/// <summary>
/// Adds new TLS record to the conversation model.
/// </summary>
/// <param name="applicationData">The application data record.</param>
/// <param name="direction">The direction, i.e., client to server or vice versa.</param>
/// <param name="recordMeta">Metadata of the TLS record.</param>
/// <param name="tcpPackets">A collection of TCP segments caryying the record's data.</param>
public void AddApplicationDataRecord(TlsPacket.TlsApplicationData applicationData, TlsPacketContext packetContext)
{
TcpSegmentModel GetOrCreateModel((PacketMeta Meta, TcpPacket Packet) packet)
{
var segmentModel = m_modelContext.Find <TcpSegmentModel>(packet.Meta.Number);
if (segmentModel != null)
{
return(segmentModel);
}
else
{
var newSegmentModel = new TcpSegmentModel
{
TimeOffset = DateTimeOffset.FromUnixTimeMilliseconds(packet.Meta.Timestamp) - m_conversationModel.Timestamp,
PacketId = packet.Meta.Number,
Flags = TcpFlags(packet.Packet),
Length = packet.Packet.PayloadData?.Length ?? 0,
Window = packet.Packet.WindowSize
};
m_modelContext.Add(newSegmentModel);
return(newSegmentModel);
}
}
var newRecordModel = new TlsRecordModel
{
RecordId = packetContext.Metadata.Number,
Direction = packetContext.Direction,
TimeOffset = DateTimeOffset.FromUnixTimeMilliseconds(packetContext.Metadata.Timestamp) - m_conversationModel.Timestamp,
Length = applicationData.Body.Length,
Segments = packetContext.TcpPackets.Select(GetOrCreateModel).ToList(),
};
m_modelContext.Add(newRecordModel);
m_conversationModel.Records.Add(newRecordModel);
}
public byte[] DecryptApplicationData(TlsKeys tlsKeys, TlsPacket.TlsApplicationData applicationData, ulong sequenceNumber)
{
if (KeyBlock == null)
{
throw new InvalidOperationException($"KeyBlock not initialized. Please, call {nameof(InitializeKeyBlock)} first.");
}
var content = new Span <byte>(applicationData.Body);
if (this.SecurityParameters.CipherType == TlsCipherType.Aead)
{
var macLength = SecurityParameters.MacLength / 8;
var recordNonceLength = SecurityParameters.RecordIVLength / 8;
var nonce = ComputeNonce(tlsKeys, content);
var additionalData = ByteString.Combine(
BitConverter.GetBytes(sequenceNumber).Reverse().ToArray(),
new byte[] { (byte)applicationData.M_Parent.ContentType,
applicationData.M_Parent.Version.Major,
applicationData.M_Parent.Version.Minor },
BitConverter.GetBytes((ushort)(applicationData.Body.Length - (recordNonceLength + macLength))).Reverse().ToArray()
);
var aead = CreateAeadCipher(SecurityParameters.CipherMode, CreateBlockCipher(SecurityParameters.CipherAlgorithm.ToString().ToUpperInvariant()));
return(DecryptAead(aead, tlsKeys.EncodingKey, nonce, content.Slice(recordNonceLength), additionalData));
}
if (this.SecurityParameters.CipherType == TlsCipherType.Block)
{
var cbc = CreateBlockCipher(SecurityParameters.CipherMode, CreateBlockCipher(SecurityParameters.CipherAlgorithm.ToString().ToUpperInvariant()));
var mac = CreateHMacAlgorithm(SecurityParameters.MacAlgorithm);
return(DecryptBlock(cbc, mac, tlsKeys.EncodingKey, tlsKeys.IV, tlsKeys.MacKey, content));
}
if (this.SecurityParameters.CipherType == TlsCipherType.Stream)
{
throw new NotImplementedException();
}
throw new NotSupportedException($"Decrypting {CipherSuite.ToString()} is not supported.");
}
private static void DumpApplicationData(TlsDecoder tlsDecoder, TlsKeys tlsKeys, TlsPacket.TlsApplicationData tlsData, ulong seqNumber, string filename)
{
var plainBytes = tlsDecoder.DecryptApplicationData(tlsKeys, tlsData, seqNumber);
if (tlsDecoder.Compression == TlsPacket.CompressionMethods.Deflate)
{
plainBytes = tlsDecoder.Decompress(plainBytes);
}
File.WriteAllBytes($"{filename}.txt", plainBytes);
}
public void AddApplicationDataRecord(TlsPacket.TlsApplicationData applicationData, TlsPacketContext packetContext)
{
}
public TlsRecordApplicationData(TlsPacket.TlsApplicationData kaitaiApplicationData)
{
this.DataLen = kaitaiApplicationData.Body.Length;
}
