diff options
| -rw-r--r-- | example/ndpiReader.c | 17 | ||||
| -rw-r--r-- | example/reader_util.c | 2 | ||||
| -rw-r--r-- | example/reader_util.h | 5 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 13 |
6 files changed, 35 insertions, 7 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2dde10182..782e62fb8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1024,6 +1024,8 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa return; if(!json_flag) { + u_int i; + fprintf(out, "\t%u", id); fprintf(out, "\t%s ", ipProto2Name(flow->protocol)); @@ -1101,6 +1103,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->ssh_tls.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_tls.ja3_client, print_cipher(flow->ssh_tls.client_unsafe_cipher)); + if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[Server: %s]", flow->ssh_tls.server_info); if(flow->ssh_tls.server_hassh[0] != '\0') fprintf(out, "[HASSH-S: %s]", flow->ssh_tls.server_hassh); @@ -1108,6 +1111,20 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa print_cipher(flow->ssh_tls.server_unsafe_cipher)); if(flow->ssh_tls.server_organization[0] != '\0') fprintf(out, "[Organization: %s]", flow->ssh_tls.server_organization); + if(flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) { + if((flow->ssh_tls.sha1_cert_fingerprint[0] == 0) + && (flow->ssh_tls.sha1_cert_fingerprint[1] == 0) + && (flow->ssh_tls.sha1_cert_fingerprint[2] == 0)) + ; /* Looks empty */ + else { + fprintf(out, "[Certificate SHA-1: "); + for(i=0; i<20; i++) + fprintf(out, "%s%02X", (i > 0) ? ":" : "", + flow->ssh_tls.sha1_cert_fingerprint[i] & 0xFF); + fprintf(out, "]"); + } + } + if(flow->ssh_tls.notBefore && flow->ssh_tls.notAfter) { char notBefore[32], notAfter[32]; struct tm a, b; diff --git a/example/reader_util.c b/example/reader_util.c index 9ec50486c..2564f4ffd 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -985,6 +985,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ndpi_flow->protos.stun_ssl.ssl.ja3_server); flow->ssh_tls.server_unsafe_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_unsafe_cipher; flow->ssh_tls.server_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_cipher; + memcpy(flow->ssh_tls.sha1_cert_fingerprint, + flow->ndpi_flow->l4.tcp.tls_sha1_certificate_fingerprint, 20); } } diff --git a/example/reader_util.h b/example/reader_util.h index 95eac67e8..0a847e3de 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -161,10 +161,11 @@ typedef struct ndpi_flow_info { char client_info[64], server_info[64], client_hassh[33], server_hassh[33], server_organization[64], - ja3_client[33], ja3_server[33]; + ja3_client[33], ja3_server[33], + sha1_cert_fingerprint[20]; time_t notBefore, notAfter; u_int16_t server_cipher; - ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; + ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; } ssh_tls; void *src_id, *dst_id; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 0f3aee9f2..cb790ad40 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -612,6 +612,7 @@ struct ndpi_flow_tcp_struct { tls_srv_cert_fingerprint_processed:1, tls_stage:2, _pad:1; // 0 - 5 int16_t tls_record_offset, tls_fingerprint_len; /* Need to be signed */ + u_int8_t tls_sha1_certificate_fingerprint[20]; /* NDPI_PROTOCOL_POSTGRES */ u_int32_t postgres_stage:3; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b485fe631..8eb9f2260 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6119,6 +6119,10 @@ void ndpi_free_flow(struct ndpi_flow_struct *flow) { if(flow) { if(flow->http.url) ndpi_free(flow->http.url); if(flow->http.content_type) ndpi_free(flow->http.content_type); + + if(flow->l4.tcp.tls_srv_cert_fingerprint_ctx) + ndpi_free(flow->l4.tcp.tls_srv_cert_fingerprint_ctx); + ndpi_free(flow); } } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index a6d510160..f5957b1ba 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -710,7 +710,6 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct return(0); /* We're good */ if(flow->l4.tcp.tls_fingerprint_len > 0) { - unsigned char sha1[20]; unsigned int i, avail = packet->payload_packet_len - flow->l4.tcp.tls_record_offset; if(avail > flow->l4.tcp.tls_fingerprint_len) @@ -738,12 +737,12 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct flow->l4.tcp.tls_fingerprint_len -= avail; if(flow->l4.tcp.tls_fingerprint_len == 0) { - SHA1Final(sha1, flow->l4.tcp.tls_srv_cert_fingerprint_ctx); + SHA1Final(flow->l4.tcp.tls_sha1_certificate_fingerprint, flow->l4.tcp.tls_srv_cert_fingerprint_ctx); #ifdef DEBUG_TLS printf("=>> [TLS] SHA-1: "); for(i=0;i<20;i++) - printf("%s%02X", (i > 0) ? ":" : "", sha1[i]); + printf("%s%02X", (i > 0) ? ":" : "", flow->l4.tcp.tls_sha1_certificate_fingerprint[i]); printf("\n"); #endif @@ -772,8 +771,12 @@ int getSSCertificateFingerprint(struct ndpi_detection_module_struct *ndpi_struct #ifdef DEBUG_TLS printf("=>> [TLS] Certificate found\n"); #endif - flow->l4.tcp.tls_srv_cert_fingerprint_ctx = (void*)ndpi_malloc(sizeof(SHA1_CTX)); - + + if(flow->l4.tcp.tls_srv_cert_fingerprint_ctx == NULL) + flow->l4.tcp.tls_srv_cert_fingerprint_ctx = (void*)ndpi_malloc(sizeof(SHA1_CTX)); + else + printf("[TLS] Internal error: double allocation\n:"); + if(flow->l4.tcp.tls_srv_cert_fingerprint_ctx) { SHA1Init(flow->l4.tcp.tls_srv_cert_fingerprint_ctx); flow->l4.tcp.tls_srv_cert_fingerprint_found = 1; |