diff options
| author | Sake Blok <sake@euronet.nl> | 2012-06-17 11:30:25 +0000 |
|---|---|---|
| committer | Sake Blok <sake@euronet.nl> | 2012-06-17 11:30:25 +0000 |
| commit | 3bbb0d3bc6e0ae40f2291f4a6b3dde97d3034212 (patch) | |
| tree | b1aac3ea938db9fbd7bb619c65a5a421b98704d6 /epan | |
| parent | e058a65c174dbaeca15ebe6919e8db1de758c574 (diff) | |
Enhance dissection of the NewSessionTicket handshake message.
svn path=/trunk/; revision=43304
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-dtls.c | 159 | ||||
| -rw-r--r-- | epan/dissectors/packet-ssl.c | 54 |
2 files changed, 158 insertions, 55 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index ab19fd6e5e..f1baf6e175 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -117,6 +117,9 @@ static gint hf_dtls_handshake_extensions_len = -1; static gint hf_dtls_handshake_extension_type = -1; static gint hf_dtls_handshake_extension_len = -1; static gint hf_dtls_handshake_extension_data = -1; +static gint hf_dtls_handshake_session_ticket_lifetime_hint = -1; +static gint hf_dtls_handshake_session_ticket_len = -1; +static gint hf_dtls_handshake_session_ticket = -1; static gint hf_dtls_handshake_certificates_len = -1; static gint hf_dtls_handshake_certificates = -1; static gint hf_dtls_handshake_certificate = -1; @@ -160,6 +163,7 @@ static gint ett_dtls_heartbeat = -1; static gint ett_dtls_cipher_suites = -1; static gint ett_dtls_comp_methods = -1; static gint ett_dtls_extension = -1; +static gint ett_dtls_new_ses_ticket = -1; static gint ett_dtls_certs = -1; static gint ett_dtls_cert_types = -1; static gint ett_dtls_dnames = -1; @@ -331,15 +335,19 @@ static void dissect_dtls_hnd_cli_hello(tvbuff_t *tvb, guint32 offset, guint32 length, SslDecryptSession* ssl); +static int dissect_dtls_hnd_srv_hello(tvbuff_t *tvb, + proto_tree *tree, + guint32 offset, guint32 length, + SslDecryptSession* ssl); + static int dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree, guint32 offset, SslDecryptSession* ssl); -static int dissect_dtls_hnd_srv_hello(tvbuff_t *tvb, +static void dissect_dtls_hnd_new_ses_ticket(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, guint32 length, - SslDecryptSession* ssl); + guint32 offset, guint32 length); static void dissect_dtls_hnd_cert(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo); @@ -1336,16 +1344,16 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, dissect_dtls_hnd_cli_hello(sub_tvb, ssl_hand_tree, 0, length, ssl); break; + case SSL_HND_SERVER_HELLO: + dissect_dtls_hnd_srv_hello(sub_tvb, ssl_hand_tree, 0, length, ssl); + break; + case SSL_HND_HELLO_VERIFY_REQUEST: dissect_dtls_hnd_hello_verify_request(sub_tvb, ssl_hand_tree, 0, ssl); break; case SSL_HND_NEWSESSION_TICKET: - /* Content depends on implementation, so nothing to do! */ - break; - - case SSL_HND_SERVER_HELLO: - dissect_dtls_hnd_srv_hello(sub_tvb, ssl_hand_tree, 0, length, ssl); + dissect_dtls_hnd_new_ses_ticket(sub_tvb, ssl_hand_tree, 0, length); break; case SSL_HND_CERTIFICATE: @@ -1801,52 +1809,6 @@ dissect_dtls_hnd_cli_hello(tvbuff_t *tvb, } } - -static int -dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree, - guint32 offset, SslDecryptSession* ssl) -{ - /* - * struct { - * ProtocolVersion server_version; - * opaque cookie<0..32>; - * } HelloVerifyRequest; - */ - - guint8 cookie_length; - - - if (tree || ssl) - { - /* show the client version */ - if (tree) - proto_tree_add_item(tree, hf_dtls_handshake_server_version, tvb, - offset, 2, ENC_BIG_ENDIAN); - offset += 2; - - - /* look for a cookie */ - cookie_length = tvb_get_guint8(tvb, offset); - if (!tree) - return offset; - - proto_tree_add_uint(tree, hf_dtls_handshake_cookie_len, - tvb, offset, 1, cookie_length); - offset ++; /* skip opaque length */ - - if (cookie_length > 0) - { - proto_tree_add_bytes_format(tree, hf_dtls_handshake_cookie, - tvb, offset, cookie_length, - NULL, "Cookie (%u byte%s)", - cookie_length, - plurality(cookie_length, "", "s")); - offset += cookie_length; - } - } - return offset; -} - static int dissect_dtls_hnd_srv_hello(tvbuff_t *tvb, proto_tree *tree, guint32 offset, guint32 length, SslDecryptSession* ssl) @@ -1936,6 +1898,79 @@ dissect_dtls_hnd_srv_hello(tvbuff_t *tvb, return offset; } +static int +dissect_dtls_hnd_hello_verify_request(tvbuff_t *tvb, proto_tree *tree, + guint32 offset, SslDecryptSession* ssl) +{ + /* + * struct { + * ProtocolVersion server_version; + * opaque cookie<0..32>; + * } HelloVerifyRequest; + */ + + guint8 cookie_length; + + + if (tree || ssl) + { + /* show the client version */ + if (tree) + proto_tree_add_item(tree, hf_dtls_handshake_server_version, tvb, + offset, 2, ENC_BIG_ENDIAN); + offset += 2; + + + /* look for a cookie */ + cookie_length = tvb_get_guint8(tvb, offset); + if (!tree) + return offset; + + proto_tree_add_uint(tree, hf_dtls_handshake_cookie_len, + tvb, offset, 1, cookie_length); + offset ++; /* skip opaque length */ + + if (cookie_length > 0) + { + proto_tree_add_bytes_format(tree, hf_dtls_handshake_cookie, + tvb, offset, cookie_length, + NULL, "Cookie (%u byte%s)", + cookie_length, + plurality(cookie_length, "", "s")); + offset += cookie_length; + } + } + return offset; +} + +static void +dissect_dtls_hnd_new_ses_ticket(tvbuff_t *tvb, + proto_tree *tree, guint32 offset, guint32 length) +{ + guint nst_len; + proto_item *ti; + proto_tree *subtree; + + + nst_len = tvb_get_ntohs(tvb, offset+4); + if (6 + nst_len != length) { + return; + } + + ti = proto_tree_add_text(tree, tvb, offset, 6+nst_len, "TLS Session Ticket"); + subtree = proto_item_add_subtree(ti, ett_dtls_new_ses_ticket); + + proto_tree_add_item(subtree, hf_dtls_handshake_session_ticket_lifetime_hint, + tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + + proto_tree_add_uint(subtree, hf_dtls_handshake_session_ticket_len, + tvb, offset, 2, nst_len); + /* Content depends on implementation, so just show data! */ + proto_tree_add_item(subtree, hf_dtls_handshake_session_ticket, + tvb, offset + 2, nst_len, ENC_NA); +} + static void dissect_dtls_hnd_cert(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo) @@ -2453,6 +2488,21 @@ proto_register_dtls(void) FT_BYTES, BASE_NONE, NULL, 0x0, "Hello Extension data", HFILL } }, + { &hf_dtls_handshake_session_ticket_lifetime_hint, + { "Session Ticket Lifetime Hint", "dtls.handshake.session_ticket_lifetime_hint", + FT_UINT32, BASE_DEC, NULL, 0x0, + "New DTLS Session Ticket Lifetime Hint", HFILL } + }, + { &hf_dtls_handshake_session_ticket_len, + { "Session Ticket Length", "dtls.handshake.session_ticket_length", + FT_UINT16, BASE_DEC, NULL, 0x0, + "New DTLS Session Ticket Length", HFILL } + }, + { &hf_dtls_handshake_session_ticket, + { "Session Ticket", "dtls.handshake.session_ticket", + FT_BYTES, BASE_NONE, NULL, 0x0, + "New DTLS Session Ticket", HFILL } + }, { &hf_dtls_handshake_certificates_len, { "Certificates Length", "dtls.handshake.certificates_length", FT_UINT24, BASE_DEC, NULL, 0x0, @@ -2609,6 +2659,7 @@ proto_register_dtls(void) &ett_dtls_cipher_suites, &ett_dtls_comp_methods, &ett_dtls_extension, + &ett_dtls_new_ses_ticket, &ett_dtls_certs, &ett_dtls_cert_types, &ett_dtls_dnames, diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 922c7e4998..608ddd2e06 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -180,6 +180,9 @@ static gint hf_ssl_handshake_extension_server_name_len = -1; static gint hf_ssl_handshake_extension_server_name_list_len = -1; static gint hf_ssl_handshake_extension_server_name_type = -1; static gint hf_ssl_handshake_extension_server_name = -1; +static gint hf_ssl_handshake_session_ticket_lifetime_hint = -1; +static gint hf_ssl_handshake_session_ticket_len = -1; +static gint hf_ssl_handshake_session_ticket = -1; static gint hf_ssl_handshake_certificates_len = -1; static gint hf_ssl_handshake_certificates = -1; static gint hf_ssl_handshake_certificate = -1; @@ -289,6 +292,7 @@ static gint ett_ssl_sig_hash_algs = -1; static gint ett_ssl_sig_hash_alg = -1; static gint ett_ssl_dnames = -1; static gint ett_ssl_random = -1; +static gint ett_ssl_new_ses_ticket = -1; static gint ett_ssl_keyex_params = -1; static gint ett_ssl_cert_status = -1; static gint ett_ssl_ocsp_resp = -1; @@ -505,6 +509,10 @@ static void dissect_ssl3_hnd_srv_hello(tvbuff_t *tvb, guint32 offset, guint32 length, SslDecryptSession* ssl); +static void dissect_ssl3_hnd_new_ses_ticket(tvbuff_t *tvb, + proto_tree *tree, + guint32 offset, guint32 length); + static void dissect_ssl3_hnd_cert(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo); @@ -1966,7 +1974,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, break; case SSL_HND_NEWSESSION_TICKET: - /* Content depends on implementation, so nothing to do! */ + dissect_ssl3_hnd_new_ses_ticket(tvb, ssl_hand_tree, offset, length); break; case SSL_HND_CERTIFICATE: @@ -2779,6 +2787,34 @@ no_cipher: } static void +dissect_ssl3_hnd_new_ses_ticket(tvbuff_t *tvb, proto_tree *tree, + guint32 offset, guint32 length) +{ + guint nst_len; + proto_item *ti; + proto_tree *subtree; + + + nst_len = tvb_get_ntohs(tvb, offset+4); + if (6 + nst_len != length) { + return; + } + + ti = proto_tree_add_text(tree, tvb, offset, 6+nst_len, "TLS Session Ticket"); + subtree = proto_item_add_subtree(ti, ett_ssl_new_ses_ticket); + + proto_tree_add_item(subtree, hf_ssl_handshake_session_ticket_lifetime_hint, + tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + + proto_tree_add_uint(subtree, hf_ssl_handshake_session_ticket_len, + tvb, offset, 2, nst_len); + /* Content depends on implementation, so just show data! */ + proto_tree_add_item(subtree, hf_ssl_handshake_session_ticket, + tvb, offset + 2, nst_len, ENC_NA); +} + +static void dissect_ssl3_hnd_cert(tvbuff_t *tvb, proto_tree *tree, guint32 offset, packet_info *pinfo) { @@ -5136,6 +5172,21 @@ proto_register_ssl(void) FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } }, + { &hf_ssl_handshake_session_ticket_lifetime_hint, + { "Session Ticket Lifetime Hint", "ssl.handshake.session_ticket_lifetime_hint", + FT_UINT32, BASE_DEC, NULL, 0x0, + "New TLS Session Ticket Lifetime Hint", HFILL } + }, + { &hf_ssl_handshake_session_ticket_len, + { "Session Ticket Length", "ssl.handshake.session_ticket_length", + FT_UINT16, BASE_DEC, NULL, 0x0, + "New TLS Session Ticket Length", HFILL } + }, + { &hf_ssl_handshake_session_ticket, + { "Session Ticket", "ssl.handshake.session_ticket", + FT_BYTES, BASE_NONE, NULL, 0x0, + "New TLS Session Ticket", HFILL } + }, { &hf_ssl_handshake_certificates_len, { "Certificates Length", "ssl.handshake.certificates_length", FT_UINT24, BASE_DEC, NULL, 0x0, @@ -5585,6 +5636,7 @@ proto_register_ssl(void) &ett_ssl_sig_hash_alg, &ett_ssl_dnames, &ett_ssl_random, + &ett_ssl_new_ses_ticket, &ett_ssl_keyex_params, &ett_ssl_cert_status, &ett_ssl_ocsp_resp, |