forked from osmocom/wireshark
from Authesserre Samuel
SSL updates and DTLS support svn path=/trunk/; revision=18582
This commit is contained in:
parent
f8ae861c94
commit
16d463dac6
5
AUTHORS
5
AUTHORS
|
@ -2486,6 +2486,11 @@ Thomas Dreibholz <dreibh [AT] exp-math.uni-essen.de> {
|
|||
RSerPol protocol stack
|
||||
}
|
||||
|
||||
Authesserre Samuel <sauthess [AT] gmail.com> {
|
||||
SSL decryption updates
|
||||
DTLS
|
||||
}
|
||||
|
||||
And assorted fixes and enhancements by the people listed above
|
||||
and by:
|
||||
|
||||
|
|
|
@ -270,6 +270,7 @@ DISSECTOR_SRC = \
|
|||
packet-dop.c \
|
||||
packet-dsi.c \
|
||||
packet-dsp.c \
|
||||
packet-dtls.c \
|
||||
packet-dtp.c \
|
||||
packet-dua.c \
|
||||
packet-dvmrp.c \
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -141,7 +141,33 @@ ssl_md5_cleanup(SSL_MD5_CTX* md)
|
|||
gcry_md_close(*(md));
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
ssl_cipher_setiv(gcry_cipher_hd_t *cipher,unsigned char* iv, int iv_len)
|
||||
{
|
||||
unsigned char * ivp;
|
||||
int ret=0;
|
||||
int i;
|
||||
gcry_cipher_hd_t c;
|
||||
c=(gcry_cipher_hd_t)*cipher;
|
||||
|
||||
ssl_debug_printf("--------------------------------------------------------------------");
|
||||
/*for(ivp=c->iv,i=0; i < iv_len; i++ )
|
||||
{
|
||||
ssl_debug_printf("%d ",ivp[i]);
|
||||
i++;
|
||||
}
|
||||
*/
|
||||
ssl_debug_printf("--------------------------------------------------------------------");
|
||||
ret = gcry_cipher_setiv(*(cipher), iv, iv_len);
|
||||
/*for(ivp=c->iv,i=0; i < iv_len; i++ )
|
||||
{
|
||||
ssl_debug_printf("%d ",ivp[i]);
|
||||
i++;
|
||||
}
|
||||
*/
|
||||
ssl_debug_printf("--------------------------------------------------------------------");
|
||||
return ret;
|
||||
}
|
||||
/* stream cipher abstraction layer*/
|
||||
static int
|
||||
ssl_cipher_init(gcry_cipher_hd_t *cipher, int algo, unsigned char* sk,
|
||||
|
@ -350,7 +376,7 @@ static const char *ciphers[]={
|
|||
"IDEA",
|
||||
"AES",
|
||||
"AES256",
|
||||
"*UNKNOWN*"
|
||||
"*UNKNOWN*"
|
||||
};
|
||||
|
||||
/* look in openssl/ssl/ssl_lib.c for a complete list of available cipersuite*/
|
||||
|
@ -900,7 +926,9 @@ tls_check_mac(SslDecoder*decoder, int ct,int ver, guint8* data,
|
|||
|
||||
/* hash sequence number */
|
||||
fmt_seq(decoder->seq,buf);
|
||||
|
||||
decoder->seq++;
|
||||
|
||||
ssl_hmac_update(&hm,buf,8);
|
||||
|
||||
/* hash content type */
|
||||
|
@ -984,17 +1012,62 @@ ssl3_check_mac(SslDecoder*decoder,int ct,guint8* data,
|
|||
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
||||
/*static int
|
||||
dtls_check_mac(SslDecoder*decoder, int ct,int ver, guint8* data,
|
||||
guint32 datalen, guint8* mac)
|
||||
{
|
||||
SSL_HMAC hm;
|
||||
int md;
|
||||
guint32 len;
|
||||
guint8 buf[20];
|
||||
guint32 netnum;
|
||||
md=ssl_get_digest_by_name(digests[decoder->cipher_suite->dig-0x40]);
|
||||
ssl_debug_printf("dtls_check_mac mac type:%s md %d\n",
|
||||
digests[decoder->cipher_suite->dig-0x40], md);
|
||||
|
||||
ssl_hmac_init(&hm,decoder->mac_key.data,decoder->mac_key.data_len,md);
|
||||
ssl_debug_printf("dtls_check_mac seq: %d epoch: %d\n",decoder->seq,decoder->epoch);
|
||||
/* hash sequence number *
|
||||
fmt_seq(decoder->seq,buf);
|
||||
buf[0]=decoder->epoch>>8;
|
||||
buf[1]=decoder->epoch;
|
||||
|
||||
ssl_hmac_update(&hm,buf,8);
|
||||
|
||||
/* hash content type *
|
||||
buf[0]=ct;
|
||||
ssl_hmac_update(&hm,buf,1);
|
||||
|
||||
/* hash version,data lenght and data*
|
||||
*((gint16*)buf) = g_htons(ver);
|
||||
ssl_hmac_update(&hm,buf,2);
|
||||
|
||||
*((gint16*)buf) = g_htons(datalen);
|
||||
ssl_hmac_update(&hm,buf,2);
|
||||
ssl_hmac_update(&hm,data,datalen);
|
||||
/* get digest and digest len*
|
||||
ssl_hmac_final(&hm,buf,&len);
|
||||
ssl_print_data("Mac", buf, len);
|
||||
if(memcmp(mac,buf,len))
|
||||
return -1;
|
||||
|
||||
ssl_hmac_cleanup(&hm);
|
||||
return(0);
|
||||
}*/
|
||||
|
||||
|
||||
int
|
||||
ssl_decrypt_record(SslDecryptSession*ssl,SslDecoder* decoder, int ct,
|
||||
const unsigned char* in, int inl,unsigned char*out,int* outl)
|
||||
{
|
||||
int pad, worklen;
|
||||
guint8 *mac;
|
||||
|
||||
|
||||
|
||||
ssl_debug_printf("ssl_decrypt_record ciphertext len %d\n", inl);
|
||||
ssl_print_data("Ciphertext",in, inl);
|
||||
|
||||
|
||||
/* First decrypt*/
|
||||
if ((pad = ssl_cipher_decrypt(&decoder->evp,out,*outl,in,inl))!= 0)
|
||||
ssl_debug_printf("ssl_decrypt_record: %s %s\n", gcry_strsource (pad),
|
||||
|
@ -1020,21 +1093,37 @@ ssl_decrypt_record(SslDecryptSession*ssl,SslDecoder* decoder, int ct,
|
|||
}
|
||||
mac=out+worklen;
|
||||
|
||||
/* if TLS 1.1 we use the transmitted IV and remove it after (to not modify dissector in others parts)*/
|
||||
if(ssl->version_netorder==TLSV1DOT1_VERSION){
|
||||
worklen=worklen-decoder->cipher_suite->block;
|
||||
memcpy(out,out+decoder->cipher_suite->block,worklen);
|
||||
}
|
||||
if(ssl->version_netorder==DTLSV1DOT0_VERSION){
|
||||
worklen=worklen-decoder->cipher_suite->block;
|
||||
memcpy(out,out+decoder->cipher_suite->block,worklen);
|
||||
}
|
||||
/* Now check the MAC */
|
||||
ssl_debug_printf("checking mac (len %d, version %X, ct %d seq %d)\n",
|
||||
worklen, ssl->version_netorder, ct, decoder->seq);
|
||||
if(ssl->version_netorder==0x300){
|
||||
if(ssl->version_netorder==SSLV3_VERSION){
|
||||
if(ssl3_check_mac(decoder,ct,out,worklen,mac) < 0) {
|
||||
ssl_debug_printf("ssl_decrypt_record: mac failed\n");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
else{
|
||||
else if(ssl->version_netorder==TLSV1_VERSION || ssl->version_netorder==TLSV1DOT1_VERSION){
|
||||
if(tls_check_mac(decoder,ct,ssl->version_netorder,out,worklen,mac)< 0) {
|
||||
ssl_debug_printf("ssl_decrypt_record: mac failed\n");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
else if(ssl->version_netorder==DTLSV1DOT0_VERSION){
|
||||
/* follow the openssl dtls errors the rigth test is : dtls_check_mac(decoder,ct,ssl->version_netorder,out,worklen,mac)< 0 */
|
||||
if(tls_check_mac(decoder,ct,TLSV1_VERSION,out,worklen,mac)< 0) {
|
||||
ssl_debug_printf("ssl_decrypt_record: mac failed\n");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
ssl_debug_printf("ssl_decrypt_record: mac ok\n");
|
||||
*outl = worklen;
|
||||
return(0);
|
||||
|
@ -1261,6 +1350,8 @@ ssl_session_init(SslDecryptSession* ssl_session)
|
|||
ssl_session->client_random.data = ssl_session->_client_random;
|
||||
ssl_session->server_random.data = ssl_session->_server_random;
|
||||
ssl_session->master_secret.data_len = 48;
|
||||
ssl_session->app_data_segment.data=NULL;
|
||||
ssl_session->app_data_segment.data_len=0;
|
||||
}
|
||||
|
||||
#ifdef SSL_DECRYPT_DEBUG
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
#include <gcrypt.h>
|
||||
#include <gnutls/x509.h>
|
||||
#include <gnutls/openssl.h>
|
||||
#include <epan/value_string.h>
|
||||
|
||||
/* #define SSL_FAST 1 */
|
||||
#define SSL_DECRYPT_DEBUG
|
||||
|
@ -50,6 +51,506 @@
|
|||
#define SSL_PRIVATE_KEY void
|
||||
#endif /* HAVE_LIBGNUTLS */
|
||||
|
||||
/* The TCP port to associate with by default */
|
||||
#define TCP_PORT_SSL 443
|
||||
#define TCP_PORT_SSL_LDAP 636
|
||||
#define TCP_PORT_SSL_IMAP 993
|
||||
#define TCP_PORT_SSL_POP 995
|
||||
|
||||
/* version state tables */
|
||||
#define SSL_VER_UNKNOWN 0
|
||||
#define SSL_VER_SSLv2 1
|
||||
#define SSL_VER_SSLv3 2
|
||||
#define SSL_VER_TLS 3
|
||||
#define SSL_VER_TLSv1DOT1 4
|
||||
#define SSL_VER_DTLS 5
|
||||
#define SSL_VER_PCT 6
|
||||
|
||||
/* corresponds to the #defines above */
|
||||
|
||||
static const gchar* ssl_version_short_names[] = {
|
||||
"SSL",
|
||||
"SSLv2",
|
||||
"SSLv3",
|
||||
"TLSv1",
|
||||
"TLSv1.1",
|
||||
"DTLSv1.0",
|
||||
"PCT"
|
||||
};
|
||||
|
||||
/* other defines */
|
||||
#define SSL_ID_CHG_CIPHER_SPEC 0x14
|
||||
#define SSL_ID_ALERT 0x15
|
||||
#define SSL_ID_HANDSHAKE 0x16
|
||||
#define SSL_ID_APP_DATA 0x17
|
||||
|
||||
#define SSL_HND_HELLO_REQUEST 0
|
||||
#define SSL_HND_CLIENT_HELLO 1
|
||||
#define SSL_HND_SERVER_HELLO 2
|
||||
#define SSL_HND_HELLO_VERIFY_REQUEST 3
|
||||
#define SSL_HND_CERTIFICATE 11
|
||||
#define SSL_HND_SERVER_KEY_EXCHG 12
|
||||
#define SSL_HND_CERT_REQUEST 13
|
||||
#define SSL_HND_SVR_HELLO_DONE 14
|
||||
#define SSL_HND_CERT_VERIFY 15
|
||||
#define SSL_HND_CLIENT_KEY_EXCHG 16
|
||||
#define SSL_HND_FINISHED 20
|
||||
|
||||
#define SSL2_HND_ERROR 0x00
|
||||
#define SSL2_HND_CLIENT_HELLO 0x01
|
||||
#define SSL2_HND_CLIENT_MASTER_KEY 0x02
|
||||
#define SSL2_HND_CLIENT_FINISHED 0x03
|
||||
#define SSL2_HND_SERVER_HELLO 0x04
|
||||
#define SSL2_HND_SERVER_VERIFY 0x05
|
||||
#define SSL2_HND_SERVER_FINISHED 0x06
|
||||
#define SSL2_HND_REQUEST_CERTIFICATE 0x07
|
||||
#define SSL2_HND_CLIENT_CERTIFICATE 0x08
|
||||
|
||||
#define PCT_VERSION_1 0x8001
|
||||
|
||||
#define PCT_MSG_CLIENT_HELLO 0x01
|
||||
#define PCT_MSG_SERVER_HELLO 0x02
|
||||
#define PCT_MSG_CLIENT_MASTER_KEY 0x03
|
||||
#define PCT_MSG_SERVER_VERIFY 0x04
|
||||
#define PCT_MSG_ERROR 0x05
|
||||
|
||||
#define PCT_CH_OFFSET_V1 0xa
|
||||
|
||||
#define PCT_CIPHER_DES 0x01
|
||||
#define PCT_CIPHER_IDEA 0x02
|
||||
#define PCT_CIPHER_RC2 0x03
|
||||
#define PCT_CIPHER_RC4 0x04
|
||||
#define PCT_CIPHER_DES_112 0x05
|
||||
#define PCT_CIPHER_DES_168 0x06
|
||||
|
||||
#define PCT_HASH_MD5 0x0001
|
||||
#define PCT_HASH_MD5_TRUNC_64 0x0002
|
||||
#define PCT_HASH_SHA 0x0003
|
||||
#define PCT_HASH_SHA_TRUNC_80 0x0004
|
||||
#define PCT_HASH_DES_DM 0x0005
|
||||
|
||||
#define PCT_CERT_NONE 0x00
|
||||
#define PCT_CERT_X509 0x01
|
||||
#define PCT_CERT_PKCS7 0x02
|
||||
|
||||
#define PCT_SIG_NONE 0x0000
|
||||
#define PCT_SIG_RSA_MD5 0x0001
|
||||
#define PCT_SIG_RSA_SHA 0x0002
|
||||
#define PCT_SIG_DSA_SHA 0x0003
|
||||
|
||||
#define PCT_EXCH_RSA_PKCS1 0x01
|
||||
#define PCT_EXCH_RSA_PKCS1_TOKEN_DES 0x02
|
||||
#define PCT_EXCH_RSA_PKCS1_TOKEN_DES3 0x03
|
||||
#define PCT_EXCH_RSA_PKCS1_TOKEN_RC2 0x04
|
||||
#define PCT_EXCH_RSA_PKCS1_TOKEN_RC4 0x05
|
||||
#define PCT_EXCH_DH_PKCS3 0x06
|
||||
#define PCT_EXCH_DH_PKCS3_TOKEN_DES 0x07
|
||||
#define PCT_EXCH_DH_PKCS3_TOKEN_DES3 0x08
|
||||
#define PCT_EXCH_FORTEZZA_TOKEN 0x09
|
||||
|
||||
#define PCT_ERR_BAD_CERTIFICATE 0x01
|
||||
#define PCT_ERR_CLIENT_AUTH_FAILED 0x02
|
||||
#define PCT_ERR_ILLEGAL_MESSAGE 0x03
|
||||
#define PCT_ERR_INTEGRITY_CHECK_FAILED 0x04
|
||||
#define PCT_ERR_SERVER_AUTH_FAILED 0x05
|
||||
#define PCT_ERR_SPECS_MISMATCH 0x06
|
||||
|
||||
/*
|
||||
* Lookup tables
|
||||
*
|
||||
*/
|
||||
static const value_string ssl_20_msg_types[] = {
|
||||
{ SSL2_HND_ERROR, "Error" },
|
||||
{ SSL2_HND_CLIENT_HELLO, "Client Hello" },
|
||||
{ SSL2_HND_CLIENT_MASTER_KEY, "Client Master Key" },
|
||||
{ SSL2_HND_CLIENT_FINISHED, "Client Finished" },
|
||||
{ SSL2_HND_SERVER_HELLO, "Server Hello" },
|
||||
{ SSL2_HND_SERVER_VERIFY, "Server Verify" },
|
||||
{ SSL2_HND_SERVER_FINISHED, "Server Finished" },
|
||||
{ SSL2_HND_REQUEST_CERTIFICATE, "Request Certificate" },
|
||||
{ SSL2_HND_CLIENT_CERTIFICATE, "Client Certificate" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string ssl_20_cipher_suites[] = {
|
||||
{ 0x010080, "SSL2_RC4_128_WITH_MD5" },
|
||||
{ 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" },
|
||||
{ 0x030080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
|
||||
{ 0x040080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
|
||||
{ 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" },
|
||||
{ 0x060040, "SSL2_DES_64_CBC_WITH_MD5" },
|
||||
{ 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" },
|
||||
{ 0x080080, "SSL2_RC4_64_WITH_MD5" },
|
||||
{ 0x000000, "TLS_NULL_WITH_NULL_NULL" },
|
||||
{ 0x000001, "TLS_RSA_WITH_NULL_MD5" },
|
||||
{ 0x000002, "TLS_RSA_WITH_NULL_SHA" },
|
||||
{ 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
|
||||
{ 0x000004, "TLS_RSA_WITH_RC4_128_MD5" },
|
||||
{ 0x000005, "TLS_RSA_WITH_RC4_128_SHA" },
|
||||
{ 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
|
||||
{ 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
|
||||
{ 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
|
||||
{ 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
|
||||
{ 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
|
||||
{ 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" },
|
||||
{ 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
|
||||
{ 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
|
||||
{ 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
|
||||
{ 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
|
||||
{ 0x00002f, "TLS_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000035, "TLS_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x00003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
|
||||
{ 0x000048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
|
||||
{ 0x000049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x00004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x00004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
|
||||
{ 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
|
||||
{ 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
|
||||
{ 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
|
||||
{ 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
|
||||
{ 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
|
||||
{ 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
|
||||
{ 0x000084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x000085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x000086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x000087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x000088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x000089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
/* these from http://www.mozilla.org/projects/
|
||||
security/pki/nss/ssl/fips-ssl-ciphersuites.html */
|
||||
{ 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
|
||||
{ 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
|
||||
/* Microsoft's old PCT protocol. These are from Eric Rescorla's
|
||||
book "SSL and TLS" */
|
||||
{ 0x8f8001, "PCT_SSL_COMPAT | PCT_VERSION_1" },
|
||||
{ 0x800003, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509_CHAIN" },
|
||||
{ 0x800001, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509" },
|
||||
{ 0x810001, "PCT_SSL_HASH_TYPE | PCT1_HASH_MD5" },
|
||||
{ 0x810003, "PCT_SSL_HASH_TYPE | PCT1_HASH_SHA" },
|
||||
{ 0x820001, "PCT_SSL_EXCH_TYPE | PCT1_EXCH_RSA_PKCS1" },
|
||||
{ 0x830004, "PCT_SSL_CIPHER_TYPE_1ST_HALF | PCT1_CIPHER_RC4" },
|
||||
{ 0x848040, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_128 | PCT1_MAC_BITS_128" },
|
||||
{ 0x842840, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_40 | PCT1_MAC_BITS_128" },
|
||||
/* note that ciphersuites of {0x00????} are TLS cipher suites in
|
||||
* a sslv2 client hello message; the ???? above is the two-byte
|
||||
* tls cipher suite id
|
||||
*/
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_20_certificate_type[] = {
|
||||
{ 0x00, "N/A" },
|
||||
{ 0x01, "X.509 Certificate" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string ssl_31_content_type[] = {
|
||||
{ 20, "Change Cipher Spec" },
|
||||
{ 21, "Alert" },
|
||||
{ 22, "Handshake" },
|
||||
{ 23, "Application Data" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_versions[] = {
|
||||
{ 0x0100, "DTLS 1.0" },
|
||||
{ 0x0302, "TLS 1.1" },
|
||||
{ 0x0301, "TLS 1.0" },
|
||||
{ 0x0300, "SSL 3.0" },
|
||||
{ 0x0002, "SSL 2.0" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
#if 0
|
||||
/* XXX - would be used if we dissected the body of a Change Cipher Spec
|
||||
message. */
|
||||
static const value_string ssl_31_change_cipher_spec[] = {
|
||||
{ 1, "Change Cipher Spec" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
#endif
|
||||
|
||||
static const value_string ssl_31_alert_level[] = {
|
||||
{ 1, "Warning" },
|
||||
{ 2, "Fatal" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_31_alert_description[] = {
|
||||
{ 0, "Close Notify" },
|
||||
{ 10, "Unexpected Message" },
|
||||
{ 20, "Bad Record MAC" },
|
||||
{ 21, "Decryption Failed" },
|
||||
{ 22, "Record Overflow" },
|
||||
{ 30, "Decompression Failure" },
|
||||
{ 40, "Handshake Failure" },
|
||||
{ 42, "Bad Certificate" },
|
||||
{ 43, "Unsupported Certificate" },
|
||||
{ 44, "Certificate Revoked" },
|
||||
{ 45, "Certificate Expired" },
|
||||
{ 46, "Certificate Unknown" },
|
||||
{ 47, "Illegal Parameter" },
|
||||
{ 48, "Unknown CA" },
|
||||
{ 49, "Access Denied" },
|
||||
{ 50, "Decode Error" },
|
||||
{ 51, "Decrypt Error" },
|
||||
{ 60, "Export Restriction" },
|
||||
{ 70, "Protocol Version" },
|
||||
{ 71, "Insufficient Security" },
|
||||
{ 80, "Internal Error" },
|
||||
{ 90, "User Canceled" },
|
||||
{ 100, "No Renegotiation" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_31_handshake_type[] = {
|
||||
{ SSL_HND_HELLO_REQUEST, "Hello Request" },
|
||||
{ SSL_HND_CLIENT_HELLO, "Client Hello" },
|
||||
{ SSL_HND_SERVER_HELLO, "Server Hello" },
|
||||
{ SSL_HND_HELLO_VERIFY_REQUEST, "Hello Verify Request"},
|
||||
{ SSL_HND_CERTIFICATE, "Certificate" },
|
||||
{ SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" },
|
||||
{ SSL_HND_CERT_REQUEST, "Certificate Request" },
|
||||
{ SSL_HND_SVR_HELLO_DONE, "Server Hello Done" },
|
||||
{ SSL_HND_CERT_VERIFY, "Certificate Verify" },
|
||||
{ SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" },
|
||||
{ SSL_HND_FINISHED, "Finished" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_31_compression_method[] = {
|
||||
{ 0, "null" },
|
||||
{ 1, "ZLIB" },
|
||||
{ 64, "LZS" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
#if 0
|
||||
/* XXX - would be used if we dissected a Signature, as would be
|
||||
seen in a server key exchange or certificate verify message. */
|
||||
static const value_string ssl_31_key_exchange_algorithm[] = {
|
||||
{ 0, "RSA" },
|
||||
{ 1, "Diffie Hellman" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_31_signature_algorithm[] = {
|
||||
{ 0, "Anonymous" },
|
||||
{ 1, "RSA" },
|
||||
{ 2, "DSA" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
#endif
|
||||
|
||||
static const value_string ssl_31_client_certificate_type[] = {
|
||||
{ 1, "RSA Sign" },
|
||||
{ 2, "DSS Sign" },
|
||||
{ 3, "RSA Fixed DH" },
|
||||
{ 4, "DSS Fixed DH" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
#if 0
|
||||
/* XXX - would be used if we dissected exchange keys, as would be
|
||||
seen in a client key exchange message. */
|
||||
static const value_string ssl_31_public_value_encoding[] = {
|
||||
{ 0, "Implicit" },
|
||||
{ 1, "Explicit" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
#endif
|
||||
|
||||
static const value_string ssl_31_ciphersuite[] = {
|
||||
{ 0x0000, "TLS_NULL_WITH_NULL_NULL" },
|
||||
{ 0x0001, "TLS_RSA_WITH_NULL_MD5" },
|
||||
{ 0x0002, "TLS_RSA_WITH_NULL_SHA" },
|
||||
{ 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
|
||||
{ 0x0004, "TLS_RSA_WITH_RC4_128_MD5" },
|
||||
{ 0x0005, "TLS_RSA_WITH_RC4_128_SHA" },
|
||||
{ 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
|
||||
{ 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
|
||||
{ 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
|
||||
{ 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
|
||||
{ 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
|
||||
{ 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" },
|
||||
{ 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
|
||||
{ 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
|
||||
{ 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
|
||||
{ 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
|
||||
{ 0x002f, "TLS_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
|
||||
{ 0x0048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
|
||||
{ 0x0049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
|
||||
{ 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
|
||||
{ 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
|
||||
{ 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
|
||||
{ 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
|
||||
{ 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
|
||||
{ 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
|
||||
{ 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
/* these from http://www.mozilla.org/projects/
|
||||
security/pki/nss/ssl/fips-ssl-ciphersuites.html */
|
||||
{ 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
|
||||
{ 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
|
||||
/* note that ciphersuites 0xff00 - 0xffff are private */
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string pct_msg_types[] = {
|
||||
{ PCT_MSG_CLIENT_HELLO, "Client Hello" },
|
||||
{ PCT_MSG_SERVER_HELLO, "Server Hello" },
|
||||
{ PCT_MSG_CLIENT_MASTER_KEY, "Client Master Key" },
|
||||
{ PCT_MSG_SERVER_VERIFY, "Server Verify" },
|
||||
{ PCT_MSG_ERROR, "Error" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string pct_cipher_type[] = {
|
||||
{ PCT_CIPHER_DES, "DES" },
|
||||
{ PCT_CIPHER_IDEA, "IDEA" },
|
||||
{ PCT_CIPHER_RC2, "RC2" },
|
||||
{ PCT_CIPHER_RC4, "RC4" },
|
||||
{ PCT_CIPHER_DES_112, "DES 112 bit" },
|
||||
{ PCT_CIPHER_DES_168, "DES 168 bit" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string pct_hash_type[] = {
|
||||
{ PCT_HASH_MD5, "MD5" },
|
||||
{ PCT_HASH_MD5_TRUNC_64, "MD5_TRUNC_64"},
|
||||
{ PCT_HASH_SHA, "SHA"},
|
||||
{ PCT_HASH_SHA_TRUNC_80, "SHA_TRUNC_80"},
|
||||
{ PCT_HASH_DES_DM, "DES_DM"},
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string pct_cert_type[] = {
|
||||
{ PCT_CERT_NONE, "None" },
|
||||
{ PCT_CERT_X509, "X.509" },
|
||||
{ PCT_CERT_PKCS7, "PKCS #7" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
static const value_string pct_sig_type[] = {
|
||||
{ PCT_SIG_NONE, "None" },
|
||||
{ PCT_SIG_RSA_MD5, "MD5" },
|
||||
{ PCT_SIG_RSA_SHA, "RSA SHA" },
|
||||
{ PCT_SIG_DSA_SHA, "DSA SHA" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string pct_exch_type[] = {
|
||||
{ PCT_EXCH_RSA_PKCS1, "RSA PKCS#1" },
|
||||
{ PCT_EXCH_RSA_PKCS1_TOKEN_DES, "RSA PKCS#1 Token DES" },
|
||||
{ PCT_EXCH_RSA_PKCS1_TOKEN_DES3, "RSA PKCS#1 Token 3DES" },
|
||||
{ PCT_EXCH_RSA_PKCS1_TOKEN_RC2, "RSA PKCS#1 Token RC-2" },
|
||||
{ PCT_EXCH_RSA_PKCS1_TOKEN_RC4, "RSA PKCS#1 Token RC-4" },
|
||||
{ PCT_EXCH_DH_PKCS3, "DH PKCS#3" },
|
||||
{ PCT_EXCH_DH_PKCS3_TOKEN_DES, "DH PKCS#3 Token DES" },
|
||||
{ PCT_EXCH_DH_PKCS3_TOKEN_DES3, "DH PKCS#3 Token 3DES" },
|
||||
{ PCT_EXCH_FORTEZZA_TOKEN, "Fortezza" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string pct_error_code[] = {
|
||||
{ PCT_ERR_BAD_CERTIFICATE, "PCT_ERR_BAD_CERTIFICATE" },
|
||||
{ PCT_ERR_CLIENT_AUTH_FAILED, "PCT_ERR_CLIENT_AUTH_FAILE" },
|
||||
{ PCT_ERR_ILLEGAL_MESSAGE, "PCT_ERR_ILLEGAL_MESSAGE" },
|
||||
{ PCT_ERR_INTEGRITY_CHECK_FAILED, "PCT_ERR_INTEGRITY_CHECK_FAILED" },
|
||||
{ PCT_ERR_SERVER_AUTH_FAILED, "PCT_ERR_SERVER_AUTH_FAILED" },
|
||||
{ PCT_ERR_SPECS_MISMATCH, "PCT_ERR_SPECS_MISMATCH" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
/* RFC 3546 */
|
||||
static const value_string tls_hello_extension_types[] = {
|
||||
{ 0, "server_name" },
|
||||
{ 1, "max_fragment_length" },
|
||||
{ 2, "client_certificate_url" },
|
||||
{ 3, "trusted_ca_keys" },
|
||||
{ 4, "truncated_hmac" },
|
||||
{ 5, "status_request" },
|
||||
{ 35, "EAP-FAST PAC-Opaque" /* draft-cam-winget-eap-fast-00.txt */ },
|
||||
{ 0, NULL }
|
||||
};
|
||||
|
||||
typedef struct _StringInfo {
|
||||
unsigned char* data;
|
||||
unsigned int data_len;
|
||||
|
@ -59,6 +560,8 @@ typedef struct _StringInfo {
|
|||
|
||||
#define SSLV3_VERSION 0x300
|
||||
#define TLSV1_VERSION 0x301
|
||||
#define TLSV1DOT1_VERSION 0x302
|
||||
#define DTLSV1DOT0_VERSION 0x100
|
||||
|
||||
#define SSL_CLIENT_RANDOM 1
|
||||
#define SSL_SERVER_RANDOM 2
|
||||
|
@ -92,6 +595,7 @@ typedef struct _SslDecoder {
|
|||
StringInfo mac_key;
|
||||
SSL_CIPHER_CTX evp;
|
||||
guint32 seq;
|
||||
guint16 epoch;
|
||||
} SslDecoder;
|
||||
|
||||
#define KEX_RSA 0x10
|
||||
|
@ -145,7 +649,8 @@ typedef struct _SslDecryptSession {
|
|||
SSL_PRIVATE_KEY* private_key;
|
||||
guint32 version;
|
||||
guint16 version_netorder;
|
||||
|
||||
StringInfo app_data_segment;
|
||||
|
||||
} SslDecryptSession;
|
||||
|
||||
/** Initialize decryption engine/ssl layer. To be called once per execution */
|
||||
|
|
|
@ -113,6 +113,7 @@
|
|||
|
||||
|
||||
static gboolean ssl_desegment = TRUE;
|
||||
static gboolean ssl_desegment_app_data = TRUE;
|
||||
|
||||
|
||||
/*********************************************************************
|
||||
|
@ -585,498 +586,137 @@ ssl_restore_session(SslDecryptSession* ssl)
|
|||
ssl->state |= SSL_MASTER_SECRET;
|
||||
ssl_debug_printf("ssl_restore_session master key retrived\n");
|
||||
}
|
||||
/* function that save app_data during sub protocol reassembling */
|
||||
static void
|
||||
ssl_add_app_data(SslDecryptSession* ssl, unsigned char* data, int data_len){
|
||||
StringInfo * app=&ssl->app_data_segment;
|
||||
if(app->data_len!=0){
|
||||
unsigned char* tmp=g_malloc(app->data_len);
|
||||
int tmp_len=app->data_len;
|
||||
memcpy(tmp,app->data,app->data_len);
|
||||
if(app->data!=NULL)
|
||||
g_free(app->data);
|
||||
app->data_len=0;
|
||||
app->data=g_malloc(tmp_len+data_len);
|
||||
app->data_len=tmp_len+data_len;
|
||||
memcpy(app->data,tmp,tmp_len);
|
||||
if(tmp!=NULL)
|
||||
g_free(tmp);
|
||||
memcpy(app->data+tmp_len, data,data_len);
|
||||
}
|
||||
else{
|
||||
//it's new
|
||||
if(app->data!=NULL)
|
||||
g_free(app->data);
|
||||
app->data=g_malloc(data_len);
|
||||
app->data_len=data_len;
|
||||
memcpy(app->data,data,data_len);
|
||||
}
|
||||
}
|
||||
|
||||
/* The TCP port to associate with by default */
|
||||
#define TCP_PORT_SSL 443
|
||||
#define TCP_PORT_SSL_LDAP 636
|
||||
#define TCP_PORT_SSL_IMAP 993
|
||||
#define TCP_PORT_SSL_POP 995
|
||||
static void
|
||||
ssl_desegment_ssl_app_data(SslDecryptSession * ssl, packet_info *pinfo){
|
||||
SslPacketInfo* pi;
|
||||
SslAssociation* association;
|
||||
SslPacketInfo* pi2;
|
||||
pi = p_get_proto_data(pinfo->fd, proto_ssl);
|
||||
if (pi && pi->app_data.data)
|
||||
{
|
||||
tvbuff_t* new_tvb;
|
||||
packet_info * pp;
|
||||
/* find out a dissector using server port*/
|
||||
association = ssl_association_find(pinfo->srcport);
|
||||
association = association ? association: ssl_association_find(pinfo->destport);
|
||||
/* create a copy of packet_info */
|
||||
pp=g_malloc(sizeof(packet_info));
|
||||
memcpy(pp, pinfo, sizeof(packet_info));
|
||||
|
||||
if (association && association->handle) {
|
||||
/* it's the first SS segmented packet */
|
||||
if(ssl->app_data_segment.data==NULL){
|
||||
/* create new tvbuff for the decrypted data */
|
||||
new_tvb = tvb_new_real_data(pi->app_data.data,
|
||||
pi->app_data.data_len, pi->app_data.data_len);
|
||||
tvb_set_free_cb(new_tvb, g_free);
|
||||
/* we allow subdissector to tell us more bytes */
|
||||
pp->can_desegment=2;
|
||||
/* subdissector call */
|
||||
call_dissector(association->handle, new_tvb, pp, NULL);
|
||||
/* if the dissector need more bytes */
|
||||
if(pp->desegment_len>0){
|
||||
/* we save the actual data to reuse them later */
|
||||
ssl_add_app_data(ssl, pi->app_data.data, pi->app_data.data_len);
|
||||
/* we remove data to forbid subdissection */
|
||||
if(pinfo->fd)
|
||||
{
|
||||
p_remove_proto_data(pinfo->fd, proto_ssl);
|
||||
}
|
||||
/* update of COL_INFO */
|
||||
if (check_col(pinfo->cinfo, COL_INFO)){
|
||||
col_append_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]");
|
||||
pinfo->cinfo->writable=FALSE;
|
||||
}
|
||||
return;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* it isn't the first SSL segmented packet */
|
||||
/* we add actual data to reuse them later */
|
||||
ssl_add_app_data(ssl, pi->app_data.data, pi->app_data.data_len);
|
||||
/* create new tvbuff for the decrypted data */
|
||||
new_tvb = tvb_new_real_data(ssl->app_data_segment.data,
|
||||
ssl->app_data_segment.data_len,
|
||||
ssl->app_data_segment.data_len);
|
||||
tvb_set_free_cb(new_tvb, g_free);
|
||||
/* we allow subdissector to tell us more bytes */
|
||||
pp->can_desegment=2;
|
||||
/* subdissector call */
|
||||
call_dissector(association->handle, new_tvb, pp, NULL);
|
||||
/* if the dissector need more bytes */
|
||||
if(pp->desegment_len>0){
|
||||
/* we remove data to forbid subdissection */
|
||||
if(pinfo->fd)
|
||||
{
|
||||
p_remove_proto_data(pinfo->fd, proto_ssl);
|
||||
}
|
||||
/* update of COL_INFO */
|
||||
if (check_col(pinfo->cinfo, COL_INFO)){
|
||||
col_append_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]");
|
||||
pinfo->cinfo->writable=FALSE;
|
||||
}
|
||||
return;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* we create SslPacketInfo to save data */
|
||||
pi2=g_malloc(sizeof(SslPacketInfo));
|
||||
pi2->app_data.data=g_malloc(ssl->app_data_segment.data_len);
|
||||
memcpy(pi2->app_data.data,ssl->app_data_segment.data,ssl->app_data_segment.data_len);
|
||||
pi2->app_data.data_len=ssl->app_data_segment.data_len;
|
||||
|
||||
/* version state tables */
|
||||
#define SSL_VER_UNKNOWN 0
|
||||
#define SSL_VER_SSLv2 1
|
||||
#define SSL_VER_SSLv3 2
|
||||
#define SSL_VER_TLS 3
|
||||
#define SSL_VER_PCT 4
|
||||
|
||||
/* corresponds to the #defines above */
|
||||
static const gchar* ssl_version_short_names[] = {
|
||||
"SSL",
|
||||
"SSLv2",
|
||||
"SSLv3",
|
||||
"TLS",
|
||||
"PCT"
|
||||
};
|
||||
|
||||
/* other defines */
|
||||
#define SSL_ID_CHG_CIPHER_SPEC 0x14
|
||||
#define SSL_ID_ALERT 0x15
|
||||
#define SSL_ID_HANDSHAKE 0x16
|
||||
#define SSL_ID_APP_DATA 0x17
|
||||
|
||||
#define SSL_HND_HELLO_REQUEST 0
|
||||
#define SSL_HND_CLIENT_HELLO 1
|
||||
#define SSL_HND_SERVER_HELLO 2
|
||||
#define SSL_HND_CERTIFICATE 11
|
||||
#define SSL_HND_SERVER_KEY_EXCHG 12
|
||||
#define SSL_HND_CERT_REQUEST 13
|
||||
#define SSL_HND_SVR_HELLO_DONE 14
|
||||
#define SSL_HND_CERT_VERIFY 15
|
||||
#define SSL_HND_CLIENT_KEY_EXCHG 16
|
||||
#define SSL_HND_FINISHED 20
|
||||
|
||||
#define SSL2_HND_ERROR 0x00
|
||||
#define SSL2_HND_CLIENT_HELLO 0x01
|
||||
#define SSL2_HND_CLIENT_MASTER_KEY 0x02
|
||||
#define SSL2_HND_CLIENT_FINISHED 0x03
|
||||
#define SSL2_HND_SERVER_HELLO 0x04
|
||||
#define SSL2_HND_SERVER_VERIFY 0x05
|
||||
#define SSL2_HND_SERVER_FINISHED 0x06
|
||||
#define SSL2_HND_REQUEST_CERTIFICATE 0x07
|
||||
#define SSL2_HND_CLIENT_CERTIFICATE 0x08
|
||||
|
||||
#define PCT_VERSION_1 0x8001
|
||||
|
||||
#define PCT_MSG_CLIENT_HELLO 0x01
|
||||
#define PCT_MSG_SERVER_HELLO 0x02
|
||||
#define PCT_MSG_CLIENT_MASTER_KEY 0x03
|
||||
#define PCT_MSG_SERVER_VERIFY 0x04
|
||||
#define PCT_MSG_ERROR 0x05
|
||||
|
||||
#define PCT_CH_OFFSET_V1 0xa
|
||||
|
||||
#define PCT_CIPHER_DES 0x01
|
||||
#define PCT_CIPHER_IDEA 0x02
|
||||
#define PCT_CIPHER_RC2 0x03
|
||||
#define PCT_CIPHER_RC4 0x04
|
||||
#define PCT_CIPHER_DES_112 0x05
|
||||
#define PCT_CIPHER_DES_168 0x06
|
||||
|
||||
#define PCT_HASH_MD5 0x0001
|
||||
#define PCT_HASH_MD5_TRUNC_64 0x0002
|
||||
#define PCT_HASH_SHA 0x0003
|
||||
#define PCT_HASH_SHA_TRUNC_80 0x0004
|
||||
#define PCT_HASH_DES_DM 0x0005
|
||||
|
||||
#define PCT_CERT_NONE 0x00
|
||||
#define PCT_CERT_X509 0x01
|
||||
#define PCT_CERT_PKCS7 0x02
|
||||
|
||||
#define PCT_SIG_NONE 0x0000
|
||||
#define PCT_SIG_RSA_MD5 0x0001
|
||||
#define PCT_SIG_RSA_SHA 0x0002
|
||||
#define PCT_SIG_DSA_SHA 0x0003
|
||||
|
||||
#define PCT_EXCH_RSA_PKCS1 0x01
|
||||
#define PCT_EXCH_RSA_PKCS1_TOKEN_DES 0x02
|
||||
#define PCT_EXCH_RSA_PKCS1_TOKEN_DES3 0x03
|
||||
#define PCT_EXCH_RSA_PKCS1_TOKEN_RC2 0x04
|
||||
#define PCT_EXCH_RSA_PKCS1_TOKEN_RC4 0x05
|
||||
#define PCT_EXCH_DH_PKCS3 0x06
|
||||
#define PCT_EXCH_DH_PKCS3_TOKEN_DES 0x07
|
||||
#define PCT_EXCH_DH_PKCS3_TOKEN_DES3 0x08
|
||||
#define PCT_EXCH_FORTEZZA_TOKEN 0x09
|
||||
|
||||
#define PCT_ERR_BAD_CERTIFICATE 0x01
|
||||
#define PCT_ERR_CLIENT_AUTH_FAILED 0x02
|
||||
#define PCT_ERR_ILLEGAL_MESSAGE 0x03
|
||||
#define PCT_ERR_INTEGRITY_CHECK_FAILED 0x04
|
||||
#define PCT_ERR_SERVER_AUTH_FAILED 0x05
|
||||
#define PCT_ERR_SPECS_MISMATCH 0x06
|
||||
|
||||
/*
|
||||
* Lookup tables
|
||||
*
|
||||
*/
|
||||
static const value_string ssl_20_msg_types[] = {
|
||||
{ SSL2_HND_ERROR, "Error" },
|
||||
{ SSL2_HND_CLIENT_HELLO, "Client Hello" },
|
||||
{ SSL2_HND_CLIENT_MASTER_KEY, "Client Master Key" },
|
||||
{ SSL2_HND_CLIENT_FINISHED, "Client Finished" },
|
||||
{ SSL2_HND_SERVER_HELLO, "Server Hello" },
|
||||
{ SSL2_HND_SERVER_VERIFY, "Server Verify" },
|
||||
{ SSL2_HND_SERVER_FINISHED, "Server Finished" },
|
||||
{ SSL2_HND_REQUEST_CERTIFICATE, "Request Certificate" },
|
||||
{ SSL2_HND_CLIENT_CERTIFICATE, "Client Certificate" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string ssl_20_cipher_suites[] = {
|
||||
{ 0x010080, "SSL2_RC4_128_WITH_MD5" },
|
||||
{ 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" },
|
||||
{ 0x030080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
|
||||
{ 0x040080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" },
|
||||
{ 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" },
|
||||
{ 0x060040, "SSL2_DES_64_CBC_WITH_MD5" },
|
||||
{ 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" },
|
||||
{ 0x080080, "SSL2_RC4_64_WITH_MD5" },
|
||||
{ 0x000000, "TLS_NULL_WITH_NULL_NULL" },
|
||||
{ 0x000001, "TLS_RSA_WITH_NULL_MD5" },
|
||||
{ 0x000002, "TLS_RSA_WITH_NULL_SHA" },
|
||||
{ 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
|
||||
{ 0x000004, "TLS_RSA_WITH_RC4_128_MD5" },
|
||||
{ 0x000005, "TLS_RSA_WITH_RC4_128_SHA" },
|
||||
{ 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
|
||||
{ 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
|
||||
{ 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
|
||||
{ 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
|
||||
{ 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
|
||||
{ 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" },
|
||||
{ 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
|
||||
{ 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
|
||||
{ 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
|
||||
{ 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
|
||||
{ 0x00002f, "TLS_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x000035, "TLS_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x00003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x000047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
|
||||
{ 0x000048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
|
||||
{ 0x000049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x00004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x00004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
|
||||
{ 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
|
||||
{ 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
|
||||
{ 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
|
||||
{ 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
|
||||
{ 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
|
||||
{ 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
|
||||
{ 0x000084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x000085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x000086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x000087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x000088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x000089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
/* these from http://www.mozilla.org/projects/
|
||||
security/pki/nss/ssl/fips-ssl-ciphersuites.html */
|
||||
{ 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
|
||||
{ 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
|
||||
/* Microsoft's old PCT protocol. These are from Eric Rescorla's
|
||||
book "SSL and TLS" */
|
||||
{ 0x8f8001, "PCT_SSL_COMPAT | PCT_VERSION_1" },
|
||||
{ 0x800003, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509_CHAIN" },
|
||||
{ 0x800001, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509" },
|
||||
{ 0x810001, "PCT_SSL_HASH_TYPE | PCT1_HASH_MD5" },
|
||||
{ 0x810003, "PCT_SSL_HASH_TYPE | PCT1_HASH_SHA" },
|
||||
{ 0x820001, "PCT_SSL_EXCH_TYPE | PCT1_EXCH_RSA_PKCS1" },
|
||||
{ 0x830004, "PCT_SSL_CIPHER_TYPE_1ST_HALF | PCT1_CIPHER_RC4" },
|
||||
{ 0x848040, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_128 | PCT1_MAC_BITS_128" },
|
||||
{ 0x842840, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_40 | PCT1_MAC_BITS_128" },
|
||||
/* note that ciphersuites of {0x00????} are TLS cipher suites in
|
||||
* a sslv2 client hello message; the ???? above is the two-byte
|
||||
* tls cipher suite id
|
||||
*/
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_20_certificate_type[] = {
|
||||
{ 0x00, "N/A" },
|
||||
{ 0x01, "X.509 Certificate" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string ssl_31_content_type[] = {
|
||||
{ 20, "Change Cipher Spec" },
|
||||
{ 21, "Alert" },
|
||||
{ 22, "Handshake" },
|
||||
{ 23, "Application Data" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_versions[] = {
|
||||
{ 0x0301, "TLS 1.0" },
|
||||
{ 0x0300, "SSL 3.0" },
|
||||
{ 0x0002, "SSL 2.0" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
#if 0
|
||||
/* XXX - would be used if we dissected the body of a Change Cipher Spec
|
||||
message. */
|
||||
static const value_string ssl_31_change_cipher_spec[] = {
|
||||
{ 1, "Change Cipher Spec" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
#endif
|
||||
|
||||
static const value_string ssl_31_alert_level[] = {
|
||||
{ 1, "Warning" },
|
||||
{ 2, "Fatal" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_31_alert_description[] = {
|
||||
{ 0, "Close Notify" },
|
||||
{ 10, "Unexpected Message" },
|
||||
{ 20, "Bad Record MAC" },
|
||||
{ 21, "Decryption Failed" },
|
||||
{ 22, "Record Overflow" },
|
||||
{ 30, "Decompression Failure" },
|
||||
{ 40, "Handshake Failure" },
|
||||
{ 42, "Bad Certificate" },
|
||||
{ 43, "Unsupported Certificate" },
|
||||
{ 44, "Certificate Revoked" },
|
||||
{ 45, "Certificate Expired" },
|
||||
{ 46, "Certificate Unknown" },
|
||||
{ 47, "Illegal Parameter" },
|
||||
{ 48, "Unknown CA" },
|
||||
{ 49, "Access Denied" },
|
||||
{ 50, "Decode Error" },
|
||||
{ 51, "Decrypt Error" },
|
||||
{ 60, "Export Restriction" },
|
||||
{ 70, "Protocol Version" },
|
||||
{ 71, "Insufficient Security" },
|
||||
{ 80, "Internal Error" },
|
||||
{ 90, "User Canceled" },
|
||||
{ 100, "No Renegotiation" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_31_handshake_type[] = {
|
||||
{ SSL_HND_HELLO_REQUEST, "Hello Request" },
|
||||
{ SSL_HND_CLIENT_HELLO, "Client Hello" },
|
||||
{ SSL_HND_SERVER_HELLO, "Server Hello" },
|
||||
{ SSL_HND_CERTIFICATE, "Certificate" },
|
||||
{ SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" },
|
||||
{ SSL_HND_CERT_REQUEST, "Certificate Request" },
|
||||
{ SSL_HND_SVR_HELLO_DONE, "Server Hello Done" },
|
||||
{ SSL_HND_CERT_VERIFY, "Certificate Verify" },
|
||||
{ SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" },
|
||||
{ SSL_HND_FINISHED, "Finished" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_31_compression_method[] = {
|
||||
{ 0, "null" },
|
||||
{ 1, "ZLIB" },
|
||||
{ 64, "LZS" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
#if 0
|
||||
/* XXX - would be used if we dissected a Signature, as would be
|
||||
seen in a server key exchange or certificate verify message. */
|
||||
static const value_string ssl_31_key_exchange_algorithm[] = {
|
||||
{ 0, "RSA" },
|
||||
{ 1, "Diffie Hellman" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string ssl_31_signature_algorithm[] = {
|
||||
{ 0, "Anonymous" },
|
||||
{ 1, "RSA" },
|
||||
{ 2, "DSA" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
#endif
|
||||
|
||||
static const value_string ssl_31_client_certificate_type[] = {
|
||||
{ 1, "RSA Sign" },
|
||||
{ 2, "DSS Sign" },
|
||||
{ 3, "RSA Fixed DH" },
|
||||
{ 4, "DSS Fixed DH" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
#if 0
|
||||
/* XXX - would be used if we dissected exchange keys, as would be
|
||||
seen in a client key exchange message. */
|
||||
static const value_string ssl_31_public_value_encoding[] = {
|
||||
{ 0, "Implicit" },
|
||||
{ 1, "Explicit" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
#endif
|
||||
|
||||
static const value_string ssl_31_ciphersuite[] = {
|
||||
{ 0x0000, "TLS_NULL_WITH_NULL_NULL" },
|
||||
{ 0x0001, "TLS_RSA_WITH_NULL_MD5" },
|
||||
{ 0x0002, "TLS_RSA_WITH_NULL_SHA" },
|
||||
{ 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" },
|
||||
{ 0x0004, "TLS_RSA_WITH_RC4_128_MD5" },
|
||||
{ 0x0005, "TLS_RSA_WITH_RC4_128_SHA" },
|
||||
{ 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" },
|
||||
{ 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" },
|
||||
{ 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" },
|
||||
{ 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" },
|
||||
{ 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" },
|
||||
{ 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" },
|
||||
{ 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" },
|
||||
{ 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" },
|
||||
{ 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" },
|
||||
{ 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" },
|
||||
{ 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" },
|
||||
{ 0x002f, "TLS_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" },
|
||||
{ 0x0047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" },
|
||||
{ 0x0048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" },
|
||||
{ 0x0049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" },
|
||||
{ 0x004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0x004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" },
|
||||
{ 0x004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" },
|
||||
{ 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" },
|
||||
{ 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" },
|
||||
{ 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" },
|
||||
{ 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" },
|
||||
{ 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" },
|
||||
{ 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" },
|
||||
{ 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" },
|
||||
{ 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
{ 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" },
|
||||
/* these from http://www.mozilla.org/projects/
|
||||
security/pki/nss/ssl/fips-ssl-ciphersuites.html */
|
||||
{ 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
|
||||
{ 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" },
|
||||
{ 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
|
||||
/* note that ciphersuites 0xff00 - 0xffff are private */
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
||||
static const value_string pct_msg_types[] = {
|
||||
{ PCT_MSG_CLIENT_HELLO, "Client Hello" },
|
||||
{ PCT_MSG_SERVER_HELLO, "Server Hello" },
|
||||
{ PCT_MSG_CLIENT_MASTER_KEY, "Client Master Key" },
|
||||
{ PCT_MSG_SERVER_VERIFY, "Server Verify" },
|
||||
{ PCT_MSG_ERROR, "Error" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string pct_cipher_type[] = {
|
||||
{ PCT_CIPHER_DES, "DES" },
|
||||
{ PCT_CIPHER_IDEA, "IDEA" },
|
||||
{ PCT_CIPHER_RC2, "RC2" },
|
||||
{ PCT_CIPHER_RC4, "RC4" },
|
||||
{ PCT_CIPHER_DES_112, "DES 112 bit" },
|
||||
{ PCT_CIPHER_DES_168, "DES 168 bit" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string pct_hash_type[] = {
|
||||
{ PCT_HASH_MD5, "MD5" },
|
||||
{ PCT_HASH_MD5_TRUNC_64, "MD5_TRUNC_64"},
|
||||
{ PCT_HASH_SHA, "SHA"},
|
||||
{ PCT_HASH_SHA_TRUNC_80, "SHA_TRUNC_80"},
|
||||
{ PCT_HASH_DES_DM, "DES_DM"},
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string pct_cert_type[] = {
|
||||
{ PCT_CERT_NONE, "None" },
|
||||
{ PCT_CERT_X509, "X.509" },
|
||||
{ PCT_CERT_PKCS7, "PKCS #7" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
static const value_string pct_sig_type[] = {
|
||||
{ PCT_SIG_NONE, "None" },
|
||||
{ PCT_SIG_RSA_MD5, "MD5" },
|
||||
{ PCT_SIG_RSA_SHA, "RSA SHA" },
|
||||
{ PCT_SIG_DSA_SHA, "DSA SHA" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string pct_exch_type[] = {
|
||||
{ PCT_EXCH_RSA_PKCS1, "RSA PKCS#1" },
|
||||
{ PCT_EXCH_RSA_PKCS1_TOKEN_DES, "RSA PKCS#1 Token DES" },
|
||||
{ PCT_EXCH_RSA_PKCS1_TOKEN_DES3, "RSA PKCS#1 Token 3DES" },
|
||||
{ PCT_EXCH_RSA_PKCS1_TOKEN_RC2, "RSA PKCS#1 Token RC-2" },
|
||||
{ PCT_EXCH_RSA_PKCS1_TOKEN_RC4, "RSA PKCS#1 Token RC-4" },
|
||||
{ PCT_EXCH_DH_PKCS3, "DH PKCS#3" },
|
||||
{ PCT_EXCH_DH_PKCS3_TOKEN_DES, "DH PKCS#3 Token DES" },
|
||||
{ PCT_EXCH_DH_PKCS3_TOKEN_DES3, "DH PKCS#3 Token 3DES" },
|
||||
{ PCT_EXCH_FORTEZZA_TOKEN, "Fortezza" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
static const value_string pct_error_code[] = {
|
||||
{ PCT_ERR_BAD_CERTIFICATE, "PCT_ERR_BAD_CERTIFICATE" },
|
||||
{ PCT_ERR_CLIENT_AUTH_FAILED, "PCT_ERR_CLIENT_AUTH_FAILE" },
|
||||
{ PCT_ERR_ILLEGAL_MESSAGE, "PCT_ERR_ILLEGAL_MESSAGE" },
|
||||
{ PCT_ERR_INTEGRITY_CHECK_FAILED, "PCT_ERR_INTEGRITY_CHECK_FAILED" },
|
||||
{ PCT_ERR_SERVER_AUTH_FAILED, "PCT_ERR_SERVER_AUTH_FAILED" },
|
||||
{ PCT_ERR_SPECS_MISMATCH, "PCT_ERR_SPECS_MISMATCH" },
|
||||
{ 0x00, NULL },
|
||||
};
|
||||
|
||||
/* RFC 3546 */
|
||||
static const value_string tls_hello_extension_types[] = {
|
||||
{ 0, "server_name" },
|
||||
{ 1, "max_fragment_length" },
|
||||
{ 2, "client_certificate_url" },
|
||||
{ 3, "trusted_ca_keys" },
|
||||
{ 4, "truncated_hmac" },
|
||||
{ 5, "status_request" },
|
||||
{ 35, "EAP-FAST PAC-Opaque" /* draft-cam-winget-eap-fast-00.txt */ },
|
||||
{ 0, NULL }
|
||||
};
|
||||
/* we remove data if it's useful */
|
||||
if(pinfo->fd)
|
||||
{
|
||||
p_remove_proto_data(pinfo->fd, proto_ssl);
|
||||
}
|
||||
/* we add reassembled subprotocol data */
|
||||
p_add_proto_data(pinfo->fd, proto_ssl, pi2);
|
||||
/* we delete saved app_data */
|
||||
if(ssl->app_data_segment.data)
|
||||
g_free(ssl->app_data_segment.data);
|
||||
ssl->app_data_segment.data=NULL;
|
||||
ssl->app_data_segment.data_len=0;
|
||||
}
|
||||
}
|
||||
/* we delete pp structure */
|
||||
g_free(pp);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
/*********************************************************************
|
||||
*
|
||||
* Forward Declarations
|
||||
|
@ -1286,8 +926,8 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
* (to keep cipher syncronized)and only if we have
|
||||
* the server private key*/
|
||||
if (!ssl_session->private_key || pinfo->fd->flags.visited)
|
||||
ssl_session = NULL;
|
||||
|
||||
ssl_session = NULL;
|
||||
|
||||
/* Initialize the protocol column; we'll set it later when we
|
||||
* figure out what flavor of SSL it is (assuming we don't
|
||||
* throw an exception before we get the chance to do so). */
|
||||
|
@ -1309,7 +949,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
* packets.
|
||||
*
|
||||
* Handling the single ssl record across multiple packets
|
||||
* may be possible using wireshark conversations, but
|
||||
* may be possible using ethereal conversations, but
|
||||
* probably not cleanly. May have to wait for tcp stream
|
||||
* reassembly.
|
||||
*/
|
||||
|
@ -1320,7 +960,6 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|||
ti = proto_tree_add_item(tree, proto_ssl, tvb, 0, -1, FALSE);
|
||||
ssl_tree = proto_item_add_subtree(ti, ett_ssl);
|
||||
}
|
||||
|
||||
/* iterate through the records in this tvbuff */
|
||||
while (tvb_reported_length_remaining(tvb, offset) != 0)
|
||||
{
|
||||
|
@ -1552,7 +1191,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|||
|
||||
available_bytes = tvb_length_remaining(tvb, offset);
|
||||
|
||||
/*
|
||||
/*
|
||||
* Can we do reassembly?
|
||||
*/
|
||||
if (ssl_desegment && pinfo->can_desegment) {
|
||||
|
@ -1665,7 +1304,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|||
if (*conv_version == SSL_VER_UNKNOWN
|
||||
&& ssl_is_authoritative_version_message(content_type, next_byte))
|
||||
{
|
||||
if (version == 0x0300)
|
||||
if (version == SSLV3_VERSION)
|
||||
{
|
||||
*conv_version = SSL_VER_SSLv3;
|
||||
if (ssl) {
|
||||
|
@ -1674,7 +1313,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|||
}
|
||||
/*ssl_set_conv_version(pinfo, ssl->version);*/
|
||||
}
|
||||
else if (version == 0x0301)
|
||||
else if (version == TLSV1_VERSION)
|
||||
{
|
||||
|
||||
*conv_version = SSL_VER_TLS;
|
||||
|
@ -1684,24 +1323,21 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|||
}
|
||||
/*ssl_set_conv_version(pinfo, ssl->version);*/
|
||||
}
|
||||
else if (version == TLSV1DOT1_VERSION)
|
||||
{
|
||||
|
||||
*conv_version = SSL_VER_TLSv1DOT1;
|
||||
if (ssl) {
|
||||
ssl->version_netorder = version;
|
||||
ssl->state |= SSL_VERSION;
|
||||
}
|
||||
/*ssl_set_conv_version(pinfo, ssl->version);*/
|
||||
}
|
||||
}
|
||||
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
||||
{
|
||||
if (version == 0x0300)
|
||||
{
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL,
|
||||
ssl_version_short_names[SSL_VER_SSLv3]);
|
||||
}
|
||||
else if (version == 0x0301)
|
||||
{
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL,
|
||||
ssl_version_short_names[SSL_VER_TLS]);
|
||||
}
|
||||
else
|
||||
{
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL,
|
||||
ssl_version_short_names[*conv_version]);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1721,12 +1357,23 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|||
ssl_debug_printf("dissect_ssl3_change_cipher_spec\n");
|
||||
break;
|
||||
case SSL_ID_ALERT:
|
||||
if (ssl)
|
||||
decrypt_ssl3_record(tvb, pinfo, offset,
|
||||
record_length, content_type, ssl, FALSE);
|
||||
dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
|
||||
conv_version);
|
||||
{
|
||||
tvbuff_t* decrypted=0;
|
||||
if (ssl&&decrypt_ssl3_record(tvb, pinfo, offset,
|
||||
record_length, content_type, ssl, FALSE))
|
||||
ssl_add_record_info(pinfo, ssl_decrypted_data.data,
|
||||
ssl_decrypted_data_avail, offset);
|
||||
|
||||
/* try to retrive and use decrypted alert record, if any. */
|
||||
decrypted = ssl_get_record_info(pinfo, offset);
|
||||
if (decrypted)
|
||||
dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0,
|
||||
conv_version);
|
||||
else
|
||||
dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset,
|
||||
conv_version);
|
||||
break;
|
||||
}
|
||||
case SSL_ID_HANDSHAKE:
|
||||
{
|
||||
tvbuff_t* decrypted=0;
|
||||
|
@ -1750,14 +1397,20 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|||
break;
|
||||
}
|
||||
case SSL_ID_APP_DATA:
|
||||
if (ssl)
|
||||
decrypt_ssl3_record(tvb, pinfo, offset,
|
||||
record_length, content_type, ssl, TRUE);
|
||||
if (ssl){
|
||||
decrypt_ssl3_record(tvb, pinfo, offset,
|
||||
record_length, content_type, ssl, TRUE);
|
||||
/* if application data desegmentation is allowed */
|
||||
if(ssl_desegment_app_data)
|
||||
ssl_desegment_ssl_app_data(ssl,pinfo);
|
||||
|
||||
}
|
||||
|
||||
|
||||
/* show on info colum what we are decoding */
|
||||
if (check_col(pinfo->cinfo, COL_INFO))
|
||||
col_append_str(pinfo->cinfo, COL_INFO, "Application Data");
|
||||
|
||||
|
||||
if (!ssl_record_tree)
|
||||
break;
|
||||
|
||||
|
@ -1786,21 +1439,24 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo,
|
|||
/* create new tvbuff for the decrypted data */
|
||||
new_tvb = tvb_new_real_data(pi->app_data.data,
|
||||
pi->app_data.data_len, pi->app_data.data_len);
|
||||
tvb_set_free_cb(new_tvb, g_free);
|
||||
/* tvb_set_child_real_data_tvbuff(tvb, new_tvb); */
|
||||
|
||||
|
||||
/* add this tvb as a child to the original one */
|
||||
tvb_set_child_real_data_tvbuff(tvb, new_tvb);
|
||||
|
||||
/* add desegmented data to the data source list */
|
||||
add_new_data_source(pinfo, new_tvb, "Decrypted SSL data");
|
||||
|
||||
/* find out a dissector using server port*/
|
||||
if (association && association->handle) {
|
||||
ssl_debug_printf("dissect_ssl3_record found association %p\n", association);
|
||||
ssl_print_text_data("decrypted app data",pi->app_data.data,
|
||||
pi->app_data.data_len);
|
||||
|
||||
call_dissector(association->handle, new_tvb, pinfo, ssl_record_tree);
|
||||
call_dissector(association->handle, new_tvb, pinfo, ssl_record_tree);
|
||||
}
|
||||
/* add raw decrypted data only if a decoder is not found*/
|
||||
else
|
||||
proto_tree_add_string(ssl_record_tree, hf_ssl_record_appdata_decrypted, tvb,
|
||||
offset, pi->app_data.data_len, (char*) pi->app_data.data);
|
||||
offset, pi->app_data.data_len, (char*) pi->app_data.data);
|
||||
}
|
||||
else {
|
||||
tvb_ensure_bytes_exist(tvb, offset, record_length);
|
||||
|
@ -2097,7 +1753,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|||
/* get encrypted data, on tls1 we have to skip two bytes
|
||||
* (it's the encrypted len and should be equal to record len - 2)
|
||||
*/
|
||||
if (ssl->version == SSL_VER_TLS)
|
||||
if (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1)
|
||||
{
|
||||
encrlen = tvb_get_ntohs(tvb, offset);
|
||||
skip = 2;
|
||||
|
@ -2661,6 +2317,7 @@ dissect_ssl3_hnd_finished(tvbuff_t *tvb,
|
|||
|
||||
switch(*conv_version) {
|
||||
case SSL_VER_TLS:
|
||||
case SSL_VER_TLSv1DOT1:
|
||||
proto_tree_add_item(tree, hf_ssl_handshake_finished,
|
||||
tvb, offset, 12, FALSE);
|
||||
break;
|
||||
|
@ -3804,7 +3461,7 @@ ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset)
|
|||
|
||||
/* now check to see if the version byte appears valid */
|
||||
version = tvb_get_ntohs(tvb, offset + 1);
|
||||
if (version != 0x0300 && version != 0x0301)
|
||||
if (version != SSLV3_VERSION && version != TLSV1_VERSION && version != TLSV1DOT1_VERSION)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
@ -3947,7 +3604,7 @@ ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, guint32 offset,
|
|||
|
||||
/*********************************************************************
|
||||
*
|
||||
* Standard Wireshark Protocol Registration and housekeeping
|
||||
* Standard Ethereal Protocol Registration and housekeeping
|
||||
*
|
||||
*********************************************************************/
|
||||
void
|
||||
|
@ -4364,6 +4021,11 @@ proto_register_ssl(void)
|
|||
"Whether the SSL dissector should reassemble SSL records spanning multiple TCP segments. "
|
||||
"To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
|
||||
&ssl_desegment);
|
||||
prefs_register_bool_preference(ssl_module,
|
||||
"desegment_ssl_application_data",
|
||||
"Reassemble SSL Application Data spanning multiple SSL records",
|
||||
"Whether the SSL dissector should reassemble SSL Application Data spanning multiple SSL records. ",
|
||||
&ssl_desegment_app_data);
|
||||
prefs_register_string_preference(ssl_module, "keys_list", "RSA keys list",
|
||||
"comma separated list of private RSA keys used for SSL decryption; "
|
||||
"each list entry must be in the form of <ip>:<port>:<key_file_name>"
|
||||
|
@ -4401,3 +4063,4 @@ proto_reg_handoff_ssl(void)
|
|||
/* add now dissector to default ports.*/
|
||||
ssl_parse();
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue