2 * Routines for ssl dissection
3 * Copyright (c) 2000-2001, Scott Renfro <scott@renfro.org>
5 * $Id: packet-ssl.c,v 1.18 2002/02/25 23:28:32 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version 2
14 * of the License, or (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 * - Uses conversations in a no-malloc fashion. Since we just want to
28 * remember the version of the conversation, we store the version
29 * integer directly in the void *data member of the conversation
30 * structure. This means that we don't have to manage any memory,
31 * but will cause problems if anyone assumes that all data pointers
32 * are actually pointers to memory allocated by g_mem_chunk_alloc.
34 * - Does not support decryption of encrypted frames, nor dissection
35 * of frames that would require state maintained between frames
36 * (e.g., single ssl records spread across multiple tcp frames)
38 * - Identifies, but does not fully dissect the following messages:
40 * - SSLv3/TLS (These need more state from previous handshake msgs)
41 * - Server Key Exchange
42 * - Client Key Exchange
43 * - Certificate Verify
45 * - SSLv2 (These don't appear in the clear)
50 * - Request Certificate
51 * - Client Certificate
65 #ifdef NEED_SNPRINTF_H
66 # include "snprintf.h"
69 #include <epan/conversation.h>
72 static gboolean ssl_desegment = TRUE;
75 /*********************************************************************
77 * Protocol Constants, Variables, Data Structures
79 *********************************************************************/
81 /* Initialize the protocol and registered fields */
82 static int proto_ssl = -1;
83 static int hf_ssl_record = -1;
84 static int hf_ssl_record_content_type = -1;
85 static int hf_ssl_record_version = -1;
86 static int hf_ssl_record_length = -1;
87 static int hf_ssl_record_appdata = -1;
88 static int hf_ssl2_record = -1;
89 static int hf_ssl2_record_is_escape = -1;
90 static int hf_ssl2_record_padding_length = -1;
91 static int hf_ssl2_msg_type = -1;
92 static int hf_ssl_change_cipher_spec = -1;
93 static int hf_ssl_alert_message = -1;
94 static int hf_ssl_alert_message_level = -1;
95 static int hf_ssl_alert_message_description = -1;
96 static int hf_ssl_handshake_protocol = -1;
97 static int hf_ssl_handshake_type = -1;
98 static int hf_ssl_handshake_length = -1;
99 static int hf_ssl_handshake_client_version = -1;
100 static int hf_ssl_handshake_server_version = -1;
101 static int hf_ssl_handshake_random_time = -1;
102 static int hf_ssl_handshake_random_bytes = -1;
103 static int hf_ssl_handshake_cipher_suites_len = -1;
104 static int hf_ssl_handshake_cipher_suites = -1;
105 static int hf_ssl_handshake_cipher_suite = -1;
106 static int hf_ssl_handshake_session_id = -1;
107 static int hf_ssl_handshake_comp_methods_len = -1;
108 static int hf_ssl_handshake_comp_methods = -1;
109 static int hf_ssl_handshake_comp_method = -1;
110 static int hf_ssl_handshake_certificates_len = -1;
111 static int hf_ssl_handshake_certificates = -1;
112 static int hf_ssl_handshake_certificate = -1;
113 static int hf_ssl_handshake_certificate_len = -1;
114 static int hf_ssl_handshake_cert_types_count = -1;
115 static int hf_ssl_handshake_cert_types = -1;
116 static int hf_ssl_handshake_cert_type = -1;
117 static int hf_ssl_handshake_finished = -1;
118 static int hf_ssl_handshake_md5_hash = -1;
119 static int hf_ssl_handshake_sha_hash = -1;
120 static int hf_ssl_handshake_session_id_len = -1;
121 static int hf_ssl_handshake_dnames_len = -1;
122 static int hf_ssl_handshake_dnames = -1;
123 static int hf_ssl_handshake_dname_len = -1;
124 static int hf_ssl_handshake_dname = -1;
125 static int hf_ssl2_handshake_cipher_spec_len = -1;
126 static int hf_ssl2_handshake_session_id_len = -1;
127 static int hf_ssl2_handshake_challenge_len = -1;
128 static int hf_ssl2_handshake_cipher_spec = -1;
129 static int hf_ssl2_handshake_challenge = -1;
130 static int hf_ssl2_handshake_clear_key_len = -1;
131 static int hf_ssl2_handshake_enc_key_len = -1;
132 static int hf_ssl2_handshake_key_arg_len = -1;
133 static int hf_ssl2_handshake_clear_key = -1;
134 static int hf_ssl2_handshake_enc_key = -1;
135 static int hf_ssl2_handshake_key_arg = -1;
136 static int hf_ssl2_handshake_session_id_hit = -1;
137 static int hf_ssl2_handshake_cert_type = -1;
138 static int hf_ssl2_handshake_connection_id_len = -1;
139 static int hf_ssl2_handshake_connection_id = -1;
141 /* Initialize the subtree pointers */
142 static gint ett_ssl = -1;
143 static gint ett_ssl_record = -1;
144 static gint ett_ssl_alert = -1;
145 static gint ett_ssl_handshake = -1;
146 static gint ett_ssl_cipher_suites = -1;
147 static gint ett_ssl_comp_methods = -1;
148 static gint ett_ssl_certs = -1;
149 static gint ett_ssl_cert_types = -1;
150 static gint ett_ssl_dnames = -1;
152 /* The TCP port to associate with by default */
153 #define TCP_PORT_SSL 443
154 #define TCP_PORT_SSL_LDAP 636
155 #define TCP_PORT_SSL_IMAP 993
156 #define TCP_PORT_SSL_POP 995
158 /* version state tables */
159 #define SSL_VER_UNKNOWN 0
160 #define SSL_VER_SSLv2 1
161 #define SSL_VER_SSLv3 2
162 #define SSL_VER_TLS 3
164 /* corresponds to the #defines above */
165 static gchar* ssl_version_short_names[] = {
173 #define SSL_ID_CHG_CIPHER_SPEC 0x14
174 #define SSL_ID_ALERT 0x15
175 #define SSL_ID_HANDSHAKE 0x16
176 #define SSL_ID_APP_DATA 0x17
178 #define SSL_HND_HELLO_REQUEST 0x00
179 #define SSL_HND_CLIENT_HELLO 0x01
180 #define SSL_HND_SERVER_HELLO 0x02
181 #define SSL_HND_CERTIFICATE 0x0b
182 #define SSL_HND_SERVER_KEY_EXCHG 0x0c
183 #define SSL_HND_CERT_REQUEST 0x0d
184 #define SSL_HND_SVR_HELLO_DONE 0x0e
185 #define SSL_HND_CERT_VERIFY 0x0f
186 #define SSL_HND_CLIENT_KEY_EXCHG 0x10
187 #define SSL_HND_FINISHED 0x14
189 #define SSL2_HND_ERROR 0x00
190 #define SSL2_HND_CLIENT_HELLO 0x01
191 #define SSL2_HND_CLIENT_MASTER_KEY 0x02
192 #define SSL2_HND_CLIENT_FINISHED 0x03
193 #define SSL2_HND_SERVER_HELLO 0x04
194 #define SSL2_HND_SERVER_VERIFY 0x05
195 #define SSL2_HND_SERVER_FINISHED 0x06
196 #define SSL2_HND_REQUEST_CERTIFICATE 0x07
197 #define SSL2_HND_CLIENT_CERTIFICATE 0x08
203 static const value_string ssl_20_msg_types[] = {
204 { SSL2_HND_ERROR, "Error" },
205 { SSL2_HND_CLIENT_HELLO, "Client Hello" },
206 { SSL2_HND_CLIENT_MASTER_KEY, "Client Master Key" },
207 { SSL2_HND_CLIENT_FINISHED, "Client Finished" },
208 { SSL2_HND_SERVER_HELLO, "Server Hello" },
209 { SSL2_HND_SERVER_VERIFY, "Server Verify" },
210 { SSL2_HND_SERVER_FINISHED, "Server Finished" },
211 { SSL2_HND_REQUEST_CERTIFICATE, "Request Certificate" },
212 { SSL2_HND_CLIENT_CERTIFICATE, "Client Certificate" },
216 static const value_string ssl_20_cipher_suites[] = {
217 { 0x010080, "SSL2_RC4_128_WITH_MD5" },
218 { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" },
219 { 0x030080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
220 { 0x040080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
221 { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" },
222 { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" },
223 { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" },
224 { 0x080080, "SSL2_RC4_64_WITH_MD5" },
225 { 0x000000, "TLS_NULL_WITH_NULL_NULL" },
226 { 0x000001, "TLS_RSA_WITH_NULL_MD5" },
227 { 0x000002, "TLS_RSA_WITH_NULL_SHA" },
228 { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
229 { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" },
230 { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" },
231 { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
232 { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
233 { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
234 { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" },
235 { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
236 { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
237 { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
238 { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
239 { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
240 { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
241 { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
242 { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
243 { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
244 { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
245 { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
246 { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
247 { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
248 { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
249 { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" },
250 { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
251 { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
252 { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
253 { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
254 { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
255 { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
256 { 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
257 { 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
258 { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
259 { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
260 { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
261 { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
262 { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
263 /* these from http://www.mozilla.org/projects/
264 security/pki/nss/ssl/fips-ssl-ciphersuites.html */
265 { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
266 { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
267 { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
268 { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
269 /* note that ciphersuites of {0x00????} are TLS cipher suites in
270 * a sslv2 client hello message; the ???? above is the two-byte
271 * tls cipher suite id
276 static const value_string ssl_20_certificate_type[] = {
278 { 0x01, "X.509 Certificate" },
282 static const value_string ssl_31_content_type[] = {
283 { 20, "Change Cipher Spec" },
286 { 23, "Application Data" },
290 static const value_string ssl_versions[] = {
291 { 0x0301, "TLS 1.0" },
292 { 0x0300, "SSL 3.0" },
293 { 0x0002, "SSL 2.0" },
297 static const value_string ssl_31_change_cipher_spec[] = {
298 { 1, "Change Cipher Spec" },
302 static const value_string ssl_31_alert_level[] = {
308 static const value_string ssl_31_alert_description[] = {
309 { 0, "Close Notify" },
310 { 10, "Unexpected Message" },
311 { 20, "Bad Record MAC" },
312 { 21, "Decryption Failed" },
313 { 22, "Record Overflow" },
314 { 30, "Decompression Failure" },
315 { 40, "Handshake Failure" },
316 { 42, "Bad Certificate" },
317 { 43, "Unsupported Certificate" },
318 { 44, "Certificate Revoked" },
319 { 45, "Certificate Expired" },
320 { 46, "Certificate Unknown" },
321 { 47, "Illegal Parameter" },
322 { 48, "Unknown CA" },
323 { 49, "Access Denied" },
324 { 50, "Decode Error" },
325 { 51, "Decrypt Error" },
326 { 60, "Export Restriction" },
327 { 70, "Protocol Version" },
328 { 71, "Insufficient Security" },
329 { 80, "Internal Error" },
330 { 90, "User Canceled" },
331 { 100, "No Renegotiation" },
335 static const value_string ssl_31_handshake_type[] = {
336 { SSL_HND_HELLO_REQUEST, "Hello Request" },
337 { SSL_HND_CLIENT_HELLO, "Client Hello" },
338 { SSL_HND_SERVER_HELLO, "Server Hello" },
339 { SSL_HND_CERTIFICATE, "Certificate" },
340 { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" },
341 { SSL_HND_CERT_REQUEST, "Certificate Request" },
342 { SSL_HND_SVR_HELLO_DONE, "Server Hello Done" },
343 { SSL_HND_CERT_VERIFY, "Certificate Verify" },
344 { SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" },
345 { SSL_HND_FINISHED, "Finished" },
349 static const value_string ssl_31_compression_method[] = {
354 static const value_string ssl_31_key_exchange_algorithm[] = {
356 { 1, "Diffie Hellman" },
360 static const value_string ssl_31_signature_algorithm[] = {
367 static const value_string ssl_31_client_certificate_type[] = {
370 { 3, "RSA Fixed DH" },
371 { 4, "DSS Fixed DH" },
375 static const value_string ssl_31_public_value_encoding[] = {
381 static const value_string ssl_31_ciphersuite[] = {
382 { 0x0000, "TLS_NULL_WITH_NULL_NULL" },
383 { 0x0001, "TLS_RSA_WITH_NULL_MD5" },
384 { 0x0002, "TLS_RSA_WITH_NULL_SHA" },
385 { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
386 { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" },
387 { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" },
388 { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
389 { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
390 { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
391 { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" },
392 { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
393 { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
394 { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
395 { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
396 { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
397 { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
398 { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
399 { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
400 { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
401 { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
402 { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
403 { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
404 { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
405 { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
406 { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" },
407 { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
408 { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
409 { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
410 { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
411 { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
412 { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
413 { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
414 { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
415 { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
416 { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
417 { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
418 /* these from http://www.mozilla.org/projects/
419 security/pki/nss/ssl/fips-ssl-ciphersuites.html */
420 { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
421 { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
422 { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
423 { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
424 /* note that ciphersuites 0xff00 - 0xffff are private */
428 /*********************************************************************
430 * Forward Declarations
432 *********************************************************************/
435 * SSL version 3 and TLS dissectors
438 /* record layer dissector */
439 static int dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
440 proto_tree *tree, guint32 offset,
442 gboolean *need_desegmentation);
444 /* change cipher spec dissector */
445 static void dissect_ssl3_change_cipher_spec(tvbuff_t *tvb, packet_info *pinfo,
448 guint *conv_version);
450 /* alert message dissector */
451 static void dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
452 proto_tree *tree, guint32 offset,
453 guint *conv_version);
455 /* handshake protocol dissector */
456 static void dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
457 proto_tree *tree, guint32 offset,
458 guint32 record_length,
459 guint *conv_version);
462 static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
466 static void dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb, packet_info *pinfo,
470 static void dissect_ssl3_hnd_cert(tvbuff_t *tvb, packet_info *pinfo,
471 proto_tree *tree, guint32 offset);
473 static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, packet_info *pinfo,
477 static void dissect_ssl3_hnd_finished(tvbuff_t *tvb, packet_info *pinfo,
480 guint *conv_version);
484 * SSL version 2 dissectors
488 /* record layer dissector */
489 static int dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo,
490 proto_tree *tree, guint32 offset,
492 gboolean *need_desegmentation);
494 /* client hello dissector */
495 static void dissect_ssl2_hnd_client_hello(tvbuff_t *tvb, packet_info *pinfo,
499 /* client master key dissector */
500 static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb,
505 /* server hello dissector */
506 static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb,
515 static void ssl_set_conv_version(packet_info *pinfo, guint version);
516 static int ssl_is_valid_handshake_type(guint8 type);
517 static int ssl_is_valid_content_type(guint8 type);
518 static int ssl_is_valid_ssl_version(guint16 version);
519 static int ssl_is_authoritative_version_message(guint8 content_type,
521 static int ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset);
522 static int ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset);
523 static int ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset);
524 static int ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb,
526 guint32 record_length);
528 /*********************************************************************
532 *********************************************************************/
534 * Code to actually dissect the packets
537 dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
540 conversation_t *conversation;
542 guint conv_version = SSL_VER_UNKNOWN;
543 proto_item *ti = NULL;
544 proto_tree *ssl_tree = NULL;
546 gboolean first_record_in_frame = TRUE;
547 gboolean need_desegmentation;
549 /* Track the version using conversations to reduce the
550 * chance that a packet that simply *looks* like a v2 or
551 * v3 packet is dissected improperly. This also allows
552 * us to more frequently set the protocol column properly
553 * for continuation data frames.
555 * Also: We use the copy in conv_version as our cached copy,
556 * so that we don't have to search the conversation
557 * table every time we want the version; when setting
558 * the conv_version, must set the copy in the conversation
559 * in addition to conv_version
561 conversation = find_conversation(&pinfo->src, &pinfo->dst, pinfo->ptype,
562 pinfo->srcport, pinfo->destport, 0);
565 /* create a new conversation */
566 conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype,
567 pinfo->srcport, pinfo->destport, 0);
569 conv_data = conversation_get_proto_data(conversation, proto_ssl);
570 if (conv_data != NULL)
572 conv_version = (guint)conv_data;
575 /* Initialize the protocol column; we'll set it later when we
576 * figure out what flavor of SSL it is (assuming we don't
577 * throw an exception before we get the chance to do so). */
578 if (check_col(pinfo->cinfo, COL_PROTOCOL))
580 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSL");
583 /* clear the the info column */
584 if (check_col(pinfo->cinfo, COL_INFO))
585 col_clear(pinfo->cinfo, COL_INFO);
587 /* TCP packets and SSL records are orthogonal.
588 * A tcp packet may contain multiple ssl records and an ssl
589 * record may be spread across multiple tcp packets.
591 * This loop accounts for multiple ssl records in a single
592 * frame, but not a single ssl record across multiple tcp
595 * Handling the single ssl record across multiple packets
596 * may be possible using ethereal conversations, but
597 * probably not cleanly. May have to wait for tcp stream
601 /* Create display subtree for SSL as a whole */
604 ti = proto_tree_add_item(tree, proto_ssl, tvb, 0, -1, FALSE);
605 ssl_tree = proto_item_add_subtree(ti, ett_ssl);
608 /* iterate through the records in this frame */
609 while (offset < tvb_length(tvb)-1)
611 /* on second and subsequent records per frame
612 * add a delimiter on info column
614 if (!first_record_in_frame
615 && check_col(pinfo->cinfo, COL_INFO))
617 col_append_str(pinfo->cinfo, COL_INFO, ", ");
621 * Assume, for now, that this doesn't need desegmentation.
623 need_desegmentation = FALSE;
625 /* first try to dispatch off the cached version
626 * known to be associated with the conversation
628 switch(conv_version) {
630 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
631 offset, &conv_version,
632 &need_desegmentation);
637 /* the version tracking code works too well ;-)
638 * at times, we may visit a v2 client hello after
639 * we already know the version of the connection;
640 * work around that here by detecting and calling
641 * the v2 dissector instead
643 if (ssl_is_v2_client_hello(tvb, offset))
645 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
646 offset, &conv_version,
647 &need_desegmentation);
651 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
652 offset, &conv_version,
653 &need_desegmentation);
657 /* that failed, so apply some heuristics based
658 * on this individual packet
661 if (ssl_looks_like_sslv2(tvb, offset))
663 /* looks like sslv2 client hello */
664 offset = dissect_ssl2_record(tvb, pinfo, ssl_tree,
665 offset, &conv_version,
666 &need_desegmentation);
668 else if (ssl_looks_like_sslv3(tvb, offset))
670 /* looks like sslv3 or tls */
671 offset = dissect_ssl3_record(tvb, pinfo, ssl_tree,
672 offset, &conv_version,
673 &need_desegmentation);
677 /* looks like something unknown, so lump into
680 offset = tvb_length(tvb);
681 if (check_col(pinfo->cinfo, COL_INFO))
682 col_append_str(pinfo->cinfo, COL_INFO,
683 "Continuation Data");
685 /* Set the protocol column */
686 if (check_col(pinfo->cinfo, COL_PROTOCOL))
688 col_set_str(pinfo->cinfo, COL_PROTOCOL,
689 ssl_version_short_names[conv_version]);
695 /* Desegmentation return check */
696 if (need_desegmentation)
699 /* If we haven't already set the version information for
700 * this conversation, do so. */
701 if (conv_data == NULL)
703 conv_data = (void *)conv_version;
704 conversation_add_proto_data(conversation, proto_ssl, conv_data);
707 /* set up for next record in frame, if any */
708 first_record_in_frame = FALSE;
714 /*********************************************************************
716 * SSL version 3 and TLS Dissection Routines
718 *********************************************************************/
720 dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
721 proto_tree *tree, guint32 offset,
722 guint *conv_version, gboolean *need_desegmentation)
727 * uint8 major, minor;
732 * change_cipher_spec(20), alert(21), handshake(22),
733 * application_data(23), (255)
738 * ProtocolVersion version;
740 * opaque fragment[TLSPlaintext.length];
743 guint32 record_length;
747 proto_tree *ti = NULL;
748 proto_tree *ssl_record_tree = NULL;
749 guint32 available_bytes = 0;
752 * Get the record layer fields of interest
754 content_type = tvb_get_guint8(tvb, offset);
755 version = tvb_get_ntohs(tvb, offset + 1);
756 record_length = tvb_get_ntohs(tvb, offset + 3);
758 if (ssl_is_valid_content_type(content_type)) {
761 * Desegmentation test
763 available_bytes = tvb_length_remaining(tvb, offset + 5);
765 && pinfo->can_desegment
766 && available_bytes < record_length) {
768 pinfo->desegment_offset = offset;
769 pinfo->desegment_len = record_length - available_bytes;
770 *need_desegmentation = TRUE;
776 /* if we don't have a valid content_type, there's no sense
777 * continuing any further
779 if (check_col(pinfo->cinfo, COL_INFO))
780 col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data");
782 /* Set the protocol column */
783 if (check_col(pinfo->cinfo, COL_PROTOCOL))
785 col_set_str(pinfo->cinfo, COL_PROTOCOL,
786 ssl_version_short_names[*conv_version]);
788 return offset + 5 + record_length;
792 * If GUI, fill in record layer part of tree
797 /* add the record layer subtree header */
798 ti = proto_tree_add_item(tree, hf_ssl_record, tvb,
799 offset, 5 + record_length, 0);
800 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
805 /* show the one-byte content type */
806 proto_tree_add_item(ssl_record_tree, hf_ssl_record_content_type,
810 /* add the version */
811 proto_tree_add_item(ssl_record_tree, hf_ssl_record_version, tvb,
816 proto_tree_add_uint(ssl_record_tree, hf_ssl_record_length, tvb,
817 offset, 2, record_length);
818 offset += 2; /* move past length field itself */
822 /* if no GUI tree, then just skip over those fields */
828 * if we don't already have a version set for this conversation,
829 * but this message's version is authoritative (i.e., it's
830 * not client_hello, then save the version to to conversation
831 * structure and print the column version
833 next_byte = tvb_get_guint8(tvb, offset);
834 if (*conv_version == SSL_VER_UNKNOWN
835 && ssl_is_authoritative_version_message(content_type, next_byte))
837 if (version == 0x0300)
839 *conv_version = SSL_VER_SSLv3;
840 ssl_set_conv_version(pinfo, *conv_version);
842 else if (version == 0x0301)
844 *conv_version = SSL_VER_TLS;
845 ssl_set_conv_version(pinfo, *conv_version);
848 if (check_col(pinfo->cinfo, COL_PROTOCOL))
850 if (version == 0x0300)
852 col_set_str(pinfo->cinfo, COL_PROTOCOL,
853 ssl_version_short_names[SSL_VER_SSLv3]);
855 else if (version == 0x0301)
857 col_set_str(pinfo->cinfo, COL_PROTOCOL,
858 ssl_version_short_names[SSL_VER_TLS]);
862 col_set_str(pinfo->cinfo, COL_PROTOCOL,
863 ssl_version_short_names[*conv_version]);
868 * now dissect the next layer
870 switch (content_type) {
871 case SSL_ID_CHG_CIPHER_SPEC:
872 if (check_col(pinfo->cinfo, COL_INFO))
873 col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
874 dissect_ssl3_change_cipher_spec(tvb, pinfo, ssl_record_tree,
875 offset, conv_version);
878 dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
881 case SSL_ID_HANDSHAKE:
882 dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
883 record_length, conv_version);
885 case SSL_ID_APP_DATA:
886 if (check_col(pinfo->cinfo, COL_INFO))
887 col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
890 proto_item_set_text(ssl_record_tree,
891 "%s Record Layer: Application Data",
892 ssl_version_short_names[*conv_version]);
893 proto_tree_add_item(ssl_record_tree, hf_ssl_record_appdata, tvb,
894 offset, record_length, 0);
899 /* shouldn't get here since we check above for valid types */
900 if (check_col(pinfo->cinfo, COL_INFO))
901 col_append_str(pinfo->cinfo, COL_INFO, "Bad SSLv3 Content Type");
904 offset += record_length; /* skip to end of record */
909 /* dissects the change cipher spec procotol, filling in the tree */
911 dissect_ssl3_change_cipher_spec(tvbuff_t *tvb, packet_info *pinfo,
912 proto_tree *tree, guint32 offset,
917 * enum { change_cipher_spec(1), (255) } type;
918 * } ChangeCipherSpec;
923 proto_item_set_text(tree,
924 "%s Record Layer: Change Cipher Spec",
925 ssl_version_short_names[*conv_version]);
926 proto_tree_add_item(tree, hf_ssl_change_cipher_spec, tvb,
931 /* dissects the alert message, filling in the tree */
933 dissect_ssl3_alert(tvbuff_t *tvb, packet_info *pinfo,
934 proto_tree *tree, guint32 offset,
939 * AlertDescription description;
943 proto_tree *ssl_alert_tree = NULL;
949 ti = proto_tree_add_item(tree, hf_ssl_alert_message, tvb,
951 ssl_alert_tree = proto_item_add_subtree(ti, ett_ssl_alert);
955 * set the record layer label
958 /* first lookup the names for the alert level and description */
959 byte = tvb_get_guint8(tvb, offset); /* grab the level byte */
960 level = match_strval(byte, ssl_31_alert_level);
962 byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */
963 desc = match_strval(byte, ssl_31_alert_description);
965 /* now set the text in the record layer line */
968 if (check_col(pinfo->cinfo, COL_INFO))
969 col_append_fstr(pinfo->cinfo, COL_INFO,
970 "Alert (Level: %s, Description: %s)",
975 if (check_col(pinfo->cinfo, COL_INFO))
976 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert");
983 proto_item_set_text(tree, "%s Record Layer: Alert "
984 "(Level: %s, Description: %s)",
985 ssl_version_short_names[*conv_version],
987 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_level,
988 tvb, offset++, 1, FALSE);
990 proto_tree_add_item(ssl_alert_tree, hf_ssl_alert_message_description,
991 tvb, offset++, 1, FALSE);
995 proto_item_set_text(tree,
996 "%s Record Layer: Encrypted Alert",
997 ssl_version_short_names[*conv_version]);
998 proto_item_set_text(ssl_alert_tree,
999 "Alert Message: Encrypted Alert");
1005 /* dissects the handshake protocol, filling the tree */
1007 dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
1008 proto_tree *tree, guint32 offset,
1009 guint32 record_length, guint *conv_version)
1012 * HandshakeType msg_type;
1014 * select (HandshakeType) {
1015 * case hello_request: HelloRequest;
1016 * case client_hello: ClientHello;
1017 * case server_hello: ServerHello;
1018 * case certificate: Certificate;
1019 * case server_key_exchange: ServerKeyExchange;
1020 * case certificate_request: CertificateRequest;
1021 * case server_hello_done: ServerHelloDone;
1022 * case certificate_verify: CertificateVerify;
1023 * case client_key_exchange: ClientKeyExchange;
1024 * case finished: Finished;
1028 proto_tree *ti = NULL;
1029 proto_tree *ssl_hand_tree = NULL;
1030 gchar *msg_type_str = NULL;
1033 gboolean first_iteration = TRUE;
1036 /* just as there can be multiple records per packet, there
1037 * can be multiple messages per record as long as they have
1038 * the same content type
1040 * we really only care about this for handshake messages
1043 /* set record_length to the max offset */
1044 record_length += offset;
1045 while (offset < record_length)
1047 msg_type = tvb_get_guint8(tvb, offset);
1048 msg_type_str = match_strval(msg_type, ssl_31_handshake_type);
1049 length = tvb_get_ntoh24(tvb, offset + 1);
1051 if (!msg_type_str && !first_iteration)
1053 /* only dissect / report messages if they're
1054 * either the first message in this record
1055 * or they're a valid message type
1060 /* on second and later iterations, add comma to info col */
1061 if (!first_iteration)
1063 if (check_col(pinfo->cinfo, COL_INFO))
1064 col_append_fstr(pinfo->cinfo, COL_INFO, ", ");
1068 * Update our info string
1070 if (check_col(pinfo->cinfo, COL_INFO))
1071 col_append_fstr(pinfo->cinfo, COL_INFO, "%s", (msg_type_str != NULL)
1072 ? msg_type_str : "Encrypted Handshake Message");
1076 /* set the label text on the record layer expanding node */
1077 if (first_iteration)
1079 proto_item_set_text(tree, "%s Record Layer: %s",
1080 ssl_version_short_names[*conv_version],
1081 (msg_type_str!=NULL) ? msg_type_str :
1082 "Encrypted Handshake Message");
1086 proto_item_set_text(tree, "%s Record Layer: %s",
1087 ssl_version_short_names[*conv_version],
1088 "Multiple Handshake Messages");
1091 /* add a subtree for the handshake protocol */
1092 ti = proto_tree_add_item(tree, hf_ssl_handshake_protocol, tvb,
1093 offset, length + 4, 0);
1094 ssl_hand_tree = proto_item_add_subtree(ti, ett_ssl_handshake);
1098 /* set the text label on the subtree node */
1099 proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s",
1100 (msg_type_str != NULL) ? msg_type_str :
1101 "Encrypted Handshake Message");
1105 /* if we don't have a valid handshake type, just quit dissecting */
1113 /* add nodes for the message type and message length */
1114 proto_tree_add_item(ssl_hand_tree, hf_ssl_handshake_type,
1115 tvb, offset, 1, msg_type);
1117 proto_tree_add_uint(ssl_hand_tree, hf_ssl_handshake_length,
1118 tvb, offset, 3, length);
1121 /* now dissect the handshake message, if necessary */
1123 case SSL_HND_HELLO_REQUEST:
1124 /* hello_request has no fields, so nothing to do! */
1127 case SSL_HND_CLIENT_HELLO:
1128 dissect_ssl3_hnd_cli_hello(tvb, pinfo, ssl_hand_tree, offset);
1131 case SSL_HND_SERVER_HELLO:
1132 dissect_ssl3_hnd_srv_hello(tvb, pinfo, ssl_hand_tree, offset);
1135 case SSL_HND_CERTIFICATE:
1136 dissect_ssl3_hnd_cert(tvb, pinfo, ssl_hand_tree, offset);
1139 case SSL_HND_CERT_REQUEST:
1140 dissect_ssl3_hnd_cert_req(tvb, pinfo, ssl_hand_tree, offset);
1143 case SSL_HND_SVR_HELLO_DONE:
1144 /* server_hello_done has no fields, so nothing to do! */
1147 case SSL_HND_FINISHED:
1148 dissect_ssl3_hnd_finished(tvb, pinfo, ssl_hand_tree,
1149 offset, conv_version);
1152 case SSL_HND_SERVER_KEY_EXCHG:
1153 case SSL_HND_CERT_VERIFY:
1154 case SSL_HND_CLIENT_KEY_EXCHG:
1162 offset += 4; /* skip the handshake header */
1165 first_iteration = FALSE; /* set up for next pass, if any */
1170 dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
1173 /* show the client's random challenge */
1174 guint32 initial_offset = offset;
1175 nstime_t gmt_unix_time;
1176 guint8 session_id_length = 0;
1181 gmt_unix_time.secs = tvb_get_ntohl(tvb, offset);
1182 gmt_unix_time.nsecs = 0;
1183 proto_tree_add_time(tree, hf_ssl_handshake_random_time,
1184 tvb, offset, 4, &gmt_unix_time);
1187 /* show the random bytes */
1188 proto_tree_add_item(tree, hf_ssl_handshake_random_bytes,
1189 tvb, offset, 28, 0);
1192 /* show the session id */
1193 session_id_length = tvb_get_guint8(tvb, offset);
1194 proto_tree_add_item(tree, hf_ssl_handshake_session_id_len,
1195 tvb, offset++, 1, 0);
1196 if (session_id_length > 0)
1198 proto_tree_add_bytes_format(tree, hf_ssl_handshake_session_id,
1199 tvb, offset, session_id_length,
1200 tvb_get_ptr(tvb, offset, session_id_length),
1201 "Session ID (%u byte%s)",
1203 plurality(session_id_length, "", "s"));
1204 offset += session_id_length;
1208 return offset - initial_offset;
1212 dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo,
1213 proto_tree *tree, guint32 offset)
1216 * ProtocolVersion client_version;
1218 * SessionID session_id;
1219 * CipherSuite cipher_suites<2..2^16-1>;
1220 * CompressionMethod compression_methods<1..2^8-1>;
1225 proto_tree *cs_tree;
1226 guint16 cipher_suite_length = 0;
1227 guint8 compression_methods_length = 0;
1231 /* show the client version */
1232 proto_tree_add_item(tree, hf_ssl_handshake_client_version, tvb,
1236 /* show the fields in common with server hello */
1237 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset);
1239 /* tell the user how many cipher suites there are */
1240 cipher_suite_length = tvb_get_ntohs(tvb, offset);
1241 proto_tree_add_uint(tree, hf_ssl_handshake_cipher_suites_len,
1242 tvb, offset, 2, cipher_suite_length);
1243 offset += 2; /* skip opaque length */
1245 if (cipher_suite_length > 0)
1247 ti = proto_tree_add_none_format(tree,
1248 hf_ssl_handshake_cipher_suites,
1249 tvb, offset, cipher_suite_length,
1250 "Cipher Suites (%u suite%s)",
1251 cipher_suite_length / 2,
1252 plurality(cipher_suite_length/2, "", "s"));
1254 /* make this a subtree */
1255 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1258 cs_tree = tree; /* failsafe */
1261 while (cipher_suite_length > 0)
1263 proto_tree_add_item(cs_tree, hf_ssl_handshake_cipher_suite,
1264 tvb, offset, 2, FALSE);
1266 cipher_suite_length -= 2;
1270 /* tell the user how man compression methods there are */
1271 compression_methods_length = tvb_get_guint8(tvb, offset);
1272 proto_tree_add_uint(tree, hf_ssl_handshake_comp_methods_len,
1273 tvb, offset, 1, compression_methods_length);
1276 if (compression_methods_length > 0)
1278 ti = proto_tree_add_none_format(tree,
1279 hf_ssl_handshake_comp_methods,
1280 tvb, offset, compression_methods_length,
1281 "Compression Methods (%u method%s)",
1282 compression_methods_length,
1283 plurality(compression_methods_length,
1286 /* make this a subtree */
1287 cs_tree = proto_item_add_subtree(ti, ett_ssl_comp_methods);
1290 cs_tree = tree; /* failsafe */
1293 while (compression_methods_length > 0)
1295 proto_tree_add_item(cs_tree, hf_ssl_handshake_comp_method,
1296 tvb, offset, 1, FALSE);
1298 compression_methods_length--;
1305 dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb, packet_info *pinfo,
1306 proto_tree *tree, guint32 offset)
1309 * ProtocolVersion server_version;
1311 * SessionID session_id;
1312 * CipherSuite cipher_suite;
1313 * CompressionMethod compression_method;
1319 /* show the server version */
1320 proto_tree_add_item(tree, hf_ssl_handshake_server_version, tvb,
1324 /* first display the elements conveniently in
1325 * common with client hello
1327 offset += dissect_ssl3_hnd_hello_common(tvb, tree, offset);
1329 /* now the server-selected cipher suite */
1330 proto_tree_add_item(tree, hf_ssl_handshake_cipher_suite,
1331 tvb, offset, 2, FALSE);
1334 /* and the server-selected compression method */
1335 proto_tree_add_item(tree, hf_ssl_handshake_comp_method,
1336 tvb, offset, 1, FALSE);
1341 dissect_ssl3_hnd_cert(tvbuff_t *tvb, packet_info *pinfo,
1342 proto_tree *tree, guint32 offset)
1345 /* opaque ASN.1Cert<2^24-1>;
1348 * ASN.1Cert certificate_list<1..2^24-1>;
1351 guint32 certificate_list_length;
1353 proto_tree *subtree;
1357 certificate_list_length = tvb_get_ntoh24(tvb, offset);
1358 proto_tree_add_uint(tree, hf_ssl_handshake_certificates_len,
1359 tvb, offset, 3, certificate_list_length);
1360 offset += 3; /* 24-bit length value */
1362 if (certificate_list_length > 0)
1364 ti = proto_tree_add_none_format(tree,
1365 hf_ssl_handshake_certificates,
1366 tvb, offset, certificate_list_length,
1367 "Certificates (%u byte%s)",
1368 certificate_list_length,
1369 plurality(certificate_list_length,
1372 /* make it a subtree */
1373 subtree = proto_item_add_subtree(ti, ett_ssl_certs);
1376 subtree = tree; /* failsafe */
1379 /* iterate through each certificate */
1380 while (certificate_list_length > 0)
1382 /* get the length of the current certificate */
1383 guint32 cert_length = tvb_get_ntoh24(tvb, offset);
1384 certificate_list_length -= 3 + cert_length;
1386 proto_tree_add_item(subtree, hf_ssl_handshake_certificate_len,
1387 tvb, offset, 3, FALSE);
1390 proto_tree_add_bytes_format(subtree,
1391 hf_ssl_handshake_certificate,
1392 tvb, offset, cert_length,
1393 tvb_get_ptr(tvb, offset, cert_length),
1394 "Certificate (%u byte%s)",
1396 plurality(cert_length, "", "s"));
1397 offset += cert_length;
1405 dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, packet_info *pinfo,
1406 proto_tree *tree, guint32 offset)
1410 * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
1412 * } ClientCertificateType;
1414 * opaque DistinguishedName<1..2^16-1>;
1417 * ClientCertificateType certificate_types<1..2^8-1>;
1418 * DistinguishedName certificate_authorities<3..2^16-1>;
1419 * } CertificateRequest;
1423 proto_tree *subtree;
1424 guint8 cert_types_count = 0;
1425 int dnames_length = 0;
1429 cert_types_count = tvb_get_guint8(tvb, offset);
1430 proto_tree_add_uint(tree, hf_ssl_handshake_cert_types_count,
1431 tvb, offset, 1, cert_types_count);
1434 if (cert_types_count > 0)
1436 ti = proto_tree_add_none_format(tree,
1437 hf_ssl_handshake_cert_types,
1438 tvb, offset, cert_types_count,
1439 "Certificate types (%u type%s)",
1441 plurality(cert_types_count, "", "s"));
1442 subtree = proto_item_add_subtree(ti, ett_ssl_cert_types);
1448 while (cert_types_count > 0)
1450 proto_tree_add_item(subtree, hf_ssl_handshake_cert_type,
1451 tvb, offset, 1, FALSE);
1457 dnames_length = tvb_get_ntohs(tvb, offset);
1458 proto_tree_add_uint(tree, hf_ssl_handshake_dnames_len,
1459 tvb, offset, 2, dnames_length);
1462 if (dnames_length > 0)
1464 ti = proto_tree_add_none_format(tree,
1465 hf_ssl_handshake_dnames,
1466 tvb, offset, dnames_length,
1467 "Distinguished Names (%d byte%s)",
1469 plurality(dnames_length, "", "s"));
1470 subtree = proto_item_add_subtree(ti, ett_ssl_dnames);
1476 while (dnames_length > 0)
1478 /* get the length of the current certificate */
1479 guint16 name_length = tvb_get_ntohs(tvb, offset);
1480 dnames_length -= 2 + name_length;
1482 proto_tree_add_item(subtree, hf_ssl_handshake_dname_len,
1483 tvb, offset, 2, FALSE);
1486 proto_tree_add_bytes_format(subtree,
1487 hf_ssl_handshake_dname,
1488 tvb, offset, name_length,
1489 tvb_get_ptr(tvb, offset, name_length),
1490 "Distinguished Name (%u byte%s)",
1492 plurality(name_length, "", "s"));
1493 offset += name_length;
1501 dissect_ssl3_hnd_finished(tvbuff_t *tvb, packet_info *pinfo,
1502 proto_tree *tree, guint32 offset,
1503 guint *conv_version)
1507 * opaque verify_data[12];
1512 * opaque md5_hash[16];
1513 * opaque sha_hash[20];
1517 /* this all needs a tree, so bail if we don't have one */
1523 switch(*conv_version) {
1525 proto_tree_add_item(tree, hf_ssl_handshake_finished,
1526 tvb, offset, 12, FALSE);
1530 proto_tree_add_item(tree, hf_ssl_handshake_md5_hash,
1531 tvb, offset, 16, FALSE);
1533 proto_tree_add_item(tree, hf_ssl_handshake_sha_hash,
1534 tvb, offset, 20, FALSE);
1540 /*********************************************************************
1542 * SSL version 2 Dissectors
1544 *********************************************************************/
1547 /* record layer dissector */
1549 dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree
1550 *tree, guint32 offset, guint *conv_version,
1551 gboolean *need_desegmentation)
1553 guint32 initial_offset = offset;
1555 guint8 record_length_length = 0;
1556 guint32 record_length = 0;
1557 gint is_escape = -1;
1558 gint16 padding_length = -1;
1559 guint8 msg_type = 0;
1560 gchar *msg_type_str = NULL;
1561 guint32 available_bytes = 0;
1564 proto_tree *ssl_record_tree = NULL;
1566 /* if we get here, but don't have a version set for the
1567 * conversation, then set a version for just this frame
1568 * (e.g., on a client hello)
1570 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1572 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSLv2");
1575 /* pull first byte; if high bit is set, then record
1576 * length is three bytes due to padding; otherwise
1577 * record length is two bytes
1579 byte = tvb_get_guint8(tvb, offset++);
1580 record_length_length = (byte & 0x80) ? 2 : 3;
1582 /* parse out the record length */
1583 switch(record_length_length) {
1584 case 2: /* two-byte record length */
1585 record_length = (byte & 0x7f) << 8;
1586 byte = tvb_get_guint8(tvb, offset++);
1587 record_length += byte;
1589 case 3: /* three-byte record length */
1590 is_escape = (byte & 0x40) ? TRUE : FALSE;
1591 record_length = (byte & 0x3f) << 8;
1592 byte = tvb_get_guint8(tvb, offset++);
1593 record_length += byte;
1594 byte = tvb_get_guint8(tvb, offset++);
1595 padding_length = byte;
1599 * Desegmentation test
1601 available_bytes = tvb_length_remaining(tvb, offset);
1603 && pinfo->can_desegment
1604 && available_bytes < record_length) {
1606 pinfo->desegment_offset = offset;
1607 pinfo->desegment_len = record_length - available_bytes;
1608 *need_desegmentation = TRUE;
1612 /* add the record layer subtree header */
1613 ti = proto_tree_add_item(tree, hf_ssl2_record, tvb, initial_offset,
1614 record_length_length + record_length, 0);
1615 ssl_record_tree = proto_item_add_subtree(ti, ett_ssl_record);
1617 /* pull the msg_type so we can bail if it's unknown */
1618 msg_type = tvb_get_guint8(tvb, initial_offset + record_length_length);
1620 /* if we get a server_hello or later handshake in v2, then set
1623 if (*conv_version == SSL_VER_UNKNOWN
1624 && msg_type >= 2 && msg_type <= 8)
1626 *conv_version = SSL_VER_SSLv2;
1627 ssl_set_conv_version(pinfo, *conv_version);
1630 /* see if the msg_type is valid; if not the payload is
1631 * probably encrypted, so note that fact and bail
1633 msg_type_str = match_strval(msg_type, ssl_20_msg_types);
1635 || !ssl_looks_like_valid_v2_handshake(tvb, initial_offset
1636 + record_length_length,
1639 if (ssl_record_tree)
1641 proto_item_set_text(ssl_record_tree, "SSLv2 Record Layer: %s",
1644 if (check_col(pinfo->cinfo, COL_INFO))
1645 col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Data");
1646 return initial_offset + record_length_length + record_length;
1650 if (check_col(pinfo->cinfo, COL_INFO))
1651 col_append_str(pinfo->cinfo, COL_INFO, msg_type_str);
1653 if (ssl_record_tree)
1655 proto_item_set_text(ssl_record_tree, "SSLv2 Record Layer: %s",
1660 /* We have a valid message type, so move foward, filling in the
1661 * tree by adding the length, is_escape boolean and padding_length,
1662 * if present in the original packet
1664 if (ssl_record_tree)
1666 /* add the record length */
1667 ti = proto_tree_add_uint (ssl_record_tree,
1668 hf_ssl_record_length, tvb,
1669 initial_offset, record_length_length,
1672 if (ssl_record_tree && is_escape != -1)
1674 proto_tree_add_boolean(ssl_record_tree,
1675 hf_ssl2_record_is_escape, tvb,
1676 initial_offset, 1, is_escape);
1678 if (ssl_record_tree && padding_length != -1)
1680 proto_tree_add_uint(ssl_record_tree,
1681 hf_ssl2_record_padding_length, tvb,
1682 initial_offset + 2, 1, padding_length);
1686 * dissect the record data
1689 /* jump forward to the start of the record data */
1690 offset = initial_offset + record_length_length;
1692 /* add the message type */
1693 if (ssl_record_tree)
1695 proto_tree_add_item(ssl_record_tree, hf_ssl2_msg_type, tvb,
1698 offset++; /* move past msg_type byte */
1701 /* dissect the message (only handle client hello right now) */
1703 case SSL2_HND_CLIENT_HELLO:
1704 dissect_ssl2_hnd_client_hello(tvb, pinfo, ssl_record_tree, offset);
1707 case SSL2_HND_CLIENT_MASTER_KEY:
1708 dissect_ssl2_hnd_client_master_key(tvb, pinfo, ssl_record_tree, offset);
1711 case SSL2_HND_SERVER_HELLO:
1712 dissect_ssl2_hnd_server_hello(tvb, pinfo, ssl_record_tree, offset);
1715 case SSL2_HND_ERROR:
1716 case SSL2_HND_CLIENT_FINISHED:
1717 case SSL2_HND_SERVER_VERIFY:
1718 case SSL2_HND_SERVER_FINISHED:
1719 case SSL2_HND_REQUEST_CERTIFICATE:
1720 case SSL2_HND_CLIENT_CERTIFICATE:
1724 default: /* unknown */
1729 return (initial_offset + record_length_length + record_length);
1733 dissect_ssl2_hnd_client_hello(tvbuff_t *tvb, packet_info *pinfo,
1734 proto_tree *tree, guint32 offset)
1739 * uint16 cipher_spec_length;
1740 * uint16 session_id_length;
1741 * uint16 challenge_length;
1742 * V2CipherSpec cipher_specs[V2ClientHello.cipher_spec_length];
1743 * opaque session_id[V2ClientHello.session_id_length];
1747 * Note: when we get here, offset's already pointing at Version
1751 guint16 cipher_spec_length;
1752 guint16 session_id_length;
1753 guint16 challenge_length;
1756 proto_tree *cs_tree;
1758 version = tvb_get_ntohs(tvb, offset);
1759 if (!ssl_is_valid_ssl_version(version))
1761 /* invalid version; probably encrypted data */
1767 /* show the version */
1768 proto_tree_add_item(tree, hf_ssl_record_version, tvb,
1772 cipher_spec_length = tvb_get_ntohs(tvb, offset);
1773 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec_len,
1774 tvb, offset, 2, FALSE);
1777 session_id_length = tvb_get_ntohs(tvb, offset);
1778 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_len,
1779 tvb, offset, 2, FALSE);
1782 challenge_length = tvb_get_ntohs(tvb, offset);
1783 proto_tree_add_item(tree, hf_ssl2_handshake_challenge_len,
1784 tvb, offset, 2, FALSE);
1787 /* tell the user how many cipher specs they've won */
1788 ti = proto_tree_add_none_format(tree, hf_ssl_handshake_cipher_suites,
1789 tvb, offset, cipher_spec_length,
1790 "Cipher Specs (%u specs)",
1791 cipher_spec_length/3);
1793 /* make this a subtree and expand the actual specs below */
1794 cs_tree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
1797 cs_tree = tree; /* failsafe */
1800 /* iterate through the cipher specs, showing them */
1801 while (cipher_spec_length > 0)
1803 proto_tree_add_item(cs_tree, hf_ssl2_handshake_cipher_spec,
1804 tvb, offset, 3, FALSE);
1805 offset += 3; /* length of one cipher spec */
1806 cipher_spec_length -= 3;
1809 /* if there's a session id, show it */
1810 if (session_id_length > 0)
1812 proto_tree_add_bytes_format(tree,
1813 hf_ssl_handshake_session_id,
1814 tvb, offset, session_id_length,
1815 tvb_get_ptr(tvb, offset, session_id_length),
1816 "Session ID (%u byte%s)",
1818 plurality(session_id_length, "", "s"));
1820 offset += session_id_length;
1823 /* if there's a challenge, show it */
1824 if (challenge_length > 0)
1826 proto_tree_add_item(tree, hf_ssl2_handshake_challenge,
1827 tvb, offset, challenge_length, 0);
1828 offset += challenge_length;
1834 dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb, packet_info *pinfo,
1835 proto_tree *tree, guint32 offset)
1839 * V2Cipherspec cipher;
1840 * uint16 clear_key_length;
1841 * uint16 encrypted_key_length;
1842 * uint16 key_arg_length;
1843 * opaque clear_key_data[V2ClientMasterKey.clear_key_length];
1844 * opaque encrypted_key_data[V2ClientMasterKey.encrypted_key_length];
1845 * opaque key_arg_data[V2ClientMasterKey.key_arg_length];
1846 * } V2ClientMasterKey;
1848 * Note: when we get here, offset's already pointing at cipher
1850 guint16 clear_key_length;
1851 guint16 encrypted_key_length;
1852 guint16 key_arg_length;
1854 /* at this point, everything we do involves the tree,
1855 * so quit now if we don't have one ;-)
1862 /* show the selected cipher */
1863 proto_tree_add_item(tree, hf_ssl2_handshake_cipher_spec,
1864 tvb, offset, 3, FALSE);
1867 /* get the fixed fields */
1868 clear_key_length = tvb_get_ntohs(tvb, offset);
1869 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key_len,
1870 tvb, offset, 2, FALSE);
1873 encrypted_key_length = tvb_get_ntohs(tvb, offset);
1874 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key_len,
1875 tvb, offset, 2, FALSE);
1878 key_arg_length = tvb_get_ntohs(tvb, offset);
1879 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg_len,
1880 tvb, offset, 2, FALSE);
1883 /* show the variable length fields */
1884 if (clear_key_length > 0)
1886 proto_tree_add_item(tree, hf_ssl2_handshake_clear_key,
1887 tvb, offset, clear_key_length, FALSE);
1888 offset += clear_key_length;
1891 if (encrypted_key_length > 0)
1893 proto_tree_add_item(tree, hf_ssl2_handshake_enc_key,
1894 tvb, offset, encrypted_key_length, FALSE);
1895 offset += encrypted_key_length;
1898 if (key_arg_length > 0)
1900 proto_tree_add_item(tree, hf_ssl2_handshake_key_arg,
1901 tvb, offset, key_arg_length, FALSE);
1902 offset += key_arg_length;
1908 dissect_ssl2_hnd_server_hello(tvbuff_t *tvb, packet_info *pinfo,
1909 proto_tree *tree, guint32 offset)
1913 * uint8 session_id_hit;
1914 * uint8 certificate_type;
1915 * uint16 server_version;
1916 * uint16 certificate_length;
1917 * uint16 cipher_specs_length;
1918 * uint16 connection_id_length;
1919 * opaque certificate_data[V2ServerHello.certificate_length];
1920 * opaque cipher_specs_data[V2ServerHello.cipher_specs_length];
1921 * opaque connection_id_data[V2ServerHello.connection_id_length];
1924 * Note: when we get here, offset's already pointing at session_id_hit
1926 guint16 certificate_length;
1927 guint16 cipher_spec_length;
1928 guint16 connection_id_length;
1931 proto_tree *subtree;
1933 /* everything we do only makes sense with a tree, so
1934 * quit now if we don't have one
1941 version = tvb_get_ntohs(tvb, offset + 2);
1942 if (!ssl_is_valid_ssl_version(version))
1944 /* invalid version; probably encrypted data */
1949 /* is there a hit? */
1950 proto_tree_add_item(tree, hf_ssl2_handshake_session_id_hit,
1951 tvb, offset, 1, FALSE);
1954 /* what type of certificate is this? */
1955 proto_tree_add_item(tree, hf_ssl2_handshake_cert_type,
1956 tvb, offset, 1, FALSE);
1959 /* now the server version */
1960 proto_tree_add_item(tree, hf_ssl_handshake_server_version,
1961 tvb, offset, 2, FALSE);
1964 /* get the fixed fields */
1965 certificate_length = tvb_get_ntohs(tvb, offset);
1966 proto_tree_add_uint(tree, hf_ssl_handshake_certificate_len,
1967 tvb, offset, 2, certificate_length);
1970 cipher_spec_length = tvb_get_ntohs(tvb, offset);
1971 proto_tree_add_uint(tree, hf_ssl2_handshake_cipher_spec_len,
1972 tvb, offset, 2, cipher_spec_length);
1975 connection_id_length = tvb_get_ntohs(tvb, offset);
1976 proto_tree_add_uint(tree, hf_ssl2_handshake_connection_id_len,
1977 tvb, offset, 2, connection_id_length);
1980 /* now the variable length fields */
1981 if (certificate_length > 0)
1983 proto_tree_add_bytes_format(tree, hf_ssl_handshake_certificate,
1984 tvb, offset, certificate_length,
1985 tvb_get_ptr(tvb, offset, certificate_length),
1986 "Certificate (%u byte%s)",
1988 plurality(certificate_length, "", "s"));
1989 offset += certificate_length;
1992 if (cipher_spec_length > 0)
1994 /* provide a collapsing node for the cipher specs */
1995 ti = proto_tree_add_none_format(tree,
1996 hf_ssl_handshake_cipher_suites,
1997 tvb, offset, cipher_spec_length,
1998 "Cipher Specs (%u spec%s)",
1999 cipher_spec_length/3,
2000 plurality(cipher_spec_length/3, "", "s"));
2001 subtree = proto_item_add_subtree(ti, ett_ssl_cipher_suites);
2007 /* iterate through the cipher specs */
2008 while (cipher_spec_length > 0)
2010 proto_tree_add_item(subtree, hf_ssl2_handshake_cipher_spec,
2011 tvb, offset, 3, FALSE);
2013 cipher_spec_length -= 3;
2017 if (connection_id_length > 0)
2019 proto_tree_add_item(tree, hf_ssl2_handshake_connection_id,
2020 tvb, offset, connection_id_length, FALSE);
2021 offset += connection_id_length;
2029 /*********************************************************************
2033 *********************************************************************/
2036 ssl_set_conv_version(packet_info *pinfo, guint version)
2038 conversation_t *conversation;
2040 if (pinfo->fd->flags.visited)
2042 /* We've already processed this frame; no need to do any more
2048 conversation = find_conversation(&pinfo->src, &pinfo->dst, pinfo->ptype,
2049 pinfo->srcport, pinfo->destport, 0);
2051 if (conversation == NULL)
2053 /* create a new conversation */
2054 conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype,
2055 pinfo->srcport, pinfo->destport, 0);
2058 if (conversation_get_proto_data(conversation, proto_ssl) != NULL)
2060 /* get rid of the current data */
2061 conversation_delete_proto_data(conversation, proto_ssl);
2063 conversation_add_proto_data(conversation, proto_ssl, (void *)version);
2067 ssl_is_valid_handshake_type(guint8 type)
2071 case SSL_HND_HELLO_REQUEST:
2072 case SSL_HND_CLIENT_HELLO:
2073 case SSL_HND_SERVER_HELLO:
2074 case SSL_HND_CERTIFICATE:
2075 case SSL_HND_SERVER_KEY_EXCHG:
2076 case SSL_HND_CERT_REQUEST:
2077 case SSL_HND_SVR_HELLO_DONE:
2078 case SSL_HND_CERT_VERIFY:
2079 case SSL_HND_CLIENT_KEY_EXCHG:
2080 case SSL_HND_FINISHED:
2087 ssl_is_valid_content_type(guint8 type)
2089 if (type >= 0x14 && type <= 0x17)
2098 ssl_is_valid_ssl_version(guint16 version)
2100 gchar *version_str = match_strval(version, ssl_versions);
2101 return version_str != NULL;
2105 ssl_is_authoritative_version_message(guint8 content_type,
2108 if (content_type == SSL_ID_HANDSHAKE
2109 && ssl_is_valid_handshake_type(next_byte))
2111 return (next_byte != SSL_HND_CLIENT_HELLO);
2113 else if (ssl_is_valid_content_type(content_type)
2114 && content_type != SSL_ID_HANDSHAKE)
2122 ssl_is_v2_client_hello(tvbuff_t *tvb, guint32 offset)
2126 byte = tvb_get_guint8(tvb, offset);
2127 if (byte != 0x80) /* v2 client hello should start this way */
2132 byte = tvb_get_guint8(tvb, offset+2);
2133 if (byte != 0x01) /* v2 client hello msg type */
2138 /* 1 in 2^16 of being right; improve later if necessary */
2142 /* this applies a heuristic to determine whether
2143 * or not the data beginning at offset looks like a
2144 * valid sslv2 record. this isn't really possible,
2145 * but we'll try to do a reasonable job anyway.
2148 ssl_looks_like_sslv2(tvbuff_t *tvb, guint32 offset)
2150 /* here's the current approach:
2152 * we only try to catch unencrypted handshake messages, so we can
2153 * assume that there is not padding. This means that the
2154 * first byte must be >= 0x80 and there must be a valid sslv2
2155 * msg_type in the third byte
2158 /* get the first byte; must have high bit set */
2159 guint8 byte = tvb_get_guint8(tvb, offset);
2165 /* get the supposed msg_type byte; since we only care about
2166 * unencrypted handshake messages (we can't tell the type for
2167 * encrypted messages), we just check against that list
2169 byte = tvb_get_guint8(tvb, offset + 2);
2171 case SSL2_HND_ERROR:
2172 case SSL2_HND_CLIENT_HELLO:
2173 case SSL2_HND_CLIENT_MASTER_KEY:
2174 case SSL2_HND_SERVER_HELLO:
2180 /* this applies a heuristic to determine whether
2181 * or not the data beginning at offset looks like a
2182 * valid sslv3 record. this is somewhat more reliable
2183 * than sslv2 due to the structure of the v3 protocol
2186 ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset)
2188 /* have to have a valid content type followed by a valid
2194 /* see if the first byte is a valid content type */
2195 byte = tvb_get_guint8(tvb, offset);
2196 if (!ssl_is_valid_content_type(byte))
2201 /* now check to see if the version byte appears valid */
2202 version = tvb_get_ntohs(tvb, offset + 1);
2203 if (version != 0x0300 && version != 0x0301)
2211 /* applies a heuristic to determine whether
2212 * or not the data beginning at offset looks
2213 * like a valid, unencrypted v2 handshake message.
2214 * since it isn't possible to completely tell random
2215 * data apart from a valid message without state,
2216 * we try to help the odds.
2219 ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, guint32 offset,
2220 guint32 record_length)
2222 /* first byte should be a msg_type.
2224 * - we know we only see client_hello, client_master_key,
2225 * and server_hello in the clear, so check to see if
2226 * msg_type is one of those (this gives us a 3 in 2^8
2227 * chance of saying yes with random payload)
2229 * - for those three types that we know about, do some
2230 * further validation to reduce the chance of an error
2236 /* fetch the msg_type */
2237 msg_type = tvb_get_guint8(tvb, offset);
2240 case SSL2_HND_CLIENT_HELLO:
2241 /* version follows msg byte, so verify that this is valid */
2242 version = tvb_get_ntohs(tvb, offset+1);
2243 return ssl_is_valid_ssl_version(version);
2246 case SSL2_HND_SERVER_HELLO:
2247 /* version is three bytes after msg_type */
2248 version = tvb_get_ntohs(tvb, offset+3);
2249 return ssl_is_valid_ssl_version(version);
2252 case SSL2_HND_CLIENT_MASTER_KEY:
2253 /* sum of clear_key_length, encrypted_key_length, and key_arg_length
2254 * must be less than record length
2256 sum = tvb_get_ntohs(tvb, offset + 4); /* clear_key_length */
2257 sum += tvb_get_ntohs(tvb, offset + 6); /* encrypted_key_length */
2258 sum += tvb_get_ntohs(tvb, offset + 8); /* key_arg_length */
2259 if (sum > record_length)
2272 /*********************************************************************
2274 * Standard Ethereal Protocol Registration and housekeeping
2276 *********************************************************************/
2278 proto_register_ssl(void)
2281 /* Setup list of header fields See Section 1.6.1 for details*/
2282 static hf_register_info hf[] = {
2284 { "Record Layer", "ssl.record",
2285 FT_NONE, BASE_NONE, NULL, 0x0,
2286 "Record layer", HFILL }
2288 { &hf_ssl_record_content_type,
2289 { "Content Type", "ssl.record.content_type",
2290 FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0,
2291 "Content type", HFILL}
2293 { &hf_ssl2_msg_type,
2294 { "Handshake Message Type", "ssl.handshake.type",
2295 FT_UINT8, BASE_DEC, VALS(ssl_20_msg_types), 0x0,
2296 "SSLv2 handshake message type", HFILL}
2298 { &hf_ssl_record_version,
2299 { "Version", "ssl.record.version",
2300 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2301 "Record layer version.", HFILL }
2303 { &hf_ssl_record_length,
2304 { "Length", "ssl.record.length",
2305 FT_UINT16, BASE_DEC, NULL, 0x0,
2306 "Length of SSL record data", HFILL }
2308 { &hf_ssl_record_appdata,
2309 { "Application Data", "ssl.app_data",
2310 FT_NONE, BASE_NONE, NULL, 0x0,
2311 "Payload is application data", HFILL }
2314 { "SSLv2 Record Header", "ssl.record",
2315 FT_NONE, BASE_DEC, NULL, 0x0,
2316 "SSLv2 record data", HFILL }
2318 { &hf_ssl2_record_is_escape,
2319 { "Is Escape", "ssl.record.is_escape",
2320 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2321 "Indicates a security escape", HFILL}
2323 { &hf_ssl2_record_padding_length,
2324 { "Padding Length", "ssl.record.padding_length",
2325 FT_UINT8, BASE_DEC, NULL, 0x0,
2326 "Length of padding at end of record", HFILL }
2328 { &hf_ssl_change_cipher_spec,
2329 { "Change Cipher Spec Message", "ssl.change_cipher_spec",
2330 FT_NONE, BASE_NONE, NULL, 0x0,
2331 "Signals a change in cipher specifications", HFILL }
2333 { & hf_ssl_alert_message,
2334 { "Alert Message", "ssl.alert_message",
2335 FT_NONE, BASE_NONE, NULL, 0x0,
2336 "Alert message", HFILL }
2338 { & hf_ssl_alert_message_level,
2339 { "Level", "ssl.alert_message.level",
2340 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0,
2341 "Alert message level", HFILL }
2343 { &hf_ssl_alert_message_description,
2344 { "Description", "ssl.alert_message.desc",
2345 FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0,
2346 "Alert message description", HFILL }
2348 { &hf_ssl_handshake_protocol,
2349 { "Handshake Protocol", "ssl.handshake",
2350 FT_NONE, BASE_NONE, NULL, 0x0,
2351 "Handshake protocol message", HFILL}
2353 { &hf_ssl_handshake_type,
2354 { "Handshake Type", "ssl.handshake.type",
2355 FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0,
2356 "Type of handshake message", HFILL}
2358 { &hf_ssl_handshake_length,
2359 { "Length", "ssl.handshake.length",
2360 FT_UINT24, BASE_DEC, NULL, 0x0,
2361 "Length of handshake message", HFILL }
2363 { &hf_ssl_handshake_client_version,
2364 { "Version", "ssl.handshake.version",
2365 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2366 "Maximum version supported by client", HFILL }
2368 { &hf_ssl_handshake_server_version,
2369 { "Version", "ssl.handshake.version",
2370 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0,
2371 "Version selected by server", HFILL }
2373 { &hf_ssl_handshake_random_time,
2374 { "Random.gmt_unix_time", "ssl.handshake.random_time",
2375 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x0,
2376 "Unix time field of random structure", HFILL }
2378 { &hf_ssl_handshake_random_bytes,
2379 { "Random.bytes", "ssl.handshake.random",
2380 FT_NONE, BASE_NONE, NULL, 0x0,
2381 "Random challenge used to authenticate server", HFILL }
2383 { &hf_ssl_handshake_cipher_suites_len,
2384 { "Cipher Suites Length", "ssl.handshake.cipher_suites_length",
2385 FT_UINT16, BASE_DEC, NULL, 0x0,
2386 "Length of cipher suites field", HFILL }
2388 { &hf_ssl_handshake_cipher_suites,
2389 { "Cipher Suites", "ssl.handshake.ciphersuites",
2390 FT_NONE, BASE_NONE, NULL, 0x0,
2391 "List of cipher suites supported by client", HFILL }
2393 { &hf_ssl_handshake_cipher_suite,
2394 { "Cipher Suite", "ssl.handshake.ciphersuite",
2395 FT_UINT16, BASE_HEX, VALS(ssl_31_ciphersuite), 0x0,
2396 "Cipher suite", HFILL }
2398 { &hf_ssl2_handshake_cipher_spec,
2399 { "Cipher Spec", "ssl.handshake.cipherspec",
2400 FT_UINT24, BASE_HEX, VALS(ssl_20_cipher_suites), 0x0,
2401 "Cipher specification", HFILL }
2403 { &hf_ssl_handshake_session_id,
2404 { "Session ID", "ssl.handshake.session_id",
2405 FT_BYTES, BASE_NONE, NULL, 0x0,
2406 "Identifies the SSL session, allowing later resumption", HFILL }
2408 { &hf_ssl_handshake_comp_methods_len,
2409 { "Compression Methods Length", "ssl.handshake.comp_methods_length",
2410 FT_UINT8, BASE_DEC, NULL, 0x0,
2411 "Length of compression methods field", HFILL }
2413 { &hf_ssl_handshake_comp_methods,
2414 { "Compression Methods", "ssl.handshake.comp_methods",
2415 FT_NONE, BASE_NONE, NULL, 0x0,
2416 "List of compression methods supported by client", HFILL }
2418 { &hf_ssl_handshake_comp_method,
2419 { "Compression Method", "ssl.handshake.comp_method",
2420 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0,
2421 "Compression Method", HFILL }
2423 { &hf_ssl_handshake_certificates_len,
2424 { "Certificates Length", "ssl.handshake.certificates_length",
2425 FT_UINT24, BASE_DEC, NULL, 0x0,
2426 "Length of certificates field", HFILL }
2428 { &hf_ssl_handshake_certificates,
2429 { "Certificates", "ssl.handshake.certificates",
2430 FT_NONE, BASE_NONE, NULL, 0x0,
2431 "List of certificates", HFILL }
2433 { &hf_ssl_handshake_certificate,
2434 { "Certificate", "ssl.handshake.certificate",
2435 FT_BYTES, BASE_NONE, NULL, 0x0,
2436 "Certificate", HFILL }
2438 { &hf_ssl_handshake_certificate_len,
2439 { "Certificate Length", "ssl.handshake.certificate_length",
2440 FT_UINT24, BASE_DEC, NULL, 0x0,
2441 "Length of certificate", HFILL }
2443 { &hf_ssl_handshake_cert_types_count,
2444 { "Certificate types count", "ssl.handshake.cert_types_count",
2445 FT_UINT8, BASE_DEC, NULL, 0x0,
2446 "Count of certificate types", HFILL }
2448 { &hf_ssl_handshake_cert_types,
2449 { "Certificate types", "ssl.handshake.cert_types",
2450 FT_NONE, BASE_NONE, NULL, 0x0,
2451 "List of certificate types", HFILL }
2453 { &hf_ssl_handshake_cert_type,
2454 { "Certificate type", "ssl.handshake.cert_type",
2455 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0,
2456 "Certificate type", HFILL }
2458 { &hf_ssl_handshake_finished,
2459 { "Verify Data", "ssl.handshake.verify_data",
2460 FT_NONE, BASE_NONE, NULL, 0x0,
2461 "Opaque verification data", HFILL }
2463 { &hf_ssl_handshake_md5_hash,
2464 { "MD5 Hash", "ssl.handshake.md5_hash",
2465 FT_NONE, BASE_NONE, NULL, 0x0,
2466 "Hash of messages, master_secret, etc.", HFILL }
2468 { &hf_ssl_handshake_sha_hash,
2469 { "SHA-1 Hash", "ssl.handshake.sha_hash",
2470 FT_NONE, BASE_NONE, NULL, 0x0,
2471 "Hash of messages, master_secret, etc.", HFILL }
2473 { &hf_ssl_handshake_session_id_len,
2474 { "Session ID Length", "ssl.handshake.session_id_length",
2475 FT_UINT8, BASE_DEC, NULL, 0x0,
2476 "Length of session ID field", HFILL }
2478 { &hf_ssl_handshake_dnames_len,
2479 { "Distinguished Names Length", "ssl.handshake.dnames_len",
2480 FT_UINT16, BASE_DEC, NULL, 0x0,
2481 "Length of list of CAs that server trusts", HFILL }
2483 { &hf_ssl_handshake_dnames,
2484 { "Distinguished Names", "ssl.handshake.dnames",
2485 FT_NONE, BASE_NONE, NULL, 0x0,
2486 "List of CAs that server trusts", HFILL }
2488 { &hf_ssl_handshake_dname_len,
2489 { "Distinguished Name Length", "ssl.handshake.dname_len",
2490 FT_UINT16, BASE_DEC, NULL, 0x0,
2491 "Length of distinguished name", HFILL }
2493 { &hf_ssl_handshake_dname,
2494 { "Distinguished Name", "ssl.handshake.dname",
2495 FT_BYTES, BASE_NONE, NULL, 0x0,
2496 "Distinguished name of a CA that server trusts", HFILL }
2498 { &hf_ssl2_handshake_challenge,
2499 { "Challenge", "ssl.handshake.challenge",
2500 FT_NONE, BASE_NONE, NULL, 0x0,
2501 "Challenge data used to authenticate server", HFILL }
2503 { &hf_ssl2_handshake_cipher_spec_len,
2504 { "Cipher Spec Length", "ssl.handshake.cipher_spec_len",
2505 FT_UINT16, BASE_DEC, NULL, 0x0,
2506 "Length of cipher specs field", HFILL }
2508 { &hf_ssl2_handshake_session_id_len,
2509 { "Session ID Length", "ssl.handshake.session_id_length",
2510 FT_UINT16, BASE_DEC, NULL, 0x0,
2511 "Length of session ID field", HFILL }
2513 { &hf_ssl2_handshake_challenge_len,
2514 { "Challenge Length", "ssl.handshake.challenge_length",
2515 FT_UINT16, BASE_DEC, NULL, 0x0,
2516 "Length of challenge field", HFILL }
2518 { &hf_ssl2_handshake_clear_key_len,
2519 { "Clear Key Data Length", "ssl.handshake.clear_key_length",
2520 FT_UINT16, BASE_DEC, NULL, 0x0,
2521 "Length of clear key data", HFILL }
2523 { &hf_ssl2_handshake_enc_key_len,
2524 { "Encrypted Key Data Length", "ssl.handshake.encrypted_key_length",
2525 FT_UINT16, BASE_DEC, NULL, 0x0,
2526 "Length of encrypted key data", HFILL }
2528 { &hf_ssl2_handshake_key_arg_len,
2529 { "Key Argument Length", "ssl.handshake.key_arg_length",
2530 FT_UINT16, BASE_DEC, NULL, 0x0,
2531 "Length of key argument", HFILL }
2533 { &hf_ssl2_handshake_clear_key,
2534 { "Clear Key Data", "ssl.handshake.clear_key_data",
2535 FT_NONE, BASE_NONE, NULL, 0x0,
2536 "Clear portion of MASTER-KEY", HFILL }
2538 { &hf_ssl2_handshake_enc_key,
2539 { "Encrypted Key", "ssl.handshake.encrypted_key",
2540 FT_NONE, BASE_NONE, NULL, 0x0,
2541 "Secret portion of MASTER-KEY encrypted to server", HFILL }
2543 { &hf_ssl2_handshake_key_arg,
2544 { "Key Argument", "ssl.handshake.key_arg",
2545 FT_NONE, BASE_NONE, NULL, 0x0,
2546 "Key Argument (e.g., Initialization Vector)", HFILL }
2548 { &hf_ssl2_handshake_session_id_hit,
2549 { "Session ID Hit", "ssl.handshake.session_id_hit",
2550 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2551 "Did the server find the client's Session ID?", HFILL }
2553 { &hf_ssl2_handshake_cert_type,
2554 { "Certificate Type", "ssl.handshake.cert_type",
2555 FT_UINT8, BASE_DEC, VALS(ssl_20_certificate_type), 0x0,
2556 "Certificate Type", HFILL }
2558 { &hf_ssl2_handshake_connection_id_len,
2559 { "Connection ID Length", "ssl.handshake.connection_id_length",
2560 FT_UINT16, BASE_DEC, NULL, 0x0,
2561 "Length of connection ID", HFILL }
2563 { &hf_ssl2_handshake_connection_id,
2564 { "Connection ID", "ssl.handshake.connection_id",
2565 FT_NONE, BASE_NONE, NULL, 0x0,
2566 "Server's challenge to client", HFILL }
2570 /* Setup protocol subtree array */
2571 static gint *ett[] = {
2576 &ett_ssl_cipher_suites,
2577 &ett_ssl_comp_methods,
2579 &ett_ssl_cert_types,
2583 /* Register the protocol name and description */
2584 proto_ssl = proto_register_protocol("Secure Socket Layer",
2587 /* Required function calls to register the header fields and
2589 proto_register_field_array(proto_ssl, hf, array_length(hf));
2590 proto_register_subtree_array(ett, array_length(ett));
2593 module_t *ssl_module = prefs_register_protocol(proto_ssl, NULL);
2594 prefs_register_bool_preference(ssl_module,
2595 "desegment_ssl_records",
2596 "Desegment SSL records",
2597 "When enabled, SSL records that span multiple TCP segments are desegmented",
2601 register_dissector("ssl", dissect_ssl, proto_ssl);
2605 /* If this dissector uses sub-dissector registration add a registration
2606 * routine. This format is required because a script is used to find
2607 * these routines and create the code that calls these routines.
2610 proto_reg_handoff_ssl(void)
2612 dissector_handle_t ssl_handle;
2614 ssl_handle = find_dissector("ssl");
2615 dissector_add("tcp.port", TCP_PORT_SSL, ssl_handle);
2616 dissector_add("tcp.port", TCP_PORT_SSL_LDAP, ssl_handle);
2617 dissector_add("tcp.port", TCP_PORT_SSL_IMAP, ssl_handle);
2618 dissector_add("tcp.port", TCP_PORT_SSL_POP, ssl_handle);