3 * Routines to dissect WTLS component of WAP traffic.
5 * $Id: packet-wtls.c,v 1.24 2004/02/28 22:56:36 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * WAP dissector based on original work by Ben Fowler
12 * Updated by Neil Hunter <neil.hunter@energis-squared.com>
13 * WTLS support by Alexandre P. Ferreira (Splice IP)
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
37 #ifdef NEED_SNPRINTF_H
38 # include "snprintf.h"
43 #include <epan/packet.h>
44 #include "packet-wap.h"
45 #include "packet-wtls.h"
47 /* File scoped variables for the protocol and registered fields */
48 static int proto_wtls = HF_EMPTY;
50 /* These fields used by fixed part of header */
51 static int hf_wtls_record = HF_EMPTY;
52 static int hf_wtls_record_type = HF_EMPTY;
53 static int hf_wtls_record_length = HF_EMPTY;
54 static int hf_wtls_record_sequence = HF_EMPTY;
55 static int hf_wtls_record_ciphered = HF_EMPTY;
56 static int hf_wtls_hands = HF_EMPTY;
57 static int hf_wtls_hands_type = HF_EMPTY;
58 static int hf_wtls_hands_length = HF_EMPTY;
59 static int hf_wtls_hands_cli_hello = HF_EMPTY;
60 static int hf_wtls_hands_cli_hello_version = HF_EMPTY;
61 static int hf_wtls_hands_cli_hello_gmt = HF_EMPTY;
62 static int hf_wtls_hands_cli_hello_random = HF_EMPTY;
63 static int hf_wtls_hands_cli_hello_session = HF_EMPTY;
64 static int hf_wtls_hands_cli_hello_session_str = HF_EMPTY;
65 static int hf_wtls_hands_cli_hello_cli_key_id = HF_EMPTY;
66 static int hf_wtls_hands_cli_hello_cli_key_len = HF_EMPTY;
67 static int hf_wtls_hands_cli_hello_trust_key_id = HF_EMPTY;
68 static int hf_wtls_hands_cli_hello_key_exchange =HF_EMPTY;
69 static int hf_wtls_hands_cli_hello_key_exchange_suite =HF_EMPTY;
70 static int hf_wtls_hands_cli_hello_key_parameter_index =HF_EMPTY;
71 static int hf_wtls_hands_cli_hello_key_parameter_set =HF_EMPTY;
72 static int hf_wtls_hands_cli_hello_key_identifier_type =HF_EMPTY;
73 static int hf_wtls_hands_cli_hello_key_identifier_charset =HF_EMPTY;
74 static int hf_wtls_hands_cli_hello_key_identifier_size =HF_EMPTY;
75 static int hf_wtls_hands_cli_hello_key_identifier =HF_EMPTY;
76 static int hf_wtls_hands_cli_hello_key_identifier_str =HF_EMPTY;
77 static int hf_wtls_hands_cli_hello_cipher_suite =HF_EMPTY;
78 static int hf_wtls_hands_cli_hello_cipher_suite_item =HF_EMPTY;
79 static int hf_wtls_hands_cli_hello_compression_methods =HF_EMPTY;
80 static int hf_wtls_hands_cli_hello_compression =HF_EMPTY;
81 static int hf_wtls_hands_cli_hello_sequence_mode =HF_EMPTY;
82 static int hf_wtls_hands_cli_hello_key_refresh =HF_EMPTY;
83 static int hf_wtls_hands_serv_hello = HF_EMPTY;
84 static int hf_wtls_hands_serv_hello_version = HF_EMPTY;
85 static int hf_wtls_hands_serv_hello_gmt = HF_EMPTY;
86 static int hf_wtls_hands_serv_hello_random = HF_EMPTY;
87 static int hf_wtls_hands_serv_hello_session = HF_EMPTY;
88 static int hf_wtls_hands_serv_hello_session_str = HF_EMPTY;
89 static int hf_wtls_hands_serv_hello_cli_key_id =HF_EMPTY;
90 static int hf_wtls_hands_serv_hello_cipher_suite_item =HF_EMPTY;
91 static int hf_wtls_hands_serv_hello_cipher_bulk =HF_EMPTY;
92 static int hf_wtls_hands_serv_hello_cipher_mac =HF_EMPTY;
93 static int hf_wtls_hands_serv_hello_compression =HF_EMPTY;
94 static int hf_wtls_hands_serv_hello_sequence_mode =HF_EMPTY;
95 static int hf_wtls_hands_serv_hello_key_refresh =HF_EMPTY;
96 static int hf_wtls_hands_certificates =HF_EMPTY;
97 static int hf_wtls_hands_certificate =HF_EMPTY;
98 static int hf_wtls_hands_certificate_type =HF_EMPTY;
99 static int hf_wtls_hands_certificate_wtls_version =HF_EMPTY;
100 static int hf_wtls_hands_certificate_wtls_signature_type =HF_EMPTY;
101 static int hf_wtls_hands_certificate_wtls_issuer_type =HF_EMPTY;
102 static int hf_wtls_hands_certificate_wtls_issuer_charset =HF_EMPTY;
103 static int hf_wtls_hands_certificate_wtls_issuer_size =HF_EMPTY;
104 static int hf_wtls_hands_certificate_wtls_issuer_name =HF_EMPTY;
105 static int hf_wtls_hands_certificate_wtls_valid_not_before =HF_EMPTY;
106 static int hf_wtls_hands_certificate_wtls_valid_not_after =HF_EMPTY;
107 static int hf_wtls_hands_certificate_wtls_subject_type =HF_EMPTY;
108 static int hf_wtls_hands_certificate_wtls_subject_charset =HF_EMPTY;
109 static int hf_wtls_hands_certificate_wtls_subject_size = HF_EMPTY;
110 static int hf_wtls_hands_certificate_wtls_subject_name = HF_EMPTY;
111 static int hf_wtls_hands_certificate_wtls_public_key_type = HF_EMPTY;
112 static int hf_wtls_hands_certificate_wtls_key_parameter_index = HF_EMPTY;
113 static int hf_wtls_hands_certificate_wtls_key_parameter_set = HF_EMPTY;
114 static int hf_wtls_hands_certificate_wtls_rsa_exponent = HF_EMPTY;
115 static int hf_wtls_hands_certificate_wtls_rsa_modules = HF_EMPTY;
116 static int hf_wtls_hands_certificate_wtls_signature = HF_EMPTY;
117 static int hf_wtls_alert = HF_EMPTY;
118 static int hf_wtls_alert_level = HF_EMPTY;
119 static int hf_wtls_alert_description = HF_EMPTY;
121 /* Initialize the subtree pointers */
122 static gint ett_wtls = ETT_EMPTY;
123 static gint ett_wtls_rec = ETT_EMPTY;
124 static gint ett_wtls_msg_type = ETT_EMPTY;
125 static gint ett_wtls_msg_type_item = ETT_EMPTY;
126 static gint ett_wtls_msg_type_item_sub = ETT_EMPTY;
127 static gint ett_wtls_msg_type_item_sub_sub = ETT_EMPTY;
129 static const value_string wtls_vals_record_type[] = {
130 { 1, "change_cipher_data" },
133 { 4, "application_data" },
137 static const value_string wtls_vals_cipher_bulk[] = {
144 { 6, "3DES CBC cwEDE40" },
145 { 7, "IDEA CBC 40" },
146 { 8, "IDEA CBC 56" },
151 static const value_string wtls_vals_cipher_mac[] = {
163 static const value_string wtls_vals_handshake_type[] = {
164 { 0, "Hello Request" },
165 { 1, "Client Hello" },
166 { 2, "Server Hello" },
167 { 11, "Certificate" },
168 { 12, "Server Key Exchange" },
169 { 13, "Certificate Request" },
170 { 14, "Server Hello Done" },
171 { 15, "Certificate Verify" },
172 { 16, "Client Key Exchange" },
177 static const value_string wtls_vals_key_exchange_suite[] = {
179 { 1, "Shared Secret" },
180 { 2, "Diffie Hellman Anonymous" },
181 { 3, "Diffie Hellman Anonymous 512" },
182 { 4, "Diffie Hellman Anonymous 768" },
183 { 5, "RSA Anonymous" },
184 { 6, "RSA Anonymous 512" },
185 { 7, "RSA Anonymous 768" },
189 { 11, "EC Diffie Hellman Anonymous" },
190 { 12, "EC Diffie Hellman Anonymous 113" },
191 { 13, "EC Diffie Hellman Anonymous 131" },
192 { 14, "EC Diffie Hellman ECDSA" },
193 { 15, "EC Diffie Hellman Anonymous Uncomp" },
194 { 16, "EC Diffie Hellman Anonymous Uncomp 113" },
195 { 17, "EC Diffie Hellman Anonymous Uncomp 131" },
196 { 18, "EC Diffie Hellman ECDSA Uncomp" },
200 static const value_string wtls_vals_identifier_type[] = {
201 { 0, "No identifier" },
202 { 1, "Textual Name" },
203 { 2, "Binary Name" },
204 { 254, "SHA-1 Hash of Public Key" },
205 { 255, "x509 Distinguished Name" },
209 static const value_string wtls_vals_certificate_type[] = {
217 static const value_string wtls_vals_compression[] = {
222 static const value_string wtls_vals_sequence_mode[] = {
229 static const value_string wtls_vals_certificate_signature[] = {
236 static const value_string wtls_vals_public_key_type[] = {
243 static const value_string wtls_vals_alert_level[] = {
250 static const value_string wtls_vals_alert_description[] = {
251 { 0,"connection_close_notify"},
252 { 1,"session_close_notify"},
253 { 5,"no_connection"},
254 { 10,"unexpected_message"},
255 { 11,"time_required"},
256 { 20,"bad_record_mac"},
257 { 21,"decryption_failed"},
258 { 22,"record_overflow"},
259 { 30,"decompression_failure"},
260 { 40,"handshake_failure"},
261 { 42,"bad_certificate"},
262 { 43,"unsupported_certificate"},
263 { 44,"certificate_revoked"},
264 { 45,"certificate_expired"},
265 { 46,"certificate_unknown"},
266 { 47,"illegal_parameter"},
268 { 49,"access_denied"},
269 { 50,"decode_error"},
270 { 51,"decrypt_error"},
271 { 52,"unknown_key_id"},
272 { 53,"disabled_key_id"},
273 { 54,"key_exchange_disabled"},
274 { 55,"session_not_ready"},
275 { 56,"unknown_parameter_index"},
276 { 57,"duplicate_finished_received"},
277 { 60,"export_restriction"},
278 { 70,"protocol_version"},
279 { 71,"insufficient_security"},
280 { 80,"internal_error"},
281 { 90,"user_canceled"},
282 { 100,"no_renegotiation"},
286 #define WTLS_RECORD_TYPE_LENGTH 0x80
287 #define WTLS_RECORD_TYPE_SEQUENCE 0x40
288 #define WTLS_RECORD_TYPE_CIPHER_CUR 0x20
289 #define WTLS_RECORD_CONTENT_TYPE 0x0f
291 #define WTLS_ALERT 0x02
292 #define WTLS_PLAIN_HANDSHAKE 0x03
294 #define WTLS_HANDSHAKE_CLIENT_HELLO 1
295 #define WTLS_HANDSHAKE_SERVER_HELLO 2
296 #define WTLS_HANDSHAKE_CERTIFICATE 11
298 #define CERTIFICATE_WTLS 1
299 #define CERTIFICATE_X509 2
300 #define CERTIFICATE_X968 3
301 #define CERTIFICATE_URL 4
303 #define IDENTIFIER_NULL 0
304 #define IDENTIFIER_TEXT 1
305 #define IDENTIFIER_BIN 2
306 #define IDENTIFIER_SHA_1 254
307 #define IDENTIFIER_X509 255
309 #define PUBLIC_KEY_RSA 2
310 #define PUBLIC_KEY_ECDH 3
311 #define PUBLIC_KEY_ECDSA 4
313 static void dissect_wtls_handshake (proto_tree *, tvbuff_t *, guint, guint);
315 /* Code to actually dissect the packets */
317 dissect_wtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
324 guint offset_wtls = 0;
326 /* Set up structures we will need to add the protocol subtree and manage it */
328 proto_tree *wtls_tree;
329 proto_tree *wtls_rec_tree;
330 proto_tree *wtls_msg_type_tree;
332 if (check_col(pinfo->cinfo, COL_PROTOCOL))
334 switch ( pinfo->match_port )
336 case UDP_PORT_WTLS_WSP:
337 col_set_str(pinfo->cinfo, COL_PROTOCOL, "WTLS+WSP" );
339 case UDP_PORT_WTLS_WTP_WSP:
340 col_set_str(pinfo->cinfo, COL_PROTOCOL, "WTLS+WTP+WSP" );
345 /* Develop the string to put in the Info column */
346 if (check_col(pinfo->cinfo, COL_INFO)) {
347 col_set_str(pinfo->cinfo, COL_INFO, "WTLS" );
350 /* In the interest of speed, if "tree" is NULL, don't do any work not
351 necessary to generate protocol tree items. */
354 ti = proto_tree_add_item(tree, proto_wtls, tvb, offset_wtls,
355 -1, bo_little_endian);
356 wtls_tree = proto_item_add_subtree(ti, ett_wtls);
358 for (offset_wtls=0; offset_wtls < (tvb_reported_length(tvb)-1);) {
359 pdut = tvb_get_guint8 (tvb, offset_wtls);
361 offset = offset_wtls+1;
363 if (pdut & WTLS_RECORD_TYPE_SEQUENCE) {
366 if (pdut & WTLS_RECORD_TYPE_LENGTH) {
367 count = tvb_get_ntohs(tvb, offset);
369 count += offset-offset_wtls;
372 count = tvb_length_remaining (tvb, offset_wtls);
374 ti = proto_tree_add_uint(wtls_tree, hf_wtls_record, tvb, offset_wtls,
376 wtls_rec_tree = proto_item_add_subtree(ti, ett_wtls_rec);
378 offset = offset_wtls;
380 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_type,
381 tvb,offset,1,bo_big_endian);
385 offset_wtls += count;
387 if (pdut & WTLS_RECORD_TYPE_SEQUENCE) {
388 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_sequence,
389 tvb,offset,2,bo_big_endian);
392 if (pdut & WTLS_RECORD_TYPE_LENGTH) {
393 count = tvb_get_ntohs(tvb, offset);
394 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_length,
395 tvb,offset,2,bo_big_endian);
399 count = tvb_length_remaining (tvb, offset);
402 if (pdut & WTLS_RECORD_TYPE_CIPHER_CUR) {
403 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_ciphered,
404 tvb,offset,count,bo_big_endian);
408 switch (pdut & WTLS_RECORD_CONTENT_TYPE) {
409 case WTLS_PLAIN_HANDSHAKE :
410 dissect_wtls_handshake(wtls_rec_tree,tvb,offset,count);
413 ti = proto_tree_add_item(wtls_rec_tree, hf_wtls_alert, tvb, offset,
414 count, bo_little_endian);
415 wtls_msg_type_tree = proto_item_add_subtree(ti, ett_wtls_msg_type);
416 pdu_msg_type = tvb_get_guint8 (tvb, offset);
417 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_alert_level,
418 tvb,offset,1,bo_big_endian);
420 count = tvb_get_ntohs (tvb, offset);
421 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_alert_description,
422 tvb,offset,1,bo_big_endian);
433 add_text_identifier(tvbuff_t *tvb, int offset, int hf_charset,
434 int hf_size, int hf_str, proto_tree *tree)
439 proto_tree_add_item(tree, hf_charset, tvb, offset, 2, bo_big_endian);
441 size = tvb_get_guint8 (tvb, offset);
442 proto_tree_add_item(tree, hf_size, tvb, offset, 1, bo_big_endian);
444 proto_tree_add_item(tree, hf_str, tvb, offset, size, bo_big_endian);
448 fprintf(stderr, "text id size = %d, client_size = %d\n",
455 dissect_wtls_handshake(proto_tree *tree, tvbuff_t *tvb, guint offset, guint count)
462 guint public_key = 0;
465 char *valBulk = NULL;
469 proto_item *cli_key_item;
470 proto_tree *wtls_msg_type_tree;
471 proto_tree *wtls_msg_type_item_tree;
472 proto_tree *wtls_msg_type_item_sub_tree;
473 proto_tree *wtls_msg_type_item_sub_sub_tree;
475 pdu_msg_type = tvb_get_guint8 (tvb, offset);
476 ti = proto_tree_add_uint(tree, hf_wtls_hands, tvb, offset,count, pdu_msg_type);
477 wtls_msg_type_tree = proto_item_add_subtree(ti, ett_wtls_msg_type);
479 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_hands_type,
480 tvb,offset,1,bo_big_endian);
482 count = tvb_get_ntohs (tvb, offset);
483 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_hands_length,
484 tvb,offset,2,bo_big_endian);
486 switch(pdu_msg_type) {
487 case WTLS_HANDSHAKE_CLIENT_HELLO :
488 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_cli_hello, tvb, offset,
489 count, bo_little_endian);
490 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
491 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_version,
492 tvb,offset,1,bo_big_endian);
494 timeValue.secs = tvb_get_ntohl (tvb, offset);
496 ti = proto_tree_add_time (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_gmt, tvb,
497 offset, 4, &timeValue);
499 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_random,
500 tvb,offset,12,bo_big_endian);
502 count = tvb_get_guint8(tvb, offset);
505 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session_str,
506 tvb,offset,count+1,"NULL");
509 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
510 tvb,offset,count+1,tvb_get_guint8(tvb,offset+1));
513 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
514 tvb,offset,count+1,tvb_get_ntohs(tvb,offset+1));
517 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
518 tvb,offset,count+1,tvb_get_ntoh24(tvb,offset+1));
521 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
522 tvb,offset,count+1,tvb_get_ntohl(tvb,offset+1));
525 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session_str,
526 tvb,offset,count+1,"Too big");
531 /* process client_key_ids structure */
532 count = tvb_get_ntohs (tvb, offset);
533 ti = proto_tree_add_item(wtls_msg_type_item_tree,
534 hf_wtls_hands_cli_hello_cli_key_id, tvb, offset,
535 count+2, bo_little_endian);
536 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
538 /* display length of client_key_ids structure */
539 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
540 hf_wtls_hands_cli_hello_cli_key_len,
541 tvb,offset,2,bo_big_endian);
544 /* cycle through client_key_ids entries */
545 for (;count > 0;count-=client_size) {
546 /* get encryption suite id (one byte) */
547 value = tvb_get_guint8 (tvb, offset);
548 cli_key_item = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
549 hf_wtls_hands_cli_hello_key_exchange, tvb, offset,1,
552 wtls_msg_type_item_sub_sub_tree = proto_item_add_subtree(cli_key_item,
553 ett_wtls_msg_type_item_sub_sub);
554 ti = proto_tree_add_uint(wtls_msg_type_item_sub_sub_tree,
555 hf_wtls_hands_cli_hello_key_exchange_suite,
559 fprintf(stderr, "encryption suite = %d, client_size = %d\n", value, client_size);
562 /* get parameter index (one byte) */
563 value = tvb_get_guint8 (tvb, offset);
564 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
565 hf_wtls_hands_cli_hello_key_parameter_index,
566 tvb,offset,1,bo_big_endian);
570 fprintf(stderr, "parameter index = %d, client_size = %d\n", value, client_size);
573 /* explicit parameters present in next field */
575 size = tvb_get_ntohs (tvb, offset);
576 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
577 hf_wtls_hands_cli_hello_key_parameter_set,
578 tvb,offset,size+2,bo_big_endian);
583 /* get identifier type */
584 value = tvb_get_guint8 (tvb, offset);
585 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
586 hf_wtls_hands_cli_hello_key_identifier_type,
587 tvb,offset,1,bo_big_endian);
591 fprintf(stderr, "identifier type = %d, client_size = %d\n", value, client_size);
594 /* identifier present in next field */
595 /* note: value 0x0 means no identifier */
597 case IDENTIFIER_TEXT :
598 /* text identifier */
600 size = add_text_identifier(
602 hf_wtls_hands_cli_hello_key_identifier_charset,
603 hf_wtls_hands_cli_hello_key_identifier_size,
604 hf_wtls_hands_cli_hello_key_identifier_str,
605 wtls_msg_type_item_sub_sub_tree);
609 case IDENTIFIER_BIN :
610 /* binary identifier */
611 size = tvb_get_guint8 (tvb, offset);
612 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
613 hf_wtls_hands_cli_hello_key_identifier_size,
614 tvb,offset,1,bo_big_endian);
616 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
617 hf_wtls_hands_cli_hello_key_identifier,
618 tvb,offset,size,bo_big_endian);
622 fprintf(stderr, "binary id size = %d, client_size = %d\n",
626 case IDENTIFIER_SHA_1 :
627 /* SHA-1 hash of the public key */
628 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
629 hf_wtls_hands_cli_hello_key_identifier,
630 tvb,offset,20,bo_big_endian);
634 fprintf(stderr, "SHA-1 hash size = 20, client_size = %d\n",
638 case IDENTIFIER_X509 :
639 /* X.509 distinguished name */
641 size = tvb_get_guint8 (tvb, offset);
642 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
643 hf_wtls_hands_cli_hello_key_identifier_size,
644 tvb,offset,1,bo_big_endian);
646 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
647 hf_wtls_hands_cli_hello_key_identifier,
648 tvb,offset,size,bo_big_endian);
652 fprintf(stderr, "X.509 name size = %d, client_size = %d\n",
658 proto_item_set_len(cli_key_item, client_size);
661 /* process trusted_keys structure */
662 count = tvb_get_ntohs (tvb, offset);
663 ti = proto_tree_add_item(wtls_msg_type_item_tree,
664 hf_wtls_hands_cli_hello_trust_key_id, tvb, offset,
665 count+2, bo_little_endian);
666 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
668 /* display length of trusted_keys structure */
669 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
670 hf_wtls_hands_cli_hello_cli_key_len,
671 tvb,offset,2,bo_big_endian);
674 for (;count > 0;count-=client_size) {
675 /* get encryption suite id (one byte) */
676 value = tvb_get_guint8 (tvb, offset);
677 cli_key_item = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
678 hf_wtls_hands_cli_hello_key_exchange, tvb, offset,1,
681 wtls_msg_type_item_sub_sub_tree = proto_item_add_subtree(cli_key_item,
682 ett_wtls_msg_type_item_sub_sub);
683 ti = proto_tree_add_uint(wtls_msg_type_item_sub_sub_tree,
684 hf_wtls_hands_cli_hello_key_exchange_suite,
688 fprintf(stderr, "encryption suite = %d, client_size = %d\n", value, client_size);
691 /* get parameter index (one byte) */
692 value = tvb_get_guint8 (tvb, offset);
693 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
694 hf_wtls_hands_cli_hello_key_parameter_index,
695 tvb,offset,1,bo_big_endian);
699 fprintf(stderr, "parameter index = %d, client_size = %d\n", value, client_size);
702 /* explicit parameters present in next field */
704 size = tvb_get_ntohs (tvb, offset);
705 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
706 hf_wtls_hands_cli_hello_key_parameter_set,
707 tvb,offset,size+2,bo_big_endian);
712 /* get identifier type */
713 value = tvb_get_guint8 (tvb, offset);
714 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
715 hf_wtls_hands_cli_hello_key_identifier_type,
716 tvb,offset,1,bo_big_endian);
720 fprintf(stderr, "identifier type = %d, client_size = %d\n", value, client_size);
723 /* identifier present in next field */
724 /* note: value 0x0 means no identifier */
726 case IDENTIFIER_TEXT :
727 /* text identifier */
729 size = add_text_identifier(
731 hf_wtls_hands_cli_hello_key_identifier_charset,
732 hf_wtls_hands_cli_hello_key_identifier_size,
733 hf_wtls_hands_cli_hello_key_identifier_str,
734 wtls_msg_type_item_sub_sub_tree);
738 case IDENTIFIER_BIN :
739 /* binary identifier */
740 size = tvb_get_guint8 (tvb, offset);
741 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
742 hf_wtls_hands_cli_hello_key_identifier_size,
743 tvb,offset,1,bo_big_endian);
745 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
746 hf_wtls_hands_cli_hello_key_identifier,
747 tvb,offset,size,bo_big_endian);
751 fprintf(stderr, "binary id size = %d, client_size = %d\n",
755 case IDENTIFIER_SHA_1 :
756 /* SHA-1 hash of the public key */
757 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
758 hf_wtls_hands_cli_hello_key_identifier,
759 tvb,offset,20,bo_big_endian);
763 fprintf(stderr, "SHA-1 hash size = 20, client_size = %d\n",
767 case IDENTIFIER_X509 :
768 /* X.509 distinguished name */
770 size = tvb_get_guint8 (tvb, offset);
771 /* need to fetch identifier and display it */
772 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
773 hf_wtls_hands_cli_hello_key_identifier_size,
774 tvb,offset,1,bo_big_endian);
776 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
777 hf_wtls_hands_cli_hello_key_identifier,
778 tvb,offset,size,bo_big_endian);
782 fprintf(stderr, "X.509 name size = %d, client_size = %d\n",
787 proto_item_set_len(cli_key_item, client_size);
790 /* process cipher_suites structure */
791 count = tvb_get_guint8 (tvb, offset);
792 ti = proto_tree_add_item(wtls_msg_type_item_tree,
793 hf_wtls_hands_cli_hello_cipher_suite, tvb, offset,
794 count+1, bo_little_endian);
795 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
797 for (;count > 0;count-=client_size) {
798 value = tvb_get_guint8 (tvb, offset);
799 valBulk = match_strval(value, wtls_vals_cipher_bulk);
802 valMac = match_strval(tvb_get_guint8 (tvb, offset), wtls_vals_cipher_mac);
807 snprintf(valStr,1024,"%s, %s",valBulk,valMac);
811 snprintf(valStr,1024,"%s, Unknown MAC (0x%02x)",valBulk,tvb_get_guint8 (tvb, offset));
818 snprintf(valStr,1024,"Unknown Bulk (0x%02x), %s",value,valMac);
822 snprintf(valStr,1024,"Unknown Bulk (0x%02x), Unknown MAC (0x%02x)",value,
823 tvb_get_guint8 (tvb, offset));
828 cli_key_item = proto_tree_add_string(wtls_msg_type_item_sub_tree,
829 hf_wtls_hands_cli_hello_cipher_suite_item, tvb, offset-2,2,
832 count = tvb_get_guint8 (tvb, offset);
833 ti = proto_tree_add_item(wtls_msg_type_item_tree,
834 hf_wtls_hands_cli_hello_compression_methods, tvb, offset,
835 count+1, bo_little_endian);
836 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
838 for (;count > 0;count-=client_size) {
840 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
841 hf_wtls_hands_cli_hello_compression, tvb, offset,1,
846 ti = proto_tree_add_item(wtls_msg_type_item_tree,
847 hf_wtls_hands_cli_hello_sequence_mode, tvb, offset,
848 1, bo_little_endian);
850 ti = proto_tree_add_item(wtls_msg_type_item_tree,
851 hf_wtls_hands_cli_hello_key_refresh, tvb, offset,
852 1, bo_little_endian);
854 case WTLS_HANDSHAKE_SERVER_HELLO :
855 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_serv_hello, tvb, offset,
856 count, bo_little_endian);
857 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
858 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_version,
859 tvb,offset,1,bo_big_endian);
861 timeValue.secs = tvb_get_ntohl (tvb, offset);
863 ti = proto_tree_add_time (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_gmt, tvb,
864 offset, 4, &timeValue);
866 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_random,
867 tvb,offset,12,bo_big_endian);
869 count = tvb_get_guint8(tvb, offset);
872 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session_str,
873 tvb,offset,count+1,"NULL");
876 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
877 tvb,offset,count+1,tvb_get_guint8(tvb,offset+1));
880 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
881 tvb,offset,count+1,tvb_get_ntohs(tvb,offset+1));
884 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
885 tvb,offset,count+1,tvb_get_ntoh24(tvb,offset+1));
888 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
889 tvb,offset,count+1,tvb_get_ntohl(tvb,offset+1));
892 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session_str,
893 tvb,offset,count+1,"Too big");
897 ti = proto_tree_add_item(wtls_msg_type_item_tree,
898 hf_wtls_hands_serv_hello_cli_key_id,
899 tvb,offset,1,bo_big_endian);
901 cli_key_item = proto_tree_add_item(wtls_msg_type_item_tree,
902 hf_wtls_hands_serv_hello_cipher_suite_item, tvb, offset,2,
904 wtls_msg_type_item_sub_tree = proto_item_add_subtree(cli_key_item,
905 ett_wtls_msg_type_item_sub);
906 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
907 hf_wtls_hands_serv_hello_cipher_bulk,
908 tvb,offset,1,bo_big_endian);
910 value = tvb_get_guint8 (tvb, offset);
911 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
912 hf_wtls_hands_serv_hello_cipher_mac,
913 tvb,offset,1,bo_big_endian);
915 ti = proto_tree_add_item(wtls_msg_type_item_tree,
916 hf_wtls_hands_serv_hello_compression, tvb, offset,1,
919 ti = proto_tree_add_item(wtls_msg_type_item_tree,
920 hf_wtls_hands_serv_hello_sequence_mode, tvb, offset,
921 1, bo_little_endian);
923 ti = proto_tree_add_item(wtls_msg_type_item_tree,
924 hf_wtls_hands_serv_hello_key_refresh, tvb, offset,
925 1, bo_little_endian);
928 case WTLS_HANDSHAKE_CERTIFICATE :
929 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_certificates,
930 tvb, offset,count, bo_little_endian);
931 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
932 count = tvb_get_ntohs (tvb, offset);
934 for (;count > 0;count-=client_size) {
935 cli_key_item = proto_tree_add_item(wtls_msg_type_item_tree,
936 hf_wtls_hands_certificate, tvb, offset,1,
939 wtls_msg_type_item_sub_tree = proto_item_add_subtree(cli_key_item,
940 ett_wtls_msg_type_item_sub);
941 proto_item_set_len(cli_key_item, client_size);
942 value = tvb_get_guint8 (tvb, offset);
943 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
944 hf_wtls_hands_certificate_type, tvb, offset,1,
949 case CERTIFICATE_WTLS:
950 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
951 hf_wtls_hands_certificate_wtls_version,
956 signature = tvb_get_guint8 (tvb, offset);
957 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
958 hf_wtls_hands_certificate_wtls_signature_type,
963 value = tvb_get_guint8 (tvb, offset);
964 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
965 hf_wtls_hands_certificate_wtls_issuer_type,
971 case IDENTIFIER_NULL :
973 case IDENTIFIER_TEXT :
974 value = add_text_identifier(tvb, offset,
975 hf_wtls_hands_certificate_wtls_issuer_charset,
976 hf_wtls_hands_certificate_wtls_issuer_size,
977 hf_wtls_hands_certificate_wtls_issuer_name,
978 wtls_msg_type_item_sub_tree);
980 client_size += value;
982 case IDENTIFIER_BIN :
984 case IDENTIFIER_SHA_1 :
986 case IDENTIFIER_X509 :
989 timeValue.secs = tvb_get_ntohl (tvb, offset);
991 ti = proto_tree_add_time (wtls_msg_type_item_sub_tree,
992 hf_wtls_hands_certificate_wtls_valid_not_before,
993 tvb, offset, 4, &timeValue);
996 timeValue.secs = tvb_get_ntohl (tvb, offset);
998 ti = proto_tree_add_time (wtls_msg_type_item_sub_tree,
999 hf_wtls_hands_certificate_wtls_valid_not_after,
1000 tvb, offset, 4, &timeValue);
1003 value = tvb_get_guint8 (tvb, offset);
1004 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1005 hf_wtls_hands_certificate_wtls_subject_type,
1011 case IDENTIFIER_NULL :
1013 case IDENTIFIER_TEXT :
1014 value = add_text_identifier(tvb, offset,
1015 hf_wtls_hands_certificate_wtls_subject_charset,
1016 hf_wtls_hands_certificate_wtls_subject_size,
1017 hf_wtls_hands_certificate_wtls_subject_name,
1018 wtls_msg_type_item_sub_tree);
1020 client_size += value;
1022 case IDENTIFIER_BIN :
1024 case IDENTIFIER_SHA_1 :
1026 case IDENTIFIER_X509 :
1029 public_key = tvb_get_guint8 (tvb, offset);
1030 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1031 hf_wtls_hands_certificate_wtls_public_key_type,
1036 value = tvb_get_guint8 (tvb, offset);
1037 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1038 hf_wtls_hands_certificate_wtls_key_parameter_index,
1039 tvb,offset,1,bo_big_endian);
1042 if (value == 0xff) {
1043 size = tvb_get_ntohs (tvb, offset);
1044 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1045 hf_wtls_hands_certificate_wtls_key_parameter_set,
1046 tvb,offset,size+2,bo_big_endian);
1048 client_size+=size+2;
1050 switch (public_key) {
1051 case PUBLIC_KEY_RSA :
1052 value = tvb_get_ntohs (tvb, offset);
1053 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1054 hf_wtls_hands_certificate_wtls_rsa_exponent,
1055 tvb,offset,value+2,value*8);
1057 client_size+=2+value;
1058 value = tvb_get_ntohs (tvb, offset);
1059 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1060 hf_wtls_hands_certificate_wtls_rsa_modules,
1061 tvb,offset,value+2,value*8);
1063 client_size+=2+value;
1065 case PUBLIC_KEY_ECDH :
1067 case PUBLIC_KEY_ECDSA :
1070 value = tvb_get_ntohs (tvb, offset);
1071 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1072 hf_wtls_hands_certificate_wtls_signature,
1073 tvb,offset,2+value,value*8);
1075 client_size+=2+value;
1077 case CERTIFICATE_X509:
1078 case CERTIFICATE_X968:
1079 value = tvb_get_ntohs (tvb, offset);
1082 client_size += value;
1085 case CERTIFICATE_URL:
1086 value = tvb_get_guint8 (tvb, offset);
1089 client_size += value;
1093 proto_item_set_len(cli_key_item, client_size);
1102 /* Register the protocol with Ethereal */
1104 proto_register_wtls(void)
1107 /* Setup list of header fields */
1108 static hf_register_info hf[] = {
1112 FT_UINT8, BASE_DEC, VALS ( wtls_vals_record_type ), 0x0f,
1116 { &hf_wtls_record_type,
1119 FT_UINT8, BASE_DEC, VALS ( wtls_vals_record_type ), 0x0f,
1120 "Record Type", HFILL
1123 { &hf_wtls_record_length,
1126 FT_UINT16, BASE_DEC, NULL, 0x00,
1127 "Record Length", HFILL
1130 { &hf_wtls_record_sequence,
1131 { "Record Sequence",
1133 FT_UINT16, BASE_DEC, NULL, 0x00,
1134 "Record Sequence", HFILL
1137 { &hf_wtls_record_ciphered,
1138 { "Record Ciphered",
1140 FT_NONE, BASE_NONE, NULL, 0x00,
1141 "Record Ciphered", HFILL
1147 FT_UINT8, BASE_DEC, VALS ( wtls_vals_handshake_type ), 0x00,
1151 { &hf_wtls_hands_type,
1153 "wtls.handshake.type",
1154 FT_UINT8, BASE_DEC, VALS ( wtls_vals_handshake_type ), 0x00,
1158 { &hf_wtls_hands_length,
1160 "wtls.handshake.length",
1161 FT_UINT16, BASE_DEC, NULL, 0x00,
1165 { &hf_wtls_hands_cli_hello,
1167 "wtls.handshake.client_hello",
1168 FT_NONE, BASE_NONE, NULL, 0x00,
1169 "Client Hello", HFILL
1172 { &hf_wtls_hands_cli_hello_version,
1174 "wtls.handshake.client_hello.version",
1175 FT_UINT8, BASE_DEC, NULL, 0x00,
1179 { &hf_wtls_hands_cli_hello_gmt,
1181 "wtls.handshake.client_hello.gmt",
1182 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1186 { &hf_wtls_hands_cli_hello_random,
1188 "wtls.handshake.client_hello.random",
1189 FT_NONE, BASE_NONE, NULL, 0x00,
1193 { &hf_wtls_hands_cli_hello_session,
1195 "wtls.handshake.client_hello.sessionid",
1196 FT_UINT32, BASE_DEC, NULL, 0x00,
1200 { &hf_wtls_hands_cli_hello_session_str,
1202 "wtls.handshake.client_hello.session.str",
1203 FT_STRING, BASE_NONE, NULL, 0x00,
1207 { &hf_wtls_hands_cli_hello_cli_key_id,
1209 "wtls.handshake.client_hello.client_keys_id",
1210 FT_NONE, BASE_NONE, NULL, 0x00,
1211 "Client Keys" , HFILL
1214 { &hf_wtls_hands_cli_hello_cli_key_len,
1216 "wtls.handshake.client_hello.client_keys_len",
1217 FT_UINT16, BASE_DEC, NULL, 0x00,
1221 { &hf_wtls_hands_cli_hello_trust_key_id,
1223 "wtls.handshake.client_hello.trusted_keys_id",
1224 FT_NONE, BASE_NONE, NULL, 0x00,
1225 "Trusted Keys" , HFILL
1228 { &hf_wtls_hands_cli_hello_key_exchange,
1230 "wtls.handshake.client_hello.key.key_exchange",
1231 FT_UINT8, BASE_DEC, VALS ( wtls_vals_key_exchange_suite ), 0x00,
1232 "Key Exchange", HFILL
1235 { &hf_wtls_hands_cli_hello_key_exchange_suite,
1237 "wtls.handshake.client_hello.key.key_exchange.suite",
1238 FT_UINT8, BASE_DEC, VALS ( wtls_vals_key_exchange_suite ), 0x00,
1242 { &hf_wtls_hands_cli_hello_key_parameter_index,
1243 { "Parameter Index",
1244 "wtls.handshake.client_hello.parameter_index",
1245 FT_UINT8, BASE_DEC, NULL, 0x00,
1246 "Parameter Index", HFILL
1249 { &hf_wtls_hands_cli_hello_key_parameter_set,
1251 "wtls.handshake.client_hello.parameter",
1252 FT_STRING, BASE_NONE, NULL, 0x00,
1253 "Parameter Set", HFILL
1256 { &hf_wtls_hands_cli_hello_key_identifier_type,
1257 { "Identifier Type",
1258 "wtls.handshake.client_hello.ident_type",
1259 FT_UINT8, BASE_DEC, VALS ( wtls_vals_identifier_type ), 0x00,
1260 "Identifier Type", HFILL
1263 { &hf_wtls_hands_cli_hello_key_identifier_charset,
1264 { "Identifier CharSet",
1265 "wtls.handshake.client_hello.ident_charset",
1266 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1267 "Identifier CharSet", HFILL
1270 { &hf_wtls_hands_cli_hello_key_identifier_size,
1271 { "Identifier Size",
1272 "wtls.handshake.client_hello.ident_size",
1273 FT_UINT8, BASE_DEC, NULL, 0x00,
1274 "Identifier Size", HFILL
1277 { &hf_wtls_hands_cli_hello_key_identifier,
1279 "wtls.handshake.client_hello.identifier",
1280 FT_NONE, BASE_NONE, NULL, 0x00,
1284 { &hf_wtls_hands_cli_hello_key_identifier_str,
1285 { "Identifier Name",
1286 "wtls.handshake.client_hello.ident_name",
1287 FT_STRING, BASE_NONE, NULL, 0x00,
1288 "Identifier Name", HFILL
1291 { &hf_wtls_hands_cli_hello_cipher_suite,
1293 "wtls.handshake.client_hello.ciphers",
1294 FT_NONE, BASE_NONE, NULL, 0x00,
1295 "Cipher Suite", HFILL
1298 { &hf_wtls_hands_cli_hello_cipher_suite_item,
1300 "wtls.handshake.client_hello.cipher",
1301 FT_STRING, BASE_NONE, NULL, 0x00,
1305 { &hf_wtls_hands_cli_hello_compression_methods,
1306 { "Compression Methods",
1307 "wtls.handshake.client_hello.comp_methods",
1308 FT_NONE, BASE_NONE, NULL, 0x00,
1309 "Compression Methods", HFILL
1312 { &hf_wtls_hands_cli_hello_compression,
1314 "wtls.handshake.client_hello.compression",
1315 FT_UINT8, BASE_HEX, VALS ( wtls_vals_compression ), 0x00,
1316 "Compression", HFILL
1319 { &hf_wtls_hands_cli_hello_sequence_mode,
1321 "wtls.handshake.client_hello.sequence_mode",
1322 FT_UINT8, BASE_DEC, VALS ( wtls_vals_sequence_mode ), 0x00,
1323 "Sequence Mode", HFILL
1326 { &hf_wtls_hands_cli_hello_key_refresh,
1328 "wtls.handshake.client_hello.refresh",
1329 FT_UINT8, BASE_DEC, NULL, 0x00,
1333 { &hf_wtls_hands_serv_hello,
1335 "wtls.handshake.server_hello",
1336 FT_NONE, BASE_NONE, NULL, 0x00,
1337 "Server Hello", HFILL
1340 { &hf_wtls_hands_serv_hello_version,
1342 "wtls.handshake.server_hello.version",
1343 FT_UINT8, BASE_DEC, NULL, 0x00,
1347 { &hf_wtls_hands_serv_hello_gmt,
1349 "wtls.handshake.server_hello.gmt",
1350 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1354 { &hf_wtls_hands_serv_hello_random,
1356 "wtls.handshake.server_hello.random",
1357 FT_NONE, BASE_NONE, NULL, 0x00,
1361 { &hf_wtls_hands_serv_hello_session,
1363 "wtls.handshake.server_hello.sessionid",
1364 FT_UINT32, BASE_DEC, NULL, 0x00,
1368 { &hf_wtls_hands_serv_hello_session_str,
1370 "wtls.handshake.server_hello.session.str",
1371 FT_STRING, BASE_NONE, NULL, 0x00,
1375 { &hf_wtls_hands_serv_hello_cli_key_id,
1377 "wtls.handshake.server_hello.key",
1378 FT_UINT8, BASE_HEX, NULL, 0x00,
1379 "Client Key ID", HFILL
1382 { &hf_wtls_hands_serv_hello_cipher_suite_item,
1384 "wtls.handshake.server_hello.cipher",
1385 FT_NONE, BASE_NONE, NULL, 0x00,
1389 { &hf_wtls_hands_serv_hello_cipher_bulk,
1391 "wtls.handshake.server_hello.cipher.bulk",
1392 FT_UINT8, BASE_DEC, VALS ( wtls_vals_cipher_bulk ), 0x00,
1393 "Cipher Bulk", HFILL
1396 { &hf_wtls_hands_serv_hello_cipher_mac,
1398 "wtls.handshake.server_hello.cipher.mac",
1399 FT_UINT8, BASE_DEC, VALS ( wtls_vals_cipher_mac ), 0x00,
1403 { &hf_wtls_hands_serv_hello_compression,
1405 "wtls.handshake.server_hello.compression",
1406 FT_UINT8, BASE_HEX, VALS ( wtls_vals_compression ), 0x00,
1407 "Compression", HFILL
1410 { &hf_wtls_hands_serv_hello_sequence_mode,
1412 "wtls.handshake.server_hello.sequence_mode",
1413 FT_UINT8, BASE_DEC, VALS ( wtls_vals_sequence_mode ), 0x00,
1414 "Sequence Mode", HFILL
1417 { &hf_wtls_hands_serv_hello_key_refresh,
1419 "wtls.handshake.server_hello.refresh",
1420 FT_UINT8, BASE_DEC, NULL, 0x00,
1424 { &hf_wtls_hands_certificates,
1426 "wtls.handshake.certificates",
1427 FT_NONE, BASE_NONE, NULL, 0x00,
1428 "Certificates", HFILL
1431 { &hf_wtls_hands_certificate,
1433 "wtls.handshake.certificate",
1434 FT_NONE, BASE_NONE, NULL, 0x00,
1435 "Certificate", HFILL
1438 { &hf_wtls_hands_certificate_type,
1440 "wtls.handshake.certificate.type",
1441 FT_UINT8, BASE_DEC, VALS ( wtls_vals_certificate_type ), 0x00,
1445 { &hf_wtls_hands_certificate_wtls_version,
1447 "wtls.handshake.certificate.version",
1448 FT_UINT8, BASE_HEX, NULL, 0x00,
1452 { &hf_wtls_hands_certificate_wtls_signature_type,
1454 "wtls.handshake.certificate.signature.type",
1455 FT_UINT8, BASE_DEC, VALS ( wtls_vals_certificate_signature ), 0x00,
1456 "Signature Type", HFILL
1459 { &hf_wtls_hands_certificate_wtls_signature,
1461 "wtls.handshake.certificate.signature.signature",
1462 FT_UINT32, BASE_DEC, NULL, 0x00,
1463 "Signature Size", HFILL
1466 { &hf_wtls_hands_certificate_wtls_issuer_type,
1468 "wtls.handshake.certificate.issuer.type",
1469 FT_UINT8, BASE_DEC, VALS ( wtls_vals_identifier_type ), 0x00,
1473 { &hf_wtls_hands_certificate_wtls_issuer_charset,
1475 "wtls.handshake.certificate.issuer.charset",
1476 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1480 { &hf_wtls_hands_certificate_wtls_issuer_size,
1482 "wtls.handshake.certificate.issuer.size",
1483 FT_UINT8, BASE_DEC, NULL, 0x00,
1487 { &hf_wtls_hands_certificate_wtls_issuer_name,
1489 "wtls.handshake.certificate.issuer.name",
1490 FT_STRING, BASE_NONE, NULL, 0x00,
1494 { &hf_wtls_hands_certificate_wtls_valid_not_before,
1495 { "Valid not before",
1496 "wtls.handshake.certificate.before",
1497 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1498 "Valid not before", HFILL
1501 { &hf_wtls_hands_certificate_wtls_valid_not_after,
1502 { "Valid not after",
1503 "wtls.handshake.certificate.after",
1504 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1505 "Valid not after", HFILL
1508 { &hf_wtls_hands_certificate_wtls_subject_type,
1510 "wtls.handshake.certificate.subject.type",
1511 FT_UINT8, BASE_DEC, VALS ( wtls_vals_identifier_type ), 0x00,
1515 { &hf_wtls_hands_certificate_wtls_subject_charset,
1517 "wtls.handshake.certificate.subject.charset",
1518 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1522 { &hf_wtls_hands_certificate_wtls_subject_size,
1524 "wtls.handshake.certificate.subject.size",
1525 FT_UINT8, BASE_DEC, NULL, 0x00,
1529 { &hf_wtls_hands_certificate_wtls_subject_name,
1531 "wtls.handshake.certificate.subject.name",
1532 FT_STRING, BASE_NONE, NULL, 0x00,
1536 { &hf_wtls_hands_certificate_wtls_public_key_type,
1537 { "Public Key Type",
1538 "wtls.handshake.certificate.public.type",
1539 FT_UINT8, BASE_DEC, VALS ( wtls_vals_public_key_type ), 0x00,
1540 "Public Key Type", HFILL
1543 { &hf_wtls_hands_certificate_wtls_key_parameter_index,
1544 { "Parameter Index",
1545 "wtls.handshake.certificate.parameter_index",
1546 FT_UINT8, BASE_DEC, NULL, 0x00,
1547 "Parameter Index", HFILL
1550 { &hf_wtls_hands_certificate_wtls_key_parameter_set,
1552 "wtls.handshake.certificate.parameter",
1553 FT_STRING, BASE_NONE, NULL, 0x00,
1554 "Parameter Set", HFILL
1557 { &hf_wtls_hands_certificate_wtls_rsa_exponent,
1558 { "RSA Exponent Size",
1559 "wtls.handshake.certificate.rsa.exponent",
1560 FT_UINT32, BASE_DEC, NULL, 0x00,
1561 "RSA Exponent Size", HFILL
1564 { &hf_wtls_hands_certificate_wtls_rsa_modules,
1565 { "RSA Modulus Size",
1566 "wtls.handshake.certificate.rsa.modules",
1567 FT_UINT32, BASE_DEC, NULL, 0x00,
1568 "RSA Modulus Size", HFILL
1574 FT_NONE, BASE_NONE, NULL, 0x00,
1578 { &hf_wtls_alert_level,
1581 FT_UINT8, BASE_DEC, VALS ( wtls_vals_alert_level ), 0x00,
1585 { &hf_wtls_alert_description,
1587 "wtls.alert.description",
1588 FT_UINT8, BASE_DEC, VALS ( wtls_vals_alert_description ), 0x00,
1589 "Description", HFILL
1594 /* Setup protocol subtree array */
1595 static gint *ett[] = {
1599 &ett_wtls_msg_type_item,
1600 &ett_wtls_msg_type_item_sub,
1601 &ett_wtls_msg_type_item_sub_sub,
1604 /* Register the protocol name and description */
1605 proto_wtls = proto_register_protocol(
1606 "Wireless Transport Layer Security", /* protocol name for use by ethereal */
1607 "WTLS", /* short version of name */
1608 "wtls" /* Abbreviated protocol name, should Match IANA
1609 < URL:http://www.iana.org/assignments/port-numbers/ >
1613 /* Required function calls to register the header fields and subtrees used */
1614 proto_register_field_array(proto_wtls, hf, array_length(hf));
1615 proto_register_subtree_array(ett, array_length(ett));
1619 proto_reg_handoff_wtls(void)
1621 dissector_handle_t wtls_handle;
1623 wtls_handle = create_dissector_handle(dissect_wtls, proto_wtls);
1624 dissector_add("udp.port", UDP_PORT_WTLS_WSP, wtls_handle);
1625 dissector_add("udp.port", UDP_PORT_WTLS_WTP_WSP, wtls_handle);
1626 dissector_add("udp.port", UDP_PORT_WTLS_WSP_PUSH,wtls_handle);