static gint hf_dtls_handshake_fragment_length = -1;
static gint hf_dtls_handshake_client_version = -1;
static gint hf_dtls_handshake_server_version = -1;
-static gint hf_dtls_handshake_random_time = -1;
-static gint hf_dtls_handshake_random_bytes = -1;
static gint hf_dtls_handshake_cookie_len = -1;
static gint hf_dtls_handshake_cookie = -1;
static gint hf_dtls_handshake_cipher_suites_len = -1;
static gint hf_dtls_handshake_cipher_suites = -1;
static gint hf_dtls_handshake_cipher_suite = -1;
-static gint hf_dtls_handshake_session_id = -1;
static gint hf_dtls_handshake_comp_methods_len = -1;
static gint hf_dtls_handshake_comp_methods = -1;
static gint hf_dtls_handshake_comp_method = -1;
static gint hf_dtls_handshake_finished = -1;
/* static gint hf_dtls_handshake_md5_hash = -1; */
/* static gint hf_dtls_handshake_sha_hash = -1; */
-static gint hf_dtls_handshake_session_id_len = -1;
static gint hf_dtls_heartbeat_message = -1;
static gint hf_dtls_heartbeat_message_type = -1;
static gint ett_dtls_heartbeat = -1;
static gint ett_dtls_cipher_suites = -1;
static gint ett_dtls_comp_methods = -1;
-static gint ett_dtls_random = -1;
static gint ett_dtls_new_ses_ticket = -1;
static gint ett_dtls_certs = -1;
}
}
-static gint
-dissect_dtls_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
- guint32 offset, SslDecryptSession* ssl, gint from_server)
-{
- /* show the client's random challenge */
- nstime_t gmt_unix_time;
- guint8 session_id_length;
- proto_tree *dtls_rnd_tree;
-
- if (tree || ssl)
- {
- if (ssl)
- {
- /* get proper peer information*/
- StringInfo* rnd;
- if (from_server)
- rnd = &ssl->server_random;
- else
- rnd = &ssl->client_random;
-
- /* get provided random for keyring generation*/
- tvb_memcpy(tvb, rnd->data, offset, 32);
- rnd->data_len = 32;
- if (from_server)
- ssl->state |= SSL_SERVER_RANDOM;
- else
- ssl->state |= SSL_CLIENT_RANDOM;
- ssl_debug_printf("dissect_dtls_hnd_hello_common found random state %X\n",
- ssl->state);
- }
-
- dtls_rnd_tree = proto_tree_add_subtree(tree, tvb, offset, 32, ett_dtls_random, NULL, "Random");
-
- /* show the time */
- gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
- gmt_unix_time.nsecs = 0;
- proto_tree_add_time(dtls_rnd_tree, hf_dtls_handshake_random_time,
- tvb, offset, 4, &gmt_unix_time);
- offset += 4;
-
- /* show the random bytes */
- proto_tree_add_item(dtls_rnd_tree, hf_dtls_handshake_random_bytes,
- tvb, offset, 28, ENC_NA);
- offset += 28;
-
- /* show the session id */
- session_id_length = tvb_get_guint8(tvb, offset);
- proto_tree_add_item(tree, hf_dtls_handshake_session_id_len,
- tvb, offset, 1, ENC_BIG_ENDIAN);
- offset++;
- if (ssl)
- {
- /* check stored session id info */
- if (from_server && (session_id_length == ssl->session_id.data_len) &&
- (tvb_memeql(tvb, offset, ssl->session_id.data, session_id_length) == 0))
- {
- /* client/server id match: try to restore a previous cached session*/
- ssl_restore_session(ssl, dtls_session_hash);
- }
- else {
- tvb_memcpy(tvb,ssl->session_id.data, offset, session_id_length);
- ssl->session_id.data_len = session_id_length;
- }
- }
- if (session_id_length > 0)
- proto_tree_add_bytes_format(tree, hf_dtls_handshake_session_id,
- tvb, offset, session_id_length,
- NULL, "Session ID (%u byte%s)",
- session_id_length,
- plurality(session_id_length, "", "s"));
- offset += session_id_length;
- }
-
- /* XXXX */
- return offset;
-}
-
static void
dissect_dtls_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, guint32 offset, guint32 length,
offset += 2;
/* show the fields in common with server hello */
- offset = dissect_dtls_hnd_hello_common(tvb, tree, offset, ssl, 0);
+ offset = ssl_dissect_hnd_hello_common(&dissect_dtls_hf, tvb, tree, offset, ssl, FALSE);
if (!tree)
return;
/* first display the elements conveniently in
* common with client hello
*/
- offset = dissect_dtls_hnd_hello_common(tvb, tree, offset, ssl, 1);
+ offset = ssl_dissect_hnd_hello_common(&dissect_dtls_hf, tvb, tree, offset, ssl, TRUE);
/* PAOLO: handle session cipher suite */
if (ssl) {
FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
"Version selected by server", HFILL }
},
- { &hf_dtls_handshake_random_time,
- { "GMT Unix Time", "dtls.handshake.random_time",
- FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
- "Unix time field of random structure", HFILL }
- },
- { &hf_dtls_handshake_random_bytes,
- { "Random Bytes", "dtls.handshake.random",
- FT_BYTES, BASE_NONE, NULL, 0x0,
- "Random challenge used to authenticate server", HFILL }
- },
{ &hf_dtls_handshake_cipher_suites_len,
{ "Cipher Suites Length", "dtls.handshake.cipher_suites_length",
FT_UINT16, BASE_DEC, NULL, 0x0,
FT_BYTES, BASE_NONE, NULL, 0x0,
NULL, HFILL }
},
- { &hf_dtls_handshake_session_id,
- { "Session ID", "dtls.handshake.session_id",
- FT_BYTES, BASE_NONE, NULL, 0x0,
- "Identifies the DTLS session, allowing later resumption", HFILL }
- },
{ &hf_dtls_handshake_comp_methods_len,
{ "Compression Methods Length", "dtls.handshake.comp_methods_length",
FT_UINT8, BASE_DEC, NULL, 0x0,
"Hash of messages, master_secret, etc.", HFILL }
},
#endif
- { &hf_dtls_handshake_session_id_len,
- { "Session ID Length", "dtls.handshake.session_id_length",
- FT_UINT8, BASE_DEC, NULL, 0x0,
- "Length of session ID field", HFILL }
- },
{ &hf_dtls_heartbeat_message,
{ "Heartbeat Message", "dtls.heartbeat_message",
FT_NONE, BASE_NONE, NULL, 0x0,
&ett_dtls_heartbeat,
&ett_dtls_cipher_suites,
&ett_dtls_comp_methods,
- &ett_dtls_random,
&ett_dtls_new_ses_ticket,
&ett_dtls_certs,
&ett_dtls_fragment,
return offset;
}
+gint
+ssl_dissect_hnd_hello_common(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ SslDecryptSession *ssl, gboolean from_server)
+{
+ nstime_t gmt_unix_time;
+ guint8 sessid_length;
+ proto_tree *rnd_tree;
+
+ if (tree || ssl) {
+ if (ssl) {
+ StringInfo *rnd;
+ if (from_server)
+ rnd = &ssl->server_random;
+ else
+ rnd = &ssl->client_random;
+
+ /* save provided random for later keyring generation */
+ tvb_memcpy(tvb, rnd->data, offset, 32);
+ rnd->data_len = 32;
+ if (from_server)
+ ssl->state |= SSL_SERVER_RANDOM;
+ else
+ ssl->state |= SSL_CLIENT_RANDOM;
+ ssl_debug_printf("%s found %s RANDOM -> state 0x%02X\n", __func__,
+ from_server ? "SERVER" : "CLIENT", ssl->state);
+ }
+
+ rnd_tree = proto_tree_add_subtree(tree, tvb, offset, 32,
+ hf->ett.hs_random, NULL, "Random");
+
+ /* show the time */
+ gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
+ gmt_unix_time.nsecs = 0;
+ proto_tree_add_time(rnd_tree, hf->hf.hs_random_time,
+ tvb, offset, 4, &gmt_unix_time);
+ offset += 4;
+
+ /* show the random bytes */
+ proto_tree_add_item(rnd_tree, hf->hf.hs_random_bytes,
+ tvb, offset, 28, ENC_NA);
+ offset += 28;
+
+ /* show the session id (length followed by actual Session ID) */
+ sessid_length = tvb_get_guint8(tvb, offset);
+ proto_tree_add_item(tree, hf->hf.hs_session_id_len,
+ tvb, offset, 1, ENC_BIG_ENDIAN);
+ offset++;
+
+ if (ssl) {
+ /* save the authorative SID for later use in ChangeCipherSpec.
+ * (D)TLS restricts the SID to 32 chars, it does not make sense to
+ * save more, so ignore larger ones. */
+ if (from_server && sessid_length <= 32) {
+ tvb_memcpy(tvb, ssl->session_id.data, offset, sessid_length);
+ ssl->session_id.data_len = sessid_length;
+ }
+ }
+ if (sessid_length > 0) {
+ proto_tree_add_item(tree, hf->hf.hs_session_id,
+ tvb, offset, sessid_length, ENC_NA);
+ offset += sessid_length;
+ }
+ }
+
+ return offset;
+}
+
void
ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
guint32 offset, packet_info *pinfo,
gint hs_dnames;
gint hs_dname_len;
gint hs_dname;
+ gint hs_random_time;
+ gint hs_random_bytes;
+ gint hs_session_id;
+ gint hs_session_id_len;
/* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_HF_LIST! */
} hf;
gint certificates;
gint cert_types;
gint dnames;
+ gint hs_random;
/* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_ETT_LIST! */
} ett;
guint32 offset, guint32 left, gboolean is_client,
SslSession *session, SslDecryptSession *ssl);
+extern gint
+ssl_dissect_hnd_hello_common(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+ proto_tree *tree, guint32 offset,
+ SslDecryptSession *ssl, gboolean from_server);
+
extern gint
ssl_dissect_hash_alg_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
guint32 offset, guint16 len);
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
+ -1, -1, -1, -1, \
}, \
/* ett */ { \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
+ -1, \
}, \
/* ei */ { \
EI_INIT, EI_INIT, \
{ "Distinguished Name", prefix ".handshake.dname", \
FT_NONE, BASE_NONE, NULL, 0x0, \
"Distinguished name of a CA that server trusts", HFILL } \
+ }, \
+ { & name .hf.hs_random_time, \
+ { "GMT Unix Time", prefix ".handshake.random_time", \
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, \
+ "Unix time field of random structure", HFILL } \
+ }, \
+ { & name .hf.hs_random_bytes, \
+ { "Random Bytes", prefix ".handshake.random", \
+ FT_BYTES, BASE_NONE, NULL, 0x0, \
+ "Random values used for deriving keys", HFILL } \
+ }, \
+ { & name .hf.hs_session_id, \
+ { "Session ID", prefix ".handshake.session_id", \
+ FT_BYTES, BASE_NONE, NULL, 0x0, \
+ "Identifies the SSL session, allowing later resumption", HFILL }\
+ }, \
+ { & name .hf.hs_session_id_len, \
+ { "Session ID Length", prefix ".handshake.session_id_length", \
+ FT_UINT8, BASE_DEC, NULL, 0x0, \
+ "Length of Session ID field", HFILL } \
}
/* }}} */
& name .ett.certificates, \
& name .ett.cert_types, \
& name .ett.dnames, \
+ & name .ett.hs_random, \
/* }}} */
/* {{{ */
static gint hf_ssl_handshake_length = -1;
static gint hf_ssl_handshake_client_version = -1;
static gint hf_ssl_handshake_server_version = -1;
-static gint hf_ssl_handshake_random_time = -1;
-static gint hf_ssl_handshake_random_bytes = -1;
static gint hf_ssl_handshake_cipher_suites_len = -1;
static gint hf_ssl_handshake_cipher_suites = -1;
static gint hf_ssl_handshake_cipher_suite = -1;
-static gint hf_ssl_handshake_session_id = -1;
static gint hf_ssl_handshake_comp_methods_len = -1;
static gint hf_ssl_handshake_comp_methods = -1;
static gint hf_ssl_handshake_comp_method = -1;
static gint hf_ssl_handshake_finished = -1;
static gint hf_ssl_handshake_md5_hash = -1;
static gint hf_ssl_handshake_sha_hash = -1;
-static gint hf_ssl_handshake_session_id_len = -1;
static gint hf_ssl2_handshake_cipher_spec_len = -1;
static gint hf_ssl2_handshake_session_id_len = -1;
static gint hf_ssl2_handshake_challenge_len = -1;
static gint ett_ssl_cipher_suites = -1;
static gint ett_ssl_comp_methods = -1;
static gint ett_ssl_certs = -1;
-static gint ett_ssl_random = -1;
static gint ett_ssl_new_ses_ticket = -1;
static gint ett_ssl_cli_sig = -1;
static gint ett_ssl_cert_status = -1;
}
}
-static gint
-dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
- guint32 offset, SslDecryptSession *ssl, gint from_server)
-{
- /* show the client's random challenge */
- nstime_t gmt_unix_time;
- guint8 session_id_length;
- proto_tree *ssl_rnd_tree;
-
- session_id_length = 0;
-
- if (ssl)
- {
- /* PAOLO: get proper peer information*/
- StringInfo *rnd;
- if (from_server)
- rnd = &ssl->server_random;
- else
- rnd = &ssl->client_random;
-
- /* get provided random for keyring generation*/
- tvb_memcpy(tvb, rnd->data, offset, 32);
- rnd->data_len = 32;
- if (from_server)
- ssl->state |= SSL_SERVER_RANDOM;
- else
- ssl->state |= SSL_CLIENT_RANDOM;
- ssl_debug_printf("dissect_ssl3_hnd_hello_common found %s RANDOM -> state 0x%02X\n",
- (from_server)?"SERVER":"CLIENT", ssl->state);
-
- session_id_length = tvb_get_guint8(tvb, offset + 32);
- /* check stored session id info */
- if (from_server && (session_id_length == ssl->session_id.data_len) &&
- (tvb_memeql(tvb, offset+33, ssl->session_id.data, session_id_length) == 0))
- {
- /* client/server id match: try to restore a previous cached session*/
- if (!ssl_restore_session(ssl, ssl_session_hash)) {
- /* If we failed to find the previous session, we may still have
- * the master secret in the key log. */
- if (!ssl_keylog_lookup(ssl, ssl_options.keylog_filename, NULL)) {
- ssl_debug_printf(" cannot find master secret in keylog file either\n");
- } else {
- ssl_debug_printf(" found master secret in keylog file\n");
- }
- }
- /* if the session_ids match, then there is a chance that we need to restore a session_ticket */
- if(ssl->session_ticket.data_len != 0)
- {
- ssl_restore_session_ticket(ssl, ssl_session_hash);
- }
- } else {
- tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length);
- ssl->session_id.data_len = session_id_length;
- }
- }
-
- if (tree)
- {
- ssl_rnd_tree = proto_tree_add_subtree(tree, tvb, offset, 32, ett_ssl_random, NULL, "Random");
-
- /* show the time */
- gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
- gmt_unix_time.nsecs = 0;
- proto_tree_add_time(ssl_rnd_tree, hf_ssl_handshake_random_time,
- tvb, offset, 4, &gmt_unix_time);
- offset += 4;
-
- /* show the random bytes */
- proto_tree_add_item(ssl_rnd_tree, hf_ssl_handshake_random_bytes,
- tvb, offset, 28, ENC_NA);
- offset += 28;
-
- /* show the session id */
- session_id_length = tvb_get_guint8(tvb, offset);
- proto_tree_add_item(tree, hf_ssl_handshake_session_id_len,
- tvb, offset++, 1, ENC_BIG_ENDIAN);
- if (session_id_length > 0)
- {
- tvb_ensure_bytes_exist(tvb, offset, session_id_length);
- proto_tree_add_item(tree, hf_ssl_handshake_session_id,
- tvb, offset, session_id_length, ENC_NA);
- }
-
- }
-
- /* XXXX */
- return session_id_length+33;
-}
-
static void
dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
proto_tree *tree, guint32 offset, guint32 length,
offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* show the fields in common with server hello */
- offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 0);
+ offset = ssl_dissect_hnd_hello_common(&dissect_ssl3_hf, tvb, tree, offset, ssl, FALSE);
/* tell the user how many cipher suites there are */
cipher_suite_length = tvb_get_ntohs(tvb, offset);
/* first display the elements conveniently in
* common with client hello
*/
- offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 1);
+ offset = ssl_dissect_hnd_hello_common(&dissect_ssl3_hf, tvb, tree, offset, ssl, TRUE);
/* PAOLO: handle session cipher suite */
if (ssl) {
{
tvb_ensure_bytes_exist(tvb, offset, session_id_length);
proto_tree_add_bytes_format(tree,
- hf_ssl_handshake_session_id,
+ dissect_ssl3_hf.hf.hs_session_id,
tvb, offset, session_id_length,
NULL, "Session ID (%u byte%s)",
session_id_length,
FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
"Version selected by server", HFILL }
},
- { &hf_ssl_handshake_random_time,
- { "GMT Unix Time", "ssl.handshake.random_time",
- FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
- "Unix time field of random structure", HFILL }
- },
- { &hf_ssl_handshake_random_bytes,
- { "Random Bytes", "ssl.handshake.random_bytes",
- FT_BYTES, BASE_NONE, NULL, 0x0,
- "Random challenge used to authenticate server", HFILL }
- },
{ &hf_ssl_handshake_cipher_suites_len,
{ "Cipher Suites Length", "ssl.handshake.cipher_suites_length",
FT_UINT16, BASE_DEC, NULL, 0x0,
FT_UINT24, BASE_HEX|BASE_EXT_STRING, &ssl_20_cipher_suites_ext, 0x0,
"Cipher specification", HFILL }
},
- { &hf_ssl_handshake_session_id,
- { "Session ID", "ssl.handshake.session_id",
- FT_BYTES, BASE_NONE, NULL, 0x0,
- "Identifies the SSL session, allowing later resumption", HFILL }
- },
{ &hf_ssl_handshake_comp_methods_len,
{ "Compression Methods Length", "ssl.handshake.comp_methods_length",
FT_UINT8, BASE_DEC, NULL, 0x0,
FT_NONE, BASE_NONE, NULL, 0x0,
"Hash of messages, master_secret, etc.", HFILL }
},
- { &hf_ssl_handshake_session_id_len,
- { "Session ID Length", "ssl.handshake.session_id_length",
- FT_UINT8, BASE_DEC, NULL, 0x0,
- "Length of session ID field", HFILL }
- },
{ &hf_ssl_heartbeat_message,
{ "Heartbeat Message", "ssl.heartbeat_message",
FT_NONE, BASE_NONE, NULL, 0x0,
&ett_ssl_cipher_suites,
&ett_ssl_comp_methods,
&ett_ssl_certs,
- &ett_ssl_random,
&ett_ssl_new_ses_ticket,
&ett_ssl_cli_sig,
&ett_ssl_cert_status,