diff options
| author | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2016-11-12 17:04:14 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2016-12-31 07:36:57 +0000 |
| commit | 6a5fcc5a38936d940e4fa50294be0648a3ab6ea9 (patch) | |
| tree | 93f8a2c17626fddee2bde9d593155f0dca15a9b7 | |
| parent | f4b0abc7296bbb431e64e31f85b24c29196c2ae4 (diff) | |
TLS(1.3): Add PSK Key Exchanges Modes (45) hello extension
Ping-Bug: 12779
Change-Id: Ie797a437240e5530d74e3039f12a60a6f0395d0a
Reviewed-on: https://code.wireshark.org/review/18916
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 40 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 15 |
2 files changed, 53 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 32984f208a..04a0c3ed37 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -1172,6 +1172,7 @@ const value_string tls_hello_extension_types[] = { { SSL_HND_HELLO_EXT_EARLY_DATA, "early_data" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */ { SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS, "supported_versions" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */ { SSL_HND_HELLO_EXT_COOKIE, "cookie" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */ + { SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES, "psk_key_exchange_modes" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */ { SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-03.html */ { SSL_HND_HELLO_EXT_CHANNEL_ID_OLD, "channel_id_old" }, /* http://tools.ietf.org/html/draft-balfanz-tls-channelid-00 https://twitter.com/ericlaw/status/274237352531083264 */ @@ -1187,7 +1188,7 @@ const value_string tls_hello_ext_server_name_type_vs[] = { { 0, NULL } }; -/* draft-ietf-tls-tls13-15 4.2.5 */ +/* draft-ietf-tls-tls13-18 4.2.7 */ const value_string tls_hello_ext_psk_ke_mode[] = { { 0, "PSK-only key establishment (psk_ke)" }, { 1, "PSK key establishment with (EC)DHE key establishment (psk_dhe_ke)" }, @@ -5692,6 +5693,40 @@ ssl_dissect_hnd_hello_ext_cookie(ssl_common_dissect_t *hf, tvbuff_t *tvb, return offset; } +static gint +ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len) +{ + /* + * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; + * + * struct { + * PskKeyExchangeMode ke_modes<1..255>; + * } PskKeyExchangeModes; + */ + guint32 offset_end = offset + ext_len; + guint32 ke_modes_length, i; + + if (ext_len < 1) { + /* XXX expert info, there must be at least 1 ke mode */ + return offset; + } + + proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_psk_ke_modes_len, tvb, offset, 1, ENC_NA, &ke_modes_length); + offset += 1; + + if (ke_modes_length > offset_end - offset) { + ke_modes_length = offset_end - offset; + /* XXX expert info: size too large */ + } + + for (i = 0; i < ke_modes_length; i++) { + proto_tree_add_item(tree, hf->hf.hs_ext_psk_ke_mode, tvb, offset, 1, ENC_NA); + offset += 1; + } + + return offset; +} static gint ssl_dissect_hnd_hello_ext_server_name(ssl_common_dissect_t *hf, tvbuff_t *tvb, @@ -6852,6 +6887,9 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t case SSL_HND_HELLO_EXT_COOKIE: offset = ssl_dissect_hnd_hello_ext_cookie(hf, tvb, ext_tree, offset, ext_len); break; + case SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES: + offset = ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(hf, tvb, ext_tree, offset, ext_len); + break; case SSL_HND_HELLO_EXT_DRAFT_VERSION_TLS13: proto_tree_add_item(ext_tree, hf->hf.hs_ext_draft_version_tls13, tvb, offset, 2, ENC_BIG_ENDIAN); diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 28d197a20b..c1808ed90d 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -171,6 +171,7 @@ typedef enum { #define SSL_HND_HELLO_EXT_EARLY_DATA 42 #define SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS 43 #define SSL_HND_HELLO_EXT_COOKIE 44 +#define SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES 45 #define SSL_HND_HELLO_EXT_NPN 13172 /* 0x3374 */ #define SSL_HND_HELLO_EXT_CHANNEL_ID_OLD 30031 /* 0x754f */ #define SSL_HND_HELLO_EXT_CHANNEL_ID 30032 /* 0x7550 */ @@ -761,6 +762,8 @@ typedef struct ssl_common_dissect { /* TLS 1.3 */ gint hs_ext_draft_version_tls13; + gint hs_ext_psk_ke_modes_len; + gint hs_ext_psk_ke_mode; /* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_HF_LIST! */ } hf; @@ -896,7 +899,7 @@ ssl_common_dissect_t name = { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ - -1, -1, -1, -1, -1, -1, \ + -1, -1, -1, -1, -1, -1, -1, -1, \ }, \ /* ett */ { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ @@ -1500,6 +1503,16 @@ ssl_common_dissect_t name = { \ { "Draft version of TLS 1.3", prefix ".extension.draft_version_tls13", \ FT_UINT16, BASE_DEC, NULL, 0x0, \ "Indicate the version of draft supported by client", HFILL } \ + }, \ + { & name .hf.hs_ext_psk_ke_modes_len, \ + { "PSK Key Exchange Modes Length", prefix ".handshake.psk_ke_modes_len", \ + FT_UINT8, BASE_DEC, NULL, 0x0, \ + NULL, HFILL } \ + }, \ + { & name .hf.hs_ext_psk_ke_mode, \ + { "PSK Key Exchange Mode", prefix ".handshake.psk_ke_mode", \ + FT_UINT8, BASE_DEC, VALS(tls_hello_ext_psk_ke_mode), 0x0, \ + "Key exchange modes where the client supports use of PSKs", HFILL } \ } /* }}} */ |