| File: | epan/dissectors/packet-tls-utils.c |
| Warning: | line 4818, column 17 Potential leak of memory pointed to by 'handshake_hashed_data.data' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
| 1 | /* packet-tls-utils.c | |||
| 2 | * ssl manipulation functions | |||
| 3 | * By Paolo Abeni <paolo.abeni@email.com> | |||
| 4 | * | |||
| 5 | * Copyright (c) 2013, Hauke Mehrtens <hauke@hauke-m.de> | |||
| 6 | * Copyright (c) 2014, Peter Wu <peter@lekensteyn.nl> | |||
| 7 | * | |||
| 8 | * Wireshark - Network traffic analyzer | |||
| 9 | * By Gerald Combs <gerald@wireshark.org> | |||
| 10 | * Copyright 1998 Gerald Combs | |||
| 11 | * | |||
| 12 | * SPDX-License-Identifier: GPL-2.0-or-later | |||
| 13 | */ | |||
| 14 | ||||
| 15 | #include "config.h" | |||
| 16 | ||||
| 17 | #include <stdlib.h> | |||
| 18 | #include <errno(*__errno_location ()).h> | |||
| 19 | ||||
| 20 | #include <epan/packet.h> | |||
| 21 | #include <epan/strutil.h> | |||
| 22 | #include <epan/addr_resolv.h> | |||
| 23 | #include <epan/expert.h> | |||
| 24 | #include <epan/asn1.h> | |||
| 25 | #include <epan/proto_data.h> | |||
| 26 | #include <epan/oids.h> | |||
| 27 | #include <epan/secrets.h> | |||
| 28 | ||||
| 29 | #include <wsutil/inet_cidr.h> | |||
| 30 | #include <wsutil/filesystem.h> | |||
| 31 | #include <wsutil/file_util.h> | |||
| 32 | #include <wsutil/str_util.h> | |||
| 33 | #include <wsutil/report_message.h> | |||
| 34 | #include <wsutil/pint.h> | |||
| 35 | #include <wsutil/strtoi.h> | |||
| 36 | #include <wsutil/wsgcrypt.h> | |||
| 37 | #include <wsutil/rsa.h> | |||
| 38 | #include <wsutil/ws_assert.h> | |||
| 39 | #include <wsutil/zlib_compat.h> | |||
| 40 | #include "packet-ber.h" | |||
| 41 | #include "packet-x509af.h" | |||
| 42 | #include "packet-x509if.h" | |||
| 43 | #include "packet-tls-utils.h" | |||
| 44 | #include "packet-ocsp.h" | |||
| 45 | #include "packet-tls.h" | |||
| 46 | #include "packet-dtls.h" | |||
| 47 | #include "packet-quic.h" | |||
| 48 | #if defined(HAVE_LIBGNUTLS1) | |||
| 49 | #include <gnutls/abstract.h> | |||
| 50 | #endif | |||
| 51 | ||||
| 52 | /* JA3/JA3S calculations must ignore GREASE values | |||
| 53 | * as described in RFC 8701. | |||
| 54 | */ | |||
| 55 | #define IS_GREASE_TLS(x)((((x) & 0x0f0f) == 0x0a0a) && (((x) & 0xff) == (((x)>>8) & 0xff))) ((((x) & 0x0f0f) == 0x0a0a) && \ | |||
| 56 | (((x) & 0xff) == (((x)>>8) & 0xff))) | |||
| 57 | ||||
| 58 | /* Section 22.3 of RFC 9000 (QUIC) reserves values of this | |||
| 59 | * form for a similar purpose as GREASE. | |||
| 60 | */ | |||
| 61 | #define IS_GREASE_QUIC(x)((x) > 27 ? ((((x) - 27) % 31) == 0) : 0) ((x) > 27 ? ((((x) - 27) % 31) == 0) : 0) | |||
| 62 | ||||
| 63 | #define DTLS13_MAX_EPOCH10 10 | |||
| 64 | ||||
| 65 | /* Lookup tables {{{ */ | |||
| 66 | const value_string ssl_version_short_names[] = { | |||
| 67 | { SSLV2_VERSION0x0002, "SSLv2" }, | |||
| 68 | { SSLV3_VERSION0x300, "SSLv3" }, | |||
| 69 | { TLSV1_VERSION0x301, "TLSv1" }, | |||
| 70 | { TLCPV1_VERSION0x101, "TLCP" }, | |||
| 71 | { TLSV1DOT1_VERSION0x302, "TLSv1.1" }, | |||
| 72 | { TLSV1DOT2_VERSION0x303, "TLSv1.2" }, | |||
| 73 | { TLSV1DOT3_VERSION0x304, "TLSv1.3" }, | |||
| 74 | { DTLSV1DOT0_VERSION0xfeff, "DTLSv1.0" }, | |||
| 75 | { DTLSV1DOT2_VERSION0xfefd, "DTLSv1.2" }, | |||
| 76 | { DTLSV1DOT3_VERSION0xfefc, "DTLSv1.3" }, | |||
| 77 | { DTLSV1DOT0_OPENSSL_VERSION0x100, "DTLS 1.0 (OpenSSL pre 0.9.8f)" }, | |||
| 78 | { 0x00, NULL((void*)0) } | |||
| 79 | }; | |||
| 80 | ||||
| 81 | const value_string ssl_versions[] = { | |||
| 82 | { SSLV2_VERSION0x0002, "SSL 2.0" }, | |||
| 83 | { SSLV3_VERSION0x300, "SSL 3.0" }, | |||
| 84 | { TLSV1_VERSION0x301, "TLS 1.0" }, | |||
| 85 | { TLCPV1_VERSION0x101, "TLCP" }, | |||
| 86 | { TLSV1DOT1_VERSION0x302, "TLS 1.1" }, | |||
| 87 | { TLSV1DOT2_VERSION0x303, "TLS 1.2" }, | |||
| 88 | { TLSV1DOT3_VERSION0x304, "TLS 1.3" }, | |||
| 89 | { 0x7F0E, "TLS 1.3 (draft 14)" }, | |||
| 90 | { 0x7F0F, "TLS 1.3 (draft 15)" }, | |||
| 91 | { 0x7F10, "TLS 1.3 (draft 16)" }, | |||
| 92 | { 0x7F11, "TLS 1.3 (draft 17)" }, | |||
| 93 | { 0x7F12, "TLS 1.3 (draft 18)" }, | |||
| 94 | { 0x7F13, "TLS 1.3 (draft 19)" }, | |||
| 95 | { 0x7F14, "TLS 1.3 (draft 20)" }, | |||
| 96 | { 0x7F15, "TLS 1.3 (draft 21)" }, | |||
| 97 | { 0x7F16, "TLS 1.3 (draft 22)" }, | |||
| 98 | { 0x7F17, "TLS 1.3 (draft 23)" }, | |||
| 99 | { 0x7F18, "TLS 1.3 (draft 24)" }, | |||
| 100 | { 0x7F19, "TLS 1.3 (draft 25)" }, | |||
| 101 | { 0x7F1A, "TLS 1.3 (draft 26)" }, | |||
| 102 | { 0x7F1B, "TLS 1.3 (draft 27)" }, | |||
| 103 | { 0x7F1C, "TLS 1.3 (draft 28)" }, | |||
| 104 | { 0xFB17, "TLS 1.3 (Facebook draft 23)" }, | |||
| 105 | { 0xFB1A, "TLS 1.3 (Facebook draft 26)" }, | |||
| 106 | { DTLSV1DOT0_OPENSSL_VERSION0x100, "DTLS 1.0 (OpenSSL pre 0.9.8f)" }, | |||
| 107 | { DTLSV1DOT0_VERSION0xfeff, "DTLS 1.0" }, | |||
| 108 | { DTLSV1DOT2_VERSION0xfefd, "DTLS 1.2" }, | |||
| 109 | { DTLSV1DOT3_VERSION0xfefc, "DTLS 1.3" }, | |||
| 110 | { 0x0A0A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 111 | { 0x1A1A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 112 | { 0x2A2A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 113 | { 0x3A3A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 114 | { 0x4A4A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 115 | { 0x5A5A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 116 | { 0x6A6A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 117 | { 0x7A7A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 118 | { 0x8A8A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 119 | { 0x9A9A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 120 | { 0xAAAA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 121 | { 0xBABA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 122 | { 0xCACA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 123 | { 0xDADA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 124 | { 0xEAEA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 125 | { 0xFAFA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 126 | { 0x00, NULL((void*)0) } | |||
| 127 | }; | |||
| 128 | ||||
| 129 | static const value_string ssl_version_ja4_names[] = { | |||
| 130 | { 0x0100, "s1" }, | |||
| 131 | { SSLV2_VERSION0x0002, "s2" }, | |||
| 132 | { SSLV3_VERSION0x300, "s3" }, | |||
| 133 | { TLSV1_VERSION0x301, "10" }, | |||
| 134 | { TLSV1DOT1_VERSION0x302, "11" }, | |||
| 135 | { TLSV1DOT2_VERSION0x303, "12" }, | |||
| 136 | { TLSV1DOT3_VERSION0x304, "13" }, | |||
| 137 | { DTLSV1DOT0_VERSION0xfeff, "d1" }, | |||
| 138 | { DTLSV1DOT2_VERSION0xfefd, "d2" }, | |||
| 139 | { DTLSV1DOT3_VERSION0xfefc, "d3" }, | |||
| 140 | { 0x00, NULL((void*)0) } | |||
| 141 | }; | |||
| 142 | ||||
| 143 | const value_string ssl_20_msg_types[] = { | |||
| 144 | { SSL2_HND_ERROR0x00, "Error" }, | |||
| 145 | { SSL2_HND_CLIENT_HELLO0x01, "Client Hello" }, | |||
| 146 | { SSL2_HND_CLIENT_MASTER_KEY0x02, "Client Master Key" }, | |||
| 147 | { SSL2_HND_CLIENT_FINISHED0x03, "Client Finished" }, | |||
| 148 | { SSL2_HND_SERVER_HELLO0x04, "Server Hello" }, | |||
| 149 | { SSL2_HND_SERVER_VERIFY0x05, "Server Verify" }, | |||
| 150 | { SSL2_HND_SERVER_FINISHED0x06, "Server Finished" }, | |||
| 151 | { SSL2_HND_REQUEST_CERTIFICATE0x07, "Request Certificate" }, | |||
| 152 | { SSL2_HND_CLIENT_CERTIFICATE0x08, "Client Certificate" }, | |||
| 153 | { 0x00, NULL((void*)0) } | |||
| 154 | }; | |||
| 155 | /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ | |||
| 156 | /* Note: sorted by ascending value so value_string-ext can do a binary search */ | |||
| 157 | static const value_string ssl_20_cipher_suites[] = { | |||
| 158 | { 0x000000, "TLS_NULL_WITH_NULL_NULL" }, | |||
| 159 | { 0x000001, "TLS_RSA_WITH_NULL_MD5" }, | |||
| 160 | { 0x000002, "TLS_RSA_WITH_NULL_SHA" }, | |||
| 161 | { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, | |||
| 162 | { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" }, | |||
| 163 | { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" }, | |||
| 164 | { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, | |||
| 165 | { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, | |||
| 166 | { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 167 | { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" }, | |||
| 168 | { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 169 | { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 170 | { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, | |||
| 171 | { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
| 172 | { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 173 | { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, | |||
| 174 | { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 175 | { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 176 | { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, | |||
| 177 | { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
| 178 | { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 179 | { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, | |||
| 180 | { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 181 | { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, | |||
| 182 | { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" }, | |||
| 183 | { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 184 | { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" }, | |||
| 185 | { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, | |||
| 186 | { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" }, | |||
| 187 | { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, | |||
| 188 | #if 0 | |||
| 189 | { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, | |||
| 190 | #endif | |||
| 191 | /* RFC 2712 */ | |||
| 192 | { 0x00001E, "TLS_KRB5_WITH_DES_CBC_SHA" }, | |||
| 193 | { 0x00001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, | |||
| 194 | { 0x000020, "TLS_KRB5_WITH_RC4_128_SHA" }, | |||
| 195 | { 0x000021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, | |||
| 196 | { 0x000022, "TLS_KRB5_WITH_DES_CBC_MD5" }, | |||
| 197 | { 0x000023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, | |||
| 198 | { 0x000024, "TLS_KRB5_WITH_RC4_128_MD5" }, | |||
| 199 | { 0x000025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, | |||
| 200 | { 0x000026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, | |||
| 201 | { 0x000027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, | |||
| 202 | { 0x000028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, | |||
| 203 | { 0x000029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, | |||
| 204 | { 0x00002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, | |||
| 205 | { 0x00002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, | |||
| 206 | /* RFC 4785 */ | |||
| 207 | { 0x00002C, "TLS_PSK_WITH_NULL_SHA" }, | |||
| 208 | { 0x00002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, | |||
| 209 | { 0x00002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, | |||
| 210 | /* RFC 5246 */ | |||
| 211 | { 0x00002f, "TLS_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 212 | { 0x000030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, | |||
| 213 | { 0x000031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 214 | { 0x000032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, | |||
| 215 | { 0x000033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 216 | { 0x000034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, | |||
| 217 | { 0x000035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 218 | { 0x000036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, | |||
| 219 | { 0x000037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 220 | { 0x000038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, | |||
| 221 | { 0x000039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 222 | { 0x00003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, | |||
| 223 | { 0x00003B, "TLS_RSA_WITH_NULL_SHA256" }, | |||
| 224 | { 0x00003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, | |||
| 225 | { 0x00003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, | |||
| 226 | { 0x00003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, | |||
| 227 | { 0x00003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, | |||
| 228 | { 0x000040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, | |||
| 229 | { 0x000041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 230 | { 0x000042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 231 | { 0x000043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 232 | { 0x000044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 233 | { 0x000045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 234 | { 0x000046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 235 | { 0x000047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, | |||
| 236 | { 0x000048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, | |||
| 237 | { 0x000049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" }, | |||
| 238 | { 0x00004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 239 | { 0x00004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, | |||
| 240 | { 0x00004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, | |||
| 241 | { 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" }, | |||
| 242 | { 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" }, | |||
| 243 | { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" }, | |||
| 244 | { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" }, | |||
| 245 | { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" }, | |||
| 246 | { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" }, | |||
| 247 | { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" }, | |||
| 248 | { 0x000067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, | |||
| 249 | { 0x000068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, | |||
| 250 | { 0x000069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, | |||
| 251 | { 0x00006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, | |||
| 252 | { 0x00006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, | |||
| 253 | { 0x00006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, | |||
| 254 | { 0x00006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, | |||
| 255 | /* 0x00,0x6E-83 Unassigned */ | |||
| 256 | { 0x000084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 257 | { 0x000085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 258 | { 0x000086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 259 | { 0x000087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 260 | { 0x000088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 261 | { 0x000089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 262 | /* RFC 4279 */ | |||
| 263 | { 0x00008A, "TLS_PSK_WITH_RC4_128_SHA" }, | |||
| 264 | { 0x00008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
| 265 | { 0x00008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, | |||
| 266 | { 0x00008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, | |||
| 267 | { 0x00008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, | |||
| 268 | { 0x00008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
| 269 | { 0x000090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, | |||
| 270 | { 0x000091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, | |||
| 271 | { 0x000092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, | |||
| 272 | { 0x000093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
| 273 | { 0x000094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, | |||
| 274 | { 0x000095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, | |||
| 275 | /* RFC 4162 */ | |||
| 276 | { 0x000096, "TLS_RSA_WITH_SEED_CBC_SHA" }, | |||
| 277 | { 0x000097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, | |||
| 278 | { 0x000098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, | |||
| 279 | { 0x000099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, | |||
| 280 | { 0x00009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, | |||
| 281 | { 0x00009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, | |||
| 282 | /* RFC 5288 */ | |||
| 283 | { 0x00009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, | |||
| 284 | { 0x00009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, | |||
| 285 | { 0x00009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, | |||
| 286 | { 0x00009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, | |||
| 287 | { 0x0000A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, | |||
| 288 | { 0x0000A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, | |||
| 289 | { 0x0000A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, | |||
| 290 | { 0x0000A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, | |||
| 291 | { 0x0000A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, | |||
| 292 | { 0x0000A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, | |||
| 293 | { 0x0000A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, | |||
| 294 | { 0x0000A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, | |||
| 295 | /* RFC 5487 */ | |||
| 296 | { 0x0000A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, | |||
| 297 | { 0x0000A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, | |||
| 298 | { 0x0000AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, | |||
| 299 | { 0x0000AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, | |||
| 300 | { 0x0000AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, | |||
| 301 | { 0x0000AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, | |||
| 302 | { 0x0000AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, | |||
| 303 | { 0x0000AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, | |||
| 304 | { 0x0000B0, "TLS_PSK_WITH_NULL_SHA256" }, | |||
| 305 | { 0x0000B1, "TLS_PSK_WITH_NULL_SHA384" }, | |||
| 306 | { 0x0000B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, | |||
| 307 | { 0x0000B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, | |||
| 308 | { 0x0000B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, | |||
| 309 | { 0x0000B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, | |||
| 310 | { 0x0000B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, | |||
| 311 | { 0x0000B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, | |||
| 312 | { 0x0000B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, | |||
| 313 | { 0x0000B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, | |||
| 314 | /* From RFC 5932 */ | |||
| 315 | { 0x0000BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 316 | { 0x0000BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 317 | { 0x0000BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 318 | { 0x0000BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 319 | { 0x0000BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 320 | { 0x0000BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 321 | { 0x0000C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 322 | { 0x0000C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 323 | { 0x0000C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 324 | { 0x0000C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 325 | { 0x0000C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 326 | { 0x0000C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 327 | /* 0x00,0xC6-FE Unassigned */ | |||
| 328 | { 0x0000FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, | |||
| 329 | /* 0x01-BF,* Unassigned */ | |||
| 330 | /* From RFC 4492 */ | |||
| 331 | { 0x00c001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, | |||
| 332 | { 0x00c002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, | |||
| 333 | { 0x00c003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 334 | { 0x00c004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, | |||
| 335 | { 0x00c005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, | |||
| 336 | { 0x00c006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, | |||
| 337 | { 0x00c007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, | |||
| 338 | { 0x00c008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 339 | { 0x00c009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, | |||
| 340 | { 0x00c00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, | |||
| 341 | { 0x00c00b, "TLS_ECDH_RSA_WITH_NULL_SHA" }, | |||
| 342 | { 0x00c00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, | |||
| 343 | { 0x00c00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 344 | { 0x00c00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 345 | { 0x00c00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 346 | { 0x00c010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, | |||
| 347 | { 0x00c011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, | |||
| 348 | { 0x00c012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 349 | { 0x00c013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 350 | { 0x00c014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 351 | { 0x00c015, "TLS_ECDH_anon_WITH_NULL_SHA" }, | |||
| 352 | { 0x00c016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, | |||
| 353 | { 0x00c017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, | |||
| 354 | { 0x00c018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, | |||
| 355 | { 0x00c019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, | |||
| 356 | /* RFC 5054 */ | |||
| 357 | { 0x00C01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 358 | { 0x00C01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 359 | { 0x00C01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
| 360 | { 0x00C01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, | |||
| 361 | { 0x00C01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 362 | { 0x00C01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, | |||
| 363 | { 0x00C020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, | |||
| 364 | { 0x00C021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 365 | { 0x00C022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, | |||
| 366 | /* RFC 5589 */ | |||
| 367 | { 0x00C023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, | |||
| 368 | { 0x00C024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, | |||
| 369 | { 0x00C025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, | |||
| 370 | { 0x00C026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, | |||
| 371 | { 0x00C027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, | |||
| 372 | { 0x00C028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, | |||
| 373 | { 0x00C029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, | |||
| 374 | { 0x00C02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, | |||
| 375 | { 0x00C02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, | |||
| 376 | { 0x00C02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, | |||
| 377 | { 0x00C02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, | |||
| 378 | { 0x00C02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, | |||
| 379 | { 0x00C02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, | |||
| 380 | { 0x00C030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, | |||
| 381 | { 0x00C031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, | |||
| 382 | { 0x00C032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, | |||
| 383 | /* RFC 5489 */ | |||
| 384 | { 0x00C033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, | |||
| 385 | { 0x00C034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
| 386 | { 0x00C035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, | |||
| 387 | { 0x00C036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, | |||
| 388 | { 0x00C037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, | |||
| 389 | { 0x00C038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, | |||
| 390 | { 0x00C039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, | |||
| 391 | { 0x00C03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, | |||
| 392 | { 0x00C03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, | |||
| 393 | /* 0xC0,0x3C-FF Unassigned | |||
| 394 | 0xC1-FD,* Unassigned | |||
| 395 | 0xFE,0x00-FD Unassigned | |||
| 396 | 0xFE,0xFE-FF Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen] | |||
| 397 | 0xFF,0x00-FF Reserved for Private Use [RFC5246] | |||
| 398 | */ | |||
| 399 | ||||
| 400 | /* old numbers used in the beginning | |||
| 401 | * https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305 */ | |||
| 402 | { 0x00CC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 403 | { 0x00CC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 404 | { 0x00CC15, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 405 | ||||
| 406 | /* https://tools.ietf.org/html/rfc7905 */ | |||
| 407 | { 0x00CCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 408 | { 0x00CCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 409 | { 0x00CCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 410 | { 0x00CCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 411 | { 0x00CCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 412 | { 0x00CCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 413 | { 0x00CCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 414 | ||||
| 415 | /* GM/T 0024-2014 */ | |||
| 416 | { 0x00e001, "ECDHE_SM1_SM3"}, | |||
| 417 | { 0x00e003, "ECC_SM1_SM3"}, | |||
| 418 | { 0x00e005, "IBSDH_SM1_SM3"}, | |||
| 419 | { 0x00e007, "IBC_SM1_SM3"}, | |||
| 420 | { 0x00e009, "RSA_SM1_SM3"}, | |||
| 421 | { 0x00e00a, "RSA_SM1_SHA1"}, | |||
| 422 | { 0x00e011, "ECDHE_SM4_CBC_SM3"}, | |||
| 423 | { 0x00e013, "ECC_SM4_CBC_SM3"}, | |||
| 424 | { 0x00e015, "IBSDH_SM4_CBC_SM3"}, | |||
| 425 | { 0x00e017, "IBC_SM4_CBC_SM3"}, | |||
| 426 | { 0x00e019, "RSA_SM4_CBC_SM3"}, | |||
| 427 | { 0x00e01a, "RSA_SM4_CBC_SHA1"}, | |||
| 428 | { 0x00e01c, "RSA_SM4_CBC_SHA256"}, | |||
| 429 | { 0x00e051, "ECDHE_SM4_GCM_SM3"}, | |||
| 430 | { 0x00e053, "ECC_SM4_GCM_SM3"}, | |||
| 431 | { 0x00e055, "IBSDH_SM4_GCM_SM3"}, | |||
| 432 | { 0x00e057, "IBC_SM4_GCM_SM3"}, | |||
| 433 | { 0x00e059, "RSA_SM4_GCM_SM3"}, | |||
| 434 | { 0x00e05a, "RSA_SM4_GCM_SHA256"}, | |||
| 435 | ||||
| 436 | /* https://tools.ietf.org/html/draft-josefsson-salsa20-tls */ | |||
| 437 | { 0x00E410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 438 | { 0x00E411, "TLS_RSA_WITH_SALSA20_SHA1" }, | |||
| 439 | { 0x00E412, "TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 440 | { 0x00E413, "TLS_ECDHE_RSA_WITH_SALSA20_SHA1" }, | |||
| 441 | { 0x00E414, "TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 442 | { 0x00E415, "TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1" }, | |||
| 443 | { 0x00E416, "TLS_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 444 | { 0x00E417, "TLS_PSK_WITH_SALSA20_SHA1" }, | |||
| 445 | { 0x00E418, "TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 446 | { 0x00E419, "TLS_ECDHE_PSK_WITH_SALSA20_SHA1" }, | |||
| 447 | { 0x00E41A, "TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 448 | { 0x00E41B, "TLS_RSA_PSK_WITH_SALSA20_SHA1" }, | |||
| 449 | { 0x00E41C, "TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 450 | { 0x00E41D, "TLS_DHE_PSK_WITH_SALSA20_SHA1" }, | |||
| 451 | { 0x00E41E, "TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 452 | { 0x00E41F, "TLS_DHE_RSA_WITH_SALSA20_SHA1" }, | |||
| 453 | ||||
| 454 | /* these from http://www.mozilla.org/projects/ | |||
| 455 | security/pki/nss/ssl/fips-ssl-ciphersuites.html */ | |||
| 456 | { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, | |||
| 457 | { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | |||
| 458 | { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | |||
| 459 | { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, | |||
| 460 | /* note that ciphersuites of {0x00????} are TLS cipher suites in | |||
| 461 | * a sslv2 client hello message; the ???? above is the two-byte | |||
| 462 | * tls cipher suite id | |||
| 463 | */ | |||
| 464 | ||||
| 465 | { 0x010080, "SSL2_RC4_128_WITH_MD5" }, | |||
| 466 | { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" }, | |||
| 467 | { 0x030080, "SSL2_RC2_128_CBC_WITH_MD5" }, | |||
| 468 | { 0x040080, "SSL2_RC2_128_CBC_EXPORT40_WITH_MD5" }, | |||
| 469 | { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" }, | |||
| 470 | { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" }, | |||
| 471 | { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" }, | |||
| 472 | { 0x080080, "SSL2_RC4_64_WITH_MD5" }, | |||
| 473 | ||||
| 474 | { 0x00, NULL((void*)0) } | |||
| 475 | }; | |||
| 476 | ||||
| 477 | value_string_ext ssl_20_cipher_suites_ext = VALUE_STRING_EXT_INIT(ssl_20_cipher_suites){ _try_val_to_str_ext_init, 0, (sizeof (ssl_20_cipher_suites) / sizeof ((ssl_20_cipher_suites)[0]))-1, ssl_20_cipher_suites , "ssl_20_cipher_suites" }; | |||
| 478 | ||||
| 479 | ||||
| 480 | /* | |||
| 481 | * Supported Groups (formerly named "EC Named Curve"). | |||
| 482 | * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 | |||
| 483 | */ | |||
| 484 | const value_string ssl_extension_curves[] = { | |||
| 485 | { 1, "sect163k1" }, | |||
| 486 | { 2, "sect163r1" }, | |||
| 487 | { 3, "sect163r2" }, | |||
| 488 | { 4, "sect193r1" }, | |||
| 489 | { 5, "sect193r2" }, | |||
| 490 | { 6, "sect233k1" }, | |||
| 491 | { 7, "sect233r1" }, | |||
| 492 | { 8, "sect239k1" }, | |||
| 493 | { 9, "sect283k1" }, | |||
| 494 | { 10, "sect283r1" }, | |||
| 495 | { 11, "sect409k1" }, | |||
| 496 | { 12, "sect409r1" }, | |||
| 497 | { 13, "sect571k1" }, | |||
| 498 | { 14, "sect571r1" }, | |||
| 499 | { 15, "secp160k1" }, | |||
| 500 | { 16, "secp160r1" }, | |||
| 501 | { 17, "secp160r2" }, | |||
| 502 | { 18, "secp192k1" }, | |||
| 503 | { 19, "secp192r1" }, | |||
| 504 | { 20, "secp224k1" }, | |||
| 505 | { 21, "secp224r1" }, | |||
| 506 | { 22, "secp256k1" }, | |||
| 507 | { 23, "secp256r1" }, | |||
| 508 | { 24, "secp384r1" }, | |||
| 509 | { 25, "secp521r1" }, | |||
| 510 | { 26, "brainpoolP256r1" }, /* RFC 7027 */ | |||
| 511 | { 27, "brainpoolP384r1" }, /* RFC 7027 */ | |||
| 512 | { 28, "brainpoolP512r1" }, /* RFC 7027 */ | |||
| 513 | { 29, "x25519" }, /* RFC 8446 / RFC 8422 */ | |||
| 514 | { 30, "x448" }, /* RFC 8446 / RFC 8422 */ | |||
| 515 | { 31, "brainpoolP256r1tls13" }, /* RFC8734 */ | |||
| 516 | { 32, "brainpoolP384r1tls13" }, /* RFC8734 */ | |||
| 517 | { 33, "brainpoolP512r1tls13" }, /* RFC8734 */ | |||
| 518 | { 34, "GC256A" }, /* RFC9189 */ | |||
| 519 | { 35, "GC256B" }, /* RFC9189 */ | |||
| 520 | { 36, "GC256C" }, /* RFC9189 */ | |||
| 521 | { 37, "GC256D" }, /* RFC9189 */ | |||
| 522 | { 38, "GC512A" }, /* RFC9189 */ | |||
| 523 | { 39, "GC512B" }, /* RFC9189 */ | |||
| 524 | { 40, "GC512C" }, /* RFC9189 */ | |||
| 525 | { 41, "curveSM2" }, /* RFC 8998 */ | |||
| 526 | { 256, "ffdhe2048" }, /* RFC 7919 */ | |||
| 527 | { 257, "ffdhe3072" }, /* RFC 7919 */ | |||
| 528 | { 258, "ffdhe4096" }, /* RFC 7919 */ | |||
| 529 | { 259, "ffdhe6144" }, /* RFC 7919 */ | |||
| 530 | { 260, "ffdhe8192" }, /* RFC 7919 */ | |||
| 531 | { 512, "MLKEM512"}, /* draft-connolly-tls-mlkem-key-agreement-03 */ | |||
| 532 | { 513, "MLKEM768"}, /* draft-connolly-tls-mlkem-key-agreement-03 */ | |||
| 533 | { 514, "MLKEM1024"}, /* draft-connolly-tls-mlkem-key-agreement-03 */ | |||
| 534 | { 2570, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 535 | { 4587, "SecP256r1MLKEM768" }, /* draft-kwiatkowski-tls-ecdhe-mlkem-02 */ | |||
| 536 | { 4588, "X25519MLKEM768" }, /* draft-kwiatkowski-tls-ecdhe-mlkem-03 */ | |||
| 537 | { 4589, "SecP384r1MLKEM1024" }, /* draft-kwiatkowski-tls-ecdhe-mlkem-03 */ | |||
| 538 | { 6682, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 539 | { 10794, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 540 | { 14906, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 541 | { 19018, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 542 | { 23130, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 543 | { 25497, "X25519Kyber768Draft00 (OBSOLETE)" }, /* draft-tls-westerbaan-xyber768d00-02 */ | |||
| 544 | { 25498, "SecP256r1Kyber768Draft00 (OBSOLETE)" }, /* draft-kwiatkowski-tls-ecdhe-kyber-01 */ | |||
| 545 | { 27242, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 546 | { 31354, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 547 | { 35466, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 548 | { 39578, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 549 | { 43690, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 550 | { 47802, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 551 | { 51914, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 552 | { 56026, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 553 | { 60138, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 554 | { 64250, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 555 | { 0xFF01, "arbitrary_explicit_prime_curves" }, | |||
| 556 | { 0xFF02, "arbitrary_explicit_char2_curves" }, | |||
| 557 | /* Below are various unofficial values that have been used for testing. */ | |||
| 558 | /* PQC key exchange algorithms from OQS-OpenSSL, | |||
| 559 | see https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/oqs-kem-info.md | |||
| 560 | These use IANA unassigned values and this list may be incomplete. | |||
| 561 | */ | |||
| 562 | { 0x2F00, "p256_frodo640aes" }, | |||
| 563 | { 0x2F01, "p256_frodo640shake" }, | |||
| 564 | { 0x2F02, "p384_frodo976aes" }, | |||
| 565 | { 0x0203, "frodo976shake" }, | |||
| 566 | { 0x2F03, "p384_frodo976shake" }, | |||
| 567 | { 0x0204, "frodo1344aes" }, | |||
| 568 | { 0x2F04, "p521_frodo1344aes" }, | |||
| 569 | { 0x0205, "frodo1344shake" }, | |||
| 570 | { 0x2F05, "p521_frodo1344shake" }, | |||
| 571 | { 0x023A, "kyber512" }, | |||
| 572 | { 0x2F3A, "p256_kyber512" }, | |||
| 573 | { 0x023C, "kyber768" }, | |||
| 574 | { 0x2F3C, "p384_kyber768" }, | |||
| 575 | { 0x023D, "kyber1024" }, | |||
| 576 | { 0x2F3D, "p521_kyber1024" }, | |||
| 577 | { 0x0214, "ntru_hps2048509" }, | |||
| 578 | { 0x2F14, "p256_ntru_hps2048509" }, | |||
| 579 | { 0x0215, "ntru_hps2048677" }, | |||
| 580 | { 0x2F15, "p384_ntru_hps2048677" }, | |||
| 581 | { 0x0216, "ntru_hps4096821" }, | |||
| 582 | { 0x2F16, "p521_ntru_hps4096821" }, | |||
| 583 | { 0x0245, "ntru_hps40961229" }, | |||
| 584 | { 0x2F45, "p521_ntru_hps40961229" }, | |||
| 585 | { 0x0217, "ntru_hrss701" }, | |||
| 586 | { 0x2F17, "p384_ntru_hrss701" }, | |||
| 587 | { 0x0246, "ntru_hrss1373" }, | |||
| 588 | { 0x2F46, "p521_ntru_hrss1373" }, | |||
| 589 | { 0x0218, "lightsaber" }, | |||
| 590 | { 0x2F18, "p256_lightsaber" }, | |||
| 591 | { 0x0219, "saber" }, | |||
| 592 | { 0x2F19, "p384_saber" }, | |||
| 593 | { 0x021A, "firesaber" }, | |||
| 594 | { 0x2F1A, "p521_firesaber" }, | |||
| 595 | { 0x021B, "sidhp434" }, | |||
| 596 | { 0x2F1B, "p256_sidhp434" }, | |||
| 597 | { 0x021C, "sidhp503" }, | |||
| 598 | { 0x2F1C, "p256_sidhp503" }, | |||
| 599 | { 0x021D, "sidhp610" }, | |||
| 600 | { 0x2F1D, "p384_sidhp610" }, | |||
| 601 | { 0x021E, "sidhp751" }, | |||
| 602 | { 0x2F1E, "p521_sidhp751" }, | |||
| 603 | { 0x021F, "sikep434" }, | |||
| 604 | { 0x2F1F, "p256_sikep434" }, | |||
| 605 | { 0x0220, "sikep503" }, | |||
| 606 | { 0x2F20, "p256_sikep503" }, | |||
| 607 | { 0x0221, "sikep610" }, | |||
| 608 | { 0x2F21, "p384_sikep610" }, | |||
| 609 | { 0x0222, "sikep751" }, | |||
| 610 | { 0x2F22, "p521_sikep751" }, | |||
| 611 | { 0x0238, "bikel1" }, | |||
| 612 | { 0x2F38, "p256_bikel1" }, | |||
| 613 | { 0x023B, "bikel3" }, | |||
| 614 | { 0x2F3B, "p384_bikel3" }, | |||
| 615 | { 0x023E, "kyber90s512" }, | |||
| 616 | { 0x2F3E, "p256_kyber90s512" }, | |||
| 617 | { 0x023F, "kyber90s768" }, | |||
| 618 | { 0x2F3F, "p384_kyber90s768" }, | |||
| 619 | { 0x0240, "kyber90s1024" }, | |||
| 620 | { 0x2F40, "p521_kyber90s1024" }, | |||
| 621 | { 0x022C, "hqc128" }, | |||
| 622 | { 0x2F2C, "p256_hqc128" }, | |||
| 623 | { 0x022D, "hqc192" }, | |||
| 624 | { 0x2F2D, "p384_hqc192" }, | |||
| 625 | { 0x022E, "hqc256" }, | |||
| 626 | { 0x2F2E, "p521_hqc256" }, | |||
| 627 | { 0x022F, "ntrulpr653" }, | |||
| 628 | { 0x2F2F, "p256_ntrulpr653" }, | |||
| 629 | { 0x0230, "ntrulpr761" }, | |||
| 630 | { 0x2F43, "p256_ntrulpr761" }, | |||
| 631 | { 0x0231, "ntrulpr857" }, | |||
| 632 | { 0x2F31, "p384_ntrulpr857" }, | |||
| 633 | { 0x0241, "ntrulpr1277" }, | |||
| 634 | { 0x2F41, "p521_ntrulpr1277" }, | |||
| 635 | { 0x0232, "sntrup653" }, | |||
| 636 | { 0x2F32, "p256_sntrup653" }, | |||
| 637 | { 0x0233, "sntrup761" }, | |||
| 638 | { 0x2F44, "p256_sntrup761" }, | |||
| 639 | { 0x0234, "sntrup857" }, | |||
| 640 | { 0x2F34, "p384_sntrup857" }, | |||
| 641 | { 0x0242, "sntrup1277" }, | |||
| 642 | { 0x2F42, "p521_sntrup1277" }, | |||
| 643 | /* Other PQ key exchange algorithms, using Reserved for Private Use values | |||
| 644 | https://blog.cloudflare.com/post-quantum-for-all | |||
| 645 | https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.txt */ | |||
| 646 | { 0xFE30, "X25519Kyber512Draft00 (OBSOLETE)" }, | |||
| 647 | { 0xFE31, "X25519Kyber768Draft00 (OBSOLETE)" }, | |||
| 648 | { 0x00, NULL((void*)0) } | |||
| 649 | }; | |||
| 650 | ||||
| 651 | const value_string ssl_curve_types[] = { | |||
| 652 | { 1, "explicit_prime" }, | |||
| 653 | { 2, "explicit_char2" }, | |||
| 654 | { 3, "named_curve" }, | |||
| 655 | { 0x00, NULL((void*)0) } | |||
| 656 | }; | |||
| 657 | ||||
| 658 | const value_string ssl_extension_ec_point_formats[] = { | |||
| 659 | { 0, "uncompressed" }, | |||
| 660 | { 1, "ansiX962_compressed_prime" }, | |||
| 661 | { 2, "ansiX962_compressed_char2" }, | |||
| 662 | { 0x00, NULL((void*)0) } | |||
| 663 | }; | |||
| 664 | ||||
| 665 | const value_string ssl_20_certificate_type[] = { | |||
| 666 | { 0x00, "N/A" }, | |||
| 667 | { 0x01, "X.509 Certificate" }, | |||
| 668 | { 0x00, NULL((void*)0) } | |||
| 669 | }; | |||
| 670 | ||||
| 671 | const value_string ssl_31_content_type[] = { | |||
| 672 | { 20, "Change Cipher Spec" }, | |||
| 673 | { 21, "Alert" }, | |||
| 674 | { 22, "Handshake" }, | |||
| 675 | { 23, "Application Data" }, | |||
| 676 | { 24, "Heartbeat" }, | |||
| 677 | { 25, "Connection ID" }, | |||
| 678 | { 0x00, NULL((void*)0) } | |||
| 679 | }; | |||
| 680 | ||||
| 681 | #if 0 | |||
| 682 | /* XXX - would be used if we dissected the body of a Change Cipher Spec | |||
| 683 | message. */ | |||
| 684 | const value_string ssl_31_change_cipher_spec[] = { | |||
| 685 | { 1, "Change Cipher Spec" }, | |||
| 686 | { 0x00, NULL((void*)0) } | |||
| 687 | }; | |||
| 688 | #endif | |||
| 689 | ||||
| 690 | const value_string ssl_31_alert_level[] = { | |||
| 691 | { 1, "Warning" }, | |||
| 692 | { 2, "Fatal" }, | |||
| 693 | { 0x00, NULL((void*)0) } | |||
| 694 | }; | |||
| 695 | ||||
| 696 | const value_string ssl_31_alert_description[] = { | |||
| 697 | { 0, "Close Notify" }, | |||
| 698 | { 1, "End of Early Data" }, | |||
| 699 | { 10, "Unexpected Message" }, | |||
| 700 | { 20, "Bad Record MAC" }, | |||
| 701 | { 21, "Decryption Failed" }, | |||
| 702 | { 22, "Record Overflow" }, | |||
| 703 | { 30, "Decompression Failure" }, | |||
| 704 | { 40, "Handshake Failure" }, | |||
| 705 | { 41, "No Certificate" }, | |||
| 706 | { 42, "Bad Certificate" }, | |||
| 707 | { 43, "Unsupported Certificate" }, | |||
| 708 | { 44, "Certificate Revoked" }, | |||
| 709 | { 45, "Certificate Expired" }, | |||
| 710 | { 46, "Certificate Unknown" }, | |||
| 711 | { 47, "Illegal Parameter" }, | |||
| 712 | { 48, "Unknown CA" }, | |||
| 713 | { 49, "Access Denied" }, | |||
| 714 | { 50, "Decode Error" }, | |||
| 715 | { 51, "Decrypt Error" }, | |||
| 716 | { 60, "Export Restriction" }, | |||
| 717 | { 70, "Protocol Version" }, | |||
| 718 | { 71, "Insufficient Security" }, | |||
| 719 | { 80, "Internal Error" }, | |||
| 720 | { 86, "Inappropriate Fallback" }, | |||
| 721 | { 90, "User Canceled" }, | |||
| 722 | { 100, "No Renegotiation" }, | |||
| 723 | { 109, "Missing Extension" }, | |||
| 724 | { 110, "Unsupported Extension" }, | |||
| 725 | { 111, "Certificate Unobtainable" }, | |||
| 726 | { 112, "Unrecognized Name" }, | |||
| 727 | { 113, "Bad Certificate Status Response" }, | |||
| 728 | { 114, "Bad Certificate Hash Value" }, | |||
| 729 | { 115, "Unknown PSK Identity" }, | |||
| 730 | { 116, "Certificate Required" }, | |||
| 731 | { 120, "No application Protocol" }, | |||
| 732 | { 121, "ECH Required" }, | |||
| 733 | { 0x00, NULL((void*)0) } | |||
| 734 | }; | |||
| 735 | ||||
| 736 | const value_string ssl_31_handshake_type[] = { | |||
| 737 | { SSL_HND_HELLO_REQUEST, "Hello Request" }, | |||
| 738 | { SSL_HND_CLIENT_HELLO, "Client Hello" }, | |||
| 739 | { SSL_HND_SERVER_HELLO, "Server Hello" }, | |||
| 740 | { SSL_HND_HELLO_VERIFY_REQUEST, "Hello Verify Request"}, | |||
| 741 | { SSL_HND_NEWSESSION_TICKET, "New Session Ticket" }, | |||
| 742 | { SSL_HND_END_OF_EARLY_DATA, "End of Early Data" }, | |||
| 743 | { SSL_HND_HELLO_RETRY_REQUEST, "Hello Retry Request" }, | |||
| 744 | { SSL_HND_ENCRYPTED_EXTENSIONS, "Encrypted Extensions" }, | |||
| 745 | { SSL_HND_CERTIFICATE, "Certificate" }, | |||
| 746 | { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" }, | |||
| 747 | { SSL_HND_CERT_REQUEST, "Certificate Request" }, | |||
| 748 | { SSL_HND_SVR_HELLO_DONE, "Server Hello Done" }, | |||
| 749 | { SSL_HND_CERT_VERIFY, "Certificate Verify" }, | |||
| 750 | { SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" }, | |||
| 751 | { SSL_HND_FINISHED, "Finished" }, | |||
| 752 | { SSL_HND_CERT_URL, "Client Certificate URL" }, | |||
| 753 | { SSL_HND_CERT_STATUS, "Certificate Status" }, | |||
| 754 | { SSL_HND_SUPPLEMENTAL_DATA, "Supplemental Data" }, | |||
| 755 | { SSL_HND_KEY_UPDATE, "Key Update" }, | |||
| 756 | { SSL_HND_COMPRESSED_CERTIFICATE, "Compressed Certificate" }, | |||
| 757 | { SSL_HND_ENCRYPTED_EXTS, "Encrypted Extensions" }, | |||
| 758 | { 0x00, NULL((void*)0) } | |||
| 759 | }; | |||
| 760 | ||||
| 761 | const value_string tls_heartbeat_type[] = { | |||
| 762 | { 1, "Request" }, | |||
| 763 | { 2, "Response" }, | |||
| 764 | { 0x00, NULL((void*)0) } | |||
| 765 | }; | |||
| 766 | ||||
| 767 | const value_string tls_heartbeat_mode[] = { | |||
| 768 | { 1, "Peer allowed to send requests" }, | |||
| 769 | { 2, "Peer not allowed to send requests" }, | |||
| 770 | { 0x00, NULL((void*)0) } | |||
| 771 | }; | |||
| 772 | ||||
| 773 | const value_string ssl_31_compression_method[] = { | |||
| 774 | { 0, "null" }, | |||
| 775 | { 1, "DEFLATE" }, | |||
| 776 | { 64, "LZS" }, | |||
| 777 | { 0x00, NULL((void*)0) } | |||
| 778 | }; | |||
| 779 | ||||
| 780 | #if 0 | |||
| 781 | /* XXX - would be used if we dissected a Signature, as would be | |||
| 782 | seen in a server key exchange or certificate verify message. */ | |||
| 783 | const value_string ssl_31_key_exchange_algorithm[] = { | |||
| 784 | { 0, "RSA" }, | |||
| 785 | { 1, "Diffie Hellman" }, | |||
| 786 | { 0x00, NULL((void*)0) } | |||
| 787 | }; | |||
| 788 | ||||
| 789 | const value_string ssl_31_signature_algorithm[] = { | |||
| 790 | { 0, "Anonymous" }, | |||
| 791 | { 1, "RSA" }, | |||
| 792 | { 2, "DSA" }, | |||
| 793 | { 0x00, NULL((void*)0) } | |||
| 794 | }; | |||
| 795 | #endif | |||
| 796 | ||||
| 797 | const value_string ssl_31_client_certificate_type[] = { | |||
| 798 | { 1, "RSA Sign" }, | |||
| 799 | { 2, "DSS Sign" }, | |||
| 800 | { 3, "RSA Fixed DH" }, | |||
| 801 | { 4, "DSS Fixed DH" }, | |||
| 802 | /* GOST certificate types */ | |||
| 803 | /* Section 3.5 of draft-chudov-cryptopro-cptls-04 */ | |||
| 804 | { 21, "GOST R 34.10-94" }, | |||
| 805 | { 22, "GOST R 34.10-2001" }, | |||
| 806 | /* END GOST certificate types */ | |||
| 807 | { 64, "ECDSA Sign" }, | |||
| 808 | { 65, "RSA Fixed ECDH" }, | |||
| 809 | { 66, "ECDSA Fixed ECDH" }, | |||
| 810 | { 80, "IBC Params" }, | |||
| 811 | { 0x00, NULL((void*)0) } | |||
| 812 | }; | |||
| 813 | ||||
| 814 | #if 0 | |||
| 815 | /* XXX - would be used if we dissected exchange keys, as would be | |||
| 816 | seen in a client key exchange message. */ | |||
| 817 | const value_string ssl_31_public_value_encoding[] = { | |||
| 818 | { 0, "Implicit" }, | |||
| 819 | { 1, "Explicit" }, | |||
| 820 | { 0x00, NULL((void*)0) } | |||
| 821 | }; | |||
| 822 | #endif | |||
| 823 | ||||
| 824 | /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ | |||
| 825 | /* Note: sorted by ascending value so value_string_ext fcns can do a binary search */ | |||
| 826 | static const value_string ssl_31_ciphersuite[] = { | |||
| 827 | /* RFC 2246, RFC 4346, RFC 5246 */ | |||
| 828 | { 0x0000, "TLS_NULL_WITH_NULL_NULL" }, | |||
| 829 | { 0x0001, "TLS_RSA_WITH_NULL_MD5" }, | |||
| 830 | { 0x0002, "TLS_RSA_WITH_NULL_SHA" }, | |||
| 831 | { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, | |||
| 832 | { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" }, | |||
| 833 | { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" }, | |||
| 834 | { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, | |||
| 835 | { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, | |||
| 836 | { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 837 | { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" }, | |||
| 838 | { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 839 | { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 840 | { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, | |||
| 841 | { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
| 842 | { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 843 | { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, | |||
| 844 | { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 845 | { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 846 | { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, | |||
| 847 | { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
| 848 | { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 849 | { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, | |||
| 850 | { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 851 | { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, | |||
| 852 | { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" }, | |||
| 853 | { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, | |||
| 854 | { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" }, | |||
| 855 | { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, | |||
| 856 | ||||
| 857 | { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" }, | |||
| 858 | { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, | |||
| 859 | #if 0 /* Because it clashes with KRB5, is never used any more, and is safe | |||
| 860 | to remove according to David Hopwood <david.hopwood@zetnet.co.uk> | |||
| 861 | of the ietf-tls list */ | |||
| 862 | { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, | |||
| 863 | #endif | |||
| 864 | /* RFC 2712 */ | |||
| 865 | { 0x001E, "TLS_KRB5_WITH_DES_CBC_SHA" }, | |||
| 866 | { 0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, | |||
| 867 | { 0x0020, "TLS_KRB5_WITH_RC4_128_SHA" }, | |||
| 868 | { 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, | |||
| 869 | { 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5" }, | |||
| 870 | { 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, | |||
| 871 | { 0x0024, "TLS_KRB5_WITH_RC4_128_MD5" }, | |||
| 872 | { 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, | |||
| 873 | { 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, | |||
| 874 | { 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, | |||
| 875 | { 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, | |||
| 876 | { 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, | |||
| 877 | { 0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, | |||
| 878 | { 0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, | |||
| 879 | /* RFC 4785 */ | |||
| 880 | { 0x002C, "TLS_PSK_WITH_NULL_SHA" }, | |||
| 881 | { 0x002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, | |||
| 882 | { 0x002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, | |||
| 883 | /* RFC 5246 */ | |||
| 884 | { 0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 885 | { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, | |||
| 886 | { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 887 | { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, | |||
| 888 | { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 889 | { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, | |||
| 890 | { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 891 | { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, | |||
| 892 | { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 893 | { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, | |||
| 894 | { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 895 | { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, | |||
| 896 | { 0x003B, "TLS_RSA_WITH_NULL_SHA256" }, | |||
| 897 | { 0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, | |||
| 898 | { 0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, | |||
| 899 | { 0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, | |||
| 900 | { 0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, | |||
| 901 | { 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, | |||
| 902 | /* RFC 4132 */ | |||
| 903 | { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 904 | { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 905 | { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 906 | { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 907 | { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 908 | { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, | |||
| 909 | /* 0x00,0x60-66 Reserved to avoid conflicts with widely deployed implementations */ | |||
| 910 | /* --- ??? --- */ | |||
| 911 | { 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" }, | |||
| 912 | { 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" }, | |||
| 913 | /* draft-ietf-tls-56-bit-ciphersuites-01.txt */ | |||
| 914 | { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" }, | |||
| 915 | { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" }, | |||
| 916 | { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" }, | |||
| 917 | { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" }, | |||
| 918 | { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" }, | |||
| 919 | /* --- ??? ---*/ | |||
| 920 | { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, | |||
| 921 | { 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, | |||
| 922 | { 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, | |||
| 923 | { 0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, | |||
| 924 | { 0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, | |||
| 925 | { 0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, | |||
| 926 | { 0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, | |||
| 927 | /* draft-chudov-cryptopro-cptls-04.txt */ | |||
| 928 | { 0x0080, "TLS_GOSTR341094_WITH_28147_CNT_IMIT" }, | |||
| 929 | { 0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT" }, | |||
| 930 | { 0x0082, "TLS_GOSTR341094_WITH_NULL_GOSTR3411" }, | |||
| 931 | { 0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411" }, | |||
| 932 | /* RFC 4132 */ | |||
| 933 | { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 934 | { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 935 | { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 936 | { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 937 | { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 938 | { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, | |||
| 939 | /* RFC 4279 */ | |||
| 940 | { 0x008A, "TLS_PSK_WITH_RC4_128_SHA" }, | |||
| 941 | { 0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
| 942 | { 0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, | |||
| 943 | { 0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, | |||
| 944 | { 0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, | |||
| 945 | { 0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
| 946 | { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, | |||
| 947 | { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, | |||
| 948 | { 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, | |||
| 949 | { 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
| 950 | { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, | |||
| 951 | { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, | |||
| 952 | /* RFC 4162 */ | |||
| 953 | { 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA" }, | |||
| 954 | { 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, | |||
| 955 | { 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, | |||
| 956 | { 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, | |||
| 957 | { 0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, | |||
| 958 | { 0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, | |||
| 959 | /* RFC 5288 */ | |||
| 960 | { 0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, | |||
| 961 | { 0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, | |||
| 962 | { 0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, | |||
| 963 | { 0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, | |||
| 964 | { 0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, | |||
| 965 | { 0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, | |||
| 966 | { 0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, | |||
| 967 | { 0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, | |||
| 968 | { 0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, | |||
| 969 | { 0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, | |||
| 970 | { 0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, | |||
| 971 | { 0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, | |||
| 972 | /* RFC 5487 */ | |||
| 973 | { 0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, | |||
| 974 | { 0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, | |||
| 975 | { 0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, | |||
| 976 | { 0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, | |||
| 977 | { 0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, | |||
| 978 | { 0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, | |||
| 979 | { 0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, | |||
| 980 | { 0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, | |||
| 981 | { 0x00B0, "TLS_PSK_WITH_NULL_SHA256" }, | |||
| 982 | { 0x00B1, "TLS_PSK_WITH_NULL_SHA384" }, | |||
| 983 | { 0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, | |||
| 984 | { 0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, | |||
| 985 | { 0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, | |||
| 986 | { 0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, | |||
| 987 | { 0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, | |||
| 988 | { 0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, | |||
| 989 | { 0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, | |||
| 990 | { 0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, | |||
| 991 | /* From RFC 5932 */ | |||
| 992 | { 0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 993 | { 0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 994 | { 0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 995 | { 0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 996 | { 0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 997 | { 0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 998 | { 0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 999 | { 0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 1000 | { 0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 1001 | { 0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 1002 | { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 1003 | { 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
| 1004 | /* RFC 8998 */ | |||
| 1005 | { 0x00C6, "TLS_SM4_GCM_SM3" }, | |||
| 1006 | { 0x00C7, "TLS_SM4_CCM_SM3" }, | |||
| 1007 | /* 0x00,0xC8-FE Unassigned */ | |||
| 1008 | /* From RFC 5746 */ | |||
| 1009 | { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, | |||
| 1010 | /* RFC 8701 */ | |||
| 1011 | { 0x0A0A, "Reserved (GREASE)" }, | |||
| 1012 | /* RFC 8446 */ | |||
| 1013 | { 0x1301, "TLS_AES_128_GCM_SHA256" }, | |||
| 1014 | { 0x1302, "TLS_AES_256_GCM_SHA384" }, | |||
| 1015 | { 0x1303, "TLS_CHACHA20_POLY1305_SHA256" }, | |||
| 1016 | { 0x1304, "TLS_AES_128_CCM_SHA256" }, | |||
| 1017 | { 0x1305, "TLS_AES_128_CCM_8_SHA256" }, | |||
| 1018 | /* RFC 8701 */ | |||
| 1019 | { 0x1A1A, "Reserved (GREASE)" }, | |||
| 1020 | { 0x2A2A, "Reserved (GREASE)" }, | |||
| 1021 | { 0x3A3A, "Reserved (GREASE)" }, | |||
| 1022 | { 0x4A4A, "Reserved (GREASE)" }, | |||
| 1023 | /* From RFC 7507 */ | |||
| 1024 | { 0x5600, "TLS_FALLBACK_SCSV" }, | |||
| 1025 | /* RFC 8701 */ | |||
| 1026 | { 0x5A5A, "Reserved (GREASE)" }, | |||
| 1027 | { 0x6A6A, "Reserved (GREASE)" }, | |||
| 1028 | { 0x7A7A, "Reserved (GREASE)" }, | |||
| 1029 | { 0x8A8A, "Reserved (GREASE)" }, | |||
| 1030 | { 0x9A9A, "Reserved (GREASE)" }, | |||
| 1031 | { 0xAAAA, "Reserved (GREASE)" }, | |||
| 1032 | { 0xBABA, "Reserved (GREASE)" }, | |||
| 1033 | /* From RFC 4492 */ | |||
| 1034 | { 0xc001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, | |||
| 1035 | { 0xc002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, | |||
| 1036 | { 0xc003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1037 | { 0xc004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, | |||
| 1038 | { 0xc005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, | |||
| 1039 | { 0xc006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, | |||
| 1040 | { 0xc007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, | |||
| 1041 | { 0xc008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1042 | { 0xc009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, | |||
| 1043 | { 0xc00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, | |||
| 1044 | { 0xc00b, "TLS_ECDH_RSA_WITH_NULL_SHA" }, | |||
| 1045 | { 0xc00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, | |||
| 1046 | { 0xc00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1047 | { 0xc00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 1048 | { 0xc00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 1049 | { 0xc010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, | |||
| 1050 | { 0xc011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, | |||
| 1051 | { 0xc012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1052 | { 0xc013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 1053 | { 0xc014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 1054 | { 0xc015, "TLS_ECDH_anon_WITH_NULL_SHA" }, | |||
| 1055 | { 0xc016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, | |||
| 1056 | { 0xc017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1057 | { 0xc018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, | |||
| 1058 | { 0xc019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, | |||
| 1059 | /* RFC 5054 */ | |||
| 1060 | { 0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1061 | { 0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1062 | { 0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1063 | { 0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, | |||
| 1064 | { 0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, | |||
| 1065 | { 0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, | |||
| 1066 | { 0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, | |||
| 1067 | { 0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, | |||
| 1068 | { 0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, | |||
| 1069 | /* RFC 5589 */ | |||
| 1070 | { 0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, | |||
| 1071 | { 0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, | |||
| 1072 | { 0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, | |||
| 1073 | { 0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, | |||
| 1074 | { 0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, | |||
| 1075 | { 0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, | |||
| 1076 | { 0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, | |||
| 1077 | { 0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, | |||
| 1078 | { 0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, | |||
| 1079 | { 0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, | |||
| 1080 | { 0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, | |||
| 1081 | { 0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, | |||
| 1082 | { 0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, | |||
| 1083 | { 0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, | |||
| 1084 | { 0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, | |||
| 1085 | { 0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, | |||
| 1086 | /* RFC 5489 */ | |||
| 1087 | { 0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, | |||
| 1088 | { 0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1089 | { 0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, | |||
| 1090 | { 0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, | |||
| 1091 | { 0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, | |||
| 1092 | { 0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, | |||
| 1093 | { 0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, | |||
| 1094 | { 0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, | |||
| 1095 | { 0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, | |||
| 1096 | /* RFC 6209 */ | |||
| 1097 | { 0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1098 | { 0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1099 | { 0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1100 | { 0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1101 | { 0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1102 | { 0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1103 | { 0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1104 | { 0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1105 | { 0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1106 | { 0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1107 | { 0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1108 | { 0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1109 | { 0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1110 | { 0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1111 | { 0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1112 | { 0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1113 | { 0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1114 | { 0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1115 | { 0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1116 | { 0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1117 | { 0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1118 | { 0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1119 | { 0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1120 | { 0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1121 | { 0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1122 | { 0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1123 | { 0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1124 | { 0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1125 | { 0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1126 | { 0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1127 | { 0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1128 | { 0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1129 | { 0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1130 | { 0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1131 | { 0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1132 | { 0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1133 | { 0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1134 | { 0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1135 | { 0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1136 | { 0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1137 | { 0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1138 | { 0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1139 | { 0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1140 | { 0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1141 | { 0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1142 | { 0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1143 | { 0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1144 | { 0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1145 | { 0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1146 | { 0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1147 | { 0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" }, | |||
| 1148 | { 0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" }, | |||
| 1149 | { 0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" }, | |||
| 1150 | { 0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" }, | |||
| 1151 | /* RFC 6367 */ | |||
| 1152 | { 0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 1153 | { 0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
| 1154 | { 0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 1155 | { 0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
| 1156 | { 0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 1157 | { 0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
| 1158 | { 0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 1159 | { 0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
| 1160 | { 0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1161 | { 0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1162 | { 0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1163 | { 0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1164 | { 0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1165 | { 0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1166 | { 0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1167 | { 0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1168 | { 0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1169 | { 0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1170 | { 0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1171 | { 0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1172 | { 0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1173 | { 0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1174 | { 0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1175 | { 0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1176 | { 0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1177 | { 0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1178 | { 0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1179 | { 0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1180 | { 0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1181 | { 0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1182 | { 0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1183 | { 0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1184 | { 0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
| 1185 | { 0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
| 1186 | { 0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 1187 | { 0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
| 1188 | { 0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 1189 | { 0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
| 1190 | { 0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 1191 | { 0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
| 1192 | { 0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
| 1193 | { 0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
| 1194 | /* RFC 6655 */ | |||
| 1195 | { 0xC09C, "TLS_RSA_WITH_AES_128_CCM" }, | |||
| 1196 | { 0xC09D, "TLS_RSA_WITH_AES_256_CCM" }, | |||
| 1197 | { 0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM" }, | |||
| 1198 | { 0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM" }, | |||
| 1199 | { 0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8" }, | |||
| 1200 | { 0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8" }, | |||
| 1201 | { 0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8" }, | |||
| 1202 | { 0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8" }, | |||
| 1203 | { 0xC0A4, "TLS_PSK_WITH_AES_128_CCM" }, | |||
| 1204 | { 0xC0A5, "TLS_PSK_WITH_AES_256_CCM" }, | |||
| 1205 | { 0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM" }, | |||
| 1206 | { 0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM" }, | |||
| 1207 | { 0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8" }, | |||
| 1208 | { 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8" }, | |||
| 1209 | { 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8" }, | |||
| 1210 | { 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8" }, | |||
| 1211 | /* RFC 7251 */ | |||
| 1212 | { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" }, | |||
| 1213 | { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" }, | |||
| 1214 | { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" }, | |||
| 1215 | { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" }, | |||
| 1216 | /* RFC 8492 */ | |||
| 1217 | { 0xC0B0, "TLS_ECCPWD_WITH_AES_128_GCM_SHA256" }, | |||
| 1218 | { 0xC0B1, "TLS_ECCPWD_WITH_AES_256_GCM_SHA384" }, | |||
| 1219 | { 0xC0B2, "TLS_ECCPWD_WITH_AES_128_CCM_SHA256" }, | |||
| 1220 | { 0xC0B3, "TLS_ECCPWD_WITH_AES_256_CCM_SHA384" }, | |||
| 1221 | /* draft-camwinget-tls-ts13-macciphersuites */ | |||
| 1222 | { 0xC0B4, "TLS_SHA256_SHA256" }, | |||
| 1223 | { 0xC0B5, "TLS_SHA384_SHA384" }, | |||
| 1224 | /* https://www.ietf.org/archive/id/draft-cragie-tls-ecjpake-01.txt */ | |||
| 1225 | { 0xC0FF, "TLS_ECJPAKE_WITH_AES_128_CCM_8" }, | |||
| 1226 | /* draft-smyshlyaev-tls12-gost-suites */ | |||
| 1227 | { 0xC100, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC" }, | |||
| 1228 | { 0xC101, "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC" }, | |||
| 1229 | { 0xC102, "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT" }, | |||
| 1230 | /* draft-smyshlyaev-tls13-gost-suites */ | |||
| 1231 | { 0xC103, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L" }, | |||
| 1232 | { 0xC104, "TLS_GOSTR341112_256_WITH_MAGMA_MGM_L" }, | |||
| 1233 | { 0xC105, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S" }, | |||
| 1234 | { 0xC106, "TLS_GOSTR341112_256_WITH_MAGMA_MGM_S" }, | |||
| 1235 | /* RFC 8701 */ | |||
| 1236 | { 0xCACA, "Reserved (GREASE)" }, | |||
| 1237 | /* | |||
| 1238 | 0xC0,0xAB-FF Unassigned | |||
| 1239 | 0xC1,0x03-FD,* Unassigned | |||
| 1240 | 0xFE,0x00-FD Unassigned | |||
| 1241 | 0xFE,0xFE-FF Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen] | |||
| 1242 | 0xFF,0x00-FF Reserved for Private Use [RFC5246] | |||
| 1243 | */ | |||
| 1244 | /* old numbers used in the beginning | |||
| 1245 | * https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305 */ | |||
| 1246 | { 0xCC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 1247 | { 0xCC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 1248 | { 0xCC15, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 1249 | /* RFC 7905 */ | |||
| 1250 | { 0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 1251 | { 0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 1252 | { 0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 1253 | { 0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 1254 | { 0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 1255 | { 0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 1256 | { 0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
| 1257 | /* RFC 8442 */ | |||
| 1258 | { 0xD001, "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256" }, | |||
| 1259 | { 0xD002, "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384" }, | |||
| 1260 | { 0xD003, "TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256" }, | |||
| 1261 | { 0xD005, "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256" }, | |||
| 1262 | /* RFC 8701 */ | |||
| 1263 | { 0xDADA, "Reserved (GREASE)" }, | |||
| 1264 | /* GM/T 0024-2014 */ | |||
| 1265 | { 0xe001, "ECDHE_SM1_SM3"}, | |||
| 1266 | { 0xe003, "ECC_SM1_SM3"}, | |||
| 1267 | { 0xe005, "IBSDH_SM1_SM3"}, | |||
| 1268 | { 0xe007, "IBC_SM1_SM3"}, | |||
| 1269 | { 0xe009, "RSA_SM1_SM3"}, | |||
| 1270 | { 0xe00a, "RSA_SM1_SHA1"}, | |||
| 1271 | { 0xe011, "ECDHE_SM4_CBC_SM3"}, | |||
| 1272 | { 0xe013, "ECC_SM4_CBC_SM3"}, | |||
| 1273 | { 0xe015, "IBSDH_SM4_CBC_SM3"}, | |||
| 1274 | { 0xe017, "IBC_SM4_CBC_SM3"}, | |||
| 1275 | { 0xe019, "RSA_SM4_CBC_SM3"}, | |||
| 1276 | { 0xe01a, "RSA_SM4_CBC_SHA1"}, | |||
| 1277 | { 0xe01c, "RSA_SM4_CBC_SHA256"}, | |||
| 1278 | { 0xe051, "ECDHE_SM4_GCM_SM3"}, | |||
| 1279 | { 0xe053, "ECC_SM4_GCM_SM3"}, | |||
| 1280 | { 0xe055, "IBSDH_SM4_GCM_SM3"}, | |||
| 1281 | { 0xe057, "IBC_SM4_GCM_SM3"}, | |||
| 1282 | { 0xe059, "RSA_SM4_GCM_SM3"}, | |||
| 1283 | { 0xe05a, "RSA_SM4_GCM_SHA256"}, | |||
| 1284 | /* https://tools.ietf.org/html/draft-josefsson-salsa20-tls */ | |||
| 1285 | { 0xE410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 1286 | { 0xE411, "TLS_RSA_WITH_SALSA20_SHA1" }, | |||
| 1287 | { 0xE412, "TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 1288 | { 0xE413, "TLS_ECDHE_RSA_WITH_SALSA20_SHA1" }, | |||
| 1289 | { 0xE414, "TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 1290 | { 0xE415, "TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1" }, | |||
| 1291 | { 0xE416, "TLS_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 1292 | { 0xE417, "TLS_PSK_WITH_SALSA20_SHA1" }, | |||
| 1293 | { 0xE418, "TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 1294 | { 0xE419, "TLS_ECDHE_PSK_WITH_SALSA20_SHA1" }, | |||
| 1295 | { 0xE41A, "TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 1296 | { 0xE41B, "TLS_RSA_PSK_WITH_SALSA20_SHA1" }, | |||
| 1297 | { 0xE41C, "TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 1298 | { 0xE41D, "TLS_DHE_PSK_WITH_SALSA20_SHA1" }, | |||
| 1299 | { 0xE41E, "TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
| 1300 | { 0xE41F, "TLS_DHE_RSA_WITH_SALSA20_SHA1" }, | |||
| 1301 | /* RFC 8701 */ | |||
| 1302 | { 0xEAEA, "Reserved (GREASE)" }, | |||
| 1303 | { 0xFAFA, "Reserved (GREASE)" }, | |||
| 1304 | /* these from http://www.mozilla.org/projects/ | |||
| 1305 | security/pki/nss/ssl/fips-ssl-ciphersuites.html */ | |||
| 1306 | { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, | |||
| 1307 | { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1308 | /* https://datatracker.ietf.org/doc/html/rfc9189 */ | |||
| 1309 | { 0xff85, "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT"}, | |||
| 1310 | { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | |||
| 1311 | { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA" }, | |||
| 1312 | /* note that ciphersuites 0xff00 - 0xffff are private */ | |||
| 1313 | { 0x00, NULL((void*)0) } | |||
| 1314 | }; | |||
| 1315 | ||||
| 1316 | value_string_ext ssl_31_ciphersuite_ext = VALUE_STRING_EXT_INIT(ssl_31_ciphersuite){ _try_val_to_str_ext_init, 0, (sizeof (ssl_31_ciphersuite) / sizeof ((ssl_31_ciphersuite)[0]))-1, ssl_31_ciphersuite, "ssl_31_ciphersuite" }; | |||
| 1317 | ||||
| 1318 | /* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1 */ | |||
| 1319 | const value_string tls_hello_extension_types[] = { | |||
| 1320 | { SSL_HND_HELLO_EXT_SERVER_NAME0, "server_name" }, /* RFC 6066 */ | |||
| 1321 | { SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH1, "max_fragment_length" },/* RFC 6066 */ | |||
| 1322 | { SSL_HND_HELLO_EXT_CLIENT_CERTIFICATE_URL2, "client_certificate_url" }, /* RFC 6066 */ | |||
| 1323 | { SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS3, "trusted_ca_keys" }, /* RFC 6066 */ | |||
| 1324 | { SSL_HND_HELLO_EXT_TRUNCATED_HMAC4, "truncated_hmac" }, /* RFC 6066 */ | |||
| 1325 | { SSL_HND_HELLO_EXT_STATUS_REQUEST5, "status_request" }, /* RFC 6066 */ | |||
| 1326 | { SSL_HND_HELLO_EXT_USER_MAPPING6, "user_mapping" }, /* RFC 4681 */ | |||
| 1327 | { SSL_HND_HELLO_EXT_CLIENT_AUTHZ7, "client_authz" }, /* RFC 5878 */ | |||
| 1328 | { SSL_HND_HELLO_EXT_SERVER_AUTHZ8, "server_authz" }, /* RFC 5878 */ | |||
| 1329 | { SSL_HND_HELLO_EXT_CERT_TYPE9, "cert_type" }, /* RFC 6091 */ | |||
| 1330 | { SSL_HND_HELLO_EXT_SUPPORTED_GROUPS10, "supported_groups" }, /* RFC 4492, RFC 7919 */ | |||
| 1331 | { SSL_HND_HELLO_EXT_EC_POINT_FORMATS11, "ec_point_formats" }, /* RFC 4492 */ | |||
| 1332 | { SSL_HND_HELLO_EXT_SRP12, "srp" }, /* RFC 5054 */ | |||
| 1333 | { SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS13, "signature_algorithms" }, /* RFC 5246 */ | |||
| 1334 | { SSL_HND_HELLO_EXT_USE_SRTP14, "use_srtp" }, /* RFC 5764 */ | |||
| 1335 | { SSL_HND_HELLO_EXT_HEARTBEAT15, "heartbeat" }, /* RFC 6520 */ | |||
| 1336 | { SSL_HND_HELLO_EXT_ALPN16, "application_layer_protocol_negotiation" }, /* RFC 7301 */ | |||
| 1337 | { SSL_HND_HELLO_EXT_STATUS_REQUEST_V217, "status_request_v2" }, /* RFC 6961 */ | |||
| 1338 | { SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP18, "signed_certificate_timestamp" }, /* RFC 6962 */ | |||
| 1339 | { SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19, "client_certificate_type" }, /* RFC 7250 */ | |||
| 1340 | { SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20, "server_certificate_type" }, /* RFC 7250 */ | |||
| 1341 | { SSL_HND_HELLO_EXT_PADDING21, "padding" }, /* RFC 7685 */ | |||
| 1342 | { SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC22, "encrypt_then_mac" }, /* RFC 7366 */ | |||
| 1343 | { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET23, "extended_master_secret" }, /* RFC 7627 */ | |||
| 1344 | { SSL_HND_HELLO_EXT_TOKEN_BINDING24, "token_binding" }, /* https://tools.ietf.org/html/draft-ietf-tokbind-negotiation */ | |||
| 1345 | { SSL_HND_HELLO_EXT_CACHED_INFO25, "cached_info" }, /* RFC 7924 */ | |||
| 1346 | { SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE27, "compress_certificate" }, /* https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03 */ | |||
| 1347 | { SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT28, "record_size_limit" }, /* RFC 8449 */ | |||
| 1348 | { SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS34, "delegated_credentials" }, /* draft-ietf-tls-subcerts-10.txt */ | |||
| 1349 | { SSL_HND_HELLO_EXT_SESSION_TICKET_TLS35, "session_ticket" }, /* RFC 5077 / RFC 8447 */ | |||
| 1350 | { SSL_HND_HELLO_EXT_KEY_SHARE_OLD40, "Reserved (key_share)" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-22 (removed in -23) */ | |||
| 1351 | { SSL_HND_HELLO_EXT_PRE_SHARED_KEY41, "pre_shared_key" }, /* RFC 8446 */ | |||
| 1352 | { SSL_HND_HELLO_EXT_EARLY_DATA42, "early_data" }, /* RFC 8446 */ | |||
| 1353 | { SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43, "supported_versions" }, /* RFC 8446 */ | |||
| 1354 | { SSL_HND_HELLO_EXT_COOKIE44, "cookie" }, /* RFC 8446 */ | |||
| 1355 | { SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES45, "psk_key_exchange_modes" }, /* RFC 8446 */ | |||
| 1356 | { SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO46, "Reserved (ticket_early_data_info)" }, /* draft-ietf-tls-tls13-18 (removed in -19) */ | |||
| 1357 | { SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES47, "certificate_authorities" }, /* RFC 8446 */ | |||
| 1358 | { SSL_HND_HELLO_EXT_OID_FILTERS48, "oid_filters" }, /* RFC 8446 */ | |||
| 1359 | { SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH49, "post_handshake_auth" }, /* RFC 8446 */ | |||
| 1360 | { SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT50, "signature_algorithms_cert" }, /* RFC 8446 */ | |||
| 1361 | { SSL_HND_HELLO_EXT_KEY_SHARE51, "key_share" }, /* RFC 8446 */ | |||
| 1362 | { SSL_HND_HELLO_EXT_TRANSPARENCY_INFO52, "transparency_info" }, /* draft-ietf-trans-rfc6962-bis-41 */ | |||
| 1363 | { SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED53, "connection_id (deprecated)" }, /* draft-ietf-tls-dtls-connection-id-07 */ | |||
| 1364 | { SSL_HND_HELLO_EXT_CONNECTION_ID54, "connection_id" }, /* RFC 9146 */ | |||
| 1365 | { SSL_HND_HELLO_EXT_EXTERNAL_ID_HASH55, "external_id_hash" }, /* RFC 8844 */ | |||
| 1366 | { SSL_HND_HELLO_EXT_EXTERNAL_SESSION_ID56, "external_session_id" }, /* RFC 8844 */ | |||
| 1367 | { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V157, "quic_transport_parameters" }, /* draft-ietf-quic-tls-33 */ | |||
| 1368 | { SSL_HND_HELLO_EXT_TICKET_REQUEST58, "ticket_request" }, /* draft-ietf-tls-ticketrequests-07 */ | |||
| 1369 | { SSL_HND_HELLO_EXT_DNSSEC_CHAIN59, "dnssec_chain" }, /* RFC 9102 */ | |||
| 1370 | { SSL_HND_HELLO_EXT_GREASE_0A0A2570, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1371 | { SSL_HND_HELLO_EXT_GREASE_1A1A6682, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1372 | { SSL_HND_HELLO_EXT_GREASE_2A2A10794, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1373 | { SSL_HND_HELLO_EXT_NPN13172, "next_protocol_negotiation"}, /* https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-03.html */ | |||
| 1374 | { SSL_HND_HELLO_EXT_GREASE_3A3A14906, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1375 | { SSL_HND_HELLO_EXT_ALPS_OLD17513, "application_settings_old" }, /* draft-vvv-tls-alps-01 */ | |||
| 1376 | { SSL_HND_HELLO_EXT_ALPS17613, "application_settings" }, /* draft-vvv-tls-alps-01 */ /* https://chromestatus.com/feature/5149147365900288 */ | |||
| 1377 | { SSL_HND_HELLO_EXT_GREASE_4A4A19018, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1378 | { SSL_HND_HELLO_EXT_GREASE_5A5A23130, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1379 | { SSL_HND_HELLO_EXT_GREASE_6A6A27242, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1380 | { SSL_HND_HELLO_EXT_CHANNEL_ID_OLD30031, "channel_id_old" }, /* https://tools.ietf.org/html/draft-balfanz-tls-channelid-00 | |||
| 1381 | https://twitter.com/ericlaw/status/274237352531083264 */ | |||
| 1382 | { SSL_HND_HELLO_EXT_CHANNEL_ID30032, "channel_id" }, /* https://tools.ietf.org/html/draft-balfanz-tls-channelid-01 | |||
| 1383 | https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/sslt.h&l=209 */ | |||
| 1384 | { SSL_HND_HELLO_EXT_RENEGOTIATION_INFO65281, "renegotiation_info" }, /* RFC 5746 */ | |||
| 1385 | { SSL_HND_HELLO_EXT_GREASE_7A7A31354, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1386 | { SSL_HND_HELLO_EXT_GREASE_8A8A35466, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1387 | { SSL_HND_HELLO_EXT_GREASE_9A9A39578, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1388 | { SSL_HND_HELLO_EXT_GREASE_AAAA43690, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1389 | { SSL_HND_HELLO_EXT_GREASE_BABA47802, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1390 | { SSL_HND_HELLO_EXT_GREASE_CACA51914, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1391 | { SSL_HND_HELLO_EXT_GREASE_DADA56026, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1392 | { SSL_HND_HELLO_EXT_GREASE_EAEA60138, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1393 | { SSL_HND_HELLO_EXT_GREASE_FAFA64250, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
| 1394 | { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS65445, "quic_transport_parameters (drafts version)" }, /* https://tools.ietf.org/html/draft-ietf-quic-tls */ | |||
| 1395 | { SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME65486, "encrypted_server_name" }, /* https://tools.ietf.org/html/draft-ietf-tls-esni-01 */ | |||
| 1396 | { SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037, "encrypted_client_hello" }, /* https://datatracker.ietf.org/doc/draft-ietf-tls-esni/17/ */ | |||
| 1397 | { SSL_HND_HELLO_EXT_ECH_OUTER_EXTENSIONS64768, "ech_outer_extensions" }, /* https://datatracker.ietf.org/doc/draft-ietf-tls-esni/17/ */ | |||
| 1398 | { 0, NULL((void*)0) } | |||
| 1399 | }; | |||
| 1400 | ||||
| 1401 | const value_string tls_hello_ext_server_name_type_vs[] = { | |||
| 1402 | { 0, "host_name" }, | |||
| 1403 | { 0, NULL((void*)0) } | |||
| 1404 | }; | |||
| 1405 | ||||
| 1406 | /* RFC 6066 Section 4 */ | |||
| 1407 | const value_string tls_hello_ext_max_fragment_length[] = { | |||
| 1408 | { 1, "512" }, // 2^9 | |||
| 1409 | { 2, "1024" }, // 2^10 | |||
| 1410 | { 3, "2048" }, // 2^11 | |||
| 1411 | { 4, "4096" }, // 2^12 | |||
| 1412 | { 0, NULL((void*)0) } | |||
| 1413 | }; | |||
| 1414 | ||||
| 1415 | /* RFC 8446 Section 4.2.9 */ | |||
| 1416 | const value_string tls_hello_ext_psk_ke_mode[] = { | |||
| 1417 | { 0, "PSK-only key establishment (psk_ke)" }, | |||
| 1418 | { 1, "PSK with (EC)DHE key establishment (psk_dhe_ke)" }, | |||
| 1419 | { 0, NULL((void*)0) } | |||
| 1420 | }; | |||
| 1421 | ||||
| 1422 | /* RFC 6066 Section 6 */ | |||
| 1423 | const value_string tls_hello_ext_trusted_ca_key_type[] = { | |||
| 1424 | {0, "pre_agreed"}, | |||
| 1425 | {1, "key_sha1_hash"}, | |||
| 1426 | {2, "x509_name"}, | |||
| 1427 | {3, "cert_sha1_hash"}, | |||
| 1428 | {0, NULL((void*)0)} | |||
| 1429 | }; | |||
| 1430 | ||||
| 1431 | const value_string tls13_key_update_request[] = { | |||
| 1432 | { 0, "update_not_requested" }, | |||
| 1433 | { 1, "update_requested" }, | |||
| 1434 | { 0, NULL((void*)0) } | |||
| 1435 | }; | |||
| 1436 | ||||
| 1437 | /* RFC 5246 7.4.1.4.1 */ | |||
| 1438 | /* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ | |||
| 1439 | /* Note that the TLS 1.3 SignatureScheme registry reserves all values | |||
| 1440 | * with first octet 0x00-0x06 and all values with second octet 0x00-0x03 | |||
| 1441 | * for backwards compatibility with TLS 1.2 SignatureAndHashAlgorithm. | |||
| 1442 | * | |||
| 1443 | * RFC 8422 and RFC 9189 add official support in TLS 1.2 for some algorithms | |||
| 1444 | * originally defined for TLS 1.3, and extend the TLS SignatureAlgorithm | |||
| 1445 | * and TLS HashAlgorithm registries, but the new values are not compatible | |||
| 1446 | * with all of the TLS 1.3-only SignatureSchemes. Adding those values could | |||
| 1447 | * cause confusion if used to interpret one of those schemes in a | |||
| 1448 | * signature_algorithms extension offered in a TLS 1.3 ClientHello. | |||
| 1449 | */ | |||
| 1450 | const value_string tls_hash_algorithm[] = { | |||
| 1451 | { 0, "None" }, | |||
| 1452 | { 1, "MD5" }, | |||
| 1453 | { 2, "SHA1" }, | |||
| 1454 | { 3, "SHA224" }, | |||
| 1455 | { 4, "SHA256" }, | |||
| 1456 | { 5, "SHA384" }, | |||
| 1457 | { 6, "SHA512" }, | |||
| 1458 | #if 0 | |||
| 1459 | /* RFC 8422 adds this to the HashAlgorithm registry, but it really | |||
| 1460 | * only applies to 0x0807 and 0x0808, not for other TLS 1.3 | |||
| 1461 | * SignatureSchemes with 0x08 in the octet used for Hash in TLS 1.2. | |||
| 1462 | * E.g., we don't want to display this for 0x0806 rsa_pss_rsae_sha512. | |||
| 1463 | */ | |||
| 1464 | { 8, "Intrinsic" }, | |||
| 1465 | #endif | |||
| 1466 | { 0, NULL((void*)0) } | |||
| 1467 | }; | |||
| 1468 | ||||
| 1469 | const value_string tls_signature_algorithm[] = { | |||
| 1470 | { 0, "Anonymous" }, | |||
| 1471 | { 1, "RSA" }, | |||
| 1472 | { 2, "DSA" }, | |||
| 1473 | { 3, "ECDSA" }, | |||
| 1474 | #if 0 | |||
| 1475 | /* As above. */ | |||
| 1476 | { 7, "ED25519" }, | |||
| 1477 | { 8, "ED448" }, | |||
| 1478 | { 64, "GOSTR34102012_256" }, | |||
| 1479 | { 65, "GOSTR34102012_512" }, | |||
| 1480 | #endif | |||
| 1481 | { 0, NULL((void*)0) } | |||
| 1482 | }; | |||
| 1483 | ||||
| 1484 | /* RFC 8446 Section 4.2.3 */ | |||
| 1485 | const value_string tls13_signature_algorithm[] = { | |||
| 1486 | { 0x0201, "rsa_pkcs1_sha1" }, | |||
| 1487 | { 0x0203, "ecdsa_sha1" }, | |||
| 1488 | { 0x0401, "rsa_pkcs1_sha256" }, | |||
| 1489 | { 0x0403, "ecdsa_secp256r1_sha256" }, | |||
| 1490 | { 0x0420, "rsa_pkcs1_sha256_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ | |||
| 1491 | { 0x0501, "rsa_pkcs1_sha384" }, | |||
| 1492 | { 0x0503, "ecdsa_secp384r1_sha384" }, | |||
| 1493 | { 0x0520, "rsa_pkcs1_sha384_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ | |||
| 1494 | { 0x0601, "rsa_pkcs1_sha512" }, | |||
| 1495 | { 0x0603, "ecdsa_secp521r1_sha512" }, | |||
| 1496 | { 0x0620, "rsa_pkcs1_sha512_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ | |||
| 1497 | { 0x0708, "sm2sig_sm3" }, | |||
| 1498 | { 0x0709, "gostr34102012_256a" }, /* RFC9367 */ | |||
| 1499 | { 0x070a, "gostr34102012_256b" }, /* RFC9367 */ | |||
| 1500 | { 0x070b, "gostr34102012_256c" }, /* RFC9367 */ | |||
| 1501 | { 0x070c, "gostr34102012_256d" }, /* RFC9367 */ | |||
| 1502 | { 0x070d, "gostr34102012_512a" }, /* RFC9367 */ | |||
| 1503 | { 0x070e, "gostr34102012_512b" }, /* RFC9367 */ | |||
| 1504 | { 0x070f, "gostr34102012_512c" }, /* RFC9367 */ | |||
| 1505 | { 0x0804, "rsa_pss_rsae_sha256" }, | |||
| 1506 | { 0x0805, "rsa_pss_rsae_sha384" }, | |||
| 1507 | { 0x0806, "rsa_pss_rsae_sha512" }, | |||
| 1508 | { 0x0807, "ed25519" }, | |||
| 1509 | { 0x0808, "ed448" }, | |||
| 1510 | { 0x0809, "rsa_pss_pss_sha256" }, | |||
| 1511 | { 0x080a, "rsa_pss_pss_sha384" }, | |||
| 1512 | { 0x080b, "rsa_pss_pss_sha512" }, | |||
| 1513 | { 0x081a, "ecdsa_brainpoolP256r1tls13_sha256" }, /* RFC8734 */ | |||
| 1514 | { 0x081b, "ecdsa_brainpoolP384r1tls13_sha384" }, /* RFC8734 */ | |||
| 1515 | { 0x081c, "ecdsa_brainpoolP512r1tls13_sha512" }, /* RFC8734 */ | |||
| 1516 | /* PQC digital signature algorithms from OQS-OpenSSL, | |||
| 1517 | see https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/oqs-template/oqs-sig-info.md */ | |||
| 1518 | { 0xfea0, "dilithium2" }, | |||
| 1519 | { 0xfea1, "p256_dilithium2" }, | |||
| 1520 | { 0xfea2, "rsa3072_dilithium2" }, | |||
| 1521 | { 0xfea3, "dilithium3" }, | |||
| 1522 | { 0xfea4, "p384_dilithium3" }, | |||
| 1523 | { 0xfea5, "dilithium5" }, | |||
| 1524 | { 0xfea6, "p521_dilithium5" }, | |||
| 1525 | { 0xfea7, "dilithium2_aes" }, | |||
| 1526 | { 0xfea8, "p256_dilithium2_aes" }, | |||
| 1527 | { 0xfea9, "rsa3072_dilithium2_aes" }, | |||
| 1528 | { 0xfeaa, "dilithium3_aes" }, | |||
| 1529 | { 0xfeab, "p384_dilithium3_aes" }, | |||
| 1530 | { 0xfeac, "dilithium5_aes" }, | |||
| 1531 | { 0xfead, "p521_dilithium5_aes" }, | |||
| 1532 | { 0xfe0b, "falcon512" }, | |||
| 1533 | { 0xfe0c, "p256_falcon512" }, | |||
| 1534 | { 0xfe0d, "rsa3072_falcon512" }, | |||
| 1535 | { 0xfe0e, "falcon1024" }, | |||
| 1536 | { 0xfe0f, "p521_falcon1024" }, | |||
| 1537 | { 0xfe96, "picnicl1full" }, | |||
| 1538 | { 0xfe97, "p256_picnicl1full" }, | |||
| 1539 | { 0xfe98, "rsa3072_picnicl1full" }, | |||
| 1540 | { 0xfe1b, "picnic3l1" }, | |||
| 1541 | { 0xfe1c, "p256_picnic3l1" }, | |||
| 1542 | { 0xfe1d, "rsa3072_picnic3l1" }, | |||
| 1543 | { 0xfe27, "rainbowIclassic" }, | |||
| 1544 | { 0xfe28, "p256_rainbowIclassic" }, | |||
| 1545 | { 0xfe29, "rsa3072_rainbowIclassic" }, | |||
| 1546 | { 0xfe3c, "rainbowVclassic" }, | |||
| 1547 | { 0xfe3d, "p521_rainbowVclassic" }, | |||
| 1548 | { 0xfe42, "sphincsharaka128frobust" }, | |||
| 1549 | { 0xfe43, "p256_sphincsharaka128frobust" }, | |||
| 1550 | { 0xfe44, "rsa3072_sphincsharaka128frobust" }, | |||
| 1551 | { 0xfe5e, "sphincssha256128frobust" }, | |||
| 1552 | { 0xfe5f, "p256_sphincssha256128frobust" }, | |||
| 1553 | { 0xfe60, "rsa3072_sphincssha256128frobust" }, | |||
| 1554 | { 0xfe7a, "sphincsshake256128frobust" }, | |||
| 1555 | { 0xfe7b, "p256_sphincsshake256128frobust" }, | |||
| 1556 | { 0xfe7c, "rsa3072_sphincsshake256128frobust" }, | |||
| 1557 | { 0, NULL((void*)0) } | |||
| 1558 | }; | |||
| 1559 | ||||
| 1560 | /* RFC 6091 3.1 */ | |||
| 1561 | const value_string tls_certificate_type[] = { | |||
| 1562 | { 0, "X.509" }, | |||
| 1563 | { 1, "OpenPGP" }, | |||
| 1564 | { SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2, "Raw Public Key" }, /* RFC 7250 */ | |||
| 1565 | { 0, NULL((void*)0) } | |||
| 1566 | }; | |||
| 1567 | ||||
| 1568 | const value_string tls_cert_chain_type[] = { | |||
| 1569 | { SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT1, "Individual Certificates" }, | |||
| 1570 | { SSL_HND_CERT_URL_TYPE_PKIPATH2, "PKI Path" }, | |||
| 1571 | { 0, NULL((void*)0) } | |||
| 1572 | }; | |||
| 1573 | ||||
| 1574 | const value_string tls_cert_status_type[] = { | |||
| 1575 | { SSL_HND_CERT_STATUS_TYPE_OCSP1, "OCSP" }, | |||
| 1576 | { SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2, "OCSP Multi" }, | |||
| 1577 | { 0, NULL((void*)0) } | |||
| 1578 | }; | |||
| 1579 | ||||
| 1580 | /* Generated by tools/make-tls-ct-logids.py | |||
| 1581 | * Last-Modified Sat, 05 Jul 2025 13:18:00 GMT, 177 entries. */ | |||
| 1582 | static const bytes_string ct_logids[] = { | |||
| 1583 | { (const uint8_t[]){ | |||
| 1584 | 0xb2, 0x1e, 0x05, 0xcc, 0x8b, 0xa2, 0xcd, 0x8a, 0x20, 0x4e, 0x87, | |||
| 1585 | 0x66, 0xf9, 0x2b, 0xb9, 0x8a, 0x25, 0x20, 0x67, 0x6b, 0xda, 0xfa, | |||
| 1586 | 0x70, 0xe7, 0xb2, 0x49, 0x53, 0x2d, 0xef, 0x8b, 0x90, 0x5e, | |||
| 1587 | }, | |||
| 1588 | 32, "Google 'Argon2020' log" }, | |||
| 1589 | { (const uint8_t[]){ | |||
| 1590 | 0xf6, 0x5c, 0x94, 0x2f, 0xd1, 0x77, 0x30, 0x22, 0x14, 0x54, 0x18, | |||
| 1591 | 0x08, 0x30, 0x94, 0x56, 0x8e, 0xe3, 0x4d, 0x13, 0x19, 0x33, 0xbf, | |||
| 1592 | 0xdf, 0x0c, 0x2f, 0x20, 0x0b, 0xcc, 0x4e, 0xf1, 0x64, 0xe3, | |||
| 1593 | }, | |||
| 1594 | 32, "Google 'Argon2021' log" }, | |||
| 1595 | { (const uint8_t[]){ | |||
| 1596 | 0x29, 0x79, 0xbe, 0xf0, 0x9e, 0x39, 0x39, 0x21, 0xf0, 0x56, 0x73, | |||
| 1597 | 0x9f, 0x63, 0xa5, 0x77, 0xe5, 0xbe, 0x57, 0x7d, 0x9c, 0x60, 0x0a, | |||
| 1598 | 0xf8, 0xf9, 0x4d, 0x5d, 0x26, 0x5c, 0x25, 0x5d, 0xc7, 0x84, | |||
| 1599 | }, | |||
| 1600 | 32, "Google 'Argon2022' log" }, | |||
| 1601 | { (const uint8_t[]){ | |||
| 1602 | 0xe8, 0x3e, 0xd0, 0xda, 0x3e, 0xf5, 0x06, 0x35, 0x32, 0xe7, 0x57, | |||
| 1603 | 0x28, 0xbc, 0x89, 0x6b, 0xc9, 0x03, 0xd3, 0xcb, 0xd1, 0x11, 0x6b, | |||
| 1604 | 0xec, 0xeb, 0x69, 0xe1, 0x77, 0x7d, 0x6d, 0x06, 0xbd, 0x6e, | |||
| 1605 | }, | |||
| 1606 | 32, "Google 'Argon2023' log" }, | |||
| 1607 | { (const uint8_t[]){ | |||
| 1608 | 0xee, 0xcd, 0xd0, 0x64, 0xd5, 0xdb, 0x1a, 0xce, 0xc5, 0x5c, 0xb7, | |||
| 1609 | 0x9d, 0xb4, 0xcd, 0x13, 0xa2, 0x32, 0x87, 0x46, 0x7c, 0xbc, 0xec, | |||
| 1610 | 0xde, 0xc3, 0x51, 0x48, 0x59, 0x46, 0x71, 0x1f, 0xb5, 0x9b, | |||
| 1611 | }, | |||
| 1612 | 32, "Google 'Argon2024' log" }, | |||
| 1613 | { (const uint8_t[]){ | |||
| 1614 | 0x4e, 0x75, 0xa3, 0x27, 0x5c, 0x9a, 0x10, 0xc3, 0x38, 0x5b, 0x6c, | |||
| 1615 | 0xd4, 0xdf, 0x3f, 0x52, 0xeb, 0x1d, 0xf0, 0xe0, 0x8e, 0x1b, 0x8d, | |||
| 1616 | 0x69, 0xc0, 0xb1, 0xfa, 0x64, 0xb1, 0x62, 0x9a, 0x39, 0xdf, | |||
| 1617 | }, | |||
| 1618 | 32, "Google 'Argon2025h1' log" }, | |||
| 1619 | { (const uint8_t[]){ | |||
| 1620 | 0x12, 0xf1, 0x4e, 0x34, 0xbd, 0x53, 0x72, 0x4c, 0x84, 0x06, 0x19, | |||
| 1621 | 0xc3, 0x8f, 0x3f, 0x7a, 0x13, 0xf8, 0xe7, 0xb5, 0x62, 0x87, 0x88, | |||
| 1622 | 0x9c, 0x6d, 0x30, 0x05, 0x84, 0xeb, 0xe5, 0x86, 0x26, 0x3a, | |||
| 1623 | }, | |||
| 1624 | 32, "Google 'Argon2025h2' log" }, | |||
| 1625 | { (const uint8_t[]){ | |||
| 1626 | 0x0e, 0x57, 0x94, 0xbc, 0xf3, 0xae, 0xa9, 0x3e, 0x33, 0x1b, 0x2c, | |||
| 1627 | 0x99, 0x07, 0xb3, 0xf7, 0x90, 0xdf, 0x9b, 0xc2, 0x3d, 0x71, 0x32, | |||
| 1628 | 0x25, 0xdd, 0x21, 0xa9, 0x25, 0xac, 0x61, 0xc5, 0x4e, 0x21, | |||
| 1629 | }, | |||
| 1630 | 32, "Google 'Argon2026h1' log" }, | |||
| 1631 | { (const uint8_t[]){ | |||
| 1632 | 0xd7, 0x6d, 0x7d, 0x10, 0xd1, 0xa7, 0xf5, 0x77, 0xc2, 0xc7, 0xe9, | |||
| 1633 | 0x5f, 0xd7, 0x00, 0xbf, 0xf9, 0x82, 0xc9, 0x33, 0x5a, 0x65, 0xe1, | |||
| 1634 | 0xd0, 0xb3, 0x01, 0x73, 0x17, 0xc0, 0xc8, 0xc5, 0x69, 0x77, | |||
| 1635 | }, | |||
| 1636 | 32, "Google 'Argon2026h2' log" }, | |||
| 1637 | { (const uint8_t[]){ | |||
| 1638 | 0x07, 0xb7, 0x5c, 0x1b, 0xe5, 0x7d, 0x68, 0xff, 0xf1, 0xb0, 0xc6, | |||
| 1639 | 0x1d, 0x23, 0x15, 0xc7, 0xba, 0xe6, 0x57, 0x7c, 0x57, 0x94, 0xb7, | |||
| 1640 | 0x6a, 0xee, 0xbc, 0x61, 0x3a, 0x1a, 0x69, 0xd3, 0xa2, 0x1c, | |||
| 1641 | }, | |||
| 1642 | 32, "Google 'Xenon2020' log" }, | |||
| 1643 | { (const uint8_t[]){ | |||
| 1644 | 0x7d, 0x3e, 0xf2, 0xf8, 0x8f, 0xff, 0x88, 0x55, 0x68, 0x24, 0xc2, | |||
| 1645 | 0xc0, 0xca, 0x9e, 0x52, 0x89, 0x79, 0x2b, 0xc5, 0x0e, 0x78, 0x09, | |||
| 1646 | 0x7f, 0x2e, 0x6a, 0x97, 0x68, 0x99, 0x7e, 0x22, 0xf0, 0xd7, | |||
| 1647 | }, | |||
| 1648 | 32, "Google 'Xenon2021' log" }, | |||
| 1649 | { (const uint8_t[]){ | |||
| 1650 | 0x46, 0xa5, 0x55, 0xeb, 0x75, 0xfa, 0x91, 0x20, 0x30, 0xb5, 0xa2, | |||
| 1651 | 0x89, 0x69, 0xf4, 0xf3, 0x7d, 0x11, 0x2c, 0x41, 0x74, 0xbe, 0xfd, | |||
| 1652 | 0x49, 0xb8, 0x85, 0xab, 0xf2, 0xfc, 0x70, 0xfe, 0x6d, 0x47, | |||
| 1653 | }, | |||
| 1654 | 32, "Google 'Xenon2022' log" }, | |||
| 1655 | { (const uint8_t[]){ | |||
| 1656 | 0xad, 0xf7, 0xbe, 0xfa, 0x7c, 0xff, 0x10, 0xc8, 0x8b, 0x9d, 0x3d, | |||
| 1657 | 0x9c, 0x1e, 0x3e, 0x18, 0x6a, 0xb4, 0x67, 0x29, 0x5d, 0xcf, 0xb1, | |||
| 1658 | 0x0c, 0x24, 0xca, 0x85, 0x86, 0x34, 0xeb, 0xdc, 0x82, 0x8a, | |||
| 1659 | }, | |||
| 1660 | 32, "Google 'Xenon2023' log" }, | |||
| 1661 | { (const uint8_t[]){ | |||
| 1662 | 0x76, 0xff, 0x88, 0x3f, 0x0a, 0xb6, 0xfb, 0x95, 0x51, 0xc2, 0x61, | |||
| 1663 | 0xcc, 0xf5, 0x87, 0xba, 0x34, 0xb4, 0xa4, 0xcd, 0xbb, 0x29, 0xdc, | |||
| 1664 | 0x68, 0x42, 0x0a, 0x9f, 0xe6, 0x67, 0x4c, 0x5a, 0x3a, 0x74, | |||
| 1665 | }, | |||
| 1666 | 32, "Google 'Xenon2024' log" }, | |||
| 1667 | { (const uint8_t[]){ | |||
| 1668 | 0xcf, 0x11, 0x56, 0xee, 0xd5, 0x2e, 0x7c, 0xaf, 0xf3, 0x87, 0x5b, | |||
| 1669 | 0xd9, 0x69, 0x2e, 0x9b, 0xe9, 0x1a, 0x71, 0x67, 0x4a, 0xb0, 0x17, | |||
| 1670 | 0xec, 0xac, 0x01, 0xd2, 0x5b, 0x77, 0xce, 0xcc, 0x3b, 0x08, | |||
| 1671 | }, | |||
| 1672 | 32, "Google 'Xenon2025h1' log" }, | |||
| 1673 | { (const uint8_t[]){ | |||
| 1674 | 0xdd, 0xdc, 0xca, 0x34, 0x95, 0xd7, 0xe1, 0x16, 0x05, 0xe7, 0x95, | |||
| 1675 | 0x32, 0xfa, 0xc7, 0x9f, 0xf8, 0x3d, 0x1c, 0x50, 0xdf, 0xdb, 0x00, | |||
| 1676 | 0x3a, 0x14, 0x12, 0x76, 0x0a, 0x2c, 0xac, 0xbb, 0xc8, 0x2a, | |||
| 1677 | }, | |||
| 1678 | 32, "Google 'Xenon2025h2' log" }, | |||
| 1679 | { (const uint8_t[]){ | |||
| 1680 | 0x96, 0x97, 0x64, 0xbf, 0x55, 0x58, 0x97, 0xad, 0xf7, 0x43, 0x87, | |||
| 1681 | 0x68, 0x37, 0x08, 0x42, 0x77, 0xe9, 0xf0, 0x3a, 0xd5, 0xf6, 0xa4, | |||
| 1682 | 0xf3, 0x36, 0x6e, 0x46, 0xa4, 0x3f, 0x0f, 0xca, 0xa9, 0xc6, | |||
| 1683 | }, | |||
| 1684 | 32, "Google 'Xenon2026h1' log" }, | |||
| 1685 | { (const uint8_t[]){ | |||
| 1686 | 0xd8, 0x09, 0x55, 0x3b, 0x94, 0x4f, 0x7a, 0xff, 0xc8, 0x16, 0x19, | |||
| 1687 | 0x6f, 0x94, 0x4f, 0x85, 0xab, 0xb0, 0xf8, 0xfc, 0x5e, 0x87, 0x55, | |||
| 1688 | 0x26, 0x0f, 0x15, 0xd1, 0x2e, 0x72, 0xbb, 0x45, 0x4b, 0x14, | |||
| 1689 | }, | |||
| 1690 | 32, "Google 'Xenon2026h2' log" }, | |||
| 1691 | { (const uint8_t[]){ | |||
| 1692 | 0x68, 0xf6, 0x98, 0xf8, 0x1f, 0x64, 0x82, 0xbe, 0x3a, 0x8c, 0xee, | |||
| 1693 | 0xb9, 0x28, 0x1d, 0x4c, 0xfc, 0x71, 0x51, 0x5d, 0x67, 0x93, 0xd4, | |||
| 1694 | 0x44, 0xd1, 0x0a, 0x67, 0xac, 0xbb, 0x4f, 0x4f, 0xfb, 0xc4, | |||
| 1695 | }, | |||
| 1696 | 32, "Google 'Aviator' log" }, | |||
| 1697 | { (const uint8_t[]){ | |||
| 1698 | 0x29, 0x3c, 0x51, 0x96, 0x54, 0xc8, 0x39, 0x65, 0xba, 0xaa, 0x50, | |||
| 1699 | 0xfc, 0x58, 0x07, 0xd4, 0xb7, 0x6f, 0xbf, 0x58, 0x7a, 0x29, 0x72, | |||
| 1700 | 0xdc, 0xa4, 0xc3, 0x0c, 0xf4, 0xe5, 0x45, 0x47, 0xf4, 0x78, | |||
| 1701 | }, | |||
| 1702 | 32, "Google 'Icarus' log" }, | |||
| 1703 | { (const uint8_t[]){ | |||
| 1704 | 0xa4, 0xb9, 0x09, 0x90, 0xb4, 0x18, 0x58, 0x14, 0x87, 0xbb, 0x13, | |||
| 1705 | 0xa2, 0xcc, 0x67, 0x70, 0x0a, 0x3c, 0x35, 0x98, 0x04, 0xf9, 0x1b, | |||
| 1706 | 0xdf, 0xb8, 0xe3, 0x77, 0xcd, 0x0e, 0xc8, 0x0d, 0xdc, 0x10, | |||
| 1707 | }, | |||
| 1708 | 32, "Google 'Pilot' log" }, | |||
| 1709 | { (const uint8_t[]){ | |||
| 1710 | 0xee, 0x4b, 0xbd, 0xb7, 0x75, 0xce, 0x60, 0xba, 0xe1, 0x42, 0x69, | |||
| 1711 | 0x1f, 0xab, 0xe1, 0x9e, 0x66, 0xa3, 0x0f, 0x7e, 0x5f, 0xb0, 0x72, | |||
| 1712 | 0xd8, 0x83, 0x00, 0xc4, 0x7b, 0x89, 0x7a, 0xa8, 0xfd, 0xcb, | |||
| 1713 | }, | |||
| 1714 | 32, "Google 'Rocketeer' log" }, | |||
| 1715 | { (const uint8_t[]){ | |||
| 1716 | 0xbb, 0xd9, 0xdf, 0xbc, 0x1f, 0x8a, 0x71, 0xb5, 0x93, 0x94, 0x23, | |||
| 1717 | 0x97, 0xaa, 0x92, 0x7b, 0x47, 0x38, 0x57, 0x95, 0x0a, 0xab, 0x52, | |||
| 1718 | 0xe8, 0x1a, 0x90, 0x96, 0x64, 0x36, 0x8e, 0x1e, 0xd1, 0x85, | |||
| 1719 | }, | |||
| 1720 | 32, "Google 'Skydiver' log" }, | |||
| 1721 | { (const uint8_t[]){ | |||
| 1722 | 0xfa, 0xd4, 0xc9, 0x7c, 0xc4, 0x9e, 0xe2, 0xf8, 0xac, 0x85, 0xc5, | |||
| 1723 | 0xea, 0x5c, 0xea, 0x09, 0xd0, 0x22, 0x0d, 0xbb, 0xf4, 0xe4, 0x9c, | |||
| 1724 | 0x6b, 0x50, 0x66, 0x2f, 0xf8, 0x68, 0xf8, 0x6b, 0x8c, 0x28, | |||
| 1725 | }, | |||
| 1726 | 32, "Google 'Argon2017' log" }, | |||
| 1727 | { (const uint8_t[]){ | |||
| 1728 | 0xa4, 0x50, 0x12, 0x69, 0x05, 0x5a, 0x15, 0x54, 0x5e, 0x62, 0x11, | |||
| 1729 | 0xab, 0x37, 0xbc, 0x10, 0x3f, 0x62, 0xae, 0x55, 0x76, 0xa4, 0x5e, | |||
| 1730 | 0x4b, 0x17, 0x14, 0x45, 0x3e, 0x1b, 0x22, 0x10, 0x6a, 0x25, | |||
| 1731 | }, | |||
| 1732 | 32, "Google 'Argon2018' log" }, | |||
| 1733 | { (const uint8_t[]){ | |||
| 1734 | 0x63, 0xf2, 0xdb, 0xcd, 0xe8, 0x3b, 0xcc, 0x2c, 0xcf, 0x0b, 0x72, | |||
| 1735 | 0x84, 0x27, 0x57, 0x6b, 0x33, 0xa4, 0x8d, 0x61, 0x77, 0x8f, 0xbd, | |||
| 1736 | 0x75, 0xa6, 0x38, 0xb1, 0xc7, 0x68, 0x54, 0x4b, 0xd8, 0x8d, | |||
| 1737 | }, | |||
| 1738 | 32, "Google 'Argon2019' log" }, | |||
| 1739 | { (const uint8_t[]){ | |||
| 1740 | 0xb1, 0x0c, 0xd5, 0x59, 0xa6, 0xd6, 0x78, 0x46, 0x81, 0x1f, 0x7d, | |||
| 1741 | 0xf9, 0xa5, 0x15, 0x32, 0x73, 0x9a, 0xc4, 0x8d, 0x70, 0x3b, 0xea, | |||
| 1742 | 0x03, 0x23, 0xda, 0x5d, 0x38, 0x75, 0x5b, 0xc0, 0xad, 0x4e, | |||
| 1743 | }, | |||
| 1744 | 32, "Google 'Xenon2018' log" }, | |||
| 1745 | { (const uint8_t[]){ | |||
| 1746 | 0x08, 0x41, 0x14, 0x98, 0x00, 0x71, 0x53, 0x2c, 0x16, 0x19, 0x04, | |||
| 1747 | 0x60, 0xbc, 0xfc, 0x47, 0xfd, 0xc2, 0x65, 0x3a, 0xfa, 0x29, 0x2c, | |||
| 1748 | 0x72, 0xb3, 0x7f, 0xf8, 0x63, 0xae, 0x29, 0xcc, 0xc9, 0xf0, | |||
| 1749 | }, | |||
| 1750 | 32, "Google 'Xenon2019' log" }, | |||
| 1751 | { (const uint8_t[]){ | |||
| 1752 | 0xa8, 0x99, 0xd8, 0x78, 0x0c, 0x92, 0x90, 0xaa, 0xf4, 0x62, 0xf3, | |||
| 1753 | 0x18, 0x80, 0xcc, 0xfb, 0xd5, 0x24, 0x51, 0xe9, 0x70, 0xd0, 0xfb, | |||
| 1754 | 0xf5, 0x91, 0xef, 0x75, 0xb0, 0xd9, 0x9b, 0x64, 0x56, 0x81, | |||
| 1755 | }, | |||
| 1756 | 32, "Google 'Submariner' log" }, | |||
| 1757 | { (const uint8_t[]){ | |||
| 1758 | 0x1d, 0x02, 0x4b, 0x8e, 0xb1, 0x49, 0x8b, 0x34, 0x4d, 0xfd, 0x87, | |||
| 1759 | 0xea, 0x3e, 0xfc, 0x09, 0x96, 0xf7, 0x50, 0x6f, 0x23, 0x5d, 0x1d, | |||
| 1760 | 0x49, 0x70, 0x61, 0xa4, 0x77, 0x3c, 0x43, 0x9c, 0x25, 0xfb, | |||
| 1761 | }, | |||
| 1762 | 32, "Google 'Daedalus' log" }, | |||
| 1763 | { (const uint8_t[]){ | |||
| 1764 | 0xb0, 0xcc, 0x83, 0xe5, 0xa5, 0xf9, 0x7d, 0x6b, 0xaf, 0x7c, 0x09, | |||
| 1765 | 0xcc, 0x28, 0x49, 0x04, 0x87, 0x2a, 0xc7, 0xe8, 0x8b, 0x13, 0x2c, | |||
| 1766 | 0x63, 0x50, 0xb7, 0xc6, 0xfd, 0x26, 0xe1, 0x6c, 0x6c, 0x77, | |||
| 1767 | }, | |||
| 1768 | 32, "Google 'Testtube' log" }, | |||
| 1769 | { (const uint8_t[]){ | |||
| 1770 | 0xc3, 0xbf, 0x03, 0xa7, 0xe1, 0xca, 0x88, 0x41, 0xc6, 0x07, 0xba, | |||
| 1771 | 0xe3, 0xff, 0x42, 0x70, 0xfc, 0xa5, 0xec, 0x45, 0xb1, 0x86, 0xeb, | |||
| 1772 | 0xbe, 0x4e, 0x2c, 0xf3, 0xfc, 0x77, 0x86, 0x30, 0xf5, 0xf6, | |||
| 1773 | }, | |||
| 1774 | 32, "Google 'Crucible' log" }, | |||
| 1775 | { (const uint8_t[]){ | |||
| 1776 | 0x52, 0xeb, 0x4b, 0x22, 0x5e, 0xc8, 0x96, 0x97, 0x48, 0x50, 0x67, | |||
| 1777 | 0x5f, 0x23, 0xe4, 0x3b, 0xc1, 0xd0, 0x21, 0xe3, 0x21, 0x4c, 0xe5, | |||
| 1778 | 0x2e, 0xcd, 0x5f, 0xa8, 0x7c, 0x20, 0x3c, 0xdf, 0xca, 0x03, | |||
| 1779 | }, | |||
| 1780 | 32, "Google 'Solera2018' log" }, | |||
| 1781 | { (const uint8_t[]){ | |||
| 1782 | 0x0b, 0x76, 0x0e, 0x9a, 0x8b, 0x9a, 0x68, 0x2f, 0x88, 0x98, 0x5b, | |||
| 1783 | 0x15, 0xe9, 0x47, 0x50, 0x1a, 0x56, 0x44, 0x6b, 0xba, 0x88, 0x30, | |||
| 1784 | 0x78, 0x5c, 0x38, 0x42, 0x99, 0x43, 0x86, 0x45, 0x0c, 0x00, | |||
| 1785 | }, | |||
| 1786 | 32, "Google 'Solera2019' log" }, | |||
| 1787 | { (const uint8_t[]){ | |||
| 1788 | 0x1f, 0xc7, 0x2c, 0xe5, 0xa1, 0xb7, 0x99, 0xf4, 0x00, 0xc3, 0x59, | |||
| 1789 | 0xbf, 0xf9, 0x6c, 0xa3, 0x91, 0x35, 0x48, 0xe8, 0x64, 0x42, 0x20, | |||
| 1790 | 0x61, 0x09, 0x52, 0xe9, 0xba, 0x17, 0x74, 0xf7, 0xba, 0xc7, | |||
| 1791 | }, | |||
| 1792 | 32, "Google 'Solera2020' log" }, | |||
| 1793 | { (const uint8_t[]){ | |||
| 1794 | 0xa3, 0xc9, 0x98, 0x45, 0xe8, 0x0a, 0xb7, 0xce, 0x00, 0x15, 0x7b, | |||
| 1795 | 0x37, 0x42, 0xdf, 0x02, 0x07, 0xdd, 0x27, 0x2b, 0x2b, 0x60, 0x2e, | |||
| 1796 | 0xcf, 0x98, 0xee, 0x2c, 0x12, 0xdb, 0x9c, 0x5a, 0xe7, 0xe7, | |||
| 1797 | }, | |||
| 1798 | 32, "Google 'Solera2021' log" }, | |||
| 1799 | { (const uint8_t[]){ | |||
| 1800 | 0x69, 0x7a, 0xaf, 0xca, 0x1a, 0x6b, 0x53, 0x6f, 0xae, 0x21, 0x20, | |||
| 1801 | 0x50, 0x46, 0xde, 0xba, 0xd7, 0xe0, 0xea, 0xea, 0x13, 0xd2, 0x43, | |||
| 1802 | 0x2e, 0x6e, 0x9d, 0x8f, 0xb3, 0x79, 0xf2, 0xb9, 0xaa, 0xf3, | |||
| 1803 | }, | |||
| 1804 | 32, "Google 'Solera2022' log" }, | |||
| 1805 | { (const uint8_t[]){ | |||
| 1806 | 0xf9, 0x7e, 0x97, 0xb8, 0xd3, 0x3e, 0xf7, 0xa1, 0x59, 0x02, 0xa5, | |||
| 1807 | 0x3a, 0x19, 0xe1, 0x79, 0x90, 0xe5, 0xdc, 0x40, 0x6a, 0x03, 0x18, | |||
| 1808 | 0x25, 0xba, 0xad, 0x93, 0xe9, 0x8f, 0x9b, 0x9c, 0x69, 0xcb, | |||
| 1809 | }, | |||
| 1810 | 32, "Google 'Solera2023' log" }, | |||
| 1811 | { (const uint8_t[]){ | |||
| 1812 | 0x30, 0x24, 0xce, 0x7e, 0xeb, 0x16, 0x88, 0x62, 0x72, 0x4b, 0xea, | |||
| 1813 | 0x70, 0x2e, 0xff, 0xf9, 0x92, 0xcf, 0xe4, 0x56, 0x43, 0x41, 0x91, | |||
| 1814 | 0xaa, 0x59, 0x5b, 0x25, 0xf8, 0x02, 0x26, 0xc8, 0x00, 0x17, | |||
| 1815 | }, | |||
| 1816 | 32, "Google 'Solera2024' log" }, | |||
| 1817 | { (const uint8_t[]){ | |||
| 1818 | 0x3f, 0xe1, 0xcb, 0x46, 0xed, 0x47, 0x35, 0x79, 0xaf, 0x01, 0x41, | |||
| 1819 | 0xf9, 0x72, 0x4d, 0x9d, 0xc4, 0x43, 0x47, 0x2d, 0x75, 0x6e, 0x85, | |||
| 1820 | 0xe7, 0x71, 0x9c, 0x55, 0x82, 0x48, 0x5d, 0xd4, 0xe1, 0xe4, | |||
| 1821 | }, | |||
| 1822 | 32, "Google 'Solera2025h1' log" }, | |||
| 1823 | { (const uint8_t[]){ | |||
| 1824 | 0x26, 0x02, 0x39, 0x48, 0x87, 0x4c, 0xf7, 0xfc, 0xd0, 0xfb, 0x64, | |||
| 1825 | 0x71, 0xa4, 0x3e, 0x84, 0x7e, 0xbb, 0x20, 0x0a, 0xe6, 0xe2, 0xfa, | |||
| 1826 | 0x24, 0x23, 0x6d, 0xf6, 0xd1, 0xa6, 0x06, 0x63, 0x0f, 0xb1, | |||
| 1827 | }, | |||
| 1828 | 32, "Google 'Solera2025h2' log" }, | |||
| 1829 | { (const uint8_t[]){ | |||
| 1830 | 0xc8, 0x4b, 0x90, 0x7a, 0x07, 0xbe, 0xaa, 0x29, 0xa6, 0x14, 0xc2, | |||
| 1831 | 0x45, 0x84, 0xb7, 0xa3, 0xf6, 0x62, 0x43, 0x94, 0x68, 0x7b, 0x25, | |||
| 1832 | 0xfe, 0x62, 0x83, 0x8b, 0x71, 0xec, 0x42, 0x2a, 0xd2, 0xf9, | |||
| 1833 | }, | |||
| 1834 | 32, "Google 'Solera2026h1' log" }, | |||
| 1835 | { (const uint8_t[]){ | |||
| 1836 | 0x62, 0xe9, 0x00, 0x60, 0x04, 0xa3, 0x07, 0x95, 0x5a, 0x75, 0x44, | |||
| 1837 | 0xb4, 0xd5, 0x84, 0xa9, 0x62, 0x68, 0xca, 0x1d, 0x6e, 0x45, 0x85, | |||
| 1838 | 0xad, 0xf0, 0x91, 0x6d, 0xfe, 0x5f, 0xdc, 0x1f, 0x04, 0xdb, | |||
| 1839 | }, | |||
| 1840 | 32, "Google 'Solera2026h2' log" }, | |||
| 1841 | { (const uint8_t[]){ | |||
| 1842 | 0x5e, 0xa7, 0x73, 0xf9, 0xdf, 0x56, 0xc0, 0xe7, 0xb5, 0x36, 0x48, | |||
| 1843 | 0x7d, 0xd0, 0x49, 0xe0, 0x32, 0x7a, 0x91, 0x9a, 0x0c, 0x84, 0xa1, | |||
| 1844 | 0x12, 0x12, 0x84, 0x18, 0x75, 0x96, 0x81, 0x71, 0x45, 0x58, | |||
| 1845 | }, | |||
| 1846 | 32, "Cloudflare 'Nimbus2020' Log" }, | |||
| 1847 | { (const uint8_t[]){ | |||
| 1848 | 0x44, 0x94, 0x65, 0x2e, 0xb0, 0xee, 0xce, 0xaf, 0xc4, 0x40, 0x07, | |||
| 1849 | 0xd8, 0xa8, 0xfe, 0x28, 0xc0, 0xda, 0xe6, 0x82, 0xbe, 0xd8, 0xcb, | |||
| 1850 | 0x31, 0xb5, 0x3f, 0xd3, 0x33, 0x96, 0xb5, 0xb6, 0x81, 0xa8, | |||
| 1851 | }, | |||
| 1852 | 32, "Cloudflare 'Nimbus2021' Log" }, | |||
| 1853 | { (const uint8_t[]){ | |||
| 1854 | 0x41, 0xc8, 0xca, 0xb1, 0xdf, 0x22, 0x46, 0x4a, 0x10, 0xc6, 0xa1, | |||
| 1855 | 0x3a, 0x09, 0x42, 0x87, 0x5e, 0x4e, 0x31, 0x8b, 0x1b, 0x03, 0xeb, | |||
| 1856 | 0xeb, 0x4b, 0xc7, 0x68, 0xf0, 0x90, 0x62, 0x96, 0x06, 0xf6, | |||
| 1857 | }, | |||
| 1858 | 32, "Cloudflare 'Nimbus2022' Log" }, | |||
| 1859 | { (const uint8_t[]){ | |||
| 1860 | 0x7a, 0x32, 0x8c, 0x54, 0xd8, 0xb7, 0x2d, 0xb6, 0x20, 0xea, 0x38, | |||
| 1861 | 0xe0, 0x52, 0x1e, 0xe9, 0x84, 0x16, 0x70, 0x32, 0x13, 0x85, 0x4d, | |||
| 1862 | 0x3b, 0xd2, 0x2b, 0xc1, 0x3a, 0x57, 0xa3, 0x52, 0xeb, 0x52, | |||
| 1863 | }, | |||
| 1864 | 32, "Cloudflare 'Nimbus2023' Log" }, | |||
| 1865 | { (const uint8_t[]){ | |||
| 1866 | 0xda, 0xb6, 0xbf, 0x6b, 0x3f, 0xb5, 0xb6, 0x22, 0x9f, 0x9b, 0xc2, | |||
| 1867 | 0xbb, 0x5c, 0x6b, 0xe8, 0x70, 0x91, 0x71, 0x6c, 0xbb, 0x51, 0x84, | |||
| 1868 | 0x85, 0x34, 0xbd, 0xa4, 0x3d, 0x30, 0x48, 0xd7, 0xfb, 0xab, | |||
| 1869 | }, | |||
| 1870 | 32, "Cloudflare 'Nimbus2024' Log" }, | |||
| 1871 | { (const uint8_t[]){ | |||
| 1872 | 0xcc, 0xfb, 0x0f, 0x6a, 0x85, 0x71, 0x09, 0x65, 0xfe, 0x95, 0x9b, | |||
| 1873 | 0x53, 0xce, 0xe9, 0xb2, 0x7c, 0x22, 0xe9, 0x85, 0x5c, 0x0d, 0x97, | |||
| 1874 | 0x8d, 0xb6, 0xa9, 0x7e, 0x54, 0xc0, 0xfe, 0x4c, 0x0d, 0xb0, | |||
| 1875 | }, | |||
| 1876 | 32, "Cloudflare 'Nimbus2025'" }, | |||
| 1877 | { (const uint8_t[]){ | |||
| 1878 | 0xcb, 0x38, 0xf7, 0x15, 0x89, 0x7c, 0x84, 0xa1, 0x44, 0x5f, 0x5b, | |||
| 1879 | 0xc1, 0xdd, 0xfb, 0xc9, 0x6e, 0xf2, 0x9a, 0x59, 0xcd, 0x47, 0x0a, | |||
| 1880 | 0x69, 0x05, 0x85, 0xb0, 0xcb, 0x14, 0xc3, 0x14, 0x58, 0xe7, | |||
| 1881 | }, | |||
| 1882 | 32, "Cloudflare 'Nimbus2026'" }, | |||
| 1883 | { (const uint8_t[]){ | |||
| 1884 | 0x1f, 0xbc, 0x36, 0xe0, 0x02, 0xed, 0xe9, 0x7f, 0x40, 0x19, 0x9e, | |||
| 1885 | 0x86, 0xb3, 0x57, 0x3b, 0x8a, 0x42, 0x17, 0xd8, 0x01, 0x87, 0x74, | |||
| 1886 | 0x6a, 0xd0, 0xda, 0x03, 0xa0, 0x60, 0x54, 0xd2, 0x0d, 0xf4, | |||
| 1887 | }, | |||
| 1888 | 32, "Cloudflare 'Nimbus2017' Log" }, | |||
| 1889 | { (const uint8_t[]){ | |||
| 1890 | 0xdb, 0x74, 0xaf, 0xee, 0xcb, 0x29, 0xec, 0xb1, 0xfe, 0xca, 0x3e, | |||
| 1891 | 0x71, 0x6d, 0x2c, 0xe5, 0xb9, 0xaa, 0xbb, 0x36, 0xf7, 0x84, 0x71, | |||
| 1892 | 0x83, 0xc7, 0x5d, 0x9d, 0x4f, 0x37, 0xb6, 0x1f, 0xbf, 0x64, | |||
| 1893 | }, | |||
| 1894 | 32, "Cloudflare 'Nimbus2018' Log" }, | |||
| 1895 | { (const uint8_t[]){ | |||
| 1896 | 0x74, 0x7e, 0xda, 0x83, 0x31, 0xad, 0x33, 0x10, 0x91, 0x21, 0x9c, | |||
| 1897 | 0xce, 0x25, 0x4f, 0x42, 0x70, 0xc2, 0xbf, 0xfd, 0x5e, 0x42, 0x20, | |||
| 1898 | 0x08, 0xc6, 0x37, 0x35, 0x79, 0xe6, 0x10, 0x7b, 0xcc, 0x56, | |||
| 1899 | }, | |||
| 1900 | 32, "Cloudflare 'Nimbus2019' Log" }, | |||
| 1901 | { (const uint8_t[]){ | |||
| 1902 | 0x56, 0x14, 0x06, 0x9a, 0x2f, 0xd7, 0xc2, 0xec, 0xd3, 0xf5, 0xe1, | |||
| 1903 | 0xbd, 0x44, 0xb2, 0x3e, 0xc7, 0x46, 0x76, 0xb9, 0xbc, 0x99, 0x11, | |||
| 1904 | 0x5c, 0xc0, 0xef, 0x94, 0x98, 0x55, 0xd6, 0x89, 0xd0, 0xdd, | |||
| 1905 | }, | |||
| 1906 | 32, "DigiCert Log Server" }, | |||
| 1907 | { (const uint8_t[]){ | |||
| 1908 | 0x87, 0x75, 0xbf, 0xe7, 0x59, 0x7c, 0xf8, 0x8c, 0x43, 0x99, 0x5f, | |||
| 1909 | 0xbd, 0xf3, 0x6e, 0xff, 0x56, 0x8d, 0x47, 0x56, 0x36, 0xff, 0x4a, | |||
| 1910 | 0xb5, 0x60, 0xc1, 0xb4, 0xea, 0xff, 0x5e, 0xa0, 0x83, 0x0f, | |||
| 1911 | }, | |||
| 1912 | 32, "DigiCert Log Server 2" }, | |||
| 1913 | { (const uint8_t[]){ | |||
| 1914 | 0xf0, 0x95, 0xa4, 0x59, 0xf2, 0x00, 0xd1, 0x82, 0x40, 0x10, 0x2d, | |||
| 1915 | 0x2f, 0x93, 0x88, 0x8e, 0xad, 0x4b, 0xfe, 0x1d, 0x47, 0xe3, 0x99, | |||
| 1916 | 0xe1, 0xd0, 0x34, 0xa6, 0xb0, 0xa8, 0xaa, 0x8e, 0xb2, 0x73, | |||
| 1917 | }, | |||
| 1918 | 32, "DigiCert Yeti2020 Log" }, | |||
| 1919 | { (const uint8_t[]){ | |||
| 1920 | 0x5c, 0xdc, 0x43, 0x92, 0xfe, 0xe6, 0xab, 0x45, 0x44, 0xb1, 0x5e, | |||
| 1921 | 0x9a, 0xd4, 0x56, 0xe6, 0x10, 0x37, 0xfb, 0xd5, 0xfa, 0x47, 0xdc, | |||
| 1922 | 0xa1, 0x73, 0x94, 0xb2, 0x5e, 0xe6, 0xf6, 0xc7, 0x0e, 0xca, | |||
| 1923 | }, | |||
| 1924 | 32, "DigiCert Yeti2021 Log" }, | |||
| 1925 | { (const uint8_t[]){ | |||
| 1926 | 0x22, 0x45, 0x45, 0x07, 0x59, 0x55, 0x24, 0x56, 0x96, 0x3f, 0xa1, | |||
| 1927 | 0x2f, 0xf1, 0xf7, 0x6d, 0x86, 0xe0, 0x23, 0x26, 0x63, 0xad, 0xc0, | |||
| 1928 | 0x4b, 0x7f, 0x5d, 0xc6, 0x83, 0x5c, 0x6e, 0xe2, 0x0f, 0x02, | |||
| 1929 | }, | |||
| 1930 | 32, "DigiCert Yeti2022 Log" }, | |||
| 1931 | { (const uint8_t[]){ | |||
| 1932 | 0x35, 0xcf, 0x19, 0x1b, 0xbf, 0xb1, 0x6c, 0x57, 0xbf, 0x0f, 0xad, | |||
| 1933 | 0x4c, 0x6d, 0x42, 0xcb, 0xbb, 0xb6, 0x27, 0x20, 0x26, 0x51, 0xea, | |||
| 1934 | 0x3f, 0xe1, 0x2a, 0xef, 0xa8, 0x03, 0xc3, 0x3b, 0xd6, 0x4c, | |||
| 1935 | }, | |||
| 1936 | 32, "DigiCert Yeti2023 Log" }, | |||
| 1937 | { (const uint8_t[]){ | |||
| 1938 | 0x48, 0xb0, 0xe3, 0x6b, 0xda, 0xa6, 0x47, 0x34, 0x0f, 0xe5, 0x6a, | |||
| 1939 | 0x02, 0xfa, 0x9d, 0x30, 0xeb, 0x1c, 0x52, 0x01, 0xcb, 0x56, 0xdd, | |||
| 1940 | 0x2c, 0x81, 0xd9, 0xbb, 0xbf, 0xab, 0x39, 0xd8, 0x84, 0x73, | |||
| 1941 | }, | |||
| 1942 | 32, "DigiCert Yeti2024 Log" }, | |||
| 1943 | { (const uint8_t[]){ | |||
| 1944 | 0x7d, 0x59, 0x1e, 0x12, 0xe1, 0x78, 0x2a, 0x7b, 0x1c, 0x61, 0x67, | |||
| 1945 | 0x7c, 0x5e, 0xfd, 0xf8, 0xd0, 0x87, 0x5c, 0x14, 0xa0, 0x4e, 0x95, | |||
| 1946 | 0x9e, 0xb9, 0x03, 0x2f, 0xd9, 0x0e, 0x8c, 0x2e, 0x79, 0xb8, | |||
| 1947 | }, | |||
| 1948 | 32, "DigiCert Yeti2025 Log" }, | |||
| 1949 | { (const uint8_t[]){ | |||
| 1950 | 0xc6, 0x52, 0xa0, 0xec, 0x48, 0xce, 0xb3, 0xfc, 0xab, 0x17, 0x09, | |||
| 1951 | 0x92, 0xc4, 0x3a, 0x87, 0x41, 0x33, 0x09, 0xe8, 0x00, 0x65, 0xa2, | |||
| 1952 | 0x62, 0x52, 0x40, 0x1b, 0xa3, 0x36, 0x2a, 0x17, 0xc5, 0x65, | |||
| 1953 | }, | |||
| 1954 | 32, "DigiCert Nessie2020 Log" }, | |||
| 1955 | { (const uint8_t[]){ | |||
| 1956 | 0xee, 0xc0, 0x95, 0xee, 0x8d, 0x72, 0x64, 0x0f, 0x92, 0xe3, 0xc3, | |||
| 1957 | 0xb9, 0x1b, 0xc7, 0x12, 0xa3, 0x69, 0x6a, 0x09, 0x7b, 0x4b, 0x6a, | |||
| 1958 | 0x1a, 0x14, 0x38, 0xe6, 0x47, 0xb2, 0xcb, 0xed, 0xc5, 0xf9, | |||
| 1959 | }, | |||
| 1960 | 32, "DigiCert Nessie2021 Log" }, | |||
| 1961 | { (const uint8_t[]){ | |||
| 1962 | 0x51, 0xa3, 0xb0, 0xf5, 0xfd, 0x01, 0x79, 0x9c, 0x56, 0x6d, 0xb8, | |||
| 1963 | 0x37, 0x78, 0x8f, 0x0c, 0xa4, 0x7a, 0xcc, 0x1b, 0x27, 0xcb, 0xf7, | |||
| 1964 | 0x9e, 0x88, 0x42, 0x9a, 0x0d, 0xfe, 0xd4, 0x8b, 0x05, 0xe5, | |||
| 1965 | }, | |||
| 1966 | 32, "DigiCert Nessie2022 Log" }, | |||
| 1967 | { (const uint8_t[]){ | |||
| 1968 | 0xb3, 0x73, 0x77, 0x07, 0xe1, 0x84, 0x50, 0xf8, 0x63, 0x86, 0xd6, | |||
| 1969 | 0x05, 0xa9, 0xdc, 0x11, 0x09, 0x4a, 0x79, 0x2d, 0xb1, 0x67, 0x0c, | |||
| 1970 | 0x0b, 0x87, 0xdc, 0xf0, 0x03, 0x0e, 0x79, 0x36, 0xa5, 0x9a, | |||
| 1971 | }, | |||
| 1972 | 32, "DigiCert Nessie2023 Log" }, | |||
| 1973 | { (const uint8_t[]){ | |||
| 1974 | 0x73, 0xd9, 0x9e, 0x89, 0x1b, 0x4c, 0x96, 0x78, 0xa0, 0x20, 0x7d, | |||
| 1975 | 0x47, 0x9d, 0xe6, 0xb2, 0xc6, 0x1c, 0xd0, 0x51, 0x5e, 0x71, 0x19, | |||
| 1976 | 0x2a, 0x8c, 0x6b, 0x80, 0x10, 0x7a, 0xc1, 0x77, 0x72, 0xb5, | |||
| 1977 | }, | |||
| 1978 | 32, "DigiCert Nessie2024 Log" }, | |||
| 1979 | { (const uint8_t[]){ | |||
| 1980 | 0xe6, 0xd2, 0x31, 0x63, 0x40, 0x77, 0x8c, 0xc1, 0x10, 0x41, 0x06, | |||
| 1981 | 0xd7, 0x71, 0xb9, 0xce, 0xc1, 0xd2, 0x40, 0xf6, 0x96, 0x84, 0x86, | |||
| 1982 | 0xfb, 0xba, 0x87, 0x32, 0x1d, 0xfd, 0x1e, 0x37, 0x8e, 0x50, | |||
| 1983 | }, | |||
| 1984 | 32, "DigiCert Nessie2025 Log" }, | |||
| 1985 | { (const uint8_t[]){ | |||
| 1986 | 0xb6, 0x9d, 0xdc, 0xbc, 0x3c, 0x1a, 0xbd, 0xef, 0x6f, 0x9f, 0xd6, | |||
| 1987 | 0x0c, 0x88, 0xb1, 0x06, 0x7b, 0x77, 0xf0, 0x82, 0x68, 0x8b, 0x2d, | |||
| 1988 | 0x78, 0x65, 0xd0, 0x4b, 0x39, 0xab, 0xe9, 0x27, 0xa5, 0x75, | |||
| 1989 | }, | |||
| 1990 | 32, "DigiCert 'Wyvern2024h1' Log" }, | |||
| 1991 | { (const uint8_t[]){ | |||
| 1992 | 0x0c, 0x2a, 0xef, 0x2c, 0x4a, 0x5b, 0x98, 0x83, 0xd4, 0xdd, 0xa3, | |||
| 1993 | 0x82, 0xfe, 0x50, 0xfb, 0x51, 0x88, 0xb3, 0xe9, 0x73, 0x33, 0xa1, | |||
| 1994 | 0xec, 0x53, 0xa0, 0x9d, 0xc9, 0xa7, 0x9d, 0x0d, 0x08, 0x20, | |||
| 1995 | }, | |||
| 1996 | 32, "DigiCert 'Wyvern2024h2' Log" }, | |||
| 1997 | { (const uint8_t[]){ | |||
| 1998 | 0x73, 0x20, 0x22, 0x0f, 0x08, 0x16, 0x8a, 0xf9, 0xf3, 0xc4, 0xa6, | |||
| 1999 | 0x8b, 0x0a, 0xb2, 0x6a, 0x9a, 0x4a, 0x00, 0xee, 0xf5, 0x77, 0x85, | |||
| 2000 | 0x8a, 0x08, 0x4d, 0x05, 0x00, 0xd4, 0xa5, 0x42, 0x44, 0x59, | |||
| 2001 | }, | |||
| 2002 | 32, "DigiCert 'Wyvern2025h1' Log" }, | |||
| 2003 | { (const uint8_t[]){ | |||
| 2004 | 0xed, 0x3c, 0x4b, 0xd6, 0xe8, 0x06, 0xc2, 0xa4, 0xa2, 0x00, 0x57, | |||
| 2005 | 0xdb, 0xcb, 0x24, 0xe2, 0x38, 0x01, 0xdf, 0x51, 0x2f, 0xed, 0xc4, | |||
| 2006 | 0x86, 0xc5, 0x70, 0x0f, 0x20, 0xdd, 0xb7, 0x3e, 0x3f, 0xe0, | |||
| 2007 | }, | |||
| 2008 | 32, "DigiCert 'Wyvern2025h2' Log" }, | |||
| 2009 | { (const uint8_t[]){ | |||
| 2010 | 0x64, 0x11, 0xc4, 0x6c, 0xa4, 0x12, 0xec, 0xa7, 0x89, 0x1c, 0xa2, | |||
| 2011 | 0x02, 0x2e, 0x00, 0xbc, 0xab, 0x4f, 0x28, 0x07, 0xd4, 0x1e, 0x35, | |||
| 2012 | 0x27, 0xab, 0xea, 0xfe, 0xd5, 0x03, 0xc9, 0x7d, 0xcd, 0xf0, | |||
| 2013 | }, | |||
| 2014 | 32, "DigiCert 'Wyvern2026h1'" }, | |||
| 2015 | { (const uint8_t[]){ | |||
| 2016 | 0xc2, 0x31, 0x7e, 0x57, 0x45, 0x19, 0xa3, 0x45, 0xee, 0x7f, 0x38, | |||
| 2017 | 0xde, 0xb2, 0x90, 0x41, 0xeb, 0xc7, 0xc2, 0x21, 0x5a, 0x22, 0xbf, | |||
| 2018 | 0x7f, 0xd5, 0xb5, 0xad, 0x76, 0x9a, 0xd9, 0x0e, 0x52, 0xcd, | |||
| 2019 | }, | |||
| 2020 | 32, "DigiCert 'Wyvern2026h2'" }, | |||
| 2021 | { (const uint8_t[]){ | |||
| 2022 | 0xdb, 0x07, 0x6c, 0xde, 0x6a, 0x8b, 0x78, 0xec, 0x58, 0xd6, 0x05, | |||
| 2023 | 0x64, 0x96, 0xeb, 0x6a, 0x26, 0xa8, 0xc5, 0x9e, 0x72, 0x12, 0x93, | |||
| 2024 | 0xe8, 0xac, 0x03, 0x27, 0xdd, 0xde, 0x89, 0xdb, 0x5a, 0x2a, | |||
| 2025 | }, | |||
| 2026 | 32, "DigiCert 'Sphinx2024h1' Log" }, | |||
| 2027 | { (const uint8_t[]){ | |||
| 2028 | 0xdc, 0xc9, 0x5e, 0x6f, 0xa2, 0x99, 0xb9, 0xb0, 0xfd, 0xbd, 0x6c, | |||
| 2029 | 0xa6, 0xa3, 0x6e, 0x1d, 0x72, 0xc4, 0x21, 0x2f, 0xdd, 0x1e, 0x0f, | |||
| 2030 | 0x47, 0x55, 0x3a, 0x36, 0xd6, 0xcf, 0x1a, 0xd1, 0x1d, 0x8d, | |||
| 2031 | }, | |||
| 2032 | 32, "DigiCert 'Sphinx2024h2' Log" }, | |||
| 2033 | { (const uint8_t[]){ | |||
| 2034 | 0xde, 0x85, 0x81, 0xd7, 0x50, 0x24, 0x7c, 0x6b, 0xcd, 0xcb, 0xaf, | |||
| 2035 | 0x56, 0x37, 0xc5, 0xe7, 0x81, 0xc6, 0x4c, 0xe4, 0x6e, 0xd6, 0x17, | |||
| 2036 | 0x63, 0x9f, 0x8f, 0x34, 0xa7, 0x26, 0xc9, 0xe2, 0xbd, 0x37, | |||
| 2037 | }, | |||
| 2038 | 32, "DigiCert 'Sphinx2025h1' Log" }, | |||
| 2039 | { (const uint8_t[]){ | |||
| 2040 | 0xa4, 0x42, 0xc5, 0x06, 0x49, 0x60, 0x61, 0x54, 0x8f, 0x0f, 0xd4, | |||
| 2041 | 0xea, 0x9c, 0xfb, 0x7a, 0x2d, 0x26, 0x45, 0x4d, 0x87, 0xa9, 0x7f, | |||
| 2042 | 0x2f, 0xdf, 0x45, 0x59, 0xf6, 0x27, 0x4f, 0x3a, 0x84, 0x54, | |||
| 2043 | }, | |||
| 2044 | 32, "DigiCert 'Sphinx2025h2' Log" }, | |||
| 2045 | { (const uint8_t[]){ | |||
| 2046 | 0x49, 0x9c, 0x9b, 0x69, 0xde, 0x1d, 0x7c, 0xec, 0xfc, 0x36, 0xde, | |||
| 2047 | 0xcd, 0x87, 0x64, 0xa6, 0xb8, 0x5b, 0xaf, 0x0a, 0x87, 0x80, 0x19, | |||
| 2048 | 0xd1, 0x55, 0x52, 0xfb, 0xe9, 0xeb, 0x29, 0xdd, 0xf8, 0xc3, | |||
| 2049 | }, | |||
| 2050 | 32, "DigiCert 'Sphinx2026h1'" }, | |||
| 2051 | { (const uint8_t[]){ | |||
| 2052 | 0x94, 0x4e, 0x43, 0x87, 0xfa, 0xec, 0xc1, 0xef, 0x81, 0xf3, 0x19, | |||
| 2053 | 0x24, 0x26, 0xa8, 0x18, 0x65, 0x01, 0xc7, 0xd3, 0x5f, 0x38, 0x02, | |||
| 2054 | 0x01, 0x3f, 0x72, 0x67, 0x7d, 0x55, 0x37, 0x2e, 0x19, 0xd8, | |||
| 2055 | }, | |||
| 2056 | 32, "DigiCert 'Sphinx2026h2'" }, | |||
| 2057 | { (const uint8_t[]){ | |||
| 2058 | 0xdd, 0xeb, 0x1d, 0x2b, 0x7a, 0x0d, 0x4f, 0xa6, 0x20, 0x8b, 0x81, | |||
| 2059 | 0xad, 0x81, 0x68, 0x70, 0x7e, 0x2e, 0x8e, 0x9d, 0x01, 0xd5, 0x5c, | |||
| 2060 | 0x88, 0x8d, 0x3d, 0x11, 0xc4, 0xcd, 0xb6, 0xec, 0xbe, 0xcc, | |||
| 2061 | }, | |||
| 2062 | 32, "Symantec log" }, | |||
| 2063 | { (const uint8_t[]){ | |||
| 2064 | 0xbc, 0x78, 0xe1, 0xdf, 0xc5, 0xf6, 0x3c, 0x68, 0x46, 0x49, 0x33, | |||
| 2065 | 0x4d, 0xa1, 0x0f, 0xa1, 0x5f, 0x09, 0x79, 0x69, 0x20, 0x09, 0xc0, | |||
| 2066 | 0x81, 0xb4, 0xf3, 0xf6, 0x91, 0x7f, 0x3e, 0xd9, 0xb8, 0xa5, | |||
| 2067 | }, | |||
| 2068 | 32, "Symantec 'Vega' log" }, | |||
| 2069 | { (const uint8_t[]){ | |||
| 2070 | 0x15, 0x97, 0x04, 0x88, 0xd7, 0xb9, 0x97, 0xa0, 0x5b, 0xeb, 0x52, | |||
| 2071 | 0x51, 0x2a, 0xde, 0xe8, 0xd2, 0xe8, 0xb4, 0xa3, 0x16, 0x52, 0x64, | |||
| 2072 | 0x12, 0x1a, 0x9f, 0xab, 0xfb, 0xd5, 0xf8, 0x5a, 0xd9, 0x3f, | |||
| 2073 | }, | |||
| 2074 | 32, "Symantec 'Sirius' log" }, | |||
| 2075 | { (const uint8_t[]){ | |||
| 2076 | 0x05, 0x9c, 0x01, 0xd3, 0x20, 0xe0, 0x07, 0x84, 0x13, 0x95, 0x80, | |||
| 2077 | 0x49, 0x8d, 0x11, 0x7c, 0x90, 0x32, 0x66, 0xaf, 0xaf, 0x72, 0x50, | |||
| 2078 | 0xb5, 0xaf, 0x3b, 0x46, 0xa4, 0x3e, 0x11, 0x84, 0x0d, 0x4a, | |||
| 2079 | }, | |||
| 2080 | 32, "DigiCert Yeti2022-2 Log" }, | |||
| 2081 | { (const uint8_t[]){ | |||
| 2082 | 0xc1, 0x16, 0x4a, 0xe0, 0xa7, 0x72, 0xd2, 0xd4, 0x39, 0x2d, 0xc8, | |||
| 2083 | 0x0a, 0xc1, 0x07, 0x70, 0xd4, 0xf0, 0xc4, 0x9b, 0xde, 0x99, 0x1a, | |||
| 2084 | 0x48, 0x40, 0xc1, 0xfa, 0x07, 0x51, 0x64, 0xf6, 0x33, 0x60, | |||
| 2085 | }, | |||
| 2086 | 32, "DigiCert Yeti2018 Log" }, | |||
| 2087 | { (const uint8_t[]){ | |||
| 2088 | 0xe2, 0x69, 0x4b, 0xae, 0x26, 0xe8, 0xe9, 0x40, 0x09, 0xe8, 0x86, | |||
| 2089 | 0x1b, 0xb6, 0x3b, 0x83, 0xd4, 0x3e, 0xe7, 0xfe, 0x74, 0x88, 0xfb, | |||
| 2090 | 0xa4, 0x8f, 0x28, 0x93, 0x01, 0x9d, 0xdd, 0xf1, 0xdb, 0xfe, | |||
| 2091 | }, | |||
| 2092 | 32, "DigiCert Yeti2019 Log" }, | |||
| 2093 | { (const uint8_t[]){ | |||
| 2094 | 0x6f, 0xf1, 0x41, 0xb5, 0x64, 0x7e, 0x42, 0x22, 0xf7, 0xef, 0x05, | |||
| 2095 | 0x2c, 0xef, 0xae, 0x7c, 0x21, 0xfd, 0x60, 0x8e, 0x27, 0xd2, 0xaf, | |||
| 2096 | 0x5a, 0x6e, 0x9f, 0x4b, 0x8a, 0x37, 0xd6, 0x63, 0x3e, 0xe5, | |||
| 2097 | }, | |||
| 2098 | 32, "DigiCert Nessie2018 Log" }, | |||
| 2099 | { (const uint8_t[]){ | |||
| 2100 | 0xfe, 0x44, 0x61, 0x08, 0xb1, 0xd0, 0x1a, 0xb7, 0x8a, 0x62, 0xcc, | |||
| 2101 | 0xfe, 0xab, 0x6a, 0xb2, 0xb2, 0xba, 0xbf, 0xf3, 0xab, 0xda, 0xd8, | |||
| 2102 | 0x0a, 0x4d, 0x8b, 0x30, 0xdf, 0x2d, 0x00, 0x08, 0x83, 0x0c, | |||
| 2103 | }, | |||
| 2104 | 32, "DigiCert Nessie2019 Log" }, | |||
| 2105 | { (const uint8_t[]){ | |||
| 2106 | 0xa7, 0xce, 0x4a, 0x4e, 0x62, 0x07, 0xe0, 0xad, 0xde, 0xe5, 0xfd, | |||
| 2107 | 0xaa, 0x4b, 0x1f, 0x86, 0x76, 0x87, 0x67, 0xb5, 0xd0, 0x02, 0xa5, | |||
| 2108 | 0x5d, 0x47, 0x31, 0x0e, 0x7e, 0x67, 0x0a, 0x95, 0xea, 0xb2, | |||
| 2109 | }, | |||
| 2110 | 32, "Symantec Deneb" }, | |||
| 2111 | { (const uint8_t[]){ | |||
| 2112 | 0xcd, 0xb5, 0x17, 0x9b, 0x7f, 0xc1, 0xc0, 0x46, 0xfe, 0xea, 0x31, | |||
| 2113 | 0x13, 0x6a, 0x3f, 0x8f, 0x00, 0x2e, 0x61, 0x82, 0xfa, 0xf8, 0x89, | |||
| 2114 | 0x6f, 0xec, 0xc8, 0xb2, 0xf5, 0xb5, 0xab, 0x60, 0x49, 0x00, | |||
| 2115 | }, | |||
| 2116 | 32, "Certly.IO log" }, | |||
| 2117 | { (const uint8_t[]){ | |||
| 2118 | 0x74, 0x61, 0xb4, 0xa0, 0x9c, 0xfb, 0x3d, 0x41, 0xd7, 0x51, 0x59, | |||
| 2119 | 0x57, 0x5b, 0x2e, 0x76, 0x49, 0xa4, 0x45, 0xa8, 0xd2, 0x77, 0x09, | |||
| 2120 | 0xb0, 0xcc, 0x56, 0x4a, 0x64, 0x82, 0xb7, 0xeb, 0x41, 0xa3, | |||
| 2121 | }, | |||
| 2122 | 32, "Izenpe log" }, | |||
| 2123 | { (const uint8_t[]){ | |||
| 2124 | 0x89, 0x41, 0x44, 0x9c, 0x70, 0x74, 0x2e, 0x06, 0xb9, 0xfc, 0x9c, | |||
| 2125 | 0xe7, 0xb1, 0x16, 0xba, 0x00, 0x24, 0xaa, 0x36, 0xd5, 0x9a, 0xf4, | |||
| 2126 | 0x4f, 0x02, 0x04, 0x40, 0x4f, 0x00, 0xf7, 0xea, 0x85, 0x66, | |||
| 2127 | }, | |||
| 2128 | 32, "Izenpe 'Argi' log" }, | |||
| 2129 | { (const uint8_t[]){ | |||
| 2130 | 0x41, 0xb2, 0xdc, 0x2e, 0x89, 0xe6, 0x3c, 0xe4, 0xaf, 0x1b, 0xa7, | |||
| 2131 | 0xbb, 0x29, 0xbf, 0x68, 0xc6, 0xde, 0xe6, 0xf9, 0xf1, 0xcc, 0x04, | |||
| 2132 | 0x7e, 0x30, 0xdf, 0xfa, 0xe3, 0xb3, 0xba, 0x25, 0x92, 0x63, | |||
| 2133 | }, | |||
| 2134 | 32, "WoSign log" }, | |||
| 2135 | { (const uint8_t[]){ | |||
| 2136 | 0x9e, 0x4f, 0xf7, 0x3d, 0xc3, 0xce, 0x22, 0x0b, 0x69, 0x21, 0x7c, | |||
| 2137 | 0x89, 0x9e, 0x46, 0x80, 0x76, 0xab, 0xf8, 0xd7, 0x86, 0x36, 0xd5, | |||
| 2138 | 0xcc, 0xfc, 0x85, 0xa3, 0x1a, 0x75, 0x62, 0x8b, 0xa8, 0x8b, | |||
| 2139 | }, | |||
| 2140 | 32, "WoSign CT log #1" }, | |||
| 2141 | { (const uint8_t[]){ | |||
| 2142 | 0x63, 0xd0, 0x00, 0x60, 0x26, 0xdd, 0xe1, 0x0b, 0xb0, 0x60, 0x1f, | |||
| 2143 | 0x45, 0x24, 0x46, 0x96, 0x5e, 0xe2, 0xb6, 0xea, 0x2c, 0xd4, 0xfb, | |||
| 2144 | 0xc9, 0x5a, 0xc8, 0x66, 0xa5, 0x50, 0xaf, 0x90, 0x75, 0xb7, | |||
| 2145 | }, | |||
| 2146 | 32, "WoSign log 2" }, | |||
| 2147 | { (const uint8_t[]){ | |||
| 2148 | 0xac, 0x3b, 0x9a, 0xed, 0x7f, 0xa9, 0x67, 0x47, 0x57, 0x15, 0x9e, | |||
| 2149 | 0x6d, 0x7d, 0x57, 0x56, 0x72, 0xf9, 0xd9, 0x81, 0x00, 0x94, 0x1e, | |||
| 2150 | 0x9b, 0xde, 0xff, 0xec, 0xa1, 0x31, 0x3b, 0x75, 0x78, 0x2d, | |||
| 2151 | }, | |||
| 2152 | 32, "Venafi log" }, | |||
| 2153 | { (const uint8_t[]){ | |||
| 2154 | 0x03, 0x01, 0x9d, 0xf3, 0xfd, 0x85, 0xa6, 0x9a, 0x8e, 0xbd, 0x1f, | |||
| 2155 | 0xac, 0xc6, 0xda, 0x9b, 0xa7, 0x3e, 0x46, 0x97, 0x74, 0xfe, 0x77, | |||
| 2156 | 0xf5, 0x79, 0xfc, 0x5a, 0x08, 0xb8, 0x32, 0x8c, 0x1d, 0x6b, | |||
| 2157 | }, | |||
| 2158 | 32, "Venafi Gen2 CT log" }, | |||
| 2159 | { (const uint8_t[]){ | |||
| 2160 | 0xa5, 0x77, 0xac, 0x9c, 0xed, 0x75, 0x48, 0xdd, 0x8f, 0x02, 0x5b, | |||
| 2161 | 0x67, 0xa2, 0x41, 0x08, 0x9d, 0xf8, 0x6e, 0x0f, 0x47, 0x6e, 0xc2, | |||
| 2162 | 0x03, 0xc2, 0xec, 0xbe, 0xdb, 0x18, 0x5f, 0x28, 0x26, 0x38, | |||
| 2163 | }, | |||
| 2164 | 32, "CNNIC CT log" }, | |||
| 2165 | { (const uint8_t[]){ | |||
| 2166 | 0x34, 0xbb, 0x6a, 0xd6, 0xc3, 0xdf, 0x9c, 0x03, 0xee, 0xa8, 0xa4, | |||
| 2167 | 0x99, 0xff, 0x78, 0x91, 0x48, 0x6c, 0x9d, 0x5e, 0x5c, 0xac, 0x92, | |||
| 2168 | 0xd0, 0x1f, 0x7b, 0xfd, 0x1b, 0xce, 0x19, 0xdb, 0x48, 0xef, | |||
| 2169 | }, | |||
| 2170 | 32, "StartCom log" }, | |||
| 2171 | { (const uint8_t[]){ | |||
| 2172 | 0x55, 0x81, 0xd4, 0xc2, 0x16, 0x90, 0x36, 0x01, 0x4a, 0xea, 0x0b, | |||
| 2173 | 0x9b, 0x57, 0x3c, 0x53, 0xf0, 0xc0, 0xe4, 0x38, 0x78, 0x70, 0x25, | |||
| 2174 | 0x08, 0x17, 0x2f, 0xa3, 0xaa, 0x1d, 0x07, 0x13, 0xd3, 0x0c, | |||
| 2175 | }, | |||
| 2176 | 32, "Sectigo 'Sabre' CT log" }, | |||
| 2177 | { (const uint8_t[]){ | |||
| 2178 | 0xa2, 0xe2, 0xbf, 0xd6, 0x1e, 0xde, 0x2f, 0x2f, 0x07, 0xa0, 0xd6, | |||
| 2179 | 0x4e, 0x6d, 0x37, 0xa7, 0xdc, 0x65, 0x43, 0xb0, 0xc6, 0xb5, 0x2e, | |||
| 2180 | 0xa2, 0xda, 0xb7, 0x8a, 0xf8, 0x9a, 0x6d, 0xf5, 0x17, 0xd8, | |||
| 2181 | }, | |||
| 2182 | 32, "Sectigo 'Sabre2024h1'" }, | |||
| 2183 | { (const uint8_t[]){ | |||
| 2184 | 0x19, 0x98, 0x10, 0x71, 0x09, 0xf0, 0xd6, 0x52, 0x2e, 0x30, 0x80, | |||
| 2185 | 0xd2, 0x9e, 0x3f, 0x64, 0xbb, 0x83, 0x6e, 0x28, 0xcc, 0xf9, 0x0f, | |||
| 2186 | 0x52, 0x8e, 0xee, 0xdf, 0xce, 0x4a, 0x3f, 0x16, 0xb4, 0xca, | |||
| 2187 | }, | |||
| 2188 | 32, "Sectigo 'Sabre2024h2'" }, | |||
| 2189 | { (const uint8_t[]){ | |||
| 2190 | 0xe0, 0x92, 0xb3, 0xfc, 0x0c, 0x1d, 0xc8, 0xe7, 0x68, 0x36, 0x1f, | |||
| 2191 | 0xde, 0x61, 0xb9, 0x96, 0x4d, 0x0a, 0x52, 0x78, 0x19, 0x8a, 0x72, | |||
| 2192 | 0xd6, 0x72, 0xc4, 0xb0, 0x4d, 0xa5, 0x6d, 0x6f, 0x54, 0x04, | |||
| 2193 | }, | |||
| 2194 | 32, "Sectigo 'Sabre2025h1'" }, | |||
| 2195 | { (const uint8_t[]){ | |||
| 2196 | 0x1a, 0x04, 0xff, 0x49, 0xd0, 0x54, 0x1d, 0x40, 0xaf, 0xf6, 0xa0, | |||
| 2197 | 0xc3, 0xbf, 0xf1, 0xd8, 0xc4, 0x67, 0x2f, 0x4e, 0xec, 0xee, 0x23, | |||
| 2198 | 0x40, 0x68, 0x98, 0x6b, 0x17, 0x40, 0x2e, 0xdc, 0x89, 0x7d, | |||
| 2199 | }, | |||
| 2200 | 32, "Sectigo 'Sabre2025h2'" }, | |||
| 2201 | { (const uint8_t[]){ | |||
| 2202 | 0x6f, 0x53, 0x76, 0xac, 0x31, 0xf0, 0x31, 0x19, 0xd8, 0x99, 0x00, | |||
| 2203 | 0xa4, 0x51, 0x15, 0xff, 0x77, 0x15, 0x1c, 0x11, 0xd9, 0x02, 0xc1, | |||
| 2204 | 0x00, 0x29, 0x06, 0x8d, 0xb2, 0x08, 0x9a, 0x37, 0xd9, 0x13, | |||
| 2205 | }, | |||
| 2206 | 32, "Sectigo 'Mammoth' CT log" }, | |||
| 2207 | { (const uint8_t[]){ | |||
| 2208 | 0x29, 0xd0, 0x3a, 0x1b, 0xb6, 0x74, 0xaa, 0x71, 0x1c, 0xd3, 0x03, | |||
| 2209 | 0x5b, 0x65, 0x57, 0xc1, 0x4f, 0x8a, 0xa7, 0x8b, 0x4f, 0xe8, 0x38, | |||
| 2210 | 0x94, 0x49, 0xec, 0xa4, 0x53, 0xf9, 0x44, 0xbd, 0x24, 0x68, | |||
| 2211 | }, | |||
| 2212 | 32, "Sectigo 'Mammoth2024h1'" }, | |||
| 2213 | { (const uint8_t[]){ | |||
| 2214 | 0x50, 0x85, 0x01, 0x58, 0xdc, 0xb6, 0x05, 0x95, 0xc0, 0x0e, 0x92, | |||
| 2215 | 0xa8, 0x11, 0x02, 0xec, 0xcd, 0xfe, 0x3f, 0x6b, 0x78, 0x58, 0x42, | |||
| 2216 | 0x9f, 0x57, 0x98, 0x35, 0x38, 0xc9, 0xda, 0x52, 0x50, 0x63, | |||
| 2217 | }, | |||
| 2218 | 32, "Sectigo 'Mammoth2024h1b'" }, | |||
| 2219 | { (const uint8_t[]){ | |||
| 2220 | 0xdf, 0xe1, 0x56, 0xeb, 0xaa, 0x05, 0xaf, 0xb5, 0x9c, 0x0f, 0x86, | |||
| 2221 | 0x71, 0x8d, 0xa8, 0xc0, 0x32, 0x4e, 0xae, 0x56, 0xd9, 0x6e, 0xa7, | |||
| 2222 | 0xf5, 0xa5, 0x6a, 0x01, 0xd1, 0xc1, 0x3b, 0xbe, 0x52, 0x5c, | |||
| 2223 | }, | |||
| 2224 | 32, "Sectigo 'Mammoth2024h2'" }, | |||
| 2225 | { (const uint8_t[]){ | |||
| 2226 | 0x13, 0x4a, 0xdf, 0x1a, 0xb5, 0x98, 0x42, 0x09, 0x78, 0x0c, 0x6f, | |||
| 2227 | 0xef, 0x4c, 0x7a, 0x91, 0xa4, 0x16, 0xb7, 0x23, 0x49, 0xce, 0x58, | |||
| 2228 | 0x57, 0x6a, 0xdf, 0xae, 0xda, 0xa7, 0xc2, 0xab, 0xe0, 0x22, | |||
| 2229 | }, | |||
| 2230 | 32, "Sectigo 'Mammoth2025h1'" }, | |||
| 2231 | { (const uint8_t[]){ | |||
| 2232 | 0xaf, 0x18, 0x1a, 0x28, 0xd6, 0x8c, 0xa3, 0xe0, 0xa9, 0x8a, 0x4c, | |||
| 2233 | 0x9c, 0x67, 0xab, 0x09, 0xf8, 0xbb, 0xbc, 0x22, 0xba, 0xae, 0xbc, | |||
| 2234 | 0xb1, 0x38, 0xa3, 0xa1, 0x9d, 0xd3, 0xf9, 0xb6, 0x03, 0x0d, | |||
| 2235 | }, | |||
| 2236 | 32, "Sectigo 'Mammoth2025h2'" }, | |||
| 2237 | { (const uint8_t[]){ | |||
| 2238 | 0x25, 0x2f, 0x94, 0xc2, 0x2b, 0x29, 0xe9, 0x6e, 0x9f, 0x41, 0x1a, | |||
| 2239 | 0x72, 0x07, 0x2b, 0x69, 0x5c, 0x5b, 0x52, 0xff, 0x97, 0xa9, 0x0d, | |||
| 2240 | 0x25, 0x40, 0xbb, 0xfc, 0xdc, 0x51, 0xec, 0x4d, 0xee, 0x0b, | |||
| 2241 | }, | |||
| 2242 | 32, "Sectigo 'Mammoth2026h1'" }, | |||
| 2243 | { (const uint8_t[]){ | |||
| 2244 | 0x94, 0xb1, 0xc1, 0x8a, 0xb0, 0xd0, 0x57, 0xc4, 0x7b, 0xe0, 0xac, | |||
| 2245 | 0x04, 0x0e, 0x1f, 0x2c, 0xbc, 0x8d, 0xc3, 0x75, 0x72, 0x7b, 0xc9, | |||
| 2246 | 0x51, 0xf2, 0x0a, 0x52, 0x61, 0x26, 0x86, 0x3b, 0xa7, 0x3c, | |||
| 2247 | }, | |||
| 2248 | 32, "Sectigo 'Mammoth2026h2'" }, | |||
| 2249 | { (const uint8_t[]){ | |||
| 2250 | 0x56, 0x6c, 0xd5, 0xa3, 0x76, 0xbe, 0x83, 0xdf, 0xe3, 0x42, 0xb6, | |||
| 2251 | 0x75, 0xc4, 0x9c, 0x23, 0x24, 0x98, 0xa7, 0x69, 0xba, 0xc3, 0x82, | |||
| 2252 | 0xcb, 0xab, 0x49, 0xa3, 0x87, 0x7d, 0x9a, 0xb3, 0x2d, 0x01, | |||
| 2253 | }, | |||
| 2254 | 32, "Sectigo 'Sabre2026h1'" }, | |||
| 2255 | { (const uint8_t[]){ | |||
| 2256 | 0x1f, 0x56, 0xd1, 0xab, 0x94, 0x70, 0x4a, 0x41, 0xdd, 0x3f, 0xea, | |||
| 2257 | 0xfd, 0xf4, 0x69, 0x93, 0x55, 0x30, 0x2c, 0x14, 0x31, 0xbf, 0xe6, | |||
| 2258 | 0x13, 0x46, 0x08, 0x9f, 0xff, 0xae, 0x79, 0x5d, 0xcc, 0x2f, | |||
| 2259 | }, | |||
| 2260 | 32, "Sectigo 'Sabre2026h2'" }, | |||
| 2261 | { (const uint8_t[]){ | |||
| 2262 | 0x0d, 0x1d, 0xbc, 0x89, 0x44, 0xe9, 0xf5, 0x00, 0x55, 0x42, 0xd7, | |||
| 2263 | 0x2d, 0x3e, 0x14, 0x4c, 0xcc, 0x43, 0x08, 0x2a, 0xb6, 0xea, 0x1e, | |||
| 2264 | 0x94, 0xdf, 0xd7, 0x06, 0x65, 0x7d, 0x2e, 0x86, 0xf3, 0x01, | |||
| 2265 | }, | |||
| 2266 | 32, "Sectigo 'Elephant2025h2'" }, | |||
| 2267 | { (const uint8_t[]){ | |||
| 2268 | 0xd1, 0x6e, 0xa9, 0xa5, 0x68, 0x07, 0x7e, 0x66, 0x35, 0xa0, 0x3f, | |||
| 2269 | 0x37, 0xa5, 0xdd, 0xbc, 0x03, 0xa5, 0x3c, 0x41, 0x12, 0x14, 0xd4, | |||
| 2270 | 0x88, 0x18, 0xf5, 0xe9, 0x31, 0xb3, 0x23, 0xcb, 0x95, 0x04, | |||
| 2271 | }, | |||
| 2272 | 32, "Sectigo 'Elephant2026h1'" }, | |||
| 2273 | { (const uint8_t[]){ | |||
| 2274 | 0xaf, 0x67, 0x88, 0x3b, 0x57, 0xb0, 0x4e, 0xdd, 0x8f, 0xa6, 0xd9, | |||
| 2275 | 0x7e, 0xf6, 0x2e, 0xa8, 0xeb, 0x81, 0x0a, 0xc7, 0x71, 0x60, 0xf0, | |||
| 2276 | 0x24, 0x5e, 0x55, 0xd6, 0x0c, 0x2f, 0xe7, 0x85, 0x87, 0x3a, | |||
| 2277 | }, | |||
| 2278 | 32, "Sectigo 'Elephant2026h2'" }, | |||
| 2279 | { (const uint8_t[]){ | |||
| 2280 | 0x60, 0x4c, 0x9a, 0xaf, 0x7a, 0x7f, 0x77, 0x5f, 0x01, 0xd4, 0x06, | |||
| 2281 | 0xfc, 0x92, 0x0d, 0xc8, 0x99, 0xeb, 0x0b, 0x1c, 0x7d, 0xf8, 0xc9, | |||
| 2282 | 0x52, 0x1b, 0xfa, 0xfa, 0x17, 0x77, 0x3b, 0x97, 0x8b, 0xc9, | |||
| 2283 | }, | |||
| 2284 | 32, "Sectigo 'Elephant2027h1'" }, | |||
| 2285 | { (const uint8_t[]){ | |||
| 2286 | 0xa2, 0x49, 0x0c, 0xdc, 0xdb, 0x8e, 0x33, 0xa4, 0x00, 0x32, 0x17, | |||
| 2287 | 0x60, 0xd6, 0xd4, 0xd5, 0x1a, 0x20, 0x36, 0x19, 0x1e, 0xa7, 0x7d, | |||
| 2288 | 0x96, 0x8b, 0xe2, 0x6a, 0x8a, 0x00, 0xf6, 0xff, 0xff, 0xf7, | |||
| 2289 | }, | |||
| 2290 | 32, "Sectigo 'Elephant2027h2'" }, | |||
| 2291 | { (const uint8_t[]){ | |||
| 2292 | 0x5c, 0xa5, 0x77, 0xd2, 0x9b, 0x7f, 0x8b, 0xaf, 0x41, 0x9e, 0xd8, | |||
| 2293 | 0xec, 0xab, 0xfb, 0x6d, 0xcb, 0xae, 0xc3, 0x85, 0x37, 0x02, 0xd5, | |||
| 2294 | 0x74, 0x6f, 0x17, 0x4d, 0xad, 0x3c, 0x93, 0x4a, 0xa9, 0x6a, | |||
| 2295 | }, | |||
| 2296 | 32, "Sectigo 'Tiger2025h2'" }, | |||
| 2297 | { (const uint8_t[]){ | |||
| 2298 | 0x16, 0x83, 0x2d, 0xab, 0xf0, 0xa9, 0x25, 0x0f, 0x0f, 0xf0, 0x3a, | |||
| 2299 | 0xa5, 0x45, 0xff, 0xc8, 0xbf, 0xc8, 0x23, 0xd0, 0x87, 0x4b, 0xf6, | |||
| 2300 | 0x04, 0x29, 0x27, 0xf8, 0xe7, 0x1f, 0x33, 0x13, 0xf5, 0xfa, | |||
| 2301 | }, | |||
| 2302 | 32, "Sectigo 'Tiger2026h1'" }, | |||
| 2303 | { (const uint8_t[]){ | |||
| 2304 | 0xc8, 0xa3, 0xc4, 0x7f, 0xc7, 0xb3, 0xad, 0xb9, 0x35, 0x6b, 0x01, | |||
| 2305 | 0x3f, 0x6a, 0x7a, 0x12, 0x6d, 0xe3, 0x3a, 0x4e, 0x43, 0xa5, 0xc6, | |||
| 2306 | 0x46, 0xf9, 0x97, 0xad, 0x39, 0x75, 0x99, 0x1d, 0xcf, 0x9a, | |||
| 2307 | }, | |||
| 2308 | 32, "Sectigo 'Tiger2026h2'" }, | |||
| 2309 | { (const uint8_t[]){ | |||
| 2310 | 0x1c, 0x9f, 0x68, 0x2c, 0xe9, 0xfa, 0xf0, 0x45, 0x69, 0x50, 0xf8, | |||
| 2311 | 0x1b, 0x96, 0x8a, 0x87, 0xdd, 0xdb, 0x32, 0x10, 0xd8, 0x4c, 0xe6, | |||
| 2312 | 0xc8, 0xb2, 0xe3, 0x82, 0x52, 0x4a, 0xc4, 0xcf, 0x59, 0x9f, | |||
| 2313 | }, | |||
| 2314 | 32, "Sectigo 'Tiger2027h1'" }, | |||
| 2315 | { (const uint8_t[]){ | |||
| 2316 | 0x03, 0x80, 0x2a, 0xc2, 0x62, 0xf6, 0xe0, 0x5e, 0x03, 0xf8, 0xbc, | |||
| 2317 | 0x6f, 0x7b, 0x98, 0x51, 0x32, 0x4f, 0xd7, 0x6a, 0x3d, 0xf5, 0xb7, | |||
| 2318 | 0x59, 0x51, 0x75, 0xe2, 0x22, 0xfb, 0x8e, 0x9b, 0xd5, 0xf6, | |||
| 2319 | }, | |||
| 2320 | 32, "Sectigo 'Tiger2027h2'" }, | |||
| 2321 | { (const uint8_t[]){ | |||
| 2322 | 0xdb, 0x76, 0xfd, 0xad, 0xac, 0x65, 0xe7, 0xd0, 0x95, 0x08, 0x88, | |||
| 2323 | 0x6e, 0x21, 0x59, 0xbd, 0x8b, 0x90, 0x35, 0x2f, 0x5f, 0xea, 0xd3, | |||
| 2324 | 0xe3, 0xdc, 0x5e, 0x22, 0xeb, 0x35, 0x0a, 0xcc, 0x7b, 0x98, | |||
| 2325 | }, | |||
| 2326 | 32, "Sectigo 'Dodo' CT log" }, | |||
| 2327 | { (const uint8_t[]){ | |||
| 2328 | 0xe7, 0x12, 0xf2, 0xb0, 0x37, 0x7e, 0x1a, 0x62, 0xfb, 0x8e, 0xc9, | |||
| 2329 | 0x0c, 0x61, 0x84, 0xf1, 0xea, 0x7b, 0x37, 0xcb, 0x56, 0x1d, 0x11, | |||
| 2330 | 0x26, 0x5b, 0xf3, 0xe0, 0xf3, 0x4b, 0xf2, 0x41, 0x54, 0x6e, | |||
| 2331 | }, | |||
| 2332 | 32, "Let's Encrypt 'Oak2020' log" }, | |||
| 2333 | { (const uint8_t[]){ | |||
| 2334 | 0x94, 0x20, 0xbc, 0x1e, 0x8e, 0xd5, 0x8d, 0x6c, 0x88, 0x73, 0x1f, | |||
| 2335 | 0x82, 0x8b, 0x22, 0x2c, 0x0d, 0xd1, 0xda, 0x4d, 0x5e, 0x6c, 0x4f, | |||
| 2336 | 0x94, 0x3d, 0x61, 0xdb, 0x4e, 0x2f, 0x58, 0x4d, 0xa2, 0xc2, | |||
| 2337 | }, | |||
| 2338 | 32, "Let's Encrypt 'Oak2021' log" }, | |||
| 2339 | { (const uint8_t[]){ | |||
| 2340 | 0xdf, 0xa5, 0x5e, 0xab, 0x68, 0x82, 0x4f, 0x1f, 0x6c, 0xad, 0xee, | |||
| 2341 | 0xb8, 0x5f, 0x4e, 0x3e, 0x5a, 0xea, 0xcd, 0xa2, 0x12, 0xa4, 0x6a, | |||
| 2342 | 0x5e, 0x8e, 0x3b, 0x12, 0xc0, 0x20, 0x44, 0x5c, 0x2a, 0x73, | |||
| 2343 | }, | |||
| 2344 | 32, "Let's Encrypt 'Oak2022' log" }, | |||
| 2345 | { (const uint8_t[]){ | |||
| 2346 | 0xb7, 0x3e, 0xfb, 0x24, 0xdf, 0x9c, 0x4d, 0xba, 0x75, 0xf2, 0x39, | |||
| 2347 | 0xc5, 0xba, 0x58, 0xf4, 0x6c, 0x5d, 0xfc, 0x42, 0xcf, 0x7a, 0x9f, | |||
| 2348 | 0x35, 0xc4, 0x9e, 0x1d, 0x09, 0x81, 0x25, 0xed, 0xb4, 0x99, | |||
| 2349 | }, | |||
| 2350 | 32, "Let's Encrypt 'Oak2023' log" }, | |||
| 2351 | { (const uint8_t[]){ | |||
| 2352 | 0x3b, 0x53, 0x77, 0x75, 0x3e, 0x2d, 0xb9, 0x80, 0x4e, 0x8b, 0x30, | |||
| 2353 | 0x5b, 0x06, 0xfe, 0x40, 0x3b, 0x67, 0xd8, 0x4f, 0xc3, 0xf4, 0xc7, | |||
| 2354 | 0xbd, 0x00, 0x0d, 0x2d, 0x72, 0x6f, 0xe1, 0xfa, 0xd4, 0x17, | |||
| 2355 | }, | |||
| 2356 | 32, "Let's Encrypt 'Oak2024H1' log" }, | |||
| 2357 | { (const uint8_t[]){ | |||
| 2358 | 0x3f, 0x17, 0x4b, 0x4f, 0xd7, 0x22, 0x47, 0x58, 0x94, 0x1d, 0x65, | |||
| 2359 | 0x1c, 0x84, 0xbe, 0x0d, 0x12, 0xed, 0x90, 0x37, 0x7f, 0x1f, 0x85, | |||
| 2360 | 0x6a, 0xeb, 0xc1, 0xbf, 0x28, 0x85, 0xec, 0xf8, 0x64, 0x6e, | |||
| 2361 | }, | |||
| 2362 | 32, "Let's Encrypt 'Oak2024H2' log" }, | |||
| 2363 | { (const uint8_t[]){ | |||
| 2364 | 0xa2, 0xe3, 0x0a, 0xe4, 0x45, 0xef, 0xbd, 0xad, 0x9b, 0x7e, 0x38, | |||
| 2365 | 0xed, 0x47, 0x67, 0x77, 0x53, 0xd7, 0x82, 0x5b, 0x84, 0x94, 0xd7, | |||
| 2366 | 0x2b, 0x5e, 0x1b, 0x2c, 0xc4, 0xb9, 0x50, 0xa4, 0x47, 0xe7, | |||
| 2367 | }, | |||
| 2368 | 32, "Let's Encrypt 'Oak2025h1'" }, | |||
| 2369 | { (const uint8_t[]){ | |||
| 2370 | 0x0d, 0xe1, 0xf2, 0x30, 0x2b, 0xd3, 0x0d, 0xc1, 0x40, 0x62, 0x12, | |||
| 2371 | 0x09, 0xea, 0x55, 0x2e, 0xfc, 0x47, 0x74, 0x7c, 0xb1, 0xd7, 0xe9, | |||
| 2372 | 0x30, 0xef, 0x0e, 0x42, 0x1e, 0xb4, 0x7e, 0x4e, 0xaa, 0x34, | |||
| 2373 | }, | |||
| 2374 | 32, "Let's Encrypt 'Oak2025h2'" }, | |||
| 2375 | { (const uint8_t[]){ | |||
| 2376 | 0x19, 0x86, 0xd4, 0xc7, 0x28, 0xaa, 0x6f, 0xfe, 0xba, 0x03, 0x6f, | |||
| 2377 | 0x78, 0x2a, 0x4d, 0x01, 0x91, 0xaa, 0xce, 0x2d, 0x72, 0x31, 0x0f, | |||
| 2378 | 0xae, 0xce, 0x5d, 0x70, 0x41, 0x2d, 0x25, 0x4c, 0xc7, 0xd4, | |||
| 2379 | }, | |||
| 2380 | 32, "Let's Encrypt 'Oak2026h1'" }, | |||
| 2381 | { (const uint8_t[]){ | |||
| 2382 | 0xac, 0xab, 0x30, 0x70, 0x6c, 0xeb, 0xec, 0x84, 0x31, 0xf4, 0x13, | |||
| 2383 | 0xd2, 0xf4, 0x91, 0x5f, 0x11, 0x1e, 0x42, 0x24, 0x43, 0xb1, 0xf2, | |||
| 2384 | 0xa6, 0x8c, 0x4f, 0x3c, 0x2b, 0x3b, 0xa7, 0x1e, 0x02, 0xc3, | |||
| 2385 | }, | |||
| 2386 | 32, "Let's Encrypt 'Oak2026h2'" }, | |||
| 2387 | { (const uint8_t[]){ | |||
| 2388 | 0x65, 0x9b, 0x33, 0x50, 0xf4, 0x3b, 0x12, 0xcc, 0x5e, 0xa5, 0xab, | |||
| 2389 | 0x4e, 0xc7, 0x65, 0xd3, 0xfd, 0xe6, 0xc8, 0x82, 0x43, 0x77, 0x77, | |||
| 2390 | 0x78, 0xe7, 0x20, 0x03, 0xf9, 0xeb, 0x2b, 0x8c, 0x31, 0x29, | |||
| 2391 | }, | |||
| 2392 | 32, "Let's Encrypt 'Oak2019' log" }, | |||
| 2393 | { (const uint8_t[]){ | |||
| 2394 | 0x84, 0x9f, 0x5f, 0x7f, 0x58, 0xd2, 0xbf, 0x7b, 0x54, 0xec, 0xbd, | |||
| 2395 | 0x74, 0x61, 0x1c, 0xea, 0x45, 0xc4, 0x9c, 0x98, 0xf1, 0xd6, 0x48, | |||
| 2396 | 0x1b, 0xc6, 0xf6, 0x9e, 0x8c, 0x17, 0x4f, 0x24, 0xf3, 0xcf, | |||
| 2397 | }, | |||
| 2398 | 32, "Let's Encrypt 'Testflume2019' log" }, | |||
| 2399 | { (const uint8_t[]){ | |||
| 2400 | 0x23, 0x2d, 0x41, 0xa4, 0xcd, 0xac, 0x87, 0xce, 0xd9, 0xf9, 0x43, | |||
| 2401 | 0xf4, 0x68, 0xc2, 0x82, 0x09, 0x5a, 0xe0, 0x9d, 0x30, 0xd6, 0x2e, | |||
| 2402 | 0x2f, 0xa6, 0x5d, 0xdc, 0x3b, 0x91, 0x9c, 0x2e, 0x46, 0x8f, | |||
| 2403 | }, | |||
| 2404 | 32, "Let's Encrypt 'Sapling 2022h2' log" }, | |||
| 2405 | { (const uint8_t[]){ | |||
| 2406 | 0xc1, 0x83, 0x24, 0x0b, 0xf1, 0xa4, 0x50, 0xc7, 0x6f, 0xbb, 0x00, | |||
| 2407 | 0x72, 0x69, 0xdc, 0xac, 0x3b, 0xe2, 0x2a, 0x48, 0x05, 0xd4, 0xdb, | |||
| 2408 | 0xe0, 0x49, 0x66, 0xc3, 0xc8, 0xab, 0xc4, 0x47, 0xb0, 0x0c, | |||
| 2409 | }, | |||
| 2410 | 32, "Let's Encrypt 'Sapling 2023h1' log" }, | |||
| 2411 | { (const uint8_t[]){ | |||
| 2412 | 0xc6, 0x3f, 0x22, 0x18, 0xc3, 0x7d, 0x56, 0xa6, 0xaa, 0x06, 0xb5, | |||
| 2413 | 0x96, 0xda, 0x8e, 0x53, 0xd4, 0xd7, 0x15, 0x6d, 0x1e, 0x9b, 0xac, | |||
| 2414 | 0x8e, 0x44, 0xd2, 0x20, 0x2d, 0xe6, 0x4d, 0x69, 0xd9, 0xdc, | |||
| 2415 | }, | |||
| 2416 | 32, "Let's Encrypt 'Testflume2020' log" }, | |||
| 2417 | { (const uint8_t[]){ | |||
| 2418 | 0x03, 0xed, 0xf1, 0xda, 0x97, 0x76, 0xb6, 0xf3, 0x8c, 0x34, 0x1e, | |||
| 2419 | 0x39, 0xed, 0x9d, 0x70, 0x7a, 0x75, 0x70, 0x36, 0x9c, 0xf9, 0x84, | |||
| 2420 | 0x4f, 0x32, 0x7f, 0xe9, 0xe1, 0x41, 0x38, 0x36, 0x1b, 0x60, | |||
| 2421 | }, | |||
| 2422 | 32, "Let's Encrypt 'Testflume2021' log" }, | |||
| 2423 | { (const uint8_t[]){ | |||
| 2424 | 0x23, 0x27, 0xef, 0xda, 0x35, 0x25, 0x10, 0xdb, 0xc0, 0x19, 0xef, | |||
| 2425 | 0x49, 0x1a, 0xe3, 0xff, 0x1c, 0xc5, 0xa4, 0x79, 0xbc, 0xe3, 0x78, | |||
| 2426 | 0x78, 0x36, 0x0e, 0xe3, 0x18, 0xcf, 0xfb, 0x64, 0xf8, 0xc8, | |||
| 2427 | }, | |||
| 2428 | 32, "Let's Encrypt 'Testflume2022' log" }, | |||
| 2429 | { (const uint8_t[]){ | |||
| 2430 | 0x55, 0x34, 0xb7, 0xab, 0x5a, 0x6a, 0xc3, 0xa7, 0xcb, 0xeb, 0xa6, | |||
| 2431 | 0x54, 0x87, 0xb2, 0xa2, 0xd7, 0x1b, 0x48, 0xf6, 0x50, 0xfa, 0x17, | |||
| 2432 | 0xc5, 0x19, 0x7c, 0x97, 0xa0, 0xcb, 0x20, 0x76, 0xf3, 0xc6, | |||
| 2433 | }, | |||
| 2434 | 32, "Let's Encrypt 'Testflume2023' log" }, | |||
| 2435 | { (const uint8_t[]){ | |||
| 2436 | 0x29, 0x6a, 0xfa, 0x2d, 0x56, 0x8b, 0xca, 0x0d, 0x2e, 0xa8, 0x44, | |||
| 2437 | 0x95, 0x6a, 0xe9, 0x72, 0x1f, 0xc3, 0x5f, 0xa3, 0x55, 0xec, 0xda, | |||
| 2438 | 0x99, 0x69, 0x3a, 0xaf, 0xd4, 0x58, 0xa7, 0x1a, 0xef, 0xdd, | |||
| 2439 | }, | |||
| 2440 | 32, "Let's Encrypt 'Clicky' log" }, | |||
| 2441 | { (const uint8_t[]){ | |||
| 2442 | 0xa5, 0x95, 0x94, 0x3b, 0x53, 0x70, 0xbe, 0xe9, 0x06, 0xe0, 0x05, | |||
| 2443 | 0x0d, 0x1f, 0xb5, 0xbb, 0xc6, 0xa4, 0x0e, 0x65, 0xf2, 0x65, 0xae, | |||
| 2444 | 0x85, 0x2c, 0x76, 0x36, 0x3f, 0xad, 0xb2, 0x33, 0x36, 0xed, | |||
| 2445 | }, | |||
| 2446 | 32, "Trust Asia Log2020" }, | |||
| 2447 | { (const uint8_t[]){ | |||
| 2448 | 0xa8, 0xdc, 0x52, 0xf6, 0x3d, 0x6b, 0x24, 0x25, 0xe5, 0x31, 0xe3, | |||
| 2449 | 0x7c, 0xf4, 0xe4, 0x4a, 0x71, 0x4f, 0x14, 0x2a, 0x20, 0x80, 0x3b, | |||
| 2450 | 0x0d, 0x04, 0xd2, 0xe2, 0xee, 0x06, 0x64, 0x79, 0x4a, 0x23, | |||
| 2451 | }, | |||
| 2452 | 32, "Trust Asia CT2021" }, | |||
| 2453 | { (const uint8_t[]){ | |||
| 2454 | 0x67, 0x8d, 0xb6, 0x5b, 0x3e, 0x74, 0x43, 0xb6, 0xf3, 0xa3, 0x70, | |||
| 2455 | 0xd5, 0xe1, 0x3a, 0xb1, 0xb4, 0x3b, 0xe0, 0xa0, 0xd3, 0x51, 0xf7, | |||
| 2456 | 0xca, 0x74, 0x22, 0x50, 0xc7, 0xc6, 0xfa, 0x51, 0xa8, 0x8a, | |||
| 2457 | }, | |||
| 2458 | 32, "Trust Asia Log2021" }, | |||
| 2459 | { (const uint8_t[]){ | |||
| 2460 | 0xc3, 0x65, 0xf9, 0xb3, 0x65, 0x4f, 0x32, 0x83, 0xc7, 0x9d, 0xa9, | |||
| 2461 | 0x8e, 0x93, 0xd7, 0x41, 0x8f, 0x5b, 0xab, 0x7b, 0xe3, 0x25, 0x2c, | |||
| 2462 | 0x98, 0xe1, 0xd2, 0xf0, 0x4b, 0xb9, 0xeb, 0x42, 0x7d, 0x23, | |||
| 2463 | }, | |||
| 2464 | 32, "Trust Asia Log2022" }, | |||
| 2465 | { (const uint8_t[]){ | |||
| 2466 | 0xe8, 0x7e, 0xa7, 0x66, 0x0b, 0xc2, 0x6c, 0xf6, 0x00, 0x2e, 0xf5, | |||
| 2467 | 0x72, 0x5d, 0x3f, 0xe0, 0xe3, 0x31, 0xb9, 0x39, 0x3b, 0xb9, 0x2f, | |||
| 2468 | 0xbf, 0x58, 0xeb, 0x3b, 0x90, 0x49, 0xda, 0xf5, 0x43, 0x5a, | |||
| 2469 | }, | |||
| 2470 | 32, "Trust Asia Log2023" }, | |||
| 2471 | { (const uint8_t[]){ | |||
| 2472 | 0x30, 0x6d, 0x29, 0x57, 0x6a, 0xd2, 0x1a, 0x9d, 0x4a, 0xe1, 0x2a, | |||
| 2473 | 0xca, 0xd8, 0xaa, 0x8a, 0x78, 0x3a, 0xa6, 0x5a, 0x32, 0x11, 0x60, | |||
| 2474 | 0xac, 0xff, 0x5b, 0x0e, 0xee, 0x4c, 0xa3, 0x20, 0x1d, 0x05, | |||
| 2475 | }, | |||
| 2476 | 32, "Trust Asia Log2024" }, | |||
| 2477 | { (const uint8_t[]){ | |||
| 2478 | 0x87, 0x4f, 0xb5, 0x0d, 0xc0, 0x29, 0xd9, 0x93, 0x1d, 0xe5, 0x73, | |||
| 2479 | 0xe9, 0xf2, 0x89, 0x9e, 0x8e, 0x45, 0x33, 0xb3, 0x92, 0xd3, 0x8b, | |||
| 2480 | 0x0a, 0x46, 0x25, 0x74, 0xbf, 0x0f, 0xee, 0xb2, 0xfc, 0x1e, | |||
| 2481 | }, | |||
| 2482 | 32, "Trust Asia Log2024-2" }, | |||
| 2483 | { (const uint8_t[]){ | |||
| 2484 | 0x28, 0xe2, 0x81, 0x38, 0xfd, 0x83, 0x21, 0x45, 0xe9, 0xa9, 0xd6, | |||
| 2485 | 0xaa, 0x75, 0x37, 0x6d, 0x83, 0x77, 0xa8, 0x85, 0x12, 0xb3, 0xc0, | |||
| 2486 | 0x7f, 0x72, 0x41, 0x48, 0x21, 0xdc, 0xbd, 0xe9, 0x8c, 0x66, | |||
| 2487 | }, | |||
| 2488 | 32, "TrustAsia Log2025a" }, | |||
| 2489 | { (const uint8_t[]){ | |||
| 2490 | 0x28, 0x2c, 0x8b, 0xdd, 0x81, 0x0f, 0xf9, 0x09, 0x12, 0x0a, 0xce, | |||
| 2491 | 0x16, 0xd6, 0xe0, 0xec, 0x20, 0x1b, 0xea, 0x82, 0xa3, 0xa4, 0xaf, | |||
| 2492 | 0x19, 0xd9, 0xef, 0xfb, 0x59, 0xe8, 0x3f, 0xdc, 0x42, 0x68, | |||
| 2493 | }, | |||
| 2494 | 32, "TrustAsia Log2025b" }, | |||
| 2495 | { (const uint8_t[]){ | |||
| 2496 | 0x74, 0xdb, 0x9d, 0x58, 0xf7, 0xd4, 0x7e, 0x9d, 0xfd, 0x78, 0x7a, | |||
| 2497 | 0x16, 0x2a, 0x99, 0x1c, 0x18, 0xcf, 0x69, 0x8d, 0xa7, 0xc7, 0x29, | |||
| 2498 | 0x91, 0x8c, 0x9a, 0x18, 0xb0, 0x45, 0x0d, 0xba, 0x44, 0xbc, | |||
| 2499 | }, | |||
| 2500 | 32, "TrustAsia 'log2026a'" }, | |||
| 2501 | { (const uint8_t[]){ | |||
| 2502 | 0x25, 0xb7, 0xef, 0xde, 0xa1, 0x13, 0x01, 0x93, 0xed, 0x93, 0x07, | |||
| 2503 | 0x97, 0x70, 0xaa, 0x32, 0x2a, 0x26, 0x62, 0x0d, 0xe3, 0x5a, 0xc8, | |||
| 2504 | 0xaa, 0x7c, 0x75, 0x19, 0x7d, 0xe0, 0xb1, 0xa9, 0xe0, 0x65, | |||
| 2505 | }, | |||
| 2506 | 32, "TrustAsia 'log2026b'" }, | |||
| 2507 | { (const uint8_t[]){ | |||
| 2508 | 0x45, 0x35, 0x94, 0x98, 0xd9, 0x3a, 0x89, 0xe0, 0x28, 0x03, 0x08, | |||
| 2509 | 0xd3, 0x7d, 0x62, 0x6d, 0xc4, 0x23, 0x75, 0x47, 0x58, 0xdc, 0xe0, | |||
| 2510 | 0x37, 0x00, 0x36, 0xfb, 0xab, 0x0e, 0xdf, 0x8a, 0x6b, 0xcf, | |||
| 2511 | }, | |||
| 2512 | 32, "Trust Asia Log1" }, | |||
| 2513 | { (const uint8_t[]){ | |||
| 2514 | 0xc9, 0xcf, 0x89, 0x0a, 0x21, 0x10, 0x9c, 0x66, 0x6c, 0xc1, 0x7a, | |||
| 2515 | 0x3e, 0xd0, 0x65, 0xc9, 0x30, 0xd0, 0xe0, 0x13, 0x5a, 0x9f, 0xeb, | |||
| 2516 | 0xa8, 0x5a, 0xf1, 0x42, 0x10, 0xb8, 0x07, 0x24, 0x21, 0xaa, | |||
| 2517 | }, | |||
| 2518 | 32, "GDCA CT log #1" }, | |||
| 2519 | { (const uint8_t[]){ | |||
| 2520 | 0x92, 0x4a, 0x30, 0xf9, 0x09, 0x33, 0x6f, 0xf4, 0x35, 0xd6, 0x99, | |||
| 2521 | 0x3a, 0x10, 0xac, 0x75, 0xa2, 0xc6, 0x41, 0x72, 0x8e, 0x7f, 0xc2, | |||
| 2522 | 0xd6, 0x59, 0xae, 0x61, 0x88, 0xff, 0xad, 0x40, 0xce, 0x01, | |||
| 2523 | }, | |||
| 2524 | 32, "GDCA CT log #2" }, | |||
| 2525 | { (const uint8_t[]){ | |||
| 2526 | 0x71, 0x7e, 0xa7, 0x42, 0x09, 0x75, 0xbe, 0x84, 0xa2, 0x72, 0x35, | |||
| 2527 | 0x53, 0xf1, 0x77, 0x7c, 0x26, 0xdd, 0x51, 0xaf, 0x4e, 0x10, 0x21, | |||
| 2528 | 0x44, 0x09, 0x4d, 0x90, 0x19, 0xb4, 0x62, 0xfb, 0x66, 0x68, | |||
| 2529 | }, | |||
| 2530 | 32, "GDCA Log 1" }, | |||
| 2531 | { (const uint8_t[]){ | |||
| 2532 | 0x14, 0x30, 0x8d, 0x90, 0xcc, 0xd0, 0x30, 0x13, 0x50, 0x05, 0xc0, | |||
| 2533 | 0x1c, 0xa5, 0x26, 0xd8, 0x1e, 0x84, 0xe8, 0x76, 0x24, 0xe3, 0x9b, | |||
| 2534 | 0x62, 0x48, 0xe0, 0x8f, 0x72, 0x4a, 0xea, 0x3b, 0xb4, 0x2a, | |||
| 2535 | }, | |||
| 2536 | 32, "GDCA Log 2" }, | |||
| 2537 | { (const uint8_t[]){ | |||
| 2538 | 0xe0, 0x12, 0x76, 0x29, 0xe9, 0x04, 0x96, 0x56, 0x4e, 0x3d, 0x01, | |||
| 2539 | 0x47, 0x98, 0x44, 0x98, 0xaa, 0x48, 0xf8, 0xad, 0xb1, 0x66, 0x00, | |||
| 2540 | 0xeb, 0x79, 0x02, 0xa1, 0xef, 0x99, 0x09, 0x90, 0x62, 0x73, | |||
| 2541 | }, | |||
| 2542 | 32, "PuChuangSiDa CT log" }, | |||
| 2543 | { (const uint8_t[]){ | |||
| 2544 | 0x53, 0x7b, 0x69, 0xa3, 0x56, 0x43, 0x35, 0xa9, 0xc0, 0x49, 0x04, | |||
| 2545 | 0xe3, 0x95, 0x93, 0xb2, 0xc2, 0x98, 0xeb, 0x8d, 0x7a, 0x6e, 0x83, | |||
| 2546 | 0x02, 0x36, 0x35, 0xc6, 0x27, 0x24, 0x8c, 0xd6, 0xb4, 0x40, | |||
| 2547 | }, | |||
| 2548 | 32, "Nordu 'flimsy' log" }, | |||
| 2549 | { (const uint8_t[]){ | |||
| 2550 | 0xaa, 0xe7, 0x0b, 0x7f, 0x3c, 0xb8, 0xd5, 0x66, 0xc8, 0x6c, 0x2f, | |||
| 2551 | 0x16, 0x97, 0x9c, 0x9f, 0x44, 0x5f, 0x69, 0xab, 0x0e, 0xb4, 0x53, | |||
| 2552 | 0x55, 0x89, 0xb2, 0xf7, 0x7a, 0x03, 0x01, 0x04, 0xf3, 0xcd, | |||
| 2553 | }, | |||
| 2554 | 32, "Nordu 'plausible' log" }, | |||
| 2555 | { (const uint8_t[]){ | |||
| 2556 | 0xcf, 0x55, 0xe2, 0x89, 0x23, 0x49, 0x7c, 0x34, 0x0d, 0x52, 0x06, | |||
| 2557 | 0xd0, 0x53, 0x53, 0xae, 0xb2, 0x58, 0x34, 0xb5, 0x2f, 0x1f, 0x8d, | |||
| 2558 | 0xc9, 0x52, 0x68, 0x09, 0xf2, 0x12, 0xef, 0xdd, 0x7c, 0xa6, | |||
| 2559 | }, | |||
| 2560 | 32, "SHECA CT log 1" }, | |||
| 2561 | { (const uint8_t[]){ | |||
| 2562 | 0x32, 0xdc, 0x59, 0xc2, 0xd4, 0xc4, 0x19, 0x68, 0xd5, 0x6e, 0x14, | |||
| 2563 | 0xbc, 0x61, 0xac, 0x8f, 0x0e, 0x45, 0xdb, 0x39, 0xfa, 0xf3, 0xc1, | |||
| 2564 | 0x55, 0xaa, 0x42, 0x52, 0xf5, 0x00, 0x1f, 0xa0, 0xc6, 0x23, | |||
| 2565 | }, | |||
| 2566 | 32, "SHECA CT log 2" }, | |||
| 2567 | { (const uint8_t[]){ | |||
| 2568 | 0x96, 0x06, 0xc0, 0x2c, 0x69, 0x00, 0x33, 0xaa, 0x1d, 0x14, 0x5f, | |||
| 2569 | 0x59, 0xc6, 0xe2, 0x64, 0x8d, 0x05, 0x49, 0xf0, 0xdf, 0x96, 0xaa, | |||
| 2570 | 0xb8, 0xdb, 0x91, 0x5a, 0x70, 0xd8, 0xec, 0xf3, 0x90, 0xa5, | |||
| 2571 | }, | |||
| 2572 | 32, "Akamai CT Log" }, | |||
| 2573 | { (const uint8_t[]){ | |||
| 2574 | 0x39, 0x37, 0x6f, 0x54, 0x5f, 0x7b, 0x46, 0x07, 0xf5, 0x97, 0x42, | |||
| 2575 | 0xd7, 0x68, 0xcd, 0x5d, 0x24, 0x37, 0xbf, 0x34, 0x73, 0xb6, 0x53, | |||
| 2576 | 0x4a, 0x48, 0x34, 0xbc, 0xf7, 0x2e, 0x68, 0x1c, 0x83, 0xc9, | |||
| 2577 | }, | |||
| 2578 | 32, "Alpha CT Log" }, | |||
| 2579 | { (const uint8_t[]){ | |||
| 2580 | 0xb0, 0xb7, 0x84, 0xbc, 0x81, 0xc0, 0xdd, 0xc4, 0x75, 0x44, 0xe8, | |||
| 2581 | 0x83, 0xf0, 0x59, 0x85, 0xbb, 0x90, 0x77, 0xd1, 0x34, 0xd8, 0xab, | |||
| 2582 | 0x88, 0xb2, 0xb2, 0xe5, 0x33, 0x98, 0x0b, 0x8e, 0x50, 0x8b, | |||
| 2583 | }, | |||
| 2584 | 32, "Up In The Air 'Behind the Sofa' log" }, | |||
| 2585 | { (const uint8_t[]){ | |||
| 2586 | 0x47, 0x44, 0x47, 0x7c, 0x75, 0xde, 0x42, 0x6d, 0x5c, 0x44, 0xef, | |||
| 2587 | 0xd4, 0xa9, 0x2c, 0x96, 0x77, 0x59, 0x7f, 0x65, 0x7a, 0x8f, 0xe0, | |||
| 2588 | 0xca, 0xdb, 0xc6, 0xd6, 0x16, 0xed, 0xa4, 0x97, 0xc4, 0x25, | |||
| 2589 | }, | |||
| 2590 | 32, "Qihoo 360 2020" }, | |||
| 2591 | { (const uint8_t[]){ | |||
| 2592 | 0xc6, 0xd7, 0xed, 0x9e, 0xdb, 0x8e, 0x74, 0xf0, 0xa7, 0x1b, 0x4d, | |||
| 2593 | 0x4a, 0x98, 0x4b, 0xcb, 0xeb, 0xab, 0xbd, 0x28, 0xcc, 0x1f, 0xd7, | |||
| 2594 | 0x63, 0x29, 0xe8, 0x87, 0x26, 0xcd, 0x4c, 0x25, 0x46, 0x63, | |||
| 2595 | }, | |||
| 2596 | 32, "Qihoo 360 2021" }, | |||
| 2597 | { (const uint8_t[]){ | |||
| 2598 | 0x66, 0x3c, 0xb0, 0x9c, 0x1f, 0xcd, 0x9b, 0xaa, 0x62, 0x76, 0x3c, | |||
| 2599 | 0xcb, 0x53, 0x4e, 0xec, 0x80, 0x58, 0x12, 0x28, 0x05, 0x07, 0xac, | |||
| 2600 | 0x69, 0xa4, 0x5f, 0xcd, 0x38, 0xcf, 0x4c, 0xc7, 0x4c, 0xf1, | |||
| 2601 | }, | |||
| 2602 | 32, "Qihoo 360 2022" }, | |||
| 2603 | { (const uint8_t[]){ | |||
| 2604 | 0xe2, 0x64, 0x7f, 0x6e, 0xda, 0x34, 0x05, 0x03, 0xc6, 0x4d, 0x4e, | |||
| 2605 | 0x10, 0xa8, 0x69, 0x68, 0x1f, 0xde, 0x9c, 0x5a, 0x2c, 0xf3, 0xb3, | |||
| 2606 | 0x2d, 0x5f, 0x20, 0x0b, 0x96, 0x36, 0x05, 0x90, 0x88, 0x23, | |||
| 2607 | }, | |||
| 2608 | 32, "Qihoo 360 2023" }, | |||
| 2609 | { (const uint8_t[]){ | |||
| 2610 | 0xc5, 0xcf, 0xe5, 0x4b, 0x61, 0x51, 0xb4, 0x9b, 0x14, 0x2e, 0xd2, | |||
| 2611 | 0x63, 0xbd, 0xe7, 0x32, 0x93, 0x36, 0x37, 0x99, 0x79, 0x95, 0x50, | |||
| 2612 | 0xae, 0x44, 0x35, 0xcd, 0x1a, 0x69, 0x97, 0xc9, 0xc3, 0xc3, | |||
| 2613 | }, | |||
| 2614 | 32, "Qihoo 360 v1 2020" }, | |||
| 2615 | { (const uint8_t[]){ | |||
| 2616 | 0x48, 0x14, 0x58, 0x7c, 0xf2, 0x8b, 0x08, 0xfe, 0x68, 0x3f, 0xd2, | |||
| 2617 | 0xbc, 0xd9, 0x45, 0x99, 0x4c, 0x2e, 0xb7, 0x4c, 0x8a, 0xe8, 0xc8, | |||
| 2618 | 0x7f, 0xce, 0x42, 0x9b, 0x7c, 0xd3, 0x1d, 0x51, 0xbd, 0xc4, | |||
| 2619 | }, | |||
| 2620 | 32, "Qihoo 360 v1 2021" }, | |||
| 2621 | { (const uint8_t[]){ | |||
| 2622 | 0x49, 0x11, 0xb8, 0xd6, 0x14, 0xcf, 0xd3, 0xd9, 0x9f, 0x16, 0xd3, | |||
| 2623 | 0x76, 0x54, 0x5e, 0xe1, 0xb8, 0xcc, 0xfc, 0x51, 0x1f, 0x50, 0x9f, | |||
| 2624 | 0x08, 0x0b, 0xa0, 0xa0, 0x87, 0xd9, 0x1d, 0xfa, 0xee, 0xa9, | |||
| 2625 | }, | |||
| 2626 | 32, "Qihoo 360 v1 2022" }, | |||
| 2627 | { (const uint8_t[]){ | |||
| 2628 | 0xb6, 0x74, 0x0b, 0x12, 0x00, 0x2e, 0x03, 0x3f, 0xd0, 0xe7, 0xe9, | |||
| 2629 | 0x41, 0xf4, 0xba, 0x3e, 0xe1, 0xbf, 0xc1, 0x49, 0xb5, 0x24, 0xb4, | |||
| 2630 | 0xcf, 0x62, 0x8d, 0x53, 0xef, 0xea, 0x1f, 0x40, 0x3a, 0x8d, | |||
| 2631 | }, | |||
| 2632 | 32, "Qihoo 360 v1 2023" }, | |||
| 2633 | { (const uint8_t[]){ | |||
| 2634 | 0x2e, 0xd6, 0xa4, 0x4d, 0xeb, 0x8f, 0x0c, 0x86, 0x46, 0x67, 0x76, | |||
| 2635 | 0x9c, 0x4e, 0xdd, 0x04, 0x1f, 0x84, 0x23, 0x67, 0x55, 0xfa, 0x3a, | |||
| 2636 | 0xac, 0xa6, 0x34, 0xd0, 0x93, 0x5d, 0xfc, 0xd5, 0x9a, 0x70, | |||
| 2637 | }, | |||
| 2638 | 32, "Bogus placeholder log to unbreak misbehaving CT libraries" }, | |||
| 2639 | { (const uint8_t[]){ | |||
| 2640 | 0x39, 0xb9, 0x87, 0x88, 0x28, 0x19, 0x5f, 0x3b, 0x2d, 0x0d, 0x1b, | |||
| 2641 | 0x48, 0x14, 0xa3, 0xae, 0x8c, 0x0d, 0x01, 0xfe, 0x48, 0x62, 0x21, | |||
| 2642 | 0xdd, 0x69, 0x39, 0x7d, 0x76, 0xf7, 0x85, 0x74, 0x11, 0xc3, | |||
| 2643 | }, | |||
| 2644 | 32, "Merklemap 'CompactLog' log" }, | |||
| 2645 | { NULL((void*)0), 0, NULL((void*)0) } | |||
| 2646 | }; | |||
| 2647 | ||||
| 2648 | /* | |||
| 2649 | * Application-Layer Protocol Negotiation (ALPN) dissector tables. | |||
| 2650 | */ | |||
| 2651 | static dissector_table_t ssl_alpn_dissector_table; | |||
| 2652 | static dissector_table_t dtls_alpn_dissector_table; | |||
| 2653 | ||||
| 2654 | /* | |||
| 2655 | * Special cases for prefix matching of the ALPN, if the ALPN includes | |||
| 2656 | * a version number for a draft or protocol revision. | |||
| 2657 | */ | |||
| 2658 | typedef struct ssl_alpn_prefix_match_protocol { | |||
| 2659 | const char *proto_prefix; | |||
| 2660 | const char *dissector_name; | |||
| 2661 | } ssl_alpn_prefix_match_protocol_t; | |||
| 2662 | ||||
| 2663 | static const ssl_alpn_prefix_match_protocol_t ssl_alpn_prefix_match_protocols[] = { | |||
| 2664 | /* SPDY moves so fast, just 1, 2 and 3 are registered with IANA but there | |||
| 2665 | * already exists 3.1 as of this writing... match the prefix. */ | |||
| 2666 | { "spdy/", "spdy" }, | |||
| 2667 | /* draft-ietf-httpbis-http2-16 */ | |||
| 2668 | { "h2-", "http2" }, /* draft versions */ | |||
| 2669 | }; | |||
| 2670 | ||||
| 2671 | const value_string compress_certificate_algorithm_vals[] = { | |||
| 2672 | { 1, "zlib" }, | |||
| 2673 | { 2, "brotli" }, | |||
| 2674 | { 3, "zstd" }, | |||
| 2675 | { 0, NULL((void*)0) } | |||
| 2676 | }; | |||
| 2677 | ||||
| 2678 | ||||
| 2679 | const val64_string quic_transport_parameter_id[] = { | |||
| 2680 | { SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID0x00, "original_destination_connection_id" }, | |||
| 2681 | { SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT0x01, "max_idle_timeout" }, | |||
| 2682 | { SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN0x02, "stateless_reset_token" }, | |||
| 2683 | { SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE0x03, "max_udp_payload_size" }, | |||
| 2684 | { SSL_HND_QUIC_TP_INITIAL_MAX_DATA0x04, "initial_max_data" }, | |||
| 2685 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL0x05, "initial_max_stream_data_bidi_local" }, | |||
| 2686 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE0x06, "initial_max_stream_data_bidi_remote" }, | |||
| 2687 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI0x07, "initial_max_stream_data_uni" }, | |||
| 2688 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI0x09, "initial_max_streams_uni" }, | |||
| 2689 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI0x08, "initial_max_streams_bidi" }, | |||
| 2690 | { SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT0x0a, "ack_delay_exponent" }, | |||
| 2691 | { SSL_HND_QUIC_TP_MAX_ACK_DELAY0x0b, "max_ack_delay" }, | |||
| 2692 | { SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION0x0c, "disable_active_migration" }, | |||
| 2693 | { SSL_HND_QUIC_TP_PREFERRED_ADDRESS0x0d, "preferred_address" }, | |||
| 2694 | { SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT0x0e, "active_connection_id_limit" }, | |||
| 2695 | { SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID0x0f, "initial_source_connection_id" }, | |||
| 2696 | { SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID0x10, "retry_source_connection_id" }, | |||
| 2697 | { SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE0x20, "max_datagram_frame_size" }, | |||
| 2698 | { SSL_HND_QUIC_TP_CIBIR_ENCODING0x1000, "cibir_encoding" }, | |||
| 2699 | { SSL_HND_QUIC_TP_LOSS_BITS0x1057, "loss_bits" }, | |||
| 2700 | { SSL_HND_QUIC_TP_GREASE_QUIC_BIT0x2ab2, "grease_quic_bit" }, | |||
| 2701 | { SSL_HND_QUIC_TP_ENABLE_TIME_STAMP0x7157, "enable_time_stamp" }, | |||
| 2702 | { SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V20x7158, "enable_time_stamp_v2" }, | |||
| 2703 | { SSL_HND_QUIC_TP_VERSION_INFORMATION0x11, "version_information" }, | |||
| 2704 | { SSL_HND_QUIC_TP_VERSION_INFORMATION_DRAFT0xff73db, "version_information_draft" }, | |||
| 2705 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD0xde1a, "min_ack_delay" }, | |||
| 2706 | { SSL_HND_QUIC_TP_GOOGLE_USER_AGENT0x3129, "google_user_agent" }, | |||
| 2707 | { SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED0x312B, "google_key_update_not_yet_supported" }, | |||
| 2708 | { SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION0x4752, "google_quic_version" }, | |||
| 2709 | { SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT0x3127, "google_initial_rtt" }, | |||
| 2710 | { SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE0x312A, "google_support_handshake_done" }, | |||
| 2711 | { SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS0x4751, "google_quic_params" }, | |||
| 2712 | { SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS0x3128, "google_connection_options" }, | |||
| 2713 | { SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY0xFF00, "facebook_partial_reliability" }, | |||
| 2714 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V10xFF03DE1A, "min_ack_delay (draft-01)" }, | |||
| 2715 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT050xff04de1a, "min_ack_delay (draft-05)" }, | |||
| 2716 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY0xff04de1b, "min_ack_delay" }, | |||
| 2717 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT040x0f739bbc1b666d04, "enable_multipath (draft-04)" }, | |||
| 2718 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT050x0f739bbc1b666d05, "enable_multipath (draft-05)" }, | |||
| 2719 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH0x0f739bbc1b666d06, "enable_multipath (draft-06)" }, | |||
| 2720 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATHS0x0f739bbc1b666d07, "initial_max_paths (draft-07/08)" }, | |||
| 2721 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT090x0f739bbc1b666d09, "initial_max_path_id (draft-09/10)" }, | |||
| 2722 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT110x0f739bbc1b666d11, "initial_max_path_id (draft-11)" }, | |||
| 2723 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT120x0f739bbc1b666d0c, "initial_max_path_id (draft-12)" }, | |||
| 2724 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID0x0f739bbc1b666d0d, "initial_max_path_id" }, | |||
| 2725 | { 0, NULL((void*)0) } | |||
| 2726 | }; | |||
| 2727 | ||||
| 2728 | /* https://tools.ietf.org/html/draft-huitema-quic-ts-03 */ | |||
| 2729 | const val64_string quic_enable_time_stamp_v2_vals[] = { | |||
| 2730 | { 1, "I would like to receive TIME_STAMP frames" }, | |||
| 2731 | { 2, "I am able to generate TIME_STAMP frames" }, | |||
| 2732 | { 3, "I am able to generate TIME_STAMP frames and I would like to receive them" }, | |||
| 2733 | { 0, NULL((void*)0) } | |||
| 2734 | }; | |||
| 2735 | ||||
| 2736 | /* https://tools.ietf.org/html/draft-multipath-04 */ | |||
| 2737 | const val64_string quic_enable_multipath_vals[] = { | |||
| 2738 | { 0, "don't support multipath" }, | |||
| 2739 | { 1, "support multipath as defined in this document" }, | |||
| 2740 | { 0, NULL((void*)0) } | |||
| 2741 | }; | |||
| 2742 | ||||
| 2743 | /* https://www.ietf.org/archive/id/draft-ietf-tls-esni-16.txt */ | |||
| 2744 | const value_string tls_hello_ext_ech_clienthello_types[] = { | |||
| 2745 | { 0, "Outer Client Hello" }, | |||
| 2746 | { 1, "Inner Client Hello" }, | |||
| 2747 | { 0, NULL((void*)0) } | |||
| 2748 | }; | |||
| 2749 | ||||
| 2750 | /* RFC 9180 */ | |||
| 2751 | const value_string kem_id_type_vals[] = { | |||
| 2752 | { 0x0000, "Reserved" }, | |||
| 2753 | { 0x0010, "DHKEM(P-256, HKDF-SHA256)" }, | |||
| 2754 | { 0x0011, "DHKEM(P-384, HKDF-SHA384)" }, | |||
| 2755 | { 0x0012, "DHKEM(P-521, HKDF-SHA512)" }, | |||
| 2756 | { 0x0020, "DHKEM(X25519, HKDF-SHA256)" }, | |||
| 2757 | { 0x0021, "DHKEM(X448, HKDF-SHA512)" }, | |||
| 2758 | { 0, NULL((void*)0) } | |||
| 2759 | }; | |||
| 2760 | const value_string kdf_id_type_vals[] = { | |||
| 2761 | { 0x0000, "Reserved" }, | |||
| 2762 | { 0x0001, "HKDF-SHA256" }, | |||
| 2763 | { 0x0002, "HKDF-SHA384" }, | |||
| 2764 | { 0x0003, "HKDF-SHA512" }, | |||
| 2765 | { 0, NULL((void*)0) } | |||
| 2766 | }; | |||
| 2767 | const value_string aead_id_type_vals[] = { | |||
| 2768 | { 0x0000, "Reserved" }, | |||
| 2769 | { 0x0001, "AES-128-GCM" }, | |||
| 2770 | { 0x0002, "AES-256-GCM" }, | |||
| 2771 | { 0x0003, "ChaCha20Poly1305" }, | |||
| 2772 | { 0xFFFF, "Export-only" }, | |||
| 2773 | { 0, NULL((void*)0) } | |||
| 2774 | }; | |||
| 2775 | ||||
| 2776 | const value_string token_binding_key_parameter_vals[] = { | |||
| 2777 | { 0, "rsa2048_pkcs1.5" }, | |||
| 2778 | { 1, "rsa2048_pss" }, | |||
| 2779 | { 2, "ecdsap256" }, | |||
| 2780 | { 0, NULL((void*)0) } | |||
| 2781 | }; | |||
| 2782 | ||||
| 2783 | /* Lookup tables }}} */ | |||
| 2784 | ||||
| 2785 | void | |||
| 2786 | quic_transport_parameter_id_base_custom(char *result, uint64_t parameter_id) | |||
| 2787 | { | |||
| 2788 | const char *label; | |||
| 2789 | if (IS_GREASE_QUIC(parameter_id)((parameter_id) > 27 ? ((((parameter_id) - 27) % 31) == 0) : 0)) { | |||
| 2790 | label = "GREASE"; | |||
| 2791 | } else { | |||
| 2792 | label = val64_to_str_const(parameter_id, quic_transport_parameter_id, "Unknown"); | |||
| 2793 | } | |||
| 2794 | snprintf(result, ITEM_LABEL_LENGTH240, "%s (0x%02" PRIx64"l" "x" ")", label, parameter_id); | |||
| 2795 | } | |||
| 2796 | ||||
| 2797 | /* we keep this internal to packet-tls-utils, as there should be | |||
| 2798 | no need to access it any other way. | |||
| 2799 | ||||
| 2800 | This also allows us to hide the dependency on zlib. | |||
| 2801 | */ | |||
| 2802 | struct _SslDecompress { | |||
| 2803 | int compression; | |||
| 2804 | #ifdef USE_ZLIB_OR_ZLIBNG | |||
| 2805 | zlib_stream istream; | |||
| 2806 | #endif | |||
| 2807 | }; | |||
| 2808 | ||||
| 2809 | /* To assist in parsing client/server key exchange messages | |||
| 2810 | 0 indicates unknown */ | |||
| 2811 | int ssl_get_keyex_alg(int cipher) | |||
| 2812 | { | |||
| 2813 | /* Map Cipher suite number to Key Exchange algorithm {{{ */ | |||
| 2814 | switch(cipher) { | |||
| 2815 | case 0x0017: | |||
| 2816 | case 0x0018: | |||
| 2817 | case 0x0019: | |||
| 2818 | case 0x001a: | |||
| 2819 | case 0x001b: | |||
| 2820 | case 0x0034: | |||
| 2821 | case 0x003a: | |||
| 2822 | case 0x0046: | |||
| 2823 | case 0x006c: | |||
| 2824 | case 0x006d: | |||
| 2825 | case 0x0089: | |||
| 2826 | case 0x009b: | |||
| 2827 | case 0x00a6: | |||
| 2828 | case 0x00a7: | |||
| 2829 | case 0x00bf: | |||
| 2830 | case 0x00c5: | |||
| 2831 | case 0xc084: | |||
| 2832 | case 0xc085: | |||
| 2833 | return KEX_DH_ANON0x13; | |||
| 2834 | case 0x000b: | |||
| 2835 | case 0x000c: | |||
| 2836 | case 0x000d: | |||
| 2837 | case 0x0030: | |||
| 2838 | case 0x0036: | |||
| 2839 | case 0x003e: | |||
| 2840 | case 0x0042: | |||
| 2841 | case 0x0068: | |||
| 2842 | case 0x0085: | |||
| 2843 | case 0x0097: | |||
| 2844 | case 0x00a4: | |||
| 2845 | case 0x00a5: | |||
| 2846 | case 0x00bb: | |||
| 2847 | case 0x00c1: | |||
| 2848 | case 0xc082: | |||
| 2849 | case 0xc083: | |||
| 2850 | return KEX_DH_DSS0x14; | |||
| 2851 | case 0x000e: | |||
| 2852 | case 0x000f: | |||
| 2853 | case 0x0010: | |||
| 2854 | case 0x0031: | |||
| 2855 | case 0x0037: | |||
| 2856 | case 0x003f: | |||
| 2857 | case 0x0043: | |||
| 2858 | case 0x0069: | |||
| 2859 | case 0x0086: | |||
| 2860 | case 0x0098: | |||
| 2861 | case 0x00a0: | |||
| 2862 | case 0x00a1: | |||
| 2863 | case 0x00bc: | |||
| 2864 | case 0x00c2: | |||
| 2865 | case 0xc07e: | |||
| 2866 | case 0xc07f: | |||
| 2867 | return KEX_DH_RSA0x15; | |||
| 2868 | case 0x0011: | |||
| 2869 | case 0x0012: | |||
| 2870 | case 0x0013: | |||
| 2871 | case 0x0032: | |||
| 2872 | case 0x0038: | |||
| 2873 | case 0x0040: | |||
| 2874 | case 0x0044: | |||
| 2875 | case 0x0063: | |||
| 2876 | case 0x0065: | |||
| 2877 | case 0x0066: | |||
| 2878 | case 0x006a: | |||
| 2879 | case 0x0087: | |||
| 2880 | case 0x0099: | |||
| 2881 | case 0x00a2: | |||
| 2882 | case 0x00a3: | |||
| 2883 | case 0x00bd: | |||
| 2884 | case 0x00c3: | |||
| 2885 | case 0xc080: | |||
| 2886 | case 0xc081: | |||
| 2887 | return KEX_DHE_DSS0x10; | |||
| 2888 | case 0x002d: | |||
| 2889 | case 0x008e: | |||
| 2890 | case 0x008f: | |||
| 2891 | case 0x0090: | |||
| 2892 | case 0x0091: | |||
| 2893 | case 0x00aa: | |||
| 2894 | case 0x00ab: | |||
| 2895 | case 0x00b2: | |||
| 2896 | case 0x00b3: | |||
| 2897 | case 0x00b4: | |||
| 2898 | case 0x00b5: | |||
| 2899 | case 0xc090: | |||
| 2900 | case 0xc091: | |||
| 2901 | case 0xc096: | |||
| 2902 | case 0xc097: | |||
| 2903 | case 0xc0a6: | |||
| 2904 | case 0xc0a7: | |||
| 2905 | case 0xc0aa: | |||
| 2906 | case 0xc0ab: | |||
| 2907 | case 0xccad: | |||
| 2908 | case 0xe41c: | |||
| 2909 | case 0xe41d: | |||
| 2910 | return KEX_DHE_PSK0x11; | |||
| 2911 | case 0x0014: | |||
| 2912 | case 0x0015: | |||
| 2913 | case 0x0016: | |||
| 2914 | case 0x0033: | |||
| 2915 | case 0x0039: | |||
| 2916 | case 0x0045: | |||
| 2917 | case 0x0067: | |||
| 2918 | case 0x006b: | |||
| 2919 | case 0x0088: | |||
| 2920 | case 0x009a: | |||
| 2921 | case 0x009e: | |||
| 2922 | case 0x009f: | |||
| 2923 | case 0x00be: | |||
| 2924 | case 0x00c4: | |||
| 2925 | case 0xc07c: | |||
| 2926 | case 0xc07d: | |||
| 2927 | case 0xc09e: | |||
| 2928 | case 0xc09f: | |||
| 2929 | case 0xc0a2: | |||
| 2930 | case 0xc0a3: | |||
| 2931 | case 0xccaa: | |||
| 2932 | case 0xe41e: | |||
| 2933 | case 0xe41f: | |||
| 2934 | return KEX_DHE_RSA0x12; | |||
| 2935 | case 0xc015: | |||
| 2936 | case 0xc016: | |||
| 2937 | case 0xc017: | |||
| 2938 | case 0xc018: | |||
| 2939 | case 0xc019: | |||
| 2940 | return KEX_ECDH_ANON0x19; | |||
| 2941 | case 0xc001: | |||
| 2942 | case 0xc002: | |||
| 2943 | case 0xc003: | |||
| 2944 | case 0xc004: | |||
| 2945 | case 0xc005: | |||
| 2946 | case 0xc025: | |||
| 2947 | case 0xc026: | |||
| 2948 | case 0xc02d: | |||
| 2949 | case 0xc02e: | |||
| 2950 | case 0xc074: | |||
| 2951 | case 0xc075: | |||
| 2952 | case 0xc088: | |||
| 2953 | case 0xc089: | |||
| 2954 | return KEX_ECDH_ECDSA0x1a; | |||
| 2955 | case 0xc00b: | |||
| 2956 | case 0xc00c: | |||
| 2957 | case 0xc00d: | |||
| 2958 | case 0xc00e: | |||
| 2959 | case 0xc00f: | |||
| 2960 | case 0xc029: | |||
| 2961 | case 0xc02a: | |||
| 2962 | case 0xc031: | |||
| 2963 | case 0xc032: | |||
| 2964 | case 0xc078: | |||
| 2965 | case 0xc079: | |||
| 2966 | case 0xc08c: | |||
| 2967 | case 0xc08d: | |||
| 2968 | return KEX_ECDH_RSA0x1b; | |||
| 2969 | case 0xc006: | |||
| 2970 | case 0xc007: | |||
| 2971 | case 0xc008: | |||
| 2972 | case 0xc009: | |||
| 2973 | case 0xc00a: | |||
| 2974 | case 0xc023: | |||
| 2975 | case 0xc024: | |||
| 2976 | case 0xc02b: | |||
| 2977 | case 0xc02c: | |||
| 2978 | case 0xc072: | |||
| 2979 | case 0xc073: | |||
| 2980 | case 0xc086: | |||
| 2981 | case 0xc087: | |||
| 2982 | case 0xc0ac: | |||
| 2983 | case 0xc0ad: | |||
| 2984 | case 0xc0ae: | |||
| 2985 | case 0xc0af: | |||
| 2986 | case 0xcca9: | |||
| 2987 | case 0xe414: | |||
| 2988 | case 0xe415: | |||
| 2989 | return KEX_ECDHE_ECDSA0x16; | |||
| 2990 | case 0xc033: | |||
| 2991 | case 0xc034: | |||
| 2992 | case 0xc035: | |||
| 2993 | case 0xc036: | |||
| 2994 | case 0xc037: | |||
| 2995 | case 0xc038: | |||
| 2996 | case 0xc039: | |||
| 2997 | case 0xc03a: | |||
| 2998 | case 0xc03b: | |||
| 2999 | case 0xc09a: | |||
| 3000 | case 0xc09b: | |||
| 3001 | case 0xccac: | |||
| 3002 | case 0xe418: | |||
| 3003 | case 0xe419: | |||
| 3004 | case 0xd001: | |||
| 3005 | case 0xd002: | |||
| 3006 | case 0xd003: | |||
| 3007 | case 0xd005: | |||
| 3008 | return KEX_ECDHE_PSK0x17; | |||
| 3009 | case 0xc010: | |||
| 3010 | case 0xc011: | |||
| 3011 | case 0xc012: | |||
| 3012 | case 0xc013: | |||
| 3013 | case 0xc014: | |||
| 3014 | case 0xc027: | |||
| 3015 | case 0xc028: | |||
| 3016 | case 0xc02f: | |||
| 3017 | case 0xc030: | |||
| 3018 | case 0xc076: | |||
| 3019 | case 0xc077: | |||
| 3020 | case 0xc08a: | |||
| 3021 | case 0xc08b: | |||
| 3022 | case 0xcca8: | |||
| 3023 | case 0xe412: | |||
| 3024 | case 0xe413: | |||
| 3025 | return KEX_ECDHE_RSA0x18; | |||
| 3026 | case 0x001e: | |||
| 3027 | case 0x001f: | |||
| 3028 | case 0x0020: | |||
| 3029 | case 0x0021: | |||
| 3030 | case 0x0022: | |||
| 3031 | case 0x0023: | |||
| 3032 | case 0x0024: | |||
| 3033 | case 0x0025: | |||
| 3034 | case 0x0026: | |||
| 3035 | case 0x0027: | |||
| 3036 | case 0x0028: | |||
| 3037 | case 0x0029: | |||
| 3038 | case 0x002a: | |||
| 3039 | case 0x002b: | |||
| 3040 | return KEX_KRB50x1c; | |||
| 3041 | case 0x002c: | |||
| 3042 | case 0x008a: | |||
| 3043 | case 0x008b: | |||
| 3044 | case 0x008c: | |||
| 3045 | case 0x008d: | |||
| 3046 | case 0x00a8: | |||
| 3047 | case 0x00a9: | |||
| 3048 | case 0x00ae: | |||
| 3049 | case 0x00af: | |||
| 3050 | case 0x00b0: | |||
| 3051 | case 0x00b1: | |||
| 3052 | case 0xc064: | |||
| 3053 | case 0xc065: | |||
| 3054 | case 0xc08e: | |||
| 3055 | case 0xc08f: | |||
| 3056 | case 0xc094: | |||
| 3057 | case 0xc095: | |||
| 3058 | case 0xc0a4: | |||
| 3059 | case 0xc0a5: | |||
| 3060 | case 0xc0a8: | |||
| 3061 | case 0xc0a9: | |||
| 3062 | case 0xccab: | |||
| 3063 | case 0xe416: | |||
| 3064 | case 0xe417: | |||
| 3065 | return KEX_PSK0x1d; | |||
| 3066 | case 0x0001: | |||
| 3067 | case 0x0002: | |||
| 3068 | case 0x0003: | |||
| 3069 | case 0x0004: | |||
| 3070 | case 0x0005: | |||
| 3071 | case 0x0006: | |||
| 3072 | case 0x0007: | |||
| 3073 | case 0x0008: | |||
| 3074 | case 0x0009: | |||
| 3075 | case 0x000a: | |||
| 3076 | case 0x002f: | |||
| 3077 | case 0x0035: | |||
| 3078 | case 0x003b: | |||
| 3079 | case 0x003c: | |||
| 3080 | case 0x003d: | |||
| 3081 | case 0x0041: | |||
| 3082 | case 0x0060: | |||
| 3083 | case 0x0061: | |||
| 3084 | case 0x0062: | |||
| 3085 | case 0x0064: | |||
| 3086 | case 0x0084: | |||
| 3087 | case 0x0096: | |||
| 3088 | case 0x009c: | |||
| 3089 | case 0x009d: | |||
| 3090 | case 0x00ba: | |||
| 3091 | case 0x00c0: | |||
| 3092 | case 0xc07a: | |||
| 3093 | case 0xc07b: | |||
| 3094 | case 0xc09c: | |||
| 3095 | case 0xc09d: | |||
| 3096 | case 0xc0a0: | |||
| 3097 | case 0xc0a1: | |||
| 3098 | case 0xe410: | |||
| 3099 | case 0xe411: | |||
| 3100 | case 0xfefe: | |||
| 3101 | case 0xfeff: | |||
| 3102 | case 0xffe0: | |||
| 3103 | case 0xffe1: | |||
| 3104 | return KEX_RSA0x1e; | |||
| 3105 | case 0x002e: | |||
| 3106 | case 0x0092: | |||
| 3107 | case 0x0093: | |||
| 3108 | case 0x0094: | |||
| 3109 | case 0x0095: | |||
| 3110 | case 0x00ac: | |||
| 3111 | case 0x00ad: | |||
| 3112 | case 0x00b6: | |||
| 3113 | case 0x00b7: | |||
| 3114 | case 0x00b8: | |||
| 3115 | case 0x00b9: | |||
| 3116 | case 0xc092: | |||
| 3117 | case 0xc093: | |||
| 3118 | case 0xc098: | |||
| 3119 | case 0xc099: | |||
| 3120 | case 0xccae: | |||
| 3121 | case 0xe41a: | |||
| 3122 | case 0xe41b: | |||
| 3123 | return KEX_RSA_PSK0x1f; | |||
| 3124 | case 0xc01a: | |||
| 3125 | case 0xc01d: | |||
| 3126 | case 0xc020: | |||
| 3127 | return KEX_SRP_SHA0x20; | |||
| 3128 | case 0xc01c: | |||
| 3129 | case 0xc01f: | |||
| 3130 | case 0xc022: | |||
| 3131 | return KEX_SRP_SHA_DSS0x21; | |||
| 3132 | case 0xc01b: | |||
| 3133 | case 0xc01e: | |||
| 3134 | case 0xc021: | |||
| 3135 | return KEX_SRP_SHA_RSA0x22; | |||
| 3136 | case 0xc0ff: | |||
| 3137 | return KEX_ECJPAKE0x24; | |||
| 3138 | case 0xe003: | |||
| 3139 | case 0xe013: | |||
| 3140 | case 0xe053: | |||
| 3141 | return KEX_ECC_SM20x26; | |||
| 3142 | default: | |||
| 3143 | break; | |||
| 3144 | } | |||
| 3145 | ||||
| 3146 | return 0; | |||
| 3147 | /* }}} */ | |||
| 3148 | } | |||
| 3149 | ||||
| 3150 | static wmem_list_t *connection_id_session_list; | |||
| 3151 | ||||
| 3152 | void | |||
| 3153 | ssl_init_cid_list(void) { | |||
| 3154 | connection_id_session_list = wmem_list_new(wmem_file_scope()); | |||
| 3155 | } | |||
| 3156 | ||||
| 3157 | void | |||
| 3158 | ssl_cleanup_cid_list(void) { | |||
| 3159 | wmem_destroy_list(connection_id_session_list); | |||
| 3160 | } | |||
| 3161 | ||||
| 3162 | void | |||
| 3163 | ssl_add_session_by_cid(SslDecryptSession *session) | |||
| 3164 | { | |||
| 3165 | wmem_list_append(connection_id_session_list, session); | |||
| 3166 | } | |||
| 3167 | ||||
| 3168 | SslDecryptSession * | |||
| 3169 | ssl_get_session_by_cid(tvbuff_t *tvb, uint32_t offset) | |||
| 3170 | { | |||
| 3171 | SslDecryptSession * ssl_cid = NULL((void*)0); | |||
| 3172 | wmem_list_frame_t *it = wmem_list_head(connection_id_session_list); | |||
| 3173 | ||||
| 3174 | while (it != NULL((void*)0) && ssl_cid == NULL((void*)0)) { | |||
| 3175 | SslDecryptSession * ssl = (SslDecryptSession *)wmem_list_frame_data(it); | |||
| 3176 | DISSECTOR_ASSERT(ssl != NULL)((void) ((ssl != ((void*)0)) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 3176, "ssl != ((void*)0)")))); | |||
| 3177 | SslSession *session = &ssl->session; | |||
| 3178 | ||||
| 3179 | if (session->client_cid_len > 0 && tvb_bytes_exist(tvb, offset, session->client_cid_len)) { | |||
| 3180 | if (tvb_memeql(tvb, offset, session->client_cid, session->client_cid_len) == 0) { | |||
| 3181 | ssl_cid = ssl; | |||
| 3182 | } | |||
| 3183 | } | |||
| 3184 | ||||
| 3185 | if (session->server_cid_len > 0) { | |||
| 3186 | if (tvb_memeql(tvb, offset, session->server_cid, session->server_cid_len) == 0) { | |||
| 3187 | ssl_cid = ssl; | |||
| 3188 | } | |||
| 3189 | } | |||
| 3190 | ||||
| 3191 | it = wmem_list_frame_next(it); | |||
| 3192 | } | |||
| 3193 | ||||
| 3194 | return ssl_cid; | |||
| 3195 | } | |||
| 3196 | ||||
| 3197 | /* StringInfo structure (len + data) functions {{{ */ | |||
| 3198 | ||||
| 3199 | int | |||
| 3200 | ssl_data_alloc(StringInfo* str, size_t len) | |||
| 3201 | { | |||
| 3202 | str->data = (unsigned char *)g_malloc(len); | |||
| 3203 | /* the allocator can return a null pointer for a size equal to 0, | |||
| 3204 | * and that must be allowed */ | |||
| 3205 | if (len
| |||
| 3206 | return -1; | |||
| 3207 | str->data_len = (unsigned) len; | |||
| 3208 | return 0; | |||
| 3209 | } | |||
| 3210 | ||||
| 3211 | void | |||
| 3212 | ssl_data_set(StringInfo* str, const unsigned char* data, unsigned len) | |||
| 3213 | { | |||
| 3214 | DISSECTOR_ASSERT(data)((void) ((data) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 3214, "data")))); | |||
| 3215 | memcpy(str->data, data, len); | |||
| 3216 | str->data_len = len; | |||
| 3217 | } | |||
| 3218 | ||||
| 3219 | static int | |||
| 3220 | ssl_data_realloc(StringInfo* str, unsigned len) | |||
| 3221 | { | |||
| 3222 | str->data = (unsigned char *)g_realloc(str->data, len); | |||
| 3223 | if (!str->data) | |||
| 3224 | return -1; | |||
| 3225 | str->data_len = len; | |||
| 3226 | return 0; | |||
| 3227 | } | |||
| 3228 | ||||
| 3229 | static StringInfo * | |||
| 3230 | ssl_data_clone(StringInfo *str) | |||
| 3231 | { | |||
| 3232 | StringInfo *cloned_str; | |||
| 3233 | cloned_str = (StringInfo *) wmem_alloc0(wmem_file_scope(), | |||
| 3234 | sizeof(StringInfo) + str->data_len); | |||
| 3235 | cloned_str->data = (unsigned char *) (cloned_str + 1); | |||
| 3236 | ssl_data_set(cloned_str, str->data, str->data_len); | |||
| 3237 | return cloned_str; | |||
| 3238 | } | |||
| 3239 | ||||
| 3240 | static int | |||
| 3241 | ssl_data_copy(StringInfo* dst, StringInfo* src) | |||
| 3242 | { | |||
| 3243 | if (dst->data_len < src->data_len) { | |||
| 3244 | if (ssl_data_realloc(dst, src->data_len)) | |||
| 3245 | return -1; | |||
| 3246 | } | |||
| 3247 | memcpy(dst->data, src->data, src->data_len); | |||
| 3248 | dst->data_len = src->data_len; | |||
| 3249 | return 0; | |||
| 3250 | } | |||
| 3251 | ||||
| 3252 | /* from_hex converts |hex_len| bytes of hex data from |in| and sets |*out| to | |||
| 3253 | * the result. |out->data| will be allocated using wmem_file_scope. Returns true on | |||
| 3254 | * success. */ | |||
| 3255 | static bool_Bool from_hex(StringInfo* out, const char* in, size_t hex_len) { | |||
| 3256 | size_t i; | |||
| 3257 | ||||
| 3258 | if (hex_len & 1) | |||
| 3259 | return false0; | |||
| 3260 | ||||
| 3261 | out->data = (unsigned char *)wmem_alloc(wmem_file_scope(), hex_len / 2); | |||
| 3262 | for (i = 0; i < hex_len / 2; i++) { | |||
| 3263 | int a = ws_xton(in[i*2]); | |||
| 3264 | int b = ws_xton(in[i*2 + 1]); | |||
| 3265 | if (a == -1 || b == -1) | |||
| 3266 | return false0; | |||
| 3267 | out->data[i] = a << 4 | b; | |||
| 3268 | } | |||
| 3269 | out->data_len = (unsigned)hex_len / 2; | |||
| 3270 | return true1; | |||
| 3271 | } | |||
| 3272 | /* StringInfo structure (len + data) functions }}} */ | |||
| 3273 | ||||
| 3274 | ||||
| 3275 | /* libgcrypt wrappers for HMAC/message digest operations {{{ */ | |||
| 3276 | /* hmac abstraction layer */ | |||
| 3277 | #define SSL_HMACgcry_md_hd_t gcry_md_hd_t | |||
| 3278 | ||||
| 3279 | static inline int | |||
| 3280 | ssl_hmac_init(SSL_HMACgcry_md_hd_t* md, int algo) | |||
| 3281 | { | |||
| 3282 | gcry_error_t err; | |||
| 3283 | const char *err_str, *err_src; | |||
| 3284 | ||||
| 3285 | err = gcry_md_open(md,algo, GCRY_MD_FLAG_HMAC); | |||
| 3286 | if (err != 0) { | |||
| 3287 | err_str = gcry_strerror(err); | |||
| 3288 | err_src = gcry_strsource(err); | |||
| 3289 | ssl_debug_printf("ssl_hmac_init(): gcry_md_open failed %s/%s", err_str, err_src); | |||
| 3290 | return -1; | |||
| 3291 | } | |||
| 3292 | return 0; | |||
| 3293 | } | |||
| 3294 | ||||
| 3295 | static inline int | |||
| 3296 | ssl_hmac_setkey(SSL_HMACgcry_md_hd_t* md, const void * key, int len) | |||
| 3297 | { | |||
| 3298 | gcry_error_t err; | |||
| 3299 | const char *err_str, *err_src; | |||
| 3300 | ||||
| 3301 | err = gcry_md_setkey (*(md), key, len); | |||
| 3302 | if (err != 0) { | |||
| 3303 | err_str = gcry_strerror(err); | |||
| 3304 | err_src = gcry_strsource(err); | |||
| 3305 | ssl_debug_printf("ssl_hmac_setkey(): gcry_md_setkey failed %s/%s", err_str, err_src); | |||
| 3306 | return -1; | |||
| 3307 | } | |||
| 3308 | return 0; | |||
| 3309 | } | |||
| 3310 | ||||
| 3311 | static inline int | |||
| 3312 | ssl_hmac_reset(SSL_HMACgcry_md_hd_t* md) | |||
| 3313 | { | |||
| 3314 | gcry_md_reset(*md); | |||
| 3315 | return 0; | |||
| 3316 | } | |||
| 3317 | ||||
| 3318 | static inline void | |||
| 3319 | ssl_hmac_update(SSL_HMACgcry_md_hd_t* md, const void* data, int len) | |||
| 3320 | { | |||
| 3321 | gcry_md_write(*(md), data, len); | |||
| 3322 | } | |||
| 3323 | static inline void | |||
| 3324 | ssl_hmac_final(SSL_HMACgcry_md_hd_t* md, unsigned char* data, unsigned* datalen) | |||
| 3325 | { | |||
| 3326 | int algo; | |||
| 3327 | unsigned len; | |||
| 3328 | ||||
| 3329 | algo = gcry_md_get_algo (*(md)); | |||
| 3330 | len = gcry_md_get_algo_dlen(algo); | |||
| 3331 | DISSECTOR_ASSERT(len <= *datalen)((void) ((len <= *datalen) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 3331, "len <= *datalen")))); | |||
| 3332 | memcpy(data, gcry_md_read(*(md), algo), len); | |||
| 3333 | *datalen = len; | |||
| 3334 | } | |||
| 3335 | static inline void | |||
| 3336 | ssl_hmac_cleanup(SSL_HMACgcry_md_hd_t* md) | |||
| 3337 | { | |||
| 3338 | gcry_md_close(*(md)); | |||
| 3339 | } | |||
| 3340 | ||||
| 3341 | /* message digest abstraction layer*/ | |||
| 3342 | #define SSL_MDgcry_md_hd_t gcry_md_hd_t | |||
| 3343 | ||||
| 3344 | static inline int | |||
| 3345 | ssl_md_init(SSL_MDgcry_md_hd_t* md, int algo) | |||
| 3346 | { | |||
| 3347 | gcry_error_t err; | |||
| 3348 | const char *err_str, *err_src; | |||
| 3349 | err = gcry_md_open(md,algo, 0); | |||
| 3350 | if (err != 0) { | |||
| 3351 | err_str = gcry_strerror(err); | |||
| 3352 | err_src = gcry_strsource(err); | |||
| 3353 | ssl_debug_printf("ssl_md_init(): gcry_md_open failed %s/%s", err_str, err_src); | |||
| 3354 | return -1; | |||
| 3355 | } | |||
| 3356 | return 0; | |||
| 3357 | } | |||
| 3358 | static inline void | |||
| 3359 | ssl_md_update(SSL_MDgcry_md_hd_t* md, unsigned char* data, int len) | |||
| 3360 | { | |||
| 3361 | gcry_md_write(*(md), data, len); | |||
| 3362 | } | |||
| 3363 | static inline void | |||
| 3364 | ssl_md_final(SSL_MDgcry_md_hd_t* md, unsigned char* data, unsigned* datalen) | |||
| 3365 | { | |||
| 3366 | int algo; | |||
| 3367 | int len; | |||
| 3368 | algo = gcry_md_get_algo (*(md)); | |||
| 3369 | len = gcry_md_get_algo_dlen (algo); | |||
| 3370 | memcpy(data, gcry_md_read(*(md), algo), len); | |||
| 3371 | *datalen = len; | |||
| 3372 | } | |||
| 3373 | static inline void | |||
| 3374 | ssl_md_cleanup(SSL_MDgcry_md_hd_t* md) | |||
| 3375 | { | |||
| 3376 | gcry_md_close(*(md)); | |||
| 3377 | } | |||
| 3378 | ||||
| 3379 | static inline void | |||
| 3380 | ssl_md_reset(SSL_MDgcry_md_hd_t* md) | |||
| 3381 | { | |||
| 3382 | gcry_md_reset(*md); | |||
| 3383 | } | |||
| 3384 | ||||
| 3385 | /* md5 /sha abstraction layer */ | |||
| 3386 | #define SSL_SHA_CTXgcry_md_hd_t gcry_md_hd_t | |||
| 3387 | #define SSL_MD5_CTXgcry_md_hd_t gcry_md_hd_t | |||
| 3388 | ||||
| 3389 | static inline int | |||
| 3390 | ssl_sha_init(SSL_SHA_CTXgcry_md_hd_t* md) | |||
| 3391 | { | |||
| 3392 | gcry_error_t err; | |||
| 3393 | const char *err_str, *err_src; | |||
| 3394 | err = gcry_md_open(md, GCRY_MD_SHA1, 0); | |||
| 3395 | if (err != 0) { | |||
| 3396 | err_str = gcry_strerror(err); | |||
| 3397 | err_src = gcry_strsource(err); | |||
| 3398 | ssl_debug_printf("ssl_sha_init(): gcry_md_open failed %s/%s", err_str, err_src); | |||
| 3399 | return -1; | |||
| 3400 | } | |||
| 3401 | return 0; | |||
| 3402 | } | |||
| 3403 | static inline void | |||
| 3404 | ssl_sha_update(SSL_SHA_CTXgcry_md_hd_t* md, unsigned char* data, int len) | |||
| 3405 | { | |||
| 3406 | gcry_md_write(*(md), data, len); | |||
| 3407 | } | |||
| 3408 | static inline void | |||
| 3409 | ssl_sha_final(unsigned char* buf, SSL_SHA_CTXgcry_md_hd_t* md) | |||
| 3410 | { | |||
| 3411 | memcpy(buf, gcry_md_read(*(md), GCRY_MD_SHA1), | |||
| 3412 | gcry_md_get_algo_dlen(GCRY_MD_SHA1)); | |||
| 3413 | } | |||
| 3414 | ||||
| 3415 | static inline void | |||
| 3416 | ssl_sha_reset(SSL_SHA_CTXgcry_md_hd_t* md) | |||
| 3417 | { | |||
| 3418 | gcry_md_reset(*md); | |||
| 3419 | } | |||
| 3420 | ||||
| 3421 | static inline void | |||
| 3422 | ssl_sha_cleanup(SSL_SHA_CTXgcry_md_hd_t* md) | |||
| 3423 | { | |||
| 3424 | gcry_md_close(*(md)); | |||
| 3425 | } | |||
| 3426 | ||||
| 3427 | static inline int | |||
| 3428 | ssl_md5_init(SSL_MD5_CTXgcry_md_hd_t* md) | |||
| 3429 | { | |||
| 3430 | gcry_error_t err; | |||
| 3431 | const char *err_str, *err_src; | |||
| 3432 | err = gcry_md_open(md,GCRY_MD_MD5, 0); | |||
| 3433 | if (err != 0) { | |||
| 3434 | err_str = gcry_strerror(err); | |||
| 3435 | err_src = gcry_strsource(err); | |||
| 3436 | ssl_debug_printf("ssl_md5_init(): gcry_md_open failed %s/%s", err_str, err_src); | |||
| 3437 | return -1; | |||
| 3438 | } | |||
| 3439 | return 0; | |||
| 3440 | } | |||
| 3441 | static inline void | |||
| 3442 | ssl_md5_update(SSL_MD5_CTXgcry_md_hd_t* md, unsigned char* data, int len) | |||
| 3443 | { | |||
| 3444 | gcry_md_write(*(md), data, len); | |||
| 3445 | } | |||
| 3446 | static inline void | |||
| 3447 | ssl_md5_final(unsigned char* buf, SSL_MD5_CTXgcry_md_hd_t* md) | |||
| 3448 | { | |||
| 3449 | memcpy(buf, gcry_md_read(*(md), GCRY_MD_MD5), | |||
| 3450 | gcry_md_get_algo_dlen(GCRY_MD_MD5)); | |||
| 3451 | } | |||
| 3452 | ||||
| 3453 | static inline void | |||
| 3454 | ssl_md5_reset(SSL_MD5_CTXgcry_md_hd_t* md) | |||
| 3455 | { | |||
| 3456 | gcry_md_reset(*md); | |||
| 3457 | } | |||
| 3458 | ||||
| 3459 | static inline void | |||
| 3460 | ssl_md5_cleanup(SSL_MD5_CTXgcry_md_hd_t* md) | |||
| 3461 | { | |||
| 3462 | gcry_md_close(*(md)); | |||
| 3463 | } | |||
| 3464 | /* libgcrypt wrappers for HMAC/message digest operations }}} */ | |||
| 3465 | ||||
| 3466 | /* libgcrypt wrappers for Cipher state manipulation {{{ */ | |||
| 3467 | int | |||
| 3468 | ssl_cipher_setiv(SSL_CIPHER_CTXgcry_cipher_hd_t *cipher, unsigned char* iv, int iv_len) | |||
| 3469 | { | |||
| 3470 | int ret; | |||
| 3471 | #if 0 | |||
| 3472 | unsigned char *ivp; | |||
| 3473 | int i; | |||
| 3474 | gcry_cipher_hd_t c; | |||
| 3475 | c=(gcry_cipher_hd_t)*cipher; | |||
| 3476 | #endif | |||
| 3477 | ssl_debug_printf("--------------------------------------------------------------------"); | |||
| 3478 | #if 0 | |||
| 3479 | for(ivp=c->iv,i=0; i < iv_len; i++ ) | |||
| 3480 | { | |||
| 3481 | ssl_debug_printf("%d ",ivp[i]); | |||
| 3482 | i++; | |||
| 3483 | } | |||
| 3484 | #endif | |||
| 3485 | ssl_debug_printf("--------------------------------------------------------------------"); | |||
| 3486 | ret = gcry_cipher_setiv(*(cipher), iv, iv_len); | |||
| 3487 | #if 0 | |||
| 3488 | for(ivp=c->iv,i=0; i < iv_len; i++ ) | |||
| 3489 | { | |||
| 3490 | ssl_debug_printf("%d ",ivp[i]); | |||
| 3491 | i++; | |||
| 3492 | } | |||
| 3493 | #endif | |||
| 3494 | ssl_debug_printf("--------------------------------------------------------------------"); | |||
| 3495 | return ret; | |||
| 3496 | } | |||
| 3497 | /* stream cipher abstraction layer*/ | |||
| 3498 | static int | |||
| 3499 | ssl_cipher_init(gcry_cipher_hd_t *cipher, int algo, unsigned char* sk, | |||
| 3500 | unsigned char* iv, int mode) | |||
| 3501 | { | |||
| 3502 | int gcry_modes[] = { | |||
| 3503 | GCRY_CIPHER_MODE_STREAM, | |||
| 3504 | GCRY_CIPHER_MODE_CBC, | |||
| 3505 | GCRY_CIPHER_MODE_GCM, | |||
| 3506 | GCRY_CIPHER_MODE_CCM, | |||
| 3507 | GCRY_CIPHER_MODE_CCM, | |||
| 3508 | GCRY_CIPHER_MODE_POLY1305, | |||
| 3509 | GCRY_CIPHER_MODE_ECB, /* used for DTLSv1.3 seq number encryption */ | |||
| 3510 | }; | |||
| 3511 | int err; | |||
| 3512 | if (algo == -1) { | |||
| 3513 | /* NULL mode */ | |||
| 3514 | *(cipher) = (gcry_cipher_hd_t)-1; | |||
| 3515 | return 0; | |||
| 3516 | } | |||
| 3517 | err = gcry_cipher_open(cipher, algo, gcry_modes[mode], 0); | |||
| 3518 | if (err !=0) | |||
| 3519 | return -1; | |||
| 3520 | err = gcry_cipher_setkey(*(cipher), sk, gcry_cipher_get_algo_keylen (algo)); | |||
| 3521 | if (err != 0) | |||
| 3522 | return -1; | |||
| 3523 | /* AEAD cipher suites will set the nonce later. */ | |||
| 3524 | if (mode == MODE_CBC) { | |||
| 3525 | err = gcry_cipher_setiv(*(cipher), iv, gcry_cipher_get_algo_blklen(algo)); | |||
| 3526 | if (err != 0) | |||
| 3527 | return -1; | |||
| 3528 | } | |||
| 3529 | return 0; | |||
| 3530 | } | |||
| 3531 | static inline int | |||
| 3532 | ssl_cipher_decrypt(gcry_cipher_hd_t *cipher, unsigned char * out, int outl, | |||
| 3533 | const unsigned char * in, int inl) | |||
| 3534 | { | |||
| 3535 | if ((*cipher) == (gcry_cipher_hd_t)-1) | |||
| 3536 | { | |||
| 3537 | if (in && inl) | |||
| 3538 | memcpy(out, in, outl < inl ? outl : inl); | |||
| 3539 | return 0; | |||
| 3540 | } | |||
| 3541 | return gcry_cipher_decrypt ( *(cipher), out, outl, in, inl); | |||
| 3542 | } | |||
| 3543 | static inline int | |||
| 3544 | ssl_get_digest_by_name(const char*name) | |||
| 3545 | { | |||
| 3546 | return gcry_md_map_name(name); | |||
| 3547 | } | |||
| 3548 | static inline int | |||
| 3549 | ssl_get_cipher_by_name(const char* name) | |||
| 3550 | { | |||
| 3551 | return gcry_cipher_map_name(name); | |||
| 3552 | } | |||
| 3553 | ||||
| 3554 | static inline void | |||
| 3555 | ssl_cipher_cleanup(gcry_cipher_hd_t *cipher) | |||
| 3556 | { | |||
| 3557 | if ((*cipher) != (gcry_cipher_hd_t)-1) | |||
| 3558 | gcry_cipher_close(*cipher); | |||
| 3559 | *cipher = NULL((void*)0); | |||
| 3560 | } | |||
| 3561 | /* }}} */ | |||
| 3562 | ||||
| 3563 | /* Digests, Ciphers and Cipher Suites registry {{{ */ | |||
| 3564 | static const SslDigestAlgo digests[]={ | |||
| 3565 | {"MD5", 16}, | |||
| 3566 | {"SHA1", 20}, | |||
| 3567 | {"SHA256", 32}, | |||
| 3568 | {"SHA384", 48}, | |||
| 3569 | {"SM3", 32}, | |||
| 3570 | {"Not Applicable", 0}, | |||
| 3571 | }; | |||
| 3572 | ||||
| 3573 | #define DIGEST_MAX_SIZE48 48 | |||
| 3574 | ||||
| 3575 | /* get index digest index */ | |||
| 3576 | static const SslDigestAlgo * | |||
| 3577 | ssl_cipher_suite_dig(const SslCipherSuite *cs) { | |||
| 3578 | if (!cs || cs->dig < DIG_MD50x40 || cs->dig > DIG_NA0x45) { | |||
| 3579 | return &digests[DIG_NA0x45 - DIG_MD50x40]; | |||
| 3580 | } | |||
| 3581 | return &digests[cs->dig - DIG_MD50x40]; | |||
| 3582 | } | |||
| 3583 | ||||
| 3584 | static const char *ciphers[]={ | |||
| 3585 | "DES", | |||
| 3586 | "3DES", | |||
| 3587 | "ARCFOUR", /* libgcrypt does not support rc4, but this should be 100% compatible*/ | |||
| 3588 | "RFC2268_128", /* libgcrypt name for RC2 with a 128-bit key */ | |||
| 3589 | "IDEA", | |||
| 3590 | "AES", | |||
| 3591 | "AES256", | |||
| 3592 | "CAMELLIA128", | |||
| 3593 | "CAMELLIA256", | |||
| 3594 | "SEED", | |||
| 3595 | "CHACHA20", /* since Libgcrypt 1.7.0 */ | |||
| 3596 | "SM1", | |||
| 3597 | "SM4", | |||
| 3598 | "*UNKNOWN*" | |||
| 3599 | }; | |||
| 3600 | ||||
| 3601 | static const SslCipherSuite cipher_suites[]={ | |||
| 3602 | {0x0001,KEX_RSA0x1e, ENC_NULL0x3D, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_WITH_NULL_MD5 */ | |||
| 3603 | {0x0002,KEX_RSA0x1e, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA */ | |||
| 3604 | {0x0003,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ | |||
| 3605 | {0x0004,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_MD5 */ | |||
| 3606 | {0x0005,KEX_RSA0x1e, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_SHA */ | |||
| 3607 | {0x0006,KEX_RSA0x1e, ENC_RC20x33, DIG_MD50x40, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ | |||
| 3608 | {0x0007,KEX_RSA0x1e, ENC_IDEA0x34, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_IDEA_CBC_SHA */ | |||
| 3609 | {0x0008,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3610 | {0x0009,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_DES_CBC_SHA */ | |||
| 3611 | {0x000A,KEX_RSA0x1e, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
| 3612 | {0x000B,KEX_DH_DSS0x14, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3613 | {0x000C,KEX_DH_DSS0x14, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_DES_CBC_SHA */ | |||
| 3614 | {0x000D,KEX_DH_DSS0x14, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */ | |||
| 3615 | {0x000E,KEX_DH_RSA0x15, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3616 | {0x000F,KEX_DH_RSA0x15, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_DES_CBC_SHA */ | |||
| 3617 | {0x0010,KEX_DH_RSA0x15, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
| 3618 | {0x0011,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3619 | {0x0012,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */ | |||
| 3620 | {0x0013,KEX_DHE_DSS0x10, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */ | |||
| 3621 | {0x0014,KEX_DHE_RSA0x12, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3622 | {0x0015,KEX_DHE_RSA0x12, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */ | |||
| 3623 | {0x0016,KEX_DHE_RSA0x12, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
| 3624 | {0x0017,KEX_DH_ANON0x13, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ | |||
| 3625 | {0x0018,KEX_DH_ANON0x13, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_DH_anon_WITH_RC4_128_MD5 */ | |||
| 3626 | {0x0019,KEX_DH_ANON0x13, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3627 | {0x001A,KEX_DH_ANON0x13, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_DES_CBC_SHA */ | |||
| 3628 | {0x001B,KEX_DH_ANON0x13, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */ | |||
| 3629 | {0x002C,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA */ | |||
| 3630 | {0x002D,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA */ | |||
| 3631 | {0x002E,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA */ | |||
| 3632 | {0x002F,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA */ | |||
| 3633 | {0x0030,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */ | |||
| 3634 | {0x0031,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */ | |||
| 3635 | {0x0032,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */ | |||
| 3636 | {0x0033,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ | |||
| 3637 | {0x0034,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ | |||
| 3638 | {0x0035,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA */ | |||
| 3639 | {0x0036,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */ | |||
| 3640 | {0x0037,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */ | |||
| 3641 | {0x0038,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */ | |||
| 3642 | {0x0039,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ | |||
| 3643 | {0x003A,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA */ | |||
| 3644 | {0x003B,KEX_RSA0x1e, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA256 */ | |||
| 3645 | {0x003C,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ | |||
| 3646 | {0x003D,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ | |||
| 3647 | {0x003E,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */ | |||
| 3648 | {0x003F,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */ | |||
| 3649 | {0x0040,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */ | |||
| 3650 | {0x0041,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ | |||
| 3651 | {0x0042,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */ | |||
| 3652 | {0x0043,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */ | |||
| 3653 | {0x0044,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */ | |||
| 3654 | {0x0045,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ | |||
| 3655 | {0x0046,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */ | |||
| 3656 | {0x0060,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 */ | |||
| 3657 | {0x0061,KEX_RSA0x1e, ENC_RC20x33, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 */ | |||
| 3658 | {0x0062,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */ | |||
| 3659 | {0x0063,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */ | |||
| 3660 | {0x0064,KEX_RSA0x1e, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */ | |||
| 3661 | {0x0065,KEX_DHE_DSS0x10, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA */ | |||
| 3662 | {0x0066,KEX_DHE_DSS0x10, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_DSS_WITH_RC4_128_SHA */ | |||
| 3663 | {0x0067,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ | |||
| 3664 | {0x0068,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */ | |||
| 3665 | {0x0069,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */ | |||
| 3666 | {0x006A,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */ | |||
| 3667 | {0x006B,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ | |||
| 3668 | {0x006C,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */ | |||
| 3669 | {0x006D,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */ | |||
| 3670 | {0x0084,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ | |||
| 3671 | {0x0085,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */ | |||
| 3672 | {0x0086,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */ | |||
| 3673 | {0x0087,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */ | |||
| 3674 | {0x0088,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ | |||
| 3675 | {0x0089,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */ | |||
| 3676 | {0x008A,KEX_PSK0x1d, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_PSK_WITH_RC4_128_SHA */ | |||
| 3677 | {0x008B,KEX_PSK0x1d, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_3DES_EDE_CBC_SHA */ | |||
| 3678 | {0x008C,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_AES_128_CBC_SHA */ | |||
| 3679 | {0x008D,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_AES_256_CBC_SHA */ | |||
| 3680 | {0x008E,KEX_DHE_PSK0x11, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_PSK_WITH_RC4_128_SHA */ | |||
| 3681 | {0x008F,KEX_DHE_PSK0x11, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA */ | |||
| 3682 | {0x0090,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA */ | |||
| 3683 | {0x0091,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA */ | |||
| 3684 | {0x0092,KEX_RSA_PSK0x1f, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_PSK_WITH_RC4_128_SHA */ | |||
| 3685 | {0x0093,KEX_RSA_PSK0x1f, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA */ | |||
| 3686 | {0x0094,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA */ | |||
| 3687 | {0x0095,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA */ | |||
| 3688 | {0x0096,KEX_RSA0x1e, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_SEED_CBC_SHA */ | |||
| 3689 | {0x0097,KEX_DH_DSS0x14, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_SEED_CBC_SHA */ | |||
| 3690 | {0x0098,KEX_DH_RSA0x15, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_SEED_CBC_SHA */ | |||
| 3691 | {0x0099,KEX_DHE_DSS0x10, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */ | |||
| 3692 | {0x009A,KEX_DHE_RSA0x12, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */ | |||
| 3693 | {0x009B,KEX_DH_ANON0x13, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_SEED_CBC_SHA */ | |||
| 3694 | {0x009C,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ | |||
| 3695 | {0x009D,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_WITH_AES_256_GCM_SHA384 */ | |||
| 3696 | {0x009E,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ | |||
| 3697 | {0x009F,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ | |||
| 3698 | {0x00A0,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */ | |||
| 3699 | {0x00A1,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */ | |||
| 3700 | {0x00A2,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */ | |||
| 3701 | {0x00A3,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */ | |||
| 3702 | {0x00A4,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */ | |||
| 3703 | {0x00A5,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */ | |||
| 3704 | {0x00A6,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */ | |||
| 3705 | {0x00A7,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ | |||
| 3706 | {0x00A8,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_PSK_WITH_AES_128_GCM_SHA256 */ | |||
| 3707 | {0x00A9,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_PSK_WITH_AES_256_GCM_SHA384 */ | |||
| 3708 | {0x00AA,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */ | |||
| 3709 | {0x00AB,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */ | |||
| 3710 | {0x00AC,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 */ | |||
| 3711 | {0x00AD,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 */ | |||
| 3712 | {0x00AE,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ | |||
| 3713 | {0x00AF,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ | |||
| 3714 | {0x00B0,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA256 */ | |||
| 3715 | {0x00B1,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA384 */ | |||
| 3716 | {0x00B2,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ | |||
| 3717 | {0x00B3,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ | |||
| 3718 | {0x00B4,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA256 */ | |||
| 3719 | {0x00B5,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA384 */ | |||
| 3720 | {0x00B6,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 */ | |||
| 3721 | {0x00B7,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 */ | |||
| 3722 | {0x00B8,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA256 */ | |||
| 3723 | {0x00B9,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA384 */ | |||
| 3724 | {0x00BA,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3725 | {0x00BB,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3726 | {0x00BC,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3727 | {0x00BD,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3728 | {0x00BE,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3729 | {0x00BF,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3730 | {0x00C0,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
| 3731 | {0x00C1,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
| 3732 | {0x00C2,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
| 3733 | {0x00C3,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
| 3734 | {0x00C4,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
| 3735 | {0x00C5,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
| 3736 | ||||
| 3737 | /* NOTE: TLS 1.3 cipher suites are incompatible with TLS 1.2. */ | |||
| 3738 | {0x1301,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_AES_128_GCM_SHA256 */ | |||
| 3739 | {0x1302,KEX_TLS130x23, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_AES_256_GCM_SHA384 */ | |||
| 3740 | {0x1303,KEX_TLS130x23, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_CHACHA20_POLY1305_SHA256 */ | |||
| 3741 | {0x1304,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM }, /* TLS_AES_128_CCM_SHA256 */ | |||
| 3742 | {0x1305,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM_8 }, /* TLS_AES_128_CCM_8_SHA256 */ | |||
| 3743 | {0x00C6,KEX_TLS130x23, ENC_SM40x3C, DIG_SM30x44, MODE_GCM }, /* TLS_SM4_GCM_SM3 */ | |||
| 3744 | ||||
| 3745 | {0xC001,KEX_ECDH_ECDSA0x1a, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_NULL_SHA */ | |||
| 3746 | {0xC002,KEX_ECDH_ECDSA0x1a, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ | |||
| 3747 | {0xC003,KEX_ECDH_ECDSA0x1a, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ | |||
| 3748 | {0xC004,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ | |||
| 3749 | {0xC005,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ | |||
| 3750 | {0xC006,KEX_ECDHE_ECDSA0x16, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ | |||
| 3751 | {0xC007,KEX_ECDHE_ECDSA0x16, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ | |||
| 3752 | {0xC008,KEX_ECDHE_ECDSA0x16, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ | |||
| 3753 | {0xC009,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ | |||
| 3754 | {0xC00A,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ | |||
| 3755 | {0xC00B,KEX_ECDH_RSA0x1b, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_NULL_SHA */ | |||
| 3756 | {0xC00C,KEX_ECDH_RSA0x1b, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */ | |||
| 3757 | {0xC00D,KEX_ECDH_RSA0x1b, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
| 3758 | {0xC00E,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ | |||
| 3759 | {0xC00F,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ | |||
| 3760 | {0xC0FF,KEX_ECJPAKE0x24, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECJPAKE_WITH_AES_128_CCM_8 */ | |||
| 3761 | {0xC010,KEX_ECDHE_RSA0x18, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */ | |||
| 3762 | {0xC011,KEX_ECDHE_RSA0x18, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ | |||
| 3763 | {0xC012,KEX_ECDHE_RSA0x18, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
| 3764 | {0xC013,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ | |||
| 3765 | {0xC014,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ | |||
| 3766 | {0xC015,KEX_ECDH_ANON0x19, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_anon_WITH_NULL_SHA */ | |||
| 3767 | {0xC016,KEX_ECDH_ANON0x19, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_anon_WITH_RC4_128_SHA */ | |||
| 3768 | {0xC017,KEX_ECDH_ANON0x19, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */ | |||
| 3769 | {0xC018,KEX_ECDH_ANON0x19, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */ | |||
| 3770 | {0xC019,KEX_ECDH_ANON0x19, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */ | |||
| 3771 | {0xC01A,KEX_SRP_SHA0x20, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA */ | |||
| 3772 | {0xC01B,KEX_SRP_SHA_RSA0x22, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
| 3773 | {0xC01C,KEX_SRP_SHA_DSS0x21, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA */ | |||
| 3774 | {0xC01D,KEX_SRP_SHA0x20, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_AES_128_CBC_SHA */ | |||
| 3775 | {0xC01E,KEX_SRP_SHA_RSA0x22, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA */ | |||
| 3776 | {0xC01F,KEX_SRP_SHA_DSS0x21, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA */ | |||
| 3777 | {0xC020,KEX_SRP_SHA0x20, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_AES_256_CBC_SHA */ | |||
| 3778 | {0xC021,KEX_SRP_SHA_RSA0x22, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA */ | |||
| 3779 | {0xC022,KEX_SRP_SHA_DSS0x21, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA */ | |||
| 3780 | {0xC023,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */ | |||
| 3781 | {0xC024,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */ | |||
| 3782 | {0xC025,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ | |||
| 3783 | {0xC026,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ | |||
| 3784 | {0xC027,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ | |||
| 3785 | {0xC028,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ | |||
| 3786 | {0xC029,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ | |||
| 3787 | {0xC02A,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ | |||
| 3788 | {0xC02B,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ | |||
| 3789 | {0xC02C,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ | |||
| 3790 | {0xC02D,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ | |||
| 3791 | {0xC02E,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ | |||
| 3792 | {0xC02F,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ | |||
| 3793 | {0xC030,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ | |||
| 3794 | {0xC031,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ | |||
| 3795 | {0xC032,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ | |||
| 3796 | {0xC033,KEX_ECDHE_PSK0x17, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_RC4_128_SHA */ | |||
| 3797 | {0xC034,KEX_ECDHE_PSK0x17, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA */ | |||
| 3798 | {0xC035,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA */ | |||
| 3799 | {0xC036,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA */ | |||
| 3800 | {0xC037,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ | |||
| 3801 | {0xC038,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 */ | |||
| 3802 | {0xC039,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA */ | |||
| 3803 | {0xC03A,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ | |||
| 3804 | {0xC03B,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA384 */ | |||
| 3805 | {0xC072,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3806 | {0xC073,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
| 3807 | {0xC074,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3808 | {0xC075,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
| 3809 | {0xC076,KEX_ECDHE_RSA0x18, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3810 | {0xC077,KEX_ECDHE_RSA0x18, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
| 3811 | {0xC078,KEX_ECDH_RSA0x1b, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3812 | {0xC079,KEX_ECDH_RSA0x1b, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
| 3813 | {0xC07A,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3814 | {0xC07B,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3815 | {0xC07C,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3816 | {0xC07D,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3817 | {0xC07E,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3818 | {0xC07F,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3819 | {0xC080,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3820 | {0xC081,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3821 | {0xC082,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3822 | {0xC083,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3823 | {0xC084,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3824 | {0xC085,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3825 | {0xC086,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3826 | {0xC087,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3827 | {0xC088,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3828 | {0xC089,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3829 | {0xC08A,KEX_ECDHE_RSA0x18, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3830 | {0xC08B,KEX_ECDHE_RSA0x18, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3831 | {0xC08C,KEX_ECDH_RSA0x1b, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3832 | {0xC08D,KEX_ECDH_RSA0x1b, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3833 | {0xC08E,KEX_PSK0x1d, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3834 | {0xC08F,KEX_PSK0x1d, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3835 | {0xC090,KEX_DHE_PSK0x11, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3836 | {0xC091,KEX_DHE_PSK0x11, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3837 | {0xC092,KEX_RSA_PSK0x1f, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
| 3838 | {0xC093,KEX_RSA_PSK0x1f, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
| 3839 | {0xC094,KEX_PSK0x1d, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3840 | {0xC095,KEX_PSK0x1d, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
| 3841 | {0xC096,KEX_DHE_PSK0x11, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3842 | {0xC097,KEX_DHE_PSK0x11, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
| 3843 | {0xC098,KEX_RSA_PSK0x1f, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3844 | {0xC099,KEX_RSA_PSK0x1f, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
| 3845 | {0xC09A,KEX_ECDHE_PSK0x17, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
| 3846 | {0xC09B,KEX_ECDHE_PSK0x17, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
| 3847 | {0xC09C,KEX_RSA0x1e, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_RSA_WITH_AES_128_CCM */ | |||
| 3848 | {0xC09D,KEX_RSA0x1e, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_RSA_WITH_AES_256_CCM */ | |||
| 3849 | {0xC09E,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_128_CCM */ | |||
| 3850 | {0xC09F,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_256_CCM */ | |||
| 3851 | {0xC0A0,KEX_RSA0x1e, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_128_CCM_8 */ | |||
| 3852 | {0xC0A1,KEX_RSA0x1e, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_256_CCM_8 */ | |||
| 3853 | {0xC0A2,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_128_CCM_8 */ | |||
| 3854 | {0xC0A3,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_256_CCM_8 */ | |||
| 3855 | {0xC0A4,KEX_PSK0x1d, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_PSK_WITH_AES_128_CCM */ | |||
| 3856 | {0xC0A5,KEX_PSK0x1d, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_PSK_WITH_AES_256_CCM */ | |||
| 3857 | {0xC0A6,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_PSK_WITH_AES_128_CCM */ | |||
| 3858 | {0xC0A7,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_PSK_WITH_AES_256_CCM */ | |||
| 3859 | {0xC0A8,KEX_PSK0x1d, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_128_CCM_8 */ | |||
| 3860 | {0xC0A9,KEX_PSK0x1d, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_256_CCM_8 */ | |||
| 3861 | {0xC0AA,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_DHE_WITH_AES_128_CCM_8 */ | |||
| 3862 | {0xC0AB,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_DHE_WITH_AES_256_CCM_8 */ | |||
| 3863 | {0xC0AC,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */ | |||
| 3864 | {0xC0AD,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM */ | |||
| 3865 | {0xC0AE,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ | |||
| 3866 | {0xC0AF,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */ | |||
| 3867 | {0xCCA8,KEX_ECDHE_RSA0x18, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ | |||
| 3868 | {0xCCA9,KEX_ECDHE_ECDSA0x16, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ | |||
| 3869 | {0xCCAA,KEX_DHE_RSA0x12, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ | |||
| 3870 | {0xCCAB,KEX_PSK0x1d, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | |||
| 3871 | {0xCCAC,KEX_ECDHE_PSK0x17, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | |||
| 3872 | {0xCCAD,KEX_DHE_PSK0x11, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | |||
| 3873 | {0xCCAE,KEX_RSA_PSK0x1f, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | |||
| 3874 | {0xD001,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM}, /* TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ | |||
| 3875 | {0xD002,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM}, /* TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 */ | |||
| 3876 | {0xD003,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM_8}, /* TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 */ | |||
| 3877 | {0xD005,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM}, /* TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 */ | |||
| 3878 | /* GM */ | |||
| 3879 | {0xe001,KEX_ECDHE_SM20x25, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* ECDHE_SM1_SM3 */ | |||
| 3880 | {0xe003,KEX_ECC_SM20x26, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* ECC_SM1_SM3 */ | |||
| 3881 | {0xe005,KEX_IBSDH_SM90x27, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* IBSDH_SM1_SM3 */ | |||
| 3882 | {0xe007,KEX_IBC_SM90x28, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* IBC_SM1_SM3 */ | |||
| 3883 | {0xe009,KEX_RSA0x1e, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* RSA_SM1_SM3 */ | |||
| 3884 | {0xe00a,KEX_RSA0x1e, ENC_SM10x3B, DIG_SHA0x41, MODE_CBC}, /* RSA_SM1_SHA1 */ | |||
| 3885 | {0xe011,KEX_ECDHE_SM20x25, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* ECDHE_SM4_CBC_SM3 */ | |||
| 3886 | {0xe013,KEX_ECC_SM20x26, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* ECC_SM4_CBC_SM3 */ | |||
| 3887 | {0xe015,KEX_IBSDH_SM90x27, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* IBSDH_SM4_CBC_SM3 */ | |||
| 3888 | {0xe017,KEX_IBC_SM90x28, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* IBC_SM4_CBC_SM3 */ | |||
| 3889 | {0xe019,KEX_RSA0x1e, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* RSA_SM4_CBC_SM3 */ | |||
| 3890 | {0xe01a,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA0x41, MODE_CBC}, /* RSA_SM4_CBC_SHA1 */ | |||
| 3891 | {0xe01c,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA2560x42, MODE_CBC}, /* RSA_SM4_CBC_SHA256 */ | |||
| 3892 | {0xe051,KEX_ECDHE_SM20x25, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* ECDHE_SM4_GCM_SM3 */ | |||
| 3893 | {0xe053,KEX_ECC_SM20x26, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* ECC_SM4_GCM_SM3 */ | |||
| 3894 | {0xe055,KEX_IBSDH_SM90x27, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* IBSDH_SM4_GCM_SM3 */ | |||
| 3895 | {0xe057,KEX_IBC_SM90x28, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* IBC_SM4_GCM_SM3 */ | |||
| 3896 | {0xe059,KEX_RSA0x1e, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* RSA_SM4_GCM_SM3 */ | |||
| 3897 | {0xe05a,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA2560x42, MODE_GCM}, /* RSA_SM4_GCM_SHA256 */ | |||
| 3898 | {-1, 0, 0, 0, MODE_STREAM} | |||
| 3899 | }; | |||
| 3900 | ||||
| 3901 | #define MAX_BLOCK_SIZE16 16 | |||
| 3902 | #define MAX_KEY_SIZE32 32 | |||
| 3903 | ||||
| 3904 | const SslCipherSuite * | |||
| 3905 | ssl_find_cipher(int num) | |||
| 3906 | { | |||
| 3907 | const SslCipherSuite *c; | |||
| 3908 | for(c=cipher_suites;c->number!=-1;c++){ | |||
| 3909 | if(c->number==num){ | |||
| 3910 | return c; | |||
| 3911 | } | |||
| 3912 | } | |||
| 3913 | ||||
| 3914 | return NULL((void*)0); | |||
| 3915 | } | |||
| 3916 | ||||
| 3917 | int | |||
| 3918 | ssl_get_cipher_algo(const SslCipherSuite *cipher_suite) | |||
| 3919 | { | |||
| 3920 | return gcry_cipher_map_name(ciphers[cipher_suite->enc - ENC_START0x30]); | |||
| 3921 | } | |||
| 3922 | ||||
| 3923 | unsigned | |||
| 3924 | ssl_get_cipher_blocksize(const SslCipherSuite *cipher_suite) | |||
| 3925 | { | |||
| 3926 | int cipher_algo; | |||
| 3927 | if (cipher_suite->mode != MODE_CBC) return 0; | |||
| 3928 | cipher_algo = ssl_get_cipher_by_name(ciphers[cipher_suite->enc - ENC_START0x30]); | |||
| 3929 | return (unsigned)gcry_cipher_get_algo_blklen(cipher_algo); | |||
| 3930 | } | |||
| 3931 | ||||
| 3932 | static unsigned | |||
| 3933 | ssl_get_cipher_export_keymat_size(int cipher_suite_num) | |||
| 3934 | { | |||
| 3935 | switch (cipher_suite_num) { | |||
| 3936 | /* See RFC 6101 (SSL 3.0), Table 2, column Key Material. */ | |||
| 3937 | case 0x0003: /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ | |||
| 3938 | case 0x0006: /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ | |||
| 3939 | case 0x0008: /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3940 | case 0x000B: /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3941 | case 0x000E: /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3942 | case 0x0011: /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3943 | case 0x0014: /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3944 | case 0x0017: /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ | |||
| 3945 | case 0x0019: /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ | |||
| 3946 | return 5; | |||
| 3947 | ||||
| 3948 | /* not defined in below draft, but "implemented by several vendors", | |||
| 3949 | * https://www.ietf.org/mail-archive/web/tls/current/msg00036.html */ | |||
| 3950 | case 0x0060: /* TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 */ | |||
| 3951 | case 0x0061: /* TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 */ | |||
| 3952 | return 7; | |||
| 3953 | ||||
| 3954 | /* Note: the draft states that DES_CBC needs 8 bytes, but Wireshark always | |||
| 3955 | * used 7. Until a pcap proves 8, let's use the old value. Link: | |||
| 3956 | * https://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01 */ | |||
| 3957 | case 0x0062: /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */ | |||
| 3958 | case 0x0063: /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */ | |||
| 3959 | case 0x0064: /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */ | |||
| 3960 | case 0x0065: /* TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA */ | |||
| 3961 | return 7; | |||
| 3962 | ||||
| 3963 | default: | |||
| 3964 | return 0; | |||
| 3965 | } | |||
| 3966 | } | |||
| 3967 | ||||
| 3968 | /* Digests, Ciphers and Cipher Suites registry }}} */ | |||
| 3969 | ||||
| 3970 | ||||
| 3971 | /* HMAC and the Pseudorandom function {{{ */ | |||
| 3972 | static int | |||
| 3973 | tls_hash(StringInfo *secret, StringInfo *seed, int md, | |||
| 3974 | StringInfo *out, unsigned out_len) | |||
| 3975 | { | |||
| 3976 | /* RFC 2246 5. HMAC and the pseudorandom function | |||
| 3977 | * '+' denotes concatenation. | |||
| 3978 | * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + | |||
| 3979 | * HMAC_hash(secret, A(2) + seed) + ... | |||
| 3980 | * A(0) = seed | |||
| 3981 | * A(i) = HMAC_hash(secret, A(i - 1)) | |||
| 3982 | */ | |||
| 3983 | uint8_t *ptr; | |||
| 3984 | unsigned left, tocpy; | |||
| 3985 | uint8_t *A; | |||
| 3986 | uint8_t _A[DIGEST_MAX_SIZE48], tmp[DIGEST_MAX_SIZE48]; | |||
| 3987 | unsigned A_l, tmp_l; | |||
| 3988 | SSL_HMACgcry_md_hd_t hm; | |||
| 3989 | ||||
| 3990 | ptr = out->data; | |||
| 3991 | left = out_len; | |||
| 3992 | ||||
| 3993 | ssl_print_string("tls_hash: hash secret", secret); | |||
| 3994 | ssl_print_string("tls_hash: hash seed", seed); | |||
| 3995 | /* A(0) = seed */ | |||
| 3996 | A = seed->data; | |||
| 3997 | A_l = seed->data_len; | |||
| 3998 | ||||
| 3999 | if (ssl_hmac_init(&hm, md) != 0) { | |||
| 4000 | return -1; | |||
| 4001 | } | |||
| 4002 | while (left) { | |||
| 4003 | /* A(i) = HMAC_hash(secret, A(i-1)) */ | |||
| 4004 | ssl_hmac_setkey(&hm, secret->data, secret->data_len); | |||
| 4005 | ssl_hmac_update(&hm, A, A_l); | |||
| 4006 | A_l = sizeof(_A); /* upper bound len for hash output */ | |||
| 4007 | ssl_hmac_final(&hm, _A, &A_l); | |||
| 4008 | A = _A; | |||
| 4009 | ||||
| 4010 | /* HMAC_hash(secret, A(i) + seed) */ | |||
| 4011 | ssl_hmac_reset(&hm); | |||
| 4012 | ssl_hmac_setkey(&hm, secret->data, secret->data_len); | |||
| 4013 | ssl_hmac_update(&hm, A, A_l); | |||
| 4014 | ssl_hmac_update(&hm, seed->data, seed->data_len); | |||
| 4015 | tmp_l = sizeof(tmp); /* upper bound len for hash output */ | |||
| 4016 | ssl_hmac_final(&hm, tmp, &tmp_l); | |||
| 4017 | ssl_hmac_reset(&hm); | |||
| 4018 | ||||
| 4019 | /* ssl_hmac_final puts the actual digest output size in tmp_l */ | |||
| 4020 | tocpy = MIN(left, tmp_l)(((left) < (tmp_l)) ? (left) : (tmp_l)); | |||
| 4021 | memcpy(ptr, tmp, tocpy); | |||
| 4022 | ptr += tocpy; | |||
| 4023 | left -= tocpy; | |||
| 4024 | } | |||
| 4025 | ssl_hmac_cleanup(&hm); | |||
| 4026 | out->data_len = out_len; | |||
| 4027 | ||||
| 4028 | ssl_print_string("hash out", out); | |||
| 4029 | return 0; | |||
| 4030 | } | |||
| 4031 | ||||
| 4032 | static bool_Bool | |||
| 4033 | tls_prf(StringInfo* secret, const char *usage, | |||
| 4034 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) | |||
| 4035 | { | |||
| 4036 | StringInfo seed, sha_out, md5_out; | |||
| 4037 | uint8_t *ptr; | |||
| 4038 | StringInfo s1, s2; | |||
| 4039 | unsigned i,s_l; | |||
| 4040 | size_t usage_len, rnd2_len; | |||
| 4041 | bool_Bool success = false0; | |||
| 4042 | usage_len = strlen(usage); | |||
| 4043 | rnd2_len = rnd2 ? rnd2->data_len : 0; | |||
| 4044 | ||||
| 4045 | /* initialize buffer for sha, md5 random seed*/ | |||
| 4046 | if (ssl_data_alloc(&sha_out, MAX(out_len, 20)(((out_len) > (20)) ? (out_len) : (20))) < 0) { | |||
| 4047 | ssl_debug_printf("tls_prf: can't allocate sha out\n"); | |||
| 4048 | return false0; | |||
| 4049 | } | |||
| 4050 | if (ssl_data_alloc(&md5_out, MAX(out_len, 16)(((out_len) > (16)) ? (out_len) : (16))) < 0) { | |||
| 4051 | ssl_debug_printf("tls_prf: can't allocate md5 out\n"); | |||
| 4052 | goto free_sha; | |||
| 4053 | } | |||
| 4054 | if (ssl_data_alloc(&seed, usage_len+rnd1->data_len+rnd2_len) < 0) { | |||
| 4055 | ssl_debug_printf("tls_prf: can't allocate rnd %d\n", | |||
| 4056 | (int) (usage_len+rnd1->data_len+rnd2_len)); | |||
| 4057 | goto free_md5; | |||
| 4058 | } | |||
| 4059 | ||||
| 4060 | ptr=seed.data; | |||
| 4061 | memcpy(ptr,usage,usage_len); | |||
| 4062 | ptr+=usage_len; | |||
| 4063 | memcpy(ptr,rnd1->data,rnd1->data_len); | |||
| 4064 | if (rnd2_len > 0) { | |||
| 4065 | ptr+=rnd1->data_len; | |||
| 4066 | memcpy(ptr,rnd2->data,rnd2->data_len); | |||
| 4067 | /*ptr+=rnd2->data_len;*/ | |||
| 4068 | } | |||
| 4069 | ||||
| 4070 | /* initialize buffer for client/server seeds*/ | |||
| 4071 | s_l=secret->data_len/2 + secret->data_len%2; | |||
| 4072 | if (ssl_data_alloc(&s1, s_l) < 0) { | |||
| 4073 | ssl_debug_printf("tls_prf: can't allocate secret %d\n", s_l); | |||
| 4074 | goto free_seed; | |||
| 4075 | } | |||
| 4076 | if (ssl_data_alloc(&s2, s_l) < 0) { | |||
| 4077 | ssl_debug_printf("tls_prf: can't allocate secret(2) %d\n", s_l); | |||
| 4078 | goto free_s1; | |||
| 4079 | } | |||
| 4080 | ||||
| 4081 | memcpy(s1.data,secret->data,s_l); | |||
| 4082 | memcpy(s2.data,secret->data + (secret->data_len - s_l),s_l); | |||
| 4083 | ||||
| 4084 | ssl_debug_printf("tls_prf: tls_hash(md5 secret_len %d seed_len %d )\n", s1.data_len, seed.data_len); | |||
| 4085 | if(tls_hash(&s1, &seed, ssl_get_digest_by_name("MD5"), &md5_out, out_len) != 0) | |||
| 4086 | goto free_s2; | |||
| 4087 | ssl_debug_printf("tls_prf: tls_hash(sha)\n"); | |||
| 4088 | if(tls_hash(&s2, &seed, ssl_get_digest_by_name("SHA1"), &sha_out, out_len) != 0) | |||
| 4089 | goto free_s2; | |||
| 4090 | ||||
| 4091 | for (i = 0; i < out_len; i++) | |||
| 4092 | out->data[i] = md5_out.data[i] ^ sha_out.data[i]; | |||
| 4093 | /* success, now store the new meaningful data length */ | |||
| 4094 | out->data_len = out_len; | |||
| 4095 | success = true1; | |||
| 4096 | ||||
| 4097 | ssl_print_string("PRF out",out); | |||
| 4098 | free_s2: | |||
| 4099 | g_free(s2.data); | |||
| 4100 | free_s1: | |||
| 4101 | g_free(s1.data); | |||
| 4102 | free_seed: | |||
| 4103 | g_free(seed.data); | |||
| 4104 | free_md5: | |||
| 4105 | g_free(md5_out.data); | |||
| 4106 | free_sha: | |||
| 4107 | g_free(sha_out.data); | |||
| 4108 | return success; | |||
| 4109 | } | |||
| 4110 | ||||
| 4111 | static bool_Bool | |||
| 4112 | tls12_prf(int md, StringInfo* secret, const char* usage, | |||
| 4113 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) | |||
| 4114 | { | |||
| 4115 | StringInfo label_seed; | |||
| 4116 | int success; | |||
| 4117 | size_t usage_len, rnd2_len; | |||
| 4118 | rnd2_len = rnd2 ? rnd2->data_len : 0; | |||
| 4119 | ||||
| 4120 | usage_len = strlen(usage); | |||
| 4121 | if (ssl_data_alloc(&label_seed, usage_len+rnd1->data_len+rnd2_len) < 0) { | |||
| 4122 | ssl_debug_printf("tls12_prf: can't allocate label_seed\n"); | |||
| 4123 | return false0; | |||
| 4124 | } | |||
| 4125 | memcpy(label_seed.data, usage, usage_len); | |||
| 4126 | memcpy(label_seed.data+usage_len, rnd1->data, rnd1->data_len); | |||
| 4127 | if (rnd2_len > 0) | |||
| 4128 | memcpy(label_seed.data+usage_len+rnd1->data_len, rnd2->data, rnd2->data_len); | |||
| 4129 | ||||
| 4130 | ssl_debug_printf("tls12_prf: tls_hash(hash_alg %s secret_len %d seed_len %d )\n", gcry_md_algo_name(md), secret->data_len, label_seed.data_len); | |||
| 4131 | success = tls_hash(secret, &label_seed, md, out, out_len); | |||
| 4132 | g_free(label_seed.data); | |||
| 4133 | if(success != -1){ | |||
| 4134 | ssl_print_string("PRF out", out); | |||
| 4135 | return true1; | |||
| 4136 | } | |||
| 4137 | return false0; | |||
| 4138 | } | |||
| 4139 | ||||
| 4140 | static bool_Bool | |||
| 4141 | ssl3_generate_export_iv(StringInfo *r1, StringInfo *r2, | |||
| 4142 | StringInfo *out, unsigned out_len) | |||
| 4143 | { | |||
| 4144 | SSL_MD5_CTXgcry_md_hd_t md5; | |||
| 4145 | uint8_t tmp[16]; | |||
| 4146 | ||||
| 4147 | if (ssl_md5_init(&md5) != 0) { | |||
| 4148 | return false0; | |||
| 4149 | } | |||
| 4150 | ssl_md5_update(&md5,r1->data,r1->data_len); | |||
| 4151 | ssl_md5_update(&md5,r2->data,r2->data_len); | |||
| 4152 | ssl_md5_final(tmp,&md5); | |||
| 4153 | ssl_md5_cleanup(&md5); | |||
| 4154 | ||||
| 4155 | DISSECTOR_ASSERT(out_len <= sizeof(tmp))((void) ((out_len <= sizeof(tmp)) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 4155, "out_len <= sizeof(tmp)")))); | |||
| 4156 | ssl_data_set(out, tmp, out_len); | |||
| 4157 | ssl_print_string("export iv", out); | |||
| 4158 | return true1; | |||
| 4159 | } | |||
| 4160 | ||||
| 4161 | static bool_Bool | |||
| 4162 | ssl3_prf(StringInfo* secret, const char* usage, | |||
| 4163 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) | |||
| 4164 | { | |||
| 4165 | SSL_MD5_CTXgcry_md_hd_t md5; | |||
| 4166 | SSL_SHA_CTXgcry_md_hd_t sha; | |||
| 4167 | unsigned off; | |||
| 4168 | int i = 0,j; | |||
| 4169 | uint8_t buf[20]; | |||
| 4170 | ||||
| 4171 | if (ssl_sha_init(&sha) != 0) { | |||
| 4172 | return false0; | |||
| 4173 | } | |||
| 4174 | if (ssl_md5_init(&md5) != 0) { | |||
| 4175 | ssl_sha_cleanup(&sha); | |||
| 4176 | return false0; | |||
| 4177 | } | |||
| 4178 | for (off = 0; off < out_len; off += 16) { | |||
| 4179 | unsigned char outbuf[16]; | |||
| 4180 | i++; | |||
| 4181 | ||||
| 4182 | ssl_debug_printf("ssl3_prf: sha1_hash(%d)\n",i); | |||
| 4183 | /* A, BB, CCC, ... */ | |||
| 4184 | for(j=0;j<i;j++){ | |||
| 4185 | buf[j]=64+i; | |||
| 4186 | } | |||
| 4187 | ||||
| 4188 | ssl_sha_update(&sha,buf,i); | |||
| 4189 | ssl_sha_update(&sha,secret->data,secret->data_len); | |||
| 4190 | ||||
| 4191 | if(!strcmp(usage,"client write key") || !strcmp(usage,"server write key")){ | |||
| 4192 | if (rnd2) | |||
| 4193 | ssl_sha_update(&sha,rnd2->data,rnd2->data_len); | |||
| 4194 | ssl_sha_update(&sha,rnd1->data,rnd1->data_len); | |||
| 4195 | } | |||
| 4196 | else{ | |||
| 4197 | ssl_sha_update(&sha,rnd1->data,rnd1->data_len); | |||
| 4198 | if (rnd2) | |||
| 4199 | ssl_sha_update(&sha,rnd2->data,rnd2->data_len); | |||
| 4200 | } | |||
| 4201 | ||||
| 4202 | ssl_sha_final(buf,&sha); | |||
| 4203 | ssl_sha_reset(&sha); | |||
| 4204 | ||||
| 4205 | ssl_debug_printf("ssl3_prf: md5_hash(%d) datalen %d\n",i, | |||
| 4206 | secret->data_len); | |||
| 4207 | ssl_md5_update(&md5,secret->data,secret->data_len); | |||
| 4208 | ssl_md5_update(&md5,buf,20); | |||
| 4209 | ssl_md5_final(outbuf,&md5); | |||
| 4210 | ssl_md5_reset(&md5); | |||
| 4211 | ||||
| 4212 | memcpy(out->data + off, outbuf, MIN(out_len - off, 16)(((out_len - off) < (16)) ? (out_len - off) : (16))); | |||
| 4213 | } | |||
| 4214 | ssl_sha_cleanup(&sha); | |||
| 4215 | ssl_md5_cleanup(&md5); | |||
| 4216 | out->data_len = out_len; | |||
| 4217 | ||||
| 4218 | return true1; | |||
| 4219 | } | |||
| 4220 | ||||
| 4221 | /* out_len is the wanted output length for the pseudorandom function. | |||
| 4222 | * Ensure that ssl->cipher_suite is set. */ | |||
| 4223 | static bool_Bool | |||
| 4224 | prf(SslDecryptSession *ssl, StringInfo *secret, const char *usage, | |||
| 4225 | StringInfo *rnd1, StringInfo *rnd2, StringInfo *out, unsigned out_len) | |||
| 4226 | { | |||
| 4227 | switch (ssl->session.version) { | |||
| 4228 | case SSLV3_VERSION0x300: | |||
| 4229 | return ssl3_prf(secret, usage, rnd1, rnd2, out, out_len); | |||
| 4230 | ||||
| 4231 | case TLSV1_VERSION0x301: | |||
| 4232 | case TLSV1DOT1_VERSION0x302: | |||
| 4233 | case DTLSV1DOT0_VERSION0xfeff: | |||
| 4234 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | |||
| 4235 | return tls_prf(secret, usage, rnd1, rnd2, out, out_len); | |||
| 4236 | ||||
| 4237 | default: /* TLSv1.2 */ | |||
| 4238 | switch (ssl->cipher_suite->dig) { | |||
| 4239 | case DIG_SM30x44: | |||
| 4240 | #if GCRYPT_VERSION_NUMBER0x010a03 >= 0x010900 | |||
| 4241 | return tls12_prf(GCRY_MD_SM3, secret, usage, rnd1, rnd2, | |||
| 4242 | out, out_len); | |||
| 4243 | #else | |||
| 4244 | return false0; | |||
| 4245 | #endif | |||
| 4246 | case DIG_SHA3840x43: | |||
| 4247 | return tls12_prf(GCRY_MD_SHA384, secret, usage, rnd1, rnd2, | |||
| 4248 | out, out_len); | |||
| 4249 | default: | |||
| 4250 | return tls12_prf(GCRY_MD_SHA256, secret, usage, rnd1, rnd2, | |||
| 4251 | out, out_len); | |||
| 4252 | } | |||
| 4253 | } | |||
| 4254 | } | |||
| 4255 | ||||
| 4256 | static int tls_handshake_hash(SslDecryptSession* ssl, StringInfo* out) | |||
| 4257 | { | |||
| 4258 | SSL_MD5_CTXgcry_md_hd_t md5; | |||
| 4259 | SSL_SHA_CTXgcry_md_hd_t sha; | |||
| 4260 | ||||
| 4261 | if (ssl_data_alloc(out, 36) < 0) | |||
| 4262 | return -1; | |||
| 4263 | ||||
| 4264 | if (ssl_md5_init(&md5) != 0) | |||
| 4265 | return -1; | |||
| 4266 | ssl_md5_update(&md5,ssl->handshake_data.data,ssl->handshake_data.data_len); | |||
| 4267 | ssl_md5_final(out->data,&md5); | |||
| 4268 | ssl_md5_cleanup(&md5); | |||
| 4269 | ||||
| 4270 | if (ssl_sha_init(&sha) != 0) | |||
| 4271 | return -1; | |||
| 4272 | ssl_sha_update(&sha,ssl->handshake_data.data,ssl->handshake_data.data_len); | |||
| 4273 | ssl_sha_final(out->data+16,&sha); | |||
| 4274 | ssl_sha_cleanup(&sha); | |||
| 4275 | return 0; | |||
| 4276 | } | |||
| 4277 | ||||
| 4278 | static int tls12_handshake_hash(SslDecryptSession* ssl, int md, StringInfo* out) | |||
| 4279 | { | |||
| 4280 | SSL_MDgcry_md_hd_t mc; | |||
| 4281 | uint8_t tmp[48]; | |||
| 4282 | unsigned len; | |||
| 4283 | ||||
| 4284 | if (ssl_md_init(&mc, md) != 0) | |||
| 4285 | return -1; | |||
| 4286 | ssl_md_update(&mc,ssl->handshake_data.data,ssl->handshake_data.data_len); | |||
| 4287 | ssl_md_final(&mc, tmp, &len); | |||
| 4288 | ssl_md_cleanup(&mc); | |||
| 4289 | ||||
| 4290 | if (ssl_data_alloc(out, len) < 0) | |||
| 4291 | return -1; | |||
| 4292 | memcpy(out->data, tmp, len); | |||
| 4293 | return 0; | |||
| 4294 | } | |||
| 4295 | ||||
| 4296 | /** | |||
| 4297 | * Obtains the label prefix used in HKDF-Expand-Label. This function can be | |||
| 4298 | * inlined and removed once support for draft 19 and before is dropped. | |||
| 4299 | */ | |||
| 4300 | static inline const char * | |||
| 4301 | tls13_hkdf_label_prefix(SslDecryptSession *ssl_session) | |||
| 4302 | { | |||
| 4303 | if (ssl_session->session.tls13_draft_version && ssl_session->session.tls13_draft_version < 20) { | |||
| 4304 | return "TLS 1.3, "; | |||
| 4305 | } else if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { | |||
| 4306 | return "dtls13"; | |||
| 4307 | } else { | |||
| 4308 | return "tls13 "; | |||
| 4309 | } | |||
| 4310 | } | |||
| 4311 | ||||
| 4312 | /* | |||
| 4313 | * Computes HKDF-Expand-Label(Secret, Label, Hash(context_value), Length) with a | |||
| 4314 | * custom label prefix. If "context_hash" is NULL, then an empty context is | |||
| 4315 | * used. Otherwise it must have the same length as the hash algorithm output. | |||
| 4316 | */ | |||
| 4317 | bool_Bool | |||
| 4318 | tls13_hkdf_expand_label_context(int md, const StringInfo *secret, | |||
| 4319 | const char *label_prefix, const char *label, | |||
| 4320 | const uint8_t *context_hash, uint8_t context_length, | |||
| 4321 | uint16_t out_len, unsigned char **out) | |||
| 4322 | { | |||
| 4323 | /* RFC 8446 Section 7.1: | |||
| 4324 | * HKDF-Expand-Label(Secret, Label, Context, Length) = | |||
| 4325 | * HKDF-Expand(Secret, HkdfLabel, Length) | |||
| 4326 | * struct { | |||
| 4327 | * uint16 length = Length; | |||
| 4328 | * opaque label<7..255> = "tls13 " + Label; // "tls13 " is label prefix. | |||
| 4329 | * opaque context<0..255> = Context; | |||
| 4330 | * } HkdfLabel; | |||
| 4331 | * | |||
| 4332 | * RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF): | |||
| 4333 | * HKDF-Expand(PRK, info, L) -> OKM | |||
| 4334 | */ | |||
| 4335 | gcry_error_t err; | |||
| 4336 | const unsigned label_prefix_length = (unsigned) strlen(label_prefix); | |||
| 4337 | const unsigned label_length = (unsigned) strlen(label); | |||
| 4338 | ||||
| 4339 | /* Some sanity checks */ | |||
| 4340 | DISSECTOR_ASSERT(label_length > 0 && label_prefix_length + label_length <= 255)((void) ((label_length > 0 && label_prefix_length + label_length <= 255) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 4340, "label_length > 0 && label_prefix_length + label_length <= 255" )))); | |||
| 4341 | ||||
| 4342 | /* info = HkdfLabel { length, label, context } */ | |||
| 4343 | GByteArray *info = g_byte_array_new(); | |||
| 4344 | const uint16_t length = g_htons(out_len)(((((guint16) ( (guint16) ((guint16) (out_len) >> 8) | ( guint16) ((guint16) (out_len) << 8)))))); | |||
| 4345 | g_byte_array_append(info, (const uint8_t *)&length, sizeof(length)); | |||
| 4346 | ||||
| 4347 | const uint8_t label_vector_length = label_prefix_length + label_length; | |||
| 4348 | g_byte_array_append(info, &label_vector_length, 1); | |||
| 4349 | g_byte_array_append(info, (const uint8_t *)label_prefix, label_prefix_length); | |||
| 4350 | g_byte_array_append(info, (const uint8_t*)label, label_length); | |||
| 4351 | ||||
| 4352 | g_byte_array_append(info, &context_length, 1); | |||
| 4353 | if (context_length) { | |||
| 4354 | g_byte_array_append(info, context_hash, context_length); | |||
| 4355 | } | |||
| 4356 | ||||
| 4357 | *out = (unsigned char *)wmem_alloc(NULL((void*)0), out_len); | |||
| 4358 | err = hkdf_expand(md, secret->data, secret->data_len, info->data, info->len, *out, out_len); | |||
| 4359 | g_byte_array_free(info, true1); | |||
| 4360 | ||||
| 4361 | if (err) { | |||
| 4362 | ssl_debug_printf("%s failed %d: %s\n", G_STRFUNC((const char*) (__func__)), md, gcry_strerror(err)); | |||
| 4363 | wmem_free(NULL((void*)0), *out); | |||
| 4364 | *out = NULL((void*)0); | |||
| 4365 | return false0; | |||
| 4366 | } | |||
| 4367 | ||||
| 4368 | return true1; | |||
| 4369 | } | |||
| 4370 | ||||
| 4371 | bool_Bool | |||
| 4372 | tls13_hkdf_expand_label(int md, const StringInfo *secret, | |||
| 4373 | const char *label_prefix, const char *label, | |||
| 4374 | uint16_t out_len, unsigned char **out) | |||
| 4375 | { | |||
| 4376 | return tls13_hkdf_expand_label_context(md, secret, label_prefix, label, NULL((void*)0), 0, out_len, out); | |||
| 4377 | } | |||
| 4378 | /* HMAC and the Pseudorandom function }}} */ | |||
| 4379 | ||||
| 4380 | /* Record Decompression (after decryption) {{{ */ | |||
| 4381 | #ifdef USE_ZLIB_OR_ZLIBNG | |||
| 4382 | /* memory allocation functions for zlib initialization */ | |||
| 4383 | static void* ssl_zalloc(void* opaque _U___attribute__((unused)), unsigned int no, unsigned int size) | |||
| 4384 | { | |||
| 4385 | return g_malloc0(no*size); | |||
| 4386 | } | |||
| 4387 | static void ssl_zfree(void* opaque _U___attribute__((unused)), void* addr) | |||
| 4388 | { | |||
| 4389 | g_free(addr); | |||
| 4390 | } | |||
| 4391 | #endif /* USE_ZLIB_OR_ZLIBNG */ | |||
| 4392 | ||||
| 4393 | static SslDecompress* | |||
| 4394 | ssl_create_decompressor(int compression) | |||
| 4395 | { | |||
| 4396 | SslDecompress *decomp; | |||
| 4397 | #ifdef USE_ZLIB_OR_ZLIBNG | |||
| 4398 | int err; | |||
| 4399 | #endif | |||
| 4400 | ||||
| 4401 | if (compression == 0) return NULL((void*)0); | |||
| 4402 | ssl_debug_printf("ssl_create_decompressor: compression method %d\n", compression); | |||
| 4403 | decomp = wmem_new(wmem_file_scope(), SslDecompress)((SslDecompress*)wmem_alloc((wmem_file_scope()), sizeof(SslDecompress ))); | |||
| 4404 | decomp->compression = compression; | |||
| 4405 | switch (decomp->compression) { | |||
| 4406 | #ifdef USE_ZLIB_OR_ZLIBNG | |||
| 4407 | case 1: /* DEFLATE */ | |||
| 4408 | decomp->istream.zalloc = ssl_zalloc; | |||
| 4409 | decomp->istream.zfree = ssl_zfree; | |||
| 4410 | decomp->istream.opaque = Z_NULL0; | |||
| 4411 | decomp->istream.next_in = Z_NULL0; | |||
| 4412 | decomp->istream.next_out = Z_NULL0; | |||
| 4413 | decomp->istream.avail_in = 0; | |||
| 4414 | decomp->istream.avail_out = 0; | |||
| 4415 | err = ZLIB_PREFIX(inflateInit)(&decomp->istream)inflateInit_((&decomp->istream), "1.3", (int)sizeof(z_stream )); | |||
| 4416 | if (err != Z_OK0) { | |||
| 4417 | ssl_debug_printf("ssl_create_decompressor: inflateInit_() failed - %d\n", err); | |||
| 4418 | return NULL((void*)0); | |||
| 4419 | } | |||
| 4420 | break; | |||
| 4421 | #endif /* USE_ZLIB_OR_ZLIBNG */ | |||
| 4422 | default: | |||
| 4423 | ssl_debug_printf("ssl_create_decompressor: unsupported compression method %d\n", decomp->compression); | |||
| 4424 | return NULL((void*)0); | |||
| 4425 | } | |||
| 4426 | return decomp; | |||
| 4427 | } | |||
| 4428 | ||||
| 4429 | #ifdef USE_ZLIB_OR_ZLIBNG | |||
| 4430 | static int | |||
| 4431 | ssl_decompress_record(SslDecompress* decomp, const unsigned char* in, unsigned inl, StringInfo* out_str, unsigned* outl) | |||
| 4432 | { | |||
| 4433 | int err; | |||
| 4434 | ||||
| 4435 | switch (decomp->compression) { | |||
| 4436 | case 1: /* DEFLATE */ | |||
| 4437 | err = Z_OK0; | |||
| 4438 | if (out_str->data_len < 16384) { /* maximal plain length */ | |||
| 4439 | ssl_data_realloc(out_str, 16384); | |||
| 4440 | } | |||
| 4441 | #ifdef z_constconst | |||
| 4442 | decomp->istream.next_in = in; | |||
| 4443 | #else | |||
| 4444 | DIAG_OFF(cast-qual)clang diagnostic push
clang diagnostic ignored "-Wcast-qual" | |||
| 4445 | decomp->istream.next_in = (Bytef *)in; | |||
| 4446 | DIAG_ON(cast-qual)clang diagnostic pop | |||
| 4447 | #endif | |||
| 4448 | decomp->istream.avail_in = inl; | |||
| 4449 | decomp->istream.next_out = out_str->data; | |||
| 4450 | decomp->istream.avail_out = out_str->data_len; | |||
| 4451 | if (inl > 0) | |||
| 4452 | err = ZLIB_PREFIX(inflate)inflate(&decomp->istream, Z_SYNC_FLUSH2); | |||
| 4453 | if (err != Z_OK0) { | |||
| 4454 | ssl_debug_printf("ssl_decompress_record: inflate() failed - %d\n", err); | |||
| 4455 | return -1; | |||
| 4456 | } | |||
| 4457 | *outl = out_str->data_len - decomp->istream.avail_out; | |||
| 4458 | break; | |||
| 4459 | default: | |||
| 4460 | ssl_debug_printf("ssl_decompress_record: unsupported compression method %d\n", decomp->compression); | |||
| 4461 | return -1; | |||
| 4462 | } | |||
| 4463 | return 0; | |||
| 4464 | } | |||
| 4465 | #else /* USE_ZLIB_OR_ZLIBNG */ | |||
| 4466 | int | |||
| 4467 | ssl_decompress_record(SslDecompress* decomp _U___attribute__((unused)), const unsigned char* in _U___attribute__((unused)), unsigned inl _U___attribute__((unused)), StringInfo* out_str _U___attribute__((unused)), unsigned* outl _U___attribute__((unused))) | |||
| 4468 | { | |||
| 4469 | ssl_debug_printf("ssl_decompress_record: unsupported compression method %d\n", decomp->compression); | |||
| 4470 | return -1; | |||
| 4471 | } | |||
| 4472 | #endif /* USE_ZLIB_OR_ZLIBNG */ | |||
| 4473 | /* Record Decompression (after decryption) }}} */ | |||
| 4474 | ||||
| 4475 | /* Create a new structure to store decrypted chunks. {{{ */ | |||
| 4476 | static SslFlow* | |||
| 4477 | ssl_create_flow(void) | |||
| 4478 | { | |||
| 4479 | SslFlow *flow; | |||
| 4480 | ||||
| 4481 | flow = wmem_new(wmem_file_scope(), SslFlow)((SslFlow*)wmem_alloc((wmem_file_scope()), sizeof(SslFlow))); | |||
| 4482 | flow->byte_seq = 0; | |||
| 4483 | flow->flags = 0; | |||
| 4484 | flow->multisegment_pdus = wmem_tree_new(wmem_file_scope()); | |||
| 4485 | return flow; | |||
| 4486 | } | |||
| 4487 | /* }}} */ | |||
| 4488 | ||||
| 4489 | /* Use the negotiated security parameters for decryption. {{{ */ | |||
| 4490 | void | |||
| 4491 | ssl_change_cipher(SslDecryptSession *ssl_session, bool_Bool server) | |||
| 4492 | { | |||
| 4493 | SslDecoder **new_decoder = server ? &ssl_session->server_new : &ssl_session->client_new; | |||
| 4494 | SslDecoder **dest = server ? &ssl_session->server : &ssl_session->client; | |||
| 4495 | ssl_debug_printf("ssl_change_cipher %s%s\n", server ? "SERVER" : "CLIENT", | |||
| 4496 | *new_decoder ? "" : " (No decoder found - retransmission?)"); | |||
| 4497 | if (*new_decoder) { | |||
| 4498 | *dest = *new_decoder; | |||
| 4499 | *new_decoder = NULL((void*)0); | |||
| 4500 | } | |||
| 4501 | } | |||
| 4502 | /* }}} */ | |||
| 4503 | ||||
| 4504 | /* Init cipher state given some security parameters. {{{ */ | |||
| 4505 | static bool_Bool | |||
| 4506 | ssl_decoder_destroy_cb(wmem_allocator_t *, wmem_cb_event_t, void *); | |||
| 4507 | ||||
| 4508 | static SslDecoder* | |||
| 4509 | ssl_create_decoder(const SslCipherSuite *cipher_suite, int cipher_algo, | |||
| 4510 | int compression, uint8_t *mk, uint8_t *sk, uint8_t *sn_key, uint8_t *iv, unsigned iv_length) | |||
| 4511 | { | |||
| 4512 | SslDecoder *dec; | |||
| 4513 | ssl_cipher_mode_t mode = cipher_suite->mode; | |||
| 4514 | ||||
| 4515 | dec = wmem_new0(wmem_file_scope(), SslDecoder)((SslDecoder*)wmem_alloc0((wmem_file_scope()), sizeof(SslDecoder ))); | |||
| 4516 | /* init mac buffer: mac storage is embedded into decoder struct to save a | |||
| 4517 | memory allocation and waste samo more memory*/ | |||
| 4518 | dec->cipher_suite=cipher_suite; | |||
| 4519 | dec->compression = compression; | |||
| 4520 | if ((mode == MODE_STREAM && mk != NULL((void*)0)) || mode == MODE_CBC) { | |||
| 4521 | // AEAD ciphers use no MAC key, but stream and block ciphers do. Note | |||
| 4522 | // the special case for NULL ciphers, even if there is insufficiency | |||
| 4523 | // keying material (including MAC key), we will can still create | |||
| 4524 | // decoders since "decryption" is easy for such ciphers. | |||
| 4525 | dec->mac_key.data = dec->_mac_key_or_write_iv; | |||
| 4526 | ssl_data_set(&dec->mac_key, mk, ssl_cipher_suite_dig(cipher_suite)->len); | |||
| 4527 | } else if (mode == MODE_GCM || mode == MODE_CCM || mode == MODE_CCM_8 || mode == MODE_POLY1305) { | |||
| 4528 | // Input for the nonce, to be used with AEAD ciphers. | |||
| 4529 | DISSECTOR_ASSERT(iv_length <= sizeof(dec->_mac_key_or_write_iv))((void) ((iv_length <= sizeof(dec->_mac_key_or_write_iv )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 4529, "iv_length <= sizeof(dec->_mac_key_or_write_iv)" )))); | |||
| 4530 | dec->write_iv.data = dec->_mac_key_or_write_iv; | |||
| 4531 | ssl_data_set(&dec->write_iv, iv, iv_length); | |||
| 4532 | } | |||
| 4533 | dec->seq = 0; | |||
| 4534 | dec->decomp = ssl_create_decompressor(compression); | |||
| 4535 | wmem_register_callback(wmem_file_scope(), ssl_decoder_destroy_cb, dec); | |||
| 4536 | ||||
| 4537 | if (ssl_cipher_init(&dec->evp,cipher_algo,sk,iv,cipher_suite->mode) < 0) { | |||
| 4538 | ssl_debug_printf("%s: can't create cipher id:%d mode:%d\n", G_STRFUNC((const char*) (__func__)), | |||
| 4539 | cipher_algo, cipher_suite->mode); | |||
| 4540 | return NULL((void*)0); | |||
| 4541 | } | |||
| 4542 | ||||
| 4543 | if (cipher_suite->enc != ENC_NULL0x3D && sn_key != NULL((void*)0)) { | |||
| 4544 | if (cipher_suite->enc == ENC_AES0x35 || cipher_suite->enc == ENC_AES2560x36) { | |||
| 4545 | mode = MODE_ECB; | |||
| 4546 | } else if (cipher_suite->enc == ENC_CHACHA200x3A) { | |||
| 4547 | mode = MODE_STREAM; | |||
| 4548 | } else { | |||
| 4549 | ssl_debug_printf("not supported encryption algorithm for DTLSv1.3\n"); | |||
| 4550 | return NULL((void*)0); | |||
| 4551 | } | |||
| 4552 | ||||
| 4553 | if (ssl_cipher_init(&dec->sn_evp, cipher_algo, sn_key, NULL((void*)0), mode) < 0) { | |||
| 4554 | ssl_debug_printf("%s: can't create cipher id:%d mode:%d for seq number decryption\n", G_STRFUNC((const char*) (__func__)), | |||
| 4555 | cipher_algo, MODE_ECB); | |||
| 4556 | ssl_cipher_cleanup(&dec->evp); | |||
| 4557 | dec->evp = NULL((void*)0); | |||
| 4558 | return NULL((void*)0); | |||
| 4559 | } | |||
| 4560 | } else { | |||
| 4561 | dec->sn_evp = NULL((void*)0); | |||
| 4562 | } | |||
| 4563 | ||||
| 4564 | dec->dtls13_aad.data = NULL((void*)0); | |||
| 4565 | dec->dtls13_aad.data_len = 0; | |||
| 4566 | ssl_debug_printf("decoder initialized (digest len %d)\n", ssl_cipher_suite_dig(cipher_suite)->len); | |||
| 4567 | return dec; | |||
| 4568 | } | |||
| 4569 | ||||
| 4570 | static bool_Bool | |||
| 4571 | ssl_decoder_destroy_cb(wmem_allocator_t *allocator _U___attribute__((unused)), wmem_cb_event_t event _U___attribute__((unused)), void *user_data) | |||
| 4572 | { | |||
| 4573 | SslDecoder *dec = (SslDecoder *) user_data; | |||
| 4574 | ||||
| 4575 | if (dec->evp) | |||
| 4576 | ssl_cipher_cleanup(&dec->evp); | |||
| 4577 | if (dec->sn_evp) | |||
| 4578 | ssl_cipher_cleanup(&dec->sn_evp); | |||
| 4579 | ||||
| 4580 | #ifdef USE_ZLIB_OR_ZLIBNG | |||
| 4581 | if (dec->decomp != NULL((void*)0) && dec->decomp->compression == 1 /* DEFLATE */) | |||
| 4582 | ZLIB_PREFIX(inflateEnd)inflateEnd(&dec->decomp->istream); | |||
| 4583 | #endif | |||
| 4584 | ||||
| 4585 | return false0; | |||
| 4586 | } | |||
| 4587 | /* }}} */ | |||
| 4588 | ||||
| 4589 | /* (Pre-)master secrets calculations {{{ */ | |||
| 4590 | #ifdef HAVE_LIBGNUTLS1 | |||
| 4591 | static bool_Bool | |||
| 4592 | ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session, | |||
| 4593 | StringInfo *encrypted_pre_master, | |||
| 4594 | GHashTable *key_hash); | |||
| 4595 | #endif /* HAVE_LIBGNUTLS */ | |||
| 4596 | ||||
| 4597 | static bool_Bool | |||
| 4598 | ssl_restore_master_key(SslDecryptSession *ssl, const char *label, | |||
| 4599 | bool_Bool is_pre_master, GHashTable *ht, StringInfo *key); | |||
| 4600 | ||||
| 4601 | bool_Bool | |||
| 4602 | ssl_generate_pre_master_secret(SslDecryptSession *ssl_session, | |||
| 4603 | uint32_t length, tvbuff_t *tvb, uint32_t offset, | |||
| 4604 | const char *ssl_psk, packet_info *pinfo, | |||
| 4605 | #ifdef HAVE_LIBGNUTLS1 | |||
| 4606 | GHashTable *key_hash, | |||
| 4607 | #endif | |||
| 4608 | const ssl_master_key_map_t *mk_map) | |||
| 4609 | { | |||
| 4610 | /* check for required session data */ | |||
| 4611 | ssl_debug_printf("%s: found SSL_HND_CLIENT_KEY_EXCHG, state %X\n", | |||
| 4612 | G_STRFUNC((const char*) (__func__)), ssl_session->state); | |||
| 4613 | if ((ssl_session->state & (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))) != | |||
| 4614 | (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))) { | |||
| 4615 | ssl_debug_printf("%s: not enough data to generate key (required state %X)\n", G_STRFUNC((const char*) (__func__)), | |||
| 4616 | (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))); | |||
| 4617 | return false0; | |||
| 4618 | } | |||
| 4619 | ||||
| 4620 | if (ssl_session->session.version == TLSV1DOT3_VERSION0x304) { | |||
| 4621 | ssl_debug_printf("%s: detected TLS 1.3 which has no pre-master secrets\n", G_STRFUNC((const char*) (__func__))); | |||
| 4622 | return false0; | |||
| 4623 | } | |||
| 4624 | ||||
| 4625 | /* check to see if the PMS was provided to us*/ | |||
| 4626 | if (ssl_restore_master_key(ssl_session, "Unencrypted pre-master secret", true1, | |||
| 4627 | mk_map->pms, &ssl_session->client_random)) { | |||
| 4628 | return true1; | |||
| 4629 | } | |||
| 4630 | ||||
| 4631 | if (ssl_session->cipher_suite->kex == KEX_PSK0x1d) | |||
| 4632 | { | |||
| 4633 | /* calculate pre master secret*/ | |||
| 4634 | StringInfo pre_master_secret; | |||
| 4635 | unsigned psk_len, pre_master_len; | |||
| 4636 | ||||
| 4637 | if (!ssl_psk || (ssl_psk[0] == 0)) { | |||
| 4638 | ssl_debug_printf("%s: can't find pre-shared key\n", G_STRFUNC((const char*) (__func__))); | |||
| 4639 | return false0; | |||
| 4640 | } | |||
| 4641 | ||||
| 4642 | /* convert hex string into char*/ | |||
| 4643 | if (!from_hex(&ssl_session->psk, ssl_psk, strlen(ssl_psk))) { | |||
| 4644 | ssl_debug_printf("%s: ssl.psk/dtls.psk contains invalid hex\n", | |||
| 4645 | G_STRFUNC((const char*) (__func__))); | |||
| 4646 | return false0; | |||
| 4647 | } | |||
| 4648 | ||||
| 4649 | psk_len = ssl_session->psk.data_len; | |||
| 4650 | if (psk_len >= (2 << 15)) { | |||
| 4651 | ssl_debug_printf("%s: ssl.psk/dtls.psk must not be larger than 2^15 - 1\n", | |||
| 4652 | G_STRFUNC((const char*) (__func__))); | |||
| 4653 | return false0; | |||
| 4654 | } | |||
| 4655 | ||||
| 4656 | ||||
| 4657 | pre_master_len = psk_len * 2 + 4; | |||
| 4658 | ||||
| 4659 | pre_master_secret.data = (unsigned char *)wmem_alloc(wmem_file_scope(), pre_master_len); | |||
| 4660 | pre_master_secret.data_len = pre_master_len; | |||
| 4661 | /* 2 bytes psk_len*/ | |||
| 4662 | pre_master_secret.data[0] = psk_len >> 8; | |||
| 4663 | pre_master_secret.data[1] = psk_len & 0xFF; | |||
| 4664 | /* psk_len bytes times 0*/ | |||
| 4665 | memset(&pre_master_secret.data[2], 0, psk_len); | |||
| 4666 | /* 2 bytes psk_len*/ | |||
| 4667 | pre_master_secret.data[psk_len + 2] = psk_len >> 8; | |||
| 4668 | pre_master_secret.data[psk_len + 3] = psk_len & 0xFF; | |||
| 4669 | /* psk*/ | |||
| 4670 | memcpy(&pre_master_secret.data[psk_len + 4], ssl_session->psk.data, psk_len); | |||
| 4671 | ||||
| 4672 | ssl_session->pre_master_secret.data = pre_master_secret.data; | |||
| 4673 | ssl_session->pre_master_secret.data_len = pre_master_len; | |||
| 4674 | /*ssl_debug_printf("pre master secret",&ssl->pre_master_secret);*/ | |||
| 4675 | ||||
| 4676 | /* Remove the master secret if it was there. | |||
| 4677 | This forces keying material regeneration in | |||
| 4678 | case we're renegotiating */ | |||
| 4679 | ssl_session->state &= ~(SSL_MASTER_SECRET(1<<5)|SSL_HAVE_SESSION_KEY(1<<3)); | |||
| 4680 | ssl_session->state |= SSL_PRE_MASTER_SECRET(1<<6); | |||
| 4681 | return true1; | |||
| 4682 | } | |||
| 4683 | else | |||
| 4684 | { | |||
| 4685 | unsigned encrlen, skip; | |||
| 4686 | encrlen = length; | |||
| 4687 | skip = 0; | |||
| 4688 | ||||
| 4689 | /* get encrypted data, on tls1 we have to skip two bytes | |||
| 4690 | * (it's the encrypted len and should be equal to record len - 2) | |||
| 4691 | * in case of rsa1024 that would be 128 + 2 = 130; for psk not necessary | |||
| 4692 | */ | |||
| 4693 | if (ssl_session->cipher_suite->kex == KEX_RSA0x1e && | |||
| 4694 | (ssl_session->session.version == TLSV1_VERSION0x301 || | |||
| 4695 | ssl_session->session.version == TLSV1DOT1_VERSION0x302 || | |||
| 4696 | ssl_session->session.version == TLSV1DOT2_VERSION0x303 || | |||
| 4697 | ssl_session->session.version == DTLSV1DOT0_VERSION0xfeff || | |||
| 4698 | ssl_session->session.version == DTLSV1DOT2_VERSION0xfefd || | |||
| 4699 | ssl_session->session.version == TLCPV1_VERSION0x101 )) | |||
| 4700 | { | |||
| 4701 | encrlen = tvb_get_ntohs(tvb, offset); | |||
| 4702 | skip = 2; | |||
| 4703 | if (encrlen > length - 2) | |||
| 4704 | { | |||
| 4705 | ssl_debug_printf("%s: wrong encrypted length (%d max %d)\n", | |||
| 4706 | G_STRFUNC((const char*) (__func__)), encrlen, length); | |||
| 4707 | return false0; | |||
| 4708 | } | |||
| 4709 | } | |||
| 4710 | /* the valid lower bound is higher than 8, but it is sufficient for the | |||
| 4711 | * ssl keylog file below */ | |||
| 4712 | if (encrlen < 8) { | |||
| 4713 | ssl_debug_printf("%s: invalid encrypted pre-master key length %d\n", | |||
| 4714 | G_STRFUNC((const char*) (__func__)), encrlen); | |||
| 4715 | return false0; | |||
| 4716 | } | |||
| 4717 | ||||
| 4718 | StringInfo encrypted_pre_master = { | |||
| 4719 | .data = (unsigned char *)tvb_memdup(pinfo->pool, tvb, offset + skip, encrlen), | |||
| 4720 | .data_len = encrlen, | |||
| 4721 | }; | |||
| 4722 | ||||
| 4723 | #ifdef HAVE_LIBGNUTLS1 | |||
| 4724 | /* Try to lookup an appropriate RSA private key to decrypt the Encrypted Pre-Master Secret. */ | |||
| 4725 | if (ssl_session->cert_key_id) { | |||
| 4726 | if (ssl_decrypt_pre_master_secret(ssl_session, &encrypted_pre_master, key_hash)) | |||
| 4727 | return true1; | |||
| 4728 | ||||
| 4729 | ssl_debug_printf("%s: can't decrypt pre-master secret\n", | |||
| 4730 | G_STRFUNC((const char*) (__func__))); | |||
| 4731 | } | |||
| 4732 | #endif /* HAVE_LIBGNUTLS */ | |||
| 4733 | ||||
| 4734 | /* try to find the pre-master secret from the encrypted one. The | |||
| 4735 | * ssl key logfile stores only the first 8 bytes, so truncate it */ | |||
| 4736 | encrypted_pre_master.data_len = 8; | |||
| 4737 | if (ssl_restore_master_key(ssl_session, "Encrypted pre-master secret", | |||
| 4738 | true1, mk_map->pre_master, &encrypted_pre_master)) | |||
| 4739 | return true1; | |||
| 4740 | } | |||
| 4741 | return false0; | |||
| 4742 | } | |||
| 4743 | ||||
| 4744 | /* Used for (D)TLS 1.2 and earlier versions (not with TLS 1.3). */ | |||
| 4745 | int | |||
| 4746 | ssl_generate_keyring_material(SslDecryptSession*ssl_session) | |||
| 4747 | { | |||
| 4748 | StringInfo key_block = { NULL((void*)0), 0 }; | |||
| 4749 | uint8_t _iv_c[MAX_BLOCK_SIZE16],_iv_s[MAX_BLOCK_SIZE16]; | |||
| 4750 | uint8_t _key_c[MAX_KEY_SIZE32],_key_s[MAX_KEY_SIZE32]; | |||
| 4751 | int needed; | |||
| 4752 | int cipher_algo = -1; /* special value (-1) for NULL encryption */ | |||
| 4753 | unsigned encr_key_len, write_iv_len = 0; | |||
| 4754 | bool_Bool is_export_cipher; | |||
| 4755 | uint8_t *ptr, *c_iv = NULL((void*)0), *s_iv = NULL((void*)0); | |||
| 4756 | uint8_t *c_wk = NULL((void*)0), *s_wk = NULL((void*)0), *c_mk = NULL((void*)0), *s_mk = NULL((void*)0); | |||
| 4757 | const SslCipherSuite *cipher_suite = ssl_session->cipher_suite; | |||
| 4758 | ||||
| 4759 | /* (D)TLS 1.3 is handled directly in tls13_change_key. */ | |||
| 4760 | if (ssl_session->session.version
| |||
| 4761 | ssl_debug_printf("%s: detected TLS 1.3. Should not have been called!\n", G_STRFUNC((const char*) (__func__))); | |||
| 4762 | return -1; | |||
| 4763 | } | |||
| 4764 | ||||
| 4765 | /* check for enough info to proceed */ | |||
| 4766 | unsigned need_all = SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4); | |||
| 4767 | unsigned need_any = SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6); | |||
| 4768 | if (((ssl_session->state & need_all) != need_all) || ((ssl_session->state & need_any) == 0)) { | |||
| 4769 | ssl_debug_printf("ssl_generate_keyring_material not enough data to generate key " | |||
| 4770 | "(0x%02X required 0x%02X or 0x%02X)\n", ssl_session->state, | |||
| 4771 | need_all|SSL_MASTER_SECRET(1<<5), need_all|SSL_PRE_MASTER_SECRET(1<<6)); | |||
| 4772 | /* Special case: for NULL encryption, allow dissection of data even if | |||
| 4773 | * the Client Hello is missing (MAC keys are now skipped though). */ | |||
| 4774 | need_all = SSL_CIPHER(1<<2)|SSL_VERSION(1<<4); | |||
| 4775 | if ((ssl_session->state & need_all) == need_all && | |||
| 4776 | cipher_suite->enc == ENC_NULL0x3D) { | |||
| 4777 | ssl_debug_printf("%s NULL cipher found, will create a decoder but " | |||
| 4778 | "skip MAC validation as keys are missing.\n", G_STRFUNC((const char*) (__func__))); | |||
| 4779 | goto create_decoders; | |||
| 4780 | } | |||
| 4781 | ||||
| 4782 | return -1; | |||
| 4783 | } | |||
| 4784 | ||||
| 4785 | /* if master key is not available, generate is from the pre-master secret */ | |||
| 4786 | if (!(ssl_session->state & SSL_MASTER_SECRET(1<<5))) { | |||
| 4787 | if ((ssl_session->state & SSL_EXTENDED_MASTER_SECRET_MASK((1<<7)|(1<<8))) == SSL_EXTENDED_MASTER_SECRET_MASK((1<<7)|(1<<8))) { | |||
| 4788 | StringInfo handshake_hashed_data; | |||
| 4789 | int ret; | |||
| 4790 | ||||
| 4791 | handshake_hashed_data.data = NULL((void*)0); | |||
| 4792 | handshake_hashed_data.data_len = 0; | |||
| 4793 | ||||
| 4794 | ssl_debug_printf("%s:PRF(pre_master_secret_extended)\n", G_STRFUNC((const char*) (__func__))); | |||
| 4795 | ssl_print_string("pre master secret",&ssl_session->pre_master_secret); | |||
| 4796 | DISSECTOR_ASSERT(ssl_session->handshake_data.data_len > 0)((void) ((ssl_session->handshake_data.data_len > 0) ? ( void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 4796, "ssl_session->handshake_data.data_len > 0" )))); | |||
| 4797 | ||||
| 4798 | switch(ssl_session->session.version) { | |||
| 4799 | case TLSV1_VERSION0x301: | |||
| 4800 | case TLSV1DOT1_VERSION0x302: | |||
| 4801 | case DTLSV1DOT0_VERSION0xfeff: | |||
| 4802 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | |||
| 4803 | case TLCPV1_VERSION0x101: | |||
| 4804 | ret = tls_handshake_hash(ssl_session, &handshake_hashed_data); | |||
| 4805 | break; | |||
| 4806 | default: | |||
| 4807 | switch (cipher_suite->dig) { | |||
| 4808 | case DIG_SHA3840x43: | |||
| 4809 | ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA384, &handshake_hashed_data); | |||
| 4810 | break; | |||
| 4811 | default: | |||
| 4812 | ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA256, &handshake_hashed_data); | |||
| 4813 | break; | |||
| 4814 | } | |||
| 4815 | break; | |||
| 4816 | } | |||
| 4817 | if (ret
| |||
| 4818 | ssl_debug_printf("%s can't generate handshake hash\n", G_STRFUNC((const char*) (__func__))); | |||
| ||||
| 4819 | return -1; | |||
| 4820 | } | |||
| 4821 | ||||
| 4822 | wmem_free(wmem_file_scope(), ssl_session->handshake_data.data); | |||
| 4823 | ssl_session->handshake_data.data = NULL((void*)0); | |||
| 4824 | ssl_session->handshake_data.data_len = 0; | |||
| 4825 | ||||
| 4826 | if (!prf(ssl_session, &ssl_session->pre_master_secret, "extended master secret", | |||
| 4827 | &handshake_hashed_data, | |||
| 4828 | NULL((void*)0), &ssl_session->master_secret, | |||
| 4829 | SSL_MASTER_SECRET_LENGTH48)) { | |||
| 4830 | ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC((const char*) (__func__))); | |||
| 4831 | g_free(handshake_hashed_data.data); | |||
| 4832 | return -1; | |||
| 4833 | } | |||
| 4834 | g_free(handshake_hashed_data.data); | |||
| 4835 | } else { | |||
| 4836 | ssl_debug_printf("%s:PRF(pre_master_secret)\n", G_STRFUNC((const char*) (__func__))); | |||
| 4837 | ssl_print_string("pre master secret",&ssl_session->pre_master_secret); | |||
| 4838 | ssl_print_string("client random",&ssl_session->client_random); | |||
| 4839 | ssl_print_string("server random",&ssl_session->server_random); | |||
| 4840 | if (!prf(ssl_session, &ssl_session->pre_master_secret, "master secret", | |||
| 4841 | &ssl_session->client_random, | |||
| 4842 | &ssl_session->server_random, &ssl_session->master_secret, | |||
| 4843 | SSL_MASTER_SECRET_LENGTH48)) { | |||
| 4844 | ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC((const char*) (__func__))); | |||
| 4845 | return -1; | |||
| 4846 | } | |||
| 4847 | } | |||
| 4848 | ssl_print_string("master secret",&ssl_session->master_secret); | |||
| 4849 | ||||
| 4850 | /* the pre-master secret has been 'consumed' so we must clear it now */ | |||
| 4851 | ssl_session->state &= ~SSL_PRE_MASTER_SECRET(1<<6); | |||
| 4852 | ssl_session->state |= SSL_MASTER_SECRET(1<<5); | |||
| 4853 | } | |||
| 4854 | ||||
| 4855 | /* Find the Libgcrypt cipher algorithm for the given SSL cipher suite ID */ | |||
| 4856 | if (cipher_suite->enc != ENC_NULL0x3D) { | |||
| 4857 | const char *cipher_name = ciphers[cipher_suite->enc-ENC_START0x30]; | |||
| 4858 | ssl_debug_printf("%s CIPHER: %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | |||
| 4859 | cipher_algo = ssl_get_cipher_by_name(cipher_name); | |||
| 4860 | if (cipher_algo == 0) { | |||
| 4861 | ssl_debug_printf("%s can't find cipher %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | |||
| 4862 | return -1; | |||
| 4863 | } | |||
| 4864 | } | |||
| 4865 | ||||
| 4866 | /* Export ciphers consume less material from the key block. */ | |||
| 4867 | encr_key_len = ssl_get_cipher_export_keymat_size(cipher_suite->number); | |||
| 4868 | is_export_cipher = encr_key_len > 0; | |||
| 4869 | if (!is_export_cipher && cipher_suite->enc != ENC_NULL0x3D) { | |||
| 4870 | encr_key_len = (unsigned)gcry_cipher_get_algo_keylen(cipher_algo); | |||
| 4871 | } | |||
| 4872 | ||||
| 4873 | if (cipher_suite->mode == MODE_CBC) { | |||
| 4874 | write_iv_len = (unsigned)gcry_cipher_get_algo_blklen(cipher_algo); | |||
| 4875 | } else if (cipher_suite->mode == MODE_GCM || cipher_suite->mode == MODE_CCM || cipher_suite->mode == MODE_CCM_8) { | |||
| 4876 | /* account for a four-byte salt for client and server side (from | |||
| 4877 | * client_write_IV and server_write_IV), see GCMNonce (RFC 5288) */ | |||
| 4878 | write_iv_len = 4; | |||
| 4879 | } else if (cipher_suite->mode == MODE_POLY1305) { | |||
| 4880 | /* RFC 7905: SecurityParameters.fixed_iv_length is twelve bytes */ | |||
| 4881 | write_iv_len = 12; | |||
| 4882 | } | |||
| 4883 | ||||
| 4884 | /* Compute the key block. First figure out how much data we need */ | |||
| 4885 | needed = ssl_cipher_suite_dig(cipher_suite)->len*2; /* MAC key */ | |||
| 4886 | needed += 2 * encr_key_len; /* encryption key */ | |||
| 4887 | needed += 2 * write_iv_len; /* write IV */ | |||
| 4888 | ||||
| 4889 | key_block.data = (unsigned char *)g_malloc(needed); | |||
| 4890 | ssl_debug_printf("%s sess key generation\n", G_STRFUNC((const char*) (__func__))); | |||
| 4891 | if (!prf(ssl_session, &ssl_session->master_secret, "key expansion", | |||
| 4892 | &ssl_session->server_random,&ssl_session->client_random, | |||
| 4893 | &key_block, needed)) { | |||
| 4894 | ssl_debug_printf("%s can't generate key_block\n", G_STRFUNC((const char*) (__func__))); | |||
| 4895 | goto fail; | |||
| 4896 | } | |||
| 4897 | ssl_print_string("key expansion", &key_block); | |||
| 4898 | ||||
| 4899 | ptr=key_block.data; | |||
| 4900 | /* client/server write MAC key (for non-AEAD ciphers) */ | |||
| 4901 | if (cipher_suite->mode == MODE_STREAM || cipher_suite->mode == MODE_CBC) { | |||
| 4902 | c_mk=ptr; ptr+=ssl_cipher_suite_dig(cipher_suite)->len; | |||
| 4903 | s_mk=ptr; ptr+=ssl_cipher_suite_dig(cipher_suite)->len; | |||
| 4904 | } | |||
| 4905 | /* client/server write encryption key */ | |||
| 4906 | c_wk=ptr; ptr += encr_key_len; | |||
| 4907 | s_wk=ptr; ptr += encr_key_len; | |||
| 4908 | /* client/server write IV (used as IV (for CBC) or salt (for AEAD)) */ | |||
| 4909 | if (write_iv_len > 0) { | |||
| 4910 | c_iv=ptr; ptr += write_iv_len; | |||
| 4911 | s_iv=ptr; /* ptr += write_iv_len; */ | |||
| 4912 | } | |||
| 4913 | ||||
| 4914 | /* export ciphers work with a smaller key length */ | |||
| 4915 | if (is_export_cipher) { | |||
| 4916 | if (cipher_suite->mode == MODE_CBC) { | |||
| 4917 | ||||
| 4918 | /* We only have room for MAX_BLOCK_SIZE bytes IVs, but that's | |||
| 4919 | all we should need. This is a sanity check */ | |||
| 4920 | if (write_iv_len > MAX_BLOCK_SIZE16) { | |||
| 4921 | ssl_debug_printf("%s cipher suite block must be at most %d nut is %d\n", | |||
| 4922 | G_STRFUNC((const char*) (__func__)), MAX_BLOCK_SIZE16, write_iv_len); | |||
| 4923 | goto fail; | |||
| 4924 | } | |||
| 4925 | ||||
| 4926 | if(ssl_session->session.version==SSLV3_VERSION0x300){ | |||
| 4927 | /* The length of these fields are ignored by this caller */ | |||
| 4928 | StringInfo iv_c, iv_s; | |||
| 4929 | iv_c.data = _iv_c; | |||
| 4930 | iv_s.data = _iv_s; | |||
| 4931 | ||||
| 4932 | ssl_debug_printf("%s ssl3_generate_export_iv\n", G_STRFUNC((const char*) (__func__))); | |||
| 4933 | if (!ssl3_generate_export_iv(&ssl_session->client_random, | |||
| 4934 | &ssl_session->server_random, &iv_c, write_iv_len)) { | |||
| 4935 | goto fail; | |||
| 4936 | } | |||
| 4937 | ssl_debug_printf("%s ssl3_generate_export_iv(2)\n", G_STRFUNC((const char*) (__func__))); | |||
| 4938 | if (!ssl3_generate_export_iv(&ssl_session->server_random, | |||
| 4939 | &ssl_session->client_random, &iv_s, write_iv_len)) { | |||
| 4940 | goto fail; | |||
| 4941 | } | |||
| 4942 | } | |||
| 4943 | else{ | |||
| 4944 | uint8_t _iv_block[MAX_BLOCK_SIZE16 * 2]; | |||
| 4945 | StringInfo iv_block; | |||
| 4946 | StringInfo key_null; | |||
| 4947 | uint8_t _key_null; | |||
| 4948 | ||||
| 4949 | key_null.data = &_key_null; | |||
| 4950 | key_null.data_len = 0; | |||
| 4951 | ||||
| 4952 | iv_block.data = _iv_block; | |||
| 4953 | ||||
| 4954 | ssl_debug_printf("%s prf(iv_block)\n", G_STRFUNC((const char*) (__func__))); | |||
| 4955 | if (!prf(ssl_session, &key_null, "IV block", | |||
| 4956 | &ssl_session->client_random, | |||
| 4957 | &ssl_session->server_random, &iv_block, | |||
| 4958 | write_iv_len * 2)) { | |||
| 4959 | ssl_debug_printf("%s can't generate tls31 iv block\n", G_STRFUNC((const char*) (__func__))); | |||
| 4960 | goto fail; | |||
| 4961 | } | |||
| 4962 | ||||
| 4963 | memcpy(_iv_c, iv_block.data, write_iv_len); | |||
| 4964 | memcpy(_iv_s, iv_block.data + write_iv_len, write_iv_len); | |||
| 4965 | } | |||
| 4966 | ||||
| 4967 | c_iv=_iv_c; | |||
| 4968 | s_iv=_iv_s; | |||
| 4969 | } | |||
| 4970 | ||||
| 4971 | if (ssl_session->session.version==SSLV3_VERSION0x300){ | |||
| 4972 | ||||
| 4973 | SSL_MD5_CTXgcry_md_hd_t md5; | |||
| 4974 | ssl_debug_printf("%s MD5(client_random)\n", G_STRFUNC((const char*) (__func__))); | |||
| 4975 | ||||
| 4976 | if (ssl_md5_init(&md5) != 0) | |||
| 4977 | goto fail; | |||
| 4978 | ssl_md5_update(&md5,c_wk,encr_key_len); | |||
| 4979 | ssl_md5_update(&md5,ssl_session->client_random.data, | |||
| 4980 | ssl_session->client_random.data_len); | |||
| 4981 | ssl_md5_update(&md5,ssl_session->server_random.data, | |||
| 4982 | ssl_session->server_random.data_len); | |||
| 4983 | ssl_md5_final(_key_c,&md5); | |||
| 4984 | ssl_md5_cleanup(&md5); | |||
| 4985 | c_wk=_key_c; | |||
| 4986 | ||||
| 4987 | if (ssl_md5_init(&md5) != 0) | |||
| 4988 | goto fail; | |||
| 4989 | ssl_debug_printf("%s MD5(server_random)\n", G_STRFUNC((const char*) (__func__))); | |||
| 4990 | ssl_md5_update(&md5,s_wk,encr_key_len); | |||
| 4991 | ssl_md5_update(&md5,ssl_session->server_random.data, | |||
| 4992 | ssl_session->server_random.data_len); | |||
| 4993 | ssl_md5_update(&md5,ssl_session->client_random.data, | |||
| 4994 | ssl_session->client_random.data_len); | |||
| 4995 | ssl_md5_final(_key_s,&md5); | |||
| 4996 | ssl_md5_cleanup(&md5); | |||
| 4997 | s_wk=_key_s; | |||
| 4998 | } | |||
| 4999 | else{ | |||
| 5000 | StringInfo key_c, key_s, k; | |||
| 5001 | key_c.data = _key_c; | |||
| 5002 | key_s.data = _key_s; | |||
| 5003 | ||||
| 5004 | k.data = c_wk; | |||
| 5005 | k.data_len = encr_key_len; | |||
| 5006 | ssl_debug_printf("%s PRF(key_c)\n", G_STRFUNC((const char*) (__func__))); | |||
| 5007 | if (!prf(ssl_session, &k, "client write key", | |||
| 5008 | &ssl_session->client_random, | |||
| 5009 | &ssl_session->server_random, &key_c, sizeof(_key_c))) { | |||
| 5010 | ssl_debug_printf("%s can't generate tll31 server key \n", G_STRFUNC((const char*) (__func__))); | |||
| 5011 | goto fail; | |||
| 5012 | } | |||
| 5013 | c_wk=_key_c; | |||
| 5014 | ||||
| 5015 | k.data = s_wk; | |||
| 5016 | k.data_len = encr_key_len; | |||
| 5017 | ssl_debug_printf("%s PRF(key_s)\n", G_STRFUNC((const char*) (__func__))); | |||
| 5018 | if (!prf(ssl_session, &k, "server write key", | |||
| 5019 | &ssl_session->client_random, | |||
| 5020 | &ssl_session->server_random, &key_s, sizeof(_key_s))) { | |||
| 5021 | ssl_debug_printf("%s can't generate tll31 client key \n", G_STRFUNC((const char*) (__func__))); | |||
| 5022 | goto fail; | |||
| 5023 | } | |||
| 5024 | s_wk=_key_s; | |||
| 5025 | } | |||
| 5026 | } | |||
| 5027 | ||||
| 5028 | /* show key material info */ | |||
| 5029 | if (c_mk != NULL((void*)0)) { | |||
| 5030 | ssl_print_data("Client MAC key",c_mk,ssl_cipher_suite_dig(cipher_suite)->len); | |||
| 5031 | ssl_print_data("Server MAC key",s_mk,ssl_cipher_suite_dig(cipher_suite)->len); | |||
| 5032 | } | |||
| 5033 | ssl_print_data("Client Write key", c_wk, encr_key_len); | |||
| 5034 | ssl_print_data("Server Write key", s_wk, encr_key_len); | |||
| 5035 | /* used as IV for CBC mode and the AEAD implicit nonce (salt) */ | |||
| 5036 | if (write_iv_len > 0) { | |||
| 5037 | ssl_print_data("Client Write IV", c_iv, write_iv_len); | |||
| 5038 | ssl_print_data("Server Write IV", s_iv, write_iv_len); | |||
| 5039 | } | |||
| 5040 | ||||
| 5041 | create_decoders: | |||
| 5042 | /* create both client and server ciphers*/ | |||
| 5043 | ssl_debug_printf("%s ssl_create_decoder(client)\n", G_STRFUNC((const char*) (__func__))); | |||
| 5044 | ssl_session->client_new = ssl_create_decoder(cipher_suite, cipher_algo, ssl_session->session.compression, c_mk, c_wk, NULL((void*)0), c_iv, write_iv_len); | |||
| 5045 | if (!ssl_session->client_new) { | |||
| 5046 | ssl_debug_printf("%s can't init client decoder\n", G_STRFUNC((const char*) (__func__))); | |||
| 5047 | goto fail; | |||
| 5048 | } | |||
| 5049 | ssl_debug_printf("%s ssl_create_decoder(server)\n", G_STRFUNC((const char*) (__func__))); | |||
| 5050 | ssl_session->server_new = ssl_create_decoder(cipher_suite, cipher_algo, ssl_session->session.compression, s_mk, s_wk, NULL((void*)0), s_iv, write_iv_len); | |||
| 5051 | if (!ssl_session->server_new) { | |||
| 5052 | ssl_debug_printf("%s can't init server decoder\n", G_STRFUNC((const char*) (__func__))); | |||
| 5053 | goto fail; | |||
| 5054 | } | |||
| 5055 | ||||
| 5056 | /* Continue the SSL stream after renegotiation with new keys. */ | |||
| 5057 | ssl_session->client_new->flow = ssl_session->client ? ssl_session->client->flow : ssl_create_flow(); | |||
| 5058 | ssl_session->server_new->flow = ssl_session->server ? ssl_session->server->flow : ssl_create_flow(); | |||
| 5059 | ||||
| 5060 | ssl_debug_printf("%s: client seq %" PRIu64"l" "u" ", server seq %" PRIu64"l" "u" "\n", | |||
| 5061 | G_STRFUNC((const char*) (__func__)), ssl_session->client_new->seq, ssl_session->server_new->seq); | |||
| 5062 | g_free(key_block.data); | |||
| 5063 | ssl_session->state |= SSL_HAVE_SESSION_KEY(1<<3); | |||
| 5064 | return 0; | |||
| 5065 | ||||
| 5066 | fail: | |||
| 5067 | g_free(key_block.data); | |||
| 5068 | return -1; | |||
| 5069 | } | |||
| 5070 | ||||
| 5071 | /* Generated the key material based on the given secret. */ | |||
| 5072 | bool_Bool | |||
| 5073 | tls13_generate_keys(SslDecryptSession *ssl_session, const StringInfo *secret, bool_Bool is_from_server) | |||
| 5074 | { | |||
| 5075 | bool_Bool success = false0; | |||
| 5076 | unsigned char *write_key = NULL((void*)0), *write_iv = NULL((void*)0); | |||
| 5077 | unsigned char *sn_key = NULL((void*)0); | |||
| 5078 | SslDecoder *decoder; | |||
| 5079 | unsigned key_length, iv_length; | |||
| 5080 | int hash_algo; | |||
| 5081 | const SslCipherSuite *cipher_suite = ssl_session->cipher_suite; | |||
| 5082 | int cipher_algo; | |||
| 5083 | ||||
| 5084 | if ((ssl_session->session.version != TLSV1DOT3_VERSION0x304) && (ssl_session->session.version != DTLSV1DOT3_VERSION0xfefc)) { | |||
| 5085 | ssl_debug_printf("%s only usable for TLS 1.3, not %#x!\n", G_STRFUNC((const char*) (__func__)), | |||
| 5086 | ssl_session->session.version); | |||
| 5087 | return false0; | |||
| 5088 | } | |||
| 5089 | ||||
| 5090 | if (cipher_suite == NULL((void*)0)) { | |||
| 5091 | ssl_debug_printf("%s Unknown cipher\n", G_STRFUNC((const char*) (__func__))); | |||
| 5092 | return false0; | |||
| 5093 | } | |||
| 5094 | ||||
| 5095 | if (cipher_suite->kex != KEX_TLS130x23) { | |||
| 5096 | ssl_debug_printf("%s Invalid cipher suite 0x%04x spotted!\n", G_STRFUNC((const char*) (__func__)), cipher_suite->number); | |||
| 5097 | return false0; | |||
| 5098 | } | |||
| 5099 | ||||
| 5100 | /* Find the Libgcrypt cipher algorithm for the given SSL cipher suite ID */ | |||
| 5101 | const char *cipher_name = ciphers[cipher_suite->enc-ENC_START0x30]; | |||
| 5102 | ssl_debug_printf("%s CIPHER: %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | |||
| 5103 | cipher_algo = ssl_get_cipher_by_name(cipher_name); | |||
| 5104 | if (cipher_algo == 0) { | |||
| 5105 | ssl_debug_printf("%s can't find cipher %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | |||
| 5106 | return false0; | |||
| 5107 | } | |||
| 5108 | ||||
| 5109 | const char *hash_name = ssl_cipher_suite_dig(cipher_suite)->name; | |||
| 5110 | hash_algo = ssl_get_digest_by_name(hash_name); | |||
| 5111 | if (!hash_algo) { | |||
| 5112 | ssl_debug_printf("%s can't find hash function %s\n", G_STRFUNC((const char*) (__func__)), hash_name); | |||
| 5113 | return false0; | |||
| 5114 | } | |||
| 5115 | ||||
| 5116 | key_length = (unsigned) gcry_cipher_get_algo_keylen(cipher_algo); | |||
| 5117 | /* AES-GCM/AES-CCM/Poly1305-ChaCha20 all have N_MIN=N_MAX = 12. */ | |||
| 5118 | iv_length = 12; | |||
| 5119 | ssl_debug_printf("%s key_length %u iv_length %u\n", G_STRFUNC((const char*) (__func__)), key_length, iv_length); | |||
| 5120 | ||||
| 5121 | const char *label_prefix = tls13_hkdf_label_prefix(ssl_session); | |||
| 5122 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "key", key_length, &write_key)) { | |||
| 5123 | ssl_debug_printf("%s write_key expansion failed\n", G_STRFUNC((const char*) (__func__))); | |||
| 5124 | return false0; | |||
| 5125 | } | |||
| 5126 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "iv", iv_length, &write_iv)) { | |||
| 5127 | ssl_debug_printf("%s write_iv expansion failed\n", G_STRFUNC((const char*) (__func__))); | |||
| 5128 | goto end; | |||
| 5129 | } | |||
| 5130 | ||||
| 5131 | if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { | |||
| 5132 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "sn", key_length, &sn_key)) { | |||
| 5133 | ssl_debug_printf("%s sn_key expansion failed\n", G_STRFUNC((const char*) (__func__))); | |||
| 5134 | goto end; | |||
| 5135 | } | |||
| 5136 | } | |||
| 5137 | ||||
| 5138 | ssl_print_data(is_from_server ? "Server Write Key" : "Client Write Key", write_key, key_length); | |||
| 5139 | ssl_print_data(is_from_server ? "Server Write IV" : "Client Write IV", write_iv, iv_length); | |||
| 5140 | if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { | |||
| 5141 | ssl_print_data(is_from_server ? "Server Write SN" : "Client Write SN", sn_key, key_length); | |||
| 5142 | } | |||
| 5143 | ||||
| 5144 | ssl_debug_printf("%s ssl_create_decoder(%s)\n", G_STRFUNC((const char*) (__func__)), is_from_server ? "server" : "client"); | |||
| 5145 | decoder = ssl_create_decoder(cipher_suite, cipher_algo, 0, NULL((void*)0), write_key, sn_key, write_iv, iv_length); | |||
| 5146 | if (!decoder) { | |||
| 5147 | ssl_debug_printf("%s can't init %s decoder\n", G_STRFUNC((const char*) (__func__)), is_from_server ? "server" : "client"); | |||
| 5148 | goto end; | |||
| 5149 | } | |||
| 5150 | ||||
| 5151 | /* Continue the TLS session with new keys, but reuse old flow to keep things | |||
| 5152 | * like "Follow TLS" working (by linking application data records). */ | |||
| 5153 | if (is_from_server) { | |||
| 5154 | decoder->flow = ssl_session->server ? ssl_session->server->flow : ssl_create_flow(); | |||
| 5155 | ssl_session->server = decoder; | |||
| 5156 | } else { | |||
| 5157 | decoder->flow = ssl_session->client ? ssl_session->client->flow : ssl_create_flow(); | |||
| 5158 | ssl_session->client = decoder; | |||
| 5159 | } | |||
| 5160 | ssl_debug_printf("%s %s ready using cipher suite 0x%04x (cipher %s hash %s)\n", G_STRFUNC((const char*) (__func__)), | |||
| 5161 | is_from_server ? "Server" : "Client", cipher_suite->number, cipher_name, hash_name); | |||
| 5162 | success = true1; | |||
| 5163 | ||||
| 5164 | end: | |||
| 5165 | wmem_free(NULL((void*)0), write_key); | |||
| 5166 | wmem_free(NULL((void*)0), write_iv); | |||
| 5167 | if (sn_key) | |||
| 5168 | wmem_free(NULL((void*)0), sn_key); | |||
| 5169 | return success; | |||
| 5170 | } | |||
| 5171 | /* (Pre-)master secrets calculations }}} */ | |||
| 5172 | ||||
| 5173 | #ifdef HAVE_LIBGNUTLS1 | |||
| 5174 | /* Decrypt RSA pre-master secret using RSA private key. {{{ */ | |||
| 5175 | static bool_Bool | |||
| 5176 | ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session, | |||
| 5177 | StringInfo *encrypted_pre_master, GHashTable *key_hash) | |||
| 5178 | { | |||
| 5179 | int ret; | |||
| 5180 | ||||
| 5181 | if (!encrypted_pre_master) | |||
| 5182 | return false0; | |||
| 5183 | ||||
| 5184 | if (KEX_IS_DH(ssl_session->cipher_suite->kex)((ssl_session->cipher_suite->kex) >= 0x10 && (ssl_session->cipher_suite->kex) <= 0x1b)) { | |||
| 5185 | ssl_debug_printf("%s: session uses Diffie-Hellman key exchange " | |||
| 5186 | "(cipher suite 0x%04X %s) and cannot be decrypted " | |||
| 5187 | "using a RSA private key file.\n", | |||
| 5188 | G_STRFUNC((const char*) (__func__)), ssl_session->session.cipher, | |||
| 5189 | val_to_str_ext_const(ssl_session->session.cipher, | |||
| 5190 | &ssl_31_ciphersuite_ext, "unknown")); | |||
| 5191 | return false0; | |||
| 5192 | } else if (ssl_session->cipher_suite->kex != KEX_RSA0x1e) { | |||
| 5193 | ssl_debug_printf("%s key exchange %d different from KEX_RSA (%d)\n", | |||
| 5194 | G_STRFUNC((const char*) (__func__)), ssl_session->cipher_suite->kex, KEX_RSA0x1e); | |||
| 5195 | return false0; | |||
| 5196 | } | |||
| 5197 | ||||
| 5198 | gnutls_privkey_t pk = (gnutls_privkey_t)g_hash_table_lookup(key_hash, ssl_session->cert_key_id); | |||
| 5199 | ||||
| 5200 | ssl_print_string("pre master encrypted", encrypted_pre_master); | |||
| 5201 | ssl_debug_printf("%s: RSA_private_decrypt\n", G_STRFUNC((const char*) (__func__))); | |||
| 5202 | const gnutls_datum_t epms = { encrypted_pre_master->data, encrypted_pre_master->data_len }; | |||
| 5203 | gnutls_datum_t pms = { 0 }; | |||
| 5204 | if (pk) { | |||
| 5205 | // Try to decrypt using the RSA keys table from (D)TLS preferences. | |||
| 5206 | ret = gnutls_privkey_decrypt_data(pk, 0, &epms, &pms); | |||
| 5207 | } else { | |||
| 5208 | // Try to decrypt using a hardware token. | |||
| 5209 | ret = secrets_rsa_decrypt(ssl_session->cert_key_id, epms.data, epms.size, &pms.data, &pms.size); | |||
| 5210 | } | |||
| 5211 | if (ret < 0) { | |||
| 5212 | ssl_debug_printf("%s: decryption failed: %d (%s)\n", G_STRFUNC((const char*) (__func__)), ret, gnutls_strerror(ret)); | |||
| 5213 | return false0; | |||
| 5214 | } | |||
| 5215 | ||||
| 5216 | if (pms.size != 48) { | |||
| 5217 | ssl_debug_printf("%s wrong pre_master_secret length (%d, expected %d)\n", | |||
| 5218 | G_STRFUNC((const char*) (__func__)), pms.size, 48); | |||
| 5219 | if (pk) { | |||
| 5220 | gnutls_free(pms.data); | |||
| 5221 | } else { | |||
| 5222 | g_free(pms.data); | |||
| 5223 | } | |||
| 5224 | return false0; | |||
| 5225 | } | |||
| 5226 | ||||
| 5227 | ssl_session->pre_master_secret.data = (uint8_t *)wmem_memdup(wmem_file_scope(), pms.data, 48); | |||
| 5228 | ssl_session->pre_master_secret.data_len = 48; | |||
| 5229 | if (pk) { | |||
| 5230 | gnutls_free(pms.data); | |||
| 5231 | } else { | |||
| 5232 | g_free(pms.data); | |||
| 5233 | } | |||
| 5234 | ssl_print_string("pre master secret", &ssl_session->pre_master_secret); | |||
| 5235 | ||||
| 5236 | /* Remove the master secret if it was there. | |||
| 5237 | This forces keying material regeneration in | |||
| 5238 | case we're renegotiating */ | |||
| 5239 | ssl_session->state &= ~(SSL_MASTER_SECRET(1<<5)|SSL_HAVE_SESSION_KEY(1<<3)); | |||
| 5240 | ssl_session->state |= SSL_PRE_MASTER_SECRET(1<<6); | |||
| 5241 | return true1; | |||
| 5242 | } /* }}} */ | |||
| 5243 | #endif /* HAVE_LIBGNUTLS */ | |||
| 5244 | ||||
| 5245 | /* Decryption integrity check {{{ */ | |||
| 5246 | ||||
| 5247 | static int | |||
| 5248 | tls_check_mac(SslDecoder*decoder, int ct, int ver, uint8_t* data, | |||
| 5249 | uint32_t datalen, uint8_t* mac) | |||
| 5250 | { | |||
| 5251 | SSL_HMACgcry_md_hd_t hm; | |||
| 5252 | int md; | |||
| 5253 | uint32_t len; | |||
| 5254 | uint8_t buf[DIGEST_MAX_SIZE48]; | |||
| 5255 | int16_t temp; | |||
| 5256 | ||||
| 5257 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); | |||
| 5258 | ssl_debug_printf("tls_check_mac mac type:%s md %d\n", | |||
| 5259 | ssl_cipher_suite_dig(decoder->cipher_suite)->name, md); | |||
| 5260 | ||||
| 5261 | if (ssl_hmac_init(&hm,md) != 0) | |||
| 5262 | return -1; | |||
| 5263 | if (ssl_hmac_setkey(&hm,decoder->mac_key.data,decoder->mac_key.data_len) != 0) | |||
| 5264 | return -1; | |||
| 5265 | ||||
| 5266 | /* hash sequence number */ | |||
| 5267 | phton64(buf, decoder->seq); | |||
| 5268 | ||||
| 5269 | decoder->seq++; | |||
| 5270 | ||||
| 5271 | ssl_hmac_update(&hm,buf,8); | |||
| 5272 | ||||
| 5273 | /* hash content type */ | |||
| 5274 | buf[0]=ct; | |||
| 5275 | ssl_hmac_update(&hm,buf,1); | |||
| 5276 | ||||
| 5277 | /* hash version,data length and data*/ | |||
| 5278 | /* *((int16_t*)buf) = g_htons(ver); */ | |||
| 5279 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); | |||
| 5280 | memcpy(buf, &temp, 2); | |||
| 5281 | ssl_hmac_update(&hm,buf,2); | |||
| 5282 | ||||
| 5283 | /* *((int16_t*)buf) = g_htons(datalen); */ | |||
| 5284 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); | |||
| 5285 | memcpy(buf, &temp, 2); | |||
| 5286 | ssl_hmac_update(&hm,buf,2); | |||
| 5287 | ssl_hmac_update(&hm,data,datalen); | |||
| 5288 | ||||
| 5289 | /* get digest and digest len*/ | |||
| 5290 | len = sizeof(buf); | |||
| 5291 | ssl_hmac_final(&hm,buf,&len); | |||
| 5292 | ssl_hmac_cleanup(&hm); | |||
| 5293 | ssl_print_data("Mac", buf, len); | |||
| 5294 | if(memcmp(mac,buf,len)) | |||
| 5295 | return -1; | |||
| 5296 | ||||
| 5297 | return 0; | |||
| 5298 | } | |||
| 5299 | ||||
| 5300 | static int | |||
| 5301 | ssl3_check_mac(SslDecoder*decoder,int ct,uint8_t* data, | |||
| 5302 | uint32_t datalen, uint8_t* mac) | |||
| 5303 | { | |||
| 5304 | SSL_MDgcry_md_hd_t mc; | |||
| 5305 | int md; | |||
| 5306 | uint32_t len; | |||
| 5307 | uint8_t buf[64],dgst[20]; | |||
| 5308 | int pad_ct; | |||
| 5309 | int16_t temp; | |||
| 5310 | ||||
| 5311 | pad_ct=(decoder->cipher_suite->dig==DIG_SHA0x41)?40:48; | |||
| 5312 | ||||
| 5313 | /* get cipher used for digest computation */ | |||
| 5314 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); | |||
| 5315 | if (ssl_md_init(&mc,md) !=0) | |||
| 5316 | return -1; | |||
| 5317 | ||||
| 5318 | /* do hash computation on data && padding */ | |||
| 5319 | ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len); | |||
| 5320 | ||||
| 5321 | /* hash padding*/ | |||
| 5322 | memset(buf,0x36,pad_ct); | |||
| 5323 | ssl_md_update(&mc,buf,pad_ct); | |||
| 5324 | ||||
| 5325 | /* hash sequence number */ | |||
| 5326 | phton64(buf, decoder->seq); | |||
| 5327 | decoder->seq++; | |||
| 5328 | ssl_md_update(&mc,buf,8); | |||
| 5329 | ||||
| 5330 | /* hash content type */ | |||
| 5331 | buf[0]=ct; | |||
| 5332 | ssl_md_update(&mc,buf,1); | |||
| 5333 | ||||
| 5334 | /* hash data length in network byte order and data*/ | |||
| 5335 | /* *((int16_t* )buf) = g_htons(datalen); */ | |||
| 5336 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); | |||
| 5337 | memcpy(buf, &temp, 2); | |||
| 5338 | ssl_md_update(&mc,buf,2); | |||
| 5339 | ssl_md_update(&mc,data,datalen); | |||
| 5340 | ||||
| 5341 | /* get partial digest */ | |||
| 5342 | ssl_md_final(&mc,dgst,&len); | |||
| 5343 | ssl_md_reset(&mc); | |||
| 5344 | ||||
| 5345 | /* hash mac key */ | |||
| 5346 | ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len); | |||
| 5347 | ||||
| 5348 | /* hash padding and partial digest*/ | |||
| 5349 | memset(buf,0x5c,pad_ct); | |||
| 5350 | ssl_md_update(&mc,buf,pad_ct); | |||
| 5351 | ssl_md_update(&mc,dgst,len); | |||
| 5352 | ||||
| 5353 | ssl_md_final(&mc,dgst,&len); | |||
| 5354 | ssl_md_cleanup(&mc); | |||
| 5355 | ||||
| 5356 | if(memcmp(mac,dgst,len)) | |||
| 5357 | return -1; | |||
| 5358 | ||||
| 5359 | return 0; | |||
| 5360 | } | |||
| 5361 | ||||
| 5362 | static int | |||
| 5363 | dtls_check_mac(SslDecryptSession *ssl, SslDecoder*decoder, int ct, uint8_t* data, | |||
| 5364 | uint32_t datalen, uint8_t* mac, const unsigned char *cid, uint8_t cidl) | |||
| 5365 | { | |||
| 5366 | SSL_HMACgcry_md_hd_t hm; | |||
| 5367 | int md; | |||
| 5368 | uint32_t len; | |||
| 5369 | uint8_t buf[DIGEST_MAX_SIZE48]; | |||
| 5370 | int16_t temp; | |||
| 5371 | ||||
| 5372 | int ver = ssl->session.version; | |||
| 5373 | bool_Bool is_cid = ((ct == SSL_ID_TLS12_CID) && (ver == DTLSV1DOT2_VERSION0xfefd)); | |||
| 5374 | ||||
| 5375 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); | |||
| 5376 | ssl_debug_printf("dtls_check_mac mac type:%s md %d\n", | |||
| 5377 | ssl_cipher_suite_dig(decoder->cipher_suite)->name, md); | |||
| 5378 | ||||
| 5379 | if (ssl_hmac_init(&hm,md) != 0) | |||
| 5380 | return -1; | |||
| 5381 | if (ssl_hmac_setkey(&hm,decoder->mac_key.data,decoder->mac_key.data_len) != 0) | |||
| 5382 | return -1; | |||
| 5383 | ||||
| 5384 | ssl_debug_printf("dtls_check_mac seq: %" PRIu64"l" "u" " epoch: %d\n",decoder->seq,decoder->epoch); | |||
| 5385 | ||||
| 5386 | if (is_cid && !ssl->session.deprecated_cid) { | |||
| 5387 | /* hash seq num placeholder */ | |||
| 5388 | memset(buf,0xFF,8); | |||
| 5389 | ssl_hmac_update(&hm,buf,8); | |||
| 5390 | ||||
| 5391 | /* hash content type + cid length + content type */ | |||
| 5392 | buf[0]=ct; | |||
| 5393 | buf[1]=cidl; | |||
| 5394 | buf[2]=ct; | |||
| 5395 | ssl_hmac_update(&hm,buf,3); | |||
| 5396 | ||||
| 5397 | /* hash version */ | |||
| 5398 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); | |||
| 5399 | memcpy(buf, &temp, 2); | |||
| 5400 | ssl_hmac_update(&hm,buf,2); | |||
| 5401 | ||||
| 5402 | /* hash sequence number */ | |||
| 5403 | phton64(buf, decoder->seq); | |||
| 5404 | buf[0]=decoder->epoch>>8; | |||
| 5405 | buf[1]=(uint8_t)decoder->epoch; | |||
| 5406 | ssl_hmac_update(&hm,buf,8); | |||
| 5407 | ||||
| 5408 | /* hash cid */ | |||
| 5409 | ssl_hmac_update(&hm,cid,cidl); | |||
| 5410 | } else { | |||
| 5411 | /* hash sequence number */ | |||
| 5412 | phton64(buf, decoder->seq); | |||
| 5413 | buf[0]=decoder->epoch>>8; | |||
| 5414 | buf[1]=(uint8_t)decoder->epoch; | |||
| 5415 | ssl_hmac_update(&hm,buf,8); | |||
| 5416 | ||||
| 5417 | /* hash content type */ | |||
| 5418 | buf[0]=ct; | |||
| 5419 | ssl_hmac_update(&hm,buf,1); | |||
| 5420 | ||||
| 5421 | /* hash version */ | |||
| 5422 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); | |||
| 5423 | memcpy(buf, &temp, 2); | |||
| 5424 | ssl_hmac_update(&hm,buf,2); | |||
| 5425 | ||||
| 5426 | if (is_cid && ssl->session.deprecated_cid) { | |||
| 5427 | /* hash cid */ | |||
| 5428 | ssl_hmac_update(&hm,cid,cidl); | |||
| 5429 | ||||
| 5430 | /* hash cid length */ | |||
| 5431 | buf[0] = cidl; | |||
| 5432 | ssl_hmac_update(&hm,buf,1); | |||
| 5433 | } | |||
| 5434 | } | |||
| 5435 | ||||
| 5436 | /* data length and data */ | |||
| 5437 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); | |||
| 5438 | memcpy(buf, &temp, 2); | |||
| 5439 | ssl_hmac_update(&hm,buf,2); | |||
| 5440 | ssl_hmac_update(&hm,data,datalen); | |||
| 5441 | ||||
| 5442 | /* get digest and digest len */ | |||
| 5443 | len = sizeof(buf); | |||
| 5444 | ssl_hmac_final(&hm,buf,&len); | |||
| 5445 | ssl_hmac_cleanup(&hm); | |||
| 5446 | ssl_print_data("Mac", buf, len); | |||
| 5447 | if(memcmp(mac,buf,len)) | |||
| 5448 | return -1; | |||
| 5449 | ||||
| 5450 | return 0; | |||
| 5451 | } | |||
| 5452 | /* Decryption integrity check }}} */ | |||
| 5453 | ||||
| 5454 | ||||
| 5455 | static bool_Bool | |||
| 5456 | tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder, | |||
| 5457 | uint8_t ct, uint16_t record_version, | |||
| 5458 | bool_Bool ignore_mac_failed, | |||
| 5459 | const unsigned char *in, uint16_t inl, | |||
| 5460 | const unsigned char *cid, uint8_t cidl, | |||
| 5461 | StringInfo *out_str, unsigned *outl) | |||
| 5462 | { | |||
| 5463 | /* RFC 5246 (TLS 1.2) 6.2.3.3 defines the TLSCipherText.fragment as: | |||
| 5464 | * GenericAEADCipher: { nonce_explicit, [content] } | |||
| 5465 | * In TLS 1.3 this explicit nonce is gone. | |||
| 5466 | * With AES GCM/CCM, "[content]" is actually the concatenation of the | |||
| 5467 | * ciphertext and authentication tag. | |||
| 5468 | */ | |||
| 5469 | const uint16_t version = ssl->session.version; | |||
| 5470 | const bool_Bool is_v12 = version == TLSV1DOT2_VERSION0x303 || version == DTLSV1DOT2_VERSION0xfefd || version == TLCPV1_VERSION0x101; | |||
| 5471 | gcry_error_t err; | |||
| 5472 | const unsigned char *explicit_nonce = NULL((void*)0), *ciphertext; | |||
| 5473 | unsigned ciphertext_len, auth_tag_len; | |||
| 5474 | unsigned char nonce[12]; | |||
| 5475 | const ssl_cipher_mode_t cipher_mode = decoder->cipher_suite->mode; | |||
| 5476 | const bool_Bool is_cid = ct == SSL_ID_TLS12_CID && version == DTLSV1DOT2_VERSION0xfefd; | |||
| 5477 | const uint8_t draft_version = ssl->session.tls13_draft_version; | |||
| 5478 | const unsigned char *auth_tag_wire; | |||
| 5479 | unsigned char auth_tag_calc[16]; | |||
| 5480 | unsigned char *aad = NULL((void*)0); | |||
| 5481 | unsigned aad_len = 0; | |||
| 5482 | ||||
| 5483 | switch (cipher_mode) { | |||
| 5484 | case MODE_GCM: | |||
| 5485 | case MODE_CCM: | |||
| 5486 | case MODE_POLY1305: | |||
| 5487 | auth_tag_len = 16; | |||
| 5488 | break; | |||
| 5489 | case MODE_CCM_8: | |||
| 5490 | auth_tag_len = 8; | |||
| 5491 | break; | |||
| 5492 | default: | |||
| 5493 | ssl_debug_printf("%s unsupported cipher!\n", G_STRFUNC((const char*) (__func__))); | |||
| 5494 | return false0; | |||
| 5495 | } | |||
| 5496 | ||||
| 5497 | /* Parse input into explicit nonce (TLS 1.2 only), ciphertext and tag. */ | |||
| 5498 | if (is_v12 && cipher_mode != MODE_POLY1305) { | |||
| 5499 | if (inl < EXPLICIT_NONCE_LEN8 + auth_tag_len) { | |||
| 5500 | ssl_debug_printf("%s input %d is too small for explicit nonce %d and auth tag %d\n", | |||
| 5501 | G_STRFUNC((const char*) (__func__)), inl, EXPLICIT_NONCE_LEN8, auth_tag_len); | |||
| 5502 | return false0; | |||
| 5503 | } | |||
| 5504 | explicit_nonce = in; | |||
| 5505 | ciphertext = explicit_nonce + EXPLICIT_NONCE_LEN8; | |||
| 5506 | ciphertext_len = inl - EXPLICIT_NONCE_LEN8 - auth_tag_len; | |||
| 5507 | } else if (version == TLSV1DOT3_VERSION0x304 || version == DTLSV1DOT3_VERSION0xfefc || cipher_mode == MODE_POLY1305) { | |||
| 5508 | if (inl < auth_tag_len) { | |||
| 5509 | ssl_debug_printf("%s input %d has no space for auth tag %d\n", G_STRFUNC((const char*) (__func__)), inl, auth_tag_len); | |||
| 5510 | return false0; | |||
| 5511 | } | |||
| 5512 | ciphertext = in; | |||
| 5513 | ciphertext_len = inl - auth_tag_len; | |||
| 5514 | } else { | |||
| 5515 | ssl_debug_printf("%s Unexpected TLS version %#x\n", G_STRFUNC((const char*) (__func__)), version); | |||
| 5516 | return false0; | |||
| 5517 | } | |||
| 5518 | auth_tag_wire = ciphertext + ciphertext_len; | |||
| 5519 | ||||
| 5520 | /* | |||
| 5521 | * Nonce construction is version-specific. Note that AEAD_CHACHA20_POLY1305 | |||
| 5522 | * (RFC 7905) uses a nonce construction similar to TLS 1.3. | |||
| 5523 | */ | |||
| 5524 | if (is_v12 && cipher_mode != MODE_POLY1305) { | |||
| 5525 | DISSECTOR_ASSERT(decoder->write_iv.data_len == IMPLICIT_NONCE_LEN)((void) ((decoder->write_iv.data_len == 4) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 5525, "decoder->write_iv.data_len == 4")))); | |||
| 5526 | /* Implicit (4) and explicit (8) part of nonce. */ | |||
| 5527 | memcpy(nonce, decoder->write_iv.data, IMPLICIT_NONCE_LEN4); | |||
| 5528 | memcpy(nonce + IMPLICIT_NONCE_LEN4, explicit_nonce, EXPLICIT_NONCE_LEN8); | |||
| 5529 | ||||
| 5530 | } else if (version == TLSV1DOT3_VERSION0x304 || version == DTLSV1DOT3_VERSION0xfefc || cipher_mode == MODE_POLY1305) { | |||
| 5531 | /* | |||
| 5532 | * Technically the nonce length must be at least 8 bytes, but for | |||
| 5533 | * AES-GCM, AES-CCM and Poly1305-ChaCha20 the nonce length is exact 12. | |||
| 5534 | */ | |||
| 5535 | const unsigned nonce_len = 12; | |||
| 5536 | DISSECTOR_ASSERT(decoder->write_iv.data_len == nonce_len)((void) ((decoder->write_iv.data_len == nonce_len) ? (void )0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 5536, "decoder->write_iv.data_len == nonce_len" )))); | |||
| 5537 | memcpy(nonce, decoder->write_iv.data, decoder->write_iv.data_len); | |||
| 5538 | /* Sequence number is left-padded with zeroes and XORed with write_iv */ | |||
| 5539 | phton64(nonce + nonce_len - 8, pntoh64(nonce + nonce_len - 8) ^ decoder->seq); | |||
| 5540 | ssl_debug_printf("%s seq %" PRIu64"l" "u" "\n", G_STRFUNC((const char*) (__func__)), decoder->seq); | |||
| 5541 | } | |||
| 5542 | ||||
| 5543 | /* Set nonce and additional authentication data */ | |||
| 5544 | gcry_cipher_reset(decoder->evp)gcry_cipher_ctl ((decoder->evp), GCRYCTL_RESET, ((void*)0) , 0); | |||
| 5545 | ssl_print_data("nonce", nonce, 12); | |||
| 5546 | err = gcry_cipher_setiv(decoder->evp, nonce, 12); | |||
| 5547 | if (err) { | |||
| 5548 | ssl_debug_printf("%s failed to set nonce: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | |||
| 5549 | return false0; | |||
| 5550 | } | |||
| 5551 | ||||
| 5552 | /* (D)TLS 1.2 needs specific AAD, TLS 1.3 (before -25) uses empty AAD. */ | |||
| 5553 | if (is_cid) { /* if connection ID */ | |||
| 5554 | if (ssl->session.deprecated_cid) { | |||
| 5555 | aad_len = 14 + cidl; | |||
| 5556 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | |||
| 5557 | phton64(aad, decoder->seq); /* record sequence number */ | |||
| 5558 | phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ | |||
| 5559 | aad[8] = ct; /* TLSCompressed.type */ | |||
| 5560 | phton16(aad + 9, record_version); /* TLSCompressed.version */ | |||
| 5561 | memcpy(aad + 11, cid, cidl); /* cid */ | |||
| 5562 | aad[11 + cidl] = cidl; /* cid_length */ | |||
| 5563 | phton16(aad + 12 + cidl, ciphertext_len); /* TLSCompressed.length */ | |||
| 5564 | } else { | |||
| 5565 | aad_len = 23 + cidl; | |||
| 5566 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | |||
| 5567 | memset(aad, 0xFF, 8); /* seq_num_placeholder */ | |||
| 5568 | aad[8] = ct; /* TLSCompressed.type */ | |||
| 5569 | aad[9] = cidl; /* cid_length */ | |||
| 5570 | aad[10] = ct; /* TLSCompressed.type */ | |||
| 5571 | phton16(aad + 11, record_version); /* TLSCompressed.version */ | |||
| 5572 | phton64(aad + 13, decoder->seq); /* record sequence number */ | |||
| 5573 | phton16(aad + 13, decoder->epoch); /* DTLS 1.2 includes epoch. */ | |||
| 5574 | memcpy(aad + 21, cid, cidl); /* cid */ | |||
| 5575 | phton16(aad + 21 + cidl, ciphertext_len); /* TLSCompressed.length */ | |||
| 5576 | } | |||
| 5577 | } else if (is_v12) { | |||
| 5578 | aad_len = 13; | |||
| 5579 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | |||
| 5580 | phton64(aad, decoder->seq); /* record sequence number */ | |||
| 5581 | if (version == DTLSV1DOT2_VERSION0xfefd) { | |||
| 5582 | phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ | |||
| 5583 | } | |||
| 5584 | aad[8] = ct; /* TLSCompressed.type */ | |||
| 5585 | phton16(aad + 9, record_version); /* TLSCompressed.version */ | |||
| 5586 | phton16(aad + 11, ciphertext_len); /* TLSCompressed.length */ | |||
| 5587 | } else if (version == DTLSV1DOT3_VERSION0xfefc) { | |||
| 5588 | aad_len = decoder->dtls13_aad.data_len; | |||
| 5589 | aad = decoder->dtls13_aad.data; | |||
| 5590 | } else if (draft_version >= 25 || draft_version == 0) { | |||
| 5591 | aad_len = 5; | |||
| 5592 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | |||
| 5593 | aad[0] = ct; /* TLSCiphertext.opaque_type (23) */ | |||
| 5594 | phton16(aad + 1, record_version); /* TLSCiphertext.legacy_record_version (0x0303) */ | |||
| 5595 | phton16(aad + 3, inl); /* TLSCiphertext.length */ | |||
| 5596 | } | |||
| 5597 | ||||
| 5598 | if (decoder->cipher_suite->mode == MODE_CCM || decoder->cipher_suite->mode == MODE_CCM_8) { | |||
| 5599 | /* size of plaintext, additional authenticated data and auth tag. */ | |||
| 5600 | uint64_t lengths[3] = { ciphertext_len, aad_len, auth_tag_len }; | |||
| 5601 | ||||
| 5602 | gcry_cipher_ctl(decoder->evp, GCRYCTL_SET_CCM_LENGTHS, lengths, sizeof(lengths)); | |||
| 5603 | } | |||
| 5604 | ||||
| 5605 | if (aad && aad_len > 0) { | |||
| 5606 | ssl_print_data("AAD", aad, aad_len); | |||
| 5607 | err = gcry_cipher_authenticate(decoder->evp, aad, aad_len); | |||
| 5608 | if (err) { | |||
| 5609 | ssl_debug_printf("%s failed to set AAD: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | |||
| 5610 | return false0; | |||
| 5611 | } | |||
| 5612 | } | |||
| 5613 | ||||
| 5614 | /* Decrypt now that nonce and AAD are set. */ | |||
| 5615 | err = gcry_cipher_decrypt(decoder->evp, out_str->data, out_str->data_len, ciphertext, ciphertext_len); | |||
| 5616 | if (err) { | |||
| 5617 | ssl_debug_printf("%s decrypt failed: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | |||
| 5618 | return false0; | |||
| 5619 | } | |||
| 5620 | ||||
| 5621 | /* Check authentication tag for authenticity (replaces MAC) */ | |||
| 5622 | err = gcry_cipher_gettag(decoder->evp, auth_tag_calc, auth_tag_len); | |||
| 5623 | if (err == 0 && !memcmp(auth_tag_calc, auth_tag_wire, auth_tag_len)) { | |||
| 5624 | ssl_print_data("auth_tag(OK)", auth_tag_calc, auth_tag_len); | |||
| 5625 | } else { | |||
| 5626 | if (err) { | |||
| 5627 | ssl_debug_printf("%s cannot obtain tag: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | |||
| 5628 | } else { | |||
| 5629 | ssl_debug_printf("%s auth tag mismatch\n", G_STRFUNC((const char*) (__func__))); | |||
| 5630 | ssl_print_data("auth_tag(expect)", auth_tag_calc, auth_tag_len); | |||
| 5631 | ssl_print_data("auth_tag(actual)", auth_tag_wire, auth_tag_len); | |||
| 5632 | } | |||
| 5633 | if (ignore_mac_failed) { | |||
| 5634 | ssl_debug_printf("%s: auth check failed, but ignored for troubleshooting ;-)\n", G_STRFUNC((const char*) (__func__))); | |||
| 5635 | } else { | |||
| 5636 | return false0; | |||
| 5637 | } | |||
| 5638 | } | |||
| 5639 | ||||
| 5640 | /* | |||
| 5641 | * Increment the (implicit) sequence number for TLS 1.2/1.3 and TLCP 1.1. This is done | |||
| 5642 | * after successful authentication to ensure that early data is skipped when | |||
| 5643 | * CLIENT_EARLY_TRAFFIC_SECRET keys are unavailable. | |||
| 5644 | */ | |||
| 5645 | if (version == TLSV1DOT2_VERSION0x303 || version == TLSV1DOT3_VERSION0x304 || version == TLCPV1_VERSION0x101) { | |||
| 5646 | decoder->seq++; | |||
| 5647 | } | |||
| 5648 | ||||
| 5649 | ssl_print_data("Plaintext", out_str->data, ciphertext_len); | |||
| 5650 | *outl = ciphertext_len; | |||
| 5651 | return true1; | |||
| 5652 | } | |||
| 5653 | ||||
| 5654 | /* Record decryption glue based on security parameters {{{ */ | |||
| 5655 | /* Assume that we are called only for a non-NULL decoder which also means that | |||
| 5656 | * we have a non-NULL decoder->cipher_suite. */ | |||
| 5657 | int | |||
| 5658 | ssl_decrypt_record(SslDecryptSession *ssl, SslDecoder *decoder, uint8_t ct, uint16_t record_version, | |||
| 5659 | bool_Bool ignore_mac_failed, | |||
| 5660 | const unsigned char *in, uint16_t inl, const unsigned char *cid, uint8_t cidl, | |||
| 5661 | StringInfo *comp_str, StringInfo *out_str, unsigned *outl) | |||
| 5662 | { | |||
| 5663 | unsigned pad, worklen, uncomplen, maclen, mac_fraglen = 0; | |||
| 5664 | uint8_t *mac = NULL((void*)0), *mac_frag = NULL((void*)0); | |||
| 5665 | ||||
| 5666 | ssl_debug_printf("ssl_decrypt_record ciphertext len %d\n", inl); | |||
| 5667 | ssl_print_data("Ciphertext",in, inl); | |||
| 5668 | ||||
| 5669 | if (((ssl->session.version == TLSV1DOT3_VERSION0x304 || ssl->session.version == DTLSV1DOT3_VERSION0xfefc)) | |||
| 5670 | != (decoder->cipher_suite->kex == KEX_TLS130x23)) { | |||
| 5671 | ssl_debug_printf("%s Invalid cipher suite for the protocol version!\n", G_STRFUNC((const char*) (__func__))); | |||
| 5672 | return -1; | |||
| 5673 | } | |||
| 5674 | ||||
| 5675 | /* ensure we have enough storage space for decrypted data */ | |||
| 5676 | if (inl > out_str->data_len) | |||
| 5677 | { | |||
| 5678 | ssl_debug_printf("ssl_decrypt_record: allocating %d bytes for decrypt data (old len %d)\n", | |||
| 5679 | inl + 32, out_str->data_len); | |||
| 5680 | ssl_data_realloc(out_str, inl + 32); | |||
| 5681 | } | |||
| 5682 | ||||
| 5683 | /* AEAD ciphers (GenericAEADCipher in TLS 1.2; TLS 1.3) have no padding nor | |||
| 5684 | * a separate MAC, so use a different routine for simplicity. */ | |||
| 5685 | if (decoder->cipher_suite->mode == MODE_GCM || | |||
| 5686 | decoder->cipher_suite->mode == MODE_CCM || | |||
| 5687 | decoder->cipher_suite->mode == MODE_CCM_8 || | |||
| 5688 | decoder->cipher_suite->mode == MODE_POLY1305 || | |||
| 5689 | ssl->session.version == TLSV1DOT3_VERSION0x304 || | |||
| 5690 | ssl->session.version == DTLSV1DOT3_VERSION0xfefc) { | |||
| 5691 | ||||
| 5692 | if (!tls_decrypt_aead_record(ssl, decoder, ct, record_version, ignore_mac_failed, in, inl, cid, cidl, out_str, &worklen)) { | |||
| 5693 | /* decryption failed */ | |||
| 5694 | return -1; | |||
| 5695 | } | |||
| 5696 | ||||
| 5697 | goto skip_mac; | |||
| 5698 | } | |||
| 5699 | ||||
| 5700 | /* RFC 6101/2246: SSLCipherText/TLSCipherText has two structures for types: | |||
| 5701 | * (notation: { unencrypted, [ encrypted ] }) | |||
| 5702 | * GenericStreamCipher: { [content, mac] } | |||
| 5703 | * GenericBlockCipher: { IV (TLS 1.1+), [content, mac, padding, padding_len] } | |||
| 5704 | * RFC 5426 (TLS 1.2): TLSCipherText has additionally: | |||
| 5705 | * GenericAEADCipher: { nonce_explicit, [content] } | |||
| 5706 | * RFC 4347 (DTLS): based on TLS 1.1, only GenericBlockCipher is supported. | |||
| 5707 | * RFC 6347 (DTLS 1.2): based on TLS 1.2, includes GenericAEADCipher too. | |||
| 5708 | */ | |||
| 5709 | ||||
| 5710 | maclen = ssl_cipher_suite_dig(decoder->cipher_suite)->len; | |||
| 5711 | ||||
| 5712 | /* (TLS 1.1 and later, DTLS) Extract explicit IV for GenericBlockCipher */ | |||
| 5713 | if (decoder->cipher_suite->mode == MODE_CBC) { | |||
| 5714 | unsigned blocksize = 0; | |||
| 5715 | ||||
| 5716 | switch (ssl->session.version) { | |||
| 5717 | case TLSV1DOT1_VERSION0x302: | |||
| 5718 | case TLSV1DOT2_VERSION0x303: | |||
| 5719 | case DTLSV1DOT0_VERSION0xfeff: | |||
| 5720 | case DTLSV1DOT2_VERSION0xfefd: | |||
| 5721 | case DTLSV1DOT3_VERSION0xfefc: | |||
| 5722 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | |||
| 5723 | case TLCPV1_VERSION0x101: | |||
| 5724 | blocksize = ssl_get_cipher_blocksize(decoder->cipher_suite); | |||
| 5725 | if (inl < blocksize) { | |||
| 5726 | ssl_debug_printf("ssl_decrypt_record failed: input %d has no space for IV %d\n", | |||
| 5727 | inl, blocksize); | |||
| 5728 | return -1; | |||
| 5729 | } | |||
| 5730 | pad = gcry_cipher_setiv(decoder->evp, in, blocksize); | |||
| 5731 | if (pad != 0) { | |||
| 5732 | ssl_debug_printf("ssl_decrypt_record failed: failed to set IV: %s %s\n", | |||
| 5733 | gcry_strsource (pad), gcry_strerror (pad)); | |||
| 5734 | } | |||
| 5735 | ||||
| 5736 | inl -= blocksize; | |||
| 5737 | in += blocksize; | |||
| 5738 | break; | |||
| 5739 | } | |||
| 5740 | ||||
| 5741 | /* Encrypt-then-MAC for (D)TLS (RFC 7366) */ | |||
| 5742 | if (ssl->state & SSL_ENCRYPT_THEN_MAC(1<<11)) { | |||
| 5743 | /* | |||
| 5744 | * MAC is calculated over (IV + ) ENCRYPTED contents: | |||
| 5745 | * | |||
| 5746 | * MAC(MAC_write_key, ... + | |||
| 5747 | * IV + // for TLS 1.1 or greater | |||
| 5748 | * TLSCiphertext.enc_content); | |||
| 5749 | */ | |||
| 5750 | if (inl < maclen) { | |||
| 5751 | ssl_debug_printf("%s failed: input %d has no space for MAC %d\n", | |||
| 5752 | G_STRFUNC((const char*) (__func__)), inl, maclen); | |||
| 5753 | return -1; | |||
| 5754 | } | |||
| 5755 | inl -= maclen; | |||
| 5756 | mac = (uint8_t *)in + inl; | |||
| 5757 | mac_frag = (uint8_t *)in - blocksize; | |||
| 5758 | mac_fraglen = blocksize + inl; | |||
| 5759 | } | |||
| 5760 | } | |||
| 5761 | ||||
| 5762 | /* First decrypt*/ | |||
| 5763 | if ((pad = ssl_cipher_decrypt(&decoder->evp, out_str->data, out_str->data_len, in, inl)) != 0) { | |||
| 5764 | ssl_debug_printf("ssl_decrypt_record failed: ssl_cipher_decrypt: %s %s\n", gcry_strsource (pad), | |||
| 5765 | gcry_strerror (pad)); | |||
| 5766 | return -1; | |||
| 5767 | } | |||
| 5768 | ||||
| 5769 | ssl_print_data("Plaintext", out_str->data, inl); | |||
| 5770 | worklen=inl; | |||
| 5771 | ||||
| 5772 | ||||
| 5773 | /* strip padding for GenericBlockCipher */ | |||
| 5774 | if (decoder->cipher_suite->mode == MODE_CBC) { | |||
| 5775 | if (inl < 1) { /* Should this check happen earlier? */ | |||
| 5776 | ssl_debug_printf("ssl_decrypt_record failed: input length %d too small\n", inl); | |||
| 5777 | return -1; | |||
| 5778 | } | |||
| 5779 | pad=out_str->data[inl-1]; | |||
| 5780 | if (worklen <= pad) { | |||
| 5781 | ssl_debug_printf("ssl_decrypt_record failed: padding %d too large for work %d\n", | |||
| 5782 | pad, worklen); | |||
| 5783 | return -1; | |||
| 5784 | } | |||
| 5785 | worklen-=(pad+1); | |||
| 5786 | ssl_debug_printf("ssl_decrypt_record found padding %d final len %d\n", | |||
| 5787 | pad, worklen); | |||
| 5788 | } | |||
| 5789 | ||||
| 5790 | /* MAC for GenericStreamCipher and GenericBlockCipher. | |||
| 5791 | * (normal case without Encrypt-then-MAC (RFC 7366) extension. */ | |||
| 5792 | if (!mac) { | |||
| 5793 | /* | |||
| 5794 | * MAC is calculated over the DECRYPTED contents: | |||
| 5795 | * | |||
| 5796 | * MAC(MAC_write_key, ... + TLSCompressed.fragment); | |||
| 5797 | */ | |||
| 5798 | if (worklen < maclen) { | |||
| 5799 | ssl_debug_printf("%s wrong record len/padding outlen %d\n work %d\n", G_STRFUNC((const char*) (__func__)), *outl, worklen); | |||
| 5800 | return -1; | |||
| 5801 | } | |||
| 5802 | worklen -= maclen; | |||
| 5803 | mac = out_str->data + worklen; | |||
| 5804 | mac_frag = out_str->data; | |||
| 5805 | mac_fraglen = worklen; | |||
| 5806 | } | |||
| 5807 | ||||
| 5808 | /* If NULL encryption active and no keys are available, do not bother | |||
| 5809 | * checking the MAC. We do not have keys for that. */ | |||
| 5810 | if (decoder->cipher_suite->mode == MODE_STREAM && | |||
| 5811 | decoder->cipher_suite->enc == ENC_NULL0x3D && | |||
| 5812 | !(ssl->state & SSL_MASTER_SECRET(1<<5))) { | |||
| 5813 | ssl_debug_printf("MAC check skipped due to missing keys\n"); | |||
| 5814 | decoder->seq++; // Increment this for display | |||
| 5815 | goto skip_mac; | |||
| 5816 | } | |||
| 5817 | ||||
| 5818 | /* Now check the MAC */ | |||
| 5819 | ssl_debug_printf("checking mac (len %d, version %X, ct %d seq %" PRIu64"l" "u" ")\n", | |||
| 5820 | worklen, ssl->session.version, ct, decoder->seq); | |||
| 5821 | if(ssl->session.version==SSLV3_VERSION0x300){ | |||
| 5822 | if(ssl3_check_mac(decoder,ct,mac_frag,mac_fraglen,mac) < 0) { | |||
| 5823 | if(ignore_mac_failed) { | |||
| 5824 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); | |||
| 5825 | } | |||
| 5826 | else{ | |||
| 5827 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); | |||
| 5828 | return -1; | |||
| 5829 | } | |||
| 5830 | } | |||
| 5831 | else{ | |||
| 5832 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); | |||
| 5833 | } | |||
| 5834 | } | |||
| 5835 | else if(ssl->session.version==TLSV1_VERSION0x301 || ssl->session.version==TLSV1DOT1_VERSION0x302 || ssl->session.version==TLSV1DOT2_VERSION0x303 || ssl->session.version==TLCPV1_VERSION0x101){ | |||
| 5836 | if(tls_check_mac(decoder,ct,ssl->session.version,mac_frag,mac_fraglen,mac)< 0) { | |||
| 5837 | if(ignore_mac_failed) { | |||
| 5838 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); | |||
| 5839 | } | |||
| 5840 | else{ | |||
| 5841 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); | |||
| 5842 | return -1; | |||
| 5843 | } | |||
| 5844 | } | |||
| 5845 | else{ | |||
| 5846 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); | |||
| 5847 | } | |||
| 5848 | } | |||
| 5849 | else if(ssl->session.version==DTLSV1DOT0_VERSION0xfeff || | |||
| 5850 | ssl->session.version==DTLSV1DOT2_VERSION0xfefd || | |||
| 5851 | ssl->session.version==DTLSV1DOT0_OPENSSL_VERSION0x100){ | |||
| 5852 | /* Try rfc-compliant mac first, and if failed, try old openssl's non-rfc-compliant mac */ | |||
| 5853 | if(dtls_check_mac(ssl,decoder,ct,mac_frag,mac_fraglen,mac,cid,cidl)>= 0) { | |||
| 5854 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); | |||
| 5855 | } | |||
| 5856 | else if(tls_check_mac(decoder,ct,TLSV1_VERSION0x301,mac_frag,mac_fraglen,mac)>= 0) { | |||
| 5857 | ssl_debug_printf("ssl_decrypt_record: dtls rfc-compliant mac failed, but old openssl's non-rfc-compliant mac ok\n"); | |||
| 5858 | } | |||
| 5859 | else if(ignore_mac_failed) { | |||
| 5860 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); | |||
| 5861 | } | |||
| 5862 | else{ | |||
| 5863 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); | |||
| 5864 | return -1; | |||
| 5865 | } | |||
| 5866 | } | |||
| 5867 | skip_mac: | |||
| 5868 | ||||
| 5869 | *outl = worklen; | |||
| 5870 | ||||
| 5871 | if (decoder->compression > 0) { | |||
| 5872 | ssl_debug_printf("ssl_decrypt_record: compression method %d\n", decoder->compression); | |||
| 5873 | ssl_data_copy(comp_str, out_str); | |||
| 5874 | ssl_print_data("Plaintext compressed", comp_str->data, worklen); | |||
| 5875 | if (!decoder->decomp) { | |||
| 5876 | ssl_debug_printf("decrypt_ssl3_record: no decoder available\n"); | |||
| 5877 | return -1; | |||
| 5878 | } | |||
| 5879 | if (ssl_decompress_record(decoder->decomp, comp_str->data, worklen, out_str, &uncomplen) < 0) return -1; | |||
| 5880 | ssl_print_data("Plaintext uncompressed", out_str->data, uncomplen); | |||
| 5881 | *outl = uncomplen; | |||
| 5882 | } | |||
| 5883 | ||||
| 5884 | return 0; | |||
| 5885 | } | |||
| 5886 | /* Record decryption glue based on security parameters }}} */ | |||
| 5887 | ||||
| 5888 | ||||
| 5889 | ||||
| 5890 | #ifdef HAVE_LIBGNUTLS1 | |||
| 5891 | ||||
| 5892 | /* RSA private key file processing {{{ */ | |||
| 5893 | static void | |||
| 5894 | ssl_find_private_key_by_pubkey(SslDecryptSession *ssl, | |||
| 5895 | gnutls_datum_t *subjectPublicKeyInfo) | |||
| 5896 | { | |||
| 5897 | gnutls_pubkey_t pubkey = NULL((void*)0); | |||
| 5898 | cert_key_id_t key_id; | |||
| 5899 | size_t key_id_len = sizeof(key_id); | |||
| 5900 | int r; | |||
| 5901 | ||||
| 5902 | if (!subjectPublicKeyInfo->size) { | |||
| 5903 | ssl_debug_printf("%s: could not find SubjectPublicKeyInfo\n", G_STRFUNC((const char*) (__func__))); | |||
| 5904 | return; | |||
| 5905 | } | |||
| 5906 | ||||
| 5907 | r = gnutls_pubkey_init(&pubkey); | |||
| 5908 | if (r < 0) { | |||
| 5909 | ssl_debug_printf("%s: failed to init pubkey: %s\n", | |||
| 5910 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); | |||
| 5911 | return; | |||
| 5912 | } | |||
| 5913 | ||||
| 5914 | r = gnutls_pubkey_import(pubkey, subjectPublicKeyInfo, GNUTLS_X509_FMT_DER); | |||
| 5915 | if (r < 0) { | |||
| 5916 | ssl_debug_printf("%s: failed to import pubkey from handshake: %s\n", | |||
| 5917 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); | |||
| 5918 | goto end; | |||
| 5919 | } | |||
| 5920 | ||||
| 5921 | if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL((void*)0)) != GNUTLS_PK_RSA) { | |||
| 5922 | ssl_debug_printf("%s: Not a RSA public key - ignoring.\n", G_STRFUNC((const char*) (__func__))); | |||
| 5923 | goto end; | |||
| 5924 | } | |||
| 5925 | ||||
| 5926 | /* Generate a 20-byte SHA-1 hash. */ | |||
| 5927 | r = gnutls_pubkey_get_key_id(pubkey, 0, key_id.key_id, &key_id_len); | |||
| 5928 | if (r < 0) { | |||
| 5929 | ssl_debug_printf("%s: failed to extract key id from pubkey: %s\n", | |||
| 5930 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); | |||
| 5931 | goto end; | |||
| 5932 | } | |||
| 5933 | ||||
| 5934 | if (key_id_len != sizeof(key_id)) { | |||
| 5935 | ssl_debug_printf("%s: expected Key ID size %zu, got %zu\n", | |||
| 5936 | G_STRFUNC((const char*) (__func__)), sizeof(key_id), key_id_len); | |||
| 5937 | goto end; | |||
| 5938 | } | |||
| 5939 | ||||
| 5940 | ssl_print_data("Certificate.KeyID", key_id.key_id, key_id_len); | |||
| 5941 | ssl->cert_key_id = wmem_new(wmem_file_scope(), cert_key_id_t)((cert_key_id_t*)wmem_alloc((wmem_file_scope()), sizeof(cert_key_id_t ))); | |||
| 5942 | *ssl->cert_key_id = key_id; | |||
| 5943 | ||||
| 5944 | end: | |||
| 5945 | gnutls_pubkey_deinit(pubkey); | |||
| 5946 | } | |||
| 5947 | ||||
| 5948 | /* RSA private key file processing }}} */ | |||
| 5949 | #endif /* HAVE_LIBGNUTLS */ | |||
| 5950 | ||||
| 5951 | /*--- Start of dissector-related code below ---*/ | |||
| 5952 | ||||
| 5953 | /* get ssl data for this session. if no ssl data is found allocate a new one*/ | |||
| 5954 | SslDecryptSession * | |||
| 5955 | ssl_get_session(conversation_t *conversation, dissector_handle_t tls_handle) | |||
| 5956 | { | |||
| 5957 | void *conv_data; | |||
| 5958 | SslDecryptSession *ssl_session; | |||
| 5959 | int proto_ssl; | |||
| 5960 | ||||
| 5961 | proto_ssl = dissector_handle_get_protocol_index(tls_handle); | |||
| 5962 | conv_data = conversation_get_proto_data(conversation, proto_ssl); | |||
| 5963 | if (conv_data != NULL((void*)0)) | |||
| 5964 | return (SslDecryptSession *)conv_data; | |||
| 5965 | ||||
| 5966 | /* no previous SSL conversation info, initialize it. */ | |||
| 5967 | ssl_session = wmem_new0(wmem_file_scope(), SslDecryptSession)((SslDecryptSession*)wmem_alloc0((wmem_file_scope()), sizeof( SslDecryptSession))); | |||
| 5968 | ||||
| 5969 | /* data_len is the part that is meaningful, not the allocated length */ | |||
| 5970 | ssl_session->master_secret.data_len = 0; | |||
| 5971 | ssl_session->master_secret.data = ssl_session->_master_secret; | |||
| 5972 | ssl_session->session_id.data_len = 0; | |||
| 5973 | ssl_session->session_id.data = ssl_session->_session_id; | |||
| 5974 | ssl_session->client_random.data_len = 0; | |||
| 5975 | ssl_session->client_random.data = ssl_session->_client_random; | |||
| 5976 | ssl_session->server_random.data_len = 0; | |||
| 5977 | ssl_session->server_random.data = ssl_session->_server_random; | |||
| 5978 | ssl_session->session_ticket.data_len = 0; | |||
| 5979 | ssl_session->session_ticket.data = NULL((void*)0); /* will be re-alloced as needed */ | |||
| 5980 | ssl_session->server_data_for_iv.data_len = 0; | |||
| 5981 | ssl_session->server_data_for_iv.data = ssl_session->_server_data_for_iv; | |||
| 5982 | ssl_session->client_data_for_iv.data_len = 0; | |||
| 5983 | ssl_session->client_data_for_iv.data = ssl_session->_client_data_for_iv; | |||
| 5984 | ssl_session->app_data_segment.data = NULL((void*)0); | |||
| 5985 | ssl_session->app_data_segment.data_len = 0; | |||
| 5986 | ssl_session->handshake_data.data=NULL((void*)0); | |||
| 5987 | ssl_session->handshake_data.data_len=0; | |||
| 5988 | ssl_session->ech_transcript.data=NULL((void*)0); | |||
| 5989 | ssl_session->ech_transcript.data_len=0; | |||
| 5990 | ||||
| 5991 | /* Initialize parameters which are not necessary specific to decryption. */ | |||
| 5992 | ssl_session->session.version = SSL_VER_UNKNOWN0; | |||
| 5993 | clear_address(&ssl_session->session.srv_addr); | |||
| 5994 | ssl_session->session.srv_ptype = PT_NONE; | |||
| 5995 | ssl_session->session.srv_port = 0; | |||
| 5996 | ssl_session->session.dtls13_current_epoch[0] = ssl_session->session.dtls13_current_epoch[1] = 0; | |||
| 5997 | ssl_session->session.dtls13_next_seq_num[0] = ssl_session->session.dtls13_next_seq_num[1] = 0; | |||
| 5998 | ssl_session->session.client_random.data_len = 0; | |||
| 5999 | ssl_session->session.client_random.data = ssl_session->session._client_random; | |||
| 6000 | memset(ssl_session->session.ech_confirmation, 0, sizeof(ssl_session->session.ech_confirmation)); | |||
| 6001 | memset(ssl_session->session.hrr_ech_confirmation, 0, sizeof(ssl_session->session.hrr_ech_confirmation)); | |||
| 6002 | memset(ssl_session->session.first_ech_auth_tag, 0, sizeof(ssl_session->session.first_ech_auth_tag)); | |||
| 6003 | ssl_session->session.ech = false0; | |||
| 6004 | ssl_session->session.hrr_ech_declined = false0; | |||
| 6005 | ssl_session->session.first_ch_ech_frame = 0; | |||
| 6006 | ||||
| 6007 | conversation_add_proto_data(conversation, proto_ssl, ssl_session); | |||
| 6008 | return ssl_session; | |||
| 6009 | } | |||
| 6010 | ||||
| 6011 | void ssl_reset_session(SslSession *session, SslDecryptSession *ssl, bool_Bool is_client) | |||
| 6012 | { | |||
| 6013 | if (ssl) { | |||
| 6014 | /* Ensure that secrets are not restored using stale identifiers. Split | |||
| 6015 | * between client and server in case the packets somehow got out of order. */ | |||
| 6016 | int clear_flags = SSL_HAVE_SESSION_KEY(1<<3) | SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6); | |||
| 6017 | ||||
| 6018 | if (is_client) { | |||
| 6019 | clear_flags |= SSL_CLIENT_EXTENDED_MASTER_SECRET(1<<7); | |||
| 6020 | ssl->session_id.data_len = 0; | |||
| 6021 | ssl->session_ticket.data_len = 0; | |||
| 6022 | ssl->master_secret.data_len = 0; | |||
| 6023 | ssl->client_random.data_len = 0; | |||
| 6024 | ssl->has_early_data = false0; | |||
| 6025 | if (ssl->handshake_data.data_len > 0) { | |||
| 6026 | // The EMS handshake hash starts with at the Client Hello, | |||
| 6027 | // ensure that any messages before it are forgotten. | |||
| 6028 | wmem_free(wmem_file_scope(), ssl->handshake_data.data); | |||
| 6029 | ssl->handshake_data.data = NULL((void*)0); | |||
| 6030 | ssl->handshake_data.data_len = 0; | |||
| 6031 | } | |||
| 6032 | } else { | |||
| 6033 | clear_flags |= SSL_SERVER_EXTENDED_MASTER_SECRET(1<<8) | SSL_NEW_SESSION_TICKET(1<<10); | |||
| 6034 | ssl->server_random.data_len = 0; | |||
| 6035 | ssl->pre_master_secret.data_len = 0; | |||
| 6036 | #ifdef HAVE_LIBGNUTLS1 | |||
| 6037 | ssl->cert_key_id = NULL((void*)0); | |||
| 6038 | #endif | |||
| 6039 | ssl->psk.data_len = 0; | |||
| 6040 | } | |||
| 6041 | ||||
| 6042 | if (ssl->state & clear_flags) { | |||
| 6043 | ssl_debug_printf("%s detected renegotiation, clearing 0x%02x (%s side)\n", | |||
| 6044 | G_STRFUNC((const char*) (__func__)), ssl->state & clear_flags, is_client ? "client" : "server"); | |||
| 6045 | ssl->state &= ~clear_flags; | |||
| 6046 | } | |||
| 6047 | } | |||
| 6048 | ||||
| 6049 | /* These flags might be used for non-decryption purposes and may affect the | |||
| 6050 | * dissection, so reset them as well. */ | |||
| 6051 | if (is_client) { | |||
| 6052 | session->client_cert_type = 0; | |||
| 6053 | } else { | |||
| 6054 | session->compression = 0; | |||
| 6055 | session->server_cert_type = 0; | |||
| 6056 | /* session->is_session_resumed is already handled in the ServerHello dissection. */ | |||
| 6057 | } | |||
| 6058 | session->dtls13_next_seq_num[0] = session->dtls13_next_seq_num[1] = 0; | |||
| 6059 | session->dtls13_current_epoch[0] = session->dtls13_current_epoch[1] = 0; | |||
| 6060 | } | |||
| 6061 | ||||
| 6062 | void | |||
| 6063 | tls_set_appdata_dissector(dissector_handle_t tls_handle, packet_info *pinfo, | |||
| 6064 | dissector_handle_t app_handle) | |||
| 6065 | { | |||
| 6066 | conversation_t *conversation; | |||
| 6067 | SslSession *session; | |||
| 6068 | ||||
| 6069 | /* Ignore if the TLS or other dissector is disabled. */ | |||
| 6070 | if (!tls_handle || !app_handle) | |||
| 6071 | return; | |||
| 6072 | ||||
| 6073 | conversation = find_or_create_conversation(pinfo); | |||
| 6074 | session = &ssl_get_session(conversation, tls_handle)->session; | |||
| 6075 | session->app_handle = app_handle; | |||
| 6076 | } | |||
| 6077 | ||||
| 6078 | static uint32_t | |||
| 6079 | ssl_starttls(dissector_handle_t tls_handle, packet_info *pinfo, | |||
| 6080 | dissector_handle_t app_handle, uint32_t last_nontls_frame) | |||
| 6081 | { | |||
| 6082 | conversation_t *conversation; | |||
| 6083 | SslSession *session; | |||
| 6084 | ||||
| 6085 | /* Ignore if the TLS dissector is disabled. */ | |||
| 6086 | if (!tls_handle) | |||
| 6087 | return 0; | |||
| 6088 | /* The caller should always pass a valid handle to its own dissector. */ | |||
| 6089 | DISSECTOR_ASSERT(app_handle)((void) ((app_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6089, "app_handle")))); | |||
| 6090 | ||||
| 6091 | conversation = find_or_create_conversation(pinfo); | |||
| 6092 | session = &ssl_get_session(conversation, tls_handle)->session; | |||
| 6093 | ||||
| 6094 | ssl_debug_printf("%s: old frame %d, app_handle=%p (%s)\n", G_STRFUNC((const char*) (__func__)), | |||
| 6095 | session->last_nontls_frame, | |||
| 6096 | (void *)session->app_handle, | |||
| 6097 | dissector_handle_get_dissector_name(session->app_handle)); | |||
| 6098 | ssl_debug_printf("%s: current frame %d, app_handle=%p (%s)\n", G_STRFUNC((const char*) (__func__)), | |||
| 6099 | pinfo->num, (void *)app_handle, | |||
| 6100 | dissector_handle_get_dissector_name(app_handle)); | |||
| 6101 | ||||
| 6102 | /* Do not switch again if a dissector did it before. */ | |||
| 6103 | if (session->last_nontls_frame) { | |||
| 6104 | ssl_debug_printf("%s: not overriding previous app handle!\n", G_STRFUNC((const char*) (__func__))); | |||
| 6105 | return session->last_nontls_frame; | |||
| 6106 | } | |||
| 6107 | ||||
| 6108 | session->app_handle = app_handle; | |||
| 6109 | /* The TLS dissector should be called first for this conversation. */ | |||
| 6110 | conversation_set_dissector(conversation, tls_handle); | |||
| 6111 | /* TLS starts after this frame. */ | |||
| 6112 | session->last_nontls_frame = last_nontls_frame; | |||
| 6113 | return 0; | |||
| 6114 | } | |||
| 6115 | ||||
| 6116 | /* ssl_starttls_ack: mark future frames as encrypted. */ | |||
| 6117 | uint32_t | |||
| 6118 | ssl_starttls_ack(dissector_handle_t tls_handle, packet_info *pinfo, | |||
| 6119 | dissector_handle_t app_handle) | |||
| 6120 | { | |||
| 6121 | return ssl_starttls(tls_handle, pinfo, app_handle, pinfo->num); | |||
| 6122 | } | |||
| 6123 | ||||
| 6124 | uint32_t | |||
| 6125 | ssl_starttls_post_ack(dissector_handle_t tls_handle, packet_info *pinfo, | |||
| 6126 | dissector_handle_t app_handle) | |||
| 6127 | { | |||
| 6128 | return ssl_starttls(tls_handle, pinfo, app_handle, pinfo->num - 1); | |||
| 6129 | } | |||
| 6130 | ||||
| 6131 | dissector_handle_t | |||
| 6132 | ssl_find_appdata_dissector(const char *name) | |||
| 6133 | { | |||
| 6134 | /* Accept 'http' for backwards compatibility and sanity. */ | |||
| 6135 | if (!strcmp(name, "http")) | |||
| 6136 | name = "http-over-tls"; | |||
| 6137 | /* XXX - Should this check to see if the dissector is actually added for | |||
| 6138 | * Decode As in the appropriate table? | |||
| 6139 | */ | |||
| 6140 | return find_dissector(name); | |||
| 6141 | } | |||
| 6142 | ||||
| 6143 | /* Functions for TLS/DTLS sessions and RSA private keys hashtables. {{{ */ | |||
| 6144 | static int | |||
| 6145 | ssl_equal (const void *v, const void *v2) | |||
| 6146 | { | |||
| 6147 | const StringInfo *val1; | |||
| 6148 | const StringInfo *val2; | |||
| 6149 | val1 = (const StringInfo *)v; | |||
| 6150 | val2 = (const StringInfo *)v2; | |||
| 6151 | ||||
| 6152 | if (val1->data_len == val2->data_len && | |||
| 6153 | !memcmp(val1->data, val2->data, val2->data_len)) { | |||
| 6154 | return 1; | |||
| 6155 | } | |||
| 6156 | return 0; | |||
| 6157 | } | |||
| 6158 | ||||
| 6159 | static unsigned | |||
| 6160 | ssl_hash (const void *v) | |||
| 6161 | { | |||
| 6162 | unsigned l,hash; | |||
| 6163 | const StringInfo* id; | |||
| 6164 | const unsigned* cur; | |||
| 6165 | hash = 0; | |||
| 6166 | id = (const StringInfo*) v; | |||
| 6167 | ||||
| 6168 | /* id and id->data are mallocated in ssl_save_master_key(). As such 'data' | |||
| 6169 | * should be aligned for any kind of access (for example as a unsigned as | |||
| 6170 | * is done below). The intermediate void* cast is to prevent "cast | |||
| 6171 | * increases required alignment of target type" warnings on CPUs (such | |||
| 6172 | * as SPARCs) that do not allow misaligned memory accesses. | |||
| 6173 | */ | |||
| 6174 | cur = (const unsigned*)(void*) id->data; | |||
| 6175 | ||||
| 6176 | for (l=4; (l < id->data_len); l+=4, cur++) | |||
| 6177 | hash = hash ^ (*cur); | |||
| 6178 | ||||
| 6179 | return hash; | |||
| 6180 | } | |||
| 6181 | /* Functions for TLS/DTLS sessions and RSA private keys hashtables. }}} */ | |||
| 6182 | ||||
| 6183 | /* Handling of association between tls/dtls ports and clear text protocol. {{{ */ | |||
| 6184 | void | |||
| 6185 | ssl_association_add(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, unsigned port, bool_Bool tcp) | |||
| 6186 | { | |||
| 6187 | DISSECTOR_ASSERT(main_handle)((void) ((main_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6187, "main_handle")))); | |||
| 6188 | DISSECTOR_ASSERT(subdissector_handle)((void) ((subdissector_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6188, "subdissector_handle")))); | |||
| 6189 | /* Registration is required for Export PDU feature to work properly. */ | |||
| 6190 | DISSECTOR_ASSERT_HINT(dissector_handle_get_dissector_name(subdissector_handle),((void) ((dissector_handle_get_dissector_name(subdissector_handle )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\" (%s)" , "epan/dissectors/packet-tls-utils.c", 6191, "dissector_handle_get_dissector_name(subdissector_handle)" , "SSL appdata dissectors must register with register_dissector()!" )))) | |||
| 6191 | "SSL appdata dissectors must register with register_dissector()!")((void) ((dissector_handle_get_dissector_name(subdissector_handle )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\" (%s)" , "epan/dissectors/packet-tls-utils.c", 6191, "dissector_handle_get_dissector_name(subdissector_handle)" , "SSL appdata dissectors must register with register_dissector()!" )))); | |||
| 6192 | ssl_debug_printf("association_add %s port %d handle %p\n", dissector_table_name, port, (void *)subdissector_handle); | |||
| 6193 | ||||
| 6194 | if (port) { | |||
| 6195 | dissector_add_uint(dissector_table_name, port, subdissector_handle); | |||
| 6196 | if (tcp) | |||
| 6197 | dissector_add_uint("tcp.port", port, main_handle); | |||
| 6198 | else | |||
| 6199 | dissector_add_uint("udp.port", port, main_handle); | |||
| 6200 | dissector_add_uint("sctp.port", port, main_handle); | |||
| 6201 | } else { | |||
| 6202 | dissector_add_for_decode_as(dissector_table_name, subdissector_handle); | |||
| 6203 | } | |||
| 6204 | } | |||
| 6205 | ||||
| 6206 | void | |||
| 6207 | ssl_association_remove(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, unsigned port, bool_Bool tcp) | |||
| 6208 | { | |||
| 6209 | ssl_debug_printf("ssl_association_remove removing %s %u - handle %p\n", | |||
| 6210 | tcp?"TCP":"UDP", port, (void *)subdissector_handle); | |||
| 6211 | if (main_handle) { | |||
| 6212 | dissector_delete_uint(tcp?"tcp.port":"udp.port", port, main_handle); | |||
| 6213 | dissector_delete_uint("sctp.port", port, main_handle); | |||
| 6214 | } | |||
| 6215 | ||||
| 6216 | if (port) { | |||
| 6217 | dissector_delete_uint(dissector_table_name, port, subdissector_handle); | |||
| 6218 | } | |||
| 6219 | } | |||
| 6220 | ||||
| 6221 | void | |||
| 6222 | ssl_set_server(SslSession *session, address *addr, port_type ptype, uint32_t port) | |||
| 6223 | { | |||
| 6224 | copy_address_wmem(wmem_file_scope(), &session->srv_addr, addr); | |||
| 6225 | session->srv_ptype = ptype; | |||
| 6226 | session->srv_port = port; | |||
| 6227 | } | |||
| 6228 | ||||
| 6229 | int | |||
| 6230 | ssl_packet_from_server(SslSession *session, dissector_table_t table, const packet_info *pinfo) | |||
| 6231 | { | |||
| 6232 | int ret; | |||
| 6233 | if (session && session->srv_addr.type != AT_NONE) { | |||
| 6234 | ret = (session->srv_ptype == pinfo->ptype) && | |||
| 6235 | (session->srv_port == pinfo->srcport) && | |||
| 6236 | addresses_equal(&session->srv_addr, &pinfo->src); | |||
| 6237 | } else { | |||
| 6238 | ret = (dissector_get_uint_handle(table, pinfo->srcport) != 0); | |||
| 6239 | } | |||
| 6240 | ||||
| 6241 | ssl_debug_printf("packet_from_server: is from server - %s\n", (ret)?"TRUE":"FALSE"); | |||
| 6242 | return ret; | |||
| 6243 | } | |||
| 6244 | /* Handling of association between tls/dtls ports and clear text protocol. }}} */ | |||
| 6245 | ||||
| 6246 | ||||
| 6247 | /* Links SSL records with the real packet data. {{{ */ | |||
| 6248 | SslPacketInfo * | |||
| 6249 | tls_add_packet_info(int proto, packet_info *pinfo, uint8_t curr_layer_num_ssl) | |||
| 6250 | { | |||
| 6251 | SslPacketInfo *pi = (SslPacketInfo *)p_get_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl); | |||
| 6252 | if (!pi) { | |||
| 6253 | pi = wmem_new0(wmem_file_scope(), SslPacketInfo)((SslPacketInfo*)wmem_alloc0((wmem_file_scope()), sizeof(SslPacketInfo ))); | |||
| 6254 | pi->srcport = pinfo->srcport; | |||
| 6255 | pi->destport = pinfo->destport; | |||
| 6256 | p_add_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl, pi); | |||
| 6257 | } | |||
| 6258 | ||||
| 6259 | return pi; | |||
| 6260 | } | |||
| 6261 | ||||
| 6262 | /** | |||
| 6263 | * Remembers the decrypted TLS record fragment (TLSInnerPlaintext in TLS 1.3) to | |||
| 6264 | * avoid the need for a decoder in the second pass. Additionally, it remembers | |||
| 6265 | * sequence numbers (for reassembly and Follow TLS Stream). | |||
| 6266 | * | |||
| 6267 | * @param proto The protocol identifier (proto_ssl or proto_dtls). | |||
| 6268 | * @param pinfo The packet where the record originates from. | |||
| 6269 | * @param data Decrypted data to store in the record. | |||
| 6270 | * @param data_len Length of decrypted record data. | |||
| 6271 | * @param record_id The identifier for this record within the current packet. | |||
| 6272 | * @param flow Information about sequence numbers, etc. | |||
| 6273 | * @param type TLS Content Type (such as handshake or application_data). | |||
| 6274 | * @param curr_layer_num_ssl The layer identifier for this TLS session. | |||
| 6275 | */ | |||
| 6276 | void | |||
| 6277 | ssl_add_record_info(int proto, packet_info *pinfo, const unsigned char *data, int data_len, int record_id, SslFlow *flow, ContentType type, uint8_t curr_layer_num_ssl, uint64_t record_seq) | |||
| 6278 | { | |||
| 6279 | SslRecordInfo* rec, **prec; | |||
| 6280 | SslPacketInfo *pi = tls_add_packet_info(proto, pinfo, curr_layer_num_ssl); | |||
| 6281 | ||||
| 6282 | rec = wmem_new(wmem_file_scope(), SslRecordInfo)((SslRecordInfo*)wmem_alloc((wmem_file_scope()), sizeof(SslRecordInfo ))); | |||
| 6283 | rec->plain_data = (unsigned char *)wmem_memdup(wmem_file_scope(), data, data_len); | |||
| 6284 | rec->data_len = data_len; | |||
| 6285 | rec->id = record_id; | |||
| 6286 | rec->type = type; | |||
| 6287 | rec->next = NULL((void*)0); | |||
| 6288 | rec->record_seq = record_seq; | |||
| 6289 | ||||
| 6290 | if (flow && type == SSL_ID_APP_DATA) { | |||
| 6291 | rec->seq = flow->byte_seq; | |||
| 6292 | rec->flow = flow; | |||
| 6293 | flow->byte_seq += data_len; | |||
| 6294 | ssl_debug_printf("%s stored decrypted record seq=%d nxtseq=%d flow=%p\n", | |||
| 6295 | G_STRFUNC((const char*) (__func__)), rec->seq, rec->seq + data_len, (void*)flow); | |||
| 6296 | } | |||
| 6297 | ||||
| 6298 | /* Remember decrypted records. */ | |||
| 6299 | prec = &pi->records; | |||
| 6300 | while (*prec) prec = &(*prec)->next; | |||
| 6301 | *prec = rec; | |||
| 6302 | } | |||
| 6303 | ||||
| 6304 | /* search in packet data for the specified id; return a newly created tvb for the associated data */ | |||
| 6305 | tvbuff_t* | |||
| 6306 | ssl_get_record_info(tvbuff_t *parent_tvb, int proto, packet_info *pinfo, int record_id, uint8_t curr_layer_num_ssl, SslRecordInfo **matched_record) | |||
| 6307 | { | |||
| 6308 | SslRecordInfo* rec; | |||
| 6309 | SslPacketInfo* pi; | |||
| 6310 | pi = (SslPacketInfo *)p_get_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl); | |||
| 6311 | ||||
| 6312 | if (!pi) | |||
| 6313 | return NULL((void*)0); | |||
| 6314 | ||||
| 6315 | for (rec = pi->records; rec; rec = rec->next) | |||
| 6316 | if (rec->id == record_id) { | |||
| 6317 | *matched_record = rec; | |||
| 6318 | /* link new real_data_tvb with a parent tvb so it is freed when frame dissection is complete */ | |||
| 6319 | return tvb_new_child_real_data(parent_tvb, rec->plain_data, rec->data_len, rec->data_len); | |||
| 6320 | } | |||
| 6321 | ||||
| 6322 | return NULL((void*)0); | |||
| 6323 | } | |||
| 6324 | /* Links SSL records with the real packet data. }}} */ | |||
| 6325 | ||||
| 6326 | /* initialize/reset per capture state data (ssl sessions cache). {{{ */ | |||
| 6327 | void | |||
| 6328 | ssl_common_init(ssl_master_key_map_t *mk_map, | |||
| 6329 | StringInfo *decrypted_data, StringInfo *compressed_data) | |||
| 6330 | { | |||
| 6331 | mk_map->session = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6332 | mk_map->tickets = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6333 | mk_map->crandom = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6334 | mk_map->pre_master = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6335 | mk_map->pms = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6336 | mk_map->tls13_client_early = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6337 | mk_map->tls13_client_handshake = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6338 | mk_map->tls13_server_handshake = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6339 | mk_map->tls13_client_appdata = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6340 | mk_map->tls13_server_appdata = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6341 | mk_map->tls13_early_exporter = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6342 | mk_map->tls13_exporter = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6343 | ||||
| 6344 | mk_map->ech_secret = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6345 | mk_map->ech_config = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6346 | ||||
| 6347 | mk_map->used_crandom = g_hash_table_new(ssl_hash, ssl_equal); | |||
| 6348 | ||||
| 6349 | ssl_data_alloc(decrypted_data, 32); | |||
| 6350 | ssl_data_alloc(compressed_data, 32); | |||
| 6351 | } | |||
| 6352 | ||||
| 6353 | void | |||
| 6354 | ssl_common_cleanup(ssl_master_key_map_t *mk_map, FILE **ssl_keylog_file, | |||
| 6355 | StringInfo *decrypted_data, StringInfo *compressed_data) | |||
| 6356 | { | |||
| 6357 | g_hash_table_destroy(mk_map->session); | |||
| 6358 | g_hash_table_destroy(mk_map->tickets); | |||
| 6359 | g_hash_table_destroy(mk_map->crandom); | |||
| 6360 | g_hash_table_destroy(mk_map->pre_master); | |||
| 6361 | g_hash_table_destroy(mk_map->pms); | |||
| 6362 | g_hash_table_destroy(mk_map->tls13_client_early); | |||
| 6363 | g_hash_table_destroy(mk_map->tls13_client_handshake); | |||
| 6364 | g_hash_table_destroy(mk_map->tls13_server_handshake); | |||
| 6365 | g_hash_table_destroy(mk_map->tls13_client_appdata); | |||
| 6366 | g_hash_table_destroy(mk_map->tls13_server_appdata); | |||
| 6367 | g_hash_table_destroy(mk_map->tls13_early_exporter); | |||
| 6368 | g_hash_table_destroy(mk_map->tls13_exporter); | |||
| 6369 | ||||
| 6370 | g_hash_table_destroy(mk_map->ech_secret); | |||
| 6371 | g_hash_table_destroy(mk_map->ech_config); | |||
| 6372 | ||||
| 6373 | g_hash_table_destroy(mk_map->used_crandom); | |||
| 6374 | ||||
| 6375 | g_free(decrypted_data->data); | |||
| 6376 | g_free(compressed_data->data); | |||
| 6377 | ||||
| 6378 | /* close the previous keylog file now that the cache are cleared, this | |||
| 6379 | * allows the cache to be filled with the full keylog file contents. */ | |||
| 6380 | if (*ssl_keylog_file) { | |||
| 6381 | fclose(*ssl_keylog_file); | |||
| 6382 | *ssl_keylog_file = NULL((void*)0); | |||
| 6383 | } | |||
| 6384 | } | |||
| 6385 | /* }}} */ | |||
| 6386 | ||||
| 6387 | /* parse ssl related preferences (private keys and ports association strings) */ | |||
| 6388 | #if defined(HAVE_LIBGNUTLS1) | |||
| 6389 | /* Load a single RSA key file item from preferences. {{{ */ | |||
| 6390 | void | |||
| 6391 | ssl_parse_key_list(const ssldecrypt_assoc_t *uats, GHashTable *key_hash, const char* dissector_table_name, dissector_handle_t main_handle, bool_Bool tcp) | |||
| 6392 | { | |||
| 6393 | gnutls_x509_privkey_t x509_priv_key; | |||
| 6394 | gnutls_privkey_t priv_key = NULL((void*)0); | |||
| 6395 | FILE* fp = NULL((void*)0); | |||
| 6396 | int ret; | |||
| 6397 | size_t key_id_len = 20; | |||
| 6398 | unsigned char *key_id = NULL((void*)0); | |||
| 6399 | char *err = NULL((void*)0); | |||
| 6400 | dissector_handle_t handle; | |||
| 6401 | /* try to load keys file first */ | |||
| 6402 | fp = ws_fopenfopen(uats->keyfile, "rb"); | |||
| 6403 | if (!fp) { | |||
| 6404 | report_open_failure(uats->keyfile, errno(*__errno_location ()), false0); | |||
| 6405 | return; | |||
| 6406 | } | |||
| 6407 | ||||
| 6408 | if ((int)strlen(uats->password) == 0) { | |||
| 6409 | x509_priv_key = rsa_load_pem_key(fp, &err); | |||
| 6410 | } else { | |||
| 6411 | x509_priv_key = rsa_load_pkcs12(fp, uats->password, &err); | |||
| 6412 | } | |||
| 6413 | fclose(fp); | |||
| 6414 | ||||
| 6415 | if (!x509_priv_key) { | |||
| 6416 | if (err) { | |||
| 6417 | report_failure("Can't load private key from %s: %s", | |||
| 6418 | uats->keyfile, err); | |||
| 6419 | g_free(err); | |||
| 6420 | } else | |||
| 6421 | report_failure("Can't load private key from %s: unknown error", | |||
| 6422 | uats->keyfile); | |||
| 6423 | return; | |||
| 6424 | } | |||
| 6425 | if (err) { | |||
| 6426 | report_failure("Load of private key from %s \"succeeded\" with error %s", | |||
| 6427 | uats->keyfile, err); | |||
| 6428 | g_free(err); | |||
| 6429 | } | |||
| 6430 | ||||
| 6431 | gnutls_privkey_init(&priv_key); | |||
| 6432 | ret = gnutls_privkey_import_x509(priv_key, x509_priv_key, | |||
| 6433 | GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE|GNUTLS_PRIVKEY_IMPORT_COPY); | |||
| 6434 | if (ret < 0) { | |||
| 6435 | report_failure("Can't convert private key %s: %s", | |||
| 6436 | uats->keyfile, gnutls_strerror(ret)); | |||
| 6437 | goto end; | |||
| 6438 | } | |||
| 6439 | ||||
| 6440 | key_id = (unsigned char *) g_malloc0(key_id_len); | |||
| 6441 | ret = gnutls_x509_privkey_get_key_id(x509_priv_key, 0, key_id, &key_id_len); | |||
| 6442 | if (ret < 0) { | |||
| 6443 | report_failure("Can't calculate public key ID for %s: %s", | |||
| 6444 | uats->keyfile, gnutls_strerror(ret)); | |||
| 6445 | goto end; | |||
| 6446 | } | |||
| 6447 | ssl_print_data("KeyID", key_id, key_id_len); | |||
| 6448 | if (key_id_len != 20) { | |||
| 6449 | report_failure("Expected Key ID size %u for %s, got %zu", 20, | |||
| 6450 | uats->keyfile, key_id_len); | |||
| 6451 | goto end; | |||
| 6452 | } | |||
| 6453 | ||||
| 6454 | g_hash_table_replace(key_hash, key_id, priv_key); | |||
| 6455 | key_id = NULL((void*)0); /* used in key_hash, do not free. */ | |||
| 6456 | priv_key = NULL((void*)0); | |||
| 6457 | ssl_debug_printf("ssl_init private key file %s successfully loaded.\n", uats->keyfile); | |||
| 6458 | ||||
| 6459 | handle = ssl_find_appdata_dissector(uats->protocol); | |||
| 6460 | if (handle) { | |||
| 6461 | /* Port to subprotocol mapping */ | |||
| 6462 | uint16_t port = 0; | |||
| 6463 | if (ws_strtou16(uats->port, NULL((void*)0), &port)) { | |||
| 6464 | if (port > 0) { | |||
| 6465 | ssl_debug_printf("ssl_init port '%d' filename '%s' password(only for p12 file) '%s'\n", | |||
| 6466 | port, uats->keyfile, uats->password); | |||
| 6467 | ||||
| 6468 | ssl_association_add(dissector_table_name, main_handle, handle, port, tcp); | |||
| 6469 | } | |||
| 6470 | } else { | |||
| 6471 | if (strcmp(uats->port, "start_tls")) | |||
| 6472 | ssl_debug_printf("invalid ssl_init_port: %s\n", uats->port); | |||
| 6473 | } | |||
| 6474 | } | |||
| 6475 | ||||
| 6476 | end: | |||
| 6477 | gnutls_x509_privkey_deinit(x509_priv_key); | |||
| 6478 | gnutls_privkey_deinit(priv_key); | |||
| 6479 | g_free(key_id); | |||
| 6480 | } | |||
| 6481 | /* }}} */ | |||
| 6482 | #endif | |||
| 6483 | ||||
| 6484 | ||||
| 6485 | /* Store/load a known (pre-)master secret from/for this SSL session. {{{ */ | |||
| 6486 | /** store a known (pre-)master secret into cache */ | |||
| 6487 | static void | |||
| 6488 | ssl_save_master_key(const char *label, GHashTable *ht, StringInfo *key, | |||
| 6489 | StringInfo *mk) | |||
| 6490 | { | |||
| 6491 | StringInfo *ht_key, *master_secret; | |||
| 6492 | ||||
| 6493 | if (key->data_len == 0) { | |||
| 6494 | ssl_debug_printf("%s: not saving empty %s!\n", G_STRFUNC((const char*) (__func__)), label); | |||
| 6495 | return; | |||
| 6496 | } | |||
| 6497 | ||||
| 6498 | if (mk->data_len == 0) { | |||
| 6499 | ssl_debug_printf("%s not saving empty (pre-)master secret for %s!\n", | |||
| 6500 | G_STRFUNC((const char*) (__func__)), label); | |||
| 6501 | return; | |||
| 6502 | } | |||
| 6503 | ||||
| 6504 | /* ssl_hash() depends on session_ticket->data being aligned for unsigned access | |||
| 6505 | * so be careful in changing how it is allocated. */ | |||
| 6506 | ht_key = ssl_data_clone(key); | |||
| 6507 | master_secret = ssl_data_clone(mk); | |||
| 6508 | g_hash_table_insert(ht, ht_key, master_secret); | |||
| 6509 | ||||
| 6510 | ssl_debug_printf("%s inserted (pre-)master secret for %s\n", G_STRFUNC((const char*) (__func__)), label); | |||
| 6511 | ssl_print_string("stored key", ht_key); | |||
| 6512 | ssl_print_string("stored (pre-)master secret", master_secret); | |||
| 6513 | } | |||
| 6514 | ||||
| 6515 | /** restore a (pre-)master secret given some key in the cache */ | |||
| 6516 | static bool_Bool | |||
| 6517 | ssl_restore_master_key(SslDecryptSession *ssl, const char *label, | |||
| 6518 | bool_Bool is_pre_master, GHashTable *ht, StringInfo *key) | |||
| 6519 | { | |||
| 6520 | StringInfo *ms; | |||
| 6521 | ||||
| 6522 | if (key->data_len == 0) { | |||
| 6523 | ssl_debug_printf("%s can't restore %smaster secret using an empty %s\n", | |||
| 6524 | G_STRFUNC((const char*) (__func__)), is_pre_master ? "pre-" : "", label); | |||
| 6525 | return false0; | |||
| 6526 | } | |||
| 6527 | ||||
| 6528 | ms = (StringInfo *)g_hash_table_lookup(ht, key); | |||
| 6529 | if (!ms) { | |||
| 6530 | ssl_debug_printf("%s can't find %smaster secret by %s\n", G_STRFUNC((const char*) (__func__)), | |||
| 6531 | is_pre_master ? "pre-" : "", label); | |||
| 6532 | return false0; | |||
| 6533 | } | |||
| 6534 | ||||
| 6535 | /* (pre)master secret found, clear knowledge of other keys and set it in the | |||
| 6536 | * current conversation */ | |||
| 6537 | ssl->state &= ~(SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6) | | |||
| 6538 | SSL_HAVE_SESSION_KEY(1<<3)); | |||
| 6539 | if (is_pre_master) { | |||
| 6540 | /* unlike master secret, pre-master secret has a variable size (48 for | |||
| 6541 | * RSA, varying for PSK) and is therefore not statically allocated */ | |||
| 6542 | ssl->pre_master_secret.data = (unsigned char *) wmem_alloc(wmem_file_scope(), | |||
| 6543 | ms->data_len); | |||
| 6544 | ssl_data_set(&ssl->pre_master_secret, ms->data, ms->data_len); | |||
| 6545 | ssl->state |= SSL_PRE_MASTER_SECRET(1<<6); | |||
| 6546 | } else { | |||
| 6547 | ssl_data_set(&ssl->master_secret, ms->data, ms->data_len); | |||
| 6548 | ssl->state |= SSL_MASTER_SECRET(1<<5); | |||
| 6549 | } | |||
| 6550 | ssl_debug_printf("%s %smaster secret retrieved using %s\n", G_STRFUNC((const char*) (__func__)), | |||
| 6551 | is_pre_master ? "pre-" : "", label); | |||
| 6552 | ssl_print_string(label, key); | |||
| 6553 | ssl_print_string("(pre-)master secret", ms); | |||
| 6554 | return true1; | |||
| 6555 | } | |||
| 6556 | /* Store/load a known (pre-)master secret from/for this SSL session. }}} */ | |||
| 6557 | ||||
| 6558 | /* Should be called when all parameters are ready (after ChangeCipherSpec), and | |||
| 6559 | * the decoder should be attempted to be initialized. {{{*/ | |||
| 6560 | void | |||
| 6561 | ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map) | |||
| 6562 | { | |||
| 6563 | if (ssl->session.version == TLSV1DOT3_VERSION0x304) { | |||
| ||||
| 6564 | /* TLS 1.3 implementations only provide secrets derived from the master | |||
| 6565 | * secret which are loaded in tls13_change_key. No master secrets can be | |||
| 6566 | * loaded here, so just return. */ | |||
| 6567 | return; | |||
| 6568 | } | |||
| 6569 | ssl_debug_printf("%s state = 0x%02X\n", G_STRFUNC((const char*) (__func__)), ssl->state); | |||
| 6570 | if (ssl->state & SSL_HAVE_SESSION_KEY(1<<3)) { | |||
| 6571 | ssl_debug_printf(" session key already available, nothing to do.\n"); | |||
| 6572 | return; | |||
| 6573 | } | |||
| 6574 | if (!(ssl->state & SSL_CIPHER(1<<2))) { | |||
| 6575 | ssl_debug_printf(" Cipher suite (Server Hello) is missing!\n"); | |||
| 6576 | return; | |||
| 6577 | } | |||
| 6578 | ||||
| 6579 | /* for decryption, there needs to be a master secret (which can be derived | |||
| 6580 | * from pre-master secret). If missing, try to pick a master key from cache | |||
| 6581 | * (an earlier packet in the capture or key logfile). */ | |||
| 6582 | if (!(ssl->state & (SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6))) && | |||
| 6583 | !ssl_restore_master_key(ssl, "Session ID", false0, | |||
| 6584 | mk_map->session, &ssl->session_id) && | |||
| 6585 | (!ssl->session.is_session_resumed || | |||
| 6586 | !ssl_restore_master_key(ssl, "Session Ticket", false0, | |||
| 6587 | mk_map->tickets, &ssl->session_ticket)) && | |||
| 6588 | !ssl_restore_master_key(ssl, "Client Random", false0, | |||
| 6589 | mk_map->crandom, &ssl->client_random)) { | |||
| 6590 | if (ssl->cipher_suite->enc != ENC_NULL0x3D) { | |||
| 6591 | /* how unfortunate, the master secret could not be found */ | |||
| 6592 | ssl_debug_printf(" Cannot find master secret\n"); | |||
| 6593 | return; | |||
| 6594 | } else { | |||
| 6595 | ssl_debug_printf(" Cannot find master secret, continuing anyway " | |||
| 6596 | "because of a NULL cipher\n"); | |||
| 6597 | } | |||
| 6598 | } | |||
| 6599 | ||||
| 6600 | if (ssl_generate_keyring_material(ssl) < 0) { | |||
| 6601 | ssl_debug_printf("%s can't generate keyring material\n", G_STRFUNC((const char*) (__func__))); | |||
| 6602 | return; | |||
| 6603 | } | |||
| 6604 | /* Save Client Random/ Session ID for "SSL Export Session keys" */ | |||
| 6605 | ssl_save_master_key("Client Random", mk_map->crandom, | |||
| 6606 | &ssl->client_random, &ssl->master_secret); | |||
| 6607 | ssl_save_master_key("Session ID", mk_map->session, | |||
| 6608 | &ssl->session_id, &ssl->master_secret); | |||
| 6609 | /* Only save the new secrets if the server sent the ticket. The client | |||
| 6610 | * ticket might have become stale. */ | |||
| 6611 | if (ssl->state & SSL_NEW_SESSION_TICKET(1<<10)) { | |||
| 6612 | ssl_save_master_key("Session Ticket", mk_map->tickets, | |||
| 6613 | &ssl->session_ticket, &ssl->master_secret); | |||
| 6614 | } | |||
| 6615 | } /* }}} */ | |||
| 6616 | ||||
| 6617 | /* Load the traffic key secret from the keylog file. */ | |||
| 6618 | StringInfo * | |||
| 6619 | tls13_load_secret(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, | |||
| 6620 | bool_Bool is_from_server, TLSRecordType type) | |||
| 6621 | { | |||
| 6622 | GHashTable *key_map; | |||
| 6623 | const char *label; | |||
| 6624 | ||||
| 6625 | if (ssl->session.version != TLSV1DOT3_VERSION0x304 && ssl->session.version != DTLSV1DOT3_VERSION0xfefc) { | |||
| 6626 | ssl_debug_printf("%s TLS version %#x is not 1.3\n", G_STRFUNC((const char*) (__func__)), ssl->session.version); | |||
| 6627 | return NULL((void*)0); | |||
| 6628 | } | |||
| 6629 | ||||
| 6630 | if (ssl->client_random.data_len == 0) { | |||
| 6631 | /* May happen if Hello message is missing and Finished is found. */ | |||
| 6632 | ssl_debug_printf("%s missing Client Random\n", G_STRFUNC((const char*) (__func__))); | |||
| 6633 | return NULL((void*)0); | |||
| 6634 | } | |||
| 6635 | ||||
| 6636 | switch (type) { | |||
| 6637 | case TLS_SECRET_0RTT_APP: | |||
| 6638 | DISSECTOR_ASSERT(!is_from_server)((void) ((!is_from_server) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6638, "!is_from_server")))); | |||
| 6639 | label = "CLIENT_EARLY_TRAFFIC_SECRET"; | |||
| 6640 | key_map = mk_map->tls13_client_early; | |||
| 6641 | break; | |||
| 6642 | case TLS_SECRET_HANDSHAKE: | |||
| 6643 | if (is_from_server) { | |||
| 6644 | label = "SERVER_HANDSHAKE_TRAFFIC_SECRET"; | |||
| 6645 | key_map = mk_map->tls13_server_handshake; | |||
| 6646 | } else { | |||
| 6647 | label = "CLIENT_HANDSHAKE_TRAFFIC_SECRET"; | |||
| 6648 | key_map = mk_map->tls13_client_handshake; | |||
| 6649 | } | |||
| 6650 | break; | |||
| 6651 | case TLS_SECRET_APP: | |||
| 6652 | if (is_from_server) { | |||
| 6653 | label = "SERVER_TRAFFIC_SECRET_0"; | |||
| 6654 | key_map = mk_map->tls13_server_appdata; | |||
| 6655 | } else { | |||
| 6656 | label = "CLIENT_TRAFFIC_SECRET_0"; | |||
| 6657 | key_map = mk_map->tls13_client_appdata; | |||
| 6658 | } | |||
| 6659 | break; | |||
| 6660 | default: | |||
| 6661 | ws_assert_not_reached()ws_log_fatal_full("", LOG_LEVEL_ERROR, "epan/dissectors/packet-tls-utils.c" , 6661, __func__, "assertion \"not reached\" failed"); | |||
| 6662 | } | |||
| 6663 | ||||
| 6664 | /* Transitioning to new keys, mark old ones as unusable. */ | |||
| 6665 | ssl_debug_printf("%s transitioning to new key, old state 0x%02x\n", G_STRFUNC((const char*) (__func__)), ssl->state); | |||
| 6666 | ssl->state &= ~(SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6) | SSL_HAVE_SESSION_KEY(1<<3)); | |||
| 6667 | ||||
| 6668 | StringInfo *secret = (StringInfo *)g_hash_table_lookup(key_map, &ssl->client_random); | |||
| 6669 | if (!secret) { | |||
| 6670 | ssl_debug_printf("%s Cannot find %s, decryption impossible\n", G_STRFUNC((const char*) (__func__)), label); | |||
| 6671 | /* Disable decryption, the keys are invalid. */ | |||
| 6672 | if (is_from_server) { | |||
| 6673 | ssl->server = NULL((void*)0); | |||
| 6674 | } else { | |||
| 6675 | ssl->client = NULL((void*)0); | |||
| 6676 | } | |||
| 6677 | return NULL((void*)0); | |||
| 6678 | } | |||
| 6679 | ||||
| 6680 | /* TLS 1.3 secret found, set new keys. */ | |||
| 6681 | ssl_debug_printf("%s Retrieved TLS 1.3 traffic secret.\n", G_STRFUNC((const char*) (__func__))); | |||
| 6682 | ssl_print_string("Client Random", &ssl->client_random); | |||
| 6683 | ssl_print_string(label, secret); | |||
| 6684 | return secret; | |||
| 6685 | } | |||
| 6686 | ||||
| 6687 | /* Load the new key. */ | |||
| 6688 | void | |||
| 6689 | tls13_change_key(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, | |||
| 6690 | bool_Bool is_from_server, TLSRecordType type) | |||
| 6691 | { | |||
| 6692 | if (ssl->state & SSL_QUIC_RECORD_LAYER(1<<13)) { | |||
| 6693 | /* | |||
| 6694 | * QUIC does not use the TLS record layer for message protection. | |||
| 6695 | * The required keys will be extracted later by QUIC. | |||
| 6696 | */ | |||
| 6697 | return; | |||
| 6698 | } | |||
| 6699 | ||||
| 6700 | StringInfo *secret = tls13_load_secret(ssl, mk_map, is_from_server, type); | |||
| 6701 | if (!secret) { | |||
| 6702 | if (type != TLS_SECRET_HANDSHAKE) { | |||
| 6703 | return; | |||
| 6704 | } | |||
| 6705 | /* | |||
| 6706 | * Workaround for when for some reason we don't have the handshake | |||
| 6707 | * secret but do have the application traffic secret. (#20240) | |||
| 6708 | * If we can't find the handshake secret, we'll never decrypt the | |||
| 6709 | * Finished message, so we won't know when to change to the app | |||
| 6710 | * traffic key, so we do so now. | |||
| 6711 | */ | |||
| 6712 | type = TLS_SECRET_APP; | |||
| 6713 | secret = tls13_load_secret(ssl, mk_map, is_from_server, type); | |||
| 6714 | if (!secret) { | |||
| 6715 | return; | |||
| 6716 | } | |||
| 6717 | } | |||
| 6718 | ||||
| 6719 | if (tls13_generate_keys(ssl, secret, is_from_server)) { | |||
| 6720 | /* | |||
| 6721 | * Remember the application traffic secret to support Key Update. The | |||
| 6722 | * other secrets cannot be used for this purpose, so free them. | |||
| 6723 | */ | |||
| 6724 | SslDecoder *decoder = is_from_server ? ssl->server : ssl->client; | |||
| 6725 | StringInfo *app_secret = &decoder->app_traffic_secret; | |||
| 6726 | if (type == TLS_SECRET_APP) { | |||
| 6727 | app_secret->data = (unsigned char *) wmem_realloc(wmem_file_scope(), | |||
| 6728 | app_secret->data, | |||
| 6729 | secret->data_len); | |||
| 6730 | ssl_data_set(app_secret, secret->data, secret->data_len); | |||
| 6731 | } else { | |||
| 6732 | wmem_free(wmem_file_scope(), app_secret->data); | |||
| 6733 | app_secret->data = NULL((void*)0); | |||
| 6734 | app_secret->data_len = 0; | |||
| 6735 | } | |||
| 6736 | } | |||
| 6737 | } | |||
| 6738 | ||||
| 6739 | /** | |||
| 6740 | * Update to next application data traffic secret for TLS 1.3. The previous | |||
| 6741 | * secret should have been set by tls13_change_key. | |||
| 6742 | */ | |||
| 6743 | void | |||
| 6744 | tls13_key_update(SslDecryptSession *ssl, bool_Bool is_from_server) | |||
| 6745 | { | |||
| 6746 | /* RFC 8446 Section 7.2: | |||
| 6747 | * application_traffic_secret_N+1 = | |||
| 6748 | * HKDF-Expand-Label(application_traffic_secret_N, | |||
| 6749 | * "traffic upd", "", Hash.length) | |||
| 6750 | * | |||
| 6751 | * Both application_traffic_secret_N are of the same length (Hash.length). | |||
| 6752 | */ | |||
| 6753 | const SslCipherSuite *cipher_suite = ssl->cipher_suite; | |||
| 6754 | SslDecoder *decoder = is_from_server ? ssl->server : ssl->client; | |||
| 6755 | StringInfo *app_secret = decoder ? &decoder->app_traffic_secret : NULL((void*)0); | |||
| 6756 | uint8_t tls13_draft_version = ssl->session.tls13_draft_version; | |||
| 6757 | ||||
| 6758 | if (!cipher_suite || !app_secret || app_secret->data_len == 0) { | |||
| 6759 | ssl_debug_printf("%s Cannot perform Key Update due to missing info\n", G_STRFUNC((const char*) (__func__))); | |||
| 6760 | return; | |||
| 6761 | } | |||
| 6762 | ||||
| 6763 | /* | |||
| 6764 | * Previous traffic secret is available, so find the hash function, | |||
| 6765 | * expand the new traffic secret and generate new keys. | |||
| 6766 | */ | |||
| 6767 | const char *hash_name = ssl_cipher_suite_dig(cipher_suite)->name; | |||
| 6768 | int hash_algo = ssl_get_digest_by_name(hash_name); | |||
| 6769 | const unsigned hash_len = app_secret->data_len; | |||
| 6770 | unsigned char *new_secret; | |||
| 6771 | const char *label = "traffic upd"; | |||
| 6772 | if (tls13_draft_version && tls13_draft_version < 20) { | |||
| 6773 | label = "application traffic secret"; | |||
| 6774 | } | |||
| 6775 | if (!tls13_hkdf_expand_label(hash_algo, app_secret, | |||
| 6776 | tls13_hkdf_label_prefix(ssl), | |||
| 6777 | label, hash_len, &new_secret)) { | |||
| 6778 | ssl_debug_printf("%s traffic_secret_N+1 expansion failed\n", G_STRFUNC((const char*) (__func__))); | |||
| 6779 | return; | |||
| 6780 | } | |||
| 6781 | ssl_data_set(app_secret, new_secret, hash_len); | |||
| 6782 | if (tls13_generate_keys(ssl, app_secret, is_from_server)) { | |||
| 6783 | /* | |||
| 6784 | * Remember the application traffic secret on the new decoder to | |||
| 6785 | * support another Key Update. | |||
| 6786 | */ | |||
| 6787 | decoder = is_from_server ? ssl->server : ssl->client; | |||
| 6788 | app_secret = &decoder->app_traffic_secret; | |||
| 6789 | app_secret->data = (unsigned char *) wmem_realloc(wmem_file_scope(), | |||
| 6790 | app_secret->data, | |||
| 6791 | hash_len); | |||
| 6792 | ssl_data_set(app_secret, new_secret, hash_len); | |||
| 6793 | } | |||
| 6794 | wmem_free(NULL((void*)0), new_secret); | |||
| 6795 | } | |||
| 6796 | ||||
| 6797 | void | |||
| 6798 | tls_save_crandom(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map) | |||
| 6799 | { | |||
| 6800 | if (ssl && (ssl->state & SSL_CLIENT_RANDOM(1<<0))) { | |||
| 6801 | g_hash_table_add(mk_map->used_crandom, ssl_data_clone(&ssl->client_random)); | |||
| 6802 | } | |||
| 6803 | } | |||
| 6804 | ||||
| 6805 | /** SSL keylog file handling. {{{ */ | |||
| 6806 | ||||
| 6807 | static GRegex * | |||
| 6808 | ssl_compile_keyfile_regex(void) | |||
| 6809 | { | |||
| 6810 | #define OCTET "(?:[[:xdigit:]]{2})" | |||
| 6811 | const char *pattern = | |||
| 6812 | "(?:" | |||
| 6813 | /* Matches Client Hellos having this Client Random */ | |||
| 6814 | "PMS_CLIENT_RANDOM (?<client_random_pms>" OCTET "{32}) " | |||
| 6815 | /* Matches first part of encrypted RSA pre-master secret */ | |||
| 6816 | "|RSA (?<encrypted_pmk>" OCTET "{8}) " | |||
| 6817 | /* Pre-Master-Secret is given, it is 48 bytes for RSA, | |||
| 6818 | but it can be of any length for DHE */ | |||
| 6819 | ")(?<pms>" OCTET "+)" | |||
| 6820 | "|(?:" | |||
| 6821 | /* Matches Server Hellos having a Session ID */ | |||
| 6822 | "RSA Session-ID:(?<session_id>" OCTET "+) Master-Key:" | |||
| 6823 | /* Matches Client Hellos having this Client Random */ | |||
| 6824 | "|CLIENT_RANDOM (?<client_random>" OCTET "{32}) " | |||
| 6825 | /* Master-Secret is given, its length is fixed */ | |||
| 6826 | ")(?<master_secret>" OCTET "{" G_STRINGIFY(SSL_MASTER_SECRET_LENGTH)"48" "})" | |||
| 6827 | "|(?" | |||
| 6828 | /* TLS 1.3 Client Random to Derived Secrets mapping. */ | |||
| 6829 | ":CLIENT_EARLY_TRAFFIC_SECRET (?<client_early>" OCTET "{32})" | |||
| 6830 | "|CLIENT_HANDSHAKE_TRAFFIC_SECRET (?<client_handshake>" OCTET "{32})" | |||
| 6831 | "|SERVER_HANDSHAKE_TRAFFIC_SECRET (?<server_handshake>" OCTET "{32})" | |||
| 6832 | "|CLIENT_TRAFFIC_SECRET_0 (?<client_appdata>" OCTET "{32})" | |||
| 6833 | "|SERVER_TRAFFIC_SECRET_0 (?<server_appdata>" OCTET "{32})" | |||
| 6834 | "|EARLY_EXPORTER_SECRET (?<early_exporter>" OCTET "{32})" | |||
| 6835 | "|EXPORTER_SECRET (?<exporter>" OCTET "{32})" | |||
| 6836 | /* ECH. Secret length is defined by HPKE KEM Nsecret and can vary between 32 and 64 bytes */ | |||
| 6837 | /* These labels and their notation are specified in draft-ietf-tls-ech-keylogfile-01 */ | |||
| 6838 | "|ECH_SECRET (?<ech_secret>" OCTET "{32,64})" | |||
| 6839 | "|ECH_CONFIG (?<ech_config>" OCTET "{22,})" | |||
| 6840 | ") (?<derived_secret>" OCTET "+)"; | |||
| 6841 | #undef OCTET | |||
| 6842 | static GRegex *regex = NULL((void*)0); | |||
| 6843 | GError *gerr = NULL((void*)0); | |||
| 6844 | ||||
| 6845 | if (!regex) { | |||
| 6846 | regex = g_regex_new(pattern, | |||
| 6847 | (GRegexCompileFlags)(G_REGEX_OPTIMIZE | G_REGEX_ANCHORED | G_REGEX_RAW), | |||
| 6848 | G_REGEX_MATCH_ANCHORED, &gerr); | |||
| 6849 | if (gerr) { | |||
| 6850 | ssl_debug_printf("%s failed to compile regex: %s\n", G_STRFUNC((const char*) (__func__)), | |||
| 6851 | gerr->message); | |||
| 6852 | g_error_free(gerr); | |||
| 6853 | regex = NULL((void*)0); | |||
| 6854 | } | |||
| 6855 | } | |||
| 6856 | ||||
| 6857 | return regex; | |||
| 6858 | } | |||
| 6859 | ||||
| 6860 | typedef struct ssl_master_key_match_group { | |||
| 6861 | const char *re_group_name; | |||
| 6862 | GHashTable *master_key_ht; | |||
| 6863 | } ssl_master_key_match_group_t; | |||
| 6864 | ||||
| 6865 | void | |||
| 6866 | tls_keylog_process_lines(const ssl_master_key_map_t *mk_map, const uint8_t *data, unsigned datalen) | |||
| 6867 | { | |||
| 6868 | ssl_master_key_match_group_t mk_groups[] = { | |||
| 6869 | { "encrypted_pmk", mk_map->pre_master }, | |||
| 6870 | { "session_id", mk_map->session }, | |||
| 6871 | { "client_random", mk_map->crandom }, | |||
| 6872 | { "client_random_pms", mk_map->pms }, | |||
| 6873 | /* TLS 1.3 map from Client Random to derived secret. */ | |||
| 6874 | { "client_early", mk_map->tls13_client_early }, | |||
| 6875 | { "client_handshake", mk_map->tls13_client_handshake }, | |||
| 6876 | { "server_handshake", mk_map->tls13_server_handshake }, | |||
| 6877 | { "client_appdata", mk_map->tls13_client_appdata }, | |||
| 6878 | { "server_appdata", mk_map->tls13_server_appdata }, | |||
| 6879 | { "early_exporter", mk_map->tls13_early_exporter }, | |||
| 6880 | { "exporter", mk_map->tls13_exporter }, | |||
| 6881 | { "ech_secret", mk_map->ech_secret }, | |||
| 6882 | { "ech_config", mk_map->ech_config }, | |||
| 6883 | }; | |||
| 6884 | ||||
| 6885 | /* The format of the file is a series of records with one of the following formats: | |||
| 6886 | * - "RSA xxxx yyyy" | |||
| 6887 | * Where xxxx are the first 8 bytes of the encrypted pre-master secret (hex-encoded) | |||
| 6888 | * Where yyyy is the cleartext pre-master secret (hex-encoded) | |||
| 6889 | * (this is the original format introduced with bug 4349) | |||
| 6890 | * | |||
| 6891 | * - "RSA Session-ID:xxxx Master-Key:yyyy" | |||
| 6892 | * Where xxxx is the SSL session ID (hex-encoded) | |||
| 6893 | * Where yyyy is the cleartext master secret (hex-encoded) | |||
| 6894 | * (added to support openssl s_client Master-Key output) | |||
| 6895 | * This is somewhat is a misnomer because there's nothing RSA specific | |||
| 6896 | * about this. | |||
| 6897 | * | |||
| 6898 | * - "PMS_CLIENT_RANDOM xxxx yyyy" | |||
| 6899 | * Where xxxx is the client_random from the ClientHello (hex-encoded) | |||
| 6900 | * Where yyyy is the cleartext pre-master secret (hex-encoded) | |||
| 6901 | * (This format allows SSL connections to be decrypted, if a user can | |||
| 6902 | * capture the PMS but could not recover the MS for a specific session | |||
| 6903 | * with a SSL Server.) | |||
| 6904 | * | |||
| 6905 | * - "CLIENT_RANDOM xxxx yyyy" | |||
| 6906 | * Where xxxx is the client_random from the ClientHello (hex-encoded) | |||
| 6907 | * Where yyyy is the cleartext master secret (hex-encoded) | |||
| 6908 | * (This format allows non-RSA SSL connections to be decrypted, i.e. | |||
| 6909 | * ECDHE-RSA.) | |||
| 6910 | * | |||
| 6911 | * - "CLIENT_EARLY_TRAFFIC_SECRET xxxx yyyy" | |||
| 6912 | * - "CLIENT_HANDSHAKE_TRAFFIC_SECRET xxxx yyyy" | |||
| 6913 | * - "SERVER_HANDSHAKE_TRAFFIC_SECRET xxxx yyyy" | |||
| 6914 | * - "CLIENT_TRAFFIC_SECRET_0 xxxx yyyy" | |||
| 6915 | * - "SERVER_TRAFFIC_SECRET_0 xxxx yyyy" | |||
| 6916 | * - "EARLY_EXPORTER_SECRET xxxx yyyy" | |||
| 6917 | * - "EXPORTER_SECRET xxxx yyyy" | |||
| 6918 | * Where xxxx is the client_random from the ClientHello (hex-encoded) | |||
| 6919 | * Where yyyy is the secret (hex-encoded) derived from the early, | |||
| 6920 | * handshake or master secrets. (This format is introduced with TLS 1.3 | |||
| 6921 | * and supported by BoringSSL, OpenSSL, etc. See bug 12779.) | |||
| 6922 | */ | |||
| 6923 | GRegex *regex = ssl_compile_keyfile_regex(); | |||
| 6924 | if (!regex) | |||
| 6925 | return; | |||
| 6926 | ||||
| 6927 | const char *next_line = (const char *)data; | |||
| 6928 | const char *line_end = next_line + datalen; | |||
| 6929 | while (next_line && next_line < line_end) { | |||
| 6930 | const char *line = next_line; | |||
| 6931 | next_line = (const char *)memchr(line, '\n', line_end - line); | |||
| 6932 | ssize_t linelen; | |||
| 6933 | ||||
| 6934 | if (next_line) { | |||
| 6935 | linelen = next_line - line; | |||
| 6936 | next_line++; /* drop LF */ | |||
| 6937 | } else { | |||
| 6938 | linelen = (ssize_t)(line_end - line); | |||
| 6939 | } | |||
| 6940 | if (linelen > 0 && line[linelen - 1] == '\r') { | |||
| 6941 | linelen--; /* drop CR */ | |||
| 6942 | } | |||
| 6943 | ||||
| 6944 | ssl_debug_printf(" checking keylog line: %.*s\n", (int)linelen, line); | |||
| 6945 | GMatchInfo *mi; | |||
| 6946 | if (g_regex_match_full(regex, line, linelen, 0, G_REGEX_MATCH_ANCHORED, &mi, NULL((void*)0))) { | |||
| 6947 | char *hex_key, *hex_pre_ms_or_ms; | |||
| 6948 | StringInfo *key = wmem_new(wmem_file_scope(), StringInfo)((StringInfo*)wmem_alloc((wmem_file_scope()), sizeof(StringInfo ))); | |||
| 6949 | StringInfo *pre_ms_or_ms = NULL((void*)0); | |||
| 6950 | GHashTable *ht = NULL((void*)0); | |||
| 6951 | ||||
| 6952 | /* Is the PMS being supplied with the PMS_CLIENT_RANDOM | |||
| 6953 | * otherwise we will use the Master Secret | |||
| 6954 | */ | |||
| 6955 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "master_secret"); | |||
| 6956 | if (hex_pre_ms_or_ms == NULL((void*)0) || !*hex_pre_ms_or_ms) { | |||
| 6957 | g_free(hex_pre_ms_or_ms); | |||
| 6958 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "pms"); | |||
| 6959 | } | |||
| 6960 | if (hex_pre_ms_or_ms == NULL((void*)0) || !*hex_pre_ms_or_ms) { | |||
| 6961 | g_free(hex_pre_ms_or_ms); | |||
| 6962 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "derived_secret"); | |||
| 6963 | } | |||
| 6964 | /* There is always a match, otherwise the regex is wrong. */ | |||
| 6965 | DISSECTOR_ASSERT(hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms))((void) ((hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 6965, "hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms)" )))); | |||
| 6966 | ||||
| 6967 | /* convert from hex to bytes and save to hashtable */ | |||
| 6968 | pre_ms_or_ms = wmem_new(wmem_file_scope(), StringInfo)((StringInfo*)wmem_alloc((wmem_file_scope()), sizeof(StringInfo ))); | |||
| 6969 | from_hex(pre_ms_or_ms, hex_pre_ms_or_ms, strlen(hex_pre_ms_or_ms)); | |||
| 6970 | g_free(hex_pre_ms_or_ms); | |||
| 6971 | ||||
| 6972 | /* Find a master key from any format (CLIENT_RANDOM, SID, ...) */ | |||
| 6973 | for (unsigned i = 0; i < G_N_ELEMENTS(mk_groups)(sizeof (mk_groups) / sizeof ((mk_groups)[0])); i++) { | |||
| 6974 | ssl_master_key_match_group_t *g = &mk_groups[i]; | |||
| 6975 | hex_key = g_match_info_fetch_named(mi, g->re_group_name); | |||
| 6976 | if (hex_key && *hex_key) { | |||
| 6977 | ssl_debug_printf(" matched %s\n", g->re_group_name); | |||
| 6978 | ht = g->master_key_ht; | |||
| 6979 | from_hex(key, hex_key, strlen(hex_key)); | |||
| 6980 | g_free(hex_key); | |||
| 6981 | break; | |||
| 6982 | } | |||
| 6983 | g_free(hex_key); | |||
| 6984 | } | |||
| 6985 | DISSECTOR_ASSERT(ht)((void) ((ht) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 6985, "ht")))); /* Cannot be reached, or regex is wrong. */ | |||
| 6986 | ||||
| 6987 | g_hash_table_insert(ht, key, pre_ms_or_ms); | |||
| 6988 | ||||
| 6989 | } else if (linelen > 0 && line[0] != '#') { | |||
| 6990 | ssl_debug_printf(" unrecognized line\n"); | |||
| 6991 | } | |||
| 6992 | /* always free match info even if there is no match. */ | |||
| 6993 | g_match_info_free(mi); | |||
| 6994 | } | |||
| 6995 | } | |||
| 6996 | ||||
| 6997 | void | |||
| 6998 | ssl_load_keyfile(const char *tls_keylog_filename, FILE **keylog_file, | |||
| 6999 | const ssl_master_key_map_t *mk_map) | |||
| 7000 | { | |||
| 7001 | /* no need to try if no key log file is configured. */ | |||
| 7002 | if (!tls_keylog_filename || !*tls_keylog_filename) { | |||
| 7003 | ssl_debug_printf("%s dtls/tls.keylog_file is not configured!\n", | |||
| 7004 | G_STRFUNC((const char*) (__func__))); | |||
| 7005 | return; | |||
| 7006 | } | |||
| 7007 | ||||
| 7008 | /* Validate regexes before even trying to use it. */ | |||
| 7009 | if (!ssl_compile_keyfile_regex()) { | |||
| 7010 | return; | |||
| 7011 | } | |||
| 7012 | ||||
| 7013 | ssl_debug_printf("trying to use TLS keylog in %s\n", tls_keylog_filename); | |||
| 7014 | ||||
| 7015 | /* if the keylog file was deleted/overwritten, re-open it */ | |||
| 7016 | if (*keylog_file && file_needs_reopen(ws_filenofileno(*keylog_file), tls_keylog_filename)) { | |||
| 7017 | ssl_debug_printf("%s file got deleted, trying to re-open\n", G_STRFUNC((const char*) (__func__))); | |||
| 7018 | fclose(*keylog_file); | |||
| 7019 | *keylog_file = NULL((void*)0); | |||
| 7020 | } | |||
| 7021 | ||||
| 7022 | if (*keylog_file == NULL((void*)0)) { | |||
| 7023 | *keylog_file = ws_fopenfopen(tls_keylog_filename, "r"); | |||
| 7024 | if (!*keylog_file) { | |||
| 7025 | ssl_debug_printf("%s failed to open SSL keylog\n", G_STRFUNC((const char*) (__func__))); | |||
| 7026 | return; | |||
| 7027 | } | |||
| 7028 | } | |||
| 7029 | ||||
| 7030 | for (;;) { | |||
| 7031 | char buf[1110], *line; | |||
| 7032 | line = fgets(buf, sizeof(buf), *keylog_file); | |||
| 7033 | if (!line) { | |||
| 7034 | if (feof(*keylog_file)) { | |||
| 7035 | /* Ensure that newly appended keys can be read in the future. */ | |||
| 7036 | clearerr(*keylog_file); | |||
| 7037 | } else if (ferror(*keylog_file)) { | |||
| 7038 | ssl_debug_printf("%s Error while reading key log file, closing it!\n", G_STRFUNC((const char*) (__func__))); | |||
| 7039 | fclose(*keylog_file); | |||
| 7040 | *keylog_file = NULL((void*)0); | |||
| 7041 | } | |||
| 7042 | break; | |||
| 7043 | } | |||
| 7044 | tls_keylog_process_lines(mk_map, (uint8_t *)line, (int)strlen(line)); | |||
| 7045 | } | |||
| 7046 | } | |||
| 7047 | /** SSL keylog file handling. }}} */ | |||
| 7048 | ||||
| 7049 | #ifdef SSL_DECRYPT_DEBUG /* {{{ */ | |||
| 7050 | ||||
| 7051 | static FILE* ssl_debug_file; | |||
| 7052 | ||||
| 7053 | void | |||
| 7054 | ssl_set_debug(const char* name) | |||
| 7055 | { | |||
| 7056 | static int debug_file_must_be_closed; | |||
| 7057 | int use_stderr; | |||
| 7058 | ||||
| 7059 | use_stderr = name?(strcmp(name, SSL_DEBUG_USE_STDERR"-") == 0):0; | |||
| 7060 | ||||
| 7061 | if (debug_file_must_be_closed) | |||
| 7062 | fclose(ssl_debug_file); | |||
| 7063 | ||||
| 7064 | if (use_stderr) | |||
| 7065 | ssl_debug_file = stderrstderr; | |||
| 7066 | else if (!name || (strcmp(name, "") ==0)) | |||
| 7067 | ssl_debug_file = NULL((void*)0); | |||
| 7068 | else | |||
| 7069 | ssl_debug_file = ws_fopenfopen(name, "w"); | |||
| 7070 | ||||
| 7071 | if (!use_stderr && ssl_debug_file) | |||
| 7072 | debug_file_must_be_closed = 1; | |||
| 7073 | else | |||
| 7074 | debug_file_must_be_closed = 0; | |||
| 7075 | ||||
| 7076 | ssl_debug_printf("Wireshark SSL debug log \n\n"); | |||
| 7077 | #ifdef HAVE_LIBGNUTLS1 | |||
| 7078 | ssl_debug_printf("GnuTLS version: %s\n", gnutls_check_version(NULL((void*)0))); | |||
| 7079 | #endif | |||
| 7080 | ssl_debug_printf("Libgcrypt version: %s\n", gcry_check_version(NULL((void*)0))); | |||
| 7081 | ssl_debug_printf("\n"); | |||
| 7082 | } | |||
| 7083 | ||||
| 7084 | void | |||
| 7085 | ssl_debug_flush(void) | |||
| 7086 | { | |||
| 7087 | if (ssl_debug_file) | |||
| 7088 | fflush(ssl_debug_file); | |||
| 7089 | } | |||
| 7090 | ||||
| 7091 | void | |||
| 7092 | ssl_debug_printf(const char* fmt, ...) | |||
| 7093 | { | |||
| 7094 | va_list ap; | |||
| 7095 | ||||
| 7096 | if (!ssl_debug_file) | |||
| 7097 | return; | |||
| 7098 | ||||
| 7099 | va_start(ap, fmt)__builtin_va_start(ap, fmt); | |||
| 7100 | vfprintf(ssl_debug_file, fmt, ap); | |||
| 7101 | va_end(ap)__builtin_va_end(ap); | |||
| 7102 | } | |||
| 7103 | ||||
| 7104 | void | |||
| 7105 | ssl_print_data(const char* name, const unsigned char* data, size_t len) | |||
| 7106 | { | |||
| 7107 | size_t i, j, k; | |||
| 7108 | if (!ssl_debug_file) | |||
| 7109 | return; | |||
| 7110 | fprintf(ssl_debug_file,"%s[%d]:\n",name, (int) len); | |||
| 7111 | for (i=0; i<len; i+=16) { | |||
| 7112 | fprintf(ssl_debug_file,"| "); | |||
| 7113 | for (j=i, k=0; k<16 && j<len; ++j, ++k) | |||
| 7114 | fprintf(ssl_debug_file,"%.2x ",data[j]); | |||
| 7115 | for (; k<16; ++k) | |||
| 7116 | fprintf(ssl_debug_file," "); | |||
| 7117 | fputc('|', ssl_debug_file); | |||
| 7118 | for (j=i, k=0; k<16 && j<len; ++j, ++k) { | |||
| 7119 | unsigned char c = data[j]; | |||
| 7120 | if (!g_ascii_isprint(c)((g_ascii_table[(guchar) (c)] & G_ASCII_PRINT) != 0) || (c=='\t')) c = '.'; | |||
| 7121 | fputc(c, ssl_debug_file); | |||
| 7122 | } | |||
| 7123 | for (; k<16; ++k) | |||
| 7124 | fputc(' ', ssl_debug_file); | |||
| 7125 | fprintf(ssl_debug_file,"|\n"); | |||
| 7126 | } | |||
| 7127 | } | |||
| 7128 | ||||
| 7129 | void | |||
| 7130 | ssl_print_string(const char* name, const StringInfo* data) | |||
| 7131 | { | |||
| 7132 | ssl_print_data(name, data->data, data->data_len); | |||
| 7133 | } | |||
| 7134 | #endif /* SSL_DECRYPT_DEBUG }}} */ | |||
| 7135 | ||||
| 7136 | /* UAT preferences callbacks. {{{ */ | |||
| 7137 | /* checks for SSL and DTLS UAT key list fields */ | |||
| 7138 | ||||
| 7139 | bool_Bool | |||
| 7140 | ssldecrypt_uat_fld_ip_chk_cb(void* r _U___attribute__((unused)), const char* p _U___attribute__((unused)), unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) | |||
| 7141 | { | |||
| 7142 | // This should be removed in favor of Decode As. Make it optional. | |||
| 7143 | *err = NULL((void*)0); | |||
| 7144 | return true1; | |||
| 7145 | } | |||
| 7146 | ||||
| 7147 | bool_Bool | |||
| 7148 | ssldecrypt_uat_fld_port_chk_cb(void* r _U___attribute__((unused)), const char* p, unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) | |||
| 7149 | { | |||
| 7150 | if (!p || strlen(p) == 0u) { | |||
| 7151 | // This should be removed in favor of Decode As. Make it optional. | |||
| 7152 | *err = NULL((void*)0); | |||
| 7153 | return true1; | |||
| 7154 | } | |||
| 7155 | ||||
| 7156 | if (strcmp(p, "start_tls") != 0){ | |||
| 7157 | uint16_t port; | |||
| 7158 | if (!ws_strtou16(p, NULL((void*)0), &port)) { | |||
| 7159 | *err = g_strdup("Invalid port given.")g_strdup_inline ("Invalid port given."); | |||
| 7160 | return false0; | |||
| 7161 | } | |||
| 7162 | } | |||
| 7163 | ||||
| 7164 | *err = NULL((void*)0); | |||
| 7165 | return true1; | |||
| 7166 | } | |||
| 7167 | ||||
| 7168 | bool_Bool | |||
| 7169 | ssldecrypt_uat_fld_fileopen_chk_cb(void* r _U___attribute__((unused)), const char* p, unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) | |||
| 7170 | { | |||
| 7171 | ws_statb64struct stat st; | |||
| 7172 | ||||
| 7173 | if (!p || strlen(p) == 0u) { | |||
| 7174 | *err = g_strdup("No filename given.")g_strdup_inline ("No filename given."); | |||
| 7175 | return false0; | |||
| 7176 | } else { | |||
| 7177 | if (ws_stat64stat(p, &st) != 0) { | |||
| 7178 | *err = ws_strdup_printf("File '%s' does not exist or access is denied.", p)wmem_strdup_printf(((void*)0), "File '%s' does not exist or access is denied." , p); | |||
| 7179 | return false0; | |||
| 7180 | } | |||
| 7181 | } | |||
| 7182 | ||||
| 7183 | *err = NULL((void*)0); | |||
| 7184 | return true1; | |||
| 7185 | } | |||
| 7186 | ||||
| 7187 | bool_Bool | |||
| 7188 | ssldecrypt_uat_fld_password_chk_cb(void *r _U___attribute__((unused)), const char *p _U___attribute__((unused)), unsigned len _U___attribute__((unused)), const void *u1 _U___attribute__((unused)), const void *u2 _U___attribute__((unused)), char **err) | |||
| 7189 | { | |||
| 7190 | #if defined(HAVE_LIBGNUTLS1) | |||
| 7191 | ssldecrypt_assoc_t* f = (ssldecrypt_assoc_t *)r; | |||
| 7192 | FILE *fp = NULL((void*)0); | |||
| 7193 | ||||
| 7194 | if (p && (strlen(p) > 0u)) { | |||
| 7195 | fp = ws_fopenfopen(f->keyfile, "rb"); | |||
| 7196 | if (fp) { | |||
| 7197 | char *msg = NULL((void*)0); | |||
| 7198 | gnutls_x509_privkey_t priv_key = rsa_load_pkcs12(fp, p, &msg); | |||
| 7199 | if (!priv_key) { | |||
| 7200 | fclose(fp); | |||
| 7201 | *err = ws_strdup_printf("Could not load PKCS#12 key file: %s", msg)wmem_strdup_printf(((void*)0), "Could not load PKCS#12 key file: %s" , msg); | |||
| 7202 | g_free(msg); | |||
| 7203 | return false0; | |||
| 7204 | } | |||
| 7205 | g_free(msg); | |||
| 7206 | gnutls_x509_privkey_deinit(priv_key); | |||
| 7207 | fclose(fp); | |||
| 7208 | } else { | |||
| 7209 | *err = ws_strdup_printf("Leave this field blank if the keyfile is not PKCS#12.")wmem_strdup_printf(((void*)0), "Leave this field blank if the keyfile is not PKCS#12." ); | |||
| 7210 | return false0; | |||
| 7211 | } | |||
| 7212 | } | |||
| 7213 | ||||
| 7214 | *err = NULL((void*)0); | |||
| 7215 | return true1; | |||
| 7216 | #else | |||
| 7217 | *err = g_strdup("Cannot load key files, support is not compiled in.")g_strdup_inline ("Cannot load key files, support is not compiled in." ); | |||
| 7218 | return false0; | |||
| 7219 | #endif | |||
| 7220 | } | |||
| 7221 | /* UAT preferences callbacks. }}} */ | |||
| 7222 | ||||
| 7223 | /** maximum size of ssl_association_info() string */ | |||
| 7224 | #define SSL_ASSOC_MAX_LEN8192 8192 | |||
| 7225 | ||||
| 7226 | typedef struct ssl_association_info_callback_data | |||
| 7227 | { | |||
| 7228 | char *str; | |||
| 7229 | const char *table_protocol; | |||
| 7230 | } ssl_association_info_callback_data_t; | |||
| 7231 | ||||
| 7232 | /** | |||
| 7233 | * callback function used by ssl_association_info() to traverse the SSL associations. | |||
| 7234 | */ | |||
| 7235 | static void | |||
| 7236 | ssl_association_info_(const char *table _U___attribute__((unused)), void *handle, void *user_data) | |||
| 7237 | { | |||
| 7238 | ssl_association_info_callback_data_t* data = (ssl_association_info_callback_data_t*)user_data; | |||
| 7239 | const int l = (const int)strlen(data->str); | |||
| 7240 | snprintf(data->str+l, SSL_ASSOC_MAX_LEN8192-l, "'%s' (%s)\n", dissector_handle_get_dissector_name((dissector_handle_t)handle), dissector_handle_get_description((dissector_handle_t)handle)); | |||
| 7241 | } | |||
| 7242 | ||||
| 7243 | /** | |||
| 7244 | * @return an information string on the SSL protocol associations. The string must be freed. | |||
| 7245 | */ | |||
| 7246 | char* | |||
| 7247 | ssl_association_info(const char* dissector_table_name, const char* table_protocol) | |||
| 7248 | { | |||
| 7249 | ssl_association_info_callback_data_t data; | |||
| 7250 | ||||
| 7251 | data.str = (char *)g_malloc0(SSL_ASSOC_MAX_LEN8192); | |||
| 7252 | data.table_protocol = table_protocol; | |||
| 7253 | dissector_table_foreach_handle(dissector_table_name, ssl_association_info_, &data); | |||
| 7254 | return data.str; | |||
| 7255 | } | |||
| 7256 | ||||
| 7257 | ||||
| 7258 | /** Begin of code related to dissection of wire data. */ | |||
| 7259 | ||||
| 7260 | /* Helpers for dissecting Variable-Length Vectors. {{{ */ | |||
| 7261 | bool_Bool | |||
| 7262 | ssl_add_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
| 7263 | unsigned offset, unsigned offset_end, uint32_t *ret_length, | |||
| 7264 | int hf_length, uint32_t min_value, uint32_t max_value) | |||
| 7265 | { | |||
| 7266 | unsigned veclen_size; | |||
| 7267 | uint32_t veclen_value; | |||
| 7268 | proto_item *pi; | |||
| 7269 | ||||
| 7270 | DISSECTOR_ASSERT_CMPUINT(min_value, <=, max_value)((void) ((min_value <= max_value) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion " "min_value" " " "<=" " " "max_value" " (" "%" "l" "u" " " "<=" " " "%" "l" "u" ")", "epan/dissectors/packet-tls-utils.c" , 7270, (uint64_t)min_value, (uint64_t)max_value)))); | |||
| 7271 | if (offset > offset_end) { | |||
| 7272 | expert_add_info_format(pinfo, tree, &hf->ei.malformed_buffer_too_small, | |||
| 7273 | "Vector offset is past buffer end offset (%u > %u)", | |||
| 7274 | offset, offset_end); | |||
| 7275 | *ret_length = 0; | |||
| 7276 | return false0; /* Cannot read length. */ | |||
| 7277 | } | |||
| 7278 | ||||
| 7279 | if (max_value > 0xffffff) { | |||
| 7280 | veclen_size = 4; | |||
| 7281 | } else if (max_value > 0xffff) { | |||
| 7282 | veclen_size = 3; | |||
| 7283 | } else if (max_value > 0xff) { | |||
| 7284 | veclen_size = 2; | |||
| 7285 | } else { | |||
| 7286 | veclen_size = 1; | |||
| 7287 | } | |||
| 7288 | ||||
| 7289 | if (offset_end - offset < veclen_size) { | |||
| 7290 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_buffer_too_small, | |||
| 7291 | tvb, offset, offset_end - offset, | |||
| 7292 | "No more room for vector of length %u", | |||
| 7293 | veclen_size); | |||
| 7294 | *ret_length = 0; | |||
| 7295 | return false0; /* Cannot read length. */ | |||
| 7296 | } | |||
| 7297 | ||||
| 7298 | pi = proto_tree_add_item_ret_uint(tree, hf_length, tvb, offset, veclen_size, ENC_BIG_ENDIAN0x00000000, &veclen_value); | |||
| 7299 | offset += veclen_size; | |||
| 7300 | ||||
| 7301 | if (veclen_value < min_value) { | |||
| 7302 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_vector_length, | |||
| 7303 | "Vector length %u is smaller than minimum %u", | |||
| 7304 | veclen_value, min_value); | |||
| 7305 | } else if (veclen_value > max_value) { | |||
| 7306 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_vector_length, | |||
| 7307 | "Vector length %u is larger than maximum %u", | |||
| 7308 | veclen_value, max_value); | |||
| 7309 | } | |||
| 7310 | ||||
| 7311 | if (offset_end - offset < veclen_value) { | |||
| 7312 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_buffer_too_small, | |||
| 7313 | "Vector length %u is too large, truncating it to %u", | |||
| 7314 | veclen_value, offset_end - offset); | |||
| 7315 | *ret_length = offset_end - offset; | |||
| 7316 | return false0; /* Length is truncated to avoid overflow. */ | |||
| 7317 | } | |||
| 7318 | ||||
| 7319 | *ret_length = veclen_value; | |||
| 7320 | return true1; /* Length is OK. */ | |||
| 7321 | } | |||
| 7322 | ||||
| 7323 | bool_Bool | |||
| 7324 | ssl_end_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
| 7325 | unsigned offset, unsigned offset_end) | |||
| 7326 | { | |||
| 7327 | if (offset < offset_end) { | |||
| 7328 | unsigned trailing = offset_end - offset; | |||
| 7329 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_trailing_data, | |||
| 7330 | tvb, offset, trailing, | |||
| 7331 | "%u trailing byte%s unprocessed", | |||
| 7332 | trailing, plurality(trailing, " was", "s were")((trailing) == 1 ? (" was") : ("s were"))); | |||
| 7333 | return false0; /* unprocessed data warning */ | |||
| 7334 | } else if (offset > offset_end) { | |||
| 7335 | /* | |||
| 7336 | * Returned offset runs past the end. This should not happen and is | |||
| 7337 | * possibly a dissector bug. | |||
| 7338 | */ | |||
| 7339 | unsigned excess = offset - offset_end; | |||
| 7340 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_buffer_too_small, | |||
| 7341 | tvb, offset_end, excess, | |||
| 7342 | "Dissector processed too much data (%u byte%s)", | |||
| 7343 | excess, plurality(excess, "", "s")((excess) == 1 ? ("") : ("s"))); | |||
| 7344 | return false0; /* overflow error */ | |||
| 7345 | } | |||
| 7346 | ||||
| 7347 | return true1; /* OK, offset matches. */ | |||
| 7348 | } | |||
| 7349 | /** }}} */ | |||
| 7350 | ||||
| 7351 | ||||
| 7352 | static uint32_t | |||
| 7353 | ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 7354 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 7355 | uint16_t version, int hf_sig_len, int hf_sig); | |||
| 7356 | ||||
| 7357 | /* change_cipher_spec(20) dissection */ | |||
| 7358 | void | |||
| 7359 | ssl_dissect_change_cipher_spec(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 7360 | packet_info *pinfo, proto_tree *tree, | |||
| 7361 | uint32_t offset, SslSession *session, | |||
| 7362 | bool_Bool is_from_server, | |||
| 7363 | const SslDecryptSession *ssl) | |||
| 7364 | { | |||
| 7365 | /* | |||
| 7366 | * struct { | |||
| 7367 | * enum { change_cipher_spec(1), (255) } type; | |||
| 7368 | * } ChangeCipherSpec; | |||
| 7369 | */ | |||
| 7370 | proto_item *ti; | |||
| 7371 | proto_item_set_text(tree, | |||
| 7372 | "%s Record Layer: %s Protocol: Change Cipher Spec", | |||
| 7373 | val_to_str_const(session->version, ssl_version_short_names, "SSL"), | |||
| 7374 | val_to_str_const(SSL_ID_CHG_CIPHER_SPEC, ssl_31_content_type, "unknown")); | |||
| 7375 | ti = proto_tree_add_item(tree, hf->hf.change_cipher_spec, tvb, offset, 1, ENC_NA0x00000000); | |||
| 7376 | ||||
| 7377 | if (session->version == TLSV1DOT3_VERSION0x304) { | |||
| 7378 | /* CCS is a dummy message in TLS 1.3, do not parse it further. */ | |||
| 7379 | return; | |||
| 7380 | } | |||
| 7381 | ||||
| 7382 | /* Remember frame number of first CCS */ | |||
| 7383 | uint32_t *ccs_frame = is_from_server ? &session->server_ccs_frame : &session->client_ccs_frame; | |||
| 7384 | if (*ccs_frame == 0) | |||
| 7385 | *ccs_frame = pinfo->num; | |||
| 7386 | ||||
| 7387 | /* Use heuristics to detect an abbreviated handshake, assume that missing | |||
| 7388 | * ServerHelloDone implies reusing previously negotiating keys. Then when | |||
| 7389 | * a Session ID or ticket is present, it must be a resumed session. | |||
| 7390 | * Normally this should be done at the Finished message, but that may be | |||
| 7391 | * encrypted so we do it here, at the last cleartext message. */ | |||
| 7392 | if (is_from_server && ssl) { | |||
| 7393 | if (session->is_session_resumed) { | |||
| 7394 | const char *resumed = NULL((void*)0); | |||
| 7395 | if (ssl->session_ticket.data_len) { | |||
| 7396 | resumed = "Session Ticket"; | |||
| 7397 | } else if (ssl->session_id.data_len) { | |||
| 7398 | resumed = "Session ID"; | |||
| 7399 | } | |||
| 7400 | if (resumed) { | |||
| 7401 | ssl_debug_printf("%s Session resumption using %s\n", G_STRFUNC((const char*) (__func__)), resumed); | |||
| 7402 | } else { | |||
| 7403 | /* Can happen if the capture somehow starts in the middle */ | |||
| 7404 | ssl_debug_printf("%s No Session resumption, missing packets?\n", G_STRFUNC((const char*) (__func__))); | |||
| 7405 | } | |||
| 7406 | } else { | |||
| 7407 | ssl_debug_printf("%s Not using Session resumption\n", G_STRFUNC((const char*) (__func__))); | |||
| 7408 | } | |||
| 7409 | } | |||
| 7410 | if (is_from_server && session->is_session_resumed) | |||
| 7411 | expert_add_info(pinfo, ti, &hf->ei.resumed); | |||
| 7412 | } | |||
| 7413 | ||||
| 7414 | /** Begin of handshake(22) record dissections */ | |||
| 7415 | ||||
| 7416 | /* Dissects a SignatureScheme (TLS 1.3) or SignatureAndHashAlgorithm (TLS 1.2). | |||
| 7417 | * {{{ */ | |||
| 7418 | static void | |||
| 7419 | tls_dissect_signature_algorithm(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset, ja4_data_t *ja4_data) | |||
| 7420 | { | |||
| 7421 | uint32_t sighash, hashalg, sigalg; | |||
| 7422 | proto_item *ti_sigalg; | |||
| 7423 | proto_tree *sigalg_tree; | |||
| 7424 | ||||
| 7425 | ti_sigalg = proto_tree_add_item_ret_uint(tree, hf->hf.hs_sig_hash_alg, tvb, | |||
| 7426 | offset, 2, ENC_BIG_ENDIAN0x00000000, &sighash); | |||
| 7427 | if (ja4_data) { | |||
| 7428 | wmem_list_append(ja4_data->sighash_list, GUINT_TO_POINTER(sighash)((gpointer) (gulong) (sighash))); | |||
| 7429 | } | |||
| 7430 | ||||
| 7431 | sigalg_tree = proto_item_add_subtree(ti_sigalg, hf->ett.hs_sig_hash_alg); | |||
| 7432 | ||||
| 7433 | /* TLS 1.2: SignatureAndHashAlgorithm { hash, signature } */ | |||
| 7434 | proto_tree_add_item_ret_uint(sigalg_tree, hf->hf.hs_sig_hash_hash, tvb, | |||
| 7435 | offset, 1, ENC_BIG_ENDIAN0x00000000, &hashalg); | |||
| 7436 | proto_tree_add_item_ret_uint(sigalg_tree, hf->hf.hs_sig_hash_sig, tvb, | |||
| 7437 | offset + 1, 1, ENC_BIG_ENDIAN0x00000000, &sigalg); | |||
| 7438 | ||||
| 7439 | /* No TLS 1.3 SignatureScheme? Fallback to TLS 1.2 interpretation. */ | |||
| 7440 | if (!try_val_to_str(sighash, tls13_signature_algorithm)) { | |||
| 7441 | proto_item_set_text(ti_sigalg, "Signature Algorithm: %s %s (0x%04x)", | |||
| 7442 | val_to_str_const(hashalg, tls_hash_algorithm, "Unknown"), | |||
| 7443 | val_to_str_const(sigalg, tls_signature_algorithm, "Unknown"), | |||
| 7444 | sighash); | |||
| 7445 | } | |||
| 7446 | } /* }}} */ | |||
| 7447 | ||||
| 7448 | /* dissect a list of hash algorithms, return the number of bytes dissected | |||
| 7449 | this is used for the signature algorithms extension and for the | |||
| 7450 | TLS1.2 certificate request. {{{ */ | |||
| 7451 | static int | |||
| 7452 | ssl_dissect_hash_alg_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | |||
| 7453 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, ja4_data_t *ja4_data) | |||
| 7454 | { | |||
| 7455 | /* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | |||
| 7456 | * struct { | |||
| 7457 | * HashAlgorithm hash; | |||
| 7458 | * SignatureAlgorithm signature; | |||
| 7459 | * } SignatureAndHashAlgorithm; | |||
| 7460 | * SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>; | |||
| 7461 | */ | |||
| 7462 | proto_tree *subtree; | |||
| 7463 | proto_item *ti; | |||
| 7464 | unsigned sh_alg_length; | |||
| 7465 | uint32_t next_offset; | |||
| 7466 | ||||
| 7467 | /* SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2> */ | |||
| 7468 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sh_alg_length, | |||
| 7469 | hf->hf.hs_sig_hash_alg_len, 2, UINT16_MAX(65535) - 1)) { | |||
| 7470 | return offset_end; | |||
| 7471 | } | |||
| 7472 | offset += 2; | |||
| 7473 | next_offset = offset + sh_alg_length; | |||
| 7474 | ||||
| 7475 | ti = proto_tree_add_none_format(tree, hf->hf.hs_sig_hash_algs, tvb, offset, sh_alg_length, | |||
| 7476 | "Signature Hash Algorithms (%u algorithm%s)", | |||
| 7477 | sh_alg_length / 2, plurality(sh_alg_length / 2, "", "s")((sh_alg_length / 2) == 1 ? ("") : ("s"))); | |||
| 7478 | subtree = proto_item_add_subtree(ti, hf->ett.hs_sig_hash_algs); | |||
| 7479 | ||||
| 7480 | while (offset + 2 <= next_offset) { | |||
| 7481 | tls_dissect_signature_algorithm(hf, tvb, subtree, offset, ja4_data); | |||
| 7482 | offset += 2; | |||
| 7483 | } | |||
| 7484 | ||||
| 7485 | if (!ssl_end_vector(hf, tvb, pinfo, subtree, offset, next_offset)) { | |||
| 7486 | offset = next_offset; | |||
| 7487 | } | |||
| 7488 | ||||
| 7489 | return offset; | |||
| 7490 | } /* }}} */ | |||
| 7491 | ||||
| 7492 | /* Dissection of DistinguishedName (for CertificateRequest and | |||
| 7493 | * certificate_authorities extension). {{{ */ | |||
| 7494 | static uint32_t | |||
| 7495 | tls_dissect_certificate_authorities(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 7496 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 7497 | { | |||
| 7498 | proto_item *ti; | |||
| 7499 | proto_tree *subtree; | |||
| 7500 | uint32_t dnames_length, next_offset; | |||
| 7501 | asn1_ctx_t asn1_ctx; | |||
| 7502 | int dnames_count = 100; /* the maximum number of DNs to add to the tree */ | |||
| 7503 | ||||
| 7504 | /* Note: minimum length is 0 for TLS 1.1/1.2 and 3 for earlier/later */ | |||
| 7505 | /* DistinguishedName certificate_authorities<0..2^16-1> */ | |||
| 7506 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &dnames_length, | |||
| 7507 | hf->hf.hs_dnames_len, 0, UINT16_MAX(65535))) { | |||
| 7508 | return offset_end; | |||
| 7509 | } | |||
| 7510 | offset += 2; | |||
| 7511 | next_offset = offset + dnames_length; | |||
| 7512 | ||||
| 7513 | if (dnames_length > 0) { | |||
| 7514 | ti = proto_tree_add_none_format(tree, | |||
| 7515 | hf->hf.hs_dnames, | |||
| 7516 | tvb, offset, dnames_length, | |||
| 7517 | "Distinguished Names (%d byte%s)", | |||
| 7518 | dnames_length, | |||
| 7519 | plurality(dnames_length, "", "s")((dnames_length) == 1 ? ("") : ("s"))); | |||
| 7520 | subtree = proto_item_add_subtree(ti, hf->ett.dnames); | |||
| 7521 | ||||
| 7522 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
| 7523 | ||||
| 7524 | while (offset < next_offset) { | |||
| 7525 | /* get the length of the current certificate */ | |||
| 7526 | uint32_t name_length; | |||
| 7527 | ||||
| 7528 | if (dnames_count-- == 0) { | |||
| 7529 | /* stop adding to tree when the list is considered too large | |||
| 7530 | * https://gitlab.com/wireshark/wireshark/-/issues/16202 | |||
| 7531 | Note: dnames_count must be set low enough not to hit the | |||
| 7532 | limit set by PINFO_LAYER_MAX_RECURSION_DEPTH in packet.c | |||
| 7533 | */ | |||
| 7534 | ti = proto_tree_add_item(subtree, hf->hf.hs_dnames_truncated, | |||
| 7535 | tvb, offset, next_offset - offset, ENC_NA0x00000000); | |||
| 7536 | proto_item_set_generated(ti); | |||
| 7537 | return next_offset; | |||
| 7538 | } | |||
| 7539 | ||||
| 7540 | /* opaque DistinguishedName<1..2^16-1> */ | |||
| 7541 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &name_length, | |||
| 7542 | hf->hf.hs_dname_len, 1, UINT16_MAX(65535))) { | |||
| 7543 | return next_offset; | |||
| 7544 | } | |||
| 7545 | offset += 2; | |||
| 7546 | ||||
| 7547 | dissect_x509if_DistinguishedName(false0, tvb, offset, &asn1_ctx, | |||
| 7548 | subtree, hf->hf.hs_dname); | |||
| 7549 | offset += name_length; | |||
| 7550 | } | |||
| 7551 | } | |||
| 7552 | return offset; | |||
| 7553 | } /* }}} */ | |||
| 7554 | ||||
| 7555 | ||||
| 7556 | /** TLS Extensions (in Client Hello and Server Hello). {{{ */ | |||
| 7557 | static int | |||
| 7558 | ssl_dissect_hnd_hello_ext_sig_hash_algs(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 7559 | proto_tree *tree, packet_info* pinfo, uint32_t offset, uint32_t offset_end, ja4_data_t *ja4_data) | |||
| 7560 | { | |||
| 7561 | return ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, ja4_data); | |||
| 7562 | } | |||
| 7563 | ||||
| 7564 | static int | |||
| 7565 | ssl_dissect_hnd_ext_delegated_credentials(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 7566 | proto_tree *tree, packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type) | |||
| 7567 | { | |||
| 7568 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
| 7569 | /* | |||
| 7570 | * struct { | |||
| 7571 | * SignatureScheme supported_signature_algorithm<2..2^16-2>; | |||
| 7572 | * } SignatureSchemeList; | |||
| 7573 | */ | |||
| 7574 | ||||
| 7575 | return ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, NULL((void*)0)); | |||
| 7576 | } else { | |||
| 7577 | asn1_ctx_t asn1_ctx; | |||
| 7578 | unsigned pubkey_length, sign_length; | |||
| 7579 | ||||
| 7580 | /* | |||
| 7581 | * struct { | |||
| 7582 | * uint32 valid_time; | |||
| 7583 | * SignatureScheme expected_cert_verify_algorithm; | |||
| 7584 | * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; | |||
| 7585 | * } Credential; | |||
| 7586 | * | |||
| 7587 | * struct { | |||
| 7588 | * Credential cred; | |||
| 7589 | * SignatureScheme algorithm; | |||
| 7590 | * opaque signature<0..2^16-1>; | |||
| 7591 | * } DelegatedCredential; | |||
| 7592 | */ | |||
| 7593 | ||||
| 7594 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
| 7595 | ||||
| 7596 | proto_tree_add_item(tree, hf->hf.hs_cred_valid_time, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
| 7597 | offset += 4; | |||
| 7598 | ||||
| 7599 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); | |||
| 7600 | offset += 2; | |||
| 7601 | ||||
| 7602 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &pubkey_length, | |||
| 7603 | hf->hf.hs_cred_pubkey_len, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
| 7604 | return offset_end; | |||
| 7605 | } | |||
| 7606 | offset += 3; | |||
| 7607 | dissect_x509af_SubjectPublicKeyInfo(false0, tvb, offset, &asn1_ctx, tree, hf->hf.hs_cred_pubkey); | |||
| 7608 | offset += pubkey_length; | |||
| 7609 | ||||
| 7610 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); | |||
| 7611 | offset += 2; | |||
| 7612 | ||||
| 7613 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sign_length, | |||
| 7614 | hf->hf.hs_cred_signature_len, 1, UINT16_MAX(65535))) { | |||
| 7615 | return offset_end; | |||
| 7616 | } | |||
| 7617 | offset += 2; | |||
| 7618 | proto_tree_add_item(tree, hf->hf.hs_cred_signature, | |||
| 7619 | tvb, offset, sign_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
| 7620 | offset += sign_length; | |||
| 7621 | ||||
| 7622 | return offset; | |||
| 7623 | } | |||
| 7624 | } | |||
| 7625 | ||||
| 7626 | static int | |||
| 7627 | ssl_dissect_hnd_hello_ext_alps(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 7628 | packet_info *pinfo, proto_tree *tree, | |||
| 7629 | uint32_t offset, uint32_t offset_end, | |||
| 7630 | uint8_t hnd_type) | |||
| 7631 | { | |||
| 7632 | ||||
| 7633 | /* https://datatracker.ietf.org/doc/html/draft-vvv-tls-alps-01#section-4 */ | |||
| 7634 | ||||
| 7635 | switch (hnd_type) { | |||
| 7636 | case SSL_HND_CLIENT_HELLO: { | |||
| 7637 | proto_tree *alps_tree; | |||
| 7638 | proto_item *ti; | |||
| 7639 | uint32_t next_offset, alps_length, name_length; | |||
| 7640 | ||||
| 7641 | /* | |||
| 7642 | * opaque ProtocolName<1..2^8-1>; | |||
| 7643 | * struct { | |||
| 7644 | * ProtocolName supported_protocols<2..2^16-1> | |||
| 7645 | * } ApplicationSettingsSupport; | |||
| 7646 | */ | |||
| 7647 | ||||
| 7648 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &alps_length, | |||
| 7649 | hf->hf.hs_ext_alps_len, 2, UINT16_MAX(65535))) { | |||
| 7650 | return offset_end; | |||
| 7651 | } | |||
| 7652 | offset += 2; | |||
| 7653 | next_offset = offset + alps_length; | |||
| 7654 | ||||
| 7655 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_alps_alpn_list, | |||
| 7656 | tvb, offset, alps_length, ENC_NA0x00000000); | |||
| 7657 | alps_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_alps); | |||
| 7658 | ||||
| 7659 | /* Parse list (note missing check for end of vector, ssl_add_vector below | |||
| 7660 | * ensures that data is always available.) */ | |||
| 7661 | while (offset < next_offset) { | |||
| 7662 | if (!ssl_add_vector(hf, tvb, pinfo, alps_tree, offset, next_offset, &name_length, | |||
| 7663 | hf->hf.hs_ext_alps_alpn_str_len, 1, UINT8_MAX(255))) { | |||
| 7664 | return next_offset; | |||
| 7665 | } | |||
| 7666 | offset++; | |||
| 7667 | ||||
| 7668 | proto_tree_add_item(alps_tree, hf->hf.hs_ext_alps_alpn_str, | |||
| 7669 | tvb, offset, name_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
| 7670 | offset += name_length; | |||
| 7671 | } | |||
| 7672 | ||||
| 7673 | return offset; | |||
| 7674 | } | |||
| 7675 | case SSL_HND_ENCRYPTED_EXTS: | |||
| 7676 | /* Opaque blob */ | |||
| 7677 | proto_tree_add_item(tree, hf->hf.hs_ext_alps_settings, | |||
| 7678 | tvb, offset, offset_end - offset, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
| 7679 | break; | |||
| 7680 | } | |||
| 7681 | ||||
| 7682 | return offset_end; | |||
| 7683 | } | |||
| 7684 | ||||
| 7685 | static int | |||
| 7686 | ssl_dissect_hnd_hello_ext_alpn(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 7687 | packet_info *pinfo, proto_tree *tree, | |||
| 7688 | uint32_t offset, uint32_t offset_end, | |||
| 7689 | uint8_t hnd_type, SslSession *session, | |||
| 7690 | bool_Bool is_dtls, ja4_data_t *ja4_data) | |||
| 7691 | { | |||
| 7692 | ||||
| 7693 | /* https://tools.ietf.org/html/rfc7301#section-3.1 | |||
| 7694 | * opaque ProtocolName<1..2^8-1>; | |||
| 7695 | * struct { | |||
| 7696 | * ProtocolName protocol_name_list<2..2^16-1> | |||
| 7697 | * } ProtocolNameList; | |||
| 7698 | */ | |||
| 7699 | proto_tree *alpn_tree; | |||
| 7700 | proto_item *ti; | |||
| 7701 | uint32_t next_offset, alpn_length, name_length; | |||
| 7702 | uint8_t *proto_name = NULL((void*)0), *client_proto_name = NULL((void*)0); | |||
| 7703 | ||||
| 7704 | /* ProtocolName protocol_name_list<2..2^16-1> */ | |||
| 7705 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &alpn_length, | |||
| 7706 | hf->hf.hs_ext_alpn_len, 2, UINT16_MAX(65535))) { | |||
| 7707 | return offset_end; | |||
| 7708 | } | |||
| 7709 | offset += 2; | |||
| 7710 | next_offset = offset + alpn_length; | |||
| 7711 | ||||
| 7712 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_alpn_list, | |||
| 7713 | tvb, offset, alpn_length, ENC_NA0x00000000); | |||
| 7714 | alpn_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_alpn); | |||
| 7715 | ||||
| 7716 | /* Parse list (note missing check for end of vector, ssl_add_vector below | |||
| 7717 | * ensures that data is always available.) */ | |||
| 7718 | while (offset < next_offset) { | |||
| 7719 | /* opaque ProtocolName<1..2^8-1> */ | |||
| 7720 | if (!ssl_add_vector(hf, tvb, pinfo, alpn_tree, offset, next_offset, &name_length, | |||
| 7721 | hf->hf.hs_ext_alpn_str_len, 1, UINT8_MAX(255))) { | |||
| 7722 | return next_offset; | |||
| 7723 | } | |||
| 7724 | offset++; | |||
| 7725 | ||||
| 7726 | proto_tree_add_item(alpn_tree, hf->hf.hs_ext_alpn_str, | |||
| 7727 | tvb, offset, name_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
| 7728 | if (ja4_data && wmem_strbuf_get_len(ja4_data->alpn) == 0) { | |||
| 7729 | const char alpn_first_char = (char)tvb_get_uint8(tvb,offset); | |||
| 7730 | const char alpn_last_char = (char)tvb_get_uint8(tvb,offset + name_length - 1); | |||
| 7731 | if ((g_ascii_isprint(alpn_first_char)((g_ascii_table[(guchar) (alpn_first_char)] & G_ASCII_PRINT ) != 0)) && g_ascii_isprint(alpn_last_char)((g_ascii_table[(guchar) (alpn_last_char)] & G_ASCII_PRINT ) != 0)) { | |||
| 7732 | wmem_strbuf_append_printf(ja4_data->alpn, "%c%c", alpn_first_char, alpn_last_char); | |||
| 7733 | } | |||
| 7734 | else { | |||
| 7735 | wmem_strbuf_append_printf(ja4_data->alpn, "%x%x",(alpn_first_char >> 4) & 0x0F, | |||
| 7736 | alpn_last_char & 0x0F); | |||
| 7737 | } | |||
| 7738 | } | |||
| 7739 | /* Remember first ALPN ProtocolName entry for server. */ | |||
| 7740 | if (hnd_type == SSL_HND_SERVER_HELLO || hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS) { | |||
| 7741 | /* '\0'-terminated string for dissector table match and prefix | |||
| 7742 | * comparison purposes. */ | |||
| 7743 | proto_name = tvb_get_string_enc(pinfo->pool, tvb, offset, | |||
| 7744 | name_length, ENC_ASCII0x00000000); | |||
| 7745 | } else if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
| 7746 | client_proto_name = tvb_get_string_enc(pinfo->pool, tvb, offset, | |||
| 7747 | name_length, ENC_ASCII0x00000000); | |||
| 7748 | } | |||
| 7749 | offset += name_length; | |||
| 7750 | } | |||
| 7751 | ||||
| 7752 | /* If ALPN is given in ServerHello, then ProtocolNameList MUST contain | |||
| 7753 | * exactly one "ProtocolName". */ | |||
| 7754 | if (proto_name) { | |||
| 7755 | dissector_handle_t handle; | |||
| 7756 | ||||
| 7757 | session->alpn_name = wmem_strdup(wmem_file_scope(), proto_name); | |||
| 7758 | ||||
| 7759 | if (is_dtls) { | |||
| 7760 | handle = dissector_get_string_handle(dtls_alpn_dissector_table, | |||
| 7761 | proto_name); | |||
| 7762 | } else { | |||
| 7763 | handle = dissector_get_string_handle(ssl_alpn_dissector_table, | |||
| 7764 | proto_name); | |||
| 7765 | if (handle == NULL((void*)0)) { | |||
| 7766 | /* Try prefix matching */ | |||
| 7767 | for (size_t i = 0; i < G_N_ELEMENTS(ssl_alpn_prefix_match_protocols)(sizeof (ssl_alpn_prefix_match_protocols) / sizeof ((ssl_alpn_prefix_match_protocols )[0])); i++) { | |||
| 7768 | const ssl_alpn_prefix_match_protocol_t *alpn_proto = &ssl_alpn_prefix_match_protocols[i]; | |||
| 7769 | ||||
| 7770 | /* string_string is inappropriate as it compares strings | |||
| 7771 | * while "byte strings MUST NOT be truncated" (RFC 7301) */ | |||
| 7772 | if (g_str_has_prefix(proto_name, alpn_proto->proto_prefix)(__builtin_constant_p (alpn_proto->proto_prefix)? __extension__ ({ const char * const __str = (proto_name); const char * const __prefix = (alpn_proto->proto_prefix); gboolean __result = (0); if (__str == ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix); else { const size_t __str_len = strlen (((__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix))); if (__str_len >= __prefix_len ) __result = memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix )), __prefix_len) == 0; } __result; }) : (g_str_has_prefix) ( proto_name, alpn_proto->proto_prefix) )) { | |||
| 7773 | handle = find_dissector(alpn_proto->dissector_name); | |||
| 7774 | break; | |||
| 7775 | } | |||
| 7776 | } | |||
| 7777 | } | |||
| 7778 | } | |||
| 7779 | if (handle != NULL((void*)0)) { | |||
| 7780 | /* ProtocolName match, so set the App data dissector handle. | |||
| 7781 | * This may override protocols given via the UAT dialog, but | |||
| 7782 | * since the ALPN hint is precise, do it anyway. */ | |||
| 7783 | ssl_debug_printf("%s: changing handle %p to %p (%s)", G_STRFUNC((const char*) (__func__)), | |||
| 7784 | (void *)session->app_handle, | |||
| 7785 | (void *)handle, | |||
| 7786 | dissector_handle_get_dissector_name(handle)); | |||
| 7787 | session->app_handle = handle; | |||
| 7788 | } | |||
| 7789 | } else if (client_proto_name) { | |||
| 7790 | // No current use for looking up the handle as the only consumer of this API is currently the QUIC dissector | |||
| 7791 | // and it just needs the string since there are/were various HTTP/3 ALPNs to check for. | |||
| 7792 | session->client_alpn_name = wmem_strdup(wmem_file_scope(), client_proto_name); | |||
| 7793 | } | |||
| 7794 | ||||
| 7795 | return offset; | |||
| 7796 | } | |||
| 7797 | ||||
| 7798 | static int | |||
| 7799 | ssl_dissect_hnd_hello_ext_npn(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 7800 | packet_info *pinfo, proto_tree *tree, | |||
| 7801 | uint32_t offset, uint32_t offset_end) | |||
| 7802 | { | |||
| 7803 | /* https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-3 | |||
| 7804 | * The "extension_data" field of a "next_protocol_negotiation" extension | |||
| 7805 | * in a "ServerHello" contains an optional list of protocols advertised | |||
| 7806 | * by the server. Protocols are named by opaque, non-empty byte strings | |||
| 7807 | * and the list of protocols is serialized as a concatenation of 8-bit, | |||
| 7808 | * length prefixed byte strings. Implementations MUST ensure that the | |||
| 7809 | * empty string is not included and that no byte strings are truncated. | |||
| 7810 | */ | |||
| 7811 | uint32_t npn_length; | |||
| 7812 | proto_tree *npn_tree; | |||
| 7813 | ||||
| 7814 | /* List is optional, do not add tree if there are no entries. */ | |||
| 7815 | if (offset == offset_end) { | |||
| 7816 | return offset; | |||
| 7817 | } | |||
| 7818 | ||||
| 7819 | npn_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_npn, NULL((void*)0), "Next Protocol Negotiation"); | |||
| 7820 | ||||
| 7821 | while (offset < offset_end) { | |||
| 7822 | /* non-empty, 8-bit length prefixed strings means range 1..255 */ | |||
| 7823 | if (!ssl_add_vector(hf, tvb, pinfo, npn_tree, offset, offset_end, &npn_length, | |||
| 7824 | hf->hf.hs_ext_npn_str_len, 1, UINT8_MAX(255))) { | |||
| 7825 | return offset_end; | |||
| 7826 | } | |||
| 7827 | offset++; | |||
| 7828 | ||||
| 7829 | proto_tree_add_item(npn_tree, hf->hf.hs_ext_npn_str, | |||
| 7830 | tvb, offset, npn_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
| 7831 | offset += npn_length; | |||
| 7832 | } | |||
| 7833 | ||||
| 7834 | return offset; | |||
| 7835 | } | |||
| 7836 | ||||
| 7837 | static int | |||
| 7838 | ssl_dissect_hnd_hello_ext_reneg_info(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 7839 | packet_info *pinfo, proto_tree *tree, | |||
| 7840 | uint32_t offset, uint32_t offset_end) | |||
| 7841 | { | |||
| 7842 | /* https://tools.ietf.org/html/rfc5746#section-3.2 | |||
| 7843 | * struct { | |||
| 7844 | * opaque renegotiated_connection<0..255>; | |||
| 7845 | * } RenegotiationInfo; | |||
| 7846 | * | |||
| 7847 | */ | |||
| 7848 | proto_tree *reneg_info_tree; | |||
| 7849 | uint32_t reneg_info_length; | |||
| 7850 | ||||
| 7851 | reneg_info_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_reneg_info, NULL((void*)0), "Renegotiation Info extension"); | |||
| 7852 | ||||
| 7853 | /* opaque renegotiated_connection<0..255> */ | |||
| 7854 | if (!ssl_add_vector(hf, tvb, pinfo, reneg_info_tree, offset, offset_end, &reneg_info_length, | |||
| 7855 | hf->hf.hs_ext_reneg_info_len, 0, 255)) { | |||
| 7856 | return offset_end; | |||
| 7857 | } | |||
| 7858 | offset++; | |||
| 7859 | ||||
| 7860 | if (reneg_info_length > 0) { | |||
| 7861 | proto_tree_add_item(reneg_info_tree, hf->hf.hs_ext_reneg_info, tvb, offset, reneg_info_length, ENC_NA0x00000000); | |||
| 7862 | offset += reneg_info_length; | |||
| 7863 | } | |||
| 7864 | ||||
| 7865 | return offset; | |||
| 7866 | } | |||
| 7867 | ||||
| 7868 | static int | |||
| 7869 | ssl_dissect_hnd_hello_ext_key_share_entry(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 7870 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 7871 | const char **group_name_out) | |||
| 7872 | { | |||
| 7873 | /* RFC 8446 Section 4.2.8 | |||
| 7874 | * struct { | |||
| 7875 | * NamedGroup group; | |||
| 7876 | * opaque key_exchange<1..2^16-1>; | |||
| 7877 | * } KeyShareEntry; | |||
| 7878 | */ | |||
| 7879 | uint32_t key_exchange_length, group; | |||
| 7880 | proto_tree *ks_tree; | |||
| 7881 | ||||
| 7882 | ks_tree = proto_tree_add_subtree(tree, tvb, offset, 4, hf->ett.hs_ext_key_share_ks, NULL((void*)0), "Key Share Entry"); | |||
| 7883 | ||||
| 7884 | proto_tree_add_item_ret_uint(ks_tree, hf->hf.hs_ext_key_share_group, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &group); | |||
| 7885 | offset += 2; | |||
| 7886 | const char *group_name = val_to_str(group, ssl_extension_curves, "Unknown (%u)"); | |||
| 7887 | proto_item_append_text(ks_tree, ": Group: %s", group_name); | |||
| 7888 | if (group_name_out) { | |||
| 7889 | *group_name_out = !IS_GREASE_TLS(group)((((group) & 0x0f0f) == 0x0a0a) && (((group) & 0xff) == (((group)>>8) & 0xff))) ? group_name : NULL((void*)0); | |||
| 7890 | } | |||
| 7891 | ||||
| 7892 | /* opaque key_exchange<1..2^16-1> */ | |||
| 7893 | if (!ssl_add_vector(hf, tvb, pinfo, ks_tree, offset, offset_end, &key_exchange_length, | |||
| 7894 | hf->hf.hs_ext_key_share_key_exchange_length, 1, UINT16_MAX(65535))) { | |||
| 7895 | return offset_end; /* Bad (possible truncated) length, skip to end of KeyShare extension. */ | |||
| 7896 | } | |||
| 7897 | offset += 2; | |||
| 7898 | proto_item_set_len(ks_tree, 2 + 2 + key_exchange_length); | |||
| 7899 | proto_item_append_text(ks_tree, ", Key Exchange length: %u", key_exchange_length); | |||
| 7900 | ||||
| 7901 | proto_tree_add_item(ks_tree, hf->hf.hs_ext_key_share_key_exchange, tvb, offset, key_exchange_length, ENC_NA0x00000000); | |||
| 7902 | offset += key_exchange_length; | |||
| 7903 | ||||
| 7904 | return offset; | |||
| 7905 | } | |||
| 7906 | ||||
| 7907 | static int | |||
| 7908 | ssl_dissect_hnd_hello_ext_key_share(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 7909 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 7910 | uint8_t hnd_type) | |||
| 7911 | { | |||
| 7912 | proto_tree *key_share_tree; | |||
| 7913 | uint32_t next_offset; | |||
| 7914 | uint32_t client_shares_length; | |||
| 7915 | uint32_t group; | |||
| 7916 | const char *group_name = NULL((void*)0); | |||
| 7917 | ||||
| 7918 | if (offset_end <= offset) { /* Check if ext_len == 0 and "overflow" (offset + ext_len) > uint32_t) */ | |||
| 7919 | return offset; | |||
| 7920 | } | |||
| 7921 | ||||
| 7922 | key_share_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_key_share, NULL((void*)0), "Key Share extension"); | |||
| 7923 | ||||
| 7924 | switch(hnd_type){ | |||
| 7925 | case SSL_HND_CLIENT_HELLO: | |||
| 7926 | /* KeyShareEntry client_shares<0..2^16-1> */ | |||
| 7927 | if (!ssl_add_vector(hf, tvb, pinfo, key_share_tree, offset, offset_end, &client_shares_length, | |||
| 7928 | hf->hf.hs_ext_key_share_client_length, 0, UINT16_MAX(65535))) { | |||
| 7929 | return offset_end; | |||
| 7930 | } | |||
| 7931 | offset += 2; | |||
| 7932 | next_offset = offset + client_shares_length; | |||
| 7933 | const char *sep = " "; | |||
| 7934 | while (offset + 4 <= next_offset) { /* (NamedGroup (2 bytes), key_exchange (1 byte for length, 1 byte minimum data) */ | |||
| 7935 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, key_share_tree, offset, next_offset, &group_name); | |||
| 7936 | if (group_name) { | |||
| 7937 | proto_item_append_text(tree, "%s%s", sep, group_name); | |||
| 7938 | sep = ", "; | |||
| 7939 | } | |||
| 7940 | } | |||
| 7941 | if (!ssl_end_vector(hf, tvb, pinfo, key_share_tree, offset, next_offset)) { | |||
| 7942 | return next_offset; | |||
| 7943 | } | |||
| 7944 | break; | |||
| 7945 | case SSL_HND_SERVER_HELLO: | |||
| 7946 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, key_share_tree, offset, offset_end, &group_name); | |||
| 7947 | if (group_name) { | |||
| 7948 | proto_item_append_text(tree, " %s", group_name); | |||
| 7949 | } | |||
| 7950 | break; | |||
| 7951 | case SSL_HND_HELLO_RETRY_REQUEST: | |||
| 7952 | proto_tree_add_item_ret_uint(key_share_tree, hf->hf.hs_ext_key_share_selected_group, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &group); | |||
| 7953 | offset += 2; | |||
| 7954 | group_name = val_to_str(group, ssl_extension_curves, "Unknown (%u)"); | |||
| 7955 | proto_item_append_text(tree, " %s", group_name); | |||
| 7956 | break; | |||
| 7957 | default: /* no default */ | |||
| 7958 | break; | |||
| 7959 | } | |||
| 7960 | ||||
| 7961 | return offset; | |||
| 7962 | } | |||
| 7963 | ||||
| 7964 | static int | |||
| 7965 | ssl_dissect_hnd_hello_ext_pre_shared_key(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 7966 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 7967 | uint8_t hnd_type) | |||
| 7968 | { | |||
| 7969 | /* RFC 8446 Section 4.2.11 | |||
| 7970 | * struct { | |||
| 7971 | * opaque identity<1..2^16-1>; | |||
| 7972 | * uint32 obfuscated_ticket_age; | |||
| 7973 | * } PskIdentity; | |||
| 7974 | * opaque PskBinderEntry<32..255>; | |||
| 7975 | * struct { | |||
| 7976 | * select (Handshake.msg_type) { | |||
| 7977 | * case client_hello: | |||
| 7978 | * PskIdentity identities<7..2^16-1>; | |||
| 7979 | * PskBinderEntry binders<33..2^16-1>; | |||
| 7980 | * case server_hello: | |||
| 7981 | * uint16 selected_identity; | |||
| 7982 | * }; | |||
| 7983 | * } PreSharedKeyExtension; | |||
| 7984 | */ | |||
| 7985 | ||||
| 7986 | proto_tree *psk_tree; | |||
| 7987 | ||||
| 7988 | psk_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_pre_shared_key, NULL((void*)0), "Pre-Shared Key extension"); | |||
| 7989 | ||||
| 7990 | switch (hnd_type){ | |||
| 7991 | case SSL_HND_CLIENT_HELLO: { | |||
| 7992 | uint32_t identities_length, identities_end, binders_length; | |||
| 7993 | ||||
| 7994 | /* PskIdentity identities<7..2^16-1> */ | |||
| 7995 | if (!ssl_add_vector(hf, tvb, pinfo, psk_tree, offset, offset_end, &identities_length, | |||
| 7996 | hf->hf.hs_ext_psk_identities_length, 7, UINT16_MAX(65535))) { | |||
| 7997 | return offset_end; | |||
| 7998 | } | |||
| 7999 | offset += 2; | |||
| 8000 | identities_end = offset + identities_length; | |||
| 8001 | ||||
| 8002 | while (offset < identities_end) { | |||
| 8003 | uint32_t identity_length; | |||
| 8004 | proto_tree *identity_tree; | |||
| 8005 | ||||
| 8006 | identity_tree = proto_tree_add_subtree(psk_tree, tvb, offset, 4, hf->ett.hs_ext_psk_identity, NULL((void*)0), "PSK Identity ("); | |||
| 8007 | ||||
| 8008 | /* opaque identity<1..2^16-1> */ | |||
| 8009 | if (!ssl_add_vector(hf, tvb, pinfo, identity_tree, offset, identities_end, &identity_length, | |||
| 8010 | hf->hf.hs_ext_psk_identity_identity_length, 1, UINT16_MAX(65535))) { | |||
| 8011 | return identities_end; | |||
| 8012 | } | |||
| 8013 | offset += 2; | |||
| 8014 | proto_item_append_text(identity_tree, "length: %u)", identity_length); | |||
| 8015 | ||||
| 8016 | proto_tree_add_item(identity_tree, hf->hf.hs_ext_psk_identity_identity, tvb, offset, identity_length, ENC_BIG_ENDIAN0x00000000); | |||
| 8017 | offset += identity_length; | |||
| 8018 | ||||
| 8019 | proto_tree_add_item(identity_tree, hf->hf.hs_ext_psk_identity_obfuscated_ticket_age, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
| 8020 | offset += 4; | |||
| 8021 | ||||
| 8022 | proto_item_set_len(identity_tree, 2 + identity_length + 4); | |||
| 8023 | } | |||
| 8024 | if (!ssl_end_vector(hf, tvb, pinfo, psk_tree, offset, identities_end)) { | |||
| 8025 | offset = identities_end; | |||
| 8026 | } | |||
| 8027 | ||||
| 8028 | /* PskBinderEntry binders<33..2^16-1> */ | |||
| 8029 | if (!ssl_add_vector(hf, tvb, pinfo, psk_tree, offset, offset_end, &binders_length, | |||
| 8030 | hf->hf.hs_ext_psk_binders_length, 33, UINT16_MAX(65535))) { | |||
| 8031 | return offset_end; | |||
| 8032 | } | |||
| 8033 | offset += 2; | |||
| 8034 | ||||
| 8035 | proto_item *binders_item; | |||
| 8036 | proto_tree *binders_tree; | |||
| 8037 | binders_item = proto_tree_add_item(psk_tree, hf->hf.hs_ext_psk_binders, tvb, offset, binders_length, ENC_NA0x00000000); | |||
| 8038 | binders_tree = proto_item_add_subtree(binders_item, hf->ett.hs_ext_psk_binders); | |||
| 8039 | uint32_t binders_end = offset + binders_length; | |||
| 8040 | while (offset < binders_end) { | |||
| 8041 | uint32_t binder_length; | |||
| 8042 | proto_item *binder_item; | |||
| 8043 | proto_tree *binder_tree; | |||
| 8044 | ||||
| 8045 | binder_item = proto_tree_add_item(binders_tree, hf->hf.hs_ext_psk_binder, tvb, offset, 1, ENC_NA0x00000000); | |||
| 8046 | binder_tree = proto_item_add_subtree(binder_item, hf->ett.hs_ext_psk_binder); | |||
| 8047 | ||||
| 8048 | /* opaque PskBinderEntry<32..255>; */ | |||
| 8049 | if (!ssl_add_vector(hf, tvb, pinfo, binder_tree, offset, binders_end, &binder_length, | |||
| 8050 | hf->hf.hs_ext_psk_binder_binder_length, 32, 255)) { | |||
| 8051 | return binders_end; | |||
| 8052 | } | |||
| 8053 | offset += 1; | |||
| 8054 | proto_item_append_text(binder_tree, " (length: %u)", binder_length); | |||
| 8055 | ||||
| 8056 | proto_tree_add_item(binder_tree, hf->hf.hs_ext_psk_binder_binder, tvb, offset, binder_length, ENC_BIG_ENDIAN0x00000000); | |||
| 8057 | offset += binder_length; | |||
| 8058 | ||||
| 8059 | proto_item_set_end(binder_item, tvb, offset); | |||
| 8060 | } | |||
| 8061 | } | |||
| 8062 | break; | |||
| 8063 | case SSL_HND_SERVER_HELLO: { | |||
| 8064 | proto_tree_add_item(psk_tree, hf->hf.hs_ext_psk_identity_selected, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 8065 | offset += 2; | |||
| 8066 | } | |||
| 8067 | break; | |||
| 8068 | default: | |||
| 8069 | break; | |||
| 8070 | } | |||
| 8071 | ||||
| 8072 | return offset; | |||
| 8073 | } | |||
| 8074 | ||||
| 8075 | static uint32_t | |||
| 8076 | ssl_dissect_hnd_hello_ext_early_data(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), | |||
| 8077 | proto_tree *tree, uint32_t offset, uint32_t offset_end _U___attribute__((unused)), | |||
| 8078 | uint8_t hnd_type, SslDecryptSession *ssl) | |||
| 8079 | { | |||
| 8080 | /* RFC 8446 Section 4.2.10 | |||
| 8081 | * struct {} Empty; | |||
| 8082 | * struct { | |||
| 8083 | * select (Handshake.msg_type) { | |||
| 8084 | * case new_session_ticket: uint32 max_early_data_size; | |||
| 8085 | * case client_hello: Empty; | |||
| 8086 | * case encrypted_extensions: Empty; | |||
| 8087 | * }; | |||
| 8088 | * } EarlyDataIndication; | |||
| 8089 | */ | |||
| 8090 | switch (hnd_type) { | |||
| 8091 | case SSL_HND_CLIENT_HELLO: | |||
| 8092 | /* Remember that early_data will follow the handshake. */ | |||
| 8093 | if (ssl) { | |||
| 8094 | ssl_debug_printf("%s found early_data extension\n", G_STRFUNC((const char*) (__func__))); | |||
| 8095 | ssl->has_early_data = true1; | |||
| 8096 | } | |||
| 8097 | break; | |||
| 8098 | case SSL_HND_NEWSESSION_TICKET: | |||
| 8099 | proto_tree_add_item(tree, hf->hf.hs_ext_max_early_data_size, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
| 8100 | offset += 4; | |||
| 8101 | break; | |||
| 8102 | default: | |||
| 8103 | break; | |||
| 8104 | } | |||
| 8105 | return offset; | |||
| 8106 | } | |||
| 8107 | ||||
| 8108 | static uint16_t | |||
| 8109 | tls_try_get_version(bool_Bool is_dtls, uint16_t version, uint8_t *draft_version) | |||
| 8110 | { | |||
| 8111 | if (draft_version) { | |||
| 8112 | *draft_version = 0; | |||
| 8113 | } | |||
| 8114 | if (!is_dtls) { | |||
| 8115 | uint8_t tls13_draft = extract_tls13_draft_version(version); | |||
| 8116 | if (tls13_draft != 0) { | |||
| 8117 | /* This is TLS 1.3 (a draft version). */ | |||
| 8118 | if (draft_version) { | |||
| 8119 | *draft_version = tls13_draft; | |||
| 8120 | } | |||
| 8121 | version = TLSV1DOT3_VERSION0x304; | |||
| 8122 | } | |||
| 8123 | if (version == 0xfb17 || version == 0xfb1a) { | |||
| 8124 | /* Unofficial TLS 1.3 draft version for Facebook fizz. */ | |||
| 8125 | tls13_draft = (uint8_t)version; | |||
| 8126 | if (draft_version) { | |||
| 8127 | *draft_version = tls13_draft; | |||
| 8128 | } | |||
| 8129 | version = TLSV1DOT3_VERSION0x304; | |||
| 8130 | } | |||
| 8131 | } | |||
| 8132 | ||||
| 8133 | switch (version) { | |||
| 8134 | case SSLV3_VERSION0x300: | |||
| 8135 | case TLSV1_VERSION0x301: | |||
| 8136 | case TLSV1DOT1_VERSION0x302: | |||
| 8137 | case TLSV1DOT2_VERSION0x303: | |||
| 8138 | case TLSV1DOT3_VERSION0x304: | |||
| 8139 | case TLCPV1_VERSION0x101: | |||
| 8140 | if (is_dtls) | |||
| 8141 | return SSL_VER_UNKNOWN0; | |||
| 8142 | break; | |||
| 8143 | ||||
| 8144 | case DTLSV1DOT0_VERSION0xfeff: | |||
| 8145 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | |||
| 8146 | case DTLSV1DOT2_VERSION0xfefd: | |||
| 8147 | case DTLSV1DOT3_VERSION0xfefc: | |||
| 8148 | if (!is_dtls) | |||
| 8149 | return SSL_VER_UNKNOWN0; | |||
| 8150 | break; | |||
| 8151 | ||||
| 8152 | default: /* invalid version number */ | |||
| 8153 | return SSL_VER_UNKNOWN0; | |||
| 8154 | } | |||
| 8155 | ||||
| 8156 | return version; | |||
| 8157 | } | |||
| 8158 | ||||
| 8159 | static int | |||
| 8160 | ssl_dissect_hnd_hello_ext_supported_versions(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 8161 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 8162 | SslSession *session, bool_Bool is_dtls, ja4_data_t *ja4_data) | |||
| 8163 | { | |||
| 8164 | ||||
| 8165 | /* RFC 8446 Section 4.2.1 | |||
| 8166 | * struct { | |||
| 8167 | * ProtocolVersion versions<2..254>; // ClientHello | |||
| 8168 | * } SupportedVersions; | |||
| 8169 | * Note that ServerHello and HelloRetryRequest are handled by the caller. | |||
| 8170 | */ | |||
| 8171 | uint32_t versions_length, next_offset; | |||
| 8172 | /* ProtocolVersion versions<2..254> */ | |||
| 8173 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &versions_length, | |||
| 8174 | hf->hf.hs_ext_supported_versions_len, 2, 254)) { | |||
| 8175 | return offset_end; | |||
| 8176 | } | |||
| 8177 | offset++; | |||
| 8178 | next_offset = offset + versions_length; | |||
| 8179 | ||||
| 8180 | unsigned version; | |||
| 8181 | unsigned current_version, lowest_version = SSL_VER_UNKNOWN0; | |||
| 8182 | uint8_t draft_version, max_draft_version = 0; | |||
| 8183 | const char *sep = " "; | |||
| 8184 | while (offset + 2 <= next_offset) { | |||
| 8185 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_supported_version, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &version); | |||
| 8186 | offset += 2; | |||
| 8187 | ||||
| 8188 | if (!IS_GREASE_TLS(version)((((version) & 0x0f0f) == 0x0a0a) && (((version) & 0xff) == (((version)>>8) & 0xff)))) { | |||
| 8189 | proto_item_append_text(tree, "%s%s", sep, val_to_str(version, ssl_versions, "Unknown (0x%04x)")); | |||
| 8190 | sep = ", "; | |||
| 8191 | } | |||
| 8192 | ||||
| 8193 | current_version = tls_try_get_version(is_dtls, version, &draft_version); | |||
| 8194 | if (session->version == SSL_VER_UNKNOWN0) { | |||
| 8195 | if (lowest_version == SSL_VER_UNKNOWN0) { | |||
| 8196 | lowest_version = current_version; | |||
| 8197 | } else if (current_version != SSL_VER_UNKNOWN0) { | |||
| 8198 | if (!is_dtls) { | |||
| 8199 | lowest_version = MIN(lowest_version, current_version)(((lowest_version) < (current_version)) ? (lowest_version) : (current_version)); | |||
| 8200 | } else { | |||
| 8201 | lowest_version = MAX(lowest_version, current_version)(((lowest_version) > (current_version)) ? (lowest_version) : (current_version)); | |||
| 8202 | } | |||
| 8203 | } | |||
| 8204 | } | |||
| 8205 | max_draft_version = MAX(draft_version, max_draft_version)(((draft_version) > (max_draft_version)) ? (draft_version) : (max_draft_version)); | |||
| 8206 | if (ja4_data && !IS_GREASE_TLS(version)((((version) & 0x0f0f) == 0x0a0a) && (((version) & 0xff) == (((version)>>8) & 0xff)))) { | |||
| 8207 | /* The DTLS version numbers get mapped to "00" for unknown per | |||
| 8208 | * JA4 spec, but if JA4 ever does support DTLS we'll probably | |||
| 8209 | * need to take the MIN instead of MAX here for DTLS. | |||
| 8210 | */ | |||
| 8211 | ja4_data->max_version = MAX(version, ja4_data->max_version)(((version) > (ja4_data->max_version)) ? (version) : (ja4_data ->max_version)); | |||
| 8212 | } | |||
| 8213 | } | |||
| 8214 | if (session->version == SSL_VER_UNKNOWN0 && lowest_version != SSL_VER_UNKNOWN0) { | |||
| 8215 | col_set_str(pinfo->cinfo, COL_PROTOCOL, | |||
| 8216 | val_to_str_const(version, ssl_version_short_names, is_dtls ? "DTLS" : "TLS")); | |||
| 8217 | } | |||
| 8218 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { | |||
| 8219 | offset = next_offset; | |||
| 8220 | } | |||
| 8221 | ||||
| 8222 | /* XXX remove this when draft 19 support is dropped, | |||
| 8223 | * this is only required for early data decryption. */ | |||
| 8224 | if (max_draft_version) { | |||
| 8225 | session->tls13_draft_version = max_draft_version; | |||
| 8226 | } | |||
| 8227 | ||||
| 8228 | return offset; | |||
| 8229 | } | |||
| 8230 | ||||
| 8231 | static int | |||
| 8232 | ssl_dissect_hnd_hello_ext_cookie(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 8233 | packet_info *pinfo, proto_tree *tree, | |||
| 8234 | uint32_t offset, uint32_t offset_end) | |||
| 8235 | { | |||
| 8236 | /* RFC 8446 Section 4.2.2 | |||
| 8237 | * struct { | |||
| 8238 | * opaque cookie<1..2^16-1>; | |||
| 8239 | * } Cookie; | |||
| 8240 | */ | |||
| 8241 | uint32_t cookie_length; | |||
| 8242 | /* opaque cookie<1..2^16-1> */ | |||
| 8243 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cookie_length, | |||
| 8244 | hf->hf.hs_ext_cookie_len, 1, UINT16_MAX(65535))) { | |||
| 8245 | return offset_end; | |||
| 8246 | } | |||
| 8247 | offset += 2; | |||
| 8248 | ||||
| 8249 | proto_tree_add_item(tree, hf->hf.hs_ext_cookie, tvb, offset, cookie_length, ENC_NA0x00000000); | |||
| 8250 | offset += cookie_length; | |||
| 8251 | ||||
| 8252 | return offset; | |||
| 8253 | } | |||
| 8254 | ||||
| 8255 | static int | |||
| 8256 | ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 8257 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 8258 | { | |||
| 8259 | /* RFC 8446 Section 4.2.9 | |||
| 8260 | * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; | |||
| 8261 | * | |||
| 8262 | * struct { | |||
| 8263 | * PskKeyExchangeMode ke_modes<1..255>; | |||
| 8264 | * } PskKeyExchangeModes; | |||
| 8265 | */ | |||
| 8266 | uint32_t ke_modes_length, next_offset; | |||
| 8267 | ||||
| 8268 | /* PskKeyExchangeMode ke_modes<1..255> */ | |||
| 8269 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &ke_modes_length, | |||
| 8270 | hf->hf.hs_ext_psk_ke_modes_length, 1, 255)) { | |||
| 8271 | return offset_end; | |||
| 8272 | } | |||
| 8273 | offset++; | |||
| 8274 | next_offset = offset + ke_modes_length; | |||
| 8275 | ||||
| 8276 | while (offset < next_offset) { | |||
| 8277 | proto_tree_add_item(tree, hf->hf.hs_ext_psk_ke_mode, tvb, offset, 1, ENC_NA0x00000000); | |||
| 8278 | offset++; | |||
| 8279 | } | |||
| 8280 | ||||
| 8281 | return offset; | |||
| 8282 | } | |||
| 8283 | ||||
| 8284 | static uint32_t | |||
| 8285 | ssl_dissect_hnd_hello_ext_certificate_authorities(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 8286 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 8287 | { | |||
| 8288 | /* RFC 8446 Section 4.2.4 | |||
| 8289 | * opaque DistinguishedName<1..2^16-1>; | |||
| 8290 | * struct { | |||
| 8291 | * DistinguishedName authorities<3..2^16-1>; | |||
| 8292 | * } CertificateAuthoritiesExtension; | |||
| 8293 | */ | |||
| 8294 | return tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); | |||
| 8295 | } | |||
| 8296 | ||||
| 8297 | static int | |||
| 8298 | ssl_dissect_hnd_hello_ext_oid_filters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 8299 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 8300 | { | |||
| 8301 | /* RFC 8446 Section 4.2.5 | |||
| 8302 | * struct { | |||
| 8303 | * opaque certificate_extension_oid<1..2^8-1>; | |||
| 8304 | * opaque certificate_extension_values<0..2^16-1>; | |||
| 8305 | * } OIDFilter; | |||
| 8306 | * struct { | |||
| 8307 | * OIDFilter filters<0..2^16-1>; | |||
| 8308 | * } OIDFilterExtension; | |||
| 8309 | */ | |||
| 8310 | proto_tree *subtree; | |||
| 8311 | uint32_t filters_length, oid_length, values_length, value_offset; | |||
| 8312 | asn1_ctx_t asn1_ctx; | |||
| 8313 | const char *oid, *name; | |||
| 8314 | ||||
| 8315 | /* OIDFilter filters<0..2^16-1> */ | |||
| 8316 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &filters_length, | |||
| 8317 | hf->hf.hs_ext_psk_ke_modes_length, 0, UINT16_MAX(65535))) { | |||
| 8318 | return offset_end; | |||
| 8319 | } | |||
| 8320 | offset += 2; | |||
| 8321 | offset_end = offset + filters_length; | |||
| 8322 | ||||
| 8323 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
| 8324 | ||||
| 8325 | while (offset < offset_end) { | |||
| 8326 | subtree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
| 8327 | hf->ett.hs_ext_oid_filter, NULL((void*)0), "OID Filter"); | |||
| 8328 | ||||
| 8329 | /* opaque certificate_extension_oid<1..2^8-1> */ | |||
| 8330 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &oid_length, | |||
| 8331 | hf->hf.hs_ext_oid_filters_oid_length, 1, UINT8_MAX(255))) { | |||
| 8332 | return offset_end; | |||
| 8333 | } | |||
| 8334 | offset++; | |||
| 8335 | dissect_ber_object_identifier_str(false0, &asn1_ctx, subtree, tvb, offset, | |||
| 8336 | hf->hf.hs_ext_oid_filters_oid, &oid); | |||
| 8337 | offset += oid_length; | |||
| 8338 | ||||
| 8339 | /* Append OID to tree label */ | |||
| 8340 | name = oid_resolved_from_string(pinfo->pool, oid); | |||
| 8341 | proto_item_append_text(subtree, " (%s)", name ? name : oid); | |||
| 8342 | ||||
| 8343 | /* opaque certificate_extension_values<0..2^16-1> */ | |||
| 8344 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &values_length, | |||
| 8345 | hf->hf.hs_ext_oid_filters_values_length, 0, UINT16_MAX(65535))) { | |||
| 8346 | return offset_end; | |||
| 8347 | } | |||
| 8348 | offset += 2; | |||
| 8349 | proto_item_set_len(subtree, 1 + oid_length + 2 + values_length); | |||
| 8350 | if (values_length > 0) { | |||
| 8351 | value_offset = offset; | |||
| 8352 | value_offset = dissect_ber_identifier(pinfo, subtree, tvb, value_offset, NULL((void*)0), NULL((void*)0), NULL((void*)0)); | |||
| 8353 | value_offset = dissect_ber_length(pinfo, subtree, tvb, value_offset, NULL((void*)0), NULL((void*)0)); | |||
| 8354 | call_ber_oid_callback(oid, tvb, value_offset, pinfo, subtree, NULL((void*)0)); | |||
| 8355 | } | |||
| 8356 | offset += values_length; | |||
| 8357 | } | |||
| 8358 | ||||
| 8359 | return offset; | |||
| 8360 | } | |||
| 8361 | ||||
| 8362 | static int | |||
| 8363 | ssl_dissect_hnd_hello_ext_server_name(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 8364 | packet_info *pinfo, proto_tree *tree, | |||
| 8365 | uint32_t offset, uint32_t offset_end) | |||
| 8366 | { | |||
| 8367 | /* https://tools.ietf.org/html/rfc6066#section-3 | |||
| 8368 | * | |||
| 8369 | * struct { | |||
| 8370 | * NameType name_type; | |||
| 8371 | * select (name_type) { | |||
| 8372 | * case host_name: HostName; | |||
| 8373 | * } name; | |||
| 8374 | * } ServerName; | |||
| 8375 | * | |||
| 8376 | * enum { | |||
| 8377 | * host_name(0), (255) | |||
| 8378 | * } NameType; | |||
| 8379 | * | |||
| 8380 | * opaque HostName<1..2^16-1>; | |||
| 8381 | * | |||
| 8382 | * struct { | |||
| 8383 | * ServerName server_name_list<1..2^16-1> | |||
| 8384 | * } ServerNameList; | |||
| 8385 | */ | |||
| 8386 | proto_tree *server_name_tree; | |||
| 8387 | uint32_t list_length, server_name_length, next_offset; | |||
| 8388 | ||||
| 8389 | /* The server SHALL include "server_name" extension with empty data. */ | |||
| 8390 | if (offset == offset_end) { | |||
| 8391 | return offset; | |||
| 8392 | } | |||
| 8393 | ||||
| 8394 | server_name_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_server_name, NULL((void*)0), "Server Name Indication extension"); | |||
| 8395 | ||||
| 8396 | /* ServerName server_name_list<1..2^16-1> */ | |||
| 8397 | if (!ssl_add_vector(hf, tvb, pinfo, server_name_tree, offset, offset_end, &list_length, | |||
| 8398 | hf->hf.hs_ext_server_name_list_len, 1, UINT16_MAX(65535))) { | |||
| 8399 | return offset_end; | |||
| 8400 | } | |||
| 8401 | offset += 2; | |||
| 8402 | next_offset = offset + list_length; | |||
| 8403 | ||||
| 8404 | while (offset < next_offset) { | |||
| 8405 | uint32_t name_type; | |||
| 8406 | const uint8_t *server_name = NULL((void*)0); | |||
| 8407 | proto_tree_add_item_ret_uint(server_name_tree, hf->hf.hs_ext_server_name_type, | |||
| 8408 | tvb, offset, 1, ENC_NA0x00000000, &name_type); | |||
| 8409 | offset++; | |||
| 8410 | ||||
| 8411 | /* opaque HostName<1..2^16-1> */ | |||
| 8412 | if (!ssl_add_vector(hf, tvb, pinfo, server_name_tree, offset, next_offset, &server_name_length, | |||
| 8413 | hf->hf.hs_ext_server_name_len, 1, UINT16_MAX(65535))) { | |||
| 8414 | return next_offset; | |||
| 8415 | } | |||
| 8416 | offset += 2; | |||
| 8417 | ||||
| 8418 | proto_tree_add_item_ret_string(server_name_tree, hf->hf.hs_ext_server_name, | |||
| 8419 | tvb, offset, server_name_length, ENC_ASCII0x00000000|ENC_NA0x00000000, | |||
| 8420 | pinfo->pool, &server_name); | |||
| 8421 | offset += server_name_length; | |||
| 8422 | // Each type must only occur once, so we don't check for duplicates. | |||
| 8423 | if (name_type == 0) { | |||
| 8424 | proto_item_append_text(tree, " name=%s", server_name); | |||
| 8425 | col_append_fstr(pinfo->cinfo, COL_INFO, " (SNI=%s)", server_name); | |||
| 8426 | ||||
| 8427 | if (gbl_resolv_flags.handshake_sni_addr_resolution) { | |||
| 8428 | // Client Hello: Client (Src) -> Server (Dst) | |||
| 8429 | switch (pinfo->dst.type) { | |||
| 8430 | case AT_IPv4: | |||
| 8431 | if (pinfo->dst.len == sizeof(uint32_t)) { | |||
| 8432 | add_ipv4_name(*(uint32_t *)pinfo->dst.data, server_name, false0); | |||
| 8433 | } | |||
| 8434 | break; | |||
| 8435 | case AT_IPv6: | |||
| 8436 | if (pinfo->dst.len == sizeof(ws_in6_addr)) { | |||
| 8437 | add_ipv6_name(pinfo->dst.data, server_name, false0); | |||
| 8438 | } | |||
| 8439 | break; | |||
| 8440 | } | |||
| 8441 | } | |||
| 8442 | } | |||
| 8443 | } | |||
| 8444 | return offset; | |||
| 8445 | } | |||
| 8446 | ||||
| 8447 | static int | |||
| 8448 | ssl_dissect_hnd_hello_ext_session_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 8449 | proto_tree *tree, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, SslDecryptSession *ssl) | |||
| 8450 | { | |||
| 8451 | unsigned ext_len = offset_end - offset; | |||
| 8452 | if (hnd_type == SSL_HND_CLIENT_HELLO && ssl && ext_len != 0) { | |||
| 8453 | tvb_ensure_bytes_exist(tvb, offset, ext_len); | |||
| 8454 | /* Save the Session Ticket such that it can be used as identifier for | |||
| 8455 | * restoring a previous Master Secret (in ChangeCipherSpec) */ | |||
| 8456 | ssl->session_ticket.data = (unsigned char*)wmem_realloc(wmem_file_scope(), | |||
| 8457 | ssl->session_ticket.data, ext_len); | |||
| 8458 | ssl->session_ticket.data_len = ext_len; | |||
| 8459 | tvb_memcpy(tvb,ssl->session_ticket.data, offset, ext_len); | |||
| 8460 | } | |||
| 8461 | proto_tree_add_item(tree, hf->hf.hs_ext_session_ticket, | |||
| 8462 | tvb, offset, ext_len, ENC_NA0x00000000); | |||
| 8463 | return offset + ext_len; | |||
| 8464 | } | |||
| 8465 | ||||
| 8466 | static int | |||
| 8467 | ssl_dissect_hnd_hello_ext_cert_type(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 8468 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 8469 | uint8_t hnd_type, uint16_t ext_type, SslSession *session) | |||
| 8470 | { | |||
| 8471 | uint8_t cert_list_length; | |||
| 8472 | uint8_t cert_type; | |||
| 8473 | proto_tree *cert_list_tree; | |||
| 8474 | proto_item *ti; | |||
| 8475 | ||||
| 8476 | switch(hnd_type){ | |||
| 8477 | case SSL_HND_CLIENT_HELLO: | |||
| 8478 | cert_list_length = tvb_get_uint8(tvb, offset); | |||
| 8479 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_types_len, | |||
| 8480 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 8481 | offset += 1; | |||
| 8482 | if (offset_end - offset != (uint32_t)cert_list_length) | |||
| 8483 | return offset; | |||
| 8484 | ||||
| 8485 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_cert_types, tvb, offset, | |||
| 8486 | cert_list_length, cert_list_length); | |||
| 8487 | proto_item_append_text(ti, " (%d)", cert_list_length); | |||
| 8488 | ||||
| 8489 | /* make this a subtree */ | |||
| 8490 | cert_list_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_cert_types); | |||
| 8491 | ||||
| 8492 | /* loop over all point formats */ | |||
| 8493 | while (cert_list_length > 0) | |||
| 8494 | { | |||
| 8495 | proto_tree_add_item(cert_list_tree, hf->hf.hs_ext_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 8496 | offset++; | |||
| 8497 | cert_list_length--; | |||
| 8498 | } | |||
| 8499 | break; | |||
| 8500 | case SSL_HND_SERVER_HELLO: | |||
| 8501 | case SSL_HND_ENCRYPTED_EXTENSIONS: | |||
| 8502 | case SSL_HND_CERTIFICATE: | |||
| 8503 | cert_type = tvb_get_uint8(tvb, offset); | |||
| 8504 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 8505 | offset += 1; | |||
| 8506 | if (ext_type == SSL_HND_HELLO_EXT_CERT_TYPE9 || ext_type == SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19) { | |||
| 8507 | session->client_cert_type = cert_type; | |||
| 8508 | } | |||
| 8509 | if (ext_type == SSL_HND_HELLO_EXT_CERT_TYPE9 || ext_type == SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20) { | |||
| 8510 | session->server_cert_type = cert_type; | |||
| 8511 | } | |||
| 8512 | break; | |||
| 8513 | default: /* no default */ | |||
| 8514 | break; | |||
| 8515 | } | |||
| 8516 | ||||
| 8517 | return offset; | |||
| 8518 | } | |||
| 8519 | ||||
| 8520 | static uint32_t | |||
| 8521 | ssl_dissect_hnd_hello_ext_compress_certificate(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 8522 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 8523 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | |||
| 8524 | { | |||
| 8525 | uint32_t compress_certificate_algorithms_length, next_offset; | |||
| 8526 | ||||
| 8527 | /* https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03#section-3.0 | |||
| 8528 | * enum { | |||
| 8529 | * zlib(1), | |||
| 8530 | * brotli(2), | |||
| 8531 | * (65535) | |||
| 8532 | * } CertificateCompressionAlgorithm; | |||
| 8533 | * | |||
| 8534 | * struct { | |||
| 8535 | * CertificateCompressionAlgorithm algorithms<1..2^8-1>; | |||
| 8536 | * } CertificateCompressionAlgorithms; | |||
| 8537 | */ | |||
| 8538 | switch (hnd_type) { | |||
| 8539 | case SSL_HND_CLIENT_HELLO: | |||
| 8540 | case SSL_HND_CERT_REQUEST: | |||
| 8541 | /* CertificateCompressionAlgorithm algorithms<1..2^8-1>;*/ | |||
| 8542 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compress_certificate_algorithms_length, | |||
| 8543 | hf->hf.hs_ext_compress_certificate_algorithms_length, 1, UINT8_MAX(255)-1)) { | |||
| 8544 | return offset_end; | |||
| 8545 | } | |||
| 8546 | offset += 1; | |||
| 8547 | next_offset = offset + compress_certificate_algorithms_length; | |||
| 8548 | ||||
| 8549 | while (offset < next_offset) { | |||
| 8550 | proto_tree_add_item(tree, hf->hf.hs_ext_compress_certificate_algorithm, | |||
| 8551 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 8552 | offset += 2; | |||
| 8553 | } | |||
| 8554 | break; | |||
| 8555 | default: | |||
| 8556 | break; | |||
| 8557 | } | |||
| 8558 | ||||
| 8559 | return offset; | |||
| 8560 | } | |||
| 8561 | ||||
| 8562 | static uint32_t | |||
| 8563 | ssl_dissect_hnd_hello_ext_token_binding(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 8564 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 8565 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | |||
| 8566 | { | |||
| 8567 | uint32_t key_parameters_length, next_offset; | |||
| 8568 | proto_item *p_ti; | |||
| 8569 | proto_tree *p_tree; | |||
| 8570 | ||||
| 8571 | /* RFC 8472 | |||
| 8572 | * | |||
| 8573 | * struct { | |||
| 8574 | * uint8 major; | |||
| 8575 | * uint8 minor; | |||
| 8576 | * } TB_ProtocolVersion; | |||
| 8577 | * | |||
| 8578 | * enum { | |||
| 8579 | * rsa2048_pkcs1.5(0), rsa2048_pss(1), ecdsap256(2), (255) | |||
| 8580 | * } TokenBindingKeyParameters; | |||
| 8581 | * | |||
| 8582 | * struct { | |||
| 8583 | * TB_ProtocolVersion token_binding_version; | |||
| 8584 | * TokenBindingKeyParameters key_parameters_list<1..2^8-1> | |||
| 8585 | * } TokenBindingParameters; | |||
| 8586 | */ | |||
| 8587 | ||||
| 8588 | switch (hnd_type) { | |||
| 8589 | case SSL_HND_CLIENT_HELLO: | |||
| 8590 | case SSL_HND_SERVER_HELLO: | |||
| 8591 | proto_tree_add_item(tree, hf->hf.hs_ext_token_binding_version_major, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 8592 | offset += 1; | |||
| 8593 | proto_tree_add_item(tree, hf->hf.hs_ext_token_binding_version_minor, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 8594 | offset += 1; | |||
| 8595 | ||||
| 8596 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &key_parameters_length, | |||
| 8597 | hf->hf.hs_ext_token_binding_key_parameters_length, 1, UINT8_MAX(255))) { | |||
| 8598 | return offset_end; | |||
| 8599 | } | |||
| 8600 | offset += 1; | |||
| 8601 | next_offset = offset + key_parameters_length; | |||
| 8602 | ||||
| 8603 | p_ti = proto_tree_add_none_format(tree, | |||
| 8604 | hf->hf.hs_ext_token_binding_key_parameters, | |||
| 8605 | tvb, offset, key_parameters_length, | |||
| 8606 | "Key parameters identifiers (%d identifier%s)", | |||
| 8607 | key_parameters_length, | |||
| 8608 | plurality(key_parameters_length, "", "s")((key_parameters_length) == 1 ? ("") : ("s"))); | |||
| 8609 | p_tree = proto_item_add_subtree(p_ti, hf->ett.hs_ext_token_binding_key_parameters); | |||
| 8610 | ||||
| 8611 | while (offset < next_offset) { | |||
| 8612 | proto_tree_add_item(p_tree, hf->hf.hs_ext_token_binding_key_parameter, | |||
| 8613 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 8614 | offset += 1; | |||
| 8615 | } | |||
| 8616 | ||||
| 8617 | if (!ssl_end_vector(hf, tvb, pinfo, p_tree, offset, next_offset)) { | |||
| 8618 | offset = next_offset; | |||
| 8619 | } | |||
| 8620 | ||||
| 8621 | break; | |||
| 8622 | default: | |||
| 8623 | break; | |||
| 8624 | } | |||
| 8625 | ||||
| 8626 | return offset; | |||
| 8627 | } | |||
| 8628 | ||||
| 8629 | static uint32_t | |||
| 8630 | ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 8631 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 8632 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | |||
| 8633 | { | |||
| 8634 | bool_Bool use_varint_encoding = true1; // Whether this is draft -27 or newer. | |||
| 8635 | uint32_t next_offset; | |||
| 8636 | ||||
| 8637 | /* https://tools.ietf.org/html/draft-ietf-quic-transport-25#section-18 | |||
| 8638 | * | |||
| 8639 | * Note: the following structures are not literally defined in the spec, | |||
| 8640 | * they instead use an ASCII diagram. | |||
| 8641 | * | |||
| 8642 | * struct { | |||
| 8643 | * uint16 id; | |||
| 8644 | * opaque value<0..2^16-1>; | |||
| 8645 | * } TransportParameter; // before draft -27 | |||
| 8646 | * TransportParameter TransportParameters<0..2^16-1>; // before draft -27 | |||
| 8647 | * | |||
| 8648 | * struct { | |||
| 8649 | * opaque ipv4Address[4]; | |||
| 8650 | * uint16 ipv4Port; | |||
| 8651 | * opaque ipv6Address[16]; | |||
| 8652 | * uint16 ipv6Port; | |||
| 8653 | * opaque connectionId<0..18>; | |||
| 8654 | * opaque statelessResetToken[16]; | |||
| 8655 | * } PreferredAddress; | |||
| 8656 | */ | |||
| 8657 | ||||
| 8658 | if (offset_end - offset >= 6 && | |||
| 8659 | 2 + (unsigned)tvb_get_ntohs(tvb, offset) == offset_end - offset && | |||
| 8660 | 6 + (unsigned)tvb_get_ntohs(tvb, offset + 4) <= offset_end - offset) { | |||
| 8661 | // Assume encoding of Transport Parameters draft -26 or older with at | |||
| 8662 | // least one transport parameter that has a valid length. | |||
| 8663 | use_varint_encoding = false0; | |||
| 8664 | } | |||
| 8665 | ||||
| 8666 | if (use_varint_encoding) { | |||
| 8667 | next_offset = offset_end; | |||
| 8668 | } else { | |||
| 8669 | uint32_t quic_length; | |||
| 8670 | // Assume draft -26 or earlier. | |||
| 8671 | /* TransportParameter TransportParameters<0..2^16-1>; */ | |||
| 8672 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &quic_length, | |||
| 8673 | hf->hf.hs_ext_quictp_len, 0, UINT16_MAX(65535))) { | |||
| 8674 | return offset_end; | |||
| 8675 | } | |||
| 8676 | offset += 2; | |||
| 8677 | next_offset = offset + quic_length; | |||
| 8678 | } | |||
| 8679 | ||||
| 8680 | while (offset < next_offset) { | |||
| 8681 | uint64_t parameter_type; /* 62-bit space */ | |||
| 8682 | uint32_t parameter_length; | |||
| 8683 | proto_tree *parameter_tree; | |||
| 8684 | uint32_t parameter_end_offset; | |||
| 8685 | uint64_t value; | |||
| 8686 | uint32_t len = 0, i; | |||
| 8687 | ||||
| 8688 | parameter_tree = proto_tree_add_subtree(tree, tvb, offset, 2, hf->ett.hs_ext_quictp_parameter, | |||
| 8689 | NULL((void*)0), "Parameter"); | |||
| 8690 | /* TransportParameter ID and Length. */ | |||
| 8691 | if (use_varint_encoding) { | |||
| 8692 | uint64_t parameter_length64; | |||
| 8693 | uint32_t type_len = 0; | |||
| 8694 | ||||
| 8695 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_type, | |||
| 8696 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, ¶meter_type, &type_len); | |||
| 8697 | offset += type_len; | |||
| 8698 | ||||
| 8699 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_len, | |||
| 8700 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, ¶meter_length64, &len); | |||
| 8701 | parameter_length = (uint32_t)parameter_length64; | |||
| 8702 | offset += len; | |||
| 8703 | ||||
| 8704 | proto_item_set_len(parameter_tree, type_len + len + parameter_length); | |||
| 8705 | } else { | |||
| 8706 | parameter_type = tvb_get_ntohs(tvb, offset); | |||
| 8707 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_type, | |||
| 8708 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 8709 | offset += 2; | |||
| 8710 | ||||
| 8711 | /* opaque value<0..2^16-1> */ | |||
| 8712 | if (!ssl_add_vector(hf, tvb, pinfo, parameter_tree, offset, next_offset, ¶meter_length, | |||
| 8713 | hf->hf.hs_ext_quictp_parameter_len_old, 0, UINT16_MAX(65535))) { | |||
| 8714 | return next_offset; | |||
| 8715 | } | |||
| 8716 | offset += 2; | |||
| 8717 | ||||
| 8718 | proto_item_set_len(parameter_tree, 4 + parameter_length); | |||
| 8719 | } | |||
| 8720 | ||||
| 8721 | if (IS_GREASE_QUIC(parameter_type)((parameter_type) > 27 ? ((((parameter_type) - 27) % 31) == 0) : 0)) { | |||
| 8722 | proto_item_append_text(parameter_tree, ": GREASE"); | |||
| 8723 | } else { | |||
| 8724 | proto_item_append_text(parameter_tree, ": %s", val64_to_str(parameter_type, quic_transport_parameter_id, "Unknown 0x%04x")); | |||
| 8725 | } | |||
| 8726 | ||||
| 8727 | proto_item_append_text(parameter_tree, " (len=%u)", parameter_length); | |||
| 8728 | parameter_end_offset = offset + parameter_length; | |||
| 8729 | ||||
| 8730 | /* Omit the value field if the parameter's length is 0. */ | |||
| 8731 | if (parameter_length != 0) { | |||
| 8732 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_value, | |||
| 8733 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
| 8734 | } | |||
| 8735 | ||||
| 8736 | switch (parameter_type) { | |||
| 8737 | case SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID0x00: | |||
| 8738 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_original_destination_connection_id, | |||
| 8739 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
| 8740 | offset += parameter_length; | |||
| 8741 | break; | |||
| 8742 | case SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT0x01: | |||
| 8743 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_idle_timeout, | |||
| 8744 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8745 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u" " ms", value); | |||
| 8746 | offset += len; | |||
| 8747 | break; | |||
| 8748 | case SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN0x02: | |||
| 8749 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_stateless_reset_token, | |||
| 8750 | tvb, offset, 16, ENC_BIG_ENDIAN0x00000000); | |||
| 8751 | quic_add_stateless_reset_token(pinfo, tvb, offset, NULL((void*)0)); | |||
| 8752 | offset += 16; | |||
| 8753 | break; | |||
| 8754 | case SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE0x03: | |||
| 8755 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_udp_payload_size, | |||
| 8756 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8757 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8758 | /*TODO display expert info about invalid value (< 1252 or >65527) ? */ | |||
| 8759 | offset += len; | |||
| 8760 | break; | |||
| 8761 | case SSL_HND_QUIC_TP_INITIAL_MAX_DATA0x04: | |||
| 8762 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_data, | |||
| 8763 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8764 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8765 | offset += len; | |||
| 8766 | break; | |||
| 8767 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL0x05: | |||
| 8768 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_local, | |||
| 8769 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8770 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8771 | offset += len; | |||
| 8772 | break; | |||
| 8773 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE0x06: | |||
| 8774 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote, | |||
| 8775 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8776 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8777 | offset += len; | |||
| 8778 | break; | |||
| 8779 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI0x07: | |||
| 8780 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_uni, | |||
| 8781 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8782 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8783 | offset += len; | |||
| 8784 | break; | |||
| 8785 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI0x09: | |||
| 8786 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_streams_uni, | |||
| 8787 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8788 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8789 | offset += len; | |||
| 8790 | break; | |||
| 8791 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI0x08: | |||
| 8792 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_streams_bidi, | |||
| 8793 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8794 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8795 | offset += len; | |||
| 8796 | break; | |||
| 8797 | case SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT0x0a: | |||
| 8798 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_ack_delay_exponent, | |||
| 8799 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, NULL((void*)0), &len); | |||
| 8800 | /*TODO display multiplier (x8) and expert info about invalid value (> 20) ? */ | |||
| 8801 | offset += len; | |||
| 8802 | break; | |||
| 8803 | case SSL_HND_QUIC_TP_MAX_ACK_DELAY0x0b: | |||
| 8804 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_ack_delay, | |||
| 8805 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8806 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8807 | offset += len; | |||
| 8808 | break; | |||
| 8809 | case SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION0x0c: | |||
| 8810 | /* No Payload */ | |||
| 8811 | break; | |||
| 8812 | case SSL_HND_QUIC_TP_PREFERRED_ADDRESS0x0d: { | |||
| 8813 | uint32_t connectionid_length; | |||
| 8814 | quic_cid_t cid; | |||
| 8815 | ||||
| 8816 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4address, | |||
| 8817 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
| 8818 | offset += 4; | |||
| 8819 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4port, | |||
| 8820 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 8821 | offset += 2; | |||
| 8822 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6address, | |||
| 8823 | tvb, offset, 16, ENC_NA0x00000000); | |||
| 8824 | offset += 16; | |||
| 8825 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6port, | |||
| 8826 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 8827 | offset += 2; | |||
| 8828 | /* XXX - Should we add these addresses and ports as addresses that the client | |||
| 8829 | * is allowed / expected to migrate the server address to? Right now we don't | |||
| 8830 | * enforce that (see RFC 9000 Section 9, which implies that while the client | |||
| 8831 | * can migrate to whatever address it wants, it can only migrate the server | |||
| 8832 | * address to the Server's Preferred Address as in 9.6. Also Issue #20165.) | |||
| 8833 | */ | |||
| 8834 | ||||
| 8835 | if (!ssl_add_vector(hf, tvb, pinfo, parameter_tree, offset, offset_end, &connectionid_length, | |||
| 8836 | hf->hf.hs_ext_quictp_parameter_pa_connectionid_length, 0, 20)) { | |||
| 8837 | break; | |||
| 8838 | } | |||
| 8839 | offset += 1; | |||
| 8840 | ||||
| 8841 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_connectionid, | |||
| 8842 | tvb, offset, connectionid_length, ENC_NA0x00000000); | |||
| 8843 | if (connectionid_length >= 1 && connectionid_length <= QUIC_MAX_CID_LENGTH20) { | |||
| 8844 | cid.len = connectionid_length; | |||
| 8845 | // RFC 9000 5.1.1 "If the preferred_address transport | |||
| 8846 | // parameter is sent, the sequence number of the supplied | |||
| 8847 | // connection ID is 1." | |||
| 8848 | cid.seq_num = 1; | |||
| 8849 | // Multipath draft-07 "Also, the Path Identifier for the | |||
| 8850 | // connection ID specified in the "preferred address" | |||
| 8851 | // transport parameter is 0." | |||
| 8852 | cid.path_id = 0; | |||
| 8853 | tvb_memcpy(tvb, cid.cid, offset, connectionid_length); | |||
| 8854 | quic_add_connection(pinfo, &cid); | |||
| 8855 | } | |||
| 8856 | offset += connectionid_length; | |||
| 8857 | ||||
| 8858 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_statelessresettoken, | |||
| 8859 | tvb, offset, 16, ENC_NA0x00000000); | |||
| 8860 | if (connectionid_length >= 1 && connectionid_length <= QUIC_MAX_CID_LENGTH20) { | |||
| 8861 | quic_add_stateless_reset_token(pinfo, tvb, offset, &cid); | |||
| 8862 | } | |||
| 8863 | offset += 16; | |||
| 8864 | } | |||
| 8865 | break; | |||
| 8866 | case SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT0x0e: | |||
| 8867 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_active_connection_id_limit, | |||
| 8868 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8869 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8870 | offset += len; | |||
| 8871 | break; | |||
| 8872 | case SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID0x0f: | |||
| 8873 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_source_connection_id, | |||
| 8874 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
| 8875 | offset += parameter_length; | |||
| 8876 | break; | |||
| 8877 | case SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID0x10: | |||
| 8878 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_retry_source_connection_id, | |||
| 8879 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
| 8880 | offset += parameter_length; | |||
| 8881 | break; | |||
| 8882 | case SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE0x20: | |||
| 8883 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_datagram_frame_size, | |||
| 8884 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8885 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8886 | offset += len; | |||
| 8887 | break; | |||
| 8888 | case SSL_HND_QUIC_TP_CIBIR_ENCODING0x1000: | |||
| 8889 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_cibir_encoding_length, | |||
| 8890 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8891 | proto_item_append_text(parameter_tree, " Length: %" PRIu64"l" "u", value); | |||
| 8892 | offset += len; | |||
| 8893 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_cibir_encoding_offset, | |||
| 8894 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8895 | proto_item_append_text(parameter_tree, ", Offset: %" PRIu64"l" "u", value); | |||
| 8896 | offset += len; | |||
| 8897 | break; | |||
| 8898 | case SSL_HND_QUIC_TP_LOSS_BITS0x1057: | |||
| 8899 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_loss_bits, | |||
| 8900 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8901 | if (len > 0) { | |||
| 8902 | quic_add_loss_bits(pinfo, value); | |||
| 8903 | } | |||
| 8904 | offset += 1; | |||
| 8905 | break; | |||
| 8906 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD0xde1a: | |||
| 8907 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V10xFF03DE1A: | |||
| 8908 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT050xff04de1a: | |||
| 8909 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY0xff04de1b: | |||
| 8910 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_min_ack_delay, | |||
| 8911 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8912 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
| 8913 | offset += len; | |||
| 8914 | break; | |||
| 8915 | case SSL_HND_QUIC_TP_GOOGLE_USER_AGENT0x3129: | |||
| 8916 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_user_agent_id, | |||
| 8917 | tvb, offset, parameter_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
| 8918 | offset += parameter_length; | |||
| 8919 | break; | |||
| 8920 | case SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED0x312B: | |||
| 8921 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_key_update_not_yet_supported, | |||
| 8922 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
| 8923 | offset += parameter_length; | |||
| 8924 | break; | |||
| 8925 | case SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION0x4752: | |||
| 8926 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_version, | |||
| 8927 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
| 8928 | offset += 4; | |||
| 8929 | if (hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS) { /* From server */ | |||
| 8930 | uint32_t versions_length; | |||
| 8931 | ||||
| 8932 | proto_tree_add_item_ret_uint(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_supported_versions_length, | |||
| 8933 | tvb, offset, 1, ENC_NA0x00000000, &versions_length); | |||
| 8934 | offset += 1; | |||
| 8935 | for (i = 0; i < versions_length / 4; i++) { | |||
| 8936 | quic_proto_tree_add_version(tvb, parameter_tree, | |||
| 8937 | hf->hf.hs_ext_quictp_parameter_google_supported_version, offset); | |||
| 8938 | offset += 4; | |||
| 8939 | } | |||
| 8940 | } | |||
| 8941 | break; | |||
| 8942 | case SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT0x3127: | |||
| 8943 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_initial_rtt, | |||
| 8944 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8945 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u" " us", value); | |||
| 8946 | offset += len; | |||
| 8947 | break; | |||
| 8948 | case SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE0x312A: | |||
| 8949 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_support_handshake_done, | |||
| 8950 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
| 8951 | offset += parameter_length; | |||
| 8952 | break; | |||
| 8953 | case SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS0x4751: | |||
| 8954 | /* This field was used for non-standard Google-specific parameters encoded as a | |||
| 8955 | * Google QUIC_CRYPTO CHLO and it has been replaced (version >= T051) by individual | |||
| 8956 | * parameters. Report it as a bytes blob... */ | |||
| 8957 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_params, | |||
| 8958 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
| 8959 | /* ... and try decoding it: not sure what the first 4 bytes are (but they seems to be always 0) */ | |||
| 8960 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_params_unknown_field, | |||
| 8961 | tvb, offset, 4, ENC_NA0x00000000); | |||
| 8962 | dissect_gquic_tags(tvb, pinfo, parameter_tree, offset + 4); | |||
| 8963 | offset += parameter_length; | |||
| 8964 | break; | |||
| 8965 | case SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS0x3128: | |||
| 8966 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_connection_options, | |||
| 8967 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
| 8968 | offset += parameter_length; | |||
| 8969 | break; | |||
| 8970 | case SSL_HND_QUIC_TP_ENABLE_TIME_STAMP0x7157: | |||
| 8971 | /* No Payload */ | |||
| 8972 | break; | |||
| 8973 | case SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V20x7158: | |||
| 8974 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_enable_time_stamp_v2, | |||
| 8975 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8976 | offset += parameter_length; | |||
| 8977 | break; | |||
| 8978 | case SSL_HND_QUIC_TP_VERSION_INFORMATION_DRAFT0xff73db: | |||
| 8979 | case SSL_HND_QUIC_TP_VERSION_INFORMATION0x11: | |||
| 8980 | quic_proto_tree_add_version(tvb, parameter_tree, | |||
| 8981 | hf->hf.hs_ext_quictp_parameter_chosen_version, offset); | |||
| 8982 | offset += 4; | |||
| 8983 | for (i = 4; i < parameter_length; i += 4) { | |||
| 8984 | quic_proto_tree_add_version(tvb, parameter_tree, | |||
| 8985 | hf->hf.hs_ext_quictp_parameter_other_version, offset); | |||
| 8986 | offset += 4; | |||
| 8987 | } | |||
| 8988 | break; | |||
| 8989 | case SSL_HND_QUIC_TP_GREASE_QUIC_BIT0x2ab2: | |||
| 8990 | /* No Payload */ | |||
| 8991 | quic_add_grease_quic_bit(pinfo); | |||
| 8992 | break; | |||
| 8993 | case SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY0xFF00: | |||
| 8994 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_facebook_partial_reliability, | |||
| 8995 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 8996 | offset += parameter_length; | |||
| 8997 | break; | |||
| 8998 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT040x0f739bbc1b666d04: | |||
| 8999 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_enable_multipath, | |||
| 9000 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 9001 | if (value == 1) { | |||
| 9002 | quic_add_multipath(pinfo, QUIC_MP_NO_PATH_ID1); | |||
| 9003 | } | |||
| 9004 | offset += parameter_length; | |||
| 9005 | break; | |||
| 9006 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT050x0f739bbc1b666d05: | |||
| 9007 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH0x0f739bbc1b666d06: | |||
| 9008 | /* No Payload */ | |||
| 9009 | quic_add_multipath(pinfo, QUIC_MP_NO_PATH_ID1); | |||
| 9010 | break; | |||
| 9011 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATHS0x0f739bbc1b666d07: | |||
| 9012 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_paths, | |||
| 9013 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 9014 | if (value > 1) { | |||
| 9015 | quic_add_multipath(pinfo, QUIC_MP_PATH_ID2); | |||
| 9016 | } | |||
| 9017 | /* multipath draft-07: "The value of the initial_max_paths | |||
| 9018 | * parameter MUST be at least 2." TODO: Expert Info? */ | |||
| 9019 | offset += parameter_length; | |||
| 9020 | break; | |||
| 9021 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT090x0f739bbc1b666d09: | |||
| 9022 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT110x0f739bbc1b666d11: | |||
| 9023 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT120x0f739bbc1b666d0c: | |||
| 9024 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID0x0f739bbc1b666d0d: | |||
| 9025 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_path_id, | |||
| 9026 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
| 9027 | /* multipath draft-09 and later: "If an endpoint receives an | |||
| 9028 | * initial_max_path_id transport parameter with value 0, the | |||
| 9029 | * peer aims to enable the multipath extension without allowing | |||
| 9030 | * extra paths immediately." | |||
| 9031 | */ | |||
| 9032 | quic_add_multipath(pinfo, QUIC_MP_PATH_ID2); | |||
| 9033 | offset += parameter_length; | |||
| 9034 | break; | |||
| 9035 | default: | |||
| 9036 | offset += parameter_length; | |||
| 9037 | /*TODO display expert info about unknown ? */ | |||
| 9038 | break; | |||
| 9039 | } | |||
| 9040 | ||||
| 9041 | if (!ssl_end_vector(hf, tvb, pinfo, parameter_tree, offset, parameter_end_offset)) { | |||
| 9042 | /* Dissection did not end at expected location, fix it. */ | |||
| 9043 | offset = parameter_end_offset; | |||
| 9044 | } | |||
| 9045 | } | |||
| 9046 | ||||
| 9047 | return offset; | |||
| 9048 | } | |||
| 9049 | ||||
| 9050 | static int | |||
| 9051 | ssl_dissect_hnd_hello_common(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 9052 | proto_tree *tree, uint32_t offset, | |||
| 9053 | SslSession *session, SslDecryptSession *ssl, | |||
| 9054 | bool_Bool from_server, bool_Bool is_hrr) | |||
| 9055 | { | |||
| 9056 | uint8_t sessid_length; | |||
| 9057 | proto_item *ti; | |||
| 9058 | proto_tree *rnd_tree; | |||
| 9059 | proto_tree *ti_rnd; | |||
| 9060 | proto_tree *ech_confirm_tree; | |||
| 9061 | uint8_t draft_version = session->tls13_draft_version; | |||
| 9062 | ||||
| 9063 | if (ssl) { | |||
| 9064 | StringInfo *rnd; | |||
| 9065 | if (from_server) | |||
| 9066 | rnd = &ssl->server_random; | |||
| 9067 | else | |||
| 9068 | rnd = &ssl->client_random; | |||
| 9069 | ||||
| 9070 | /* save provided random for later keyring generation */ | |||
| 9071 | tvb_memcpy(tvb, rnd->data, offset, 32); | |||
| 9072 | rnd->data_len = 32; | |||
| 9073 | if (from_server) | |||
| 9074 | ssl->state |= SSL_SERVER_RANDOM(1<<1); | |||
| 9075 | else | |||
| 9076 | ssl->state |= SSL_CLIENT_RANDOM(1<<0); | |||
| 9077 | ssl_debug_printf("%s found %s RANDOM -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), | |||
| 9078 | from_server ? "SERVER" : "CLIENT", ssl->state); | |||
| 9079 | } | |||
| 9080 | ||||
| 9081 | if (!from_server && session->client_random.data_len == 0) { | |||
| 9082 | session->client_random.data_len = 32; | |||
| 9083 | tvb_memcpy(tvb, session->client_random.data, offset, 32); | |||
| 9084 | } | |||
| 9085 | ||||
| 9086 | ti_rnd = proto_tree_add_item(tree, hf->hf.hs_random, tvb, offset, 32, ENC_NA0x00000000); | |||
| 9087 | ||||
| 9088 | if ((session->version != TLSV1DOT3_VERSION0x304) && (session->version != DTLSV1DOT3_VERSION0xfefc)) { /* No time on first bytes random with TLS 1.3 */ | |||
| 9089 | ||||
| 9090 | rnd_tree = proto_item_add_subtree(ti_rnd, hf->ett.hs_random); | |||
| 9091 | /* show the time */ | |||
| 9092 | proto_tree_add_item(rnd_tree, hf->hf.hs_random_time, | |||
| 9093 | tvb, offset, 4, ENC_TIME_SECS0x00000012|ENC_BIG_ENDIAN0x00000000); | |||
| 9094 | offset += 4; | |||
| 9095 | ||||
| 9096 | /* show the random bytes */ | |||
| 9097 | proto_tree_add_item(rnd_tree, hf->hf.hs_random_bytes, | |||
| 9098 | tvb, offset, 28, ENC_NA0x00000000); | |||
| 9099 | offset += 28; | |||
| 9100 | } else { | |||
| 9101 | if (is_hrr) { | |||
| 9102 | proto_item_append_text(ti_rnd, " (HelloRetryRequest magic)"); | |||
| 9103 | } else if (from_server && session->ech) { | |||
| 9104 | ech_confirm_tree = proto_item_add_subtree(ti_rnd, hf->ett.hs_random); | |||
| 9105 | proto_tree_add_item(ech_confirm_tree, hf->hf.hs_ech_confirm, tvb, offset + 24, 8, ENC_NA0x00000000); | |||
| 9106 | ti = proto_tree_add_bytes_with_length(ech_confirm_tree, hf->hf.hs_ech_confirm_compute, tvb, offset + 24, 0, | |||
| 9107 | session->ech_confirmation, 8); | |||
| 9108 | proto_item_set_generated(ti); | |||
| 9109 | if (memcmp(session->ech_confirmation, tvb_get_ptr(tvb, offset+24, 8), 8)) { | |||
| 9110 | expert_add_info(pinfo, ti, &hf->ei.ech_rejected); | |||
| 9111 | } else { | |||
| 9112 | expert_add_info(pinfo, ti, &hf->ei.ech_accepted); | |||
| 9113 | } | |||
| 9114 | } | |||
| 9115 | ||||
| 9116 | offset += 32; | |||
| 9117 | } | |||
| 9118 | ||||
| 9119 | /* No Session ID with TLS 1.3 on Server Hello before draft -22 */ | |||
| 9120 | if (from_server == 0 || !(session->version == TLSV1DOT3_VERSION0x304 && draft_version > 0 && draft_version < 22)) { | |||
| 9121 | /* show the session id (length followed by actual Session ID) */ | |||
| 9122 | sessid_length = tvb_get_uint8(tvb, offset); | |||
| 9123 | proto_tree_add_item(tree, hf->hf.hs_session_id_len, | |||
| 9124 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 9125 | offset++; | |||
| 9126 | ||||
| 9127 | if (ssl) { | |||
| 9128 | /* save the authoritative SID for later use in ChangeCipherSpec. | |||
| 9129 | * (D)TLS restricts the SID to 32 chars, it does not make sense to | |||
| 9130 | * save more, so ignore larger ones. */ | |||
| 9131 | if (from_server && sessid_length <= 32) { | |||
| 9132 | tvb_memcpy(tvb, ssl->session_id.data, offset, sessid_length); | |||
| 9133 | ssl->session_id.data_len = sessid_length; | |||
| 9134 | } | |||
| 9135 | } | |||
| 9136 | if (sessid_length > 0) { | |||
| 9137 | proto_tree_add_item(tree, hf->hf.hs_session_id, | |||
| 9138 | tvb, offset, sessid_length, ENC_NA0x00000000); | |||
| 9139 | offset += sessid_length; | |||
| 9140 | } | |||
| 9141 | } | |||
| 9142 | ||||
| 9143 | return offset; | |||
| 9144 | } | |||
| 9145 | ||||
| 9146 | static int | |||
| 9147 | ssl_dissect_hnd_hello_ext_status_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 9148 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 9149 | bool_Bool has_length) | |||
| 9150 | { | |||
| 9151 | /* TLS 1.2/1.3 status_request Client Hello Extension. | |||
| 9152 | * TLS 1.2 status_request_v2 CertificateStatusRequestItemV2 type. | |||
| 9153 | * https://tools.ietf.org/html/rfc6066#section-8 (status_request) | |||
| 9154 | * https://tools.ietf.org/html/rfc6961#section-2.2 (status_request_v2) | |||
| 9155 | * struct { | |||
| 9156 | * CertificateStatusType status_type; | |||
| 9157 | * uint16 request_length; // for status_request_v2 | |||
| 9158 | * select (status_type) { | |||
| 9159 | * case ocsp: OCSPStatusRequest; | |||
| 9160 | * case ocsp_multi: OCSPStatusRequest; | |||
| 9161 | * } request; | |||
| 9162 | * } CertificateStatusRequest; // CertificateStatusRequestItemV2 | |||
| 9163 | * | |||
| 9164 | * enum { ocsp(1), ocsp_multi(2), (255) } CertificateStatusType; | |||
| 9165 | * struct { | |||
| 9166 | * ResponderID responder_id_list<0..2^16-1>; | |||
| 9167 | * Extensions request_extensions; | |||
| 9168 | * } OCSPStatusRequest; | |||
| 9169 | * opaque ResponderID<1..2^16-1>; | |||
| 9170 | * opaque Extensions<0..2^16-1>; | |||
| 9171 | */ | |||
| 9172 | unsigned cert_status_type; | |||
| 9173 | ||||
| 9174 | cert_status_type = tvb_get_uint8(tvb, offset); | |||
| 9175 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_status_type, | |||
| 9176 | tvb, offset, 1, ENC_NA0x00000000); | |||
| 9177 | offset++; | |||
| 9178 | ||||
| 9179 | if (has_length) { | |||
| 9180 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_status_request_len, | |||
| 9181 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 9182 | offset += 2; | |||
| 9183 | } | |||
| 9184 | ||||
| 9185 | switch (cert_status_type) { | |||
| 9186 | case SSL_HND_CERT_STATUS_TYPE_OCSP1: | |||
| 9187 | case SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2: | |||
| 9188 | { | |||
| 9189 | uint32_t responder_id_list_len; | |||
| 9190 | uint32_t request_extensions_len; | |||
| 9191 | ||||
| 9192 | /* ResponderID responder_id_list<0..2^16-1> */ | |||
| 9193 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &responder_id_list_len, | |||
| 9194 | hf->hf.hs_ext_cert_status_responder_id_list_len, 0, UINT16_MAX(65535))) { | |||
| 9195 | return offset_end; | |||
| 9196 | } | |||
| 9197 | offset += 2; | |||
| 9198 | if (responder_id_list_len != 0) { | |||
| 9199 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.hs_ext_cert_status_undecoded, | |||
| 9200 | tvb, offset, responder_id_list_len, | |||
| 9201 | "Responder ID list is not implemented, contact Wireshark" | |||
| 9202 | " developers if you want this to be supported"); | |||
| 9203 | } | |||
| 9204 | offset += responder_id_list_len; | |||
| 9205 | ||||
| 9206 | /* opaque Extensions<0..2^16-1> */ | |||
| 9207 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &request_extensions_len, | |||
| 9208 | hf->hf.hs_ext_cert_status_request_extensions_len, 0, UINT16_MAX(65535))) { | |||
| 9209 | return offset_end; | |||
| 9210 | } | |||
| 9211 | offset += 2; | |||
| 9212 | if (request_extensions_len != 0) { | |||
| 9213 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.hs_ext_cert_status_undecoded, | |||
| 9214 | tvb, offset, request_extensions_len, | |||
| 9215 | "Request Extensions are not implemented, contact" | |||
| 9216 | " Wireshark developers if you want this to be supported"); | |||
| 9217 | } | |||
| 9218 | offset += request_extensions_len; | |||
| 9219 | break; | |||
| 9220 | } | |||
| 9221 | } | |||
| 9222 | ||||
| 9223 | return offset; | |||
| 9224 | } | |||
| 9225 | ||||
| 9226 | static unsigned | |||
| 9227 | ssl_dissect_hnd_hello_ext_status_request_v2(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 9228 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 9229 | { | |||
| 9230 | /* https://tools.ietf.org/html/rfc6961#section-2.2 | |||
| 9231 | * struct { | |||
| 9232 | * CertificateStatusRequestItemV2 certificate_status_req_list<1..2^16-1>; | |||
| 9233 | * } CertificateStatusRequestListV2; | |||
| 9234 | */ | |||
| 9235 | uint32_t req_list_length, next_offset; | |||
| 9236 | ||||
| 9237 | /* CertificateStatusRequestItemV2 certificate_status_req_list<1..2^16-1> */ | |||
| 9238 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &req_list_length, | |||
| 9239 | hf->hf.hs_ext_cert_status_request_list_len, 1, UINT16_MAX(65535))) { | |||
| 9240 | return offset_end; | |||
| 9241 | } | |||
| 9242 | offset += 2; | |||
| 9243 | next_offset = offset + req_list_length; | |||
| 9244 | ||||
| 9245 | while (offset < next_offset) { | |||
| 9246 | offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, pinfo, tree, offset, next_offset, true1); | |||
| 9247 | } | |||
| 9248 | ||||
| 9249 | return offset; | |||
| 9250 | } | |||
| 9251 | ||||
| 9252 | static uint32_t | |||
| 9253 | tls_dissect_ocsp_response(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
| 9254 | uint32_t offset, uint32_t offset_end) | |||
| 9255 | { | |||
| 9256 | uint32_t response_length; | |||
| 9257 | proto_item *ocsp_resp; | |||
| 9258 | proto_tree *ocsp_resp_tree; | |||
| 9259 | asn1_ctx_t asn1_ctx; | |||
| 9260 | ||||
| 9261 | /* opaque OCSPResponse<1..2^24-1>; */ | |||
| 9262 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &response_length, | |||
| 9263 | hf->hf.hs_ocsp_response_len, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
| 9264 | return offset_end; | |||
| 9265 | } | |||
| 9266 | offset += 3; | |||
| 9267 | ||||
| 9268 | ocsp_resp = proto_tree_add_item(tree, proto_ocsp, tvb, offset, | |||
| 9269 | response_length, ENC_BIG_ENDIAN0x00000000); | |||
| 9270 | proto_item_set_text(ocsp_resp, "OCSP Response"); | |||
| 9271 | ocsp_resp_tree = proto_item_add_subtree(ocsp_resp, hf->ett.ocsp_response); | |||
| 9272 | if (proto_is_protocol_enabled(find_protocol_by_id(proto_ocsp))) { | |||
| 9273 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
| 9274 | dissect_ocsp_OCSPResponse(false0, tvb, offset, &asn1_ctx, ocsp_resp_tree, -1); | |||
| 9275 | } | |||
| 9276 | offset += response_length; | |||
| 9277 | ||||
| 9278 | return offset; | |||
| 9279 | } | |||
| 9280 | ||||
| 9281 | uint32_t | |||
| 9282 | tls_dissect_hnd_certificate_status(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 9283 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 9284 | { | |||
| 9285 | /* TLS 1.2 "CertificateStatus" handshake message. | |||
| 9286 | * TLS 1.3 "status_request" Certificate extension. | |||
| 9287 | * struct { | |||
| 9288 | * CertificateStatusType status_type; | |||
| 9289 | * select (status_type) { | |||
| 9290 | * case ocsp: OCSPResponse; | |||
| 9291 | * case ocsp_multi: OCSPResponseList; // status_request_v2 | |||
| 9292 | * } response; | |||
| 9293 | * } CertificateStatus; | |||
| 9294 | * opaque OCSPResponse<1..2^24-1>; | |||
| 9295 | * struct { | |||
| 9296 | * OCSPResponse ocsp_response_list<1..2^24-1>; | |||
| 9297 | * } OCSPResponseList; // status_request_v2 | |||
| 9298 | */ | |||
| 9299 | uint32_t status_type, resp_list_length, next_offset; | |||
| 9300 | ||||
| 9301 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_cert_status_type, | |||
| 9302 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &status_type); | |||
| 9303 | offset += 1; | |||
| 9304 | ||||
| 9305 | switch (status_type) { | |||
| 9306 | case SSL_HND_CERT_STATUS_TYPE_OCSP1: | |||
| 9307 | offset = tls_dissect_ocsp_response(hf, tvb, pinfo, tree, offset, offset_end); | |||
| 9308 | break; | |||
| 9309 | ||||
| 9310 | case SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2: | |||
| 9311 | /* OCSPResponse ocsp_response_list<1..2^24-1> */ | |||
| 9312 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &resp_list_length, | |||
| 9313 | hf->hf.hs_ocsp_response_list_len, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
| 9314 | return offset_end; | |||
| 9315 | } | |||
| 9316 | offset += 3; | |||
| 9317 | next_offset = offset + resp_list_length; | |||
| 9318 | ||||
| 9319 | while (offset < next_offset) { | |||
| 9320 | offset = tls_dissect_ocsp_response(hf, tvb, pinfo, tree, offset, next_offset); | |||
| 9321 | } | |||
| 9322 | break; | |||
| 9323 | } | |||
| 9324 | ||||
| 9325 | return offset; | |||
| 9326 | } | |||
| 9327 | ||||
| 9328 | static unsigned | |||
| 9329 | ssl_dissect_hnd_hello_ext_supported_groups(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 9330 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 9331 | wmem_strbuf_t *ja3) | |||
| 9332 | { | |||
| 9333 | /* RFC 8446 Section 4.2.7 | |||
| 9334 | * enum { ..., (0xFFFF) } NamedGroup; | |||
| 9335 | * struct { | |||
| 9336 | * NamedGroup named_group_list<2..2^16-1> | |||
| 9337 | * } NamedGroupList; | |||
| 9338 | * | |||
| 9339 | * NOTE: "NamedCurve" (RFC 4492) is renamed to "NamedGroup" (RFC 7919) and | |||
| 9340 | * the extension itself from "elliptic_curves" to "supported_groups". | |||
| 9341 | */ | |||
| 9342 | uint32_t groups_length, next_offset; | |||
| 9343 | proto_tree *groups_tree; | |||
| 9344 | proto_item *ti; | |||
| 9345 | char *ja3_dash = ""; | |||
| 9346 | ||||
| 9347 | /* NamedGroup named_group_list<2..2^16-1> */ | |||
| 9348 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &groups_length, | |||
| 9349 | hf->hf.hs_ext_supported_groups_len, 2, UINT16_MAX(65535))) { | |||
| 9350 | return offset_end; | |||
| 9351 | } | |||
| 9352 | offset += 2; | |||
| 9353 | next_offset = offset + groups_length; | |||
| 9354 | ||||
| 9355 | ti = proto_tree_add_none_format(tree, | |||
| 9356 | hf->hf.hs_ext_supported_groups, | |||
| 9357 | tvb, offset, groups_length, | |||
| 9358 | "Supported Groups (%d group%s)", | |||
| 9359 | groups_length / 2, | |||
| 9360 | plurality(groups_length/2, "", "s")((groups_length/2) == 1 ? ("") : ("s"))); | |||
| 9361 | ||||
| 9362 | /* make this a subtree */ | |||
| 9363 | groups_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_groups); | |||
| 9364 | ||||
| 9365 | if (ja3) { | |||
| 9366 | wmem_strbuf_append_c(ja3, ','); | |||
| 9367 | } | |||
| 9368 | /* loop over all groups */ | |||
| 9369 | while (offset + 2 <= offset_end) { | |||
| 9370 | uint32_t ext_supported_group; | |||
| 9371 | ||||
| 9372 | proto_tree_add_item_ret_uint(groups_tree, hf->hf.hs_ext_supported_group, tvb, offset, 2, | |||
| 9373 | ENC_BIG_ENDIAN0x00000000, &ext_supported_group); | |||
| 9374 | offset += 2; | |||
| 9375 | if (ja3 && !IS_GREASE_TLS(ext_supported_group)((((ext_supported_group) & 0x0f0f) == 0x0a0a) && ( ((ext_supported_group) & 0xff) == (((ext_supported_group) >>8) & 0xff)))) { | |||
| 9376 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, ext_supported_group); | |||
| 9377 | ja3_dash = "-"; | |||
| 9378 | } | |||
| 9379 | } | |||
| 9380 | if (!ssl_end_vector(hf, tvb, pinfo, groups_tree, offset, next_offset)) { | |||
| 9381 | offset = next_offset; | |||
| 9382 | } | |||
| 9383 | ||||
| 9384 | return offset; | |||
| 9385 | } | |||
| 9386 | ||||
| 9387 | static int | |||
| 9388 | ssl_dissect_hnd_hello_ext_ec_point_formats(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 9389 | proto_tree *tree, uint32_t offset, wmem_strbuf_t *ja3) | |||
| 9390 | { | |||
| 9391 | uint8_t ecpf_length; | |||
| 9392 | proto_tree *ecpf_tree; | |||
| 9393 | proto_item *ti; | |||
| 9394 | ||||
| 9395 | ecpf_length = tvb_get_uint8(tvb, offset); | |||
| 9396 | proto_tree_add_item(tree, hf->hf.hs_ext_ec_point_formats_len, | |||
| 9397 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 9398 | ||||
| 9399 | offset += 1; | |||
| 9400 | ti = proto_tree_add_none_format(tree, | |||
| 9401 | hf->hf.hs_ext_ec_point_formats, | |||
| 9402 | tvb, offset, ecpf_length, | |||
| 9403 | "Elliptic curves point formats (%d)", | |||
| 9404 | ecpf_length); | |||
| 9405 | ||||
| 9406 | /* make this a subtree */ | |||
| 9407 | ecpf_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_curves_point_formats); | |||
| 9408 | ||||
| 9409 | if (ja3) { | |||
| 9410 | wmem_strbuf_append_c(ja3, ','); | |||
| 9411 | } | |||
| 9412 | ||||
| 9413 | /* loop over all point formats */ | |||
| 9414 | while (ecpf_length > 0) | |||
| 9415 | { | |||
| 9416 | uint32_t ext_ec_point_format; | |||
| 9417 | ||||
| 9418 | proto_tree_add_item_ret_uint(ecpf_tree, hf->hf.hs_ext_ec_point_format, tvb, offset, 1, | |||
| 9419 | ENC_BIG_ENDIAN0x00000000, &ext_ec_point_format); | |||
| 9420 | offset++; | |||
| 9421 | ecpf_length--; | |||
| 9422 | if (ja3) { | |||
| 9423 | wmem_strbuf_append_printf(ja3, "%i", ext_ec_point_format); | |||
| 9424 | if (ecpf_length > 0) { | |||
| 9425 | wmem_strbuf_append_c(ja3, '-'); | |||
| 9426 | } | |||
| 9427 | } | |||
| 9428 | } | |||
| 9429 | ||||
| 9430 | return offset; | |||
| 9431 | } | |||
| 9432 | ||||
| 9433 | static int | |||
| 9434 | ssl_dissect_hnd_hello_ext_srp(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 9435 | packet_info *pinfo, proto_tree *tree, | |||
| 9436 | uint32_t offset, uint32_t next_offset) | |||
| 9437 | { | |||
| 9438 | /* https://tools.ietf.org/html/rfc5054#section-2.8.1 | |||
| 9439 | * opaque srp_I<1..2^8-1>; | |||
| 9440 | */ | |||
| 9441 | uint32_t username_len; | |||
| 9442 | ||||
| 9443 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, next_offset, &username_len, | |||
| 9444 | hf->hf.hs_ext_srp_len, 1, UINT8_MAX(255))) { | |||
| 9445 | return next_offset; | |||
| 9446 | } | |||
| 9447 | offset++; | |||
| 9448 | ||||
| 9449 | proto_tree_add_item(tree, hf->hf.hs_ext_srp_username, | |||
| 9450 | tvb, offset, username_len, ENC_UTF_80x00000002|ENC_NA0x00000000); | |||
| 9451 | offset += username_len; | |||
| 9452 | ||||
| 9453 | return offset; | |||
| 9454 | } | |||
| 9455 | ||||
| 9456 | static uint32_t | |||
| 9457 | tls_dissect_sct(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
| 9458 | uint32_t offset, uint32_t offset_end, uint16_t version) | |||
| 9459 | { | |||
| 9460 | /* https://tools.ietf.org/html/rfc6962#section-3.2 | |||
| 9461 | * enum { v1(0), (255) } Version; | |||
| 9462 | * struct { | |||
| 9463 | * opaque key_id[32]; | |||
| 9464 | * } LogID; | |||
| 9465 | * opaque CtExtensions<0..2^16-1>; | |||
| 9466 | * struct { | |||
| 9467 | * Version sct_version; | |||
| 9468 | * LogID id; | |||
| 9469 | * uint64 timestamp; | |||
| 9470 | * CtExtensions extensions; | |||
| 9471 | * digitally-signed struct { ... }; | |||
| 9472 | * } SignedCertificateTimestamp; | |||
| 9473 | */ | |||
| 9474 | uint32_t sct_version; | |||
| 9475 | uint64_t sct_timestamp_ms; | |||
| 9476 | nstime_t sct_timestamp; | |||
| 9477 | uint32_t exts_len; | |||
| 9478 | const char *log_name; | |||
| 9479 | ||||
| 9480 | proto_tree_add_item_ret_uint(tree, hf->hf.sct_sct_version, tvb, offset, 1, ENC_NA0x00000000, &sct_version); | |||
| 9481 | offset++; | |||
| 9482 | if (sct_version != 0) { | |||
| 9483 | // TODO expert info about unknown SCT version? | |||
| 9484 | return offset; | |||
| 9485 | } | |||
| 9486 | proto_tree_add_item(tree, hf->hf.sct_sct_logid, tvb, offset, 32, ENC_BIG_ENDIAN0x00000000); | |||
| 9487 | log_name = bytesval_to_str(tvb_get_ptr(tvb, offset, 32), 32, ct_logids, "Unknown Log"); | |||
| 9488 | proto_item_append_text(tree, " (%s)", log_name); | |||
| 9489 | offset += 32; | |||
| 9490 | sct_timestamp_ms = tvb_get_ntoh64(tvb, offset); | |||
| 9491 | sct_timestamp.secs = (time_t)(sct_timestamp_ms / 1000); | |||
| 9492 | sct_timestamp.nsecs = (int)((sct_timestamp_ms % 1000) * 1000000); | |||
| 9493 | proto_tree_add_time(tree, hf->hf.sct_sct_timestamp, tvb, offset, 8, &sct_timestamp); | |||
| 9494 | offset += 8; | |||
| 9495 | /* opaque CtExtensions<0..2^16-1> */ | |||
| 9496 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &exts_len, | |||
| 9497 | hf->hf.sct_sct_extensions_length, 0, UINT16_MAX(65535))) { | |||
| 9498 | return offset_end; | |||
| 9499 | } | |||
| 9500 | offset += 2; | |||
| 9501 | if (exts_len > 0) { | |||
| 9502 | proto_tree_add_item(tree, hf->hf.sct_sct_extensions, tvb, offset, exts_len, ENC_BIG_ENDIAN0x00000000); | |||
| 9503 | offset += exts_len; | |||
| 9504 | } | |||
| 9505 | offset = ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, | |||
| 9506 | hf->hf.sct_sct_signature_length, | |||
| 9507 | hf->hf.sct_sct_signature); | |||
| 9508 | return offset; | |||
| 9509 | } | |||
| 9510 | ||||
| 9511 | uint32_t | |||
| 9512 | tls_dissect_sct_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
| 9513 | uint32_t offset, uint32_t offset_end, uint16_t version) | |||
| 9514 | { | |||
| 9515 | /* https://tools.ietf.org/html/rfc6962#section-3.3 | |||
| 9516 | * opaque SerializedSCT<1..2^16-1>; | |||
| 9517 | * struct { | |||
| 9518 | * SerializedSCT sct_list <1..2^16-1>; | |||
| 9519 | * } SignedCertificateTimestampList; | |||
| 9520 | */ | |||
| 9521 | uint32_t list_length, sct_length, next_offset; | |||
| 9522 | proto_tree *subtree; | |||
| 9523 | ||||
| 9524 | /* SerializedSCT sct_list <1..2^16-1> */ | |||
| 9525 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &list_length, | |||
| 9526 | hf->hf.sct_scts_length, 1, UINT16_MAX(65535))) { | |||
| 9527 | return offset_end; | |||
| 9528 | } | |||
| 9529 | offset += 2; | |||
| 9530 | ||||
| 9531 | while (offset < offset_end) { | |||
| 9532 | subtree = proto_tree_add_subtree(tree, tvb, offset, 2, hf->ett.sct, NULL((void*)0), "Signed Certificate Timestamp"); | |||
| 9533 | ||||
| 9534 | /* opaque SerializedSCT<1..2^16-1> */ | |||
| 9535 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &sct_length, | |||
| 9536 | hf->hf.sct_sct_length, 1, UINT16_MAX(65535))) { | |||
| 9537 | return offset_end; | |||
| 9538 | } | |||
| 9539 | offset += 2; | |||
| 9540 | next_offset = offset + sct_length; | |||
| 9541 | proto_item_set_len(subtree, 2 + sct_length); | |||
| 9542 | offset = tls_dissect_sct(hf, tvb, pinfo, subtree, offset, next_offset, version); | |||
| 9543 | if (!ssl_end_vector(hf, tvb, pinfo, subtree, offset, next_offset)) { | |||
| 9544 | offset = next_offset; | |||
| 9545 | } | |||
| 9546 | } | |||
| 9547 | ||||
| 9548 | return offset; | |||
| 9549 | } | |||
| 9550 | ||||
| 9551 | static int | |||
| 9552 | dissect_ech_hpke_cipher_suite(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), | |||
| 9553 | proto_tree *tree, uint32_t offset) | |||
| 9554 | { | |||
| 9555 | uint32_t kdf_id, aead_id; | |||
| 9556 | proto_item *cs_ti; | |||
| 9557 | proto_tree *cs_tree; | |||
| 9558 | ||||
| 9559 | cs_ti = proto_tree_add_item(tree, hf->hf.ech_hpke_keyconfig_cipher_suite, | |||
| 9560 | tvb, offset, 4, ENC_NA0x00000000); | |||
| 9561 | cs_tree = proto_item_add_subtree(cs_ti, hf->ett.ech_hpke_cipher_suite); | |||
| 9562 | ||||
| 9563 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.ech_hpke_keyconfig_cipher_suite_kdf_id, | |||
| 9564 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &kdf_id); | |||
| 9565 | offset += 2; | |||
| 9566 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.ech_hpke_keyconfig_cipher_suite_aead_id, | |||
| 9567 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &aead_id); | |||
| 9568 | offset += 2; | |||
| 9569 | ||||
| 9570 | proto_item_append_text(cs_ti, ": %s/%s", | |||
| 9571 | val_to_str_const(kdf_id, kdf_id_type_vals, "Unknown"), | |||
| 9572 | val_to_str_const(aead_id, aead_id_type_vals, "Unknown")); | |||
| 9573 | return offset; | |||
| 9574 | } | |||
| 9575 | ||||
| 9576 | static int | |||
| 9577 | dissect_ech_hpke_key_config(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 9578 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 9579 | uint32_t *config_id) | |||
| 9580 | { | |||
| 9581 | uint32_t length, cipher_suite_length; | |||
| 9582 | proto_item *kc_ti, *css_ti; | |||
| 9583 | proto_tree *kc_tree, *css_tree; | |||
| 9584 | uint32_t original_offset = offset, next_offset; | |||
| 9585 | ||||
| 9586 | kc_ti = proto_tree_add_item(tree, hf->hf.ech_hpke_keyconfig, | |||
| 9587 | tvb, offset, -1, ENC_NA0x00000000); | |||
| 9588 | kc_tree = proto_item_add_subtree(kc_ti, hf->ett.ech_hpke_keyconfig); | |||
| 9589 | ||||
| 9590 | proto_tree_add_item_ret_uint(kc_tree, hf->hf.ech_hpke_keyconfig_config_id, | |||
| 9591 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, config_id); | |||
| 9592 | offset += 1; | |||
| 9593 | proto_tree_add_item(kc_tree, hf->hf.ech_hpke_keyconfig_kem_id, | |||
| 9594 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 9595 | offset += 2; | |||
| 9596 | proto_tree_add_item_ret_uint(kc_tree, hf->hf.ech_hpke_keyconfig_public_key_length, | |||
| 9597 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | |||
| 9598 | offset += 2; | |||
| 9599 | proto_tree_add_item(kc_tree, hf->hf.ech_hpke_keyconfig_public_key, | |||
| 9600 | tvb, offset, length, ENC_NA0x00000000); | |||
| 9601 | offset += length; | |||
| 9602 | ||||
| 9603 | /* HpkeSymmetricCipherSuite cipher_suites<4..2^16-4> */ | |||
| 9604 | if (!ssl_add_vector(hf, tvb, pinfo, kc_tree, offset, offset_end, &cipher_suite_length, | |||
| 9605 | hf->hf.ech_hpke_keyconfig_cipher_suites_length, 4, UINT16_MAX(65535) - 3)) { | |||
| 9606 | return offset_end; | |||
| 9607 | } | |||
| 9608 | offset += 2; | |||
| 9609 | next_offset = offset + cipher_suite_length; | |||
| 9610 | ||||
| 9611 | css_ti = proto_tree_add_none_format(kc_tree, | |||
| 9612 | hf->hf.ech_hpke_keyconfig_cipher_suites, | |||
| 9613 | tvb, offset, cipher_suite_length, | |||
| 9614 | "Cipher Suites (%d suite%s)", | |||
| 9615 | cipher_suite_length / 4, | |||
| 9616 | plurality(cipher_suite_length / 4, "", "s")((cipher_suite_length / 4) == 1 ? ("") : ("s"))); | |||
| 9617 | css_tree = proto_item_add_subtree(css_ti, hf->ett.ech_hpke_cipher_suites); | |||
| 9618 | ||||
| 9619 | ||||
| 9620 | while (offset + 4 <= next_offset) { | |||
| 9621 | offset = dissect_ech_hpke_cipher_suite(hf, tvb, pinfo, css_tree, offset); | |||
| 9622 | } | |||
| 9623 | ||||
| 9624 | if (!ssl_end_vector(hf, tvb, pinfo, css_tree, offset, next_offset)) { | |||
| 9625 | offset = next_offset; | |||
| 9626 | } | |||
| 9627 | ||||
| 9628 | proto_item_set_len(kc_ti, offset - original_offset); | |||
| 9629 | ||||
| 9630 | return offset; | |||
| 9631 | } | |||
| 9632 | ||||
| 9633 | static int | |||
| 9634 | dissect_ech_echconfig_contents(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 9635 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 9636 | const uint8_t **public_name, uint32_t *config_id) | |||
| 9637 | { | |||
| 9638 | uint32_t public_name_length, extensions_length, next_offset; | |||
| 9639 | ||||
| 9640 | offset = dissect_ech_hpke_key_config(hf, tvb, pinfo, tree, offset, offset_end, config_id); | |||
| 9641 | proto_tree_add_item(tree, hf->hf.ech_echconfigcontents_maximum_name_length, | |||
| 9642 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 9643 | offset += 1; | |||
| 9644 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_echconfigcontents_public_name_length, | |||
| 9645 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &public_name_length); | |||
| 9646 | offset += 1; | |||
| 9647 | proto_tree_add_item_ret_string(tree, hf->hf.ech_echconfigcontents_public_name, | |||
| 9648 | tvb, offset, public_name_length, ENC_ASCII0x00000000, pinfo->pool, public_name); | |||
| 9649 | offset += public_name_length; | |||
| 9650 | ||||
| 9651 | /* Extension extensions<0..2^16-1>; */ | |||
| 9652 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &extensions_length, | |||
| 9653 | hf->hf.ech_echconfigcontents_extensions_length, 0, UINT16_MAX(65535))) { | |||
| 9654 | return offset_end; | |||
| 9655 | } | |||
| 9656 | offset += 2; | |||
| 9657 | next_offset = offset + extensions_length; | |||
| 9658 | ||||
| 9659 | if (extensions_length > 0) { | |||
| 9660 | proto_tree_add_item(tree, hf->hf.ech_echconfigcontents_extensions, | |||
| 9661 | tvb, offset, extensions_length, ENC_NA0x00000000); | |||
| 9662 | } | |||
| 9663 | offset += extensions_length; | |||
| 9664 | ||||
| 9665 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { | |||
| 9666 | offset = next_offset; | |||
| 9667 | } | |||
| 9668 | ||||
| 9669 | return offset; | |||
| 9670 | } | |||
| 9671 | ||||
| 9672 | static int | |||
| 9673 | dissect_ech_echconfig(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 9674 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 9675 | { | |||
| 9676 | uint32_t version, length; | |||
| 9677 | proto_item *ech_ti; | |||
| 9678 | proto_tree *ech_tree; | |||
| 9679 | const uint8_t *public_name = NULL((void*)0); | |||
| 9680 | uint32_t config_id = 0; | |||
| 9681 | ||||
| 9682 | ech_ti = proto_tree_add_item(tree, hf->hf.ech_echconfig, tvb, offset, -1, ENC_NA0x00000000); | |||
| 9683 | ech_tree = proto_item_add_subtree(ech_ti, hf->ett.ech_echconfig); | |||
| 9684 | ||||
| 9685 | proto_tree_add_item_ret_uint(ech_tree, hf->hf.ech_echconfig_version, | |||
| 9686 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &version); | |||
| 9687 | offset += 2; | |||
| 9688 | proto_tree_add_item_ret_uint(ech_tree, hf->hf.ech_echconfig_length, | |||
| 9689 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | |||
| 9690 | offset += 2; | |||
| 9691 | ||||
| 9692 | proto_item_set_len(ech_ti, 4 + length); | |||
| 9693 | ||||
| 9694 | switch(version) { | |||
| 9695 | case 0xfe0d: | |||
| 9696 | dissect_ech_echconfig_contents(hf, tvb, pinfo, ech_tree, offset, offset_end, &public_name, &config_id); | |||
| 9697 | proto_item_append_text(ech_ti, ": id=%d %s", config_id, public_name); | |||
| 9698 | break; | |||
| 9699 | ||||
| 9700 | default: | |||
| 9701 | expert_add_info_format(pinfo, ech_ti, &hf->ei.ech_echconfig_invalid_version, "Unsupported/unknown ECHConfig version 0x%x", version); | |||
| 9702 | } | |||
| 9703 | ||||
| 9704 | return 4 + length; | |||
| 9705 | } | |||
| 9706 | ||||
| 9707 | uint32_t | |||
| 9708 | ssl_dissect_ext_ech_echconfiglist(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 9709 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 9710 | { | |||
| 9711 | uint32_t echconfiglist_length, next_offset; | |||
| 9712 | ||||
| 9713 | /* ECHConfig ECHConfigList<1..2^16-1>; */ | |||
| 9714 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &echconfiglist_length, | |||
| 9715 | hf->hf.ech_echconfiglist_length, 1, UINT16_MAX(65535))) { | |||
| 9716 | return offset_end; | |||
| 9717 | } | |||
| 9718 | offset += 2; | |||
| 9719 | next_offset = offset + echconfiglist_length; | |||
| 9720 | ||||
| 9721 | while (offset < next_offset) { | |||
| 9722 | offset += dissect_ech_echconfig(hf, tvb, pinfo, tree, offset, offset_end); | |||
| 9723 | } | |||
| 9724 | ||||
| 9725 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { | |||
| 9726 | offset = next_offset; | |||
| 9727 | } | |||
| 9728 | ||||
| 9729 | return offset; | |||
| 9730 | } | |||
| 9731 | ||||
| 9732 | static uint32_t | |||
| 9733 | ssl_dissect_hnd_ech_outer_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
| 9734 | uint32_t offset, uint32_t offset_end) | |||
| 9735 | { | |||
| 9736 | uint32_t ext_length, next_offset; | |||
| 9737 | proto_tree *ext_tree; | |||
| 9738 | proto_item *ti; | |||
| 9739 | ||||
| 9740 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &ext_length, | |||
| 9741 | hf->hf.hs_ext_ech_outer_ext_len, 2, UINT8_MAX(255))) { | |||
| 9742 | return offset_end; | |||
| 9743 | } | |||
| 9744 | offset += 1; | |||
| 9745 | next_offset = offset + ext_length; | |||
| 9746 | ||||
| 9747 | ti = proto_tree_add_none_format(tree, | |||
| 9748 | hf->hf.hs_ext_ech_outer_ext, | |||
| 9749 | tvb, offset, ext_length, | |||
| 9750 | "Outer Extensions (%d extension%s)", | |||
| 9751 | ext_length / 2, | |||
| 9752 | plurality(ext_length/2, "", "s")((ext_length/2) == 1 ? ("") : ("s"))); | |||
| 9753 | ||||
| 9754 | ext_tree = proto_item_add_subtree(ti, hf->ett.hs_ext); | |||
| 9755 | ||||
| 9756 | while (offset + 2 <= offset_end) { | |||
| 9757 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_type, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 9758 | offset += 2; | |||
| 9759 | } | |||
| 9760 | ||||
| 9761 | if (!ssl_end_vector(hf, tvb, pinfo, ext_tree, offset, next_offset)) { | |||
| 9762 | offset = next_offset; | |||
| 9763 | } | |||
| 9764 | ||||
| 9765 | return offset; | |||
| 9766 | } | |||
| 9767 | ||||
| 9768 | static uint32_t | |||
| 9769 | // NOLINTNEXTLINE(misc-no-recursion) | |||
| 9770 | ssl_dissect_hnd_hello_ext_ech(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 9771 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 9772 | uint8_t hnd_type, SslSession *session, SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, | |||
| 9773 | uint32_t initial_offset, uint32_t hello_length) | |||
| 9774 | { | |||
| 9775 | uint32_t ch_type, length; | |||
| 9776 | proto_item *ti, *payload_ti; | |||
| 9777 | proto_tree *retry_tree, *payload_tree; | |||
| 9778 | ||||
| 9779 | switch (hnd_type) { | |||
| 9780 | case SSL_HND_CLIENT_HELLO: | |||
| 9781 | /* | |||
| 9782 | * enum { outer(0), inner(1) } ECHClientHelloType; | |||
| 9783 | * | |||
| 9784 | * struct { | |||
| 9785 | * ECHClientHelloType type; | |||
| 9786 | * select (ECHClientHello.type) { | |||
| 9787 | * case outer: | |||
| 9788 | * HpkeSymmetricCipherSuite cipher_suite; | |||
| 9789 | * uint8 config_id; | |||
| 9790 | * opaque enc<0..2^16-1>; | |||
| 9791 | * opaque payload<1..2^16-1>; | |||
| 9792 | * case inner: | |||
| 9793 | * Empty; | |||
| 9794 | * }; | |||
| 9795 | * } ECHClientHello; | |||
| 9796 | */ | |||
| 9797 | ||||
| 9798 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_clienthello_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &ch_type); | |||
| 9799 | offset += 1; | |||
| 9800 | switch (ch_type) { | |||
| 9801 | case 0: /* outer */ | |||
| 9802 | if (ssl && session->first_ch_ech_frame == 0) { | |||
| 9803 | session->first_ch_ech_frame = pinfo->num; | |||
| 9804 | } | |||
| 9805 | offset = dissect_ech_hpke_cipher_suite(hf, tvb, pinfo, tree, offset); | |||
| 9806 | uint16_t kdf_id = tvb_get_ntohs(tvb, offset - 4); | |||
| 9807 | uint16_t aead_id = tvb_get_ntohs(tvb, offset - 2); | |||
| 9808 | ||||
| 9809 | proto_tree_add_item(tree, hf->hf.ech_config_id, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 9810 | uint8_t config_id = tvb_get_uint8(tvb, offset); | |||
| 9811 | offset += 1; | |||
| 9812 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_enc_length, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | |||
| 9813 | offset += 2; | |||
| 9814 | proto_tree_add_item(tree, hf->hf.ech_enc, tvb, offset, length, ENC_NA0x00000000); | |||
| 9815 | offset += length; | |||
| 9816 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_payload_length, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | |||
| 9817 | offset += 2; | |||
| 9818 | payload_ti = proto_tree_add_item(tree, hf->hf.ech_payload, tvb, offset, length, ENC_NA0x00000000); | |||
| 9819 | offset += length; | |||
| 9820 | ||||
| 9821 | if (!mk_map) { | |||
| 9822 | break; | |||
| 9823 | } | |||
| 9824 | if (session->client_random.data_len == 0) { | |||
| 9825 | ssl_debug_printf("%s missing Client Random\n", G_STRFUNC((const char*) (__func__))); | |||
| 9826 | break; | |||
| 9827 | } | |||
| 9828 | StringInfo *ech_secret = (StringInfo *)g_hash_table_lookup(mk_map->ech_secret, &session->client_random); | |||
| 9829 | StringInfo *ech_config = (StringInfo *)g_hash_table_lookup(mk_map->ech_config, &session->client_random); | |||
| 9830 | if (!ech_secret || !ech_config) { | |||
| 9831 | ssl_debug_printf("%s Cannot find ECH_SECRET or ECH_CONFIG, Encrypted Client Hello decryption impossible\n", | |||
| 9832 | G_STRFUNC((const char*) (__func__))); | |||
| 9833 | break; | |||
| 9834 | } | |||
| 9835 | ||||
| 9836 | if (hpke_hkdf_len(kdf_id) == 0) { | |||
| 9837 | ssl_debug_printf("Unsupported KDF\n"); | |||
| 9838 | break; | |||
| 9839 | } | |||
| 9840 | ||||
| 9841 | if (hpke_aead_key_len(aead_id) == 0) { | |||
| 9842 | ssl_debug_printf("Unsupported AEAD\n"); | |||
| 9843 | break; | |||
| 9844 | } | |||
| 9845 | ||||
| 9846 | size_t aead_nonce_len = hpke_aead_nonce_len(aead_id); | |||
| 9847 | ||||
| 9848 | uint16_t version = GUINT16_FROM_BE(*(uint16_t *)ech_config->data)(((((guint16) ( (guint16) ((guint16) (*(uint16_t *)ech_config ->data) >> 8) | (guint16) ((guint16) (*(uint16_t *)ech_config ->data) << 8)))))); | |||
| 9849 | if (version != SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037) { | |||
| 9850 | ssl_debug_printf("Unexpected version in ECH Config\n"); | |||
| 9851 | break; | |||
| 9852 | } | |||
| 9853 | uint32_t ech_config_offset = 2; | |||
| 9854 | if (GUINT16_FROM_BE(*(uint16_t *)(ech_config->data + ech_config_offset))(((((guint16) ( (guint16) ((guint16) (*(uint16_t *)(ech_config ->data + ech_config_offset)) >> 8) | (guint16) ((guint16 ) (*(uint16_t *)(ech_config->data + ech_config_offset)) << 8)))))) != ech_config->data_len - 4) { | |||
| 9855 | ssl_debug_printf("Malformed ECH Config, invalid length\n"); | |||
| 9856 | break; | |||
| 9857 | } | |||
| 9858 | ech_config_offset += 2; | |||
| 9859 | if (*(ech_config->data + ech_config_offset) != config_id) { | |||
| 9860 | ssl_debug_printf("ECH Config version mismatch\n"); | |||
| 9861 | break; | |||
| 9862 | } | |||
| 9863 | ech_config_offset += 1; | |||
| 9864 | uint16_t kem_id_be = *(uint16_t *)(ech_config->data + ech_config_offset); | |||
| 9865 | uint16_t kem_id = GUINT16_FROM_BE(kem_id_be)(((((guint16) ( (guint16) ((guint16) (kem_id_be) >> 8) | (guint16) ((guint16) (kem_id_be) << 8)))))); | |||
| 9866 | uint8_t suite_id[HPKE_SUIT_ID_LEN10]; | |||
| 9867 | hpke_suite_id(kem_id, kdf_id, aead_id, suite_id); | |||
| 9868 | GByteArray *info = g_byte_array_new(); | |||
| 9869 | g_byte_array_append(info, "tls ech", 8); | |||
| 9870 | g_byte_array_append(info, ech_config->data, ech_config->data_len); | |||
| 9871 | uint8_t key[AEAD_MAX_KEY_LENGTH32]; | |||
| 9872 | uint8_t base_nonce[HPKE_AEAD_NONCE_LENGTH12]; | |||
| 9873 | if (hpke_key_schedule(kdf_id, aead_id, ech_secret->data, ech_secret->data_len, suite_id, info->data, info->len, HPKE_MODE_BASE0, | |||
| 9874 | key, base_nonce)) { | |||
| 9875 | g_byte_array_free(info, TRUE(!(0))); | |||
| 9876 | break; | |||
| 9877 | } | |||
| 9878 | g_byte_array_free(info, TRUE(!(0))); | |||
| 9879 | gcry_cipher_hd_t cipher; | |||
| 9880 | if (hpke_setup_aead(&cipher, aead_id, key) || | |||
| 9881 | hpke_set_nonce(cipher, !session->hrr_ech_declined && pinfo->num > session->first_ch_ech_frame, base_nonce, aead_nonce_len)) { | |||
| 9882 | gcry_cipher_close(cipher); | |||
| 9883 | break; | |||
| 9884 | } | |||
| 9885 | const uint8_t *payload = tvb_get_ptr(tvb, offset - length, length); | |||
| 9886 | uint8_t *ech_aad = (uint8_t *)wmem_alloc(NULL((void*)0), hello_length); | |||
| 9887 | tvb_memcpy(tvb, ech_aad, initial_offset, hello_length); | |||
| 9888 | memset(ech_aad + offset - length - initial_offset, 0, length); | |||
| 9889 | if (gcry_cipher_authenticate(cipher, ech_aad, hello_length)) { | |||
| 9890 | gcry_cipher_close(cipher); | |||
| 9891 | wmem_free(NULL((void*)0), ech_aad); | |||
| 9892 | break; | |||
| 9893 | } | |||
| 9894 | wmem_free(NULL((void*)0), ech_aad); | |||
| 9895 | uint8_t *ech_decrypted_data = (uint8_t *)wmem_alloc(pinfo->pool, length - 16); | |||
| 9896 | if (gcry_cipher_decrypt(cipher, ech_decrypted_data, length - 16, payload, length - 16)) { | |||
| 9897 | gcry_cipher_close(cipher); | |||
| 9898 | break; | |||
| 9899 | } | |||
| 9900 | unsigned char ech_auth_tag_calc[16]; | |||
| 9901 | if (gcry_cipher_gettag(cipher, ech_auth_tag_calc, 16)) { | |||
| 9902 | gcry_cipher_close(cipher); | |||
| 9903 | break; | |||
| 9904 | } | |||
| 9905 | if (ssl && !session->hrr_ech_declined && session->first_ch_ech_frame == pinfo->num) | |||
| 9906 | memcpy(session->first_ech_auth_tag, ech_auth_tag_calc, 16); | |||
| 9907 | gcry_cipher_close(cipher); | |||
| 9908 | if (memcmp(pinfo->num > session->first_ch_ech_frame ? ech_auth_tag_calc : session->first_ech_auth_tag, | |||
| 9909 | payload + length - 16, 16)) { | |||
| 9910 | ssl_debug_printf("%s ECH auth tag mismatch\n", G_STRFUNC((const char*) (__func__))); | |||
| 9911 | } else { | |||
| 9912 | payload_tree = proto_item_add_subtree(payload_ti, hf->ett.ech_decrypt); | |||
| 9913 | tvbuff_t *ech_tvb = tvb_new_child_real_data(tvb, ech_decrypted_data, length - 16, length - 16); | |||
| 9914 | add_new_data_source(pinfo, ech_tvb, "Client Hello Inner"); | |||
| 9915 | if (ssl) { | |||
| 9916 | tvb_memcpy(ech_tvb, ssl->client_random.data, 2, 32); | |||
| 9917 | uint32_t len_offset = ssl->ech_transcript.data_len; | |||
| 9918 | if (ssl->ech_transcript.data_len > 0) | |||
| 9919 | ssl->ech_transcript.data = (unsigned char*)wmem_realloc(wmem_file_scope(), ssl->ech_transcript.data, | |||
| 9920 | ssl->ech_transcript.data_len + hello_length + 4); | |||
| 9921 | else | |||
| 9922 | ssl->ech_transcript.data = (unsigned char*)wmem_alloc(wmem_file_scope(), hello_length + 4); | |||
| 9923 | ssl->ech_transcript.data[ssl->ech_transcript.data_len] = SSL_HND_CLIENT_HELLO; | |||
| 9924 | ssl->ech_transcript.data[ssl->ech_transcript.data_len + 1] = 0; | |||
| 9925 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len + 4, 0, 34); | |||
| 9926 | ssl->ech_transcript.data_len += 38; | |||
| 9927 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, initial_offset + 34, | |||
| 9928 | tvb_get_uint8(tvb, initial_offset + 34) + 1); | |||
| 9929 | ssl->ech_transcript.data_len += tvb_get_uint8(tvb, initial_offset + 34) + 1; | |||
| 9930 | uint32_t ech_offset = 35 + tvb_get_uint8(ech_tvb, 34); | |||
| 9931 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, ech_offset, | |||
| 9932 | 2 + tvb_get_ntohs(ech_tvb, ech_offset)); | |||
| 9933 | ssl->ech_transcript.data_len += 2 + tvb_get_ntohs(ech_tvb, ech_offset); | |||
| 9934 | ech_offset += 2 + tvb_get_ntohs(ech_tvb, ech_offset); | |||
| 9935 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, ech_offset, | |||
| 9936 | 1 + tvb_get_uint8(ech_tvb, ech_offset)); | |||
| 9937 | ssl->ech_transcript.data_len += 1 + tvb_get_uint8(ech_tvb, ech_offset); | |||
| 9938 | ech_offset += 1 + tvb_get_uint8(ech_tvb, ech_offset); | |||
| 9939 | uint32_t ech_extensions_len_offset = ssl->ech_transcript.data_len; | |||
| 9940 | ssl->ech_transcript.data_len += 2; | |||
| 9941 | uint16_t extensions_end = ech_offset + tvb_get_ntohs(ech_tvb, ech_offset) + 2; | |||
| 9942 | ech_offset += 2; | |||
| 9943 | while (extensions_end - ech_offset >= 4) { | |||
| 9944 | if (tvb_get_ntohs(ech_tvb, ech_offset) != SSL_HND_HELLO_EXT_ECH_OUTER_EXTENSIONS64768) { | |||
| 9945 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, ech_offset, | |||
| 9946 | 4 + tvb_get_ntohs(ech_tvb, ech_offset + 2)); | |||
| 9947 | ssl->ech_transcript.data_len += 4 + tvb_get_ntohs(ech_tvb, ech_offset + 2); | |||
| 9948 | ech_offset += 4 + tvb_get_ntohs(ech_tvb, ech_offset + 2); | |||
| 9949 | } else if (tvb_get_ntohs(ech_tvb, ech_offset + 2) > 0) { | |||
| 9950 | uint8_t outer_extensions_end = tvb_get_uint8(ech_tvb, ech_offset + 4) + ech_offset + 5; | |||
| 9951 | ech_offset += 5; | |||
| 9952 | uint16_t outer_offset = initial_offset + 35 + tvb_get_uint8(tvb, initial_offset + 34); | |||
| 9953 | outer_offset += tvb_get_ntohs(tvb, outer_offset) + 2; | |||
| 9954 | outer_offset += tvb_get_uint8(tvb, outer_offset) + 3; | |||
| 9955 | while (outer_extensions_end - ech_offset >= 2) { | |||
| 9956 | while (hello_length - outer_offset >= 4) { | |||
| 9957 | if (tvb_get_ntohs(tvb, outer_offset) == tvb_get_ntohs(ech_tvb, ech_offset)) { | |||
| 9958 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, outer_offset, | |||
| 9959 | 4 + tvb_get_ntohs(tvb, outer_offset + 2)); | |||
| 9960 | ssl->ech_transcript.data_len += 4 + tvb_get_ntohs(tvb, outer_offset + 2); | |||
| 9961 | outer_offset += 4 + tvb_get_ntohs(tvb, outer_offset + 2); | |||
| 9962 | break; | |||
| 9963 | } else { | |||
| 9964 | outer_offset += 4 + tvb_get_ntohs(tvb, outer_offset + 2); | |||
| 9965 | } | |||
| 9966 | } | |||
| 9967 | ech_offset += 2; | |||
| 9968 | } | |||
| 9969 | } | |||
| 9970 | } | |||
| 9971 | uint16_t ech_extensions_len_be = GUINT16_TO_BE(ssl->ech_transcript.data_len - ech_extensions_len_offset - 2)((((guint16) ( (guint16) ((guint16) (ssl->ech_transcript.data_len - ech_extensions_len_offset - 2) >> 8) | (guint16) ((guint16 ) (ssl->ech_transcript.data_len - ech_extensions_len_offset - 2) << 8))))); | |||
| 9972 | *(ssl->ech_transcript.data + ech_extensions_len_offset) = ech_extensions_len_be & 0xff; | |||
| 9973 | *(ssl->ech_transcript.data + ech_extensions_len_offset + 1) = (ech_extensions_len_be >> 8); | |||
| 9974 | *(ssl->ech_transcript.data + len_offset + 2) = ((ssl->ech_transcript.data_len - len_offset - 4) >> 8); | |||
| 9975 | *(ssl->ech_transcript.data + len_offset + 3) = (ssl->ech_transcript.data_len - len_offset - 4) & 0xff; | |||
| 9976 | } | |||
| 9977 | uint32_t ech_padding_begin = (uint32_t)ssl_dissect_hnd_cli_hello(hf, ech_tvb, pinfo, payload_tree, 0, length - 16, session, | |||
| 9978 | ssl, NULL((void*)0), mk_map); | |||
| 9979 | if (ech_padding_begin < length - 16) { | |||
| 9980 | proto_tree_add_item(payload_tree, hf->hf.ech_padding_data, ech_tvb, ech_padding_begin, length - 16 - ech_padding_begin, | |||
| 9981 | ENC_NA0x00000000); | |||
| 9982 | } | |||
| 9983 | } | |||
| 9984 | ||||
| 9985 | break; | |||
| 9986 | case 1: /* inner */ | |||
| 9987 | break; | |||
| 9988 | } | |||
| 9989 | break; | |||
| 9990 | ||||
| 9991 | case SSL_HND_ENCRYPTED_EXTENSIONS: | |||
| 9992 | /* | |||
| 9993 | * struct { | |||
| 9994 | * ECHConfigList retry_configs; | |||
| 9995 | * } ECHEncryptedExtensions; | |||
| 9996 | */ | |||
| 9997 | ||||
| 9998 | ti = proto_tree_add_item(tree, hf->hf.ech_retry_configs, tvb, offset, offset_end - offset, ENC_NA0x00000000); | |||
| 9999 | retry_tree = proto_item_add_subtree(ti, hf->ett.ech_retry_configs); | |||
| 10000 | offset = ssl_dissect_ext_ech_echconfiglist(hf, tvb, pinfo, retry_tree, offset, offset_end); | |||
| 10001 | break; | |||
| 10002 | ||||
| 10003 | case SSL_HND_HELLO_RETRY_REQUEST: | |||
| 10004 | /* | |||
| 10005 | * struct { | |||
| 10006 | * opaque confirmation[8]; | |||
| 10007 | * } ECHHelloRetryRequest; | |||
| 10008 | */ | |||
| 10009 | ||||
| 10010 | proto_tree_add_item(tree, hf->hf.ech_confirmation, tvb, offset, 8, ENC_NA0x00000000); | |||
| 10011 | if (session->ech) { | |||
| 10012 | ti = proto_tree_add_bytes_with_length(tree, hf->hf.hs_ech_confirm_compute, tvb, offset, 0, session->hrr_ech_confirmation, 8); | |||
| 10013 | proto_item_set_generated(ti); | |||
| 10014 | if (memcmp(session->hrr_ech_confirmation, tvb_get_ptr(tvb, offset, 8), 8)) { | |||
| 10015 | expert_add_info(pinfo, ti, &hf->ei.ech_rejected); | |||
| 10016 | } else { | |||
| 10017 | expert_add_info(pinfo, ti, &hf->ei.ech_accepted); | |||
| 10018 | } | |||
| 10019 | } | |||
| 10020 | offset += 8; | |||
| 10021 | break; | |||
| 10022 | } | |||
| 10023 | ||||
| 10024 | return offset; | |||
| 10025 | } | |||
| 10026 | ||||
| 10027 | static uint32_t | |||
| 10028 | ssl_dissect_hnd_hello_ext_esni(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 10029 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 10030 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | |||
| 10031 | { | |||
| 10032 | uint32_t record_digest_length, encrypted_sni_length; | |||
| 10033 | ||||
| 10034 | switch (hnd_type) { | |||
| 10035 | case SSL_HND_CLIENT_HELLO: | |||
| 10036 | /* | |||
| 10037 | * struct { | |||
| 10038 | * CipherSuite suite; | |||
| 10039 | * KeyShareEntry key_share; | |||
| 10040 | * opaque record_digest<0..2^16-1>; | |||
| 10041 | * opaque encrypted_sni<0..2^16-1>; | |||
| 10042 | * } ClientEncryptedSNI; | |||
| 10043 | */ | |||
| 10044 | proto_tree_add_item(tree, hf->hf.esni_suite, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 10045 | offset += 2; | |||
| 10046 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, tree, offset, offset_end, NULL((void*)0)); | |||
| 10047 | ||||
| 10048 | /* opaque record_digest<0..2^16-1> */ | |||
| 10049 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &record_digest_length, | |||
| 10050 | hf->hf.esni_record_digest_length, 0, UINT16_MAX(65535))) { | |||
| 10051 | return offset_end; | |||
| 10052 | } | |||
| 10053 | offset += 2; | |||
| 10054 | if (record_digest_length > 0) { | |||
| 10055 | proto_tree_add_item(tree, hf->hf.esni_record_digest, tvb, offset, record_digest_length, ENC_NA0x00000000); | |||
| 10056 | offset += record_digest_length; | |||
| 10057 | } | |||
| 10058 | ||||
| 10059 | /* opaque encrypted_sni<0..2^16-1> */ | |||
| 10060 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &encrypted_sni_length, | |||
| 10061 | hf->hf.esni_encrypted_sni_length, 0, UINT16_MAX(65535))) { | |||
| 10062 | return offset_end; | |||
| 10063 | } | |||
| 10064 | offset += 2; | |||
| 10065 | if (encrypted_sni_length > 0) { | |||
| 10066 | proto_tree_add_item(tree, hf->hf.esni_encrypted_sni, tvb, offset, encrypted_sni_length, ENC_NA0x00000000); | |||
| 10067 | offset += encrypted_sni_length; | |||
| 10068 | } | |||
| 10069 | break; | |||
| 10070 | ||||
| 10071 | case SSL_HND_ENCRYPTED_EXTENSIONS: | |||
| 10072 | proto_tree_add_item(tree, hf->hf.esni_nonce, tvb, offset, 16, ENC_NA0x00000000); | |||
| 10073 | offset += 16; | |||
| 10074 | break; | |||
| 10075 | } | |||
| 10076 | ||||
| 10077 | return offset; | |||
| 10078 | } | |||
| 10079 | /** TLS Extensions (in Client Hello and Server Hello). }}} */ | |||
| 10080 | ||||
| 10081 | /* Connection ID dissection. {{{ */ | |||
| 10082 | static uint32_t | |||
| 10083 | ssl_dissect_ext_connection_id(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 10084 | proto_tree *tree, uint32_t offset, SslDecryptSession *ssl, | |||
| 10085 | uint8_t cidl, uint8_t **session_cid, uint8_t *session_cidl) | |||
| 10086 | { | |||
| 10087 | /* keep track of the decrypt session only for the first pass */ | |||
| 10088 | if (cidl > 0 && !PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) { | |||
| 10089 | tvb_ensure_bytes_exist(tvb, offset + 1, cidl); | |||
| 10090 | *session_cidl = cidl; | |||
| 10091 | *session_cid = (uint8_t*)wmem_alloc0(wmem_file_scope(), cidl); | |||
| 10092 | tvb_memcpy(tvb, *session_cid, offset + 1, cidl); | |||
| 10093 | if (ssl) { | |||
| 10094 | ssl_add_session_by_cid(ssl); | |||
| 10095 | } | |||
| 10096 | } | |||
| 10097 | ||||
| 10098 | proto_tree_add_item(tree, hf->hf.hs_ext_connection_id_length, | |||
| 10099 | tvb, offset, 1, ENC_NA0x00000000); | |||
| 10100 | offset++; | |||
| 10101 | ||||
| 10102 | if (cidl > 0) { | |||
| 10103 | proto_tree_add_item(tree, hf->hf.hs_ext_connection_id, | |||
| 10104 | tvb, offset, cidl, ENC_NA0x00000000); | |||
| 10105 | offset += cidl; | |||
| 10106 | } | |||
| 10107 | ||||
| 10108 | return offset; | |||
| 10109 | } | |||
| 10110 | ||||
| 10111 | static uint32_t | |||
| 10112 | ssl_dissect_hnd_hello_ext_connection_id(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 10113 | proto_tree *tree, uint32_t offset, uint8_t hnd_type, | |||
| 10114 | SslSession *session, SslDecryptSession *ssl) | |||
| 10115 | { | |||
| 10116 | uint8_t cidl = tvb_get_uint8(tvb, offset); | |||
| 10117 | ||||
| 10118 | switch (hnd_type) { | |||
| 10119 | case SSL_HND_CLIENT_HELLO: | |||
| 10120 | session->client_cid_len_present = true1; | |||
| 10121 | return ssl_dissect_ext_connection_id(hf, tvb, pinfo, tree, offset, ssl, | |||
| 10122 | cidl, &session->client_cid, &session->client_cid_len); | |||
| 10123 | case SSL_HND_SERVER_HELLO: | |||
| 10124 | session->server_cid_len_present = true1; | |||
| 10125 | return ssl_dissect_ext_connection_id(hf, tvb, pinfo, tree, offset, ssl, | |||
| 10126 | cidl, &session->server_cid, &session->server_cid_len); | |||
| 10127 | default: | |||
| 10128 | return offset; | |||
| 10129 | } | |||
| 10130 | } /* }}} */ | |||
| 10131 | ||||
| 10132 | /* Trusted CA dissection. {{{ */ | |||
| 10133 | static uint32_t | |||
| 10134 | ssl_dissect_hnd_hello_ext_trusted_ca_keys(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
| 10135 | uint32_t offset, uint32_t offset_end) | |||
| 10136 | { | |||
| 10137 | proto_item *ti; | |||
| 10138 | proto_tree *subtree; | |||
| 10139 | uint32_t keys_length, next_offset; | |||
| 10140 | ||||
| 10141 | /* | |||
| 10142 | * struct { | |||
| 10143 | * TrustedAuthority trusted_authorities_list<0..2^16-1>; | |||
| 10144 | * } TrustedAuthorities; | |||
| 10145 | * | |||
| 10146 | * struct { | |||
| 10147 | * IdentifierType identifier_type; | |||
| 10148 | * select (identifier_type) { | |||
| 10149 | * case pre_agreed: struct {}; | |||
| 10150 | * case key_sha1_hash: SHA1Hash; | |||
| 10151 | * case x509_name: DistinguishedName; | |||
| 10152 | * case cert_sha1_hash: SHA1Hash; | |||
| 10153 | * } identifier; | |||
| 10154 | * } TrustedAuthority; | |||
| 10155 | * | |||
| 10156 | * enum { | |||
| 10157 | * pre_agreed(0), key_sha1_hash(1), x509_name(2), | |||
| 10158 | * cert_sha1_hash(3), (255) | |||
| 10159 | * } IdentifierType; | |||
| 10160 | * | |||
| 10161 | * opaque DistinguishedName<1..2^16-1>; | |||
| 10162 | * | |||
| 10163 | */ | |||
| 10164 | ||||
| 10165 | ||||
| 10166 | /* TrustedAuthority trusted_authorities_list<0..2^16-1> */ | |||
| 10167 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &keys_length, hf->hf.hs_ext_trusted_ca_keys_len, | |||
| 10168 | 0, UINT16_MAX(65535))) | |||
| 10169 | { | |||
| 10170 | return offset_end; | |||
| 10171 | } | |||
| 10172 | offset += 2; | |||
| 10173 | next_offset = offset + keys_length; | |||
| 10174 | ||||
| 10175 | if (keys_length > 0) | |||
| 10176 | { | |||
| 10177 | ti = proto_tree_add_none_format(tree, hf->hf.hs_ext_trusted_ca_keys_list, tvb, offset, keys_length, | |||
| 10178 | "Trusted CA keys (%d byte%s)", keys_length, plurality(keys_length, "", "s")((keys_length) == 1 ? ("") : ("s"))); | |||
| 10179 | subtree = proto_item_add_subtree(ti, hf->ett.hs_ext_trusted_ca_keys); | |||
| 10180 | ||||
| 10181 | while (offset < next_offset) | |||
| 10182 | { | |||
| 10183 | uint32_t identifier_type; | |||
| 10184 | proto_tree *trusted_key_tree; | |||
| 10185 | proto_item *trusted_key_item; | |||
| 10186 | asn1_ctx_t asn1_ctx; | |||
| 10187 | uint32_t key_len = 0; | |||
| 10188 | ||||
| 10189 | identifier_type = tvb_get_uint8(tvb, offset); | |||
| 10190 | ||||
| 10191 | // Use 0 as length for now as we'll only know the size when we decode the identifier | |||
| 10192 | trusted_key_item = proto_tree_add_none_format(subtree, hf->hf.hs_ext_trusted_ca_key, tvb, | |||
| 10193 | offset, 0, "Trusted CA Key"); | |||
| 10194 | trusted_key_tree = proto_item_add_subtree(trusted_key_item, hf->ett.hs_ext_trusted_ca_key); | |||
| 10195 | ||||
| 10196 | proto_tree_add_uint(trusted_key_tree, hf->hf.hs_ext_trusted_ca_key_type, tvb, | |||
| 10197 | offset, 1, identifier_type); | |||
| 10198 | offset++; | |||
| 10199 | ||||
| 10200 | /* | |||
| 10201 | * enum { | |||
| 10202 | * pre_agreed(0), key_sha1_hash(1), x509_name(2), | |||
| 10203 | * cert_sha1_hash(3), (255) | |||
| 10204 | * } IdentifierType; | |||
| 10205 | */ | |||
| 10206 | switch (identifier_type) | |||
| 10207 | { | |||
| 10208 | case 0: | |||
| 10209 | key_len = 0; | |||
| 10210 | break; | |||
| 10211 | case 2: | |||
| 10212 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
| 10213 | ||||
| 10214 | uint32_t name_length; | |||
| 10215 | /* opaque DistinguishedName<1..2^16-1> */ | |||
| 10216 | if (!ssl_add_vector(hf, tvb, pinfo, trusted_key_tree, offset, next_offset, &name_length, | |||
| 10217 | hf->hf.hs_ext_trusted_ca_key_dname_len, 1, UINT16_MAX(65535))) { | |||
| 10218 | return next_offset; | |||
| 10219 | } | |||
| 10220 | offset += 2; | |||
| 10221 | ||||
| 10222 | dissect_x509if_DistinguishedName(false0, tvb, offset, &asn1_ctx, | |||
| 10223 | trusted_key_tree, hf->hf.hs_ext_trusted_ca_key_dname); | |||
| 10224 | offset += name_length; | |||
| 10225 | break; | |||
| 10226 | case 1: | |||
| 10227 | case 3: | |||
| 10228 | key_len = 20; | |||
| 10229 | /* opaque SHA1Hash[20]; */ | |||
| 10230 | proto_tree_add_item(trusted_key_tree, hf->hf.hs_ext_trusted_ca_key_hash, tvb, | |||
| 10231 | offset, 20, ENC_NA0x00000000); | |||
| 10232 | break; | |||
| 10233 | ||||
| 10234 | default: | |||
| 10235 | key_len = 0; | |||
| 10236 | /*TODO display expert info about unknown ? */ | |||
| 10237 | break; | |||
| 10238 | } | |||
| 10239 | proto_item_set_len(trusted_key_item, 1 + key_len); | |||
| 10240 | offset += key_len; | |||
| 10241 | } | |||
| 10242 | } | |||
| 10243 | ||||
| 10244 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) | |||
| 10245 | { | |||
| 10246 | offset = next_offset; | |||
| 10247 | } | |||
| 10248 | ||||
| 10249 | return offset; | |||
| 10250 | } /* }}} */ | |||
| 10251 | ||||
| 10252 | ||||
| 10253 | /* Whether the Content and Handshake Types are valid; handle Protocol Version. {{{ */ | |||
| 10254 | bool_Bool | |||
| 10255 | ssl_is_valid_content_type(uint8_t type) | |||
| 10256 | { | |||
| 10257 | switch ((ContentType) type) { | |||
| 10258 | case SSL_ID_CHG_CIPHER_SPEC: | |||
| 10259 | case SSL_ID_ALERT: | |||
| 10260 | case SSL_ID_HANDSHAKE: | |||
| 10261 | case SSL_ID_APP_DATA: | |||
| 10262 | case SSL_ID_HEARTBEAT: | |||
| 10263 | case SSL_ID_TLS12_CID: | |||
| 10264 | case SSL_ID_DTLS13_ACK: | |||
| 10265 | return true1; | |||
| 10266 | } | |||
| 10267 | return false0; | |||
| 10268 | } | |||
| 10269 | ||||
| 10270 | bool_Bool | |||
| 10271 | ssl_is_valid_handshake_type(uint8_t hs_type, bool_Bool is_dtls) | |||
| 10272 | { | |||
| 10273 | switch ((HandshakeType) hs_type) { | |||
| 10274 | case SSL_HND_HELLO_VERIFY_REQUEST: | |||
| 10275 | /* hello_verify_request is DTLS-only */ | |||
| 10276 | return is_dtls; | |||
| 10277 | ||||
| 10278 | case SSL_HND_HELLO_REQUEST: | |||
| 10279 | case SSL_HND_CLIENT_HELLO: | |||
| 10280 | case SSL_HND_SERVER_HELLO: | |||
| 10281 | case SSL_HND_NEWSESSION_TICKET: | |||
| 10282 | case SSL_HND_END_OF_EARLY_DATA: | |||
| 10283 | case SSL_HND_HELLO_RETRY_REQUEST: | |||
| 10284 | case SSL_HND_ENCRYPTED_EXTENSIONS: | |||
| 10285 | case SSL_HND_CERTIFICATE: | |||
| 10286 | case SSL_HND_SERVER_KEY_EXCHG: | |||
| 10287 | case SSL_HND_CERT_REQUEST: | |||
| 10288 | case SSL_HND_SVR_HELLO_DONE: | |||
| 10289 | case SSL_HND_CERT_VERIFY: | |||
| 10290 | case SSL_HND_CLIENT_KEY_EXCHG: | |||
| 10291 | case SSL_HND_FINISHED: | |||
| 10292 | case SSL_HND_CERT_URL: | |||
| 10293 | case SSL_HND_CERT_STATUS: | |||
| 10294 | case SSL_HND_SUPPLEMENTAL_DATA: | |||
| 10295 | case SSL_HND_KEY_UPDATE: | |||
| 10296 | case SSL_HND_COMPRESSED_CERTIFICATE: | |||
| 10297 | case SSL_HND_ENCRYPTED_EXTS: | |||
| 10298 | return true1; | |||
| 10299 | case SSL_HND_MESSAGE_HASH: | |||
| 10300 | return false0; | |||
| 10301 | } | |||
| 10302 | return false0; | |||
| 10303 | } | |||
| 10304 | ||||
| 10305 | static bool_Bool | |||
| 10306 | ssl_is_authoritative_version_message(uint8_t content_type, uint8_t handshake_type, | |||
| 10307 | bool_Bool is_dtls) | |||
| 10308 | { | |||
| 10309 | /* Consider all valid Handshake messages (except for Client Hello) and | |||
| 10310 | * all other valid record types (other than Handshake) */ | |||
| 10311 | return (content_type == SSL_ID_HANDSHAKE && | |||
| 10312 | ssl_is_valid_handshake_type(handshake_type, is_dtls) && | |||
| 10313 | handshake_type != SSL_HND_CLIENT_HELLO) || | |||
| 10314 | (content_type != SSL_ID_HANDSHAKE && | |||
| 10315 | ssl_is_valid_content_type(content_type)); | |||
| 10316 | } | |||
| 10317 | ||||
| 10318 | /** | |||
| 10319 | * Scan a Server Hello handshake message for the negotiated version. For TLS 1.3 | |||
| 10320 | * draft 22 and newer, it also checks whether it is a HelloRetryRequest. | |||
| 10321 | * Returns true if the supported_versions extension was found, false if not. | |||
| 10322 | */ | |||
| 10323 | bool_Bool | |||
| 10324 | tls_scan_server_hello(tvbuff_t *tvb, uint32_t offset, uint32_t offset_end, | |||
| 10325 | uint16_t *server_version, bool_Bool *is_hrr) | |||
| 10326 | { | |||
| 10327 | /* SHA256("HelloRetryRequest") */ | |||
| 10328 | static const uint8_t tls13_hrr_random_magic[] = { | |||
| 10329 | 0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e, 0x65, 0xb8, 0x91, | |||
| 10330 | 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c | |||
| 10331 | }; | |||
| 10332 | uint8_t session_id_length; | |||
| 10333 | ||||
| 10334 | *server_version = tvb_get_ntohs(tvb, offset); | |||
| 10335 | ||||
| 10336 | /* | |||
| 10337 | * Try to look for supported_versions extension. Minimum length: | |||
| 10338 | * 2 + 32 + 1 = 35 (version, random, session id length) | |||
| 10339 | * 2 + 1 + 2 = 5 (cipher suite, compression method, extensions length) | |||
| 10340 | * 2 + 2 + 2 = 6 (ext type, ext len, version) | |||
| 10341 | * | |||
| 10342 | * We only check for the [legacy_]version field to be [D]TLS 1.2; if it's 1.3, | |||
| 10343 | * there's a separate expert info warning for that. | |||
| 10344 | */ | |||
| 10345 | if ((*server_version == TLSV1DOT2_VERSION0x303 || *server_version == DTLSV1DOT2_VERSION0xfefd) && offset_end - offset >= 46) { | |||
| 10346 | offset += 2; | |||
| 10347 | if (is_hrr) { | |||
| 10348 | *is_hrr = tvb_memeql(tvb, offset, tls13_hrr_random_magic, sizeof(tls13_hrr_random_magic)) == 0; | |||
| 10349 | } | |||
| 10350 | offset += 32; | |||
| 10351 | session_id_length = tvb_get_uint8(tvb, offset); | |||
| 10352 | offset++; | |||
| 10353 | if (offset_end - offset < session_id_length + 5u) { | |||
| 10354 | return false0; | |||
| 10355 | } | |||
| 10356 | offset += session_id_length + 5; | |||
| 10357 | ||||
| 10358 | while (offset_end - offset >= 6) { | |||
| 10359 | uint16_t ext_type = tvb_get_ntohs(tvb, offset); | |||
| 10360 | uint16_t ext_len = tvb_get_ntohs(tvb, offset + 2); | |||
| 10361 | if (offset_end - offset < 4u + ext_len) { | |||
| 10362 | break; /* not enough data for type, length and data */ | |||
| 10363 | } | |||
| 10364 | if (ext_type == SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43) { | |||
| 10365 | if (ext_len == 2) { | |||
| 10366 | *server_version = tvb_get_ntohs(tvb, offset + 4); | |||
| 10367 | } | |||
| 10368 | return true1; | |||
| 10369 | } | |||
| 10370 | offset += 4 + ext_len; | |||
| 10371 | } | |||
| 10372 | } else { | |||
| 10373 | if (is_hrr) { | |||
| 10374 | *is_hrr = false0; | |||
| 10375 | } | |||
| 10376 | } | |||
| 10377 | return false0; | |||
| 10378 | } | |||
| 10379 | ||||
| 10380 | /** | |||
| 10381 | * Scan a Client Hello handshake message to see if the supported_versions | |||
| 10382 | * extension is found, in which case the version field is legacy_version. | |||
| 10383 | */ | |||
| 10384 | static bool_Bool | |||
| 10385 | tls_scan_client_hello(tvbuff_t *tvb, uint32_t offset, uint32_t offset_end) | |||
| 10386 | { | |||
| 10387 | uint8_t session_id_length; | |||
| 10388 | ||||
| 10389 | uint16_t client_version = tvb_get_ntohs(tvb, offset); | |||
| 10390 | ||||
| 10391 | /* | |||
| 10392 | * Try to look for supported_versions extension. Minimum length: | |||
| 10393 | * 2 + 32 + 1 = 35 (version, random, session id length) | |||
| 10394 | * 2 + 2 + 1 + 2 = 5 (cipher suite, compression method, extensions length) | |||
| 10395 | * 2 + 2 + 2 = 6 (ext type, ext len, version) | |||
| 10396 | * | |||
| 10397 | * We only check for the [legacy_]version field to be [D]TLS 1.2; if it's 1.3, | |||
| 10398 | * there's a separate expert info warning for that. | |||
| 10399 | */ | |||
| 10400 | if ((client_version == TLSV1DOT2_VERSION0x303 || client_version == DTLSV1DOT2_VERSION0xfefd) && offset_end - offset >= 46) { | |||
| 10401 | offset += 2; | |||
| 10402 | offset += 32; | |||
| 10403 | session_id_length = tvb_get_uint8(tvb, offset); | |||
| 10404 | offset++; | |||
| 10405 | if (offset_end - offset < session_id_length + 2u) { | |||
| 10406 | return false0; | |||
| 10407 | } | |||
| 10408 | offset += session_id_length; | |||
| 10409 | if (client_version == DTLSV1DOT2_VERSION0xfefd) { | |||
| 10410 | uint8_t cookie_length = tvb_get_uint8(tvb, offset); | |||
| 10411 | offset++; | |||
| 10412 | if (offset_end - offset < cookie_length + 2u) { | |||
| 10413 | return false0; | |||
| 10414 | } | |||
| 10415 | } | |||
| 10416 | uint16_t cipher_suites_length = tvb_get_ntohs(tvb, offset); | |||
| 10417 | offset += 2; | |||
| 10418 | if (offset_end - offset < cipher_suites_length + 1u) { | |||
| 10419 | return false0; | |||
| 10420 | } | |||
| 10421 | offset += cipher_suites_length; | |||
| 10422 | uint8_t compression_methods_length = tvb_get_uint8(tvb, offset); | |||
| 10423 | offset++; | |||
| 10424 | if (offset_end - offset < compression_methods_length + 2u) { | |||
| 10425 | return false0; | |||
| 10426 | } | |||
| 10427 | offset += compression_methods_length + 2; | |||
| 10428 | ||||
| 10429 | while (offset_end - offset >= 6) { | |||
| 10430 | uint16_t ext_type = tvb_get_ntohs(tvb, offset); | |||
| 10431 | uint16_t ext_len = tvb_get_ntohs(tvb, offset + 2); | |||
| 10432 | if (offset_end - offset < 4u + ext_len) { | |||
| 10433 | break; /* not enough data for type, length and data */ | |||
| 10434 | } | |||
| 10435 | if (ext_type == SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43) { | |||
| 10436 | return true1; | |||
| 10437 | } | |||
| 10438 | offset += 4 + ext_len; | |||
| 10439 | } | |||
| 10440 | } | |||
| 10441 | return false0; | |||
| 10442 | } | |||
| 10443 | void | |||
| 10444 | ssl_try_set_version(SslSession *session, SslDecryptSession *ssl, | |||
| 10445 | uint8_t content_type, uint8_t handshake_type, | |||
| 10446 | bool_Bool is_dtls, uint16_t version) | |||
| 10447 | { | |||
| 10448 | uint8_t tls13_draft = 0; | |||
| 10449 | ||||
| 10450 | if (!ssl_is_authoritative_version_message(content_type, handshake_type, | |||
| 10451 | is_dtls)) | |||
| 10452 | return; | |||
| 10453 | ||||
| 10454 | version = tls_try_get_version(is_dtls, version, &tls13_draft); | |||
| 10455 | if (version == SSL_VER_UNKNOWN0) { | |||
| 10456 | return; | |||
| 10457 | } | |||
| 10458 | ||||
| 10459 | session->tls13_draft_version = tls13_draft; | |||
| 10460 | session->version = version; | |||
| 10461 | if (ssl) { | |||
| 10462 | ssl->state |= SSL_VERSION(1<<4); | |||
| 10463 | ssl_debug_printf("%s found version 0x%04X -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), version, ssl->state); | |||
| 10464 | } | |||
| 10465 | } | |||
| 10466 | ||||
| 10467 | void | |||
| 10468 | ssl_check_record_length(ssl_common_dissect_t *hf, packet_info *pinfo, | |||
| 10469 | ContentType content_type, | |||
| 10470 | unsigned record_length, proto_item *length_pi, | |||
| 10471 | uint16_t version, tvbuff_t *decrypted_tvb) | |||
| 10472 | { | |||
| 10473 | unsigned max_expansion; | |||
| 10474 | if (version == TLSV1DOT3_VERSION0x304) { | |||
| 10475 | /* TLS 1.3: Max length is 2^14 + 256 */ | |||
| 10476 | max_expansion = 256; | |||
| 10477 | } else { | |||
| 10478 | /* RFC 5246, Section 6.2.3: TLSCiphertext.fragment length MUST NOT exceed 2^14 + 2048 */ | |||
| 10479 | max_expansion = 2048; | |||
| 10480 | } | |||
| 10481 | /* | |||
| 10482 | * RFC 5246 (TLS 1.2), Section 6.2.1 forbids zero-length Handshake, Alert | |||
| 10483 | * and ChangeCipherSpec. | |||
| 10484 | * RFC 6520 (Heartbeats) does not mention zero-length Heartbeat fragments, | |||
| 10485 | * so assume it is permitted. | |||
| 10486 | * RFC 6347 (DTLS 1.2) does not mention zero-length fragments either, so | |||
| 10487 | * assume TLS 1.2 requirements. | |||
| 10488 | */ | |||
| 10489 | if (record_length == 0 && | |||
| 10490 | (content_type == SSL_ID_CHG_CIPHER_SPEC || | |||
| 10491 | content_type == SSL_ID_ALERT || | |||
| 10492 | content_type == SSL_ID_HANDSHAKE)) { | |||
| 10493 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, | |||
| 10494 | "Zero-length %s fragments are not allowed", | |||
| 10495 | val_to_str_const(content_type, ssl_31_content_type, "unknown")); | |||
| 10496 | } | |||
| 10497 | if (record_length > TLS_MAX_RECORD_LENGTH0x4000 + max_expansion) { | |||
| 10498 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, | |||
| 10499 | "TLSCiphertext length MUST NOT exceed 2^14 + %u", max_expansion); | |||
| 10500 | } | |||
| 10501 | if (decrypted_tvb && tvb_captured_length(decrypted_tvb) > TLS_MAX_RECORD_LENGTH0x4000) { | |||
| 10502 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, | |||
| 10503 | "TLSPlaintext length MUST NOT exceed 2^14"); | |||
| 10504 | } | |||
| 10505 | } | |||
| 10506 | ||||
| 10507 | static void | |||
| 10508 | ssl_set_cipher(SslDecryptSession *ssl, uint16_t cipher) | |||
| 10509 | { | |||
| 10510 | /* store selected cipher suite for decryption */ | |||
| 10511 | ssl->session.cipher = cipher; | |||
| 10512 | ||||
| 10513 | const SslCipherSuite *cs = ssl_find_cipher(cipher); | |||
| 10514 | if (!cs) { | |||
| 10515 | ssl->cipher_suite = NULL((void*)0); | |||
| 10516 | ssl->state &= ~SSL_CIPHER(1<<2); | |||
| 10517 | ssl_debug_printf("%s can't find cipher suite 0x%04X\n", G_STRFUNC((const char*) (__func__)), cipher); | |||
| 10518 | } else if (ssl->session.version == SSLV3_VERSION0x300 && !(cs->dig == DIG_MD50x40 || cs->dig == DIG_SHA0x41)) { | |||
| 10519 | /* A malicious packet capture contains a SSL 3.0 session using a TLS 1.2 | |||
| 10520 | * cipher suite that uses for example MACAlgorithm SHA256. Reject that | |||
| 10521 | * to avoid a potential buffer overflow in ssl3_check_mac. */ | |||
| 10522 | ssl->cipher_suite = NULL((void*)0); | |||
| 10523 | ssl->state &= ~SSL_CIPHER(1<<2); | |||
| 10524 | ssl_debug_printf("%s invalid SSL 3.0 cipher suite 0x%04X\n", G_STRFUNC((const char*) (__func__)), cipher); | |||
| 10525 | } else { | |||
| 10526 | /* Cipher found, save this for the delayed decoder init */ | |||
| 10527 | ssl->cipher_suite = cs; | |||
| 10528 | ssl->state |= SSL_CIPHER(1<<2); | |||
| 10529 | ssl_debug_printf("%s found CIPHER 0x%04X %s -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), cipher, | |||
| 10530 | val_to_str_ext_const(cipher, &ssl_31_ciphersuite_ext, "unknown"), | |||
| 10531 | ssl->state); | |||
| 10532 | } | |||
| 10533 | } | |||
| 10534 | /* }}} */ | |||
| 10535 | ||||
| 10536 | ||||
| 10537 | /* Client Hello and Server Hello dissections. {{{ */ | |||
| 10538 | static int | |||
| 10539 | ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | |||
| 10540 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, | |||
| 10541 | SslSession *session, SslDecryptSession *ssl, | |||
| 10542 | bool_Bool is_dtls, wmem_strbuf_t *ja3, ja4_data_t *ja4_data, | |||
| 10543 | ssl_master_key_map_t *mk_map, uint32_t initial_offset, uint32_t hello_length); | |||
| 10544 | int | |||
| 10545 | // NOLINTNEXTLINE(misc-no-recursion) | |||
| 10546 | ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 10547 | packet_info *pinfo, proto_tree *tree, uint32_t offset, | |||
| 10548 | uint32_t offset_end, SslSession *session, | |||
| 10549 | SslDecryptSession *ssl, dtls_hfs_t *dtls_hfs, ssl_master_key_map_t *mk_map) | |||
| 10550 | { | |||
| 10551 | /* struct { | |||
| 10552 | * ProtocolVersion client_version; | |||
| 10553 | * Random random; | |||
| 10554 | * SessionID session_id; | |||
| 10555 | * opaque cookie<0..32>; //new field for DTLS | |||
| 10556 | * CipherSuite cipher_suites<2..2^16-1>; | |||
| 10557 | * CompressionMethod compression_methods<1..2^8-1>; | |||
| 10558 | * Extension client_hello_extension_list<0..2^16-1>; | |||
| 10559 | * } ClientHello; | |||
| 10560 | */ | |||
| 10561 | proto_item *ti; | |||
| 10562 | proto_tree *cs_tree; | |||
| 10563 | uint32_t client_version; | |||
| 10564 | uint32_t cipher_suite_length; | |||
| 10565 | uint32_t compression_methods_length; | |||
| 10566 | uint8_t compression_method; | |||
| 10567 | uint32_t next_offset; | |||
| 10568 | uint32_t initial_offset = offset; | |||
| 10569 | uint32_t hello_length = offset_end - initial_offset; | |||
| 10570 | wmem_strbuf_t *ja3 = wmem_strbuf_new(pinfo->pool, ""); | |||
| 10571 | char *ja3_hash; | |||
| 10572 | char *ja3_dash = ""; | |||
| 10573 | char *ja4, *ja4_r, *ja4_hash, *ja4_b, *ja4_c; | |||
| 10574 | ja4_data_t ja4_data; | |||
| 10575 | wmem_strbuf_t *ja4_a = wmem_strbuf_new(pinfo->pool, ""); | |||
| 10576 | wmem_strbuf_t *ja4_br = wmem_strbuf_new(pinfo->pool, ""); | |||
| 10577 | wmem_strbuf_t *ja4_cr = wmem_strbuf_new(pinfo->pool, ""); | |||
| 10578 | wmem_list_frame_t *curr_entry; | |||
| 10579 | ||||
| 10580 | ja4_data.max_version = 0; | |||
| 10581 | ja4_data.server_name_present = false0; | |||
| 10582 | ja4_data.num_cipher_suites = 0; | |||
| 10583 | ja4_data.num_extensions = 0; | |||
| 10584 | ja4_data.alpn = wmem_strbuf_new(pinfo->pool, ""); | |||
| 10585 | ja4_data.cipher_list = wmem_list_new(pinfo->pool); | |||
| 10586 | ja4_data.extension_list = wmem_list_new(pinfo->pool); | |||
| 10587 | ja4_data.sighash_list = wmem_list_new(pinfo->pool); | |||
| 10588 | ||||
| 10589 | /* show the client version */ | |||
| 10590 | ti = proto_tree_add_item_ret_uint(tree, hf->hf.hs_client_version, tvb, | |||
| 10591 | offset, 2, ENC_BIG_ENDIAN0x00000000, | |||
| 10592 | &client_version); | |||
| 10593 | if (tls_scan_client_hello(tvb, offset, offset_end)) { | |||
| 10594 | expert_add_info(pinfo, ti, &hf->ei.legacy_version); | |||
| 10595 | } | |||
| 10596 | offset += 2; | |||
| 10597 | wmem_strbuf_append_printf(ja3, "%i,", client_version); | |||
| 10598 | ||||
| 10599 | /* | |||
| 10600 | * Is it version 1.3? | |||
| 10601 | * If so, that's an error; TLS and DTLS 1.3 Client Hellos claim | |||
| 10602 | * to be TLS 1.2, and mention 1.3 in an extension. See RFC 8446 | |||
| 10603 | * section 4.1.2 "Client Hello" and RFC 9147 Section 5.3 "Client | |||
| 10604 | * Hello". | |||
| 10605 | */ | |||
| 10606 | if (dtls_hfs != NULL((void*)0)) { | |||
| 10607 | if (client_version == DTLSV1DOT3_VERSION0xfefc) { | |||
| 10608 | /* Don't do that. */ | |||
| 10609 | expert_add_info(pinfo, ti, &hf->ei.client_version_error); | |||
| 10610 | } | |||
| 10611 | } else { | |||
| 10612 | if (client_version == TLSV1DOT3_VERSION0x304) { | |||
| 10613 | /* Don't do that. */ | |||
| 10614 | expert_add_info(pinfo, ti, &hf->ei.client_version_error); | |||
| 10615 | } | |||
| 10616 | } | |||
| 10617 | ||||
| 10618 | /* dissect fields that are present in both ClientHello and ServerHello */ | |||
| 10619 | offset = ssl_dissect_hnd_hello_common(hf, tvb, pinfo, tree, offset, session, ssl, false0, false0); | |||
| 10620 | ||||
| 10621 | /* fields specific for DTLS (cookie_len, cookie) */ | |||
| 10622 | if (dtls_hfs != NULL((void*)0)) { | |||
| 10623 | uint32_t cookie_length; | |||
| 10624 | /* opaque cookie<0..32> (for DTLS only) */ | |||
| 10625 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cookie_length, | |||
| 10626 | dtls_hfs->hf_dtls_handshake_cookie_len, 0, 32)) { | |||
| 10627 | return offset; | |||
| 10628 | } | |||
| 10629 | offset++; | |||
| 10630 | if (cookie_length > 0) { | |||
| 10631 | proto_tree_add_item(tree, dtls_hfs->hf_dtls_handshake_cookie, | |||
| 10632 | tvb, offset, cookie_length, ENC_NA0x00000000); | |||
| 10633 | offset += cookie_length; | |||
| 10634 | } | |||
| 10635 | } | |||
| 10636 | ||||
| 10637 | /* CipherSuite cipher_suites<2..2^16-1> */ | |||
| 10638 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cipher_suite_length, | |||
| 10639 | hf->hf.hs_cipher_suites_len, 2, UINT16_MAX(65535))) { | |||
| 10640 | return offset; | |||
| 10641 | } | |||
| 10642 | offset += 2; | |||
| 10643 | next_offset = offset + cipher_suite_length; | |||
| 10644 | ti = proto_tree_add_none_format(tree, | |||
| 10645 | hf->hf.hs_cipher_suites, | |||
| 10646 | tvb, offset, cipher_suite_length, | |||
| 10647 | "Cipher Suites (%d suite%s)", | |||
| 10648 | cipher_suite_length / 2, | |||
| 10649 | plurality(cipher_suite_length/2, "", "s")((cipher_suite_length/2) == 1 ? ("") : ("s"))); | |||
| 10650 | cs_tree = proto_item_add_subtree(ti, hf->ett.cipher_suites); | |||
| 10651 | while (offset + 2 <= next_offset) { | |||
| 10652 | uint32_t cipher_suite; | |||
| 10653 | ||||
| 10654 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.hs_cipher_suite, tvb, offset, 2, | |||
| 10655 | ENC_BIG_ENDIAN0x00000000, &cipher_suite); | |||
| 10656 | offset += 2; | |||
| 10657 | if (!IS_GREASE_TLS(cipher_suite)((((cipher_suite) & 0x0f0f) == 0x0a0a) && (((cipher_suite ) & 0xff) == (((cipher_suite)>>8) & 0xff)))) { | |||
| 10658 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, cipher_suite); | |||
| 10659 | ja3_dash = "-"; | |||
| 10660 | ja4_data.num_cipher_suites += 1; | |||
| 10661 | wmem_list_insert_sorted(ja4_data.cipher_list, GUINT_TO_POINTER(cipher_suite)((gpointer) (gulong) (cipher_suite)), wmem_compare_uint); | |||
| 10662 | } | |||
| 10663 | } | |||
| 10664 | wmem_strbuf_append_c(ja3, ','); | |||
| 10665 | if (!ssl_end_vector(hf, tvb, pinfo, cs_tree, offset, next_offset)) { | |||
| 10666 | offset = next_offset; | |||
| 10667 | } | |||
| 10668 | ||||
| 10669 | /* CompressionMethod compression_methods<1..2^8-1> */ | |||
| 10670 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compression_methods_length, | |||
| 10671 | hf->hf.hs_comp_methods_len, 1, UINT8_MAX(255))) { | |||
| 10672 | return offset; | |||
| 10673 | } | |||
| 10674 | offset++; | |||
| 10675 | next_offset = offset + compression_methods_length; | |||
| 10676 | ti = proto_tree_add_none_format(tree, | |||
| 10677 | hf->hf.hs_comp_methods, | |||
| 10678 | tvb, offset, compression_methods_length, | |||
| 10679 | "Compression Methods (%u method%s)", | |||
| 10680 | compression_methods_length, | |||
| 10681 | plurality(compression_methods_length,((compression_methods_length) == 1 ? ("") : ("s")) | |||
| 10682 | "", "s")((compression_methods_length) == 1 ? ("") : ("s"))); | |||
| 10683 | cs_tree = proto_item_add_subtree(ti, hf->ett.comp_methods); | |||
| 10684 | while (offset < next_offset) { | |||
| 10685 | compression_method = tvb_get_uint8(tvb, offset); | |||
| 10686 | /* TODO: make reserved/private comp meth. fields selectable */ | |||
| 10687 | if (compression_method < 64) | |||
| 10688 | proto_tree_add_uint(cs_tree, hf->hf.hs_comp_method, | |||
| 10689 | tvb, offset, 1, compression_method); | |||
| 10690 | else if (compression_method > 63 && compression_method < 193) | |||
| 10691 | proto_tree_add_uint_format_value(cs_tree, hf->hf.hs_comp_method, tvb, offset, 1, | |||
| 10692 | compression_method, "Reserved - to be assigned by IANA (%u)", | |||
| 10693 | compression_method); | |||
| 10694 | else | |||
| 10695 | proto_tree_add_uint_format_value(cs_tree, hf->hf.hs_comp_method, tvb, offset, 1, | |||
| 10696 | compression_method, "Private use range (%u)", | |||
| 10697 | compression_method); | |||
| 10698 | offset++; | |||
| 10699 | } | |||
| 10700 | ||||
| 10701 | /* SSL v3.0 has no extensions, so length field can indeed be missing. */ | |||
| 10702 | if (offset < offset_end) { | |||
| 10703 | offset = ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | |||
| 10704 | offset_end, SSL_HND_CLIENT_HELLO, | |||
| 10705 | session, ssl, dtls_hfs != NULL((void*)0), ja3, &ja4_data, mk_map, initial_offset, hello_length); | |||
| 10706 | if (ja4_data.max_version > 0) { | |||
| 10707 | client_version = ja4_data.max_version; | |||
| 10708 | } | |||
| 10709 | } else { | |||
| 10710 | wmem_strbuf_append_printf(ja3, ",,"); | |||
| 10711 | } | |||
| 10712 | ||||
| 10713 | if (proto_is_frame_protocol(pinfo->layers,"tcp")) { | |||
| 10714 | wmem_strbuf_append(ja4_a, "t"); | |||
| 10715 | } else if (proto_is_frame_protocol(pinfo->layers,"quic")) { | |||
| 10716 | wmem_strbuf_append(ja4_a, "q"); | |||
| 10717 | } else if (proto_is_frame_protocol(pinfo->layers,"dtls")) { | |||
| 10718 | wmem_strbuf_append(ja4_a, "d"); | |||
| 10719 | } | |||
| 10720 | wmem_strbuf_append_printf(ja4_a, "%s", val_to_str_const(client_version, ssl_version_ja4_names, "00")); | |||
| 10721 | wmem_strbuf_append_printf(ja4_a, "%s", ja4_data.server_name_present ? "d" : "i"); | |||
| 10722 | if (ja4_data.num_cipher_suites > 99) { | |||
| 10723 | wmem_strbuf_append(ja4_a, "99"); | |||
| 10724 | } else { | |||
| 10725 | wmem_strbuf_append_printf(ja4_a, "%02d", ja4_data.num_cipher_suites); | |||
| 10726 | } | |||
| 10727 | if (ja4_data.num_extensions > 99) { | |||
| 10728 | wmem_strbuf_append(ja4_a, "99"); | |||
| 10729 | } else { | |||
| 10730 | wmem_strbuf_append_printf(ja4_a, "%02d", ja4_data.num_extensions); | |||
| 10731 | } | |||
| 10732 | if (wmem_strbuf_get_len(ja4_data.alpn) > 0 ) { | |||
| 10733 | wmem_strbuf_append_printf(ja4_a, "%s", wmem_strbuf_get_str(ja4_data.alpn)); | |||
| 10734 | } else { | |||
| 10735 | wmem_strbuf_append(ja4_a, "00"); | |||
| 10736 | } | |||
| 10737 | ||||
| 10738 | curr_entry = wmem_list_head(ja4_data.cipher_list); | |||
| 10739 | for (unsigned i = 0; i < wmem_list_count(ja4_data.cipher_list); i++) { | |||
| 10740 | wmem_strbuf_append_printf(ja4_br, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); | |||
| 10741 | if (i < wmem_list_count(ja4_data.cipher_list) - 1) { | |||
| 10742 | wmem_strbuf_append(ja4_br, ","); | |||
| 10743 | } | |||
| 10744 | curr_entry = wmem_list_frame_next(curr_entry); | |||
| 10745 | } | |||
| 10746 | ||||
| 10747 | curr_entry = wmem_list_head(ja4_data.extension_list); | |||
| 10748 | for (unsigned i = 0; i < wmem_list_count(ja4_data.extension_list); i++) { | |||
| 10749 | wmem_strbuf_append_printf(ja4_cr, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); | |||
| 10750 | if (i < wmem_list_count(ja4_data.extension_list) - 1) { | |||
| 10751 | wmem_strbuf_append(ja4_cr, ","); | |||
| 10752 | } | |||
| 10753 | curr_entry = wmem_list_frame_next(curr_entry); | |||
| 10754 | } | |||
| 10755 | ||||
| 10756 | if (wmem_list_count(ja4_data.sighash_list) > 0) { | |||
| 10757 | wmem_strbuf_append(ja4_cr, "_"); | |||
| 10758 | curr_entry = wmem_list_head(ja4_data.sighash_list); | |||
| 10759 | for (unsigned i = 0; i < wmem_list_count(ja4_data.sighash_list); i++) { | |||
| 10760 | wmem_strbuf_append_printf(ja4_cr, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); | |||
| 10761 | if (i < wmem_list_count(ja4_data.sighash_list) - 1) { | |||
| 10762 | wmem_strbuf_append(ja4_cr, ","); | |||
| 10763 | } | |||
| 10764 | curr_entry = wmem_list_frame_next(curr_entry); | |||
| 10765 | } | |||
| 10766 | } | |||
| 10767 | if ( wmem_strbuf_get_len(ja4_br) == 0 ) { | |||
| 10768 | ja4_hash = g_strdup("000000000000")g_strdup_inline ("000000000000"); | |||
| 10769 | } else { | |||
| 10770 | ja4_hash = g_compute_checksum_for_string(G_CHECKSUM_SHA256, wmem_strbuf_get_str(ja4_br),-1); | |||
| 10771 | } | |||
| 10772 | ja4_b = wmem_strndup(pinfo->pool, ja4_hash, 12); | |||
| 10773 | ||||
| 10774 | g_free(ja4_hash); | |||
| 10775 | if ( wmem_strbuf_get_len(ja4_cr) == 0 ) { | |||
| 10776 | ja4_hash = g_strdup("000000000000")g_strdup_inline ("000000000000"); | |||
| 10777 | } else { | |||
| 10778 | ja4_hash = g_compute_checksum_for_string(G_CHECKSUM_SHA256, wmem_strbuf_get_str(ja4_cr),-1); | |||
| 10779 | } | |||
| 10780 | ja4_c = wmem_strndup(pinfo->pool, ja4_hash, 12); | |||
| 10781 | g_free(ja4_hash); | |||
| 10782 | ||||
| 10783 | ja4 = wmem_strdup_printf(pinfo->pool, "%s_%s_%s", wmem_strbuf_get_str(ja4_a), ja4_b, ja4_c); | |||
| 10784 | ja4_r = wmem_strdup_printf(pinfo->pool, "%s_%s_%s", wmem_strbuf_get_str(ja4_a), wmem_strbuf_get_str(ja4_br), wmem_strbuf_get_str(ja4_cr)); | |||
| 10785 | ||||
| 10786 | ti = proto_tree_add_string(tree, hf->hf.hs_ja4, tvb, offset, 0, ja4); | |||
| 10787 | proto_item_set_generated(ti); | |||
| 10788 | ti = proto_tree_add_string(tree, hf->hf.hs_ja4_r, tvb, offset, 0, ja4_r); | |||
| 10789 | proto_item_set_generated(ti); | |||
| 10790 | ||||
| 10791 | ja3_hash = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(ja3), | |||
| 10792 | wmem_strbuf_get_len(ja3)); | |||
| 10793 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3_full, tvb, offset, 0, wmem_strbuf_get_str(ja3)); | |||
| 10794 | proto_item_set_generated(ti); | |||
| 10795 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3_hash, tvb, offset, 0, ja3_hash); | |||
| 10796 | proto_item_set_generated(ti); | |||
| 10797 | g_free(ja3_hash); | |||
| 10798 | return offset; | |||
| 10799 | } | |||
| 10800 | ||||
| 10801 | void | |||
| 10802 | ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 10803 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 10804 | SslSession *session, SslDecryptSession *ssl, | |||
| 10805 | bool_Bool is_dtls, bool_Bool is_hrr) | |||
| 10806 | { | |||
| 10807 | /* struct { | |||
| 10808 | * ProtocolVersion server_version; | |||
| 10809 | * Random random; | |||
| 10810 | * SessionID session_id; // TLS 1.2 and before | |||
| 10811 | * CipherSuite cipher_suite; | |||
| 10812 | * CompressionMethod compression_method; // TLS 1.2 and before | |||
| 10813 | * Extension server_hello_extension_list<0..2^16-1>; | |||
| 10814 | * } ServerHello; | |||
| 10815 | */ | |||
| 10816 | uint8_t draft_version = session->tls13_draft_version; | |||
| 10817 | proto_item *ti; | |||
| 10818 | uint32_t server_version; | |||
| 10819 | uint32_t cipher_suite; | |||
| 10820 | uint32_t initial_offset = offset; | |||
| 10821 | wmem_strbuf_t *ja3 = wmem_strbuf_new(pinfo->pool, ""); | |||
| 10822 | char *ja3_hash; | |||
| 10823 | ||||
| 10824 | col_set_str(pinfo->cinfo, COL_PROTOCOL, | |||
| 10825 | val_to_str_const(session->version, ssl_version_short_names, "SSL")); | |||
| 10826 | ||||
| 10827 | /* Initially assume that the session is resumed. If this is not the case, a | |||
| 10828 | * ServerHelloDone will be observed before the ChangeCipherSpec message | |||
| 10829 | * which will reset this flag. */ | |||
| 10830 | session->is_session_resumed = true1; | |||
| 10831 | ||||
| 10832 | /* show the server version */ | |||
| 10833 | ti = proto_tree_add_item_ret_uint(tree, hf->hf.hs_server_version, tvb, | |||
| 10834 | offset, 2, ENC_BIG_ENDIAN0x00000000, &server_version); | |||
| 10835 | ||||
| 10836 | uint16_t supported_server_version; | |||
| 10837 | if (tls_scan_server_hello(tvb, offset, offset_end, &supported_server_version, NULL((void*)0))) { | |||
| 10838 | expert_add_info(pinfo, ti, &hf->ei.legacy_version); | |||
| 10839 | } | |||
| 10840 | /* | |||
| 10841 | * Is it version 1.3? | |||
| 10842 | * If so, that's an error; TLS and DTLS 1.3 Server Hellos claim | |||
| 10843 | * to be TLS 1.2, and mention 1.3 in an extension. See RFC 8446 | |||
| 10844 | * section 4.1.3 "Server Hello" and RFC 9147 Section 5.4 "Server | |||
| 10845 | * Hello". | |||
| 10846 | */ | |||
| 10847 | if (is_dtls) { | |||
| 10848 | if (server_version == DTLSV1DOT3_VERSION0xfefc) { | |||
| 10849 | /* Don't do that. */ | |||
| 10850 | expert_add_info(pinfo, ti, &hf->ei.server_version_error); | |||
| 10851 | } | |||
| 10852 | } else { | |||
| 10853 | if (server_version == TLSV1DOT3_VERSION0x304) { | |||
| 10854 | /* Don't do that. */ | |||
| 10855 | expert_add_info(pinfo, ti, &hf->ei.server_version_error); | |||
| 10856 | } | |||
| 10857 | } | |||
| 10858 | ||||
| 10859 | offset += 2; | |||
| 10860 | wmem_strbuf_append_printf(ja3, "%i", server_version); | |||
| 10861 | ||||
| 10862 | /* dissect fields that are present in both ClientHello and ServerHello */ | |||
| 10863 | offset = ssl_dissect_hnd_hello_common(hf, tvb, pinfo, tree, offset, session, ssl, true1, is_hrr); | |||
| 10864 | ||||
| 10865 | if (ssl) { | |||
| 10866 | /* store selected cipher suite for decryption */ | |||
| 10867 | ssl_set_cipher(ssl, tvb_get_ntohs(tvb, offset)); | |||
| 10868 | } | |||
| 10869 | ||||
| 10870 | /* now the server-selected cipher suite */ | |||
| 10871 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_cipher_suite, | |||
| 10872 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &cipher_suite); | |||
| 10873 | offset += 2; | |||
| 10874 | wmem_strbuf_append_printf(ja3, ",%i,", cipher_suite); | |||
| 10875 | ||||
| 10876 | /* No compression with TLS 1.3 before draft -22 */ | |||
| 10877 | if (!(session->version == TLSV1DOT3_VERSION0x304 && draft_version > 0 && draft_version < 22)) { | |||
| 10878 | if (ssl) { | |||
| 10879 | /* store selected compression method for decryption */ | |||
| 10880 | ssl->session.compression = tvb_get_uint8(tvb, offset); | |||
| 10881 | } | |||
| 10882 | /* and the server-selected compression method */ | |||
| 10883 | proto_tree_add_item(tree, hf->hf.hs_comp_method, | |||
| 10884 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 10885 | offset++; | |||
| 10886 | } | |||
| 10887 | ||||
| 10888 | /* SSL v3.0 has no extensions, so length field can indeed be missing. */ | |||
| 10889 | if (offset < offset_end) { | |||
| 10890 | offset = ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | |||
| 10891 | offset_end, | |||
| 10892 | is_hrr ? SSL_HND_HELLO_RETRY_REQUEST : SSL_HND_SERVER_HELLO, | |||
| 10893 | session, ssl, is_dtls, ja3, NULL((void*)0), NULL((void*)0), 0, 0); | |||
| 10894 | } | |||
| 10895 | ||||
| 10896 | if (ssl && ssl->ech_transcript.data_len > 0 && (ssl->state & SSL_CIPHER(1<<2)) && ssl->client_random.data_len > 0) { | |||
| 10897 | int hash_algo = ssl_get_digest_by_name(ssl_cipher_suite_dig(ssl->cipher_suite)->name); | |||
| 10898 | if (hash_algo) { | |||
| 10899 | SSL_MDgcry_md_hd_t mc; | |||
| 10900 | unsigned char transcript_hash[DIGEST_MAX_SIZE48]; | |||
| 10901 | unsigned char prk[DIGEST_MAX_SIZE48]; | |||
| 10902 | unsigned char *ech_verify_out = NULL((void*)0); | |||
| 10903 | unsigned int len; | |||
| 10904 | ssl_md_init(&mc, hash_algo); | |||
| 10905 | ssl_md_update(&mc, ssl->ech_transcript.data, ssl->ech_transcript.data_len); | |||
| 10906 | if (is_hrr) { | |||
| 10907 | ssl_md_final(&mc, transcript_hash, &len); | |||
| 10908 | ssl_md_cleanup(&mc); | |||
| 10909 | wmem_free(wmem_file_scope(), ssl->ech_transcript.data); | |||
| 10910 | ssl->ech_transcript.data_len = 4 + len; | |||
| 10911 | ssl->ech_transcript.data = (unsigned char*)wmem_alloc(wmem_file_scope(), 4 + len + 4 + offset_end - initial_offset); | |||
| 10912 | ssl->ech_transcript.data[0] = SSL_HND_MESSAGE_HASH; | |||
| 10913 | ssl->ech_transcript.data[1] = 0; | |||
| 10914 | ssl->ech_transcript.data[2] = 0; | |||
| 10915 | ssl->ech_transcript.data[3] = len; | |||
| 10916 | memcpy(ssl->ech_transcript.data + 4, transcript_hash, len); | |||
| 10917 | ssl_md_init(&mc, hash_algo); | |||
| 10918 | ssl_md_update(&mc, ssl->ech_transcript.data, 4 + len); | |||
| 10919 | } else { | |||
| 10920 | ssl->ech_transcript.data = wmem_realloc(wmem_file_scope(), ssl->ech_transcript.data, | |||
| 10921 | ssl->ech_transcript.data_len + 4 + offset_end - initial_offset); | |||
| 10922 | } | |||
| 10923 | if (initial_offset > 4) { | |||
| 10924 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, initial_offset - 4, | |||
| 10925 | 4 + offset_end - initial_offset); | |||
| 10926 | if (is_hrr) | |||
| 10927 | ssl_md_update(&mc, (unsigned char *)tvb_get_ptr(tvb, initial_offset-4, 38), 38); | |||
| 10928 | else | |||
| 10929 | ssl_md_update(&mc, (unsigned char *)tvb_get_ptr(tvb, initial_offset-4, 30), 30); | |||
| 10930 | } else { | |||
| 10931 | uint8_t prefix[4] = {SSL_HND_SERVER_HELLO, 0x00, 0x00, 0x00}; | |||
| 10932 | prefix[2] = ((offset - initial_offset) >> 8); | |||
| 10933 | prefix[3] = (offset - initial_offset) & 0xff; | |||
| 10934 | memcpy(ssl->ech_transcript.data + ssl->ech_transcript.data_len, prefix, 4); | |||
| 10935 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len + 4, initial_offset, | |||
| 10936 | offset_end - initial_offset); | |||
| 10937 | ssl_md_update(&mc, prefix, 4); | |||
| 10938 | if (is_hrr) | |||
| 10939 | ssl_md_update(&mc, (unsigned char *)tvb_get_ptr(tvb, initial_offset, 34), 34); | |||
| 10940 | else | |||
| 10941 | ssl_md_update(&mc, (unsigned char *)tvb_get_ptr(tvb, initial_offset, 26), 26); | |||
| 10942 | } | |||
| 10943 | ssl->ech_transcript.data_len += 4 + offset_end - initial_offset; | |||
| 10944 | uint8_t zeros[8] = { 0 }; | |||
| 10945 | uint32_t confirmation_offset = initial_offset + 26; | |||
| 10946 | if (is_hrr) { | |||
| 10947 | uint32_t hrr_offset = initial_offset + 34; | |||
| 10948 | ssl_md_update(&mc, (unsigned char *)tvb_get_ptr(tvb, hrr_offset, | |||
| 10949 | tvb_get_uint8(tvb, hrr_offset) + 1), tvb_get_uint8(tvb, hrr_offset) + 1); | |||
| 10950 | hrr_offset += tvb_get_uint8(tvb, hrr_offset) + 1; | |||
| 10951 | ssl_md_update(&mc, (unsigned char *)tvb_get_ptr(tvb, hrr_offset, 3), 3); | |||
| 10952 | hrr_offset += 3; | |||
| 10953 | uint16_t extensions_end = hrr_offset + tvb_get_ntohs(tvb, hrr_offset) + 2; | |||
| 10954 | ssl_md_update(&mc, (unsigned char *)tvb_get_ptr(tvb, hrr_offset, 2), 2); | |||
| 10955 | hrr_offset += 2; | |||
| 10956 | while (extensions_end - hrr_offset >= 4) { | |||
| 10957 | if (tvb_get_ntohs(tvb, hrr_offset) == SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037 && | |||
| 10958 | tvb_get_ntohs(tvb, hrr_offset + 2) == 8) { | |||
| 10959 | confirmation_offset = hrr_offset + 4; | |||
| 10960 | ssl_md_update(&mc, (unsigned char *)tvb_get_ptr(tvb, hrr_offset, 4), 4); | |||
| 10961 | ssl_md_update(&mc, zeros, 8); | |||
| 10962 | hrr_offset += 12; | |||
| 10963 | } else { | |||
| 10964 | ssl_md_update(&mc, (unsigned char *)tvb_get_ptr(tvb, hrr_offset, tvb_get_ntohs(tvb, hrr_offset + 2) + 4), | |||
| 10965 | tvb_get_ntohs(tvb, hrr_offset + 2) + 4); | |||
| 10966 | hrr_offset += tvb_get_ntohs(tvb, hrr_offset + 2) + 4; | |||
| 10967 | } | |||
| 10968 | } | |||
| 10969 | } else { | |||
| 10970 | ssl_md_update(&mc, zeros, 8); | |||
| 10971 | ssl_md_update(&mc, (unsigned char *)tvb_get_ptr(tvb, initial_offset + 34, offset - initial_offset - 34), | |||
| 10972 | offset - initial_offset - 34); | |||
| 10973 | } | |||
| 10974 | ssl_md_final(&mc, transcript_hash, &len); | |||
| 10975 | ssl_md_cleanup(&mc); | |||
| 10976 | hkdf_extract(hash_algo, NULL((void*)0), 0, ssl->client_random.data, 32, prk); | |||
| 10977 | StringInfo prk_string = {prk, len}; | |||
| 10978 | tls13_hkdf_expand_label_context(hash_algo, &prk_string, tls13_hkdf_label_prefix(ssl), | |||
| 10979 | is_hrr ? "hrr ech accept confirmation" : "ech accept confirmation", | |||
| 10980 | transcript_hash, len, 8, &ech_verify_out); | |||
| 10981 | memcpy(is_hrr ? ssl->session.hrr_ech_confirmation : ssl->session.ech_confirmation, ech_verify_out, 8); | |||
| 10982 | if (tvb_memeql(tvb, confirmation_offset, ech_verify_out, 8) == -1) { | |||
| 10983 | if (is_hrr) { | |||
| 10984 | ssl->session.hrr_ech_declined = true1; | |||
| 10985 | ssl->session.first_ch_ech_frame = 0; | |||
| 10986 | } | |||
| 10987 | memcpy(ssl->client_random.data, ssl->session.client_random.data, ssl->session.client_random.data_len); | |||
| 10988 | ssl_print_data("Updated Client Random", ssl->client_random.data, 32); | |||
| 10989 | } | |||
| 10990 | wmem_free(NULL((void*)0), ech_verify_out); | |||
| 10991 | ssl->session.ech = true1; | |||
| 10992 | } | |||
| 10993 | } | |||
| 10994 | ||||
| 10995 | ja3_hash = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(ja3), | |||
| 10996 | wmem_strbuf_get_len(ja3)); | |||
| 10997 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3s_full, tvb, offset, 0, wmem_strbuf_get_str(ja3)); | |||
| 10998 | proto_item_set_generated(ti); | |||
| 10999 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3s_hash, tvb, offset, 0, ja3_hash); | |||
| 11000 | proto_item_set_generated(ti); | |||
| 11001 | g_free(ja3_hash); | |||
| 11002 | } | |||
| 11003 | /* Client Hello and Server Hello dissections. }}} */ | |||
| 11004 | ||||
| 11005 | /* New Session Ticket dissection. {{{ */ | |||
| 11006 | void | |||
| 11007 | ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 11008 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 11009 | SslSession *session, SslDecryptSession *ssl, | |||
| 11010 | bool_Bool is_dtls, GHashTable *session_hash) | |||
| 11011 | { | |||
| 11012 | /* https://tools.ietf.org/html/rfc5077#section-3.3 (TLS >= 1.0): | |||
| 11013 | * struct { | |||
| 11014 | * uint32 ticket_lifetime_hint; | |||
| 11015 | * opaque ticket<0..2^16-1>; | |||
| 11016 | * } NewSessionTicket; | |||
| 11017 | * | |||
| 11018 | * RFC 8446 Section 4.6.1 (TLS 1.3): | |||
| 11019 | * struct { | |||
| 11020 | * uint32 ticket_lifetime; | |||
| 11021 | * uint32 ticket_age_add; | |||
| 11022 | * opaque ticket_nonce<0..255>; // new in draft -21, updated in -22 | |||
| 11023 | * opaque ticket<1..2^16-1>; | |||
| 11024 | * Extension extensions<0..2^16-2>; | |||
| 11025 | * } NewSessionTicket; | |||
| 11026 | */ | |||
| 11027 | proto_tree *subtree; | |||
| 11028 | proto_item *subitem; | |||
| 11029 | uint32_t ticket_len; | |||
| 11030 | bool_Bool is_tls13 = session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc; | |||
| 11031 | unsigned char draft_version = session->tls13_draft_version; | |||
| 11032 | uint32_t lifetime_hint; | |||
| 11033 | ||||
| 11034 | subtree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
| 11035 | hf->ett.session_ticket, NULL((void*)0), | |||
| 11036 | "TLS Session Ticket"); | |||
| 11037 | ||||
| 11038 | /* ticket lifetime hint */ | |||
| 11039 | subitem = proto_tree_add_item_ret_uint(subtree, hf->hf.hs_session_ticket_lifetime_hint, | |||
| 11040 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &lifetime_hint); | |||
| 11041 | offset += 4; | |||
| 11042 | ||||
| 11043 | if (lifetime_hint >= 60) { | |||
| 11044 | char *time_str = unsigned_time_secs_to_str(pinfo->pool, lifetime_hint); | |||
| 11045 | proto_item_append_text(subitem, " (%s)", time_str); | |||
| 11046 | } | |||
| 11047 | ||||
| 11048 | if (is_tls13) { | |||
| 11049 | ||||
| 11050 | /* for TLS 1.3: ticket_age_add */ | |||
| 11051 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket_age_add, | |||
| 11052 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
| 11053 | offset += 4; | |||
| 11054 | ||||
| 11055 | /* for TLS 1.3: ticket_nonce (coming with Draft 21)*/ | |||
| 11056 | if (draft_version == 0 || draft_version >= 21) { | |||
| 11057 | uint32_t ticket_nonce_len; | |||
| 11058 | ||||
| 11059 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &ticket_nonce_len, | |||
| 11060 | hf->hf.hs_session_ticket_nonce_len, 0, 255)) { | |||
| 11061 | return; | |||
| 11062 | } | |||
| 11063 | offset++; | |||
| 11064 | ||||
| 11065 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket_nonce, tvb, offset, ticket_nonce_len, ENC_NA0x00000000); | |||
| 11066 | offset += ticket_nonce_len; | |||
| 11067 | } | |||
| 11068 | ||||
| 11069 | } | |||
| 11070 | ||||
| 11071 | /* opaque ticket<0..2^16-1> (with TLS 1.3 the minimum is 1) */ | |||
| 11072 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &ticket_len, | |||
| 11073 | hf->hf.hs_session_ticket_len, is_tls13 ? 1 : 0, UINT16_MAX(65535))) { | |||
| 11074 | return; | |||
| 11075 | } | |||
| 11076 | offset += 2; | |||
| 11077 | ||||
| 11078 | /* Content depends on implementation, so just show data! */ | |||
| 11079 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket, | |||
| 11080 | tvb, offset, ticket_len, ENC_NA0x00000000); | |||
| 11081 | /* save the session ticket to cache for ssl_finalize_decryption */ | |||
| 11082 | if (ssl && !is_tls13) { | |||
| 11083 | tvb_ensure_bytes_exist(tvb, offset, ticket_len); | |||
| 11084 | ssl->session_ticket.data = (unsigned char*)wmem_realloc(wmem_file_scope(), | |||
| 11085 | ssl->session_ticket.data, ticket_len); | |||
| 11086 | ssl->session_ticket.data_len = ticket_len; | |||
| 11087 | tvb_memcpy(tvb, ssl->session_ticket.data, offset, ticket_len); | |||
| 11088 | /* NewSessionTicket is received after the first (client) | |||
| 11089 | * ChangeCipherSpec, and before the second (server) ChangeCipherSpec. | |||
| 11090 | * Since the second CCS has already the session key available it will | |||
| 11091 | * just return. To ensure that the session ticket is mapped to a | |||
| 11092 | * master key (from the first CCS), save the ticket here too. */ | |||
| 11093 | ssl_save_master_key("Session Ticket", session_hash, | |||
| 11094 | &ssl->session_ticket, &ssl->master_secret); | |||
| 11095 | ssl->state |= SSL_NEW_SESSION_TICKET(1<<10); | |||
| 11096 | } | |||
| 11097 | offset += ticket_len; | |||
| 11098 | ||||
| 11099 | if (is_tls13) { | |||
| 11100 | ssl_dissect_hnd_extension(hf, tvb, subtree, pinfo, offset, | |||
| 11101 | offset_end, SSL_HND_NEWSESSION_TICKET, | |||
| 11102 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | |||
| 11103 | } | |||
| 11104 | } /* }}} */ | |||
| 11105 | ||||
| 11106 | void | |||
| 11107 | ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 11108 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 11109 | SslSession *session, SslDecryptSession *ssl, | |||
| 11110 | bool_Bool is_dtls) | |||
| 11111 | { | |||
| 11112 | /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.1.4 | |||
| 11113 | * struct { | |||
| 11114 | * ProtocolVersion server_version; | |||
| 11115 | * CipherSuite cipher_suite; // not before draft -19 | |||
| 11116 | * Extension extensions<2..2^16-1>; | |||
| 11117 | * } HelloRetryRequest; | |||
| 11118 | * Note: no longer used since draft -22 | |||
| 11119 | */ | |||
| 11120 | uint32_t version; | |||
| 11121 | uint8_t draft_version; | |||
| 11122 | ||||
| 11123 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_server_version, tvb, | |||
| 11124 | offset, 2, ENC_BIG_ENDIAN0x00000000, &version); | |||
| 11125 | draft_version = extract_tls13_draft_version(version); | |||
| 11126 | offset += 2; | |||
| 11127 | ||||
| 11128 | if (draft_version == 0 || draft_version >= 19) { | |||
| 11129 | proto_tree_add_item(tree, hf->hf.hs_cipher_suite, | |||
| 11130 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 11131 | offset += 2; | |||
| 11132 | } | |||
| 11133 | ||||
| 11134 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | |||
| 11135 | offset_end, SSL_HND_HELLO_RETRY_REQUEST, | |||
| 11136 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | |||
| 11137 | } | |||
| 11138 | ||||
| 11139 | void | |||
| 11140 | ssl_dissect_hnd_encrypted_extensions(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 11141 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 11142 | SslSession *session, SslDecryptSession *ssl, | |||
| 11143 | bool_Bool is_dtls) | |||
| 11144 | { | |||
| 11145 | /* RFC 8446 Section 4.3.1 | |||
| 11146 | * struct { | |||
| 11147 | * Extension extensions<0..2^16-1>; | |||
| 11148 | * } EncryptedExtensions; | |||
| 11149 | */ | |||
| 11150 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | |||
| 11151 | offset_end, SSL_HND_ENCRYPTED_EXTENSIONS, | |||
| 11152 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | |||
| 11153 | } | |||
| 11154 | ||||
| 11155 | /* Certificate and Certificate Request dissections. {{{ */ | |||
| 11156 | void | |||
| 11157 | ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | |||
| 11158 | uint32_t offset, uint32_t offset_end, packet_info *pinfo, | |||
| 11159 | SslSession *session, SslDecryptSession *ssl _U___attribute__((unused)), | |||
| 11160 | bool_Bool is_from_server, bool_Bool is_dtls) | |||
| 11161 | { | |||
| 11162 | /* opaque ASN.1Cert<1..2^24-1>; | |||
| 11163 | * | |||
| 11164 | * Before RFC 8446 (TLS <= 1.2): | |||
| 11165 | * struct { | |||
| 11166 | * select(certificate_type) { | |||
| 11167 | * | |||
| 11168 | * // certificate type defined in RFC 7250 | |||
| 11169 | * case RawPublicKey: | |||
| 11170 | * opaque ASN.1_subjectPublicKeyInfo<1..2^24-1>; | |||
| 11171 | * | |||
| 11172 | * // X.509 certificate defined in RFC 5246 | |||
| 11173 | * case X.509: | |||
| 11174 | * ASN.1Cert certificate_list<0..2^24-1>; | |||
| 11175 | * }; | |||
| 11176 | * } Certificate; | |||
| 11177 | * | |||
| 11178 | * RFC 8446 (since draft -20): | |||
| 11179 | * struct { | |||
| 11180 | * select(certificate_type){ | |||
| 11181 | * case RawPublicKey: | |||
| 11182 | * // From RFC 7250 ASN.1_subjectPublicKeyInfo | |||
| 11183 | * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; | |||
| 11184 | * | |||
| 11185 | * case X.509: | |||
| 11186 | * opaque cert_data<1..2^24-1>; | |||
| 11187 | * } | |||
| 11188 | * Extension extensions<0..2^16-1>; | |||
| 11189 | * } CertificateEntry; | |||
| 11190 | * struct { | |||
| 11191 | * opaque certificate_request_context<0..2^8-1>; | |||
| 11192 | * CertificateEntry certificate_list<0..2^24-1>; | |||
| 11193 | * } Certificate; | |||
| 11194 | */ | |||
| 11195 | enum { CERT_X509, CERT_RPK } cert_type; | |||
| 11196 | asn1_ctx_t asn1_ctx; | |||
| 11197 | #if defined(HAVE_LIBGNUTLS1) | |||
| 11198 | gnutls_datum_t subjectPublicKeyInfo = { NULL((void*)0), 0 }; | |||
| 11199 | unsigned certificate_index = 0; | |||
| 11200 | #endif | |||
| 11201 | uint32_t next_offset, certificate_list_length, cert_length; | |||
| 11202 | proto_tree *subtree = tree; | |||
| 11203 | ||||
| 11204 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
| 11205 | ||||
| 11206 | if ((is_from_server && session->server_cert_type == SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2) || | |||
| 11207 | (!is_from_server && session->client_cert_type == SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2)) { | |||
| 11208 | cert_type = CERT_RPK; | |||
| 11209 | } else { | |||
| 11210 | cert_type = CERT_X509; | |||
| 11211 | } | |||
| 11212 | ||||
| 11213 | #if defined(HAVE_LIBGNUTLS1) | |||
| 11214 | /* Ask the pkcs1 dissector to return the public key details */ | |||
| 11215 | if (ssl) | |||
| 11216 | asn1_ctx.private_data = &subjectPublicKeyInfo; | |||
| 11217 | #endif | |||
| 11218 | ||||
| 11219 | /* TLS 1.3: opaque certificate_request_context<0..2^8-1> */ | |||
| 11220 | if (session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc) { | |||
| 11221 | uint32_t context_length; | |||
| 11222 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &context_length, | |||
| 11223 | hf->hf.hs_certificate_request_context_length, 0, UINT8_MAX(255))) { | |||
| 11224 | return; | |||
| 11225 | } | |||
| 11226 | offset++; | |||
| 11227 | if (context_length > 0) { | |||
| 11228 | proto_tree_add_item(tree, hf->hf.hs_certificate_request_context, | |||
| 11229 | tvb, offset, context_length, ENC_NA0x00000000); | |||
| 11230 | offset += context_length; | |||
| 11231 | } | |||
| 11232 | } | |||
| 11233 | ||||
| 11234 | if ((session->version != TLSV1DOT3_VERSION0x304 && session->version != DTLSV1DOT3_VERSION0xfefc) && cert_type == CERT_RPK) { | |||
| 11235 | /* For RPK before TLS 1.3, the single RPK is stored directly without | |||
| 11236 | * another "certificate_list" field. */ | |||
| 11237 | certificate_list_length = offset_end - offset; | |||
| 11238 | next_offset = offset_end; | |||
| 11239 | } else { | |||
| 11240 | /* CertificateEntry certificate_list<0..2^24-1> */ | |||
| 11241 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &certificate_list_length, | |||
| 11242 | hf->hf.hs_certificates_len, 0, G_MAXUINT24((1U << 24) - 1))) { | |||
| 11243 | return; | |||
| 11244 | } | |||
| 11245 | offset += 3; /* 24-bit length value */ | |||
| 11246 | next_offset = offset + certificate_list_length; | |||
| 11247 | } | |||
| 11248 | ||||
| 11249 | /* RawPublicKey must have one cert, but X.509 can have multiple. */ | |||
| 11250 | if (certificate_list_length > 0 && cert_type == CERT_X509) { | |||
| 11251 | proto_item *ti; | |||
| 11252 | ||||
| 11253 | ti = proto_tree_add_none_format(tree, | |||
| 11254 | hf->hf.hs_certificates, | |||
| 11255 | tvb, offset, certificate_list_length, | |||
| 11256 | "Certificates (%u bytes)", | |||
| 11257 | certificate_list_length); | |||
| 11258 | ||||
| 11259 | /* make it a subtree */ | |||
| 11260 | subtree = proto_item_add_subtree(ti, hf->ett.certificates); | |||
| 11261 | } | |||
| 11262 | ||||
| 11263 | while (offset < next_offset) { | |||
| 11264 | switch (cert_type) { | |||
| 11265 | case CERT_RPK: | |||
| 11266 | /* TODO add expert info if there is more than one RPK entry (certificate_index > 0) */ | |||
| 11267 | /* opaque ASN.1_subjectPublicKeyInfo<1..2^24-1> */ | |||
| 11268 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &cert_length, | |||
| 11269 | hf->hf.hs_certificate_len, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
| 11270 | return; | |||
| 11271 | } | |||
| 11272 | offset += 3; | |||
| 11273 | ||||
| 11274 | dissect_x509af_SubjectPublicKeyInfo(false0, tvb, offset, &asn1_ctx, subtree, hf->hf.hs_certificate); | |||
| 11275 | offset += cert_length; | |||
| 11276 | break; | |||
| 11277 | case CERT_X509: | |||
| 11278 | /* opaque ASN1Cert<1..2^24-1> */ | |||
| 11279 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &cert_length, | |||
| 11280 | hf->hf.hs_certificate_len, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
| 11281 | return; | |||
| 11282 | } | |||
| 11283 | offset += 3; | |||
| 11284 | ||||
| 11285 | dissect_x509af_Certificate(false0, tvb, offset, &asn1_ctx, subtree, hf->hf.hs_certificate); | |||
| 11286 | #if defined(HAVE_LIBGNUTLS1) | |||
| 11287 | if (is_from_server && ssl && certificate_index == 0) { | |||
| 11288 | ssl_find_private_key_by_pubkey(ssl, &subjectPublicKeyInfo); | |||
| 11289 | /* Only attempt to get the RSA modulus for the first cert. */ | |||
| 11290 | asn1_ctx.private_data = NULL((void*)0); | |||
| 11291 | } | |||
| 11292 | #endif | |||
| 11293 | offset += cert_length; | |||
| 11294 | break; | |||
| 11295 | } | |||
| 11296 | ||||
| 11297 | /* TLS 1.3: Extension extensions<0..2^16-1> */ | |||
| 11298 | if ((session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc)) { | |||
| 11299 | offset = ssl_dissect_hnd_extension(hf, tvb, subtree, pinfo, offset, | |||
| 11300 | next_offset, SSL_HND_CERTIFICATE, | |||
| 11301 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | |||
| 11302 | } | |||
| 11303 | ||||
| 11304 | #if defined(HAVE_LIBGNUTLS1) | |||
| 11305 | certificate_index++; | |||
| 11306 | #endif | |||
| 11307 | } | |||
| 11308 | } | |||
| 11309 | ||||
| 11310 | void | |||
| 11311 | ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 11312 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 11313 | SslSession *session, bool_Bool is_dtls) | |||
| 11314 | { | |||
| 11315 | /* From SSL 3.0 and up (note that since TLS 1.1 certificate_authorities can be empty): | |||
| 11316 | * enum { | |||
| 11317 | * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), | |||
| 11318 | * (255) | |||
| 11319 | * } ClientCertificateType; | |||
| 11320 | * | |||
| 11321 | * opaque DistinguishedName<1..2^16-1>; | |||
| 11322 | * | |||
| 11323 | * struct { | |||
| 11324 | * ClientCertificateType certificate_types<1..2^8-1>; | |||
| 11325 | * DistinguishedName certificate_authorities<3..2^16-1>; | |||
| 11326 | * } CertificateRequest; | |||
| 11327 | * | |||
| 11328 | * | |||
| 11329 | * As per TLSv1.2 (RFC 5246) the format has changed to: | |||
| 11330 | * | |||
| 11331 | * enum { | |||
| 11332 | * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), | |||
| 11333 | * rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6), | |||
| 11334 | * fortezza_dms_RESERVED(20), (255) | |||
| 11335 | * } ClientCertificateType; | |||
| 11336 | * | |||
| 11337 | * enum { | |||
| 11338 | * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), | |||
| 11339 | * sha512(6), (255) | |||
| 11340 | * } HashAlgorithm; | |||
| 11341 | * | |||
| 11342 | * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } | |||
| 11343 | * SignatureAlgorithm; | |||
| 11344 | * | |||
| 11345 | * struct { | |||
| 11346 | * HashAlgorithm hash; | |||
| 11347 | * SignatureAlgorithm signature; | |||
| 11348 | * } SignatureAndHashAlgorithm; | |||
| 11349 | * | |||
| 11350 | * SignatureAndHashAlgorithm | |||
| 11351 | * supported_signature_algorithms<2..2^16-2>; | |||
| 11352 | * | |||
| 11353 | * opaque DistinguishedName<1..2^16-1>; | |||
| 11354 | * | |||
| 11355 | * struct { | |||
| 11356 | * ClientCertificateType certificate_types<1..2^8-1>; | |||
| 11357 | * SignatureAndHashAlgorithm supported_signature_algorithms<2^16-1>; | |||
| 11358 | * DistinguishedName certificate_authorities<0..2^16-1>; | |||
| 11359 | * } CertificateRequest; | |||
| 11360 | * | |||
| 11361 | * draft-ietf-tls-tls13-18: | |||
| 11362 | * struct { | |||
| 11363 | * opaque certificate_request_context<0..2^8-1>; | |||
| 11364 | * SignatureScheme | |||
| 11365 | * supported_signature_algorithms<2..2^16-2>; | |||
| 11366 | * DistinguishedName certificate_authorities<0..2^16-1>; | |||
| 11367 | * CertificateExtension certificate_extensions<0..2^16-1>; | |||
| 11368 | * } CertificateRequest; | |||
| 11369 | * | |||
| 11370 | * RFC 8446 (since draft-ietf-tls-tls13-19): | |||
| 11371 | * | |||
| 11372 | * struct { | |||
| 11373 | * opaque certificate_request_context<0..2^8-1>; | |||
| 11374 | * Extension extensions<2..2^16-1>; | |||
| 11375 | * } CertificateRequest; | |||
| 11376 | */ | |||
| 11377 | proto_item *ti; | |||
| 11378 | proto_tree *subtree; | |||
| 11379 | uint32_t next_offset; | |||
| 11380 | asn1_ctx_t asn1_ctx; | |||
| 11381 | bool_Bool is_tls13 = (session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc); | |||
| 11382 | unsigned char draft_version = session->tls13_draft_version; | |||
| 11383 | ||||
| 11384 | if (!tree) | |||
| 11385 | return; | |||
| 11386 | ||||
| 11387 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
| 11388 | ||||
| 11389 | if (is_tls13) { | |||
| 11390 | uint32_t context_length; | |||
| 11391 | /* opaque certificate_request_context<0..2^8-1> */ | |||
| 11392 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &context_length, | |||
| 11393 | hf->hf.hs_certificate_request_context_length, 0, UINT8_MAX(255))) { | |||
| 11394 | return; | |||
| 11395 | } | |||
| 11396 | offset++; | |||
| 11397 | if (context_length > 0) { | |||
| 11398 | proto_tree_add_item(tree, hf->hf.hs_certificate_request_context, | |||
| 11399 | tvb, offset, context_length, ENC_NA0x00000000); | |||
| 11400 | offset += context_length; | |||
| 11401 | } | |||
| 11402 | } else { | |||
| 11403 | uint32_t cert_types_count; | |||
| 11404 | /* ClientCertificateType certificate_types<1..2^8-1> */ | |||
| 11405 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cert_types_count, | |||
| 11406 | hf->hf.hs_cert_types_count, 1, UINT8_MAX(255))) { | |||
| 11407 | return; | |||
| 11408 | } | |||
| 11409 | offset++; | |||
| 11410 | next_offset = offset + cert_types_count; | |||
| 11411 | ||||
| 11412 | ti = proto_tree_add_none_format(tree, | |||
| 11413 | hf->hf.hs_cert_types, | |||
| 11414 | tvb, offset, cert_types_count, | |||
| 11415 | "Certificate types (%u type%s)", | |||
| 11416 | cert_types_count, | |||
| 11417 | plurality(cert_types_count, "", "s")((cert_types_count) == 1 ? ("") : ("s"))); | |||
| 11418 | subtree = proto_item_add_subtree(ti, hf->ett.cert_types); | |||
| 11419 | ||||
| 11420 | while (offset < next_offset) { | |||
| 11421 | proto_tree_add_item(subtree, hf->hf.hs_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 11422 | offset++; | |||
| 11423 | } | |||
| 11424 | } | |||
| 11425 | ||||
| 11426 | if (session->version == TLSV1DOT2_VERSION0x303 || session->version == DTLSV1DOT2_VERSION0xfefd || | |||
| 11427 | (is_tls13 && (draft_version > 0 && draft_version < 19))) { | |||
| 11428 | offset = ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, NULL((void*)0)); | |||
| 11429 | } | |||
| 11430 | ||||
| 11431 | if (is_tls13 && (draft_version == 0 || draft_version >= 19)) { | |||
| 11432 | /* | |||
| 11433 | * TLS 1.3 draft 19 and newer: Extensions. | |||
| 11434 | * SslDecryptSession pointer is NULL because Certificate Extensions | |||
| 11435 | * should not influence decryption state. | |||
| 11436 | */ | |||
| 11437 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | |||
| 11438 | offset_end, SSL_HND_CERT_REQUEST, | |||
| 11439 | session, NULL((void*)0), is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | |||
| 11440 | } else if (is_tls13 && draft_version <= 18) { | |||
| 11441 | /* | |||
| 11442 | * TLS 1.3 draft 18 and older: certificate_authorities and | |||
| 11443 | * certificate_extensions (a vector of OID mappings). | |||
| 11444 | */ | |||
| 11445 | offset = tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); | |||
| 11446 | ssl_dissect_hnd_hello_ext_oid_filters(hf, tvb, pinfo, tree, offset, offset_end); | |||
| 11447 | } else { | |||
| 11448 | /* for TLS 1.2 and older, the certificate_authorities field. */ | |||
| 11449 | tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); | |||
| 11450 | } | |||
| 11451 | } | |||
| 11452 | /* Certificate and Certificate Request dissections. }}} */ | |||
| 11453 | ||||
| 11454 | void | |||
| 11455 | ssl_dissect_hnd_cli_cert_verify(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 11456 | proto_tree *tree, uint32_t offset, uint32_t offset_end, uint16_t version) | |||
| 11457 | { | |||
| 11458 | ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, | |||
| 11459 | hf->hf.hs_client_cert_vrfy_sig_len, | |||
| 11460 | hf->hf.hs_client_cert_vrfy_sig); | |||
| 11461 | } | |||
| 11462 | ||||
| 11463 | /* Finished dissection. {{{ */ | |||
| 11464 | void | |||
| 11465 | ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 11466 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 11467 | const SslSession *session, ssl_hfs_t *ssl_hfs) | |||
| 11468 | { | |||
| 11469 | /* For SSLv3: | |||
| 11470 | * struct { | |||
| 11471 | * opaque md5_hash[16]; | |||
| 11472 | * opaque sha_hash[20]; | |||
| 11473 | * } Finished; | |||
| 11474 | * | |||
| 11475 | * For (D)TLS: | |||
| 11476 | * struct { | |||
| 11477 | * opaque verify_data[12]; | |||
| 11478 | * } Finished; | |||
| 11479 | * | |||
| 11480 | * For TLS 1.3: | |||
| 11481 | * struct { | |||
| 11482 | * opaque verify_data[Hash.length]; | |||
| 11483 | * } | |||
| 11484 | */ | |||
| 11485 | if (!tree) | |||
| 11486 | return; | |||
| 11487 | ||||
| 11488 | if (session->version == SSLV3_VERSION0x300) { | |||
| 11489 | if (ssl_hfs != NULL((void*)0)) { | |||
| 11490 | proto_tree_add_item(tree, ssl_hfs->hs_md5_hash, | |||
| 11491 | tvb, offset, 16, ENC_NA0x00000000); | |||
| 11492 | proto_tree_add_item(tree, ssl_hfs->hs_sha_hash, | |||
| 11493 | tvb, offset + 16, 20, ENC_NA0x00000000); | |||
| 11494 | } | |||
| 11495 | } else { | |||
| 11496 | /* Length should be 12 for TLS before 1.3, assume this is the case. */ | |||
| 11497 | proto_tree_add_item(tree, hf->hf.hs_finished, | |||
| 11498 | tvb, offset, offset_end - offset, ENC_NA0x00000000); | |||
| 11499 | } | |||
| 11500 | } /* }}} */ | |||
| 11501 | ||||
| 11502 | /* RFC 6066 Certificate URL handshake message dissection. {{{ */ | |||
| 11503 | void | |||
| 11504 | ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset) | |||
| 11505 | { | |||
| 11506 | uint16_t url_hash_len; | |||
| 11507 | ||||
| 11508 | /* enum { | |||
| 11509 | * individual_certs(0), pkipath(1), (255) | |||
| 11510 | * } CertChainType; | |||
| 11511 | * | |||
| 11512 | * struct { | |||
| 11513 | * CertChainType type; | |||
| 11514 | * URLAndHash url_and_hash_list<1..2^16-1>; | |||
| 11515 | * } CertificateURL; | |||
| 11516 | * | |||
| 11517 | * struct { | |||
| 11518 | * opaque url<1..2^16-1>; | |||
| 11519 | * unint8 padding; | |||
| 11520 | * opaque SHA1Hash[20]; | |||
| 11521 | * } URLAndHash; | |||
| 11522 | */ | |||
| 11523 | ||||
| 11524 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_type, | |||
| 11525 | tvb, offset, 1, ENC_NA0x00000000); | |||
| 11526 | offset++; | |||
| 11527 | ||||
| 11528 | url_hash_len = tvb_get_ntohs(tvb, offset); | |||
| 11529 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_url_hash_list_len, | |||
| 11530 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 11531 | offset += 2; | |||
| 11532 | while (url_hash_len-- > 0) { | |||
| 11533 | proto_item *urlhash_item; | |||
| 11534 | proto_tree *urlhash_tree; | |||
| 11535 | uint16_t url_len; | |||
| 11536 | ||||
| 11537 | urlhash_item = proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_item, | |||
| 11538 | tvb, offset, -1, ENC_NA0x00000000); | |||
| 11539 | urlhash_tree = proto_item_add_subtree(urlhash_item, hf->ett.urlhash); | |||
| 11540 | ||||
| 11541 | url_len = tvb_get_ntohs(tvb, offset); | |||
| 11542 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_url_len, | |||
| 11543 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 11544 | offset += 2; | |||
| 11545 | ||||
| 11546 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_url, | |||
| 11547 | tvb, offset, url_len, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
| 11548 | offset += url_len; | |||
| 11549 | ||||
| 11550 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_padding, | |||
| 11551 | tvb, offset, 1, ENC_NA0x00000000); | |||
| 11552 | offset++; | |||
| 11553 | /* Note: RFC 6066 says that padding must be 0x01 */ | |||
| 11554 | ||||
| 11555 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_sha1, | |||
| 11556 | tvb, offset, 20, ENC_NA0x00000000); | |||
| 11557 | offset += 20; | |||
| 11558 | } | |||
| 11559 | } /* }}} */ | |||
| 11560 | ||||
| 11561 | void | |||
| 11562 | ssl_dissect_hnd_compress_certificate(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | |||
| 11563 | uint32_t offset, uint32_t offset_end, packet_info *pinfo, | |||
| 11564 | SslSession *session, SslDecryptSession *ssl, | |||
| 11565 | bool_Bool is_from_server, bool_Bool is_dtls) | |||
| 11566 | { | |||
| 11567 | uint32_t algorithm, uncompressed_length; | |||
| 11568 | uint32_t compressed_certificate_message_length; | |||
| 11569 | tvbuff_t *uncompressed_tvb = NULL((void*)0); | |||
| 11570 | proto_item *ti; | |||
| 11571 | /* | |||
| 11572 | * enum { | |||
| 11573 | * zlib(1), | |||
| 11574 | * brotli(2), | |||
| 11575 | * zstd(3), | |||
| 11576 | * (65535) | |||
| 11577 | * } CertificateCompressionAlgorithm; | |||
| 11578 | * | |||
| 11579 | * struct { | |||
| 11580 | * CertificateCompressionAlgorithm algorithm; | |||
| 11581 | * uint24 uncompressed_length; | |||
| 11582 | * opaque compressed_certificate_message<1..2^24-1>; | |||
| 11583 | * } CompressedCertificate; | |||
| 11584 | */ | |||
| 11585 | ||||
| 11586 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_compress_certificate_algorithm, | |||
| 11587 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &algorithm); | |||
| 11588 | offset += 2; | |||
| 11589 | ||||
| 11590 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_compress_certificate_uncompressed_length, | |||
| 11591 | tvb, offset, 3, ENC_BIG_ENDIAN0x00000000, &uncompressed_length); | |||
| 11592 | offset += 3; | |||
| 11593 | ||||
| 11594 | /* opaque compressed_certificate_message<1..2^24-1>; */ | |||
| 11595 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compressed_certificate_message_length, | |||
| 11596 | hf->hf.hs_ext_compress_certificate_compressed_certificate_message_length, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
| 11597 | return; | |||
| 11598 | } | |||
| 11599 | offset += 3; | |||
| 11600 | ||||
| 11601 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_compress_certificate_compressed_certificate_message, | |||
| 11602 | tvb, offset, compressed_certificate_message_length, ENC_NA0x00000000); | |||
| 11603 | ||||
| 11604 | /* Certificate decompression following algorithm */ | |||
| 11605 | switch (algorithm) { | |||
| 11606 | case 1: /* zlib */ | |||
| 11607 | uncompressed_tvb = tvb_child_uncompress_zlib(tvb, tvb, offset, compressed_certificate_message_length); | |||
| 11608 | break; | |||
| 11609 | case 2: /* brotli */ | |||
| 11610 | uncompressed_tvb = tvb_child_uncompress_brotli(tvb, tvb, offset, compressed_certificate_message_length); | |||
| 11611 | break; | |||
| 11612 | case 3: /* zstd */ | |||
| 11613 | uncompressed_tvb = tvb_child_uncompress_zstd(tvb, tvb, offset, compressed_certificate_message_length); | |||
| 11614 | break; | |||
| 11615 | } | |||
| 11616 | ||||
| 11617 | if (uncompressed_tvb) { | |||
| 11618 | proto_tree *uncompressed_tree; | |||
| 11619 | ||||
| 11620 | if (uncompressed_length != tvb_captured_length(uncompressed_tvb)) { | |||
| 11621 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.decompression_error, | |||
| 11622 | tvb, offset, offset_end - offset, | |||
| 11623 | "Invalid uncompressed length %u (expected %u)", | |||
| 11624 | tvb_captured_length(uncompressed_tvb), | |||
| 11625 | uncompressed_length); | |||
| 11626 | } else { | |||
| 11627 | uncompressed_tree = proto_item_add_subtree(ti, hf->ett.uncompressed_certificates); | |||
| 11628 | ssl_dissect_hnd_cert(hf, uncompressed_tvb, uncompressed_tree, | |||
| 11629 | 0, uncompressed_length, pinfo, session, ssl, is_from_server, is_dtls); | |||
| 11630 | add_new_data_source(pinfo, uncompressed_tvb, "Uncompressed certificate(s)"); | |||
| 11631 | } | |||
| 11632 | } | |||
| 11633 | } | |||
| 11634 | ||||
| 11635 | /* Dissection of TLS Extensions in Client Hello, Server Hello, etc. {{{ */ | |||
| 11636 | static int | |||
| 11637 | // NOLINTNEXTLINE(misc-no-recursion) | |||
| 11638 | ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | |||
| 11639 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, | |||
| 11640 | SslSession *session, SslDecryptSession *ssl, | |||
| 11641 | bool_Bool is_dtls, wmem_strbuf_t *ja3, ja4_data_t *ja4_data, | |||
| 11642 | ssl_master_key_map_t *mk_map, uint32_t initial_offset, uint32_t hello_length) | |||
| 11643 | { | |||
| 11644 | uint32_t exts_len; | |||
| 11645 | uint16_t ext_type; | |||
| 11646 | uint32_t ext_len; | |||
| 11647 | uint32_t next_offset; | |||
| 11648 | proto_item *ext_item; | |||
| 11649 | proto_tree *ext_tree; | |||
| 11650 | bool_Bool is_tls13 = session->version == TLSV1DOT3_VERSION0x304; | |||
| 11651 | wmem_strbuf_t *ja3_sg = wmem_strbuf_new(pinfo->pool, ""); | |||
| 11652 | wmem_strbuf_t *ja3_ecpf = wmem_strbuf_new(pinfo->pool, ""); | |||
| 11653 | char *ja3_dash = ""; | |||
| 11654 | unsigned supported_version; | |||
| 11655 | ||||
| 11656 | /* Extension extensions<0..2^16-2> (for TLS 1.3 HRR/CR min-length is 2) */ | |||
| 11657 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &exts_len, | |||
| 11658 | hf->hf.hs_exts_len, 0, UINT16_MAX(65535))) { | |||
| 11659 | return offset_end; | |||
| 11660 | } | |||
| 11661 | offset += 2; | |||
| 11662 | offset_end = offset + exts_len; | |||
| 11663 | ||||
| 11664 | if (ja4_data) { | |||
| 11665 | ja4_data->num_extensions = 0; | |||
| 11666 | } | |||
| 11667 | while (offset_end - offset >= 4) | |||
| 11668 | { | |||
| 11669 | ext_type = tvb_get_ntohs(tvb, offset); | |||
| 11670 | ext_len = tvb_get_ntohs(tvb, offset + 2); | |||
| 11671 | ||||
| 11672 | if (ja4_data && !IS_GREASE_TLS(ext_type)((((ext_type) & 0x0f0f) == 0x0a0a) && (((ext_type ) & 0xff) == (((ext_type)>>8) & 0xff)))) { | |||
| 11673 | ja4_data->num_extensions += 1; | |||
| 11674 | if (ext_type != SSL_HND_HELLO_EXT_SERVER_NAME0 && | |||
| 11675 | ext_type != SSL_HND_HELLO_EXT_ALPN16) { | |||
| 11676 | wmem_list_insert_sorted(ja4_data->extension_list, GUINT_TO_POINTER(ext_type)((gpointer) (gulong) (ext_type)), wmem_compare_uint); | |||
| 11677 | } | |||
| 11678 | } | |||
| 11679 | ||||
| 11680 | ext_item = proto_tree_add_none_format(tree, hf->hf.hs_ext, tvb, offset, 4 + ext_len, | |||
| 11681 | "Extension: %s (len=%u)", val_to_str(ext_type, | |||
| 11682 | tls_hello_extension_types, | |||
| 11683 | "Unknown type %u"), ext_len); | |||
| 11684 | ext_tree = proto_item_add_subtree(ext_item, hf->ett.hs_ext); | |||
| 11685 | ||||
| 11686 | proto_tree_add_uint(ext_tree, hf->hf.hs_ext_type, | |||
| 11687 | tvb, offset, 2, ext_type); | |||
| 11688 | offset += 2; | |||
| 11689 | if (ja3 && !IS_GREASE_TLS(ext_type)((((ext_type) & 0x0f0f) == 0x0a0a) && (((ext_type ) & 0xff) == (((ext_type)>>8) & 0xff)))) { | |||
| 11690 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, ext_type); | |||
| 11691 | ja3_dash = "-"; | |||
| 11692 | } | |||
| 11693 | ||||
| 11694 | /* opaque extension_data<0..2^16-1> */ | |||
| 11695 | if (!ssl_add_vector(hf, tvb, pinfo, ext_tree, offset, offset_end, &ext_len, | |||
| 11696 | hf->hf.hs_ext_len, 0, UINT16_MAX(65535))) { | |||
| 11697 | return offset_end; | |||
| 11698 | } | |||
| 11699 | offset += 2; | |||
| 11700 | next_offset = offset + ext_len; | |||
| 11701 | ||||
| 11702 | switch (ext_type) { | |||
| 11703 | case SSL_HND_HELLO_EXT_SERVER_NAME0: | |||
| 11704 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
| 11705 | offset = ssl_dissect_hnd_hello_ext_server_name(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11706 | if (ja4_data) { | |||
| 11707 | ja4_data->server_name_present = true1; | |||
| 11708 | } | |||
| 11709 | } | |||
| 11710 | break; | |||
| 11711 | case SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH1: | |||
| 11712 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_max_fragment_length, tvb, offset, 1, ENC_NA0x00000000); | |||
| 11713 | offset += 1; | |||
| 11714 | break; | |||
| 11715 | case SSL_HND_HELLO_EXT_STATUS_REQUEST5: | |||
| 11716 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
| 11717 | offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, pinfo, ext_tree, offset, next_offset, false0); | |||
| 11718 | } else if (is_tls13 && hnd_type == SSL_HND_CERTIFICATE) { | |||
| 11719 | offset = tls_dissect_hnd_certificate_status(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11720 | } | |||
| 11721 | break; | |||
| 11722 | case SSL_HND_HELLO_EXT_CERT_TYPE9: | |||
| 11723 | offset = ssl_dissect_hnd_hello_ext_cert_type(hf, tvb, ext_tree, | |||
| 11724 | offset, next_offset, | |||
| 11725 | hnd_type, ext_type, | |||
| 11726 | session); | |||
| 11727 | break; | |||
| 11728 | case SSL_HND_HELLO_EXT_SUPPORTED_GROUPS10: | |||
| 11729 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
| 11730 | offset = ssl_dissect_hnd_hello_ext_supported_groups(hf, tvb, pinfo, ext_tree, offset, | |||
| 11731 | next_offset, ja3_sg); | |||
| 11732 | } else { | |||
| 11733 | offset = ssl_dissect_hnd_hello_ext_supported_groups(hf, tvb, pinfo, ext_tree, offset, | |||
| 11734 | next_offset, NULL((void*)0)); | |||
| 11735 | } | |||
| 11736 | break; | |||
| 11737 | case SSL_HND_HELLO_EXT_EC_POINT_FORMATS11: | |||
| 11738 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
| 11739 | offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset, ja3_ecpf); | |||
| 11740 | } else { | |||
| 11741 | offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset, NULL((void*)0)); | |||
| 11742 | } | |||
| 11743 | break; | |||
| 11744 | break; | |||
| 11745 | case SSL_HND_HELLO_EXT_SRP12: | |||
| 11746 | offset = ssl_dissect_hnd_hello_ext_srp(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11747 | break; | |||
| 11748 | case SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS13: | |||
| 11749 | offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, pinfo, offset, next_offset, ja4_data); | |||
| 11750 | break; | |||
| 11751 | case SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT50: /* since TLS 1.3 draft -23 */ | |||
| 11752 | offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, pinfo, offset, next_offset, NULL((void*)0)); | |||
| 11753 | break; | |||
| 11754 | case SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS34: | |||
| 11755 | offset = ssl_dissect_hnd_ext_delegated_credentials(hf, tvb, ext_tree, pinfo, offset, next_offset, hnd_type); | |||
| 11756 | break; | |||
| 11757 | case SSL_HND_HELLO_EXT_USE_SRTP14: | |||
| 11758 | if (is_dtls) { | |||
| 11759 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
| 11760 | offset = dtls_dissect_hnd_hello_ext_use_srtp(pinfo, tvb, ext_tree, offset, next_offset, false0); | |||
| 11761 | } else if (hnd_type == SSL_HND_SERVER_HELLO) { | |||
| 11762 | offset = dtls_dissect_hnd_hello_ext_use_srtp(pinfo, tvb, ext_tree, offset, next_offset, true1); | |||
| 11763 | } | |||
| 11764 | } else { | |||
| 11765 | // XXX expert info: This extension MUST only be used with DTLS, and not with TLS. | |||
| 11766 | } | |||
| 11767 | break; | |||
| 11768 | case SSL_HND_HELLO_EXT_ECH_OUTER_EXTENSIONS64768: | |||
| 11769 | offset = ssl_dissect_hnd_ech_outer_ext(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11770 | break; | |||
| 11771 | case SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037: | |||
| 11772 | offset = ssl_dissect_hnd_hello_ext_ech(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, session, ssl, mk_map, initial_offset, hello_length); | |||
| 11773 | break; | |||
| 11774 | case SSL_HND_HELLO_EXT_HEARTBEAT15: | |||
| 11775 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_heartbeat_mode, | |||
| 11776 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 11777 | offset++; | |||
| 11778 | break; | |||
| 11779 | case SSL_HND_HELLO_EXT_ALPN16: | |||
| 11780 | offset = ssl_dissect_hnd_hello_ext_alpn(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, session, is_dtls, ja4_data); | |||
| 11781 | break; | |||
| 11782 | case SSL_HND_HELLO_EXT_STATUS_REQUEST_V217: | |||
| 11783 | if (hnd_type == SSL_HND_CLIENT_HELLO) | |||
| 11784 | offset = ssl_dissect_hnd_hello_ext_status_request_v2(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11785 | break; | |||
| 11786 | case SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP18: | |||
| 11787 | // TLS 1.3 note: SCT only appears in EE in draft -16 and before. | |||
| 11788 | if (hnd_type == SSL_HND_SERVER_HELLO || hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS || hnd_type == SSL_HND_CERTIFICATE) | |||
| 11789 | offset = tls_dissect_sct_list(hf, tvb, pinfo, ext_tree, offset, next_offset, session->version); | |||
| 11790 | break; | |||
| 11791 | case SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19: | |||
| 11792 | case SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20: | |||
| 11793 | offset = ssl_dissect_hnd_hello_ext_cert_type(hf, tvb, ext_tree, | |||
| 11794 | offset, next_offset, | |||
| 11795 | hnd_type, ext_type, | |||
| 11796 | session); | |||
| 11797 | break; | |||
| 11798 | case SSL_HND_HELLO_EXT_PADDING21: | |||
| 11799 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_padding_data, tvb, offset, ext_len, ENC_NA0x00000000); | |||
| 11800 | offset += ext_len; | |||
| 11801 | break; | |||
| 11802 | case SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC22: | |||
| 11803 | if (ssl && hnd_type == SSL_HND_SERVER_HELLO) { | |||
| 11804 | ssl_debug_printf("%s enabling Encrypt-then-MAC\n", G_STRFUNC((const char*) (__func__))); | |||
| 11805 | ssl->state |= SSL_ENCRYPT_THEN_MAC(1<<11); | |||
| 11806 | } | |||
| 11807 | break; | |||
| 11808 | case SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET23: | |||
| 11809 | if (ssl) { | |||
| 11810 | switch (hnd_type) { | |||
| 11811 | case SSL_HND_CLIENT_HELLO: | |||
| 11812 | ssl->state |= SSL_CLIENT_EXTENDED_MASTER_SECRET(1<<7); | |||
| 11813 | break; | |||
| 11814 | case SSL_HND_SERVER_HELLO: | |||
| 11815 | ssl->state |= SSL_SERVER_EXTENDED_MASTER_SECRET(1<<8); | |||
| 11816 | break; | |||
| 11817 | default: /* no default */ | |||
| 11818 | break; | |||
| 11819 | } | |||
| 11820 | } | |||
| 11821 | break; | |||
| 11822 | case SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE27: | |||
| 11823 | offset = ssl_dissect_hnd_hello_ext_compress_certificate(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | |||
| 11824 | break; | |||
| 11825 | case SSL_HND_HELLO_EXT_TOKEN_BINDING24: | |||
| 11826 | offset = ssl_dissect_hnd_hello_ext_token_binding(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | |||
| 11827 | break; | |||
| 11828 | case SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT28: | |||
| 11829 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_record_size_limit, | |||
| 11830 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 11831 | offset += 2; | |||
| 11832 | break; | |||
| 11833 | case SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS65445: | |||
| 11834 | case SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V157: | |||
| 11835 | offset = ssl_dissect_hnd_hello_ext_quic_transport_parameters(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | |||
| 11836 | break; | |||
| 11837 | case SSL_HND_HELLO_EXT_SESSION_TICKET_TLS35: | |||
| 11838 | offset = ssl_dissect_hnd_hello_ext_session_ticket(hf, tvb, ext_tree, offset, next_offset, hnd_type, ssl); | |||
| 11839 | break; | |||
| 11840 | case SSL_HND_HELLO_EXT_KEY_SHARE_OLD40: /* used before TLS 1.3 draft -23 */ | |||
| 11841 | case SSL_HND_HELLO_EXT_KEY_SHARE51: | |||
| 11842 | offset = ssl_dissect_hnd_hello_ext_key_share(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); | |||
| 11843 | break; | |||
| 11844 | case SSL_HND_HELLO_EXT_PRE_SHARED_KEY41: | |||
| 11845 | offset = ssl_dissect_hnd_hello_ext_pre_shared_key(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); | |||
| 11846 | break; | |||
| 11847 | case SSL_HND_HELLO_EXT_EARLY_DATA42: | |||
| 11848 | case SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO46: | |||
| 11849 | offset = ssl_dissect_hnd_hello_ext_early_data(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | |||
| 11850 | break; | |||
| 11851 | case SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43: | |||
| 11852 | switch (hnd_type) { | |||
| 11853 | case SSL_HND_CLIENT_HELLO: | |||
| 11854 | offset = ssl_dissect_hnd_hello_ext_supported_versions(hf, tvb, pinfo, ext_tree, offset, next_offset, session, is_dtls, ja4_data); | |||
| 11855 | break; | |||
| 11856 | case SSL_HND_SERVER_HELLO: | |||
| 11857 | case SSL_HND_HELLO_RETRY_REQUEST: | |||
| 11858 | proto_tree_add_item_ret_uint(ext_tree, hf->hf.hs_ext_supported_version, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &supported_version); | |||
| 11859 | offset += 2; | |||
| 11860 | proto_item_append_text(ext_tree, " %s", val_to_str(supported_version, ssl_versions, "Unknown (0x%04x)")); | |||
| 11861 | break; | |||
| 11862 | } | |||
| 11863 | break; | |||
| 11864 | case SSL_HND_HELLO_EXT_COOKIE44: | |||
| 11865 | offset = ssl_dissect_hnd_hello_ext_cookie(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11866 | break; | |||
| 11867 | case SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES45: | |||
| 11868 | offset = ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11869 | break; | |||
| 11870 | case SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES47: | |||
| 11871 | offset = ssl_dissect_hnd_hello_ext_certificate_authorities(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11872 | break; | |||
| 11873 | case SSL_HND_HELLO_EXT_OID_FILTERS48: | |||
| 11874 | offset = ssl_dissect_hnd_hello_ext_oid_filters(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11875 | break; | |||
| 11876 | case SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH49: | |||
| 11877 | break; | |||
| 11878 | case SSL_HND_HELLO_EXT_NPN13172: | |||
| 11879 | offset = ssl_dissect_hnd_hello_ext_npn(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11880 | break; | |||
| 11881 | case SSL_HND_HELLO_EXT_ALPS_OLD17513: | |||
| 11882 | offset = ssl_dissect_hnd_hello_ext_alps(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); | |||
| 11883 | break; | |||
| 11884 | case SSL_HND_HELLO_EXT_ALPS17613: | |||
| 11885 | offset = ssl_dissect_hnd_hello_ext_alps(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); | |||
| 11886 | break; | |||
| 11887 | case SSL_HND_HELLO_EXT_RENEGOTIATION_INFO65281: | |||
| 11888 | offset = ssl_dissect_hnd_hello_ext_reneg_info(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11889 | break; | |||
| 11890 | case SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME65486: | |||
| 11891 | offset = ssl_dissect_hnd_hello_ext_esni(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | |||
| 11892 | break; | |||
| 11893 | case SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED53: | |||
| 11894 | session->deprecated_cid = true1; | |||
| 11895 | /* FALLTHRU */ | |||
| 11896 | case SSL_HND_HELLO_EXT_CONNECTION_ID54: | |||
| 11897 | offset = ssl_dissect_hnd_hello_ext_connection_id(hf, tvb, pinfo, ext_tree, offset, hnd_type, session, ssl); | |||
| 11898 | break; | |||
| 11899 | case SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS3: | |||
| 11900 | offset = ssl_dissect_hnd_hello_ext_trusted_ca_keys(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
| 11901 | break; | |||
| 11902 | default: | |||
| 11903 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_data, | |||
| 11904 | tvb, offset, ext_len, ENC_NA0x00000000); | |||
| 11905 | offset += ext_len; | |||
| 11906 | break; | |||
| 11907 | } | |||
| 11908 | ||||
| 11909 | if (!ssl_end_vector(hf, tvb, pinfo, ext_tree, offset, next_offset)) { | |||
| 11910 | /* Dissection did not end at expected location, fix it. */ | |||
| 11911 | offset = next_offset; | |||
| 11912 | } | |||
| 11913 | } | |||
| 11914 | ||||
| 11915 | if (ja3) { | |||
| 11916 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
| 11917 | if(wmem_strbuf_get_len(ja3_sg) > 0) { | |||
| 11918 | wmem_strbuf_append_printf(ja3, "%s", wmem_strbuf_get_str(ja3_sg)); | |||
| 11919 | } else { | |||
| 11920 | wmem_strbuf_append_c(ja3, ','); | |||
| 11921 | } | |||
| 11922 | if(wmem_strbuf_get_len(ja3_ecpf) > 0) { | |||
| 11923 | wmem_strbuf_append_printf(ja3, "%s", wmem_strbuf_get_str(ja3_ecpf)); | |||
| 11924 | } else { | |||
| 11925 | wmem_strbuf_append_c(ja3, ','); | |||
| 11926 | } | |||
| 11927 | } | |||
| 11928 | } | |||
| 11929 | ||||
| 11930 | /* Check if Extensions vector is correctly terminated. */ | |||
| 11931 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, offset_end)) { | |||
| 11932 | offset = offset_end; | |||
| 11933 | } | |||
| 11934 | ||||
| 11935 | return offset; | |||
| 11936 | } /* }}} */ | |||
| 11937 | ||||
| 11938 | ||||
| 11939 | /* ClientKeyExchange algo-specific dissectors. {{{ */ | |||
| 11940 | ||||
| 11941 | static void | |||
| 11942 | dissect_ssl3_hnd_cli_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 11943 | proto_tree *tree, uint32_t offset, | |||
| 11944 | uint32_t length) | |||
| 11945 | { | |||
| 11946 | int point_len; | |||
| 11947 | proto_tree *ssl_ecdh_tree; | |||
| 11948 | ||||
| 11949 | ssl_ecdh_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
| 11950 | hf->ett.keyex_params, NULL((void*)0), "EC Diffie-Hellman Client Params"); | |||
| 11951 | ||||
| 11952 | /* point */ | |||
| 11953 | point_len = tvb_get_uint8(tvb, offset); | |||
| 11954 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point_len, tvb, | |||
| 11955 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 11956 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point, tvb, | |||
| 11957 | offset + 1, point_len, ENC_NA0x00000000); | |||
| 11958 | } | |||
| 11959 | ||||
| 11960 | static void | |||
| 11961 | dissect_ssl3_hnd_cli_keyex_dhe(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 11962 | proto_tree *tree, uint32_t offset, uint32_t length) | |||
| 11963 | { | |||
| 11964 | int yc_len; | |||
| 11965 | proto_tree *ssl_dh_tree; | |||
| 11966 | ||||
| 11967 | ssl_dh_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
| 11968 | hf->ett.keyex_params, NULL((void*)0), "Diffie-Hellman Client Params"); | |||
| 11969 | ||||
| 11970 | /* ClientDiffieHellmanPublic.dh_public (explicit) */ | |||
| 11971 | yc_len = tvb_get_ntohs(tvb, offset); | |||
| 11972 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc_len, tvb, | |||
| 11973 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 11974 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc, tvb, | |||
| 11975 | offset + 2, yc_len, ENC_NA0x00000000); | |||
| 11976 | } | |||
| 11977 | ||||
| 11978 | static void | |||
| 11979 | dissect_ssl3_hnd_cli_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 11980 | proto_tree *tree, uint32_t offset, | |||
| 11981 | uint32_t length, const SslSession *session) | |||
| 11982 | { | |||
| 11983 | int epms_len; | |||
| 11984 | proto_tree *ssl_rsa_tree; | |||
| 11985 | ||||
| 11986 | ssl_rsa_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
| 11987 | hf->ett.keyex_params, NULL((void*)0), "RSA Encrypted PreMaster Secret"); | |||
| 11988 | ||||
| 11989 | /* EncryptedPreMasterSecret.pre_master_secret */ | |||
| 11990 | switch (session->version) { | |||
| 11991 | case SSLV2_VERSION0x0002: | |||
| 11992 | case SSLV3_VERSION0x300: | |||
| 11993 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | |||
| 11994 | /* OpenSSL pre-0.9.8f DTLS and pre-TLS quirk: 2-octet length vector is | |||
| 11995 | * not present. The handshake contents represents the EPMS, see: | |||
| 11996 | * https://gitlab.com/wireshark/wireshark/-/issues/10222 */ | |||
| 11997 | epms_len = length; | |||
| 11998 | break; | |||
| 11999 | ||||
| 12000 | default: | |||
| 12001 | /* TLS and DTLS include vector length before EPMS */ | |||
| 12002 | epms_len = tvb_get_ntohs(tvb, offset); | |||
| 12003 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms_len, tvb, | |||
| 12004 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12005 | offset += 2; | |||
| 12006 | break; | |||
| 12007 | } | |||
| 12008 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms, tvb, | |||
| 12009 | offset, epms_len, ENC_NA0x00000000); | |||
| 12010 | } | |||
| 12011 | ||||
| 12012 | /* Used in PSK cipher suites */ | |||
| 12013 | static uint32_t | |||
| 12014 | dissect_ssl3_hnd_cli_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 12015 | proto_tree *tree, uint32_t offset) | |||
| 12016 | { | |||
| 12017 | unsigned identity_len; | |||
| 12018 | proto_tree *ssl_psk_tree; | |||
| 12019 | ||||
| 12020 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, -1, | |||
| 12021 | hf->ett.keyex_params, NULL((void*)0), "PSK Client Params"); | |||
| 12022 | /* identity */ | |||
| 12023 | identity_len = tvb_get_ntohs(tvb, offset); | |||
| 12024 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, tvb, | |||
| 12025 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12026 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, tvb, | |||
| 12027 | offset + 2, identity_len, ENC_NA0x00000000); | |||
| 12028 | ||||
| 12029 | proto_item_set_len(ssl_psk_tree, 2 + identity_len); | |||
| 12030 | return 2 + identity_len; | |||
| 12031 | } | |||
| 12032 | ||||
| 12033 | /* Used in RSA PSK cipher suites */ | |||
| 12034 | static void | |||
| 12035 | dissect_ssl3_hnd_cli_keyex_rsa_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 12036 | proto_tree *tree, uint32_t offset, | |||
| 12037 | uint32_t length) | |||
| 12038 | { | |||
| 12039 | int identity_len, epms_len; | |||
| 12040 | proto_tree *ssl_psk_tree; | |||
| 12041 | ||||
| 12042 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
| 12043 | hf->ett.keyex_params, NULL((void*)0), "RSA PSK Client Params"); | |||
| 12044 | ||||
| 12045 | /* identity */ | |||
| 12046 | identity_len = tvb_get_ntohs(tvb, offset); | |||
| 12047 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, | |||
| 12048 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12049 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, | |||
| 12050 | tvb, offset + 2, identity_len, ENC_NA0x00000000); | |||
| 12051 | offset += 2 + identity_len; | |||
| 12052 | ||||
| 12053 | /* Yc */ | |||
| 12054 | epms_len = tvb_get_ntohs(tvb, offset); | |||
| 12055 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms_len, tvb, | |||
| 12056 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12057 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms, tvb, | |||
| 12058 | offset + 2, epms_len, ENC_NA0x00000000); | |||
| 12059 | } | |||
| 12060 | ||||
| 12061 | /* Used in Diffie-Hellman PSK cipher suites */ | |||
| 12062 | static void | |||
| 12063 | dissect_ssl3_hnd_cli_keyex_dhe_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 12064 | proto_tree *tree, uint32_t offset, uint32_t length) | |||
| 12065 | { | |||
| 12066 | /* | |||
| 12067 | * struct { | |||
| 12068 | * select (KeyExchangeAlgorithm) { | |||
| 12069 | * case diffie_hellman_psk: | |||
| 12070 | * opaque psk_identity<0..2^16-1>; | |||
| 12071 | * ClientDiffieHellmanPublic public; | |||
| 12072 | * } exchange_keys; | |||
| 12073 | * } ClientKeyExchange; | |||
| 12074 | */ | |||
| 12075 | ||||
| 12076 | uint32_t psk_len = dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); | |||
| 12077 | dissect_ssl3_hnd_cli_keyex_dhe(hf, tvb, tree, offset + psk_len, length - psk_len); | |||
| 12078 | } | |||
| 12079 | ||||
| 12080 | /* Used in EC Diffie-Hellman PSK cipher suites */ | |||
| 12081 | static void | |||
| 12082 | dissect_ssl3_hnd_cli_keyex_ecdh_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 12083 | proto_tree *tree, uint32_t offset, uint32_t length) | |||
| 12084 | { | |||
| 12085 | /* | |||
| 12086 | * struct { | |||
| 12087 | * select (KeyExchangeAlgorithm) { | |||
| 12088 | * case ec_diffie_hellman_psk: | |||
| 12089 | * opaque psk_identity<0..2^16-1>; | |||
| 12090 | * ClientECDiffieHellmanPublic public; | |||
| 12091 | * } exchange_keys; | |||
| 12092 | * } ClientKeyExchange; | |||
| 12093 | */ | |||
| 12094 | ||||
| 12095 | uint32_t psk_len = dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); | |||
| 12096 | dissect_ssl3_hnd_cli_keyex_ecdh(hf, tvb, tree, offset + psk_len, length - psk_len); | |||
| 12097 | } | |||
| 12098 | ||||
| 12099 | /* Used in EC J-PAKE cipher suites */ | |||
| 12100 | static void | |||
| 12101 | dissect_ssl3_hnd_cli_keyex_ecjpake(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 12102 | proto_tree *tree, uint32_t offset, | |||
| 12103 | uint32_t length) | |||
| 12104 | { | |||
| 12105 | /* | |||
| 12106 | * struct { | |||
| 12107 | * ECPoint V; | |||
| 12108 | * opaque r<1..2^8-1>; | |||
| 12109 | * } ECSchnorrZKP; | |||
| 12110 | * | |||
| 12111 | * struct { | |||
| 12112 | * ECPoint X; | |||
| 12113 | * ECSchnorrZKP zkp; | |||
| 12114 | * } ECJPAKEKeyKP; | |||
| 12115 | * | |||
| 12116 | * struct { | |||
| 12117 | * ECJPAKEKeyKP ecjpake_key_kp; | |||
| 12118 | * } ClientECJPAKEParams; | |||
| 12119 | * | |||
| 12120 | * select (KeyExchangeAlgorithm) { | |||
| 12121 | * case ecjpake: | |||
| 12122 | * ClientECJPAKEParams params; | |||
| 12123 | * } ClientKeyExchange; | |||
| 12124 | */ | |||
| 12125 | ||||
| 12126 | int point_len; | |||
| 12127 | proto_tree *ssl_ecjpake_tree; | |||
| 12128 | ||||
| 12129 | ssl_ecjpake_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
| 12130 | hf->ett.keyex_params, NULL((void*)0), | |||
| 12131 | "EC J-PAKE Client Params"); | |||
| 12132 | ||||
| 12133 | /* ECJPAKEKeyKP.X */ | |||
| 12134 | point_len = tvb_get_uint8(tvb, offset); | |||
| 12135 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_xc_len, tvb, | |||
| 12136 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 12137 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_xc, tvb, | |||
| 12138 | offset + 1, point_len, ENC_NA0x00000000); | |||
| 12139 | offset += 1 + point_len; | |||
| 12140 | ||||
| 12141 | /* ECJPAKEKeyKP.zkp.V */ | |||
| 12142 | point_len = tvb_get_uint8(tvb, offset); | |||
| 12143 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_vc_len, tvb, | |||
| 12144 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 12145 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_vc, tvb, | |||
| 12146 | offset + 1, point_len, ENC_NA0x00000000); | |||
| 12147 | offset += 1 + point_len; | |||
| 12148 | ||||
| 12149 | /* ECJPAKEKeyKP.zkp.r */ | |||
| 12150 | point_len = tvb_get_uint8(tvb, offset); | |||
| 12151 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_rc_len, tvb, | |||
| 12152 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 12153 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_rc, tvb, | |||
| 12154 | offset + 1, point_len, ENC_NA0x00000000); | |||
| 12155 | } | |||
| 12156 | ||||
| 12157 | static void | |||
| 12158 | dissect_ssl3_hnd_cli_keyex_ecc_sm2(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 12159 | proto_tree *tree, uint32_t offset, | |||
| 12160 | uint32_t length) | |||
| 12161 | { | |||
| 12162 | int epms_len; | |||
| 12163 | proto_tree *ssl_ecc_sm2_tree; | |||
| 12164 | ||||
| 12165 | ssl_ecc_sm2_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
| 12166 | hf->ett.keyex_params, NULL((void*)0), | |||
| 12167 | "ECC-SM2 Encrypted PreMaster Secret"); | |||
| 12168 | ||||
| 12169 | epms_len = tvb_get_ntohs(tvb, offset); | |||
| 12170 | proto_tree_add_item(ssl_ecc_sm2_tree, hf->hf.hs_client_keyex_epms_len, tvb, | |||
| 12171 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12172 | offset += 2; | |||
| 12173 | proto_tree_add_item(ssl_ecc_sm2_tree, hf->hf.hs_client_keyex_epms, tvb, | |||
| 12174 | offset, epms_len, ENC_NA0x00000000); | |||
| 12175 | } | |||
| 12176 | /* ClientKeyExchange algo-specific dissectors. }}} */ | |||
| 12177 | ||||
| 12178 | ||||
| 12179 | /* Dissects DigitallySigned (see RFC 5246 4.7 Cryptographic Attributes). {{{ */ | |||
| 12180 | static uint32_t | |||
| 12181 | ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 12182 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 12183 | uint16_t version, int hf_sig_len, int hf_sig) | |||
| 12184 | { | |||
| 12185 | uint32_t sig_len; | |||
| 12186 | ||||
| 12187 | switch (version) { | |||
| 12188 | case TLSV1DOT2_VERSION0x303: | |||
| 12189 | case DTLSV1DOT2_VERSION0xfefd: | |||
| 12190 | case TLSV1DOT3_VERSION0x304: | |||
| 12191 | case DTLSV1DOT3_VERSION0xfefc: | |||
| 12192 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); | |||
| 12193 | offset += 2; | |||
| 12194 | break; | |||
| 12195 | ||||
| 12196 | default: | |||
| 12197 | break; | |||
| 12198 | } | |||
| 12199 | ||||
| 12200 | /* Sig */ | |||
| 12201 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sig_len, | |||
| 12202 | hf_sig_len, 0, UINT16_MAX(65535))) { | |||
| 12203 | return offset_end; | |||
| 12204 | } | |||
| 12205 | offset += 2; | |||
| 12206 | proto_tree_add_item(tree, hf_sig, tvb, offset, sig_len, ENC_NA0x00000000); | |||
| 12207 | offset += sig_len; | |||
| 12208 | return offset; | |||
| 12209 | } /* }}} */ | |||
| 12210 | ||||
| 12211 | /* ServerKeyExchange algo-specific dissectors. {{{ */ | |||
| 12212 | ||||
| 12213 | /* dissects signed_params inside a ServerKeyExchange for some keyex algos */ | |||
| 12214 | static void | |||
| 12215 | dissect_ssl3_hnd_srv_keyex_sig(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 12216 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 12217 | uint16_t version) | |||
| 12218 | { | |||
| 12219 | /* | |||
| 12220 | * TLSv1.2 (RFC 5246 sec 7.4.8) | |||
| 12221 | * struct { | |||
| 12222 | * digitally-signed struct { | |||
| 12223 | * opaque handshake_messages[handshake_messages_length]; | |||
| 12224 | * } | |||
| 12225 | * } CertificateVerify; | |||
| 12226 | * | |||
| 12227 | * TLSv1.0/TLSv1.1 (RFC 5436 sec 7.4.8 and 7.4.3) works essentially the same | |||
| 12228 | * as TLSv1.2, but the hash algorithms are not explicit in digitally-signed. | |||
| 12229 | * | |||
| 12230 | * SSLv3 (RFC 6101 sec 5.6.8) essentially works the same as TLSv1.0 but it | |||
| 12231 | * does more hashing including the master secret and padding. | |||
| 12232 | */ | |||
| 12233 | ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, | |||
| 12234 | hf->hf.hs_server_keyex_sig_len, | |||
| 12235 | hf->hf.hs_server_keyex_sig); | |||
| 12236 | } | |||
| 12237 | ||||
| 12238 | static uint32_t | |||
| 12239 | dissect_tls_ecparameters(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 12240 | { | |||
| 12241 | /* | |||
| 12242 | * RFC 4492 ECC cipher suites for TLS | |||
| 12243 | * | |||
| 12244 | * struct { | |||
| 12245 | * ECCurveType curve_type; | |||
| 12246 | * select (curve_type) { | |||
| 12247 | * case explicit_prime: | |||
| 12248 | * ... | |||
| 12249 | * case explicit_char2: | |||
| 12250 | * ... | |||
| 12251 | * case named_curve: | |||
| 12252 | * NamedCurve namedcurve; | |||
| 12253 | * }; | |||
| 12254 | * } ECParameters; | |||
| 12255 | */ | |||
| 12256 | ||||
| 12257 | int curve_type; | |||
| 12258 | ||||
| 12259 | /* ECParameters.curve_type */ | |||
| 12260 | curve_type = tvb_get_uint8(tvb, offset); | |||
| 12261 | proto_tree_add_item(tree, hf->hf.hs_server_keyex_curve_type, tvb, | |||
| 12262 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 12263 | offset++; | |||
| 12264 | ||||
| 12265 | if (curve_type != 3) | |||
| 12266 | return offset_end; /* only named_curves are supported */ | |||
| 12267 | ||||
| 12268 | /* case curve_type == named_curve; ECParameters.namedcurve */ | |||
| 12269 | proto_tree_add_item(tree, hf->hf.hs_server_keyex_named_curve, tvb, | |||
| 12270 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12271 | offset += 2; | |||
| 12272 | ||||
| 12273 | return offset; | |||
| 12274 | } | |||
| 12275 | ||||
| 12276 | static void | |||
| 12277 | dissect_ssl3_hnd_srv_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 12278 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 12279 | uint16_t version, bool_Bool anon) | |||
| 12280 | { | |||
| 12281 | /* | |||
| 12282 | * RFC 4492 ECC cipher suites for TLS | |||
| 12283 | * | |||
| 12284 | * struct { | |||
| 12285 | * opaque point <1..2^8-1>; | |||
| 12286 | * } ECPoint; | |||
| 12287 | * | |||
| 12288 | * struct { | |||
| 12289 | * ECParameters curve_params; | |||
| 12290 | * ECPoint public; | |||
| 12291 | * } ServerECDHParams; | |||
| 12292 | * | |||
| 12293 | * select (KeyExchangeAlgorithm) { | |||
| 12294 | * case ec_diffie_hellman: | |||
| 12295 | * ServerECDHParams params; | |||
| 12296 | * Signature signed_params; | |||
| 12297 | * } ServerKeyExchange; | |||
| 12298 | */ | |||
| 12299 | ||||
| 12300 | int point_len; | |||
| 12301 | proto_tree *ssl_ecdh_tree; | |||
| 12302 | ||||
| 12303 | ssl_ecdh_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
| 12304 | hf->ett.keyex_params, NULL((void*)0), "EC Diffie-Hellman Server Params"); | |||
| 12305 | ||||
| 12306 | offset = dissect_tls_ecparameters(hf, tvb, ssl_ecdh_tree, offset, offset_end); | |||
| 12307 | if (offset >= offset_end) | |||
| 12308 | return; /* only named_curves are supported */ | |||
| 12309 | ||||
| 12310 | /* ECPoint.point */ | |||
| 12311 | point_len = tvb_get_uint8(tvb, offset); | |||
| 12312 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point_len, tvb, | |||
| 12313 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 12314 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point, tvb, | |||
| 12315 | offset + 1, point_len, ENC_NA0x00000000); | |||
| 12316 | offset += 1 + point_len; | |||
| 12317 | ||||
| 12318 | /* Signature (if non-anonymous KEX) */ | |||
| 12319 | if (!anon) { | |||
| 12320 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_ecdh_tree, offset, offset_end, version); | |||
| 12321 | } | |||
| 12322 | } | |||
| 12323 | ||||
| 12324 | static void | |||
| 12325 | dissect_ssl3_hnd_srv_keyex_dhe(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 12326 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 12327 | uint16_t version, bool_Bool anon) | |||
| 12328 | { | |||
| 12329 | int p_len, g_len, ys_len; | |||
| 12330 | proto_tree *ssl_dh_tree; | |||
| 12331 | ||||
| 12332 | ssl_dh_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
| 12333 | hf->ett.keyex_params, NULL((void*)0), "Diffie-Hellman Server Params"); | |||
| 12334 | ||||
| 12335 | /* p */ | |||
| 12336 | p_len = tvb_get_ntohs(tvb, offset); | |||
| 12337 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p_len, tvb, | |||
| 12338 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12339 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p, tvb, | |||
| 12340 | offset + 2, p_len, ENC_NA0x00000000); | |||
| 12341 | offset += 2 + p_len; | |||
| 12342 | ||||
| 12343 | /* g */ | |||
| 12344 | g_len = tvb_get_ntohs(tvb, offset); | |||
| 12345 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g_len, tvb, | |||
| 12346 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12347 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g, tvb, | |||
| 12348 | offset + 2, g_len, ENC_NA0x00000000); | |||
| 12349 | offset += 2 + g_len; | |||
| 12350 | ||||
| 12351 | /* Ys */ | |||
| 12352 | ys_len = tvb_get_ntohs(tvb, offset); | |||
| 12353 | proto_tree_add_uint(ssl_dh_tree, hf->hf.hs_server_keyex_ys_len, tvb, | |||
| 12354 | offset, 2, ys_len); | |||
| 12355 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_ys, tvb, | |||
| 12356 | offset + 2, ys_len, ENC_NA0x00000000); | |||
| 12357 | offset += 2 + ys_len; | |||
| 12358 | ||||
| 12359 | /* Signature (if non-anonymous KEX) */ | |||
| 12360 | if (!anon) { | |||
| 12361 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_dh_tree, offset, offset_end, version); | |||
| 12362 | } | |||
| 12363 | } | |||
| 12364 | ||||
| 12365 | /* Only used in RSA-EXPORT cipher suites */ | |||
| 12366 | static void | |||
| 12367 | dissect_ssl3_hnd_srv_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 12368 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 12369 | uint16_t version) | |||
| 12370 | { | |||
| 12371 | int modulus_len, exponent_len; | |||
| 12372 | proto_tree *ssl_rsa_tree; | |||
| 12373 | ||||
| 12374 | ssl_rsa_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
| 12375 | hf->ett.keyex_params, NULL((void*)0), "RSA-EXPORT Server Params"); | |||
| 12376 | ||||
| 12377 | /* modulus */ | |||
| 12378 | modulus_len = tvb_get_ntohs(tvb, offset); | |||
| 12379 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus_len, tvb, | |||
| 12380 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12381 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus, tvb, | |||
| 12382 | offset + 2, modulus_len, ENC_NA0x00000000); | |||
| 12383 | offset += 2 + modulus_len; | |||
| 12384 | ||||
| 12385 | /* exponent */ | |||
| 12386 | exponent_len = tvb_get_ntohs(tvb, offset); | |||
| 12387 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent_len, | |||
| 12388 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12389 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent, | |||
| 12390 | tvb, offset + 2, exponent_len, ENC_NA0x00000000); | |||
| 12391 | offset += 2 + exponent_len; | |||
| 12392 | ||||
| 12393 | /* Signature */ | |||
| 12394 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_rsa_tree, offset, offset_end, version); | |||
| 12395 | } | |||
| 12396 | ||||
| 12397 | /* Used in RSA PSK and PSK cipher suites */ | |||
| 12398 | static uint32_t | |||
| 12399 | dissect_ssl3_hnd_srv_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 12400 | proto_tree *tree, uint32_t offset) | |||
| 12401 | { | |||
| 12402 | unsigned hint_len; | |||
| 12403 | proto_tree *ssl_psk_tree; | |||
| 12404 | ||||
| 12405 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, -1, | |||
| 12406 | hf->ett.keyex_params, NULL((void*)0), "PSK Server Params"); | |||
| 12407 | ||||
| 12408 | /* hint */ | |||
| 12409 | hint_len = tvb_get_ntohs(tvb, offset); | |||
| 12410 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint_len, tvb, | |||
| 12411 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
| 12412 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint, tvb, | |||
| 12413 | offset + 2, hint_len, ENC_NA0x00000000); | |||
| 12414 | ||||
| 12415 | proto_item_set_len(ssl_psk_tree, 2 + hint_len); | |||
| 12416 | return 2 + hint_len; | |||
| 12417 | } | |||
| 12418 | ||||
| 12419 | /* Used in Diffie-Hellman PSK cipher suites */ | |||
| 12420 | static void | |||
| 12421 | dissect_ssl3_hnd_srv_keyex_dhe_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 12422 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 12423 | { | |||
| 12424 | /* | |||
| 12425 | * struct { | |||
| 12426 | * select (KeyExchangeAlgorithm) { | |||
| 12427 | * case diffie_hellman_psk: | |||
| 12428 | * opaque psk_identity_hint<0..2^16-1>; | |||
| 12429 | * ServerDHParams params; | |||
| 12430 | * }; | |||
| 12431 | * } ServerKeyExchange; | |||
| 12432 | */ | |||
| 12433 | ||||
| 12434 | uint32_t psk_len = dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); | |||
| 12435 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset + psk_len, offset_end, 0, true1); | |||
| 12436 | } | |||
| 12437 | ||||
| 12438 | /* Used in EC Diffie-Hellman PSK cipher suites */ | |||
| 12439 | static void | |||
| 12440 | dissect_ssl3_hnd_srv_keyex_ecdh_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 12441 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 12442 | { | |||
| 12443 | /* | |||
| 12444 | * struct { | |||
| 12445 | * select (KeyExchangeAlgorithm) { | |||
| 12446 | * case ec_diffie_hellman_psk: | |||
| 12447 | * opaque psk_identity_hint<0..2^16-1>; | |||
| 12448 | * ServerECDHParams params; | |||
| 12449 | * }; | |||
| 12450 | * } ServerKeyExchange; | |||
| 12451 | */ | |||
| 12452 | ||||
| 12453 | uint32_t psk_len = dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); | |||
| 12454 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset + psk_len, offset_end, 0, true1); | |||
| 12455 | } | |||
| 12456 | ||||
| 12457 | /* Used in EC J-PAKE cipher suites */ | |||
| 12458 | static void | |||
| 12459 | dissect_ssl3_hnd_srv_keyex_ecjpake(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 12460 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
| 12461 | { | |||
| 12462 | /* | |||
| 12463 | * struct { | |||
| 12464 | * ECPoint V; | |||
| 12465 | * opaque r<1..2^8-1>; | |||
| 12466 | * } ECSchnorrZKP; | |||
| 12467 | * | |||
| 12468 | * struct { | |||
| 12469 | * ECPoint X; | |||
| 12470 | * ECSchnorrZKP zkp; | |||
| 12471 | * } ECJPAKEKeyKP; | |||
| 12472 | * | |||
| 12473 | * struct { | |||
| 12474 | * ECParameters curve_params; | |||
| 12475 | * ECJPAKEKeyKP ecjpake_key_kp; | |||
| 12476 | * } ServerECJPAKEParams; | |||
| 12477 | * | |||
| 12478 | * select (KeyExchangeAlgorithm) { | |||
| 12479 | * case ecjpake: | |||
| 12480 | * ServerECJPAKEParams params; | |||
| 12481 | * } ServerKeyExchange; | |||
| 12482 | */ | |||
| 12483 | ||||
| 12484 | int point_len; | |||
| 12485 | proto_tree *ssl_ecjpake_tree; | |||
| 12486 | ||||
| 12487 | ssl_ecjpake_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
| 12488 | hf->ett.keyex_params, NULL((void*)0), | |||
| 12489 | "EC J-PAKE Server Params"); | |||
| 12490 | ||||
| 12491 | offset = dissect_tls_ecparameters(hf, tvb, ssl_ecjpake_tree, offset, offset_end); | |||
| 12492 | if (offset >= offset_end) | |||
| 12493 | return; /* only named_curves are supported */ | |||
| 12494 | ||||
| 12495 | /* ECJPAKEKeyKP.X */ | |||
| 12496 | point_len = tvb_get_uint8(tvb, offset); | |||
| 12497 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_xs_len, tvb, | |||
| 12498 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 12499 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_xs, tvb, | |||
| 12500 | offset + 1, point_len, ENC_NA0x00000000); | |||
| 12501 | offset += 1 + point_len; | |||
| 12502 | ||||
| 12503 | /* ECJPAKEKeyKP.zkp.V */ | |||
| 12504 | point_len = tvb_get_uint8(tvb, offset); | |||
| 12505 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_vs_len, tvb, | |||
| 12506 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 12507 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_vs, tvb, | |||
| 12508 | offset + 1, point_len, ENC_NA0x00000000); | |||
| 12509 | offset += 1 + point_len; | |||
| 12510 | ||||
| 12511 | /* ECJPAKEKeyKP.zkp.r */ | |||
| 12512 | point_len = tvb_get_uint8(tvb, offset); | |||
| 12513 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_rs_len, tvb, | |||
| 12514 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
| 12515 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_rs, tvb, | |||
| 12516 | offset + 1, point_len, ENC_NA0x00000000); | |||
| 12517 | } | |||
| 12518 | ||||
| 12519 | /* Only used in ECC-SM2-EXPORT cipher suites */ | |||
| 12520 | static void | |||
| 12521 | dissect_ssl3_hnd_srv_keyex_ecc_sm2(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 12522 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 12523 | uint16_t version) | |||
| 12524 | { | |||
| 12525 | proto_tree *ssl_ecc_sm2_tree; | |||
| 12526 | ||||
| 12527 | ssl_ecc_sm2_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
| 12528 | hf->ett.keyex_params, NULL((void*)0), "ECC-SM2-EXPORT Server Params"); | |||
| 12529 | ||||
| 12530 | /* Signature */ | |||
| 12531 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_ecc_sm2_tree, offset, offset_end, version); | |||
| 12532 | } | |||
| 12533 | /* ServerKeyExchange algo-specific dissectors. }}} */ | |||
| 12534 | ||||
| 12535 | /* Client Key Exchange and Server Key Exchange handshake dissections. {{{ */ | |||
| 12536 | void | |||
| 12537 | ssl_dissect_hnd_cli_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 12538 | proto_tree *tree, uint32_t offset, uint32_t length, | |||
| 12539 | const SslSession *session) | |||
| 12540 | { | |||
| 12541 | switch (ssl_get_keyex_alg(session->cipher)) { | |||
| 12542 | case KEX_DH_ANON0x13: /* RFC 5246; DHE_DSS, DHE_RSA, DH_DSS, DH_RSA, DH_ANON: ClientDiffieHellmanPublic */ | |||
| 12543 | case KEX_DH_DSS0x14: | |||
| 12544 | case KEX_DH_RSA0x15: | |||
| 12545 | case KEX_DHE_DSS0x10: | |||
| 12546 | case KEX_DHE_RSA0x12: | |||
| 12547 | dissect_ssl3_hnd_cli_keyex_dhe(hf, tvb, tree, offset, length); | |||
| 12548 | break; | |||
| 12549 | case KEX_DHE_PSK0x11: /* RFC 4279; diffie_hellman_psk: psk_identity, ClientDiffieHellmanPublic */ | |||
| 12550 | dissect_ssl3_hnd_cli_keyex_dhe_psk(hf, tvb, tree, offset, length); | |||
| 12551 | break; | |||
| 12552 | case KEX_ECDH_ANON0x19: /* RFC 4492; ec_diffie_hellman: ClientECDiffieHellmanPublic */ | |||
| 12553 | case KEX_ECDH_ECDSA0x1a: | |||
| 12554 | case KEX_ECDH_RSA0x1b: | |||
| 12555 | case KEX_ECDHE_ECDSA0x16: | |||
| 12556 | case KEX_ECDHE_RSA0x18: | |||
| 12557 | dissect_ssl3_hnd_cli_keyex_ecdh(hf, tvb, tree, offset, length); | |||
| 12558 | break; | |||
| 12559 | case KEX_ECDHE_PSK0x17: /* RFC 5489; ec_diffie_hellman_psk: psk_identity, ClientECDiffieHellmanPublic */ | |||
| 12560 | dissect_ssl3_hnd_cli_keyex_ecdh_psk(hf, tvb, tree, offset, length); | |||
| 12561 | break; | |||
| 12562 | case KEX_KRB50x1c: /* RFC 2712; krb5: KerberosWrapper */ | |||
| 12563 | /* XXX: implement support for KRB5 */ | |||
| 12564 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | |||
| 12565 | tvb, offset, length, | |||
| 12566 | "Kerberos ciphersuites (RFC 2712) are not implemented, contact Wireshark" | |||
| 12567 | " developers if you want them to be supported"); | |||
| 12568 | break; | |||
| 12569 | case KEX_PSK0x1d: /* RFC 4279; psk: psk_identity */ | |||
| 12570 | dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); | |||
| 12571 | break; | |||
| 12572 | case KEX_RSA0x1e: /* RFC 5246; rsa: EncryptedPreMasterSecret */ | |||
| 12573 | dissect_ssl3_hnd_cli_keyex_rsa(hf, tvb, tree, offset, length, session); | |||
| 12574 | break; | |||
| 12575 | case KEX_RSA_PSK0x1f: /* RFC 4279; rsa_psk: psk_identity, EncryptedPreMasterSecret */ | |||
| 12576 | dissect_ssl3_hnd_cli_keyex_rsa_psk(hf, tvb, tree, offset, length); | |||
| 12577 | break; | |||
| 12578 | case KEX_SRP_SHA0x20: /* RFC 5054; srp: ClientSRPPublic */ | |||
| 12579 | case KEX_SRP_SHA_DSS0x21: | |||
| 12580 | case KEX_SRP_SHA_RSA0x22: | |||
| 12581 | /* XXX: implement support for SRP_SHA* */ | |||
| 12582 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | |||
| 12583 | tvb, offset, length, | |||
| 12584 | "SRP_SHA ciphersuites (RFC 5054) are not implemented, contact Wireshark" | |||
| 12585 | " developers if you want them to be supported"); | |||
| 12586 | break; | |||
| 12587 | case KEX_ECJPAKE0x24: /* https://tools.ietf.org/html/draft-cragie-tls-ecjpake-01 used in Thread Commissioning */ | |||
| 12588 | dissect_ssl3_hnd_cli_keyex_ecjpake(hf, tvb, tree, offset, length); | |||
| 12589 | break; | |||
| 12590 | case KEX_ECC_SM20x26: /* GB/T 38636 */ | |||
| 12591 | dissect_ssl3_hnd_cli_keyex_ecc_sm2(hf, tvb, tree, offset, length); | |||
| 12592 | break; | |||
| 12593 | default: | |||
| 12594 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | |||
| 12595 | tvb, offset, length); | |||
| 12596 | break; | |||
| 12597 | } | |||
| 12598 | } | |||
| 12599 | ||||
| 12600 | void | |||
| 12601 | ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
| 12602 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
| 12603 | const SslSession *session) | |||
| 12604 | { | |||
| 12605 | switch (ssl_get_keyex_alg(session->cipher)) { | |||
| 12606 | case KEX_DH_ANON0x13: /* RFC 5246; ServerDHParams */ | |||
| 12607 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset, offset_end, session->version, true1); | |||
| 12608 | break; | |||
| 12609 | case KEX_DH_DSS0x14: /* RFC 5246; not allowed */ | |||
| 12610 | case KEX_DH_RSA0x15: | |||
| 12611 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_srv_keyex_illegal, | |||
| 12612 | tvb, offset, offset_end - offset); | |||
| 12613 | break; | |||
| 12614 | case KEX_DHE_DSS0x10: /* RFC 5246; dhe_dss, dhe_rsa: ServerDHParams, Signature */ | |||
| 12615 | case KEX_DHE_RSA0x12: | |||
| 12616 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset, offset_end, session->version, false0); | |||
| 12617 | break; | |||
| 12618 | case KEX_DHE_PSK0x11: /* RFC 4279; diffie_hellman_psk: psk_identity_hint, ServerDHParams */ | |||
| 12619 | dissect_ssl3_hnd_srv_keyex_dhe_psk(hf, tvb, pinfo, tree, offset, offset_end); | |||
| 12620 | break; | |||
| 12621 | case KEX_ECDH_ANON0x19: /* RFC 4492; ec_diffie_hellman: ServerECDHParams (without signature for anon) */ | |||
| 12622 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset, offset_end, session->version, true1); | |||
| 12623 | break; | |||
| 12624 | case KEX_ECDHE_PSK0x17: /* RFC 5489; psk_identity_hint, ServerECDHParams */ | |||
| 12625 | dissect_ssl3_hnd_srv_keyex_ecdh_psk(hf, tvb, pinfo, tree, offset, offset_end); | |||
| 12626 | break; | |||
| 12627 | case KEX_ECDH_ECDSA0x1a: /* RFC 4492; ec_diffie_hellman: ServerECDHParams, Signature */ | |||
| 12628 | case KEX_ECDH_RSA0x1b: | |||
| 12629 | case KEX_ECDHE_ECDSA0x16: | |||
| 12630 | case KEX_ECDHE_RSA0x18: | |||
| 12631 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset, offset_end, session->version, false0); | |||
| 12632 | break; | |||
| 12633 | case KEX_KRB50x1c: /* RFC 2712; not allowed */ | |||
| 12634 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_srv_keyex_illegal, | |||
| 12635 | tvb, offset, offset_end - offset); | |||
| 12636 | break; | |||
| 12637 | case KEX_PSK0x1d: /* RFC 4279; psk, rsa: psk_identity */ | |||
| 12638 | case KEX_RSA_PSK0x1f: | |||
| 12639 | dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); | |||
| 12640 | break; | |||
| 12641 | case KEX_RSA0x1e: /* only allowed if the public key in the server certificate is longer than 512 bits */ | |||
| 12642 | dissect_ssl3_hnd_srv_keyex_rsa(hf, tvb, pinfo, tree, offset, offset_end, session->version); | |||
| 12643 | break; | |||
| 12644 | case KEX_ECC_SM20x26: /* GB/T 38636 */ | |||
| 12645 | dissect_ssl3_hnd_srv_keyex_ecc_sm2(hf, tvb, pinfo, tree, offset, offset_end, session->version); | |||
| 12646 | break; | |||
| 12647 | case KEX_SRP_SHA0x20: /* RFC 5054; srp: ServerSRPParams, Signature */ | |||
| 12648 | case KEX_SRP_SHA_DSS0x21: | |||
| 12649 | case KEX_SRP_SHA_RSA0x22: | |||
| 12650 | /* XXX: implement support for SRP_SHA* */ | |||
| 12651 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | |||
| 12652 | tvb, offset, offset_end - offset, | |||
| 12653 | "SRP_SHA ciphersuites (RFC 5054) are not implemented, contact Wireshark" | |||
| 12654 | " developers if you want them to be supported"); | |||
| 12655 | break; | |||
| 12656 | case KEX_ECJPAKE0x24: /* https://tools.ietf.org/html/draft-cragie-tls-ecjpake-01 used in Thread Commissioning */ | |||
| 12657 | dissect_ssl3_hnd_srv_keyex_ecjpake(hf, tvb, tree, offset, offset_end); | |||
| 12658 | break; | |||
| 12659 | default: | |||
| 12660 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | |||
| 12661 | tvb, offset, offset_end - offset); | |||
| 12662 | break; | |||
| 12663 | } | |||
| 12664 | } | |||
| 12665 | /* Client Key Exchange and Server Key Exchange handshake dissections. }}} */ | |||
| 12666 | ||||
| 12667 | void | |||
| 12668 | tls13_dissect_hnd_key_update(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
| 12669 | proto_tree *tree, uint32_t offset) | |||
| 12670 | { | |||
| 12671 | /* RFC 8446 Section 4.6.3 | |||
| 12672 | * enum { | |||
| 12673 | * update_not_requested(0), update_requested(1), (255) | |||
| 12674 | * } KeyUpdateRequest; | |||
| 12675 | * | |||
| 12676 | * struct { | |||
| 12677 | * KeyUpdateRequest request_update; | |||
| 12678 | * } KeyUpdate; | |||
| 12679 | */ | |||
| 12680 | proto_tree_add_item(tree, hf->hf.hs_key_update_request_update, tvb, offset, 1, ENC_NA0x00000000); | |||
| 12681 | } | |||
| 12682 | ||||
| 12683 | void | |||
| 12684 | ssl_common_register_ssl_alpn_dissector_table(const char *name, | |||
| 12685 | const char *ui_name, const int proto) | |||
| 12686 | { | |||
| 12687 | ssl_alpn_dissector_table = register_dissector_table(name, ui_name, | |||
| 12688 | proto, FT_STRING, STRING_CASE_SENSITIVE0); | |||
| 12689 | register_dissector_table_alias(ssl_alpn_dissector_table, "ssl.handshake.extensions_alpn_str"); | |||
| 12690 | } | |||
| 12691 | ||||
| 12692 | void | |||
| 12693 | ssl_common_register_dtls_alpn_dissector_table(const char *name, | |||
| 12694 | const char *ui_name, const int proto) | |||
| 12695 | { | |||
| 12696 | dtls_alpn_dissector_table = register_dissector_table(name, ui_name, | |||
| 12697 | proto, FT_STRING, STRING_CASE_SENSITIVE0); | |||
| 12698 | register_dissector_table_alias(ssl_alpn_dissector_table, "dtls.handshake.extensions_alpn_str"); | |||
| 12699 | } | |||
| 12700 | ||||
| 12701 | void | |||
| 12702 | ssl_common_register_options(module_t *module, ssl_common_options_t *options, bool_Bool is_dtls) | |||
| 12703 | { | |||
| 12704 | prefs_register_string_preference(module, "psk", "Pre-Shared Key", | |||
| 12705 | "Pre-Shared Key as HEX string. Should be 0 to 16 bytes.", | |||
| 12706 | &(options->psk)); | |||
| 12707 | ||||
| 12708 | if (is_dtls) { | |||
| 12709 | prefs_register_obsolete_preference(module, "keylog_file"); | |||
| 12710 | prefs_register_static_text_preference(module, "keylog_file_removed", | |||
| 12711 | "The (Pre)-Master-Secret log filename preference can be configured in the TLS protocol preferences.", | |||
| 12712 | "Use the TLS protocol preference to configure the keylog file for both DTLS and TLS."); | |||
| 12713 | return; | |||
| 12714 | } | |||
| 12715 | ||||
| 12716 | prefs_register_filename_preference(module, "keylog_file", "(Pre)-Master-Secret log filename", | |||
| 12717 | "The name of a file which contains a list of \n" | |||
| 12718 | "(pre-)master secrets in one of the following formats:\n" | |||
| 12719 | "\n" | |||
| 12720 | "RSA <EPMS> <PMS>\n" | |||
| 12721 | "RSA Session-ID:<SSLID> Master-Key:<MS>\n" | |||
| 12722 | "CLIENT_RANDOM <CRAND> <MS>\n" | |||
| 12723 | "PMS_CLIENT_RANDOM <CRAND> <PMS>\n" | |||
| 12724 | "\n" | |||
| 12725 | "Where:\n" | |||
| 12726 | "<EPMS> = First 8 bytes of the Encrypted PMS\n" | |||
| 12727 | "<PMS> = The Pre-Master-Secret (PMS) used to derive the MS\n" | |||
| 12728 | "<SSLID> = The SSL Session ID\n" | |||
| 12729 | "<MS> = The Master-Secret (MS)\n" | |||
| 12730 | "<CRAND> = The Client's random number from the ClientHello message\n" | |||
| 12731 | "\n" | |||
| 12732 | "(All fields are in hex notation)", | |||
| 12733 | &(options->keylog_filename), false0); | |||
| 12734 | } | |||
| 12735 | ||||
| 12736 | void | |||
| 12737 | ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, uint32_t offset, uint32_t length) | |||
| 12738 | { | |||
| 12739 | if (ssl_session && ssl_session->session.version != TLSV1DOT3_VERSION0x304 && !(ssl_session->state & SSL_MASTER_SECRET(1<<5))) { | |||
| 12740 | uint32_t old_length = ssl_session->handshake_data.data_len; | |||
| 12741 | ssl_debug_printf("Calculating hash with offset %d %d\n", offset, length); | |||
| 12742 | if (tvb) { | |||
| 12743 | if (tvb_bytes_exist(tvb, offset, length)) { | |||
| 12744 | ssl_session->handshake_data.data = (unsigned char *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length); | |||
| 12745 | tvb_memcpy(tvb, ssl_session->handshake_data.data + old_length, offset, length); | |||
| 12746 | ssl_session->handshake_data.data_len += length; | |||
| 12747 | } | |||
| 12748 | } else { | |||
| 12749 | /* DTLS calculates the hash as if each handshake message had been | |||
| 12750 | * sent as a single fragment (RFC 6347, section 4.2.6) and passes | |||
| 12751 | * in a null tvbuff to add 3 bytes for a zero fragment offset. | |||
| 12752 | */ | |||
| 12753 | DISSECTOR_ASSERT_CMPINT(length, <, 4)((void) ((length < 4) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion " "length" " " "<" " " "4" " (" "%" "l" "d" " " "<" " " "%" "l" "d" ")", "epan/dissectors/packet-tls-utils.c" , 12753, (int64_t)length, (int64_t)4)))); | |||
| 12754 | ssl_session->handshake_data.data = (unsigned char *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length); | |||
| 12755 | memset(ssl_session->handshake_data.data + old_length, 0, length); | |||
| 12756 | ssl_session->handshake_data.data_len += length; | |||
| 12757 | } | |||
| 12758 | } | |||
| 12759 | } | |||
| 12760 | ||||
| 12761 | ||||
| 12762 | /* | |||
| 12763 | * Editor modelines - https://www.wireshark.org/tools/modelines.html | |||
| 12764 | * | |||
| 12765 | * Local variables: | |||
| 12766 | * c-basic-offset: 4 | |||
| 12767 | * tab-width: 8 | |||
| 12768 | * indent-tabs-mode: nil | |||
| 12769 | * End: | |||
| 12770 | * | |||
| 12771 | * vi: set shiftwidth=4 tabstop=8 expandtab: | |||
| 12772 | * :indentSize=4:tabSize=8:noTabs=true: | |||
| 12773 | */ |