ssl-utils: update supported_groups extension
Update references, rename the old "elliptic_curves" name to "supported_groups". Fix a wrong field name (EC Point Format now has its own hf). Add length validation for "elliptic_curve_list". Change-Id: I554ebb259ba7561b48dfe1cc9162a0b3b3bcdba4 Reviewed-on: https://code.wireshark.org/review/20007 Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit is contained in:
parent
a77b690929
commit
b29582966e
|
@ -423,6 +423,10 @@ static const value_string ssl_20_cipher_suites[] = {
|
||||||
value_string_ext ssl_20_cipher_suites_ext = VALUE_STRING_EXT_INIT(ssl_20_cipher_suites);
|
value_string_ext ssl_20_cipher_suites_ext = VALUE_STRING_EXT_INIT(ssl_20_cipher_suites);
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Supported Groups (formerly named "EC Named Curve").
|
||||||
|
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
|
||||||
|
*/
|
||||||
const value_string ssl_extension_curves[] = {
|
const value_string ssl_extension_curves[] = {
|
||||||
{ 1, "sect163k1" },
|
{ 1, "sect163k1" },
|
||||||
{ 2, "sect163r1" },
|
{ 2, "sect163r1" },
|
||||||
|
@ -454,11 +458,11 @@ const value_string ssl_extension_curves[] = {
|
||||||
{ 28, "brainpoolP512r1" }, /* RFC 7027 */
|
{ 28, "brainpoolP512r1" }, /* RFC 7027 */
|
||||||
{ 29, "ecdh_x25519" }, /* https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis */
|
{ 29, "ecdh_x25519" }, /* https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis */
|
||||||
{ 30, "ecdh_x448" }, /* https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis */
|
{ 30, "ecdh_x448" }, /* https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis */
|
||||||
{ 256, "ffdhe2048" }, /* https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe */
|
{ 256, "ffdhe2048" }, /* RFC 7919 */
|
||||||
{ 257, "ffdhe3072" }, /* https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe */
|
{ 257, "ffdhe3072" }, /* RFC 7919 */
|
||||||
{ 258, "ffdhe4096" }, /* https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe */
|
{ 258, "ffdhe4096" }, /* RFC 7919 */
|
||||||
{ 259, "ffdhe6144" }, /* https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe */
|
{ 259, "ffdhe6144" }, /* RFC 7919 */
|
||||||
{ 260, "ffdhe8192" }, /* https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe */
|
{ 260, "ffdhe8192" }, /* RFC 7919 */
|
||||||
{ 0xFF01, "arbitrary_explicit_prime_curves" },
|
{ 0xFF01, "arbitrary_explicit_prime_curves" },
|
||||||
{ 0xFF02, "arbitrary_explicit_char2_curves" },
|
{ 0xFF02, "arbitrary_explicit_char2_curves" },
|
||||||
{ 0x00, NULL }
|
{ 0x00, NULL }
|
||||||
|
@ -1156,7 +1160,7 @@ const value_string tls_hello_extension_types[] = {
|
||||||
{ SSL_HND_HELLO_EXT_CLIENT_AUTHZ, "client_authz" }, /* RFC 5878 */
|
{ SSL_HND_HELLO_EXT_CLIENT_AUTHZ, "client_authz" }, /* RFC 5878 */
|
||||||
{ SSL_HND_HELLO_EXT_SERVER_AUTHZ, "server_authz" }, /* RFC 5878 */
|
{ SSL_HND_HELLO_EXT_SERVER_AUTHZ, "server_authz" }, /* RFC 5878 */
|
||||||
{ SSL_HND_HELLO_EXT_CERT_TYPE, "cert_type" }, /* RFC 6091 */
|
{ SSL_HND_HELLO_EXT_CERT_TYPE, "cert_type" }, /* RFC 6091 */
|
||||||
{ SSL_HND_HELLO_EXT_SUPPORTED_GROUPS, "elliptic_curves" }, /* RFC 4492 */
|
{ SSL_HND_HELLO_EXT_SUPPORTED_GROUPS, "supported_groups" }, /* RFC 4492, RFC 7919 */
|
||||||
{ SSL_HND_HELLO_EXT_EC_POINT_FORMATS, "ec_point_formats" }, /* RFC 4492 */
|
{ SSL_HND_HELLO_EXT_EC_POINT_FORMATS, "ec_point_formats" }, /* RFC 4492 */
|
||||||
{ SSL_HND_HELLO_EXT_SRP, "srp" }, /* RFC 5054 */
|
{ SSL_HND_HELLO_EXT_SRP, "srp" }, /* RFC 5054 */
|
||||||
{ SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS, "signature_algorithms" }, /* RFC 5246 */
|
{ SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS, "signature_algorithms" }, /* RFC 5246 */
|
||||||
|
@ -6514,35 +6518,48 @@ ssl_dissect_hnd_hello_ext_status_request_v2(ssl_common_dissect_t *hf, tvbuff_t *
|
||||||
return offset;
|
return offset;
|
||||||
}
|
}
|
||||||
|
|
||||||
static gint
|
static guint
|
||||||
ssl_dissect_hnd_hello_ext_elliptic_curves(ssl_common_dissect_t *hf, tvbuff_t *tvb,
|
ssl_dissect_hnd_hello_ext_supported_groups(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo,
|
||||||
proto_tree *tree, guint32 offset)
|
proto_tree *tree, guint32 offset, guint32 offset_end)
|
||||||
{
|
{
|
||||||
guint16 curves_length;
|
/* https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.4
|
||||||
proto_tree *curves_tree;
|
* enum { ..., (0xFFFF) } NamedGroup;
|
||||||
|
* struct {
|
||||||
|
* NamedGroup named_group_list<2..2^16-1>
|
||||||
|
* } NamedGroupList;
|
||||||
|
*
|
||||||
|
* NOTE: "NamedCurve" (RFC 4492) is renamed to "NamedGroup" (RFC 7919) and
|
||||||
|
* the extension itself from "elliptic_curves" to "supported_groups".
|
||||||
|
*/
|
||||||
|
guint32 groups_length, next_offset;
|
||||||
|
proto_tree *groups_tree;
|
||||||
proto_item *ti;
|
proto_item *ti;
|
||||||
|
|
||||||
curves_length = tvb_get_ntohs(tvb, offset);
|
/* NamedGroup named_group_list<2..2^16-1> */
|
||||||
proto_tree_add_item(tree, hf->hf.hs_ext_elliptic_curves_len,
|
if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &groups_length,
|
||||||
tvb, offset, 2, ENC_BIG_ENDIAN);
|
hf->hf.hs_ext_supported_groups_len, 2, G_MAXUINT16)) {
|
||||||
|
return offset_end;
|
||||||
|
}
|
||||||
offset += 2;
|
offset += 2;
|
||||||
|
next_offset = offset + groups_length;
|
||||||
|
|
||||||
ti = proto_tree_add_none_format(tree,
|
ti = proto_tree_add_none_format(tree,
|
||||||
hf->hf.hs_ext_elliptic_curves,
|
hf->hf.hs_ext_supported_groups,
|
||||||
tvb, offset, curves_length,
|
tvb, offset, groups_length,
|
||||||
"Elliptic curves (%d curve%s)",
|
"Supported Groups (%d group%s)",
|
||||||
curves_length / 2,
|
groups_length / 2,
|
||||||
plurality(curves_length/2, "", "s"));
|
plurality(groups_length/2, "", "s"));
|
||||||
|
|
||||||
/* make this a subtree */
|
/* make this a subtree */
|
||||||
curves_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_curves);
|
groups_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_groups);
|
||||||
|
|
||||||
/* loop over all curves */
|
/* loop over all groups */
|
||||||
while (curves_length > 0)
|
while (offset + 2 <= offset_end) {
|
||||||
{
|
proto_tree_add_item(groups_tree, hf->hf.hs_ext_supported_group, tvb, offset, 2, ENC_BIG_ENDIAN);
|
||||||
proto_tree_add_item(curves_tree, hf->hf.hs_ext_elliptic_curve, tvb, offset, 2, ENC_BIG_ENDIAN);
|
|
||||||
offset += 2;
|
offset += 2;
|
||||||
curves_length -= 2;
|
}
|
||||||
|
if (!ssl_end_vector(hf, tvb, pinfo, groups_tree, offset, next_offset)) {
|
||||||
|
offset = next_offset;
|
||||||
}
|
}
|
||||||
|
|
||||||
return offset;
|
return offset;
|
||||||
|
@ -6562,7 +6579,7 @@ ssl_dissect_hnd_hello_ext_ec_point_formats(ssl_common_dissect_t *hf, tvbuff_t *t
|
||||||
|
|
||||||
offset += 1;
|
offset += 1;
|
||||||
ti = proto_tree_add_none_format(tree,
|
ti = proto_tree_add_none_format(tree,
|
||||||
hf->hf.hs_ext_elliptic_curves,
|
hf->hf.hs_ext_ec_point_formats,
|
||||||
tvb, offset, ecpf_length,
|
tvb, offset, ecpf_length,
|
||||||
"Elliptic curves point formats (%d)",
|
"Elliptic curves point formats (%d)",
|
||||||
ecpf_length);
|
ecpf_length);
|
||||||
|
@ -7467,7 +7484,7 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t
|
||||||
offset = ssl_dissect_hnd_hello_ext_status_request_v2(hf, tvb, ext_tree, offset);
|
offset = ssl_dissect_hnd_hello_ext_status_request_v2(hf, tvb, ext_tree, offset);
|
||||||
break;
|
break;
|
||||||
case SSL_HND_HELLO_EXT_SUPPORTED_GROUPS:
|
case SSL_HND_HELLO_EXT_SUPPORTED_GROUPS:
|
||||||
offset = ssl_dissect_hnd_hello_ext_elliptic_curves(hf, tvb, ext_tree, offset);
|
offset = ssl_dissect_hnd_hello_ext_supported_groups(hf, tvb, pinfo, ext_tree, offset, next_offset);
|
||||||
break;
|
break;
|
||||||
case SSL_HND_HELLO_EXT_EC_POINT_FORMATS:
|
case SSL_HND_HELLO_EXT_EC_POINT_FORMATS:
|
||||||
offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset);
|
offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset);
|
||||||
|
|
|
@ -148,7 +148,7 @@ typedef enum {
|
||||||
#define SSL_HND_HELLO_EXT_CLIENT_AUTHZ 7
|
#define SSL_HND_HELLO_EXT_CLIENT_AUTHZ 7
|
||||||
#define SSL_HND_HELLO_EXT_SERVER_AUTHZ 8
|
#define SSL_HND_HELLO_EXT_SERVER_AUTHZ 8
|
||||||
#define SSL_HND_HELLO_EXT_CERT_TYPE 9
|
#define SSL_HND_HELLO_EXT_CERT_TYPE 9
|
||||||
#define SSL_HND_HELLO_EXT_SUPPORTED_GROUPS 10 /* renamed from "elliptic_curves (RFC7919)*/
|
#define SSL_HND_HELLO_EXT_SUPPORTED_GROUPS 10 /* renamed from "elliptic_curves" (RFC 7919 / TLS 1.3) */
|
||||||
#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 11
|
#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 11
|
||||||
#define SSL_HND_HELLO_EXT_SRP 12
|
#define SSL_HND_HELLO_EXT_SRP 12
|
||||||
#define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS 13
|
#define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS 13
|
||||||
|
@ -682,10 +682,11 @@ typedef struct ssl_common_dissect {
|
||||||
gint hs_ext_cert_types_len;
|
gint hs_ext_cert_types_len;
|
||||||
gint hs_ext_data;
|
gint hs_ext_data;
|
||||||
gint hs_ext_ec_point_format;
|
gint hs_ext_ec_point_format;
|
||||||
|
gint hs_ext_ec_point_formats;
|
||||||
gint hs_ext_ec_point_formats_len;
|
gint hs_ext_ec_point_formats_len;
|
||||||
gint hs_ext_elliptic_curve;
|
gint hs_ext_supported_group;
|
||||||
gint hs_ext_elliptic_curves;
|
gint hs_ext_supported_groups;
|
||||||
gint hs_ext_elliptic_curves_len;
|
gint hs_ext_supported_groups_len;
|
||||||
gint hs_ext_heartbeat_mode;
|
gint hs_ext_heartbeat_mode;
|
||||||
gint hs_ext_len;
|
gint hs_ext_len;
|
||||||
gint hs_ext_npn_str;
|
gint hs_ext_npn_str;
|
||||||
|
@ -790,7 +791,7 @@ typedef struct ssl_common_dissect {
|
||||||
gint hs_ext;
|
gint hs_ext;
|
||||||
gint hs_ext_alpn;
|
gint hs_ext_alpn;
|
||||||
gint hs_ext_cert_types;
|
gint hs_ext_cert_types;
|
||||||
gint hs_ext_curves;
|
gint hs_ext_groups;
|
||||||
gint hs_ext_curves_point_formats;
|
gint hs_ext_curves_point_formats;
|
||||||
gint hs_ext_npn;
|
gint hs_ext_npn;
|
||||||
gint hs_ext_reneg_info;
|
gint hs_ext_reneg_info;
|
||||||
|
@ -959,7 +960,7 @@ ssl_common_dissect_t name = { \
|
||||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||||
}, \
|
}, \
|
||||||
/* ett */ { \
|
/* ett */ { \
|
||||||
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
|
||||||
|
@ -998,18 +999,18 @@ ssl_common_dissect_t name = { \
|
||||||
FT_BYTES, BASE_NONE, NULL, 0x0, \
|
FT_BYTES, BASE_NONE, NULL, 0x0, \
|
||||||
"Hello Extension data", HFILL } \
|
"Hello Extension data", HFILL } \
|
||||||
}, \
|
}, \
|
||||||
{ & name .hf.hs_ext_elliptic_curves_len, \
|
{ & name .hf.hs_ext_supported_groups_len, \
|
||||||
{ "Elliptic Curves Length", prefix ".handshake.extensions_elliptic_curves_length", \
|
{ "Supported Groups List Length", prefix ".handshake.extensions_supported_groups_length", \
|
||||||
FT_UINT16, BASE_DEC, NULL, 0x0, \
|
FT_UINT16, BASE_DEC, NULL, 0x0, \
|
||||||
"Length of elliptic curves field", HFILL } \
|
NULL, HFILL } \
|
||||||
}, \
|
}, \
|
||||||
{ & name .hf.hs_ext_elliptic_curves, \
|
{ & name .hf.hs_ext_supported_groups, \
|
||||||
{ "Elliptic Curves List", prefix ".handshake.extensions_elliptic_curves", \
|
{ "Supported Groups List", prefix ".handshake.extensions_supported_groups", \
|
||||||
FT_NONE, BASE_NONE, NULL, 0x0, \
|
FT_NONE, BASE_NONE, NULL, 0x0, \
|
||||||
"List of elliptic curves supported", HFILL } \
|
"List of supported groups (formerly Supported Elliptic Curves)", HFILL } \
|
||||||
}, \
|
}, \
|
||||||
{ & name .hf.hs_ext_elliptic_curve, \
|
{ & name .hf.hs_ext_supported_group, \
|
||||||
{ "Elliptic curve", prefix ".handshake.extensions_elliptic_curve",\
|
{ "Supported Group", prefix ".handshake.extensions_supported_group", \
|
||||||
FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \
|
FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \
|
||||||
NULL, HFILL } \
|
NULL, HFILL } \
|
||||||
}, \
|
}, \
|
||||||
|
@ -1018,6 +1019,11 @@ ssl_common_dissect_t name = { \
|
||||||
FT_UINT8, BASE_DEC, NULL, 0x0, \
|
FT_UINT8, BASE_DEC, NULL, 0x0, \
|
||||||
"Length of elliptic curves point formats field", HFILL } \
|
"Length of elliptic curves point formats field", HFILL } \
|
||||||
}, \
|
}, \
|
||||||
|
{ & name .hf.hs_ext_ec_point_formats, \
|
||||||
|
{ "EC point formats", prefix ".handshake.extensions_ec_point_formats", \
|
||||||
|
FT_NONE, BASE_NONE, NULL, 0x0, \
|
||||||
|
"List of elliptic curves point format", HFILL } \
|
||||||
|
}, \
|
||||||
{ & name .hf.hs_ext_ec_point_format, \
|
{ & name .hf.hs_ext_ec_point_format, \
|
||||||
{ "EC point format", prefix ".handshake.extensions_ec_point_format", \
|
{ "EC point format", prefix ".handshake.extensions_ec_point_format", \
|
||||||
FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, \
|
FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, \
|
||||||
|
@ -1587,7 +1593,7 @@ ssl_common_dissect_t name = { \
|
||||||
& name .ett.hs_ext, \
|
& name .ett.hs_ext, \
|
||||||
& name .ett.hs_ext_alpn, \
|
& name .ett.hs_ext_alpn, \
|
||||||
& name .ett.hs_ext_cert_types, \
|
& name .ett.hs_ext_cert_types, \
|
||||||
& name .ett.hs_ext_curves, \
|
& name .ett.hs_ext_groups, \
|
||||||
& name .ett.hs_ext_curves_point_formats, \
|
& name .ett.hs_ext_curves_point_formats, \
|
||||||
& name .ett.hs_ext_npn, \
|
& name .ett.hs_ext_npn, \
|
||||||
& name .ett.hs_ext_reneg_info, \
|
& name .ett.hs_ext_reneg_info, \
|
||||||
|
|
Loading…
Reference in New Issue