diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2018-09-15 11:18:42 +0200 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2018-09-15 19:12:48 +0000 |
| commit | 02fc8b4b1066e588ea5842be380f9f0983d5cf1f (patch) | |
| tree | 45b788f54c7209a2cb3d187e0e91e28a03edabd8 | |
| parent | 203d875d3bf40280a3aefd31a549f8f937b5a50d (diff) | |
ssl,ssl-utils: remove PCT support
This protocol was superseded by SSLv3 and has been disabled in MS
products long time ago.
Change-Id: If29bcfad394ba55c7d6605626762c29055a02ae9
Reviewed-on: https://code.wireshark.org/review/29667
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 78 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 57 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl.c | 663 |
3 files changed, 10 insertions, 788 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index bbf85c4095..ab3ce3b02f 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -70,7 +70,6 @@ const value_string ssl_version_short_names[] = { { DTLSV1DOT0_VERSION, "DTLSv1.0" }, { DTLSV1DOT2_VERSION, "DTLSv1.2" }, { DTLSV1DOT0_OPENSSL_VERSION, "DTLS 1.0 (OpenSSL pre 0.9.8f)" }, - { PCT_VERSION, "PCT" }, { 0x00, NULL } }; @@ -412,17 +411,6 @@ static const value_string ssl_20_cipher_suites[] = { { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" }, { 0x080080, "SSL2_RC4_64_WITH_MD5" }, - /* Microsoft's old PCT protocol. These are from Eric Rescorla's - book "SSL and TLS" */ - { 0x800001, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509" }, - { 0x800003, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509_CHAIN" }, - { 0x810001, "PCT_SSL_HASH_TYPE | PCT1_HASH_MD5" }, - { 0x810003, "PCT_SSL_HASH_TYPE | PCT1_HASH_SHA" }, - { 0x820001, "PCT_SSL_EXCH_TYPE | PCT1_EXCH_RSA_PKCS1" }, - { 0x830004, "PCT_SSL_CIPHER_TYPE_1ST_HALF | PCT1_CIPHER_RC4" }, - { 0x842840, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_40 | PCT1_MAC_BITS_128" }, - { 0x848040, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_128 | PCT1_MAC_BITS_128" }, - { 0x8f8001, "PCT_SSL_COMPAT | PCT_VERSION_1" }, { 0x00, NULL } }; @@ -1111,72 +1099,6 @@ static const value_string ssl_31_ciphersuite[] = { value_string_ext ssl_31_ciphersuite_ext = VALUE_STRING_EXT_INIT(ssl_31_ciphersuite); - -const value_string pct_msg_types[] = { - { PCT_MSG_CLIENT_HELLO, "Client Hello" }, - { PCT_MSG_SERVER_HELLO, "Server Hello" }, - { PCT_MSG_CLIENT_MASTER_KEY, "Client Master Key" }, - { PCT_MSG_SERVER_VERIFY, "Server Verify" }, - { PCT_MSG_ERROR, "Error" }, - { 0x00, NULL } -}; - -const value_string pct_cipher_type[] = { - { PCT_CIPHER_DES, "DES" }, - { PCT_CIPHER_IDEA, "IDEA" }, - { PCT_CIPHER_RC2, "RC2" }, - { PCT_CIPHER_RC4, "RC4" }, - { PCT_CIPHER_DES_112, "DES 112 bit" }, - { PCT_CIPHER_DES_168, "DES 168 bit" }, - { 0x00, NULL } -}; - -const value_string pct_hash_type[] = { - { PCT_HASH_MD5, "MD5" }, - { PCT_HASH_MD5_TRUNC_64, "MD5_TRUNC_64"}, - { PCT_HASH_SHA, "SHA"}, - { PCT_HASH_SHA_TRUNC_80, "SHA_TRUNC_80"}, - { PCT_HASH_DES_DM, "DES_DM"}, - { 0x00, NULL } -}; - -const value_string pct_cert_type[] = { - { PCT_CERT_NONE, "None" }, - { PCT_CERT_X509, "X.509" }, - { PCT_CERT_PKCS7, "PKCS #7" }, - { 0x00, NULL } -}; -const value_string pct_sig_type[] = { - { PCT_SIG_NONE, "None" }, - { PCT_SIG_RSA_MD5, "MD5" }, - { PCT_SIG_RSA_SHA, "RSA SHA" }, - { PCT_SIG_DSA_SHA, "DSA SHA" }, - { 0x00, NULL } -}; - -const value_string pct_exch_type[] = { - { PCT_EXCH_RSA_PKCS1, "RSA PKCS#1" }, - { PCT_EXCH_RSA_PKCS1_TOKEN_DES, "RSA PKCS#1 Token DES" }, - { PCT_EXCH_RSA_PKCS1_TOKEN_DES3, "RSA PKCS#1 Token 3DES" }, - { PCT_EXCH_RSA_PKCS1_TOKEN_RC2, "RSA PKCS#1 Token RC-2" }, - { PCT_EXCH_RSA_PKCS1_TOKEN_RC4, "RSA PKCS#1 Token RC-4" }, - { PCT_EXCH_DH_PKCS3, "DH PKCS#3" }, - { PCT_EXCH_DH_PKCS3_TOKEN_DES, "DH PKCS#3 Token DES" }, - { PCT_EXCH_DH_PKCS3_TOKEN_DES3, "DH PKCS#3 Token 3DES" }, - { PCT_EXCH_FORTEZZA_TOKEN, "Fortezza" }, - { 0x00, NULL } -}; - -const value_string pct_error_code[] = { - { PCT_ERR_BAD_CERTIFICATE, "PCT_ERR_BAD_CERTIFICATE" }, - { PCT_ERR_CLIENT_AUTH_FAILED, "PCT_ERR_CLIENT_AUTH_FAILE" }, - { PCT_ERR_ILLEGAL_MESSAGE, "PCT_ERR_ILLEGAL_MESSAGE" }, - { PCT_ERR_INTEGRITY_CHECK_FAILED, "PCT_ERR_INTEGRITY_CHECK_FAILED" }, - { PCT_ERR_SERVER_AUTH_FAILED, "PCT_ERR_SERVER_AUTH_FAILED" }, - { PCT_ERR_SPECS_MISMATCH, "PCT_ERR_SPECS_MISMATCH" }, - { 0x00, NULL } -}; - /* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1 */ const value_string tls_hello_extension_types[] = { { SSL_HND_HELLO_EXT_SERVER_NAME, "server_name" }, /* RFC 6066 */ diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 01e0b33327..31ef008a14 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -77,55 +77,6 @@ typedef enum { #define SSL2_HND_REQUEST_CERTIFICATE 0x07 #define SSL2_HND_CLIENT_CERTIFICATE 0x08 -#define PCT_VERSION_1 0x8001 - -#define PCT_MSG_CLIENT_HELLO 0x01 -#define PCT_MSG_SERVER_HELLO 0x02 -#define PCT_MSG_CLIENT_MASTER_KEY 0x03 -#define PCT_MSG_SERVER_VERIFY 0x04 -#define PCT_MSG_ERROR 0x05 - -#define PCT_CH_OFFSET_V1 0xa - -#define PCT_CIPHER_DES 0x01 -#define PCT_CIPHER_IDEA 0x02 -#define PCT_CIPHER_RC2 0x03 -#define PCT_CIPHER_RC4 0x04 -#define PCT_CIPHER_DES_112 0x05 -#define PCT_CIPHER_DES_168 0x06 - -#define PCT_HASH_MD5 0x0001 -#define PCT_HASH_MD5_TRUNC_64 0x0002 -#define PCT_HASH_SHA 0x0003 -#define PCT_HASH_SHA_TRUNC_80 0x0004 -#define PCT_HASH_DES_DM 0x0005 - -#define PCT_CERT_NONE 0x00 -#define PCT_CERT_X509 0x01 -#define PCT_CERT_PKCS7 0x02 - -#define PCT_SIG_NONE 0x0000 -#define PCT_SIG_RSA_MD5 0x0001 -#define PCT_SIG_RSA_SHA 0x0002 -#define PCT_SIG_DSA_SHA 0x0003 - -#define PCT_EXCH_RSA_PKCS1 0x01 -#define PCT_EXCH_RSA_PKCS1_TOKEN_DES 0x02 -#define PCT_EXCH_RSA_PKCS1_TOKEN_DES3 0x03 -#define PCT_EXCH_RSA_PKCS1_TOKEN_RC2 0x04 -#define PCT_EXCH_RSA_PKCS1_TOKEN_RC4 0x05 -#define PCT_EXCH_DH_PKCS3 0x06 -#define PCT_EXCH_DH_PKCS3_TOKEN_DES 0x07 -#define PCT_EXCH_DH_PKCS3_TOKEN_DES3 0x08 -#define PCT_EXCH_FORTEZZA_TOKEN 0x09 - -#define PCT_ERR_BAD_CERTIFICATE 0x01 -#define PCT_ERR_CLIENT_AUTH_FAILED 0x02 -#define PCT_ERR_ILLEGAL_MESSAGE 0x03 -#define PCT_ERR_INTEGRITY_CHECK_FAILED 0x04 -#define PCT_ERR_SERVER_AUTH_FAILED 0x05 -#define PCT_ERR_SPECS_MISMATCH 0x06 - #define SSL_HND_HELLO_EXT_SERVER_NAME 0 #define SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH 1 #define SSL_HND_HELLO_EXT_CLIENT_CERTIFICATE_URL 2 @@ -226,13 +177,6 @@ extern const value_string ssl_31_signature_algorithm[]; extern const value_string ssl_31_client_certificate_type[]; extern const value_string ssl_31_public_value_encoding[]; extern value_string_ext ssl_31_ciphersuite_ext; -extern const value_string pct_msg_types[]; -extern const value_string pct_cipher_type[]; -extern const value_string pct_hash_type[]; -extern const value_string pct_cert_type[]; -extern const value_string pct_sig_type[]; -extern const value_string pct_exch_type[]; -extern const value_string pct_error_code[]; extern const value_string tls_hello_extension_types[]; extern const value_string tls_hash_algorithm[]; extern const value_string tls_signature_algorithm[]; @@ -258,7 +202,6 @@ typedef struct _StringInfo { #define SSL_WRITE_KEY 1 #define SSL_VER_UNKNOWN 0 -#define PCT_VERSION 0x8001 /* PCT_VERSION_1 from http://graphcomp.com/info/specs/ms/pct.htm */ #define SSLV2_VERSION 0x0002 /* not in record layer, SSL_CLIENT_SERVER from http://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html */ #define SSLV3_VERSION 0x300 diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 8bbd9d3c99..65402f3d58 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -22,12 +22,6 @@ * * See RFC 2246 for SSL 3.1/TLS 1.0 specs. * - * See (among other places) - * - * http://www.graphcomp.com/info/specs/ms/pct.htm - * - * for PCT 1 draft specs. - * * See * * http://research.sun.com/projects/crypto/draft-ietf-tls-ecc-05.txt @@ -130,7 +124,6 @@ static gint hf_ssl2_record = -1; static gint hf_ssl2_record_is_escape = -1; static gint hf_ssl2_record_padding_length = -1; static gint hf_ssl2_msg_type = -1; -static gint hf_pct_msg_type = -1; static gint hf_tls_alert_message = -1; static gint hf_tls_alert_message_level = -1; static gint hf_tls_alert_message_description = -1; @@ -156,62 +149,6 @@ static gint hf_ssl2_handshake_session_id_hit = -1; static gint hf_ssl2_handshake_cert_type = -1; static gint hf_ssl2_handshake_connection_id_len = -1; static gint hf_ssl2_handshake_connection_id = -1; -static gint hf_pct_handshake_cipher_spec = -1; -static gint hf_pct_handshake_hash_spec = -1; -static gint hf_pct_handshake_cert_spec = -1; -static gint hf_pct_handshake_cert = -1; -static gint hf_pct_handshake_server_cert = -1; -static gint hf_pct_handshake_exch_spec = -1; -static gint hf_pct_handshake_hash = -1; -static gint hf_pct_handshake_cipher = -1; -static gint hf_pct_handshake_exch = -1; -static gint hf_pct_handshake_sig = -1; -static gint hf_pct_msg_error_type = -1; - -/* Generated from convert_proto_tree_add_text.pl */ -static int hf_ssl_pct_client_version = -1; -static int hf_ssl_pct_pad = -1; -static int hf_ssl_pct_client_session_id_data = -1; -static int hf_ssl_pct_challenge_data = -1; -static int hf_ssl_pct_ch_offset = -1; -static int hf_ssl_pct_cipher_specs_length = -1; -static int hf_ssl_pct_hash_specs_length = -1; -static int hf_ssl_pct_cert_specs_length = -1; -static int hf_ssl_pct_exch_specs_length = -1; -static int hf_ssl_pct_iv_length = -1; -static int hf_ssl_pct_encryption_key_length = -1; -static int hf_ssl_pct_mac_key_length_in_bits = -1; -static int hf_ssl_pct_iv_data = -1; -static int hf_ssl_pct_server_version = -1; -static int hf_ssl_pct_sh_restart_session_ok_flag = -1; -static int hf_ssl_pct_sh_client_auth_req_flag = -1; -static int hf_ssl_pct_connection_id_data = -1; -static int hf_ssl_pct_server_certificate_length = -1; -static int hf_ssl_pct_client_cert_specs_length = -1; -static int hf_ssl_pct_client_sig_specs_length = -1; -static int hf_ssl_pct_response_length = -1; -static int hf_ssl_pct_client_cert_specs = -1; -static int hf_ssl_pct_client_signature = -1; -static int hf_ssl_pct_server_response = -1; -static int hf_ssl_pct_clear_key_length = -1; -static int hf_ssl_pct_encrypted_key_length = -1; -static int hf_ssl_pct_verify_prelude_length = -1; -static int hf_ssl_pct_client_cert_length = -1; -static int hf_ssl_pct_clear_key_data = -1; -static int hf_ssl_pct_encrypted_key_data = -1; -static int hf_ssl_pct_verify_prelude_data = -1; -static int hf_ssl_pct_client_certificate_data = -1; -static int hf_ssl_pct_response_data = -1; -static int hf_ssl_pct_server_session_id_data = -1; -static int hf_ssl_pct_server_response_length = -1; -static int hf_ssl_pct_error_information_length = -1; -static int hf_ssl_pct_specs_mismatch_cipher = -1; -static int hf_ssl_pct_specs_mismatch_hash = -1; -static int hf_ssl_pct_specs_mismatch_cert = -1; -static int hf_ssl_pct_specs_mismatch_exch = -1; -static int hf_ssl_pct_specs_mismatch_client_cert = -1; -static int hf_ssl_pct_specs_mismatch_client_sig = -1; -static int hf_ssl_pct_error_information_data = -1; static int hf_tls_reassembled_in = -1; static int hf_tls_reassembled_length = -1; @@ -241,10 +178,6 @@ static gint ett_tls_alert = -1; static gint ett_tls_handshake = -1; static gint ett_tls_heartbeat = -1; static gint ett_tls_certs = -1; -static gint ett_pct_cipher_suites = -1; -static gint ett_pct_hash_suites = -1; -static gint ett_pct_cert_suites = -1; -static gint ett_pct_exch_suites = -1; static gint ett_tls_segments = -1; static gint ett_tls_segment = -1; @@ -253,10 +186,7 @@ static expert_field ei_ssl3_heartbeat_payload_length = EI_INIT; static expert_field ei_tls_unexpected_message = EI_INIT; /* Generated from convert_proto_tree_add_text.pl */ -static expert_field ei_ssl_pct_ch_offset = EI_INIT; -static expert_field ei_ssl_pct_server_version = EI_INIT; static expert_field ei_tls_ignored_unknown_record = EI_INIT; -static expert_field ei_ssl_pct_client_version = EI_INIT; /* not all of the hf_fields below make sense for TLS but we have to provide them anyways to comply with the api (which was aimed for ip fragment @@ -581,35 +511,17 @@ static void dissect_ssl2_hnd_client_hello(tvbuff_t *tvb, packet_info *pinfo, guint32 offset, SslDecryptSession *ssl); -static void dissect_pct_msg_client_hello(tvbuff_t *tvb, packet_info *pinfo, - proto_tree *tree, - guint32 offset); - /* client master key dissector */ static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb, proto_tree *tree, guint32 offset); -static void dissect_pct_msg_client_master_key(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset); /* server hello dissector */ static void dissect_ssl2_hnd_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo); -static void dissect_pct_msg_server_hello(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, packet_info *pinfo); -static void dissect_pct_msg_server_verify(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset); - -static void dissect_pct_msg_error(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset); - /* * Support Functions * @@ -621,9 +533,6 @@ static gint ssl_looks_like_sslv3(tvbuff_t *tvb, const guint32 offset); static gint ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, const guint32 offset, const guint32 record_length); -static gint ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, - const guint32 offset, - const guint32 record_length); /********************************************************************* * @@ -746,7 +655,6 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) */ switch (session->version) { case SSLV2_VERSION: - case PCT_VERSION: offset = dissect_ssl2_record(tvb, pinfo, ssl_tree, offset, session, &need_desegmentation, @@ -816,7 +724,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) if (ssl_looks_like_sslv2(tvb, offset)) { - /* looks like sslv2 or pct client hello */ + /* looks like sslv2 client hello */ offset = dissect_ssl2_record(tvb, pinfo, ssl_tree, offset, session, &need_desegmentation, @@ -2669,13 +2577,7 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, */ if (session->version == SSL_VER_UNKNOWN) { - if (ssl_looks_like_valid_pct_handshake(tvb, - (initial_offset + - record_length_length), - record_length)) { - session->version = PCT_VERSION; - } - else if (msg_type >= 2 && msg_type <= 8) + if (msg_type >= 2 && msg_type <= 8) { session->version = SSLV2_VERSION; } @@ -2685,30 +2587,21 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, * conversation, then set a version for just this frame * (e.g., on a client hello) */ - col_set_str(pinfo->cinfo, COL_PROTOCOL, - (session->version == PCT_VERSION) ? "PCT" : "SSLv2"); + col_set_str(pinfo->cinfo, COL_PROTOCOL, "SSLv2"); /* see if the msg_type is valid; if not the payload is * probably encrypted, so note that fact and bail */ - msg_type_str = try_val_to_str(msg_type, - (session->version == PCT_VERSION) - ? pct_msg_types : ssl_20_msg_types); + msg_type_str = try_val_to_str(msg_type, ssl_20_msg_types); if (!msg_type_str - || ((session->version != PCT_VERSION) && - !ssl_looks_like_valid_v2_handshake(tvb, initial_offset - + record_length_length, - record_length)) - || ((session->version == PCT_VERSION) && - !ssl_looks_like_valid_pct_handshake(tvb, initial_offset + || (!ssl_looks_like_valid_v2_handshake(tvb, initial_offset + record_length_length, record_length))) { if (ssl_record_tree) { proto_item_set_text(ssl_record_tree, "%s Record Layer: %s", - (session->version == PCT_VERSION) - ? "PCT" : "SSLv2", + "SSLv2", "Encrypted Data"); /* Unlike SSLv3, the SSLv2 record layer does not have a @@ -2732,8 +2625,7 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, if (ssl_record_tree) { proto_item_set_text(ssl_record_tree, "%s Record Layer: %s", - (session->version == PCT_VERSION) - ? "PCT" : "SSLv2", + "SSLv2", msg_type_str); } } @@ -2784,14 +2676,11 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, /* add the message type */ if (ssl_record_tree) { - proto_tree_add_item(ssl_record_tree, - (session->version == PCT_VERSION) - ? hf_pct_msg_type : hf_ssl2_msg_type, + proto_tree_add_item(ssl_record_tree, hf_ssl2_msg_type, tvb, offset, 1, ENC_BIG_ENDIAN); } offset += 1; /* move past msg_type byte */ - if (session->version != PCT_VERSION) { /* dissect the message (only handle client hello right now) */ switch (msg_type) { @@ -2820,30 +2709,6 @@ dissect_ssl2_record(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, break; } } - else - { - /* dissect the message */ - switch (msg_type) { - case PCT_MSG_CLIENT_HELLO: - dissect_pct_msg_client_hello(tvb, pinfo, ssl_record_tree, offset); - break; - case PCT_MSG_SERVER_HELLO: - dissect_pct_msg_server_hello(tvb, ssl_record_tree, offset, pinfo); - break; - case PCT_MSG_CLIENT_MASTER_KEY: - dissect_pct_msg_client_master_key(tvb, ssl_record_tree, offset); - break; - case PCT_MSG_SERVER_VERIFY: - dissect_pct_msg_server_verify(tvb, ssl_record_tree, offset); - break; - case PCT_MSG_ERROR: - dissect_pct_msg_error(tvb, ssl_record_tree, offset); - break; - - default: /* unknown */ - break; - } - } return (initial_offset + record_length_length + record_length); } @@ -2985,329 +2850,6 @@ dissect_ssl2_hnd_client_hello(tvbuff_t *tvb, packet_info *pinfo, } static void -dissect_pct_msg_client_hello(tvbuff_t *tvb, packet_info *pinfo, - proto_tree *tree, guint32 offset) -{ - guint16 CH_CLIENT_VERSION, CH_OFFSET, CH_CIPHER_SPECS_LENGTH, CH_HASH_SPECS_LENGTH, CH_CERT_SPECS_LENGTH, CH_EXCH_SPECS_LENGTH, CH_KEY_ARG_LENGTH, mac_key_length; - proto_item *CH_CIPHER_SPECS_ti, *CH_HASH_SPECS_ti, *CH_CERT_SPECS_ti, *CH_EXCH_SPECS_ti, *ti; - proto_tree *CH_CIPHER_SPECS_tree, *CH_HASH_SPECS_tree, *CH_CERT_SPECS_tree, *CH_EXCH_SPECS_tree; - gint i; - - CH_CLIENT_VERSION = tvb_get_ntohs(tvb, offset); - ti = proto_tree_add_item(tree, hf_ssl_pct_client_version, tvb, offset, 2, ENC_BIG_ENDIAN); - if (CH_CLIENT_VERSION != PCT_VERSION_1) - expert_add_info_format(pinfo, ti, &ei_ssl_pct_client_version, "Client Version, should be %x in PCT version 1", PCT_VERSION_1); - offset += 2; - - proto_tree_add_item(tree, hf_ssl_pct_pad, tvb, offset, 1, ENC_NA); - offset += 1; - - proto_tree_add_item(tree, hf_ssl_pct_client_session_id_data, tvb, offset, 32, ENC_NA); - offset += 32; - - proto_tree_add_item(tree, hf_ssl_pct_challenge_data, tvb, offset, 32, ENC_NA); - offset += 32; - - CH_OFFSET = tvb_get_ntohs(tvb, offset); - ti = proto_tree_add_item(tree, hf_ssl_pct_ch_offset, tvb, offset, 2, ENC_BIG_ENDIAN); - if (CH_OFFSET != PCT_CH_OFFSET_V1) - expert_add_info_format(pinfo, ti, &ei_ssl_pct_ch_offset, "should be %d in PCT version 1", PCT_CH_OFFSET_V1); - offset += 2; - - CH_CIPHER_SPECS_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_cipher_specs_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - CH_HASH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_hash_specs_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - CH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_cert_specs_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - CH_EXCH_SPECS_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_exch_specs_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - CH_KEY_ARG_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_iv_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - if (CH_CIPHER_SPECS_LENGTH) { - CH_CIPHER_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cipher_spec, tvb, offset, CH_CIPHER_SPECS_LENGTH, ENC_NA); - CH_CIPHER_SPECS_tree = proto_item_add_subtree(CH_CIPHER_SPECS_ti, ett_pct_cipher_suites); - - for(i=0; i<(CH_CIPHER_SPECS_LENGTH/4); i++) { - proto_tree_add_item(CH_CIPHER_SPECS_tree, hf_pct_handshake_cipher, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - proto_tree_add_item(CH_CIPHER_SPECS_tree, hf_ssl_pct_encryption_key_length, tvb, offset, 1, ENC_NA); - offset += 1; - mac_key_length = tvb_get_guint8(tvb, offset) + 64; - proto_tree_add_uint(CH_CIPHER_SPECS_tree, hf_ssl_pct_mac_key_length_in_bits, tvb, offset, 1, mac_key_length); - offset += 1; - } - } - - if (CH_HASH_SPECS_LENGTH) { - CH_HASH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_hash_spec, tvb, offset, CH_HASH_SPECS_LENGTH, ENC_NA); - CH_HASH_SPECS_tree = proto_item_add_subtree(CH_HASH_SPECS_ti, ett_pct_hash_suites); - - for(i=0; i<(CH_HASH_SPECS_LENGTH/2); i++) { - proto_tree_add_item(CH_HASH_SPECS_tree, hf_pct_handshake_hash, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - } - } - - if (CH_CERT_SPECS_LENGTH) { - CH_CERT_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_cert_spec, tvb, offset, CH_CERT_SPECS_LENGTH, ENC_NA); - CH_CERT_SPECS_tree = proto_item_add_subtree(CH_CERT_SPECS_ti, ett_pct_cert_suites); - - for(i=0; i< (CH_CERT_SPECS_LENGTH/2); i++) { - proto_tree_add_item(CH_CERT_SPECS_tree, hf_pct_handshake_cert, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - } - } - - if (CH_EXCH_SPECS_LENGTH) { - CH_EXCH_SPECS_ti = proto_tree_add_item(tree, hf_pct_handshake_exch_spec, tvb, offset, CH_EXCH_SPECS_LENGTH, ENC_NA); - CH_EXCH_SPECS_tree = proto_item_add_subtree(CH_EXCH_SPECS_ti, ett_pct_exch_suites); - - for(i=0; i<(CH_EXCH_SPECS_LENGTH/2); i++) { - proto_tree_add_item(CH_EXCH_SPECS_tree, hf_pct_handshake_exch, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - } - } - - if (CH_KEY_ARG_LENGTH) { - proto_tree_add_item(tree, hf_ssl_pct_iv_data, tvb, offset, CH_KEY_ARG_LENGTH, ENC_NA); - } -} - -static void -dissect_pct_msg_server_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo) -{ -/* structure: - char SH_MSG_SERVER_HELLO - char SH_PAD - char SH_SERVER_VERSION_MSB - char SH_SERVER_VERSION_LSB - char SH_RESTART_SESSION_OK - char SH_CLIENT_AUTH_REQ - char SH_CIPHER_SPECS_DATA[4] - char SH_HASH_SPECS_DATA[2] - char SH_CERT_SPECS_DATA[2] - char SH_EXCH_SPECS_DATA[2] - char SH_CONNECTION_ID_DATA[32] - char SH_CERTIFICATE_LENGTH_MSB - char SH_CERTIFICATE_LENGTH_LSB - char SH_CLIENT_CERT_SPECS_LENGTH_MSB - char SH_CLIENT_CERT_SPECS_LENGTH_LSB - char SH_CLIENT_SIG_SPECS_LENGTH_MSB - char SH_CLIENT_SIG_SPECS_LENGTH_LSB - char SH_RESPONSE_LENGTH_MSB - char SH_RESPONSE_LENGTH_LSB - char SH_CERTIFICATE_DATA[MSB<<8|LSB] - char SH_CLIENT_CERT_SPECS_DATA[MSB<<8|LSB] - char SH_CLIENT_SIG_SPECS_DATA[MSB<<8|LSB] - char SH_RESPONSE_DATA[MSB<<8|LSB] - -*/ - - guint16 SH_SERVER_VERSION, SH_CERT_LENGTH, SH_CERT_SPECS_LENGTH, SH_CLIENT_SIG_LENGTH, SH_RESPONSE_LENGTH, mac_key_length; - proto_item* ti; - asn1_ctx_t asn1_ctx; - asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); - - proto_tree_add_item(tree, hf_ssl_pct_pad, tvb, offset, 1, ENC_NA); - offset += 1; - - SH_SERVER_VERSION = tvb_get_ntohs(tvb, offset); - ti = proto_tree_add_item(tree, hf_ssl_pct_server_version, tvb, offset, 2, ENC_BIG_ENDIAN); - if (SH_SERVER_VERSION != PCT_VERSION_1) - expert_add_info_format(pinfo, ti, &ei_ssl_pct_server_version, "Server Version, should be %x in PCT version 1", PCT_VERSION_1); - offset += 2; - - proto_tree_add_item(tree, hf_ssl_pct_sh_restart_session_ok_flag, tvb, offset, 1, ENC_NA); - offset += 1; - - proto_tree_add_item(tree, hf_ssl_pct_sh_client_auth_req_flag, tvb, offset, 1, ENC_NA); - offset += 1; - - proto_tree_add_item(tree, hf_pct_handshake_cipher, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - proto_tree_add_item(tree, hf_ssl_pct_encryption_key_length, tvb, offset, 1, ENC_NA); - offset += 1; - mac_key_length = tvb_get_guint8(tvb, offset) + 64; - proto_tree_add_uint(tree, hf_ssl_pct_mac_key_length_in_bits, tvb, offset, 1, mac_key_length); - offset += 1; - - proto_tree_add_item(tree, hf_pct_handshake_hash, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - proto_tree_add_item(tree, hf_pct_handshake_exch, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - proto_tree_add_item(tree, hf_ssl_pct_connection_id_data, tvb, offset, 32, ENC_NA); - offset += 32; - - SH_CERT_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_server_certificate_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - SH_CERT_SPECS_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_client_cert_specs_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - SH_CLIENT_SIG_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_client_sig_specs_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - SH_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_response_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - if (SH_CERT_LENGTH) { - dissect_x509af_Certificate(FALSE, tvb, offset, &asn1_ctx, tree, hf_pct_handshake_server_cert); - offset += SH_CERT_LENGTH; - } - - if (SH_CERT_SPECS_LENGTH) { - proto_tree_add_item(tree, hf_ssl_pct_client_cert_specs, tvb, offset, SH_CERT_SPECS_LENGTH, ENC_NA); - offset += SH_CERT_SPECS_LENGTH; - } - - if (SH_CLIENT_SIG_LENGTH) { - proto_tree_add_item(tree, hf_ssl_pct_client_signature, tvb, offset, SH_CLIENT_SIG_LENGTH, ENC_NA); - offset += SH_CLIENT_SIG_LENGTH; - } - - if (SH_RESPONSE_LENGTH) { - proto_tree_add_item(tree, hf_ssl_pct_server_response, tvb, offset, SH_RESPONSE_LENGTH, ENC_NA); - } - -} - -static void -dissect_pct_msg_client_master_key(tvbuff_t *tvb, proto_tree *tree, guint32 offset) -{ - guint16 CMK_CLEAR_KEY_LENGTH, CMK_ENCRYPTED_KEY_LENGTH, CMK_KEY_ARG_LENGTH, CMK_VERIFY_PRELUDE, CMK_CLIENT_CERT_LENGTH, CMK_RESPONSE_LENGTH; - - proto_tree_add_item(tree, hf_ssl_pct_pad, tvb, offset, 1, ENC_NA); - offset += 1; - - proto_tree_add_item(tree, hf_pct_handshake_cert, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - proto_tree_add_item(tree, hf_pct_handshake_sig, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - CMK_CLEAR_KEY_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_clear_key_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - CMK_ENCRYPTED_KEY_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_encrypted_key_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - CMK_KEY_ARG_LENGTH= tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_iv_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - CMK_VERIFY_PRELUDE = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_verify_prelude_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - CMK_CLIENT_CERT_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_client_cert_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - CMK_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_response_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - if (CMK_CLEAR_KEY_LENGTH) { - proto_tree_add_item(tree, hf_ssl_pct_clear_key_data, tvb, offset, CMK_CLEAR_KEY_LENGTH, ENC_NA); - offset += CMK_CLEAR_KEY_LENGTH; - } - if (CMK_ENCRYPTED_KEY_LENGTH) { - proto_tree_add_item(tree, hf_ssl_pct_encrypted_key_data, tvb, offset, CMK_ENCRYPTED_KEY_LENGTH, ENC_NA); - offset += CMK_ENCRYPTED_KEY_LENGTH; - } - if (CMK_KEY_ARG_LENGTH) { - proto_tree_add_item(tree, hf_ssl_pct_iv_data, tvb, offset, CMK_KEY_ARG_LENGTH, ENC_NA); - offset += CMK_KEY_ARG_LENGTH; - } - if (CMK_VERIFY_PRELUDE) { - proto_tree_add_item(tree, hf_ssl_pct_verify_prelude_data, tvb, offset, CMK_VERIFY_PRELUDE, ENC_NA); - offset += CMK_VERIFY_PRELUDE; - } - if (CMK_CLIENT_CERT_LENGTH) { - proto_tree_add_item(tree, hf_ssl_pct_client_certificate_data, tvb, offset, CMK_CLIENT_CERT_LENGTH, ENC_NA); - offset += CMK_CLIENT_CERT_LENGTH; - } - if (CMK_RESPONSE_LENGTH) { - proto_tree_add_item(tree, hf_ssl_pct_response_data, tvb, offset, CMK_RESPONSE_LENGTH, ENC_NA); - } -} - -static void -dissect_pct_msg_server_verify(tvbuff_t *tvb, - proto_tree *tree, guint32 offset) -{ - guint16 SV_RESPONSE_LENGTH; - - proto_tree_add_item(tree, hf_ssl_pct_pad, tvb, offset, 1, ENC_NA); - offset += 1; - - proto_tree_add_item(tree, hf_ssl_pct_server_session_id_data, tvb, offset, 32, ENC_NA); - offset += 32; - - SV_RESPONSE_LENGTH = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_server_response_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - if (SV_RESPONSE_LENGTH) { - proto_tree_add_item(tree, hf_ssl_pct_server_response, tvb, offset, SV_RESPONSE_LENGTH, ENC_NA); - } -} - -static void -dissect_pct_msg_error(tvbuff_t *tvb, - proto_tree *tree, guint32 offset) -{ - guint16 ERROR_CODE, INFO_LEN; - - ERROR_CODE = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_pct_msg_error_type, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - INFO_LEN = tvb_get_ntohs(tvb, offset); - proto_tree_add_item(tree, hf_ssl_pct_error_information_length, tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - if (ERROR_CODE == PCT_ERR_SPECS_MISMATCH && INFO_LEN == 6) - { - proto_tree_add_item(tree, hf_ssl_pct_specs_mismatch_cipher, tvb, offset, 1, ENC_NA); - offset += 1; - proto_tree_add_item(tree, hf_ssl_pct_specs_mismatch_hash, tvb, offset, 1, ENC_NA); - offset += 1; - proto_tree_add_item(tree, hf_ssl_pct_specs_mismatch_cert, tvb, offset, 1, ENC_NA); - offset += 1; - proto_tree_add_item(tree, hf_ssl_pct_specs_mismatch_exch, tvb, offset, 1, ENC_NA); - offset += 1; - proto_tree_add_item(tree, hf_ssl_pct_specs_mismatch_client_cert, tvb, offset, 1, ENC_NA); - offset += 1; - proto_tree_add_item(tree, hf_ssl_pct_specs_mismatch_client_sig, tvb, offset, 1, ENC_NA); - } - else if (INFO_LEN) { - proto_tree_add_item(tree, hf_ssl_pct_error_information_data, tvb, offset, INFO_LEN, ENC_NA); - } -} - -static void dissect_ssl2_hnd_client_master_key(tvbuff_t *tvb, proto_tree *tree, guint32 offset) { @@ -3678,8 +3220,6 @@ ssl_looks_like_sslv2(tvbuff_t *tvb, const guint32 offset) case SSL2_HND_CLIENT_HELLO: case SSL2_HND_CLIENT_MASTER_KEY: case SSL2_HND_SERVER_HELLO: - case PCT_MSG_CLIENT_MASTER_KEY: - case PCT_MSG_ERROR: return 1; } return 0; @@ -3779,76 +3319,6 @@ ssl_looks_like_valid_v2_handshake(tvbuff_t *tvb, const guint32 offset, return ret; } -/* applies a heuristic to determine whether - * or not the data beginning at offset looks - * like a valid, unencrypted pct handshake message. - * since it isn't possible to completely tell random - * data apart from a valid message without state, - * we try to help the odds. - */ -static gint -ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, const guint32 offset, - const guint32 record_length) -{ - /* first byte should be a msg_type. - * - * - we know we only see client_hello, client_master_key, - * and server_hello in the clear, so check to see if - * msg_type is one of those (this gives us a 3 in 2^8 - * chance of saying yes with random payload) - * - * - for those three types that we know about, do some - * further validation to reduce the chance of an error - */ - guint8 msg_type; - guint16 version; - guint32 sum; - gint ret = 0; - - /* fetch the msg_type */ - msg_type = tvb_get_guint8(tvb, offset); - - switch (msg_type) { - case PCT_MSG_CLIENT_HELLO: - /* version follows msg byte, so verify that this is valid */ - version = tvb_get_ntohs(tvb, offset+1); - ret = (version == PCT_VERSION_1); - break; - - case PCT_MSG_SERVER_HELLO: - /* version is one byte after msg_type */ - version = tvb_get_ntohs(tvb, offset+2); - ret = (version == PCT_VERSION_1); - break; - - case PCT_MSG_CLIENT_MASTER_KEY: - /* sum of various length fields must be less than record length */ - sum = tvb_get_ntohs(tvb, offset + 6); /* clear_key_length */ - sum += tvb_get_ntohs(tvb, offset + 8); /* encrypted_key_length */ - sum += tvb_get_ntohs(tvb, offset + 10); /* key_arg_length */ - sum += tvb_get_ntohs(tvb, offset + 12); /* verify_prelude_length */ - sum += tvb_get_ntohs(tvb, offset + 14); /* client_cert_length */ - sum += tvb_get_ntohs(tvb, offset + 16); /* response_length */ - if (sum <= record_length) { - ret = 1; - } - break; - - case PCT_MSG_SERVER_VERIFY: - /* record is 36 bytes longer than response_length */ - sum = tvb_get_ntohs(tvb, offset + 34); /* response_length */ - if ((sum + 36) == record_length) { - ret = 1; - } - break; - - default: - break; - } - - return ret; -} - gboolean tls_get_cipher_info(packet_info *pinfo, int *cipher_algo, int *cipher_mode, int *hash_algo) { @@ -4169,11 +3639,6 @@ proto_register_tls(void) FT_UINT8, BASE_DEC, VALS(ssl_20_msg_types), 0x0, "SSLv2 handshake message type", HFILL} }, - { &hf_pct_msg_type, - { "Handshake Message Type", "ssl.pct_handshake.type", - FT_UINT8, BASE_DEC, VALS(pct_msg_types), 0x0, - "PCT handshake message type", HFILL} - }, { &hf_tls_record_version, { "Version", "tls.record.version", FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, @@ -4191,9 +3656,9 @@ proto_register_tls(void) }, { &hf_ssl2_record, - { "SSLv2/PCT Record Header", "tls.record", + { "SSLv2 Record Header", "tls.record", FT_NONE, BASE_NONE, NULL, 0x0, - "SSLv2/PCT record data", HFILL } + "SSLv2 record data", HFILL } }, { &hf_ssl2_record_is_escape, { "Is Escape", "tls.record.is_escape", @@ -4362,107 +3827,6 @@ proto_register_tls(void) FT_NONE, BASE_NONE, NULL, 0x0, "Server's challenge to client", HFILL } }, - { &hf_pct_handshake_cipher_spec, - { "Cipher Spec", "ssl.pct.handshake.cipherspec", - FT_NONE, BASE_NONE, NULL, 0x0, - "PCT Cipher specification", HFILL } - }, - { &hf_pct_handshake_cipher, - { "Cipher", "ssl.pct.handshake.cipher", - FT_UINT16, BASE_HEX, VALS(pct_cipher_type), 0x0, - "PCT Ciper", HFILL } - }, - { &hf_pct_handshake_hash_spec, - { "Hash Spec", "ssl.pct.handshake.hashspec", - FT_NONE, BASE_NONE, NULL, 0x0, - "PCT Hash specification", HFILL } - }, - { &hf_pct_handshake_hash, - { "Hash", "ssl.pct.handshake.hash", - FT_UINT16, BASE_HEX, VALS(pct_hash_type), 0x0, - "PCT Hash", HFILL } - }, - { &hf_pct_handshake_cert_spec, - { "Cert Spec", "ssl.pct.handshake.certspec", - FT_NONE, BASE_NONE, NULL, 0x0, - "PCT Certificate specification", HFILL } - }, - { &hf_pct_handshake_cert, - { "Cert", "ssl.pct.handshake.cert", - FT_UINT16, BASE_HEX, VALS(pct_cert_type), 0x0, - "PCT Certificate", HFILL } - }, - { &hf_pct_handshake_exch_spec, - { "Exchange Spec", "ssl.pct.handshake.exchspec", - FT_NONE, BASE_NONE, NULL, 0x0, - "PCT Exchange specification", HFILL } - }, - { &hf_pct_handshake_exch, - { "Exchange", "ssl.pct.handshake.exch", - FT_UINT16, BASE_HEX, VALS(pct_exch_type), 0x0, - "PCT Exchange", HFILL } - }, - { &hf_pct_handshake_sig, - { "Sig Spec", "ssl.pct.handshake.sig", - FT_UINT16, BASE_HEX, VALS(pct_sig_type), 0x0, - "PCT Signature", HFILL } - }, - { &hf_pct_msg_error_type, - { "PCT Error Code", "ssl.pct.msg_error_code", - FT_UINT16, BASE_HEX, VALS(pct_error_code), 0x0, - NULL, HFILL } - }, - { &hf_pct_handshake_server_cert, - { "Server Cert", "ssl.pct.handshake.server_cert", - FT_BYTES, BASE_NONE, NULL , 0x0, - "PCT Server Certificate", HFILL } - }, - - /* Generated from convert_proto_tree_add_text.pl */ - { &hf_ssl_pct_client_version, { "Client Version", "ssl.pct.client_version", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_pad, { "PAD", "ssl.pct.pad", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_client_session_id_data, { "Client Session ID Data", "ssl.pct.client_session_id_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_challenge_data, { "Challenge Data", "ssl.pct.challenge_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_ch_offset, { "CH_OFFSET", "ssl.pct.ch_offset", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_cipher_specs_length, { "CIPHER_SPECS Length", "ssl.pct.cipher_specs_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_hash_specs_length, { "HASH_SPECS Length", "ssl.pct.hash_specs_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_cert_specs_length, { "CERT_SPECS Length", "ssl.pct.cert_specs_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_exch_specs_length, { "EXCH_SPECS Length", "ssl.pct.exch_specs_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_iv_length, { "IV Length", "ssl.pct.iv_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_encryption_key_length, { "Encryption key length", "ssl.pct.encryption_key_length", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_mac_key_length_in_bits, { "MAC key length in bits", "ssl.pct.mac_key_length_in_bits", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_iv_data, { "IV data", "ssl.pct.iv_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_server_version, { "Server Version", "ssl.pct.server_version", FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_sh_restart_session_ok_flag, { "SH_RESTART_SESSION_OK flag", "ssl.pct.sh_restart_session_ok_flag", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_sh_client_auth_req_flag, { "SH_CLIENT_AUTH_REQ flag", "ssl.pct.sh_client_auth_req_flag", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_connection_id_data, { "Connection ID Data", "tls.connection_id_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_server_certificate_length, { "Server Certificate Length", "ssl.pct.server_certificate_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_client_cert_specs_length, { "Client CERT_SPECS Length", "ssl.pct.client_cert_specs_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_client_sig_specs_length, { "Client SIG_SPECS Length", "ssl.pct.client_sig_specs_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_response_length, { "Response Length", "ssl.pct.response_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_client_cert_specs, { "Client CERT_SPECS", "ssl.pct.client_cert_specs", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_client_signature, { "Client Signature", "ssl.pct.client_signature", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_server_response, { "Server Response", "ssl.pct.server_response", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_clear_key_length, { "Clear Key Length", "ssl.pct.clear_key_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_encrypted_key_length, { "Encrypted Key Length", "ssl.pct.encrypted_key_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_verify_prelude_length, { "Verify Prelude Length", "ssl.pct.verify_prelude_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_client_cert_length, { "Client Cert Length", "ssl.pct.client_cert_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_clear_key_data, { "Clear Key data", "ssl.pct.clear_key_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_encrypted_key_data, { "Encrypted Key data", "ssl.pct.encrypted_key_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_verify_prelude_data, { "Verify Prelude data", "ssl.pct.verify_prelude_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_client_certificate_data, { "Client Certificate data", "ssl.pct.client_certificate_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_response_data, { "Response data", "ssl.pct.response_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_server_session_id_data, { "Server Session ID data", "ssl.pct.server_session_id_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_server_response_length, { "Server Response Length", "ssl.pct.server_response_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_error_information_length, { "Error Information Length", "ssl.pct.error_information_length", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_specs_mismatch_cipher, { "SPECS_MISMATCH_CIPHER", "ssl.pct.specs_mismatch_cipher", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_specs_mismatch_hash, { "SPECS_MISMATCH_HASH", "ssl.pct.specs_mismatch_hash", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_specs_mismatch_cert, { "SPECS_MISMATCH_CERT", "ssl.pct.specs_mismatch_cert", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_specs_mismatch_exch, { "SPECS_MISMATCH_EXCH", "ssl.pct.specs_mismatch_exch", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_specs_mismatch_client_cert, { "SPECS_MISMATCH_CLIENT_CERT", "ssl.pct.specs_mismatch_client_cert", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_specs_mismatch_client_sig, { "SPECS_MISMATCH_CLIENT_SIG", "ssl.pct.specs_mismatch_client_sig", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL }}, - { &hf_ssl_pct_error_information_data, { "Error Information data", "ssl.pct.error_information_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }}, - { &hf_tls_segment_overlap, { "Segment overlap", "tls.segment.overlap", @@ -4535,10 +3899,6 @@ proto_register_tls(void) &ett_tls_handshake, &ett_tls_heartbeat, &ett_tls_certs, - &ett_pct_cipher_suites, - &ett_pct_hash_suites, - &ett_pct_cert_suites, - &ett_pct_exch_suites, &ett_tls_segments, &ett_tls_segment, SSL_COMMON_ETT_LIST(dissect_ssl3_hf) @@ -4551,9 +3911,6 @@ proto_register_tls(void) /* Generated from convert_proto_tree_add_text.pl */ { &ei_tls_ignored_unknown_record, { "tls.ignored_unknown_record", PI_PROTOCOL, PI_WARN, "Ignored Unknown Record", EXPFILL }}, - { &ei_ssl_pct_client_version, { "ssl.pct.client_version.invalid", PI_PROTOCOL, PI_WARN, "Client Version invalid", EXPFILL }}, - { &ei_ssl_pct_ch_offset, { "ssl.pct.ch_offset.invalid", PI_PROTOCOL, PI_WARN, "CH_OFFSET invalid", EXPFILL }}, - { &ei_ssl_pct_server_version, { "ssl.pct.server_version.invalid", PI_PROTOCOL, PI_WARN, "Server Version invalid", EXPFILL }}, SSL_COMMON_EI_LIST(dissect_ssl3_hf, "tls") }; |