diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2022-09-27 20:01:32 +0200 |
|---|---|---|
| committer | Toni <matzeton@googlemail.com> | 2022-09-30 06:53:29 +0200 |
| commit | f3a74d97d845d07628533717666637e1630aa1ed (patch) | |
| tree | cb7192a695752d9b13aa7154179110c5ba576388 /src/lib/protocols/tls.c | |
| parent | fbf30d1aadb8c475f43084a8e71aa77fd203068e (diff) | |
TLS/DTLS: we process certificate for UDP flows, too
Note that current code access `certificate_processed` state even before
setting the protocol classification, so this piece of information can't
be saved in `flow->protos` union.
Diffstat (limited to 'src/lib/protocols/tls.c')
| -rw-r--r-- | src/lib/protocols/tls.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 8210f51fe..55eed7ca9 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -801,7 +801,7 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct, SHA1Final(flow->protos.tls_quic.sha1_certificate_fingerprint, &srv_cert_fingerprint_ctx); - flow->l4.tcp.tls.fingerprint_set = 1; + flow->protos.tls_quic.fingerprint_set = 1; uint8_t * sha1 = flow->protos.tls_quic.sha1_certificate_fingerprint; const size_t sha1_siz = sizeof(flow->protos.tls_quic.sha1_certificate_fingerprint); @@ -869,9 +869,10 @@ static int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct, (packet->payload[0] == 0x01) ? "Client" : "Server"); #endif - if((flow->protos.tls_quic.ssl_version >= 0x0304 /* TLS 1.3 */) + /* Not support for DTLS 1.3 yet, then certificates are always visible in DTLS */ + if((packet->tcp && flow->protos.tls_quic.ssl_version >= 0x0304 /* TLS 1.3 */) && (packet->payload[0] == 0x02 /* Server Hello */)) { - flow->l4.tcp.tls.certificate_processed = 1; /* No Certificate with TLS 1.3+ */ + flow->tls_quic.certificate_processed = 1; /* No Certificate with TLS 1.3+ */ } checkTLSSubprotocol(ndpi_struct, flow, packet->payload[0] == 0x01); @@ -887,7 +888,7 @@ static int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct, printf("[TLS] Error processing certificate: %d\n", ret); #endif } - flow->l4.tcp.tls.certificate_processed = 1; + flow->tls_quic.certificate_processed = 1; } break; @@ -1013,7 +1014,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, if((len > 9) && (content_type != 0x17 /* Application Data */) - && (!flow->l4.tcp.tls.certificate_processed)) { + && (!flow->tls_quic.certificate_processed)) { /* Split the element in blocks */ u_int16_t processed = 5; @@ -1060,9 +1061,9 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, we are after the handshake. Stop extra processing */ flow->l4.tcp.tls.app_data_seen[packet->packet_direction] = 1; if(flow->l4.tcp.tls.app_data_seen[!packet->packet_direction] == 1) - flow->l4.tcp.tls.certificate_processed = 1; + flow->tls_quic.certificate_processed = 1; - if(flow->l4.tcp.tls.certificate_processed) { + if(flow->tls_quic.certificate_processed) { if(flow->l4.tcp.tls.num_tls_blocks < ndpi_struct->num_tls_blocks_to_follow) flow->l4.tcp.tls.tls_application_blocks_len[flow->l4.tcp.tls.num_tls_blocks++] = (packet->packet_direction == 0) ? (len-5) : -(len-5); @@ -1093,7 +1094,7 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, || ((ndpi_struct->num_tls_blocks_to_follow > 0) && (flow->l4.tcp.tls.num_tls_blocks == ndpi_struct->num_tls_blocks_to_follow)) || ((ndpi_struct->num_tls_blocks_to_follow == 0) - && (flow->l4.tcp.tls.certificate_processed == 1)) + && (flow->tls_quic.certificate_processed == 1)) ) { #ifdef DEBUG_TLS_BLOCKS printf("*** [TLS Block] No more blocks\n"); @@ -1189,7 +1190,7 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, processed += block_len + 13; /* DTLS mid session: no need to further inspect the flow */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DTLS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); - flow->l4.tcp.tls.certificate_processed = 1; /* Fake, to avoid extra dissection */ + flow->tls_quic.certificate_processed = 1; /* Fake, to avoid extra dissection */ break; } @@ -1206,7 +1207,7 @@ static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, packet->payload = p; packet->payload_packet_len = p_len; /* Restore */ - if(no_dtls || change_cipher_found || flow->l4.tcp.tls.certificate_processed) { + if(no_dtls || change_cipher_found || flow->tls_quic.certificate_processed) { NDPI_EXCLUDE_PROTO_EXT(ndpi_struct, flow, NDPI_PROTOCOL_DTLS); flow->extra_packets_func = NULL; return(0); /* That's all */ |