Skip to content

Commit

Permalink
add experimental jax3 support
Browse files Browse the repository at this point in the history
  • Loading branch information
nl5887 committed Jul 10, 2018
1 parent fab5ff4 commit 1927951
Show file tree
Hide file tree
Showing 197 changed files with 27,240 additions and 1,466 deletions.
4 changes: 2 additions & 2 deletions Gopkg.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

57 changes: 57 additions & 0 deletions event/conn.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
/*
* Honeytrap
* Copyright (C) 2016-2017 DutchSec (https://dutchsec.com/)
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU Affero General Public License version 3 as published by the
* Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
* details.
*
* You should have received a copy of the GNU Affero General Public License
* version 3 along with this program in the file "LICENSE". If not, see
* <http://www.gnu.org/licenses/agpl-3.0.txt>.
*
* See https://honeytrap.io/ for more details. All requests should be sent to
* licensing@honeytrap.io
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* Honeytrap" logo and retain the original copyright notice. If the display of the
* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
* must display the words "Powered by Honeytrap" and retain the original copyright notice.
*/
package event

import (
"net"
)

type Conn struct {
net.Conn

options []Option
}

func (ec *Conn) Options() Option {
return NewWith(ec.options...)
}

func WithConn(conn net.Conn, options ...Option) *Conn {
if innerConn, ok := conn.(*Conn); ok {
innerConn.options = append(innerConn.options, options...)
return innerConn
}

return &Conn{
Conn: conn,
options: options,
}
}
16 changes: 0 additions & 16 deletions event/event_linux_amd64.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,19 +29,3 @@
* must display the words "Powered by Honeytrap" and retain the original copyright notice.
*/
package event

import (
"net"

"github.com/google/netstack/tcpip/adapters/gonet"
)

func Conn(conn net.Conn) Option {
return func(m Event) {
if gc, ok := conn.(*gonet.Conn); !ok {
} else if irs, err := gc.IRS(); err != nil {
} else {
m.Store("irs", irs)
}
}
}
7 changes: 0 additions & 7 deletions event/event_other.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,3 @@
* must display the words "Powered by Honeytrap" and retain the original copyright notice.
*/
package event

import "net"

func Conn(conn net.Conn) Option {
return func(m Event) {
}
}
4 changes: 4 additions & 0 deletions event/map.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,10 @@ func New(opts ...Option) Event {
e.sm.Store("date", time.Now())

for _, opt := range opts {
if opt == nil {
continue
}

opt(e)
}

Expand Down
8 changes: 8 additions & 0 deletions listener/netstack/netstack_linux_amd64.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ import (
"github.com/fatih/color"
"github.com/vishvananda/netlink"

"github.com/honeytrap/honeytrap/event"
"github.com/honeytrap/honeytrap/listener"
"github.com/honeytrap/honeytrap/pushers"

Expand Down Expand Up @@ -317,6 +318,13 @@ func (l *netstackListener) Start(ctx context.Context) error {
continue
}

if gc, ok := conn.(*gonet.Conn); !ok {
} else if irs, err := gc.IRS(); err != nil {
} else {
conn = event.WithConn(conn, event.Custom("irs", irs))

}

l.ch <- conn
}
} else if ua, ok := address.(*net.UDPAddr); ok {
Expand Down
12 changes: 11 additions & 1 deletion services/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ import (

"github.com/honeytrap/honeytrap/event"
"github.com/honeytrap/honeytrap/pushers"
"github.com/rs/xid"
)

var (
Expand Down Expand Up @@ -119,6 +120,8 @@ func Cookies(cookies []*http.Cookie) event.Option {
}

func (s *httpService) Handle(ctx context.Context, conn net.Conn) error {
id := xid.New()

for {
br := bufio.NewReader(conn)

Expand All @@ -143,13 +146,20 @@ func (s *httpService) Handle(ctx context.Context, conn net.Conn) error {

io.Copy(ioutil.Discard, req.Body)

var connOptions event.Option = nil

if ec, ok := conn.(*event.Conn); ok {
connOptions = ec.Options()
}

s.c.Send(event.New(
EventOptions,
connOptions,
event.Category("http"),
event.Type("request"),
event.Conn(conn),
event.SourceAddr(conn.RemoteAddr()),
event.DestinationAddr(conn.LocalAddr()),
event.Custom("http.sessionid", id.String()),
event.Custom("http.method", req.Method),
event.Custom("http.proto", req.Proto),
event.Custom("http.host", req.Host),
Expand Down
31 changes: 27 additions & 4 deletions services/https.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ import (
"context"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"fmt"
Expand All @@ -43,6 +42,9 @@ import (
"sync"
"time"

"github.com/honeytrap/honeytrap/event"
tls "github.com/honeytrap/honeytrap/services/jax3/crypto/tls"

"github.com/honeytrap/honeytrap/pushers"
)

Expand Down Expand Up @@ -143,14 +145,35 @@ func (s *httpsService) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certific
}

func (s *httpsService) Handle(ctx context.Context, conn net.Conn) error {
jax3Digest := ""
serverName := ""

tlsConn := tls.Server(conn, &tls.Config{
Certificates: []tls.Certificate{},
GetCertificate: s.getCertificate,
Certificates: []tls.Certificate{},
GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
jax3Digest = hello.JAX3Digest()
serverName = hello.ServerName
return s.getCertificate(hello)
},
})

if err := tlsConn.Handshake(); err != nil {
s.c.Send(event.New(
EventOptions,
event.Category("https"),
event.Type("handshake-failed"),
event.SourceAddr(conn.RemoteAddr()),
event.DestinationAddr(conn.LocalAddr()),
event.Custom("https.jax3-digest", jax3Digest),
event.Custom("https.server-name", serverName),
))

return err
}

return s.httpService.Handle(ctx, tlsConn)
return s.httpService.Handle(ctx, event.WithConn(
tlsConn,
event.Custom("https.jax3-digest", jax3Digest),
event.Custom("https.server-name", serverName),
))
}
17 changes: 17 additions & 0 deletions services/jax3/crypto/internal/cipherhw/asm_amd64.s
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
// Copyright 2016 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// +build amd64,!gccgo,!appengine

#include "textflag.h"

// func hasAESNI() bool
TEXT ·hasAESNI(SB),NOSPLIT,$0
XORQ AX, AX
INCL AX
CPUID
SHRQ $25, CX
ANDQ $1, CX
MOVB CX, ret+0(FP)
RET
44 changes: 44 additions & 0 deletions services/jax3/crypto/internal/cipherhw/asm_s390x.s
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
// Copyright 2016 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// +build s390x,!gccgo,!appengine

#include "textflag.h"

// func hasHWSupport() bool
TEXT ·hasHWSupport(SB),NOSPLIT,$16-1
XOR R0, R0 // set function code to 0 (query)
LA mask-16(SP), R1 // 16-byte stack variable for mask
MOVD $(0x38<<40), R3 // mask for bits 18-20 (big endian)

// check for KM AES functions
WORD $0xB92E0024 // cipher message (KM)
MOVD mask-16(SP), R2
AND R3, R2
CMPBNE R2, R3, notfound

// check for KMC AES functions
WORD $0xB92F0024 // cipher message with chaining (KMC)
MOVD mask-16(SP), R2
AND R3, R2
CMPBNE R2, R3, notfound

// check for KMCTR AES functions
WORD $0xB92D4024 // cipher message with counter (KMCTR)
MOVD mask-16(SP), R2
AND R3, R2
CMPBNE R2, R3, notfound

// check for KIMD GHASH function
WORD $0xB93E0024 // compute intermediate message digest (KIMD)
MOVD mask-8(SP), R2 // bits 64-127
MOVD $(1<<62), R5
AND R5, R2
CMPBNE R2, R5, notfound

MOVB $1, ret+0(FP)
RET
notfound:
MOVB $0, ret+0(FP)
RET
16 changes: 16 additions & 0 deletions services/jax3/crypto/internal/cipherhw/cipherhw_amd64.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
// Copyright 2016 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// +build amd64,!gccgo,!appengine

package cipherhw

// defined in asm_amd64.s
func hasAESNI() bool

// AESGCMSupport returns true if the Go standard library supports AES-GCM in
// hardware.
func