3 * Routines to dissect WTLS component of WAP traffic.
5 * $Id: packet-wtls.c,v 1.19 2002/06/15 23:27:15 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * WAP dissector based on original work by Ben Fowler
12 * Updated by Neil Hunter <neil.hunter@energis-squared.com>
13 * WTLS support by Alexandre P. Ferreira (Splice IP)
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
37 #ifdef HAVE_SYS_TYPES_H
38 # include <sys/types.h>
41 #ifdef HAVE_NETINET_IN_H
42 # include <netinet/in.h>
45 #ifdef NEED_SNPRINTF_H
51 # include "snprintf.h"
56 #include <epan/packet.h>
57 #include "packet-wap.h"
58 #include "packet-wtls.h"
60 /* File scoped variables for the protocol and registered fields */
61 static int proto_wtls = HF_EMPTY;
63 /* These fields used by fixed part of header */
64 static int hf_wtls_record = HF_EMPTY;
65 static int hf_wtls_record_type = HF_EMPTY;
66 static int hf_wtls_record_length = HF_EMPTY;
67 static int hf_wtls_record_sequence = HF_EMPTY;
68 static int hf_wtls_record_ciphered = HF_EMPTY;
69 static int hf_wtls_hands = HF_EMPTY;
70 static int hf_wtls_hands_type = HF_EMPTY;
71 static int hf_wtls_hands_length = HF_EMPTY;
72 static int hf_wtls_hands_cli_hello = HF_EMPTY;
73 static int hf_wtls_hands_cli_hello_version = HF_EMPTY;
74 static int hf_wtls_hands_cli_hello_gmt = HF_EMPTY;
75 static int hf_wtls_hands_cli_hello_random = HF_EMPTY;
76 static int hf_wtls_hands_cli_hello_session = HF_EMPTY;
77 static int hf_wtls_hands_cli_hello_session_str = HF_EMPTY;
78 static int hf_wtls_hands_cli_hello_cli_key_id = HF_EMPTY;
79 static int hf_wtls_hands_cli_hello_cli_key_len = HF_EMPTY;
80 static int hf_wtls_hands_cli_hello_trust_key_id = HF_EMPTY;
81 static int hf_wtls_hands_cli_hello_key_exchange =HF_EMPTY;
82 static int hf_wtls_hands_cli_hello_key_exchange_suite =HF_EMPTY;
83 static int hf_wtls_hands_cli_hello_key_parameter_index =HF_EMPTY;
84 static int hf_wtls_hands_cli_hello_key_parameter_set =HF_EMPTY;
85 static int hf_wtls_hands_cli_hello_key_identifier_type =HF_EMPTY;
86 static int hf_wtls_hands_cli_hello_key_identifier_charset =HF_EMPTY;
87 static int hf_wtls_hands_cli_hello_key_identifier_size =HF_EMPTY;
88 static int hf_wtls_hands_cli_hello_key_identifier =HF_EMPTY;
89 static int hf_wtls_hands_cli_hello_key_identifier_str =HF_EMPTY;
90 static int hf_wtls_hands_cli_hello_cipher_suite =HF_EMPTY;
91 static int hf_wtls_hands_cli_hello_cipher_suite_item =HF_EMPTY;
92 static int hf_wtls_hands_cli_hello_compression_methods =HF_EMPTY;
93 static int hf_wtls_hands_cli_hello_compression =HF_EMPTY;
94 static int hf_wtls_hands_cli_hello_sequence_mode =HF_EMPTY;
95 static int hf_wtls_hands_cli_hello_key_refresh =HF_EMPTY;
96 static int hf_wtls_hands_serv_hello = HF_EMPTY;
97 static int hf_wtls_hands_serv_hello_version = HF_EMPTY;
98 static int hf_wtls_hands_serv_hello_gmt = HF_EMPTY;
99 static int hf_wtls_hands_serv_hello_random = HF_EMPTY;
100 static int hf_wtls_hands_serv_hello_session = HF_EMPTY;
101 static int hf_wtls_hands_serv_hello_session_str = HF_EMPTY;
102 static int hf_wtls_hands_serv_hello_cli_key_id =HF_EMPTY;
103 static int hf_wtls_hands_serv_hello_cipher_suite_item =HF_EMPTY;
104 static int hf_wtls_hands_serv_hello_cipher_bulk =HF_EMPTY;
105 static int hf_wtls_hands_serv_hello_cipher_mac =HF_EMPTY;
106 static int hf_wtls_hands_serv_hello_compression =HF_EMPTY;
107 static int hf_wtls_hands_serv_hello_sequence_mode =HF_EMPTY;
108 static int hf_wtls_hands_serv_hello_key_refresh =HF_EMPTY;
109 static int hf_wtls_hands_certificates =HF_EMPTY;
110 static int hf_wtls_hands_certificate =HF_EMPTY;
111 static int hf_wtls_hands_certificate_type =HF_EMPTY;
112 static int hf_wtls_hands_certificate_wtls_version =HF_EMPTY;
113 static int hf_wtls_hands_certificate_wtls_signature_type =HF_EMPTY;
114 static int hf_wtls_hands_certificate_wtls_issuer_type =HF_EMPTY;
115 static int hf_wtls_hands_certificate_wtls_issuer_charset =HF_EMPTY;
116 static int hf_wtls_hands_certificate_wtls_issuer_size =HF_EMPTY;
117 static int hf_wtls_hands_certificate_wtls_issuer_name =HF_EMPTY;
118 static int hf_wtls_hands_certificate_wtls_valid_not_before =HF_EMPTY;
119 static int hf_wtls_hands_certificate_wtls_valid_not_after =HF_EMPTY;
120 static int hf_wtls_hands_certificate_wtls_subject_type =HF_EMPTY;
121 static int hf_wtls_hands_certificate_wtls_subject_charset =HF_EMPTY;
122 static int hf_wtls_hands_certificate_wtls_subject_size = HF_EMPTY;
123 static int hf_wtls_hands_certificate_wtls_subject_name = HF_EMPTY;
124 static int hf_wtls_hands_certificate_wtls_public_key_type = HF_EMPTY;
125 static int hf_wtls_hands_certificate_wtls_key_parameter_index = HF_EMPTY;
126 static int hf_wtls_hands_certificate_wtls_key_parameter_set = HF_EMPTY;
127 static int hf_wtls_hands_certificate_wtls_rsa_exponent = HF_EMPTY;
128 static int hf_wtls_hands_certificate_wtls_rsa_modules = HF_EMPTY;
129 static int hf_wtls_hands_certificate_wtls_signature = HF_EMPTY;
130 static int hf_wtls_alert = HF_EMPTY;
131 static int hf_wtls_alert_level = HF_EMPTY;
132 static int hf_wtls_alert_description = HF_EMPTY;
134 /* Initialize the subtree pointers */
135 static gint ett_wtls = ETT_EMPTY;
136 static gint ett_wtls_rec = ETT_EMPTY;
137 static gint ett_wtls_msg_type = ETT_EMPTY;
138 static gint ett_wtls_msg_type_item = ETT_EMPTY;
139 static gint ett_wtls_msg_type_item_sub = ETT_EMPTY;
140 static gint ett_wtls_msg_type_item_sub_sub = ETT_EMPTY;
142 /* Handles for WTP and WSP dissectors */
143 static dissector_handle_t wtp_handle;
144 static dissector_handle_t wsp_handle;
146 static const value_string wtls_vals_record_type[] = {
147 { 1, "change_cipher_data" },
150 { 4, "application_data" },
154 static const value_string wtls_vals_cipher_bulk[] = {
161 { 6, "3DES CBC cwEDE40" },
162 { 7, "IDEA CBC 40" },
163 { 8, "IDEA CBC 56" },
168 static const value_string wtls_vals_cipher_mac[] = {
180 static const value_string wtls_vals_handshake_type[] = {
181 { 0, "Hello Request" },
182 { 1, "Client Hello" },
183 { 2, "Server Hello" },
184 { 11, "Certificate" },
185 { 12, "Server Key Exchange" },
186 { 13, "Certificate Request" },
187 { 14, "Server Hello Done" },
188 { 15, "Certificate Verify" },
189 { 16, "Client Key Exchange" },
194 static const value_string wtls_vals_key_exchange_suite[] = {
196 { 1, "Shared Secret" },
197 { 2, "Diffie Hellman Anonymous" },
198 { 3, "Diffie Hellman Anonymous 512" },
199 { 4, "Diffie Hellman Anonymous 768" },
200 { 5, "RSA Anonymous" },
201 { 6, "RSA Anonymous 512" },
202 { 7, "RSA Anonymous 768" },
206 { 11, "EC Diffie Hellman Anonymous" },
207 { 12, "EC Diffie Hellman Anonymous 113" },
208 { 13, "EC Diffie Hellman Anonymous 131" },
209 { 14, "EC Diffie Hellman ECDSA" },
210 { 15, "EC Diffie Hellman Anonymous Uncomp" },
211 { 16, "EC Diffie Hellman Anonymous Uncomp 113" },
212 { 17, "EC Diffie Hellman Anonymous Uncomp 131" },
213 { 18, "EC Diffie Hellman ECDSA Uncomp" },
217 static const value_string wtls_vals_identifier_type[] = {
218 { 0, "No identifier" },
219 { 1, "Textual Name" },
220 { 2, "Binary Name" },
221 { 254, "SHA-1 Hash of Public Key" },
222 { 255, "x509 Distinguished Name" },
226 static const value_string wtls_vals_certificate_type[] = {
234 static const value_string wtls_vals_compression[] = {
239 static const value_string wtls_vals_sequence_mode[] = {
246 static const value_string wtls_vals_certificate_signature[] = {
253 static const value_string wtls_vals_public_key_type[] = {
260 static const value_string wtls_vals_alert_level[] = {
267 static const value_string wtls_vals_alert_description[] = {
268 { 0,"connection_close_notify"},
269 { 1,"session_close_notify"},
270 { 5,"no_connection"},
271 { 10,"unexpected_message"},
272 { 11,"time_required"},
273 { 20,"bad_record_mac"},
274 { 21,"decryption_failed"},
275 { 22,"record_overflow"},
276 { 30,"decompression_failure"},
277 { 40,"handshake_failure"},
278 { 42,"bad_certificate"},
279 { 43,"unsupported_certificate"},
280 { 44,"certificate_revoked"},
281 { 45,"certificate_expired"},
282 { 46,"certificate_unknown"},
283 { 47,"illegal_parameter"},
285 { 49,"access_denied"},
286 { 50,"decode_error"},
287 { 51,"decrypt_error"},
288 { 52,"unknown_key_id"},
289 { 53,"disabled_key_id"},
290 { 54,"key_exchange_disabled"},
291 { 55,"session_not_ready"},
292 { 56,"unknown_parameter_index"},
293 { 57,"duplicate_finished_received"},
294 { 60,"export_restriction"},
295 { 70,"protocol_version"},
296 { 71,"insufficient_security"},
297 { 80,"internal_error"},
298 { 90,"user_canceled"},
299 { 100,"no_renegotiation"},
303 #define WTLS_RECORD_TYPE_LENGTH 0x80
304 #define WTLS_RECORD_TYPE_SEQUENCE 0x40
305 #define WTLS_RECORD_TYPE_CIPHER_CUR 0x20
306 #define WTLS_RECORD_CONTENT_TYPE 0x0f
308 #define WTLS_ALERT 0x02
309 #define WTLS_PLAIN_HANDSHAKE 0x03
311 #define WTLS_HANDSHAKE_CLIENT_HELLO 1
312 #define WTLS_HANDSHAKE_SERVER_HELLO 2
313 #define WTLS_HANDSHAKE_CERTIFICATE 11
315 #define CERTIFICATE_WTLS 1
316 #define CERTIFICATE_X509 2
317 #define CERTIFICATE_X968 3
318 #define CERTIFICATE_URL 4
320 #define IDENTIFIER_NULL 0
321 #define IDENTIFIER_TEXT 1
322 #define IDENTIFIER_BIN 2
323 #define IDENTIFIER_SHA_1 254
324 #define IDENTIFIER_X509 255
326 #define PUBLIC_KEY_RSA 2
327 #define PUBLIC_KEY_ECDH 3
328 #define PUBLIC_KEY_ECDSA 4
330 static void dissect_wtls_handshake (proto_tree *, tvbuff_t *, guint, guint);
332 /* Code to actually dissect the packets */
334 dissect_wtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
341 guint offset_wtls = 0;
343 /* Set up structures we will need to add the protocol subtree and manage it */
345 proto_tree *wtls_tree;
346 proto_tree *wtls_rec_tree;
347 proto_tree *wtls_msg_type_tree;
349 if (check_col(pinfo->cinfo, COL_PROTOCOL))
351 switch ( pinfo->match_port )
353 case UDP_PORT_WTLS_WSP:
354 col_set_str(pinfo->cinfo, COL_PROTOCOL, "WTLS+WSP" );
356 case UDP_PORT_WTLS_WTP_WSP:
357 col_set_str(pinfo->cinfo, COL_PROTOCOL, "WTLS+WTP+WSP" );
362 /* Develop the string to put in the Info column */
363 if (check_col(pinfo->cinfo, COL_INFO)) {
364 col_set_str(pinfo->cinfo, COL_INFO, "WTLS" );
367 /* In the interest of speed, if "tree" is NULL, don't do any work not
368 necessary to generate protocol tree items. */
371 ti = proto_tree_add_item(tree, proto_wtls, tvb, offset_wtls,
372 -1, bo_little_endian);
373 wtls_tree = proto_item_add_subtree(ti, ett_wtls);
375 for (offset_wtls=0; offset_wtls < (tvb_reported_length(tvb)-1);) {
376 pdut = tvb_get_guint8 (tvb, offset_wtls);
378 offset = offset_wtls+1;
380 if (pdut & WTLS_RECORD_TYPE_SEQUENCE) {
383 if (pdut & WTLS_RECORD_TYPE_LENGTH) {
384 count = tvb_get_ntohs(tvb, offset);
386 count += offset-offset_wtls;
389 count = tvb_length_remaining (tvb, offset_wtls);
391 ti = proto_tree_add_uint(wtls_tree, hf_wtls_record, tvb, offset_wtls,
393 wtls_rec_tree = proto_item_add_subtree(ti, ett_wtls_rec);
395 offset = offset_wtls;
397 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_type,
398 tvb,offset,1,bo_big_endian);
402 offset_wtls += count;
404 if (pdut & WTLS_RECORD_TYPE_SEQUENCE) {
405 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_sequence,
406 tvb,offset,2,bo_big_endian);
409 if (pdut & WTLS_RECORD_TYPE_LENGTH) {
410 count = tvb_get_ntohs(tvb, offset);
411 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_length,
412 tvb,offset,2,bo_big_endian);
416 count = tvb_length_remaining (tvb, offset);
419 if (pdut & WTLS_RECORD_TYPE_CIPHER_CUR) {
420 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_ciphered,
421 tvb,offset,count,bo_big_endian);
425 switch (pdut & WTLS_RECORD_CONTENT_TYPE) {
426 case WTLS_PLAIN_HANDSHAKE :
427 dissect_wtls_handshake(wtls_rec_tree,tvb,offset,count);
430 ti = proto_tree_add_item(wtls_rec_tree, hf_wtls_alert, tvb, offset,
431 count, bo_little_endian);
432 wtls_msg_type_tree = proto_item_add_subtree(ti, ett_wtls_msg_type);
433 pdu_msg_type = tvb_get_guint8 (tvb, offset);
434 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_alert_level,
435 tvb,offset,1,bo_big_endian);
437 count = tvb_get_ntohs (tvb, offset);
438 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_alert_description,
439 tvb,offset,1,bo_big_endian);
450 add_text_identifier(tvbuff_t *tvb, int offset, int hf_charset,
451 int hf_size, int hf_str, proto_tree *tree)
456 proto_tree_add_item(tree, hf_charset, tvb, offset, 2, bo_big_endian);
458 size = tvb_get_guint8 (tvb, offset);
459 proto_tree_add_item(tree, hf_size, tvb, offset, 1, bo_big_endian);
461 proto_tree_add_item(tree, hf_str, tvb, offset, size, bo_big_endian);
465 fprintf(stderr, "text id size = %d, client_size = %d\n",
472 dissect_wtls_handshake(proto_tree *tree, tvbuff_t *tvb, guint offset, guint count)
479 guint public_key = 0;
482 char *valBulk = NULL;
486 proto_item *cli_key_item;
487 proto_tree *wtls_msg_type_tree;
488 proto_tree *wtls_msg_type_item_tree;
489 proto_tree *wtls_msg_type_item_sub_tree;
490 proto_tree *wtls_msg_type_item_sub_sub_tree;
492 pdu_msg_type = tvb_get_guint8 (tvb, offset);
493 ti = proto_tree_add_uint(tree, hf_wtls_hands, tvb, offset,count, pdu_msg_type);
494 wtls_msg_type_tree = proto_item_add_subtree(ti, ett_wtls_msg_type);
496 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_hands_type,
497 tvb,offset,1,bo_big_endian);
499 count = tvb_get_ntohs (tvb, offset);
500 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_hands_length,
501 tvb,offset,2,bo_big_endian);
503 switch(pdu_msg_type) {
504 case WTLS_HANDSHAKE_CLIENT_HELLO :
505 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_cli_hello, tvb, offset,
506 count, bo_little_endian);
507 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
508 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_version,
509 tvb,offset,1,bo_big_endian);
511 timeValue.secs = tvb_get_ntohl (tvb, offset);
513 ti = proto_tree_add_time (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_gmt, tvb,
514 offset, 4, &timeValue);
516 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_random,
517 tvb,offset,12,bo_big_endian);
519 count = tvb_get_guint8(tvb, offset);
522 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session_str,
523 tvb,offset,count+1,"NULL");
526 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
527 tvb,offset,count+1,tvb_get_guint8(tvb,offset+1));
530 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
531 tvb,offset,count+1,tvb_get_ntohs(tvb,offset+1));
534 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
535 tvb,offset,count+1,tvb_get_ntoh24(tvb,offset+1));
538 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
539 tvb,offset,count+1,tvb_get_ntohl(tvb,offset+1));
542 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session_str,
543 tvb,offset,count+1,"Too big");
548 /* process client_key_ids structure */
549 count = tvb_get_ntohs (tvb, offset);
550 ti = proto_tree_add_item(wtls_msg_type_item_tree,
551 hf_wtls_hands_cli_hello_cli_key_id, tvb, offset,
552 count+2, bo_little_endian);
553 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
555 /* display length of client_key_ids structure */
556 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
557 hf_wtls_hands_cli_hello_cli_key_len,
558 tvb,offset,2,bo_big_endian);
561 /* cycle through client_key_ids entries */
562 for (;count > 0;count-=client_size) {
563 /* get encryption suite id (one byte) */
564 value = tvb_get_guint8 (tvb, offset);
565 cli_key_item = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
566 hf_wtls_hands_cli_hello_key_exchange, tvb, offset,1,
569 wtls_msg_type_item_sub_sub_tree = proto_item_add_subtree(cli_key_item,
570 ett_wtls_msg_type_item_sub_sub);
571 ti = proto_tree_add_uint(wtls_msg_type_item_sub_sub_tree,
572 hf_wtls_hands_cli_hello_key_exchange_suite,
576 fprintf(stderr, "encryption suite = %d, client_size = %d\n", value, client_size);
579 /* get parameter index (one byte) */
580 value = tvb_get_guint8 (tvb, offset);
581 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
582 hf_wtls_hands_cli_hello_key_parameter_index,
583 tvb,offset,1,bo_big_endian);
587 fprintf(stderr, "parameter index = %d, client_size = %d\n", value, client_size);
590 /* explicit parameters present in next field */
592 size = tvb_get_ntohs (tvb, offset);
593 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
594 hf_wtls_hands_cli_hello_key_parameter_set,
595 tvb,offset,size+2,bo_big_endian);
600 /* get identifier type */
601 value = tvb_get_guint8 (tvb, offset);
602 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
603 hf_wtls_hands_cli_hello_key_identifier_type,
604 tvb,offset,1,bo_big_endian);
608 fprintf(stderr, "identifier type = %d, client_size = %d\n", value, client_size);
611 /* identifier present in next field */
612 /* note: value 0x0 means no identifier */
614 case IDENTIFIER_TEXT :
615 /* text identifier */
617 size = add_text_identifier(
619 hf_wtls_hands_cli_hello_key_identifier_charset,
620 hf_wtls_hands_cli_hello_key_identifier_size,
621 hf_wtls_hands_cli_hello_key_identifier_str,
622 wtls_msg_type_item_sub_sub_tree);
626 case IDENTIFIER_BIN :
627 /* binary identifier */
628 size = tvb_get_guint8 (tvb, offset);
629 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
630 hf_wtls_hands_cli_hello_key_identifier_size,
631 tvb,offset,1,bo_big_endian);
633 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
634 hf_wtls_hands_cli_hello_key_identifier,
635 tvb,offset,size,bo_big_endian);
639 fprintf(stderr, "binary id size = %d, client_size = %d\n",
643 case IDENTIFIER_SHA_1 :
644 /* SHA-1 hash of the public key */
645 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
646 hf_wtls_hands_cli_hello_key_identifier,
647 tvb,offset,20,bo_big_endian);
651 fprintf(stderr, "SHA-1 hash size = 20, client_size = %d\n",
655 case IDENTIFIER_X509 :
656 /* X.509 distinguished name */
658 size = tvb_get_guint8 (tvb, offset);
659 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
660 hf_wtls_hands_cli_hello_key_identifier_size,
661 tvb,offset,1,bo_big_endian);
663 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
664 hf_wtls_hands_cli_hello_key_identifier,
665 tvb,offset,size,bo_big_endian);
669 fprintf(stderr, "X.509 name size = %d, client_size = %d\n",
675 proto_item_set_len(cli_key_item, client_size);
678 /* process trusted_keys structure */
679 count = tvb_get_ntohs (tvb, offset);
680 ti = proto_tree_add_item(wtls_msg_type_item_tree,
681 hf_wtls_hands_cli_hello_trust_key_id, tvb, offset,
682 count+2, bo_little_endian);
683 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
685 /* display length of trusted_keys structure */
686 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
687 hf_wtls_hands_cli_hello_cli_key_len,
688 tvb,offset,2,bo_big_endian);
691 for (;count > 0;count-=client_size) {
692 /* get encryption suite id (one byte) */
693 value = tvb_get_guint8 (tvb, offset);
694 cli_key_item = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
695 hf_wtls_hands_cli_hello_key_exchange, tvb, offset,1,
698 wtls_msg_type_item_sub_sub_tree = proto_item_add_subtree(cli_key_item,
699 ett_wtls_msg_type_item_sub_sub);
700 ti = proto_tree_add_uint(wtls_msg_type_item_sub_sub_tree,
701 hf_wtls_hands_cli_hello_key_exchange_suite,
705 fprintf(stderr, "encryption suite = %d, client_size = %d\n", value, client_size);
708 /* get parameter index (one byte) */
709 value = tvb_get_guint8 (tvb, offset);
710 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
711 hf_wtls_hands_cli_hello_key_parameter_index,
712 tvb,offset,1,bo_big_endian);
716 fprintf(stderr, "parameter index = %d, client_size = %d\n", value, client_size);
719 /* explicit parameters present in next field */
721 size = tvb_get_ntohs (tvb, offset);
722 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
723 hf_wtls_hands_cli_hello_key_parameter_set,
724 tvb,offset,size+2,bo_big_endian);
729 /* get identifier type */
730 value = tvb_get_guint8 (tvb, offset);
731 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
732 hf_wtls_hands_cli_hello_key_identifier_type,
733 tvb,offset,1,bo_big_endian);
737 fprintf(stderr, "identifier type = %d, client_size = %d\n", value, client_size);
740 /* identifier present in next field */
741 /* note: value 0x0 means no identifier */
743 case IDENTIFIER_TEXT :
744 /* text identifier */
746 size = add_text_identifier(
748 hf_wtls_hands_cli_hello_key_identifier_charset,
749 hf_wtls_hands_cli_hello_key_identifier_size,
750 hf_wtls_hands_cli_hello_key_identifier_str,
751 wtls_msg_type_item_sub_sub_tree);
755 case IDENTIFIER_BIN :
756 /* binary identifier */
757 size = tvb_get_guint8 (tvb, offset);
758 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
759 hf_wtls_hands_cli_hello_key_identifier_size,
760 tvb,offset,1,bo_big_endian);
762 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
763 hf_wtls_hands_cli_hello_key_identifier,
764 tvb,offset,size,bo_big_endian);
768 fprintf(stderr, "binary id size = %d, client_size = %d\n",
772 case IDENTIFIER_SHA_1 :
773 /* SHA-1 hash of the public key */
774 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
775 hf_wtls_hands_cli_hello_key_identifier,
776 tvb,offset,20,bo_big_endian);
780 fprintf(stderr, "SHA-1 hash size = 20, client_size = %d\n",
784 case IDENTIFIER_X509 :
785 /* X.509 distinguished name */
787 size = tvb_get_guint8 (tvb, offset);
788 /* need to fetch identifier and display it */
789 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
790 hf_wtls_hands_cli_hello_key_identifier_size,
791 tvb,offset,1,bo_big_endian);
793 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
794 hf_wtls_hands_cli_hello_key_identifier,
795 tvb,offset,size,bo_big_endian);
799 fprintf(stderr, "X.509 name size = %d, client_size = %d\n",
804 proto_item_set_len(cli_key_item, client_size);
807 /* process cipher_suites structure */
808 count = tvb_get_guint8 (tvb, offset);
809 ti = proto_tree_add_item(wtls_msg_type_item_tree,
810 hf_wtls_hands_cli_hello_cipher_suite, tvb, offset,
811 count+1, bo_little_endian);
812 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
814 for (;count > 0;count-=client_size) {
815 value = tvb_get_guint8 (tvb, offset);
816 valBulk = match_strval(value, wtls_vals_cipher_bulk);
819 valMac = match_strval(tvb_get_guint8 (tvb, offset), wtls_vals_cipher_mac);
824 snprintf(valStr,1024,"%s, %s",valBulk,valMac);
828 snprintf(valStr,1024,"%s, Unknown MAC (0x%02x)",valBulk,tvb_get_guint8 (tvb, offset));
835 snprintf(valStr,1024,"Unknown Bulk (0x%02x), %s",value,valMac);
839 snprintf(valStr,1024,"Unknown Bulk (0x%02x), Unknown MAC (0x%02x)",value,
840 tvb_get_guint8 (tvb, offset));
845 cli_key_item = proto_tree_add_string(wtls_msg_type_item_sub_tree,
846 hf_wtls_hands_cli_hello_cipher_suite_item, tvb, offset-2,2,
849 count = tvb_get_guint8 (tvb, offset);
850 ti = proto_tree_add_item(wtls_msg_type_item_tree,
851 hf_wtls_hands_cli_hello_compression_methods, tvb, offset,
852 count+1, bo_little_endian);
853 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
855 for (;count > 0;count-=client_size) {
857 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
858 hf_wtls_hands_cli_hello_compression, tvb, offset,1,
863 ti = proto_tree_add_item(wtls_msg_type_item_tree,
864 hf_wtls_hands_cli_hello_sequence_mode, tvb, offset,
865 1, bo_little_endian);
867 ti = proto_tree_add_item(wtls_msg_type_item_tree,
868 hf_wtls_hands_cli_hello_key_refresh, tvb, offset,
869 1, bo_little_endian);
871 case WTLS_HANDSHAKE_SERVER_HELLO :
872 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_serv_hello, tvb, offset,
873 count, bo_little_endian);
874 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
875 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_version,
876 tvb,offset,1,bo_big_endian);
878 timeValue.secs = tvb_get_ntohl (tvb, offset);
880 ti = proto_tree_add_time (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_gmt, tvb,
881 offset, 4, &timeValue);
883 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_random,
884 tvb,offset,12,bo_big_endian);
886 count = tvb_get_guint8(tvb, offset);
889 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session_str,
890 tvb,offset,count+1,"NULL");
893 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
894 tvb,offset,count+1,tvb_get_guint8(tvb,offset+1));
897 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
898 tvb,offset,count+1,tvb_get_ntohs(tvb,offset+1));
901 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
902 tvb,offset,count+1,tvb_get_ntoh24(tvb,offset+1));
905 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
906 tvb,offset,count+1,tvb_get_ntohl(tvb,offset+1));
909 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session_str,
910 tvb,offset,count+1,"Too big");
914 ti = proto_tree_add_item(wtls_msg_type_item_tree,
915 hf_wtls_hands_serv_hello_cli_key_id,
916 tvb,offset,1,bo_big_endian);
918 cli_key_item = proto_tree_add_item(wtls_msg_type_item_tree,
919 hf_wtls_hands_serv_hello_cipher_suite_item, tvb, offset,2,
921 wtls_msg_type_item_sub_tree = proto_item_add_subtree(cli_key_item,
922 ett_wtls_msg_type_item_sub);
923 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
924 hf_wtls_hands_serv_hello_cipher_bulk,
925 tvb,offset,1,bo_big_endian);
927 value = tvb_get_guint8 (tvb, offset);
928 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
929 hf_wtls_hands_serv_hello_cipher_mac,
930 tvb,offset,1,bo_big_endian);
932 ti = proto_tree_add_item(wtls_msg_type_item_tree,
933 hf_wtls_hands_serv_hello_compression, tvb, offset,1,
936 ti = proto_tree_add_item(wtls_msg_type_item_tree,
937 hf_wtls_hands_serv_hello_sequence_mode, tvb, offset,
938 1, bo_little_endian);
940 ti = proto_tree_add_item(wtls_msg_type_item_tree,
941 hf_wtls_hands_serv_hello_key_refresh, tvb, offset,
942 1, bo_little_endian);
945 case WTLS_HANDSHAKE_CERTIFICATE :
946 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_certificates,
947 tvb, offset,count, bo_little_endian);
948 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
949 count = tvb_get_ntohs (tvb, offset);
951 for (;count > 0;count-=client_size) {
952 cli_key_item = proto_tree_add_item(wtls_msg_type_item_tree,
953 hf_wtls_hands_certificate, tvb, offset,1,
956 wtls_msg_type_item_sub_tree = proto_item_add_subtree(cli_key_item,
957 ett_wtls_msg_type_item_sub);
958 proto_item_set_len(cli_key_item, client_size);
959 value = tvb_get_guint8 (tvb, offset);
960 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
961 hf_wtls_hands_certificate_type, tvb, offset,1,
966 case CERTIFICATE_WTLS:
967 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
968 hf_wtls_hands_certificate_wtls_version,
973 signature = tvb_get_guint8 (tvb, offset);
974 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
975 hf_wtls_hands_certificate_wtls_signature_type,
980 value = tvb_get_guint8 (tvb, offset);
981 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
982 hf_wtls_hands_certificate_wtls_issuer_type,
988 case IDENTIFIER_NULL :
990 case IDENTIFIER_TEXT :
991 value = add_text_identifier(tvb, offset,
992 hf_wtls_hands_certificate_wtls_issuer_charset,
993 hf_wtls_hands_certificate_wtls_issuer_size,
994 hf_wtls_hands_certificate_wtls_issuer_name,
995 wtls_msg_type_item_sub_tree);
997 client_size += value;
999 case IDENTIFIER_BIN :
1001 case IDENTIFIER_SHA_1 :
1003 case IDENTIFIER_X509 :
1006 timeValue.secs = tvb_get_ntohl (tvb, offset);
1007 timeValue.nsecs = 0;
1008 ti = proto_tree_add_time (wtls_msg_type_item_sub_tree,
1009 hf_wtls_hands_certificate_wtls_valid_not_before,
1010 tvb, offset, 4, &timeValue);
1013 timeValue.secs = tvb_get_ntohl (tvb, offset);
1014 timeValue.nsecs = 0;
1015 ti = proto_tree_add_time (wtls_msg_type_item_sub_tree,
1016 hf_wtls_hands_certificate_wtls_valid_not_after,
1017 tvb, offset, 4, &timeValue);
1020 value = tvb_get_guint8 (tvb, offset);
1021 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1022 hf_wtls_hands_certificate_wtls_subject_type,
1028 case IDENTIFIER_NULL :
1030 case IDENTIFIER_TEXT :
1031 value = add_text_identifier(tvb, offset,
1032 hf_wtls_hands_certificate_wtls_subject_charset,
1033 hf_wtls_hands_certificate_wtls_subject_size,
1034 hf_wtls_hands_certificate_wtls_subject_name,
1035 wtls_msg_type_item_sub_tree);
1037 client_size += value;
1039 case IDENTIFIER_BIN :
1041 case IDENTIFIER_SHA_1 :
1043 case IDENTIFIER_X509 :
1046 public_key = tvb_get_guint8 (tvb, offset);
1047 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1048 hf_wtls_hands_certificate_wtls_public_key_type,
1053 value = tvb_get_guint8 (tvb, offset);
1054 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1055 hf_wtls_hands_certificate_wtls_key_parameter_index,
1056 tvb,offset,1,bo_big_endian);
1059 if (value == 0xff) {
1060 size = tvb_get_ntohs (tvb, offset);
1061 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1062 hf_wtls_hands_certificate_wtls_key_parameter_set,
1063 tvb,offset,size+2,bo_big_endian);
1065 client_size+=size+2;
1067 switch (public_key) {
1068 case PUBLIC_KEY_RSA :
1069 value = tvb_get_ntohs (tvb, offset);
1070 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1071 hf_wtls_hands_certificate_wtls_rsa_exponent,
1072 tvb,offset,value+2,value*8);
1074 client_size+=2+value;
1075 value = tvb_get_ntohs (tvb, offset);
1076 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1077 hf_wtls_hands_certificate_wtls_rsa_modules,
1078 tvb,offset,value+2,value*8);
1080 client_size+=2+value;
1082 case PUBLIC_KEY_ECDH :
1084 case PUBLIC_KEY_ECDSA :
1087 value = tvb_get_ntohs (tvb, offset);
1088 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1089 hf_wtls_hands_certificate_wtls_signature,
1090 tvb,offset,2+value,value*8);
1092 client_size+=2+value;
1094 case CERTIFICATE_X509:
1095 case CERTIFICATE_X968:
1096 value = tvb_get_ntohs (tvb, offset);
1099 client_size += value;
1102 case CERTIFICATE_URL:
1103 value = tvb_get_guint8 (tvb, offset);
1106 client_size += value;
1110 proto_item_set_len(cli_key_item, client_size);
1119 /* Register the protocol with Ethereal */
1121 proto_register_wtls(void)
1124 /* Setup list of header fields */
1125 static hf_register_info hf[] = {
1129 FT_UINT8, BASE_DEC, VALS ( wtls_vals_record_type ), 0x0f,
1133 { &hf_wtls_record_type,
1135 "wsp.wtls.rec_type",
1136 FT_UINT8, BASE_DEC, VALS ( wtls_vals_record_type ), 0x0f,
1137 "Record Type", HFILL
1140 { &hf_wtls_record_length,
1142 "wsp.wtls.rec_length",
1143 FT_UINT16, BASE_DEC, NULL, 0x00,
1144 "Record Length", HFILL
1147 { &hf_wtls_record_sequence,
1148 { "Record Sequence",
1150 FT_UINT16, BASE_DEC, NULL, 0x00,
1151 "Record Sequence", HFILL
1154 { &hf_wtls_record_ciphered,
1155 { "Record Ciphered",
1156 "wsp.wtls.rec_cipher",
1157 FT_NONE, BASE_NONE, NULL, 0x00,
1158 "Record Ciphered", HFILL
1163 "wsp.wtls.handshake",
1164 FT_UINT8, BASE_DEC, VALS ( wtls_vals_handshake_type ), 0x00,
1168 { &hf_wtls_hands_type,
1170 "wsp.wtls.handshake.type",
1171 FT_UINT8, BASE_DEC, VALS ( wtls_vals_handshake_type ), 0x00,
1175 { &hf_wtls_hands_length,
1177 "wsp.wtls.handshake.length",
1178 FT_UINT16, BASE_DEC, NULL, 0x00,
1182 { &hf_wtls_hands_cli_hello,
1184 "wsp.wtls.handshake.client_hello",
1185 FT_NONE, BASE_NONE, NULL, 0x00,
1186 "Client Hello", HFILL
1189 { &hf_wtls_hands_cli_hello_version,
1191 "wsp.wtls.handshake.client_hello.version",
1192 FT_UINT8, BASE_DEC, NULL, 0x00,
1196 { &hf_wtls_hands_cli_hello_gmt,
1198 "wsp.wtls.handshake.client_hello.gmt",
1199 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1203 { &hf_wtls_hands_cli_hello_random,
1205 "wsp.wtls.handshake.client_hello.random",
1206 FT_NONE, BASE_NONE, NULL, 0x00,
1210 { &hf_wtls_hands_cli_hello_session,
1212 "wsp.wtls.handshake.client_hello.sessionid",
1213 FT_UINT32, BASE_DEC, NULL, 0x00,
1217 { &hf_wtls_hands_cli_hello_session_str,
1219 "wsp.wtls.handshake.client_hello.session.str",
1220 FT_STRING, BASE_NONE, NULL, 0x00,
1224 { &hf_wtls_hands_cli_hello_cli_key_id,
1226 "wsp.wtls.handshake.client_hello.client_keys_id",
1227 FT_NONE, BASE_NONE, NULL, 0x00,
1228 "Client Keys" , HFILL
1231 { &hf_wtls_hands_cli_hello_cli_key_len,
1233 "wsp.wtls.handshake.client_hello.client_keys_len",
1234 FT_UINT16, BASE_DEC, NULL, 0x00,
1238 { &hf_wtls_hands_cli_hello_trust_key_id,
1240 "wsp.wtls.handshake.client_hello.trusted_keys_id",
1241 FT_NONE, BASE_NONE, NULL, 0x00,
1242 "Trusted Keys" , HFILL
1245 { &hf_wtls_hands_cli_hello_key_exchange,
1247 "wsp.wtls.handshake.client_hello.key.key_exchange",
1248 FT_UINT8, BASE_DEC, VALS ( wtls_vals_key_exchange_suite ), 0x00,
1249 "Key Exchange", HFILL
1252 { &hf_wtls_hands_cli_hello_key_exchange_suite,
1254 "wsp.wtls.handshake.client_hello.key.key_exchange.suite",
1255 FT_UINT8, BASE_DEC, VALS ( wtls_vals_key_exchange_suite ), 0x00,
1259 { &hf_wtls_hands_cli_hello_key_parameter_index,
1260 { "Parameter Index",
1261 "wsp.wtls.handshake.client_hello.parameter_index",
1262 FT_UINT8, BASE_DEC, NULL, 0x00,
1263 "Parameter Index", HFILL
1266 { &hf_wtls_hands_cli_hello_key_parameter_set,
1268 "wsp.wtls.handshake.client_hello.parameter",
1269 FT_STRING, BASE_NONE, NULL, 0x00,
1270 "Parameter Set", HFILL
1273 { &hf_wtls_hands_cli_hello_key_identifier_type,
1274 { "Identifier Type",
1275 "wsp.wtls.handshake.client_hello.ident_type",
1276 FT_UINT8, BASE_DEC, VALS ( wtls_vals_identifier_type ), 0x00,
1277 "Identifier Type", HFILL
1280 { &hf_wtls_hands_cli_hello_key_identifier_charset,
1281 { "Identifier CharSet",
1282 "wsp.wtls.handshake.client_hello.ident_charset",
1283 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1284 "Identifier CharSet", HFILL
1287 { &hf_wtls_hands_cli_hello_key_identifier_size,
1288 { "Identifier Size",
1289 "wsp.wtls.handshake.client_hello.ident_size",
1290 FT_UINT8, BASE_DEC, NULL, 0x00,
1291 "Identifier Size", HFILL
1294 { &hf_wtls_hands_cli_hello_key_identifier,
1296 "wsp.wtls.handshake.client_hello.identifier",
1297 FT_NONE, BASE_NONE, NULL, 0x00,
1301 { &hf_wtls_hands_cli_hello_key_identifier_str,
1302 { "Identifier Name",
1303 "wsp.wtls.handshake.client_hello.ident_name",
1304 FT_STRING, BASE_NONE, NULL, 0x00,
1305 "Identifier Name", HFILL
1308 { &hf_wtls_hands_cli_hello_cipher_suite,
1310 "wsp.wtls.handshake.client_hello.ciphers",
1311 FT_NONE, BASE_NONE, NULL, 0x00,
1312 "Cipher Suite", HFILL
1315 { &hf_wtls_hands_cli_hello_cipher_suite_item,
1317 "wsp.wtls.handshake.client_hello.cipher",
1318 FT_STRING, BASE_NONE, NULL, 0x00,
1322 { &hf_wtls_hands_cli_hello_compression_methods,
1323 { "Compression Methods",
1324 "wsp.wtls.handshake.client_hello.comp_methods",
1325 FT_NONE, BASE_NONE, NULL, 0x00,
1326 "Compression Methods", HFILL
1329 { &hf_wtls_hands_cli_hello_compression,
1331 "wsp.wtls.handshake.client_hello.compression",
1332 FT_UINT8, BASE_HEX, VALS ( wtls_vals_compression ), 0x00,
1333 "Compression", HFILL
1336 { &hf_wtls_hands_cli_hello_sequence_mode,
1338 "wsp.wtls.handshake.client_hello.sequence_mode",
1339 FT_UINT8, BASE_DEC, VALS ( wtls_vals_sequence_mode ), 0x00,
1340 "Sequence Mode", HFILL
1343 { &hf_wtls_hands_cli_hello_key_refresh,
1345 "wsp.wtls.handshake.client_hello.refresh",
1346 FT_UINT8, BASE_DEC, NULL, 0x00,
1350 { &hf_wtls_hands_serv_hello,
1352 "wsp.wtls.handshake.server_hello",
1353 FT_NONE, BASE_NONE, NULL, 0x00,
1354 "Server Hello", HFILL
1357 { &hf_wtls_hands_serv_hello_version,
1359 "wsp.wtls.handshake.server_hello.version",
1360 FT_UINT8, BASE_DEC, NULL, 0x00,
1364 { &hf_wtls_hands_serv_hello_gmt,
1366 "wsp.wtls.handshake.server_hello.gmt",
1367 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1371 { &hf_wtls_hands_serv_hello_random,
1373 "wsp.wtls.handshake.server_hello.random",
1374 FT_NONE, BASE_NONE, NULL, 0x00,
1378 { &hf_wtls_hands_serv_hello_session,
1380 "wsp.wtls.handshake.server_hello.sessionid",
1381 FT_UINT32, BASE_DEC, NULL, 0x00,
1385 { &hf_wtls_hands_serv_hello_session_str,
1387 "wsp.wtls.handshake.server_hello.session.str",
1388 FT_STRING, BASE_NONE, NULL, 0x00,
1392 { &hf_wtls_hands_serv_hello_cli_key_id,
1394 "wsp.wtls.handshake.server_hello.key",
1395 FT_UINT8, BASE_HEX, NULL, 0x00,
1396 "Client Key ID", HFILL
1399 { &hf_wtls_hands_serv_hello_cipher_suite_item,
1401 "wsp.wtls.handshake.server_hello.cipher",
1402 FT_NONE, BASE_NONE, NULL, 0x00,
1406 { &hf_wtls_hands_serv_hello_cipher_bulk,
1408 "wsp.wtls.handshake.server_hello.cipher.bulk",
1409 FT_UINT8, BASE_DEC, VALS ( wtls_vals_cipher_bulk ), 0x00,
1410 "Cipher Bulk", HFILL
1413 { &hf_wtls_hands_serv_hello_cipher_mac,
1415 "wsp.wtls.handshake.server_hello.cipher.mac",
1416 FT_UINT8, BASE_DEC, VALS ( wtls_vals_cipher_mac ), 0x00,
1420 { &hf_wtls_hands_serv_hello_compression,
1422 "wsp.wtls.handshake.server_hello.compression",
1423 FT_UINT8, BASE_HEX, VALS ( wtls_vals_compression ), 0x00,
1424 "Compression", HFILL
1427 { &hf_wtls_hands_serv_hello_sequence_mode,
1429 "wsp.wtls.handshake.server_hello.sequence_mode",
1430 FT_UINT8, BASE_DEC, VALS ( wtls_vals_sequence_mode ), 0x00,
1431 "Sequence Mode", HFILL
1434 { &hf_wtls_hands_serv_hello_key_refresh,
1436 "wsp.wtls.handshake.server_hello.refresh",
1437 FT_UINT8, BASE_DEC, NULL, 0x00,
1441 { &hf_wtls_hands_certificates,
1443 "wsp.wtls.handshake.certificates",
1444 FT_NONE, BASE_NONE, NULL, 0x00,
1445 "Certificates", HFILL
1448 { &hf_wtls_hands_certificate,
1450 "wsp.wtls.handshake.certificate",
1451 FT_NONE, BASE_NONE, NULL, 0x00,
1452 "Certificate", HFILL
1455 { &hf_wtls_hands_certificate_type,
1457 "wsp.wtls.handshake.certificate.type",
1458 FT_UINT8, BASE_DEC, VALS ( wtls_vals_certificate_type ), 0x00,
1462 { &hf_wtls_hands_certificate_wtls_version,
1464 "wsp.wtls.handshake.certificate.version",
1465 FT_UINT8, BASE_HEX, NULL, 0x00,
1469 { &hf_wtls_hands_certificate_wtls_signature_type,
1471 "wsp.wtls.handshake.certificate.signature.type",
1472 FT_UINT8, BASE_DEC, VALS ( wtls_vals_certificate_signature ), 0x00,
1473 "Signature Type", HFILL
1476 { &hf_wtls_hands_certificate_wtls_signature,
1478 "wsp.wtls.handshake.certificate.signature.signature",
1479 FT_UINT32, BASE_DEC, NULL, 0x00,
1480 "Signature Size", HFILL
1483 { &hf_wtls_hands_certificate_wtls_issuer_type,
1485 "wsp.wtls.handshake.certificate.issuer.type",
1486 FT_UINT8, BASE_DEC, VALS ( wtls_vals_identifier_type ), 0x00,
1490 { &hf_wtls_hands_certificate_wtls_issuer_charset,
1492 "wsp.wtls.handshake.certificate.issuer.charset",
1493 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1497 { &hf_wtls_hands_certificate_wtls_issuer_size,
1499 "wsp.wtls.handshake.certificate.issuer.size",
1500 FT_UINT8, BASE_DEC, NULL, 0x00,
1504 { &hf_wtls_hands_certificate_wtls_issuer_name,
1506 "wsp.wtls.handshake.certificate.issuer.name",
1507 FT_STRING, BASE_NONE, NULL, 0x00,
1511 { &hf_wtls_hands_certificate_wtls_valid_not_before,
1512 { "Valid not before",
1513 "wsp.wtls.handshake.certificate.before",
1514 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1515 "Valid not before", HFILL
1518 { &hf_wtls_hands_certificate_wtls_valid_not_after,
1519 { "Valid not after",
1520 "wsp.wtls.handshake.certificate.after",
1521 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1522 "Valid not after", HFILL
1525 { &hf_wtls_hands_certificate_wtls_subject_type,
1527 "wsp.wtls.handshake.certificate.subject.type",
1528 FT_UINT8, BASE_DEC, VALS ( wtls_vals_identifier_type ), 0x00,
1532 { &hf_wtls_hands_certificate_wtls_subject_charset,
1534 "wsp.wtls.handshake.certificate.subject.charset",
1535 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1539 { &hf_wtls_hands_certificate_wtls_subject_size,
1541 "wsp.wtls.handshake.certificate.subject.size",
1542 FT_UINT8, BASE_DEC, NULL, 0x00,
1546 { &hf_wtls_hands_certificate_wtls_subject_name,
1548 "wsp.wtls.handshake.certificate.subject.name",
1549 FT_STRING, BASE_NONE, NULL, 0x00,
1553 { &hf_wtls_hands_certificate_wtls_public_key_type,
1554 { "Public Key Type",
1555 "wsp.wtls.handshake.certificate.public.type",
1556 FT_UINT8, BASE_DEC, VALS ( wtls_vals_public_key_type ), 0x00,
1557 "Public Key Type", HFILL
1560 { &hf_wtls_hands_certificate_wtls_key_parameter_index,
1561 { "Parameter Index",
1562 "wsp.wtls.handshake.certificate.parameter_index",
1563 FT_UINT8, BASE_DEC, NULL, 0x00,
1564 "Parameter Index", HFILL
1567 { &hf_wtls_hands_certificate_wtls_key_parameter_set,
1569 "wsp.wtls.handshake.certificate.parameter",
1570 FT_STRING, BASE_NONE, NULL, 0x00,
1571 "Parameter Set", HFILL
1574 { &hf_wtls_hands_certificate_wtls_rsa_exponent,
1575 { "RSA Exponent Size",
1576 "wsp.wtls.handshake.certificate.rsa.exponent",
1577 FT_UINT32, BASE_DEC, NULL, 0x00,
1578 "RSA Exponent Size", HFILL
1581 { &hf_wtls_hands_certificate_wtls_rsa_modules,
1582 { "RSA Modulus Size",
1583 "wsp.wtls.handshake.certificate.rsa.modules",
1584 FT_UINT32, BASE_DEC, NULL, 0x00,
1585 "RSA Modulus Size", HFILL
1591 FT_NONE, BASE_NONE, NULL, 0x00,
1595 { &hf_wtls_alert_level,
1597 "wsp.wtls.alert.level",
1598 FT_UINT8, BASE_DEC, VALS ( wtls_vals_alert_level ), 0x00,
1602 { &hf_wtls_alert_description,
1604 "wsp.wtls.alert.description",
1605 FT_UINT8, BASE_DEC, VALS ( wtls_vals_alert_description ), 0x00,
1606 "Description", HFILL
1611 /* Setup protocol subtree array */
1612 static gint *ett[] = {
1616 &ett_wtls_msg_type_item,
1617 &ett_wtls_msg_type_item_sub,
1618 &ett_wtls_msg_type_item_sub_sub,
1621 /* Register the protocol name and description */
1622 proto_wtls = proto_register_protocol(
1623 "Wireless Transport Layer Security", /* protocol name for use by ethereal */
1624 "WTLS", /* short version of name */
1625 "wap-wtls" /* Abbreviated protocol name, should Match IANA
1626 < URL:http://www.isi.edu/in-notes/iana/assignments/port-numbers/ >
1630 /* Required function calls to register the header fields and subtrees used */
1631 proto_register_field_array(proto_wtls, hf, array_length(hf));
1632 proto_register_subtree_array(ett, array_length(ett));
1636 proto_reg_handoff_wtls(void)
1638 dissector_handle_t wtls_handle;
1641 * Get handles for the WTP and connectionless WSP dissectors.
1643 wtp_handle = find_dissector("wtp");
1644 wsp_handle = find_dissector("wsp-cl");
1646 wtls_handle = create_dissector_handle(dissect_wtls, proto_wtls);
1647 dissector_add("udp.port", UDP_PORT_WTLS_WSP, wtls_handle);
1648 dissector_add("udp.port", UDP_PORT_WTLS_WTP_WSP, wtls_handle);
1649 dissector_add("udp.port", UDP_PORT_WTLS_WSP_PUSH,wtls_handle);