2 * Routines for ssl dissection
3 * Copyright (c) 2000-2001, Scott Renfro <scott@renfro.org>
5 * $Id: packet-ssl.c,v 1.20 2002/04/08 10:05:19 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 * - Uses conversations in a no-malloc fashion. Since we just want to
28 * remember the version of the conversation, we store the version
29 * integer directly in the void *data member of the conversation
30 * structure. This means that we don't have to manage any memory,
31 * but will cause problems if anyone assumes that all data pointers
32 * are actually pointers to memory allocated by g_mem_chunk_alloc.
34 * - Does not support decryption of encrypted frames, nor dissection
35 * of frames that would require state maintained between frames
36 * (e.g., single ssl records spread across multiple tcp frames)
38 * - Identifies, but does not fully dissect the following messages:
40 * - SSLv3/TLS (These need more state from previous handshake msgs)
41 * - Server Key Exchange
42 * - Client Key Exchange
43 * - Certificate Verify
45 * - SSLv2 (These don't appear in the clear)
50 * - Request Certificate
51 * - Client Certificate
65 #ifdef NEED_SNPRINTF_H
66 # include "snprintf.h"
69 #include <epan/conversation.h>
72 static gboolean ssl_desegment = TRUE;
75 /*********************************************************************
77 * Protocol Constants, Variables, Data Structures
79 *********************************************************************/
81 /* Initialize the protocol and registered fields */
82 static int proto_ssl = -1;
83 static int hf_ssl_record = -1;
84 static int hf_ssl_record_content_type = -1;
85 static int hf_ssl_record_version = -1;
86 static int hf_ssl_record_length = -1;
87 static int hf_ssl_record_appdata = -1;
88 static int hf_ssl2_record = -1;
89 static int hf_ssl2_record_is_escape = -1;
90 static int hf_ssl2_record_padding_length = -1;
91 static int hf_ssl2_msg_type = -1;
92 static int hf_ssl_change_cipher_spec = -1;
93 static int hf_ssl_alert_message = -1;
94 static int hf_ssl_alert_message_level = -1;
95 static int hf_ssl_alert_message_description = -1;
96 static int hf_ssl_handshake_protocol = -1;
97 static int hf_ssl_handshake_type = -1;
98 static int hf_ssl_handshake_length = -1;
99 static int hf_ssl_handshake_client_version = -1;
100 static int hf_ssl_handshake_server_version = -1;
101 static int hf_ssl_handshake_random_time = -1;
102 static int hf_ssl_handshake_random_bytes = -1;
103 static int hf_ssl_handshake_cipher_suites_len = -1;
104 static int hf_ssl_handshake_cipher_suites = -1;
105 static int hf_ssl_handshake_cipher_suite = -1;
106 static int hf_ssl_handshake_session_id = -1;
107 static int hf_ssl_handshake_comp_methods_len = -1;
108 static int hf_ssl_handshake_comp_methods = -1;
109 static int hf_ssl_handshake_comp_method = -1;
110 static int hf_ssl_handshake_certificates_len = -1;
111 static int hf_ssl_handshake_certificates = -1;
112 static int hf_ssl_handshake_certificate = -1;
113 static int hf_ssl_handshake_certificate_len = -1;
114 static int hf_ssl_handshake_cert_types_count = -1;
115 static int hf_ssl_handshake_cert_types = -1;
116 static int hf_ssl_handshake_cert_type = -1;
117 static int hf_ssl_handshake_finished = -1;
118 static int hf_ssl_handshake_md5_hash = -1;
119 static int hf_ssl_handshake_sha_hash = -1;
120 static int hf_ssl_handshake_session_id_len = -1;
121 static int hf_ssl_handshake_dnames_len = -1;
122 static int hf_ssl_handshake_dnames = -1;
123 static int hf_ssl_handshake_dname_len = -1;
124 static int hf_ssl_handshake_dname = -1;
125 static int hf_ssl2_handshake_cipher_spec_len = -1;
126 static int hf_ssl2_handshake_session_id_len = -1;
127 static int hf_ssl2_handshake_challenge_len = -1;
128 static int hf_ssl2_handshake_cipher_spec = -1;
129 static int hf_ssl2_handshake_challenge = -1;
130 static int hf_ssl2_handshake_clear_key_len = -1;
131 static int hf_ssl2_handshake_enc_key_len = -1;
132 static int hf_ssl2_handshake_key_arg_len = -1;
133 static int hf_ssl2_handshake_clear_key = -1;
134 static int hf_ssl2_handshake_enc_key = -1;
135 static int hf_ssl2_handshake_key_arg = -1;
136 static int hf_ssl2_handshake_session_id_hit = -1;
137 static int hf_ssl2_handshake_cert_type = -1;
138 static int hf_ssl2_handshake_connection_id_len = -1;
139 static int hf_ssl2_handshake_connection_id = -1;
141 /* Initialize the subtree pointers */
142 static gint ett_ssl = -1;
143 static gint ett_ssl_record = -1;
144 static gint ett_ssl_alert = -1;
145 static gint ett_ssl_handshake = -1;
146 static gint ett_ssl_cipher_suites = -1;
147 static gint ett_ssl_comp_methods = -1;
148 static gint ett_ssl_certs = -1;
149 static gint ett_ssl_cert_types = -1;
150 static gint ett_ssl_dnames = -1;
152 /* The TCP port to associate with by default */
153 #define TCP_PORT_SSL 443
154 #define TCP_PORT_SSL_LDAP 636
155 #define TCP_PORT_SSL_IMAP 993
156 #define TCP_PORT_SSL_POP 995
158 /* version state tables */
159 #define SSL_VER_UNKNOWN 0
160 #define SSL_VER_SSLv2 1
161 #define SSL_VER_SSLv3 2
162 #define SSL_VER_TLS 3
164 /* corresponds to the #defines above */
165 static gchar* ssl_version_short_names[] = {
173 #define SSL_ID_CHG_CIPHER_SPEC 0x14
174 #define SSL_ID_ALERT 0x15
175 #define SSL_ID_HANDSHAKE 0x16
176 #define SSL_ID_APP_DATA 0x17
178 #define SSL_HND_HELLO_REQUEST 0x00
179 #define SSL_HND_CLIENT_HELLO 0x01
180 #define SSL_HND_SERVER_HELLO 0x02
181 #define SSL_HND_CERTIFICATE 0x0b
182 #define SSL_HND_SERVER_KEY_EXCHG 0x0c
183 #define SSL_HND_CERT_REQUEST 0x0d
184 #define SSL_HND_SVR_HELLO_DONE 0x0e
185 #define SSL_HND_CERT_VERIFY 0x0f
186 #define SSL_HND_CLIENT_KEY_EXCHG 0x10
187 #define SSL_HND_FINISHED 0x14
189 #define SSL2_HND_ERROR 0x00
190 #define SSL2_HND_CLIENT_HELLO 0x01
191 #define SSL2_HND_CLIENT_MASTER_KEY 0x02
192 #define SSL2_HND_CLIENT_FINISHED 0x03
193 #define SSL2_HND_SERVER_HELLO 0x04
194 #define SSL2_HND_SERVER_VERIFY 0x05
195 #define SSL2_HND_SERVER_FINISHED 0x06
196 #define SSL2_HND_REQUEST_CERTIFICATE 0x07
197 #define SSL2_HND_CLIENT_CERTIFICATE 0x08
203 static const value_string ssl_20_msg_types[] = {
204 { SSL2_HND_ERROR, "Error" },
205 { SSL2_HND_CLIENT_HELLO, "Client Hello" },
206 { SSL2_HND_CLIENT_MASTER_KEY, "Client Master Key" },
207 { SSL2_HND_CLIENT_FINISHED, "Client Finished" },
208 { SSL2_HND_SERVER_HELLO, "Server Hello" },
209 { SSL2_HND_SERVER_VERIFY, "Server Verify" },
210 { SSL2_HND_SERVER_FINISHED, "Server Finished" },
211 { SSL2_HND_REQUEST_CERTIFICATE, "Request Certificate" },
212 { SSL2_HND_CLIENT_CERTIFICATE, "Client Certificate" },
216 static const value_string ssl_20_cipher_suites[] = {
217 { 0x010080, "SSL2_RC4_128_WITH_MD5" },
218 { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" },
219 { 0x030080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
220 { 0x040080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
221 { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" },
222 { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" },
223 { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" },
224 { 0x080080, "SSL2_RC4_64_WITH_MD5" },
225 { 0x000000, "TLS_NULL_WITH_NULL_NULL" },
226 { 0x000001, "TLS_RSA_WITH_NULL_MD5" },
227 { 0x000002, "TLS_RSA_WITH_NULL_SHA" },
228 { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
229 { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" },
230 { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" },
231 { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
232 { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
233 { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
234 { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" },
235 { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
236 { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
237 { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
238 { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
239 { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
240 { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
241 { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
242 { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
243 { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
244 { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
245 { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
246 { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
247 { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
248 { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
249 { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" },
250 { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
251 { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
252 { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
253 { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
254 { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
255 { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
256 { 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
257 { 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
258 { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
259 { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
260 { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
261 { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
262 { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
263 /* these from http://www.mozilla.org/projects/
264 security/pki/nss/ssl/fips-ssl-ciphersuites.html */
265 { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
266 { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
267 { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
268 { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
269 /* note that ciphersuites of {0x00????} are TLS cipher suites in
270 * a sslv2 client hello message; the ???? above is the two-byte
271 * tls cipher suite id
276 static const value_string ssl_20_certificate_type[] = {
278 { 0x01, "X.509 Certificate" },
282 static const value_string ssl_31_content_type[] = {
283 { 20, "Change Cipher Spec" },
286 { 23, "Application Data" },
290 static const value_string ssl_versions[] = {
291 { 0x0301, "TLS 1.0" },
292 { 0x0300, "SSL 3.0" },
293 { 0x0002, "SSL 2.0" },
297 static const value_string ssl_31_change_cipher_spec[] = {
298 { 1, "Change Cipher Spec" },
302 static const value_string ssl_31_alert_level[] = {
308 static const value_string ssl_31_alert_description[] = {
309 { 0, "Close Notify" },
310 { 10, "Unexpected Message" },
311 { 20, "Bad Record MAC" },
312 { 21, "Decryption Failed" },
313 { 22, "Record Overflow" },
314 { 30, "Decompression Failure" },
315 { 40, "Handshake Failure" },
316 { 42, "Bad Certificate" },
317 { 43, "Unsupported Certificate" },
318 { 44, "Certificate Revoked" },
319 { 45, "Certificate Expired" },
320 { 46, "Certificate Unknown" },
321 { 47, "Illegal Parameter" },
322 { 48, "Unknown CA" },
323 { 49, "Access Denied" },
324 { 50, "Decode Error" },
325 { 51, "Decrypt Error" },
326 { 60, "Export Restriction" },
327 { 70, "Protocol Version" },
328 { 71, "Insufficient Security" },
329 { 80, "Internal Error" },
330 { 90, "User Canceled" },
331 { 100, "No Renegotiation" },
335 static const value_string ssl_31_handshake_type[] = {
336 { SSL_HND_HELLO_REQUEST, "Hello Request" },
337 { SSL_HND_CLIENT_HELLO, "Client Hello" },
338 { SSL_HND_SERVER_HELLO, "Server Hello" },
339 { SSL_HND_CERTIFICATE, "Certificate" },
340 { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" },
341 { SSL_HND_CERT_REQUEST, "Certificate Request" },
342 { SSL_HND_SVR_HELLO_DONE, "Server Hello Done" },
343 { SSL_HND_CERT_VERIFY, "Certificate Verify" },
344 { SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" },
345 { SSL_HND_FINISHED, "Finished" },
349 static const value_string ssl_31_compression_method[] = {
354 static const value_string ssl_31_key_exchange_algorithm[] = {
356 { 1, "Diffie Hellman" },
360 static const value_string ssl_31_signature_algorithm[] = {
367 static const value_string ssl_31_client_certificate_type[] = {
370 { 3, "RSA Fixed DH" },
371 { 4, "DSS Fixed DH" },
375 static const value_string ssl_31_public_value_encoding[] = {
381 static const value_string ssl_31_ciphersuite[] = {
382 { 0x0000, "TLS_NULL_WITH_NULL_NULL" },
383 { 0x0001, "TLS_RSA_WITH_NULL_MD5" },
384 { 0x0002, "TLS_RSA_WITH_NULL_SHA" },
385 { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
386 { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" },
387 { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" },
388 { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
389 { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
390 { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
391 { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" },
392 { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
393 { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
394 { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
395 { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
396 { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
397 { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
398 { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
399 { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
400 { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
401 { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
402 { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
403 { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
404 { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
405 { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
406 { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" },
407 { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
408 { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
409 { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
410 { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
411 { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
412 { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
413 { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
414 { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
415 { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
416 { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
417 { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
418 /* these from http://www.mozilla.org/projects/
419 security/pki/nss/ssl/fips-ssl-ciphersuites.html */
420 { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
421 { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
422 { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
423 { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
424 /* note that ciphersuites 0xff00 - 0xffff are private */
428 /*********************************************************************
430 * Forward Declarations
432 *********************************************************************/
435 * SSL version 3 and TLS dissectors
438 /* record layer dissector */
439 static int dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
440 proto_tree *tree, guint32 offset,
442 gboolean *need_desegmentation);
444 /* change cipher spec dissector */
445 static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
448 guint *conv_version);
450 /* alert message dissector */
451 static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
452 proto_tree *tree, guint32 offset,
453 guint *conv_version);
455 /* handshake protocol dissector */
456 static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
457 proto_tree *tree, guint32 offset,
458 guint32 record_length,
459 guint *conv_version);
462 static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
466 static void dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
470 static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
471 proto_tree *tree, guint32 offset);
473 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
477 static void dissect_ssl3_hnd_finished(tvbuff_t *tvb,
480 guint *conv_version);
484 * SSL version 2 dissectors
488 /* record layer dissector */
489 static int dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
490 proto_tree *tree, guint32 offset,
492 gboolean *need_desegmentation);
494 /* client hello dissector */
495 static void dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
499 /* client master key dissector */
500 static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
504 /* server hello dissector */
505 static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
513 static void ssl_set_conv_version(packet_info *pinfo, guint version);
514 static int ssl_is_valid_handshake_type(guint8 type);
515 static int ssl_is_valid_content_type(guint8 type);
516 static int ssl_is_valid_ssl_version(guint16 version);
517 static int ssl_is_authoritative_version_message(guint8 content_type,
519 static int ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset);
520 static int ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset);
521 static int ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset);
522 static int ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb,
524 guint32 record_length);
526 /*********************************************************************
530 *********************************************************************/
532 * Code to actually dissect the packets
535 dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
538 conversation_t *conversation;
540 guint conv_version = SSL_VER_UNKNOWN;
541 proto_item *ti = NULL;
542 proto_tree *ssl_tree = NULL;
544 gboolean first_record_in_frame = TRUE;
545 gboolean need_desegmentation;
547 /* Track the version using conversations to reduce the
548 * chance that a packet that simply *looks* like a v2 or
549 * v3 packet is dissected improperly. This also allows
550 * us to more frequently set the protocol column properly
551 * for continuation data frames.
553 * Also: We use the copy in conv_version as our cached copy,
554 * so that we don't have to search the conversation
555 * table every time we want the version; when setting
556 * the conv_version, must set the copy in the conversation
557 * in addition to conv_version
559 conversation = find_conversation(&pinfo->src, &pinfo->dst, pinfo->ptype,
560 pinfo->srcport, pinfo->destport, 0);
563 /* create a new conversation */
564 conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype,
565 pinfo->srcport, pinfo->destport, 0);
567 conv_data = conversation_get_proto_data(conversation, proto_ssl);
568 if (conv_data != NULL)
570 conv_version = (guint)conv_data;
573 /* Initialize the protocol column; we'll set it later when we
574 * figure out what flavor of SSL it is (assuming we don't
575 * throw an exception before we get the chance to do so). */
576 if (check_col(pinfo->cinfo, COL_PROTOCOL))
578 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSL");
581 /* clear the the info column */
582 if (check_col(pinfo->cinfo, COL_INFO))
583 col_clear(pinfo->cinfo, COL_INFO);
585 /* TCP packets and SSL records are orthogonal.
586 * A tcp packet may contain multiple ssl records and an ssl
587 * record may be spread across multiple tcp packets.
589 * This loop accounts for multiple ssl records in a single
590 * frame, but not a single ssl record across multiple tcp
593 * Handling the single ssl record across multiple packets
594 * may be possible using ethereal conversations, but
595 * probably not cleanly. May have to wait for tcp stream
599 /* Create display subtree for SSL as a whole */
602 ti = proto_tree_add_item(tree, proto_ssl, tvb, 0, -1, FALSE);
603 ssl_tree = proto_item_add_subtree(ti, ett_ssl);
606 /* iterate through the records in this tvbuff */
607 while (tvb_reported_length_remaining(tvb, offset) != 0)
609 /* on second and subsequent records per frame
610 * add a delimiter on info column
612 if (!first_record_in_frame
613 && check_col(pinfo->cinfo, COL_INFO))
615 col_append_str(pinfo->cinfo, COL_INFO, ", ");
619 * Assume, for now, that this doesn't need desegmentation.
621 need_desegmentation = FALSE;
623 /* first try to dispatch off the cached version
624 * known to be associated with the conversation
626 switch(conv_version) {
628 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
629 offset, &conv_version,
630 &need_desegmentation);
635 /* the version tracking code works too well ;-)
636 * at times, we may visit a v2 client hello after
637 * we already know the version of the connection;
638 * work around that here by detecting and calling
639 * the v2 dissector instead
641 if (ssl_is_v2_client_hello(tvb, offset))
643 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
644 offset, &conv_version,
645 &need_desegmentation);
649 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
650 offset, &conv_version,
651 &need_desegmentation);
655 /* that failed, so apply some heuristics based
656 * on this individual packet
659 if (ssl_looks_like_sslv2(tvb, offset))
661 /* looks like sslv2 client hello */
662 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
663 offset, &conv_version,
664 &need_desegmentation);
666 else if (ssl_looks_like_sslv3(tvb, offset))
668 /* looks like sslv3 or tls */
669 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
670 offset, &conv_version,
671 &need_desegmentation);
675 /* looks like something unknown, so lump into
678 offset = tvb_length(tvb);
679 if (check_col(pinfo->cinfo, COL_INFO))
680 col_append_str(pinfo->cinfo, COL_INFO,
681 "Continuation Data");
683 /* Set the protocol column */
684 if (check_col(pinfo->cinfo, COL_PROTOCOL))
686 col_set_str(pinfo->cinfo, COL_PROTOCOL,
687 ssl_version_short_names[conv_version]);
693 /* Desegmentation return check */
694 if (need_desegmentation)
697 /* If we haven't already set the version information for
698 * this conversation, do so. */
699 if (conv_data == NULL)
701 conv_data = (void *)conv_version;
702 conversation_add_proto_data(conversation, proto_ssl, conv_data);
705 /* set up for next record in frame, if any */
706 first_record_in_frame = FALSE;
712 /*********************************************************************
714 * SSL version 3 and TLS Dissection Routines
716 *********************************************************************/
718 dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
719 proto_tree *tree, guint32 offset,
720 guint *conv_version, gboolean *need_desegmentation)
725 * uint8 major, minor;
730 * change_cipher_spec(20), alert(21), handshake(22),
731 * application_data(23), (255)
736 * ProtocolVersion version;
738 * opaque fragment[TLSPlaintext.length];
741 guint32 record_length;
745 proto_tree *ti = NULL;
746 proto_tree *ssl_record_tree = NULL;
747 guint32 available_bytes = 0;
749 available_bytes = tvb_length_remaining(tvb, offset);
752 * Can we do reassembly?
754 if (ssl_desegment && pinfo->can_desegment) {
756 * Yes - is the record header split across segment boundaries?
758 if (available_bytes < 5) {
760 * Yes. Tell the TCP dissector where the data for this
761 * message starts in the data it handed us, and how many
762 * more bytes we need, and return.
764 pinfo->desegment_offset = offset;
765 pinfo->desegment_len = 5 - available_bytes;
766 *need_desegmentation = TRUE;
772 * Get the record layer fields of interest
774 content_type = tvb_get_guint8(tvb, offset);
775 version = tvb_get_ntohs(tvb, offset + 1);
776 record_length = tvb_get_ntohs(tvb, offset + 3);
778 if (ssl_is_valid_content_type(content_type)) {
781 * Can we do reassembly?
783 if (ssl_desegment && pinfo->can_desegment) {
785 * Yes - is the record split across segment boundaries?
787 if (available_bytes < record_length + 5) {
789 * Yes. Tell the TCP dissector where the data for this
790 * message starts in the data it handed us, and how many
791 * more bytes we need, and return.
793 pinfo->desegment_offset = offset;
794 pinfo->desegment_len = (record_length + 5) - available_bytes;
795 *need_desegmentation = TRUE;
802 /* if we don't have a valid content_type, there's no sense
803 * continuing any further
805 if (check_col(pinfo->cinfo, COL_INFO))
806 col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
808 /* Set the protocol column */
809 if (check_col(pinfo->cinfo, COL_PROTOCOL))
811 col_set_str(pinfo->cinfo, COL_PROTOCOL,
812 ssl_version_short_names[*conv_version]);
814 return offset + 5 + record_length;
818 * If GUI, fill in record layer part of tree
823 /* add the record layer subtree header */
824 ti = proto_tree_add_item(tree, hf_ssl_record, tvb,
825 offset, 5 + record_length, 0);
826 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
831 /* show the one-byte content type */
832 proto_tree_add_item(ssl_record_tree, hf_ssl_record_content_type,
836 /* add the version */
837 proto_tree_add_item(ssl_record_tree, hf_ssl_record_version, tvb,
842 proto_tree_add_uint(ssl_record_tree, hf_ssl_record_length, tvb,
843 offset, 2, record_length);
844 offset += 2; /* move past length field itself */
848 /* if no GUI tree, then just skip over those fields */
854 * if we don't already have a version set for this conversation,
855 * but this message's version is authoritative (i.e., it's
856 * not client_hello, then save the version to to conversation
857 * structure and print the column version
859 next_byte = tvb_get_guint8(tvb, offset);
860 if (*conv_version == SSL_VER_UNKNOWN
861 && ssl_is_authoritative_version_message(content_type, next_byte))
863 if (version == 0x0300)
865 *conv_version = SSL_VER_SSLv3;
866 ssl_set_conv_version(pinfo, *conv_version);
868 else if (version == 0x0301)
870 *conv_version = SSL_VER_TLS;
871 ssl_set_conv_version(pinfo, *conv_version);
874 if (check_col(pinfo->cinfo, COL_PROTOCOL))
876 if (version == 0x0300)
878 col_set_str(pinfo->cinfo, COL_PROTOCOL,
879 ssl_version_short_names[SSL_VER_SSLv3]);
881 else if (version == 0x0301)
883 col_set_str(pinfo->cinfo, COL_PROTOCOL,
884 ssl_version_short_names[SSL_VER_TLS]);
888 col_set_str(pinfo->cinfo, COL_PROTOCOL,
889 ssl_version_short_names[*conv_version]);
894 * now dissect the next layer
896 switch (content_type) {
897 case SSL_ID_CHG_CIPHER_SPEC:
898 if (check_col(pinfo->cinfo, COL_INFO))
899 col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
900 dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree,
901 offset, conv_version);
904 dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
907 case SSL_ID_HANDSHAKE:
908 dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
909 record_length, conv_version);
911 case SSL_ID_APP_DATA:
912 if (check_col(pinfo->cinfo, COL_INFO))
913 col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
916 proto_item_set_text(ssl_record_tree,
917 "%s Record Layer: Application Data",
918 ssl_version_short_names[*conv_version]);
919 proto_tree_add_item(ssl_record_tree, hf_ssl_record_appdata, tvb,
920 offset, record_length, 0);
925 /* shouldn't get here since we check above for valid types */
926 if (check_col(pinfo->cinfo, COL_INFO))
927 col_append_str(pinfo->cinfo, COL_INFO, "Bad SSLv3 Content Type");
930 offset += record_length; /* skip to end of record */
935 /* dissects the change cipher spec procotol, filling in the tree */
937 dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
938 proto_tree *tree, guint32 offset,
943 * enum { change_cipher_spec(1), (255) } type;
944 * } ChangeCipherSpec;
949 proto_item_set_text(tree,
950 "%s Record Layer: Change Cipher Spec",
951 ssl_version_short_names[*conv_version]);
952 proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
957 /* dissects the alert message, filling in the tree */
959 dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
960 proto_tree *tree, guint32 offset,
965 * AlertDescription description;
969 proto_tree *ssl_alert_tree = NULL;
975 ti = proto_tree_add_item(tree, hf_ssl_alert_message, tvb,
977 ssl_alert_tree = proto_item_add_subtree(ti, ett_ssl_alert);
981 * set the record layer label
984 /* first lookup the names for the alert level and description */
985 byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
986 level = match_strval(byte, ssl_31_alert_level);
988 byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
989 desc = match_strval(byte, ssl_31_alert_description);
991 /* now set the text in the record layer line */
994 if (check_col(pinfo->cinfo, COL_INFO))
995 col_append_fstr(pinfo->cinfo, COL_INFO,
996 "Alert (Level: %s, Description: %s)",
1001 if (check_col(pinfo->cinfo, COL_INFO))
1002 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
1009 proto_item_set_text(tree, "%s Record Layer: Alert "
1010 "(Level: %s, Description: %s)",
1011 ssl_version_short_names[*conv_version],
1013 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
1014 tvb, offset++, 1, FALSE);
1016 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_description,
1017 tvb, offset++, 1, FALSE);
1021 proto_item_set_text(tree,
1022 "%s Record Layer: Encrypted Alert",
1023 ssl_version_short_names[*conv_version]);
1024 proto_item_set_text(ssl_alert_tree,
1025 "Alert Message: Encrypted Alert");
1031 /* dissects the handshake protocol, filling the tree */
1033 dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
1034 proto_tree *tree, guint32 offset,
1035 guint32 record_length, guint *conv_version)
1038 * HandshakeType msg_type;
1040 * select (HandshakeType) {
1041 * case hello_request: HelloRequest;
1042 * case client_hello: ClientHello;
1043 * case server_hello: ServerHello;
1044 * case certificate: Certificate;
1045 * case server_key_exchange: ServerKeyExchange;
1046 * case certificate_request: CertificateRequest;
1047 * case server_hello_done: ServerHelloDone;
1048 * case certificate_verify: CertificateVerify;
1049 * case client_key_exchange: ClientKeyExchange;
1050 * case finished: Finished;
1054 proto_tree *ti = NULL;
1055 proto_tree *ssl_hand_tree = NULL;
1056 gchar *msg_type_str = NULL;
1059 gboolean first_iteration = TRUE;
1062 /* just as there can be multiple records per packet, there
1063 * can be multiple messages per record as long as they have
1064 * the same content type
1066 * we really only care about this for handshake messages
1069 /* set record_length to the max offset */
1070 record_length += offset;
1071 while (offset < record_length)
1073 msg_type = tvb_get_guint8(tvb, offset);
1074 msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
1075 length = tvb_get_ntoh24(tvb, offset + 1);
1077 if (!msg_type_str && !first_iteration)
1079 /* only dissect / report messages if they're
1080 * either the first message in this record
1081 * or they're a valid message type
1086 /* on second and later iterations, add comma to info col */
1087 if (!first_iteration)
1089 if (check_col(pinfo->cinfo, COL_INFO))
1090 col_append_fstr(pinfo->cinfo, COL_INFO, ", ");
1094 * Update our info string
1096 if (check_col(pinfo->cinfo, COL_INFO))
1097 col_append_fstr(pinfo->cinfo, COL_INFO, "%s", (msg_type_str != NULL)
1098 ? msg_type_str : "Encrypted Handshake Message");
1102 /* set the label text on the record layer expanding node */
1103 if (first_iteration)
1105 proto_item_set_text(tree, "%s Record Layer: %s",
1106 ssl_version_short_names[*conv_version],
1107 (msg_type_str!=NULL) ? msg_type_str :
1108 "Encrypted Handshake Message");
1112 proto_item_set_text(tree, "%s Record Layer: %s",
1113 ssl_version_short_names[*conv_version],
1114 "Multiple Handshake Messages");
1117 /* add a subtree for the handshake protocol */
1118 ti = proto_tree_add_item(tree, hf_ssl_handshake_protocol, tvb,
1119 offset, length + 4, 0);
1120 ssl_hand_tree = proto_item_add_subtree(ti, ett_ssl_handshake);
1124 /* set the text label on the subtree node */
1125 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s",
1126 (msg_type_str != NULL) ? msg_type_str :
1127 "Encrypted Handshake Message");
1131 /* if we don't have a valid handshake type, just quit dissecting */
1139 /* add nodes for the message type and message length */
1140 proto_tree_add_item(ssl_hand_tree, hf_ssl_handshake_type,
1141 tvb, offset, 1, msg_type);
1143 proto_tree_add_uint(ssl_hand_tree, hf_ssl_handshake_length,
1144 tvb, offset, 3, length);
1147 /* now dissect the handshake message, if necessary */
1149 case SSL_HND_HELLO_REQUEST:
1150 /* hello_request has no fields, so nothing to do! */
1153 case SSL_HND_CLIENT_HELLO:
1154 dissect_ssl3_hnd_cli_hello(tvb, ssl_hand_tree, offset);
1157 case SSL_HND_SERVER_HELLO:
1158 dissect_ssl3_hnd_srv_hello(tvb, ssl_hand_tree, offset);
1161 case SSL_HND_CERTIFICATE:
1162 dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset);
1165 case SSL_HND_CERT_REQUEST:
1166 dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset);
1169 case SSL_HND_SVR_HELLO_DONE:
1170 /* server_hello_done has no fields, so nothing to do! */
1173 case SSL_HND_FINISHED:
1174 dissect_ssl3_hnd_finished(tvb, ssl_hand_tree,
1175 offset, conv_version);
1178 case SSL_HND_SERVER_KEY_EXCHG:
1179 case SSL_HND_CERT_VERIFY:
1180 case SSL_HND_CLIENT_KEY_EXCHG:
1188 offset += 4; /* skip the handshake header */
1191 first_iteration = FALSE; /* set up for next pass, if any */
1196 dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
1199 /* show the client's random challenge */
1200 guint32 initial_offset = offset;
1201 nstime_t gmt_unix_time;
1202 guint8 session_id_length = 0;
1207 gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
1208 gmt_unix_time.nsecs = 0;
1209 proto_tree_add_time(tree, hf_ssl_handshake_random_time,
1210 tvb, offset, 4, &gmt_unix_time);
1213 /* show the random bytes */
1214 proto_tree_add_item(tree, hf_ssl_handshake_random_bytes,
1215 tvb, offset, 28, 0);
1218 /* show the session id */
1219 session_id_length = tvb_get_guint8(tvb, offset);
1220 proto_tree_add_item(tree, hf_ssl_handshake_session_id_len,
1221 tvb, offset++, 1, 0);
1222 if (session_id_length > 0)
1224 proto_tree_add_bytes_format(tree, hf_ssl_handshake_session_id,
1225 tvb, offset, session_id_length,
1226 tvb_get_ptr(tvb, offset, session_id_length),
1227 "Session ID (%u byte%s)",
1229 plurality(session_id_length, "", "s"));
1230 offset += session_id_length;
1234 return offset - initial_offset;
1238 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
1239 proto_tree *tree, guint32 offset)
1242 * ProtocolVersion client_version;
1244 * SessionID session_id;
1245 * CipherSuite cipher_suites<2..2^16-1>;
1246 * CompressionMethod compression_methods<1..2^8-1>;
1251 proto_tree *cs_tree;
1252 guint16 cipher_suite_length = 0;
1253 guint8 compression_methods_length = 0;
1257 /* show the client version */
1258 proto_tree_add_item(tree, hf_ssl_handshake_client_version, tvb,
1262 /* show the fields in common with server hello */
1263 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset);
1265 /* tell the user how many cipher suites there are */
1266 cipher_suite_length = tvb_get_ntohs(tvb, offset);
1267 proto_tree_add_uint(tree, hf_ssl_handshake_cipher_suites_len,
1268 tvb, offset, 2, cipher_suite_length);
1269 offset += 2; /* skip opaque length */
1271 if (cipher_suite_length > 0)
1273 ti = proto_tree_add_none_format(tree,
1274 hf_ssl_handshake_cipher_suites,
1275 tvb, offset, cipher_suite_length,
1276 "Cipher Suites (%u suite%s)",
1277 cipher_suite_length / 2,
1278 plurality(cipher_suite_length/2, "", "s"));
1280 /* make this a subtree */
1281 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1284 cs_tree = tree; /* failsafe */
1287 while (cipher_suite_length > 0)
1289 proto_tree_add_item(cs_tree, hf_ssl_handshake_cipher_suite,
1290 tvb, offset, 2, FALSE);
1292 cipher_suite_length -= 2;
1296 /* tell the user how man compression methods there are */
1297 compression_methods_length = tvb_get_guint8(tvb, offset);
1298 proto_tree_add_uint(tree, hf_ssl_handshake_comp_methods_len,
1299 tvb, offset, 1, compression_methods_length);
1302 if (compression_methods_length > 0)
1304 ti = proto_tree_add_none_format(tree,
1305 hf_ssl_handshake_comp_methods,
1306 tvb, offset, compression_methods_length,
1307 "Compression Methods (%u method%s)",
1308 compression_methods_length,
1309 plurality(compression_methods_length,
1312 /* make this a subtree */
1313 cs_tree = proto_item_add_subtree(ti, ett_ssl_comp_methods);
1316 cs_tree = tree; /* failsafe */
1319 while (compression_methods_length > 0)
1321 proto_tree_add_item(cs_tree, hf_ssl_handshake_comp_method,
1322 tvb, offset, 1, FALSE);
1324 compression_methods_length--;
1331 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
1332 proto_tree *tree, guint32 offset)
1335 * ProtocolVersion server_version;
1337 * SessionID session_id;
1338 * CipherSuite cipher_suite;
1339 * CompressionMethod compression_method;
1345 /* show the server version */
1346 proto_tree_add_item(tree, hf_ssl_handshake_server_version, tvb,
1350 /* first display the elements conveniently in
1351 * common with client hello
1353 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset);
1355 /* now the server-selected cipher suite */
1356 proto_tree_add_item(tree, hf_ssl_handshake_cipher_suite,
1357 tvb, offset, 2, FALSE);
1360 /* and the server-selected compression method */
1361 proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
1362 tvb, offset, 1, FALSE);
1367 dissect_ssl3_hnd_cert(tvbuff_t *tvb,
1368 proto_tree *tree, guint32 offset)
1371 /* opaque ASN.1Cert<2^24-1>;
1374 * ASN.1Cert certificate_list<1..2^24-1>;
1377 guint32 certificate_list_length;
1379 proto_tree *subtree;
1383 certificate_list_length = tvb_get_ntoh24(tvb, offset);
1384 proto_tree_add_uint(tree, hf_ssl_handshake_certificates_len,
1385 tvb, offset, 3, certificate_list_length);
1386 offset += 3; /* 24-bit length value */
1388 if (certificate_list_length > 0)
1390 ti = proto_tree_add_none_format(tree,
1391 hf_ssl_handshake_certificates,
1392 tvb, offset, certificate_list_length,
1393 "Certificates (%u byte%s)",
1394 certificate_list_length,
1395 plurality(certificate_list_length,
1398 /* make it a subtree */
1399 subtree = proto_item_add_subtree(ti, ett_ssl_certs);
1402 subtree = tree; /* failsafe */
1405 /* iterate through each certificate */
1406 while (certificate_list_length > 0)
1408 /* get the length of the current certificate */
1409 guint32 cert_length = tvb_get_ntoh24(tvb, offset);
1410 certificate_list_length -= 3 + cert_length;
1412 proto_tree_add_item(subtree, hf_ssl_handshake_certificate_len,
1413 tvb, offset, 3, FALSE);
1416 proto_tree_add_bytes_format(subtree,
1417 hf_ssl_handshake_certificate,
1418 tvb, offset, cert_length,
1419 tvb_get_ptr(tvb, offset, cert_length),
1420 "Certificate (%u byte%s)",
1422 plurality(cert_length, "", "s"));
1423 offset += cert_length;
1431 dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
1432 proto_tree *tree, guint32 offset)
1436 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
1438 * } ClientCertificateType;
1440 * opaque DistinguishedName<1..2^16-1>;
1443 * ClientCertificateType certificate_types<1..2^8-1>;
1444 * DistinguishedName certificate_authorities<3..2^16-1>;
1445 * } CertificateRequest;
1449 proto_tree *subtree;
1450 guint8 cert_types_count = 0;
1451 int dnames_length = 0;
1455 cert_types_count = tvb_get_guint8(tvb, offset);
1456 proto_tree_add_uint(tree, hf_ssl_handshake_cert_types_count,
1457 tvb, offset, 1, cert_types_count);
1460 if (cert_types_count > 0)
1462 ti = proto_tree_add_none_format(tree,
1463 hf_ssl_handshake_cert_types,
1464 tvb, offset, cert_types_count,
1465 "Certificate types (%u type%s)",
1467 plurality(cert_types_count, "", "s"));
1468 subtree = proto_item_add_subtree(ti, ett_ssl_cert_types);
1474 while (cert_types_count > 0)
1476 proto_tree_add_item(subtree, hf_ssl_handshake_cert_type,
1477 tvb, offset, 1, FALSE);
1483 dnames_length = tvb_get_ntohs(tvb, offset);
1484 proto_tree_add_uint(tree, hf_ssl_handshake_dnames_len,
1485 tvb, offset, 2, dnames_length);
1488 if (dnames_length > 0)
1490 ti = proto_tree_add_none_format(tree,
1491 hf_ssl_handshake_dnames,
1492 tvb, offset, dnames_length,
1493 "Distinguished Names (%d byte%s)",
1495 plurality(dnames_length, "", "s"));
1496 subtree = proto_item_add_subtree(ti, ett_ssl_dnames);
1502 while (dnames_length > 0)
1504 /* get the length of the current certificate */
1505 guint16 name_length = tvb_get_ntohs(tvb, offset);
1506 dnames_length -= 2 + name_length;
1508 proto_tree_add_item(subtree, hf_ssl_handshake_dname_len,
1509 tvb, offset, 2, FALSE);
1512 proto_tree_add_bytes_format(subtree,
1513 hf_ssl_handshake_dname,
1514 tvb, offset, name_length,
1515 tvb_get_ptr(tvb, offset, name_length),
1516 "Distinguished Name (%u byte%s)",
1518 plurality(name_length, "", "s"));
1519 offset += name_length;
1527 dissect_ssl3_hnd_finished(tvbuff_t *tvb,
1528 proto_tree *tree, guint32 offset,
1529 guint *conv_version)
1533 * opaque verify_data[12];
1538 * opaque md5_hash[16];
1539 * opaque sha_hash[20];
1543 /* this all needs a tree, so bail if we don't have one */
1549 switch(*conv_version) {
1551 proto_tree_add_item(tree, hf_ssl_handshake_finished,
1552 tvb, offset, 12, FALSE);
1556 proto_tree_add_item(tree, hf_ssl_handshake_md5_hash,
1557 tvb, offset, 16, FALSE);
1559 proto_tree_add_item(tree, hf_ssl_handshake_sha_hash,
1560 tvb, offset, 20, FALSE);
1566 /*********************************************************************
1568 * SSL version 2 Dissectors
1570 *********************************************************************/
1573 /* record layer dissector */
1575 dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
1576 guint32 offset, guint *conv_version,
1577 gboolean *need_desegmentation)
1579 guint32 initial_offset = offset;
1581 guint8 record_length_length = 0;
1582 guint32 record_length = 0;
1583 gint is_escape = -1;
1584 gint16 padding_length = -1;
1585 guint8 msg_type = 0;
1586 gchar *msg_type_str = NULL;
1587 guint32 available_bytes = 0;
1590 proto_tree *ssl_record_tree = NULL;
1592 /* pull first byte; if high bit is set, then record
1593 * length is three bytes due to padding; otherwise
1594 * record length is two bytes
1596 byte = tvb_get_guint8(tvb, offset++);
1597 record_length_length = (byte & 0x80) ? 2 : 3;
1600 * Can we do reassembly?
1602 available_bytes = tvb_length_remaining(tvb, offset);
1604 if (ssl_desegment && pinfo->can_desegment) {
1606 * Yes - is the record header split across segment boundaries?
1608 if (available_bytes < record_length_length) {
1610 * Yes. Tell the TCP dissector where the data for this
1611 * message starts in the data it handed us, and how many
1612 * more bytes we need, and return.
1614 pinfo->desegment_offset = offset;
1615 pinfo->desegment_len = record_length_length - available_bytes;
1616 *need_desegmentation = TRUE;
1621 /* parse out the record length */
1622 switch(record_length_length) {
1623 case 2: /* two-byte record length */
1624 record_length = (byte & 0x7f) << 8;
1625 byte = tvb_get_guint8(tvb, offset++);
1626 record_length += byte;
1628 case 3: /* three-byte record length */
1629 is_escape = (byte & 0x40) ? TRUE : FALSE;
1630 record_length = (byte & 0x3f) << 8;
1631 byte = tvb_get_guint8(tvb, offset++);
1632 record_length += byte;
1633 byte = tvb_get_guint8(tvb, offset++);
1634 padding_length = byte;
1638 * Can we do reassembly?
1640 if (ssl_desegment && pinfo->can_desegment) {
1642 * Yes - is the record split across segment boundaries?
1644 if (available_bytes < record_length) {
1646 * Yes. Tell the TCP dissector where the data for this
1647 * message starts in the data it handed us, and how many
1648 * more bytes we need, and return.
1650 pinfo->desegment_offset = offset;
1651 pinfo->desegment_len = record_length - available_bytes;
1652 *need_desegmentation = TRUE;
1657 /* if we get here, but don't have a version set for the
1658 * conversation, then set a version for just this frame
1659 * (e.g., on a client hello)
1661 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1663 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSLv2");
1666 /* add the record layer subtree header */
1667 ti = proto_tree_add_item(tree, hf_ssl2_record, tvb, initial_offset,
1668 record_length_length + record_length, 0);
1669 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
1671 /* pull the msg_type so we can bail if it's unknown */
1672 msg_type = tvb_get_guint8(tvb, initial_offset + record_length_length);
1674 /* if we get a server_hello or later handshake in v2, then set
1677 if (*conv_version == SSL_VER_UNKNOWN
1678 && msg_type >= 2 && msg_type <= 8)
1680 *conv_version = SSL_VER_SSLv2;
1681 ssl_set_conv_version(pinfo, *conv_version);
1684 /* see if the msg_type is valid; if not the payload is
1685 * probably encrypted, so note that fact and bail
1687 msg_type_str = match_strval(msg_type, ssl_20_msg_types);
1689 || !ssl_looks_like_valid_v2_handshake(tvb, initial_offset
1690 + record_length_length,
1693 if (ssl_record_tree)
1695 proto_item_set_text(ssl_record_tree, "SSLv2 Record Layer: %s",
1698 if (check_col(pinfo->cinfo, COL_INFO))
1699 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Data");
1700 return initial_offset + record_length_length + record_length;
1704 if (check_col(pinfo->cinfo, COL_INFO))
1705 col_append_str(pinfo->cinfo, COL_INFO, msg_type_str);
1707 if (ssl_record_tree)
1709 proto_item_set_text(ssl_record_tree, "SSLv2 Record Layer: %s",
1714 /* We have a valid message type, so move foward, filling in the
1715 * tree by adding the length, is_escape boolean and padding_length,
1716 * if present in the original packet
1718 if (ssl_record_tree)
1720 /* add the record length */
1721 ti = proto_tree_add_uint (ssl_record_tree,
1722 hf_ssl_record_length, tvb,
1723 initial_offset, record_length_length,
1726 if (ssl_record_tree && is_escape != -1)
1728 proto_tree_add_boolean(ssl_record_tree,
1729 hf_ssl2_record_is_escape, tvb,
1730 initial_offset, 1, is_escape);
1732 if (ssl_record_tree && padding_length != -1)
1734 proto_tree_add_uint(ssl_record_tree,
1735 hf_ssl2_record_padding_length, tvb,
1736 initial_offset + 2, 1, padding_length);
1740 * dissect the record data
1743 /* jump forward to the start of the record data */
1744 offset = initial_offset + record_length_length;
1746 /* add the message type */
1747 if (ssl_record_tree)
1749 proto_tree_add_item(ssl_record_tree, hf_ssl2_msg_type, tvb,
1752 offset++; /* move past msg_type byte */
1755 /* dissect the message (only handle client hello right now) */
1757 case SSL2_HND_CLIENT_HELLO:
1758 dissect_ssl2_hnd_client_hello(tvb, ssl_record_tree, offset);
1761 case SSL2_HND_CLIENT_MASTER_KEY:
1762 dissect_ssl2_hnd_client_master_key(tvb, ssl_record_tree, offset);
1765 case SSL2_HND_SERVER_HELLO:
1766 dissect_ssl2_hnd_server_hello(tvb, ssl_record_tree, offset);
1769 case SSL2_HND_ERROR:
1770 case SSL2_HND_CLIENT_FINISHED:
1771 case SSL2_HND_SERVER_VERIFY:
1772 case SSL2_HND_SERVER_FINISHED:
1773 case SSL2_HND_REQUEST_CERTIFICATE:
1774 case SSL2_HND_CLIENT_CERTIFICATE:
1778 default: /* unknown */
1783 return (initial_offset + record_length_length + record_length);
1787 dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
1788 proto_tree *tree, guint32 offset)
1793 * uint16 cipher_spec_length;
1794 * uint16 session_id_length;
1795 * uint16 challenge_length;
1796 * V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length];
1797 * opaque session_id[V2ClientHello.session_id_length];
1801 * Note: when we get here, offset's already pointing at Version
1805 guint16 cipher_spec_length;
1806 guint16 session_id_length;
1807 guint16 challenge_length;
1810 proto_tree *cs_tree;
1812 version = tvb_get_ntohs(tvb, offset);
1813 if (!ssl_is_valid_ssl_version(version))
1815 /* invalid version; probably encrypted data */
1821 /* show the version */
1822 proto_tree_add_item(tree, hf_ssl_record_version, tvb,
1826 cipher_spec_length = tvb_get_ntohs(tvb, offset);
1827 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec_len,
1828 tvb, offset, 2, FALSE);
1831 session_id_length = tvb_get_ntohs(tvb, offset);
1832 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_len,
1833 tvb, offset, 2, FALSE);
1836 challenge_length = tvb_get_ntohs(tvb, offset);
1837 proto_tree_add_item(tree, hf_ssl2_handshake_challenge_len,
1838 tvb, offset, 2, FALSE);
1841 /* tell the user how many cipher specs they've won */
1842 ti = proto_tree_add_none_format(tree, hf_ssl_handshake_cipher_suites,
1843 tvb, offset, cipher_spec_length,
1844 "Cipher Specs (%u specs)",
1845 cipher_spec_length/3);
1847 /* make this a subtree and expand the actual specs below */
1848 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1851 cs_tree = tree; /* failsafe */
1854 /* iterate through the cipher specs, showing them */
1855 while (cipher_spec_length > 0)
1857 proto_tree_add_item(cs_tree, hf_ssl2_handshake_cipher_spec,
1858 tvb, offset, 3, FALSE);
1859 offset += 3; /* length of one cipher spec */
1860 cipher_spec_length -= 3;
1863 /* if there's a session id, show it */
1864 if (session_id_length > 0)
1866 proto_tree_add_bytes_format(tree,
1867 hf_ssl_handshake_session_id,
1868 tvb, offset, session_id_length,
1869 tvb_get_ptr(tvb, offset, session_id_length),
1870 "Session ID (%u byte%s)",
1872 plurality(session_id_length, "", "s"));
1874 offset += session_id_length;
1877 /* if there's a challenge, show it */
1878 if (challenge_length > 0)
1880 proto_tree_add_item(tree, hf_ssl2_handshake_challenge,
1881 tvb, offset, challenge_length, 0);
1882 offset += challenge_length;
1888 dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
1889 proto_tree *tree, guint32 offset)
1893 * V2Cipherspec cipher;
1894 * uint16 clear_key_length;
1895 * uint16 encrypted_key_length;
1896 * uint16 key_arg_length;
1897 * opaque clear_key_data[V2ClientMasterKey.clear_key_length];
1898 * opaque encrypted_key_data[V2ClientMasterKey.encrypted_key_length];
1899 * opaque key_arg_data[V2ClientMasterKey.key_arg_length];
1900 * } V2ClientMasterKey;
1902 * Note: when we get here, offset's already pointing at cipher
1904 guint16 clear_key_length;
1905 guint16 encrypted_key_length;
1906 guint16 key_arg_length;
1908 /* at this point, everything we do involves the tree,
1909 * so quit now if we don't have one ;-)
1916 /* show the selected cipher */
1917 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec,
1918 tvb, offset, 3, FALSE);
1921 /* get the fixed fields */
1922 clear_key_length = tvb_get_ntohs(tvb, offset);
1923 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key_len,
1924 tvb, offset, 2, FALSE);
1927 encrypted_key_length = tvb_get_ntohs(tvb, offset);
1928 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key_len,
1929 tvb, offset, 2, FALSE);
1932 key_arg_length = tvb_get_ntohs(tvb, offset);
1933 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg_len,
1934 tvb, offset, 2, FALSE);
1937 /* show the variable length fields */
1938 if (clear_key_length > 0)
1940 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key,
1941 tvb, offset, clear_key_length, FALSE);
1942 offset += clear_key_length;
1945 if (encrypted_key_length > 0)
1947 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key,
1948 tvb, offset, encrypted_key_length, FALSE);
1949 offset += encrypted_key_length;
1952 if (key_arg_length > 0)
1954 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg,
1955 tvb, offset, key_arg_length, FALSE);
1956 offset += key_arg_length;
1962 dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
1963 proto_tree *tree, guint32 offset)
1967 * uint8 session_id_hit;
1968 * uint8 certificate_type;
1969 * uint16 server_version;
1970 * uint16 certificate_length;
1971 * uint16 cipher_specs_length;
1972 * uint16 connection_id_length;
1973 * opaque certificate_data[V2ServerHello.certificate_length];
1974 * opaque cipher_specs_data[V2ServerHello.cipher_specs_length];
1975 * opaque connection_id_data[V2ServerHello.connection_id_length];
1978 * Note: when we get here, offset's already pointing at session_id_hit
1980 guint16 certificate_length;
1981 guint16 cipher_spec_length;
1982 guint16 connection_id_length;
1985 proto_tree *subtree;
1987 /* everything we do only makes sense with a tree, so
1988 * quit now if we don't have one
1995 version = tvb_get_ntohs(tvb, offset + 2);
1996 if (!ssl_is_valid_ssl_version(version))
1998 /* invalid version; probably encrypted data */
2003 /* is there a hit? */
2004 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_hit,
2005 tvb, offset, 1, FALSE);
2008 /* what type of certificate is this? */
2009 proto_tree_add_item(tree, hf_ssl2_handshake_cert_type,
2010 tvb, offset, 1, FALSE);
2013 /* now the server version */
2014 proto_tree_add_item(tree, hf_ssl_handshake_server_version,
2015 tvb, offset, 2, FALSE);
2018 /* get the fixed fields */
2019 certificate_length = tvb_get_ntohs(tvb, offset);
2020 proto_tree_add_uint(tree, hf_ssl_handshake_certificate_len,
2021 tvb, offset, 2, certificate_length);
2024 cipher_spec_length = tvb_get_ntohs(tvb, offset);
2025 proto_tree_add_uint(tree, hf_ssl2_handshake_cipher_spec_len,
2026 tvb, offset, 2, cipher_spec_length);
2029 connection_id_length = tvb_get_ntohs(tvb, offset);
2030 proto_tree_add_uint(tree, hf_ssl2_handshake_connection_id_len,
2031 tvb, offset, 2, connection_id_length);
2034 /* now the variable length fields */
2035 if (certificate_length > 0)
2037 proto_tree_add_bytes_format(tree, hf_ssl_handshake_certificate,
2038 tvb, offset, certificate_length,
2039 tvb_get_ptr(tvb, offset, certificate_length),
2040 "Certificate (%u byte%s)",
2042 plurality(certificate_length, "", "s"));
2043 offset += certificate_length;
2046 if (cipher_spec_length > 0)
2048 /* provide a collapsing node for the cipher specs */
2049 ti = proto_tree_add_none_format(tree,
2050 hf_ssl_handshake_cipher_suites,
2051 tvb, offset, cipher_spec_length,
2052 "Cipher Specs (%u spec%s)",
2053 cipher_spec_length/3,
2054 plurality(cipher_spec_length/3, "", "s"));
2055 subtree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2061 /* iterate through the cipher specs */
2062 while (cipher_spec_length > 0)
2064 proto_tree_add_item(subtree, hf_ssl2_handshake_cipher_spec,
2065 tvb, offset, 3, FALSE);
2067 cipher_spec_length -= 3;
2071 if (connection_id_length > 0)
2073 proto_tree_add_item(tree, hf_ssl2_handshake_connection_id,
2074 tvb, offset, connection_id_length, FALSE);
2075 offset += connection_id_length;
2083 /*********************************************************************
2087 *********************************************************************/
2090 ssl_set_conv_version(packet_info *pinfo, guint version)
2092 conversation_t *conversation;
2094 if (pinfo->fd->flags.visited)
2096 /* We've already processed this frame; no need to do any more
2102 conversation = find_conversation(&pinfo->src, &pinfo->dst, pinfo->ptype,
2103 pinfo->srcport, pinfo->destport, 0);
2105 if (conversation == NULL)
2107 /* create a new conversation */
2108 conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype,
2109 pinfo->srcport, pinfo->destport, 0);
2112 if (conversation_get_proto_data(conversation, proto_ssl) != NULL)
2114 /* get rid of the current data */
2115 conversation_delete_proto_data(conversation, proto_ssl);
2117 conversation_add_proto_data(conversation, proto_ssl, (void *)version);
2121 ssl_is_valid_handshake_type(guint8 type)
2125 case SSL_HND_HELLO_REQUEST:
2126 case SSL_HND_CLIENT_HELLO:
2127 case SSL_HND_SERVER_HELLO:
2128 case SSL_HND_CERTIFICATE:
2129 case SSL_HND_SERVER_KEY_EXCHG:
2130 case SSL_HND_CERT_REQUEST:
2131 case SSL_HND_SVR_HELLO_DONE:
2132 case SSL_HND_CERT_VERIFY:
2133 case SSL_HND_CLIENT_KEY_EXCHG:
2134 case SSL_HND_FINISHED:
2141 ssl_is_valid_content_type(guint8 type)
2143 if (type >= 0x14 && type <= 0x17)
2152 ssl_is_valid_ssl_version(guint16 version)
2154 gchar *version_str = match_strval(version, ssl_versions);
2155 return version_str != NULL;
2159 ssl_is_authoritative_version_message(guint8 content_type,
2162 if (content_type == SSL_ID_HANDSHAKE
2163 && ssl_is_valid_handshake_type(next_byte))
2165 return (next_byte != SSL_HND_CLIENT_HELLO);
2167 else if (ssl_is_valid_content_type(content_type)
2168 && content_type != SSL_ID_HANDSHAKE)
2176 ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset)
2180 byte = tvb_get_guint8(tvb, offset);
2181 if (byte != 0x80) /* v2 client hello should start this way */
2186 byte = tvb_get_guint8(tvb, offset+2);
2187 if (byte != 0x01) /* v2 client hello msg type */
2192 /* 1 in 2^16 of being right; improve later if necessary */
2196 /* this applies a heuristic to determine whether
2197 * or not the data beginning at offset looks like a
2198 * valid sslv2 record. this isn't really possible,
2199 * but we'll try to do a reasonable job anyway.
2202 ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset)
2204 /* here's the current approach:
2206 * we only try to catch unencrypted handshake messages, so we can
2207 * assume that there is not padding. This means that the
2208 * first byte must be >= 0x80 and there must be a valid sslv2
2209 * msg_type in the third byte
2212 /* get the first byte; must have high bit set */
2213 guint8 byte = tvb_get_guint8(tvb, offset);
2219 /* get the supposed msg_type byte; since we only care about
2220 * unencrypted handshake messages (we can't tell the type for
2221 * encrypted messages), we just check against that list
2223 byte = tvb_get_guint8(tvb, offset + 2);
2225 case SSL2_HND_ERROR:
2226 case SSL2_HND_CLIENT_HELLO:
2227 case SSL2_HND_CLIENT_MASTER_KEY:
2228 case SSL2_HND_SERVER_HELLO:
2234 /* this applies a heuristic to determine whether
2235 * or not the data beginning at offset looks like a
2236 * valid sslv3 record. this is somewhat more reliable
2237 * than sslv2 due to the structure of the v3 protocol
2240 ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset)
2242 /* have to have a valid content type followed by a valid
2248 /* see if the first byte is a valid content type */
2249 byte = tvb_get_guint8(tvb, offset);
2250 if (!ssl_is_valid_content_type(byte))
2255 /* now check to see if the version byte appears valid */
2256 version = tvb_get_ntohs(tvb, offset + 1);
2257 if (version != 0x0300 && version != 0x0301)
2265 /* applies a heuristic to determine whether
2266 * or not the data beginning at offset looks
2267 * like a valid, unencrypted v2 handshake message.
2268 * since it isn't possible to completely tell random
2269 * data apart from a valid message without state,
2270 * we try to help the odds.
2273 ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, guint32 offset,
2274 guint32 record_length)
2276 /* first byte should be a msg_type.
2278 * - we know we only see client_hello, client_master_key,
2279 * and server_hello in the clear, so check to see if
2280 * msg_type is one of those (this gives us a 3 in 2^8
2281 * chance of saying yes with random payload)
2283 * - for those three types that we know about, do some
2284 * further validation to reduce the chance of an error
2290 /* fetch the msg_type */
2291 msg_type = tvb_get_guint8(tvb, offset);
2294 case SSL2_HND_CLIENT_HELLO:
2295 /* version follows msg byte, so verify that this is valid */
2296 version = tvb_get_ntohs(tvb, offset+1);
2297 return ssl_is_valid_ssl_version(version);
2300 case SSL2_HND_SERVER_HELLO:
2301 /* version is three bytes after msg_type */
2302 version = tvb_get_ntohs(tvb, offset+3);
2303 return ssl_is_valid_ssl_version(version);
2306 case SSL2_HND_CLIENT_MASTER_KEY:
2307 /* sum of clear_key_length, encrypted_key_length, and key_arg_length
2308 * must be less than record length
2310 sum = tvb_get_ntohs(tvb, offset + 4); /* clear_key_length */
2311 sum += tvb_get_ntohs(tvb, offset + 6); /* encrypted_key_length */
2312 sum += tvb_get_ntohs(tvb, offset + 8); /* key_arg_length */
2313 if (sum > record_length)
2326 /*********************************************************************
2328 * Standard Ethereal Protocol Registration and housekeeping
2330 *********************************************************************/
2332 proto_register_ssl(void)
2335 /* Setup list of header fields See Section 1.6.1 for details*/
2336 static hf_register_info hf[] = {
2338 { "Record Layer", "ssl.record",
2339 FT_NONE, BASE_NONE, NULL, 0x0,
2340 "Record layer", HFILL }
2342 { &hf_ssl_record_content_type,
2343 { "Content Type", "ssl.record.content_type",
2344 FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
2345 "Content type", HFILL}
2347 { &hf_ssl2_msg_type,
2348 { "Handshake Message Type", "ssl.handshake.type",
2349 FT_UINT8, BASE_DEC, VALS(ssl_20_msg_types), 0x0,
2350 "SSLv2 handshake message type", HFILL}
2352 { &hf_ssl_record_version,
2353 { "Version", "ssl.record.version",
2354 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2355 "Record layer version.", HFILL }
2357 { &hf_ssl_record_length,
2358 { "Length", "ssl.record.length",
2359 FT_UINT16, BASE_DEC, NULL, 0x0,
2360 "Length of SSL record data", HFILL }
2362 { &hf_ssl_record_appdata,
2363 { "Application Data", "ssl.app_data",
2364 FT_NONE, BASE_NONE, NULL, 0x0,
2365 "Payload is application data", HFILL }
2368 { "SSLv2 Record Header", "ssl.record",
2369 FT_NONE, BASE_DEC, NULL, 0x0,
2370 "SSLv2 record data", HFILL }
2372 { &hf_ssl2_record_is_escape,
2373 { "Is Escape", "ssl.record.is_escape",
2374 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2375 "Indicates a security escape", HFILL}
2377 { &hf_ssl2_record_padding_length,
2378 { "Padding Length", "ssl.record.padding_length",
2379 FT_UINT8, BASE_DEC, NULL, 0x0,
2380 "Length of padding at end of record", HFILL }
2382 { &hf_ssl_change_cipher_spec,
2383 { "Change Cipher Spec Message", "ssl.change_cipher_spec",
2384 FT_NONE, BASE_NONE, NULL, 0x0,
2385 "Signals a change in cipher specifications", HFILL }
2387 { & hf_ssl_alert_message,
2388 { "Alert Message", "ssl.alert_message",
2389 FT_NONE, BASE_NONE, NULL, 0x0,
2390 "Alert message", HFILL }
2392 { & hf_ssl_alert_message_level,
2393 { "Level", "ssl.alert_message.level",
2394 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
2395 "Alert message level", HFILL }
2397 { &hf_ssl_alert_message_description,
2398 { "Description", "ssl.alert_message.desc",
2399 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
2400 "Alert message description", HFILL }
2402 { &hf_ssl_handshake_protocol,
2403 { "Handshake Protocol", "ssl.handshake",
2404 FT_NONE, BASE_NONE, NULL, 0x0,
2405 "Handshake protocol message", HFILL}
2407 { &hf_ssl_handshake_type,
2408 { "Handshake Type", "ssl.handshake.type",
2409 FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
2410 "Type of handshake message", HFILL}
2412 { &hf_ssl_handshake_length,
2413 { "Length", "ssl.handshake.length",
2414 FT_UINT24, BASE_DEC, NULL, 0x0,
2415 "Length of handshake message", HFILL }
2417 { &hf_ssl_handshake_client_version,
2418 { "Version", "ssl.handshake.version",
2419 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2420 "Maximum version supported by client", HFILL }
2422 { &hf_ssl_handshake_server_version,
2423 { "Version", "ssl.handshake.version",
2424 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2425 "Version selected by server", HFILL }
2427 { &hf_ssl_handshake_random_time,
2428 { "Random.gmt_unix_time", "ssl.handshake.random_time",
2429 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
2430 "Unix time field of random structure", HFILL }
2432 { &hf_ssl_handshake_random_bytes,
2433 { "Random.bytes", "ssl.handshake.random",
2434 FT_NONE, BASE_NONE, NULL, 0x0,
2435 "Random challenge used to authenticate server", HFILL }
2437 { &hf_ssl_handshake_cipher_suites_len,
2438 { "Cipher Suites Length", "ssl.handshake.cipher_suites_length",
2439 FT_UINT16, BASE_DEC, NULL, 0x0,
2440 "Length of cipher suites field", HFILL }
2442 { &hf_ssl_handshake_cipher_suites,
2443 { "Cipher Suites", "ssl.handshake.ciphersuites",
2444 FT_NONE, BASE_NONE, NULL, 0x0,
2445 "List of cipher suites supported by client", HFILL }
2447 { &hf_ssl_handshake_cipher_suite,
2448 { "Cipher Suite", "ssl.handshake.ciphersuite",
2449 FT_UINT16, BASE_HEX, VALS(ssl_31_ciphersuite), 0x0,
2450 "Cipher suite", HFILL }
2452 { &hf_ssl2_handshake_cipher_spec,
2453 { "Cipher Spec", "ssl.handshake.cipherspec",
2454 FT_UINT24, BASE_HEX, VALS(ssl_20_cipher_suites), 0x0,
2455 "Cipher specification", HFILL }
2457 { &hf_ssl_handshake_session_id,
2458 { "Session ID", "ssl.handshake.session_id",
2459 FT_BYTES, BASE_NONE, NULL, 0x0,
2460 "Identifies the SSL session, allowing later resumption", HFILL }
2462 { &hf_ssl_handshake_comp_methods_len,
2463 { "Compression Methods Length", "ssl.handshake.comp_methods_length",
2464 FT_UINT8, BASE_DEC, NULL, 0x0,
2465 "Length of compression methods field", HFILL }
2467 { &hf_ssl_handshake_comp_methods,
2468 { "Compression Methods", "ssl.handshake.comp_methods",
2469 FT_NONE, BASE_NONE, NULL, 0x0,
2470 "List of compression methods supported by client", HFILL }
2472 { &hf_ssl_handshake_comp_method,
2473 { "Compression Method", "ssl.handshake.comp_method",
2474 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
2475 "Compression Method", HFILL }
2477 { &hf_ssl_handshake_certificates_len,
2478 { "Certificates Length", "ssl.handshake.certificates_length",
2479 FT_UINT24, BASE_DEC, NULL, 0x0,
2480 "Length of certificates field", HFILL }
2482 { &hf_ssl_handshake_certificates,
2483 { "Certificates", "ssl.handshake.certificates",
2484 FT_NONE, BASE_NONE, NULL, 0x0,
2485 "List of certificates", HFILL }
2487 { &hf_ssl_handshake_certificate,
2488 { "Certificate", "ssl.handshake.certificate",
2489 FT_BYTES, BASE_NONE, NULL, 0x0,
2490 "Certificate", HFILL }
2492 { &hf_ssl_handshake_certificate_len,
2493 { "Certificate Length", "ssl.handshake.certificate_length",
2494 FT_UINT24, BASE_DEC, NULL, 0x0,
2495 "Length of certificate", HFILL }
2497 { &hf_ssl_handshake_cert_types_count,
2498 { "Certificate types count", "ssl.handshake.cert_types_count",
2499 FT_UINT8, BASE_DEC, NULL, 0x0,
2500 "Count of certificate types", HFILL }
2502 { &hf_ssl_handshake_cert_types,
2503 { "Certificate types", "ssl.handshake.cert_types",
2504 FT_NONE, BASE_NONE, NULL, 0x0,
2505 "List of certificate types", HFILL }
2507 { &hf_ssl_handshake_cert_type,
2508 { "Certificate type", "ssl.handshake.cert_type",
2509 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
2510 "Certificate type", HFILL }
2512 { &hf_ssl_handshake_finished,
2513 { "Verify Data", "ssl.handshake.verify_data",
2514 FT_NONE, BASE_NONE, NULL, 0x0,
2515 "Opaque verification data", HFILL }
2517 { &hf_ssl_handshake_md5_hash,
2518 { "MD5 Hash", "ssl.handshake.md5_hash",
2519 FT_NONE, BASE_NONE, NULL, 0x0,
2520 "Hash of messages, master_secret, etc.", HFILL }
2522 { &hf_ssl_handshake_sha_hash,
2523 { "SHA-1 Hash", "ssl.handshake.sha_hash",
2524 FT_NONE, BASE_NONE, NULL, 0x0,
2525 "Hash of messages, master_secret, etc.", HFILL }
2527 { &hf_ssl_handshake_session_id_len,
2528 { "Session ID Length", "ssl.handshake.session_id_length",
2529 FT_UINT8, BASE_DEC, NULL, 0x0,
2530 "Length of session ID field", HFILL }
2532 { &hf_ssl_handshake_dnames_len,
2533 { "Distinguished Names Length", "ssl.handshake.dnames_len",
2534 FT_UINT16, BASE_DEC, NULL, 0x0,
2535 "Length of list of CAs that server trusts", HFILL }
2537 { &hf_ssl_handshake_dnames,
2538 { "Distinguished Names", "ssl.handshake.dnames",
2539 FT_NONE, BASE_NONE, NULL, 0x0,
2540 "List of CAs that server trusts", HFILL }
2542 { &hf_ssl_handshake_dname_len,
2543 { "Distinguished Name Length", "ssl.handshake.dname_len",
2544 FT_UINT16, BASE_DEC, NULL, 0x0,
2545 "Length of distinguished name", HFILL }
2547 { &hf_ssl_handshake_dname,
2548 { "Distinguished Name", "ssl.handshake.dname",
2549 FT_BYTES, BASE_NONE, NULL, 0x0,
2550 "Distinguished name of a CA that server trusts", HFILL }
2552 { &hf_ssl2_handshake_challenge,
2553 { "Challenge", "ssl.handshake.challenge",
2554 FT_NONE, BASE_NONE, NULL, 0x0,
2555 "Challenge data used to authenticate server", HFILL }
2557 { &hf_ssl2_handshake_cipher_spec_len,
2558 { "Cipher Spec Length", "ssl.handshake.cipher_spec_len",
2559 FT_UINT16, BASE_DEC, NULL, 0x0,
2560 "Length of cipher specs field", HFILL }
2562 { &hf_ssl2_handshake_session_id_len,
2563 { "Session ID Length", "ssl.handshake.session_id_length",
2564 FT_UINT16, BASE_DEC, NULL, 0x0,
2565 "Length of session ID field", HFILL }
2567 { &hf_ssl2_handshake_challenge_len,
2568 { "Challenge Length", "ssl.handshake.challenge_length",
2569 FT_UINT16, BASE_DEC, NULL, 0x0,
2570 "Length of challenge field", HFILL }
2572 { &hf_ssl2_handshake_clear_key_len,
2573 { "Clear Key Data Length", "ssl.handshake.clear_key_length",
2574 FT_UINT16, BASE_DEC, NULL, 0x0,
2575 "Length of clear key data", HFILL }
2577 { &hf_ssl2_handshake_enc_key_len,
2578 { "Encrypted Key Data Length", "ssl.handshake.encrypted_key_length",
2579 FT_UINT16, BASE_DEC, NULL, 0x0,
2580 "Length of encrypted key data", HFILL }
2582 { &hf_ssl2_handshake_key_arg_len,
2583 { "Key Argument Length", "ssl.handshake.key_arg_length",
2584 FT_UINT16, BASE_DEC, NULL, 0x0,
2585 "Length of key argument", HFILL }
2587 { &hf_ssl2_handshake_clear_key,
2588 { "Clear Key Data", "ssl.handshake.clear_key_data",
2589 FT_NONE, BASE_NONE, NULL, 0x0,
2590 "Clear portion of MASTER-KEY", HFILL }
2592 { &hf_ssl2_handshake_enc_key,
2593 { "Encrypted Key", "ssl.handshake.encrypted_key",
2594 FT_NONE, BASE_NONE, NULL, 0x0,
2595 "Secret portion of MASTER-KEY encrypted to server", HFILL }
2597 { &hf_ssl2_handshake_key_arg,
2598 { "Key Argument", "ssl.handshake.key_arg",
2599 FT_NONE, BASE_NONE, NULL, 0x0,
2600 "Key Argument (e.g., Initialization Vector)", HFILL }
2602 { &hf_ssl2_handshake_session_id_hit,
2603 { "Session ID Hit", "ssl.handshake.session_id_hit",
2604 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2605 "Did the server find the client's Session ID?", HFILL }
2607 { &hf_ssl2_handshake_cert_type,
2608 { "Certificate Type", "ssl.handshake.cert_type",
2609 FT_UINT8, BASE_DEC, VALS(ssl_20_certificate_type), 0x0,
2610 "Certificate Type", HFILL }
2612 { &hf_ssl2_handshake_connection_id_len,
2613 { "Connection ID Length", "ssl.handshake.connection_id_length",
2614 FT_UINT16, BASE_DEC, NULL, 0x0,
2615 "Length of connection ID", HFILL }
2617 { &hf_ssl2_handshake_connection_id,
2618 { "Connection ID", "ssl.handshake.connection_id",
2619 FT_NONE, BASE_NONE, NULL, 0x0,
2620 "Server's challenge to client", HFILL }
2624 /* Setup protocol subtree array */
2625 static gint *ett[] = {
2630 &ett_ssl_cipher_suites,
2631 &ett_ssl_comp_methods,
2633 &ett_ssl_cert_types,
2637 /* Register the protocol name and description */
2638 proto_ssl = proto_register_protocol("Secure Socket Layer",
2641 /* Required function calls to register the header fields and
2643 proto_register_field_array(proto_ssl, hf, array_length(hf));
2644 proto_register_subtree_array(ett, array_length(ett));
2647 module_t *ssl_module = prefs_register_protocol(proto_ssl, NULL);
2648 prefs_register_bool_preference(ssl_module,
2649 "desegment_ssl_records",
2650 "Desegment SSL records",
2651 "When enabled, SSL records that span multiple TCP segments are desegmented",
2655 register_dissector("ssl", dissect_ssl, proto_ssl);
2659 /* If this dissector uses sub-dissector registration add a registration
2660 * routine. This format is required because a script is used to find
2661 * these routines and create the code that calls these routines.
2664 proto_reg_handoff_ssl(void)
2666 dissector_handle_t ssl_handle;
2668 ssl_handle = find_dissector("ssl");
2669 dissector_add("tcp.port", TCP_PORT_SSL, ssl_handle);
2670 dissector_add("tcp.port", TCP_PORT_SSL_LDAP, ssl_handle);
2671 dissector_add("tcp.port", TCP_PORT_SSL_IMAP, ssl_handle);
2672 dissector_add("tcp.port", TCP_PORT_SSL_POP, ssl_handle);