From Hauke Mehrtens
1. dtls: set ssl_set_server() in DTLS dissector so wireshark knows if this is client or server
2. SSL: add decrypt support for CCM and CCM_8 Ciphers per rfc 6655
3. dtls: add psk decrypt support
svn path=/trunk/; revision=53836
Add RFC6066 CertificateUrl TLS extension
This is not supported by OpenSSL or NSS, the extension itself seems
unsafe, but some implementations seem to support it[1].
Untested, no capture available.
[1]: http://www.ietf.org/mail-archive/web/tls/current/msg02535.html
svn path=/trunk/; revision=53417
Add status_request_v2 TLS extension dissection (RFC6961)
Besides adding status_request_v2 support, this patch moves the
Certificate Status Type from the OCSP Status subtree to its parent
(the extension tree). This is needed because this type applies to all
OCSPResponse fields.
The check for "tree != NULL" seems unnecessary here, it was not
clarified in the original patch so I removed it.
From me
Fix typo
Remove unneeded tvb_ensure_bytes_exist
Use proto_tree_add_item
svn path=/trunk/; revision=53416
Add TLS StatusRequest (RFC6066) ClientHello extension recognition
Only empty Responder ID lists and empty Request Extensions are
implemented. I could not really find existing clients or servers that
populate these.
This status_request extension has a different signature for a
ClientHello and ServerHello, in the latter the extension_data field
must be empty. Therefore an additional parameter is added to
dissect_ssl3_hnd_hello_ext.
From me :
Fix typo
svn path=/trunk/; revision=53415
Really add support for AEAD ciphers (GCM)
GCM uses counter mode with authentication tags (the latter is currently
not supported). As for the key material, there is no MAC (because the
auth tag is supposed to verify the authenticity).
Finally, correct the GCM cipher suite definitions: IV block size of
4 bytes and GCM instead of CBC mode.
svn path=/trunk/; revision=52150
Use IV from record for CBC mode, add padding/IV length check
Add summary of RFCs to make it more obvious why certain parts (IV, MAC,
padding) are used. Merge DTLS and TLS blocks for extracting IV. This
saves an unnecessary memmove() because the input pointer is, well, just
a local variable and can therefore be incremented.
Validate padding and IV lengths before using it. A crash could occur
if the explicit IV is missing (this would make memmove write before its
buffer). The missing padding check had as implication that a misleading
error is returning with a negative length (not exploitable).
Use IV from record for CBC mode, previously it decrypted the first block
incorrectly and then threw this "decrypted" IV away. Now it extracts the
IV and uses this for decrypting the first fragment block. (remember that
CBC xor's the output of the block cipher with the previous ciphertext
(or IV for the first block)).
This is a preparation for GCM which does not have a MAC. The skip_mac
branch is necessary to make the compiler happy in this patch, 'mac'
could otherwise be uninitialised.
svn path=/trunk/; revision=52149
Drop export_cipher and dig_len, cleaner digest access
Removed dig_len as this magic number is dependent on dig. The digests
variable is converted from a string to a structure holding the digest
name and length because of its close dependency.
Introduce another struct+function to get rid of the magic number 0x40
(DIG_MD5).
Removed export_cipher bit as this is dependent on eff_bits < bits.
Verified with:
grep ,KEX_ packet-ssl-utils.c | awk -F, '{bits=$6!=$7;ex=$9;
if ((bits && !ex) || (!bits && ex))print $6, $7, $8, "###", $0}'.
Removed space before SIG_RSA for cipher 51 for consistency with others.
svn path=/trunk/; revision=52147
Add more TLS cipher suites (SEED, AES-GCM, ECC)
- cipher suites from `RFC 5246 - TLS 1.2`
- cipher suites 150-155 are taken from: RFC 4162 - SEED for TLS
- cipher suites 156-167 are taken from: RFC 5288 - AES-GCM Cipher suites
- cipher suites 49153-49177 are taken from: RFC 4492 - ECC for TLS
- cipher suites 49195-49202 are taken from RFC 5289 - ECC with SHA256/384 and AES GCM
svn path=/trunk/; revision=52049
dissect TLS/signature_algorithms extension
from me
separate function for dissecting the algorithm list
remove some unnecessary checks and variables
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9092
svn path=/trunk/; revision=51634
Support dissection of TLS Application Layer Protocol Negotiation
from me:
fix indentation, add check for minimum ext_len, encoding for string hf
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9051
svn path=/trunk/; revision=51458
[PATCH 3/8]
Detect PSK and RSA_PSK key exchange
[PATCH 4/8]
Dissect the identity hint for PSK and RSA_PSK key exchanges
[From me]
Using proto_tree_add_item instead of proto_tree_add_uint in one place
svn path=/trunk/; revision=49173
implemented, start replacing emem with wmem in dissectors.
Also remove emem.h include from a few files that didn't actually need it.
More to come once in hopefully large batches once I figure out the
appropriate regexes.
svn path=/trunk/; revision=49009
Enable decryption of TLS 1.2.
Add some cipher suites from RFC5246 and RFC5289.
Fixed a bug in the handling of stream cipher.
(The explicit IV field in the application record doesn't exist when stream ciphers are used. But the original code handles it as if one-byte IV exists.)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6688
svn path=/trunk/; revision=40273
From Marc Petit-Huguenin:
- Removed directResponseForwarding.
- The certificate_type enum is now defined as RFC 6091's CertificateType
so moved the definition to packet-ssl-utils.[ch].
- Fixed invalid values for CERTIFICATE_BY_NODE and CERTIFICATE_BY_USER
Kinds.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5967
svn path=/trunk/; revision=37452
This patch adds support for getting the pre-master secret of a TLS
connection from a log file. Currently Wireshark can decrypt and TLS
connection only if it has the server's private key.
I commonly have a use case where I control the TLS client, but not the
server. In order to decrypt in this case, I've added support to NSS
(used by Chrome and Firefox) to log the keys to a file on disk:
https://bugzilla.mozilla.org/show_bug.cgi?id=536474
Given this file, Wireshark can then decrypt the resulting TLS connections.
The format is such that Wireshark opens and linearly scans the file each
time it sees a ClientKeyExchange. If the key log grows too large, this
is pretty inefficient. However, it's simple and the number of
interesting TLS connections when debugging is usually very small.
svn path=/trunk/; revision=36876
- Support for DTLS and SSL RSA keys list using User Accessible Table
- Support for IPv6 SSL as posted by bug#3343 comment#1
- 'any' and 'anyipv4' for IPv4 wildcard
- 'anyipv6' for IPv6 wildcard
- UAT fields validation.
From me:
- Update paramaters to match UAT API changes.
- Change the UAT filename.
- Fix buffer overflow for IPv6 addresses.
- Allow the use of hostnames along with numeric addresses.
- Don't convert strings to addresses twice.
- Don't use the same variable name for different data types.
- Make "any" mean "any IPv4 or any IPv6".
- Bend the concept of obsolete preferences slightly so that we can convert
and old-style key list to a UAT.
- Clean up whitespace.
- Don't point to a User's Guide section for now; it may make more sense to
keep using the wiki page.
SSL dissector changes have been tested. DTLS dissector changes have not.
svn path=/trunk/; revision=36875
Michael Mann