osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

DTLS: add support for use_srtp extension (RFC 5764) 

Decryption support will be added later. Tested with
dtls-srtp-ws-sip.pcapng from the linked bug.

Change-Id: Ida1a2da754ef9aef16ad15ff64455b6f8e703ffd
Ping-Bug: 13193
Reviewed-on: https://code.wireshark.org/review/18996
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This commit is contained in:
Peter Wu 2016-11-30 21:43:09 +01:00 committed by Alexis La Goutte
parent f96e9d067b
commit 89bc07c5d5
5 changed files with 114 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
epan/dissectors/packet-dtls.c
View File

@ -78,6 +78,17 @@ static proto_tree *top_tree;
*
*********************************************************************/
/* https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */
static const value_string srtp_protection_profile_vals[] = {
{ 0x0001, "SRTP_AES128_CM_HMAC_SHA1_80" }, /* RFC 5764 */
{ 0x0002, "SRTP_AES128_CM_HMAC_SHA1_32" },
{ 0x0005, "SRTP_NULL_HMAC_SHA1_80" },
{ 0x0006, "SRTP_NULL_HMAC_SHA1_32" },
{ 0x0007, "SRTP_AEAD_AES_128_GCM" }, /* RFC 7714 */
{ 0x0008, "SRTP_AEAD_AES_256_GCM" },
{ 0x00, NULL },
};
/* Initialize the protocol and registered fields */
static gint dtls_tap = -1;
static gint exported_pdu_tap = -1;
@ -116,6 +127,11 @@ static gint hf_dtls_fragment_count = -1;
static gint hf_dtls_reassembled_in = -1;
static gint hf_dtls_reassembled_length = -1;
static gint hf_dtls_hs_ext_use_srtp_protection_profiles_length = -1;
static gint hf_dtls_hs_ext_use_srtp_protection_profile = -1;
static gint hf_dtls_hs_ext_use_srtp_mki_length = -1;
static gint hf_dtls_hs_ext_use_srtp_mki = -1;
/* header fields used in ssl-utils, but defined here. */
static dtls_hfs_t dtls_hfs = { -1, -1 };
@ -1298,7 +1314,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
case SSL_HND_HELLO_RETRY_REQUEST:
ssl_dissect_hnd_hello_retry_request(&dissect_dtls_hf, sub_tvb, pinfo, ssl_hand_tree,
0, length, session, ssl);
0, length, session, ssl, TRUE);
break;
case SSL_HND_CERTIFICATE:
@ -1478,6 +1494,59 @@ dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree,
return offset;
}
gint
dtls_dissect_hnd_hello_ext_use_srtp(tvbuff_t *tvb, proto_tree *tree,
guint32 offset, guint32 ext_len)
{
/* From https://tools.ietf.org/html/rfc5764#section-4.1.1
*
* uint8 SRTPProtectionProfile[2];
*
* struct {
* SRTPProtectionProfiles SRTPProtectionProfiles;
* opaque srtp_mki<0..255>;
* } UseSRTPData;
*
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
*/
guint32 profiles_length, profiles_end, mki_length;
if (ext_len < 2) {
/* XXX expert info, record too small */
return offset + ext_len;
}
/* SRTPProtectionProfiles list length */
proto_tree_add_item_ret_uint(tree, hf_dtls_hs_ext_use_srtp_protection_profiles_length,
tvb, offset, 2, ENC_BIG_ENDIAN, &profiles_length);
if (profiles_length > ext_len - 2) {
/* XXX expert info because length exceeds extension_data field */
profiles_length = ext_len - 2;
}
offset += 2;
/* SRTPProtectionProfiles list items */
profiles_end = offset + profiles_length;
while (offset < profiles_end) {
proto_tree_add_item(tree, hf_dtls_hs_ext_use_srtp_protection_profile,
tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
}
/* MKI */
proto_tree_add_item_ret_uint(tree, hf_dtls_hs_ext_use_srtp_mki_length,
tvb, offset, 1, ENC_NA, &mki_length);
offset++;
if (mki_length > 0) {
proto_tree_add_item(tree, hf_dtls_hs_ext_use_srtp_mki,
tvb, offset, mki_length, ENC_NA);
offset += mki_length;
}
return offset;
}
/*********************************************************************
*
* Support Functions
@ -1754,6 +1823,22 @@ proto_register_dtls(void)
{ "Reassembled DTLS length", "dtls.reassembled.length",
FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL }
},
{ &hf_dtls_hs_ext_use_srtp_protection_profiles_length,
{ "SRTP Protection Profiles Length", "dtls.use_srtp.protection_profiles_length",
FT_UINT16, BASE_DEC, NULL, 0x00, NULL, HFILL }
},
{ &hf_dtls_hs_ext_use_srtp_protection_profile,
{ "SRTP Protection Profile", "dtls.use_srtp.protection_profile",
FT_UINT16, BASE_HEX, VALS(srtp_protection_profile_vals), 0x00, NULL, HFILL }
},
{ &hf_dtls_hs_ext_use_srtp_mki_length,
{ "MKI Length", "dtls.use_srtp.mki_length",
FT_UINT8, BASE_DEC, NULL, 0x00, NULL, HFILL }
},
{ &hf_dtls_hs_ext_use_srtp_mki,
{ "MKI", "dtls.use_srtp.mki",
FT_BYTES, BASE_NONE, NULL, 0x00, NULL, HFILL }
},
SSL_COMMON_HF_LIST(dissect_dtls_hf, "dtls")
};

7
epan/dissectors/packet-dtls.h
View File

@ -29,4 +29,11 @@
WS_DLL_PUBLIC void dtls_dissector_add(guint port, dissector_handle_t handle);
WS_DLL_PUBLIC void dtls_dissector_delete(guint port, dissector_handle_t handle);
/* Shared with packet-ssl-utils.c */
gint
dtls_dissect_hnd_hello_ext_use_srtp(tvbuff_t *tvb, proto_tree *tree,
guint32 offset, guint32 ext_len);
#endif /* __PACKET_DTLS_H__ */

24
epan/dissectors/packet-ssl-utils.c
View File

@ -53,6 +53,7 @@
#include "packet-x509if.h"
#include "packet-ssl-utils.h"
#include "packet-ssl.h"
#include "packet-dtls.h"
#if defined(HAVE_LIBGNUTLS) && defined(HAVE_LIBGCRYPT)
#include <gnutls/abstract.h>
#endif
@ -6128,7 +6129,8 @@ ssl_try_set_version(SslSession *session, SslDecryptSession *ssl,
static gint
ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
packet_info* pinfo, guint32 offset, guint32 left, guint8 hnd_type,
SslSession *session, SslDecryptSession *ssl);
SslSession *session, SslDecryptSession *ssl,
gboolean is_dtls);
void
ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
packet_info *pinfo, proto_tree *tree, guint32 offset,
@ -6243,7 +6245,7 @@ ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
if (length > offset - start_offset) {
ssl_dissect_hnd_hello_ext(hf, tvb, tree, pinfo, offset,
length - (offset - start_offset), SSL_HND_CLIENT_HELLO,
session, ssl);
session, ssl, dtls_hfs != NULL);
}
}
@ -6327,7 +6329,7 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb,
if (length > offset - start_offset) {
ssl_dissect_hnd_hello_ext(hf, tvb, tree, pinfo, offset,
length - (offset - start_offset), SSL_HND_SERVER_HELLO,
session, ssl);
session, ssl, is_dtls);
}
}
/* Client Hello and Server Hello dissections. }}} */
@ -6384,7 +6386,8 @@ ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb,
void
ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb,
packet_info* pinfo, proto_tree *tree, guint32 offset, guint32 length,
SslSession *session, SslDecryptSession *ssl)
SslSession *session, SslDecryptSession *ssl,
gboolean is_dtls)
{
/* struct {
* ProtocolVersion server_version;
@ -6401,7 +6404,7 @@ ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb,
if (length > offset - start_offset) {
ssl_dissect_hnd_hello_ext(hf, tvb, tree, pinfo, offset,
length - (offset - start_offset), SSL_HND_HELLO_RETRY_REQUEST,
session, ssl);
session, ssl, is_dtls);
}
}
@ -6768,7 +6771,8 @@ ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tr
static gint
ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
packet_info* pinfo, guint32 offset, guint32 left, guint8 hnd_type,
SslSession *session, SslDecryptSession *ssl)
SslSession *session, SslDecryptSession *ssl,
gboolean is_dtls)
{
guint16 extension_length;
guint16 ext_type;
@ -6856,6 +6860,14 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t
case SSL_HND_HELLO_EXT_SERVER_NAME:
offset = ssl_dissect_hnd_hello_ext_server_name(hf, tvb, ext_tree, offset, ext_len);
break;
case SSL_HND_HELLO_EXT_USE_SRTP:
if (is_dtls) {
offset = dtls_dissect_hnd_hello_ext_use_srtp(tvb, ext_tree, offset, ext_len);
} else {
// XXX expert info: This extension MUST only be used with DTLS, and not with TLS.
offset += ext_len;
}
break;
case SSL_HND_HELLO_EXT_HEARTBEAT:
proto_tree_add_item(ext_tree, hf->hf.hs_ext_heartbeat_mode,
tvb, offset, 1, ENC_BIG_ENDIAN);

3
epan/dissectors/packet-ssl-utils.h
View File

@ -842,7 +842,8 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info*
extern void
ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo,
proto_tree *tree, guint32 offset, guint32 length,
SslSession *session, SslDecryptSession *ssl);
SslSession *session, SslDecryptSession *ssl,
gboolean is_dtls);
extern void
ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb,

2
epan/dissectors/packet-ssl.c
View File

@ -2061,7 +2061,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
case SSL_HND_HELLO_RETRY_REQUEST:
ssl_dissect_hnd_hello_retry_request(&dissect_ssl3_hf, tvb, pinfo, ssl_hand_tree,
offset, length, session, ssl);
offset, length, session, ssl, FALSE);
break;
case SSL_HND_CERTIFICATE: