osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

TLS(1.3): Add Hello Retry Request (6) extension 

Add also special case on hello key_share extension

Ping-Bug: 12779
Change-Id: Ib8e2dd060f322c2404a8afa9b8cb70de7c2c65b7
Reviewed-on: https://code.wireshark.org/review/18093
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
Alexis La Goutte 2016-10-06 12:44:43 +02:00 committed by Michael Mann
parent 5b3dcb671f
commit 196c2b1284
4 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
epan/dissectors/packet-dtls.c
View File

@ -1291,6 +1291,11 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
dtls_master_key_map.tickets);
break;
case SSL_HND_HELLO_RETRY_REQUEST:
ssl_dissect_hnd_hello_retry_request(&dissect_dtls_hf, sub_tvb, pinfo, ssl_hand_tree,
0, length, session, ssl);
break;
case SSL_HND_CERTIFICATE:
ssl_dissect_hnd_cert(&dissect_dtls_hf, sub_tvb, ssl_hand_tree, 0,
pinfo, session, ssl, dtls_key_hash, is_from_server);

29
epan/dissectors/packet-ssl-utils.c
View File

@ -5518,6 +5518,10 @@ ssl_dissect_hnd_hello_ext_key_share(ssl_common_dissect_t *hf, tvbuff_t *tvb,
case SSL_HND_SERVER_HELLO:
offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, key_share_tree, offset, offset_end);
break;
case SSL_HND_HELLO_RETRY_REQUEST:
proto_tree_add_item(key_share_tree, hf->hf.hs_ext_key_share_selected_group, tvb, offset, 2, ENC_BIG_ENDIAN );
offset += 2;
break;
default: /* no default */
break;
}
@ -6015,6 +6019,7 @@ ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls)
case SSL_HND_CLIENT_HELLO:
case SSL_HND_SERVER_HELLO:
case SSL_HND_NEWSESSION_TICKET:
case SSL_HND_HELLO_RETRY_REQUEST:
case SSL_HND_CERTIFICATE:
case SSL_HND_SERVER_KEY_EXCHG:
case SSL_HND_CERT_REQUEST:
@ -6337,6 +6342,30 @@ ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb,
#endif
} /* }}} */
void
ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb,
packet_info* pinfo, proto_tree *tree, guint32 offset, guint32 length,
SslSession *session, SslDecryptSession *ssl)
{
/* struct {
* ProtocolVersion server_version;
* Extension extensions<2..2^16-1>;
* } HelloRetryRequest;
*/
guint16 start_offset = offset;
proto_tree_add_item(tree, hf->hf.hs_server_version, tvb,
offset, 2, ENC_BIG_ENDIAN);
offset += 2;
/* remaining data are extensions */
if (length > offset - start_offset) {
ssl_dissect_hnd_hello_ext(hf, tvb, tree, pinfo, offset,
length - (offset - start_offset), SSL_HND_HELLO_RETRY_REQUEST,
session, ssl);
}
}
/* Certificate and Certificate Request dissections. {{{ */
void
ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,

14
epan/dissectors/packet-ssl-utils.h
View File

@ -62,6 +62,7 @@ typedef enum {
SSL_HND_SERVER_HELLO = 2,
SSL_HND_HELLO_VERIFY_REQUEST = 3,
SSL_HND_NEWSESSION_TICKET = 4,
SSL_HND_HELLO_RETRY_REQUEST = 6,
SSL_HND_CERTIFICATE = 11,
SSL_HND_SERVER_KEY_EXCHG = 12,
SSL_HND_CERT_REQUEST = 13,
@ -672,6 +673,7 @@ typedef struct ssl_common_dissect {
gint hs_ext_key_share_group;
gint hs_ext_key_share_key_exchange_length;
gint hs_ext_key_share_key_exchange;
gint hs_ext_key_share_selected_group;
gint hs_ext_psk_identities_length;
gint hs_ext_psk_identity_ke_modes_length;
gint hs_ext_psk_identity_ke_mode;
@ -830,6 +832,11 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info*
SslSession *session, SslDecryptSession *ssl,
gboolean is_dtls);
extern void
ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo,
proto_tree *tree, guint32 offset, guint32 length,
SslSession *session, SslDecryptSession *ssl);
extern void
ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb,
proto_tree *tree, guint32 offset,
@ -881,7 +888,7 @@ ssl_common_dissect_t name = { \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
-1, -1, -1, \
-1, -1, -1, -1, \
}, \
/* ett */ { \
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
@ -1005,6 +1012,11 @@ ssl_common_dissect_t name = { \
FT_BYTES, BASE_NONE, NULL, 0x0, \
NULL, HFILL } \
}, \
{ & name .hf.hs_ext_key_share_selected_group, \
{ "Selected Group", prefix ".handshake.extensions_key_share_selected_group", \
FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \
NULL, HFILL } \
}, \
{ & name .hf.hs_ext_psk_identities_length, \
{ "Identities Length", prefix ".handshake.extensions.psk.identities.length", \
FT_UINT16, BASE_DEC, NULL, 0x0, \

5
epan/dissectors/packet-ssl.c
View File

@ -2055,6 +2055,11 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
ssl_master_key_map.tickets);
break;
case SSL_HND_HELLO_RETRY_REQUEST:
ssl_dissect_hnd_hello_retry_request(&dissect_ssl3_hf, tvb, pinfo, ssl_hand_tree,
offset, length, session, ssl);
break;
case SSL_HND_CERTIFICATE:
ssl_dissect_hnd_cert(&dissect_ssl3_hf, tvb, ssl_hand_tree,
offset, pinfo, session, ssl, ssl_key_hash, is_from_server);