/* packet-dtls.c * Routines for dtls dissection * Copyright (c) 2006, Authesserre Samuel * Copyright (c) 2007, Mikael Magnusson * * $Id$ * * Wireshark - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * * * DTLS dissection and decryption. * See RFC 4347 for details about DTLS specs. * * Notes : * This dissector is based on TLS one (packet-ssl.c) because of the proximity of DTLS and TLS, decryption works like him with RSA key exchange. * It uses the sames things (file, libraries) that SSL one (gnutls, packet-ssl-utils.h) to make it easily maintenable. * * It was developped to dissect and decrypt OpenSSL v 0.9.8f DTLS implementation. * It is limited to this implementation while there is no complete implementation. * * Implemented : * - DTLS dissection * - DTLS decryption (openssl one) * * Todo : * - activate correct Mac calculation when openssl will be corrected * (or if an other implementation works), * corrected code is ready and commented in packet-ssl-utils.h file. * - add missings things (desegmentation, reordering... that aren't present in actual OpenSSL implementation) */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #ifdef HAVE_SYS_TYPES_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_WINSOCK2_H #include #endif #include #include #include #include #include #include #include #include #ifdef NEED_INET_V6DEFS_H #include "wsutil/inet_v6defs.h" #endif #include "packet-ssl-utils.h" /* we need to remember the top tree so that subdissectors we call are created * at the root and not deep down inside the DTLS decode */ static proto_tree *top_tree; /********************************************************************* * * Protocol Constants, Variables, Data Structures * *********************************************************************/ /* Initialize the protocol and registered fields */ static gint dtls_tap = -1; static gint proto_dtls = -1; static gint hf_dtls_record = -1; static gint hf_dtls_record_content_type = -1; static gint hf_dtls_record_version = -1; static gint hf_dtls_record_epoch = -1; static gint hf_dtls_record_sequence_number = -1; static gint hf_dtls_record_length = -1; static gint hf_dtls_record_appdata = -1; static gint hf_dtls_change_cipher_spec = -1; static gint hf_dtls_alert_message = -1; static gint hf_dtls_alert_message_level = -1; static gint hf_dtls_alert_message_description = -1; static gint hf_dtls_handshake_protocol = -1; static gint hf_dtls_handshake_type = -1; static gint hf_dtls_handshake_length = -1; static gint hf_dtls_handshake_message_seq = -1; static gint hf_dtls_handshake_fragment_offset = -1; static gint hf_dtls_handshake_fragment_length = -1; static gint hf_dtls_handshake_client_version = -1; static gint hf_dtls_handshake_server_version = -1; static gint hf_dtls_handshake_random_time = -1; static gint hf_dtls_handshake_random_bytes = -1; static gint hf_dtls_handshake_cookie_len = -1; static gint hf_dtls_handshake_cookie = -1; static gint hf_dtls_handshake_cipher_suites_len = -1; static gint hf_dtls_handshake_cipher_suites = -1; static gint hf_dtls_handshake_cipher_suite = -1; static gint hf_dtls_handshake_session_id = -1; static gint hf_dtls_handshake_comp_methods_len = -1; static gint hf_dtls_handshake_comp_methods = -1; static gint hf_dtls_handshake_comp_method = -1; static gint hf_dtls_handshake_extensions_len = -1; static gint hf_dtls_handshake_extension_type = -1; static gint hf_dtls_handshake_extension_len = -1; static gint hf_dtls_handshake_extension_data = -1; static gint hf_dtls_handshake_certificates_len = -1; static gint hf_dtls_handshake_certificates = -1; static gint hf_dtls_handshake_certificate = -1; static gint hf_dtls_handshake_certificate_len = -1; static gint hf_dtls_handshake_cert_types_count = -1; static gint hf_dtls_handshake_cert_types = -1; static gint hf_dtls_handshake_cert_type = -1; static gint hf_dtls_handshake_finished = -1; static gint hf_dtls_handshake_md5_hash = -1; static gint hf_dtls_handshake_sha_hash = -1; static gint hf_dtls_handshake_session_id_len = -1; static gint hf_dtls_handshake_dnames_len = -1; static gint hf_dtls_handshake_dnames = -1; static gint hf_dtls_handshake_dname_len = -1; static gint hf_dtls_handshake_dname = -1; static gint hf_dtls_fragments = -1; static gint hf_dtls_fragment = -1; static gint hf_dtls_fragment_overlap = -1; static gint hf_dtls_fragment_overlap_conflicts = -1; static gint hf_dtls_fragment_multiple_tails = -1; static gint hf_dtls_fragment_too_long_fragment = -1; static gint hf_dtls_fragment_error = -1; static gint hf_dtls_reassembled_in = -1; static gint hf_dtls_reassembled_length = -1; /* Initialize the subtree pointers */ static gint ett_dtls = -1; static gint ett_dtls_record = -1; static gint ett_dtls_alert = -1; static gint ett_dtls_handshake = -1; static gint ett_dtls_cipher_suites = -1; static gint ett_dtls_comp_methods = -1; static gint ett_dtls_extension = -1; static gint ett_dtls_certs = -1; static gint ett_dtls_cert_types = -1; static gint ett_dtls_dnames = -1; static gint ett_dtls_fragment = -1; static gint ett_dtls_fragments = -1; static GHashTable *dtls_session_hash = NULL; static GHashTable *dtls_key_hash = NULL; static GHashTable *dtls_fragment_table = NULL; static GTree* dtls_associations = NULL; static dissector_handle_t dtls_handle = NULL; static StringInfo dtls_compressed_data = {NULL, 0}; static StringInfo dtls_decrypted_data = {NULL, 0}; static gint dtls_decrypted_data_avail = 0; static gchar* dtls_keys_list = NULL; #ifdef HAVE_LIBGNUTLS static gchar* dtls_debug_file_name = NULL; #endif static const fragment_items dtls_frag_items = { /* Fragment subtrees */ &ett_dtls_fragment, &ett_dtls_fragments, /* Fragment fields */ &hf_dtls_fragments, &hf_dtls_fragment, &hf_dtls_fragment_overlap, &hf_dtls_fragment_overlap_conflicts, &hf_dtls_fragment_multiple_tails, &hf_dtls_fragment_too_long_fragment, &hf_dtls_fragment_error, /* Reassembled in field */ &hf_dtls_reassembled_in, /* Reassembled length field */ &hf_dtls_reassembled_length, /* Tag */ "Message fragments" }; /* initialize/reset per capture state data (dtls sessions cache) */ static void dtls_init(void) { ssl_common_init(&dtls_session_hash, &dtls_decrypted_data, &dtls_compressed_data); fragment_table_init (&dtls_fragment_table); } /* parse dtls related preferences (private keys and ports association strings) */ static void dtls_parse(void) { ep_stack_t tmp_stack; SslAssociation *tmp_assoc; if (dtls_key_hash) { g_hash_table_foreach(dtls_key_hash, ssl_private_key_free, NULL); g_hash_table_destroy(dtls_key_hash); } /* remove only associations created from key list */ tmp_stack = ep_stack_new(); g_tree_foreach(dtls_associations, ssl_assoc_from_key_list, tmp_stack); while ((tmp_assoc = ep_stack_pop(tmp_stack)) != NULL) { ssl_association_remove(dtls_associations, tmp_assoc); } /* parse private keys string, load available keys and put them in key hash*/ dtls_key_hash = g_hash_table_new(ssl_private_key_hash, ssl_private_key_equal); if (dtls_keys_list && (dtls_keys_list[0] != 0)) { ssl_parse_key_list(dtls_keys_list,dtls_key_hash,dtls_associations,dtls_handle,FALSE); } ssl_set_debug(dtls_debug_file_name); dissector_add_handle("sctp.port", dtls_handle); dissector_add_handle("udp.port", dtls_handle); } /* * DTLS Dissection Routines * */ /* record layer dissector */ static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint *conv_version, SslDecryptSession *conv_data); /* change cipher spec dissector */ static void dissect_dtls_change_cipher_spec(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint *conv_version, guint8 content_type); /* alert message dissector */ static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint *conv_version); /* handshake protocol dissector */ static void dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint32 record_length, guint *conv_version, SslDecryptSession *conv_data, guint8 content_type); static void dissect_dtls_hnd_cli_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl); static void dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree, guint32 offset, SslDecryptSession* ssl); static void dissect_dtls_hnd_srv_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl); static void dissect_dtls_hnd_cert(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo); static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb, proto_tree *tree, guint32 offset); static void dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint* conv_version); /* * Support Functions * */ /*static void ssl_set_conv_version(packet_info *pinfo, guint version);*/ static gint dtls_is_valid_handshake_type(guint8 type); static gint dtls_is_authoritative_version_message(guint8 content_type, guint8 next_byte); static gint looks_like_dtls(tvbuff_t *tvb, guint32 offset); /********************************************************************* * * Main dissector * *********************************************************************/ /* * Code to actually dissect the packets */ static void dissect_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { conversation_t *conversation; void *conv_data; proto_item *ti; proto_tree *dtls_tree; guint32 offset; gboolean first_record_in_frame; SslDecryptSession* ssl_session; guint* conv_version; ti = NULL; dtls_tree = NULL; offset = 0; first_record_in_frame = TRUE; ssl_session = NULL; top_tree=tree; /* Track the version using conversations allows * us to more frequently set the protocol column properly * for continuation data frames. * * Also: We use the copy in conv_version as our cached copy, * so that we don't have to search the conversation * table every time we want the version; when setting * the conv_version, must set the copy in the conversation * in addition to conv_version */ conversation = find_or_create_conversation(pinfo); conv_data = conversation_get_proto_data(conversation, proto_dtls); /* manage dtls decryption data */ /*get a valid ssl session pointer*/ if (conv_data != NULL) ssl_session = conv_data; else { SslService dummy; ssl_session = se_alloc0(sizeof(SslDecryptSession)); ssl_session_init(ssl_session); ssl_session->version = SSL_VER_UNKNOWN; conversation_add_proto_data(conversation, proto_dtls, ssl_session); /* we need to know witch side of conversation is speaking */ if (ssl_packet_from_server(ssl_session, dtls_associations, pinfo)) { dummy.addr = pinfo->src; dummy.port = pinfo->srcport; } else { dummy.addr = pinfo->dst; dummy.port = pinfo->destport; } ssl_debug_printf("dissect_dtls server %s:%d\n", ep_address_to_str(&dummy.addr),dummy.port); /* try to retrive private key for this service. Do it now 'cause pinfo * is not always available * Note that with HAVE_LIBGNUTLS undefined private_key is allways 0 * and thus decryption never engaged*/ ssl_session->private_key = g_hash_table_lookup(dtls_key_hash, &dummy); if (!ssl_session->private_key) ssl_debug_printf("dissect_dtls can't find private key for this server!\n"); } conv_version= & ssl_session->version; /* try decryption only the first time we see this packet * (to keep cipher synchronized)and only if we have * the server private key*/ if (!ssl_session->private_key || pinfo->fd->flags.visited) ssl_session = NULL; /* Initialize the protocol column; we'll set it later when we * figure out what flavor of DTLS it is (actually only one version exists). */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS"); /* clear the the info column */ col_clear(pinfo->cinfo, COL_INFO); /* Create display subtree for SSL as a whole */ if (tree) { ti = proto_tree_add_item(tree, proto_dtls, tvb, 0, -1, FALSE); dtls_tree = proto_item_add_subtree(ti, ett_dtls); } /* iterate through the records in this tvbuff */ while (tvb_reported_length_remaining(tvb, offset) != 0) { /* on second and subsequent records per frame * add a delimiter on info column */ if (!first_record_in_frame) { col_append_str(pinfo->cinfo, COL_INFO, ", "); } /* first try to dispatch off the cached version * known to be associated with the conversation */ switch(*conv_version) { case SSL_VER_DTLS: offset = dissect_dtls_record(tvb, pinfo, dtls_tree, offset, conv_version, ssl_session); break; /* that failed, so apply some heuristics based * on this individual packet */ default: if (looks_like_dtls(tvb, offset)) { /* looks like dtls */ offset = dissect_dtls_record(tvb, pinfo, dtls_tree, offset, conv_version, ssl_session); } else { /* looks like something unknown, so lump into * continuation data */ offset = tvb_length(tvb); col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data"); /* Set the protocol column */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS"); } break; } /* set up for next record in frame, if any */ first_record_in_frame = FALSE; } tap_queue_packet(dtls_tap, pinfo, NULL); } static gint decrypt_dtls_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, guint32 record_length, guint8 content_type, SslDecryptSession* ssl, gboolean save_plaintext) { gint ret; gint direction; SslDecoder* decoder; ret = 0; /* if we can decrypt and decryption have success * add decrypted data to this packet info */ ssl_debug_printf("decrypt_dtls_record: app_data len %d, ssl state %X\n", record_length, ssl->state); if (!(ssl->state & SSL_HAVE_SESSION_KEY)) { ssl_debug_printf("decrypt_dtls_record: no session key\n"); return ret; } /* retrive decoder for this packet direction */ if ((direction = ssl_packet_from_server(ssl, dtls_associations, pinfo)) != 0) { ssl_debug_printf("decrypt_dtls_record: using server decoder\n"); decoder = ssl->server; } else { ssl_debug_printf("decrypt_dtls_record: using client decoder\n"); decoder = ssl->client; } /* ensure we have enough storage space for decrypted data */ if (record_length > dtls_decrypted_data.data_len) { ssl_debug_printf("decrypt_dtls_record: allocating %d bytes" " for decrypt data (old len %d)\n", record_length + 32, dtls_decrypted_data.data_len); dtls_decrypted_data.data = g_realloc(dtls_decrypted_data.data, record_length + 32); dtls_decrypted_data.data_len = record_length + 32; } /* run decryption and add decrypted payload to protocol data, if decryption * is successful*/ dtls_decrypted_data_avail = dtls_decrypted_data.data_len; if (ssl_decrypt_record(ssl, decoder, content_type, tvb_get_ptr(tvb, offset, record_length), record_length, &dtls_compressed_data, &dtls_decrypted_data, &dtls_decrypted_data_avail) == 0) ret = 1; if (ret && save_plaintext) { ssl_add_data_info(proto_dtls, pinfo, dtls_decrypted_data.data, dtls_decrypted_data_avail, TVB_RAW_OFFSET(tvb)+offset, 0); } return ret; } /********************************************************************* * * DTLS Dissection Routines * *********************************************************************/ static gint dissect_dtls_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint *conv_version, SslDecryptSession* ssl) { /* * struct { * uint8 major, minor; * } ProtocolVersion; * * * enum { * change_cipher_spec(20), alert(21), handshake(22), * application_data(23), (255) * } ContentType; * * struct { * ContentType type; * ProtocolVersion version; * uint16 epoch; // New field * uint48 sequence_number; // New field * uint16 length; * opaque fragment[TLSPlaintext.length]; * } DTLSPlaintext; */ guint32 record_length; guint16 version; guint16 epoch; gdouble sequence_number; gint64 sequence_number_temp; guint8 content_type; guint8 next_byte; proto_tree *ti; proto_tree *dtls_record_tree; guint32 available_bytes; SslAssociation* association; SslDataInfo *appl_data; ti = NULL; dtls_record_tree = NULL; available_bytes = tvb_length_remaining(tvb, offset); /* * Get the record layer fields of interest */ content_type = tvb_get_guint8(tvb, offset); version = tvb_get_ntohs(tvb, offset + 1); epoch = tvb_get_ntohs(tvb, offset + 3); sequence_number = tvb_get_ntohl(tvb, offset + 7); sequence_number_temp=tvb_get_ntohs(tvb, offset + 5); sequence_number_temp=sequence_number_temp<<32; sequence_number+=sequence_number_temp; record_length = tvb_get_ntohs(tvb, offset + 11); if(ssl){ if(ssl_packet_from_server(ssl, dtls_associations, pinfo)){ if (ssl->server) { ssl->server->seq=(guint32)sequence_number; ssl->server->epoch=epoch; } } else{ if (ssl->client) { ssl->client->seq=(guint32)sequence_number; ssl->client->epoch=epoch; } } } if (!ssl_is_valid_content_type(content_type)) { /* if we don't have a valid content_type, there's no sense * continuing any further */ col_append_str(pinfo->cinfo, COL_INFO, "Continuation Data"); /* Set the protocol column */ col_set_str(pinfo->cinfo, COL_PROTOCOL, "DTLS"); return offset + 13 + record_length; } /* * If GUI, fill in record layer part of tree */ if (tree) { /* add the record layer subtree header */ tvb_ensure_bytes_exist(tvb, offset, 13 + record_length); ti = proto_tree_add_item(tree, hf_dtls_record, tvb, offset, 13 + record_length, 0); dtls_record_tree = proto_item_add_subtree(ti, ett_dtls_record); } if (dtls_record_tree) { /* show the one-byte content type */ proto_tree_add_item(dtls_record_tree, hf_dtls_record_content_type, tvb, offset, 1, FALSE); offset++; /* add the version */ proto_tree_add_item(dtls_record_tree, hf_dtls_record_version, tvb, offset, 2, FALSE); offset += 2; /* show epoch */ proto_tree_add_uint(dtls_record_tree, hf_dtls_record_epoch, tvb, offset, 2, epoch); offset += 2; /* add sequence_number */ proto_tree_add_double(dtls_record_tree, hf_dtls_record_sequence_number, tvb, offset, 6, sequence_number); offset += 6; /* add the length */ proto_tree_add_uint(dtls_record_tree, hf_dtls_record_length, tvb, offset, 2, record_length); offset += 2; /* move past length field itself */ } else { /* if no GUI tree, then just skip over those fields */ offset += 13; } /* * if we don't already have a version set for this conversation, * but this message's version is authoritative (i.e., it's * not client_hello, then save the version to to conversation * structure and print the column version */ next_byte = tvb_get_guint8(tvb, offset); if (*conv_version == SSL_VER_UNKNOWN && dtls_is_authoritative_version_message(content_type, next_byte)) { if (version == DTLSV1DOT0_VERSION || version == DTLSV1DOT0_VERSION_NOT) { *conv_version = SSL_VER_DTLS; if (ssl) { ssl->version_netorder = version; ssl->state |= SSL_VERSION; } /*ssl_set_conv_version(pinfo, ssl->version);*/ } } if (check_col(pinfo->cinfo, COL_PROTOCOL)) { if (version == DTLSV1DOT0_VERSION) { col_set_str(pinfo->cinfo, COL_PROTOCOL, val_to_str_const(SSL_VER_DTLS, ssl_version_short_names, "SSL")); } else { col_set_str(pinfo->cinfo, COL_PROTOCOL,"DTLS"); } } /* * now dissect the next layer */ ssl_debug_printf("dissect_dtls_record: content_type %d\n",content_type); /* PAOLO try to decrypt each record (we must keep ciphers "in sync") * store plain text only for app data */ switch (content_type) { case SSL_ID_CHG_CIPHER_SPEC: col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec"); dissect_dtls_change_cipher_spec(tvb, dtls_record_tree, offset, conv_version, content_type); break; case SSL_ID_ALERT: { tvbuff_t* decrypted; decrypted = 0; if (ssl&&decrypt_dtls_record(tvb, pinfo, offset, record_length, content_type, ssl, FALSE)) ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data, dtls_decrypted_data_avail, offset); /* try to retrive and use decrypted alert record, if any. */ decrypted = ssl_get_record_info(proto_dtls, pinfo, offset); if (decrypted) dissect_dtls_alert(decrypted, pinfo, dtls_record_tree, 0, conv_version); else dissect_dtls_alert(tvb, pinfo, dtls_record_tree, offset, conv_version); break; } case SSL_ID_HANDSHAKE: { tvbuff_t* decrypted; decrypted = 0; /* try to decrypt handshake record, if possible. Store decrypted * record for later usage. The offset is used as 'key' to itentify * this record into the packet (we can have multiple handshake records * in the same frame) */ if (ssl && decrypt_dtls_record(tvb, pinfo, offset, record_length, content_type, ssl, FALSE)) ssl_add_record_info(proto_dtls, pinfo, dtls_decrypted_data.data, dtls_decrypted_data_avail, offset); /* try to retrive and use decrypted handshake record, if any. */ decrypted = ssl_get_record_info(proto_dtls, pinfo, offset); if (decrypted) dissect_dtls_handshake(decrypted, pinfo, dtls_record_tree, 0, decrypted->length, conv_version, ssl, content_type); else dissect_dtls_handshake(tvb, pinfo, dtls_record_tree, offset, record_length, conv_version, ssl, content_type); break; } case SSL_ID_APP_DATA: if (ssl) decrypt_dtls_record(tvb, pinfo, offset, record_length, content_type, ssl, TRUE); /* show on info colum what we are decoding */ col_append_str(pinfo->cinfo, COL_INFO, "Application Data"); if (!dtls_record_tree) break; /* we need dissector information when the selected packet is shown. * ssl session pointer is NULL at that time, so we can't access * info cached there*/ association = ssl_association_find(dtls_associations, pinfo->srcport, pinfo->ptype == PT_TCP); association = association ? association: ssl_association_find(dtls_associations, pinfo->destport, pinfo->ptype == PT_TCP); proto_item_set_text(dtls_record_tree, "%s Record Layer: %s Protocol: %s", val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), val_to_str(content_type, ssl_31_content_type, "unknown"), association?association->info:"Application Data"); proto_tree_add_item(dtls_record_tree, hf_dtls_record_appdata, tvb, offset, record_length, 0); /* show decrypted data info, if available */ appl_data = ssl_get_data_info(proto_dtls, pinfo, TVB_RAW_OFFSET(tvb)+offset); if (appl_data && (appl_data->plain_data.data_len > 0)) { tvbuff_t *next_tvb; /* try to dissect decrypted data*/ ssl_debug_printf("dissect_dtls_record decrypted len %d\n", appl_data->plain_data.data_len); /* create a new TVB structure for desegmented data */ next_tvb = tvb_new_child_real_data(tvb, appl_data->plain_data.data, appl_data->plain_data.data_len, appl_data->plain_data.data_len); add_new_data_source(pinfo, next_tvb, "Decrypted DTLS data"); /* find out a dissector using server port*/ if (association && association->handle) { ssl_debug_printf("dissect_dtls_record found association %p\n", (void *)association); ssl_print_text_data("decrypted app data",appl_data->plain_data.data, appl_data->plain_data.data_len); call_dissector(association->handle, next_tvb, pinfo, top_tree); } } break; default: /* shouldn't get here since we check above for valid types */ col_append_str(pinfo->cinfo, COL_INFO, "Bad DTLS Content Type"); break; } offset += record_length; /* skip to end of record */ return offset; } /* dissects the change cipher spec procotol, filling in the tree */ static void dissect_dtls_change_cipher_spec(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint* conv_version, guint8 content_type) { /* * struct { * enum { change_cipher_spec(1), (255) } type; * } ChangeCipherSpec; * */ if (tree) { proto_item_set_text(tree, "%s Record Layer: %s Protocol: Change Cipher Spec", val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), val_to_str(content_type, ssl_31_content_type, "unknown")); proto_tree_add_item(tree, hf_dtls_change_cipher_spec, tvb, offset++, 1, FALSE); } } /* dissects the alert message, filling in the tree */ static void dissect_dtls_alert(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint* conv_version) { /* struct { * AlertLevel level; * AlertDescription description; * } Alert; */ proto_tree *ti; proto_tree *ssl_alert_tree; const gchar *level; const gchar *desc; guint8 byte; ssl_alert_tree = NULL; if (tree) { ti = proto_tree_add_item(tree, hf_dtls_alert_message, tvb, offset, 2, 0); ssl_alert_tree = proto_item_add_subtree(ti, ett_dtls_alert); } /* * set the record layer label */ /* first lookup the names for the alert level and description */ byte = tvb_get_guint8(tvb, offset); /* grab the level byte */ level = match_strval(byte, ssl_31_alert_level); byte = tvb_get_guint8(tvb, offset+1); /* grab the desc byte */ desc = match_strval(byte, ssl_31_alert_description); /* now set the text in the record layer line */ if (level && desc) { if (check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, "Alert (Level: %s, Description: %s)", level, desc); } else { col_append_str(pinfo->cinfo, COL_INFO, "Encrypted Alert"); } if (tree) { if (level && desc) { proto_item_set_text(tree, "%s Record Layer: Alert " "(Level: %s, Description: %s)", val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), level, desc); proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_level, tvb, offset++, 1, FALSE); proto_tree_add_item(ssl_alert_tree, hf_dtls_alert_message_description, tvb, offset++, 1, FALSE); } else { proto_item_set_text(tree, "%s Record Layer: Encrypted Alert", val_to_str_const(*conv_version, ssl_version_short_names, "SSL")); proto_item_set_text(ssl_alert_tree, "Alert Message: Encrypted Alert"); } } } /* dissects the handshake protocol, filling the tree */ static void dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint32 record_length, guint *conv_version, SslDecryptSession* ssl, guint8 content_type) { /* struct { * HandshakeType msg_type; * uint24 length; * uint16 message_seq; //new field * uint24 fragment_offset; //new field * uint24 fragment_length; //new field * select (HandshakeType) { * case hello_request: HelloRequest; * case client_hello: ClientHello; * case server_hello: ServerHello; * case hello_verify_request: HelloVerifyRequest; //new field * case certificate: Certificate; * case server_key_exchange: ServerKeyExchange; * case certificate_request: CertificateRequest; * case server_hello_done: ServerHelloDone; * case certificate_verify: CertificateVerify; * case client_key_exchange: ClientKeyExchange; * case finished: Finished; * } body; * } Handshake; */ proto_tree *ti; proto_tree *ssl_hand_tree; const gchar *msg_type_str; guint8 msg_type; guint32 length; guint16 message_seq; guint32 fragment_offset; guint32 fragment_length; gboolean first_iteration; ti = NULL; ssl_hand_tree = NULL; msg_type_str = NULL; first_iteration = TRUE; /* just as there can be multiple records per packet, there * can be multiple messages per record as long as they have * the same content type * * we really only care about this for handshake messages */ /* set record_length to the max offset */ record_length += offset; for (; offset < record_length; offset += fragment_length, first_iteration = FALSE) /* set up for next pass, if any */ { fragment_data *frag_msg = NULL; tvbuff_t *new_tvb = NULL; const gchar *frag_str = NULL; gboolean fragmented; msg_type = tvb_get_guint8(tvb, offset); msg_type_str = match_strval(msg_type, ssl_31_handshake_type); length = tvb_get_ntoh24(tvb, offset + 1); message_seq = tvb_get_ntohs(tvb,offset + 4); fragment_offset = tvb_get_ntoh24(tvb, offset + 6); fragment_length = tvb_get_ntoh24(tvb, offset + 9); fragmented = fragment_length != length; if (!msg_type_str && !first_iteration) { /* only dissect / report messages if they're * either the first message in this record * or they're a valid message type */ return; } /* on second and later iterations, add comma to info col */ if (!first_iteration) { col_append_str(pinfo->cinfo, COL_INFO, ", "); } /* * Update our info string */ if (check_col(pinfo->cinfo, COL_INFO)) col_append_str(pinfo->cinfo, COL_INFO, (msg_type_str != NULL) ? msg_type_str : "Encrypted Handshake Message"); /* Handle fragments of known message type */ if (fragmented) { gboolean frag_hand; switch (msg_type) { case SSL_HND_HELLO_REQUEST: case SSL_HND_CLIENT_HELLO: case SSL_HND_HELLO_VERIFY_REQUEST: case SSL_HND_SERVER_HELLO: case SSL_HND_CERTIFICATE: case SSL_HND_SERVER_KEY_EXCHG: case SSL_HND_CERT_REQUEST: case SSL_HND_SVR_HELLO_DONE: case SSL_HND_CERT_VERIFY: case SSL_HND_CLIENT_KEY_EXCHG: case SSL_HND_FINISHED: frag_hand = TRUE; break; default: /* Ignore encrypted handshake messages */ frag_hand = FALSE; break; } if (frag_hand) { /* Fragmented handshake message */ pinfo->fragmented = TRUE; /* Don't pass the reassembly code data that doesn't exist */ tvb_ensure_bytes_exist(tvb, fragment_offset, fragment_length); frag_msg = fragment_add(tvb, offset+12, pinfo, message_seq, dtls_fragment_table, fragment_offset, fragment_length, TRUE); fragment_set_tot_len(pinfo, message_seq, dtls_fragment_table, length); if (frag_msg && (fragment_length + fragment_offset) == length) { /* Reassembled */ new_tvb = process_reassembled_data(tvb, offset+12, pinfo, "Reassembled DTLS", frag_msg, &dtls_frag_items, NULL, tree); frag_str = " (Reassembled)"; } else { frag_str = " (Fragment)"; } if (check_col(pinfo->cinfo, COL_INFO)) col_append_str(pinfo->cinfo, COL_INFO, frag_str); } } if (tree) { /* set the label text on the record layer expanding node */ if (first_iteration) { proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s", val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), val_to_str(content_type, ssl_31_content_type, "unknown"), (msg_type_str!=NULL) ? msg_type_str : "Encrypted Handshake Message", (frag_str!=NULL) ? frag_str : ""); } else { proto_item_set_text(tree, "%s Record Layer: %s Protocol: %s%s", val_to_str_const(*conv_version, ssl_version_short_names, "SSL"), val_to_str(content_type, ssl_31_content_type, "unknown"), "Multiple Handshake Messages", (frag_str!=NULL) ? frag_str : ""); } /* add a subtree for the handshake protocol */ ti = proto_tree_add_item(tree, hf_dtls_handshake_protocol, tvb, offset, fragment_length + 12, 0); ssl_hand_tree = proto_item_add_subtree(ti, ett_dtls_handshake); if (ssl_hand_tree) { /* set the text label on the subtree node */ proto_item_set_text(ssl_hand_tree, "Handshake Protocol: %s%s", (msg_type_str != NULL) ? msg_type_str : "Encrypted Handshake Message", (frag_str!=NULL) ? frag_str : ""); } } /* if we don't have a valid handshake type, just quit dissecting */ if (!msg_type_str) return; /* if we are doing ssl decryption we must dissect some requests type */ if (ssl_hand_tree || ssl) { tvbuff_t *sub_tvb = NULL; /* add nodes for the message type and message length */ if (ssl_hand_tree) proto_tree_add_item(ssl_hand_tree, hf_dtls_handshake_type, tvb, offset, 1, msg_type); offset++; if (ssl_hand_tree) proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_length, tvb, offset, 3, length); offset += 3; if (ssl_hand_tree) proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_message_seq, tvb, offset, 2, message_seq); offset += 2; if (ssl_hand_tree) proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_fragment_offset, tvb, offset, 3, fragment_offset); offset += 3; if (ssl_hand_tree) proto_tree_add_uint(ssl_hand_tree, hf_dtls_handshake_fragment_length, tvb, offset, 3, fragment_length); offset += 3; if (fragmented && !new_tvb) { /* Skip fragmented messages not reassembled yet */ continue; } if (new_tvb) { sub_tvb = new_tvb; } else { sub_tvb = tvb_new_subset(tvb, offset, fragment_length, fragment_length); } /* now dissect the handshake message, if necessary */ switch (msg_type) { case SSL_HND_HELLO_REQUEST: /* hello_request has no fields, so nothing to do! */ break; case SSL_HND_CLIENT_HELLO: dissect_dtls_hnd_cli_hello(sub_tvb, ssl_hand_tree, 0, length, ssl); break; case SSL_HND_HELLO_VERIFY_REQUEST: dissect_dtls_hnd_hello_verify_request(sub_tvb, ssl_hand_tree, 0, ssl); break; case SSL_HND_SERVER_HELLO: dissect_dtls_hnd_srv_hello(sub_tvb, ssl_hand_tree, 0, length, ssl); break; case SSL_HND_CERTIFICATE: dissect_dtls_hnd_cert(sub_tvb, ssl_hand_tree, 0, pinfo); break; case SSL_HND_SERVER_KEY_EXCHG: /* unimplemented */ break; case SSL_HND_CERT_REQUEST: dissect_dtls_hnd_cert_req(sub_tvb, ssl_hand_tree, 0); break; case SSL_HND_SVR_HELLO_DONE: /* server_hello_done has no fields, so nothing to do! */ break; case SSL_HND_CERT_VERIFY: /* unimplemented */ break; case SSL_HND_CLIENT_KEY_EXCHG: { /* here we can have all the data to build session key */ StringInfo encrypted_pre_master; gint ret; guint encrlen = length, skip; skip = 0; if (!ssl) break; /* check for required session data */ ssl_debug_printf("dissect_dtls_handshake found SSL_HND_CLIENT_KEY_EXCHG, state %X\n", ssl->state); if ((ssl->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) != (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)) { ssl_debug_printf("dissect_dtls_handshake not enough data to generate key (required state %X)\n", (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION)); break; } encrypted_pre_master.data = se_alloc(encrlen); encrypted_pre_master.data_len = encrlen; tvb_memcpy(tvb, encrypted_pre_master.data, offset+skip, encrlen); if (!ssl->private_key) { ssl_debug_printf("dissect_dtls_handshake can't find private key\n"); break; } /* go with ssl key processessing; encrypted_pre_master * will be used for master secret store*/ ret = ssl_decrypt_pre_master_secret(ssl, &encrypted_pre_master, ssl->private_key); if (ret < 0) { ssl_debug_printf("dissect_dtls_handshake can't decrypt pre master secret\n"); break; } if (ssl_generate_keyring_material(ssl)<0) { ssl_debug_printf("dissect_dtls_handshake can't generate keyring material\n"); break; } ssl->state |= SSL_HAVE_SESSION_KEY; ssl_save_session(ssl, dtls_session_hash); ssl_debug_printf("dissect_dtls_handshake session keys successfully generated\n"); } break; case SSL_HND_FINISHED: dissect_dtls_hnd_finished(sub_tvb, ssl_hand_tree, 0, conv_version); break; } } else{ offset += 12; /* skip the handshake header when handshake is not processed*/ } } } static gint dissect_dtls_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree, guint32 offset, SslDecryptSession* ssl, gint from_server) { /* show the client's random challenge */ nstime_t gmt_unix_time; guint8 session_id_length; session_id_length = 0; if (ssl) { /* get proper peer information*/ StringInfo* rnd; if (from_server) rnd = &ssl->server_random; else rnd = &ssl->client_random; /* get provided random for keyring generation*/ tvb_memcpy(tvb, rnd->data, offset, 32); rnd->data_len = 32; if (from_server) ssl->state |= SSL_SERVER_RANDOM; else ssl->state |= SSL_CLIENT_RANDOM; ssl_debug_printf("dissect_dtls_hnd_hello_common found random state %X\n", ssl->state); session_id_length = tvb_get_guint8(tvb, offset + 32); /* check stored session id info */ if (from_server && (session_id_length == ssl->session_id.data_len) && (tvb_memeql(tvb, offset+33, ssl->session_id.data, session_id_length) == 0)) { /* clinet/server id match: try to restore a previous cached session*/ ssl_restore_session(ssl, dtls_session_hash); } else { tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length); ssl->session_id.data_len = session_id_length; } } if (tree) { /* show the time */ gmt_unix_time.secs = tvb_get_ntohl(tvb, offset); gmt_unix_time.nsecs = 0; proto_tree_add_time(tree, hf_dtls_handshake_random_time, tvb, offset, 4, &gmt_unix_time); offset += 4; /* show the random bytes */ proto_tree_add_item(tree, hf_dtls_handshake_random_bytes, tvb, offset, 28, 0); offset += 28; /* show the session id */ session_id_length = tvb_get_guint8(tvb, offset); proto_tree_add_item(tree, hf_dtls_handshake_session_id_len, tvb, offset++, 1, 0); if (session_id_length > 0) { proto_tree_add_bytes_format(tree, hf_dtls_handshake_session_id, tvb, offset, session_id_length, tvb_get_ptr(tvb, offset, session_id_length), "Session ID (%u byte%s)", session_id_length, plurality(session_id_length, "", "s")); offset += session_id_length; } } /* XXXX */ return session_id_length+33; } static gint dissect_dtls_hnd_hello_ext(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint32 left) { guint16 extension_length; guint16 ext_type; guint16 ext_len; proto_item *pi; proto_tree *ext_tree; if (left < 2) return offset; extension_length = tvb_get_ntohs(tvb, offset); proto_tree_add_uint(tree, hf_dtls_handshake_extensions_len, tvb, offset, 2, extension_length); offset += 2; left -= 2; while (left >= 4) { ext_type = tvb_get_ntohs(tvb, offset); ext_len = tvb_get_ntohs(tvb, offset + 2); pi = proto_tree_add_text(tree, tvb, offset, 4 + ext_len, "Extension: %s", val_to_str(ext_type, tls_hello_extension_types, "Unknown %u")); ext_tree = proto_item_add_subtree(pi, ett_dtls_extension); if (!ext_tree) ext_tree = tree; proto_tree_add_uint(ext_tree, hf_dtls_handshake_extension_type, tvb, offset, 2, ext_type); offset += 2; proto_tree_add_uint(ext_tree, hf_dtls_handshake_extension_len, tvb, offset, 2, ext_len); offset += 2; proto_tree_add_bytes_format(ext_tree, hf_dtls_handshake_extension_data, tvb, offset, ext_len, tvb_get_ptr(tvb, offset, ext_len), "Data (%u byte%s)", ext_len, plurality(ext_len, "", "s")); offset += ext_len; left -= 2 + 2 + ext_len; } return offset; } static void dissect_dtls_hnd_cli_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession*ssl) { /* struct { * ProtocolVersion client_version; * Random random; * SessionID session_id; * opaque cookie<0..32>; //new field * CipherSuite cipher_suites<2..2^16-1>; * CompressionMethod compression_methods<1..2^8-1>; * Extension client_hello_extension_list<0..2^16-1>; * } ClientHello; * */ proto_tree *ti; proto_tree *cs_tree; guint16 cipher_suite_length; guint8 compression_methods_length; guint8 compression_method; guint16 start_offset = offset; guint8 cookie_length; cipher_suite_length = 0; compression_methods_length = 0; cookie_length = 0; if (tree || ssl) { /* show the client version */ if (tree) proto_tree_add_item(tree, hf_dtls_handshake_client_version, tvb, offset, 2, FALSE); offset += 2; /* show the fields in common with server hello */ offset += dissect_dtls_hnd_hello_common(tvb, tree, offset, ssl, 0); /* look for a cookie */ cookie_length = tvb_get_guint8(tvb, offset); if (!tree) return; proto_tree_add_uint(tree, hf_dtls_handshake_cookie_len, tvb, offset, 1, cookie_length); offset ++; /* skip opaque length */ if (cookie_length > 0) { proto_tree_add_bytes_format(tree, hf_dtls_handshake_cookie, tvb, offset, cookie_length, tvb_get_ptr(tvb, offset, cookie_length), "Cookie (%u byte%s)", cookie_length, plurality(cookie_length, "", "s")); offset += cookie_length; } /* tell the user how many cipher suites there are */ cipher_suite_length = tvb_get_ntohs(tvb, offset); proto_tree_add_uint(tree, hf_dtls_handshake_cipher_suites_len, tvb, offset, 2, cipher_suite_length); offset += 2; /* skip opaque length */ if (cipher_suite_length > 0) { tvb_ensure_bytes_exist(tvb, offset, cipher_suite_length); ti = proto_tree_add_none_format(tree, hf_dtls_handshake_cipher_suites, tvb, offset, cipher_suite_length, "Cipher Suites (%u suite%s)", cipher_suite_length / 2, plurality(cipher_suite_length/2, "", "s")); /* make this a subtree */ cs_tree = proto_item_add_subtree(ti, ett_dtls_cipher_suites); if (!cs_tree) { cs_tree = tree; /* failsafe */ } while (cipher_suite_length > 0) { proto_tree_add_item(cs_tree, hf_dtls_handshake_cipher_suite, tvb, offset, 2, FALSE); offset += 2; cipher_suite_length -= 2; } } /* tell the user how man compression methods there are */ compression_methods_length = tvb_get_guint8(tvb, offset); proto_tree_add_uint(tree, hf_dtls_handshake_comp_methods_len, tvb, offset, 1, compression_methods_length); offset++; if (compression_methods_length > 0) { tvb_ensure_bytes_exist(tvb, offset, compression_methods_length); ti = proto_tree_add_none_format(tree, hf_dtls_handshake_comp_methods, tvb, offset, compression_methods_length, "Compression Methods (%u method%s)", compression_methods_length, plurality(compression_methods_length, "", "s")); /* make this a subtree */ cs_tree = proto_item_add_subtree(ti, ett_dtls_comp_methods); if (!cs_tree) { cs_tree = tree; /* failsafe */ } while (compression_methods_length > 0) { compression_method = tvb_get_guint8(tvb, offset); if (compression_method < 64) proto_tree_add_uint(cs_tree, hf_dtls_handshake_comp_method, tvb, offset, 1, compression_method); else if (compression_method > 63 && compression_method < 193) proto_tree_add_text(cs_tree, tvb, offset, 1, "Compression Method: Reserved - to be assigned by IANA (%u)", compression_method); else proto_tree_add_text(cs_tree, tvb, offset, 1, "Compression Method: Private use range (%u)", compression_method); offset++; compression_methods_length--; } } if (length > offset - start_offset) { offset = dissect_dtls_hnd_hello_ext(tvb, tree, offset, length - (offset - start_offset)); } } } static void dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree, guint32 offset, SslDecryptSession* ssl) { /* * struct { * ProtocolVersion server_version; * opaque cookie<0..32>; * } HelloVerifyRequest; */ guint8 cookie_length; cookie_length = 0; if (tree || ssl) { /* show the client version */ if (tree) proto_tree_add_item(tree, hf_dtls_handshake_server_version, tvb, offset, 2, FALSE); offset += 2; /* look for a cookie */ cookie_length = tvb_get_guint8(tvb, offset); if (!tree) return; proto_tree_add_uint(tree, hf_dtls_handshake_cookie_len, tvb, offset, 1, cookie_length); offset ++; /* skip opaque length */ if (cookie_length > 0) { proto_tree_add_bytes_format(tree, hf_dtls_handshake_cookie, tvb, offset, cookie_length, tvb_get_ptr(tvb, offset, cookie_length), "Cookie (%u byte%s)", cookie_length, plurality(cookie_length, "", "s")); offset += cookie_length; } } } static void dissect_dtls_hnd_srv_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl) { /* struct { * ProtocolVersion server_version; * Random random; * SessionID session_id; * CipherSuite cipher_suite; * CompressionMethod compression_method; * Extension server_hello_extension_list<0..2^16-1>; * } ServerHello; */ guint16 start_offset; start_offset = offset; if (tree || ssl) { /* show the server version */ if (tree) proto_tree_add_item(tree, hf_dtls_handshake_server_version, tvb, offset, 2, FALSE); offset += 2; /* first display the elements conveniently in * common with client hello */ offset += dissect_dtls_hnd_hello_common(tvb, tree, offset, ssl, 1); /* PAOLO: handle session cipher suite */ if (ssl) { /* store selected cipher suite for decryption */ ssl->cipher = tvb_get_ntohs(tvb, offset); if (ssl_find_cipher(ssl->cipher,&ssl->cipher_suite) < 0) { ssl_debug_printf("dissect_dtls_hnd_srv_hello can't find cipher suite %X\n", ssl->cipher); goto no_cipher; } ssl->state |= SSL_CIPHER; ssl_debug_printf("dissect_dtls_hnd_srv_hello found cipher %X, state %X\n", ssl->cipher, ssl->state); /* if we have restored a session now we can have enought material * to build session key, check it out*/ if ((ssl->state & (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) != (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)) { ssl_debug_printf("dissect_dtls_hnd_srv_hello not enough data to generate key (required state %X)\n", (SSL_CIPHER|SSL_CLIENT_RANDOM|SSL_SERVER_RANDOM|SSL_VERSION|SSL_MASTER_SECRET)); goto no_cipher; } ssl_debug_printf("dissect_dtls_hnd_srv_hello trying to generate keys\n"); if (ssl_generate_keyring_material(ssl)<0) { ssl_debug_printf("dissect_dtls_hnd_srv_hello can't generate keyring material\n"); goto no_cipher; } ssl->state |= SSL_HAVE_SESSION_KEY; } no_cipher: if (!tree) return; /* now the server-selected cipher suite */ proto_tree_add_item(tree, hf_dtls_handshake_cipher_suite, tvb, offset, 2, FALSE); offset += 2; /* and the server-selected compression method */ proto_tree_add_item(tree, hf_dtls_handshake_comp_method, tvb, offset, 1, FALSE); offset++; if (length > offset - start_offset) { offset = dissect_dtls_hnd_hello_ext(tvb, tree, offset, length - (offset - start_offset)); } } } static void dissect_dtls_hnd_cert(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo) { /* opaque ASN.1Cert<2^24-1>; * * struct { * ASN.1Cert certificate_list<1..2^24-1>; * } Certificate; */ guint32 certificate_list_length; proto_tree *ti; proto_tree *subtree; asn1_ctx_t asn1_ctx; asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); if (tree) { certificate_list_length = tvb_get_ntoh24(tvb, offset); proto_tree_add_uint(tree, hf_dtls_handshake_certificates_len, tvb, offset, 3, certificate_list_length); offset += 3; /* 24-bit length value */ if (certificate_list_length > 0) { tvb_ensure_bytes_exist(tvb, offset, certificate_list_length); ti = proto_tree_add_none_format(tree, hf_dtls_handshake_certificates, tvb, offset, certificate_list_length, "Certificates (%u byte%s)", certificate_list_length, plurality(certificate_list_length, "", "s")); /* make it a subtree */ subtree = proto_item_add_subtree(ti, ett_dtls_certs); if (!subtree) { subtree = tree; /* failsafe */ } /* iterate through each certificate */ while (certificate_list_length > 0) { /* get the length of the current certificate */ guint32 cert_length = tvb_get_ntoh24(tvb, offset); certificate_list_length -= 3 + cert_length; proto_tree_add_item(subtree, hf_dtls_handshake_certificate_len, tvb, offset, 3, FALSE); offset += 3; dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, subtree, hf_dtls_handshake_certificate); offset += cert_length; } } } } static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb, proto_tree *tree, guint32 offset) { /* * enum { * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), * (255) * } ClientCertificateType; * * opaque DistinguishedName<1..2^16-1>; * * struct { * ClientCertificateType certificate_types<1..2^8-1>; * DistinguishedName certificate_authorities<3..2^16-1>; * } CertificateRequest; * */ proto_tree *ti; proto_tree *subtree; guint8 cert_types_count; gint dnames_length; cert_types_count = 0; dnames_length = 0; if (tree) { cert_types_count = tvb_get_guint8(tvb, offset); proto_tree_add_uint(tree, hf_dtls_handshake_cert_types_count, tvb, offset, 1, cert_types_count); offset++; if (cert_types_count > 0) { ti = proto_tree_add_none_format(tree, hf_dtls_handshake_cert_types, tvb, offset, cert_types_count, "Certificate types (%u type%s)", cert_types_count, plurality(cert_types_count, "", "s")); subtree = proto_item_add_subtree(ti, ett_dtls_cert_types); if (!subtree) { subtree = tree; } while (cert_types_count > 0) { proto_tree_add_item(subtree, hf_dtls_handshake_cert_type, tvb, offset, 1, FALSE); offset++; cert_types_count--; } } dnames_length = tvb_get_ntohs(tvb, offset); proto_tree_add_uint(tree, hf_dtls_handshake_dnames_len, tvb, offset, 2, dnames_length); offset += 2; if (dnames_length > 0) { tvb_ensure_bytes_exist(tvb, offset, dnames_length); ti = proto_tree_add_none_format(tree, hf_dtls_handshake_dnames, tvb, offset, dnames_length, "Distinguished Names (%d byte%s)", dnames_length, plurality(dnames_length, "", "s")); subtree = proto_item_add_subtree(ti, ett_dtls_dnames); if (!subtree) { subtree = tree; } while (dnames_length > 0) { /* get the length of the current certificate */ guint16 name_length = tvb_get_ntohs(tvb, offset); dnames_length -= 2 + name_length; proto_tree_add_item(subtree, hf_dtls_handshake_dname_len, tvb, offset, 2, FALSE); offset += 2; proto_tree_add_bytes_format(subtree, hf_dtls_handshake_dname, tvb, offset, name_length, tvb_get_ptr(tvb, offset, name_length), "Distinguished Name (%u byte%s)", name_length, plurality(name_length, "", "s")); offset += name_length; } } } } static void dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint* conv_version) { /* * struct { * opaque verify_data[12]; * } Finished; */ /* this all needs a tree, so bail if we don't have one */ if (!tree) { return; } switch(*conv_version) { case SSL_VER_DTLS: proto_tree_add_item(tree, hf_dtls_handshake_finished, tvb, offset, 12, FALSE); break; } } /********************************************************************* * * Support Functions * *********************************************************************/ #if 0 static void ssl_set_conv_version(packet_info *pinfo, guint version) { conversation_t *conversation; if (pinfo->fd->flags.visited) { /* We've already processed this frame; no need to do any more * work on it. */ return; } conversation = find_or_create_conversation(pinfo); if (conversation_get_proto_data(conversation, proto_dtls) != NULL) { /* get rid of the current data */ conversation_delete_proto_data(conversation, proto_dtls); } conversation_add_proto_data(conversation, proto_dtls, GINT_TO_POINTER(version)); } #endif static gint dtls_is_valid_handshake_type(guint8 type) { switch (type) { case SSL_HND_HELLO_REQUEST: case SSL_HND_CLIENT_HELLO: case SSL_HND_SERVER_HELLO: case SSL_HND_HELLO_VERIFY_REQUEST: case SSL_HND_CERTIFICATE: case SSL_HND_SERVER_KEY_EXCHG: case SSL_HND_CERT_REQUEST: case SSL_HND_SVR_HELLO_DONE: case SSL_HND_CERT_VERIFY: case SSL_HND_CLIENT_KEY_EXCHG: case SSL_HND_FINISHED: return 1; } return 0; } static gint dtls_is_authoritative_version_message(guint8 content_type, guint8 next_byte) { if (content_type == SSL_ID_HANDSHAKE && dtls_is_valid_handshake_type(next_byte)) { return (next_byte != SSL_HND_CLIENT_HELLO); } else if (ssl_is_valid_content_type(content_type) && content_type != SSL_ID_HANDSHAKE) { return 1; } return 0; } /* this applies a heuristic to determine whether * or not the data beginning at offset looks like a * valid dtls record. */ static gint looks_like_dtls(tvbuff_t *tvb, guint32 offset) { /* have to have a valid content type followed by a valid * protocol version */ guint8 byte; guint16 version; /* see if the first byte is a valid content type */ byte = tvb_get_guint8(tvb, offset); if (!ssl_is_valid_content_type(byte)) { return 0; } /* now check to see if the version byte appears valid */ version = tvb_get_ntohs(tvb, offset + 1); if (version != DTLSV1DOT0_VERSION && version != DTLSV1DOT0_VERSION_NOT) { return 0; } return 1; } /********************************************************************* * * Standard Wireshark Protocol Registration and housekeeping * *********************************************************************/ void proto_register_dtls(void) { /* Setup list of header fields See Section 1.6.1 for details*/ static hf_register_info hf[] = { { &hf_dtls_record, { "Record Layer", "dtls.record", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_dtls_record_content_type, { "Content Type", "dtls.record.content_type", FT_UINT8, BASE_DEC, VALS(ssl_31_content_type), 0x0, NULL, HFILL} }, { &hf_dtls_record_version, { "Version", "dtls.record.version", FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, "Record layer version.", HFILL } }, { &hf_dtls_record_epoch, { "Epoch", "dtls.record.epoch", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_dtls_record_sequence_number, { "Sequence Number", "dtls.record.sequence_number", FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_dtls_record_length, { "Length", "dtls.record.length", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of DTLS record data", HFILL } }, { &hf_dtls_record_appdata, { "Encrypted Application Data", "dtls.app_data", FT_BYTES, BASE_NONE, NULL, 0x0, "Payload is encrypted application data", HFILL } }, { &hf_dtls_change_cipher_spec, { "Change Cipher Spec Message", "dtls.change_cipher_spec", FT_NONE, BASE_NONE, NULL, 0x0, "Signals a change in cipher specifications", HFILL } }, { & hf_dtls_alert_message, { "Alert Message", "dtls.alert_message", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { & hf_dtls_alert_message_level, { "Level", "dtls.alert_message.level", FT_UINT8, BASE_DEC, VALS(ssl_31_alert_level), 0x0, "Alert message level", HFILL } }, { &hf_dtls_alert_message_description, { "Description", "dtls.alert_message.desc", FT_UINT8, BASE_DEC, VALS(ssl_31_alert_description), 0x0, "Alert message description", HFILL } }, { &hf_dtls_handshake_protocol, { "Handshake Protocol", "dtls.handshake", FT_NONE, BASE_NONE, NULL, 0x0, "Handshake protocol message", HFILL} }, { &hf_dtls_handshake_type, { "Handshake Type", "dtls.handshake.type", FT_UINT8, BASE_DEC, VALS(ssl_31_handshake_type), 0x0, "Type of handshake message", HFILL} }, { &hf_dtls_handshake_length, { "Length", "dtls.handshake.length", FT_UINT24, BASE_DEC, NULL, 0x0, "Length of handshake message", HFILL } }, { &hf_dtls_handshake_message_seq, { "Message Sequence", "dtls.handshake.message_seq", FT_UINT16, BASE_DEC, NULL, 0x0, "Message sequence of handshake message", HFILL } }, { &hf_dtls_handshake_fragment_offset, { "Fragment Offset", "dtls.handshake.fragment_offset", FT_UINT24, BASE_DEC, NULL, 0x0, "Fragment offset of handshake message", HFILL } }, { &hf_dtls_handshake_fragment_length, { "Fragment Length", "dtls.handshake.fragment_length", FT_UINT24, BASE_DEC, NULL, 0x0, "Fragment length of handshake message", HFILL } }, { &hf_dtls_handshake_client_version, { "Version", "dtls.handshake.version", FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, "Maximum version supported by client", HFILL } }, { &hf_dtls_handshake_server_version, { "Version", "dtls.handshake.version", FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, "Version selected by server", HFILL } }, { &hf_dtls_handshake_random_time, { "Random.gmt_unix_time", "dtls.handshake.random_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, "Unix time field of random structure", HFILL } }, { &hf_dtls_handshake_random_bytes, { "Random.bytes", "dtls.handshake.random", FT_NONE, BASE_NONE, NULL, 0x0, "Random challenge used to authenticate server", HFILL } }, { &hf_dtls_handshake_cipher_suites_len, { "Cipher Suites Length", "dtls.handshake.cipher_suites_length", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of cipher suites field", HFILL } }, { &hf_dtls_handshake_cipher_suites, { "Cipher Suites", "dtls.handshake.ciphersuites", FT_NONE, BASE_NONE, NULL, 0x0, "List of cipher suites supported by client", HFILL } }, { &hf_dtls_handshake_cipher_suite, { "Cipher Suite", "dtls.handshake.ciphersuite", FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0, NULL, HFILL } }, { &hf_dtls_handshake_cookie_len, { "Cookie Length", "dtls.handshake.cookie_length", FT_UINT8, BASE_DEC, NULL, 0x0, "Length of the cookie field", HFILL } }, { &hf_dtls_handshake_cookie, { "Cookie", "dtls.handshake.cookie", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_dtls_handshake_session_id, { "Session ID", "dtls.handshake.session_id", FT_BYTES, BASE_NONE, NULL, 0x0, "Identifies the DTLS session, allowing later resumption", HFILL } }, { &hf_dtls_handshake_comp_methods_len, { "Compression Methods Length", "dtls.handshake.comp_methods_length", FT_UINT8, BASE_DEC, NULL, 0x0, "Length of compression methods field", HFILL } }, { &hf_dtls_handshake_comp_methods, { "Compression Methods", "dtls.handshake.comp_methods", FT_NONE, BASE_NONE, NULL, 0x0, "List of compression methods supported by client", HFILL } }, { &hf_dtls_handshake_comp_method, { "Compression Method", "dtls.handshake.comp_method", FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0, NULL, HFILL } }, { &hf_dtls_handshake_extensions_len, { "Extensions Length", "dtls.handshake.extensions_length", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of hello extensions", HFILL } }, { &hf_dtls_handshake_extension_type, { "Type", "dtls.handshake.extension.type", FT_UINT16, BASE_HEX, VALS(tls_hello_extension_types), 0x0, "Hello extension type", HFILL } }, { &hf_dtls_handshake_extension_len, { "Length", "dtls.handshake.extension.len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of a hello extension", HFILL } }, { &hf_dtls_handshake_extension_data, { "Data", "dtls.handshake.extension.data", FT_BYTES, BASE_NONE, NULL, 0x0, "Hello Extension data", HFILL } }, { &hf_dtls_handshake_certificates_len, { "Certificates Length", "dtls.handshake.certificates_length", FT_UINT24, BASE_DEC, NULL, 0x0, "Length of certificates field", HFILL } }, { &hf_dtls_handshake_certificates, { "Certificates", "dtls.handshake.certificates", FT_NONE, BASE_NONE, NULL, 0x0, "List of certificates", HFILL } }, { &hf_dtls_handshake_certificate, { "Certificate", "dtls.handshake.certificate", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_dtls_handshake_certificate_len, { "Certificate Length", "dtls.handshake.certificate_length", FT_UINT24, BASE_DEC, NULL, 0x0, "Length of certificate", HFILL } }, { &hf_dtls_handshake_cert_types_count, { "Certificate types count", "dtls.handshake.cert_types_count", FT_UINT8, BASE_DEC, NULL, 0x0, "Count of certificate types", HFILL } }, { &hf_dtls_handshake_cert_types, { "Certificate types", "dtls.handshake.cert_types", FT_NONE, BASE_NONE, NULL, 0x0, "List of certificate types", HFILL } }, { &hf_dtls_handshake_cert_type, { "Certificate type", "dtls.handshake.cert_type", FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0, NULL, HFILL } }, { &hf_dtls_handshake_finished, { "Verify Data", "dtls.handshake.verify_data", FT_NONE, BASE_NONE, NULL, 0x0, "Opaque verification data", HFILL } }, { &hf_dtls_handshake_md5_hash, { "MD5 Hash", "dtls.handshake.md5_hash", FT_NONE, BASE_NONE, NULL, 0x0, "Hash of messages, master_secret, etc.", HFILL } }, { &hf_dtls_handshake_sha_hash, { "SHA-1 Hash", "dtls.handshake.sha_hash", FT_NONE, BASE_NONE, NULL, 0x0, "Hash of messages, master_secret, etc.", HFILL } }, { &hf_dtls_handshake_session_id_len, { "Session ID Length", "dtls.handshake.session_id_length", FT_UINT8, BASE_DEC, NULL, 0x0, "Length of session ID field", HFILL } }, { &hf_dtls_handshake_dnames_len, { "Distinguished Names Length", "dtls.handshake.dnames_len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of list of CAs that server trusts", HFILL } }, { &hf_dtls_handshake_dnames, { "Distinguished Names", "dtls.handshake.dnames", FT_NONE, BASE_NONE, NULL, 0x0, "List of CAs that server trusts", HFILL } }, { &hf_dtls_handshake_dname_len, { "Distinguished Name Length", "dtls.handshake.dname_len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length of distinguished name", HFILL } }, { &hf_dtls_handshake_dname, { "Distinguished Name", "dtls.handshake.dname", FT_BYTES, BASE_NONE, NULL, 0x0, "Distinguished name of a CA that server trusts", HFILL } }, { &hf_dtls_fragments, { "Message fragments", "dtls.fragments", FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_dtls_fragment, { "Message fragment", "dtls.fragment", FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_dtls_fragment_overlap, { "Message fragment overlap", "dtls.fragment.overlap", FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_dtls_fragment_overlap_conflicts, { "Message fragment overlapping with conflicting data", "dtls.fragment.overlap.conflicts", FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_dtls_fragment_multiple_tails, { "Message has multiple tail fragments", "dtls.fragment.multiple_tails", FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_dtls_fragment_too_long_fragment, { "Message fragment too long", "dtls.fragment.too_long_fragment", FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL } }, { &hf_dtls_fragment_error, { "Message defragmentation error", "dtls.fragment.error", FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_dtls_reassembled_in, { "Reassembled in", "dtls.reassembled.in", FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, { &hf_dtls_reassembled_length, { "Reassembled DTLS length", "dtls.reassembled.length", FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, }; /* Setup protocol subtree array */ static gint *ett[] = { &ett_dtls, &ett_dtls_record, &ett_dtls_alert, &ett_dtls_handshake, &ett_dtls_cipher_suites, &ett_dtls_comp_methods, &ett_dtls_extension, &ett_dtls_certs, &ett_dtls_cert_types, &ett_dtls_dnames, &ett_dtls_fragment, &ett_dtls_fragments, }; /* Register the protocol name and description */ proto_dtls = proto_register_protocol("Datagram Transport Layer Security", "DTLS", "dtls"); /* Required function calls to register the header fields and * subtrees used */ proto_register_field_array(proto_dtls, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); #ifdef HAVE_LIBGNUTLS { module_t *dtls_module = prefs_register_protocol(proto_dtls, dtls_parse); prefs_register_string_preference(dtls_module, "keys_list", "RSA keys list", "semicolon separated list of private RSA keys used for DTLS decryption; " "each list entry must be in the form of ,,," " is the local file name of the RSA private key used by the specified server\n", (const gchar **)&dtls_keys_list); prefs_register_string_preference(dtls_module, "debug_file", "DTLS debug file", "redirect dtls debug to file name; leave empty to disable debug, " "use \"" SSL_DEBUG_USE_STDERR "\" to redirect output to stderr\n", (const gchar **)&dtls_debug_file_name); } #endif register_dissector("dtls", dissect_dtls, proto_dtls); dtls_handle = find_dissector("dtls"); dtls_associations = g_tree_new(ssl_association_cmp); register_init_routine(dtls_init); ssl_lib_init(); dtls_tap = register_tap("dtls"); ssl_debug_printf("proto_register_dtls: registered tap %s:%d\n", "dtls", dtls_tap); } /* If this dissector uses sub-dissector registration add a registration * routine. This format is required because a script is used to find * these routines and create the code that calls these routines. */ void proto_reg_handoff_dtls(void) { /* add now dissector to default ports.*/ dtls_parse(); }