diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2014-06-23 23:14:06 +0200 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2014-07-03 17:02:40 +0200 |
| commit | 37b4dd2ef5f71402a01ce1bd55bc24f2bc80f95d (patch) | |
| tree | 9d31fc0972d15e825072604d3863d10d45b9a250 | |
| parent | bc55e679461940649b73db5badfbef309e0c4de8 (diff) | |
| download | wireshark-37b4dd2ef5f71402a01ce1bd55bc24f2bc80f95d.tar.gz | |
ssl: fix ClientKeyExchange, fix TLSv1.2 SKE for DH
Since DTLS and TLS do not differ in handling ClientKeyExchange and
ServerKeyExchange, its dissection got moved to ssl-utils. The code is
based on the SSL dissector, with header field names adjusted to the
DTLS ones (those got capitalized). Besides a version difference (for
signatures), the header field and function names, the DTLS and SSL code
are equal (this is verified).
This patch refactors the dissectors for DHE_RSA and ECDHE to make use of
a common function to dissect the signed_params field. All offset
tracking is also removed in favor of exception handling by the
proto_tree_add_item function. Occurrences of proto_tree_add_uint are
also replaced by proto_tree_add_item for simplicity.
After those changes, the SKE dissector for DH key exchanges is updated
to handle the mandatory signature field in TLSv1.2, using the newly
added function. (bug 9208)
Another bug occurred after the length check removal, pre-TLS and
OpenSSL's old DTLS implemenation do not include a vector length in
the CKE. This is now also fixed. (bug 10222)
Other minor changes: comments added/corrected, renamed
keyex_dh -> keyex_dhe (includes DHE_RSA and DHE_DSS).
Bug: 9208
Bug: 10222
Change-Id: I76e835d56a65c91facce46840d79c1c48ce8d5dd
Reviewed-on: https://code.wireshark.org/review/2542
Reviewed-by: Evan Huus <eapache@gmail.com>
(cherry picked from commit e22d3c9b744af8fa49806f1cde2100be85cc58cc)
| -rw-r--r-- | epan/dissectors/packet-dtls.c | 695 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 392 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 176 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl.c | 700 |
4 files changed, 570 insertions, 1393 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index b3f8d889ae..f1e286ddf4 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -128,32 +128,6 @@ static gint hf_dtls_handshake_certificate_len = -1; static gint hf_dtls_handshake_cert_types_count = -1; static gint hf_dtls_handshake_cert_types = -1; static gint hf_dtls_handshake_cert_type = -1; -static gint hf_dtls_handshake_server_keyex_p_len = -1; -static gint hf_dtls_handshake_server_keyex_g_len = -1; -static gint hf_dtls_handshake_server_keyex_ys_len = -1; -static gint hf_dtls_handshake_server_keyex_point_len = -1; -static gint hf_dtls_handshake_client_keyex_yc_len = -1; -static gint hf_dtls_handshake_client_keyex_point_len = -1; -static gint hf_dtls_handshake_client_keyex_epms_len = -1; -static gint hf_dtls_handshake_server_keyex_modulus_len = -1; -static gint hf_dtls_handshake_server_keyex_exponent_len = -1; -static gint hf_dtls_handshake_server_keyex_sig_len = -1; -static gint hf_dtls_handshake_server_keyex_p = -1; -static gint hf_dtls_handshake_server_keyex_g = -1; -static gint hf_dtls_handshake_server_keyex_ys = -1; -static gint hf_dtls_handshake_client_keyex_yc = -1; -static gint hf_dtls_handshake_server_keyex_curve_type = -1; -static gint hf_dtls_handshake_server_keyex_named_curve = -1; -static gint hf_dtls_handshake_server_keyex_point = -1; -static gint hf_dtls_handshake_client_keyex_epms = -1; -static gint hf_dtls_handshake_client_keyex_point = -1; -static gint hf_dtls_handshake_server_keyex_modulus = -1; -static gint hf_dtls_handshake_server_keyex_exponent = -1; -static gint hf_dtls_handshake_server_keyex_sig = -1; -static gint hf_dtls_handshake_server_keyex_hint_len = -1; -static gint hf_dtls_handshake_server_keyex_hint = -1; -static gint hf_dtls_handshake_client_keyex_identity_len = -1; -static gint hf_dtls_handshake_client_keyex_identity = -1; static gint hf_dtls_handshake_finished = -1; /* static gint hf_dtls_handshake_md5_hash = -1; */ /* static gint hf_dtls_handshake_sha_hash = -1; */ @@ -190,7 +164,6 @@ static gint ett_dtls_cipher_suites = -1; static gint ett_dtls_comp_methods = -1; static gint ett_dtls_random = -1; static gint ett_dtls_new_ses_ticket = -1; -static gint ett_dtls_keyex_params = -1; static gint ett_dtls_certs = -1; static gint ett_dtls_cert_types = -1; static gint ett_dtls_dnames = -1; @@ -396,49 +369,11 @@ static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb, packet_info *pinfo, const SslSession *session); -static void dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session); - -static void dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session); - -static void dissect_dtls_hnd_srv_keyex_psk(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_cli_keyex_ecdh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_cli_keyex_dh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_cli_keyex_rsa(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_cli_keyex_psk(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_cli_keyex_rsa_psk(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); static void dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset, const SslSession *session); - /* * Support Functions * @@ -1492,23 +1427,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_SERVER_KEY_EXCHG: - switch (ssl_get_keyex_alg(session->cipher)) { - case KEX_DH: - dissect_dtls_hnd_srv_keyex_dh(tvb, ssl_hand_tree, offset, length); - break; - case KEX_RSA: - dissect_dtls_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length, session); - break; - case KEX_ECDH: - dissect_dtls_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length, session); - break; - case KEX_RSA_PSK: - case KEX_PSK: - dissect_dtls_hnd_srv_keyex_psk(tvb, ssl_hand_tree, offset, length); - break; - default: - break; - } + ssl_dissect_hnd_srv_keyex(&dissect_dtls_hf, tvb, ssl_hand_tree, offset, length, session); break; case SSL_HND_CERT_REQUEST: @@ -1524,25 +1443,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_CLIENT_KEY_EXCHG: - switch (ssl_get_keyex_alg(session->cipher)) { - case KEX_DH: - dissect_dtls_hnd_cli_keyex_dh(tvb, ssl_hand_tree, offset, length); - break; - case KEX_RSA: - dissect_dtls_hnd_cli_keyex_rsa(tvb, ssl_hand_tree, offset, length); - break; - case KEX_ECDH: - dissect_dtls_hnd_cli_keyex_ecdh(tvb, ssl_hand_tree, offset, length); - break; - case KEX_PSK: - dissect_dtls_hnd_cli_keyex_psk(tvb, ssl_hand_tree, offset, length); - break; - case KEX_RSA_PSK: - dissect_dtls_hnd_cli_keyex_rsa_psk(tvb, ssl_hand_tree, offset, length); - break; - default: - break; - } + ssl_dissect_hnd_cli_keyex(&dissect_dtls_hf, tvb, ssl_hand_tree, offset, length, session); /* here we can have all the data to build session key */ if (!ssl) break; @@ -2232,467 +2133,6 @@ dissect_dtls_hnd_cert_req(tvbuff_t *tvb, static void -dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session) -{ - gint curve_type, curve_type_offset; - gint named_curve, named_curve_offset; - gint point_len, point_len_offset; - gint sig_len, sig_len_offset; - gint sig_algo, sig_algo_offset; - proto_item *ti_ecdh; - proto_item *ti_algo; - proto_tree *ssl_ecdh_tree; - proto_tree *ssl_algo_tree; - guint32 orig_offset; - - orig_offset = offset; - - curve_type_offset = offset; - curve_type = tvb_get_guint8(tvb, offset); - if (curve_type != 3) - return; /* only named_curves are supported */ - offset += 1; - if ((offset - orig_offset) > length) { - return; - } - - named_curve_offset = offset; - named_curve = tvb_get_ntohs(tvb, offset); - offset += 2; - if ((offset - orig_offset) > length) { - return; - } - - point_len_offset = offset; - point_len = tvb_get_guint8(tvb, offset); - if ((offset + point_len - orig_offset) > length) { - return; - } - offset += 1 + point_len; - - switch (session->version) { - case SSL_VER_DTLS1DOT2: - sig_algo_offset = offset; - sig_algo = tvb_get_ntohs(tvb, offset); - offset += 2; - if ((offset - orig_offset) > length) { - return; - } - break; - - default: - sig_algo_offset = 0; - sig_algo = 0; - break; - } - - sig_len_offset = offset; - sig_len = tvb_get_ntohs(tvb, offset); - offset += 2 + sig_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "EC Diffie-Hellman Server Params"); - ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_dtls_keyex_params); - - /* curve_type */ - proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_curve_type, - tvb, curve_type_offset, 1, curve_type); - - /* named_curve */ - proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_named_curve, - tvb, named_curve_offset, 2, named_curve); - - /* point */ - proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_point_len, - tvb, point_len_offset, 1, point_len); - proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_point, - tvb, point_len_offset+1, point_len, ENC_NA); - - switch (session->version) { - case SSL_VER_DTLS1DOT2: - ti_algo = proto_tree_add_uint(ssl_ecdh_tree, dissect_dtls_hf.hf.hs_sig_hash_alg, - tvb, offset, 2, sig_algo); - ssl_algo_tree = proto_item_add_subtree(ti_algo, dissect_dtls_hf.ett.hs_sig_hash_alg); - - proto_tree_add_item(ssl_algo_tree, dissect_dtls_hf.hf.hs_sig_hash_hash, - tvb, sig_algo_offset, 1, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_algo_tree, dissect_dtls_hf.hf.hs_sig_hash_sig, - tvb, sig_algo_offset+1, 1, ENC_BIG_ENDIAN); - break; - - default: - break; - } - - /* Sig */ - proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_sig_len, - tvb, sig_len_offset, 2, sig_len); - proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_sig, - tvb, sig_len_offset + 2, sig_len, ENC_NA); - -} - -static void -dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint p_len, p_len_offset; - gint g_len, g_len_offset; - gint ys_len, ys_len_offset; - gint sig_len, sig_len_offset; - proto_item *ti_dh; - proto_tree *ssl_dh_tree; - guint32 orig_offset; - - orig_offset = offset; - - p_len_offset = offset; - p_len = tvb_get_ntohs(tvb, offset); - offset += 2 + p_len; - if ((offset - orig_offset) > length) { - return; - } - - g_len_offset = offset; - g_len = tvb_get_ntohs(tvb, offset); - offset += 2 + g_len; - if ((offset - orig_offset) > length) { - return; - } - - ys_len_offset = offset; - ys_len = tvb_get_ntohs(tvb, offset); - offset += 2 + ys_len; - if ((offset - orig_offset) > length) { - return; - } - - sig_len_offset = offset; - sig_len = tvb_get_ntohs(tvb, offset); - offset += 2 + sig_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_dh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "Diffie-Hellman Server Params"); - ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_dtls_keyex_params); - - /* p */ - proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_p_len, - tvb, p_len_offset, 2, p_len); - proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_p, - tvb, p_len_offset + 2, p_len, ENC_NA); - - /* g */ - proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_g_len, - tvb, g_len_offset, 2, g_len); - proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_g, - tvb, g_len_offset + 2, g_len, ENC_NA); - - /* Ys */ - proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_ys_len, - tvb, ys_len_offset, 2, ys_len); - proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_ys, - tvb, ys_len_offset + 2, ys_len, ENC_NA); - - /* Sig */ - proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_sig_len, - tvb, sig_len_offset, 2, sig_len); - proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_sig, - tvb, sig_len_offset + 2, sig_len, ENC_NA); - -} - -/* Used in RSA PSK cipher suites */ -static void -dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session) -{ - gint modulus_len, modulus_len_offset; - gint exponent_len, exponent_len_offset; - gint sig_len, sig_len_offset; - gint sig_algo, sig_algo_offset; - proto_item *ti_rsa; - proto_item *ti_algo; - proto_tree *ssl_rsa_tree; - proto_tree *ssl_algo_tree; - guint32 orig_offset; - - orig_offset = offset; - - modulus_len_offset = offset; - modulus_len = tvb_get_ntohs(tvb, offset); - offset += 2 + modulus_len; - if ((offset - orig_offset) > length) { - return; - } - - exponent_len_offset = offset; - exponent_len = tvb_get_ntohs(tvb, offset); - offset += 2 + exponent_len; - if ((offset - orig_offset) > length) { - return; - } - - switch (session->version) { - case SSL_VER_DTLS1DOT2: - sig_algo_offset = offset; - sig_algo = tvb_get_ntohs(tvb, offset); - offset += 2; - if ((offset - orig_offset) > length) { - return; - } - break; - - default: - sig_algo_offset = 0; - sig_algo = 0; - break; - } - - sig_len_offset = offset; - sig_len = tvb_get_ntohs(tvb, offset); - offset += 2 + sig_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_rsa = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "RSA-EXPORT Server Params"); - ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_dtls_keyex_params); - - /* modulus */ - proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_modulus_len, - tvb, modulus_len_offset, 2, modulus_len); - proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_modulus, - tvb, modulus_len_offset + 2, modulus_len, ENC_NA); - - /* exponent */ - proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_exponent_len, - tvb, exponent_len_offset, 2, exponent_len); - proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_exponent, - tvb, exponent_len_offset + 2, exponent_len, ENC_NA); - - switch (session->version) { - case SSL_VER_DTLS1DOT2: - ti_algo = proto_tree_add_uint(ssl_rsa_tree, dissect_dtls_hf.hf.hs_sig_hash_alg, - tvb, offset, 2, sig_algo); - ssl_algo_tree = proto_item_add_subtree(ti_algo, dissect_dtls_hf.ett.hs_sig_hash_alg); - - proto_tree_add_item(ssl_algo_tree, dissect_dtls_hf.hf.hs_sig_hash_hash, - tvb, sig_algo_offset, 1, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_algo_tree, dissect_dtls_hf.hf.hs_sig_hash_sig, - tvb, sig_algo_offset+1, 1, ENC_BIG_ENDIAN); - break; - - default: - break; - } - - /* Sig */ - proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_sig_len, - tvb, sig_len_offset, 2, sig_len); - proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_sig, - tvb, sig_len_offset + 2, sig_len, ENC_NA); - -} - -/* Used in RSA PSK and PSK cipher suites */ -static void -dissect_dtls_hnd_srv_keyex_psk(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - guint hint_len; - proto_item *ti_psk; - proto_tree *ssl_psk_tree; - - hint_len = tvb_get_ntohs(tvb, offset); - if ((2 + hint_len) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_psk = proto_tree_add_text(tree, tvb, offset, - length, "PSK Server Params"); - ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params); - - /* hint */ - proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_server_keyex_hint_len, - tvb, offset, 2, hint_len); - proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_server_keyex_hint, - tvb, offset + 2, hint_len, ENC_NA); -} - -static void -dissect_dtls_hnd_cli_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint point_len, point_len_offset; - proto_item *ti_ecdh; - proto_tree *ssl_ecdh_tree; - guint32 orig_offset; - - orig_offset = offset; - - point_len_offset = offset; - point_len = tvb_get_guint8(tvb, offset); - if ((offset + point_len - orig_offset) > length) { - return; - } - offset += 1 + point_len; - - ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "EC Diffie-Hellman Client Params"); - ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_dtls_keyex_params); - - /* point */ - proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_client_keyex_point_len, - tvb, point_len_offset, 1, point_len); - proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_client_keyex_point, - tvb, point_len_offset+1, point_len, ENC_NA); - -} - -static void -dissect_dtls_hnd_cli_keyex_dh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint yc_len, yc_len_offset; - proto_item *ti_dh; - proto_tree *ssl_dh_tree; - guint32 orig_offset; - - orig_offset = offset; - - yc_len_offset = offset; - yc_len = tvb_get_ntohs(tvb, offset); - offset += 2 + yc_len; - if ((offset - orig_offset) != length) { - return; - } - - ti_dh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "Diffie-Hellman Client Params"); - ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_dtls_keyex_params); - - /* encrypted PreMaster secret */ - proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_client_keyex_yc_len, - tvb, yc_len_offset, 2, yc_len); - proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_client_keyex_yc, - tvb, yc_len_offset + 2, yc_len, ENC_NA); -} - -static void -dissect_dtls_hnd_cli_keyex_rsa(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint epms_len, epms_len_offset; - proto_item *ti_rsa; - proto_tree *ssl_rsa_tree; - guint32 orig_offset; - - orig_offset = offset; - - epms_len_offset = offset; - epms_len = tvb_get_ntohs(tvb, offset); - offset += 2 + epms_len; - if ((offset - orig_offset) != length) { - return; - } - - ti_rsa = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "RSA Encrypted PreMaster Secret"); - ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_dtls_keyex_params); - - /* Yc */ - proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_client_keyex_epms_len, - tvb, epms_len_offset, 2, epms_len); - proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_client_keyex_epms, - tvb, epms_len_offset + 2, epms_len, ENC_NA); -} - -/* Used in PSK cipher suites */ -static void -dissect_dtls_hnd_cli_keyex_psk(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - guint identity_len; - proto_item *ti_psk; - proto_tree *ssl_psk_tree; - - identity_len = tvb_get_ntohs(tvb, offset); - if ((2 + identity_len) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_psk = proto_tree_add_text(tree, tvb, offset, - length, "PSK Client Params"); - ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params); - - /* identity */ - proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity_len, - tvb, offset, 2, identity_len); - proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity, - tvb, offset + 2, identity_len, ENC_NA); -} - -/* Used in RSA PSK cipher suites */ -static void -dissect_dtls_hnd_cli_keyex_rsa_psk(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint identity_len, identity_len_offset; - gint epms_len, epms_len_offset; - proto_item *ti_psk; - proto_tree *ssl_psk_tree; - guint32 orig_offset; - - orig_offset = offset; - - identity_len_offset = offset; - identity_len = tvb_get_ntohs(tvb, offset); - offset += 2 + identity_len; - if ((offset - orig_offset) > length) { - return; - } - - epms_len_offset = offset; - epms_len = tvb_get_ntohs(tvb, offset); - offset += 2 + epms_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_psk = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "RSA PSK Client Params"); - ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params); - - /* identity */ - proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity_len, - tvb, identity_len_offset, 2, identity_len); - proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity, - tvb, identity_len_offset + 2, identity_len, ENC_NA); - - /* Yc */ - proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_epms_len, - tvb, epms_len_offset, 2, epms_len); - proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_epms, - tvb, epms_len_offset + 2, epms_len, ENC_NA); -} - -static void dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset, const SslSession *session) { @@ -3074,136 +2514,6 @@ proto_register_dtls(void) FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0, NULL, HFILL } }, - { &hf_dtls_handshake_server_keyex_p_len, - { "p Length", "dtls.handshake.p_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of p", HFILL } - }, - { &hf_dtls_handshake_server_keyex_g_len, - { "g Length", "dtls.handshake.g_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of g", HFILL } - }, - { &hf_dtls_handshake_server_keyex_ys_len, - { "Pubkey Length", "dtls.handshake.ys_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of server's Diffie-Hellman public key", HFILL } - }, - { &hf_dtls_handshake_client_keyex_yc_len, - { "Pubkey Length", "dtls.handshake.yc_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of client's Diffie-Hellman public key", HFILL } - }, - { &hf_dtls_handshake_client_keyex_point_len, - { "Pubkey Length", "dtls.handshake.client_point_len", - FT_UINT8, BASE_DEC, NULL, 0x0, - "Length of client's EC Diffie-Hellman public key", HFILL } - }, - { &hf_dtls_handshake_server_keyex_point_len, - { "Pubkey Length", "dtls.handshake.server_point_len", - FT_UINT8, BASE_DEC, NULL, 0x0, - "Length of server's EC Diffie-Hellman public key", HFILL } - }, - { &hf_dtls_handshake_client_keyex_epms_len, - { "Encrypted PreMaster length", "dtls.handshake.epms_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of encrypted PreMaster secret", HFILL } - }, - { &hf_dtls_handshake_client_keyex_epms, - { "Encrypted PreMaster", "dtls.handshake.epms", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Encrypted PreMaster secret", HFILL } - }, - { &hf_dtls_handshake_server_keyex_modulus_len, - { "Modulus Length", "dtls.handshake.modulus_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of RSA-EXPORT modulus", HFILL } - }, - { &hf_dtls_handshake_server_keyex_exponent_len, - { "Exponent Length", "dtls.handshake.exponent_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of RSA-EXPORT exponent", HFILL } - }, - { &hf_dtls_handshake_server_keyex_sig_len, - { "Signature Length", "dtls.handshake.sig_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of Signature", HFILL } - }, - { &hf_dtls_handshake_server_keyex_p, - { "p", "dtls.handshake.p", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman p", HFILL } - }, - { &hf_dtls_handshake_server_keyex_g, - { "g", "dtls.handshake.g", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman g", HFILL } - }, - { &hf_dtls_handshake_server_keyex_curve_type, - { "Curve Type", "dtls.handshake.server_curve_type", - FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0, - "Server curve_type", HFILL } - }, - { &hf_dtls_handshake_server_keyex_named_curve, - { "Named Curve", "dtls.handshake.server_named_curve", - FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, - "Server named_curve", HFILL } - }, - { &hf_dtls_handshake_server_keyex_ys, - { "Pubkey", "dtls.handshake.ys", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman server pubkey", HFILL } - }, - { &hf_dtls_handshake_client_keyex_yc, - { "Pubkey", "dtls.handshake.yc", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman client pubkey", HFILL } - }, - { &hf_dtls_handshake_server_keyex_point, - { "Pubkey", "dtls.handshake.server_point", - FT_BYTES, BASE_NONE, NULL, 0x0, - "EC Diffie-Hellman server pubkey", HFILL } - }, - { &hf_dtls_handshake_client_keyex_point, - { "Pubkey", "dtls.handshake.client_point", - FT_BYTES, BASE_NONE, NULL, 0x0, - "EC Diffie-Hellman client pubkey", HFILL } - }, - { &hf_dtls_handshake_server_keyex_modulus, - { "Modulus", "dtls.handshake.modulus", - FT_BYTES, BASE_NONE, NULL, 0x0, - "RSA-EXPORT modulus", HFILL } - }, - { &hf_dtls_handshake_server_keyex_exponent, - { "Exponent", "dtls.handshake.exponent", - FT_BYTES, BASE_NONE, NULL, 0x0, - "RSA-EXPORT exponent", HFILL } - }, - { &hf_dtls_handshake_server_keyex_sig, - { "Signature", "dtls.handshake.sig", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman server signature", HFILL } - }, - { &hf_dtls_handshake_server_keyex_hint_len, - { "Hint Length", "dtls.handshake.hint_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of PSK Hint", HFILL } - }, - { &hf_dtls_handshake_server_keyex_hint, - { "Hint", "dtls.handshake.hint", - FT_BYTES, BASE_NONE, NULL, 0x0, - "PSK Hint", HFILL } - }, - { &hf_dtls_handshake_client_keyex_identity_len, - { "Identity Length", "dtls.handshake.identity_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of PSK Identity", HFILL } - }, - { &hf_dtls_handshake_client_keyex_identity, - { "Identity", "dtls.handshake.identity", - FT_BYTES, BASE_NONE, NULL, 0x0, - "PSK Identity", HFILL } - }, { &hf_dtls_handshake_finished, { "Verify Data", "dtls.handshake.verify_data", FT_NONE, BASE_NONE, NULL, 0x0, @@ -3324,7 +2634,6 @@ proto_register_dtls(void) &ett_dtls_comp_methods, &ett_dtls_random, &ett_dtls_new_ses_ticket, - &ett_dtls_keyex_params, &ett_dtls_certs, &ett_dtls_cert_types, &ett_dtls_dnames, diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 46b3ff50e8..f7ab484efd 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -5373,6 +5373,398 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t return offset; } + +/* ClientKeyExchange algo-specific dissectors */ + +static void +dissect_ssl3_hnd_cli_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, + guint32 length) +{ + gint point_len; + proto_item *ti_ecdh; + proto_tree *ssl_ecdh_tree; + + ti_ecdh = proto_tree_add_text(tree, tvb, offset, length, + "EC Diffie-Hellman Client Params"); + ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, hf->ett.keyex_params); + + /* point */ + point_len = tvb_get_guint8(tvb, offset); + proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point_len, tvb, + offset, 1, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point, tvb, + offset + 1, point_len, ENC_NA); +} + +static void +dissect_ssl3_hnd_cli_keyex_dh(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 length) +{ + gint yc_len; + proto_item *ti_dh; + proto_tree *ssl_dh_tree; + + ti_dh = proto_tree_add_text(tree, tvb, offset, length, + "Diffie-Hellman Client Params"); + ssl_dh_tree = proto_item_add_subtree(ti_dh, hf->ett.keyex_params); + + /* ClientDiffieHellmanPublic.dh_public (explicit) */ + yc_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc_len, tvb, + offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc, tvb, + offset + 2, yc_len, ENC_NA); +} + +static void +dissect_ssl3_hnd_cli_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, + guint32 length, const SslSession *session) +{ + gint epms_len; + proto_item *ti_rsa; + proto_tree *ssl_rsa_tree; + + ti_rsa = proto_tree_add_text(tree, tvb, offset, length, + "RSA Encrypted PreMaster Secret"); + ssl_rsa_tree = proto_item_add_subtree(ti_rsa, hf->ett.keyex_params); + + /* EncryptedPreMasterSecret.pre_master_secret */ + switch (session->version) { + case SSL_VER_SSLv2: + case SSL_VER_SSLv3: + case SSL_VER_DTLS_OPENSSL: + /* OpenSSL pre-0.9.8f DTLS and pre-TLS quirk: 2-octet length vector is + * not present. The handshake contents represents the EPMS, see: + * https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10222 */ + epms_len = length; + break; + + default: + /* TLS and DTLS include vector length before EPMS */ + epms_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms_len, tvb, + offset, 2, ENC_BIG_ENDIAN); + offset += 2; + break; + } + proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms, tvb, + offset, epms_len, ENC_NA); +} + +/* Used in PSK cipher suites */ +static void +dissect_ssl3_hnd_cli_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 length) +{ + guint identity_len; + proto_item *ti_psk; + proto_tree *ssl_psk_tree; + + ti_psk = proto_tree_add_text(tree, tvb, offset, length, + "PSK Client Params"); + ssl_psk_tree = proto_item_add_subtree(ti_psk, hf->ett.keyex_params); + + /* identity */ + identity_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, tvb, + offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, tvb, + offset + 2, identity_len, ENC_NA); +} + +/* Used in RSA PSK cipher suites */ +static void +dissect_ssl3_hnd_cli_keyex_rsa_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, + guint32 length) +{ + gint identity_len, epms_len; + proto_item *ti_psk; + proto_tree *ssl_psk_tree; + + ti_psk = proto_tree_add_text(tree, tvb, offset, length, + "RSA PSK Client Params"); + ssl_psk_tree = proto_item_add_subtree(ti_psk, hf->ett.keyex_params); + + /* identity */ + identity_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, + tvb, offset + 2, identity_len, ENC_NA); + offset += 2 + identity_len; + + /* Yc */ + epms_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms_len, tvb, + offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms, tvb, + offset + 2, epms_len, ENC_NA); +} + + +/* ServerKeyExchange algo-specific dissectors */ + +/* dissects signed_params inside a ServerKeyExchange for some keyex algos */ +static void +dissect_ssl3_hnd_srv_keyex_sig(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, + const SslSession *session) +{ + gint sig_len; + proto_item *ti_algo; + proto_tree *ssl_algo_tree; + + switch (session->version) { + case SSL_VER_TLSv1DOT2: + case SSL_VER_DTLS1DOT2: + ti_algo = proto_tree_add_item(tree, hf->hf.hs_sig_hash_alg, tvb, + offset, 2, ENC_BIG_ENDIAN); + ssl_algo_tree = proto_item_add_subtree(ti_algo, hf->ett.hs_sig_hash_alg); + + /* SignatureAndHashAlgorithm { hash, signature } */ + proto_tree_add_item(ssl_algo_tree, hf->hf.hs_sig_hash_hash, tvb, + offset, 1, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_algo_tree, hf->hf.hs_sig_hash_sig, tvb, + offset + 1, 1, ENC_BIG_ENDIAN); + offset += 2; + break; + + default: + break; + } + + /* Sig */ + sig_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(tree, hf->hf.hs_server_keyex_sig_len, tvb, + offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(tree, hf->hf.hs_server_keyex_sig, tvb, + offset + 2, sig_len, ENC_NA); +} + +static void +dissect_ssl3_hnd_srv_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, + guint32 length, const SslSession *session) +{ + /* + * RFC 4492 ECC cipher suites for TLS + * + * struct { + * ECCurveType curve_type; + * select (curve_type) { + * case explicit_prime: + * ... + * case explicit_char2: + * ... + * case named_curve: + * NamedCurve namedcurve; + * }; + * } ECParameters; + * + * struct { + * opaque point <1..2^8-1>; + * } ECPoint; + * + * struct { + * ECParameters curve_params; + * ECPoint public; + * } ServerECDHParams; + * + * select (KeyExchangeAlgorithm) { + * case ec_diffie_hellman: + * ServerECDHParams params; + * Signature signed_params; + * } ServerKeyExchange; + */ + + gint curve_type; + gint point_len; + proto_item *ti_ecdh; + proto_tree *ssl_ecdh_tree; + + ti_ecdh = proto_tree_add_text(tree, tvb, offset, length, + "EC Diffie-Hellman Server Params"); + ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, hf->ett.keyex_params); + + /* ECParameters.curve_type */ + curve_type = tvb_get_guint8(tvb, offset); + proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_curve_type, tvb, + offset, 1, ENC_BIG_ENDIAN); + offset++; + if (curve_type != 3) + return; /* only named_curves are supported */ + + /* case curve_type == named_curve; ECParameters.namedcurve */ + proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_named_curve, tvb, + offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + /* ECPoint.point */ + point_len = tvb_get_guint8(tvb, offset); + proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point_len, tvb, + offset, 1, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point, tvb, + offset + 1, point_len, ENC_NA); + offset += 1 + point_len; + + /* Signature */ + dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, ssl_ecdh_tree, offset, session); +} + +static void +dissect_ssl3_hnd_srv_keyex_dhe(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 length, + const SslSession *session) +{ + gint p_len, g_len, ys_len; + proto_item *ti_dh; + proto_tree *ssl_dh_tree; + + ti_dh = proto_tree_add_text(tree, tvb, offset, length, + "Diffie-Hellman Server Params"); + ssl_dh_tree = proto_item_add_subtree(ti_dh, hf->ett.keyex_params); + + /* p */ + p_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p_len, tvb, + offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p, tvb, + offset + 2, p_len, ENC_NA); + offset += 2 + p_len; + + /* g */ + g_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g_len, tvb, + offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g, tvb, + offset + 2, g_len, ENC_NA); + offset += 2 + g_len; + + /* Ys */ + ys_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_uint(ssl_dh_tree, hf->hf.hs_server_keyex_ys_len, tvb, + offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_ys, tvb, + offset + 2, ys_len, ENC_NA); + offset += 2 + ys_len; + + /* Signature */ + dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, ssl_dh_tree, offset, session); +} + +/* Only used in RSA-EXPORT cipher suites */ +static void +dissect_ssl3_hnd_srv_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 length, + const SslSession *session) +{ + gint modulus_len, exponent_len; + proto_item *ti_rsa; + proto_tree *ssl_rsa_tree; + + ti_rsa = proto_tree_add_text(tree, tvb, offset, length, + "RSA-EXPORT Server Params"); + ssl_rsa_tree = proto_item_add_subtree(ti_rsa, hf->ett.keyex_params); + + /* modulus */ + modulus_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus_len, tvb, + offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus, tvb, + offset + 2, modulus_len, ENC_NA); + offset += 2 + modulus_len; + + /* exponent */ + exponent_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent, + tvb, offset + 2, exponent_len, ENC_NA); + offset += 2 + exponent_len; + + /* Signature */ + dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, ssl_rsa_tree, offset, session); +} + +/* Used in RSA PSK and PSK cipher suites */ +static void +dissect_ssl3_hnd_srv_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 length) +{ + guint hint_len; + proto_item *ti_psk; + proto_tree *ssl_psk_tree; + + hint_len = tvb_get_ntohs(tvb, offset); + if ((2 + hint_len) != length) { + /* Lengths don't line up (wasn't what we expected?) */ + return; + } + + ti_psk = proto_tree_add_text(tree, tvb, offset, length, + "PSK Server Params"); + ssl_psk_tree = proto_item_add_subtree(ti_psk, hf->ett.keyex_params); + + /* hint */ + proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint_len, tvb, + offset, 2, ENC_BIG_ENDIAN); + proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint, tvb, + offset + 2, hint_len, ENC_NA); +} + + +void +ssl_dissect_hnd_cli_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 length, + const SslSession *session) +{ + switch (ssl_get_keyex_alg(session->cipher)) { + case KEX_RSA: /* rsa: EncryptedPreMasterSecret */ + dissect_ssl3_hnd_cli_keyex_rsa(hf, tvb, tree, offset, length, session); + break; + case KEX_DH: /* DHE_RSA: ClientDiffieHellmanPublic */ + /* XXX: DHE_DSS, DH_DSS, DH_RSA, DH_ANON; same format */ + dissect_ssl3_hnd_cli_keyex_dh(hf, tvb, tree, offset, length); + break; + case KEX_ECDH: /* ec_diffie_hellman: ClientECDiffieHellmanPublic */ + dissect_ssl3_hnd_cli_keyex_ecdh(hf, tvb, tree, offset, length); + break; + case KEX_PSK: + dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset, length); + break; + case KEX_RSA_PSK: + dissect_ssl3_hnd_cli_keyex_rsa_psk(hf, tvb, tree, offset, length); + break; + } +} + +void +ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 length, + const SslSession *session) +{ + switch (ssl_get_keyex_alg(session->cipher)) { + case KEX_DH: /* DHE_RSA: ServerDHParams + signature */ + /* XXX: DHE_DSS, same format */ + /* XXX: DHE_ANON, almost the same, but without signed_params */ + dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, tree, offset, length, session); + break; + case KEX_RSA: /* TLSv1.0 and older: RSA_EXPORT cipher suites */ + dissect_ssl3_hnd_srv_keyex_rsa(hf, tvb, tree, offset, length, session); + break; + case KEX_ECDH: /* ec_diffie_hellman: ServerECDHParams + signature */ + dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, tree, offset, length, session); + break; + case KEX_RSA_PSK: + case KEX_PSK: + dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset, length); + break; + } +} + #ifdef HAVE_LIBGNUTLS void ssl_common_register_options(module_t *module, ssl_common_options_t *options) diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index b0e7ca5b07..f81db3ef0c 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -636,6 +636,32 @@ typedef struct ssl_common_dissect { gint hs_sig_hash_algs; gint hs_sig_hash_hash; gint hs_sig_hash_sig; + gint hs_client_keyex_epms_len; + gint hs_client_keyex_epms; + gint hs_server_keyex_modulus_len; + gint hs_server_keyex_exponent_len; + gint hs_server_keyex_sig_len; + gint hs_server_keyex_p_len; + gint hs_server_keyex_g_len; + gint hs_server_keyex_ys_len; + gint hs_client_keyex_yc_len; + gint hs_client_keyex_point_len; + gint hs_server_keyex_point_len; + gint hs_server_keyex_p; + gint hs_server_keyex_g; + gint hs_server_keyex_curve_type; + gint hs_server_keyex_named_curve; + gint hs_server_keyex_ys; + gint hs_client_keyex_yc; + gint hs_server_keyex_point; + gint hs_client_keyex_point; + gint hs_server_keyex_modulus; + gint hs_server_keyex_exponent; + gint hs_server_keyex_sig; + gint hs_server_keyex_hint_len; + gint hs_server_keyex_hint; + gint hs_client_keyex_identity_len; + gint hs_client_keyex_identity; } hf; struct { gint hs_ext; @@ -650,6 +676,7 @@ typedef struct ssl_common_dissect { gint hs_sig_hash_alg; gint hs_sig_hash_algs; gint urlhash; + gint keyex_params; } ett; struct { expert_field hs_ext_cert_status_undecoded; @@ -668,15 +695,27 @@ ssl_dissect_hash_alg_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t extern void ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset); +extern void +ssl_dissect_hnd_cli_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 length, + const SslSession *session); + +extern void +ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 length, + const SslSession *session); + #define SSL_COMMON_LIST_T(name) \ ssl_common_dissect_t name = { \ /* hf */ { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ + -1, -1, -1, -1, -1, \ }, \ /* ett */ { \ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ }, \ /* ei */ { \ EI_INIT, \ @@ -894,6 +933,136 @@ ssl_common_dissect_t name = { \ FT_UINT8, BASE_DEC, VALS(tls_signature_algorithm), 0x0, \ NULL, HFILL } \ }, \ + { & name .hf.hs_client_keyex_epms_len, \ + { "Encrypted PreMaster length", prefix ".handshake.epms_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of encrypted PreMaster secret", HFILL } \ + }, \ + { & name .hf.hs_client_keyex_epms, \ + { "Encrypted PreMaster", prefix ".handshake.epms", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "Encrypted PreMaster secret", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_modulus_len, \ + { "Modulus Length", prefix ".handshake.modulus_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of RSA-EXPORT modulus", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_exponent_len, \ + { "Exponent Length", prefix ".handshake.exponent_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of RSA-EXPORT exponent", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_sig_len, \ + { "Signature Length", prefix ".handshake.sig_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of Signature", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_p_len, \ + { "p Length", prefix ".handshake.p_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of p", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_g_len, \ + { "g Length", prefix ".handshake.g_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of g", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_ys_len, \ + { "Pubkey Length", prefix ".handshake.ys_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of server's Diffie-Hellman public key", HFILL } \ + }, \ + { & name .hf.hs_client_keyex_yc_len, \ + { "Pubkey Length", prefix ".handshake.yc_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of client's Diffie-Hellman public key", HFILL } \ + }, \ + { & name .hf.hs_client_keyex_point_len, \ + { "Pubkey Length", prefix ".handshake.client_point_len", \ + FT_UINT8, BASE_DEC, NULL, 0x0, \ + "Length of client's EC Diffie-Hellman public key", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_point_len, \ + { "Pubkey Length", prefix ".handshake.server_point_len", \ + FT_UINT8, BASE_DEC, NULL, 0x0, \ + "Length of server's EC Diffie-Hellman public key", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_p, \ + { "p", prefix ".handshake.p", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "Diffie-Hellman p", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_g, \ + { "g", prefix ".handshake.g", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "Diffie-Hellman g", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_curve_type, \ + { "Curve Type", prefix ".handshake.server_curve_type", \ + FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0, \ + "Server curve_type", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_named_curve, \ + { "Named Curve", prefix ".handshake.server_named_curve", \ + FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \ + "Server named_curve", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_ys, \ + { "Pubkey", prefix ".handshake.ys", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "Diffie-Hellman server pubkey", HFILL } \ + }, \ + { & name .hf.hs_client_keyex_yc, \ + { "Pubkey", prefix ".handshake.yc", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "Diffie-Hellman client pubkey", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_point, \ + { "Pubkey", prefix ".handshake.server_point", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "EC Diffie-Hellman server pubkey", HFILL } \ + }, \ + { & name .hf.hs_client_keyex_point, \ + { "Pubkey", prefix ".handshake.client_point", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "EC Diffie-Hellman client pubkey", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_modulus, \ + { "Modulus", prefix ".handshake.modulus", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "RSA-EXPORT modulus", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_exponent, \ + { "Exponent", prefix ".handshake.exponent", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "RSA-EXPORT exponent", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_sig, \ + { "Signature", prefix ".handshake.sig", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "Diffie-Hellman server signature", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_hint_len, \ + { "Hint Length", prefix ".handshake.hint_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of PSK Hint", HFILL } \ + }, \ + { & name .hf.hs_server_keyex_hint, \ + { "Hint", prefix ".handshake.hint", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "PSK Hint", HFILL } \ + }, \ + { & name .hf.hs_client_keyex_identity_len, \ + { "Identity Length", prefix ".handshake.identity_len", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "Length of PSK Identity", HFILL } \ + }, \ + { & name .hf.hs_client_keyex_identity, \ + { "Identity", prefix ".handshake.identity", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "PSK Identity", HFILL } \ + }, \ { & name .hf.hs_ext_heartbeat_mode, \ { "Mode", prefix ".handshake.extension.heartbeat.mode", \ FT_UINT8, BASE_DEC, VALS(tls_heartbeat_mode), 0x0, \ @@ -912,7 +1081,8 @@ ssl_common_dissect_t name = { \ & name .ett.hs_ext_server_name, \ & name .ett.hs_sig_hash_alg, \ & name .ett.hs_sig_hash_algs, \ - & name .ett.urlhash + & name .ett.urlhash, \ + & name .ett.keyex_params #define SSL_COMMON_EI_LIST(name, prefix) \ diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 0485aabec3..de3fe926cb 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -171,32 +171,6 @@ static gint hf_ssl_handshake_cert_types = -1; static gint hf_ssl_handshake_cert_type = -1; static gint hf_ssl_handshake_client_cert_vrfy_sig_len = -1; static gint hf_ssl_handshake_client_cert_vrfy_sig = -1; -static gint hf_ssl_handshake_server_keyex_p_len = -1; -static gint hf_ssl_handshake_server_keyex_g_len = -1; -static gint hf_ssl_handshake_server_keyex_ys_len = -1; -static gint hf_ssl_handshake_server_keyex_point_len = -1; -static gint hf_ssl_handshake_client_keyex_yc_len = -1; -static gint hf_ssl_handshake_client_keyex_point_len = -1; -static gint hf_ssl_handshake_client_keyex_epms_len = -1; -static gint hf_ssl_handshake_server_keyex_modulus_len = -1; -static gint hf_ssl_handshake_server_keyex_exponent_len = -1; -static gint hf_ssl_handshake_server_keyex_sig_len = -1; -static gint hf_ssl_handshake_server_keyex_p = -1; -static gint hf_ssl_handshake_server_keyex_g = -1; -static gint hf_ssl_handshake_server_keyex_ys = -1; -static gint hf_ssl_handshake_client_keyex_yc = -1; -static gint hf_ssl_handshake_server_keyex_curve_type = -1; -static gint hf_ssl_handshake_server_keyex_named_curve = -1; -static gint hf_ssl_handshake_server_keyex_point = -1; -static gint hf_ssl_handshake_client_keyex_epms = -1; -static gint hf_ssl_handshake_client_keyex_point = -1; -static gint hf_ssl_handshake_server_keyex_modulus = -1; -static gint hf_ssl_handshake_server_keyex_exponent = -1; -static gint hf_ssl_handshake_server_keyex_sig = -1; -static gint hf_ssl_handshake_server_keyex_hint_len = -1; -static gint hf_ssl_handshake_server_keyex_hint = -1; -static gint hf_ssl_handshake_client_keyex_identity_len = -1; -static gint hf_ssl_handshake_client_keyex_identity = -1; static gint hf_ssl_handshake_cert_status = -1; static gint hf_ssl_handshake_cert_status_type = -1; static gint hf_ssl_handshake_cert_status_len = -1; @@ -270,7 +244,6 @@ static gint ett_ssl_cert_types = -1; static gint ett_ssl_dnames = -1; static gint ett_ssl_random = -1; static gint ett_ssl_new_ses_ticket = -1; -static gint ett_ssl_keyex_params = -1; static gint ett_ssl_cli_sig = -1; static gint ett_ssl_cert_status = -1; static gint ett_ssl_ocsp_resp = -1; @@ -549,50 +522,10 @@ static void dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, guint32 offset, packet_info *pinfo, const SslSession *session); -static void dissect_ssl3_hnd_srv_keyex_ecdh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session); - - -static void dissect_ssl3_hnd_srv_keyex_dh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_ssl3_hnd_srv_keyex_rsa(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session); - -static void dissect_ssl3_hnd_srv_keyex_psk(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - static void dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint32 length); -static void dissect_ssl3_hnd_cli_keyex_ecdh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_ssl3_hnd_cli_keyex_dh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_ssl3_hnd_cli_keyex_rsa(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_ssl3_hnd_cli_keyex_psk(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_ssl3_hnd_cli_keyex_rsa_psk(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - - static void dissect_ssl3_hnd_finished(tvbuff_t *tvb, proto_tree *tree, const guint32 offset, @@ -2046,25 +1979,8 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, dissect_ssl3_hnd_cert(tvb, ssl_hand_tree, offset, pinfo); break; - case SSL_HND_SERVER_KEY_EXCHG: { - switch (ssl_get_keyex_alg(session->cipher)) { - case KEX_DH: - dissect_ssl3_hnd_srv_keyex_dh(tvb, ssl_hand_tree, offset, length); - break; - case KEX_RSA: - dissect_ssl3_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length, session); - break; - case KEX_ECDH: - dissect_ssl3_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length, session); - break; - case KEX_RSA_PSK: - case KEX_PSK: - dissect_ssl3_hnd_srv_keyex_psk(tvb, ssl_hand_tree, offset, length); - break; - default: - break; - } - } + case SSL_HND_SERVER_KEY_EXCHG: + ssl_dissect_hnd_srv_keyex(&dissect_ssl3_hf, tvb, ssl_hand_tree, offset, length, session); break; case SSL_HND_CERT_REQUEST: @@ -2080,25 +1996,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_CLIENT_KEY_EXCHG: - switch (ssl_get_keyex_alg(session->cipher)) { - case KEX_DH: - dissect_ssl3_hnd_cli_keyex_dh(tvb, ssl_hand_tree, offset, length); - break; - case KEX_RSA: - dissect_ssl3_hnd_cli_keyex_rsa(tvb, ssl_hand_tree, offset, length); - break; - case KEX_ECDH: - dissect_ssl3_hnd_cli_keyex_ecdh(tvb, ssl_hand_tree, offset, length); - break; - case KEX_PSK: - dissect_ssl3_hnd_cli_keyex_psk(tvb, ssl_hand_tree, offset, length); - break; - case KEX_RSA_PSK: - dissect_ssl3_hnd_cli_keyex_rsa_psk(tvb, ssl_hand_tree, offset, length); - break; - default: - break; - } + ssl_dissect_hnd_cli_keyex(&dissect_ssl3_hf, tvb, ssl_hand_tree, offset, length, session); /* PAOLO: here we can have all the data to build session key*/ if (!ssl) @@ -2777,337 +2675,6 @@ dissect_ssl3_hnd_cert_req(tvbuff_t *tvb, } } -static void -dissect_ssl3_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session) -{ - gint curve_type, curve_type_offset; - gint named_curve, named_curve_offset; - gint point_len, point_len_offset; - gint sig_len, sig_len_offset; - gint sig_algo, sig_algo_offset; - proto_item *ti_ecdh; - proto_item *ti_algo; - proto_tree *ssl_ecdh_tree; - proto_tree *ssl_algo_tree; - guint32 orig_offset; - - orig_offset = offset; - - curve_type_offset = offset; - curve_type = tvb_get_guint8(tvb, offset); - if (curve_type != 3) - return; /* only named_curves are supported */ - offset += 1; - if ((offset - orig_offset) > length) { - return; - } - - named_curve_offset = offset; - named_curve = tvb_get_ntohs(tvb, offset); - offset += 2; - if ((offset - orig_offset) > length) { - return; - } - - point_len_offset = offset; - point_len = tvb_get_guint8(tvb, offset); - if ((offset + point_len - orig_offset) > length) { - return; - } - offset += 1 + point_len; - - switch (session->version) { - case SSL_VER_TLSv1DOT2: - sig_algo_offset = offset; - sig_algo = tvb_get_ntohs(tvb, offset); - offset += 2; - if ((offset - orig_offset) > length) { - return; - } - break; - - default: - sig_algo_offset = 0; - sig_algo = 0; - break; - } - - sig_len_offset = offset; - sig_len = tvb_get_ntohs(tvb, offset); - offset += 2 + sig_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "EC Diffie-Hellman Server Params"); - ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_ssl_keyex_params); - - /* curve_type */ - proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_curve_type, - tvb, curve_type_offset, 1, curve_type); - - /* named_curve */ - proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_named_curve, - tvb, named_curve_offset, 2, named_curve); - - /* point */ - proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point_len, - tvb, point_len_offset, 1, point_len); - proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_point, - tvb, point_len_offset+1, point_len, ENC_NA); - - switch (session->version) { - case SSL_VER_TLSv1DOT2: - ti_algo = proto_tree_add_uint(ssl_ecdh_tree, dissect_ssl3_hf.hf.hs_sig_hash_alg, - tvb, offset, 2, sig_algo); - ssl_algo_tree = proto_item_add_subtree(ti_algo, dissect_ssl3_hf.ett.hs_sig_hash_alg); - - proto_tree_add_item(ssl_algo_tree, dissect_ssl3_hf.hf.hs_sig_hash_hash, - tvb, sig_algo_offset, 1, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_algo_tree, dissect_ssl3_hf.hf.hs_sig_hash_sig, - tvb, sig_algo_offset+1, 1, ENC_BIG_ENDIAN); - break; - - default: - break; - } - - /* Sig */ - proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_sig_len, - tvb, sig_len_offset, 2, sig_len); - proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_server_keyex_sig, - tvb, sig_len_offset + 2, sig_len, ENC_NA); - -} - -static void -dissect_ssl3_hnd_cli_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint point_len, point_len_offset; - proto_item *ti_ecdh; - proto_tree *ssl_ecdh_tree; - guint32 orig_offset; - - orig_offset = offset; - - point_len_offset = offset; - point_len = tvb_get_guint8(tvb, offset); - if ((offset + point_len - orig_offset) > length) { - return; - } - offset += 1 + point_len; - - ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "EC Diffie-Hellman Client Params"); - ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_ssl_keyex_params); - - /* point */ - proto_tree_add_uint(ssl_ecdh_tree, hf_ssl_handshake_client_keyex_point_len, - tvb, point_len_offset, 1, point_len); - proto_tree_add_item(ssl_ecdh_tree, hf_ssl_handshake_client_keyex_point, - tvb, point_len_offset+1, point_len, ENC_NA); - -} - -static void -dissect_ssl3_hnd_srv_keyex_dh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint p_len, p_len_offset; - gint g_len, g_len_offset; - gint ys_len, ys_len_offset; - gint sig_len, sig_len_offset; - proto_item *ti_dh; - proto_tree *ssl_dh_tree; - guint32 orig_offset; - - orig_offset = offset; - - p_len_offset = offset; - p_len = tvb_get_ntohs(tvb, offset); - offset += 2 + p_len; - if ((offset - orig_offset) > length) { - return; - } - - g_len_offset = offset; - g_len = tvb_get_ntohs(tvb, offset); - offset += 2 + g_len; - if ((offset - orig_offset) > length) { - return; - } - - ys_len_offset = offset; - ys_len = tvb_get_ntohs(tvb, offset); - offset += 2 + ys_len; - if ((offset - orig_offset) > length) { - return; - } - - sig_len_offset = offset; - sig_len = tvb_get_ntohs(tvb, offset); - offset += 2 + sig_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_dh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "Diffie-Hellman Server Params"); - ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_ssl_keyex_params); - - /* p */ - proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_p_len, - tvb, p_len_offset, 2, p_len); - proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_p, - tvb, p_len_offset + 2, p_len, ENC_NA); - - /* g */ - proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_g_len, - tvb, g_len_offset, 2, g_len); - proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_g, - tvb, g_len_offset + 2, g_len, ENC_NA); - - /* Ys */ - proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys_len, - tvb, ys_len_offset, 2, ys_len); - proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_ys, - tvb, ys_len_offset + 2, ys_len, ENC_NA); - - /* Sig */ - proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_server_keyex_sig_len, - tvb, sig_len_offset, 2, sig_len); - proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_server_keyex_sig, - tvb, sig_len_offset + 2, sig_len, ENC_NA); - -} - -/* Only used in RSA-EXPORT cipher suites */ -static void -dissect_ssl3_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session) -{ - gint modulus_len, modulus_len_offset; - gint exponent_len, exponent_len_offset; - gint sig_len, sig_len_offset; - gint sig_algo, sig_algo_offset; - proto_item *ti_rsa; - proto_item *ti_algo; - proto_tree *ssl_rsa_tree; - proto_tree *ssl_algo_tree; - guint32 orig_offset; - - orig_offset = offset; - - modulus_len_offset = offset; - modulus_len = tvb_get_ntohs(tvb, offset); - offset += 2 + modulus_len; - if ((offset - orig_offset) > length) { - return; - } - - exponent_len_offset = offset; - exponent_len = tvb_get_ntohs(tvb, offset); - offset += 2 + exponent_len; - if ((offset - orig_offset) > length) { - return; - } - - switch (session->version) { - case SSL_VER_TLSv1DOT2: - sig_algo_offset = offset; - sig_algo = tvb_get_ntohs(tvb, offset); - offset += 2; - if ((offset - orig_offset) > length) { - return; - } - break; - - default: - sig_algo_offset = 0; - sig_algo = 0; - break; - } - - sig_len_offset = offset; - sig_len = tvb_get_ntohs(tvb, offset); - offset += 2 + sig_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_rsa = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "RSA-EXPORT Server Params"); - ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_ssl_keyex_params); - - /* modulus */ - proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus_len, - tvb, modulus_len_offset, 2, modulus_len); - proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_modulus, - tvb, modulus_len_offset + 2, modulus_len, ENC_NA); - - /* exponent */ - proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent_len, - tvb, exponent_len_offset, 2, exponent_len); - proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_exponent, - tvb, exponent_len_offset + 2, exponent_len, ENC_NA); - - switch (session->version) { - case SSL_VER_TLSv1DOT2: - ti_algo = proto_tree_add_uint(ssl_rsa_tree, dissect_ssl3_hf.hf.hs_sig_hash_alg, - tvb, offset, 2, sig_algo); - ssl_algo_tree = proto_item_add_subtree(ti_algo, dissect_ssl3_hf.ett.hs_sig_hash_alg); - - proto_tree_add_item(ssl_algo_tree, dissect_ssl3_hf.hf.hs_sig_hash_hash, - tvb, sig_algo_offset, 1, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_algo_tree, dissect_ssl3_hf.hf.hs_sig_hash_sig, - tvb, sig_algo_offset+1, 1, ENC_BIG_ENDIAN); - break; - - default: - break; - } - - /* Sig */ - proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_server_keyex_sig_len, - tvb, sig_len_offset, 2, sig_len); - proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_server_keyex_sig, - tvb, sig_len_offset + 2, sig_len, ENC_NA); - -} - -/* Used in RSA PSK and PSK cipher suites */ -static void -dissect_ssl3_hnd_srv_keyex_psk(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - guint hint_len; - proto_item *ti_psk; - proto_tree *ssl_psk_tree; - - hint_len = tvb_get_ntohs(tvb, offset); - if ((2 + hint_len) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_psk = proto_tree_add_text(tree, tvb, offset, - length, "PSK Server Params"); - ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_ssl_keyex_params); - - /* hint */ - proto_tree_add_item(ssl_psk_tree, hf_ssl_handshake_server_keyex_hint_len, - tvb, offset, 2, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_psk_tree, hf_ssl_handshake_server_keyex_hint, - tvb, offset + 2, hint_len, ENC_NA); -} static void dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb, proto_tree *tree, @@ -3145,136 +2712,6 @@ dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb, proto_tree *tree, tvb, offset+2, length-2, ENC_NA); } -static void -dissect_ssl3_hnd_cli_keyex_dh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint yc_len, yc_len_offset; - proto_item *ti_dh; - proto_tree *ssl_dh_tree; - guint32 orig_offset; - - orig_offset = offset; - - yc_len_offset = offset; - yc_len = tvb_get_ntohs(tvb, offset); - offset += 2 + yc_len; - if ((offset - orig_offset) != length) { - return; - } - - ti_dh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "Diffie-Hellman Client Params"); - ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_ssl_keyex_params); - - /* encrypted PreMaster secret */ - proto_tree_add_uint(ssl_dh_tree, hf_ssl_handshake_client_keyex_yc_len, - tvb, yc_len_offset, 2, yc_len); - proto_tree_add_item(ssl_dh_tree, hf_ssl_handshake_client_keyex_yc, - tvb, yc_len_offset + 2, yc_len, ENC_NA); -} - -static void -dissect_ssl3_hnd_cli_keyex_rsa(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint epms_len, epms_len_offset; - proto_item *ti_rsa; - proto_tree *ssl_rsa_tree; - guint32 orig_offset; - - orig_offset = offset; - - epms_len_offset = offset; - epms_len = tvb_get_ntohs(tvb, offset); - offset += 2 + epms_len; - if ((offset - orig_offset) != length) { - return; - } - - ti_rsa = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "RSA Encrypted PreMaster Secret"); - ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_ssl_keyex_params); - - /* Yc */ - proto_tree_add_uint(ssl_rsa_tree, hf_ssl_handshake_client_keyex_epms_len, - tvb, epms_len_offset, 2, epms_len); - proto_tree_add_item(ssl_rsa_tree, hf_ssl_handshake_client_keyex_epms, - tvb, epms_len_offset + 2, epms_len, ENC_NA); -} - -/* Used in PSK cipher suites */ -static void -dissect_ssl3_hnd_cli_keyex_psk(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - guint identity_len; - proto_item *ti_psk; - proto_tree *ssl_psk_tree; - - identity_len = tvb_get_ntohs(tvb, offset); - if ((2 + identity_len) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_psk = proto_tree_add_text(tree, tvb, offset, - length, "PSK Client Params"); - ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_ssl_keyex_params); - - /* identity */ - proto_tree_add_item(ssl_psk_tree, hf_ssl_handshake_client_keyex_identity_len, - tvb, offset, 2, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_psk_tree, hf_ssl_handshake_client_keyex_identity, - tvb, offset + 2, identity_len, ENC_NA); -} - -/* Used in RSA PSK cipher suites */ -static void -dissect_ssl3_hnd_cli_keyex_rsa_psk(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint identity_len, identity_len_offset; - gint epms_len, epms_len_offset; - proto_item *ti_psk; - proto_tree *ssl_psk_tree; - guint32 orig_offset; - - orig_offset = offset; - - identity_len_offset = offset; - identity_len = tvb_get_ntohs(tvb, offset); - offset += 2 + identity_len; - if ((offset - orig_offset) > length) { - return; - } - - epms_len_offset = offset; - epms_len = tvb_get_ntohs(tvb, offset); - offset += 2 + epms_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_psk = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "RSA PSK Client Params"); - ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_ssl_keyex_params); - - /* identity */ - proto_tree_add_item(ssl_psk_tree, hf_ssl_handshake_client_keyex_identity_len, - tvb, identity_len_offset, 2, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_psk_tree, hf_ssl_handshake_client_keyex_identity, - tvb, identity_len_offset + 2, identity_len, ENC_NA); - - /* Yc */ - proto_tree_add_item(ssl_psk_tree, hf_ssl_handshake_client_keyex_epms_len, - tvb, epms_len_offset, 2, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_psk_tree, hf_ssl_handshake_client_keyex_epms, - tvb, epms_len_offset + 2, epms_len, ENC_NA); -} - - static void @@ -5096,136 +4533,6 @@ proto_register_ssl(void) FT_BYTES, BASE_NONE, NULL, 0x0, "CertificateVerify's signature", HFILL } }, - { &hf_ssl_handshake_server_keyex_p_len, - { "p Length", "ssl.handshake.p_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of p", HFILL } - }, - { &hf_ssl_handshake_server_keyex_g_len, - { "g Length", "ssl.handshake.g_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of g", HFILL } - }, - { &hf_ssl_handshake_server_keyex_ys_len, - { "Pubkey Length", "ssl.handshake.ys_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of server's Diffie-Hellman public key", HFILL } - }, - { &hf_ssl_handshake_client_keyex_yc_len, - { "Pubkey Length", "ssl.handshake.yc_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of client's Diffie-Hellman public key", HFILL } - }, - { &hf_ssl_handshake_client_keyex_point_len, - { "Pubkey Length", "ssl.handshake.client_point_len", - FT_UINT8, BASE_DEC, NULL, 0x0, - "Length of client's EC Diffie-Hellman public key", HFILL } - }, - { &hf_ssl_handshake_server_keyex_point_len, - { "Pubkey Length", "ssl.handshake.server_point_len", - FT_UINT8, BASE_DEC, NULL, 0x0, - "Length of server's EC Diffie-Hellman public key", HFILL } - }, - { &hf_ssl_handshake_client_keyex_epms_len, - { "Encrypted PreMaster length", "ssl.handshake.epms_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of encrypted PreMaster secret", HFILL } - }, - { &hf_ssl_handshake_client_keyex_epms, - { "Encrypted PreMaster", "ssl.handshake.epms", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Encrypted PreMaster secret", HFILL } - }, - { &hf_ssl_handshake_server_keyex_modulus_len, - { "modulus Length", "ssl.handshake.modulus_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of RSA-EXPORT modulus", HFILL } - }, - { &hf_ssl_handshake_server_keyex_exponent_len, - { "exponent Length", "ssl.handshake.exponent_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of RSA-EXPORT exponent", HFILL } - }, - { &hf_ssl_handshake_server_keyex_sig_len, - { "Signature Length", "ssl.handshake.sig_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of Signature", HFILL } - }, - { &hf_ssl_handshake_server_keyex_p, - { "p", "ssl.handshake.p", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman p", HFILL } - }, - { &hf_ssl_handshake_server_keyex_g, - { "g", "ssl.handshake.g", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman g", HFILL } - }, - { &hf_ssl_handshake_server_keyex_curve_type, - { "curve_type", "ssl.handshake.server_curve_type", - FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0, - "Server curve_type", HFILL } - }, - { &hf_ssl_handshake_server_keyex_named_curve, - { "named_curve", "ssl.handshake.server_named_curve", - FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, - "Server named_curve", HFILL } - }, - { &hf_ssl_handshake_server_keyex_ys, - { "pubkey", "ssl.handshake.ys", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman server pubkey", HFILL } - }, - { &hf_ssl_handshake_client_keyex_yc, - { "pubkey", "ssl.handshake.yc", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman client pubkey", HFILL } - }, - { &hf_ssl_handshake_server_keyex_point, - { "pubkey", "ssl.handshake.server_point", - FT_BYTES, BASE_NONE, NULL, 0x0, - "EC Diffie-Hellman server pubkey", HFILL } - }, - { &hf_ssl_handshake_client_keyex_point, - { "pubkey", "ssl.handshake.client_point", - FT_BYTES, BASE_NONE, NULL, 0x0, - "EC Diffie-Hellman client pubkey", HFILL } - }, - { &hf_ssl_handshake_server_keyex_modulus, - { "modulus", "ssl.handshake.modulus", - FT_BYTES, BASE_NONE, NULL, 0x0, - "RSA-EXPORT modulus", HFILL } - }, - { &hf_ssl_handshake_server_keyex_exponent, - { "exponent", "ssl.handshake.exponent", - FT_BYTES, BASE_NONE, NULL, 0x0, - "RSA-EXPORT exponent", HFILL } - }, - { &hf_ssl_handshake_server_keyex_sig, - { "signature", "ssl.handshake.sig", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman server signature", HFILL } - }, - { &hf_ssl_handshake_server_keyex_hint_len, - { "Hint Length", "ssl.handshake.hint_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of PSK Hint", HFILL } - }, - { &hf_ssl_handshake_server_keyex_hint, - { "Hint", "ssl.handshake.hint", - FT_BYTES, BASE_NONE, NULL, 0x0, - "PSK Hint", HFILL } - }, - { &hf_ssl_handshake_client_keyex_identity_len, - { "Identity Length", "ssl.handshake.identity_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of PSK Identity", HFILL } - }, - { &hf_ssl_handshake_client_keyex_identity, - { "Identity", "ssl.handshake.identity", - FT_BYTES, BASE_NONE, NULL, 0x0, - "PSK Identity", HFILL } - }, { &hf_ssl_handshake_cert_status, { "Certificate Status", "ssl.handshake.cert_status", FT_NONE, BASE_NONE, NULL, 0x0, @@ -5525,7 +4832,6 @@ proto_register_ssl(void) &ett_ssl_dnames, &ett_ssl_random, &ett_ssl_new_ses_ticket, - &ett_ssl_keyex_params, &ett_ssl_cli_sig, &ett_ssl_cert_status, &ett_ssl_ocsp_resp, |