Re: [PATCH] MINOR: SSL: add client/server random sample fetches
On Tue, Jun 04, 2019 at 07:56:21PM -0400, Patrick Hemmer wrote: > The updated patch fixes the documentation to be in alphabetical order. Got > carried away with putting the doc in the same order the code is in. Now merged, thank you Patrick! willy
Re: [PATCH] MINOR: SSL: add client/server random sample fetches
*From:* Patrick Hemmer [mailto:hapr...@stormcloud9.net] *Sent:* Tuesday, June 4, 2019, 16:38 EDT *To:* haproxy@formilux.org *Subject:* [PATCH] MINOR: SSL: add client/server random sample fetches Re-send of earlier patch due to formatting issues (upgraded thunderbird and lost a bunch of stuff :-( ). As an attachment this time, so should be safe. -Patrick The updated patch fixes the documentation to be in alphabetical order. Got carried away with putting the doc in the same order the code is in. -Patrick From 39238b4840d409b5dcf198f2e03b5a58bb718d4a Mon Sep 17 00:00:00 2001 From: Patrick Hemmer Date: Tue, 4 Jun 2019 08:13:03 -0400 Subject: [PATCH] MINOR: SSL: add client/server random sample fetches This adds 4 sample fetches: - ssl_fc_client_random - ssl_fc_server_random - ssl_bc_client_random - ssl_bc_server_random These fetches retrieve the client or server random value sent during the handshake. Their use is to be able to decrypt traffic sent using ephemeral ciphers. Tools like wireshark expect a TLS log file with lines in a few known formats (https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-tls-utils.c;h=28a51fb1fb029eae5cea52d37ff5b67d9b11950f;hb=HEAD#l5209). Previously the only format supported using data retrievable from HAProxy state was the one utilizing the Session-ID. However an SSL/TLS session ID is optional, and thus cannot be relied upon for this purpose. This change introduces the ability to extract the client random instead which can be used for one of the other formats. The change also adds the ability to extract the server random, just in case it might have some other use, as the code change to support this was trivial. --- doc/configuration.txt | 20 src/ssl_sock.c| 35 +++ 2 files changed, 55 insertions(+) diff --git a/doc/configuration.txt b/doc/configuration.txt index 074a7fffe..e6e6285a6 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -15430,6 +15430,11 @@ ssl_bc_cipher : string Returns the name of the used cipher when the outgoing connection was made over an SSL/TLS transport layer. +ssl_bc_client_random : binary + Returns the client random of the back connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + ssl_bc_is_resumed : boolean Returns true when the back connection was made over an SSL/TLS transport layer and the newly created SSL session was resumed using a cached @@ -15454,6 +15459,11 @@ ssl_bc_unique_id : binary returns the TLS unique ID as defined in RFC5929 section 3. The unique id can be encoded to base64 using the converter: "ssl_bc_unique_id,base64". +ssl_bc_server_random : binary + Returns the server random of the back connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + ssl_bc_session_id : binary Returns the SSL ID of the back connection when the outgoing connection was made over an SSL/TLS transport layer. It is useful to log if we want to know @@ -15675,6 +15685,11 @@ ssl_fc_cipherlist_xxh : integer "tune.ssl.capture-cipherlist-size" is set greater than 0, however the hash take in account all the data of the cipher list. +ssl_fc_client_random : binary + Returns the client random of the front connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + ssl_fc_has_crt : boolean Returns true if a client certificate is present in an incoming connection over SSL/TLS transport layer. Useful if 'verify' statement is set to 'optional'. @@ -15719,6 +15734,11 @@ ssl_fc_unique_id : binary returns the TLS unique ID as defined in RFC5929 section 3. The unique id can be encoded to base64 using the converter: "ssl_bc_unique_id,base64". +ssl_fc_server_random : binary + Returns the server random of the front connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + ssl_fc_session_id : binary Returns the SSL ID of the front connection when the incoming connection was made over an SSL/TLS transport layer. It is useful to stick a given client to diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 2eb344dfa..fb7e96bf9 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -7195,6 +7195,37 @@ smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const ch #if HA_OPENSSL
[PATCH] MINOR: SSL: add client/server random sample fetches
Re-send of earlier patch due to formatting issues (upgraded thunderbird and lost a bunch of stuff :-( ). As an attachment this time, so should be safe. -Patrick From 0947dc1faf7a0a90631adcebc2e65fc191da8473 Mon Sep 17 00:00:00 2001 From: Patrick Hemmer Date: Tue, 4 Jun 2019 08:13:03 -0400 Subject: [PATCH] MINOR: SSL: add client/server random sample fetches This adds 4 sample fetches: - ssl_fc_client_random - ssl_fc_server_random - ssl_bc_client_random - ssl_bc_server_random These fetches retrieve the client or server random value sent during the handshake. Their use is to be able to decrypt traffic sent using ephemeral ciphers. Tools like wireshark expect a TLS log file with lines in a few known formats (https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-tls-utils.c;h=28a51fb1fb029eae5cea52d37ff5b67d9b11950f;hb=HEAD#l5209). Previously the only format supported using data retrievable from HAProxy state was the one utilizing the Session-ID. However an SSL/TLS session ID is optional, and thus cannot be relied upon for this purpose. This change introduces the ability to extract the client random instead which can be used for one of the other formats. The change also adds the ability to extract the server random, just in case it might have some other use, as the code change to support this was trivial. --- doc/configuration.txt | 20 src/ssl_sock.c| 35 +++ 2 files changed, 55 insertions(+) diff --git a/doc/configuration.txt b/doc/configuration.txt index 074a7fffe..f1325ea3f 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -15459,6 +15459,16 @@ ssl_bc_session_id : binary made over an SSL/TLS transport layer. It is useful to log if we want to know if session was reused or not. +ssl_bc_client_random : binary + Returns the client random of the back connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + +ssl_bc_server_random : binary + Returns the server random of the back connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + ssl_bc_session_key : binary Returns the SSL session master key of the back connection when the outgoing connection was made over an SSL/TLS transport layer. It is useful to decrypt @@ -15725,6 +15735,16 @@ ssl_fc_session_id : binary a server. It is important to note that some browsers refresh their session ID every few minutes. +ssl_fc_client_random : binary + Returns the client random of the front connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + +ssl_fc_server_random : binary + Returns the server random of the front connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + ssl_fc_session_key : binary Returns the SSL session master key of the front connection when the incoming connection was made over an SSL/TLS transport layer. It is useful to decrypt diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 2eb344dfa..fb7e96bf9 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -7195,6 +7195,37 @@ smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const ch #if HA_OPENSSL_VERSION_NUMBER >= 0x1010L || defined(OPENSSL_IS_BORINGSSL) +static int +smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private) +{ + struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) : + smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL; + struct buffer *data; + struct ssl_sock_ctx *ctx; + + if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock) + return 0; + ctx = conn->xprt_ctx; + + data = get_trash_chunk(); + if (kw[7] == 'c') + data->data = SSL_get_client_random(ctx->ssl, + (unsigned char *) data->area, + data->size); + else + data->data = SSL_get_server_random(ctx->ssl, + (unsigned char *) data->area, +
Re: [PATCH] MINOR: SSL: add client/server random sample fetches
Hi Patrick, On Tue, Jun 04, 2019 at 01:27:42PM +, Patrick Hemmer wrote: > This adds 4 sample fetches: > - ssl_fc_client_random > - ssl_fc_server_random > - ssl_bc_client_random > - ssl_bc_server_random > > These fetches retrieve the client or server random value sent during the > handshake. Thanks, however your patch was mangled by your mailer (wrapped lines), could you please resend it attached so that it (hopefully) doesn't modify it ? Otherwise your patch looks OK to me and seems to make sense. Thanks Willy
[PATCH] MINOR: SSL: add client/server random sample fetches
This adds 4 sample fetches: - ssl_fc_client_random - ssl_fc_server_random - ssl_bc_client_random - ssl_bc_server_random These fetches retrieve the client or server random value sent during the handshake. Their use is to be able to decrypt traffic sent using ephemeral ciphers. Tools like wireshark expect a TLS log file with lines in a few known formats (https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-tls-utils.c;h=28a51fb1fb029eae5cea52d37ff5b67d9b11950f;hb=HEAD#l5209). Previously the only format supported using data retrievable from HAProxy state was the one utilizing the Session-ID. However an SSL/TLS session ID is optional, and thus cannot be relied upon for this purpose. This change introduces the ability to extract the client random instead which can be used for one of the other formats. The change also adds the ability to extract the server random, just in case it might have some other use, as the code change to support this was trivial. --- doc/configuration.txt | 20 src/ssl_sock.c| 35 +++ 2 files changed, 55 insertions(+) diff --git a/doc/configuration.txt b/doc/configuration.txt index 074a7fffe..f1325ea3f 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -15459,6 +15459,16 @@ ssl_bc_session_id : binary made over an SSL/TLS transport layer. It is useful to log if we want to know if session was reused or not. +ssl_bc_client_random : binary + Returns the client random of the back connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + +ssl_bc_server_random : binary + Returns the server random of the back connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + ssl_bc_session_key : binary Returns the SSL session master key of the back connection when the outgoing connection was made over an SSL/TLS transport layer. It is useful to decrypt @@ -15725,6 +15735,16 @@ ssl_fc_session_id : binary a server. It is important to note that some browsers refresh their session ID every few minutes. +ssl_fc_client_random : binary + Returns the client random of the front connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + +ssl_fc_server_random : binary + Returns the server random of the front connection when the incoming connection + was made over an SSL/TLS transport layer. It is useful to to decrypt traffic + sent using ephemeral ciphers. This requires OpenSSL >= 1.1.0, or BoringSSL. + ssl_fc_session_key : binary Returns the SSL session master key of the front connection when the incoming connection was made over an SSL/TLS transport layer. It is useful to decrypt diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 2eb344dfa..fb7e96bf9 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -7195,6 +7195,37 @@ smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const ch #if HA_OPENSSL_VERSION_NUMBER >= 0x1010L || defined(OPENSSL_IS_BORINGSSL) +static int +smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private) +{ + struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) : + smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL; + struct buffer *data; + struct ssl_sock_ctx *ctx; + + if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock) + return 0; + ctx = conn->xprt_ctx; + + data = get_trash_chunk(); + if (kw[7] == 'c') + data->data = SSL_get_client_random(ctx->ssl, + (unsigned char *) data->area, + data->size); + else + data->data = SSL_get_server_random(ctx->ssl, + (unsigned char *) data->area, + data->size); + if (!data->data) + return 0; + + smp->flags = 0; + smp->data.type = SMP_T_BIN; + smp->data.u.str = *data; + + return 1; +} + static int smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private) { @@ -9395,6 +9426,8 @@ static struct sample_fetch_kw_list sample_fetch