3 * Routines to dissect WTLS component of WAP traffic.
5 * $Id: packet-wtls.c,v 1.17 2002/01/21 07:36:47 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@ethereal.com>
9 * Copyright 1998 Gerald Combs
11 * WAP dissector based on original work by Ben Fowler
12 * Updated by Neil Hunter <neil.hunter@energis-squared.com>
13 * WTLS support by Alexandre P. Ferreira (Splice IP)
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
37 #ifdef HAVE_SYS_TYPES_H
38 # include <sys/types.h>
41 #ifdef HAVE_NETINET_IN_H
42 # include <netinet/in.h>
45 #ifdef NEED_SNPRINTF_H
51 # include "snprintf.h"
56 #include <epan/packet.h>
57 #include "packet-wap.h"
58 #include "packet-wtls.h"
60 /* File scoped variables for the protocol and registered fields */
61 static int proto_wtls = HF_EMPTY;
63 /* These fields used by fixed part of header */
64 static int hf_wtls_record = HF_EMPTY;
65 static int hf_wtls_record_type = HF_EMPTY;
66 static int hf_wtls_record_length = HF_EMPTY;
67 static int hf_wtls_record_sequence = HF_EMPTY;
68 static int hf_wtls_record_ciphered = HF_EMPTY;
69 static int hf_wtls_hands = HF_EMPTY;
70 static int hf_wtls_hands_type = HF_EMPTY;
71 static int hf_wtls_hands_length = HF_EMPTY;
72 static int hf_wtls_hands_cli_hello = HF_EMPTY;
73 static int hf_wtls_hands_cli_hello_version = HF_EMPTY;
74 static int hf_wtls_hands_cli_hello_gmt = HF_EMPTY;
75 static int hf_wtls_hands_cli_hello_random = HF_EMPTY;
76 static int hf_wtls_hands_cli_hello_session = HF_EMPTY;
77 static int hf_wtls_hands_cli_hello_session_str = HF_EMPTY;
78 static int hf_wtls_hands_cli_hello_cli_key_id = HF_EMPTY;
79 static int hf_wtls_hands_cli_hello_cli_key_len = HF_EMPTY;
80 static int hf_wtls_hands_cli_hello_trust_key_id = HF_EMPTY;
81 static int hf_wtls_hands_cli_hello_key_exchange =HF_EMPTY;
82 static int hf_wtls_hands_cli_hello_key_exchange_suite =HF_EMPTY;
83 static int hf_wtls_hands_cli_hello_key_parameter_index =HF_EMPTY;
84 static int hf_wtls_hands_cli_hello_key_parameter_set =HF_EMPTY;
85 static int hf_wtls_hands_cli_hello_key_identifier_type =HF_EMPTY;
86 static int hf_wtls_hands_cli_hello_key_identifier_charset =HF_EMPTY;
87 static int hf_wtls_hands_cli_hello_key_identifier_size =HF_EMPTY;
88 static int hf_wtls_hands_cli_hello_key_identifier =HF_EMPTY;
89 static int hf_wtls_hands_cli_hello_key_identifier_str =HF_EMPTY;
90 static int hf_wtls_hands_cli_hello_cipher_suite =HF_EMPTY;
91 static int hf_wtls_hands_cli_hello_cipher_suite_item =HF_EMPTY;
92 static int hf_wtls_hands_cli_hello_compression_methods =HF_EMPTY;
93 static int hf_wtls_hands_cli_hello_compression =HF_EMPTY;
94 static int hf_wtls_hands_cli_hello_sequence_mode =HF_EMPTY;
95 static int hf_wtls_hands_cli_hello_key_refresh =HF_EMPTY;
96 static int hf_wtls_hands_serv_hello = HF_EMPTY;
97 static int hf_wtls_hands_serv_hello_version = HF_EMPTY;
98 static int hf_wtls_hands_serv_hello_gmt = HF_EMPTY;
99 static int hf_wtls_hands_serv_hello_random = HF_EMPTY;
100 static int hf_wtls_hands_serv_hello_session = HF_EMPTY;
101 static int hf_wtls_hands_serv_hello_session_str = HF_EMPTY;
102 static int hf_wtls_hands_serv_hello_cli_key_id =HF_EMPTY;
103 static int hf_wtls_hands_serv_hello_cipher_suite_item =HF_EMPTY;
104 static int hf_wtls_hands_serv_hello_cipher_bulk =HF_EMPTY;
105 static int hf_wtls_hands_serv_hello_cipher_mac =HF_EMPTY;
106 static int hf_wtls_hands_serv_hello_compression =HF_EMPTY;
107 static int hf_wtls_hands_serv_hello_sequence_mode =HF_EMPTY;
108 static int hf_wtls_hands_serv_hello_key_refresh =HF_EMPTY;
109 static int hf_wtls_hands_certificates =HF_EMPTY;
110 static int hf_wtls_hands_certificate =HF_EMPTY;
111 static int hf_wtls_hands_certificate_type =HF_EMPTY;
112 static int hf_wtls_hands_certificate_wtls_version =HF_EMPTY;
113 static int hf_wtls_hands_certificate_wtls_signature_type =HF_EMPTY;
114 static int hf_wtls_hands_certificate_wtls_issuer_type =HF_EMPTY;
115 static int hf_wtls_hands_certificate_wtls_issuer_charset =HF_EMPTY;
116 static int hf_wtls_hands_certificate_wtls_issuer_name =HF_EMPTY;
117 static int hf_wtls_hands_certificate_wtls_valid_not_before =HF_EMPTY;
118 static int hf_wtls_hands_certificate_wtls_valid_not_after =HF_EMPTY;
119 static int hf_wtls_hands_certificate_wtls_subject_type =HF_EMPTY;
120 static int hf_wtls_hands_certificate_wtls_subject_charset =HF_EMPTY;
121 static int hf_wtls_hands_certificate_wtls_subject_name = HF_EMPTY;
122 static int hf_wtls_hands_certificate_wtls_public_key_type = HF_EMPTY;
123 static int hf_wtls_hands_certificate_wtls_key_parameter_index = HF_EMPTY;
124 static int hf_wtls_hands_certificate_wtls_key_parameter_set = HF_EMPTY;
125 static int hf_wtls_hands_certificate_wtls_rsa_exponent = HF_EMPTY;
126 static int hf_wtls_hands_certificate_wtls_rsa_modules = HF_EMPTY;
127 static int hf_wtls_hands_certificate_wtls_signature = HF_EMPTY;
128 static int hf_wtls_alert = HF_EMPTY;
129 static int hf_wtls_alert_level = HF_EMPTY;
130 static int hf_wtls_alert_description = HF_EMPTY;
132 /* Initialize the subtree pointers */
133 static gint ett_wtls = ETT_EMPTY;
134 static gint ett_wtls_rec = ETT_EMPTY;
135 static gint ett_wtls_msg_type = ETT_EMPTY;
136 static gint ett_wtls_msg_type_item = ETT_EMPTY;
137 static gint ett_wtls_msg_type_item_sub = ETT_EMPTY;
138 static gint ett_wtls_msg_type_item_sub_sub = ETT_EMPTY;
140 /* Handles for WTP and WSP dissectors */
141 static dissector_handle_t wtp_handle;
142 static dissector_handle_t wsp_handle;
144 static const value_string wtls_vals_record_type[] = {
145 { 0x01, "change_cipher_data" },
147 { 0x03, "handshake" },
148 { 0x04, "application_data" },
152 static const value_string wtls_vals_cipher_bulk[] = {
154 { 0x01, "RC5 CBC 40" },
155 { 0x02, "RC5 CBC 56" },
157 { 0x04, "DES CBC 40" },
159 { 0x06, "3DES CBC cwEDE40" },
160 { 0x07, "IDEA CBC 40" },
161 { 0x08, "IDEA CBC 56" },
162 { 0x09, "IDEA CBC" },
166 static const value_string wtls_vals_cipher_mac[] = {
171 { 0x04, "SHA XOR 40" },
178 static const value_string wtls_vals_handshake_type[] = {
179 { 0, "Hello Request" },
180 { 1, "Client Hello" },
181 { 2, "Server Hello" },
182 { 11, "Certificate" },
183 { 12, "Server Key Exchange" },
184 { 13, "Certificate Request" },
185 { 14, "Server Hello Done" },
186 { 15, "Certificate Verify" },
187 { 16, "Client Key Exchange" },
192 static const value_string wtls_vals_key_exchange_suite[] = {
194 { 1, "Shared Secret" },
195 { 2, "Diffie Hellman Anonymous" },
196 { 3, "Diffie Hellman Anonymous 512" },
197 { 4, "Diffie Hellman Anonymous 768" },
198 { 5, "RSA Anonymous" },
199 { 6, "RSA Anonymous 512" },
200 { 7, "RSA Anonymous 768" },
204 { 11, "EC Diffie Hellman Anonymous" },
205 { 12, "EC Diffie Hellman Anonymous 113" },
206 { 13, "EC Diffie Hellman Anonymous 131" },
207 { 14, "EC Diffie Hellman ECDSA" },
208 { 15, "EC Diffie Hellman Anonymous Uncomp" },
209 { 16, "EC Diffie Hellman Anonymous Uncomp 113" },
210 { 17, "EC Diffie Hellman Anonymous Uncomp 131" },
211 { 18, "EC Diffie Hellman ECDSA Uncomp" },
215 static const value_string wtls_vals_identifier_type[] = {
216 { 0, "No identifier" },
217 { 1, "Textual Name" },
218 { 2, "Binary Name" },
219 { 254, "SHA-1 Hash of Public Key" },
220 { 255, "x509 Distinguished Name" },
224 static const value_string wtls_vals_certificate_type[] = {
232 static const value_string wtls_vals_compression[] = {
237 static const value_string wtls_vals_sequence_mode[] = {
244 static const value_string wtls_vals_certificate_signature[] = {
251 static const value_string wtls_vals_public_key_type[] = {
258 static const value_string wtls_vals_alert_level[] = {
265 static const value_string wtls_vals_alert_description[] = {
266 { 0,"connection_close_notify"},
267 { 1,"session_close_notify"},
268 { 5,"no_connection"},
269 { 10,"unexpected_message"},
270 { 11,"time_required"},
271 { 20,"bad_record_mac"},
272 { 21,"decryption_failed"},
273 { 22,"record_overflow"},
274 { 30,"decompression_failure"},
275 { 40,"handshake_failure"},
276 { 42,"bad_certificate"},
277 { 43,"unsupported_certificate"},
278 { 44,"certificate_revoked"},
279 { 45,"certificate_expired"},
280 { 46,"certificate_unknown"},
281 { 47,"illegal_parameter"},
283 { 49,"access_denied"},
284 { 50,"decode_error"},
285 { 51,"decrypt_error"},
286 { 52,"unknown_key_id"},
287 { 53,"disabled_key_id"},
288 { 54,"key_exchange_disabled"},
289 { 55,"session_not_ready"},
290 { 56,"unknown_parameter_index"},
291 { 57,"duplicate_finished_received"},
292 { 60,"export_restriction"},
293 { 70,"protocol_version"},
294 { 71,"insufficient_security"},
295 { 80,"internal_error"},
296 { 90,"user_canceled"},
297 { 100,"no_renegotiation"},
301 #define WTLS_RECORD_TYPE_LENGTH 0x80
302 #define WTLS_RECORD_TYPE_SEQUENCE 0x40
303 #define WTLS_RECORD_TYPE_CIPHER_CUR 0x20
304 #define WTLS_RECORD_CONTENT_TYPE 0x0f
306 #define WTLS_ALERT 0x02
307 #define WTLS_PLAIN_HANDSHAKE 0x03
309 #define WTLS_HANDSHAKE_CLIENT_HELLO 1
310 #define WTLS_HANDSHAKE_SERVER_HELLO 2
311 #define WTLS_HANDSHAKE_CERTIFICATE 11
313 #define CERTIFICATE_WTLS 1
314 #define CERTIFICATE_X509 2
315 #define CERTIFICATE_X968 3
316 #define CERTIFICATE_URL 4
318 #define IDENTIFIER_NULL 0
319 #define IDENTIFIER_TEXT 1
320 #define IDENTIFIER_BIN 2
321 #define IDENTIFIER_SHA_1 254
322 #define IDENTIFIER_X509 255
324 #define PUBLIC_KEY_RSA 2
325 #define PUBLIC_KEY_ECDH 3
326 #define PUBLIC_KEY_ECDSA 4
328 static void dissect_wtls_handshake (proto_tree *, tvbuff_t *, guint, guint);
330 /* Code to actually dissect the packets */
332 dissect_wtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
339 guint offset_wtls = 0;
341 /* Set up structures we will need to add the protocol subtree and manage it */
343 proto_tree *wtls_tree;
344 proto_tree *wtls_rec_tree;
345 proto_tree *wtls_msg_type_tree;
347 if (check_col(pinfo->cinfo, COL_PROTOCOL))
349 switch ( pinfo->match_port )
351 case UDP_PORT_WTLS_WSP:
352 col_set_str(pinfo->cinfo, COL_PROTOCOL, "WTLS+WSP" );
354 case UDP_PORT_WTLS_WTP_WSP:
355 col_set_str(pinfo->cinfo, COL_PROTOCOL, "WTLS+WTP+WSP" );
360 /* Develop the string to put in the Info column */
361 if (check_col(pinfo->cinfo, COL_INFO)) {
362 col_set_str(pinfo->cinfo, COL_INFO, "WTLS" );
365 /* In the interest of speed, if "tree" is NULL, don't do any work not
366 necessary to generate protocol tree items. */
369 ti = proto_tree_add_item(tree, proto_wtls, tvb, offset_wtls,
370 tvb_length(tvb), bo_little_endian);
371 wtls_tree = proto_item_add_subtree(ti, ett_wtls);
373 for (offset_wtls=0; offset_wtls < (tvb_length(tvb)-1);) {
374 pdut = tvb_get_guint8 (tvb, offset_wtls);
376 offset = offset_wtls+1;
378 if (pdut & WTLS_RECORD_TYPE_SEQUENCE) {
381 if (pdut & WTLS_RECORD_TYPE_LENGTH) {
382 count = tvb_get_ntohs(tvb, offset);
384 count += offset-offset_wtls;
387 count = tvb_length (tvb)-offset_wtls;
389 ti = proto_tree_add_uint(wtls_tree, hf_wtls_record, tvb, offset_wtls,
391 wtls_rec_tree = proto_item_add_subtree(ti, ett_wtls_rec);
393 offset = offset_wtls;
395 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_type,
396 tvb,offset,1,bo_big_endian);
400 offset_wtls += count;
402 if (pdut & WTLS_RECORD_TYPE_SEQUENCE) {
403 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_sequence,
404 tvb,offset,2,bo_big_endian);
407 if (pdut & WTLS_RECORD_TYPE_LENGTH) {
408 count = tvb_get_ntohs(tvb, offset);
409 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_length,
410 tvb,offset,2,bo_big_endian);
414 count = tvb_length (tvb)-offset;
417 if (pdut & WTLS_RECORD_TYPE_CIPHER_CUR) {
418 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_ciphered,
419 tvb,offset,count,bo_big_endian);
423 switch (pdut & WTLS_RECORD_CONTENT_TYPE) {
424 case WTLS_PLAIN_HANDSHAKE :
425 dissect_wtls_handshake(wtls_rec_tree,tvb,offset,count);
428 ti = proto_tree_add_item(wtls_rec_tree, hf_wtls_alert, tvb, offset,
429 count, bo_little_endian);
430 wtls_msg_type_tree = proto_item_add_subtree(ti, ett_wtls_msg_type);
431 pdu_msg_type = tvb_get_guint8 (tvb, offset);
432 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_alert_level,
433 tvb,offset,1,bo_big_endian);
435 count = tvb_get_ntohs (tvb, offset);
436 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_alert_description,
437 tvb,offset,1,bo_big_endian);
448 dissect_wtls_handshake(proto_tree *tree, tvbuff_t *tvb, guint offset, guint count)
455 guint public_key = 0;
458 char *valBulk = NULL;
462 proto_item *cli_key_item;
463 proto_tree *wtls_msg_type_tree;
464 proto_tree *wtls_msg_type_item_tree;
465 proto_tree *wtls_msg_type_item_sub_tree;
466 proto_tree *wtls_msg_type_item_sub_sub_tree;
468 pdu_msg_type = tvb_get_guint8 (tvb, offset);
469 ti = proto_tree_add_uint(tree, hf_wtls_hands, tvb, offset,count, pdu_msg_type);
470 wtls_msg_type_tree = proto_item_add_subtree(ti, ett_wtls_msg_type);
472 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_hands_type,
473 tvb,offset,1,bo_big_endian);
475 count = tvb_get_ntohs (tvb, offset);
476 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_hands_length,
477 tvb,offset,2,bo_big_endian);
479 switch(pdu_msg_type) {
480 case WTLS_HANDSHAKE_CLIENT_HELLO :
481 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_cli_hello, tvb, offset,
482 count, bo_little_endian);
483 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
484 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_version,
485 tvb,offset,1,bo_big_endian);
487 timeValue.secs = tvb_get_ntohl (tvb, offset);
489 ti = proto_tree_add_time (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_gmt, tvb,
490 offset, 4, &timeValue);
492 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_random,
493 tvb,offset,12,bo_big_endian);
495 count = tvb_get_guint8(tvb, offset);
498 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session_str,
499 tvb,offset,count+1,"NULL");
502 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
503 tvb,offset,count+1,tvb_get_guint8(tvb,offset+1));
506 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
507 tvb,offset,count+1,tvb_get_ntohs(tvb,offset+1));
510 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
511 tvb,offset,count+1,tvb_get_ntoh24(tvb,offset+1));
514 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
515 tvb,offset,count+1,tvb_get_ntohl(tvb,offset+1));
518 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session_str,
519 tvb,offset,count+1,"Too big");
524 /* process client_key_ids structure */
525 count = tvb_get_ntohs (tvb, offset);
526 ti = proto_tree_add_item(wtls_msg_type_item_tree,
527 hf_wtls_hands_cli_hello_cli_key_id, tvb, offset,
528 count+2, bo_little_endian);
529 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
531 /* display length of client_key_ids structure */
532 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
533 hf_wtls_hands_cli_hello_cli_key_len,
534 tvb,offset,2,bo_big_endian);
537 /* cycle through client_key_ids entries */
538 for (;count > 0;count-=client_size) {
539 /* get encryption suite id (one byte) */
540 value = tvb_get_guint8 (tvb, offset);
541 cli_key_item = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
542 hf_wtls_hands_cli_hello_key_exchange, tvb, offset,1,
545 wtls_msg_type_item_sub_sub_tree = proto_item_add_subtree(cli_key_item,
546 ett_wtls_msg_type_item_sub_sub);
547 ti = proto_tree_add_uint(wtls_msg_type_item_sub_sub_tree,
548 hf_wtls_hands_cli_hello_key_exchange_suite,
552 fprintf(stderr, "encryption suite = %d, client_size = %d\n", value, client_size);
555 /* get parameter index (one byte) */
556 value = tvb_get_guint8 (tvb, offset);
557 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
558 hf_wtls_hands_cli_hello_key_parameter_index,
559 tvb,offset,1,bo_big_endian);
563 fprintf(stderr, "parameter index = %d, client_size = %d\n", value, client_size);
566 /* explicit parameters present in next field */
568 size = tvb_get_ntohs (tvb, offset);
569 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
570 hf_wtls_hands_cli_hello_key_parameter_set,
571 tvb,offset,size+2,bo_big_endian);
576 /* get identifier type */
577 value = tvb_get_guint8 (tvb, offset);
578 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
579 hf_wtls_hands_cli_hello_key_identifier_type,
580 tvb,offset,1,bo_big_endian);
584 fprintf(stderr, "identifier type = %d, client_size = %d\n", value, client_size);
587 /* identifier present in next field */
588 /* note: value 0x0 means no identifier */
590 case 0x01 : /* text identifier */
592 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
593 hf_wtls_hands_cli_hello_key_identifier_charset,
594 tvb,offset,2,bo_big_endian);
596 size = tvb_get_guint8 (tvb, offset);
597 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
598 hf_wtls_hands_cli_hello_key_identifier_size,
599 tvb,offset,1,bo_big_endian);
601 strncpy(valStr,tvb_get_ptr (tvb, offset, size),size);
603 ti = proto_tree_add_string(
604 wtls_msg_type_item_sub_sub_tree,
605 hf_wtls_hands_cli_hello_key_identifier_str,
606 tvb, offset,size,valStr);
610 fprintf(stderr, "text id size = %d, client_size = %d\n",
614 case 0x02 : /* binary identifier */
615 size = tvb_get_guint8 (tvb, offset);
616 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
617 hf_wtls_hands_cli_hello_key_identifier_size,
618 tvb,offset,1,bo_big_endian);
620 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
621 hf_wtls_hands_cli_hello_key_identifier,
622 tvb,offset,size,bo_big_endian);
626 fprintf(stderr, "binary id size = %d, client_size = %d\n",
630 case 0xfe : /* SHA-1 hash of the public key */
631 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
632 hf_wtls_hands_cli_hello_key_identifier,
633 tvb,offset,20,bo_big_endian);
637 fprintf(stderr, "SHA-1 hash size = 20, client_size = %d\n",
641 case 0xff : /* X.509 distinguished name */
643 size = tvb_get_guint8 (tvb, offset);
644 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
645 hf_wtls_hands_cli_hello_key_identifier_size,
646 tvb,offset,1,bo_big_endian);
648 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
649 hf_wtls_hands_cli_hello_key_identifier,
650 tvb,offset,size,bo_big_endian);
654 fprintf(stderr, "X.509 name size = %d, client_size = %d\n",
660 proto_item_set_len(cli_key_item, client_size);
663 /* process trusted_keys structure */
664 count = tvb_get_ntohs (tvb, offset);
665 ti = proto_tree_add_item(wtls_msg_type_item_tree,
666 hf_wtls_hands_cli_hello_trust_key_id, tvb, offset,
667 count+2, bo_little_endian);
668 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
670 /* display length of trusted_keys structure */
671 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
672 hf_wtls_hands_cli_hello_cli_key_len,
673 tvb,offset,2,bo_big_endian);
676 for (;count > 0;count-=client_size) {
677 /* get encryption suite id (one byte) */
678 value = tvb_get_guint8 (tvb, offset);
679 cli_key_item = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
680 hf_wtls_hands_cli_hello_key_exchange, tvb, offset,1,
683 wtls_msg_type_item_sub_sub_tree = proto_item_add_subtree(cli_key_item,
684 ett_wtls_msg_type_item_sub_sub);
685 ti = proto_tree_add_uint(wtls_msg_type_item_sub_sub_tree,
686 hf_wtls_hands_cli_hello_key_exchange_suite,
690 fprintf(stderr, "encryption suite = %d, client_size = %d\n", value, client_size);
693 /* get parameter index (one byte) */
694 value = tvb_get_guint8 (tvb, offset);
695 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
696 hf_wtls_hands_cli_hello_key_parameter_index,
697 tvb,offset,1,bo_big_endian);
701 fprintf(stderr, "parameter index = %d, client_size = %d\n", value, client_size);
704 /* explicit parameters present in next field */
706 size = tvb_get_ntohs (tvb, offset);
707 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
708 hf_wtls_hands_cli_hello_key_parameter_set,
709 tvb,offset,size+2,bo_big_endian);
714 /* get identifier type */
715 value = tvb_get_guint8 (tvb, offset);
716 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
717 hf_wtls_hands_cli_hello_key_identifier_type,
718 tvb,offset,1,bo_big_endian);
722 fprintf(stderr, "identifier type = %d, client_size = %d\n", value, client_size);
725 /* identifier present in next field */
726 /* note: value 0x0 means no identifier */
728 case 0x01 : /* text identifier */
730 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
731 hf_wtls_hands_cli_hello_key_identifier_charset,
732 tvb,offset,2,bo_big_endian);
734 size = tvb_get_guint8 (tvb, offset);
735 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
736 hf_wtls_hands_cli_hello_key_identifier_size,
737 tvb,offset,1,bo_big_endian);
739 strncpy(valStr,tvb_get_ptr (tvb, offset, size),size);
741 ti = proto_tree_add_string(
742 wtls_msg_type_item_sub_sub_tree,
743 hf_wtls_hands_cli_hello_key_identifier_str,
744 tvb, offset,size,valStr);
748 fprintf(stderr, "text id size = %d, client_size = %d\n",
752 case 0x02 : /* binary identifier */
753 size = tvb_get_guint8 (tvb, offset);
754 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
755 hf_wtls_hands_cli_hello_key_identifier_size,
756 tvb,offset,1,bo_big_endian);
758 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
759 hf_wtls_hands_cli_hello_key_identifier,
760 tvb,offset,size,bo_big_endian);
764 fprintf(stderr, "binary id size = %d, client_size = %d\n",
768 case 0xfe : /* SHA-1 hash of the public key */
769 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
770 hf_wtls_hands_cli_hello_key_identifier,
771 tvb,offset,20,bo_big_endian);
775 fprintf(stderr, "SHA-1 hash size = 20, client_size = %d\n",
779 case 0xff : /* X.509 distinguished name */
781 size = tvb_get_guint8 (tvb, offset);
782 /* need to fetch identifier and display it */
783 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
784 hf_wtls_hands_cli_hello_key_identifier_size,
785 tvb,offset,1,bo_big_endian);
787 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
788 hf_wtls_hands_cli_hello_key_identifier,
789 tvb,offset,size,bo_big_endian);
793 fprintf(stderr, "X.509 name size = %d, client_size = %d\n",
798 proto_item_set_len(cli_key_item, client_size);
801 /* process cipher_suites structure */
802 count = tvb_get_guint8 (tvb, offset);
803 ti = proto_tree_add_item(wtls_msg_type_item_tree,
804 hf_wtls_hands_cli_hello_cipher_suite, tvb, offset,
805 count+1, bo_little_endian);
806 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
808 for (;count > 0;count-=client_size) {
809 value = tvb_get_guint8 (tvb, offset);
810 valBulk = match_strval(value, wtls_vals_cipher_bulk);
813 valMac = match_strval(tvb_get_guint8 (tvb, offset), wtls_vals_cipher_mac);
818 snprintf(valStr,1024,"%s, %s",valBulk,valMac);
822 snprintf(valStr,1024,"%s, Unknow MAC (0x%02x)",valBulk,tvb_get_guint8 (tvb, offset));
829 snprintf(valStr,1024,"Unknow Bulk (0x%02x), %s",value,valMac);
833 snprintf(valStr,1024,"Unknow Bulk (0x%02x), Unknow MAC (0x%02x)",value,
834 tvb_get_guint8 (tvb, offset));
839 cli_key_item = proto_tree_add_string(wtls_msg_type_item_sub_tree,
840 hf_wtls_hands_cli_hello_cipher_suite_item, tvb, offset-2,2,
843 count = tvb_get_guint8 (tvb, offset);
844 ti = proto_tree_add_item(wtls_msg_type_item_tree,
845 hf_wtls_hands_cli_hello_compression_methods, tvb, offset,
846 count+1, bo_little_endian);
847 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
849 for (;count > 0;count-=client_size) {
851 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
852 hf_wtls_hands_cli_hello_compression, tvb, offset,1,
857 ti = proto_tree_add_item(wtls_msg_type_item_tree,
858 hf_wtls_hands_cli_hello_sequence_mode, tvb, offset,
859 1, bo_little_endian);
861 ti = proto_tree_add_item(wtls_msg_type_item_tree,
862 hf_wtls_hands_cli_hello_key_refresh, tvb, offset,
863 1, bo_little_endian);
865 case WTLS_HANDSHAKE_SERVER_HELLO :
866 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_serv_hello, tvb, offset,
867 count, bo_little_endian);
868 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
869 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_version,
870 tvb,offset,1,bo_big_endian);
872 timeValue.secs = tvb_get_ntohl (tvb, offset);
874 ti = proto_tree_add_time (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_gmt, tvb,
875 offset, 4, &timeValue);
877 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_random,
878 tvb,offset,12,bo_big_endian);
880 count = tvb_get_guint8(tvb, offset);
883 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session_str,
884 tvb,offset,count+1,"NULL");
887 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
888 tvb,offset,count+1,tvb_get_guint8(tvb,offset+1));
891 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
892 tvb,offset,count+1,tvb_get_ntohs(tvb,offset+1));
895 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
896 tvb,offset,count+1,tvb_get_ntoh24(tvb,offset+1));
899 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
900 tvb,offset,count+1,tvb_get_ntohl(tvb,offset+1));
903 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session_str,
904 tvb,offset,count+1,"Too big");
908 ti = proto_tree_add_item(wtls_msg_type_item_tree,
909 hf_wtls_hands_serv_hello_cli_key_id,
910 tvb,offset,1,bo_big_endian);
912 cli_key_item = proto_tree_add_item(wtls_msg_type_item_tree,
913 hf_wtls_hands_serv_hello_cipher_suite_item, tvb, offset,2,
915 wtls_msg_type_item_sub_tree = proto_item_add_subtree(cli_key_item,
916 ett_wtls_msg_type_item_sub);
917 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
918 hf_wtls_hands_serv_hello_cipher_bulk,
919 tvb,offset,1,bo_big_endian);
921 value = tvb_get_guint8 (tvb, offset);
922 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
923 hf_wtls_hands_serv_hello_cipher_mac,
924 tvb,offset,1,bo_big_endian);
926 ti = proto_tree_add_item(wtls_msg_type_item_tree,
927 hf_wtls_hands_serv_hello_compression, tvb, offset,1,
930 ti = proto_tree_add_item(wtls_msg_type_item_tree,
931 hf_wtls_hands_serv_hello_sequence_mode, tvb, offset,
932 1, bo_little_endian);
934 ti = proto_tree_add_item(wtls_msg_type_item_tree,
935 hf_wtls_hands_serv_hello_key_refresh, tvb, offset,
936 1, bo_little_endian);
939 case WTLS_HANDSHAKE_CERTIFICATE :
940 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_certificates,
941 tvb, offset,count, bo_little_endian);
942 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
943 count = tvb_get_ntohs (tvb, offset);
945 for (;count > 0;count-=client_size) {
946 cli_key_item = proto_tree_add_item(wtls_msg_type_item_tree,
947 hf_wtls_hands_certificate, tvb, offset,1,
950 wtls_msg_type_item_sub_tree = proto_item_add_subtree(cli_key_item,
951 ett_wtls_msg_type_item_sub);
952 proto_item_set_len(cli_key_item, client_size);
953 value = tvb_get_guint8 (tvb, offset);
954 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
955 hf_wtls_hands_certificate_type, tvb, offset,1,
960 case CERTIFICATE_WTLS:
961 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
962 hf_wtls_hands_certificate_wtls_version,
967 signature = tvb_get_guint8 (tvb, offset);
968 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
969 hf_wtls_hands_certificate_wtls_signature_type,
974 value = tvb_get_guint8 (tvb, offset);
975 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
976 hf_wtls_hands_certificate_wtls_issuer_type,
982 case IDENTIFIER_NULL :
984 case IDENTIFIER_TEXT :
985 ti = proto_tree_add_item(
986 wtls_msg_type_item_sub_tree,
987 hf_wtls_hands_certificate_wtls_issuer_charset,
992 value = tvb_get_guint8 (tvb, offset);
993 strncpy(valStr,tvb_get_ptr (tvb, offset+1, value),value);
995 ti = proto_tree_add_string(
996 wtls_msg_type_item_sub_tree,
997 hf_wtls_hands_certificate_wtls_issuer_name,
1001 client_size+=1+value;
1003 case IDENTIFIER_BIN :
1005 case IDENTIFIER_SHA_1 :
1007 case IDENTIFIER_X509 :
1010 timeValue.secs = tvb_get_ntohl (tvb, offset);
1011 timeValue.nsecs = 0;
1012 ti = proto_tree_add_time (wtls_msg_type_item_sub_tree,
1013 hf_wtls_hands_certificate_wtls_valid_not_before,
1014 tvb, offset, 4, &timeValue);
1017 timeValue.secs = tvb_get_ntohl (tvb, offset);
1018 timeValue.nsecs = 0;
1019 ti = proto_tree_add_time (wtls_msg_type_item_sub_tree,
1020 hf_wtls_hands_certificate_wtls_valid_not_after,
1021 tvb, offset, 4, &timeValue);
1024 value = tvb_get_guint8 (tvb, offset);
1025 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1026 hf_wtls_hands_certificate_wtls_subject_type,
1032 case IDENTIFIER_NULL :
1034 case IDENTIFIER_TEXT :
1035 ti = proto_tree_add_item(
1036 wtls_msg_type_item_sub_tree,
1037 hf_wtls_hands_certificate_wtls_subject_charset,
1042 value = tvb_get_guint8 (tvb, offset);
1043 strncpy(valStr,tvb_get_ptr (tvb, offset+1, value),value);
1045 ti = proto_tree_add_string(
1046 wtls_msg_type_item_sub_tree,
1047 hf_wtls_hands_certificate_wtls_subject_name,
1048 tvb, offset,1+value,
1051 client_size+=1+value;
1053 case IDENTIFIER_BIN :
1055 case IDENTIFIER_SHA_1 :
1057 case IDENTIFIER_X509 :
1060 public_key = tvb_get_guint8 (tvb, offset);
1061 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1062 hf_wtls_hands_certificate_wtls_public_key_type,
1067 value = tvb_get_guint8 (tvb, offset);
1068 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1069 hf_wtls_hands_certificate_wtls_key_parameter_index,
1070 tvb,offset,1,bo_big_endian);
1073 if (value == 0xff) {
1074 size = tvb_get_ntohs (tvb, offset);
1075 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1076 hf_wtls_hands_certificate_wtls_key_parameter_set,
1077 tvb,offset,size+2,bo_big_endian);
1079 client_size+=size+2;
1081 switch (public_key) {
1082 case PUBLIC_KEY_RSA :
1083 value = tvb_get_ntohs (tvb, offset);
1084 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1085 hf_wtls_hands_certificate_wtls_rsa_exponent,
1086 tvb,offset,value+2,value*8);
1088 client_size+=2+value;
1089 value = tvb_get_ntohs (tvb, offset);
1090 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1091 hf_wtls_hands_certificate_wtls_rsa_modules,
1092 tvb,offset,value+2,value*8);
1094 client_size+=2+value;
1096 case PUBLIC_KEY_ECDH :
1098 case PUBLIC_KEY_ECDSA :
1101 value = tvb_get_ntohs (tvb, offset);
1102 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1103 hf_wtls_hands_certificate_wtls_signature,
1104 tvb,offset,2+value,value*8);
1106 client_size+=2+value;
1108 case CERTIFICATE_X509:
1109 case CERTIFICATE_X968:
1110 value = tvb_get_ntohs (tvb, offset);
1113 client_size += value;
1116 case CERTIFICATE_URL:
1117 value = tvb_get_guint8 (tvb, offset);
1120 client_size += value;
1124 proto_item_set_len(cli_key_item, client_size);
1133 /* Register the protocol with Ethereal */
1135 proto_register_wtls(void)
1138 /* Setup list of header fields */
1139 static hf_register_info hf[] = {
1143 FT_UINT8, BASE_DEC, VALS ( wtls_vals_record_type ), 0x0f,
1147 { &hf_wtls_record_type,
1149 "wsp.wtls.rec_type",
1150 FT_UINT8, BASE_DEC, VALS ( wtls_vals_record_type ), 0x0f,
1151 "Record Type", HFILL
1154 { &hf_wtls_record_length,
1156 "wsp.wtls.rec_length",
1157 FT_UINT16, BASE_DEC, NULL, 0x00,
1158 "Record Length", HFILL
1161 { &hf_wtls_record_sequence,
1162 { "Record Sequence",
1164 FT_UINT16, BASE_DEC, NULL, 0x00,
1165 "Record Sequence", HFILL
1168 { &hf_wtls_record_ciphered,
1169 { "Record Ciphered",
1170 "wsp.wtls.rec_cipher",
1171 FT_NONE, BASE_DEC, NULL, 0x00,
1172 "Record Ciphered", HFILL
1177 "wsp.wtls.handshake",
1178 FT_UINT8, BASE_HEX, VALS ( wtls_vals_handshake_type ), 0x00,
1182 { &hf_wtls_hands_type,
1184 "wsp.wtls.handshake.type",
1185 FT_UINT8, BASE_HEX, VALS ( wtls_vals_handshake_type ), 0x00,
1189 { &hf_wtls_hands_length,
1191 "wsp.wtls.handshake.length",
1192 FT_UINT16, BASE_DEC, NULL, 0x00,
1196 { &hf_wtls_hands_cli_hello,
1198 "wsp.wtls.handshake.client_hello",
1199 FT_NONE, BASE_NONE,NULL, 0x00,
1200 "Client Hello", HFILL
1203 { &hf_wtls_hands_cli_hello_version,
1205 "wsp.wtls.handshake.client_hello.version",
1206 FT_UINT8, BASE_DEC, NULL, 0x00,
1210 { &hf_wtls_hands_cli_hello_gmt,
1212 "wsp.wtls.handshake.client_hello.gmt",
1213 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1217 { &hf_wtls_hands_cli_hello_random,
1219 "wsp.wtls.handshake.client_hello.random",
1220 FT_NONE, BASE_DEC, NULL, 0x00,
1224 { &hf_wtls_hands_cli_hello_session,
1226 "wsp.wtls.handshake.client_hello.sessionid",
1227 FT_UINT32, BASE_DEC, NULL, 0x00,
1231 { &hf_wtls_hands_cli_hello_session_str,
1233 "wsp.wtls.handshake.client_hello.session.str",
1234 FT_STRING, BASE_DEC, NULL, 0x00,
1238 { &hf_wtls_hands_cli_hello_cli_key_id,
1240 "wsp.wtls.handshake.client_hello.client_keys_id",
1241 FT_NONE, BASE_DEC, NULL, 0x00,
1242 "Client Keys" , HFILL
1245 { &hf_wtls_hands_cli_hello_cli_key_len,
1247 "wsp.wtls.handshake.client_hello.client_keys_len",
1248 FT_UINT16, BASE_DEC, NULL, 0x00,
1252 { &hf_wtls_hands_cli_hello_trust_key_id,
1254 "wsp.wtls.handshake.client_hello.trusted_keys_id",
1255 FT_NONE, BASE_DEC, NULL, 0x00,
1256 "Trusted Keys" , HFILL
1259 { &hf_wtls_hands_cli_hello_key_exchange,
1261 "wsp.wtls.handshake.client_hello.key.key_exchange",
1262 FT_UINT8, BASE_HEX, VALS ( wtls_vals_key_exchange_suite ), 0x00,
1263 "Key Exchange", HFILL
1266 { &hf_wtls_hands_cli_hello_key_exchange_suite,
1268 "wsp.wtls.handshake.client_hello.key.key_exchange.suite",
1269 FT_UINT8, BASE_HEX, VALS ( wtls_vals_key_exchange_suite ), 0x00,
1273 { &hf_wtls_hands_cli_hello_key_parameter_index,
1274 { "Parameter Index",
1275 "wsp.wtls.handshake.client_hello.parameter_index",
1276 FT_UINT8, BASE_DEC, NULL, 0x00,
1277 "Parameter Index", HFILL
1280 { &hf_wtls_hands_cli_hello_key_parameter_set,
1282 "wsp.wtls.handshake.client_hello.parameter",
1283 FT_STRING, BASE_NONE, NULL, 0x00,
1284 "Parameter Set", HFILL
1287 { &hf_wtls_hands_cli_hello_key_identifier_type,
1288 { "Identifier Type",
1289 "wsp.wtls.handshake.client_hello.ident_type",
1290 FT_UINT8, BASE_HEX, VALS ( wtls_vals_identifier_type ), 0x00,
1291 "Identifier Type", HFILL
1294 { &hf_wtls_hands_cli_hello_key_identifier_charset,
1295 { "Identifier CharSet",
1296 "wsp.wtls.handshake.client_hello.ident_charset",
1297 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1298 "Identifier CharSet", HFILL
1301 { &hf_wtls_hands_cli_hello_key_identifier_size,
1302 { "Identifier Size",
1303 "wsp.wtls.handshake.client_hello.ident_size",
1304 FT_UINT8, BASE_DEC, NULL, 0x00,
1305 "Identifier Size", HFILL
1308 { &hf_wtls_hands_cli_hello_key_identifier,
1310 "wsp.wtls.handshake.client_hello.identifier",
1311 FT_NONE, BASE_HEX, NULL, 0x00,
1315 { &hf_wtls_hands_cli_hello_key_identifier_str,
1316 { "Identifier Name",
1317 "wsp.wtls.handshake.client_hello.ident_name",
1318 FT_STRING, BASE_HEX, NULL, 0x00,
1319 "Identifier Name", HFILL
1322 { &hf_wtls_hands_cli_hello_cipher_suite,
1324 "wsp.wtls.handshake.client_hello.ciphers",
1325 FT_NONE, BASE_DEC, NULL, 0x00,
1326 "Cipher Suite", HFILL
1329 { &hf_wtls_hands_cli_hello_cipher_suite_item,
1331 "wsp.wtls.handshake.client_hello.cipher",
1332 FT_STRING, BASE_DEC, NULL, 0x00,
1336 { &hf_wtls_hands_cli_hello_compression_methods,
1337 { "Compression Methods",
1338 "wsp.wtls.handshake.client_hello.comp_methods",
1339 FT_NONE, BASE_DEC, NULL, 0x00,
1340 "Compression Methods", HFILL
1343 { &hf_wtls_hands_cli_hello_compression,
1345 "wsp.wtls.handshake.client_hello.compression",
1346 FT_UINT8, BASE_HEX, VALS ( wtls_vals_compression ), 0x00,
1347 "Compression", HFILL
1350 { &hf_wtls_hands_cli_hello_sequence_mode,
1352 "wsp.wtls.handshake.client_hello.sequence_mode",
1353 FT_UINT8, BASE_HEX, VALS ( wtls_vals_sequence_mode ), 0x00,
1354 "Sequence Mode", HFILL
1357 { &hf_wtls_hands_cli_hello_key_refresh,
1359 "wsp.wtls.handshake.client_hello.refresh",
1360 FT_UINT8, BASE_DEC,NULL, 0x00,
1364 { &hf_wtls_hands_serv_hello,
1366 "wsp.wtls.handshake.server_hello",
1367 FT_NONE, BASE_NONE,NULL, 0x00,
1368 "Server Hello", HFILL
1371 { &hf_wtls_hands_serv_hello_version,
1373 "wsp.wtls.handshake.server_hello.version",
1374 FT_UINT8, BASE_DEC, NULL, 0x00,
1378 { &hf_wtls_hands_serv_hello_gmt,
1380 "wsp.wtls.handshake.server_hello.gmt",
1381 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1385 { &hf_wtls_hands_serv_hello_random,
1387 "wsp.wtls.handshake.server_hello.random",
1388 FT_NONE, BASE_DEC, NULL, 0x00,
1392 { &hf_wtls_hands_serv_hello_session,
1394 "wsp.wtls.handshake.server_hello.sessionid",
1395 FT_UINT32, BASE_DEC, NULL, 0x00,
1399 { &hf_wtls_hands_serv_hello_session_str,
1401 "wsp.wtls.handshake.server_hello.session.str",
1402 FT_STRING, BASE_DEC, NULL, 0x00,
1406 { &hf_wtls_hands_serv_hello_cli_key_id,
1408 "wsp.wtls.handshake.server_hello.key",
1409 FT_UINT8, BASE_HEX, NULL, 0x00,
1410 "Client Key ID", HFILL
1413 { &hf_wtls_hands_serv_hello_cipher_suite_item,
1415 "wsp.wtls.handshake.server_hello.cipher",
1416 FT_NONE, BASE_DEC, NULL, 0x00,
1420 { &hf_wtls_hands_serv_hello_cipher_bulk,
1422 "wsp.wtls.handshake.server_hello.cipher.bulk",
1423 FT_UINT8, BASE_HEX, VALS ( wtls_vals_cipher_bulk ), 0x00,
1424 "Cipher Bulk", HFILL
1427 { &hf_wtls_hands_serv_hello_cipher_mac,
1429 "wsp.wtls.handshake.server_hello.cipher.mac",
1430 FT_UINT8, BASE_HEX, VALS ( wtls_vals_cipher_mac ), 0x00,
1434 { &hf_wtls_hands_serv_hello_compression,
1436 "wsp.wtls.handshake.server_hello.compression",
1437 FT_UINT8, BASE_HEX, VALS ( wtls_vals_compression ), 0x00,
1438 "Compression", HFILL
1441 { &hf_wtls_hands_serv_hello_sequence_mode,
1443 "wsp.wtls.handshake.server_hello.sequence_mode",
1444 FT_UINT8, BASE_HEX, VALS ( wtls_vals_sequence_mode ), 0x00,
1445 "Sequence Mode", HFILL
1448 { &hf_wtls_hands_serv_hello_key_refresh,
1450 "wsp.wtls.handshake.server_hello.refresh",
1451 FT_UINT8, BASE_DEC,NULL, 0x00,
1455 { &hf_wtls_hands_certificates,
1457 "wsp.wtls.handshake.certificates",
1458 FT_NONE, BASE_DEC, NULL, 0x00,
1459 "Certificates", HFILL
1462 { &hf_wtls_hands_certificate,
1464 "wsp.wtls.handshake.certificate",
1465 FT_NONE, BASE_DEC, NULL, 0x00,
1466 "Certificate", HFILL
1469 { &hf_wtls_hands_certificate_type,
1471 "wsp.wtls.handshake.certificate.type",
1472 FT_UINT8, BASE_HEX, VALS ( wtls_vals_certificate_type ), 0x00,
1476 { &hf_wtls_hands_certificate_wtls_version,
1478 "wsp.wtls.handshake.certificate.version",
1479 FT_UINT8, BASE_HEX, NULL, 0x00,
1483 { &hf_wtls_hands_certificate_wtls_signature_type,
1485 "wsp.wtls.handshake.certificate.signature.type",
1486 FT_UINT8, BASE_HEX, VALS ( wtls_vals_certificate_signature ), 0x00,
1487 "Signature Type", HFILL
1490 { &hf_wtls_hands_certificate_wtls_signature,
1492 "wsp.wtls.handshake.certificate.signature.signature",
1493 FT_UINT32, BASE_DEC, NULL, 0x00,
1494 "Signature Size", HFILL
1497 { &hf_wtls_hands_certificate_wtls_issuer_type,
1499 "wsp.wtls.handshake.certificate.issuer.type",
1500 FT_UINT8, BASE_HEX, VALS ( wtls_vals_identifier_type ), 0x00,
1504 { &hf_wtls_hands_certificate_wtls_issuer_charset,
1506 "wsp.wtls.handshake.certificate.issuer.charset",
1507 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1511 { &hf_wtls_hands_certificate_wtls_issuer_name,
1513 "wsp.wtls.handshake.certificate.issuer.name",
1514 FT_STRING, BASE_NONE, NULL, 0x00,
1518 { &hf_wtls_hands_certificate_wtls_valid_not_before,
1519 { "Valid not before",
1520 "wsp.wtls.handshake.certificate.before",
1521 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1522 "Valid not before", HFILL
1525 { &hf_wtls_hands_certificate_wtls_valid_not_after,
1526 { "Valid not after",
1527 "wsp.wtls.handshake.certificate.after",
1528 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1529 "Valid not after", HFILL
1532 { &hf_wtls_hands_certificate_wtls_subject_type,
1534 "wsp.wtls.handshake.certificate.subject.type",
1535 FT_UINT8, BASE_HEX, VALS ( wtls_vals_identifier_type ), 0x00,
1539 { &hf_wtls_hands_certificate_wtls_subject_charset,
1541 "wsp.wtls.handshake.certificate.subject.charset",
1542 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1546 { &hf_wtls_hands_certificate_wtls_subject_name,
1548 "wsp.wtls.handshake.certificate.subject.name",
1549 FT_STRING, BASE_NONE, NULL, 0x00,
1553 { &hf_wtls_hands_certificate_wtls_public_key_type,
1554 { "Public Key Type",
1555 "wsp.wtls.handshake.certificate.public.type",
1556 FT_UINT8, BASE_HEX, VALS ( wtls_vals_public_key_type ), 0x00,
1557 "Public Key Type", HFILL
1560 { &hf_wtls_hands_certificate_wtls_key_parameter_index,
1561 { "Parameter Index",
1562 "wsp.wtls.handshake.certificate.parameter_index",
1563 FT_UINT8, BASE_DEC, NULL, 0x00,
1564 "Parameter Index", HFILL
1567 { &hf_wtls_hands_certificate_wtls_key_parameter_set,
1569 "wsp.wtls.handshake.certificate.parameter",
1570 FT_STRING, BASE_NONE, NULL, 0x00,
1571 "Parameter Set", HFILL
1574 { &hf_wtls_hands_certificate_wtls_rsa_exponent,
1575 { "RSA Exponent Size",
1576 "wsp.wtls.handshake.certificate.rsa.exponent",
1577 FT_UINT32, BASE_DEC, NULL, 0x00,
1578 "RSA Exponent Size", HFILL
1581 { &hf_wtls_hands_certificate_wtls_rsa_modules,
1582 { "RSA Modulus Size",
1583 "wsp.wtls.handshake.certificate.rsa.modules",
1584 FT_UINT32, BASE_DEC, NULL, 0x00,
1585 "RSA Modulus Size", HFILL
1591 FT_NONE, BASE_HEX, NULL, 0x00,
1595 { &hf_wtls_alert_level,
1597 "wsp.wtls.alert.level",
1598 FT_UINT8, BASE_HEX, VALS ( wtls_vals_alert_level ), 0x00,
1602 { &hf_wtls_alert_description,
1604 "wsp.wtls.alert.description",
1605 FT_UINT8, BASE_HEX, VALS ( wtls_vals_alert_description ), 0x00,
1606 "Description", HFILL
1611 /* Setup protocol subtree array */
1612 static gint *ett[] = {
1616 &ett_wtls_msg_type_item,
1617 &ett_wtls_msg_type_item_sub,
1618 &ett_wtls_msg_type_item_sub_sub,
1621 /* Register the protocol name and description */
1622 proto_wtls = proto_register_protocol(
1623 "Wireless Transport Layer Security", /* protocol name for use by ethereal */
1624 "WTLS", /* short version of name */
1625 "wap-wtls" /* Abbreviated protocol name, should Match IANA
1626 < URL:http://www.isi.edu/in-notes/iana/assignments/port-numbers/ >
1630 /* Required function calls to register the header fields and subtrees used */
1631 proto_register_field_array(proto_wtls, hf, array_length(hf));
1632 proto_register_subtree_array(ett, array_length(ett));
1636 proto_reg_handoff_wtls(void)
1638 dissector_handle_t wtls_handle;
1641 * Get handles for the WTP and connectionless WSP dissectors.
1643 wtp_handle = find_dissector("wtp");
1644 wsp_handle = find_dissector("wsp-cl");
1646 wtls_handle = create_dissector_handle(dissect_wtls, proto_wtls);
1647 dissector_add("udp.port", UDP_PORT_WTLS_WSP, wtls_handle);
1648 dissector_add("udp.port", UDP_PORT_WTLS_WTP_WSP, wtls_handle);
1649 dissector_add("udp.port", UDP_PORT_WTLS_WSP_PUSH,wtls_handle);