2 * Routines for ssl dissection
3 * Copyright (c) 2000-2001, Scott Renfro <scott@renfro.org>
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 * http://www.netscape.com/eng/security/SSL_2.html
33 * http://www.netscape.com/eng/ssl3/
37 * See RFC 2246 for SSL 3.1/TLS 1.0 specs.
39 * See (among other places)
41 * http://www.graphcomp.com/info/specs/ms/pct.htm
43 * for PCT 1 draft specs.
47 * http://research.sun.com/projects/crypto/draft-ietf-tls-ecc-05.txt
49 * for Elliptic Curve Cryptography cipher suites.
53 * http://www.ietf.org/internet-drafts/draft-ietf-tls-camellia-04.txt
55 * for Camellia-based cipher suites.
59 * - Does not support dissection
60 * of frames that would require state maintained between frames
61 * (e.g., single ssl records spread across multiple tcp frames)
63 * - Identifies, but does not fully dissect the following messages:
65 * - SSLv3/TLS (These need more state from previous handshake msgs)
66 * - Server Key Exchange
67 * - Client Key Exchange
68 * - Certificate Verify
70 * - SSLv2 (These don't appear in the clear)
75 * - Request Certificate
76 * - Client Certificate
78 * - Decryption is supported only for session that use RSA key exchange,
79 * if the host private key is provided via preference.
81 * - Decryption need to be performed 'sequentially', so it's done
82 * at packet reception time. This may cause a significative packet capture
83 * slow down. This also cause do dissect some ssl info that in previous
84 * dissector version were dissected only when a proto_tree context was
87 * We are at Packet reception if time pinfo->fd->flags.visited == 0
101 #include <sys/types.h>
102 #ifdef HAVE_SYS_SOCKET_H
103 #include <sys/socket.h>
108 #include <epan/conversation.h>
109 #include <epan/prefs.h>
110 #include <epan/inet_v6defs.h>
111 #include <epan/dissectors/packet-x509af.h>
112 #include <epan/emem.h>
113 #include <epan/tap.h>
114 #include <epan/filesystem.h>
115 #include <epan/report_err.h>
116 #include "packet-ssl.h"
117 #include "packet-ssl-utils.h"
120 static gboolean ssl_desegment = TRUE;
121 static gboolean ssl_desegment_app_data = TRUE;
124 /*********************************************************************
126 * Protocol Constants, Variables, Data Structures
128 *********************************************************************/
130 /* Initialize the protocol and registered fields */
131 static gint ssl_tap = -1;
132 static gint proto_ssl = -1;
133 static gint hf_ssl_record = -1;
134 static gint hf_ssl_record_content_type = -1;
135 static gint hf_ssl_record_version = -1;
136 static gint hf_ssl_record_length = -1;
137 static gint hf_ssl_record_appdata = -1;
138 static gint hf_ssl2_record = -1;
139 static gint hf_ssl2_record_is_escape = -1;
140 static gint hf_ssl2_record_padding_length = -1;
141 static gint hf_ssl2_msg_type = -1;
142 static gint hf_pct_msg_type = -1;
143 static gint hf_ssl_change_cipher_spec = -1;
144 static gint hf_ssl_alert_message = -1;
145 static gint hf_ssl_alert_message_level = -1;
146 static gint hf_ssl_alert_message_description = -1;
147 static gint hf_ssl_handshake_protocol = -1;
148 static gint hf_ssl_handshake_type = -1;
149 static gint hf_ssl_handshake_length = -1;
150 static gint hf_ssl_handshake_client_version = -1;
151 static gint hf_ssl_handshake_server_version = -1;
152 static gint hf_ssl_handshake_random_time = -1;
153 static gint hf_ssl_handshake_random_bytes = -1;
154 static gint hf_ssl_handshake_cipher_suites_len = -1;
155 static gint hf_ssl_handshake_cipher_suites = -1;
156 static gint hf_ssl_handshake_cipher_suite = -1;
157 static gint hf_ssl_handshake_session_id = -1;
158 static gint hf_ssl_handshake_comp_methods_len = -1;
159 static gint hf_ssl_handshake_comp_methods = -1;
160 static gint hf_ssl_handshake_comp_method = -1;
161 static gint hf_ssl_handshake_extensions_len = -1;
162 static gint hf_ssl_handshake_extension_type = -1;
163 static gint hf_ssl_handshake_extension_len = -1;
164 static gint hf_ssl_handshake_extension_data = -1;
165 static gint hf_ssl_handshake_certificates_len = -1;
166 static gint hf_ssl_handshake_certificates = -1;
167 static gint hf_ssl_handshake_certificate = -1;
168 static gint hf_ssl_handshake_certificate_len = -1;
169 static gint hf_ssl_handshake_cert_types_count = -1;
170 static gint hf_ssl_handshake_cert_types = -1;
171 static gint hf_ssl_handshake_cert_type = -1;
172 static gint hf_ssl_handshake_finished = -1;
173 static gint hf_ssl_handshake_md5_hash = -1;
174 static gint hf_ssl_handshake_sha_hash = -1;
175 static gint hf_ssl_handshake_session_id_len = -1;
176 static gint hf_ssl_handshake_dnames_len = -1;
177 static gint hf_ssl_handshake_dnames = -1;
178 static gint hf_ssl_handshake_dname_len = -1;
179 static gint hf_ssl_handshake_dname = -1;
180 static gint hf_ssl2_handshake_cipher_spec_len = -1;
181 static gint hf_ssl2_handshake_session_id_len = -1;
182 static gint hf_ssl2_handshake_challenge_len = -1;
183 static gint hf_ssl2_handshake_cipher_spec = -1;
184 static gint hf_ssl2_handshake_challenge = -1;
185 static gint hf_ssl2_handshake_clear_key_len = -1;
186 static gint hf_ssl2_handshake_enc_key_len = -1;
187 static gint hf_ssl2_handshake_key_arg_len = -1;
188 static gint hf_ssl2_handshake_clear_key = -1;
189 static gint hf_ssl2_handshake_enc_key = -1;
190 static gint hf_ssl2_handshake_key_arg = -1;
191 static gint hf_ssl2_handshake_session_id_hit = -1;
192 static gint hf_ssl2_handshake_cert_type = -1;
193 static gint hf_ssl2_handshake_connection_id_len = -1;
194 static gint hf_ssl2_handshake_connection_id = -1;
195 static gint hf_pct_handshake_cipher_spec = -1;
196 static gint hf_pct_handshake_hash_spec = -1;
197 static gint hf_pct_handshake_cert_spec = -1;
198 static gint hf_pct_handshake_cert = -1;
199 static gint hf_pct_handshake_server_cert = -1;
200 static gint hf_pct_handshake_exch_spec = -1;
201 static gint hf_pct_handshake_hash = -1;
202 static gint hf_pct_handshake_cipher = -1;
203 static gint hf_pct_handshake_exch = -1;
204 static gint hf_pct_handshake_sig = -1;
205 static gint hf_pct_msg_error_type = -1;
207 /* Initialize the subtree pointers */
208 static gint ett_ssl = -1;
209 static gint ett_ssl_record = -1;
210 static gint ett_ssl_alert = -1;
211 static gint ett_ssl_handshake = -1;
212 static gint ett_ssl_cipher_suites = -1;
213 static gint ett_ssl_comp_methods = -1;
214 static gint ett_ssl_extension = -1;
215 static gint ett_ssl_certs = -1;
216 static gint ett_ssl_cert_types = -1;
217 static gint ett_ssl_dnames = -1;
218 static gint ett_ssl_random = -1;
219 static gint ett_pct_cipher_suites = -1;
220 static gint ett_pct_hash_suites = -1;
221 static gint ett_pct_cert_suites = -1;
222 static gint ett_pct_exch_suites = -1;
224 static GHashTable *ssl_session_hash = NULL;
225 static GHashTable *ssl_key_hash = NULL;
226 static GTree* ssl_associations = NULL;
227 static dissector_handle_t ssl_handle = NULL;
228 static StringInfo ssl_decrypted_data = {NULL, 0};
229 static gint ssl_decrypted_data_avail = 0;
231 static gchar* ssl_keys_list = NULL;
232 static gchar* ssl_debug_file_name = NULL;
234 /* Forward declaration we need below */
235 void proto_reg_handoff_ssl(void);
237 /* initialize/reset per capture state data (ssl sessions cache) */
241 ssl_common_init(&ssl_session_hash, &ssl_decrypted_data);
244 /* parse ssl related preferences (private keys and ports association strings) */
248 ep_stack_t tmp_stack;
249 SslAssociation *tmp_assoc;
255 ssl_set_debug(ssl_debug_file_name);
259 g_hash_table_foreach(ssl_key_hash, ssl_private_key_free, NULL);
260 g_hash_table_destroy(ssl_key_hash);
263 /* remove only associations created from key list */
264 tmp_stack = ep_stack_new();
265 g_tree_traverse(ssl_associations, ssl_assoc_from_key_list, G_IN_ORDER, tmp_stack);
266 while ((tmp_assoc = ep_stack_pop(tmp_stack)) != NULL) {
267 ssl_association_remove(ssl_associations, tmp_assoc);
270 /* parse private keys string, load available keys and put them in key hash*/
271 ssl_key_hash = g_hash_table_new(ssl_private_key_hash,ssl_private_key_equal);
273 if (ssl_keys_list && (ssl_keys_list[0] != 0))
275 if (file_exists(ssl_keys_list)) {
276 if ((ssl_keys_file = fopen(ssl_keys_list, "r"))) {
277 fstat(fileno(ssl_keys_file), &statb);
278 size = statb.st_size;
279 tmp_buf = ep_alloc0(size + 1);
280 fread(tmp_buf, size, 1, ssl_keys_file);
281 tmp_buf[size] = '\0';
282 fclose(ssl_keys_file);
283 ssl_parse_key_list(tmp_buf,ssl_key_hash,ssl_associations,ssl_handle,TRUE);
285 report_open_failure(ssl_keys_list, errno, FALSE);
289 ssl_parse_key_list(ssl_keys_list,ssl_key_hash,ssl_associations,ssl_handle,TRUE);
295 /* function that save app_data during sub protocol reassembling */
297 ssl_add_app_data(SslDecryptSession* ssl, guchar* data, gint data_len){
299 app=&ssl->app_data_segment;
301 if(app->data_len!=0){
304 tmp=g_malloc(app->data_len);
305 tmp_len=app->data_len;
306 memcpy(tmp,app->data,app->data_len);
310 app->data=g_malloc(tmp_len+data_len);
311 app->data_len=tmp_len+data_len;
312 memcpy(app->data,tmp,tmp_len);
314 memcpy(app->data+tmp_len, data,data_len);
320 app->data=g_malloc(data_len);
321 app->data_len=data_len;
322 memcpy(app->data,data,data_len);
327 ssl_desegment_ssl_app_data(SslDecryptSession * ssl, packet_info *pinfo){
329 SslAssociation* association;
331 pi = p_get_proto_data(pinfo->fd, proto_ssl);
332 if (pi && pi->app_data.data)
336 /* find out a dissector using server port*/
337 association = ssl_association_find(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP);
338 association = association ? association: ssl_association_find(ssl_associations, pinfo->destport, pinfo->ptype == PT_TCP);
339 /* create a copy of packet_info */
340 pp=g_malloc(sizeof(packet_info));
341 memcpy(pp, pinfo, sizeof(packet_info));
343 if (association && association->handle) {
344 /* it's the first SS segmented packet */
345 if(ssl->app_data_segment.data==NULL){
346 /* create new tvbuff for the decrypted data */
347 new_tvb = tvb_new_real_data(pi->app_data.data,
348 pi->app_data.data_len, pi->app_data.data_len);
349 tvb_set_free_cb(new_tvb, g_free);
350 /* we allow subdissector to tell us more bytes */
352 /* subdissector call */
353 call_dissector(association->handle, new_tvb, pp, NULL);
354 /* if the dissector need more bytes */
355 if(pp->desegment_len>0){
356 /* we save the actual data to reuse them later */
357 ssl_add_app_data(ssl, pi->app_data.data, pi->app_data.data_len);
358 /* we remove data to forbid subdissection */
359 p_remove_proto_data(pinfo->fd, proto_ssl);
360 /* update of COL_INFO */
361 if (check_col(pinfo->cinfo, COL_INFO)){
362 col_append_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]");
363 pinfo->cinfo->writable=FALSE;
370 /* it isn't the first SSL segmented packet */
371 /* we add actual data to reuse them later */
372 ssl_add_app_data(ssl, pi->app_data.data, pi->app_data.data_len);
373 /* create new tvbuff for the decrypted data */
374 new_tvb = tvb_new_real_data(ssl->app_data_segment.data,
375 ssl->app_data_segment.data_len,
376 ssl->app_data_segment.data_len);
377 tvb_set_free_cb(new_tvb, g_free);
378 /* we allow subdissector to tell us more bytes */
380 /* subdissector call */
381 call_dissector(association->handle, new_tvb, pp, NULL);
382 /* if the dissector need more bytes */
383 if(pp->desegment_len>0){
384 /* we remove data to forbid subdissection */
385 p_remove_proto_data(pinfo->fd, proto_ssl);
386 /* update of COL_INFO */
387 if (check_col(pinfo->cinfo, COL_INFO)){
388 col_append_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]");
389 pinfo->cinfo->writable=FALSE;
395 /* we create SslPacketInfo to save data */
396 pi2=g_malloc(sizeof(SslPacketInfo));
397 pi2->app_data.data=g_malloc(ssl->app_data_segment.data_len);
398 memcpy(pi2->app_data.data,ssl->app_data_segment.data,ssl->app_data_segment.data_len);
399 pi2->app_data.data_len=ssl->app_data_segment.data_len;
401 /* we remove data if it's useful */
402 p_remove_proto_data(pinfo->fd, proto_ssl);
403 /* we add reassembled subprotocol data */
404 p_add_proto_data(pinfo->fd, proto_ssl, pi2);
405 /* we delete saved app_data */
406 if(ssl->app_data_segment.data)
407 g_free(ssl->app_data_segment.data);
408 ssl->app_data_segment.data=NULL;
409 ssl->app_data_segment.data_len=0;
412 /* we delete pp structure */
420 /*********************************************************************
422 * Forward Declarations
424 *********************************************************************/
427 * SSL version 3 and TLS dissectors
430 /* record layer dissector */
431 static gint dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
432 proto_tree *tree, guint32 offset,
434 gboolean *need_desegmentation,
435 SslDecryptSession *conv_data,
436 gboolean first_record_in_frame);
438 /* change cipher spec dissector */
439 static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
442 guint *conv_version, guint8 content_type);
444 /* alert message dissector */
445 static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
446 proto_tree *tree, guint32 offset,
447 guint *conv_version);
449 /* handshake protocol dissector */
450 static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
451 proto_tree *tree, guint32 offset,
452 guint32 record_length,
454 SslDecryptSession *conv_data, guint8 content_type);
457 static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
459 guint32 offset, guint32 length,
460 SslDecryptSession* ssl);
462 static void dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
464 guint32 offset, guint32 length,
465 SslDecryptSession* ssl);
467 static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
468 proto_tree *tree, guint32 offset, packet_info *pinfo);
470 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
474 static void dissect_ssl3_hnd_finished(tvbuff_t *tvb,
477 guint* conv_version);
481 * SSL version 2 dissectors
485 /* record layer dissector */
486 static gint dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
487 proto_tree *tree, guint32 offset,
489 gboolean *need_desegmentation,
490 SslDecryptSession* ssl);
492 /* client hello dissector */
493 static void dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
496 SslDecryptSession* ssl);
498 static void dissect_pct_msg_client_hello(tvbuff_t *tvb,
502 /* client master key dissector */
503 static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
506 static void dissect_pct_msg_client_master_key(tvbuff_t *tvb,
510 /* server hello dissector */
511 static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
513 guint32 offset, packet_info *pinfo);
514 static void dissect_pct_msg_server_hello(tvbuff_t *tvb,
516 guint32 offset, packet_info *pinfo);
519 static void dissect_pct_msg_server_verify(tvbuff_t *tvb,
523 static void dissect_pct_msg_error(tvbuff_t *tvb,
531 /*static void ssl_set_conv_version(packet_info *pinfo, guint version);*/
532 static gint ssl_is_valid_handshake_type(guint8 type);
533 static gint ssl_is_valid_ssl_version(guint16 version);
534 static gint ssl_is_authoritative_version_message(guint8 content_type,
536 static gint ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset);
537 static gint ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset);
538 static gint ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset);
539 static gint ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb,
541 guint32 record_length);
542 static gint ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb,
544 guint32 record_length);
545 /*********************************************************************
549 *********************************************************************/
551 * Code to actually dissect the packets
554 dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
557 conversation_t *conversation;
560 proto_tree *ssl_tree;
562 gboolean first_record_in_frame;
563 gboolean need_desegmentation;
564 SslDecryptSession* ssl_session;
569 first_record_in_frame = TRUE;
572 ssl_debug_printf("\ndissect_ssl enter frame #%u (%s)\n", pinfo->fd->num, (pinfo->fd->flags.visited)?"already visited":"first time");
574 /* Track the version using conversations to reduce the
575 * chance that a packet that simply *looks* like a v2 or
576 * v3 packet is dissected improperly. This also allows
577 * us to more frequently set the protocol column properly
578 * for continuation data frames.
580 * Also: We use the copy in conv_version as our cached copy,
581 * so that we don't have to search the conversation
582 * table every time we want the version; when setting
583 * the conv_version, must set the copy in the conversation
584 * in addition to conv_version
586 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
587 pinfo->srcport, pinfo->destport, 0);
591 /* create a new conversation */
592 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
593 pinfo->srcport, pinfo->destport, 0);
595 conv_data = conversation_get_proto_data(conversation, proto_ssl);
597 /* PAOLO: manage ssl decryption data */
598 /*get a valid ssl session pointer*/
599 if (conv_data != NULL)
600 ssl_session = conv_data;
604 ssl_session = se_alloc0(sizeof(SslDecryptSession));
605 ssl_session_init(ssl_session);
606 ssl_session->version = SSL_VER_UNKNOWN;
607 conversation_add_proto_data(conversation, proto_ssl, ssl_session);
609 /* we need to know witch side of conversation is speaking*/
610 if (ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP)) {
611 dummy.addr = pinfo->src;
612 dummy.port = pinfo->srcport;
615 dummy.addr = pinfo->dst;
616 dummy.port = pinfo->destport;
618 ssl_debug_printf("dissect_ssl server %hhu.%hhu.%hhu.%hhu:%u\n",
620 dummy.addr.data[1],dummy.addr.data[2],
621 dummy.addr.data[3],dummy.port);
623 /* try to retrive private key for this service. Do it now 'cause pinfo
624 * is not always available
625 * Note that with HAVE_LIBGNUTLS undefined private_key is allways 0
626 * and thus decryption never engaged*/
627 ssl_session->private_key = g_hash_table_lookup(ssl_key_hash, &dummy);
628 if (!ssl_session->private_key)
629 ssl_debug_printf("dissect_ssl can't find private key for this server!\n");
631 conv_version= & ssl_session->version;
633 /* try decryption only the first time we see this packet
634 * (to keep cipher syncronized)and only if we have
635 * the server private key*/
636 if (!ssl_session->private_key || pinfo->fd->flags.visited)
639 /* Initialize the protocol column; we'll set it later when we
640 * figure out what flavor of SSL it is (assuming we don't
641 * throw an exception before we get the chance to do so). */
642 if (check_col(pinfo->cinfo, COL_PROTOCOL))
644 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSL");
646 /* clear the the info column */
647 if (check_col(pinfo->cinfo, COL_INFO))
648 col_clear(pinfo->cinfo, COL_INFO);
650 /* TCP packets and SSL records are orthogonal.
651 * A tcp packet may contain multiple ssl records and an ssl
652 * record may be spread across multiple tcp packets.
654 * This loop accounts for multiple ssl records in a single
655 * frame, but not a single ssl record across multiple tcp
658 * Handling the single ssl record across multiple packets
659 * may be possible using ethereal conversations, but
660 * probably not cleanly. May have to wait for tcp stream
664 /* Create display subtree for SSL as a whole */
667 ti = proto_tree_add_item(tree, proto_ssl, tvb, 0, -1, FALSE);
668 ssl_tree = proto_item_add_subtree(ti, ett_ssl);
670 /* iterate through the records in this tvbuff */
671 while (tvb_reported_length_remaining(tvb, offset) != 0)
673 /* on second and subsequent records per frame
674 * add a delimiter on info column
676 if (!first_record_in_frame
677 && check_col(pinfo->cinfo, COL_INFO))
679 col_append_str(pinfo->cinfo, COL_INFO, ", ");
683 * Assume, for now, that this doesn't need desegmentation.
685 need_desegmentation = FALSE;
687 /* first try to dispatch off the cached version
688 * known to be associated with the conversation
690 switch(*conv_version) {
693 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
694 offset, conv_version,
695 &need_desegmentation,
701 /* the version tracking code works too well ;-)
702 * at times, we may visit a v2 client hello after
703 * we already know the version of the connection;
704 * work around that here by detecting and calling
705 * the v2 dissector instead
707 if (ssl_is_v2_client_hello(tvb, offset))
709 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
710 offset, conv_version,
711 &need_desegmentation,
716 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
717 offset, conv_version,
718 &need_desegmentation,
720 first_record_in_frame);
724 /* that failed, so apply some heuristics based
725 * on this individual packet
728 if (ssl_looks_like_sslv2(tvb, offset))
730 /* looks like sslv2 or pct client hello */
731 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
732 offset, conv_version,
733 &need_desegmentation,
736 else if (ssl_looks_like_sslv3(tvb, offset))
738 /* looks like sslv3 or tls */
739 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
740 offset, conv_version,
741 &need_desegmentation,
743 first_record_in_frame);
747 /* looks like something unknown, so lump into
750 offset = tvb_length(tvb);
751 if (check_col(pinfo->cinfo, COL_INFO))
752 col_append_str(pinfo->cinfo, COL_INFO,
753 "Continuation Data");
755 /* Set the protocol column */
756 if (check_col(pinfo->cinfo, COL_PROTOCOL))
758 col_set_str(pinfo->cinfo, COL_PROTOCOL,
759 ssl_version_short_names[*conv_version]);
765 /* Desegmentation return check */
766 if (need_desegmentation)
768 /* set up for next record in frame, if any */
769 first_record_in_frame = FALSE;
771 if (check_col(pinfo->cinfo, COL_INFO))
772 col_set_fence(pinfo->cinfo, COL_INFO);
773 tap_queue_packet(ssl_tap, pinfo, (gpointer)proto_ssl);
777 decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
778 guint32 record_length, guint8 content_type, SslDecryptSession* ssl,
779 gboolean save_plaintext)
785 /* if we can decrypt and decryption have success
786 * add decrypted data to this packet info*/
787 ssl_debug_printf("decrypt_ssl3_record: app_data len %d ssl, state 0x%02X\n",
788 record_length, ssl->state);
789 if (!(ssl->state & SSL_HAVE_SESSION_KEY)) {
790 ssl_debug_printf("decrypt_ssl3_record: no session key\n");
794 /* retrive decoder for this packet direction*/
795 if ((direction = ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP)) != 0) {
796 ssl_debug_printf("decrypt_ssl3_record: using server decoder\n");
797 decoder = &ssl->server;
800 ssl_debug_printf("decrypt_ssl3_record: using client decoder\n");
801 decoder = &ssl->client;
804 /* ensure we have enough storage space for decrypted data */
805 if (record_length > ssl_decrypted_data.data_len)
807 ssl_debug_printf("decrypt_ssl3_record: allocating %d bytes"
808 " for decrypt data (old len %d)\n",
809 record_length + 32, ssl_decrypted_data.data_len);
810 ssl_decrypted_data.data = g_realloc(ssl_decrypted_data.data,
812 ssl_decrypted_data.data_len = record_length + 32;
815 /* run decryption and add decrypted payload to protocol data, if decryption
817 ssl_decrypted_data_avail = ssl_decrypted_data.data_len;
818 if (ssl_decrypt_record(ssl, decoder,
819 content_type, tvb_get_ptr(tvb, offset, record_length),
820 record_length, ssl_decrypted_data.data, &ssl_decrypted_data_avail) == 0)
822 if (ret && save_plaintext)
825 pi = p_get_proto_data(pinfo->fd, proto_ssl);
828 ssl_debug_printf("decrypt_ssl3_record: allocating app_data %d "
829 "bytes for app data\n", ssl_decrypted_data_avail);
830 /* first app data record: allocate and put packet data*/
831 pi = se_alloc0(sizeof(SslPacketInfo));
832 pi->app_data.data = se_alloc(ssl_decrypted_data_avail);
833 pi->app_data.data_len = ssl_decrypted_data_avail;
834 memcpy(pi->app_data.data, ssl_decrypted_data.data, ssl_decrypted_data_avail);
838 /* update previus record*/
839 ssl_debug_printf("decrypt_ssl3_record: reallocating app_data "
840 "%d bytes for app data (total %d appdata bytes)\n",
841 ssl_decrypted_data_avail, pi->app_data.data_len + ssl_decrypted_data_avail);
842 store = se_alloc(pi->app_data.data_len + ssl_decrypted_data_avail);
843 memcpy(store, pi->app_data.data, pi->app_data.data_len);
844 memcpy(&store[pi->app_data.data_len], ssl_decrypted_data.data, ssl_decrypted_data_avail);
845 pi->app_data.data_len += ssl_decrypted_data_avail;
847 /* old decrypted data ptr here appare to be leaked, but it's
848 * collected by emem allocator */
849 pi->app_data.data = store;
851 /* data ptr is changed, so remove old one and re-add the new one*/
852 ssl_debug_printf("decrypt_ssl3_record: removing old app_data ptr\n");
853 p_remove_proto_data(pinfo->fd, proto_ssl);
856 ssl_debug_printf("decrypt_ssl3_record: setting decrypted app_data ptr %p\n",pi);
857 p_add_proto_data(pinfo->fd, proto_ssl, pi);
864 /*********************************************************************
866 * SSL version 3 and TLS Dissection Routines
868 *********************************************************************/
870 dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
871 proto_tree *tree, guint32 offset,
872 guint *conv_version, gboolean *need_desegmentation,
873 SslDecryptSession* ssl, gboolean first_record_in_frame)
878 * uint8 major, minor;
883 * change_cipher_spec(20), alert(21), handshake(22),
884 * application_data(23), (255)
889 * ProtocolVersion version;
891 * opaque fragment[TLSPlaintext.length];
894 guint32 record_length;
899 proto_tree *ssl_record_tree;
900 guint32 available_bytes;
902 SslAssociation* association;
904 ssl_record_tree = NULL;
907 available_bytes = tvb_length_remaining(tvb, offset);
910 * Can we do reassembly?
912 if (ssl_desegment && pinfo->can_desegment) {
914 * Yes - is the record header split across segment boundaries?
916 if (available_bytes < 5) {
918 * Yes. Tell the TCP dissector where the data for this
919 * message starts in the data it handed us, and how many
920 * more bytes we need, and return.
922 pinfo->desegment_offset = offset;
923 pinfo->desegment_len = 5 - available_bytes;
924 *need_desegmentation = TRUE;
930 * Get the record layer fields of interest
932 content_type = tvb_get_guint8(tvb, offset);
933 version = tvb_get_ntohs(tvb, offset + 1);
934 record_length = tvb_get_ntohs(tvb, offset + 3);
936 if (ssl_is_valid_content_type(content_type)) {
939 * Can we do reassembly?
941 if (ssl_desegment && pinfo->can_desegment) {
943 * Yes - is the record split across segment boundaries?
945 if (available_bytes < record_length + 5) {
947 * Yes. Tell the TCP dissector where the data for this
948 * message starts in the data it handed us, and how many
949 * more bytes we need, and return.
951 pinfo->desegment_offset = offset;
952 pinfo->desegment_len = (record_length + 5) - available_bytes;
953 *need_desegmentation = TRUE;
960 /* if we don't have a valid content_type, there's no sense
961 * continuing any further
963 if (check_col(pinfo->cinfo, COL_INFO))
964 col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
966 /* Set the protocol column */
967 if (check_col(pinfo->cinfo, COL_PROTOCOL))
969 col_set_str(pinfo->cinfo, COL_PROTOCOL,
970 ssl_version_short_names[*conv_version]);
972 return offset + 5 + record_length;
976 * If GUI, fill in record layer part of tree
981 /* add the record layer subtree header */
982 tvb_ensure_bytes_exist(tvb, offset, 5 + record_length);
983 ti = proto_tree_add_item(tree, hf_ssl_record, tvb,
984 offset, 5 + record_length, 0);
985 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
990 /* show the one-byte content type */
991 proto_tree_add_item(ssl_record_tree, hf_ssl_record_content_type,
995 /* add the version */
996 proto_tree_add_item(ssl_record_tree, hf_ssl_record_version, tvb,
1000 /* add the length */
1001 proto_tree_add_uint(ssl_record_tree, hf_ssl_record_length, tvb,
1002 offset, 2, record_length);
1003 offset += 2; /* move past length field itself */
1007 /* if no GUI tree, then just skip over those fields */
1013 * if we don't already have a version set for this conversation,
1014 * but this message's version is authoritative (i.e., it's
1015 * not client_hello, then save the version to to conversation
1016 * structure and print the column version
1018 next_byte = tvb_get_guint8(tvb, offset);
1019 if (*conv_version == SSL_VER_UNKNOWN
1020 && ssl_is_authoritative_version_message(content_type, next_byte))
1022 if (version == SSLV3_VERSION)
1024 *conv_version = SSL_VER_SSLv3;
1026 ssl->version_netorder = version;
1027 ssl->state |= SSL_VERSION;
1028 ssl_debug_printf("dissect_ssl3_record found version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
1030 /*ssl_set_conv_version(pinfo, ssl->version);*/
1032 else if (version == TLSV1_VERSION)
1035 *conv_version = SSL_VER_TLS;
1037 ssl->version_netorder = version;
1038 ssl->state |= SSL_VERSION;
1039 ssl_debug_printf("dissect_ssl3_record found version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
1041 /*ssl_set_conv_version(pinfo, ssl->version);*/
1043 else if (version == TLSV1DOT1_VERSION)
1046 *conv_version = SSL_VER_TLSv1DOT1;
1048 ssl->version_netorder = version;
1049 ssl->state |= SSL_VERSION;
1050 ssl_debug_printf("dissect_ssl3_record found version 0x%04X -> state 0x%02X\n", ssl->version_netorder, ssl->state);
1052 /*ssl_set_conv_version(pinfo, ssl->version);*/
1055 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1057 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1058 ssl_version_short_names[*conv_version]);
1062 * now dissect the next layer
1064 ssl_debug_printf("dissect_ssl3_record: content_type %d\n",content_type);
1066 /* PAOLO try to decrypt each record (we must keep ciphers "in sync")
1067 * store plain text only for app data */
1069 switch (content_type) {
1070 case SSL_ID_CHG_CIPHER_SPEC:
1071 if (check_col(pinfo->cinfo, COL_INFO))
1072 col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
1073 dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree,
1074 offset, conv_version, content_type);
1075 ssl_debug_printf("dissect_ssl3_change_cipher_spec\n");
1079 tvbuff_t* decrypted;
1081 if (ssl&&decrypt_ssl3_record(tvb, pinfo, offset,
1082 record_length, content_type, ssl, FALSE))
1083 ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data,
1084 ssl_decrypted_data_avail, offset);
1086 /* try to retrive and use decrypted alert record, if any. */
1087 decrypted = ssl_get_record_info(proto_ssl, pinfo, offset);
1089 dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0,
1092 dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
1096 case SSL_ID_HANDSHAKE:
1098 tvbuff_t* decrypted;
1100 /* try to decrypt handshake record, if possible. Store decrypted
1101 * record for later usage. The offset is used as 'key' to itentify
1102 * this record into the packet (we can have multiple handshake records
1103 * in the same frame) */
1104 if (ssl && decrypt_ssl3_record(tvb, pinfo, offset,
1105 record_length, content_type, ssl, FALSE))
1106 ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data,
1107 ssl_decrypted_data_avail, offset);
1109 /* try to retrive and use decrypted handshake record, if any. */
1110 decrypted = ssl_get_record_info(proto_ssl, pinfo, offset);
1112 /* add desegmented data to the data source list */
1113 add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
1114 dissect_ssl3_handshake(decrypted, pinfo, ssl_record_tree, 0,
1115 decrypted->length, conv_version, ssl, content_type);
1117 dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
1118 record_length, conv_version, ssl, content_type);
1122 case SSL_ID_APP_DATA:
1124 decrypt_ssl3_record(tvb, pinfo, offset,
1125 record_length, content_type, ssl, TRUE);
1126 /* if application data desegmentation is allowed and needed */
1127 if(ssl_desegment_app_data && *need_desegmentation)
1128 ssl_desegment_ssl_app_data(ssl,pinfo);
1133 /* show on info colum what we are decoding */
1134 if (check_col(pinfo->cinfo, COL_INFO))
1135 col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
1137 /* we need dissector information when the selected packet is shown.
1138 * ssl session pointer is NULL at that time, so we can't access
1139 * info cached there*/
1140 association = ssl_association_find(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP);
1141 association = association ? association: ssl_association_find(ssl_associations, pinfo->destport, pinfo->ptype == PT_TCP);
1143 proto_item_set_text(ssl_record_tree,
1144 "%s Record Layer: %s Protocol: %s",
1145 ssl_version_short_names[*conv_version],
1146 val_to_str(content_type, ssl_31_content_type, "unknown"),
1147 association?association->info:"Application Data");
1150 proto_tree_add_item(ssl_record_tree, hf_ssl_record_appdata, tvb,
1151 offset, record_length, 0);
1153 /* show decrypted data info, if available */
1154 pi = p_get_proto_data(pinfo->fd, proto_ssl);
1155 if (pi && pi->app_data.data && (pi->app_data.data_len > 0) &&
1156 first_record_in_frame)
1160 /* try to dissect decrypted data*/
1161 ssl_debug_printf("dissect_ssl3_record decrypted len %d\n",
1162 pi->app_data.data_len);
1164 /* create new tvbuff for the decrypted data */
1165 new_tvb = tvb_new_real_data(pi->app_data.data,
1166 pi->app_data.data_len, pi->app_data.data_len);
1168 /* add this tvb as a child to the original one */
1169 tvb_set_child_real_data_tvbuff(tvb, new_tvb);
1171 /* add desegmented data to the data source list */
1172 add_new_data_source(pinfo, new_tvb, "Decrypted SSL data");
1174 /* find out a dissector using server port*/
1175 if (association && association->handle) {
1176 ssl_debug_printf("dissect_ssl3_record found association %p\n", association);
1177 ssl_print_text_data("decrypted app data",pi->app_data.data,
1178 pi->app_data.data_len);
1180 call_dissector(association->handle, new_tvb, pinfo, tree?tree->parent:NULL);
1186 /* shouldn't get here since we check above for valid types */
1187 if (check_col(pinfo->cinfo, COL_INFO))
1188 col_append_str(pinfo->cinfo, COL_INFO, "Bad SSLv3 Content Type");
1191 offset += record_length; /* skip to end of record */
1196 /* dissects the change cipher spec procotol, filling in the tree */
1198 dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
1199 proto_tree *tree, guint32 offset,
1200 guint* conv_version, guint8 content_type)
1204 * enum { change_cipher_spec(1), (255) } type;
1205 * } ChangeCipherSpec;
1210 proto_item_set_text(tree,
1211 "%s Record Layer: %s Protocol: Change Cipher Spec",
1212 ssl_version_short_names[*conv_version],
1213 val_to_str(content_type, ssl_31_content_type, "unknown"));
1214 proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
1215 offset++, 1, FALSE);
1219 /* dissects the alert message, filling in the tree */
1221 dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
1222 proto_tree *tree, guint32 offset,
1223 guint* conv_version)
1227 * AlertDescription description;
1231 proto_tree *ssl_alert_tree;
1235 ssl_alert_tree = NULL;
1238 ti = proto_tree_add_item(tree, hf_ssl_alert_message, tvb,
1240 ssl_alert_tree = proto_item_add_subtree(ti, ett_ssl_alert);
1244 * set the record layer label
1247 /* first lookup the names for the alert level and description */
1248 byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
1249 level = match_strval(byte, ssl_31_alert_level);
1251 byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
1252 desc = match_strval(byte, ssl_31_alert_description);
1254 /* now set the text in the record layer line */
1257 if (check_col(pinfo->cinfo, COL_INFO))
1258 col_append_fstr(pinfo->cinfo, COL_INFO,
1259 "Alert (Level: %s, Description: %s)",
1264 if (check_col(pinfo->cinfo, COL_INFO))
1265 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
1272 proto_item_set_text(tree, "%s Record Layer: Alert "
1273 "(Level: %s, Description: %s)",
1274 ssl_version_short_names[*conv_version],
1276 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
1277 tvb, offset++, 1, FALSE);
1279 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_description,
1280 tvb, offset++, 1, FALSE);
1284 proto_item_set_text(tree,
1285 "%s Record Layer: Encrypted Alert",
1286 ssl_version_short_names[*conv_version]);
1287 proto_item_set_text(ssl_alert_tree,
1288 "Alert Message: Encrypted Alert");
1294 /* dissects the handshake protocol, filling the tree */
1296 dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
1297 proto_tree *tree, guint32 offset,
1298 guint32 record_length, guint *conv_version,
1299 SslDecryptSession* ssl, guint8 content_type)
1302 * HandshakeType msg_type;
1304 * select (HandshakeType) {
1305 * case hello_request: HelloRequest;
1306 * case client_hello: ClientHello;
1307 * case server_hello: ServerHello;
1308 * case certificate: Certificate;
1309 * case server_key_exchange: ServerKeyExchange;
1310 * case certificate_request: CertificateRequest;
1311 * case server_hello_done: ServerHelloDone;
1312 * case certificate_verify: CertificateVerify;
1313 * case client_key_exchange: ClientKeyExchange;
1314 * case finished: Finished;
1319 proto_tree *ssl_hand_tree;
1320 const gchar *msg_type_str;
1323 gboolean first_iteration;
1325 ssl_hand_tree = NULL;
1326 msg_type_str = NULL;
1327 first_iteration = TRUE;
1329 /* just as there can be multiple records per packet, there
1330 * can be multiple messages per record as long as they have
1331 * the same content type
1333 * we really only care about this for handshake messages
1336 /* set record_length to the max offset */
1337 record_length += offset;
1338 while (offset < record_length)
1340 msg_type = tvb_get_guint8(tvb, offset);
1341 msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
1342 length = tvb_get_ntoh24(tvb, offset + 1);
1344 ssl_debug_printf("dissect_ssl3_handshake iteration %d type %d offset %d length %d "
1345 "bytes, remaining %d \n", first_iteration, msg_type, offset, length, record_length);
1346 if (!msg_type_str && !first_iteration)
1348 /* only dissect / report messages if they're
1349 * either the first message in this record
1350 * or they're a valid message type
1355 /* on second and later iterations, add comma to info col */
1356 if (!first_iteration)
1358 if (check_col(pinfo->cinfo, COL_INFO))
1359 col_append_fstr(pinfo->cinfo, COL_INFO, ", ");
1363 * Update our info string
1365 if (check_col(pinfo->cinfo, COL_INFO))
1366 col_append_fstr(pinfo->cinfo, COL_INFO, "%s", (msg_type_str != NULL)
1367 ? msg_type_str : "Encrypted Handshake Message");
1371 /* set the label text on the record layer expanding node */
1372 if (first_iteration)
1374 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
1375 ssl_version_short_names[*conv_version],
1376 val_to_str(content_type, ssl_31_content_type, "unknown"),
1377 (msg_type_str!=NULL) ? msg_type_str :
1378 "Encrypted Handshake Message");
1382 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
1383 ssl_version_short_names[*conv_version],
1384 val_to_str(content_type, ssl_31_content_type, "unknown"),
1385 "Multiple Handshake Messages");
1388 /* add a subtree for the handshake protocol */
1389 ti = proto_tree_add_item(tree, hf_ssl_handshake_protocol, tvb,
1390 offset, length + 4, 0);
1391 ssl_hand_tree = proto_item_add_subtree(ti, ett_ssl_handshake);
1395 /* set the text label on the subtree node */
1396 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s",
1397 (msg_type_str != NULL) ? msg_type_str :
1398 "Encrypted Handshake Message");
1402 /* if we don't have a valid handshake type, just quit dissecting */
1406 /* PAOLO: if we are doing ssl decryption we must dissect some requests type */
1407 if (ssl_hand_tree || ssl)
1409 /* add nodes for the message type and message length */
1411 proto_tree_add_item(ssl_hand_tree, hf_ssl_handshake_type,
1412 tvb, offset, 1, msg_type);
1415 proto_tree_add_uint(ssl_hand_tree, hf_ssl_handshake_length,
1416 tvb, offset, 3, length);
1419 /* now dissect the handshake message, if necessary */
1421 case SSL_HND_HELLO_REQUEST:
1422 /* hello_request has no fields, so nothing to do! */
1425 case SSL_HND_CLIENT_HELLO:
1426 dissect_ssl3_hnd_cli_hello(tvb, ssl_hand_tree, offset, length, ssl);
1429 case SSL_HND_SERVER_HELLO:
1430 dissect_ssl3_hnd_srv_hello(tvb, ssl_hand_tree, offset, length, ssl);
1433 case SSL_HND_CERTIFICATE:
1434 dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset, pinfo);
1437 case SSL_HND_SERVER_KEY_EXCHG:
1441 case SSL_HND_CERT_REQUEST:
1442 dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset);
1445 case SSL_HND_SVR_HELLO_DONE:
1446 /* server_hello_done has no fields, so nothing to do! */
1449 case SSL_HND_CERT_VERIFY:
1453 case SSL_HND_CLIENT_KEY_EXCHG:
1455 /* PAOLO: here we can have all the data to build session key*/
1456 StringInfo encrypted_pre_master;
1458 guint encrlen, skip;
1465 /* check for required session data */
1466 ssl_debug_printf("dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state 0x%X\n",
1468 if ((ssl->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) !=
1469 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) {
1470 ssl_debug_printf("dissect_ssl3_handshake not enough data to generate key (required 0x%02X)\n",
1471 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION));
1475 /* get encrypted data, on tls1 we have to skip two bytes
1476 * (it's the encrypted len and should be equal to record len - 2)
1478 if (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1)
1480 encrlen = tvb_get_ntohs(tvb, offset);
1482 if (encrlen > length - 2)
1484 ssl_debug_printf("dissect_ssl3_handshake wrong encrypted length (%d max %d)\n",
1489 encrypted_pre_master.data = se_alloc(encrlen);
1490 encrypted_pre_master.data_len = encrlen;
1491 tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
1493 if (!ssl->private_key) {
1494 ssl_debug_printf("dissect_ssl3_handshake can't find private key\n");
1498 /* go with ssl key processessing; encrypted_pre_master
1499 * will be used for master secret store*/
1500 ret = ssl_decrypt_pre_master_secret(ssl, &encrypted_pre_master, ssl->private_key);
1502 ssl_debug_printf("dissect_ssl3_handshake can't decrypt pre master secret\n");
1505 if (ssl_generate_keyring_material(ssl)<0) {
1506 ssl_debug_printf("dissect_ssl3_handshake can't generate keyring material\n");
1509 ssl->state |= SSL_HAVE_SESSION_KEY;
1510 ssl_save_session(ssl, ssl_session_hash);
1511 ssl_debug_printf("dissect_ssl3_handshake session keys succesfully generated\n");
1515 case SSL_HND_FINISHED:
1516 dissect_ssl3_hnd_finished(tvb, ssl_hand_tree,
1517 offset, conv_version);
1523 offset += 4; /* skip the handshake header when handshake is not processed*/
1526 first_iteration = FALSE; /* set up for next pass, if any */
1531 dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
1532 guint32 offset, SslDecryptSession* ssl, gint from_server)
1534 /* show the client's random challenge */
1535 nstime_t gmt_unix_time;
1536 guint8 session_id_length;
1538 proto_tree *ssl_rnd_tree;
1540 session_id_length = 0;
1544 /* PAOLO: get proper peer information*/
1547 rnd = &ssl->server_random;
1549 rnd = &ssl->client_random;
1551 /* get provided random for keyring generation*/
1552 tvb_memcpy(tvb, rnd->data, offset, 32);
1555 ssl->state |= SSL_SERVER_RANDOM;
1557 ssl->state |= SSL_CLIENT_RANDOM;
1558 ssl_debug_printf("dissect_ssl3_hnd_hello_common found %s RANDOM -> state 0x%02X\n",
1559 (from_server)?"SERVER":"CLIENT", ssl->state);
1561 session_id_length = tvb_get_guint8(tvb, offset + 32);
1562 /* check stored session id info */
1563 if (from_server && (session_id_length == ssl->session_id.data_len) &&
1564 (tvb_memeql(tvb, offset+33, ssl->session_id.data, session_id_length) == 0))
1566 /* clinet/server id match: try to restore a previous cached session*/
1567 ssl_restore_session(ssl, ssl_session_hash);
1570 tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length);
1571 ssl->session_id.data_len = session_id_length;
1577 ti_rnd = proto_tree_add_text(tree, tvb, offset, 32, "Random");
1578 ssl_rnd_tree = proto_item_add_subtree(ti_rnd, ett_ssl_random);
1581 gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
1582 gmt_unix_time.nsecs = 0;
1583 proto_tree_add_time(ssl_rnd_tree, hf_ssl_handshake_random_time,
1584 tvb, offset, 4, &gmt_unix_time);
1587 /* show the random bytes */
1588 proto_tree_add_item(ssl_rnd_tree, hf_ssl_handshake_random_bytes,
1589 tvb, offset, 28, FALSE);
1592 /* show the session id */
1593 session_id_length = tvb_get_guint8(tvb, offset);
1594 proto_tree_add_item(tree, hf_ssl_handshake_session_id_len,
1595 tvb, offset++, 1, 0);
1596 if (session_id_length > 0)
1598 tvb_ensure_bytes_exist(tvb, offset, session_id_length);
1599 proto_tree_add_bytes(tree, hf_ssl_handshake_session_id,
1600 tvb, offset, session_id_length,
1601 tvb_get_ptr(tvb, offset, session_id_length));
1602 offset += session_id_length;
1608 return session_id_length+33;
1612 dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
1613 proto_tree *tree, guint32 offset, guint32 left)
1615 guint16 extension_length;
1619 proto_tree *ext_tree;
1624 extension_length = tvb_get_ntohs(tvb, offset);
1625 proto_tree_add_uint(tree, hf_ssl_handshake_extensions_len,
1626 tvb, offset, 2, extension_length);
1632 ext_type = tvb_get_ntohs(tvb, offset);
1633 ext_len = tvb_get_ntohs(tvb, offset + 2);
1635 pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len,
1637 val_to_str(ext_type,
1638 tls_hello_extension_types,
1640 ext_tree = proto_item_add_subtree(pi, ett_ssl_extension);
1644 proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_type,
1645 tvb, offset, 2, ext_type);
1648 proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_len,
1649 tvb, offset, 2, ext_len);
1652 proto_tree_add_bytes_format(ext_tree, hf_ssl_handshake_extension_data,
1653 tvb, offset, ext_len,
1654 tvb_get_ptr(tvb, offset, ext_len),
1656 ext_len, plurality(ext_len, "", "s"));
1658 left -= 2 + 2 + ext_len;
1665 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
1666 proto_tree *tree, guint32 offset, guint32 length,
1667 SslDecryptSession*ssl)
1670 * ProtocolVersion client_version;
1672 * SessionID session_id;
1673 * CipherSuite cipher_suites<2..2^16-1>;
1674 * CompressionMethod compression_methods<1..2^8-1>;
1675 * Extension client_hello_extension_list<0..2^16-1>;
1680 proto_tree *cs_tree;
1681 guint16 cipher_suite_length;
1682 guint8 compression_methods_length;
1683 guint8 compression_method;
1684 guint16 start_offset;
1685 cipher_suite_length = 0;
1686 compression_methods_length = 0;
1687 start_offset = offset;
1691 /* show the client version */
1693 proto_tree_add_item(tree, hf_ssl_handshake_client_version, tvb,
1697 /* show the fields in common with server hello */
1698 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 0);
1700 /* tell the user how many cipher suites there are */
1701 cipher_suite_length = tvb_get_ntohs(tvb, offset);
1704 proto_tree_add_uint(tree, hf_ssl_handshake_cipher_suites_len,
1705 tvb, offset, 2, cipher_suite_length);
1706 offset += 2; /* skip opaque length */
1708 if (cipher_suite_length > 0)
1710 tvb_ensure_bytes_exist(tvb, offset, cipher_suite_length);
1711 ti = proto_tree_add_none_format(tree,
1712 hf_ssl_handshake_cipher_suites,
1713 tvb, offset, cipher_suite_length,
1714 "Cipher Suites (%u suite%s)",
1715 cipher_suite_length / 2,
1716 plurality(cipher_suite_length/2, "", "s"));
1718 /* make this a subtree */
1719 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1722 cs_tree = tree; /* failsafe */
1725 while (cipher_suite_length > 0)
1727 proto_tree_add_item(cs_tree, hf_ssl_handshake_cipher_suite,
1728 tvb, offset, 2, FALSE);
1730 cipher_suite_length -= 2;
1734 /* tell the user how man compression methods there are */
1735 compression_methods_length = tvb_get_guint8(tvb, offset);
1736 proto_tree_add_uint(tree, hf_ssl_handshake_comp_methods_len,
1737 tvb, offset, 1, compression_methods_length);
1740 if (compression_methods_length > 0)
1742 tvb_ensure_bytes_exist(tvb, offset, compression_methods_length);
1743 ti = proto_tree_add_none_format(tree,
1744 hf_ssl_handshake_comp_methods,
1745 tvb, offset, compression_methods_length,
1746 "Compression Methods (%u method%s)",
1747 compression_methods_length,
1748 plurality(compression_methods_length,
1751 /* make this a subtree */
1752 cs_tree = proto_item_add_subtree(ti, ett_ssl_comp_methods);
1755 cs_tree = tree; /* failsafe */
1758 while (compression_methods_length > 0)
1760 compression_method = tvb_get_guint8(tvb, offset);
1761 if (compression_method < 64)
1762 proto_tree_add_uint(cs_tree, hf_ssl_handshake_comp_method,
1763 tvb, offset, 1, compression_method);
1764 else if (compression_method > 63 && compression_method < 193)
1765 proto_tree_add_text(cs_tree, tvb, offset, 1,
1766 "Compression Method: Reserved - to be assigned by IANA (%u)",
1767 compression_method);
1769 proto_tree_add_text(cs_tree, tvb, offset, 1,
1770 "Compression Method: Private use range (%u)",
1771 compression_method);
1773 compression_methods_length--;
1777 if (length > offset - start_offset)
1779 offset = dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
1781 (offset - start_offset));
1787 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
1788 proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl)
1791 * ProtocolVersion server_version;
1793 * SessionID session_id;
1794 * CipherSuite cipher_suite;
1795 * CompressionMethod compression_method;
1796 * Extension server_hello_extension_list<0..2^16-1>;
1799 guint16 start_offset;
1800 start_offset = offset;
1804 /* show the server version */
1806 proto_tree_add_item(tree, hf_ssl_handshake_server_version, tvb,
1810 /* first display the elements conveniently in
1811 * common with client hello
1813 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 1);
1815 /* PAOLO: handle session cipher suite */
1817 /* store selected cipher suite for decryption */
1818 ssl->cipher = tvb_get_ntohs(tvb, offset);
1819 if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
1820 ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite 0x%X\n", ssl->cipher);
1824 ssl->state |= SSL_CIPHER;
1825 ssl_debug_printf("dissect_ssl3_hnd_srv_hello found CIPHER 0x%04X -> state 0x%02X\n",
1826 ssl->cipher, ssl->state);
1828 /* if we have restored a session now we can have enought material
1829 * to build session key, check it out*/
1831 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) !=
1832 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) {
1833 ssl_debug_printf("dissect_ssl3_hnd_srv_hello not enough data to generate key (required 0x%02X)\n",
1834 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET));
1838 ssl_debug_printf("dissect_ssl3_hnd_srv_hello trying to generate keys\n");
1839 if (ssl_generate_keyring_material(ssl)<0) {
1840 ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't generate keyring material\n");
1843 ssl->state |= SSL_HAVE_SESSION_KEY;
1849 /* now the server-selected cipher suite */
1850 proto_tree_add_item(tree, hf_ssl_handshake_cipher_suite,
1851 tvb, offset, 2, FALSE);
1854 /* and the server-selected compression method */
1855 proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
1856 tvb, offset, 1, FALSE);
1859 if (length > offset - start_offset)
1861 offset = dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
1863 (offset - start_offset));
1869 dissect_ssl3_hnd_cert(tvbuff_t *tvb,
1870 proto_tree *tree, guint32 offset, packet_info *pinfo)
1873 /* opaque ASN.1Cert<2^24-1>;
1876 * ASN.1Cert certificate_list<1..2^24-1>;
1879 guint32 certificate_list_length;
1881 proto_tree *subtree;
1885 certificate_list_length = tvb_get_ntoh24(tvb, offset);
1886 proto_tree_add_uint(tree, hf_ssl_handshake_certificates_len,
1887 tvb, offset, 3, certificate_list_length);
1888 offset += 3; /* 24-bit length value */
1890 if (certificate_list_length > 0)
1892 tvb_ensure_bytes_exist(tvb, offset, certificate_list_length);
1893 ti = proto_tree_add_none_format(tree,
1894 hf_ssl_handshake_certificates,
1895 tvb, offset, certificate_list_length,
1896 "Certificates (%u byte%s)",
1897 certificate_list_length,
1898 plurality(certificate_list_length,
1901 /* make it a subtree */
1902 subtree = proto_item_add_subtree(ti, ett_ssl_certs);
1905 subtree = tree; /* failsafe */
1908 /* iterate through each certificate */
1909 while (certificate_list_length > 0)
1911 /* get the length of the current certificate */
1912 guint32 cert_length;
1913 cert_length = tvb_get_ntoh24(tvb, offset);
1914 certificate_list_length -= 3 + cert_length;
1916 proto_tree_add_item(subtree, hf_ssl_handshake_certificate_len,
1917 tvb, offset, 3, FALSE);
1920 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, subtree, hf_ssl_handshake_certificate);
1921 offset += cert_length;
1929 dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
1930 proto_tree *tree, guint32 offset)
1934 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
1936 * } ClientCertificateType;
1938 * opaque DistinguishedName<1..2^16-1>;
1941 * ClientCertificateType certificate_types<1..2^8-1>;
1942 * DistinguishedName certificate_authorities<3..2^16-1>;
1943 * } CertificateRequest;
1947 proto_tree *subtree;
1948 guint8 cert_types_count;
1950 cert_types_count = 0;
1955 cert_types_count = tvb_get_guint8(tvb, offset);
1956 proto_tree_add_uint(tree, hf_ssl_handshake_cert_types_count,
1957 tvb, offset, 1, cert_types_count);
1960 if (cert_types_count > 0)
1962 ti = proto_tree_add_none_format(tree,
1963 hf_ssl_handshake_cert_types,
1964 tvb, offset, cert_types_count,
1965 "Certificate types (%u type%s)",
1967 plurality(cert_types_count, "", "s"));
1968 subtree = proto_item_add_subtree(ti, ett_ssl_cert_types);
1974 while (cert_types_count > 0)
1976 proto_tree_add_item(subtree, hf_ssl_handshake_cert_type,
1977 tvb, offset, 1, FALSE);
1983 dnames_length = tvb_get_ntohs(tvb, offset);
1984 proto_tree_add_uint(tree, hf_ssl_handshake_dnames_len,
1985 tvb, offset, 2, dnames_length);
1988 if (dnames_length > 0)
1990 tvb_ensure_bytes_exist(tvb, offset, dnames_length);
1991 ti = proto_tree_add_none_format(tree,
1992 hf_ssl_handshake_dnames,
1993 tvb, offset, dnames_length,
1994 "Distinguished Names (%d byte%s)",
1996 plurality(dnames_length, "", "s"));
1997 subtree = proto_item_add_subtree(ti, ett_ssl_dnames);
2003 while (dnames_length > 0)
2005 /* get the length of the current certificate */
2006 guint16 name_length;
2007 name_length = tvb_get_ntohs(tvb, offset);
2008 dnames_length -= 2 + name_length;
2010 proto_tree_add_item(subtree, hf_ssl_handshake_dname_len,
2011 tvb, offset, 2, FALSE);
2014 tvb_ensure_bytes_exist(tvb, offset, name_length);
2015 proto_tree_add_bytes_format(subtree,
2016 hf_ssl_handshake_dname,
2017 tvb, offset, name_length,
2018 tvb_get_ptr(tvb, offset, name_length),
2019 "Distinguished Name (%u byte%s)",
2021 plurality(name_length, "", "s"));
2022 offset += name_length;
2030 dissect_ssl3_hnd_finished(tvbuff_t *tvb,
2031 proto_tree *tree, guint32 offset,
2032 guint* conv_version)
2036 * opaque verify_data[12];
2041 * opaque md5_hash[16];
2042 * opaque sha_hash[20];
2046 /* this all needs a tree, so bail if we don't have one */
2052 switch(*conv_version) {
2054 case SSL_VER_TLSv1DOT1:
2055 proto_tree_add_item(tree, hf_ssl_handshake_finished,
2056 tvb, offset, 12, FALSE);
2060 proto_tree_add_item(tree, hf_ssl_handshake_md5_hash,
2061 tvb, offset, 16, FALSE);
2063 proto_tree_add_item(tree, hf_ssl_handshake_sha_hash,
2064 tvb, offset, 20, FALSE);
2070 /*********************************************************************
2072 * SSL version 2 Dissectors
2074 *********************************************************************/
2077 /* record layer dissector */
2079 dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
2080 guint32 offset, guint* conv_version,
2081 gboolean *need_desegmentation,
2082 SslDecryptSession* ssl)
2084 guint32 initial_offset;
2086 guint8 record_length_length;
2087 guint32 record_length;
2089 gint16 padding_length;
2091 const gchar *msg_type_str;
2092 guint32 available_bytes;
2094 proto_tree *ssl_record_tree;
2096 initial_offset = offset;
2098 record_length_length = 0;
2101 padding_length = -1;
2103 msg_type_str = NULL;
2104 available_bytes = 0;
2105 ssl_record_tree = NULL;
2107 /* pull first byte; if high bit is set, then record
2108 * length is three bytes due to padding; otherwise
2109 * record length is two bytes
2111 byte = tvb_get_guint8(tvb, offset);
2112 record_length_length = (byte & 0x80) ? 2 : 3;
2115 * Can we do reassembly?
2117 available_bytes = tvb_length_remaining(tvb, offset);
2119 if (ssl_desegment && pinfo->can_desegment) {
2121 * Yes - is the record header split across segment boundaries?
2123 if (available_bytes < record_length_length) {
2125 * Yes. Tell the TCP dissector where the data for this
2126 * message starts in the data it handed us, and how many
2127 * more bytes we need, and return.
2129 pinfo->desegment_offset = offset;
2130 pinfo->desegment_len = record_length_length - available_bytes;
2131 *need_desegmentation = TRUE;
2136 /* parse out the record length */
2137 switch(record_length_length) {
2138 case 2: /* two-byte record length */
2139 record_length = (byte & 0x7f) << 8;
2140 byte = tvb_get_guint8(tvb, offset + 1);
2141 record_length += byte;
2143 case 3: /* three-byte record length */
2144 is_escape = (byte & 0x40) ? TRUE : FALSE;
2145 record_length = (byte & 0x3f) << 8;
2146 byte = tvb_get_guint8(tvb, offset + 1);
2147 record_length += byte;
2148 byte = tvb_get_guint8(tvb, offset + 2);
2149 padding_length = byte;
2153 * Can we do reassembly?
2155 if (ssl_desegment && pinfo->can_desegment) {
2157 * Yes - is the record split across segment boundaries?
2159 if (available_bytes < (record_length_length + record_length)) {
2161 * Yes. Tell the TCP dissector where the data for this
2162 * message starts in the data it handed us, and how many
2163 * more bytes we need, and return.
2165 pinfo->desegment_offset = offset;
2166 pinfo->desegment_len = (record_length_length + record_length)
2168 *need_desegmentation = TRUE;
2172 offset += record_length_length;
2174 /* add the record layer subtree header */
2175 ti = proto_tree_add_item(tree, hf_ssl2_record, tvb, initial_offset,
2176 record_length_length + record_length, 0);
2177 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
2179 /* pull the msg_type so we can bail if it's unknown */
2180 msg_type = tvb_get_guint8(tvb, initial_offset + record_length_length);
2182 /* if we get a server_hello or later handshake in v2, then set
2185 if (*conv_version == SSL_VER_UNKNOWN)
2187 if (ssl_looks_like_valid_pct_handshake(tvb,
2189 record_length_length),
2191 *conv_version = SSL_VER_PCT;
2192 /*ssl_set_conv_version(pinfo, ssl->version);*/
2194 else if (msg_type >= 2 && msg_type <= 8)
2196 *conv_version = SSL_VER_SSLv2;
2197 /*ssl_set_conv_version(pinfo, ssl->version);*/
2201 /* if we get here, but don't have a version set for the
2202 * conversation, then set a version for just this frame
2203 * (e.g., on a client hello)
2205 if (check_col(pinfo->cinfo, COL_PROTOCOL))
2207 col_set_str(pinfo->cinfo, COL_PROTOCOL,
2208 (*conv_version == SSL_VER_PCT) ? "PCT" : "SSLv2");
2211 /* see if the msg_type is valid; if not the payload is
2212 * probably encrypted, so note that fact and bail
2214 msg_type_str = match_strval(msg_type,
2215 (*conv_version == SSL_VER_PCT)
2216 ? pct_msg_types : ssl_20_msg_types);
2218 || ((*conv_version != SSL_VER_PCT) &&
2219 !ssl_looks_like_valid_v2_handshake(tvb, initial_offset
2220 + record_length_length,
2222 || ((*conv_version == SSL_VER_PCT) &&
2223 !ssl_looks_like_valid_pct_handshake(tvb, initial_offset
2224 + record_length_length,
2227 if (ssl_record_tree)
2229 proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
2230 (*conv_version == SSL_VER_PCT)
2234 if (check_col(pinfo->cinfo, COL_INFO))
2235 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Data");
2236 return initial_offset + record_length_length + record_length;
2240 if (check_col(pinfo->cinfo, COL_INFO))
2241 col_append_str(pinfo->cinfo, COL_INFO, msg_type_str);
2243 if (ssl_record_tree)
2245 proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
2246 (*conv_version == SSL_VER_PCT)
2252 /* We have a valid message type, so move foward, filling in the
2253 * tree by adding the length, is_escape boolean and padding_length,
2254 * if present in the original packet
2256 if (ssl_record_tree)
2258 /* add the record length */
2259 tvb_ensure_bytes_exist(tvb, offset, record_length_length);
2260 ti = proto_tree_add_uint (ssl_record_tree,
2261 hf_ssl_record_length, tvb,
2262 initial_offset, record_length_length,
2265 if (ssl_record_tree && is_escape != -1)
2267 proto_tree_add_boolean(ssl_record_tree,
2268 hf_ssl2_record_is_escape, tvb,
2269 initial_offset, 1, is_escape);
2271 if (ssl_record_tree && padding_length != -1)
2273 proto_tree_add_uint(ssl_record_tree,
2274 hf_ssl2_record_padding_length, tvb,
2275 initial_offset + 2, 1, padding_length);
2279 * dissect the record data
2282 /* jump forward to the start of the record data */
2283 offset = initial_offset + record_length_length;
2285 /* add the message type */
2286 if (ssl_record_tree)
2288 proto_tree_add_item(ssl_record_tree,
2289 (*conv_version == SSL_VER_PCT)
2290 ? hf_pct_msg_type : hf_ssl2_msg_type,
2293 offset++; /* move past msg_type byte */
2295 if (*conv_version != SSL_VER_PCT)
2297 /* dissect the message (only handle client hello right now) */
2299 case SSL2_HND_CLIENT_HELLO:
2300 dissect_ssl2_hnd_client_hello(tvb, ssl_record_tree, offset, ssl);
2303 case SSL2_HND_CLIENT_MASTER_KEY:
2304 dissect_ssl2_hnd_client_master_key(tvb, ssl_record_tree, offset);
2307 case SSL2_HND_SERVER_HELLO:
2308 dissect_ssl2_hnd_server_hello(tvb, ssl_record_tree, offset, pinfo);
2311 case SSL2_HND_ERROR:
2312 case SSL2_HND_CLIENT_FINISHED:
2313 case SSL2_HND_SERVER_VERIFY:
2314 case SSL2_HND_SERVER_FINISHED:
2315 case SSL2_HND_REQUEST_CERTIFICATE:
2316 case SSL2_HND_CLIENT_CERTIFICATE:
2320 default: /* unknown */
2326 /* dissect the message */
2328 case PCT_MSG_CLIENT_HELLO:
2329 dissect_pct_msg_client_hello(tvb, ssl_record_tree, offset);
2331 case PCT_MSG_SERVER_HELLO:
2332 dissect_pct_msg_server_hello(tvb, ssl_record_tree, offset, pinfo);
2334 case PCT_MSG_CLIENT_MASTER_KEY:
2335 dissect_pct_msg_client_master_key(tvb, ssl_record_tree, offset);
2337 case PCT_MSG_SERVER_VERIFY:
2338 dissect_pct_msg_server_verify(tvb, ssl_record_tree, offset);
2341 dissect_pct_msg_error(tvb, ssl_record_tree, offset);
2344 default: /* unknown */
2348 return (initial_offset + record_length_length + record_length);
2352 dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
2353 proto_tree *tree, guint32 offset,
2354 SslDecryptSession* ssl)
2359 * uint16 cipher_spec_length;
2360 * uint16 session_id_length;
2361 * uint16 challenge_length;
2362 * V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length];
2363 * opaque session_id[V2ClientHello.session_id_length];
2367 * Note: when we get here, offset's already pointing at Version
2371 guint16 cipher_spec_length;
2372 guint16 session_id_length;
2373 guint16 challenge_length;
2376 proto_tree *cs_tree;
2379 version = tvb_get_ntohs(tvb, offset);
2380 if (!ssl_is_valid_ssl_version(version))
2382 /* invalid version; probably encrypted data */
2388 /* show the version */
2390 proto_tree_add_item(tree, hf_ssl_record_version, tvb,
2394 cipher_spec_length = tvb_get_ntohs(tvb, offset);
2396 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec_len,
2397 tvb, offset, 2, FALSE);
2400 session_id_length = tvb_get_ntohs(tvb, offset);
2402 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_len,
2403 tvb, offset, 2, FALSE);
2406 challenge_length = tvb_get_ntohs(tvb, offset);
2408 proto_tree_add_item(tree, hf_ssl2_handshake_challenge_len,
2409 tvb, offset, 2, FALSE);
2414 /* tell the user how many cipher specs they've won */
2415 tvb_ensure_bytes_exist(tvb, offset, cipher_spec_length);
2416 ti = proto_tree_add_none_format(tree, hf_ssl_handshake_cipher_suites,
2417 tvb, offset, cipher_spec_length,
2418 "Cipher Specs (%u specs)",
2419 cipher_spec_length/3);
2421 /* make this a subtree and expand the actual specs below */
2422 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2425 cs_tree = tree; /* failsafe */
2429 /* iterate through the cipher specs, showing them */
2430 while (cipher_spec_length > 0)
2433 proto_tree_add_item(cs_tree, hf_ssl2_handshake_cipher_spec,
2434 tvb, offset, 3, FALSE);
2435 offset += 3; /* length of one cipher spec */
2436 cipher_spec_length -= 3;
2439 /* if there's a session id, show it */
2440 if (session_id_length > 0)
2444 tvb_ensure_bytes_exist(tvb, offset, session_id_length);
2445 proto_tree_add_bytes_format(tree,
2446 hf_ssl_handshake_session_id,
2447 tvb, offset, session_id_length,
2448 tvb_get_ptr(tvb, offset, session_id_length),
2449 "Session ID (%u byte%s)",
2451 plurality(session_id_length, "", "s"));
2454 /* PAOLO: get session id and reset session state for key [re]negotiation */
2457 tvb_memcpy(tvb,ssl->session_id.data, offset, session_id_length);
2458 ssl->session_id.data_len = session_id_length;
2459 ssl->state &= ~(SSL_HAVE_SESSION_KEY|SSL_MASTER_SECRET|
2460 SSL_CIPHER|SSL_SERVER_RANDOM);
2462 offset += session_id_length;
2465 /* if there's a challenge, show it */
2466 if (challenge_length > 0)
2468 tvb_ensure_bytes_exist(tvb, offset, challenge_length);
2471 proto_tree_add_item(tree, hf_ssl2_handshake_challenge,
2472 tvb, offset, challenge_length, 0);
2475 /* PAOLO: get client random data; we get at most 32 bytes from
2478 max = challenge_length > 32? 32: challenge_length;
2480 ssl_debug_printf("client random len: %d padded to 32\n",
2483 /* client random is padded with zero and 'right' aligned */
2484 memset(ssl->client_random.data, 0, 32 - max);
2485 tvb_memcpy(tvb, &ssl->client_random.data[32 - max], offset, max);
2486 ssl->client_random.data_len = 32;
2487 ssl->state |= SSL_CLIENT_RANDOM;
2490 offset += challenge_length;
2496 dissect_pct_msg_client_hello(tvbuff_t *tvb,
2497 proto_tree *tree, guint32 offset)
2499 guint16 CH_CLIENT_VERSION, CH_OFFSET, CH_CIPHER_SPECS_LENGTH, CH_HASH_SPECS_LENGTH, CH_CERT_SPECS_LENGTH, CH_EXCH_SPECS_LENGTH, CH_KEY_ARG_LENGTH;
2500 proto_item *CH_CIPHER_SPECS_ti, *CH_HASH_SPECS_ti, *CH_CERT_SPECS_ti, *CH_EXCH_SPECS_ti;
2501 proto_tree *CH_CIPHER_SPECS_tree, *CH_HASH_SPECS_tree, *CH_CERT_SPECS_tree, *CH_EXCH_SPECS_tree;
2504 CH_CLIENT_VERSION = tvb_get_ntohs(tvb, offset);
2505 if(CH_CLIENT_VERSION != PCT_VERSION_1)
2506 proto_tree_add_text(tree, tvb, offset, 2, "Client Version, should be %x in PCT version 1", PCT_VERSION_1);
2508 proto_tree_add_text(tree, tvb, offset, 2, "Client Version (%x)", PCT_VERSION_1);
2511 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2514 proto_tree_add_text(tree, tvb, offset, 32, "Client Session ID Data (32 bytes)");
2517 proto_tree_add_text(tree, tvb, offset, 32, "Challange Data(32 bytes)");
2520 CH_OFFSET = tvb_get_ntohs(tvb, offset);
2521 if(CH_OFFSET != PCT_CH_OFFSET_V1)
2522 proto_tree_add_text(tree, tvb, offset, 2, "CH_OFFSET: %d, should be %d in PCT version 1", CH_OFFSET, PCT_CH_OFFSET_V1);
2524 proto_tree_add_text(tree, tvb, offset, 2, "CH_OFFSET: %d", CH_OFFSET);
2527 CH_CIPHER_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2528 proto_tree_add_text(tree, tvb, offset, 2, "CIPHER_SPECS Length: %d", CH_CIPHER_SPECS_LENGTH);
2531 CH_HASH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2532 proto_tree_add_text(tree, tvb, offset, 2, "HASH_SPECS Length: %d", CH_HASH_SPECS_LENGTH);
2535 CH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2536 proto_tree_add_text(tree, tvb, offset, 2, "CERT_SPECS Length: %d", CH_CERT_SPECS_LENGTH);
2539 CH_EXCH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2540 proto_tree_add_text(tree, tvb, offset, 2, "EXCH_SPECS Length: %d", CH_EXCH_SPECS_LENGTH);
2543 CH_KEY_ARG_LENGTH = tvb_get_ntohs(tvb, offset);
2544 proto_tree_add_text(tree, tvb, offset, 2, "IV Length: %d", CH_KEY_ARG_LENGTH);
2547 if(CH_CIPHER_SPECS_LENGTH) {
2548 tvb_ensure_bytes_exist(tvb, offset, CH_CIPHER_SPECS_LENGTH);
2549 CH_CIPHER_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cipher_spec, tvb, offset, CH_CIPHER_SPECS_LENGTH, FALSE);
2550 CH_CIPHER_SPECS_tree = proto_item_add_subtree(CH_CIPHER_SPECS_ti, ett_pct_cipher_suites);
2552 for(i=0; i<(CH_CIPHER_SPECS_LENGTH/4); i++) {
2553 proto_tree_add_item(CH_CIPHER_SPECS_tree, hf_pct_handshake_cipher, tvb, offset, 2, FALSE);
2555 proto_tree_add_text(CH_CIPHER_SPECS_tree, tvb, offset, 1, "Encryption key length: %d", tvb_get_guint8(tvb, offset));
2557 proto_tree_add_text(CH_CIPHER_SPECS_tree, tvb, offset, 1, "MAC key length in bits: %d", tvb_get_guint8(tvb, offset) + 64);
2562 if(CH_HASH_SPECS_LENGTH) {
2563 tvb_ensure_bytes_exist(tvb, offset, CH_HASH_SPECS_LENGTH);
2564 CH_HASH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_hash_spec, tvb, offset, CH_HASH_SPECS_LENGTH, FALSE);
2565 CH_HASH_SPECS_tree = proto_item_add_subtree(CH_HASH_SPECS_ti, ett_pct_hash_suites);
2567 for(i=0; i<(CH_HASH_SPECS_LENGTH/2); i++) {
2568 proto_tree_add_item(CH_HASH_SPECS_tree, hf_pct_handshake_hash, tvb, offset, 2, FALSE);
2573 if(CH_CERT_SPECS_LENGTH) {
2574 tvb_ensure_bytes_exist(tvb, offset, CH_CERT_SPECS_LENGTH);
2575 CH_CERT_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cert_spec, tvb, offset, CH_CERT_SPECS_LENGTH, FALSE);
2576 CH_CERT_SPECS_tree = proto_item_add_subtree(CH_CERT_SPECS_ti, ett_pct_cert_suites);
2578 for(i=0; i< (CH_CERT_SPECS_LENGTH/2); i++) {
2579 proto_tree_add_item(CH_CERT_SPECS_tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
2584 if(CH_EXCH_SPECS_LENGTH) {
2585 tvb_ensure_bytes_exist(tvb, offset, CH_EXCH_SPECS_LENGTH);
2586 CH_EXCH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_exch_spec, tvb, offset, CH_EXCH_SPECS_LENGTH, FALSE);
2587 CH_EXCH_SPECS_tree = proto_item_add_subtree(CH_EXCH_SPECS_ti, ett_pct_exch_suites);
2589 for(i=0; i<(CH_EXCH_SPECS_LENGTH/2); i++) {
2590 proto_tree_add_item(CH_EXCH_SPECS_tree, hf_pct_handshake_exch, tvb, offset, 2, FALSE);
2595 if(CH_KEY_ARG_LENGTH) {
2596 tvb_ensure_bytes_exist(tvb, offset, CH_KEY_ARG_LENGTH);
2597 proto_tree_add_text(tree, tvb, offset, CH_KEY_ARG_LENGTH, "IV data (%d bytes)", CH_KEY_ARG_LENGTH);
2598 offset += CH_KEY_ARG_LENGTH;
2603 dissect_pct_msg_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo)
2606 char SH_MSG_SERVER_HELLO
2608 char SH_SERVER_VERSION_MSB
2609 char SH_SERVER_VERSION_LSB
2610 char SH_RESTART_SESSION_OK
2611 char SH_CLIENT_AUTH_REQ
2612 char SH_CIPHER_SPECS_DATA[4]
2613 char SH_HASH_SPECS_DATA[2]
2614 char SH_CERT_SPECS_DATA[2]
2615 char SH_EXCH_SPECS_DATA[2]
2616 char SH_CONNECTION_ID_DATA[32]
2617 char SH_CERTIFICATE_LENGTH_MSB
2618 char SH_CERTIFICATE_LENGTH_LSB
2619 char SH_CLIENT_CERT_SPECS_LENGTH_MSB
2620 char SH_CLIENT_CERT_SPECS_LENGTH_LSB
2621 char SH_CLIENT_SIG_SPECS_LENGTH_MSB
2622 char SH_CLIENT_SIG_SPECS_LENGTH_LSB
2623 char SH_RESPONSE_LENGTH_MSB
2624 char SH_RESPONSE_LENGTH_LSB
2625 char SH_CERTIFICATE_DATA[MSB<<8|LSB]
2626 char SH_CLIENT_CERT_SPECS_DATA[MSB<<8|LSB]
2627 char SH_CLIENT_SIG_SPECS_DATA[MSB<<8|LSB]
2628 char SH_RESPONSE_DATA[MSB<<8|LSB]
2632 guint16 SH_SERVER_VERSION, SH_CERT_LENGTH, SH_CERT_SPECS_LENGTH, SH_CLIENT_SIG_LENGTH, SH_RESPONSE_LENGTH;
2634 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2637 SH_SERVER_VERSION = tvb_get_ntohs(tvb, offset);
2638 if(SH_SERVER_VERSION != PCT_VERSION_1)
2639 proto_tree_add_text(tree, tvb, offset, 2, "Server Version, should be %x in PCT version 1", PCT_VERSION_1);
2641 proto_tree_add_text(tree, tvb, offset, 2, "Server Version (%x)", PCT_VERSION_1);
2644 proto_tree_add_text(tree, tvb, offset, 1, "SH_RESTART_SESSION_OK flag");
2647 proto_tree_add_text(tree, tvb, offset, 1, "SH_CLIENT_AUTH_REQ flag");
2650 proto_tree_add_item(tree, hf_pct_handshake_cipher, tvb, offset, 2, FALSE);
2652 proto_tree_add_text(tree, tvb, offset, 1, "Encryption key length: %d", tvb_get_guint8(tvb, offset));
2654 proto_tree_add_text(tree, tvb, offset, 1, "MAC key length in bits: %d", tvb_get_guint8(tvb, offset) + 64);
2657 proto_tree_add_item(tree, hf_pct_handshake_hash, tvb, offset, 2, FALSE);
2660 proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
2663 proto_tree_add_item(tree, hf_pct_handshake_exch, tvb, offset, 2, FALSE);
2666 proto_tree_add_text(tree, tvb, offset, 32, "Connection ID Data (32 bytes)");
2669 SH_CERT_LENGTH = tvb_get_ntohs(tvb, offset);
2670 proto_tree_add_text(tree, tvb, offset, 2, "Server Certificate Length: %d", SH_CERT_LENGTH);
2673 SH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2674 proto_tree_add_text(tree, tvb, offset, 2, "Client CERT_SPECS Length: %d", SH_CERT_SPECS_LENGTH);
2677 SH_CLIENT_SIG_LENGTH = tvb_get_ntohs(tvb, offset);
2678 proto_tree_add_text(tree, tvb, offset, 2, "Client SIG_SPECS Length: %d", SH_CLIENT_SIG_LENGTH);
2681 SH_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
2682 proto_tree_add_text(tree, tvb, offset, 2, "Response Length: %d", SH_RESPONSE_LENGTH);
2685 if(SH_CERT_LENGTH) {
2686 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_pct_handshake_server_cert);
2687 offset += SH_CERT_LENGTH;
2690 if(SH_CERT_SPECS_LENGTH) {
2691 tvb_ensure_bytes_exist(tvb, offset, SH_CERT_SPECS_LENGTH);
2692 proto_tree_add_text(tree, tvb, offset, SH_CERT_SPECS_LENGTH, "Client CERT_SPECS (%d bytes)", SH_CERT_SPECS_LENGTH);
2693 offset += SH_CERT_SPECS_LENGTH;
2696 if(SH_CLIENT_SIG_LENGTH) {
2697 tvb_ensure_bytes_exist(tvb, offset, SH_CLIENT_SIG_LENGTH);
2698 proto_tree_add_text(tree, tvb, offset, SH_CLIENT_SIG_LENGTH, "Client Signature (%d bytes)", SH_CLIENT_SIG_LENGTH);
2699 offset += SH_CLIENT_SIG_LENGTH;
2702 if(SH_RESPONSE_LENGTH) {
2703 tvb_ensure_bytes_exist(tvb, offset, SH_RESPONSE_LENGTH);
2704 proto_tree_add_text(tree, tvb, offset, SH_RESPONSE_LENGTH, "Server Response (%d bytes)", SH_RESPONSE_LENGTH);
2705 offset += SH_RESPONSE_LENGTH;
2711 dissect_pct_msg_client_master_key(tvbuff_t *tvb, proto_tree *tree, guint32 offset)
2713 guint16 CMK_CLEAR_KEY_LENGTH, CMK_ENCRYPTED_KEY_LENGTH, CMK_KEY_ARG_LENGTH, CMK_VERIFY_PRELUDE, CMK_CLIENT_CERT_LENGTH, CMK_RESPONSE_LENGTH;
2715 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2718 proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
2721 proto_tree_add_item(tree, hf_pct_handshake_sig, tvb, offset, 2, FALSE);
2724 CMK_CLEAR_KEY_LENGTH = tvb_get_ntohs(tvb, offset);
2725 proto_tree_add_text(tree, tvb, offset, 2, "Clear Key Length: %d",CMK_CLEAR_KEY_LENGTH);
2728 CMK_ENCRYPTED_KEY_LENGTH = tvb_get_ntohs(tvb, offset);
2729 proto_tree_add_text(tree, tvb, offset, 2, "Encrypted Key Length: %d",CMK_ENCRYPTED_KEY_LENGTH);
2732 CMK_KEY_ARG_LENGTH= tvb_get_ntohs(tvb, offset);
2733 proto_tree_add_text(tree, tvb, offset, 2, "IV Length: %d",CMK_KEY_ARG_LENGTH);
2736 CMK_VERIFY_PRELUDE = tvb_get_ntohs(tvb, offset);
2737 proto_tree_add_text(tree, tvb, offset, 2, "Verify Prelude Length: %d",CMK_VERIFY_PRELUDE);
2740 CMK_CLIENT_CERT_LENGTH = tvb_get_ntohs(tvb, offset);
2741 proto_tree_add_text(tree, tvb, offset, 2, "Client Cert Length: %d",CMK_CLIENT_CERT_LENGTH);
2744 CMK_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
2745 proto_tree_add_text(tree, tvb, offset, 2, "Response Length: %d",CMK_RESPONSE_LENGTH);
2748 if(CMK_CLEAR_KEY_LENGTH) {
2749 tvb_ensure_bytes_exist(tvb, offset, CMK_CLEAR_KEY_LENGTH);
2750 proto_tree_add_text(tree, tvb, offset, CMK_CLEAR_KEY_LENGTH, "Clear Key data (%d bytes)", CMK_CLEAR_KEY_LENGTH);
2751 offset += CMK_CLEAR_KEY_LENGTH;
2753 if(CMK_ENCRYPTED_KEY_LENGTH) {
2754 tvb_ensure_bytes_exist(tvb, offset, CMK_ENCRYPTED_KEY_LENGTH);
2755 proto_tree_add_text(tree, tvb, offset, CMK_ENCRYPTED_KEY_LENGTH, "Encrypted Key data (%d bytes)", CMK_ENCRYPTED_KEY_LENGTH);
2756 offset += CMK_ENCRYPTED_KEY_LENGTH;
2758 if(CMK_KEY_ARG_LENGTH) {
2759 tvb_ensure_bytes_exist(tvb, offset, CMK_KEY_ARG_LENGTH);
2760 proto_tree_add_text(tree, tvb, offset, CMK_KEY_ARG_LENGTH, "IV data (%d bytes)", CMK_KEY_ARG_LENGTH);
2761 offset += CMK_KEY_ARG_LENGTH;
2763 if(CMK_VERIFY_PRELUDE) {
2764 tvb_ensure_bytes_exist(tvb, offset, CMK_VERIFY_PRELUDE);
2765 proto_tree_add_text(tree, tvb, offset, CMK_VERIFY_PRELUDE, "Verify Prelude data (%d bytes)", CMK_VERIFY_PRELUDE);
2766 offset += CMK_VERIFY_PRELUDE;
2768 if(CMK_CLIENT_CERT_LENGTH) {
2769 tvb_ensure_bytes_exist(tvb, offset, CMK_CLIENT_CERT_LENGTH);
2770 proto_tree_add_text(tree, tvb, offset, CMK_CLIENT_CERT_LENGTH, "Client Certificate data (%d bytes)", CMK_CLIENT_CERT_LENGTH);
2771 offset += CMK_CLIENT_CERT_LENGTH;
2773 if(CMK_RESPONSE_LENGTH) {
2774 tvb_ensure_bytes_exist(tvb, offset, CMK_RESPONSE_LENGTH);
2775 proto_tree_add_text(tree, tvb, offset, CMK_RESPONSE_LENGTH, "Response data (%d bytes)", CMK_RESPONSE_LENGTH);
2776 offset += CMK_RESPONSE_LENGTH;
2781 dissect_pct_msg_server_verify(tvbuff_t *tvb,
2782 proto_tree *tree, guint32 offset)
2784 guint16 SV_RESPONSE_LENGTH;
2786 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2789 proto_tree_add_text(tree, tvb, offset, 32, "Server Session ID data (32 bytes)");
2792 SV_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
2793 proto_tree_add_text(tree, tvb, offset, 2, "Server Response Length: %d", SV_RESPONSE_LENGTH);
2796 if(SV_RESPONSE_LENGTH) {
2797 tvb_ensure_bytes_exist(tvb, offset, SV_RESPONSE_LENGTH);
2798 proto_tree_add_text(tree, tvb, offset, SV_RESPONSE_LENGTH, "Server Response (%d bytes)", SV_RESPONSE_LENGTH);
2799 offset += SV_RESPONSE_LENGTH;
2804 dissect_pct_msg_error(tvbuff_t *tvb,
2805 proto_tree *tree, guint32 offset)
2807 guint16 ERROR_CODE, INFO_LEN;
2809 ERROR_CODE = tvb_get_ntohs(tvb, offset);
2810 proto_tree_add_item(tree, hf_pct_msg_error_type, tvb, offset, 2, FALSE);
2813 INFO_LEN = tvb_get_ntohs(tvb, offset);
2814 proto_tree_add_text(tree, tvb, offset, 2, "Eror Information Length: %d", INFO_LEN);
2816 if (ERROR_CODE == PCT_ERR_SPECS_MISMATCH && INFO_LEN == 6)
2818 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CIPHER");
2820 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_HASH");
2822 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CERT");
2824 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_EXCH");
2826 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CLIENT_CERT");
2828 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CLIENT_SIG");
2832 proto_tree_add_text(tree, tvb, offset, INFO_LEN, "Error Information dta (%d bytes)", INFO_LEN);
2838 dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
2839 proto_tree *tree, guint32 offset)
2843 * V2Cipherspec cipher;
2844 * uint16 clear_key_length;
2845 * uint16 encrypted_key_length;
2846 * uint16 key_arg_length;
2847 * opaque clear_key_data[V2ClientMasterKey.clear_key_length];
2848 * opaque encrypted_key_data[V2ClientMasterKey.encrypted_key_length];
2849 * opaque key_arg_data[V2ClientMasterKey.key_arg_length];
2850 * } V2ClientMasterKey;
2852 * Note: when we get here, offset's already pointing at cipher
2854 guint16 clear_key_length;
2855 guint16 encrypted_key_length;
2856 guint16 key_arg_length;
2858 /* at this point, everything we do involves the tree,
2859 * so quit now if we don't have one ;-)
2866 /* show the selected cipher */
2867 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec,
2868 tvb, offset, 3, FALSE);
2871 /* get the fixed fields */
2872 clear_key_length = tvb_get_ntohs(tvb, offset);
2873 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key_len,
2874 tvb, offset, 2, FALSE);
2877 encrypted_key_length = tvb_get_ntohs(tvb, offset);
2878 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key_len,
2879 tvb, offset, 2, FALSE);
2882 key_arg_length = tvb_get_ntohs(tvb, offset);
2883 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg_len,
2884 tvb, offset, 2, FALSE);
2887 /* show the variable length fields */
2888 if (clear_key_length > 0)
2890 tvb_ensure_bytes_exist(tvb, offset, clear_key_length);
2891 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key,
2892 tvb, offset, clear_key_length, FALSE);
2893 offset += clear_key_length;
2896 if (encrypted_key_length > 0)
2898 tvb_ensure_bytes_exist(tvb, offset, encrypted_key_length);
2899 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key,
2900 tvb, offset, encrypted_key_length, FALSE);
2901 offset += encrypted_key_length;
2904 if (key_arg_length > 0)
2906 tvb_ensure_bytes_exist(tvb, offset, key_arg_length);
2907 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg,
2908 tvb, offset, key_arg_length, FALSE);
2909 offset += key_arg_length;
2915 dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
2916 proto_tree *tree, guint32 offset, packet_info *pinfo)
2920 * uint8 session_id_hit;
2921 * uint8 certificate_type;
2922 * uint16 server_version;
2923 * uint16 certificate_length;
2924 * uint16 cipher_specs_length;
2925 * uint16 connection_id_length;
2926 * opaque certificate_data[V2ServerHello.certificate_length];
2927 * opaque cipher_specs_data[V2ServerHello.cipher_specs_length];
2928 * opaque connection_id_data[V2ServerHello.connection_id_length];
2931 * Note: when we get here, offset's already pointing at session_id_hit
2933 guint16 certificate_length;
2934 guint16 cipher_spec_length;
2935 guint16 connection_id_length;
2938 proto_tree *subtree;
2940 /* everything we do only makes sense with a tree, so
2941 * quit now if we don't have one
2948 version = tvb_get_ntohs(tvb, offset + 2);
2949 if (!ssl_is_valid_ssl_version(version))
2951 /* invalid version; probably encrypted data */
2956 /* is there a hit? */
2957 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_hit,
2958 tvb, offset, 1, FALSE);
2961 /* what type of certificate is this? */
2962 proto_tree_add_item(tree, hf_ssl2_handshake_cert_type,
2963 tvb, offset, 1, FALSE);
2966 /* now the server version */
2967 proto_tree_add_item(tree, hf_ssl_handshake_server_version,
2968 tvb, offset, 2, FALSE);
2971 /* get the fixed fields */
2972 certificate_length = tvb_get_ntohs(tvb, offset);
2973 proto_tree_add_uint(tree, hf_ssl_handshake_certificate_len,
2974 tvb, offset, 2, certificate_length);
2977 cipher_spec_length = tvb_get_ntohs(tvb, offset);
2978 proto_tree_add_uint(tree, hf_ssl2_handshake_cipher_spec_len,
2979 tvb, offset, 2, cipher_spec_length);
2982 connection_id_length = tvb_get_ntohs(tvb, offset);
2983 proto_tree_add_uint(tree, hf_ssl2_handshake_connection_id_len,
2984 tvb, offset, 2, connection_id_length);
2987 /* now the variable length fields */
2988 if (certificate_length > 0)
2990 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_ssl_handshake_certificate);
2991 offset += certificate_length;
2994 if (cipher_spec_length > 0)
2996 /* provide a collapsing node for the cipher specs */
2997 tvb_ensure_bytes_exist(tvb, offset, cipher_spec_length);
2998 ti = proto_tree_add_none_format(tree,
2999 hf_ssl_handshake_cipher_suites,
3000 tvb, offset, cipher_spec_length,
3001 "Cipher Specs (%u spec%s)",
3002 cipher_spec_length/3,
3003 plurality(cipher_spec_length/3, "", "s"));
3004 subtree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
3010 /* iterate through the cipher specs */
3011 while (cipher_spec_length > 0)
3013 proto_tree_add_item(subtree, hf_ssl2_handshake_cipher_spec,
3014 tvb, offset, 3, FALSE);
3016 cipher_spec_length -= 3;
3020 if (connection_id_length > 0)
3022 tvb_ensure_bytes_exist(tvb, offset, connection_id_length);
3023 proto_tree_add_item(tree, hf_ssl2_handshake_connection_id,
3024 tvb, offset, connection_id_length, FALSE);
3025 offset += connection_id_length;
3033 /*********************************************************************
3037 *********************************************************************/
3040 ssl_set_conv_version(packet_info *pinfo, guint version)
3042 conversation_t *conversation;
3044 if (pinfo->fd->flags.visited)
3046 /* We've already processed this frame; no need to do any more
3052 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
3053 pinfo->srcport, pinfo->destport, 0);
3055 if (conversation == NULL)
3057 /* create a new conversation */
3058 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
3059 pinfo->srcport, pinfo->destport, 0);
3062 if (conversation_get_proto_data(conversation, proto_ssl) != NULL)
3064 /* get rid of the current data */
3065 conversation_delete_proto_data(conversation, proto_ssl);
3067 conversation_add_proto_data(conversation, proto_ssl, GINT_TO_POINTER(version));
3072 ssl_is_valid_handshake_type(guint8 type)
3076 case SSL_HND_HELLO_REQUEST:
3077 case SSL_HND_CLIENT_HELLO:
3078 case SSL_HND_SERVER_HELLO:
3079 case SSL_HND_CERTIFICATE:
3080 case SSL_HND_SERVER_KEY_EXCHG:
3081 case SSL_HND_CERT_REQUEST:
3082 case SSL_HND_SVR_HELLO_DONE:
3083 case SSL_HND_CERT_VERIFY:
3084 case SSL_HND_CLIENT_KEY_EXCHG:
3085 case SSL_HND_FINISHED:
3092 ssl_is_valid_ssl_version(guint16 version)
3094 const gchar *version_str;
3095 version_str = match_strval(version, ssl_versions);
3096 return version_str != NULL;
3100 ssl_is_authoritative_version_message(guint8 content_type,
3103 if (content_type == SSL_ID_HANDSHAKE
3104 && ssl_is_valid_handshake_type(next_byte))
3106 return (next_byte != SSL_HND_CLIENT_HELLO);
3108 else if (ssl_is_valid_content_type(content_type)
3109 && content_type != SSL_ID_HANDSHAKE)
3117 ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset)
3121 byte = tvb_get_guint8(tvb, offset);
3122 if (byte != 0x80) /* v2 client hello should start this way */
3127 byte = tvb_get_guint8(tvb, offset+2);
3128 if (byte != 0x01) /* v2 client hello msg type */
3133 /* 1 in 2^16 of being right; improve later if necessary */
3137 /* this applies a heuristic to determine whether
3138 * or not the data beginning at offset looks like a
3139 * valid sslv2 record. this isn't really possible,
3140 * but we'll try to do a reasonable job anyway.
3143 ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset)
3145 /* here's the current approach:
3147 * we only try to catch unencrypted handshake messages, so we can
3148 * assume that there is not padding. This means that the
3149 * first byte must be >= 0x80 and there must be a valid sslv2
3150 * msg_type in the third byte
3153 /* get the first byte; must have high bit set */
3155 byte = tvb_get_guint8(tvb, offset);
3162 /* get the supposed msg_type byte; since we only care about
3163 * unencrypted handshake messages (we can't tell the type for
3164 * encrypted messages), we just check against that list
3166 byte = tvb_get_guint8(tvb, offset + 2);
3168 case SSL2_HND_ERROR:
3169 case SSL2_HND_CLIENT_HELLO:
3170 case SSL2_HND_CLIENT_MASTER_KEY:
3171 case SSL2_HND_SERVER_HELLO:
3172 case PCT_MSG_CLIENT_MASTER_KEY:
3179 /* this applies a heuristic to determine whether
3180 * or not the data beginning at offset looks like a
3181 * valid sslv3 record. this is somewhat more reliable
3182 * than sslv2 due to the structure of the v3 protocol
3185 ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset)
3187 /* have to have a valid content type followed by a valid
3193 /* see if the first byte is a valid content type */
3194 byte = tvb_get_guint8(tvb, offset);
3195 if (!ssl_is_valid_content_type(byte))
3200 /* now check to see if the version byte appears valid */
3201 version = tvb_get_ntohs(tvb, offset + 1);
3202 if (version != SSLV3_VERSION && version != TLSV1_VERSION && version != TLSV1DOT1_VERSION)
3210 /* applies a heuristic to determine whether
3211 * or not the data beginning at offset looks
3212 * like a valid, unencrypted v2 handshake message.
3213 * since it isn't possible to completely tell random
3214 * data apart from a valid message without state,
3215 * we try to help the odds.
3218 ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, guint32 offset,
3219 guint32 record_length)
3221 /* first byte should be a msg_type.
3223 * - we know we only see client_hello, client_master_key,
3224 * and server_hello in the clear, so check to see if
3225 * msg_type is one of those (this gives us a 3 in 2^8
3226 * chance of saying yes with random payload)
3228 * - for those three types that we know about, do some
3229 * further validation to reduce the chance of an error
3235 /* fetch the msg_type */
3236 msg_type = tvb_get_guint8(tvb, offset);
3239 case SSL2_HND_CLIENT_HELLO:
3240 /* version follows msg byte, so verify that this is valid */
3241 version = tvb_get_ntohs(tvb, offset+1);
3242 return ssl_is_valid_ssl_version(version);
3245 case SSL2_HND_SERVER_HELLO:
3246 /* version is three bytes after msg_type */
3247 version = tvb_get_ntohs(tvb, offset+3);
3248 return ssl_is_valid_ssl_version(version);
3251 case SSL2_HND_CLIENT_MASTER_KEY:
3252 /* sum of clear_key_length, encrypted_key_length, and key_arg_length
3253 * must be less than record length
3255 sum = tvb_get_ntohs(tvb, offset + 4); /* clear_key_length */
3256 sum += tvb_get_ntohs(tvb, offset + 6); /* encrypted_key_length */
3257 sum += tvb_get_ntohs(tvb, offset + 8); /* key_arg_length */
3258 if (sum > record_length)
3271 /* applies a heuristic to determine whether
3272 * or not the data beginning at offset looks
3273 * like a valid, unencrypted v2 handshake message.
3274 * since it isn't possible to completely tell random
3275 * data apart from a valid message without state,
3276 * we try to help the odds.
3279 ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, guint32 offset,
3280 guint32 record_length)
3282 /* first byte should be a msg_type.
3284 * - we know we only see client_hello, client_master_key,
3285 * and server_hello in the clear, so check to see if
3286 * msg_type is one of those (this gives us a 3 in 2^8
3287 * chance of saying yes with random payload)
3289 * - for those three types that we know about, do some
3290 * further validation to reduce the chance of an error
3296 /* fetch the msg_type */
3297 msg_type = tvb_get_guint8(tvb, offset);
3300 case PCT_MSG_CLIENT_HELLO:
3301 /* version follows msg byte, so verify that this is valid */
3302 version = tvb_get_ntohs(tvb, offset+1);
3303 return version == PCT_VERSION_1;
3306 case PCT_MSG_SERVER_HELLO:
3307 /* version is one byte after msg_type */
3308 version = tvb_get_ntohs(tvb, offset+2);
3309 return version == PCT_VERSION_1;
3312 case PCT_MSG_CLIENT_MASTER_KEY:
3313 /* sum of various length fields must be less than record length */
3314 sum = tvb_get_ntohs(tvb, offset + 6); /* clear_key_length */
3315 sum += tvb_get_ntohs(tvb, offset + 8); /* encrypted_key_length */
3316 sum += tvb_get_ntohs(tvb, offset + 10); /* key_arg_length */
3317 sum += tvb_get_ntohs(tvb, offset + 12); /* verify_prelude_length */
3318 sum += tvb_get_ntohs(tvb, offset + 14); /* client_cert_length */
3319 sum += tvb_get_ntohs(tvb, offset + 16); /* response_length */
3320 if (sum > record_length)
3327 case PCT_MSG_SERVER_VERIFY:
3328 /* record is 36 bytes longer than response_length */
3329 sum = tvb_get_ntohs(tvb, offset + 34); /* response_length */
3330 if ((sum + 36) == record_length)
3343 /*********************************************************************
3345 * Standard Ethereal Protocol Registration and housekeeping
3347 *********************************************************************/
3349 proto_register_ssl(void)
3352 /* Setup list of header fields See Section 1.6.1 for details*/
3353 static hf_register_info hf[] = {
3355 { "Record Layer", "ssl.record",
3356 FT_NONE, BASE_NONE, NULL, 0x0,
3357 "Record layer", HFILL }
3359 { &hf_ssl_record_content_type,
3360 { "Content Type", "ssl.record.content_type",
3361 FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
3362 "Content type", HFILL}
3364 { &hf_ssl2_msg_type,
3365 { "Handshake Message Type", "ssl.handshake.type",
3366 FT_UINT8, BASE_DEC, VALS(ssl_20_msg_types), 0x0,
3367 "SSLv2 handshake message type", HFILL}
3370 { "Handshake Message Type", "ssl.pct_handshake.type",
3371 FT_UINT8, BASE_DEC, VALS(pct_msg_types), 0x0,
3372 "PCT handshake message type", HFILL}
3374 { &hf_ssl_record_version,
3375 { "Version", "ssl.record.version",
3376 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3377 "Record layer version.", HFILL }
3379 { &hf_ssl_record_length,
3380 { "Length", "ssl.record.length",
3381 FT_UINT16, BASE_DEC, NULL, 0x0,
3382 "Length of SSL record data", HFILL }
3384 { &hf_ssl_record_appdata,
3385 { "Encrypted Application Data", "ssl.app_data",
3386 FT_BYTES, BASE_HEX, NULL, 0x0,
3387 "Payload is encrypted application data", HFILL }
3391 { "SSLv2/PCT Record Header", "ssl.record",
3392 FT_NONE, BASE_DEC, NULL, 0x0,
3393 "SSLv2/PCT record data", HFILL }
3395 { &hf_ssl2_record_is_escape,
3396 { "Is Escape", "ssl.record.is_escape",
3397 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3398 "Indicates a security escape", HFILL}
3400 { &hf_ssl2_record_padding_length,
3401 { "Padding Length", "ssl.record.padding_length",
3402 FT_UINT8, BASE_DEC, NULL, 0x0,
3403 "Length of padding at end of record", HFILL }
3405 { &hf_ssl_change_cipher_spec,
3406 { "Change Cipher Spec Message", "ssl.change_cipher_spec",
3407 FT_NONE, BASE_NONE, NULL, 0x0,
3408 "Signals a change in cipher specifications", HFILL }
3410 { & hf_ssl_alert_message,
3411 { "Alert Message", "ssl.alert_message",
3412 FT_NONE, BASE_NONE, NULL, 0x0,
3413 "Alert message", HFILL }
3415 { & hf_ssl_alert_message_level,
3416 { "Level", "ssl.alert_message.level",
3417 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
3418 "Alert message level", HFILL }
3420 { &hf_ssl_alert_message_description,
3421 { "Description", "ssl.alert_message.desc",
3422 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
3423 "Alert message description", HFILL }
3425 { &hf_ssl_handshake_protocol,
3426 { "Handshake Protocol", "ssl.handshake",
3427 FT_NONE, BASE_NONE, NULL, 0x0,
3428 "Handshake protocol message", HFILL}
3430 { &hf_ssl_handshake_type,
3431 { "Handshake Type", "ssl.handshake.type",
3432 FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
3433 "Type of handshake message", HFILL}
3435 { &hf_ssl_handshake_length,
3436 { "Length", "ssl.handshake.length",
3437 FT_UINT24, BASE_DEC, NULL, 0x0,
3438 "Length of handshake message", HFILL }
3440 { &hf_ssl_handshake_client_version,
3441 { "Version", "ssl.handshake.version",
3442 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3443 "Maximum version supported by client", HFILL }
3445 { &hf_ssl_handshake_server_version,
3446 { "Version", "ssl.handshake.version",
3447 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3448 "Version selected by server", HFILL }
3450 { &hf_ssl_handshake_random_time,
3451 { "gmt_unix_time", "ssl.handshake.random_time",
3452 FT_ABSOLUTE_TIME, 0, NULL, 0x0,
3453 "Unix time field of random structure", HFILL }
3455 { &hf_ssl_handshake_random_bytes,
3456 { "random_bytes", "ssl.handshake.random_bytes",
3457 FT_BYTES, 0, NULL, 0x0,
3458 "Random challenge used to authenticate server", HFILL }
3460 { &hf_ssl_handshake_cipher_suites_len,
3461 { "Cipher Suites Length", "ssl.handshake.cipher_suites_length",
3462 FT_UINT16, BASE_DEC, NULL, 0x0,
3463 "Length of cipher suites field", HFILL }
3465 { &hf_ssl_handshake_cipher_suites,
3466 { "Cipher Suites", "ssl.handshake.ciphersuites",
3467 FT_NONE, BASE_NONE, NULL, 0x0,
3468 "List of cipher suites supported by client", HFILL }
3470 { &hf_ssl_handshake_cipher_suite,
3471 { "Cipher Suite", "ssl.handshake.ciphersuite",
3472 FT_UINT16, BASE_HEX, VALS(ssl_31_ciphersuite), 0x0,
3473 "Cipher suite", HFILL }
3475 { &hf_ssl2_handshake_cipher_spec,
3476 { "Cipher Spec", "ssl.handshake.cipherspec",
3477 FT_UINT24, BASE_HEX, VALS(ssl_20_cipher_suites), 0x0,
3478 "Cipher specification", HFILL }
3480 { &hf_ssl_handshake_session_id,
3481 { "Session ID", "ssl.handshake.session_id",
3482 FT_BYTES, BASE_NONE, NULL, 0x0,
3483 "Identifies the SSL session, allowing later resumption", HFILL }
3485 { &hf_ssl_handshake_comp_methods_len,
3486 { "Compression Methods Length", "ssl.handshake.comp_methods_length",
3487 FT_UINT8, BASE_DEC, NULL, 0x0,
3488 "Length of compression methods field", HFILL }
3490 { &hf_ssl_handshake_comp_methods,
3491 { "Compression Methods", "ssl.handshake.comp_methods",
3492 FT_NONE, BASE_NONE, NULL, 0x0,
3493 "List of compression methods supported by client", HFILL }
3495 { &hf_ssl_handshake_comp_method,
3496 { "Compression Method", "ssl.handshake.comp_method",
3497 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
3498 "Compression Method", HFILL }
3500 { &hf_ssl_handshake_extensions_len,
3501 { "Extensions Length", "ssl.handshake.extensions_length",
3502 FT_UINT16, BASE_DEC, NULL, 0x0,
3503 "Length of hello extensions", HFILL }
3505 { &hf_ssl_handshake_extension_type,
3506 { "Type", "ssl.handshake.extension.type",
3507 FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0,
3508 "Hello extension type", HFILL }
3510 { &hf_ssl_handshake_extension_len,
3511 { "Length", "ssl.handshake.extension.len",
3512 FT_UINT16, BASE_DEC, NULL, 0x0,
3513 "Length of a hello extension", HFILL }
3515 { &hf_ssl_handshake_extension_data,
3516 { "Data", "ssl.handshake.extension.data",
3517 FT_BYTES, BASE_NONE, NULL, 0x0,
3518 "Hello Extension data", HFILL }
3520 { &hf_ssl_handshake_certificates_len,
3521 { "Certificates Length", "ssl.handshake.certificates_length",
3522 FT_UINT24, BASE_DEC, NULL, 0x0,
3523 "Length of certificates field", HFILL }
3525 { &hf_ssl_handshake_certificates,
3526 { "Certificates", "ssl.handshake.certificates",
3527 FT_NONE, BASE_NONE, NULL, 0x0,
3528 "List of certificates", HFILL }
3530 { &hf_ssl_handshake_certificate,
3531 { "Certificate", "ssl.handshake.certificate",
3532 FT_BYTES, BASE_NONE, NULL, 0x0,
3533 "Certificate", HFILL }
3535 { &hf_ssl_handshake_certificate_len,
3536 { "Certificate Length", "ssl.handshake.certificate_length",
3537 FT_UINT24, BASE_DEC, NULL, 0x0,
3538 "Length of certificate", HFILL }
3540 { &hf_ssl_handshake_cert_types_count,
3541 { "Certificate types count", "ssl.handshake.cert_types_count",
3542 FT_UINT8, BASE_DEC, NULL, 0x0,
3543 "Count of certificate types", HFILL }
3545 { &hf_ssl_handshake_cert_types,
3546 { "Certificate types", "ssl.handshake.cert_types",
3547 FT_NONE, BASE_NONE, NULL, 0x0,
3548 "List of certificate types", HFILL }
3550 { &hf_ssl_handshake_cert_type,
3551 { "Certificate type", "ssl.handshake.cert_type",
3552 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
3553 "Certificate type", HFILL }
3555 { &hf_ssl_handshake_finished,
3556 { "Verify Data", "ssl.handshake.verify_data",
3557 FT_NONE, BASE_NONE, NULL, 0x0,
3558 "Opaque verification data", HFILL }
3560 { &hf_ssl_handshake_md5_hash,
3561 { "MD5 Hash", "ssl.handshake.md5_hash",
3562 FT_NONE, BASE_NONE, NULL, 0x0,
3563 "Hash of messages, master_secret, etc.", HFILL }
3565 { &hf_ssl_handshake_sha_hash,
3566 { "SHA-1 Hash", "ssl.handshake.sha_hash",
3567 FT_NONE, BASE_NONE, NULL, 0x0,
3568 "Hash of messages, master_secret, etc.", HFILL }
3570 { &hf_ssl_handshake_session_id_len,
3571 { "Session ID Length", "ssl.handshake.session_id_length",
3572 FT_UINT8, BASE_DEC, NULL, 0x0,
3573 "Length of session ID field", HFILL }
3575 { &hf_ssl_handshake_dnames_len,
3576 { "Distinguished Names Length", "ssl.handshake.dnames_len",
3577 FT_UINT16, BASE_DEC, NULL, 0x0,
3578 "Length of list of CAs that server trusts", HFILL }
3580 { &hf_ssl_handshake_dnames,
3581 { "Distinguished Names", "ssl.handshake.dnames",
3582 FT_NONE, BASE_NONE, NULL, 0x0,
3583 "List of CAs that server trusts", HFILL }
3585 { &hf_ssl_handshake_dname_len,
3586 { "Distinguished Name Length", "ssl.handshake.dname_len",
3587 FT_UINT16, BASE_DEC, NULL, 0x0,
3588 "Length of distinguished name", HFILL }
3590 { &hf_ssl_handshake_dname,
3591 { "Distinguished Name", "ssl.handshake.dname",
3592 FT_BYTES, BASE_NONE, NULL, 0x0,
3593 "Distinguished name of a CA that server trusts", HFILL }
3595 { &hf_ssl2_handshake_challenge,
3596 { "Challenge", "ssl.handshake.challenge",
3597 FT_NONE, BASE_NONE, NULL, 0x0,
3598 "Challenge data used to authenticate server", HFILL }
3600 { &hf_ssl2_handshake_cipher_spec_len,
3601 { "Cipher Spec Length", "ssl.handshake.cipher_spec_len",
3602 FT_UINT16, BASE_DEC, NULL, 0x0,
3603 "Length of cipher specs field", HFILL }
3605 { &hf_ssl2_handshake_session_id_len,
3606 { "Session ID Length", "ssl.handshake.session_id_length",
3607 FT_UINT16, BASE_DEC, NULL, 0x0,
3608 "Length of session ID field", HFILL }
3610 { &hf_ssl2_handshake_challenge_len,
3611 { "Challenge Length", "ssl.handshake.challenge_length",
3612 FT_UINT16, BASE_DEC, NULL, 0x0,
3613 "Length of challenge field", HFILL }
3615 { &hf_ssl2_handshake_clear_key_len,
3616 { "Clear Key Data Length", "ssl.handshake.clear_key_length",
3617 FT_UINT16, BASE_DEC, NULL, 0x0,
3618 "Length of clear key data", HFILL }
3620 { &hf_ssl2_handshake_enc_key_len,
3621 { "Encrypted Key Data Length", "ssl.handshake.encrypted_key_length",
3622 FT_UINT16, BASE_DEC, NULL, 0x0,
3623 "Length of encrypted key data", HFILL }
3625 { &hf_ssl2_handshake_key_arg_len,
3626 { "Key Argument Length", "ssl.handshake.key_arg_length",
3627 FT_UINT16, BASE_DEC, NULL, 0x0,
3628 "Length of key argument", HFILL }
3630 { &hf_ssl2_handshake_clear_key,
3631 { "Clear Key Data", "ssl.handshake.clear_key_data",
3632 FT_NONE, BASE_NONE, NULL, 0x0,
3633 "Clear portion of MASTER-KEY", HFILL }
3635 { &hf_ssl2_handshake_enc_key,
3636 { "Encrypted Key", "ssl.handshake.encrypted_key",
3637 FT_NONE, BASE_NONE, NULL, 0x0,
3638 "Secret portion of MASTER-KEY encrypted to server", HFILL }
3640 { &hf_ssl2_handshake_key_arg,
3641 { "Key Argument", "ssl.handshake.key_arg",
3642 FT_NONE, BASE_NONE, NULL, 0x0,
3643 "Key Argument (e.g., Initialization Vector)", HFILL }
3645 { &hf_ssl2_handshake_session_id_hit,
3646 { "Session ID Hit", "ssl.handshake.session_id_hit",
3647 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3648 "Did the server find the client's Session ID?", HFILL }
3650 { &hf_ssl2_handshake_cert_type,
3651 { "Certificate Type", "ssl.handshake.cert_type",
3652 FT_UINT8, BASE_DEC, VALS(ssl_20_certificate_type), 0x0,
3653 "Certificate Type", HFILL }
3655 { &hf_ssl2_handshake_connection_id_len,
3656 { "Connection ID Length", "ssl.handshake.connection_id_length",
3657 FT_UINT16, BASE_DEC, NULL, 0x0,
3658 "Length of connection ID", HFILL }
3660 { &hf_ssl2_handshake_connection_id,
3661 { "Connection ID", "ssl.handshake.connection_id",
3662 FT_NONE, BASE_NONE, NULL, 0x0,
3663 "Server's challenge to client", HFILL }
3665 { &hf_pct_handshake_cipher_spec,
3666 { "Cipher Spec", "pct.handshake.cipherspec",
3667 FT_NONE, BASE_NONE, NULL, 0x0,
3668 "PCT Cipher specification", HFILL }
3670 { &hf_pct_handshake_cipher,
3671 { "Cipher", "pct.handshake.cipher",
3672 FT_UINT16, BASE_HEX, VALS(pct_cipher_type), 0x0,
3673 "PCT Ciper", HFILL }
3675 { &hf_pct_handshake_hash_spec,
3676 { "Hash Spec", "pct.handshake.hashspec",
3677 FT_NONE, BASE_NONE, NULL, 0x0,
3678 "PCT Hash specification", HFILL }
3680 { &hf_pct_handshake_hash,
3681 { "Hash", "pct.handshake.hash",
3682 FT_UINT16, BASE_HEX, VALS(pct_hash_type), 0x0,
3685 { &hf_pct_handshake_cert_spec,
3686 { "Cert Spec", "pct.handshake.certspec",
3687 FT_NONE, BASE_NONE, NULL, 0x0,
3688 "PCT Certificate specification", HFILL }
3690 { &hf_pct_handshake_cert,
3691 { "Cert", "pct.handshake.cert",
3692 FT_UINT16, BASE_HEX, VALS(pct_cert_type), 0x0,
3693 "PCT Certificate", HFILL }
3695 { &hf_pct_handshake_exch_spec,
3696 { "Exchange Spec", "pct.handshake.exchspec",
3697 FT_NONE, BASE_NONE, NULL, 0x0,
3698 "PCT Exchange specification", HFILL }
3700 { &hf_pct_handshake_exch,
3701 { "Exchange", "pct.handshake.exch",
3702 FT_UINT16, BASE_HEX, VALS(pct_exch_type), 0x0,
3703 "PCT Exchange", HFILL }
3705 { &hf_pct_handshake_sig,
3706 { "Sig Spec", "pct.handshake.sig",
3707 FT_UINT16, BASE_HEX, VALS(pct_sig_type), 0x0,
3708 "PCT Signature", HFILL }
3710 { &hf_pct_msg_error_type,
3711 { "PCT Error Code", "pct.msg_error_code",
3712 FT_UINT16, BASE_HEX, VALS(pct_error_code), 0x0,
3713 "PCT Error Code", HFILL }
3715 { &hf_pct_handshake_server_cert,
3716 { "Server Cert", "pct.handshake.server_cert",
3717 FT_NONE, BASE_NONE, NULL , 0x0,
3718 "PCT Server Certificate", HFILL }
3722 /* Setup protocol subtree array */
3723 static gint *ett[] = {
3728 &ett_ssl_cipher_suites,
3729 &ett_ssl_comp_methods,
3732 &ett_ssl_cert_types,
3735 &ett_pct_cipher_suites,
3736 &ett_pct_hash_suites,
3737 &ett_pct_cert_suites,
3738 &ett_pct_exch_suites,
3741 /* Register the protocol name and description */
3742 proto_ssl = proto_register_protocol("Secure Socket Layer",
3745 /* Required function calls to register the header fields and
3747 proto_register_field_array(proto_ssl, hf, array_length(hf));
3748 proto_register_subtree_array(ett, array_length(ett));
3751 module_t *ssl_module = prefs_register_protocol(proto_ssl, proto_reg_handoff_ssl);
3752 prefs_register_bool_preference(ssl_module,
3753 "desegment_ssl_records",
3754 "Reassemble SSL records spanning multiple TCP segments",
3755 "Whether the SSL dissector should reassemble SSL records spanning multiple TCP segments. "
3756 "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
3758 prefs_register_bool_preference(ssl_module,
3759 "desegment_ssl_application_data",
3760 "Reassemble SSL Application Data spanning multiple SSL records",
3761 "Whether the SSL dissector should reassemble SSL Application Data spanning multiple SSL records. ",
3762 &ssl_desegment_app_data);
3763 #ifdef HAVE_LIBGNUTLS
3764 prefs_register_string_preference(ssl_module, "keys_list", "RSA keys list",
3765 "Semicolon-separated list of private RSA keys used for SSL decryption; "
3766 "each list entry must be in the form of <ip>,<port>,<protocol>,<key_file_name>. "
3767 "<key_file_name> is the local file name of the RSA private key used by the specified server "
3768 "(or name of the file containing such a list)",
3769 (const gchar **)&ssl_keys_list);
3770 prefs_register_string_preference(ssl_module, "debug_file", "SSL debug file",
3771 "redirect ssl debug to file name; leave empty to disable debug, "
3772 "use \"" SSL_DEBUG_USE_STDERR "\" to redirect output to stderr\n",
3773 (const gchar **)&ssl_debug_file_name);
3777 register_dissector("ssl", dissect_ssl, proto_ssl);
3778 ssl_handle = find_dissector("ssl");
3780 ssl_associations = g_tree_new(ssl_association_cmp);
3782 register_init_routine(ssl_init);
3784 ssl_tap = register_tap("ssl");
3785 ssl_debug_printf("proto_register_ssl: registered tap %s:%d\n",
3789 /* If this dissector uses sub-dissector registration add a registration
3790 * routine. This format is required because a script is used to find
3791 * these routines and create the code that calls these routines.
3794 proto_reg_handoff_ssl(void)
3797 /* parse key list */
3800 /* add ssl dissection to defaults ports */
3801 ssl_dissector_add(443, "http", TRUE);
3802 ssl_dissector_add(636, "ldap", TRUE);
3803 ssl_dissector_add(993, "imap", TRUE);
3804 ssl_dissector_add(995, "pop", TRUE);
3808 ssl_dissector_add(guint port, const gchar *protocol, gboolean tcp)
3810 SslAssociation *assoc;
3812 assoc = ssl_association_find(ssl_associations, port, tcp);
3814 ssl_association_remove(ssl_associations, assoc);
3817 ssl_association_add(ssl_associations, ssl_handle, port, protocol, tcp, FALSE);
3821 ssl_dissector_delete(guint port, const gchar *protocol, gboolean tcp)
3823 SslAssociation *assoc;
3825 assoc = ssl_association_find(ssl_associations, port, tcp);
3826 if (assoc && (assoc->handle == find_dissector(protocol))) {
3827 ssl_association_remove(ssl_associations, assoc);