DTLS: add support for use_srtp extension (RFC 5764)

Decryption support will be added later. Tested with
dtls-srtp-ws-sip.pcapng from the linked bug.

Change-Id: Ida1a2da754ef9aef16ad15ff64455b6f8e703ffd
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/18996
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

5 files changed, 114 insertions, 9 deletions

diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
index 21e3ec6226..ef4fe3736f 100644
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@@ -78,6 +78,17 @@ static proto_tree *top_tree;
  *
  *********************************************************************/
 
+/* https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */
+static const value_string srtp_protection_profile_vals[] = {
+  { 0x0001, "SRTP_AES128_CM_HMAC_SHA1_80" }, /* RFC 5764 */
+  { 0x0002, "SRTP_AES128_CM_HMAC_SHA1_32" },
+  { 0x0005, "SRTP_NULL_HMAC_SHA1_80" },
+  { 0x0006, "SRTP_NULL_HMAC_SHA1_32" },
+  { 0x0007, "SRTP_AEAD_AES_128_GCM" }, /* RFC 7714 */
+  { 0x0008, "SRTP_AEAD_AES_256_GCM" },
+  { 0x00, NULL },
+};
+
 /* Initialize the protocol and registered fields */
 static gint dtls_tap                            = -1;
 static gint exported_pdu_tap                    = -1;
@@ -116,6 +127,11 @@ static gint hf_dtls_fragment_count              = -1;
 static gint hf_dtls_reassembled_in              = -1;
 static gint hf_dtls_reassembled_length          = -1;
 
+static gint hf_dtls_hs_ext_use_srtp_protection_profiles_length  = -1;
+static gint hf_dtls_hs_ext_use_srtp_protection_profile          = -1;
+static gint hf_dtls_hs_ext_use_srtp_mki_length                  = -1;
+static gint hf_dtls_hs_ext_use_srtp_mki                         = -1;
+
 /* header fields used in ssl-utils, but defined here. */
 static dtls_hfs_t dtls_hfs = { -1, -1 };
 
@@ -1298,7 +1314,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
 
           case SSL_HND_HELLO_RETRY_REQUEST:
             ssl_dissect_hnd_hello_retry_request(&dissect_dtls_hf, sub_tvb, pinfo, ssl_hand_tree,
-                                                0, length, session, ssl);
+                                                0, length, session, ssl, TRUE);
             break;
 
           case SSL_HND_CERTIFICATE:
@@ -1478,6 +1494,59 @@ dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree,
   return offset;
 }
 
+gint
+dtls_dissect_hnd_hello_ext_use_srtp(tvbuff_t *tvb, proto_tree *tree,
+                                    guint32 offset, guint32 ext_len)
+{
+  /* From https://tools.ietf.org/html/rfc5764#section-4.1.1
+   *
+   * uint8 SRTPProtectionProfile[2];
+   *
+   * struct {
+   *    SRTPProtectionProfiles SRTPProtectionProfiles;
+   *    opaque srtp_mki<0..255>;
+   * } UseSRTPData;
+   *
+   * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
+   */
+
+  guint32 profiles_length, profiles_end, mki_length;
+
+  if (ext_len < 2) {
+    /* XXX expert info, record too small */
+    return offset + ext_len;
+  }
+
+  /* SRTPProtectionProfiles list length */
+  proto_tree_add_item_ret_uint(tree, hf_dtls_hs_ext_use_srtp_protection_profiles_length,
+      tvb, offset, 2, ENC_BIG_ENDIAN, &profiles_length);
+  if (profiles_length > ext_len - 2) {
+    /* XXX expert info because length exceeds extension_data field */
+    profiles_length = ext_len - 2;
+  }
+  offset += 2;
+
+  /* SRTPProtectionProfiles list items */
+  profiles_end = offset + profiles_length;
+  while (offset < profiles_end) {
+    proto_tree_add_item(tree, hf_dtls_hs_ext_use_srtp_protection_profile,
+        tvb, offset, 2, ENC_BIG_ENDIAN);
+    offset += 2;
+  }
+
+  /* MKI */
+  proto_tree_add_item_ret_uint(tree, hf_dtls_hs_ext_use_srtp_mki_length,
+      tvb, offset, 1, ENC_NA, &mki_length);
+  offset++;
+  if (mki_length > 0) {
+    proto_tree_add_item(tree, hf_dtls_hs_ext_use_srtp_mki,
+        tvb, offset, mki_length, ENC_NA);
+    offset += mki_length;
+  }
+
+  return offset;
+}
+
 /*********************************************************************
  *
  * Support Functions
@@ -1754,6 +1823,22 @@ proto_register_dtls(void)
       { "Reassembled DTLS length", "dtls.reassembled.length",
         FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
     },
+    { &hf_dtls_hs_ext_use_srtp_protection_profiles_length,
+      { "SRTP Protection Profiles Length", "dtls.use_srtp.protection_profiles_length",
+        FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL }
+    },
+    { &hf_dtls_hs_ext_use_srtp_protection_profile,
+      { "SRTP Protection Profile", "dtls.use_srtp.protection_profile",
+        FT_UINT16, BASE_HEX, VALS(srtp_protection_profile_vals), 0x00, NULL, HFILL }
+    },
+    { &hf_dtls_hs_ext_use_srtp_mki_length,
+      { "MKI Length", "dtls.use_srtp.mki_length",
+        FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL }
+    },
+    { &hf_dtls_hs_ext_use_srtp_mki,
+      { "MKI", "dtls.use_srtp.mki",
+        FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL }
+    },
     SSL_COMMON_HF_LIST(dissect_dtls_hf, "dtls")
   };
 
diff --git a/epan/dissectors/packet-dtls.h b/epan/dissectors/packet-dtls.h
index 49165b09ec..9c1d249c30 100644
--- a/epan/dissectors/packet-dtls.h
+++ b/epan/dissectors/packet-dtls.h
@@ -29,4 +29,11 @@
 WS_DLL_PUBLIC void dtls_dissector_add(guint port, dissector_handle_t handle);
 WS_DLL_PUBLIC void dtls_dissector_delete(guint port, dissector_handle_t handle);
 
+
+/* Shared with packet-ssl-utils.c */
+
+gint
+dtls_dissect_hnd_hello_ext_use_srtp(tvbuff_t *tvb, proto_tree *tree,
+                                    guint32 offset, guint32 ext_len);
+
 #endif  /* __PACKET_DTLS_H__ */
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 152fa7c6b9..32984f208a 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -53,6 +53,7 @@
 #include "packet-x509if.h"
 #include "packet-ssl-utils.h"
 #include "packet-ssl.h"
+#include "packet-dtls.h"
 #if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
 #include <gnutls/abstract.h>
 #endif
@@ -6128,7 +6129,8 @@ ssl_try_set_version(SslSession *session, SslDecryptSession *ssl,
 static gint
 ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
                           packet_info* pinfo, guint32 offset, guint32 left, guint8 hnd_type,
-                          SslSession *session, SslDecryptSession *ssl);
+                          SslSession *session, SslDecryptSession *ssl,
+                          gboolean is_dtls);
 void
 ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
                           packet_info *pinfo, proto_tree *tree, guint32 offset,
@@ -6243,7 +6245,7 @@ ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
     if (length > offset - start_offset) {
         ssl_dissect_hnd_hello_ext(hf, tvb, tree, pinfo, offset,
                                   length - (offset - start_offset), SSL_HND_CLIENT_HELLO,
-                                  session, ssl);
+                                  session, ssl, dtls_hfs != NULL);
     }
 }
 
@@ -6327,7 +6329,7 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
     if (length > offset - start_offset) {
         ssl_dissect_hnd_hello_ext(hf, tvb, tree, pinfo, offset,
                                   length - (offset - start_offset), SSL_HND_SERVER_HELLO,
-                                  session, ssl);
+                                  session, ssl, is_dtls);
     }
 }
 /* Client Hello and Server Hello dissections. }}} */
@@ -6384,7 +6386,8 @@ ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb,
 void
 ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb,
                                     packet_info* pinfo, proto_tree *tree, guint32 offset, guint32 length,
-                                    SslSession *session, SslDecryptSession *ssl)
+                                    SslSession *session, SslDecryptSession *ssl,
+                                    gboolean is_dtls)
 {
     /* struct {
      *     ProtocolVersion server_version;
@@ -6401,7 +6404,7 @@ ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb,
     if (length > offset - start_offset) {
         ssl_dissect_hnd_hello_ext(hf, tvb, tree, pinfo, offset,
                                   length - (offset - start_offset), SSL_HND_HELLO_RETRY_REQUEST,
-                                  session, ssl);
+                                  session, ssl, is_dtls);
     }
 }
 
@@ -6768,7 +6771,8 @@ ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tr
 static gint
 ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
                           packet_info* pinfo, guint32 offset, guint32 left, guint8 hnd_type,
-                          SslSession *session, SslDecryptSession *ssl)
+                          SslSession *session, SslDecryptSession *ssl,
+                          gboolean is_dtls)
 {
     guint16     extension_length;
     guint16     ext_type;
@@ -6856,6 +6860,14 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t
         case SSL_HND_HELLO_EXT_SERVER_NAME:
             offset = ssl_dissect_hnd_hello_ext_server_name(hf, tvb, ext_tree, offset, ext_len);
             break;
+        case SSL_HND_HELLO_EXT_USE_SRTP:
+            if (is_dtls) {
+                offset = dtls_dissect_hnd_hello_ext_use_srtp(tvb, ext_tree, offset, ext_len);
+            } else {
+                // XXX expert info: This extension MUST only be used with DTLS, and not with TLS.
+                offset += ext_len;
+            }
+            break;
         case SSL_HND_HELLO_EXT_HEARTBEAT:
             proto_tree_add_item(ext_tree, hf->hf.hs_ext_heartbeat_mode,
                                 tvb, offset, 1, ENC_BIG_ENDIAN);
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index 47f3311ecd..28d197a20b 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -842,7 +842,8 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info*
 extern void
 ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo,
                                     proto_tree *tree, guint32 offset, guint32 length,
-                                    SslSession *session, SslDecryptSession *ssl);
+                                    SslSession *session, SslDecryptSession *ssl,
+                                    gboolean is_dtls);
 
 extern void
 ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb,
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c
index 0e9e6ea137..94d91e21bf 100644
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@@ -2061,7 +2061,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
 
             case SSL_HND_HELLO_RETRY_REQUEST:
                 ssl_dissect_hnd_hello_retry_request(&dissect_ssl3_hf, tvb, pinfo, ssl_hand_tree,
-                                                    offset, length, session, ssl);
+                                                    offset, length, session, ssl, FALSE);
                 break;
 
             case SSL_HND_CERTIFICATE: