TLS: add basic, basic, detection of Encrypted ClientHello (#2053)

7 files changed, 55 insertions, 1 deletions

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index dfde22d61..c37c046f8 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1819,6 +1819,10 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
               ndpi_cipher2str(flow->ssh_tls.encrypted_sni.cipher_suite, unknown_cipher));
     }
 
+    if(flow->ssh_tls.encrypted_ch.version != 0) {
+      fprintf(out, "[ECH: version 0x%x]", flow->ssh_tls.encrypted_ch.version);
+    }
+
     if(flow->ssh_tls.sha1_cert_fingerprint_set) {
       fprintf(out, "[Certificate SHA-1: ");
       for(i=0; i<20; i++)
diff --git a/example/reader_util.c b/example/reader_util.c
index b9112b92e..d8c4b23f3 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1339,6 +1339,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
       flow->ssh_tls.encrypted_sni.cipher_suite = flow->ndpi_flow->protos.tls_quic.encrypted_sni.cipher_suite;
     }
 
+    flow->ssh_tls.encrypted_ch.version = flow->ndpi_flow->protos.tls_quic.encrypted_ch.version;
+
     if(flow->ndpi_flow->protos.tls_quic.tls_supported_versions) {
       if((flow->ssh_tls.tls_supported_versions = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.tls_supported_versions)) != NULL)
 	correct_csv_data_field(flow->ssh_tls.tls_supported_versions);
diff --git a/example/reader_util.h b/example/reader_util.h
index 4dabbc88d..cce243130 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -276,6 +276,10 @@ typedef struct ndpi_flow_info {
       char *esni;
     } encrypted_sni;    
 
+    struct {
+      u_int16_t version;
+    } encrypted_ch;
+
     time_t notBefore, notAfter;
     u_int16_t server_cipher;
     ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher;
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 08ba99ef0..9844e7400 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1524,6 +1524,11 @@ struct ndpi_flow_struct {
         u_int16_t cipher_suite;
         char *esni;
       } encrypted_sni;
+
+      struct {
+        u_int16_t version;
+      } encrypted_ch;
+
       ndpi_cipher_weakness server_unsafe_cipher;
     } tls_quic; /* Used also by DTLS and POPS/IMAPS/SMTPS/FTPS */
 
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 157e57868..b1c97225f 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1538,7 +1538,9 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct,
     /* Groups */
     1035, 10794, 16696, 23130, 31354, 35466, 51914,
     /* Ciphers */
-    102, 129, 52243, 52244, 57363, 65279, 65413
+    102, 129, 52243, 52244, 57363, 65279, 65413,
+    /* ECH */
+    65037
   };
   size_t const allowed_non_iana_extensions_size = sizeof(allowed_non_iana_extensions) /
     sizeof(allowed_non_iana_extensions[0]);
@@ -2537,6 +2539,13 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		    }
 		  }
 		}
+	      } else if(extension_id == 65037 /* ECH: latest drafts */) {
+#ifdef DEBUG_TLS
+		printf("Client TLS: ECH version 0x%x\n", extension_id;
+#endif
+		/* Beginning with draft-08, the version is the same as the code point
+		   for the "encrypted_client_hello" extension. */
+		flow->protos.tls_quic.encrypted_ch.version = extension_id;
 	      } else if(extension_id == 65445 || /* QUIC transport parameters (drafts version) */
 		        extension_id == 57) { /* QUIC transport parameters (final version) */
 		u_int16_t s_offset = offset+extension_offset;
diff --git a/tests/cfgs/default/pcap/tls_ech.pcapng b/tests/cfgs/default/pcap/tls_ech.pcapng
new file mode 100644
index 000000000..7c018b266
--- /dev/null
+++ b/tests/cfgs/default/pcap/tls_ech.pcapng
diff --git a/tests/cfgs/default/result/tls_ech.pcapng.out b/tests/cfgs/default/result/tls_ech.pcapng.out
new file mode 100644
index 000000000..048bd7323
--- /dev/null
+++ b/tests/cfgs/default/result/tls_ech.pcapng.out
@@ -0,0 +1,30 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	6	(6.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          1/1 (search/found)
+Automa domain:        1/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  2/2 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   0/0 (search/found)
+
+Cloudflare	10	4226	1
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 2001:b07:a3d:c112:ce16:b409:3d0a:9177 	 1      
+
+
+	1	TCP [2001:b07:a3d:c112:ce16:b409:3d0a:9177]:47460 <-> [2606:4700::6812:1e4e]:443 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/1172 bytes <-> 4 pkts/3054 bytes][Goodput ratio: 55/88][0.07 sec][Hostname/SNI: performance.radar.cloudflare.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/3 13/5 49/7 18/2][Pkt Len c2s/s2c min/avg/max/stddev: 86/86 195/764 670/2260 213/890][TLSv1.3][JA3C: 6820f114cf3b0809ffdcb30cb277848a][JA3S: eb1d94daa7e0344597e756a1fb6e7054][ECH: version 0xfe0d][Chrome][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]