Description: AES patch patch for ssldump >= 0.9b3: adds support for AES cipher-suites (to ssldump). For further information, please have a look to Novell bug ID #50952. Author: Carsten Hoeger Bug-Debian: http://bugs.debian.org/383619 --- ssl/ciphersuites.c +++ ssl/ciphersuites.c @@ -78,10 +78,22 @@ static SSL_CipherSuite CipherSuites[]={ {25,KEX_DH,SIG_NONE,ENC_DES,8,64,40,DIG_MD5,16,1}, {26,KEX_DH,SIG_NONE,ENC_DES,8,64,64,DIG_MD5,16,0}, {27,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_MD5,16,0}, + {47,KEX_RSA,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {48,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {49,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {50,KEX_DH,SIG_DSS,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {51,KEX_DH,SIG_RSA,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {52,KEX_DH,SIG_NONE,ENC_AES128,16,128,128,DIG_SHA,20,0}, + {53,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {54,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {55,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {56,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {57,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0}, + {58,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0}, {96,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_MD5,16,1}, {97,KEX_RSA,SIG_RSA,ENC_RC2,1,128,56,DIG_MD5,16,1}, {98,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,1}, - {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,16,1}, + {99,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,1}, {100,KEX_RSA,SIG_RSA,ENC_RC4,1,128,56,DIG_SHA,20,1}, {101,KEX_DH,SIG_DSS,ENC_RC4,1,128,56,DIG_SHA,20,1}, {102,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0}, --- ssl/ssl.enums +++ ssl/ssl.enums @@ -356,6 +356,18 @@ ClientKeyExchange(16) CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 }; CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B }; + CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x2F }; + CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x30 }; + CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x31 }; + CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00,0x32 }; + CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00,0x33 }; + CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00,0x34 }; + CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x35 }; + CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x36 }; + CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x37 }; + CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00,0x38 }; + CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00,0x39 }; + CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00,0x3A }; CipherSuite TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = { 0x00,0x60 }; CipherSuite TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 }; CipherSuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = { 0x00,0x62 }; --- ssl/ssl.enums.c +++ ssl/ssl.enums.c @@ -163,6 +163,7 @@ static int decode_HandshakeType_HelloReq printf("\n"); + return(0); } static int decode_HandshakeType_ClientHello(ssl,dir,seg,data) @@ -368,6 +369,7 @@ static int decode_HandshakeType_ServerHe printf("\n"); + return(0); } static int decode_HandshakeType_CertificateVerify(ssl,dir,seg,data) @@ -611,6 +613,54 @@ decoder cipher_suite_decoder[]={ "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", 0 }, { + 47, + "TLS_RSA_WITH_AES_128_CBC_SHA", + 0 }, + { + 48, + "TLS_DH_DSS_WITH_AES_128_CBC_SHA", + 0 }, + { + 49, + "TLS_DH_RSA_WITH_AES_128_CBC_SHA", + 0 }, + { + 50, + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + 0 }, + { + 51, + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + 0 }, + { + 52, + "TLS_DH_anon_WITH_AES_128_CBC_SHA", + 0 }, + { + 53, + "TLS_RSA_WITH_AES_256_CBC_SHA", + 0 }, + { + 54, + "TLS_DH_DSS_WITH_AES_256_CBC_SHA", + 0 }, + { + 55, + "TLS_DH_RSA_WITH_AES_256_CBC_SHA", + 0 }, + { + 56, + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + 0 }, + { + 57, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + 0 }, + { + 58, + "TLS_DH_anon_WITH_AES_256_CBC_SHA", + 0 }, + { 96, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5", 0 }, --- ssl/ssl_rec.c +++ ssl/ssl_rec.c @@ -78,7 +78,9 @@ static char *ciphers[]={ "DES3", "RC4", "RC2", - "IDEA" + "IDEA", + "AES128", + "AES256" }; @@ -101,6 +103,11 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,i /* Find the SSLeay cipher */ if(cs->enc!=ENC_NULL){ ciph=(EVP_CIPHER *)EVP_get_cipherbyname(ciphers[cs->enc-0x30]); + if(!ciph) + ABORT(R_INTERNAL); + } + else { + ciph=EVP_enc_null(); } if(!(dec=(ssl_rec_decoder *)calloc(sizeof(ssl_rec_decoder),1))) @@ -169,7 +176,7 @@ int ssl_decode_rec_data(ssl,d,ct,version *outl=inl; /* Now strip off the padding*/ - if(d->cs->block!=1){ + if(d->cs->block>1){ pad=out[inl-1]; *outl-=(pad+1); } --- ssl/sslciphers.h +++ ssl/sslciphers.h @@ -71,7 +71,9 @@ typedef struct SSL_CipherSuite_ { #define ENC_RC4 0x32 #define ENC_RC2 0x33 #define ENC_IDEA 0x34 -#define ENC_NULL 0x35 +#define ENC_AES128 0x35 +#define ENC_AES256 0x36 +#define ENC_NULL 0x37 #define DIG_MD5 0x40 #define DIG_SHA 0x41