diff options
author | Peter Wu <peter@lekensteyn.nl> | 2018-01-14 13:44:38 +0100 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2018-01-14 14:43:12 +0000 |
commit | e8089003caf0ab2eb1f2afa2d548422cb4377ab9 (patch) | |
tree | 5a6a24ed73d8f44c98d2ed5b9e787be4b4de00a6 | |
parent | d06b60db7151a6d79697866da15afa23cd99c703 (diff) |
TLS13: update for draft -23 (new version and extensions)
Renumber key_share extension, display the old codepoint as "Reserved
(key_share)" in case an older draft version is loaded. The old codepoint
(40) was apparently used for different purposes:
https://www.ietf.org/mail-archive/web/tls/current/msg25168.html
Add a new "signature_algorithms_cert" extension which is similar to
"signature_algorithms", except that it advertises the supported
algorithms in certificates rather than handshake messages.
Change-Id: Ibbb09100e2540deea8f652ba0685feadb68f33e7
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/25309
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 18 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 4 |
2 files changed, 16 insertions, 6 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 804ce57b86..fa3c8978a2 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -103,6 +103,7 @@ const value_string ssl_versions[] = { { 0x7F14, "TLS 1.3 (draft 20)" }, { 0x7F15, "TLS 1.3 (draft 21)" }, { 0x7F16, "TLS 1.3 (draft 22)" }, + { 0x7F17, "TLS 1.3 (draft 23)" }, { DTLSV1DOT0_OPENSSL_VERSION, "DTLS 1.0 (OpenSSL pre 0.9.8f)" }, { DTLSV1DOT0_VERSION, "DTLS 1.0" }, { DTLSV1DOT2_VERSION, "DTLS 1.2" }, @@ -1212,7 +1213,7 @@ const value_string tls_hello_extension_types[] = { { SSL_HND_HELLO_EXT_CACHED_INFO, "cached_info" }, /* RFC 7924 */ { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS, "quic_transports_parameters" }, /* https://tools.ietf.org/html/draft-ietf-quic-tls */ { SSL_HND_HELLO_EXT_SESSION_TICKET_TLS, "SessionTicket TLS" }, /* RFC 4507 */ - { SSL_HND_HELLO_EXT_KEY_SHARE, "key_share" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */ + { SSL_HND_HELLO_EXT_KEY_SHARE_OLD, "Reserved (key_share)" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-22 */ { SSL_HND_HELLO_EXT_PRE_SHARED_KEY, "pre_shared_key" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */ { SSL_HND_HELLO_EXT_EARLY_DATA, "early_data" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */ { SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS, "supported_versions" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */ @@ -1222,6 +1223,8 @@ const value_string tls_hello_extension_types[] = { { SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES, "certificate_authorities" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.2.3.1 */ { SSL_HND_HELLO_EXT_OID_FILTERS, "oid_filters" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.3.2.1 */ { SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH, "post_handshake_auth" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-20#section-4.2.5 */ + { SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT, "signature_algorithms_cert" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-23 */ + { SSL_HND_HELLO_EXT_KEY_SHARE, "key_share" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-23 */ { SSL_HND_HELLO_EXT_GREASE_0A0A, "Reserved (GREASE)" }, /* https://tools.ietf.org/html/draft-ietf-tls-grease */ { SSL_HND_HELLO_EXT_GREASE_1A1A, "Reserved (GREASE)" }, /* https://tools.ietf.org/html/draft-ietf-tls-grease */ { SSL_HND_HELLO_EXT_GREASE_2A2A, "Reserved (GREASE)" }, /* https://tools.ietf.org/html/draft-ietf-tls-grease */ @@ -1286,7 +1289,7 @@ const value_string tls_signature_algorithm[] = { { 0, NULL } }; -/* https://tools.ietf.org/html/draft-ietf-tls-tls13-21#section-4.2.3 */ +/* https://tools.ietf.org/html/draft-ietf-tls-tls13-23#section-4.2.3 */ const value_string tls13_signature_algorithm[] = { { 0x0201, "rsa_pkcs1_sha1" }, { 0x0203, "ecdsa_sha1" }, @@ -1296,11 +1299,14 @@ const value_string tls13_signature_algorithm[] = { { 0x0503, "ecdsa_secp384r1_sha384" }, { 0x0601, "rsa_pkcs1_sha512" }, { 0x0603, "ecdsa_secp521r1_sha512" }, - { 0x0804, "rsa_pss_sha256" }, - { 0x0805, "rsa_pss_sha384" }, - { 0x0806, "rsa_pss_sha512" }, + { 0x0804, "rsa_pss_rsae_sha256" }, + { 0x0805, "rsa_pss_rsae_sha384" }, + { 0x0806, "rsa_pss_rsae_sha512" }, { 0x0807, "ed25519" }, { 0x0808, "ed448" }, + { 0x0809, "rsa_pss_pss_sha256" }, + { 0x080a, "rsa_pss_pss_sha384" }, + { 0x080b, "rsa_pss_pss_sha512" }, { 0, NULL } }; @@ -8062,6 +8068,7 @@ ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset); break; case SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS: + case SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT: /* since TLS 1.3 draft -23 */ offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, pinfo, offset, next_offset); break; case SSL_HND_HELLO_EXT_USE_SRTP: @@ -8125,6 +8132,7 @@ ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t case SSL_HND_HELLO_EXT_SESSION_TICKET_TLS: offset = ssl_dissect_hnd_hello_ext_session_ticket(hf, tvb, ext_tree, offset, next_offset, hnd_type, ssl); break; + case SSL_HND_HELLO_EXT_KEY_SHARE_OLD: /* used before TLS 1.3 draft -23 */ case SSL_HND_HELLO_EXT_KEY_SHARE: offset = ssl_dissect_hnd_hello_ext_key_share(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); break; diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 504f2bb714..741f25df15 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -167,7 +167,7 @@ typedef enum { /* 26-34 Unassigned*/ #define SSL_HND_HELLO_EXT_SESSION_TICKET_TLS 35 /* TLS 1.3 draft */ -#define SSL_HND_HELLO_EXT_KEY_SHARE 40 +#define SSL_HND_HELLO_EXT_KEY_SHARE_OLD 40 #define SSL_HND_HELLO_EXT_PRE_SHARED_KEY 41 #define SSL_HND_HELLO_EXT_EARLY_DATA 42 #define SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS 43 @@ -177,6 +177,8 @@ typedef enum { #define SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES 47 #define SSL_HND_HELLO_EXT_OID_FILTERS 48 #define SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH 49 +#define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT 50 +#define SSL_HND_HELLO_EXT_KEY_SHARE 51 #define SSL_HND_HELLO_EXT_GREASE_0A0A 2570 #define SSL_HND_HELLO_EXT_GREASE_1A1A 6682 #define SSL_HND_HELLO_EXT_GREASE_2A2A 10794 |