diff options
author | Anders Broman <anders.broman@ericsson.com> | 2012-03-22 08:58:19 +0000 |
---|---|---|
committer | Anders Broman <anders.broman@ericsson.com> | 2012-03-22 08:58:19 +0000 |
commit | afa29e0070eb571615fa756201a2fb070290ae03 (patch) | |
tree | 175a6bc5edc745eb8edb7c8a04b083951cd4af2f | |
parent | dba2c07cba03310d185a8ef5f5ef4bba6b51117e (diff) |
From Yaniv Kaul:
Enhance the SSL dissector to dissect some Hello extensions.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6979
svn path=/trunk/; revision=41736
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 10 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 5 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl.c | 176 |
3 files changed, 188 insertions, 3 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index a13e66a340..d6c20f400e 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -898,7 +898,7 @@ const value_string pct_error_code[] = { /* RFC 4366 */ const value_string tls_hello_extension_types[] = { - { 0, "server_name" }, + { SSL_HND_HELLO_EXT_SERVER_NAME, "server_name" }, /* RFC 3546 */ { 1, "max_fragment_length" }, { 2, "client_certificate_url" }, { 3, "trusted_ca_keys" }, @@ -915,7 +915,13 @@ const value_string tls_hello_extension_types[] = { { 14, "use_srtp" }, { SSL_HND_HELLO_EXT_HEARTBEAT, "Heartbeat" }, /* RFC 6520 */ { 35, "SessionTicket TLS" }, /* RFC 4507 */ - { 65281, "renegotiation_info" }, + { SSL_HND_HELLO_EXT_NPN, "next_protocol_negotiation"}, /* http://technotes.googlecode.com/git/nextprotoneg.html */ + { SSL_HND_HELLO_EXT_RENEG_INFO, "renegotiation_info" }, /* RFC 5746 */ + { 0, NULL } +}; + +const value_string tls_hello_ext_server_name_type_vs[] = { + { 0, "host_name" }, { 0, NULL } }; diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 59565b1ef5..70d3744805 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -146,10 +146,12 @@ #define PCT_ERR_SERVER_AUTH_FAILED 0x05 #define PCT_ERR_SPECS_MISMATCH 0x06 +#define SSL_HND_HELLO_EXT_SERVER_NAME 0x0 #define SSL_HND_HELLO_EXT_ELLIPTIC_CURVES 0x000a #define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 0x000b #define SSL_HND_HELLO_EXT_HEARTBEAT 0x000f - +#define SSL_HND_HELLO_EXT_RENEG_INFO 0xff01 +#define SSL_HND_HELLO_EXT_NPN 0x3374 #define SSL_HND_CERT_STATUS_TYPE_OCSP 1 /* @@ -188,6 +190,7 @@ extern const value_string tls_cert_status_type[]; extern const value_string ssl_extension_curves[]; extern const value_string ssl_extension_ec_point_formats[]; extern const value_string ssl_curve_types[]; +extern const value_string tls_hello_ext_server_name_type_vs[]; /* XXX Should we use GByteArray instead? */ typedef struct _StringInfo { diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index ba2acae0f9..f866c01cb2 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -172,6 +172,14 @@ static gint hf_ssl_handshake_extension_elliptic_curves = -1; static gint hf_ssl_handshake_extension_elliptic_curve = -1; static gint hf_ssl_handshake_extension_ec_point_formats_len = -1; static gint hf_ssl_handshake_extension_ec_point_format = -1; +static gint hf_ssl_handshake_extension_npn_len = -1; +static gint hf_ssl_handshake_extension_npn_str_len = -1; +static gint hf_ssl_handshake_extension_npn_str = -1; +static gint hf_ssl_handshake_extension_reneg_info_len = -1; +static gint hf_ssl_handshake_extension_server_name_len = -1; +static gint hf_ssl_handshake_extension_server_name_list_len = -1; +static gint hf_ssl_handshake_extension_server_name_type = -1; +static gint hf_ssl_handshake_extension_server_name = -1; static gint hf_ssl_handshake_certificates_len = -1; static gint hf_ssl_handshake_certificates = -1; static gint hf_ssl_handshake_certificate = -1; @@ -272,6 +280,9 @@ static gint ett_ssl_comp_methods = -1; static gint ett_ssl_extension = -1; static gint ett_ssl_extension_curves = -1; static gint ett_ssl_extension_curves_point_formats = -1; +static gint ett_ssl_extension_npn = -1; +static gint ett_ssl_extension_reneg_info = -1; +static gint ett_ssl_extension_server_name = -1; static gint ett_ssl_certs = -1; static gint ett_ssl_cert_types = -1; static gint ett_ssl_sig_hash_algs = -1; @@ -475,6 +486,15 @@ static gint dissect_ssl3_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb, static gint dissect_ssl3_hnd_hello_ext_ec_point_formats(tvbuff_t *tvb, proto_tree *tree, guint32 offset); +static gint dissect_ssl3_hnd_hello_ext_npn(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len); + +static gint dissect_ssl3_hnd_hello_ext_reneg_info(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len); + +static gint dissect_ssl3_hnd_hello_ext_server_name(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len); + static void dissect_ssl3_hnd_cli_hello(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint32 length, @@ -2349,6 +2369,15 @@ dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb, case SSL_HND_HELLO_EXT_EC_POINT_FORMATS: offset = dissect_ssl3_hnd_hello_ext_ec_point_formats(tvb, ext_tree, offset); break; + case SSL_HND_HELLO_EXT_NPN: + offset = dissect_ssl3_hnd_hello_ext_npn(tvb, ext_tree, offset, ext_len); + break; + case SSL_HND_HELLO_EXT_RENEG_INFO: + offset = dissect_ssl3_hnd_hello_ext_reneg_info(tvb, ext_tree, offset, ext_len); + break; + case SSL_HND_HELLO_EXT_SERVER_NAME: + offset = dissect_ssl3_hnd_hello_ext_server_name(tvb, ext_tree, offset, ext_len); + break; case SSL_HND_HELLO_EXT_HEARTBEAT: proto_tree_add_item(ext_tree, hf_ssl_heartbeat_extension_mode, tvb, offset, 1, ENC_BIG_ENDIAN); @@ -2369,6 +2398,110 @@ dissect_ssl3_hnd_hello_ext(tvbuff_t *tvb, } static gint +dissect_ssl3_hnd_hello_ext_npn(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len) +{ + guint8 npn_length; + proto_tree *npn_tree, *ti; + + if (ext_len == 0) { + return offset; + } + + ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Next Protocol Negotiation"); + npn_tree = proto_item_add_subtree(ti, ett_ssl_extension_npn); + + while (ext_len > 0) { + npn_length = tvb_get_guint8(tvb, offset); + proto_tree_add_item(npn_tree, hf_ssl_handshake_extension_npn_str_len, + tvb, offset, 1, ENC_NA); + offset++; + ext_len--; + + if (npn_length > 0) { + tvb_ensure_bytes_exist(tvb, offset, npn_length); + proto_tree_add_item(npn_tree, hf_ssl_handshake_extension_npn_str, + tvb, offset, npn_length, ENC_NA); + offset += npn_length; + ext_len -= npn_length; + } + } + + return offset; +} + +static gint +dissect_ssl3_hnd_hello_ext_reneg_info(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len) +{ + guint8 reneg_info_length; + proto_tree *reneg_info_tree, *ti; + + if (ext_len == 0) { + return offset; + } + + ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Renegotiation Info extension"); + reneg_info_tree = proto_item_add_subtree(ti, ett_ssl_extension_reneg_info); + + reneg_info_length = tvb_get_guint8(tvb, offset); + proto_tree_add_item(reneg_info_tree, hf_ssl_handshake_extension_reneg_info_len, + tvb, offset, 1, ENC_NA); + offset++; + + if (reneg_info_length > 0) { + tvb_ensure_bytes_exist(tvb, offset, reneg_info_length); + proto_tree_add_text(reneg_info_tree, tvb, offset, reneg_info_length, "Renegotiation Info"); + offset += reneg_info_length; + } + + return offset; +} + +static gint +dissect_ssl3_hnd_hello_ext_server_name(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 ext_len) +{ + guint8 server_name_length; + proto_tree *server_name_tree, *ti; + + + if (ext_len == 0) { + return offset; + } + + ti = proto_tree_add_text(tree, tvb, offset, ext_len, "Server Name Indication extension"); + server_name_tree = proto_item_add_subtree(ti, ett_ssl_extension_server_name); + + proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name_list_len, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + ext_len -= 2; + + while (ext_len > 0) { + proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name_type, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + ext_len -= 2; + + server_name_length = tvb_get_guint8(tvb, offset); + proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name_len, + tvb, offset, 1, ENC_NA); + offset++; + ext_len--; + + if (server_name_length > 0) { + tvb_ensure_bytes_exist(tvb, offset, server_name_length); + proto_tree_add_item(server_name_tree, hf_ssl_handshake_extension_server_name, + tvb, offset, server_name_length, ENC_NA); + offset += server_name_length; + ext_len -= server_name_length; + } + } + return offset; +} + +static gint dissect_ssl3_hnd_hello_ext_elliptic_curves(tvbuff_t *tvb, proto_tree *tree, guint32 offset) { @@ -4962,6 +5095,46 @@ proto_register_ssl(void) FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, "Elliptic curves point format", HFILL } }, + { &hf_ssl_handshake_extension_npn_len, + { "NPN extension length", "ssl.handshake.extensions_npn_length", + FT_UINT16, BASE_DEC, NULL, 0x0, + "Length of NPN extension", HFILL } + }, + { &hf_ssl_handshake_extension_npn_str_len, + { "Protocol string length", "ssl.handshake.extensions_npn_str_len", + FT_UINT8, BASE_DEC, NULL, 0x0, + "Length of next protocol string", HFILL } + }, + { &hf_ssl_handshake_extension_npn_str, + { "Next Protocol", "ssl.handshake.extensions_npn", + FT_STRING, BASE_NONE, NULL, 0x0, + "Next Protocol", HFILL } + }, + { &hf_ssl_handshake_extension_reneg_info_len, + { "Renegotiation info extension length", "ssl.handshake.extensions_reneg_info_len", + FT_UINT8, BASE_DEC, NULL, 0x0, + "Renegotiation info extension length", HFILL } + }, + { &hf_ssl_handshake_extension_server_name_list_len, + { "Server Name list length", "ssl.handshake.extensions_server_name_list_len", + FT_UINT16, BASE_DEC, NULL, 0x0, + "Length of server name list", HFILL } + }, + { &hf_ssl_handshake_extension_server_name_len, + { "Server Name length", "ssl.handshake.extensions_server_name_len", + FT_UINT16, BASE_DEC, NULL, 0x0, + "Length of server name string", HFILL } + }, + { &hf_ssl_handshake_extension_server_name_type, + { "Server Name Type", "ssl.handshake.extensions_server_name_type", + FT_UINT16, BASE_DEC, VALS(tls_hello_ext_server_name_type_vs), 0x0, + "Server name type", HFILL } + }, + { &hf_ssl_handshake_extension_server_name, + { "Server Name", "ssl.handshake.extensions_server_name", + FT_STRING, BASE_NONE, NULL, 0x0, + "Server name", HFILL } + }, { &hf_ssl_handshake_certificates_len, { "Certificates Length", "ssl.handshake.certificates_length", FT_UINT24, BASE_DEC, NULL, 0x0, @@ -5402,6 +5575,9 @@ proto_register_ssl(void) &ett_ssl_extension, &ett_ssl_extension_curves, &ett_ssl_extension_curves_point_formats, + &ett_ssl_extension_npn, + &ett_ssl_extension_reneg_info, + &ett_ssl_extension_server_name, &ett_ssl_certs, &ett_ssl_cert_types, &ett_ssl_sig_hash_algs, |