diff options
| author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2006-06-27 13:36:10 +0000 |
|---|---|---|
| committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2006-06-27 13:36:10 +0000 |
| commit | 16d463dac63e18d58c2fcd9913ef3d83aaa0ffa0 (patch) | |
| tree | b2576b3bc27926dabb97d9f50a8cc6752a8507c7 /epan/dissectors/packet-ssl.c | |
| parent | f8ae861c94f0511578c77d31ad5cc272b0a564e4 (diff) | |
from Authesserre Samuel
SSL updates and DTLS support
svn path=/trunk/; revision=18582
Diffstat (limited to 'epan/dissectors/packet-ssl.c')
| -rw-r--r-- | epan/dissectors/packet-ssl.c | 721 |
1 files changed, 192 insertions, 529 deletions
diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 42e321bc7e..31792f5706 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -113,6 +113,7 @@ static gboolean ssl_desegment = TRUE; +static gboolean ssl_desegment_app_data = TRUE; /********************************************************************* @@ -585,498 +586,137 @@ ssl_restore_session(SslDecryptSession* ssl) ssl->state |= SSL_MASTER_SECRET; ssl_debug_printf("ssl_restore_session master key retrived\n"); } +/* function that save app_data during sub protocol reassembling */ +static void +ssl_add_app_data(SslDecryptSession* ssl, unsigned char* data, int data_len){ + StringInfo * app=&ssl->app_data_segment; + if(app->data_len!=0){ + unsigned char* tmp=g_malloc(app->data_len); + int tmp_len=app->data_len; + memcpy(tmp,app->data,app->data_len); + if(app->data!=NULL) + g_free(app->data); + app->data_len=0; + app->data=g_malloc(tmp_len+data_len); + app->data_len=tmp_len+data_len; + memcpy(app->data,tmp,tmp_len); + if(tmp!=NULL) + g_free(tmp); + memcpy(app->data+tmp_len, data,data_len); + } + else{ + //it's new + if(app->data!=NULL) + g_free(app->data); + app->data=g_malloc(data_len); + app->data_len=data_len; + memcpy(app->data,data,data_len); + } +} -/* The TCP port to associate with by default */ -#define TCP_PORT_SSL 443 -#define TCP_PORT_SSL_LDAP 636 -#define TCP_PORT_SSL_IMAP 993 -#define TCP_PORT_SSL_POP 995 - -/* version state tables */ -#define SSL_VER_UNKNOWN 0 -#define SSL_VER_SSLv2 1 -#define SSL_VER_SSLv3 2 -#define SSL_VER_TLS 3 -#define SSL_VER_PCT 4 - -/* corresponds to the #defines above */ -static const gchar* ssl_version_short_names[] = { - "SSL", - "SSLv2", - "SSLv3", - "TLS", - "PCT" -}; - -/* other defines */ -#define SSL_ID_CHG_CIPHER_SPEC 0x14 -#define SSL_ID_ALERT 0x15 -#define SSL_ID_HANDSHAKE 0x16 -#define SSL_ID_APP_DATA 0x17 - -#define SSL_HND_HELLO_REQUEST 0 -#define SSL_HND_CLIENT_HELLO 1 -#define SSL_HND_SERVER_HELLO 2 -#define SSL_HND_CERTIFICATE 11 -#define SSL_HND_SERVER_KEY_EXCHG 12 -#define SSL_HND_CERT_REQUEST 13 -#define SSL_HND_SVR_HELLO_DONE 14 -#define SSL_HND_CERT_VERIFY 15 -#define SSL_HND_CLIENT_KEY_EXCHG 16 -#define SSL_HND_FINISHED 20 - -#define SSL2_HND_ERROR 0x00 -#define SSL2_HND_CLIENT_HELLO 0x01 -#define SSL2_HND_CLIENT_MASTER_KEY 0x02 -#define SSL2_HND_CLIENT_FINISHED 0x03 -#define SSL2_HND_SERVER_HELLO 0x04 -#define SSL2_HND_SERVER_VERIFY 0x05 -#define SSL2_HND_SERVER_FINISHED 0x06 -#define SSL2_HND_REQUEST_CERTIFICATE 0x07 -#define SSL2_HND_CLIENT_CERTIFICATE 0x08 - -#define PCT_VERSION_1 0x8001 - -#define PCT_MSG_CLIENT_HELLO 0x01 -#define PCT_MSG_SERVER_HELLO 0x02 -#define PCT_MSG_CLIENT_MASTER_KEY 0x03 -#define PCT_MSG_SERVER_VERIFY 0x04 -#define PCT_MSG_ERROR 0x05 - -#define PCT_CH_OFFSET_V1 0xa - -#define PCT_CIPHER_DES 0x01 -#define PCT_CIPHER_IDEA 0x02 -#define PCT_CIPHER_RC2 0x03 -#define PCT_CIPHER_RC4 0x04 -#define PCT_CIPHER_DES_112 0x05 -#define PCT_CIPHER_DES_168 0x06 - -#define PCT_HASH_MD5 0x0001 -#define PCT_HASH_MD5_TRUNC_64 0x0002 -#define PCT_HASH_SHA 0x0003 -#define PCT_HASH_SHA_TRUNC_80 0x0004 -#define PCT_HASH_DES_DM 0x0005 - -#define PCT_CERT_NONE 0x00 -#define PCT_CERT_X509 0x01 -#define PCT_CERT_PKCS7 0x02 - -#define PCT_SIG_NONE 0x0000 -#define PCT_SIG_RSA_MD5 0x0001 -#define PCT_SIG_RSA_SHA 0x0002 -#define PCT_SIG_DSA_SHA 0x0003 - -#define PCT_EXCH_RSA_PKCS1 0x01 -#define PCT_EXCH_RSA_PKCS1_TOKEN_DES 0x02 -#define PCT_EXCH_RSA_PKCS1_TOKEN_DES3 0x03 -#define PCT_EXCH_RSA_PKCS1_TOKEN_RC2 0x04 -#define PCT_EXCH_RSA_PKCS1_TOKEN_RC4 0x05 -#define PCT_EXCH_DH_PKCS3 0x06 -#define PCT_EXCH_DH_PKCS3_TOKEN_DES 0x07 -#define PCT_EXCH_DH_PKCS3_TOKEN_DES3 0x08 -#define PCT_EXCH_FORTEZZA_TOKEN 0x09 - -#define PCT_ERR_BAD_CERTIFICATE 0x01 -#define PCT_ERR_CLIENT_AUTH_FAILED 0x02 -#define PCT_ERR_ILLEGAL_MESSAGE 0x03 -#define PCT_ERR_INTEGRITY_CHECK_FAILED 0x04 -#define PCT_ERR_SERVER_AUTH_FAILED 0x05 -#define PCT_ERR_SPECS_MISMATCH 0x06 - -/* - * Lookup tables - * - */ -static const value_string ssl_20_msg_types[] = { - { SSL2_HND_ERROR, "Error" }, - { SSL2_HND_CLIENT_HELLO, "Client Hello" }, - { SSL2_HND_CLIENT_MASTER_KEY, "Client Master Key" }, - { SSL2_HND_CLIENT_FINISHED, "Client Finished" }, - { SSL2_HND_SERVER_HELLO, "Server Hello" }, - { SSL2_HND_SERVER_VERIFY, "Server Verify" }, - { SSL2_HND_SERVER_FINISHED, "Server Finished" }, - { SSL2_HND_REQUEST_CERTIFICATE, "Request Certificate" }, - { SSL2_HND_CLIENT_CERTIFICATE, "Client Certificate" }, - { 0x00, NULL }, -}; - -static const value_string ssl_20_cipher_suites[] = { - { 0x010080, "SSL2_RC4_128_WITH_MD5" }, - { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" }, - { 0x030080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" }, - { 0x040080, "SSL2_RC2_CBC_128_CBC_WITH_MD5" }, - { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" }, - { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" }, - { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" }, - { 0x080080, "SSL2_RC4_64_WITH_MD5" }, - { 0x000000, "TLS_NULL_WITH_NULL_NULL" }, - { 0x000001, "TLS_RSA_WITH_NULL_MD5" }, - { 0x000002, "TLS_RSA_WITH_NULL_SHA" }, - { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, - { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" }, - { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" }, - { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, - { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, - { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" }, - { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, - { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, - { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, - { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, - { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, - { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, - { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, - { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, - { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, - { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, - { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" }, - { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" }, - { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, - { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" }, - { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, - { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, - { 0x00002f, "TLS_RSA_WITH_AES_128_CBC_SHA" }, - { 0x000030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, - { 0x000031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, - { 0x000032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, - { 0x000033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, - { 0x000034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, - { 0x000035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, - { 0x000036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, - { 0x000037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, - { 0x000038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, - { 0x000039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, - { 0x00003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, - { 0x000041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x000042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x000043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x000044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x000045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x000046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x000047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, - { 0x000048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, - { 0x000049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" }, - { 0x00004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, - { 0x00004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, - { 0x00004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, - { 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" }, - { 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" }, - { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" }, - { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" }, - { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" }, - { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" }, - { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" }, - { 0x000084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, - { 0x000085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, - { 0x000086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, - { 0x000087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, - { 0x000088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, - { 0x000089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, - /* these from http://www.mozilla.org/projects/ - security/pki/nss/ssl/fips-ssl-ciphersuites.html */ - { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, - { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, - { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, - { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, - /* Microsoft's old PCT protocol. These are from Eric Rescorla's - book "SSL and TLS" */ - { 0x8f8001, "PCT_SSL_COMPAT | PCT_VERSION_1" }, - { 0x800003, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509_CHAIN" }, - { 0x800001, "PCT_SSL_CERT_TYPE | PCT1_CERT_X509" }, - { 0x810001, "PCT_SSL_HASH_TYPE | PCT1_HASH_MD5" }, - { 0x810003, "PCT_SSL_HASH_TYPE | PCT1_HASH_SHA" }, - { 0x820001, "PCT_SSL_EXCH_TYPE | PCT1_EXCH_RSA_PKCS1" }, - { 0x830004, "PCT_SSL_CIPHER_TYPE_1ST_HALF | PCT1_CIPHER_RC4" }, - { 0x848040, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_128 | PCT1_MAC_BITS_128" }, - { 0x842840, "PCT_SSL_CIPHER_TYPE_2ND_HALF | PCT1_ENC_BITS_40 | PCT1_MAC_BITS_128" }, - /* note that ciphersuites of {0x00????} are TLS cipher suites in - * a sslv2 client hello message; the ???? above is the two-byte - * tls cipher suite id - */ - { 0x00, NULL } -}; - -static const value_string ssl_20_certificate_type[] = { - { 0x00, "N/A" }, - { 0x01, "X.509 Certificate" }, - { 0x00, NULL }, -}; - -static const value_string ssl_31_content_type[] = { - { 20, "Change Cipher Spec" }, - { 21, "Alert" }, - { 22, "Handshake" }, - { 23, "Application Data" }, - { 0x00, NULL } -}; - -static const value_string ssl_versions[] = { - { 0x0301, "TLS 1.0" }, - { 0x0300, "SSL 3.0" }, - { 0x0002, "SSL 2.0" }, - { 0x00, NULL } -}; - -#if 0 -/* XXX - would be used if we dissected the body of a Change Cipher Spec - message. */ -static const value_string ssl_31_change_cipher_spec[] = { - { 1, "Change Cipher Spec" }, - { 0x00, NULL }, -}; -#endif - -static const value_string ssl_31_alert_level[] = { - { 1, "Warning" }, - { 2, "Fatal" }, - { 0x00, NULL } -}; - -static const value_string ssl_31_alert_description[] = { - { 0, "Close Notify" }, - { 10, "Unexpected Message" }, - { 20, "Bad Record MAC" }, - { 21, "Decryption Failed" }, - { 22, "Record Overflow" }, - { 30, "Decompression Failure" }, - { 40, "Handshake Failure" }, - { 42, "Bad Certificate" }, - { 43, "Unsupported Certificate" }, - { 44, "Certificate Revoked" }, - { 45, "Certificate Expired" }, - { 46, "Certificate Unknown" }, - { 47, "Illegal Parameter" }, - { 48, "Unknown CA" }, - { 49, "Access Denied" }, - { 50, "Decode Error" }, - { 51, "Decrypt Error" }, - { 60, "Export Restriction" }, - { 70, "Protocol Version" }, - { 71, "Insufficient Security" }, - { 80, "Internal Error" }, - { 90, "User Canceled" }, - { 100, "No Renegotiation" }, - { 0x00, NULL } -}; - -static const value_string ssl_31_handshake_type[] = { - { SSL_HND_HELLO_REQUEST, "Hello Request" }, - { SSL_HND_CLIENT_HELLO, "Client Hello" }, - { SSL_HND_SERVER_HELLO, "Server Hello" }, - { SSL_HND_CERTIFICATE, "Certificate" }, - { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" }, - { SSL_HND_CERT_REQUEST, "Certificate Request" }, - { SSL_HND_SVR_HELLO_DONE, "Server Hello Done" }, - { SSL_HND_CERT_VERIFY, "Certificate Verify" }, - { SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" }, - { SSL_HND_FINISHED, "Finished" }, - { 0x00, NULL } -}; - -static const value_string ssl_31_compression_method[] = { - { 0, "null" }, - { 1, "ZLIB" }, - { 64, "LZS" }, - { 0x00, NULL } -}; - -#if 0 -/* XXX - would be used if we dissected a Signature, as would be - seen in a server key exchange or certificate verify message. */ -static const value_string ssl_31_key_exchange_algorithm[] = { - { 0, "RSA" }, - { 1, "Diffie Hellman" }, - { 0x00, NULL } -}; - -static const value_string ssl_31_signature_algorithm[] = { - { 0, "Anonymous" }, - { 1, "RSA" }, - { 2, "DSA" }, - { 0x00, NULL } -}; -#endif - -static const value_string ssl_31_client_certificate_type[] = { - { 1, "RSA Sign" }, - { 2, "DSS Sign" }, - { 3, "RSA Fixed DH" }, - { 4, "DSS Fixed DH" }, - { 0x00, NULL } -}; - -#if 0 -/* XXX - would be used if we dissected exchange keys, as would be - seen in a client key exchange message. */ -static const value_string ssl_31_public_value_encoding[] = { - { 0, "Implicit" }, - { 1, "Explicit" }, - { 0x00, NULL } -}; -#endif - -static const value_string ssl_31_ciphersuite[] = { - { 0x0000, "TLS_NULL_WITH_NULL_NULL" }, - { 0x0001, "TLS_RSA_WITH_NULL_MD5" }, - { 0x0002, "TLS_RSA_WITH_NULL_SHA" }, - { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, - { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" }, - { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" }, - { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, - { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, - { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" }, - { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, - { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, - { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, - { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, - { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, - { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, - { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, - { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, - { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, - { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, - { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" }, - { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, - { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" }, - { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, - { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" }, - { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, - { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, - { 0x002f, "TLS_RSA_WITH_AES_128_CBC_SHA" }, - { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, - { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, - { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, - { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, - { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, - { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, - { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, - { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, - { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, - { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, - { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, - { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, - { 0x0047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, - { 0x0048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, - { 0x0049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" }, - { 0x004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, - { 0x004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, - { 0x004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, - { 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" }, - { 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" }, - { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" }, - { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" }, - { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" }, - { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" }, - { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" }, - { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, - { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, - { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, - { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, - { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, - { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, - /* these from http://www.mozilla.org/projects/ - security/pki/nss/ssl/fips-ssl-ciphersuites.html */ - { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, - { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, - { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, - { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, - /* note that ciphersuites 0xff00 - 0xffff are private */ - { 0x00, NULL } -}; - -static const value_string pct_msg_types[] = { - { PCT_MSG_CLIENT_HELLO, "Client Hello" }, - { PCT_MSG_SERVER_HELLO, "Server Hello" }, - { PCT_MSG_CLIENT_MASTER_KEY, "Client Master Key" }, - { PCT_MSG_SERVER_VERIFY, "Server Verify" }, - { PCT_MSG_ERROR, "Error" }, - { 0x00, NULL }, -}; - -static const value_string pct_cipher_type[] = { - { PCT_CIPHER_DES, "DES" }, - { PCT_CIPHER_IDEA, "IDEA" }, - { PCT_CIPHER_RC2, "RC2" }, - { PCT_CIPHER_RC4, "RC4" }, - { PCT_CIPHER_DES_112, "DES 112 bit" }, - { PCT_CIPHER_DES_168, "DES 168 bit" }, - { 0x00, NULL }, -}; - -static const value_string pct_hash_type[] = { - { PCT_HASH_MD5, "MD5" }, - { PCT_HASH_MD5_TRUNC_64, "MD5_TRUNC_64"}, - { PCT_HASH_SHA, "SHA"}, - { PCT_HASH_SHA_TRUNC_80, "SHA_TRUNC_80"}, - { PCT_HASH_DES_DM, "DES_DM"}, - { 0x00, NULL }, -}; - -static const value_string pct_cert_type[] = { - { PCT_CERT_NONE, "None" }, - { PCT_CERT_X509, "X.509" }, - { PCT_CERT_PKCS7, "PKCS #7" }, - { 0x00, NULL }, -}; -static const value_string pct_sig_type[] = { - { PCT_SIG_NONE, "None" }, - { PCT_SIG_RSA_MD5, "MD5" }, - { PCT_SIG_RSA_SHA, "RSA SHA" }, - { PCT_SIG_DSA_SHA, "DSA SHA" }, - { 0x00, NULL }, -}; - -static const value_string pct_exch_type[] = { - { PCT_EXCH_RSA_PKCS1, "RSA PKCS#1" }, - { PCT_EXCH_RSA_PKCS1_TOKEN_DES, "RSA PKCS#1 Token DES" }, - { PCT_EXCH_RSA_PKCS1_TOKEN_DES3, "RSA PKCS#1 Token 3DES" }, - { PCT_EXCH_RSA_PKCS1_TOKEN_RC2, "RSA PKCS#1 Token RC-2" }, - { PCT_EXCH_RSA_PKCS1_TOKEN_RC4, "RSA PKCS#1 Token RC-4" }, - { PCT_EXCH_DH_PKCS3, "DH PKCS#3" }, - { PCT_EXCH_DH_PKCS3_TOKEN_DES, "DH PKCS#3 Token DES" }, - { PCT_EXCH_DH_PKCS3_TOKEN_DES3, "DH PKCS#3 Token 3DES" }, - { PCT_EXCH_FORTEZZA_TOKEN, "Fortezza" }, - { 0x00, NULL }, -}; - -static const value_string pct_error_code[] = { - { PCT_ERR_BAD_CERTIFICATE, "PCT_ERR_BAD_CERTIFICATE" }, - { PCT_ERR_CLIENT_AUTH_FAILED, "PCT_ERR_CLIENT_AUTH_FAILE" }, - { PCT_ERR_ILLEGAL_MESSAGE, "PCT_ERR_ILLEGAL_MESSAGE" }, - { PCT_ERR_INTEGRITY_CHECK_FAILED, "PCT_ERR_INTEGRITY_CHECK_FAILED" }, - { PCT_ERR_SERVER_AUTH_FAILED, "PCT_ERR_SERVER_AUTH_FAILED" }, - { PCT_ERR_SPECS_MISMATCH, "PCT_ERR_SPECS_MISMATCH" }, - { 0x00, NULL }, -}; - -/* RFC 3546 */ -static const value_string tls_hello_extension_types[] = { - { 0, "server_name" }, - { 1, "max_fragment_length" }, - { 2, "client_certificate_url" }, - { 3, "trusted_ca_keys" }, - { 4, "truncated_hmac" }, - { 5, "status_request" }, - { 35, "EAP-FAST PAC-Opaque" /* draft-cam-winget-eap-fast-00.txt */ }, - { 0, NULL } -}; - +static void +ssl_desegment_ssl_app_data(SslDecryptSession * ssl, packet_info *pinfo){ + SslPacketInfo* pi; + SslAssociation* association; + SslPacketInfo* pi2; + pi = p_get_proto_data(pinfo->fd, proto_ssl); + if (pi && pi->app_data.data) + { + tvbuff_t* new_tvb; + packet_info * pp; + /* find out a dissector using server port*/ + association = ssl_association_find(pinfo->srcport); + association = association ? association: ssl_association_find(pinfo->destport); + /* create a copy of packet_info */ + pp=g_malloc(sizeof(packet_info)); + memcpy(pp, pinfo, sizeof(packet_info)); + + if (association && association->handle) { + /* it's the first SS segmented packet */ + if(ssl->app_data_segment.data==NULL){ + /* create new tvbuff for the decrypted data */ + new_tvb = tvb_new_real_data(pi->app_data.data, + pi->app_data.data_len, pi->app_data.data_len); + tvb_set_free_cb(new_tvb, g_free); + /* we allow subdissector to tell us more bytes */ + pp->can_desegment=2; + /* subdissector call */ + call_dissector(association->handle, new_tvb, pp, NULL); + /* if the dissector need more bytes */ + if(pp->desegment_len>0){ + /* we save the actual data to reuse them later */ + ssl_add_app_data(ssl, pi->app_data.data, pi->app_data.data_len); + /* we remove data to forbid subdissection */ + if(pinfo->fd) + { + p_remove_proto_data(pinfo->fd, proto_ssl); + } + /* update of COL_INFO */ + if (check_col(pinfo->cinfo, COL_INFO)){ + col_append_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]"); + pinfo->cinfo->writable=FALSE; + } + return; + } + } + else + { + /* it isn't the first SSL segmented packet */ + /* we add actual data to reuse them later */ + ssl_add_app_data(ssl, pi->app_data.data, pi->app_data.data_len); + /* create new tvbuff for the decrypted data */ + new_tvb = tvb_new_real_data(ssl->app_data_segment.data, + ssl->app_data_segment.data_len, + ssl->app_data_segment.data_len); + tvb_set_free_cb(new_tvb, g_free); + /* we allow subdissector to tell us more bytes */ + pp->can_desegment=2; + /* subdissector call */ + call_dissector(association->handle, new_tvb, pp, NULL); + /* if the dissector need more bytes */ + if(pp->desegment_len>0){ + /* we remove data to forbid subdissection */ + if(pinfo->fd) + { + p_remove_proto_data(pinfo->fd, proto_ssl); + } + /* update of COL_INFO */ + if (check_col(pinfo->cinfo, COL_INFO)){ + col_append_str(pinfo->cinfo, COL_INFO, "[SSL segment of a reassembled PDU]"); + pinfo->cinfo->writable=FALSE; + } + return; + } + else + { + /* we create SslPacketInfo to save data */ + pi2=g_malloc(sizeof(SslPacketInfo)); + pi2->app_data.data=g_malloc(ssl->app_data_segment.data_len); + memcpy(pi2->app_data.data,ssl->app_data_segment.data,ssl->app_data_segment.data_len); + pi2->app_data.data_len=ssl->app_data_segment.data_len; + + /* we remove data if it's useful */ + if(pinfo->fd) + { + p_remove_proto_data(pinfo->fd, proto_ssl); + } + /* we add reassembled subprotocol data */ + p_add_proto_data(pinfo->fd, proto_ssl, pi2); + /* we delete saved app_data */ + if(ssl->app_data_segment.data) + g_free(ssl->app_data_segment.data); + ssl->app_data_segment.data=NULL; + ssl->app_data_segment.data_len=0; + } + } + /* we delete pp structure */ + g_free(pp); + + } + } + + +} /********************************************************************* * * Forward Declarations @@ -1286,8 +926,8 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * (to keep cipher syncronized)and only if we have * the server private key*/ if (!ssl_session->private_key || pinfo->fd->flags.visited) - ssl_session = NULL; - + ssl_session = NULL; + /* Initialize the protocol column; we'll set it later when we * figure out what flavor of SSL it is (assuming we don't * throw an exception before we get the chance to do so). */ @@ -1309,7 +949,7 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * packets. * * Handling the single ssl record across multiple packets - * may be possible using wireshark conversations, but + * may be possible using ethereal conversations, but * probably not cleanly. May have to wait for tcp stream * reassembly. */ @@ -1320,7 +960,6 @@ dissect_ssl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) ti = proto_tree_add_item(tree, proto_ssl, tvb, 0, -1, FALSE); ssl_tree = proto_item_add_subtree(ti, ett_ssl); } - /* iterate through the records in this tvbuff */ while (tvb_reported_length_remaining(tvb, offset) != 0) { @@ -1552,7 +1191,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, available_bytes = tvb_length_remaining(tvb, offset); - /* + /* * Can we do reassembly? */ if (ssl_desegment && pinfo->can_desegment) { @@ -1665,7 +1304,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, if (*conv_version == SSL_VER_UNKNOWN && ssl_is_authoritative_version_message(content_type, next_byte)) { - if (version == 0x0300) + if (version == SSLV3_VERSION) { *conv_version = SSL_VER_SSLv3; if (ssl) { @@ -1674,7 +1313,7 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, } /*ssl_set_conv_version(pinfo, ssl->version);*/ } - else if (version == 0x0301) + else if (version == TLSV1_VERSION) { *conv_version = SSL_VER_TLS; @@ -1684,24 +1323,21 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, } /*ssl_set_conv_version(pinfo, ssl->version);*/ } + else if (version == TLSV1DOT1_VERSION) + { + + *conv_version = SSL_VER_TLSv1DOT1; + if (ssl) { + ssl->version_netorder = version; + ssl->state |= SSL_VERSION; + } + /*ssl_set_conv_version(pinfo, ssl->version);*/ + } } if (check_col(pinfo->cinfo, COL_PROTOCOL)) { - if (version == 0x0300) - { - col_set_str(pinfo->cinfo, COL_PROTOCOL, - ssl_version_short_names[SSL_VER_SSLv3]); - } - else if (version == 0x0301) - { - col_set_str(pinfo->cinfo, COL_PROTOCOL, - ssl_version_short_names[SSL_VER_TLS]); - } - else - { col_set_str(pinfo->cinfo, COL_PROTOCOL, ssl_version_short_names[*conv_version]); - } } /* @@ -1721,12 +1357,23 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, ssl_debug_printf("dissect_ssl3_change_cipher_spec\n"); break; case SSL_ID_ALERT: - if (ssl) - decrypt_ssl3_record(tvb, pinfo, offset, - record_length, content_type, ssl, FALSE); - dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, - conv_version); + { + tvbuff_t* decrypted=0; + if (ssl&&decrypt_ssl3_record(tvb, pinfo, offset, + record_length, content_type, ssl, FALSE)) + ssl_add_record_info(pinfo, ssl_decrypted_data.data, + ssl_decrypted_data_avail, offset); + + /* try to retrive and use decrypted alert record, if any. */ + decrypted = ssl_get_record_info(pinfo, offset); + if (decrypted) + dissect_ssl3_alert(decrypted, pinfo, ssl_record_tree, 0, + conv_version); + else + dissect_ssl3_alert(tvb, pinfo, ssl_record_tree, offset, + conv_version); break; + } case SSL_ID_HANDSHAKE: { tvbuff_t* decrypted=0; @@ -1750,14 +1397,20 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, break; } case SSL_ID_APP_DATA: - if (ssl) - decrypt_ssl3_record(tvb, pinfo, offset, - record_length, content_type, ssl, TRUE); + if (ssl){ + decrypt_ssl3_record(tvb, pinfo, offset, + record_length, content_type, ssl, TRUE); + /* if application data desegmentation is allowed */ + if(ssl_desegment_app_data) + ssl_desegment_ssl_app_data(ssl,pinfo); + + } + /* show on info colum what we are decoding */ if (check_col(pinfo->cinfo, COL_INFO)) col_append_str(pinfo->cinfo, COL_INFO, "Application Data"); - + if (!ssl_record_tree) break; @@ -1786,21 +1439,24 @@ dissect_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, /* create new tvbuff for the decrypted data */ new_tvb = tvb_new_real_data(pi->app_data.data, pi->app_data.data_len, pi->app_data.data_len); - tvb_set_free_cb(new_tvb, g_free); - /* tvb_set_child_real_data_tvbuff(tvb, new_tvb); */ - + + /* add this tvb as a child to the original one */ + tvb_set_child_real_data_tvbuff(tvb, new_tvb); + + /* add desegmented data to the data source list */ + add_new_data_source(pinfo, new_tvb, "Decrypted SSL data"); + /* find out a dissector using server port*/ if (association && association->handle) { ssl_debug_printf("dissect_ssl3_record found association %p\n", association); ssl_print_text_data("decrypted app data",pi->app_data.data, pi->app_data.data_len); - - call_dissector(association->handle, new_tvb, pinfo, ssl_record_tree); + call_dissector(association->handle, new_tvb, pinfo, ssl_record_tree); } /* add raw decrypted data only if a decoder is not found*/ else proto_tree_add_string(ssl_record_tree, hf_ssl_record_appdata_decrypted, tvb, - offset, pi->app_data.data_len, (char*) pi->app_data.data); + offset, pi->app_data.data_len, (char*) pi->app_data.data); } else { tvb_ensure_bytes_exist(tvb, offset, record_length); @@ -2097,7 +1753,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, /* get encrypted data, on tls1 we have to skip two bytes * (it's the encrypted len and should be equal to record len - 2) */ - if (ssl->version == SSL_VER_TLS) + if (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1) { encrlen = tvb_get_ntohs(tvb, offset); skip = 2; @@ -2661,6 +2317,7 @@ dissect_ssl3_hnd_finished(tvbuff_t *tvb, switch(*conv_version) { case SSL_VER_TLS: + case SSL_VER_TLSv1DOT1: proto_tree_add_item(tree, hf_ssl_handshake_finished, tvb, offset, 12, FALSE); break; @@ -3804,7 +3461,7 @@ ssl_looks_like_sslv3(tvbuff_t *tvb, guint32 offset) /* now check to see if the version byte appears valid */ version = tvb_get_ntohs(tvb, offset + 1); - if (version != 0x0300 && version != 0x0301) + if (version != SSLV3_VERSION && version != TLSV1_VERSION && version != TLSV1DOT1_VERSION) { return 0; } @@ -3947,7 +3604,7 @@ ssl_looks_like_valid_pct_handshake(tvbuff_t *tvb, guint32 offset, /********************************************************************* * - * Standard Wireshark Protocol Registration and housekeeping + * Standard Ethereal Protocol Registration and housekeeping * *********************************************************************/ void @@ -4364,6 +4021,11 @@ proto_register_ssl(void) "Whether the SSL dissector should reassemble SSL records spanning multiple TCP segments. " "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", &ssl_desegment); + prefs_register_bool_preference(ssl_module, + "desegment_ssl_application_data", + "Reassemble SSL Application Data spanning multiple SSL records", + "Whether the SSL dissector should reassemble SSL Application Data spanning multiple SSL records. ", + &ssl_desegment_app_data); prefs_register_string_preference(ssl_module, "keys_list", "RSA keys list", "comma separated list of private RSA keys used for SSL decryption; " "each list entry must be in the form of <ip>:<port>:<key_file_name>" @@ -4401,3 +4063,4 @@ proto_reg_handoff_ssl(void) /* add now dissector to default ports.*/ ssl_parse(); } + |