diff options
author | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2017-07-24 21:14:30 +0200 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2017-08-12 13:50:45 +0000 |
commit | 6bdd072803b4f9964416c89a36be66f8643fd4c7 (patch) | |
tree | e4be0cc28beb0a6efd9afa556e2467edcc51651a /epan/dissectors/packet-ssl-utils.c | |
parent | c09538e48c6fe241cec0af29294f4f7eaf4a3b83 (diff) |
TLS: Add QUIC Transport Parameters
See https://tools.ietf.org/html/draft-ietf-quic-tls
Bug: 13881
Change-Id: Id8ae5cdc2f7232e5db28846e528ae378fc0ac58d
Reviewed-on: https://code.wireshark.org/review/22780
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.c')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index cd94d70fc1..ceb94619ea 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -1203,6 +1203,7 @@ const value_string tls_hello_extension_types[] = { { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET, "extended_master_secret" }, /* RFC 7627 */ { SSL_HND_HELLO_EXT_TOKEN_BINDING, "token_binding" }, /* https://tools.ietf.org/html/draft-ietf-tokbind-negotiation */ { SSL_HND_HELLO_EXT_CACHED_INFO, "cached_info" }, /* RFC 7924 */ + { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS, "quic_transports_parameters" }, /* https://tools.ietf.org/html/draft-ietf-quic-tls */ { SSL_HND_HELLO_EXT_SESSION_TICKET_TLS, "SessionTicket TLS" }, /* RFC 4507 */ { SSL_HND_HELLO_EXT_KEY_SHARE, "key_share" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */ { SSL_HND_HELLO_EXT_PRE_SHARED_KEY, "pre_shared_key" }, /* TLS 1.3 https://tools.ietf.org/html/draft-ietf-tls-tls13 */ @@ -1395,6 +1396,16 @@ static const ssl_alpn_protocol_t ssl_alpn_protocols[] = { { "h2", TRUE, "http2" }, /* final version */ }; +const value_string quic_transport_parameter_id[] = { + { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA, "initial_max_stream_data" }, + { SSL_HND_QUIC_TP_INITIAL_MAX_DATA, "initial_max_data" }, + { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_ID, "initial_max_stream_id" }, + { SSL_HND_QUIC_TP_IDLE_TIMEOUT, "idle_timeout" }, + { SSL_HND_QUIC_TP_OMIT_CONNECTION_ID, "omit_connection_id" }, + { SSL_HND_QUIC_TP_MAX_PACKET_SIZE, "max_packet_size" }, + { 0, NULL } +}; + /* Lookup tables }}} */ /* we keep this internal to packet-ssl-utils, as there should be @@ -6315,6 +6326,149 @@ ssl_dissect_hnd_hello_ext_cert_type(ssl_common_dissect_t *hf, tvbuff_t *tvb, return offset; } +static guint32 +ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, guint32 offset, guint32 offset_end, + guint8 hnd_type, SslDecryptSession *ssl _U_) +{ + guint32 quic_length, parameter_length, supported_versions_length, next_offset; + + /* https://tools.ietf.org/html/draft-ietf-quic-transport-04#section-7.3 + * uint32 QuicVersion; + * enum { + * initial_max_stream_data(0), + * initial_max_data(1), + * initial_max_stream_id(2), + * idle_timeout(3), + * truncate_connection_id(4), + * max_packet_size(5), + * (65535) + * } TransportParameterId; + * + * struct { + * TransportParameterId parameter; + * opaque value<0..2^16-1>; + * } TransportParameter; + * + * struct { + * select (Handshake.msg_type) { + * case client_hello: + * QuicVersion negotiated_version; + * QuicVersion initial_version; + * + * case encrypted_extensions: + * QuicVersion supported_versions<2..2^8-4>; + * }; + * TransportParameter parameters<30..2^16-1>; + * } TransportParameters; + */ + switch (hnd_type) { + case SSL_HND_CLIENT_HELLO: + proto_tree_add_item(tree, hf->hf.hs_ext_quictp_negotiated_version, + tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + proto_tree_add_item(tree, hf->hf.hs_ext_quictp_initial_version, + tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + break; + case SSL_HND_ENCRYPTED_EXTENSIONS: + /* QuicVersion supported_versions<2..2^8-4>;*/ + if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &supported_versions_length, + hf->hf.hs_ext_quictp_supported_versions_len, 2, G_MAXUINT8-3)) { + return offset_end; + } + offset += 1; + next_offset = offset + supported_versions_length; + + while (offset < next_offset) { + proto_tree_add_item(tree, hf->hf.hs_ext_quictp_supported_versions, + tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + } + break; + case SSL_HND_NEWSESSION_TICKET: + break; + default: + return offset; + } + + /* TransportParameter parameters<30..2^16-1>; */ + if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &quic_length, + hf->hf.hs_ext_quictp_len, 30, G_MAXUINT16)) { + return offset_end; + } + offset += 2; + next_offset = offset + quic_length; + + while (offset < next_offset) { + guint32 parameter_type; + proto_tree *parameter_tree; + + parameter_tree = proto_tree_add_subtree(tree, tvb, offset, 4, hf->ett.hs_ext_quictp_parameter, + NULL, "Parameter"); + /* TransportParameterId parameter */ + proto_tree_add_item_ret_uint(parameter_tree, hf->hf.hs_ext_quictp_parameter_type, + tvb, offset, 2, ENC_BIG_ENDIAN, ¶meter_type); + offset += 2; + proto_item_append_text(parameter_tree, ": %s", val_to_str(parameter_type, quic_transport_parameter_id, "Unknown")); + + /* opaque value<0..2^16-1> */ + if (!ssl_add_vector(hf, tvb, pinfo, parameter_tree, offset, next_offset, ¶meter_length, + hf->hf.hs_ext_quictp_parameter_len, 0, G_MAXUINT16)) { + return next_offset; + } + offset += 2; + proto_item_append_text(parameter_tree, " (len=%u)", parameter_length); + + proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_value, + tvb, offset, parameter_length, ENC_NA); + + switch (parameter_type) { + case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA: + proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data, + tvb, offset, 4, ENC_BIG_ENDIAN); + proto_item_append_text(parameter_tree, " %u", tvb_get_ntohl(tvb, offset)); + offset += 4; + break; + case SSL_HND_QUIC_TP_INITIAL_MAX_DATA: + proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_data, + tvb, offset, 4, ENC_BIG_ENDIAN); + proto_item_append_text(parameter_tree, " %u", tvb_get_ntohl(tvb, offset)); + offset += 4; + break; + case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_ID: + proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_id, + tvb, offset, 4, ENC_BIG_ENDIAN); + proto_item_append_text(parameter_tree, " %u", tvb_get_ntohl(tvb, offset)); + offset += 4; + break; + case SSL_HND_QUIC_TP_IDLE_TIMEOUT: + proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_idle_timeout, + tvb, offset, 2, ENC_BIG_ENDIAN); + proto_item_append_text(parameter_tree, " %u secs", tvb_get_ntohs(tvb, offset)); + offset += 2; + break; + case SSL_HND_QUIC_TP_OMIT_CONNECTION_ID: + /* No Payload */ + break; + case SSL_HND_QUIC_TP_MAX_PACKET_SIZE: + proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_packet_size, + tvb, offset, 2, ENC_BIG_ENDIAN); + proto_item_append_text(parameter_tree, " %u", tvb_get_ntohs(tvb, offset)); + /*TODO display expert info about invalid value (< 1252 or >65527) ? */ + offset += 2; + break; + default: + offset += parameter_length; + /*TODO display expert info about unknown ? */ + break; + } + + } + + return offset; +} + static gint ssl_dissect_hnd_hello_common(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset, @@ -7623,6 +7777,9 @@ ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t } } break; + case SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS: + offset = ssl_dissect_hnd_hello_ext_quic_transport_parameters(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); + break; case SSL_HND_HELLO_EXT_SESSION_TICKET_TLS: offset = ssl_dissect_hnd_hello_ext_session_ticket(hf, tvb, ext_tree, offset, next_offset, hnd_type, ssl); break; |