2 * Routines for dtls dissection
3 * Copyright (c) 2006, Authesserre Samuel <sauthess@gmail.com>
4 * Copyright (c) 2007, Mikael Magnusson <mikma@users.sourceforge.net>
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 * DTLS dissection and decryption.
28 * See RFC 4347 for details about DTLS specs.
31 * This dissector is based on the TLS dissector (packet-ssl.c); Because of the similarity
32 * of DTLS and TLS, decryption works like TLS with RSA key exchange.
33 * This dissector uses the sames things (file, libraries) as the SSL dissector (gnutls, packet-ssl-utils.h)
34 * to make it easily maintainable.
36 * It was developed to dissect and decrypt the OpenSSL v 0.9.8f DTLS implementation.
37 * It is limited to this implementation; there is no complete implementation.
41 * - DTLS decryption (openssl one)
44 * - activate correct Mac calculation when openssl will be corrected
45 * (or if an other implementation works),
46 * corrected code is ready and commented in packet-ssl-utils.h file.
47 * - add missing things (desegmentation, reordering... that aren't present in actual OpenSSL implementation)
54 #include <epan/packet.h>
55 #include <epan/conversation.h>
56 #include <epan/expert.h>
57 #include <epan/prefs.h>
58 #include <epan/asn1.h>
59 #include <epan/dissectors/packet-x509af.h>
60 #include <epan/wmem/wmem.h>
62 #include <epan/reassemble.h>
63 #include "packet-x509if.h"
64 #include "packet-ssl-utils.h"
65 #include <wsutil/file_util.h>
67 #include <epan/sctpppids.h>
68 #include <epan/exported_pdu.h>
70 void proto_register_dtls(void);
72 /* DTLS User Access Table */
73 static ssldecrypt_assoc_t *dtlskeylist_uats = NULL;
74 static guint ndtlsdecrypt = 0;
76 /* we need to remember the top tree so that subdissectors we call are created
77 * at the root and not deep down inside the DTLS decode
79 static proto_tree *top_tree;
81 /*********************************************************************
83 * Protocol Constants, Variables, Data Structures
85 *********************************************************************/
87 /* Initialize the protocol and registered fields */
88 static gint dtls_tap = -1;
89 static gint exported_pdu_tap = -1;
90 static gint proto_dtls = -1;
91 static gint hf_dtls_record = -1;
92 static gint hf_dtls_record_content_type = -1;
93 static gint hf_dtls_record_version = -1;
94 static gint hf_dtls_record_epoch = -1;
95 static gint hf_dtls_record_sequence_number = -1;
96 static gint hf_dtls_record_length = -1;
97 static gint hf_dtls_record_appdata = -1;
98 static gint hf_dtls_change_cipher_spec = -1;
99 static gint hf_dtls_alert_message = -1;
100 static gint hf_dtls_alert_message_level = -1;
101 static gint hf_dtls_alert_message_description = -1;
102 static gint hf_dtls_handshake_protocol = -1;
103 static gint hf_dtls_handshake_type = -1;
104 static gint hf_dtls_handshake_length = -1;
105 static gint hf_dtls_handshake_message_seq = -1;
106 static gint hf_dtls_handshake_fragment_offset = -1;
107 static gint hf_dtls_handshake_fragment_length = -1;
108 static gint hf_dtls_handshake_client_version = -1;
109 static gint hf_dtls_handshake_server_version = -1;
110 static gint hf_dtls_handshake_random_time = -1;
111 static gint hf_dtls_handshake_random_bytes = -1;
112 static gint hf_dtls_handshake_cookie_len = -1;
113 static gint hf_dtls_handshake_cookie = -1;
114 static gint hf_dtls_handshake_cipher_suites_len = -1;
115 static gint hf_dtls_handshake_cipher_suites = -1;
116 static gint hf_dtls_handshake_cipher_suite = -1;
117 static gint hf_dtls_handshake_session_id = -1;
118 static gint hf_dtls_handshake_comp_methods_len = -1;
119 static gint hf_dtls_handshake_comp_methods = -1;
120 static gint hf_dtls_handshake_comp_method = -1;
121 static gint hf_dtls_handshake_extensions_len = -1;
122 static gint hf_dtls_handshake_extension_type = -1;
123 static gint hf_dtls_handshake_extension_len = -1;
124 static gint hf_dtls_handshake_extension_data = -1;
125 static gint hf_dtls_handshake_session_ticket_lifetime_hint = -1;
126 static gint hf_dtls_handshake_session_ticket_len = -1;
127 static gint hf_dtls_handshake_session_ticket = -1;
128 static gint hf_dtls_handshake_certificates_len = -1;
129 static gint hf_dtls_handshake_certificates = -1;
130 static gint hf_dtls_handshake_certificate = -1;
131 static gint hf_dtls_handshake_certificate_len = -1;
132 static gint hf_dtls_handshake_cert_types_count = -1;
133 static gint hf_dtls_handshake_cert_types = -1;
134 static gint hf_dtls_handshake_cert_type = -1;
135 static gint hf_dtls_handshake_server_keyex_p_len = -1;
136 static gint hf_dtls_handshake_server_keyex_g_len = -1;
137 static gint hf_dtls_handshake_server_keyex_ys_len = -1;
138 static gint hf_dtls_handshake_server_keyex_point_len = -1;
139 static gint hf_dtls_handshake_client_keyex_yc_len = -1;
140 static gint hf_dtls_handshake_client_keyex_point_len = -1;
141 static gint hf_dtls_handshake_client_keyex_epms_len = -1;
142 static gint hf_dtls_handshake_server_keyex_modulus_len = -1;
143 static gint hf_dtls_handshake_server_keyex_exponent_len = -1;
144 static gint hf_dtls_handshake_server_keyex_sig_len = -1;
145 static gint hf_dtls_handshake_server_keyex_p = -1;
146 static gint hf_dtls_handshake_server_keyex_g = -1;
147 static gint hf_dtls_handshake_server_keyex_ys = -1;
148 static gint hf_dtls_handshake_client_keyex_yc = -1;
149 static gint hf_dtls_handshake_server_keyex_curve_type = -1;
150 static gint hf_dtls_handshake_server_keyex_named_curve = -1;
151 static gint hf_dtls_handshake_server_keyex_point = -1;
152 static gint hf_dtls_handshake_client_keyex_epms = -1;
153 static gint hf_dtls_handshake_client_keyex_point = -1;
154 static gint hf_dtls_handshake_server_keyex_modulus = -1;
155 static gint hf_dtls_handshake_server_keyex_exponent = -1;
156 static gint hf_dtls_handshake_server_keyex_sig = -1;
157 static gint hf_dtls_handshake_server_keyex_hint_len = -1;
158 static gint hf_dtls_handshake_server_keyex_hint = -1;
159 static gint hf_dtls_handshake_client_keyex_identity_len = -1;
160 static gint hf_dtls_handshake_client_keyex_identity = -1;
161 static gint hf_dtls_handshake_sig_hash_alg_len = -1;
162 static gint hf_dtls_handshake_sig_hash_algs = -1;
163 static gint hf_dtls_handshake_sig_hash_alg = -1;
164 static gint hf_dtls_handshake_sig_hash_hash = -1;
165 static gint hf_dtls_handshake_sig_hash_sig = -1;
166 static gint hf_dtls_handshake_finished = -1;
167 /* static gint hf_dtls_handshake_md5_hash = -1; */
168 /* static gint hf_dtls_handshake_sha_hash = -1; */
169 static gint hf_dtls_handshake_session_id_len = -1;
170 static gint hf_dtls_handshake_dnames_len = -1;
171 static gint hf_dtls_handshake_dnames = -1;
172 static gint hf_dtls_handshake_dname_len = -1;
173 static gint hf_dtls_handshake_dname = -1;
175 static gint hf_dtls_heartbeat_extension_mode = -1;
176 static gint hf_dtls_heartbeat_message = -1;
177 static gint hf_dtls_heartbeat_message_type = -1;
178 static gint hf_dtls_heartbeat_message_payload_length = -1;
179 static gint hf_dtls_heartbeat_message_payload = -1;
180 static gint hf_dtls_heartbeat_message_padding = -1;
182 static gint hf_dtls_fragments = -1;
183 static gint hf_dtls_fragment = -1;
184 static gint hf_dtls_fragment_overlap = -1;
185 static gint hf_dtls_fragment_overlap_conflicts = -1;
186 static gint hf_dtls_fragment_multiple_tails = -1;
187 static gint hf_dtls_fragment_too_long_fragment = -1;
188 static gint hf_dtls_fragment_error = -1;
189 static gint hf_dtls_fragment_count = -1;
190 static gint hf_dtls_reassembled_in = -1;
191 static gint hf_dtls_reassembled_length = -1;
193 /* Initialize the subtree pointers */
194 static gint ett_dtls = -1;
195 static gint ett_dtls_record = -1;
196 static gint ett_dtls_alert = -1;
197 static gint ett_dtls_handshake = -1;
198 static gint ett_dtls_heartbeat = -1;
199 static gint ett_dtls_cipher_suites = -1;
200 static gint ett_dtls_comp_methods = -1;
201 static gint ett_dtls_extension = -1;
202 static gint ett_dtls_random = -1;
203 static gint ett_dtls_new_ses_ticket = -1;
204 static gint ett_dtls_keyex_params = -1;
205 static gint ett_dtls_certs = -1;
206 static gint ett_dtls_cert_types = -1;
207 static gint ett_dtls_sig_hash_algs = -1;
208 static gint ett_dtls_sig_hash_alg = -1;
209 static gint ett_dtls_dnames = -1;
211 static gint ett_dtls_fragment = -1;
212 static gint ett_dtls_fragments = -1;
214 static expert_field ei_dtls_handshake_fragment_length_too_long = EI_INIT;
215 static expert_field ei_dtls_handshake_fragment_past_end_msg = EI_INIT;
216 static expert_field ei_dtls_msg_len_diff_fragment = EI_INIT;
217 static expert_field ei_dtls_handshake_sig_hash_alg_len_bad = EI_INIT;
219 static GHashTable *dtls_session_hash = NULL;
220 static GHashTable *dtls_key_hash = NULL;
221 static reassembly_table dtls_reassembly_table;
222 static GTree* dtls_associations = NULL;
223 static dissector_handle_t dtls_handle = NULL;
224 static StringInfo dtls_compressed_data = {NULL, 0};
225 static StringInfo dtls_decrypted_data = {NULL, 0};
226 static gint dtls_decrypted_data_avail = 0;
228 static uat_t *dtlsdecrypt_uat = NULL;
229 static const gchar *dtls_keys_list = NULL;
230 #ifdef HAVE_LIBGNUTLS
231 static const gchar *dtls_debug_file_name = NULL;
234 static heur_dissector_list_t heur_subdissector_list;
236 static const fragment_items dtls_frag_items = {
237 /* Fragment subtrees */
240 /* Fragment fields */
243 &hf_dtls_fragment_overlap,
244 &hf_dtls_fragment_overlap_conflicts,
245 &hf_dtls_fragment_multiple_tails,
246 &hf_dtls_fragment_too_long_fragment,
247 &hf_dtls_fragment_error,
248 &hf_dtls_fragment_count,
249 /* Reassembled in field */
250 &hf_dtls_reassembled_in,
251 /* Reassembled length field */
252 &hf_dtls_reassembled_length,
253 /* Reassembled data field */
259 /* initialize/reset per capture state data (dtls sessions cache) */
263 module_t *dtls_module = prefs_find_module("dtls");
264 pref_t *keys_list_pref;
266 ssl_common_init(&dtls_session_hash, &dtls_decrypted_data, &dtls_compressed_data);
267 reassembly_table_init (&dtls_reassembly_table, &addresses_reassembly_table_functions);
269 /* We should have loaded "keys_list" by now. Mark it obsolete */
271 keys_list_pref = prefs_find_preference(dtls_module, "keys_list");
272 if (! prefs_get_preference_obsolete(keys_list_pref)) {
273 prefs_set_preference_obsolete(keys_list_pref);
278 /* parse dtls related preferences (private keys and ports association strings) */
282 ep_stack_t tmp_stack;
283 SslAssociation *tmp_assoc;
288 g_hash_table_foreach(dtls_key_hash, ssl_private_key_free, NULL);
289 g_hash_table_destroy(dtls_key_hash);
292 /* remove only associations created from key list */
293 tmp_stack = ep_stack_new();
294 g_tree_foreach(dtls_associations, ssl_assoc_from_key_list, tmp_stack);
295 while ((tmp_assoc = (SslAssociation *)ep_stack_pop(tmp_stack)) != NULL) {
296 ssl_association_remove(dtls_associations, tmp_assoc);
299 /* parse private keys string, load available keys and put them in key hash*/
300 dtls_key_hash = g_hash_table_new(ssl_private_key_hash, ssl_private_key_equal);
302 ssl_set_debug(dtls_debug_file_name);
304 if (ndtlsdecrypt > 0)
306 for (i = 0; i < ndtlsdecrypt; i++)
308 ssldecrypt_assoc_t *d = &(dtlskeylist_uats[i]);
309 ssl_parse_key_list(d, dtls_key_hash, dtls_associations, dtls_handle, FALSE);
313 dissector_add_handle("sctp.port", dtls_handle);
314 dissector_add_handle("udp.port", dtls_handle);
318 dtls_parse_old_keys(void)
320 gchar **old_keys, **parts, *err;
324 /* Import old-style keys */
325 if (dtlsdecrypt_uat && dtls_keys_list && dtls_keys_list[0]) {
326 old_keys = ep_strsplit(dtls_keys_list, ";", 0);
327 for (i = 0; old_keys[i] != NULL; i++) {
328 parts = ep_strsplit(old_keys[i], ",", 4);
329 if (parts[0] && parts[1] && parts[2] && parts[3]) {
330 uat_entry = ep_strdup_printf("\"%s\",\"%s\",\"%s\",\"%s\",\"\"",
331 parts[0], parts[1], parts[2], parts[3]);
332 if (!uat_load_str(dtlsdecrypt_uat, uat_entry, &err)) {
333 ssl_debug_printf("dtls_parse: Can't load UAT string %s: %s\n",
342 * DTLS Dissection Routines
346 /* record layer dissector */
347 static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
348 proto_tree *tree, guint32 offset,
349 guint *conv_version, guint conv_cipher,
350 SslDecryptSession *conv_data);
352 /* change cipher spec dissector */
353 static void dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
356 guint *conv_version, guint8 content_type);
358 /* alert message dissector */
359 static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
360 proto_tree *tree, guint32 offset,
361 guint *conv_version);
363 /* handshake protocol dissector */
364 static void dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
365 proto_tree *tree, guint32 offset,
366 guint32 record_length,
367 guint *conv_version, guint conv_cipher,
368 SslDecryptSession *conv_data, guint8 content_type);
370 /* heartbeat message dissector */
371 static void dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
372 proto_tree *tree, guint32 offset,
373 guint *conv_version, guint32 record_length);
376 static void dissect_dtls_hnd_cli_hello(tvbuff_t *tvb,
378 guint32 offset, guint32 length,
379 SslDecryptSession* ssl);
381 static int dissect_dtls_hnd_srv_hello(tvbuff_t *tvb,
383 guint32 offset, guint32 length,
384 SslDecryptSession* ssl);
386 static int dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb,
389 SslDecryptSession* ssl);
391 static void dissect_dtls_hnd_new_ses_ticket(tvbuff_t *tvb,
393 guint32 offset, guint32 length);
395 static void dissect_dtls_hnd_cert(tvbuff_t *tvb,
396 proto_tree *tree, guint32 offset, packet_info *pinfo);
398 static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb,
402 const guint *conv_version);
404 static void dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb,
406 guint32 offset, guint32 length);
408 static void dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb,
410 guint32 offset, guint32 length);
412 static void dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb,
414 guint32 offset, guint32 length);
416 static void dissect_dtls_hnd_srv_keyex_psk(tvbuff_t *tvb,
418 guint32 offset, guint32 length);
420 static void dissect_dtls_hnd_cli_keyex_ecdh(tvbuff_t *tvb,
422 guint32 offset, guint32 length);
424 static void dissect_dtls_hnd_cli_keyex_dh(tvbuff_t *tvb,
426 guint32 offset, guint32 length);
428 static void dissect_dtls_hnd_cli_keyex_rsa(tvbuff_t *tvb,
430 guint32 offset, guint32 length);
432 static void dissect_dtls_hnd_cli_keyex_psk(tvbuff_t *tvb,
434 guint32 offset, guint32 length);
436 static void dissect_dtls_hnd_cli_keyex_rsa_psk(tvbuff_t *tvb,
438 guint32 offset, guint32 length);
440 static void dissect_dtls_hnd_finished(tvbuff_t *tvb,
443 guint* conv_version);
449 /*static void ssl_set_conv_version(packet_info *pinfo, guint version);*/
450 static gint dtls_is_valid_handshake_type(guint8 type);
452 static gint dtls_is_authoritative_version_message(guint8 content_type,
454 static gint looks_like_dtls(tvbuff_t *tvb, guint32 offset);
456 /*********************************************************************
460 *********************************************************************/
462 * Code to actually dissect the packets
465 dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
468 conversation_t *conversation;
471 proto_tree *dtls_tree;
473 gboolean first_record_in_frame;
474 SslDecryptSession *ssl_session;
477 Ssl_private_key_t *private_key;
482 first_record_in_frame = TRUE;
486 /* Track the version using conversations allows
487 * us to more frequently set the protocol column properly
488 * for continuation data frames.
490 * Also: We use the copy in conv_version as our cached copy,
491 * so that we don't have to search the conversation
492 * table every time we want the version; when setting
493 * the conv_version, must set the copy in the conversation
494 * in addition to conv_version
496 conversation = find_or_create_conversation(pinfo);
497 conv_data = conversation_get_proto_data(conversation, proto_dtls);
499 /* manage dtls decryption data */
500 /*get a valid ssl session pointer*/
501 if (conv_data != NULL)
502 ssl_session = (SslDecryptSession *)conv_data;
506 ssl_session = wmem_new0(wmem_file_scope(), SslDecryptSession);
507 ssl_session_init(ssl_session);
508 ssl_session->version = SSL_VER_UNKNOWN;
509 conversation_add_proto_data(conversation, proto_dtls, ssl_session);
511 /* we need to know witch side of conversation is speaking */
512 if (ssl_packet_from_server(ssl_session, dtls_associations, pinfo)) {
513 dummy.addr = pinfo->src;
514 dummy.port = pinfo->srcport;
517 dummy.addr = pinfo->dst;
518 dummy.port = pinfo->destport;
520 ssl_debug_printf("dissect_dtls server %s:%d\n",
521 ep_address_to_str(&dummy.addr),dummy.port);
523 /* try to retrieve private key for this service. Do it now 'cause pinfo
524 * is not always available
525 * Note that with HAVE_LIBGNUTLS undefined private_key is always 0
526 * and thus decryption never engaged*/
527 private_key = (Ssl_private_key_t *)g_hash_table_lookup(dtls_key_hash, &dummy);
529 ssl_debug_printf("dissect_dtls can't find private key for this server!\n");
532 ssl_session->private_key = private_key->sexp_pkey;
535 conv_version= & ssl_session->version;
536 conv_cipher = ssl_session->cipher;
538 /* try decryption only the first time we see this packet
539 * (to keep cipher synchronized) */
540 if (pinfo->fd->flags.visited)
543 /* Initialize the protocol column; we'll set it later when we
544 * figure out what flavor of DTLS it is (actually only one
546 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS");
548 /* clear the the info column */
549 col_clear(pinfo->cinfo, COL_INFO);
551 /* Create display subtree for SSL as a whole */
552 ti = proto_tree_add_item(tree, proto_dtls, tvb, 0, -1, ENC_NA);
553 dtls_tree = proto_item_add_subtree(ti, ett_dtls);
555 /* iterate through the records in this tvbuff */
556 while (tvb_reported_length_remaining(tvb, offset) != 0)
558 /* on second and subsequent records per frame
559 * add a delimiter on info column
561 if (!first_record_in_frame)
563 col_append_str(pinfo->cinfo, COL_INFO, ", ");
566 /* first try to dispatch off the cached version
567 * known to be associated with the conversation
569 switch(*conv_version) {
571 offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
572 offset, conv_version, conv_cipher,
575 case SSL_VER_DTLS1DOT2:
576 offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
577 offset, conv_version, conv_cipher,
581 /* that failed, so apply some heuristics based
582 * on this individual packet
585 if (looks_like_dtls(tvb, offset))
587 /* looks like dtls */
588 offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
589 offset, conv_version, conv_cipher,
594 /* looks like something unknown, so lump into
597 offset = tvb_length(tvb);
598 col_append_str(pinfo->cinfo, COL_INFO,
599 "Continuation Data");
601 /* Set the protocol column */
602 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS");
607 /* set up for next record in frame, if any */
608 first_record_in_frame = FALSE;
611 tap_queue_packet(dtls_tap, pinfo, NULL);
615 dissect_dtls_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
618 /* Stronger confirmation of DTLS packet is provided by verifying the
619 * captured payload length against the remainder of the UDP packet size. */
620 guint length = tvb_length(tvb);
623 if (tvb_reported_length(tvb) == length) {
624 /* The entire payload was captured. */
625 while (offset + 13 <= length && looks_like_dtls(tvb, offset)) {
626 /* Advance offset to the end of the current DTLS record */
627 offset += tvb_get_ntohs(tvb, offset + 11) + 13;
628 if (offset == length) {
629 dissect_dtls(tvb, pinfo, tree);
634 if (pinfo->fragmented && offset >= 13) {
635 dissect_dtls(tvb, pinfo, tree);
641 /* This packet was truncated by the capture process due to a snapshot
642 * length - do our best with what we've got. */
643 while (tvb_length_remaining(tvb, offset) >= 3) {
644 if (!looks_like_dtls(tvb, offset))
648 if (tvb_length_remaining(tvb, offset) >= 10 ) {
649 offset += tvb_get_ntohs(tvb, offset + 8) + 10;
651 /* Dissect what we've got, which might be as little as 3 bytes. */
652 dissect_dtls(tvb, pinfo, tree);
655 if (offset == length) {
656 /* Can this ever happen? Well, just in case ... */
657 dissect_dtls(tvb, pinfo, tree);
662 /* One last check to see if the current offset is at least less than the
663 * original number of bytes present before truncation or we're dealing with
664 * a packet fragment that's also been truncated. */
665 if ((length >= 3) && (offset <= tvb_reported_length(tvb) || pinfo->fragmented)) {
666 dissect_dtls(tvb, pinfo, tree);
673 decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
674 guint32 record_length, guint8 content_type, SslDecryptSession* ssl,
675 gboolean save_plaintext)
682 /* if we can decrypt and decryption have success
683 * add decrypted data to this packet info */
684 if (!ssl || (!save_plaintext && !(ssl->state & SSL_HAVE_SESSION_KEY))) {
685 ssl_debug_printf("decrypt_dtls_record: no session key\n");
688 ssl_debug_printf("decrypt_dtls_record: app_data len %d, ssl state %X\n",
689 record_length, ssl->state);
691 /* retrieve decoder for this packet direction */
692 if (ssl_packet_from_server(ssl, dtls_associations, pinfo) != 0) {
693 ssl_debug_printf("decrypt_dtls_record: using server decoder\n");
694 decoder = ssl->server;
697 ssl_debug_printf("decrypt_dtls_record: using client decoder\n");
698 decoder = ssl->client;
701 if (!decoder && ssl->cipher != 0x0001 && ssl->cipher != 0x0002) {
702 ssl_debug_printf("decrypt_dtls_record: no decoder available\n");
706 /* ensure we have enough storage space for decrypted data */
707 if (record_length > dtls_decrypted_data.data_len)
709 ssl_debug_printf("decrypt_dtls_record: allocating %d bytes"
710 " for decrypt data (old len %d)\n",
711 record_length + 32, dtls_decrypted_data.data_len);
712 dtls_decrypted_data.data = (guchar *)g_realloc(dtls_decrypted_data.data,
714 dtls_decrypted_data.data_len = record_length + 32;
717 /* run decryption and add decrypted payload to protocol data, if decryption
719 dtls_decrypted_data_avail = dtls_decrypted_data.data_len;
720 if (ssl->state & SSL_HAVE_SESSION_KEY) {
722 ssl_debug_printf("decrypt_dtls_record: no decoder available\n");
725 if (ssl_decrypt_record(ssl, decoder, content_type, tvb_get_ptr(tvb, offset, record_length), record_length,
726 &dtls_compressed_data, &dtls_decrypted_data, &dtls_decrypted_data_avail) == 0)
729 else if (ssl->cipher == 0x0001 || ssl->cipher == 0x0002) {
730 /* Non-encrypting cipher RSA-NULL-MD5 or RSA-NULL-SHA */
731 memcpy(dtls_decrypted_data.data, tvb_get_ptr(tvb, offset, record_length), record_length);
732 dtls_decrypted_data_avail = dtls_decrypted_data.data_len = record_length;
736 if (ret && save_plaintext) {
737 ssl_add_data_info(proto_dtls, pinfo, dtls_decrypted_data.data, dtls_decrypted_data_avail,
738 tvb_raw_offset(tvb)+offset, 0);
748 /*********************************************************************
750 * DTLS Dissection Routines
752 *********************************************************************/
754 dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
755 proto_tree *tree, guint32 offset,
756 guint *conv_version, guint conv_cipher,
757 SslDecryptSession* ssl)
762 * uint8 major, minor;
767 * change_cipher_spec(20), alert(21), handshake(22),
768 * application_data(23), (255)
773 * ProtocolVersion version;
774 * uint16 epoch; // New field
775 * uint48 sequence_number; // New field
777 * opaque fragment[TLSPlaintext.length];
781 guint32 record_length;
784 guint64 sequence_number;
788 proto_tree *dtls_record_tree;
789 SslAssociation *association;
790 SslDataInfo *appl_data;
793 * Get the record layer fields of interest
795 content_type = tvb_get_guint8(tvb, offset);
796 version = tvb_get_ntohs(tvb, offset + 1);
797 epoch = tvb_get_ntohs(tvb, offset + 3);
798 sequence_number = tvb_get_ntoh48(tvb, offset + 5);
799 record_length = tvb_get_ntohs(tvb, offset + 11);
802 if(ssl_packet_from_server(ssl, dtls_associations, pinfo)){
804 ssl->server->seq=(guint32)sequence_number;
805 ssl->server->epoch=epoch;
810 ssl->client->seq=(guint32)sequence_number;
811 ssl->client->epoch=epoch;
815 if (!ssl_is_valid_content_type(content_type)) {
817 /* if we don't have a valid content_type, there's no sense
818 * continuing any further
820 col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
822 /* Set the protocol column */
823 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS");
824 return offset + 13 + record_length;
828 * If GUI, fill in record layer part of tree
831 /* add the record layer subtree header */
832 ti = proto_tree_add_item(tree, hf_dtls_record, tvb,
833 offset, 13 + record_length, ENC_NA);
834 dtls_record_tree = proto_item_add_subtree(ti, ett_dtls_record);
836 /* show the one-byte content type */
837 proto_tree_add_item(dtls_record_tree, hf_dtls_record_content_type,
838 tvb, offset, 1, ENC_BIG_ENDIAN);
841 /* add the version */
842 proto_tree_add_item(dtls_record_tree, hf_dtls_record_version, tvb,
843 offset, 2, ENC_BIG_ENDIAN);
847 proto_tree_add_uint(dtls_record_tree, hf_dtls_record_epoch, tvb, offset, 2, epoch);
850 /* add sequence_number */
851 proto_tree_add_uint64(dtls_record_tree, hf_dtls_record_sequence_number, tvb, offset, 6, sequence_number);
855 proto_tree_add_uint(dtls_record_tree, hf_dtls_record_length, tvb,
856 offset, 2, record_length);
857 offset += 2; /* move past length field itself */
860 * if we don't already have a version set for this conversation,
861 * but this message's version is authoritative (i.e., it's
862 * not client_hello, then save the version to to conversation
863 * structure and print the column version
865 next_byte = tvb_get_guint8(tvb, offset);
866 if (*conv_version == SSL_VER_UNKNOWN
867 && dtls_is_authoritative_version_message(content_type, next_byte))
869 if (version == DTLSV1DOT0_VERSION ||
870 version == DTLSV1DOT0_VERSION_NOT)
873 *conv_version = SSL_VER_DTLS;
875 ssl->version_netorder = version;
876 ssl->state |= SSL_VERSION;
878 /*ssl_set_conv_version(pinfo, ssl->version);*/
880 if (version == DTLSV1DOT2_VERSION)
883 *conv_version = SSL_VER_DTLS1DOT2;
885 ssl->version_netorder = version;
886 ssl->state |= SSL_VERSION;
888 /*ssl_set_conv_version(pinfo, ssl->version);*/
891 if (version == DTLSV1DOT0_VERSION)
893 col_set_str(pinfo->cinfo, COL_PROTOCOL,
894 val_to_str_const(SSL_VER_DTLS, ssl_version_short_names, "SSL"));
896 else if (version == DTLSV1DOT2_VERSION)
898 col_set_str(pinfo->cinfo, COL_PROTOCOL,
899 val_to_str_const(SSL_VER_DTLS1DOT2, ssl_version_short_names, "SSL"));
903 col_set_str(pinfo->cinfo, COL_PROTOCOL,"DTLS");
907 * now dissect the next layer
909 ssl_debug_printf("dissect_dtls_record: content_type %d\n",content_type);
911 /* PAOLO try to decrypt each record (we must keep ciphers "in sync")
912 * store plain text only for app data */
914 switch (content_type) {
915 case SSL_ID_CHG_CIPHER_SPEC:
916 col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
917 dissect_dtls_change_cipher_spec(tvb, dtls_record_tree,
918 offset, conv_version, content_type);
919 if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl, dtls_associations, pinfo));
925 if (ssl&&decrypt_dtls_record(tvb, pinfo, offset,
926 record_length, content_type, ssl, FALSE))
927 ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
928 dtls_decrypted_data_avail, offset);
930 /* try to retrieve and use decrypted alert record, if any. */
931 decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
933 dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0,
935 add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
937 dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset,
942 case SSL_ID_HANDSHAKE:
946 /* try to decrypt handshake record, if possible. Store decrypted
947 * record for later usage. The offset is used as 'key' to identify
948 * this record into the packet (we can have multiple handshake records
949 * in the same frame) */
950 if (ssl && decrypt_dtls_record(tvb, pinfo, offset,
951 record_length, content_type, ssl, FALSE))
952 ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
953 dtls_decrypted_data_avail, offset);
955 /* try to retrieve and use decrypted handshake record, if any. */
956 decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
958 dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0,
959 tvb_length(decrypted), conv_version, conv_cipher, ssl, content_type);
960 add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
962 dissect_dtls_handshake(tvb, pinfo, dtls_record_tree, offset,
963 record_length, conv_version, conv_cipher, ssl, content_type);
967 case SSL_ID_APP_DATA:
969 decrypt_dtls_record(tvb, pinfo, offset,
970 record_length, content_type, ssl, TRUE);
972 /* show on info column what we are decoding */
973 col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
975 /* we need dissector information when the selected packet is shown.
976 * ssl session pointer is NULL at that time, so we can't access
977 * info cached there*/
978 association = ssl_association_find(dtls_associations, pinfo->srcport, pinfo->ptype == PT_TCP);
979 association = association ? association : ssl_association_find(dtls_associations, pinfo->destport, pinfo->ptype == PT_TCP);
981 proto_item_set_text(dtls_record_tree,
982 "%s Record Layer: %s Protocol: %s",
983 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
984 val_to_str_const(content_type, ssl_31_content_type, "unknown"),
985 association?association->info:"Application Data");
987 /* show decrypted data info, if available */
988 appl_data = ssl_get_data_info(proto_dtls, pinfo, tvb_raw_offset(tvb)+offset);
989 if (appl_data && (appl_data->plain_data.data_len > 0))
993 /* try to dissect decrypted data*/
994 ssl_debug_printf("dissect_dtls_record decrypted len %d\n",
995 appl_data->plain_data.data_len);
997 /* create a new TVB structure for desegmented data */
998 next_tvb = tvb_new_child_real_data(tvb,
999 appl_data->plain_data.data,
1000 appl_data->plain_data.data_len,
1001 appl_data->plain_data.data_len);
1003 add_new_data_source(pinfo, next_tvb, "Decrypted DTLS data");
1005 /* find out a dissector using server port*/
1006 if (association && association->handle) {
1007 ssl_debug_printf("dissect_dtls_record found association %p\n", (void *)association);
1008 ssl_print_data("decrypted app data",appl_data->plain_data.data, appl_data->plain_data.data_len);
1010 if (have_tap_listener(exported_pdu_tap)) {
1011 exp_pdu_data_t *exp_pdu_data;
1013 exp_pdu_data = load_export_pdu_tags(pinfo, dissector_handle_get_dissector_name(association->handle), -1,
1014 (EXP_PDU_TAG_IP_SRC_BIT | EXP_PDU_TAG_IP_DST_BIT | EXP_PDU_TAG_SRC_PORT_BIT |
1015 EXP_PDU_TAG_DST_PORT_BIT | EXP_PDU_TAG_ORIG_FNO_BIT));
1017 exp_pdu_data->tvb_length = tvb_length(next_tvb);
1018 exp_pdu_data->pdu_tvb = next_tvb;
1020 tap_queue_packet(exported_pdu_tap, pinfo, exp_pdu_data);
1023 dissected = call_dissector_only(association->handle, next_tvb, pinfo, top_tree, NULL);
1026 /* try heuristic subdissectors */
1027 dissected = dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, top_tree, NULL);
1033 proto_tree_add_item(dtls_record_tree, hf_dtls_record_appdata, tvb,
1034 offset, record_length, ENC_NA);
1036 case SSL_ID_HEARTBEAT:
1038 tvbuff_t* decrypted;
1040 if (ssl && decrypt_dtls_record(tvb, pinfo, offset,
1041 record_length, content_type, ssl, FALSE))
1042 ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
1043 dtls_decrypted_data_avail, offset);
1045 /* try to retrieve and use decrypted alert record, if any. */
1046 decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
1048 dissect_dtls_heartbeat(decrypted, pinfo, dtls_record_tree, 0,
1049 conv_version, record_length);
1050 add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
1052 dissect_dtls_heartbeat(tvb, pinfo, dtls_record_tree, offset,
1053 conv_version, record_length);
1059 /* shouldn't get here since we check above for valid types */
1060 col_append_str(pinfo->cinfo, COL_INFO, "Bad DTLS Content Type");
1063 offset += record_length; /* skip to end of record */
1068 /* dissects the change cipher spec protocol, filling in the tree */
1070 dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
1071 proto_tree *tree, guint32 offset,
1072 guint* conv_version, guint8 content_type)
1076 * enum { change_cipher_spec(1), (255) } type;
1077 * } ChangeCipherSpec;
1082 proto_item_set_text(tree,
1083 "%s Record Layer: %s Protocol: Change Cipher Spec",
1084 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1085 val_to_str_const(content_type, ssl_31_content_type, "unknown"));
1086 proto_tree_add_item(tree, hf_dtls_change_cipher_spec, tvb,
1091 /* dissects the alert message, filling in the tree */
1093 dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
1094 proto_tree *tree, guint32 offset,
1095 guint* conv_version)
1099 * AlertDescription description;
1104 proto_tree *ssl_alert_tree;
1109 ti = proto_tree_add_item(tree, hf_dtls_alert_message, tvb,
1111 ssl_alert_tree = proto_item_add_subtree(ti, ett_dtls_alert);
1114 * set the record layer label
1117 /* first lookup the names for the alert level and description */
1118 byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
1119 level = try_val_to_str(byte, ssl_31_alert_level);
1121 byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
1122 desc = try_val_to_str(byte, ssl_31_alert_description);
1124 /* now set the text in the record layer line */
1127 col_append_fstr(pinfo->cinfo, COL_INFO,
1128 "Alert (Level: %s, Description: %s)",
1133 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
1140 proto_item_set_text(tree, "%s Record Layer: Alert "
1141 "(Level: %s, Description: %s)",
1142 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1144 proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_level,
1145 tvb, offset++, 1, ENC_BIG_ENDIAN);
1147 proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_description,
1148 tvb, offset, 1, ENC_BIG_ENDIAN);
1152 proto_item_set_text(tree,
1153 "%s Record Layer: Encrypted Alert",
1154 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
1155 proto_item_set_text(ssl_alert_tree,
1156 "Alert Message: Encrypted Alert");
1162 /* dissects the handshake protocol, filling the tree */
1164 dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
1165 proto_tree *tree, guint32 offset,
1166 guint32 record_length, guint *conv_version, guint conv_cipher,
1167 SslDecryptSession* ssl, guint8 content_type)
1170 * HandshakeType msg_type;
1172 * uint16 message_seq; //new field
1173 * uint24 fragment_offset; //new field
1174 * uint24 fragment_length; //new field
1175 * select (HandshakeType) {
1176 * case hello_request: HelloRequest;
1177 * case client_hello: ClientHello;
1178 * case server_hello: ServerHello;
1179 * case hello_verify_request: HelloVerifyRequest; //new field
1180 * case certificate: Certificate;
1181 * case server_key_exchange: ServerKeyExchange;
1182 * case certificate_request: CertificateRequest;
1183 * case server_hello_done: ServerHelloDone;
1184 * case certificate_verify: CertificateVerify;
1185 * case client_key_exchange: ClientKeyExchange;
1186 * case finished: Finished;
1191 proto_tree *ti, *length_item = NULL, *fragment_length_item = NULL;
1192 proto_tree *ssl_hand_tree;
1193 const gchar *msg_type_str;
1196 guint16 message_seq;
1197 guint32 fragment_offset;
1198 guint32 fragment_length;
1199 gboolean first_iteration;
1201 guint32 reassembled_length;
1203 msg_type_str = NULL;
1204 first_iteration = TRUE;
1206 /* just as there can be multiple records per packet, there
1207 * can be multiple messages per record as long as they have
1208 * the same content type
1210 * we really only care about this for handshake messages
1213 /* set record_length to the max offset */
1214 record_length += offset;
1215 for (; offset < record_length; offset += fragment_length,
1216 first_iteration = FALSE) /* set up for next pass, if any */
1218 fragment_head *frag_msg = NULL;
1219 tvbuff_t *new_tvb = NULL;
1220 const gchar *frag_str = NULL;
1221 gboolean fragmented;
1223 /* add a subtree for the handshake protocol */
1224 ti = proto_tree_add_item(tree, hf_dtls_handshake_protocol, tvb, offset, -1, ENC_NA);
1225 ssl_hand_tree = proto_item_add_subtree(ti, ett_dtls_handshake);
1227 msg_type = tvb_get_guint8(tvb, offset);
1228 fragment_length = tvb_get_ntoh24(tvb, offset + 9);
1230 /* Check the fragment length in the handshake message. Assume it's an
1231 * encrypted handshake message if the message would pass
1232 * the record_length boundary. This is a workaround for the
1233 * situation where the first octet of the encrypted handshake
1234 * message is actually a known handshake message type.
1236 if (offset + fragment_length <= record_length)
1237 msg_type_str = try_val_to_str(msg_type, ssl_31_handshake_type);
1239 msg_type_str = NULL;
1241 if (!msg_type_str && !first_iteration)
1243 /* only dissect / report messages if they're
1244 * either the first message in this record
1245 * or they're a valid message type
1250 /* on second and later iterations, add comma to info col */
1251 if (!first_iteration)
1253 col_append_str(pinfo->cinfo, COL_INFO, ", ");
1257 * Update our info string
1259 col_append_str(pinfo->cinfo, COL_INFO, (msg_type_str != NULL)
1260 ? msg_type_str : "Encrypted Handshake Message");
1262 /* if we don't have a valid handshake type, just quit dissecting */
1266 proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_type,
1267 tvb, offset, 1, msg_type);
1270 length = tvb_get_ntoh24(tvb, offset);
1271 length_item = proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_length,
1272 tvb, offset, 3, length);
1275 message_seq = tvb_get_ntohs(tvb,offset);
1276 proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_message_seq,
1277 tvb, offset, 2, message_seq);
1280 fragment_offset = tvb_get_ntoh24(tvb, offset);
1281 proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_fragment_offset,
1282 tvb, offset, 3, fragment_offset);
1285 fragment_length_item = proto_tree_add_uint(ssl_hand_tree,
1286 hf_dtls_handshake_fragment_length,
1290 proto_item_set_len(ti, fragment_length + 12);
1293 if (fragment_length + fragment_offset > length)
1295 if (fragment_offset == 0)
1297 expert_add_info(pinfo, fragment_length_item, &ei_dtls_handshake_fragment_length_too_long);
1302 expert_add_info(pinfo, fragment_length_item, &ei_dtls_handshake_fragment_past_end_msg);
1305 else if (fragment_length < length)
1309 /* Handle fragments of known message type */
1311 case SSL_HND_HELLO_REQUEST:
1312 case SSL_HND_CLIENT_HELLO:
1313 case SSL_HND_HELLO_VERIFY_REQUEST:
1314 case SSL_HND_NEWSESSION_TICKET:
1315 case SSL_HND_SERVER_HELLO:
1316 case SSL_HND_CERTIFICATE:
1317 case SSL_HND_SERVER_KEY_EXCHG:
1318 case SSL_HND_CERT_REQUEST:
1319 case SSL_HND_SVR_HELLO_DONE:
1320 case SSL_HND_CERT_VERIFY:
1321 case SSL_HND_CLIENT_KEY_EXCHG:
1322 case SSL_HND_FINISHED:
1326 /* Ignore encrypted handshake messages */
1333 /* Fragmented handshake message */
1334 pinfo->fragmented = TRUE;
1336 /* Don't pass the reassembly code data that doesn't exist */
1337 tvb_ensure_bytes_exist(tvb, offset, fragment_length);
1339 frag_msg = fragment_add(&dtls_reassembly_table,
1340 tvb, offset, pinfo, message_seq, NULL,
1341 fragment_offset, fragment_length, TRUE);
1343 * Do we already have a length for this reassembly?
1345 reassembled_length = fragment_get_tot_len(&dtls_reassembly_table,
1346 pinfo, message_seq, NULL);
1347 if (reassembled_length == 0)
1349 /* No - set it to the length specified by this packet. */
1350 fragment_set_tot_len(&dtls_reassembly_table,
1351 pinfo, message_seq, NULL, length);
1355 /* Yes - if this packet specifies a different length,
1357 if (reassembled_length != length)
1359 expert_add_info(pinfo, length_item, &ei_dtls_msg_len_diff_fragment);
1363 if (frag_msg && (fragment_length + fragment_offset) == reassembled_length)
1366 new_tvb = process_reassembled_data(tvb, offset, pinfo,
1371 frag_str = " (Reassembled)";
1375 frag_str = " (Fragment)";
1378 col_append_str(pinfo->cinfo, COL_INFO, frag_str);
1384 /* set the label text on the record layer expanding node */
1385 if (first_iteration)
1387 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s",
1388 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1389 val_to_str_const(content_type, ssl_31_content_type, "unknown"),
1390 (msg_type_str!=NULL) ? msg_type_str :
1391 "Encrypted Handshake Message",
1392 (frag_str!=NULL) ? frag_str : "");
1396 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s",
1397 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1398 val_to_str_const(content_type, ssl_31_content_type, "unknown"),
1399 "Multiple Handshake Messages",
1400 (frag_str!=NULL) ? frag_str : "");
1405 /* set the text label on the subtree node */
1406 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s%s",
1407 (msg_type_str != NULL) ? msg_type_str :
1408 "Encrypted Handshake Message",
1409 (frag_str!=NULL) ? frag_str : "");
1413 /* if we don't have a valid handshake type, just quit dissecting */
1417 if (ssl_hand_tree || ssl)
1419 tvbuff_t *sub_tvb = NULL;
1421 if (fragmented && !new_tvb)
1423 /* Skip fragmented messages not reassembled yet */
1433 sub_tvb = tvb_new_subset(tvb, offset, fragment_length,
1437 /* now dissect the handshake message, if necessary */
1439 case SSL_HND_HELLO_REQUEST:
1440 /* hello_request has no fields, so nothing to do! */
1443 case SSL_HND_CLIENT_HELLO:
1444 dissect_dtls_hnd_cli_hello(sub_tvb, ssl_hand_tree, 0, length, ssl);
1447 case SSL_HND_SERVER_HELLO:
1448 dissect_dtls_hnd_srv_hello(sub_tvb, ssl_hand_tree, 0, length, ssl);
1451 case SSL_HND_HELLO_VERIFY_REQUEST:
1452 dissect_dtls_hnd_hello_verify_request(sub_tvb, ssl_hand_tree, 0, ssl);
1455 case SSL_HND_NEWSESSION_TICKET:
1456 dissect_dtls_hnd_new_ses_ticket(sub_tvb, ssl_hand_tree, 0, length);
1459 case SSL_HND_CERTIFICATE:
1460 dissect_dtls_hnd_cert(sub_tvb, ssl_hand_tree, 0, pinfo);
1463 case SSL_HND_SERVER_KEY_EXCHG:
1464 switch (ssl_get_keyex_alg(conv_cipher)) {
1466 dissect_dtls_hnd_srv_keyex_dh(tvb, ssl_hand_tree, offset, length);
1469 dissect_dtls_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length);
1472 dissect_dtls_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length);
1476 dissect_dtls_hnd_srv_keyex_psk(tvb, ssl_hand_tree, offset, length);
1483 case SSL_HND_CERT_REQUEST:
1484 dissect_dtls_hnd_cert_req(sub_tvb, ssl_hand_tree, 0, pinfo, conv_version);
1487 case SSL_HND_SVR_HELLO_DONE:
1488 /* server_hello_done has no fields, so nothing to do! */
1491 case SSL_HND_CERT_VERIFY:
1495 case SSL_HND_CLIENT_KEY_EXCHG:
1496 switch (ssl_get_keyex_alg(conv_cipher)) {
1498 dissect_dtls_hnd_cli_keyex_dh(tvb, ssl_hand_tree, offset, length);
1501 dissect_dtls_hnd_cli_keyex_rsa(tvb, ssl_hand_tree, offset, length);
1504 dissect_dtls_hnd_cli_keyex_ecdh(tvb, ssl_hand_tree, offset, length);
1507 dissect_dtls_hnd_cli_keyex_psk(tvb, ssl_hand_tree, offset, length);
1510 dissect_dtls_hnd_cli_keyex_rsa_psk(tvb, ssl_hand_tree, offset, length);
1516 /* here we can have all the data to build session key */
1517 StringInfo encrypted_pre_master;
1519 guint encrlen = length, skip;
1525 /* check for required session data */
1526 ssl_debug_printf("dissect_dtls_handshake found SSL_HND_CLIENT_KEY_EXCHG, state %X\n",
1528 if ((ssl->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) !=
1529 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) {
1530 ssl_debug_printf("dissect_dtls_handshake not enough data to generate key (required state %X)\n",
1531 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION));
1535 /* Skip leading two bytes length field. Older openssl's DTLS implementation seems not to have this field.
1536 * See implementation note in RFC 4346 section 7.4.7.1
1538 if (ssl->cipher_suite.kex==KEX_RSA && ssl->version_netorder != DTLSV1DOT0_VERSION_NOT) {
1539 encrlen = tvb_get_ntohs(tvb, offset);
1541 if (encrlen > length - 2) {
1542 ssl_debug_printf("dissect_dtls_handshake wrong encrypted length (%d max %d)\n", encrlen, length);
1547 encrypted_pre_master.data = (guchar *)wmem_alloc(wmem_file_scope(), encrlen);
1548 encrypted_pre_master.data_len = encrlen;
1549 tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
1551 if (!ssl->private_key) {
1552 ssl_debug_printf("dissect_dtls_handshake can't find private key\n");
1556 /* go with ssl key processing; encrypted_pre_master
1557 * will be used for master secret store*/
1558 ret = ssl_decrypt_pre_master_secret(ssl, &encrypted_pre_master, ssl->private_key);
1560 ssl_debug_printf("dissect_dtls_handshake can't decrypt pre master secret\n");
1563 if (ssl_generate_keyring_material(ssl)<0) {
1564 ssl_debug_printf("dissect_dtls_handshake can't generate keyring material\n");
1567 ssl->state |= SSL_HAVE_SESSION_KEY;
1568 ssl_save_session(ssl, dtls_session_hash);
1569 ssl_debug_printf("dissect_dtls_handshake session keys successfully generated\n");
1573 case SSL_HND_FINISHED:
1574 dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree,
1583 /* dissects the heartbeat message, filling in the tree */
1585 dissect_dtls_heartbeat(tvbuff_t *tvb, packet_info *pinfo,
1586 proto_tree *tree, guint32 offset,
1587 guint* conv_version, guint32 record_length)
1590 * HeartbeatMessageType type;
1591 * uint16 payload_length;
1594 * } HeartbeatMessage;
1598 proto_tree *dtls_heartbeat_tree;
1601 guint16 payload_length;
1602 guint16 padding_length;
1604 ti = proto_tree_add_item(tree, hf_dtls_heartbeat_message, tvb,
1605 offset, record_length - 32, ENC_NA);
1606 dtls_heartbeat_tree = proto_item_add_subtree(ti, ett_dtls_heartbeat);
1609 * set the record layer label
1612 /* first lookup the names for the message type and the payload length */
1613 byte = tvb_get_guint8(tvb, offset);
1614 type = try_val_to_str(byte, tls_heartbeat_type);
1616 payload_length = tvb_get_ntohs(tvb, offset + 1);
1617 padding_length = record_length - 3 - payload_length;
1619 /* now set the text in the record layer line */
1620 if (type && (payload_length <= record_length - 16 - 3)) {
1621 col_append_fstr(pinfo->cinfo, COL_INFO, "Heartbeat %s", type);
1623 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Heartbeat");
1627 if (type && (payload_length <= record_length - 16 - 3)) {
1628 proto_item_set_text(tree, "%s Record Layer: Heartbeat "
1630 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1632 proto_tree_add_item(dtls_heartbeat_tree, hf_dtls_heartbeat_message_type,
1633 tvb, offset, 1, ENC_BIG_ENDIAN);
1635 proto_tree_add_uint(dtls_heartbeat_tree, hf_dtls_heartbeat_message_payload_length,
1636 tvb, offset, 2, payload_length);
1638 proto_tree_add_bytes_format(dtls_heartbeat_tree, hf_dtls_heartbeat_message_payload,
1639 tvb, offset, payload_length,
1640 NULL, "Payload (%u byte%s)",
1642 plurality(payload_length, "", "s"));
1643 offset += payload_length;
1644 proto_tree_add_bytes_format(dtls_heartbeat_tree, hf_dtls_heartbeat_message_padding,
1645 tvb, offset, padding_length,
1646 NULL, "Padding and HMAC (%u byte%s)",
1648 plurality(padding_length, "", "s"));
1650 proto_item_set_text(tree,
1651 "%s Record Layer: Encrypted Heartbeat",
1652 val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
1653 proto_item_set_text(dtls_heartbeat_tree,
1654 "Encrypted Heartbeat Message");
1660 dissect_dtls_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
1661 guint32 offset, SslDecryptSession* ssl, gint from_server)
1663 /* show the client's random challenge */
1664 nstime_t gmt_unix_time;
1665 guint8 session_id_length;
1667 proto_tree *dtls_rnd_tree;
1673 /* get proper peer information*/
1676 rnd = &ssl->server_random;
1678 rnd = &ssl->client_random;
1680 /* get provided random for keyring generation*/
1681 tvb_memcpy(tvb, rnd->data, offset, 32);
1684 ssl->state |= SSL_SERVER_RANDOM;
1686 ssl->state |= SSL_CLIENT_RANDOM;
1687 ssl_debug_printf("dissect_dtls_hnd_hello_common found random state %X\n",
1691 ti_rnd = proto_tree_add_text(tree, tvb, offset, 32, "Random");
1692 dtls_rnd_tree = proto_item_add_subtree(ti_rnd, ett_dtls_random);
1695 gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
1696 gmt_unix_time.nsecs = 0;
1697 proto_tree_add_time(dtls_rnd_tree, hf_dtls_handshake_random_time,
1698 tvb, offset, 4, &gmt_unix_time);
1701 /* show the random bytes */
1702 proto_tree_add_item(dtls_rnd_tree, hf_dtls_handshake_random_bytes,
1703 tvb, offset, 28, ENC_NA);
1706 /* show the session id */
1707 session_id_length = tvb_get_guint8(tvb, offset);
1708 proto_tree_add_item(tree, hf_dtls_handshake_session_id_len,
1709 tvb, offset, 1, ENC_BIG_ENDIAN);
1713 /* check stored session id info */
1714 if (from_server && (session_id_length == ssl->session_id.data_len) &&
1715 (tvb_memeql(tvb, offset, ssl->session_id.data, session_id_length) == 0))
1717 /* client/server id match: try to restore a previous cached session*/
1718 ssl_restore_session(ssl, dtls_session_hash);
1721 tvb_memcpy(tvb,ssl->session_id.data, offset, session_id_length);
1722 ssl->session_id.data_len = session_id_length;
1725 if (session_id_length > 0)
1726 proto_tree_add_bytes_format(tree, hf_dtls_handshake_session_id,
1727 tvb, offset, session_id_length,
1728 NULL, "Session ID (%u byte%s)",
1730 plurality(session_id_length, "", "s"));
1731 offset += session_id_length;
1739 dissect_dtls_hnd_hello_ext(tvbuff_t *tvb,
1740 proto_tree *tree, guint32 offset, guint32 left)
1742 guint16 extension_length;
1746 proto_tree *ext_tree;
1751 extension_length = tvb_get_ntohs(tvb, offset);
1752 proto_tree_add_uint(tree, hf_dtls_handshake_extensions_len,
1753 tvb, offset, 2, extension_length);
1759 ext_type = tvb_get_ntohs(tvb, offset);
1760 ext_len = tvb_get_ntohs(tvb, offset + 2);
1762 pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len,
1764 val_to_str(ext_type,
1765 tls_hello_extension_types,
1767 ext_tree = proto_item_add_subtree(pi, ett_dtls_extension);
1769 proto_tree_add_uint(ext_tree, hf_dtls_handshake_extension_type,
1770 tvb, offset, 2, ext_type);
1773 proto_tree_add_uint(ext_tree, hf_dtls_handshake_extension_len,
1774 tvb, offset, 2, ext_len);
1778 case SSL_HND_HELLO_EXT_HEARTBEAT:
1779 proto_tree_add_item(ext_tree, hf_dtls_heartbeat_extension_mode,
1780 tvb, offset, 1, ENC_BIG_ENDIAN);
1784 proto_tree_add_bytes_format(ext_tree, hf_dtls_handshake_extension_data,
1785 tvb, offset, ext_len, NULL,
1787 ext_len, plurality(ext_len, "", "s"));
1792 left -= 2 + 2 + ext_len;
1799 dissect_dtls_hnd_cli_hello(tvbuff_t *tvb,
1800 proto_tree *tree, guint32 offset, guint32 length,
1801 SslDecryptSession*ssl)
1804 * ProtocolVersion client_version;
1806 * SessionID session_id;
1807 * opaque cookie<0..32>; //new field
1808 * CipherSuite cipher_suites<2..2^16-1>;
1809 * CompressionMethod compression_methods<1..2^8-1>;
1810 * Extension client_hello_extension_list<0..2^16-1>;
1816 proto_tree *cs_tree;
1817 guint16 cipher_suite_length;
1818 guint8 compression_methods_length;
1819 guint8 compression_method;
1820 guint16 start_offset = offset;
1821 guint8 cookie_length;
1825 /* show the client version */
1826 proto_tree_add_item(tree, hf_dtls_handshake_client_version, tvb,
1827 offset, 2, ENC_BIG_ENDIAN);
1830 /* show the fields in common with server hello */
1831 offset = dissect_dtls_hnd_hello_common(tvb, tree, offset, ssl, 0);
1836 /* look for a cookie */
1837 cookie_length = tvb_get_guint8(tvb, offset);
1839 proto_tree_add_uint(tree, hf_dtls_handshake_cookie_len,
1840 tvb, offset, 1, cookie_length);
1841 offset ++; /* skip opaque length */
1843 if (cookie_length > 0)
1845 proto_tree_add_item(tree, hf_dtls_handshake_cookie, tvb, offset,
1846 cookie_length, ENC_NA);
1847 offset += cookie_length;
1850 /* tell the user how many cipher suites there are */
1851 cipher_suite_length = tvb_get_ntohs(tvb, offset);
1853 proto_tree_add_uint(tree, hf_dtls_handshake_cipher_suites_len,
1854 tvb, offset, 2, cipher_suite_length);
1855 offset += 2; /* skip opaque length */
1857 if (cipher_suite_length > 0)
1859 ti = proto_tree_add_none_format(tree,
1860 hf_dtls_handshake_cipher_suites,
1861 tvb, offset, cipher_suite_length,
1862 "Cipher Suites (%u suite%s)",
1863 cipher_suite_length / 2,
1864 plurality(cipher_suite_length/2, "", "s"));
1866 /* make this a subtree */
1867 cs_tree = proto_item_add_subtree(ti, ett_dtls_cipher_suites);
1870 cs_tree = tree; /* failsafe */
1873 while (cipher_suite_length > 0)
1875 proto_tree_add_item(cs_tree, hf_dtls_handshake_cipher_suite,
1876 tvb, offset, 2, ENC_BIG_ENDIAN);
1878 cipher_suite_length -= 2;
1882 /* tell the user how man compression methods there are */
1883 compression_methods_length = tvb_get_guint8(tvb, offset);
1884 proto_tree_add_uint(tree, hf_dtls_handshake_comp_methods_len,
1885 tvb, offset, 1, compression_methods_length);
1888 if (compression_methods_length > 0)
1890 ti = proto_tree_add_none_format(tree,
1891 hf_dtls_handshake_comp_methods,
1892 tvb, offset, compression_methods_length,
1893 "Compression Methods (%u method%s)",
1894 compression_methods_length,
1895 plurality(compression_methods_length,
1898 /* make this a subtree */
1899 cs_tree = proto_item_add_subtree(ti, ett_dtls_comp_methods);
1901 while (compression_methods_length > 0)
1903 compression_method = tvb_get_guint8(tvb, offset);
1904 if (compression_method < 64)
1905 proto_tree_add_uint(cs_tree, hf_dtls_handshake_comp_method,
1906 tvb, offset, 1, compression_method);
1907 else if (compression_method > 63 && compression_method < 193)
1908 proto_tree_add_text(cs_tree, tvb, offset, 1,
1909 "Compression Method: Reserved - to be assigned by IANA (%u)",
1910 compression_method);
1912 proto_tree_add_text(cs_tree, tvb, offset, 1,
1913 "Compression Method: Private use range (%u)",
1914 compression_method);
1916 compression_methods_length--;
1920 if (length > offset - start_offset)
1922 dissect_dtls_hnd_hello_ext(tvb, tree, offset,
1924 (offset - start_offset));
1930 dissect_dtls_hnd_srv_hello(tvbuff_t *tvb,
1931 proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl)
1934 * ProtocolVersion server_version;
1936 * SessionID session_id;
1937 * CipherSuite cipher_suite;
1938 * CompressionMethod compression_method;
1939 * Extension server_hello_extension_list<0..2^16-1>;
1943 guint16 start_offset;
1945 start_offset = offset;
1949 /* show the server version */
1950 proto_tree_add_item(tree, hf_dtls_handshake_server_version, tvb,
1951 offset, 2, ENC_BIG_ENDIAN);
1954 /* first display the elements conveniently in
1955 * common with client hello
1957 offset = dissect_dtls_hnd_hello_common(tvb, tree, offset, ssl, 1);
1959 /* PAOLO: handle session cipher suite */
1961 /* store selected cipher suite for decryption */
1962 ssl->cipher = tvb_get_ntohs(tvb, offset);
1963 if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
1964 ssl_debug_printf("dissect_dtls_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher);
1968 ssl->state |= SSL_CIPHER;
1969 ssl_debug_printf("dissect_dtls_hnd_srv_hello found cipher %X, state %X\n",
1970 ssl->cipher, ssl->state);
1972 /* if we have restored a session now we can have enough material
1973 * to build session key, check it out*/
1975 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) !=
1976 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) {
1977 ssl_debug_printf("dissect_dtls_hnd_srv_hello not enough data to generate key (required state %X)\n",
1978 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET));
1982 ssl_debug_printf("dissect_dtls_hnd_srv_hello trying to generate keys\n");
1983 if (ssl_generate_keyring_material(ssl)<0) {
1984 ssl_debug_printf("dissect_dtls_hnd_srv_hello can't generate keyring material\n");
1987 ssl->state |= SSL_HAVE_SESSION_KEY;
1991 /* store selected compression method for decompression */
1992 ssl->compression = tvb_get_guint8(tvb, offset+2);
1997 /* now the server-selected cipher suite */
1998 proto_tree_add_item(tree, hf_dtls_handshake_cipher_suite,
1999 tvb, offset, 2, ENC_BIG_ENDIAN);
2002 /* and the server-selected compression method */
2003 proto_tree_add_item(tree, hf_dtls_handshake_comp_method,
2004 tvb, offset, 1, ENC_BIG_ENDIAN);
2007 if (length > offset - start_offset)
2009 offset = dissect_dtls_hnd_hello_ext(tvb, tree, offset,
2011 (offset - start_offset));
2018 dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree,
2019 guint32 offset, SslDecryptSession* ssl _U_)
2023 * ProtocolVersion server_version;
2024 * opaque cookie<0..32>;
2025 * } HelloVerifyRequest;
2028 guint8 cookie_length;
2030 /* show the client version */
2031 proto_tree_add_item(tree, hf_dtls_handshake_server_version, tvb,
2032 offset, 2, ENC_BIG_ENDIAN);
2036 /* look for a cookie */
2037 cookie_length = tvb_get_guint8(tvb, offset);
2039 proto_tree_add_uint(tree, hf_dtls_handshake_cookie_len,
2040 tvb, offset, 1, cookie_length);
2041 offset ++; /* skip opaque length */
2043 if (cookie_length > 0)
2045 proto_tree_add_bytes_format(tree, hf_dtls_handshake_cookie,
2046 tvb, offset, cookie_length,
2047 NULL, "Cookie (%u byte%s)",
2049 plurality(cookie_length, "", "s"));
2050 offset += cookie_length;
2057 dissect_dtls_hnd_new_ses_ticket(tvbuff_t *tvb,
2058 proto_tree *tree, guint32 offset, guint32 length)
2062 proto_tree *subtree;
2065 nst_len = tvb_get_ntohs(tvb, offset+4);
2066 if (6 + nst_len != length) {
2070 ti = proto_tree_add_text(tree, tvb, offset, 6+nst_len, "TLS Session Ticket");
2071 subtree = proto_item_add_subtree(ti, ett_dtls_new_ses_ticket);
2073 proto_tree_add_item(subtree, hf_dtls_handshake_session_ticket_lifetime_hint,
2074 tvb, offset, 4, ENC_BIG_ENDIAN);
2077 proto_tree_add_uint(subtree, hf_dtls_handshake_session_ticket_len,
2078 tvb, offset, 2, nst_len);
2079 /* Content depends on implementation, so just show data! */
2080 proto_tree_add_item(subtree, hf_dtls_handshake_session_ticket,
2081 tvb, offset + 2, nst_len, ENC_NA);
2085 dissect_dtls_hnd_cert(tvbuff_t *tvb,
2086 proto_tree *tree, guint32 offset, packet_info *pinfo)
2089 /* opaque ASN.1Cert<2^24-1>;
2092 * ASN.1Cert certificate_list<1..2^24-1>;
2096 guint32 certificate_list_length;
2098 proto_tree *subtree;
2099 asn1_ctx_t asn1_ctx;
2101 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
2103 certificate_list_length = tvb_get_ntoh24(tvb, offset);
2104 proto_tree_add_uint(tree, hf_dtls_handshake_certificates_len,
2105 tvb, offset, 3, certificate_list_length);
2106 offset += 3; /* 24-bit length value */
2108 if (certificate_list_length > 0)
2110 ti = proto_tree_add_none_format(tree,
2111 hf_dtls_handshake_certificates,
2112 tvb, offset, certificate_list_length,
2113 "Certificates (%u byte%s)",
2114 certificate_list_length,
2115 plurality(certificate_list_length,
2118 /* make it a subtree */
2119 subtree = proto_item_add_subtree(ti, ett_dtls_certs);
2121 /* iterate through each certificate */
2122 while (certificate_list_length > 0)
2124 /* get the length of the current certificate */
2125 guint32 cert_length = tvb_get_ntoh24(tvb, offset);
2126 certificate_list_length -= 3 + cert_length;
2128 proto_tree_add_item(subtree, hf_dtls_handshake_certificate_len, tvb, offset, 3, ENC_BIG_ENDIAN);
2131 dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, subtree, hf_dtls_handshake_certificate);
2132 offset += cert_length;
2138 dissect_dtls_hnd_cert_req(tvbuff_t *tvb,
2139 proto_tree *tree, guint32 offset, packet_info *pinfo,
2140 const guint *conv_version)
2144 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
2146 * } ClientCertificateType;
2148 * opaque DistinguishedName<1..2^16-1>;
2151 * ClientCertificateType certificate_types<1..2^8-1>;
2152 * DistinguishedName certificate_authorities<3..2^16-1>;
2153 * } CertificateRequest;
2156 * As per TLSv1.2 (RFC 5246) the format has changed to:
2159 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
2160 * rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),
2161 * fortezza_dms_RESERVED(20), (255)
2162 * } ClientCertificateType;
2165 * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
2169 * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
2170 * SignatureAlgorithm;
2173 * HashAlgorithm hash;
2174 * SignatureAlgorithm signature;
2175 * } SignatureAndHashAlgorithm;
2177 * SignatureAndHashAlgorithm
2178 * supported_signature_algorithms<2..2^16-2>;
2180 * opaque DistinguishedName<1..2^16-1>;
2183 * ClientCertificateType certificate_types<1..2^8-1>;
2184 * SignatureAndHashAlgorithm
2185 * supported_signature_algorithms<2^16-1>;
2186 * DistinguishedName certificate_authorities<0..2^16-1>;
2187 * } CertificateRequest;
2191 proto_tree *ti, *ti2;
2192 proto_tree *subtree, *algotree;
2193 guint8 cert_types_count;
2195 guint16 sig_hash_alg;
2197 asn1_ctx_t asn1_ctx;
2199 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
2203 cert_types_count = tvb_get_guint8(tvb, offset);
2204 proto_tree_add_uint(tree, hf_dtls_handshake_cert_types_count,
2205 tvb, offset, 1, cert_types_count);
2208 if (cert_types_count > 0)
2210 ti = proto_tree_add_none_format(tree,
2211 hf_dtls_handshake_cert_types,
2212 tvb, offset, cert_types_count,
2213 "Certificate types (%u type%s)",
2215 plurality(cert_types_count, "", "s"));
2216 subtree = proto_item_add_subtree(ti, ett_dtls_cert_types);
2222 while (cert_types_count > 0)
2224 proto_tree_add_item(subtree, hf_dtls_handshake_cert_type,
2225 tvb, offset, 1, ENC_BIG_ENDIAN);
2231 switch (*conv_version) {
2232 case SSL_VER_DTLS1DOT2:
2233 sh_alg_length = tvb_get_ntohs(tvb, offset);
2234 ti2 = proto_tree_add_uint(tree, hf_dtls_handshake_sig_hash_alg_len,
2235 tvb, offset, 2, sh_alg_length);
2238 if (sh_alg_length > 0)
2240 ti = proto_tree_add_none_format(tree,
2241 hf_dtls_handshake_sig_hash_algs,
2242 tvb, offset, sh_alg_length,
2243 "Signature Hash Algorithms (%u algorithm%s)",
2245 plurality(sh_alg_length/2, "", "s"));
2246 subtree = proto_item_add_subtree(ti, ett_dtls_sig_hash_algs);
2248 if (sh_alg_length % 2) {
2249 expert_add_info_format(pinfo, ti2, &ei_dtls_handshake_sig_hash_alg_len_bad,
2250 "Signature Hash Algorithm length (%d) must be a multiple of 2",
2256 while (sh_alg_length > 0)
2258 sig_hash_alg = tvb_get_ntohs(tvb, offset);
2259 ti = proto_tree_add_uint(subtree, hf_dtls_handshake_sig_hash_alg,
2260 tvb, offset, 2, sig_hash_alg);
2261 algotree = proto_item_add_subtree(ti, ett_dtls_sig_hash_alg);
2263 proto_tree_add_item(algotree, hf_dtls_handshake_sig_hash_hash,
2264 tvb, offset, 1, ENC_BIG_ENDIAN);
2265 proto_tree_add_item(algotree, hf_dtls_handshake_sig_hash_sig,
2266 tvb, offset+1, 1, ENC_BIG_ENDIAN);
2278 dnames_length = tvb_get_ntohs(tvb, offset);
2279 proto_tree_add_uint(tree, hf_dtls_handshake_dnames_len,
2280 tvb, offset, 2, dnames_length);
2283 if (dnames_length > 0)
2285 ti = proto_tree_add_none_format(tree,
2286 hf_dtls_handshake_dnames,
2287 tvb, offset, dnames_length,
2288 "Distinguished Names (%d byte%s)",
2290 plurality(dnames_length, "", "s"));
2291 subtree = proto_item_add_subtree(ti, ett_dtls_dnames);
2293 while (dnames_length > 0)
2295 /* get the length of the current certificate */
2296 guint16 name_length;
2297 name_length = tvb_get_ntohs(tvb, offset);
2298 dnames_length -= 2 + name_length;
2300 proto_tree_add_item(subtree, hf_dtls_handshake_dname_len,
2301 tvb, offset, 2, ENC_BIG_ENDIAN);
2304 dissect_x509if_DistinguishedName(FALSE, tvb, offset, &asn1_ctx, subtree, hf_dtls_handshake_dname);
2306 offset += name_length;
2315 dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
2316 guint32 offset, guint32 length)
2318 gint curve_type, curve_type_offset;
2319 gint named_curve, named_curve_offset;
2320 gint point_len, point_len_offset;
2321 gint sig_len, sig_len_offset;
2322 proto_item *ti_ecdh;
2323 proto_tree *ssl_ecdh_tree;
2324 guint32 orig_offset;
2326 orig_offset = offset;
2328 curve_type_offset = offset;
2329 curve_type = tvb_get_guint8(tvb, offset);
2330 if (curve_type != 3)
2331 return; /* only named_curves are supported */
2333 if ((offset - orig_offset) > length) {
2337 named_curve_offset = offset;
2338 named_curve = tvb_get_ntohs(tvb, offset);
2340 if ((offset - orig_offset) > length) {
2344 point_len_offset = offset;
2345 point_len = tvb_get_guint8(tvb, offset);
2346 if ((offset + point_len - orig_offset) > length) {
2349 offset += 1 + point_len;
2351 sig_len_offset = offset;
2352 sig_len = tvb_get_ntohs(tvb, offset);
2353 offset += 2 + sig_len;
2354 if ((offset - orig_offset) != length) {
2355 /* Lengths don't line up (wasn't what we expected?) */
2359 ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset,
2360 (offset - orig_offset), "EC Diffie-Hellman Server Params");
2361 ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_dtls_keyex_params);
2364 proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_curve_type,
2365 tvb, curve_type_offset, 1, curve_type);
2368 proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_named_curve,
2369 tvb, named_curve_offset, 2, named_curve);
2372 proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_point_len,
2373 tvb, point_len_offset, 1, point_len);
2374 proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_point,
2375 tvb, point_len_offset+1, point_len, ENC_NA);
2378 proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_sig_len,
2379 tvb, sig_len_offset, 2, sig_len);
2380 proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_sig,
2381 tvb, sig_len_offset + 2, sig_len, ENC_NA);
2386 dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb, proto_tree *tree,
2387 guint32 offset, guint32 length)
2389 gint p_len, p_len_offset;
2390 gint g_len, g_len_offset;
2391 gint ys_len, ys_len_offset;
2392 gint sig_len, sig_len_offset;
2394 proto_tree *ssl_dh_tree;
2395 guint32 orig_offset;
2397 orig_offset = offset;
2399 p_len_offset = offset;
2400 p_len = tvb_get_ntohs(tvb, offset);
2401 offset += 2 + p_len;
2402 if ((offset - orig_offset) > length) {
2406 g_len_offset = offset;
2407 g_len = tvb_get_ntohs(tvb, offset);
2408 offset += 2 + g_len;
2409 if ((offset - orig_offset) > length) {
2413 ys_len_offset = offset;
2414 ys_len = tvb_get_ntohs(tvb, offset);
2415 offset += 2 + ys_len;
2416 if ((offset - orig_offset) > length) {
2420 sig_len_offset = offset;
2421 sig_len = tvb_get_ntohs(tvb, offset);
2422 offset += 2 + sig_len;
2423 if ((offset - orig_offset) != length) {
2424 /* Lengths don't line up (wasn't what we expected?) */
2428 ti_dh = proto_tree_add_text(tree, tvb, orig_offset,
2429 (offset - orig_offset), "Diffie-Hellman Server Params");
2430 ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_dtls_keyex_params);
2433 proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_p_len,
2434 tvb, p_len_offset, 2, p_len);
2435 proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_p,
2436 tvb, p_len_offset + 2, p_len, ENC_NA);
2439 proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_g_len,
2440 tvb, g_len_offset, 2, g_len);
2441 proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_g,
2442 tvb, g_len_offset + 2, g_len, ENC_NA);
2445 proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_ys_len,
2446 tvb, ys_len_offset, 2, ys_len);
2447 proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_ys,
2448 tvb, ys_len_offset + 2, ys_len, ENC_NA);
2451 proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_sig_len,
2452 tvb, sig_len_offset, 2, sig_len);
2453 proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_sig,
2454 tvb, sig_len_offset + 2, sig_len, ENC_NA);
2458 /* Used in RSA PSK cipher suites */
2460 dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
2461 guint32 offset, guint32 length)
2463 gint modulus_len, modulus_len_offset;
2464 gint exponent_len, exponent_len_offset;
2465 gint sig_len, sig_len_offset;
2467 proto_tree *ssl_rsa_tree;
2468 guint32 orig_offset;
2470 orig_offset = offset;
2472 modulus_len_offset = offset;
2473 modulus_len = tvb_get_ntohs(tvb, offset);
2474 offset += 2 + modulus_len;
2475 if ((offset - orig_offset) > length) {
2479 exponent_len_offset = offset;
2480 exponent_len = tvb_get_ntohs(tvb, offset);
2481 offset += 2 + exponent_len;
2482 if ((offset - orig_offset) > length) {
2486 sig_len_offset = offset;
2487 sig_len = tvb_get_ntohs(tvb, offset);
2488 offset += 2 + sig_len;
2489 if ((offset - orig_offset) != length) {
2490 /* Lengths don't line up (wasn't what we expected?) */
2494 ti_rsa = proto_tree_add_text(tree, tvb, orig_offset,
2495 (offset - orig_offset), "RSA-EXPORT Server Params");
2496 ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_dtls_keyex_params);
2499 proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_modulus_len,
2500 tvb, modulus_len_offset, 2, modulus_len);
2501 proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_modulus,
2502 tvb, modulus_len_offset + 2, modulus_len, ENC_NA);
2505 proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_exponent_len,
2506 tvb, exponent_len_offset, 2, exponent_len);
2507 proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_exponent,
2508 tvb, exponent_len_offset + 2, exponent_len, ENC_NA);
2511 proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_sig_len,
2512 tvb, sig_len_offset, 2, sig_len);
2513 proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_sig,
2514 tvb, sig_len_offset + 2, sig_len, ENC_NA);
2518 /* Used in RSA PSK and PSK cipher suites */
2520 dissect_dtls_hnd_srv_keyex_psk(tvbuff_t *tvb, proto_tree *tree,
2521 guint32 offset, guint32 length)
2525 proto_tree *ssl_psk_tree;
2527 hint_len = tvb_get_ntohs(tvb, offset);
2528 if ((2 + hint_len) != length) {
2529 /* Lengths don't line up (wasn't what we expected?) */
2533 ti_psk = proto_tree_add_text(tree, tvb, offset,
2534 length, "PSK Server Params");
2535 ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params);
2538 proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_server_keyex_hint_len,
2539 tvb, offset, 2, hint_len);
2540 proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_server_keyex_hint,
2541 tvb, offset + 2, hint_len, ENC_NA);
2545 dissect_dtls_hnd_cli_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
2546 guint32 offset, guint32 length)
2548 gint point_len, point_len_offset;
2549 proto_item *ti_ecdh;
2550 proto_tree *ssl_ecdh_tree;
2551 guint32 orig_offset;
2553 orig_offset = offset;
2555 point_len_offset = offset;
2556 point_len = tvb_get_guint8(tvb, offset);
2557 if ((offset + point_len - orig_offset) > length) {
2560 offset += 1 + point_len;
2562 ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset,
2563 (offset - orig_offset), "EC Diffie-Hellman Client Params");
2564 ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_dtls_keyex_params);
2567 proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_client_keyex_point_len,
2568 tvb, point_len_offset, 1, point_len);
2569 proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_client_keyex_point,
2570 tvb, point_len_offset+1, point_len, ENC_NA);
2575 dissect_dtls_hnd_cli_keyex_dh(tvbuff_t *tvb, proto_tree *tree,
2576 guint32 offset, guint32 length)
2578 gint yc_len, yc_len_offset;
2580 proto_tree *ssl_dh_tree;
2581 guint32 orig_offset;
2583 orig_offset = offset;
2585 yc_len_offset = offset;
2586 yc_len = tvb_get_ntohs(tvb, offset);
2587 offset += 2 + yc_len;
2588 if ((offset - orig_offset) != length) {
2592 ti_dh = proto_tree_add_text(tree, tvb, orig_offset,
2593 (offset - orig_offset), "Diffie-Hellman Client Params");
2594 ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_dtls_keyex_params);
2596 /* encrypted PreMaster secret */
2597 proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_client_keyex_yc_len,
2598 tvb, yc_len_offset, 2, yc_len);
2599 proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_client_keyex_yc,
2600 tvb, yc_len_offset + 2, yc_len, ENC_NA);
2604 dissect_dtls_hnd_cli_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
2605 guint32 offset, guint32 length)
2607 gint epms_len, epms_len_offset;
2609 proto_tree *ssl_rsa_tree;
2610 guint32 orig_offset;
2612 orig_offset = offset;
2614 epms_len_offset = offset;
2615 epms_len = tvb_get_ntohs(tvb, offset);
2616 offset += 2 + epms_len;
2617 if ((offset - orig_offset) != length) {
2621 ti_rsa = proto_tree_add_text(tree, tvb, orig_offset,
2622 (offset - orig_offset), "RSA Encrypted PreMaster Secret");
2623 ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_dtls_keyex_params);
2626 proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_client_keyex_epms_len,
2627 tvb, epms_len_offset, 2, epms_len);
2628 proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_client_keyex_epms,
2629 tvb, epms_len_offset + 2, epms_len, ENC_NA);
2632 /* Used in PSK cipher suites */
2634 dissect_dtls_hnd_cli_keyex_psk(tvbuff_t *tvb, proto_tree *tree,
2635 guint32 offset, guint32 length)
2639 proto_tree *ssl_psk_tree;
2641 identity_len = tvb_get_ntohs(tvb, offset);
2642 if ((2 + identity_len) != length) {
2643 /* Lengths don't line up (wasn't what we expected?) */
2647 ti_psk = proto_tree_add_text(tree, tvb, offset,
2648 length, "PSK Client Params");
2649 ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params);
2652 proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity_len,
2653 tvb, offset, 2, identity_len);
2654 proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity,
2655 tvb, offset + 2, identity_len, ENC_NA);
2658 /* Used in RSA PSK cipher suites */
2660 dissect_dtls_hnd_cli_keyex_rsa_psk(tvbuff_t *tvb, proto_tree *tree,
2661 guint32 offset, guint32 length)
2663 gint identity_len, identity_len_offset;
2664 gint epms_len, epms_len_offset;
2666 proto_tree *ssl_psk_tree;
2667 guint32 orig_offset;
2669 orig_offset = offset;
2671 identity_len_offset = offset;
2672 identity_len = tvb_get_ntohs(tvb, offset);
2673 offset += 2 + identity_len;
2674 if ((offset - orig_offset) > length) {
2678 epms_len_offset = offset;
2679 epms_len = tvb_get_ntohs(tvb, offset);
2680 offset += 2 + epms_len;
2681 if ((offset - orig_offset) != length) {
2682 /* Lengths don't line up (wasn't what we expected?) */
2686 ti_psk = proto_tree_add_text(tree, tvb, orig_offset,
2687 (offset - orig_offset), "RSA PSK Client Params");
2688 ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params);
2691 proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity_len,
2692 tvb, identity_len_offset, 2, identity_len);
2693 proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity,
2694 tvb, identity_len_offset + 2, identity_len, ENC_NA);
2697 proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_epms_len,
2698 tvb, epms_len_offset, 2, epms_len);
2699 proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_epms,
2700 tvb, epms_len_offset + 2, epms_len, ENC_NA);
2704 dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset,
2705 guint* conv_version)
2709 * opaque verify_data[12];
2713 switch(*conv_version) {
2715 proto_tree_add_item(tree, hf_dtls_handshake_finished,
2716 tvb, offset, 12, ENC_NA);
2718 case SSL_VER_DTLS1DOT2:
2719 proto_tree_add_item(tree, hf_dtls_handshake_finished,
2720 tvb, offset, 12, ENC_NA);
2725 /*********************************************************************
2729 *********************************************************************/
2732 ssl_set_conv_version(packet_info *pinfo, guint version)
2734 conversation_t *conversation;
2736 if (pinfo->fd->flags.visited)
2738 /* We've already processed this frame; no need to do any more
2744 conversation = find_or_create_conversation(pinfo);
2746 if (conversation_get_proto_data(conversation, proto_dtls) != NULL)
2748 /* get rid of the current data */
2749 conversation_delete_proto_data(conversation, proto_dtls);
2751 conversation_add_proto_data(conversation, proto_dtls, GINT_TO_POINTER(version));
2756 dtls_is_valid_handshake_type(guint8 type)
2760 case SSL_HND_HELLO_REQUEST:
2761 case SSL_HND_CLIENT_HELLO:
2762 case SSL_HND_SERVER_HELLO:
2763 case SSL_HND_HELLO_VERIFY_REQUEST:
2764 case SSL_HND_NEWSESSION_TICKET:
2765 case SSL_HND_CERTIFICATE:
2766 case SSL_HND_SERVER_KEY_EXCHG:
2767 case SSL_HND_CERT_REQUEST:
2768 case SSL_HND_SVR_HELLO_DONE:
2769 case SSL_HND_CERT_VERIFY:
2770 case SSL_HND_CLIENT_KEY_EXCHG:
2771 case SSL_HND_FINISHED:
2778 dtls_is_authoritative_version_message(guint8 content_type, guint8 next_byte)
2780 if (content_type == SSL_ID_HANDSHAKE
2781 && dtls_is_valid_handshake_type(next_byte))
2783 return (next_byte != SSL_HND_CLIENT_HELLO);
2785 else if (ssl_is_valid_content_type(content_type)
2786 && content_type != SSL_ID_HANDSHAKE)
2793 /* this applies a heuristic to determine whether
2794 * or not the data beginning at offset looks like a
2795 * valid dtls record.
2798 looks_like_dtls(tvbuff_t *tvb, guint32 offset)
2800 /* have to have a valid content type followed by a valid
2806 /* see if the first byte is a valid content type */
2807 byte = tvb_get_guint8(tvb, offset);
2808 if (!ssl_is_valid_content_type(byte))
2813 /* now check to see if the version byte appears valid */
2814 version = tvb_get_ntohs(tvb, offset + 1);
2815 if (version != DTLSV1DOT0_VERSION && version != DTLSV1DOT2_VERSION &&
2816 version != DTLSV1DOT0_VERSION_NOT)
2826 #ifdef HAVE_LIBGNUTLS
2828 dtlsdecrypt_free_cb(void* r)
2830 ssldecrypt_assoc_t* h = (ssldecrypt_assoc_t*)r;
2834 g_free(h->protocol);
2836 g_free(h->password);
2842 dtlsdecrypt_update_cb(void* r _U_, const char** err _U_)
2848 #ifdef HAVE_LIBGNUTLS
2850 dtlsdecrypt_copy_cb(void* dest, const void* orig, size_t len _U_)
2852 const ssldecrypt_assoc_t* o = (const ssldecrypt_assoc_t*)orig;
2853 ssldecrypt_assoc_t* d = (ssldecrypt_assoc_t*)dest;
2855 d->ipaddr = g_strdup(o->ipaddr);
2856 d->port = g_strdup(o->port);
2857 d->protocol = g_strdup(o->protocol);
2858 d->keyfile = g_strdup(o->keyfile);
2859 d->password = g_strdup(o->password);
2864 UAT_CSTRING_CB_DEF(sslkeylist_uats,ipaddr,ssldecrypt_assoc_t)
2865 UAT_CSTRING_CB_DEF(sslkeylist_uats,port,ssldecrypt_assoc_t)
2866 UAT_CSTRING_CB_DEF(sslkeylist_uats,protocol,ssldecrypt_assoc_t)
2867 UAT_FILENAME_CB_DEF(sslkeylist_uats,keyfile,ssldecrypt_assoc_t)
2868 UAT_CSTRING_CB_DEF(sslkeylist_uats,password,ssldecrypt_assoc_t)
2871 void proto_reg_handoff_dtls(void);
2873 /*********************************************************************
2875 * Standard Wireshark Protocol Registration and housekeeping
2877 *********************************************************************/
2879 proto_register_dtls(void)
2882 /* Setup list of header fields See Section 1.6.1 for details*/
2883 static hf_register_info hf[] = {
2885 { "Record Layer", "dtls.record",
2886 FT_NONE, BASE_NONE, NULL, 0x0,
2889 { &hf_dtls_record_content_type,
2890 { "Content Type", "dtls.record.content_type",
2891 FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
2894 { &hf_dtls_record_version,
2895 { "Version", "dtls.record.version",
2896 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2897 "Record layer version.", HFILL }
2899 { &hf_dtls_record_epoch,
2900 { "Epoch", "dtls.record.epoch",
2901 FT_UINT16, BASE_DEC, NULL, 0x0,
2904 { &hf_dtls_record_sequence_number,
2905 { "Sequence Number", "dtls.record.sequence_number",
2906 FT_UINT64, BASE_DEC, NULL, 0x0,
2909 { &hf_dtls_record_length,
2910 { "Length", "dtls.record.length",
2911 FT_UINT16, BASE_DEC, NULL, 0x0,
2912 "Length of DTLS record data", HFILL }
2914 { &hf_dtls_record_appdata,
2915 { "Encrypted Application Data", "dtls.app_data",
2916 FT_BYTES, BASE_NONE, NULL, 0x0,
2917 "Payload is encrypted application data", HFILL }
2919 { &hf_dtls_change_cipher_spec,
2920 { "Change Cipher Spec Message", "dtls.change_cipher_spec",
2921 FT_NONE, BASE_NONE, NULL, 0x0,
2922 "Signals a change in cipher specifications", HFILL }
2924 { & hf_dtls_alert_message,
2925 { "Alert Message", "dtls.alert_message",
2926 FT_NONE, BASE_NONE, NULL, 0x0,
2929 { & hf_dtls_alert_message_level,
2930 { "Level", "dtls.alert_message.level",
2931 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
2932 "Alert message level", HFILL }
2934 { &hf_dtls_alert_message_description,
2935 { "Description", "dtls.alert_message.desc",
2936 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
2937 "Alert message description", HFILL }
2939 { &hf_dtls_handshake_protocol,
2940 { "Handshake Protocol", "dtls.handshake",
2941 FT_NONE, BASE_NONE, NULL, 0x0,
2942 "Handshake protocol message", HFILL}
2944 { &hf_dtls_handshake_type,
2945 { "Handshake Type", "dtls.handshake.type",
2946 FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
2947 "Type of handshake message", HFILL}
2949 { &hf_dtls_handshake_length,
2950 { "Length", "dtls.handshake.length",
2951 FT_UINT24, BASE_DEC, NULL, 0x0,
2952 "Length of handshake message", HFILL }
2954 { &hf_dtls_handshake_message_seq,
2955 { "Message Sequence", "dtls.handshake.message_seq",
2956 FT_UINT16, BASE_DEC, NULL, 0x0,
2957 "Message sequence of handshake message", HFILL }
2959 { &hf_dtls_handshake_fragment_offset,
2960 { "Fragment Offset", "dtls.handshake.fragment_offset",
2961 FT_UINT24, BASE_DEC, NULL, 0x0,
2962 "Fragment offset of handshake message", HFILL }
2964 { &hf_dtls_handshake_fragment_length,
2965 { "Fragment Length", "dtls.handshake.fragment_length",
2966 FT_UINT24, BASE_DEC, NULL, 0x0,
2967 "Fragment length of handshake message", HFILL }
2969 { &hf_dtls_handshake_client_version,
2970 { "Version", "dtls.handshake.client_version",
2971 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2972 "Maximum version supported by client", HFILL }
2974 { &hf_dtls_handshake_server_version,
2975 { "Version", "dtls.handshake.server_version",
2976 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2977 "Version selected by server", HFILL }
2979 { &hf_dtls_handshake_random_time,
2980 { "GMT Unix Time", "dtls.handshake.random_time",
2981 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
2982 "Unix time field of random structure", HFILL }
2984 { &hf_dtls_handshake_random_bytes,
2985 { "Random Bytes", "dtls.handshake.random",
2986 FT_BYTES, BASE_NONE, NULL, 0x0,
2987 "Random challenge used to authenticate server", HFILL }
2989 { &hf_dtls_handshake_cipher_suites_len,
2990 { "Cipher Suites Length", "dtls.handshake.cipher_suites_length",
2991 FT_UINT16, BASE_DEC, NULL, 0x0,
2992 "Length of cipher suites field", HFILL }
2994 { &hf_dtls_handshake_cipher_suites,
2995 { "Cipher Suites", "dtls.handshake.ciphersuites",
2996 FT_NONE, BASE_NONE, NULL, 0x0,
2997 "List of cipher suites supported by client", HFILL }
2999 { &hf_dtls_handshake_cipher_suite,
3000 { "Cipher Suite", "dtls.handshake.ciphersuite",
3001 FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0,
3004 { &hf_dtls_handshake_cookie_len,
3005 { "Cookie Length", "dtls.handshake.cookie_length",
3006 FT_UINT8, BASE_DEC, NULL, 0x0,
3007 "Length of the cookie field", HFILL }
3009 { &hf_dtls_handshake_cookie,
3010 { "Cookie", "dtls.handshake.cookie",
3011 FT_BYTES, BASE_NONE, NULL, 0x0,
3014 { &hf_dtls_handshake_session_id,
3015 { "Session ID", "dtls.handshake.session_id",
3016 FT_BYTES, BASE_NONE, NULL, 0x0,
3017 "Identifies the DTLS session, allowing later resumption", HFILL }
3019 { &hf_dtls_handshake_comp_methods_len,
3020 { "Compression Methods Length", "dtls.handshake.comp_methods_length",
3021 FT_UINT8, BASE_DEC, NULL, 0x0,
3022 "Length of compression methods field", HFILL }
3024 { &hf_dtls_handshake_comp_methods,
3025 { "Compression Methods", "dtls.handshake.comp_methods",
3026 FT_NONE, BASE_NONE, NULL, 0x0,
3027 "List of compression methods supported by client", HFILL }
3029 { &hf_dtls_handshake_comp_method,
3030 { "Compression Method", "dtls.handshake.comp_method",
3031 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
3034 { &hf_dtls_handshake_extensions_len,
3035 { "Extensions Length", "dtls.handshake.extensions_length",
3036 FT_UINT16, BASE_DEC, NULL, 0x0,
3037 "Length of hello extensions", HFILL }
3039 { &hf_dtls_handshake_extension_type,
3040 { "Type", "dtls.handshake.extension.type",
3041 FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0,
3042 "Hello extension type", HFILL }
3044 { &hf_dtls_handshake_extension_len,
3045 { "Length", "dtls.handshake.extension.len",
3046 FT_UINT16, BASE_DEC, NULL, 0x0,
3047 "Length of a hello extension", HFILL }
3049 { &hf_dtls_handshake_extension_data,
3050 { "Data", "dtls.handshake.extension.data",
3051 FT_BYTES, BASE_NONE, NULL, 0x0,
3052 "Hello Extension data", HFILL }
3054 { &hf_dtls_handshake_session_ticket_lifetime_hint,
3055 { "Session Ticket Lifetime Hint", "dtls.handshake.session_ticket_lifetime_hint",
3056 FT_UINT32, BASE_DEC, NULL, 0x0,
3057 "New DTLS Session Ticket Lifetime Hint", HFILL }
3059 { &hf_dtls_handshake_session_ticket_len,
3060 { "Session Ticket Length", "dtls.handshake.session_ticket_length",
3061 FT_UINT16, BASE_DEC, NULL, 0x0,
3062 "New DTLS Session Ticket Length", HFILL }
3064 { &hf_dtls_handshake_session_ticket,
3065 { "Session Ticket", "dtls.handshake.session_ticket",
3066 FT_BYTES, BASE_NONE, NULL, 0x0,
3067 "New DTLS Session Ticket", HFILL }
3069 { &hf_dtls_handshake_certificates_len,
3070 { "Certificates Length", "dtls.handshake.certificates_length",
3071 FT_UINT24, BASE_DEC, NULL, 0x0,
3072 "Length of certificates field", HFILL }
3074 { &hf_dtls_handshake_certificates,
3075 { "Certificates", "dtls.handshake.certificates",
3076 FT_NONE, BASE_NONE, NULL, 0x0,
3077 "List of certificates", HFILL }
3079 { &hf_dtls_handshake_certificate,
3080 { "Certificate", "dtls.handshake.certificate",
3081 FT_BYTES, BASE_NONE, NULL, 0x0,
3084 { &hf_dtls_handshake_certificate_len,
3085 { "Certificate Length", "dtls.handshake.certificate_length",
3086 FT_UINT24, BASE_DEC, NULL, 0x0,
3087 "Length of certificate", HFILL }
3089 { &hf_dtls_handshake_cert_types_count,
3090 { "Certificate types count", "dtls.handshake.cert_types_count",
3091 FT_UINT8, BASE_DEC, NULL, 0x0,
3092 "Count of certificate types", HFILL }
3094 { &hf_dtls_handshake_cert_types,
3095 { "Certificate types", "dtls.handshake.cert_types",
3096 FT_NONE, BASE_NONE, NULL, 0x0,
3097 "List of certificate types", HFILL }
3099 { &hf_dtls_handshake_cert_type,
3100 { "Certificate type", "dtls.handshake.cert_type",
3101 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
3104 { &hf_dtls_handshake_server_keyex_p_len,
3105 { "p Length", "dtls.handshake.p_len",
3106 FT_UINT16, BASE_DEC, NULL, 0x0,
3107 "Length of p", HFILL }
3109 { &hf_dtls_handshake_server_keyex_g_len,
3110 { "g Length", "dtls.handshake.g_len",
3111 FT_UINT16, BASE_DEC, NULL, 0x0,
3112 "Length of g", HFILL }
3114 { &hf_dtls_handshake_server_keyex_ys_len,
3115 { "Pubkey Length", "dtls.handshake.ys_len",
3116 FT_UINT16, BASE_DEC, NULL, 0x0,
3117 "Length of server's Diffie-Hellman public key", HFILL }
3119 { &hf_dtls_handshake_client_keyex_yc_len,
3120 { "Pubkey Length", "dtls.handshake.yc_len",
3121 FT_UINT16, BASE_DEC, NULL, 0x0,
3122 "Length of client's Diffie-Hellman public key", HFILL }
3124 { &hf_dtls_handshake_client_keyex_point_len,
3125 { "Pubkey Length", "dtls.handshake.client_point_len",
3126 FT_UINT8, BASE_DEC, NULL, 0x0,
3127 "Length of client's EC Diffie-Hellman public key", HFILL }
3129 { &hf_dtls_handshake_server_keyex_point_len,
3130 { "Pubkey Length", "dtls.handshake.server_point_len",
3131 FT_UINT8, BASE_DEC, NULL, 0x0,
3132 "Length of server's EC Diffie-Hellman public key", HFILL }
3134 { &hf_dtls_handshake_client_keyex_epms_len,
3135 { "Encrypted PreMaster length", "dtls.handshake.epms_len",
3136 FT_UINT16, BASE_DEC, NULL, 0x0,
3137 "Length of encrypted PreMaster secret", HFILL }
3139 { &hf_dtls_handshake_client_keyex_epms,
3140 { "Encrypted PreMaster", "dtls.handshake.epms",
3141 FT_BYTES, BASE_NONE, NULL, 0x0,
3142 "Encrypted PreMaster secret", HFILL }
3144 { &hf_dtls_handshake_server_keyex_modulus_len,
3145 { "Modulus Length", "dtls.handshake.modulus_len",
3146 FT_UINT16, BASE_DEC, NULL, 0x0,
3147 "Length of RSA-EXPORT modulus", HFILL }
3149 { &hf_dtls_handshake_server_keyex_exponent_len,
3150 { "Exponent Length", "dtls.handshake.exponent_len",
3151 FT_UINT16, BASE_DEC, NULL, 0x0,
3152 "Length of RSA-EXPORT exponent", HFILL }
3154 { &hf_dtls_handshake_server_keyex_sig_len,
3155 { "Signature Length", "dtls.handshake.sig_len",
3156 FT_UINT16, BASE_DEC, NULL, 0x0,
3157 "Length of Signature", HFILL }
3159 { &hf_dtls_handshake_server_keyex_p,
3160 { "p", "dtls.handshake.p",
3161 FT_BYTES, BASE_NONE, NULL, 0x0,
3162 "Diffie-Hellman p", HFILL }
3164 { &hf_dtls_handshake_server_keyex_g,
3165 { "g", "dtls.handshake.g",
3166 FT_BYTES, BASE_NONE, NULL, 0x0,
3167 "Diffie-Hellman g", HFILL }
3169 { &hf_dtls_handshake_server_keyex_curve_type,
3170 { "Curve Type", "dtls.handshake.server_curve_type",
3171 FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0,
3172 "Server curve_type", HFILL }
3174 { &hf_dtls_handshake_server_keyex_named_curve,
3175 { "Named Curve", "dtls.handshake.server_named_curve",
3176 FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0,
3177 "Server named_curve", HFILL }
3179 { &hf_dtls_handshake_server_keyex_ys,
3180 { "Pubkey", "dtls.handshake.ys",
3181 FT_BYTES, BASE_NONE, NULL, 0x0,
3182 "Diffie-Hellman server pubkey", HFILL }
3184 { &hf_dtls_handshake_client_keyex_yc,
3185 { "Pubkey", "dtls.handshake.yc",
3186 FT_BYTES, BASE_NONE, NULL, 0x0,
3187 "Diffie-Hellman client pubkey", HFILL }
3189 { &hf_dtls_handshake_server_keyex_point,
3190 { "Pubkey", "dtls.handshake.server_point",
3191 FT_BYTES, BASE_NONE, NULL, 0x0,
3192 "EC Diffie-Hellman server pubkey", HFILL }
3194 { &hf_dtls_handshake_client_keyex_point,
3195 { "Pubkey", "dtls.handshake.client_point",
3196 FT_BYTES, BASE_NONE, NULL, 0x0,
3197 "EC Diffie-Hellman client pubkey", HFILL }
3199 { &hf_dtls_handshake_server_keyex_modulus,
3200 { "Modulus", "dtls.handshake.modulus",
3201 FT_BYTES, BASE_NONE, NULL, 0x0,
3202 "RSA-EXPORT modulus", HFILL }
3204 { &hf_dtls_handshake_server_keyex_exponent,
3205 { "Exponent", "dtls.handshake.exponent",
3206 FT_BYTES, BASE_NONE, NULL, 0x0,
3207 "RSA-EXPORT exponent", HFILL }
3209 { &hf_dtls_handshake_server_keyex_sig,
3210 { "Signature", "dtls.handshake.sig",
3211 FT_BYTES, BASE_NONE, NULL, 0x0,
3212 "Diffie-Hellman server signature", HFILL }
3214 { &hf_dtls_handshake_server_keyex_hint_len,
3215 { "Hint Length", "dtls.handshake.hint_len",
3216 FT_UINT16, BASE_DEC, NULL, 0x0,
3217 "Length of PSK Hint", HFILL }
3219 { &hf_dtls_handshake_server_keyex_hint,
3220 { "Hint", "dtls.handshake.hint",
3221 FT_BYTES, BASE_NONE, NULL, 0x0,
3224 { &hf_dtls_handshake_client_keyex_identity_len,
3225 { "Identity Length", "dtls.handshake.identity_len",
3226 FT_UINT16, BASE_DEC, NULL, 0x0,
3227 "Length of PSK Identity", HFILL }
3229 { &hf_dtls_handshake_client_keyex_identity,
3230 { "Identity", "dtls.handshake.identity",
3231 FT_BYTES, BASE_NONE, NULL, 0x0,
3232 "PSK Identity", HFILL }
3234 { &hf_dtls_handshake_sig_hash_alg_len,
3235 { "Signature Hash Algorithms Length", "dtls.handshake.sig_hash_alg_len",
3236 FT_UINT16, BASE_DEC, NULL, 0x0,
3237 "Length of Signature Hash Algorithms", HFILL }
3239 { &hf_dtls_handshake_sig_hash_algs,
3240 { "Signature Hash Algorithms", "dtls.handshake.sig_hash_algs",
3241 FT_NONE, BASE_NONE, NULL, 0x0,
3242 "List of Signature Hash Algorithms", HFILL }
3244 { &hf_dtls_handshake_sig_hash_alg,
3245 { "Signature Hash Algorithm", "dtls.handshake.sig_hash_alg",
3246 FT_UINT16, BASE_HEX, NULL, 0x0,
3249 { &hf_dtls_handshake_sig_hash_hash,
3250 { "Signature Hash Algorithm Hash", "dtls.handshake.sig_hash_hash",
3251 FT_UINT8, BASE_DEC, VALS(tls_hash_algorithm), 0x0,
3254 { &hf_dtls_handshake_sig_hash_sig,
3255 { "Signature Hash Algorithm Signature", "dtls.handshake.sig_hash_sig",
3256 FT_UINT8, BASE_DEC, VALS(tls_signature_algorithm), 0x0,
3259 { &hf_dtls_handshake_finished,
3260 { "Verify Data", "dtls.handshake.verify_data",
3261 FT_NONE, BASE_NONE, NULL, 0x0,
3262 "Opaque verification data", HFILL }
3265 { &hf_dtls_handshake_md5_hash,
3266 { "MD5 Hash", "dtls.handshake.md5_hash",
3267 FT_NONE, BASE_NONE, NULL, 0x0,
3268 "Hash of messages, master_secret, etc.", HFILL }
3270 { &hf_dtls_handshake_sha_hash,
3271 { "SHA-1 Hash", "dtls.handshake.sha_hash",
3272 FT_NONE, BASE_NONE, NULL, 0x0,
3273 "Hash of messages, master_secret, etc.", HFILL }
3276 { &hf_dtls_handshake_session_id_len,
3277 { "Session ID Length", "dtls.handshake.session_id_length",
3278 FT_UINT8, BASE_DEC, NULL, 0x0,
3279 "Length of session ID field", HFILL }
3281 { &hf_dtls_handshake_dnames_len,
3282 { "Distinguished Names Length", "dtls.handshake.dnames_len",
3283 FT_UINT16, BASE_DEC, NULL, 0x0,
3284 "Length of list of CAs that server trusts", HFILL }
3286 { &hf_dtls_handshake_dnames,
3287 { "Distinguished Names", "dtls.handshake.dnames",
3288 FT_NONE, BASE_NONE, NULL, 0x0,
3289 "List of CAs that server trusts", HFILL }
3291 { &hf_dtls_handshake_dname_len,
3292 { "Distinguished Name Length", "dtls.handshake.dname_len",
3293 FT_UINT16, BASE_DEC, NULL, 0x0,
3294 "Length of distinguished name", HFILL }
3296 { &hf_dtls_handshake_dname,
3297 { "Distinguished Name", "dtls.handshake.dname",
3298 FT_BYTES, BASE_NONE, NULL, 0x0,
3299 "Distinguished name of a CA that server trusts", HFILL }
3301 { &hf_dtls_heartbeat_extension_mode,
3302 { "Mode", "dtls.handshake.extension.heartbeat.mode",
3303 FT_UINT8, BASE_DEC, VALS(tls_heartbeat_mode), 0x0,
3304 "Heartbeat extension mode", HFILL }
3306 { &hf_dtls_heartbeat_message,
3307 { "Heartbeat Message", "dtls.heartbeat_message",
3308 FT_NONE, BASE_NONE, NULL, 0x0,
3311 { &hf_dtls_heartbeat_message_type,
3312 { "Type", "dtls.heartbeat_message.type",
3313 FT_UINT8, BASE_DEC, VALS(tls_heartbeat_type), 0x0,
3314 "Heartbeat message type", HFILL }
3316 { &hf_dtls_heartbeat_message_payload_length,
3317 { "Payload Length", "dtls.heartbeat_message.payload_length",
3318 FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL }
3320 { &hf_dtls_heartbeat_message_payload,
3321 { "Payload Length", "dtls.heartbeat_message.payload",
3322 FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL }
3324 { &hf_dtls_heartbeat_message_padding,
3325 { "Payload Length", "dtls.heartbeat_message.padding",
3326 FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL }
3328 { &hf_dtls_fragments,
3329 { "Message fragments", "dtls.fragments",
3330 FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL }
3332 { &hf_dtls_fragment,
3333 { "Message fragment", "dtls.fragment",
3334 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL }
3336 { &hf_dtls_fragment_overlap,
3337 { "Message fragment overlap", "dtls.fragment.overlap",
3338 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
3340 { &hf_dtls_fragment_overlap_conflicts,
3341 { "Message fragment overlapping with conflicting data",
3342 "dtls.fragment.overlap.conflicts",
3343 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
3345 { &hf_dtls_fragment_multiple_tails,
3346 { "Message has multiple tail fragments",
3347 "dtls.fragment.multiple_tails",
3348 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
3350 { &hf_dtls_fragment_too_long_fragment,
3351 { "Message fragment too long", "dtls.fragment.too_long_fragment",
3352 FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
3354 { &hf_dtls_fragment_error,
3355 { "Message defragmentation error", "dtls.fragment.error",
3356 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL }
3358 { &hf_dtls_fragment_count,
3359 { "Message fragment count", "dtls.fragment.count",
3360 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
3362 { &hf_dtls_reassembled_in,
3363 { "Reassembled in", "dtls.reassembled.in",
3364 FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL }
3366 { &hf_dtls_reassembled_length,
3367 { "Reassembled DTLS length", "dtls.reassembled.length",
3368 FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
3372 /* Setup protocol subtree array */
3373 static gint *ett[] = {
3377 &ett_dtls_handshake,
3378 &ett_dtls_heartbeat,
3379 &ett_dtls_cipher_suites,
3380 &ett_dtls_comp_methods,
3381 &ett_dtls_extension,
3383 &ett_dtls_new_ses_ticket,
3384 &ett_dtls_keyex_params,
3386 &ett_dtls_cert_types,
3387 &ett_dtls_sig_hash_algs,
3388 &ett_dtls_sig_hash_alg,
3391 &ett_dtls_fragments,
3394 static ei_register_info ei[] = {
3395 { &ei_dtls_handshake_fragment_length_too_long, { "dtls.handshake.fragment_length.too_long", PI_PROTOCOL, PI_ERROR, "Fragment length is larger than message length", EXPFILL }},
3396 { &ei_dtls_handshake_fragment_past_end_msg, { "dtls.handshake.fragment_past_end_msg", PI_PROTOCOL, PI_ERROR, "Fragment runs past the end of the message", EXPFILL }},
3397 { &ei_dtls_msg_len_diff_fragment, { "dtls.msg_len_diff_fragment", PI_PROTOCOL, PI_ERROR, "Message length differs from value in earlier fragment", EXPFILL }},
3398 { &ei_dtls_handshake_sig_hash_alg_len_bad, { "dtls.handshake.sig_hash_alg_len.bad", PI_MALFORMED, PI_ERROR, "Signature Hash Algorithm length must be a multiple of 2", EXPFILL }},
3401 expert_module_t* expert_dtls;
3403 /* Register the protocol name and description */
3404 proto_dtls = proto_register_protocol("Datagram Transport Layer Security",
3407 /* Required function calls to register the header fields and
3409 proto_register_field_array(proto_dtls, hf, array_length(hf));
3410 proto_register_subtree_array(ett, array_length(ett));
3411 expert_dtls = expert_register_protocol(proto_dtls);
3412 expert_register_field_array(expert_dtls, ei, array_length(ei));
3414 #ifdef HAVE_LIBGNUTLS
3416 module_t *dtls_module = prefs_register_protocol(proto_dtls, proto_reg_handoff_dtls);
3418 static uat_field_t dtlskeylist_uats_flds[] = {
3419 UAT_FLD_CSTRING_OTHER(sslkeylist_uats, ipaddr, "IP address", ssldecrypt_uat_fld_ip_chk_cb, "IPv4 or IPv6 address"),
3420 UAT_FLD_CSTRING_OTHER(sslkeylist_uats, port, "Port", ssldecrypt_uat_fld_port_chk_cb, "Port Number"),
3421 UAT_FLD_CSTRING_OTHER(sslkeylist_uats, protocol, "Protocol", ssldecrypt_uat_fld_protocol_chk_cb, "Protocol"),
3422 UAT_FLD_FILENAME_OTHER(sslkeylist_uats, keyfile, "Key File", ssldecrypt_uat_fld_fileopen_chk_cb, "Path to the keyfile."),
3423 UAT_FLD_CSTRING_OTHER(sslkeylist_uats, password," Password (p12 file)", ssldecrypt_uat_fld_password_chk_cb, "Password"),
3427 dtlsdecrypt_uat = uat_new("DTLS RSA Keylist",
3428 sizeof(ssldecrypt_assoc_t),
3429 "dtlsdecrypttablefile", /* filename */
3430 TRUE, /* from_profile */
3431 (void**) &dtlskeylist_uats, /* data_ptr */
3432 &ndtlsdecrypt, /* numitems_ptr */
3433 UAT_AFFECTS_DISSECTION, /* affects dissection of packets, but not set of named fields */
3434 "ChK12ProtocolsSection", /* TODO, need revision - help */
3435 dtlsdecrypt_copy_cb,
3436 NULL, /* dtlsdecrypt_update_cb? */
3437 dtlsdecrypt_free_cb,
3439 dtlskeylist_uats_flds);
3441 prefs_register_uat_preference(dtls_module, "cfg",
3443 "A table of RSA keys for DTLS decryption",
3446 prefs_register_filename_preference(dtls_module, "debug_file", "DTLS debug file",
3447 "redirect dtls debug to file name; leave empty to disable debug, "
3448 "use \"" SSL_DEBUG_USE_STDERR "\" to redirect output to stderr\n",
3449 &dtls_debug_file_name);
3451 prefs_register_string_preference(dtls_module, "keys_list", "RSA keys list (deprecated)",
3452 "Semicolon-separated list of private RSA keys used for DTLS decryption. "
3453 "Used by versions of Wireshark prior to 1.6",
3459 register_dissector("dtls", dissect_dtls, proto_dtls);
3460 dtls_handle = find_dissector("dtls");
3462 dtls_associations = g_tree_new(ssl_association_cmp);
3464 register_init_routine(dtls_init);
3466 dtls_tap = register_tap("dtls");
3467 ssl_debug_printf("proto_register_dtls: registered tap %s:%d\n",
3470 register_heur_dissector_list("dtls", &heur_subdissector_list);
3474 /* If this dissector uses sub-dissector registration add a registration
3475 * routine. This format is required because a script is used to find
3476 * these routines and create the code that calls these routines.
3479 proto_reg_handoff_dtls(void)
3481 static gboolean initialized = FALSE;
3483 /* add now dissector to default ports.*/
3485 dtls_parse_old_keys();
3486 exported_pdu_tap = find_tap_id(EXPORT_PDU_TAP_NAME_LAYER_7);
3488 if (initialized == FALSE) {
3489 heur_dissector_add("udp", dissect_dtls_heur, proto_dtls);
3490 dissector_add_uint("sctp.ppi", DIAMETER_DTLS_PROTOCOL_ID, find_dissector("dtls"));