2 * Routines for ssl dissection
3 * Copyright (c) 2000-2001, Scott Renfro <scott@renfro.org>
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 * http://www.netscape.com/eng/security/SSL_2.html
33 * http://www.netscape.com/eng/ssl3/
37 * See RFC 2246 for SSL 3.1/TLS 1.0 specs.
39 * See (among other places)
41 * http://www.graphcomp.com/info/specs/ms/pct.htm
43 * for PCT 1 draft specs.
47 * http://research.sun.com/projects/crypto/draft-ietf-tls-ecc-05.txt
49 * for Elliptic Curve Cryptography cipher suites.
53 * http://www.ietf.org/internet-drafts/draft-ietf-tls-camellia-04.txt
55 * for Camellia-based cipher suites.
59 * - Does not support dissection
60 * of frames that would require state maintained between frames
61 * (e.g., single ssl records spread across multiple tcp frames)
63 * - Identifies, but does not fully dissect the following messages:
65 * - SSLv3/TLS (These need more state from previous handshake msgs)
66 * - Server Key Exchange
67 * - Client Key Exchange
68 * - Certificate Verify
70 * - SSLv2 (These don't appear in the clear)
75 * - Request Certificate
76 * - Client Certificate
78 * - Decryption is supported only for session that use RSA key exchange,
79 * if the host private key is provided via preference.
81 * - Decryption need to be performed 'sequentially', so it's done
82 * at packet reception time. This may cause a significative packet capture
83 * slow down. This also cause do dissect some ssl info that in previous
84 * dissector version were dissected only when a proto_tree context was
87 * We are at Packet reception if time pinfo->fd->flags.visited == 0
99 #include <sys/types.h>
100 #ifdef HAVE_SYS_SOCKET_H
101 #include <sys/socket.h>
106 #include <epan/conversation.h>
107 #include <epan/prefs.h>
108 #include <epan/inet_v6defs.h>
109 #include <epan/dissectors/packet-x509af.h>
110 #include <epan/emem.h>
111 #include <epan/tap.h>
112 #include "packet-ssl.h"
113 #include "packet-ssl-utils.h"
116 static gboolean ssl_desegment = TRUE;
117 static gboolean ssl_desegment_app_data = TRUE;
120 /*********************************************************************
122 * Protocol Constants, Variables, Data Structures
124 *********************************************************************/
126 /* Initialize the protocol and registered fields */
127 static gint ssl_tap = -1;
128 static gint proto_ssl = -1;
129 static gint hf_ssl_record = -1;
130 static gint hf_ssl_record_content_type = -1;
131 static gint hf_ssl_record_version = -1;
132 static gint hf_ssl_record_length = -1;
133 static gint hf_ssl_record_appdata = -1;
134 static gint hf_ssl2_record = -1;
135 static gint hf_ssl2_record_is_escape = -1;
136 static gint hf_ssl2_record_padding_length = -1;
137 static gint hf_ssl2_msg_type = -1;
138 static gint hf_pct_msg_type = -1;
139 static gint hf_ssl_change_cipher_spec = -1;
140 static gint hf_ssl_alert_message = -1;
141 static gint hf_ssl_alert_message_level = -1;
142 static gint hf_ssl_alert_message_description = -1;
143 static gint hf_ssl_handshake_protocol = -1;
144 static gint hf_ssl_handshake_type = -1;
145 static gint hf_ssl_handshake_length = -1;
146 static gint hf_ssl_handshake_client_version = -1;
147 static gint hf_ssl_handshake_server_version = -1;
148 static gint hf_ssl_handshake_random_time = -1;
149 static gint hf_ssl_handshake_random_bytes = -1;
150 static gint hf_ssl_handshake_cipher_suites_len = -1;
151 static gint hf_ssl_handshake_cipher_suites = -1;
152 static gint hf_ssl_handshake_cipher_suite = -1;
153 static gint hf_ssl_handshake_session_id = -1;
154 static gint hf_ssl_handshake_comp_methods_len = -1;
155 static gint hf_ssl_handshake_comp_methods = -1;
156 static gint hf_ssl_handshake_comp_method = -1;
157 static gint hf_ssl_handshake_extensions_len = -1;
158 static gint hf_ssl_handshake_extension_type = -1;
159 static gint hf_ssl_handshake_extension_len = -1;
160 static gint hf_ssl_handshake_extension_data = -1;
161 static gint hf_ssl_handshake_certificates_len = -1;
162 static gint hf_ssl_handshake_certificates = -1;
163 static gint hf_ssl_handshake_certificate = -1;
164 static gint hf_ssl_handshake_certificate_len = -1;
165 static gint hf_ssl_handshake_cert_types_count = -1;
166 static gint hf_ssl_handshake_cert_types = -1;
167 static gint hf_ssl_handshake_cert_type = -1;
168 static gint hf_ssl_handshake_finished = -1;
169 static gint hf_ssl_handshake_md5_hash = -1;
170 static gint hf_ssl_handshake_sha_hash = -1;
171 static gint hf_ssl_handshake_session_id_len = -1;
172 static gint hf_ssl_handshake_dnames_len = -1;
173 static gint hf_ssl_handshake_dnames = -1;
174 static gint hf_ssl_handshake_dname_len = -1;
175 static gint hf_ssl_handshake_dname = -1;
176 static gint hf_ssl2_handshake_cipher_spec_len = -1;
177 static gint hf_ssl2_handshake_session_id_len = -1;
178 static gint hf_ssl2_handshake_challenge_len = -1;
179 static gint hf_ssl2_handshake_cipher_spec = -1;
180 static gint hf_ssl2_handshake_challenge = -1;
181 static gint hf_ssl2_handshake_clear_key_len = -1;
182 static gint hf_ssl2_handshake_enc_key_len = -1;
183 static gint hf_ssl2_handshake_key_arg_len = -1;
184 static gint hf_ssl2_handshake_clear_key = -1;
185 static gint hf_ssl2_handshake_enc_key = -1;
186 static gint hf_ssl2_handshake_key_arg = -1;
187 static gint hf_ssl2_handshake_session_id_hit = -1;
188 static gint hf_ssl2_handshake_cert_type = -1;
189 static gint hf_ssl2_handshake_connection_id_len = -1;
190 static gint hf_ssl2_handshake_connection_id = -1;
191 static gint hf_pct_handshake_cipher_spec = -1;
192 static gint hf_pct_handshake_hash_spec = -1;
193 static gint hf_pct_handshake_cert_spec = -1;
194 static gint hf_pct_handshake_cert = -1;
195 static gint hf_pct_handshake_server_cert = -1;
196 static gint hf_pct_handshake_exch_spec = -1;
197 static gint hf_pct_handshake_hash = -1;
198 static gint hf_pct_handshake_cipher = -1;
199 static gint hf_pct_handshake_exch = -1;
200 static gint hf_pct_handshake_sig = -1;
201 static gint hf_pct_msg_error_type = -1;
203 /* Initialize the subtree pointers */
204 static gint ett_ssl = -1;
205 static gint ett_ssl_record = -1;
206 static gint ett_ssl_alert = -1;
207 static gint ett_ssl_handshake = -1;
208 static gint ett_ssl_cipher_suites = -1;
209 static gint ett_ssl_comp_methods = -1;
210 static gint ett_ssl_extension = -1;
211 static gint ett_ssl_certs = -1;
212 static gint ett_ssl_cert_types = -1;
213 static gint ett_ssl_dnames = -1;
214 static gint ett_ssl_random = -1;
215 static gint ett_pct_cipher_suites = -1;
216 static gint ett_pct_hash_suites = -1;
217 static gint ett_pct_cert_suites = -1;
218 static gint ett_pct_exch_suites = -1;
220 static GHashTable *ssl_session_hash = NULL;
221 static GHashTable *ssl_key_hash = NULL;
222 static GTree* ssl_associations = NULL;
223 static dissector_handle_t ssl_handle = NULL;
224 static StringInfo ssl_decrypted_data = {NULL, 0};
225 static gint ssl_decrypted_data_avail = 0;
227 static gchar* ssl_keys_list = NULL;
228 static gchar* ssl_debug_file_name = NULL;
230 /* Forward declaration we need below */
231 void proto_reg_handoff_ssl(void);
233 /* initialize/reset per capture state data (ssl sessions cache) */
237 ssl_common_init(&ssl_session_hash, &ssl_decrypted_data);
240 /* parse ssl related preferences (private keys and ports association strings) */
244 ep_stack_t tmp_stack;
245 SslAssociation *tmp_assoc;
247 ssl_set_debug(ssl_debug_file_name);
251 g_hash_table_foreach(ssl_key_hash, ssl_private_key_free, NULL);
252 g_hash_table_destroy(ssl_key_hash);
255 /* remove only associations created from key list */
256 tmp_stack = ep_stack_new();
257 g_tree_traverse(ssl_associations, ssl_assoc_from_key_list, G_IN_ORDER, tmp_stack);
258 while ((tmp_assoc = ep_stack_pop(tmp_stack)) != NULL) {
259 ssl_association_remove(ssl_associations, tmp_assoc);
262 /* parse private keys string, load available keys and put them in key hash*/
263 ssl_key_hash = g_hash_table_new(ssl_private_key_hash,ssl_private_key_equal);
265 if (ssl_keys_list && (ssl_keys_list[0] != 0))
267 ssl_parse_key_list(ssl_keys_list,ssl_key_hash,ssl_associations,ssl_handle,TRUE);
272 /* function that save app_data during sub protocol reassembling */
274 ssl_add_app_data(SslDecryptSession* ssl, guchar* data, gint data_len){
276 app=&ssl->app_data_segment;
278 if(app->data_len!=0){
281 tmp=g_malloc(app->data_len);
282 tmp_len=app->data_len;
283 memcpy(tmp,app->data,app->data_len);
287 app->data=g_malloc(tmp_len+data_len);
288 app->data_len=tmp_len+data_len;
289 memcpy(app->data,tmp,tmp_len);
291 memcpy(app->data+tmp_len, data,data_len);
297 app->data=g_malloc(data_len);
298 app->data_len=data_len;
299 memcpy(app->data,data,data_len);
304 ssl_desegment_ssl_app_data(SslDecryptSession * ssl, packet_info *pinfo){
306 SslAssociation* association;
308 pi = p_get_proto_data(pinfo->fd, proto_ssl);
309 if (pi && pi->app_data.data)
313 /* find out a dissector using server port*/
314 association = ssl_association_find(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP);
315 association = association ? association: ssl_association_find(ssl_associations, pinfo->destport, pinfo->ptype == PT_TCP);
316 /* create a copy of packet_info */
317 pp=g_malloc(sizeof(packet_info));
318 memcpy(pp, pinfo, sizeof(packet_info));
320 if (association && association->handle) {
321 /* it's the first SS segmented packet */
322 if(ssl->app_data_segment.data==NULL){
323 /* create new tvbuff for the decrypted data */
324 new_tvb = tvb_new_real_data(pi->app_data.data,
325 pi->app_data.data_len, pi->app_data.data_len);
326 tvb_set_free_cb(new_tvb, g_free);
327 /* we allow subdissector to tell us more bytes */
329 /* subdissector call */
330 call_dissector(association->handle, new_tvb, pp, NULL);
331 /* if the dissector need more bytes */
332 if(pp->desegment_len>0){
333 /* we save the actual data to reuse them later */
334 ssl_add_app_data(ssl, pi->app_data.data, pi->app_data.data_len);
335 /* we remove data to forbid subdissection */
336 p_remove_proto_data(pinfo->fd, proto_ssl);
337 /* update of COL_INFO */
338 if (check_col(pinfo->cinfo, COL_INFO)){
339 col_append_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]");
340 pinfo->cinfo->writable=FALSE;
347 /* it isn't the first SSL segmented packet */
348 /* we add actual data to reuse them later */
349 ssl_add_app_data(ssl, pi->app_data.data, pi->app_data.data_len);
350 /* create new tvbuff for the decrypted data */
351 new_tvb = tvb_new_real_data(ssl->app_data_segment.data,
352 ssl->app_data_segment.data_len,
353 ssl->app_data_segment.data_len);
354 tvb_set_free_cb(new_tvb, g_free);
355 /* we allow subdissector to tell us more bytes */
357 /* subdissector call */
358 call_dissector(association->handle, new_tvb, pp, NULL);
359 /* if the dissector need more bytes */
360 if(pp->desegment_len>0){
361 /* we remove data to forbid subdissection */
362 p_remove_proto_data(pinfo->fd, proto_ssl);
363 /* update of COL_INFO */
364 if (check_col(pinfo->cinfo, COL_INFO)){
365 col_append_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]");
366 pinfo->cinfo->writable=FALSE;
372 /* we create SslPacketInfo to save data */
373 pi2=g_malloc(sizeof(SslPacketInfo));
374 pi2->app_data.data=g_malloc(ssl->app_data_segment.data_len);
375 memcpy(pi2->app_data.data,ssl->app_data_segment.data,ssl->app_data_segment.data_len);
376 pi2->app_data.data_len=ssl->app_data_segment.data_len;
378 /* we remove data if it's useful */
379 p_remove_proto_data(pinfo->fd, proto_ssl);
380 /* we add reassembled subprotocol data */
381 p_add_proto_data(pinfo->fd, proto_ssl, pi2);
382 /* we delete saved app_data */
383 if(ssl->app_data_segment.data)
384 g_free(ssl->app_data_segment.data);
385 ssl->app_data_segment.data=NULL;
386 ssl->app_data_segment.data_len=0;
389 /* we delete pp structure */
397 /*********************************************************************
399 * Forward Declarations
401 *********************************************************************/
404 * SSL version 3 and TLS dissectors
407 /* record layer dissector */
408 static gint dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
409 proto_tree *tree, guint32 offset,
411 gboolean *need_desegmentation,
412 SslDecryptSession *conv_data);
414 /* change cipher spec dissector */
415 static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
418 guint *conv_version, guint8 content_type);
420 /* alert message dissector */
421 static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
422 proto_tree *tree, guint32 offset,
423 guint *conv_version);
425 /* handshake protocol dissector */
426 static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
427 proto_tree *tree, guint32 offset,
428 guint32 record_length,
430 SslDecryptSession *conv_data, guint8 content_type);
433 static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
435 guint32 offset, guint32 length,
436 SslDecryptSession* ssl);
438 static void dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
440 guint32 offset, guint32 length,
441 SslDecryptSession* ssl);
443 static void dissect_ssl3_hnd_cert(tvbuff_t *tvb,
444 proto_tree *tree, guint32 offset, packet_info *pinfo);
446 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
450 static void dissect_ssl3_hnd_finished(tvbuff_t *tvb,
453 guint* conv_version);
457 * SSL version 2 dissectors
461 /* record layer dissector */
462 static gint dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
463 proto_tree *tree, guint32 offset,
465 gboolean *need_desegmentation,
466 SslDecryptSession* ssl);
468 /* client hello dissector */
469 static void dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
472 SslDecryptSession* ssl);
474 static void dissect_pct_msg_client_hello(tvbuff_t *tvb,
478 /* client master key dissector */
479 static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
482 static void dissect_pct_msg_client_master_key(tvbuff_t *tvb,
486 /* server hello dissector */
487 static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
489 guint32 offset, packet_info *pinfo);
490 static void dissect_pct_msg_server_hello(tvbuff_t *tvb,
492 guint32 offset, packet_info *pinfo);
495 static void dissect_pct_msg_server_verify(tvbuff_t *tvb,
499 static void dissect_pct_msg_error(tvbuff_t *tvb,
507 /*static void ssl_set_conv_version(packet_info *pinfo, guint version);*/
508 static gint ssl_is_valid_handshake_type(guint8 type);
509 static gint ssl_is_valid_ssl_version(guint16 version);
510 static gint ssl_is_authoritative_version_message(guint8 content_type,
512 static gint ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset);
513 static gint ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset);
514 static gint ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset);
515 static gint ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb,
517 guint32 record_length);
518 static gint ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb,
520 guint32 record_length);
521 /*********************************************************************
525 *********************************************************************/
527 * Code to actually dissect the packets
530 dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
533 conversation_t *conversation;
536 proto_tree *ssl_tree;
538 gboolean first_record_in_frame;
539 gboolean need_desegmentation;
540 SslDecryptSession* ssl_session;
545 first_record_in_frame = TRUE;
548 ssl_debug_printf("dissect_ssl enter frame #%u\n", pinfo->fd->num);
550 /* Track the version using conversations to reduce the
551 * chance that a packet that simply *looks* like a v2 or
552 * v3 packet is dissected improperly. This also allows
553 * us to more frequently set the protocol column properly
554 * for continuation data frames.
556 * Also: We use the copy in conv_version as our cached copy,
557 * so that we don't have to search the conversation
558 * table every time we want the version; when setting
559 * the conv_version, must set the copy in the conversation
560 * in addition to conv_version
562 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
563 pinfo->srcport, pinfo->destport, 0);
567 /* create a new conversation */
568 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
569 pinfo->srcport, pinfo->destport, 0);
571 conv_data = conversation_get_proto_data(conversation, proto_ssl);
573 /* PAOLO: manage ssl decryption data */
574 /*get a valid ssl session pointer*/
575 if (conv_data != NULL)
576 ssl_session = conv_data;
580 ssl_session = se_alloc0(sizeof(SslDecryptSession));
581 ssl_session_init(ssl_session);
582 ssl_session->version = SSL_VER_UNKNOWN;
583 conversation_add_proto_data(conversation, proto_ssl, ssl_session);
585 /* we need to know witch side of conversation is speaking*/
586 if (ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP)) {
587 dummy.addr = pinfo->src;
588 dummy.port = pinfo->srcport;
591 dummy.addr = pinfo->dst;
592 dummy.port = pinfo->destport;
594 ssl_debug_printf("dissect_ssl server %hhu.%hhu.%hhu.%hhu:%u\n",
596 dummy.addr.data[1],dummy.addr.data[2],
597 dummy.addr.data[3],dummy.port);
599 /* try to retrive private key for this service. Do it now 'cause pinfo
600 * is not always available
601 * Note that with HAVE_LIBGNUTLS undefined private_key is allways 0
602 * and thus decryption never engaged*/
603 ssl_session->private_key = g_hash_table_lookup(ssl_key_hash, &dummy);
604 if (!ssl_session->private_key)
605 ssl_debug_printf("dissect_ssl can't find private key for this server!\n");
607 conv_version= & ssl_session->version;
609 /* try decryption only the first time we see this packet
610 * (to keep cipher syncronized)and only if we have
611 * the server private key*/
612 if (!ssl_session->private_key || pinfo->fd->flags.visited)
615 /* Initialize the protocol column; we'll set it later when we
616 * figure out what flavor of SSL it is (assuming we don't
617 * throw an exception before we get the chance to do so). */
618 if (check_col(pinfo->cinfo, COL_PROTOCOL))
620 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSL");
622 /* clear the the info column */
623 if (check_col(pinfo->cinfo, COL_INFO))
624 col_clear(pinfo->cinfo, COL_INFO);
626 /* TCP packets and SSL records are orthogonal.
627 * A tcp packet may contain multiple ssl records and an ssl
628 * record may be spread across multiple tcp packets.
630 * This loop accounts for multiple ssl records in a single
631 * frame, but not a single ssl record across multiple tcp
634 * Handling the single ssl record across multiple packets
635 * may be possible using ethereal conversations, but
636 * probably not cleanly. May have to wait for tcp stream
640 /* Create display subtree for SSL as a whole */
643 ti = proto_tree_add_item(tree, proto_ssl, tvb, 0, -1, FALSE);
644 ssl_tree = proto_item_add_subtree(ti, ett_ssl);
646 /* iterate through the records in this tvbuff */
647 while (tvb_reported_length_remaining(tvb, offset) != 0)
649 /* on second and subsequent records per frame
650 * add a delimiter on info column
652 if (!first_record_in_frame
653 && check_col(pinfo->cinfo, COL_INFO))
655 col_append_str(pinfo->cinfo, COL_INFO, ", ");
659 * Assume, for now, that this doesn't need desegmentation.
661 need_desegmentation = FALSE;
663 /* first try to dispatch off the cached version
664 * known to be associated with the conversation
666 switch(*conv_version) {
669 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
670 offset, conv_version,
671 &need_desegmentation,
677 /* the version tracking code works too well ;-)
678 * at times, we may visit a v2 client hello after
679 * we already know the version of the connection;
680 * work around that here by detecting and calling
681 * the v2 dissector instead
683 if (ssl_is_v2_client_hello(tvb, offset))
685 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
686 offset, conv_version,
687 &need_desegmentation,
692 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
693 offset, conv_version,
694 &need_desegmentation,
699 /* that failed, so apply some heuristics based
700 * on this individual packet
703 if (ssl_looks_like_sslv2(tvb, offset))
705 /* looks like sslv2 or pct client hello */
706 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
707 offset, conv_version,
708 &need_desegmentation,
711 else if (ssl_looks_like_sslv3(tvb, offset))
713 /* looks like sslv3 or tls */
714 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
715 offset, conv_version,
716 &need_desegmentation,
721 /* looks like something unknown, so lump into
724 offset = tvb_length(tvb);
725 if (check_col(pinfo->cinfo, COL_INFO))
726 col_append_str(pinfo->cinfo, COL_INFO,
727 "Continuation Data");
729 /* Set the protocol column */
730 if (check_col(pinfo->cinfo, COL_PROTOCOL))
732 col_set_str(pinfo->cinfo, COL_PROTOCOL,
733 ssl_version_short_names[*conv_version]);
739 /* Desegmentation return check */
740 if (need_desegmentation)
742 /* set up for next record in frame, if any */
743 first_record_in_frame = FALSE;
745 tap_queue_packet(ssl_tap, pinfo, (gpointer)proto_ssl);
749 decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
750 guint32 record_length, guint8 content_type, SslDecryptSession* ssl,
751 gboolean save_plaintext)
757 /* if we can decrypt and decryption have success
758 * add decrypted data to this packet info*/
759 ssl_debug_printf("decrypt_ssl3_record: app_data len %d ssl state %X\n",
760 record_length, ssl->state);
761 if (!(ssl->state & SSL_HAVE_SESSION_KEY)) {
762 ssl_debug_printf("decrypt_ssl3_record: no session key\n");
766 /* retrive decoder for this packet direction*/
767 if ((direction = ssl_packet_from_server(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP)) != 0) {
768 ssl_debug_printf("decrypt_ssl3_record: using server decoder\n");
769 decoder = &ssl->server;
772 ssl_debug_printf("decrypt_ssl3_record: using client decoder\n");
773 decoder = &ssl->client;
776 /* ensure we have enough storage space for decrypted data */
777 if (record_length > ssl_decrypted_data.data_len)
779 ssl_debug_printf("decrypt_ssl3_record: allocating %d bytes"
780 " for decrypt data (old len %d)\n",
781 record_length + 32, ssl_decrypted_data.data_len);
782 ssl_decrypted_data.data = g_realloc(ssl_decrypted_data.data,
784 ssl_decrypted_data.data_len = record_length + 32;
787 /* run decryption and add decrypted payload to protocol data, if decryption
789 ssl_decrypted_data_avail = ssl_decrypted_data.data_len;
790 if (ssl_decrypt_record(ssl, decoder,
791 content_type, tvb_get_ptr(tvb, offset, record_length),
792 record_length, ssl_decrypted_data.data, &ssl_decrypted_data_avail) == 0)
794 if (ret && save_plaintext)
797 pi = p_get_proto_data(pinfo->fd, proto_ssl);
800 ssl_debug_printf("decrypt_ssl3_record: allocating app_data %d "
801 "bytes for app data\n", ssl_decrypted_data_avail);
802 /* first app data record: allocate and put packet data*/
803 pi = se_alloc0(sizeof(SslPacketInfo));
804 pi->app_data.data = se_alloc(ssl_decrypted_data_avail);
805 pi->app_data.data_len = ssl_decrypted_data_avail;
806 memcpy(pi->app_data.data, ssl_decrypted_data.data, ssl_decrypted_data_avail);
810 /* update previus record*/
811 ssl_debug_printf("decrypt_ssl3_record: reallocating app_data "
812 "%d bytes for app data (total %d appdata bytes)\n",
813 ssl_decrypted_data_avail, pi->app_data.data_len + ssl_decrypted_data_avail);
814 store = se_alloc(pi->app_data.data_len + ssl_decrypted_data_avail);
815 memcpy(store, pi->app_data.data, pi->app_data.data_len);
816 memcpy(&store[pi->app_data.data_len], ssl_decrypted_data.data, ssl_decrypted_data_avail);
817 pi->app_data.data_len += ssl_decrypted_data_avail;
819 /* old decrypted data ptr here appare to be leaked, but it's
820 * collected by emem allocator */
821 pi->app_data.data = store;
823 /* data ptr is changed, so remove old one and re-add the new one*/
824 ssl_debug_printf("decrypt_ssl3_record: removing old app_data ptr\n");
825 p_remove_proto_data(pinfo->fd, proto_ssl);
828 ssl_debug_printf("decrypt_ssl3_record: setting decrypted app_data ptr %p\n",pi);
829 p_add_proto_data(pinfo->fd, proto_ssl, pi);
836 /*********************************************************************
838 * SSL version 3 and TLS Dissection Routines
840 *********************************************************************/
842 dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
843 proto_tree *tree, guint32 offset,
844 guint *conv_version, gboolean *need_desegmentation,
845 SslDecryptSession* ssl)
850 * uint8 major, minor;
855 * change_cipher_spec(20), alert(21), handshake(22),
856 * application_data(23), (255)
861 * ProtocolVersion version;
863 * opaque fragment[TLSPlaintext.length];
866 guint32 record_length;
871 proto_tree *ssl_record_tree;
872 guint32 available_bytes;
874 SslAssociation* association;
876 ssl_record_tree = NULL;
879 available_bytes = tvb_length_remaining(tvb, offset);
882 * Can we do reassembly?
884 if (ssl_desegment && pinfo->can_desegment) {
886 * Yes - is the record header split across segment boundaries?
888 if (available_bytes < 5) {
890 * Yes. Tell the TCP dissector where the data for this
891 * message starts in the data it handed us, and how many
892 * more bytes we need, and return.
894 pinfo->desegment_offset = offset;
895 pinfo->desegment_len = 5 - available_bytes;
896 *need_desegmentation = TRUE;
902 * Get the record layer fields of interest
904 content_type = tvb_get_guint8(tvb, offset);
905 version = tvb_get_ntohs(tvb, offset + 1);
906 record_length = tvb_get_ntohs(tvb, offset + 3);
908 if (ssl_is_valid_content_type(content_type)) {
911 * Can we do reassembly?
913 if (ssl_desegment && pinfo->can_desegment) {
915 * Yes - is the record split across segment boundaries?
917 if (available_bytes < record_length + 5) {
919 * Yes. Tell the TCP dissector where the data for this
920 * message starts in the data it handed us, and how many
921 * more bytes we need, and return.
923 pinfo->desegment_offset = offset;
924 pinfo->desegment_len = (record_length + 5) - available_bytes;
925 *need_desegmentation = TRUE;
932 /* if we don't have a valid content_type, there's no sense
933 * continuing any further
935 if (check_col(pinfo->cinfo, COL_INFO))
936 col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
938 /* Set the protocol column */
939 if (check_col(pinfo->cinfo, COL_PROTOCOL))
941 col_set_str(pinfo->cinfo, COL_PROTOCOL,
942 ssl_version_short_names[*conv_version]);
944 return offset + 5 + record_length;
948 * If GUI, fill in record layer part of tree
953 /* add the record layer subtree header */
954 tvb_ensure_bytes_exist(tvb, offset, 5 + record_length);
955 ti = proto_tree_add_item(tree, hf_ssl_record, tvb,
956 offset, 5 + record_length, 0);
957 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
962 /* show the one-byte content type */
963 proto_tree_add_item(ssl_record_tree, hf_ssl_record_content_type,
967 /* add the version */
968 proto_tree_add_item(ssl_record_tree, hf_ssl_record_version, tvb,
973 proto_tree_add_uint(ssl_record_tree, hf_ssl_record_length, tvb,
974 offset, 2, record_length);
975 offset += 2; /* move past length field itself */
979 /* if no GUI tree, then just skip over those fields */
985 * if we don't already have a version set for this conversation,
986 * but this message's version is authoritative (i.e., it's
987 * not client_hello, then save the version to to conversation
988 * structure and print the column version
990 next_byte = tvb_get_guint8(tvb, offset);
991 if (*conv_version == SSL_VER_UNKNOWN
992 && ssl_is_authoritative_version_message(content_type, next_byte))
994 if (version == SSLV3_VERSION)
996 *conv_version = SSL_VER_SSLv3;
998 ssl->version_netorder = version;
999 ssl->state |= SSL_VERSION;
1001 /*ssl_set_conv_version(pinfo, ssl->version);*/
1003 else if (version == TLSV1_VERSION)
1006 *conv_version = SSL_VER_TLS;
1008 ssl->version_netorder = version;
1009 ssl->state |= SSL_VERSION;
1011 /*ssl_set_conv_version(pinfo, ssl->version);*/
1013 else if (version == TLSV1DOT1_VERSION)
1016 *conv_version = SSL_VER_TLSv1DOT1;
1018 ssl->version_netorder = version;
1019 ssl->state |= SSL_VERSION;
1021 /*ssl_set_conv_version(pinfo, ssl->version);*/
1024 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1026 col_set_str(pinfo->cinfo, COL_PROTOCOL,
1027 ssl_version_short_names[*conv_version]);
1031 * now dissect the next layer
1033 ssl_debug_printf("dissect_ssl3_record: content_type %d\n",content_type);
1035 /* PAOLO try to decrypt each record (we must keep ciphers "in sync")
1036 * store plain text only for app data */
1038 switch (content_type) {
1039 case SSL_ID_CHG_CIPHER_SPEC:
1040 if (check_col(pinfo->cinfo, COL_INFO))
1041 col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
1042 dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree,
1043 offset, conv_version, content_type);
1044 ssl_debug_printf("dissect_ssl3_change_cipher_spec\n");
1048 tvbuff_t* decrypted;
1050 if (ssl&&decrypt_ssl3_record(tvb, pinfo, offset,
1051 record_length, content_type, ssl, FALSE))
1052 ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data,
1053 ssl_decrypted_data_avail, offset);
1055 /* try to retrive and use decrypted alert record, if any. */
1056 decrypted = ssl_get_record_info(proto_ssl, pinfo, offset);
1058 dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0,
1061 dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
1065 case SSL_ID_HANDSHAKE:
1067 tvbuff_t* decrypted;
1069 /* try to decrypt handshake record, if possible. Store decrypted
1070 * record for later usage. The offset is used as 'key' to itentify
1071 * this record into the packet (we can have multiple handshake records
1072 * in the same frame) */
1073 if (ssl && decrypt_ssl3_record(tvb, pinfo, offset,
1074 record_length, content_type, ssl, FALSE))
1075 ssl_add_record_info(proto_ssl, pinfo, ssl_decrypted_data.data,
1076 ssl_decrypted_data_avail, offset);
1078 /* try to retrive and use decrypted handshake record, if any. */
1079 decrypted = ssl_get_record_info(proto_ssl, pinfo, offset);
1081 /* add desegmented data to the data source list */
1082 add_new_data_source(pinfo, decrypted, "Decrypted SSL record");
1083 dissect_ssl3_handshake(decrypted, pinfo, ssl_record_tree, 0,
1084 decrypted->length, conv_version, ssl, content_type);
1086 dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
1087 record_length, conv_version, ssl, content_type);
1091 case SSL_ID_APP_DATA:
1093 decrypt_ssl3_record(tvb, pinfo, offset,
1094 record_length, content_type, ssl, TRUE);
1095 /* if application data desegmentation is allowed */
1096 if(ssl_desegment_app_data)
1097 ssl_desegment_ssl_app_data(ssl,pinfo);
1102 /* show on info colum what we are decoding */
1103 if (check_col(pinfo->cinfo, COL_INFO))
1104 col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
1106 if (!ssl_record_tree)
1109 /* we need dissector information when the selected packet is shown.
1110 * ssl session pointer is NULL at that time, so we can't access
1111 * info cached there*/
1112 association = ssl_association_find(ssl_associations, pinfo->srcport, pinfo->ptype == PT_TCP);
1113 association = association ? association: ssl_association_find(ssl_associations, pinfo->destport, pinfo->ptype == PT_TCP);
1115 proto_item_set_text(ssl_record_tree,
1116 "%s Record Layer: %s Protocol: %s",
1117 ssl_version_short_names[*conv_version],
1118 val_to_str(content_type, ssl_31_content_type, "unknown"),
1119 association?association->info:"Application Data");
1122 proto_tree_add_item(ssl_record_tree, hf_ssl_record_appdata, tvb,
1123 offset, record_length, 0);
1125 /* show decrypted data info, if available */
1126 pi = p_get_proto_data(pinfo->fd, proto_ssl);
1127 if (pi && pi->app_data.data && (pi->app_data.data_len > 0))
1131 /* try to dissect decrypted data*/
1132 ssl_debug_printf("dissect_ssl3_record decrypted len %d\n",
1133 pi->app_data.data_len);
1135 /* create new tvbuff for the decrypted data */
1136 new_tvb = tvb_new_real_data(pi->app_data.data,
1137 pi->app_data.data_len, pi->app_data.data_len);
1139 /* add this tvb as a child to the original one */
1140 tvb_set_child_real_data_tvbuff(tvb, new_tvb);
1142 /* add desegmented data to the data source list */
1143 add_new_data_source(pinfo, new_tvb, "Decrypted SSL data");
1145 /* find out a dissector using server port*/
1146 if (association && association->handle) {
1147 ssl_debug_printf("dissect_ssl3_record found association %p\n", association);
1148 ssl_print_text_data("decrypted app data",pi->app_data.data,
1149 pi->app_data.data_len);
1151 call_dissector(association->handle, new_tvb, pinfo, tree?tree->parent:NULL);
1157 /* shouldn't get here since we check above for valid types */
1158 if (check_col(pinfo->cinfo, COL_INFO))
1159 col_append_str(pinfo->cinfo, COL_INFO, "Bad SSLv3 Content Type");
1162 offset += record_length; /* skip to end of record */
1167 /* dissects the change cipher spec procotol, filling in the tree */
1169 dissect_ssl3_change_cipher_spec(tvbuff_t *tvb,
1170 proto_tree *tree, guint32 offset,
1171 guint* conv_version, guint8 content_type)
1175 * enum { change_cipher_spec(1), (255) } type;
1176 * } ChangeCipherSpec;
1181 proto_item_set_text(tree,
1182 "%s Record Layer: %s Protocol: Change Cipher Spec",
1183 ssl_version_short_names[*conv_version],
1184 val_to_str(content_type, ssl_31_content_type, "unknown"));
1185 proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
1186 offset++, 1, FALSE);
1190 /* dissects the alert message, filling in the tree */
1192 dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
1193 proto_tree *tree, guint32 offset,
1194 guint* conv_version)
1198 * AlertDescription description;
1202 proto_tree *ssl_alert_tree;
1206 ssl_alert_tree = NULL;
1209 ti = proto_tree_add_item(tree, hf_ssl_alert_message, tvb,
1211 ssl_alert_tree = proto_item_add_subtree(ti, ett_ssl_alert);
1215 * set the record layer label
1218 /* first lookup the names for the alert level and description */
1219 byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
1220 level = match_strval(byte, ssl_31_alert_level);
1222 byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
1223 desc = match_strval(byte, ssl_31_alert_description);
1225 /* now set the text in the record layer line */
1228 if (check_col(pinfo->cinfo, COL_INFO))
1229 col_append_fstr(pinfo->cinfo, COL_INFO,
1230 "Alert (Level: %s, Description: %s)",
1235 if (check_col(pinfo->cinfo, COL_INFO))
1236 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
1243 proto_item_set_text(tree, "%s Record Layer: Alert "
1244 "(Level: %s, Description: %s)",
1245 ssl_version_short_names[*conv_version],
1247 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
1248 tvb, offset++, 1, FALSE);
1250 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_description,
1251 tvb, offset++, 1, FALSE);
1255 proto_item_set_text(tree,
1256 "%s Record Layer: Encrypted Alert",
1257 ssl_version_short_names[*conv_version]);
1258 proto_item_set_text(ssl_alert_tree,
1259 "Alert Message: Encrypted Alert");
1265 /* dissects the handshake protocol, filling the tree */
1267 dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
1268 proto_tree *tree, guint32 offset,
1269 guint32 record_length, guint *conv_version,
1270 SslDecryptSession* ssl, guint8 content_type)
1273 * HandshakeType msg_type;
1275 * select (HandshakeType) {
1276 * case hello_request: HelloRequest;
1277 * case client_hello: ClientHello;
1278 * case server_hello: ServerHello;
1279 * case certificate: Certificate;
1280 * case server_key_exchange: ServerKeyExchange;
1281 * case certificate_request: CertificateRequest;
1282 * case server_hello_done: ServerHelloDone;
1283 * case certificate_verify: CertificateVerify;
1284 * case client_key_exchange: ClientKeyExchange;
1285 * case finished: Finished;
1290 proto_tree *ssl_hand_tree;
1291 const gchar *msg_type_str;
1294 gboolean first_iteration;
1296 ssl_hand_tree = NULL;
1297 msg_type_str = NULL;
1298 first_iteration = TRUE;
1300 /* just as there can be multiple records per packet, there
1301 * can be multiple messages per record as long as they have
1302 * the same content type
1304 * we really only care about this for handshake messages
1307 /* set record_length to the max offset */
1308 record_length += offset;
1309 while (offset < record_length)
1311 msg_type = tvb_get_guint8(tvb, offset);
1312 msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
1313 length = tvb_get_ntoh24(tvb, offset + 1);
1315 ssl_debug_printf("dissect_ssl3_handshake iteration %d type %d offset %d length %d "
1316 "bytes, remaining %d \n", first_iteration, msg_type, offset, length, record_length);
1317 if (!msg_type_str && !first_iteration)
1319 /* only dissect / report messages if they're
1320 * either the first message in this record
1321 * or they're a valid message type
1326 /* on second and later iterations, add comma to info col */
1327 if (!first_iteration)
1329 if (check_col(pinfo->cinfo, COL_INFO))
1330 col_append_fstr(pinfo->cinfo, COL_INFO, ", ");
1334 * Update our info string
1336 if (check_col(pinfo->cinfo, COL_INFO))
1337 col_append_fstr(pinfo->cinfo, COL_INFO, "%s", (msg_type_str != NULL)
1338 ? msg_type_str : "Encrypted Handshake Message");
1342 /* set the label text on the record layer expanding node */
1343 if (first_iteration)
1345 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
1346 ssl_version_short_names[*conv_version],
1347 val_to_str(content_type, ssl_31_content_type, "unknown"),
1348 (msg_type_str!=NULL) ? msg_type_str :
1349 "Encrypted Handshake Message");
1353 proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s",
1354 ssl_version_short_names[*conv_version],
1355 val_to_str(content_type, ssl_31_content_type, "unknown"),
1356 "Multiple Handshake Messages");
1359 /* add a subtree for the handshake protocol */
1360 ti = proto_tree_add_item(tree, hf_ssl_handshake_protocol, tvb,
1361 offset, length + 4, 0);
1362 ssl_hand_tree = proto_item_add_subtree(ti, ett_ssl_handshake);
1366 /* set the text label on the subtree node */
1367 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s",
1368 (msg_type_str != NULL) ? msg_type_str :
1369 "Encrypted Handshake Message");
1373 /* if we don't have a valid handshake type, just quit dissecting */
1377 /* PAOLO: if we are doing ssl decryption we must dissect some requests type */
1378 if (ssl_hand_tree || ssl)
1380 /* add nodes for the message type and message length */
1382 proto_tree_add_item(ssl_hand_tree, hf_ssl_handshake_type,
1383 tvb, offset, 1, msg_type);
1386 proto_tree_add_uint(ssl_hand_tree, hf_ssl_handshake_length,
1387 tvb, offset, 3, length);
1390 /* now dissect the handshake message, if necessary */
1392 case SSL_HND_HELLO_REQUEST:
1393 /* hello_request has no fields, so nothing to do! */
1396 case SSL_HND_CLIENT_HELLO:
1397 dissect_ssl3_hnd_cli_hello(tvb, ssl_hand_tree, offset, length, ssl);
1400 case SSL_HND_SERVER_HELLO:
1401 dissect_ssl3_hnd_srv_hello(tvb, ssl_hand_tree, offset, length, ssl);
1404 case SSL_HND_CERTIFICATE:
1405 dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset, pinfo);
1408 case SSL_HND_SERVER_KEY_EXCHG:
1412 case SSL_HND_CERT_REQUEST:
1413 dissect_ssl3_hnd_cert_req(tvb, ssl_hand_tree, offset);
1416 case SSL_HND_SVR_HELLO_DONE:
1417 /* server_hello_done has no fields, so nothing to do! */
1420 case SSL_HND_CERT_VERIFY:
1424 case SSL_HND_CLIENT_KEY_EXCHG:
1426 /* PAOLO: here we can have all the data to build session key*/
1427 StringInfo encrypted_pre_master;
1429 guint encrlen, skip;
1436 /* check for required session data */
1437 ssl_debug_printf("dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state %X\n",
1439 if ((ssl->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) !=
1440 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) {
1441 ssl_debug_printf("dissect_ssl3_handshake not enough data to generate key (required %X)\n",
1442 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION));
1446 /* get encrypted data, on tls1 we have to skip two bytes
1447 * (it's the encrypted len and should be equal to record len - 2)
1449 if (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1)
1451 encrlen = tvb_get_ntohs(tvb, offset);
1453 if (encrlen > length - 2)
1455 ssl_debug_printf("dissect_ssl3_handshake wrong encrypted length (%d max %d)\n",
1460 encrypted_pre_master.data = se_alloc(encrlen);
1461 encrypted_pre_master.data_len = encrlen;
1462 tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen);
1464 if (!ssl->private_key) {
1465 ssl_debug_printf("dissect_ssl3_handshake can't find private key\n");
1469 /* go with ssl key processessing; encrypted_pre_master
1470 * will be used for master secret store*/
1471 ret = ssl_decrypt_pre_master_secret(ssl, &encrypted_pre_master, ssl->private_key);
1473 ssl_debug_printf("dissect_ssl3_handshake can't decrypt pre master secret\n");
1476 if (ssl_generate_keyring_material(ssl)<0) {
1477 ssl_debug_printf("dissect_ssl3_handshake can't generate keyring material\n");
1480 ssl->state |= SSL_HAVE_SESSION_KEY;
1481 ssl_save_session(ssl, ssl_session_hash);
1482 ssl_debug_printf("dissect_ssl3_handshake session keys succesfully generated\n");
1486 case SSL_HND_FINISHED:
1487 dissect_ssl3_hnd_finished(tvb, ssl_hand_tree,
1488 offset, conv_version);
1494 offset += 4; /* skip the handshake header when handshake is not processed*/
1497 first_iteration = FALSE; /* set up for next pass, if any */
1502 dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
1503 guint32 offset, SslDecryptSession* ssl, gint from_server)
1505 /* show the client's random challenge */
1506 nstime_t gmt_unix_time;
1507 guint8 session_id_length;
1509 proto_tree *ssl_rnd_tree;
1511 session_id_length = 0;
1515 /* PAOLO: get proper peer information*/
1518 rnd = &ssl->server_random;
1520 rnd = &ssl->client_random;
1522 /* get provided random for keyring generation*/
1523 tvb_memcpy(tvb, rnd->data, offset, 32);
1526 ssl->state |= SSL_SERVER_RANDOM;
1528 ssl->state |= SSL_CLIENT_RANDOM;
1529 ssl_debug_printf("dissect_ssl3_hnd_hello_common found random state %X\n",
1532 session_id_length = tvb_get_guint8(tvb, offset + 32);
1533 /* check stored session id info */
1534 if (from_server && (session_id_length == ssl->session_id.data_len) &&
1535 (tvb_memeql(tvb, offset+33, ssl->session_id.data, session_id_length) == 0))
1537 /* clinet/server id match: try to restore a previous cached session*/
1538 ssl_restore_session(ssl, ssl_session_hash);
1541 tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length);
1542 ssl->session_id.data_len = session_id_length;
1548 ti_rnd = proto_tree_add_text(tree, tvb, offset, 32, "Random");
1549 ssl_rnd_tree = proto_item_add_subtree(ti_rnd, ett_ssl_random);
1552 gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
1553 gmt_unix_time.nsecs = 0;
1554 proto_tree_add_time(ssl_rnd_tree, hf_ssl_handshake_random_time,
1555 tvb, offset, 4, &gmt_unix_time);
1558 /* show the random bytes */
1559 proto_tree_add_item(ssl_rnd_tree, hf_ssl_handshake_random_bytes,
1560 tvb, offset, 28, FALSE);
1563 /* show the session id */
1564 session_id_length = tvb_get_guint8(tvb, offset);
1565 proto_tree_add_item(tree, hf_ssl_handshake_session_id_len,
1566 tvb, offset++, 1, 0);
1567 if (session_id_length > 0)
1569 tvb_ensure_bytes_exist(tvb, offset, session_id_length);
1570 proto_tree_add_bytes_format(tree, hf_ssl_handshake_session_id,
1571 tvb, offset, session_id_length,
1572 tvb_get_ptr(tvb, offset, session_id_length),
1573 "Session ID (%u byte%s)",
1575 plurality(session_id_length, "", "s"));
1576 offset += session_id_length;
1582 return session_id_length+33;
1586 dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb,
1587 proto_tree *tree, guint32 offset, guint32 left)
1589 guint16 extension_length;
1593 proto_tree *ext_tree;
1598 extension_length = tvb_get_ntohs(tvb, offset);
1599 proto_tree_add_uint(tree, hf_ssl_handshake_extensions_len,
1600 tvb, offset, 2, extension_length);
1606 ext_type = tvb_get_ntohs(tvb, offset);
1607 ext_len = tvb_get_ntohs(tvb, offset + 2);
1609 pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len,
1611 val_to_str(ext_type,
1612 tls_hello_extension_types,
1614 ext_tree = proto_item_add_subtree(pi, ett_ssl_extension);
1618 proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_type,
1619 tvb, offset, 2, ext_type);
1622 proto_tree_add_uint(ext_tree, hf_ssl_handshake_extension_len,
1623 tvb, offset, 2, ext_len);
1626 proto_tree_add_bytes_format(ext_tree, hf_ssl_handshake_extension_data,
1627 tvb, offset, ext_len,
1628 tvb_get_ptr(tvb, offset, ext_len),
1630 ext_len, plurality(ext_len, "", "s"));
1632 left -= 2 + 2 + ext_len;
1639 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb,
1640 proto_tree *tree, guint32 offset, guint32 length,
1641 SslDecryptSession*ssl)
1644 * ProtocolVersion client_version;
1646 * SessionID session_id;
1647 * CipherSuite cipher_suites<2..2^16-1>;
1648 * CompressionMethod compression_methods<1..2^8-1>;
1649 * Extension client_hello_extension_list<0..2^16-1>;
1654 proto_tree *cs_tree;
1655 guint16 cipher_suite_length;
1656 guint8 compression_methods_length;
1657 guint8 compression_method;
1658 guint16 start_offset;
1659 cipher_suite_length = 0;
1660 compression_methods_length = 0;
1661 start_offset = offset;
1665 /* show the client version */
1667 proto_tree_add_item(tree, hf_ssl_handshake_client_version, tvb,
1671 /* show the fields in common with server hello */
1672 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 0);
1674 /* tell the user how many cipher suites there are */
1675 cipher_suite_length = tvb_get_ntohs(tvb, offset);
1678 proto_tree_add_uint(tree, hf_ssl_handshake_cipher_suites_len,
1679 tvb, offset, 2, cipher_suite_length);
1680 offset += 2; /* skip opaque length */
1682 if (cipher_suite_length > 0)
1684 tvb_ensure_bytes_exist(tvb, offset, cipher_suite_length);
1685 ti = proto_tree_add_none_format(tree,
1686 hf_ssl_handshake_cipher_suites,
1687 tvb, offset, cipher_suite_length,
1688 "Cipher Suites (%u suite%s)",
1689 cipher_suite_length / 2,
1690 plurality(cipher_suite_length/2, "", "s"));
1692 /* make this a subtree */
1693 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1696 cs_tree = tree; /* failsafe */
1699 while (cipher_suite_length > 0)
1701 proto_tree_add_item(cs_tree, hf_ssl_handshake_cipher_suite,
1702 tvb, offset, 2, FALSE);
1704 cipher_suite_length -= 2;
1708 /* tell the user how man compression methods there are */
1709 compression_methods_length = tvb_get_guint8(tvb, offset);
1710 proto_tree_add_uint(tree, hf_ssl_handshake_comp_methods_len,
1711 tvb, offset, 1, compression_methods_length);
1714 if (compression_methods_length > 0)
1716 tvb_ensure_bytes_exist(tvb, offset, compression_methods_length);
1717 ti = proto_tree_add_none_format(tree,
1718 hf_ssl_handshake_comp_methods,
1719 tvb, offset, compression_methods_length,
1720 "Compression Methods (%u method%s)",
1721 compression_methods_length,
1722 plurality(compression_methods_length,
1725 /* make this a subtree */
1726 cs_tree = proto_item_add_subtree(ti, ett_ssl_comp_methods);
1729 cs_tree = tree; /* failsafe */
1732 while (compression_methods_length > 0)
1734 compression_method = tvb_get_guint8(tvb, offset);
1735 if (compression_method < 64)
1736 proto_tree_add_uint(cs_tree, hf_ssl_handshake_comp_method,
1737 tvb, offset, 1, compression_method);
1738 else if (compression_method > 63 && compression_method < 193)
1739 proto_tree_add_text(cs_tree, tvb, offset, 1,
1740 "Compression Method: Reserved - to be assigned by IANA (%u)",
1741 compression_method);
1743 proto_tree_add_text(cs_tree, tvb, offset, 1,
1744 "Compression Method: Private use range (%u)",
1745 compression_method);
1747 compression_methods_length--;
1751 if (length > offset - start_offset)
1753 offset = dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
1755 (offset - start_offset));
1761 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb,
1762 proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl)
1765 * ProtocolVersion server_version;
1767 * SessionID session_id;
1768 * CipherSuite cipher_suite;
1769 * CompressionMethod compression_method;
1770 * Extension server_hello_extension_list<0..2^16-1>;
1773 guint16 start_offset;
1774 start_offset = offset;
1778 /* show the server version */
1780 proto_tree_add_item(tree, hf_ssl_handshake_server_version, tvb,
1784 /* first display the elements conveniently in
1785 * common with client hello
1787 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset, ssl, 1);
1789 /* PAOLO: handle session cipher suite */
1791 /* store selected cipher suite for decryption */
1792 ssl->cipher = tvb_get_ntohs(tvb, offset);
1793 if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) {
1794 ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher);
1798 ssl->state |= SSL_CIPHER;
1799 ssl_debug_printf("dissect_ssl3_hnd_srv_hello found cipher %X, state %X\n",
1800 ssl->cipher, ssl->state);
1802 /* if we have restored a session now we can have enought material
1803 * to build session key, check it out*/
1805 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) !=
1806 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) {
1807 ssl_debug_printf("dissect_ssl3_hnd_srv_hello not enough data to generate key (required %X)\n",
1808 (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET));
1812 ssl_debug_printf("dissect_ssl3_hnd_srv_hello trying to generate keys\n");
1813 if (ssl_generate_keyring_material(ssl)<0) {
1814 ssl_debug_printf("dissect_ssl3_hnd_srv_hello can't generate keyring material\n");
1817 ssl->state |= SSL_HAVE_SESSION_KEY;
1823 /* now the server-selected cipher suite */
1824 proto_tree_add_item(tree, hf_ssl_handshake_cipher_suite,
1825 tvb, offset, 2, FALSE);
1828 /* and the server-selected compression method */
1829 proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
1830 tvb, offset, 1, FALSE);
1833 if (length > offset - start_offset)
1835 offset = dissect_ssl3_hnd_hello_ext(tvb, tree, offset,
1837 (offset - start_offset));
1843 dissect_ssl3_hnd_cert(tvbuff_t *tvb,
1844 proto_tree *tree, guint32 offset, packet_info *pinfo)
1847 /* opaque ASN.1Cert<2^24-1>;
1850 * ASN.1Cert certificate_list<1..2^24-1>;
1853 guint32 certificate_list_length;
1855 proto_tree *subtree;
1859 certificate_list_length = tvb_get_ntoh24(tvb, offset);
1860 proto_tree_add_uint(tree, hf_ssl_handshake_certificates_len,
1861 tvb, offset, 3, certificate_list_length);
1862 offset += 3; /* 24-bit length value */
1864 if (certificate_list_length > 0)
1866 tvb_ensure_bytes_exist(tvb, offset, certificate_list_length);
1867 ti = proto_tree_add_none_format(tree,
1868 hf_ssl_handshake_certificates,
1869 tvb, offset, certificate_list_length,
1870 "Certificates (%u byte%s)",
1871 certificate_list_length,
1872 plurality(certificate_list_length,
1875 /* make it a subtree */
1876 subtree = proto_item_add_subtree(ti, ett_ssl_certs);
1879 subtree = tree; /* failsafe */
1882 /* iterate through each certificate */
1883 while (certificate_list_length > 0)
1885 /* get the length of the current certificate */
1886 guint32 cert_length;
1887 cert_length = tvb_get_ntoh24(tvb, offset);
1888 certificate_list_length -= 3 + cert_length;
1890 proto_tree_add_item(subtree, hf_ssl_handshake_certificate_len,
1891 tvb, offset, 3, FALSE);
1894 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, subtree, hf_ssl_handshake_certificate);
1895 offset += cert_length;
1903 dissect_ssl3_hnd_cert_req(tvbuff_t *tvb,
1904 proto_tree *tree, guint32 offset)
1908 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
1910 * } ClientCertificateType;
1912 * opaque DistinguishedName<1..2^16-1>;
1915 * ClientCertificateType certificate_types<1..2^8-1>;
1916 * DistinguishedName certificate_authorities<3..2^16-1>;
1917 * } CertificateRequest;
1921 proto_tree *subtree;
1922 guint8 cert_types_count;
1924 cert_types_count = 0;
1929 cert_types_count = tvb_get_guint8(tvb, offset);
1930 proto_tree_add_uint(tree, hf_ssl_handshake_cert_types_count,
1931 tvb, offset, 1, cert_types_count);
1934 if (cert_types_count > 0)
1936 ti = proto_tree_add_none_format(tree,
1937 hf_ssl_handshake_cert_types,
1938 tvb, offset, cert_types_count,
1939 "Certificate types (%u type%s)",
1941 plurality(cert_types_count, "", "s"));
1942 subtree = proto_item_add_subtree(ti, ett_ssl_cert_types);
1948 while (cert_types_count > 0)
1950 proto_tree_add_item(subtree, hf_ssl_handshake_cert_type,
1951 tvb, offset, 1, FALSE);
1957 dnames_length = tvb_get_ntohs(tvb, offset);
1958 proto_tree_add_uint(tree, hf_ssl_handshake_dnames_len,
1959 tvb, offset, 2, dnames_length);
1962 if (dnames_length > 0)
1964 tvb_ensure_bytes_exist(tvb, offset, dnames_length);
1965 ti = proto_tree_add_none_format(tree,
1966 hf_ssl_handshake_dnames,
1967 tvb, offset, dnames_length,
1968 "Distinguished Names (%d byte%s)",
1970 plurality(dnames_length, "", "s"));
1971 subtree = proto_item_add_subtree(ti, ett_ssl_dnames);
1977 while (dnames_length > 0)
1979 /* get the length of the current certificate */
1980 guint16 name_length;
1981 name_length = tvb_get_ntohs(tvb, offset);
1982 dnames_length -= 2 + name_length;
1984 proto_tree_add_item(subtree, hf_ssl_handshake_dname_len,
1985 tvb, offset, 2, FALSE);
1988 tvb_ensure_bytes_exist(tvb, offset, name_length);
1989 proto_tree_add_bytes_format(subtree,
1990 hf_ssl_handshake_dname,
1991 tvb, offset, name_length,
1992 tvb_get_ptr(tvb, offset, name_length),
1993 "Distinguished Name (%u byte%s)",
1995 plurality(name_length, "", "s"));
1996 offset += name_length;
2004 dissect_ssl3_hnd_finished(tvbuff_t *tvb,
2005 proto_tree *tree, guint32 offset,
2006 guint* conv_version)
2010 * opaque verify_data[12];
2015 * opaque md5_hash[16];
2016 * opaque sha_hash[20];
2020 /* this all needs a tree, so bail if we don't have one */
2026 switch(*conv_version) {
2028 case SSL_VER_TLSv1DOT1:
2029 proto_tree_add_item(tree, hf_ssl_handshake_finished,
2030 tvb, offset, 12, FALSE);
2034 proto_tree_add_item(tree, hf_ssl_handshake_md5_hash,
2035 tvb, offset, 16, FALSE);
2037 proto_tree_add_item(tree, hf_ssl_handshake_sha_hash,
2038 tvb, offset, 20, FALSE);
2044 /*********************************************************************
2046 * SSL version 2 Dissectors
2048 *********************************************************************/
2051 /* record layer dissector */
2053 dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
2054 guint32 offset, guint* conv_version,
2055 gboolean *need_desegmentation,
2056 SslDecryptSession* ssl)
2058 guint32 initial_offset;
2060 guint8 record_length_length;
2061 guint32 record_length;
2063 gint16 padding_length;
2065 const gchar *msg_type_str;
2066 guint32 available_bytes;
2068 proto_tree *ssl_record_tree;
2070 initial_offset = offset;
2072 record_length_length = 0;
2075 padding_length = -1;
2077 msg_type_str = NULL;
2078 available_bytes = 0;
2079 ssl_record_tree = NULL;
2081 /* pull first byte; if high bit is set, then record
2082 * length is three bytes due to padding; otherwise
2083 * record length is two bytes
2085 byte = tvb_get_guint8(tvb, offset);
2086 record_length_length = (byte & 0x80) ? 2 : 3;
2089 * Can we do reassembly?
2091 available_bytes = tvb_length_remaining(tvb, offset);
2093 if (ssl_desegment && pinfo->can_desegment) {
2095 * Yes - is the record header split across segment boundaries?
2097 if (available_bytes < record_length_length) {
2099 * Yes. Tell the TCP dissector where the data for this
2100 * message starts in the data it handed us, and how many
2101 * more bytes we need, and return.
2103 pinfo->desegment_offset = offset;
2104 pinfo->desegment_len = record_length_length - available_bytes;
2105 *need_desegmentation = TRUE;
2110 /* parse out the record length */
2111 switch(record_length_length) {
2112 case 2: /* two-byte record length */
2113 record_length = (byte & 0x7f) << 8;
2114 byte = tvb_get_guint8(tvb, offset + 1);
2115 record_length += byte;
2117 case 3: /* three-byte record length */
2118 is_escape = (byte & 0x40) ? TRUE : FALSE;
2119 record_length = (byte & 0x3f) << 8;
2120 byte = tvb_get_guint8(tvb, offset + 1);
2121 record_length += byte;
2122 byte = tvb_get_guint8(tvb, offset + 2);
2123 padding_length = byte;
2127 * Can we do reassembly?
2129 if (ssl_desegment && pinfo->can_desegment) {
2131 * Yes - is the record split across segment boundaries?
2133 if (available_bytes < (record_length_length + record_length)) {
2135 * Yes. Tell the TCP dissector where the data for this
2136 * message starts in the data it handed us, and how many
2137 * more bytes we need, and return.
2139 pinfo->desegment_offset = offset;
2140 pinfo->desegment_len = (record_length_length + record_length)
2142 *need_desegmentation = TRUE;
2146 offset += record_length_length;
2148 /* add the record layer subtree header */
2149 ti = proto_tree_add_item(tree, hf_ssl2_record, tvb, initial_offset,
2150 record_length_length + record_length, 0);
2151 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
2153 /* pull the msg_type so we can bail if it's unknown */
2154 msg_type = tvb_get_guint8(tvb, initial_offset + record_length_length);
2156 /* if we get a server_hello or later handshake in v2, then set
2159 if (*conv_version == SSL_VER_UNKNOWN)
2161 if (ssl_looks_like_valid_pct_handshake(tvb,
2163 record_length_length),
2165 *conv_version = SSL_VER_PCT;
2166 /*ssl_set_conv_version(pinfo, ssl->version);*/
2168 else if (msg_type >= 2 && msg_type <= 8)
2170 *conv_version = SSL_VER_SSLv2;
2171 /*ssl_set_conv_version(pinfo, ssl->version);*/
2175 /* if we get here, but don't have a version set for the
2176 * conversation, then set a version for just this frame
2177 * (e.g., on a client hello)
2179 if (check_col(pinfo->cinfo, COL_PROTOCOL))
2181 col_set_str(pinfo->cinfo, COL_PROTOCOL,
2182 (*conv_version == SSL_VER_PCT) ? "PCT" : "SSLv2");
2185 /* see if the msg_type is valid; if not the payload is
2186 * probably encrypted, so note that fact and bail
2188 msg_type_str = match_strval(msg_type,
2189 (*conv_version == SSL_VER_PCT)
2190 ? pct_msg_types : ssl_20_msg_types);
2192 || ((*conv_version != SSL_VER_PCT) &&
2193 !ssl_looks_like_valid_v2_handshake(tvb, initial_offset
2194 + record_length_length,
2196 || ((*conv_version == SSL_VER_PCT) &&
2197 !ssl_looks_like_valid_pct_handshake(tvb, initial_offset
2198 + record_length_length,
2201 if (ssl_record_tree)
2203 proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
2204 (*conv_version == SSL_VER_PCT)
2208 if (check_col(pinfo->cinfo, COL_INFO))
2209 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Data");
2210 return initial_offset + record_length_length + record_length;
2214 if (check_col(pinfo->cinfo, COL_INFO))
2215 col_append_str(pinfo->cinfo, COL_INFO, msg_type_str);
2217 if (ssl_record_tree)
2219 proto_item_set_text(ssl_record_tree, "%s Record Layer: %s",
2220 (*conv_version == SSL_VER_PCT)
2226 /* We have a valid message type, so move foward, filling in the
2227 * tree by adding the length, is_escape boolean and padding_length,
2228 * if present in the original packet
2230 if (ssl_record_tree)
2232 /* add the record length */
2233 tvb_ensure_bytes_exist(tvb, offset, record_length_length);
2234 ti = proto_tree_add_uint (ssl_record_tree,
2235 hf_ssl_record_length, tvb,
2236 initial_offset, record_length_length,
2239 if (ssl_record_tree && is_escape != -1)
2241 proto_tree_add_boolean(ssl_record_tree,
2242 hf_ssl2_record_is_escape, tvb,
2243 initial_offset, 1, is_escape);
2245 if (ssl_record_tree && padding_length != -1)
2247 proto_tree_add_uint(ssl_record_tree,
2248 hf_ssl2_record_padding_length, tvb,
2249 initial_offset + 2, 1, padding_length);
2253 * dissect the record data
2256 /* jump forward to the start of the record data */
2257 offset = initial_offset + record_length_length;
2259 /* add the message type */
2260 if (ssl_record_tree)
2262 proto_tree_add_item(ssl_record_tree,
2263 (*conv_version == SSL_VER_PCT)
2264 ? hf_pct_msg_type : hf_ssl2_msg_type,
2267 offset++; /* move past msg_type byte */
2269 if (*conv_version != SSL_VER_PCT)
2271 /* dissect the message (only handle client hello right now) */
2273 case SSL2_HND_CLIENT_HELLO:
2274 dissect_ssl2_hnd_client_hello(tvb, ssl_record_tree, offset, ssl);
2277 case SSL2_HND_CLIENT_MASTER_KEY:
2278 dissect_ssl2_hnd_client_master_key(tvb, ssl_record_tree, offset);
2281 case SSL2_HND_SERVER_HELLO:
2282 dissect_ssl2_hnd_server_hello(tvb, ssl_record_tree, offset, pinfo);
2285 case SSL2_HND_ERROR:
2286 case SSL2_HND_CLIENT_FINISHED:
2287 case SSL2_HND_SERVER_VERIFY:
2288 case SSL2_HND_SERVER_FINISHED:
2289 case SSL2_HND_REQUEST_CERTIFICATE:
2290 case SSL2_HND_CLIENT_CERTIFICATE:
2294 default: /* unknown */
2300 /* dissect the message */
2302 case PCT_MSG_CLIENT_HELLO:
2303 dissect_pct_msg_client_hello(tvb, ssl_record_tree, offset);
2305 case PCT_MSG_SERVER_HELLO:
2306 dissect_pct_msg_server_hello(tvb, ssl_record_tree, offset, pinfo);
2308 case PCT_MSG_CLIENT_MASTER_KEY:
2309 dissect_pct_msg_client_master_key(tvb, ssl_record_tree, offset);
2311 case PCT_MSG_SERVER_VERIFY:
2312 dissect_pct_msg_server_verify(tvb, ssl_record_tree, offset);
2315 dissect_pct_msg_error(tvb, ssl_record_tree, offset);
2318 default: /* unknown */
2322 return (initial_offset + record_length_length + record_length);
2326 dissect_ssl2_hnd_client_hello(tvbuff_t *tvb,
2327 proto_tree *tree, guint32 offset,
2328 SslDecryptSession* ssl)
2333 * uint16 cipher_spec_length;
2334 * uint16 session_id_length;
2335 * uint16 challenge_length;
2336 * V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length];
2337 * opaque session_id[V2ClientHello.session_id_length];
2341 * Note: when we get here, offset's already pointing at Version
2345 guint16 cipher_spec_length;
2346 guint16 session_id_length;
2347 guint16 challenge_length;
2350 proto_tree *cs_tree;
2353 version = tvb_get_ntohs(tvb, offset);
2354 if (!ssl_is_valid_ssl_version(version))
2356 /* invalid version; probably encrypted data */
2362 /* show the version */
2364 proto_tree_add_item(tree, hf_ssl_record_version, tvb,
2368 cipher_spec_length = tvb_get_ntohs(tvb, offset);
2370 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec_len,
2371 tvb, offset, 2, FALSE);
2374 session_id_length = tvb_get_ntohs(tvb, offset);
2376 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_len,
2377 tvb, offset, 2, FALSE);
2380 challenge_length = tvb_get_ntohs(tvb, offset);
2382 proto_tree_add_item(tree, hf_ssl2_handshake_challenge_len,
2383 tvb, offset, 2, FALSE);
2388 /* tell the user how many cipher specs they've won */
2389 tvb_ensure_bytes_exist(tvb, offset, cipher_spec_length);
2390 ti = proto_tree_add_none_format(tree, hf_ssl_handshake_cipher_suites,
2391 tvb, offset, cipher_spec_length,
2392 "Cipher Specs (%u specs)",
2393 cipher_spec_length/3);
2395 /* make this a subtree and expand the actual specs below */
2396 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2399 cs_tree = tree; /* failsafe */
2403 /* iterate through the cipher specs, showing them */
2404 while (cipher_spec_length > 0)
2407 proto_tree_add_item(cs_tree, hf_ssl2_handshake_cipher_spec,
2408 tvb, offset, 3, FALSE);
2409 offset += 3; /* length of one cipher spec */
2410 cipher_spec_length -= 3;
2413 /* if there's a session id, show it */
2414 if (session_id_length > 0)
2418 tvb_ensure_bytes_exist(tvb, offset, session_id_length);
2419 proto_tree_add_bytes_format(tree,
2420 hf_ssl_handshake_session_id,
2421 tvb, offset, session_id_length,
2422 tvb_get_ptr(tvb, offset, session_id_length),
2423 "Session ID (%u byte%s)",
2425 plurality(session_id_length, "", "s"));
2428 /* PAOLO: get session id and reset session state for key [re]negotiation */
2431 tvb_memcpy(tvb,ssl->session_id.data, offset, session_id_length);
2432 ssl->session_id.data_len = session_id_length;
2433 ssl->state &= ~(SSL_HAVE_SESSION_KEY|SSL_MASTER_SECRET|
2434 SSL_CIPHER|SSL_SERVER_RANDOM);
2436 offset += session_id_length;
2439 /* if there's a challenge, show it */
2440 if (challenge_length > 0)
2442 tvb_ensure_bytes_exist(tvb, offset, challenge_length);
2445 proto_tree_add_item(tree, hf_ssl2_handshake_challenge,
2446 tvb, offset, challenge_length, 0);
2449 /* PAOLO: get client random data; we get at most 32 bytes from
2452 max = challenge_length > 32? 32: challenge_length;
2454 ssl_debug_printf("client random len: %d padded to 32\n",
2457 /* client random is padded with zero and 'right' aligned */
2458 memset(ssl->client_random.data, 0, 32 - max);
2459 tvb_memcpy(tvb, &ssl->client_random.data[32 - max], offset, max);
2460 ssl->client_random.data_len = 32;
2461 ssl->state |= SSL_CLIENT_RANDOM;
2464 offset += challenge_length;
2470 dissect_pct_msg_client_hello(tvbuff_t *tvb,
2471 proto_tree *tree, guint32 offset)
2473 guint16 CH_CLIENT_VERSION, CH_OFFSET, CH_CIPHER_SPECS_LENGTH, CH_HASH_SPECS_LENGTH, CH_CERT_SPECS_LENGTH, CH_EXCH_SPECS_LENGTH, CH_KEY_ARG_LENGTH;
2474 proto_item *CH_CIPHER_SPECS_ti, *CH_HASH_SPECS_ti, *CH_CERT_SPECS_ti, *CH_EXCH_SPECS_ti;
2475 proto_tree *CH_CIPHER_SPECS_tree, *CH_HASH_SPECS_tree, *CH_CERT_SPECS_tree, *CH_EXCH_SPECS_tree;
2478 CH_CLIENT_VERSION = tvb_get_ntohs(tvb, offset);
2479 if(CH_CLIENT_VERSION != PCT_VERSION_1)
2480 proto_tree_add_text(tree, tvb, offset, 2, "Client Version, should be %x in PCT version 1", PCT_VERSION_1);
2482 proto_tree_add_text(tree, tvb, offset, 2, "Client Version (%x)", PCT_VERSION_1);
2485 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2488 proto_tree_add_text(tree, tvb, offset, 32, "Client Session ID Data (32 bytes)");
2491 proto_tree_add_text(tree, tvb, offset, 32, "Challange Data(32 bytes)");
2494 CH_OFFSET = tvb_get_ntohs(tvb, offset);
2495 if(CH_OFFSET != PCT_CH_OFFSET_V1)
2496 proto_tree_add_text(tree, tvb, offset, 2, "CH_OFFSET: %d, should be %d in PCT version 1", CH_OFFSET, PCT_CH_OFFSET_V1);
2498 proto_tree_add_text(tree, tvb, offset, 2, "CH_OFFSET: %d", CH_OFFSET);
2501 CH_CIPHER_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2502 proto_tree_add_text(tree, tvb, offset, 2, "CIPHER_SPECS Length: %d", CH_CIPHER_SPECS_LENGTH);
2505 CH_HASH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2506 proto_tree_add_text(tree, tvb, offset, 2, "HASH_SPECS Length: %d", CH_HASH_SPECS_LENGTH);
2509 CH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2510 proto_tree_add_text(tree, tvb, offset, 2, "CERT_SPECS Length: %d", CH_CERT_SPECS_LENGTH);
2513 CH_EXCH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2514 proto_tree_add_text(tree, tvb, offset, 2, "EXCH_SPECS Length: %d", CH_EXCH_SPECS_LENGTH);
2517 CH_KEY_ARG_LENGTH = tvb_get_ntohs(tvb, offset);
2518 proto_tree_add_text(tree, tvb, offset, 2, "IV Length: %d", CH_KEY_ARG_LENGTH);
2521 if(CH_CIPHER_SPECS_LENGTH) {
2522 tvb_ensure_bytes_exist(tvb, offset, CH_CIPHER_SPECS_LENGTH);
2523 CH_CIPHER_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cipher_spec, tvb, offset, CH_CIPHER_SPECS_LENGTH, FALSE);
2524 CH_CIPHER_SPECS_tree = proto_item_add_subtree(CH_CIPHER_SPECS_ti, ett_pct_cipher_suites);
2526 for(i=0; i<(CH_CIPHER_SPECS_LENGTH/4); i++) {
2527 proto_tree_add_item(CH_CIPHER_SPECS_tree, hf_pct_handshake_cipher, tvb, offset, 2, FALSE);
2529 proto_tree_add_text(CH_CIPHER_SPECS_tree, tvb, offset, 1, "Encryption key length: %d", tvb_get_guint8(tvb, offset));
2531 proto_tree_add_text(CH_CIPHER_SPECS_tree, tvb, offset, 1, "MAC key length in bits: %d", tvb_get_guint8(tvb, offset) + 64);
2536 if(CH_HASH_SPECS_LENGTH) {
2537 tvb_ensure_bytes_exist(tvb, offset, CH_HASH_SPECS_LENGTH);
2538 CH_HASH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_hash_spec, tvb, offset, CH_HASH_SPECS_LENGTH, FALSE);
2539 CH_HASH_SPECS_tree = proto_item_add_subtree(CH_HASH_SPECS_ti, ett_pct_hash_suites);
2541 for(i=0; i<(CH_HASH_SPECS_LENGTH/2); i++) {
2542 proto_tree_add_item(CH_HASH_SPECS_tree, hf_pct_handshake_hash, tvb, offset, 2, FALSE);
2547 if(CH_CERT_SPECS_LENGTH) {
2548 tvb_ensure_bytes_exist(tvb, offset, CH_CERT_SPECS_LENGTH);
2549 CH_CERT_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cert_spec, tvb, offset, CH_CERT_SPECS_LENGTH, FALSE);
2550 CH_CERT_SPECS_tree = proto_item_add_subtree(CH_CERT_SPECS_ti, ett_pct_cert_suites);
2552 for(i=0; i< (CH_CERT_SPECS_LENGTH/2); i++) {
2553 proto_tree_add_item(CH_CERT_SPECS_tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
2558 if(CH_EXCH_SPECS_LENGTH) {
2559 tvb_ensure_bytes_exist(tvb, offset, CH_EXCH_SPECS_LENGTH);
2560 CH_EXCH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_exch_spec, tvb, offset, CH_EXCH_SPECS_LENGTH, FALSE);
2561 CH_EXCH_SPECS_tree = proto_item_add_subtree(CH_EXCH_SPECS_ti, ett_pct_exch_suites);
2563 for(i=0; i<(CH_EXCH_SPECS_LENGTH/2); i++) {
2564 proto_tree_add_item(CH_EXCH_SPECS_tree, hf_pct_handshake_exch, tvb, offset, 2, FALSE);
2569 if(CH_KEY_ARG_LENGTH) {
2570 tvb_ensure_bytes_exist(tvb, offset, CH_KEY_ARG_LENGTH);
2571 proto_tree_add_text(tree, tvb, offset, CH_KEY_ARG_LENGTH, "IV data (%d bytes)", CH_KEY_ARG_LENGTH);
2572 offset += CH_KEY_ARG_LENGTH;
2577 dissect_pct_msg_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo)
2580 char SH_MSG_SERVER_HELLO
2582 char SH_SERVER_VERSION_MSB
2583 char SH_SERVER_VERSION_LSB
2584 char SH_RESTART_SESSION_OK
2585 char SH_CLIENT_AUTH_REQ
2586 char SH_CIPHER_SPECS_DATA[4]
2587 char SH_HASH_SPECS_DATA[2]
2588 char SH_CERT_SPECS_DATA[2]
2589 char SH_EXCH_SPECS_DATA[2]
2590 char SH_CONNECTION_ID_DATA[32]
2591 char SH_CERTIFICATE_LENGTH_MSB
2592 char SH_CERTIFICATE_LENGTH_LSB
2593 char SH_CLIENT_CERT_SPECS_LENGTH_MSB
2594 char SH_CLIENT_CERT_SPECS_LENGTH_LSB
2595 char SH_CLIENT_SIG_SPECS_LENGTH_MSB
2596 char SH_CLIENT_SIG_SPECS_LENGTH_LSB
2597 char SH_RESPONSE_LENGTH_MSB
2598 char SH_RESPONSE_LENGTH_LSB
2599 char SH_CERTIFICATE_DATA[MSB<<8|LSB]
2600 char SH_CLIENT_CERT_SPECS_DATA[MSB<<8|LSB]
2601 char SH_CLIENT_SIG_SPECS_DATA[MSB<<8|LSB]
2602 char SH_RESPONSE_DATA[MSB<<8|LSB]
2606 guint16 SH_SERVER_VERSION, SH_CERT_LENGTH, SH_CERT_SPECS_LENGTH, SH_CLIENT_SIG_LENGTH, SH_RESPONSE_LENGTH;
2608 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2611 SH_SERVER_VERSION = tvb_get_ntohs(tvb, offset);
2612 if(SH_SERVER_VERSION != PCT_VERSION_1)
2613 proto_tree_add_text(tree, tvb, offset, 2, "Server Version, should be %x in PCT version 1", PCT_VERSION_1);
2615 proto_tree_add_text(tree, tvb, offset, 2, "Server Version (%x)", PCT_VERSION_1);
2618 proto_tree_add_text(tree, tvb, offset, 1, "SH_RESTART_SESSION_OK flag");
2621 proto_tree_add_text(tree, tvb, offset, 1, "SH_CLIENT_AUTH_REQ flag");
2624 proto_tree_add_item(tree, hf_pct_handshake_cipher, tvb, offset, 2, FALSE);
2626 proto_tree_add_text(tree, tvb, offset, 1, "Encryption key length: %d", tvb_get_guint8(tvb, offset));
2628 proto_tree_add_text(tree, tvb, offset, 1, "MAC key length in bits: %d", tvb_get_guint8(tvb, offset) + 64);
2631 proto_tree_add_item(tree, hf_pct_handshake_hash, tvb, offset, 2, FALSE);
2634 proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
2637 proto_tree_add_item(tree, hf_pct_handshake_exch, tvb, offset, 2, FALSE);
2640 proto_tree_add_text(tree, tvb, offset, 32, "Connection ID Data (32 bytes)");
2643 SH_CERT_LENGTH = tvb_get_ntohs(tvb, offset);
2644 proto_tree_add_text(tree, tvb, offset, 2, "Server Certificate Length: %d", SH_CERT_LENGTH);
2647 SH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset);
2648 proto_tree_add_text(tree, tvb, offset, 2, "Client CERT_SPECS Length: %d", SH_CERT_SPECS_LENGTH);
2651 SH_CLIENT_SIG_LENGTH = tvb_get_ntohs(tvb, offset);
2652 proto_tree_add_text(tree, tvb, offset, 2, "Client SIG_SPECS Length: %d", SH_CLIENT_SIG_LENGTH);
2655 SH_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
2656 proto_tree_add_text(tree, tvb, offset, 2, "Response Length: %d", SH_RESPONSE_LENGTH);
2659 if(SH_CERT_LENGTH) {
2660 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_pct_handshake_server_cert);
2661 offset += SH_CERT_LENGTH;
2664 if(SH_CERT_SPECS_LENGTH) {
2665 tvb_ensure_bytes_exist(tvb, offset, SH_CERT_SPECS_LENGTH);
2666 proto_tree_add_text(tree, tvb, offset, SH_CERT_SPECS_LENGTH, "Client CERT_SPECS (%d bytes)", SH_CERT_SPECS_LENGTH);
2667 offset += SH_CERT_SPECS_LENGTH;
2670 if(SH_CLIENT_SIG_LENGTH) {
2671 tvb_ensure_bytes_exist(tvb, offset, SH_CLIENT_SIG_LENGTH);
2672 proto_tree_add_text(tree, tvb, offset, SH_CLIENT_SIG_LENGTH, "Client Signature (%d bytes)", SH_CLIENT_SIG_LENGTH);
2673 offset += SH_CLIENT_SIG_LENGTH;
2676 if(SH_RESPONSE_LENGTH) {
2677 tvb_ensure_bytes_exist(tvb, offset, SH_RESPONSE_LENGTH);
2678 proto_tree_add_text(tree, tvb, offset, SH_RESPONSE_LENGTH, "Server Response (%d bytes)", SH_RESPONSE_LENGTH);
2679 offset += SH_RESPONSE_LENGTH;
2685 dissect_pct_msg_client_master_key(tvbuff_t *tvb, proto_tree *tree, guint32 offset)
2687 guint16 CMK_CLEAR_KEY_LENGTH, CMK_ENCRYPTED_KEY_LENGTH, CMK_KEY_ARG_LENGTH, CMK_VERIFY_PRELUDE, CMK_CLIENT_CERT_LENGTH, CMK_RESPONSE_LENGTH;
2689 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2692 proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, FALSE);
2695 proto_tree_add_item(tree, hf_pct_handshake_sig, tvb, offset, 2, FALSE);
2698 CMK_CLEAR_KEY_LENGTH = tvb_get_ntohs(tvb, offset);
2699 proto_tree_add_text(tree, tvb, offset, 2, "Clear Key Length: %d",CMK_CLEAR_KEY_LENGTH);
2702 CMK_ENCRYPTED_KEY_LENGTH = tvb_get_ntohs(tvb, offset);
2703 proto_tree_add_text(tree, tvb, offset, 2, "Encrypted Key Length: %d",CMK_ENCRYPTED_KEY_LENGTH);
2706 CMK_KEY_ARG_LENGTH= tvb_get_ntohs(tvb, offset);
2707 proto_tree_add_text(tree, tvb, offset, 2, "IV Length: %d",CMK_KEY_ARG_LENGTH);
2710 CMK_VERIFY_PRELUDE = tvb_get_ntohs(tvb, offset);
2711 proto_tree_add_text(tree, tvb, offset, 2, "Verify Prelude Length: %d",CMK_VERIFY_PRELUDE);
2714 CMK_CLIENT_CERT_LENGTH = tvb_get_ntohs(tvb, offset);
2715 proto_tree_add_text(tree, tvb, offset, 2, "Client Cert Length: %d",CMK_CLIENT_CERT_LENGTH);
2718 CMK_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
2719 proto_tree_add_text(tree, tvb, offset, 2, "Response Length: %d",CMK_RESPONSE_LENGTH);
2722 if(CMK_CLEAR_KEY_LENGTH) {
2723 tvb_ensure_bytes_exist(tvb, offset, CMK_CLEAR_KEY_LENGTH);
2724 proto_tree_add_text(tree, tvb, offset, CMK_CLEAR_KEY_LENGTH, "Clear Key data (%d bytes)", CMK_CLEAR_KEY_LENGTH);
2725 offset += CMK_CLEAR_KEY_LENGTH;
2727 if(CMK_ENCRYPTED_KEY_LENGTH) {
2728 tvb_ensure_bytes_exist(tvb, offset, CMK_ENCRYPTED_KEY_LENGTH);
2729 proto_tree_add_text(tree, tvb, offset, CMK_ENCRYPTED_KEY_LENGTH, "Encrypted Key data (%d bytes)", CMK_ENCRYPTED_KEY_LENGTH);
2730 offset += CMK_ENCRYPTED_KEY_LENGTH;
2732 if(CMK_KEY_ARG_LENGTH) {
2733 tvb_ensure_bytes_exist(tvb, offset, CMK_KEY_ARG_LENGTH);
2734 proto_tree_add_text(tree, tvb, offset, CMK_KEY_ARG_LENGTH, "IV data (%d bytes)", CMK_KEY_ARG_LENGTH);
2735 offset += CMK_KEY_ARG_LENGTH;
2737 if(CMK_VERIFY_PRELUDE) {
2738 tvb_ensure_bytes_exist(tvb, offset, CMK_VERIFY_PRELUDE);
2739 proto_tree_add_text(tree, tvb, offset, CMK_VERIFY_PRELUDE, "Verify Prelude data (%d bytes)", CMK_VERIFY_PRELUDE);
2740 offset += CMK_VERIFY_PRELUDE;
2742 if(CMK_CLIENT_CERT_LENGTH) {
2743 tvb_ensure_bytes_exist(tvb, offset, CMK_CLIENT_CERT_LENGTH);
2744 proto_tree_add_text(tree, tvb, offset, CMK_CLIENT_CERT_LENGTH, "Client Certificate data (%d bytes)", CMK_CLIENT_CERT_LENGTH);
2745 offset += CMK_CLIENT_CERT_LENGTH;
2747 if(CMK_RESPONSE_LENGTH) {
2748 tvb_ensure_bytes_exist(tvb, offset, CMK_RESPONSE_LENGTH);
2749 proto_tree_add_text(tree, tvb, offset, CMK_RESPONSE_LENGTH, "Response data (%d bytes)", CMK_RESPONSE_LENGTH);
2750 offset += CMK_RESPONSE_LENGTH;
2755 dissect_pct_msg_server_verify(tvbuff_t *tvb,
2756 proto_tree *tree, guint32 offset)
2758 guint16 SV_RESPONSE_LENGTH;
2760 proto_tree_add_text(tree, tvb, offset, 1, "PAD");
2763 proto_tree_add_text(tree, tvb, offset, 32, "Server Session ID data (32 bytes)");
2766 SV_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset);
2767 proto_tree_add_text(tree, tvb, offset, 2, "Server Response Length: %d", SV_RESPONSE_LENGTH);
2770 if(SV_RESPONSE_LENGTH) {
2771 tvb_ensure_bytes_exist(tvb, offset, SV_RESPONSE_LENGTH);
2772 proto_tree_add_text(tree, tvb, offset, SV_RESPONSE_LENGTH, "Server Response (%d bytes)", SV_RESPONSE_LENGTH);
2773 offset += SV_RESPONSE_LENGTH;
2778 dissect_pct_msg_error(tvbuff_t *tvb,
2779 proto_tree *tree, guint32 offset)
2781 guint16 ERROR_CODE, INFO_LEN;
2783 ERROR_CODE = tvb_get_ntohs(tvb, offset);
2784 proto_tree_add_item(tree, hf_pct_msg_error_type, tvb, offset, 2, FALSE);
2787 INFO_LEN = tvb_get_ntohs(tvb, offset);
2788 proto_tree_add_text(tree, tvb, offset, 2, "Eror Information Length: %d", INFO_LEN);
2790 if (ERROR_CODE == PCT_ERR_SPECS_MISMATCH && INFO_LEN == 6)
2792 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CIPHER");
2794 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_HASH");
2796 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CERT");
2798 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_EXCH");
2800 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CLIENT_CERT");
2802 proto_tree_add_text(tree, tvb, offset, 1, "SPECS_MISMATCH_CLIENT_SIG");
2806 proto_tree_add_text(tree, tvb, offset, INFO_LEN, "Error Information dta (%d bytes)", INFO_LEN);
2812 dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
2813 proto_tree *tree, guint32 offset)
2817 * V2Cipherspec cipher;
2818 * uint16 clear_key_length;
2819 * uint16 encrypted_key_length;
2820 * uint16 key_arg_length;
2821 * opaque clear_key_data[V2ClientMasterKey.clear_key_length];
2822 * opaque encrypted_key_data[V2ClientMasterKey.encrypted_key_length];
2823 * opaque key_arg_data[V2ClientMasterKey.key_arg_length];
2824 * } V2ClientMasterKey;
2826 * Note: when we get here, offset's already pointing at cipher
2828 guint16 clear_key_length;
2829 guint16 encrypted_key_length;
2830 guint16 key_arg_length;
2832 /* at this point, everything we do involves the tree,
2833 * so quit now if we don't have one ;-)
2840 /* show the selected cipher */
2841 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec,
2842 tvb, offset, 3, FALSE);
2845 /* get the fixed fields */
2846 clear_key_length = tvb_get_ntohs(tvb, offset);
2847 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key_len,
2848 tvb, offset, 2, FALSE);
2851 encrypted_key_length = tvb_get_ntohs(tvb, offset);
2852 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key_len,
2853 tvb, offset, 2, FALSE);
2856 key_arg_length = tvb_get_ntohs(tvb, offset);
2857 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg_len,
2858 tvb, offset, 2, FALSE);
2861 /* show the variable length fields */
2862 if (clear_key_length > 0)
2864 tvb_ensure_bytes_exist(tvb, offset, clear_key_length);
2865 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key,
2866 tvb, offset, clear_key_length, FALSE);
2867 offset += clear_key_length;
2870 if (encrypted_key_length > 0)
2872 tvb_ensure_bytes_exist(tvb, offset, encrypted_key_length);
2873 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key,
2874 tvb, offset, encrypted_key_length, FALSE);
2875 offset += encrypted_key_length;
2878 if (key_arg_length > 0)
2880 tvb_ensure_bytes_exist(tvb, offset, key_arg_length);
2881 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg,
2882 tvb, offset, key_arg_length, FALSE);
2883 offset += key_arg_length;
2889 dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
2890 proto_tree *tree, guint32 offset, packet_info *pinfo)
2894 * uint8 session_id_hit;
2895 * uint8 certificate_type;
2896 * uint16 server_version;
2897 * uint16 certificate_length;
2898 * uint16 cipher_specs_length;
2899 * uint16 connection_id_length;
2900 * opaque certificate_data[V2ServerHello.certificate_length];
2901 * opaque cipher_specs_data[V2ServerHello.cipher_specs_length];
2902 * opaque connection_id_data[V2ServerHello.connection_id_length];
2905 * Note: when we get here, offset's already pointing at session_id_hit
2907 guint16 certificate_length;
2908 guint16 cipher_spec_length;
2909 guint16 connection_id_length;
2912 proto_tree *subtree;
2914 /* everything we do only makes sense with a tree, so
2915 * quit now if we don't have one
2922 version = tvb_get_ntohs(tvb, offset + 2);
2923 if (!ssl_is_valid_ssl_version(version))
2925 /* invalid version; probably encrypted data */
2930 /* is there a hit? */
2931 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_hit,
2932 tvb, offset, 1, FALSE);
2935 /* what type of certificate is this? */
2936 proto_tree_add_item(tree, hf_ssl2_handshake_cert_type,
2937 tvb, offset, 1, FALSE);
2940 /* now the server version */
2941 proto_tree_add_item(tree, hf_ssl_handshake_server_version,
2942 tvb, offset, 2, FALSE);
2945 /* get the fixed fields */
2946 certificate_length = tvb_get_ntohs(tvb, offset);
2947 proto_tree_add_uint(tree, hf_ssl_handshake_certificate_len,
2948 tvb, offset, 2, certificate_length);
2951 cipher_spec_length = tvb_get_ntohs(tvb, offset);
2952 proto_tree_add_uint(tree, hf_ssl2_handshake_cipher_spec_len,
2953 tvb, offset, 2, cipher_spec_length);
2956 connection_id_length = tvb_get_ntohs(tvb, offset);
2957 proto_tree_add_uint(tree, hf_ssl2_handshake_connection_id_len,
2958 tvb, offset, 2, connection_id_length);
2961 /* now the variable length fields */
2962 if (certificate_length > 0)
2964 dissect_x509af_Certificate(FALSE, tvb, offset, pinfo, tree, hf_ssl_handshake_certificate);
2965 offset += certificate_length;
2968 if (cipher_spec_length > 0)
2970 /* provide a collapsing node for the cipher specs */
2971 tvb_ensure_bytes_exist(tvb, offset, cipher_spec_length);
2972 ti = proto_tree_add_none_format(tree,
2973 hf_ssl_handshake_cipher_suites,
2974 tvb, offset, cipher_spec_length,
2975 "Cipher Specs (%u spec%s)",
2976 cipher_spec_length/3,
2977 plurality(cipher_spec_length/3, "", "s"));
2978 subtree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2984 /* iterate through the cipher specs */
2985 while (cipher_spec_length > 0)
2987 proto_tree_add_item(subtree, hf_ssl2_handshake_cipher_spec,
2988 tvb, offset, 3, FALSE);
2990 cipher_spec_length -= 3;
2994 if (connection_id_length > 0)
2996 tvb_ensure_bytes_exist(tvb, offset, connection_id_length);
2997 proto_tree_add_item(tree, hf_ssl2_handshake_connection_id,
2998 tvb, offset, connection_id_length, FALSE);
2999 offset += connection_id_length;
3007 /*********************************************************************
3011 *********************************************************************/
3014 ssl_set_conv_version(packet_info *pinfo, guint version)
3016 conversation_t *conversation;
3018 if (pinfo->fd->flags.visited)
3020 /* We've already processed this frame; no need to do any more
3026 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
3027 pinfo->srcport, pinfo->destport, 0);
3029 if (conversation == NULL)
3031 /* create a new conversation */
3032 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype,
3033 pinfo->srcport, pinfo->destport, 0);
3036 if (conversation_get_proto_data(conversation, proto_ssl) != NULL)
3038 /* get rid of the current data */
3039 conversation_delete_proto_data(conversation, proto_ssl);
3041 conversation_add_proto_data(conversation, proto_ssl, GINT_TO_POINTER(version));
3046 ssl_is_valid_handshake_type(guint8 type)
3050 case SSL_HND_HELLO_REQUEST:
3051 case SSL_HND_CLIENT_HELLO:
3052 case SSL_HND_SERVER_HELLO:
3053 case SSL_HND_CERTIFICATE:
3054 case SSL_HND_SERVER_KEY_EXCHG:
3055 case SSL_HND_CERT_REQUEST:
3056 case SSL_HND_SVR_HELLO_DONE:
3057 case SSL_HND_CERT_VERIFY:
3058 case SSL_HND_CLIENT_KEY_EXCHG:
3059 case SSL_HND_FINISHED:
3066 ssl_is_valid_ssl_version(guint16 version)
3068 const gchar *version_str;
3069 version_str = match_strval(version, ssl_versions);
3070 return version_str != NULL;
3074 ssl_is_authoritative_version_message(guint8 content_type,
3077 if (content_type == SSL_ID_HANDSHAKE
3078 && ssl_is_valid_handshake_type(next_byte))
3080 return (next_byte != SSL_HND_CLIENT_HELLO);
3082 else if (ssl_is_valid_content_type(content_type)
3083 && content_type != SSL_ID_HANDSHAKE)
3091 ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset)
3095 byte = tvb_get_guint8(tvb, offset);
3096 if (byte != 0x80) /* v2 client hello should start this way */
3101 byte = tvb_get_guint8(tvb, offset+2);
3102 if (byte != 0x01) /* v2 client hello msg type */
3107 /* 1 in 2^16 of being right; improve later if necessary */
3111 /* this applies a heuristic to determine whether
3112 * or not the data beginning at offset looks like a
3113 * valid sslv2 record. this isn't really possible,
3114 * but we'll try to do a reasonable job anyway.
3117 ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset)
3119 /* here's the current approach:
3121 * we only try to catch unencrypted handshake messages, so we can
3122 * assume that there is not padding. This means that the
3123 * first byte must be >= 0x80 and there must be a valid sslv2
3124 * msg_type in the third byte
3127 /* get the first byte; must have high bit set */
3129 byte = tvb_get_guint8(tvb, offset);
3136 /* get the supposed msg_type byte; since we only care about
3137 * unencrypted handshake messages (we can't tell the type for
3138 * encrypted messages), we just check against that list
3140 byte = tvb_get_guint8(tvb, offset + 2);
3142 case SSL2_HND_ERROR:
3143 case SSL2_HND_CLIENT_HELLO:
3144 case SSL2_HND_CLIENT_MASTER_KEY:
3145 case SSL2_HND_SERVER_HELLO:
3146 case PCT_MSG_CLIENT_MASTER_KEY:
3153 /* this applies a heuristic to determine whether
3154 * or not the data beginning at offset looks like a
3155 * valid sslv3 record. this is somewhat more reliable
3156 * than sslv2 due to the structure of the v3 protocol
3159 ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset)
3161 /* have to have a valid content type followed by a valid
3167 /* see if the first byte is a valid content type */
3168 byte = tvb_get_guint8(tvb, offset);
3169 if (!ssl_is_valid_content_type(byte))
3174 /* now check to see if the version byte appears valid */
3175 version = tvb_get_ntohs(tvb, offset + 1);
3176 if (version != SSLV3_VERSION && version != TLSV1_VERSION && version != TLSV1DOT1_VERSION)
3184 /* applies a heuristic to determine whether
3185 * or not the data beginning at offset looks
3186 * like a valid, unencrypted v2 handshake message.
3187 * since it isn't possible to completely tell random
3188 * data apart from a valid message without state,
3189 * we try to help the odds.
3192 ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, guint32 offset,
3193 guint32 record_length)
3195 /* first byte should be a msg_type.
3197 * - we know we only see client_hello, client_master_key,
3198 * and server_hello in the clear, so check to see if
3199 * msg_type is one of those (this gives us a 3 in 2^8
3200 * chance of saying yes with random payload)
3202 * - for those three types that we know about, do some
3203 * further validation to reduce the chance of an error
3209 /* fetch the msg_type */
3210 msg_type = tvb_get_guint8(tvb, offset);
3213 case SSL2_HND_CLIENT_HELLO:
3214 /* version follows msg byte, so verify that this is valid */
3215 version = tvb_get_ntohs(tvb, offset+1);
3216 return ssl_is_valid_ssl_version(version);
3219 case SSL2_HND_SERVER_HELLO:
3220 /* version is three bytes after msg_type */
3221 version = tvb_get_ntohs(tvb, offset+3);
3222 return ssl_is_valid_ssl_version(version);
3225 case SSL2_HND_CLIENT_MASTER_KEY:
3226 /* sum of clear_key_length, encrypted_key_length, and key_arg_length
3227 * must be less than record length
3229 sum = tvb_get_ntohs(tvb, offset + 4); /* clear_key_length */
3230 sum += tvb_get_ntohs(tvb, offset + 6); /* encrypted_key_length */
3231 sum += tvb_get_ntohs(tvb, offset + 8); /* key_arg_length */
3232 if (sum > record_length)
3245 /* applies a heuristic to determine whether
3246 * or not the data beginning at offset looks
3247 * like a valid, unencrypted v2 handshake message.
3248 * since it isn't possible to completely tell random
3249 * data apart from a valid message without state,
3250 * we try to help the odds.
3253 ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, guint32 offset,
3254 guint32 record_length)
3256 /* first byte should be a msg_type.
3258 * - we know we only see client_hello, client_master_key,
3259 * and server_hello in the clear, so check to see if
3260 * msg_type is one of those (this gives us a 3 in 2^8
3261 * chance of saying yes with random payload)
3263 * - for those three types that we know about, do some
3264 * further validation to reduce the chance of an error
3270 /* fetch the msg_type */
3271 msg_type = tvb_get_guint8(tvb, offset);
3274 case PCT_MSG_CLIENT_HELLO:
3275 /* version follows msg byte, so verify that this is valid */
3276 version = tvb_get_ntohs(tvb, offset+1);
3277 return version == PCT_VERSION_1;
3280 case PCT_MSG_SERVER_HELLO:
3281 /* version is one byte after msg_type */
3282 version = tvb_get_ntohs(tvb, offset+2);
3283 return version == PCT_VERSION_1;
3286 case PCT_MSG_CLIENT_MASTER_KEY:
3287 /* sum of various length fields must be less than record length */
3288 sum = tvb_get_ntohs(tvb, offset + 6); /* clear_key_length */
3289 sum += tvb_get_ntohs(tvb, offset + 8); /* encrypted_key_length */
3290 sum += tvb_get_ntohs(tvb, offset + 10); /* key_arg_length */
3291 sum += tvb_get_ntohs(tvb, offset + 12); /* verify_prelude_length */
3292 sum += tvb_get_ntohs(tvb, offset + 14); /* client_cert_length */
3293 sum += tvb_get_ntohs(tvb, offset + 16); /* response_length */
3294 if (sum > record_length)
3301 case PCT_MSG_SERVER_VERIFY:
3302 /* record is 36 bytes longer than response_length */
3303 sum = tvb_get_ntohs(tvb, offset + 34); /* response_length */
3304 if ((sum + 36) == record_length)
3317 /*********************************************************************
3319 * Standard Ethereal Protocol Registration and housekeeping
3321 *********************************************************************/
3323 proto_register_ssl(void)
3326 /* Setup list of header fields See Section 1.6.1 for details*/
3327 static hf_register_info hf[] = {
3329 { "Record Layer", "ssl.record",
3330 FT_NONE, BASE_NONE, NULL, 0x0,
3331 "Record layer", HFILL }
3333 { &hf_ssl_record_content_type,
3334 { "Content Type", "ssl.record.content_type",
3335 FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
3336 "Content type", HFILL}
3338 { &hf_ssl2_msg_type,
3339 { "Handshake Message Type", "ssl.handshake.type",
3340 FT_UINT8, BASE_DEC, VALS(ssl_20_msg_types), 0x0,
3341 "SSLv2 handshake message type", HFILL}
3344 { "Handshake Message Type", "ssl.pct_handshake.type",
3345 FT_UINT8, BASE_DEC, VALS(pct_msg_types), 0x0,
3346 "PCT handshake message type", HFILL}
3348 { &hf_ssl_record_version,
3349 { "Version", "ssl.record.version",
3350 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3351 "Record layer version.", HFILL }
3353 { &hf_ssl_record_length,
3354 { "Length", "ssl.record.length",
3355 FT_UINT16, BASE_DEC, NULL, 0x0,
3356 "Length of SSL record data", HFILL }
3358 { &hf_ssl_record_appdata,
3359 { "Encrypted Application Data", "ssl.app_data",
3360 FT_BYTES, BASE_HEX, NULL, 0x0,
3361 "Payload is encrypted application data", HFILL }
3365 { "SSLv2/PCT Record Header", "ssl.record",
3366 FT_NONE, BASE_DEC, NULL, 0x0,
3367 "SSLv2/PCT record data", HFILL }
3369 { &hf_ssl2_record_is_escape,
3370 { "Is Escape", "ssl.record.is_escape",
3371 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3372 "Indicates a security escape", HFILL}
3374 { &hf_ssl2_record_padding_length,
3375 { "Padding Length", "ssl.record.padding_length",
3376 FT_UINT8, BASE_DEC, NULL, 0x0,
3377 "Length of padding at end of record", HFILL }
3379 { &hf_ssl_change_cipher_spec,
3380 { "Change Cipher Spec Message", "ssl.change_cipher_spec",
3381 FT_NONE, BASE_NONE, NULL, 0x0,
3382 "Signals a change in cipher specifications", HFILL }
3384 { & hf_ssl_alert_message,
3385 { "Alert Message", "ssl.alert_message",
3386 FT_NONE, BASE_NONE, NULL, 0x0,
3387 "Alert message", HFILL }
3389 { & hf_ssl_alert_message_level,
3390 { "Level", "ssl.alert_message.level",
3391 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
3392 "Alert message level", HFILL }
3394 { &hf_ssl_alert_message_description,
3395 { "Description", "ssl.alert_message.desc",
3396 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
3397 "Alert message description", HFILL }
3399 { &hf_ssl_handshake_protocol,
3400 { "Handshake Protocol", "ssl.handshake",
3401 FT_NONE, BASE_NONE, NULL, 0x0,
3402 "Handshake protocol message", HFILL}
3404 { &hf_ssl_handshake_type,
3405 { "Handshake Type", "ssl.handshake.type",
3406 FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
3407 "Type of handshake message", HFILL}
3409 { &hf_ssl_handshake_length,
3410 { "Length", "ssl.handshake.length",
3411 FT_UINT24, BASE_DEC, NULL, 0x0,
3412 "Length of handshake message", HFILL }
3414 { &hf_ssl_handshake_client_version,
3415 { "Version", "ssl.handshake.version",
3416 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3417 "Maximum version supported by client", HFILL }
3419 { &hf_ssl_handshake_server_version,
3420 { "Version", "ssl.handshake.version",
3421 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
3422 "Version selected by server", HFILL }
3424 { &hf_ssl_handshake_random_time,
3425 { "gmt_unix_time", "ssl.handshake.random_time",
3426 FT_ABSOLUTE_TIME, 0, NULL, 0x0,
3427 "Unix time field of random structure", HFILL }
3429 { &hf_ssl_handshake_random_bytes,
3430 { "random_bytes", "ssl.handshake.random_bytes",
3431 FT_BYTES, 0, NULL, 0x0,
3432 "Random challenge used to authenticate server", HFILL }
3434 { &hf_ssl_handshake_cipher_suites_len,
3435 { "Cipher Suites Length", "ssl.handshake.cipher_suites_length",
3436 FT_UINT16, BASE_DEC, NULL, 0x0,
3437 "Length of cipher suites field", HFILL }
3439 { &hf_ssl_handshake_cipher_suites,
3440 { "Cipher Suites", "ssl.handshake.ciphersuites",
3441 FT_NONE, BASE_NONE, NULL, 0x0,
3442 "List of cipher suites supported by client", HFILL }
3444 { &hf_ssl_handshake_cipher_suite,
3445 { "Cipher Suite", "ssl.handshake.ciphersuite",
3446 FT_UINT16, BASE_HEX, VALS(ssl_31_ciphersuite), 0x0,
3447 "Cipher suite", HFILL }
3449 { &hf_ssl2_handshake_cipher_spec,
3450 { "Cipher Spec", "ssl.handshake.cipherspec",
3451 FT_UINT24, BASE_HEX, VALS(ssl_20_cipher_suites), 0x0,
3452 "Cipher specification", HFILL }
3454 { &hf_ssl_handshake_session_id,
3455 { "Session ID", "ssl.handshake.session_id",
3456 FT_BYTES, BASE_NONE, NULL, 0x0,
3457 "Identifies the SSL session, allowing later resumption", HFILL }
3459 { &hf_ssl_handshake_comp_methods_len,
3460 { "Compression Methods Length", "ssl.handshake.comp_methods_length",
3461 FT_UINT8, BASE_DEC, NULL, 0x0,
3462 "Length of compression methods field", HFILL }
3464 { &hf_ssl_handshake_comp_methods,
3465 { "Compression Methods", "ssl.handshake.comp_methods",
3466 FT_NONE, BASE_NONE, NULL, 0x0,
3467 "List of compression methods supported by client", HFILL }
3469 { &hf_ssl_handshake_comp_method,
3470 { "Compression Method", "ssl.handshake.comp_method",
3471 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
3472 "Compression Method", HFILL }
3474 { &hf_ssl_handshake_extensions_len,
3475 { "Extensions Length", "ssl.handshake.extensions_length",
3476 FT_UINT16, BASE_DEC, NULL, 0x0,
3477 "Length of hello extensions", HFILL }
3479 { &hf_ssl_handshake_extension_type,
3480 { "Type", "ssl.handshake.extension.type",
3481 FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0,
3482 "Hello extension type", HFILL }
3484 { &hf_ssl_handshake_extension_len,
3485 { "Length", "ssl.handshake.extension.len",
3486 FT_UINT16, BASE_DEC, NULL, 0x0,
3487 "Length of a hello extension", HFILL }
3489 { &hf_ssl_handshake_extension_data,
3490 { "Data", "ssl.handshake.extension.data",
3491 FT_BYTES, BASE_NONE, NULL, 0x0,
3492 "Hello Extension data", HFILL }
3494 { &hf_ssl_handshake_certificates_len,
3495 { "Certificates Length", "ssl.handshake.certificates_length",
3496 FT_UINT24, BASE_DEC, NULL, 0x0,
3497 "Length of certificates field", HFILL }
3499 { &hf_ssl_handshake_certificates,
3500 { "Certificates", "ssl.handshake.certificates",
3501 FT_NONE, BASE_NONE, NULL, 0x0,
3502 "List of certificates", HFILL }
3504 { &hf_ssl_handshake_certificate,
3505 { "Certificate", "ssl.handshake.certificate",
3506 FT_BYTES, BASE_NONE, NULL, 0x0,
3507 "Certificate", HFILL }
3509 { &hf_ssl_handshake_certificate_len,
3510 { "Certificate Length", "ssl.handshake.certificate_length",
3511 FT_UINT24, BASE_DEC, NULL, 0x0,
3512 "Length of certificate", HFILL }
3514 { &hf_ssl_handshake_cert_types_count,
3515 { "Certificate types count", "ssl.handshake.cert_types_count",
3516 FT_UINT8, BASE_DEC, NULL, 0x0,
3517 "Count of certificate types", HFILL }
3519 { &hf_ssl_handshake_cert_types,
3520 { "Certificate types", "ssl.handshake.cert_types",
3521 FT_NONE, BASE_NONE, NULL, 0x0,
3522 "List of certificate types", HFILL }
3524 { &hf_ssl_handshake_cert_type,
3525 { "Certificate type", "ssl.handshake.cert_type",
3526 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
3527 "Certificate type", HFILL }
3529 { &hf_ssl_handshake_finished,
3530 { "Verify Data", "ssl.handshake.verify_data",
3531 FT_NONE, BASE_NONE, NULL, 0x0,
3532 "Opaque verification data", HFILL }
3534 { &hf_ssl_handshake_md5_hash,
3535 { "MD5 Hash", "ssl.handshake.md5_hash",
3536 FT_NONE, BASE_NONE, NULL, 0x0,
3537 "Hash of messages, master_secret, etc.", HFILL }
3539 { &hf_ssl_handshake_sha_hash,
3540 { "SHA-1 Hash", "ssl.handshake.sha_hash",
3541 FT_NONE, BASE_NONE, NULL, 0x0,
3542 "Hash of messages, master_secret, etc.", HFILL }
3544 { &hf_ssl_handshake_session_id_len,
3545 { "Session ID Length", "ssl.handshake.session_id_length",
3546 FT_UINT8, BASE_DEC, NULL, 0x0,
3547 "Length of session ID field", HFILL }
3549 { &hf_ssl_handshake_dnames_len,
3550 { "Distinguished Names Length", "ssl.handshake.dnames_len",
3551 FT_UINT16, BASE_DEC, NULL, 0x0,
3552 "Length of list of CAs that server trusts", HFILL }
3554 { &hf_ssl_handshake_dnames,
3555 { "Distinguished Names", "ssl.handshake.dnames",
3556 FT_NONE, BASE_NONE, NULL, 0x0,
3557 "List of CAs that server trusts", HFILL }
3559 { &hf_ssl_handshake_dname_len,
3560 { "Distinguished Name Length", "ssl.handshake.dname_len",
3561 FT_UINT16, BASE_DEC, NULL, 0x0,
3562 "Length of distinguished name", HFILL }
3564 { &hf_ssl_handshake_dname,
3565 { "Distinguished Name", "ssl.handshake.dname",
3566 FT_BYTES, BASE_NONE, NULL, 0x0,
3567 "Distinguished name of a CA that server trusts", HFILL }
3569 { &hf_ssl2_handshake_challenge,
3570 { "Challenge", "ssl.handshake.challenge",
3571 FT_NONE, BASE_NONE, NULL, 0x0,
3572 "Challenge data used to authenticate server", HFILL }
3574 { &hf_ssl2_handshake_cipher_spec_len,
3575 { "Cipher Spec Length", "ssl.handshake.cipher_spec_len",
3576 FT_UINT16, BASE_DEC, NULL, 0x0,
3577 "Length of cipher specs field", HFILL }
3579 { &hf_ssl2_handshake_session_id_len,
3580 { "Session ID Length", "ssl.handshake.session_id_length",
3581 FT_UINT16, BASE_DEC, NULL, 0x0,
3582 "Length of session ID field", HFILL }
3584 { &hf_ssl2_handshake_challenge_len,
3585 { "Challenge Length", "ssl.handshake.challenge_length",
3586 FT_UINT16, BASE_DEC, NULL, 0x0,
3587 "Length of challenge field", HFILL }
3589 { &hf_ssl2_handshake_clear_key_len,
3590 { "Clear Key Data Length", "ssl.handshake.clear_key_length",
3591 FT_UINT16, BASE_DEC, NULL, 0x0,
3592 "Length of clear key data", HFILL }
3594 { &hf_ssl2_handshake_enc_key_len,
3595 { "Encrypted Key Data Length", "ssl.handshake.encrypted_key_length",
3596 FT_UINT16, BASE_DEC, NULL, 0x0,
3597 "Length of encrypted key data", HFILL }
3599 { &hf_ssl2_handshake_key_arg_len,
3600 { "Key Argument Length", "ssl.handshake.key_arg_length",
3601 FT_UINT16, BASE_DEC, NULL, 0x0,
3602 "Length of key argument", HFILL }
3604 { &hf_ssl2_handshake_clear_key,
3605 { "Clear Key Data", "ssl.handshake.clear_key_data",
3606 FT_NONE, BASE_NONE, NULL, 0x0,
3607 "Clear portion of MASTER-KEY", HFILL }
3609 { &hf_ssl2_handshake_enc_key,
3610 { "Encrypted Key", "ssl.handshake.encrypted_key",
3611 FT_NONE, BASE_NONE, NULL, 0x0,
3612 "Secret portion of MASTER-KEY encrypted to server", HFILL }
3614 { &hf_ssl2_handshake_key_arg,
3615 { "Key Argument", "ssl.handshake.key_arg",
3616 FT_NONE, BASE_NONE, NULL, 0x0,
3617 "Key Argument (e.g., Initialization Vector)", HFILL }
3619 { &hf_ssl2_handshake_session_id_hit,
3620 { "Session ID Hit", "ssl.handshake.session_id_hit",
3621 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
3622 "Did the server find the client's Session ID?", HFILL }
3624 { &hf_ssl2_handshake_cert_type,
3625 { "Certificate Type", "ssl.handshake.cert_type",
3626 FT_UINT8, BASE_DEC, VALS(ssl_20_certificate_type), 0x0,
3627 "Certificate Type", HFILL }
3629 { &hf_ssl2_handshake_connection_id_len,
3630 { "Connection ID Length", "ssl.handshake.connection_id_length",
3631 FT_UINT16, BASE_DEC, NULL, 0x0,
3632 "Length of connection ID", HFILL }
3634 { &hf_ssl2_handshake_connection_id,
3635 { "Connection ID", "ssl.handshake.connection_id",
3636 FT_NONE, BASE_NONE, NULL, 0x0,
3637 "Server's challenge to client", HFILL }
3639 { &hf_pct_handshake_cipher_spec,
3640 { "Cipher Spec", "pct.handshake.cipherspec",
3641 FT_NONE, BASE_NONE, NULL, 0x0,
3642 "PCT Cipher specification", HFILL }
3644 { &hf_pct_handshake_cipher,
3645 { "Cipher", "pct.handshake.cipher",
3646 FT_UINT16, BASE_HEX, VALS(pct_cipher_type), 0x0,
3647 "PCT Ciper", HFILL }
3649 { &hf_pct_handshake_hash_spec,
3650 { "Hash Spec", "pct.handshake.hashspec",
3651 FT_NONE, BASE_NONE, NULL, 0x0,
3652 "PCT Hash specification", HFILL }
3654 { &hf_pct_handshake_hash,
3655 { "Hash", "pct.handshake.hash",
3656 FT_UINT16, BASE_HEX, VALS(pct_hash_type), 0x0,
3659 { &hf_pct_handshake_cert_spec,
3660 { "Cert Spec", "pct.handshake.certspec",
3661 FT_NONE, BASE_NONE, NULL, 0x0,
3662 "PCT Certificate specification", HFILL }
3664 { &hf_pct_handshake_cert,
3665 { "Cert", "pct.handshake.cert",
3666 FT_UINT16, BASE_HEX, VALS(pct_cert_type), 0x0,
3667 "PCT Certificate", HFILL }
3669 { &hf_pct_handshake_exch_spec,
3670 { "Exchange Spec", "pct.handshake.exchspec",
3671 FT_NONE, BASE_NONE, NULL, 0x0,
3672 "PCT Exchange specification", HFILL }
3674 { &hf_pct_handshake_exch,
3675 { "Exchange", "pct.handshake.exch",
3676 FT_UINT16, BASE_HEX, VALS(pct_exch_type), 0x0,
3677 "PCT Exchange", HFILL }
3679 { &hf_pct_handshake_sig,
3680 { "Sig Spec", "pct.handshake.sig",
3681 FT_UINT16, BASE_HEX, VALS(pct_sig_type), 0x0,
3682 "PCT Signature", HFILL }
3684 { &hf_pct_msg_error_type,
3685 { "PCT Error Code", "pct.msg_error_code",
3686 FT_UINT16, BASE_HEX, VALS(pct_error_code), 0x0,
3687 "PCT Error Code", HFILL }
3689 { &hf_pct_handshake_server_cert,
3690 { "Server Cert", "pct.handshake.server_cert",
3691 FT_NONE, BASE_NONE, NULL , 0x0,
3692 "PCT Server Certificate", HFILL }
3696 /* Setup protocol subtree array */
3697 static gint *ett[] = {
3702 &ett_ssl_cipher_suites,
3703 &ett_ssl_comp_methods,
3706 &ett_ssl_cert_types,
3709 &ett_pct_cipher_suites,
3710 &ett_pct_hash_suites,
3711 &ett_pct_cert_suites,
3712 &ett_pct_exch_suites,
3715 /* Register the protocol name and description */
3716 proto_ssl = proto_register_protocol("Secure Socket Layer",
3719 /* Required function calls to register the header fields and
3721 proto_register_field_array(proto_ssl, hf, array_length(hf));
3722 proto_register_subtree_array(ett, array_length(ett));
3725 module_t *ssl_module = prefs_register_protocol(proto_ssl, proto_reg_handoff_ssl);
3726 prefs_register_bool_preference(ssl_module,
3727 "desegment_ssl_records",
3728 "Reassemble SSL records spanning multiple TCP segments",
3729 "Whether the SSL dissector should reassemble SSL records spanning multiple TCP segments. "
3730 "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
3732 prefs_register_bool_preference(ssl_module,
3733 "desegment_ssl_application_data",
3734 "Reassemble SSL Application Data spanning multiple SSL records",
3735 "Whether the SSL dissector should reassemble SSL Application Data spanning multiple SSL records. ",
3736 &ssl_desegment_app_data);
3737 #ifdef HAVE_LIBGNUTLS
3738 prefs_register_string_preference(ssl_module, "keys_list", "RSA keys list",
3739 "semicolon separated list of private RSA keys used for SSL decryption; "
3740 "each list entry must be in the form of <ip>,<port>,<protocol>,<key_file_name>"
3741 "<key_file_name> is the local file name of the RSA private key used by the specified server\n",
3742 (const gchar **)&ssl_keys_list);
3743 prefs_register_string_preference(ssl_module, "debug_file", "SSL debug file",
3744 "redirect ssl debug to file name; leave empty to disable debug, "
3745 "use \"" SSL_DEBUG_USE_STDERR "\" to redirect output to stderr\n",
3746 (const gchar **)&ssl_debug_file_name);
3750 register_dissector("ssl", dissect_ssl, proto_ssl);
3751 ssl_handle = find_dissector("ssl");
3753 ssl_associations = g_tree_new(ssl_association_cmp);
3755 register_init_routine(ssl_init);
3757 ssl_tap = register_tap("ssl");
3758 ssl_debug_printf("proto_register_ssl: registered tap %s:%d\n",
3762 /* If this dissector uses sub-dissector registration add a registration
3763 * routine. This format is required because a script is used to find
3764 * these routines and create the code that calls these routines.
3767 proto_reg_handoff_ssl(void)
3770 /* parse key list */
3773 /* add ssl dissection to defaults ports */
3774 ssl_dissector_add(443, "http", TRUE);
3775 ssl_dissector_add(636, "ldap", TRUE);
3776 ssl_dissector_add(993, "imap", TRUE);
3777 ssl_dissector_add(995, "pop", TRUE);
3781 ssl_dissector_add(guint port, const gchar *protocol, gboolean tcp)
3783 SslAssociation *assoc;
3785 assoc = ssl_association_find(ssl_associations, port, tcp);
3787 ssl_association_remove(ssl_associations, assoc);
3790 ssl_association_add(ssl_associations, ssl_handle, port, protocol, tcp, FALSE);
3794 ssl_dissector_delete(guint port, const gchar *protocol, gboolean tcp)
3796 SslAssociation *assoc;
3798 assoc = ssl_association_find(ssl_associations, port, tcp);
3799 if (assoc && (assoc->handle == find_dissector(protocol))) {
3800 ssl_association_remove(ssl_associations, assoc);