diff options
| author | Luca <deri@ntop.org> | 2021-05-06 08:56:01 +0200 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2021-05-06 08:56:01 +0200 |
| commit | 808050e6357f0c84826828f1922ac1a29803845b (patch) | |
| tree | 3400abdd4402e55d1f6cda10a5295952d12485f6 /src | |
| parent | ce54a6ab5742d387cc50f6d4b0682663dfb1d2ad (diff) | |
Add extraction for TLS signature algorithms
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 7 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 5 |
3 files changed, 11 insertions, 3 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index fb8bd7d1b..56927be53 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1209,6 +1209,8 @@ typedef enum { ndpi_cipher_insecure = NDPI_CIPHER_INSECURE } ndpi_cipher_weakness; +#define MAX_NUM_TLS_SIGNATURE_ALGORITHMS 16 + /* NOTE When the struct below is modified don't forget to update @@ -1319,8 +1321,9 @@ struct ndpi_flow_struct { *server_names, *alpn, *tls_supported_versions, *issuerDN, *subjectDN; u_int32_t notBefore, notAfter; char ja3_client[33], ja3_server[33]; - u_int16_t server_cipher; - u_int8_t sha1_certificate_fingerprint[20]; + u_int16_t server_cipher; + u_int16_t client_signature_algorithms[MAX_NUM_TLS_SIGNATURE_ALGORITHMS]; + u_int8_t num_tls_signature_algorithms, sha1_certificate_fingerprint[20]; struct { u_int16_t cipher_suite; diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index d96a87ce2..311c8d2f3 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1,7 +1,7 @@ /* * ndpi_content_match.c * - * Copyright (C) 2011-19 - ntop.org + * Copyright (C) 2011-21 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index d970980ab..939564994 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1625,6 +1625,11 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, for(i=0; i<tot_signature_algorithms_len; i++) { int rc = snprintf(&ja3.client.signature_algorithms[i*2], sizeof(ja3.client.signature_algorithms)-i*2, "%02X", packet->payload[s_offset+i]); + if(flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms < MAX_NUM_TLS_SIGNATURE_ALGORITHMS) { + if(flow->protos.tls_quic_stun.tls_quic.client_signature_algorithms[flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms]) + flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms++; + } + if(rc < 0) break; } |