From Peter Wu via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9144 [PATCH] Update TLS Ciphers

Add more TLS cipher suites (SEED, AES-GCM, ECC) - cipher suites from `RFC 5246 - TLS 1.2` - cipher suites 150-155 are taken from: RFC 4162 - SEED for TLS - cipher suites 156-167 are taken from: RFC 5288 - AES-GCM Cipher suites - cipher suites 49153-49177 are taken from: RFC 4492 - ECC for TLS - cipher suites 49195-49202 are taken from RFC 5289 - ECC with SHA256/384 and AES GCM svn path=/trunk/; revision=52049
2013-09-15 06:59:07 +00:00 · 2013-09-15 06:59:07 +00:00 · 219d17145f
parent 9ac2566d0a
commit 219d17145f
2 changed files with 53 additions and 1 deletions
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@ -1752,6 +1752,7 @@ static const gchar *ciphers[]={
    "AES256",
    "CAMELLIA128",
    "CAMELLIA256",
+    "SEED",
    "*UNKNOWN*"
 };

@ -1831,6 +1832,24 @@ static SslCipherSuite cipher_suites[]={
    {139,KEX_PSK,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},
    {140,KEX_PSK,SIG_RSA,ENC_AES,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},
    {141,KEX_PSK,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},
+    {150,KEX_RSA,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_SEED_CBC_SHA */
+    {151,KEX_DH,SIG_DSS,ENC_SEED,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_SEED_CBC_SHA */
+    {152,KEX_DH,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_SEED_CBC_SHA */
+    {153,KEX_DH,SIG_DSS,ENC_SEED,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */
+    {154,KEX_DH,SIG_RSA,ENC_SEED,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */
+    {155,KEX_DH,SIG_NONE,ENC_SEED,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_SEED_CBC_SHA */
+    {156,KEX_RSA,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_128_GCM_SHA256 */
+    {157,KEX_RSA,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_AES_256_GCM_SHA384 */
+    {158,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */
+    {159,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */
+    {160,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */
+    {161,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */
+    {162,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */
+    {163,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */
+    {164,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */
+    {165,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */
+    {166,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
+    {167,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
    {186,KEX_RSA,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
    {187,KEX_DH,SIG_DSS,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */
    {188,KEX_DH,SIG_RSA,ENC_CAMELLIA128,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */
@ -1843,7 +1862,31 @@ static SslCipherSuite cipher_suites[]={
    {195,KEX_DH,SIG_DSS,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */
    {196,KEX_DH,SIG_RSA,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */
    {197,KEX_DH,SIG_NONE,ENC_CAMELLIA256,16,256,256,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */
+    {49153,KEX_DH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
+    {49154,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
+    {49155,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */
+    {49156,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */
+    {49157,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */
+    {49158,KEX_DH,SIG_DSS,ENC_NULL,1,0,0,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
+    {49159,KEX_DH,SIG_DSS,ENC_RC4,1,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */
+    {49160,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */
+    {49161,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */
+    {49162,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */
+    {49163,KEX_DH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_RSA_WITH_NULL_SHA */
+    {49164,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
+    {49165,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */
+    {49166,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */
+    {49167,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */
+    {49168,KEX_DH,SIG_RSA,ENC_NULL,1,0,0,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDHE_RSA_WITH_NULL_SHA */
    {49169,KEX_DH,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},    /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
+    {49170,KEX_DH,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */
+    {49171,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */
+    {49172,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
+    {49173,KEX_DH,SIG_NONE,ENC_NULL,1,0,0,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_anon_WITH_NULL_SHA */
+    {49174,KEX_DH,SIG_NONE,ENC_RC4,1,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},   /* TLS_ECDH_anon_WITH_RC4_128_SHA */
+    {49175,KEX_DH,SIG_NONE,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
+    {49176,KEX_DH,SIG_NONE,ENC_AES,16,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
+    {49177,KEX_DH,SIG_NONE,ENC_AES256,16,256,256,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
    {49187,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */
    {49188,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */
    {49189,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */
@ -1852,6 +1895,14 @@ static SslCipherSuite cipher_suites[]={
    {49192,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */
    {49193,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */
    {49194,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */
+    {49195,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */
+    {49196,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */
+    {49197,KEX_DH,SIG_DSS,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */
+    {49198,KEX_DH,SIG_DSS,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */
+    {49199,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
+    {49200,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */
+    {49201,KEX_DH,SIG_RSA,ENC_AES,16,128,128,DIG_SHA256,32,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */
+    {49202,KEX_DH,SIG_RSA,ENC_AES256,16,256,256,DIG_SHA384,48,0, SSL_CIPHER_MODE_CBC},   /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */
    {-1, 0,0,0,0,0,0,0,0,0, 0}
 };

--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@ -280,7 +280,8 @@ typedef struct _SslDecoder {
 #define ENC_AES256      0x36
 #define ENC_CAMELLIA128 0x37
 #define ENC_CAMELLIA256 0x38
-#define ENC_NULL        0x39
+#define ENC_SEED        0x39
+#define ENC_NULL        0x3A

 #define DIG_MD5         0x40
 #define DIG_SHA         0x41