ssl: unify common Hello dissection to ssl-utils

Based on DTLS code with changes merged from SSL. Changes:

 - Ignore large Session IDs, this was not harmful though since the
   backing storage was 256 bytes in size.
 - {ssl,dtls}.handshake.random: fixed description, it is not used like
   a SSLv2 random challenge.
 - dtls: also debug print client/server for random
 - SSL: the common dissector now returns an offset rather than dissected
   length.
 - dtls: display actual Session ID bytes in the UI rather than the text
   "Session ID (32 bytes)". The length field is already visible in the
   preceding field.

Also changed is the handling of key material generation. The SSL
dissector previously generated key material based on the Session ID,
Session Ticket or a key logfile. (DTLS did not have this functionality.)
As decryption is needed only after ChangeCipherSpec, I have removed it
from the ServerHello handling. This will break decryption when a
ClientKeyExchange message is missing, but it will be restored proper in
a next patch.

(By the way, there was an inverted if-condition bug in DTLS that could
break decryption by not restoring the master key matching a SID. This
is gone in the refactoring because the faulty code is removed.)

Change-Id: Ida3de88adefe3f7691f85936c496977426c4d96e
Reviewed-on: https://code.wireshark.org/review/3018
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Evan Huus <eapache@gmail.com>

1 files changed, 33 insertions, 0 deletions

diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index 482fd94f6b..b9e69c4f57 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -684,6 +684,10 @@ typedef struct ssl_common_dissect {
         gint hs_dnames;
         gint hs_dname_len;
         gint hs_dname;
+        gint hs_random_time;
+        gint hs_random_bytes;
+        gint hs_session_id;
+        gint hs_session_id_len;
 
         /* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_HF_LIST! */
     } hf;
@@ -704,6 +708,7 @@ typedef struct ssl_common_dissect {
         gint certificates;
         gint cert_types;
         gint dnames;
+        gint hs_random;
 
         /* do not forget to update SSL_COMMON_LIST_T and SSL_COMMON_ETT_LIST! */
     } ett;
@@ -721,6 +726,11 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t
                           SslSession *session, SslDecryptSession *ssl);
 
 extern gint
+ssl_dissect_hnd_hello_common(ssl_common_dissect_t *hf, tvbuff_t *tvb,
+                             proto_tree *tree, guint32 offset,
+                             SslDecryptSession *ssl, gboolean from_server);
+
+extern gint
 ssl_dissect_hash_alg_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree,
                           guint32 offset, guint16 len);
 
@@ -756,9 +766,11 @@ ssl_common_dissect_t name = {   \
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
+        -1, -1, -1, -1,                                                 \
     },                                                                  \
     /* ett */ {                                                         \
         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
+        -1,                                                             \
     },                                                                  \
     /* ei */ {                                                          \
         EI_INIT, EI_INIT,                                               \
@@ -1167,6 +1179,26 @@ ssl_common_dissect_t name = {   \
       { "Distinguished Name", prefix ".handshake.dname",                \
         FT_NONE, BASE_NONE, NULL, 0x0,                                  \
         "Distinguished name of a CA that server trusts", HFILL }        \
+    },                                                                  \
+    { & name .hf.hs_random_time,                                        \
+      { "GMT Unix Time", prefix ".handshake.random_time",               \
+        FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,               \
+        "Unix time field of random structure", HFILL }                  \
+    },                                                                  \
+    { & name .hf.hs_random_bytes,                                       \
+      { "Random Bytes", prefix ".handshake.random",                     \
+        FT_BYTES, BASE_NONE, NULL, 0x0,                                 \
+        "Random values used for deriving keys", HFILL }                 \
+    },                                                                  \
+    { & name .hf.hs_session_id,                                         \
+      { "Session ID", prefix ".handshake.session_id",                   \
+        FT_BYTES, BASE_NONE, NULL, 0x0,                                 \
+        "Identifies the SSL session, allowing later resumption", HFILL }\
+    },                                                                  \
+    { & name .hf.hs_session_id_len,                                     \
+      { "Session ID Length", prefix ".handshake.session_id_length",     \
+        FT_UINT8, BASE_DEC, NULL, 0x0,                                  \
+        "Length of Session ID field", HFILL }                           \
     }
 /* }}} */
 
@@ -1188,6 +1220,7 @@ ssl_common_dissect_t name = {   \
         & name .ett.certificates,                   \
         & name .ett.cert_types,                     \
         & name .ett.dnames,                         \
+        & name .ett.hs_random,                      \
 /* }}} */
 
 /* {{{ */