2 * Routines for ssl dissection
3 * Copyright (c) 2000-2001, Scott Renfro <scott@renfro.org>
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 * http://www.netscape.com/eng/security/SSL_2.html
33 * http://www.netscape.com/eng/ssl3/
37 * See RFC 2246 for SSL 3.1/TLS 1.0 specs.
39 * See (among other places)
41 * http://www.graphcomp.com/info/specs/ms/pct.htm
43 * for PCT 1 draft specs.
47 * http://research.sun.com/projects/crypto/draft-ietf-tls-ecc-05.txt
49 * for Elliptic Curve Cryptography cipher suites.
53 * http://www.ietf.org/internet-drafts/draft-ietf-tls-camellia-04.txt
55 * for Camellia-based cipher suites.
59 * - Does not support dissection
60 * of frames that would require state maintained between frames
61 * (e.g., single ssl records spread across multiple tcp frames)
63 * - Identifies, but does not fully dissect the following messages:
65 * - SSLv3/TLS (These need more state from previous handshake msgs)
66 * - Server Key Exchange
67 * - Client Key Exchange
68 * - Certificate Verify
70 * - SSLv2 (These don't appear in the clear)
75 * - Request Certificate
76 * - Client Certificate
78 * - Decryption is supported only for session that use RSA key exchange,
79 * if the host private key is provided via preference.
81 * - Decryption need to be performed 'sequentially', so it's done
82 * at packet reception time. This may cause a significative packet capture
83 * slow down. This also cause do dissect some ssl info that in previous
84 * dissector version were dissected only when a proto_tree context was
87 * We are at Packet reception if time pinfo->fd->flags.visited == 0
101 #include <epan/conversation.h>
102 #include <epan/prefs.h>
103 #include <epan/inet_v6defs.h>
104 #include <epan/dissectors/packet-x509af.h>
105 #include <epan/emem.h>
106 #include <epan/tap.h>
107 #include "packet-ssl-utils.h"
110 static gboolean ssl_desegment = TRUE;
113 /*********************************************************************
115 * Protocol Constants, Variables, Data Structures
117 *********************************************************************/
119 /* Initialize the protocol and registered fields */
120 static int ssl_tap = -1;
121 static int proto_ssl = -1;
122 static int hf_ssl_record = -1;
123 static int hf_ssl_record_content_type = -1;
124 static int hf_ssl_record_version = -1;
125 static int hf_ssl_record_length = -1;
126 static int hf_ssl_record_appdata = -1;
127 static int hf_ssl_record_appdata_decrypted = -1;
128 static int hf_ssl2_record = -1;
129 static int hf_ssl2_record_is_escape = -1;
130 static int hf_ssl2_record_padding_length = -1;
131 static int hf_ssl2_msg_type = -1;
132 static int hf_pct_msg_type = -1;
133 static int hf_ssl_change_cipher_spec = -1;
134 static int hf_ssl_alert_message = -1;
135 static int hf_ssl_alert_message_level = -1;
136 static int hf_ssl_alert_message_description = -1;
137 static int hf_ssl_handshake_protocol = -1;
138 static int hf_ssl_handshake_type = -1;
139 static int hf_ssl_handshake_length = -1;
140 static int hf_ssl_handshake_client_version = -1;
141 static int hf_ssl_handshake_server_version = -1;
142 static int hf_ssl_handshake_random_time = -1;
143 static int hf_ssl_handshake_random_bytes = -1;
144 static int hf_ssl_handshake_cipher_suites_len = -1;
145 static int hf_ssl_handshake_cipher_suites = -1;
146 static int hf_ssl_handshake_cipher_suite = -1;
147 static int hf_ssl_handshake_session_id = -1;
148 static int hf_ssl_handshake_comp_methods_len = -1;
149 static int hf_ssl_handshake_comp_methods = -1;
150 static int hf_ssl_handshake_comp_method = -1;
151 static int hf_ssl_handshake_extensions_len = -1;
152 static int hf_ssl_handshake_extension_type = -1;
153 static int hf_ssl_handshake_extension_len = -1;
154 static int hf_ssl_handshake_extension_data = -1;
155 static int hf_ssl_handshake_certificates_len = -1;
156 static int hf_ssl_handshake_certificates = -1;
157 static int hf_ssl_handshake_certificate = -1;
158 static int hf_ssl_handshake_certificate_len = -1;
159 static int hf_ssl_handshake_cert_types_count = -1;
160 static int hf_ssl_handshake_cert_types = -1;
161 static int hf_ssl_handshake_cert_type = -1;
162 static int hf_ssl_handshake_finished = -1;
163 static int hf_ssl_handshake_md5_hash = -1;
164 static int hf_ssl_handshake_sha_hash = -1;
165 static int hf_ssl_handshake_session_id_len = -1;
166 static int hf_ssl_handshake_dnames_len = -1;
167 static int hf_ssl_handshake_dnames = -1;
168 static int hf_ssl_handshake_dname_len = -1;
169 static int hf_ssl_handshake_dname = -1;
170 static int hf_ssl2_handshake_cipher_spec_len = -1;
171 static int hf_ssl2_handshake_session_id_len = -1;
172 static int hf_ssl2_handshake_challenge_len = -1;
173 static int hf_ssl2_handshake_cipher_spec = -1;
174 static int hf_ssl2_handshake_challenge = -1;
175 static int hf_ssl2_handshake_clear_key_len = -1;
176 static int hf_ssl2_handshake_enc_key_len = -1;
177 static int hf_ssl2_handshake_key_arg_len = -1;
178 static int hf_ssl2_handshake_clear_key = -1;
179 static int hf_ssl2_handshake_enc_key = -1;
180 static int hf_ssl2_handshake_key_arg = -1;
181 static int hf_ssl2_handshake_session_id_hit = -1;
182 static int hf_ssl2_handshake_cert_type = -1;
183 static int hf_ssl2_handshake_connection_id_len = -1;
184 static int hf_ssl2_handshake_connection_id = -1;
185 static int hf_pct_handshake_cipher_spec = -1;
186 static int hf_pct_handshake_hash_spec = -1;
187 static int hf_pct_handshake_cert_spec = -1;
188 static int hf_pct_handshake_cert = -1;
189 static int hf_pct_handshake_server_cert = -1;
190 static int hf_pct_handshake_exch_spec = -1;
191 static int hf_pct_handshake_hash = -1;
192 static int hf_pct_handshake_cipher = -1;
193 static int hf_pct_handshake_exch = -1;
194 static int hf_pct_handshake_sig = -1;
195 static int hf_pct_msg_error_type = -1;
197 /* Initialize the subtree pointers */
198 static gint ett_ssl = -1;
199 static gint ett_ssl_record = -1;
200 static gint ett_ssl_alert = -1;
201 static gint ett_ssl_handshake = -1;
202 static gint ett_ssl_cipher_suites = -1;
203 static gint ett_ssl_comp_methods = -1;
204 static gint ett_ssl_extension = -1;
205 static gint ett_ssl_certs = -1;
206 static gint ett_ssl_cert_types = -1;
207 static gint ett_ssl_dnames = -1;
208 static gint ett_pct_cipher_suites = -1;
209 static gint ett_pct_hash_suites = -1;
210 static gint ett_pct_cert_suites = -1;
211 static gint ett_pct_exch_suites = -1;
214 unsigned int ssl_port;
215 unsigned int decrypted_port;
216 dissector_handle_t handle;
220 static char* ssl_keys_list = NULL;
221 static char* ssl_ports_list = NULL;
222 static char* ssl_debug_file_name = NULL;
224 typedef struct _SslService {
229 static GHashTable *ssl_session_hash = NULL;
230 static GHashTable *ssl_key_hash = NULL;
231 static GTree* ssl_associations = NULL;
232 static dissector_handle_t ssl_handle = NULL;
233 static StringInfo ssl_decrypted_data = {NULL, 0};
235 /* Hash Functions for ssl sessions table and private keys table*/
237 ssl_equal (gconstpointer v, gconstpointer v2)
239 const StringInfo *val1 = (const StringInfo *)v;
240 const StringInfo *val2 = (const StringInfo *)v2;
242 if (val1->data_len == val2->data_len &&
243 !memcmp(val1->data, val2->data, val2->data_len)) {
250 ssl_hash (gconstpointer v)
253 StringInfo* id = (StringInfo*) v;
254 guint* cur = (guint*) id->data;
255 for (l=4; (l<id->data_len); l+=4, cur++)
256 hash = hash ^ (*cur);
262 ssl_private_key_equal (gconstpointer v, gconstpointer v2)
264 const SslService *val1 = (const SslService *)v;
265 const SslService *val2 = (const SslService *)v2;
267 if ((val1->port == val2->port) &&
268 ! CMP_ADDRESS(&val1->addr, &val2->addr)) {
275 ssl_private_key_hash (gconstpointer v)
277 const SslService *key = (const SslService *)v;
278 guint l,hash = key->port, len = key->addr.len;
280 guint* cur = (guint*) key->addr.data;
281 for (l=4; (l<len); l+=4, cur++)
282 hash = hash ^ (*cur);
287 /* private key table entries have a scope 'larger' then packet capture,
288 * so we can't relay on se_alloc** function */
290 ssl_private_key_free(gpointer id, gpointer key, gpointer dummy _U_)
293 ssl_free_key((SSL_PRIVATE_KEY*) key);
296 /* handling of association between ssl ports and clear text protocol */
298 ssl_association_add(unsigned int port, unsigned int ctport,
301 dissector_table_t tcp_dissectors = find_dissector_table( "tcp.port");
302 SslAssociation* assoc = g_malloc(sizeof(SslAssociation)+strlen(info)+1);
304 assoc->info = (char*) assoc+sizeof(SslAssociation);
305 strcpy(assoc->info, info);
306 assoc->ssl_port = port;
307 assoc->decrypted_port = ctport;
308 assoc->handle = dissector_get_port_handle(tcp_dissectors, ctport);
310 ssl_debug_printf("ssl_association_add port %d ctport %d info %s handle %p\n",
311 port, ctport, info, assoc->handle);
313 dissector_add("tcp.port", port, ssl_handle);
314 g_tree_insert(ssl_associations, (gpointer)port, assoc);
318 ssl_association_cmp(gconstpointer a, gconstpointer b)
320 return (gint)a-(gint)b;
324 SslAssociation* ssl_association_find(unsigned int port)
326 register SslAssociation* ret = g_tree_lookup(ssl_associations, (gpointer)port);
327 ssl_debug_printf("ssl_association_find: port %d found %p\n", port, ret);
332 ssl_association_remove_handle (gpointer key _U_,
333 gpointer data, gpointer user_data _U_)
335 SslAssociation* assoc = (SslAssociation*) data;
336 ssl_debug_printf("ssl_association_remove_handle removing ptr %p handle %p\n",
337 data, assoc->handle);
339 dissector_delete("tcp.port", assoc->ssl_port, assoc->handle);
345 ssl_packet_from_server(unsigned int port)
347 register int ret = ssl_association_find(port) != 0;
348 ssl_debug_printf("ssl_packet_from_server: is from server %d\n", ret);
352 /* initialize/reset per capture state data (ssl sessions cache) */
356 if (ssl_session_hash)
357 g_hash_table_destroy(ssl_session_hash);
358 ssl_session_hash = g_hash_table_new(ssl_hash, ssl_equal);
359 if (ssl_decrypted_data.data)
360 g_free(ssl_decrypted_data.data);
361 ssl_decrypted_data.data = g_malloc0(32);
362 ssl_decrypted_data.data_len = 32;
365 /* parse ssl related preferences (private keys and ports association strings) */
371 g_hash_table_foreach(ssl_key_hash, ssl_private_key_free, NULL);
372 g_hash_table_destroy(ssl_key_hash);
374 if (ssl_associations)
376 g_tree_traverse(ssl_associations, ssl_association_remove_handle, G_IN_ORDER, NULL);
377 g_tree_destroy(ssl_associations);
380 /* parse private keys string, load available keys and put them in key hash*/
381 ssl_key_hash = g_hash_table_new(ssl_private_key_hash,ssl_private_key_equal);
382 ssl_associations = g_tree_new(ssl_association_cmp);
384 if (ssl_keys_list && (ssl_keys_list[0] != 0))
387 char* start = strdup(ssl_keys_list);
390 ssl_debug_printf("ssl_init keys string %s\n", start);
392 char* addr, *port, *filename;
395 SSL_PRIVATE_KEY * private_key;
399 /* split ip/file couple with ',' separator*/
400 end = strchr(start, ',');
406 /* for each entry split ip, port, filename with ':' separator */
407 ssl_debug_printf("ssl_init found host entry %s\n", addr);
408 port = strchr(addr, ':');
411 ssl_debug_printf("ssl_init entry malformed can't find port in %s\n", addr);
417 filename = strchr(port,':');
420 ssl_debug_printf("ssl_init entry malformed can't find filename in %s\n", port);
426 /* convert ip and port string to network rappresentation*/
427 service = g_malloc(sizeof(SslService) + 4);
428 service->addr.type = AT_IPv4;
429 service->addr.len = 4;
430 service->addr.data = ip = ((unsigned char*)service) + sizeof(SslService);
431 sscanf(addr, "%hhu.%hhu.%hhu.%hhu", &ip[0], &ip[1], &ip[2], &ip[3]);
432 service->port = atoi(port);
433 ssl_debug_printf("ssl_init addr %hhu.%hhu.%hhu.%hhu port %d filename %s\n",
434 ip[0], ip[1], ip[2], ip[3], service->port, filename);
436 /* try to load pen file*/
437 fp = fopen(filename, "rb");
439 fprintf(stderr, "can't open file %s \n",filename);
443 private_key = ssl_load_key(fp);
445 fprintf(stderr,"can't load private key from %s\n",
451 ssl_debug_printf("ssl_init private key file %s successfully loaded\n",
453 g_hash_table_insert(ssl_key_hash, service, private_key);
455 } while (end != NULL);
459 /* parse ssl ports string and add ssl dissector to specifed port[s]*/
460 if (ssl_ports_list && (ssl_ports_list[0] != 0))
463 char* start = strdup(ssl_ports_list);
466 ssl_debug_printf("ssl_init ports string %s\n", start);
468 char* port, *ctport, *info;
469 unsigned int portn, ctportn;
472 /* split ip/file couple with ',' separator*/
473 end = strchr(start, ',');
479 /* for each entry split ip, port, filename with ':' separator */
480 ssl_debug_printf("ssl_init found port entry %s\n", port);
481 ctport = strchr(port, ':');
487 info = strchr(ctport,':');
493 /* add dissector to this port */
495 ctportn = atoi(ctport);
496 if (!portn || !ctportn)
499 ssl_debug_printf("ssl_init adding dissector to port %d (ct port %d)\n", portn, ctportn);
500 ssl_association_add(portn, ctportn, info);
501 } while (end != NULL);
505 ssl_set_debug(ssl_debug_file_name);
507 /* [re] add ssl dissection to defaults ports */
508 ssl_association_add(443, 80, "Hypertext transfer protocol");
509 ssl_association_add(636, 389, "Lightweight directory access protocol");
510 ssl_association_add(993, 143, "Interactive mail access protocol");
511 ssl_association_add(995, 110, "Post office protocol");
514 /* store master secret into session data cache */
516 ssl_save_session(SslDecryptSession* ssl)
518 /* allocate stringinfo chunks for session id and master secret data*/
519 StringInfo* session_id = se_alloc0(sizeof(StringInfo) + ssl->session_id.data_len);
520 StringInfo* master_secret = se_alloc0(48 + sizeof(StringInfo));
522 master_secret->data = ((unsigned char*)master_secret+sizeof(StringInfo));
523 session_id->data = ((unsigned char*)session_id+sizeof(StringInfo));
525 ssl_data_set(session_id, ssl->session_id.data, ssl->session_id.data_len);
526 ssl_data_set(master_secret, ssl->master_secret.data, ssl->master_secret.data_len);
527 g_hash_table_insert(ssl_session_hash, session_id, master_secret);
528 ssl_print_string("ssl_save_session stored session id", session_id);
529 ssl_print_string("ssl_save_session stored master secret", master_secret);
533 ssl_restore_session(SslDecryptSession* ssl)
535 StringInfo* ms = g_hash_table_lookup(ssl_session_hash, &ssl->session_id);
537 ssl_debug_printf("ssl_restore_session can't find stored session\n");
540 ssl_data_set(&ssl->master_secret, ms->data, ms->data_len);
541 ssl->state |= SSL_MASTER_SECRET;
542 ssl_debug_printf("ssl_restore_session master key retrived\n");
545 /* The TCP port to associate with by default */
546 #define TCP_PORT_SSL 443
547 #define TCP_PORT_SSL_LDAP 636
548 #define TCP_PORT_SSL_IMAP 993
549 #define TCP_PORT_SSL_POP 995
551 /* version state tables */
552 #define SSL_VER_UNKNOWN 0
553 #define SSL_VER_SSLv2 1
554 #define SSL_VER_SSLv3 2
555 #define SSL_VER_TLS 3
556 #define SSL_VER_PCT 4
558 /* corresponds to the #defines above */
559 static const gchar* ssl_version_short_names[] = {
568 #define SSL_ID_CHG_CIPHER_SPEC 0x14
569 #define SSL_ID_ALERT 0x15
570 #define SSL_ID_HANDSHAKE 0x16
571 #define SSL_ID_APP_DATA 0x17
573 #define SSL_HND_HELLO_REQUEST 0
574 #define SSL_HND_CLIENT_HELLO 1
575 #define SSL_HND_SERVER_HELLO 2
576 #define SSL_HND_CERTIFICATE 11
577 #define SSL_HND_SERVER_KEY_EXCHG 12
578 #define SSL_HND_CERT_REQUEST 13
579 #define SSL_HND_SVR_HELLO_DONE 14
580 #define SSL_HND_CERT_VERIFY 15
581 #define SSL_HND_CLIENT_KEY_EXCHG 16
582 #define SSL_HND_FINISHED 20
584 #define SSL2_HND_ERROR 0x00
585 #define SSL2_HND_CLIENT_HELLO 0x01
586 #define SSL2_HND_CLIENT_MASTER_KEY 0x02
587 #define SSL2_HND_CLIENT_FINISHED 0x03
588 #define SSL2_HND_SERVER_HELLO 0x04
589 #define SSL2_HND_SERVER_VERIFY 0x05
590 #define SSL2_HND_SERVER_FINISHED 0x06
591 #define SSL2_HND_REQUEST_CERTIFICATE 0x07
592 #define SSL2_HND_CLIENT_CERTIFICATE 0x08
594 #define PCT_VERSION_1 0x8001
596 #define PCT_MSG_CLIENT_HELLO 0x01
597 #define PCT_MSG_SERVER_HELLO 0x02
598 #define PCT_MSG_CLIENT_MASTER_KEY 0x03
599 #define PCT_MSG_SERVER_VERIFY 0x04
600 #define PCT_MSG_ERROR 0x05
602 #define PCT_CH_OFFSET_V1 0xa
604 #define PCT_CIPHER_DES 0x01
605 #define PCT_CIPHER_IDEA 0x02
606 #define PCT_CIPHER_RC2 0x03
607 #define PCT_CIPHER_RC4 0x04
608 #define PCT_CIPHER_DES_112 0x05
609 #define PCT_CIPHER_DES_168 0x06
611 #define PCT_HASH_MD5 0x0001
612 #define PCT_HASH_MD5_TRUNC_64 0x0002
613 #define PCT_HASH_SHA 0x0003
614 #define PCT_HASH_SHA_TRUNC_80 0x0004
615 #define PCT_HASH_DES_DM 0x0005
617 #define PCT_CERT_NONE 0x00
618 #define PCT_CERT_X509 0x01
619 #define PCT_CERT_PKCS7 0x02
621 #define PCT_SIG_NONE 0x0000
622 #define PCT_SIG_RSA_MD5 0x0001
623 #define PCT_SIG_RSA_SHA 0x0002
624 #define PCT_SIG_DSA_SHA 0x0003
626 #define PCT_EXCH_RSA_PKCS1 0x01
627 #define PCT_EXCH_RSA_PKCS1_TOKEN_DES 0x02
628 #define PCT_EXCH_RSA_PKCS1_TOKEN_DES3 0x03
629 #define PCT_EXCH_RSA_PKCS1_TOKEN_RC2 0x04
630 #define PCT_EXCH_RSA_PKCS1_TOKEN_RC4 0x05
631 #define PCT_EXCH_DH_PKCS3 0x06
632 #define PCT_EXCH_DH_PKCS3_TOKEN_DES 0x07
633 #define PCT_EXCH_DH_PKCS3_TOKEN_DES3 0x08
634 #define PCT_EXCH_FORTEZZA_TOKEN 0x09
636 #define PCT_ERR_BAD_CERTIFICATE 0x01
637 #define PCT_ERR_CLIENT_AUTH_FAILED 0x02
638 #define PCT_ERR_ILLEGAL_MESSAGE 0x03
639 #define PCT_ERR_INTEGRITY_CHECK_FAILED 0x04
640 #define PCT_ERR_SERVER_AUTH_FAILED 0x05
641 #define PCT_ERR_SPECS_MISMATCH 0x06
647 static const value_string ssl_20_msg_types[] = {
648 { SSL2_HND_ERROR, "Error" },
649 { SSL2_HND_CLIENT_HELLO, "Client Hello" },
650 { SSL2_HND_CLIENT_MASTER_KEY, "Client Master Key" },
651 { SSL2_HND_CLIENT_FINISHED, "Client Finished" },
652 { SSL2_HND_SERVER_HELLO, "Server Hello" },
653 { SSL2_HND_SERVER_VERIFY, "Server Verify" },
654 { SSL2_HND_SERVER_FINISHED, "Server Finished" },
655 { SSL2_HND_REQUEST_CERTIFICATE, "Request Certificate" },
656 { SSL2_HND_CLIENT_CERTIFICATE, "Client Certificate" },
660 static const value_string ssl_20_cipher_suites[] = {
661 { 0x010080, "SSL2_RC4_128_WITH_MD5" },
662 { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" },
663 { 0x030080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
664 { 0x040080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
665 { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" },
666 { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" },
667 { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" },
668 { 0x080080, "SSL2_RC4_64_WITH_MD5" },
669 { 0x000000, "TLS_NULL_WITH_NULL_NULL" },
670 { 0x000001, "TLS_RSA_WITH_NULL_MD5" },
671 { 0x000002, "TLS_RSA_WITH_NULL_SHA" },
672 { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
673 { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" },
674 { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" },
675 { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
676 { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
677 { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
678 { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" },
679 { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
680 { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
681 { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
682 { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
683 { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
684 { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
685 { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
686 { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
687 { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
688 { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
689 { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
690 { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
691 { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
692 { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
693 { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" },
694 { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
695 { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
696 { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
697 { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
698 { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
699 { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
700 { 0x00002f, "TLS_RSA_WITH_AES_128_CBC_SHA" },
701 { 0x000030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" },
702 { 0x000031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" },
703 { 0x000032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" },
704 { 0x000033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
705 { 0x000034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" },
706 { 0x000035, "TLS_RSA_WITH_AES_256_CBC_SHA" },
707 { 0x000036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" },
708 { 0x000037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" },
709 { 0x000038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" },
710 { 0x000039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
711 { 0x00003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" },
712 { 0x000041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" },
713 { 0x000042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" },
714 { 0x000043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" },
715 { 0x000044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" },
716 { 0x000045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" },
717 { 0x000046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" },
718 { 0x000047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
719 { 0x000048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
720 { 0x000049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" },
721 { 0x00004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
722 { 0x00004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
723 { 0x00004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
724 { 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
725 { 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
726 { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
727 { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
728 { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
729 { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
730 { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
731 { 0x000084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" },
732 { 0x000085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" },
733 { 0x000086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" },
734 { 0x000087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" },
735 { 0x000088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" },
736 { 0x000089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" },
737 /* these from http://www.mozilla.org/projects/
738 security/pki/nss/ssl/fips-ssl-ciphersuites.html */
739 { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
740 { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
741 { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
742 { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
743 /* Microsoft's old PCT protocol. These are from Eric Rescorla's
744 book "SSL and TLS" */
745 { 0x8f8001, "PCT_SSL_COMPAT | PCT_VERSION_1" },
746 { 0x800003, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509_CHAIN" },
747 { 0x800001, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509" },
748 { 0x810001, "PCT_SSL_HASH_TYPE | PCT1_HASH_MD5" },
749 { 0x810003, "PCT_SSL_HASH_TYPE | PCT1_HASH_SHA" },
750 { 0x820001, "PCT_SSL_EXCH_TYPE | PCT1_EXCH_RSA_PKCS1" },
751 { 0x830004, "PCT_SSL_CIPHER_TYPE_1ST_HALF | PCT1_CIPHER_RC4" },
752 { 0x848040, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_128 | PCT1_MAC_BITS_128" },
753 { 0x842840, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_40 | PCT1_MAC_BITS_128" },
754 /* note that ciphersuites of {0x00????} are TLS cipher suites in
755 * a sslv2 client hello message; the ???? above is the two-byte
756 * tls cipher suite id
761 static const value_string ssl_20_certificate_type[] = {
763 { 0x01, "X.509 Certificate" },
767 static const value_string ssl_31_content_type[] = {
768 { 20, "Change Cipher Spec" },
771 { 23, "Application Data" },
775 static const value_string ssl_versions[] = {
776 { 0x0301, "TLS 1.0" },
777 { 0x0300, "SSL 3.0" },
778 { 0x0002, "SSL 2.0" },
783 /* XXX - would be used if we dissected the body of a Change Cipher Spec
785 static const value_string ssl_31_change_cipher_spec[] = {
786 { 1, "Change Cipher Spec" },
791 static const value_string ssl_31_alert_level[] = {
797 static const value_string ssl_31_alert_description[] = {
798 { 0, "Close Notify" },
799 { 10, "Unexpected Message" },
800 { 20, "Bad Record MAC" },
801 { 21, "Decryption Failed" },
802 { 22, "Record Overflow" },
803 { 30, "Decompression Failure" },
804 { 40, "Handshake Failure" },
805 { 42, "Bad Certificate" },
806 { 43, "Unsupported Certificate" },
807 { 44, "Certificate Revoked" },
808 { 45, "Certificate Expired" },
809 { 46, "Certificate Unknown" },
810 { 47, "Illegal Parameter" },
811 { 48, "Unknown CA" },
812 { 49, "Access Denied" },
813 { 50, "Decode Error" },
814 { 51, "Decrypt Error" },
815 { 60, "Export Restriction" },
816 { 70, "Protocol Version" },
817 { 71, "Insufficient Security" },
818 { 80, "Internal Error" },
819 { 90, "User Canceled" },
820 { 100, "No Renegotiation" },
824 static const value_string ssl_31_handshake_type[] = {
825 { SSL_HND_HELLO_REQUEST, "Hello Request" },
826 { SSL_HND_CLIENT_HELLO, "Client Hello" },
827 { SSL_HND_SERVER_HELLO, "Server Hello" },
828 { SSL_HND_CERTIFICATE, "Certificate" },
829 { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" },
830 { SSL_HND_CERT_REQUEST, "Certificate Request" },
831 { SSL_HND_SVR_HELLO_DONE, "Server Hello Done" },
832 { SSL_HND_CERT_VERIFY, "Certificate Verify" },
833 { SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" },
834 { SSL_HND_FINISHED, "Finished" },
838 static const value_string ssl_31_compression_method[] = {
846 /* XXX - would be used if we dissected a Signature, as would be
847 seen in a server key exchange or certificate verify message. */
848 static const value_string ssl_31_key_exchange_algorithm[] = {
850 { 1, "Diffie Hellman" },
854 static const value_string ssl_31_signature_algorithm[] = {
862 static const value_string ssl_31_client_certificate_type[] = {
865 { 3, "RSA Fixed DH" },
866 { 4, "DSS Fixed DH" },
871 /* XXX - would be used if we dissected exchange keys, as would be
872 seen in a client key exchange message. */
873 static const value_string ssl_31_public_value_encoding[] = {
880 static const value_string ssl_31_ciphersuite[] = {
881 { 0x0000, "TLS_NULL_WITH_NULL_NULL" },
882 { 0x0001, "TLS_RSA_WITH_NULL_MD5" },
883 { 0x0002, "TLS_RSA_WITH_NULL_SHA" },
884 { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
885 { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" },
886 { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" },
887 { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
888 { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
889 { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
890 { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" },
891 { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
892 { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
893 { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
894 { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
895 { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
896 { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
897 { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
898 { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
899 { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
900 { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
901 { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
902 { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
903 { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
904 { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
905 { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" },
906 { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
907 { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
908 { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
909 { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
910 { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
911 { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
912 { 0x002f, "TLS_RSA_WITH_AES_128_CBC_SHA" },
913 { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" },
914 { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" },
915 { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" },
916 { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
917 { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" },
918 { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" },
919 { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" },
920 { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" },
921 { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" },
922 { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
923 { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" },
924 { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" },
925 { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" },
926 { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" },
927 { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" },
928 { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" },
929 { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" },
930 { 0x0047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
931 { 0x0048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
932 { 0x0049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" },
933 { 0x004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
934 { 0x004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
935 { 0x004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
936 { 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
937 { 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
938 { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
939 { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
940 { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
941 { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
942 { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
943 { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" },
944 { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" },
945 { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" },
946 { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" },
947 { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" },
948 { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" },
949 /* these from http://www.mozilla.org/projects/
950 security/pki/nss/ssl/fips-ssl-ciphersuites.html */
951 { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
952 { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
953 { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
954 { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
955 /* note that ciphersuites 0xff00 - 0xffff are private */
959 static const value_string pct_msg_types[] = {
960 { PCT_MSG_CLIENT_HELLO, "Client Hello" },
961 { PCT_MSG_SERVER_HELLO, "Server Hello" },
962 { PCT_MSG_CLIENT_MASTER_KEY, "Client Master Key" },
963 { PCT_MSG_SERVER_VERIFY, "Server Verify" },
964 { PCT_MSG_ERROR, "Error" },
968 static const value_string pct_cipher_type[] = {
969 { PCT_CIPHER_DES, "DES" },
970 { PCT_CIPHER_IDEA, "IDEA" },
971 { PCT_CIPHER_RC2, "RC2" },
972 { PCT_CIPHER_RC4, "RC4" },
973 { PCT_CIPHER_DES_112, "DES 112 bit" },
974 { PCT_CIPHER_DES_168, "DES 168 bit" },
978 static const value_string pct_hash_type[] = {
979 { PCT_HASH_MD5, "MD5" },
980 { PCT_HASH_MD5_TRUNC_64, "MD5_TRUNC_64"},
981 { PCT_HASH_SHA, "SHA"},
982 { PCT_HASH_SHA_TRUNC_80, "SHA_TRUNC_80"},
983 { PCT_HASH_DES_DM, "DES_DM"},
987 static const value_string pct_cert_type[] = {
988 { PCT_CERT_NONE, "None" },
989 { PCT_CERT_X509, "X.509" },
990 { PCT_CERT_PKCS7, "PKCS #7" },
993 static const value_string pct_sig_type[] = {
994 { PCT_SIG_NONE, "None" },
995 { PCT_SIG_RSA_MD5, "MD5" },
996 { PCT_SIG_RSA_SHA, "RSA SHA" },
997 { PCT_SIG_DSA_SHA, "DSA SHA" },
1001 static const value_string pct_exch_type[] = {
1002 { PCT_EXCH_RSA_PKCS1, "RSA PKCS#1" },
1003 { PCT_EXCH_RSA_PKCS1_TOKEN_DES, "RSA PKCS#1 Token DES" },
1004 { PCT_EXCH_RSA_PKCS1_TOKEN_DES3, "RSA PKCS#1 Token 3DES" },
1005 { PCT_EXCH_RSA_PKCS1_TOKEN_RC2, "RSA PKCS#1 Token RC-2" },
1006 { PCT_EXCH_RSA_PKCS1_TOKEN_RC4, "RSA PKCS#1 Token RC-4" },
1007 { PCT_EXCH_DH_PKCS3, "DH PKCS#3" },
1008 { PCT_EXCH_DH_PKCS3_TOKEN_DES, "DH PKCS#3 Token DES" },
1009 { PCT_EXCH_DH_PKCS3_TOKEN_DES3, "DH PKCS#3 Token 3DES" },
1010 { PCT_EXCH_FORTEZZA_TOKEN, "Fortezza" },
1014 static const value_string pct_error_code[] = {
1015 { PCT_ERR_BAD_CERTIFICATE, "PCT_ERR_BAD_CERTIFICATE" },
1016 { PCT_ERR_CLIENT_AUTH_FAILED, "PCT_ERR_CLIENT_AUTH_FAILE" },
1017 { PCT_ERR_ILLEGAL_MESSAGE, "PCT_ERR_ILLEGAL_MESSAGE" },
1018 { PCT_ERR_INTEGRITY_CHECK_FAILED, "PCT_ERR_INTEGRITY_CHECK_FAILED" },
1019 { PCT_ERR_SERVER_AUTH_FAILED, "PCT_ERR_SERVER_AUTH_FAILED" },
1020 { PCT_ERR_SPECS_MISMATCH, "PCT_ERR_SPECS_MISMATCH" },
1025 static const value_string tls_hello_extension_types[] = {
1026 { 0, "server_name" },
1027 { 1, "max_fragment_length" },
1028 { 2, "client_certificate_url" },
1029 { 3, "trusted_ca_keys" },
1030 { 4, "truncated_hmac" },
1031 { 5, "status_request" },
1032 { 35, "EAP-FAST PAC-Opaque" /* draft-cam-winget-eap-fast-00.txt */ },
1036 /*********************************************************************
1038 * Forward Declarations
1040 *********************************************************************/
1043 * SSL version 3 and TLS dissectors
1046 /* record layer dissector */
1047 static int dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
1048 proto_tree *tree, guint32 offset,
1049 guint *conv_version,
1050 gboolean *need_desegmentation,
1051 SslDecryptSession *conv_data);
1053 /* change cipher spec dissector */
1054 static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
1057 guint *conv_version, guint8 content_type);
1059 /* alert message dissector */
1060 static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
1061 proto_tree *tree, guint32 offset,
1062 guint *conv_version);
1064 /* handshake protocol dissector */
1065 static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
1066 proto_tree *tree, guint32 offset,
1067 guint32 record_length,
1068 guint *conv_version,
1069 SslDecryptSession *conv_data, guint8 content_type);
1072 static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
1074 guint32 offset, guint32 length,
1075 SslDecryptSession* ssl);
1077 static void dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
1079 guint32 offset, guint32 length,
1080 SslDecryptSession* ssl);
1082 static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
1083 proto_tree *tree, guint32 offset, packet_info *pinfo);
1085 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
1089 static void dissect_ssl3_hnd_finished(tvbuff_t *tvb,
1092 guint* conv_version);
1096 * SSL version 2 dissectors
1100 /* record layer dissector */
1101 static int dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
1102 proto_tree *tree, guint32 offset,
1103 guint *conv_version,
1104 gboolean *need_desegmentation,
1105 SslDecryptSession* ssl);
1107 /* client hello dissector */
1108 static void dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
1111 SslDecryptSession* ssl);
1113 static void dissect_pct_msg_client_hello(tvbuff_t *tvb,
1117 /* client master key dissector */
1118 static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
1121 static void dissect_pct_msg_client_master_key(tvbuff_t *tvb,
1125 /* server hello dissector */
1126 static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
1128 guint32 offset, packet_info *pinfo);
1129 static void dissect_pct_msg_server_hello(tvbuff_t *tvb,
1131 guint32 offset, packet_info *pinfo);
1134 static void dissect_pct_msg_server_verify(tvbuff_t *tvb,
1138 static void dissect_pct_msg_error(tvbuff_t *tvb,
1146 /*static void ssl_set_conv_version(packet_info *pinfo, guint version);*/
1147 static int ssl_is_valid_handshake_type(guint8 type);
1148 static int ssl_is_valid_content_type(guint8 type);
1149 static int ssl_is_valid_ssl_version(guint16 version);
1150 static int ssl_is_authoritative_version_message(guint8 content_type,
1152 static int ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset);
1153 static int ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset);
1154 static int ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset);
1155 static int ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb,
1157 guint32 record_length);
1158 static int ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb,
1160 guint32 record_length);
1161 /*********************************************************************
1165 *********************************************************************/
1167 * Code to actually dissect the packets
1170 dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1173 conversation_t *conversation;
1175 proto_item *ti = NULL;
1176 proto_tree *ssl_tree = NULL;
1178 gboolean first_record_in_frame = TRUE;
1179 gboolean need_desegmentation;
1180 SslDecryptSession* ssl_session = NULL;
1181 guint* conv_version;
1183 /* Track the version using conversations to reduce the
1184 * chance that a packet that simply *looks* like a v2 or
1185 * v3 packet is dissected improperly. This also allows
1186 * us to more frequently set the protocol column properly
1187 * for continuation data frames.
1189 * Also: We use the copy in conv_version as our cached copy,
1190 * so that we don't have to search the conversation
1191 * table every time we want the version; when setting
1192 * the conv_version, must set the copy in the conversation
1193 * in addition to conv_version
1195 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
1196 pinfo->srcport, pinfo->destport, 0);
1199 /* create a new conversation */
1200 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
1201 pinfo->srcport, pinfo->destport, 0);
1203 conv_data = conversation_get_proto_data(conversation, proto_ssl);
1205 /* PAOLO: manage ssl decryption data */
1206 /*get a valid ssl session pointer*/
1207 if (conv_data != NULL)
1208 ssl_session = conv_data;
1212 ssl_session = se_alloc0(sizeof(SslDecryptSession));
1213 ssl_session_init(ssl_session);
1214 ssl_session->version = SSL_VER_UNKNOWN;
1215 conversation_add_proto_data(conversation, proto_ssl, ssl_session);
1217 /* we need to know witch side of conversation is speaking*/
1218 if (ssl_packet_from_server(pinfo->srcport)) {
1219 dummy.addr = pinfo->src;
1220 dummy.port = pinfo->srcport;
1223 dummy.addr = pinfo->dst;
1224 dummy.port = pinfo->destport;
1226 ssl_debug_printf("dissect_ssl server %hhd.%hhd.%hhd.%hhd:%d\n",
1228 dummy.addr.data[1],dummy.addr.data[2],
1229 dummy.addr.data[3],dummy.port);
1231 /* try to retrive private key for this service. Do it now 'cause pinfo
1232 * is not always available
1233 * Note that with HAVE_LIBGNUTLS undefined private_key is allways 0
1234 * and thus decryption never engaged*/
1235 ssl_session->private_key = g_hash_table_lookup(ssl_key_hash, &dummy);
1236 if (!ssl_session->private_key)
1237 ssl_debug_printf("dissect_ssl can't find private key for this server!\n");
1239 conv_version= & ssl_session->version;
1241 /* try decryption only the first time we see this packet
1242 * (to keep cipher syncronized)and only if we have
1243 * the server private key*/
1244 if (!ssl_session->private_key || pinfo->fd->flags.visited)
1247 /* Initialize the protocol column; we'll set it later when we
1248 * figure out what flavor of SSL it is (assuming we don't
1249 * throw an exception before we get the chance to do so). */
1250 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1252 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSL");
1255 /* clear the the info column */
1256 if (check_col(pinfo->cinfo, COL_INFO))
1257 col_clear(pinfo->cinfo, COL_INFO);
1259 /* TCP packets and SSL records are orthogonal.
1260 * A tcp packet may contain multiple ssl records and an ssl
1261 * record may be spread across multiple tcp packets.
1263 * This loop accounts for multiple ssl records in a single
1264 * frame, but not a single ssl record across multiple tcp
1267 * Handling the single ssl record across multiple packets
1268 * may be possible using ethereal conversations, but
1269 * probably not cleanly. May have to wait for tcp stream
1273 /* Create display subtree for SSL as a whole */
1276 ti = proto_tree_add_item(tree, proto_ssl, tvb, 0, -1, FALSE);
1277 ssl_tree = proto_item_add_subtree(ti, ett_ssl);
1280 /* iterate through the records in this tvbuff */
1281 while (tvb_reported_length_remaining(tvb, offset) != 0)
1283 /* on second and subsequent records per frame
1284 * add a delimiter on info column
1286 if (!first_record_in_frame
1287 && check_col(pinfo->cinfo, COL_INFO))
1289 col_append_str(pinfo->cinfo, COL_INFO, ", ");
1293 * Assume, for now, that this doesn't need desegmentation.
1295 need_desegmentation = FALSE;
1297 /* first try to dispatch off the cached version
1298 * known to be associated with the conversation
1300 switch(*conv_version) {
1303 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
1304 offset, conv_version,
1305 &need_desegmentation,
1311 /* the version tracking code works too well ;-)
1312 * at times, we may visit a v2 client hello after
1313 * we already know the version of the connection;
1314 * work around that here by detecting and calling
1315 * the v2 dissector instead
1317 if (ssl_is_v2_client_hello(tvb, offset))
1319 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
1320 offset, conv_version,
1321 &need_desegmentation,
1326 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
1327 offset, conv_version,
1328 &need_desegmentation,
1333 /* that failed, so apply some heuristics based
1334 * on this individual packet
1337 if (ssl_looks_like_sslv2(tvb, offset))
1339 /* looks like sslv2 or pct client hello */
1340 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
1341 offset, conv_version,
1342 &need_desegmentation,
1345 else if (ssl_looks_like_sslv3(tvb, offset))
1347 /* looks like sslv3 or tls */
1348 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
1349 offset, conv_version,
1350 &need_desegmentation,
1355 /* looks like something unknown, so lump into
1358 offset = tvb_length(tvb);
1359 if (check_col(pinfo->cinfo, COL_INFO))
1360 col_append_str(pinfo->cinfo, COL_INFO,
1361 "Continuation Data");
1363 /* Set the protocol column */
1364 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1366 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1367 ssl_version_short_names[*conv_version]);
1373 /* Desegmentation return check */
1374 if (need_desegmentation)
1376 /* set up for next record in frame, if any */
1377 first_record_in_frame = FALSE;
1379 tap_queue_packet(ssl_tap, pinfo, (gpointer)proto_ssl);
1383 decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
1384 guint32 record_length, guint8 content_type, SslDecryptSession* ssl,
1385 gboolean save_plaintext)
1388 SslDecoder* decoder;
1390 /* if we can decrypt and decryption have success
1391 * add decrypted data to this packet info*/
1392 ssl_debug_printf("decrypt_ssl3_record: app_data len %d ssl state %X\n",
1393 record_length, ssl->state);
1394 if (!(ssl->state & SSL_HAVE_SESSION_KEY)) {
1395 ssl_debug_printf("decrypt_ssl3_record: no session key\n");
1399 /* retrive decoder for this packet direction*/
1400 if ((direction = ssl_packet_from_server(pinfo->srcport)) != 0) {
1401 ssl_debug_printf("decrypt_ssl3_record: using server decoder\n");
1402 decoder = &ssl->server;
1405 ssl_debug_printf("decrypt_ssl3_record: using client decoder\n");
1406 decoder = &ssl->client;
1409 /* ensure we have enough storage space for decrypted data */
1410 if (record_length > ssl_decrypted_data.data_len)
1412 ssl_debug_printf("decrypt_ssl3_record: allocating %d bytes"
1413 " for decrypt data (old len %d)\n",
1414 record_length + 32, ssl_decrypted_data.data_len);
1415 ssl_decrypted_data.data = g_realloc(ssl_decrypted_data.data,
1416 record_length + 32);
1417 ssl_decrypted_data.data_len = record_length + 32;
1420 /* run decryption and add decrypted payload to protocol data, if decryption
1422 len = ssl_decrypted_data.data_len;
1423 if ((ssl_decrypt_record(ssl, decoder,
1424 content_type, tvb_get_ptr(tvb, offset, record_length),
1425 record_length, ssl_decrypted_data.data, &len) == 0) &&
1428 StringInfo* data = p_get_proto_data(pinfo->fd, proto_ssl);
1431 ssl_debug_printf("decrypt_ssl3_record: allocating app_data %d "
1432 "bytes for app data\n", len);
1433 /* first app data record: allocate and put packet data*/
1434 data = se_alloc(sizeof(StringInfo));
1435 data->data = se_alloc(len);
1436 data->data_len = len;
1437 memcpy(data->data, ssl_decrypted_data.data, len);
1440 unsigned char* store;
1441 /* update previus record*/
1442 ssl_debug_printf("decrypt_ssl3_record: reallocating app_data "
1443 "%d bytes for app data (total %d appdata bytes)\n",
1444 len, data->data_len + len);
1445 store = se_alloc(data->data_len + len);
1446 memcpy(store, data->data, data->data_len);
1447 memcpy(&store[data->data_len], ssl_decrypted_data.data, len);
1448 data->data_len += len;
1450 /* old decrypted data ptr here appare to be leaked, but it's
1451 * collected by emem allocator */
1454 /* data ptr is changed, so remove old one and re-add the new one*/
1455 ssl_debug_printf("decrypt_ssl3_record: removing old app_data ptr\n");
1456 p_remove_proto_data(pinfo->fd, proto_ssl);
1459 ssl_debug_printf("decrypt_ssl3_record: setting decrypted app_data ptr %p\n",data);
1460 p_add_proto_data(pinfo->fd, proto_ssl, data);
1466 /*********************************************************************
1468 * SSL version 3 and TLS Dissection Routines
1470 *********************************************************************/
1472 dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
1473 proto_tree *tree, guint32 offset,
1474 guint *conv_version, gboolean *need_desegmentation,
1475 SslDecryptSession* ssl)
1480 * uint8 major, minor;
1481 * } ProtocolVersion;
1485 * change_cipher_spec(20), alert(21), handshake(22),
1486 * application_data(23), (255)
1491 * ProtocolVersion version;
1493 * opaque fragment[TLSPlaintext.length];
1496 guint32 record_length;
1498 guint8 content_type;
1500 proto_tree *ti = NULL;
1501 proto_tree *ssl_record_tree = NULL;
1502 guint32 available_bytes = 0;
1503 StringInfo* decrypted;
1504 SslAssociation* association;
1506 available_bytes = tvb_length_remaining(tvb, offset);
1509 * Can we do reassembly?
1511 if (ssl_desegment && pinfo->can_desegment) {
1513 * Yes - is the record header split across segment boundaries?
1515 if (available_bytes < 5) {
1517 * Yes. Tell the TCP dissector where the data for this
1518 * message starts in the data it handed us, and how many
1519 * more bytes we need, and return.
1521 pinfo->desegment_offset = offset;
1522 pinfo->desegment_len = 5 - available_bytes;
1523 *need_desegmentation = TRUE;
1529 * Get the record layer fields of interest
1531 content_type = tvb_get_guint8(tvb, offset);
1532 version = tvb_get_ntohs(tvb, offset + 1);
1533 record_length = tvb_get_ntohs(tvb, offset + 3);
1535 if (ssl_is_valid_content_type(content_type)) {
1538 * Can we do reassembly?
1540 if (ssl_desegment && pinfo->can_desegment) {
1542 * Yes - is the record split across segment boundaries?
1544 if (available_bytes < record_length + 5) {
1546 * Yes. Tell the TCP dissector where the data for this
1547 * message starts in the data it handed us, and how many
1548 * more bytes we need, and return.
1550 pinfo->desegment_offset = offset;
1551 pinfo->desegment_len = (record_length + 5) - available_bytes;
1552 *need_desegmentation = TRUE;
1559 /* if we don't have a valid content_type, there's no sense
1560 * continuing any further
1562 if (check_col(pinfo->cinfo, COL_INFO))
1563 col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
1565 /* Set the protocol column */
1566 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1568 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1569 ssl_version_short_names[*conv_version]);
1571 return offset + 5 + record_length;
1575 * If GUI, fill in record layer part of tree
1580 /* add the record layer subtree header */
1581 tvb_ensure_bytes_exist(tvb, offset, 5 + record_length);
1582 ti = proto_tree_add_item(tree, hf_ssl_record, tvb,
1583 offset, 5 + record_length, 0);
1584 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
1586 if (ssl_record_tree)
1589 /* show the one-byte content type */
1590 proto_tree_add_item(ssl_record_tree, hf_ssl_record_content_type,
1594 /* add the version */
1595 proto_tree_add_item(ssl_record_tree, hf_ssl_record_version, tvb,
1599 /* add the length */
1600 proto_tree_add_uint(ssl_record_tree, hf_ssl_record_length, tvb,
1601 offset, 2, record_length);
1602 offset += 2; /* move past length field itself */
1606 /* if no GUI tree, then just skip over those fields */
1612 * if we don't already have a version set for this conversation,
1613 * but this message's version is authoritative (i.e., it's
1614 * not client_hello, then save the version to to conversation
1615 * structure and print the column version
1617 next_byte = tvb_get_guint8(tvb, offset);
1618 if (*conv_version == SSL_VER_UNKNOWN
1619 && ssl_is_authoritative_version_message(content_type, next_byte))
1621 if (version == 0x0300)
1623 *conv_version = SSL_VER_SSLv3;
1625 ssl->version_netorder = version;
1626 ssl->state |= SSL_VERSION;
1628 /*ssl_set_conv_version(pinfo, ssl->version);*/
1630 else if (version == 0x0301)
1633 *conv_version = SSL_VER_TLS;
1635 ssl->version_netorder = version;
1636 ssl->state |= SSL_VERSION;
1638 /*ssl_set_conv_version(pinfo, ssl->version);*/
1641 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1643 if (version == 0x0300)
1645 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1646 ssl_version_short_names[SSL_VER_SSLv3]);
1648 else if (version == 0x0301)
1650 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1651 ssl_version_short_names[SSL_VER_TLS]);
1655 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1656 ssl_version_short_names[*conv_version]);
1661 * now dissect the next layer
1663 ssl_debug_printf("dissect_ssl3_record: content_type %d\n",content_type);
1665 /* PAOLO try to decrypt each record (we must keep ciphers "in sync")
1666 * store plain text only for app data */
1668 switch (content_type) {
1669 case SSL_ID_CHG_CIPHER_SPEC:
1670 if (check_col(pinfo->cinfo, COL_INFO))
1671 col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
1672 dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree,
1673 offset, conv_version, content_type);
1677 decrypt_ssl3_record(tvb, pinfo, offset,
1678 record_length, content_type, ssl, FALSE);
1679 dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
1682 case SSL_ID_HANDSHAKE:
1684 decrypt_ssl3_record(tvb, pinfo, offset,
1685 record_length, content_type, ssl, FALSE);
1686 dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
1687 record_length, conv_version, ssl, content_type);
1689 case SSL_ID_APP_DATA:
1691 decrypt_ssl3_record(tvb, pinfo, offset,
1692 record_length, content_type, ssl, TRUE);
1694 /* show on info colum what we are decoding */
1695 if (check_col(pinfo->cinfo, COL_INFO))
1696 col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
1698 if (!ssl_record_tree)
1701 /* we need dissector information when the selected packet is shown.
1702 * ssl session pointer is NULL at that time, so we can't access
1703 * info cached there*/
1704 association = ssl_association_find(pinfo->srcport);
1705 association = association ? association: ssl_association_find(pinfo->destport);
1707 proto_item_set_text(ssl_record_tree,
1708 "%s Record Layer: %s Protocol: %s",
1709 ssl_version_short_names[*conv_version],
1710 val_to_str(content_type, ssl_31_content_type, "unknown"),
1711 association?association->info:"Application Data");
1713 /* show decrypted data info, if available */
1714 decrypted = p_get_proto_data(pinfo->fd, proto_ssl);
1719 /* try to dissect decrypted data*/
1720 ssl_debug_printf("dissect_ssl3_record decrypted len %d\n", decrypted->data_len);
1722 /* create new tvbuff for the decrypted data */
1723 new_tvb = tvb_new_real_data(decrypted->data,
1724 decrypted->data_len, decrypted->data_len);
1725 tvb_set_free_cb(new_tvb, g_free);
1726 /* tvb_set_child_real_data_tvbuff(tvb, new_tvb); */
1728 /* find out a dissector using server port*/
1729 if (association && association->handle) {
1730 ssl_debug_printf("dissect_ssl3_record found association %p\n", association);
1731 ssl_print_text_data("decrypted app data",decrypted->data,
1732 decrypted->data_len);
1734 call_dissector(association->handle, new_tvb, pinfo, ssl_record_tree);
1736 /* add raw decrypted data only if a decoder is not found*/
1738 proto_tree_add_string(ssl_record_tree, hf_ssl_record_appdata_decrypted, tvb,
1739 offset, decrypted->data_len, (char*) decrypted->data);
1742 tvb_ensure_bytes_exist(tvb, offset, record_length);
1743 proto_tree_add_item(ssl_record_tree, hf_ssl_record_appdata, tvb,
1744 offset, record_length, 0);
1749 /* shouldn't get here since we check above for valid types */
1750 if (check_col(pinfo->cinfo, COL_INFO))
1751 col_append_str(pinfo->cinfo, COL_INFO, "Bad SSLv3 Content Type");
1754 offset += record_length; /* skip to end of record */
1759 /* dissects the change cipher spec procotol, filling in the tree */
1761 dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
1762 proto_tree *tree, guint32 offset,
1763 guint* conv_version, guint8 content_type)
1767 * enum { change_cipher_spec(1), (255) } type;
1768 * } ChangeCipherSpec;
1773 proto_item_set_text(tree,
1774 "%s Record Layer: %s Protocol: Change Cipher Spec",
1775 ssl_version_short_names[*conv_version],
1776 val_to_str(content_type, ssl_31_content_type, "unknown"));
1777 proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
1778 offset++, 1, FALSE);
1782 /* dissects the alert message, filling in the tree */
1784 dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
1785 proto_tree *tree, guint32 offset,
1786 guint* conv_version)
1790 * AlertDescription description;
1794 proto_tree *ssl_alert_tree = NULL;
1801 ti = proto_tree_add_item(tree, hf_ssl_alert_message, tvb,
1803 ssl_alert_tree = proto_item_add_subtree(ti, ett_ssl_alert);
1807 * set the record layer label
1810 /* first lookup the names for the alert level and description */
1811 byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
1812 level = match_strval(byte, ssl_31_alert_level);
1814 byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
1815 desc = match_strval(byte, ssl_31_alert_description);
1817 /* now set the text in the record layer line */
1820 if (check_col(pinfo->cinfo, COL_INFO))
1821 col_append_fstr(pinfo->cinfo, COL_INFO,
1822 "Alert (Level: %s, Description: %s)",
1827 if (check_col(pinfo->cinfo, COL_INFO))
1828 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
1835 proto_item_set_text(tree, "%s Record Layer: Alert "
1836 "(Level: %s, Description: %s)",
1837 ssl_version_short_names[*conv_version],
1839 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
1840 tvb, offset++, 1, FALSE);
1842 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_description,
1843 tvb, offset++, 1, FALSE);
1847 proto_item_set_text(tree,
1848 "%s Record Layer: Encrypted Alert",
1849 ssl_version_short_names[*conv_version]);
1850 proto_item_set_text(ssl_alert_tree,
1851 "Alert Message: Encrypted Alert");
1857 /* dissects the handshake protocol, filling the tree */
1859 dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
1860 proto_tree *tree, guint32 offset,
1861 guint32 record_length, guint *conv_version,
1862 SslDecryptSession* ssl, guint8 content_type)
1865 * HandshakeType msg_type;
1867 * select (HandshakeType) {
1868 * case hello_request: HelloRequest;
1869 * case client_hello: ClientHello;
1870 * case server_hello: ServerHello;
1871 * case certificate: Certificate;
1872 * case server_key_exchange: ServerKeyExchange;
1873 * case certificate_request: CertificateRequest;
1874 * case server_hello_done: ServerHelloDone;
1875 * case certificate_verify: CertificateVerify;
1876 * case client_key_exchange: ClientKeyExchange;
1877 * case finished: Finished;
1881 proto_tree *ti = NULL;
1882 proto_tree *ssl_hand_tree = NULL;
1883 const gchar *msg_type_str = NULL;
1886 gboolean first_iteration = TRUE;
1889 /* just as there can be multiple records per packet, there
1890 * can be multiple messages per record as long as they have
1891 * the same content type
1893 * we really only care about this for handshake messages
1896 /* set record_length to the max offset */
1897 record_length += offset;
1898 while (offset < record_length)
1900 msg_type = tvb_get_guint8(tvb, offset);
1901 msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
1902 length = tvb_get_ntoh24(tvb, offset + 1);
1904 ssl_debug_printf("dissect_ssl3_handshake iteration %d type %d offset %d lenght %d "
1905 "bytes, remaning %d \n", first_iteration, msg_type, offset, length, record_length);
1906 if (!msg_type_str && !first_iteration)
1908 /* only dissect / report messages if they're
1909 * either the first message in this record
1910 * or they're a valid message type
1915 /* on second and later iterations, add comma to info col */
1916 if (!first_iteration)
1918 if (check_col(pinfo->cinfo, COL_INFO))
1919 col_append_fstr(pinfo->cinfo, COL_INFO, ", ");
1923 * Update our info string
1925 if (check_col(pinfo->cinfo, COL_INFO))
1926 col_append_fstr(pinfo->cinfo, COL_INFO, "%s", (msg_type_str != NULL)
1927 ? msg_type_str : "Encrypted Handshake Message");
1931 /* set the label text on the record layer expanding node */
1932 if (first_iteration)
1934 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
1935 ssl_version_short_names[*conv_version],
1936 val_to_str(content_type, ssl_31_content_type, "unknown"),
1937 (msg_type_str!=NULL) ? msg_type_str :
1938 "Encrypted Handshake Message");
1942 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
1943 ssl_version_short_names[*conv_version],
1944 val_to_str(content_type, ssl_31_content_type, "unknown"),
1945 "Multiple Handshake Messages");
1948 /* add a subtree for the handshake protocol */
1949 ti = proto_tree_add_item(tree, hf_ssl_handshake_protocol, tvb,
1950 offset, length + 4, 0);
1951 ssl_hand_tree = proto_item_add_subtree(ti, ett_ssl_handshake);
1955 /* set the text label on the subtree node */
1956 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s",
1957 (msg_type_str != NULL) ? msg_type_str :
1958 "Encrypted Handshake Message");
1962 /* if we don't have a valid handshake type, just quit dissecting */
1966 /* PAOLO: if we are doing ssl decryption we must dissect some requests type */
1967 if (ssl_hand_tree || ssl)
1969 /* add nodes for the message type and message length */
1971 proto_tree_add_item(ssl_hand_tree, hf_ssl_handshake_type,
1972 tvb, offset, 1, msg_type);
1975 proto_tree_add_uint(ssl_hand_tree, hf_ssl_handshake_length,
1976 tvb, offset, 3, length);
1979 /* now dissect the handshake message, if necessary */
1981 case SSL_HND_HELLO_REQUEST:
1982 /* hello_request has no fields, so nothing to do! */
1985 case SSL_HND_CLIENT_HELLO:
1986 dissect_ssl3_hnd_cli_hello(tvb, ssl_hand_tree, offset, length, ssl);
1989 case SSL_HND_SERVER_HELLO:
1990 dissect_ssl3_hnd_srv_hello(tvb, ssl_hand_tree, offset, length, ssl);
1993 case SSL_HND_CERTIFICATE:
1994 dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset, pinfo);
1997 case SSL_HND_SERVER_KEY_EXCHG:
2001 case SSL_HND_CERT_REQUEST:
2002 dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset);
2005 case SSL_HND_SVR_HELLO_DONE:
2006 /* server_hello_done has no fields, so nothing to do! */
2009 case SSL_HND_CERT_VERIFY:
2013 case SSL_HND_CLIENT_KEY_EXCHG:
2015 /* PAOLO: here we can have all the data to build session key*/
2016 StringInfo encrypted_pre_master;
2018 unsigned encrlen = length, skip = 0;
2023 /* check for required session data */
2024 ssl_debug_printf("dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state %X\n",
2026 if ((ssl->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) !=
2027 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) {
2028 ssl_debug_printf("dissect_ssl3_handshake not enough data to generate key (required %X)\n",
2029 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION));
2033 /* get encrypted data, on tls1 we have to skip two bytes
2034 * (it's the encrypted len and should be equal to record len - 2)
2036 if (ssl->version == SSL_VER_TLS)
2038 encrlen = tvb_get_ntohs(tvb, offset);
2040 if (encrlen > length - 2)
2042 ssl_debug_printf("dissect_ssl3_handshake wrong encrypted length (%d max %d)\n",
2047 encrypted_pre_master.data = se_alloc(encrlen);
2048 encrypted_pre_master.data_len = encrlen;
2049 tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
2051 if (!ssl->private_key) {
2052 ssl_debug_printf("dissect_ssl3_handshake can't find private key\n");
2056 /* go with ssl key processessing; encrypted_pre_master
2057 * will be used for master secret store*/
2058 ret = ssl_decrypt_pre_master_secret(ssl, &encrypted_pre_master, ssl->private_key);
2060 ssl_debug_printf("dissect_ssl3_handshake can't decrypt pre master secret\n");
2063 if (ssl_generate_keyring_material(ssl)<0) {
2064 ssl_debug_printf("dissect_ssl3_handshake can't generate keyring material\n");
2067 ssl->state |= SSL_HAVE_SESSION_KEY;
2068 ssl_save_session(ssl);
2069 ssl_debug_printf("dissect_ssl3_handshake session keys succesfully generated\n");
2073 case SSL_HND_FINISHED:
2074 dissect_ssl3_hnd_finished(tvb, ssl_hand_tree,
2075 offset, conv_version);
2081 offset += 4; /* skip the handshake header when handshake is not processed*/
2084 first_iteration = FALSE; /* set up for next pass, if any */
2089 dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
2090 guint32 offset, SslDecryptSession* ssl, gint from_server)
2092 /* show the client's random challenge */
2093 nstime_t gmt_unix_time;
2094 guint8 session_id_length = 0;
2098 /* PAOLO: get proper peer information*/
2101 rnd = &ssl->server_random;
2103 rnd = &ssl->client_random;
2105 /* get provided random for keyring generation*/
2106 tvb_memcpy(tvb, rnd->data, offset, 32);
2109 ssl->state |= SSL_SERVER_RANDOM;
2111 ssl->state |= SSL_CLIENT_RANDOM;
2112 ssl_debug_printf("dissect_ssl3_hnd_hello_common found random state %X\n",
2115 session_id_length = tvb_get_guint8(tvb, offset + 32);
2116 /* check stored session id info */
2117 if (from_server && (session_id_length == ssl->session_id.data_len) &&
2118 (tvb_memeql(tvb, offset+33, ssl->session_id.data, session_id_length) == 0))
2120 /* clinet/server id match: try to restore a previous cached session*/
2121 ssl_restore_session(ssl);
2124 /* reset state on renegotiation*/
2126 ssl->state &= ~(SSL_HAVE_SESSION_KEY|SSL_MASTER_SECRET|
2127 SSL_CIPHER|SSL_SERVER_RANDOM);
2129 tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length);
2130 ssl->session_id.data_len = session_id_length;
2137 gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
2138 gmt_unix_time.nsecs = 0;
2139 proto_tree_add_time(tree, hf_ssl_handshake_random_time,
2140 tvb, offset, 4, &gmt_unix_time);
2143 /* show the random bytes */
2144 proto_tree_add_item(tree, hf_ssl_handshake_random_bytes,
2145 tvb, offset, 28, 0);
2148 /* show the session id */
2149 session_id_length = tvb_get_guint8(tvb, offset);
2150 proto_tree_add_item(tree, hf_ssl_handshake_session_id_len,
2151 tvb, offset++, 1, 0);
2152 if (session_id_length > 0)
2154 tvb_ensure_bytes_exist(tvb, offset, session_id_length);
2155 proto_tree_add_bytes_format(tree, hf_ssl_handshake_session_id,
2156 tvb, offset, session_id_length,
2157 tvb_get_ptr(tvb, offset, session_id_length),
2158 "Session ID (%u byte%s)",
2160 plurality(session_id_length, "", "s"));
2161 offset += session_id_length;
2167 return session_id_length+33;
2171 dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
2172 proto_tree *tree, guint32 offset, guint32 left)
2174 guint16 extension_length;
2178 proto_tree *ext_tree;
2183 extension_length = tvb_get_ntohs(tvb, offset);
2184 proto_tree_add_uint(tree, hf_ssl_handshake_extensions_len,
2185 tvb, offset, 2, extension_length);
2191 ext_type = tvb_get_ntohs(tvb, offset);
2192 ext_len = tvb_get_ntohs(tvb, offset + 2);
2194 pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len,
2196 val_to_str(ext_type,
2197 tls_hello_extension_types,
2199 ext_tree = proto_item_add_subtree(pi, ett_ssl_extension);
2203 proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_type,
2204 tvb, offset, 2, ext_type);
2207 proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_len,
2208 tvb, offset, 2, ext_len);
2211 proto_tree_add_bytes_format(ext_tree, hf_ssl_handshake_extension_data,
2212 tvb, offset, ext_len,
2213 tvb_get_ptr(tvb, offset, ext_len),
2215 ext_len, plurality(ext_len, "", "s"));
2217 left -= 2 + 2 + ext_len;
2224 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
2225 proto_tree *tree, guint32 offset, guint32 length,
2226 SslDecryptSession*ssl)
2229 * ProtocolVersion client_version;
2231 * SessionID session_id;
2232 * CipherSuite cipher_suites<2..2^16-1>;
2233 * CompressionMethod compression_methods<1..2^8-1>;
2234 * Extension client_hello_extension_list<0..2^16-1>;
2239 proto_tree *cs_tree;
2240 guint16 cipher_suite_length = 0;
2241 guint8 compression_methods_length = 0;
2242 guint8 compression_method;
2243 guint16 start_offset = offset;
2247 /* show the client version */
2249 proto_tree_add_item(tree, hf_ssl_handshake_client_version, tvb,
2253 /* show the fields in common with server hello */
2254 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 0);
2256 /* tell the user how many cipher suites there are */
2257 cipher_suite_length = tvb_get_ntohs(tvb, offset);
2260 proto_tree_add_uint(tree, hf_ssl_handshake_cipher_suites_len,
2261 tvb, offset, 2, cipher_suite_length);
2262 offset += 2; /* skip opaque length */
2264 if (cipher_suite_length > 0)
2266 tvb_ensure_bytes_exist(tvb, offset, cipher_suite_length);
2267 ti = proto_tree_add_none_format(tree,
2268 hf_ssl_handshake_cipher_suites,
2269 tvb, offset, cipher_suite_length,
2270 "Cipher Suites (%u suite%s)",
2271 cipher_suite_length / 2,
2272 plurality(cipher_suite_length/2, "", "s"));
2274 /* make this a subtree */
2275 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2278 cs_tree = tree; /* failsafe */
2281 while (cipher_suite_length > 0)
2283 proto_tree_add_item(cs_tree, hf_ssl_handshake_cipher_suite,
2284 tvb, offset, 2, FALSE);
2286 cipher_suite_length -= 2;
2290 /* tell the user how man compression methods there are */
2291 compression_methods_length = tvb_get_guint8(tvb, offset);
2292 proto_tree_add_uint(tree, hf_ssl_handshake_comp_methods_len,
2293 tvb, offset, 1, compression_methods_length);
2296 if (compression_methods_length > 0)
2298 tvb_ensure_bytes_exist(tvb, offset, compression_methods_length);
2299 ti = proto_tree_add_none_format(tree,
2300 hf_ssl_handshake_comp_methods,
2301 tvb, offset, compression_methods_length,
2302 "Compression Methods (%u method%s)",
2303 compression_methods_length,
2304 plurality(compression_methods_length,
2307 /* make this a subtree */
2308 cs_tree = proto_item_add_subtree(ti, ett_ssl_comp_methods);
2311 cs_tree = tree; /* failsafe */
2314 while (compression_methods_length > 0)
2316 compression_method = tvb_get_guint8(tvb, offset);
2317 if (compression_method < 64)
2318 proto_tree_add_uint(cs_tree, hf_ssl_handshake_comp_method,
2319 tvb, offset, 1, compression_method);
2320 else if (compression_method > 63 && compression_method < 193)
2321 proto_tree_add_text(cs_tree, tvb, offset, 1,
2322 "Compression Method: Reserved - to be assigned by IANA (%u)",
2323 compression_method);
2325 proto_tree_add_text(cs_tree, tvb, offset, 1,
2326 "Compression Method: Private use range (%u)",
2327 compression_method);
2329 compression_methods_length--;
2333 if (length > offset - start_offset)
2335 offset = dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
2337 (offset - start_offset));
2343 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
2344 proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl)
2347 * ProtocolVersion server_version;
2349 * SessionID session_id;
2350 * CipherSuite cipher_suite;
2351 * CompressionMethod compression_method;
2352 * Extension server_hello_extension_list<0..2^16-1>;
2355 guint16 start_offset = offset;
2359 /* show the server version */
2361 proto_tree_add_item(tree, hf_ssl_handshake_server_version, tvb,
2365 /* first display the elements conveniently in
2366 * common with client hello
2368 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 1);
2370 /* PAOLO: handle session cipher suite */
2372 /* store selected cipher suite for decryption */
2373 ssl->cipher = tvb_get_ntohs(tvb, offset);
2374 if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
2375 ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher);
2379 ssl->state |= SSL_CIPHER;
2380 ssl_debug_printf("dissect_ssl3_hnd_srv_hello found cipher %X, state %X\n",
2381 ssl->cipher, ssl->state);
2383 /* if we have restored a session now we can have enought material
2384 * to build session key, check it out*/
2386 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) !=
2387 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) {
2388 ssl_debug_printf("dissect_ssl3_hnd_srv_hello not enough data to generate key (required %X)\n",
2389 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET));
2393 ssl_debug_printf("dissect_ssl3_hnd_srv_hello trying to generate keys\n");
2394 if (ssl_generate_keyring_material(ssl)<0) {
2395 ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't generate keyring material\n");
2398 ssl->state |= SSL_HAVE_SESSION_KEY;
2404 /* now the server-selected cipher suite */
2405 proto_tree_add_item(tree, hf_ssl_handshake_cipher_suite,
2406 tvb, offset, 2, FALSE);
2409 /* and the server-selected compression method */
2410 proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
2411 tvb, offset, 1, FALSE);
2414 if (length > offset - start_offset)
2416 offset = dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
2418 (offset - start_offset));
2424 dissect_ssl3_hnd_cert(tvbuff_t *tvb,
2425 proto_tree *tree, guint32 offset, packet_info *pinfo)
2428 /* opaque ASN.1Cert<2^24-1>;
2431 * ASN.1Cert certificate_list<1..2^24-1>;
2434 guint32 certificate_list_length;
2436 proto_tree *subtree;
2440 certificate_list_length = tvb_get_ntoh24(tvb, offset);
2441 proto_tree_add_uint(tree, hf_ssl_handshake_certificates_len,
2442 tvb, offset, 3, certificate_list_length);
2443 offset += 3; /* 24-bit length value */
2445 if (certificate_list_length > 0)
2447 tvb_ensure_bytes_exist(tvb, offset, certificate_list_length);
2448 ti = proto_tree_add_none_format(tree,
2449 hf_ssl_handshake_certificates,
2450 tvb, offset, certificate_list_length,
2451 "Certificates (%u byte%s)",
2452 certificate_list_length,
2453 plurality(certificate_list_length,
2456 /* make it a subtree */
2457 subtree = proto_item_add_subtree(ti, ett_ssl_certs);
2460 subtree = tree; /* failsafe */
2463 /* iterate through each certificate */
2464 while (certificate_list_length > 0)
2466 /* get the length of the current certificate */
2467 guint32 cert_length = tvb_get_ntoh24(tvb, offset);
2468 certificate_list_length -= 3 + cert_length;
2470 proto_tree_add_item(subtree, hf_ssl_handshake_certificate_len,
2471 tvb, offset, 3, FALSE);
2474 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, subtree, hf_ssl_handshake_certificate);
2475 offset += cert_length;
2483 dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
2484 proto_tree *tree, guint32 offset)
2488 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
2490 * } ClientCertificateType;
2492 * opaque DistinguishedName<1..2^16-1>;
2495 * ClientCertificateType certificate_types<1..2^8-1>;
2496 * DistinguishedName certificate_authorities<3..2^16-1>;
2497 * } CertificateRequest;
2501 proto_tree *subtree;
2502 guint8 cert_types_count = 0;
2503 int dnames_length = 0;
2507 cert_types_count = tvb_get_guint8(tvb, offset);
2508 proto_tree_add_uint(tree, hf_ssl_handshake_cert_types_count,
2509 tvb, offset, 1, cert_types_count);
2512 if (cert_types_count > 0)
2514 ti = proto_tree_add_none_format(tree,
2515 hf_ssl_handshake_cert_types,
2516 tvb, offset, cert_types_count,
2517 "Certificate types (%u type%s)",
2519 plurality(cert_types_count, "", "s"));
2520 subtree = proto_item_add_subtree(ti, ett_ssl_cert_types);
2526 while (cert_types_count > 0)
2528 proto_tree_add_item(subtree, hf_ssl_handshake_cert_type,
2529 tvb, offset, 1, FALSE);
2535 dnames_length = tvb_get_ntohs(tvb, offset);
2536 proto_tree_add_uint(tree, hf_ssl_handshake_dnames_len,
2537 tvb, offset, 2, dnames_length);
2540 if (dnames_length > 0)
2542 tvb_ensure_bytes_exist(tvb, offset, dnames_length);
2543 ti = proto_tree_add_none_format(tree,
2544 hf_ssl_handshake_dnames,
2545 tvb, offset, dnames_length,
2546 "Distinguished Names (%d byte%s)",
2548 plurality(dnames_length, "", "s"));
2549 subtree = proto_item_add_subtree(ti, ett_ssl_dnames);
2555 while (dnames_length > 0)
2557 /* get the length of the current certificate */
2558 guint16 name_length = tvb_get_ntohs(tvb, offset);
2559 dnames_length -= 2 + name_length;
2561 proto_tree_add_item(subtree, hf_ssl_handshake_dname_len,
2562 tvb, offset, 2, FALSE);
2565 tvb_ensure_bytes_exist(tvb, offset, name_length);
2566 proto_tree_add_bytes_format(subtree,
2567 hf_ssl_handshake_dname,
2568 tvb, offset, name_length,
2569 tvb_get_ptr(tvb, offset, name_length),
2570 "Distinguished Name (%u byte%s)",
2572 plurality(name_length, "", "s"));
2573 offset += name_length;
2581 dissect_ssl3_hnd_finished(tvbuff_t *tvb,
2582 proto_tree *tree, guint32 offset,
2583 guint* conv_version)
2587 * opaque verify_data[12];
2592 * opaque md5_hash[16];
2593 * opaque sha_hash[20];
2597 /* this all needs a tree, so bail if we don't have one */
2603 switch(*conv_version) {
2605 proto_tree_add_item(tree, hf_ssl_handshake_finished,
2606 tvb, offset, 12, FALSE);
2610 proto_tree_add_item(tree, hf_ssl_handshake_md5_hash,
2611 tvb, offset, 16, FALSE);
2613 proto_tree_add_item(tree, hf_ssl_handshake_sha_hash,
2614 tvb, offset, 20, FALSE);
2620 /*********************************************************************
2622 * SSL version 2 Dissectors
2624 *********************************************************************/
2627 /* record layer dissector */
2629 dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
2630 guint32 offset, guint* conv_version,
2631 gboolean *need_desegmentation,
2632 SslDecryptSession* ssl)
2634 guint32 initial_offset = offset;
2636 guint8 record_length_length = 0;
2637 guint32 record_length = 0;
2638 gint is_escape = -1;
2639 gint16 padding_length = -1;
2640 guint8 msg_type = 0;
2641 const gchar *msg_type_str = NULL;
2642 guint32 available_bytes = 0;
2645 proto_tree *ssl_record_tree = NULL;
2647 /* pull first byte; if high bit is set, then record
2648 * length is three bytes due to padding; otherwise
2649 * record length is two bytes
2651 byte = tvb_get_guint8(tvb, offset);
2652 record_length_length = (byte & 0x80) ? 2 : 3;
2655 * Can we do reassembly?
2657 available_bytes = tvb_length_remaining(tvb, offset);
2659 if (ssl_desegment && pinfo->can_desegment) {
2661 * Yes - is the record header split across segment boundaries?
2663 if (available_bytes < record_length_length) {
2665 * Yes. Tell the TCP dissector where the data for this
2666 * message starts in the data it handed us, and how many
2667 * more bytes we need, and return.
2669 pinfo->desegment_offset = offset;
2670 pinfo->desegment_len = record_length_length - available_bytes;
2671 *need_desegmentation = TRUE;
2676 /* parse out the record length */
2677 switch(record_length_length) {
2678 case 2: /* two-byte record length */
2679 record_length = (byte & 0x7f) << 8;
2680 byte = tvb_get_guint8(tvb, offset + 1);
2681 record_length += byte;
2683 case 3: /* three-byte record length */
2684 is_escape = (byte & 0x40) ? TRUE : FALSE;
2685 record_length = (byte & 0x3f) << 8;
2686 byte = tvb_get_guint8(tvb, offset + 1);
2687 record_length += byte;
2688 byte = tvb_get_guint8(tvb, offset + 2);
2689 padding_length = byte;
2693 * Can we do reassembly?
2695 if (ssl_desegment && pinfo->can_desegment) {
2697 * Yes - is the record split across segment boundaries?
2699 if (available_bytes < (record_length_length + record_length)) {
2701 * Yes. Tell the TCP dissector where the data for this
2702 * message starts in the data it handed us, and how many
2703 * more bytes we need, and return.
2705 pinfo->desegment_offset = offset;
2706 pinfo->desegment_len = (record_length_length + record_length)
2708 *need_desegmentation = TRUE;
2712 offset += record_length_length;
2714 /* add the record layer subtree header */
2715 ti = proto_tree_add_item(tree, hf_ssl2_record, tvb, initial_offset,
2716 record_length_length + record_length, 0);
2717 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
2719 /* pull the msg_type so we can bail if it's unknown */
2720 msg_type = tvb_get_guint8(tvb, initial_offset + record_length_length);
2722 /* if we get a server_hello or later handshake in v2, then set
2725 if (*conv_version == SSL_VER_UNKNOWN)
2727 if (ssl_looks_like_valid_pct_handshake(tvb,
2729 record_length_length),
2731 *conv_version = SSL_VER_PCT;
2732 /*ssl_set_conv_version(pinfo, ssl->version);*/
2734 else if (msg_type >= 2 && msg_type <= 8)
2736 *conv_version = SSL_VER_SSLv2;
2737 /*ssl_set_conv_version(pinfo, ssl->version);*/
2741 /* if we get here, but don't have a version set for the
2742 * conversation, then set a version for just this frame
2743 * (e.g., on a client hello)
2745 if (check_col(pinfo->cinfo, COL_PROTOCOL))
2747 col_set_str(pinfo->cinfo, COL_PROTOCOL,
2748 (*conv_version == SSL_VER_PCT) ? "PCT" : "SSLv2");
2751 /* see if the msg_type is valid; if not the payload is
2752 * probably encrypted, so note that fact and bail
2754 msg_type_str = match_strval(msg_type,
2755 (*conv_version == SSL_VER_PCT)
2756 ? pct_msg_types : ssl_20_msg_types);
2758 || ((*conv_version != SSL_VER_PCT) &&
2759 !ssl_looks_like_valid_v2_handshake(tvb, initial_offset
2760 + record_length_length,
2762 || ((*conv_version == SSL_VER_PCT) &&
2763 !ssl_looks_like_valid_pct_handshake(tvb, initial_offset
2764 + record_length_length,
2767 if (ssl_record_tree)
2769 proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
2770 (*conv_version == SSL_VER_PCT)
2774 if (check_col(pinfo->cinfo, COL_INFO))
2775 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Data");
2776 return initial_offset + record_length_length + record_length;
2780 if (check_col(pinfo->cinfo, COL_INFO))
2781 col_append_str(pinfo->cinfo, COL_INFO, msg_type_str);
2783 if (ssl_record_tree)
2785 proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
2786 (*conv_version == SSL_VER_PCT)
2792 /* We have a valid message type, so move foward, filling in the
2793 * tree by adding the length, is_escape boolean and padding_length,
2794 * if present in the original packet
2796 if (ssl_record_tree)
2798 /* add the record length */
2799 tvb_ensure_bytes_exist(tvb, offset, record_length_length);
2800 ti = proto_tree_add_uint (ssl_record_tree,
2801 hf_ssl_record_length, tvb,
2802 initial_offset, record_length_length,
2805 if (ssl_record_tree && is_escape != -1)
2807 proto_tree_add_boolean(ssl_record_tree,
2808 hf_ssl2_record_is_escape, tvb,
2809 initial_offset, 1, is_escape);
2811 if (ssl_record_tree && padding_length != -1)
2813 proto_tree_add_uint(ssl_record_tree,
2814 hf_ssl2_record_padding_length, tvb,
2815 initial_offset + 2, 1, padding_length);
2819 * dissect the record data
2822 /* jump forward to the start of the record data */
2823 offset = initial_offset + record_length_length;
2825 /* add the message type */
2826 if (ssl_record_tree)
2828 proto_tree_add_item(ssl_record_tree,
2829 (*conv_version == SSL_VER_PCT)
2830 ? hf_pct_msg_type : hf_ssl2_msg_type,
2833 offset++; /* move past msg_type byte */
2835 if (*conv_version != SSL_VER_PCT)
2837 /* dissect the message (only handle client hello right now) */
2839 case SSL2_HND_CLIENT_HELLO:
2840 dissect_ssl2_hnd_client_hello(tvb, ssl_record_tree, offset, ssl);
2843 case SSL2_HND_CLIENT_MASTER_KEY:
2844 dissect_ssl2_hnd_client_master_key(tvb, ssl_record_tree, offset);
2847 case SSL2_HND_SERVER_HELLO:
2848 dissect_ssl2_hnd_server_hello(tvb, ssl_record_tree, offset, pinfo);
2851 case SSL2_HND_ERROR:
2852 case SSL2_HND_CLIENT_FINISHED:
2853 case SSL2_HND_SERVER_VERIFY:
2854 case SSL2_HND_SERVER_FINISHED:
2855 case SSL2_HND_REQUEST_CERTIFICATE:
2856 case SSL2_HND_CLIENT_CERTIFICATE:
2860 default: /* unknown */
2866 /* dissect the message */
2868 case PCT_MSG_CLIENT_HELLO:
2869 dissect_pct_msg_client_hello(tvb, ssl_record_tree, offset);
2871 case PCT_MSG_SERVER_HELLO:
2872 dissect_pct_msg_server_hello(tvb, ssl_record_tree, offset, pinfo);
2874 case PCT_MSG_CLIENT_MASTER_KEY:
2875 dissect_pct_msg_client_master_key(tvb, ssl_record_tree, offset);
2877 case PCT_MSG_SERVER_VERIFY:
2878 dissect_pct_msg_server_verify(tvb, ssl_record_tree, offset);
2881 dissect_pct_msg_error(tvb, ssl_record_tree, offset);
2884 default: /* unknown */
2888 return (initial_offset + record_length_length + record_length);
2892 dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
2893 proto_tree *tree, guint32 offset,
2894 SslDecryptSession* ssl)
2899 * uint16 cipher_spec_length;
2900 * uint16 session_id_length;
2901 * uint16 challenge_length;
2902 * V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length];
2903 * opaque session_id[V2ClientHello.session_id_length];
2907 * Note: when we get here, offset's already pointing at Version
2911 guint16 cipher_spec_length;
2912 guint16 session_id_length;
2913 guint16 challenge_length;
2916 proto_tree *cs_tree=0;
2918 version = tvb_get_ntohs(tvb, offset);
2919 if (!ssl_is_valid_ssl_version(version))
2921 /* invalid version; probably encrypted data */
2927 /* show the version */
2929 proto_tree_add_item(tree, hf_ssl_record_version, tvb,
2933 cipher_spec_length = tvb_get_ntohs(tvb, offset);
2935 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec_len,
2936 tvb, offset, 2, FALSE);
2939 session_id_length = tvb_get_ntohs(tvb, offset);
2941 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_len,
2942 tvb, offset, 2, FALSE);
2945 challenge_length = tvb_get_ntohs(tvb, offset);
2947 proto_tree_add_item(tree, hf_ssl2_handshake_challenge_len,
2948 tvb, offset, 2, FALSE);
2953 /* tell the user how many cipher specs they've won */
2954 tvb_ensure_bytes_exist(tvb, offset, cipher_spec_length);
2955 ti = proto_tree_add_none_format(tree, hf_ssl_handshake_cipher_suites,
2956 tvb, offset, cipher_spec_length,
2957 "Cipher Specs (%u specs)",
2958 cipher_spec_length/3);
2960 /* make this a subtree and expand the actual specs below */
2961 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2964 cs_tree = tree; /* failsafe */
2968 /* iterate through the cipher specs, showing them */
2969 while (cipher_spec_length > 0)
2972 proto_tree_add_item(cs_tree, hf_ssl2_handshake_cipher_spec,
2973 tvb, offset, 3, FALSE);
2974 offset += 3; /* length of one cipher spec */
2975 cipher_spec_length -= 3;
2978 /* if there's a session id, show it */
2979 if (session_id_length > 0)
2983 tvb_ensure_bytes_exist(tvb, offset, session_id_length);
2984 proto_tree_add_bytes_format(tree,
2985 hf_ssl_handshake_session_id,
2986 tvb, offset, session_id_length,
2987 tvb_get_ptr(tvb, offset, session_id_length),
2988 "Session ID (%u byte%s)",
2990 plurality(session_id_length, "", "s"));
2993 /* PAOLO: get session id and reset session state for key [re]negotiation */
2996 tvb_memcpy(tvb,ssl->session_id.data, offset, session_id_length);
2997 ssl->session_id.data_len = session_id_length;
2998 ssl->state &= ~(SSL_HAVE_SESSION_KEY|SSL_MASTER_SECRET|
2999 SSL_CIPHER|SSL_SERVER_RANDOM);
3001 offset += session_id_length;
3004 /* if there's a challenge, show it */
3005 if (challenge_length > 0)
3007 tvb_ensure_bytes_exist(tvb, offset, challenge_length);
3010 proto_tree_add_item(tree, hf_ssl2_handshake_challenge,
3011 tvb, offset, challenge_length, 0);
3014 /* PAOLO: get client random data; we get at most 32 bytes from
3016 int max = challenge_length > 32? 32: challenge_length;
3018 ssl_debug_printf("client random len: %d padded to 32\n",
3021 /* client random is padded with zero and 'right' aligned */
3022 memset(ssl->client_random.data, 0, 32 - max);
3023 tvb_memcpy(tvb, &ssl->client_random.data[32 - max], offset, max);
3024 ssl->client_random.data_len = 32;
3025 ssl->state |= SSL_CLIENT_RANDOM;
3028 offset += challenge_length;
3034 dissect_pct_msg_client_hello(tvbuff_t *tvb,
3035 proto_tree *tree, guint32 offset)
3037 guint16 CH_CLIENT_VERSION, CH_OFFSET, CH_CIPHER_SPECS_LENGTH, CH_HASH_SPECS_LENGTH, CH_CERT_SPECS_LENGTH, CH_EXCH_SPECS_LENGTH, CH_KEY_ARG_LENGTH;
3038 proto_item *CH_CIPHER_SPECS_ti, *CH_HASH_SPECS_ti, *CH_CERT_SPECS_ti, *CH_EXCH_SPECS_ti;
3039 proto_tree *CH_CIPHER_SPECS_tree, *CH_HASH_SPECS_tree, *CH_CERT_SPECS_tree, *CH_EXCH_SPECS_tree;
3042 CH_CLIENT_VERSION = tvb_get_ntohs(tvb, offset);
3043 if(CH_CLIENT_VERSION != PCT_VERSION_1)
3044 proto_tree_add_text(tree, tvb, offset, 2, "Client Version, should be %x in PCT version 1", PCT_VERSION_1);
3046 proto_tree_add_text(tree, tvb, offset, 2, "Client Version (%x)", PCT_VERSION_1);
3049 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
3052 proto_tree_add_text(tree, tvb, offset, 32, "Client Session ID Data (32 bytes)");
3055 proto_tree_add_text(tree, tvb, offset, 32, "Challange Data(32 bytes)");
3058 CH_OFFSET = tvb_get_ntohs(tvb, offset);
3059 if(CH_OFFSET != PCT_CH_OFFSET_V1)
3060 proto_tree_add_text(tree, tvb, offset, 2, "CH_OFFSET: %d, should be %d in PCT version 1", CH_OFFSET, PCT_CH_OFFSET_V1);
3062 proto_tree_add_text(tree, tvb, offset, 2, "CH_OFFSET: %d", CH_OFFSET);
3065 CH_CIPHER_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
3066 proto_tree_add_text(tree, tvb, offset, 2, "CIPHER_SPECS Length: %d", CH_CIPHER_SPECS_LENGTH);
3069 CH_HASH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
3070 proto_tree_add_text(tree, tvb, offset, 2, "HASH_SPECS Length: %d", CH_HASH_SPECS_LENGTH);
3073 CH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
3074 proto_tree_add_text(tree, tvb, offset, 2, "CERT_SPECS Length: %d", CH_CERT_SPECS_LENGTH);
3077 CH_EXCH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
3078 proto_tree_add_text(tree, tvb, offset, 2, "EXCH_SPECS Length: %d", CH_EXCH_SPECS_LENGTH);
3081 CH_KEY_ARG_LENGTH = tvb_get_ntohs(tvb, offset);
3082 proto_tree_add_text(tree, tvb, offset, 2, "IV Length: %d", CH_KEY_ARG_LENGTH);
3085 if(CH_CIPHER_SPECS_LENGTH) {
3086 tvb_ensure_bytes_exist(tvb, offset, CH_CIPHER_SPECS_LENGTH);
3087 CH_CIPHER_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cipher_spec, tvb, offset, CH_CIPHER_SPECS_LENGTH, FALSE);
3088 CH_CIPHER_SPECS_tree = proto_item_add_subtree(CH_CIPHER_SPECS_ti, ett_pct_cipher_suites);
3090 for(i=0; i<(CH_CIPHER_SPECS_LENGTH/4); i++) {
3091 proto_tree_add_item(CH_CIPHER_SPECS_tree, hf_pct_handshake_cipher, tvb, offset, 2, FALSE);
3093 proto_tree_add_text(CH_CIPHER_SPECS_tree, tvb, offset, 1, "Encryption key length: %d", tvb_get_guint8(tvb, offset));
3095 proto_tree_add_text(CH_CIPHER_SPECS_tree, tvb, offset, 1, "MAC key length in bits: %d", tvb_get_guint8(tvb, offset) + 64);
3100 if(CH_HASH_SPECS_LENGTH) {
3101 tvb_ensure_bytes_exist(tvb, offset, CH_HASH_SPECS_LENGTH);
3102 CH_HASH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_hash_spec, tvb, offset, CH_HASH_SPECS_LENGTH, FALSE);
3103 CH_HASH_SPECS_tree = proto_item_add_subtree(CH_HASH_SPECS_ti, ett_pct_hash_suites);
3105 for(i=0; i<(CH_HASH_SPECS_LENGTH/2); i++) {
3106 proto_tree_add_item(CH_HASH_SPECS_tree, hf_pct_handshake_hash, tvb, offset, 2, FALSE);
3111 if(CH_CERT_SPECS_LENGTH) {
3112 tvb_ensure_bytes_exist(tvb, offset, CH_CERT_SPECS_LENGTH);
3113 CH_CERT_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cert_spec, tvb, offset, CH_CERT_SPECS_LENGTH, FALSE);
3114 CH_CERT_SPECS_tree = proto_item_add_subtree(CH_CERT_SPECS_ti, ett_pct_cert_suites);
3116 for(i=0; i< (CH_CERT_SPECS_LENGTH/2); i++) {
3117 proto_tree_add_item(CH_CERT_SPECS_tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
3122 if(CH_EXCH_SPECS_LENGTH) {
3123 tvb_ensure_bytes_exist(tvb, offset, CH_EXCH_SPECS_LENGTH);
3124 CH_EXCH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_exch_spec, tvb, offset, CH_EXCH_SPECS_LENGTH, FALSE);
3125 CH_EXCH_SPECS_tree = proto_item_add_subtree(CH_EXCH_SPECS_ti, ett_pct_exch_suites);
3127 for(i=0; i<(CH_EXCH_SPECS_LENGTH/2); i++) {
3128 proto_tree_add_item(CH_EXCH_SPECS_tree, hf_pct_handshake_exch, tvb, offset, 2, FALSE);
3133 if(CH_KEY_ARG_LENGTH) {
3134 tvb_ensure_bytes_exist(tvb, offset, CH_KEY_ARG_LENGTH);
3135 proto_tree_add_text(tree, tvb, offset, CH_KEY_ARG_LENGTH, "IV data (%d bytes)", CH_KEY_ARG_LENGTH);
3136 offset += CH_KEY_ARG_LENGTH;
3141 dissect_pct_msg_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo)
3144 char SH_MSG_SERVER_HELLO
3146 char SH_SERVER_VERSION_MSB
3147 char SH_SERVER_VERSION_LSB
3148 char SH_RESTART_SESSION_OK
3149 char SH_CLIENT_AUTH_REQ
3150 char SH_CIPHER_SPECS_DATA[4]
3151 char SH_HASH_SPECS_DATA[2]
3152 char SH_CERT_SPECS_DATA[2]
3153 char SH_EXCH_SPECS_DATA[2]
3154 char SH_CONNECTION_ID_DATA[32]
3155 char SH_CERTIFICATE_LENGTH_MSB
3156 char SH_CERTIFICATE_LENGTH_LSB
3157 char SH_CLIENT_CERT_SPECS_LENGTH_MSB
3158 char SH_CLIENT_CERT_SPECS_LENGTH_LSB
3159 char SH_CLIENT_SIG_SPECS_LENGTH_MSB
3160 char SH_CLIENT_SIG_SPECS_LENGTH_LSB
3161 char SH_RESPONSE_LENGTH_MSB
3162 char SH_RESPONSE_LENGTH_LSB
3163 char SH_CERTIFICATE_DATA[MSB<<8|LSB]
3164 char SH_CLIENT_CERT_SPECS_DATA[MSB<<8|LSB]
3165 char SH_CLIENT_SIG_SPECS_DATA[MSB<<8|LSB]
3166 char SH_RESPONSE_DATA[MSB<<8|LSB]
3170 guint16 SH_SERVER_VERSION, SH_CERT_LENGTH, SH_CERT_SPECS_LENGTH, SH_CLIENT_SIG_LENGTH, SH_RESPONSE_LENGTH;
3172 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
3175 SH_SERVER_VERSION = tvb_get_ntohs(tvb, offset);
3176 if(SH_SERVER_VERSION != PCT_VERSION_1)
3177 proto_tree_add_text(tree, tvb, offset, 2, "Server Version, should be %x in PCT version 1", PCT_VERSION_1);
3179 proto_tree_add_text(tree, tvb, offset, 2, "Server Version (%x)", PCT_VERSION_1);
3182 proto_tree_add_text(tree, tvb, offset, 1, "SH_RESTART_SESSION_OK flag");
3185 proto_tree_add_text(tree, tvb, offset, 1, "SH_CLIENT_AUTH_REQ flag");
3188 proto_tree_add_item(tree, hf_pct_handshake_cipher, tvb, offset, 2, FALSE);
3190 proto_tree_add_text(tree, tvb, offset, 1, "Encryption key length: %d", tvb_get_guint8(tvb, offset));
3192 proto_tree_add_text(tree, tvb, offset, 1, "MAC key length in bits: %d", tvb_get_guint8(tvb, offset) + 64);
3195 proto_tree_add_item(tree, hf_pct_handshake_hash, tvb, offset, 2, FALSE);
3198 proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
3201 proto_tree_add_item(tree, hf_pct_handshake_exch, tvb, offset, 2, FALSE);
3204 proto_tree_add_text(tree, tvb, offset, 32, "Connection ID Data (32 bytes)");
3207 SH_CERT_LENGTH = tvb_get_ntohs(tvb, offset);
3208 proto_tree_add_text(tree, tvb, offset, 2, "Server Certificate Length: %d", SH_CERT_LENGTH);
3211 SH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
3212 proto_tree_add_text(tree, tvb, offset, 2, "Client CERT_SPECS Length: %d", SH_CERT_SPECS_LENGTH);
3215 SH_CLIENT_SIG_LENGTH = tvb_get_ntohs(tvb, offset);
3216 proto_tree_add_text(tree, tvb, offset, 2, "Client SIG_SPECS Length: %d", SH_CLIENT_SIG_LENGTH);
3219 SH_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
3220 proto_tree_add_text(tree, tvb, offset, 2, "Response Length: %d", SH_RESPONSE_LENGTH);
3223 if(SH_CERT_LENGTH) {
3224 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_pct_handshake_server_cert);
3225 offset += SH_CERT_LENGTH;
3228 if(SH_CERT_SPECS_LENGTH) {
3229 tvb_ensure_bytes_exist(tvb, offset, SH_CERT_SPECS_LENGTH);
3230 proto_tree_add_text(tree, tvb, offset, SH_CERT_SPECS_LENGTH, "Client CERT_SPECS (%d bytes)", SH_CERT_SPECS_LENGTH);
3231 offset += SH_CERT_SPECS_LENGTH;
3234 if(SH_CLIENT_SIG_LENGTH) {
3235 tvb_ensure_bytes_exist(tvb, offset, SH_CLIENT_SIG_LENGTH);
3236 proto_tree_add_text(tree, tvb, offset, SH_CLIENT_SIG_LENGTH, "Client Signature (%d bytes)", SH_CLIENT_SIG_LENGTH);
3237 offset += SH_CLIENT_SIG_LENGTH;
3240 if(SH_RESPONSE_LENGTH) {
3241 tvb_ensure_bytes_exist(tvb, offset, SH_RESPONSE_LENGTH);
3242 proto_tree_add_text(tree, tvb, offset, SH_RESPONSE_LENGTH, "Server Response (%d bytes)", SH_RESPONSE_LENGTH);
3243 offset += SH_RESPONSE_LENGTH;
3249 dissect_pct_msg_client_master_key(tvbuff_t *tvb, proto_tree *tree, guint32 offset)
3251 guint16 CMK_CLEAR_KEY_LENGTH, CMK_ENCRYPTED_KEY_LENGTH, CMK_KEY_ARG_LENGTH, CMK_VERIFY_PRELUDE, CMK_CLIENT_CERT_LENGTH, CMK_RESPONSE_LENGTH;
3253 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
3256 proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
3259 proto_tree_add_item(tree, hf_pct_handshake_sig, tvb, offset, 2, FALSE);
3262 CMK_CLEAR_KEY_LENGTH = tvb_get_ntohs(tvb, offset);
3263 proto_tree_add_text(tree, tvb, offset, 2, "Clear Key Length: %d",CMK_CLEAR_KEY_LENGTH);
3266 CMK_ENCRYPTED_KEY_LENGTH = tvb_get_ntohs(tvb, offset);
3267 proto_tree_add_text(tree, tvb, offset, 2, "Encrypted Key Length: %d",CMK_ENCRYPTED_KEY_LENGTH);
3270 CMK_KEY_ARG_LENGTH= tvb_get_ntohs(tvb, offset);
3271 proto_tree_add_text(tree, tvb, offset, 2, "IV Length: %d",CMK_KEY_ARG_LENGTH);
3274 CMK_VERIFY_PRELUDE = tvb_get_ntohs(tvb, offset);
3275 proto_tree_add_text(tree, tvb, offset, 2, "Verify Prelude Length: %d",CMK_VERIFY_PRELUDE);
3278 CMK_CLIENT_CERT_LENGTH = tvb_get_ntohs(tvb, offset);
3279 proto_tree_add_text(tree, tvb, offset, 2, "Client Cert Length: %d",CMK_CLIENT_CERT_LENGTH);
3282 CMK_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
3283 proto_tree_add_text(tree, tvb, offset, 2, "Response Length: %d",CMK_RESPONSE_LENGTH);
3286 if(CMK_CLEAR_KEY_LENGTH) {
3287 tvb_ensure_bytes_exist(tvb, offset, CMK_CLEAR_KEY_LENGTH);
3288 proto_tree_add_text(tree, tvb, offset, CMK_CLEAR_KEY_LENGTH, "Clear Key data (%d bytes)", CMK_CLEAR_KEY_LENGTH);
3289 offset += CMK_CLEAR_KEY_LENGTH;
3291 if(CMK_ENCRYPTED_KEY_LENGTH) {
3292 tvb_ensure_bytes_exist(tvb, offset, CMK_ENCRYPTED_KEY_LENGTH);
3293 proto_tree_add_text(tree, tvb, offset, CMK_ENCRYPTED_KEY_LENGTH, "Encrypted Key data (%d bytes)", CMK_ENCRYPTED_KEY_LENGTH);
3294 offset += CMK_ENCRYPTED_KEY_LENGTH;
3296 if(CMK_KEY_ARG_LENGTH) {
3297 tvb_ensure_bytes_exist(tvb, offset, CMK_KEY_ARG_LENGTH);
3298 proto_tree_add_text(tree, tvb, offset, CMK_KEY_ARG_LENGTH, "IV data (%d bytes)", CMK_KEY_ARG_LENGTH);
3299 offset += CMK_KEY_ARG_LENGTH;
3301 if(CMK_VERIFY_PRELUDE) {
3302 tvb_ensure_bytes_exist(tvb, offset, CMK_VERIFY_PRELUDE);
3303 proto_tree_add_text(tree, tvb, offset, CMK_VERIFY_PRELUDE, "Verify Prelude data (%d bytes)", CMK_VERIFY_PRELUDE);
3304 offset += CMK_VERIFY_PRELUDE;
3306 if(CMK_CLIENT_CERT_LENGTH) {
3307 tvb_ensure_bytes_exist(tvb, offset, CMK_CLIENT_CERT_LENGTH);
3308 proto_tree_add_text(tree, tvb, offset, CMK_CLIENT_CERT_LENGTH, "Client Certificate data (%d bytes)", CMK_CLIENT_CERT_LENGTH);
3309 offset += CMK_CLIENT_CERT_LENGTH;
3311 if(CMK_RESPONSE_LENGTH) {
3312 tvb_ensure_bytes_exist(tvb, offset, CMK_RESPONSE_LENGTH);
3313 proto_tree_add_text(tree, tvb, offset, CMK_RESPONSE_LENGTH, "Response data (%d bytes)", CMK_RESPONSE_LENGTH);
3314 offset += CMK_RESPONSE_LENGTH;
3319 dissect_pct_msg_server_verify(tvbuff_t *tvb,
3320 proto_tree *tree, guint32 offset)
3322 guint16 SV_RESPONSE_LENGTH;
3324 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
3327 proto_tree_add_text(tree, tvb, offset, 32, "Server Session ID data (32 bytes)");
3330 SV_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
3331 proto_tree_add_text(tree, tvb, offset, 2, "Server Response Length: %d", SV_RESPONSE_LENGTH);
3334 if(SV_RESPONSE_LENGTH) {
3335 tvb_ensure_bytes_exist(tvb, offset, SV_RESPONSE_LENGTH);
3336 proto_tree_add_text(tree, tvb, offset, SV_RESPONSE_LENGTH, "Server Response (%d bytes)", SV_RESPONSE_LENGTH);
3337 offset += SV_RESPONSE_LENGTH;
3342 dissect_pct_msg_error(tvbuff_t *tvb,
3343 proto_tree *tree, guint32 offset)
3345 guint16 ERROR_CODE, INFO_LEN;
3347 ERROR_CODE = tvb_get_ntohs(tvb, offset);
3348 proto_tree_add_item(tree, hf_pct_msg_error_type, tvb, offset, 2, FALSE);
3351 INFO_LEN = tvb_get_ntohs(tvb, offset);
3352 proto_tree_add_text(tree, tvb, offset, 2, "Eror Information Length: %d", INFO_LEN);
3354 if (ERROR_CODE == PCT_ERR_SPECS_MISMATCH && INFO_LEN == 6)
3356 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CIPHER");
3358 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_HASH");
3360 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CERT");
3362 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_EXCH");
3364 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CLIENT_CERT");
3366 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CLIENT_SIG");
3370 proto_tree_add_text(tree, tvb, offset, INFO_LEN, "Error Information dta (%d bytes)", INFO_LEN);
3376 dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
3377 proto_tree *tree, guint32 offset)
3381 * V2Cipherspec cipher;
3382 * uint16 clear_key_length;
3383 * uint16 encrypted_key_length;
3384 * uint16 key_arg_length;
3385 * opaque clear_key_data[V2ClientMasterKey.clear_key_length];
3386 * opaque encrypted_key_data[V2ClientMasterKey.encrypted_key_length];
3387 * opaque key_arg_data[V2ClientMasterKey.key_arg_length];
3388 * } V2ClientMasterKey;
3390 * Note: when we get here, offset's already pointing at cipher
3392 guint16 clear_key_length;
3393 guint16 encrypted_key_length;
3394 guint16 key_arg_length;
3396 /* at this point, everything we do involves the tree,
3397 * so quit now if we don't have one ;-)
3404 /* show the selected cipher */
3405 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec,
3406 tvb, offset, 3, FALSE);
3409 /* get the fixed fields */
3410 clear_key_length = tvb_get_ntohs(tvb, offset);
3411 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key_len,
3412 tvb, offset, 2, FALSE);
3415 encrypted_key_length = tvb_get_ntohs(tvb, offset);
3416 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key_len,
3417 tvb, offset, 2, FALSE);
3420 key_arg_length = tvb_get_ntohs(tvb, offset);
3421 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg_len,
3422 tvb, offset, 2, FALSE);
3425 /* show the variable length fields */
3426 if (clear_key_length > 0)
3428 tvb_ensure_bytes_exist(tvb, offset, clear_key_length);
3429 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key,
3430 tvb, offset, clear_key_length, FALSE);
3431 offset += clear_key_length;
3434 if (encrypted_key_length > 0)
3436 tvb_ensure_bytes_exist(tvb, offset, encrypted_key_length);
3437 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key,
3438 tvb, offset, encrypted_key_length, FALSE);
3439 offset += encrypted_key_length;
3442 if (key_arg_length > 0)
3444 tvb_ensure_bytes_exist(tvb, offset, key_arg_length);
3445 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg,
3446 tvb, offset, key_arg_length, FALSE);
3447 offset += key_arg_length;
3453 dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
3454 proto_tree *tree, guint32 offset, packet_info *pinfo)
3458 * uint8 session_id_hit;
3459 * uint8 certificate_type;
3460 * uint16 server_version;
3461 * uint16 certificate_length;
3462 * uint16 cipher_specs_length;
3463 * uint16 connection_id_length;
3464 * opaque certificate_data[V2ServerHello.certificate_length];
3465 * opaque cipher_specs_data[V2ServerHello.cipher_specs_length];
3466 * opaque connection_id_data[V2ServerHello.connection_id_length];
3469 * Note: when we get here, offset's already pointing at session_id_hit
3471 guint16 certificate_length;
3472 guint16 cipher_spec_length;
3473 guint16 connection_id_length;
3476 proto_tree *subtree;
3478 /* everything we do only makes sense with a tree, so
3479 * quit now if we don't have one
3486 version = tvb_get_ntohs(tvb, offset + 2);
3487 if (!ssl_is_valid_ssl_version(version))
3489 /* invalid version; probably encrypted data */
3494 /* is there a hit? */
3495 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_hit,
3496 tvb, offset, 1, FALSE);
3499 /* what type of certificate is this? */
3500 proto_tree_add_item(tree, hf_ssl2_handshake_cert_type,
3501 tvb, offset, 1, FALSE);
3504 /* now the server version */
3505 proto_tree_add_item(tree, hf_ssl_handshake_server_version,
3506 tvb, offset, 2, FALSE);
3509 /* get the fixed fields */
3510 certificate_length = tvb_get_ntohs(tvb, offset);
3511 proto_tree_add_uint(tree, hf_ssl_handshake_certificate_len,
3512 tvb, offset, 2, certificate_length);
3515 cipher_spec_length = tvb_get_ntohs(tvb, offset);
3516 proto_tree_add_uint(tree, hf_ssl2_handshake_cipher_spec_len,
3517 tvb, offset, 2, cipher_spec_length);
3520 connection_id_length = tvb_get_ntohs(tvb, offset);
3521 proto_tree_add_uint(tree, hf_ssl2_handshake_connection_id_len,
3522 tvb, offset, 2, connection_id_length);
3525 /* now the variable length fields */
3526 if (certificate_length > 0)
3528 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_ssl_handshake_certificate);
3529 offset += certificate_length;
3532 if (cipher_spec_length > 0)
3534 /* provide a collapsing node for the cipher specs */
3535 tvb_ensure_bytes_exist(tvb, offset, cipher_spec_length);
3536 ti = proto_tree_add_none_format(tree,
3537 hf_ssl_handshake_cipher_suites,
3538 tvb, offset, cipher_spec_length,
3539 "Cipher Specs (%u spec%s)",
3540 cipher_spec_length/3,
3541 plurality(cipher_spec_length/3, "", "s"));
3542 subtree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
3548 /* iterate through the cipher specs */
3549 while (cipher_spec_length > 0)
3551 proto_tree_add_item(subtree, hf_ssl2_handshake_cipher_spec,
3552 tvb, offset, 3, FALSE);
3554 cipher_spec_length -= 3;
3558 if (connection_id_length > 0)
3560 tvb_ensure_bytes_exist(tvb, offset, connection_id_length);
3561 proto_tree_add_item(tree, hf_ssl2_handshake_connection_id,
3562 tvb, offset, connection_id_length, FALSE);
3563 offset += connection_id_length;
3571 /*********************************************************************
3575 *********************************************************************/
3578 ssl_set_conv_version(packet_info *pinfo, guint version)
3580 conversation_t *conversation;
3582 if (pinfo->fd->flags.visited)
3584 /* We've already processed this frame; no need to do any more
3590 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
3591 pinfo->srcport, pinfo->destport, 0);
3593 if (conversation == NULL)
3595 /* create a new conversation */
3596 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
3597 pinfo->srcport, pinfo->destport, 0);
3600 if (conversation_get_proto_data(conversation, proto_ssl) != NULL)
3602 /* get rid of the current data */
3603 conversation_delete_proto_data(conversation, proto_ssl);
3605 conversation_add_proto_data(conversation, proto_ssl, GINT_TO_POINTER(version));
3610 ssl_is_valid_handshake_type(guint8 type)
3614 case SSL_HND_HELLO_REQUEST:
3615 case SSL_HND_CLIENT_HELLO:
3616 case SSL_HND_SERVER_HELLO:
3617 case SSL_HND_CERTIFICATE:
3618 case SSL_HND_SERVER_KEY_EXCHG:
3619 case SSL_HND_CERT_REQUEST:
3620 case SSL_HND_SVR_HELLO_DONE:
3621 case SSL_HND_CERT_VERIFY:
3622 case SSL_HND_CLIENT_KEY_EXCHG:
3623 case SSL_HND_FINISHED:
3630 ssl_is_valid_content_type(guint8 type)
3632 if (type >= 0x14 && type <= 0x17)
3641 ssl_is_valid_ssl_version(guint16 version)
3643 const gchar *version_str = match_strval(version, ssl_versions);
3644 return version_str != NULL;
3648 ssl_is_authoritative_version_message(guint8 content_type,
3651 if (content_type == SSL_ID_HANDSHAKE
3652 && ssl_is_valid_handshake_type(next_byte))
3654 return (next_byte != SSL_HND_CLIENT_HELLO);
3656 else if (ssl_is_valid_content_type(content_type)
3657 && content_type != SSL_ID_HANDSHAKE)
3665 ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset)
3669 byte = tvb_get_guint8(tvb, offset);
3670 if (byte != 0x80) /* v2 client hello should start this way */
3675 byte = tvb_get_guint8(tvb, offset+2);
3676 if (byte != 0x01) /* v2 client hello msg type */
3681 /* 1 in 2^16 of being right; improve later if necessary */
3685 /* this applies a heuristic to determine whether
3686 * or not the data beginning at offset looks like a
3687 * valid sslv2 record. this isn't really possible,
3688 * but we'll try to do a reasonable job anyway.
3691 ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset)
3693 /* here's the current approach:
3695 * we only try to catch unencrypted handshake messages, so we can
3696 * assume that there is not padding. This means that the
3697 * first byte must be >= 0x80 and there must be a valid sslv2
3698 * msg_type in the third byte
3701 /* get the first byte; must have high bit set */
3702 guint8 byte = tvb_get_guint8(tvb, offset);
3708 /* get the supposed msg_type byte; since we only care about
3709 * unencrypted handshake messages (we can't tell the type for
3710 * encrypted messages), we just check against that list
3712 byte = tvb_get_guint8(tvb, offset + 2);
3714 case SSL2_HND_ERROR:
3715 case SSL2_HND_CLIENT_HELLO:
3716 case SSL2_HND_CLIENT_MASTER_KEY:
3717 case SSL2_HND_SERVER_HELLO:
3718 case PCT_MSG_CLIENT_MASTER_KEY:
3725 /* this applies a heuristic to determine whether
3726 * or not the data beginning at offset looks like a
3727 * valid sslv3 record. this is somewhat more reliable
3728 * than sslv2 due to the structure of the v3 protocol
3731 ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset)
3733 /* have to have a valid content type followed by a valid
3739 /* see if the first byte is a valid content type */
3740 byte = tvb_get_guint8(tvb, offset);
3741 if (!ssl_is_valid_content_type(byte))
3746 /* now check to see if the version byte appears valid */
3747 version = tvb_get_ntohs(tvb, offset + 1);
3748 if (version != 0x0300 && version != 0x0301)
3756 /* applies a heuristic to determine whether
3757 * or not the data beginning at offset looks
3758 * like a valid, unencrypted v2 handshake message.
3759 * since it isn't possible to completely tell random
3760 * data apart from a valid message without state,
3761 * we try to help the odds.
3764 ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, guint32 offset,
3765 guint32 record_length)
3767 /* first byte should be a msg_type.
3769 * - we know we only see client_hello, client_master_key,
3770 * and server_hello in the clear, so check to see if
3771 * msg_type is one of those (this gives us a 3 in 2^8
3772 * chance of saying yes with random payload)
3774 * - for those three types that we know about, do some
3775 * further validation to reduce the chance of an error
3781 /* fetch the msg_type */
3782 msg_type = tvb_get_guint8(tvb, offset);
3785 case SSL2_HND_CLIENT_HELLO:
3786 /* version follows msg byte, so verify that this is valid */
3787 version = tvb_get_ntohs(tvb, offset+1);
3788 return ssl_is_valid_ssl_version(version);
3791 case SSL2_HND_SERVER_HELLO:
3792 /* version is three bytes after msg_type */
3793 version = tvb_get_ntohs(tvb, offset+3);
3794 return ssl_is_valid_ssl_version(version);
3797 case SSL2_HND_CLIENT_MASTER_KEY:
3798 /* sum of clear_key_length, encrypted_key_length, and key_arg_length
3799 * must be less than record length
3801 sum = tvb_get_ntohs(tvb, offset + 4); /* clear_key_length */
3802 sum += tvb_get_ntohs(tvb, offset + 6); /* encrypted_key_length */
3803 sum += tvb_get_ntohs(tvb, offset + 8); /* key_arg_length */
3804 if (sum > record_length)
3817 /* applies a heuristic to determine whether
3818 * or not the data beginning at offset looks
3819 * like a valid, unencrypted v2 handshake message.
3820 * since it isn't possible to completely tell random
3821 * data apart from a valid message without state,
3822 * we try to help the odds.
3825 ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, guint32 offset,
3826 guint32 record_length)
3828 /* first byte should be a msg_type.
3830 * - we know we only see client_hello, client_master_key,
3831 * and server_hello in the clear, so check to see if
3832 * msg_type is one of those (this gives us a 3 in 2^8
3833 * chance of saying yes with random payload)
3835 * - for those three types that we know about, do some
3836 * further validation to reduce the chance of an error
3842 /* fetch the msg_type */
3843 msg_type = tvb_get_guint8(tvb, offset);
3846 case PCT_MSG_CLIENT_HELLO:
3847 /* version follows msg byte, so verify that this is valid */
3848 version = tvb_get_ntohs(tvb, offset+1);
3849 return version == PCT_VERSION_1;
3852 case PCT_MSG_SERVER_HELLO:
3853 /* version is one byte after msg_type */
3854 version = tvb_get_ntohs(tvb, offset+2);
3855 return version == PCT_VERSION_1;
3858 case PCT_MSG_CLIENT_MASTER_KEY:
3859 /* sum of various length fields must be less than record length */
3860 sum = tvb_get_ntohs(tvb, offset + 6); /* clear_key_length */
3861 sum += tvb_get_ntohs(tvb, offset + 8); /* encrypted_key_length */
3862 sum += tvb_get_ntohs(tvb, offset + 10); /* key_arg_length */
3863 sum += tvb_get_ntohs(tvb, offset + 12); /* verify_prelude_length */
3864 sum += tvb_get_ntohs(tvb, offset + 14); /* client_cert_length */
3865 sum += tvb_get_ntohs(tvb, offset + 16); /* response_length */
3866 if (sum > record_length)
3873 case PCT_MSG_SERVER_VERIFY:
3874 /* record is 36 bytes longer than response_length */
3875 sum = tvb_get_ntohs(tvb, offset + 34); /* response_length */
3876 if ((sum + 36) == record_length)
3889 /*********************************************************************
3891 * Standard Ethereal Protocol Registration and housekeeping
3893 *********************************************************************/
3895 proto_register_ssl(void)
3898 /* Setup list of header fields See Section 1.6.1 for details*/
3899 static hf_register_info hf[] = {
3901 { "Record Layer", "ssl.record",
3902 FT_NONE, BASE_NONE, NULL, 0x0,
3903 "Record layer", HFILL }
3905 { &hf_ssl_record_content_type,
3906 { "Content Type", "ssl.record.content_type",
3907 FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
3908 "Content type", HFILL}
3910 { &hf_ssl2_msg_type,
3911 { "Handshake Message Type", "ssl.handshake.type",
3912 FT_UINT8, BASE_DEC, VALS(ssl_20_msg_types), 0x0,
3913 "SSLv2 handshake message type", HFILL}
3916 { "Handshake Message Type", "ssl.pct_handshake.type",
3917 FT_UINT8, BASE_DEC, VALS(pct_msg_types), 0x0,
3918 "PCT handshake message type", HFILL}
3920 { &hf_ssl_record_version,
3921 { "Version", "ssl.record.version",
3922 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3923 "Record layer version.", HFILL }
3925 { &hf_ssl_record_length,
3926 { "Length", "ssl.record.length",
3927 FT_UINT16, BASE_DEC, NULL, 0x0,
3928 "Length of SSL record data", HFILL }
3930 { &hf_ssl_record_appdata,
3931 { "Application Data", "ssl.app_data",
3932 FT_NONE, BASE_NONE, NULL, 0x0,
3933 "Payload is application data", HFILL }
3935 { &hf_ssl_record_appdata_decrypted,
3936 { "Application Data decrypted", "ssl.app_data_decrypted",
3937 FT_STRING, BASE_NONE, NULL, 0x0,
3938 "Payload is decrypted application data", HFILL }
3942 { "SSLv2/PCT Record Header", "ssl.record",
3943 FT_NONE, BASE_DEC, NULL, 0x0,
3944 "SSLv2/PCT record data", HFILL }
3946 { &hf_ssl2_record_is_escape,
3947 { "Is Escape", "ssl.record.is_escape",
3948 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3949 "Indicates a security escape", HFILL}
3951 { &hf_ssl2_record_padding_length,
3952 { "Padding Length", "ssl.record.padding_length",
3953 FT_UINT8, BASE_DEC, NULL, 0x0,
3954 "Length of padding at end of record", HFILL }
3956 { &hf_ssl_change_cipher_spec,
3957 { "Change Cipher Spec Message", "ssl.change_cipher_spec",
3958 FT_NONE, BASE_NONE, NULL, 0x0,
3959 "Signals a change in cipher specifications", HFILL }
3961 { & hf_ssl_alert_message,
3962 { "Alert Message", "ssl.alert_message",
3963 FT_NONE, BASE_NONE, NULL, 0x0,
3964 "Alert message", HFILL }
3966 { & hf_ssl_alert_message_level,
3967 { "Level", "ssl.alert_message.level",
3968 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
3969 "Alert message level", HFILL }
3971 { &hf_ssl_alert_message_description,
3972 { "Description", "ssl.alert_message.desc",
3973 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
3974 "Alert message description", HFILL }
3976 { &hf_ssl_handshake_protocol,
3977 { "Handshake Protocol", "ssl.handshake",
3978 FT_NONE, BASE_NONE, NULL, 0x0,
3979 "Handshake protocol message", HFILL}
3981 { &hf_ssl_handshake_type,
3982 { "Handshake Type", "ssl.handshake.type",
3983 FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
3984 "Type of handshake message", HFILL}
3986 { &hf_ssl_handshake_length,
3987 { "Length", "ssl.handshake.length",
3988 FT_UINT24, BASE_DEC, NULL, 0x0,
3989 "Length of handshake message", HFILL }
3991 { &hf_ssl_handshake_client_version,
3992 { "Version", "ssl.handshake.version",
3993 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3994 "Maximum version supported by client", HFILL }
3996 { &hf_ssl_handshake_server_version,
3997 { "Version", "ssl.handshake.version",
3998 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3999 "Version selected by server", HFILL }
4001 { &hf_ssl_handshake_random_time,
4002 { "Random.gmt_unix_time", "ssl.handshake.random_time",
4003 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
4004 "Unix time field of random structure", HFILL }
4006 { &hf_ssl_handshake_random_bytes,
4007 { "Random.bytes", "ssl.handshake.random",
4008 FT_NONE, BASE_NONE, NULL, 0x0,
4009 "Random challenge used to authenticate server", HFILL }
4011 { &hf_ssl_handshake_cipher_suites_len,
4012 { "Cipher Suites Length", "ssl.handshake.cipher_suites_length",
4013 FT_UINT16, BASE_DEC, NULL, 0x0,
4014 "Length of cipher suites field", HFILL }
4016 { &hf_ssl_handshake_cipher_suites,
4017 { "Cipher Suites", "ssl.handshake.ciphersuites",
4018 FT_NONE, BASE_NONE, NULL, 0x0,
4019 "List of cipher suites supported by client", HFILL }
4021 { &hf_ssl_handshake_cipher_suite,
4022 { "Cipher Suite", "ssl.handshake.ciphersuite",
4023 FT_UINT16, BASE_HEX, VALS(ssl_31_ciphersuite), 0x0,
4024 "Cipher suite", HFILL }
4026 { &hf_ssl2_handshake_cipher_spec,
4027 { "Cipher Spec", "ssl.handshake.cipherspec",
4028 FT_UINT24, BASE_HEX, VALS(ssl_20_cipher_suites), 0x0,
4029 "Cipher specification", HFILL }
4031 { &hf_ssl_handshake_session_id,
4032 { "Session ID", "ssl.handshake.session_id",
4033 FT_BYTES, BASE_NONE, NULL, 0x0,
4034 "Identifies the SSL session, allowing later resumption", HFILL }
4036 { &hf_ssl_handshake_comp_methods_len,
4037 { "Compression Methods Length", "ssl.handshake.comp_methods_length",
4038 FT_UINT8, BASE_DEC, NULL, 0x0,
4039 "Length of compression methods field", HFILL }
4041 { &hf_ssl_handshake_comp_methods,
4042 { "Compression Methods", "ssl.handshake.comp_methods",
4043 FT_NONE, BASE_NONE, NULL, 0x0,
4044 "List of compression methods supported by client", HFILL }
4046 { &hf_ssl_handshake_comp_method,
4047 { "Compression Method", "ssl.handshake.comp_method",
4048 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
4049 "Compression Method", HFILL }
4051 { &hf_ssl_handshake_extensions_len,
4052 { "Extensions Length", "ssl.handshake.extensions_length",
4053 FT_UINT16, BASE_DEC, NULL, 0x0,
4054 "Length of hello extensions", HFILL }
4056 { &hf_ssl_handshake_extension_type,
4057 { "Type", "ssl.handshake.extension.type",
4058 FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0,
4059 "Hello extension type", HFILL }
4061 { &hf_ssl_handshake_extension_len,
4062 { "Length", "ssl.handshake.extension.len",
4063 FT_UINT16, BASE_DEC, NULL, 0x0,
4064 "Length of a hello extension", HFILL }
4066 { &hf_ssl_handshake_extension_data,
4067 { "Data", "ssl.handshake.extension.data",
4068 FT_BYTES, BASE_NONE, NULL, 0x0,
4069 "Hello Extension data", HFILL }
4071 { &hf_ssl_handshake_certificates_len,
4072 { "Certificates Length", "ssl.handshake.certificates_length",
4073 FT_UINT24, BASE_DEC, NULL, 0x0,
4074 "Length of certificates field", HFILL }
4076 { &hf_ssl_handshake_certificates,
4077 { "Certificates", "ssl.handshake.certificates",
4078 FT_NONE, BASE_NONE, NULL, 0x0,
4079 "List of certificates", HFILL }
4081 { &hf_ssl_handshake_certificate,
4082 { "Certificate", "ssl.handshake.certificate",
4083 FT_BYTES, BASE_NONE, NULL, 0x0,
4084 "Certificate", HFILL }
4086 { &hf_ssl_handshake_certificate_len,
4087 { "Certificate Length", "ssl.handshake.certificate_length",
4088 FT_UINT24, BASE_DEC, NULL, 0x0,
4089 "Length of certificate", HFILL }
4091 { &hf_ssl_handshake_cert_types_count,
4092 { "Certificate types count", "ssl.handshake.cert_types_count",
4093 FT_UINT8, BASE_DEC, NULL, 0x0,
4094 "Count of certificate types", HFILL }
4096 { &hf_ssl_handshake_cert_types,
4097 { "Certificate types", "ssl.handshake.cert_types",
4098 FT_NONE, BASE_NONE, NULL, 0x0,
4099 "List of certificate types", HFILL }
4101 { &hf_ssl_handshake_cert_type,
4102 { "Certificate type", "ssl.handshake.cert_type",
4103 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
4104 "Certificate type", HFILL }
4106 { &hf_ssl_handshake_finished,
4107 { "Verify Data", "ssl.handshake.verify_data",
4108 FT_NONE, BASE_NONE, NULL, 0x0,
4109 "Opaque verification data", HFILL }
4111 { &hf_ssl_handshake_md5_hash,
4112 { "MD5 Hash", "ssl.handshake.md5_hash",
4113 FT_NONE, BASE_NONE, NULL, 0x0,
4114 "Hash of messages, master_secret, etc.", HFILL }
4116 { &hf_ssl_handshake_sha_hash,
4117 { "SHA-1 Hash", "ssl.handshake.sha_hash",
4118 FT_NONE, BASE_NONE, NULL, 0x0,
4119 "Hash of messages, master_secret, etc.", HFILL }
4121 { &hf_ssl_handshake_session_id_len,
4122 { "Session ID Length", "ssl.handshake.session_id_length",
4123 FT_UINT8, BASE_DEC, NULL, 0x0,
4124 "Length of session ID field", HFILL }
4126 { &hf_ssl_handshake_dnames_len,
4127 { "Distinguished Names Length", "ssl.handshake.dnames_len",
4128 FT_UINT16, BASE_DEC, NULL, 0x0,
4129 "Length of list of CAs that server trusts", HFILL }
4131 { &hf_ssl_handshake_dnames,
4132 { "Distinguished Names", "ssl.handshake.dnames",
4133 FT_NONE, BASE_NONE, NULL, 0x0,
4134 "List of CAs that server trusts", HFILL }
4136 { &hf_ssl_handshake_dname_len,
4137 { "Distinguished Name Length", "ssl.handshake.dname_len",
4138 FT_UINT16, BASE_DEC, NULL, 0x0,
4139 "Length of distinguished name", HFILL }
4141 { &hf_ssl_handshake_dname,
4142 { "Distinguished Name", "ssl.handshake.dname",
4143 FT_BYTES, BASE_NONE, NULL, 0x0,
4144 "Distinguished name of a CA that server trusts", HFILL }
4146 { &hf_ssl2_handshake_challenge,
4147 { "Challenge", "ssl.handshake.challenge",
4148 FT_NONE, BASE_NONE, NULL, 0x0,
4149 "Challenge data used to authenticate server", HFILL }
4151 { &hf_ssl2_handshake_cipher_spec_len,
4152 { "Cipher Spec Length", "ssl.handshake.cipher_spec_len",
4153 FT_UINT16, BASE_DEC, NULL, 0x0,
4154 "Length of cipher specs field", HFILL }
4156 { &hf_ssl2_handshake_session_id_len,
4157 { "Session ID Length", "ssl.handshake.session_id_length",
4158 FT_UINT16, BASE_DEC, NULL, 0x0,
4159 "Length of session ID field", HFILL }
4161 { &hf_ssl2_handshake_challenge_len,
4162 { "Challenge Length", "ssl.handshake.challenge_length",
4163 FT_UINT16, BASE_DEC, NULL, 0x0,
4164 "Length of challenge field", HFILL }
4166 { &hf_ssl2_handshake_clear_key_len,
4167 { "Clear Key Data Length", "ssl.handshake.clear_key_length",
4168 FT_UINT16, BASE_DEC, NULL, 0x0,
4169 "Length of clear key data", HFILL }
4171 { &hf_ssl2_handshake_enc_key_len,
4172 { "Encrypted Key Data Length", "ssl.handshake.encrypted_key_length",
4173 FT_UINT16, BASE_DEC, NULL, 0x0,
4174 "Length of encrypted key data", HFILL }
4176 { &hf_ssl2_handshake_key_arg_len,
4177 { "Key Argument Length", "ssl.handshake.key_arg_length",
4178 FT_UINT16, BASE_DEC, NULL, 0x0,
4179 "Length of key argument", HFILL }
4181 { &hf_ssl2_handshake_clear_key,
4182 { "Clear Key Data", "ssl.handshake.clear_key_data",
4183 FT_NONE, BASE_NONE, NULL, 0x0,
4184 "Clear portion of MASTER-KEY", HFILL }
4186 { &hf_ssl2_handshake_enc_key,
4187 { "Encrypted Key", "ssl.handshake.encrypted_key",
4188 FT_NONE, BASE_NONE, NULL, 0x0,
4189 "Secret portion of MASTER-KEY encrypted to server", HFILL }
4191 { &hf_ssl2_handshake_key_arg,
4192 { "Key Argument", "ssl.handshake.key_arg",
4193 FT_NONE, BASE_NONE, NULL, 0x0,
4194 "Key Argument (e.g., Initialization Vector)", HFILL }
4196 { &hf_ssl2_handshake_session_id_hit,
4197 { "Session ID Hit", "ssl.handshake.session_id_hit",
4198 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
4199 "Did the server find the client's Session ID?", HFILL }
4201 { &hf_ssl2_handshake_cert_type,
4202 { "Certificate Type", "ssl.handshake.cert_type",
4203 FT_UINT8, BASE_DEC, VALS(ssl_20_certificate_type), 0x0,
4204 "Certificate Type", HFILL }
4206 { &hf_ssl2_handshake_connection_id_len,
4207 { "Connection ID Length", "ssl.handshake.connection_id_length",
4208 FT_UINT16, BASE_DEC, NULL, 0x0,
4209 "Length of connection ID", HFILL }
4211 { &hf_ssl2_handshake_connection_id,
4212 { "Connection ID", "ssl.handshake.connection_id",
4213 FT_NONE, BASE_NONE, NULL, 0x0,
4214 "Server's challenge to client", HFILL }
4216 { &hf_pct_handshake_cipher_spec,
4217 { "Cipher Spec", "pct.handshake.cipherspec",
4218 FT_NONE, BASE_NONE, NULL, 0x0,
4219 "PCT Cipher specification", HFILL }
4221 { &hf_pct_handshake_cipher,
4222 { "Cipher", "pct.handshake.cipher",
4223 FT_UINT16, BASE_HEX, VALS(pct_cipher_type), 0x0,
4224 "PCT Ciper", HFILL }
4226 { &hf_pct_handshake_hash_spec,
4227 { "Hash Spec", "pct.handshake.hashspec",
4228 FT_NONE, BASE_NONE, NULL, 0x0,
4229 "PCT Hash specification", HFILL }
4231 { &hf_pct_handshake_hash,
4232 { "Hash", "pct.handshake.hash",
4233 FT_UINT16, BASE_HEX, VALS(pct_hash_type), 0x0,
4236 { &hf_pct_handshake_cert_spec,
4237 { "Cert Spec", "pct.handshake.certspec",
4238 FT_NONE, BASE_NONE, NULL, 0x0,
4239 "PCT Certificate specification", HFILL }
4241 { &hf_pct_handshake_cert,
4242 { "Cert", "pct.handshake.cert",
4243 FT_UINT16, BASE_HEX, VALS(pct_cert_type), 0x0,
4244 "PCT Certificate", HFILL }
4246 { &hf_pct_handshake_exch_spec,
4247 { "Exchange Spec", "pct.handshake.exchspec",
4248 FT_NONE, BASE_NONE, NULL, 0x0,
4249 "PCT Exchange specification", HFILL }
4251 { &hf_pct_handshake_exch,
4252 { "Exchange", "pct.handshake.exch",
4253 FT_UINT16, BASE_HEX, VALS(pct_exch_type), 0x0,
4254 "PCT Exchange", HFILL }
4256 { &hf_pct_handshake_sig,
4257 { "Sig Spec", "pct.handshake.sig",
4258 FT_UINT16, BASE_HEX, VALS(pct_sig_type), 0x0,
4259 "PCT Signature", HFILL }
4261 { &hf_pct_msg_error_type,
4262 { "PCT Error Code", "pct.msg_error_code",
4263 FT_UINT16, BASE_HEX, VALS(pct_error_code), 0x0,
4264 "PCT Error Code", HFILL }
4266 { &hf_pct_handshake_server_cert,
4267 { "Server Cert", "pct.handshake.server_cert",
4268 FT_NONE, BASE_NONE, NULL , 0x0,
4269 "PCT Server Certificate", HFILL }
4273 /* Setup protocol subtree array */
4274 static gint *ett[] = {
4279 &ett_ssl_cipher_suites,
4280 &ett_ssl_comp_methods,
4283 &ett_ssl_cert_types,
4285 &ett_pct_cipher_suites,
4286 &ett_pct_hash_suites,
4287 &ett_pct_cert_suites,
4288 &ett_pct_exch_suites,
4291 /* Register the protocol name and description */
4292 proto_ssl = proto_register_protocol("Secure Socket Layer",
4295 /* Required function calls to register the header fields and
4297 proto_register_field_array(proto_ssl, hf, array_length(hf));
4298 proto_register_subtree_array(ett, array_length(ett));
4301 module_t *ssl_module = prefs_register_protocol(proto_ssl, ssl_parse);
4302 prefs_register_bool_preference(ssl_module,
4303 "desegment_ssl_records",
4304 "Reassemble SSL records spanning multiple TCP segments",
4305 "Whether the SSL dissector should reassemble SSL records spanning multiple TCP segments. "
4306 "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
4308 prefs_register_string_preference(ssl_module, "keys_list", "RSA keys list",
4309 "comma separated list of private RSA keys used for SSL decryption; "
4310 "each list entry must be in the form of <ip>:<port>:<key_file_name>"
4311 "<key_file_name> is the local file name of the RSA private key used by the specified server\n",
4312 (const char **)&ssl_keys_list);
4313 prefs_register_string_preference(ssl_module, "ports_list", "SSL ports list",
4314 "comma separated list of tcp ports numbers to be dissectes as SSL; "
4315 "each list entry must be in the form of <port>:<clear-text-port>"
4316 "<clear-text-port> is the port numbert associated with the protocol tunneled over SSL for this port\n",
4317 (const char **)&ssl_ports_list);
4318 prefs_register_string_preference(ssl_module, "debug_file", "SSL debug file",
4319 "redirect ssl debug to file name; leave empty to disable debug, "
4320 "use \"" SSL_DEBUG_USE_STDERR "\" to redirect output to stderr\n",
4321 (const char **)&ssl_debug_file_name);
4324 register_dissector("ssl", dissect_ssl, proto_ssl);
4326 register_init_routine(ssl_init);
4328 ssl_tap = register_tap("ssl");
4329 ssl_debug_printf("proto_register_ssl: registered tap %s:%d\n",
4333 /* If this dissector uses sub-dissector registration add a registration
4334 * routine. This format is required because a script is used to find
4335 * these routines and create the code that calls these routines.
4338 proto_reg_handoff_ssl(void)
4340 ssl_handle = find_dissector("ssl");
4342 /* add now dissector to default ports.*/