wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/sniffer.c@11:cee25a834751, 2017-05-30 (annotated)

Committer:: wolfSSL
Date:: Tue May 30 01:44:10 2017 +0000
Revision:: 11:cee25a834751

wolfSSL 3.11.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	11:cee25a834751	1	/* sniffer.c
wolfSSL	11:cee25a834751	2	*
wolfSSL	11:cee25a834751	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	11:cee25a834751	4	*
wolfSSL	11:cee25a834751	5	* This file is part of wolfSSL.
wolfSSL	11:cee25a834751	6	*
wolfSSL	11:cee25a834751	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	11:cee25a834751	8	* it under the terms of the GNU General Public License as published by
wolfSSL	11:cee25a834751	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	11:cee25a834751	10	* (at your option) any later version.
wolfSSL	11:cee25a834751	11	*
wolfSSL	11:cee25a834751	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	11:cee25a834751	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	11:cee25a834751	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	11:cee25a834751	15	* GNU General Public License for more details.
wolfSSL	11:cee25a834751	16	*
wolfSSL	11:cee25a834751	17	* You should have received a copy of the GNU General Public License
wolfSSL	11:cee25a834751	18	* along with this program; if not, write to the Free Software
wolfSSL	11:cee25a834751	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	11:cee25a834751	20	*/
wolfSSL	11:cee25a834751	21
wolfSSL	11:cee25a834751	22
wolfSSL	11:cee25a834751	23	#ifdef HAVE_CONFIG_H
wolfSSL	11:cee25a834751	24	#include <config.h>
wolfSSL	11:cee25a834751	25	#endif
wolfSSL	11:cee25a834751	26
wolfSSL	11:cee25a834751	27	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	11:cee25a834751	28
wolfSSL	11:cee25a834751	29	#ifndef WOLFCRYPT_ONLY
wolfSSL	11:cee25a834751	30	#ifdef WOLFSSL_SNIFFER
wolfSSL	11:cee25a834751	31
wolfSSL	11:cee25a834751	32	#include <assert.h>
wolfSSL	11:cee25a834751	33	#include <time.h>
wolfSSL	11:cee25a834751	34
wolfSSL	11:cee25a834751	35	#ifndef _WIN32
wolfSSL	11:cee25a834751	36	#include <arpa/inet.h>
wolfSSL	11:cee25a834751	37	#endif
wolfSSL	11:cee25a834751	38
wolfSSL	11:cee25a834751	39	#ifdef _WIN32
wolfSSL	11:cee25a834751	40	#define SNPRINTF _snprintf
wolfSSL	11:cee25a834751	41	#else
wolfSSL	11:cee25a834751	42	#define SNPRINTF snprintf
wolfSSL	11:cee25a834751	43	#endif
wolfSSL	11:cee25a834751	44
wolfSSL	11:cee25a834751	45	#include <wolfssl/openssl/ssl.h>
wolfSSL	11:cee25a834751	46	#include <wolfssl/internal.h>
wolfSSL	11:cee25a834751	47	#include <wolfssl/error-ssl.h>
wolfSSL	11:cee25a834751	48	#include <wolfssl/sniffer.h>
wolfSSL	11:cee25a834751	49	#include <wolfssl/sniffer_error.h>
wolfSSL	11:cee25a834751	50	#ifdef NO_INLINE
wolfSSL	11:cee25a834751	51	#include <wolfssl/wolfcrypt/misc.h>
wolfSSL	11:cee25a834751	52	#else
wolfSSL	11:cee25a834751	53	#define WOLFSSL_MISC_INCLUDED
wolfSSL	11:cee25a834751	54	#include <wolfcrypt/src/misc.c>
wolfSSL	11:cee25a834751	55	#endif
wolfSSL	11:cee25a834751	56
wolfSSL	11:cee25a834751	57
wolfSSL	11:cee25a834751	58	#ifndef WOLFSSL_SNIFFER_TIMEOUT
wolfSSL	11:cee25a834751	59	#define WOLFSSL_SNIFFER_TIMEOUT 900
wolfSSL	11:cee25a834751	60	/* Cache unclosed Sessions for 15 minutes since last used */
wolfSSL	11:cee25a834751	61	#endif
wolfSSL	11:cee25a834751	62
wolfSSL	11:cee25a834751	63	/* Misc constants */
wolfSSL	11:cee25a834751	64	enum {
wolfSSL	11:cee25a834751	65	MAX_SERVER_ADDRESS = 128, /* maximum server address length */
wolfSSL	11:cee25a834751	66	MAX_SERVER_NAME = 128, /* maximum server name length */
wolfSSL	11:cee25a834751	67	MAX_ERROR_LEN = 80, /* maximum error length */
wolfSSL	11:cee25a834751	68	ETHER_IF_ADDR_LEN = 6, /* ethernet interface address length */
wolfSSL	11:cee25a834751	69	LOCAL_IF_ADDR_LEN = 4, /* localhost interface address length, !windows */
wolfSSL	11:cee25a834751	70	TCP_PROTO = 6, /* TCP_PROTOCOL */
wolfSSL	11:cee25a834751	71	IP_HDR_SZ = 20, /* IP header length, min */
wolfSSL	11:cee25a834751	72	TCP_HDR_SZ = 20, /* TCP header length, min */
wolfSSL	11:cee25a834751	73	IPV4 = 4, /* IP version 4 */
wolfSSL	11:cee25a834751	74	TCP_PROTOCOL = 6, /* TCP Protocol id */
wolfSSL	11:cee25a834751	75	TRACE_MSG_SZ = 80, /* Trace Message buffer size */
wolfSSL	11:cee25a834751	76	HASH_SIZE = 499, /* Session Hash Table Rows */
wolfSSL	11:cee25a834751	77	PSEUDO_HDR_SZ = 12, /* TCP Pseudo Header size in bytes */
wolfSSL	11:cee25a834751	78	FATAL_ERROR_STATE = 1, /* SnifferSession fatal error state */
wolfSSL	11:cee25a834751	79	TICKET_HINT_LEN = 4, /* Session Ticket Hint length */
wolfSSL	11:cee25a834751	80	EXT_TYPE_SZ = 2, /* Extension length */
wolfSSL	11:cee25a834751	81	MAX_INPUT_SZ = MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA +
wolfSSL	11:cee25a834751	82	MTU_EXTRA, /* Max input sz of reassembly */
wolfSSL	11:cee25a834751	83	EXT_MASTER_SECRET = 0x17, /* Extended Master Secret Extension ID */
wolfSSL	11:cee25a834751	84	TICKET_EXT_ID = 0x23 /* Session Ticket Extension ID */
wolfSSL	11:cee25a834751	85	};
wolfSSL	11:cee25a834751	86
wolfSSL	11:cee25a834751	87
wolfSSL	11:cee25a834751	88	#ifdef _WIN32
wolfSSL	11:cee25a834751	89
wolfSSL	11:cee25a834751	90	static HMODULE dllModule; /* for error string resources */
wolfSSL	11:cee25a834751	91
wolfSSL	11:cee25a834751	92	BOOL APIENTRY DllMain( HMODULE hModule,
wolfSSL	11:cee25a834751	93	DWORD ul_reason_for_call,
wolfSSL	11:cee25a834751	94	LPVOID lpReserved
wolfSSL	11:cee25a834751	95	)
wolfSSL	11:cee25a834751	96	{
wolfSSL	11:cee25a834751	97	static int didInit = 0;
wolfSSL	11:cee25a834751	98
wolfSSL	11:cee25a834751	99	switch (ul_reason_for_call)
wolfSSL	11:cee25a834751	100	{
wolfSSL	11:cee25a834751	101	case DLL_PROCESS_ATTACH:
wolfSSL	11:cee25a834751	102	if (didInit == 0) {
wolfSSL	11:cee25a834751	103	dllModule = hModule;
wolfSSL	11:cee25a834751	104	ssl_InitSniffer();
wolfSSL	11:cee25a834751	105	didInit = 1;
wolfSSL	11:cee25a834751	106	}
wolfSSL	11:cee25a834751	107	break;
wolfSSL	11:cee25a834751	108	case DLL_THREAD_ATTACH:
wolfSSL	11:cee25a834751	109	break;
wolfSSL	11:cee25a834751	110	case DLL_THREAD_DETACH:
wolfSSL	11:cee25a834751	111	break;
wolfSSL	11:cee25a834751	112	case DLL_PROCESS_DETACH:
wolfSSL	11:cee25a834751	113	if (didInit) {
wolfSSL	11:cee25a834751	114	ssl_FreeSniffer();
wolfSSL	11:cee25a834751	115	didInit = 0;
wolfSSL	11:cee25a834751	116	}
wolfSSL	11:cee25a834751	117	break;
wolfSSL	11:cee25a834751	118	}
wolfSSL	11:cee25a834751	119	return TRUE;
wolfSSL	11:cee25a834751	120	}
wolfSSL	11:cee25a834751	121
wolfSSL	11:cee25a834751	122	#endif /* _WIN32 */
wolfSSL	11:cee25a834751	123
wolfSSL	11:cee25a834751	124
wolfSSL	11:cee25a834751	125	static int TraceOn = 0; /* Trace is off by default */
wolfSSL	11:cee25a834751	126	static FILE* TraceFile = 0;
wolfSSL	11:cee25a834751	127
wolfSSL	11:cee25a834751	128
wolfSSL	11:cee25a834751	129	/* windows uses .rc table for this */
wolfSSL	11:cee25a834751	130	#ifndef _WIN32
wolfSSL	11:cee25a834751	131
wolfSSL	11:cee25a834751	132	static const char* const msgTable[] =
wolfSSL	11:cee25a834751	133	{
wolfSSL	11:cee25a834751	134	/* 1 */
wolfSSL	11:cee25a834751	135	"Out of Memory",
wolfSSL	11:cee25a834751	136	"New SSL Sniffer Server Registered",
wolfSSL	11:cee25a834751	137	"Checking IP Header",
wolfSSL	11:cee25a834751	138	"SSL Sniffer Server Not Registered",
wolfSSL	11:cee25a834751	139	"Checking TCP Header",
wolfSSL	11:cee25a834751	140
wolfSSL	11:cee25a834751	141	/* 6 */
wolfSSL	11:cee25a834751	142	"SSL Sniffer Server Port Not Registered",
wolfSSL	11:cee25a834751	143	"RSA Private Decrypt Error",
wolfSSL	11:cee25a834751	144	"RSA Private Decode Error",
wolfSSL	11:cee25a834751	145	"Set Cipher Spec Error",
wolfSSL	11:cee25a834751	146	"Server Hello Input Malformed",
wolfSSL	11:cee25a834751	147
wolfSSL	11:cee25a834751	148	/* 11 */
wolfSSL	11:cee25a834751	149	"Couldn't Resume Session Error",
wolfSSL	11:cee25a834751	150	"Server Did Resumption",
wolfSSL	11:cee25a834751	151	"Client Hello Input Malformed",
wolfSSL	11:cee25a834751	152	"Client Trying to Resume",
wolfSSL	11:cee25a834751	153	"Handshake Input Malformed",
wolfSSL	11:cee25a834751	154
wolfSSL	11:cee25a834751	155	/* 16 */
wolfSSL	11:cee25a834751	156	"Got Hello Verify msg",
wolfSSL	11:cee25a834751	157	"Got Server Hello msg",
wolfSSL	11:cee25a834751	158	"Got Cert Request msg",
wolfSSL	11:cee25a834751	159	"Got Server Key Exchange msg",
wolfSSL	11:cee25a834751	160	"Got Cert msg",
wolfSSL	11:cee25a834751	161
wolfSSL	11:cee25a834751	162	/* 21 */
wolfSSL	11:cee25a834751	163	"Got Server Hello Done msg",
wolfSSL	11:cee25a834751	164	"Got Finished msg",
wolfSSL	11:cee25a834751	165	"Got Client Hello msg",
wolfSSL	11:cee25a834751	166	"Got Client Key Exchange msg",
wolfSSL	11:cee25a834751	167	"Got Cert Verify msg",
wolfSSL	11:cee25a834751	168
wolfSSL	11:cee25a834751	169	/* 26 */
wolfSSL	11:cee25a834751	170	"Got Unknown Handshake msg",
wolfSSL	11:cee25a834751	171	"New SSL Sniffer Session created",
wolfSSL	11:cee25a834751	172	"Couldn't create new SSL",
wolfSSL	11:cee25a834751	173	"Got a Packet to decode",
wolfSSL	11:cee25a834751	174	"No data present",
wolfSSL	11:cee25a834751	175
wolfSSL	11:cee25a834751	176	/* 31 */
wolfSSL	11:cee25a834751	177	"Session Not Found",
wolfSSL	11:cee25a834751	178	"Got an Old Client Hello msg",
wolfSSL	11:cee25a834751	179	"Old Client Hello Input Malformed",
wolfSSL	11:cee25a834751	180	"Old Client Hello OK",
wolfSSL	11:cee25a834751	181	"Bad Old Client Hello",
wolfSSL	11:cee25a834751	182
wolfSSL	11:cee25a834751	183	/* 36 */
wolfSSL	11:cee25a834751	184	"Bad Record Header",
wolfSSL	11:cee25a834751	185	"Record Header Input Malformed",
wolfSSL	11:cee25a834751	186	"Got a HandShake msg",
wolfSSL	11:cee25a834751	187	"Bad HandShake msg",
wolfSSL	11:cee25a834751	188	"Got a Change Cipher Spec msg",
wolfSSL	11:cee25a834751	189
wolfSSL	11:cee25a834751	190	/* 41 */
wolfSSL	11:cee25a834751	191	"Got Application Data msg",
wolfSSL	11:cee25a834751	192	"Bad Application Data",
wolfSSL	11:cee25a834751	193	"Got an Alert msg",
wolfSSL	11:cee25a834751	194	"Another msg to Process",
wolfSSL	11:cee25a834751	195	"Removing Session From Table",
wolfSSL	11:cee25a834751	196
wolfSSL	11:cee25a834751	197	/* 46 */
wolfSSL	11:cee25a834751	198	"Bad Key File",
wolfSSL	11:cee25a834751	199	"Wrong IP Version",
wolfSSL	11:cee25a834751	200	"Wrong Protocol type",
wolfSSL	11:cee25a834751	201	"Packet Short for header processing",
wolfSSL	11:cee25a834751	202	"Got Unknown Record Type",
wolfSSL	11:cee25a834751	203
wolfSSL	11:cee25a834751	204	/* 51 */
wolfSSL	11:cee25a834751	205	"Can't Open Trace File",
wolfSSL	11:cee25a834751	206	"Session in Fatal Error State",
wolfSSL	11:cee25a834751	207	"Partial SSL record received",
wolfSSL	11:cee25a834751	208	"Buffer Error, malformed input",
wolfSSL	11:cee25a834751	209	"Added to Partial Input",
wolfSSL	11:cee25a834751	210
wolfSSL	11:cee25a834751	211	/* 56 */
wolfSSL	11:cee25a834751	212	"Received a Duplicate Packet",
wolfSSL	11:cee25a834751	213	"Received an Out of Order Packet",
wolfSSL	11:cee25a834751	214	"Received an Overlap Duplicate Packet",
wolfSSL	11:cee25a834751	215	"Received an Overlap Reassembly Begin Duplicate Packet",
wolfSSL	11:cee25a834751	216	"Received an Overlap Reassembly End Duplicate Packet",
wolfSSL	11:cee25a834751	217
wolfSSL	11:cee25a834751	218	/* 61 */
wolfSSL	11:cee25a834751	219	"Missed the Client Hello Entirely",
wolfSSL	11:cee25a834751	220	"Got Hello Request msg",
wolfSSL	11:cee25a834751	221	"Got Session Ticket msg",
wolfSSL	11:cee25a834751	222	"Bad Input",
wolfSSL	11:cee25a834751	223	"Bad Decrypt Type",
wolfSSL	11:cee25a834751	224
wolfSSL	11:cee25a834751	225	/* 66 */
wolfSSL	11:cee25a834751	226	"Bad Finished Message Processing",
wolfSSL	11:cee25a834751	227	"Bad Compression Type",
wolfSSL	11:cee25a834751	228	"Bad DeriveKeys Error",
wolfSSL	11:cee25a834751	229	"Saw ACK for Missing Packet Error",
wolfSSL	11:cee25a834751	230	"Bad Decrypt Operation",
wolfSSL	11:cee25a834751	231
wolfSSL	11:cee25a834751	232	/* 71 */
wolfSSL	11:cee25a834751	233	"Decrypt Keys Not Set Up",
wolfSSL	11:cee25a834751	234	"Late Key Load Error",
wolfSSL	11:cee25a834751	235	"Got Certificate Status msg",
wolfSSL	11:cee25a834751	236	"RSA Key Missing Error",
wolfSSL	11:cee25a834751	237	"Secure Renegotiation Not Supported",
wolfSSL	11:cee25a834751	238
wolfSSL	11:cee25a834751	239	/* 76 */
wolfSSL	11:cee25a834751	240	"Get Session Stats Failure",
wolfSSL	11:cee25a834751	241	"Reassembly Buffer Size Exceeded",
wolfSSL	11:cee25a834751	242	"Dropping Lost Fragment",
wolfSSL	11:cee25a834751	243	"Dropping Partial Record",
wolfSSL	11:cee25a834751	244	"Clear ACK Fault",
wolfSSL	11:cee25a834751	245
wolfSSL	11:cee25a834751	246	/* 81 */
wolfSSL	11:cee25a834751	247	"Bad Decrypt Size",
wolfSSL	11:cee25a834751	248	"Extended Master Secret Hash Error"
wolfSSL	11:cee25a834751	249	};
wolfSSL	11:cee25a834751	250
wolfSSL	11:cee25a834751	251
wolfSSL	11:cee25a834751	252	/* nix version uses table above /
wolfSSL	11:cee25a834751	253	static void GetError(int idx, char* str)
wolfSSL	11:cee25a834751	254	{
wolfSSL	11:cee25a834751	255	XSTRNCPY(str, msgTable[idx - 1], MAX_ERROR_LEN);
wolfSSL	11:cee25a834751	256	}
wolfSSL	11:cee25a834751	257
wolfSSL	11:cee25a834751	258
wolfSSL	11:cee25a834751	259	#else /* _WIN32 */
wolfSSL	11:cee25a834751	260
wolfSSL	11:cee25a834751	261
wolfSSL	11:cee25a834751	262	/* Windows version uses .rc table */
wolfSSL	11:cee25a834751	263	static void GetError(int idx, char* buffer)
wolfSSL	11:cee25a834751	264	{
wolfSSL	11:cee25a834751	265	if (!LoadStringA(dllModule, idx, buffer, MAX_ERROR_LEN))
wolfSSL	11:cee25a834751	266	buffer[0] = 0;
wolfSSL	11:cee25a834751	267	}
wolfSSL	11:cee25a834751	268
wolfSSL	11:cee25a834751	269
wolfSSL	11:cee25a834751	270	#endif /* _WIN32 */
wolfSSL	11:cee25a834751	271
wolfSSL	11:cee25a834751	272
wolfSSL	11:cee25a834751	273	/* Packet Buffer for reassembly list and ready list */
wolfSSL	11:cee25a834751	274	typedef struct PacketBuffer {
wolfSSL	11:cee25a834751	275	word32 begin; /* relative sequence begin */
wolfSSL	11:cee25a834751	276	word32 end; /* relative sequence end */
wolfSSL	11:cee25a834751	277	byte* data; /* actual data */
wolfSSL	11:cee25a834751	278	struct PacketBuffer* next; /* next on reassembly list or ready list */
wolfSSL	11:cee25a834751	279	} PacketBuffer;
wolfSSL	11:cee25a834751	280
wolfSSL	11:cee25a834751	281
wolfSSL	11:cee25a834751	282	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	283
wolfSSL	11:cee25a834751	284	/* NamedKey maps a SNI name to a specific private key */
wolfSSL	11:cee25a834751	285	typedef struct NamedKey {
wolfSSL	11:cee25a834751	286	char name[MAX_SERVER_NAME]; /* server DNS name */
wolfSSL	11:cee25a834751	287	word32 nameSz; /* size of server DNS name */
wolfSSL	11:cee25a834751	288	byte* key; /* DER private key */
wolfSSL	11:cee25a834751	289	word32 keySz; /* size of DER private key */
wolfSSL	11:cee25a834751	290	struct NamedKey* next; /* for list */
wolfSSL	11:cee25a834751	291	} NamedKey;
wolfSSL	11:cee25a834751	292
wolfSSL	11:cee25a834751	293	#endif
wolfSSL	11:cee25a834751	294
wolfSSL	11:cee25a834751	295
wolfSSL	11:cee25a834751	296	/* Sniffer Server holds info for each server/port monitored */
wolfSSL	11:cee25a834751	297	typedef struct SnifferServer {
wolfSSL	11:cee25a834751	298	SSL_CTX* ctx; /* SSL context */
wolfSSL	11:cee25a834751	299	char address[MAX_SERVER_ADDRESS]; /* passed in server address */
wolfSSL	11:cee25a834751	300	word32 server; /* netowrk order address */
wolfSSL	11:cee25a834751	301	int port; /* server port */
wolfSSL	11:cee25a834751	302	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	303	NamedKey* namedKeys; /* mapping of names and keys */
wolfSSL	11:cee25a834751	304	wolfSSL_Mutex namedKeysMutex; /* mutex for namedKey list */
wolfSSL	11:cee25a834751	305	#endif
wolfSSL	11:cee25a834751	306	struct SnifferServer* next; /* for list */
wolfSSL	11:cee25a834751	307	} SnifferServer;
wolfSSL	11:cee25a834751	308
wolfSSL	11:cee25a834751	309
wolfSSL	11:cee25a834751	310	/* Session Flags */
wolfSSL	11:cee25a834751	311	typedef struct Flags {
wolfSSL	11:cee25a834751	312	byte side; /* which end is current packet headed */
wolfSSL	11:cee25a834751	313	byte serverCipherOn; /* indicates whether cipher is active */
wolfSSL	11:cee25a834751	314	byte clientCipherOn; /* indicates whether cipher is active */
wolfSSL	11:cee25a834751	315	byte resuming; /* did this session come from resumption */
wolfSSL	11:cee25a834751	316	byte cached; /* have we cached this session yet */
wolfSSL	11:cee25a834751	317	byte clientHello; /* processed client hello yet, for SSLv2 */
wolfSSL	11:cee25a834751	318	byte finCount; /* get both FINs before removing */
wolfSSL	11:cee25a834751	319	byte fatalError; /* fatal error state */
wolfSSL	11:cee25a834751	320	byte cliAckFault; /* client acked unseen data from server */
wolfSSL	11:cee25a834751	321	byte srvAckFault; /* server acked unseen data from client */
wolfSSL	11:cee25a834751	322	byte cliSkipPartial; /* client skips partial data to catch up */
wolfSSL	11:cee25a834751	323	byte srvSkipPartial; /* server skips partial data to catch up */
wolfSSL	11:cee25a834751	324	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	11:cee25a834751	325	byte expectEms; /* expect extended master secret */
wolfSSL	11:cee25a834751	326	#endif
wolfSSL	11:cee25a834751	327	} Flags;
wolfSSL	11:cee25a834751	328
wolfSSL	11:cee25a834751	329
wolfSSL	11:cee25a834751	330	/* Out of Order FIN caputre */
wolfSSL	11:cee25a834751	331	typedef struct FinCaputre {
wolfSSL	11:cee25a834751	332	word32 cliFinSeq; /* client relative sequence FIN 0 is no */
wolfSSL	11:cee25a834751	333	word32 srvFinSeq; /* server relative sequence FIN, 0 is no */
wolfSSL	11:cee25a834751	334	byte cliCounted; /* did we count yet, detects duplicates */
wolfSSL	11:cee25a834751	335	byte srvCounted; /* did we count yet, detects duplicates */
wolfSSL	11:cee25a834751	336	} FinCaputre;
wolfSSL	11:cee25a834751	337
wolfSSL	11:cee25a834751	338
wolfSSL	11:cee25a834751	339	typedef struct HsHashes {
wolfSSL	11:cee25a834751	340	#ifndef NO_OLD_TLS
wolfSSL	11:cee25a834751	341	#ifndef NO_SHA
wolfSSL	11:cee25a834751	342	Sha hashSha;
wolfSSL	11:cee25a834751	343	#endif
wolfSSL	11:cee25a834751	344	#ifndef NO_MD5
wolfSSL	11:cee25a834751	345	Md5 hashMd5;
wolfSSL	11:cee25a834751	346	#endif
wolfSSL	11:cee25a834751	347	#endif
wolfSSL	11:cee25a834751	348	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	349	Sha256 hashSha256;
wolfSSL	11:cee25a834751	350	#endif
wolfSSL	11:cee25a834751	351	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	352	Sha384 hashSha384;
wolfSSL	11:cee25a834751	353	#endif
wolfSSL	11:cee25a834751	354	} HsHashes;
wolfSSL	11:cee25a834751	355
wolfSSL	11:cee25a834751	356
wolfSSL	11:cee25a834751	357	/* Sniffer Session holds info for each client/server SSL/TLS session */
wolfSSL	11:cee25a834751	358	typedef struct SnifferSession {
wolfSSL	11:cee25a834751	359	SnifferServer* context; /* server context */
wolfSSL	11:cee25a834751	360	SSL* sslServer; /* SSL server side decode */
wolfSSL	11:cee25a834751	361	SSL* sslClient; /* SSL client side decode */
wolfSSL	11:cee25a834751	362	word32 server; /* server address in network byte order */
wolfSSL	11:cee25a834751	363	word32 client; /* client address in network byte order */
wolfSSL	11:cee25a834751	364	word16 srvPort; /* server port */
wolfSSL	11:cee25a834751	365	word16 cliPort; /* client port */
wolfSSL	11:cee25a834751	366	word32 cliSeqStart; /* client start sequence */
wolfSSL	11:cee25a834751	367	word32 srvSeqStart; /* server start sequence */
wolfSSL	11:cee25a834751	368	word32 cliExpected; /* client expected sequence (relative) */
wolfSSL	11:cee25a834751	369	word32 srvExpected; /* server expected sequence (relative) */
wolfSSL	11:cee25a834751	370	FinCaputre finCaputre; /* retain out of order FIN s */
wolfSSL	11:cee25a834751	371	Flags flags; /* session flags */
wolfSSL	11:cee25a834751	372	time_t lastUsed; /* last used ticks */
wolfSSL	11:cee25a834751	373	PacketBuffer* cliReassemblyList; /* client out of order packets */
wolfSSL	11:cee25a834751	374	PacketBuffer* srvReassemblyList; /* server out of order packets */
wolfSSL	11:cee25a834751	375	word32 cliReassemblyMemory; /* client packet memory used */
wolfSSL	11:cee25a834751	376	word32 srvReassemblyMemory; /* server packet memory used */
wolfSSL	11:cee25a834751	377	struct SnifferSession* next; /* for hash table list */
wolfSSL	11:cee25a834751	378	byte* ticketID; /* mac ID of session ticket */
wolfSSL	11:cee25a834751	379	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	11:cee25a834751	380	HsHashes* hash;
wolfSSL	11:cee25a834751	381	#endif
wolfSSL	11:cee25a834751	382	} SnifferSession;
wolfSSL	11:cee25a834751	383
wolfSSL	11:cee25a834751	384
wolfSSL	11:cee25a834751	385	/* Sniffer Server List and mutex */
wolfSSL	11:cee25a834751	386	static SnifferServer* ServerList = 0;
wolfSSL	11:cee25a834751	387	static wolfSSL_Mutex ServerListMutex;
wolfSSL	11:cee25a834751	388
wolfSSL	11:cee25a834751	389
wolfSSL	11:cee25a834751	390	/* Session Hash Table, mutex, and count */
wolfSSL	11:cee25a834751	391	static SnifferSession* SessionTable[HASH_SIZE];
wolfSSL	11:cee25a834751	392	static wolfSSL_Mutex SessionMutex;
wolfSSL	11:cee25a834751	393	static int SessionCount = 0;
wolfSSL	11:cee25a834751	394
wolfSSL	11:cee25a834751	395	/* Recovery of missed data switches and stats */
wolfSSL	11:cee25a834751	396	static wolfSSL_Mutex RecoveryMutex; /* for stats */
wolfSSL	11:cee25a834751	397	static int RecoveryEnabled = 0; /* global switch */
wolfSSL	11:cee25a834751	398	static int MaxRecoveryMemory = -1; /* per session max recovery memory */
wolfSSL	11:cee25a834751	399	static word32 MissedDataSessions = 0; /* # of sessions with missed data */
wolfSSL	11:cee25a834751	400
wolfSSL	11:cee25a834751	401
wolfSSL	11:cee25a834751	402	static void UpdateMissedDataSessions(void)
wolfSSL	11:cee25a834751	403	{
wolfSSL	11:cee25a834751	404	wc_LockMutex(&RecoveryMutex);
wolfSSL	11:cee25a834751	405	MissedDataSessions += 1;
wolfSSL	11:cee25a834751	406	wc_UnLockMutex(&RecoveryMutex);
wolfSSL	11:cee25a834751	407	}
wolfSSL	11:cee25a834751	408
wolfSSL	11:cee25a834751	409
wolfSSL	11:cee25a834751	410	/* Initialize overall Sniffer */
wolfSSL	11:cee25a834751	411	void ssl_InitSniffer(void)
wolfSSL	11:cee25a834751	412	{
wolfSSL	11:cee25a834751	413	wolfSSL_Init();
wolfSSL	11:cee25a834751	414	wc_InitMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	415	wc_InitMutex(&SessionMutex);
wolfSSL	11:cee25a834751	416	wc_InitMutex(&RecoveryMutex);
wolfSSL	11:cee25a834751	417	}
wolfSSL	11:cee25a834751	418
wolfSSL	11:cee25a834751	419
wolfSSL	11:cee25a834751	420	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	421
wolfSSL	11:cee25a834751	422	/* Free Named Key and the zero out the private key it holds */
wolfSSL	11:cee25a834751	423	static void FreeNamedKey(NamedKey* in)
wolfSSL	11:cee25a834751	424	{
wolfSSL	11:cee25a834751	425	if (in) {
wolfSSL	11:cee25a834751	426	if (in->key) {
wolfSSL	11:cee25a834751	427	ForceZero(in->key, in->keySz);
wolfSSL	11:cee25a834751	428	free(in->key);
wolfSSL	11:cee25a834751	429	}
wolfSSL	11:cee25a834751	430	free(in);
wolfSSL	11:cee25a834751	431	}
wolfSSL	11:cee25a834751	432	}
wolfSSL	11:cee25a834751	433
wolfSSL	11:cee25a834751	434
wolfSSL	11:cee25a834751	435	static void FreeNamedKeyList(NamedKey* in)
wolfSSL	11:cee25a834751	436	{
wolfSSL	11:cee25a834751	437	NamedKey* next;
wolfSSL	11:cee25a834751	438
wolfSSL	11:cee25a834751	439	while (in) {
wolfSSL	11:cee25a834751	440	next = in->next;
wolfSSL	11:cee25a834751	441	FreeNamedKey(in);
wolfSSL	11:cee25a834751	442	in = next;
wolfSSL	11:cee25a834751	443	}
wolfSSL	11:cee25a834751	444	}
wolfSSL	11:cee25a834751	445
wolfSSL	11:cee25a834751	446	#endif
wolfSSL	11:cee25a834751	447
wolfSSL	11:cee25a834751	448
wolfSSL	11:cee25a834751	449	/* Free Sniffer Server's resources/self */
wolfSSL	11:cee25a834751	450	static void FreeSnifferServer(SnifferServer* srv)
wolfSSL	11:cee25a834751	451	{
wolfSSL	11:cee25a834751	452	if (srv) {
wolfSSL	11:cee25a834751	453	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	454	wc_LockMutex(&srv->namedKeysMutex);
wolfSSL	11:cee25a834751	455	FreeNamedKeyList(srv->namedKeys);
wolfSSL	11:cee25a834751	456	wc_UnLockMutex(&srv->namedKeysMutex);
wolfSSL	11:cee25a834751	457	wc_FreeMutex(&srv->namedKeysMutex);
wolfSSL	11:cee25a834751	458	#endif
wolfSSL	11:cee25a834751	459	SSL_CTX_free(srv->ctx);
wolfSSL	11:cee25a834751	460	}
wolfSSL	11:cee25a834751	461	free(srv);
wolfSSL	11:cee25a834751	462	}
wolfSSL	11:cee25a834751	463
wolfSSL	11:cee25a834751	464
wolfSSL	11:cee25a834751	465	/* free PacketBuffer's resources/self */
wolfSSL	11:cee25a834751	466	static void FreePacketBuffer(PacketBuffer* del)
wolfSSL	11:cee25a834751	467	{
wolfSSL	11:cee25a834751	468	if (del) {
wolfSSL	11:cee25a834751	469	free(del->data);
wolfSSL	11:cee25a834751	470	free(del);
wolfSSL	11:cee25a834751	471	}
wolfSSL	11:cee25a834751	472	}
wolfSSL	11:cee25a834751	473
wolfSSL	11:cee25a834751	474
wolfSSL	11:cee25a834751	475	/* remove PacketBuffer List */
wolfSSL	11:cee25a834751	476	static void FreePacketList(PacketBuffer* in)
wolfSSL	11:cee25a834751	477	{
wolfSSL	11:cee25a834751	478	if (in) {
wolfSSL	11:cee25a834751	479	PacketBuffer* del;
wolfSSL	11:cee25a834751	480	PacketBuffer* packet = in;
wolfSSL	11:cee25a834751	481
wolfSSL	11:cee25a834751	482	while (packet) {
wolfSSL	11:cee25a834751	483	del = packet;
wolfSSL	11:cee25a834751	484	packet = packet->next;
wolfSSL	11:cee25a834751	485	FreePacketBuffer(del);
wolfSSL	11:cee25a834751	486	}
wolfSSL	11:cee25a834751	487	}
wolfSSL	11:cee25a834751	488	}
wolfSSL	11:cee25a834751	489
wolfSSL	11:cee25a834751	490
wolfSSL	11:cee25a834751	491	/* Free Sniffer Session's resources/self */
wolfSSL	11:cee25a834751	492	static void FreeSnifferSession(SnifferSession* session)
wolfSSL	11:cee25a834751	493	{
wolfSSL	11:cee25a834751	494	if (session) {
wolfSSL	11:cee25a834751	495	SSL_free(session->sslClient);
wolfSSL	11:cee25a834751	496	SSL_free(session->sslServer);
wolfSSL	11:cee25a834751	497
wolfSSL	11:cee25a834751	498	FreePacketList(session->cliReassemblyList);
wolfSSL	11:cee25a834751	499	FreePacketList(session->srvReassemblyList);
wolfSSL	11:cee25a834751	500
wolfSSL	11:cee25a834751	501	free(session->ticketID);
wolfSSL	11:cee25a834751	502	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	11:cee25a834751	503	free(session->hash);
wolfSSL	11:cee25a834751	504	#endif
wolfSSL	11:cee25a834751	505	}
wolfSSL	11:cee25a834751	506	free(session);
wolfSSL	11:cee25a834751	507	}
wolfSSL	11:cee25a834751	508
wolfSSL	11:cee25a834751	509
wolfSSL	11:cee25a834751	510	/* Free overall Sniffer */
wolfSSL	11:cee25a834751	511	void ssl_FreeSniffer(void)
wolfSSL	11:cee25a834751	512	{
wolfSSL	11:cee25a834751	513	SnifferServer* srv;
wolfSSL	11:cee25a834751	514	SnifferServer* removeServer;
wolfSSL	11:cee25a834751	515	SnifferSession* session;
wolfSSL	11:cee25a834751	516	SnifferSession* removeSession;
wolfSSL	11:cee25a834751	517	int i;
wolfSSL	11:cee25a834751	518
wolfSSL	11:cee25a834751	519	wc_LockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	520	wc_LockMutex(&SessionMutex);
wolfSSL	11:cee25a834751	521
wolfSSL	11:cee25a834751	522	srv = ServerList;
wolfSSL	11:cee25a834751	523	while (srv) {
wolfSSL	11:cee25a834751	524	removeServer = srv;
wolfSSL	11:cee25a834751	525	srv = srv->next;
wolfSSL	11:cee25a834751	526	FreeSnifferServer(removeServer);
wolfSSL	11:cee25a834751	527	}
wolfSSL	11:cee25a834751	528
wolfSSL	11:cee25a834751	529	for (i = 0; i < HASH_SIZE; i++) {
wolfSSL	11:cee25a834751	530	session = SessionTable[i];
wolfSSL	11:cee25a834751	531	while (session) {
wolfSSL	11:cee25a834751	532	removeSession = session;
wolfSSL	11:cee25a834751	533	session = session->next;
wolfSSL	11:cee25a834751	534	FreeSnifferSession(removeSession);
wolfSSL	11:cee25a834751	535	}
wolfSSL	11:cee25a834751	536	}
wolfSSL	11:cee25a834751	537
wolfSSL	11:cee25a834751	538	wc_UnLockMutex(&SessionMutex);
wolfSSL	11:cee25a834751	539	wc_UnLockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	540
wolfSSL	11:cee25a834751	541	wc_FreeMutex(&RecoveryMutex);
wolfSSL	11:cee25a834751	542	wc_FreeMutex(&SessionMutex);
wolfSSL	11:cee25a834751	543	wc_FreeMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	544
wolfSSL	11:cee25a834751	545	if (TraceFile) {
wolfSSL	11:cee25a834751	546	TraceOn = 0;
wolfSSL	11:cee25a834751	547	fclose(TraceFile);
wolfSSL	11:cee25a834751	548	TraceFile = NULL;
wolfSSL	11:cee25a834751	549	}
wolfSSL	11:cee25a834751	550
wolfSSL	11:cee25a834751	551	wolfSSL_Cleanup();
wolfSSL	11:cee25a834751	552	}
wolfSSL	11:cee25a834751	553
wolfSSL	11:cee25a834751	554
wolfSSL	11:cee25a834751	555	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	11:cee25a834751	556
wolfSSL	11:cee25a834751	557	static int HashInit(HsHashes* hash)
wolfSSL	11:cee25a834751	558	{
wolfSSL	11:cee25a834751	559	int ret = 0;
wolfSSL	11:cee25a834751	560
wolfSSL	11:cee25a834751	561	XMEMSET(hash, 0, sizeof(HsHashes));
wolfSSL	11:cee25a834751	562
wolfSSL	11:cee25a834751	563	#ifndef NO_OLD_TLS
wolfSSL	11:cee25a834751	564	#ifndef NO_SHA
wolfSSL	11:cee25a834751	565	if (ret == 0)
wolfSSL	11:cee25a834751	566	ret = wc_InitSha(&hash->hashSha);
wolfSSL	11:cee25a834751	567	#endif
wolfSSL	11:cee25a834751	568	#ifndef NO_MD5
wolfSSL	11:cee25a834751	569	if (ret == 0)
wolfSSL	11:cee25a834751	570	wc_InitMd5(&hash->hashMd5);
wolfSSL	11:cee25a834751	571	#endif
wolfSSL	11:cee25a834751	572	#endif
wolfSSL	11:cee25a834751	573	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	574	if (ret == 0)
wolfSSL	11:cee25a834751	575	ret = wc_InitSha256(&hash->hashSha256);
wolfSSL	11:cee25a834751	576	#endif
wolfSSL	11:cee25a834751	577	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	578	if (ret == 0)
wolfSSL	11:cee25a834751	579	ret = wc_InitSha384(&hash->hashSha384);
wolfSSL	11:cee25a834751	580	#endif
wolfSSL	11:cee25a834751	581
wolfSSL	11:cee25a834751	582	return ret;
wolfSSL	11:cee25a834751	583	}
wolfSSL	11:cee25a834751	584
wolfSSL	11:cee25a834751	585
wolfSSL	11:cee25a834751	586	static int HashUpdate(HsHashes* hash, const byte* input, int sz)
wolfSSL	11:cee25a834751	587	{
wolfSSL	11:cee25a834751	588	int ret = 0;
wolfSSL	11:cee25a834751	589
wolfSSL	11:cee25a834751	590	input -= HANDSHAKE_HEADER_SZ;
wolfSSL	11:cee25a834751	591	sz += HANDSHAKE_HEADER_SZ;
wolfSSL	11:cee25a834751	592
wolfSSL	11:cee25a834751	593	#ifndef NO_OLD_TLS
wolfSSL	11:cee25a834751	594	#ifndef NO_SHA
wolfSSL	11:cee25a834751	595	if (ret == 0)
wolfSSL	11:cee25a834751	596	ret = wc_ShaUpdate(&hash->hashSha, input, sz);
wolfSSL	11:cee25a834751	597	#endif
wolfSSL	11:cee25a834751	598	#ifndef NO_MD5
wolfSSL	11:cee25a834751	599	if (ret == 0)
wolfSSL	11:cee25a834751	600	wc_Md5Update(&hash->hashMd5, input, sz);
wolfSSL	11:cee25a834751	601	#endif
wolfSSL	11:cee25a834751	602	#endif
wolfSSL	11:cee25a834751	603	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	604	if (ret == 0)
wolfSSL	11:cee25a834751	605	ret = wc_Sha256Update(&hash->hashSha256, input, sz);
wolfSSL	11:cee25a834751	606	#endif
wolfSSL	11:cee25a834751	607	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	608	if (ret == 0)
wolfSSL	11:cee25a834751	609	ret = wc_Sha384Update(&hash->hashSha384, input, sz);
wolfSSL	11:cee25a834751	610	#endif
wolfSSL	11:cee25a834751	611
wolfSSL	11:cee25a834751	612	return ret;
wolfSSL	11:cee25a834751	613	}
wolfSSL	11:cee25a834751	614
wolfSSL	11:cee25a834751	615
wolfSSL	11:cee25a834751	616	static int HashCopy(HS_Hashes* d, HsHashes* s)
wolfSSL	11:cee25a834751	617	{
wolfSSL	11:cee25a834751	618	#ifndef NO_OLD_TLS
wolfSSL	11:cee25a834751	619	#ifndef NO_SHA
wolfSSL	11:cee25a834751	620	XMEMCPY(&d->hashSha, &s->hashSha, sizeof(Sha));
wolfSSL	11:cee25a834751	621	#endif
wolfSSL	11:cee25a834751	622	#ifndef NO_MD5
wolfSSL	11:cee25a834751	623	XMEMCPY(&d->hashMd5, &s->hashMd5, sizeof(Md5));
wolfSSL	11:cee25a834751	624	#endif
wolfSSL	11:cee25a834751	625	#endif
wolfSSL	11:cee25a834751	626
wolfSSL	11:cee25a834751	627	#ifndef NO_SHA256
wolfSSL	11:cee25a834751	628	XMEMCPY(&d->hashSha256, &s->hashSha256, sizeof(Sha256));
wolfSSL	11:cee25a834751	629	#endif
wolfSSL	11:cee25a834751	630	#ifdef WOLFSSL_SHA384
wolfSSL	11:cee25a834751	631	XMEMCPY(&d->hashSha384, &s->hashSha384, sizeof(Sha384));
wolfSSL	11:cee25a834751	632	#endif
wolfSSL	11:cee25a834751	633
wolfSSL	11:cee25a834751	634	return 0;
wolfSSL	11:cee25a834751	635	}
wolfSSL	11:cee25a834751	636
wolfSSL	11:cee25a834751	637	#endif
wolfSSL	11:cee25a834751	638
wolfSSL	11:cee25a834751	639
wolfSSL	11:cee25a834751	640	/* Initialize a SnifferServer */
wolfSSL	11:cee25a834751	641	static void InitSnifferServer(SnifferServer* sniffer)
wolfSSL	11:cee25a834751	642	{
wolfSSL	11:cee25a834751	643	sniffer->ctx = 0;
wolfSSL	11:cee25a834751	644	XMEMSET(sniffer->address, 0, MAX_SERVER_ADDRESS);
wolfSSL	11:cee25a834751	645	sniffer->server = 0;
wolfSSL	11:cee25a834751	646	sniffer->port = 0;
wolfSSL	11:cee25a834751	647	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	648	sniffer->namedKeys = 0;
wolfSSL	11:cee25a834751	649	wc_InitMutex(&sniffer->namedKeysMutex);
wolfSSL	11:cee25a834751	650	#endif
wolfSSL	11:cee25a834751	651	sniffer->next = 0;
wolfSSL	11:cee25a834751	652	}
wolfSSL	11:cee25a834751	653
wolfSSL	11:cee25a834751	654
wolfSSL	11:cee25a834751	655	/* Initialize session flags */
wolfSSL	11:cee25a834751	656	static void InitFlags(Flags* flags)
wolfSSL	11:cee25a834751	657	{
wolfSSL	11:cee25a834751	658	flags->side = 0;
wolfSSL	11:cee25a834751	659	flags->serverCipherOn = 0;
wolfSSL	11:cee25a834751	660	flags->clientCipherOn = 0;
wolfSSL	11:cee25a834751	661	flags->resuming = 0;
wolfSSL	11:cee25a834751	662	flags->cached = 0;
wolfSSL	11:cee25a834751	663	flags->clientHello = 0;
wolfSSL	11:cee25a834751	664	flags->finCount = 0;
wolfSSL	11:cee25a834751	665	flags->fatalError = 0;
wolfSSL	11:cee25a834751	666	flags->cliAckFault = 0;
wolfSSL	11:cee25a834751	667	flags->srvAckFault = 0;
wolfSSL	11:cee25a834751	668	flags->cliSkipPartial = 0;
wolfSSL	11:cee25a834751	669	flags->srvSkipPartial = 0;
wolfSSL	11:cee25a834751	670	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	11:cee25a834751	671	flags->expectEms = 0;
wolfSSL	11:cee25a834751	672	#endif
wolfSSL	11:cee25a834751	673	}
wolfSSL	11:cee25a834751	674
wolfSSL	11:cee25a834751	675
wolfSSL	11:cee25a834751	676	/* Initialize FIN Capture */
wolfSSL	11:cee25a834751	677	static void InitFinCapture(FinCaputre* cap)
wolfSSL	11:cee25a834751	678	{
wolfSSL	11:cee25a834751	679	cap->cliFinSeq = 0;
wolfSSL	11:cee25a834751	680	cap->srvFinSeq = 0;
wolfSSL	11:cee25a834751	681	cap->cliCounted = 0;
wolfSSL	11:cee25a834751	682	cap->srvCounted = 0;
wolfSSL	11:cee25a834751	683	}
wolfSSL	11:cee25a834751	684
wolfSSL	11:cee25a834751	685
wolfSSL	11:cee25a834751	686	/* Initialize a Sniffer Session */
wolfSSL	11:cee25a834751	687	static void InitSession(SnifferSession* session)
wolfSSL	11:cee25a834751	688	{
wolfSSL	11:cee25a834751	689	session->context = 0;
wolfSSL	11:cee25a834751	690	session->sslServer = 0;
wolfSSL	11:cee25a834751	691	session->sslClient = 0;
wolfSSL	11:cee25a834751	692	session->server = 0;
wolfSSL	11:cee25a834751	693	session->client = 0;
wolfSSL	11:cee25a834751	694	session->srvPort = 0;
wolfSSL	11:cee25a834751	695	session->cliPort = 0;
wolfSSL	11:cee25a834751	696	session->cliSeqStart = 0;
wolfSSL	11:cee25a834751	697	session->srvSeqStart = 0;
wolfSSL	11:cee25a834751	698	session->cliExpected = 0;
wolfSSL	11:cee25a834751	699	session->srvExpected = 0;
wolfSSL	11:cee25a834751	700	session->lastUsed = 0;
wolfSSL	11:cee25a834751	701	session->cliReassemblyList = 0;
wolfSSL	11:cee25a834751	702	session->srvReassemblyList = 0;
wolfSSL	11:cee25a834751	703	session->cliReassemblyMemory = 0;
wolfSSL	11:cee25a834751	704	session->srvReassemblyMemory = 0;
wolfSSL	11:cee25a834751	705	session->next = 0;
wolfSSL	11:cee25a834751	706	session->ticketID = 0;
wolfSSL	11:cee25a834751	707
wolfSSL	11:cee25a834751	708	InitFlags(&session->flags);
wolfSSL	11:cee25a834751	709	InitFinCapture(&session->finCaputre);
wolfSSL	11:cee25a834751	710	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	11:cee25a834751	711	session->hash = 0;
wolfSSL	11:cee25a834751	712	#endif
wolfSSL	11:cee25a834751	713	}
wolfSSL	11:cee25a834751	714
wolfSSL	11:cee25a834751	715
wolfSSL	11:cee25a834751	716	/* IP Info from IP Header */
wolfSSL	11:cee25a834751	717	typedef struct IpInfo {
wolfSSL	11:cee25a834751	718	int length; /* length of this header */
wolfSSL	11:cee25a834751	719	int total; /* total length of fragment */
wolfSSL	11:cee25a834751	720	word32 src; /* network order source address */
wolfSSL	11:cee25a834751	721	word32 dst; /* network order destination address */
wolfSSL	11:cee25a834751	722	} IpInfo;
wolfSSL	11:cee25a834751	723
wolfSSL	11:cee25a834751	724
wolfSSL	11:cee25a834751	725	/* TCP Info from TCP Header */
wolfSSL	11:cee25a834751	726	typedef struct TcpInfo {
wolfSSL	11:cee25a834751	727	int srcPort; /* source port */
wolfSSL	11:cee25a834751	728	int dstPort; /* source port */
wolfSSL	11:cee25a834751	729	int length; /* length of this header */
wolfSSL	11:cee25a834751	730	word32 sequence; /* sequence number */
wolfSSL	11:cee25a834751	731	word32 ackNumber; /* ack number */
wolfSSL	11:cee25a834751	732	byte fin; /* FIN set */
wolfSSL	11:cee25a834751	733	byte rst; /* RST set */
wolfSSL	11:cee25a834751	734	byte syn; /* SYN set */
wolfSSL	11:cee25a834751	735	byte ack; /* ACK set */
wolfSSL	11:cee25a834751	736	} TcpInfo;
wolfSSL	11:cee25a834751	737
wolfSSL	11:cee25a834751	738
wolfSSL	11:cee25a834751	739	/* Tcp Pseudo Header for Checksum calculation */
wolfSSL	11:cee25a834751	740	typedef struct TcpPseudoHdr {
wolfSSL	11:cee25a834751	741	word32 src; /* source address */
wolfSSL	11:cee25a834751	742	word32 dst; /* destination address */
wolfSSL	11:cee25a834751	743	byte rsv; /* reserved, always 0 */
wolfSSL	11:cee25a834751	744	byte protocol; /* IP protocol */
wolfSSL	11:cee25a834751	745	word16 length; /* tcp header length + data length (doesn't include */
wolfSSL	11:cee25a834751	746	/* pseudo header length) network order */
wolfSSL	11:cee25a834751	747	} TcpPseudoHdr;
wolfSSL	11:cee25a834751	748
wolfSSL	11:cee25a834751	749
wolfSSL	11:cee25a834751	750	/* Password Setting Callback */
wolfSSL	11:cee25a834751	751	static int SetPassword(char* passwd, int sz, int rw, void* userdata)
wolfSSL	11:cee25a834751	752	{
wolfSSL	11:cee25a834751	753	(void)rw;
wolfSSL	11:cee25a834751	754	XSTRNCPY(passwd, (const char*)userdata, sz);
wolfSSL	11:cee25a834751	755	return (int)XSTRLEN((const char*)userdata);
wolfSSL	11:cee25a834751	756	}
wolfSSL	11:cee25a834751	757
wolfSSL	11:cee25a834751	758
wolfSSL	11:cee25a834751	759	/* Ethernet Header */
wolfSSL	11:cee25a834751	760	typedef struct EthernetHdr {
wolfSSL	11:cee25a834751	761	byte dst[ETHER_IF_ADDR_LEN]; /* destination host address */
wolfSSL	11:cee25a834751	762	byte src[ETHER_IF_ADDR_LEN]; /* source host address */
wolfSSL	11:cee25a834751	763	word16 type; /* IP, ARP, etc */
wolfSSL	11:cee25a834751	764	} EthernetHdr;
wolfSSL	11:cee25a834751	765
wolfSSL	11:cee25a834751	766
wolfSSL	11:cee25a834751	767	/* IP Header */
wolfSSL	11:cee25a834751	768	typedef struct IpHdr {
wolfSSL	11:cee25a834751	769	byte ver_hl; /* version/header length */
wolfSSL	11:cee25a834751	770	byte tos; /* type of service */
wolfSSL	11:cee25a834751	771	word16 length; /* total length */
wolfSSL	11:cee25a834751	772	word16 id; /* identification */
wolfSSL	11:cee25a834751	773	word16 offset; /* fragment offset field */
wolfSSL	11:cee25a834751	774	byte ttl; /* time to live */
wolfSSL	11:cee25a834751	775	byte protocol; /* protocol */
wolfSSL	11:cee25a834751	776	word16 sum; /* checksum */
wolfSSL	11:cee25a834751	777	word32 src; /* source address */
wolfSSL	11:cee25a834751	778	word32 dst; /* destination address */
wolfSSL	11:cee25a834751	779	} IpHdr;
wolfSSL	11:cee25a834751	780
wolfSSL	11:cee25a834751	781
wolfSSL	11:cee25a834751	782	#define IP_HL(ip) ( (((ip)->ver_hl) & 0x0f) * 4)
wolfSSL	11:cee25a834751	783	#define IP_V(ip) ( ((ip)->ver_hl) >> 4)
wolfSSL	11:cee25a834751	784
wolfSSL	11:cee25a834751	785	/* TCP Header */
wolfSSL	11:cee25a834751	786	typedef struct TcpHdr {
wolfSSL	11:cee25a834751	787	word16 srcPort; /* source port */
wolfSSL	11:cee25a834751	788	word16 dstPort; /* destination port */
wolfSSL	11:cee25a834751	789	word32 sequence; /* sequence number */
wolfSSL	11:cee25a834751	790	word32 ack; /* acknoledgment number */
wolfSSL	11:cee25a834751	791	byte offset; /* data offset, reserved */
wolfSSL	11:cee25a834751	792	byte flags; /* option flags */
wolfSSL	11:cee25a834751	793	word16 window; /* window */
wolfSSL	11:cee25a834751	794	word16 sum; /* checksum */
wolfSSL	11:cee25a834751	795	word16 urgent; /* urgent pointer */
wolfSSL	11:cee25a834751	796	} TcpHdr;
wolfSSL	11:cee25a834751	797
wolfSSL	11:cee25a834751	798	#define TCP_LEN(tcp) ( (((tcp)->offset & 0xf0) >> 4) * 4)
wolfSSL	11:cee25a834751	799	#define TCP_FIN 0x01
wolfSSL	11:cee25a834751	800	#define TCP_SYN 0x02
wolfSSL	11:cee25a834751	801	#define TCP_RST 0x04
wolfSSL	11:cee25a834751	802	#define TCP_ACK 0x10
wolfSSL	11:cee25a834751	803
wolfSSL	11:cee25a834751	804
wolfSSL	11:cee25a834751	805
wolfSSL	11:cee25a834751	806
wolfSSL	11:cee25a834751	807
wolfSSL	11:cee25a834751	808	/* Use platform specific GetError to write to tracfile if tracing */
wolfSSL	11:cee25a834751	809	static void Trace(int idx)
wolfSSL	11:cee25a834751	810	{
wolfSSL	11:cee25a834751	811	if (TraceOn) {
wolfSSL	11:cee25a834751	812	char myBuffer[MAX_ERROR_LEN];
wolfSSL	11:cee25a834751	813	GetError(idx, myBuffer);
wolfSSL	11:cee25a834751	814	fprintf(TraceFile, "\t%s\n", myBuffer);
wolfSSL	11:cee25a834751	815	#ifdef DEBUG_SNIFFER
wolfSSL	11:cee25a834751	816	fprintf(stderr, "\t%s\n", myBuffer);
wolfSSL	11:cee25a834751	817	#endif
wolfSSL	11:cee25a834751	818	}
wolfSSL	11:cee25a834751	819	}
wolfSSL	11:cee25a834751	820
wolfSSL	11:cee25a834751	821
wolfSSL	11:cee25a834751	822	/* Show TimeStamp for beginning of packet Trace */
wolfSSL	11:cee25a834751	823	static void TraceHeader(void)
wolfSSL	11:cee25a834751	824	{
wolfSSL	11:cee25a834751	825	if (TraceOn) {
wolfSSL	11:cee25a834751	826	time_t ticks = time(NULL);
wolfSSL	11:cee25a834751	827	fprintf(TraceFile, "\n%s", ctime(&ticks));
wolfSSL	11:cee25a834751	828	}
wolfSSL	11:cee25a834751	829	}
wolfSSL	11:cee25a834751	830
wolfSSL	11:cee25a834751	831
wolfSSL	11:cee25a834751	832	/* Show Set Server info for Trace */
wolfSSL	11:cee25a834751	833	static void TraceSetServer(const char* srv, int port, const char* keyFile)
wolfSSL	11:cee25a834751	834	{
wolfSSL	11:cee25a834751	835	if (TraceOn) {
wolfSSL	11:cee25a834751	836	fprintf(TraceFile, "\tTrying to install a new Sniffer Server with\n");
wolfSSL	11:cee25a834751	837	fprintf(TraceFile, "\tserver: %s, port: %d, keyFile: %s\n", srv, port,
wolfSSL	11:cee25a834751	838	keyFile);
wolfSSL	11:cee25a834751	839	}
wolfSSL	11:cee25a834751	840	}
wolfSSL	11:cee25a834751	841
wolfSSL	11:cee25a834751	842
wolfSSL	11:cee25a834751	843	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	844
wolfSSL	11:cee25a834751	845	/* Show Set Named Server info for Trace */
wolfSSL	11:cee25a834751	846	static void TraceSetNamedServer(const char* name,
wolfSSL	11:cee25a834751	847	const char* srv, int port, const char* keyFile)
wolfSSL	11:cee25a834751	848	{
wolfSSL	11:cee25a834751	849	if (TraceOn) {
wolfSSL	11:cee25a834751	850	fprintf(TraceFile, "\tTrying to install a new Sniffer Server with\n");
wolfSSL	11:cee25a834751	851	fprintf(TraceFile, "\tname: %s, server: %s, port: %d, keyFile: %s\n",
wolfSSL	11:cee25a834751	852	name, srv, port, keyFile);
wolfSSL	11:cee25a834751	853	}
wolfSSL	11:cee25a834751	854	}
wolfSSL	11:cee25a834751	855
wolfSSL	11:cee25a834751	856	#endif
wolfSSL	11:cee25a834751	857
wolfSSL	11:cee25a834751	858
wolfSSL	11:cee25a834751	859	/* Trace got packet number */
wolfSSL	11:cee25a834751	860	static void TracePacket(void)
wolfSSL	11:cee25a834751	861	{
wolfSSL	11:cee25a834751	862	if (TraceOn) {
wolfSSL	11:cee25a834751	863	static word32 packetNumber = 0;
wolfSSL	11:cee25a834751	864	fprintf(TraceFile, "\tGot a Packet to decode, packet %u\n",
wolfSSL	11:cee25a834751	865	++packetNumber);
wolfSSL	11:cee25a834751	866	}
wolfSSL	11:cee25a834751	867	}
wolfSSL	11:cee25a834751	868
wolfSSL	11:cee25a834751	869
wolfSSL	11:cee25a834751	870	/* Convert network byte order address into human readable */
wolfSSL	11:cee25a834751	871	static char* IpToS(word32 addr, char* str)
wolfSSL	11:cee25a834751	872	{
wolfSSL	11:cee25a834751	873	byte* p = (byte*)&addr;
wolfSSL	11:cee25a834751	874
wolfSSL	11:cee25a834751	875	SNPRINTF(str, TRACE_MSG_SZ, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
wolfSSL	11:cee25a834751	876
wolfSSL	11:cee25a834751	877	return str;
wolfSSL	11:cee25a834751	878	}
wolfSSL	11:cee25a834751	879
wolfSSL	11:cee25a834751	880
wolfSSL	11:cee25a834751	881	/* Show destination and source address from Ip Hdr for packet Trace */
wolfSSL	11:cee25a834751	882	static void TraceIP(IpHdr* iphdr)
wolfSSL	11:cee25a834751	883	{
wolfSSL	11:cee25a834751	884	if (TraceOn) {
wolfSSL	11:cee25a834751	885	char src[TRACE_MSG_SZ];
wolfSSL	11:cee25a834751	886	char dst[TRACE_MSG_SZ];
wolfSSL	11:cee25a834751	887	fprintf(TraceFile, "\tdst:%s src:%s\n", IpToS(iphdr->dst, dst),
wolfSSL	11:cee25a834751	888	IpToS(iphdr->src, src));
wolfSSL	11:cee25a834751	889	}
wolfSSL	11:cee25a834751	890	}
wolfSSL	11:cee25a834751	891
wolfSSL	11:cee25a834751	892
wolfSSL	11:cee25a834751	893	/* Show destination and source port from Tcp Hdr for packet Trace */
wolfSSL	11:cee25a834751	894	static void TraceTcp(TcpHdr* tcphdr)
wolfSSL	11:cee25a834751	895	{
wolfSSL	11:cee25a834751	896	if (TraceOn) {
wolfSSL	11:cee25a834751	897	fprintf(TraceFile, "\tdstPort:%u srcPort:%u\n", ntohs(tcphdr->dstPort),
wolfSSL	11:cee25a834751	898	ntohs(tcphdr->srcPort));
wolfSSL	11:cee25a834751	899	}
wolfSSL	11:cee25a834751	900	}
wolfSSL	11:cee25a834751	901
wolfSSL	11:cee25a834751	902
wolfSSL	11:cee25a834751	903	/* Show sequence and payload length for Trace */
wolfSSL	11:cee25a834751	904	static void TraceSequence(word32 seq, int len)
wolfSSL	11:cee25a834751	905	{
wolfSSL	11:cee25a834751	906	if (TraceOn) {
wolfSSL	11:cee25a834751	907	fprintf(TraceFile, "\tSequence:%u, payload length:%d\n", seq, len);
wolfSSL	11:cee25a834751	908	}
wolfSSL	11:cee25a834751	909	}
wolfSSL	11:cee25a834751	910
wolfSSL	11:cee25a834751	911
wolfSSL	11:cee25a834751	912	/* Show sequence and payload length for Trace */
wolfSSL	11:cee25a834751	913	static void TraceAck(word32 ack, word32 expected)
wolfSSL	11:cee25a834751	914	{
wolfSSL	11:cee25a834751	915	if (TraceOn) {
wolfSSL	11:cee25a834751	916	fprintf(TraceFile, "\tAck:%u Expected:%u\n", ack, expected);
wolfSSL	11:cee25a834751	917	}
wolfSSL	11:cee25a834751	918	}
wolfSSL	11:cee25a834751	919
wolfSSL	11:cee25a834751	920
wolfSSL	11:cee25a834751	921	/* Show relative expected and relative received sequences */
wolfSSL	11:cee25a834751	922	static void TraceRelativeSequence(word32 expected, word32 got)
wolfSSL	11:cee25a834751	923	{
wolfSSL	11:cee25a834751	924	if (TraceOn) {
wolfSSL	11:cee25a834751	925	fprintf(TraceFile, "\tExpected sequence:%u, received sequence:%u\n",
wolfSSL	11:cee25a834751	926	expected, got);
wolfSSL	11:cee25a834751	927	}
wolfSSL	11:cee25a834751	928	}
wolfSSL	11:cee25a834751	929
wolfSSL	11:cee25a834751	930
wolfSSL	11:cee25a834751	931	/* Show server sequence startup from SYN */
wolfSSL	11:cee25a834751	932	static void TraceServerSyn(word32 seq)
wolfSSL	11:cee25a834751	933	{
wolfSSL	11:cee25a834751	934	if (TraceOn) {
wolfSSL	11:cee25a834751	935	fprintf(TraceFile, "\tServer SYN, Sequence Start:%u\n", seq);
wolfSSL	11:cee25a834751	936	}
wolfSSL	11:cee25a834751	937	}
wolfSSL	11:cee25a834751	938
wolfSSL	11:cee25a834751	939
wolfSSL	11:cee25a834751	940	/* Show client sequence startup from SYN */
wolfSSL	11:cee25a834751	941	static void TraceClientSyn(word32 seq)
wolfSSL	11:cee25a834751	942	{
wolfSSL	11:cee25a834751	943	if (TraceOn) {
wolfSSL	11:cee25a834751	944	fprintf(TraceFile, "\tClient SYN, Sequence Start:%u\n", seq);
wolfSSL	11:cee25a834751	945	}
wolfSSL	11:cee25a834751	946	}
wolfSSL	11:cee25a834751	947
wolfSSL	11:cee25a834751	948
wolfSSL	11:cee25a834751	949	/* Show client FIN capture */
wolfSSL	11:cee25a834751	950	static void TraceClientFin(word32 finSeq, word32 relSeq)
wolfSSL	11:cee25a834751	951	{
wolfSSL	11:cee25a834751	952	if (TraceOn) {
wolfSSL	11:cee25a834751	953	fprintf(TraceFile, "\tClient FIN capture:%u, current SEQ:%u\n",
wolfSSL	11:cee25a834751	954	finSeq, relSeq);
wolfSSL	11:cee25a834751	955	}
wolfSSL	11:cee25a834751	956	}
wolfSSL	11:cee25a834751	957
wolfSSL	11:cee25a834751	958
wolfSSL	11:cee25a834751	959	/* Show server FIN capture */
wolfSSL	11:cee25a834751	960	static void TraceServerFin(word32 finSeq, word32 relSeq)
wolfSSL	11:cee25a834751	961	{
wolfSSL	11:cee25a834751	962	if (TraceOn) {
wolfSSL	11:cee25a834751	963	fprintf(TraceFile, "\tServer FIN capture:%u, current SEQ:%u\n",
wolfSSL	11:cee25a834751	964	finSeq, relSeq);
wolfSSL	11:cee25a834751	965	}
wolfSSL	11:cee25a834751	966	}
wolfSSL	11:cee25a834751	967
wolfSSL	11:cee25a834751	968
wolfSSL	11:cee25a834751	969	/* Show number of SSL data bytes decoded, could be 0 (ok) */
wolfSSL	11:cee25a834751	970	static void TraceGotData(int bytes)
wolfSSL	11:cee25a834751	971	{
wolfSSL	11:cee25a834751	972	if (TraceOn) {
wolfSSL	11:cee25a834751	973	fprintf(TraceFile, "\t%d bytes of SSL App data processed\n", bytes);
wolfSSL	11:cee25a834751	974	}
wolfSSL	11:cee25a834751	975	}
wolfSSL	11:cee25a834751	976
wolfSSL	11:cee25a834751	977
wolfSSL	11:cee25a834751	978	/* Show bytes added to old SSL App data */
wolfSSL	11:cee25a834751	979	static void TraceAddedData(int newBytes, int existingBytes)
wolfSSL	11:cee25a834751	980	{
wolfSSL	11:cee25a834751	981	if (TraceOn) {
wolfSSL	11:cee25a834751	982	fprintf(TraceFile,
wolfSSL	11:cee25a834751	983	"\t%d bytes added to %d existing bytes in User Buffer\n",
wolfSSL	11:cee25a834751	984	newBytes, existingBytes);
wolfSSL	11:cee25a834751	985	}
wolfSSL	11:cee25a834751	986	}
wolfSSL	11:cee25a834751	987
wolfSSL	11:cee25a834751	988
wolfSSL	11:cee25a834751	989	/* Show Stale Session */
wolfSSL	11:cee25a834751	990	static void TraceStaleSession(void)
wolfSSL	11:cee25a834751	991	{
wolfSSL	11:cee25a834751	992	if (TraceOn) {
wolfSSL	11:cee25a834751	993	fprintf(TraceFile, "\tFound a stale session\n");
wolfSSL	11:cee25a834751	994	}
wolfSSL	11:cee25a834751	995	}
wolfSSL	11:cee25a834751	996
wolfSSL	11:cee25a834751	997
wolfSSL	11:cee25a834751	998	/* Show Finding Stale Sessions */
wolfSSL	11:cee25a834751	999	static void TraceFindingStale(void)
wolfSSL	11:cee25a834751	1000	{
wolfSSL	11:cee25a834751	1001	if (TraceOn) {
wolfSSL	11:cee25a834751	1002	fprintf(TraceFile, "\tTrying to find Stale Sessions\n");
wolfSSL	11:cee25a834751	1003	}
wolfSSL	11:cee25a834751	1004	}
wolfSSL	11:cee25a834751	1005
wolfSSL	11:cee25a834751	1006
wolfSSL	11:cee25a834751	1007	/* Show Removed Session */
wolfSSL	11:cee25a834751	1008	static void TraceRemovedSession(void)
wolfSSL	11:cee25a834751	1009	{
wolfSSL	11:cee25a834751	1010	if (TraceOn) {
wolfSSL	11:cee25a834751	1011	fprintf(TraceFile, "\tRemoved it\n");
wolfSSL	11:cee25a834751	1012	}
wolfSSL	11:cee25a834751	1013	}
wolfSSL	11:cee25a834751	1014
wolfSSL	11:cee25a834751	1015
wolfSSL	11:cee25a834751	1016	/* Set user error string */
wolfSSL	11:cee25a834751	1017	static void SetError(int idx, char* error, SnifferSession* session, int fatal)
wolfSSL	11:cee25a834751	1018	{
wolfSSL	11:cee25a834751	1019	GetError(idx, error);
wolfSSL	11:cee25a834751	1020	Trace(idx);
wolfSSL	11:cee25a834751	1021	if (session && fatal == FATAL_ERROR_STATE)
wolfSSL	11:cee25a834751	1022	session->flags.fatalError = 1;
wolfSSL	11:cee25a834751	1023	}
wolfSSL	11:cee25a834751	1024
wolfSSL	11:cee25a834751	1025
wolfSSL	11:cee25a834751	1026	/* See if this IPV4 network order address has been registered */
wolfSSL	11:cee25a834751	1027	/* return 1 is true, 0 is false */
wolfSSL	11:cee25a834751	1028	static int IsServerRegistered(word32 addr)
wolfSSL	11:cee25a834751	1029	{
wolfSSL	11:cee25a834751	1030	int ret = 0; /* false */
wolfSSL	11:cee25a834751	1031	SnifferServer* sniffer;
wolfSSL	11:cee25a834751	1032
wolfSSL	11:cee25a834751	1033	wc_LockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	1034
wolfSSL	11:cee25a834751	1035	sniffer = ServerList;
wolfSSL	11:cee25a834751	1036	while (sniffer) {
wolfSSL	11:cee25a834751	1037	if (sniffer->server == addr) {
wolfSSL	11:cee25a834751	1038	ret = 1;
wolfSSL	11:cee25a834751	1039	break;
wolfSSL	11:cee25a834751	1040	}
wolfSSL	11:cee25a834751	1041	sniffer = sniffer->next;
wolfSSL	11:cee25a834751	1042	}
wolfSSL	11:cee25a834751	1043
wolfSSL	11:cee25a834751	1044	wc_UnLockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	1045
wolfSSL	11:cee25a834751	1046	return ret;
wolfSSL	11:cee25a834751	1047	}
wolfSSL	11:cee25a834751	1048
wolfSSL	11:cee25a834751	1049
wolfSSL	11:cee25a834751	1050	/* See if this port has been registered to watch */
wolfSSL	11:cee25a834751	1051	/* return 1 is true, 0 is false */
wolfSSL	11:cee25a834751	1052	static int IsPortRegistered(word32 port)
wolfSSL	11:cee25a834751	1053	{
wolfSSL	11:cee25a834751	1054	int ret = 0; /* false */
wolfSSL	11:cee25a834751	1055	SnifferServer* sniffer;
wolfSSL	11:cee25a834751	1056
wolfSSL	11:cee25a834751	1057	wc_LockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	1058
wolfSSL	11:cee25a834751	1059	sniffer = ServerList;
wolfSSL	11:cee25a834751	1060	while (sniffer) {
wolfSSL	11:cee25a834751	1061	if (sniffer->port == (int)port) {
wolfSSL	11:cee25a834751	1062	ret = 1;
wolfSSL	11:cee25a834751	1063	break;
wolfSSL	11:cee25a834751	1064	}
wolfSSL	11:cee25a834751	1065	sniffer = sniffer->next;
wolfSSL	11:cee25a834751	1066	}
wolfSSL	11:cee25a834751	1067
wolfSSL	11:cee25a834751	1068	wc_UnLockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	1069
wolfSSL	11:cee25a834751	1070	return ret;
wolfSSL	11:cee25a834751	1071	}
wolfSSL	11:cee25a834751	1072
wolfSSL	11:cee25a834751	1073
wolfSSL	11:cee25a834751	1074	/* Get SnifferServer from IP and Port */
wolfSSL	11:cee25a834751	1075	static SnifferServer* GetSnifferServer(IpInfo* ipInfo, TcpInfo* tcpInfo)
wolfSSL	11:cee25a834751	1076	{
wolfSSL	11:cee25a834751	1077	SnifferServer* sniffer;
wolfSSL	11:cee25a834751	1078
wolfSSL	11:cee25a834751	1079	wc_LockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	1080
wolfSSL	11:cee25a834751	1081	sniffer = ServerList;
wolfSSL	11:cee25a834751	1082	while (sniffer) {
wolfSSL	11:cee25a834751	1083	if (sniffer->port == tcpInfo->srcPort && sniffer->server == ipInfo->src)
wolfSSL	11:cee25a834751	1084	break;
wolfSSL	11:cee25a834751	1085	if (sniffer->port == tcpInfo->dstPort && sniffer->server == ipInfo->dst)
wolfSSL	11:cee25a834751	1086	break;
wolfSSL	11:cee25a834751	1087	sniffer = sniffer->next;
wolfSSL	11:cee25a834751	1088	}
wolfSSL	11:cee25a834751	1089
wolfSSL	11:cee25a834751	1090	wc_UnLockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	1091
wolfSSL	11:cee25a834751	1092	return sniffer;
wolfSSL	11:cee25a834751	1093	}
wolfSSL	11:cee25a834751	1094
wolfSSL	11:cee25a834751	1095
wolfSSL	11:cee25a834751	1096	/* Hash the Session Info, return hash row */
wolfSSL	11:cee25a834751	1097	static word32 SessionHash(IpInfo* ipInfo, TcpInfo* tcpInfo)
wolfSSL	11:cee25a834751	1098	{
wolfSSL	11:cee25a834751	1099	word32 hash = ipInfo->src * ipInfo->dst;
wolfSSL	11:cee25a834751	1100	hash = tcpInfo->srcPort tcpInfo->dstPort;
wolfSSL	11:cee25a834751	1101
wolfSSL	11:cee25a834751	1102	return hash % HASH_SIZE;
wolfSSL	11:cee25a834751	1103	}
wolfSSL	11:cee25a834751	1104
wolfSSL	11:cee25a834751	1105
wolfSSL	11:cee25a834751	1106	/* Get Exisiting SnifferSession from IP and Port */
wolfSSL	11:cee25a834751	1107	static SnifferSession* GetSnifferSession(IpInfo* ipInfo, TcpInfo* tcpInfo)
wolfSSL	11:cee25a834751	1108	{
wolfSSL	11:cee25a834751	1109	SnifferSession* session;
wolfSSL	11:cee25a834751	1110	time_t currTime = time(NULL);
wolfSSL	11:cee25a834751	1111	word32 row = SessionHash(ipInfo, tcpInfo);
wolfSSL	11:cee25a834751	1112
wolfSSL	11:cee25a834751	1113	assert(row <= HASH_SIZE);
wolfSSL	11:cee25a834751	1114
wolfSSL	11:cee25a834751	1115	wc_LockMutex(&SessionMutex);
wolfSSL	11:cee25a834751	1116
wolfSSL	11:cee25a834751	1117	session = SessionTable[row];
wolfSSL	11:cee25a834751	1118	while (session) {
wolfSSL	11:cee25a834751	1119	if (session->server == ipInfo->src && session->client == ipInfo->dst &&
wolfSSL	11:cee25a834751	1120	session->srvPort == tcpInfo->srcPort &&
wolfSSL	11:cee25a834751	1121	session->cliPort == tcpInfo->dstPort)
wolfSSL	11:cee25a834751	1122	break;
wolfSSL	11:cee25a834751	1123	if (session->client == ipInfo->src && session->server == ipInfo->dst &&
wolfSSL	11:cee25a834751	1124	session->cliPort == tcpInfo->srcPort &&
wolfSSL	11:cee25a834751	1125	session->srvPort == tcpInfo->dstPort)
wolfSSL	11:cee25a834751	1126	break;
wolfSSL	11:cee25a834751	1127
wolfSSL	11:cee25a834751	1128	session = session->next;
wolfSSL	11:cee25a834751	1129	}
wolfSSL	11:cee25a834751	1130
wolfSSL	11:cee25a834751	1131	if (session)
wolfSSL	11:cee25a834751	1132	session->lastUsed= currTime; /* keep session alive, remove stale will */
wolfSSL	11:cee25a834751	1133	/* leave alone */
wolfSSL	11:cee25a834751	1134	wc_UnLockMutex(&SessionMutex);
wolfSSL	11:cee25a834751	1135
wolfSSL	11:cee25a834751	1136	/* determine side */
wolfSSL	11:cee25a834751	1137	if (session) {
wolfSSL	11:cee25a834751	1138	if (ipInfo->dst == session->context->server &&
wolfSSL	11:cee25a834751	1139	tcpInfo->dstPort == session->context->port)
wolfSSL	11:cee25a834751	1140	session->flags.side = WOLFSSL_SERVER_END;
wolfSSL	11:cee25a834751	1141	else
wolfSSL	11:cee25a834751	1142	session->flags.side = WOLFSSL_CLIENT_END;
wolfSSL	11:cee25a834751	1143	}
wolfSSL	11:cee25a834751	1144
wolfSSL	11:cee25a834751	1145	return session;
wolfSSL	11:cee25a834751	1146	}
wolfSSL	11:cee25a834751	1147
wolfSSL	11:cee25a834751	1148
wolfSSL	11:cee25a834751	1149	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	1150
wolfSSL	11:cee25a834751	1151	static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
wolfSSL	11:cee25a834751	1152	const char* keyFile, int typeKey,
wolfSSL	11:cee25a834751	1153	const char* password)
wolfSSL	11:cee25a834751	1154	{
wolfSSL	11:cee25a834751	1155	byte* loadBuf;
wolfSSL	11:cee25a834751	1156	long fileSz = 0;
wolfSSL	11:cee25a834751	1157	XFILE file;
wolfSSL	11:cee25a834751	1158	int ret;
wolfSSL	11:cee25a834751	1159
wolfSSL	11:cee25a834751	1160	if (keyBuf == NULL \|\| keyBufSz == NULL \|\| keyFile == NULL) {
wolfSSL	11:cee25a834751	1161	return -1;
wolfSSL	11:cee25a834751	1162	}
wolfSSL	11:cee25a834751	1163
wolfSSL	11:cee25a834751	1164	file = XFOPEN(keyFile, "rb");
wolfSSL	11:cee25a834751	1165	if (file == XBADFILE) return -1;
wolfSSL	11:cee25a834751	1166	XFSEEK(file, 0, XSEEK_END);
wolfSSL	11:cee25a834751	1167	fileSz = XFTELL(file);
wolfSSL	11:cee25a834751	1168	XREWIND(file);
wolfSSL	11:cee25a834751	1169
wolfSSL	11:cee25a834751	1170	loadBuf = (byte*)malloc(fileSz);
wolfSSL	11:cee25a834751	1171	if (loadBuf == NULL) {
wolfSSL	11:cee25a834751	1172	XFCLOSE(file);
wolfSSL	11:cee25a834751	1173	return -1;
wolfSSL	11:cee25a834751	1174	}
wolfSSL	11:cee25a834751	1175
wolfSSL	11:cee25a834751	1176	ret = (int)XFREAD(loadBuf, 1, fileSz, file);
wolfSSL	11:cee25a834751	1177	XFCLOSE(file);
wolfSSL	11:cee25a834751	1178
wolfSSL	11:cee25a834751	1179	if (ret != fileSz) {
wolfSSL	11:cee25a834751	1180	free(loadBuf);
wolfSSL	11:cee25a834751	1181	return -1;
wolfSSL	11:cee25a834751	1182	}
wolfSSL	11:cee25a834751	1183
wolfSSL	11:cee25a834751	1184	if (typeKey == SSL_FILETYPE_PEM) {
wolfSSL	11:cee25a834751	1185	byte* saveBuf = (byte*)malloc(fileSz);
wolfSSL	11:cee25a834751	1186	int saveBufSz = 0;
wolfSSL	11:cee25a834751	1187
wolfSSL	11:cee25a834751	1188	ret = -1;
wolfSSL	11:cee25a834751	1189	if (saveBuf != NULL) {
wolfSSL	11:cee25a834751	1190	saveBufSz = wolfSSL_KeyPemToDer(loadBuf, (int)fileSz,
wolfSSL	11:cee25a834751	1191	saveBuf, (int)fileSz, password);
wolfSSL	11:cee25a834751	1192	if (saveBufSz < 0) {
wolfSSL	11:cee25a834751	1193	saveBufSz = 0;
wolfSSL	11:cee25a834751	1194	free(saveBuf);
wolfSSL	11:cee25a834751	1195	saveBuf = NULL;
wolfSSL	11:cee25a834751	1196	}
wolfSSL	11:cee25a834751	1197	else
wolfSSL	11:cee25a834751	1198	ret = 0;
wolfSSL	11:cee25a834751	1199	}
wolfSSL	11:cee25a834751	1200
wolfSSL	11:cee25a834751	1201	ForceZero(loadBuf, (word32)fileSz);
wolfSSL	11:cee25a834751	1202	free(loadBuf);
wolfSSL	11:cee25a834751	1203
wolfSSL	11:cee25a834751	1204	if (saveBuf) {
wolfSSL	11:cee25a834751	1205	*keyBuf = saveBuf;
wolfSSL	11:cee25a834751	1206	*keyBufSz = (word32)saveBufSz;
wolfSSL	11:cee25a834751	1207	}
wolfSSL	11:cee25a834751	1208	}
wolfSSL	11:cee25a834751	1209	else {
wolfSSL	11:cee25a834751	1210	*keyBuf = loadBuf;
wolfSSL	11:cee25a834751	1211	*keyBufSz = (word32)fileSz;
wolfSSL	11:cee25a834751	1212	}
wolfSSL	11:cee25a834751	1213
wolfSSL	11:cee25a834751	1214	if (ret < 0) {
wolfSSL	11:cee25a834751	1215	return -1;
wolfSSL	11:cee25a834751	1216	}
wolfSSL	11:cee25a834751	1217
wolfSSL	11:cee25a834751	1218	return ret;
wolfSSL	11:cee25a834751	1219	}
wolfSSL	11:cee25a834751	1220
wolfSSL	11:cee25a834751	1221	#endif
wolfSSL	11:cee25a834751	1222
wolfSSL	11:cee25a834751	1223
wolfSSL	11:cee25a834751	1224	static int SetNamedPrivateKey(const char* name, const char* address, int port,
wolfSSL	11:cee25a834751	1225	const char* keyFile, int typeKey, const char* password, char* error)
wolfSSL	11:cee25a834751	1226	{
wolfSSL	11:cee25a834751	1227	SnifferServer* sniffer;
wolfSSL	11:cee25a834751	1228	int ret;
wolfSSL	11:cee25a834751	1229	int type = (typeKey == FILETYPE_PEM) ? SSL_FILETYPE_PEM :
wolfSSL	11:cee25a834751	1230	SSL_FILETYPE_ASN1;
wolfSSL	11:cee25a834751	1231	int isNew = 0;
wolfSSL	11:cee25a834751	1232	word32 serverIp;
wolfSSL	11:cee25a834751	1233
wolfSSL	11:cee25a834751	1234	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	1235	NamedKey* namedKey = NULL;
wolfSSL	11:cee25a834751	1236	#endif
wolfSSL	11:cee25a834751	1237
wolfSSL	11:cee25a834751	1238	(void)name;
wolfSSL	11:cee25a834751	1239	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	1240	if (name != NULL) {
wolfSSL	11:cee25a834751	1241	namedKey = (NamedKey*)malloc(sizeof(NamedKey));
wolfSSL	11:cee25a834751	1242	if (namedKey == NULL) {
wolfSSL	11:cee25a834751	1243	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	1244	return -1;
wolfSSL	11:cee25a834751	1245	}
wolfSSL	11:cee25a834751	1246	XMEMSET(namedKey, 0, sizeof(NamedKey));
wolfSSL	11:cee25a834751	1247
wolfSSL	11:cee25a834751	1248	namedKey->nameSz = (word32)XSTRLEN(name);
wolfSSL	11:cee25a834751	1249	XSTRNCPY(namedKey->name, name, sizeof(namedKey->name));
wolfSSL	11:cee25a834751	1250	if (namedKey->nameSz >= sizeof(namedKey->name)) {
wolfSSL	11:cee25a834751	1251	namedKey->nameSz = sizeof(namedKey->name) - 1;
wolfSSL	11:cee25a834751	1252	namedKey->name[namedKey->nameSz] = '\0';
wolfSSL	11:cee25a834751	1253	}
wolfSSL	11:cee25a834751	1254
wolfSSL	11:cee25a834751	1255	ret = LoadKeyFile(&namedKey->key, &namedKey->keySz,
wolfSSL	11:cee25a834751	1256	keyFile, type, password);
wolfSSL	11:cee25a834751	1257	if (ret < 0) {
wolfSSL	11:cee25a834751	1258	SetError(KEY_FILE_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	1259	FreeNamedKey(namedKey);
wolfSSL	11:cee25a834751	1260	return -1;
wolfSSL	11:cee25a834751	1261	}
wolfSSL	11:cee25a834751	1262	}
wolfSSL	11:cee25a834751	1263	#endif
wolfSSL	11:cee25a834751	1264
wolfSSL	11:cee25a834751	1265	serverIp = inet_addr(address);
wolfSSL	11:cee25a834751	1266	sniffer = ServerList;
wolfSSL	11:cee25a834751	1267	while (sniffer != NULL &&
wolfSSL	11:cee25a834751	1268	(sniffer->server != serverIp \|\| sniffer->port != port)) {
wolfSSL	11:cee25a834751	1269	sniffer = sniffer->next;
wolfSSL	11:cee25a834751	1270	}
wolfSSL	11:cee25a834751	1271
wolfSSL	11:cee25a834751	1272	if (sniffer == NULL) {
wolfSSL	11:cee25a834751	1273	isNew = 1;
wolfSSL	11:cee25a834751	1274	sniffer = (SnifferServer*)malloc(sizeof(SnifferServer));
wolfSSL	11:cee25a834751	1275	if (sniffer == NULL) {
wolfSSL	11:cee25a834751	1276	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	1277	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	1278	FreeNamedKey(namedKey);
wolfSSL	11:cee25a834751	1279	#endif
wolfSSL	11:cee25a834751	1280	return -1;
wolfSSL	11:cee25a834751	1281	}
wolfSSL	11:cee25a834751	1282	InitSnifferServer(sniffer);
wolfSSL	11:cee25a834751	1283
wolfSSL	11:cee25a834751	1284	XSTRNCPY(sniffer->address, address, MAX_SERVER_ADDRESS-1);
wolfSSL	11:cee25a834751	1285	sniffer->address[MAX_SERVER_ADDRESS-1] = '\0';
wolfSSL	11:cee25a834751	1286	sniffer->server = serverIp;
wolfSSL	11:cee25a834751	1287	sniffer->port = port;
wolfSSL	11:cee25a834751	1288
wolfSSL	11:cee25a834751	1289	sniffer->ctx = SSL_CTX_new(TLSv1_client_method());
wolfSSL	11:cee25a834751	1290	if (!sniffer->ctx) {
wolfSSL	11:cee25a834751	1291	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	1292	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	1293	FreeNamedKey(namedKey);
wolfSSL	11:cee25a834751	1294	#endif
wolfSSL	11:cee25a834751	1295	FreeSnifferServer(sniffer);
wolfSSL	11:cee25a834751	1296	return -1;
wolfSSL	11:cee25a834751	1297	}
wolfSSL	11:cee25a834751	1298	}
wolfSSL	11:cee25a834751	1299
wolfSSL	11:cee25a834751	1300	if (name == NULL) {
wolfSSL	11:cee25a834751	1301	if (password) {
wolfSSL	11:cee25a834751	1302	SSL_CTX_set_default_passwd_cb(sniffer->ctx, SetPassword);
wolfSSL	11:cee25a834751	1303	SSL_CTX_set_default_passwd_cb_userdata(
wolfSSL	11:cee25a834751	1304	sniffer->ctx, (void*)password);
wolfSSL	11:cee25a834751	1305	}
wolfSSL	11:cee25a834751	1306	ret = SSL_CTX_use_PrivateKey_file(sniffer->ctx, keyFile, type);
wolfSSL	11:cee25a834751	1307	if (ret != SSL_SUCCESS) {
wolfSSL	11:cee25a834751	1308	SetError(KEY_FILE_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	1309	if (isNew)
wolfSSL	11:cee25a834751	1310	FreeSnifferServer(sniffer);
wolfSSL	11:cee25a834751	1311	return -1;
wolfSSL	11:cee25a834751	1312	}
wolfSSL	11:cee25a834751	1313	}
wolfSSL	11:cee25a834751	1314	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	1315	else {
wolfSSL	11:cee25a834751	1316	wc_LockMutex(&sniffer->namedKeysMutex);
wolfSSL	11:cee25a834751	1317	namedKey->next = sniffer->namedKeys;
wolfSSL	11:cee25a834751	1318	sniffer->namedKeys = namedKey;
wolfSSL	11:cee25a834751	1319	wc_UnLockMutex(&sniffer->namedKeysMutex);
wolfSSL	11:cee25a834751	1320	}
wolfSSL	11:cee25a834751	1321	#endif
wolfSSL	11:cee25a834751	1322
wolfSSL	11:cee25a834751	1323	if (isNew) {
wolfSSL	11:cee25a834751	1324	sniffer->next = ServerList;
wolfSSL	11:cee25a834751	1325	ServerList = sniffer;
wolfSSL	11:cee25a834751	1326	}
wolfSSL	11:cee25a834751	1327
wolfSSL	11:cee25a834751	1328	return 0;
wolfSSL	11:cee25a834751	1329	}
wolfSSL	11:cee25a834751	1330
wolfSSL	11:cee25a834751	1331
wolfSSL	11:cee25a834751	1332	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	1333
wolfSSL	11:cee25a834751	1334	/* Sets the private key for a specific name, server and port */
wolfSSL	11:cee25a834751	1335	/* returns 0 on success, -1 on error */
wolfSSL	11:cee25a834751	1336	int ssl_SetNamedPrivateKey(const char* name,
wolfSSL	11:cee25a834751	1337	const char* address, int port,
wolfSSL	11:cee25a834751	1338	const char* keyFile, int typeKey,
wolfSSL	11:cee25a834751	1339	const char* password, char* error)
wolfSSL	11:cee25a834751	1340	{
wolfSSL	11:cee25a834751	1341	int ret;
wolfSSL	11:cee25a834751	1342
wolfSSL	11:cee25a834751	1343	TraceHeader();
wolfSSL	11:cee25a834751	1344	TraceSetNamedServer(name, address, port, keyFile);
wolfSSL	11:cee25a834751	1345
wolfSSL	11:cee25a834751	1346	wc_LockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	1347	ret = SetNamedPrivateKey(name, address, port, keyFile,
wolfSSL	11:cee25a834751	1348	typeKey, password, error);
wolfSSL	11:cee25a834751	1349	wc_UnLockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	1350
wolfSSL	11:cee25a834751	1351	if (ret == 0)
wolfSSL	11:cee25a834751	1352	Trace(NEW_SERVER_STR);
wolfSSL	11:cee25a834751	1353
wolfSSL	11:cee25a834751	1354	return ret;
wolfSSL	11:cee25a834751	1355	}
wolfSSL	11:cee25a834751	1356
wolfSSL	11:cee25a834751	1357	#endif
wolfSSL	11:cee25a834751	1358
wolfSSL	11:cee25a834751	1359
wolfSSL	11:cee25a834751	1360	/* Sets the private key for a specific server and port */
wolfSSL	11:cee25a834751	1361	/* returns 0 on success, -1 on error */
wolfSSL	11:cee25a834751	1362	int ssl_SetPrivateKey(const char* address, int port, const char* keyFile,
wolfSSL	11:cee25a834751	1363	int typeKey, const char* password, char* error)
wolfSSL	11:cee25a834751	1364	{
wolfSSL	11:cee25a834751	1365	int ret;
wolfSSL	11:cee25a834751	1366
wolfSSL	11:cee25a834751	1367	TraceHeader();
wolfSSL	11:cee25a834751	1368	TraceSetServer(address, port, keyFile);
wolfSSL	11:cee25a834751	1369
wolfSSL	11:cee25a834751	1370	wc_LockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	1371	ret = SetNamedPrivateKey(NULL, address, port, keyFile,
wolfSSL	11:cee25a834751	1372	typeKey, password, error);
wolfSSL	11:cee25a834751	1373	wc_UnLockMutex(&ServerListMutex);
wolfSSL	11:cee25a834751	1374
wolfSSL	11:cee25a834751	1375	if (ret == 0)
wolfSSL	11:cee25a834751	1376	Trace(NEW_SERVER_STR);
wolfSSL	11:cee25a834751	1377
wolfSSL	11:cee25a834751	1378	return ret;
wolfSSL	11:cee25a834751	1379	}
wolfSSL	11:cee25a834751	1380
wolfSSL	11:cee25a834751	1381
wolfSSL	11:cee25a834751	1382	/* Check IP Header for IPV4, TCP, and a registered server address */
wolfSSL	11:cee25a834751	1383	/* returns 0 on success, -1 on error */
wolfSSL	11:cee25a834751	1384	static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error)
wolfSSL	11:cee25a834751	1385	{
wolfSSL	11:cee25a834751	1386	int version = IP_V(iphdr);
wolfSSL	11:cee25a834751	1387
wolfSSL	11:cee25a834751	1388	TraceIP(iphdr);
wolfSSL	11:cee25a834751	1389	Trace(IP_CHECK_STR);
wolfSSL	11:cee25a834751	1390
wolfSSL	11:cee25a834751	1391	if (version != IPV4) {
wolfSSL	11:cee25a834751	1392	SetError(BAD_IPVER_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	1393	return -1;
wolfSSL	11:cee25a834751	1394	}
wolfSSL	11:cee25a834751	1395
wolfSSL	11:cee25a834751	1396	if (iphdr->protocol != TCP_PROTOCOL) {
wolfSSL	11:cee25a834751	1397	SetError(BAD_PROTO_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	1398	return -1;
wolfSSL	11:cee25a834751	1399	}
wolfSSL	11:cee25a834751	1400
wolfSSL	11:cee25a834751	1401	if (!IsServerRegistered(iphdr->src) && !IsServerRegistered(iphdr->dst)) {
wolfSSL	11:cee25a834751	1402	SetError(SERVER_NOT_REG_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	1403	return -1;
wolfSSL	11:cee25a834751	1404	}
wolfSSL	11:cee25a834751	1405
wolfSSL	11:cee25a834751	1406	info->length = IP_HL(iphdr);
wolfSSL	11:cee25a834751	1407	info->total = ntohs(iphdr->length);
wolfSSL	11:cee25a834751	1408	info->src = iphdr->src;
wolfSSL	11:cee25a834751	1409	info->dst = iphdr->dst;
wolfSSL	11:cee25a834751	1410
wolfSSL	11:cee25a834751	1411	if (info->total == 0)
wolfSSL	11:cee25a834751	1412	info->total = length; /* reassembled may be off */
wolfSSL	11:cee25a834751	1413
wolfSSL	11:cee25a834751	1414	return 0;
wolfSSL	11:cee25a834751	1415	}
wolfSSL	11:cee25a834751	1416
wolfSSL	11:cee25a834751	1417
wolfSSL	11:cee25a834751	1418	/* Check TCP Header for a registered port */
wolfSSL	11:cee25a834751	1419	/* returns 0 on success, -1 on error */
wolfSSL	11:cee25a834751	1420	static int CheckTcpHdr(TcpHdr* tcphdr, TcpInfo* info, char* error)
wolfSSL	11:cee25a834751	1421	{
wolfSSL	11:cee25a834751	1422	TraceTcp(tcphdr);
wolfSSL	11:cee25a834751	1423	Trace(TCP_CHECK_STR);
wolfSSL	11:cee25a834751	1424	info->srcPort = ntohs(tcphdr->srcPort);
wolfSSL	11:cee25a834751	1425	info->dstPort = ntohs(tcphdr->dstPort);
wolfSSL	11:cee25a834751	1426	info->length = TCP_LEN(tcphdr);
wolfSSL	11:cee25a834751	1427	info->sequence = ntohl(tcphdr->sequence);
wolfSSL	11:cee25a834751	1428	info->fin = tcphdr->flags & TCP_FIN;
wolfSSL	11:cee25a834751	1429	info->rst = tcphdr->flags & TCP_RST;
wolfSSL	11:cee25a834751	1430	info->syn = tcphdr->flags & TCP_SYN;
wolfSSL	11:cee25a834751	1431	info->ack = tcphdr->flags & TCP_ACK;
wolfSSL	11:cee25a834751	1432	if (info->ack)
wolfSSL	11:cee25a834751	1433	info->ackNumber = ntohl(tcphdr->ack);
wolfSSL	11:cee25a834751	1434
wolfSSL	11:cee25a834751	1435	if (!IsPortRegistered(info->srcPort) && !IsPortRegistered(info->dstPort)) {
wolfSSL	11:cee25a834751	1436	SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	1437	return -1;
wolfSSL	11:cee25a834751	1438	}
wolfSSL	11:cee25a834751	1439
wolfSSL	11:cee25a834751	1440	return 0;
wolfSSL	11:cee25a834751	1441	}
wolfSSL	11:cee25a834751	1442
wolfSSL	11:cee25a834751	1443
wolfSSL	11:cee25a834751	1444	/* Decode Record Layer Header */
wolfSSL	11:cee25a834751	1445	static int GetRecordHeader(const byte* input, RecordLayerHeader* rh, int* size)
wolfSSL	11:cee25a834751	1446	{
wolfSSL	11:cee25a834751	1447	XMEMCPY(rh, input, RECORD_HEADER_SZ);
wolfSSL	11:cee25a834751	1448	*size = (rh->length[0] << 8) \| rh->length[1];
wolfSSL	11:cee25a834751	1449
wolfSSL	11:cee25a834751	1450	if (*size > (MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA))
wolfSSL	11:cee25a834751	1451	return LENGTH_ERROR;
wolfSSL	11:cee25a834751	1452
wolfSSL	11:cee25a834751	1453	return 0;
wolfSSL	11:cee25a834751	1454	}
wolfSSL	11:cee25a834751	1455
wolfSSL	11:cee25a834751	1456
wolfSSL	11:cee25a834751	1457	/* Process Client Key Exchange, RSA only */
wolfSSL	11:cee25a834751	1458	static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
wolfSSL	11:cee25a834751	1459	SnifferSession* session, char* error)
wolfSSL	11:cee25a834751	1460	{
wolfSSL	11:cee25a834751	1461	word32 idx = 0;
wolfSSL	11:cee25a834751	1462	RsaKey key;
wolfSSL	11:cee25a834751	1463	int ret;
wolfSSL	11:cee25a834751	1464
wolfSSL	11:cee25a834751	1465	if (session->sslServer->buffers.key == NULL \|\|
wolfSSL	11:cee25a834751	1466	session->sslServer->buffers.key->buffer == NULL \|\|
wolfSSL	11:cee25a834751	1467	session->sslServer->buffers.key->length == 0) {
wolfSSL	11:cee25a834751	1468
wolfSSL	11:cee25a834751	1469	SetError(RSA_KEY_MISSING_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1470	return -1;
wolfSSL	11:cee25a834751	1471	}
wolfSSL	11:cee25a834751	1472	ret = wc_InitRsaKey(&key, 0);
wolfSSL	11:cee25a834751	1473	if (ret == 0)
wolfSSL	11:cee25a834751	1474	ret = wc_RsaPrivateKeyDecode(session->sslServer->buffers.key->buffer,
wolfSSL	11:cee25a834751	1475	&idx, &key, session->sslServer->buffers.key->length);
wolfSSL	11:cee25a834751	1476	if (ret == 0) {
wolfSSL	11:cee25a834751	1477	int length = wc_RsaEncryptSize(&key);
wolfSSL	11:cee25a834751	1478
wolfSSL	11:cee25a834751	1479	if (IsTLS(session->sslServer))
wolfSSL	11:cee25a834751	1480	input += 2; /* tls pre length */
wolfSSL	11:cee25a834751	1481
wolfSSL	11:cee25a834751	1482	if (length > *sslBytes) {
wolfSSL	11:cee25a834751	1483	SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1484	wc_FreeRsaKey(&key);
wolfSSL	11:cee25a834751	1485	return -1;
wolfSSL	11:cee25a834751	1486	}
wolfSSL	11:cee25a834751	1487	#ifdef WC_RSA_BLINDING
wolfSSL	11:cee25a834751	1488	ret = wc_RsaSetRNG(&key, session->sslServer->rng);
wolfSSL	11:cee25a834751	1489	if (ret != 0) {
wolfSSL	11:cee25a834751	1490	SetError(RSA_DECRYPT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1491	return -1;
wolfSSL	11:cee25a834751	1492	}
wolfSSL	11:cee25a834751	1493	#endif
wolfSSL	11:cee25a834751	1494	ret = wc_RsaPrivateDecrypt(input, length,
wolfSSL	11:cee25a834751	1495	session->sslServer->arrays->preMasterSecret,SECRET_LEN, &key);
wolfSSL	11:cee25a834751	1496
wolfSSL	11:cee25a834751	1497	if (ret != SECRET_LEN) {
wolfSSL	11:cee25a834751	1498	SetError(RSA_DECRYPT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1499	wc_FreeRsaKey(&key);
wolfSSL	11:cee25a834751	1500	return -1;
wolfSSL	11:cee25a834751	1501	}
wolfSSL	11:cee25a834751	1502	session->sslServer->arrays->preMasterSz = SECRET_LEN;
wolfSSL	11:cee25a834751	1503
wolfSSL	11:cee25a834751	1504	/* store for client side as well */
wolfSSL	11:cee25a834751	1505	XMEMCPY(session->sslClient->arrays->preMasterSecret,
wolfSSL	11:cee25a834751	1506	session->sslServer->arrays->preMasterSecret, SECRET_LEN);
wolfSSL	11:cee25a834751	1507	session->sslClient->arrays->preMasterSz = SECRET_LEN;
wolfSSL	11:cee25a834751	1508
wolfSSL	11:cee25a834751	1509	#ifdef SHOW_SECRETS
wolfSSL	11:cee25a834751	1510	{
wolfSSL	11:cee25a834751	1511	int i;
wolfSSL	11:cee25a834751	1512	printf("pre master secret: ");
wolfSSL	11:cee25a834751	1513	for (i = 0; i < SECRET_LEN; i++)
wolfSSL	11:cee25a834751	1514	printf("%02x", session->sslServer->arrays->preMasterSecret[i]);
wolfSSL	11:cee25a834751	1515	printf("\n");
wolfSSL	11:cee25a834751	1516	}
wolfSSL	11:cee25a834751	1517	#endif
wolfSSL	11:cee25a834751	1518	}
wolfSSL	11:cee25a834751	1519	else {
wolfSSL	11:cee25a834751	1520	SetError(RSA_DECODE_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1521	wc_FreeRsaKey(&key);
wolfSSL	11:cee25a834751	1522	return -1;
wolfSSL	11:cee25a834751	1523	}
wolfSSL	11:cee25a834751	1524
wolfSSL	11:cee25a834751	1525	if (SetCipherSpecs(session->sslServer) != 0) {
wolfSSL	11:cee25a834751	1526	SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1527	wc_FreeRsaKey(&key);
wolfSSL	11:cee25a834751	1528	return -1;
wolfSSL	11:cee25a834751	1529	}
wolfSSL	11:cee25a834751	1530
wolfSSL	11:cee25a834751	1531	if (SetCipherSpecs(session->sslClient) != 0) {
wolfSSL	11:cee25a834751	1532	SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1533	wc_FreeRsaKey(&key);
wolfSSL	11:cee25a834751	1534	return -1;
wolfSSL	11:cee25a834751	1535	}
wolfSSL	11:cee25a834751	1536
wolfSSL	11:cee25a834751	1537	ret = MakeMasterSecret(session->sslServer);
wolfSSL	11:cee25a834751	1538	ret += MakeMasterSecret(session->sslClient);
wolfSSL	11:cee25a834751	1539	ret += SetKeysSide(session->sslServer, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL	11:cee25a834751	1540	ret += SetKeysSide(session->sslClient, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL	11:cee25a834751	1541
wolfSSL	11:cee25a834751	1542	if (ret != 0) {
wolfSSL	11:cee25a834751	1543	SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1544	return -1;
wolfSSL	11:cee25a834751	1545	}
wolfSSL	11:cee25a834751	1546
wolfSSL	11:cee25a834751	1547	#ifdef SHOW_SECRETS
wolfSSL	11:cee25a834751	1548	{
wolfSSL	11:cee25a834751	1549	int i;
wolfSSL	11:cee25a834751	1550	printf("server master secret: ");
wolfSSL	11:cee25a834751	1551	for (i = 0; i < SECRET_LEN; i++)
wolfSSL	11:cee25a834751	1552	printf("%02x", session->sslServer->arrays->masterSecret[i]);
wolfSSL	11:cee25a834751	1553	printf("\n");
wolfSSL	11:cee25a834751	1554
wolfSSL	11:cee25a834751	1555	printf("client master secret: ");
wolfSSL	11:cee25a834751	1556	for (i = 0; i < SECRET_LEN; i++)
wolfSSL	11:cee25a834751	1557	printf("%02x", session->sslClient->arrays->masterSecret[i]);
wolfSSL	11:cee25a834751	1558	printf("\n");
wolfSSL	11:cee25a834751	1559
wolfSSL	11:cee25a834751	1560	printf("server suite = %d\n", session->sslServer->options.cipherSuite);
wolfSSL	11:cee25a834751	1561	printf("client suite = %d\n", session->sslClient->options.cipherSuite);
wolfSSL	11:cee25a834751	1562	}
wolfSSL	11:cee25a834751	1563	#endif
wolfSSL	11:cee25a834751	1564
wolfSSL	11:cee25a834751	1565	wc_FreeRsaKey(&key);
wolfSSL	11:cee25a834751	1566	return ret;
wolfSSL	11:cee25a834751	1567	}
wolfSSL	11:cee25a834751	1568
wolfSSL	11:cee25a834751	1569
wolfSSL	11:cee25a834751	1570	/* Process Session Ticket */
wolfSSL	11:cee25a834751	1571	static int ProcessSessionTicket(const byte* input, int* sslBytes,
wolfSSL	11:cee25a834751	1572	SnifferSession* session, char* error)
wolfSSL	11:cee25a834751	1573	{
wolfSSL	11:cee25a834751	1574	word16 len;
wolfSSL	11:cee25a834751	1575
wolfSSL	11:cee25a834751	1576	/* make sure can read through hint and len */
wolfSSL	11:cee25a834751	1577	if (TICKET_HINT_LEN + LENGTH_SZ > *sslBytes) {
wolfSSL	11:cee25a834751	1578	SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1579	return -1;
wolfSSL	11:cee25a834751	1580	}
wolfSSL	11:cee25a834751	1581
wolfSSL	11:cee25a834751	1582	input += TICKET_HINT_LEN; /* skip over hint */
wolfSSL	11:cee25a834751	1583	*sslBytes -= TICKET_HINT_LEN;
wolfSSL	11:cee25a834751	1584
wolfSSL	11:cee25a834751	1585	len = (word16)((input[0] << 8) \| input[1]);
wolfSSL	11:cee25a834751	1586	input += LENGTH_SZ;
wolfSSL	11:cee25a834751	1587	*sslBytes -= LENGTH_SZ;
wolfSSL	11:cee25a834751	1588
wolfSSL	11:cee25a834751	1589	/* make sure can read through ticket */
wolfSSL	11:cee25a834751	1590	if (len > *sslBytes \|\| len < ID_LEN) {
wolfSSL	11:cee25a834751	1591	SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1592	return -1;
wolfSSL	11:cee25a834751	1593	}
wolfSSL	11:cee25a834751	1594
wolfSSL	11:cee25a834751	1595	/* store session with macID as sessionID */
wolfSSL	11:cee25a834751	1596	session->sslServer->options.haveSessionId = 1;
wolfSSL	11:cee25a834751	1597	XMEMCPY(session->sslServer->arrays->sessionID, input + len - ID_LEN,ID_LEN);
wolfSSL	11:cee25a834751	1598
wolfSSL	11:cee25a834751	1599	return 0;
wolfSSL	11:cee25a834751	1600	}
wolfSSL	11:cee25a834751	1601
wolfSSL	11:cee25a834751	1602
wolfSSL	11:cee25a834751	1603	/* Process Server Hello */
wolfSSL	11:cee25a834751	1604	static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
wolfSSL	11:cee25a834751	1605	SnifferSession* session, char* error)
wolfSSL	11:cee25a834751	1606	{
wolfSSL	11:cee25a834751	1607	ProtocolVersion pv;
wolfSSL	11:cee25a834751	1608	byte b;
wolfSSL	11:cee25a834751	1609	int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
wolfSSL	11:cee25a834751	1610	int doResume = 0;
wolfSSL	11:cee25a834751	1611	int initialBytes = *sslBytes;
wolfSSL	11:cee25a834751	1612
wolfSSL	11:cee25a834751	1613	(void)msgSz;
wolfSSL	11:cee25a834751	1614	(void)initialBytes;
wolfSSL	11:cee25a834751	1615
wolfSSL	11:cee25a834751	1616	/* make sure we didn't miss ClientHello */
wolfSSL	11:cee25a834751	1617	if (session->flags.clientHello == 0) {
wolfSSL	11:cee25a834751	1618	SetError(MISSED_CLIENT_HELLO_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1619	return -1;
wolfSSL	11:cee25a834751	1620	}
wolfSSL	11:cee25a834751	1621
wolfSSL	11:cee25a834751	1622	/* make sure can read through session len */
wolfSSL	11:cee25a834751	1623	if (toRead > *sslBytes) {
wolfSSL	11:cee25a834751	1624	SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1625	return -1;
wolfSSL	11:cee25a834751	1626	}
wolfSSL	11:cee25a834751	1627
wolfSSL	11:cee25a834751	1628	XMEMCPY(&pv, input, VERSION_SZ);
wolfSSL	11:cee25a834751	1629	input += VERSION_SZ;
wolfSSL	11:cee25a834751	1630	*sslBytes -= VERSION_SZ;
wolfSSL	11:cee25a834751	1631
wolfSSL	11:cee25a834751	1632	session->sslServer->version = pv;
wolfSSL	11:cee25a834751	1633	session->sslClient->version = pv;
wolfSSL	11:cee25a834751	1634
wolfSSL	11:cee25a834751	1635	XMEMCPY(session->sslServer->arrays->serverRandom, input, RAN_LEN);
wolfSSL	11:cee25a834751	1636	XMEMCPY(session->sslClient->arrays->serverRandom, input, RAN_LEN);
wolfSSL	11:cee25a834751	1637	input += RAN_LEN;
wolfSSL	11:cee25a834751	1638	*sslBytes -= RAN_LEN;
wolfSSL	11:cee25a834751	1639
wolfSSL	11:cee25a834751	1640	b = *input++;
wolfSSL	11:cee25a834751	1641	*sslBytes -= 1;
wolfSSL	11:cee25a834751	1642
wolfSSL	11:cee25a834751	1643	/* make sure can read through compression */
wolfSSL	11:cee25a834751	1644	if ( (b + SUITE_LEN + ENUM_LEN) > *sslBytes) {
wolfSSL	11:cee25a834751	1645	SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1646	return -1;
wolfSSL	11:cee25a834751	1647	}
wolfSSL	11:cee25a834751	1648	if (b) {
wolfSSL	11:cee25a834751	1649	XMEMCPY(session->sslServer->arrays->sessionID, input, ID_LEN);
wolfSSL	11:cee25a834751	1650	session->sslServer->options.haveSessionId = 1;
wolfSSL	11:cee25a834751	1651	}
wolfSSL	11:cee25a834751	1652	input += b;
wolfSSL	11:cee25a834751	1653	*sslBytes -= b;
wolfSSL	11:cee25a834751	1654
wolfSSL	11:cee25a834751	1655	/* cipher suite */
wolfSSL	11:cee25a834751	1656	b = input++; / first byte, ECC or not */
wolfSSL	11:cee25a834751	1657	session->sslServer->options.cipherSuite0 = b;
wolfSSL	11:cee25a834751	1658	session->sslClient->options.cipherSuite0 = b;
wolfSSL	11:cee25a834751	1659	b = *input++;
wolfSSL	11:cee25a834751	1660	session->sslServer->options.cipherSuite = b;
wolfSSL	11:cee25a834751	1661	session->sslClient->options.cipherSuite = b;
wolfSSL	11:cee25a834751	1662	*sslBytes -= SUITE_LEN;
wolfSSL	11:cee25a834751	1663
wolfSSL	11:cee25a834751	1664	/* compression */
wolfSSL	11:cee25a834751	1665	b = *input++;
wolfSSL	11:cee25a834751	1666	*sslBytes -= ENUM_LEN;
wolfSSL	11:cee25a834751	1667
wolfSSL	11:cee25a834751	1668	if (b) {
wolfSSL	11:cee25a834751	1669	SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1670	return -1;
wolfSSL	11:cee25a834751	1671	}
wolfSSL	11:cee25a834751	1672
wolfSSL	11:cee25a834751	1673	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	11:cee25a834751	1674	/* extensions */
wolfSSL	11:cee25a834751	1675	if ((initialBytes - *sslBytes) < msgSz) {
wolfSSL	11:cee25a834751	1676	word16 len;
wolfSSL	11:cee25a834751	1677
wolfSSL	11:cee25a834751	1678	/* skip extensions until extended master secret */
wolfSSL	11:cee25a834751	1679	/* make sure can read len */
wolfSSL	11:cee25a834751	1680	if (SUITE_LEN > *sslBytes) {
wolfSSL	11:cee25a834751	1681	SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1682	return -1;
wolfSSL	11:cee25a834751	1683	}
wolfSSL	11:cee25a834751	1684	len = (word16)((input[0] << 8) \| input[1]);
wolfSSL	11:cee25a834751	1685	input += SUITE_LEN;
wolfSSL	11:cee25a834751	1686	*sslBytes -= SUITE_LEN;
wolfSSL	11:cee25a834751	1687	/* make sure can read through all extensions */
wolfSSL	11:cee25a834751	1688	if (len > *sslBytes) {
wolfSSL	11:cee25a834751	1689	SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1690	return -1;
wolfSSL	11:cee25a834751	1691	}
wolfSSL	11:cee25a834751	1692
wolfSSL	11:cee25a834751	1693	while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
wolfSSL	11:cee25a834751	1694	byte extType[EXT_TYPE_SZ];
wolfSSL	11:cee25a834751	1695	word16 extLen;
wolfSSL	11:cee25a834751	1696
wolfSSL	11:cee25a834751	1697	extType[0] = input[0];
wolfSSL	11:cee25a834751	1698	extType[1] = input[1];
wolfSSL	11:cee25a834751	1699	input += EXT_TYPE_SZ;
wolfSSL	11:cee25a834751	1700	*sslBytes -= EXT_TYPE_SZ;
wolfSSL	11:cee25a834751	1701
wolfSSL	11:cee25a834751	1702	extLen = (word16)((input[0] << 8) \| input[1]);
wolfSSL	11:cee25a834751	1703	input += LENGTH_SZ;
wolfSSL	11:cee25a834751	1704	*sslBytes -= LENGTH_SZ;
wolfSSL	11:cee25a834751	1705
wolfSSL	11:cee25a834751	1706	/* make sure can read through individual extension */
wolfSSL	11:cee25a834751	1707	if (extLen > *sslBytes) {
wolfSSL	11:cee25a834751	1708	SetError(SERVER_HELLO_INPUT_STR, error, session,
wolfSSL	11:cee25a834751	1709	FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1710	return -1;
wolfSSL	11:cee25a834751	1711	}
wolfSSL	11:cee25a834751	1712
wolfSSL	11:cee25a834751	1713	if (extType[0] == 0x00 && extType[1] == EXT_MASTER_SECRET) {
wolfSSL	11:cee25a834751	1714	session->flags.expectEms = 1;
wolfSSL	11:cee25a834751	1715	}
wolfSSL	11:cee25a834751	1716
wolfSSL	11:cee25a834751	1717	input += extLen;
wolfSSL	11:cee25a834751	1718	*sslBytes -= extLen;
wolfSSL	11:cee25a834751	1719	len -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
wolfSSL	11:cee25a834751	1720	}
wolfSSL	11:cee25a834751	1721	}
wolfSSL	11:cee25a834751	1722
wolfSSL	11:cee25a834751	1723	if (!session->flags.expectEms) {
wolfSSL	11:cee25a834751	1724	free(session->hash);
wolfSSL	11:cee25a834751	1725	session->hash = NULL;
wolfSSL	11:cee25a834751	1726	}
wolfSSL	11:cee25a834751	1727	#endif
wolfSSL	11:cee25a834751	1728
wolfSSL	11:cee25a834751	1729	if (session->sslServer->options.haveSessionId &&
wolfSSL	11:cee25a834751	1730	XMEMCMP(session->sslServer->arrays->sessionID,
wolfSSL	11:cee25a834751	1731	session->sslClient->arrays->sessionID, ID_LEN) == 0)
wolfSSL	11:cee25a834751	1732	doResume = 1;
wolfSSL	11:cee25a834751	1733	else if (session->sslClient->options.haveSessionId == 0 &&
wolfSSL	11:cee25a834751	1734	session->sslServer->options.haveSessionId == 0 &&
wolfSSL	11:cee25a834751	1735	session->ticketID)
wolfSSL	11:cee25a834751	1736	doResume = 1;
wolfSSL	11:cee25a834751	1737
wolfSSL	11:cee25a834751	1738	if (session->ticketID && doResume) {
wolfSSL	11:cee25a834751	1739	/* use ticketID to retrieve from session, prefer over sessionID */
wolfSSL	11:cee25a834751	1740	XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN);
wolfSSL	11:cee25a834751	1741	session->sslServer->options.haveSessionId = 1; /* may not have
wolfSSL	11:cee25a834751	1742	actual sessionID */
wolfSSL	11:cee25a834751	1743	}
wolfSSL	11:cee25a834751	1744
wolfSSL	11:cee25a834751	1745	if (doResume ) {
wolfSSL	11:cee25a834751	1746	int ret = 0;
wolfSSL	11:cee25a834751	1747	SSL_SESSION* resume = GetSession(session->sslServer,
wolfSSL	11:cee25a834751	1748	session->sslServer->arrays->masterSecret, 0);
wolfSSL	11:cee25a834751	1749	if (resume == NULL) {
wolfSSL	11:cee25a834751	1750	SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1751	return -1;
wolfSSL	11:cee25a834751	1752	}
wolfSSL	11:cee25a834751	1753	/* make sure client has master secret too */
wolfSSL	11:cee25a834751	1754	XMEMCPY(session->sslClient->arrays->masterSecret,
wolfSSL	11:cee25a834751	1755	session->sslServer->arrays->masterSecret, SECRET_LEN);
wolfSSL	11:cee25a834751	1756	session->flags.resuming = 1;
wolfSSL	11:cee25a834751	1757
wolfSSL	11:cee25a834751	1758	Trace(SERVER_DID_RESUMPTION_STR);
wolfSSL	11:cee25a834751	1759	if (SetCipherSpecs(session->sslServer) != 0) {
wolfSSL	11:cee25a834751	1760	SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1761	return -1;
wolfSSL	11:cee25a834751	1762	}
wolfSSL	11:cee25a834751	1763
wolfSSL	11:cee25a834751	1764	if (SetCipherSpecs(session->sslClient) != 0) {
wolfSSL	11:cee25a834751	1765	SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1766	return -1;
wolfSSL	11:cee25a834751	1767	}
wolfSSL	11:cee25a834751	1768
wolfSSL	11:cee25a834751	1769	if (session->sslServer->options.tls) {
wolfSSL	11:cee25a834751	1770	ret = DeriveTlsKeys(session->sslServer);
wolfSSL	11:cee25a834751	1771	ret += DeriveTlsKeys(session->sslClient);
wolfSSL	11:cee25a834751	1772	}
wolfSSL	11:cee25a834751	1773	else {
wolfSSL	11:cee25a834751	1774	ret = DeriveKeys(session->sslServer);
wolfSSL	11:cee25a834751	1775	ret += DeriveKeys(session->sslClient);
wolfSSL	11:cee25a834751	1776	}
wolfSSL	11:cee25a834751	1777	ret += SetKeysSide(session->sslServer, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL	11:cee25a834751	1778	ret += SetKeysSide(session->sslClient, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL	11:cee25a834751	1779
wolfSSL	11:cee25a834751	1780	if (ret != 0) {
wolfSSL	11:cee25a834751	1781	SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1782	return -1;
wolfSSL	11:cee25a834751	1783	}
wolfSSL	11:cee25a834751	1784	}
wolfSSL	11:cee25a834751	1785	#ifdef SHOW_SECRETS
wolfSSL	11:cee25a834751	1786	{
wolfSSL	11:cee25a834751	1787	int i;
wolfSSL	11:cee25a834751	1788	printf("cipher suite = 0x%02x\n",
wolfSSL	11:cee25a834751	1789	session->sslServer->options.cipherSuite);
wolfSSL	11:cee25a834751	1790	printf("server random: ");
wolfSSL	11:cee25a834751	1791	for (i = 0; i < RAN_LEN; i++)
wolfSSL	11:cee25a834751	1792	printf("%02x", session->sslServer->arrays->serverRandom[i]);
wolfSSL	11:cee25a834751	1793	printf("\n");
wolfSSL	11:cee25a834751	1794	}
wolfSSL	11:cee25a834751	1795	#endif
wolfSSL	11:cee25a834751	1796	return 0;
wolfSSL	11:cee25a834751	1797	}
wolfSSL	11:cee25a834751	1798
wolfSSL	11:cee25a834751	1799
wolfSSL	11:cee25a834751	1800	/* Process normal Client Hello */
wolfSSL	11:cee25a834751	1801	static int ProcessClientHello(const byte* input, int* sslBytes,
wolfSSL	11:cee25a834751	1802	SnifferSession* session, char* error)
wolfSSL	11:cee25a834751	1803	{
wolfSSL	11:cee25a834751	1804	byte bLen;
wolfSSL	11:cee25a834751	1805	word16 len;
wolfSSL	11:cee25a834751	1806	int toRead = VERSION_SZ + RAN_LEN + ENUM_LEN;
wolfSSL	11:cee25a834751	1807
wolfSSL	11:cee25a834751	1808	#ifdef HAVE_SNI
wolfSSL	11:cee25a834751	1809	{
wolfSSL	11:cee25a834751	1810	byte name[MAX_SERVER_NAME];
wolfSSL	11:cee25a834751	1811	word32 nameSz = sizeof(name);
wolfSSL	11:cee25a834751	1812	int ret;
wolfSSL	11:cee25a834751	1813
wolfSSL	11:cee25a834751	1814	ret = wolfSSL_SNI_GetFromBuffer(
wolfSSL	11:cee25a834751	1815	input - HANDSHAKE_HEADER_SZ - RECORD_HEADER_SZ,
wolfSSL	11:cee25a834751	1816	*sslBytes + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ,
wolfSSL	11:cee25a834751	1817	WOLFSSL_SNI_HOST_NAME, name, &nameSz);
wolfSSL	11:cee25a834751	1818
wolfSSL	11:cee25a834751	1819	if (ret == SSL_SUCCESS) {
wolfSSL	11:cee25a834751	1820	NamedKey* namedKey;
wolfSSL	11:cee25a834751	1821
wolfSSL	11:cee25a834751	1822	if (nameSz >= sizeof(name))
wolfSSL	11:cee25a834751	1823	nameSz = sizeof(name) - 1;
wolfSSL	11:cee25a834751	1824	name[nameSz] = 0;
wolfSSL	11:cee25a834751	1825	wc_LockMutex(&session->context->namedKeysMutex);
wolfSSL	11:cee25a834751	1826	namedKey = session->context->namedKeys;
wolfSSL	11:cee25a834751	1827	while (namedKey != NULL) {
wolfSSL	11:cee25a834751	1828	if (nameSz == namedKey->nameSz &&
wolfSSL	11:cee25a834751	1829	XSTRNCMP((char*)name, namedKey->name, nameSz) == 0) {
wolfSSL	11:cee25a834751	1830	if (wolfSSL_use_PrivateKey_buffer(session->sslServer,
wolfSSL	11:cee25a834751	1831	namedKey->key, namedKey->keySz,
wolfSSL	11:cee25a834751	1832	SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
wolfSSL	11:cee25a834751	1833	wc_UnLockMutex(&session->context->namedKeysMutex);
wolfSSL	11:cee25a834751	1834	SetError(CLIENT_HELLO_LATE_KEY_STR, error, session,
wolfSSL	11:cee25a834751	1835	FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1836	return -1;
wolfSSL	11:cee25a834751	1837	}
wolfSSL	11:cee25a834751	1838	break;
wolfSSL	11:cee25a834751	1839	}
wolfSSL	11:cee25a834751	1840	else
wolfSSL	11:cee25a834751	1841	namedKey = namedKey->next;
wolfSSL	11:cee25a834751	1842	}
wolfSSL	11:cee25a834751	1843	wc_UnLockMutex(&session->context->namedKeysMutex);
wolfSSL	11:cee25a834751	1844	}
wolfSSL	11:cee25a834751	1845	}
wolfSSL	11:cee25a834751	1846	#endif
wolfSSL	11:cee25a834751	1847
wolfSSL	11:cee25a834751	1848	session->flags.clientHello = 1; /* don't process again */
wolfSSL	11:cee25a834751	1849
wolfSSL	11:cee25a834751	1850	/* make sure can read up to session len */
wolfSSL	11:cee25a834751	1851	if (toRead > *sslBytes) {
wolfSSL	11:cee25a834751	1852	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1853	return -1;
wolfSSL	11:cee25a834751	1854	}
wolfSSL	11:cee25a834751	1855
wolfSSL	11:cee25a834751	1856	/* skip, get negotiated one from server hello */
wolfSSL	11:cee25a834751	1857	input += VERSION_SZ;
wolfSSL	11:cee25a834751	1858	*sslBytes -= VERSION_SZ;
wolfSSL	11:cee25a834751	1859
wolfSSL	11:cee25a834751	1860	XMEMCPY(session->sslServer->arrays->clientRandom, input, RAN_LEN);
wolfSSL	11:cee25a834751	1861	XMEMCPY(session->sslClient->arrays->clientRandom, input, RAN_LEN);
wolfSSL	11:cee25a834751	1862
wolfSSL	11:cee25a834751	1863	input += RAN_LEN;
wolfSSL	11:cee25a834751	1864	*sslBytes -= RAN_LEN;
wolfSSL	11:cee25a834751	1865
wolfSSL	11:cee25a834751	1866	/* store session in case trying to resume */
wolfSSL	11:cee25a834751	1867	bLen = *input++;
wolfSSL	11:cee25a834751	1868	*sslBytes -= ENUM_LEN;
wolfSSL	11:cee25a834751	1869	if (bLen) {
wolfSSL	11:cee25a834751	1870	if (ID_LEN > *sslBytes) {
wolfSSL	11:cee25a834751	1871	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1872	return -1;
wolfSSL	11:cee25a834751	1873	}
wolfSSL	11:cee25a834751	1874	Trace(CLIENT_RESUME_TRY_STR);
wolfSSL	11:cee25a834751	1875	XMEMCPY(session->sslClient->arrays->sessionID, input, ID_LEN);
wolfSSL	11:cee25a834751	1876	session->sslClient->options.haveSessionId = 1;
wolfSSL	11:cee25a834751	1877	}
wolfSSL	11:cee25a834751	1878	#ifdef SHOW_SECRETS
wolfSSL	11:cee25a834751	1879	{
wolfSSL	11:cee25a834751	1880	int i;
wolfSSL	11:cee25a834751	1881	printf("client random: ");
wolfSSL	11:cee25a834751	1882	for (i = 0; i < RAN_LEN; i++)
wolfSSL	11:cee25a834751	1883	printf("%02x", session->sslServer->arrays->clientRandom[i]);
wolfSSL	11:cee25a834751	1884	printf("\n");
wolfSSL	11:cee25a834751	1885	}
wolfSSL	11:cee25a834751	1886	#endif
wolfSSL	11:cee25a834751	1887
wolfSSL	11:cee25a834751	1888	input += bLen;
wolfSSL	11:cee25a834751	1889	*sslBytes -= bLen;
wolfSSL	11:cee25a834751	1890
wolfSSL	11:cee25a834751	1891	/* skip cipher suites */
wolfSSL	11:cee25a834751	1892	/* make sure can read len */
wolfSSL	11:cee25a834751	1893	if (SUITE_LEN > *sslBytes) {
wolfSSL	11:cee25a834751	1894	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1895	return -1;
wolfSSL	11:cee25a834751	1896	}
wolfSSL	11:cee25a834751	1897	len = (word16)((input[0] << 8) \| input[1]);
wolfSSL	11:cee25a834751	1898	input += SUITE_LEN;
wolfSSL	11:cee25a834751	1899	*sslBytes -= SUITE_LEN;
wolfSSL	11:cee25a834751	1900	/* make sure can read suites + comp len */
wolfSSL	11:cee25a834751	1901	if (len + ENUM_LEN > *sslBytes) {
wolfSSL	11:cee25a834751	1902	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1903	return -1;
wolfSSL	11:cee25a834751	1904	}
wolfSSL	11:cee25a834751	1905	input += len;
wolfSSL	11:cee25a834751	1906	*sslBytes -= len;
wolfSSL	11:cee25a834751	1907
wolfSSL	11:cee25a834751	1908	/* skip compression */
wolfSSL	11:cee25a834751	1909	bLen = *input++;
wolfSSL	11:cee25a834751	1910	*sslBytes -= ENUM_LEN;
wolfSSL	11:cee25a834751	1911	/* make sure can read len */
wolfSSL	11:cee25a834751	1912	if (bLen > *sslBytes) {
wolfSSL	11:cee25a834751	1913	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1914	return -1;
wolfSSL	11:cee25a834751	1915	}
wolfSSL	11:cee25a834751	1916	input += bLen;
wolfSSL	11:cee25a834751	1917	*sslBytes -= bLen;
wolfSSL	11:cee25a834751	1918
wolfSSL	11:cee25a834751	1919	if (*sslBytes == 0) {
wolfSSL	11:cee25a834751	1920	/* no extensions */
wolfSSL	11:cee25a834751	1921	return 0;
wolfSSL	11:cee25a834751	1922	}
wolfSSL	11:cee25a834751	1923
wolfSSL	11:cee25a834751	1924	/* skip extensions until session ticket */
wolfSSL	11:cee25a834751	1925	/* make sure can read len */
wolfSSL	11:cee25a834751	1926	if (SUITE_LEN > *sslBytes) {
wolfSSL	11:cee25a834751	1927	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1928	return -1;
wolfSSL	11:cee25a834751	1929	}
wolfSSL	11:cee25a834751	1930	len = (word16)((input[0] << 8) \| input[1]);
wolfSSL	11:cee25a834751	1931	input += SUITE_LEN;
wolfSSL	11:cee25a834751	1932	*sslBytes -= SUITE_LEN;
wolfSSL	11:cee25a834751	1933	/* make sure can read through all extensions */
wolfSSL	11:cee25a834751	1934	if (len > *sslBytes) {
wolfSSL	11:cee25a834751	1935	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1936	return -1;
wolfSSL	11:cee25a834751	1937	}
wolfSSL	11:cee25a834751	1938
wolfSSL	11:cee25a834751	1939	while (len >= EXT_TYPE_SZ + LENGTH_SZ) {
wolfSSL	11:cee25a834751	1940	byte extType[EXT_TYPE_SZ];
wolfSSL	11:cee25a834751	1941	word16 extLen;
wolfSSL	11:cee25a834751	1942
wolfSSL	11:cee25a834751	1943	extType[0] = input[0];
wolfSSL	11:cee25a834751	1944	extType[1] = input[1];
wolfSSL	11:cee25a834751	1945	input += EXT_TYPE_SZ;
wolfSSL	11:cee25a834751	1946	*sslBytes -= EXT_TYPE_SZ;
wolfSSL	11:cee25a834751	1947
wolfSSL	11:cee25a834751	1948	extLen = (word16)((input[0] << 8) \| input[1]);
wolfSSL	11:cee25a834751	1949	input += LENGTH_SZ;
wolfSSL	11:cee25a834751	1950	*sslBytes -= LENGTH_SZ;
wolfSSL	11:cee25a834751	1951
wolfSSL	11:cee25a834751	1952	/* make sure can read through individual extension */
wolfSSL	11:cee25a834751	1953	if (extLen > *sslBytes) {
wolfSSL	11:cee25a834751	1954	SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1955	return -1;
wolfSSL	11:cee25a834751	1956	}
wolfSSL	11:cee25a834751	1957
wolfSSL	11:cee25a834751	1958	if (extType[0] == 0x00 && extType[1] == TICKET_EXT_ID) {
wolfSSL	11:cee25a834751	1959
wolfSSL	11:cee25a834751	1960	/* make sure can read through ticket if there is a non blank one */
wolfSSL	11:cee25a834751	1961	if (extLen && extLen < ID_LEN) {
wolfSSL	11:cee25a834751	1962	SetError(CLIENT_HELLO_INPUT_STR, error, session,
wolfSSL	11:cee25a834751	1963	FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1964	return -1;
wolfSSL	11:cee25a834751	1965	}
wolfSSL	11:cee25a834751	1966
wolfSSL	11:cee25a834751	1967	if (extLen) {
wolfSSL	11:cee25a834751	1968	if (session->ticketID == 0) {
wolfSSL	11:cee25a834751	1969	session->ticketID = (byte*)malloc(ID_LEN);
wolfSSL	11:cee25a834751	1970	if (session->ticketID == 0) {
wolfSSL	11:cee25a834751	1971	SetError(MEMORY_STR, error, session,
wolfSSL	11:cee25a834751	1972	FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	1973	return -1;
wolfSSL	11:cee25a834751	1974	}
wolfSSL	11:cee25a834751	1975	}
wolfSSL	11:cee25a834751	1976	XMEMCPY(session->ticketID, input + extLen - ID_LEN, ID_LEN);
wolfSSL	11:cee25a834751	1977	}
wolfSSL	11:cee25a834751	1978	}
wolfSSL	11:cee25a834751	1979
wolfSSL	11:cee25a834751	1980	input += extLen;
wolfSSL	11:cee25a834751	1981	*sslBytes -= extLen;
wolfSSL	11:cee25a834751	1982	len -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
wolfSSL	11:cee25a834751	1983	}
wolfSSL	11:cee25a834751	1984
wolfSSL	11:cee25a834751	1985	return 0;
wolfSSL	11:cee25a834751	1986	}
wolfSSL	11:cee25a834751	1987
wolfSSL	11:cee25a834751	1988
wolfSSL	11:cee25a834751	1989	/* Process Finished */
wolfSSL	11:cee25a834751	1990	static int ProcessFinished(const byte* input, int size, int* sslBytes,
wolfSSL	11:cee25a834751	1991	SnifferSession* session, char* error)
wolfSSL	11:cee25a834751	1992	{
wolfSSL	11:cee25a834751	1993	SSL* ssl;
wolfSSL	11:cee25a834751	1994	word32 inOutIdx = 0;
wolfSSL	11:cee25a834751	1995	int ret;
wolfSSL	11:cee25a834751	1996
wolfSSL	11:cee25a834751	1997	if (session->flags.side == WOLFSSL_SERVER_END)
wolfSSL	11:cee25a834751	1998	ssl = session->sslServer;
wolfSSL	11:cee25a834751	1999	else
wolfSSL	11:cee25a834751	2000	ssl = session->sslClient;
wolfSSL	11:cee25a834751	2001
wolfSSL	11:cee25a834751	2002	ret = DoFinished(ssl, input, &inOutIdx, (word32) size, (word32) *sslBytes,
wolfSSL	11:cee25a834751	2003	SNIFF);
wolfSSL	11:cee25a834751	2004	*sslBytes -= (int)inOutIdx;
wolfSSL	11:cee25a834751	2005
wolfSSL	11:cee25a834751	2006	if (ret < 0) {
wolfSSL	11:cee25a834751	2007	SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2008	return ret;
wolfSSL	11:cee25a834751	2009	}
wolfSSL	11:cee25a834751	2010
wolfSSL	11:cee25a834751	2011	if (ret == 0 && session->flags.cached == 0) {
wolfSSL	11:cee25a834751	2012	if (session->sslServer->options.haveSessionId) {
wolfSSL	11:cee25a834751	2013	WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL, 0);
wolfSSL	11:cee25a834751	2014	if (sess == NULL)
wolfSSL	11:cee25a834751	2015	AddSession(session->sslServer); /* don't re add */
wolfSSL	11:cee25a834751	2016	session->flags.cached = 1;
wolfSSL	11:cee25a834751	2017	}
wolfSSL	11:cee25a834751	2018	}
wolfSSL	11:cee25a834751	2019
wolfSSL	11:cee25a834751	2020	/* If receiving a finished message from one side, free the resources
wolfSSL	11:cee25a834751	2021	* from the other side's tracker. */
wolfSSL	11:cee25a834751	2022	if (session->flags.side == WOLFSSL_SERVER_END)
wolfSSL	11:cee25a834751	2023	FreeHandshakeResources(session->sslClient);
wolfSSL	11:cee25a834751	2024	else
wolfSSL	11:cee25a834751	2025	FreeHandshakeResources(session->sslServer);
wolfSSL	11:cee25a834751	2026
wolfSSL	11:cee25a834751	2027	return ret;
wolfSSL	11:cee25a834751	2028	}
wolfSSL	11:cee25a834751	2029
wolfSSL	11:cee25a834751	2030
wolfSSL	11:cee25a834751	2031	/* Process HandShake input */
wolfSSL	11:cee25a834751	2032	static int DoHandShake(const byte* input, int* sslBytes,
wolfSSL	11:cee25a834751	2033	SnifferSession* session, char* error)
wolfSSL	11:cee25a834751	2034	{
wolfSSL	11:cee25a834751	2035	byte type;
wolfSSL	11:cee25a834751	2036	int size;
wolfSSL	11:cee25a834751	2037	int ret = 0;
wolfSSL	11:cee25a834751	2038	int startBytes;
wolfSSL	11:cee25a834751	2039
wolfSSL	11:cee25a834751	2040	if (*sslBytes < HANDSHAKE_HEADER_SZ) {
wolfSSL	11:cee25a834751	2041	SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2042	return -1;
wolfSSL	11:cee25a834751	2043	}
wolfSSL	11:cee25a834751	2044	type = input[0];
wolfSSL	11:cee25a834751	2045	size = (input[1] << 16) \| (input[2] << 8) \| input[3];
wolfSSL	11:cee25a834751	2046
wolfSSL	11:cee25a834751	2047	input += HANDSHAKE_HEADER_SZ;
wolfSSL	11:cee25a834751	2048	*sslBytes -= HANDSHAKE_HEADER_SZ;
wolfSSL	11:cee25a834751	2049	startBytes = *sslBytes;
wolfSSL	11:cee25a834751	2050
wolfSSL	11:cee25a834751	2051	if (*sslBytes < size) {
wolfSSL	11:cee25a834751	2052	SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2053	return -1;
wolfSSL	11:cee25a834751	2054	}
wolfSSL	11:cee25a834751	2055
wolfSSL	11:cee25a834751	2056	/* A session's arrays are released when the handshake is completed. */
wolfSSL	11:cee25a834751	2057	if (session->sslServer->arrays == NULL &&
wolfSSL	11:cee25a834751	2058	session->sslClient->arrays == NULL) {
wolfSSL	11:cee25a834751	2059
wolfSSL	11:cee25a834751	2060	SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2061	return -1;
wolfSSL	11:cee25a834751	2062	}
wolfSSL	11:cee25a834751	2063
wolfSSL	11:cee25a834751	2064	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	11:cee25a834751	2065	if (session->hash) {
wolfSSL	11:cee25a834751	2066	if (HashUpdate(session->hash, input, size) != 0) {
wolfSSL	11:cee25a834751	2067	SetError(EXTENDED_MASTER_HASH_STR, error,
wolfSSL	11:cee25a834751	2068	session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2069	return -1;
wolfSSL	11:cee25a834751	2070	}
wolfSSL	11:cee25a834751	2071	}
wolfSSL	11:cee25a834751	2072	#endif
wolfSSL	11:cee25a834751	2073
wolfSSL	11:cee25a834751	2074	switch (type) {
wolfSSL	11:cee25a834751	2075	case hello_verify_request:
wolfSSL	11:cee25a834751	2076	Trace(GOT_HELLO_VERIFY_STR);
wolfSSL	11:cee25a834751	2077	break;
wolfSSL	11:cee25a834751	2078	case hello_request:
wolfSSL	11:cee25a834751	2079	Trace(GOT_HELLO_REQUEST_STR);
wolfSSL	11:cee25a834751	2080	break;
wolfSSL	11:cee25a834751	2081	case session_ticket:
wolfSSL	11:cee25a834751	2082	Trace(GOT_SESSION_TICKET_STR);
wolfSSL	11:cee25a834751	2083	ret = ProcessSessionTicket(input, sslBytes, session, error);
wolfSSL	11:cee25a834751	2084	break;
wolfSSL	11:cee25a834751	2085	case server_hello:
wolfSSL	11:cee25a834751	2086	Trace(GOT_SERVER_HELLO_STR);
wolfSSL	11:cee25a834751	2087	ret = ProcessServerHello(size, input, sslBytes, session, error);
wolfSSL	11:cee25a834751	2088	break;
wolfSSL	11:cee25a834751	2089	case certificate_request:
wolfSSL	11:cee25a834751	2090	Trace(GOT_CERT_REQ_STR);
wolfSSL	11:cee25a834751	2091	break;
wolfSSL	11:cee25a834751	2092	case server_key_exchange:
wolfSSL	11:cee25a834751	2093	Trace(GOT_SERVER_KEY_EX_STR);
wolfSSL	11:cee25a834751	2094	/* can't know temp key passively */
wolfSSL	11:cee25a834751	2095	SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2096	ret = -1;
wolfSSL	11:cee25a834751	2097	break;
wolfSSL	11:cee25a834751	2098	case certificate:
wolfSSL	11:cee25a834751	2099	Trace(GOT_CERT_STR);
wolfSSL	11:cee25a834751	2100	break;
wolfSSL	11:cee25a834751	2101	case server_hello_done:
wolfSSL	11:cee25a834751	2102	Trace(GOT_SERVER_HELLO_DONE_STR);
wolfSSL	11:cee25a834751	2103	break;
wolfSSL	11:cee25a834751	2104	case finished:
wolfSSL	11:cee25a834751	2105	Trace(GOT_FINISHED_STR);
wolfSSL	11:cee25a834751	2106	ret = ProcessFinished(input, size, sslBytes, session, error);
wolfSSL	11:cee25a834751	2107	break;
wolfSSL	11:cee25a834751	2108	case client_hello:
wolfSSL	11:cee25a834751	2109	Trace(GOT_CLIENT_HELLO_STR);
wolfSSL	11:cee25a834751	2110	ret = ProcessClientHello(input, sslBytes, session, error);
wolfSSL	11:cee25a834751	2111	break;
wolfSSL	11:cee25a834751	2112	case client_key_exchange:
wolfSSL	11:cee25a834751	2113	Trace(GOT_CLIENT_KEY_EX_STR);
wolfSSL	11:cee25a834751	2114	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	11:cee25a834751	2115	if (session->flags.expectEms && session->hash != NULL) {
wolfSSL	11:cee25a834751	2116	if (HashCopy(session->sslServer->hsHashes,
wolfSSL	11:cee25a834751	2117	session->hash) == 0 &&
wolfSSL	11:cee25a834751	2118	HashCopy(session->sslClient->hsHashes,
wolfSSL	11:cee25a834751	2119	session->hash) == 0) {
wolfSSL	11:cee25a834751	2120
wolfSSL	11:cee25a834751	2121	session->sslServer->options.haveEMS = 1;
wolfSSL	11:cee25a834751	2122	session->sslClient->options.haveEMS = 1;
wolfSSL	11:cee25a834751	2123	}
wolfSSL	11:cee25a834751	2124	else {
wolfSSL	11:cee25a834751	2125	SetError(EXTENDED_MASTER_HASH_STR, error,
wolfSSL	11:cee25a834751	2126	session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2127	ret = -1;
wolfSSL	11:cee25a834751	2128	}
wolfSSL	11:cee25a834751	2129	XMEMSET(session->hash, 0, sizeof(HsHashes));
wolfSSL	11:cee25a834751	2130	free(session->hash);
wolfSSL	11:cee25a834751	2131	session->hash = NULL;
wolfSSL	11:cee25a834751	2132	}
wolfSSL	11:cee25a834751	2133	else {
wolfSSL	11:cee25a834751	2134	session->sslServer->options.haveEMS = 0;
wolfSSL	11:cee25a834751	2135	session->sslClient->options.haveEMS = 0;
wolfSSL	11:cee25a834751	2136	}
wolfSSL	11:cee25a834751	2137	#endif
wolfSSL	11:cee25a834751	2138	if (ret == 0)
wolfSSL	11:cee25a834751	2139	ret = ProcessClientKeyExchange(input, sslBytes, session, error);
wolfSSL	11:cee25a834751	2140	break;
wolfSSL	11:cee25a834751	2141	case certificate_verify:
wolfSSL	11:cee25a834751	2142	Trace(GOT_CERT_VER_STR);
wolfSSL	11:cee25a834751	2143	break;
wolfSSL	11:cee25a834751	2144	case certificate_status:
wolfSSL	11:cee25a834751	2145	Trace(GOT_CERT_STATUS_STR);
wolfSSL	11:cee25a834751	2146	break;
wolfSSL	11:cee25a834751	2147	default:
wolfSSL	11:cee25a834751	2148	SetError(GOT_UNKNOWN_HANDSHAKE_STR, error, session, 0);
wolfSSL	11:cee25a834751	2149	return -1;
wolfSSL	11:cee25a834751	2150	}
wolfSSL	11:cee25a834751	2151
wolfSSL	11:cee25a834751	2152	sslBytes = startBytes - size; / actual bytes of full process */
wolfSSL	11:cee25a834751	2153
wolfSSL	11:cee25a834751	2154	return ret;
wolfSSL	11:cee25a834751	2155	}
wolfSSL	11:cee25a834751	2156
wolfSSL	11:cee25a834751	2157
wolfSSL	11:cee25a834751	2158	/* Decrypt input into plain output, 0 on success */
wolfSSL	11:cee25a834751	2159	static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
wolfSSL	11:cee25a834751	2160	{
wolfSSL	11:cee25a834751	2161	int ret = 0;
wolfSSL	11:cee25a834751	2162
wolfSSL	11:cee25a834751	2163	(void)output;
wolfSSL	11:cee25a834751	2164	(void)input;
wolfSSL	11:cee25a834751	2165	(void)sz;
wolfSSL	11:cee25a834751	2166
wolfSSL	11:cee25a834751	2167	switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL	11:cee25a834751	2168	#ifdef BUILD_ARC4
wolfSSL	11:cee25a834751	2169	case wolfssl_rc4:
wolfSSL	11:cee25a834751	2170	wc_Arc4Process(ssl->decrypt.arc4, output, input, sz);
wolfSSL	11:cee25a834751	2171	break;
wolfSSL	11:cee25a834751	2172	#endif
wolfSSL	11:cee25a834751	2173
wolfSSL	11:cee25a834751	2174	#ifdef BUILD_DES3
wolfSSL	11:cee25a834751	2175	case wolfssl_triple_des:
wolfSSL	11:cee25a834751	2176	ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
wolfSSL	11:cee25a834751	2177	break;
wolfSSL	11:cee25a834751	2178	#endif
wolfSSL	11:cee25a834751	2179
wolfSSL	11:cee25a834751	2180	#ifdef BUILD_AES
wolfSSL	11:cee25a834751	2181	case wolfssl_aes:
wolfSSL	11:cee25a834751	2182	ret = wc_AesCbcDecrypt(ssl->decrypt.aes, output, input, sz);
wolfSSL	11:cee25a834751	2183	break;
wolfSSL	11:cee25a834751	2184	#endif
wolfSSL	11:cee25a834751	2185
wolfSSL	11:cee25a834751	2186	#ifdef HAVE_HC128
wolfSSL	11:cee25a834751	2187	case wolfssl_hc128:
wolfSSL	11:cee25a834751	2188	wc_Hc128_Process(ssl->decrypt.hc128, output, input, sz);
wolfSSL	11:cee25a834751	2189	break;
wolfSSL	11:cee25a834751	2190	#endif
wolfSSL	11:cee25a834751	2191
wolfSSL	11:cee25a834751	2192	#ifdef BUILD_RABBIT
wolfSSL	11:cee25a834751	2193	case wolfssl_rabbit:
wolfSSL	11:cee25a834751	2194	wc_RabbitProcess(ssl->decrypt.rabbit, output, input, sz);
wolfSSL	11:cee25a834751	2195	break;
wolfSSL	11:cee25a834751	2196	#endif
wolfSSL	11:cee25a834751	2197
wolfSSL	11:cee25a834751	2198	#ifdef HAVE_CAMELLIA
wolfSSL	11:cee25a834751	2199	case wolfssl_camellia:
wolfSSL	11:cee25a834751	2200	wc_CamelliaCbcDecrypt(ssl->decrypt.cam, output, input, sz);
wolfSSL	11:cee25a834751	2201	break;
wolfSSL	11:cee25a834751	2202	#endif
wolfSSL	11:cee25a834751	2203
wolfSSL	11:cee25a834751	2204	#ifdef HAVE_IDEA
wolfSSL	11:cee25a834751	2205	case wolfssl_idea:
wolfSSL	11:cee25a834751	2206	wc_IdeaCbcDecrypt(ssl->decrypt.idea, output, input, sz);
wolfSSL	11:cee25a834751	2207	break;
wolfSSL	11:cee25a834751	2208	#endif
wolfSSL	11:cee25a834751	2209
wolfSSL	11:cee25a834751	2210	#ifdef HAVE_AESGCM
wolfSSL	11:cee25a834751	2211	case wolfssl_aes_gcm:
wolfSSL	11:cee25a834751	2212	if (sz >= (word32)(AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size))
wolfSSL	11:cee25a834751	2213	{
wolfSSL	11:cee25a834751	2214	/* scratch buffer, sniffer ignores auth tag*/
wolfSSL	11:cee25a834751	2215	byte authTag[WOLFSSL_MIN_AUTH_TAG_SZ];
wolfSSL	11:cee25a834751	2216
wolfSSL	11:cee25a834751	2217	byte nonce[AESGCM_NONCE_SZ];
wolfSSL	11:cee25a834751	2218	XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL	11:cee25a834751	2219	XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
wolfSSL	11:cee25a834751	2220
wolfSSL	11:cee25a834751	2221	if (wc_AesGcmEncrypt(ssl->decrypt.aes,
wolfSSL	11:cee25a834751	2222	output,
wolfSSL	11:cee25a834751	2223	input + AESGCM_EXP_IV_SZ,
wolfSSL	11:cee25a834751	2224	sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL	11:cee25a834751	2225	nonce, AESGCM_NONCE_SZ,
wolfSSL	11:cee25a834751	2226	authTag, sizeof(authTag),
wolfSSL	11:cee25a834751	2227	NULL, 0) < 0) {
wolfSSL	11:cee25a834751	2228	Trace(BAD_DECRYPT);
wolfSSL	11:cee25a834751	2229	ret = -1;
wolfSSL	11:cee25a834751	2230	}
wolfSSL	11:cee25a834751	2231	ForceZero(nonce, AESGCM_NONCE_SZ);
wolfSSL	11:cee25a834751	2232	}
wolfSSL	11:cee25a834751	2233	else {
wolfSSL	11:cee25a834751	2234	Trace(BAD_DECRYPT_SIZE);
wolfSSL	11:cee25a834751	2235	ret = -1;
wolfSSL	11:cee25a834751	2236	}
wolfSSL	11:cee25a834751	2237	break;
wolfSSL	11:cee25a834751	2238	#endif
wolfSSL	11:cee25a834751	2239
wolfSSL	11:cee25a834751	2240	default:
wolfSSL	11:cee25a834751	2241	Trace(BAD_DECRYPT_TYPE);
wolfSSL	11:cee25a834751	2242	ret = -1;
wolfSSL	11:cee25a834751	2243	break;
wolfSSL	11:cee25a834751	2244	}
wolfSSL	11:cee25a834751	2245
wolfSSL	11:cee25a834751	2246	return ret;
wolfSSL	11:cee25a834751	2247	}
wolfSSL	11:cee25a834751	2248
wolfSSL	11:cee25a834751	2249
wolfSSL	11:cee25a834751	2250	/* Decrypt input message into output, adjust output steam if needed */
wolfSSL	11:cee25a834751	2251	static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz,
wolfSSL	11:cee25a834751	2252	byte* output, int* error, int* advance)
wolfSSL	11:cee25a834751	2253	{
wolfSSL	11:cee25a834751	2254	int ivExtra = 0;
wolfSSL	11:cee25a834751	2255
wolfSSL	11:cee25a834751	2256	int ret = Decrypt(ssl, output, input, sz);
wolfSSL	11:cee25a834751	2257	if (ret != 0) {
wolfSSL	11:cee25a834751	2258	*error = ret;
wolfSSL	11:cee25a834751	2259	return NULL;
wolfSSL	11:cee25a834751	2260	}
wolfSSL	11:cee25a834751	2261	ssl->keys.encryptSz = sz;
wolfSSL	11:cee25a834751	2262	if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) {
wolfSSL	11:cee25a834751	2263	output += ssl->specs.block_size; /* go past TLSv1.1 IV */
wolfSSL	11:cee25a834751	2264	ivExtra = ssl->specs.block_size;
wolfSSL	11:cee25a834751	2265	*advance = ssl->specs.block_size;
wolfSSL	11:cee25a834751	2266	}
wolfSSL	11:cee25a834751	2267
wolfSSL	11:cee25a834751	2268	if (ssl->specs.cipher_type == aead) {
wolfSSL	11:cee25a834751	2269	*advance = ssl->specs.aead_mac_size;
wolfSSL	11:cee25a834751	2270	ssl->keys.padSz = ssl->specs.aead_mac_size;
wolfSSL	11:cee25a834751	2271	}
wolfSSL	11:cee25a834751	2272	else
wolfSSL	11:cee25a834751	2273	ssl->keys.padSz = ssl->specs.hash_size;
wolfSSL	11:cee25a834751	2274
wolfSSL	11:cee25a834751	2275	if (ssl->specs.cipher_type == block)
wolfSSL	11:cee25a834751	2276	ssl->keys.padSz += *(output + sz - ivExtra - 1) + 1;
wolfSSL	11:cee25a834751	2277
wolfSSL	11:cee25a834751	2278	return output;
wolfSSL	11:cee25a834751	2279	}
wolfSSL	11:cee25a834751	2280
wolfSSL	11:cee25a834751	2281
wolfSSL	11:cee25a834751	2282	/* remove session from table, use rowHint if no info (means we have a lock) */
wolfSSL	11:cee25a834751	2283	static void RemoveSession(SnifferSession* session, IpInfo* ipInfo,
wolfSSL	11:cee25a834751	2284	TcpInfo* tcpInfo, word32 rowHint)
wolfSSL	11:cee25a834751	2285	{
wolfSSL	11:cee25a834751	2286	SnifferSession* previous = 0;
wolfSSL	11:cee25a834751	2287	SnifferSession* current;
wolfSSL	11:cee25a834751	2288	word32 row = rowHint;
wolfSSL	11:cee25a834751	2289	int haveLock = 0;
wolfSSL	11:cee25a834751	2290
wolfSSL	11:cee25a834751	2291	if (ipInfo && tcpInfo)
wolfSSL	11:cee25a834751	2292	row = SessionHash(ipInfo, tcpInfo);
wolfSSL	11:cee25a834751	2293	else
wolfSSL	11:cee25a834751	2294	haveLock = 1;
wolfSSL	11:cee25a834751	2295
wolfSSL	11:cee25a834751	2296	assert(row <= HASH_SIZE);
wolfSSL	11:cee25a834751	2297	Trace(REMOVE_SESSION_STR);
wolfSSL	11:cee25a834751	2298
wolfSSL	11:cee25a834751	2299	if (!haveLock)
wolfSSL	11:cee25a834751	2300	wc_LockMutex(&SessionMutex);
wolfSSL	11:cee25a834751	2301
wolfSSL	11:cee25a834751	2302	current = SessionTable[row];
wolfSSL	11:cee25a834751	2303
wolfSSL	11:cee25a834751	2304	while (current) {
wolfSSL	11:cee25a834751	2305	if (current == session) {
wolfSSL	11:cee25a834751	2306	if (previous)
wolfSSL	11:cee25a834751	2307	previous->next = current->next;
wolfSSL	11:cee25a834751	2308	else
wolfSSL	11:cee25a834751	2309	SessionTable[row] = current->next;
wolfSSL	11:cee25a834751	2310	FreeSnifferSession(session);
wolfSSL	11:cee25a834751	2311	TraceRemovedSession();
wolfSSL	11:cee25a834751	2312	break;
wolfSSL	11:cee25a834751	2313	}
wolfSSL	11:cee25a834751	2314	previous = current;
wolfSSL	11:cee25a834751	2315	current = current->next;
wolfSSL	11:cee25a834751	2316	}
wolfSSL	11:cee25a834751	2317
wolfSSL	11:cee25a834751	2318	if (!haveLock)
wolfSSL	11:cee25a834751	2319	wc_UnLockMutex(&SessionMutex);
wolfSSL	11:cee25a834751	2320	}
wolfSSL	11:cee25a834751	2321
wolfSSL	11:cee25a834751	2322
wolfSSL	11:cee25a834751	2323	/* Remove stale sessions from the Session Table, have a lock */
wolfSSL	11:cee25a834751	2324	static void RemoveStaleSessions(void)
wolfSSL	11:cee25a834751	2325	{
wolfSSL	11:cee25a834751	2326	word32 i;
wolfSSL	11:cee25a834751	2327	SnifferSession* session;
wolfSSL	11:cee25a834751	2328
wolfSSL	11:cee25a834751	2329	for (i = 0; i < HASH_SIZE; i++) {
wolfSSL	11:cee25a834751	2330	session = SessionTable[i];
wolfSSL	11:cee25a834751	2331	while (session) {
wolfSSL	11:cee25a834751	2332	SnifferSession* next = session->next;
wolfSSL	11:cee25a834751	2333	if (time(NULL) >= session->lastUsed + WOLFSSL_SNIFFER_TIMEOUT) {
wolfSSL	11:cee25a834751	2334	TraceStaleSession();
wolfSSL	11:cee25a834751	2335	RemoveSession(session, NULL, NULL, i);
wolfSSL	11:cee25a834751	2336	}
wolfSSL	11:cee25a834751	2337	session = next;
wolfSSL	11:cee25a834751	2338	}
wolfSSL	11:cee25a834751	2339	}
wolfSSL	11:cee25a834751	2340	}
wolfSSL	11:cee25a834751	2341
wolfSSL	11:cee25a834751	2342
wolfSSL	11:cee25a834751	2343	/* Create a new Sniffer Session */
wolfSSL	11:cee25a834751	2344	static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL	11:cee25a834751	2345	char* error)
wolfSSL	11:cee25a834751	2346	{
wolfSSL	11:cee25a834751	2347	SnifferSession* session = 0;
wolfSSL	11:cee25a834751	2348	int row;
wolfSSL	11:cee25a834751	2349
wolfSSL	11:cee25a834751	2350	Trace(NEW_SESSION_STR);
wolfSSL	11:cee25a834751	2351	/* create a new one */
wolfSSL	11:cee25a834751	2352	session = (SnifferSession*)malloc(sizeof(SnifferSession));
wolfSSL	11:cee25a834751	2353	if (session == NULL) {
wolfSSL	11:cee25a834751	2354	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	2355	return 0;
wolfSSL	11:cee25a834751	2356	}
wolfSSL	11:cee25a834751	2357	InitSession(session);
wolfSSL	11:cee25a834751	2358	#ifdef HAVE_EXTENDED_MASTER
wolfSSL	11:cee25a834751	2359	{
wolfSSL	11:cee25a834751	2360	HsHashes* newHash = (HsHashes*)malloc(sizeof(HsHashes));
wolfSSL	11:cee25a834751	2361	if (newHash == NULL) {
wolfSSL	11:cee25a834751	2362	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	2363	free(session);
wolfSSL	11:cee25a834751	2364	return 0;
wolfSSL	11:cee25a834751	2365	}
wolfSSL	11:cee25a834751	2366	if (HashInit(newHash) != 0) {
wolfSSL	11:cee25a834751	2367	SetError(EXTENDED_MASTER_HASH_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	2368	free(session);
wolfSSL	11:cee25a834751	2369	return 0;
wolfSSL	11:cee25a834751	2370	}
wolfSSL	11:cee25a834751	2371	session->hash = newHash;
wolfSSL	11:cee25a834751	2372	}
wolfSSL	11:cee25a834751	2373	#endif
wolfSSL	11:cee25a834751	2374	session->server = ipInfo->dst;
wolfSSL	11:cee25a834751	2375	session->client = ipInfo->src;
wolfSSL	11:cee25a834751	2376	session->srvPort = (word16)tcpInfo->dstPort;
wolfSSL	11:cee25a834751	2377	session->cliPort = (word16)tcpInfo->srcPort;
wolfSSL	11:cee25a834751	2378	session->cliSeqStart = tcpInfo->sequence;
wolfSSL	11:cee25a834751	2379	session->cliExpected = 1; /* relative */
wolfSSL	11:cee25a834751	2380	session->lastUsed= time(NULL);
wolfSSL	11:cee25a834751	2381
wolfSSL	11:cee25a834751	2382	session->context = GetSnifferServer(ipInfo, tcpInfo);
wolfSSL	11:cee25a834751	2383	if (session->context == NULL) {
wolfSSL	11:cee25a834751	2384	SetError(SERVER_NOT_REG_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	2385	free(session);
wolfSSL	11:cee25a834751	2386	return 0;
wolfSSL	11:cee25a834751	2387	}
wolfSSL	11:cee25a834751	2388
wolfSSL	11:cee25a834751	2389	session->sslServer = SSL_new(session->context->ctx);
wolfSSL	11:cee25a834751	2390	if (session->sslServer == NULL) {
wolfSSL	11:cee25a834751	2391	SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2392	free(session);
wolfSSL	11:cee25a834751	2393	return 0;
wolfSSL	11:cee25a834751	2394	}
wolfSSL	11:cee25a834751	2395	session->sslClient = SSL_new(session->context->ctx);
wolfSSL	11:cee25a834751	2396	if (session->sslClient == NULL) {
wolfSSL	11:cee25a834751	2397	SSL_free(session->sslServer);
wolfSSL	11:cee25a834751	2398	session->sslServer = 0;
wolfSSL	11:cee25a834751	2399
wolfSSL	11:cee25a834751	2400	SetError(BAD_NEW_SSL_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2401	free(session);
wolfSSL	11:cee25a834751	2402	return 0;
wolfSSL	11:cee25a834751	2403	}
wolfSSL	11:cee25a834751	2404	/* put server back into server mode */
wolfSSL	11:cee25a834751	2405	session->sslServer->options.side = WOLFSSL_SERVER_END;
wolfSSL	11:cee25a834751	2406
wolfSSL	11:cee25a834751	2407	row = SessionHash(ipInfo, tcpInfo);
wolfSSL	11:cee25a834751	2408
wolfSSL	11:cee25a834751	2409	/* add it to the session table */
wolfSSL	11:cee25a834751	2410	wc_LockMutex(&SessionMutex);
wolfSSL	11:cee25a834751	2411
wolfSSL	11:cee25a834751	2412	session->next = SessionTable[row];
wolfSSL	11:cee25a834751	2413	SessionTable[row] = session;
wolfSSL	11:cee25a834751	2414
wolfSSL	11:cee25a834751	2415	SessionCount++;
wolfSSL	11:cee25a834751	2416
wolfSSL	11:cee25a834751	2417	if ( (SessionCount % HASH_SIZE) == 0) {
wolfSSL	11:cee25a834751	2418	TraceFindingStale();
wolfSSL	11:cee25a834751	2419	RemoveStaleSessions();
wolfSSL	11:cee25a834751	2420	}
wolfSSL	11:cee25a834751	2421
wolfSSL	11:cee25a834751	2422	wc_UnLockMutex(&SessionMutex);
wolfSSL	11:cee25a834751	2423
wolfSSL	11:cee25a834751	2424	/* determine headed side */
wolfSSL	11:cee25a834751	2425	if (ipInfo->dst == session->context->server &&
wolfSSL	11:cee25a834751	2426	tcpInfo->dstPort == session->context->port)
wolfSSL	11:cee25a834751	2427	session->flags.side = WOLFSSL_SERVER_END;
wolfSSL	11:cee25a834751	2428	else
wolfSSL	11:cee25a834751	2429	session->flags.side = WOLFSSL_CLIENT_END;
wolfSSL	11:cee25a834751	2430
wolfSSL	11:cee25a834751	2431	return session;
wolfSSL	11:cee25a834751	2432	}
wolfSSL	11:cee25a834751	2433
wolfSSL	11:cee25a834751	2434
wolfSSL	11:cee25a834751	2435	#ifdef OLD_HELLO_ALLOWED
wolfSSL	11:cee25a834751	2436
wolfSSL	11:cee25a834751	2437	/* Process Old Client Hello Input */
wolfSSL	11:cee25a834751	2438	static int DoOldHello(SnifferSession* session, const byte* sslFrame,
wolfSSL	11:cee25a834751	2439	int* rhSize, int* sslBytes, char* error)
wolfSSL	11:cee25a834751	2440	{
wolfSSL	11:cee25a834751	2441	const byte* input = sslFrame;
wolfSSL	11:cee25a834751	2442	byte b0, b1;
wolfSSL	11:cee25a834751	2443	word32 idx = 0;
wolfSSL	11:cee25a834751	2444	int ret;
wolfSSL	11:cee25a834751	2445
wolfSSL	11:cee25a834751	2446	Trace(GOT_OLD_CLIENT_HELLO_STR);
wolfSSL	11:cee25a834751	2447	session->flags.clientHello = 1; /* don't process again */
wolfSSL	11:cee25a834751	2448	b0 = *input++;
wolfSSL	11:cee25a834751	2449	b1 = *input++;
wolfSSL	11:cee25a834751	2450	*sslBytes -= 2;
wolfSSL	11:cee25a834751	2451	*rhSize = ((b0 & 0x7f) << 8) \| b1;
wolfSSL	11:cee25a834751	2452
wolfSSL	11:cee25a834751	2453	if (rhSize > sslBytes) {
wolfSSL	11:cee25a834751	2454	SetError(OLD_CLIENT_INPUT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2455	return -1;
wolfSSL	11:cee25a834751	2456	}
wolfSSL	11:cee25a834751	2457
wolfSSL	11:cee25a834751	2458	ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes,
wolfSSL	11:cee25a834751	2459	(word16)*rhSize);
wolfSSL	11:cee25a834751	2460	if (ret < 0 && ret != MATCH_SUITE_ERROR) {
wolfSSL	11:cee25a834751	2461	SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2462	return -1;
wolfSSL	11:cee25a834751	2463	}
wolfSSL	11:cee25a834751	2464
wolfSSL	11:cee25a834751	2465	Trace(OLD_CLIENT_OK_STR);
wolfSSL	11:cee25a834751	2466	XMEMCPY(session->sslClient->arrays->clientRandom,
wolfSSL	11:cee25a834751	2467	session->sslServer->arrays->clientRandom, RAN_LEN);
wolfSSL	11:cee25a834751	2468
wolfSSL	11:cee25a834751	2469	sslBytes -= rhSize;
wolfSSL	11:cee25a834751	2470	return 0;
wolfSSL	11:cee25a834751	2471	}
wolfSSL	11:cee25a834751	2472
wolfSSL	11:cee25a834751	2473	#endif /* OLD_HELLO_ALLOWED */
wolfSSL	11:cee25a834751	2474
wolfSSL	11:cee25a834751	2475
wolfSSL	11:cee25a834751	2476	#if 0
wolfSSL	11:cee25a834751	2477	/* Calculate the TCP checksum, see RFC 1071 */
wolfSSL	11:cee25a834751	2478	/* return 0 for success, -1 on error */
wolfSSL	11:cee25a834751	2479	/* can be called from decode() with
wolfSSL	11:cee25a834751	2480	TcpChecksum(&ipInfo, &tcpInfo, sslBytes, packet + ipInfo.length);
wolfSSL	11:cee25a834751	2481	could also add a 64bit version if type available and using this
wolfSSL	11:cee25a834751	2482	*/
wolfSSL	11:cee25a834751	2483	int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen,
wolfSSL	11:cee25a834751	2484	const byte* packet)
wolfSSL	11:cee25a834751	2485	{
wolfSSL	11:cee25a834751	2486	TcpPseudoHdr pseudo;
wolfSSL	11:cee25a834751	2487	int count = PSEUDO_HDR_SZ;
wolfSSL	11:cee25a834751	2488	const word16* data = (word16*)&pseudo;
wolfSSL	11:cee25a834751	2489	word32 sum = 0;
wolfSSL	11:cee25a834751	2490	word16 checksum;
wolfSSL	11:cee25a834751	2491
wolfSSL	11:cee25a834751	2492	pseudo.src = ipInfo->src;
wolfSSL	11:cee25a834751	2493	pseudo.dst = ipInfo->dst;
wolfSSL	11:cee25a834751	2494	pseudo.rsv = 0;
wolfSSL	11:cee25a834751	2495	pseudo.protocol = TCP_PROTO;
wolfSSL	11:cee25a834751	2496	pseudo.length = htons(tcpInfo->length + dataLen);
wolfSSL	11:cee25a834751	2497
wolfSSL	11:cee25a834751	2498	/* pseudo header sum */
wolfSSL	11:cee25a834751	2499	while (count >= 2) {
wolfSSL	11:cee25a834751	2500	sum += *data++;
wolfSSL	11:cee25a834751	2501	count -= 2;
wolfSSL	11:cee25a834751	2502	}
wolfSSL	11:cee25a834751	2503
wolfSSL	11:cee25a834751	2504	count = tcpInfo->length + dataLen;
wolfSSL	11:cee25a834751	2505	data = (word16*)packet;
wolfSSL	11:cee25a834751	2506
wolfSSL	11:cee25a834751	2507	/* main sum */
wolfSSL	11:cee25a834751	2508	while (count > 1) {
wolfSSL	11:cee25a834751	2509	sum += *data++;
wolfSSL	11:cee25a834751	2510	count -=2;
wolfSSL	11:cee25a834751	2511	}
wolfSSL	11:cee25a834751	2512
wolfSSL	11:cee25a834751	2513	/* get left-over, if any */
wolfSSL	11:cee25a834751	2514	packet = (byte*)data;
wolfSSL	11:cee25a834751	2515	if (count > 0) {
wolfSSL	11:cee25a834751	2516	sum += *packet;
wolfSSL	11:cee25a834751	2517	}
wolfSSL	11:cee25a834751	2518
wolfSSL	11:cee25a834751	2519	/* fold 32bit sum into 16 bits */
wolfSSL	11:cee25a834751	2520	while (sum >> 16)
wolfSSL	11:cee25a834751	2521	sum = (sum & 0xffff) + (sum >> 16);
wolfSSL	11:cee25a834751	2522
wolfSSL	11:cee25a834751	2523	checksum = (word16)~sum;
wolfSSL	11:cee25a834751	2524	/* checksum should now equal 0, since included already calcd checksum */
wolfSSL	11:cee25a834751	2525	/* field, but tcp checksum offloading could negate calculation */
wolfSSL	11:cee25a834751	2526	if (checksum == 0)
wolfSSL	11:cee25a834751	2527	return 0;
wolfSSL	11:cee25a834751	2528	return -1;
wolfSSL	11:cee25a834751	2529	}
wolfSSL	11:cee25a834751	2530	#endif
wolfSSL	11:cee25a834751	2531
wolfSSL	11:cee25a834751	2532
wolfSSL	11:cee25a834751	2533	/* Check IP and TCP headers, set payload */
wolfSSL	11:cee25a834751	2534	/* returns 0 on success, -1 on error */
wolfSSL	11:cee25a834751	2535	static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet,
wolfSSL	11:cee25a834751	2536	int length, const byte** sslFrame, int* sslBytes, char* error)
wolfSSL	11:cee25a834751	2537	{
wolfSSL	11:cee25a834751	2538	TraceHeader();
wolfSSL	11:cee25a834751	2539	TracePacket();
wolfSSL	11:cee25a834751	2540
wolfSSL	11:cee25a834751	2541	/* ip header */
wolfSSL	11:cee25a834751	2542	if (length < IP_HDR_SZ) {
wolfSSL	11:cee25a834751	2543	SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	2544	return -1;
wolfSSL	11:cee25a834751	2545	}
wolfSSL	11:cee25a834751	2546	if (CheckIpHdr((IpHdr*)packet, ipInfo, length, error) != 0)
wolfSSL	11:cee25a834751	2547	return -1;
wolfSSL	11:cee25a834751	2548
wolfSSL	11:cee25a834751	2549	/* tcp header */
wolfSSL	11:cee25a834751	2550	if (length < (ipInfo->length + TCP_HDR_SZ)) {
wolfSSL	11:cee25a834751	2551	SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	2552	return -1;
wolfSSL	11:cee25a834751	2553	}
wolfSSL	11:cee25a834751	2554	if (CheckTcpHdr((TcpHdr*)(packet + ipInfo->length), tcpInfo, error) != 0)
wolfSSL	11:cee25a834751	2555	return -1;
wolfSSL	11:cee25a834751	2556
wolfSSL	11:cee25a834751	2557	/* setup */
wolfSSL	11:cee25a834751	2558	*sslFrame = packet + ipInfo->length + tcpInfo->length;
wolfSSL	11:cee25a834751	2559	if (*sslFrame > packet + length) {
wolfSSL	11:cee25a834751	2560	SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	2561	return -1;
wolfSSL	11:cee25a834751	2562	}
wolfSSL	11:cee25a834751	2563	sslBytes = (int)(packet + length - sslFrame);
wolfSSL	11:cee25a834751	2564
wolfSSL	11:cee25a834751	2565	return 0;
wolfSSL	11:cee25a834751	2566	}
wolfSSL	11:cee25a834751	2567
wolfSSL	11:cee25a834751	2568
wolfSSL	11:cee25a834751	2569	/* Create or Find existing session */
wolfSSL	11:cee25a834751	2570	/* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL	11:cee25a834751	2571	static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
wolfSSL	11:cee25a834751	2572	SnifferSession** session, char* error)
wolfSSL	11:cee25a834751	2573	{
wolfSSL	11:cee25a834751	2574	/* create a new SnifferSession on client SYN */
wolfSSL	11:cee25a834751	2575	if (tcpInfo->syn && !tcpInfo->ack) {
wolfSSL	11:cee25a834751	2576	TraceClientSyn(tcpInfo->sequence);
wolfSSL	11:cee25a834751	2577	*session = CreateSession(ipInfo, tcpInfo, error);
wolfSSL	11:cee25a834751	2578	if (*session == NULL) {
wolfSSL	11:cee25a834751	2579	*session = GetSnifferSession(ipInfo, tcpInfo);
wolfSSL	11:cee25a834751	2580	/* already had existing, so OK */
wolfSSL	11:cee25a834751	2581	if (*session)
wolfSSL	11:cee25a834751	2582	return 1;
wolfSSL	11:cee25a834751	2583
wolfSSL	11:cee25a834751	2584	SetError(MEMORY_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	2585	return -1;
wolfSSL	11:cee25a834751	2586	}
wolfSSL	11:cee25a834751	2587	return 1;
wolfSSL	11:cee25a834751	2588	}
wolfSSL	11:cee25a834751	2589	/* get existing sniffer session */
wolfSSL	11:cee25a834751	2590	else {
wolfSSL	11:cee25a834751	2591	*session = GetSnifferSession(ipInfo, tcpInfo);
wolfSSL	11:cee25a834751	2592	if (*session == NULL) {
wolfSSL	11:cee25a834751	2593	/* don't worry about extraneous RST or duplicate FINs */
wolfSSL	11:cee25a834751	2594	if (tcpInfo->fin \|\| tcpInfo->rst)
wolfSSL	11:cee25a834751	2595	return 1;
wolfSSL	11:cee25a834751	2596	/* don't worry about duplicate ACKs either */
wolfSSL	11:cee25a834751	2597	if (sslBytes == 0 && tcpInfo->ack)
wolfSSL	11:cee25a834751	2598	return 1;
wolfSSL	11:cee25a834751	2599
wolfSSL	11:cee25a834751	2600	SetError(BAD_SESSION_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	2601	return -1;
wolfSSL	11:cee25a834751	2602	}
wolfSSL	11:cee25a834751	2603	}
wolfSSL	11:cee25a834751	2604	return 0;
wolfSSL	11:cee25a834751	2605	}
wolfSSL	11:cee25a834751	2606
wolfSSL	11:cee25a834751	2607
wolfSSL	11:cee25a834751	2608	/* Create a Packet Buffer from begin - end, adjust new begin and bytesLeft */
wolfSSL	11:cee25a834751	2609	static PacketBuffer* CreateBuffer(word32* begin, word32 end, const byte* data,
wolfSSL	11:cee25a834751	2610	int* bytesLeft)
wolfSSL	11:cee25a834751	2611	{
wolfSSL	11:cee25a834751	2612	PacketBuffer* pb;
wolfSSL	11:cee25a834751	2613
wolfSSL	11:cee25a834751	2614	int added = end - *begin + 1;
wolfSSL	11:cee25a834751	2615	assert(*begin <= end);
wolfSSL	11:cee25a834751	2616
wolfSSL	11:cee25a834751	2617	pb = (PacketBuffer*)malloc(sizeof(PacketBuffer));
wolfSSL	11:cee25a834751	2618	if (pb == NULL) return NULL;
wolfSSL	11:cee25a834751	2619
wolfSSL	11:cee25a834751	2620	pb->next = 0;
wolfSSL	11:cee25a834751	2621	pb->begin = *begin;
wolfSSL	11:cee25a834751	2622	pb->end = end;
wolfSSL	11:cee25a834751	2623	pb->data = (byte*)malloc(added);
wolfSSL	11:cee25a834751	2624
wolfSSL	11:cee25a834751	2625	if (pb->data == NULL) {
wolfSSL	11:cee25a834751	2626	free(pb);
wolfSSL	11:cee25a834751	2627	return NULL;
wolfSSL	11:cee25a834751	2628	}
wolfSSL	11:cee25a834751	2629	XMEMCPY(pb->data, data, added);
wolfSSL	11:cee25a834751	2630
wolfSSL	11:cee25a834751	2631	*bytesLeft -= added;
wolfSSL	11:cee25a834751	2632	*begin = pb->end + 1;
wolfSSL	11:cee25a834751	2633
wolfSSL	11:cee25a834751	2634	return pb;
wolfSSL	11:cee25a834751	2635	}
wolfSSL	11:cee25a834751	2636
wolfSSL	11:cee25a834751	2637
wolfSSL	11:cee25a834751	2638	/* Add sslFrame to Reassembly List */
wolfSSL	11:cee25a834751	2639	/* returns 1 (end) on success, -1, on error */
wolfSSL	11:cee25a834751	2640	static int AddToReassembly(byte from, word32 seq, const byte* sslFrame,
wolfSSL	11:cee25a834751	2641	int sslBytes, SnifferSession* session, char* error)
wolfSSL	11:cee25a834751	2642	{
wolfSSL	11:cee25a834751	2643	PacketBuffer* add;
wolfSSL	11:cee25a834751	2644	PacketBuffer** front = (from == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2645	&session->cliReassemblyList: &session->srvReassemblyList;
wolfSSL	11:cee25a834751	2646	PacketBuffer* curr = *front;
wolfSSL	11:cee25a834751	2647	PacketBuffer* prev = curr;
wolfSSL	11:cee25a834751	2648
wolfSSL	11:cee25a834751	2649	word32* reassemblyMemory = (from == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2650	&session->cliReassemblyMemory : &session->srvReassemblyMemory;
wolfSSL	11:cee25a834751	2651	word32 startSeq = seq;
wolfSSL	11:cee25a834751	2652	word32 added;
wolfSSL	11:cee25a834751	2653	int bytesLeft = sslBytes; /* could be overlapping fragment */
wolfSSL	11:cee25a834751	2654
wolfSSL	11:cee25a834751	2655	/* if list is empty add full frame to front */
wolfSSL	11:cee25a834751	2656	if (!curr) {
wolfSSL	11:cee25a834751	2657	if (MaxRecoveryMemory != -1 &&
wolfSSL	11:cee25a834751	2658	(int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
wolfSSL	11:cee25a834751	2659	SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2660	return -1;
wolfSSL	11:cee25a834751	2661	}
wolfSSL	11:cee25a834751	2662	add = CreateBuffer(&seq, seq + sslBytes - 1, sslFrame, &bytesLeft);
wolfSSL	11:cee25a834751	2663	if (add == NULL) {
wolfSSL	11:cee25a834751	2664	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2665	return -1;
wolfSSL	11:cee25a834751	2666	}
wolfSSL	11:cee25a834751	2667	*front = add;
wolfSSL	11:cee25a834751	2668	*reassemblyMemory += sslBytes;
wolfSSL	11:cee25a834751	2669	return 1;
wolfSSL	11:cee25a834751	2670	}
wolfSSL	11:cee25a834751	2671
wolfSSL	11:cee25a834751	2672	/* add to front if before current front, up to next->begin */
wolfSSL	11:cee25a834751	2673	if (seq < curr->begin) {
wolfSSL	11:cee25a834751	2674	word32 end = seq + sslBytes - 1;
wolfSSL	11:cee25a834751	2675
wolfSSL	11:cee25a834751	2676	if (end >= curr->begin)
wolfSSL	11:cee25a834751	2677	end = curr->begin - 1;
wolfSSL	11:cee25a834751	2678
wolfSSL	11:cee25a834751	2679	if (MaxRecoveryMemory -1 &&
wolfSSL	11:cee25a834751	2680	(int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) {
wolfSSL	11:cee25a834751	2681	SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2682	return -1;
wolfSSL	11:cee25a834751	2683	}
wolfSSL	11:cee25a834751	2684	add = CreateBuffer(&seq, end, sslFrame, &bytesLeft);
wolfSSL	11:cee25a834751	2685	if (add == NULL) {
wolfSSL	11:cee25a834751	2686	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2687	return -1;
wolfSSL	11:cee25a834751	2688	}
wolfSSL	11:cee25a834751	2689	add->next = curr;
wolfSSL	11:cee25a834751	2690	*front = add;
wolfSSL	11:cee25a834751	2691	*reassemblyMemory += sslBytes;
wolfSSL	11:cee25a834751	2692	}
wolfSSL	11:cee25a834751	2693
wolfSSL	11:cee25a834751	2694	/* while we have bytes left, try to find a gap to fill */
wolfSSL	11:cee25a834751	2695	while (bytesLeft > 0) {
wolfSSL	11:cee25a834751	2696	/* get previous packet in list */
wolfSSL	11:cee25a834751	2697	while (curr && (seq >= curr->begin)) {
wolfSSL	11:cee25a834751	2698	prev = curr;
wolfSSL	11:cee25a834751	2699	curr = curr->next;
wolfSSL	11:cee25a834751	2700	}
wolfSSL	11:cee25a834751	2701
wolfSSL	11:cee25a834751	2702	/* don't add duplicate data */
wolfSSL	11:cee25a834751	2703	if (prev->end >= seq) {
wolfSSL	11:cee25a834751	2704	if ( (seq + bytesLeft - 1) <= prev->end)
wolfSSL	11:cee25a834751	2705	return 1;
wolfSSL	11:cee25a834751	2706	seq = prev->end + 1;
wolfSSL	11:cee25a834751	2707	bytesLeft = startSeq + sslBytes - seq;
wolfSSL	11:cee25a834751	2708	}
wolfSSL	11:cee25a834751	2709
wolfSSL	11:cee25a834751	2710	if (!curr)
wolfSSL	11:cee25a834751	2711	/* we're at the end */
wolfSSL	11:cee25a834751	2712	added = bytesLeft;
wolfSSL	11:cee25a834751	2713	else
wolfSSL	11:cee25a834751	2714	/* we're in between two frames */
wolfSSL	11:cee25a834751	2715	added = min((word32)bytesLeft, curr->begin - seq);
wolfSSL	11:cee25a834751	2716
wolfSSL	11:cee25a834751	2717	/* data already there */
wolfSSL	11:cee25a834751	2718	if (added == 0)
wolfSSL	11:cee25a834751	2719	continue;
wolfSSL	11:cee25a834751	2720
wolfSSL	11:cee25a834751	2721	if (MaxRecoveryMemory != -1 &&
wolfSSL	11:cee25a834751	2722	(int)(*reassemblyMemory + added) > MaxRecoveryMemory) {
wolfSSL	11:cee25a834751	2723	SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2724	return -1;
wolfSSL	11:cee25a834751	2725	}
wolfSSL	11:cee25a834751	2726	add = CreateBuffer(&seq, seq + added - 1, &sslFrame[seq - startSeq],
wolfSSL	11:cee25a834751	2727	&bytesLeft);
wolfSSL	11:cee25a834751	2728	if (add == NULL) {
wolfSSL	11:cee25a834751	2729	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2730	return -1;
wolfSSL	11:cee25a834751	2731	}
wolfSSL	11:cee25a834751	2732	add->next = prev->next;
wolfSSL	11:cee25a834751	2733	prev->next = add;
wolfSSL	11:cee25a834751	2734	*reassemblyMemory += added;
wolfSSL	11:cee25a834751	2735	}
wolfSSL	11:cee25a834751	2736	return 1;
wolfSSL	11:cee25a834751	2737	}
wolfSSL	11:cee25a834751	2738
wolfSSL	11:cee25a834751	2739
wolfSSL	11:cee25a834751	2740	/* Add out of order FIN capture */
wolfSSL	11:cee25a834751	2741	/* returns 1 for success (end) */
wolfSSL	11:cee25a834751	2742	static int AddFinCapture(SnifferSession* session, word32 sequence)
wolfSSL	11:cee25a834751	2743	{
wolfSSL	11:cee25a834751	2744	if (session->flags.side == WOLFSSL_SERVER_END) {
wolfSSL	11:cee25a834751	2745	if (session->finCaputre.cliCounted == 0)
wolfSSL	11:cee25a834751	2746	session->finCaputre.cliFinSeq = sequence;
wolfSSL	11:cee25a834751	2747	}
wolfSSL	11:cee25a834751	2748	else {
wolfSSL	11:cee25a834751	2749	if (session->finCaputre.srvCounted == 0)
wolfSSL	11:cee25a834751	2750	session->finCaputre.srvFinSeq = sequence;
wolfSSL	11:cee25a834751	2751	}
wolfSSL	11:cee25a834751	2752	return 1;
wolfSSL	11:cee25a834751	2753	}
wolfSSL	11:cee25a834751	2754
wolfSSL	11:cee25a834751	2755
wolfSSL	11:cee25a834751	2756	/* Adjust incoming sequence based on side */
wolfSSL	11:cee25a834751	2757	/* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL	11:cee25a834751	2758	static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
wolfSSL	11:cee25a834751	2759	int* sslBytes, const byte** sslFrame, char* error)
wolfSSL	11:cee25a834751	2760	{
wolfSSL	11:cee25a834751	2761	word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2762	session->cliSeqStart :session->srvSeqStart;
wolfSSL	11:cee25a834751	2763	word32 real = tcpInfo->sequence - seqStart;
wolfSSL	11:cee25a834751	2764	word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2765	&session->cliExpected : &session->srvExpected;
wolfSSL	11:cee25a834751	2766	PacketBuffer* reassemblyList = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2767	session->cliReassemblyList : session->srvReassemblyList;
wolfSSL	11:cee25a834751	2768	byte skipPartial = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2769	session->flags.srvSkipPartial :
wolfSSL	11:cee25a834751	2770	session->flags.cliSkipPartial;
wolfSSL	11:cee25a834751	2771
wolfSSL	11:cee25a834751	2772	/* handle rollover of sequence */
wolfSSL	11:cee25a834751	2773	if (tcpInfo->sequence < seqStart)
wolfSSL	11:cee25a834751	2774	real = 0xffffffffU - seqStart + tcpInfo->sequence;
wolfSSL	11:cee25a834751	2775
wolfSSL	11:cee25a834751	2776	TraceRelativeSequence(*expected, real);
wolfSSL	11:cee25a834751	2777
wolfSSL	11:cee25a834751	2778	if (real < *expected) {
wolfSSL	11:cee25a834751	2779	Trace(DUPLICATE_STR);
wolfSSL	11:cee25a834751	2780	if (real + sslBytes > expected) {
wolfSSL	11:cee25a834751	2781	int overlap = *expected - real;
wolfSSL	11:cee25a834751	2782	Trace(OVERLAP_DUPLICATE_STR);
wolfSSL	11:cee25a834751	2783
wolfSSL	11:cee25a834751	2784	/* adjust to expected, remove duplicate */
wolfSSL	11:cee25a834751	2785	*sslFrame += overlap;
wolfSSL	11:cee25a834751	2786	*sslBytes -= overlap;
wolfSSL	11:cee25a834751	2787
wolfSSL	11:cee25a834751	2788	/* The following conditional block is duplicated below. It is the
wolfSSL	11:cee25a834751	2789	* same action but for a different setup case. If changing this
wolfSSL	11:cee25a834751	2790	* block be sure to also update the block below. */
wolfSSL	11:cee25a834751	2791	if (reassemblyList) {
wolfSSL	11:cee25a834751	2792	word32 newEnd = expected + sslBytes;
wolfSSL	11:cee25a834751	2793
wolfSSL	11:cee25a834751	2794	if (newEnd > reassemblyList->begin) {
wolfSSL	11:cee25a834751	2795	Trace(OVERLAP_REASSEMBLY_BEGIN_STR);
wolfSSL	11:cee25a834751	2796
wolfSSL	11:cee25a834751	2797	/* remove bytes already on reassembly list */
wolfSSL	11:cee25a834751	2798	*sslBytes -= newEnd - reassemblyList->begin;
wolfSSL	11:cee25a834751	2799	}
wolfSSL	11:cee25a834751	2800	if (newEnd > reassemblyList->end) {
wolfSSL	11:cee25a834751	2801	Trace(OVERLAP_REASSEMBLY_END_STR);
wolfSSL	11:cee25a834751	2802
wolfSSL	11:cee25a834751	2803	/* may be past reassembly list end (could have more on list)
wolfSSL	11:cee25a834751	2804	so try to add what's past the front->end */
wolfSSL	11:cee25a834751	2805	AddToReassembly(session->flags.side, reassemblyList->end +1,
wolfSSL	11:cee25a834751	2806	sslFrame + reassemblyList->end - expected + 1,
wolfSSL	11:cee25a834751	2807	newEnd - reassemblyList->end, session, error);
wolfSSL	11:cee25a834751	2808	}
wolfSSL	11:cee25a834751	2809	}
wolfSSL	11:cee25a834751	2810	}
wolfSSL	11:cee25a834751	2811	else
wolfSSL	11:cee25a834751	2812	return 1;
wolfSSL	11:cee25a834751	2813	}
wolfSSL	11:cee25a834751	2814	else if (real > *expected) {
wolfSSL	11:cee25a834751	2815	Trace(OUT_OF_ORDER_STR);
wolfSSL	11:cee25a834751	2816	if (*sslBytes > 0) {
wolfSSL	11:cee25a834751	2817	int addResult = AddToReassembly(session->flags.side, real,
wolfSSL	11:cee25a834751	2818	sslFrame, sslBytes, session, error);
wolfSSL	11:cee25a834751	2819	if (skipPartial) {
wolfSSL	11:cee25a834751	2820	*sslBytes = 0;
wolfSSL	11:cee25a834751	2821	return 0;
wolfSSL	11:cee25a834751	2822	}
wolfSSL	11:cee25a834751	2823	else
wolfSSL	11:cee25a834751	2824	return addResult;
wolfSSL	11:cee25a834751	2825	}
wolfSSL	11:cee25a834751	2826	else if (tcpInfo->fin)
wolfSSL	11:cee25a834751	2827	return AddFinCapture(session, real);
wolfSSL	11:cee25a834751	2828	}
wolfSSL	11:cee25a834751	2829	else if (*sslBytes > 0) {
wolfSSL	11:cee25a834751	2830	if (skipPartial) {
wolfSSL	11:cee25a834751	2831	AddToReassembly(session->flags.side, real,
wolfSSL	11:cee25a834751	2832	sslFrame, sslBytes, session, error);
wolfSSL	11:cee25a834751	2833	expected += sslBytes;
wolfSSL	11:cee25a834751	2834	*sslBytes = 0;
wolfSSL	11:cee25a834751	2835	if (tcpInfo->fin)
wolfSSL	11:cee25a834751	2836	*expected += 1;
wolfSSL	11:cee25a834751	2837	return 0;
wolfSSL	11:cee25a834751	2838	}
wolfSSL	11:cee25a834751	2839	/* The following conditional block is duplicated above. It is the
wolfSSL	11:cee25a834751	2840	* same action but for a different setup case. If changing this
wolfSSL	11:cee25a834751	2841	* block be sure to also update the block above. */
wolfSSL	11:cee25a834751	2842	else if (reassemblyList) {
wolfSSL	11:cee25a834751	2843	word32 newEnd = expected + sslBytes;
wolfSSL	11:cee25a834751	2844
wolfSSL	11:cee25a834751	2845	if (newEnd > reassemblyList->begin) {
wolfSSL	11:cee25a834751	2846	Trace(OVERLAP_REASSEMBLY_BEGIN_STR);
wolfSSL	11:cee25a834751	2847
wolfSSL	11:cee25a834751	2848	/* remove bytes already on reassembly list */
wolfSSL	11:cee25a834751	2849	*sslBytes -= newEnd - reassemblyList->begin;
wolfSSL	11:cee25a834751	2850	}
wolfSSL	11:cee25a834751	2851	if (newEnd > reassemblyList->end) {
wolfSSL	11:cee25a834751	2852	Trace(OVERLAP_REASSEMBLY_END_STR);
wolfSSL	11:cee25a834751	2853
wolfSSL	11:cee25a834751	2854	/* may be past reassembly list end (could have more on list)
wolfSSL	11:cee25a834751	2855	so try to add what's past the front->end */
wolfSSL	11:cee25a834751	2856	AddToReassembly(session->flags.side, reassemblyList->end +1,
wolfSSL	11:cee25a834751	2857	sslFrame + reassemblyList->end - expected + 1,
wolfSSL	11:cee25a834751	2858	newEnd - reassemblyList->end, session, error);
wolfSSL	11:cee25a834751	2859	}
wolfSSL	11:cee25a834751	2860	}
wolfSSL	11:cee25a834751	2861	}
wolfSSL	11:cee25a834751	2862	/* got expected sequence */
wolfSSL	11:cee25a834751	2863	expected += sslBytes;
wolfSSL	11:cee25a834751	2864	if (tcpInfo->fin)
wolfSSL	11:cee25a834751	2865	*expected += 1;
wolfSSL	11:cee25a834751	2866
wolfSSL	11:cee25a834751	2867	return 0;
wolfSSL	11:cee25a834751	2868	}
wolfSSL	11:cee25a834751	2869
wolfSSL	11:cee25a834751	2870
wolfSSL	11:cee25a834751	2871	static int FindNextRecordInAssembly(SnifferSession* session,
wolfSSL	11:cee25a834751	2872	const byte** sslFrame, int* sslBytes,
wolfSSL	11:cee25a834751	2873	const byte** end, char* error)
wolfSSL	11:cee25a834751	2874	{
wolfSSL	11:cee25a834751	2875	PacketBuffer** front = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2876	&session->cliReassemblyList :
wolfSSL	11:cee25a834751	2877	&session->srvReassemblyList;
wolfSSL	11:cee25a834751	2878	PacketBuffer* curr = *front;
wolfSSL	11:cee25a834751	2879	PacketBuffer* prev = NULL;
wolfSSL	11:cee25a834751	2880	byte* skipPartial = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2881	&session->flags.srvSkipPartial :
wolfSSL	11:cee25a834751	2882	&session->flags.cliSkipPartial;
wolfSSL	11:cee25a834751	2883	word32* reassemblyMemory = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2884	&session->cliReassemblyMemory :
wolfSSL	11:cee25a834751	2885	&session->srvReassemblyMemory;
wolfSSL	11:cee25a834751	2886	SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2887	session->sslServer :
wolfSSL	11:cee25a834751	2888	session->sslClient;
wolfSSL	11:cee25a834751	2889	ProtocolVersion pv = ssl->version;
wolfSSL	11:cee25a834751	2890	word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2891	&session->cliExpected :
wolfSSL	11:cee25a834751	2892	&session->srvExpected;
wolfSSL	11:cee25a834751	2893
wolfSSL	11:cee25a834751	2894	while (curr != NULL) {
wolfSSL	11:cee25a834751	2895	*expected = curr->end + 1;
wolfSSL	11:cee25a834751	2896
wolfSSL	11:cee25a834751	2897	if (curr->data[0] == application_data &&
wolfSSL	11:cee25a834751	2898	curr->data[1] == pv.major &&
wolfSSL	11:cee25a834751	2899	curr->data[2] == pv.minor) {
wolfSSL	11:cee25a834751	2900
wolfSSL	11:cee25a834751	2901	if (ssl->buffers.inputBuffer.length > 0)
wolfSSL	11:cee25a834751	2902	Trace(DROPPING_PARTIAL_RECORD);
wolfSSL	11:cee25a834751	2903
wolfSSL	11:cee25a834751	2904	*sslBytes = curr->end - curr->begin + 1;
wolfSSL	11:cee25a834751	2905	if ( (word32)*sslBytes > ssl->buffers.inputBuffer.bufferSize) {
wolfSSL	11:cee25a834751	2906	if (GrowInputBuffer(ssl, *sslBytes, 0) < 0) {
wolfSSL	11:cee25a834751	2907	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	2908	return -1;
wolfSSL	11:cee25a834751	2909	}
wolfSSL	11:cee25a834751	2910	}
wolfSSL	11:cee25a834751	2911
wolfSSL	11:cee25a834751	2912	XMEMCPY(ssl->buffers.inputBuffer.buffer, curr->data, *sslBytes);
wolfSSL	11:cee25a834751	2913
wolfSSL	11:cee25a834751	2914	*front = curr->next;
wolfSSL	11:cee25a834751	2915	reassemblyMemory -= sslBytes;
wolfSSL	11:cee25a834751	2916	FreePacketBuffer(curr);
wolfSSL	11:cee25a834751	2917
wolfSSL	11:cee25a834751	2918	ssl->buffers.inputBuffer.length = *sslBytes;
wolfSSL	11:cee25a834751	2919	*sslFrame = ssl->buffers.inputBuffer.buffer;
wolfSSL	11:cee25a834751	2920	end = sslFrame + *sslBytes;
wolfSSL	11:cee25a834751	2921	*skipPartial = 0;
wolfSSL	11:cee25a834751	2922
wolfSSL	11:cee25a834751	2923	return 0;
wolfSSL	11:cee25a834751	2924	}
wolfSSL	11:cee25a834751	2925	else if (ssl->specs.cipher_type == block) {
wolfSSL	11:cee25a834751	2926	if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes) {
wolfSSL	11:cee25a834751	2927	#ifdef BUILD_AES
wolfSSL	11:cee25a834751	2928	wc_AesSetIV(ssl->decrypt.aes,
wolfSSL	11:cee25a834751	2929	curr->data + curr->end - curr->begin
wolfSSL	11:cee25a834751	2930	- ssl->specs.block_size + 1);
wolfSSL	11:cee25a834751	2931	#endif
wolfSSL	11:cee25a834751	2932	}
wolfSSL	11:cee25a834751	2933	else if (ssl->specs.bulk_cipher_algorithm == wolfssl_triple_des) {
wolfSSL	11:cee25a834751	2934	#ifdef BUILD_DES3
wolfSSL	11:cee25a834751	2935	wc_Des3_SetIV(ssl->decrypt.des3,
wolfSSL	11:cee25a834751	2936	curr->data + curr->end - curr->begin
wolfSSL	11:cee25a834751	2937	- ssl->specs.block_size + 1);
wolfSSL	11:cee25a834751	2938	#endif
wolfSSL	11:cee25a834751	2939	}
wolfSSL	11:cee25a834751	2940	}
wolfSSL	11:cee25a834751	2941
wolfSSL	11:cee25a834751	2942	Trace(DROPPING_LOST_FRAG_STR);
wolfSSL	11:cee25a834751	2943	prev = curr;
wolfSSL	11:cee25a834751	2944	curr = curr->next;
wolfSSL	11:cee25a834751	2945	*reassemblyMemory -= (prev->end - prev->begin + 1);
wolfSSL	11:cee25a834751	2946	FreePacketBuffer(prev);
wolfSSL	11:cee25a834751	2947	}
wolfSSL	11:cee25a834751	2948
wolfSSL	11:cee25a834751	2949	*front = curr;
wolfSSL	11:cee25a834751	2950
wolfSSL	11:cee25a834751	2951	return 0;
wolfSSL	11:cee25a834751	2952	}
wolfSSL	11:cee25a834751	2953
wolfSSL	11:cee25a834751	2954
wolfSSL	11:cee25a834751	2955	static int FixSequence(TcpInfo* tcpInfo, SnifferSession* session)
wolfSSL	11:cee25a834751	2956	{
wolfSSL	11:cee25a834751	2957	word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2958	&session->srvExpected : &session->cliExpected;
wolfSSL	11:cee25a834751	2959	PacketBuffer* list = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2960	session->srvReassemblyList :
wolfSSL	11:cee25a834751	2961	session->cliReassemblyList;
wolfSSL	11:cee25a834751	2962	byte* skipPartial = (session->flags.side != WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2963	&session->flags.srvSkipPartial :
wolfSSL	11:cee25a834751	2964	&session->flags.cliSkipPartial;
wolfSSL	11:cee25a834751	2965
wolfSSL	11:cee25a834751	2966	*skipPartial = 1;
wolfSSL	11:cee25a834751	2967	if (list != NULL)
wolfSSL	11:cee25a834751	2968	*expected = list->begin;
wolfSSL	11:cee25a834751	2969	else {
wolfSSL	11:cee25a834751	2970	word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2971	session->srvSeqStart : session->cliSeqStart;
wolfSSL	11:cee25a834751	2972	word32 real = tcpInfo->ackNumber - seqStart;
wolfSSL	11:cee25a834751	2973
wolfSSL	11:cee25a834751	2974	*expected = real;
wolfSSL	11:cee25a834751	2975	}
wolfSSL	11:cee25a834751	2976
wolfSSL	11:cee25a834751	2977	return 1;
wolfSSL	11:cee25a834751	2978	}
wolfSSL	11:cee25a834751	2979
wolfSSL	11:cee25a834751	2980
wolfSSL	11:cee25a834751	2981	/* Check latest ack number for missing packets
wolfSSL	11:cee25a834751	2982	return 0 ok, <0 on error */
wolfSSL	11:cee25a834751	2983	static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session)
wolfSSL	11:cee25a834751	2984	{
wolfSSL	11:cee25a834751	2985	if (tcpInfo->ack) {
wolfSSL	11:cee25a834751	2986	word32 seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2987	session->srvSeqStart :session->cliSeqStart;
wolfSSL	11:cee25a834751	2988	word32 real = tcpInfo->ackNumber - seqStart;
wolfSSL	11:cee25a834751	2989	word32 expected = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	2990	session->srvExpected : session->cliExpected;
wolfSSL	11:cee25a834751	2991
wolfSSL	11:cee25a834751	2992	/* handle rollover of sequence */
wolfSSL	11:cee25a834751	2993	if (tcpInfo->ackNumber < seqStart)
wolfSSL	11:cee25a834751	2994	real = 0xffffffffU - seqStart + tcpInfo->ackNumber;
wolfSSL	11:cee25a834751	2995
wolfSSL	11:cee25a834751	2996	TraceAck(real, expected);
wolfSSL	11:cee25a834751	2997
wolfSSL	11:cee25a834751	2998	if (real > expected)
wolfSSL	11:cee25a834751	2999	return -1; /* we missed a packet, ACKing data we never saw */
wolfSSL	11:cee25a834751	3000	}
wolfSSL	11:cee25a834751	3001	return 0;
wolfSSL	11:cee25a834751	3002	}
wolfSSL	11:cee25a834751	3003
wolfSSL	11:cee25a834751	3004
wolfSSL	11:cee25a834751	3005	/* Check TCP Sequence status */
wolfSSL	11:cee25a834751	3006	/* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL	11:cee25a834751	3007	static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL	11:cee25a834751	3008	SnifferSession* session, int* sslBytes,
wolfSSL	11:cee25a834751	3009	const byte** sslFrame, char* error)
wolfSSL	11:cee25a834751	3010	{
wolfSSL	11:cee25a834751	3011	int actualLen;
wolfSSL	11:cee25a834751	3012	byte* ackFault = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3013	&session->flags.cliAckFault :
wolfSSL	11:cee25a834751	3014	&session->flags.srvAckFault;
wolfSSL	11:cee25a834751	3015
wolfSSL	11:cee25a834751	3016	/* init SEQ from server to client */
wolfSSL	11:cee25a834751	3017	if (tcpInfo->syn && tcpInfo->ack) {
wolfSSL	11:cee25a834751	3018	session->srvSeqStart = tcpInfo->sequence;
wolfSSL	11:cee25a834751	3019	session->srvExpected = 1;
wolfSSL	11:cee25a834751	3020	TraceServerSyn(tcpInfo->sequence);
wolfSSL	11:cee25a834751	3021	return 1;
wolfSSL	11:cee25a834751	3022	}
wolfSSL	11:cee25a834751	3023
wolfSSL	11:cee25a834751	3024	/* adjust potential ethernet trailer */
wolfSSL	11:cee25a834751	3025	actualLen = ipInfo->total - ipInfo->length - tcpInfo->length;
wolfSSL	11:cee25a834751	3026	if (*sslBytes > actualLen) {
wolfSSL	11:cee25a834751	3027	*sslBytes = actualLen;
wolfSSL	11:cee25a834751	3028	}
wolfSSL	11:cee25a834751	3029
wolfSSL	11:cee25a834751	3030	TraceSequence(tcpInfo->sequence, *sslBytes);
wolfSSL	11:cee25a834751	3031	if (CheckAck(tcpInfo, session) < 0) {
wolfSSL	11:cee25a834751	3032	if (!RecoveryEnabled) {
wolfSSL	11:cee25a834751	3033	UpdateMissedDataSessions();
wolfSSL	11:cee25a834751	3034	SetError(ACK_MISSED_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3035	return -1;
wolfSSL	11:cee25a834751	3036	}
wolfSSL	11:cee25a834751	3037	else {
wolfSSL	11:cee25a834751	3038	SetError(ACK_MISSED_STR, error, session, 0);
wolfSSL	11:cee25a834751	3039	if (*ackFault == 0) {
wolfSSL	11:cee25a834751	3040	*ackFault = 1;
wolfSSL	11:cee25a834751	3041	UpdateMissedDataSessions();
wolfSSL	11:cee25a834751	3042	}
wolfSSL	11:cee25a834751	3043	return FixSequence(tcpInfo, session);
wolfSSL	11:cee25a834751	3044	}
wolfSSL	11:cee25a834751	3045	}
wolfSSL	11:cee25a834751	3046
wolfSSL	11:cee25a834751	3047	if (*ackFault) {
wolfSSL	11:cee25a834751	3048	Trace(CLEAR_ACK_FAULT);
wolfSSL	11:cee25a834751	3049	*ackFault = 0;
wolfSSL	11:cee25a834751	3050	}
wolfSSL	11:cee25a834751	3051
wolfSSL	11:cee25a834751	3052	return AdjustSequence(tcpInfo, session, sslBytes, sslFrame, error);
wolfSSL	11:cee25a834751	3053	}
wolfSSL	11:cee25a834751	3054
wolfSSL	11:cee25a834751	3055
wolfSSL	11:cee25a834751	3056	/* Check Status before record processing */
wolfSSL	11:cee25a834751	3057	/* returns 0 on success (continue), -1 on error, 1 on success (end) */
wolfSSL	11:cee25a834751	3058	static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL	11:cee25a834751	3059	const byte sslFrame, SnifferSession session,
wolfSSL	11:cee25a834751	3060	int* sslBytes, const byte** end, char* error)
wolfSSL	11:cee25a834751	3061	{
wolfSSL	11:cee25a834751	3062	word32 length;
wolfSSL	11:cee25a834751	3063	SSL* ssl = ((*session)->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3064	(session)->sslServer : (session)->sslClient;
wolfSSL	11:cee25a834751	3065	byte skipPartial = ((*session)->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3066	(*session)->flags.srvSkipPartial :
wolfSSL	11:cee25a834751	3067	(*session)->flags.cliSkipPartial;
wolfSSL	11:cee25a834751	3068	/* remove SnifferSession on 2nd FIN or RST */
wolfSSL	11:cee25a834751	3069	if (tcpInfo->fin \|\| tcpInfo->rst) {
wolfSSL	11:cee25a834751	3070	/* flag FIN and RST */
wolfSSL	11:cee25a834751	3071	if (tcpInfo->fin)
wolfSSL	11:cee25a834751	3072	(*session)->flags.finCount += 1;
wolfSSL	11:cee25a834751	3073	else if (tcpInfo->rst)
wolfSSL	11:cee25a834751	3074	(*session)->flags.finCount += 2;
wolfSSL	11:cee25a834751	3075
wolfSSL	11:cee25a834751	3076	if ((*session)->flags.finCount >= 2) {
wolfSSL	11:cee25a834751	3077	RemoveSession(*session, ipInfo, tcpInfo, 0);
wolfSSL	11:cee25a834751	3078	*session = NULL;
wolfSSL	11:cee25a834751	3079	return 1;
wolfSSL	11:cee25a834751	3080	}
wolfSSL	11:cee25a834751	3081	}
wolfSSL	11:cee25a834751	3082
wolfSSL	11:cee25a834751	3083	if ((*session)->flags.fatalError == FATAL_ERROR_STATE) {
wolfSSL	11:cee25a834751	3084	SetError(FATAL_ERROR_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	3085	return -1;
wolfSSL	11:cee25a834751	3086	}
wolfSSL	11:cee25a834751	3087
wolfSSL	11:cee25a834751	3088	if (skipPartial) {
wolfSSL	11:cee25a834751	3089	if (FindNextRecordInAssembly(*session,
wolfSSL	11:cee25a834751	3090	sslFrame, sslBytes, end, error) < 0) {
wolfSSL	11:cee25a834751	3091	return -1;
wolfSSL	11:cee25a834751	3092	}
wolfSSL	11:cee25a834751	3093	}
wolfSSL	11:cee25a834751	3094
wolfSSL	11:cee25a834751	3095	if (*sslBytes == 0) {
wolfSSL	11:cee25a834751	3096	Trace(NO_DATA_STR);
wolfSSL	11:cee25a834751	3097	return 1;
wolfSSL	11:cee25a834751	3098	}
wolfSSL	11:cee25a834751	3099
wolfSSL	11:cee25a834751	3100	/* if current partial data, add to end of partial */
wolfSSL	11:cee25a834751	3101	/* if skipping, the data is already at the end of partial */
wolfSSL	11:cee25a834751	3102	if ( !skipPartial &&
wolfSSL	11:cee25a834751	3103	(length = ssl->buffers.inputBuffer.length) ) {
wolfSSL	11:cee25a834751	3104	Trace(PARTIAL_ADD_STR);
wolfSSL	11:cee25a834751	3105
wolfSSL	11:cee25a834751	3106	if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
wolfSSL	11:cee25a834751	3107	if (GrowInputBuffer(ssl, *sslBytes, length) < 0) {
wolfSSL	11:cee25a834751	3108	SetError(MEMORY_STR, error, *session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3109	return -1;
wolfSSL	11:cee25a834751	3110	}
wolfSSL	11:cee25a834751	3111	}
wolfSSL	11:cee25a834751	3112	XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], sslFrame, sslBytes);
wolfSSL	11:cee25a834751	3113	*sslBytes += length;
wolfSSL	11:cee25a834751	3114	ssl->buffers.inputBuffer.length = *sslBytes;
wolfSSL	11:cee25a834751	3115	*sslFrame = ssl->buffers.inputBuffer.buffer;
wolfSSL	11:cee25a834751	3116	end = sslFrame + *sslBytes;
wolfSSL	11:cee25a834751	3117	}
wolfSSL	11:cee25a834751	3118
wolfSSL	11:cee25a834751	3119	if ((session)->flags.clientHello == 0 && *sslFrame != handshake) {
wolfSSL	11:cee25a834751	3120	/* Sanity check the packet for an old style client hello. */
wolfSSL	11:cee25a834751	3121	int rhSize = (((sslFrame)[0] & 0x7f) << 8) \| ((sslFrame)[1]);
wolfSSL	11:cee25a834751	3122
wolfSSL	11:cee25a834751	3123	if ((rhSize <= (*sslBytes - 2)) &&
wolfSSL	11:cee25a834751	3124	(sslFrame)[2] == OLD_HELLO_ID && (sslFrame)[3] == SSLv3_MAJOR) {
wolfSSL	11:cee25a834751	3125	#ifdef OLD_HELLO_ALLOWED
wolfSSL	11:cee25a834751	3126	int ret = DoOldHello(session, sslFrame, &rhSize, sslBytes, error);
wolfSSL	11:cee25a834751	3127	if (ret < 0)
wolfSSL	11:cee25a834751	3128	return -1; /* error already set */
wolfSSL	11:cee25a834751	3129	if (*sslBytes <= 0)
wolfSSL	11:cee25a834751	3130	return 1;
wolfSSL	11:cee25a834751	3131	#endif
wolfSSL	11:cee25a834751	3132	}
wolfSSL	11:cee25a834751	3133	else {
wolfSSL	11:cee25a834751	3134	#ifdef STARTTLS_ALLOWED
wolfSSL	11:cee25a834751	3135	return 1;
wolfSSL	11:cee25a834751	3136	#endif
wolfSSL	11:cee25a834751	3137	}
wolfSSL	11:cee25a834751	3138	}
wolfSSL	11:cee25a834751	3139
wolfSSL	11:cee25a834751	3140	return 0;
wolfSSL	11:cee25a834751	3141	}
wolfSSL	11:cee25a834751	3142
wolfSSL	11:cee25a834751	3143
wolfSSL	11:cee25a834751	3144	/* See if input on the reassembly list is ready for consuming */
wolfSSL	11:cee25a834751	3145	/* returns 1 for TRUE, 0 for FALSE */
wolfSSL	11:cee25a834751	3146	static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
wolfSSL	11:cee25a834751	3147	int* sslBytes, const byte** end, char* error)
wolfSSL	11:cee25a834751	3148	{
wolfSSL	11:cee25a834751	3149	/* sequence and reassembly based on from, not to */
wolfSSL	11:cee25a834751	3150	int moreInput = 0;
wolfSSL	11:cee25a834751	3151	PacketBuffer** front = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3152	&session->cliReassemblyList : &session->srvReassemblyList;
wolfSSL	11:cee25a834751	3153	word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3154	&session->cliExpected : &session->srvExpected;
wolfSSL	11:cee25a834751	3155	/* buffer is on receiving end */
wolfSSL	11:cee25a834751	3156	word32* length = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3157	&session->sslServer->buffers.inputBuffer.length :
wolfSSL	11:cee25a834751	3158	&session->sslClient->buffers.inputBuffer.length;
wolfSSL	11:cee25a834751	3159	byte** myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3160	&session->sslServer->buffers.inputBuffer.buffer :
wolfSSL	11:cee25a834751	3161	&session->sslClient->buffers.inputBuffer.buffer;
wolfSSL	11:cee25a834751	3162	word32* bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3163	&session->sslServer->buffers.inputBuffer.bufferSize :
wolfSSL	11:cee25a834751	3164	&session->sslClient->buffers.inputBuffer.bufferSize;
wolfSSL	11:cee25a834751	3165	SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3166	session->sslServer : session->sslClient;
wolfSSL	11:cee25a834751	3167	word32* reassemblyMemory = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3168	&session->cliReassemblyMemory : &session->srvReassemblyMemory;
wolfSSL	11:cee25a834751	3169
wolfSSL	11:cee25a834751	3170	while (front && ((front)->begin == *expected) ) {
wolfSSL	11:cee25a834751	3171	word32 room = bufferSize - length;
wolfSSL	11:cee25a834751	3172	word32 packetLen = (front)->end - (front)->begin + 1;
wolfSSL	11:cee25a834751	3173
wolfSSL	11:cee25a834751	3174	if (packetLen > room && *bufferSize < MAX_INPUT_SZ) {
wolfSSL	11:cee25a834751	3175	if (GrowInputBuffer(ssl, packetLen, *length) < 0) {
wolfSSL	11:cee25a834751	3176	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3177	return 0;
wolfSSL	11:cee25a834751	3178	}
wolfSSL	11:cee25a834751	3179	room = bufferSize - length; /* bufferSize is now bigger */
wolfSSL	11:cee25a834751	3180	}
wolfSSL	11:cee25a834751	3181
wolfSSL	11:cee25a834751	3182	if (packetLen <= room) {
wolfSSL	11:cee25a834751	3183	PacketBuffer* del = *front;
wolfSSL	11:cee25a834751	3184	byte* buf = *myBuffer;
wolfSSL	11:cee25a834751	3185
wolfSSL	11:cee25a834751	3186	XMEMCPY(&buf[length], (front)->data, packetLen);
wolfSSL	11:cee25a834751	3187	*length += packetLen;
wolfSSL	11:cee25a834751	3188	*expected += packetLen;
wolfSSL	11:cee25a834751	3189
wolfSSL	11:cee25a834751	3190	/* remove used packet */
wolfSSL	11:cee25a834751	3191	front = (front)->next;
wolfSSL	11:cee25a834751	3192
wolfSSL	11:cee25a834751	3193	*reassemblyMemory -= packetLen;
wolfSSL	11:cee25a834751	3194	FreePacketBuffer(del);
wolfSSL	11:cee25a834751	3195
wolfSSL	11:cee25a834751	3196	moreInput = 1;
wolfSSL	11:cee25a834751	3197	}
wolfSSL	11:cee25a834751	3198	else
wolfSSL	11:cee25a834751	3199	break;
wolfSSL	11:cee25a834751	3200	}
wolfSSL	11:cee25a834751	3201	if (moreInput) {
wolfSSL	11:cee25a834751	3202	sslFrame = myBuffer;
wolfSSL	11:cee25a834751	3203	sslBytes = length;
wolfSSL	11:cee25a834751	3204	end = myBuffer + *length;
wolfSSL	11:cee25a834751	3205	}
wolfSSL	11:cee25a834751	3206	return moreInput;
wolfSSL	11:cee25a834751	3207	}
wolfSSL	11:cee25a834751	3208
wolfSSL	11:cee25a834751	3209
wolfSSL	11:cee25a834751	3210
wolfSSL	11:cee25a834751	3211	/* Process Message(s) from sslFrame */
wolfSSL	11:cee25a834751	3212	/* return Number of bytes on success, 0 for no data yet, and -1 on error */
wolfSSL	11:cee25a834751	3213	static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
wolfSSL	11:cee25a834751	3214	int sslBytes, byte** data, const byte* end,
wolfSSL	11:cee25a834751	3215	char* error)
wolfSSL	11:cee25a834751	3216	{
wolfSSL	11:cee25a834751	3217	const byte* sslBegin = sslFrame;
wolfSSL	11:cee25a834751	3218	const byte* recordEnd; /* end of record indicator */
wolfSSL	11:cee25a834751	3219	const byte* inRecordEnd; /* indicator from input stream not decrypt */
wolfSSL	11:cee25a834751	3220	RecordLayerHeader rh;
wolfSSL	11:cee25a834751	3221	int rhSize = 0;
wolfSSL	11:cee25a834751	3222	int ret;
wolfSSL	11:cee25a834751	3223	int errCode = 0;
wolfSSL	11:cee25a834751	3224	int decoded = 0; /* bytes stored for user in data */
wolfSSL	11:cee25a834751	3225	int notEnough; /* notEnough bytes yet flag */
wolfSSL	11:cee25a834751	3226	int decrypted = 0; /* was current msg decrypted */
wolfSSL	11:cee25a834751	3227	SSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
wolfSSL	11:cee25a834751	3228	session->sslServer : session->sslClient;
wolfSSL	11:cee25a834751	3229	doMessage:
wolfSSL	11:cee25a834751	3230	notEnough = 0;
wolfSSL	11:cee25a834751	3231	if (sslBytes < 0) {
wolfSSL	11:cee25a834751	3232	SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3233	return -1;
wolfSSL	11:cee25a834751	3234	}
wolfSSL	11:cee25a834751	3235	if (sslBytes >= RECORD_HEADER_SZ) {
wolfSSL	11:cee25a834751	3236	if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
wolfSSL	11:cee25a834751	3237	SetError(BAD_RECORD_HDR_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3238	return -1;
wolfSSL	11:cee25a834751	3239	}
wolfSSL	11:cee25a834751	3240	}
wolfSSL	11:cee25a834751	3241	else
wolfSSL	11:cee25a834751	3242	notEnough = 1;
wolfSSL	11:cee25a834751	3243
wolfSSL	11:cee25a834751	3244	if (notEnough \|\| rhSize > (sslBytes - RECORD_HEADER_SZ)) {
wolfSSL	11:cee25a834751	3245	/* don't have enough input yet to process full SSL record */
wolfSSL	11:cee25a834751	3246	Trace(PARTIAL_INPUT_STR);
wolfSSL	11:cee25a834751	3247
wolfSSL	11:cee25a834751	3248	/* store partial if not there already or we advanced */
wolfSSL	11:cee25a834751	3249	if (ssl->buffers.inputBuffer.length == 0 \|\| sslBegin != sslFrame) {
wolfSSL	11:cee25a834751	3250	if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) {
wolfSSL	11:cee25a834751	3251	if (GrowInputBuffer(ssl, sslBytes, 0) < 0) {
wolfSSL	11:cee25a834751	3252	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3253	return -1;
wolfSSL	11:cee25a834751	3254	}
wolfSSL	11:cee25a834751	3255	}
wolfSSL	11:cee25a834751	3256	XMEMMOVE(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes);
wolfSSL	11:cee25a834751	3257	ssl->buffers.inputBuffer.length = sslBytes;
wolfSSL	11:cee25a834751	3258	}
wolfSSL	11:cee25a834751	3259	if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))
wolfSSL	11:cee25a834751	3260	goto doMessage;
wolfSSL	11:cee25a834751	3261	return decoded;
wolfSSL	11:cee25a834751	3262	}
wolfSSL	11:cee25a834751	3263	sslFrame += RECORD_HEADER_SZ;
wolfSSL	11:cee25a834751	3264	sslBytes -= RECORD_HEADER_SZ;
wolfSSL	11:cee25a834751	3265	recordEnd = sslFrame + rhSize; /* may have more than one record */
wolfSSL	11:cee25a834751	3266	inRecordEnd = recordEnd;
wolfSSL	11:cee25a834751	3267
wolfSSL	11:cee25a834751	3268	/* decrypt if needed */
wolfSSL	11:cee25a834751	3269	if ((session->flags.side == WOLFSSL_SERVER_END &&
wolfSSL	11:cee25a834751	3270	session->flags.serverCipherOn)
wolfSSL	11:cee25a834751	3271	\|\| (session->flags.side == WOLFSSL_CLIENT_END &&
wolfSSL	11:cee25a834751	3272	session->flags.clientCipherOn)) {
wolfSSL	11:cee25a834751	3273	int ivAdvance = 0; /* TLSv1.1 advance amount */
wolfSSL	11:cee25a834751	3274	if (ssl->decrypt.setup != 1) {
wolfSSL	11:cee25a834751	3275	SetError(DECRYPT_KEYS_NOT_SETUP, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3276	return -1;
wolfSSL	11:cee25a834751	3277	}
wolfSSL	11:cee25a834751	3278	if (CheckAvailableSize(ssl, rhSize) < 0) {
wolfSSL	11:cee25a834751	3279	SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3280	return -1;
wolfSSL	11:cee25a834751	3281	}
wolfSSL	11:cee25a834751	3282	sslFrame = DecryptMessage(ssl, sslFrame, rhSize,
wolfSSL	11:cee25a834751	3283	ssl->buffers.outputBuffer.buffer, &errCode,
wolfSSL	11:cee25a834751	3284	&ivAdvance);
wolfSSL	11:cee25a834751	3285	recordEnd = sslFrame - ivAdvance + rhSize; /* sslFrame moved so
wolfSSL	11:cee25a834751	3286	should recordEnd */
wolfSSL	11:cee25a834751	3287	decrypted = 1;
wolfSSL	11:cee25a834751	3288	if (errCode != 0) {
wolfSSL	11:cee25a834751	3289	SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3290	return -1;
wolfSSL	11:cee25a834751	3291	}
wolfSSL	11:cee25a834751	3292	}
wolfSSL	11:cee25a834751	3293
wolfSSL	11:cee25a834751	3294	doPart:
wolfSSL	11:cee25a834751	3295
wolfSSL	11:cee25a834751	3296	switch ((enum ContentType)rh.type) {
wolfSSL	11:cee25a834751	3297	case handshake:
wolfSSL	11:cee25a834751	3298	{
wolfSSL	11:cee25a834751	3299	int startIdx = sslBytes;
wolfSSL	11:cee25a834751	3300	int used;
wolfSSL	11:cee25a834751	3301
wolfSSL	11:cee25a834751	3302	Trace(GOT_HANDSHAKE_STR);
wolfSSL	11:cee25a834751	3303	ret = DoHandShake(sslFrame, &sslBytes, session, error);
wolfSSL	11:cee25a834751	3304	if (ret != 0) {
wolfSSL	11:cee25a834751	3305	if (session->flags.fatalError == 0)
wolfSSL	11:cee25a834751	3306	SetError(BAD_HANDSHAKE_STR, error, session,
wolfSSL	11:cee25a834751	3307	FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3308	return -1;
wolfSSL	11:cee25a834751	3309	}
wolfSSL	11:cee25a834751	3310
wolfSSL	11:cee25a834751	3311	/* DoHandShake now fully decrements sslBytes to remaining */
wolfSSL	11:cee25a834751	3312	used = startIdx - sslBytes;
wolfSSL	11:cee25a834751	3313	sslFrame += used;
wolfSSL	11:cee25a834751	3314	if (decrypted)
wolfSSL	11:cee25a834751	3315	sslFrame += ssl->keys.padSz;
wolfSSL	11:cee25a834751	3316	}
wolfSSL	11:cee25a834751	3317	break;
wolfSSL	11:cee25a834751	3318	case change_cipher_spec:
wolfSSL	11:cee25a834751	3319	if (session->flags.side == WOLFSSL_SERVER_END)
wolfSSL	11:cee25a834751	3320	session->flags.serverCipherOn = 1;
wolfSSL	11:cee25a834751	3321	else
wolfSSL	11:cee25a834751	3322	session->flags.clientCipherOn = 1;
wolfSSL	11:cee25a834751	3323	Trace(GOT_CHANGE_CIPHER_STR);
wolfSSL	11:cee25a834751	3324	ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL	11:cee25a834751	3325	ssl->options.handShakeDone = 1;
wolfSSL	11:cee25a834751	3326
wolfSSL	11:cee25a834751	3327	sslFrame += 1;
wolfSSL	11:cee25a834751	3328	sslBytes -= 1;
wolfSSL	11:cee25a834751	3329
wolfSSL	11:cee25a834751	3330	break;
wolfSSL	11:cee25a834751	3331	case application_data:
wolfSSL	11:cee25a834751	3332	Trace(GOT_APP_DATA_STR);
wolfSSL	11:cee25a834751	3333	{
wolfSSL	11:cee25a834751	3334	word32 inOutIdx = 0;
wolfSSL	11:cee25a834751	3335
wolfSSL	11:cee25a834751	3336	ret = DoApplicationData(ssl, (byte*)sslFrame, &inOutIdx);
wolfSSL	11:cee25a834751	3337	if (ret == 0) {
wolfSSL	11:cee25a834751	3338	ret = ssl->buffers.clearOutputBuffer.length;
wolfSSL	11:cee25a834751	3339	TraceGotData(ret);
wolfSSL	11:cee25a834751	3340	if (ret) { /* may be blank message */
wolfSSL	11:cee25a834751	3341	byte* tmpData; /* don't leak on realloc free */
wolfSSL	11:cee25a834751	3342	/* add an extra byte at end of allocation in case user
wolfSSL	11:cee25a834751	3343	* wants to null terminate plaintext */
wolfSSL	11:cee25a834751	3344	tmpData = (byte)realloc(data, decoded + ret + 1);
wolfSSL	11:cee25a834751	3345	if (tmpData == NULL) {
wolfSSL	11:cee25a834751	3346	ForceZero(*data, decoded);
wolfSSL	11:cee25a834751	3347	free(*data);
wolfSSL	11:cee25a834751	3348	*data = NULL;
wolfSSL	11:cee25a834751	3349	SetError(MEMORY_STR, error, session,
wolfSSL	11:cee25a834751	3350	FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3351	return -1;
wolfSSL	11:cee25a834751	3352	}
wolfSSL	11:cee25a834751	3353	*data = tmpData;
wolfSSL	11:cee25a834751	3354	XMEMCPY(*data + decoded,
wolfSSL	11:cee25a834751	3355	ssl->buffers.clearOutputBuffer.buffer, ret);
wolfSSL	11:cee25a834751	3356	TraceAddedData(ret, decoded);
wolfSSL	11:cee25a834751	3357	decoded += ret;
wolfSSL	11:cee25a834751	3358	ssl->buffers.clearOutputBuffer.length = 0;
wolfSSL	11:cee25a834751	3359	}
wolfSSL	11:cee25a834751	3360	}
wolfSSL	11:cee25a834751	3361	else {
wolfSSL	11:cee25a834751	3362	SetError(BAD_APP_DATA_STR, error,session,FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3363	return -1;
wolfSSL	11:cee25a834751	3364	}
wolfSSL	11:cee25a834751	3365	if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL	11:cee25a834751	3366	ShrinkOutputBuffer(ssl);
wolfSSL	11:cee25a834751	3367
wolfSSL	11:cee25a834751	3368	sslFrame += inOutIdx;
wolfSSL	11:cee25a834751	3369	sslBytes -= inOutIdx;
wolfSSL	11:cee25a834751	3370	}
wolfSSL	11:cee25a834751	3371	break;
wolfSSL	11:cee25a834751	3372	case alert:
wolfSSL	11:cee25a834751	3373	Trace(GOT_ALERT_STR);
wolfSSL	11:cee25a834751	3374	sslFrame += rhSize;
wolfSSL	11:cee25a834751	3375	sslBytes -= rhSize;
wolfSSL	11:cee25a834751	3376	break;
wolfSSL	11:cee25a834751	3377	case no_type:
wolfSSL	11:cee25a834751	3378	default:
wolfSSL	11:cee25a834751	3379	SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE);
wolfSSL	11:cee25a834751	3380	return -1;
wolfSSL	11:cee25a834751	3381	}
wolfSSL	11:cee25a834751	3382
wolfSSL	11:cee25a834751	3383	/* do we have another msg in record ? */
wolfSSL	11:cee25a834751	3384	if (sslFrame < recordEnd) {
wolfSSL	11:cee25a834751	3385	Trace(ANOTHER_MSG_STR);
wolfSSL	11:cee25a834751	3386	goto doPart;
wolfSSL	11:cee25a834751	3387	}
wolfSSL	11:cee25a834751	3388
wolfSSL	11:cee25a834751	3389	/* back to input stream instead of potential decrypt buffer */
wolfSSL	11:cee25a834751	3390	recordEnd = inRecordEnd;
wolfSSL	11:cee25a834751	3391
wolfSSL	11:cee25a834751	3392	/* do we have more records ? */
wolfSSL	11:cee25a834751	3393	if (recordEnd < end) {
wolfSSL	11:cee25a834751	3394	Trace(ANOTHER_MSG_STR);
wolfSSL	11:cee25a834751	3395	sslFrame = recordEnd;
wolfSSL	11:cee25a834751	3396	sslBytes = (int)(end - recordEnd);
wolfSSL	11:cee25a834751	3397	goto doMessage;
wolfSSL	11:cee25a834751	3398	}
wolfSSL	11:cee25a834751	3399
wolfSSL	11:cee25a834751	3400	/* clear used input */
wolfSSL	11:cee25a834751	3401	ssl->buffers.inputBuffer.length = 0;
wolfSSL	11:cee25a834751	3402
wolfSSL	11:cee25a834751	3403	/* could have more input ready now */
wolfSSL	11:cee25a834751	3404	if (HaveMoreInput(session, &sslFrame, &sslBytes, &end, error))
wolfSSL	11:cee25a834751	3405	goto doMessage;
wolfSSL	11:cee25a834751	3406
wolfSSL	11:cee25a834751	3407	if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL	11:cee25a834751	3408	ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL	11:cee25a834751	3409
wolfSSL	11:cee25a834751	3410	return decoded;
wolfSSL	11:cee25a834751	3411	}
wolfSSL	11:cee25a834751	3412
wolfSSL	11:cee25a834751	3413
wolfSSL	11:cee25a834751	3414	/* See if we need to process any pending FIN captures */
wolfSSL	11:cee25a834751	3415	static void CheckFinCapture(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL	11:cee25a834751	3416	SnifferSession* session)
wolfSSL	11:cee25a834751	3417	{
wolfSSL	11:cee25a834751	3418	if (session->finCaputre.cliFinSeq && session->finCaputre.cliFinSeq <=
wolfSSL	11:cee25a834751	3419	session->cliExpected) {
wolfSSL	11:cee25a834751	3420	if (session->finCaputre.cliCounted == 0) {
wolfSSL	11:cee25a834751	3421	session->flags.finCount += 1;
wolfSSL	11:cee25a834751	3422	session->finCaputre.cliCounted = 1;
wolfSSL	11:cee25a834751	3423	TraceClientFin(session->finCaputre.cliFinSeq, session->cliExpected);
wolfSSL	11:cee25a834751	3424	}
wolfSSL	11:cee25a834751	3425	}
wolfSSL	11:cee25a834751	3426
wolfSSL	11:cee25a834751	3427	if (session->finCaputre.srvFinSeq && session->finCaputre.srvFinSeq <=
wolfSSL	11:cee25a834751	3428	session->srvExpected) {
wolfSSL	11:cee25a834751	3429	if (session->finCaputre.srvCounted == 0) {
wolfSSL	11:cee25a834751	3430	session->flags.finCount += 1;
wolfSSL	11:cee25a834751	3431	session->finCaputre.srvCounted = 1;
wolfSSL	11:cee25a834751	3432	TraceServerFin(session->finCaputre.srvFinSeq, session->srvExpected);
wolfSSL	11:cee25a834751	3433	}
wolfSSL	11:cee25a834751	3434	}
wolfSSL	11:cee25a834751	3435
wolfSSL	11:cee25a834751	3436	if (session->flags.finCount >= 2)
wolfSSL	11:cee25a834751	3437	RemoveSession(session, ipInfo, tcpInfo, 0);
wolfSSL	11:cee25a834751	3438	}
wolfSSL	11:cee25a834751	3439
wolfSSL	11:cee25a834751	3440
wolfSSL	11:cee25a834751	3441	/* If session is in fatal error state free resources now
wolfSSL	11:cee25a834751	3442	return true if removed, 0 otherwise */
wolfSSL	11:cee25a834751	3443	static int RemoveFatalSession(IpInfo* ipInfo, TcpInfo* tcpInfo,
wolfSSL	11:cee25a834751	3444	SnifferSession* session, char* error)
wolfSSL	11:cee25a834751	3445	{
wolfSSL	11:cee25a834751	3446	if (session && session->flags.fatalError == FATAL_ERROR_STATE) {
wolfSSL	11:cee25a834751	3447	RemoveSession(session, ipInfo, tcpInfo, 0);
wolfSSL	11:cee25a834751	3448	SetError(FATAL_ERROR_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	3449	return 1;
wolfSSL	11:cee25a834751	3450	}
wolfSSL	11:cee25a834751	3451	return 0;
wolfSSL	11:cee25a834751	3452	}
wolfSSL	11:cee25a834751	3453
wolfSSL	11:cee25a834751	3454
wolfSSL	11:cee25a834751	3455	/* Passes in an IP/TCP packet for decoding (ethernet/localhost frame) removed */
wolfSSL	11:cee25a834751	3456	/* returns Number of bytes on success, 0 for no data yet, and -1 on error */
wolfSSL	11:cee25a834751	3457	int ssl_DecodePacket(const byte* packet, int length, byte** data, char* error)
wolfSSL	11:cee25a834751	3458	{
wolfSSL	11:cee25a834751	3459	TcpInfo tcpInfo;
wolfSSL	11:cee25a834751	3460	IpInfo ipInfo;
wolfSSL	11:cee25a834751	3461	const byte* sslFrame;
wolfSSL	11:cee25a834751	3462	const byte* end = packet + length;
wolfSSL	11:cee25a834751	3463	int sslBytes; /* ssl bytes unconsumed */
wolfSSL	11:cee25a834751	3464	int ret;
wolfSSL	11:cee25a834751	3465	SnifferSession* session = 0;
wolfSSL	11:cee25a834751	3466
wolfSSL	11:cee25a834751	3467	if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes,
wolfSSL	11:cee25a834751	3468	error) != 0)
wolfSSL	11:cee25a834751	3469	return -1;
wolfSSL	11:cee25a834751	3470
wolfSSL	11:cee25a834751	3471	ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error);
wolfSSL	11:cee25a834751	3472	if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL	11:cee25a834751	3473	else if (ret == -1) return -1;
wolfSSL	11:cee25a834751	3474	else if (ret == 1) return 0; /* done for now */
wolfSSL	11:cee25a834751	3475
wolfSSL	11:cee25a834751	3476	ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error);
wolfSSL	11:cee25a834751	3477	if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL	11:cee25a834751	3478	else if (ret == -1) return -1;
wolfSSL	11:cee25a834751	3479	else if (ret == 1) return 0; /* done for now */
wolfSSL	11:cee25a834751	3480
wolfSSL	11:cee25a834751	3481	ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes,
wolfSSL	11:cee25a834751	3482	&end, error);
wolfSSL	11:cee25a834751	3483	if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL	11:cee25a834751	3484	else if (ret == -1) return -1;
wolfSSL	11:cee25a834751	3485	else if (ret == 1) return 0; /* done for now */
wolfSSL	11:cee25a834751	3486
wolfSSL	11:cee25a834751	3487	ret = ProcessMessage(sslFrame, session, sslBytes, data, end, error);
wolfSSL	11:cee25a834751	3488	if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) return -1;
wolfSSL	11:cee25a834751	3489	CheckFinCapture(&ipInfo, &tcpInfo, session);
wolfSSL	11:cee25a834751	3490	return ret;
wolfSSL	11:cee25a834751	3491	}
wolfSSL	11:cee25a834751	3492
wolfSSL	11:cee25a834751	3493
wolfSSL	11:cee25a834751	3494	/* Deallocator for the decoded data buffer. */
wolfSSL	11:cee25a834751	3495	/* returns 0 on success, -1 on error */
wolfSSL	11:cee25a834751	3496	int ssl_FreeDecodeBuffer(byte** data, char* error)
wolfSSL	11:cee25a834751	3497	{
wolfSSL	11:cee25a834751	3498	return ssl_FreeZeroDecodeBuffer(data, 0, error);
wolfSSL	11:cee25a834751	3499	}
wolfSSL	11:cee25a834751	3500
wolfSSL	11:cee25a834751	3501
wolfSSL	11:cee25a834751	3502	/* Deallocator for the decoded data buffer, zeros out buffer. */
wolfSSL	11:cee25a834751	3503	/* returns 0 on success, -1 on error */
wolfSSL	11:cee25a834751	3504	int ssl_FreeZeroDecodeBuffer(byte** data, int sz, char* error)
wolfSSL	11:cee25a834751	3505	{
wolfSSL	11:cee25a834751	3506	(void)error;
wolfSSL	11:cee25a834751	3507
wolfSSL	11:cee25a834751	3508	if (sz < 0) {
wolfSSL	11:cee25a834751	3509	return -1;
wolfSSL	11:cee25a834751	3510	}
wolfSSL	11:cee25a834751	3511
wolfSSL	11:cee25a834751	3512	if (data != NULL) {
wolfSSL	11:cee25a834751	3513	ForceZero(*data, (word32)sz);
wolfSSL	11:cee25a834751	3514	free(*data);
wolfSSL	11:cee25a834751	3515	*data = NULL;
wolfSSL	11:cee25a834751	3516	}
wolfSSL	11:cee25a834751	3517
wolfSSL	11:cee25a834751	3518	return 0;
wolfSSL	11:cee25a834751	3519	}
wolfSSL	11:cee25a834751	3520
wolfSSL	11:cee25a834751	3521
wolfSSL	11:cee25a834751	3522	/* Enables (if traceFile)/ Disables debug tracing */
wolfSSL	11:cee25a834751	3523	/* returns 0 on success, -1 on error */
wolfSSL	11:cee25a834751	3524	int ssl_Trace(const char* traceFile, char* error)
wolfSSL	11:cee25a834751	3525	{
wolfSSL	11:cee25a834751	3526	if (traceFile) {
wolfSSL	11:cee25a834751	3527	TraceFile = fopen(traceFile, "a");
wolfSSL	11:cee25a834751	3528	if (!TraceFile) {
wolfSSL	11:cee25a834751	3529	SetError(BAD_TRACE_FILE_STR, error, NULL, 0);
wolfSSL	11:cee25a834751	3530	return -1;
wolfSSL	11:cee25a834751	3531	}
wolfSSL	11:cee25a834751	3532	TraceOn = 1;
wolfSSL	11:cee25a834751	3533	}
wolfSSL	11:cee25a834751	3534	else
wolfSSL	11:cee25a834751	3535	TraceOn = 0;
wolfSSL	11:cee25a834751	3536
wolfSSL	11:cee25a834751	3537	return 0;
wolfSSL	11:cee25a834751	3538	}
wolfSSL	11:cee25a834751	3539
wolfSSL	11:cee25a834751	3540
wolfSSL	11:cee25a834751	3541	/* Enables/Disables Recovery of missed data if later packets allow
wolfSSL	11:cee25a834751	3542	* maxMemory is number of bytes to use for reassembly buffering per session,
wolfSSL	11:cee25a834751	3543	* -1 means unlimited
wolfSSL	11:cee25a834751	3544	* returns 0 on success, -1 on error */
wolfSSL	11:cee25a834751	3545	int ssl_EnableRecovery(int onOff, int maxMemory, char* error)
wolfSSL	11:cee25a834751	3546	{
wolfSSL	11:cee25a834751	3547	(void)error;
wolfSSL	11:cee25a834751	3548
wolfSSL	11:cee25a834751	3549	RecoveryEnabled = onOff;
wolfSSL	11:cee25a834751	3550	if (onOff)
wolfSSL	11:cee25a834751	3551	MaxRecoveryMemory = maxMemory;
wolfSSL	11:cee25a834751	3552
wolfSSL	11:cee25a834751	3553	return 0;
wolfSSL	11:cee25a834751	3554	}
wolfSSL	11:cee25a834751	3555
wolfSSL	11:cee25a834751	3556
wolfSSL	11:cee25a834751	3557
wolfSSL	11:cee25a834751	3558	int ssl_GetSessionStats(unsigned int* active, unsigned int* total,
wolfSSL	11:cee25a834751	3559	unsigned int* peak, unsigned int* maxSessions,
wolfSSL	11:cee25a834751	3560	unsigned int* missedData, unsigned int* reassemblyMem,
wolfSSL	11:cee25a834751	3561	char* error)
wolfSSL	11:cee25a834751	3562	{
wolfSSL	11:cee25a834751	3563	int ret;
wolfSSL	11:cee25a834751	3564
wolfSSL	11:cee25a834751	3565	if (missedData) {
wolfSSL	11:cee25a834751	3566	wc_LockMutex(&RecoveryMutex);
wolfSSL	11:cee25a834751	3567	*missedData = MissedDataSessions;
wolfSSL	11:cee25a834751	3568	wc_UnLockMutex(&RecoveryMutex);
wolfSSL	11:cee25a834751	3569	}
wolfSSL	11:cee25a834751	3570
wolfSSL	11:cee25a834751	3571	if (reassemblyMem) {
wolfSSL	11:cee25a834751	3572	SnifferSession* session;
wolfSSL	11:cee25a834751	3573	int i;
wolfSSL	11:cee25a834751	3574
wolfSSL	11:cee25a834751	3575	*reassemblyMem = 0;
wolfSSL	11:cee25a834751	3576	wc_LockMutex(&SessionMutex);
wolfSSL	11:cee25a834751	3577	for (i = 0; i < HASH_SIZE; i++) {
wolfSSL	11:cee25a834751	3578	session = SessionTable[i];
wolfSSL	11:cee25a834751	3579	while (session) {
wolfSSL	11:cee25a834751	3580	*reassemblyMem += session->cliReassemblyMemory;
wolfSSL	11:cee25a834751	3581	*reassemblyMem += session->srvReassemblyMemory;
wolfSSL	11:cee25a834751	3582	session = session->next;
wolfSSL	11:cee25a834751	3583	}
wolfSSL	11:cee25a834751	3584	}
wolfSSL	11:cee25a834751	3585	wc_UnLockMutex(&SessionMutex);
wolfSSL	11:cee25a834751	3586	}
wolfSSL	11:cee25a834751	3587
wolfSSL	11:cee25a834751	3588	ret = wolfSSL_get_session_stats(active, total, peak, maxSessions);
wolfSSL	11:cee25a834751	3589
wolfSSL	11:cee25a834751	3590	if (ret == SSL_SUCCESS)
wolfSSL	11:cee25a834751	3591	return 0;
wolfSSL	11:cee25a834751	3592	else {
wolfSSL	11:cee25a834751	3593	SetError(BAD_SESSION_STATS, error, NULL, 0);
wolfSSL	11:cee25a834751	3594	return -1;
wolfSSL	11:cee25a834751	3595	}
wolfSSL	11:cee25a834751	3596	}
wolfSSL	11:cee25a834751	3597
wolfSSL	11:cee25a834751	3598
wolfSSL	11:cee25a834751	3599
wolfSSL	11:cee25a834751	3600	#endif /* WOLFSSL_SNIFFER */
wolfSSL	11:cee25a834751	3601	#endif /* WOLFCRYPT_ONLY */
wolfSSL	11:cee25a834751	3602

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

src/sniffer.c@11:cee25a834751, 2017-05-30 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning