2 * Routines for ssl dissection
3 * Copyright (c) 2000-2001, Scott Renfro <scott@renfro.org>
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 * http://www.netscape.com/eng/security/SSL_2.html
33 * http://www.netscape.com/eng/ssl3/
37 * See RFC 2246 for SSL 3.1/TLS 1.0 specs.
39 * See (among other places)
41 * http://www.graphcomp.com/info/specs/ms/pct.htm
43 * for PCT 1 draft specs.
47 * http://research.sun.com/projects/crypto/draft-ietf-tls-ecc-05.txt
49 * for Elliptic Curve Cryptography cipher suites.
53 * http://www.ietf.org/internet-drafts/draft-ietf-tls-camellia-04.txt
55 * for Camellia-based cipher suites.
59 * - Does not support dissection
60 * of frames that would require state maintained between frames
61 * (e.g., single ssl records spread across multiple tcp frames)
63 * - Identifies, but does not fully dissect the following messages:
65 * - SSLv3/TLS (These need more state from previous handshake msgs)
66 * - Server Key Exchange
67 * - Client Key Exchange
68 * - Certificate Verify
70 * - SSLv2 (These don't appear in the clear)
75 * - Request Certificate
76 * - Client Certificate
78 * - Decryption is supported only for session that use RSA key exchange,
79 * if the host private key is provided via preference.
81 * - Decryption need to be performed 'sequentially', so it's done
82 * at packet reception time. This may cause a significative packet capture
83 * slow down. This also cause do dissect some ssl info that in previous
84 * dissector version were dissected only when a proto_tree context was
87 * We are at Packet reception if time pinfo->fd->flags.visited == 0
99 #include <sys/types.h>
100 #ifdef HAVE_SYS_SOCKET_H
101 #include <sys/socket.h>
106 #include <epan/conversation.h>
107 #include <epan/prefs.h>
108 #include <epan/inet_v6defs.h>
109 #include <epan/dissectors/packet-x509af.h>
110 #include <epan/emem.h>
111 #include <epan/tap.h>
112 #include "packet-ssl.h"
113 #include "packet-ssl-utils.h"
116 static gboolean ssl_desegment = TRUE;
117 static gboolean ssl_desegment_app_data = TRUE;
120 /*********************************************************************
122 * Protocol Constants, Variables, Data Structures
124 *********************************************************************/
126 /* Initialize the protocol and registered fields */
127 static gint ssl_tap = -1;
128 static gint proto_ssl = -1;
129 static gint hf_ssl_record = -1;
130 static gint hf_ssl_record_content_type = -1;
131 static gint hf_ssl_record_version = -1;
132 static gint hf_ssl_record_length = -1;
133 static gint hf_ssl_record_appdata = -1;
134 static gint hf_ssl2_record = -1;
135 static gint hf_ssl2_record_is_escape = -1;
136 static gint hf_ssl2_record_padding_length = -1;
137 static gint hf_ssl2_msg_type = -1;
138 static gint hf_pct_msg_type = -1;
139 static gint hf_ssl_change_cipher_spec = -1;
140 static gint hf_ssl_alert_message = -1;
141 static gint hf_ssl_alert_message_level = -1;
142 static gint hf_ssl_alert_message_description = -1;
143 static gint hf_ssl_handshake_protocol = -1;
144 static gint hf_ssl_handshake_type = -1;
145 static gint hf_ssl_handshake_length = -1;
146 static gint hf_ssl_handshake_client_version = -1;
147 static gint hf_ssl_handshake_server_version = -1;
148 static gint hf_ssl_handshake_random_time = -1;
149 static gint hf_ssl_handshake_random_bytes = -1;
150 static gint hf_ssl_handshake_cipher_suites_len = -1;
151 static gint hf_ssl_handshake_cipher_suites = -1;
152 static gint hf_ssl_handshake_cipher_suite = -1;
153 static gint hf_ssl_handshake_session_id = -1;
154 static gint hf_ssl_handshake_comp_methods_len = -1;
155 static gint hf_ssl_handshake_comp_methods = -1;
156 static gint hf_ssl_handshake_comp_method = -1;
157 static gint hf_ssl_handshake_extensions_len = -1;
158 static gint hf_ssl_handshake_extension_type = -1;
159 static gint hf_ssl_handshake_extension_len = -1;
160 static gint hf_ssl_handshake_extension_data = -1;
161 static gint hf_ssl_handshake_certificates_len = -1;
162 static gint hf_ssl_handshake_certificates = -1;
163 static gint hf_ssl_handshake_certificate = -1;
164 static gint hf_ssl_handshake_certificate_len = -1;
165 static gint hf_ssl_handshake_cert_types_count = -1;
166 static gint hf_ssl_handshake_cert_types = -1;
167 static gint hf_ssl_handshake_cert_type = -1;
168 static gint hf_ssl_handshake_finished = -1;
169 static gint hf_ssl_handshake_md5_hash = -1;
170 static gint hf_ssl_handshake_sha_hash = -1;
171 static gint hf_ssl_handshake_session_id_len = -1;
172 static gint hf_ssl_handshake_dnames_len = -1;
173 static gint hf_ssl_handshake_dnames = -1;
174 static gint hf_ssl_handshake_dname_len = -1;
175 static gint hf_ssl_handshake_dname = -1;
176 static gint hf_ssl2_handshake_cipher_spec_len = -1;
177 static gint hf_ssl2_handshake_session_id_len = -1;
178 static gint hf_ssl2_handshake_challenge_len = -1;
179 static gint hf_ssl2_handshake_cipher_spec = -1;
180 static gint hf_ssl2_handshake_challenge = -1;
181 static gint hf_ssl2_handshake_clear_key_len = -1;
182 static gint hf_ssl2_handshake_enc_key_len = -1;
183 static gint hf_ssl2_handshake_key_arg_len = -1;
184 static gint hf_ssl2_handshake_clear_key = -1;
185 static gint hf_ssl2_handshake_enc_key = -1;
186 static gint hf_ssl2_handshake_key_arg = -1;
187 static gint hf_ssl2_handshake_session_id_hit = -1;
188 static gint hf_ssl2_handshake_cert_type = -1;
189 static gint hf_ssl2_handshake_connection_id_len = -1;
190 static gint hf_ssl2_handshake_connection_id = -1;
191 static gint hf_pct_handshake_cipher_spec = -1;
192 static gint hf_pct_handshake_hash_spec = -1;
193 static gint hf_pct_handshake_cert_spec = -1;
194 static gint hf_pct_handshake_cert = -1;
195 static gint hf_pct_handshake_server_cert = -1;
196 static gint hf_pct_handshake_exch_spec = -1;
197 static gint hf_pct_handshake_hash = -1;
198 static gint hf_pct_handshake_cipher = -1;
199 static gint hf_pct_handshake_exch = -1;
200 static gint hf_pct_handshake_sig = -1;
201 static gint hf_pct_msg_error_type = -1;
203 /* Initialize the subtree pointers */
204 static gint ett_ssl = -1;
205 static gint ett_ssl_record = -1;
206 static gint ett_ssl_alert = -1;
207 static gint ett_ssl_handshake = -1;
208 static gint ett_ssl_cipher_suites = -1;
209 static gint ett_ssl_comp_methods = -1;
210 static gint ett_ssl_extension = -1;
211 static gint ett_ssl_certs = -1;
212 static gint ett_ssl_cert_types = -1;
213 static gint ett_ssl_dnames = -1;
214 static gint ett_ssl_random = -1;
215 static gint ett_pct_cipher_suites = -1;
216 static gint ett_pct_hash_suites = -1;
217 static gint ett_pct_cert_suites = -1;
218 static gint ett_pct_exch_suites = -1;
220 static GHashTable *ssl_session_hash = NULL;
221 static GHashTable *ssl_key_hash = NULL;
222 static GTree* ssl_associations = NULL;
223 static dissector_handle_t ssl_handle = NULL;
224 static StringInfo ssl_decrypted_data = {NULL, 0};
225 static gint ssl_decrypted_data_avail = 0;
227 static gchar* ssl_keys_list = NULL;
228 static gchar* ssl_debug_file_name = NULL;
230 /* Forward declaration we need below */
231 void proto_reg_handoff_ssl(void);
233 /* initialize/reset per capture state data (ssl sessions cache) */
237 ssl_common_init(&ssl_session_hash, &ssl_decrypted_data);
240 /* parse ssl related preferences (private keys and ports association strings) */
244 ep_stack_t tmp_stack;
245 SslAssociation *tmp_assoc;
247 ssl_set_debug(ssl_debug_file_name);
251 g_hash_table_foreach(ssl_key_hash, ssl_private_key_free, NULL);
252 g_hash_table_destroy(ssl_key_hash);
255 /* remove only associations created from key list */
256 tmp_stack = ep_stack_new();
257 g_tree_traverse(ssl_associations, ssl_assoc_from_key_list, G_IN_ORDER, tmp_stack);
258 while (tmp_assoc = ep_stack_pop(tmp_stack)) {
259 ssl_association_remove(ssl_associations, tmp_assoc);
262 /* parse private keys string, load available keys and put them in key hash*/
263 ssl_key_hash = g_hash_table_new(ssl_private_key_hash,ssl_private_key_equal);
265 if (ssl_keys_list && (ssl_keys_list[0] != 0))
267 ssl_parse_key_list(ssl_keys_list,ssl_key_hash,ssl_associations,ssl_handle,TRUE);
272 /* function that save app_data during sub protocol reassembling */
274 ssl_add_app_data(SslDecryptSession* ssl, guchar* data, gint data_len){
276 app=&ssl->app_data_segment;
278 if(app->data_len!=0){
281 tmp=g_malloc(app->data_len);
282 tmp_len=app->data_len;
283 memcpy(tmp,app->data,app->data_len);
287 app->data=g_malloc(tmp_len+data_len);
288 app->data_len=tmp_len+data_len;
289 memcpy(app->data,tmp,tmp_len);
291 memcpy(app->data+tmp_len, data,data_len);
297 app->data=g_malloc(data_len);
298 app->data_len=data_len;
299 memcpy(app->data,data,data_len);
304 ssl_desegment_ssl_app_data(SslDecryptSession * ssl, packet_info *pinfo){
306 SslAssociation* association;
308 pi = p_get_proto_data(pinfo->fd, proto_ssl);
309 if (pi && pi->app_data.data)
313 /* find out a dissector using server port*/
314 association = ssl_association_find(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP);
315 association = association ? association: ssl_association_find(ssl_associations, pinfo->destport, pinfo->ptype == PT_TCP);
316 /* create a copy of packet_info */
317 pp=g_malloc(sizeof(packet_info));
318 memcpy(pp, pinfo, sizeof(packet_info));
320 if (association && association->handle) {
321 /* it's the first SS segmented packet */
322 if(ssl->app_data_segment.data==NULL){
323 /* create new tvbuff for the decrypted data */
324 new_tvb = tvb_new_real_data(pi->app_data.data,
325 pi->app_data.data_len, pi->app_data.data_len);
326 tvb_set_free_cb(new_tvb, g_free);
327 /* we allow subdissector to tell us more bytes */
329 /* subdissector call */
330 call_dissector(association->handle, new_tvb, pp, NULL);
331 /* if the dissector need more bytes */
332 if(pp->desegment_len>0){
333 /* we save the actual data to reuse them later */
334 ssl_add_app_data(ssl, pi->app_data.data, pi->app_data.data_len);
335 /* we remove data to forbid subdissection */
336 p_remove_proto_data(pinfo->fd, proto_ssl);
337 /* update of COL_INFO */
338 if (check_col(pinfo->cinfo, COL_INFO)){
339 col_append_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]");
340 pinfo->cinfo->writable=FALSE;
347 /* it isn't the first SSL segmented packet */
348 /* we add actual data to reuse them later */
349 ssl_add_app_data(ssl, pi->app_data.data, pi->app_data.data_len);
350 /* create new tvbuff for the decrypted data */
351 new_tvb = tvb_new_real_data(ssl->app_data_segment.data,
352 ssl->app_data_segment.data_len,
353 ssl->app_data_segment.data_len);
354 tvb_set_free_cb(new_tvb, g_free);
355 /* we allow subdissector to tell us more bytes */
357 /* subdissector call */
358 call_dissector(association->handle, new_tvb, pp, NULL);
359 /* if the dissector need more bytes */
360 if(pp->desegment_len>0){
361 /* we remove data to forbid subdissection */
362 p_remove_proto_data(pinfo->fd, proto_ssl);
363 /* update of COL_INFO */
364 if (check_col(pinfo->cinfo, COL_INFO)){
365 col_append_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]");
366 pinfo->cinfo->writable=FALSE;
372 /* we create SslPacketInfo to save data */
373 pi2=g_malloc(sizeof(SslPacketInfo));
374 pi2->app_data.data=g_malloc(ssl->app_data_segment.data_len);
375 memcpy(pi2->app_data.data,ssl->app_data_segment.data,ssl->app_data_segment.data_len);
376 pi2->app_data.data_len=ssl->app_data_segment.data_len;
378 /* we remove data if it's useful */
379 p_remove_proto_data(pinfo->fd, proto_ssl);
380 /* we add reassembled subprotocol data */
381 p_add_proto_data(pinfo->fd, proto_ssl, pi2);
382 /* we delete saved app_data */
383 if(ssl->app_data_segment.data)
384 g_free(ssl->app_data_segment.data);
385 ssl->app_data_segment.data=NULL;
386 ssl->app_data_segment.data_len=0;
389 /* we delete pp structure */
397 /*********************************************************************
399 * Forward Declarations
401 *********************************************************************/
404 * SSL version 3 and TLS dissectors
407 /* record layer dissector */
408 static gint dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
409 proto_tree *tree, guint32 offset,
411 gboolean *need_desegmentation,
412 SslDecryptSession *conv_data);
414 /* change cipher spec dissector */
415 static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
418 guint *conv_version, guint8 content_type);
420 /* alert message dissector */
421 static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
422 proto_tree *tree, guint32 offset,
423 guint *conv_version);
425 /* handshake protocol dissector */
426 static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
427 proto_tree *tree, guint32 offset,
428 guint32 record_length,
430 SslDecryptSession *conv_data, guint8 content_type);
433 static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
435 guint32 offset, guint32 length,
436 SslDecryptSession* ssl);
438 static void dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
440 guint32 offset, guint32 length,
441 SslDecryptSession* ssl);
443 static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
444 proto_tree *tree, guint32 offset, packet_info *pinfo);
446 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
450 static void dissect_ssl3_hnd_finished(tvbuff_t *tvb,
453 guint* conv_version);
457 * SSL version 2 dissectors
461 /* record layer dissector */
462 static gint dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
463 proto_tree *tree, guint32 offset,
465 gboolean *need_desegmentation,
466 SslDecryptSession* ssl);
468 /* client hello dissector */
469 static void dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
472 SslDecryptSession* ssl);
474 static void dissect_pct_msg_client_hello(tvbuff_t *tvb,
478 /* client master key dissector */
479 static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
482 static void dissect_pct_msg_client_master_key(tvbuff_t *tvb,
486 /* server hello dissector */
487 static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
489 guint32 offset, packet_info *pinfo);
490 static void dissect_pct_msg_server_hello(tvbuff_t *tvb,
492 guint32 offset, packet_info *pinfo);
495 static void dissect_pct_msg_server_verify(tvbuff_t *tvb,
499 static void dissect_pct_msg_error(tvbuff_t *tvb,
507 /*static void ssl_set_conv_version(packet_info *pinfo, guint version);*/
508 static gint ssl_is_valid_handshake_type(guint8 type);
509 static gint ssl_is_valid_ssl_version(guint16 version);
510 static gint ssl_is_authoritative_version_message(guint8 content_type,
512 static gint ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset);
513 static gint ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset);
514 static gint ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset);
515 static gint ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb,
517 guint32 record_length);
518 static gint ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb,
520 guint32 record_length);
521 /*********************************************************************
525 *********************************************************************/
527 * Code to actually dissect the packets
530 dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
533 conversation_t *conversation;
536 proto_tree *ssl_tree;
538 gboolean first_record_in_frame;
539 gboolean need_desegmentation;
540 SslDecryptSession* ssl_session;
545 first_record_in_frame = TRUE;
548 /* Track the version using conversations to reduce the
549 * chance that a packet that simply *looks* like a v2 or
550 * v3 packet is dissected improperly. This also allows
551 * us to more frequently set the protocol column properly
552 * for continuation data frames.
554 * Also: We use the copy in conv_version as our cached copy,
555 * so that we don't have to search the conversation
556 * table every time we want the version; when setting
557 * the conv_version, must set the copy in the conversation
558 * in addition to conv_version
560 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
561 pinfo->srcport, pinfo->destport, 0);
565 /* create a new conversation */
566 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
567 pinfo->srcport, pinfo->destport, 0);
569 conv_data = conversation_get_proto_data(conversation, proto_ssl);
571 /* PAOLO: manage ssl decryption data */
572 /*get a valid ssl session pointer*/
573 if (conv_data != NULL)
574 ssl_session = conv_data;
578 ssl_session = se_alloc0(sizeof(SslDecryptSession));
579 ssl_session_init(ssl_session);
580 ssl_session->version = SSL_VER_UNKNOWN;
581 conversation_add_proto_data(conversation, proto_ssl, ssl_session);
583 /* we need to know witch side of conversation is speaking*/
584 if (ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP)) {
585 dummy.addr = pinfo->src;
586 dummy.port = pinfo->srcport;
589 dummy.addr = pinfo->dst;
590 dummy.port = pinfo->destport;
592 ssl_debug_printf("dissect_ssl server %hhd.%hhd.%hhd.%hhd:%d\n",
594 dummy.addr.data[1],dummy.addr.data[2],
595 dummy.addr.data[3],dummy.port);
597 /* try to retrive private key for this service. Do it now 'cause pinfo
598 * is not always available
599 * Note that with HAVE_LIBGNUTLS undefined private_key is allways 0
600 * and thus decryption never engaged*/
601 ssl_session->private_key = g_hash_table_lookup(ssl_key_hash, &dummy);
602 if (!ssl_session->private_key)
603 ssl_debug_printf("dissect_ssl can't find private key for this server!\n");
605 conv_version= & ssl_session->version;
607 /* try decryption only the first time we see this packet
608 * (to keep cipher syncronized)and only if we have
609 * the server private key*/
610 if (!ssl_session->private_key || pinfo->fd->flags.visited)
613 /* Initialize the protocol column; we'll set it later when we
614 * figure out what flavor of SSL it is (assuming we don't
615 * throw an exception before we get the chance to do so). */
616 if (check_col(pinfo->cinfo, COL_PROTOCOL))
618 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSL");
620 /* clear the the info column */
621 if (check_col(pinfo->cinfo, COL_INFO))
622 col_clear(pinfo->cinfo, COL_INFO);
624 /* TCP packets and SSL records are orthogonal.
625 * A tcp packet may contain multiple ssl records and an ssl
626 * record may be spread across multiple tcp packets.
628 * This loop accounts for multiple ssl records in a single
629 * frame, but not a single ssl record across multiple tcp
632 * Handling the single ssl record across multiple packets
633 * may be possible using ethereal conversations, but
634 * probably not cleanly. May have to wait for tcp stream
638 /* Create display subtree for SSL as a whole */
641 ti = proto_tree_add_item(tree, proto_ssl, tvb, 0, -1, FALSE);
642 ssl_tree = proto_item_add_subtree(ti, ett_ssl);
644 /* iterate through the records in this tvbuff */
645 while (tvb_reported_length_remaining(tvb, offset) != 0)
647 /* on second and subsequent records per frame
648 * add a delimiter on info column
650 if (!first_record_in_frame
651 && check_col(pinfo->cinfo, COL_INFO))
653 col_append_str(pinfo->cinfo, COL_INFO, ", ");
657 * Assume, for now, that this doesn't need desegmentation.
659 need_desegmentation = FALSE;
661 /* first try to dispatch off the cached version
662 * known to be associated with the conversation
664 switch(*conv_version) {
667 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
668 offset, conv_version,
669 &need_desegmentation,
675 /* the version tracking code works too well ;-)
676 * at times, we may visit a v2 client hello after
677 * we already know the version of the connection;
678 * work around that here by detecting and calling
679 * the v2 dissector instead
681 if (ssl_is_v2_client_hello(tvb, offset))
683 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
684 offset, conv_version,
685 &need_desegmentation,
690 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
691 offset, conv_version,
692 &need_desegmentation,
697 /* that failed, so apply some heuristics based
698 * on this individual packet
701 if (ssl_looks_like_sslv2(tvb, offset))
703 /* looks like sslv2 or pct client hello */
704 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
705 offset, conv_version,
706 &need_desegmentation,
709 else if (ssl_looks_like_sslv3(tvb, offset))
711 /* looks like sslv3 or tls */
712 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
713 offset, conv_version,
714 &need_desegmentation,
719 /* looks like something unknown, so lump into
722 offset = tvb_length(tvb);
723 if (check_col(pinfo->cinfo, COL_INFO))
724 col_append_str(pinfo->cinfo, COL_INFO,
725 "Continuation Data");
727 /* Set the protocol column */
728 if (check_col(pinfo->cinfo, COL_PROTOCOL))
730 col_set_str(pinfo->cinfo, COL_PROTOCOL,
731 ssl_version_short_names[*conv_version]);
737 /* Desegmentation return check */
738 if (need_desegmentation)
740 /* set up for next record in frame, if any */
741 first_record_in_frame = FALSE;
743 tap_queue_packet(ssl_tap, pinfo, (gpointer)proto_ssl);
747 decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
748 guint32 record_length, guint8 content_type, SslDecryptSession* ssl,
749 gboolean save_plaintext)
755 /* if we can decrypt and decryption have success
756 * add decrypted data to this packet info*/
757 ssl_debug_printf("decrypt_ssl3_record: app_data len %d ssl state %X\n",
758 record_length, ssl->state);
759 if (!(ssl->state & SSL_HAVE_SESSION_KEY)) {
760 ssl_debug_printf("decrypt_ssl3_record: no session key\n");
764 /* retrive decoder for this packet direction*/
765 if ((direction = ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP)) != 0) {
766 ssl_debug_printf("decrypt_ssl3_record: using server decoder\n");
767 decoder = &ssl->server;
770 ssl_debug_printf("decrypt_ssl3_record: using client decoder\n");
771 decoder = &ssl->client;
774 /* ensure we have enough storage space for decrypted data */
775 if (record_length > ssl_decrypted_data.data_len)
777 ssl_debug_printf("decrypt_ssl3_record: allocating %d bytes"
778 " for decrypt data (old len %d)\n",
779 record_length + 32, ssl_decrypted_data.data_len);
780 ssl_decrypted_data.data = g_realloc(ssl_decrypted_data.data,
782 ssl_decrypted_data.data_len = record_length + 32;
785 /* run decryption and add decrypted payload to protocol data, if decryption
787 ssl_decrypted_data_avail = ssl_decrypted_data.data_len;
788 if (ssl_decrypt_record(ssl, decoder,
789 content_type, tvb_get_ptr(tvb, offset, record_length),
790 record_length, ssl_decrypted_data.data, &ssl_decrypted_data_avail) == 0)
792 if (ret && save_plaintext)
795 pi = p_get_proto_data(pinfo->fd, proto_ssl);
798 ssl_debug_printf("decrypt_ssl3_record: allocating app_data %d "
799 "bytes for app data\n", ssl_decrypted_data_avail);
800 /* first app data record: allocate and put packet data*/
801 pi = se_alloc0(sizeof(SslPacketInfo));
802 pi->app_data.data = se_alloc(ssl_decrypted_data_avail);
803 pi->app_data.data_len = ssl_decrypted_data_avail;
804 memcpy(pi->app_data.data, ssl_decrypted_data.data, ssl_decrypted_data_avail);
808 /* update previus record*/
809 ssl_debug_printf("decrypt_ssl3_record: reallocating app_data "
810 "%d bytes for app data (total %d appdata bytes)\n",
811 ssl_decrypted_data_avail, pi->app_data.data_len + ssl_decrypted_data_avail);
812 store = se_alloc(pi->app_data.data_len + ssl_decrypted_data_avail);
813 memcpy(store, pi->app_data.data, pi->app_data.data_len);
814 memcpy(&store[pi->app_data.data_len], ssl_decrypted_data.data, ssl_decrypted_data_avail);
815 pi->app_data.data_len += ssl_decrypted_data_avail;
817 /* old decrypted data ptr here appare to be leaked, but it's
818 * collected by emem allocator */
819 pi->app_data.data = store;
821 /* data ptr is changed, so remove old one and re-add the new one*/
822 ssl_debug_printf("decrypt_ssl3_record: removing old app_data ptr\n");
823 p_remove_proto_data(pinfo->fd, proto_ssl);
826 ssl_debug_printf("decrypt_ssl3_record: setting decrypted app_data ptr %p\n",pi);
827 p_add_proto_data(pinfo->fd, proto_ssl, pi);
834 /*********************************************************************
836 * SSL version 3 and TLS Dissection Routines
838 *********************************************************************/
840 dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
841 proto_tree *tree, guint32 offset,
842 guint *conv_version, gboolean *need_desegmentation,
843 SslDecryptSession* ssl)
848 * uint8 major, minor;
853 * change_cipher_spec(20), alert(21), handshake(22),
854 * application_data(23), (255)
859 * ProtocolVersion version;
861 * opaque fragment[TLSPlaintext.length];
864 guint32 record_length;
869 proto_tree *ssl_record_tree;
870 guint32 available_bytes;
872 SslAssociation* association;
874 ssl_record_tree = NULL;
877 available_bytes = tvb_length_remaining(tvb, offset);
880 * Can we do reassembly?
882 if (ssl_desegment && pinfo->can_desegment) {
884 * Yes - is the record header split across segment boundaries?
886 if (available_bytes < 5) {
888 * Yes. Tell the TCP dissector where the data for this
889 * message starts in the data it handed us, and how many
890 * more bytes we need, and return.
892 pinfo->desegment_offset = offset;
893 pinfo->desegment_len = 5 - available_bytes;
894 *need_desegmentation = TRUE;
900 * Get the record layer fields of interest
902 content_type = tvb_get_guint8(tvb, offset);
903 version = tvb_get_ntohs(tvb, offset + 1);
904 record_length = tvb_get_ntohs(tvb, offset + 3);
906 if (ssl_is_valid_content_type(content_type)) {
909 * Can we do reassembly?
911 if (ssl_desegment && pinfo->can_desegment) {
913 * Yes - is the record split across segment boundaries?
915 if (available_bytes < record_length + 5) {
917 * Yes. Tell the TCP dissector where the data for this
918 * message starts in the data it handed us, and how many
919 * more bytes we need, and return.
921 pinfo->desegment_offset = offset;
922 pinfo->desegment_len = (record_length + 5) - available_bytes;
923 *need_desegmentation = TRUE;
930 /* if we don't have a valid content_type, there's no sense
931 * continuing any further
933 if (check_col(pinfo->cinfo, COL_INFO))
934 col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
936 /* Set the protocol column */
937 if (check_col(pinfo->cinfo, COL_PROTOCOL))
939 col_set_str(pinfo->cinfo, COL_PROTOCOL,
940 ssl_version_short_names[*conv_version]);
942 return offset + 5 + record_length;
946 * If GUI, fill in record layer part of tree
951 /* add the record layer subtree header */
952 tvb_ensure_bytes_exist(tvb, offset, 5 + record_length);
953 ti = proto_tree_add_item(tree, hf_ssl_record, tvb,
954 offset, 5 + record_length, 0);
955 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
960 /* show the one-byte content type */
961 proto_tree_add_item(ssl_record_tree, hf_ssl_record_content_type,
965 /* add the version */
966 proto_tree_add_item(ssl_record_tree, hf_ssl_record_version, tvb,
971 proto_tree_add_uint(ssl_record_tree, hf_ssl_record_length, tvb,
972 offset, 2, record_length);
973 offset += 2; /* move past length field itself */
977 /* if no GUI tree, then just skip over those fields */
983 * if we don't already have a version set for this conversation,
984 * but this message's version is authoritative (i.e., it's
985 * not client_hello, then save the version to to conversation
986 * structure and print the column version
988 next_byte = tvb_get_guint8(tvb, offset);
989 if (*conv_version == SSL_VER_UNKNOWN
990 && ssl_is_authoritative_version_message(content_type, next_byte))
992 if (version == SSLV3_VERSION)
994 *conv_version = SSL_VER_SSLv3;
996 ssl->version_netorder = version;
997 ssl->state |= SSL_VERSION;
999 /*ssl_set_conv_version(pinfo, ssl->version);*/
1001 else if (version == TLSV1_VERSION)
1004 *conv_version = SSL_VER_TLS;
1006 ssl->version_netorder = version;
1007 ssl->state |= SSL_VERSION;
1009 /*ssl_set_conv_version(pinfo, ssl->version);*/
1011 else if (version == TLSV1DOT1_VERSION)
1014 *conv_version = SSL_VER_TLSv1DOT1;
1016 ssl->version_netorder = version;
1017 ssl->state |= SSL_VERSION;
1019 /*ssl_set_conv_version(pinfo, ssl->version);*/
1022 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1024 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1025 ssl_version_short_names[*conv_version]);
1029 * now dissect the next layer
1031 ssl_debug_printf("dissect_ssl3_record: content_type %d\n",content_type);
1033 /* PAOLO try to decrypt each record (we must keep ciphers "in sync")
1034 * store plain text only for app data */
1036 switch (content_type) {
1037 case SSL_ID_CHG_CIPHER_SPEC:
1038 if (check_col(pinfo->cinfo, COL_INFO))
1039 col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
1040 dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree,
1041 offset, conv_version, content_type);
1042 ssl_debug_printf("dissect_ssl3_change_cipher_spec\n");
1046 tvbuff_t* decrypted;
1048 if (ssl&&decrypt_ssl3_record(tvb, pinfo, offset,
1049 record_length, content_type, ssl, FALSE))
1050 ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data,
1051 ssl_decrypted_data_avail, offset);
1053 /* try to retrive and use decrypted alert record, if any. */
1054 decrypted = ssl_get_record_info(proto_ssl, pinfo, offset);
1056 dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0,
1059 dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
1063 case SSL_ID_HANDSHAKE:
1065 tvbuff_t* decrypted;
1067 /* try to decrypt handshake record, if possible. Store decrypted
1068 * record for later usage. The offset is used as 'key' to itentify
1069 * this record into the packet (we can have multiple handshake records
1070 * in the same frame) */
1071 if (ssl && decrypt_ssl3_record(tvb, pinfo, offset,
1072 record_length, content_type, ssl, FALSE))
1073 ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data,
1074 ssl_decrypted_data_avail, offset);
1076 /* try to retrive and use decrypted handshake record, if any. */
1077 decrypted = ssl_get_record_info(proto_ssl, pinfo, offset);
1079 /* add desegmented data to the data source list */
1080 add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
1081 dissect_ssl3_handshake(decrypted, pinfo, ssl_record_tree, 0,
1082 decrypted->length, conv_version, ssl, content_type);
1084 dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
1085 record_length, conv_version, ssl, content_type);
1089 case SSL_ID_APP_DATA:
1091 decrypt_ssl3_record(tvb, pinfo, offset,
1092 record_length, content_type, ssl, TRUE);
1093 /* if application data desegmentation is allowed */
1094 if(ssl_desegment_app_data)
1095 ssl_desegment_ssl_app_data(ssl,pinfo);
1100 /* show on info colum what we are decoding */
1101 if (check_col(pinfo->cinfo, COL_INFO))
1102 col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
1104 if (!ssl_record_tree)
1107 /* we need dissector information when the selected packet is shown.
1108 * ssl session pointer is NULL at that time, so we can't access
1109 * info cached there*/
1110 association = ssl_association_find(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP);
1111 association = association ? association: ssl_association_find(ssl_associations, pinfo->destport, pinfo->ptype == PT_TCP);
1113 proto_item_set_text(ssl_record_tree,
1114 "%s Record Layer: %s Protocol: %s",
1115 ssl_version_short_names[*conv_version],
1116 val_to_str(content_type, ssl_31_content_type, "unknown"),
1117 association?association->info:"Application Data");
1120 proto_tree_add_item(ssl_record_tree, hf_ssl_record_appdata, tvb,
1121 offset, record_length, 0);
1123 /* show decrypted data info, if available */
1124 pi = p_get_proto_data(pinfo->fd, proto_ssl);
1125 if (pi && pi->app_data.data)
1129 /* try to dissect decrypted data*/
1130 ssl_debug_printf("dissect_ssl3_record decrypted len %d\n",
1131 pi->app_data.data_len);
1133 /* create new tvbuff for the decrypted data */
1134 new_tvb = tvb_new_real_data(pi->app_data.data,
1135 pi->app_data.data_len, pi->app_data.data_len);
1137 /* add this tvb as a child to the original one */
1138 tvb_set_child_real_data_tvbuff(tvb, new_tvb);
1140 /* add desegmented data to the data source list */
1141 add_new_data_source(pinfo, new_tvb, "Decrypted SSL data");
1143 /* find out a dissector using server port*/
1144 if (association && association->handle) {
1145 ssl_debug_printf("dissect_ssl3_record found association %p\n", association);
1146 ssl_print_text_data("decrypted app data",pi->app_data.data,
1147 pi->app_data.data_len);
1149 call_dissector(association->handle, new_tvb, pinfo, proto_tree_get_root(tree));
1155 /* shouldn't get here since we check above for valid types */
1156 if (check_col(pinfo->cinfo, COL_INFO))
1157 col_append_str(pinfo->cinfo, COL_INFO, "Bad SSLv3 Content Type");
1160 offset += record_length; /* skip to end of record */
1165 /* dissects the change cipher spec procotol, filling in the tree */
1167 dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
1168 proto_tree *tree, guint32 offset,
1169 guint* conv_version, guint8 content_type)
1173 * enum { change_cipher_spec(1), (255) } type;
1174 * } ChangeCipherSpec;
1179 proto_item_set_text(tree,
1180 "%s Record Layer: %s Protocol: Change Cipher Spec",
1181 ssl_version_short_names[*conv_version],
1182 val_to_str(content_type, ssl_31_content_type, "unknown"));
1183 proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
1184 offset++, 1, FALSE);
1188 /* dissects the alert message, filling in the tree */
1190 dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
1191 proto_tree *tree, guint32 offset,
1192 guint* conv_version)
1196 * AlertDescription description;
1200 proto_tree *ssl_alert_tree;
1204 ssl_alert_tree = NULL;
1207 ti = proto_tree_add_item(tree, hf_ssl_alert_message, tvb,
1209 ssl_alert_tree = proto_item_add_subtree(ti, ett_ssl_alert);
1213 * set the record layer label
1216 /* first lookup the names for the alert level and description */
1217 byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
1218 level = match_strval(byte, ssl_31_alert_level);
1220 byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
1221 desc = match_strval(byte, ssl_31_alert_description);
1223 /* now set the text in the record layer line */
1226 if (check_col(pinfo->cinfo, COL_INFO))
1227 col_append_fstr(pinfo->cinfo, COL_INFO,
1228 "Alert (Level: %s, Description: %s)",
1233 if (check_col(pinfo->cinfo, COL_INFO))
1234 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
1241 proto_item_set_text(tree, "%s Record Layer: Alert "
1242 "(Level: %s, Description: %s)",
1243 ssl_version_short_names[*conv_version],
1245 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
1246 tvb, offset++, 1, FALSE);
1248 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_description,
1249 tvb, offset++, 1, FALSE);
1253 proto_item_set_text(tree,
1254 "%s Record Layer: Encrypted Alert",
1255 ssl_version_short_names[*conv_version]);
1256 proto_item_set_text(ssl_alert_tree,
1257 "Alert Message: Encrypted Alert");
1263 /* dissects the handshake protocol, filling the tree */
1265 dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
1266 proto_tree *tree, guint32 offset,
1267 guint32 record_length, guint *conv_version,
1268 SslDecryptSession* ssl, guint8 content_type)
1271 * HandshakeType msg_type;
1273 * select (HandshakeType) {
1274 * case hello_request: HelloRequest;
1275 * case client_hello: ClientHello;
1276 * case server_hello: ServerHello;
1277 * case certificate: Certificate;
1278 * case server_key_exchange: ServerKeyExchange;
1279 * case certificate_request: CertificateRequest;
1280 * case server_hello_done: ServerHelloDone;
1281 * case certificate_verify: CertificateVerify;
1282 * case client_key_exchange: ClientKeyExchange;
1283 * case finished: Finished;
1288 proto_tree *ssl_hand_tree;
1289 const gchar *msg_type_str;
1292 gboolean first_iteration;
1294 ssl_hand_tree = NULL;
1295 msg_type_str = NULL;
1296 first_iteration = TRUE;
1298 /* just as there can be multiple records per packet, there
1299 * can be multiple messages per record as long as they have
1300 * the same content type
1302 * we really only care about this for handshake messages
1305 /* set record_length to the max offset */
1306 record_length += offset;
1307 while (offset < record_length)
1309 msg_type = tvb_get_guint8(tvb, offset);
1310 msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
1311 length = tvb_get_ntoh24(tvb, offset + 1);
1313 ssl_debug_printf("dissect_ssl3_handshake iteration %d type %d offset %d lenght %d "
1314 "bytes, remaning %d \n", first_iteration, msg_type, offset, length, record_length);
1315 if (!msg_type_str && !first_iteration)
1317 /* only dissect / report messages if they're
1318 * either the first message in this record
1319 * or they're a valid message type
1324 /* on second and later iterations, add comma to info col */
1325 if (!first_iteration)
1327 if (check_col(pinfo->cinfo, COL_INFO))
1328 col_append_fstr(pinfo->cinfo, COL_INFO, ", ");
1332 * Update our info string
1334 if (check_col(pinfo->cinfo, COL_INFO))
1335 col_append_fstr(pinfo->cinfo, COL_INFO, "%s", (msg_type_str != NULL)
1336 ? msg_type_str : "Encrypted Handshake Message");
1340 /* set the label text on the record layer expanding node */
1341 if (first_iteration)
1343 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
1344 ssl_version_short_names[*conv_version],
1345 val_to_str(content_type, ssl_31_content_type, "unknown"),
1346 (msg_type_str!=NULL) ? msg_type_str :
1347 "Encrypted Handshake Message");
1351 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
1352 ssl_version_short_names[*conv_version],
1353 val_to_str(content_type, ssl_31_content_type, "unknown"),
1354 "Multiple Handshake Messages");
1357 /* add a subtree for the handshake protocol */
1358 ti = proto_tree_add_item(tree, hf_ssl_handshake_protocol, tvb,
1359 offset, length + 4, 0);
1360 ssl_hand_tree = proto_item_add_subtree(ti, ett_ssl_handshake);
1364 /* set the text label on the subtree node */
1365 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s",
1366 (msg_type_str != NULL) ? msg_type_str :
1367 "Encrypted Handshake Message");
1371 /* if we don't have a valid handshake type, just quit dissecting */
1375 /* PAOLO: if we are doing ssl decryption we must dissect some requests type */
1376 if (ssl_hand_tree || ssl)
1378 /* add nodes for the message type and message length */
1380 proto_tree_add_item(ssl_hand_tree, hf_ssl_handshake_type,
1381 tvb, offset, 1, msg_type);
1384 proto_tree_add_uint(ssl_hand_tree, hf_ssl_handshake_length,
1385 tvb, offset, 3, length);
1388 /* now dissect the handshake message, if necessary */
1390 case SSL_HND_HELLO_REQUEST:
1391 /* hello_request has no fields, so nothing to do! */
1394 case SSL_HND_CLIENT_HELLO:
1395 dissect_ssl3_hnd_cli_hello(tvb, ssl_hand_tree, offset, length, ssl);
1398 case SSL_HND_SERVER_HELLO:
1399 dissect_ssl3_hnd_srv_hello(tvb, ssl_hand_tree, offset, length, ssl);
1402 case SSL_HND_CERTIFICATE:
1403 dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset, pinfo);
1406 case SSL_HND_SERVER_KEY_EXCHG:
1410 case SSL_HND_CERT_REQUEST:
1411 dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset);
1414 case SSL_HND_SVR_HELLO_DONE:
1415 /* server_hello_done has no fields, so nothing to do! */
1418 case SSL_HND_CERT_VERIFY:
1422 case SSL_HND_CLIENT_KEY_EXCHG:
1424 /* PAOLO: here we can have all the data to build session key*/
1425 StringInfo encrypted_pre_master;
1427 guint encrlen, skip;
1434 /* check for required session data */
1435 ssl_debug_printf("dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state %X\n",
1437 if ((ssl->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) !=
1438 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) {
1439 ssl_debug_printf("dissect_ssl3_handshake not enough data to generate key (required %X)\n",
1440 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION));
1444 /* get encrypted data, on tls1 we have to skip two bytes
1445 * (it's the encrypted len and should be equal to record len - 2)
1447 if (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1)
1449 encrlen = tvb_get_ntohs(tvb, offset);
1451 if (encrlen > length - 2)
1453 ssl_debug_printf("dissect_ssl3_handshake wrong encrypted length (%d max %d)\n",
1458 encrypted_pre_master.data = se_alloc(encrlen);
1459 encrypted_pre_master.data_len = encrlen;
1460 tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
1462 if (!ssl->private_key) {
1463 ssl_debug_printf("dissect_ssl3_handshake can't find private key\n");
1467 /* go with ssl key processessing; encrypted_pre_master
1468 * will be used for master secret store*/
1469 ret = ssl_decrypt_pre_master_secret(ssl, &encrypted_pre_master, ssl->private_key);
1471 ssl_debug_printf("dissect_ssl3_handshake can't decrypt pre master secret\n");
1474 if (ssl_generate_keyring_material(ssl)<0) {
1475 ssl_debug_printf("dissect_ssl3_handshake can't generate keyring material\n");
1478 ssl->state |= SSL_HAVE_SESSION_KEY;
1479 ssl_save_session(ssl, ssl_session_hash);
1480 ssl_debug_printf("dissect_ssl3_handshake session keys succesfully generated\n");
1484 case SSL_HND_FINISHED:
1485 dissect_ssl3_hnd_finished(tvb, ssl_hand_tree,
1486 offset, conv_version);
1492 offset += 4; /* skip the handshake header when handshake is not processed*/
1495 first_iteration = FALSE; /* set up for next pass, if any */
1500 dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
1501 guint32 offset, SslDecryptSession* ssl, gint from_server)
1503 /* show the client's random challenge */
1504 nstime_t gmt_unix_time;
1505 guint8 session_id_length;
1507 proto_tree *ssl_rnd_tree;
1509 session_id_length = 0;
1513 /* PAOLO: get proper peer information*/
1516 rnd = &ssl->server_random;
1518 rnd = &ssl->client_random;
1520 /* get provided random for keyring generation*/
1521 tvb_memcpy(tvb, rnd->data, offset, 32);
1524 ssl->state |= SSL_SERVER_RANDOM;
1526 ssl->state |= SSL_CLIENT_RANDOM;
1527 ssl_debug_printf("dissect_ssl3_hnd_hello_common found random state %X\n",
1530 session_id_length = tvb_get_guint8(tvb, offset + 32);
1531 /* check stored session id info */
1532 if (from_server && (session_id_length == ssl->session_id.data_len) &&
1533 (tvb_memeql(tvb, offset+33, ssl->session_id.data, session_id_length) == 0))
1535 /* clinet/server id match: try to restore a previous cached session*/
1536 ssl_restore_session(ssl, ssl_session_hash);
1539 tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length);
1540 ssl->session_id.data_len = session_id_length;
1546 ti_rnd = proto_tree_add_text(tree, tvb, offset, 32, "Random");
1547 ssl_rnd_tree = proto_item_add_subtree(ti_rnd, ett_ssl_random);
1550 gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
1551 gmt_unix_time.nsecs = 0;
1552 proto_tree_add_time(ssl_rnd_tree, hf_ssl_handshake_random_time,
1553 tvb, offset, 4, &gmt_unix_time);
1556 /* show the random bytes */
1557 proto_tree_add_item(ssl_rnd_tree, hf_ssl_handshake_random_bytes,
1558 tvb, offset, 28, FALSE);
1561 /* show the session id */
1562 session_id_length = tvb_get_guint8(tvb, offset);
1563 proto_tree_add_item(tree, hf_ssl_handshake_session_id_len,
1564 tvb, offset++, 1, 0);
1565 if (session_id_length > 0)
1567 tvb_ensure_bytes_exist(tvb, offset, session_id_length);
1568 proto_tree_add_bytes_format(tree, hf_ssl_handshake_session_id,
1569 tvb, offset, session_id_length,
1570 tvb_get_ptr(tvb, offset, session_id_length),
1571 "Session ID (%u byte%s)",
1573 plurality(session_id_length, "", "s"));
1574 offset += session_id_length;
1580 return session_id_length+33;
1584 dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
1585 proto_tree *tree, guint32 offset, guint32 left)
1587 guint16 extension_length;
1591 proto_tree *ext_tree;
1596 extension_length = tvb_get_ntohs(tvb, offset);
1597 proto_tree_add_uint(tree, hf_ssl_handshake_extensions_len,
1598 tvb, offset, 2, extension_length);
1604 ext_type = tvb_get_ntohs(tvb, offset);
1605 ext_len = tvb_get_ntohs(tvb, offset + 2);
1607 pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len,
1609 val_to_str(ext_type,
1610 tls_hello_extension_types,
1612 ext_tree = proto_item_add_subtree(pi, ett_ssl_extension);
1616 proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_type,
1617 tvb, offset, 2, ext_type);
1620 proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_len,
1621 tvb, offset, 2, ext_len);
1624 proto_tree_add_bytes_format(ext_tree, hf_ssl_handshake_extension_data,
1625 tvb, offset, ext_len,
1626 tvb_get_ptr(tvb, offset, ext_len),
1628 ext_len, plurality(ext_len, "", "s"));
1630 left -= 2 + 2 + ext_len;
1637 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
1638 proto_tree *tree, guint32 offset, guint32 length,
1639 SslDecryptSession*ssl)
1642 * ProtocolVersion client_version;
1644 * SessionID session_id;
1645 * CipherSuite cipher_suites<2..2^16-1>;
1646 * CompressionMethod compression_methods<1..2^8-1>;
1647 * Extension client_hello_extension_list<0..2^16-1>;
1652 proto_tree *cs_tree;
1653 guint16 cipher_suite_length;
1654 guint8 compression_methods_length;
1655 guint8 compression_method;
1656 guint16 start_offset;
1657 cipher_suite_length = 0;
1658 compression_methods_length = 0;
1659 start_offset = offset;
1663 /* show the client version */
1665 proto_tree_add_item(tree, hf_ssl_handshake_client_version, tvb,
1669 /* show the fields in common with server hello */
1670 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 0);
1672 /* tell the user how many cipher suites there are */
1673 cipher_suite_length = tvb_get_ntohs(tvb, offset);
1676 proto_tree_add_uint(tree, hf_ssl_handshake_cipher_suites_len,
1677 tvb, offset, 2, cipher_suite_length);
1678 offset += 2; /* skip opaque length */
1680 if (cipher_suite_length > 0)
1682 tvb_ensure_bytes_exist(tvb, offset, cipher_suite_length);
1683 ti = proto_tree_add_none_format(tree,
1684 hf_ssl_handshake_cipher_suites,
1685 tvb, offset, cipher_suite_length,
1686 "Cipher Suites (%u suite%s)",
1687 cipher_suite_length / 2,
1688 plurality(cipher_suite_length/2, "", "s"));
1690 /* make this a subtree */
1691 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1694 cs_tree = tree; /* failsafe */
1697 while (cipher_suite_length > 0)
1699 proto_tree_add_item(cs_tree, hf_ssl_handshake_cipher_suite,
1700 tvb, offset, 2, FALSE);
1702 cipher_suite_length -= 2;
1706 /* tell the user how man compression methods there are */
1707 compression_methods_length = tvb_get_guint8(tvb, offset);
1708 proto_tree_add_uint(tree, hf_ssl_handshake_comp_methods_len,
1709 tvb, offset, 1, compression_methods_length);
1712 if (compression_methods_length > 0)
1714 tvb_ensure_bytes_exist(tvb, offset, compression_methods_length);
1715 ti = proto_tree_add_none_format(tree,
1716 hf_ssl_handshake_comp_methods,
1717 tvb, offset, compression_methods_length,
1718 "Compression Methods (%u method%s)",
1719 compression_methods_length,
1720 plurality(compression_methods_length,
1723 /* make this a subtree */
1724 cs_tree = proto_item_add_subtree(ti, ett_ssl_comp_methods);
1727 cs_tree = tree; /* failsafe */
1730 while (compression_methods_length > 0)
1732 compression_method = tvb_get_guint8(tvb, offset);
1733 if (compression_method < 64)
1734 proto_tree_add_uint(cs_tree, hf_ssl_handshake_comp_method,
1735 tvb, offset, 1, compression_method);
1736 else if (compression_method > 63 && compression_method < 193)
1737 proto_tree_add_text(cs_tree, tvb, offset, 1,
1738 "Compression Method: Reserved - to be assigned by IANA (%u)",
1739 compression_method);
1741 proto_tree_add_text(cs_tree, tvb, offset, 1,
1742 "Compression Method: Private use range (%u)",
1743 compression_method);
1745 compression_methods_length--;
1749 if (length > offset - start_offset)
1751 offset = dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
1753 (offset - start_offset));
1759 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
1760 proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl)
1763 * ProtocolVersion server_version;
1765 * SessionID session_id;
1766 * CipherSuite cipher_suite;
1767 * CompressionMethod compression_method;
1768 * Extension server_hello_extension_list<0..2^16-1>;
1771 guint16 start_offset;
1772 start_offset = offset;
1776 /* show the server version */
1778 proto_tree_add_item(tree, hf_ssl_handshake_server_version, tvb,
1782 /* first display the elements conveniently in
1783 * common with client hello
1785 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 1);
1787 /* PAOLO: handle session cipher suite */
1789 /* store selected cipher suite for decryption */
1790 ssl->cipher = tvb_get_ntohs(tvb, offset);
1791 if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
1792 ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher);
1796 ssl->state |= SSL_CIPHER;
1797 ssl_debug_printf("dissect_ssl3_hnd_srv_hello found cipher %X, state %X\n",
1798 ssl->cipher, ssl->state);
1800 /* if we have restored a session now we can have enought material
1801 * to build session key, check it out*/
1803 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) !=
1804 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) {
1805 ssl_debug_printf("dissect_ssl3_hnd_srv_hello not enough data to generate key (required %X)\n",
1806 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET));
1810 ssl_debug_printf("dissect_ssl3_hnd_srv_hello trying to generate keys\n");
1811 if (ssl_generate_keyring_material(ssl)<0) {
1812 ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't generate keyring material\n");
1815 ssl->state |= SSL_HAVE_SESSION_KEY;
1821 /* now the server-selected cipher suite */
1822 proto_tree_add_item(tree, hf_ssl_handshake_cipher_suite,
1823 tvb, offset, 2, FALSE);
1826 /* and the server-selected compression method */
1827 proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
1828 tvb, offset, 1, FALSE);
1831 if (length > offset - start_offset)
1833 offset = dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
1835 (offset - start_offset));
1841 dissect_ssl3_hnd_cert(tvbuff_t *tvb,
1842 proto_tree *tree, guint32 offset, packet_info *pinfo)
1845 /* opaque ASN.1Cert<2^24-1>;
1848 * ASN.1Cert certificate_list<1..2^24-1>;
1851 guint32 certificate_list_length;
1853 proto_tree *subtree;
1857 certificate_list_length = tvb_get_ntoh24(tvb, offset);
1858 proto_tree_add_uint(tree, hf_ssl_handshake_certificates_len,
1859 tvb, offset, 3, certificate_list_length);
1860 offset += 3; /* 24-bit length value */
1862 if (certificate_list_length > 0)
1864 tvb_ensure_bytes_exist(tvb, offset, certificate_list_length);
1865 ti = proto_tree_add_none_format(tree,
1866 hf_ssl_handshake_certificates,
1867 tvb, offset, certificate_list_length,
1868 "Certificates (%u byte%s)",
1869 certificate_list_length,
1870 plurality(certificate_list_length,
1873 /* make it a subtree */
1874 subtree = proto_item_add_subtree(ti, ett_ssl_certs);
1877 subtree = tree; /* failsafe */
1880 /* iterate through each certificate */
1881 while (certificate_list_length > 0)
1883 /* get the length of the current certificate */
1884 guint32 cert_length;
1885 cert_length = tvb_get_ntoh24(tvb, offset);
1886 certificate_list_length -= 3 + cert_length;
1888 proto_tree_add_item(subtree, hf_ssl_handshake_certificate_len,
1889 tvb, offset, 3, FALSE);
1892 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, subtree, hf_ssl_handshake_certificate);
1893 offset += cert_length;
1901 dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
1902 proto_tree *tree, guint32 offset)
1906 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
1908 * } ClientCertificateType;
1910 * opaque DistinguishedName<1..2^16-1>;
1913 * ClientCertificateType certificate_types<1..2^8-1>;
1914 * DistinguishedName certificate_authorities<3..2^16-1>;
1915 * } CertificateRequest;
1919 proto_tree *subtree;
1920 guint8 cert_types_count;
1922 cert_types_count = 0;
1927 cert_types_count = tvb_get_guint8(tvb, offset);
1928 proto_tree_add_uint(tree, hf_ssl_handshake_cert_types_count,
1929 tvb, offset, 1, cert_types_count);
1932 if (cert_types_count > 0)
1934 ti = proto_tree_add_none_format(tree,
1935 hf_ssl_handshake_cert_types,
1936 tvb, offset, cert_types_count,
1937 "Certificate types (%u type%s)",
1939 plurality(cert_types_count, "", "s"));
1940 subtree = proto_item_add_subtree(ti, ett_ssl_cert_types);
1946 while (cert_types_count > 0)
1948 proto_tree_add_item(subtree, hf_ssl_handshake_cert_type,
1949 tvb, offset, 1, FALSE);
1955 dnames_length = tvb_get_ntohs(tvb, offset);
1956 proto_tree_add_uint(tree, hf_ssl_handshake_dnames_len,
1957 tvb, offset, 2, dnames_length);
1960 if (dnames_length > 0)
1962 tvb_ensure_bytes_exist(tvb, offset, dnames_length);
1963 ti = proto_tree_add_none_format(tree,
1964 hf_ssl_handshake_dnames,
1965 tvb, offset, dnames_length,
1966 "Distinguished Names (%d byte%s)",
1968 plurality(dnames_length, "", "s"));
1969 subtree = proto_item_add_subtree(ti, ett_ssl_dnames);
1975 while (dnames_length > 0)
1977 /* get the length of the current certificate */
1978 guint16 name_length;
1979 name_length = tvb_get_ntohs(tvb, offset);
1980 dnames_length -= 2 + name_length;
1982 proto_tree_add_item(subtree, hf_ssl_handshake_dname_len,
1983 tvb, offset, 2, FALSE);
1986 tvb_ensure_bytes_exist(tvb, offset, name_length);
1987 proto_tree_add_bytes_format(subtree,
1988 hf_ssl_handshake_dname,
1989 tvb, offset, name_length,
1990 tvb_get_ptr(tvb, offset, name_length),
1991 "Distinguished Name (%u byte%s)",
1993 plurality(name_length, "", "s"));
1994 offset += name_length;
2002 dissect_ssl3_hnd_finished(tvbuff_t *tvb,
2003 proto_tree *tree, guint32 offset,
2004 guint* conv_version)
2008 * opaque verify_data[12];
2013 * opaque md5_hash[16];
2014 * opaque sha_hash[20];
2018 /* this all needs a tree, so bail if we don't have one */
2024 switch(*conv_version) {
2026 case SSL_VER_TLSv1DOT1:
2027 proto_tree_add_item(tree, hf_ssl_handshake_finished,
2028 tvb, offset, 12, FALSE);
2032 proto_tree_add_item(tree, hf_ssl_handshake_md5_hash,
2033 tvb, offset, 16, FALSE);
2035 proto_tree_add_item(tree, hf_ssl_handshake_sha_hash,
2036 tvb, offset, 20, FALSE);
2042 /*********************************************************************
2044 * SSL version 2 Dissectors
2046 *********************************************************************/
2049 /* record layer dissector */
2051 dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
2052 guint32 offset, guint* conv_version,
2053 gboolean *need_desegmentation,
2054 SslDecryptSession* ssl)
2056 guint32 initial_offset;
2058 guint8 record_length_length;
2059 guint32 record_length;
2061 gint16 padding_length;
2063 const gchar *msg_type_str;
2064 guint32 available_bytes;
2066 proto_tree *ssl_record_tree;
2068 initial_offset = offset;
2070 record_length_length = 0;
2073 padding_length = -1;
2075 msg_type_str = NULL;
2076 available_bytes = 0;
2077 ssl_record_tree = NULL;
2079 /* pull first byte; if high bit is set, then record
2080 * length is three bytes due to padding; otherwise
2081 * record length is two bytes
2083 byte = tvb_get_guint8(tvb, offset);
2084 record_length_length = (byte & 0x80) ? 2 : 3;
2087 * Can we do reassembly?
2089 available_bytes = tvb_length_remaining(tvb, offset);
2091 if (ssl_desegment && pinfo->can_desegment) {
2093 * Yes - is the record header split across segment boundaries?
2095 if (available_bytes < record_length_length) {
2097 * Yes. Tell the TCP dissector where the data for this
2098 * message starts in the data it handed us, and how many
2099 * more bytes we need, and return.
2101 pinfo->desegment_offset = offset;
2102 pinfo->desegment_len = record_length_length - available_bytes;
2103 *need_desegmentation = TRUE;
2108 /* parse out the record length */
2109 switch(record_length_length) {
2110 case 2: /* two-byte record length */
2111 record_length = (byte & 0x7f) << 8;
2112 byte = tvb_get_guint8(tvb, offset + 1);
2113 record_length += byte;
2115 case 3: /* three-byte record length */
2116 is_escape = (byte & 0x40) ? TRUE : FALSE;
2117 record_length = (byte & 0x3f) << 8;
2118 byte = tvb_get_guint8(tvb, offset + 1);
2119 record_length += byte;
2120 byte = tvb_get_guint8(tvb, offset + 2);
2121 padding_length = byte;
2125 * Can we do reassembly?
2127 if (ssl_desegment && pinfo->can_desegment) {
2129 * Yes - is the record split across segment boundaries?
2131 if (available_bytes < (record_length_length + record_length)) {
2133 * Yes. Tell the TCP dissector where the data for this
2134 * message starts in the data it handed us, and how many
2135 * more bytes we need, and return.
2137 pinfo->desegment_offset = offset;
2138 pinfo->desegment_len = (record_length_length + record_length)
2140 *need_desegmentation = TRUE;
2144 offset += record_length_length;
2146 /* add the record layer subtree header */
2147 ti = proto_tree_add_item(tree, hf_ssl2_record, tvb, initial_offset,
2148 record_length_length + record_length, 0);
2149 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
2151 /* pull the msg_type so we can bail if it's unknown */
2152 msg_type = tvb_get_guint8(tvb, initial_offset + record_length_length);
2154 /* if we get a server_hello or later handshake in v2, then set
2157 if (*conv_version == SSL_VER_UNKNOWN)
2159 if (ssl_looks_like_valid_pct_handshake(tvb,
2161 record_length_length),
2163 *conv_version = SSL_VER_PCT;
2164 /*ssl_set_conv_version(pinfo, ssl->version);*/
2166 else if (msg_type >= 2 && msg_type <= 8)
2168 *conv_version = SSL_VER_SSLv2;
2169 /*ssl_set_conv_version(pinfo, ssl->version);*/
2173 /* if we get here, but don't have a version set for the
2174 * conversation, then set a version for just this frame
2175 * (e.g., on a client hello)
2177 if (check_col(pinfo->cinfo, COL_PROTOCOL))
2179 col_set_str(pinfo->cinfo, COL_PROTOCOL,
2180 (*conv_version == SSL_VER_PCT) ? "PCT" : "SSLv2");
2183 /* see if the msg_type is valid; if not the payload is
2184 * probably encrypted, so note that fact and bail
2186 msg_type_str = match_strval(msg_type,
2187 (*conv_version == SSL_VER_PCT)
2188 ? pct_msg_types : ssl_20_msg_types);
2190 || ((*conv_version != SSL_VER_PCT) &&
2191 !ssl_looks_like_valid_v2_handshake(tvb, initial_offset
2192 + record_length_length,
2194 || ((*conv_version == SSL_VER_PCT) &&
2195 !ssl_looks_like_valid_pct_handshake(tvb, initial_offset
2196 + record_length_length,
2199 if (ssl_record_tree)
2201 proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
2202 (*conv_version == SSL_VER_PCT)
2206 if (check_col(pinfo->cinfo, COL_INFO))
2207 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Data");
2208 return initial_offset + record_length_length + record_length;
2212 if (check_col(pinfo->cinfo, COL_INFO))
2213 col_append_str(pinfo->cinfo, COL_INFO, msg_type_str);
2215 if (ssl_record_tree)
2217 proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
2218 (*conv_version == SSL_VER_PCT)
2224 /* We have a valid message type, so move foward, filling in the
2225 * tree by adding the length, is_escape boolean and padding_length,
2226 * if present in the original packet
2228 if (ssl_record_tree)
2230 /* add the record length */
2231 tvb_ensure_bytes_exist(tvb, offset, record_length_length);
2232 ti = proto_tree_add_uint (ssl_record_tree,
2233 hf_ssl_record_length, tvb,
2234 initial_offset, record_length_length,
2237 if (ssl_record_tree && is_escape != -1)
2239 proto_tree_add_boolean(ssl_record_tree,
2240 hf_ssl2_record_is_escape, tvb,
2241 initial_offset, 1, is_escape);
2243 if (ssl_record_tree && padding_length != -1)
2245 proto_tree_add_uint(ssl_record_tree,
2246 hf_ssl2_record_padding_length, tvb,
2247 initial_offset + 2, 1, padding_length);
2251 * dissect the record data
2254 /* jump forward to the start of the record data */
2255 offset = initial_offset + record_length_length;
2257 /* add the message type */
2258 if (ssl_record_tree)
2260 proto_tree_add_item(ssl_record_tree,
2261 (*conv_version == SSL_VER_PCT)
2262 ? hf_pct_msg_type : hf_ssl2_msg_type,
2265 offset++; /* move past msg_type byte */
2267 if (*conv_version != SSL_VER_PCT)
2269 /* dissect the message (only handle client hello right now) */
2271 case SSL2_HND_CLIENT_HELLO:
2272 dissect_ssl2_hnd_client_hello(tvb, ssl_record_tree, offset, ssl);
2275 case SSL2_HND_CLIENT_MASTER_KEY:
2276 dissect_ssl2_hnd_client_master_key(tvb, ssl_record_tree, offset);
2279 case SSL2_HND_SERVER_HELLO:
2280 dissect_ssl2_hnd_server_hello(tvb, ssl_record_tree, offset, pinfo);
2283 case SSL2_HND_ERROR:
2284 case SSL2_HND_CLIENT_FINISHED:
2285 case SSL2_HND_SERVER_VERIFY:
2286 case SSL2_HND_SERVER_FINISHED:
2287 case SSL2_HND_REQUEST_CERTIFICATE:
2288 case SSL2_HND_CLIENT_CERTIFICATE:
2292 default: /* unknown */
2298 /* dissect the message */
2300 case PCT_MSG_CLIENT_HELLO:
2301 dissect_pct_msg_client_hello(tvb, ssl_record_tree, offset);
2303 case PCT_MSG_SERVER_HELLO:
2304 dissect_pct_msg_server_hello(tvb, ssl_record_tree, offset, pinfo);
2306 case PCT_MSG_CLIENT_MASTER_KEY:
2307 dissect_pct_msg_client_master_key(tvb, ssl_record_tree, offset);
2309 case PCT_MSG_SERVER_VERIFY:
2310 dissect_pct_msg_server_verify(tvb, ssl_record_tree, offset);
2313 dissect_pct_msg_error(tvb, ssl_record_tree, offset);
2316 default: /* unknown */
2320 return (initial_offset + record_length_length + record_length);
2324 dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
2325 proto_tree *tree, guint32 offset,
2326 SslDecryptSession* ssl)
2331 * uint16 cipher_spec_length;
2332 * uint16 session_id_length;
2333 * uint16 challenge_length;
2334 * V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length];
2335 * opaque session_id[V2ClientHello.session_id_length];
2339 * Note: when we get here, offset's already pointing at Version
2343 guint16 cipher_spec_length;
2344 guint16 session_id_length;
2345 guint16 challenge_length;
2348 proto_tree *cs_tree;
2351 version = tvb_get_ntohs(tvb, offset);
2352 if (!ssl_is_valid_ssl_version(version))
2354 /* invalid version; probably encrypted data */
2360 /* show the version */
2362 proto_tree_add_item(tree, hf_ssl_record_version, tvb,
2366 cipher_spec_length = tvb_get_ntohs(tvb, offset);
2368 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec_len,
2369 tvb, offset, 2, FALSE);
2372 session_id_length = tvb_get_ntohs(tvb, offset);
2374 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_len,
2375 tvb, offset, 2, FALSE);
2378 challenge_length = tvb_get_ntohs(tvb, offset);
2380 proto_tree_add_item(tree, hf_ssl2_handshake_challenge_len,
2381 tvb, offset, 2, FALSE);
2386 /* tell the user how many cipher specs they've won */
2387 tvb_ensure_bytes_exist(tvb, offset, cipher_spec_length);
2388 ti = proto_tree_add_none_format(tree, hf_ssl_handshake_cipher_suites,
2389 tvb, offset, cipher_spec_length,
2390 "Cipher Specs (%u specs)",
2391 cipher_spec_length/3);
2393 /* make this a subtree and expand the actual specs below */
2394 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2397 cs_tree = tree; /* failsafe */
2401 /* iterate through the cipher specs, showing them */
2402 while (cipher_spec_length > 0)
2405 proto_tree_add_item(cs_tree, hf_ssl2_handshake_cipher_spec,
2406 tvb, offset, 3, FALSE);
2407 offset += 3; /* length of one cipher spec */
2408 cipher_spec_length -= 3;
2411 /* if there's a session id, show it */
2412 if (session_id_length > 0)
2416 tvb_ensure_bytes_exist(tvb, offset, session_id_length);
2417 proto_tree_add_bytes_format(tree,
2418 hf_ssl_handshake_session_id,
2419 tvb, offset, session_id_length,
2420 tvb_get_ptr(tvb, offset, session_id_length),
2421 "Session ID (%u byte%s)",
2423 plurality(session_id_length, "", "s"));
2426 /* PAOLO: get session id and reset session state for key [re]negotiation */
2429 tvb_memcpy(tvb,ssl->session_id.data, offset, session_id_length);
2430 ssl->session_id.data_len = session_id_length;
2431 ssl->state &= ~(SSL_HAVE_SESSION_KEY|SSL_MASTER_SECRET|
2432 SSL_CIPHER|SSL_SERVER_RANDOM);
2434 offset += session_id_length;
2437 /* if there's a challenge, show it */
2438 if (challenge_length > 0)
2440 tvb_ensure_bytes_exist(tvb, offset, challenge_length);
2443 proto_tree_add_item(tree, hf_ssl2_handshake_challenge,
2444 tvb, offset, challenge_length, 0);
2447 /* PAOLO: get client random data; we get at most 32 bytes from
2450 max = challenge_length > 32? 32: challenge_length;
2452 ssl_debug_printf("client random len: %d padded to 32\n",
2455 /* client random is padded with zero and 'right' aligned */
2456 memset(ssl->client_random.data, 0, 32 - max);
2457 tvb_memcpy(tvb, &ssl->client_random.data[32 - max], offset, max);
2458 ssl->client_random.data_len = 32;
2459 ssl->state |= SSL_CLIENT_RANDOM;
2462 offset += challenge_length;
2468 dissect_pct_msg_client_hello(tvbuff_t *tvb,
2469 proto_tree *tree, guint32 offset)
2471 guint16 CH_CLIENT_VERSION, CH_OFFSET, CH_CIPHER_SPECS_LENGTH, CH_HASH_SPECS_LENGTH, CH_CERT_SPECS_LENGTH, CH_EXCH_SPECS_LENGTH, CH_KEY_ARG_LENGTH;
2472 proto_item *CH_CIPHER_SPECS_ti, *CH_HASH_SPECS_ti, *CH_CERT_SPECS_ti, *CH_EXCH_SPECS_ti;
2473 proto_tree *CH_CIPHER_SPECS_tree, *CH_HASH_SPECS_tree, *CH_CERT_SPECS_tree, *CH_EXCH_SPECS_tree;
2476 CH_CLIENT_VERSION = tvb_get_ntohs(tvb, offset);
2477 if(CH_CLIENT_VERSION != PCT_VERSION_1)
2478 proto_tree_add_text(tree, tvb, offset, 2, "Client Version, should be %x in PCT version 1", PCT_VERSION_1);
2480 proto_tree_add_text(tree, tvb, offset, 2, "Client Version (%x)", PCT_VERSION_1);
2483 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2486 proto_tree_add_text(tree, tvb, offset, 32, "Client Session ID Data (32 bytes)");
2489 proto_tree_add_text(tree, tvb, offset, 32, "Challange Data(32 bytes)");
2492 CH_OFFSET = tvb_get_ntohs(tvb, offset);
2493 if(CH_OFFSET != PCT_CH_OFFSET_V1)
2494 proto_tree_add_text(tree, tvb, offset, 2, "CH_OFFSET: %d, should be %d in PCT version 1", CH_OFFSET, PCT_CH_OFFSET_V1);
2496 proto_tree_add_text(tree, tvb, offset, 2, "CH_OFFSET: %d", CH_OFFSET);
2499 CH_CIPHER_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2500 proto_tree_add_text(tree, tvb, offset, 2, "CIPHER_SPECS Length: %d", CH_CIPHER_SPECS_LENGTH);
2503 CH_HASH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2504 proto_tree_add_text(tree, tvb, offset, 2, "HASH_SPECS Length: %d", CH_HASH_SPECS_LENGTH);
2507 CH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2508 proto_tree_add_text(tree, tvb, offset, 2, "CERT_SPECS Length: %d", CH_CERT_SPECS_LENGTH);
2511 CH_EXCH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2512 proto_tree_add_text(tree, tvb, offset, 2, "EXCH_SPECS Length: %d", CH_EXCH_SPECS_LENGTH);
2515 CH_KEY_ARG_LENGTH = tvb_get_ntohs(tvb, offset);
2516 proto_tree_add_text(tree, tvb, offset, 2, "IV Length: %d", CH_KEY_ARG_LENGTH);
2519 if(CH_CIPHER_SPECS_LENGTH) {
2520 tvb_ensure_bytes_exist(tvb, offset, CH_CIPHER_SPECS_LENGTH);
2521 CH_CIPHER_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cipher_spec, tvb, offset, CH_CIPHER_SPECS_LENGTH, FALSE);
2522 CH_CIPHER_SPECS_tree = proto_item_add_subtree(CH_CIPHER_SPECS_ti, ett_pct_cipher_suites);
2524 for(i=0; i<(CH_CIPHER_SPECS_LENGTH/4); i++) {
2525 proto_tree_add_item(CH_CIPHER_SPECS_tree, hf_pct_handshake_cipher, tvb, offset, 2, FALSE);
2527 proto_tree_add_text(CH_CIPHER_SPECS_tree, tvb, offset, 1, "Encryption key length: %d", tvb_get_guint8(tvb, offset));
2529 proto_tree_add_text(CH_CIPHER_SPECS_tree, tvb, offset, 1, "MAC key length in bits: %d", tvb_get_guint8(tvb, offset) + 64);
2534 if(CH_HASH_SPECS_LENGTH) {
2535 tvb_ensure_bytes_exist(tvb, offset, CH_HASH_SPECS_LENGTH);
2536 CH_HASH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_hash_spec, tvb, offset, CH_HASH_SPECS_LENGTH, FALSE);
2537 CH_HASH_SPECS_tree = proto_item_add_subtree(CH_HASH_SPECS_ti, ett_pct_hash_suites);
2539 for(i=0; i<(CH_HASH_SPECS_LENGTH/2); i++) {
2540 proto_tree_add_item(CH_HASH_SPECS_tree, hf_pct_handshake_hash, tvb, offset, 2, FALSE);
2545 if(CH_CERT_SPECS_LENGTH) {
2546 tvb_ensure_bytes_exist(tvb, offset, CH_CERT_SPECS_LENGTH);
2547 CH_CERT_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cert_spec, tvb, offset, CH_CERT_SPECS_LENGTH, FALSE);
2548 CH_CERT_SPECS_tree = proto_item_add_subtree(CH_CERT_SPECS_ti, ett_pct_cert_suites);
2550 for(i=0; i< (CH_CERT_SPECS_LENGTH/2); i++) {
2551 proto_tree_add_item(CH_CERT_SPECS_tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
2556 if(CH_EXCH_SPECS_LENGTH) {
2557 tvb_ensure_bytes_exist(tvb, offset, CH_EXCH_SPECS_LENGTH);
2558 CH_EXCH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_exch_spec, tvb, offset, CH_EXCH_SPECS_LENGTH, FALSE);
2559 CH_EXCH_SPECS_tree = proto_item_add_subtree(CH_EXCH_SPECS_ti, ett_pct_exch_suites);
2561 for(i=0; i<(CH_EXCH_SPECS_LENGTH/2); i++) {
2562 proto_tree_add_item(CH_EXCH_SPECS_tree, hf_pct_handshake_exch, tvb, offset, 2, FALSE);
2567 if(CH_KEY_ARG_LENGTH) {
2568 tvb_ensure_bytes_exist(tvb, offset, CH_KEY_ARG_LENGTH);
2569 proto_tree_add_text(tree, tvb, offset, CH_KEY_ARG_LENGTH, "IV data (%d bytes)", CH_KEY_ARG_LENGTH);
2570 offset += CH_KEY_ARG_LENGTH;
2575 dissect_pct_msg_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo)
2578 char SH_MSG_SERVER_HELLO
2580 char SH_SERVER_VERSION_MSB
2581 char SH_SERVER_VERSION_LSB
2582 char SH_RESTART_SESSION_OK
2583 char SH_CLIENT_AUTH_REQ
2584 char SH_CIPHER_SPECS_DATA[4]
2585 char SH_HASH_SPECS_DATA[2]
2586 char SH_CERT_SPECS_DATA[2]
2587 char SH_EXCH_SPECS_DATA[2]
2588 char SH_CONNECTION_ID_DATA[32]
2589 char SH_CERTIFICATE_LENGTH_MSB
2590 char SH_CERTIFICATE_LENGTH_LSB
2591 char SH_CLIENT_CERT_SPECS_LENGTH_MSB
2592 char SH_CLIENT_CERT_SPECS_LENGTH_LSB
2593 char SH_CLIENT_SIG_SPECS_LENGTH_MSB
2594 char SH_CLIENT_SIG_SPECS_LENGTH_LSB
2595 char SH_RESPONSE_LENGTH_MSB
2596 char SH_RESPONSE_LENGTH_LSB
2597 char SH_CERTIFICATE_DATA[MSB<<8|LSB]
2598 char SH_CLIENT_CERT_SPECS_DATA[MSB<<8|LSB]
2599 char SH_CLIENT_SIG_SPECS_DATA[MSB<<8|LSB]
2600 char SH_RESPONSE_DATA[MSB<<8|LSB]
2604 guint16 SH_SERVER_VERSION, SH_CERT_LENGTH, SH_CERT_SPECS_LENGTH, SH_CLIENT_SIG_LENGTH, SH_RESPONSE_LENGTH;
2606 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2609 SH_SERVER_VERSION = tvb_get_ntohs(tvb, offset);
2610 if(SH_SERVER_VERSION != PCT_VERSION_1)
2611 proto_tree_add_text(tree, tvb, offset, 2, "Server Version, should be %x in PCT version 1", PCT_VERSION_1);
2613 proto_tree_add_text(tree, tvb, offset, 2, "Server Version (%x)", PCT_VERSION_1);
2616 proto_tree_add_text(tree, tvb, offset, 1, "SH_RESTART_SESSION_OK flag");
2619 proto_tree_add_text(tree, tvb, offset, 1, "SH_CLIENT_AUTH_REQ flag");
2622 proto_tree_add_item(tree, hf_pct_handshake_cipher, tvb, offset, 2, FALSE);
2624 proto_tree_add_text(tree, tvb, offset, 1, "Encryption key length: %d", tvb_get_guint8(tvb, offset));
2626 proto_tree_add_text(tree, tvb, offset, 1, "MAC key length in bits: %d", tvb_get_guint8(tvb, offset) + 64);
2629 proto_tree_add_item(tree, hf_pct_handshake_hash, tvb, offset, 2, FALSE);
2632 proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
2635 proto_tree_add_item(tree, hf_pct_handshake_exch, tvb, offset, 2, FALSE);
2638 proto_tree_add_text(tree, tvb, offset, 32, "Connection ID Data (32 bytes)");
2641 SH_CERT_LENGTH = tvb_get_ntohs(tvb, offset);
2642 proto_tree_add_text(tree, tvb, offset, 2, "Server Certificate Length: %d", SH_CERT_LENGTH);
2645 SH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2646 proto_tree_add_text(tree, tvb, offset, 2, "Client CERT_SPECS Length: %d", SH_CERT_SPECS_LENGTH);
2649 SH_CLIENT_SIG_LENGTH = tvb_get_ntohs(tvb, offset);
2650 proto_tree_add_text(tree, tvb, offset, 2, "Client SIG_SPECS Length: %d", SH_CLIENT_SIG_LENGTH);
2653 SH_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
2654 proto_tree_add_text(tree, tvb, offset, 2, "Response Length: %d", SH_RESPONSE_LENGTH);
2657 if(SH_CERT_LENGTH) {
2658 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_pct_handshake_server_cert);
2659 offset += SH_CERT_LENGTH;
2662 if(SH_CERT_SPECS_LENGTH) {
2663 tvb_ensure_bytes_exist(tvb, offset, SH_CERT_SPECS_LENGTH);
2664 proto_tree_add_text(tree, tvb, offset, SH_CERT_SPECS_LENGTH, "Client CERT_SPECS (%d bytes)", SH_CERT_SPECS_LENGTH);
2665 offset += SH_CERT_SPECS_LENGTH;
2668 if(SH_CLIENT_SIG_LENGTH) {
2669 tvb_ensure_bytes_exist(tvb, offset, SH_CLIENT_SIG_LENGTH);
2670 proto_tree_add_text(tree, tvb, offset, SH_CLIENT_SIG_LENGTH, "Client Signature (%d bytes)", SH_CLIENT_SIG_LENGTH);
2671 offset += SH_CLIENT_SIG_LENGTH;
2674 if(SH_RESPONSE_LENGTH) {
2675 tvb_ensure_bytes_exist(tvb, offset, SH_RESPONSE_LENGTH);
2676 proto_tree_add_text(tree, tvb, offset, SH_RESPONSE_LENGTH, "Server Response (%d bytes)", SH_RESPONSE_LENGTH);
2677 offset += SH_RESPONSE_LENGTH;
2683 dissect_pct_msg_client_master_key(tvbuff_t *tvb, proto_tree *tree, guint32 offset)
2685 guint16 CMK_CLEAR_KEY_LENGTH, CMK_ENCRYPTED_KEY_LENGTH, CMK_KEY_ARG_LENGTH, CMK_VERIFY_PRELUDE, CMK_CLIENT_CERT_LENGTH, CMK_RESPONSE_LENGTH;
2687 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2690 proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
2693 proto_tree_add_item(tree, hf_pct_handshake_sig, tvb, offset, 2, FALSE);
2696 CMK_CLEAR_KEY_LENGTH = tvb_get_ntohs(tvb, offset);
2697 proto_tree_add_text(tree, tvb, offset, 2, "Clear Key Length: %d",CMK_CLEAR_KEY_LENGTH);
2700 CMK_ENCRYPTED_KEY_LENGTH = tvb_get_ntohs(tvb, offset);
2701 proto_tree_add_text(tree, tvb, offset, 2, "Encrypted Key Length: %d",CMK_ENCRYPTED_KEY_LENGTH);
2704 CMK_KEY_ARG_LENGTH= tvb_get_ntohs(tvb, offset);
2705 proto_tree_add_text(tree, tvb, offset, 2, "IV Length: %d",CMK_KEY_ARG_LENGTH);
2708 CMK_VERIFY_PRELUDE = tvb_get_ntohs(tvb, offset);
2709 proto_tree_add_text(tree, tvb, offset, 2, "Verify Prelude Length: %d",CMK_VERIFY_PRELUDE);
2712 CMK_CLIENT_CERT_LENGTH = tvb_get_ntohs(tvb, offset);
2713 proto_tree_add_text(tree, tvb, offset, 2, "Client Cert Length: %d",CMK_CLIENT_CERT_LENGTH);
2716 CMK_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
2717 proto_tree_add_text(tree, tvb, offset, 2, "Response Length: %d",CMK_RESPONSE_LENGTH);
2720 if(CMK_CLEAR_KEY_LENGTH) {
2721 tvb_ensure_bytes_exist(tvb, offset, CMK_CLEAR_KEY_LENGTH);
2722 proto_tree_add_text(tree, tvb, offset, CMK_CLEAR_KEY_LENGTH, "Clear Key data (%d bytes)", CMK_CLEAR_KEY_LENGTH);
2723 offset += CMK_CLEAR_KEY_LENGTH;
2725 if(CMK_ENCRYPTED_KEY_LENGTH) {
2726 tvb_ensure_bytes_exist(tvb, offset, CMK_ENCRYPTED_KEY_LENGTH);
2727 proto_tree_add_text(tree, tvb, offset, CMK_ENCRYPTED_KEY_LENGTH, "Encrypted Key data (%d bytes)", CMK_ENCRYPTED_KEY_LENGTH);
2728 offset += CMK_ENCRYPTED_KEY_LENGTH;
2730 if(CMK_KEY_ARG_LENGTH) {
2731 tvb_ensure_bytes_exist(tvb, offset, CMK_KEY_ARG_LENGTH);
2732 proto_tree_add_text(tree, tvb, offset, CMK_KEY_ARG_LENGTH, "IV data (%d bytes)", CMK_KEY_ARG_LENGTH);
2733 offset += CMK_KEY_ARG_LENGTH;
2735 if(CMK_VERIFY_PRELUDE) {
2736 tvb_ensure_bytes_exist(tvb, offset, CMK_VERIFY_PRELUDE);
2737 proto_tree_add_text(tree, tvb, offset, CMK_VERIFY_PRELUDE, "Verify Prelude data (%d bytes)", CMK_VERIFY_PRELUDE);
2738 offset += CMK_VERIFY_PRELUDE;
2740 if(CMK_CLIENT_CERT_LENGTH) {
2741 tvb_ensure_bytes_exist(tvb, offset, CMK_CLIENT_CERT_LENGTH);
2742 proto_tree_add_text(tree, tvb, offset, CMK_CLIENT_CERT_LENGTH, "Client Certificate data (%d bytes)", CMK_CLIENT_CERT_LENGTH);
2743 offset += CMK_CLIENT_CERT_LENGTH;
2745 if(CMK_RESPONSE_LENGTH) {
2746 tvb_ensure_bytes_exist(tvb, offset, CMK_RESPONSE_LENGTH);
2747 proto_tree_add_text(tree, tvb, offset, CMK_RESPONSE_LENGTH, "Response data (%d bytes)", CMK_RESPONSE_LENGTH);
2748 offset += CMK_RESPONSE_LENGTH;
2753 dissect_pct_msg_server_verify(tvbuff_t *tvb,
2754 proto_tree *tree, guint32 offset)
2756 guint16 SV_RESPONSE_LENGTH;
2758 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2761 proto_tree_add_text(tree, tvb, offset, 32, "Server Session ID data (32 bytes)");
2764 SV_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
2765 proto_tree_add_text(tree, tvb, offset, 2, "Server Response Length: %d", SV_RESPONSE_LENGTH);
2768 if(SV_RESPONSE_LENGTH) {
2769 tvb_ensure_bytes_exist(tvb, offset, SV_RESPONSE_LENGTH);
2770 proto_tree_add_text(tree, tvb, offset, SV_RESPONSE_LENGTH, "Server Response (%d bytes)", SV_RESPONSE_LENGTH);
2771 offset += SV_RESPONSE_LENGTH;
2776 dissect_pct_msg_error(tvbuff_t *tvb,
2777 proto_tree *tree, guint32 offset)
2779 guint16 ERROR_CODE, INFO_LEN;
2781 ERROR_CODE = tvb_get_ntohs(tvb, offset);
2782 proto_tree_add_item(tree, hf_pct_msg_error_type, tvb, offset, 2, FALSE);
2785 INFO_LEN = tvb_get_ntohs(tvb, offset);
2786 proto_tree_add_text(tree, tvb, offset, 2, "Eror Information Length: %d", INFO_LEN);
2788 if (ERROR_CODE == PCT_ERR_SPECS_MISMATCH && INFO_LEN == 6)
2790 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CIPHER");
2792 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_HASH");
2794 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CERT");
2796 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_EXCH");
2798 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CLIENT_CERT");
2800 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CLIENT_SIG");
2804 proto_tree_add_text(tree, tvb, offset, INFO_LEN, "Error Information dta (%d bytes)", INFO_LEN);
2810 dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
2811 proto_tree *tree, guint32 offset)
2815 * V2Cipherspec cipher;
2816 * uint16 clear_key_length;
2817 * uint16 encrypted_key_length;
2818 * uint16 key_arg_length;
2819 * opaque clear_key_data[V2ClientMasterKey.clear_key_length];
2820 * opaque encrypted_key_data[V2ClientMasterKey.encrypted_key_length];
2821 * opaque key_arg_data[V2ClientMasterKey.key_arg_length];
2822 * } V2ClientMasterKey;
2824 * Note: when we get here, offset's already pointing at cipher
2826 guint16 clear_key_length;
2827 guint16 encrypted_key_length;
2828 guint16 key_arg_length;
2830 /* at this point, everything we do involves the tree,
2831 * so quit now if we don't have one ;-)
2838 /* show the selected cipher */
2839 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec,
2840 tvb, offset, 3, FALSE);
2843 /* get the fixed fields */
2844 clear_key_length = tvb_get_ntohs(tvb, offset);
2845 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key_len,
2846 tvb, offset, 2, FALSE);
2849 encrypted_key_length = tvb_get_ntohs(tvb, offset);
2850 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key_len,
2851 tvb, offset, 2, FALSE);
2854 key_arg_length = tvb_get_ntohs(tvb, offset);
2855 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg_len,
2856 tvb, offset, 2, FALSE);
2859 /* show the variable length fields */
2860 if (clear_key_length > 0)
2862 tvb_ensure_bytes_exist(tvb, offset, clear_key_length);
2863 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key,
2864 tvb, offset, clear_key_length, FALSE);
2865 offset += clear_key_length;
2868 if (encrypted_key_length > 0)
2870 tvb_ensure_bytes_exist(tvb, offset, encrypted_key_length);
2871 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key,
2872 tvb, offset, encrypted_key_length, FALSE);
2873 offset += encrypted_key_length;
2876 if (key_arg_length > 0)
2878 tvb_ensure_bytes_exist(tvb, offset, key_arg_length);
2879 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg,
2880 tvb, offset, key_arg_length, FALSE);
2881 offset += key_arg_length;
2887 dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
2888 proto_tree *tree, guint32 offset, packet_info *pinfo)
2892 * uint8 session_id_hit;
2893 * uint8 certificate_type;
2894 * uint16 server_version;
2895 * uint16 certificate_length;
2896 * uint16 cipher_specs_length;
2897 * uint16 connection_id_length;
2898 * opaque certificate_data[V2ServerHello.certificate_length];
2899 * opaque cipher_specs_data[V2ServerHello.cipher_specs_length];
2900 * opaque connection_id_data[V2ServerHello.connection_id_length];
2903 * Note: when we get here, offset's already pointing at session_id_hit
2905 guint16 certificate_length;
2906 guint16 cipher_spec_length;
2907 guint16 connection_id_length;
2910 proto_tree *subtree;
2912 /* everything we do only makes sense with a tree, so
2913 * quit now if we don't have one
2920 version = tvb_get_ntohs(tvb, offset + 2);
2921 if (!ssl_is_valid_ssl_version(version))
2923 /* invalid version; probably encrypted data */
2928 /* is there a hit? */
2929 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_hit,
2930 tvb, offset, 1, FALSE);
2933 /* what type of certificate is this? */
2934 proto_tree_add_item(tree, hf_ssl2_handshake_cert_type,
2935 tvb, offset, 1, FALSE);
2938 /* now the server version */
2939 proto_tree_add_item(tree, hf_ssl_handshake_server_version,
2940 tvb, offset, 2, FALSE);
2943 /* get the fixed fields */
2944 certificate_length = tvb_get_ntohs(tvb, offset);
2945 proto_tree_add_uint(tree, hf_ssl_handshake_certificate_len,
2946 tvb, offset, 2, certificate_length);
2949 cipher_spec_length = tvb_get_ntohs(tvb, offset);
2950 proto_tree_add_uint(tree, hf_ssl2_handshake_cipher_spec_len,
2951 tvb, offset, 2, cipher_spec_length);
2954 connection_id_length = tvb_get_ntohs(tvb, offset);
2955 proto_tree_add_uint(tree, hf_ssl2_handshake_connection_id_len,
2956 tvb, offset, 2, connection_id_length);
2959 /* now the variable length fields */
2960 if (certificate_length > 0)
2962 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_ssl_handshake_certificate);
2963 offset += certificate_length;
2966 if (cipher_spec_length > 0)
2968 /* provide a collapsing node for the cipher specs */
2969 tvb_ensure_bytes_exist(tvb, offset, cipher_spec_length);
2970 ti = proto_tree_add_none_format(tree,
2971 hf_ssl_handshake_cipher_suites,
2972 tvb, offset, cipher_spec_length,
2973 "Cipher Specs (%u spec%s)",
2974 cipher_spec_length/3,
2975 plurality(cipher_spec_length/3, "", "s"));
2976 subtree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2982 /* iterate through the cipher specs */
2983 while (cipher_spec_length > 0)
2985 proto_tree_add_item(subtree, hf_ssl2_handshake_cipher_spec,
2986 tvb, offset, 3, FALSE);
2988 cipher_spec_length -= 3;
2992 if (connection_id_length > 0)
2994 tvb_ensure_bytes_exist(tvb, offset, connection_id_length);
2995 proto_tree_add_item(tree, hf_ssl2_handshake_connection_id,
2996 tvb, offset, connection_id_length, FALSE);
2997 offset += connection_id_length;
3005 /*********************************************************************
3009 *********************************************************************/
3012 ssl_set_conv_version(packet_info *pinfo, guint version)
3014 conversation_t *conversation;
3016 if (pinfo->fd->flags.visited)
3018 /* We've already processed this frame; no need to do any more
3024 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
3025 pinfo->srcport, pinfo->destport, 0);
3027 if (conversation == NULL)
3029 /* create a new conversation */
3030 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
3031 pinfo->srcport, pinfo->destport, 0);
3034 if (conversation_get_proto_data(conversation, proto_ssl) != NULL)
3036 /* get rid of the current data */
3037 conversation_delete_proto_data(conversation, proto_ssl);
3039 conversation_add_proto_data(conversation, proto_ssl, GINT_TO_POINTER(version));
3044 ssl_is_valid_handshake_type(guint8 type)
3048 case SSL_HND_HELLO_REQUEST:
3049 case SSL_HND_CLIENT_HELLO:
3050 case SSL_HND_SERVER_HELLO:
3051 case SSL_HND_CERTIFICATE:
3052 case SSL_HND_SERVER_KEY_EXCHG:
3053 case SSL_HND_CERT_REQUEST:
3054 case SSL_HND_SVR_HELLO_DONE:
3055 case SSL_HND_CERT_VERIFY:
3056 case SSL_HND_CLIENT_KEY_EXCHG:
3057 case SSL_HND_FINISHED:
3064 ssl_is_valid_ssl_version(guint16 version)
3066 const gchar *version_str;
3067 version_str = match_strval(version, ssl_versions);
3068 return version_str != NULL;
3072 ssl_is_authoritative_version_message(guint8 content_type,
3075 if (content_type == SSL_ID_HANDSHAKE
3076 && ssl_is_valid_handshake_type(next_byte))
3078 return (next_byte != SSL_HND_CLIENT_HELLO);
3080 else if (ssl_is_valid_content_type(content_type)
3081 && content_type != SSL_ID_HANDSHAKE)
3089 ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset)
3093 byte = tvb_get_guint8(tvb, offset);
3094 if (byte != 0x80) /* v2 client hello should start this way */
3099 byte = tvb_get_guint8(tvb, offset+2);
3100 if (byte != 0x01) /* v2 client hello msg type */
3105 /* 1 in 2^16 of being right; improve later if necessary */
3109 /* this applies a heuristic to determine whether
3110 * or not the data beginning at offset looks like a
3111 * valid sslv2 record. this isn't really possible,
3112 * but we'll try to do a reasonable job anyway.
3115 ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset)
3117 /* here's the current approach:
3119 * we only try to catch unencrypted handshake messages, so we can
3120 * assume that there is not padding. This means that the
3121 * first byte must be >= 0x80 and there must be a valid sslv2
3122 * msg_type in the third byte
3125 /* get the first byte; must have high bit set */
3127 byte = tvb_get_guint8(tvb, offset);
3134 /* get the supposed msg_type byte; since we only care about
3135 * unencrypted handshake messages (we can't tell the type for
3136 * encrypted messages), we just check against that list
3138 byte = tvb_get_guint8(tvb, offset + 2);
3140 case SSL2_HND_ERROR:
3141 case SSL2_HND_CLIENT_HELLO:
3142 case SSL2_HND_CLIENT_MASTER_KEY:
3143 case SSL2_HND_SERVER_HELLO:
3144 case PCT_MSG_CLIENT_MASTER_KEY:
3151 /* this applies a heuristic to determine whether
3152 * or not the data beginning at offset looks like a
3153 * valid sslv3 record. this is somewhat more reliable
3154 * than sslv2 due to the structure of the v3 protocol
3157 ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset)
3159 /* have to have a valid content type followed by a valid
3165 /* see if the first byte is a valid content type */
3166 byte = tvb_get_guint8(tvb, offset);
3167 if (!ssl_is_valid_content_type(byte))
3172 /* now check to see if the version byte appears valid */
3173 version = tvb_get_ntohs(tvb, offset + 1);
3174 if (version != SSLV3_VERSION && version != TLSV1_VERSION && version != TLSV1DOT1_VERSION)
3182 /* applies a heuristic to determine whether
3183 * or not the data beginning at offset looks
3184 * like a valid, unencrypted v2 handshake message.
3185 * since it isn't possible to completely tell random
3186 * data apart from a valid message without state,
3187 * we try to help the odds.
3190 ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, guint32 offset,
3191 guint32 record_length)
3193 /* first byte should be a msg_type.
3195 * - we know we only see client_hello, client_master_key,
3196 * and server_hello in the clear, so check to see if
3197 * msg_type is one of those (this gives us a 3 in 2^8
3198 * chance of saying yes with random payload)
3200 * - for those three types that we know about, do some
3201 * further validation to reduce the chance of an error
3207 /* fetch the msg_type */
3208 msg_type = tvb_get_guint8(tvb, offset);
3211 case SSL2_HND_CLIENT_HELLO:
3212 /* version follows msg byte, so verify that this is valid */
3213 version = tvb_get_ntohs(tvb, offset+1);
3214 return ssl_is_valid_ssl_version(version);
3217 case SSL2_HND_SERVER_HELLO:
3218 /* version is three bytes after msg_type */
3219 version = tvb_get_ntohs(tvb, offset+3);
3220 return ssl_is_valid_ssl_version(version);
3223 case SSL2_HND_CLIENT_MASTER_KEY:
3224 /* sum of clear_key_length, encrypted_key_length, and key_arg_length
3225 * must be less than record length
3227 sum = tvb_get_ntohs(tvb, offset + 4); /* clear_key_length */
3228 sum += tvb_get_ntohs(tvb, offset + 6); /* encrypted_key_length */
3229 sum += tvb_get_ntohs(tvb, offset + 8); /* key_arg_length */
3230 if (sum > record_length)
3243 /* applies a heuristic to determine whether
3244 * or not the data beginning at offset looks
3245 * like a valid, unencrypted v2 handshake message.
3246 * since it isn't possible to completely tell random
3247 * data apart from a valid message without state,
3248 * we try to help the odds.
3251 ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, guint32 offset,
3252 guint32 record_length)
3254 /* first byte should be a msg_type.
3256 * - we know we only see client_hello, client_master_key,
3257 * and server_hello in the clear, so check to see if
3258 * msg_type is one of those (this gives us a 3 in 2^8
3259 * chance of saying yes with random payload)
3261 * - for those three types that we know about, do some
3262 * further validation to reduce the chance of an error
3268 /* fetch the msg_type */
3269 msg_type = tvb_get_guint8(tvb, offset);
3272 case PCT_MSG_CLIENT_HELLO:
3273 /* version follows msg byte, so verify that this is valid */
3274 version = tvb_get_ntohs(tvb, offset+1);
3275 return version == PCT_VERSION_1;
3278 case PCT_MSG_SERVER_HELLO:
3279 /* version is one byte after msg_type */
3280 version = tvb_get_ntohs(tvb, offset+2);
3281 return version == PCT_VERSION_1;
3284 case PCT_MSG_CLIENT_MASTER_KEY:
3285 /* sum of various length fields must be less than record length */
3286 sum = tvb_get_ntohs(tvb, offset + 6); /* clear_key_length */
3287 sum += tvb_get_ntohs(tvb, offset + 8); /* encrypted_key_length */
3288 sum += tvb_get_ntohs(tvb, offset + 10); /* key_arg_length */
3289 sum += tvb_get_ntohs(tvb, offset + 12); /* verify_prelude_length */
3290 sum += tvb_get_ntohs(tvb, offset + 14); /* client_cert_length */
3291 sum += tvb_get_ntohs(tvb, offset + 16); /* response_length */
3292 if (sum > record_length)
3299 case PCT_MSG_SERVER_VERIFY:
3300 /* record is 36 bytes longer than response_length */
3301 sum = tvb_get_ntohs(tvb, offset + 34); /* response_length */
3302 if ((sum + 36) == record_length)
3315 /*********************************************************************
3317 * Standard Ethereal Protocol Registration and housekeeping
3319 *********************************************************************/
3321 proto_register_ssl(void)
3324 /* Setup list of header fields See Section 1.6.1 for details*/
3325 static hf_register_info hf[] = {
3327 { "Record Layer", "ssl.record",
3328 FT_NONE, BASE_NONE, NULL, 0x0,
3329 "Record layer", HFILL }
3331 { &hf_ssl_record_content_type,
3332 { "Content Type", "ssl.record.content_type",
3333 FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
3334 "Content type", HFILL}
3336 { &hf_ssl2_msg_type,
3337 { "Handshake Message Type", "ssl.handshake.type",
3338 FT_UINT8, BASE_DEC, VALS(ssl_20_msg_types), 0x0,
3339 "SSLv2 handshake message type", HFILL}
3342 { "Handshake Message Type", "ssl.pct_handshake.type",
3343 FT_UINT8, BASE_DEC, VALS(pct_msg_types), 0x0,
3344 "PCT handshake message type", HFILL}
3346 { &hf_ssl_record_version,
3347 { "Version", "ssl.record.version",
3348 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3349 "Record layer version.", HFILL }
3351 { &hf_ssl_record_length,
3352 { "Length", "ssl.record.length",
3353 FT_UINT16, BASE_DEC, NULL, 0x0,
3354 "Length of SSL record data", HFILL }
3356 { &hf_ssl_record_appdata,
3357 { "Encrypted Application Data", "ssl.app_data",
3358 FT_BYTES, BASE_HEX, NULL, 0x0,
3359 "Payload is encrypted application data", HFILL }
3363 { "SSLv2/PCT Record Header", "ssl.record",
3364 FT_NONE, BASE_DEC, NULL, 0x0,
3365 "SSLv2/PCT record data", HFILL }
3367 { &hf_ssl2_record_is_escape,
3368 { "Is Escape", "ssl.record.is_escape",
3369 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3370 "Indicates a security escape", HFILL}
3372 { &hf_ssl2_record_padding_length,
3373 { "Padding Length", "ssl.record.padding_length",
3374 FT_UINT8, BASE_DEC, NULL, 0x0,
3375 "Length of padding at end of record", HFILL }
3377 { &hf_ssl_change_cipher_spec,
3378 { "Change Cipher Spec Message", "ssl.change_cipher_spec",
3379 FT_NONE, BASE_NONE, NULL, 0x0,
3380 "Signals a change in cipher specifications", HFILL }
3382 { & hf_ssl_alert_message,
3383 { "Alert Message", "ssl.alert_message",
3384 FT_NONE, BASE_NONE, NULL, 0x0,
3385 "Alert message", HFILL }
3387 { & hf_ssl_alert_message_level,
3388 { "Level", "ssl.alert_message.level",
3389 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
3390 "Alert message level", HFILL }
3392 { &hf_ssl_alert_message_description,
3393 { "Description", "ssl.alert_message.desc",
3394 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
3395 "Alert message description", HFILL }
3397 { &hf_ssl_handshake_protocol,
3398 { "Handshake Protocol", "ssl.handshake",
3399 FT_NONE, BASE_NONE, NULL, 0x0,
3400 "Handshake protocol message", HFILL}
3402 { &hf_ssl_handshake_type,
3403 { "Handshake Type", "ssl.handshake.type",
3404 FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
3405 "Type of handshake message", HFILL}
3407 { &hf_ssl_handshake_length,
3408 { "Length", "ssl.handshake.length",
3409 FT_UINT24, BASE_DEC, NULL, 0x0,
3410 "Length of handshake message", HFILL }
3412 { &hf_ssl_handshake_client_version,
3413 { "Version", "ssl.handshake.version",
3414 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3415 "Maximum version supported by client", HFILL }
3417 { &hf_ssl_handshake_server_version,
3418 { "Version", "ssl.handshake.version",
3419 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3420 "Version selected by server", HFILL }
3422 { &hf_ssl_handshake_random_time,
3423 { "gmt_unix_time", "ssl.handshake.random_time",
3424 FT_ABSOLUTE_TIME, 0, NULL, 0x0,
3425 "Unix time field of random structure", HFILL }
3427 { &hf_ssl_handshake_random_bytes,
3428 { "random_bytes", "ssl.handshake.random_bytes",
3429 FT_BYTES, 0, NULL, 0x0,
3430 "Random challenge used to authenticate server", HFILL }
3432 { &hf_ssl_handshake_cipher_suites_len,
3433 { "Cipher Suites Length", "ssl.handshake.cipher_suites_length",
3434 FT_UINT16, BASE_DEC, NULL, 0x0,
3435 "Length of cipher suites field", HFILL }
3437 { &hf_ssl_handshake_cipher_suites,
3438 { "Cipher Suites", "ssl.handshake.ciphersuites",
3439 FT_NONE, BASE_NONE, NULL, 0x0,
3440 "List of cipher suites supported by client", HFILL }
3442 { &hf_ssl_handshake_cipher_suite,
3443 { "Cipher Suite", "ssl.handshake.ciphersuite",
3444 FT_UINT16, BASE_HEX, VALS(ssl_31_ciphersuite), 0x0,
3445 "Cipher suite", HFILL }
3447 { &hf_ssl2_handshake_cipher_spec,
3448 { "Cipher Spec", "ssl.handshake.cipherspec",
3449 FT_UINT24, BASE_HEX, VALS(ssl_20_cipher_suites), 0x0,
3450 "Cipher specification", HFILL }
3452 { &hf_ssl_handshake_session_id,
3453 { "Session ID", "ssl.handshake.session_id",
3454 FT_BYTES, BASE_NONE, NULL, 0x0,
3455 "Identifies the SSL session, allowing later resumption", HFILL }
3457 { &hf_ssl_handshake_comp_methods_len,
3458 { "Compression Methods Length", "ssl.handshake.comp_methods_length",
3459 FT_UINT8, BASE_DEC, NULL, 0x0,
3460 "Length of compression methods field", HFILL }
3462 { &hf_ssl_handshake_comp_methods,
3463 { "Compression Methods", "ssl.handshake.comp_methods",
3464 FT_NONE, BASE_NONE, NULL, 0x0,
3465 "List of compression methods supported by client", HFILL }
3467 { &hf_ssl_handshake_comp_method,
3468 { "Compression Method", "ssl.handshake.comp_method",
3469 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
3470 "Compression Method", HFILL }
3472 { &hf_ssl_handshake_extensions_len,
3473 { "Extensions Length", "ssl.handshake.extensions_length",
3474 FT_UINT16, BASE_DEC, NULL, 0x0,
3475 "Length of hello extensions", HFILL }
3477 { &hf_ssl_handshake_extension_type,
3478 { "Type", "ssl.handshake.extension.type",
3479 FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0,
3480 "Hello extension type", HFILL }
3482 { &hf_ssl_handshake_extension_len,
3483 { "Length", "ssl.handshake.extension.len",
3484 FT_UINT16, BASE_DEC, NULL, 0x0,
3485 "Length of a hello extension", HFILL }
3487 { &hf_ssl_handshake_extension_data,
3488 { "Data", "ssl.handshake.extension.data",
3489 FT_BYTES, BASE_NONE, NULL, 0x0,
3490 "Hello Extension data", HFILL }
3492 { &hf_ssl_handshake_certificates_len,
3493 { "Certificates Length", "ssl.handshake.certificates_length",
3494 FT_UINT24, BASE_DEC, NULL, 0x0,
3495 "Length of certificates field", HFILL }
3497 { &hf_ssl_handshake_certificates,
3498 { "Certificates", "ssl.handshake.certificates",
3499 FT_NONE, BASE_NONE, NULL, 0x0,
3500 "List of certificates", HFILL }
3502 { &hf_ssl_handshake_certificate,
3503 { "Certificate", "ssl.handshake.certificate",
3504 FT_BYTES, BASE_NONE, NULL, 0x0,
3505 "Certificate", HFILL }
3507 { &hf_ssl_handshake_certificate_len,
3508 { "Certificate Length", "ssl.handshake.certificate_length",
3509 FT_UINT24, BASE_DEC, NULL, 0x0,
3510 "Length of certificate", HFILL }
3512 { &hf_ssl_handshake_cert_types_count,
3513 { "Certificate types count", "ssl.handshake.cert_types_count",
3514 FT_UINT8, BASE_DEC, NULL, 0x0,
3515 "Count of certificate types", HFILL }
3517 { &hf_ssl_handshake_cert_types,
3518 { "Certificate types", "ssl.handshake.cert_types",
3519 FT_NONE, BASE_NONE, NULL, 0x0,
3520 "List of certificate types", HFILL }
3522 { &hf_ssl_handshake_cert_type,
3523 { "Certificate type", "ssl.handshake.cert_type",
3524 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
3525 "Certificate type", HFILL }
3527 { &hf_ssl_handshake_finished,
3528 { "Verify Data", "ssl.handshake.verify_data",
3529 FT_NONE, BASE_NONE, NULL, 0x0,
3530 "Opaque verification data", HFILL }
3532 { &hf_ssl_handshake_md5_hash,
3533 { "MD5 Hash", "ssl.handshake.md5_hash",
3534 FT_NONE, BASE_NONE, NULL, 0x0,
3535 "Hash of messages, master_secret, etc.", HFILL }
3537 { &hf_ssl_handshake_sha_hash,
3538 { "SHA-1 Hash", "ssl.handshake.sha_hash",
3539 FT_NONE, BASE_NONE, NULL, 0x0,
3540 "Hash of messages, master_secret, etc.", HFILL }
3542 { &hf_ssl_handshake_session_id_len,
3543 { "Session ID Length", "ssl.handshake.session_id_length",
3544 FT_UINT8, BASE_DEC, NULL, 0x0,
3545 "Length of session ID field", HFILL }
3547 { &hf_ssl_handshake_dnames_len,
3548 { "Distinguished Names Length", "ssl.handshake.dnames_len",
3549 FT_UINT16, BASE_DEC, NULL, 0x0,
3550 "Length of list of CAs that server trusts", HFILL }
3552 { &hf_ssl_handshake_dnames,
3553 { "Distinguished Names", "ssl.handshake.dnames",
3554 FT_NONE, BASE_NONE, NULL, 0x0,
3555 "List of CAs that server trusts", HFILL }
3557 { &hf_ssl_handshake_dname_len,
3558 { "Distinguished Name Length", "ssl.handshake.dname_len",
3559 FT_UINT16, BASE_DEC, NULL, 0x0,
3560 "Length of distinguished name", HFILL }
3562 { &hf_ssl_handshake_dname,
3563 { "Distinguished Name", "ssl.handshake.dname",
3564 FT_BYTES, BASE_NONE, NULL, 0x0,
3565 "Distinguished name of a CA that server trusts", HFILL }
3567 { &hf_ssl2_handshake_challenge,
3568 { "Challenge", "ssl.handshake.challenge",
3569 FT_NONE, BASE_NONE, NULL, 0x0,
3570 "Challenge data used to authenticate server", HFILL }
3572 { &hf_ssl2_handshake_cipher_spec_len,
3573 { "Cipher Spec Length", "ssl.handshake.cipher_spec_len",
3574 FT_UINT16, BASE_DEC, NULL, 0x0,
3575 "Length of cipher specs field", HFILL }
3577 { &hf_ssl2_handshake_session_id_len,
3578 { "Session ID Length", "ssl.handshake.session_id_length",
3579 FT_UINT16, BASE_DEC, NULL, 0x0,
3580 "Length of session ID field", HFILL }
3582 { &hf_ssl2_handshake_challenge_len,
3583 { "Challenge Length", "ssl.handshake.challenge_length",
3584 FT_UINT16, BASE_DEC, NULL, 0x0,
3585 "Length of challenge field", HFILL }
3587 { &hf_ssl2_handshake_clear_key_len,
3588 { "Clear Key Data Length", "ssl.handshake.clear_key_length",
3589 FT_UINT16, BASE_DEC, NULL, 0x0,
3590 "Length of clear key data", HFILL }
3592 { &hf_ssl2_handshake_enc_key_len,
3593 { "Encrypted Key Data Length", "ssl.handshake.encrypted_key_length",
3594 FT_UINT16, BASE_DEC, NULL, 0x0,
3595 "Length of encrypted key data", HFILL }
3597 { &hf_ssl2_handshake_key_arg_len,
3598 { "Key Argument Length", "ssl.handshake.key_arg_length",
3599 FT_UINT16, BASE_DEC, NULL, 0x0,
3600 "Length of key argument", HFILL }
3602 { &hf_ssl2_handshake_clear_key,
3603 { "Clear Key Data", "ssl.handshake.clear_key_data",
3604 FT_NONE, BASE_NONE, NULL, 0x0,
3605 "Clear portion of MASTER-KEY", HFILL }
3607 { &hf_ssl2_handshake_enc_key,
3608 { "Encrypted Key", "ssl.handshake.encrypted_key",
3609 FT_NONE, BASE_NONE, NULL, 0x0,
3610 "Secret portion of MASTER-KEY encrypted to server", HFILL }
3612 { &hf_ssl2_handshake_key_arg,
3613 { "Key Argument", "ssl.handshake.key_arg",
3614 FT_NONE, BASE_NONE, NULL, 0x0,
3615 "Key Argument (e.g., Initialization Vector)", HFILL }
3617 { &hf_ssl2_handshake_session_id_hit,
3618 { "Session ID Hit", "ssl.handshake.session_id_hit",
3619 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3620 "Did the server find the client's Session ID?", HFILL }
3622 { &hf_ssl2_handshake_cert_type,
3623 { "Certificate Type", "ssl.handshake.cert_type",
3624 FT_UINT8, BASE_DEC, VALS(ssl_20_certificate_type), 0x0,
3625 "Certificate Type", HFILL }
3627 { &hf_ssl2_handshake_connection_id_len,
3628 { "Connection ID Length", "ssl.handshake.connection_id_length",
3629 FT_UINT16, BASE_DEC, NULL, 0x0,
3630 "Length of connection ID", HFILL }
3632 { &hf_ssl2_handshake_connection_id,
3633 { "Connection ID", "ssl.handshake.connection_id",
3634 FT_NONE, BASE_NONE, NULL, 0x0,
3635 "Server's challenge to client", HFILL }
3637 { &hf_pct_handshake_cipher_spec,
3638 { "Cipher Spec", "pct.handshake.cipherspec",
3639 FT_NONE, BASE_NONE, NULL, 0x0,
3640 "PCT Cipher specification", HFILL }
3642 { &hf_pct_handshake_cipher,
3643 { "Cipher", "pct.handshake.cipher",
3644 FT_UINT16, BASE_HEX, VALS(pct_cipher_type), 0x0,
3645 "PCT Ciper", HFILL }
3647 { &hf_pct_handshake_hash_spec,
3648 { "Hash Spec", "pct.handshake.hashspec",
3649 FT_NONE, BASE_NONE, NULL, 0x0,
3650 "PCT Hash specification", HFILL }
3652 { &hf_pct_handshake_hash,
3653 { "Hash", "pct.handshake.hash",
3654 FT_UINT16, BASE_HEX, VALS(pct_hash_type), 0x0,
3657 { &hf_pct_handshake_cert_spec,
3658 { "Cert Spec", "pct.handshake.certspec",
3659 FT_NONE, BASE_NONE, NULL, 0x0,
3660 "PCT Certificate specification", HFILL }
3662 { &hf_pct_handshake_cert,
3663 { "Cert", "pct.handshake.cert",
3664 FT_UINT16, BASE_HEX, VALS(pct_cert_type), 0x0,
3665 "PCT Certificate", HFILL }
3667 { &hf_pct_handshake_exch_spec,
3668 { "Exchange Spec", "pct.handshake.exchspec",
3669 FT_NONE, BASE_NONE, NULL, 0x0,
3670 "PCT Exchange specification", HFILL }
3672 { &hf_pct_handshake_exch,
3673 { "Exchange", "pct.handshake.exch",
3674 FT_UINT16, BASE_HEX, VALS(pct_exch_type), 0x0,
3675 "PCT Exchange", HFILL }
3677 { &hf_pct_handshake_sig,
3678 { "Sig Spec", "pct.handshake.sig",
3679 FT_UINT16, BASE_HEX, VALS(pct_sig_type), 0x0,
3680 "PCT Signature", HFILL }
3682 { &hf_pct_msg_error_type,
3683 { "PCT Error Code", "pct.msg_error_code",
3684 FT_UINT16, BASE_HEX, VALS(pct_error_code), 0x0,
3685 "PCT Error Code", HFILL }
3687 { &hf_pct_handshake_server_cert,
3688 { "Server Cert", "pct.handshake.server_cert",
3689 FT_NONE, BASE_NONE, NULL , 0x0,
3690 "PCT Server Certificate", HFILL }
3694 /* Setup protocol subtree array */
3695 static gint *ett[] = {
3700 &ett_ssl_cipher_suites,
3701 &ett_ssl_comp_methods,
3704 &ett_ssl_cert_types,
3707 &ett_pct_cipher_suites,
3708 &ett_pct_hash_suites,
3709 &ett_pct_cert_suites,
3710 &ett_pct_exch_suites,
3713 /* Register the protocol name and description */
3714 proto_ssl = proto_register_protocol("Secure Socket Layer",
3717 /* Required function calls to register the header fields and
3719 proto_register_field_array(proto_ssl, hf, array_length(hf));
3720 proto_register_subtree_array(ett, array_length(ett));
3723 module_t *ssl_module = prefs_register_protocol(proto_ssl, proto_reg_handoff_ssl);
3724 prefs_register_bool_preference(ssl_module,
3725 "desegment_ssl_records",
3726 "Reassemble SSL records spanning multiple TCP segments",
3727 "Whether the SSL dissector should reassemble SSL records spanning multiple TCP segments. "
3728 "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
3730 prefs_register_bool_preference(ssl_module,
3731 "desegment_ssl_application_data",
3732 "Reassemble SSL Application Data spanning multiple SSL records",
3733 "Whether the SSL dissector should reassemble SSL Application Data spanning multiple SSL records. ",
3734 &ssl_desegment_app_data);
3735 #ifdef HAVE_LIBGNUTLS
3736 prefs_register_string_preference(ssl_module, "keys_list", "RSA keys list",
3737 "semicolon separated list of private RSA keys used for SSL decryption; "
3738 "each list entry must be in the form of <ip>,<port>,<protocol>,<key_file_name>"
3739 "<key_file_name> is the local file name of the RSA private key used by the specified server\n",
3740 (const gchar **)&ssl_keys_list);
3741 prefs_register_string_preference(ssl_module, "debug_file", "SSL debug file",
3742 "redirect ssl debug to file name; leave empty to disable debug, "
3743 "use \"" SSL_DEBUG_USE_STDERR "\" to redirect output to stderr\n",
3744 (const gchar **)&ssl_debug_file_name);
3748 register_dissector("ssl", dissect_ssl, proto_ssl);
3749 ssl_handle = find_dissector("ssl");
3751 ssl_associations = g_tree_new(ssl_association_cmp);
3753 register_init_routine(ssl_init);
3755 ssl_tap = register_tap("ssl");
3756 ssl_debug_printf("proto_register_ssl: registered tap %s:%d\n",
3760 /* If this dissector uses sub-dissector registration add a registration
3761 * routine. This format is required because a script is used to find
3762 * these routines and create the code that calls these routines.
3765 proto_reg_handoff_ssl(void)
3768 /* parse key list */
3771 /* add ssl dissection to defaults ports */
3772 ssl_dissector_add(443, "http", TRUE);
3773 ssl_dissector_add(636, "ldap", TRUE);
3774 ssl_dissector_add(993, "imap", TRUE);
3775 ssl_dissector_add(995, "pop", TRUE);
3779 ssl_dissector_add(guint port, const gchar *protocol, gboolean tcp)
3781 SslAssociation *assoc;
3783 assoc = ssl_association_find(ssl_associations, port, tcp);
3785 ssl_association_remove(ssl_associations, assoc);
3788 ssl_association_add(ssl_associations, ssl_handle, port, protocol, tcp, FALSE);
3792 ssl_dissector_delete(guint port, const gchar *protocol, gboolean tcp)
3794 SslAssociation *assoc;
3796 assoc = ssl_association_find(ssl_associations, port, tcp);
3797 if (assoc && (assoc->handle == find_dissector(protocol))) {
3798 ssl_association_remove(ssl_associations, assoc);