diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2014-06-23 23:14:06 +0200 |
|---|---|---|
| committer | Evan Huus <eapache@gmail.com> | 2014-06-23 23:31:40 +0000 |
| commit | e22d3c9b744af8fa49806f1cde2100be85cc58cc (patch) | |
| tree | 00274166a829725e8354a50eb5fa49edb8d98136 /epan/dissectors/packet-dtls.c | |
| parent | 8702a6b82740054e9864c0ddd50fa9f0d966445f (diff) | |
ssl: fix ClientKeyExchange, fix TLSv1.2 SKE for DH
Since DTLS and TLS do not differ in handling ClientKeyExchange and
ServerKeyExchange, its dissection got moved to ssl-utils. The code is
based on the SSL dissector, with header field names adjusted to the
DTLS ones (those got capitalized). Besides a version difference (for
signatures), the header field and function names, the DTLS and SSL code
are equal (this is verified).
This patch refactors the dissectors for DHE_RSA and ECDHE to make use of
a common function to dissect the signed_params field. All offset
tracking is also removed in favor of exception handling by the
proto_tree_add_item function. Occurrences of proto_tree_add_uint are
also replaced by proto_tree_add_item for simplicity.
After those changes, the SKE dissector for DH key exchanges is updated
to handle the mandatory signature field in TLSv1.2, using the newly
added function. (bug 9208)
Another bug occurred after the length check removal, pre-TLS and
OpenSSL's old DTLS implemenation do not include a vector length in
the CKE. This is now also fixed. (bug 10222)
Other minor changes: comments added/corrected, renamed
keyex_dh -> keyex_dhe (includes DHE_RSA and DHE_DSS).
Bug: 9208
Bug: 10222
Change-Id: I76e835d56a65c91facce46840d79c1c48ce8d5dd
Reviewed-on: https://code.wireshark.org/review/2542
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-dtls.c')
| -rw-r--r-- | epan/dissectors/packet-dtls.c | 695 |
1 files changed, 2 insertions, 693 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 84a94057bd..71bf1eddd0 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -128,32 +128,6 @@ static gint hf_dtls_handshake_certificate_len = -1; static gint hf_dtls_handshake_cert_types_count = -1; static gint hf_dtls_handshake_cert_types = -1; static gint hf_dtls_handshake_cert_type = -1; -static gint hf_dtls_handshake_server_keyex_p_len = -1; -static gint hf_dtls_handshake_server_keyex_g_len = -1; -static gint hf_dtls_handshake_server_keyex_ys_len = -1; -static gint hf_dtls_handshake_server_keyex_point_len = -1; -static gint hf_dtls_handshake_client_keyex_yc_len = -1; -static gint hf_dtls_handshake_client_keyex_point_len = -1; -static gint hf_dtls_handshake_client_keyex_epms_len = -1; -static gint hf_dtls_handshake_server_keyex_modulus_len = -1; -static gint hf_dtls_handshake_server_keyex_exponent_len = -1; -static gint hf_dtls_handshake_server_keyex_sig_len = -1; -static gint hf_dtls_handshake_server_keyex_p = -1; -static gint hf_dtls_handshake_server_keyex_g = -1; -static gint hf_dtls_handshake_server_keyex_ys = -1; -static gint hf_dtls_handshake_client_keyex_yc = -1; -static gint hf_dtls_handshake_server_keyex_curve_type = -1; -static gint hf_dtls_handshake_server_keyex_named_curve = -1; -static gint hf_dtls_handshake_server_keyex_point = -1; -static gint hf_dtls_handshake_client_keyex_epms = -1; -static gint hf_dtls_handshake_client_keyex_point = -1; -static gint hf_dtls_handshake_server_keyex_modulus = -1; -static gint hf_dtls_handshake_server_keyex_exponent = -1; -static gint hf_dtls_handshake_server_keyex_sig = -1; -static gint hf_dtls_handshake_server_keyex_hint_len = -1; -static gint hf_dtls_handshake_server_keyex_hint = -1; -static gint hf_dtls_handshake_client_keyex_identity_len = -1; -static gint hf_dtls_handshake_client_keyex_identity = -1; static gint hf_dtls_handshake_finished = -1; /* static gint hf_dtls_handshake_md5_hash = -1; */ /* static gint hf_dtls_handshake_sha_hash = -1; */ @@ -190,7 +164,6 @@ static gint ett_dtls_cipher_suites = -1; static gint ett_dtls_comp_methods = -1; static gint ett_dtls_random = -1; static gint ett_dtls_new_ses_ticket = -1; -static gint ett_dtls_keyex_params = -1; static gint ett_dtls_certs = -1; static gint ett_dtls_cert_types = -1; static gint ett_dtls_dnames = -1; @@ -397,49 +370,11 @@ static void dissect_dtls_hnd_cert_req(tvbuff_t *tvb, packet_info *pinfo, const SslSession *session); -static void dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session); - -static void dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session); - -static void dissect_dtls_hnd_srv_keyex_psk(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_cli_keyex_ecdh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_cli_keyex_dh(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_cli_keyex_rsa(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_cli_keyex_psk(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); - -static void dissect_dtls_hnd_cli_keyex_rsa_psk(tvbuff_t *tvb, - proto_tree *tree, - guint32 offset, guint32 length); static void dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset, const SslSession *session); - /* * Support Functions * @@ -1497,23 +1432,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_SERVER_KEY_EXCHG: - switch (ssl_get_keyex_alg(session->cipher)) { - case KEX_DH: - dissect_dtls_hnd_srv_keyex_dh(tvb, ssl_hand_tree, offset, length); - break; - case KEX_RSA: - dissect_dtls_hnd_srv_keyex_rsa(tvb, ssl_hand_tree, offset, length, session); - break; - case KEX_ECDH: - dissect_dtls_hnd_srv_keyex_ecdh(tvb, ssl_hand_tree, offset, length, session); - break; - case KEX_RSA_PSK: - case KEX_PSK: - dissect_dtls_hnd_srv_keyex_psk(tvb, ssl_hand_tree, offset, length); - break; - default: - break; - } + ssl_dissect_hnd_srv_keyex(&dissect_dtls_hf, tvb, ssl_hand_tree, offset, length, session); break; case SSL_HND_CERT_REQUEST: @@ -1529,25 +1448,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_CLIENT_KEY_EXCHG: - switch (ssl_get_keyex_alg(session->cipher)) { - case KEX_DH: - dissect_dtls_hnd_cli_keyex_dh(tvb, ssl_hand_tree, offset, length); - break; - case KEX_RSA: - dissect_dtls_hnd_cli_keyex_rsa(tvb, ssl_hand_tree, offset, length); - break; - case KEX_ECDH: - dissect_dtls_hnd_cli_keyex_ecdh(tvb, ssl_hand_tree, offset, length); - break; - case KEX_PSK: - dissect_dtls_hnd_cli_keyex_psk(tvb, ssl_hand_tree, offset, length); - break; - case KEX_RSA_PSK: - dissect_dtls_hnd_cli_keyex_rsa_psk(tvb, ssl_hand_tree, offset, length); - break; - default: - break; - } + ssl_dissect_hnd_cli_keyex(&dissect_dtls_hf, tvb, ssl_hand_tree, offset, length, session); /* here we can have all the data to build session key */ if (!ssl) break; @@ -2243,467 +2144,6 @@ dissect_dtls_hnd_cert_req(tvbuff_t *tvb, static void -dissect_dtls_hnd_srv_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session) -{ - gint curve_type, curve_type_offset; - gint named_curve, named_curve_offset; - gint point_len, point_len_offset; - gint sig_len, sig_len_offset; - gint sig_algo, sig_algo_offset; - proto_item *ti_ecdh; - proto_item *ti_algo; - proto_tree *ssl_ecdh_tree; - proto_tree *ssl_algo_tree; - guint32 orig_offset; - - orig_offset = offset; - - curve_type_offset = offset; - curve_type = tvb_get_guint8(tvb, offset); - if (curve_type != 3) - return; /* only named_curves are supported */ - offset += 1; - if ((offset - orig_offset) > length) { - return; - } - - named_curve_offset = offset; - named_curve = tvb_get_ntohs(tvb, offset); - offset += 2; - if ((offset - orig_offset) > length) { - return; - } - - point_len_offset = offset; - point_len = tvb_get_guint8(tvb, offset); - if ((offset + point_len - orig_offset) > length) { - return; - } - offset += 1 + point_len; - - switch (session->version) { - case SSL_VER_DTLS1DOT2: - sig_algo_offset = offset; - sig_algo = tvb_get_ntohs(tvb, offset); - offset += 2; - if ((offset - orig_offset) > length) { - return; - } - break; - - default: - sig_algo_offset = 0; - sig_algo = 0; - break; - } - - sig_len_offset = offset; - sig_len = tvb_get_ntohs(tvb, offset); - offset += 2 + sig_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "EC Diffie-Hellman Server Params"); - ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_dtls_keyex_params); - - /* curve_type */ - proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_curve_type, - tvb, curve_type_offset, 1, curve_type); - - /* named_curve */ - proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_named_curve, - tvb, named_curve_offset, 2, named_curve); - - /* point */ - proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_point_len, - tvb, point_len_offset, 1, point_len); - proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_point, - tvb, point_len_offset+1, point_len, ENC_NA); - - switch (session->version) { - case SSL_VER_DTLS1DOT2: - ti_algo = proto_tree_add_uint(ssl_ecdh_tree, dissect_dtls_hf.hf.hs_sig_hash_alg, - tvb, offset, 2, sig_algo); - ssl_algo_tree = proto_item_add_subtree(ti_algo, dissect_dtls_hf.ett.hs_sig_hash_alg); - - proto_tree_add_item(ssl_algo_tree, dissect_dtls_hf.hf.hs_sig_hash_hash, - tvb, sig_algo_offset, 1, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_algo_tree, dissect_dtls_hf.hf.hs_sig_hash_sig, - tvb, sig_algo_offset+1, 1, ENC_BIG_ENDIAN); - break; - - default: - break; - } - - /* Sig */ - proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_sig_len, - tvb, sig_len_offset, 2, sig_len); - proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_server_keyex_sig, - tvb, sig_len_offset + 2, sig_len, ENC_NA); - -} - -static void -dissect_dtls_hnd_srv_keyex_dh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint p_len, p_len_offset; - gint g_len, g_len_offset; - gint ys_len, ys_len_offset; - gint sig_len, sig_len_offset; - proto_item *ti_dh; - proto_tree *ssl_dh_tree; - guint32 orig_offset; - - orig_offset = offset; - - p_len_offset = offset; - p_len = tvb_get_ntohs(tvb, offset); - offset += 2 + p_len; - if ((offset - orig_offset) > length) { - return; - } - - g_len_offset = offset; - g_len = tvb_get_ntohs(tvb, offset); - offset += 2 + g_len; - if ((offset - orig_offset) > length) { - return; - } - - ys_len_offset = offset; - ys_len = tvb_get_ntohs(tvb, offset); - offset += 2 + ys_len; - if ((offset - orig_offset) > length) { - return; - } - - sig_len_offset = offset; - sig_len = tvb_get_ntohs(tvb, offset); - offset += 2 + sig_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_dh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "Diffie-Hellman Server Params"); - ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_dtls_keyex_params); - - /* p */ - proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_p_len, - tvb, p_len_offset, 2, p_len); - proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_p, - tvb, p_len_offset + 2, p_len, ENC_NA); - - /* g */ - proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_g_len, - tvb, g_len_offset, 2, g_len); - proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_g, - tvb, g_len_offset + 2, g_len, ENC_NA); - - /* Ys */ - proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_ys_len, - tvb, ys_len_offset, 2, ys_len); - proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_ys, - tvb, ys_len_offset + 2, ys_len, ENC_NA); - - /* Sig */ - proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_server_keyex_sig_len, - tvb, sig_len_offset, 2, sig_len); - proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_server_keyex_sig, - tvb, sig_len_offset + 2, sig_len, ENC_NA); - -} - -/* Used in RSA PSK cipher suites */ -static void -dissect_dtls_hnd_srv_keyex_rsa(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length, - const SslSession *session) -{ - gint modulus_len, modulus_len_offset; - gint exponent_len, exponent_len_offset; - gint sig_len, sig_len_offset; - gint sig_algo, sig_algo_offset; - proto_item *ti_rsa; - proto_item *ti_algo; - proto_tree *ssl_rsa_tree; - proto_tree *ssl_algo_tree; - guint32 orig_offset; - - orig_offset = offset; - - modulus_len_offset = offset; - modulus_len = tvb_get_ntohs(tvb, offset); - offset += 2 + modulus_len; - if ((offset - orig_offset) > length) { - return; - } - - exponent_len_offset = offset; - exponent_len = tvb_get_ntohs(tvb, offset); - offset += 2 + exponent_len; - if ((offset - orig_offset) > length) { - return; - } - - switch (session->version) { - case SSL_VER_DTLS1DOT2: - sig_algo_offset = offset; - sig_algo = tvb_get_ntohs(tvb, offset); - offset += 2; - if ((offset - orig_offset) > length) { - return; - } - break; - - default: - sig_algo_offset = 0; - sig_algo = 0; - break; - } - - sig_len_offset = offset; - sig_len = tvb_get_ntohs(tvb, offset); - offset += 2 + sig_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_rsa = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "RSA-EXPORT Server Params"); - ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_dtls_keyex_params); - - /* modulus */ - proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_modulus_len, - tvb, modulus_len_offset, 2, modulus_len); - proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_modulus, - tvb, modulus_len_offset + 2, modulus_len, ENC_NA); - - /* exponent */ - proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_exponent_len, - tvb, exponent_len_offset, 2, exponent_len); - proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_exponent, - tvb, exponent_len_offset + 2, exponent_len, ENC_NA); - - switch (session->version) { - case SSL_VER_DTLS1DOT2: - ti_algo = proto_tree_add_uint(ssl_rsa_tree, dissect_dtls_hf.hf.hs_sig_hash_alg, - tvb, offset, 2, sig_algo); - ssl_algo_tree = proto_item_add_subtree(ti_algo, dissect_dtls_hf.ett.hs_sig_hash_alg); - - proto_tree_add_item(ssl_algo_tree, dissect_dtls_hf.hf.hs_sig_hash_hash, - tvb, sig_algo_offset, 1, ENC_BIG_ENDIAN); - proto_tree_add_item(ssl_algo_tree, dissect_dtls_hf.hf.hs_sig_hash_sig, - tvb, sig_algo_offset+1, 1, ENC_BIG_ENDIAN); - break; - - default: - break; - } - - /* Sig */ - proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_server_keyex_sig_len, - tvb, sig_len_offset, 2, sig_len); - proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_server_keyex_sig, - tvb, sig_len_offset + 2, sig_len, ENC_NA); - -} - -/* Used in RSA PSK and PSK cipher suites */ -static void -dissect_dtls_hnd_srv_keyex_psk(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - guint hint_len; - proto_item *ti_psk; - proto_tree *ssl_psk_tree; - - hint_len = tvb_get_ntohs(tvb, offset); - if ((2 + hint_len) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_psk = proto_tree_add_text(tree, tvb, offset, - length, "PSK Server Params"); - ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params); - - /* hint */ - proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_server_keyex_hint_len, - tvb, offset, 2, hint_len); - proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_server_keyex_hint, - tvb, offset + 2, hint_len, ENC_NA); -} - -static void -dissect_dtls_hnd_cli_keyex_ecdh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint point_len, point_len_offset; - proto_item *ti_ecdh; - proto_tree *ssl_ecdh_tree; - guint32 orig_offset; - - orig_offset = offset; - - point_len_offset = offset; - point_len = tvb_get_guint8(tvb, offset); - if ((offset + point_len - orig_offset) > length) { - return; - } - offset += 1 + point_len; - - ti_ecdh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "EC Diffie-Hellman Client Params"); - ssl_ecdh_tree = proto_item_add_subtree(ti_ecdh, ett_dtls_keyex_params); - - /* point */ - proto_tree_add_uint(ssl_ecdh_tree, hf_dtls_handshake_client_keyex_point_len, - tvb, point_len_offset, 1, point_len); - proto_tree_add_item(ssl_ecdh_tree, hf_dtls_handshake_client_keyex_point, - tvb, point_len_offset+1, point_len, ENC_NA); - -} - -static void -dissect_dtls_hnd_cli_keyex_dh(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint yc_len, yc_len_offset; - proto_item *ti_dh; - proto_tree *ssl_dh_tree; - guint32 orig_offset; - - orig_offset = offset; - - yc_len_offset = offset; - yc_len = tvb_get_ntohs(tvb, offset); - offset += 2 + yc_len; - if ((offset - orig_offset) != length) { - return; - } - - ti_dh = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "Diffie-Hellman Client Params"); - ssl_dh_tree = proto_item_add_subtree(ti_dh, ett_dtls_keyex_params); - - /* encrypted PreMaster secret */ - proto_tree_add_uint(ssl_dh_tree, hf_dtls_handshake_client_keyex_yc_len, - tvb, yc_len_offset, 2, yc_len); - proto_tree_add_item(ssl_dh_tree, hf_dtls_handshake_client_keyex_yc, - tvb, yc_len_offset + 2, yc_len, ENC_NA); -} - -static void -dissect_dtls_hnd_cli_keyex_rsa(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint epms_len, epms_len_offset; - proto_item *ti_rsa; - proto_tree *ssl_rsa_tree; - guint32 orig_offset; - - orig_offset = offset; - - epms_len_offset = offset; - epms_len = tvb_get_ntohs(tvb, offset); - offset += 2 + epms_len; - if ((offset - orig_offset) != length) { - return; - } - - ti_rsa = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "RSA Encrypted PreMaster Secret"); - ssl_rsa_tree = proto_item_add_subtree(ti_rsa, ett_dtls_keyex_params); - - /* Yc */ - proto_tree_add_uint(ssl_rsa_tree, hf_dtls_handshake_client_keyex_epms_len, - tvb, epms_len_offset, 2, epms_len); - proto_tree_add_item(ssl_rsa_tree, hf_dtls_handshake_client_keyex_epms, - tvb, epms_len_offset + 2, epms_len, ENC_NA); -} - -/* Used in PSK cipher suites */ -static void -dissect_dtls_hnd_cli_keyex_psk(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - guint identity_len; - proto_item *ti_psk; - proto_tree *ssl_psk_tree; - - identity_len = tvb_get_ntohs(tvb, offset); - if ((2 + identity_len) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_psk = proto_tree_add_text(tree, tvb, offset, - length, "PSK Client Params"); - ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params); - - /* identity */ - proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity_len, - tvb, offset, 2, identity_len); - proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity, - tvb, offset + 2, identity_len, ENC_NA); -} - -/* Used in RSA PSK cipher suites */ -static void -dissect_dtls_hnd_cli_keyex_rsa_psk(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length) -{ - gint identity_len, identity_len_offset; - gint epms_len, epms_len_offset; - proto_item *ti_psk; - proto_tree *ssl_psk_tree; - guint32 orig_offset; - - orig_offset = offset; - - identity_len_offset = offset; - identity_len = tvb_get_ntohs(tvb, offset); - offset += 2 + identity_len; - if ((offset - orig_offset) > length) { - return; - } - - epms_len_offset = offset; - epms_len = tvb_get_ntohs(tvb, offset); - offset += 2 + epms_len; - if ((offset - orig_offset) != length) { - /* Lengths don't line up (wasn't what we expected?) */ - return; - } - - ti_psk = proto_tree_add_text(tree, tvb, orig_offset, - (offset - orig_offset), "RSA PSK Client Params"); - ssl_psk_tree = proto_item_add_subtree(ti_psk, ett_dtls_keyex_params); - - /* identity */ - proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity_len, - tvb, identity_len_offset, 2, identity_len); - proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_identity, - tvb, identity_len_offset + 2, identity_len, ENC_NA); - - /* Yc */ - proto_tree_add_uint(ssl_psk_tree, hf_dtls_handshake_client_keyex_epms_len, - tvb, epms_len_offset, 2, epms_len); - proto_tree_add_item(ssl_psk_tree, hf_dtls_handshake_client_keyex_epms, - tvb, epms_len_offset + 2, epms_len, ENC_NA); -} - -static void dissect_dtls_hnd_finished(tvbuff_t *tvb, proto_tree *tree, guint32 offset, const SslSession *session) { @@ -3085,136 +2525,6 @@ proto_register_dtls(void) FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0, NULL, HFILL } }, - { &hf_dtls_handshake_server_keyex_p_len, - { "p Length", "dtls.handshake.p_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of p", HFILL } - }, - { &hf_dtls_handshake_server_keyex_g_len, - { "g Length", "dtls.handshake.g_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of g", HFILL } - }, - { &hf_dtls_handshake_server_keyex_ys_len, - { "Pubkey Length", "dtls.handshake.ys_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of server's Diffie-Hellman public key", HFILL } - }, - { &hf_dtls_handshake_client_keyex_yc_len, - { "Pubkey Length", "dtls.handshake.yc_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of client's Diffie-Hellman public key", HFILL } - }, - { &hf_dtls_handshake_client_keyex_point_len, - { "Pubkey Length", "dtls.handshake.client_point_len", - FT_UINT8, BASE_DEC, NULL, 0x0, - "Length of client's EC Diffie-Hellman public key", HFILL } - }, - { &hf_dtls_handshake_server_keyex_point_len, - { "Pubkey Length", "dtls.handshake.server_point_len", - FT_UINT8, BASE_DEC, NULL, 0x0, - "Length of server's EC Diffie-Hellman public key", HFILL } - }, - { &hf_dtls_handshake_client_keyex_epms_len, - { "Encrypted PreMaster length", "dtls.handshake.epms_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of encrypted PreMaster secret", HFILL } - }, - { &hf_dtls_handshake_client_keyex_epms, - { "Encrypted PreMaster", "dtls.handshake.epms", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Encrypted PreMaster secret", HFILL } - }, - { &hf_dtls_handshake_server_keyex_modulus_len, - { "Modulus Length", "dtls.handshake.modulus_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of RSA-EXPORT modulus", HFILL } - }, - { &hf_dtls_handshake_server_keyex_exponent_len, - { "Exponent Length", "dtls.handshake.exponent_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of RSA-EXPORT exponent", HFILL } - }, - { &hf_dtls_handshake_server_keyex_sig_len, - { "Signature Length", "dtls.handshake.sig_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of Signature", HFILL } - }, - { &hf_dtls_handshake_server_keyex_p, - { "p", "dtls.handshake.p", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman p", HFILL } - }, - { &hf_dtls_handshake_server_keyex_g, - { "g", "dtls.handshake.g", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman g", HFILL } - }, - { &hf_dtls_handshake_server_keyex_curve_type, - { "Curve Type", "dtls.handshake.server_curve_type", - FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0, - "Server curve_type", HFILL } - }, - { &hf_dtls_handshake_server_keyex_named_curve, - { "Named Curve", "dtls.handshake.server_named_curve", - FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, - "Server named_curve", HFILL } - }, - { &hf_dtls_handshake_server_keyex_ys, - { "Pubkey", "dtls.handshake.ys", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman server pubkey", HFILL } - }, - { &hf_dtls_handshake_client_keyex_yc, - { "Pubkey", "dtls.handshake.yc", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman client pubkey", HFILL } - }, - { &hf_dtls_handshake_server_keyex_point, - { "Pubkey", "dtls.handshake.server_point", - FT_BYTES, BASE_NONE, NULL, 0x0, - "EC Diffie-Hellman server pubkey", HFILL } - }, - { &hf_dtls_handshake_client_keyex_point, - { "Pubkey", "dtls.handshake.client_point", - FT_BYTES, BASE_NONE, NULL, 0x0, - "EC Diffie-Hellman client pubkey", HFILL } - }, - { &hf_dtls_handshake_server_keyex_modulus, - { "Modulus", "dtls.handshake.modulus", - FT_BYTES, BASE_NONE, NULL, 0x0, - "RSA-EXPORT modulus", HFILL } - }, - { &hf_dtls_handshake_server_keyex_exponent, - { "Exponent", "dtls.handshake.exponent", - FT_BYTES, BASE_NONE, NULL, 0x0, - "RSA-EXPORT exponent", HFILL } - }, - { &hf_dtls_handshake_server_keyex_sig, - { "Signature", "dtls.handshake.sig", - FT_BYTES, BASE_NONE, NULL, 0x0, - "Diffie-Hellman server signature", HFILL } - }, - { &hf_dtls_handshake_server_keyex_hint_len, - { "Hint Length", "dtls.handshake.hint_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of PSK Hint", HFILL } - }, - { &hf_dtls_handshake_server_keyex_hint, - { "Hint", "dtls.handshake.hint", - FT_BYTES, BASE_NONE, NULL, 0x0, - "PSK Hint", HFILL } - }, - { &hf_dtls_handshake_client_keyex_identity_len, - { "Identity Length", "dtls.handshake.identity_len", - FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of PSK Identity", HFILL } - }, - { &hf_dtls_handshake_client_keyex_identity, - { "Identity", "dtls.handshake.identity", - FT_BYTES, BASE_NONE, NULL, 0x0, - "PSK Identity", HFILL } - }, { &hf_dtls_handshake_finished, { "Verify Data", "dtls.handshake.verify_data", FT_NONE, BASE_NONE, NULL, 0x0, @@ -3335,7 +2645,6 @@ proto_register_dtls(void) &ett_dtls_comp_methods, &ett_dtls_random, &ett_dtls_new_ses_ticket, - &ett_dtls_keyex_params, &ett_dtls_certs, &ett_dtls_cert_types, &ett_dtls_dnames, |