2 * Routines for ssl dissection
3 * Copyright (c) 2000-2001, Scott Renfro <scott@renfro.org>
5 * $Id: packet-ssl.c,v 1.13 2002/01/17 09:24:05 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 * - Uses conversations in a no-malloc fashion. Since we just want to
28 * remember the version of the conversation, we store the version
29 * integer directly in the void *data member of the conversation
30 * structure. This means that we don't have to manage any memory,
31 * but will cause problems if anyone assumes that all data pointers
32 * are actually pointers to memory allocated by g_mem_chunk_alloc.
34 * - Does not support decryption of encrypted frames, nor dissection
35 * of frames that would require state maintained between frames
36 * (e.g., single ssl records spread across multiple tcp frames)
38 * - Identifies, but does not fully dissect the following messages:
40 * - SSLv3/TLS (These need more state from previous handshake msgs)
41 * - Server Key Exchange
42 * - Client Key Exchange
43 * - Certificate Verify
45 * - SSLv2 (These don't appear in the clear)
50 * - Request Certificate
51 * - Client Certificate
65 #ifdef NEED_SNPRINTF_H
66 # include "snprintf.h"
69 #include "conversation.h"
72 static gboolean ssl_desegment = TRUE;
75 /*********************************************************************
77 * Protocol Constants, Variables, Data Structures
79 *********************************************************************/
81 /* Initialize the protocol and registered fields */
82 static int proto_ssl = -1;
83 static int hf_ssl_record = -1;
84 static int hf_ssl_record_content_type = -1;
85 static int hf_ssl_record_version = -1;
86 static int hf_ssl_record_length = -1;
87 static int hf_ssl_record_appdata = -1;
88 static int hf_ssl2_record = -1;
89 static int hf_ssl2_record_is_escape = -1;
90 static int hf_ssl2_record_padding_length = -1;
91 static int hf_ssl2_msg_type = -1;
92 static int hf_ssl_change_cipher_spec = -1;
93 static int hf_ssl_alert_message = -1;
94 static int hf_ssl_alert_message_level = -1;
95 static int hf_ssl_alert_message_description = -1;
96 static int hf_ssl_handshake_protocol = -1;
97 static int hf_ssl_handshake_type = -1;
98 static int hf_ssl_handshake_length = -1;
99 static int hf_ssl_handshake_client_version = -1;
100 static int hf_ssl_handshake_server_version = -1;
101 static int hf_ssl_handshake_random_time = -1;
102 static int hf_ssl_handshake_random_bytes = -1;
103 static int hf_ssl_handshake_cipher_suites_len = -1;
104 static int hf_ssl_handshake_cipher_suites = -1;
105 static int hf_ssl_handshake_cipher_suite = -1;
106 static int hf_ssl_handshake_session_id = -1;
107 static int hf_ssl_handshake_comp_methods_len = -1;
108 static int hf_ssl_handshake_comp_methods = -1;
109 static int hf_ssl_handshake_comp_method = -1;
110 static int hf_ssl_handshake_certificates_len = -1;
111 static int hf_ssl_handshake_certificates = -1;
112 static int hf_ssl_handshake_certificate = -1;
113 static int hf_ssl_handshake_certificate_len = -1;
114 static int hf_ssl_handshake_cert_types_count = -1;
115 static int hf_ssl_handshake_cert_types = -1;
116 static int hf_ssl_handshake_cert_type = -1;
117 static int hf_ssl_handshake_finished = -1;
118 static int hf_ssl_handshake_md5_hash = -1;
119 static int hf_ssl_handshake_sha_hash = -1;
120 static int hf_ssl_handshake_session_id_len = -1;
121 static int hf_ssl_handshake_dnames_len = -1;
122 static int hf_ssl_handshake_dnames = -1;
123 static int hf_ssl_handshake_dname_len = -1;
124 static int hf_ssl_handshake_dname = -1;
125 static int hf_ssl2_handshake_cipher_spec_len = -1;
126 static int hf_ssl2_handshake_session_id_len = -1;
127 static int hf_ssl2_handshake_challenge_len = -1;
128 static int hf_ssl2_handshake_cipher_spec = -1;
129 static int hf_ssl2_handshake_challenge = -1;
130 static int hf_ssl2_handshake_clear_key_len = -1;
131 static int hf_ssl2_handshake_enc_key_len = -1;
132 static int hf_ssl2_handshake_key_arg_len = -1;
133 static int hf_ssl2_handshake_clear_key = -1;
134 static int hf_ssl2_handshake_enc_key = -1;
135 static int hf_ssl2_handshake_key_arg = -1;
136 static int hf_ssl2_handshake_session_id_hit = -1;
137 static int hf_ssl2_handshake_cert_type = -1;
138 static int hf_ssl2_handshake_connection_id_len = -1;
139 static int hf_ssl2_handshake_connection_id = -1;
141 /* Initialize the subtree pointers */
142 static gint ett_ssl = -1;
143 static gint ett_ssl_record = -1;
144 static gint ett_ssl_alert = -1;
145 static gint ett_ssl_handshake = -1;
146 static gint ett_ssl_cipher_suites = -1;
147 static gint ett_ssl_comp_methods = -1;
148 static gint ett_ssl_certs = -1;
149 static gint ett_ssl_cert_types = -1;
150 static gint ett_ssl_dnames = -1;
152 /* The TCP port to associate with by default */
153 #define TCP_PORT_SSL 443
155 /* version state tables */
156 #define SSL_VER_UNKNOWN 0
157 #define SSL_VER_SSLv2 1
158 #define SSL_VER_SSLv3 2
159 #define SSL_VER_TLS 3
161 /* corresponds to the #defines above */
162 static gchar* ssl_version_short_names[] = {
170 #define SSL_ID_CHG_CIPHER_SPEC 0x14
171 #define SSL_ID_ALERT 0x15
172 #define SSL_ID_HANDSHAKE 0x16
173 #define SSL_ID_APP_DATA 0x17
175 #define SSL_HND_HELLO_REQUEST 0x00
176 #define SSL_HND_CLIENT_HELLO 0x01
177 #define SSL_HND_SERVER_HELLO 0x02
178 #define SSL_HND_CERTIFICATE 0x0b
179 #define SSL_HND_SERVER_KEY_EXCHG 0x0c
180 #define SSL_HND_CERT_REQUEST 0x0d
181 #define SSL_HND_SVR_HELLO_DONE 0x0e
182 #define SSL_HND_CERT_VERIFY 0x0f
183 #define SSL_HND_CLIENT_KEY_EXCHG 0x10
184 #define SSL_HND_FINISHED 0x14
186 #define SSL2_HND_ERROR 0x00
187 #define SSL2_HND_CLIENT_HELLO 0x01
188 #define SSL2_HND_CLIENT_MASTER_KEY 0x02
189 #define SSL2_HND_CLIENT_FINISHED 0x03
190 #define SSL2_HND_SERVER_HELLO 0x04
191 #define SSL2_HND_SERVER_VERIFY 0x05
192 #define SSL2_HND_SERVER_FINISHED 0x06
193 #define SSL2_HND_REQUEST_CERTIFICATE 0x07
194 #define SSL2_HND_CLIENT_CERTIFICATE 0x08
200 static const value_string ssl_20_msg_types[] = {
201 { SSL2_HND_ERROR, "Error" },
202 { SSL2_HND_CLIENT_HELLO, "Client Hello" },
203 { SSL2_HND_CLIENT_MASTER_KEY, "Client Master Key" },
204 { SSL2_HND_CLIENT_FINISHED, "Client Finished" },
205 { SSL2_HND_SERVER_HELLO, "Server Hello" },
206 { SSL2_HND_SERVER_VERIFY, "Server Verify" },
207 { SSL2_HND_SERVER_FINISHED, "Server Finished" },
208 { SSL2_HND_REQUEST_CERTIFICATE, "Request Certificate" },
209 { SSL2_HND_CLIENT_CERTIFICATE, "Client Certificate" },
213 static const value_string ssl_20_cipher_suites[] = {
214 { 0x010080, "SSL2_RC4_128_WITH_MD5" },
215 { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" },
216 { 0x030080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
217 { 0x040080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
218 { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" },
219 { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" },
220 { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" },
221 { 0x000000, "TLS_NULL_WITH_NULL_NULL" },
222 { 0x000001, "TLS_RSA_WITH_NULL_MD5" },
223 { 0x000002, "TLS_RSA_WITH_NULL_SHA" },
224 { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
225 { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" },
226 { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" },
227 { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
228 { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
229 { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
230 { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" },
231 { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
232 { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
233 { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
234 { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
235 { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
236 { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
237 { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
238 { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
239 { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
240 { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
241 { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
242 { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
243 { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
244 { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
245 { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" },
246 { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
247 { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
248 { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
249 { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
250 { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
251 { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
252 { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
253 { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
254 { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
255 { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
256 { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
257 /* these from http://www.mozilla.org/projects/
258 security/pki/nss/ssl/fips-ssl-ciphersuites.html */
259 { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
260 { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
261 { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
262 { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
263 /* note that ciphersuites of {0x00????} are TLS cipher suites in
264 * a sslv2 client hello message; the ???? above is the two-byte
265 * tls cipher suite id
270 static const value_string ssl_20_certificate_type[] = {
272 { 0x01, "X.509 Certificate" },
276 static const value_string ssl_31_content_type[] = {
277 { 20, "Change Cipher Spec" },
280 { 23, "Application Data" },
284 static const value_string ssl_versions[] = {
285 { 0x0301, "TLS 1.0" },
286 { 0x0300, "SSL 3.0" },
287 { 0x0002, "SSL 2.0" },
291 static const value_string ssl_31_change_cipher_spec[] = {
292 { 1, "Change Cipher Spec" },
296 static const value_string ssl_31_alert_level[] = {
302 static const value_string ssl_31_alert_description[] = {
303 { 0, "Close Notify" },
304 { 10, "Unexpected Message" },
305 { 20, "Bad Record MAC" },
306 { 21, "Decryption Failed" },
307 { 22, "Record Overflow" },
308 { 30, "Decompression Failure" },
309 { 40, "Handshake Failure" },
310 { 42, "Bad Certificate" },
311 { 43, "Unsupported Certificate" },
312 { 44, "Certificate Revoked" },
313 { 45, "Certificate Expired" },
314 { 46, "Certificate Unknown" },
315 { 47, "Illegal Parameter" },
316 { 48, "Unknown CA" },
317 { 49, "Access Denied" },
318 { 50, "Decode Error" },
319 { 51, "Decrypt Error" },
320 { 60, "Export Restriction" },
321 { 70, "Protocol Version" },
322 { 71, "Insufficient Security" },
323 { 80, "Internal Error" },
324 { 90, "User Canceled" },
325 { 100, "No Renegotiation" },
329 static const value_string ssl_31_handshake_type[] = {
330 { SSL_HND_HELLO_REQUEST, "Hello Request" },
331 { SSL_HND_CLIENT_HELLO, "Client Hello" },
332 { SSL_HND_SERVER_HELLO, "Server Hello" },
333 { SSL_HND_CERTIFICATE, "Certificate" },
334 { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" },
335 { SSL_HND_CERT_REQUEST, "Certificate Request" },
336 { SSL_HND_SVR_HELLO_DONE, "Server Hello Done" },
337 { SSL_HND_CERT_VERIFY, "Certificate Verify" },
338 { SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" },
339 { SSL_HND_FINISHED, "Finished" },
343 static const value_string ssl_31_compression_method[] = {
348 static const value_string ssl_31_key_exchange_algorithm[] = {
350 { 1, "Diffie Hellman" },
354 static const value_string ssl_31_signature_algorithm[] = {
361 static const value_string ssl_31_client_certificate_type[] = {
364 { 3, "RSA Fixed DH" },
365 { 4, "DSS Fixed DH" },
369 static const value_string ssl_31_public_value_encoding[] = {
375 static const value_string ssl_31_ciphersuite[] = {
376 { 0x0000, "TLS_NULL_WITH_NULL_NULL" },
377 { 0x0001, "TLS_RSA_WITH_NULL_MD5" },
378 { 0x0002, "TLS_RSA_WITH_NULL_SHA" },
379 { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
380 { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" },
381 { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" },
382 { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
383 { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
384 { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
385 { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" },
386 { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
387 { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
388 { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
389 { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
390 { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
391 { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
392 { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
393 { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
394 { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
395 { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
396 { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
397 { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
398 { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
399 { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
400 { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" },
401 { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
402 { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
403 { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
404 { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
405 { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
406 { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
407 { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
408 { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
409 { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
410 { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
411 { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
412 /* these from http://www.mozilla.org/projects/
413 security/pki/nss/ssl/fips-ssl-ciphersuites.html */
414 { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
415 { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
416 { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
417 { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
418 /* note that ciphersuites 0xff00 - 0xffff are private */
422 /*********************************************************************
424 * Forward Declarations
426 *********************************************************************/
429 * SSL version 3 and TLS dissectors
432 /* record layer dissector */
433 static int dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
434 proto_tree *tree, guint32 offset,
436 gboolean *need_desegmentation);
438 /* change cipher spec dissector */
439 static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb, packet_info *pinfo,
442 guint *conv_version);
444 /* alert message dissector */
445 static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
446 proto_tree *tree, guint32 offset,
447 guint *conv_version);
449 /* handshake protocol dissector */
450 static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
451 proto_tree *tree, guint32 offset,
452 guint32 record_length,
453 guint *conv_version);
456 static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
460 static void dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb, packet_info *pinfo,
464 static void dissect_ssl3_hnd_cert(tvbuff_t *tvb, packet_info *pinfo,
465 proto_tree *tree, guint32 offset);
467 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, packet_info *pinfo,
471 static void dissect_ssl3_hnd_finished(tvbuff_t *tvb, packet_info *pinfo,
474 guint *conv_version);
478 * SSL version 2 dissectors
482 /* record layer dissector */
483 static int dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
484 proto_tree *tree, guint32 offset,
486 gboolean *need_desegmentation);
488 /* client hello dissector */
489 static void dissect_ssl2_hnd_client_hello(tvbuff_t *tvb, packet_info *pinfo,
493 /* client master key dissector */
494 static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
499 /* server hello dissector */
500 static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
509 static void ssl_set_conv_version(packet_info *pinfo, guint version);
510 static int ssl_is_valid_handshake_type(guint8 type);
511 static int ssl_is_valid_content_type(guint8 type);
512 static int ssl_is_valid_ssl_version(guint16 version);
513 static int ssl_is_authoritative_version_message(guint8 content_type,
515 static int ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset);
516 static int ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset);
517 static int ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset);
518 static int ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb,
520 guint32 record_length);
522 /*********************************************************************
526 *********************************************************************/
528 * Code to actually dissect the packets
531 dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
534 conversation_t *conversation;
536 guint conv_version = SSL_VER_UNKNOWN;
537 proto_item *ti = NULL;
538 proto_tree *ssl_tree = NULL;
540 gboolean first_record_in_frame = TRUE;
541 gboolean need_desegmentation;
543 /* Track the version using conversations to reduce the
544 * chance that a packet that simply *looks* like a v2 or
545 * v3 packet is dissected improperly. This also allows
546 * us to more frequently set the protocol column properly
547 * for continuation data frames.
549 * Also: We use the copy in conv_version as our cached copy,
550 * so that we don't have to search the conversation
551 * table every time we want the version; when setting
552 * the conv_version, must set the copy in the conversation
553 * in addition to conv_version
555 conversation = find_conversation(&pinfo->src, &pinfo->dst, pinfo->ptype,
556 pinfo->srcport, pinfo->destport, 0);
559 /* create a new conversation */
560 conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype,
561 pinfo->srcport, pinfo->destport, 0);
563 conv_data = conversation_get_proto_data(conversation, proto_ssl);
564 if (conv_data != NULL)
566 conv_version = (guint)conv_data;
569 /* Initialize the protocol column; we'll set it later when we
570 * figure out what flavor of SSL it is (assuming we don't
571 * throw an exception before we get the chance to do so). */
572 if (check_col(pinfo->cinfo, COL_PROTOCOL))
574 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSL");
577 /* clear the the info column */
578 if (check_col(pinfo->cinfo, COL_INFO))
579 col_clear(pinfo->cinfo, COL_INFO);
581 /* TCP packets and SSL records are orthogonal.
582 * A tcp packet may contain multiple ssl records and an ssl
583 * record may be spread across multiple tcp packets.
585 * This loop accounts for multiple ssl records in a single
586 * frame, but not a single ssl record across multiple tcp
589 * Handling the single ssl record across multiple packets
590 * may be possible using ethereal conversations, but
591 * probably not cleanly. May have to wait for tcp stream
595 /* Create display subtree for SSL as a whole */
598 ti = proto_tree_add_item(tree, proto_ssl, tvb,
599 0, tvb_length(tvb), FALSE);
600 ssl_tree = proto_item_add_subtree(ti, ett_ssl);
603 /* iterate through the records in this frame */
604 while (offset < tvb_length(tvb)-1)
606 /* on second and subsequent records per frame
607 * add a delimiter on info column
609 if (!first_record_in_frame
610 && check_col(pinfo->cinfo, COL_INFO))
612 col_append_str(pinfo->cinfo, COL_INFO, ", ");
616 * Assume, for now, that this doesn't need desegmentation.
618 need_desegmentation = FALSE;
620 /* first try to dispatch off the cached version
621 * known to be associated with the conversation
623 switch(conv_version) {
625 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
626 offset, &conv_version,
627 &need_desegmentation);
632 /* the version tracking code works too well ;-)
633 * at times, we may visit a v2 client hello after
634 * we already know the version of the connection;
635 * work around that here by detecting and calling
636 * the v2 dissector instead
638 if (ssl_is_v2_client_hello(tvb, offset))
640 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
641 offset, &conv_version,
642 &need_desegmentation);
646 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
647 offset, &conv_version,
648 &need_desegmentation);
652 /* that failed, so apply some heuristics based
653 * on this individual packet
656 if (ssl_looks_like_sslv2(tvb, offset))
658 /* looks like sslv2 client hello */
659 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
660 offset, &conv_version,
661 &need_desegmentation);
663 else if (ssl_looks_like_sslv3(tvb, offset))
665 /* looks like sslv3 or tls */
666 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
667 offset, &conv_version,
668 &need_desegmentation);
672 /* looks like something unknown, so lump into
675 offset = tvb_length(tvb);
676 if (check_col(pinfo->cinfo, COL_INFO))
677 col_append_str(pinfo->cinfo, COL_INFO,
678 "Continuation Data");
680 /* Set the protocol column */
681 if (check_col(pinfo->cinfo, COL_PROTOCOL))
683 col_set_str(pinfo->cinfo, COL_PROTOCOL,
684 ssl_version_short_names[conv_version]);
690 /* Desegmentation return check */
691 if (need_desegmentation)
694 /* If we haven't already set the version information for
695 * this conversation, do so. */
696 if (conv_data == NULL)
698 conv_data = (void *)conv_version;
699 conversation_add_proto_data(conversation, proto_ssl, conv_data);
702 /* set up for next record in frame, if any */
703 first_record_in_frame = FALSE;
709 /*********************************************************************
711 * SSL version 3 and TLS Dissection Routines
713 *********************************************************************/
715 dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
716 proto_tree *tree, guint32 offset,
717 guint *conv_version, gboolean *need_desegmentation)
722 * uint8 major, minor;
727 * change_cipher_spec(20), alert(21), handshake(22),
728 * application_data(23), (255)
733 * ProtocolVersion version;
735 * opaque fragment[TLSPlaintext.length];
738 guint32 record_length;
742 proto_tree *ti = NULL;
743 proto_tree *ssl_record_tree = NULL;
744 guint32 available_bytes = 0;
747 * Get the record layer fields of interest
749 content_type = tvb_get_guint8(tvb, offset);
750 version = tvb_get_ntohs(tvb, offset + 1);
751 record_length = tvb_get_ntohs(tvb, offset + 3);
753 if (ssl_is_valid_content_type(content_type)) {
756 * Desegmentation test
758 available_bytes = tvb_length_remaining(tvb, offset + 5);
760 && pinfo->can_desegment
761 && available_bytes < record_length) {
763 pinfo->desegment_offset = offset;
764 pinfo->desegment_len = record_length - available_bytes;
765 *need_desegmentation = TRUE;
771 /* if we don't have a valid content_type, there's no sense
772 * continuing any further
774 if (check_col(pinfo->cinfo, COL_INFO))
775 col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
777 /* Set the protocol column */
778 if (check_col(pinfo->cinfo, COL_PROTOCOL))
780 col_set_str(pinfo->cinfo, COL_PROTOCOL,
781 ssl_version_short_names[*conv_version]);
783 return offset + 5 + record_length;
787 * If GUI, fill in record layer part of tree
792 /* add the record layer subtree header */
793 ti = proto_tree_add_item(tree, hf_ssl_record, tvb,
794 offset, 5 + record_length, 0);
795 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
800 /* show the one-byte content type */
801 proto_tree_add_item(ssl_record_tree, hf_ssl_record_content_type,
805 /* add the version */
806 proto_tree_add_item(ssl_record_tree, hf_ssl_record_version, tvb,
811 proto_tree_add_uint(ssl_record_tree, hf_ssl_record_length, tvb,
812 offset, 2, record_length);
813 offset += 2; /* move past length field itself */
817 /* if no GUI tree, then just skip over those fields */
823 * if we don't already have a version set for this conversation,
824 * but this message's version is authoritative (i.e., it's
825 * not client_hello, then save the version to to conversation
826 * structure and print the column version
828 next_byte = tvb_get_guint8(tvb, offset);
829 if (*conv_version == SSL_VER_UNKNOWN
830 && ssl_is_authoritative_version_message(content_type, next_byte))
832 if (version == 0x0300)
834 *conv_version = SSL_VER_SSLv3;
835 ssl_set_conv_version(pinfo, *conv_version);
837 else if (version == 0x0301)
839 *conv_version = SSL_VER_TLS;
840 ssl_set_conv_version(pinfo, *conv_version);
843 if (check_col(pinfo->cinfo, COL_PROTOCOL))
845 if (version == 0x0300)
847 col_set_str(pinfo->cinfo, COL_PROTOCOL,
848 ssl_version_short_names[SSL_VER_SSLv3]);
850 else if (version == 0x0301)
852 col_set_str(pinfo->cinfo, COL_PROTOCOL,
853 ssl_version_short_names[SSL_VER_TLS]);
857 col_set_str(pinfo->cinfo, COL_PROTOCOL,
858 ssl_version_short_names[*conv_version]);
863 * now dissect the next layer
865 switch (content_type) {
866 case SSL_ID_CHG_CIPHER_SPEC:
867 if (check_col(pinfo->cinfo, COL_INFO))
868 col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
869 dissect_ssl3_change_cipher_spec(tvb, pinfo, ssl_record_tree,
870 offset, conv_version);
873 dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
876 case SSL_ID_HANDSHAKE:
877 dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
878 record_length, conv_version);
880 case SSL_ID_APP_DATA:
881 if (check_col(pinfo->cinfo, COL_INFO))
882 col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
885 proto_item_set_text(ssl_record_tree,
886 "%s Record Layer: Application Data",
887 ssl_version_short_names[*conv_version]);
888 proto_tree_add_item(ssl_record_tree, hf_ssl_record_appdata, tvb,
889 offset, record_length, 0);
894 /* shouldn't get here since we check above for valid types */
895 if (check_col(pinfo->cinfo, COL_INFO))
896 col_append_str(pinfo->cinfo, COL_INFO, "Bad SSLv3 Content Type");
899 offset += record_length; /* skip to end of record */
904 /* dissects the change cipher spec procotol, filling in the tree */
906 dissect_ssl3_change_cipher_spec(tvbuff_t *tvb, packet_info *pinfo,
907 proto_tree *tree, guint32 offset,
912 * enum { change_cipher_spec(1), (255) } type;
913 * } ChangeCipherSpec;
918 proto_item_set_text(tree,
919 "%s Record Layer: Change Cipher Spec",
920 ssl_version_short_names[*conv_version]);
921 proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
926 /* dissects the alert message, filling in the tree */
928 dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
929 proto_tree *tree, guint32 offset,
934 * AlertDescription description;
938 proto_tree *ssl_alert_tree = NULL;
944 ti = proto_tree_add_item(tree, hf_ssl_alert_message, tvb,
946 ssl_alert_tree = proto_item_add_subtree(ti, ett_ssl_alert);
950 * set the record layer label
953 /* first lookup the names for the alert level and description */
954 byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
955 level = match_strval(byte, ssl_31_alert_level);
957 byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
958 desc = match_strval(byte, ssl_31_alert_description);
960 /* now set the text in the record layer line */
963 if (check_col(pinfo->cinfo, COL_INFO))
964 col_append_fstr(pinfo->cinfo, COL_INFO,
965 "Alert (Level: %s, Description: %s)",
970 if (check_col(pinfo->cinfo, COL_INFO))
971 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
978 proto_item_set_text(tree, "%s Record Layer: Alert "
979 "(Level: %s, Description: %s)",
980 ssl_version_short_names[*conv_version],
982 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
983 tvb, offset++, 1, FALSE);
985 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_description,
986 tvb, offset++, 1, FALSE);
990 proto_item_set_text(tree,
991 "%s Record Layer: Encrypted Alert",
992 ssl_version_short_names[*conv_version]);
993 proto_item_set_text(ssl_alert_tree,
994 "Alert Message: Encrypted Alert");
1000 /* dissects the handshake protocol, filling the tree */
1002 dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
1003 proto_tree *tree, guint32 offset,
1004 guint32 record_length, guint *conv_version)
1007 * HandshakeType msg_type;
1009 * select (HandshakeType) {
1010 * case hello_request: HelloRequest;
1011 * case client_hello: ClientHello;
1012 * case server_hello: ServerHello;
1013 * case certificate: Certificate;
1014 * case server_key_exchange: ServerKeyExchange;
1015 * case certificate_request: CertificateRequest;
1016 * case server_hello_done: ServerHelloDone;
1017 * case certificate_verify: CertificateVerify;
1018 * case client_key_exchange: ClientKeyExchange;
1019 * case finished: Finished;
1023 proto_tree *ti = NULL;
1024 proto_tree *ssl_hand_tree = NULL;
1025 gchar *msg_type_str = NULL;
1028 gboolean first_iteration = TRUE;
1031 /* just as there can be multiple records per packet, there
1032 * can be multiple messages per record as long as they have
1033 * the same content type
1035 * we really only care about this for handshake messages
1038 /* set record_length to the max offset */
1039 record_length += offset;
1040 while (offset < record_length)
1042 msg_type = tvb_get_guint8(tvb, offset);
1043 msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
1044 length = tvb_get_ntoh24(tvb, offset + 1);
1046 if (!msg_type_str && !first_iteration)
1048 /* only dissect / report messages if they're
1049 * either the first message in this record
1050 * or they're a valid message type
1055 /* on second and later iterations, add comma to info col */
1056 if (!first_iteration)
1058 if (check_col(pinfo->cinfo, COL_INFO))
1059 col_append_fstr(pinfo->cinfo, COL_INFO, ", ");
1063 * Update our info string
1065 if (check_col(pinfo->cinfo, COL_INFO))
1066 col_append_fstr(pinfo->cinfo, COL_INFO, "%s", (msg_type_str != NULL)
1067 ? msg_type_str : "Encrypted Handshake Message");
1071 /* set the label text on the record layer expanding node */
1072 if (first_iteration)
1074 proto_item_set_text(tree, "%s Record Layer: %s",
1075 ssl_version_short_names[*conv_version],
1076 (msg_type_str!=NULL) ? msg_type_str :
1077 "Encrypted Handshake Message");
1081 proto_item_set_text(tree, "%s Record Layer: %s",
1082 ssl_version_short_names[*conv_version],
1083 "Multiple Handshake Messages");
1086 /* add a subtree for the handshake protocol */
1087 ti = proto_tree_add_item(tree, hf_ssl_handshake_protocol, tvb,
1088 offset, length + 4, 0);
1089 ssl_hand_tree = proto_item_add_subtree(ti, ett_ssl_handshake);
1093 /* set the text label on the subtree node */
1094 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s",
1095 (msg_type_str != NULL) ? msg_type_str :
1096 "Encrypted Handshake Message");
1100 /* if we don't have a valid handshake type, just quit dissecting */
1108 /* add nodes for the message type and message length */
1109 proto_tree_add_item(ssl_hand_tree, hf_ssl_handshake_type,
1110 tvb, offset, 1, msg_type);
1112 proto_tree_add_uint(ssl_hand_tree, hf_ssl_handshake_length,
1113 tvb, offset, 3, length);
1116 /* now dissect the handshake message, if necessary */
1118 case SSL_HND_HELLO_REQUEST:
1119 /* hello_request has no fields, so nothing to do! */
1122 case SSL_HND_CLIENT_HELLO:
1123 dissect_ssl3_hnd_cli_hello(tvb, pinfo, ssl_hand_tree, offset);
1126 case SSL_HND_SERVER_HELLO:
1127 dissect_ssl3_hnd_srv_hello(tvb, pinfo, ssl_hand_tree, offset);
1130 case SSL_HND_CERTIFICATE:
1131 dissect_ssl3_hnd_cert(tvb, pinfo, ssl_hand_tree, offset);
1134 case SSL_HND_CERT_REQUEST:
1135 dissect_ssl3_hnd_cert_req(tvb, pinfo, ssl_hand_tree, offset);
1138 case SSL_HND_SVR_HELLO_DONE:
1139 /* server_hello_done has no fields, so nothing to do! */
1142 case SSL_HND_FINISHED:
1143 dissect_ssl3_hnd_finished(tvb, pinfo, ssl_hand_tree,
1144 offset, conv_version);
1147 case SSL_HND_SERVER_KEY_EXCHG:
1148 case SSL_HND_CERT_VERIFY:
1149 case SSL_HND_CLIENT_KEY_EXCHG:
1157 offset += 4; /* skip the handshake header */
1160 first_iteration = FALSE; /* set up for next pass, if any */
1165 dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
1168 /* show the client's random challenge */
1169 guint32 initial_offset = offset;
1170 nstime_t gmt_unix_time;
1171 guint8 session_id_length = 0;
1176 gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
1177 gmt_unix_time.nsecs = 0;
1178 proto_tree_add_time(tree, hf_ssl_handshake_random_time,
1179 tvb, offset, 4, &gmt_unix_time);
1182 /* show the random bytes */
1183 proto_tree_add_item(tree, hf_ssl_handshake_random_bytes,
1184 tvb, offset, 28, 0);
1187 /* show the session id */
1188 session_id_length = tvb_get_guint8(tvb, offset);
1189 proto_tree_add_item(tree, hf_ssl_handshake_session_id_len,
1190 tvb, offset++, 1, 0);
1191 if (session_id_length > 0)
1193 proto_tree_add_bytes_format(tree, hf_ssl_handshake_session_id,
1194 tvb, offset, session_id_length,
1195 tvb_get_ptr(tvb, offset, session_id_length),
1196 "Session ID (%u byte%s)",
1198 plurality(session_id_length, "", "s"));
1199 offset += session_id_length;
1203 return offset - initial_offset;
1207 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
1208 proto_tree *tree, guint32 offset)
1211 * ProtocolVersion client_version;
1213 * SessionID session_id;
1214 * CipherSuite cipher_suites<2..2^16-1>;
1215 * CompressionMethod compression_methods<1..2^8-1>;
1220 proto_tree *cs_tree;
1221 guint16 cipher_suite_length = 0;
1222 guint8 compression_methods_length = 0;
1226 /* show the client version */
1227 proto_tree_add_item(tree, hf_ssl_handshake_client_version, tvb,
1231 /* show the fields in common with server hello */
1232 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset);
1234 /* tell the user how many cipher suites there are */
1235 cipher_suite_length = tvb_get_ntohs(tvb, offset);
1236 proto_tree_add_uint(tree, hf_ssl_handshake_cipher_suites_len,
1237 tvb, offset, 2, cipher_suite_length);
1238 offset += 2; /* skip opaque length */
1240 if (cipher_suite_length > 0)
1242 ti = proto_tree_add_none_format(tree,
1243 hf_ssl_handshake_cipher_suites,
1244 tvb, offset, cipher_suite_length,
1245 "Cipher Suites (%u suite%s)",
1246 cipher_suite_length / 2,
1247 plurality(cipher_suite_length/2, "", "s"));
1249 /* make this a subtree */
1250 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1253 cs_tree = tree; /* failsafe */
1256 while (cipher_suite_length > 0)
1258 proto_tree_add_item(cs_tree, hf_ssl_handshake_cipher_suite,
1259 tvb, offset, 2, FALSE);
1261 cipher_suite_length -= 2;
1265 /* tell the user how man compression methods there are */
1266 compression_methods_length = tvb_get_guint8(tvb, offset);
1267 proto_tree_add_uint(tree, hf_ssl_handshake_comp_methods_len,
1268 tvb, offset, 1, compression_methods_length);
1271 if (compression_methods_length > 0)
1273 ti = proto_tree_add_none_format(tree,
1274 hf_ssl_handshake_comp_methods,
1275 tvb, offset, compression_methods_length,
1276 "Compression Methods (%u method%s)",
1277 compression_methods_length,
1278 plurality(compression_methods_length,
1281 /* make this a subtree */
1282 cs_tree = proto_item_add_subtree(ti, ett_ssl_comp_methods);
1285 cs_tree = tree; /* failsafe */
1288 while (compression_methods_length > 0)
1290 proto_tree_add_item(cs_tree, hf_ssl_handshake_comp_method,
1291 tvb, offset, 1, FALSE);
1293 compression_methods_length--;
1300 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb, packet_info *pinfo,
1301 proto_tree *tree, guint32 offset)
1304 * ProtocolVersion server_version;
1306 * SessionID session_id;
1307 * CipherSuite cipher_suite;
1308 * CompressionMethod compression_method;
1314 /* show the server version */
1315 proto_tree_add_item(tree, hf_ssl_handshake_server_version, tvb,
1319 /* first display the elements conveniently in
1320 * common with client hello
1322 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset);
1324 /* now the server-selected cipher suite */
1325 proto_tree_add_item(tree, hf_ssl_handshake_cipher_suite,
1326 tvb, offset, 2, FALSE);
1329 /* and the server-selected compression method */
1330 proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
1331 tvb, offset, 1, FALSE);
1336 dissect_ssl3_hnd_cert(tvbuff_t *tvb, packet_info *pinfo,
1337 proto_tree *tree, guint32 offset)
1340 /* opaque ASN.1Cert<2^24-1>;
1343 * ASN.1Cert certificate_list<1..2^24-1>;
1346 guint32 certificate_list_length;
1348 proto_tree *subtree;
1352 certificate_list_length = tvb_get_ntoh24(tvb, offset);
1353 proto_tree_add_uint(tree, hf_ssl_handshake_certificates_len,
1354 tvb, offset, 3, certificate_list_length);
1355 offset += 3; /* 24-bit length value */
1357 if (certificate_list_length > 0)
1359 ti = proto_tree_add_none_format(tree,
1360 hf_ssl_handshake_certificates,
1361 tvb, offset, certificate_list_length,
1362 "Certificates (%u byte%s)",
1363 certificate_list_length,
1364 plurality(certificate_list_length,
1367 /* make it a subtree */
1368 subtree = proto_item_add_subtree(ti, ett_ssl_certs);
1371 subtree = tree; /* failsafe */
1374 /* iterate through each certificate */
1375 while (certificate_list_length > 0)
1377 /* get the length of the current certificate */
1378 guint32 cert_length = tvb_get_ntoh24(tvb, offset);
1379 certificate_list_length -= 3 + cert_length;
1381 proto_tree_add_item(subtree, hf_ssl_handshake_certificate_len,
1382 tvb, offset, 3, FALSE);
1385 proto_tree_add_bytes_format(subtree,
1386 hf_ssl_handshake_certificate,
1387 tvb, offset, cert_length,
1388 tvb_get_ptr(tvb, offset, cert_length),
1389 "Certificate (%u byte%s)",
1391 plurality(cert_length, "", "s"));
1392 offset += cert_length;
1400 dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, packet_info *pinfo,
1401 proto_tree *tree, guint32 offset)
1405 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
1407 * } ClientCertificateType;
1409 * opaque DistinguishedName<1..2^16-1>;
1412 * ClientCertificateType certificate_types<1..2^8-1>;
1413 * DistinguishedName certificate_authorities<3..2^16-1>;
1414 * } CertificateRequest;
1418 proto_tree *subtree;
1419 guint8 cert_types_count = 0;
1420 int dnames_length = 0;
1424 cert_types_count = tvb_get_guint8(tvb, offset);
1425 proto_tree_add_uint(tree, hf_ssl_handshake_cert_types_count,
1426 tvb, offset, 1, cert_types_count);
1429 if (cert_types_count > 0)
1431 ti = proto_tree_add_none_format(tree,
1432 hf_ssl_handshake_cert_types,
1433 tvb, offset, cert_types_count,
1434 "Certificate types (%u type%s)",
1436 plurality(cert_types_count, "", "s"));
1437 subtree = proto_item_add_subtree(ti, ett_ssl_cert_types);
1443 while (cert_types_count > 0)
1445 proto_tree_add_item(subtree, hf_ssl_handshake_cert_type,
1446 tvb, offset, 1, FALSE);
1452 dnames_length = tvb_get_ntohs(tvb, offset);
1453 proto_tree_add_uint(tree, hf_ssl_handshake_dnames_len,
1454 tvb, offset, 2, dnames_length);
1457 if (dnames_length > 0)
1459 ti = proto_tree_add_none_format(tree,
1460 hf_ssl_handshake_dnames,
1461 tvb, offset, dnames_length,
1462 "Distinguished Names (%d byte%s)",
1464 plurality(dnames_length, "", "s"));
1465 subtree = proto_item_add_subtree(ti, ett_ssl_dnames);
1471 while (dnames_length > 0)
1473 /* get the length of the current certificate */
1474 guint16 name_length = tvb_get_ntohs(tvb, offset);
1475 dnames_length -= 2 + name_length;
1477 proto_tree_add_item(subtree, hf_ssl_handshake_dname_len,
1478 tvb, offset, 2, FALSE);
1481 proto_tree_add_bytes_format(subtree,
1482 hf_ssl_handshake_dname,
1483 tvb, offset, name_length,
1484 tvb_get_ptr(tvb, offset, name_length),
1485 "Distinguished Name (%u byte%s)",
1487 plurality(name_length, "", "s"));
1488 offset += name_length;
1496 dissect_ssl3_hnd_finished(tvbuff_t *tvb, packet_info *pinfo,
1497 proto_tree *tree, guint32 offset,
1498 guint *conv_version)
1502 * opaque verify_data[12];
1507 * opaque md5_hash[16];
1508 * opaque sha_hash[20];
1512 /* this all needs a tree, so bail if we don't have one */
1518 switch(*conv_version) {
1520 proto_tree_add_item(tree, hf_ssl_handshake_finished,
1521 tvb, offset, 12, FALSE);
1525 proto_tree_add_item(tree, hf_ssl_handshake_md5_hash,
1526 tvb, offset, 16, FALSE);
1528 proto_tree_add_item(tree, hf_ssl_handshake_sha_hash,
1529 tvb, offset, 20, FALSE);
1535 /*********************************************************************
1537 * SSL version 2 Dissectors
1539 *********************************************************************/
1542 /* record layer dissector */
1544 dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree
1545 *tree, guint32 offset, guint *conv_version,
1546 gboolean *need_desegmentation)
1548 guint32 initial_offset = offset;
1550 guint8 record_length_length = 0;
1551 guint32 record_length = 0;
1552 gint is_escape = -1;
1553 gint16 padding_length = -1;
1554 guint8 msg_type = 0;
1555 gchar *msg_type_str = NULL;
1556 guint32 available_bytes = 0;
1559 proto_tree *ssl_record_tree = NULL;
1561 /* if we get here, but don't have a version set for the
1562 * conversation, then set a version for just this frame
1563 * (e.g., on a client hello)
1565 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1567 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSLv2");
1570 /* pull first byte; if high bit is set, then record
1571 * length is three bytes due to padding; otherwise
1572 * record length is two bytes
1574 byte = tvb_get_guint8(tvb, offset++);
1575 record_length_length = (byte & 0x80) ? 2 : 3;
1577 /* parse out the record length */
1578 switch(record_length_length) {
1579 case 2: /* two-byte record length */
1580 record_length = (byte & 0x7f) << 8;
1581 byte = tvb_get_guint8(tvb, offset++);
1582 record_length += byte;
1584 case 3: /* three-byte record length */
1585 is_escape = (byte & 0x40) ? TRUE : FALSE;
1586 record_length = (byte & 0x3f) << 8;
1587 byte = tvb_get_guint8(tvb, offset++);
1588 record_length += byte;
1589 byte = tvb_get_guint8(tvb, offset++);
1590 padding_length = byte;
1594 * Desegmentation test
1596 available_bytes = tvb_length_remaining(tvb, offset);
1598 && pinfo->can_desegment
1599 && available_bytes < record_length) {
1601 pinfo->desegment_offset = offset;
1602 pinfo->desegment_len = record_length - available_bytes;
1603 *need_desegmentation = TRUE;
1607 /* add the record layer subtree header */
1608 ti = proto_tree_add_item(tree, hf_ssl2_record, tvb, initial_offset,
1609 record_length_length + record_length, 0);
1610 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
1612 /* pull the msg_type so we can bail if it's unknown */
1613 msg_type = tvb_get_guint8(tvb, initial_offset + record_length_length);
1615 /* if we get a server_hello or later handshake in v2, then set
1618 if (*conv_version == SSL_VER_UNKNOWN
1619 && msg_type >= 2 && msg_type <= 8)
1621 *conv_version = SSL_VER_SSLv2;
1622 ssl_set_conv_version(pinfo, *conv_version);
1625 /* see if the msg_type is valid; if not the payload is
1626 * probably encrypted, so note that fact and bail
1628 msg_type_str = match_strval(msg_type, ssl_20_msg_types);
1630 || !ssl_looks_like_valid_v2_handshake(tvb, initial_offset
1631 + record_length_length,
1634 if (ssl_record_tree)
1636 proto_item_set_text(ssl_record_tree, "SSLv2 Record Layer: %s",
1639 if (check_col(pinfo->cinfo, COL_INFO))
1640 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Data");
1641 return initial_offset + record_length_length + record_length;
1645 if (check_col(pinfo->cinfo, COL_INFO))
1646 col_append_str(pinfo->cinfo, COL_INFO, msg_type_str);
1648 if (ssl_record_tree)
1650 proto_item_set_text(ssl_record_tree, "SSLv2 Record Layer: %s",
1655 /* We have a valid message type, so move foward, filling in the
1656 * tree by adding the length, is_escape boolean and padding_length,
1657 * if present in the original packet
1659 if (ssl_record_tree)
1661 /* add the record length */
1662 ti = proto_tree_add_uint (ssl_record_tree,
1663 hf_ssl_record_length, tvb,
1664 initial_offset, record_length_length,
1667 if (ssl_record_tree && is_escape != -1)
1669 proto_tree_add_boolean(ssl_record_tree,
1670 hf_ssl2_record_is_escape, tvb,
1671 initial_offset, 1, is_escape);
1673 if (ssl_record_tree && padding_length != -1)
1675 proto_tree_add_uint(ssl_record_tree,
1676 hf_ssl2_record_padding_length, tvb,
1677 initial_offset + 2, 1, padding_length);
1681 * dissect the record data
1684 /* jump forward to the start of the record data */
1685 offset = initial_offset + record_length_length;
1687 /* add the message type */
1688 if (ssl_record_tree)
1690 proto_tree_add_item(ssl_record_tree, hf_ssl2_msg_type, tvb,
1693 offset++; /* move past msg_type byte */
1696 /* dissect the message (only handle client hello right now) */
1698 case SSL2_HND_CLIENT_HELLO:
1699 dissect_ssl2_hnd_client_hello(tvb, pinfo, ssl_record_tree, offset);
1702 case SSL2_HND_CLIENT_MASTER_KEY:
1703 dissect_ssl2_hnd_client_master_key(tvb, pinfo, ssl_record_tree, offset);
1706 case SSL2_HND_SERVER_HELLO:
1707 dissect_ssl2_hnd_server_hello(tvb, pinfo, ssl_record_tree, offset);
1710 case SSL2_HND_ERROR:
1711 case SSL2_HND_CLIENT_FINISHED:
1712 case SSL2_HND_SERVER_VERIFY:
1713 case SSL2_HND_SERVER_FINISHED:
1714 case SSL2_HND_REQUEST_CERTIFICATE:
1715 case SSL2_HND_CLIENT_CERTIFICATE:
1719 default: /* unknown */
1724 return (initial_offset + record_length_length + record_length);
1728 dissect_ssl2_hnd_client_hello(tvbuff_t *tvb, packet_info *pinfo,
1729 proto_tree *tree, guint32 offset)
1734 * uint16 cipher_spec_length;
1735 * uint16 session_id_length;
1736 * uint16 challenge_length;
1737 * V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length];
1738 * opaque session_id[V2ClientHello.session_id_length];
1742 * Note: when we get here, offset's already pointing at Version
1746 guint16 cipher_spec_length;
1747 guint16 session_id_length;
1748 guint16 challenge_length;
1751 proto_tree *cs_tree;
1753 version = tvb_get_ntohs(tvb, offset);
1754 if (!ssl_is_valid_ssl_version(version))
1756 /* invalid version; probably encrypted data */
1762 /* show the version */
1763 proto_tree_add_item(tree, hf_ssl_record_version, tvb,
1767 cipher_spec_length = tvb_get_ntohs(tvb, offset);
1768 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec_len,
1769 tvb, offset, 2, FALSE);
1772 session_id_length = tvb_get_ntohs(tvb, offset);
1773 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_len,
1774 tvb, offset, 2, FALSE);
1777 challenge_length = tvb_get_ntohs(tvb, offset);
1778 proto_tree_add_item(tree, hf_ssl2_handshake_challenge_len,
1779 tvb, offset, 2, FALSE);
1782 /* tell the user how many cipher specs they've won */
1783 ti = proto_tree_add_none_format(tree, hf_ssl_handshake_cipher_suites,
1784 tvb, offset, cipher_spec_length,
1785 "Cipher Specs (%u specs)",
1786 cipher_spec_length/3);
1788 /* make this a subtree and expand the actual specs below */
1789 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1792 cs_tree = tree; /* failsafe */
1795 /* iterate through the cipher specs, showing them */
1796 while (cipher_spec_length > 0)
1798 proto_tree_add_item(cs_tree, hf_ssl2_handshake_cipher_spec,
1799 tvb, offset, 3, FALSE);
1800 offset += 3; /* length of one cipher spec */
1801 cipher_spec_length -= 3;
1804 /* if there's a session id, show it */
1805 if (session_id_length > 0)
1807 proto_tree_add_bytes_format(tree,
1808 hf_ssl_handshake_session_id,
1809 tvb, offset, session_id_length,
1810 tvb_get_ptr(tvb, offset, session_id_length),
1811 "Session ID (%u byte%s)",
1813 plurality(session_id_length, "", "s"));
1815 offset += session_id_length;
1818 /* if there's a challenge, show it */
1819 if (challenge_length > 0)
1821 proto_tree_add_item(tree, hf_ssl2_handshake_challenge,
1822 tvb, offset, challenge_length, 0);
1823 offset += challenge_length;
1829 dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb, packet_info *pinfo,
1830 proto_tree *tree, guint32 offset)
1834 * V2Cipherspec cipher;
1835 * uint16 clear_key_length;
1836 * uint16 encrypted_key_length;
1837 * uint16 key_arg_length;
1838 * opaque clear_key_data[V2ClientMasterKey.clear_key_length];
1839 * opaque encrypted_key_data[V2ClientMasterKey.encrypted_key_length];
1840 * opaque key_arg_data[V2ClientMasterKey.key_arg_length];
1841 * } V2ClientMasterKey;
1843 * Note: when we get here, offset's already pointing at cipher
1845 guint16 clear_key_length;
1846 guint16 encrypted_key_length;
1847 guint16 key_arg_length;
1849 /* at this point, everything we do involves the tree,
1850 * so quit now if we don't have one ;-)
1857 /* show the selected cipher */
1858 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec,
1859 tvb, offset, 3, FALSE);
1862 /* get the fixed fields */
1863 clear_key_length = tvb_get_ntohs(tvb, offset);
1864 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key_len,
1865 tvb, offset, 2, FALSE);
1868 encrypted_key_length = tvb_get_ntohs(tvb, offset);
1869 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key_len,
1870 tvb, offset, 2, FALSE);
1873 key_arg_length = tvb_get_ntohs(tvb, offset);
1874 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg_len,
1875 tvb, offset, 2, FALSE);
1878 /* show the variable length fields */
1879 if (clear_key_length > 0)
1881 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key,
1882 tvb, offset, clear_key_length, FALSE);
1883 offset += clear_key_length;
1886 if (encrypted_key_length > 0)
1888 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key,
1889 tvb, offset, encrypted_key_length, FALSE);
1890 offset += encrypted_key_length;
1893 if (key_arg_length > 0)
1895 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg,
1896 tvb, offset, key_arg_length, FALSE);
1897 offset += key_arg_length;
1903 dissect_ssl2_hnd_server_hello(tvbuff_t *tvb, packet_info *pinfo,
1904 proto_tree *tree, guint32 offset)
1908 * uint8 session_id_hit;
1909 * uint8 certificate_type;
1910 * uint16 server_version;
1911 * uint16 certificate_length;
1912 * uint16 cipher_specs_length;
1913 * uint16 connection_id_length;
1914 * opaque certificate_data[V2ServerHello.certificate_length];
1915 * opaque cipher_specs_data[V2ServerHello.cipher_specs_length];
1916 * opaque connection_id_data[V2ServerHello.connection_id_length];
1919 * Note: when we get here, offset's already pointing at session_id_hit
1921 guint16 certificate_length;
1922 guint16 cipher_spec_length;
1923 guint16 connection_id_length;
1926 proto_tree *subtree;
1928 /* everything we do only makes sense with a tree, so
1929 * quit now if we don't have one
1936 version = tvb_get_ntohs(tvb, offset + 2);
1937 if (!ssl_is_valid_ssl_version(version))
1939 /* invalid version; probably encrypted data */
1944 /* is there a hit? */
1945 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_hit,
1946 tvb, offset, 1, FALSE);
1949 /* what type of certificate is this? */
1950 proto_tree_add_item(tree, hf_ssl2_handshake_cert_type,
1951 tvb, offset, 1, FALSE);
1954 /* now the server version */
1955 proto_tree_add_item(tree, hf_ssl_handshake_server_version,
1956 tvb, offset, 2, FALSE);
1959 /* get the fixed fields */
1960 certificate_length = tvb_get_ntohs(tvb, offset);
1961 proto_tree_add_uint(tree, hf_ssl_handshake_certificate_len,
1962 tvb, offset, 2, certificate_length);
1965 cipher_spec_length = tvb_get_ntohs(tvb, offset);
1966 proto_tree_add_uint(tree, hf_ssl2_handshake_cipher_spec_len,
1967 tvb, offset, 2, cipher_spec_length);
1970 connection_id_length = tvb_get_ntohs(tvb, offset);
1971 proto_tree_add_uint(tree, hf_ssl2_handshake_connection_id_len,
1972 tvb, offset, 2, connection_id_length);
1975 /* now the variable length fields */
1976 if (certificate_length > 0)
1978 proto_tree_add_bytes_format(tree, hf_ssl_handshake_certificate,
1979 tvb, offset, certificate_length,
1980 tvb_get_ptr(tvb, offset, certificate_length),
1981 "Certificate (%u byte%s)",
1983 plurality(certificate_length, "", "s"));
1984 offset += certificate_length;
1987 if (cipher_spec_length > 0)
1989 /* provide a collapsing node for the cipher specs */
1990 ti = proto_tree_add_none_format(tree,
1991 hf_ssl_handshake_cipher_suites,
1992 tvb, offset, cipher_spec_length,
1993 "Cipher Specs (%u spec%s)",
1994 cipher_spec_length/3,
1995 plurality(cipher_spec_length/3, "", "s"));
1996 subtree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2002 /* iterate through the cipher specs */
2003 while (cipher_spec_length > 0)
2005 proto_tree_add_item(subtree, hf_ssl2_handshake_cipher_spec,
2006 tvb, offset, 3, FALSE);
2008 cipher_spec_length -= 3;
2012 if (connection_id_length > 0)
2014 proto_tree_add_item(tree, hf_ssl2_handshake_connection_id,
2015 tvb, offset, connection_id_length, FALSE);
2016 offset += connection_id_length;
2024 /*********************************************************************
2028 *********************************************************************/
2031 ssl_set_conv_version(packet_info *pinfo, guint version)
2033 conversation_t *conversation;
2035 if (pinfo->fd->flags.visited)
2037 /* We've already processed this frame; no need to do any more
2043 conversation = find_conversation(&pinfo->src, &pinfo->dst, pinfo->ptype,
2044 pinfo->srcport, pinfo->destport, 0);
2046 if (conversation == NULL)
2048 /* create a new conversation */
2049 conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype,
2050 pinfo->srcport, pinfo->destport, 0);
2053 if (conversation_get_proto_data(conversation, proto_ssl) != NULL)
2055 /* get rid of the current data */
2056 conversation_delete_proto_data(conversation, proto_ssl);
2058 conversation_add_proto_data(conversation, proto_ssl, (void *)version);
2062 ssl_is_valid_handshake_type(guint8 type)
2066 case SSL_HND_HELLO_REQUEST:
2067 case SSL_HND_CLIENT_HELLO:
2068 case SSL_HND_SERVER_HELLO:
2069 case SSL_HND_CERTIFICATE:
2070 case SSL_HND_SERVER_KEY_EXCHG:
2071 case SSL_HND_CERT_REQUEST:
2072 case SSL_HND_SVR_HELLO_DONE:
2073 case SSL_HND_CERT_VERIFY:
2074 case SSL_HND_CLIENT_KEY_EXCHG:
2075 case SSL_HND_FINISHED:
2082 ssl_is_valid_content_type(guint8 type)
2084 if (type >= 0x14 && type <= 0x17)
2093 ssl_is_valid_ssl_version(guint16 version)
2095 gchar *version_str = match_strval(version, ssl_versions);
2096 return version_str != NULL;
2100 ssl_is_authoritative_version_message(guint8 content_type,
2103 if (content_type == SSL_ID_HANDSHAKE
2104 && ssl_is_valid_handshake_type(next_byte))
2106 return (next_byte != SSL_HND_CLIENT_HELLO);
2108 else if (ssl_is_valid_content_type(content_type)
2109 && content_type != SSL_ID_HANDSHAKE)
2117 ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset)
2121 byte = tvb_get_guint8(tvb, offset);
2122 if (byte != 0x80) /* v2 client hello should start this way */
2127 byte = tvb_get_guint8(tvb, offset+2);
2128 if (byte != 0x01) /* v2 client hello msg type */
2133 /* 1 in 2^16 of being right; improve later if necessary */
2137 /* this applies a heuristic to determine whether
2138 * or not the data beginning at offset looks like a
2139 * valid sslv2 record. this isn't really possible,
2140 * but we'll try to do a reasonable job anyway.
2143 ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset)
2145 /* here's the current approach:
2147 * we only try to catch unencrypted handshake messages, so we can
2148 * assume that there is not padding. This means that the
2149 * first byte must be >= 0x80 and there must be a valid sslv2
2150 * msg_type in the third byte
2153 /* get the first byte; must have high bit set */
2154 guint8 byte = tvb_get_guint8(tvb, offset);
2160 /* get the supposed msg_type byte; since we only care about
2161 * unencrypted handshake messages (we can't tell the type for
2162 * encrypted messages), we just check against that list
2164 byte = tvb_get_guint8(tvb, offset + 2);
2166 case SSL2_HND_ERROR:
2167 case SSL2_HND_CLIENT_HELLO:
2168 case SSL2_HND_CLIENT_MASTER_KEY:
2169 case SSL2_HND_SERVER_HELLO:
2175 /* this applies a heuristic to determine whether
2176 * or not the data beginning at offset looks like a
2177 * valid sslv3 record. this is somewhat more reliable
2178 * than sslv2 due to the structure of the v3 protocol
2181 ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset)
2183 /* have to have a valid content type followed by a valid
2189 /* see if the first byte is a valid content type */
2190 byte = tvb_get_guint8(tvb, offset);
2191 if (!ssl_is_valid_content_type(byte))
2196 /* now check to see if the version byte appears valid */
2197 version = tvb_get_ntohs(tvb, offset + 1);
2198 if (version != 0x0300 && version != 0x0301)
2206 /* applies a heuristic to determine whether
2207 * or not the data beginning at offset looks
2208 * like a valid, unencrypted v2 handshake message.
2209 * since it isn't possible to completely tell random
2210 * data apart from a valid message without state,
2211 * we try to help the odds.
2214 ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, guint32 offset,
2215 guint32 record_length)
2217 /* first byte should be a msg_type.
2219 * - we know we only see client_hello, client_master_key,
2220 * and server_hello in the clear, so check to see if
2221 * msg_type is one of those (this gives us a 3 in 2^8
2222 * chance of saying yes with random payload)
2224 * - for those three types that we know about, do some
2225 * further validation to reduce the chance of an error
2231 /* fetch the msg_type */
2232 msg_type = tvb_get_guint8(tvb, offset);
2235 case SSL2_HND_CLIENT_HELLO:
2236 /* version follows msg byte, so verify that this is valid */
2237 version = tvb_get_ntohs(tvb, offset+1);
2238 return ssl_is_valid_ssl_version(version);
2241 case SSL2_HND_SERVER_HELLO:
2242 /* version is three bytes after msg_type */
2243 version = tvb_get_ntohs(tvb, offset+3);
2244 return ssl_is_valid_ssl_version(version);
2247 case SSL2_HND_CLIENT_MASTER_KEY:
2248 /* sum of clear_key_length, encrypted_key_length, and key_arg_length
2249 * must be less than record length
2251 sum = tvb_get_ntohs(tvb, offset + 4); /* clear_key_length */
2252 sum += tvb_get_ntohs(tvb, offset + 6); /* encrypted_key_length */
2253 sum += tvb_get_ntohs(tvb, offset + 8); /* key_arg_length */
2254 if (sum > record_length)
2267 /*********************************************************************
2269 * Standard Ethereal Protocol Registration and housekeeping
2271 *********************************************************************/
2273 proto_register_ssl(void)
2276 /* Setup list of header fields See Section 1.6.1 for details*/
2277 static hf_register_info hf[] = {
2279 { "Record Layer", "ssl.record",
2280 FT_NONE, BASE_NONE, NULL, 0x0,
2281 "Record layer", HFILL }
2283 { &hf_ssl_record_content_type,
2284 { "Content Type", "ssl.record.content_type",
2285 FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
2286 "Content type", HFILL}
2288 { &hf_ssl2_msg_type,
2289 { "Handshake Message Type", "ssl.handshake.type",
2290 FT_UINT8, BASE_DEC, VALS(ssl_20_msg_types), 0x0,
2291 "SSLv2 handshake message type", HFILL}
2293 { &hf_ssl_record_version,
2294 { "Version", "ssl.record.version",
2295 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2296 "Record layer version.", HFILL }
2298 { &hf_ssl_record_length,
2299 { "Length", "ssl.record.length",
2300 FT_UINT16, BASE_DEC, NULL, 0x0,
2301 "Length of SSL record data", HFILL }
2303 { &hf_ssl_record_appdata,
2304 { "Application Data", "ssl.app_data",
2305 FT_NONE, BASE_NONE, NULL, 0x0,
2306 "Payload is application data", HFILL }
2309 { "SSLv2 Record Header", "ssl.record",
2310 FT_NONE, BASE_DEC, NULL, 0x0,
2311 "SSLv2 record data", HFILL }
2313 { &hf_ssl2_record_is_escape,
2314 { "Is Escape", "ssl.record.is_escape",
2315 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2316 "Indicates a security escape", HFILL}
2318 { &hf_ssl2_record_padding_length,
2319 { "Padding Length", "ssl.record.padding_length",
2320 FT_UINT8, BASE_DEC, NULL, 0x0,
2321 "Length of padding at end of record", HFILL }
2323 { &hf_ssl_change_cipher_spec,
2324 { "Change Cipher Spec Message", "ssl.change_cipher_spec",
2325 FT_NONE, BASE_NONE, NULL, 0x0,
2326 "Signals a change in cipher specifications", HFILL }
2328 { & hf_ssl_alert_message,
2329 { "Alert Message", "ssl.alert_message",
2330 FT_NONE, BASE_NONE, NULL, 0x0,
2331 "Alert message", HFILL }
2333 { & hf_ssl_alert_message_level,
2334 { "Level", "ssl.alert_message.level",
2335 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
2336 "Alert message level", HFILL }
2338 { &hf_ssl_alert_message_description,
2339 { "Description", "ssl.alert_message.desc",
2340 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
2341 "Alert message description", HFILL }
2343 { &hf_ssl_handshake_protocol,
2344 { "Handshake Protocol", "ssl.handshake",
2345 FT_NONE, BASE_NONE, NULL, 0x0,
2346 "Handshake protocol message", HFILL}
2348 { &hf_ssl_handshake_type,
2349 { "Handshake Type", "ssl.handshake.type",
2350 FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
2351 "Type of handshake message", HFILL}
2353 { &hf_ssl_handshake_length,
2354 { "Length", "ssl.handshake.length",
2355 FT_UINT24, BASE_DEC, NULL, 0x0,
2356 "Length of handshake message", HFILL }
2358 { &hf_ssl_handshake_client_version,
2359 { "Version", "ssl.handshake.version",
2360 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2361 "Maximum version supported by client", HFILL }
2363 { &hf_ssl_handshake_server_version,
2364 { "Version", "ssl.handshake.version",
2365 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2366 "Version selected by server", HFILL }
2368 { &hf_ssl_handshake_random_time,
2369 { "Random.gmt_unix_time", "ssl.handshake.random_time",
2370 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
2371 "Unix time field of random structure", HFILL }
2373 { &hf_ssl_handshake_random_bytes,
2374 { "Random.bytes", "ssl.handshake.random",
2375 FT_NONE, BASE_NONE, NULL, 0x0,
2376 "Random challenge used to authenticate server", HFILL }
2378 { &hf_ssl_handshake_cipher_suites_len,
2379 { "Cipher Suites Length", "ssl.handshake.cipher_suites_length",
2380 FT_UINT16, BASE_DEC, NULL, 0x0,
2381 "Length of cipher suites field", HFILL }
2383 { &hf_ssl_handshake_cipher_suites,
2384 { "Cipher Suites", "ssl.handshake.ciphersuites",
2385 FT_NONE, BASE_NONE, NULL, 0x0,
2386 "List of cipher suites supported by client", HFILL }
2388 { &hf_ssl_handshake_cipher_suite,
2389 { "Cipher Suite", "ssl.handshake.ciphersuite",
2390 FT_UINT16, BASE_HEX, VALS(ssl_31_ciphersuite), 0x0,
2391 "Cipher suite", HFILL }
2393 { &hf_ssl2_handshake_cipher_spec,
2394 { "Cipher Spec", "ssl.handshake.cipherspec",
2395 FT_UINT24, BASE_HEX, VALS(ssl_20_cipher_suites), 0x0,
2396 "Cipher specification", HFILL }
2398 { &hf_ssl_handshake_session_id,
2399 { "Session ID", "ssl.handshake.session_id",
2400 FT_BYTES, BASE_NONE, NULL, 0x0,
2401 "Identifies the SSL session, allowing later resumption", HFILL }
2403 { &hf_ssl_handshake_comp_methods_len,
2404 { "Compression Methods Length", "ssl.handshake.comp_methods_length",
2405 FT_UINT8, BASE_DEC, NULL, 0x0,
2406 "Length of compression methods field", HFILL }
2408 { &hf_ssl_handshake_comp_methods,
2409 { "Compression Methods", "ssl.handshake.comp_methods",
2410 FT_NONE, BASE_NONE, NULL, 0x0,
2411 "List of compression methods supported by client", HFILL }
2413 { &hf_ssl_handshake_comp_method,
2414 { "Compression Method", "ssl.handshake.comp_method",
2415 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
2416 "Compression Method", HFILL }
2418 { &hf_ssl_handshake_certificates_len,
2419 { "Certificates Length", "ssl.handshake.certificates_length",
2420 FT_UINT24, BASE_DEC, NULL, 0x0,
2421 "Length of certificates field", HFILL }
2423 { &hf_ssl_handshake_certificates,
2424 { "Certificates", "ssl.handshake.certificates",
2425 FT_NONE, BASE_NONE, NULL, 0x0,
2426 "List of certificates", HFILL }
2428 { &hf_ssl_handshake_certificate,
2429 { "Certificate", "ssl.handshake.certificate",
2430 FT_BYTES, BASE_NONE, NULL, 0x0,
2431 "Certificate", HFILL }
2433 { &hf_ssl_handshake_certificate_len,
2434 { "Certificate Length", "ssl.handshake.certificate_length",
2435 FT_UINT24, BASE_DEC, NULL, 0x0,
2436 "Length of certificate", HFILL }
2438 { &hf_ssl_handshake_cert_types_count,
2439 { "Certificate types count", "ssl.handshake.cert_types_count",
2440 FT_UINT8, BASE_DEC, NULL, 0x0,
2441 "Count of certificate types", HFILL }
2443 { &hf_ssl_handshake_cert_types,
2444 { "Certificate types", "ssl.handshake.cert_types",
2445 FT_NONE, BASE_NONE, NULL, 0x0,
2446 "List of certificate types", HFILL }
2448 { &hf_ssl_handshake_cert_type,
2449 { "Certificate type", "ssl.handshake.cert_type",
2450 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
2451 "Certificate type", HFILL }
2453 { &hf_ssl_handshake_finished,
2454 { "Verify Data", "ssl.handshake.verify_data",
2455 FT_NONE, BASE_NONE, NULL, 0x0,
2456 "Opaque verification data", HFILL }
2458 { &hf_ssl_handshake_md5_hash,
2459 { "MD5 Hash", "ssl.handshake.md5_hash",
2460 FT_NONE, BASE_NONE, NULL, 0x0,
2461 "Hash of messages, master_secret, etc.", HFILL }
2463 { &hf_ssl_handshake_sha_hash,
2464 { "SHA-1 Hash", "ssl.handshake.sha_hash",
2465 FT_NONE, BASE_NONE, NULL, 0x0,
2466 "Hash of messages, master_secret, etc.", HFILL }
2468 { &hf_ssl_handshake_session_id_len,
2469 { "Session ID Length", "ssl.handshake.session_id_length",
2470 FT_UINT8, BASE_DEC, NULL, 0x0,
2471 "Length of session ID field", HFILL }
2473 { &hf_ssl_handshake_dnames_len,
2474 { "Distinguished Names Length", "ssl.handshake.dnames_len",
2475 FT_UINT16, BASE_DEC, NULL, 0x0,
2476 "Length of list of CAs that server trusts", HFILL }
2478 { &hf_ssl_handshake_dnames,
2479 { "Distinguished Names", "ssl.handshake.dnames",
2480 FT_NONE, BASE_NONE, NULL, 0x0,
2481 "List of CAs that server trusts", HFILL }
2483 { &hf_ssl_handshake_dname_len,
2484 { "Distinguished Name Length", "ssl.handshake.dname_len",
2485 FT_UINT16, BASE_DEC, NULL, 0x0,
2486 "Length of distinguished name", HFILL }
2488 { &hf_ssl_handshake_dname,
2489 { "Distinguished Name", "ssl.handshake.dname",
2490 FT_BYTES, BASE_NONE, NULL, 0x0,
2491 "Distinguished name of a CA that server trusts", HFILL }
2493 { &hf_ssl2_handshake_challenge,
2494 { "Challenge", "ssl.handshake.challenge",
2495 FT_NONE, BASE_NONE, NULL, 0x0,
2496 "Challenge data used to authenticate server", HFILL }
2498 { &hf_ssl2_handshake_cipher_spec_len,
2499 { "Cipher Spec Length", "ssl.handshake.cipher_spec_len",
2500 FT_UINT16, BASE_DEC, NULL, 0x0,
2501 "Length of cipher specs field", HFILL }
2503 { &hf_ssl2_handshake_session_id_len,
2504 { "Session ID Length", "ssl.handshake.session_id_length",
2505 FT_UINT16, BASE_DEC, NULL, 0x0,
2506 "Length of session ID field", HFILL }
2508 { &hf_ssl2_handshake_challenge_len,
2509 { "Challenge Length", "ssl.handshake.challenge_length",
2510 FT_UINT16, BASE_DEC, NULL, 0x0,
2511 "Length of challenge field", HFILL }
2513 { &hf_ssl2_handshake_clear_key_len,
2514 { "Clear Key Data Length", "ssl.handshake.clear_key_length",
2515 FT_UINT16, BASE_DEC, NULL, 0x0,
2516 "Length of clear key data", HFILL }
2518 { &hf_ssl2_handshake_enc_key_len,
2519 { "Encrypted Key Data Length", "ssl.handshake.encrypted_key_length",
2520 FT_UINT16, BASE_DEC, NULL, 0x0,
2521 "Length of encrypted key data", HFILL }
2523 { &hf_ssl2_handshake_key_arg_len,
2524 { "Key Argument Length", "ssl.handshake.key_arg_length",
2525 FT_UINT16, BASE_DEC, NULL, 0x0,
2526 "Length of key argument", HFILL }
2528 { &hf_ssl2_handshake_clear_key,
2529 { "Clear Key Data", "ssl.handshake.clear_key_data",
2530 FT_NONE, BASE_NONE, NULL, 0x0,
2531 "Clear portion of MASTER-KEY", HFILL }
2533 { &hf_ssl2_handshake_enc_key,
2534 { "Encrypted Key", "ssl.handshake.encrypted_key",
2535 FT_NONE, BASE_NONE, NULL, 0x0,
2536 "Secret portion of MASTER-KEY encrypted to server", HFILL }
2538 { &hf_ssl2_handshake_key_arg,
2539 { "Key Argument", "ssl.handshake.key_arg",
2540 FT_NONE, BASE_NONE, NULL, 0x0,
2541 "Key Argument (e.g., Initialization Vector)", HFILL }
2543 { &hf_ssl2_handshake_session_id_hit,
2544 { "Session ID Hit", "ssl.handshake.session_id_hit",
2545 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2546 "Did the server find the client's Session ID?", HFILL }
2548 { &hf_ssl2_handshake_cert_type,
2549 { "Certificate Type", "ssl.handshake.cert_type",
2550 FT_UINT8, BASE_DEC, VALS(ssl_20_certificate_type), 0x0,
2551 "Certificate Type", HFILL }
2553 { &hf_ssl2_handshake_connection_id_len,
2554 { "Connection ID Length", "ssl.handshake.connection_id_length",
2555 FT_UINT16, BASE_DEC, NULL, 0x0,
2556 "Length of connection ID", HFILL }
2558 { &hf_ssl2_handshake_connection_id,
2559 { "Connection ID", "ssl.handshake.connection_id",
2560 FT_NONE, BASE_NONE, NULL, 0x0,
2561 "Server's challenge to client", HFILL }
2565 /* Setup protocol subtree array */
2566 static gint *ett[] = {
2571 &ett_ssl_cipher_suites,
2572 &ett_ssl_comp_methods,
2574 &ett_ssl_cert_types,
2578 /* Register the protocol name and description */
2579 proto_ssl = proto_register_protocol("Secure Socket Layer",
2582 /* Required function calls to register the header fields and
2584 proto_register_field_array(proto_ssl, hf, array_length(hf));
2585 proto_register_subtree_array(ett, array_length(ett));
2588 module_t *ssl_module = prefs_register_protocol(proto_ssl, NULL);
2589 prefs_register_bool_preference(ssl_module,
2590 "desegment_ssl_records",
2591 "Desegment SSL records",
2592 "When enabled, SSL records that span multiple TCP segments are desegmented",
2597 /* If this dissector uses sub-dissector registration add a registration
2598 * routine. This format is required because a script is used to find
2599 * these routines and create the code that calls these routines.
2602 proto_reg_handoff_ssl(void)
2604 dissector_handle_t ssl_handle;
2606 ssl_handle = create_dissector_handle(dissect_ssl, proto_ssl);
2607 dissector_add("tcp.port", TCP_PORT_SSL, ssl_handle);