ssl,dtls: fix CertificateVerify dissection for TLSv1.2

TLSv1.2 gained an additional SignatureAndHashAlgorithm field for fields marked with the digitally-signed attribute. This was already implemented before for ServerKeyExchange, let's reuse that. Note that the SignatureAndHashAlgorithm tree and fields (hash algo, signature algo) are repurposed in a different context, but since the structure is the same it is kept like this. By the way, add support for DTLSv1.2 too. RFC 6347 section 4.2.6 suggests that the implementation is the same (as far as the dissector is concerned). Also update the comments and remove the additional "Signature with client's private key" subtree since the CertificateVerify message has no other items. Bug: 11045 Change-Id: I025901b85e607f04d60357ff14187cc13db2ae5d Reviewed-on: https://code.wireshark.org/review/7650 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Tested-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Michael Mann <mmann78@netscape.net>
author: Peter Wu <peter@lekensteyn.nl> 2015-03-12 03:01:37 +0100
committer: Michael Mann <mmann78@netscape.net> 2015-03-12 12:48:00 +0000
commit: 70d34eee2b26c8b83e590c8a8ba0aaa942558d24 (patch)
tree: 95cd785cffd778867ead4a36ff35674f4c989bd6 /epan/dissectors/packet-ssl-utils.c
parent: 95ce3928de8c08934ab7ba49492b319cbdb0c9f9 (diff)
1 files changed, 50 insertions, 10 deletions
diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 34450578de..61955910fe 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -5821,6 +5821,22 @@ ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb,
     }
 }
 
+static void
+ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+                             proto_tree *tree, guint32 offset,
+                             const SslSession *session,
+                             gint hf_sig_len, gint hf_sig);
+
+void
+ssl_dissect_hnd_cli_cert_verify(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+                                proto_tree *tree, guint32 offset,
+                                const SslSession *session)
+{
+    ssl_dissect_digitally_signed(hf, tvb, tree, offset, session,
+                                 hf->hf.hs_client_cert_vrfy_sig_len,
+                                 hf->hf.hs_client_cert_vrfy_sig);
+}
+
 void
 ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb,
                          proto_tree *tree, guint32 offset,
@@ -6285,13 +6301,12 @@ dissect_ssl3_hnd_cli_keyex_rsa_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb,
 }
 
 
-/* ServerKeyExchange algo-specific dissectors */
-
-/* dissects signed_params inside a ServerKeyExchange for some keyex algos */
+/* Dissects DigitallySigned (see RFC 5246 4.7 Cryptographic Attributes). */
 static void
-dissect_ssl3_hnd_srv_keyex_sig(ssl_common_dissect_t *hf, tvbuff_t *tvb,
-                               proto_tree *tree, guint32 offset,
-                               const SslSession *session)
+ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+                             proto_tree *tree, guint32 offset,
+                             const SslSession *session,
+                             gint hf_sig_len, gint hf_sig)
 {
     gint        sig_len;
     proto_item *ti_algo;
@@ -6318,10 +6333,35 @@ dissect_ssl3_hnd_srv_keyex_sig(ssl_common_dissect_t *hf, tvbuff_t *tvb,
 
     /* Sig */
     sig_len = tvb_get_ntohs(tvb, offset);
-    proto_tree_add_item(tree, hf->hf.hs_server_keyex_sig_len, tvb,
-                        offset, 2, ENC_BIG_ENDIAN);
-    proto_tree_add_item(tree, hf->hf.hs_server_keyex_sig, tvb,
-                        offset + 2, sig_len, ENC_NA);
+    proto_tree_add_item(tree, hf_sig_len, tvb, offset, 2, ENC_BIG_ENDIAN);
+    proto_tree_add_item(tree, hf_sig, tvb, offset + 2, sig_len, ENC_NA);
+}
+
+/* ServerKeyExchange algo-specific dissectors */
+
+/* dissects signed_params inside a ServerKeyExchange for some keyex algos */
+static void
+dissect_ssl3_hnd_srv_keyex_sig(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+                               proto_tree *tree, guint32 offset,
+                               const SslSession *session)
+{
+    /*
+     * TLSv1.2 (RFC 5246 sec 7.4.8)
+     *  struct {
+     *      digitally-signed struct {
+     *          opaque handshake_messages[handshake_messages_length];
+     *      }
+     *  } CertificateVerify;
+     *
+     * TLSv1.0/TLSv1.1 (RFC 5436 sec 7.4.8 and 7.4.3) works essentially the same
+     * as TLSv1.2, but the hash algorithms are not explicit in digitally-signed.
+     *
+     * SSLv3 (RFC 6101 sec 5.6.8) esseentially works the same as TLSv1.0 but it
+     * does more hashing including the master secret and padding.
+     */
+    ssl_dissect_digitally_signed(hf, tvb, tree, offset, session,
+                                 hf->hf.hs_server_keyex_sig_len,
+                                 hf->hf.hs_server_keyex_sig);
 }
 
 static void
author	Peter Wu <peter@lekensteyn.nl>	2015-03-12 03:01:37 +0100
committer	Michael Mann <mmann78@netscape.net>	2015-03-12 12:48:00 +0000
commit	70d34eee2b26c8b83e590c8a8ba0aaa942558d24 (patch)
tree	95cd785cffd778867ead4a36ff35674f4c989bd6 /epan/dissectors/packet-ssl-utils.c
parent	95ce3928de8c08934ab7ba49492b319cbdb0c9f9 (diff)