diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2014-07-13 11:37:08 +0200 |
|---|---|---|
| committer | Evan Huus <eapache@gmail.com> | 2014-07-23 20:50:38 +0000 |
| commit | 5e3b04449a418d69aa79bdd20a7ba491121c700b (patch) | |
| tree | 0b00a6c45124ad5e2f43ea76fe0580d1a97a4f23 /epan | |
| parent | 90e46f4a4a4b83aa70398855da60bf166d4348db (diff) | |
ssl,dtls: move Session Ticket to ssl-utils
Changes:
- dtls: also support saving session tickets.
- Drop the length check and let proto_tree_add_item throw exceptions
on length errors.
- Use proto_tree_add_item instead of proto_tree_add_uint.
- Drop "TLS" from header field descriptions, the RFC does not name it
as such and DTLS can also use it (a draft is in progress that extends
DTLS with Session Tickets,
draft-hummen-dtls-extended-session-resumption-01).
Change-Id: I11195217368b7200821d11289b1c5870a1ffe637
Reviewed-on: https://code.wireshark.org/review/3029
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-dtls.c | 55 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 37 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 31 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl.c | 69 |
4 files changed, 72 insertions, 120 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index f060a8baef..7ed7a9ae71 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -104,9 +104,6 @@ static gint hf_dtls_handshake_length = -1; static gint hf_dtls_handshake_message_seq = -1; static gint hf_dtls_handshake_fragment_offset = -1; static gint hf_dtls_handshake_fragment_length = -1; -static gint hf_dtls_handshake_session_ticket_lifetime_hint = -1; -static gint hf_dtls_handshake_session_ticket_len = -1; -static gint hf_dtls_handshake_session_ticket = -1; static gint hf_dtls_handshake_finished = -1; /* static gint hf_dtls_handshake_md5_hash = -1; */ /* static gint hf_dtls_handshake_sha_hash = -1; */ @@ -137,7 +134,6 @@ static gint ett_dtls_record = -1; static gint ett_dtls_alert = -1; static gint ett_dtls_handshake = -1; static gint ett_dtls_heartbeat = -1; -static gint ett_dtls_new_ses_ticket = -1; static gint ett_dtls_certs = -1; static gint ett_dtls_fragment = -1; @@ -313,10 +309,6 @@ static int dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, guint32 offset, SslDecryptSession* ssl); -static void dissect_dtls_hnd_new_ses_ticket(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - static void dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset, @@ -1351,7 +1343,9 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_NEWSESSION_TICKET: - dissect_dtls_hnd_new_ses_ticket(sub_tvb, ssl_hand_tree, 0, length); + ssl_dissect_hnd_new_ses_ticket(&dissect_dtls_hf, sub_tvb, + ssl_hand_tree, 0, ssl, + dtls_session_hash); break; case SSL_HND_CERTIFICATE: @@ -1527,33 +1521,6 @@ dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree, } static void -dissect_dtls_hnd_new_ses_ticket(tvbuff_t *tvb, - proto_tree *tree, guint32 offset, guint32 length) -{ - guint nst_len; - proto_tree *subtree; - - - nst_len = tvb_get_ntohs(tvb, offset+4); - if (6 + nst_len != length) { - return; - } - - subtree = proto_tree_add_subtree(tree, tvb, offset, 6+nst_len, ett_dtls_new_ses_ticket, NULL, "TLS Session Ticket"); - - proto_tree_add_item(subtree, hf_dtls_handshake_session_ticket_lifetime_hint, - tvb, offset, 4, ENC_BIG_ENDIAN); - offset += 4; - - proto_tree_add_uint(subtree, hf_dtls_handshake_session_ticket_len, - tvb, offset, 2, nst_len); - /* Content depends on implementation, so just show data! */ - proto_tree_add_item(subtree, hf_dtls_handshake_session_ticket, - tvb, offset + 2, nst_len, ENC_NA); -} - - -static void dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset, const SslSession *session) { @@ -1808,21 +1775,6 @@ proto_register_dtls(void) FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, - { &hf_dtls_handshake_session_ticket_lifetime_hint, - { "Session Ticket Lifetime Hint", "dtls.handshake.session_ticket_lifetime_hint", - FT_UINT32, BASE_DEC, NULL, 0x0, - "New DTLS Session Ticket Lifetime Hint", HFILL } - }, - { &hf_dtls_handshake_session_ticket_len, - { "Session Ticket Length", "dtls.handshake.session_ticket_length", - FT_UINT16, BASE_DEC, NULL, 0x0, - "New DTLS Session Ticket Length", HFILL } - }, - { &hf_dtls_handshake_session_ticket, - { "Session Ticket", "dtls.handshake.session_ticket", - FT_BYTES, BASE_NONE, NULL, 0x0, - "New DTLS Session Ticket", HFILL } - }, { &hf_dtls_handshake_finished, { "Verify Data", "dtls.handshake.verify_data", FT_NONE, BASE_NONE, NULL, 0x0, @@ -1914,7 +1866,6 @@ proto_register_dtls(void) &ett_dtls_alert, &ett_dtls_handshake, &ett_dtls_heartbeat, - &ett_dtls_new_ses_ticket, &ett_dtls_certs, &ett_dtls_fragment, &ett_dtls_fragments, diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 66bd711d45..bfb5c17712 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -5421,6 +5421,43 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, } void +ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, + SslDecryptSession *ssl, GHashTable *session_hash) +{ + proto_tree *subtree; + guint16 ticket_len; + + /* length of session ticket, may be 0 if the server has sent the + * SessionTicket extension, but decides not to use one. */ + ticket_len = tvb_get_ntohs(tvb, offset + 4); + subtree = proto_tree_add_subtree(tree, tvb, offset, 6 + ticket_len, + hf->ett.session_ticket, NULL, + "TLS Session Ticket"); + + /* ticket lifetime hint */ + proto_tree_add_item(subtree, hf->hf.hs_session_ticket_lifetime_hint, + tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + + /* opaque ticket (length, data) */ + proto_tree_add_item(subtree, hf->hf.hs_session_ticket_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + /* Content depends on implementation, so just show data! */ + proto_tree_add_item(subtree, hf->hf.hs_session_ticket, + tvb, offset, ticket_len, ENC_NA); + /* save the session ticket to cache */ + if (ssl) { + ssl->session_ticket.data = (guchar*)wmem_realloc(wmem_file_scope(), + ssl->session_ticket.data, ticket_len); + tvb_memcpy(tvb, ssl->session_ticket.data, offset, ticket_len); + ssl->session_ticket.data_len = ticket_len; + ssl_save_session_ticket(ssl, session_hash); + } +} + +void ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo, const SslSession *session, gint is_from_server) diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 2632944c8e..6d336249c6 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -700,6 +700,9 @@ typedef struct ssl_common_dissect { gint hs_comp_methods_len; gint hs_comp_methods; gint hs_comp_method; + gint hs_session_ticket_lifetime_hint; + gint hs_session_ticket_len; + gint hs_session_ticket; /* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_HF_LIST! */ } hf; @@ -723,6 +726,7 @@ typedef struct ssl_common_dissect { gint hs_random; gint cipher_suites; gint comp_methods; + gint session_ticket; /* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_ETT_LIST! */ } ett; @@ -756,6 +760,12 @@ ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, SslSession *session, SslDecryptSession *ssl); extern void +ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, + proto_tree *tree, guint32 offset, + SslDecryptSession *ssl, + GHashTable *session_hash); + +extern void ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo, const SslSession *session, gint is_from_server); @@ -787,11 +797,11 @@ ssl_common_dissect_t name = { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ }, \ /* ett */ { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ - -1, -1, -1, \ + -1, -1, -1, -1, \ }, \ /* ei */ { \ EI_INIT, EI_INIT, EI_INIT, \ @@ -1260,6 +1270,22 @@ ssl_common_dissect_t name = { \ { "Compression Method", prefix ".handshake.comp_method", \ FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0, \ NULL, HFILL } \ + }, \ + { & name .hf.hs_session_ticket_lifetime_hint, \ + { "Session Ticket Lifetime Hint", \ + prefix ".handshake.session_ticket_lifetime_hint", \ + FT_UINT32, BASE_DEC, NULL, 0x0, \ + "New Session Ticket Lifetime Hint", HFILL } \ + }, \ + { & name .hf.hs_session_ticket_len, \ + { "Session Ticket Length", prefix ".handshake.session_ticket_length", \ + FT_UINT16, BASE_DEC, NULL, 0x0, \ + "New Session Ticket Length", HFILL } \ + }, \ + { & name .hf.hs_session_ticket, \ + { "Session Ticket", prefix ".handshake.session_ticket", \ + FT_BYTES, BASE_NONE, NULL, 0x0, \ + "New Session Ticket", HFILL } \ } /* }}} */ @@ -1284,6 +1310,7 @@ ssl_common_dissect_t name = { \ & name .ett.hs_random, \ & name .ett.cipher_suites, \ & name .ett.comp_methods, \ + & name .ett.session_ticket, \ /* }}} */ /* {{{ */ diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index e09cf1428d..3957fd7476 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -147,9 +147,6 @@ static gint hf_ssl_alert_message_description = -1; static gint hf_ssl_handshake_protocol = -1; static gint hf_ssl_handshake_type = -1; static gint hf_ssl_handshake_length = -1; -static gint hf_ssl_handshake_session_ticket_lifetime_hint = -1; -static gint hf_ssl_handshake_session_ticket_len = -1; -static gint hf_ssl_handshake_session_ticket = -1; static gint hf_ssl_handshake_client_cert_vrfy_sig_len = -1; static gint hf_ssl_handshake_client_cert_vrfy_sig = -1; static gint hf_ssl_handshake_cert_status = -1; @@ -214,7 +211,6 @@ static gint ett_ssl_alert = -1; static gint ett_ssl_handshake = -1; static gint ett_ssl_heartbeat = -1; static gint ett_ssl_certs = -1; -static gint ett_ssl_new_ses_ticket = -1; static gint ett_ssl_cli_sig = -1; static gint ett_ssl_cert_status = -1; static gint ett_ssl_ocsp_resp = -1; @@ -463,11 +459,6 @@ static void dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo, const SslSession *session, guint32 record_length, gboolean decrypted); -static void dissect_ssl3_hnd_new_ses_ticket(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length, - SslDecryptSession *ssl); - static void dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint32 length); @@ -1953,7 +1944,9 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_NEWSESSION_TICKET: - dissect_ssl3_hnd_new_ses_ticket(tvb, ssl_hand_tree, offset, length, ssl); + ssl_dissect_hnd_new_ses_ticket(&dissect_ssl3_hf, tvb, + ssl_hand_tree, offset, ssl, + ssl_session_hash); break; case SSL_HND_CERTIFICATE: @@ -2109,46 +2102,6 @@ dissect_ssl3_heartbeat(tvbuff_t *tvb, packet_info *pinfo, } static void -dissect_ssl3_hnd_new_ses_ticket(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length, SslDecryptSession *ssl) -{ - guint nst_len; - proto_tree *subtree; - guint16 session_ticket_length = 0; - - nst_len = tvb_get_ntohs(tvb, offset+4); - if (6 + nst_len != length) { - return; - } - - subtree = proto_tree_add_subtree(tree, tvb, offset, 6+nst_len, ett_ssl_new_ses_ticket, NULL, "TLS Session Ticket"); - - proto_tree_add_item(subtree, hf_ssl_handshake_session_ticket_lifetime_hint, - tvb, offset, 4, ENC_BIG_ENDIAN); - offset += 4; - - - session_ticket_length = tvb_get_ntohs(tvb, offset); - proto_tree_add_uint(subtree, hf_ssl_handshake_session_ticket_len, - tvb, offset, 2, nst_len); - offset += 2; - - /* save the session ticket to cache */ - if(ssl){ - ssl->session_ticket.data = (guchar*)wmem_realloc(wmem_file_scope(), - ssl->session_ticket.data, session_ticket_length); - tvb_memcpy(tvb,ssl->session_ticket.data, offset, session_ticket_length); - ssl->session_ticket.data_len = session_ticket_length; - ssl_save_session_ticket(ssl, ssl_session_hash); - } - - /* Content depends on implementation, so just show data! */ - proto_tree_add_item(subtree, hf_ssl_handshake_session_ticket, - tvb, offset, nst_len, ENC_NA); -} - - -static void dissect_ssl3_hnd_cli_cert_verify(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint32 length) { @@ -3867,21 +3820,6 @@ proto_register_ssl(void) FT_UINT24, BASE_HEX|BASE_EXT_STRING, &ssl_20_cipher_suites_ext, 0x0, "Cipher specification", HFILL } }, - { &hf_ssl_handshake_session_ticket_lifetime_hint, - { "Session Ticket Lifetime Hint", "ssl.handshake.session_ticket_lifetime_hint", - FT_UINT32, BASE_DEC, NULL, 0x0, - "New TLS Session Ticket Lifetime Hint", HFILL } - }, - { &hf_ssl_handshake_session_ticket_len, - { "Session Ticket Length", "ssl.handshake.session_ticket_length", - FT_UINT16, BASE_DEC, NULL, 0x0, - "New TLS Session Ticket Length", HFILL } - }, - { &hf_ssl_handshake_session_ticket, - { "Session Ticket", "ssl.handshake.session_ticket", - FT_BYTES, BASE_NONE, NULL, 0x0, - "New TLS Session Ticket", HFILL } - }, { &hf_ssl_handshake_client_cert_vrfy_sig_len, { "Signature length", "ssl.handshake.client_cert_vrfy.sig_len", FT_UINT16, BASE_DEC, NULL, 0x0, @@ -4160,7 +4098,6 @@ proto_register_ssl(void) &ett_ssl_handshake, &ett_ssl_heartbeat, &ett_ssl_certs, - &ett_ssl_new_ses_ticket, &ett_ssl_cli_sig, &ett_ssl_cert_status, &ett_ssl_ocsp_resp, |