DTLS server key exchange misses sig and hash algorithm for TLS 1.2. Bug 9208 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9208)

1. Fix ECDH server key exchange for DTLS 1.2 2. Fix RSA server key exchange for DTLS 1.2 From Hauke Mehrtens svn path=/trunk/; revision=52595
2013-10-14 02:34:06 +00:00 · 2013-10-14 02:34:06 +00:00 · 20c163d070
parent 5320a5eddd
commit 20c163d070
1 changed files with 80 additions and 6 deletions
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@ -403,7 +403,8 @@ static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb,

 static void dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb,
                                          proto_tree *tree,
-                                          guint32 offset, guint32 length);
+                                          guint32 offset, guint32 length,
+                                          const guint *conv_version);

 static void dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb,
                                          proto_tree *tree,
@ -411,7 +412,8 @@ static void dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb,

 static void dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb,
                                          proto_tree *tree,
-                                          guint32 offset, guint32 length);
+                                          guint32 offset, guint32 length,
+                                          const guint *conv_version);

 static void dissect_dtls_hnd_srv_keyex_psk(tvbuff_t *tvb,
                                          proto_tree *tree,
@ -1466,10 +1468,10 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
                dissect_dtls_hnd_srv_keyex_dh(tvb, ssl_hand_tree, offset, length);
                break;
            case KEX_RSA:
-                dissect_dtls_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length);
+                dissect_dtls_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length, conv_version);
                break;
            case KEX_ECDH:
-                dissect_dtls_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length);
+                dissect_dtls_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length, conv_version);
                break;
            case KEX_RSA_PSK:
            case KEX_PSK:
@ -2313,14 +2315,18 @@ dissect_dtls_hnd_cert_req(tvbuff_t *tvb,

 static void
 dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
-                              guint32 offset, guint32 length)
+                              guint32 offset, guint32 length,
+                              const guint *conv_version)
 {
    gint        curve_type, curve_type_offset;
    gint        named_curve, named_curve_offset;
    gint        point_len, point_len_offset;
    gint        sig_len, sig_len_offset;
+    gint        sig_algo, sig_algo_offset;
    proto_item *ti_ecdh;
+    proto_item *ti_algo;
    proto_tree *ssl_ecdh_tree;
+    proto_tree *ssl_algo_tree;
    guint32     orig_offset;

    orig_offset = offset;
@ -2348,6 +2354,22 @@ dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
    }
    offset += 1 + point_len;

+    switch (*conv_version) {
+    case SSL_VER_DTLS1DOT2:
+        sig_algo_offset = offset;
+        sig_algo = tvb_get_ntohs(tvb, offset);
+        offset += 2;
+        if ((offset - orig_offset) > length) {
+            return;
+        }
+        break;
+
+    default:
+        sig_algo_offset = 0;
+        sig_algo = 0;
+        break;
+    }
+
    sig_len_offset = offset;
    sig_len = tvb_get_ntohs(tvb, offset);
    offset += 2 + sig_len;
@ -2374,6 +2396,22 @@ dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree,
    proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_point,
            tvb, point_len_offset+1, point_len, ENC_NA);

+    switch (*conv_version) {
+    case SSL_VER_DTLS1DOT2:
+        ti_algo = proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_sig_hash_alg,
+                                      tvb, offset, 2, sig_algo);
+        ssl_algo_tree = proto_item_add_subtree(ti_algo, ett_dtls_sig_hash_alg);
+
+        proto_tree_add_item(ssl_algo_tree, hf_dtls_handshake_sig_hash_hash,
+                            tvb, sig_algo_offset, 1, ENC_BIG_ENDIAN);
+        proto_tree_add_item(ssl_algo_tree, hf_dtls_handshake_sig_hash_sig,
+                            tvb, sig_algo_offset+1, 1, ENC_BIG_ENDIAN);
+        break;
+
+    default:
+        break;
+    }
+
    /* Sig */
    proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_sig_len,
        tvb, sig_len_offset, 2, sig_len);
@ -2458,13 +2496,17 @@ dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb, proto_tree *tree,
 /* Used in RSA PSK cipher suites */
 static void
 dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
-                              guint32 offset, guint32 length)
+                              guint32 offset, guint32 length,
+                              const guint *conv_version)
 {
    gint        modulus_len, modulus_len_offset;
    gint        exponent_len, exponent_len_offset;
    gint        sig_len, sig_len_offset;
+    gint        sig_algo, sig_algo_offset;
    proto_item *ti_rsa;
+    proto_item *ti_algo;
    proto_tree *ssl_rsa_tree;
+    proto_tree *ssl_algo_tree;
    guint32     orig_offset;

    orig_offset = offset;
@ -2483,6 +2525,22 @@ dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
        return;
    }

+    switch (*conv_version) {
+    case SSL_VER_DTLS1DOT2:
+        sig_algo_offset = offset;
+        sig_algo = tvb_get_ntohs(tvb, offset);
+        offset += 2;
+        if ((offset - orig_offset) > length) {
+            return;
+        }
+        break;
+
+    default:
+        sig_algo_offset = 0;
+        sig_algo = 0;
+        break;
+    }
+
    sig_len_offset = offset;
    sig_len = tvb_get_ntohs(tvb, offset);
    offset += 2 + sig_len;
@ -2507,6 +2565,22 @@ dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree,
    proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_exponent,
            tvb, exponent_len_offset + 2, exponent_len, ENC_NA);

+    switch (*conv_version) {
+    case SSL_VER_DTLS1DOT2:
+        ti_algo = proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_sig_hash_alg,
+                                      tvb, offset, 2, sig_algo);
+        ssl_algo_tree = proto_item_add_subtree(ti_algo, ett_dtls_sig_hash_alg);
+
+        proto_tree_add_item(ssl_algo_tree, hf_dtls_handshake_sig_hash_hash,
+                            tvb, sig_algo_offset, 1, ENC_BIG_ENDIAN);
+        proto_tree_add_item(ssl_algo_tree, hf_dtls_handshake_sig_hash_sig,
+                            tvb, sig_algo_offset+1, 1, ENC_BIG_ENDIAN);
+        break;
+
+    default:
+        break;
+    }
+
    /* Sig */
    proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_sig_len,
        tvb, sig_len_offset, 2, sig_len);