2 * Routines for ssl dissection
3 * Copyright (c) 2000-2001, Scott Renfro <scott@renfro.org>
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 * http://www.netscape.com/eng/security/SSL_2.html
33 * http://www.netscape.com/eng/ssl3/
37 * See RFC 2246 for SSL 3.1/TLS 1.0 specs.
39 * See (among other places)
41 * http://www.graphcomp.com/info/specs/ms/pct.htm
43 * for PCT 1 draft specs.
47 * http://research.sun.com/projects/crypto/draft-ietf-tls-ecc-05.txt
49 * for Elliptic Curve Cryptography cipher suites.
53 * http://www.ietf.org/internet-drafts/draft-ietf-tls-camellia-04.txt
55 * for Camellia-based cipher suites.
59 * - Does not support dissection
60 * of frames that would require state maintained between frames
61 * (e.g., single ssl records spread across multiple tcp frames)
63 * - Identifies, but does not fully dissect the following messages:
65 * - SSLv3/TLS (These need more state from previous handshake msgs)
66 * - Server Key Exchange
67 * - Client Key Exchange
68 * - Certificate Verify
70 * - SSLv2 (These don't appear in the clear)
75 * - Request Certificate
76 * - Client Certificate
78 * - Decryption is supported only for session that use RSA key exchange,
79 * if the host private key is provided via preference.
81 * - Decryption need to be performed 'sequentially', so it's done
82 * at packet reception time. This may cause a significative packet capture
83 * slow down. This also cause do dissect some ssl info that in previous
84 * dissector version were dissected only when a proto_tree context was
87 * We are at Packet reception if time pinfo->fd->flags.visited == 0
101 #include <epan/conversation.h>
102 #include <epan/prefs.h>
103 #include <epan/inet_v6defs.h>
104 #include <epan/dissectors/packet-x509af.h>
105 #include <epan/emem.h>
106 #include <epan/tap.h>
107 #include "packet-ssl-utils.h"
110 static gboolean ssl_desegment = TRUE;
113 /*********************************************************************
115 * Protocol Constants, Variables, Data Structures
117 *********************************************************************/
119 /* Initialize the protocol and registered fields */
120 static int ssl_tap = -1;
121 static int proto_ssl = -1;
122 static int hf_ssl_record = -1;
123 static int hf_ssl_record_content_type = -1;
124 static int hf_ssl_record_version = -1;
125 static int hf_ssl_record_length = -1;
126 static int hf_ssl_record_appdata = -1;
127 static int hf_ssl_record_appdata_decrypted = -1;
128 static int hf_ssl2_record = -1;
129 static int hf_ssl2_record_is_escape = -1;
130 static int hf_ssl2_record_padding_length = -1;
131 static int hf_ssl2_msg_type = -1;
132 static int hf_pct_msg_type = -1;
133 static int hf_ssl_change_cipher_spec = -1;
134 static int hf_ssl_alert_message = -1;
135 static int hf_ssl_alert_message_level = -1;
136 static int hf_ssl_alert_message_description = -1;
137 static int hf_ssl_handshake_protocol = -1;
138 static int hf_ssl_handshake_type = -1;
139 static int hf_ssl_handshake_length = -1;
140 static int hf_ssl_handshake_client_version = -1;
141 static int hf_ssl_handshake_server_version = -1;
142 static int hf_ssl_handshake_random_time = -1;
143 static int hf_ssl_handshake_random_bytes = -1;
144 static int hf_ssl_handshake_cipher_suites_len = -1;
145 static int hf_ssl_handshake_cipher_suites = -1;
146 static int hf_ssl_handshake_cipher_suite = -1;
147 static int hf_ssl_handshake_session_id = -1;
148 static int hf_ssl_handshake_comp_methods_len = -1;
149 static int hf_ssl_handshake_comp_methods = -1;
150 static int hf_ssl_handshake_comp_method = -1;
151 static int hf_ssl_handshake_extensions_len = -1;
152 static int hf_ssl_handshake_extension_type = -1;
153 static int hf_ssl_handshake_extension_len = -1;
154 static int hf_ssl_handshake_extension_data = -1;
155 static int hf_ssl_handshake_certificates_len = -1;
156 static int hf_ssl_handshake_certificates = -1;
157 static int hf_ssl_handshake_certificate = -1;
158 static int hf_ssl_handshake_certificate_len = -1;
159 static int hf_ssl_handshake_cert_types_count = -1;
160 static int hf_ssl_handshake_cert_types = -1;
161 static int hf_ssl_handshake_cert_type = -1;
162 static int hf_ssl_handshake_finished = -1;
163 static int hf_ssl_handshake_md5_hash = -1;
164 static int hf_ssl_handshake_sha_hash = -1;
165 static int hf_ssl_handshake_session_id_len = -1;
166 static int hf_ssl_handshake_dnames_len = -1;
167 static int hf_ssl_handshake_dnames = -1;
168 static int hf_ssl_handshake_dname_len = -1;
169 static int hf_ssl_handshake_dname = -1;
170 static int hf_ssl2_handshake_cipher_spec_len = -1;
171 static int hf_ssl2_handshake_session_id_len = -1;
172 static int hf_ssl2_handshake_challenge_len = -1;
173 static int hf_ssl2_handshake_cipher_spec = -1;
174 static int hf_ssl2_handshake_challenge = -1;
175 static int hf_ssl2_handshake_clear_key_len = -1;
176 static int hf_ssl2_handshake_enc_key_len = -1;
177 static int hf_ssl2_handshake_key_arg_len = -1;
178 static int hf_ssl2_handshake_clear_key = -1;
179 static int hf_ssl2_handshake_enc_key = -1;
180 static int hf_ssl2_handshake_key_arg = -1;
181 static int hf_ssl2_handshake_session_id_hit = -1;
182 static int hf_ssl2_handshake_cert_type = -1;
183 static int hf_ssl2_handshake_connection_id_len = -1;
184 static int hf_ssl2_handshake_connection_id = -1;
185 static int hf_pct_handshake_cipher_spec = -1;
186 static int hf_pct_handshake_hash_spec = -1;
187 static int hf_pct_handshake_cert_spec = -1;
188 static int hf_pct_handshake_cert = -1;
189 static int hf_pct_handshake_server_cert = -1;
190 static int hf_pct_handshake_exch_spec = -1;
191 static int hf_pct_handshake_hash = -1;
192 static int hf_pct_handshake_cipher = -1;
193 static int hf_pct_handshake_exch = -1;
194 static int hf_pct_handshake_sig = -1;
195 static int hf_pct_msg_error_type = -1;
197 /* Initialize the subtree pointers */
198 static gint ett_ssl = -1;
199 static gint ett_ssl_record = -1;
200 static gint ett_ssl_alert = -1;
201 static gint ett_ssl_handshake = -1;
202 static gint ett_ssl_cipher_suites = -1;
203 static gint ett_ssl_comp_methods = -1;
204 static gint ett_ssl_extension = -1;
205 static gint ett_ssl_certs = -1;
206 static gint ett_ssl_cert_types = -1;
207 static gint ett_ssl_dnames = -1;
208 static gint ett_pct_cipher_suites = -1;
209 static gint ett_pct_hash_suites = -1;
210 static gint ett_pct_cert_suites = -1;
211 static gint ett_pct_exch_suites = -1;
214 unsigned int ssl_port;
215 unsigned int decrypted_port;
216 dissector_handle_t handle;
220 static char* ssl_keys_list = NULL;
221 static char* ssl_ports_list = NULL;
223 typedef struct _SslService {
228 static GHashTable *ssl_session_hash = NULL;
229 static GHashTable *ssl_key_hash = NULL;
230 static GTree* ssl_associations = NULL;
231 static dissector_handle_t ssl_handle = NULL;
232 static StringInfo ssl_decrypted_data = {NULL, 0};
234 /* Hash Functions for ssl sessions table and private keys table*/
236 ssl_equal (gconstpointer v, gconstpointer v2)
238 const StringInfo *val1 = (const StringInfo *)v;
239 const StringInfo *val2 = (const StringInfo *)v2;
241 if (val1->data_len == val2->data_len &&
242 !memcmp(val1->data, val2->data, val2->data_len)) {
249 ssl_hash (gconstpointer v)
252 StringInfo* id = (StringInfo*) v;
253 guint* cur = (guint*) id->data;
254 for (l=4; (l<id->data_len); l+=4, cur++)
255 hash = hash ^ (*cur);
261 ssl_private_key_equal (gconstpointer v, gconstpointer v2)
263 const SslService *val1 = (const SslService *)v;
264 const SslService *val2 = (const SslService *)v2;
266 if ((val1->port == val2->port) &&
267 ! CMP_ADDRESS(&val1->addr, &val2->addr)) {
274 ssl_private_key_hash (gconstpointer v)
276 const SslService *key = (const SslService *)v;
277 guint l,hash = key->port, len = key->addr.len;
279 guint* cur = (guint*) key->addr.data;
280 for (l=4; (l<len); l+=4, cur++)
281 hash = hash ^ (*cur);
286 /* private key table entries have a scope 'larger' then packet capture,
287 * so we can't relay on se_alloc** function */
289 ssl_private_key_free(gpointer id, gpointer key, gpointer dummy _U_)
292 ssl_free_key((SSL_PRIVATE_KEY*) key);
295 /* handling of association between ssl ports and clear text protocol */
297 ssl_association_add(unsigned int port, unsigned int ctport,
300 dissector_table_t tcp_dissectors = find_dissector_table( "tcp.port");
301 SslAssociation* assoc = g_malloc(sizeof(SslAssociation)+strlen(info)+1);
303 assoc->info = (char*) assoc+sizeof(SslAssociation);
304 strcpy(assoc->info, info);
305 assoc->ssl_port = port;
306 assoc->decrypted_port = ctport;
307 assoc->handle = dissector_get_port_handle(tcp_dissectors, ctport);
309 ssl_debug_printf("ssl_association_add port %d ctport %d info %s handle %p\n",
310 port, ctport, info, assoc->handle);
312 dissector_add("tcp.port", port, ssl_handle);
313 g_tree_insert(ssl_associations, (gpointer)port, assoc);
317 ssl_association_cmp(gconstpointer a, gconstpointer b)
319 return (gint)a-(gint)b;
323 SslAssociation* ssl_association_find(unsigned int port)
325 register SslAssociation* ret = g_tree_lookup(ssl_associations, (gpointer)port);
326 ssl_debug_printf("ssl_association_find: port %d found %p\n", port, ret);
331 ssl_association_remove_handle (gpointer key _U_,
332 gpointer data, gpointer user_data _U_)
334 SslAssociation* assoc = (SslAssociation*) data;
335 ssl_debug_printf("ssl_association_remove_handle removing ptr %p handle %p\n",
336 data, assoc->handle);
338 dissector_delete("tcp.port", assoc->ssl_port, assoc->handle);
343 static inline int ssl_packet_from_server(unsigned int port)
345 register int ret = ssl_association_find(port) != 0;
346 ssl_debug_printf("ssl_packet_from_server: is from server %d\n", ret);
350 /* initialize/reset per capture state data (ssl sessions cache) */
351 static void ssl_init(void)
353 if (ssl_session_hash)
354 g_hash_table_destroy(ssl_session_hash);
355 ssl_session_hash = g_hash_table_new(ssl_hash, ssl_equal);
356 if (ssl_decrypted_data.data)
357 g_free(ssl_decrypted_data.data);
358 ssl_decrypted_data.data = g_malloc0(32);
359 ssl_decrypted_data.data_len = 32;
362 /* parse ssl related preferences (private keys and ports association strings) */
363 static void ssl_parse(void)
367 g_hash_table_foreach(ssl_key_hash, ssl_private_key_free, NULL);
368 g_hash_table_destroy(ssl_key_hash);
370 if (ssl_associations)
372 g_tree_traverse(ssl_associations, ssl_association_remove_handle, G_IN_ORDER, NULL);
373 g_tree_destroy(ssl_associations);
376 /* parse private keys string, load available keys and put them in key hash*/
377 ssl_key_hash = g_hash_table_new(ssl_private_key_hash,ssl_private_key_equal);
378 ssl_associations = g_tree_new(ssl_association_cmp);
380 if (ssl_keys_list && (ssl_keys_list[0] != 0))
383 char* start = strdup(ssl_keys_list);
386 ssl_debug_printf("ssl_init keys string %s\n", start);
388 char* addr, *port, *filename;
391 SSL_PRIVATE_KEY * private_key;
395 /* split ip/file couple with ',' separator*/
396 end = strchr(start, ',');
402 /* for each entry split ip, port, filename with ':' separator */
403 ssl_debug_printf("ssl_init found host entry %s\n", addr);
404 port = strchr(addr, ':');
407 ssl_debug_printf("ssl_init entry malformed can't find port in %s\n", addr);
413 filename = strchr(port,':');
416 ssl_debug_printf("ssl_init entry malformed can't find filename in %s\n", port);
422 /* convert ip and port string to network rappresentation*/
423 service = g_malloc(sizeof(SslService) + 4);
424 service->addr.type = AT_IPv4;
425 service->addr.len = 4;
426 service->addr.data = ip = ((unsigned char*)service) + sizeof(SslService);
427 sscanf(addr, "%hhu.%hhu.%hhu.%hhu", &ip[0], &ip[1], &ip[2], &ip[3]);
428 service->port = atoi(port);
429 ssl_debug_printf("ssl_init addr %hhu.%hhu.%hhu.%hhu port %d filename %s\n",
430 ip[0], ip[1], ip[2], ip[3], service->port, filename);
432 /* try to load pen file*/
433 fp = fopen(filename, "rb");
435 fprintf(stderr, "can't open file %s \n",filename);
439 private_key = ssl_load_key(fp);
441 fprintf(stderr,"can't load private key from %s\n",
447 ssl_debug_printf("ssl_init private key file %s successfully loaded\n",
449 g_hash_table_insert(ssl_key_hash, service, private_key);
451 } while (end != NULL);
455 /* parse ssl ports string and add ssl dissector to specifed port[s]*/
456 if (ssl_ports_list && (ssl_ports_list[0] != 0))
459 char* start = strdup(ssl_ports_list);
462 ssl_debug_printf("ssl_init ports string %s\n", start);
464 char* port, *ctport, *info;
465 unsigned int portn, ctportn;
468 /* split ip/file couple with ',' separator*/
469 end = strchr(start, ',');
475 /* for each entry split ip, port, filename with ':' separator */
476 ssl_debug_printf("ssl_init found port entry %s\n", port);
477 ctport = strchr(port, ':');
483 info = strchr(ctport,':');
489 /* add dissector to this port */
491 ctportn = atoi(ctport);
492 if (!portn || !ctportn)
495 ssl_debug_printf("ssl_init adding dissector to port %d (ct port %d)\n", portn, ctportn);
496 ssl_association_add(portn, ctportn, info);
497 } while (end != NULL);
501 /* [re] add ssl dissection to defaults ports */
502 ssl_association_add(443, 80, "Hypertext transfer protocol");
503 ssl_association_add(636, 389, "Lightweight directory access protocol");
504 ssl_association_add(993, 143, "Interactive mail access protocol");
505 ssl_association_add(995, 110, "Post office protocol");
508 /* store master secret into session data cache */
509 static void ssl_save_session(SslDecryptSession* ssl)
511 /* allocate stringinfo chunks for session id and master secret data*/
512 StringInfo* session_id = se_alloc0(sizeof(StringInfo) + ssl->session_id.data_len);
513 StringInfo* master_secret = se_alloc0(48 + sizeof(StringInfo));
515 master_secret->data = ((unsigned char*)master_secret+sizeof(StringInfo));
516 session_id->data = ((unsigned char*)session_id+sizeof(StringInfo));
518 ssl_data_set(session_id, ssl->session_id.data, ssl->session_id.data_len);
519 ssl_data_set(master_secret, ssl->master_secret.data, ssl->master_secret.data_len);
520 g_hash_table_insert(ssl_session_hash, session_id, master_secret);
521 ssl_print_string("ssl_save_session stored session id", session_id);
522 ssl_print_string("ssl_save_session stored master secret", master_secret);
525 static void ssl_restore_session(SslDecryptSession* ssl)
527 StringInfo* ms = g_hash_table_lookup(ssl_session_hash, &ssl->session_id);
529 ssl_debug_printf("ssl_restore_session can't find stored session\n");
532 ssl_data_set(&ssl->master_secret, ms->data, ms->data_len);
533 ssl->state |= SSL_MASTER_SECRET;
534 ssl_debug_printf("ssl_restore_session master key retrived\n");
537 /* The TCP port to associate with by default */
538 #define TCP_PORT_SSL 443
539 #define TCP_PORT_SSL_LDAP 636
540 #define TCP_PORT_SSL_IMAP 993
541 #define TCP_PORT_SSL_POP 995
543 /* version state tables */
544 #define SSL_VER_UNKNOWN 0
545 #define SSL_VER_SSLv2 1
546 #define SSL_VER_SSLv3 2
547 #define SSL_VER_TLS 3
548 #define SSL_VER_PCT 4
550 /* corresponds to the #defines above */
551 static const gchar* ssl_version_short_names[] = {
560 #define SSL_ID_CHG_CIPHER_SPEC 0x14
561 #define SSL_ID_ALERT 0x15
562 #define SSL_ID_HANDSHAKE 0x16
563 #define SSL_ID_APP_DATA 0x17
565 #define SSL_HND_HELLO_REQUEST 0
566 #define SSL_HND_CLIENT_HELLO 1
567 #define SSL_HND_SERVER_HELLO 2
568 #define SSL_HND_CERTIFICATE 11
569 #define SSL_HND_SERVER_KEY_EXCHG 12
570 #define SSL_HND_CERT_REQUEST 13
571 #define SSL_HND_SVR_HELLO_DONE 14
572 #define SSL_HND_CERT_VERIFY 15
573 #define SSL_HND_CLIENT_KEY_EXCHG 16
574 #define SSL_HND_FINISHED 20
576 #define SSL2_HND_ERROR 0x00
577 #define SSL2_HND_CLIENT_HELLO 0x01
578 #define SSL2_HND_CLIENT_MASTER_KEY 0x02
579 #define SSL2_HND_CLIENT_FINISHED 0x03
580 #define SSL2_HND_SERVER_HELLO 0x04
581 #define SSL2_HND_SERVER_VERIFY 0x05
582 #define SSL2_HND_SERVER_FINISHED 0x06
583 #define SSL2_HND_REQUEST_CERTIFICATE 0x07
584 #define SSL2_HND_CLIENT_CERTIFICATE 0x08
586 #define PCT_VERSION_1 0x8001
588 #define PCT_MSG_CLIENT_HELLO 0x01
589 #define PCT_MSG_SERVER_HELLO 0x02
590 #define PCT_MSG_CLIENT_MASTER_KEY 0x03
591 #define PCT_MSG_SERVER_VERIFY 0x04
592 #define PCT_MSG_ERROR 0x05
594 #define PCT_CH_OFFSET_V1 0xa
596 #define PCT_CIPHER_DES 0x01
597 #define PCT_CIPHER_IDEA 0x02
598 #define PCT_CIPHER_RC2 0x03
599 #define PCT_CIPHER_RC4 0x04
600 #define PCT_CIPHER_DES_112 0x05
601 #define PCT_CIPHER_DES_168 0x06
603 #define PCT_HASH_MD5 0x0001
604 #define PCT_HASH_MD5_TRUNC_64 0x0002
605 #define PCT_HASH_SHA 0x0003
606 #define PCT_HASH_SHA_TRUNC_80 0x0004
607 #define PCT_HASH_DES_DM 0x0005
609 #define PCT_CERT_NONE 0x00
610 #define PCT_CERT_X509 0x01
611 #define PCT_CERT_PKCS7 0x02
613 #define PCT_SIG_NONE 0x0000
614 #define PCT_SIG_RSA_MD5 0x0001
615 #define PCT_SIG_RSA_SHA 0x0002
616 #define PCT_SIG_DSA_SHA 0x0003
618 #define PCT_EXCH_RSA_PKCS1 0x01
619 #define PCT_EXCH_RSA_PKCS1_TOKEN_DES 0x02
620 #define PCT_EXCH_RSA_PKCS1_TOKEN_DES3 0x03
621 #define PCT_EXCH_RSA_PKCS1_TOKEN_RC2 0x04
622 #define PCT_EXCH_RSA_PKCS1_TOKEN_RC4 0x05
623 #define PCT_EXCH_DH_PKCS3 0x06
624 #define PCT_EXCH_DH_PKCS3_TOKEN_DES 0x07
625 #define PCT_EXCH_DH_PKCS3_TOKEN_DES3 0x08
626 #define PCT_EXCH_FORTEZZA_TOKEN 0x09
628 #define PCT_ERR_BAD_CERTIFICATE 0x01
629 #define PCT_ERR_CLIENT_AUTH_FAILED 0x02
630 #define PCT_ERR_ILLEGAL_MESSAGE 0x03
631 #define PCT_ERR_INTEGRITY_CHECK_FAILED 0x04
632 #define PCT_ERR_SERVER_AUTH_FAILED 0x05
633 #define PCT_ERR_SPECS_MISMATCH 0x06
639 static const value_string ssl_20_msg_types[] = {
640 { SSL2_HND_ERROR, "Error" },
641 { SSL2_HND_CLIENT_HELLO, "Client Hello" },
642 { SSL2_HND_CLIENT_MASTER_KEY, "Client Master Key" },
643 { SSL2_HND_CLIENT_FINISHED, "Client Finished" },
644 { SSL2_HND_SERVER_HELLO, "Server Hello" },
645 { SSL2_HND_SERVER_VERIFY, "Server Verify" },
646 { SSL2_HND_SERVER_FINISHED, "Server Finished" },
647 { SSL2_HND_REQUEST_CERTIFICATE, "Request Certificate" },
648 { SSL2_HND_CLIENT_CERTIFICATE, "Client Certificate" },
652 static const value_string ssl_20_cipher_suites[] = {
653 { 0x010080, "SSL2_RC4_128_WITH_MD5" },
654 { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" },
655 { 0x030080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
656 { 0x040080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
657 { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" },
658 { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" },
659 { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" },
660 { 0x080080, "SSL2_RC4_64_WITH_MD5" },
661 { 0x000000, "TLS_NULL_WITH_NULL_NULL" },
662 { 0x000001, "TLS_RSA_WITH_NULL_MD5" },
663 { 0x000002, "TLS_RSA_WITH_NULL_SHA" },
664 { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
665 { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" },
666 { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" },
667 { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
668 { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
669 { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
670 { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" },
671 { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
672 { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
673 { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
674 { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
675 { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
676 { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
677 { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
678 { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
679 { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
680 { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
681 { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
682 { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
683 { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
684 { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
685 { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" },
686 { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
687 { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
688 { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
689 { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
690 { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
691 { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
692 { 0x00002f, "TLS_RSA_WITH_AES_128_CBC_SHA" },
693 { 0x000030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" },
694 { 0x000031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" },
695 { 0x000032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" },
696 { 0x000033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
697 { 0x000034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" },
698 { 0x000035, "TLS_RSA_WITH_AES_256_CBC_SHA" },
699 { 0x000036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" },
700 { 0x000037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" },
701 { 0x000038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" },
702 { 0x000039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
703 { 0x00003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" },
704 { 0x000041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" },
705 { 0x000042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" },
706 { 0x000043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" },
707 { 0x000044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" },
708 { 0x000045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" },
709 { 0x000046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" },
710 { 0x000047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
711 { 0x000048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
712 { 0x000049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" },
713 { 0x00004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
714 { 0x00004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
715 { 0x00004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
716 { 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
717 { 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
718 { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
719 { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
720 { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
721 { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
722 { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
723 { 0x000084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" },
724 { 0x000085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" },
725 { 0x000086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" },
726 { 0x000087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" },
727 { 0x000088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" },
728 { 0x000089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" },
729 /* these from http://www.mozilla.org/projects/
730 security/pki/nss/ssl/fips-ssl-ciphersuites.html */
731 { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
732 { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
733 { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
734 { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
735 /* Microsoft's old PCT protocol. These are from Eric Rescorla's
736 book "SSL and TLS" */
737 { 0x8f8001, "PCT_SSL_COMPAT | PCT_VERSION_1" },
738 { 0x800003, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509_CHAIN" },
739 { 0x800001, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509" },
740 { 0x810001, "PCT_SSL_HASH_TYPE | PCT1_HASH_MD5" },
741 { 0x810003, "PCT_SSL_HASH_TYPE | PCT1_HASH_SHA" },
742 { 0x820001, "PCT_SSL_EXCH_TYPE | PCT1_EXCH_RSA_PKCS1" },
743 { 0x830004, "PCT_SSL_CIPHER_TYPE_1ST_HALF | PCT1_CIPHER_RC4" },
744 { 0x848040, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_128 | PCT1_MAC_BITS_128" },
745 { 0x842840, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_40 | PCT1_MAC_BITS_128" },
746 /* note that ciphersuites of {0x00????} are TLS cipher suites in
747 * a sslv2 client hello message; the ???? above is the two-byte
748 * tls cipher suite id
753 static const value_string ssl_20_certificate_type[] = {
755 { 0x01, "X.509 Certificate" },
759 static const value_string ssl_31_content_type[] = {
760 { 20, "Change Cipher Spec" },
763 { 23, "Application Data" },
767 static const value_string ssl_versions[] = {
768 { 0x0301, "TLS 1.0" },
769 { 0x0300, "SSL 3.0" },
770 { 0x0002, "SSL 2.0" },
775 /* XXX - would be used if we dissected the body of a Change Cipher Spec
777 static const value_string ssl_31_change_cipher_spec[] = {
778 { 1, "Change Cipher Spec" },
783 static const value_string ssl_31_alert_level[] = {
789 static const value_string ssl_31_alert_description[] = {
790 { 0, "Close Notify" },
791 { 10, "Unexpected Message" },
792 { 20, "Bad Record MAC" },
793 { 21, "Decryption Failed" },
794 { 22, "Record Overflow" },
795 { 30, "Decompression Failure" },
796 { 40, "Handshake Failure" },
797 { 42, "Bad Certificate" },
798 { 43, "Unsupported Certificate" },
799 { 44, "Certificate Revoked" },
800 { 45, "Certificate Expired" },
801 { 46, "Certificate Unknown" },
802 { 47, "Illegal Parameter" },
803 { 48, "Unknown CA" },
804 { 49, "Access Denied" },
805 { 50, "Decode Error" },
806 { 51, "Decrypt Error" },
807 { 60, "Export Restriction" },
808 { 70, "Protocol Version" },
809 { 71, "Insufficient Security" },
810 { 80, "Internal Error" },
811 { 90, "User Canceled" },
812 { 100, "No Renegotiation" },
816 static const value_string ssl_31_handshake_type[] = {
817 { SSL_HND_HELLO_REQUEST, "Hello Request" },
818 { SSL_HND_CLIENT_HELLO, "Client Hello" },
819 { SSL_HND_SERVER_HELLO, "Server Hello" },
820 { SSL_HND_CERTIFICATE, "Certificate" },
821 { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" },
822 { SSL_HND_CERT_REQUEST, "Certificate Request" },
823 { SSL_HND_SVR_HELLO_DONE, "Server Hello Done" },
824 { SSL_HND_CERT_VERIFY, "Certificate Verify" },
825 { SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" },
826 { SSL_HND_FINISHED, "Finished" },
830 static const value_string ssl_31_compression_method[] = {
838 /* XXX - would be used if we dissected a Signature, as would be
839 seen in a server key exchange or certificate verify message. */
840 static const value_string ssl_31_key_exchange_algorithm[] = {
842 { 1, "Diffie Hellman" },
846 static const value_string ssl_31_signature_algorithm[] = {
854 static const value_string ssl_31_client_certificate_type[] = {
857 { 3, "RSA Fixed DH" },
858 { 4, "DSS Fixed DH" },
863 /* XXX - would be used if we dissected exchange keys, as would be
864 seen in a client key exchange message. */
865 static const value_string ssl_31_public_value_encoding[] = {
872 static const value_string ssl_31_ciphersuite[] = {
873 { 0x0000, "TLS_NULL_WITH_NULL_NULL" },
874 { 0x0001, "TLS_RSA_WITH_NULL_MD5" },
875 { 0x0002, "TLS_RSA_WITH_NULL_SHA" },
876 { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
877 { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" },
878 { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" },
879 { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
880 { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
881 { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
882 { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" },
883 { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
884 { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
885 { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
886 { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
887 { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
888 { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
889 { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
890 { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
891 { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
892 { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
893 { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
894 { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
895 { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
896 { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
897 { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" },
898 { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
899 { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
900 { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
901 { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
902 { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
903 { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
904 { 0x002f, "TLS_RSA_WITH_AES_128_CBC_SHA" },
905 { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" },
906 { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" },
907 { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" },
908 { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
909 { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" },
910 { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" },
911 { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" },
912 { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" },
913 { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" },
914 { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
915 { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" },
916 { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" },
917 { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" },
918 { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" },
919 { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" },
920 { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" },
921 { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" },
922 { 0x0047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
923 { 0x0048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
924 { 0x0049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" },
925 { 0x004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
926 { 0x004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
927 { 0x004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
928 { 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
929 { 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
930 { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
931 { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
932 { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
933 { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
934 { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
935 { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" },
936 { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" },
937 { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" },
938 { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" },
939 { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" },
940 { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" },
941 /* these from http://www.mozilla.org/projects/
942 security/pki/nss/ssl/fips-ssl-ciphersuites.html */
943 { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
944 { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
945 { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
946 { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
947 /* note that ciphersuites 0xff00 - 0xffff are private */
951 static const value_string pct_msg_types[] = {
952 { PCT_MSG_CLIENT_HELLO, "Client Hello" },
953 { PCT_MSG_SERVER_HELLO, "Server Hello" },
954 { PCT_MSG_CLIENT_MASTER_KEY, "Client Master Key" },
955 { PCT_MSG_SERVER_VERIFY, "Server Verify" },
956 { PCT_MSG_ERROR, "Error" },
960 static const value_string pct_cipher_type[] = {
961 { PCT_CIPHER_DES, "DES" },
962 { PCT_CIPHER_IDEA, "IDEA" },
963 { PCT_CIPHER_RC2, "RC2" },
964 { PCT_CIPHER_RC4, "RC4" },
965 { PCT_CIPHER_DES_112, "DES 112 bit" },
966 { PCT_CIPHER_DES_168, "DES 168 bit" },
970 static const value_string pct_hash_type[] = {
971 { PCT_HASH_MD5, "MD5" },
972 { PCT_HASH_MD5_TRUNC_64, "MD5_TRUNC_64"},
973 { PCT_HASH_SHA, "SHA"},
974 { PCT_HASH_SHA_TRUNC_80, "SHA_TRUNC_80"},
975 { PCT_HASH_DES_DM, "DES_DM"},
979 static const value_string pct_cert_type[] = {
980 { PCT_CERT_NONE, "None" },
981 { PCT_CERT_X509, "X.509" },
982 { PCT_CERT_PKCS7, "PKCS #7" },
985 static const value_string pct_sig_type[] = {
986 { PCT_SIG_NONE, "None" },
987 { PCT_SIG_RSA_MD5, "MD5" },
988 { PCT_SIG_RSA_SHA, "RSA SHA" },
989 { PCT_SIG_DSA_SHA, "DSA SHA" },
993 static const value_string pct_exch_type[] = {
994 { PCT_EXCH_RSA_PKCS1, "RSA PKCS#1" },
995 { PCT_EXCH_RSA_PKCS1_TOKEN_DES, "RSA PKCS#1 Token DES" },
996 { PCT_EXCH_RSA_PKCS1_TOKEN_DES3, "RSA PKCS#1 Token 3DES" },
997 { PCT_EXCH_RSA_PKCS1_TOKEN_RC2, "RSA PKCS#1 Token RC-2" },
998 { PCT_EXCH_RSA_PKCS1_TOKEN_RC4, "RSA PKCS#1 Token RC-4" },
999 { PCT_EXCH_DH_PKCS3, "DH PKCS#3" },
1000 { PCT_EXCH_DH_PKCS3_TOKEN_DES, "DH PKCS#3 Token DES" },
1001 { PCT_EXCH_DH_PKCS3_TOKEN_DES3, "DH PKCS#3 Token 3DES" },
1002 { PCT_EXCH_FORTEZZA_TOKEN, "Fortezza" },
1006 static const value_string pct_error_code[] = {
1007 { PCT_ERR_BAD_CERTIFICATE, "PCT_ERR_BAD_CERTIFICATE" },
1008 { PCT_ERR_CLIENT_AUTH_FAILED, "PCT_ERR_CLIENT_AUTH_FAILE" },
1009 { PCT_ERR_ILLEGAL_MESSAGE, "PCT_ERR_ILLEGAL_MESSAGE" },
1010 { PCT_ERR_INTEGRITY_CHECK_FAILED, "PCT_ERR_INTEGRITY_CHECK_FAILED" },
1011 { PCT_ERR_SERVER_AUTH_FAILED, "PCT_ERR_SERVER_AUTH_FAILED" },
1012 { PCT_ERR_SPECS_MISMATCH, "PCT_ERR_SPECS_MISMATCH" },
1017 static const value_string tls_hello_extension_types[] = {
1018 { 0, "server_name" },
1019 { 1, "max_fragment_length" },
1020 { 2, "client_certificate_url" },
1021 { 3, "trusted_ca_keys" },
1022 { 4, "truncated_hmac" },
1023 { 5, "status_request" },
1024 { 35, "EAP-FAST PAC-Opaque" /* draft-cam-winget-eap-fast-00.txt */ },
1028 /*********************************************************************
1030 * Forward Declarations
1032 *********************************************************************/
1035 * SSL version 3 and TLS dissectors
1038 /* record layer dissector */
1039 static int dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
1040 proto_tree *tree, guint32 offset,
1041 guint *conv_version,
1042 gboolean *need_desegmentation,
1043 SslDecryptSession *conv_data);
1045 /* change cipher spec dissector */
1046 static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
1049 guint *conv_version, guint8 content_type);
1051 /* alert message dissector */
1052 static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
1053 proto_tree *tree, guint32 offset,
1054 guint *conv_version);
1056 /* handshake protocol dissector */
1057 static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
1058 proto_tree *tree, guint32 offset,
1059 guint32 record_length,
1060 guint *conv_version,
1061 SslDecryptSession *conv_data, guint8 content_type);
1064 static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
1066 guint32 offset, guint32 length,
1067 SslDecryptSession* ssl);
1069 static void dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
1071 guint32 offset, guint32 length,
1072 SslDecryptSession* ssl);
1074 static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
1075 proto_tree *tree, guint32 offset, packet_info *pinfo);
1077 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
1081 static void dissect_ssl3_hnd_finished(tvbuff_t *tvb,
1084 guint* conv_version);
1088 * SSL version 2 dissectors
1092 /* record layer dissector */
1093 static int dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
1094 proto_tree *tree, guint32 offset,
1095 guint *conv_version,
1096 gboolean *need_desegmentation,
1097 SslDecryptSession* ssl);
1099 /* client hello dissector */
1100 static void dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
1103 SslDecryptSession* ssl);
1105 static void dissect_pct_msg_client_hello(tvbuff_t *tvb,
1109 /* client master key dissector */
1110 static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
1113 static void dissect_pct_msg_client_master_key(tvbuff_t *tvb,
1117 /* server hello dissector */
1118 static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
1120 guint32 offset, packet_info *pinfo);
1121 static void dissect_pct_msg_server_hello(tvbuff_t *tvb,
1123 guint32 offset, packet_info *pinfo);
1126 static void dissect_pct_msg_server_verify(tvbuff_t *tvb,
1130 static void dissect_pct_msg_error(tvbuff_t *tvb,
1138 /*static void ssl_set_conv_version(packet_info *pinfo, guint version);*/
1139 static int ssl_is_valid_handshake_type(guint8 type);
1140 static int ssl_is_valid_content_type(guint8 type);
1141 static int ssl_is_valid_ssl_version(guint16 version);
1142 static int ssl_is_authoritative_version_message(guint8 content_type,
1144 static int ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset);
1145 static int ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset);
1146 static int ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset);
1147 static int ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb,
1149 guint32 record_length);
1150 static int ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb,
1152 guint32 record_length);
1153 /*********************************************************************
1157 *********************************************************************/
1159 * Code to actually dissect the packets
1162 dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1165 conversation_t *conversation;
1167 proto_item *ti = NULL;
1168 proto_tree *ssl_tree = NULL;
1170 gboolean first_record_in_frame = TRUE;
1171 gboolean need_desegmentation;
1172 SslDecryptSession* ssl_session = NULL;
1173 guint* conv_version;
1175 /* Track the version using conversations to reduce the
1176 * chance that a packet that simply *looks* like a v2 or
1177 * v3 packet is dissected improperly. This also allows
1178 * us to more frequently set the protocol column properly
1179 * for continuation data frames.
1181 * Also: We use the copy in conv_version as our cached copy,
1182 * so that we don't have to search the conversation
1183 * table every time we want the version; when setting
1184 * the conv_version, must set the copy in the conversation
1185 * in addition to conv_version
1187 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
1188 pinfo->srcport, pinfo->destport, 0);
1191 /* create a new conversation */
1192 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
1193 pinfo->srcport, pinfo->destport, 0);
1195 conv_data = conversation_get_proto_data(conversation, proto_ssl);
1197 /* PAOLO: manage ssl decryption data */
1198 /*get a valid ssl session pointer*/
1199 if (conv_data != NULL)
1200 ssl_session = conv_data;
1204 ssl_session = se_alloc0(sizeof(SslDecryptSession));
1205 ssl_session_init(ssl_session);
1206 ssl_session->version = SSL_VER_UNKNOWN;
1207 conversation_add_proto_data(conversation, proto_ssl, ssl_session);
1209 /* we need to know witch side of conversation is speaking*/
1210 if (ssl_packet_from_server(pinfo->srcport)) {
1211 dummy.addr = pinfo->net_src;
1212 dummy.port = pinfo->srcport;
1215 dummy.addr = pinfo->net_dst;
1216 dummy.port = pinfo->destport;
1218 ssl_debug_printf("dissect_ssl server %hhd.%hhd.%hhd.%hhd:%d\n",
1220 dummy.addr.data[1],dummy.addr.data[2],
1221 dummy.addr.data[3],dummy.port);
1223 /* try to retrive private key for this service. Do it now 'cause pinfo
1224 * is not always available
1225 * Note that with HAVE_LIBGNUTLS undefined private_key is allways 0
1226 * and thus decryption never engaged*/
1227 ssl_session->private_key = g_hash_table_lookup(ssl_key_hash, &dummy);
1228 if (!ssl_session->private_key)
1229 ssl_debug_printf("dissect_ssl can't find private key for this server!\n");
1231 conv_version= & ssl_session->version;
1233 /* try decryption only the first time we see this packet
1234 * (to keep cipher syncronized)and only if we have
1235 * the server private key*/
1236 if (!ssl_session->private_key || pinfo->fd->flags.visited)
1239 /* Initialize the protocol column; we'll set it later when we
1240 * figure out what flavor of SSL it is (assuming we don't
1241 * throw an exception before we get the chance to do so). */
1242 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1244 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSL");
1247 /* clear the the info column */
1248 if (check_col(pinfo->cinfo, COL_INFO))
1249 col_clear(pinfo->cinfo, COL_INFO);
1251 /* TCP packets and SSL records are orthogonal.
1252 * A tcp packet may contain multiple ssl records and an ssl
1253 * record may be spread across multiple tcp packets.
1255 * This loop accounts for multiple ssl records in a single
1256 * frame, but not a single ssl record across multiple tcp
1259 * Handling the single ssl record across multiple packets
1260 * may be possible using ethereal conversations, but
1261 * probably not cleanly. May have to wait for tcp stream
1265 /* Create display subtree for SSL as a whole */
1268 ti = proto_tree_add_item(tree, proto_ssl, tvb, 0, -1, FALSE);
1269 ssl_tree = proto_item_add_subtree(ti, ett_ssl);
1272 /* iterate through the records in this tvbuff */
1273 while (tvb_reported_length_remaining(tvb, offset) != 0)
1275 /* on second and subsequent records per frame
1276 * add a delimiter on info column
1278 if (!first_record_in_frame
1279 && check_col(pinfo->cinfo, COL_INFO))
1281 col_append_str(pinfo->cinfo, COL_INFO, ", ");
1285 * Assume, for now, that this doesn't need desegmentation.
1287 need_desegmentation = FALSE;
1289 /* first try to dispatch off the cached version
1290 * known to be associated with the conversation
1292 switch(*conv_version) {
1295 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
1296 offset, conv_version,
1297 &need_desegmentation,
1303 /* the version tracking code works too well ;-)
1304 * at times, we may visit a v2 client hello after
1305 * we already know the version of the connection;
1306 * work around that here by detecting and calling
1307 * the v2 dissector instead
1309 if (ssl_is_v2_client_hello(tvb, offset))
1311 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
1312 offset, conv_version,
1313 &need_desegmentation,
1318 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
1319 offset, conv_version,
1320 &need_desegmentation,
1325 /* that failed, so apply some heuristics based
1326 * on this individual packet
1329 if (ssl_looks_like_sslv2(tvb, offset))
1331 /* looks like sslv2 or pct client hello */
1332 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
1333 offset, conv_version,
1334 &need_desegmentation,
1337 else if (ssl_looks_like_sslv3(tvb, offset))
1339 /* looks like sslv3 or tls */
1340 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
1341 offset, conv_version,
1342 &need_desegmentation,
1347 /* looks like something unknown, so lump into
1350 offset = tvb_length(tvb);
1351 if (check_col(pinfo->cinfo, COL_INFO))
1352 col_append_str(pinfo->cinfo, COL_INFO,
1353 "Continuation Data");
1355 /* Set the protocol column */
1356 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1358 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1359 ssl_version_short_names[*conv_version]);
1365 /* Desegmentation return check */
1366 if (need_desegmentation)
1368 /* set up for next record in frame, if any */
1369 first_record_in_frame = FALSE;
1371 tap_queue_packet(ssl_tap, pinfo, (gpointer)proto_ssl);
1375 decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
1376 guint32 record_length, guint8 content_type, SslDecryptSession* ssl,
1377 gboolean save_plaintext)
1380 SslDecoder* decoder;
1382 /* if we can decrypt and decryption have success
1383 * add decrypted data to this packet info*/
1384 ssl_debug_printf("decrypt_ssl3_record: app_data len %d ssl state %X\n",
1385 record_length, ssl->state);
1386 if (!(ssl->state & SSL_HAVE_SESSION_KEY)) {
1387 ssl_debug_printf("decrypt_ssl3_record: no session key\n");
1391 /* retrive decoder for this packet direction*/
1392 if ((direction = ssl_packet_from_server(pinfo->srcport)) != 0) {
1393 ssl_debug_printf("decrypt_ssl3_record: using server decoder\n");
1394 decoder = &ssl->server;
1397 ssl_debug_printf("decrypt_ssl3_record: using client decoder\n");
1398 decoder = &ssl->client;
1401 /* ensure we have enough storage space for decrypted data */
1402 if (record_length > ssl_decrypted_data.data_len)
1404 ssl_debug_printf("decrypt_ssl3_record: allocating %d bytes"
1405 " for decrypt data (old len %d)\n",
1406 record_length + 32, ssl_decrypted_data.data_len);
1407 ssl_decrypted_data.data = g_realloc(ssl_decrypted_data.data,
1408 record_length + 32);
1409 ssl_decrypted_data.data_len = record_length + 32;
1412 /* run decryption and add decrypted payload to protocol data, if decryption
1414 len = ssl_decrypted_data.data_len;
1415 if ((ssl_decrypt_record(ssl, decoder,
1416 content_type, tvb_get_ptr(tvb, offset, record_length),
1417 record_length, ssl_decrypted_data.data, &len) == 0) &&
1420 StringInfo* data = p_get_proto_data(pinfo->fd, proto_ssl);
1423 ssl_debug_printf("decrypt_ssl3_record: allocating app_data %d "
1424 "bytes for app data\n", len);
1425 /* first app data record: allocate and put packet data*/
1426 data = se_alloc(sizeof(StringInfo));
1427 data->data = se_alloc(len);
1428 data->data_len = len;
1429 memcpy(data->data, ssl_decrypted_data.data, len);
1432 unsigned char* store;
1433 /* update previus record*/
1434 ssl_debug_printf("decrypt_ssl3_record: reallocating app_data "
1435 "%d bytes for app data (total %d appdata bytes)\n",
1436 len, data->data_len + len);
1437 store = se_alloc(data->data_len + len);
1438 memcpy(store, data->data, data->data_len);
1439 memcpy(&store[data->data_len], ssl_decrypted_data.data, len);
1440 data->data_len += len;
1442 /* old decrypted data ptr here appare to be leaked, but it's
1443 * collected by emem allocator */
1446 /* data ptr is changed, so remove old one and re-add the new one*/
1447 ssl_debug_printf("decrypt_ssl3_record: removing old app_data ptr\n");
1448 p_remove_proto_data(pinfo->fd, proto_ssl);
1451 ssl_debug_printf("decrypt_ssl3_record: setting decrypted app_data ptr %p\n",data);
1452 p_add_proto_data(pinfo->fd, proto_ssl, data);
1458 /*********************************************************************
1460 * SSL version 3 and TLS Dissection Routines
1462 *********************************************************************/
1464 dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
1465 proto_tree *tree, guint32 offset,
1466 guint *conv_version, gboolean *need_desegmentation,
1467 SslDecryptSession* ssl)
1472 * uint8 major, minor;
1473 * } ProtocolVersion;
1477 * change_cipher_spec(20), alert(21), handshake(22),
1478 * application_data(23), (255)
1483 * ProtocolVersion version;
1485 * opaque fragment[TLSPlaintext.length];
1488 guint32 record_length;
1490 guint8 content_type;
1492 proto_tree *ti = NULL;
1493 proto_tree *ssl_record_tree = NULL;
1494 guint32 available_bytes = 0;
1495 StringInfo* decrypted;
1496 SslAssociation* association;
1498 available_bytes = tvb_length_remaining(tvb, offset);
1501 * Can we do reassembly?
1503 if (ssl_desegment && pinfo->can_desegment) {
1505 * Yes - is the record header split across segment boundaries?
1507 if (available_bytes < 5) {
1509 * Yes. Tell the TCP dissector where the data for this
1510 * message starts in the data it handed us, and how many
1511 * more bytes we need, and return.
1513 pinfo->desegment_offset = offset;
1514 pinfo->desegment_len = 5 - available_bytes;
1515 *need_desegmentation = TRUE;
1521 * Get the record layer fields of interest
1523 content_type = tvb_get_guint8(tvb, offset);
1524 version = tvb_get_ntohs(tvb, offset + 1);
1525 record_length = tvb_get_ntohs(tvb, offset + 3);
1527 if (ssl_is_valid_content_type(content_type)) {
1530 * Can we do reassembly?
1532 if (ssl_desegment && pinfo->can_desegment) {
1534 * Yes - is the record split across segment boundaries?
1536 if (available_bytes < record_length + 5) {
1538 * Yes. Tell the TCP dissector where the data for this
1539 * message starts in the data it handed us, and how many
1540 * more bytes we need, and return.
1542 pinfo->desegment_offset = offset;
1543 pinfo->desegment_len = (record_length + 5) - available_bytes;
1544 *need_desegmentation = TRUE;
1551 /* if we don't have a valid content_type, there's no sense
1552 * continuing any further
1554 if (check_col(pinfo->cinfo, COL_INFO))
1555 col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
1557 /* Set the protocol column */
1558 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1560 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1561 ssl_version_short_names[*conv_version]);
1563 return offset + 5 + record_length;
1567 * If GUI, fill in record layer part of tree
1572 /* add the record layer subtree header */
1573 tvb_ensure_bytes_exist(tvb, offset, 5 + record_length);
1574 ti = proto_tree_add_item(tree, hf_ssl_record, tvb,
1575 offset, 5 + record_length, 0);
1576 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
1578 if (ssl_record_tree)
1581 /* show the one-byte content type */
1582 proto_tree_add_item(ssl_record_tree, hf_ssl_record_content_type,
1586 /* add the version */
1587 proto_tree_add_item(ssl_record_tree, hf_ssl_record_version, tvb,
1591 /* add the length */
1592 proto_tree_add_uint(ssl_record_tree, hf_ssl_record_length, tvb,
1593 offset, 2, record_length);
1594 offset += 2; /* move past length field itself */
1598 /* if no GUI tree, then just skip over those fields */
1604 * if we don't already have a version set for this conversation,
1605 * but this message's version is authoritative (i.e., it's
1606 * not client_hello, then save the version to to conversation
1607 * structure and print the column version
1609 next_byte = tvb_get_guint8(tvb, offset);
1610 if (*conv_version == SSL_VER_UNKNOWN
1611 && ssl_is_authoritative_version_message(content_type, next_byte))
1613 if (version == 0x0300)
1615 *conv_version = SSL_VER_SSLv3;
1617 ssl->version_netorder = version;
1618 ssl->state |= SSL_VERSION;
1620 /*ssl_set_conv_version(pinfo, ssl->version);*/
1622 else if (version == 0x0301)
1625 *conv_version = SSL_VER_TLS;
1627 ssl->version_netorder = version;
1628 ssl->state |= SSL_VERSION;
1630 /*ssl_set_conv_version(pinfo, ssl->version);*/
1633 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1635 if (version == 0x0300)
1637 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1638 ssl_version_short_names[SSL_VER_SSLv3]);
1640 else if (version == 0x0301)
1642 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1643 ssl_version_short_names[SSL_VER_TLS]);
1647 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1648 ssl_version_short_names[*conv_version]);
1653 * now dissect the next layer
1655 ssl_debug_printf("dissect_ssl3_record: content_type %d\n",content_type);
1657 /* PAOLO try to decrypt each record (we must keep ciphers "in sync")
1658 * store plain text only for app data */
1660 switch (content_type) {
1661 case SSL_ID_CHG_CIPHER_SPEC:
1662 if (check_col(pinfo->cinfo, COL_INFO))
1663 col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
1664 dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree,
1665 offset, conv_version, content_type);
1669 decrypt_ssl3_record(tvb, pinfo, offset,
1670 record_length, content_type, ssl, FALSE);
1671 dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
1674 case SSL_ID_HANDSHAKE:
1676 decrypt_ssl3_record(tvb, pinfo, offset,
1677 record_length, content_type, ssl, FALSE);
1678 dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
1679 record_length, conv_version, ssl, content_type);
1681 case SSL_ID_APP_DATA:
1683 decrypt_ssl3_record(tvb, pinfo, offset,
1684 record_length, content_type, ssl, TRUE);
1686 /* show on info colum what we are decoding */
1687 if (check_col(pinfo->cinfo, COL_INFO))
1688 col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
1690 if (!ssl_record_tree)
1693 /* we need dissector information when the selected packet is shown.
1694 * ssl session pointer is NULL at that time, so we can't access
1695 * info cached there*/
1696 association = ssl_association_find(pinfo->srcport);
1697 association = association ? association: ssl_association_find(pinfo->destport);
1699 proto_item_set_text(ssl_record_tree,
1700 "%s Record Layer: %s Protocol: %s",
1701 ssl_version_short_names[*conv_version],
1702 val_to_str(content_type, ssl_31_content_type, "unknown"),
1703 association?association->info:"Application Data");
1705 /* show decrypted data info, if available */
1706 decrypted = p_get_proto_data(pinfo->fd, proto_ssl);
1711 /* try to dissect decrypted data*/
1712 ssl_debug_printf("dissect_ssl3_record decrypted len %d\n", decrypted->data_len);
1714 /* create new tvbuff for the decrypted data */
1715 new_tvb = tvb_new_real_data(decrypted->data,
1716 decrypted->data_len, decrypted->data_len);
1717 tvb_set_free_cb(new_tvb, g_free);
1718 /* tvb_set_child_real_data_tvbuff(tvb, new_tvb); */
1720 /* find out a dissector using server port*/
1721 if (association && association->handle) {
1722 ssl_debug_printf("dissect_ssl3_record found association %p\n", association);
1723 ssl_print_text_data("decrypted app data",decrypted->data,
1724 decrypted->data_len);
1726 call_dissector(association->handle, new_tvb, pinfo, ssl_record_tree);
1728 /* add raw decrypted data only if a decoder is not found*/
1730 proto_tree_add_string(ssl_record_tree, hf_ssl_record_appdata_decrypted, tvb,
1731 offset, decrypted->data_len, (char*) decrypted->data);
1734 tvb_ensure_bytes_exist(tvb, offset, record_length);
1735 proto_tree_add_item(ssl_record_tree, hf_ssl_record_appdata, tvb,
1736 offset, record_length, 0);
1741 /* shouldn't get here since we check above for valid types */
1742 if (check_col(pinfo->cinfo, COL_INFO))
1743 col_append_str(pinfo->cinfo, COL_INFO, "Bad SSLv3 Content Type");
1746 offset += record_length; /* skip to end of record */
1751 /* dissects the change cipher spec procotol, filling in the tree */
1753 dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
1754 proto_tree *tree, guint32 offset,
1755 guint* conv_version, guint8 content_type)
1759 * enum { change_cipher_spec(1), (255) } type;
1760 * } ChangeCipherSpec;
1765 proto_item_set_text(tree,
1766 "%s Record Layer: %s Protocol: Change Cipher Spec",
1767 ssl_version_short_names[*conv_version],
1768 val_to_str(content_type, ssl_31_content_type, "unknown"));
1769 proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
1770 offset++, 1, FALSE);
1774 /* dissects the alert message, filling in the tree */
1776 dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
1777 proto_tree *tree, guint32 offset,
1778 guint* conv_version)
1782 * AlertDescription description;
1786 proto_tree *ssl_alert_tree = NULL;
1793 ti = proto_tree_add_item(tree, hf_ssl_alert_message, tvb,
1795 ssl_alert_tree = proto_item_add_subtree(ti, ett_ssl_alert);
1799 * set the record layer label
1802 /* first lookup the names for the alert level and description */
1803 byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
1804 level = match_strval(byte, ssl_31_alert_level);
1806 byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
1807 desc = match_strval(byte, ssl_31_alert_description);
1809 /* now set the text in the record layer line */
1812 if (check_col(pinfo->cinfo, COL_INFO))
1813 col_append_fstr(pinfo->cinfo, COL_INFO,
1814 "Alert (Level: %s, Description: %s)",
1819 if (check_col(pinfo->cinfo, COL_INFO))
1820 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
1827 proto_item_set_text(tree, "%s Record Layer: Alert "
1828 "(Level: %s, Description: %s)",
1829 ssl_version_short_names[*conv_version],
1831 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
1832 tvb, offset++, 1, FALSE);
1834 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_description,
1835 tvb, offset++, 1, FALSE);
1839 proto_item_set_text(tree,
1840 "%s Record Layer: Encrypted Alert",
1841 ssl_version_short_names[*conv_version]);
1842 proto_item_set_text(ssl_alert_tree,
1843 "Alert Message: Encrypted Alert");
1849 /* dissects the handshake protocol, filling the tree */
1851 dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
1852 proto_tree *tree, guint32 offset,
1853 guint32 record_length, guint *conv_version,
1854 SslDecryptSession* ssl, guint8 content_type)
1857 * HandshakeType msg_type;
1859 * select (HandshakeType) {
1860 * case hello_request: HelloRequest;
1861 * case client_hello: ClientHello;
1862 * case server_hello: ServerHello;
1863 * case certificate: Certificate;
1864 * case server_key_exchange: ServerKeyExchange;
1865 * case certificate_request: CertificateRequest;
1866 * case server_hello_done: ServerHelloDone;
1867 * case certificate_verify: CertificateVerify;
1868 * case client_key_exchange: ClientKeyExchange;
1869 * case finished: Finished;
1873 proto_tree *ti = NULL;
1874 proto_tree *ssl_hand_tree = NULL;
1875 const gchar *msg_type_str = NULL;
1878 gboolean first_iteration = TRUE;
1881 /* just as there can be multiple records per packet, there
1882 * can be multiple messages per record as long as they have
1883 * the same content type
1885 * we really only care about this for handshake messages
1888 /* set record_length to the max offset */
1889 record_length += offset;
1890 while (offset < record_length)
1892 msg_type = tvb_get_guint8(tvb, offset);
1893 msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
1894 length = tvb_get_ntoh24(tvb, offset + 1);
1896 ssl_debug_printf("dissect_ssl3_handshake iteration %d type %d offset %d lenght %d "
1897 "bytes, remaning %d \n", first_iteration, msg_type, offset, length, record_length);
1898 if (!msg_type_str && !first_iteration)
1900 /* only dissect / report messages if they're
1901 * either the first message in this record
1902 * or they're a valid message type
1907 /* on second and later iterations, add comma to info col */
1908 if (!first_iteration)
1910 if (check_col(pinfo->cinfo, COL_INFO))
1911 col_append_fstr(pinfo->cinfo, COL_INFO, ", ");
1915 * Update our info string
1917 if (check_col(pinfo->cinfo, COL_INFO))
1918 col_append_fstr(pinfo->cinfo, COL_INFO, "%s", (msg_type_str != NULL)
1919 ? msg_type_str : "Encrypted Handshake Message");
1923 /* set the label text on the record layer expanding node */
1924 if (first_iteration)
1926 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
1927 ssl_version_short_names[*conv_version],
1928 val_to_str(content_type, ssl_31_content_type, "unknown"),
1929 (msg_type_str!=NULL) ? msg_type_str :
1930 "Encrypted Handshake Message");
1934 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
1935 ssl_version_short_names[*conv_version],
1936 val_to_str(content_type, ssl_31_content_type, "unknown"),
1937 "Multiple Handshake Messages");
1940 /* add a subtree for the handshake protocol */
1941 ti = proto_tree_add_item(tree, hf_ssl_handshake_protocol, tvb,
1942 offset, length + 4, 0);
1943 ssl_hand_tree = proto_item_add_subtree(ti, ett_ssl_handshake);
1947 /* set the text label on the subtree node */
1948 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s",
1949 (msg_type_str != NULL) ? msg_type_str :
1950 "Encrypted Handshake Message");
1954 /* if we don't have a valid handshake type, just quit dissecting */
1958 /* PAOLO: if we are doing ssl decryption we must dissect some requests type */
1959 if (ssl_hand_tree || ssl)
1961 /* add nodes for the message type and message length */
1963 proto_tree_add_item(ssl_hand_tree, hf_ssl_handshake_type,
1964 tvb, offset, 1, msg_type);
1967 proto_tree_add_uint(ssl_hand_tree, hf_ssl_handshake_length,
1968 tvb, offset, 3, length);
1971 /* now dissect the handshake message, if necessary */
1973 case SSL_HND_HELLO_REQUEST:
1974 /* hello_request has no fields, so nothing to do! */
1977 case SSL_HND_CLIENT_HELLO:
1978 dissect_ssl3_hnd_cli_hello(tvb, ssl_hand_tree, offset, length, ssl);
1981 case SSL_HND_SERVER_HELLO:
1982 dissect_ssl3_hnd_srv_hello(tvb, ssl_hand_tree, offset, length, ssl);
1985 case SSL_HND_CERTIFICATE:
1986 dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset, pinfo);
1989 case SSL_HND_SERVER_KEY_EXCHG:
1993 case SSL_HND_CERT_REQUEST:
1994 dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset);
1997 case SSL_HND_SVR_HELLO_DONE:
1998 /* server_hello_done has no fields, so nothing to do! */
2001 case SSL_HND_CERT_VERIFY:
2005 case SSL_HND_CLIENT_KEY_EXCHG:
2007 /* PAOLO: here we can have all the data to build session key*/
2008 StringInfo encrypted_pre_master;
2014 /* check for required session data */
2015 ssl_debug_printf("dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state %X\n",
2017 if ((ssl->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) !=
2018 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) {
2019 ssl_debug_printf("dissect_ssl3_handshake not enough data to generate key (required %X)\n",
2020 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION));
2024 /* get encrypted data, we must skip tls record len && version and
2025 * 2 bytes of record data */
2026 encrypted_pre_master.data = se_alloc(length - 2);
2027 encrypted_pre_master.data_len = length-2;
2028 tvb_memcpy(tvb, encrypted_pre_master.data, offset+2, length-2);
2030 if (!ssl->private_key) {
2031 ssl_debug_printf("dissect_ssl3_handshake can't find private key\n");
2035 /* go with ssl key processessing; encrypted_pre_master
2036 * will be used for master secret store*/
2037 ret = ssl_decrypt_pre_master_secret(ssl, &encrypted_pre_master, ssl->private_key);
2039 ssl_debug_printf("dissect_ssl3_handshake can't decrypt pre master secret\n");
2042 if (ssl_generate_keyring_material(ssl)<0) {
2043 ssl_debug_printf("dissect_ssl3_handshake can't generate keyring material\n");
2046 ssl->state |= SSL_HAVE_SESSION_KEY;
2047 ssl_save_session(ssl);
2048 ssl_debug_printf("dissect_ssl3_handshake session keys succesfully generated\n");
2052 case SSL_HND_FINISHED:
2053 dissect_ssl3_hnd_finished(tvb, ssl_hand_tree,
2054 offset, conv_version);
2060 offset += 4; /* skip the handshake header when handshake is not processed*/
2063 first_iteration = FALSE; /* set up for next pass, if any */
2068 dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
2069 guint32 offset, SslDecryptSession* ssl, gint from_server)
2071 /* show the client's random challenge */
2072 nstime_t gmt_unix_time;
2073 guint8 session_id_length = 0;
2077 /* PAOLO: get proper peer information*/
2080 rnd = &ssl->server_random;
2082 rnd = &ssl->client_random;
2084 /* get provided random for keyring generation*/
2085 tvb_memcpy(tvb, rnd->data, offset, 32);
2088 ssl->state |= SSL_SERVER_RANDOM;
2090 ssl->state |= SSL_CLIENT_RANDOM;
2091 ssl_debug_printf("dissect_ssl3_hnd_hello_common found random state %X\n",
2094 session_id_length = tvb_get_guint8(tvb, offset + 32);
2095 /* check stored session id info */
2096 if (from_server && (session_id_length == ssl->session_id.data_len) &&
2097 (tvb_memeql(tvb, offset+33, ssl->session_id.data, session_id_length) == 0))
2099 /* clinet/server id match: try to restore a previous cached session*/
2100 ssl_restore_session(ssl);
2103 /* reset state on renegotiation*/
2105 ssl->state &= ~(SSL_HAVE_SESSION_KEY|SSL_MASTER_SECRET|
2106 SSL_CIPHER|SSL_SERVER_RANDOM);
2108 tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length);
2109 ssl->session_id.data_len = session_id_length;
2116 gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
2117 gmt_unix_time.nsecs = 0;
2118 proto_tree_add_time(tree, hf_ssl_handshake_random_time,
2119 tvb, offset, 4, &gmt_unix_time);
2122 /* show the random bytes */
2123 proto_tree_add_item(tree, hf_ssl_handshake_random_bytes,
2124 tvb, offset, 28, 0);
2127 /* show the session id */
2128 session_id_length = tvb_get_guint8(tvb, offset);
2129 proto_tree_add_item(tree, hf_ssl_handshake_session_id_len,
2130 tvb, offset++, 1, 0);
2131 if (session_id_length > 0)
2133 tvb_ensure_bytes_exist(tvb, offset, session_id_length);
2134 proto_tree_add_bytes_format(tree, hf_ssl_handshake_session_id,
2135 tvb, offset, session_id_length,
2136 tvb_get_ptr(tvb, offset, session_id_length),
2137 "Session ID (%u byte%s)",
2139 plurality(session_id_length, "", "s"));
2140 offset += session_id_length;
2146 return session_id_length+33;
2150 dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
2151 proto_tree *tree, guint32 offset, guint32 left)
2153 guint16 extension_length;
2157 proto_tree *ext_tree;
2162 extension_length = tvb_get_ntohs(tvb, offset);
2163 proto_tree_add_uint(tree, hf_ssl_handshake_extensions_len,
2164 tvb, offset, 2, extension_length);
2170 ext_type = tvb_get_ntohs(tvb, offset);
2171 ext_len = tvb_get_ntohs(tvb, offset + 2);
2173 pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len,
2175 val_to_str(ext_type,
2176 tls_hello_extension_types,
2178 ext_tree = proto_item_add_subtree(pi, ett_ssl_extension);
2182 proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_type,
2183 tvb, offset, 2, ext_type);
2186 proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_len,
2187 tvb, offset, 2, ext_len);
2190 proto_tree_add_bytes_format(ext_tree, hf_ssl_handshake_extension_data,
2191 tvb, offset, ext_len,
2192 tvb_get_ptr(tvb, offset, ext_len),
2194 ext_len, plurality(ext_len, "", "s"));
2196 left -= 2 + 2 + ext_len;
2203 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
2204 proto_tree *tree, guint32 offset, guint32 length,
2205 SslDecryptSession*ssl)
2208 * ProtocolVersion client_version;
2210 * SessionID session_id;
2211 * CipherSuite cipher_suites<2..2^16-1>;
2212 * CompressionMethod compression_methods<1..2^8-1>;
2213 * Extension client_hello_extension_list<0..2^16-1>;
2218 proto_tree *cs_tree;
2219 guint16 cipher_suite_length = 0;
2220 guint8 compression_methods_length = 0;
2221 guint8 compression_method;
2222 guint16 start_offset = offset;
2226 /* show the client version */
2228 proto_tree_add_item(tree, hf_ssl_handshake_client_version, tvb,
2232 /* show the fields in common with server hello */
2233 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 0);
2235 /* tell the user how many cipher suites there are */
2236 cipher_suite_length = tvb_get_ntohs(tvb, offset);
2239 proto_tree_add_uint(tree, hf_ssl_handshake_cipher_suites_len,
2240 tvb, offset, 2, cipher_suite_length);
2241 offset += 2; /* skip opaque length */
2243 if (cipher_suite_length > 0)
2245 tvb_ensure_bytes_exist(tvb, offset, cipher_suite_length);
2246 ti = proto_tree_add_none_format(tree,
2247 hf_ssl_handshake_cipher_suites,
2248 tvb, offset, cipher_suite_length,
2249 "Cipher Suites (%u suite%s)",
2250 cipher_suite_length / 2,
2251 plurality(cipher_suite_length/2, "", "s"));
2253 /* make this a subtree */
2254 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2257 cs_tree = tree; /* failsafe */
2260 while (cipher_suite_length > 0)
2262 proto_tree_add_item(cs_tree, hf_ssl_handshake_cipher_suite,
2263 tvb, offset, 2, FALSE);
2265 cipher_suite_length -= 2;
2269 /* tell the user how man compression methods there are */
2270 compression_methods_length = tvb_get_guint8(tvb, offset);
2271 proto_tree_add_uint(tree, hf_ssl_handshake_comp_methods_len,
2272 tvb, offset, 1, compression_methods_length);
2275 if (compression_methods_length > 0)
2277 tvb_ensure_bytes_exist(tvb, offset, compression_methods_length);
2278 ti = proto_tree_add_none_format(tree,
2279 hf_ssl_handshake_comp_methods,
2280 tvb, offset, compression_methods_length,
2281 "Compression Methods (%u method%s)",
2282 compression_methods_length,
2283 plurality(compression_methods_length,
2286 /* make this a subtree */
2287 cs_tree = proto_item_add_subtree(ti, ett_ssl_comp_methods);
2290 cs_tree = tree; /* failsafe */
2293 while (compression_methods_length > 0)
2295 compression_method = tvb_get_guint8(tvb, offset);
2296 if (compression_method < 64)
2297 proto_tree_add_uint(cs_tree, hf_ssl_handshake_comp_method,
2298 tvb, offset, 1, compression_method);
2299 else if (compression_method > 63 && compression_method < 193)
2300 proto_tree_add_text(cs_tree, tvb, offset, 1,
2301 "Compression Method: Reserved - to be assigned by IANA (%u)",
2302 compression_method);
2304 proto_tree_add_text(cs_tree, tvb, offset, 1,
2305 "Compression Method: Private use range (%u)",
2306 compression_method);
2308 compression_methods_length--;
2312 if (length > offset - start_offset)
2314 offset = dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
2316 (offset - start_offset));
2322 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
2323 proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl)
2326 * ProtocolVersion server_version;
2328 * SessionID session_id;
2329 * CipherSuite cipher_suite;
2330 * CompressionMethod compression_method;
2331 * Extension server_hello_extension_list<0..2^16-1>;
2334 guint16 start_offset = offset;
2338 /* show the server version */
2340 proto_tree_add_item(tree, hf_ssl_handshake_server_version, tvb,
2344 /* first display the elements conveniently in
2345 * common with client hello
2347 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 1);
2349 /* PAOLO: handle session cipher suite */
2351 /* store selected cipher suite for decryption */
2352 ssl->cipher = tvb_get_ntohs(tvb, offset);
2353 if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
2354 ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher);
2358 ssl->state |= SSL_CIPHER;
2359 ssl_debug_printf("dissect_ssl3_hnd_srv_hello found cipher %X, state %X\n",
2360 ssl->cipher, ssl->state);
2362 /* if we have restored a session now we can have enought material
2363 * to build session key, check it out*/
2365 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) !=
2366 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) {
2367 ssl_debug_printf("dissect_ssl3_hnd_srv_hello not enough data to generate key (required %X)\n",
2368 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET));
2372 ssl_debug_printf("dissect_ssl3_hnd_srv_hello trying to generate keys\n");
2373 if (ssl_generate_keyring_material(ssl)<0) {
2374 ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't generate keyring material\n");
2377 ssl->state |= SSL_HAVE_SESSION_KEY;
2383 /* now the server-selected cipher suite */
2384 proto_tree_add_item(tree, hf_ssl_handshake_cipher_suite,
2385 tvb, offset, 2, FALSE);
2388 /* and the server-selected compression method */
2389 proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
2390 tvb, offset, 1, FALSE);
2393 if (length > offset - start_offset)
2395 offset = dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
2397 (offset - start_offset));
2403 dissect_ssl3_hnd_cert(tvbuff_t *tvb,
2404 proto_tree *tree, guint32 offset, packet_info *pinfo)
2407 /* opaque ASN.1Cert<2^24-1>;
2410 * ASN.1Cert certificate_list<1..2^24-1>;
2413 guint32 certificate_list_length;
2415 proto_tree *subtree;
2419 certificate_list_length = tvb_get_ntoh24(tvb, offset);
2420 proto_tree_add_uint(tree, hf_ssl_handshake_certificates_len,
2421 tvb, offset, 3, certificate_list_length);
2422 offset += 3; /* 24-bit length value */
2424 if (certificate_list_length > 0)
2426 tvb_ensure_bytes_exist(tvb, offset, certificate_list_length);
2427 ti = proto_tree_add_none_format(tree,
2428 hf_ssl_handshake_certificates,
2429 tvb, offset, certificate_list_length,
2430 "Certificates (%u byte%s)",
2431 certificate_list_length,
2432 plurality(certificate_list_length,
2435 /* make it a subtree */
2436 subtree = proto_item_add_subtree(ti, ett_ssl_certs);
2439 subtree = tree; /* failsafe */
2442 /* iterate through each certificate */
2443 while (certificate_list_length > 0)
2445 /* get the length of the current certificate */
2446 guint32 cert_length = tvb_get_ntoh24(tvb, offset);
2447 certificate_list_length -= 3 + cert_length;
2449 proto_tree_add_item(subtree, hf_ssl_handshake_certificate_len,
2450 tvb, offset, 3, FALSE);
2453 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, subtree, hf_ssl_handshake_certificate);
2454 offset += cert_length;
2462 dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
2463 proto_tree *tree, guint32 offset)
2467 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
2469 * } ClientCertificateType;
2471 * opaque DistinguishedName<1..2^16-1>;
2474 * ClientCertificateType certificate_types<1..2^8-1>;
2475 * DistinguishedName certificate_authorities<3..2^16-1>;
2476 * } CertificateRequest;
2480 proto_tree *subtree;
2481 guint8 cert_types_count = 0;
2482 int dnames_length = 0;
2486 cert_types_count = tvb_get_guint8(tvb, offset);
2487 proto_tree_add_uint(tree, hf_ssl_handshake_cert_types_count,
2488 tvb, offset, 1, cert_types_count);
2491 if (cert_types_count > 0)
2493 ti = proto_tree_add_none_format(tree,
2494 hf_ssl_handshake_cert_types,
2495 tvb, offset, cert_types_count,
2496 "Certificate types (%u type%s)",
2498 plurality(cert_types_count, "", "s"));
2499 subtree = proto_item_add_subtree(ti, ett_ssl_cert_types);
2505 while (cert_types_count > 0)
2507 proto_tree_add_item(subtree, hf_ssl_handshake_cert_type,
2508 tvb, offset, 1, FALSE);
2514 dnames_length = tvb_get_ntohs(tvb, offset);
2515 proto_tree_add_uint(tree, hf_ssl_handshake_dnames_len,
2516 tvb, offset, 2, dnames_length);
2519 if (dnames_length > 0)
2521 tvb_ensure_bytes_exist(tvb, offset, dnames_length);
2522 ti = proto_tree_add_none_format(tree,
2523 hf_ssl_handshake_dnames,
2524 tvb, offset, dnames_length,
2525 "Distinguished Names (%d byte%s)",
2527 plurality(dnames_length, "", "s"));
2528 subtree = proto_item_add_subtree(ti, ett_ssl_dnames);
2534 while (dnames_length > 0)
2536 /* get the length of the current certificate */
2537 guint16 name_length = tvb_get_ntohs(tvb, offset);
2538 dnames_length -= 2 + name_length;
2540 proto_tree_add_item(subtree, hf_ssl_handshake_dname_len,
2541 tvb, offset, 2, FALSE);
2544 tvb_ensure_bytes_exist(tvb, offset, name_length);
2545 proto_tree_add_bytes_format(subtree,
2546 hf_ssl_handshake_dname,
2547 tvb, offset, name_length,
2548 tvb_get_ptr(tvb, offset, name_length),
2549 "Distinguished Name (%u byte%s)",
2551 plurality(name_length, "", "s"));
2552 offset += name_length;
2560 dissect_ssl3_hnd_finished(tvbuff_t *tvb,
2561 proto_tree *tree, guint32 offset,
2562 guint* conv_version)
2566 * opaque verify_data[12];
2571 * opaque md5_hash[16];
2572 * opaque sha_hash[20];
2576 /* this all needs a tree, so bail if we don't have one */
2582 switch(*conv_version) {
2584 proto_tree_add_item(tree, hf_ssl_handshake_finished,
2585 tvb, offset, 12, FALSE);
2589 proto_tree_add_item(tree, hf_ssl_handshake_md5_hash,
2590 tvb, offset, 16, FALSE);
2592 proto_tree_add_item(tree, hf_ssl_handshake_sha_hash,
2593 tvb, offset, 20, FALSE);
2599 /*********************************************************************
2601 * SSL version 2 Dissectors
2603 *********************************************************************/
2606 /* record layer dissector */
2608 dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
2609 guint32 offset, guint* conv_version,
2610 gboolean *need_desegmentation,
2611 SslDecryptSession* ssl)
2613 guint32 initial_offset = offset;
2615 guint8 record_length_length = 0;
2616 guint32 record_length = 0;
2617 gint is_escape = -1;
2618 gint16 padding_length = -1;
2619 guint8 msg_type = 0;
2620 const gchar *msg_type_str = NULL;
2621 guint32 available_bytes = 0;
2624 proto_tree *ssl_record_tree = NULL;
2626 /* pull first byte; if high bit is set, then record
2627 * length is three bytes due to padding; otherwise
2628 * record length is two bytes
2630 byte = tvb_get_guint8(tvb, offset);
2631 record_length_length = (byte & 0x80) ? 2 : 3;
2634 * Can we do reassembly?
2636 available_bytes = tvb_length_remaining(tvb, offset);
2638 if (ssl_desegment && pinfo->can_desegment) {
2640 * Yes - is the record header split across segment boundaries?
2642 if (available_bytes < record_length_length) {
2644 * Yes. Tell the TCP dissector where the data for this
2645 * message starts in the data it handed us, and how many
2646 * more bytes we need, and return.
2648 pinfo->desegment_offset = offset;
2649 pinfo->desegment_len = record_length_length - available_bytes;
2650 *need_desegmentation = TRUE;
2655 /* parse out the record length */
2656 switch(record_length_length) {
2657 case 2: /* two-byte record length */
2658 record_length = (byte & 0x7f) << 8;
2659 byte = tvb_get_guint8(tvb, offset + 1);
2660 record_length += byte;
2662 case 3: /* three-byte record length */
2663 is_escape = (byte & 0x40) ? TRUE : FALSE;
2664 record_length = (byte & 0x3f) << 8;
2665 byte = tvb_get_guint8(tvb, offset + 1);
2666 record_length += byte;
2667 byte = tvb_get_guint8(tvb, offset + 2);
2668 padding_length = byte;
2672 * Can we do reassembly?
2674 if (ssl_desegment && pinfo->can_desegment) {
2676 * Yes - is the record split across segment boundaries?
2678 if (available_bytes < (record_length_length + record_length)) {
2680 * Yes. Tell the TCP dissector where the data for this
2681 * message starts in the data it handed us, and how many
2682 * more bytes we need, and return.
2684 pinfo->desegment_offset = offset;
2685 pinfo->desegment_len = (record_length_length + record_length)
2687 *need_desegmentation = TRUE;
2691 offset += record_length_length;
2693 /* add the record layer subtree header */
2694 ti = proto_tree_add_item(tree, hf_ssl2_record, tvb, initial_offset,
2695 record_length_length + record_length, 0);
2696 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
2698 /* pull the msg_type so we can bail if it's unknown */
2699 msg_type = tvb_get_guint8(tvb, initial_offset + record_length_length);
2701 /* if we get a server_hello or later handshake in v2, then set
2704 if (*conv_version == SSL_VER_UNKNOWN)
2706 if (ssl_looks_like_valid_pct_handshake(tvb,
2708 record_length_length),
2710 *conv_version = SSL_VER_PCT;
2711 /*ssl_set_conv_version(pinfo, ssl->version);*/
2713 else if (msg_type >= 2 && msg_type <= 8)
2715 *conv_version = SSL_VER_SSLv2;
2716 /*ssl_set_conv_version(pinfo, ssl->version);*/
2720 /* if we get here, but don't have a version set for the
2721 * conversation, then set a version for just this frame
2722 * (e.g., on a client hello)
2724 if (check_col(pinfo->cinfo, COL_PROTOCOL))
2726 col_set_str(pinfo->cinfo, COL_PROTOCOL,
2727 (*conv_version == SSL_VER_PCT) ? "PCT" : "SSLv2");
2730 /* see if the msg_type is valid; if not the payload is
2731 * probably encrypted, so note that fact and bail
2733 msg_type_str = match_strval(msg_type,
2734 (*conv_version == SSL_VER_PCT)
2735 ? pct_msg_types : ssl_20_msg_types);
2737 || ((*conv_version != SSL_VER_PCT) &&
2738 !ssl_looks_like_valid_v2_handshake(tvb, initial_offset
2739 + record_length_length,
2741 || ((*conv_version == SSL_VER_PCT) &&
2742 !ssl_looks_like_valid_pct_handshake(tvb, initial_offset
2743 + record_length_length,
2746 if (ssl_record_tree)
2748 proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
2749 (*conv_version == SSL_VER_PCT)
2753 if (check_col(pinfo->cinfo, COL_INFO))
2754 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Data");
2755 return initial_offset + record_length_length + record_length;
2759 if (check_col(pinfo->cinfo, COL_INFO))
2760 col_append_str(pinfo->cinfo, COL_INFO, msg_type_str);
2762 if (ssl_record_tree)
2764 proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
2765 (*conv_version == SSL_VER_PCT)
2771 /* We have a valid message type, so move foward, filling in the
2772 * tree by adding the length, is_escape boolean and padding_length,
2773 * if present in the original packet
2775 if (ssl_record_tree)
2777 /* add the record length */
2778 tvb_ensure_bytes_exist(tvb, offset, record_length_length);
2779 ti = proto_tree_add_uint (ssl_record_tree,
2780 hf_ssl_record_length, tvb,
2781 initial_offset, record_length_length,
2784 if (ssl_record_tree && is_escape != -1)
2786 proto_tree_add_boolean(ssl_record_tree,
2787 hf_ssl2_record_is_escape, tvb,
2788 initial_offset, 1, is_escape);
2790 if (ssl_record_tree && padding_length != -1)
2792 proto_tree_add_uint(ssl_record_tree,
2793 hf_ssl2_record_padding_length, tvb,
2794 initial_offset + 2, 1, padding_length);
2798 * dissect the record data
2801 /* jump forward to the start of the record data */
2802 offset = initial_offset + record_length_length;
2804 /* add the message type */
2805 if (ssl_record_tree)
2807 proto_tree_add_item(ssl_record_tree,
2808 (*conv_version == SSL_VER_PCT)
2809 ? hf_pct_msg_type : hf_ssl2_msg_type,
2812 offset++; /* move past msg_type byte */
2814 if (*conv_version != SSL_VER_PCT)
2816 /* dissect the message (only handle client hello right now) */
2818 case SSL2_HND_CLIENT_HELLO:
2819 dissect_ssl2_hnd_client_hello(tvb, ssl_record_tree, offset, ssl);
2822 case SSL2_HND_CLIENT_MASTER_KEY:
2823 dissect_ssl2_hnd_client_master_key(tvb, ssl_record_tree, offset);
2826 case SSL2_HND_SERVER_HELLO:
2827 dissect_ssl2_hnd_server_hello(tvb, ssl_record_tree, offset, pinfo);
2830 case SSL2_HND_ERROR:
2831 case SSL2_HND_CLIENT_FINISHED:
2832 case SSL2_HND_SERVER_VERIFY:
2833 case SSL2_HND_SERVER_FINISHED:
2834 case SSL2_HND_REQUEST_CERTIFICATE:
2835 case SSL2_HND_CLIENT_CERTIFICATE:
2839 default: /* unknown */
2845 /* dissect the message */
2847 case PCT_MSG_CLIENT_HELLO:
2848 dissect_pct_msg_client_hello(tvb, ssl_record_tree, offset);
2850 case PCT_MSG_SERVER_HELLO:
2851 dissect_pct_msg_server_hello(tvb, ssl_record_tree, offset, pinfo);
2853 case PCT_MSG_CLIENT_MASTER_KEY:
2854 dissect_pct_msg_client_master_key(tvb, ssl_record_tree, offset);
2856 case PCT_MSG_SERVER_VERIFY:
2857 dissect_pct_msg_server_verify(tvb, ssl_record_tree, offset);
2860 dissect_pct_msg_error(tvb, ssl_record_tree, offset);
2863 default: /* unknown */
2867 return (initial_offset + record_length_length + record_length);
2871 dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
2872 proto_tree *tree, guint32 offset,
2873 SslDecryptSession* ssl)
2878 * uint16 cipher_spec_length;
2879 * uint16 session_id_length;
2880 * uint16 challenge_length;
2881 * V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length];
2882 * opaque session_id[V2ClientHello.session_id_length];
2886 * Note: when we get here, offset's already pointing at Version
2890 guint16 cipher_spec_length;
2891 guint16 session_id_length;
2892 guint16 challenge_length;
2895 proto_tree *cs_tree=0;
2897 version = tvb_get_ntohs(tvb, offset);
2898 if (!ssl_is_valid_ssl_version(version))
2900 /* invalid version; probably encrypted data */
2906 /* show the version */
2908 proto_tree_add_item(tree, hf_ssl_record_version, tvb,
2912 cipher_spec_length = tvb_get_ntohs(tvb, offset);
2914 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec_len,
2915 tvb, offset, 2, FALSE);
2918 session_id_length = tvb_get_ntohs(tvb, offset);
2920 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_len,
2921 tvb, offset, 2, FALSE);
2924 challenge_length = tvb_get_ntohs(tvb, offset);
2926 proto_tree_add_item(tree, hf_ssl2_handshake_challenge_len,
2927 tvb, offset, 2, FALSE);
2932 /* tell the user how many cipher specs they've won */
2933 tvb_ensure_bytes_exist(tvb, offset, cipher_spec_length);
2934 ti = proto_tree_add_none_format(tree, hf_ssl_handshake_cipher_suites,
2935 tvb, offset, cipher_spec_length,
2936 "Cipher Specs (%u specs)",
2937 cipher_spec_length/3);
2939 /* make this a subtree and expand the actual specs below */
2940 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2943 cs_tree = tree; /* failsafe */
2947 /* iterate through the cipher specs, showing them */
2948 while (cipher_spec_length > 0)
2951 proto_tree_add_item(cs_tree, hf_ssl2_handshake_cipher_spec,
2952 tvb, offset, 3, FALSE);
2953 offset += 3; /* length of one cipher spec */
2954 cipher_spec_length -= 3;
2957 /* if there's a session id, show it */
2958 if (session_id_length > 0)
2962 tvb_ensure_bytes_exist(tvb, offset, session_id_length);
2963 proto_tree_add_bytes_format(tree,
2964 hf_ssl_handshake_session_id,
2965 tvb, offset, session_id_length,
2966 tvb_get_ptr(tvb, offset, session_id_length),
2967 "Session ID (%u byte%s)",
2969 plurality(session_id_length, "", "s"));
2972 /* PAOLO: get session id and reset session state for key [re]negotiation */
2975 tvb_memcpy(tvb,ssl->session_id.data, offset, session_id_length);
2976 ssl->session_id.data_len = session_id_length;
2977 ssl->state &= ~(SSL_HAVE_SESSION_KEY|SSL_MASTER_SECRET|
2978 SSL_CIPHER|SSL_SERVER_RANDOM);
2980 offset += session_id_length;
2983 /* if there's a challenge, show it */
2984 if (challenge_length > 0)
2986 tvb_ensure_bytes_exist(tvb, offset, challenge_length);
2989 proto_tree_add_item(tree, hf_ssl2_handshake_challenge,
2990 tvb, offset, challenge_length, 0);
2993 /* PAOLO: get client random data; we get at most 32 bytes from
2995 int max = challenge_length > 32? 32: challenge_length;
2997 ssl_debug_printf("client random len: %d padded to 32\n",
3000 /* client random is padded with zero and 'right' aligned */
3001 memset(ssl->client_random.data, 0, 32 - max);
3002 tvb_memcpy(tvb, &ssl->client_random.data[32 - max], offset, max);
3003 ssl->client_random.data_len = 32;
3004 ssl->state |= SSL_CLIENT_RANDOM;
3007 offset += challenge_length;
3013 dissect_pct_msg_client_hello(tvbuff_t *tvb,
3014 proto_tree *tree, guint32 offset)
3016 guint16 CH_CLIENT_VERSION, CH_OFFSET, CH_CIPHER_SPECS_LENGTH, CH_HASH_SPECS_LENGTH, CH_CERT_SPECS_LENGTH, CH_EXCH_SPECS_LENGTH, CH_KEY_ARG_LENGTH;
3017 proto_item *CH_CIPHER_SPECS_ti, *CH_HASH_SPECS_ti, *CH_CERT_SPECS_ti, *CH_EXCH_SPECS_ti;
3018 proto_tree *CH_CIPHER_SPECS_tree, *CH_HASH_SPECS_tree, *CH_CERT_SPECS_tree, *CH_EXCH_SPECS_tree;
3021 CH_CLIENT_VERSION = tvb_get_ntohs(tvb, offset);
3022 if(CH_CLIENT_VERSION != PCT_VERSION_1)
3023 proto_tree_add_text(tree, tvb, offset, 2, "Client Version, should be %x in PCT version 1", PCT_VERSION_1);
3025 proto_tree_add_text(tree, tvb, offset, 2, "Client Version (%x)", PCT_VERSION_1);
3028 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
3031 proto_tree_add_text(tree, tvb, offset, 32, "Client Session ID Data (32 bytes)");
3034 proto_tree_add_text(tree, tvb, offset, 32, "Challange Data(32 bytes)");
3037 CH_OFFSET = tvb_get_ntohs(tvb, offset);
3038 if(CH_OFFSET != PCT_CH_OFFSET_V1)
3039 proto_tree_add_text(tree, tvb, offset, 2, "CH_OFFSET: %d, should be %d in PCT version 1", CH_OFFSET, PCT_CH_OFFSET_V1);
3041 proto_tree_add_text(tree, tvb, offset, 2, "CH_OFFSET: %d", CH_OFFSET);
3044 CH_CIPHER_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
3045 proto_tree_add_text(tree, tvb, offset, 2, "CIPHER_SPECS Length: %d", CH_CIPHER_SPECS_LENGTH);
3048 CH_HASH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
3049 proto_tree_add_text(tree, tvb, offset, 2, "HASH_SPECS Length: %d", CH_HASH_SPECS_LENGTH);
3052 CH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
3053 proto_tree_add_text(tree, tvb, offset, 2, "CERT_SPECS Length: %d", CH_CERT_SPECS_LENGTH);
3056 CH_EXCH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
3057 proto_tree_add_text(tree, tvb, offset, 2, "EXCH_SPECS Length: %d", CH_EXCH_SPECS_LENGTH);
3060 CH_KEY_ARG_LENGTH = tvb_get_ntohs(tvb, offset);
3061 proto_tree_add_text(tree, tvb, offset, 2, "IV Length: %d", CH_KEY_ARG_LENGTH);
3064 if(CH_CIPHER_SPECS_LENGTH) {
3065 tvb_ensure_bytes_exist(tvb, offset, CH_CIPHER_SPECS_LENGTH);
3066 CH_CIPHER_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cipher_spec, tvb, offset, CH_CIPHER_SPECS_LENGTH, FALSE);
3067 CH_CIPHER_SPECS_tree = proto_item_add_subtree(CH_CIPHER_SPECS_ti, ett_pct_cipher_suites);
3069 for(i=0; i<(CH_CIPHER_SPECS_LENGTH/4); i++) {
3070 proto_tree_add_item(CH_CIPHER_SPECS_tree, hf_pct_handshake_cipher, tvb, offset, 2, FALSE);
3072 proto_tree_add_text(CH_CIPHER_SPECS_tree, tvb, offset, 1, "Encryption key length: %d", tvb_get_guint8(tvb, offset));
3074 proto_tree_add_text(CH_CIPHER_SPECS_tree, tvb, offset, 1, "MAC key length in bits: %d", tvb_get_guint8(tvb, offset) + 64);
3079 if(CH_HASH_SPECS_LENGTH) {
3080 tvb_ensure_bytes_exist(tvb, offset, CH_HASH_SPECS_LENGTH);
3081 CH_HASH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_hash_spec, tvb, offset, CH_HASH_SPECS_LENGTH, FALSE);
3082 CH_HASH_SPECS_tree = proto_item_add_subtree(CH_HASH_SPECS_ti, ett_pct_hash_suites);
3084 for(i=0; i<(CH_HASH_SPECS_LENGTH/2); i++) {
3085 proto_tree_add_item(CH_HASH_SPECS_tree, hf_pct_handshake_hash, tvb, offset, 2, FALSE);
3090 if(CH_CERT_SPECS_LENGTH) {
3091 tvb_ensure_bytes_exist(tvb, offset, CH_CERT_SPECS_LENGTH);
3092 CH_CERT_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cert_spec, tvb, offset, CH_CERT_SPECS_LENGTH, FALSE);
3093 CH_CERT_SPECS_tree = proto_item_add_subtree(CH_CERT_SPECS_ti, ett_pct_cert_suites);
3095 for(i=0; i< (CH_CERT_SPECS_LENGTH/2); i++) {
3096 proto_tree_add_item(CH_CERT_SPECS_tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
3101 if(CH_EXCH_SPECS_LENGTH) {
3102 tvb_ensure_bytes_exist(tvb, offset, CH_EXCH_SPECS_LENGTH);
3103 CH_EXCH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_exch_spec, tvb, offset, CH_EXCH_SPECS_LENGTH, FALSE);
3104 CH_EXCH_SPECS_tree = proto_item_add_subtree(CH_EXCH_SPECS_ti, ett_pct_exch_suites);
3106 for(i=0; i<(CH_EXCH_SPECS_LENGTH/2); i++) {
3107 proto_tree_add_item(CH_EXCH_SPECS_tree, hf_pct_handshake_exch, tvb, offset, 2, FALSE);
3112 if(CH_KEY_ARG_LENGTH) {
3113 tvb_ensure_bytes_exist(tvb, offset, CH_KEY_ARG_LENGTH);
3114 proto_tree_add_text(tree, tvb, offset, CH_KEY_ARG_LENGTH, "IV data (%d bytes)", CH_KEY_ARG_LENGTH);
3115 offset += CH_KEY_ARG_LENGTH;
3120 dissect_pct_msg_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo)
3123 char SH_MSG_SERVER_HELLO
3125 char SH_SERVER_VERSION_MSB
3126 char SH_SERVER_VERSION_LSB
3127 char SH_RESTART_SESSION_OK
3128 char SH_CLIENT_AUTH_REQ
3129 char SH_CIPHER_SPECS_DATA[4]
3130 char SH_HASH_SPECS_DATA[2]
3131 char SH_CERT_SPECS_DATA[2]
3132 char SH_EXCH_SPECS_DATA[2]
3133 char SH_CONNECTION_ID_DATA[32]
3134 char SH_CERTIFICATE_LENGTH_MSB
3135 char SH_CERTIFICATE_LENGTH_LSB
3136 char SH_CLIENT_CERT_SPECS_LENGTH_MSB
3137 char SH_CLIENT_CERT_SPECS_LENGTH_LSB
3138 char SH_CLIENT_SIG_SPECS_LENGTH_MSB
3139 char SH_CLIENT_SIG_SPECS_LENGTH_LSB
3140 char SH_RESPONSE_LENGTH_MSB
3141 char SH_RESPONSE_LENGTH_LSB
3142 char SH_CERTIFICATE_DATA[MSB<<8|LSB]
3143 char SH_CLIENT_CERT_SPECS_DATA[MSB<<8|LSB]
3144 char SH_CLIENT_SIG_SPECS_DATA[MSB<<8|LSB]
3145 char SH_RESPONSE_DATA[MSB<<8|LSB]
3149 guint16 SH_SERVER_VERSION, SH_CERT_LENGTH, SH_CERT_SPECS_LENGTH, SH_CLIENT_SIG_LENGTH, SH_RESPONSE_LENGTH;
3151 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
3154 SH_SERVER_VERSION = tvb_get_ntohs(tvb, offset);
3155 if(SH_SERVER_VERSION != PCT_VERSION_1)
3156 proto_tree_add_text(tree, tvb, offset, 2, "Server Version, should be %x in PCT version 1", PCT_VERSION_1);
3158 proto_tree_add_text(tree, tvb, offset, 2, "Server Version (%x)", PCT_VERSION_1);
3161 proto_tree_add_text(tree, tvb, offset, 1, "SH_RESTART_SESSION_OK flag");
3164 proto_tree_add_text(tree, tvb, offset, 1, "SH_CLIENT_AUTH_REQ flag");
3167 proto_tree_add_item(tree, hf_pct_handshake_cipher, tvb, offset, 2, FALSE);
3169 proto_tree_add_text(tree, tvb, offset, 1, "Encryption key length: %d", tvb_get_guint8(tvb, offset));
3171 proto_tree_add_text(tree, tvb, offset, 1, "MAC key length in bits: %d", tvb_get_guint8(tvb, offset) + 64);
3174 proto_tree_add_item(tree, hf_pct_handshake_hash, tvb, offset, 2, FALSE);
3177 proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
3180 proto_tree_add_item(tree, hf_pct_handshake_exch, tvb, offset, 2, FALSE);
3183 proto_tree_add_text(tree, tvb, offset, 32, "Connection ID Data (32 bytes)");
3186 SH_CERT_LENGTH = tvb_get_ntohs(tvb, offset);
3187 proto_tree_add_text(tree, tvb, offset, 2, "Server Certificate Length: %d", SH_CERT_LENGTH);
3190 SH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
3191 proto_tree_add_text(tree, tvb, offset, 2, "Client CERT_SPECS Length: %d", SH_CERT_SPECS_LENGTH);
3194 SH_CLIENT_SIG_LENGTH = tvb_get_ntohs(tvb, offset);
3195 proto_tree_add_text(tree, tvb, offset, 2, "Client SIG_SPECS Length: %d", SH_CLIENT_SIG_LENGTH);
3198 SH_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
3199 proto_tree_add_text(tree, tvb, offset, 2, "Response Length: %d", SH_RESPONSE_LENGTH);
3202 if(SH_CERT_LENGTH) {
3203 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_pct_handshake_server_cert);
3204 offset += SH_CERT_LENGTH;
3207 if(SH_CERT_SPECS_LENGTH) {
3208 tvb_ensure_bytes_exist(tvb, offset, SH_CERT_SPECS_LENGTH);
3209 proto_tree_add_text(tree, tvb, offset, SH_CERT_SPECS_LENGTH, "Client CERT_SPECS (%d bytes)", SH_CERT_SPECS_LENGTH);
3210 offset += SH_CERT_SPECS_LENGTH;
3213 if(SH_CLIENT_SIG_LENGTH) {
3214 tvb_ensure_bytes_exist(tvb, offset, SH_CLIENT_SIG_LENGTH);
3215 proto_tree_add_text(tree, tvb, offset, SH_CLIENT_SIG_LENGTH, "Client Signature (%d bytes)", SH_CLIENT_SIG_LENGTH);
3216 offset += SH_CLIENT_SIG_LENGTH;
3219 if(SH_RESPONSE_LENGTH) {
3220 tvb_ensure_bytes_exist(tvb, offset, SH_RESPONSE_LENGTH);
3221 proto_tree_add_text(tree, tvb, offset, SH_RESPONSE_LENGTH, "Server Response (%d bytes)", SH_RESPONSE_LENGTH);
3222 offset += SH_RESPONSE_LENGTH;
3228 dissect_pct_msg_client_master_key(tvbuff_t *tvb, proto_tree *tree, guint32 offset)
3230 guint16 CMK_CLEAR_KEY_LENGTH, CMK_ENCRYPTED_KEY_LENGTH, CMK_KEY_ARG_LENGTH, CMK_VERIFY_PRELUDE, CMK_CLIENT_CERT_LENGTH, CMK_RESPONSE_LENGTH;
3232 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
3235 proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
3238 proto_tree_add_item(tree, hf_pct_handshake_sig, tvb, offset, 2, FALSE);
3241 CMK_CLEAR_KEY_LENGTH = tvb_get_ntohs(tvb, offset);
3242 proto_tree_add_text(tree, tvb, offset, 2, "Clear Key Length: %d",CMK_CLEAR_KEY_LENGTH);
3245 CMK_ENCRYPTED_KEY_LENGTH = tvb_get_ntohs(tvb, offset);
3246 proto_tree_add_text(tree, tvb, offset, 2, "Encrypted Key Length: %d",CMK_ENCRYPTED_KEY_LENGTH);
3249 CMK_KEY_ARG_LENGTH= tvb_get_ntohs(tvb, offset);
3250 proto_tree_add_text(tree, tvb, offset, 2, "IV Length: %d",CMK_KEY_ARG_LENGTH);
3253 CMK_VERIFY_PRELUDE = tvb_get_ntohs(tvb, offset);
3254 proto_tree_add_text(tree, tvb, offset, 2, "Verify Prelude Length: %d",CMK_VERIFY_PRELUDE);
3257 CMK_CLIENT_CERT_LENGTH = tvb_get_ntohs(tvb, offset);
3258 proto_tree_add_text(tree, tvb, offset, 2, "Client Cert Length: %d",CMK_CLIENT_CERT_LENGTH);
3261 CMK_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
3262 proto_tree_add_text(tree, tvb, offset, 2, "Response Length: %d",CMK_RESPONSE_LENGTH);
3265 if(CMK_CLEAR_KEY_LENGTH) {
3266 tvb_ensure_bytes_exist(tvb, offset, CMK_CLEAR_KEY_LENGTH);
3267 proto_tree_add_text(tree, tvb, offset, CMK_CLEAR_KEY_LENGTH, "Clear Key data (%d bytes)", CMK_CLEAR_KEY_LENGTH);
3268 offset += CMK_CLEAR_KEY_LENGTH;
3270 if(CMK_ENCRYPTED_KEY_LENGTH) {
3271 tvb_ensure_bytes_exist(tvb, offset, CMK_ENCRYPTED_KEY_LENGTH);
3272 proto_tree_add_text(tree, tvb, offset, CMK_ENCRYPTED_KEY_LENGTH, "Encrypted Key data (%d bytes)", CMK_ENCRYPTED_KEY_LENGTH);
3273 offset += CMK_ENCRYPTED_KEY_LENGTH;
3275 if(CMK_KEY_ARG_LENGTH) {
3276 tvb_ensure_bytes_exist(tvb, offset, CMK_KEY_ARG_LENGTH);
3277 proto_tree_add_text(tree, tvb, offset, CMK_KEY_ARG_LENGTH, "IV data (%d bytes)", CMK_KEY_ARG_LENGTH);
3278 offset += CMK_KEY_ARG_LENGTH;
3280 if(CMK_VERIFY_PRELUDE) {
3281 tvb_ensure_bytes_exist(tvb, offset, CMK_VERIFY_PRELUDE);
3282 proto_tree_add_text(tree, tvb, offset, CMK_VERIFY_PRELUDE, "Verify Prelude data (%d bytes)", CMK_VERIFY_PRELUDE);
3283 offset += CMK_VERIFY_PRELUDE;
3285 if(CMK_CLIENT_CERT_LENGTH) {
3286 tvb_ensure_bytes_exist(tvb, offset, CMK_CLIENT_CERT_LENGTH);
3287 proto_tree_add_text(tree, tvb, offset, CMK_CLIENT_CERT_LENGTH, "Client Certificate data (%d bytes)", CMK_CLIENT_CERT_LENGTH);
3288 offset += CMK_CLIENT_CERT_LENGTH;
3290 if(CMK_RESPONSE_LENGTH) {
3291 tvb_ensure_bytes_exist(tvb, offset, CMK_RESPONSE_LENGTH);
3292 proto_tree_add_text(tree, tvb, offset, CMK_RESPONSE_LENGTH, "Response data (%d bytes)", CMK_RESPONSE_LENGTH);
3293 offset += CMK_RESPONSE_LENGTH;
3298 dissect_pct_msg_server_verify(tvbuff_t *tvb,
3299 proto_tree *tree, guint32 offset)
3301 guint16 SV_RESPONSE_LENGTH;
3303 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
3306 proto_tree_add_text(tree, tvb, offset, 32, "Server Session ID data (32 bytes)");
3309 SV_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
3310 proto_tree_add_text(tree, tvb, offset, 2, "Server Response Length: %d", SV_RESPONSE_LENGTH);
3313 if(SV_RESPONSE_LENGTH) {
3314 tvb_ensure_bytes_exist(tvb, offset, SV_RESPONSE_LENGTH);
3315 proto_tree_add_text(tree, tvb, offset, SV_RESPONSE_LENGTH, "Server Response (%d bytes)", SV_RESPONSE_LENGTH);
3316 offset += SV_RESPONSE_LENGTH;
3321 dissect_pct_msg_error(tvbuff_t *tvb,
3322 proto_tree *tree, guint32 offset)
3324 guint16 ERROR_CODE, INFO_LEN;
3326 ERROR_CODE = tvb_get_ntohs(tvb, offset);
3327 proto_tree_add_item(tree, hf_pct_msg_error_type, tvb, offset, 2, FALSE);
3330 INFO_LEN = tvb_get_ntohs(tvb, offset);
3331 proto_tree_add_text(tree, tvb, offset, 2, "Eror Information Length: %d", INFO_LEN);
3333 if (ERROR_CODE == PCT_ERR_SPECS_MISMATCH && INFO_LEN == 6)
3335 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CIPHER");
3337 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_HASH");
3339 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CERT");
3341 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_EXCH");
3343 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CLIENT_CERT");
3345 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CLIENT_SIG");
3349 proto_tree_add_text(tree, tvb, offset, INFO_LEN, "Error Information dta (%d bytes)", INFO_LEN);
3355 dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
3356 proto_tree *tree, guint32 offset)
3360 * V2Cipherspec cipher;
3361 * uint16 clear_key_length;
3362 * uint16 encrypted_key_length;
3363 * uint16 key_arg_length;
3364 * opaque clear_key_data[V2ClientMasterKey.clear_key_length];
3365 * opaque encrypted_key_data[V2ClientMasterKey.encrypted_key_length];
3366 * opaque key_arg_data[V2ClientMasterKey.key_arg_length];
3367 * } V2ClientMasterKey;
3369 * Note: when we get here, offset's already pointing at cipher
3371 guint16 clear_key_length;
3372 guint16 encrypted_key_length;
3373 guint16 key_arg_length;
3375 /* at this point, everything we do involves the tree,
3376 * so quit now if we don't have one ;-)
3383 /* show the selected cipher */
3384 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec,
3385 tvb, offset, 3, FALSE);
3388 /* get the fixed fields */
3389 clear_key_length = tvb_get_ntohs(tvb, offset);
3390 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key_len,
3391 tvb, offset, 2, FALSE);
3394 encrypted_key_length = tvb_get_ntohs(tvb, offset);
3395 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key_len,
3396 tvb, offset, 2, FALSE);
3399 key_arg_length = tvb_get_ntohs(tvb, offset);
3400 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg_len,
3401 tvb, offset, 2, FALSE);
3404 /* show the variable length fields */
3405 if (clear_key_length > 0)
3407 tvb_ensure_bytes_exist(tvb, offset, clear_key_length);
3408 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key,
3409 tvb, offset, clear_key_length, FALSE);
3410 offset += clear_key_length;
3413 if (encrypted_key_length > 0)
3415 tvb_ensure_bytes_exist(tvb, offset, encrypted_key_length);
3416 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key,
3417 tvb, offset, encrypted_key_length, FALSE);
3418 offset += encrypted_key_length;
3421 if (key_arg_length > 0)
3423 tvb_ensure_bytes_exist(tvb, offset, key_arg_length);
3424 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg,
3425 tvb, offset, key_arg_length, FALSE);
3426 offset += key_arg_length;
3432 dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
3433 proto_tree *tree, guint32 offset, packet_info *pinfo)
3437 * uint8 session_id_hit;
3438 * uint8 certificate_type;
3439 * uint16 server_version;
3440 * uint16 certificate_length;
3441 * uint16 cipher_specs_length;
3442 * uint16 connection_id_length;
3443 * opaque certificate_data[V2ServerHello.certificate_length];
3444 * opaque cipher_specs_data[V2ServerHello.cipher_specs_length];
3445 * opaque connection_id_data[V2ServerHello.connection_id_length];
3448 * Note: when we get here, offset's already pointing at session_id_hit
3450 guint16 certificate_length;
3451 guint16 cipher_spec_length;
3452 guint16 connection_id_length;
3455 proto_tree *subtree;
3457 /* everything we do only makes sense with a tree, so
3458 * quit now if we don't have one
3465 version = tvb_get_ntohs(tvb, offset + 2);
3466 if (!ssl_is_valid_ssl_version(version))
3468 /* invalid version; probably encrypted data */
3473 /* is there a hit? */
3474 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_hit,
3475 tvb, offset, 1, FALSE);
3478 /* what type of certificate is this? */
3479 proto_tree_add_item(tree, hf_ssl2_handshake_cert_type,
3480 tvb, offset, 1, FALSE);
3483 /* now the server version */
3484 proto_tree_add_item(tree, hf_ssl_handshake_server_version,
3485 tvb, offset, 2, FALSE);
3488 /* get the fixed fields */
3489 certificate_length = tvb_get_ntohs(tvb, offset);
3490 proto_tree_add_uint(tree, hf_ssl_handshake_certificate_len,
3491 tvb, offset, 2, certificate_length);
3494 cipher_spec_length = tvb_get_ntohs(tvb, offset);
3495 proto_tree_add_uint(tree, hf_ssl2_handshake_cipher_spec_len,
3496 tvb, offset, 2, cipher_spec_length);
3499 connection_id_length = tvb_get_ntohs(tvb, offset);
3500 proto_tree_add_uint(tree, hf_ssl2_handshake_connection_id_len,
3501 tvb, offset, 2, connection_id_length);
3504 /* now the variable length fields */
3505 if (certificate_length > 0)
3507 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_ssl_handshake_certificate);
3508 offset += certificate_length;
3511 if (cipher_spec_length > 0)
3513 /* provide a collapsing node for the cipher specs */
3514 tvb_ensure_bytes_exist(tvb, offset, cipher_spec_length);
3515 ti = proto_tree_add_none_format(tree,
3516 hf_ssl_handshake_cipher_suites,
3517 tvb, offset, cipher_spec_length,
3518 "Cipher Specs (%u spec%s)",
3519 cipher_spec_length/3,
3520 plurality(cipher_spec_length/3, "", "s"));
3521 subtree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
3527 /* iterate through the cipher specs */
3528 while (cipher_spec_length > 0)
3530 proto_tree_add_item(subtree, hf_ssl2_handshake_cipher_spec,
3531 tvb, offset, 3, FALSE);
3533 cipher_spec_length -= 3;
3537 if (connection_id_length > 0)
3539 tvb_ensure_bytes_exist(tvb, offset, connection_id_length);
3540 proto_tree_add_item(tree, hf_ssl2_handshake_connection_id,
3541 tvb, offset, connection_id_length, FALSE);
3542 offset += connection_id_length;
3550 /*********************************************************************
3554 *********************************************************************/
3557 ssl_set_conv_version(packet_info *pinfo, guint version)
3559 conversation_t *conversation;
3561 if (pinfo->fd->flags.visited)
3563 /* We've already processed this frame; no need to do any more
3569 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
3570 pinfo->srcport, pinfo->destport, 0);
3572 if (conversation == NULL)
3574 /* create a new conversation */
3575 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
3576 pinfo->srcport, pinfo->destport, 0);
3579 if (conversation_get_proto_data(conversation, proto_ssl) != NULL)
3581 /* get rid of the current data */
3582 conversation_delete_proto_data(conversation, proto_ssl);
3584 conversation_add_proto_data(conversation, proto_ssl, GINT_TO_POINTER(version));
3589 ssl_is_valid_handshake_type(guint8 type)
3593 case SSL_HND_HELLO_REQUEST:
3594 case SSL_HND_CLIENT_HELLO:
3595 case SSL_HND_SERVER_HELLO:
3596 case SSL_HND_CERTIFICATE:
3597 case SSL_HND_SERVER_KEY_EXCHG:
3598 case SSL_HND_CERT_REQUEST:
3599 case SSL_HND_SVR_HELLO_DONE:
3600 case SSL_HND_CERT_VERIFY:
3601 case SSL_HND_CLIENT_KEY_EXCHG:
3602 case SSL_HND_FINISHED:
3609 ssl_is_valid_content_type(guint8 type)
3611 if (type >= 0x14 && type <= 0x17)
3620 ssl_is_valid_ssl_version(guint16 version)
3622 const gchar *version_str = match_strval(version, ssl_versions);
3623 return version_str != NULL;
3627 ssl_is_authoritative_version_message(guint8 content_type,
3630 if (content_type == SSL_ID_HANDSHAKE
3631 && ssl_is_valid_handshake_type(next_byte))
3633 return (next_byte != SSL_HND_CLIENT_HELLO);
3635 else if (ssl_is_valid_content_type(content_type)
3636 && content_type != SSL_ID_HANDSHAKE)
3644 ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset)
3648 byte = tvb_get_guint8(tvb, offset);
3649 if (byte != 0x80) /* v2 client hello should start this way */
3654 byte = tvb_get_guint8(tvb, offset+2);
3655 if (byte != 0x01) /* v2 client hello msg type */
3660 /* 1 in 2^16 of being right; improve later if necessary */
3664 /* this applies a heuristic to determine whether
3665 * or not the data beginning at offset looks like a
3666 * valid sslv2 record. this isn't really possible,
3667 * but we'll try to do a reasonable job anyway.
3670 ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset)
3672 /* here's the current approach:
3674 * we only try to catch unencrypted handshake messages, so we can
3675 * assume that there is not padding. This means that the
3676 * first byte must be >= 0x80 and there must be a valid sslv2
3677 * msg_type in the third byte
3680 /* get the first byte; must have high bit set */
3681 guint8 byte = tvb_get_guint8(tvb, offset);
3687 /* get the supposed msg_type byte; since we only care about
3688 * unencrypted handshake messages (we can't tell the type for
3689 * encrypted messages), we just check against that list
3691 byte = tvb_get_guint8(tvb, offset + 2);
3693 case SSL2_HND_ERROR:
3694 case SSL2_HND_CLIENT_HELLO:
3695 case SSL2_HND_CLIENT_MASTER_KEY:
3696 case SSL2_HND_SERVER_HELLO:
3697 case PCT_MSG_CLIENT_MASTER_KEY:
3704 /* this applies a heuristic to determine whether
3705 * or not the data beginning at offset looks like a
3706 * valid sslv3 record. this is somewhat more reliable
3707 * than sslv2 due to the structure of the v3 protocol
3710 ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset)
3712 /* have to have a valid content type followed by a valid
3718 /* see if the first byte is a valid content type */
3719 byte = tvb_get_guint8(tvb, offset);
3720 if (!ssl_is_valid_content_type(byte))
3725 /* now check to see if the version byte appears valid */
3726 version = tvb_get_ntohs(tvb, offset + 1);
3727 if (version != 0x0300 && version != 0x0301)
3735 /* applies a heuristic to determine whether
3736 * or not the data beginning at offset looks
3737 * like a valid, unencrypted v2 handshake message.
3738 * since it isn't possible to completely tell random
3739 * data apart from a valid message without state,
3740 * we try to help the odds.
3743 ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, guint32 offset,
3744 guint32 record_length)
3746 /* first byte should be a msg_type.
3748 * - we know we only see client_hello, client_master_key,
3749 * and server_hello in the clear, so check to see if
3750 * msg_type is one of those (this gives us a 3 in 2^8
3751 * chance of saying yes with random payload)
3753 * - for those three types that we know about, do some
3754 * further validation to reduce the chance of an error
3760 /* fetch the msg_type */
3761 msg_type = tvb_get_guint8(tvb, offset);
3764 case SSL2_HND_CLIENT_HELLO:
3765 /* version follows msg byte, so verify that this is valid */
3766 version = tvb_get_ntohs(tvb, offset+1);
3767 return ssl_is_valid_ssl_version(version);
3770 case SSL2_HND_SERVER_HELLO:
3771 /* version is three bytes after msg_type */
3772 version = tvb_get_ntohs(tvb, offset+3);
3773 return ssl_is_valid_ssl_version(version);
3776 case SSL2_HND_CLIENT_MASTER_KEY:
3777 /* sum of clear_key_length, encrypted_key_length, and key_arg_length
3778 * must be less than record length
3780 sum = tvb_get_ntohs(tvb, offset + 4); /* clear_key_length */
3781 sum += tvb_get_ntohs(tvb, offset + 6); /* encrypted_key_length */
3782 sum += tvb_get_ntohs(tvb, offset + 8); /* key_arg_length */
3783 if (sum > record_length)
3796 /* applies a heuristic to determine whether
3797 * or not the data beginning at offset looks
3798 * like a valid, unencrypted v2 handshake message.
3799 * since it isn't possible to completely tell random
3800 * data apart from a valid message without state,
3801 * we try to help the odds.
3804 ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, guint32 offset,
3805 guint32 record_length)
3807 /* first byte should be a msg_type.
3809 * - we know we only see client_hello, client_master_key,
3810 * and server_hello in the clear, so check to see if
3811 * msg_type is one of those (this gives us a 3 in 2^8
3812 * chance of saying yes with random payload)
3814 * - for those three types that we know about, do some
3815 * further validation to reduce the chance of an error
3821 /* fetch the msg_type */
3822 msg_type = tvb_get_guint8(tvb, offset);
3825 case PCT_MSG_CLIENT_HELLO:
3826 /* version follows msg byte, so verify that this is valid */
3827 version = tvb_get_ntohs(tvb, offset+1);
3828 return version == PCT_VERSION_1;
3831 case PCT_MSG_SERVER_HELLO:
3832 /* version is one byte after msg_type */
3833 version = tvb_get_ntohs(tvb, offset+2);
3834 return version == PCT_VERSION_1;
3837 case PCT_MSG_CLIENT_MASTER_KEY:
3838 /* sum of various length fields must be less than record length */
3839 sum = tvb_get_ntohs(tvb, offset + 6); /* clear_key_length */
3840 sum += tvb_get_ntohs(tvb, offset + 8); /* encrypted_key_length */
3841 sum += tvb_get_ntohs(tvb, offset + 10); /* key_arg_length */
3842 sum += tvb_get_ntohs(tvb, offset + 12); /* verify_prelude_length */
3843 sum += tvb_get_ntohs(tvb, offset + 14); /* client_cert_length */
3844 sum += tvb_get_ntohs(tvb, offset + 16); /* response_length */
3845 if (sum > record_length)
3852 case PCT_MSG_SERVER_VERIFY:
3853 /* record is 36 bytes longer than response_length */
3854 sum = tvb_get_ntohs(tvb, offset + 34); /* response_length */
3855 if ((sum + 36) == record_length)
3868 /*********************************************************************
3870 * Standard Ethereal Protocol Registration and housekeeping
3872 *********************************************************************/
3874 proto_register_ssl(void)
3877 /* Setup list of header fields See Section 1.6.1 for details*/
3878 static hf_register_info hf[] = {
3880 { "Record Layer", "ssl.record",
3881 FT_NONE, BASE_NONE, NULL, 0x0,
3882 "Record layer", HFILL }
3884 { &hf_ssl_record_content_type,
3885 { "Content Type", "ssl.record.content_type",
3886 FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
3887 "Content type", HFILL}
3889 { &hf_ssl2_msg_type,
3890 { "Handshake Message Type", "ssl.handshake.type",
3891 FT_UINT8, BASE_DEC, VALS(ssl_20_msg_types), 0x0,
3892 "SSLv2 handshake message type", HFILL}
3895 { "Handshake Message Type", "ssl.pct_handshake.type",
3896 FT_UINT8, BASE_DEC, VALS(pct_msg_types), 0x0,
3897 "PCT handshake message type", HFILL}
3899 { &hf_ssl_record_version,
3900 { "Version", "ssl.record.version",
3901 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3902 "Record layer version.", HFILL }
3904 { &hf_ssl_record_length,
3905 { "Length", "ssl.record.length",
3906 FT_UINT16, BASE_DEC, NULL, 0x0,
3907 "Length of SSL record data", HFILL }
3909 { &hf_ssl_record_appdata,
3910 { "Application Data", "ssl.app_data",
3911 FT_NONE, BASE_NONE, NULL, 0x0,
3912 "Payload is application data", HFILL }
3914 { &hf_ssl_record_appdata_decrypted,
3915 { "Application Data decrypted", "ssl.app_data_decrypted",
3916 FT_STRING, BASE_NONE, NULL, 0x0,
3917 "Payload is decrypted application data", HFILL }
3921 { "SSLv2/PCT Record Header", "ssl.record",
3922 FT_NONE, BASE_DEC, NULL, 0x0,
3923 "SSLv2/PCT record data", HFILL }
3925 { &hf_ssl2_record_is_escape,
3926 { "Is Escape", "ssl.record.is_escape",
3927 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3928 "Indicates a security escape", HFILL}
3930 { &hf_ssl2_record_padding_length,
3931 { "Padding Length", "ssl.record.padding_length",
3932 FT_UINT8, BASE_DEC, NULL, 0x0,
3933 "Length of padding at end of record", HFILL }
3935 { &hf_ssl_change_cipher_spec,
3936 { "Change Cipher Spec Message", "ssl.change_cipher_spec",
3937 FT_NONE, BASE_NONE, NULL, 0x0,
3938 "Signals a change in cipher specifications", HFILL }
3940 { & hf_ssl_alert_message,
3941 { "Alert Message", "ssl.alert_message",
3942 FT_NONE, BASE_NONE, NULL, 0x0,
3943 "Alert message", HFILL }
3945 { & hf_ssl_alert_message_level,
3946 { "Level", "ssl.alert_message.level",
3947 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
3948 "Alert message level", HFILL }
3950 { &hf_ssl_alert_message_description,
3951 { "Description", "ssl.alert_message.desc",
3952 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
3953 "Alert message description", HFILL }
3955 { &hf_ssl_handshake_protocol,
3956 { "Handshake Protocol", "ssl.handshake",
3957 FT_NONE, BASE_NONE, NULL, 0x0,
3958 "Handshake protocol message", HFILL}
3960 { &hf_ssl_handshake_type,
3961 { "Handshake Type", "ssl.handshake.type",
3962 FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
3963 "Type of handshake message", HFILL}
3965 { &hf_ssl_handshake_length,
3966 { "Length", "ssl.handshake.length",
3967 FT_UINT24, BASE_DEC, NULL, 0x0,
3968 "Length of handshake message", HFILL }
3970 { &hf_ssl_handshake_client_version,
3971 { "Version", "ssl.handshake.version",
3972 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3973 "Maximum version supported by client", HFILL }
3975 { &hf_ssl_handshake_server_version,
3976 { "Version", "ssl.handshake.version",
3977 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3978 "Version selected by server", HFILL }
3980 { &hf_ssl_handshake_random_time,
3981 { "Random.gmt_unix_time", "ssl.handshake.random_time",
3982 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
3983 "Unix time field of random structure", HFILL }
3985 { &hf_ssl_handshake_random_bytes,
3986 { "Random.bytes", "ssl.handshake.random",
3987 FT_NONE, BASE_NONE, NULL, 0x0,
3988 "Random challenge used to authenticate server", HFILL }
3990 { &hf_ssl_handshake_cipher_suites_len,
3991 { "Cipher Suites Length", "ssl.handshake.cipher_suites_length",
3992 FT_UINT16, BASE_DEC, NULL, 0x0,
3993 "Length of cipher suites field", HFILL }
3995 { &hf_ssl_handshake_cipher_suites,
3996 { "Cipher Suites", "ssl.handshake.ciphersuites",
3997 FT_NONE, BASE_NONE, NULL, 0x0,
3998 "List of cipher suites supported by client", HFILL }
4000 { &hf_ssl_handshake_cipher_suite,
4001 { "Cipher Suite", "ssl.handshake.ciphersuite",
4002 FT_UINT16, BASE_HEX, VALS(ssl_31_ciphersuite), 0x0,
4003 "Cipher suite", HFILL }
4005 { &hf_ssl2_handshake_cipher_spec,
4006 { "Cipher Spec", "ssl.handshake.cipherspec",
4007 FT_UINT24, BASE_HEX, VALS(ssl_20_cipher_suites), 0x0,
4008 "Cipher specification", HFILL }
4010 { &hf_ssl_handshake_session_id,
4011 { "Session ID", "ssl.handshake.session_id",
4012 FT_BYTES, BASE_NONE, NULL, 0x0,
4013 "Identifies the SSL session, allowing later resumption", HFILL }
4015 { &hf_ssl_handshake_comp_methods_len,
4016 { "Compression Methods Length", "ssl.handshake.comp_methods_length",
4017 FT_UINT8, BASE_DEC, NULL, 0x0,
4018 "Length of compression methods field", HFILL }
4020 { &hf_ssl_handshake_comp_methods,
4021 { "Compression Methods", "ssl.handshake.comp_methods",
4022 FT_NONE, BASE_NONE, NULL, 0x0,
4023 "List of compression methods supported by client", HFILL }
4025 { &hf_ssl_handshake_comp_method,
4026 { "Compression Method", "ssl.handshake.comp_method",
4027 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
4028 "Compression Method", HFILL }
4030 { &hf_ssl_handshake_extensions_len,
4031 { "Extensions Length", "ssl.handshake.extensions_length",
4032 FT_UINT16, BASE_DEC, NULL, 0x0,
4033 "Length of hello extensions", HFILL }
4035 { &hf_ssl_handshake_extension_type,
4036 { "Type", "ssl.handshake.extension.type",
4037 FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0,
4038 "Hello extension type", HFILL }
4040 { &hf_ssl_handshake_extension_len,
4041 { "Length", "ssl.handshake.extension.len",
4042 FT_UINT16, BASE_DEC, NULL, 0x0,
4043 "Length of a hello extension", HFILL }
4045 { &hf_ssl_handshake_extension_data,
4046 { "Data", "ssl.handshake.extension.data",
4047 FT_BYTES, BASE_NONE, NULL, 0x0,
4048 "Hello Extension data", HFILL }
4050 { &hf_ssl_handshake_certificates_len,
4051 { "Certificates Length", "ssl.handshake.certificates_length",
4052 FT_UINT24, BASE_DEC, NULL, 0x0,
4053 "Length of certificates field", HFILL }
4055 { &hf_ssl_handshake_certificates,
4056 { "Certificates", "ssl.handshake.certificates",
4057 FT_NONE, BASE_NONE, NULL, 0x0,
4058 "List of certificates", HFILL }
4060 { &hf_ssl_handshake_certificate,
4061 { "Certificate", "ssl.handshake.certificate",
4062 FT_BYTES, BASE_NONE, NULL, 0x0,
4063 "Certificate", HFILL }
4065 { &hf_ssl_handshake_certificate_len,
4066 { "Certificate Length", "ssl.handshake.certificate_length",
4067 FT_UINT24, BASE_DEC, NULL, 0x0,
4068 "Length of certificate", HFILL }
4070 { &hf_ssl_handshake_cert_types_count,
4071 { "Certificate types count", "ssl.handshake.cert_types_count",
4072 FT_UINT8, BASE_DEC, NULL, 0x0,
4073 "Count of certificate types", HFILL }
4075 { &hf_ssl_handshake_cert_types,
4076 { "Certificate types", "ssl.handshake.cert_types",
4077 FT_NONE, BASE_NONE, NULL, 0x0,
4078 "List of certificate types", HFILL }
4080 { &hf_ssl_handshake_cert_type,
4081 { "Certificate type", "ssl.handshake.cert_type",
4082 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
4083 "Certificate type", HFILL }
4085 { &hf_ssl_handshake_finished,
4086 { "Verify Data", "ssl.handshake.verify_data",
4087 FT_NONE, BASE_NONE, NULL, 0x0,
4088 "Opaque verification data", HFILL }
4090 { &hf_ssl_handshake_md5_hash,
4091 { "MD5 Hash", "ssl.handshake.md5_hash",
4092 FT_NONE, BASE_NONE, NULL, 0x0,
4093 "Hash of messages, master_secret, etc.", HFILL }
4095 { &hf_ssl_handshake_sha_hash,
4096 { "SHA-1 Hash", "ssl.handshake.sha_hash",
4097 FT_NONE, BASE_NONE, NULL, 0x0,
4098 "Hash of messages, master_secret, etc.", HFILL }
4100 { &hf_ssl_handshake_session_id_len,
4101 { "Session ID Length", "ssl.handshake.session_id_length",
4102 FT_UINT8, BASE_DEC, NULL, 0x0,
4103 "Length of session ID field", HFILL }
4105 { &hf_ssl_handshake_dnames_len,
4106 { "Distinguished Names Length", "ssl.handshake.dnames_len",
4107 FT_UINT16, BASE_DEC, NULL, 0x0,
4108 "Length of list of CAs that server trusts", HFILL }
4110 { &hf_ssl_handshake_dnames,
4111 { "Distinguished Names", "ssl.handshake.dnames",
4112 FT_NONE, BASE_NONE, NULL, 0x0,
4113 "List of CAs that server trusts", HFILL }
4115 { &hf_ssl_handshake_dname_len,
4116 { "Distinguished Name Length", "ssl.handshake.dname_len",
4117 FT_UINT16, BASE_DEC, NULL, 0x0,
4118 "Length of distinguished name", HFILL }
4120 { &hf_ssl_handshake_dname,
4121 { "Distinguished Name", "ssl.handshake.dname",
4122 FT_BYTES, BASE_NONE, NULL, 0x0,
4123 "Distinguished name of a CA that server trusts", HFILL }
4125 { &hf_ssl2_handshake_challenge,
4126 { "Challenge", "ssl.handshake.challenge",
4127 FT_NONE, BASE_NONE, NULL, 0x0,
4128 "Challenge data used to authenticate server", HFILL }
4130 { &hf_ssl2_handshake_cipher_spec_len,
4131 { "Cipher Spec Length", "ssl.handshake.cipher_spec_len",
4132 FT_UINT16, BASE_DEC, NULL, 0x0,
4133 "Length of cipher specs field", HFILL }
4135 { &hf_ssl2_handshake_session_id_len,
4136 { "Session ID Length", "ssl.handshake.session_id_length",
4137 FT_UINT16, BASE_DEC, NULL, 0x0,
4138 "Length of session ID field", HFILL }
4140 { &hf_ssl2_handshake_challenge_len,
4141 { "Challenge Length", "ssl.handshake.challenge_length",
4142 FT_UINT16, BASE_DEC, NULL, 0x0,
4143 "Length of challenge field", HFILL }
4145 { &hf_ssl2_handshake_clear_key_len,
4146 { "Clear Key Data Length", "ssl.handshake.clear_key_length",
4147 FT_UINT16, BASE_DEC, NULL, 0x0,
4148 "Length of clear key data", HFILL }
4150 { &hf_ssl2_handshake_enc_key_len,
4151 { "Encrypted Key Data Length", "ssl.handshake.encrypted_key_length",
4152 FT_UINT16, BASE_DEC, NULL, 0x0,
4153 "Length of encrypted key data", HFILL }
4155 { &hf_ssl2_handshake_key_arg_len,
4156 { "Key Argument Length", "ssl.handshake.key_arg_length",
4157 FT_UINT16, BASE_DEC, NULL, 0x0,
4158 "Length of key argument", HFILL }
4160 { &hf_ssl2_handshake_clear_key,
4161 { "Clear Key Data", "ssl.handshake.clear_key_data",
4162 FT_NONE, BASE_NONE, NULL, 0x0,
4163 "Clear portion of MASTER-KEY", HFILL }
4165 { &hf_ssl2_handshake_enc_key,
4166 { "Encrypted Key", "ssl.handshake.encrypted_key",
4167 FT_NONE, BASE_NONE, NULL, 0x0,
4168 "Secret portion of MASTER-KEY encrypted to server", HFILL }
4170 { &hf_ssl2_handshake_key_arg,
4171 { "Key Argument", "ssl.handshake.key_arg",
4172 FT_NONE, BASE_NONE, NULL, 0x0,
4173 "Key Argument (e.g., Initialization Vector)", HFILL }
4175 { &hf_ssl2_handshake_session_id_hit,
4176 { "Session ID Hit", "ssl.handshake.session_id_hit",
4177 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
4178 "Did the server find the client's Session ID?", HFILL }
4180 { &hf_ssl2_handshake_cert_type,
4181 { "Certificate Type", "ssl.handshake.cert_type",
4182 FT_UINT8, BASE_DEC, VALS(ssl_20_certificate_type), 0x0,
4183 "Certificate Type", HFILL }
4185 { &hf_ssl2_handshake_connection_id_len,
4186 { "Connection ID Length", "ssl.handshake.connection_id_length",
4187 FT_UINT16, BASE_DEC, NULL, 0x0,
4188 "Length of connection ID", HFILL }
4190 { &hf_ssl2_handshake_connection_id,
4191 { "Connection ID", "ssl.handshake.connection_id",
4192 FT_NONE, BASE_NONE, NULL, 0x0,
4193 "Server's challenge to client", HFILL }
4195 { &hf_pct_handshake_cipher_spec,
4196 { "Cipher Spec", "pct.handshake.cipherspec",
4197 FT_NONE, BASE_NONE, NULL, 0x0,
4198 "PCT Cipher specification", HFILL }
4200 { &hf_pct_handshake_cipher,
4201 { "Cipher", "pct.handshake.cipher",
4202 FT_UINT16, BASE_HEX, VALS(pct_cipher_type), 0x0,
4203 "PCT Ciper", HFILL }
4205 { &hf_pct_handshake_hash_spec,
4206 { "Hash Spec", "pct.handshake.hashspec",
4207 FT_NONE, BASE_NONE, NULL, 0x0,
4208 "PCT Hash specification", HFILL }
4210 { &hf_pct_handshake_hash,
4211 { "Hash", "pct.handshake.hash",
4212 FT_UINT16, BASE_HEX, VALS(pct_hash_type), 0x0,
4215 { &hf_pct_handshake_cert_spec,
4216 { "Cert Spec", "pct.handshake.certspec",
4217 FT_NONE, BASE_NONE, NULL, 0x0,
4218 "PCT Certificate specification", HFILL }
4220 { &hf_pct_handshake_cert,
4221 { "Cert", "pct.handshake.cert",
4222 FT_UINT16, BASE_HEX, VALS(pct_cert_type), 0x0,
4223 "PCT Certificate", HFILL }
4225 { &hf_pct_handshake_exch_spec,
4226 { "Exchange Spec", "pct.handshake.exchspec",
4227 FT_NONE, BASE_NONE, NULL, 0x0,
4228 "PCT Exchange specification", HFILL }
4230 { &hf_pct_handshake_exch,
4231 { "Exchange", "pct.handshake.exch",
4232 FT_UINT16, BASE_HEX, VALS(pct_exch_type), 0x0,
4233 "PCT Exchange", HFILL }
4235 { &hf_pct_handshake_sig,
4236 { "Sig Spec", "pct.handshake.sig",
4237 FT_UINT16, BASE_HEX, VALS(pct_sig_type), 0x0,
4238 "PCT Signature", HFILL }
4240 { &hf_pct_msg_error_type,
4241 { "PCT Error Code", "pct.msg_error_code",
4242 FT_UINT16, BASE_HEX, VALS(pct_error_code), 0x0,
4243 "PCT Error Code", HFILL }
4245 { &hf_pct_handshake_server_cert,
4246 { "Server Cert", "pct.handshake.server_cert",
4247 FT_NONE, BASE_NONE, NULL , 0x0,
4248 "PCT Server Certificate", HFILL }
4252 /* Setup protocol subtree array */
4253 static gint *ett[] = {
4258 &ett_ssl_cipher_suites,
4259 &ett_ssl_comp_methods,
4262 &ett_ssl_cert_types,
4264 &ett_pct_cipher_suites,
4265 &ett_pct_hash_suites,
4266 &ett_pct_cert_suites,
4267 &ett_pct_exch_suites,
4270 /* Register the protocol name and description */
4271 proto_ssl = proto_register_protocol("Secure Socket Layer",
4274 /* Required function calls to register the header fields and
4276 proto_register_field_array(proto_ssl, hf, array_length(hf));
4277 proto_register_subtree_array(ett, array_length(ett));
4280 module_t *ssl_module = prefs_register_protocol(proto_ssl, ssl_parse);
4281 prefs_register_bool_preference(ssl_module,
4282 "desegment_ssl_records",
4283 "Reassemble SSL records spanning multiple TCP segments",
4284 "Whether the SSL dissector should reassemble SSL records spanning multiple TCP segments. "
4285 "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
4287 prefs_register_string_preference(ssl_module, "keys_list", "RSA keys list",
4288 "comma separated list of private RSA keys used for SSL decryption; "
4289 "each list entry must be in the form of <ip>:<port>:<key_file_name>"
4290 "<key_file_name> is the local file name of the RSA private key used by the specified server\n",
4291 (const char **)&ssl_keys_list);
4292 prefs_register_string_preference(ssl_module, "ports_list", "SSL ports list",
4293 "comma separated list of tcp ports numbers to be dissectes as SSL; "
4294 "each list entry must be in the form of <port>:<clear-text-port>"
4295 "<clear-text-port> is the port numbert associated with the protocol tunneled over SSL for this port\n",
4296 (const char **)&ssl_ports_list);
4299 register_dissector("ssl", dissect_ssl, proto_ssl);
4301 register_init_routine(ssl_init);
4303 ssl_tap = register_tap("ssl");
4304 ssl_debug_printf("proto_register_ssl: registered tap %s:%d\n",
4308 /* If this dissector uses sub-dissector registration add a registration
4309 * routine. This format is required because a script is used to find
4310 * these routines and create the code that calls these routines.
4313 proto_reg_handoff_ssl(void)
4315 ssl_handle = find_dissector("ssl");
4317 /* add now dissector to default ports.*/