* By Paolo Abeni <paolo.abeni@email.com>
*
* Copyright (c) 2013, Hauke Mehrtens <hauke@hauke-m.de>
+ * Copyright (c) 2014, Peter Wu <peter@lekensteyn.nl>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
#endif
#include <stdlib.h>
-#include <ctype.h>
-#include "packet-ssl-utils.h"
-#include "packet-ssl.h"
+#include <errno.h>
-#include <epan/emem.h>
+#include <epan/packet.h>
#include <epan/strutil.h>
#include <epan/addr_resolv.h>
#include <epan/ipv6-utils.h>
#include <epan/expert.h>
+#include <epan/asn1.h>
+#include <wsutil/filesystem.h>
#include <wsutil/file_util.h>
#include <wsutil/str_util.h>
+#include <wsutil/report_err.h>
+#include <wsutil/pint.h>
+#include "packet-x509af.h"
+#include "packet-x509if.h"
+#include "packet-ssl-utils.h"
+#include "packet-ssl.h"
+#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
+#include <gnutls/abstract.h>
+#endif
/*
* Lookup tables
{ 23, "secp256r1" },
{ 24, "secp384r1" },
{ 25, "secp521r1" },
+ { 26, "brainpoolP256r1" }, /* RFC 7027 */
+ { 27, "brainpoolP384r1" }, /* RFC 7027 */
+ { 28, "brainpoolP512r1" }, /* RFC 7027 */
{ 0xFF01, "arbitrary_explicit_prime_curves" },
{ 0xFF02, "arbitrary_explicit_char2_curves" },
{ 0x00, NULL }
{ 70, "Protocol Version" },
{ 71, "Insufficient Security" },
{ 80, "Internal Error" },
+ { 86, "Inappropriate Fallback" },
{ 90, "User Canceled" },
{ 100, "No Renegotiation" },
{ 110, "Unsupported Extension" },
{ 113, "Bad Certificate Status Response" },
{ 114, "Bad Certificate Hash Value" },
{ 115, "Unknown PSK Identity" },
+ { 120, "No application Protocol" },
{ 0x00, NULL }
};
{ SSL_HND_FINISHED, "Finished" },
{ SSL_HND_CERT_URL, "Client Certificate URL" },
{ SSL_HND_CERT_STATUS, "Certificate Status" },
+ { SSL_HND_SUPPLEMENTAL_DATA, "Supplemental Data" },
{ SSL_HND_ENCRYPTED_EXTS, "Encrypted Extensions" },
{ 0x00, NULL }
};
{ 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" },
/* 0x00,0xC6-FE Unassigned */
/* From RFC 5746 */
- { 0x0000FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" },
- /* 0x01-BF,* Unassigned */
+ { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" },
+ /* From RFC 7507 */
+ { 0x5600, "TLS_FALLBACK_SCSV" },
/* From RFC 4492 */
{ 0xc001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
{ 0xc002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
{ 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8" },
{ 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8" },
{ 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8" },
+
+ /* RFC 7251 */
+ { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" },
+ { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" },
+ { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" },
+ { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" },
/*
0xC0,0xAB-FF Unassigned
0xC1-FD,* Unassigned
{ 0x00, NULL }
};
-/* RFC 4366 */
+/* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1 */
const value_string tls_hello_extension_types[] = {
{ SSL_HND_HELLO_EXT_SERVER_NAME, "server_name" }, /* RFC 3546 */
{ 1, "max_fragment_length" },
{ 6, "user_mapping" }, /* RFC 4681 */
{ 7, "client_authz" },
{ 8, "server_authz" },
- { 9, "cert_type" }, /* RFC 5081 */
+ { SSL_HND_HELLO_EXT_CERT_TYPE, "cert_type" }, /* RFC 5081 */
{ SSL_HND_HELLO_EXT_ELLIPTIC_CURVES, "elliptic_curves" }, /* RFC 4492 */
{ SSL_HND_HELLO_EXT_EC_POINT_FORMATS, "ec_point_formats" }, /* RFC 4492 */
{ 12, "srp" }, /* RFC 5054 */
{ 13, "signature_algorithms" }, /* RFC 5246 */
{ 14, "use_srtp" },
{ SSL_HND_HELLO_EXT_HEARTBEAT, "Heartbeat" }, /* RFC 6520 */
- { SSL_HND_HELLO_EXT_ALPN, "Application Layer Protocol Negotiation" }, /* draft-ietf-tls-applayerprotoneg-01 */
+ { SSL_HND_HELLO_EXT_ALPN, "Application Layer Protocol Negotiation" }, /* RFC 7301 */
{ SSL_HND_HELLO_EXT_STATUS_REQUEST_V2, "status_request_v2" }, /* RFC 6961 */
+ { 18, "signed_certificate_timestamp" }, /* RFC 6962 */
+ { SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE, "client_certificate_type" }, /* RFC 7250 */
+ { SSL_HND_HELLO_EXT_SERVER_CERT_TYPE, "server_certificate_type" }, /* RFC 7250 */
+ { SSL_HND_HELLO_EXT_PADDING, "Padding" }, /* http://tools.ietf.org/html/draft-agl-tls-padding */
+ { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE, "Extended Master Secret" }, /* https://tools.ietf.org/html/draft-ietf-tls-session-hash-01 */
{ SSL_HND_HELLO_EXT_SESSION_TICKET, "SessionTicket TLS" }, /* RFC 4507 */
{ SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* http://technotes.googlecode.com/git/nextprotoneg.html */
{ SSL_HND_HELLO_EXT_RENEG_INFO, "renegotiation_info" }, /* RFC 5746 */
/* http://tools.ietf.org/html/draft-balfanz-tls-channelid-00
https://twitter.com/ericlaw/status/274237352531083264 */
+ { SSL_HND_HELLO_EXT_CHANNEL_ID_OLD, "channel_id_old" },
+ /* http://tools.ietf.org/html/draft-balfanz-tls-channelid-01
+ https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/sslt.h&l=209 */
{ SSL_HND_HELLO_EXT_CHANNEL_ID, "channel_id" },
{ 0, NULL }
};
const value_string tls_certificate_type[] = {
{ 0, "X.509" },
{ 1, "OpenPGP" },
+ { SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY, "Raw Public Key" }, /* RFC 7250 */
{ 0, NULL }
};
{ 0, NULL }
};
+/* string_string is inappropriate as it compares strings while
+ * "byte strings MUST NOT be truncated" (RFC 7301) */
+typedef struct ssl_alpn_protocol {
+ const guint8 *proto_name;
+ size_t proto_name_len;
+ const char *dissector_name;
+} ssl_alpn_protocol_t;
+/* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids */
+static const ssl_alpn_protocol_t ssl_alpn_protocols[] = {
+ { "http/1.1", sizeof("http/1.1"), "http" },
+ /* SPDY moves so fast, just 1, 2 and 3 are registered with IANA but there
+ * already exists 3.1 as of this writing... match the prefix. */
+ { "spdy/", sizeof("spdy/") - 1, "spdy" },
+ { "stun.turn", sizeof("stun.turn"), "turnchannel" },
+ { "stun.nat-discovery", sizeof("stun.nat-discovery"), "stun" },
+ /* draft-ietf-httpbis-http2-16 */
+ { "h2-", sizeof("h2-") - 1, "http2" }, /* draft versions */
+ { "h2", sizeof("h2"), "http2" }, /* final version */
+};
+
/* we keep this internal to packet-ssl-utils, as there should be
no need to access it any other way.
gint ssl_get_keyex_alg(gint cipher)
{
switch(cipher) {
- case 0x0001:
- case 0x0002:
- case 0x0003:
- case 0x0004:
- case 0x0005:
- case 0x0006:
- case 0x0007:
- case 0x0008:
- case 0x0009:
- case 0x000a:
- case 0x002f:
- case 0x0035:
- case 0x003b:
- case 0x003c:
- case 0x003d:
- case 0x0041:
- case 0x0060:
- case 0x0061:
- case 0x0062:
- case 0x0064:
- case 0x0084:
- case 0x0096:
- case 0x009c:
- case 0x009d:
- case 0x00ba:
- case 0x00c0:
- case 0xfefe:
- case 0xfeff:
- case 0xffe0:
- case 0xffe1:
- return KEX_RSA;
+ case 0x0017:
+ case 0x0018:
+ case 0x0019:
+ case 0x001a:
+ case 0x001b:
+ case 0x0034:
+ case 0x003a:
+ case 0x0046:
+ case 0x006c:
+ case 0x006d:
+ case 0x0089:
+ case 0x009b:
+ case 0x00a6:
+ case 0x00a7:
+ case 0x00bf:
+ case 0x00c5:
+ case 0xc084:
+ case 0xc085:
+ return KEX_DH_ANON;
case 0x000b:
case 0x000c:
case 0x000d:
+ case 0x0030:
+ case 0x0036:
+ case 0x003e:
+ case 0x0042:
+ case 0x0068:
+ case 0x0085:
+ case 0x0097:
+ case 0x00a4:
+ case 0x00a5:
+ case 0x00bb:
+ case 0x00c1:
+ case 0xc082:
+ case 0xc083:
+ return KEX_DH_DSS;
case 0x000e:
case 0x000f:
case 0x0010:
+ case 0x0031:
+ case 0x0037:
+ case 0x003f:
+ case 0x0043:
+ case 0x0069:
+ case 0x0086:
+ case 0x0098:
+ case 0x00a0:
+ case 0x00a1:
+ case 0x00bc:
+ case 0x00c2:
+ case 0xc07e:
+ case 0xc07f:
+ return KEX_DH_RSA;
case 0x0011:
case 0x0012:
case 0x0013:
- case 0x0014:
- case 0x0015:
- case 0x0016:
- case 0x0017:
- case 0x0018:
- case 0x0019:
- case 0x001a:
- case 0x001b:
- case 0x002d:
- case 0x0030:
- case 0x0031:
case 0x0032:
- case 0x0033:
- case 0x0034:
- case 0x0036:
- case 0x0037:
case 0x0038:
- case 0x0039:
- case 0x003a:
- case 0x003e:
- case 0x003f:
case 0x0040:
- case 0x0042:
- case 0x0043:
case 0x0044:
- case 0x0045:
- case 0x0046:
case 0x0063:
case 0x0065:
case 0x0066:
- case 0x0067:
- case 0x0068:
- case 0x0069:
case 0x006a:
- case 0x006b:
- case 0x006c:
- case 0x006d:
- case 0x0085:
- case 0x0086:
case 0x0087:
- case 0x0088:
- case 0x0089:
+ case 0x0099:
+ case 0x00a2:
+ case 0x00a3:
+ case 0x00bd:
+ case 0x00c3:
+ case 0xc080:
+ case 0xc081:
+ return KEX_DHE_DSS;
+ case 0x002d:
case 0x008e:
case 0x008f:
case 0x0090:
case 0x0091:
- case 0x0097:
- case 0x0098:
- case 0x0099:
- case 0x009a:
- case 0x009b:
- case 0x009e:
- case 0x009f:
- case 0x00a0:
- case 0x00a1:
- case 0x00a2:
- case 0x00a3:
- case 0x00a4:
- case 0x00a5:
- case 0x00a6:
- case 0x00a7:
case 0x00aa:
case 0x00ab:
case 0x00b2:
case 0x00b3:
case 0x00b4:
case 0x00b5:
- case 0x00bb:
- case 0x00bc:
- case 0x00bd:
+ case 0xc090:
+ case 0xc091:
+ case 0xc096:
+ case 0xc097:
+ case 0xc0a6:
+ case 0xc0a7:
+ case 0xc0aa:
+ case 0xc0ab:
+ case 0xe41c:
+ case 0xe41d:
+ return KEX_DHE_PSK;
+ case 0x0014:
+ case 0x0015:
+ case 0x0016:
+ case 0x0033:
+ case 0x0039:
+ case 0x0045:
+ case 0x0067:
+ case 0x006b:
+ case 0x0088:
+ case 0x009a:
+ case 0x009e:
+ case 0x009f:
case 0x00be:
- case 0x00bf:
- case 0x00c1:
- case 0x00c2:
- case 0x00c3:
case 0x00c4:
- case 0x00c5:
- return KEX_DH;
+ case 0xc07c:
+ case 0xc07d:
+ case 0xc09e:
+ case 0xc09f:
+ case 0xc0a2:
+ case 0xc0a3:
+ case 0xe41e:
+ case 0xe41f:
+ return KEX_DHE_RSA;
+ case 0xc015:
+ case 0xc016:
+ case 0xc017:
+ case 0xc018:
+ case 0xc019:
+ return KEX_ECDH_ANON;
case 0xc001:
case 0xc002:
case 0xc003:
case 0xc004:
case 0xc005:
- case 0xc006:
- case 0xc007:
- case 0xc008:
- case 0xc009:
- case 0xc00a:
+ case 0xc025:
+ case 0xc026:
+ case 0xc02d:
+ case 0xc02e:
+ case 0xc074:
+ case 0xc075:
+ case 0xc088:
+ case 0xc089:
+ return KEX_ECDH_ECDSA;
case 0xc00b:
case 0xc00c:
case 0xc00d:
case 0xc00e:
case 0xc00f:
- case 0xc010:
- case 0xc011:
- case 0xc012:
- case 0xc013:
- case 0xc014:
- case 0xc015:
- case 0xc016:
- case 0xc017:
- case 0xc018:
- case 0xc019:
- case 0xc023:
- case 0xc024:
- case 0xc025:
- case 0xc026:
- case 0xc027:
- case 0xc028:
case 0xc029:
case 0xc02a:
- case 0xc02b:
- case 0xc02c:
- case 0xc02d:
- case 0xc02e:
- case 0xc02f:
- case 0xc030:
case 0xc031:
case 0xc032:
+ case 0xc078:
+ case 0xc079:
+ case 0xc08c:
+ case 0xc08d:
+ return KEX_ECDH_RSA;
+ case 0xc006:
+ case 0xc007:
+ case 0xc008:
+ case 0xc009:
+ case 0xc00a:
+ case 0xc023:
+ case 0xc024:
+ case 0xc02b:
+ case 0xc02c:
+ case 0xc072:
+ case 0xc073:
+ case 0xc086:
+ case 0xc087:
+ case 0xc0ac:
+ case 0xc0ad:
+ case 0xc0ae:
+ case 0xc0af:
+ case 0xe414:
+ case 0xe415:
+ return KEX_ECDHE_ECDSA;
case 0xc033:
case 0xc034:
case 0xc035:
case 0xc039:
case 0xc03a:
case 0xc03b:
- return KEX_ECDH;
- case 0x002C:
- case 0x008A:
- case 0x008B:
- case 0x008C:
- case 0x008D:
- case 0x00A8:
- case 0x00A9:
- case 0x00AE:
- case 0x00AF:
- case 0x00B0:
- case 0x00B1:
- case 0xC064:
- case 0xC065:
- case 0xC06A:
- case 0xC06B:
- case 0xC08E:
- case 0xC08F:
- case 0xC094:
- case 0xC095:
- case 0xC0A4:
- case 0xC0A5:
- case 0xC0A8:
- case 0xC0A9:
- case 0xC0AA:
- case 0xC0AB:
+ case 0xc09a:
+ case 0xc09b:
+ case 0xe418:
+ case 0xe419:
+ return KEX_ECDHE_PSK;
+ case 0xc010:
+ case 0xc011:
+ case 0xc012:
+ case 0xc013:
+ case 0xc014:
+ case 0xc027:
+ case 0xc028:
+ case 0xc02f:
+ case 0xc030:
+ case 0xc076:
+ case 0xc077:
+ case 0xc08a:
+ case 0xc08b:
+ case 0xe412:
+ case 0xe413:
+ return KEX_ECDHE_RSA;
+ case 0x001e:
+ case 0x001f:
+ case 0x0020:
+ case 0x0021:
+ case 0x0022:
+ case 0x0023:
+ case 0x0024:
+ case 0x0025:
+ case 0x0026:
+ case 0x0027:
+ case 0x0028:
+ case 0x0029:
+ case 0x002a:
+ case 0x002b:
+ return KEX_KRB5;
+ case 0x002c:
+ case 0x008a:
+ case 0x008b:
+ case 0x008c:
+ case 0x008d:
+ case 0x00a8:
+ case 0x00a9:
+ case 0x00ae:
+ case 0x00af:
+ case 0x00b0:
+ case 0x00b1:
+ case 0xc064:
+ case 0xc065:
+ case 0xc08e:
+ case 0xc08f:
+ case 0xc094:
+ case 0xc095:
+ case 0xc0a4:
+ case 0xc0a5:
+ case 0xc0a8:
+ case 0xc0a9:
+ case 0xe416:
+ case 0xe417:
return KEX_PSK;
- case 0x002E:
+ case 0x0001:
+ case 0x0002:
+ case 0x0003:
+ case 0x0004:
+ case 0x0005:
+ case 0x0006:
+ case 0x0007:
+ case 0x0008:
+ case 0x0009:
+ case 0x000a:
+ case 0x002f:
+ case 0x0035:
+ case 0x003b:
+ case 0x003c:
+ case 0x003d:
+ case 0x0041:
+ case 0x0060:
+ case 0x0061:
+ case 0x0062:
+ case 0x0064:
+ case 0x0084:
+ case 0x0096:
+ case 0x009c:
+ case 0x009d:
+ case 0x00ba:
+ case 0x00c0:
+ case 0xc07a:
+ case 0xc07b:
+ case 0xc09c:
+ case 0xc09d:
+ case 0xc0a0:
+ case 0xc0a1:
+ case 0xe410:
+ case 0xe411:
+ case 0xfefe:
+ case 0xfeff:
+ case 0xffe0:
+ case 0xffe1:
+ return KEX_RSA;
+ case 0x002e:
case 0x0092:
case 0x0093:
case 0x0094:
case 0x0095:
- case 0x00AC:
- case 0x00AD:
- case 0x00B6:
- case 0x00B7:
- case 0x00B8:
- case 0x00B9:
- case 0xC068:
- case 0xC069:
- case 0xC06E:
- case 0xC06F:
- case 0xC092:
- case 0xC093:
- case 0xC098:
- case 0xC099:
+ case 0x00ac:
+ case 0x00ad:
+ case 0x00b6:
+ case 0x00b7:
+ case 0x00b8:
+ case 0x00b9:
+ case 0xc092:
+ case 0xc093:
+ case 0xc098:
+ case 0xc099:
+ case 0xe41a:
+ case 0xe41b:
return KEX_RSA_PSK;
+ case 0xc01a:
+ case 0xc01d:
+ case 0xc020:
+ return KEX_SRP_SHA;
+ case 0xc01c:
+ case 0xc01f:
+ case 0xc022:
+ return KEX_SRP_SHA_DSS;
+ case 0xc01b:
+ case 0xc01e:
+ case 0xc021:
+ return KEX_SRP_SHA_RSA;
default:
break;
}
void
ssl_data_set(StringInfo* str, const guchar* data, guint len)
{
+ DISSECTOR_ASSERT(data);
memcpy(str->data, data, len);
str->data_len = len;
}
-
-static guint8
-from_hex_char(gchar c) {
- /* XXX, ws_xton() */
- if ((c >= '0') && (c <= '9'))
- return c - '0';
- if ((c >= 'A') && (c <= 'F'))
- return c - 'A' + 10;
- if ((c >= 'a') && (c <= 'f'))
- return c - 'a' + 10;
- return 16;
+static StringInfo *
+ssl_data_clone(StringInfo *str)
+{
+ StringInfo *cloned_str;
+ cloned_str = (StringInfo *) wmem_alloc0(wmem_file_scope(),
+ sizeof(StringInfo) + str->data_len);
+ cloned_str->data = (guchar *) (cloned_str + 1);
+ ssl_data_set(cloned_str, str->data, str->data_len);
+ return cloned_str;
}
/* from_hex converts |hex_len| bytes of hex data from |in| and sets |*out| to
- * the result. |out->data| will be allocated using se_alloc. Returns TRUE on
+ * the result. |out->data| will be allocated using wmem_file_scope. Returns TRUE on
* success. */
static gboolean from_hex(StringInfo* out, const char* in, gsize hex_len) {
gsize i;
if (hex_len & 1)
return FALSE;
- out->data_len = (guint)hex_len/2;
- out->data = (guchar *)wmem_alloc(wmem_file_scope(), out->data_len);
- for (i = 0; i < out->data_len; i++) {
+ out->data = (guchar *)wmem_alloc(wmem_file_scope(), hex_len / 2);
+ for (i = 0; i < hex_len / 2; i++) {
int a = ws_xton(in[i*2]);
int b = ws_xton(in[i*2 + 1]);
if (a == -1 || b == -1)
return FALSE;
out->data[i] = a << 4 | b;
}
+ out->data_len = (guint)hex_len / 2;
return TRUE;
}
/* decrypt data with private key. Store decrypted data directly into input
* buffer */
static int
-ssl_private_decrypt(const guint len, guchar* data, SSL_PRIVATE_KEY* pk)
+ssl_private_decrypt(const guint len, guchar* data, gcry_sexp_t pk)
{
gint rc = 0;
size_t decr_len = 0, i = 0;
return 0;
}
-#ifndef SSL_FAST
/* put the data into a simple list */
rc = gcry_sexp_build(&s_data, NULL, "(enc-val(rsa(a%m)))", encr_mpi);
if (rc != 0) {
goto out;
}
-#else /* SSL_FAST */
- rc = _gcry_rsa_decrypt(0, &text, &encr_mpi, pk,0);
- gcry_mpi_print( GCRYMPI_FMT_USG, 0, 0, &decr_len, text);
-#endif /* SSL_FAST */
-
/* sanity check on out buffer */
if (decr_len > len) {
ssl_debug_printf("pcry_private_decrypt: decrypted data is too long ?!? (%" G_GSIZE_MODIFIER "u max %d)\n", decr_len, len);
};
static SslCipherSuite cipher_suites[]={
- {0x0001,KEX_RSA, ENC_NULL, 1, 0, 0,DIG_MD5, MODE_STREAM}, /* TLS_RSA_WITH_NULL_MD5 */
- {0x0002,KEX_RSA, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA */
- {0x0003,KEX_RSA, ENC_RC4, 1,128, 40,DIG_MD5, MODE_STREAM}, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
- {0x0004,KEX_RSA, ENC_RC4, 1,128,128,DIG_MD5, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_MD5 */
- {0x0005,KEX_RSA, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_SHA */
- {0x0006,KEX_RSA, ENC_RC2, 8,128, 40,DIG_MD5, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */
- {0x0007,KEX_RSA, ENC_IDEA, 8,128,128,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_IDEA_CBC_SHA */
- {0x0008,KEX_RSA, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
- {0x0009,KEX_RSA, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_DES_CBC_SHA */
- {0x000A,KEX_RSA, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
- {0x000B,KEX_DH, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */
- {0x000C,KEX_DH, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_DES_CBC_SHA */
- {0x000D,KEX_DH, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */
- {0x000E,KEX_DH, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
- {0x000F,KEX_DH, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_DES_CBC_SHA */
- {0x0010,KEX_DH, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */
- {0x0011,KEX_DH, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
- {0x0012,KEX_DH, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */
- {0x0013,KEX_DH, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
- {0x0014,KEX_DH, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
- {0x0015,KEX_DH, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */
- {0x0016,KEX_DH, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
- {0x0017,KEX_DH, ENC_RC4, 1,128, 40,DIG_MD5, MODE_STREAM}, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
- {0x0018,KEX_DH, ENC_RC4, 1,128,128,DIG_MD5, MODE_STREAM}, /* TLS_DH_anon_WITH_RC4_128_MD5 */
- {0x0019,KEX_DH, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
- {0x001A,KEX_DH, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_DES_CBC_SHA */
- {0x001B,KEX_DH, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
- {0x002F,KEX_RSA, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA */
- {0x0030,KEX_DH, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */
- {0x0031,KEX_DH, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */
- {0x0032,KEX_DH, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */
- {0x0033,KEX_DH, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */
- {0x0034,KEX_DH, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA */
- {0x0035,KEX_RSA, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA */
- {0x0036,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */
- {0x0037,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */
- {0x0038,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */
- {0x0039,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */
- {0x003A,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA */
- {0x003B,KEX_RSA, ENC_NULL, 1, 0, 0,DIG_SHA256, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA256 */
- {0x003C,KEX_RSA, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA256 */
- {0x003D,KEX_RSA, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA256 */
- {0x003E,KEX_DH, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */
- {0x003F,KEX_DH, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */
- {0x0040,KEX_DH, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */
- {0x0041,KEX_RSA, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */
- {0x0042,KEX_DH, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */
- {0x0043,KEX_DH, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */
- {0x0044,KEX_DH, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */
- {0x0045,KEX_DH, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */
- {0x0046,KEX_DH, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */
- {0x0060,KEX_RSA, ENC_RC4, 1,128, 56,DIG_MD5, MODE_STREAM},
- {0x0061,KEX_RSA, ENC_RC2, 1,128, 56,DIG_MD5, MODE_STREAM},
- {0x0062,KEX_RSA, ENC_DES, 8, 64, 56,DIG_SHA, MODE_CBC }, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */
- {0x0063,KEX_DH, ENC_DES, 8, 64, 56,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */
- {0x0064,KEX_RSA, ENC_RC4, 1,128, 56,DIG_SHA, MODE_STREAM},
- {0x0065,KEX_DH, ENC_RC4, 1,128, 56,DIG_SHA, MODE_STREAM},
- {0x0066,KEX_DH, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM},
- {0x0067,KEX_DH, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */
- {0x0068,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */
- {0x0069,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */
- {0x006A,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */
- {0x006B,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */
- {0x006C,KEX_DH, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
- {0x006D,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
- {0x0084,KEX_RSA, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */
- {0x0085,KEX_DH, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */
- {0x0086,KEX_DH, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */
- {0x0087,KEX_DH, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */
- {0x0088,KEX_DH, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */
- {0x0089,KEX_DH, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */
- {0x008B,KEX_PSK, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC },
- {0x008C,KEX_PSK, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC },
- {0x008D,KEX_PSK, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC },
- {0x0096,KEX_RSA, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_SEED_CBC_SHA */
- {0x0097,KEX_DH, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_SEED_CBC_SHA */
- {0x0098,KEX_DH, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_SEED_CBC_SHA */
- {0x0099,KEX_DH, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */
- {0x009A,KEX_DH, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */
- {0x009B,KEX_DH, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_SEED_CBC_SHA */
- {0x009C,KEX_RSA, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_RSA_WITH_AES_128_GCM_SHA256 */
- {0x009D,KEX_RSA, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_RSA_WITH_AES_256_GCM_SHA384 */
- {0x009E,KEX_DH, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */
- {0x009F,KEX_DH, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */
- {0x00A0,KEX_DH, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */
- {0x00A1,KEX_DH, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */
- {0x00A2,KEX_DH, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */
- {0x00A3,KEX_DH, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */
- {0x00A4,KEX_DH, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */
- {0x00A5,KEX_DH, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */
- {0x00A6,KEX_DH, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
- {0x00A7,KEX_DH, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
- {0x00BA,KEX_RSA, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
- {0x00BB,KEX_DH, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
- {0x00BC,KEX_DH, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
- {0x00BD,KEX_DH, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
- {0x00BE,KEX_DH, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
- {0x00BF,KEX_DH, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */
- {0x00C0,KEX_RSA, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
- {0x00C1,KEX_DH, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
- {0x00C2,KEX_DH, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
- {0x00C3,KEX_DH, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
- {0x00C4,KEX_DH, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
- {0x00C5,KEX_DH, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */
- {0xC001,KEX_DH, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
- {0xC002,KEX_DH, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
- {0xC003,KEX_DH, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
- {0xC004,KEX_DH, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
- {0xC005,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
- {0xC006,KEX_DH, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
- {0xC007,KEX_DH, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
- {0xC008,KEX_DH, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
- {0xC009,KEX_DH, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
- {0xC00A,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
- {0xC00B,KEX_DH, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_NULL_SHA */
- {0xC00C,KEX_DH, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
- {0xC00D,KEX_DH, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
- {0xC00E,KEX_DH, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
- {0xC00F,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
- {0xC010,KEX_DH, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */
- {0xC011,KEX_DH, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
- {0xC012,KEX_DH, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
- {0xC013,KEX_DH, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
- {0xC014,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
- {0xC015,KEX_DH, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_anon_WITH_NULL_SHA */
- {0xC016,KEX_DH, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_anon_WITH_RC4_128_SHA */
- {0xC017,KEX_DH, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
- {0xC018,KEX_DH, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
- {0xC019,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
- {0xC023,KEX_DH, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
- {0xC024,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
- {0xC025,KEX_DH, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
- {0xC026,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
- {0xC027,KEX_DH, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
- {0xC028,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
- {0xC029,KEX_DH, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
- {0xC02A,KEX_DH, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
- {0xC02B,KEX_DH, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
- {0xC02C,KEX_DH, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
- {0xC02D,KEX_DH, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
- {0xC02E,KEX_DH, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
- {0xC02F,KEX_DH, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
- {0xC030,KEX_DH, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
- {0xC031,KEX_DH, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
- {0xC032,KEX_DH, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
- {0xC09C,KEX_RSA, ENC_AES, 4,128,128,DIG_NA, MODE_CCM }, /* TLS_RSA_WITH_AES_128_CCM */
- {0xC09D,KEX_RSA, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM }, /* TLS_RSA_WITH_AES_256_CCM */
- {0xC09E,KEX_DH, ENC_AES, 4,128,128,DIG_NA, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_128_CCM */
- {0xC09F,KEX_DH, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_256_CCM */
- {0xC0A0,KEX_RSA, ENC_AES, 4,128,128,DIG_NA, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_128_CCM_8 */
- {0xC0A1,KEX_RSA, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_256_CCM_8 */
- {0xC0A2,KEX_DH, ENC_AES, 4,128,128,DIG_NA, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_128_CCM_8 */
- {0xC0A3,KEX_DH, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_256_CCM_8 */
- {0xC0A4,KEX_PSK, ENC_AES, 4,128,128,DIG_NA, MODE_CCM }, /* TLS_PSK_WITH_AES_128_CCM */
- {0xC0A5,KEX_PSK, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM }, /* TLS_PSK_WITH_AES_256_CCM */
- {0xC0A8,KEX_PSK, ENC_AES, 4,128,128,DIG_NA, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_128_CCM_8 */
- {0xC0A9,KEX_PSK, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_256_CCM_8 */
+ {0x0001,KEX_RSA, ENC_NULL, 1, 0, 0,DIG_MD5, MODE_STREAM}, /* TLS_RSA_WITH_NULL_MD5 */
+ {0x0002,KEX_RSA, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA */
+ {0x0003,KEX_RSA, ENC_RC4, 1,128, 40,DIG_MD5, MODE_STREAM}, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */
+ {0x0004,KEX_RSA, ENC_RC4, 1,128,128,DIG_MD5, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_MD5 */
+ {0x0005,KEX_RSA, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_SHA */
+ {0x0006,KEX_RSA, ENC_RC2, 8,128, 40,DIG_MD5, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */
+ {0x0007,KEX_RSA, ENC_IDEA, 8,128,128,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_IDEA_CBC_SHA */
+ {0x0008,KEX_RSA, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */
+ {0x0009,KEX_RSA, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_DES_CBC_SHA */
+ {0x000A,KEX_RSA, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */
+ {0x000B,KEX_DH_DSS, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */
+ {0x000C,KEX_DH_DSS, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_DES_CBC_SHA */
+ {0x000D,KEX_DH_DSS, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */
+ {0x000E,KEX_DH_RSA, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */
+ {0x000F,KEX_DH_RSA, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_DES_CBC_SHA */
+ {0x0010,KEX_DH_RSA, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */
+ {0x0011,KEX_DHE_DSS, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */
+ {0x0012,KEX_DHE_DSS, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */
+ {0x0013,KEX_DHE_DSS, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */
+ {0x0014,KEX_DHE_RSA, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */
+ {0x0015,KEX_DHE_RSA, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */
+ {0x0016,KEX_DHE_RSA, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */
+ {0x0017,KEX_DH_ANON, ENC_RC4, 1,128, 40,DIG_MD5, MODE_STREAM}, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */
+ {0x0018,KEX_DH_ANON, ENC_RC4, 1,128,128,DIG_MD5, MODE_STREAM}, /* TLS_DH_anon_WITH_RC4_128_MD5 */
+ {0x0019,KEX_DH_ANON, ENC_DES, 8, 64, 40,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */
+ {0x001A,KEX_DH_ANON, ENC_DES, 8, 64, 64,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_DES_CBC_SHA */
+ {0x001B,KEX_DH_ANON, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */
+ {0x002C,KEX_PSK, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA */
+ {0x002D,KEX_DHE_PSK, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA */
+ {0x002E,KEX_RSA_PSK, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA */
+ {0x002F,KEX_RSA, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA */
+ {0x0030,KEX_DH_DSS, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */
+ {0x0031,KEX_DH_RSA, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */
+ {0x0032,KEX_DHE_DSS, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */
+ {0x0033,KEX_DHE_RSA, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */
+ {0x0034,KEX_DH_ANON, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA */
+ {0x0035,KEX_RSA, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA */
+ {0x0036,KEX_DH_DSS, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */
+ {0x0037,KEX_DH_RSA, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */
+ {0x0038,KEX_DHE_DSS, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */
+ {0x0039,KEX_DHE_RSA, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */
+ {0x003A,KEX_DH_ANON, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA */
+ {0x003B,KEX_RSA, ENC_NULL, 1, 0, 0,DIG_SHA256, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA256 */
+ {0x003C,KEX_RSA, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA256 */
+ {0x003D,KEX_RSA, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA256 */
+ {0x003E,KEX_DH_DSS, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */
+ {0x003F,KEX_DH_RSA, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */
+ {0x0040,KEX_DHE_DSS, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */
+ {0x0041,KEX_RSA, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */
+ {0x0042,KEX_DH_DSS, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */
+ {0x0043,KEX_DH_RSA, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */
+ {0x0044,KEX_DHE_DSS, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */
+ {0x0045,KEX_DHE_RSA, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */
+ {0x0046,KEX_DH_ANON, ENC_CAMELLIA128,16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */
+ {0x0060,KEX_RSA, ENC_RC4, 1,128, 56,DIG_MD5, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 */
+ {0x0061,KEX_RSA, ENC_RC2, 1,128, 56,DIG_MD5, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 */
+ {0x0062,KEX_RSA, ENC_DES, 8, 64, 56,DIG_SHA, MODE_CBC }, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */
+ {0x0063,KEX_DHE_DSS, ENC_DES, 8, 64, 56,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */
+ {0x0064,KEX_RSA, ENC_RC4, 1,128, 56,DIG_SHA, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */
+ {0x0065,KEX_DHE_DSS, ENC_RC4, 1,128, 56,DIG_SHA, MODE_STREAM}, /* TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA */
+ {0x0066,KEX_DHE_DSS, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_DHE_DSS_WITH_RC4_128_SHA */
+ {0x0067,KEX_DHE_RSA, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */
+ {0x0068,KEX_DH_DSS, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */
+ {0x0069,KEX_DH_RSA, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */
+ {0x006A,KEX_DHE_DSS, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */
+ {0x006B,KEX_DHE_RSA, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */
+ {0x006C,KEX_DH_ANON, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
+ {0x006D,KEX_DH_ANON, ENC_AES256, 16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
+ {0x0084,KEX_RSA, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */
+ {0x0085,KEX_DH_DSS, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */
+ {0x0086,KEX_DH_RSA, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */
+ {0x0087,KEX_DHE_DSS, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */
+ {0x0088,KEX_DHE_RSA, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */
+ {0x0089,KEX_DH_ANON, ENC_CAMELLIA256,16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */
+ {0x008A,KEX_PSK, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_PSK_WITH_RC4_128_SHA */
+ {0x008B,KEX_PSK, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_PSK_WITH_3DES_EDE_CBC_SHA */
+ {0x008C,KEX_PSK, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_PSK_WITH_AES_128_CBC_SHA */
+ {0x008D,KEX_PSK, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_PSK_WITH_AES_256_CBC_SHA */
+ {0x008E,KEX_DHE_PSK, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_DHE_PSK_WITH_RC4_128_SHA */
+ {0x008F,KEX_DHE_PSK, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA */
+ {0x0090,KEX_DHE_PSK, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA */
+ {0x0091,KEX_DHE_PSK, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA */
+ {0x0092,KEX_RSA_PSK, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_RSA_PSK_WITH_RC4_128_SHA */
+ {0x0093,KEX_RSA_PSK, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA */
+ {0x0094,KEX_RSA_PSK, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA */
+ {0x0095,KEX_RSA_PSK, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA */
+ {0x0096,KEX_RSA, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_RSA_WITH_SEED_CBC_SHA */
+ {0x0097,KEX_DH_DSS, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_DSS_WITH_SEED_CBC_SHA */
+ {0x0098,KEX_DH_RSA, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_RSA_WITH_SEED_CBC_SHA */
+ {0x0099,KEX_DHE_DSS, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */
+ {0x009A,KEX_DHE_RSA, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */
+ {0x009B,KEX_DH_ANON, ENC_SEED, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_DH_anon_WITH_SEED_CBC_SHA */
+ {0x009C,KEX_RSA, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_RSA_WITH_AES_128_GCM_SHA256 */
+ {0x009D,KEX_RSA, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_RSA_WITH_AES_256_GCM_SHA384 */
+ {0x009E,KEX_DHE_RSA, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */
+ {0x009F,KEX_DHE_RSA, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */
+ {0x00A0,KEX_DH_RSA, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */
+ {0x00A1,KEX_DH_RSA, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */
+ {0x00A2,KEX_DHE_DSS, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */
+ {0x00A3,KEX_DHE_DSS, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */
+ {0x00A4,KEX_DH_DSS, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */
+ {0x00A5,KEX_DH_DSS, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */
+ {0x00A6,KEX_DH_ANON, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
+ {0x00A7,KEX_DH_ANON, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
+ {0x00A8,KEX_PSK, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_PSK_WITH_AES_128_GCM_SHA256 */
+ {0x00A9,KEX_PSK, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_PSK_WITH_AES_256_GCM_SHA384 */
+ {0x00AA,KEX_DHE_PSK, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */
+ {0x00AB,KEX_DHE_PSK, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */
+ {0x00AC,KEX_RSA_PSK, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 */
+ {0x00AD,KEX_RSA_PSK, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 */
+ {0x00AE,KEX_PSK, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_PSK_WITH_AES_128_CBC_SHA256 */
+ {0x00AF,KEX_PSK, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_PSK_WITH_AES_256_CBC_SHA384 */
+ {0x00B0,KEX_PSK, ENC_NULL, 1, 0, 0,DIG_SHA256, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA256 */
+ {0x00B1,KEX_PSK, ENC_NULL, 1, 0, 0,DIG_SHA384, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA384 */
+ {0x00B2,KEX_DHE_PSK, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */
+ {0x00B3,KEX_DHE_PSK, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */
+ {0x00B4,KEX_DHE_PSK, ENC_NULL, 1, 0, 0,DIG_SHA256, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA256 */
+ {0x00B5,KEX_DHE_PSK, ENC_NULL, 1, 0, 0,DIG_SHA384, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA384 */
+ {0x00B6,KEX_RSA_PSK, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 */
+ {0x00B7,KEX_RSA_PSK, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 */
+ {0x00B8,KEX_RSA_PSK, ENC_NULL, 1, 0, 0,DIG_SHA256, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA256 */
+ {0x00B9,KEX_RSA_PSK, ENC_NULL, 1, 0, 0,DIG_SHA384, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA384 */
+ {0x00BA,KEX_RSA, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0x00BB,KEX_DH_DSS, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0x00BC,KEX_DH_RSA, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0x00BD,KEX_DHE_DSS, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0x00BE,KEX_DHE_RSA, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0x00BF,KEX_DH_ANON, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0x00C0,KEX_RSA, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+ {0x00C1,KEX_DH_DSS, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
+ {0x00C2,KEX_DH_RSA, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+ {0x00C3,KEX_DHE_DSS, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
+ {0x00C4,KEX_DHE_RSA, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
+ {0x00C5,KEX_DH_ANON, ENC_CAMELLIA256,16,256,256,DIG_SHA256, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */
+ {0xC001,KEX_ECDH_ECDSA, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
+ {0xC002,KEX_ECDH_ECDSA, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
+ {0xC003,KEX_ECDH_ECDSA, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
+ {0xC004,KEX_ECDH_ECDSA, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
+ {0xC005,KEX_ECDH_ECDSA, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
+ {0xC006,KEX_ECDHE_ECDSA, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
+ {0xC007,KEX_ECDHE_ECDSA, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
+ {0xC008,KEX_ECDHE_ECDSA, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
+ {0xC009,KEX_ECDHE_ECDSA, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
+ {0xC00A,KEX_ECDHE_ECDSA, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
+ {0xC00B,KEX_ECDH_RSA, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_NULL_SHA */
+ {0xC00C,KEX_ECDH_RSA, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
+ {0xC00D,KEX_ECDH_RSA, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
+ {0xC00E,KEX_ECDH_RSA, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
+ {0xC00F,KEX_ECDH_RSA, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
+ {0xC010,KEX_ECDHE_RSA, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */
+ {0xC011,KEX_ECDHE_RSA, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
+ {0xC012,KEX_ECDHE_RSA, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
+ {0xC013,KEX_ECDHE_RSA, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
+ {0xC014,KEX_ECDHE_RSA, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
+ {0xC015,KEX_ECDH_ANON, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_anon_WITH_NULL_SHA */
+ {0xC016,KEX_ECDH_ANON, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDH_anon_WITH_RC4_128_SHA */
+ {0xC017,KEX_ECDH_ANON, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
+ {0xC018,KEX_ECDH_ANON, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
+ {0xC019,KEX_ECDH_ANON, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
+ {0xC023,KEX_ECDHE_ECDSA, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
+ {0xC024,KEX_ECDHE_ECDSA, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
+ {0xC025,KEX_ECDH_ECDSA, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
+ {0xC026,KEX_ECDH_ECDSA, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */
+ {0xC027,KEX_ECDHE_RSA, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */
+ {0xC028,KEX_ECDHE_RSA, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
+ {0xC029,KEX_ECDH_RSA, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
+ {0xC02A,KEX_ECDH_RSA, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
+ {0xC02B,KEX_ECDHE_ECDSA, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
+ {0xC02C,KEX_ECDHE_ECDSA, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
+ {0xC02D,KEX_ECDH_ECDSA, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
+ {0xC02E,KEX_ECDH_ECDSA, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
+ {0xC02F,KEX_ECDHE_RSA, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
+ {0xC030,KEX_ECDHE_RSA, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
+ {0xC031,KEX_ECDH_RSA, ENC_AES, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
+ {0xC032,KEX_ECDH_RSA, ENC_AES256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
+ {0xC033,KEX_ECDHE_PSK, ENC_RC4, 1,128,128,DIG_SHA, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_RC4_128_SHA */
+ {0xC034,KEX_ECDHE_PSK, ENC_3DES, 8,192,192,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA */
+ {0xC035,KEX_ECDHE_PSK, ENC_AES, 16,128,128,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA */
+ {0xC036,KEX_ECDHE_PSK, ENC_AES256, 16,256,256,DIG_SHA, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA */
+ {0xC037,KEX_ECDHE_PSK, ENC_AES, 16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */
+ {0xC038,KEX_ECDHE_PSK, ENC_AES256, 16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 */
+ {0xC039,KEX_ECDHE_PSK, ENC_NULL, 1, 0, 0,DIG_SHA, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA */
+ {0xC03A,KEX_ECDHE_PSK, ENC_NULL, 1, 0, 0,DIG_SHA256, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */
+ {0xC03B,KEX_ECDHE_PSK, ENC_NULL, 1, 0, 0,DIG_SHA384, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA384 */
+ {0xC072,KEX_ECDHE_ECDSA, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0xC073,KEX_ECDHE_ECDSA, ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */
+ {0xC074,KEX_ECDH_ECDSA, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0xC075,KEX_ECDH_ECDSA, ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */
+ {0xC076,KEX_ECDHE_RSA, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0xC077,KEX_ECDHE_RSA, ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 */
+ {0xC078,KEX_ECDH_RSA, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0xC079,KEX_ECDH_RSA, ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 */
+ {0xC07A,KEX_RSA, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC07B,KEX_RSA, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC07C,KEX_DHE_RSA, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC07D,KEX_DHE_RSA, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC07E,KEX_DH_RSA, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC07F,KEX_DH_RSA, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC080,KEX_DHE_DSS, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC081,KEX_DHE_DSS, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC082,KEX_DH_DSS, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC083,KEX_DH_DSS, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC084,KEX_DH_ANON, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC085,KEX_DH_ANON, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC086,KEX_ECDHE_ECDSA, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC087,KEX_ECDHE_ECDSA, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC088,KEX_ECDH_ECDSA, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC089,KEX_ECDH_ECDSA, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC08A,KEX_ECDHE_RSA, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC08B,KEX_ECDHE_RSA, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC08C,KEX_ECDH_RSA, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC08D,KEX_ECDH_RSA, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC08E,KEX_PSK, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC08F,KEX_PSK, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC090,KEX_DHE_PSK, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC091,KEX_DHE_PSK, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC092,KEX_RSA_PSK, ENC_CAMELLIA128, 4,128,128,DIG_SHA256, MODE_GCM }, /* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 */
+ {0xC093,KEX_RSA_PSK, ENC_CAMELLIA256, 4,256,256,DIG_SHA384, MODE_GCM }, /* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 */
+ {0xC094,KEX_PSK, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0xC095,KEX_PSK, ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
+ {0xC096,KEX_DHE_PSK, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0xC097,KEX_DHE_PSK, ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
+ {0xC098,KEX_RSA_PSK, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0xC099,KEX_RSA_PSK, ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
+ {0xC09A,KEX_ECDHE_PSK, ENC_CAMELLIA128,16,128,128,DIG_SHA256, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */
+ {0xC09B,KEX_ECDHE_PSK, ENC_CAMELLIA256,16,256,256,DIG_SHA384, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */
+ {0xC09C,KEX_RSA, ENC_AES, 4,128,128,DIG_NA, MODE_CCM }, /* TLS_RSA_WITH_AES_128_CCM */
+ {0xC09D,KEX_RSA, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM }, /* TLS_RSA_WITH_AES_256_CCM */
+ {0xC09E,KEX_DHE_RSA, ENC_AES, 4,128,128,DIG_NA, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_128_CCM */
+ {0xC09F,KEX_DHE_RSA, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_256_CCM */
+ {0xC0A0,KEX_RSA, ENC_AES, 4,128,128,DIG_NA, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_128_CCM_8 */
+ {0xC0A1,KEX_RSA, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_256_CCM_8 */
+ {0xC0A2,KEX_DHE_RSA, ENC_AES, 4,128,128,DIG_NA, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_128_CCM_8 */
+ {0xC0A3,KEX_DHE_RSA, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_256_CCM_8 */
+ {0xC0A4,KEX_PSK, ENC_AES, 4,128,128,DIG_NA, MODE_CCM }, /* TLS_PSK_WITH_AES_128_CCM */
+ {0xC0A5,KEX_PSK, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM }, /* TLS_PSK_WITH_AES_256_CCM */
+ {0xC0A6,KEX_DHE_PSK, ENC_AES, 4,128,128,DIG_NA, MODE_CCM }, /* TLS_DHE_PSK_WITH_AES_128_CCM */
+ {0xC0A7,KEX_DHE_PSK, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM }, /* TLS_DHE_PSK_WITH_AES_256_CCM */
+ {0xC0A8,KEX_PSK, ENC_AES, 4,128,128,DIG_NA, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_128_CCM_8 */
+ {0xC0A9,KEX_PSK, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_256_CCM_8 */
+ {0xC0AA,KEX_DHE_PSK, ENC_AES, 4,128,128,DIG_NA, MODE_CCM_8 }, /* TLS_PSK_DHE_WITH_AES_128_CCM_8 */
+ {0xC0AB,KEX_DHE_PSK, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM_8 }, /* TLS_PSK_DHE_WITH_AES_256_CCM_8 */
+ {0xC0AC,KEX_ECDHE_ECDSA, ENC_AES, 4,128,128,DIG_NA, MODE_CCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */
+ {0xC0AD,KEX_ECDHE_ECDSA, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM */
+ {0xC0AE,KEX_ECDHE_ECDSA, ENC_AES, 4,128,128,DIG_NA, MODE_CCM_8 }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */
+ {0xC0AF,KEX_ECDHE_ECDSA, ENC_AES256, 4,256,256,DIG_NA, MODE_CCM_8 }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */
{-1, 0, 0, 0, 0, 0,0, MODE_STREAM}
};
return -1;
}
-static gint
-tls_hash(StringInfo* secret, StringInfo* seed, gint md, StringInfo* out)
+static void
+tls_hash(StringInfo *secret, StringInfo *seed, gint md,
+ StringInfo *out, guint out_len)
{
+ /* RFC 2246 5. HMAC and the pseudorandom function
+ * '+' denotes concatenation.
+ * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
+ * HMAC_hash(secret, A(2) + seed) + ...
+ * A(0) = seed
+ * A(i) = HMAC_hash(secret, A(i - 1))
+ */
guint8 *ptr;
- guint left;
- gint tocpy;
+ guint left, tocpy;
guint8 *A;
- guint8 _A[DIGEST_MAX_SIZE],tmp[DIGEST_MAX_SIZE];
- guint A_l,tmp_l;
+ guint8 _A[DIGEST_MAX_SIZE], tmp[DIGEST_MAX_SIZE];
+ guint A_l, tmp_l;
SSL_HMAC hm;
- ptr = out->data;
- left = out->data_len;
+ ptr = out->data;
+ left = out_len;
ssl_print_string("tls_hash: hash secret", secret);
ssl_print_string("tls_hash: hash seed", seed);
- A=seed->data;
- A_l=seed->data_len;
-
- while(left){
- ssl_hmac_init(&hm,secret->data,secret->data_len,md);
- ssl_hmac_update(&hm,A,A_l);
- A_l = sizeof(_A);
- ssl_hmac_final(&hm,_A,&A_l);
+ /* A(0) = seed */
+ A = seed->data;
+ A_l = seed->data_len;
+
+ while (left) {
+ /* A(i) = HMAC_hash(secret, A(i-1)) */
+ ssl_hmac_init(&hm, secret->data, secret->data_len, md);
+ ssl_hmac_update(&hm, A, A_l);
+ A_l = sizeof(_A); /* upper bound len for hash output */
+ ssl_hmac_final(&hm, _A, &A_l);
ssl_hmac_cleanup(&hm);
- A=_A;
-
- ssl_hmac_init(&hm,secret->data,secret->data_len,md);
- ssl_hmac_update(&hm,A,A_l);
- ssl_hmac_update(&hm,seed->data,seed->data_len);
- tmp_l = sizeof(tmp);
- ssl_hmac_final(&hm,tmp,&tmp_l);
+ A = _A;
+
+ /* HMAC_hash(secret, A(i) + seed) */
+ ssl_hmac_init(&hm, secret->data, secret->data_len, md);
+ ssl_hmac_update(&hm, A, A_l);
+ ssl_hmac_update(&hm, seed->data, seed->data_len);
+ tmp_l = sizeof(tmp); /* upper bound len for hash output */
+ ssl_hmac_final(&hm, tmp, &tmp_l);
ssl_hmac_cleanup(&hm);
- tocpy=MIN(left,tmp_l);
- memcpy(ptr,tmp,tocpy);
- ptr+=tocpy;
- left-=tocpy;
+ /* ssl_hmac_final puts the actual digest output size in tmp_l */
+ tocpy = MIN(left, tmp_l);
+ memcpy(ptr, tmp, tocpy);
+ ptr += tocpy;
+ left -= tocpy;
}
+ out->data_len = out_len;
ssl_print_string("hash out", out);
- return (0);
}
-static gint
+static gboolean
tls_prf(StringInfo* secret, const gchar *usage,
- StringInfo* rnd1, StringInfo* rnd2, StringInfo* out)
+ StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, guint out_len)
{
StringInfo seed, sha_out, md5_out;
guint8 *ptr;
StringInfo s1, s2;
- guint i,s_l, r;
- size_t usage_len;
- r = -1;
+ guint i,s_l;
+ size_t usage_len, rnd2_len;
+ gboolean success = FALSE;
usage_len = strlen(usage);
+ rnd2_len = rnd2 ? rnd2->data_len : 0;
/* initalize buffer for sha, md5 random seed*/
- if (ssl_data_alloc(&sha_out, MAX(out->data_len,20)) < 0) {
+ if (ssl_data_alloc(&sha_out, MAX(out_len, 20)) < 0) {
ssl_debug_printf("tls_prf: can't allocate sha out\n");
- return -1;
+ return FALSE;
}
- if (ssl_data_alloc(&md5_out, MAX(out->data_len,16)) < 0) {
+ if (ssl_data_alloc(&md5_out, MAX(out_len, 16)) < 0) {
ssl_debug_printf("tls_prf: can't allocate md5 out\n");
goto free_sha;
}
- if (ssl_data_alloc(&seed, usage_len+rnd1->data_len+rnd2->data_len) < 0) {
+ if (ssl_data_alloc(&seed, usage_len+rnd1->data_len+rnd2_len) < 0) {
ssl_debug_printf("tls_prf: can't allocate rnd %d\n",
- (int) (usage_len+rnd1->data_len+rnd2->data_len));
+ (int) (usage_len+rnd1->data_len+rnd2_len));
goto free_md5;
}
memcpy(ptr,usage,usage_len);
ptr+=usage_len;
memcpy(ptr,rnd1->data,rnd1->data_len);
- ptr+=rnd1->data_len;
- memcpy(ptr,rnd2->data,rnd2->data_len);
- /*ptr+=rnd2->data_len;*/
+ if (rnd2_len > 0) {
+ ptr+=rnd1->data_len;
+ memcpy(ptr,rnd2->data,rnd2->data_len);
+ /*ptr+=rnd2->data_len;*/
+ }
/* initalize buffer for client/server seeds*/
s_l=secret->data_len/2 + secret->data_len%2;
memcpy(s2.data,secret->data + (secret->data_len - s_l),s_l);
ssl_debug_printf("tls_prf: tls_hash(md5 secret_len %d seed_len %d )\n", s1.data_len, seed.data_len);
- if(tls_hash(&s1,&seed,ssl_get_digest_by_name("MD5"),&md5_out) != 0)
- goto free_all;
+ tls_hash(&s1, &seed, ssl_get_digest_by_name("MD5"), &md5_out, out_len);
ssl_debug_printf("tls_prf: tls_hash(sha)\n");
- if(tls_hash(&s2,&seed,ssl_get_digest_by_name("SHA1"),&sha_out) != 0)
- goto free_all;
+ tls_hash(&s2, &seed, ssl_get_digest_by_name("SHA1"), &sha_out, out_len);
- for(i=0;i<out->data_len;i++)
- out->data[i]=md5_out.data[i] ^ sha_out.data[i];
- r =0;
+ for (i = 0; i < out_len; i++)
+ out->data[i] = md5_out.data[i] ^ sha_out.data[i];
+ /* success, now store the new meaningful data length */
+ out->data_len = out_len;
+ success = TRUE;
ssl_print_string("PRF out",out);
-free_all:
g_free(s2.data);
free_s1:
g_free(s1.data);
g_free(md5_out.data);
free_sha:
g_free(sha_out.data);
- return r;
+ return success;
}
-static gint
-tls12_prf(gint md, StringInfo* secret, const gchar* usage, StringInfo* rnd1, StringInfo* rnd2, StringInfo* out)
+static gboolean
+tls12_prf(gint md, StringInfo* secret, const gchar* usage,
+ StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, guint out_len)
{
StringInfo label_seed;
- size_t usage_len;
+ size_t usage_len, rnd2_len;
+ rnd2_len = rnd2 ? rnd2->data_len : 0;
usage_len = strlen(usage);
- if (ssl_data_alloc(&label_seed, usage_len+rnd1->data_len+rnd2->data_len) < 0) {
+ if (ssl_data_alloc(&label_seed, usage_len+rnd1->data_len+rnd2_len) < 0) {
ssl_debug_printf("tls12_prf: can't allocate label_seed\n");
- return -1;
+ return FALSE;
}
memcpy(label_seed.data, usage, usage_len);
memcpy(label_seed.data+usage_len, rnd1->data, rnd1->data_len);
- memcpy(label_seed.data+usage_len+rnd1->data_len, rnd2->data, rnd2->data_len);
+ if (rnd2_len > 0)
+ memcpy(label_seed.data+usage_len+rnd1->data_len, rnd2->data, rnd2->data_len);
ssl_debug_printf("tls12_prf: tls_hash(hash_alg %s secret_len %d seed_len %d )\n", gcry_md_algo_name(md), secret->data_len, label_seed.data_len);
- if (tls_hash(secret, &label_seed, md, out) != 0){
- g_free(label_seed.data);
- return -1;
- }
+ tls_hash(secret, &label_seed, md, out, out_len);
+ g_free(label_seed.data);
ssl_print_string("PRF out", out);
- return 0;
+ return TRUE;
}
-static gint
-ssl3_generate_export_iv(StringInfo* r1,
- StringInfo* r2, StringInfo* out)
+static void
+ssl3_generate_export_iv(StringInfo *r1, StringInfo *r2,
+ StringInfo *out, guint out_len)
{
SSL_MD5_CTX md5;
guint8 tmp[16];
ssl_md5_final(tmp,&md5);
ssl_md5_cleanup(&md5);
- memcpy(out->data,tmp,out->data_len);
+ DISSECTOR_ASSERT(out_len <= sizeof(tmp));
+ ssl_data_set(out, tmp, out_len);
ssl_print_string("export iv", out);
-
- return(0);
}
-static gint
+static gboolean
ssl3_prf(StringInfo* secret, const gchar* usage,
- StringInfo* r1,
- StringInfo* r2,StringInfo* out)
+ StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, guint out_len)
{
SSL_MD5_CTX md5;
SSL_SHA_CTX sha;
- StringInfo *rnd1,*rnd2;
guint off;
gint i = 0,j;
guint8 buf[20];
- rnd1=r1; rnd2=r2;
-
- for(off=0;off<out->data_len;off+=16){
+ for (off = 0; off < out_len; off += 16) {
guchar outbuf[16];
- gint tocpy;
i++;
ssl_debug_printf("ssl3_prf: sha1_hash(%d)\n",i);
ssl_sha_update(&sha,secret->data,secret->data_len);
if(!strcmp(usage,"client write key") || !strcmp(usage,"server write key")){
- ssl_sha_update(&sha,rnd2->data,rnd2->data_len);
+ if (rnd2)
+ ssl_sha_update(&sha,rnd2->data,rnd2->data_len);
ssl_sha_update(&sha,rnd1->data,rnd1->data_len);
}
else{
ssl_sha_update(&sha,rnd1->data,rnd1->data_len);
- ssl_sha_update(&sha,rnd2->data,rnd2->data_len);
+ if (rnd2)
+ ssl_sha_update(&sha,rnd2->data,rnd2->data_len);
}
ssl_sha_final(buf,&sha);
ssl_md5_final(outbuf,&md5);
ssl_md5_cleanup(&md5);
- tocpy=MIN(out->data_len-off,16);
- memcpy(out->data+off,outbuf,tocpy);
+ memcpy(out->data + off, outbuf, MIN(out_len - off, 16));
}
+ out->data_len = out_len;
- return(0);
+ return TRUE;
}
-static gint prf(SslDecryptSession* ssl,StringInfo* secret,const gchar* usage,StringInfo* rnd1,StringInfo* rnd2,StringInfo* out)
+/* out_len is the wanted output length for the pseudorandom function */
+static gboolean
+prf(SslDecryptSession *ssl, StringInfo *secret, const gchar *usage,
+ StringInfo *rnd1, StringInfo *rnd2, StringInfo *out, guint out_len)
{
- gint ret;
- if (ssl->version_netorder==SSLV3_VERSION){
- ret = ssl3_prf(secret,usage,rnd1,rnd2,out);
- }else if (ssl->version_netorder==TLSV1_VERSION || ssl->version_netorder==TLSV1DOT1_VERSION ||
- ssl->version_netorder==DTLSV1DOT0_VERSION || ssl->version_netorder==DTLSV1DOT0_VERSION_NOT){
- ret = tls_prf(secret,usage,rnd1,rnd2,out);
- }else{
- if (ssl->cipher_suite.dig == DIG_SHA384){
- ret = tls12_prf(GCRY_MD_SHA384, secret, usage, rnd1, rnd2, out);
- }else{
- ret = tls12_prf(GCRY_MD_SHA256, secret, usage, rnd1, rnd2, out);
+ switch (ssl->version_netorder) {
+ case SSLV3_VERSION:
+ return ssl3_prf(secret, usage, rnd1, rnd2, out, out_len);
+
+ case TLSV1_VERSION:
+ case TLSV1DOT1_VERSION:
+ case DTLSV1DOT0_VERSION:
+ case DTLSV1DOT0_VERSION_NOT:
+ return tls_prf(secret, usage, rnd1, rnd2, out, out_len);
+
+ default: /* TLSv1.2 */
+ switch (ssl->cipher_suite.dig) {
+ case DIG_SHA384:
+ return tls12_prf(GCRY_MD_SHA384, secret, usage, rnd1, rnd2,
+ out, out_len);
+ default:
+ return tls12_prf(GCRY_MD_SHA256, secret, usage, rnd1, rnd2,
+ out, out_len);
}
}
- return ret;
+}
+
+static gint tls_handshake_hash(SslDecryptSession* ssl, StringInfo* out)
+{
+ SSL_MD5_CTX md5;
+ SSL_SHA_CTX sha;
+
+ if (ssl_data_alloc(out, 36) < 0)
+ return -1;
+
+ ssl_md5_init(&md5);
+ ssl_md5_update(&md5,ssl->handshake_data.data,ssl->handshake_data.data_len);
+ ssl_md5_final(out->data,&md5);
+ ssl_md5_cleanup(&md5);
+
+ ssl_sha_init(&sha);
+ ssl_sha_update(&sha,ssl->handshake_data.data,ssl->handshake_data.data_len);
+ ssl_sha_final(out->data+16,&sha);
+ ssl_sha_cleanup(&sha);
+ return 0;
+}
+
+static gint tls12_handshake_hash(SslDecryptSession* ssl, gint md, StringInfo* out)
+{
+ SSL_MD mc;
+ guint8 tmp[48];
+ guint len;
+
+ ssl_md_init(&mc, md);
+ ssl_md_update(&mc,ssl->handshake_data.data,ssl->handshake_data.data_len);
+ ssl_md_final(&mc, tmp, &len);
+ ssl_md_cleanup(&mc);
+
+ if (ssl_data_alloc(out, len) < 0)
+ return -1;
+ memcpy(out->data, tmp, len);
+ return 0;
}
static SslFlow*
return dec;
}
+static int
+ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session,
+ StringInfo *encrypted_pre_master,
+ gcry_sexp_t pk);
+static gboolean
+ssl_restore_master_key(SslDecryptSession *ssl, const char *label,
+ gboolean is_pre_master, GHashTable *ht, StringInfo *key);
-int
+gboolean
ssl_generate_pre_master_secret(SslDecryptSession *ssl_session,
guint32 length, tvbuff_t *tvb, guint32 offset,
- const gchar *ssl_psk, const gchar *keylog_filename)
+ const gchar *ssl_psk,
+ const ssl_master_key_map_t *mk_map)
{
/* check for required session data */
- ssl_debug_printf("ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state %X\n",
- ssl_session->state);
+ ssl_debug_printf("%s: found SSL_HND_CLIENT_KEY_EXCHG, state %X\n",
+ G_STRFUNC, ssl_session->state);
if ((ssl_session->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) !=
(SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) {
- ssl_debug_printf("ssl_generate_pre_master_secret: not enough data to generate key (required state %X)\n",
+ ssl_debug_printf("%s: not enough data to generate key (required state %X)\n", G_STRFUNC,
(SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION));
- return -1;
+ return FALSE;
+ }
+
+ /* check to see if the PMS was provided to us*/
+ if (ssl_restore_master_key(ssl_session, "Unencrypted pre-master secret", TRUE,
+ mk_map->pms, &ssl_session->client_random)) {
+ return TRUE;
}
if (ssl_session->cipher_suite.kex == KEX_PSK)
guint psk_len, pre_master_len;
if (!ssl_psk || (ssl_psk[0] == 0)) {
- ssl_debug_printf("ssl_generate_pre_master_secret: can't find pre-shared-key\n");
- return -1;
+ ssl_debug_printf("%s: can't find pre-shared-key\n", G_STRFUNC);
+ return FALSE;
}
/* convert hex string into char*/
if (!from_hex(&ssl_session->psk, ssl_psk, strlen(ssl_psk))) {
- ssl_debug_printf("ssl_generate_pre_master_secret: ssl.psk/dtls.psk contains invalid hex\n");
- return -1;
+ ssl_debug_printf("%s: ssl.psk/dtls.psk contains invalid hex\n",
+ G_STRFUNC);
+ return FALSE;
}
psk_len = ssl_session->psk.data_len;
if (psk_len >= (2 << 15)) {
- ssl_debug_printf("ssl_generate_pre_master_secret: ssl.psk/dtls.psk must not be larger than 2^15 - 1\n");
- return -1;
+ ssl_debug_printf("%s: ssl.psk/dtls.psk must not be larger than 2^15 - 1\n",
+ G_STRFUNC);
+ return FALSE;
}
case we're renegotiating */
ssl_session->state &= ~(SSL_MASTER_SECRET|SSL_HAVE_SESSION_KEY);
ssl_session->state |= SSL_PRE_MASTER_SECRET;
- return 0;
+ return TRUE;
}
else
{
StringInfo encrypted_pre_master;
- gint ret;
guint encrlen, skip;
encrlen = length;
skip = 0;
* in case of rsa1024 that would be 128 + 2 = 130; for psk not necessary
*/
if (ssl_session->cipher_suite.kex == KEX_RSA &&
- (ssl_session->version == SSL_VER_TLS || ssl_session->version == SSL_VER_TLSv1DOT1 ||
- ssl_session->version == SSL_VER_TLSv1DOT2 || ssl_session->version == SSL_VER_DTLS ||
- ssl_session->version == SSL_VER_DTLS1DOT2))
+ (ssl_session->session.version == SSL_VER_TLS || ssl_session->session.version == SSL_VER_TLSv1DOT1 ||
+ ssl_session->session.version == SSL_VER_TLSv1DOT2 || ssl_session->session.version == SSL_VER_DTLS ||
+ ssl_session->session.version == SSL_VER_DTLS1DOT2))
{
encrlen = tvb_get_ntohs(tvb, offset);
skip = 2;
if (encrlen > length - 2)
{
- ssl_debug_printf("ssl_generate_pre_master_secret: wrong encrypted length (%d max %d)\n",
- encrlen, length);
- return -1;
+ ssl_debug_printf("%s: wrong encrypted length (%d max %d)\n",
+ G_STRFUNC, encrlen, length);
+ return FALSE;
}
}
+ /* the valid lower bound is higher than 8, but it is sufficient for the
+ * ssl keylog file below */
+ if (encrlen < 8) {
+ ssl_debug_printf("%s: invalid encrypted pre-master key length %d\n",
+ G_STRFUNC, encrlen);
+ return FALSE;
+ }
+
encrypted_pre_master.data = (guchar *)wmem_alloc(wmem_file_scope(), encrlen);
encrypted_pre_master.data_len = encrlen;
tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
if (ssl_session->private_key) {
- /* go with ssl key processessing; encrypted_pre_master
- * will be used for master secret store*/
- ret = ssl_decrypt_pre_master_secret(ssl_session, &encrypted_pre_master, ssl_session->private_key);
- if (ret < 0) {
- ssl_debug_printf("ssl_generate_pre_master_secret: can't decrypt pre master secret\n");
- return -1;
- }
- return 0;
- } else if (keylog_filename != NULL) {
- /* try to find the key in the key log */
- if (ssl_keylog_lookup(ssl_session, keylog_filename, &encrypted_pre_master) < 0) {
- return -1;
- }
- return 0;
+ /* try to decrypt encrypted pre-master with RSA key */
+ if (ssl_decrypt_pre_master_secret(ssl_session,
+ &encrypted_pre_master, ssl_session->private_key))
+ return TRUE;
+
+ ssl_debug_printf("%s: can't decrypt pre-master secret\n",
+ G_STRFUNC);
}
+
+ /* try to find the pre-master secret from the encrypted one. The
+ * ssl key logfile stores only the first 8 bytes, so truncate it */
+ encrypted_pre_master.data_len = 8;
+ if (ssl_restore_master_key(ssl_session, "Encrypted pre-master secret",
+ TRUE, mk_map->pre_master, &encrypted_pre_master))
+ return TRUE;
}
- return -1;
+ return FALSE;
}
int
return -1;
}
- /* if master_key is not yet generate, create it now*/
+ /* if master key is not available, generate is from the pre-master secret */
if (!(ssl_session->state & SSL_MASTER_SECRET)) {
- ssl_debug_printf("ssl_generate_keyring_material:PRF(pre_master_secret)\n");
- ssl_print_string("pre master secret",&ssl_session->pre_master_secret);
- ssl_print_string("client random",&ssl_session->client_random);
- ssl_print_string("server random",&ssl_session->server_random);
- if (prf(ssl_session,&ssl_session->pre_master_secret,"master secret",
- &ssl_session->client_random,
- &ssl_session->server_random, &ssl_session->master_secret)) {
- ssl_debug_printf("ssl_generate_keyring_material can't generate master_secret\n");
- return -1;
+ if ((ssl_session->state & SSL_EXTENDED_MASTER_SECRET_MASK) == SSL_EXTENDED_MASTER_SECRET_MASK) {
+ StringInfo handshake_hashed_data;
+ gint ret;
+
+ handshake_hashed_data.data = NULL;
+ handshake_hashed_data.data_len = 0;
+
+ ssl_debug_printf("%s:PRF(pre_master_secret_extended)\n", G_STRFUNC);
+ ssl_print_string("pre master secret",&ssl_session->pre_master_secret);
+ DISSECTOR_ASSERT(ssl_session->handshake_data.data_len > 0);
+
+ switch(ssl_session->version_netorder) {
+ case TLSV1_VERSION:
+ case TLSV1DOT1_VERSION:
+ case DTLSV1DOT0_VERSION:
+ case DTLSV1DOT0_VERSION_NOT:
+ ret = tls_handshake_hash(ssl_session, &handshake_hashed_data);
+ break;
+ default:
+ switch (ssl_session->cipher_suite.dig) {
+ case DIG_SHA384:
+ ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA384, &handshake_hashed_data);
+ break;
+ default:
+ ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA256, &handshake_hashed_data);
+ break;
+ }
+ break;
+ }
+ if (ret) {
+ ssl_debug_printf("%s can't generate handshake hash\n", G_STRFUNC);
+ return -1;
+ }
+
+ wmem_free(wmem_file_scope(), ssl_session->handshake_data.data);
+ ssl_session->handshake_data.data = NULL;
+ ssl_session->handshake_data.data_len = 0;
+
+ if (!prf(ssl_session, &ssl_session->pre_master_secret, "extended master secret",
+ &handshake_hashed_data,
+ NULL, &ssl_session->master_secret,
+ SSL_MASTER_SECRET_LENGTH)) {
+ ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC);
+ g_free(handshake_hashed_data.data);
+ return -1;
+ }
+ g_free(handshake_hashed_data.data);
+ } else {
+ ssl_debug_printf("%s:PRF(pre_master_secret)\n", G_STRFUNC);
+ ssl_print_string("pre master secret",&ssl_session->pre_master_secret);
+ ssl_print_string("client random",&ssl_session->client_random);
+ ssl_print_string("server random",&ssl_session->server_random);
+ if (!prf(ssl_session, &ssl_session->pre_master_secret, "master secret",
+ &ssl_session->client_random,
+ &ssl_session->server_random, &ssl_session->master_secret,
+ SSL_MASTER_SECRET_LENGTH)) {
+ ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC);
+ return -1;
+ }
}
ssl_print_string("master secret",&ssl_session->master_secret);
if(ssl_session->cipher_suite.block>1)
needed+=ssl_session->cipher_suite.block*2;
- key_block.data_len = needed;
key_block.data = (guchar *)g_malloc(needed);
- ssl_debug_printf("ssl_generate_keyring_material sess key generation\n");
- if (prf(ssl_session,&ssl_session->master_secret,"key expansion",
+ ssl_debug_printf("%s sess key generation\n", G_STRFUNC);
+ if (!prf(ssl_session, &ssl_session->master_secret, "key expansion",
&ssl_session->server_random,&ssl_session->client_random,
- &key_block)) {
- ssl_debug_printf("ssl_generate_keyring_material can't generate key_block\n");
+ &key_block, needed)) {
+ ssl_debug_printf("%s can't generate key_block\n", G_STRFUNC);
goto fail;
}
ssl_print_string("key expansion", &key_block);
/* export ciphers work with a smaller key length */
if (ssl_session->cipher_suite.eff_bits < ssl_session->cipher_suite.bits) {
- StringInfo iv_c,iv_s;
- StringInfo key_c,key_s;
- StringInfo k;
-
if(ssl_session->cipher_suite.block>1){
/* We only have room for MAX_BLOCK_SIZE bytes IVs, but that's
all we should need. This is a sanity check */
if(ssl_session->cipher_suite.block>MAX_BLOCK_SIZE) {
- ssl_debug_printf("ssl_generate_keyring_material cipher suite block must be at most %d nut is %d\n",
- MAX_BLOCK_SIZE, ssl_session->cipher_suite.block);
+ ssl_debug_printf("%s cipher suite block must be at most %d nut is %d\n",
+ G_STRFUNC, MAX_BLOCK_SIZE, ssl_session->cipher_suite.block);
goto fail;
}
- iv_c.data = _iv_c;
- iv_c.data_len = ssl_session->cipher_suite.block;
- iv_s.data = _iv_s;
- iv_s.data_len = ssl_session->cipher_suite.block;
-
if(ssl_session->version_netorder==SSLV3_VERSION){
- ssl_debug_printf("ssl_generate_keyring_material ssl3_generate_export_iv\n");
- if (ssl3_generate_export_iv(&ssl_session->client_random,
- &ssl_session->server_random,&iv_c)) {
- ssl_debug_printf("ssl_generate_keyring_material can't generate sslv3 client iv\n");
- goto fail;
- }
- ssl_debug_printf("ssl_generate_keyring_material ssl3_generate_export_iv(2)\n");
- if (ssl3_generate_export_iv(&ssl_session->server_random,
- &ssl_session->client_random,&iv_s)) {
- ssl_debug_printf("ssl_generate_keyring_material can't generate sslv3 server iv\n");
- goto fail;
- }
+ /* The length of these fields are ignored by this caller */
+ StringInfo iv_c, iv_s;
+ iv_c.data = _iv_c;
+ iv_s.data = _iv_s;
+
+ ssl_debug_printf("%s ssl3_generate_export_iv\n", G_STRFUNC);
+ ssl3_generate_export_iv(&ssl_session->client_random,
+ &ssl_session->server_random, &iv_c,
+ ssl_session->cipher_suite.block);
+ ssl_debug_printf("%s ssl3_generate_export_iv(2)\n", G_STRFUNC);
+ ssl3_generate_export_iv(&ssl_session->server_random,
+ &ssl_session->client_random, &iv_s,
+ ssl_session->cipher_suite.block);
}
else{
guint8 _iv_block[MAX_BLOCK_SIZE * 2];
key_null.data_len = 0;
iv_block.data = _iv_block;
- iv_block.data_len = ssl_session->cipher_suite.block*2;
- ssl_debug_printf("ssl_generate_keyring_material prf(iv_block)\n");
- if(prf(ssl_session,&key_null, "IV block",
+ ssl_debug_printf("%s prf(iv_block)\n", G_STRFUNC);
+ if (!prf(ssl_session, &key_null, "IV block",
&ssl_session->client_random,
- &ssl_session->server_random,&iv_block)) {
- ssl_debug_printf("ssl_generate_keyring_material can't generate tls31 iv block\n");
+ &ssl_session->server_random, &iv_block,
+ ssl_session->cipher_suite.block * 2)) {
+ ssl_debug_printf("%s can't generate tls31 iv block\n", G_STRFUNC);
goto fail;
}
if (ssl_session->version_netorder==SSLV3_VERSION){
SSL_MD5_CTX md5;
- ssl_debug_printf("ssl_generate_keyring_material MD5(client_random)\n");
+ ssl_debug_printf("%s MD5(client_random)\n", G_STRFUNC);
ssl_md5_init(&md5);
ssl_md5_update(&md5,c_wk,ssl_session->cipher_suite.eff_bits/8);
c_wk=_key_c;
ssl_md5_init(&md5);
- ssl_debug_printf("ssl_generate_keyring_material MD5(server_random)\n");
+ ssl_debug_printf("%s MD5(server_random)\n", G_STRFUNC);
ssl_md5_update(&md5,s_wk,ssl_session->cipher_suite.eff_bits/8);
ssl_md5_update(&md5,ssl_session->server_random.data,
ssl_session->server_random.data_len);
s_wk=_key_s;
}
else{
+ StringInfo key_c, key_s, k;
key_c.data = _key_c;
- key_c.data_len = sizeof(_key_c);
key_s.data = _key_s;
- key_s.data_len = sizeof(_key_s);
k.data = c_wk;
k.data_len = ssl_session->cipher_suite.eff_bits/8;
- ssl_debug_printf("ssl_generate_keyring_material PRF(key_c)\n");
- if (prf(ssl_session,&k,"client write key",
+ ssl_debug_printf("%s PRF(key_c)\n", G_STRFUNC);
+ if (!prf(ssl_session, &k, "client write key",
&ssl_session->client_random,
- &ssl_session->server_random, &key_c)) {
- ssl_debug_printf("ssl_generate_keyring_material can't generate tll31 server key \n");
+ &ssl_session->server_random, &key_c, sizeof(_key_c))) {
+ ssl_debug_printf("%s can't generate tll31 server key \n", G_STRFUNC);
goto fail;
}
c_wk=_key_c;
k.data = s_wk;
k.data_len = ssl_session->cipher_suite.eff_bits/8;
- ssl_debug_printf("ssl_generate_keyring_material PRF(key_s)\n");
- if(prf(ssl_session,&k,"server write key",
+ ssl_debug_printf("%s PRF(key_s)\n", G_STRFUNC);
+ if (!prf(ssl_session, &k, "server write key",
&ssl_session->client_random,
- &ssl_session->server_random, &key_s)) {
- ssl_debug_printf("ssl_generate_keyring_material can't generate tll31 client key \n");
+ &ssl_session->server_random, &key_s, sizeof(_key_s))) {
+ ssl_debug_printf("%s can't generate tll31 client key \n", G_STRFUNC);
goto fail;
}
s_wk=_key_s;
}
/* create both client and server ciphers*/
- ssl_debug_printf("ssl_generate_keyring_material ssl_create_decoder(client)\n");
- ssl_session->client_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->compression, c_mk, c_wk, c_iv);
+ ssl_debug_printf("%s ssl_create_decoder(client)\n", G_STRFUNC);
+ ssl_session->client_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->session.compression, c_mk, c_wk, c_iv);
if (!ssl_session->client_new) {
- ssl_debug_printf("ssl_generate_keyring_material can't init client decoder\n");
+ ssl_debug_printf("%s can't init client decoder\n", G_STRFUNC);
goto fail;
}
- ssl_debug_printf("ssl_generate_keyring_material ssl_create_decoder(server)\n");
- ssl_session->server_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->compression, s_mk, s_wk, s_iv);
+ ssl_debug_printf("%s ssl_create_decoder(server)\n", G_STRFUNC);
+ ssl_session->server_new = ssl_create_decoder(&ssl_session->cipher_suite, ssl_session->session.compression, s_mk, s_wk, s_iv);
if (!ssl_session->server_new) {
- ssl_debug_printf("ssl_generate_keyring_material can't init client decoder\n");
+ ssl_debug_printf("%s can't init client decoder\n", G_STRFUNC);
goto fail;
}
- ssl_debug_printf("ssl_generate_keyring_material: client seq %d, server seq %d\n",
- ssl_session->client_new->seq, ssl_session->server_new->seq);
+ ssl_debug_printf("%s: client seq %d, server seq %d\n",
+ G_STRFUNC, ssl_session->client_new->seq, ssl_session->server_new->seq);
g_free(key_block.data);
ssl_session->state |= SSL_HAVE_SESSION_KEY;
return 0;
}
}
-int
+static gboolean
ssl_decrypt_pre_master_secret(SslDecryptSession*ssl_session,
- StringInfo* encrypted_pre_master, SSL_PRIVATE_KEY *pk)
+ StringInfo* encrypted_pre_master, gcry_sexp_t pk)
{
gint i;
if (!encrypted_pre_master)
- return -1;
-
- if(ssl_session->cipher_suite.kex == KEX_DH) {
- ssl_debug_printf("ssl_decrypt_pre_master_secret session uses DH (%d) key exchange, which is impossible to decrypt\n",
- KEX_DH);
- return -1;
+ return FALSE;
+ if(ssl_session->cipher_suite.kex == KEX_DHE_DSS ||
+ ssl_session->cipher_suite.kex == KEX_DHE_PSK ||
+ ssl_session->cipher_suite.kex == KEX_DHE_RSA ||
+ ssl_session->cipher_suite.kex == KEX_DH_ANON ||
+ ssl_session->cipher_suite.kex == KEX_DH_DSS ||
+ ssl_session->cipher_suite.kex == KEX_DH_RSA) {
+ ssl_debug_printf("%s: session uses DH (%d) key exchange, which is "
+ "impossible to decrypt\n", G_STRFUNC, ssl_session->cipher_suite.kex);
+ return FALSE;
} else if(ssl_session->cipher_suite.kex != KEX_RSA) {
- ssl_debug_printf("ssl_decrypt_pre_master_secret key exchange %d different from KEX_RSA (%d)\n",
- ssl_session->cipher_suite.kex, KEX_RSA);
- return -1;
+ ssl_debug_printf("%s key exchange %d different from KEX_RSA (%d)\n",
+ G_STRFUNC, ssl_session->cipher_suite.kex, KEX_RSA);
+ return FALSE;
}
/* with tls key loading will fail if not rsa type, so no need to check*/
ssl_print_string("pre master encrypted",encrypted_pre_master);
- ssl_debug_printf("ssl_decrypt_pre_master_secret:RSA_private_decrypt\n");
+ ssl_debug_printf("%s: RSA_private_decrypt\n", G_STRFUNC);
i=ssl_private_decrypt(encrypted_pre_master->data_len,
encrypted_pre_master->data, pk);
if (i!=48) {
- ssl_debug_printf("ssl_decrypt_pre_master_secret wrong "
- "pre_master_secret length (%d, expected %d)\n", i, 48);
- return -1;
+ ssl_debug_printf("%s wrong pre_master_secret length (%d, expected "
+ "%d)\n", G_STRFUNC, i, 48);
+ return FALSE;
}
/* the decrypted data has been written into the pre_master key buffer */
case we're renegotiating */
ssl_session->state &= ~(SSL_MASTER_SECRET|SSL_HAVE_SESSION_KEY);
ssl_session->state |= SSL_PRE_MASTER_SECRET;
- return 0;
+ return TRUE;
}
/* convert network byte order 32 byte number to right-aligned host byte order *
/* strip padding for GenericBlockCipher */
if (decoder->cipher_suite->mode == MODE_CBC) {
+ if (inl < 1) { /* Should this check happen earlier? */
+ ssl_debug_printf("ssl_decrypt_record failed: input length %d too small\n", inl);
+ return -1;
+ }
pad=out_str->data[inl-1];
if (worklen <= pad) {
ssl_debug_printf("ssl_decrypt_record failed: padding %d too large for work %d\n",
}
#define RSA_PARS 6
-static SSL_PRIVATE_KEY*
-ssl_privkey_to_sexp(struct gnutls_x509_privkey_int* priv_key)
+static gcry_sexp_t
+ssl_privkey_to_sexp(gnutls_x509_privkey_t priv_key)
{
gnutls_datum_t rsa_datum[RSA_PARS]; /* m, e, d, p, q, u */
size_t tmp_size;
+ gcry_error_t gret;
gcry_sexp_t rsa_priv_key = NULL;
gint i;
- int ret;
- size_t buf_len;
- unsigned char buf_keyid[32];
-
-#ifdef SSL_FAST
- gcry_mpi_t* rsa_params = g_malloc(sizeof(gcry_mpi_t)*RSA_PARS);
-#else
- gcry_mpi_t rsa_params[RSA_PARS];
-#endif
-
- buf_len = sizeof(buf_keyid);
- ret = gnutls_x509_privkey_get_key_id(priv_key, 0, buf_keyid, &buf_len);
- if (ret != 0) {
- ssl_debug_printf( "gnutls_x509_privkey_get_key_id(ssl_pkey, 0, buf_keyid, &buf_len) - %s\n", gnutls_strerror(ret));
- } else {
- ssl_debug_printf( "Private key imported: KeyID %s\n", bytes_to_ep_str_punct(buf_keyid, (int) buf_len, ':'));
- }
+ gcry_mpi_t rsa_params[RSA_PARS];
/* RSA get parameter */
if (gnutls_x509_privkey_export_rsa_raw(priv_key,
&rsa_datum[4],
&rsa_datum[5]) != 0) {
ssl_debug_printf("ssl_load_key: can't export rsa param (is a rsa private key file ?!?)\n");
-#ifdef SSL_FAST
- g_free(rsa_params);
-#endif
return NULL;
}
/* convert each rsa parameter to mpi format*/
for(i=0; i<RSA_PARS; i++) {
- if (gcry_mpi_scan(&rsa_params[i], GCRYMPI_FMT_USG, rsa_datum[i].data, rsa_datum[i].size,&tmp_size) != 0) {
+ gret = gcry_mpi_scan(&rsa_params[i], GCRYMPI_FMT_USG, rsa_datum[i].data, rsa_datum[i].size,&tmp_size);
+ /* these buffers were allocated by gnutls_x509_privkey_export_rsa_raw() */
+ g_free(rsa_datum[i].data);
+ if (gret != 0) {
ssl_debug_printf("ssl_load_key: can't convert m rsa param to int (size %d)\n", rsa_datum[i].size);
-#ifdef SSL_FAST
- g_free(rsa_params);
-#endif
return NULL;
}
}
if (gcry_mpi_cmp(rsa_params[3], rsa_params[4]) > 0)
{
ssl_debug_printf("ssl_load_key: swapping p and q parameters and recomputing u\n");
+ /* p, q = q, p */
gcry_mpi_swap(rsa_params[3], rsa_params[4]);
- gcry_mpi_invm(rsa_params[5], rsa_params[3], rsa_params[4]);
+ /* due to swapping p and q, u = p^-1 mod p which happens to be needed. */
}
+ /* libgcrypt expects u = p^-1 mod q (for OpenPGP), but the u parameter
+ * says u = q^-1 mod p. Recompute u = p^-1 mod q. Do this unconditionally as
+ * at least GnuTLS 2.12.23 computes an invalid value. */
+ gcry_mpi_invm(rsa_params[5], rsa_params[3], rsa_params[4]);
if (gcry_sexp_build( &rsa_priv_key, NULL,
"(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", rsa_params[0],
rsa_params[1], rsa_params[2], rsa_params[3], rsa_params[4],
rsa_params[5]) != 0) {
ssl_debug_printf("ssl_load_key: can't build rsa private key s-exp\n");
-#ifdef SSL_FAST
- g_free(rsa_params);
-#endif
return NULL;
}
-#ifdef SSL_FAST
- return rsa_params;
-#else
for (i=0; i< 6; i++)
gcry_mpi_release(rsa_params[i]);
return rsa_priv_key;
-#endif
-
}
-Ssl_private_key_t *
+/** Load an RSA private key from specified file
+ @param fp the file that contain the key data
+ @return a pointer to the loaded key on success, or NULL */
+static gnutls_x509_privkey_t
ssl_load_key(FILE* fp)
{
/* gnutls makes our work much harder, since we have to work internally with
*/
gnutls_x509_privkey_t priv_key;
gnutls_datum_t key;
- long size;
+ ws_statb64 statbuf;
gint ret;
guint bytes;
- Ssl_private_key_t *private_key = (Ssl_private_key_t *)g_malloc0(sizeof(Ssl_private_key_t));
-
- /* init private key data*/
- gnutls_x509_privkey_init(&priv_key);
-
- /* compute file size and load all file contents into a datum buffer*/
- if (fseek(fp, 0, SEEK_END) < 0) {
- ssl_debug_printf("ssl_load_key: can't fseek file\n");
- g_free(private_key);
+ if (ws_fstat64(fileno(fp), &statbuf) == -1) {
+ ssl_debug_printf("ssl_load_key: can't ws_fstat64 file\n");
+ return NULL;
+ }
+ if (S_ISDIR(statbuf.st_mode)) {
+ ssl_debug_printf("ssl_load_key: file is a directory\n");
+ errno = EISDIR;
return NULL;
}
- if ((size = ftell(fp)) < 0) {
- ssl_debug_printf("ssl_load_key: can't ftell file\n");
- g_free(private_key);
+ if (S_ISFIFO(statbuf.st_mode)) {
+ ssl_debug_printf("ssl_load_key: file is a named pipe\n");
+ errno = EINVAL;
return NULL;
}
- if (fseek(fp, 0, SEEK_SET) < 0) {
- ssl_debug_printf("ssl_load_key: can't re-fseek file\n");
- g_free(private_key);
+ if (!S_ISREG(statbuf.st_mode)) {
+ ssl_debug_printf("ssl_load_key: file is not a regular file\n");
+ errno = EINVAL;
return NULL;
}
- key.data = (unsigned char *)g_malloc(size);
- key.size = (int)size;
+ /* XXX - check for a too-big size */
+ /* load all file contents into a datum buffer*/
+ key.data = (unsigned char *)g_malloc((size_t)statbuf.st_size);
+ key.size = (int)statbuf.st_size;
bytes = (guint) fread(key.data, 1, key.size, fp);
if (bytes < key.size) {
ssl_debug_printf("ssl_load_key: can't read from file %d bytes, got %d\n",
key.size, bytes);
- g_free(private_key);
g_free(key.data);
return NULL;
}
+ /* init private key data*/
+ gnutls_x509_privkey_init(&priv_key);
+
/* import PEM data*/
if ((ret = gnutls_x509_privkey_import(priv_key, &key, GNUTLS_X509_FMT_PEM)) != GNUTLS_E_SUCCESS) {
ssl_debug_printf("ssl_load_key: can't import pem data: %s\n", gnutls_strerror(ret));
- g_free(private_key);
g_free(key.data);
return NULL;
}
if (gnutls_x509_privkey_get_pk_algorithm(priv_key) != GNUTLS_PK_RSA) {
ssl_debug_printf("ssl_load_key: private key public key algorithm isn't RSA\n");
- g_free(private_key);
g_free(key.data);
return NULL;
}
g_free(key.data);
- private_key->x509_pkey = priv_key;
- private_key->sexp_pkey = ssl_privkey_to_sexp(priv_key);
- if ( !private_key->sexp_pkey ) {
- g_free(private_key);
- return NULL;
- }
- return private_key;
+ return priv_key;
}
static const char *
* @param[out] err error message upon failure; NULL upon success.
* @return a pointer to the loaded key on success; NULL upon failure.
*/
-static Ssl_private_key_t *
-ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd, const char** err) {
+static gnutls_x509_privkey_t
+ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd, char** err) {
int i, j, ret;
int rest;
gnutls_datum_t data;
gnutls_pkcs12_bag_t bag = NULL;
gnutls_pkcs12_bag_type_t bag_type;
- size_t len, buf_len;
- static char buf_name[256];
- static char buf_email[128];
- unsigned char buf_keyid[32];
+ size_t len;
gnutls_pkcs12_t ssl_p12 = NULL;
- gnutls_x509_crt_t ssl_cert = NULL;
gnutls_x509_privkey_t ssl_pkey = NULL;
- Ssl_private_key_t *private_key = (Ssl_private_key_t *)g_malloc0(sizeof(Ssl_private_key_t));
+ gnutls_x509_privkey_t priv_key = NULL;
*err = NULL;
rest = 4096;
data.size -= rest;
ssl_debug_printf("%d bytes read\n", data.size);
if (!feof(fp)) {
- *err = "Error during certificate reading.";
+ *err = g_strdup("Error during certificate reading.");
ssl_debug_printf("%s\n", *err);
- g_free(private_key);
g_free(data.data);
return 0;
}
ret = gnutls_pkcs12_init(&ssl_p12);
if (ret < 0) {
- *err = wmem_strdup_printf(wmem_file_scope(), "gnutls_pkcs12_init(&st_p12) - %s", gnutls_strerror(ret));
+ *err = g_strdup_printf("gnutls_pkcs12_init(&st_p12) - %s", gnutls_strerror(ret));
ssl_debug_printf("%s\n", *err);
- g_free(private_key);
g_free(data.data);
return 0;
}
/* load PKCS#12 in DER or PEM format */
ret = gnutls_pkcs12_import(ssl_p12, &data, GNUTLS_X509_FMT_DER, 0);
if (ret < 0) {
- *err = wmem_strdup_printf(wmem_file_scope(), "could not load PKCS#12 in DER format: %s", gnutls_strerror(ret));
+ *err = g_strdup_printf("could not load PKCS#12 in DER format: %s", gnutls_strerror(ret));
ssl_debug_printf("%s\n", *err);
+ g_free(*err);
ret = gnutls_pkcs12_import(ssl_p12, &data, GNUTLS_X509_FMT_PEM, 0);
if (ret < 0) {
- *err = wmem_strdup_printf(wmem_file_scope(), "could not load PKCS#12 in PEM format: %s", gnutls_strerror(ret));
+ *err = g_strdup_printf("could not load PKCS#12 in PEM format: %s", gnutls_strerror(ret));
ssl_debug_printf("%s\n", *err);
} else {
*err = NULL;
}
g_free(data.data);
if (ret < 0) {
- g_free(private_key);
return 0;
}
ssl_debug_printf( "PKCS#12 imported\n");
- for (i=0; ret==0; i++) {
-
- if (bag) { gnutls_pkcs12_bag_deinit(bag); bag = NULL; }
+ /* TODO: Use gnutls_pkcs12_simple_parse, since 3.1.0 (August 2012) */
+ for (i=0; ; i++) {
ret = gnutls_pkcs12_bag_init(&bag);
- if (ret < 0) continue;
+ if (ret < 0) break;
ret = gnutls_pkcs12_get_bag(ssl_p12, i, bag);
- if (ret < 0) continue;
+ if (ret < 0) break;
- for (j=0; ret==0 && j<gnutls_pkcs12_bag_get_count(bag); j++) {
+ for (j=0; j<gnutls_pkcs12_bag_get_count(bag); j++) {
bag_type = gnutls_pkcs12_bag_get_type(bag, j);
- if (bag_type >= GNUTLS_BAG_UNKNOWN) continue;
+ if (bag_type >= GNUTLS_BAG_UNKNOWN) goto done;
ssl_debug_printf( "Bag %d/%d: %s\n", i, j, BAGTYPE(bag_type));
if (bag_type == GNUTLS_BAG_ENCRYPTED) {
ret = gnutls_pkcs12_bag_decrypt(bag, cert_passwd);
if (ret == 0) {
bag_type = gnutls_pkcs12_bag_get_type(bag, j);
- if (bag_type >= GNUTLS_BAG_UNKNOWN) continue;
+ if (bag_type >= GNUTLS_BAG_UNKNOWN) goto done;
ssl_debug_printf( "Bag %d/%d decrypted: %s\n", i, j, BAGTYPE(bag_type));
}
}
ret = gnutls_pkcs12_bag_get_data(bag, j, &data);
- if (ret < 0) continue;
+ if (ret < 0) goto done;
switch (bag_type) {
- case GNUTLS_BAG_CERTIFICATE:
-
- ret = gnutls_x509_crt_init(&ssl_cert);
- if (ret < 0) {
- *err = wmem_strdup_printf(wmem_file_scope(), "gnutls_x509_crt_init(&ssl_cert) - %s", gnutls_strerror(ret));
- ssl_debug_printf("%s\n", *err);
- g_free(private_key);
- return 0;
- }
-
- ret = gnutls_x509_crt_import(ssl_cert, &data, GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- *err = wmem_strdup_printf(wmem_file_scope(), "gnutls_x509_crt_import(ssl_cert, &data, GNUTLS_X509_FMT_DER) - %s", gnutls_strerror(ret));
- ssl_debug_printf("%s\n", *err);
- g_free(private_key);
- return 0;
- }
-
- buf_len = sizeof(buf_name);
- ret = gnutls_x509_crt_get_dn_by_oid(ssl_cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, buf_name, &buf_len);
- if (ret < 0) { g_strlcpy(buf_name, "<ERROR>", 256); }
- buf_len = sizeof(buf_email);
- ret = gnutls_x509_crt_get_dn_by_oid(ssl_cert, GNUTLS_OID_PKCS9_EMAIL, 0, 0, buf_email, &buf_len);
- if (ret < 0) { g_strlcpy(buf_email, "<ERROR>", 128); }
-
- buf_len = sizeof(buf_keyid);
- ret = gnutls_x509_crt_get_key_id(ssl_cert, 0, buf_keyid, &buf_len);
- if (ret < 0) { g_strlcpy(buf_keyid, "<ERROR>", 32); }
-
- private_key->x509_cert = ssl_cert;
- ssl_debug_printf( "Certificate imported: %s <%s>, KeyID %s\n", buf_name, buf_email, bytes_to_ep_str(buf_keyid, (int) buf_len));
- break;
-
case GNUTLS_BAG_PKCS8_KEY:
case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
ret = gnutls_x509_privkey_init(&ssl_pkey);
if (ret < 0) {
- *err = wmem_strdup_printf(wmem_file_scope(), "gnutls_x509_privkey_init(&ssl_pkey) - %s", gnutls_strerror(ret));
+ *err = g_strdup_printf("gnutls_x509_privkey_init(&ssl_pkey) - %s", gnutls_strerror(ret));
ssl_debug_printf("%s\n", *err);
- g_free(private_key);
- return 0;
+ goto done;
}
ret = gnutls_x509_privkey_import_pkcs8(ssl_pkey, &data, GNUTLS_X509_FMT_DER, cert_passwd,
(bag_type==GNUTLS_BAG_PKCS8_KEY) ? GNUTLS_PKCS_PLAIN : 0);
if (ret < 0) {
- *err = wmem_strdup_printf(wmem_file_scope(), "Can not decrypt private key - %s", gnutls_strerror(ret));
+ *err = g_strdup_printf("Can not decrypt private key - %s", gnutls_strerror(ret));
ssl_debug_printf("%s\n", *err);
- g_free(private_key);
- return 0;
+ goto done;
}
if (gnutls_x509_privkey_get_pk_algorithm(ssl_pkey) != GNUTLS_PK_RSA) {
- *err = "ssl_load_pkcs12: private key public key algorithm isn't RSA";
+ *err = g_strdup("ssl_load_pkcs12: private key public key algorithm isn't RSA");
ssl_debug_printf("%s\n", *err);
- g_free(private_key);
- return 0;
+ goto done;
}
- private_key->x509_pkey = ssl_pkey;
- private_key->sexp_pkey = ssl_privkey_to_sexp(ssl_pkey);
- if ( !private_key->sexp_pkey ) {
- *err = "ssl_load_pkcs12: could not create sexp_pkey";
- ssl_debug_printf("%s\n", *err);
- g_free(private_key);
- return NULL;
- }
+ /* Private key found, return it. */
+ priv_key = ssl_pkey;
+ goto done;
break;
default: ;
}
} /* j */
+ if (bag) { gnutls_pkcs12_bag_deinit(bag); bag = NULL; }
} /* i */
- return private_key;
+done:
+ if (!priv_key && ssl_pkey)
+ gnutls_x509_privkey_deinit(ssl_pkey);
+ if (bag)
+ gnutls_pkcs12_bag_deinit(bag);
+
+ return priv_key;
}
-void ssl_free_key(Ssl_private_key_t* key)
+void
+ssl_private_key_free(gpointer key)
{
-#ifdef SSL_FAST
- gint i;
- for (i=0; i< 6; i++)
- gcry_mpi_release(key->sexp_pkey[i]);
-#else
- gcry_sexp_release(key->sexp_pkey);
-#endif
-
- if (!key->x509_cert)
- gnutls_x509_crt_deinit (key->x509_cert);
-
- if (!key->x509_pkey)
- gnutls_x509_privkey_deinit(key->x509_pkey);
-
- g_free((Ssl_private_key_t*)key);
+ gcry_sexp_release((gcry_sexp_t) key);
}
-gint
-ssl_find_private_key(SslDecryptSession *ssl_session, GHashTable *key_hash, GTree* associations, packet_info *pinfo) {
- SslService dummy;
- char ip_addr_any[] = {0,0,0,0};
- guint32 port = 0;
- Ssl_private_key_t * private_key;
+static void
+ssl_find_private_key_by_pubkey(SslDecryptSession *ssl, GHashTable *key_hash,
+ gnutls_datum_t *subjectPublicKeyInfo)
+{
+ gnutls_pubkey_t pubkey = NULL;
+ guchar key_id[20];
+ size_t key_id_len = sizeof(key_id);
+ int r;
- if (!ssl_session) {
- return 0;
+ if (!subjectPublicKeyInfo->size) {
+ ssl_debug_printf("%s: could not find SubjectPublicKeyInfo\n", G_STRFUNC);
+ return;
}
- /* we need to know which side of the conversation is speaking */
- if (ssl_packet_from_server(ssl_session, associations, pinfo)) {
- dummy.addr = pinfo->src;
- dummy.port = port = pinfo->srcport;
- } else {
- dummy.addr = pinfo->dst;
- dummy.port = port = pinfo->destport;
+ r = gnutls_pubkey_init(&pubkey);
+ if (r < 0) {
+ ssl_debug_printf("%s: failed to init pubkey: %s\n",
+ G_STRFUNC, gnutls_strerror(r));
+ return;
}
- ssl_debug_printf("ssl_find_private_key server %s:%u\n",
- ep_address_to_str(&dummy.addr),dummy.port);
-
- /* try to retrieve private key for this service. Do it now 'cause pinfo
- * is not always available
- * Note that with HAVE_LIBGNUTLS undefined private_key is allways 0
- * and thus decryption never engaged*/
-
- ssl_session->private_key = 0;
- private_key = (Ssl_private_key_t *)g_hash_table_lookup(key_hash, &dummy);
-
- if (!private_key) {
- ssl_debug_printf("ssl_find_private_key can't find private key for this server! Try it again with universal port 0\n");
-
- dummy.port = 0;
- private_key = (Ssl_private_key_t *)g_hash_table_lookup(key_hash, &dummy);
+ r = gnutls_pubkey_import(pubkey, subjectPublicKeyInfo, GNUTLS_X509_FMT_DER);
+ if (r < 0) {
+ ssl_debug_printf("%s: failed to import pubkey from handshake: %s\n",
+ G_STRFUNC, gnutls_strerror(r));
+ goto end;
}
- if (!private_key) {
- ssl_debug_printf("ssl_find_private_key can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0\n");
-
- dummy.addr.type = AT_IPv4;
- dummy.addr.len = 4;
- dummy.addr.data = ip_addr_any;
-
- dummy.port = port;
- private_key = (Ssl_private_key_t *)g_hash_table_lookup(key_hash, &dummy);
+ /* Generate a 20-byte SHA-1 hash. */
+ r = gnutls_pubkey_get_key_id(pubkey, 0, key_id, &key_id_len);
+ if (r < 0) {
+ ssl_debug_printf("%s: failed to extract key id from pubkey: %s\n",
+ G_STRFUNC, gnutls_strerror(r));
+ goto end;
}
- if (!private_key) {
- ssl_debug_printf("ssl_find_private_key can't find any private key!\n");
- } else {
- ssl_session->private_key = private_key->sexp_pkey;
- }
+ ssl_print_data("lookup(KeyID)", key_id, key_id_len);
+ ssl->private_key = (gcry_sexp_t)g_hash_table_lookup(key_hash, key_id);
+ ssl_debug_printf("%s: lookup result: %p\n", G_STRFUNC, (void *) ssl->private_key);
- return 0;
+end:
+ gnutls_pubkey_deinit(pubkey);
}
void
{
}
-Ssl_private_key_t *
-ssl_load_key(FILE* fp)
-{
- ssl_debug_printf("ssl_load_key: impossible without gnutls. fp %p\n",fp);
- return NULL;
-}
-
-Ssl_private_key_t *
-ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd _U_, const char** err) {
- *err = NULL;
- ssl_debug_printf("ssl_load_pkcs12: impossible without gnutls. fp %p\n",fp);
- return NULL;
-}
-
void
-ssl_free_key(Ssl_private_key_t* key _U_)
-{
-}
-
-gint
-ssl_find_private_key(SslDecryptSession *ssl_session _U_, GHashTable *key_hash _U_, GTree* associations _U_, packet_info *pinfo _U_)
+ssl_private_key_free(gpointer key _U_)
{
- return 0;
}
int
num,cs);
return 0;
}
-int
+gboolean
ssl_generate_pre_master_secret(SslDecryptSession *ssl_session _U_,
guint32 length _U_, tvbuff_t *tvb _U_, guint32 offset _U_,
- const gchar *ssl_psk _U_, const gchar *keylog_filename _U_)
+ const gchar *ssl_psk _U_, const ssl_master_key_map_t *mk_map _U_)
{
- ssl_debug_printf("ssl_generate_pre_master_secret: impossible without gnutls.\n");
- return 0;
+ ssl_debug_printf("%s: impossible without gnutls.\n", G_STRFUNC);
+ return FALSE;
}
int
ssl_generate_keyring_material(SslDecryptSession*ssl)
(server)?"SERVER":"CLIENT", ssl_session);
}
-int
-ssl_decrypt_pre_master_secret(SslDecryptSession* ssl_session,
- StringInfo* encrypted_pre_master, SSL_PRIVATE_KEY *pk)
-{
- ssl_debug_printf("ssl_decrypt_pre_master_secret: impossible without gnutls."
- " ssl %p encrypted_pre_master %p pk %p\n", ssl_session,
- encrypted_pre_master, pk);
- return 0;
-}
-
int
ssl_decrypt_record(SslDecryptSession*ssl, SslDecoder* decoder, gint ct,
const guchar* in, guint inl, StringInfo* comp_str _U_, StringInfo* out, guint* outl)
return 0;
}
-#endif /* HAVE_LIBGNUTLS */
+#endif /* defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT) */
/* get ssl data for this session. if no ssl data is found allocate a new one*/
-void
-ssl_session_init(SslDecryptSession* ssl_session)
+SslDecryptSession *
+ssl_get_session(conversation_t *conversation, dissector_handle_t ssl_handle)
{
- ssl_debug_printf("ssl_session_init: initializing ptr %p size %" G_GSIZE_MODIFIER "u\n",
- (void *)ssl_session, sizeof(SslDecryptSession));
+ void *conv_data;
+ SslDecryptSession *ssl_session;
+ int proto_ssl;
+
+ proto_ssl = dissector_handle_get_protocol_index(ssl_handle);
+ conv_data = conversation_get_proto_data(conversation, proto_ssl);
+ if (conv_data != NULL)
+ return (SslDecryptSession *)conv_data;
+ /* no previous SSL conversation info, initialize it. */
+ ssl_session = wmem_new0(wmem_file_scope(), SslDecryptSession);
+
+ /* data_len is the part that is meaningful, not the allocated length */
+ ssl_session->master_secret.data_len = 0;
ssl_session->master_secret.data = ssl_session->_master_secret;
+ ssl_session->session_id.data_len = 0;
ssl_session->session_id.data = ssl_session->_session_id;
+ ssl_session->client_random.data_len = 0;
ssl_session->client_random.data = ssl_session->_client_random;
+ ssl_session->server_random.data_len = 0;
ssl_session->server_random.data = ssl_session->_server_random;
- ssl_session->session_ticket.data = NULL;
ssl_session->session_ticket.data_len = 0;
- ssl_session->master_secret.data_len = 48;
+ ssl_session->session_ticket.data = NULL; /* will be re-alloced as needed */
ssl_session->server_data_for_iv.data_len = 0;
ssl_session->server_data_for_iv.data = ssl_session->_server_data_for_iv;
ssl_session->client_data_for_iv.data_len = 0;
ssl_session->client_data_for_iv.data = ssl_session->_client_data_for_iv;
- ssl_session->app_data_segment.data=NULL;
- ssl_session->app_data_segment.data_len=0;
- SET_ADDRESS(&ssl_session->srv_addr, AT_NONE, 0, NULL);
- ssl_session->srv_ptype = PT_NONE;
- ssl_session->srv_port = 0;
+ ssl_session->app_data_segment.data = NULL;
+ ssl_session->app_data_segment.data_len = 0;
+ ssl_session->handshake_data.data=NULL;
+ ssl_session->handshake_data.data_len=0;
+
+ /* Initialize parameters which are not necessary specific to decryption. */
+ ssl_session->session.version = SSL_VER_UNKNOWN;
+ SET_ADDRESS(&ssl_session->session.srv_addr, AT_NONE, 0, NULL);
+ ssl_session->session.srv_ptype = PT_NONE;
+ ssl_session->session.srv_port = 0;
+
+ conversation_add_proto_data(conversation, proto_ssl, ssl_session);
+ return ssl_session;
}
void
-ssl_set_server(SslDecryptSession* ssl, address *addr, port_type ptype, guint32 port)
+ssl_set_server(SslSession *session, address *addr, port_type ptype, guint32 port)
+{
+ WMEM_COPY_ADDRESS(wmem_file_scope(), &session->srv_addr, addr);
+ session->srv_ptype = ptype;
+ session->srv_port = port;
+}
+
+guint32
+ssl_starttls_ack(dissector_handle_t ssl_handle, packet_info *pinfo,
+ dissector_handle_t app_handle)
{
- SE_COPY_ADDRESS(&ssl->srv_addr, addr);
- ssl->srv_ptype = ptype;
- ssl->srv_port = port;
+ conversation_t *conversation;
+ SslSession *session;
+
+ /* Ignore if the SSL dissector is disabled. */
+ if (!ssl_handle)
+ return 0;
+ /* The caller should always pass a valid handle to its own dissector. */
+ DISSECTOR_ASSERT(app_handle);
+
+ conversation = find_or_create_conversation(pinfo);
+ session = &ssl_get_session(conversation, ssl_handle)->session;
+
+ ssl_debug_printf("%s: old frame %d, app_handle=%p (%s)\n", G_STRFUNC,
+ session->last_nontls_frame,
+ (void *)session->app_handle,
+ dissector_handle_get_dissector_name(session->app_handle));
+ ssl_debug_printf("%s: current frame %d, app_handle=%p (%s)\n", G_STRFUNC,
+ pinfo->fd->num, (void *)app_handle,
+ dissector_handle_get_dissector_name(app_handle));
+
+ /* Do not switch again if a dissector did it before. */
+ if (session->last_nontls_frame) {
+ ssl_debug_printf("%s: not overriding previous app handle!\n", G_STRFUNC);
+ return session->last_nontls_frame;
+ }
+
+ session->app_handle = app_handle;
+ /* The SSL dissector should be called first for this conversation. */
+ conversation_set_dissector(conversation, ssl_handle);
+ /* SSL starts after this frame. */
+ session->last_nontls_frame = pinfo->fd->num;
+ return 0;
}
/* Hash Functions for TLS/DTLS sessions table and private keys table*/
hash = 0;
id = (const StringInfo*) v;
- /* id and id->data are mallocated in ssl_save_session(). As such 'data'
+ /* id and id->data are mallocated in ssl_save_master_key(). As such 'data'
* should be aligned for any kind of access (for example as a guint as
* is done below). The intermediate void* cast is to prevent "cast
* increases required alignment of target type" warnings on CPUs (such
return hash;
}
-gint
+gboolean
ssl_private_key_equal (gconstpointer v, gconstpointer v2)
{
- const SslService *val1;
- const SslService *val2;
- val1 = (const SslService *)v;
- val2 = (const SslService *)v2;
-
- if ((val1->port == val2->port) &&
- ! CMP_ADDRESS(&val1->addr, &val2->addr)) {
- return 1;
- }
- return 0;
+ /* key ID length (SHA-1 hash, per GNUTLS_KEYID_USE_SHA1) */
+ return !memcmp(v, v2, 20);
}
guint
-ssl_private_key_hash (gconstpointer v)
+ssl_private_key_hash (gconstpointer v)
{
- const SslService *key;
- guint l, hash, len ;
- const guint* cur;
+ guint l, hash = 0;
+ const guint8 *cur = (const guint8 *)v;
- key = (const SslService *)v;
- hash = key->port;
- len = key->addr.len;
- cur = (const guint*) key->addr.data;
-
- for (l=4; (l<len); l+=4, cur++)
- hash = hash ^ (*cur);
+ /* The public key' SHA-1 hash (which maps to a private key) has a uniform
+ * distribution, hence simply xor'ing them should be sufficient. */
+ for (l = 0; l < 20; l += 4, cur += 4)
+ hash ^= pntoh32(cur);
return hash;
}
-/* private key table entries have a scope 'larger' then packet capture,
- * so we can't relay on se_alloc** function */
-void
-ssl_private_key_free(gpointer id, gpointer key, gpointer dummy _U_)
-{
- if (id != NULL) {
- g_free(id);
- ssl_free_key((Ssl_private_key_t*) key);
- }
-}
-
/* handling of association between tls/dtls ports and clear text protocol */
void
ssl_association_add(GTree* associations, dissector_handle_t handle, guint port, const gchar *protocol, gboolean tcp, gboolean from_key_list)
assoc->handle = find_dissector("data");
}
- if (!assoc->handle) {
- fprintf(stderr, "association_add() could not find handle for protocol:%s\n",protocol);
- } else {
- if (port) {
- if (tcp)
- dissector_add_uint("tcp.port", port, handle);
- else
- dissector_add_uint("udp.port", port, handle);
- }
- g_tree_insert(associations, assoc, assoc);
-
- dissector_add_uint("sctp.port", port, handle);
+ DISSECTOR_ASSERT(assoc->handle != NULL);
+ if (port) {
+ if (tcp)
+ dissector_add_uint("tcp.port", port, handle);
+ else
+ dissector_add_uint("udp.port", port, handle);
}
+ g_tree_insert(associations, assoc, assoc);
+
+ dissector_add_uint("sctp.port", port, handle);
}
void
}
int
-ssl_packet_from_server(SslDecryptSession* ssl, GTree* associations, packet_info *pinfo)
+ssl_packet_from_server(SslSession *session, GTree *associations, packet_info *pinfo)
{
gint ret;
- if (ssl && (ssl->srv_ptype != PT_NONE)) {
- ret = (ssl->srv_ptype == pinfo->ptype) && (ssl->srv_port == pinfo->srcport) && ADDRESSES_EQUAL(&ssl->srv_addr, &pinfo->src);
+ if (session->srv_ptype != PT_NONE) {
+ ret = (session->srv_ptype == pinfo->ptype) &&
+ (session->srv_port == pinfo->srcport) &&
+ ADDRESSES_EQUAL(&session->srv_addr, &pinfo->src);
} else {
- ret = ssl_association_find(associations, pinfo->srcport, pinfo->ptype == PT_TCP) != 0;
+ ret = ssl_association_find(associations, pinfo->srcport, pinfo->ptype != PT_UDP) != 0;
}
ssl_debug_printf("packet_from_server: is from server - %s\n", (ret)?"TRUE":"FALSE");
/* initialize/reset per capture state data (ssl sessions cache) */
void
-ssl_common_init(GHashTable **session_hash, StringInfo *decrypted_data, StringInfo *compressed_data)
+ssl_common_init(ssl_master_key_map_t *mk_map,
+ StringInfo *decrypted_data, StringInfo *compressed_data)
{
- if (*session_hash)
- g_hash_table_destroy(*session_hash);
- *session_hash = g_hash_table_new(ssl_hash, ssl_equal);
-
- g_free(decrypted_data->data);
+ mk_map->session = g_hash_table_new(ssl_hash, ssl_equal);
+ mk_map->crandom = g_hash_table_new(ssl_hash, ssl_equal);
+ mk_map->pre_master = g_hash_table_new(ssl_hash, ssl_equal);
+ mk_map->pms = g_hash_table_new(ssl_hash, ssl_equal);
ssl_data_alloc(decrypted_data, 32);
+ ssl_data_alloc(compressed_data, 32);
+}
+
+void
+ssl_common_cleanup(ssl_master_key_map_t *mk_map, FILE **ssl_keylog_file,
+ StringInfo *decrypted_data, StringInfo *compressed_data)
+{
+ g_hash_table_destroy(mk_map->session);
+ g_hash_table_destroy(mk_map->crandom);
+ g_hash_table_destroy(mk_map->pre_master);
+ g_hash_table_destroy(mk_map->pms);
+ g_free(decrypted_data->data);
g_free(compressed_data->data);
- ssl_data_alloc(compressed_data, 32);
+
+ /* close the previous keylog file now that the cache are cleared, this
+ * allows the cache to be filled with the full keylog file contents. */
+ if (*ssl_keylog_file) {
+ fclose(*ssl_keylog_file);
+ *ssl_keylog_file = NULL;
+ }
}
/* parse ssl related preferences (private keys and ports association strings) */
+#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
void
-ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree* associations, dissector_handle_t handle, gboolean tcp)
+ssl_parse_key_list(const ssldecrypt_assoc_t *uats, GHashTable *key_hash, GTree* associations, dissector_handle_t handle, gboolean tcp)
{
- SslService* service;
- Ssl_private_key_t* private_key, *tmp_private_key;
+ gnutls_x509_privkey_t priv_key;
+ gcry_sexp_t private_key;
FILE* fp = NULL;
- guint32 addr_data[4];
- int addr_len, at;
- address_type addr_type[2] = { AT_IPv4, AT_IPv6 };
+ int ret;
+ size_t key_id_len = 20;
+ guchar *key_id = NULL;
/* try to load keys file first */
fp = ws_fopen(uats->keyfile, "rb");
if (!fp) {
- fprintf(stderr, "Can't open file %s\n",uats->keyfile);
+ report_open_failure(uats->keyfile, errno, FALSE);
return;
}
- for (at = 0; at < 2; at++) {
- memset(addr_data, 0, sizeof(addr_data));
- addr_len = 0;
-
- /* any: IPv4 or IPv6 wildcard */
- /* anyipv4: IPv4 wildcard */
- /* anyipv6: IPv6 wildcard */
-
- if(addr_type[at] == AT_IPv4) {
- if (strcmp(uats->ipaddr, "any") == 0 || strcmp(uats->ipaddr, "anyipv4") == 0 ||
- get_host_ipaddr(uats->ipaddr, &addr_data[0])) {
- addr_len = 4;
- }
- } else { /* AT_IPv6 */
- if(strcmp(uats->ipaddr, "any") == 0 || strcmp(uats->ipaddr, "anyipv6") == 0 ||
- get_host_ipaddr6(uats->ipaddr, (struct e_in6_addr *) addr_data)) {
- addr_len = 16;
- }
+ if ((gint)strlen(uats->password) == 0) {
+ priv_key = ssl_load_key(fp);
+ } else {
+ char *err = NULL;
+ priv_key = ssl_load_pkcs12(fp, uats->password, &err);
+ if (err) {
+ report_failure("%s\n", err);
+ g_free(err);
}
+ }
+ fclose(fp);
- if (! addr_len) {
- continue;
- }
+ if (!priv_key) {
+ report_failure("Can't load private key from %s\n", uats->keyfile);
+ return;
+ }
- if ((gint)strlen(uats->password) == 0) {
- private_key = ssl_load_key(fp);
- } else {
- const char *err = NULL;
- private_key = ssl_load_pkcs12(fp, uats->password, &err);
- if (err) {
- fprintf(stderr, "%s\n", err);
- }
- }
+ key_id = (guchar *) g_malloc0(key_id_len);
+ ret = gnutls_x509_privkey_get_key_id(priv_key, 0, key_id, &key_id_len);
+ if (ret < 0) {
+ report_failure("Can't calculate public key ID for %s: %s",
+ uats->keyfile, gnutls_strerror(ret));
+ goto end;
+ }
+ ssl_print_data("KeyID", key_id, key_id_len);
- if (!private_key) {
- fprintf(stderr,"Can't load private key from %s\n", uats->keyfile);
- fclose(fp);
- return;
- }
+ private_key = ssl_privkey_to_sexp(priv_key);
+ if (!private_key) {
+ report_failure("Can't extract private key parameters for %s", uats->keyfile);
+ goto end;
+ }
- service = (SslService *)g_malloc(sizeof(SslService) + addr_len);
- service->addr.type = addr_type[at];
- service->addr.len = addr_len;
- service->addr.data = ((guchar*)service) + sizeof(SslService);
- memcpy((void*)service->addr.data, addr_data, addr_len);
+ g_hash_table_replace(key_hash, key_id, private_key);
+ key_id = NULL; /* used in key_hash, do not free. */
+ ssl_debug_printf("ssl_init private key file %s successfully loaded.\n", uats->keyfile);
- if(strcmp(uats->port,"start_tls")==0) {
- service->port = 0;
- } else {
- service->port = atoi(uats->port);
- }
-
- ssl_debug_printf("ssl_init %s addr '%s' (%s) port '%d' filename '%s' password(only for p12 file) '%s'\n",
- (addr_type[at] == AT_IPv4) ? "IPv4" : "IPv6", uats->ipaddr, ep_address_to_str(&service->addr),
- service->port, uats->keyfile, uats->password);
-
- ssl_debug_printf("ssl_init private key file %s successfully loaded.\n", uats->keyfile);
-
- /* if item exists, remove first */
- tmp_private_key = (Ssl_private_key_t *)g_hash_table_lookup(key_hash, service);
- if (tmp_private_key) {
- g_hash_table_remove(key_hash, service);
- ssl_free_key(tmp_private_key);
- }
-
- g_hash_table_insert(key_hash, service, private_key);
-
- ssl_association_add(associations, handle, service->port, uats->protocol, tcp, TRUE);
+ {
+ /* Port to subprotocol mapping */
+ int port = atoi(uats->port); /* Also maps "start_tls" -> 0 (wildcard) */
+ ssl_debug_printf("ssl_init port '%d' filename '%s' password(only for p12 file) '%s'\n",
+ port, uats->keyfile, uats->password);
+ ssl_association_add(associations, handle, port, uats->protocol, tcp, TRUE);
}
- fclose(fp);
+end:
+ gnutls_x509_privkey_deinit(priv_key);
+ g_free(key_id);
}
-
-/* store master secret into session data cache */
+#else
void
-ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash)
+ssl_parse_key_list(const ssldecrypt_assoc_t *uats _U_, GHashTable *key_hash _U_, GTree* associations _U_, dissector_handle_t handle _U_, gboolean tcp _U_)
+{
+ report_failure("Can't load private key files, support is not compiled in.");
+}
+#endif
+
+/** store a known (pre-)master secret into cache */
+static void
+ssl_save_master_key(const char *label, GHashTable *ht, StringInfo *key,
+ StringInfo *mk)
{
- /* allocate stringinfo chunks for session id and master secret data*/
- StringInfo* session_id;
- StringInfo* master_secret;
+ StringInfo *ht_key, *master_secret;
- if (ssl->session_id.data_len == 0) {
- ssl_debug_printf("ssl_save_session SessionID is empty!\n");
+ if (key->data_len == 0) {
+ ssl_debug_printf("%s: not saving empty %s!\n", G_STRFUNC, label);
return;
}
- session_id = (StringInfo *)wmem_alloc0(wmem_file_scope(), sizeof(StringInfo) + ssl->session_id.data_len);
- master_secret = (StringInfo *)wmem_alloc0(wmem_file_scope(), 48 + sizeof(StringInfo));
-
- master_secret->data = ((guchar*)master_secret+sizeof(StringInfo));
+ if (mk->data_len == 0) {
+ ssl_debug_printf("%s not saving empty (pre-)master secret for %s!\n",
+ G_STRFUNC, label);
+ return;
+ }
- /* ssl_hash() depends on session_id->data being aligned for guint access
- * so be careful in changing how it is allocated.
- */
- session_id->data = ((guchar*)session_id+sizeof(StringInfo));
+ /* ssl_hash() depends on session_ticket->data being aligned for guint access
+ * so be careful in changing how it is allocated. */
+ ht_key = ssl_data_clone(key);
+ master_secret = ssl_data_clone(mk);
+ g_hash_table_insert(ht, ht_key, master_secret);
- ssl_data_set(session_id, ssl->session_id.data, ssl->session_id.data_len);
- ssl_data_set(master_secret, ssl->master_secret.data, ssl->master_secret.data_len);
- g_hash_table_insert(session_hash, session_id, master_secret);
- ssl_print_string("ssl_save_session stored session id", session_id);
- ssl_print_string("ssl_save_session stored master secret", master_secret);
+ ssl_debug_printf("%s inserted (pre-)master secret for %s\n", G_STRFUNC, label);
+ ssl_print_string("stored key", ht_key);
+ ssl_print_string("stored (pre-)master secret", master_secret);
}
-gboolean
-ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash)
+/** restore a (pre-)master secret given some key in the cache */
+static gboolean
+ssl_restore_master_key(SslDecryptSession *ssl, const char *label,
+ gboolean is_pre_master, GHashTable *ht, StringInfo *key)
{
- StringInfo* ms;
+ StringInfo *ms;
- if (ssl->session_id.data_len == 0) {
- ssl_debug_printf("ssl_restore_session Cannot restore using an empty SessionID\n");
+ if (key->data_len == 0) {
+ ssl_debug_printf("%s can't restore %smaster secret using an empty %s\n",
+ G_STRFUNC, is_pre_master ? "pre-" : "", label);
return FALSE;
}
- ms = (StringInfo *)g_hash_table_lookup(session_hash, &ssl->session_id);
-
+ ms = (StringInfo *)g_hash_table_lookup(ht, key);
if (!ms) {
- ssl_debug_printf("ssl_restore_session can't find stored session\n");
+ ssl_debug_printf("%s can't find %smaster secret by %s\n", G_STRFUNC,
+ is_pre_master ? "pre-" : "", label);
return FALSE;
}
- ssl_data_set(&ssl->master_secret, ms->data, ms->data_len);
- ssl->state |= SSL_MASTER_SECRET;
- ssl_debug_printf("ssl_restore_session master key retrieved\n");
+
+ /* (pre)master secret found, clear knowledge of other keys and set it in the
+ * current conversation */
+ ssl->state &= ~(SSL_MASTER_SECRET | SSL_PRE_MASTER_SECRET |
+ SSL_HAVE_SESSION_KEY);
+ if (is_pre_master) {
+ /* unlike master secret, pre-master secret has a variable size (48 for
+ * RSA, varying for PSK) and is therefore not statically allocated */
+ ssl->pre_master_secret.data = (guchar *) wmem_alloc(wmem_file_scope(),
+ ms->data_len);
+ ssl_data_set(&ssl->pre_master_secret, ms->data, ms->data_len);
+ ssl->state |= SSL_PRE_MASTER_SECRET;
+ } else {
+ ssl_data_set(&ssl->master_secret, ms->data, ms->data_len);
+ ssl->state |= SSL_MASTER_SECRET;
+ }
+ ssl_debug_printf("%s %smaster secret retrieved using %s\n", G_STRFUNC,
+ is_pre_master ? "pre-" : "", label);
+ ssl_print_string(label, key);
+ ssl_print_string("(pre-)master secret", ms);
return TRUE;
}
-/* store master secret into session data cache */
+/* Should be called when all parameters are ready (after ChangeCipherSpec), and
+ * the decoder should be attempted to be initialized. */
void
-ssl_save_session_ticket(SslDecryptSession* ssl, GHashTable *session_hash)
+ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map)
{
- /* allocate stringinfo chunks for session id and master secret data*/
- StringInfo* session_ticket;
- StringInfo* master_secret;
-
- if (ssl->session_ticket.data_len == 0) {
- ssl_debug_printf("ssl_save_session_ticket - session ticket is empty!\n");
+ ssl_debug_printf("%s state = 0x%02X\n", G_STRFUNC, ssl->state);
+ if (ssl->state & SSL_HAVE_SESSION_KEY) {
+ ssl_debug_printf(" session key already available, nothing to do.\n");
return;
}
- session_ticket = (StringInfo *)wmem_alloc0(wmem_file_scope(), sizeof(StringInfo) + ssl->session_ticket.data_len);
- master_secret = (StringInfo *)wmem_alloc0(wmem_file_scope(), 48 + sizeof(StringInfo));
-
- master_secret->data = ((guchar*)master_secret+sizeof(StringInfo));
-
- /* ssl_hash() depends on session_id->data being aligned for guint access
- * so be careful in changing how it is allocated.
- */
- session_ticket->data = ((guchar*)session_ticket+sizeof(StringInfo));
-
- ssl_data_set(session_ticket, ssl->session_ticket.data, ssl->session_ticket.data_len);
- ssl_data_set(master_secret, ssl->master_secret.data, ssl->master_secret.data_len);
- g_hash_table_insert(session_hash, session_ticket, master_secret);
- ssl_print_string("ssl_save_session_ticket stored session_ticket", session_ticket);
- ssl_print_string("ssl_save_session_ticket stored master secret", master_secret);
-}
-
-gboolean
-ssl_restore_session_ticket(SslDecryptSession* ssl, GHashTable *session_hash)
-{
- StringInfo* ms;
-
- if (ssl->session_ticket.data_len == 0) {
- ssl_debug_printf("ssl_restore_session_ticket Cannot restore using an empty session ticket\n");
- return FALSE;
+ /* for decryption, there needs to be a master secret (which can be derived
+ * from pre-master secret). If missing, try to pick a master key from cache
+ * (an earlier packet in the capture or key logfile). */
+ if (!(ssl->state & (SSL_MASTER_SECRET | SSL_PRE_MASTER_SECRET)) &&
+ !ssl_restore_master_key(ssl, "Session ID", FALSE,
+ mk_map->session, &ssl->session_id) &&
+ !ssl_restore_master_key(ssl, "Session Ticket", FALSE,
+ mk_map->session, &ssl->session_ticket) &&
+ !ssl_restore_master_key(ssl, "Client Random", FALSE,
+ mk_map->crandom, &ssl->client_random)) {
+ /* how unfortunate, the master secret could not be found */
+ ssl_debug_printf(" Cannot find master secret\n");
+ return;
}
- ms = (StringInfo *)g_hash_table_lookup(session_hash, &ssl->session_ticket);
-
- if (!ms) {
- ssl_debug_printf("ssl_restore_session_ticket can't find stored session ticket\n");
- return FALSE;
+ if (ssl_generate_keyring_material(ssl) < 0) {
+ ssl_debug_printf("%s can't generate keyring material\n", G_STRFUNC);
+ return;
}
- ssl_data_set(&ssl->master_secret, ms->data, ms->data_len);
- ssl->state |= SSL_MASTER_SECRET;
- ssl_debug_printf("ssl_restore_session_ticket master key retrieved\n");
- return TRUE;
+ /* Save Client Random/ Session ID for "SSL Export Session keys" */
+ ssl_save_master_key("Client Random", mk_map->crandom,
+ &ssl->client_random, &ssl->master_secret);
+ ssl_save_master_key("Session ID", mk_map->session,
+ &ssl->session_id, &ssl->master_secret);
+ ssl_save_master_key("Session Ticket", mk_map->session,
+ &ssl->session_ticket, &ssl->master_secret);
}
-int
+gboolean
ssl_is_valid_content_type(guint8 type)
{
- if ((type >= 0x14) && (type <= 0x18))
- {
- return 1;
+ switch ((ContentType) type) {
+ case SSL_ID_CHG_CIPHER_SPEC:
+ case SSL_ID_ALERT:
+ case SSL_ID_HANDSHAKE:
+ case SSL_ID_APP_DATA:
+ case SSL_ID_HEARTBEAT:
+ return TRUE;
}
-
- return 0;
+ return FALSE;
}
-static const unsigned int kRSAMasterSecretLength = 48; /* RFC5246 8.1 */
-
-/* ssl_keylog_parse_session_id parses, from |line|, a string that looks like:
- * RSA Session-ID:<hex session id> Master-Key:<hex TLS master secret>.
- *
- * It returns TRUE iff the session id matches |ssl_session| and the master
- * secret is correctly extracted. */
-static gboolean
-ssl_keylog_parse_session_id(const char* line,
- SslDecryptSession* ssl_session)
+gboolean
+ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls)
{
- gsize len = strlen(line);
- unsigned int i;
-
- if (ssl_session->session_id.data_len == 0)
- return FALSE;
-
- if (len < 15 || memcmp(line, "RSA Session-ID:", 15) != 0)
- return FALSE;
- line += 15;
- len -= 15;
-
- if (len < ssl_session->session_id.data_len*2)
- return FALSE;
-
- for (i = 0; i < ssl_session->session_id.data_len; i++) {
- if (from_hex_char(line[2*i]) != (ssl_session->session_id.data[i] >> 4) ||
- from_hex_char(line[2*i+1]) != (ssl_session->session_id.data[i] & 15)) {
- ssl_debug_printf(" line does not match session id\n");
- return FALSE;
- }
+ switch ((HandshakeType) hs_type) {
+ case SSL_HND_HELLO_VERIFY_REQUEST:
+ /* hello_verify_request is DTLS-only */
+ return is_dtls;
+
+ case SSL_HND_HELLO_REQUEST:
+ case SSL_HND_CLIENT_HELLO:
+ case SSL_HND_SERVER_HELLO:
+ case SSL_HND_NEWSESSION_TICKET:
+ case SSL_HND_CERTIFICATE:
+ case SSL_HND_SERVER_KEY_EXCHG:
+ case SSL_HND_CERT_REQUEST:
+ case SSL_HND_SVR_HELLO_DONE:
+ case SSL_HND_CERT_VERIFY:
+ case SSL_HND_CLIENT_KEY_EXCHG:
+ case SSL_HND_FINISHED:
+ case SSL_HND_CERT_URL:
+ case SSL_HND_CERT_STATUS:
+ case SSL_HND_SUPPLEMENTAL_DATA:
+ case SSL_HND_ENCRYPTED_EXTS:
+ return TRUE;
}
-
- line += 2*i;
- len -= 2*i;
-
- if (len != 12 + kRSAMasterSecretLength*2 ||
- memcmp(line, " Master-Key:", 12) != 0) {
- return FALSE;
- }
- line += 12;
- len -= 12;
-
- if (!from_hex(&ssl_session->master_secret, line, len))
- return FALSE;
- ssl_session->state &= ~(SSL_PRE_MASTER_SECRET|SSL_HAVE_SESSION_KEY);
- ssl_session->state |= SSL_MASTER_SECRET;
- ssl_debug_printf("found master secret in key log\n");
- return TRUE;
+ return FALSE;
}
-/* ssl_keylog_parse_client_random parses, from |line|, a string that looks like:
- * CLIENT_RANDOM <hex client_random> <hex TLS master secret>.
- *
- * It returns TRUE iff the client_random matches |ssl_session| and the master
- * secret is correctly extracted. */
-static gboolean
-ssl_keylog_parse_client_random(const char* line,
- SslDecryptSession* ssl_session)
-{
- static const unsigned int kTLSRandomSize = 32; /* RFC5246 A.6 */
- gsize len = strlen(line);
- unsigned int i;
-
- if (len < 14 || memcmp(line, "CLIENT_RANDOM ", 14) != 0)
- return FALSE;
- line += 14;
- len -= 14;
- if (len < kTLSRandomSize*2 ||
- ssl_session->client_random.data_len != kTLSRandomSize) {
- return FALSE;
- }
+/** keyfile handling */
- for (i = 0; i < kTLSRandomSize; i++) {
- if (from_hex_char(line[2*i]) != (ssl_session->client_random.data[i] >> 4) ||
- from_hex_char(line[2*i+1]) != (ssl_session->client_random.data[i] & 15)) {
- ssl_debug_printf(" line does not match client random\n");
- return FALSE;
+static GRegex *
+ssl_compile_keyfile_regex(void)
+{
+#define OCTET "(?:[[:xdigit:]]{2})"
+ const gchar *pattern =
+ "(?:"
+ /* Matches Client Hellos having this Client Random */
+ "PMS_CLIENT_RANDOM (?<client_random_pms>" OCTET "{32}) "
+ /* Matches first part of encrypted RSA pre-master secret */
+ "|RSA (?<encrypted_pmk>" OCTET "{8}) "
+ /* Pre-Master-Secret is given, it is 48 bytes for RSA,
+ but it can be of any length for DHE */
+ ")(?<pms>" OCTET "+)"
+ "|(?:"
+ /* Matches Server Hellos having a Session ID */
+ "RSA Session-ID:(?<session_id>" OCTET "+) Master-Key:"
+ /* Matches Client Hellos having this Client Random */
+ "|CLIENT_RANDOM (?<client_random>" OCTET "{32}) "
+ /* Master-Secret is given, its length is fixed */
+ ")(?<master_secret>" OCTET "{" G_STRINGIFY(SSL_MASTER_SECRET_LENGTH) "})";
+#undef OCTET
+ static GRegex *regex = NULL;
+ GError *gerr = NULL;
+
+ if (!regex) {
+ regex = g_regex_new(pattern, G_REGEX_OPTIMIZE,
+ G_REGEX_MATCH_ANCHORED, &gerr);
+ if (gerr) {
+ ssl_debug_printf("%s failed to compile regex: %s\n", G_STRFUNC,
+ gerr->message);
+ g_error_free(gerr);
+ regex = NULL;
}
}
- line += 2*kTLSRandomSize;
- len -= 2*kTLSRandomSize;
-
- if (len != 1 + kRSAMasterSecretLength*2 || line[0] != ' ')
- return FALSE;
- line++;
- len--;
-
- if (!from_hex(&ssl_session->master_secret, line, len))
- return FALSE;
- ssl_session->state &= ~(SSL_PRE_MASTER_SECRET|SSL_HAVE_SESSION_KEY);
- ssl_session->state |= SSL_MASTER_SECRET;
- ssl_debug_printf("found master secret in key log\n");
- return TRUE;
+ return regex;
}
-/* ssl_keylog_parse_session_id parses, from |line|, a string that looks like:
- * RSA <hex, 8-bytes of encrypted pre-master secret> <hex pre-master secret>.
- *
- * It returns TRUE iff the session id matches |ssl_session| and the master
- * secret is correctly extracted. */
static gboolean
-ssl_keylog_parse_rsa_premaster(const char* line,
- SslDecryptSession* ssl_session,
- StringInfo* encrypted_pre_master)
+file_needs_reopen(FILE *fp, const char *filename)
{
- static const unsigned int kRSAPremasterLength = 48; /* RFC5246 7.4.7.1 */
- gsize len = strlen(line);
- unsigned int i;
-
- if (encrypted_pre_master == NULL)
- return FALSE;
-
- if (encrypted_pre_master->data_len < 8)
- return FALSE;
-
- if (len < 4 || memcmp(line, "RSA ", 4) != 0)
- return FALSE;
- line += 4;
- len -= 4;
-
- if (len < 16)
- return FALSE;
-
- for (i = 0; i < 8; i++) {
- if (from_hex_char(line[2*i]) != (encrypted_pre_master->data[i] >> 4) ||
- from_hex_char(line[2*i+1]) != (encrypted_pre_master->data[i] & 15)) {
- ssl_debug_printf(" line does not match encrypted pre-master secret");
- return FALSE;
- }
- }
-
- line += 16;
- len -= 16;
-
- if (len != 1 + kRSAPremasterLength*2 || line[0] != ' ')
- return FALSE;
- line++;
- len--;
-
- if (!from_hex(&ssl_session->pre_master_secret, line, len))
- return FALSE;
- ssl_session->state &= ~(SSL_MASTER_SECRET|SSL_HAVE_SESSION_KEY);
- ssl_session->state |= SSL_PRE_MASTER_SECRET;
- ssl_debug_printf("found pre-master secret in key log\n");
-
- return TRUE;
+ ws_statb64 open_stat, current_stat;
+
+ /* consider a file deleted when stat fails for either file,
+ * or when the residing device / inode has changed. */
+ if (0 != ws_fstat64(fileno(fp), &open_stat))
+ return TRUE;
+ if (0 != ws_stat64(filename, ¤t_stat))
+ return TRUE;
+
+ /* Note: on Windows, ino may be 0. Existing files cannot be deleted on
+ * Windows, but hopefully the size is a good indicator when a file got
+ * removed and recreated */
+ return open_stat.st_dev != current_stat.st_dev ||
+ open_stat.st_ino != current_stat.st_ino ||
+ open_stat.st_size > current_stat.st_size;
}
-int
-ssl_keylog_lookup(SslDecryptSession* ssl_session,
- const gchar* ssl_keylog_filename,
- StringInfo* encrypted_pre_master) {
- FILE* ssl_keylog;
- int ret = -1;
-
- if (!ssl_keylog_filename)
- return -1;
+typedef struct ssl_master_key_match_group {
+ const char *re_group_name;
+ GHashTable *master_key_ht;
+} ssl_master_key_match_group_t;
- ssl_debug_printf("trying to use SSL keylog in %s\n", ssl_keylog_filename);
-
- ssl_keylog = ws_fopen(ssl_keylog_filename, "r");
- if (!ssl_keylog) {
- ssl_debug_printf("failed to open SSL keylog\n");
- return -1;
+void
+ssl_load_keyfile(const gchar *ssl_keylog_filename, FILE **keylog_file,
+ const ssl_master_key_map_t *mk_map)
+{
+ unsigned i;
+ GRegex *regex;
+ ssl_master_key_match_group_t mk_groups[] = {
+ { "encrypted_pmk", mk_map->pre_master },
+ { "session_id", mk_map->session },
+ { "client_random", mk_map->crandom },
+ { "client_random_pms", mk_map->pms},
+ };
+ /* no need to try if no key log file is configured. */
+ if (!ssl_keylog_filename || !*ssl_keylog_filename) {
+ ssl_debug_printf("%s dtls/ssl.keylog_file is not configured!\n",
+ G_STRFUNC);
+ return;
}
/* The format of the file is a series of records with one of the following formats:
* This is somewhat is a misnomer because there's nothing RSA specific
* about this.
*
+ * - "PMS_CLIENT_RANDOM xxxx yyyy"
+ * Where xxxx is the client_random from the ClientHello (hex-encoded)
+ * Where yyyy is the cleartext pre-master secret (hex-encoded)
+ * (This format allows SSL connections to be decrypted, if a user can
+ * capture the PMS but could not recover the MS for a specific session
+ * with a SSL Server.)
+ *
* - "CLIENT_RANDOM xxxx yyyy"
* Where xxxx is the client_random from the ClientHello (hex-encoded)
- * Where yyy is the cleartext master secret (hex-encoded)
+ * Where yyyy is the cleartext master secret (hex-encoded)
* (This format allows non-RSA SSL connections to be decrypted, i.e.
* ECDHE-RSA.)
*/
+ regex = ssl_compile_keyfile_regex();
+ if (!regex)
+ return;
+
+ ssl_debug_printf("trying to use SSL keylog in %s\n", ssl_keylog_filename);
+
+ /* if the keylog file was deleted, re-open it */
+ if (*keylog_file && file_needs_reopen(*keylog_file, ssl_keylog_filename)) {
+ ssl_debug_printf("%s file got deleted, trying to re-open\n", G_STRFUNC);
+ fclose(*keylog_file);
+ *keylog_file = NULL;
+ }
+
+ if (*keylog_file == NULL) {
+ *keylog_file = ws_fopen(ssl_keylog_filename, "r");
+ if (!*keylog_file) {
+ ssl_debug_printf("%s failed to open SSL keylog\n", G_STRFUNC);
+ return;
+ }
+ }
+
for (;;) {
char buf[512], *line;
gsize bytes_read;
+ GMatchInfo *mi;
- line = fgets(buf, sizeof(buf), ssl_keylog);
+ line = fgets(buf, sizeof(buf), *keylog_file);
if (!line)
break;
bytes_read = strlen(line);
/* fgets includes the \n at the end of the line. */
- if (bytes_read > 0) {
+ if (bytes_read > 0 && line[bytes_read - 1] == '\n') {
line[bytes_read - 1] = 0;
bytes_read--;
}
}
ssl_debug_printf(" checking keylog line: %s\n", line);
+ if (g_regex_match(regex, line, G_REGEX_MATCH_ANCHORED, &mi)) {
+ gchar *hex_key, *hex_pre_ms_or_ms;
+ StringInfo *key = wmem_new(wmem_file_scope(), StringInfo);
+ StringInfo *pre_ms_or_ms = NULL;
+ GHashTable *ht = NULL;
+
+ /* Is the PMS being supplied with the PMS_CLIENT_RANDOM
+ * otherwise we will use the Master Secret
+ */
+ hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "master_secret");
+ if (hex_pre_ms_or_ms == NULL || strlen(hex_pre_ms_or_ms) == 0){
+ g_free(hex_pre_ms_or_ms);
+ hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "pms");
+ }
+ /* There is always a match, otherwise the regex is wrong. */
+ DISSECTOR_ASSERT(hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms));
+
+ /* convert from hex to bytes and save to hashtable */
+ pre_ms_or_ms = wmem_new(wmem_file_scope(), StringInfo);
+ from_hex(pre_ms_or_ms, hex_pre_ms_or_ms, strlen(hex_pre_ms_or_ms));
+ g_free(hex_pre_ms_or_ms);
+
+ /* Find a master key from any format (CLIENT_RANDOM, SID, ...) */
+ for (i = 0; i < G_N_ELEMENTS(mk_groups); i++) {
+ ssl_master_key_match_group_t *g = &mk_groups[i];
+ hex_key = g_match_info_fetch_named(mi, g->re_group_name);
+ if (hex_key && *hex_key) {
+ ssl_debug_printf(" matched %s\n", g->re_group_name);
+ ht = g->master_key_ht;
+ from_hex(key, hex_key, strlen(hex_key));
+ g_free(hex_key);
+ break;
+ }
+ g_free(hex_key);
+ }
+ DISSECTOR_ASSERT(ht); /* Cannot be reached, or regex is wrong. */
+
+ g_hash_table_insert(ht, key, pre_ms_or_ms);
- if (ssl_keylog_parse_session_id(line, ssl_session) ||
- ssl_keylog_parse_rsa_premaster(line, ssl_session,
- encrypted_pre_master) ||
- ssl_keylog_parse_client_random(line, ssl_session)) {
- ret = 1;
- break;
} else {
- ssl_debug_printf(" line does not match\n");
+ ssl_debug_printf(" unrecognized line\n");
}
+ /* always free match info even if there is no match. */
+ g_match_info_free(mi);
}
-
- fclose(ssl_keylog);
- return ret;
}
#ifdef SSL_DECRYPT_DEBUG
fputc('|', ssl_debug_file);
for (j=i, k=0; k<16 && j<len; ++j, ++k) {
guchar c = data[j];
- if (!isprint(c) || (c=='\t')) c = '.';
+ if (!g_ascii_isprint(c) || (c=='\t')) c = '.';
fputc(c, ssl_debug_file);
}
for (; k<16; ++k)
/* checks for SSL and DTLS UAT key list fields */
gboolean
-ssldecrypt_uat_fld_ip_chk_cb(void* r _U_, const char* p, guint len _U_, const void* u1 _U_, const void* u2 _U_, const char** err)
+ssldecrypt_uat_fld_ip_chk_cb(void* r _U_, const char* p, guint len _U_, const void* u1 _U_, const void* u2 _U_, char** err)
{
if (!p || strlen(p) == 0u) {
- *err = ep_strdup_printf("No IP address given.");
+ *err = g_strdup_printf("No IP address given.");
return FALSE;
}
}
gboolean
-ssldecrypt_uat_fld_port_chk_cb(void* r _U_, const char* p, guint len _U_, const void* u1 _U_, const void* u2 _U_, const char** err)
+ssldecrypt_uat_fld_port_chk_cb(void* r _U_, const char* p, guint len _U_, const void* u1 _U_, const void* u2 _U_, char** err)
{
if (!p || strlen(p) == 0u) {
- *err = ep_strdup_printf("No Port given.");
+ *err = g_strdup_printf("No Port given.");
return FALSE;
}
if (strcmp(p, "start_tls") != 0){
const gint i = atoi(p);
if (i < 0 || i > 65535) {
- *err = ep_strdup_printf("Invalid port given.");
+ *err = g_strdup_printf("Invalid port given.");
return FALSE;
}
}
}
gboolean
-ssldecrypt_uat_fld_protocol_chk_cb(void* r _U_, const char* p, guint len _U_, const void* u1 _U_, const void* u2 _U_, const char** err)
+ssldecrypt_uat_fld_protocol_chk_cb(void* r _U_, const char* p, guint len _U_, const void* u1 _U_, const void* u2 _U_, char** err)
{
if (!p || strlen(p) == 0u) {
- *err = ep_strdup_printf("No protocol given.");
+ *err = g_strdup_printf("No protocol given.");
return FALSE;
}
if (!find_dissector(p)) {
- *err = ep_strdup_printf("Could not find dissector for: '%s'\nValid dissectors are:\n%s", p, ssl_association_info());
+ if (proto_get_id_by_filter_name(p) != -1) {
+ *err = g_strdup_printf("While '%s' is a valid dissector filter name, that dissector is not configured"
+ " to support SSL decryption.\n\n"
+ "If you need to decrypt '%s' over SSL, please contact the Wireshark development team.", p, p);
+ } else {
+ char* ssl_str = ssl_association_info();
+ *err = g_strdup_printf("Could not find dissector for: '%s'\nCommonly used SSL dissectors include:\n%s", p, ssl_str);
+ g_free(ssl_str);
+ }
return FALSE;
}
}
gboolean
-ssldecrypt_uat_fld_fileopen_chk_cb(void* r _U_, const char* p, guint len _U_, const void* u1 _U_, const void* u2 _U_, const char** err)
+ssldecrypt_uat_fld_fileopen_chk_cb(void* r _U_, const char* p, guint len _U_, const void* u1 _U_, const void* u2 _U_, char** err)
{
ws_statb64 st;
if (!p || strlen(p) == 0u) {
- *err = ep_strdup_printf("No filename given.");
+ *err = g_strdup_printf("No filename given.");
return FALSE;
} else {
if (ws_stat64(p, &st) != 0) {
- *err = ep_strdup_printf("File '%s' does not exist or access is denied.", p);
+ *err = g_strdup_printf("File '%s' does not exist or access is denied.", p);
return FALSE;
}
}
}
gboolean
-ssldecrypt_uat_fld_password_chk_cb(void* r _U_, const char* p, guint len _U_, const void* u1 _U_, const void* u2 _U_, const char ** err)
+ssldecrypt_uat_fld_password_chk_cb(void *r _U_, const char *p _U_, guint len _U_, const void *u1 _U_, const void *u2 _U_, char **err)
{
+#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
ssldecrypt_assoc_t* f = (ssldecrypt_assoc_t *)r;
FILE *fp = NULL;
if (p && (strlen(p) > 0u)) {
fp = ws_fopen(f->keyfile, "rb");
if (fp) {
- const char *msg = NULL;
- if (!ssl_load_pkcs12(fp, p, &msg)) {
+ char *msg = NULL;
+ gnutls_x509_privkey_t priv_key = ssl_load_pkcs12(fp, p, &msg);
+ if (!priv_key) {
fclose(fp);
- *err = ep_strdup_printf("Could not load PKCS#12 key file: %s", msg);
+ *err = g_strdup_printf("Could not load PKCS#12 key file: %s", msg);
+ g_free(msg);
return FALSE;
}
+ g_free(msg);
+ gnutls_x509_privkey_deinit(priv_key);
fclose(fp);
} else {
- *err = ep_strdup_printf("Leave this field blank if the keyfile is not PKCS#12.");
+ *err = g_strdup_printf("Leave this field blank if the keyfile is not PKCS#12.");
return FALSE;
}
}
*err = NULL;
return TRUE;
+#else
+ *err = g_strdup("Cannot load key files, support is not compiled in.");
+ return FALSE;
+#endif
}
/* dissect a list of hash algorithms, return the number of bytes dissected
this is used for the signature algorithms extension and for the
TLS1.2 certificate request */
-gint
+static gint
ssl_dissect_hash_alg_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
- guint32 offset, guint16 len)
+ packet_info* pinfo, guint32 offset, guint16 len)
{
guint32 offset_start;
proto_tree *subtree, *alg_tree;
subtree = proto_item_add_subtree(ti, hf->ett.hs_sig_hash_algs);
if (len % 2) {
- proto_tree_add_text(tree, tvb, offset, 2,
+ expert_add_info_format(pinfo, ti, &hf->ei.hs_sig_hash_algs_bad,
"Invalid Signature Hash Algorithm length: %d", len);
return offset-offset_start;
}
static gint
ssl_dissect_hnd_hello_ext_sig_hash_algs(ssl_common_dissect_t *hf, tvbuff_t *tvb,
- proto_tree *tree, guint32 offset, guint32 ext_len)
+ proto_tree *tree, packet_info* pinfo, guint32 offset, guint32 ext_len)
{
guint16 sh_alg_length;
gint ret;
return offset;
}
- ret = ssl_dissect_hash_alg_list(hf, tvb, tree, offset, sh_alg_length);
+ ret = ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, sh_alg_length);
if (ret >= 0)
offset += ret;
static gint
ssl_dissect_hnd_hello_ext_alpn(ssl_common_dissect_t *hf, tvbuff_t *tvb,
- proto_tree *tree, guint32 offset, guint32 ext_len)
+ proto_tree *tree, guint32 offset, guint32 ext_len,
+ gboolean is_client, SslSession *session)
{
guint16 alpn_length;
guint8 name_length;
tvb, offset, alpn_length, ENC_NA);
alpn_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_alpn);
+ /* If ALPN is given in ServerHello, then ProtocolNameList MUST contain
+ * exactly one "ProtocolName". */
+ if (!is_client) {
+ guint8 *proto_name;
+ size_t i;
+
+ name_length = tvb_get_guint8(tvb, offset);
+ /* '\0'-terminated string for prefix/full string comparison purposes. */
+ proto_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset + 1,
+ name_length, ENC_ASCII);
+ for (i = 0; i < G_N_ELEMENTS(ssl_alpn_protocols); i++) {
+ const ssl_alpn_protocol_t *alpn_proto = &ssl_alpn_protocols[i];
+
+ if (name_length >= alpn_proto->proto_name_len &&
+ (memcmp(proto_name, alpn_proto->proto_name,
+ alpn_proto->proto_name_len) == 0)) {
+
+ dissector_handle_t handle;
+ /* ProtocolName match, so set the App data dissector handle.
+ * This may override protocols given via the UAT dialog, but
+ * since the ALPN hint is precise, do it anyway. */
+ handle = find_dissector(alpn_proto->dissector_name);
+ ssl_debug_printf("%s: changing handle %p to %p (%s)", G_STRFUNC,
+ (void *)session->app_handle,
+ (void *)handle, alpn_proto->dissector_name);
+ /* if dissector is disabled, do not overwrite previous one */
+ if (handle)
+ session->app_handle = handle;
+ break;
+ }
+ }
+ }
+
while (alpn_length > 0) {
name_length = tvb_get_guint8(tvb, offset);
proto_tree_add_item(alpn_tree, hf->hf.hs_ext_alpn_str_len,
{
guint8 npn_length;
proto_tree *npn_tree;
- proto_item *ti;
if (ext_len == 0) {
return offset;
}
- ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Next Protocol Negotiation");
- npn_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_npn);
+ npn_tree = proto_tree_add_subtree(tree, tvb, offset, ext_len, hf->ett.hs_ext_npn, NULL, "Next Protocol Negotiation");
while (ext_len > 0) {
npn_length = tvb_get_guint8(tvb, offset);
ext_len--;
if (npn_length > 0) {
- tvb_ensure_bytes_exist(tvb, offset, npn_length);
proto_tree_add_item(npn_tree, hf->hf.hs_ext_npn_str,
tvb, offset, npn_length, ENC_ASCII|ENC_NA);
offset += npn_length;
{
guint8 reneg_info_length;
proto_tree *reneg_info_tree;
- proto_item *ti;
if (ext_len == 0) {
return offset;
}
- ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Renegotiation Info extension");
- reneg_info_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_reneg_info);
+ reneg_info_tree = proto_tree_add_subtree(tree, tvb, offset, ext_len, hf->ett.hs_ext_reneg_info, NULL, "Renegotiation Info extension");
reneg_info_length = tvb_get_guint8(tvb, offset);
proto_tree_add_item(reneg_info_tree, hf->hf.hs_ext_reneg_info_len,
offset += 1;
if (reneg_info_length > 0) {
- tvb_ensure_bytes_exist(tvb, offset, reneg_info_length);
- proto_tree_add_text(reneg_info_tree, tvb, offset, reneg_info_length, "Renegotiation Info");
+ proto_tree_add_item(reneg_info_tree, hf->hf.hs_ext_reneg_info, tvb, offset, reneg_info_length, ENC_NA);
offset += reneg_info_length;
}
{
guint16 server_name_length;
proto_tree *server_name_tree;
- proto_item *ti;
if (ext_len == 0) {
return offset;
}
- ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Server Name Indication extension");
- server_name_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_server_name);
+ server_name_tree = proto_tree_add_subtree(tree, tvb, offset, ext_len, hf->ett.hs_ext_server_name, NULL, "Server Name Indication extension");
proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name_list_len,
tvb, offset, 2, ENC_BIG_ENDIAN);
ext_len -= 2;
if (server_name_length > 0) {
- tvb_ensure_bytes_exist(tvb, offset, server_name_length);
proto_tree_add_item(server_name_tree, hf->hf.hs_ext_server_name,
tvb, offset, server_name_length, ENC_ASCII|ENC_NA);
offset += server_name_length;
return offset;
}
+static gint
+ssl_dissect_hnd_hello_ext_padding(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 ext_len)
+{
+ guint8 padding_length;
+ proto_tree *padding_tree;
+ proto_item *ti;
+
+ if (ext_len == 0) {
+ return offset;
+ }
+
+ ti = proto_tree_add_item(tree, hf->hf.hs_ext_padding_data, tvb, offset, ext_len, ENC_NA);
+ padding_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_padding);
+
+
+ proto_tree_add_item(padding_tree, hf->hf.hs_ext_padding_len, tvb, offset, 2, ENC_NA);
+ padding_length = tvb_get_guint8(tvb, offset);
+ offset += 2;
+
+ proto_tree_add_item(padding_tree, hf->hf.hs_ext_padding_data, tvb, offset, padding_length, ENC_NA);
+ offset += padding_length;
+
+ return offset;
+}
+
static gint
ssl_dissect_hnd_hello_ext_session_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb,
proto_tree *tree, guint32 offset, guint32 ext_len, gboolean is_client, SslDecryptSession *ssl)
{
- if(is_client && ssl && ext_len != 0)
- {
- /*save the ticket on the ssl opaque so that we can use it as key on server hello */
+ if (is_client && ssl && ext_len != 0) {
+ tvb_ensure_bytes_exist(tvb, offset, ext_len);
+ /* Save the Session Ticket such that it can be used as identifier for
+ * restoring a previous Master Secret (in ChangeCipherSpec) */
ssl->session_ticket.data = (guchar*)wmem_realloc(wmem_file_scope(),
ssl->session_ticket.data, ext_len);
- tvb_memcpy(tvb,ssl->session_ticket.data, offset, ext_len);
ssl->session_ticket.data_len = ext_len;
+ tvb_memcpy(tvb,ssl->session_ticket.data, offset, ext_len);
}
proto_tree_add_bytes_format(tree, hf->hf.hs_ext_data,
tvb, offset, ext_len, NULL,
return offset + ext_len;
}
+static gint
+ssl_dissect_hnd_hello_ext_cert_type(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 ext_len,
+ gboolean is_client, guint16 ext_type, SslSession *session)
+{
+ guint8 cert_list_length;
+ guint8 cert_type;
+ proto_tree *cert_list_tree;
+ proto_item *ti;
+
+ if (is_client) {
+ cert_list_length = tvb_get_guint8(tvb, offset);
+ proto_tree_add_item(tree, hf->hf.hs_ext_cert_types_len,
+ tvb, offset, 1, ENC_BIG_ENDIAN);
+ offset += 1;
+ if (ext_len != (guint32)cert_list_length + 1)
+ return offset;
+
+ ti = proto_tree_add_item(tree, hf->hf.hs_ext_cert_types, tvb, offset,
+ cert_list_length, cert_list_length);
+ proto_item_append_text(ti, " (%d)", cert_list_length);
+
+ /* make this a subtree */
+ cert_list_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_cert_types);
+
+ /* loop over all point formats */
+ while (cert_list_length > 0)
+ {
+ proto_tree_add_item(cert_list_tree, hf->hf.hs_ext_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN);
+ offset++;
+ cert_list_length--;
+ }
+ } else {
+ cert_type = tvb_get_guint8(tvb, offset);
+ proto_tree_add_item(tree, hf->hf.hs_ext_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN);
+ offset += 1;
+ if (ext_type == SSL_HND_HELLO_EXT_CERT_TYPE || ext_type == SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE) {
+ session->client_cert_type = cert_type;
+ }
+ if (ext_type == SSL_HND_HELLO_EXT_CERT_TYPE || ext_type == SSL_HND_HELLO_EXT_SERVER_CERT_TYPE) {
+ session->server_cert_type = cert_type;
+ }
+ }
+
+ return offset;
+}
+
+static gint
+ssl_dissect_hnd_hello_common(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ SslDecryptSession *ssl, gboolean from_server)
+{
+ nstime_t gmt_unix_time;
+ guint8 sessid_length;
+ proto_tree *rnd_tree;
+
+ if (tree || ssl) {
+ if (ssl) {
+ StringInfo *rnd;
+ if (from_server)
+ rnd = &ssl->server_random;
+ else
+ rnd = &ssl->client_random;
+
+ /* save provided random for later keyring generation */
+ tvb_memcpy(tvb, rnd->data, offset, 32);
+ rnd->data_len = 32;
+ if (from_server)
+ ssl->state |= SSL_SERVER_RANDOM;
+ else
+ ssl->state |= SSL_CLIENT_RANDOM;
+ ssl_debug_printf("%s found %s RANDOM -> state 0x%02X\n", G_STRFUNC,
+ from_server ? "SERVER" : "CLIENT", ssl->state);
+ }
+
+ rnd_tree = proto_tree_add_subtree(tree, tvb, offset, 32,
+ hf->ett.hs_random, NULL, "Random");
+
+ /* show the time */
+ gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
+ gmt_unix_time.nsecs = 0;
+ proto_tree_add_time(rnd_tree, hf->hf.hs_random_time,
+ tvb, offset, 4, &gmt_unix_time);
+ offset += 4;
+
+ /* show the random bytes */
+ proto_tree_add_item(rnd_tree, hf->hf.hs_random_bytes,
+ tvb, offset, 28, ENC_NA);
+ offset += 28;
+
+ /* show the session id (length followed by actual Session ID) */
+ sessid_length = tvb_get_guint8(tvb, offset);
+ proto_tree_add_item(tree, hf->hf.hs_session_id_len,
+ tvb, offset, 1, ENC_BIG_ENDIAN);
+ offset++;
+
+ if (ssl) {
+ /* save the authorative SID for later use in ChangeCipherSpec.
+ * (D)TLS restricts the SID to 32 chars, it does not make sense to
+ * save more, so ignore larger ones. */
+ if (from_server && sessid_length <= 32) {
+ tvb_memcpy(tvb, ssl->session_id.data, offset, sessid_length);
+ ssl->session_id.data_len = sessid_length;
+ }
+ }
+ if (sessid_length > 0) {
+ proto_tree_add_item(tree, hf->hf.hs_session_id,
+ tvb, offset, sessid_length, ENC_NA);
+ offset += sessid_length;
+ }
+ }
+
+ return offset;
+}
+
+static gint
+ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
+ packet_info* pinfo, guint32 offset, guint32 left, gboolean is_client,
+ SslSession *session, SslDecryptSession *ssl);
+
+void
+ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ packet_info *pinfo, proto_tree *tree, guint32 offset,
+ guint32 length, SslSession *session,
+ SslDecryptSession *ssl, dtls_hfs_t *dtls_hfs)
+{
+ /* struct {
+ * ProtocolVersion client_version;
+ * Random random;
+ * SessionID session_id;
+ * opaque cookie<0..32>; //new field for DTLS
+ * CipherSuite cipher_suites<2..2^16-1>;
+ * CompressionMethod compression_methods<1..2^8-1>;
+ * Extension client_hello_extension_list<0..2^16-1>;
+ * } ClientHello;
+ *
+ */
+ proto_item *ti;
+ proto_tree *cs_tree;
+ guint16 cipher_suite_length;
+ guint8 compression_methods_length;
+ guint8 compression_method;
+ guint16 start_offset = offset;
+
+ /* show the client version */
+ proto_tree_add_item(tree, hf->hf.hs_client_version, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+
+ /* dissect fields that are also present in ClientHello */
+ offset = ssl_dissect_hnd_hello_common(hf, tvb, tree, offset, ssl, FALSE);
+
+ /* fields specific for DTLS (cookie_len, cookie) */
+ if (dtls_hfs != NULL) {
+ /* look for a cookie */
+ guint8 cookie_length = tvb_get_guint8(tvb, offset);
+
+ proto_tree_add_uint(tree, dtls_hfs->hf_dtls_handshake_cookie_len,
+ tvb, offset, 1, cookie_length);
+ offset++;
+ if (cookie_length > 0) {
+ proto_tree_add_item(tree, dtls_hfs->hf_dtls_handshake_cookie,
+ tvb, offset, cookie_length, ENC_NA);
+ offset += cookie_length;
+ }
+ }
+
+ /* tell the user how many cipher suites there are */
+ cipher_suite_length = tvb_get_ntohs(tvb, offset);
+ ti = proto_tree_add_item(tree, hf->hf.hs_cipher_suites_len,
+ tvb, offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+ if (cipher_suite_length > 0) {
+ if (cipher_suite_length % 2) {
+ expert_add_info_format(pinfo, ti, &hf->ei.hs_cipher_suites_len_bad,
+ "Cipher suite length (%d) must be a multiple of 2",
+ cipher_suite_length);
+ return;
+ }
+ ti = proto_tree_add_none_format(tree,
+ hf->hf.hs_cipher_suites,
+ tvb, offset, cipher_suite_length,
+ "Cipher Suites (%d suite%s)",
+ cipher_suite_length / 2,
+ plurality(cipher_suite_length/2, "", "s"));
+
+ /* make this a subtree */
+ cs_tree = proto_item_add_subtree(ti, hf->ett.cipher_suites);
+
+ while (cipher_suite_length > 0) {
+ proto_tree_add_item(cs_tree, hf->hf.hs_cipher_suite,
+ tvb, offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+ cipher_suite_length -= 2;
+ }
+ }
+ /* tell the user how many compression methods there are */
+ compression_methods_length = tvb_get_guint8(tvb, offset);
+ proto_tree_add_uint(tree, hf->hf.hs_comp_methods_len,
+ tvb, offset, 1, compression_methods_length);
+ offset += 1;
+ if (compression_methods_length > 0) {
+ ti = proto_tree_add_none_format(tree,
+ hf->hf.hs_comp_methods,
+ tvb, offset, compression_methods_length,
+ "Compression Methods (%u method%s)",
+ compression_methods_length,
+ plurality(compression_methods_length,
+ "", "s"));
+
+ /* make this a subtree */
+ cs_tree = proto_item_add_subtree(ti, hf->ett.comp_methods);
+
+ while (compression_methods_length > 0) {
+ compression_method = tvb_get_guint8(tvb, offset);
+ /* TODO: make reserved/private comp meth. fields selectable */
+ if (compression_method < 64)
+ proto_tree_add_uint(cs_tree, hf->hf.hs_comp_method,
+ tvb, offset, 1, compression_method);
+ else if (compression_method > 63 && compression_method < 193)
+ proto_tree_add_uint_format_value(cs_tree, hf->hf.hs_comp_method, tvb, offset, 1,
+ compression_method, "Reserved - to be assigned by IANA (%u)",
+ compression_method);
+ else
+ proto_tree_add_uint_format_value(cs_tree, hf->hf.hs_comp_method, tvb, offset, 1,
+ compression_method, "Private use range (%u)",
+ compression_method);
+ offset++;
+ compression_methods_length--;
+ }
+ }
+ if (length > offset - start_offset) {
+ ssl_dissect_hnd_hello_ext(hf, tvb, tree, pinfo, offset,
+ length - (offset - start_offset), TRUE,
+ session, ssl);
+ }
+}
+
+void
+ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ packet_info* pinfo, proto_tree *tree, guint32 offset, guint32 length,
+ SslSession *session, SslDecryptSession *ssl)
+{
+ /* struct {
+ * ProtocolVersion server_version;
+ * Random random;
+ * SessionID session_id;
+ * CipherSuite cipher_suite;
+ * CompressionMethod compression_method;
+ * Extension server_hello_extension_list<0..2^16-1>;
+ * } ServerHello;
+ */
+ guint16 start_offset = offset;
+
+ /* show the server version */
+ proto_tree_add_item(tree, hf->hf.hs_server_version, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+
+ /* dissect fields that are also present in ClientHello */
+ offset = ssl_dissect_hnd_hello_common(hf, tvb, tree, offset, ssl, TRUE);
+
+ if (ssl) {
+ /* store selected cipher suite for decryption */
+ ssl->session.cipher = tvb_get_ntohs(tvb, offset);
+
+ if (ssl_find_cipher(ssl->session.cipher, &ssl->cipher_suite) < 0) {
+ ssl_debug_printf("%s can't find cipher suite 0x%04X\n",
+ G_STRFUNC, ssl->session.cipher);
+ } else {
+ /* Cipher found, save this for the delayed decoder init */
+ ssl->state |= SSL_CIPHER;
+ ssl_debug_printf("%s found CIPHER 0x%04X -> state 0x%02X\n",
+ G_STRFUNC, ssl->session.cipher, ssl->state);
+ }
+ }
+
+ /* now the server-selected cipher suite */
+ proto_tree_add_item(tree, hf->hf.hs_cipher_suite,
+ tvb, offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+
+ if (ssl) {
+ /* store selected compression method for decryption */
+ ssl->session.compression = tvb_get_guint8(tvb, offset);
+ }
+ /* and the server-selected compression method */
+ proto_tree_add_item(tree, hf->hf.hs_comp_method,
+ tvb, offset, 1, ENC_BIG_ENDIAN);
+ offset++;
+
+ /* remaining data are extensions */
+ if (length > offset - start_offset) {
+ ssl_dissect_hnd_hello_ext(hf, tvb, tree, pinfo, offset,
+ length - (offset - start_offset), FALSE,
+ session, ssl);
+ }
+}
+
+void
+ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ SslDecryptSession *ssl,
+ GHashTable *session_hash)
+{
+ proto_tree *subtree;
+ guint16 ticket_len;
+
+ /* length of session ticket, may be 0 if the server has sent the
+ * SessionTicket extension, but decides not to use one. */
+ ticket_len = tvb_get_ntohs(tvb, offset + 4);
+ subtree = proto_tree_add_subtree(tree, tvb, offset, 6 + ticket_len,
+ hf->ett.session_ticket, NULL,
+ "TLS Session Ticket");
+
+ /* ticket lifetime hint */
+ proto_tree_add_item(subtree, hf->hf.hs_session_ticket_lifetime_hint,
+ tvb, offset, 4, ENC_BIG_ENDIAN);
+ offset += 4;
+
+ /* opaque ticket (length, data) */
+ proto_tree_add_item(subtree, hf->hf.hs_session_ticket_len,
+ tvb, offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+ /* Content depends on implementation, so just show data! */
+ proto_tree_add_item(subtree, hf->hf.hs_session_ticket,
+ tvb, offset, ticket_len, ENC_NA);
+ /* save the session ticket to cache for ssl_finalize_decryption */
+ if (ssl) {
+ tvb_ensure_bytes_exist(tvb, offset, ticket_len);
+ ssl->session_ticket.data = (guchar*)wmem_realloc(wmem_file_scope(),
+ ssl->session_ticket.data, ticket_len);
+ ssl->session_ticket.data_len = ticket_len;
+ tvb_memcpy(tvb, ssl->session_ticket.data, offset, ticket_len);
+ /* NewSessionTicket is received after the first (client)
+ * ChangeCipherSpec, and before the second (server) ChangeCipherSpec.
+ * Since the second CCS has already the session key available it will
+ * just return. To ensure that the session ticket is mapped to a
+ * master key (from the first CCS), save the ticket here too. */
+ ssl_save_master_key("Session Ticket", session_hash,
+ &ssl->session_ticket, &ssl->master_secret);
+ }
+}
+
+void
+ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
+ guint32 offset, packet_info *pinfo,
+ const SslSession *session, SslDecryptSession *ssl _U_,
+ GHashTable *key_hash _U_, gint is_from_server)
+{
+ /* opaque ASN.1Cert<1..2^24-1>;
+ *
+ * struct {
+ * select(certificate_type) {
+ *
+ * // certificate type defined in RFC 7250
+ * case RawPublicKey:
+ * opaque ASN.1_subjectPublicKeyInfo<1..2^24-1>;
+ *
+ * // X.509 certificate defined in RFC 5246
+ * case X.509:
+ * ASN.1Cert certificate_list<0..2^24-1>;
+ * };
+ * } Certificate;
+ */
+ enum { CERT_X509, CERT_RPK } cert_type;
+ asn1_ctx_t asn1_ctx;
+#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
+ gnutls_datum_t subjectPublicKeyInfo = { NULL, 0 };
+#endif
+
+ asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+
+ if ((is_from_server && session->server_cert_type == SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY) ||
+ (!is_from_server && session->client_cert_type == SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY)) {
+ cert_type = CERT_RPK;
+ } else {
+ cert_type = CERT_X509;
+ }
+
+#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
+ /* Ask the pkcs1 dissector to return the public key details */
+ if (ssl)
+ asn1_ctx.private_data = &subjectPublicKeyInfo;
+#endif
+
+ switch (cert_type) {
+ case CERT_RPK:
+ {
+ proto_tree_add_item(tree, hf->hf.hs_certificate_len,
+ tvb, offset, 3, ENC_BIG_ENDIAN);
+ offset += 3;
+
+ dissect_x509af_SubjectPublicKeyInfo(FALSE, tvb, offset, &asn1_ctx, tree, hf->hf.hs_certificate);
+
+ break;
+ }
+ case CERT_X509:
+ {
+ guint32 certificate_list_length;
+ proto_item *ti;
+ proto_tree *subtree;
+
+ certificate_list_length = tvb_get_ntoh24(tvb, offset);
+
+ proto_tree_add_uint(tree, hf->hf.hs_certificates_len,
+ tvb, offset, 3, certificate_list_length);
+ offset += 3; /* 24-bit length value */
+
+ if (certificate_list_length > 0) {
+ ti = proto_tree_add_none_format(tree,
+ hf->hf.hs_certificates,
+ tvb, offset, certificate_list_length,
+ "Certificates (%u bytes)",
+ certificate_list_length);
+
+ /* make it a subtree */
+ subtree = proto_item_add_subtree(ti, hf->ett.certificates);
+
+ /* iterate through each certificate */
+ while (certificate_list_length > 0) {
+ /* get the length of the current certificate */
+ guint32 cert_length;
+ cert_length = tvb_get_ntoh24(tvb, offset);
+ certificate_list_length -= 3 + cert_length;
+
+ proto_tree_add_item(subtree, hf->hf.hs_certificate_len,
+ tvb, offset, 3, ENC_BIG_ENDIAN);
+ offset += 3;
+
+ dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, subtree, hf->hf.hs_certificate);
+#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
+ /* Only attempt to get the RSA modulus for the first cert. */
+ asn1_ctx.private_data = NULL;
+#endif
+
+ offset += cert_length;
+ }
+ }
+ break;
+ }
+ }
+
+#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
+ if (ssl)
+ ssl_find_private_key_by_pubkey(ssl, key_hash, &subjectPublicKeyInfo);
+#endif
+}
+
+void
+ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, packet_info *pinfo,
+ const SslSession *session)
+{
+ /*
+ * enum {
+ * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
+ * (255)
+ * } ClientCertificateType;
+ *
+ * opaque DistinguishedName<1..2^16-1>;
+ *
+ * struct {
+ * ClientCertificateType certificate_types<1..2^8-1>;
+ * DistinguishedName certificate_authorities<3..2^16-1>;
+ * } CertificateRequest;
+ *
+ *
+ * As per TLSv1.2 (RFC 5246) the format has changed to:
+ *
+ * enum {
+ * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
+ * rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),
+ * fortezza_dms_RESERVED(20), (255)
+ * } ClientCertificateType;
+ *
+ * enum {
+ * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
+ * sha512(6), (255)
+ * } HashAlgorithm;
+ *
+ * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
+ * SignatureAlgorithm;
+ *
+ * struct {
+ * HashAlgorithm hash;
+ * SignatureAlgorithm signature;
+ * } SignatureAndHashAlgorithm;
+ *
+ * SignatureAndHashAlgorithm
+ * supported_signature_algorithms<2..2^16-2>;
+ *
+ * opaque DistinguishedName<1..2^16-1>;
+ *
+ * struct {
+ * ClientCertificateType certificate_types<1..2^8-1>;
+ * SignatureAndHashAlgorithm
+ * supported_signature_algorithms<2^16-1>;
+ * DistinguishedName certificate_authorities<0..2^16-1>;
+ * } CertificateRequest;
+ *
+ */
+ proto_item *ti;
+ proto_tree *subtree;
+ guint8 cert_types_count;
+ gint sh_alg_length;
+ gint dnames_length;
+ asn1_ctx_t asn1_ctx;
+ gint ret;
+
+ if (!tree)
+ return;
+
+ asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+
+ cert_types_count = tvb_get_guint8(tvb, offset);
+ proto_tree_add_uint(tree, hf->hf.hs_cert_types_count,
+ tvb, offset, 1, cert_types_count);
+ offset++;
+
+ if (cert_types_count > 0) {
+ ti = proto_tree_add_none_format(tree,
+ hf->hf.hs_cert_types,
+ tvb, offset, cert_types_count,
+ "Certificate types (%u type%s)",
+ cert_types_count,
+ plurality(cert_types_count, "", "s"));
+ subtree = proto_item_add_subtree(ti, hf->ett.cert_types);
+
+ while (cert_types_count > 0) {
+ proto_tree_add_item(subtree, hf->hf.hs_cert_type,
+ tvb, offset, 1, ENC_BIG_ENDIAN);
+ offset++;
+ cert_types_count--;
+ }
+ }
+
+ switch (session->version) {
+ case SSL_VER_TLSv1DOT2:
+ case SSL_VER_DTLS1DOT2:
+ sh_alg_length = tvb_get_ntohs(tvb, offset);
+ if (sh_alg_length % 2) {
+ expert_add_info_format(pinfo, NULL,
+ &hf->ei.hs_sig_hash_alg_len_bad,
+ "Signature Hash Algorithm length (%d) must be a multiple of 2",
+ sh_alg_length);
+ return;
+ }
+
+ proto_tree_add_uint(tree, hf->hf.hs_sig_hash_alg_len,
+ tvb, offset, 2, sh_alg_length);
+ offset += 2;
+
+ ret = ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, sh_alg_length);
+ if (ret >= 0)
+ offset += ret;
+ break;
+
+ default:
+ break;
+ }
+
+ dnames_length = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_uint(tree, hf->hf.hs_dnames_len,
+ tvb, offset, 2, dnames_length);
+ offset += 2;
+
+ if (dnames_length > 0) {
+ ti = proto_tree_add_none_format(tree,
+ hf->hf.hs_dnames,
+ tvb, offset, dnames_length,
+ "Distinguished Names (%d byte%s)",
+ dnames_length,
+ plurality(dnames_length, "", "s"));
+ subtree = proto_item_add_subtree(ti, hf->ett.dnames);
+
+ while (dnames_length > 0) {
+ /* get the length of the current certificate */
+ guint16 name_length;
+ name_length = tvb_get_ntohs(tvb, offset);
+ dnames_length -= 2 + name_length;
+
+ proto_tree_add_item(subtree, hf->hf.hs_dname_len,
+ tvb, offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+
+ dissect_x509if_DistinguishedName(FALSE, tvb, offset, &asn1_ctx,
+ subtree, hf->hf.hs_dname);
+ offset += name_length;
+ }
+ }
+}
+
+static void
+ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ const SslSession *session,
+ gint hf_sig_len, gint hf_sig);
+
+void
+ssl_dissect_hnd_cli_cert_verify(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ const SslSession *session)
+{
+ ssl_dissect_digitally_signed(hf, tvb, tree, offset, session,
+ hf->hf.hs_client_cert_vrfy_sig_len,
+ hf->hf.hs_client_cert_vrfy_sig);
+}
+
+void
+ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ const SslSession *session, ssl_hfs_t *ssl_hfs)
+{
+ /* For SSLv3:
+ * struct {
+ * opaque md5_hash[16];
+ * opaque sha_hash[20];
+ * } Finished;
+ *
+ * For (D)TLS:
+ * struct {
+ * opaque verify_data[12];
+ * } Finished;
+ */
+ if (!tree)
+ return;
+
+ if (session->version == SSL_VER_SSLv3) {
+ if (ssl_hfs != NULL) {
+ proto_tree_add_item(tree, ssl_hfs->hs_md5_hash,
+ tvb, offset, 16, ENC_NA);
+ proto_tree_add_item(tree, ssl_hfs->hs_sha_hash,
+ tvb, offset + 16, 20, ENC_NA);
+ }
+ } else {
+ proto_tree_add_item(tree, hf->hf.hs_finished,
+ tvb, offset, 12, ENC_NA);
+ }
+}
+
void
ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset)
{
ssl_dissect_hnd_hello_ext_status_request_v2(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
guint32 offset)
{
- guint list_len;
+ gint32 list_len;
- list_len = tvb_get_ntoh24(tvb, offset);
- offset += 3;
+ list_len = tvb_get_ntohs(tvb, offset);
+ offset += 2;
- while (list_len-- > 0)
+ while (list_len > 0) {
+ guint32 prev_offset = offset;
offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, tree, offset, TRUE);
+ list_len -= (offset - prev_offset);
+ }
return offset;
}
tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
- tvb_ensure_bytes_exist(tvb, offset, curves_length);
ti = proto_tree_add_none_format(tree,
hf->hf.hs_ext_elliptic_curves,
tvb, offset, curves_length,
tvb, offset, 1, ENC_BIG_ENDIAN);
offset += 1;
- tvb_ensure_bytes_exist(tvb, offset, ecpf_length);
ti = proto_tree_add_none_format(tree,
hf->hf.hs_ext_elliptic_curves,
tvb, offset, ecpf_length,
return offset;
}
-gint
+static gint
ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
- guint32 offset, guint32 left, gboolean is_client, SslDecryptSession *ssl)
+ packet_info* pinfo, guint32 offset, guint32 left, gboolean is_client,
+ SslSession *session, SslDecryptSession *ssl)
{
guint16 extension_length;
guint16 ext_type;
guint16 ext_len;
- proto_item *pi;
proto_tree *ext_tree;
if (left < 2)
ext_type = tvb_get_ntohs(tvb, offset);
ext_len = tvb_get_ntohs(tvb, offset + 2);
- pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len, "Extension: %s",
- val_to_str(ext_type,
+ ext_tree = proto_tree_add_subtree_format(tree, tvb, offset, 4 + ext_len, hf->ett.hs_ext, NULL,
+ "Extension: %s", val_to_str(ext_type,
tls_hello_extension_types,
"Unknown %u"));
- ext_tree = proto_item_add_subtree(pi, hf->ett.hs_ext);
- if (!ext_tree)
- ext_tree = tree;
proto_tree_add_uint(ext_tree, hf->hf.hs_ext_type,
tvb, offset, 2, ext_type);
offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset);
break;
case SSL_HND_HELLO_EXT_SIG_HASH_ALGS:
- offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, offset, ext_len);
+ offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, pinfo, offset, ext_len);
break;
case SSL_HND_HELLO_EXT_ALPN:
- offset = ssl_dissect_hnd_hello_ext_alpn(hf, tvb, ext_tree, offset, ext_len);
+ offset = ssl_dissect_hnd_hello_ext_alpn(hf, tvb, ext_tree, offset, ext_len, is_client, session);
break;
case SSL_HND_HELLO_EXT_NPN:
offset = ssl_dissect_hnd_hello_ext_npn(hf, tvb, ext_tree, offset, ext_len);
tvb, offset, 1, ENC_BIG_ENDIAN);
offset += ext_len;
break;
+ case SSL_HND_HELLO_EXT_PADDING:
+ offset = ssl_dissect_hnd_hello_ext_padding(hf, tvb, ext_tree, offset, ext_len);
+ break;
case SSL_HND_HELLO_EXT_SESSION_TICKET:
offset = ssl_dissect_hnd_hello_ext_session_ticket(hf, tvb, ext_tree, offset, ext_len, is_client, ssl);
break;
+ case SSL_HND_HELLO_EXT_CERT_TYPE:
+ case SSL_HND_HELLO_EXT_SERVER_CERT_TYPE:
+ case SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE:
+ offset = ssl_dissect_hnd_hello_ext_cert_type(hf, tvb, ext_tree,
+ offset, ext_len,
+ is_client, ext_type,
+ session);
+ break;
+ case SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE:
+ if (ssl)
+ ssl->state |= (is_client ? SSL_CLIENT_EXTENDED_MASTER_SECRET : SSL_SERVER_EXTENDED_MASTER_SECRET);
+ break;
default:
proto_tree_add_bytes_format(ext_tree, hf->hf.hs_ext_data,
tvb, offset, ext_len, NULL,
return offset;
}
+
+/* ClientKeyExchange algo-specific dissectors */
+
+static void
+dissect_ssl3_hnd_cli_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ guint32 length)
+{
+ gint point_len;
+ proto_tree *ssl_ecdh_tree;
+
+ ssl_ecdh_tree = proto_tree_add_subtree(tree, tvb, offset, length,
+ hf->ett.keyex_params, NULL, "EC Diffie-Hellman Client Params");
+
+ /* point */
+ point_len = tvb_get_guint8(tvb, offset);
+ proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point_len, tvb,
+ offset, 1, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point, tvb,
+ offset + 1, point_len, ENC_NA);
+}
+
+static void
+dissect_ssl3_hnd_cli_keyex_dh(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 length)
+{
+ gint yc_len;
+ proto_tree *ssl_dh_tree;
+
+ ssl_dh_tree = proto_tree_add_subtree(tree, tvb, offset, length,
+ hf->ett.keyex_params, NULL, "Diffie-Hellman Client Params");
+
+ /* ClientDiffieHellmanPublic.dh_public (explicit) */
+ yc_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc_len, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc, tvb,
+ offset + 2, yc_len, ENC_NA);
+}
+
+static void
+dissect_ssl3_hnd_cli_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ guint32 length, const SslSession *session)
+{
+ gint epms_len;
+ proto_tree *ssl_rsa_tree;
+
+ ssl_rsa_tree = proto_tree_add_subtree(tree, tvb, offset, length,
+ hf->ett.keyex_params, NULL, "RSA Encrypted PreMaster Secret");
+
+ /* EncryptedPreMasterSecret.pre_master_secret */
+ switch (session->version) {
+ case SSL_VER_SSLv2:
+ case SSL_VER_SSLv3:
+ case SSL_VER_DTLS_OPENSSL:
+ /* OpenSSL pre-0.9.8f DTLS and pre-TLS quirk: 2-octet length vector is
+ * not present. The handshake contents represents the EPMS, see:
+ * https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10222 */
+ epms_len = length;
+ break;
+
+ default:
+ /* TLS and DTLS include vector length before EPMS */
+ epms_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms_len, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+ break;
+ }
+ proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms, tvb,
+ offset, epms_len, ENC_NA);
+}
+
+/* Used in PSK cipher suites */
+static void
+dissect_ssl3_hnd_cli_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 length)
+{
+ guint identity_len;
+ proto_tree *ssl_psk_tree;
+
+ ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, length,
+ hf->ett.keyex_params, NULL, "PSK Client Params");
+ /* identity */
+ identity_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, tvb,
+ offset + 2, identity_len, ENC_NA);
+}
+
+/* Used in RSA PSK cipher suites */
+static void
+dissect_ssl3_hnd_cli_keyex_rsa_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ guint32 length)
+{
+ gint identity_len, epms_len;
+ proto_tree *ssl_psk_tree;
+
+ ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, length,
+ hf->ett.keyex_params, NULL, "RSA PSK Client Params");
+
+ /* identity */
+ identity_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len,
+ tvb, offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity,
+ tvb, offset + 2, identity_len, ENC_NA);
+ offset += 2 + identity_len;
+
+ /* Yc */
+ epms_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms_len, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms, tvb,
+ offset + 2, epms_len, ENC_NA);
+}
+
+
+/* Dissects DigitallySigned (see RFC 5246 4.7 Cryptographic Attributes). */
+static void
+ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ const SslSession *session,
+ gint hf_sig_len, gint hf_sig)
+{
+ gint sig_len;
+ proto_item *ti_algo;
+ proto_tree *ssl_algo_tree;
+
+ switch (session->version) {
+ case SSL_VER_TLSv1DOT2:
+ case SSL_VER_DTLS1DOT2:
+ ti_algo = proto_tree_add_item(tree, hf->hf.hs_sig_hash_alg, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ ssl_algo_tree = proto_item_add_subtree(ti_algo, hf->ett.hs_sig_hash_alg);
+
+ /* SignatureAndHashAlgorithm { hash, signature } */
+ proto_tree_add_item(ssl_algo_tree, hf->hf.hs_sig_hash_hash, tvb,
+ offset, 1, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_algo_tree, hf->hf.hs_sig_hash_sig, tvb,
+ offset + 1, 1, ENC_BIG_ENDIAN);
+ offset += 2;
+ break;
+
+ default:
+ break;
+ }
+
+ /* Sig */
+ sig_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_item(tree, hf_sig_len, tvb, offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(tree, hf_sig, tvb, offset + 2, sig_len, ENC_NA);
+}
+
+/* ServerKeyExchange algo-specific dissectors */
+
+/* dissects signed_params inside a ServerKeyExchange for some keyex algos */
+static void
+dissect_ssl3_hnd_srv_keyex_sig(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ const SslSession *session)
+{
+ /*
+ * TLSv1.2 (RFC 5246 sec 7.4.8)
+ * struct {
+ * digitally-signed struct {
+ * opaque handshake_messages[handshake_messages_length];
+ * }
+ * } CertificateVerify;
+ *
+ * TLSv1.0/TLSv1.1 (RFC 5436 sec 7.4.8 and 7.4.3) works essentially the same
+ * as TLSv1.2, but the hash algorithms are not explicit in digitally-signed.
+ *
+ * SSLv3 (RFC 6101 sec 5.6.8) esseentially works the same as TLSv1.0 but it
+ * does more hashing including the master secret and padding.
+ */
+ ssl_dissect_digitally_signed(hf, tvb, tree, offset, session,
+ hf->hf.hs_server_keyex_sig_len,
+ hf->hf.hs_server_keyex_sig);
+}
+
+static void
+dissect_ssl3_hnd_srv_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ guint32 length, const SslSession *session,
+ gboolean anon)
+{
+ /*
+ * RFC 4492 ECC cipher suites for TLS
+ *
+ * struct {
+ * ECCurveType curve_type;
+ * select (curve_type) {
+ * case explicit_prime:
+ * ...
+ * case explicit_char2:
+ * ...
+ * case named_curve:
+ * NamedCurve namedcurve;
+ * };
+ * } ECParameters;
+ *
+ * struct {
+ * opaque point <1..2^8-1>;
+ * } ECPoint;
+ *
+ * struct {
+ * ECParameters curve_params;
+ * ECPoint public;
+ * } ServerECDHParams;
+ *
+ * select (KeyExchangeAlgorithm) {
+ * case ec_diffie_hellman:
+ * ServerECDHParams params;
+ * Signature signed_params;
+ * } ServerKeyExchange;
+ */
+
+ gint curve_type;
+ gint point_len;
+ proto_tree *ssl_ecdh_tree;
+
+ ssl_ecdh_tree = proto_tree_add_subtree(tree, tvb, offset, length,
+ hf->ett.keyex_params, NULL, "EC Diffie-Hellman Server Params");
+
+ /* ECParameters.curve_type */
+ curve_type = tvb_get_guint8(tvb, offset);
+ proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_curve_type, tvb,
+ offset, 1, ENC_BIG_ENDIAN);
+ offset++;
+ if (curve_type != 3)
+ return; /* only named_curves are supported */
+
+ /* case curve_type == named_curve; ECParameters.namedcurve */
+ proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_named_curve, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ offset += 2;
+
+ /* ECPoint.point */
+ point_len = tvb_get_guint8(tvb, offset);
+ proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point_len, tvb,
+ offset, 1, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point, tvb,
+ offset + 1, point_len, ENC_NA);
+ offset += 1 + point_len;
+
+ /* Signature (if non-anonymous KEX) */
+ if (!anon) {
+ dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, ssl_ecdh_tree, offset, session);
+ }
+}
+
+static void
+dissect_ssl3_hnd_srv_keyex_dhe(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 length,
+ const SslSession *session, gboolean anon)
+{
+ gint p_len, g_len, ys_len;
+ proto_tree *ssl_dh_tree;
+
+ ssl_dh_tree = proto_tree_add_subtree(tree, tvb, offset, length,
+ hf->ett.keyex_params, NULL, "Diffie-Hellman Server Params");
+
+ /* p */
+ p_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p_len, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p, tvb,
+ offset + 2, p_len, ENC_NA);
+ offset += 2 + p_len;
+
+ /* g */
+ g_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g_len, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g, tvb,
+ offset + 2, g_len, ENC_NA);
+ offset += 2 + g_len;
+
+ /* Ys */
+ ys_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_uint(ssl_dh_tree, hf->hf.hs_server_keyex_ys_len, tvb,
+ offset, 2, ys_len);
+ proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_ys, tvb,
+ offset + 2, ys_len, ENC_NA);
+ offset += 2 + ys_len;
+
+ /* Signature (if non-anonymous KEX) */
+ if (!anon) {
+ dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, ssl_dh_tree, offset, session);
+ }
+}
+
+/* Only used in RSA-EXPORT cipher suites */
+static void
+dissect_ssl3_hnd_srv_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 length,
+ const SslSession *session)
+{
+ gint modulus_len, exponent_len;
+ proto_tree *ssl_rsa_tree;
+
+ ssl_rsa_tree = proto_tree_add_subtree(tree, tvb, offset, length,
+ hf->ett.keyex_params, NULL, "RSA-EXPORT Server Params");
+
+ /* modulus */
+ modulus_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus_len, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus, tvb,
+ offset + 2, modulus_len, ENC_NA);
+ offset += 2 + modulus_len;
+
+ /* exponent */
+ exponent_len = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent_len,
+ tvb, offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent,
+ tvb, offset + 2, exponent_len, ENC_NA);
+ offset += 2 + exponent_len;
+
+ /* Signature */
+ dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, ssl_rsa_tree, offset, session);
+}
+
+/* Used in RSA PSK and PSK cipher suites */
+static void
+dissect_ssl3_hnd_srv_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 length)
+{
+ guint hint_len;
+ proto_tree *ssl_psk_tree;
+
+ hint_len = tvb_get_ntohs(tvb, offset);
+ if ((2 + hint_len) != length) {
+ /* Lengths don't line up (wasn't what we expected?) */
+ return;
+ }
+
+ ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, length,
+ hf->ett.keyex_params, NULL, "PSK Server Params");
+
+ /* hint */
+ proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint_len, tvb,
+ offset, 2, ENC_BIG_ENDIAN);
+ proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint, tvb,
+ offset + 2, hint_len, ENC_NA);
+}
+
+
+void
+ssl_dissect_hnd_cli_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 length,
+ const SslSession *session)
+{
+ switch (ssl_get_keyex_alg(session->cipher)) {
+ case KEX_DH_ANON: /* RFC 5246; DHE_DSS, DHE_RSA, DH_DSS, DH_RSA, DH_ANON: ClientDiffieHellmanPublic */
+ case KEX_DH_DSS:
+ case KEX_DH_RSA:
+ case KEX_DHE_DSS:
+ case KEX_DHE_RSA:
+ dissect_ssl3_hnd_cli_keyex_dh(hf, tvb, tree, offset, length);
+ break;
+ case KEX_DHE_PSK: /* RFC 4279; diffie_hellman_psk: psk_identity, ClientDiffieHellmanPublic */
+ /* XXX: implement support for DHE_PSK */
+ break;
+ case KEX_ECDH_ANON: /* RFC 4492; ec_diffie_hellman: ClientECDiffieHellmanPublic */
+ case KEX_ECDH_ECDSA:
+ case KEX_ECDH_RSA:
+ case KEX_ECDHE_ECDSA:
+ case KEX_ECDHE_RSA:
+ dissect_ssl3_hnd_cli_keyex_ecdh(hf, tvb, tree, offset, length);
+ break;
+ case KEX_ECDHE_PSK: /* RFC 5489; ec_diffie_hellman_psk: psk_identity, ClientECDiffieHellmanPublic */
+ /* XXX: implement support for ECDHE_PSK */
+ break;
+ case KEX_KRB5: /* RFC 2712; krb5: KerberosWrapper */
+ /* XXX: implement support for KRB5 */
+ break;
+ case KEX_PSK: /* RFC 4279; psk: psk_identity */
+ dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset, length);
+ break;
+ case KEX_RSA: /* RFC 5246; rsa: EncryptedPreMasterSecret */
+ dissect_ssl3_hnd_cli_keyex_rsa(hf, tvb, tree, offset, length, session);
+ break;
+ case KEX_RSA_PSK: /* RFC 4279; rsa_psk: psk_identity, EncryptedPreMasterSecret */
+ dissect_ssl3_hnd_cli_keyex_rsa_psk(hf, tvb, tree, offset, length);
+ break;
+ case KEX_SRP_SHA: /* RFC 5054; srp: ClientSRPPublic */
+ case KEX_SRP_SHA_DSS:
+ case KEX_SRP_SHA_RSA:
+ /* XXX: implement support for SRP_SHA* */
+ break;
+ default:
+ /* XXX: add info message for not supported KEX algo */
+ break;
+ }
+}
+
+void
+ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 length,
+ const SslSession *session)
+{
+ switch (ssl_get_keyex_alg(session->cipher)) {
+ case KEX_DH_ANON: /* RFC 5246; ServerDHParams */
+ dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, tree, offset, length, session, TRUE);
+ break;
+ case KEX_DH_DSS: /* RFC 5246; not allowed */
+ case KEX_DH_RSA:
+ /* XXX: add error on not allowed KEX */
+ break;
+ case KEX_DHE_DSS: /* RFC 5246; dhe_dss, dhe_rsa: ServerDHParams, Signature */
+ case KEX_DHE_RSA:
+ dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, tree, offset, length, session, FALSE);
+ break;
+ case KEX_DHE_PSK: /* RFC 4279; diffie_hellman_psk: psk_identity_hint, ServerDHParams */
+ /* XXX: implement support for DHE_PSK */
+ break;
+ case KEX_ECDH_ANON: /* RFC 4492; ec_diffie_hellman: ServerECDHParams (without signature for anon) */
+ dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, tree, offset, length, session, TRUE);
+ break;
+ case KEX_ECDHE_PSK: /* RFC 5489; psk_identity_hint, ServerECDHParams */
+ /* XXX: implement support for ECDHE_PSK */
+ break;
+ case KEX_ECDH_ECDSA: /* RFC 4492; ec_diffie_hellman: ServerECDHParams, Signature */
+ case KEX_ECDH_RSA:
+ case KEX_ECDHE_ECDSA:
+ case KEX_ECDHE_RSA:
+ dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, tree, offset, length, session, FALSE);
+ break;
+ case KEX_KRB5: /* RFC 2712; not allowed */
+ /* XXX: add error on not allowed KEX */
+ break;
+ case KEX_PSK: /* RFC 4279; psk, rsa: psk_identity*/
+ case KEX_RSA_PSK:
+ dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset, length);
+ break;
+ case KEX_RSA: /* only allowed if the public key in the server certificate is longer than 512 bits*/
+ dissect_ssl3_hnd_srv_keyex_rsa(hf, tvb, tree, offset, length, session);
+ break;
+ case KEX_SRP_SHA: /* RFC 5054; srp: ServerSRPParams, Signature */
+ case KEX_SRP_SHA_DSS:
+ case KEX_SRP_SHA_RSA:
+ /* XXX: implement support for SRP_SHA* */
+ break;
+ default:
+ /* XXX: add info message for not supported KEX algo */
+ break;
+ }
+}
+
+#ifdef HAVE_LIBGNUTLS
+void
+ssl_common_register_options(module_t *module, ssl_common_options_t *options)
+{
+ prefs_register_string_preference(module, "psk", "Pre-Shared-Key",
+ "Pre-Shared-Key as HEX string. Should be 0 to 16 bytes.",
+ &(options->psk));
+
+ prefs_register_filename_preference(module, "keylog_file", "(Pre)-Master-Secret log filename",
+ "The name of a file which contains a list of \n"
+ "(pre-)master secrets in one of the following formats:\n"
+ "\n"
+ "RSA <EPMS> <PMS>\n"
+ "RSA Session-ID:<SSLID> Master-Key:<MS>\n"
+ "CLIENT_RANDOM <CRAND> <MS>\n"
+ "PMS_CLIENT_RANDOM <CRAND> <PMS>\n"
+ "\n"
+ "Where:\n"
+ "<EPMS> = First 8 bytes of the Encrypted PMS\n"
+ "<PMS> = The Pre-Master-Secret (PMS) used to derive the MS\n"
+ "<SSLID> = The SSL Session ID\n"
+ "<MS> = The Master-Secret (MS)\n"
+ "<CRAND> = The Client's random number from the ClientHello message\n"
+ "\n"
+ "(All fields are in hex notation)",
+ &(options->keylog_filename));
+}
+#else
+void
+ssl_common_register_options(module_t *module _U_, ssl_common_options_t *options _U_)
+{
+}
+#endif
+
+void
+ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, guint32 offset, guint32 length)
+{
+ if (ssl_session && !(ssl_session->state & SSL_MASTER_SECRET)) {
+ guint32 old_length = ssl_session->handshake_data.data_len;
+ ssl_debug_printf("Calculating hash with offset %d %d\n", offset, length);
+ ssl_session->handshake_data.data = (guchar *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length);
+ tvb_memcpy(tvb, ssl_session->handshake_data.data + old_length, offset, length);
+ ssl_session->handshake_data.data_len += length;
+ }
+}
+
+
/*
* Editor modelines - http://www.wireshark.org/tools/modelines.html
*