ssl: add expert info for session resumption

Add expert info to the Change Cipher Spec tree when session resumption is detected. This can be used as hint that decryption using a RSA key file will not succeed because of missing key material. The name of this expert info is "ssl.resumed" or "dtls.resumed" and the expert info message is "This session reuses previously negotiated keys (Session resumption)". Change-Id: I4a83edb13417631c97d6cfc4a57e2086bd217878 Reviewed-on: https://code.wireshark.org/review/11583 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Peter Wu <peter@lekensteyn.nl> 2015-11-05 11:14:21 +0100
committer: Anders Broman <a.broman58@gmail.com> 2015-11-07 07:40:32 +0000
commit: e0cf8b6ccfdde4a256645979f39b2e46b92e963c (patch)
tree: 48b3a63dd56db9311d835294178f3215ef465ae1 /epan/dissectors/packet-dtls.c
parent: f542ab8e8ef5919fd9c2d4bbbf05ae0d7dc7e9d1 (diff)
download: wireshark-e0cf8b6ccfdde4a256645979f39b2e46b92e963c.tar.gz
1 files changed, 5 insertions, 38 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c
index f90e9cab4c..900aed3b09 100644
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@@ -87,7 +87,6 @@ static gint hf_dtls_record_epoch                = -1;
 static gint hf_dtls_record_sequence_number      = -1;
 static gint hf_dtls_record_length               = -1;
 static gint hf_dtls_record_appdata              = -1;
-static gint hf_dtls_change_cipher_spec          = -1;
 static gint hf_dtls_alert_message               = -1;
 static gint hf_dtls_alert_message_level         = -1;
 static gint hf_dtls_alert_message_description   = -1;
@@ -287,12 +286,6 @@ static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
                                 SslSession *session, gint is_from_server,
                                 SslDecryptSession *conv_data);
 
-/* change cipher spec dissector */
-static void dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
-                                            proto_tree *tree,
-                                            guint32 offset,
-                                            const SslSession *session, guint8 content_type);
-
 /* alert message dissector */
 static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
                                proto_tree *tree, guint32 offset,
@@ -802,8 +795,9 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
   switch ((ContentType) content_type) {
   case SSL_ID_CHG_CIPHER_SPEC:
     col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
-    dissect_dtls_change_cipher_spec(tvb, dtls_record_tree,
-                                    offset, session, content_type);
+    ssl_dissect_change_cipher_spec(&dissect_dtls_hf, tvb, pinfo,
+                                   dtls_record_tree, offset, session,
+                                   is_from_server, ssl);
     if (ssl) {
         ssl_load_keyfile(dtls_options.keylog_filename, &dtls_keylog_file,
                          &dtls_master_key_map);
@@ -971,29 +965,6 @@ dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo,
   return offset;
 }
 
-/* dissects the change cipher spec protocol, filling in the tree */
-static void
-dissect_dtls_change_cipher_spec(tvbuff_t *tvb,
-                                proto_tree *tree, guint32 offset,
-                                const SslSession *session, guint8 content_type)
-{
-  /*
-   * struct {
-   *     enum { change_cipher_spec(1), (255) } type;
-   * } ChangeCipherSpec;
-   *
-   */
-  if (tree)
-    {
-      proto_item_set_text(tree,
-                          "%s Record Layer: %s Protocol: Change Cipher Spec",
-                          val_to_str_const(session->version, ssl_version_short_names, "SSL"),
-                          val_to_str_const(content_type, ssl_31_content_type, "unknown"));
-      proto_tree_add_item(tree, hf_dtls_change_cipher_spec, tvb,
-                          offset, 1, ENC_NA);
-    }
-}
-
 /* dissects the alert message, filling in the tree */
 static void
 dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo,
@@ -1366,7 +1337,8 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
             break;
 
           case SSL_HND_SVR_HELLO_DONE:
-            /* server_hello_done has no fields, so nothing to do! */
+            if (ssl)
+              ssl->state |= SSL_SERVER_HELLO_DONE;
             break;
 
           case SSL_HND_CERT_VERIFY:
@@ -1700,11 +1672,6 @@ proto_register_dtls(void)
         FT_BYTES, BASE_NONE, NULL, 0x0,
         "Payload is encrypted application data", HFILL }
     },
-    { &hf_dtls_change_cipher_spec,
-      { "Change Cipher Spec Message", "dtls.change_cipher_spec",
-        FT_NONE, BASE_NONE, NULL, 0x0,
-        "Signals a change in cipher specifications", HFILL }
-    },
     { & hf_dtls_alert_message,
       { "Alert Message", "dtls.alert_message",
         FT_NONE, BASE_NONE, NULL, 0x0,
author	Peter Wu <peter@lekensteyn.nl>	2015-11-05 11:14:21 +0100
committer	Anders Broman <a.broman58@gmail.com>	2015-11-07 07:40:32 +0000
commit	e0cf8b6ccfdde4a256645979f39b2e46b92e963c (patch)
tree	48b3a63dd56db9311d835294178f3215ef465ae1 /epan/dissectors/packet-dtls.c
parent	f542ab8e8ef5919fd9c2d4bbbf05ae0d7dc7e9d1 (diff)
download	wireshark-e0cf8b6ccfdde4a256645979f39b2e46b92e963c.tar.gz