From 808050e6357f0c84826828f1922ac1a29803845b Mon Sep 17 00:00:00 2001
From: Luca <deri@ntop.org>
Date: Thu, 6 May 2021 08:56:01 +0200
Subject: Add extraction for TLS signature algorithms

---
 src/include/ndpi_typedefs.h      | 7 +++++--
 src/lib/ndpi_content_match.c.inc | 2 +-
 src/lib/protocols/tls.c          | 5 +++++
 3 files changed, 11 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index fb8bd7d1b..56927be53 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1209,6 +1209,8 @@ typedef enum {
    ndpi_cipher_insecure = NDPI_CIPHER_INSECURE
 } ndpi_cipher_weakness;
 
+#define MAX_NUM_TLS_SIGNATURE_ALGORITHMS 16
+
 /*
   NOTE
   When the struct below is modified don't forget to update
@@ -1319,8 +1321,9 @@ struct ndpi_flow_struct {
 	  *server_names, *alpn, *tls_supported_versions, *issuerDN, *subjectDN;
 	u_int32_t notBefore, notAfter;
 	char ja3_client[33], ja3_server[33];
-	u_int16_t server_cipher;
-	u_int8_t sha1_certificate_fingerprint[20];
+	u_int16_t server_cipher;	
+	u_int16_t client_signature_algorithms[MAX_NUM_TLS_SIGNATURE_ALGORITHMS];
+	u_int8_t num_tls_signature_algorithms, sha1_certificate_fingerprint[20];
 	
 	struct {
 	  u_int16_t cipher_suite;
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index d96a87ce2..311c8d2f3 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -1,7 +1,7 @@
 /*
  * ndpi_content_match.c
  *
- * Copyright (C) 2011-19 - ntop.org
+ * Copyright (C) 2011-21 - ntop.org
  *
  * nDPI is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index d970980ab..939564994 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1625,6 +1625,11 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		for(i=0; i<tot_signature_algorithms_len; i++) {
 		  int rc = snprintf(&ja3.client.signature_algorithms[i*2], sizeof(ja3.client.signature_algorithms)-i*2, "%02X", packet->payload[s_offset+i]);
 
+		  if(flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms < MAX_NUM_TLS_SIGNATURE_ALGORITHMS) {
+		    if(flow->protos.tls_quic_stun.tls_quic.client_signature_algorithms[flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms])
+		      flow->protos.tls_quic_stun.tls_quic.num_tls_signature_algorithms++;
+		  }
+		  
 		  if(rc < 0) break;
 		}
 
-- 
cgit v1.2.3