forked from osmocom/wireshark
TLS13: add Key Update dissection
Actual decryption support will be added later. Ping-Bug: 12779 Change-Id: I3ff1f243fd0bd1467e84d8a6a5433c1fe71bbebf Reviewed-on: https://code.wireshark.org/review/20012 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit is contained in:
parent
746bbe7abf
commit
eb1a63f3bc
|
@ -1334,6 +1334,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|||
case SSL_HND_CERT_URL:
|
||||
case SSL_HND_CERT_STATUS:
|
||||
case SSL_HND_SUPPLEMENTAL_DATA:
|
||||
case SSL_HND_KEY_UPDATE:
|
||||
case SSL_HND_ENCRYPTED_EXTS:
|
||||
case SSL_HND_ENCRYPTED_EXTENSIONS: /* TLS 1.3 */
|
||||
/* TODO: does this need further dissection? */
|
||||
|
|
|
@ -569,6 +569,7 @@ const value_string ssl_31_handshake_type[] = {
|
|||
{ SSL_HND_CERT_URL, "Client Certificate URL" },
|
||||
{ SSL_HND_CERT_STATUS, "Certificate Status" },
|
||||
{ SSL_HND_SUPPLEMENTAL_DATA, "Supplemental Data" },
|
||||
{ SSL_HND_KEY_UPDATE, "Key Update" },
|
||||
{ SSL_HND_ENCRYPTED_EXTS, "Encrypted Extensions" },
|
||||
{ 0x00, NULL }
|
||||
};
|
||||
|
@ -1205,6 +1206,12 @@ const value_string tls_hello_ext_psk_ke_mode[] = {
|
|||
{ 0, NULL }
|
||||
};
|
||||
|
||||
const value_string tls13_key_update_request[] = {
|
||||
{ 0, "update_not_requested" },
|
||||
{ 1, "update_requested" },
|
||||
{ 0, NULL }
|
||||
};
|
||||
|
||||
/* RFC 5246 7.4.1.4.1 */
|
||||
const value_string tls_hash_algorithm[] = {
|
||||
{ 0, "None" },
|
||||
|
@ -6630,6 +6637,7 @@ ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls)
|
|||
case SSL_HND_CERT_URL:
|
||||
case SSL_HND_CERT_STATUS:
|
||||
case SSL_HND_SUPPLEMENTAL_DATA:
|
||||
case SSL_HND_KEY_UPDATE:
|
||||
case SSL_HND_ENCRYPTED_EXTS:
|
||||
return TRUE;
|
||||
}
|
||||
|
@ -8063,6 +8071,22 @@ ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb,
|
|||
}
|
||||
/* Client Key Exchange and Server Key Exchange handshake dissections. }}} */
|
||||
|
||||
void
|
||||
tls13_dissect_hnd_key_update(ssl_common_dissect_t *hf, tvbuff_t *tvb,
|
||||
proto_tree *tree, guint32 offset)
|
||||
{
|
||||
/* https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.5.3
|
||||
* enum {
|
||||
* update_not_requested(0), update_requested(1), (255)
|
||||
* } KeyUpdateRequest;
|
||||
*
|
||||
* struct {
|
||||
* KeyUpdateRequest request_update;
|
||||
* } KeyUpdate;
|
||||
*/
|
||||
proto_tree_add_item(tree, hf->hf.hs_key_update_request_update, tvb, offset, 1, ENC_NA);
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBGCRYPT
|
||||
void
|
||||
ssl_common_register_options(module_t *module, ssl_common_options_t *options)
|
||||
|
|
|
@ -74,6 +74,7 @@ typedef enum {
|
|||
SSL_HND_CERT_URL = 21,
|
||||
SSL_HND_CERT_STATUS = 22,
|
||||
SSL_HND_SUPPLEMENTAL_DATA = 23,
|
||||
SSL_HND_KEY_UPDATE = 24,
|
||||
/* Encrypted Extensions was NextProtocol in draft-agl-tls-nextprotoneg-03
|
||||
* and changed in draft 04. Not to be confused with TLS 1.3 EE. */
|
||||
SSL_HND_ENCRYPTED_EXTS = 67
|
||||
|
@ -224,6 +225,7 @@ extern const value_string ssl_extension_ec_point_formats[];
|
|||
extern const value_string ssl_curve_types[];
|
||||
extern const value_string tls_hello_ext_server_name_type_vs[];
|
||||
extern const value_string tls_hello_ext_psk_ke_mode[];
|
||||
extern const value_string tls13_key_update_request[];
|
||||
|
||||
/* XXX Should we use GByteArray instead? */
|
||||
typedef struct _StringInfo {
|
||||
|
@ -782,8 +784,9 @@ typedef struct ssl_common_dissect {
|
|||
gint hs_ext_draft_version_tls13;
|
||||
gint hs_ext_psk_ke_modes_len;
|
||||
gint hs_ext_psk_ke_mode;
|
||||
gint hs_certificate_request_context;
|
||||
gint hs_certificate_request_context_length;
|
||||
gint hs_certificate_request_context;
|
||||
gint hs_key_update_request_update;
|
||||
|
||||
/* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_HF_LIST! */
|
||||
} hf;
|
||||
|
@ -952,6 +955,10 @@ ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb,
|
|||
proto_tree *tree, guint32 offset, guint32 length,
|
||||
const SslSession *session);
|
||||
|
||||
extern void
|
||||
tls13_dissect_hnd_key_update(ssl_common_dissect_t *hf, tvbuff_t *tvb,
|
||||
proto_tree *tree, guint32 offset);
|
||||
|
||||
/* {{{ */
|
||||
#define SSL_COMMON_LIST_T(name) \
|
||||
ssl_common_dissect_t name = { \
|
||||
|
@ -963,7 +970,7 @@ ssl_common_dissect_t name = { \
|
|||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||
}, \
|
||||
/* ett */ { \
|
||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||
|
@ -1588,6 +1595,11 @@ ssl_common_dissect_t name = { \
|
|||
{ "Certificate Request Context", prefix ".handshake.certificate_request_context", \
|
||||
FT_BYTES, BASE_NONE, NULL, 0x0, \
|
||||
"Value from CertificateRequest or empty for server auth", HFILL } \
|
||||
}, \
|
||||
{ & name .hf.hs_key_update_request_update, \
|
||||
{ "Key Update Request", prefix ".handshake.key_update.request_update", \
|
||||
FT_UINT8, BASE_DEC, VALS(tls13_key_update_request), 0x00, \
|
||||
"Whether the receiver should also update its keys", HFILL } \
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
|
|
|
@ -2188,6 +2188,10 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|||
/* TODO: dissect this? */
|
||||
break;
|
||||
|
||||
case SSL_HND_KEY_UPDATE:
|
||||
tls13_dissect_hnd_key_update(&dissect_ssl3_hf, tvb, tree, offset);
|
||||
break;
|
||||
|
||||
case SSL_HND_ENCRYPTED_EXTS:
|
||||
dissect_ssl3_hnd_encrypted_exts(tvb, ssl_hand_tree, offset);
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue