From Naoyoshi Ueda:
[obnox/wireshark/wip.git] / epan / dissectors / packet-dtls.c
1 /* packet-dtls.c
2  * Routines for dtls dissection
3  * Copyright (c) 2006, Authesserre Samuel <sauthess@gmail.com>
4  * Copyright (c) 2007, Mikael Magnusson <mikma@users.sourceforge.net>
5  *
6  * $Id$
7  *
8  * Wireshark - Network traffic analyzer
9  * By Gerald Combs <gerald@wireshark.org>
10  * Copyright 1998 Gerald Combs
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License
14  * as published by the Free Software Foundation; either version 2
15  * of the License, or (at your option) any later version.
16  *
17  * This program is distributed in the hope that it will be useful,
18  * but WITHOUT ANY WARRANTY; without even the implied warranty of
19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20  * GNU General Public License for more details.
21  *
22  * You should have received a copy of the GNU General Public License
23  * along with this program; if not, write to the Free Software
24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25  *
26  *
27  * DTLS dissection and decryption.
28  * See RFC 4347 for details about DTLS specs.
29  *
30  * Notes :
31  * This dissector is based on the TLS dissector (packet-ssl.c); Because of the similarity
32  *   of DTLS and TLS, decryption works like TLS with RSA key exchange.
33  * This dissector uses the sames things (file, libraries) as the SSL dissector (gnutls, packet-ssl-utils.h)
34  *  to make it easily maintainable.
35  *
36  * It was developed to dissect and decrypt the OpenSSL v 0.9.8f DTLS implementation.
37  * It is limited to this implementation; there is no complete implementation.
38  *
39  * Implemented :
40  *  - DTLS dissection
41  *  - DTLS decryption (openssl one)
42  *
43  * Todo :
44  *  - activate correct Mac calculation when openssl will be corrected
45  *    (or if an other implementation works),
46  *    corrected code is ready and commented in packet-ssl-utils.h file.
47  *  - add missings things (desegmentation, reordering... that aren't present in actual OpenSSL implementation)
48  */
49
50 #ifdef HAVE_CONFIG_H
51 # include "config.h"
52 #endif
53
54 #include <glib.h>
55
56 #include <epan/packet.h>
57 #include <epan/conversation.h>
58 #include <epan/prefs.h>
59 #include <epan/asn1.h>
60 #include <epan/dissectors/packet-x509af.h>
61 #include <epan/emem.h>
62 #include <epan/tap.h>
63 #include <epan/reassemble.h>
64 #include "packet-ssl-utils.h"
65 #include <wsutil/file_util.h>
66 #include <epan/uat.h>
67
68 /* DTLS User Access Table */
69 static ssldecrypt_assoc_t *dtlskeylist_uats = NULL;
70 static guint ndtlsdecrypt = 0;
71
72 /* we need to remember the top tree so that subdissectors we call are created
73  * at the root and not deep down inside the DTLS decode
74  */
75 static proto_tree *top_tree;
76
77 /*********************************************************************
78  *
79  * Protocol Constants, Variables, Data Structures
80  *
81  *********************************************************************/
82
83 /* Initialize the protocol and registered fields */
84 static gint dtls_tap                            = -1;
85 static gint proto_dtls                          = -1;
86 static gint hf_dtls_record                      = -1;
87 static gint hf_dtls_record_content_type         = -1;
88 static gint hf_dtls_record_version              = -1;
89 static gint hf_dtls_record_epoch                = -1;
90 static gint hf_dtls_record_sequence_number      = -1;
91 static gint hf_dtls_record_length               = -1;
92 static gint hf_dtls_record_appdata              = -1;
93 static gint hf_dtls_change_cipher_spec          = -1;
94 static gint hf_dtls_alert_message               = -1;
95 static gint hf_dtls_alert_message_level         = -1;
96 static gint hf_dtls_alert_message_description   = -1;
97 static gint hf_dtls_handshake_protocol          = -1;
98 static gint hf_dtls_handshake_type              = -1;
99 static gint hf_dtls_handshake_length            = -1;
100 static gint hf_dtls_handshake_message_seq       = -1;
101 static gint hf_dtls_handshake_fragment_offset   = -1;
102 static gint hf_dtls_handshake_fragment_length   = -1;
103 static gint hf_dtls_handshake_client_version    = -1;
104 static gint hf_dtls_handshake_server_version    = -1;
105 static gint hf_dtls_handshake_random_time       = -1;
106 static gint hf_dtls_handshake_random_bytes      = -1;
107 static gint hf_dtls_handshake_cookie_len        = -1;
108 static gint hf_dtls_handshake_cookie            = -1;
109 static gint hf_dtls_handshake_cipher_suites_len = -1;
110 static gint hf_dtls_handshake_cipher_suites     = -1;
111 static gint hf_dtls_handshake_cipher_suite      = -1;
112 static gint hf_dtls_handshake_session_id        = -1;
113 static gint hf_dtls_handshake_comp_methods_len  = -1;
114 static gint hf_dtls_handshake_comp_methods      = -1;
115 static gint hf_dtls_handshake_comp_method       = -1;
116 static gint hf_dtls_handshake_extensions_len    = -1;
117 static gint hf_dtls_handshake_extension_type    = -1;
118 static gint hf_dtls_handshake_extension_len     = -1;
119 static gint hf_dtls_handshake_extension_data    = -1;
120 static gint hf_dtls_handshake_certificates_len  = -1;
121 static gint hf_dtls_handshake_certificates      = -1;
122 static gint hf_dtls_handshake_certificate       = -1;
123 static gint hf_dtls_handshake_certificate_len   = -1;
124 static gint hf_dtls_handshake_cert_types_count  = -1;
125 static gint hf_dtls_handshake_cert_types        = -1;
126 static gint hf_dtls_handshake_cert_type         = -1;
127 static gint hf_dtls_handshake_finished          = -1;
128 static gint hf_dtls_handshake_md5_hash          = -1;
129 static gint hf_dtls_handshake_sha_hash          = -1;
130 static gint hf_dtls_handshake_session_id_len    = -1;
131 static gint hf_dtls_handshake_dnames_len        = -1;
132 static gint hf_dtls_handshake_dnames            = -1;
133 static gint hf_dtls_handshake_dname_len         = -1;
134 static gint hf_dtls_handshake_dname             = -1;
135
136 static gint hf_dtls_fragments                   = -1;
137 static gint hf_dtls_fragment                    = -1;
138 static gint hf_dtls_fragment_overlap            = -1;
139 static gint hf_dtls_fragment_overlap_conflicts  = -1;
140 static gint hf_dtls_fragment_multiple_tails     = -1;
141 static gint hf_dtls_fragment_too_long_fragment  = -1;
142 static gint hf_dtls_fragment_error              = -1;
143 static gint hf_dtls_fragment_count              = -1;
144 static gint hf_dtls_reassembled_in              = -1;
145 static gint hf_dtls_reassembled_length          = -1;
146
147 /* Initialize the subtree pointers */
148 static gint ett_dtls                   = -1;
149 static gint ett_dtls_record            = -1;
150 static gint ett_dtls_alert             = -1;
151 static gint ett_dtls_handshake         = -1;
152 static gint ett_dtls_cipher_suites     = -1;
153 static gint ett_dtls_comp_methods      = -1;
154 static gint ett_dtls_extension         = -1;
155 static gint ett_dtls_certs             = -1;
156 static gint ett_dtls_cert_types        = -1;
157 static gint ett_dtls_dnames            = -1;
158
159 static gint ett_dtls_fragment          = -1;
160 static gint ett_dtls_fragments         = -1;
161
162 static GHashTable         *dtls_session_hash         = NULL;
163 static GHashTable         *dtls_key_hash             = NULL;
164 static GHashTable         *dtls_fragment_table       = NULL;
165 static GTree*              dtls_associations         = NULL;
166 static dissector_handle_t  dtls_handle               = NULL;
167 static StringInfo          dtls_compressed_data      = {NULL, 0};
168 static StringInfo          dtls_decrypted_data       = {NULL, 0};
169 static gint                dtls_decrypted_data_avail = 0;
170
171 static uat_t *dtlsdecrypt_uat      = NULL;
172 static gchar *dtls_keys_list       = NULL;
173 #ifdef HAVE_LIBGNUTLS
174 static gchar *dtls_debug_file_name = NULL;
175 #endif
176
177 static heur_dissector_list_t heur_subdissector_list;
178
179 static const fragment_items dtls_frag_items = {
180   /* Fragment subtrees */
181   &ett_dtls_fragment,
182   &ett_dtls_fragments,
183   /* Fragment fields */
184   &hf_dtls_fragments,
185   &hf_dtls_fragment,
186   &hf_dtls_fragment_overlap,
187   &hf_dtls_fragment_overlap_conflicts,
188   &hf_dtls_fragment_multiple_tails,
189   &hf_dtls_fragment_too_long_fragment,
190   &hf_dtls_fragment_error,
191   &hf_dtls_fragment_count,
192   /* Reassembled in field */
193   &hf_dtls_reassembled_in,
194   /* Reassembled length field */
195   &hf_dtls_reassembled_length,
196   /* Tag */
197   "Message fragments"
198 };
199
200 /* initialize/reset per capture state data (dtls sessions cache) */
201 static void
202 dtls_init(void)
203 {
204   module_t *dtls_module = prefs_find_module("dtls");
205   pref_t   *keys_list_pref;
206
207   ssl_common_init(&dtls_session_hash, &dtls_decrypted_data, &dtls_compressed_data);
208   fragment_table_init (&dtls_fragment_table);
209
210   /* We should have loaded "keys_list" by now. Mark it obsolete */
211   if (dtls_module) {
212     keys_list_pref = prefs_find_preference(dtls_module, "keys_list");
213     if (! prefs_get_preference_obsolete(keys_list_pref)) {
214       prefs_set_preference_obsolete(keys_list_pref);
215     }
216   }
217 }
218
219 /* parse dtls related preferences (private keys and ports association strings) */
220 static void
221 dtls_parse_uat(void)
222 {
223   ep_stack_t       tmp_stack;
224   SslAssociation  *tmp_assoc;
225   guint            i;
226
227   if (dtls_key_hash)
228   {
229       g_hash_table_foreach(dtls_key_hash, ssl_private_key_free, NULL);
230       g_hash_table_destroy(dtls_key_hash);
231   }
232
233   /* remove only associations created from key list */
234   tmp_stack = ep_stack_new();
235   g_tree_foreach(dtls_associations, ssl_assoc_from_key_list, tmp_stack);
236   while ((tmp_assoc = ep_stack_pop(tmp_stack)) != NULL) {
237     ssl_association_remove(dtls_associations, tmp_assoc);
238   }
239
240   /* parse private keys string, load available keys and put them in key hash*/
241   dtls_key_hash = g_hash_table_new(ssl_private_key_hash, ssl_private_key_equal);
242
243   ssl_set_debug(dtls_debug_file_name);
244
245   if (ndtlsdecrypt > 0)
246   {
247     for (i = 0; i < ndtlsdecrypt; i++)
248     {
249       ssldecrypt_assoc_t *d = &(dtlskeylist_uats[i]);
250       ssl_parse_key_list(d, dtls_key_hash, dtls_associations, dtls_handle, FALSE);
251     }
252   }
253
254   dissector_add_handle("sctp.port", dtls_handle);
255   dissector_add_handle("udp.port", dtls_handle);
256 }
257
258 static void
259 dtls_parse_old_keys(void)
260 {
261   gchar          **old_keys, **parts, *err;
262   guint            i;
263   GString         *uat_entry = g_string_new("");
264
265   /* Import old-style keys */
266   if (dtlsdecrypt_uat && dtls_keys_list && dtls_keys_list[0]) {
267     old_keys = g_strsplit(dtls_keys_list, ";", 0);
268     for (i = 0; old_keys[i] != NULL; i++) {
269       parts = g_strsplit(old_keys[i], ",", 4);
270       if (parts[0] && parts[1] && parts[2] && parts[3]) {
271         g_string_printf(uat_entry, "\"%s\",\"%s\",\"%s\",\"%s\",\"\"",
272                         parts[0], parts[1], parts[2], parts[3]);
273         if (!uat_load_str(dtlsdecrypt_uat, uat_entry->str, &err)) {
274           ssl_debug_printf("dtls_parse: Can't load UAT string %s: %s\n",
275                            uat_entry->str, err);
276         }
277       }
278       g_strfreev(parts);
279     }
280     g_strfreev(old_keys);
281   }
282   g_string_free(uat_entry, TRUE);
283
284 }
285
286 /*
287  * DTLS Dissection Routines
288  *
289  */
290
291 /* record layer dissector */
292 static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
293                                 proto_tree *tree, guint32 offset,
294                                 guint *conv_version,
295                                 SslDecryptSession *conv_data);
296
297 /* change cipher spec dissector */
298 static void dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
299                                             proto_tree *tree,
300                                             guint32 offset,
301                                             guint *conv_version, guint8 content_type);
302
303 /* alert message dissector */
304 static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
305                                proto_tree *tree, guint32 offset,
306                                guint *conv_version);
307
308 /* handshake protocol dissector */
309 static void dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
310                                    proto_tree *tree, guint32 offset,
311                                    guint32 record_length,
312                                    guint *conv_version,
313                                    SslDecryptSession *conv_data, guint8 content_type);
314
315
316 static void dissect_dtls_hnd_cli_hello(tvbuff_t *tvb,
317                                        proto_tree *tree,
318                                        guint32 offset, guint32 length,
319                                        SslDecryptSession* ssl);
320
321 static int dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb,
322                                                   proto_tree *tree,
323                                                   guint32 offset,
324                                                   SslDecryptSession* ssl);
325
326 static int dissect_dtls_hnd_srv_hello(tvbuff_t *tvb,
327                                        proto_tree *tree,
328                                        guint32 offset, guint32 length,
329                                        SslDecryptSession* ssl);
330
331 static void dissect_dtls_hnd_cert(tvbuff_t *tvb,
332                                   proto_tree *tree, guint32 offset, packet_info *pinfo);
333
334 static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb,
335                                       proto_tree *tree,
336                                       guint32 offset);
337
338 static void dissect_dtls_hnd_finished(tvbuff_t *tvb,
339                                       proto_tree *tree,
340                                       guint32 offset,
341                                       guint* conv_version);
342
343 /*
344  * Support Functions
345  *
346  */
347 /*static void ssl_set_conv_version(packet_info *pinfo, guint version);*/
348 static gint  dtls_is_valid_handshake_type(guint8 type);
349
350 static gint  dtls_is_authoritative_version_message(guint8 content_type,
351                                                    guint8 next_byte);
352 static gint  looks_like_dtls(tvbuff_t *tvb, guint32 offset);
353
354 /*********************************************************************
355  *
356  * Main dissector
357  *
358  *********************************************************************/
359 /*
360  * Code to actually dissect the packets
361  */
362 static void
363 dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
364 {
365
366   conversation_t    *conversation;
367   void              *conv_data;
368   proto_item        *ti;
369   proto_tree        *dtls_tree;
370   guint32            offset;
371   gboolean           first_record_in_frame;
372   SslDecryptSession *ssl_session;
373   guint*             conv_version;
374   Ssl_private_key_t *private_key;
375
376   ti                    = NULL;
377   dtls_tree             = NULL;
378   offset                = 0;
379   first_record_in_frame = TRUE;
380   ssl_session           = NULL;
381   top_tree              = tree;
382
383   /* Track the version using conversations allows
384    * us to more frequently set the protocol column properly
385    * for continuation data frames.
386    *
387    * Also: We use the copy in conv_version as our cached copy,
388    *       so that we don't have to search the conversation
389    *       table every time we want the version; when setting
390    *       the conv_version, must set the copy in the conversation
391    *       in addition to conv_version
392    */
393   conversation = find_or_create_conversation(pinfo);
394   conv_data    = conversation_get_proto_data(conversation, proto_dtls);
395
396   /* manage dtls decryption data */
397   /*get a valid ssl session pointer*/
398   if (conv_data != NULL)
399     ssl_session = conv_data;
400   else {
401     SslService dummy;
402
403     ssl_session = se_alloc0(sizeof(SslDecryptSession));
404     ssl_session_init(ssl_session);
405     ssl_session->version = SSL_VER_UNKNOWN;
406     conversation_add_proto_data(conversation, proto_dtls, ssl_session);
407
408     /* we need to know witch side of conversation is speaking */
409     if (ssl_packet_from_server(ssl_session, dtls_associations, pinfo)) {
410       dummy.addr = pinfo->src;
411       dummy.port = pinfo->srcport;
412     }
413     else {
414       dummy.addr = pinfo->dst;
415       dummy.port = pinfo->destport;
416     }
417     ssl_debug_printf("dissect_dtls server %s:%d\n",
418                      ep_address_to_str(&dummy.addr),dummy.port);
419
420     /* try to retrive private key for this service. Do it now 'cause pinfo
421      * is not always available
422      * Note that with HAVE_LIBGNUTLS undefined private_key is allways 0
423      * and thus decryption never engaged*/
424     private_key = g_hash_table_lookup(dtls_key_hash, &dummy);
425     if (!private_key) {
426       ssl_debug_printf("dissect_dtls can't find private key for this server!\n");
427     }
428     else {
429       ssl_session->private_key = private_key->sexp_pkey;
430     }
431   }
432   conv_version= & ssl_session->version;
433
434   /* try decryption only the first time we see this packet
435    * (to keep cipher synchronized) */
436   if (pinfo->fd->flags.visited)
437     ssl_session = NULL;
438
439   /* Initialize the protocol column; we'll set it later when we
440    * figure out what flavor of DTLS it is (actually only one
441    version exists). */
442   col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS");
443
444   /* clear the the info column */
445   col_clear(pinfo->cinfo, COL_INFO);
446
447   /* Create display subtree for SSL as a whole */
448   if (tree)
449     {
450       ti = proto_tree_add_item(tree, proto_dtls, tvb, 0, -1, ENC_NA);
451       dtls_tree = proto_item_add_subtree(ti, ett_dtls);
452     }
453
454   /* iterate through the records in this tvbuff */
455   while (tvb_reported_length_remaining(tvb, offset) != 0)
456     {
457       /* on second and subsequent records per frame
458        * add a delimiter on info column
459        */
460       if (!first_record_in_frame)
461         {
462           col_append_str(pinfo->cinfo, COL_INFO, ", ");
463         }
464
465       /* first try to dispatch off the cached version
466        * known to be associated with the conversation
467        */
468       switch(*conv_version) {
469       case SSL_VER_DTLS:
470         offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
471                                      offset, conv_version,
472                                      ssl_session);
473         break;
474
475         /* that failed, so apply some heuristics based
476          * on this individual packet
477          */
478       default:
479         if (looks_like_dtls(tvb, offset))
480           {
481             /* looks like dtls */
482             offset = dissect_dtls_record(tvb, pinfo, dtls_tree,
483                                          offset, conv_version,
484                                          ssl_session);
485           }
486         else
487           {
488             /* looks like something unknown, so lump into
489              * continuation data
490              */
491             offset = tvb_length(tvb);
492             col_append_str(pinfo->cinfo, COL_INFO,
493                              "Continuation Data");
494
495             /* Set the protocol column */
496             col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS");
497           }
498         break;
499       }
500
501       /* set up for next record in frame, if any */
502       first_record_in_frame = FALSE;
503     }
504
505   tap_queue_packet(dtls_tap, pinfo, NULL);
506 }
507
508 static gboolean
509 dissect_dtls_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
510 {
511   /* Stronger confirmation of DTLS packet is provided by verifying the
512    * payload length against the remainder of the UDP packet size. */
513   guint length = tvb_length(tvb);
514   guint offset = 0;
515
516   if (tvb_reported_length(tvb) == length) {
517     while (offset + 13 <= length && looks_like_dtls(tvb, offset)) {
518       /* Advance offset to the end of the current DTLS record */
519       offset += tvb_get_ntohs(tvb, offset + 11) + 13;
520       if (offset == length) {
521         dissect_dtls(tvb, pinfo, tree);
522         return TRUE;
523       }
524     }
525
526     if (pinfo->fragmented && offset >= 13) {
527       dissect_dtls(tvb, pinfo, tree);
528       return TRUE;
529     }
530     return FALSE;
531   }
532
533   /* We've got a truncated packet - do our best with what we've got. */
534   while (tvb_length_remaining(tvb, offset) >= 3) {
535     if (!looks_like_dtls(tvb, offset))
536       return FALSE;
537
538     offset += 3;
539     if (tvb_length_remaining(tvb, offset) >= 10 ) {
540       offset += tvb_get_ntohs(tvb, offset + 8) + 10;
541     } else {
542       /* Dissect what we've got, which might be as little as 3 bytes. */
543       dissect_dtls(tvb, pinfo, tree);
544       return TRUE;
545     }
546     if (offset == length) {
547       /* Can this ever happen?  Well, just in case ... */
548       dissect_dtls(tvb, pinfo, tree);
549       return TRUE;
550     }
551   }
552
553   /* One last check to see if the current offset is at least less than the
554    * original number of bytes present before truncation or we're dealing with
555    * a packet fragment that's also been truncated. */
556   if ((length >= 3) && (offset <= tvb_reported_length(tvb) || pinfo->fragmented)) {
557     dissect_dtls(tvb, pinfo, tree);
558     return TRUE;
559   }
560   return FALSE;
561 }
562
563 static gint
564 decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
565                     guint32 record_length, guint8 content_type, SslDecryptSession* ssl,
566                     gboolean save_plaintext)
567 {
568   gint        ret;
569   SslDecoder *decoder;
570
571   ret = 0;
572
573   /* if we can decrypt and decryption have success
574    * add decrypted data to this packet info */
575   ssl_debug_printf("decrypt_dtls_record: app_data len %d, ssl state %X\n",
576                    record_length, ssl->state);
577   if (!ssl || (!save_plaintext && !(ssl->state & SSL_HAVE_SESSION_KEY))) {
578     ssl_debug_printf("decrypt_dtls_record: no session key\n");
579     return ret;
580   }
581
582   /* retrive decoder for this packet direction */
583   if (ssl_packet_from_server(ssl, dtls_associations, pinfo) != 0) {
584     ssl_debug_printf("decrypt_dtls_record: using server decoder\n");
585     decoder = ssl->server;
586   }
587   else {
588     ssl_debug_printf("decrypt_dtls_record: using client decoder\n");
589     decoder = ssl->client;
590   }
591
592   if (!decoder) {
593     ssl_debug_printf("decrypt_dtls_record: no decoder available\n");
594     return ret;
595   }
596
597   /* ensure we have enough storage space for decrypted data */
598   if (record_length > dtls_decrypted_data.data_len)
599     {
600       ssl_debug_printf("decrypt_dtls_record: allocating %d bytes"
601                        " for decrypt data (old len %d)\n",
602                        record_length + 32, dtls_decrypted_data.data_len);
603       dtls_decrypted_data.data = g_realloc(dtls_decrypted_data.data,
604                                            record_length + 32);
605       dtls_decrypted_data.data_len = record_length + 32;
606     }
607
608   /* run decryption and add decrypted payload to protocol data, if decryption
609    * is successful*/
610   dtls_decrypted_data_avail = dtls_decrypted_data.data_len;
611   if (ssl->state & SSL_HAVE_SESSION_KEY) {
612     if (ssl_decrypt_record(ssl, decoder, content_type, tvb_get_ptr(tvb, offset, record_length), record_length,
613                            &dtls_compressed_data, &dtls_decrypted_data, &dtls_decrypted_data_avail) == 0)
614       ret = 1;
615   }
616   else if (ssl->cipher == 0x0001 || ssl->cipher == 0x0002) {
617     /* Non-encrypting cipher RSA-NULL-MD5 or RSA-NULL-SHA */
618     memcpy(dtls_decrypted_data.data, tvb_get_ptr(tvb, offset, record_length), record_length);
619     dtls_decrypted_data_avail = dtls_decrypted_data.data_len = record_length;
620     ret = 1;
621   }
622
623   if (ret && save_plaintext) {
624     ssl_add_data_info(proto_dtls, pinfo, dtls_decrypted_data.data, dtls_decrypted_data_avail,
625                       tvb_raw_offset(tvb)+offset, 0);
626   }
627
628   return ret;
629 }
630
631
632
633
634
635 /*********************************************************************
636  *
637  * DTLS Dissection Routines
638  *
639  *********************************************************************/
640 static gint
641 dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
642                     proto_tree *tree, guint32 offset,
643                     guint *conv_version,
644                     SslDecryptSession* ssl)
645 {
646
647   /*
648    *    struct {
649    *        uint8 major, minor;
650    *    } ProtocolVersion;
651    *
652    *
653    *    enum {
654    *        change_cipher_spec(20), alert(21), handshake(22),
655    *        application_data(23), (255)
656    *    } ContentType;
657    *
658    *    struct {
659    *        ContentType type;
660    *        ProtocolVersion version;
661    *        uint16 epoch;               // New field
662    *        uint48 sequence_number;     // New field
663    *        uint16 length;
664    *        opaque fragment[TLSPlaintext.length];
665    *    } DTLSPlaintext;
666    */
667
668   guint32         record_length;
669   guint16         version;
670   guint16         epoch;
671   gdouble         sequence_number;
672   gint64          sequence_number_temp;
673   guint8          content_type;
674   guint8          next_byte;
675   proto_tree     *ti;
676   proto_tree     *dtls_record_tree;
677   SslAssociation *association;
678   SslDataInfo    *appl_data;
679
680   ti               = NULL;
681   dtls_record_tree = NULL;
682
683   /*
684    * Get the record layer fields of interest
685    */
686   content_type          = tvb_get_guint8(tvb, offset);
687   version               = tvb_get_ntohs(tvb, offset + 1);
688   epoch                 = tvb_get_ntohs(tvb, offset + 3);
689   sequence_number       = tvb_get_ntohl(tvb, offset + 7);
690   sequence_number_temp  = tvb_get_ntohs(tvb, offset + 5);
691   sequence_number_temp  = sequence_number_temp<<32;
692   sequence_number      += sequence_number_temp;
693   record_length         = tvb_get_ntohs(tvb, offset + 11);
694
695   if(ssl){
696     if(ssl_packet_from_server(ssl, dtls_associations, pinfo)){
697      if (ssl->server) {
698       ssl->server->seq=(guint32)sequence_number;
699       ssl->server->epoch=epoch;
700      }
701     }
702     else{
703      if (ssl->client) {
704       ssl->client->seq=(guint32)sequence_number;
705       ssl->client->epoch=epoch;
706      }
707     }
708   }
709   if (!ssl_is_valid_content_type(content_type)) {
710
711     /* if we don't have a valid content_type, there's no sense
712      * continuing any further
713      */
714     col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
715
716     /* Set the protocol column */
717     col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS");
718     return offset + 13 + record_length;
719   }
720
721   /*
722    * If GUI, fill in record layer part of tree
723    */
724
725   if (tree)
726     {
727       /* add the record layer subtree header */
728       tvb_ensure_bytes_exist(tvb, offset, 13 + record_length);
729       ti = proto_tree_add_item(tree, hf_dtls_record, tvb,
730                                offset, 13 + record_length, ENC_NA);
731       dtls_record_tree = proto_item_add_subtree(ti, ett_dtls_record);
732     }
733
734   if (dtls_record_tree)
735     {
736
737       /* show the one-byte content type */
738       proto_tree_add_item(dtls_record_tree, hf_dtls_record_content_type,
739                           tvb, offset, 1, ENC_BIG_ENDIAN);
740       offset++;
741
742       /* add the version */
743       proto_tree_add_item(dtls_record_tree, hf_dtls_record_version, tvb,
744                           offset, 2, ENC_BIG_ENDIAN);
745       offset += 2;
746
747       /* show epoch */
748       proto_tree_add_uint(dtls_record_tree, hf_dtls_record_epoch, tvb, offset, 2, epoch);
749
750       offset += 2;
751
752       /* add sequence_number */
753
754       proto_tree_add_double(dtls_record_tree, hf_dtls_record_sequence_number, tvb, offset, 6, sequence_number);
755
756       offset += 6;
757
758       /* add the length */
759       proto_tree_add_uint(dtls_record_tree, hf_dtls_record_length, tvb,
760                           offset, 2, record_length);
761       offset += 2;    /* move past length field itself */
762
763     }
764   else
765     {
766       /* if no GUI tree, then just skip over those fields */
767       offset += 13;
768     }
769
770
771   /*
772    * if we don't already have a version set for this conversation,
773    * but this message's version is authoritative (i.e., it's
774    * not client_hello, then save the version to to conversation
775    * structure and print the column version
776    */
777   next_byte = tvb_get_guint8(tvb, offset);
778   if (*conv_version == SSL_VER_UNKNOWN
779       && dtls_is_authoritative_version_message(content_type, next_byte))
780     {
781       if (version == DTLSV1DOT0_VERSION ||
782           version == DTLSV1DOT0_VERSION_NOT)
783         {
784
785           *conv_version = SSL_VER_DTLS;
786           if (ssl) {
787             ssl->version_netorder = version;
788             ssl->state |= SSL_VERSION;
789           }
790           /*ssl_set_conv_version(pinfo, ssl->version);*/
791         }
792     }
793   if (check_col(pinfo->cinfo, COL_PROTOCOL))
794     {
795       if (version == DTLSV1DOT0_VERSION)
796         {
797           col_set_str(pinfo->cinfo, COL_PROTOCOL,
798                       val_to_str_const(SSL_VER_DTLS, ssl_version_short_names, "SSL"));
799         }
800       else
801         {
802           col_set_str(pinfo->cinfo, COL_PROTOCOL,"DTLS");
803         }
804     }
805
806   /*
807    * now dissect the next layer
808    */
809   ssl_debug_printf("dissect_dtls_record: content_type %d\n",content_type);
810
811   /* PAOLO try to decrypt each record (we must keep ciphers "in sync")
812    * store plain text only for app data */
813
814   switch (content_type) {
815   case SSL_ID_CHG_CIPHER_SPEC:
816     col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
817     dissect_dtls_change_cipher_spec(tvb, dtls_record_tree,
818                                     offset, conv_version, content_type);
819     if (ssl) ssl_change_cipher(ssl, ssl_packet_from_server(ssl, dtls_associations, pinfo));
820     break;
821   case SSL_ID_ALERT:
822     {
823       tvbuff_t* decrypted;
824       decrypted = 0;
825       if (ssl&&decrypt_dtls_record(tvb, pinfo, offset,
826                                    record_length, content_type, ssl, FALSE))
827         ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
828                             dtls_decrypted_data_avail, offset);
829
830       /* try to retrive and use decrypted alert record, if any. */
831       decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
832       if (decrypted) {
833         dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0,
834                            conv_version);
835         add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
836       } else {
837         dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset,
838                            conv_version);
839       }
840       break;
841     }
842   case SSL_ID_HANDSHAKE:
843     {
844       tvbuff_t* decrypted;
845       decrypted = 0;
846       /* try to decrypt handshake record, if possible. Store decrypted
847        * record for later usage. The offset is used as 'key' to itentify
848        * this record into the packet (we can have multiple handshake records
849        * in the same frame) */
850       if (ssl && decrypt_dtls_record(tvb, pinfo, offset,
851                                      record_length, content_type, ssl, FALSE))
852         ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data,
853                             dtls_decrypted_data_avail, offset);
854
855       /* try to retrive and use decrypted handshake record, if any. */
856       decrypted = ssl_get_record_info(tvb, proto_dtls, pinfo, offset);
857       if (decrypted) {
858         dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0,
859                                tvb_length(decrypted), conv_version, ssl, content_type);
860         add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
861       } else {
862         dissect_dtls_handshake(tvb, pinfo, dtls_record_tree, offset,
863                                record_length, conv_version, ssl, content_type);
864       }
865       break;
866     }
867   case SSL_ID_APP_DATA:
868     if (ssl)
869       decrypt_dtls_record(tvb, pinfo, offset,
870                           record_length, content_type, ssl, TRUE);
871
872     /* show on info colum what we are decoding */
873     col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
874
875     if (!dtls_record_tree)
876       break;
877
878     /* we need dissector information when the selected packet is shown.
879      * ssl session pointer is NULL at that time, so we can't access
880      * info cached there*/
881     association = ssl_association_find(dtls_associations, pinfo->srcport, pinfo->ptype == PT_TCP);
882     association = association ? association : ssl_association_find(dtls_associations, pinfo->destport, pinfo->ptype == PT_TCP);
883
884     proto_item_set_text(dtls_record_tree,
885                         "%s Record Layer: %s Protocol: %s",
886                         val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
887                         val_to_str(content_type, ssl_31_content_type, "unknown"),
888                         association?association->info:"Application Data");
889
890     /* show decrypted data info, if available */
891     appl_data = ssl_get_data_info(proto_dtls, pinfo, tvb_raw_offset(tvb)+offset);
892     if (appl_data && (appl_data->plain_data.data_len > 0))
893       {
894         tvbuff_t *next_tvb;
895         gboolean  dissected;
896         /* try to dissect decrypted data*/
897         ssl_debug_printf("dissect_dtls_record decrypted len %d\n",
898                          appl_data->plain_data.data_len);
899
900         /* create a new TVB structure for desegmented data */
901         next_tvb = tvb_new_child_real_data(tvb,
902                                            appl_data->plain_data.data,
903                                            appl_data->plain_data.data_len,
904                                            appl_data->plain_data.data_len);
905
906         add_new_data_source(pinfo, next_tvb, "Decrypted DTLS data");
907
908         /* find out a dissector using server port*/
909         if (association && association->handle) {
910           ssl_debug_printf("dissect_dtls_record found association %p\n", (void *)association);
911           ssl_print_text_data("decrypted app data",appl_data->plain_data.data, appl_data->plain_data.data_len);
912
913           dissected = call_dissector_only(association->handle, next_tvb, pinfo, top_tree);
914         }
915         else {
916           /* try heuristic subdissectors */
917           dissected = dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, top_tree);
918         }
919         if (dissected)
920           break;
921       }
922
923     proto_tree_add_item(dtls_record_tree, hf_dtls_record_appdata, tvb,
924                         offset, record_length, ENC_NA);
925     break;
926
927   default:
928     /* shouldn't get here since we check above for valid types */
929     col_append_str(pinfo->cinfo, COL_INFO, "Bad DTLS Content Type");
930     break;
931   }
932   offset += record_length; /* skip to end of record */
933
934   return offset;
935 }
936
937 /* dissects the change cipher spec procotol, filling in the tree */
938 static void
939 dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
940                                 proto_tree *tree, guint32 offset,
941                                 guint* conv_version, guint8 content_type)
942 {
943   /*
944    * struct {
945    *     enum { change_cipher_spec(1), (255) } type;
946    * } ChangeCipherSpec;
947    *
948    */
949   if (tree)
950     {
951       proto_item_set_text(tree,
952                           "%s Record Layer: %s Protocol: Change Cipher Spec",
953                           val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
954                           val_to_str(content_type, ssl_31_content_type, "unknown"));
955       proto_tree_add_item(tree, hf_dtls_change_cipher_spec, tvb,
956                           offset, 1, ENC_NA);
957     }
958 }
959
960 /* dissects the alert message, filling in the tree */
961 static void
962 dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
963                    proto_tree *tree, guint32 offset,
964                    guint* conv_version)
965 {
966   /*     struct {
967    *         AlertLevel level;
968    *         AlertDescription description;
969    *     } Alert;
970    */
971
972   proto_tree  *ti;
973   proto_tree  *ssl_alert_tree;
974   const gchar *level;
975   const gchar *desc;
976   guint8       byte;
977
978   ssl_alert_tree = NULL;
979
980   if (tree)
981     {
982       ti = proto_tree_add_item(tree, hf_dtls_alert_message, tvb,
983                                offset, 2, ENC_NA);
984       ssl_alert_tree = proto_item_add_subtree(ti, ett_dtls_alert);
985     }
986
987   /*
988    * set the record layer label
989    */
990
991   /* first lookup the names for the alert level and description */
992   byte  = tvb_get_guint8(tvb, offset); /* grab the level byte */
993   level = match_strval(byte, ssl_31_alert_level);
994
995   byte  = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
996   desc  = match_strval(byte, ssl_31_alert_description);
997
998   /* now set the text in the record layer line */
999   if (level && desc)
1000     {
1001       if (check_col(pinfo->cinfo, COL_INFO))
1002         col_append_fstr(pinfo->cinfo, COL_INFO,
1003                         "Alert (Level: %s, Description: %s)",
1004                         level, desc);
1005     }
1006   else
1007     {
1008       col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
1009     }
1010
1011   if (tree)
1012     {
1013       if (level && desc)
1014         {
1015           proto_item_set_text(tree, "%s Record Layer: Alert "
1016                               "(Level: %s, Description: %s)",
1017                               val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1018                               level, desc);
1019           proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_level,
1020                               tvb, offset++, 1, ENC_BIG_ENDIAN);
1021
1022           proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_description,
1023                               tvb, offset, 1, ENC_BIG_ENDIAN);
1024         }
1025       else
1026         {
1027           proto_item_set_text(tree,
1028                               "%s Record Layer: Encrypted Alert",
1029                               val_to_str_const(*conv_version, ssl_version_short_names, "SSL"));
1030           proto_item_set_text(ssl_alert_tree,
1031                               "Alert Message: Encrypted Alert");
1032         }
1033     }
1034 }
1035
1036
1037 /* dissects the handshake protocol, filling the tree */
1038 static void
1039 dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
1040                        proto_tree *tree, guint32 offset,
1041                        guint32 record_length, guint *conv_version,
1042                        SslDecryptSession* ssl, guint8 content_type)
1043 {
1044   /*     struct {
1045    *         HandshakeType msg_type;
1046    *         uint24 length;
1047    *         uint16 message_seq;          //new field
1048    *         uint24 fragment_offset;      //new field
1049    *         uint24 fragment_length;      //new field
1050    *         select (HandshakeType) {
1051    *             case hello_request:       HelloRequest;
1052    *             case client_hello:        ClientHello;
1053    *             case server_hello:        ServerHello;
1054    *             case hello_verify_request: HelloVerifyRequest;     //new field
1055    *             case certificate:         Certificate;
1056    *             case server_key_exchange: ServerKeyExchange;
1057    *             case certificate_request: CertificateRequest;
1058    *             case server_hello_done:   ServerHelloDone;
1059    *             case certificate_verify:  CertificateVerify;
1060    *             case client_key_exchange: ClientKeyExchange;
1061    *             case finished:            Finished;
1062    *         } body;
1063    *     } Handshake;
1064    */
1065
1066   proto_tree  *ti;
1067   proto_tree  *ssl_hand_tree;
1068   const gchar *msg_type_str;
1069   guint8       msg_type;
1070   guint32      length;
1071   guint16      message_seq;
1072   guint32      fragment_offset;
1073   guint32      fragment_length;
1074   gboolean     first_iteration;
1075
1076   ti              = NULL;
1077   ssl_hand_tree   = NULL;
1078   msg_type_str    = NULL;
1079   first_iteration = TRUE;
1080
1081   /* just as there can be multiple records per packet, there
1082    * can be multiple messages per record as long as they have
1083    * the same content type
1084    *
1085    * we really only care about this for handshake messages
1086    */
1087
1088   /* set record_length to the max offset */
1089   record_length += offset;
1090   for (; offset < record_length; offset += fragment_length,
1091          first_iteration = FALSE) /* set up for next pass, if any */
1092     {
1093       fragment_data *frag_msg = NULL;
1094       tvbuff_t      *new_tvb  = NULL;
1095       const gchar   *frag_str = NULL;
1096       gboolean       fragmented;
1097
1098       msg_type        = tvb_get_guint8(tvb, offset);
1099       msg_type_str    = match_strval(msg_type, ssl_31_handshake_type);
1100       length          = tvb_get_ntoh24(tvb, offset + 1);
1101       message_seq     = tvb_get_ntohs(tvb,offset + 4);
1102       fragment_offset = tvb_get_ntoh24(tvb, offset + 6);
1103       fragment_length = tvb_get_ntoh24(tvb, offset + 9);
1104       fragmented      = fragment_length != length;
1105
1106       if (!msg_type_str && !first_iteration)
1107         {
1108           /* only dissect / report messages if they're
1109            * either the first message in this record
1110            * or they're a valid message type
1111            */
1112           return;
1113         }
1114
1115       /* on second and later iterations, add comma to info col */
1116       if (!first_iteration)
1117         {
1118           col_append_str(pinfo->cinfo, COL_INFO, ", ");
1119         }
1120
1121       /*
1122        * Update our info string
1123        */
1124       if (check_col(pinfo->cinfo, COL_INFO))
1125         col_append_str(pinfo->cinfo, COL_INFO, (msg_type_str != NULL)
1126                         ? msg_type_str : "Encrypted Handshake Message");
1127
1128       /* Handle fragments of known message type */
1129       if (fragmented)
1130         {
1131           gboolean frag_hand;
1132
1133           switch (msg_type) {
1134           case SSL_HND_HELLO_REQUEST:
1135           case SSL_HND_CLIENT_HELLO:
1136           case SSL_HND_HELLO_VERIFY_REQUEST:
1137           case SSL_HND_SERVER_HELLO:
1138           case SSL_HND_CERTIFICATE:
1139           case SSL_HND_SERVER_KEY_EXCHG:
1140           case SSL_HND_CERT_REQUEST:
1141           case SSL_HND_SVR_HELLO_DONE:
1142           case SSL_HND_CERT_VERIFY:
1143           case SSL_HND_CLIENT_KEY_EXCHG:
1144           case SSL_HND_FINISHED:
1145             frag_hand = TRUE;
1146             break;
1147           default:
1148             /* Ignore encrypted handshake messages */
1149             frag_hand = FALSE;
1150             break;
1151           }
1152
1153           if (frag_hand) {
1154             /* Fragmented handshake message */
1155             pinfo->fragmented = TRUE;
1156
1157             /* Don't pass the reassembly code data that doesn't exist */
1158             tvb_ensure_bytes_exist(tvb, offset, fragment_length);
1159
1160             frag_msg = fragment_add(tvb, offset+12, pinfo, message_seq,
1161                                     dtls_fragment_table,
1162                                     fragment_offset, fragment_length, TRUE);
1163             fragment_set_tot_len(pinfo, message_seq, dtls_fragment_table,
1164                                  length);
1165
1166             if (frag_msg && (fragment_length + fragment_offset) == length)
1167               {
1168                 /* Reassembled */
1169                 new_tvb = process_reassembled_data(tvb, offset+12, pinfo,
1170                                                    "Reassembled DTLS",
1171                                                    frag_msg,
1172                                                    &dtls_frag_items,
1173                                                    NULL, tree);
1174                 frag_str = " (Reassembled)";
1175               }
1176             else
1177               {
1178                 frag_str = " (Fragment)";
1179               }
1180
1181             if (check_col(pinfo->cinfo, COL_INFO))
1182               col_append_str(pinfo->cinfo, COL_INFO, frag_str);
1183           }
1184         }
1185
1186       if (tree)
1187         {
1188           /* set the label text on the record layer expanding node */
1189           if (first_iteration)
1190             {
1191               proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s",
1192                                   val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1193                                   val_to_str(content_type, ssl_31_content_type, "unknown"),
1194                                   (msg_type_str!=NULL) ? msg_type_str :
1195                                   "Encrypted Handshake Message",
1196                                   (frag_str!=NULL) ? frag_str : "");
1197             }
1198           else
1199             {
1200               proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s",
1201                                   val_to_str_const(*conv_version, ssl_version_short_names, "SSL"),
1202                                   val_to_str(content_type, ssl_31_content_type, "unknown"),
1203                                   "Multiple Handshake Messages",
1204                                   (frag_str!=NULL) ? frag_str : "");
1205             }
1206
1207           /* add a subtree for the handshake protocol */
1208           ti = proto_tree_add_item(tree, hf_dtls_handshake_protocol, tvb,
1209                                    offset, fragment_length + 12, ENC_NA);
1210           ssl_hand_tree = proto_item_add_subtree(ti, ett_dtls_handshake);
1211
1212           if (ssl_hand_tree)
1213             {
1214               /* set the text label on the subtree node */
1215               proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s%s",
1216                                   (msg_type_str != NULL) ? msg_type_str :
1217                                   "Encrypted Handshake Message",
1218                                   (frag_str!=NULL) ? frag_str : "");
1219             }
1220         }
1221
1222       /* if we don't have a valid handshake type, just quit dissecting */
1223       if (!msg_type_str)
1224         return;
1225
1226       /* if we are doing ssl decryption we must dissect some requests type */
1227       if (ssl_hand_tree || ssl)
1228         {
1229           tvbuff_t *sub_tvb = NULL;
1230
1231           /* add nodes for the message type and message length */
1232           if (ssl_hand_tree)
1233             proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_type,
1234                                 tvb, offset, 1, msg_type);
1235           offset++;
1236           if (ssl_hand_tree)
1237             proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_length,
1238                                 tvb, offset, 3, length);
1239           offset += 3;
1240
1241           if (ssl_hand_tree)
1242             proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_message_seq,
1243                                 tvb, offset, 2, message_seq);
1244           offset += 2;
1245           if (ssl_hand_tree)
1246             proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_fragment_offset,
1247                                 tvb, offset, 3, fragment_offset);
1248           offset += 3;
1249           if (ssl_hand_tree)
1250             proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_fragment_length,
1251                                 tvb, offset, 3, fragment_length);
1252           offset += 3;
1253
1254           if (fragmented && !new_tvb)
1255             {
1256               /* Skip fragmented messages not reassembled yet */
1257               continue;
1258             }
1259
1260           if (new_tvb)
1261             {
1262               sub_tvb = new_tvb;
1263             }
1264           else
1265             {
1266               sub_tvb = tvb_new_subset(tvb, offset, fragment_length,
1267                                         fragment_length);
1268             }
1269
1270           /* now dissect the handshake message, if necessary */
1271           switch (msg_type) {
1272           case SSL_HND_HELLO_REQUEST:
1273             /* hello_request has no fields, so nothing to do! */
1274             break;
1275
1276           case SSL_HND_CLIENT_HELLO:
1277             dissect_dtls_hnd_cli_hello(sub_tvb, ssl_hand_tree, 0, length, ssl);
1278             break;
1279
1280           case SSL_HND_HELLO_VERIFY_REQUEST:
1281             dissect_dtls_hnd_hello_verify_request(sub_tvb, ssl_hand_tree, 0,  ssl);
1282             break;
1283
1284           case SSL_HND_SERVER_HELLO:
1285             dissect_dtls_hnd_srv_hello(sub_tvb, ssl_hand_tree, 0, length, ssl);
1286             break;
1287
1288           case SSL_HND_CERTIFICATE:
1289             dissect_dtls_hnd_cert(sub_tvb, ssl_hand_tree, 0, pinfo);
1290             break;
1291
1292           case SSL_HND_SERVER_KEY_EXCHG:
1293             /* unimplemented */
1294             break;
1295
1296           case SSL_HND_CERT_REQUEST:
1297             dissect_dtls_hnd_cert_req(sub_tvb, ssl_hand_tree, 0);
1298             break;
1299
1300           case SSL_HND_SVR_HELLO_DONE:
1301             /* server_hello_done has no fields, so nothing to do! */
1302             break;
1303
1304           case SSL_HND_CERT_VERIFY:
1305             /* unimplemented */
1306             break;
1307
1308           case SSL_HND_CLIENT_KEY_EXCHG:
1309             {
1310               /* here we can have all the data to build session key */
1311               StringInfo encrypted_pre_master;
1312               gint ret;
1313               guint encrlen = length, skip;
1314               skip = 0;
1315
1316               if (!ssl)
1317                 break;
1318
1319               /* check for required session data */
1320               ssl_debug_printf("dissect_dtls_handshake found SSL_HND_CLIENT_KEY_EXCHG, state %X\n",
1321                                ssl->state);
1322               if ((ssl->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) !=
1323                   (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) {
1324                 ssl_debug_printf("dissect_dtls_handshake not enough data to generate key (required state %X)\n",
1325                                  (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION));
1326                 break;
1327               }
1328
1329               /* Skip leading two bytes length field. Older openssl's DTLS implementation seems not to have this field.
1330                * See implementation note in RFC 4346 section 7.4.7.1
1331                */
1332               if (ssl->cipher_suite.kex==KEX_RSA && ssl->version_netorder != DTLSV1DOT0_VERSION_NOT) {
1333                 encrlen = tvb_get_ntohs(tvb, offset);
1334                 skip = 2;
1335                 if (encrlen > length - 2) {
1336                   ssl_debug_printf("dissect_dtls_handshake wrong encrypted length (%d max %d)\n", encrlen, length);
1337                   break;
1338                 }
1339               }
1340
1341               encrypted_pre_master.data = se_alloc(encrlen);
1342               encrypted_pre_master.data_len = encrlen;
1343               tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
1344
1345               if (!ssl->private_key) {
1346                 ssl_debug_printf("dissect_dtls_handshake can't find private key\n");
1347                 break;
1348               }
1349
1350               /* go with ssl key processessing; encrypted_pre_master
1351                * will be used for master secret store*/
1352               ret = ssl_decrypt_pre_master_secret(ssl, &encrypted_pre_master, ssl->private_key);
1353               if (ret < 0) {
1354                 ssl_debug_printf("dissect_dtls_handshake can't decrypt pre master secret\n");
1355                 break;
1356               }
1357               if (ssl_generate_keyring_material(ssl)<0) {
1358                 ssl_debug_printf("dissect_dtls_handshake can't generate keyring material\n");
1359                 break;
1360               }
1361               ssl->state |= SSL_HAVE_SESSION_KEY;
1362               ssl_save_session(ssl, dtls_session_hash);
1363               ssl_debug_printf("dissect_dtls_handshake session keys successfully generated\n");
1364             }
1365             break;
1366
1367           case SSL_HND_FINISHED:
1368             dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree,
1369                                       0, conv_version);
1370             break;
1371           }
1372
1373         }
1374       else{
1375         offset += 12;        /* skip the handshake header when handshake is not processed*/
1376       }
1377     }
1378 }
1379
1380 static gint
1381 dissect_dtls_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
1382                               guint32 offset, SslDecryptSession* ssl, gint from_server)
1383 {
1384   /* show the client's random challenge */
1385   nstime_t gmt_unix_time;
1386   guint8   session_id_length;
1387
1388   if (tree || ssl)
1389     {
1390           if (ssl)
1391                 {
1392                   /* get proper peer information*/
1393                   StringInfo* rnd;
1394                   if (from_server)
1395                         rnd = &ssl->server_random;
1396                   else
1397                         rnd = &ssl->client_random;
1398
1399                   /* get provided random for keyring generation*/
1400                   tvb_memcpy(tvb, rnd->data, offset, 32);
1401                   rnd->data_len = 32;
1402                   if (from_server)
1403                         ssl->state |= SSL_SERVER_RANDOM;
1404                   else
1405                         ssl->state |= SSL_CLIENT_RANDOM;
1406                   ssl_debug_printf("dissect_dtls_hnd_hello_common found random state %X\n",
1407                                                    ssl->state);
1408         }
1409
1410       /* show the time */
1411       if (tree)
1412         {
1413           gmt_unix_time.secs  = tvb_get_ntohl(tvb, offset);
1414           gmt_unix_time.nsecs = 0;
1415           proto_tree_add_time(tree, hf_dtls_handshake_random_time,
1416                               tvb, offset, 4, &gmt_unix_time);
1417         }
1418       offset += 4;
1419
1420       /* show the random bytes */
1421       if (tree)
1422           proto_tree_add_item(tree, hf_dtls_handshake_random_bytes,
1423                               tvb, offset, 28, ENC_NA);
1424       offset += 28;
1425
1426       /* show the session id */
1427       session_id_length = tvb_get_guint8(tvb, offset);
1428       if (tree)
1429           proto_tree_add_item(tree, hf_dtls_handshake_session_id_len,
1430                               tvb, offset, 1, ENC_BIG_ENDIAN);
1431           offset++;
1432       if (ssl)
1433         {
1434           /* check stored session id info */
1435           if (from_server && (session_id_length == ssl->session_id.data_len) &&
1436               (tvb_memeql(tvb, offset, ssl->session_id.data, session_id_length) == 0))
1437             {
1438               /* clinet/server id match: try to restore a previous cached session*/
1439               ssl_restore_session(ssl, dtls_session_hash);
1440             }
1441           else {
1442             tvb_memcpy(tvb,ssl->session_id.data, offset, session_id_length);
1443             ssl->session_id.data_len = session_id_length;
1444           }
1445         }
1446           if (tree && session_id_length > 0)
1447                   proto_tree_add_bytes_format(tree, hf_dtls_handshake_session_id,
1448                                                                           tvb, offset, session_id_length,
1449                                                                           NULL, "Session ID (%u byte%s)",
1450                                                                           session_id_length,
1451                                                                           plurality(session_id_length, "", "s"));
1452           offset += session_id_length;
1453     }
1454
1455   /* XXXX */
1456   return offset;
1457 }
1458
1459 static gint
1460 dissect_dtls_hnd_hello_ext(tvbuff_t *tvb,
1461                            proto_tree *tree, guint32 offset, guint32 left)
1462 {
1463   guint16     extension_length;
1464   guint16     ext_type;
1465   guint16     ext_len;
1466   proto_item *pi;
1467   proto_tree *ext_tree;
1468
1469   if (left < 2)
1470     return offset;
1471
1472   extension_length = tvb_get_ntohs(tvb, offset);
1473   proto_tree_add_uint(tree, hf_dtls_handshake_extensions_len,
1474                       tvb, offset, 2, extension_length);
1475   offset += 2;
1476   left   -= 2;
1477
1478   while (left >= 4)
1479     {
1480       ext_type = tvb_get_ntohs(tvb, offset);
1481       ext_len  = tvb_get_ntohs(tvb, offset + 2);
1482
1483       pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len,
1484                                "Extension: %s",
1485                                val_to_str(ext_type,
1486                                           tls_hello_extension_types,
1487                                           "Unknown %u"));
1488       ext_tree = proto_item_add_subtree(pi, ett_dtls_extension);
1489       if (!ext_tree)
1490         ext_tree = tree;
1491
1492       proto_tree_add_uint(ext_tree, hf_dtls_handshake_extension_type,
1493                           tvb, offset, 2, ext_type);
1494       offset += 2;
1495
1496       proto_tree_add_uint(ext_tree, hf_dtls_handshake_extension_len,
1497                           tvb, offset, 2, ext_len);
1498       offset += 2;
1499
1500       proto_tree_add_bytes_format(ext_tree, hf_dtls_handshake_extension_data,
1501                                   tvb, offset, ext_len, NULL,
1502                                   "Data (%u byte%s)", ext_len,
1503                                   plurality(ext_len, "", "s"));
1504       offset += ext_len;
1505       left   -= 2 + 2 + ext_len;
1506     }
1507
1508   return offset;
1509 }
1510
1511 static void
1512 dissect_dtls_hnd_cli_hello(tvbuff_t *tvb,
1513                            proto_tree *tree, guint32 offset, guint32 length,
1514                            SslDecryptSession*ssl)
1515 {
1516   /* struct {
1517    *     ProtocolVersion client_version;
1518    *     Random random;
1519    *     SessionID session_id;
1520    *     opaque cookie<0..32>;                   //new field
1521    *     CipherSuite cipher_suites<2..2^16-1>;
1522    *     CompressionMethod compression_methods<1..2^8-1>;
1523    *     Extension client_hello_extension_list<0..2^16-1>;
1524    * } ClientHello;
1525    *
1526    */
1527
1528   proto_tree *ti;
1529   proto_tree *cs_tree;
1530   guint16     cipher_suite_length;
1531   guint8      compression_methods_length;
1532   guint8      compression_method;
1533   guint16     start_offset   = offset;
1534   guint8      cookie_length;
1535
1536   if (tree || ssl)
1537     {
1538       /* show the client version */
1539       if (tree)
1540         proto_tree_add_item(tree, hf_dtls_handshake_client_version, tvb,
1541                             offset, 2, ENC_BIG_ENDIAN);
1542       offset += 2;
1543
1544       /* show the fields in common with server hello */
1545       offset = dissect_dtls_hnd_hello_common(tvb, tree, offset, ssl, 0);
1546
1547       /* look for a cookie */
1548       cookie_length = tvb_get_guint8(tvb, offset);
1549       if (!tree)
1550         return;
1551
1552       proto_tree_add_uint(tree, hf_dtls_handshake_cookie_len,
1553                           tvb, offset, 1, cookie_length);
1554       offset ++;            /* skip opaque length */
1555
1556       if (cookie_length > 0)
1557         {
1558           proto_tree_add_bytes_format(tree, hf_dtls_handshake_cookie,
1559                                       tvb, offset, cookie_length,
1560                                       NULL, "Cookie (%u byte%s)",
1561                                       cookie_length,
1562                                       plurality(cookie_length, "", "s"));
1563           offset += cookie_length;
1564         }
1565
1566       /* tell the user how many cipher suites there are */
1567       cipher_suite_length = tvb_get_ntohs(tvb, offset);
1568
1569       proto_tree_add_uint(tree, hf_dtls_handshake_cipher_suites_len,
1570                           tvb, offset, 2, cipher_suite_length);
1571       offset += 2;            /* skip opaque length */
1572
1573       if (cipher_suite_length > 0)
1574         {
1575           tvb_ensure_bytes_exist(tvb, offset, cipher_suite_length);
1576           ti = proto_tree_add_none_format(tree,
1577                                           hf_dtls_handshake_cipher_suites,
1578                                           tvb, offset, cipher_suite_length,
1579                                           "Cipher Suites (%u suite%s)",
1580                                           cipher_suite_length / 2,
1581                                           plurality(cipher_suite_length/2, "", "s"));
1582
1583           /* make this a subtree */
1584           cs_tree = proto_item_add_subtree(ti, ett_dtls_cipher_suites);
1585           if (!cs_tree)
1586             {
1587               cs_tree = tree; /* failsafe */
1588             }
1589
1590           while (cipher_suite_length > 0)
1591             {
1592               proto_tree_add_item(cs_tree, hf_dtls_handshake_cipher_suite,
1593                                   tvb, offset, 2, ENC_BIG_ENDIAN);
1594               offset += 2;
1595               cipher_suite_length -= 2;
1596             }
1597         }
1598
1599       /* tell the user how man compression methods there are */
1600       compression_methods_length = tvb_get_guint8(tvb, offset);
1601       proto_tree_add_uint(tree, hf_dtls_handshake_comp_methods_len,
1602                           tvb, offset, 1, compression_methods_length);
1603       offset++;
1604
1605       if (compression_methods_length > 0)
1606         {
1607           tvb_ensure_bytes_exist(tvb, offset, compression_methods_length);
1608           ti = proto_tree_add_none_format(tree,
1609                                           hf_dtls_handshake_comp_methods,
1610                                           tvb, offset, compression_methods_length,
1611                                           "Compression Methods (%u method%s)",
1612                                           compression_methods_length,
1613                                           plurality(compression_methods_length,
1614                                                     "", "s"));
1615
1616           /* make this a subtree */
1617           cs_tree = proto_item_add_subtree(ti, ett_dtls_comp_methods);
1618           if (!cs_tree)
1619             {
1620               cs_tree = tree; /* failsafe */
1621             }
1622
1623           while (compression_methods_length > 0)
1624             {
1625               compression_method = tvb_get_guint8(tvb, offset);
1626               if (compression_method < 64)
1627                 proto_tree_add_uint(cs_tree, hf_dtls_handshake_comp_method,
1628                                     tvb, offset, 1, compression_method);
1629               else if (compression_method > 63 && compression_method < 193)
1630                 proto_tree_add_text(cs_tree, tvb, offset, 1,
1631                                     "Compression Method: Reserved - to be assigned by IANA (%u)",
1632                                     compression_method);
1633               else
1634                 proto_tree_add_text(cs_tree, tvb, offset, 1,
1635                                     "Compression Method: Private use range (%u)",
1636                                     compression_method);
1637               offset++;
1638               compression_methods_length--;
1639             }
1640         }
1641
1642       if (length > offset - start_offset)
1643         {
1644           dissect_dtls_hnd_hello_ext(tvb, tree, offset,
1645                                               length -
1646                                               (offset - start_offset));
1647         }
1648     }
1649 }
1650
1651
1652 static int
1653 dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree,
1654                                       guint32 offset, SslDecryptSession* ssl)
1655 {
1656   /*
1657    * struct {
1658    *    ProtocolVersion server_version;
1659    *    opaque cookie<0..32>;
1660    * } HelloVerifyRequest;
1661    */
1662
1663   guint8 cookie_length;
1664
1665
1666   if (tree || ssl)
1667     {
1668       /* show the client version */
1669       if (tree)
1670         proto_tree_add_item(tree, hf_dtls_handshake_server_version, tvb,
1671                             offset, 2, ENC_BIG_ENDIAN);
1672       offset += 2;
1673
1674
1675       /* look for a cookie */
1676       cookie_length = tvb_get_guint8(tvb, offset);
1677       if (!tree)
1678         return offset;
1679
1680       proto_tree_add_uint(tree, hf_dtls_handshake_cookie_len,
1681                           tvb, offset, 1, cookie_length);
1682       offset ++;            /* skip opaque length */
1683
1684       if (cookie_length > 0)
1685         {
1686           proto_tree_add_bytes_format(tree, hf_dtls_handshake_cookie,
1687                                       tvb, offset, cookie_length,
1688                                       NULL, "Cookie (%u byte%s)",
1689                                       cookie_length,
1690                                       plurality(cookie_length, "", "s"));
1691           offset += cookie_length;
1692         }
1693     }
1694     return offset;
1695 }
1696
1697 static int
1698 dissect_dtls_hnd_srv_hello(tvbuff_t *tvb,
1699                            proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl)
1700 {
1701   /* struct {
1702    *     ProtocolVersion server_version;
1703    *     Random random;
1704    *     SessionID session_id;
1705    *     CipherSuite cipher_suite;
1706    *     CompressionMethod compression_method;
1707    *     Extension server_hello_extension_list<0..2^16-1>;
1708    * } ServerHello;
1709    */
1710
1711   guint16 start_offset;
1712
1713   start_offset = offset;
1714
1715   if (tree || ssl)
1716     {
1717       /* show the server version */
1718       if (tree)
1719         proto_tree_add_item(tree, hf_dtls_handshake_server_version, tvb,
1720                             offset, 2, ENC_BIG_ENDIAN);
1721       offset += 2;
1722
1723       /* first display the elements conveniently in
1724        * common with client hello
1725        */
1726       offset = dissect_dtls_hnd_hello_common(tvb, tree, offset, ssl, 1);
1727
1728       /* PAOLO: handle session cipher suite  */
1729       if (ssl) {
1730         /* store selected cipher suite for decryption */
1731         ssl->cipher = tvb_get_ntohs(tvb, offset);
1732         if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
1733           ssl_debug_printf("dissect_dtls_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher);
1734           goto no_cipher;
1735         }
1736
1737         ssl->state |= SSL_CIPHER;
1738         ssl_debug_printf("dissect_dtls_hnd_srv_hello found cipher %X, state %X\n",
1739                          ssl->cipher, ssl->state);
1740
1741         /* if we have restored a session now we can have enought material
1742          * to build session key, check it out*/
1743         if ((ssl->state &
1744              (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) !=
1745             (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) {
1746           ssl_debug_printf("dissect_dtls_hnd_srv_hello not enough data to generate key (required state %X)\n",
1747                            (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET));
1748           goto no_cipher;
1749         }
1750
1751         ssl_debug_printf("dissect_dtls_hnd_srv_hello trying to generate keys\n");
1752         if (ssl_generate_keyring_material(ssl)<0) {
1753           ssl_debug_printf("dissect_dtls_hnd_srv_hello can't generate keyring material\n");
1754           goto no_cipher;
1755         }
1756         ssl->state |= SSL_HAVE_SESSION_KEY;
1757       }
1758     no_cipher:
1759       if (ssl) {
1760         /* store selected compression method for decompression */
1761         ssl->compression = tvb_get_guint8(tvb, offset+2);
1762       }
1763       if (!tree)
1764         return offset;
1765
1766       /* now the server-selected cipher suite */
1767       proto_tree_add_item(tree, hf_dtls_handshake_cipher_suite,
1768                           tvb, offset, 2, ENC_BIG_ENDIAN);
1769       offset += 2;
1770
1771       /* and the server-selected compression method */
1772       proto_tree_add_item(tree, hf_dtls_handshake_comp_method,
1773                           tvb, offset, 1, ENC_BIG_ENDIAN);
1774       offset++;
1775
1776       if (length > offset - start_offset)
1777         {
1778           offset = dissect_dtls_hnd_hello_ext(tvb, tree, offset,
1779                                               length -
1780                                               (offset - start_offset));
1781         }
1782     }
1783     return offset;
1784 }
1785
1786 static void
1787 dissect_dtls_hnd_cert(tvbuff_t *tvb,
1788                       proto_tree *tree, guint32 offset, packet_info *pinfo)
1789 {
1790
1791   /* opaque ASN.1Cert<2^24-1>;
1792    *
1793    * struct {
1794    *     ASN.1Cert certificate_list<1..2^24-1>;
1795    * } Certificate;
1796    */
1797
1798   guint32     certificate_list_length;
1799   proto_tree *ti;
1800   proto_tree *subtree;
1801   asn1_ctx_t  asn1_ctx;
1802
1803   asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
1804
1805   if (tree)
1806     {
1807       certificate_list_length = tvb_get_ntoh24(tvb, offset);
1808       proto_tree_add_uint(tree, hf_dtls_handshake_certificates_len,
1809                           tvb, offset, 3, certificate_list_length);
1810       offset += 3;            /* 24-bit length value */
1811
1812       if (certificate_list_length > 0)
1813         {
1814           tvb_ensure_bytes_exist(tvb, offset, certificate_list_length);
1815           ti = proto_tree_add_none_format(tree,
1816                                           hf_dtls_handshake_certificates,
1817                                           tvb, offset, certificate_list_length,
1818                                           "Certificates (%u byte%s)",
1819                                           certificate_list_length,
1820                                           plurality(certificate_list_length,
1821                                                     "", "s"));
1822
1823           /* make it a subtree */
1824           subtree = proto_item_add_subtree(ti, ett_dtls_certs);
1825           if (!subtree)
1826             {
1827               subtree = tree; /* failsafe */
1828             }
1829
1830           /* iterate through each certificate */
1831           while (certificate_list_length > 0)
1832             {
1833               /* get the length of the current certificate */
1834               guint32 cert_length = tvb_get_ntoh24(tvb, offset);
1835               certificate_list_length -= 3 + cert_length;
1836
1837               proto_tree_add_item(subtree, hf_dtls_handshake_certificate_len,
1838                                   tvb, offset, 3, ENC_BIG_ENDIAN);
1839               offset += 3;
1840
1841               dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, subtree, hf_dtls_handshake_certificate);
1842               offset += cert_length;
1843             }
1844         }
1845
1846     }
1847 }
1848
1849 static void
1850 dissect_dtls_hnd_cert_req(tvbuff_t *tvb,
1851                           proto_tree *tree, guint32 offset)
1852 {
1853   /*
1854    *    enum {
1855    *        rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
1856    *        (255)
1857    *    } ClientCertificateType;
1858    *
1859    *    opaque DistinguishedName<1..2^16-1>;
1860    *
1861    *    struct {
1862    *        ClientCertificateType certificate_types<1..2^8-1>;
1863    *        DistinguishedName certificate_authorities<3..2^16-1>;
1864    *    } CertificateRequest;
1865    *
1866    */
1867
1868   proto_tree *ti;
1869   proto_tree *subtree;
1870   guint8      cert_types_count;
1871   gint        dnames_length;
1872
1873   if (tree)
1874     {
1875       cert_types_count = tvb_get_guint8(tvb, offset);
1876       proto_tree_add_uint(tree, hf_dtls_handshake_cert_types_count,
1877                           tvb, offset, 1, cert_types_count);
1878       offset++;
1879
1880       if (cert_types_count > 0)
1881         {
1882           ti = proto_tree_add_none_format(tree,
1883                                           hf_dtls_handshake_cert_types,
1884                                           tvb, offset, cert_types_count,
1885                                           "Certificate types (%u type%s)",
1886                                           cert_types_count,
1887                                           plurality(cert_types_count, "", "s"));
1888           subtree = proto_item_add_subtree(ti, ett_dtls_cert_types);
1889           if (!subtree)
1890             {
1891               subtree = tree;
1892             }
1893
1894           while (cert_types_count > 0)
1895             {
1896               proto_tree_add_item(subtree, hf_dtls_handshake_cert_type,
1897                                   tvb, offset, 1, ENC_BIG_ENDIAN);
1898               offset++;
1899               cert_types_count--;
1900             }
1901         }
1902
1903       dnames_length = tvb_get_ntohs(tvb, offset);
1904       proto_tree_add_uint(tree, hf_dtls_handshake_dnames_len,
1905                           tvb, offset, 2, dnames_length);
1906       offset += 2;
1907
1908       if (dnames_length > 0)
1909         {
1910           tvb_ensure_bytes_exist(tvb, offset, dnames_length);
1911           ti = proto_tree_add_none_format(tree,
1912                                           hf_dtls_handshake_dnames,
1913                                           tvb, offset, dnames_length,
1914                                           "Distinguished Names (%d byte%s)",
1915                                           dnames_length,
1916                                           plurality(dnames_length, "", "s"));
1917           subtree = proto_item_add_subtree(ti, ett_dtls_dnames);
1918           if (!subtree)
1919             {
1920               subtree = tree;
1921             }
1922
1923           while (dnames_length > 0)
1924             {
1925               /* get the length of the current certificate */
1926               guint16 name_length = tvb_get_ntohs(tvb, offset);
1927               dnames_length -= 2 + name_length;
1928
1929               proto_tree_add_item(subtree, hf_dtls_handshake_dname_len,
1930                                   tvb, offset, 2, ENC_BIG_ENDIAN);
1931               offset += 2;
1932
1933               proto_tree_add_bytes_format(subtree,
1934                                           hf_dtls_handshake_dname,
1935                                           tvb, offset, name_length, NULL,
1936                                           "Distinguished Name (%u byte%s)",
1937                                           name_length,
1938                                           plurality(name_length, "", "s"));
1939               offset += name_length;
1940             }
1941         }
1942     }
1943
1944 }
1945
1946 static void
1947 dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset,
1948                           guint* conv_version)
1949 {
1950   /*
1951    *     struct {
1952    *         opaque verify_data[12];
1953    *     } Finished;
1954    */
1955
1956   /* this all needs a tree, so bail if we don't have one */
1957   if (!tree)
1958     {
1959       return;
1960     }
1961
1962   switch(*conv_version) {
1963   case SSL_VER_DTLS:
1964     proto_tree_add_item(tree, hf_dtls_handshake_finished,
1965                         tvb, offset, 12, ENC_NA);
1966     break;
1967   }
1968 }
1969
1970 /*********************************************************************
1971  *
1972  * Support Functions
1973  *
1974  *********************************************************************/
1975 #if 0
1976 static void
1977 ssl_set_conv_version(packet_info *pinfo, guint version)
1978 {
1979   conversation_t *conversation;
1980
1981   if (pinfo->fd->flags.visited)
1982     {
1983       /* We've already processed this frame; no need to do any more
1984        * work on it.
1985        */
1986       return;
1987     }
1988
1989   conversation = find_or_create_conversation(pinfo);
1990
1991   if (conversation_get_proto_data(conversation, proto_dtls) != NULL)
1992     {
1993       /* get rid of the current data */
1994       conversation_delete_proto_data(conversation, proto_dtls);
1995     }
1996   conversation_add_proto_data(conversation, proto_dtls, GINT_TO_POINTER(version));
1997 }
1998 #endif
1999
2000 static gint
2001 dtls_is_valid_handshake_type(guint8 type)
2002 {
2003
2004   switch (type) {
2005   case SSL_HND_HELLO_REQUEST:
2006   case SSL_HND_CLIENT_HELLO:
2007   case SSL_HND_SERVER_HELLO:
2008   case SSL_HND_HELLO_VERIFY_REQUEST:
2009   case SSL_HND_CERTIFICATE:
2010   case SSL_HND_SERVER_KEY_EXCHG:
2011   case SSL_HND_CERT_REQUEST:
2012   case SSL_HND_SVR_HELLO_DONE:
2013   case SSL_HND_CERT_VERIFY:
2014   case SSL_HND_CLIENT_KEY_EXCHG:
2015   case SSL_HND_FINISHED:
2016     return 1;
2017   }
2018   return 0;
2019 }
2020
2021 static gint
2022 dtls_is_authoritative_version_message(guint8 content_type, guint8 next_byte)
2023 {
2024   if (content_type == SSL_ID_HANDSHAKE
2025       && dtls_is_valid_handshake_type(next_byte))
2026     {
2027       return (next_byte != SSL_HND_CLIENT_HELLO);
2028     }
2029   else if (ssl_is_valid_content_type(content_type)
2030            && content_type != SSL_ID_HANDSHAKE)
2031     {
2032       return 1;
2033     }
2034   return 0;
2035 }
2036
2037 /* this applies a heuristic to determine whether
2038  * or not the data beginning at offset looks like a
2039  * valid dtls record.
2040  */
2041 static gint
2042 looks_like_dtls(tvbuff_t *tvb, guint32 offset)
2043 {
2044   /* have to have a valid content type followed by a valid
2045    * protocol version
2046    */
2047   guint8  byte;
2048   guint16 version;
2049
2050   /* see if the first byte is a valid content type */
2051   byte = tvb_get_guint8(tvb, offset);
2052   if (!ssl_is_valid_content_type(byte))
2053     {
2054       return 0;
2055     }
2056
2057   /* now check to see if the version byte appears valid */
2058   version = tvb_get_ntohs(tvb, offset + 1);
2059   if (version != DTLSV1DOT0_VERSION && version != DTLSV1DOT0_VERSION_NOT)
2060     {
2061       return 0;
2062     }
2063
2064   return 1;
2065 }
2066
2067 /* UAT */
2068
2069 #ifdef HAVE_LIBGNUTLS
2070 static void
2071 dtlsdecrypt_free_cb(void* r)
2072 {
2073   ssldecrypt_assoc_t* h = r;
2074
2075   g_free(h->ipaddr);
2076   g_free(h->port);
2077   g_free(h->protocol);
2078   g_free(h->keyfile);
2079   g_free(h->password);
2080 }
2081 #endif
2082
2083 #if 0
2084 static void
2085 dtlsdecrypt_update_cb(void* r _U_, const char** err _U_)
2086 {
2087   return;
2088 }
2089 #endif
2090
2091 #ifdef HAVE_LIBGNUTLS
2092 static void *
2093 dtlsdecrypt_copy_cb(void* dest, const void* orig, size_t len _U_)
2094 {
2095   const ssldecrypt_assoc_t* o = orig;
2096   ssldecrypt_assoc_t*       d = dest;
2097
2098   d->ipaddr    = g_strdup(o->ipaddr);
2099   d->port      = g_strdup(o->port);
2100   d->protocol  = g_strdup(o->protocol);
2101   d->keyfile   = g_strdup(o->keyfile);
2102   d->password  = g_strdup(o->password);
2103
2104   return d;
2105 }
2106
2107 UAT_CSTRING_CB_DEF(sslkeylist_uats,ipaddr,ssldecrypt_assoc_t)
2108 UAT_CSTRING_CB_DEF(sslkeylist_uats,port,ssldecrypt_assoc_t)
2109 UAT_CSTRING_CB_DEF(sslkeylist_uats,protocol,ssldecrypt_assoc_t)
2110 UAT_FILENAME_CB_DEF(sslkeylist_uats,keyfile,ssldecrypt_assoc_t)
2111 UAT_CSTRING_CB_DEF(sslkeylist_uats,password,ssldecrypt_assoc_t)
2112 #endif
2113
2114 void proto_reg_handoff_dtls(void);
2115
2116 /*********************************************************************
2117  *
2118  * Standard Wireshark Protocol Registration and housekeeping
2119  *
2120  *********************************************************************/
2121 void
2122 proto_register_dtls(void)
2123 {
2124
2125   /* Setup list of header fields See Section 1.6.1 for details*/
2126   static hf_register_info hf[] = {
2127     { &hf_dtls_record,
2128       { "Record Layer", "dtls.record",
2129         FT_NONE, BASE_NONE, NULL, 0x0,
2130         NULL, HFILL }
2131     },
2132     { &hf_dtls_record_content_type,
2133       { "Content Type", "dtls.record.content_type",
2134         FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
2135         NULL, HFILL}
2136     },
2137     { &hf_dtls_record_version,
2138       { "Version", "dtls.record.version",
2139         FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2140         "Record layer version.", HFILL }
2141     },
2142     { &hf_dtls_record_epoch,
2143       { "Epoch", "dtls.record.epoch",
2144         FT_UINT16, BASE_DEC, NULL, 0x0,
2145         NULL, HFILL }
2146     },
2147     { &hf_dtls_record_sequence_number,
2148       { "Sequence Number", "dtls.record.sequence_number",
2149         FT_DOUBLE, BASE_NONE, NULL, 0x0,
2150         NULL, HFILL }
2151     },
2152     { &hf_dtls_record_length,
2153       { "Length", "dtls.record.length",
2154         FT_UINT16, BASE_DEC, NULL, 0x0,
2155         "Length of DTLS record data", HFILL }
2156     },
2157     { &hf_dtls_record_appdata,
2158       { "Encrypted Application Data", "dtls.app_data",
2159         FT_BYTES, BASE_NONE, NULL, 0x0,
2160         "Payload is encrypted application data", HFILL }
2161     },
2162     { &hf_dtls_change_cipher_spec,
2163       { "Change Cipher Spec Message", "dtls.change_cipher_spec",
2164         FT_NONE, BASE_NONE, NULL, 0x0,
2165         "Signals a change in cipher specifications", HFILL }
2166     },
2167     { & hf_dtls_alert_message,
2168       { "Alert Message", "dtls.alert_message",
2169         FT_NONE, BASE_NONE, NULL, 0x0,
2170         NULL, HFILL }
2171     },
2172     { & hf_dtls_alert_message_level,
2173       { "Level", "dtls.alert_message.level",
2174         FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
2175         "Alert message level", HFILL }
2176     },
2177     { &hf_dtls_alert_message_description,
2178       { "Description", "dtls.alert_message.desc",
2179         FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
2180         "Alert message description", HFILL }
2181     },
2182     { &hf_dtls_handshake_protocol,
2183       { "Handshake Protocol", "dtls.handshake",
2184         FT_NONE, BASE_NONE, NULL, 0x0,
2185         "Handshake protocol message", HFILL}
2186     },
2187     { &hf_dtls_handshake_type,
2188       { "Handshake Type", "dtls.handshake.type",
2189         FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
2190         "Type of handshake message", HFILL}
2191     },
2192     { &hf_dtls_handshake_length,
2193       { "Length", "dtls.handshake.length",
2194         FT_UINT24, BASE_DEC, NULL, 0x0,
2195         "Length of handshake message", HFILL }
2196     },
2197     { &hf_dtls_handshake_message_seq,
2198       { "Message Sequence", "dtls.handshake.message_seq",
2199         FT_UINT16, BASE_DEC, NULL, 0x0,
2200         "Message sequence of handshake message", HFILL }
2201     },
2202     { &hf_dtls_handshake_fragment_offset,
2203       { "Fragment Offset", "dtls.handshake.fragment_offset",
2204         FT_UINT24, BASE_DEC, NULL, 0x0,
2205         "Fragment offset of handshake message", HFILL }
2206     },
2207     { &hf_dtls_handshake_fragment_length,
2208       { "Fragment Length", "dtls.handshake.fragment_length",
2209         FT_UINT24, BASE_DEC, NULL, 0x0,
2210         "Fragment length of handshake message", HFILL }
2211     },
2212     { &hf_dtls_handshake_client_version,
2213       { "Version", "dtls.handshake.client_version",
2214         FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2215         "Maximum version supported by client", HFILL }
2216     },
2217     { &hf_dtls_handshake_server_version,
2218       { "Version", "dtls.handshake.server_version",
2219         FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2220         "Version selected by server", HFILL }
2221     },
2222     { &hf_dtls_handshake_random_time,
2223       { "Random.gmt_unix_time", "dtls.handshake.random_time",
2224         FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
2225         "Unix time field of random structure", HFILL }
2226     },
2227     { &hf_dtls_handshake_random_bytes,
2228       { "Random.bytes", "dtls.handshake.random",
2229         FT_NONE, BASE_NONE, NULL, 0x0,
2230         "Random challenge used to authenticate server", HFILL }
2231     },
2232     { &hf_dtls_handshake_cipher_suites_len,
2233       { "Cipher Suites Length", "dtls.handshake.cipher_suites_length",
2234         FT_UINT16, BASE_DEC, NULL, 0x0,
2235         "Length of cipher suites field", HFILL }
2236     },
2237     { &hf_dtls_handshake_cipher_suites,
2238       { "Cipher Suites", "dtls.handshake.ciphersuites",
2239         FT_NONE, BASE_NONE, NULL, 0x0,
2240         "List of cipher suites supported by client", HFILL }
2241     },
2242     { &hf_dtls_handshake_cipher_suite,
2243       { "Cipher Suite", "dtls.handshake.ciphersuite",
2244         FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0,
2245         NULL, HFILL }
2246     },
2247     { &hf_dtls_handshake_cookie_len,
2248       { "Cookie Length", "dtls.handshake.cookie_length",
2249         FT_UINT8, BASE_DEC, NULL, 0x0,
2250         "Length of the cookie field", HFILL }
2251     },
2252     { &hf_dtls_handshake_cookie,
2253       { "Cookie", "dtls.handshake.cookie",
2254         FT_BYTES, BASE_NONE, NULL, 0x0,
2255         NULL, HFILL }
2256     },
2257     { &hf_dtls_handshake_session_id,
2258       { "Session ID", "dtls.handshake.session_id",
2259         FT_BYTES, BASE_NONE, NULL, 0x0,
2260         "Identifies the DTLS session, allowing later resumption", HFILL }
2261     },
2262     { &hf_dtls_handshake_comp_methods_len,
2263       { "Compression Methods Length", "dtls.handshake.comp_methods_length",
2264         FT_UINT8, BASE_DEC, NULL, 0x0,
2265         "Length of compression methods field", HFILL }
2266     },
2267     { &hf_dtls_handshake_comp_methods,
2268       { "Compression Methods", "dtls.handshake.comp_methods",
2269         FT_NONE, BASE_NONE, NULL, 0x0,
2270         "List of compression methods supported by client", HFILL }
2271     },
2272     { &hf_dtls_handshake_comp_method,
2273       { "Compression Method", "dtls.handshake.comp_method",
2274         FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
2275         NULL, HFILL }
2276     },
2277     { &hf_dtls_handshake_extensions_len,
2278       { "Extensions Length", "dtls.handshake.extensions_length",
2279         FT_UINT16, BASE_DEC, NULL, 0x0,
2280         "Length of hello extensions", HFILL }
2281     },
2282     { &hf_dtls_handshake_extension_type,
2283       { "Type", "dtls.handshake.extension.type",
2284         FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0,
2285         "Hello extension type", HFILL }
2286     },
2287     { &hf_dtls_handshake_extension_len,
2288       { "Length", "dtls.handshake.extension.len",
2289         FT_UINT16, BASE_DEC, NULL, 0x0,
2290         "Length of a hello extension", HFILL }
2291     },
2292     { &hf_dtls_handshake_extension_data,
2293       { "Data", "dtls.handshake.extension.data",
2294         FT_BYTES, BASE_NONE, NULL, 0x0,
2295         "Hello Extension data", HFILL }
2296     },
2297     { &hf_dtls_handshake_certificates_len,
2298       { "Certificates Length", "dtls.handshake.certificates_length",
2299         FT_UINT24, BASE_DEC, NULL, 0x0,
2300         "Length of certificates field", HFILL }
2301     },
2302     { &hf_dtls_handshake_certificates,
2303       { "Certificates", "dtls.handshake.certificates",
2304         FT_NONE, BASE_NONE, NULL, 0x0,
2305         "List of certificates", HFILL }
2306     },
2307     { &hf_dtls_handshake_certificate,
2308       { "Certificate", "dtls.handshake.certificate",
2309         FT_BYTES, BASE_NONE, NULL, 0x0,
2310         NULL, HFILL }
2311     },
2312     { &hf_dtls_handshake_certificate_len,
2313       { "Certificate Length", "dtls.handshake.certificate_length",
2314         FT_UINT24, BASE_DEC, NULL, 0x0,
2315         "Length of certificate", HFILL }
2316     },
2317     { &hf_dtls_handshake_cert_types_count,
2318       { "Certificate types count", "dtls.handshake.cert_types_count",
2319         FT_UINT8, BASE_DEC, NULL, 0x0,
2320         "Count of certificate types", HFILL }
2321     },
2322     { &hf_dtls_handshake_cert_types,
2323       { "Certificate types", "dtls.handshake.cert_types",
2324         FT_NONE, BASE_NONE, NULL, 0x0,
2325         "List of certificate types", HFILL }
2326     },
2327     { &hf_dtls_handshake_cert_type,
2328       { "Certificate type", "dtls.handshake.cert_type",
2329         FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
2330         NULL, HFILL }
2331     },
2332     { &hf_dtls_handshake_finished,
2333       { "Verify Data", "dtls.handshake.verify_data",
2334         FT_NONE, BASE_NONE, NULL, 0x0,
2335         "Opaque verification data", HFILL }
2336     },
2337     { &hf_dtls_handshake_md5_hash,
2338       { "MD5 Hash", "dtls.handshake.md5_hash",
2339         FT_NONE, BASE_NONE, NULL, 0x0,
2340         "Hash of messages, master_secret, etc.", HFILL }
2341     },
2342     { &hf_dtls_handshake_sha_hash,
2343       { "SHA-1 Hash", "dtls.handshake.sha_hash",
2344         FT_NONE, BASE_NONE, NULL, 0x0,
2345         "Hash of messages, master_secret, etc.", HFILL }
2346     },
2347     { &hf_dtls_handshake_session_id_len,
2348       { "Session ID Length", "dtls.handshake.session_id_length",
2349         FT_UINT8, BASE_DEC, NULL, 0x0,
2350         "Length of session ID field", HFILL }
2351     },
2352     { &hf_dtls_handshake_dnames_len,
2353       { "Distinguished Names Length", "dtls.handshake.dnames_len",
2354         FT_UINT16, BASE_DEC, NULL, 0x0,
2355         "Length of list of CAs that server trusts", HFILL }
2356     },
2357     { &hf_dtls_handshake_dnames,
2358       { "Distinguished Names", "dtls.handshake.dnames",
2359         FT_NONE, BASE_NONE, NULL, 0x0,
2360         "List of CAs that server trusts", HFILL }
2361     },
2362     { &hf_dtls_handshake_dname_len,
2363       { "Distinguished Name Length", "dtls.handshake.dname_len",
2364         FT_UINT16, BASE_DEC, NULL, 0x0,
2365         "Length of distinguished name", HFILL }
2366     },
2367     { &hf_dtls_handshake_dname,
2368       { "Distinguished Name", "dtls.handshake.dname",
2369         FT_BYTES, BASE_NONE, NULL, 0x0,
2370         "Distinguished name of a CA that server trusts", HFILL }
2371     },
2372     { &hf_dtls_fragments,
2373       { "Message fragments", "dtls.fragments",
2374         FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL }
2375     },
2376     { &hf_dtls_fragment,
2377       { "Message fragment", "dtls.fragment",
2378         FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL }
2379     },
2380     { &hf_dtls_fragment_overlap,
2381       { "Message fragment overlap", "dtls.fragment.overlap",
2382         FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
2383     },
2384     { &hf_dtls_fragment_overlap_conflicts,
2385       { "Message fragment overlapping with conflicting data",
2386         "dtls.fragment.overlap.conflicts",
2387        FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
2388     },
2389     { &hf_dtls_fragment_multiple_tails,
2390       { "Message has multiple tail fragments",
2391         "dtls.fragment.multiple_tails",
2392         FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
2393     },
2394     { &hf_dtls_fragment_too_long_fragment,
2395       { "Message fragment too long", "dtls.fragment.too_long_fragment",
2396         FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }
2397     },
2398     { &hf_dtls_fragment_error,
2399       { "Message defragmentation error", "dtls.fragment.error",
2400         FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL }
2401     },
2402     { &hf_dtls_fragment_count,
2403       { "Message fragment count", "dtls.fragment.count",
2404         FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
2405     },
2406     { &hf_dtls_reassembled_in,
2407       { "Reassembled in", "dtls.reassembled.in",
2408         FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL }
2409     },
2410     { &hf_dtls_reassembled_length,
2411       { "Reassembled DTLS length", "dtls.reassembled.length",
2412         FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
2413     },
2414   };
2415
2416   /* Setup protocol subtree array */
2417   static gint *ett[] = {
2418     &ett_dtls,
2419     &ett_dtls_record,
2420     &ett_dtls_alert,
2421     &ett_dtls_handshake,
2422     &ett_dtls_cipher_suites,
2423     &ett_dtls_comp_methods,
2424     &ett_dtls_extension,
2425     &ett_dtls_certs,
2426     &ett_dtls_cert_types,
2427     &ett_dtls_dnames,
2428     &ett_dtls_fragment,
2429     &ett_dtls_fragments,
2430   };
2431
2432   /* Register the protocol name and description */
2433   proto_dtls = proto_register_protocol("Datagram Transport Layer Security",
2434                                        "DTLS", "dtls");
2435
2436   /* Required function calls to register the header fields and
2437    * subtrees used */
2438   proto_register_field_array(proto_dtls, hf, array_length(hf));
2439   proto_register_subtree_array(ett, array_length(ett));
2440
2441 #ifdef HAVE_LIBGNUTLS
2442   {
2443     module_t *dtls_module = prefs_register_protocol(proto_dtls, proto_reg_handoff_dtls);
2444
2445     static uat_field_t dtlskeylist_uats_flds[] = {
2446       UAT_FLD_CSTRING_OTHER(sslkeylist_uats, ipaddr, "IP address", ssldecrypt_uat_fld_ip_chk_cb, "IPv4 or IPv6 address"),
2447       UAT_FLD_CSTRING_OTHER(sslkeylist_uats, port, "Port", ssldecrypt_uat_fld_port_chk_cb, "Port Number"),
2448       UAT_FLD_CSTRING_OTHER(sslkeylist_uats, protocol, "Protocol", ssldecrypt_uat_fld_protocol_chk_cb, "Protocol"),
2449       UAT_FLD_FILENAME_OTHER(sslkeylist_uats, keyfile, "Key File", ssldecrypt_uat_fld_fileopen_chk_cb, "Path to the keyfile."),
2450       UAT_FLD_CSTRING_OTHER(sslkeylist_uats, password," Password (p12 file)", ssldecrypt_uat_fld_password_chk_cb, "Password"),
2451       UAT_END_FIELDS
2452     };
2453
2454     dtlsdecrypt_uat = uat_new("DTLS RSA Keylist",
2455                               sizeof(ssldecrypt_assoc_t),
2456                               "dtlsdecrypttablefile",         /* filename */
2457                               TRUE,                           /* from_profile */
2458                               (void*) &dtlskeylist_uats,      /* data_ptr */
2459                               &ndtlsdecrypt,                  /* numitems_ptr */
2460                               UAT_CAT_FFMT,                   /* category */
2461                               "ChK12ProtocolsSection",        /* TODO, need revision - help */
2462                               dtlsdecrypt_copy_cb,
2463                               NULL, /* dtlsdecrypt_update_cb? */
2464                               dtlsdecrypt_free_cb,
2465                               dtls_parse_uat,
2466                               dtlskeylist_uats_flds);
2467
2468     prefs_register_uat_preference(dtls_module, "cfg",
2469                                   "RSA keys list",
2470                                   "A table of RSA keys for DTLS decryption",
2471                                   dtlsdecrypt_uat);
2472
2473     prefs_register_string_preference(dtls_module, "debug_file", "DTLS debug file",
2474                                      "redirect dtls debug to file name; leave empty to disable debug, "
2475                                      "use \"" SSL_DEBUG_USE_STDERR "\" to redirect output to stderr\n",
2476                                      (const gchar **)&dtls_debug_file_name);
2477
2478     prefs_register_string_preference(dtls_module, "keys_list", "RSA keys list (deprecated)",
2479                                      "Semicolon-separated list of private RSA keys used for DTLS decryption. "
2480                                      "Used by versions of Wireshark prior to 1.6",
2481                                      (const gchar **)&dtls_keys_list);
2482
2483   }
2484 #endif
2485
2486   register_dissector("dtls", dissect_dtls, proto_dtls);
2487   dtls_handle = find_dissector("dtls");
2488
2489   dtls_associations = g_tree_new(ssl_association_cmp);
2490
2491   register_init_routine(dtls_init);
2492   ssl_lib_init();
2493   dtls_tap = register_tap("dtls");
2494   ssl_debug_printf("proto_register_dtls: registered tap %s:%d\n",
2495                    "dtls", dtls_tap);
2496
2497   register_heur_dissector_list("dtls", &heur_subdissector_list);
2498 }
2499
2500
2501 /* If this dissector uses sub-dissector registration add a registration
2502  * routine.  This format is required because a script is used to find
2503  * these routines and create the code that calls these routines.
2504  */
2505 void
2506 proto_reg_handoff_dtls(void)
2507 {
2508   static gboolean initialized = FALSE;
2509
2510   /* add now dissector to default ports.*/
2511   dtls_parse_uat();
2512   dtls_parse_old_keys();
2513
2514   if (initialized == FALSE)
2515     heur_dissector_add("udp", dissect_dtls_heur, proto_dtls);
2516
2517   initialized = TRUE;
2518 }