wolfSSL 0:1239e9b70ca2 1720 session->cliExpected = 1; /* relative */
wolfSSL 0:1239e9b70ca2 1721 session->lastUsed= time(NULL);
wolfSSL 0:1239e9b70ca2 1722
wolfSSL 0:1239e9b70ca2 1723 session->context = GetSnifferServer(ipInfo, tcpInfo);
wolfSSL 0:1239e9b70ca2 1724 if (session->context == NULL) {
wolfSSL 0:1239e9b70ca2 1725 SetError(SERVER_NOT_REG_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 1726 free(session);
wolfSSL 0:1239e9b70ca2 1727 return 0;
wolfSSL 0:1239e9b70ca2 1728 }
wolfSSL 0:1239e9b70ca2 1729
wolfSSL 0:1239e9b70ca2 1730 session->sslServer = SSL_new(session->context->ctx);
wolfSSL 0:1239e9b70ca2 1731 if (session->sslServer == NULL) {
wolfSSL 0:1239e9b70ca2 1732 SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1733 free(session);
wolfSSL 0:1239e9b70ca2 1734 return 0;
wolfSSL 0:1239e9b70ca2 1735 }
wolfSSL 0:1239e9b70ca2 1736 session->sslClient = SSL_new(session->context->ctx);
wolfSSL 0:1239e9b70ca2 1737 if (session->sslClient == NULL) {
wolfSSL 0:1239e9b70ca2 1738 SSL_free(session->sslServer);
wolfSSL 0:1239e9b70ca2 1739 session->sslServer = 0;
wolfSSL 0:1239e9b70ca2 1740
wolfSSL 0:1239e9b70ca2 1741 SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1742 free(session);
wolfSSL 0:1239e9b70ca2 1743 return 0;
wolfSSL 0:1239e9b70ca2 1744 }
wolfSSL 0:1239e9b70ca2 1745 /* put server back into server mode */
wolfSSL 0:1239e9b70ca2 1746 session->sslServer->options.side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 1747
wolfSSL 0:1239e9b70ca2 1748 row = SessionHash(ipInfo, tcpInfo);
wolfSSL 0:1239e9b70ca2 1749
wolfSSL 0:1239e9b70ca2 1750 /* add it to the session table */
wolfSSL 0:1239e9b70ca2 1751 LockMutex(&SessionMutex);
wolfSSL 0:1239e9b70ca2 1752
wolfSSL 0:1239e9b70ca2 1753 session->next = SessionTable[row];
wolfSSL 0:1239e9b70ca2 1754 SessionTable[row] = session;
wolfSSL 0:1239e9b70ca2 1755
wolfSSL 0:1239e9b70ca2 1756 SessionCount++;
wolfSSL 0:1239e9b70ca2 1757
wolfSSL 0:1239e9b70ca2 1758 if ( (SessionCount % HASH_SIZE) == 0) {
wolfSSL 0:1239e9b70ca2 1759 TraceFindingStale();
wolfSSL 0:1239e9b70ca2 1760 RemoveStaleSessions();
wolfSSL 0:1239e9b70ca2 1761 }
wolfSSL 0:1239e9b70ca2 1762
wolfSSL 0:1239e9b70ca2 1763 UnLockMutex(&SessionMutex);
wolfSSL 0:1239e9b70ca2 1764
wolfSSL 0:1239e9b70ca2 1765 /* determine headed side */
wolfSSL 0:1239e9b70ca2 1766 if (ipInfo->dst == session->context->server &&
wolfSSL 0:1239e9b70ca2 1767 tcpInfo->dstPort == session->context->port)
wolfSSL 0:1239e9b70ca2 1768 session->flags.side = CYASSL_SERVER_END;
wolfSSL 0:1239e9b70ca2 1769 else
wolfSSL 0:1239e9b70ca2 1770 session->flags.side = CYASSL_CLIENT_END;
wolfSSL 0:1239e9b70ca2 1771
wolfSSL 0:1239e9b70ca2 1772 return session;
wolfSSL 0:1239e9b70ca2 1773 }
wolfSSL 0:1239e9b70ca2 1774
wolfSSL 0:1239e9b70ca2 1775
wolfSSL 0:1239e9b70ca2 1776 /* Process Old Client Hello Input */
wolfSSL 0:1239e9b70ca2 1777 static int DoOldHello(SnifferSession* session, const byte* sslFrame,
wolfSSL 0:1239e9b70ca2 1778 int* rhSize, int* sslBytes, char* error)
wolfSSL 0:1239e9b70ca2 1779 {
wolfSSL 0:1239e9b70ca2 1780 const byte* input = sslFrame;
wolfSSL 0:1239e9b70ca2 1781 byte b0, b1;
wolfSSL 0:1239e9b70ca2 1782 word32 idx = 0;
wolfSSL 0:1239e9b70ca2 1783 int ret;
wolfSSL 0:1239e9b70ca2 1784
wolfSSL 0:1239e9b70ca2 1785 Trace(GOT_OLD_CLIENT_HELLO_STR);
wolfSSL 0:1239e9b70ca2 1786 session->flags.clientHello = 1; /* don't process again */
wolfSSL 0:1239e9b70ca2 1787 b0 = *input++;
wolfSSL 0:1239e9b70ca2 1788 b1 = *input++;
wolfSSL 0:1239e9b70ca2 1789 *sslBytes -= 2;
wolfSSL 0:1239e9b70ca2 1790 *rhSize = ((b0 & 0x7f) << 8) | b1;
wolfSSL 0:1239e9b70ca2 1791
wolfSSL 0:1239e9b70ca2 1792 if (*rhSize > *sslBytes) {
wolfSSL 0:1239e9b70ca2 1793 SetError(OLD_CLIENT_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1794 return -1;
wolfSSL 0:1239e9b70ca2 1795 }
wolfSSL 0:1239e9b70ca2 1796
wolfSSL 0:1239e9b70ca2 1797 ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
wolfSSL 0:1239e9b70ca2 1798 (word16)*rhSize);
wolfSSL 0:1239e9b70ca2 1799 if (ret < 0 && ret != MATCH_SUITE_ERROR) {
wolfSSL 0:1239e9b70ca2 1800 SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1801 return -1;
wolfSSL 0:1239e9b70ca2 1802 }
wolfSSL 0:1239e9b70ca2 1803
wolfSSL 0:1239e9b70ca2 1804 Trace(OLD_CLIENT_OK_STR);
wolfSSL 0:1239e9b70ca2 1805 XMEMCPY(session->sslClient->arrays->clientRandom,
wolfSSL 0:1239e9b70ca2 1806 session->sslServer->arrays->clientRandom, RAN_LEN);
wolfSSL 0:1239e9b70ca2 1807
wolfSSL 0:1239e9b70ca2 1808 *sslBytes -= *rhSize;
wolfSSL 0:1239e9b70ca2 1809 return 0;
wolfSSL 0:1239e9b70ca2 1810 }
wolfSSL 0:1239e9b70ca2 1811
wolfSSL 0:1239e9b70ca2 1812
wolfSSL 0:1239e9b70ca2 1813 #if 0
wolfSSL 0:1239e9b70ca2 1814 /* Calculate the TCP checksum, see RFC 1071 */
wolfSSL 0:1239e9b70ca2 1815 /* return 0 for success, -1 on error */
wolfSSL 0:1239e9b70ca2 1816 /* can be called from decode() with
wolfSSL 0:1239e9b70ca2 1817 TcpChecksum(&ipInfo, &tcpInfo, sslBytes, packet + ipInfo.length);
wolfSSL 0:1239e9b70ca2 1818 could also add a 64bit version if type available and using this
wolfSSL 0:1239e9b70ca2 1819 */
wolfSSL 0:1239e9b70ca2 1820 int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen,
wolfSSL 0:1239e9b70ca2 1821 const byte* packet)
wolfSSL 0:1239e9b70ca2 1822 {
wolfSSL 0:1239e9b70ca2 1823 TcpPseudoHdr pseudo;
wolfSSL 0:1239e9b70ca2 1824 int count = PSEUDO_HDR_SZ;
wolfSSL 0:1239e9b70ca2 1825 const word16* data = (word16*)&pseudo;
wolfSSL 0:1239e9b70ca2 1826 word32 sum = 0;
wolfSSL 0:1239e9b70ca2 1827 word16 checksum;
wolfSSL 0:1239e9b70ca2 1828
wolfSSL 0:1239e9b70ca2 1829 pseudo.src = ipInfo->src;
wolfSSL 0:1239e9b70ca2 1830 pseudo.dst = ipInfo->dst;
wolfSSL 0:1239e9b70ca2 1831 pseudo.rsv = 0;
wolfSSL 0:1239e9b70ca2 1832 pseudo.protocol = TCP_PROTO;
wolfSSL 0:1239e9b70ca2 1833 pseudo.legnth = htons(tcpInfo->length + dataLen);
wolfSSL 0:1239e9b70ca2 1834
wolfSSL 0:1239e9b70ca2 1835 /* pseudo header sum */
wolfSSL 0:1239e9b70ca2 1836 while (count >= 2) {
wolfSSL 0:1239e9b70ca2 1837 sum += *data++;
wolfSSL 0:1239e9b70ca2 1838 count -= 2;
wolfSSL 0:1239e9b70ca2 1839 }
wolfSSL 0:1239e9b70ca2 1840
wolfSSL 0:1239e9b70ca2 1841 count = tcpInfo->length + dataLen;
wolfSSL 0:1239e9b70ca2 1842 data = (word16*)packet;
wolfSSL 0:1239e9b70ca2 1843
wolfSSL 0:1239e9b70ca2 1844 /* main sum */
wolfSSL 0:1239e9b70ca2 1845 while (count > 1) {
wolfSSL 0:1239e9b70ca2 1846 sum += *data++;
wolfSSL 0:1239e9b70ca2 1847 count -=2;
wolfSSL 0:1239e9b70ca2 1848 }
wolfSSL 0:1239e9b70ca2 1849
wolfSSL 0:1239e9b70ca2 1850 /* get left-over, if any */
wolfSSL 0:1239e9b70ca2 1851 packet = (byte*)data;
wolfSSL 0:1239e9b70ca2 1852 if (count > 0) {
wolfSSL 0:1239e9b70ca2 1853 sum += *packet;
wolfSSL 0:1239e9b70ca2 1854 }
wolfSSL 0:1239e9b70ca2 1855
wolfSSL 0:1239e9b70ca2 1856 /* fold 32bit sum into 16 bits */
wolfSSL 0:1239e9b70ca2 1857 while (sum >> 16)
wolfSSL 0:1239e9b70ca2 1858 sum = (sum & 0xffff) + (sum >> 16);
wolfSSL 0:1239e9b70ca2 1859
wolfSSL 0:1239e9b70ca2 1860 checksum = (word16)~sum;
wolfSSL 0:1239e9b70ca2 1861 /* checksum should now equal 0, since included already calcd checksum */
wolfSSL 0:1239e9b70ca2 1862 /* field, but tcp checksum offloading could negate calculation */
wolfSSL 0:1239e9b70ca2 1863 if (checksum == 0)
wolfSSL 0:1239e9b70ca2 1864 return 0;
wolfSSL 0:1239e9b70ca2 1865 return -1;
wolfSSL 0:1239e9b70ca2 1866 }
wolfSSL 0:1239e9b70ca2 1867 #endif
wolfSSL 0:1239e9b70ca2 1868
wolfSSL 0:1239e9b70ca2 1869
wolfSSL 0:1239e9b70ca2 1870 /* Check IP and TCP headers, set payload */
wolfSSL 0:1239e9b70ca2 1871 /* returns 0 on success, -1 on error */
wolfSSL 0:1239e9b70ca2 1872 static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
wolfSSL 0:1239e9b70ca2 1873 int length, const byte** sslFrame, int* sslBytes, char* error)
wolfSSL 0:1239e9b70ca2 1874 {
wolfSSL 0:1239e9b70ca2 1875 TraceHeader();
wolfSSL 0:1239e9b70ca2 1876 TracePacket();
wolfSSL 0:1239e9b70ca2 1877
wolfSSL 0:1239e9b70ca2 1878 /* ip header */
wolfSSL 0:1239e9b70ca2 1879 if (length < IP_HDR_SZ) {
wolfSSL 0:1239e9b70ca2 1880 SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 1881 return -1;
wolfSSL 0:1239e9b70ca2 1882 }
wolfSSL 0:1239e9b70ca2 1883 if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
wolfSSL 0:1239e9b70ca2 1884 return -1;
wolfSSL 0:1239e9b70ca2 1885
wolfSSL 0:1239e9b70ca2 1886 /* tcp header */
wolfSSL 0:1239e9b70ca2 1887 if (length < (ipInfo->length + TCP_HDR_SZ)) {
wolfSSL 0:1239e9b70ca2 1888 SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 1889 return -1;
wolfSSL 0:1239e9b70ca2 1890 }
wolfSSL 0:1239e9b70ca2 1891 if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
wolfSSL 0:1239e9b70ca2 1892 return -1;
wolfSSL 0:1239e9b70ca2 1893
wolfSSL 0:1239e9b70ca2 1894 /* setup */
wolfSSL 0:1239e9b70ca2 1895 *sslFrame = packet + ipInfo->length + tcpInfo->length;
wolfSSL 0:1239e9b70ca2 1896 if (*sslFrame > packet + length) {
wolfSSL 0:1239e9b70ca2 1897 SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 1898 return -1;
wolfSSL 0:1239e9b70ca2 1899 }
wolfSSL 0:1239e9b70ca2 1900 *sslBytes = (int)(packet + length - *sslFrame);
wolfSSL 0:1239e9b70ca2 1901
wolfSSL 0:1239e9b70ca2 1902 return 0;
wolfSSL 0:1239e9b70ca2 1903 }
wolfSSL 0:1239e9b70ca2 1904
wolfSSL 0:1239e9b70ca2 1905
wolfSSL 0:1239e9b70ca2 1906 /* Create or Find existing session */
wolfSSL 0:1239e9b70ca2 1907 /* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL 0:1239e9b70ca2 1908 static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
wolfSSL 0:1239e9b70ca2 1909 SnifferSession** session, char* error)
wolfSSL 0:1239e9b70ca2 1910 {
wolfSSL 0:1239e9b70ca2 1911 /* create a new SnifferSession on client SYN */
wolfSSL 0:1239e9b70ca2 1912 if (tcpInfo->syn && !tcpInfo->ack) {
wolfSSL 0:1239e9b70ca2 1913 TraceClientSyn(tcpInfo->sequence);
wolfSSL 0:1239e9b70ca2 1914 *session = CreateSession(ipInfo, tcpInfo, error);
wolfSSL 0:1239e9b70ca2 1915 if (*session == NULL) {
wolfSSL 0:1239e9b70ca2 1916 *session = GetSnifferSession(ipInfo, tcpInfo);
wolfSSL 0:1239e9b70ca2 1917 /* already had exisiting, so OK */
wolfSSL 0:1239e9b70ca2 1918 if (*session)
wolfSSL 0:1239e9b70ca2 1919 return 1;
wolfSSL 0:1239e9b70ca2 1920
wolfSSL 0:1239e9b70ca2 1921 SetError(MEMORY_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 1922 return -1;
wolfSSL 0:1239e9b70ca2 1923 }
wolfSSL 0:1239e9b70ca2 1924 return 1;
wolfSSL 0:1239e9b70ca2 1925 }
wolfSSL 0:1239e9b70ca2 1926 /* get existing sniffer session */
wolfSSL 0:1239e9b70ca2 1927 else {
wolfSSL 0:1239e9b70ca2 1928 *session = GetSnifferSession(ipInfo, tcpInfo);
wolfSSL 0:1239e9b70ca2 1929 if (*session == NULL) {
wolfSSL 0:1239e9b70ca2 1930 /* don't worry about extraneous RST or duplicate FINs */
wolfSSL 0:1239e9b70ca2 1931 if (tcpInfo->fin || tcpInfo->rst)
wolfSSL 0:1239e9b70ca2 1932 return 1;
wolfSSL 0:1239e9b70ca2 1933 /* don't worry about duplicate ACKs either */
wolfSSL 0:1239e9b70ca2 1934 if (sslBytes == 0 && tcpInfo->ack)
wolfSSL 0:1239e9b70ca2 1935 return 1;
wolfSSL 0:1239e9b70ca2 1936
wolfSSL 0:1239e9b70ca2 1937 SetError(BAD_SESSION_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 1938 return -1;
wolfSSL 0:1239e9b70ca2 1939 }
wolfSSL 0:1239e9b70ca2 1940 }
wolfSSL 0:1239e9b70ca2 1941 return 0;
wolfSSL 0:1239e9b70ca2 1942 }
wolfSSL 0:1239e9b70ca2 1943
wolfSSL 0:1239e9b70ca2 1944
wolfSSL 0:1239e9b70ca2 1945 /* Create a Packet Buffer from *begin - end, adjust new *begin and bytesLeft */
wolfSSL 0:1239e9b70ca2 1946 static PacketBuffer* CreateBuffer(word32* begin, word32 end, const byte* data,
wolfSSL 0:1239e9b70ca2 1947 int* bytesLeft)
wolfSSL 0:1239e9b70ca2 1948 {
wolfSSL 0:1239e9b70ca2 1949 PacketBuffer* pb;
wolfSSL 0:1239e9b70ca2 1950
wolfSSL 0:1239e9b70ca2 1951 int added = end - *begin + 1;
wolfSSL 0:1239e9b70ca2 1952 assert(*begin <= end);
wolfSSL 0:1239e9b70ca2 1953
wolfSSL 0:1239e9b70ca2 1954 pb = (PacketBuffer*)malloc(sizeof(PacketBuffer));
wolfSSL 0:1239e9b70ca2 1955 if (pb == NULL) return NULL;
wolfSSL 0:1239e9b70ca2 1956
wolfSSL 0:1239e9b70ca2 1957 pb->next = 0;
wolfSSL 0:1239e9b70ca2 1958 pb->begin = *begin;
wolfSSL 0:1239e9b70ca2 1959 pb->end = end;
wolfSSL 0:1239e9b70ca2 1960 pb->data = (byte*)malloc(added);
wolfSSL 0:1239e9b70ca2 1961
wolfSSL 0:1239e9b70ca2 1962 if (pb->data == NULL) {
wolfSSL 0:1239e9b70ca2 1963 free(pb);
wolfSSL 0:1239e9b70ca2 1964 return NULL;
wolfSSL 0:1239e9b70ca2 1965 }
wolfSSL 0:1239e9b70ca2 1966 XMEMCPY(pb->data, data, added);
wolfSSL 0:1239e9b70ca2 1967
wolfSSL 0:1239e9b70ca2 1968 *bytesLeft -= added;
wolfSSL 0:1239e9b70ca2 1969 *begin = pb->end + 1;
wolfSSL 0:1239e9b70ca2 1970
wolfSSL 0:1239e9b70ca2 1971 return pb;
wolfSSL 0:1239e9b70ca2 1972 }
wolfSSL 0:1239e9b70ca2 1973
wolfSSL 0:1239e9b70ca2 1974
wolfSSL 0:1239e9b70ca2 1975 /* Add sslFrame to Reassembly List */
wolfSSL 0:1239e9b70ca2 1976 /* returns 1 (end) on success, -1, on error */
wolfSSL 0:1239e9b70ca2 1977 static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
wolfSSL 0:1239e9b70ca2 1978 int sslBytes, SnifferSession* session, char* error)
wolfSSL 0:1239e9b70ca2 1979 {
wolfSSL 0:1239e9b70ca2 1980 PacketBuffer* add;
wolfSSL 0:1239e9b70ca2 1981 PacketBuffer** front = (from == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 1982 &session->cliReassemblyList: &session->srvReassemblyList;
wolfSSL 0:1239e9b70ca2 1983 PacketBuffer* curr = *front;
wolfSSL 0:1239e9b70ca2 1984 PacketBuffer* prev = curr;
wolfSSL 0:1239e9b70ca2 1985
wolfSSL 0:1239e9b70ca2 1986 word32 startSeq = seq;
wolfSSL 0:1239e9b70ca2 1987 word32 added;
wolfSSL 0:1239e9b70ca2 1988 int bytesLeft = sslBytes; /* could be overlapping fragment */
wolfSSL 0:1239e9b70ca2 1989
wolfSSL 0:1239e9b70ca2 1990 /* if list is empty add full frame to front */
wolfSSL 0:1239e9b70ca2 1991 if (!curr) {
wolfSSL 0:1239e9b70ca2 1992 add = CreateBuffer(&seq, seq + sslBytes - 1, sslFrame, &bytesLeft);
wolfSSL 0:1239e9b70ca2 1993 if (add == NULL) {
wolfSSL 0:1239e9b70ca2 1994 SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 1995 return -1;
wolfSSL 0:1239e9b70ca2 1996 }
wolfSSL 0:1239e9b70ca2 1997 *front = add;
wolfSSL 0:1239e9b70ca2 1998 return 1;
wolfSSL 0:1239e9b70ca2 1999 }
wolfSSL 0:1239e9b70ca2 2000
wolfSSL 0:1239e9b70ca2 2001 /* add to front if before current front, up to next->begin */
wolfSSL 0:1239e9b70ca2 2002 if (seq < curr->begin) {
wolfSSL 0:1239e9b70ca2 2003 word32 end = seq + sslBytes - 1;
wolfSSL 0:1239e9b70ca2 2004
wolfSSL 0:1239e9b70ca2 2005 if (end >= curr->begin)
wolfSSL 0:1239e9b70ca2 2006 end = curr->begin - 1;
wolfSSL 0:1239e9b70ca2 2007
wolfSSL 0:1239e9b70ca2 2008 add = CreateBuffer(&seq, end, sslFrame, &bytesLeft);
wolfSSL 0:1239e9b70ca2 2009 if (add == NULL) {
wolfSSL 0:1239e9b70ca2 2010 SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2011 return -1;
wolfSSL 0:1239e9b70ca2 2012 }
wolfSSL 0:1239e9b70ca2 2013 add->next = curr;
wolfSSL 0:1239e9b70ca2 2014 *front = add;
wolfSSL 0:1239e9b70ca2 2015 }
wolfSSL 0:1239e9b70ca2 2016
wolfSSL 0:1239e9b70ca2 2017 /* while we have bytes left, try to find a gap to fill */
wolfSSL 0:1239e9b70ca2 2018 while (bytesLeft > 0) {
wolfSSL 0:1239e9b70ca2 2019 /* get previous packet in list */
wolfSSL 0:1239e9b70ca2 2020 while (curr && (seq >= curr->begin)) {
wolfSSL 0:1239e9b70ca2 2021 prev = curr;
wolfSSL 0:1239e9b70ca2 2022 curr = curr->next;
wolfSSL 0:1239e9b70ca2 2023 }
wolfSSL 0:1239e9b70ca2 2024
wolfSSL 0:1239e9b70ca2 2025 /* don't add duplicate data */
wolfSSL 0:1239e9b70ca2 2026 if (prev->end >= seq) {
wolfSSL 0:1239e9b70ca2 2027 if ( (seq + bytesLeft - 1) <= prev->end)
wolfSSL 0:1239e9b70ca2 2028 return 1;
wolfSSL 0:1239e9b70ca2 2029 seq = prev->end + 1;
wolfSSL 0:1239e9b70ca2 2030 bytesLeft = startSeq + sslBytes - seq;
wolfSSL 0:1239e9b70ca2 2031 }
wolfSSL 0:1239e9b70ca2 2032
wolfSSL 0:1239e9b70ca2 2033 if (!curr)
wolfSSL 0:1239e9b70ca2 2034 /* we're at the end */
wolfSSL 0:1239e9b70ca2 2035 added = bytesLeft;
wolfSSL 0:1239e9b70ca2 2036 else
wolfSSL 0:1239e9b70ca2 2037 /* we're in between two frames */
wolfSSL 0:1239e9b70ca2 2038 added = min((word32)bytesLeft, curr->begin - seq);
wolfSSL 0:1239e9b70ca2 2039
wolfSSL 0:1239e9b70ca2 2040 /* data already there */
wolfSSL 0:1239e9b70ca2 2041 if (added == 0)
wolfSSL 0:1239e9b70ca2 2042 continue;
wolfSSL 0:1239e9b70ca2 2043
wolfSSL 0:1239e9b70ca2 2044 add = CreateBuffer(&seq, seq + added - 1, &sslFrame[seq - startSeq],
wolfSSL 0:1239e9b70ca2 2045 &bytesLeft);
wolfSSL 0:1239e9b70ca2 2046 if (add == NULL) {
wolfSSL 0:1239e9b70ca2 2047 SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2048 return -1;
wolfSSL 0:1239e9b70ca2 2049 }
wolfSSL 0:1239e9b70ca2 2050 add->next = prev->next;
wolfSSL 0:1239e9b70ca2 2051 prev->next = add;
wolfSSL 0:1239e9b70ca2 2052 }
wolfSSL 0:1239e9b70ca2 2053 return 1;
wolfSSL 0:1239e9b70ca2 2054 }
wolfSSL 0:1239e9b70ca2 2055
wolfSSL 0:1239e9b70ca2 2056
wolfSSL 0:1239e9b70ca2 2057 /* Add out of order FIN capture */
wolfSSL 0:1239e9b70ca2 2058 /* returns 1 for success (end) */
wolfSSL 0:1239e9b70ca2 2059 static int AddFinCapture(SnifferSession* session, word32 sequence)
wolfSSL 0:1239e9b70ca2 2060 {
wolfSSL 0:1239e9b70ca2 2061 if (session->flags.side == CYASSL_SERVER_END) {
wolfSSL 0:1239e9b70ca2 2062 if (session->finCaputre.cliCounted == 0)
wolfSSL 0:1239e9b70ca2 2063 session->finCaputre.cliFinSeq = sequence;
wolfSSL 0:1239e9b70ca2 2064 }
wolfSSL 0:1239e9b70ca2 2065 else {
wolfSSL 0:1239e9b70ca2 2066 if (session->finCaputre.srvCounted == 0)
wolfSSL 0:1239e9b70ca2 2067 session->finCaputre.srvFinSeq = sequence;
wolfSSL 0:1239e9b70ca2 2068 }
wolfSSL 0:1239e9b70ca2 2069 return 1;
wolfSSL 0:1239e9b70ca2 2070 }
wolfSSL 0:1239e9b70ca2 2071
wolfSSL 0:1239e9b70ca2 2072
wolfSSL 0:1239e9b70ca2 2073 /* Adjust incoming sequence based on side */
wolfSSL 0:1239e9b70ca2 2074 /* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL 0:1239e9b70ca2 2075 static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
wolfSSL 0:1239e9b70ca2 2076 int* sslBytes, const byte** sslFrame, char* error)
wolfSSL 0:1239e9b70ca2 2077 {
wolfSSL 0:1239e9b70ca2 2078 word32 seqStart = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2079 session->cliSeqStart :session->srvSeqStart;
wolfSSL 0:1239e9b70ca2 2080 word32 real = tcpInfo->sequence - seqStart;
wolfSSL 0:1239e9b70ca2 2081 word32* expected = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2082 &session->cliExpected : &session->srvExpected;
wolfSSL 0:1239e9b70ca2 2083 PacketBuffer* reassemblyList = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2084 session->cliReassemblyList : session->srvReassemblyList;
wolfSSL 0:1239e9b70ca2 2085
wolfSSL 0:1239e9b70ca2 2086 /* handle rollover of sequence */
wolfSSL 0:1239e9b70ca2 2087 if (tcpInfo->sequence < seqStart)
wolfSSL 0:1239e9b70ca2 2088 real = 0xffffffffU - seqStart + tcpInfo->sequence;
wolfSSL 0:1239e9b70ca2 2089
wolfSSL 0:1239e9b70ca2 2090 TraceRelativeSequence(*expected, real);
wolfSSL 0:1239e9b70ca2 2091
wolfSSL 0:1239e9b70ca2 2092 if (real < *expected) {
wolfSSL 0:1239e9b70ca2 2093 Trace(DUPLICATE_STR);
wolfSSL 0:1239e9b70ca2 2094 if (real + *sslBytes > *expected) {
wolfSSL 0:1239e9b70ca2 2095 int overlap = *expected - real;
wolfSSL 0:1239e9b70ca2 2096 Trace(OVERLAP_DUPLICATE_STR);
wolfSSL 0:1239e9b70ca2 2097
wolfSSL 0:1239e9b70ca2 2098 /* adjust to expected, remove duplicate */
wolfSSL 0:1239e9b70ca2 2099 *sslFrame += overlap;
wolfSSL 0:1239e9b70ca2 2100 *sslBytes -= overlap;
wolfSSL 0:1239e9b70ca2 2101
wolfSSL 0:1239e9b70ca2 2102 if (reassemblyList) {
wolfSSL 0:1239e9b70ca2 2103 word32 newEnd = *expected + *sslBytes;
wolfSSL 0:1239e9b70ca2 2104
wolfSSL 0:1239e9b70ca2 2105 if (newEnd > reassemblyList->begin) {
wolfSSL 0:1239e9b70ca2 2106 Trace(OVERLAP_REASSEMBLY_BEGIN_STR);
wolfSSL 0:1239e9b70ca2 2107
wolfSSL 0:1239e9b70ca2 2108 /* remove bytes already on reassembly list */
wolfSSL 0:1239e9b70ca2 2109 *sslBytes -= newEnd - reassemblyList->begin;
wolfSSL 0:1239e9b70ca2 2110 }
wolfSSL 0:1239e9b70ca2 2111 if (newEnd > reassemblyList->end) {
wolfSSL 0:1239e9b70ca2 2112 Trace(OVERLAP_REASSEMBLY_END_STR);
wolfSSL 0:1239e9b70ca2 2113
wolfSSL 0:1239e9b70ca2 2114 /* may be past reassembly list end (could have more on list)
wolfSSL 0:1239e9b70ca2 2115 so try to add what's past the front->end */
wolfSSL 0:1239e9b70ca2 2116 AddToReassembly(session->flags.side, reassemblyList->end +1,
wolfSSL 0:1239e9b70ca2 2117 *sslFrame + reassemblyList->end - *expected + 1,
wolfSSL 0:1239e9b70ca2 2118 newEnd - reassemblyList->end, session, error);
wolfSSL 0:1239e9b70ca2 2119 }
wolfSSL 0:1239e9b70ca2 2120 }
wolfSSL 0:1239e9b70ca2 2121 }
wolfSSL 0:1239e9b70ca2 2122 else
wolfSSL 0:1239e9b70ca2 2123 return 1;
wolfSSL 0:1239e9b70ca2 2124 }
wolfSSL 0:1239e9b70ca2 2125 else if (real > *expected) {
wolfSSL 0:1239e9b70ca2 2126 Trace(OUT_OF_ORDER_STR);
wolfSSL 0:1239e9b70ca2 2127 if (*sslBytes > 0)
wolfSSL 0:1239e9b70ca2 2128 return AddToReassembly(session->flags.side, real, *sslFrame,
wolfSSL 0:1239e9b70ca2 2129 *sslBytes, session, error);
wolfSSL 0:1239e9b70ca2 2130 else if (tcpInfo->fin)
wolfSSL 0:1239e9b70ca2 2131 return AddFinCapture(session, real);
wolfSSL 0:1239e9b70ca2 2132 }
wolfSSL 0:1239e9b70ca2 2133 /* got expected sequence */
wolfSSL 0:1239e9b70ca2 2134 *expected += *sslBytes;
wolfSSL 0:1239e9b70ca2 2135 if (tcpInfo->fin)
wolfSSL 0:1239e9b70ca2 2136 *expected += 1;
wolfSSL 0:1239e9b70ca2 2137
wolfSSL 0:1239e9b70ca2 2138 return 0;
wolfSSL 0:1239e9b70ca2 2139 }
wolfSSL 0:1239e9b70ca2 2140
wolfSSL 0:1239e9b70ca2 2141
wolfSSL 0:1239e9b70ca2 2142 /* Check latest ack number for missing packets
wolfSSL 0:1239e9b70ca2 2143 return 0 ok, <0 on error */
wolfSSL 0:1239e9b70ca2 2144 static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
wolfSSL 0:1239e9b70ca2 2145 {
wolfSSL 0:1239e9b70ca2 2146 if (tcpInfo->ack) {
wolfSSL 0:1239e9b70ca2 2147 word32 seqStart = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2148 session->srvSeqStart :session->cliSeqStart;
wolfSSL 0:1239e9b70ca2 2149 word32 real = tcpInfo->ackNumber - seqStart;
wolfSSL 0:1239e9b70ca2 2150 word32 expected = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2151 session->srvExpected : session->cliExpected;
wolfSSL 0:1239e9b70ca2 2152
wolfSSL 0:1239e9b70ca2 2153 /* handle rollover of sequence */
wolfSSL 0:1239e9b70ca2 2154 if (tcpInfo->ackNumber < seqStart)
wolfSSL 0:1239e9b70ca2 2155 real = 0xffffffffU - seqStart + tcpInfo->ackNumber;
wolfSSL 0:1239e9b70ca2 2156
wolfSSL 0:1239e9b70ca2 2157 TraceAck(real, expected);
wolfSSL 0:1239e9b70ca2 2158
wolfSSL 0:1239e9b70ca2 2159 if (real > expected)
wolfSSL 0:1239e9b70ca2 2160 return -1; /* we missed a packet, ACKing data we never saw */
wolfSSL 0:1239e9b70ca2 2161 }
wolfSSL 0:1239e9b70ca2 2162 return 0;
wolfSSL 0:1239e9b70ca2 2163 }
wolfSSL 0:1239e9b70ca2 2164
wolfSSL 0:1239e9b70ca2 2165
wolfSSL 0:1239e9b70ca2 2166 /* Check TCP Sequence status */
wolfSSL 0:1239e9b70ca2 2167 /* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL 0:1239e9b70ca2 2168 static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL 0:1239e9b70ca2 2169 SnifferSession* session, int* sslBytes,
wolfSSL 0:1239e9b70ca2 2170 const byte** sslFrame, char* error)
wolfSSL 0:1239e9b70ca2 2171 {
wolfSSL 0:1239e9b70ca2 2172 int actualLen;
wolfSSL 0:1239e9b70ca2 2173
wolfSSL 0:1239e9b70ca2 2174 /* init SEQ from server to client */
wolfSSL 0:1239e9b70ca2 2175 if (tcpInfo->syn && tcpInfo->ack) {
wolfSSL 0:1239e9b70ca2 2176 session->srvSeqStart = tcpInfo->sequence;
wolfSSL 0:1239e9b70ca2 2177 session->srvExpected = 1;
wolfSSL 0:1239e9b70ca2 2178 TraceServerSyn(tcpInfo->sequence);
wolfSSL 0:1239e9b70ca2 2179 return 1;
wolfSSL 0:1239e9b70ca2 2180 }
wolfSSL 0:1239e9b70ca2 2181
wolfSSL 0:1239e9b70ca2 2182 /* adjust potential ethernet trailer */
wolfSSL 0:1239e9b70ca2 2183 actualLen = ipInfo->total - ipInfo->length - tcpInfo->length;
wolfSSL 0:1239e9b70ca2 2184 if (*sslBytes > actualLen) {
wolfSSL 0:1239e9b70ca2 2185 *sslBytes = actualLen;
wolfSSL 0:1239e9b70ca2 2186 }
wolfSSL 0:1239e9b70ca2 2187
wolfSSL 0:1239e9b70ca2 2188 TraceSequence(tcpInfo->sequence, *sslBytes);
wolfSSL 0:1239e9b70ca2 2189 if (CheckAck(tcpInfo, session) < 0) {
wolfSSL 0:1239e9b70ca2 2190 SetError(ACK_MISSED_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2191 return -1;
wolfSSL 0:1239e9b70ca2 2192 }
wolfSSL 0:1239e9b70ca2 2193
wolfSSL 0:1239e9b70ca2 2194 return AdjustSequence(tcpInfo, session, sslBytes, sslFrame, error);
wolfSSL 0:1239e9b70ca2 2195 }
wolfSSL 0:1239e9b70ca2 2196
wolfSSL 0:1239e9b70ca2 2197
wolfSSL 0:1239e9b70ca2 2198 /* Check Status before record processing */
wolfSSL 0:1239e9b70ca2 2199 /* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL 0:1239e9b70ca2 2200 static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL 0:1239e9b70ca2 2201 const byte** sslFrame, SnifferSession** session,
wolfSSL 0:1239e9b70ca2 2202 int* sslBytes, const byte** end, char* error)
wolfSSL 0:1239e9b70ca2 2203 {
wolfSSL 0:1239e9b70ca2 2204 word32 length;
wolfSSL 0:1239e9b70ca2 2205 SSL* ssl = ((*session)->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2206 (*session)->sslServer : (*session)->sslClient;
wolfSSL 0:1239e9b70ca2 2207 /* remove SnifferSession on 2nd FIN or RST */
wolfSSL 0:1239e9b70ca2 2208 if (tcpInfo->fin || tcpInfo->rst) {
wolfSSL 0:1239e9b70ca2 2209 /* flag FIN and RST */
wolfSSL 0:1239e9b70ca2 2210 if (tcpInfo->fin)
wolfSSL 0:1239e9b70ca2 2211 (*session)->flags.finCount += 1;
wolfSSL 0:1239e9b70ca2 2212 else if (tcpInfo->rst)
wolfSSL 0:1239e9b70ca2 2213 (*session)->flags.finCount += 2;
wolfSSL 0:1239e9b70ca2 2214
wolfSSL 0:1239e9b70ca2 2215 if ((*session)->flags.finCount >= 2) {
wolfSSL 0:1239e9b70ca2 2216 RemoveSession(*session, ipInfo, tcpInfo, 0);
wolfSSL 0:1239e9b70ca2 2217 *session = NULL;
wolfSSL 0:1239e9b70ca2 2218 return 1;
wolfSSL 0:1239e9b70ca2 2219 }
wolfSSL 0:1239e9b70ca2 2220 }
wolfSSL 0:1239e9b70ca2 2221
wolfSSL 0:1239e9b70ca2 2222 if ((*session)->flags.fatalError == FATAL_ERROR_STATE) {
wolfSSL 0:1239e9b70ca2 2223 SetError(FATAL_ERROR_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 2224 return -1;
wolfSSL 0:1239e9b70ca2 2225 }
wolfSSL 0:1239e9b70ca2 2226
wolfSSL 0:1239e9b70ca2 2227 if (*sslBytes == 0) {
wolfSSL 0:1239e9b70ca2 2228 Trace(NO_DATA_STR);
wolfSSL 0:1239e9b70ca2 2229 return 1;
wolfSSL 0:1239e9b70ca2 2230 }
wolfSSL 0:1239e9b70ca2 2231
wolfSSL 0:1239e9b70ca2 2232 /* if current partial data, add to end of partial */
wolfSSL 0:1239e9b70ca2 2233 if ( (length = ssl->buffers.inputBuffer.length) ) {
wolfSSL 0:1239e9b70ca2 2234 Trace(PARTIAL_ADD_STR);
wolfSSL 0:1239e9b70ca2 2235
wolfSSL 0:1239e9b70ca2 2236 if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
wolfSSL 0:1239e9b70ca2 2237 if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
wolfSSL 0:1239e9b70ca2 2238 SetError(MEMORY_STR, error, *session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2239 return -1;
wolfSSL 0:1239e9b70ca2 2240 }
wolfSSL 0:1239e9b70ca2 2241 }
wolfSSL 0:1239e9b70ca2 2242 XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], *sslFrame, *sslBytes);
wolfSSL 0:1239e9b70ca2 2243 *sslBytes += length;
wolfSSL 0:1239e9b70ca2 2244 ssl->buffers.inputBuffer.length = *sslBytes;
wolfSSL 0:1239e9b70ca2 2245 *sslFrame = ssl->buffers.inputBuffer.buffer;
wolfSSL 0:1239e9b70ca2 2246 *end = *sslFrame + *sslBytes;
wolfSSL 0:1239e9b70ca2 2247 }
wolfSSL 0:1239e9b70ca2 2248
wolfSSL 0:1239e9b70ca2 2249 if ((*session)->flags.clientHello == 0 && **sslFrame != handshake) {
wolfSSL 0:1239e9b70ca2 2250 int rhSize;
wolfSSL 0:1239e9b70ca2 2251 int ret = DoOldHello(*session, *sslFrame, &rhSize, sslBytes, error);
wolfSSL 0:1239e9b70ca2 2252 if (ret < 0)
wolfSSL 0:1239e9b70ca2 2253 return -1; /* error already set */
wolfSSL 0:1239e9b70ca2 2254 if (*sslBytes <= 0)
wolfSSL 0:1239e9b70ca2 2255 return 1;
wolfSSL 0:1239e9b70ca2 2256 }
wolfSSL 0:1239e9b70ca2 2257
wolfSSL 0:1239e9b70ca2 2258 return 0;
wolfSSL 0:1239e9b70ca2 2259 }
wolfSSL 0:1239e9b70ca2 2260
wolfSSL 0:1239e9b70ca2 2261
wolfSSL 0:1239e9b70ca2 2262 /* See if input on the reassembly list is ready for consuming */
wolfSSL 0:1239e9b70ca2 2263 /* returns 1 for TRUE, 0 for FALSE */
wolfSSL 0:1239e9b70ca2 2264 static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
wolfSSL 0:1239e9b70ca2 2265 int* sslBytes, const byte** end, char* error)
wolfSSL 0:1239e9b70ca2 2266 {
wolfSSL 0:1239e9b70ca2 2267 /* sequence and reassembly based on from, not to */
wolfSSL 0:1239e9b70ca2 2268 int moreInput = 0;
wolfSSL 0:1239e9b70ca2 2269 PacketBuffer** front = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2270 &session->cliReassemblyList : &session->srvReassemblyList;
wolfSSL 0:1239e9b70ca2 2271 word32* expected = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2272 &session->cliExpected : &session->srvExpected;
wolfSSL 0:1239e9b70ca2 2273 /* buffer is on receiving end */
wolfSSL 0:1239e9b70ca2 2274 word32* length = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2275 &session->sslServer->buffers.inputBuffer.length :
wolfSSL 0:1239e9b70ca2 2276 &session->sslClient->buffers.inputBuffer.length;
wolfSSL 0:1239e9b70ca2 2277 byte* myBuffer = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2278 session->sslServer->buffers.inputBuffer.buffer :
wolfSSL 0:1239e9b70ca2 2279 session->sslClient->buffers.inputBuffer.buffer;
wolfSSL 0:1239e9b70ca2 2280 word32 bufferSize = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2281 session->sslServer->buffers.inputBuffer.bufferSize :
wolfSSL 0:1239e9b70ca2 2282 session->sslClient->buffers.inputBuffer.bufferSize;
wolfSSL 0:1239e9b70ca2 2283 SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2284 session->sslServer : session->sslClient;
wolfSSL 0:1239e9b70ca2 2285
wolfSSL 0:1239e9b70ca2 2286 while (*front && ((*front)->begin == *expected) ) {
wolfSSL 0:1239e9b70ca2 2287 word32 room = bufferSize - *length;
wolfSSL 0:1239e9b70ca2 2288 word32 packetLen = (*front)->end - (*front)->begin + 1;
wolfSSL 0:1239e9b70ca2 2289
wolfSSL 0:1239e9b70ca2 2290 if (packetLen > room && bufferSize < MAX_INPUT_SZ) {
wolfSSL 0:1239e9b70ca2 2291 if (GrowInputBuffer(ssl, packetLen, *length) < 0) {
wolfSSL 0:1239e9b70ca2 2292 SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2293 return 0;
wolfSSL 0:1239e9b70ca2 2294 }
wolfSSL 0:1239e9b70ca2 2295 }
wolfSSL 0:1239e9b70ca2 2296
wolfSSL 0:1239e9b70ca2 2297 if (packetLen <= room) {
wolfSSL 0:1239e9b70ca2 2298 PacketBuffer* del = *front;
wolfSSL 0:1239e9b70ca2 2299
wolfSSL 0:1239e9b70ca2 2300 XMEMCPY(&myBuffer[*length], (*front)->data, packetLen);
wolfSSL 0:1239e9b70ca2 2301 *length += packetLen;
wolfSSL 0:1239e9b70ca2 2302 *expected += packetLen;
wolfSSL 0:1239e9b70ca2 2303
wolfSSL 0:1239e9b70ca2 2304 /* remove used packet */
wolfSSL 0:1239e9b70ca2 2305 *front = (*front)->next;
wolfSSL 0:1239e9b70ca2 2306 FreePacketBuffer(del);
wolfSSL 0:1239e9b70ca2 2307
wolfSSL 0:1239e9b70ca2 2308 moreInput = 1;
wolfSSL 0:1239e9b70ca2 2309 }
wolfSSL 0:1239e9b70ca2 2310 else
wolfSSL 0:1239e9b70ca2 2311 break;
wolfSSL 0:1239e9b70ca2 2312 }
wolfSSL 0:1239e9b70ca2 2313 if (moreInput) {
wolfSSL 0:1239e9b70ca2 2314 *sslFrame = myBuffer;
wolfSSL 0:1239e9b70ca2 2315 *sslBytes = *length;
wolfSSL 0:1239e9b70ca2 2316 *end = myBuffer + *length;
wolfSSL 0:1239e9b70ca2 2317 }
wolfSSL 0:1239e9b70ca2 2318 return moreInput;
wolfSSL 0:1239e9b70ca2 2319 }
wolfSSL 0:1239e9b70ca2 2320
wolfSSL 0:1239e9b70ca2 2321
wolfSSL 0:1239e9b70ca2 2322
wolfSSL 0:1239e9b70ca2 2323 /* Process Message(s) from sslFrame */
wolfSSL 0:1239e9b70ca2 2324 /* return Number of bytes on success, 0 for no data yet, and -1 on error */
wolfSSL 0:1239e9b70ca2 2325 static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
wolfSSL 0:1239e9b70ca2 2326 int sslBytes, byte* data, const byte* end,char* error)
wolfSSL 0:1239e9b70ca2 2327 {
wolfSSL 0:1239e9b70ca2 2328 const byte* sslBegin = sslFrame;
wolfSSL 0:1239e9b70ca2 2329 const byte* tmp;
wolfSSL 0:1239e9b70ca2 2330 RecordLayerHeader rh;
wolfSSL 0:1239e9b70ca2 2331 int rhSize = 0;
wolfSSL 0:1239e9b70ca2 2332 int ret;
wolfSSL 0:1239e9b70ca2 2333 int errCode = 0;
wolfSSL 0:1239e9b70ca2 2334 int decoded = 0; /* bytes stored for user in data */
wolfSSL 0:1239e9b70ca2 2335 int notEnough; /* notEnough bytes yet flag */
wolfSSL 0:1239e9b70ca2 2336 SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ?
wolfSSL 0:1239e9b70ca2 2337 session->sslServer : session->sslClient;
wolfSSL 0:1239e9b70ca2 2338 doMessage:
wolfSSL 0:1239e9b70ca2 2339 notEnough = 0;
wolfSSL 0:1239e9b70ca2 2340 if (sslBytes < 0) {
wolfSSL 0:1239e9b70ca2 2341 SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2342 return -1;
wolfSSL 0:1239e9b70ca2 2343 }
wolfSSL 0:1239e9b70ca2 2344 if (sslBytes >= RECORD_HEADER_SZ) {
wolfSSL 0:1239e9b70ca2 2345 if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
wolfSSL 0:1239e9b70ca2 2346 SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2347 return -1;
wolfSSL 0:1239e9b70ca2 2348 }
wolfSSL 0:1239e9b70ca2 2349 }
wolfSSL 0:1239e9b70ca2 2350 else
wolfSSL 0:1239e9b70ca2 2351 notEnough = 1;
wolfSSL 0:1239e9b70ca2 2352
wolfSSL 0:1239e9b70ca2 2353 if (notEnough || rhSize > (sslBytes - RECORD_HEADER_SZ)) {
wolfSSL 0:1239e9b70ca2 2354 /* don't have enough input yet to process full SSL record */
wolfSSL 0:1239e9b70ca2 2355 Trace(PARTIAL_INPUT_STR);
wolfSSL 0:1239e9b70ca2 2356
wolfSSL 0:1239e9b70ca2 2357 /* store partial if not there already or we advanced */
wolfSSL 0:1239e9b70ca2 2358 if (ssl->buffers.inputBuffer.length == 0 || sslBegin != sslFrame) {
wolfSSL 0:1239e9b70ca2 2359 if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
wolfSSL 0:1239e9b70ca2 2360 if (GrowInputBuffer(ssl, sslBytes, 0) < 0) {
wolfSSL 0:1239e9b70ca2 2361 SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2362 return -1;
wolfSSL 0:1239e9b70ca2 2363 }
wolfSSL 0:1239e9b70ca2 2364 }
wolfSSL 0:1239e9b70ca2 2365 XMEMCPY(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes);
wolfSSL 0:1239e9b70ca2 2366 ssl->buffers.inputBuffer.length = sslBytes;
wolfSSL 0:1239e9b70ca2 2367 }
wolfSSL 0:1239e9b70ca2 2368 if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))
wolfSSL 0:1239e9b70ca2 2369 goto doMessage;
wolfSSL 0:1239e9b70ca2 2370 return decoded;
wolfSSL 0:1239e9b70ca2 2371 }
wolfSSL 0:1239e9b70ca2 2372 sslFrame += RECORD_HEADER_SZ;
wolfSSL 0:1239e9b70ca2 2373 sslBytes -= RECORD_HEADER_SZ;
wolfSSL 0:1239e9b70ca2 2374 tmp = sslFrame + rhSize; /* may have more than one record to process */
wolfSSL 0:1239e9b70ca2 2375
wolfSSL 0:1239e9b70ca2 2376 /* decrypt if needed */
wolfSSL 0:1239e9b70ca2 2377 if ((session->flags.side == CYASSL_SERVER_END &&
wolfSSL 0:1239e9b70ca2 2378 session->flags.serverCipherOn)
wolfSSL 0:1239e9b70ca2 2379 || (session->flags.side == CYASSL_CLIENT_END &&
wolfSSL 0:1239e9b70ca2 2380 session->flags.clientCipherOn)) {
wolfSSL 0:1239e9b70ca2 2381 if (CheckAvailableSize(ssl, rhSize) < 0) {
wolfSSL 0:1239e9b70ca2 2382 SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2383 return -1;
wolfSSL 0:1239e9b70ca2 2384 }
wolfSSL 0:1239e9b70ca2 2385 sslFrame = DecryptMessage(ssl, sslFrame, rhSize,
wolfSSL 0:1239e9b70ca2 2386 ssl->buffers.outputBuffer.buffer, &errCode);
wolfSSL 0:1239e9b70ca2 2387 if (errCode != 0) {
wolfSSL 0:1239e9b70ca2 2388 SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2389 return -1;
wolfSSL 0:1239e9b70ca2 2390 }
wolfSSL 0:1239e9b70ca2 2391 }
wolfSSL 0:1239e9b70ca2 2392
wolfSSL 0:1239e9b70ca2 2393 switch ((enum ContentType)rh.type) {
wolfSSL 0:1239e9b70ca2 2394 case handshake:
wolfSSL 0:1239e9b70ca2 2395 Trace(GOT_HANDSHAKE_STR);
wolfSSL 0:1239e9b70ca2 2396 ret = DoHandShake(sslFrame, &sslBytes, session, error);
wolfSSL 0:1239e9b70ca2 2397 if (ret != 0) {
wolfSSL 0:1239e9b70ca2 2398 if (session->flags.fatalError == 0)
wolfSSL 0:1239e9b70ca2 2399 SetError(BAD_HANDSHAKE_STR,error,session,FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2400 return -1;
wolfSSL 0:1239e9b70ca2 2401 }
wolfSSL 0:1239e9b70ca2 2402 break;
wolfSSL 0:1239e9b70ca2 2403 case change_cipher_spec:
wolfSSL 0:1239e9b70ca2 2404 if (session->flags.side == CYASSL_SERVER_END)
wolfSSL 0:1239e9b70ca2 2405 session->flags.serverCipherOn = 1;
wolfSSL 0:1239e9b70ca2 2406 else
wolfSSL 0:1239e9b70ca2 2407 session->flags.clientCipherOn = 1;
wolfSSL 0:1239e9b70ca2 2408 Trace(GOT_CHANGE_CIPHER_STR);
wolfSSL 0:1239e9b70ca2 2409 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 0:1239e9b70ca2 2410 break;
wolfSSL 0:1239e9b70ca2 2411 case application_data:
wolfSSL 0:1239e9b70ca2 2412 Trace(GOT_APP_DATA_STR);
wolfSSL 0:1239e9b70ca2 2413 {
wolfSSL 0:1239e9b70ca2 2414 word32 inOutIdx = 0;
wolfSSL 0:1239e9b70ca2 2415
wolfSSL 0:1239e9b70ca2 2416 ret = DoApplicationData(ssl, (byte*)sslFrame, &inOutIdx);
wolfSSL 0:1239e9b70ca2 2417 if (ret == 0) {
wolfSSL 0:1239e9b70ca2 2418 ret = ssl->buffers.clearOutputBuffer.length;
wolfSSL 0:1239e9b70ca2 2419 TraceGotData(ret);
wolfSSL 0:1239e9b70ca2 2420 if (ret) { /* may be blank message */
wolfSSL 0:1239e9b70ca2 2421 XMEMCPY(&data[decoded],
wolfSSL 0:1239e9b70ca2 2422 ssl->buffers.clearOutputBuffer.buffer, ret);
wolfSSL 0:1239e9b70ca2 2423 TraceAddedData(ret, decoded);
wolfSSL 0:1239e9b70ca2 2424 decoded += ret;
wolfSSL 0:1239e9b70ca2 2425 ssl->buffers.clearOutputBuffer.length = 0;
wolfSSL 0:1239e9b70ca2 2426 }
wolfSSL 0:1239e9b70ca2 2427 }
wolfSSL 0:1239e9b70ca2 2428 else {
wolfSSL 0:1239e9b70ca2 2429 SetError(BAD_APP_DATA_STR, error,session,FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2430 return -1;
wolfSSL 0:1239e9b70ca2 2431 }
wolfSSL 0:1239e9b70ca2 2432 if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL 0:1239e9b70ca2 2433 ShrinkOutputBuffer(ssl);
wolfSSL 0:1239e9b70ca2 2434 }
wolfSSL 0:1239e9b70ca2 2435 break;
wolfSSL 0:1239e9b70ca2 2436 case alert:
wolfSSL 0:1239e9b70ca2 2437 Trace(GOT_ALERT_STR);
wolfSSL 0:1239e9b70ca2 2438 break;
wolfSSL 0:1239e9b70ca2 2439 case no_type:
wolfSSL 0:1239e9b70ca2 2440 default:
wolfSSL 0:1239e9b70ca2 2441 SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE);
wolfSSL 0:1239e9b70ca2 2442 return -1;
wolfSSL 0:1239e9b70ca2 2443 }
wolfSSL 0:1239e9b70ca2 2444
wolfSSL 0:1239e9b70ca2 2445 if (tmp < end) {
wolfSSL 0:1239e9b70ca2 2446 Trace(ANOTHER_MSG_STR);
wolfSSL 0:1239e9b70ca2 2447 sslFrame = tmp;
wolfSSL 0:1239e9b70ca2 2448 sslBytes = (int)(end - tmp);
wolfSSL 0:1239e9b70ca2 2449 goto doMessage;
wolfSSL 0:1239e9b70ca2 2450 }
wolfSSL 0:1239e9b70ca2 2451
wolfSSL 0:1239e9b70ca2 2452 /* clear used input */
wolfSSL 0:1239e9b70ca2 2453 ssl->buffers.inputBuffer.length = 0;
wolfSSL 0:1239e9b70ca2 2454
wolfSSL 0:1239e9b70ca2 2455 /* could have more input ready now */
wolfSSL 0:1239e9b70ca2 2456 if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))
wolfSSL 0:1239e9b70ca2 2457 goto doMessage;
wolfSSL 0:1239e9b70ca2 2458
wolfSSL 0:1239e9b70ca2 2459 if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 0:1239e9b70ca2 2460 ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL 0:1239e9b70ca2 2461
wolfSSL 0:1239e9b70ca2 2462 return decoded;
wolfSSL 0:1239e9b70ca2 2463 }
wolfSSL 0:1239e9b70ca2 2464
wolfSSL 0:1239e9b70ca2 2465
wolfSSL 0:1239e9b70ca2 2466 /* See if we need to process any pending FIN captures */
wolfSSL 0:1239e9b70ca2 2467 static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL 0:1239e9b70ca2 2468 SnifferSession* session)
wolfSSL 0:1239e9b70ca2 2469 {
wolfSSL 0:1239e9b70ca2 2470 if (session->finCaputre.cliFinSeq && session->finCaputre.cliFinSeq <=
wolfSSL 0:1239e9b70ca2 2471 session->cliExpected) {
wolfSSL 0:1239e9b70ca2 2472 if (session->finCaputre.cliCounted == 0) {
wolfSSL 0:1239e9b70ca2 2473 session->flags.finCount += 1;
wolfSSL 0:1239e9b70ca2 2474 session->finCaputre.cliCounted = 1;
wolfSSL 0:1239e9b70ca2 2475 TraceClientFin(session->finCaputre.cliFinSeq, session->cliExpected);
wolfSSL 0:1239e9b70ca2 2476 }
wolfSSL 0:1239e9b70ca2 2477 }
wolfSSL 0:1239e9b70ca2 2478
wolfSSL 0:1239e9b70ca2 2479 if (session->finCaputre.srvFinSeq && session->finCaputre.srvFinSeq <=
wolfSSL 0:1239e9b70ca2 2480 session->srvExpected) {
wolfSSL 0:1239e9b70ca2 2481 if (session->finCaputre.srvCounted == 0) {
wolfSSL 0:1239e9b70ca2 2482 session->flags.finCount += 1;
wolfSSL 0:1239e9b70ca2 2483 session->finCaputre.srvCounted = 1;
wolfSSL 0:1239e9b70ca2 2484 TraceServerFin(session->finCaputre.srvFinSeq, session->srvExpected);
wolfSSL 0:1239e9b70ca2 2485 }
wolfSSL 0:1239e9b70ca2 2486 }
wolfSSL 0:1239e9b70ca2 2487
wolfSSL 0:1239e9b70ca2 2488 if (session->flags.finCount >= 2)
wolfSSL 0:1239e9b70ca2 2489 RemoveSession(session, ipInfo, tcpInfo, 0);
wolfSSL 0:1239e9b70ca2 2490 }
wolfSSL 0:1239e9b70ca2 2491
wolfSSL 0:1239e9b70ca2 2492
wolfSSL 0:1239e9b70ca2 2493 /* If session is in fatal error state free resources now
wolfSSL 0:1239e9b70ca2 2494 return true if removed, 0 otherwise */
wolfSSL 0:1239e9b70ca2 2495 static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL 0:1239e9b70ca2 2496 SnifferSession* session, char* error)
wolfSSL 0:1239e9b70ca2 2497 {
wolfSSL 0:1239e9b70ca2 2498 if (session && session->flags.fatalError == FATAL_ERROR_STATE) {
wolfSSL 0:1239e9b70ca2 2499 RemoveSession(session, ipInfo, tcpInfo, 0);
wolfSSL 0:1239e9b70ca2 2500 SetError(FATAL_ERROR_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 2501 return 1;
wolfSSL 0:1239e9b70ca2 2502 }
wolfSSL 0:1239e9b70ca2 2503 return 0;
wolfSSL 0:1239e9b70ca2 2504 }
wolfSSL 0:1239e9b70ca2 2505
wolfSSL 0:1239e9b70ca2 2506
wolfSSL 0:1239e9b70ca2 2507 /* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */
wolfSSL 0:1239e9b70ca2 2508 /* returns Number of bytes on success, 0 for no data yet, and -1 on error */
wolfSSL 0:1239e9b70ca2 2509 int ssl_DecodePacket(const byte* packet, int length, byte* data, char* error)
wolfSSL 0:1239e9b70ca2 2510 {
wolfSSL 0:1239e9b70ca2 2511 TcpInfo tcpInfo;
wolfSSL 0:1239e9b70ca2 2512 IpInfo ipInfo;
wolfSSL 0:1239e9b70ca2 2513 const byte* sslFrame;
wolfSSL 0:1239e9b70ca2 2514 const byte* end = packet + length;
wolfSSL 0:1239e9b70ca2 2515 int sslBytes; /* ssl bytes unconsumed */
wolfSSL 0:1239e9b70ca2 2516 int ret;
wolfSSL 0:1239e9b70ca2 2517 SnifferSession* session = 0;
wolfSSL 0:1239e9b70ca2 2518
wolfSSL 0:1239e9b70ca2 2519 if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
wolfSSL 0:1239e9b70ca2 2520 error) != 0)
wolfSSL 0:1239e9b70ca2 2521 return -1;
wolfSSL 0:1239e9b70ca2 2522
wolfSSL 0:1239e9b70ca2 2523 ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error);
wolfSSL 0:1239e9b70ca2 2524 if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL 0:1239e9b70ca2 2525 else if (ret == -1) return -1;
wolfSSL 0:1239e9b70ca2 2526 else if (ret == 1) return 0; /* done for now */
wolfSSL 0:1239e9b70ca2 2527
wolfSSL 0:1239e9b70ca2 2528 ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error);
wolfSSL 0:1239e9b70ca2 2529 if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL 0:1239e9b70ca2 2530 else if (ret == -1) return -1;
wolfSSL 0:1239e9b70ca2 2531 else if (ret == 1) return 0; /* done for now */
wolfSSL 0:1239e9b70ca2 2532
wolfSSL 0:1239e9b70ca2 2533 ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes,
wolfSSL 0:1239e9b70ca2 2534 &end, error);
wolfSSL 0:1239e9b70ca2 2535 if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL 0:1239e9b70ca2 2536 else if (ret == -1) return -1;
wolfSSL 0:1239e9b70ca2 2537 else if (ret == 1) return 0; /* done for now */
wolfSSL 0:1239e9b70ca2 2538
wolfSSL 0:1239e9b70ca2 2539 ret = ProcessMessage(sslFrame, session, sslBytes, data, end, error);
wolfSSL 0:1239e9b70ca2 2540 if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL 0:1239e9b70ca2 2541 CheckFinCapture(&ipInfo, &tcpInfo, session);
wolfSSL 0:1239e9b70ca2 2542 return ret;
wolfSSL 0:1239e9b70ca2 2543 }
wolfSSL 0:1239e9b70ca2 2544
wolfSSL 0:1239e9b70ca2 2545
wolfSSL 0:1239e9b70ca2 2546 /* Enables (if traceFile)/ Disables debug tracing */
wolfSSL 0:1239e9b70ca2 2547 /* returns 0 on success, -1 on error */
wolfSSL 0:1239e9b70ca2 2548 int ssl_Trace(const char* traceFile, char* error)
wolfSSL 0:1239e9b70ca2 2549 {
wolfSSL 0:1239e9b70ca2 2550 if (traceFile) {
wolfSSL 0:1239e9b70ca2 2551 TraceFile = fopen(traceFile, "a");
wolfSSL 0:1239e9b70ca2 2552 if (!TraceFile) {
wolfSSL 0:1239e9b70ca2 2553 SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
wolfSSL 0:1239e9b70ca2 2554 return -1;
wolfSSL 0:1239e9b70ca2 2555 }
wolfSSL 0:1239e9b70ca2 2556 TraceOn = 1;
wolfSSL 0:1239e9b70ca2 2557 }
wolfSSL 0:1239e9b70ca2 2558 else
wolfSSL 0:1239e9b70ca2 2559 TraceOn = 0;
wolfSSL 0:1239e9b70ca2 2560
wolfSSL 0:1239e9b70ca2 2561 return 0;
wolfSSL 0:1239e9b70ca2 2562 }
wolfSSL 0:1239e9b70ca2 2563
wolfSSL 0:1239e9b70ca2 2564
wolfSSL 0:1239e9b70ca2 2565
wolfSSL 0:1239e9b70ca2 2566
wolfSSL 0:1239e9b70ca2 2567 #endif /* CYASSL_SNIFFER */
wolfSSL 0:1239e9b70ca2 2568