{ SSL_HND_HELLO_EXT_EARLY_DATA, "early_data" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */
{ SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS, "supported_versions" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */
{ SSL_HND_HELLO_EXT_COOKIE, "cookie" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */
+ { SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES, "psk_key_exchange_modes" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */
{ SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-03.html */
{ SSL_HND_HELLO_EXT_CHANNEL_ID_OLD, "channel_id_old" }, /* http://tools.ietf.org/html/draft-balfanz-tls-channelid-00
https://twitter.com/ericlaw/status/274237352531083264 */
{ 0, NULL }
};
-/* draft-ietf-tls-tls13-15 4.2.5 */
+/* draft-ietf-tls-tls13-18 4.2.7 */
const value_string tls_hello_ext_psk_ke_mode[] = {
{ 0, "PSK-only key establishment (psk_ke)" },
{ 1, "PSK key establishment with (EC)DHE key establishment (psk_dhe_ke)" },
return offset;
}
+static gint
+ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset, guint32 ext_len)
+{
+ /*
+ * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode;
+ *
+ * struct {
+ * PskKeyExchangeMode ke_modes<1..255>;
+ * } PskKeyExchangeModes;
+ */
+ guint32 offset_end = offset + ext_len;
+ guint32 ke_modes_length, i;
+
+ if (ext_len < 1) {
+ /* XXX expert info, there must be at least 1 ke mode */
+ return offset;
+ }
+
+ proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_psk_ke_modes_len, tvb, offset, 1, ENC_NA, &ke_modes_length);
+ offset += 1;
+
+ if (ke_modes_length > offset_end - offset) {
+ ke_modes_length = offset_end - offset;
+ /* XXX expert info: size too large */
+ }
+
+ for (i = 0; i < ke_modes_length; i++) {
+ proto_tree_add_item(tree, hf->hf.hs_ext_psk_ke_mode, tvb, offset, 1, ENC_NA);
+ offset += 1;
+ }
+
+ return offset;
+}
static gint
ssl_dissect_hnd_hello_ext_server_name(ssl_common_dissect_t *hf, tvbuff_t *tvb,
case SSL_HND_HELLO_EXT_COOKIE:
offset = ssl_dissect_hnd_hello_ext_cookie(hf, tvb, ext_tree, offset, ext_len);
break;
+ case SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES:
+ offset = ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(hf, tvb, ext_tree, offset, ext_len);
+ break;
case SSL_HND_HELLO_EXT_DRAFT_VERSION_TLS13:
proto_tree_add_item(ext_tree, hf->hf.hs_ext_draft_version_tls13,
tvb, offset, 2, ENC_BIG_ENDIAN);
#define SSL_HND_HELLO_EXT_EARLY_DATA 42
#define SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS 43
#define SSL_HND_HELLO_EXT_COOKIE 44
+#define SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES 45
#define SSL_HND_HELLO_EXT_NPN 13172 /* 0x3374 */
#define SSL_HND_HELLO_EXT_CHANNEL_ID_OLD 30031 /* 0x754f */
#define SSL_HND_HELLO_EXT_CHANNEL_ID 30032 /* 0x7550 */
/* TLS 1.3 */
gint hs_ext_draft_version_tls13;
+ gint hs_ext_psk_ke_modes_len;
+ gint hs_ext_psk_ke_mode;
/* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_HF_LIST! */
} hf;
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
- -1, -1, -1, -1, -1, -1, \
+ -1, -1, -1, -1, -1, -1, -1, -1, \
}, \
/* ett */ { \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
{ "Draft version of TLS 1.3", prefix ".extension.draft_version_tls13", \
FT_UINT16, BASE_DEC, NULL, 0x0, \
"Indicate the version of draft supported by client", HFILL } \
+ }, \
+ { & name .hf.hs_ext_psk_ke_modes_len, \
+ { "PSK Key Exchange Modes Length", prefix ".handshake.psk_ke_modes_len", \
+ FT_UINT8, BASE_DEC, NULL, 0x0, \
+ NULL, HFILL } \
+ }, \
+ { & name .hf.hs_ext_psk_ke_mode, \
+ { "PSK Key Exchange Mode", prefix ".handshake.psk_ke_mode", \
+ FT_UINT8, BASE_DEC, VALS(tls_hello_ext_psk_ke_mode), 0x0, \
+ "Key exchange modes where the client supports use of PSKs", HFILL } \
}
/* }}} */