add experimental jax3 support

Author: nl5887

Gopkg.lock

@@ -0,0 +1,57 @@
+/*
+* Honeytrap
+* Copyright (C) 2016-2017 DutchSec (https://dutchsec.com/)
+*
+* This program is free software; you can redistribute it and/or modify it under
+* the terms of the GNU Affero General Public License version 3 as published by the
+* Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful, but WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+* FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
+* details.
+*
+* You should have received a copy of the GNU Affero General Public License
+* version 3 along with this program in the file "LICENSE".  If not, see
+* <http://www.gnu.org/licenses/agpl-3.0.txt>.
+*
+* See https://honeytrap.io/ for more details. All requests should be sent to
+* licensing@honeytrap.io
+*
+* The interactive user interfaces in modified source and object code versions
+* of this program must display Appropriate Legal Notices, as required under
+* Section 5 of the GNU Affero General Public License version 3.
+*
+* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
+* these Appropriate Legal Notices must retain the display of the "Powered by
+* Honeytrap" logo and retain the original copyright notice. If the display of the
+* logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
+* must display the words "Powered by Honeytrap" and retain the original copyright notice.
+ */
+package event
+
+import (
+	"net"
+)
+
+type Conn struct {
+	net.Conn
+
+	options []Option
+}
+
+func (ec *Conn) Options() Option {
+	return NewWith(ec.options...)
+}
+
+func WithConn(conn net.Conn, options ...Option) *Conn {
+	if innerConn, ok := conn.(*Conn); ok {
+		innerConn.options = append(innerConn.options, options...)
+		return innerConn
+	}
+
+	return &Conn{
+		Conn:    conn,
+		options: options,
+	}
+}

event/conn.go

@@ -29,19 +29,3 @@
 * must display the words "Powered by Honeytrap" and retain the original copyright notice.
  */
 package event
-
-import (
-	"net"
-
-	"github.com/google/netstack/tcpip/adapters/gonet"
-)
-
-func Conn(conn net.Conn) Option {
-	return func(m Event) {
-		if gc, ok := conn.(*gonet.Conn); !ok {
-		} else if irs, err := gc.IRS(); err != nil {
-		} else {
-			m.Store("irs", irs)
-		}
-	}
-}

event/event_linux_amd64.go

@@ -31,10 +31,3 @@
 * must display the words "Powered by Honeytrap" and retain the original copyright notice.
  */
 package event
-
-import "net"
-
-func Conn(conn net.Conn) Option {
-	return func(m Event) {
-	}
-}

event/event_other.go

@@ -63,6 +63,10 @@ func New(opts ...Option) Event {
 	e.sm.Store("date", time.Now())
 
 	for _, opt := range opts {
+		if opt == nil {
+			continue
+		}
+
 		opt(e)
 	}
 

event/map.go

@@ -40,6 +40,7 @@ import (
 	"github.com/fatih/color"
 	"github.com/vishvananda/netlink"
 
+	"github.com/honeytrap/honeytrap/event"
 	"github.com/honeytrap/honeytrap/listener"
 	"github.com/honeytrap/honeytrap/pushers"
 
@@ -317,6 +318,13 @@ func (l *netstackListener) Start(ctx context.Context) error {
 						continue
 					}
 
+					if gc, ok := conn.(*gonet.Conn); !ok {
+					} else if irs, err := gc.IRS(); err != nil {
+					} else {
+						conn = event.WithConn(conn, event.Custom("irs", irs))
+
+					}
+
 					l.ch <- conn
 				}
 			} else if ua, ok := address.(*net.UDPAddr); ok {

listener/netstack/netstack_linux_amd64.go

@@ -43,6 +43,7 @@ import (
 
 	"github.com/honeytrap/honeytrap/event"
 	"github.com/honeytrap/honeytrap/pushers"
+	"github.com/rs/xid"
 )
 
 var (
@@ -119,6 +120,8 @@ func Cookies(cookies []*http.Cookie) event.Option {
 }
 
 func (s *httpService) Handle(ctx context.Context, conn net.Conn) error {
+	id := xid.New()
+
 	for {
 		br := bufio.NewReader(conn)
 
@@ -143,13 +146,20 @@ func (s *httpService) Handle(ctx context.Context, conn net.Conn) error {
 
 		io.Copy(ioutil.Discard, req.Body)
 
+		var connOptions event.Option = nil
+
+		if ec, ok := conn.(*event.Conn); ok {
+			connOptions = ec.Options()
+		}
+
 		s.c.Send(event.New(
 			EventOptions,
+			connOptions,
 			event.Category("http"),
 			event.Type("request"),
-			event.Conn(conn),
 			event.SourceAddr(conn.RemoteAddr()),
 			event.DestinationAddr(conn.LocalAddr()),
+			event.Custom("http.sessionid", id.String()),
 			event.Custom("http.method", req.Method),
 			event.Custom("http.proto", req.Proto),
 			event.Custom("http.host", req.Host),

services/http.go

@@ -34,7 +34,6 @@ import (
 	"context"
 	"crypto/rand"
 	"crypto/rsa"
-	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"fmt"
@@ -43,6 +42,9 @@ import (
 	"sync"
 	"time"
 
+	"github.com/honeytrap/honeytrap/event"
+	tls "github.com/honeytrap/honeytrap/services/jax3/crypto/tls"
+
 	"github.com/honeytrap/honeytrap/pushers"
 )
 
@@ -143,14 +145,35 @@ func (s *httpsService) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certific
 }
 
 func (s *httpsService) Handle(ctx context.Context, conn net.Conn) error {
+	jax3Digest := ""
+	serverName := ""
+
 	tlsConn := tls.Server(conn, &tls.Config{
-		Certificates:   []tls.Certificate{},
-		GetCertificate: s.getCertificate,
+		Certificates: []tls.Certificate{},
+		GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+			jax3Digest = hello.JAX3Digest()
+			serverName = hello.ServerName
+			return s.getCertificate(hello)
+		},
 	})
 
 	if err := tlsConn.Handshake(); err != nil {
+		s.c.Send(event.New(
+			EventOptions,
+			event.Category("https"),
+			event.Type("handshake-failed"),
+			event.SourceAddr(conn.RemoteAddr()),
+			event.DestinationAddr(conn.LocalAddr()),
+			event.Custom("https.jax3-digest", jax3Digest),
+			event.Custom("https.server-name", serverName),
+		))
+
 		return err
 	}
 
-	return s.httpService.Handle(ctx, tlsConn)
+	return s.httpService.Handle(ctx, event.WithConn(
+		tlsConn,
+		event.Custom("https.jax3-digest", jax3Digest),
+		event.Custom("https.server-name", serverName),
+	))
 }

services/https.go

@@ -0,0 +1,17 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build amd64,!gccgo,!appengine
+
+#include "textflag.h"
+
+// func hasAESNI() bool
+TEXT ·hasAESNI(SB),NOSPLIT,$0
+	XORQ AX, AX
+	INCL AX
+	CPUID
+	SHRQ $25, CX
+	ANDQ $1, CX
+	MOVB CX, ret+0(FP)
+	RET

services/jax3/crypto/internal/cipherhw/asm_amd64.s

@@ -0,0 +1,44 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build s390x,!gccgo,!appengine
+
+#include "textflag.h"
+
+// func hasHWSupport() bool
+TEXT ·hasHWSupport(SB),NOSPLIT,$16-1
+	XOR	R0, R0          // set function code to 0 (query)
+	LA	mask-16(SP), R1 // 16-byte stack variable for mask
+	MOVD	$(0x38<<40), R3 // mask for bits 18-20 (big endian)
+
+	// check for KM AES functions
+	WORD	$0xB92E0024 // cipher message (KM)
+	MOVD	mask-16(SP), R2
+	AND	R3, R2
+	CMPBNE	R2, R3, notfound
+
+	// check for KMC AES functions
+	WORD	$0xB92F0024 // cipher message with chaining (KMC)
+	MOVD	mask-16(SP), R2
+	AND	R3, R2
+	CMPBNE	R2, R3, notfound
+
+	// check for KMCTR AES functions
+	WORD	$0xB92D4024 // cipher message with counter (KMCTR)
+	MOVD	mask-16(SP), R2
+	AND	R3, R2
+	CMPBNE	R2, R3, notfound
+
+	// check for KIMD GHASH function
+	WORD	$0xB93E0024    // compute intermediate message digest (KIMD)
+	MOVD	mask-8(SP), R2 // bits 64-127
+	MOVD	$(1<<62), R5
+	AND	R5, R2
+	CMPBNE	R2, R5, notfound
+
+	MOVB	$1, ret+0(FP)
+	RET
+notfound:
+	MOVB	$0, ret+0(FP)
+	RET