3 * Routines to dissect WTLS component of WAP traffic.
5 * $Id: packet-wtls.c,v 1.9 2001/06/18 02:17:54 guy Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@zing.org>
9 * Copyright 1998 Didier Jorand
11 * WAP dissector based on original work by Ben Fowler
12 * Updated by Neil Hunter <neil.hunter@energis-squared.com>
13 * WTLS support by Alexandre P. Ferreira (Splice IP)
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
37 #ifdef HAVE_SYS_TYPES_H
38 # include <sys/types.h>
41 #ifdef HAVE_NETINET_IN_H
42 # include <netinet/in.h>
45 #ifdef NEED_SNPRINTF_H
51 # include "snprintf.h"
57 #include "packet-wap.h"
58 #include "packet-wtls.h"
60 /* File scoped variables for the protocol and registered fields */
61 static int proto_wtls = HF_EMPTY;
63 /* These fields used by fixed part of header */
64 static int hf_wtls_record = HF_EMPTY;
65 static int hf_wtls_record_type = HF_EMPTY;
66 static int hf_wtls_record_length = HF_EMPTY;
67 static int hf_wtls_record_sequence = HF_EMPTY;
68 static int hf_wtls_record_ciphered = HF_EMPTY;
69 static int hf_wtls_hands = HF_EMPTY;
70 static int hf_wtls_hands_type = HF_EMPTY;
71 static int hf_wtls_hands_length = HF_EMPTY;
72 static int hf_wtls_hands_cli_hello = HF_EMPTY;
73 static int hf_wtls_hands_cli_hello_version = HF_EMPTY;
74 static int hf_wtls_hands_cli_hello_gmt = HF_EMPTY;
75 static int hf_wtls_hands_cli_hello_random = HF_EMPTY;
76 static int hf_wtls_hands_cli_hello_session = HF_EMPTY;
77 static int hf_wtls_hands_cli_hello_session_str = HF_EMPTY;
78 static int hf_wtls_hands_cli_hello_cli_key_id = HF_EMPTY;
79 static int hf_wtls_hands_cli_hello_cli_key_len = HF_EMPTY;
80 static int hf_wtls_hands_cli_hello_trust_key_id = HF_EMPTY;
81 static int hf_wtls_hands_cli_hello_key_exchange =HF_EMPTY;
82 static int hf_wtls_hands_cli_hello_key_exchange_suite =HF_EMPTY;
83 static int hf_wtls_hands_cli_hello_key_parameter_index =HF_EMPTY;
84 static int hf_wtls_hands_cli_hello_key_parameter_set =HF_EMPTY;
85 static int hf_wtls_hands_cli_hello_key_identifier_type =HF_EMPTY;
86 static int hf_wtls_hands_cli_hello_key_identifier_charset =HF_EMPTY;
87 static int hf_wtls_hands_cli_hello_key_identifier_size =HF_EMPTY;
88 static int hf_wtls_hands_cli_hello_key_identifier =HF_EMPTY;
89 static int hf_wtls_hands_cli_hello_key_identifier_str =HF_EMPTY;
90 static int hf_wtls_hands_cli_hello_cipher_suite =HF_EMPTY;
91 static int hf_wtls_hands_cli_hello_cipher_suite_item =HF_EMPTY;
92 static int hf_wtls_hands_cli_hello_compression_methods =HF_EMPTY;
93 static int hf_wtls_hands_cli_hello_compression =HF_EMPTY;
94 static int hf_wtls_hands_cli_hello_sequence_mode =HF_EMPTY;
95 static int hf_wtls_hands_cli_hello_key_refresh =HF_EMPTY;
96 static int hf_wtls_hands_serv_hello = HF_EMPTY;
97 static int hf_wtls_hands_serv_hello_version = HF_EMPTY;
98 static int hf_wtls_hands_serv_hello_gmt = HF_EMPTY;
99 static int hf_wtls_hands_serv_hello_random = HF_EMPTY;
100 static int hf_wtls_hands_serv_hello_session = HF_EMPTY;
101 static int hf_wtls_hands_serv_hello_session_str = HF_EMPTY;
102 static int hf_wtls_hands_serv_hello_cli_key_id =HF_EMPTY;
103 static int hf_wtls_hands_serv_hello_cipher_suite_item =HF_EMPTY;
104 static int hf_wtls_hands_serv_hello_cipher_bulk =HF_EMPTY;
105 static int hf_wtls_hands_serv_hello_cipher_mac =HF_EMPTY;
106 static int hf_wtls_hands_serv_hello_compression =HF_EMPTY;
107 static int hf_wtls_hands_serv_hello_sequence_mode =HF_EMPTY;
108 static int hf_wtls_hands_serv_hello_key_refresh =HF_EMPTY;
109 static int hf_wtls_hands_certificates =HF_EMPTY;
110 static int hf_wtls_hands_certificate =HF_EMPTY;
111 static int hf_wtls_hands_certificate_type =HF_EMPTY;
112 static int hf_wtls_hands_certificate_wtls_version =HF_EMPTY;
113 static int hf_wtls_hands_certificate_wtls_signature_type =HF_EMPTY;
114 static int hf_wtls_hands_certificate_wtls_issuer_type =HF_EMPTY;
115 static int hf_wtls_hands_certificate_wtls_issuer_charset =HF_EMPTY;
116 static int hf_wtls_hands_certificate_wtls_issuer_name =HF_EMPTY;
117 static int hf_wtls_hands_certificate_wtls_valid_not_before =HF_EMPTY;
118 static int hf_wtls_hands_certificate_wtls_valid_not_after =HF_EMPTY;
119 static int hf_wtls_hands_certificate_wtls_subject_type =HF_EMPTY;
120 static int hf_wtls_hands_certificate_wtls_subject_charset =HF_EMPTY;
121 static int hf_wtls_hands_certificate_wtls_subject_name = HF_EMPTY;
122 static int hf_wtls_hands_certificate_wtls_public_key_type = HF_EMPTY;
123 static int hf_wtls_hands_certificate_wtls_key_parameter_index = HF_EMPTY;
124 static int hf_wtls_hands_certificate_wtls_key_parameter_set = HF_EMPTY;
125 static int hf_wtls_hands_certificate_wtls_rsa_exponent = HF_EMPTY;
126 static int hf_wtls_hands_certificate_wtls_rsa_modules = HF_EMPTY;
127 static int hf_wtls_hands_certificate_wtls_signature = HF_EMPTY;
128 static int hf_wtls_alert = HF_EMPTY;
129 static int hf_wtls_alert_level = HF_EMPTY;
130 static int hf_wtls_alert_description = HF_EMPTY;
132 /* Initialize the subtree pointers */
133 static gint ett_wtls = ETT_EMPTY;
134 static gint ett_wtls_rec = ETT_EMPTY;
135 static gint ett_wtls_msg_type = ETT_EMPTY;
136 static gint ett_wtls_msg_type_item = ETT_EMPTY;
137 static gint ett_wtls_msg_type_item_sub = ETT_EMPTY;
138 static gint ett_wtls_msg_type_item_sub_sub = ETT_EMPTY;
140 /* Handles for WTP and WSP dissectors */
141 static dissector_handle_t wtp_handle;
142 static dissector_handle_t wsp_handle;
144 static const value_string wtls_vals_record_type[] = {
145 { 0x01, "change_cipher_data" },
147 { 0x03, "handshake" },
148 { 0x04, "application_data" },
152 static const value_string wtls_vals_cipher_bulk[] = {
154 { 0x01, "RC5 CBC 40" },
155 { 0x02, "RC5 CBC 56" },
157 { 0x04, "DES CBC 40" },
159 { 0x06, "3DES CBC cwEDE40" },
160 { 0x07, "IDEA CBC 40" },
161 { 0x08, "IDEA CBC 56" },
162 { 0x09, "IDEA CBC" },
166 static const value_string wtls_vals_cipher_mac[] = {
171 { 0x04, "SHA XOR 40" },
178 static const value_string wtls_vals_handshake_type[] = {
179 { 0, "Hello Request" },
180 { 1, "Client Hello" },
181 { 2, "Server Hello" },
182 { 11, "Certificate" },
183 { 12, "Server Key Exchange" },
184 { 13, "Certificate Request" },
185 { 14, "Server Hello Done" },
186 { 15, "Certificate Verify" },
187 { 16, "Client Key Exchange" },
192 static const value_string wtls_vals_key_exchange_suite[] = {
194 { 1, "Shared Secret" },
195 { 2, "Diffie Hellman Anonymous" },
196 { 3, "Diffie Hellman Anonymous 512" },
197 { 4, "Diffie Hellman Anonymous 768" },
198 { 5, "RSA Anonymous" },
199 { 6, "RSA Anonymous 512" },
200 { 7, "RSA Anonymous 768" },
204 { 11, "EC Diffie Hellman Anonymous" },
205 { 12, "EC Diffie Hellman Anonymous 113" },
206 { 13, "EC Diffie Hellman Anonymous 131" },
207 { 14, "EC Diffie Hellman ECDSA" },
208 { 15, "EC Diffie Hellman Anonymous Uncomp" },
209 { 16, "EC Diffie Hellman Anonymous Uncomp 113" },
210 { 17, "EC Diffie Hellman Anonymous Uncomp 131" },
211 { 18, "EC Diffie Hellman ECDSA Uncomp" },
215 static const value_string wtls_vals_identifier_type[] = {
216 { 0, "No identifier" },
217 { 1, "Textual Name" },
218 { 2, "Binary Name" },
219 { 254, "SHA-1 Hash of Public Key" },
220 { 255, "x509 Distinguished Name" },
224 static const value_string wtls_vals_certificate_type[] = {
232 static const value_string wtls_vals_compression[] = {
237 static const value_string wtls_vals_sequence_mode[] = {
244 static const value_string wtls_vals_certificate_signature[] = {
251 static const value_string wtls_vals_public_key_type[] = {
258 static const value_string wtls_vals_alert_level[] = {
265 static const value_string wtls_vals_alert_description[] = {
266 { 0,"connection_close_notify"},
267 { 1,"session_close_notify"},
268 { 5,"no_connection"},
269 { 10,"unexpected_message"},
270 { 11,"time_required"},
271 { 20,"bad_record_mac"},
272 { 21,"decryption_failed"},
273 { 22,"record_overflow"},
274 { 30,"decompression_failure"},
275 { 40,"handshake_failure"},
276 { 42,"bad_certificate"},
277 { 43,"unsupported_certificate"},
278 { 44,"certificate_revoked"},
279 { 45,"certificate_expired"},
280 { 46,"certificate_unknown"},
281 { 47,"illegal_parameter"},
283 { 49,"access_denied"},
284 { 50,"decode_error"},
285 { 51,"decrypt_error"},
286 { 52,"unknown_key_id"},
287 { 53,"disabled_key_id"},
288 { 54,"key_exchange_disabled"},
289 { 55,"session_not_ready"},
290 { 56,"unknown_parameter_index"},
291 { 57,"duplicate_finished_received"},
292 { 60,"export_restriction"},
293 { 70,"protocol_version"},
294 { 71,"insufficient_security"},
295 { 80,"internal_error"},
296 { 90,"user_canceled"},
297 { 100,"no_renegotiation"},
301 #define WTLS_RECORD_TYPE_LENGTH 0x80
302 #define WTLS_RECORD_TYPE_SEQUENCE 0x40
303 #define WTLS_RECORD_TYPE_CIPHER_CUR 0x20
304 #define WTLS_RECORD_CONTENT_TYPE 0x0f
306 #define WTLS_ALERT 0x02
307 #define WTLS_PLAIN_HANDSHAKE 0x03
309 #define WTLS_HANDSHAKE_CLIENT_HELLO 1
310 #define WTLS_HANDSHAKE_SERVER_HELLO 2
311 #define WTLS_HANDSHAKE_CERTIFICATE 11
313 #define CERTIFICATE_WTLS 1
314 #define CERTIFICATE_X509 2
315 #define CERTIFICATE_X968 3
316 #define CERTIFICATE_URL 4
318 #define IDENTIFIER_NULL 0
319 #define IDENTIFIER_TEXT 1
320 #define IDENTIFIER_BIN 2
321 #define IDENTIFIER_SHA_1 254
322 #define IDENTIFIER_X509 255
324 #define PUBLIC_KEY_RSA 2
325 #define PUBLIC_KEY_ECDH 3
326 #define PUBLIC_KEY_ECDSA 4
328 static void dissect_wtls_handshake (proto_tree *, tvbuff_t *, guint, guint);
330 /* Code to actually dissect the packets */
332 dissect_wtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
334 frame_data *fdata = pinfo->fd;
340 guint offset_wtls = 0;
342 /* Set up structures we will need to add the protocol subtree and manage it */
344 proto_tree *wtls_tree;
345 proto_tree *wtls_rec_tree;
346 proto_tree *wtls_msg_type_tree;
348 if (check_col(fdata, COL_PROTOCOL))
350 switch ( pinfo->match_port )
352 case UDP_PORT_WTLS_WSP:
353 col_set_str(fdata, COL_PROTOCOL, "WTLS+WSP" );
355 case UDP_PORT_WTLS_WTP_WSP:
356 col_set_str(fdata, COL_PROTOCOL, "WTLS+WTP+WSP" );
361 /* Develop the string to put in the Info column */
362 if (check_col(fdata, COL_INFO)) {
363 col_set_str(fdata, COL_INFO, "WTLS" );
366 /* In the interest of speed, if "tree" is NULL, don't do any work not
367 necessary to generate protocol tree items. */
370 ti = proto_tree_add_item(tree, proto_wtls, tvb, offset_wtls,
371 tvb_length(tvb), bo_little_endian);
372 wtls_tree = proto_item_add_subtree(ti, ett_wtls);
374 for (offset_wtls=0; offset_wtls < (tvb_length(tvb)-1);) {
375 pdut = tvb_get_guint8 (tvb, offset_wtls);
377 offset = offset_wtls+1;
379 if (pdut & WTLS_RECORD_TYPE_SEQUENCE) {
382 if (pdut & WTLS_RECORD_TYPE_LENGTH) {
383 count = tvb_get_ntohs(tvb, offset);
385 count += offset-offset_wtls;
388 count = tvb_length (tvb)-offset_wtls;
390 ti = proto_tree_add_uint(wtls_tree, hf_wtls_record, tvb, offset_wtls,
392 wtls_rec_tree = proto_item_add_subtree(ti, ett_wtls_rec);
394 offset = offset_wtls;
396 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_type,
397 tvb,offset,1,bo_big_endian);
401 offset_wtls += count;
403 if (pdut & WTLS_RECORD_TYPE_SEQUENCE) {
404 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_sequence,
405 tvb,offset,2,bo_big_endian);
408 if (pdut & WTLS_RECORD_TYPE_LENGTH) {
409 count = tvb_get_ntohs(tvb, offset);
410 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_length,
411 tvb,offset,2,bo_big_endian);
415 count = tvb_length (tvb)-offset;
418 if (pdut & WTLS_RECORD_TYPE_CIPHER_CUR) {
419 ti = proto_tree_add_item (wtls_rec_tree, hf_wtls_record_ciphered,
420 tvb,offset,count,bo_big_endian);
424 switch (pdut & WTLS_RECORD_CONTENT_TYPE) {
425 case WTLS_PLAIN_HANDSHAKE :
426 dissect_wtls_handshake(wtls_rec_tree,tvb,offset,count);
429 ti = proto_tree_add_item(wtls_rec_tree, hf_wtls_alert, tvb, offset,
430 count, bo_little_endian);
431 wtls_msg_type_tree = proto_item_add_subtree(ti, ett_wtls_msg_type);
432 pdu_msg_type = tvb_get_guint8 (tvb, offset);
433 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_alert_level,
434 tvb,offset,1,bo_big_endian);
436 count = tvb_get_ntohs (tvb, offset);
437 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_alert_description,
438 tvb,offset,1,bo_big_endian);
449 dissect_wtls_handshake(proto_tree *tree, tvbuff_t *tvb, guint offset, guint count)
452 struct timeval timeValue;
456 guint public_key = 0;
459 char *valBulk = NULL;
463 proto_item *cli_key_item;
464 proto_tree *wtls_msg_type_tree;
465 proto_tree *wtls_msg_type_item_tree;
466 proto_tree *wtls_msg_type_item_sub_tree;
467 proto_tree *wtls_msg_type_item_sub_sub_tree;
469 pdu_msg_type = tvb_get_guint8 (tvb, offset);
470 ti = proto_tree_add_uint(tree, hf_wtls_hands, tvb, offset,count, pdu_msg_type);
471 wtls_msg_type_tree = proto_item_add_subtree(ti, ett_wtls_msg_type);
473 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_hands_type,
474 tvb,offset,1,bo_big_endian);
476 count = tvb_get_ntohs (tvb, offset);
477 ti = proto_tree_add_item (wtls_msg_type_tree, hf_wtls_hands_length,
478 tvb,offset,2,bo_big_endian);
480 switch(pdu_msg_type) {
481 case WTLS_HANDSHAKE_CLIENT_HELLO :
482 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_cli_hello, tvb, offset,
483 count, bo_little_endian);
484 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
485 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_version,
486 tvb,offset,1,bo_big_endian);
488 timeValue.tv_sec = tvb_get_ntohl (tvb, offset);
489 timeValue.tv_usec = 0;
490 ti = proto_tree_add_time (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_gmt, tvb,
491 offset, 4, &timeValue);
493 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_random,
494 tvb,offset,12,bo_big_endian);
496 count = tvb_get_guint8(tvb, offset);
499 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session_str,
500 tvb,offset,count+1,"NULL");
503 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
504 tvb,offset,count+1,tvb_get_guint8(tvb,offset+1));
507 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
508 tvb,offset,count+1,tvb_get_ntohs(tvb,offset+1));
511 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
512 tvb,offset,count+1,tvb_get_ntoh24(tvb,offset+1));
515 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session,
516 tvb,offset,count+1,tvb_get_ntohl(tvb,offset+1));
519 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_session_str,
520 tvb,offset,count+1,"Too big");
525 /* process client_key_ids structure */
526 count = tvb_get_ntohs (tvb, offset);
527 ti = proto_tree_add_item(wtls_msg_type_item_tree,
528 hf_wtls_hands_cli_hello_cli_key_id, tvb, offset,
529 count+2, bo_little_endian);
530 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
532 /* display length of client_key_ids structure */
533 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
534 hf_wtls_hands_cli_hello_cli_key_len,
535 tvb,offset,2,bo_big_endian);
538 /* cycle through client_key_ids entries */
539 for (;count > 0;count-=client_size) {
540 /* get encryption suite id (one byte) */
541 value = tvb_get_guint8 (tvb, offset);
542 cli_key_item = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
543 hf_wtls_hands_cli_hello_key_exchange, tvb, offset,1,
546 wtls_msg_type_item_sub_sub_tree = proto_item_add_subtree(cli_key_item,
547 ett_wtls_msg_type_item_sub_sub);
548 ti = proto_tree_add_uint(wtls_msg_type_item_sub_sub_tree,
549 hf_wtls_hands_cli_hello_key_exchange_suite,
553 fprintf(stderr, "encryption suite = %d, client_size = %d\n", value, client_size);
556 /* get parameter index (one byte) */
557 value = tvb_get_guint8 (tvb, offset);
558 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
559 hf_wtls_hands_cli_hello_key_parameter_index,
560 tvb,offset,1,bo_big_endian);
564 fprintf(stderr, "parameter index = %d, client_size = %d\n", value, client_size);
567 /* explicit parameters present in next field */
569 size = tvb_get_ntohs (tvb, offset);
570 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
571 hf_wtls_hands_cli_hello_key_parameter_set,
572 tvb,offset,size+2,bo_big_endian);
577 /* get identifier type */
578 value = tvb_get_guint8 (tvb, offset);
579 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
580 hf_wtls_hands_cli_hello_key_identifier_type,
581 tvb,offset,1,bo_big_endian);
585 fprintf(stderr, "identifier type = %d, client_size = %d\n", value, client_size);
588 /* identifier present in next field */
589 /* note: value 0x0 means no identifier */
591 case 0x01 : /* text identifier */
593 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
594 hf_wtls_hands_cli_hello_key_identifier_charset,
595 tvb,offset,2,bo_big_endian);
597 size = tvb_get_guint8 (tvb, offset);
598 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
599 hf_wtls_hands_cli_hello_key_identifier_size,
600 tvb,offset,1,bo_big_endian);
602 strncpy(valStr,tvb_get_ptr (tvb, offset, size),size);
604 ti = proto_tree_add_string(
605 wtls_msg_type_item_sub_sub_tree,
606 hf_wtls_hands_cli_hello_key_identifier_str,
607 tvb, offset,size,valStr);
611 fprintf(stderr, "text id size = %d, client_size = %d\n",
615 case 0x02 : /* binary identifier */
616 size = tvb_get_guint8 (tvb, offset);
617 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
618 hf_wtls_hands_cli_hello_key_identifier_size,
619 tvb,offset,1,bo_big_endian);
621 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
622 hf_wtls_hands_cli_hello_key_identifier,
623 tvb,offset,size,bo_big_endian);
627 fprintf(stderr, "binary id size = %d, client_size = %d\n",
631 case 0xfe : /* SHA-1 hash of the public key */
632 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
633 hf_wtls_hands_cli_hello_key_identifier,
634 tvb,offset,20,bo_big_endian);
638 fprintf(stderr, "SHA-1 hash size = 20, client_size = %d\n",
642 case 0xff : /* X.509 distinguished name */
644 size = tvb_get_guint8 (tvb, offset);
645 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
646 hf_wtls_hands_cli_hello_key_identifier_size,
647 tvb,offset,1,bo_big_endian);
649 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
650 hf_wtls_hands_cli_hello_key_identifier,
651 tvb,offset,size,bo_big_endian);
655 fprintf(stderr, "X.509 name size = %d, client_size = %d\n",
661 proto_item_set_len(cli_key_item, client_size);
664 /* process trusted_keys structure */
665 count = tvb_get_ntohs (tvb, offset);
666 ti = proto_tree_add_item(wtls_msg_type_item_tree,
667 hf_wtls_hands_cli_hello_trust_key_id, tvb, offset,
668 count+2, bo_little_endian);
669 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
671 /* display length of trusted_keys structure */
672 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
673 hf_wtls_hands_cli_hello_cli_key_len,
674 tvb,offset,2,bo_big_endian);
677 for (;count > 0;count-=client_size) {
678 /* get encryption suite id (one byte) */
679 value = tvb_get_guint8 (tvb, offset);
680 cli_key_item = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
681 hf_wtls_hands_cli_hello_key_exchange, tvb, offset,1,
684 wtls_msg_type_item_sub_sub_tree = proto_item_add_subtree(cli_key_item,
685 ett_wtls_msg_type_item_sub_sub);
686 ti = proto_tree_add_uint(wtls_msg_type_item_sub_sub_tree,
687 hf_wtls_hands_cli_hello_key_exchange_suite,
691 fprintf(stderr, "encryption suite = %d, client_size = %d\n", value, client_size);
694 /* get parameter index (one byte) */
695 value = tvb_get_guint8 (tvb, offset);
696 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
697 hf_wtls_hands_cli_hello_key_parameter_index,
698 tvb,offset,1,bo_big_endian);
702 fprintf(stderr, "parameter index = %d, client_size = %d\n", value, client_size);
705 /* explicit parameters present in next field */
707 size = tvb_get_ntohs (tvb, offset);
708 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
709 hf_wtls_hands_cli_hello_key_parameter_set,
710 tvb,offset,size+2,bo_big_endian);
715 /* get identifier type */
716 value = tvb_get_guint8 (tvb, offset);
717 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
718 hf_wtls_hands_cli_hello_key_identifier_type,
719 tvb,offset,1,bo_big_endian);
723 fprintf(stderr, "identifier type = %d, client_size = %d\n", value, client_size);
726 /* identifier present in next field */
727 /* note: value 0x0 means no identifier */
729 case 0x01 : /* text identifier */
731 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
732 hf_wtls_hands_cli_hello_key_identifier_charset,
733 tvb,offset,2,bo_big_endian);
735 size = tvb_get_guint8 (tvb, offset);
736 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
737 hf_wtls_hands_cli_hello_key_identifier_size,
738 tvb,offset,1,bo_big_endian);
740 strncpy(valStr,tvb_get_ptr (tvb, offset, size),size);
742 ti = proto_tree_add_string(
743 wtls_msg_type_item_sub_sub_tree,
744 hf_wtls_hands_cli_hello_key_identifier_str,
745 tvb, offset,size,valStr);
749 fprintf(stderr, "text id size = %d, client_size = %d\n",
753 case 0x02 : /* binary identifier */
754 size = tvb_get_guint8 (tvb, offset);
755 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
756 hf_wtls_hands_cli_hello_key_identifier_size,
757 tvb,offset,1,bo_big_endian);
759 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
760 hf_wtls_hands_cli_hello_key_identifier,
761 tvb,offset,size,bo_big_endian);
765 fprintf(stderr, "binary id size = %d, client_size = %d\n",
769 case 0xfe : /* SHA-1 hash of the public key */
770 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
771 hf_wtls_hands_cli_hello_key_identifier,
772 tvb,offset,20,bo_big_endian);
776 fprintf(stderr, "SHA-1 hash size = 20, client_size = %d\n",
780 case 0xff : /* X.509 distinguished name */
782 size = tvb_get_guint8 (tvb, offset);
783 /* need to fetch identifier and display it */
784 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
785 hf_wtls_hands_cli_hello_key_identifier_size,
786 tvb,offset,1,bo_big_endian);
788 ti = proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
789 hf_wtls_hands_cli_hello_key_identifier,
790 tvb,offset,size,bo_big_endian);
794 fprintf(stderr, "X.509 name size = %d, client_size = %d\n",
799 proto_item_set_len(cli_key_item, client_size);
802 /* process cipher_suites structure */
803 count = tvb_get_guint8 (tvb, offset);
804 ti = proto_tree_add_item(wtls_msg_type_item_tree,
805 hf_wtls_hands_cli_hello_cipher_suite, tvb, offset,
806 count+1, bo_little_endian);
807 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
809 for (;count > 0;count-=client_size) {
810 value = tvb_get_guint8 (tvb, offset);
811 valBulk = match_strval(value, wtls_vals_cipher_bulk);
814 valMac = match_strval(tvb_get_guint8 (tvb, offset), wtls_vals_cipher_mac);
819 snprintf(valStr,1024,"%s, %s",valBulk,valMac);
823 snprintf(valStr,1024,"%s, Unknow MAC (0x%02x)",valBulk,tvb_get_guint8 (tvb, offset));
830 snprintf(valStr,1024,"Unknow Bulk (0x%02x), %s",value,valMac);
834 snprintf(valStr,1024,"Unknow Bulk (0x%02x), Unknow MAC (0x%02x)",value,
835 tvb_get_guint8 (tvb, offset));
840 cli_key_item = proto_tree_add_string(wtls_msg_type_item_sub_tree,
841 hf_wtls_hands_cli_hello_cipher_suite_item, tvb, offset-2,2,
844 count = tvb_get_guint8 (tvb, offset);
845 ti = proto_tree_add_item(wtls_msg_type_item_tree,
846 hf_wtls_hands_cli_hello_compression_methods, tvb, offset,
847 count+1, bo_little_endian);
848 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
850 for (;count > 0;count-=client_size) {
852 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
853 hf_wtls_hands_cli_hello_compression, tvb, offset,1,
858 ti = proto_tree_add_item(wtls_msg_type_item_tree,
859 hf_wtls_hands_cli_hello_sequence_mode, tvb, offset,
860 1, bo_little_endian);
862 ti = proto_tree_add_item(wtls_msg_type_item_tree,
863 hf_wtls_hands_cli_hello_key_refresh, tvb, offset,
864 1, bo_little_endian);
866 case WTLS_HANDSHAKE_SERVER_HELLO :
867 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_serv_hello, tvb, offset,
868 count, bo_little_endian);
869 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
870 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_version,
871 tvb,offset,1,bo_big_endian);
873 timeValue.tv_sec = tvb_get_ntohl (tvb, offset);
874 timeValue.tv_usec = 0;
875 ti = proto_tree_add_time (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_gmt, tvb,
876 offset, 4, &timeValue);
878 ti = proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_random,
879 tvb,offset,12,bo_big_endian);
881 count = tvb_get_guint8(tvb, offset);
884 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session_str,
885 tvb,offset,count+1,"NULL");
888 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
889 tvb,offset,count+1,tvb_get_guint8(tvb,offset+1));
892 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
893 tvb,offset,count+1,tvb_get_ntohs(tvb,offset+1));
896 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
897 tvb,offset,count+1,tvb_get_ntoh24(tvb,offset+1));
900 ti = proto_tree_add_uint (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session,
901 tvb,offset,count+1,tvb_get_ntohl(tvb,offset+1));
904 ti = proto_tree_add_string (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_session_str,
905 tvb,offset,count+1,"Too big");
909 ti = proto_tree_add_item(wtls_msg_type_item_tree,
910 hf_wtls_hands_serv_hello_cli_key_id,
911 tvb,offset,1,bo_big_endian);
913 cli_key_item = proto_tree_add_item(wtls_msg_type_item_tree,
914 hf_wtls_hands_serv_hello_cipher_suite_item, tvb, offset,2,
916 wtls_msg_type_item_sub_tree = proto_item_add_subtree(cli_key_item,
917 ett_wtls_msg_type_item_sub);
918 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
919 hf_wtls_hands_serv_hello_cipher_bulk,
920 tvb,offset,1,bo_big_endian);
922 value = tvb_get_guint8 (tvb, offset);
923 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
924 hf_wtls_hands_serv_hello_cipher_mac,
925 tvb,offset,1,bo_big_endian);
927 ti = proto_tree_add_item(wtls_msg_type_item_tree,
928 hf_wtls_hands_serv_hello_compression, tvb, offset,1,
931 ti = proto_tree_add_item(wtls_msg_type_item_tree,
932 hf_wtls_hands_serv_hello_sequence_mode, tvb, offset,
933 1, bo_little_endian);
935 ti = proto_tree_add_item(wtls_msg_type_item_tree,
936 hf_wtls_hands_serv_hello_key_refresh, tvb, offset,
937 1, bo_little_endian);
940 case WTLS_HANDSHAKE_CERTIFICATE :
941 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_certificates,
942 tvb, offset,count, bo_little_endian);
943 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
944 count = tvb_get_ntohs (tvb, offset);
946 for (;count > 0;count-=client_size) {
947 cli_key_item = proto_tree_add_item(wtls_msg_type_item_tree,
948 hf_wtls_hands_certificate, tvb, offset,1,
951 wtls_msg_type_item_sub_tree = proto_item_add_subtree(cli_key_item,
952 ett_wtls_msg_type_item_sub);
953 proto_item_set_len(cli_key_item, client_size);
954 value = tvb_get_guint8 (tvb, offset);
955 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
956 hf_wtls_hands_certificate_type, tvb, offset,1,
961 case CERTIFICATE_WTLS:
962 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
963 hf_wtls_hands_certificate_wtls_version,
968 signature = tvb_get_guint8 (tvb, offset);
969 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
970 hf_wtls_hands_certificate_wtls_signature_type,
975 value = tvb_get_guint8 (tvb, offset);
976 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
977 hf_wtls_hands_certificate_wtls_issuer_type,
983 case IDENTIFIER_NULL :
985 case IDENTIFIER_TEXT :
986 ti = proto_tree_add_item(
987 wtls_msg_type_item_sub_tree,
988 hf_wtls_hands_certificate_wtls_issuer_charset,
993 value = tvb_get_guint8 (tvb, offset);
994 strncpy(valStr,tvb_get_ptr (tvb, offset+1, value),value);
996 ti = proto_tree_add_string(
997 wtls_msg_type_item_sub_tree,
998 hf_wtls_hands_certificate_wtls_issuer_name,
1002 client_size+=1+value;
1004 case IDENTIFIER_BIN :
1006 case IDENTIFIER_SHA_1 :
1008 case IDENTIFIER_X509 :
1011 timeValue.tv_sec = tvb_get_ntohl (tvb, offset);
1012 timeValue.tv_usec = 0;
1013 ti = proto_tree_add_time (wtls_msg_type_item_sub_tree,
1014 hf_wtls_hands_certificate_wtls_valid_not_before,
1015 tvb, offset, 4, &timeValue);
1018 timeValue.tv_sec = tvb_get_ntohl (tvb, offset);
1019 timeValue.tv_usec = 0;
1020 ti = proto_tree_add_time (wtls_msg_type_item_sub_tree,
1021 hf_wtls_hands_certificate_wtls_valid_not_after,
1022 tvb, offset, 4, &timeValue);
1025 value = tvb_get_guint8 (tvb, offset);
1026 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1027 hf_wtls_hands_certificate_wtls_subject_type,
1033 case IDENTIFIER_NULL :
1035 case IDENTIFIER_TEXT :
1036 ti = proto_tree_add_item(
1037 wtls_msg_type_item_sub_tree,
1038 hf_wtls_hands_certificate_wtls_subject_charset,
1043 value = tvb_get_guint8 (tvb, offset);
1044 strncpy(valStr,tvb_get_ptr (tvb, offset+1, value),value);
1046 ti = proto_tree_add_string(
1047 wtls_msg_type_item_sub_tree,
1048 hf_wtls_hands_certificate_wtls_subject_name,
1049 tvb, offset,1+value,
1052 client_size+=1+value;
1054 case IDENTIFIER_BIN :
1056 case IDENTIFIER_SHA_1 :
1058 case IDENTIFIER_X509 :
1061 public_key = tvb_get_guint8 (tvb, offset);
1062 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1063 hf_wtls_hands_certificate_wtls_public_key_type,
1068 value = tvb_get_guint8 (tvb, offset);
1069 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1070 hf_wtls_hands_certificate_wtls_key_parameter_index,
1071 tvb,offset,1,bo_big_endian);
1074 if (value == 0xff) {
1075 size = tvb_get_ntohs (tvb, offset);
1076 ti = proto_tree_add_item(wtls_msg_type_item_sub_tree,
1077 hf_wtls_hands_certificate_wtls_key_parameter_set,
1078 tvb,offset,size+2,bo_big_endian);
1080 client_size+=size+2;
1082 switch (public_key) {
1083 case PUBLIC_KEY_RSA :
1084 value = tvb_get_ntohs (tvb, offset);
1085 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1086 hf_wtls_hands_certificate_wtls_rsa_exponent,
1087 tvb,offset,value+2,value*8);
1089 client_size+=2+value;
1090 value = tvb_get_ntohs (tvb, offset);
1091 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1092 hf_wtls_hands_certificate_wtls_rsa_modules,
1093 tvb,offset,value+2,value*8);
1095 client_size+=2+value;
1097 case PUBLIC_KEY_ECDH :
1099 case PUBLIC_KEY_ECDSA :
1102 value = tvb_get_ntohs (tvb, offset);
1103 ti = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
1104 hf_wtls_hands_certificate_wtls_signature,
1105 tvb,offset,2+value,value*8);
1107 client_size+=2+value;
1109 case CERTIFICATE_X509:
1110 case CERTIFICATE_X968:
1111 value = tvb_get_ntohs (tvb, offset);
1114 client_size += value;
1117 case CERTIFICATE_URL:
1118 value = tvb_get_guint8 (tvb, offset);
1121 client_size += value;
1125 proto_item_set_len(cli_key_item, client_size);
1134 /* Register the protocol with Ethereal */
1136 proto_register_wtls(void)
1139 /* Setup list of header fields */
1140 static hf_register_info hf[] = {
1144 FT_UINT8, BASE_DEC, VALS ( wtls_vals_record_type ), 0x0f,
1148 { &hf_wtls_record_type,
1150 "wsp.wtls.rec_type",
1151 FT_UINT8, BASE_DEC, VALS ( wtls_vals_record_type ), 0x0f,
1152 "Record Type", HFILL
1155 { &hf_wtls_record_length,
1157 "wsp.wtls.rec_length",
1158 FT_UINT16, BASE_DEC, NULL, 0x00,
1159 "Record Length", HFILL
1162 { &hf_wtls_record_sequence,
1163 { "Record Sequence",
1165 FT_UINT16, BASE_DEC, NULL, 0x00,
1166 "Record Sequence", HFILL
1169 { &hf_wtls_record_ciphered,
1170 { "Record Ciphered",
1171 "wsp.wtls.rec_cipher",
1172 FT_NONE, BASE_DEC, NULL, 0x00,
1173 "Record Ciphered", HFILL
1178 "wsp.wtls.handshake",
1179 FT_UINT8, BASE_HEX, VALS ( wtls_vals_handshake_type ), 0x00,
1183 { &hf_wtls_hands_type,
1185 "wsp.wtls.handshake.type",
1186 FT_UINT8, BASE_HEX, VALS ( wtls_vals_handshake_type ), 0x00,
1190 { &hf_wtls_hands_length,
1192 "wsp.wtls.handshake.length",
1193 FT_UINT16, BASE_DEC, NULL, 0x00,
1197 { &hf_wtls_hands_cli_hello,
1199 "wsp.wtls.handshake.client_hello",
1200 FT_NONE, BASE_NONE,NULL, 0x00,
1201 "Client Hello", HFILL
1204 { &hf_wtls_hands_cli_hello_version,
1206 "wsp.wtls.handshake.client_hello.version",
1207 FT_UINT8, BASE_DEC, NULL, 0x00,
1211 { &hf_wtls_hands_cli_hello_gmt,
1213 "wsp.wtls.handshake.client_hello.gmt",
1214 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1218 { &hf_wtls_hands_cli_hello_random,
1220 "wsp.wtls.handshake.client_hello.random",
1221 FT_NONE, BASE_DEC, NULL, 0x00,
1225 { &hf_wtls_hands_cli_hello_session,
1227 "wsp.wtls.handshake.client_hello.sessionid",
1228 FT_UINT32, BASE_DEC, NULL, 0x00,
1232 { &hf_wtls_hands_cli_hello_session_str,
1234 "wsp.wtls.handshake.client_hello.session.str",
1235 FT_STRING, BASE_DEC, NULL, 0x00,
1239 { &hf_wtls_hands_cli_hello_cli_key_id,
1241 "wsp.wtls.handshake.client_hello.client_keys_id",
1242 FT_NONE, BASE_DEC, NULL, 0x00,
1243 "Client Keys" , HFILL
1246 { &hf_wtls_hands_cli_hello_cli_key_len,
1248 "wsp.wtls.handshake.client_hello.client_keys_len",
1249 FT_UINT16, BASE_DEC, NULL, 0x00,
1253 { &hf_wtls_hands_cli_hello_trust_key_id,
1255 "wsp.wtls.handshake.client_hello.trusted_keys_id",
1256 FT_NONE, BASE_DEC, NULL, 0x00,
1257 "Trusted Keys" , HFILL
1260 { &hf_wtls_hands_cli_hello_key_exchange,
1262 "wsp.wtls.handshake.client_hello.key.key_exchange",
1263 FT_UINT8, BASE_HEX, VALS ( wtls_vals_key_exchange_suite ), 0x00,
1264 "Key Exchange", HFILL
1267 { &hf_wtls_hands_cli_hello_key_exchange_suite,
1269 "wsp.wtls.handshake.client_hello.key.key_exchange.suite",
1270 FT_UINT8, BASE_HEX, VALS ( wtls_vals_key_exchange_suite ), 0x00,
1274 { &hf_wtls_hands_cli_hello_key_parameter_index,
1275 { "Parameter Index",
1276 "wsp.wtls.handshake.client_hello.parameter_index",
1277 FT_UINT8, BASE_DEC, NULL, 0x00,
1278 "Parameter Index", HFILL
1281 { &hf_wtls_hands_cli_hello_key_parameter_set,
1283 "wsp.wtls.handshake.client_hello.parameter",
1284 FT_STRING, BASE_NONE, NULL, 0x00,
1285 "Parameter Set", HFILL
1288 { &hf_wtls_hands_cli_hello_key_identifier_type,
1289 { "Identifier Type",
1290 "wsp.wtls.handshake.client_hello.ident_type",
1291 FT_UINT8, BASE_HEX, VALS ( wtls_vals_identifier_type ), 0x00,
1292 "Identifier Type", HFILL
1295 { &hf_wtls_hands_cli_hello_key_identifier_charset,
1296 { "Identifier CharSet",
1297 "wsp.wtls.handshake.client_hello.ident_charset",
1298 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1299 "Identifier CharSet", HFILL
1302 { &hf_wtls_hands_cli_hello_key_identifier_size,
1303 { "Identifier Size",
1304 "wsp.wtls.handshake.client_hello.ident_size",
1305 FT_UINT8, BASE_DEC, NULL, 0x00,
1306 "Identifier Size", HFILL
1309 { &hf_wtls_hands_cli_hello_key_identifier,
1311 "wsp.wtls.handshake.client_hello.identifier",
1312 FT_NONE, BASE_HEX, NULL, 0x00,
1316 { &hf_wtls_hands_cli_hello_key_identifier_str,
1317 { "Identifier Name",
1318 "wsp.wtls.handshake.client_hello.ident_name",
1319 FT_STRING, BASE_HEX, NULL, 0x00,
1320 "Identifier Name", HFILL
1323 { &hf_wtls_hands_cli_hello_cipher_suite,
1325 "wsp.wtls.handshake.client_hello.ciphers",
1326 FT_NONE, BASE_DEC, NULL, 0x00,
1327 "Cipher Suite", HFILL
1330 { &hf_wtls_hands_cli_hello_cipher_suite_item,
1332 "wsp.wtls.handshake.client_hello.cipher",
1333 FT_STRING, BASE_DEC, NULL, 0x00,
1337 { &hf_wtls_hands_cli_hello_compression_methods,
1338 { "Compression Methods",
1339 "wsp.wtls.handshake.client_hello.comp_methods",
1340 FT_NONE, BASE_DEC, NULL, 0x00,
1341 "Compression Methods", HFILL
1344 { &hf_wtls_hands_cli_hello_compression,
1346 "wsp.wtls.handshake.client_hello.compression",
1347 FT_UINT8, BASE_HEX, VALS ( wtls_vals_compression ), 0x00,
1348 "Compression", HFILL
1351 { &hf_wtls_hands_cli_hello_sequence_mode,
1353 "wsp.wtls.handshake.client_hello.sequence_mode",
1354 FT_UINT8, BASE_HEX, VALS ( wtls_vals_sequence_mode ), 0x00,
1355 "Sequence Mode", HFILL
1358 { &hf_wtls_hands_cli_hello_key_refresh,
1360 "wsp.wtls.handshake.client_hello.refresh",
1361 FT_UINT8, BASE_DEC,NULL, 0x00,
1365 { &hf_wtls_hands_serv_hello,
1367 "wsp.wtls.handshake.server_hello",
1368 FT_NONE, BASE_NONE,NULL, 0x00,
1369 "Server Hello", HFILL
1372 { &hf_wtls_hands_serv_hello_version,
1374 "wsp.wtls.handshake.server_hello.version",
1375 FT_UINT8, BASE_DEC, NULL, 0x00,
1379 { &hf_wtls_hands_serv_hello_gmt,
1381 "wsp.wtls.handshake.server_hello.gmt",
1382 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1386 { &hf_wtls_hands_serv_hello_random,
1388 "wsp.wtls.handshake.server_hello.random",
1389 FT_NONE, BASE_DEC, NULL, 0x00,
1393 { &hf_wtls_hands_serv_hello_session,
1395 "wsp.wtls.handshake.server_hello.sessionid",
1396 FT_UINT32, BASE_DEC, NULL, 0x00,
1400 { &hf_wtls_hands_serv_hello_session_str,
1402 "wsp.wtls.handshake.server_hello.session.str",
1403 FT_STRING, BASE_DEC, NULL, 0x00,
1407 { &hf_wtls_hands_serv_hello_cli_key_id,
1409 "wsp.wtls.handshake.server_hello.key",
1410 FT_UINT8, BASE_HEX, NULL, 0x00,
1411 "Client Key ID", HFILL
1414 { &hf_wtls_hands_serv_hello_cipher_suite_item,
1416 "wsp.wtls.handshake.server_hello.cipher",
1417 FT_NONE, BASE_DEC, NULL, 0x00,
1421 { &hf_wtls_hands_serv_hello_cipher_bulk,
1423 "wsp.wtls.handshake.server_hello.cipher.bulk",
1424 FT_UINT8, BASE_HEX, VALS ( wtls_vals_cipher_bulk ), 0x00,
1425 "Cipher Bulk", HFILL
1428 { &hf_wtls_hands_serv_hello_cipher_mac,
1430 "wsp.wtls.handshake.server_hello.cipher.mac",
1431 FT_UINT8, BASE_HEX, VALS ( wtls_vals_cipher_mac ), 0x00,
1435 { &hf_wtls_hands_serv_hello_compression,
1437 "wsp.wtls.handshake.server_hello.compression",
1438 FT_UINT8, BASE_HEX, VALS ( wtls_vals_compression ), 0x00,
1439 "Compression", HFILL
1442 { &hf_wtls_hands_serv_hello_sequence_mode,
1444 "wsp.wtls.handshake.server_hello.sequence_mode",
1445 FT_UINT8, BASE_HEX, VALS ( wtls_vals_sequence_mode ), 0x00,
1446 "Sequence Mode", HFILL
1449 { &hf_wtls_hands_serv_hello_key_refresh,
1451 "wsp.wtls.handshake.server_hello.refresh",
1452 FT_UINT8, BASE_DEC,NULL, 0x00,
1456 { &hf_wtls_hands_certificates,
1458 "wsp.wtls.handshake.certificates",
1459 FT_NONE, BASE_DEC, NULL, 0x00,
1460 "Certificates", HFILL
1463 { &hf_wtls_hands_certificate,
1465 "wsp.wtls.handshake.certificate",
1466 FT_NONE, BASE_DEC, NULL, 0x00,
1467 "Certificate", HFILL
1470 { &hf_wtls_hands_certificate_type,
1472 "wsp.wtls.handshake.certificate.type",
1473 FT_UINT8, BASE_HEX, VALS ( wtls_vals_certificate_type ), 0x00,
1477 { &hf_wtls_hands_certificate_wtls_version,
1479 "wsp.wtls.handshake.certificate.version",
1480 FT_UINT8, BASE_HEX, NULL, 0x00,
1484 { &hf_wtls_hands_certificate_wtls_signature_type,
1486 "wsp.wtls.handshake.certificate.signature.type",
1487 FT_UINT8, BASE_HEX, VALS ( wtls_vals_certificate_signature ), 0x00,
1488 "Signature Type", HFILL
1491 { &hf_wtls_hands_certificate_wtls_signature,
1493 "wsp.wtls.handshake.certificate.signature.signature",
1494 FT_UINT32, BASE_DEC, NULL, 0x00,
1495 "Signature Size", HFILL
1498 { &hf_wtls_hands_certificate_wtls_issuer_type,
1500 "wsp.wtls.handshake.certificate.issuer.type",
1501 FT_UINT8, BASE_HEX, VALS ( wtls_vals_identifier_type ), 0x00,
1505 { &hf_wtls_hands_certificate_wtls_issuer_charset,
1507 "wsp.wtls.handshake.certificate.issuer.charset",
1508 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1512 { &hf_wtls_hands_certificate_wtls_issuer_name,
1514 "wsp.wtls.handshake.certificate.issuer.name",
1515 FT_STRING, BASE_NONE, NULL, 0x00,
1519 { &hf_wtls_hands_certificate_wtls_valid_not_before,
1520 { "Valid not before",
1521 "wsp.wtls.handshake.certificate.before",
1522 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1523 "Valid not before", HFILL
1526 { &hf_wtls_hands_certificate_wtls_valid_not_after,
1527 { "Valid not after",
1528 "wsp.wtls.handshake.certificate.after",
1529 FT_ABSOLUTE_TIME, BASE_NONE, NULL, 0x00,
1530 "Valid not after", HFILL
1533 { &hf_wtls_hands_certificate_wtls_subject_type,
1535 "wsp.wtls.handshake.certificate.subject.type",
1536 FT_UINT8, BASE_HEX, VALS ( wtls_vals_identifier_type ), 0x00,
1540 { &hf_wtls_hands_certificate_wtls_subject_charset,
1542 "wsp.wtls.handshake.certificate.subject.charset",
1543 FT_UINT16, BASE_HEX, VALS ( vals_character_sets ), 0x00,
1547 { &hf_wtls_hands_certificate_wtls_subject_name,
1549 "wsp.wtls.handshake.certificate.subject.name",
1550 FT_STRING, BASE_NONE, NULL, 0x00,
1554 { &hf_wtls_hands_certificate_wtls_public_key_type,
1555 { "Public Key Type",
1556 "wsp.wtls.handshake.certificate.public.type",
1557 FT_UINT8, BASE_HEX, VALS ( wtls_vals_public_key_type ), 0x00,
1558 "Public Key Type", HFILL
1561 { &hf_wtls_hands_certificate_wtls_key_parameter_index,
1562 { "Parameter Index",
1563 "wsp.wtls.handshake.certificate.parameter_index",
1564 FT_UINT8, BASE_DEC, NULL, 0x00,
1565 "Parameter Index", HFILL
1568 { &hf_wtls_hands_certificate_wtls_key_parameter_set,
1570 "wsp.wtls.handshake.certificate.parameter",
1571 FT_STRING, BASE_NONE, NULL, 0x00,
1572 "Parameter Set", HFILL
1575 { &hf_wtls_hands_certificate_wtls_rsa_exponent,
1576 { "RSA Exponent Size",
1577 "wsp.wtls.handshake.certificate.rsa.exponent",
1578 FT_UINT32, BASE_DEC, NULL, 0x00,
1579 "RSA Exponent Size", HFILL
1582 { &hf_wtls_hands_certificate_wtls_rsa_modules,
1583 { "RSA Modulus Size",
1584 "wsp.wtls.handshake.certificate.rsa.modules",
1585 FT_UINT32, BASE_DEC, NULL, 0x00,
1586 "RSA Modulus Size", HFILL
1592 FT_NONE, BASE_HEX, NULL, 0x00,
1596 { &hf_wtls_alert_level,
1598 "wsp.wtls.alert.level",
1599 FT_UINT8, BASE_HEX, VALS ( wtls_vals_alert_level ), 0x00,
1603 { &hf_wtls_alert_description,
1605 "wsp.wtls.alert.description",
1606 FT_UINT8, BASE_HEX, VALS ( wtls_vals_alert_description ), 0x00,
1607 "Description", HFILL
1612 /* Setup protocol subtree array */
1613 static gint *ett[] = {
1617 &ett_wtls_msg_type_item,
1618 &ett_wtls_msg_type_item_sub,
1619 &ett_wtls_msg_type_item_sub_sub,
1622 /* Register the protocol name and description */
1623 proto_wtls = proto_register_protocol(
1624 "Wireless Transport Layer Security", /* protocol name for use by ethereal */
1625 "WTLS", /* short version of name */
1626 "wap-wtls" /* Abbreviated protocol name, should Match IANA
1627 < URL:http://www.isi.edu/in-notes/iana/assignments/port-numbers/ >
1631 /* Required function calls to register the header fields and subtrees used */
1632 proto_register_field_array(proto_wtls, hf, array_length(hf));
1633 proto_register_subtree_array(ett, array_length(ett));
1635 register_dissector("wtls", dissect_wtls, proto_wtls);
1639 proto_reg_handoff_wtls(void)
1642 * Get handles for the IP WTP and WSP dissectors
1644 wtp_handle = find_dissector("wtp");
1645 wsp_handle = find_dissector("wsp");
1647 dissector_add("udp.port", UDP_PORT_WTLS_WSP, dissect_wtls, proto_wtls);
1648 dissector_add("udp.port", UDP_PORT_WTLS_WTP_WSP, dissect_wtls, proto_wtls);