From: Jean-Paul Roliers <popof.fpn@gmail.com>
Date: Thu, 2 Feb 2012 14:07:42 +0000 (+0100)
Subject: tls: adding fingerprint calculation.
X-Git-Tag: suricata-1.4beta1~73
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=644c1b3cad51212423601e8f5df32fb6240b1571;p=thirdparty%2Fsuricata.git

tls: adding fingerprint calculation.

Adding a pointer in ssl_state struct and compute fingerprint during
certificate decoding.
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index f8012c32e2..c092a5f98b 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -878,6 +878,8 @@ void SSLStateFree(void *p)
         SCFree(ssl_state->client_connp.cert0_subject);
     if (ssl_state->client_connp.cert0_issuerdn)
         SCFree(ssl_state->client_connp.cert0_issuerdn);
+    if (ssl_state->client_connp.cert0_fingerprint)
+        SCFree(ssl_state->client_connp.cert0_fingerprint);
 
     if (ssl_state->server_connp.trec)
         SCFree(ssl_state->server_connp.trec);
@@ -885,6 +887,8 @@ void SSLStateFree(void *p)
         SCFree(ssl_state->server_connp.cert0_subject);
     if (ssl_state->server_connp.cert0_issuerdn)
         SCFree(ssl_state->server_connp.cert0_issuerdn);
+    if (ssl_state->server_connp.cert0_fingerprint)
+        SCFree(ssl_state->server_connp.cert0_fingerprint);
 
     SCFree(ssl_state);
 
diff --git a/src/app-layer-ssl.h b/src/app-layer-ssl.h
index f96e04d3a5..85da873c1f 100644
--- a/src/app-layer-ssl.h
+++ b/src/app-layer-ssl.h
@@ -100,6 +100,7 @@ typedef struct SSLStateConnp_ {
 
     char *cert0_subject;
     char *cert0_issuerdn;
+    char *cert0_fingerprint;
 
     /* buffer for the tls record.
      * We use a malloced buffer, if the record is fragmented */
diff --git a/src/app-layer-tls-handshake.c b/src/app-layer-tls-handshake.c
index 053b6d0948..ce0349cafd 100644
--- a/src/app-layer-tls-handshake.c
+++ b/src/app-layer-tls-handshake.c
@@ -50,6 +50,8 @@
 #include "util-decode-der.h"
 #include "util-decode-der-get.h"
 
+#include "util-crypt.h"
+
 #define SSLV3_RECORD_LEN 5
 
 static void TLSCertificateErrCodeToWarning(SSLState *ssl_state, uint32_t errcode)
@@ -143,6 +145,32 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
                 }
             }
             DerFree(cert);
+
+            if (i == 0 && ssl_state->server_connp.cert0_fingerprint == NULL) {
+                int msg_len = cur_cert_length;
+                int hash_len = 20;
+                int out_len = 60;
+                char out[out_len];
+                unsigned char* hash;
+                hash = ComputeSHA1((unsigned char*) input, (int) msg_len);
+                char *p = out;
+                int j = 0;
+
+                if (hash == NULL) {
+                    SCLogWarning(SC_ERR_MEM_ALLOC, "Can not allocate fingerprint string");
+                } else {
+
+                    for (j = 0; j < hash_len; j++, p += 3) {
+                        snprintf(p, 4, j == hash_len - 1 ? "%02x" : "%02x:", hash[j]);
+                    }
+                    SCFree(hash);
+                    ssl_state->server_connp.cert0_fingerprint = SCStrdup(out);
+                    if (ssl_state->server_connp.cert0_fingerprint == NULL) {
+                        SCLogWarning(SC_ERR_MEM_ALLOC, "Can not allocate fingerprint string");
+                    }
+                }
+            }
+
         }
 
         i++;
@@ -152,5 +180,6 @@ int DecodeTLSHandshakeServerCertificate(SSLState *ssl_state, uint8_t *input, uin
     }
 
     return parsed;
+
 }