diff options
author | Peter Wu <peter@lekensteyn.nl> | 2017-01-30 05:28:21 +0100 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2017-01-31 14:55:37 +0000 |
commit | cf4f44e7a5453010cecfe8ad094f4482a0191c0e (patch) | |
tree | 498891f82f02ba5787f16bd1724419d51a30e759 /epan | |
parent | 69ee6ec3d8e33c860d0c9e16bcfa4401ce506d8e (diff) | |
download | wireshark-cf4f44e7a5453010cecfe8ad094f4482a0191c0e.tar.gz |
TLS13: add Encrypted Extensions
See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.3.1
Change-Id: I35e049d991be4c242ef2b84db3a322c6a13d2f96
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/19860
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan')
-rw-r--r-- | epan/dissectors/packet-dtls.c | 1 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 18 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 9 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl.c | 7 |
4 files changed, 34 insertions, 1 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index a90c8e0432..0f526fa179 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -1339,6 +1339,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, case SSL_HND_CERT_STATUS: case SSL_HND_SUPPLEMENTAL_DATA: case SSL_HND_ENCRYPTED_EXTS: + case SSL_HND_ENCRYPTED_EXTENSIONS: /* TLS 1.3 */ /* TODO: does this need further dissection? */ break; } diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 58c2dd7acb..adefd3ca29 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -553,6 +553,8 @@ const value_string ssl_31_handshake_type[] = { { SSL_HND_SERVER_HELLO, "Server Hello" }, { SSL_HND_HELLO_VERIFY_REQUEST, "Hello Verify Request"}, { SSL_HND_NEWSESSION_TICKET, "New Session Ticket" }, + { SSL_HND_HELLO_RETRY_REQUEST, "Hello Retry Request" }, + { SSL_HND_ENCRYPTED_EXTENSIONS, "Encrypted Extensions" }, { SSL_HND_CERTIFICATE, "Certificate" }, { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" }, { SSL_HND_CERT_REQUEST, "Certificate Request" }, @@ -6469,6 +6471,7 @@ ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls) case SSL_HND_SERVER_HELLO: case SSL_HND_NEWSESSION_TICKET: case SSL_HND_HELLO_RETRY_REQUEST: + case SSL_HND_ENCRYPTED_EXTENSIONS: case SSL_HND_CERTIFICATE: case SSL_HND_SERVER_KEY_EXCHG: case SSL_HND_CERT_REQUEST: @@ -6820,6 +6823,21 @@ ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, } } +void +ssl_dissect_hnd_encrypted_extensions(ssl_common_dissect_t *hf, tvbuff_t *tvb, + packet_info* pinfo, proto_tree *tree, guint32 offset, guint32 length, + SslSession *session, SslDecryptSession *ssl, + gboolean is_dtls) +{ + /* struct { + * Extension extensions<0..2^16-1>; + * } EncryptedExtensions; + */ + ssl_dissect_hnd_hello_ext(hf, tvb, tree, pinfo, offset, + length, SSL_HND_ENCRYPTED_EXTENSIONS, + session, ssl, is_dtls); +} + /* Certificate and Certificate Request dissections. {{{ */ void ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 67c09766ce..091c3f1c0f 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -63,6 +63,7 @@ typedef enum { SSL_HND_HELLO_VERIFY_REQUEST = 3, SSL_HND_NEWSESSION_TICKET = 4, SSL_HND_HELLO_RETRY_REQUEST = 6, + SSL_HND_ENCRYPTED_EXTENSIONS = 8, SSL_HND_CERTIFICATE = 11, SSL_HND_SERVER_KEY_EXCHG = 12, SSL_HND_CERT_REQUEST = 13, @@ -74,7 +75,7 @@ typedef enum { SSL_HND_CERT_STATUS = 22, SSL_HND_SUPPLEMENTAL_DATA = 23, /* Encrypted Extensions was NextProtocol in draft-agl-tls-nextprotoneg-03 - * and changed in draft 04 */ + * and changed in draft 04. Not to be confused with TLS 1.3 EE. */ SSL_HND_ENCRYPTED_EXTS = 67 } HandshakeType; @@ -865,6 +866,12 @@ ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, pac gboolean is_dtls); extern void +ssl_dissect_hnd_encrypted_extensions(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo, + proto_tree *tree, guint32 offset, guint32 length, + SslSession *session, SslDecryptSession *ssl, + gboolean is_dtls); + +extern void ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset, SslDecryptSession *ssl, diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 7e9bd5376f..9e3946cd4a 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -2098,6 +2098,13 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, offset, length, session, ssl, FALSE); break; + case SSL_HND_ENCRYPTED_EXTENSIONS: + /* XXX expert info if used with non-TLS 1.3? */ + ssl_dissect_hnd_encrypted_extensions(&dissect_ssl3_hf, tvb, pinfo, ssl_hand_tree, + offset, length, session, ssl, FALSE); + + break; + case SSL_HND_CERTIFICATE: ssl_dissect_hnd_cert(&dissect_ssl3_hf, tvb, ssl_hand_tree, offset, pinfo, session, ssl, ssl_key_hash, is_from_server); |