diff options
author | Dave Tapuska <dtapuska@google.com> | 2014-11-17 17:12:36 -0500 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2014-11-24 09:22:12 +0000 |
commit | 6dbb97da103731d0abbd4fdeeef16d7af4059fa3 (patch) | |
tree | 5d078c284b080c9d613e6af3c031fee78b30ecf6 /epan/dissectors/packet-ssl-utils.h | |
parent | eb93f3bdfb1c403bd500eff48ce5e6618680ecc2 (diff) | |
download | wireshark-6dbb97da103731d0abbd4fdeeef16d7af4059fa3.tar.gz |
SSL: Implement Extended Master Secret
Store all handshake mesages in a buffer so that we can hash them
correctly when generating the master secret.
This change does not work correctly for DTLS retransmitted packets; that
are in the handshake as they will be hashed twice; which is bad. Looking
for ideas to implement this.
Bug: 10686
Change-Id: Ied01d4cc37b4270f325070a8d1630d3123577a0d
Reviewed-on: https://code.wireshark.org/review/5168
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.h')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index c1fe868e42..4b7226f978 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -170,6 +170,7 @@ typedef enum { #define SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE 0x0013 #define SSL_HND_HELLO_EXT_SERVER_CERT_TYPE 0x0014 #define SSL_HND_HELLO_EXT_PADDING 0x0015 +#define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET_TYPE 0x0017 #define SSL_HND_HELLO_EXT_SESSION_TICKET 0x0023 #define SSL_HND_HELLO_EXT_RENEG_INFO 0xff01 #define SSL_HND_HELLO_EXT_NPN 0x3374 @@ -243,6 +244,10 @@ typedef struct _StringInfo { #define SSL_VERSION (1<<4) #define SSL_MASTER_SECRET (1<<5) #define SSL_PRE_MASTER_SECRET (1<<6) +#define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7) +#define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8) + +#define SSL_EXTENDED_MASTER_SECRET_MASK (SSL_CLIENT_EXTENDED_MASTER_SECRET|SSL_SERVER_EXTENDED_MASTER_SECRET) /* SSL Cipher Suite modes */ typedef enum { @@ -364,6 +369,7 @@ typedef struct _SslDecryptSession { StringInfo server_random; StringInfo client_random; StringInfo master_secret; + StringInfo handshake_data; /* the data store for this StringInfo must be allocated explicitly with a capture lifetime scope */ StringInfo pre_master_secret; guchar _server_data_for_iv[24]; @@ -598,6 +604,9 @@ ssl_is_valid_content_type(guint8 type); extern gboolean ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls); +extern void +ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, guint32 offset, guint32 length); + /* common header fields, subtrees and expert info for SSL and DTLS dissectors */ typedef struct ssl_common_dissect { struct { |