File: | builds/wireshark/wireshark/epan/dissectors/packet-tls-utils.c |
Warning: | line 4748, column 17 Potential leak of memory pointed to by 'handshake_hashed_data.data' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* packet-tls-utils.c | |||
2 | * ssl manipulation functions | |||
3 | * By Paolo Abeni <[email protected]> | |||
4 | * | |||
5 | * Copyright (c) 2013, Hauke Mehrtens <[email protected]> | |||
6 | * Copyright (c) 2014, Peter Wu <[email protected]> | |||
7 | * | |||
8 | * Wireshark - Network traffic analyzer | |||
9 | * By Gerald Combs <[email protected]> | |||
10 | * Copyright 1998 Gerald Combs | |||
11 | * | |||
12 | * SPDX-License-Identifier: GPL-2.0-or-later | |||
13 | */ | |||
14 | ||||
15 | #include "config.h" | |||
16 | ||||
17 | #if defined(HAVE_ZLIB1) && !defined(HAVE_ZLIBNG) | |||
18 | #define ZLIB_CONST | |||
19 | #define ZLIB_PREFIX(x)x x | |||
20 | #include <zlib.h> | |||
21 | typedef z_stream zlib_stream; | |||
22 | #endif /* HAVE_ZLIB */ | |||
23 | ||||
24 | #ifdef HAVE_ZLIBNG | |||
25 | #define ZLIB_PREFIX(x)x zng_ ## x | |||
26 | #include <zlib-ng.h> | |||
27 | typedef zng_stream zlib_stream; | |||
28 | #endif /* HAVE_ZLIBNG */ | |||
29 | ||||
30 | #include <stdlib.h> | |||
31 | #include <errno(*__errno_location ()).h> | |||
32 | ||||
33 | #include <epan/packet.h> | |||
34 | #include <epan/strutil.h> | |||
35 | #include <epan/addr_resolv.h> | |||
36 | #include <epan/expert.h> | |||
37 | #include <epan/asn1.h> | |||
38 | #include <epan/proto_data.h> | |||
39 | #include <epan/oids.h> | |||
40 | #include <epan/secrets.h> | |||
41 | ||||
42 | #include <wsutil/inet_cidr.h> | |||
43 | #include <wsutil/filesystem.h> | |||
44 | #include <wsutil/file_util.h> | |||
45 | #include <wsutil/str_util.h> | |||
46 | #include <wsutil/report_message.h> | |||
47 | #include <wsutil/pint.h> | |||
48 | #include <wsutil/strtoi.h> | |||
49 | #include <wsutil/wsgcrypt.h> | |||
50 | #include <wsutil/rsa.h> | |||
51 | #include <wsutil/ws_assert.h> | |||
52 | #include "packet-ber.h" | |||
53 | #include "packet-x509af.h" | |||
54 | #include "packet-x509if.h" | |||
55 | #include "packet-tls-utils.h" | |||
56 | #include "packet-ocsp.h" | |||
57 | #include "packet-tls.h" | |||
58 | #include "packet-dtls.h" | |||
59 | #include "packet-quic.h" | |||
60 | #if defined(HAVE_LIBGNUTLS1) | |||
61 | #include <gnutls/abstract.h> | |||
62 | #endif | |||
63 | ||||
64 | /* JA3/JA3S calculations must ignore GREASE values | |||
65 | * as described in RFC 8701. | |||
66 | */ | |||
67 | #define IS_GREASE_TLS(x)((((x) & 0x0f0f) == 0x0a0a) && (((x) & 0xff) == (((x)>>8) & 0xff))) ((((x) & 0x0f0f) == 0x0a0a) && \ | |||
68 | (((x) & 0xff) == (((x)>>8) & 0xff))) | |||
69 | ||||
70 | /* Section 22.3 of RFC 9000 (QUIC) reserves values of this | |||
71 | * form for a similar purpose as GREASE. | |||
72 | */ | |||
73 | #define IS_GREASE_QUIC(x)((x) > 27 ? ((((x) - 27) % 31) == 0) : 0) ((x) > 27 ? ((((x) - 27) % 31) == 0) : 0) | |||
74 | ||||
75 | #define DTLS13_MAX_EPOCH10 10 | |||
76 | ||||
77 | /* Lookup tables {{{ */ | |||
78 | const value_string ssl_version_short_names[] = { | |||
79 | { SSLV2_VERSION0x0002, "SSLv2" }, | |||
80 | { SSLV3_VERSION0x300, "SSLv3" }, | |||
81 | { TLSV1_VERSION0x301, "TLSv1" }, | |||
82 | { TLCPV1_VERSION0x101, "TLCP" }, | |||
83 | { TLSV1DOT1_VERSION0x302, "TLSv1.1" }, | |||
84 | { TLSV1DOT2_VERSION0x303, "TLSv1.2" }, | |||
85 | { TLSV1DOT3_VERSION0x304, "TLSv1.3" }, | |||
86 | { DTLSV1DOT0_VERSION0xfeff, "DTLSv1.0" }, | |||
87 | { DTLSV1DOT2_VERSION0xfefd, "DTLSv1.2" }, | |||
88 | { DTLSV1DOT3_VERSION0xfefc, "DTLSv1.3" }, | |||
89 | { DTLSV1DOT0_OPENSSL_VERSION0x100, "DTLS 1.0 (OpenSSL pre 0.9.8f)" }, | |||
90 | { 0x00, NULL((void*)0) } | |||
91 | }; | |||
92 | ||||
93 | const value_string ssl_versions[] = { | |||
94 | { SSLV2_VERSION0x0002, "SSL 2.0" }, | |||
95 | { SSLV3_VERSION0x300, "SSL 3.0" }, | |||
96 | { TLSV1_VERSION0x301, "TLS 1.0" }, | |||
97 | { TLCPV1_VERSION0x101, "TLCP" }, | |||
98 | { TLSV1DOT1_VERSION0x302, "TLS 1.1" }, | |||
99 | { TLSV1DOT2_VERSION0x303, "TLS 1.2" }, | |||
100 | { TLSV1DOT3_VERSION0x304, "TLS 1.3" }, | |||
101 | { 0x7F0E, "TLS 1.3 (draft 14)" }, | |||
102 | { 0x7F0F, "TLS 1.3 (draft 15)" }, | |||
103 | { 0x7F10, "TLS 1.3 (draft 16)" }, | |||
104 | { 0x7F11, "TLS 1.3 (draft 17)" }, | |||
105 | { 0x7F12, "TLS 1.3 (draft 18)" }, | |||
106 | { 0x7F13, "TLS 1.3 (draft 19)" }, | |||
107 | { 0x7F14, "TLS 1.3 (draft 20)" }, | |||
108 | { 0x7F15, "TLS 1.3 (draft 21)" }, | |||
109 | { 0x7F16, "TLS 1.3 (draft 22)" }, | |||
110 | { 0x7F17, "TLS 1.3 (draft 23)" }, | |||
111 | { 0x7F18, "TLS 1.3 (draft 24)" }, | |||
112 | { 0x7F19, "TLS 1.3 (draft 25)" }, | |||
113 | { 0x7F1A, "TLS 1.3 (draft 26)" }, | |||
114 | { 0x7F1B, "TLS 1.3 (draft 27)" }, | |||
115 | { 0x7F1C, "TLS 1.3 (draft 28)" }, | |||
116 | { 0xFB17, "TLS 1.3 (Facebook draft 23)" }, | |||
117 | { 0xFB1A, "TLS 1.3 (Facebook draft 26)" }, | |||
118 | { DTLSV1DOT0_OPENSSL_VERSION0x100, "DTLS 1.0 (OpenSSL pre 0.9.8f)" }, | |||
119 | { DTLSV1DOT0_VERSION0xfeff, "DTLS 1.0" }, | |||
120 | { DTLSV1DOT2_VERSION0xfefd, "DTLS 1.2" }, | |||
121 | { DTLSV1DOT3_VERSION0xfefc, "DTLS 1.3" }, | |||
122 | { 0x0A0A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
123 | { 0x1A1A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
124 | { 0x2A2A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
125 | { 0x3A3A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
126 | { 0x4A4A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
127 | { 0x5A5A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
128 | { 0x6A6A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
129 | { 0x7A7A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
130 | { 0x8A8A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
131 | { 0x9A9A, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
132 | { 0xAAAA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
133 | { 0xBABA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
134 | { 0xCACA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
135 | { 0xDADA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
136 | { 0xEAEA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
137 | { 0xFAFA, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
138 | { 0x00, NULL((void*)0) } | |||
139 | }; | |||
140 | ||||
141 | static const value_string ssl_version_ja4_names[] = { | |||
142 | { 0x0100, "s1" }, | |||
143 | { SSLV2_VERSION0x0002, "s2" }, | |||
144 | { SSLV3_VERSION0x300, "s3" }, | |||
145 | { TLSV1_VERSION0x301, "10" }, | |||
146 | { TLSV1DOT1_VERSION0x302, "11" }, | |||
147 | { TLSV1DOT2_VERSION0x303, "12" }, | |||
148 | { TLSV1DOT3_VERSION0x304, "13" }, | |||
149 | { DTLSV1DOT0_VERSION0xfeff, "d1" }, | |||
150 | { DTLSV1DOT2_VERSION0xfefd, "d2" }, | |||
151 | { DTLSV1DOT3_VERSION0xfefc, "d3" }, | |||
152 | { 0x00, NULL((void*)0) } | |||
153 | }; | |||
154 | ||||
155 | const value_string ssl_20_msg_types[] = { | |||
156 | { SSL2_HND_ERROR0x00, "Error" }, | |||
157 | { SSL2_HND_CLIENT_HELLO0x01, "Client Hello" }, | |||
158 | { SSL2_HND_CLIENT_MASTER_KEY0x02, "Client Master Key" }, | |||
159 | { SSL2_HND_CLIENT_FINISHED0x03, "Client Finished" }, | |||
160 | { SSL2_HND_SERVER_HELLO0x04, "Server Hello" }, | |||
161 | { SSL2_HND_SERVER_VERIFY0x05, "Server Verify" }, | |||
162 | { SSL2_HND_SERVER_FINISHED0x06, "Server Finished" }, | |||
163 | { SSL2_HND_REQUEST_CERTIFICATE0x07, "Request Certificate" }, | |||
164 | { SSL2_HND_CLIENT_CERTIFICATE0x08, "Client Certificate" }, | |||
165 | { 0x00, NULL((void*)0) } | |||
166 | }; | |||
167 | /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ | |||
168 | /* Note: sorted by ascending value so value_string-ext can do a binary search */ | |||
169 | static const value_string ssl_20_cipher_suites[] = { | |||
170 | { 0x000000, "TLS_NULL_WITH_NULL_NULL" }, | |||
171 | { 0x000001, "TLS_RSA_WITH_NULL_MD5" }, | |||
172 | { 0x000002, "TLS_RSA_WITH_NULL_SHA" }, | |||
173 | { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, | |||
174 | { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" }, | |||
175 | { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" }, | |||
176 | { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, | |||
177 | { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, | |||
178 | { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
179 | { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" }, | |||
180 | { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
181 | { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | |||
182 | { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, | |||
183 | { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
184 | { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
185 | { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, | |||
186 | { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
187 | { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | |||
188 | { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, | |||
189 | { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
190 | { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
191 | { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, | |||
192 | { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
193 | { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, | |||
194 | { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" }, | |||
195 | { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, | |||
196 | { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" }, | |||
197 | { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, | |||
198 | { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" }, | |||
199 | { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, | |||
200 | #if 0 | |||
201 | { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, | |||
202 | #endif | |||
203 | /* RFC 2712 */ | |||
204 | { 0x00001E, "TLS_KRB5_WITH_DES_CBC_SHA" }, | |||
205 | { 0x00001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, | |||
206 | { 0x000020, "TLS_KRB5_WITH_RC4_128_SHA" }, | |||
207 | { 0x000021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, | |||
208 | { 0x000022, "TLS_KRB5_WITH_DES_CBC_MD5" }, | |||
209 | { 0x000023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, | |||
210 | { 0x000024, "TLS_KRB5_WITH_RC4_128_MD5" }, | |||
211 | { 0x000025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, | |||
212 | { 0x000026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, | |||
213 | { 0x000027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, | |||
214 | { 0x000028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, | |||
215 | { 0x000029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, | |||
216 | { 0x00002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, | |||
217 | { 0x00002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, | |||
218 | /* RFC 4785 */ | |||
219 | { 0x00002C, "TLS_PSK_WITH_NULL_SHA" }, | |||
220 | { 0x00002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, | |||
221 | { 0x00002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, | |||
222 | /* RFC 5246 */ | |||
223 | { 0x00002f, "TLS_RSA_WITH_AES_128_CBC_SHA" }, | |||
224 | { 0x000030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, | |||
225 | { 0x000031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, | |||
226 | { 0x000032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, | |||
227 | { 0x000033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, | |||
228 | { 0x000034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, | |||
229 | { 0x000035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, | |||
230 | { 0x000036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, | |||
231 | { 0x000037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, | |||
232 | { 0x000038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, | |||
233 | { 0x000039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, | |||
234 | { 0x00003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, | |||
235 | { 0x00003B, "TLS_RSA_WITH_NULL_SHA256" }, | |||
236 | { 0x00003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, | |||
237 | { 0x00003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, | |||
238 | { 0x00003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, | |||
239 | { 0x00003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, | |||
240 | { 0x000040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, | |||
241 | { 0x000041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
242 | { 0x000042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | |||
243 | { 0x000043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
244 | { 0x000044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | |||
245 | { 0x000045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
246 | { 0x000046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, | |||
247 | { 0x000047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, | |||
248 | { 0x000048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, | |||
249 | { 0x000049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" }, | |||
250 | { 0x00004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | |||
251 | { 0x00004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, | |||
252 | { 0x00004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, | |||
253 | { 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" }, | |||
254 | { 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" }, | |||
255 | { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" }, | |||
256 | { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" }, | |||
257 | { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" }, | |||
258 | { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" }, | |||
259 | { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" }, | |||
260 | { 0x000067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, | |||
261 | { 0x000068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, | |||
262 | { 0x000069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, | |||
263 | { 0x00006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, | |||
264 | { 0x00006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, | |||
265 | { 0x00006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, | |||
266 | { 0x00006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, | |||
267 | /* 0x00,0x6E-83 Unassigned */ | |||
268 | { 0x000084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
269 | { 0x000085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | |||
270 | { 0x000086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
271 | { 0x000087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | |||
272 | { 0x000088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
273 | { 0x000089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, | |||
274 | /* RFC 4279 */ | |||
275 | { 0x00008A, "TLS_PSK_WITH_RC4_128_SHA" }, | |||
276 | { 0x00008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
277 | { 0x00008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, | |||
278 | { 0x00008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, | |||
279 | { 0x00008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, | |||
280 | { 0x00008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
281 | { 0x000090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, | |||
282 | { 0x000091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, | |||
283 | { 0x000092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, | |||
284 | { 0x000093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
285 | { 0x000094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, | |||
286 | { 0x000095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, | |||
287 | /* RFC 4162 */ | |||
288 | { 0x000096, "TLS_RSA_WITH_SEED_CBC_SHA" }, | |||
289 | { 0x000097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, | |||
290 | { 0x000098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, | |||
291 | { 0x000099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, | |||
292 | { 0x00009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, | |||
293 | { 0x00009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, | |||
294 | /* RFC 5288 */ | |||
295 | { 0x00009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, | |||
296 | { 0x00009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, | |||
297 | { 0x00009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, | |||
298 | { 0x00009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, | |||
299 | { 0x0000A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, | |||
300 | { 0x0000A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, | |||
301 | { 0x0000A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, | |||
302 | { 0x0000A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, | |||
303 | { 0x0000A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, | |||
304 | { 0x0000A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, | |||
305 | { 0x0000A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, | |||
306 | { 0x0000A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, | |||
307 | /* RFC 5487 */ | |||
308 | { 0x0000A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, | |||
309 | { 0x0000A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, | |||
310 | { 0x0000AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, | |||
311 | { 0x0000AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, | |||
312 | { 0x0000AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, | |||
313 | { 0x0000AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, | |||
314 | { 0x0000AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, | |||
315 | { 0x0000AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, | |||
316 | { 0x0000B0, "TLS_PSK_WITH_NULL_SHA256" }, | |||
317 | { 0x0000B1, "TLS_PSK_WITH_NULL_SHA384" }, | |||
318 | { 0x0000B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, | |||
319 | { 0x0000B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, | |||
320 | { 0x0000B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, | |||
321 | { 0x0000B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, | |||
322 | { 0x0000B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, | |||
323 | { 0x0000B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, | |||
324 | { 0x0000B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, | |||
325 | { 0x0000B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, | |||
326 | /* From RFC 5932 */ | |||
327 | { 0x0000BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
328 | { 0x0000BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
329 | { 0x0000BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
330 | { 0x0000BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
331 | { 0x0000BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
332 | { 0x0000BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
333 | { 0x0000C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
334 | { 0x0000C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
335 | { 0x0000C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
336 | { 0x0000C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
337 | { 0x0000C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
338 | { 0x0000C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
339 | /* 0x00,0xC6-FE Unassigned */ | |||
340 | { 0x0000FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, | |||
341 | /* 0x01-BF,* Unassigned */ | |||
342 | /* From RFC 4492 */ | |||
343 | { 0x00c001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, | |||
344 | { 0x00c002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, | |||
345 | { 0x00c003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | |||
346 | { 0x00c004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, | |||
347 | { 0x00c005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, | |||
348 | { 0x00c006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, | |||
349 | { 0x00c007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, | |||
350 | { 0x00c008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | |||
351 | { 0x00c009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, | |||
352 | { 0x00c00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, | |||
353 | { 0x00c00b, "TLS_ECDH_RSA_WITH_NULL_SHA" }, | |||
354 | { 0x00c00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, | |||
355 | { 0x00c00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
356 | { 0x00c00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, | |||
357 | { 0x00c00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, | |||
358 | { 0x00c010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, | |||
359 | { 0x00c011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, | |||
360 | { 0x00c012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
361 | { 0x00c013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, | |||
362 | { 0x00c014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, | |||
363 | { 0x00c015, "TLS_ECDH_anon_WITH_NULL_SHA" }, | |||
364 | { 0x00c016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, | |||
365 | { 0x00c017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, | |||
366 | { 0x00c018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, | |||
367 | { 0x00c019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, | |||
368 | /* RFC 5054 */ | |||
369 | { 0x00C01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, | |||
370 | { 0x00C01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
371 | { 0x00C01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
372 | { 0x00C01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, | |||
373 | { 0x00C01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, | |||
374 | { 0x00C01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, | |||
375 | { 0x00C020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, | |||
376 | { 0x00C021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, | |||
377 | { 0x00C022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, | |||
378 | /* RFC 5589 */ | |||
379 | { 0x00C023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, | |||
380 | { 0x00C024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, | |||
381 | { 0x00C025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, | |||
382 | { 0x00C026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, | |||
383 | { 0x00C027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, | |||
384 | { 0x00C028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, | |||
385 | { 0x00C029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, | |||
386 | { 0x00C02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, | |||
387 | { 0x00C02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, | |||
388 | { 0x00C02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, | |||
389 | { 0x00C02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, | |||
390 | { 0x00C02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, | |||
391 | { 0x00C02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, | |||
392 | { 0x00C030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, | |||
393 | { 0x00C031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, | |||
394 | { 0x00C032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, | |||
395 | /* RFC 5489 */ | |||
396 | { 0x00C033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, | |||
397 | { 0x00C034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
398 | { 0x00C035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, | |||
399 | { 0x00C036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, | |||
400 | { 0x00C037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, | |||
401 | { 0x00C038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, | |||
402 | { 0x00C039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, | |||
403 | { 0x00C03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, | |||
404 | { 0x00C03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, | |||
405 | /* 0xC0,0x3C-FF Unassigned | |||
406 | 0xC1-FD,* Unassigned | |||
407 | 0xFE,0x00-FD Unassigned | |||
408 | 0xFE,0xFE-FF Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen] | |||
409 | 0xFF,0x00-FF Reserved for Private Use [RFC5246] | |||
410 | */ | |||
411 | ||||
412 | /* old numbers used in the beginning | |||
413 | * https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305 */ | |||
414 | { 0x00CC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
415 | { 0x00CC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
416 | { 0x00CC15, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
417 | ||||
418 | /* https://tools.ietf.org/html/rfc7905 */ | |||
419 | { 0x00CCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
420 | { 0x00CCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
421 | { 0x00CCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
422 | { 0x00CCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
423 | { 0x00CCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
424 | { 0x00CCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
425 | { 0x00CCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
426 | ||||
427 | /* GM/T 0024-2014 */ | |||
428 | { 0x00e001, "ECDHE_SM1_SM3"}, | |||
429 | { 0x00e003, "ECC_SM1_SM3"}, | |||
430 | { 0x00e005, "IBSDH_SM1_SM3"}, | |||
431 | { 0x00e007, "IBC_SM1_SM3"}, | |||
432 | { 0x00e009, "RSA_SM1_SM3"}, | |||
433 | { 0x00e00a, "RSA_SM1_SHA1"}, | |||
434 | { 0x00e011, "ECDHE_SM4_CBC_SM3"}, | |||
435 | { 0x00e013, "ECC_SM4_CBC_SM3"}, | |||
436 | { 0x00e015, "IBSDH_SM4_CBC_SM3"}, | |||
437 | { 0x00e017, "IBC_SM4_CBC_SM3"}, | |||
438 | { 0x00e019, "RSA_SM4_CBC_SM3"}, | |||
439 | { 0x00e01a, "RSA_SM4_CBC_SHA1"}, | |||
440 | { 0x00e01c, "RSA_SM4_CBC_SHA256"}, | |||
441 | { 0x00e051, "ECDHE_SM4_GCM_SM3"}, | |||
442 | { 0x00e053, "ECC_SM4_GCM_SM3"}, | |||
443 | { 0x00e055, "IBSDH_SM4_GCM_SM3"}, | |||
444 | { 0x00e057, "IBC_SM4_GCM_SM3"}, | |||
445 | { 0x00e059, "RSA_SM4_GCM_SM3"}, | |||
446 | { 0x00e05a, "RSA_SM4_GCM_SHA256"}, | |||
447 | ||||
448 | /* https://tools.ietf.org/html/draft-josefsson-salsa20-tls */ | |||
449 | { 0x00E410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
450 | { 0x00E411, "TLS_RSA_WITH_SALSA20_SHA1" }, | |||
451 | { 0x00E412, "TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
452 | { 0x00E413, "TLS_ECDHE_RSA_WITH_SALSA20_SHA1" }, | |||
453 | { 0x00E414, "TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
454 | { 0x00E415, "TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1" }, | |||
455 | { 0x00E416, "TLS_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
456 | { 0x00E417, "TLS_PSK_WITH_SALSA20_SHA1" }, | |||
457 | { 0x00E418, "TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
458 | { 0x00E419, "TLS_ECDHE_PSK_WITH_SALSA20_SHA1" }, | |||
459 | { 0x00E41A, "TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
460 | { 0x00E41B, "TLS_RSA_PSK_WITH_SALSA20_SHA1" }, | |||
461 | { 0x00E41C, "TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
462 | { 0x00E41D, "TLS_DHE_PSK_WITH_SALSA20_SHA1" }, | |||
463 | { 0x00E41E, "TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
464 | { 0x00E41F, "TLS_DHE_RSA_WITH_SALSA20_SHA1" }, | |||
465 | ||||
466 | /* these from http://www.mozilla.org/projects/ | |||
467 | security/pki/nss/ssl/fips-ssl-ciphersuites.html */ | |||
468 | { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, | |||
469 | { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | |||
470 | { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | |||
471 | { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, | |||
472 | /* note that ciphersuites of {0x00????} are TLS cipher suites in | |||
473 | * a sslv2 client hello message; the ???? above is the two-byte | |||
474 | * tls cipher suite id | |||
475 | */ | |||
476 | ||||
477 | { 0x010080, "SSL2_RC4_128_WITH_MD5" }, | |||
478 | { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" }, | |||
479 | { 0x030080, "SSL2_RC2_128_CBC_WITH_MD5" }, | |||
480 | { 0x040080, "SSL2_RC2_128_CBC_EXPORT40_WITH_MD5" }, | |||
481 | { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" }, | |||
482 | { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" }, | |||
483 | { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" }, | |||
484 | { 0x080080, "SSL2_RC4_64_WITH_MD5" }, | |||
485 | ||||
486 | { 0x00, NULL((void*)0) } | |||
487 | }; | |||
488 | ||||
489 | value_string_ext ssl_20_cipher_suites_ext = VALUE_STRING_EXT_INIT(ssl_20_cipher_suites){ _try_val_to_str_ext_init, 0, (sizeof (ssl_20_cipher_suites) / sizeof ((ssl_20_cipher_suites)[0]))-1, ssl_20_cipher_suites , "ssl_20_cipher_suites" }; | |||
490 | ||||
491 | ||||
492 | /* | |||
493 | * Supported Groups (formerly named "EC Named Curve"). | |||
494 | * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 | |||
495 | */ | |||
496 | const value_string ssl_extension_curves[] = { | |||
497 | { 1, "sect163k1" }, | |||
498 | { 2, "sect163r1" }, | |||
499 | { 3, "sect163r2" }, | |||
500 | { 4, "sect193r1" }, | |||
501 | { 5, "sect193r2" }, | |||
502 | { 6, "sect233k1" }, | |||
503 | { 7, "sect233r1" }, | |||
504 | { 8, "sect239k1" }, | |||
505 | { 9, "sect283k1" }, | |||
506 | { 10, "sect283r1" }, | |||
507 | { 11, "sect409k1" }, | |||
508 | { 12, "sect409r1" }, | |||
509 | { 13, "sect571k1" }, | |||
510 | { 14, "sect571r1" }, | |||
511 | { 15, "secp160k1" }, | |||
512 | { 16, "secp160r1" }, | |||
513 | { 17, "secp160r2" }, | |||
514 | { 18, "secp192k1" }, | |||
515 | { 19, "secp192r1" }, | |||
516 | { 20, "secp224k1" }, | |||
517 | { 21, "secp224r1" }, | |||
518 | { 22, "secp256k1" }, | |||
519 | { 23, "secp256r1" }, | |||
520 | { 24, "secp384r1" }, | |||
521 | { 25, "secp521r1" }, | |||
522 | { 26, "brainpoolP256r1" }, /* RFC 7027 */ | |||
523 | { 27, "brainpoolP384r1" }, /* RFC 7027 */ | |||
524 | { 28, "brainpoolP512r1" }, /* RFC 7027 */ | |||
525 | { 29, "x25519" }, /* RFC 8446 / RFC 8422 */ | |||
526 | { 30, "x448" }, /* RFC 8446 / RFC 8422 */ | |||
527 | { 31, "brainpoolP256r1tls13" }, /* RFC8734 */ | |||
528 | { 32, "brainpoolP384r1tls13" }, /* RFC8734 */ | |||
529 | { 33, "brainpoolP512r1tls13" }, /* RFC8734 */ | |||
530 | { 34, "GC256A" }, /* RFC9189 */ | |||
531 | { 35, "GC256B" }, /* RFC9189 */ | |||
532 | { 36, "GC256C" }, /* RFC9189 */ | |||
533 | { 37, "GC256D" }, /* RFC9189 */ | |||
534 | { 38, "GC512A" }, /* RFC9189 */ | |||
535 | { 39, "GC512B" }, /* RFC9189 */ | |||
536 | { 40, "GC512C" }, /* RFC9189 */ | |||
537 | { 41, "curveSM2" }, /* RFC 8998 */ | |||
538 | { 256, "ffdhe2048" }, /* RFC 7919 */ | |||
539 | { 257, "ffdhe3072" }, /* RFC 7919 */ | |||
540 | { 258, "ffdhe4096" }, /* RFC 7919 */ | |||
541 | { 259, "ffdhe6144" }, /* RFC 7919 */ | |||
542 | { 260, "ffdhe8192" }, /* RFC 7919 */ | |||
543 | { 2570, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
544 | { 4587, "SecP256r1MLKEM768" }, /* draft-kwiatkowski-tls-ecdhe-mlkem-02 */ | |||
545 | { 4588, "X25519MLKEM768" }, /* draft-kwiatkowski-tls-ecdhe-mlkem-02 */ | |||
546 | { 6682, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
547 | { 10794, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
548 | { 14906, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
549 | { 19018, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
550 | { 23130, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
551 | { 25497, "X25519Kyber768Draft00 (OBSOLETE)" }, /* draft-tls-westerbaan-xyber768d00-02 */ | |||
552 | { 25498, "SecP256r1Kyber768Draft00 (OBSOLETE)" }, /* draft-kwiatkowski-tls-ecdhe-kyber-01 */ | |||
553 | { 27242, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
554 | { 31354, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
555 | { 35466, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
556 | { 39578, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
557 | { 43690, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
558 | { 47802, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
559 | { 51914, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
560 | { 56026, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
561 | { 60138, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
562 | { 64250, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
563 | { 0xFF01, "arbitrary_explicit_prime_curves" }, | |||
564 | { 0xFF02, "arbitrary_explicit_char2_curves" }, | |||
565 | /* Below are various unofficial values that have been used for testing. */ | |||
566 | /* PQC key exchange algorithms from OQS-OpenSSL, | |||
567 | see https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/oqs-kem-info.md | |||
568 | These use IANA unassigned values and this list may be incomplete. | |||
569 | */ | |||
570 | { 0x0200, "frodo640aes" }, | |||
571 | { 0x2F00, "p256_frodo640aes" }, | |||
572 | { 0x0201, "frodo640shake" }, | |||
573 | { 0x2F01, "p256_frodo640shake" }, | |||
574 | { 0x0202, "frodo976aes" }, | |||
575 | { 0x2F02, "p384_frodo976aes" }, | |||
576 | { 0x0203, "frodo976shake" }, | |||
577 | { 0x2F03, "p384_frodo976shake" }, | |||
578 | { 0x0204, "frodo1344aes" }, | |||
579 | { 0x2F04, "p521_frodo1344aes" }, | |||
580 | { 0x0205, "frodo1344shake" }, | |||
581 | { 0x2F05, "p521_frodo1344shake" }, | |||
582 | { 0x023A, "kyber512" }, | |||
583 | { 0x2F3A, "p256_kyber512" }, | |||
584 | { 0x023C, "kyber768" }, | |||
585 | { 0x2F3C, "p384_kyber768" }, | |||
586 | { 0x023D, "kyber1024" }, | |||
587 | { 0x2F3D, "p521_kyber1024" }, | |||
588 | { 0x0214, "ntru_hps2048509" }, | |||
589 | { 0x2F14, "p256_ntru_hps2048509" }, | |||
590 | { 0x0215, "ntru_hps2048677" }, | |||
591 | { 0x2F15, "p384_ntru_hps2048677" }, | |||
592 | { 0x0216, "ntru_hps4096821" }, | |||
593 | { 0x2F16, "p521_ntru_hps4096821" }, | |||
594 | { 0x0245, "ntru_hps40961229" }, | |||
595 | { 0x2F45, "p521_ntru_hps40961229" }, | |||
596 | { 0x0217, "ntru_hrss701" }, | |||
597 | { 0x2F17, "p384_ntru_hrss701" }, | |||
598 | { 0x0246, "ntru_hrss1373" }, | |||
599 | { 0x2F46, "p521_ntru_hrss1373" }, | |||
600 | { 0x0218, "lightsaber" }, | |||
601 | { 0x2F18, "p256_lightsaber" }, | |||
602 | { 0x0219, "saber" }, | |||
603 | { 0x2F19, "p384_saber" }, | |||
604 | { 0x021A, "firesaber" }, | |||
605 | { 0x2F1A, "p521_firesaber" }, | |||
606 | { 0x021B, "sidhp434" }, | |||
607 | { 0x2F1B, "p256_sidhp434" }, | |||
608 | { 0x021C, "sidhp503" }, | |||
609 | { 0x2F1C, "p256_sidhp503" }, | |||
610 | { 0x021D, "sidhp610" }, | |||
611 | { 0x2F1D, "p384_sidhp610" }, | |||
612 | { 0x021E, "sidhp751" }, | |||
613 | { 0x2F1E, "p521_sidhp751" }, | |||
614 | { 0x021F, "sikep434" }, | |||
615 | { 0x2F1F, "p256_sikep434" }, | |||
616 | { 0x0220, "sikep503" }, | |||
617 | { 0x2F20, "p256_sikep503" }, | |||
618 | { 0x0221, "sikep610" }, | |||
619 | { 0x2F21, "p384_sikep610" }, | |||
620 | { 0x0222, "sikep751" }, | |||
621 | { 0x2F22, "p521_sikep751" }, | |||
622 | { 0x0238, "bikel1" }, | |||
623 | { 0x2F38, "p256_bikel1" }, | |||
624 | { 0x023B, "bikel3" }, | |||
625 | { 0x2F3B, "p384_bikel3" }, | |||
626 | { 0x023E, "kyber90s512" }, | |||
627 | { 0x2F3E, "p256_kyber90s512" }, | |||
628 | { 0x023F, "kyber90s768" }, | |||
629 | { 0x2F3F, "p384_kyber90s768" }, | |||
630 | { 0x0240, "kyber90s1024" }, | |||
631 | { 0x2F40, "p521_kyber90s1024" }, | |||
632 | { 0x022C, "hqc128" }, | |||
633 | { 0x2F2C, "p256_hqc128" }, | |||
634 | { 0x022D, "hqc192" }, | |||
635 | { 0x2F2D, "p384_hqc192" }, | |||
636 | { 0x022E, "hqc256" }, | |||
637 | { 0x2F2E, "p521_hqc256" }, | |||
638 | { 0x022F, "ntrulpr653" }, | |||
639 | { 0x2F2F, "p256_ntrulpr653" }, | |||
640 | { 0x0230, "ntrulpr761" }, | |||
641 | { 0x2F43, "p256_ntrulpr761" }, | |||
642 | { 0x0231, "ntrulpr857" }, | |||
643 | { 0x2F31, "p384_ntrulpr857" }, | |||
644 | { 0x0241, "ntrulpr1277" }, | |||
645 | { 0x2F41, "p521_ntrulpr1277" }, | |||
646 | { 0x0232, "sntrup653" }, | |||
647 | { 0x2F32, "p256_sntrup653" }, | |||
648 | { 0x0233, "sntrup761" }, | |||
649 | { 0x2F44, "p256_sntrup761" }, | |||
650 | { 0x0234, "sntrup857" }, | |||
651 | { 0x2F34, "p384_sntrup857" }, | |||
652 | { 0x0242, "sntrup1277" }, | |||
653 | { 0x2F42, "p521_sntrup1277" }, | |||
654 | /* Other PQ key exchange algorithms, using Reserved for Private Use values | |||
655 | https://blog.cloudflare.com/post-quantum-for-all | |||
656 | https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.txt */ | |||
657 | { 0xFE30, "X25519Kyber512Draft00 (OBSOLETE)" }, | |||
658 | { 0xFE31, "X25519Kyber768Draft00 (OBSOLETE)" }, | |||
659 | { 0x00, NULL((void*)0) } | |||
660 | }; | |||
661 | ||||
662 | const value_string ssl_curve_types[] = { | |||
663 | { 1, "explicit_prime" }, | |||
664 | { 2, "explicit_char2" }, | |||
665 | { 3, "named_curve" }, | |||
666 | { 0x00, NULL((void*)0) } | |||
667 | }; | |||
668 | ||||
669 | const value_string ssl_extension_ec_point_formats[] = { | |||
670 | { 0, "uncompressed" }, | |||
671 | { 1, "ansiX962_compressed_prime" }, | |||
672 | { 2, "ansiX962_compressed_char2" }, | |||
673 | { 0x00, NULL((void*)0) } | |||
674 | }; | |||
675 | ||||
676 | const value_string ssl_20_certificate_type[] = { | |||
677 | { 0x00, "N/A" }, | |||
678 | { 0x01, "X.509 Certificate" }, | |||
679 | { 0x00, NULL((void*)0) } | |||
680 | }; | |||
681 | ||||
682 | const value_string ssl_31_content_type[] = { | |||
683 | { 20, "Change Cipher Spec" }, | |||
684 | { 21, "Alert" }, | |||
685 | { 22, "Handshake" }, | |||
686 | { 23, "Application Data" }, | |||
687 | { 24, "Heartbeat" }, | |||
688 | { 25, "Connection ID" }, | |||
689 | { 0x00, NULL((void*)0) } | |||
690 | }; | |||
691 | ||||
692 | #if 0 | |||
693 | /* XXX - would be used if we dissected the body of a Change Cipher Spec | |||
694 | message. */ | |||
695 | const value_string ssl_31_change_cipher_spec[] = { | |||
696 | { 1, "Change Cipher Spec" }, | |||
697 | { 0x00, NULL((void*)0) } | |||
698 | }; | |||
699 | #endif | |||
700 | ||||
701 | const value_string ssl_31_alert_level[] = { | |||
702 | { 1, "Warning" }, | |||
703 | { 2, "Fatal" }, | |||
704 | { 0x00, NULL((void*)0) } | |||
705 | }; | |||
706 | ||||
707 | const value_string ssl_31_alert_description[] = { | |||
708 | { 0, "Close Notify" }, | |||
709 | { 1, "End of Early Data" }, | |||
710 | { 10, "Unexpected Message" }, | |||
711 | { 20, "Bad Record MAC" }, | |||
712 | { 21, "Decryption Failed" }, | |||
713 | { 22, "Record Overflow" }, | |||
714 | { 30, "Decompression Failure" }, | |||
715 | { 40, "Handshake Failure" }, | |||
716 | { 41, "No Certificate" }, | |||
717 | { 42, "Bad Certificate" }, | |||
718 | { 43, "Unsupported Certificate" }, | |||
719 | { 44, "Certificate Revoked" }, | |||
720 | { 45, "Certificate Expired" }, | |||
721 | { 46, "Certificate Unknown" }, | |||
722 | { 47, "Illegal Parameter" }, | |||
723 | { 48, "Unknown CA" }, | |||
724 | { 49, "Access Denied" }, | |||
725 | { 50, "Decode Error" }, | |||
726 | { 51, "Decrypt Error" }, | |||
727 | { 60, "Export Restriction" }, | |||
728 | { 70, "Protocol Version" }, | |||
729 | { 71, "Insufficient Security" }, | |||
730 | { 80, "Internal Error" }, | |||
731 | { 86, "Inappropriate Fallback" }, | |||
732 | { 90, "User Canceled" }, | |||
733 | { 100, "No Renegotiation" }, | |||
734 | { 109, "Missing Extension" }, | |||
735 | { 110, "Unsupported Extension" }, | |||
736 | { 111, "Certificate Unobtainable" }, | |||
737 | { 112, "Unrecognized Name" }, | |||
738 | { 113, "Bad Certificate Status Response" }, | |||
739 | { 114, "Bad Certificate Hash Value" }, | |||
740 | { 115, "Unknown PSK Identity" }, | |||
741 | { 116, "Certificate Required" }, | |||
742 | { 120, "No application Protocol" }, | |||
743 | { 121, "ECH Required" }, | |||
744 | { 0x00, NULL((void*)0) } | |||
745 | }; | |||
746 | ||||
747 | const value_string ssl_31_handshake_type[] = { | |||
748 | { SSL_HND_HELLO_REQUEST, "Hello Request" }, | |||
749 | { SSL_HND_CLIENT_HELLO, "Client Hello" }, | |||
750 | { SSL_HND_SERVER_HELLO, "Server Hello" }, | |||
751 | { SSL_HND_HELLO_VERIFY_REQUEST, "Hello Verify Request"}, | |||
752 | { SSL_HND_NEWSESSION_TICKET, "New Session Ticket" }, | |||
753 | { SSL_HND_END_OF_EARLY_DATA, "End of Early Data" }, | |||
754 | { SSL_HND_HELLO_RETRY_REQUEST, "Hello Retry Request" }, | |||
755 | { SSL_HND_ENCRYPTED_EXTENSIONS, "Encrypted Extensions" }, | |||
756 | { SSL_HND_CERTIFICATE, "Certificate" }, | |||
757 | { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" }, | |||
758 | { SSL_HND_CERT_REQUEST, "Certificate Request" }, | |||
759 | { SSL_HND_SVR_HELLO_DONE, "Server Hello Done" }, | |||
760 | { SSL_HND_CERT_VERIFY, "Certificate Verify" }, | |||
761 | { SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" }, | |||
762 | { SSL_HND_FINISHED, "Finished" }, | |||
763 | { SSL_HND_CERT_URL, "Client Certificate URL" }, | |||
764 | { SSL_HND_CERT_STATUS, "Certificate Status" }, | |||
765 | { SSL_HND_SUPPLEMENTAL_DATA, "Supplemental Data" }, | |||
766 | { SSL_HND_KEY_UPDATE, "Key Update" }, | |||
767 | { SSL_HND_COMPRESSED_CERTIFICATE, "Compressed Certificate" }, | |||
768 | { SSL_HND_ENCRYPTED_EXTS, "Encrypted Extensions" }, | |||
769 | { 0x00, NULL((void*)0) } | |||
770 | }; | |||
771 | ||||
772 | const value_string tls_heartbeat_type[] = { | |||
773 | { 1, "Request" }, | |||
774 | { 2, "Response" }, | |||
775 | { 0x00, NULL((void*)0) } | |||
776 | }; | |||
777 | ||||
778 | const value_string tls_heartbeat_mode[] = { | |||
779 | { 1, "Peer allowed to send requests" }, | |||
780 | { 2, "Peer not allowed to send requests" }, | |||
781 | { 0x00, NULL((void*)0) } | |||
782 | }; | |||
783 | ||||
784 | const value_string ssl_31_compression_method[] = { | |||
785 | { 0, "null" }, | |||
786 | { 1, "DEFLATE" }, | |||
787 | { 64, "LZS" }, | |||
788 | { 0x00, NULL((void*)0) } | |||
789 | }; | |||
790 | ||||
791 | #if 0 | |||
792 | /* XXX - would be used if we dissected a Signature, as would be | |||
793 | seen in a server key exchange or certificate verify message. */ | |||
794 | const value_string ssl_31_key_exchange_algorithm[] = { | |||
795 | { 0, "RSA" }, | |||
796 | { 1, "Diffie Hellman" }, | |||
797 | { 0x00, NULL((void*)0) } | |||
798 | }; | |||
799 | ||||
800 | const value_string ssl_31_signature_algorithm[] = { | |||
801 | { 0, "Anonymous" }, | |||
802 | { 1, "RSA" }, | |||
803 | { 2, "DSA" }, | |||
804 | { 0x00, NULL((void*)0) } | |||
805 | }; | |||
806 | #endif | |||
807 | ||||
808 | const value_string ssl_31_client_certificate_type[] = { | |||
809 | { 1, "RSA Sign" }, | |||
810 | { 2, "DSS Sign" }, | |||
811 | { 3, "RSA Fixed DH" }, | |||
812 | { 4, "DSS Fixed DH" }, | |||
813 | /* GOST certificate types */ | |||
814 | /* Section 3.5 of draft-chudov-cryptopro-cptls-04 */ | |||
815 | { 21, "GOST R 34.10-94" }, | |||
816 | { 22, "GOST R 34.10-2001" }, | |||
817 | /* END GOST certificate types */ | |||
818 | { 64, "ECDSA Sign" }, | |||
819 | { 65, "RSA Fixed ECDH" }, | |||
820 | { 66, "ECDSA Fixed ECDH" }, | |||
821 | { 80, "IBC Params" }, | |||
822 | { 0x00, NULL((void*)0) } | |||
823 | }; | |||
824 | ||||
825 | #if 0 | |||
826 | /* XXX - would be used if we dissected exchange keys, as would be | |||
827 | seen in a client key exchange message. */ | |||
828 | const value_string ssl_31_public_value_encoding[] = { | |||
829 | { 0, "Implicit" }, | |||
830 | { 1, "Explicit" }, | |||
831 | { 0x00, NULL((void*)0) } | |||
832 | }; | |||
833 | #endif | |||
834 | ||||
835 | /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ | |||
836 | /* Note: sorted by ascending value so value_string_ext fcns can do a binary search */ | |||
837 | static const value_string ssl_31_ciphersuite[] = { | |||
838 | /* RFC 2246, RFC 4346, RFC 5246 */ | |||
839 | { 0x0000, "TLS_NULL_WITH_NULL_NULL" }, | |||
840 | { 0x0001, "TLS_RSA_WITH_NULL_MD5" }, | |||
841 | { 0x0002, "TLS_RSA_WITH_NULL_SHA" }, | |||
842 | { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, | |||
843 | { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" }, | |||
844 | { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" }, | |||
845 | { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, | |||
846 | { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, | |||
847 | { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
848 | { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" }, | |||
849 | { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
850 | { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | |||
851 | { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, | |||
852 | { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
853 | { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
854 | { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, | |||
855 | { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
856 | { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | |||
857 | { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, | |||
858 | { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
859 | { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | |||
860 | { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, | |||
861 | { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
862 | { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, | |||
863 | { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" }, | |||
864 | { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, | |||
865 | { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" }, | |||
866 | { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, | |||
867 | ||||
868 | { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" }, | |||
869 | { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, | |||
870 | #if 0 /* Because it clashes with KRB5, is never used any more, and is safe | |||
871 | to remove according to David Hopwood <[email protected]> | |||
872 | of the ietf-tls list */ | |||
873 | { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, | |||
874 | #endif | |||
875 | /* RFC 2712 */ | |||
876 | { 0x001E, "TLS_KRB5_WITH_DES_CBC_SHA" }, | |||
877 | { 0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, | |||
878 | { 0x0020, "TLS_KRB5_WITH_RC4_128_SHA" }, | |||
879 | { 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, | |||
880 | { 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5" }, | |||
881 | { 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, | |||
882 | { 0x0024, "TLS_KRB5_WITH_RC4_128_MD5" }, | |||
883 | { 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, | |||
884 | { 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, | |||
885 | { 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, | |||
886 | { 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, | |||
887 | { 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, | |||
888 | { 0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, | |||
889 | { 0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, | |||
890 | /* RFC 4785 */ | |||
891 | { 0x002C, "TLS_PSK_WITH_NULL_SHA" }, | |||
892 | { 0x002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, | |||
893 | { 0x002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, | |||
894 | /* RFC 5246 */ | |||
895 | { 0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA" }, | |||
896 | { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, | |||
897 | { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, | |||
898 | { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, | |||
899 | { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, | |||
900 | { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, | |||
901 | { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, | |||
902 | { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, | |||
903 | { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, | |||
904 | { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, | |||
905 | { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, | |||
906 | { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, | |||
907 | { 0x003B, "TLS_RSA_WITH_NULL_SHA256" }, | |||
908 | { 0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, | |||
909 | { 0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, | |||
910 | { 0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, | |||
911 | { 0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, | |||
912 | { 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, | |||
913 | /* RFC 4132 */ | |||
914 | { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
915 | { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | |||
916 | { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
917 | { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | |||
918 | { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | |||
919 | { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, | |||
920 | /* 0x00,0x60-66 Reserved to avoid conflicts with widely deployed implementations */ | |||
921 | /* --- ??? --- */ | |||
922 | { 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" }, | |||
923 | { 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" }, | |||
924 | /* draft-ietf-tls-56-bit-ciphersuites-01.txt */ | |||
925 | { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" }, | |||
926 | { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" }, | |||
927 | { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" }, | |||
928 | { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" }, | |||
929 | { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" }, | |||
930 | /* --- ??? ---*/ | |||
931 | { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, | |||
932 | { 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, | |||
933 | { 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, | |||
934 | { 0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, | |||
935 | { 0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, | |||
936 | { 0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, | |||
937 | { 0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, | |||
938 | /* draft-chudov-cryptopro-cptls-04.txt */ | |||
939 | { 0x0080, "TLS_GOSTR341094_WITH_28147_CNT_IMIT" }, | |||
940 | { 0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT" }, | |||
941 | { 0x0082, "TLS_GOSTR341094_WITH_NULL_GOSTR3411" }, | |||
942 | { 0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411" }, | |||
943 | /* RFC 4132 */ | |||
944 | { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
945 | { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | |||
946 | { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
947 | { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | |||
948 | { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | |||
949 | { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, | |||
950 | /* RFC 4279 */ | |||
951 | { 0x008A, "TLS_PSK_WITH_RC4_128_SHA" }, | |||
952 | { 0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
953 | { 0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, | |||
954 | { 0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, | |||
955 | { 0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, | |||
956 | { 0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
957 | { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, | |||
958 | { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, | |||
959 | { 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, | |||
960 | { 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
961 | { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, | |||
962 | { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, | |||
963 | /* RFC 4162 */ | |||
964 | { 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA" }, | |||
965 | { 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, | |||
966 | { 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, | |||
967 | { 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, | |||
968 | { 0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, | |||
969 | { 0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, | |||
970 | /* RFC 5288 */ | |||
971 | { 0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, | |||
972 | { 0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, | |||
973 | { 0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, | |||
974 | { 0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, | |||
975 | { 0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, | |||
976 | { 0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, | |||
977 | { 0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, | |||
978 | { 0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, | |||
979 | { 0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, | |||
980 | { 0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, | |||
981 | { 0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, | |||
982 | { 0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, | |||
983 | /* RFC 5487 */ | |||
984 | { 0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, | |||
985 | { 0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, | |||
986 | { 0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, | |||
987 | { 0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, | |||
988 | { 0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, | |||
989 | { 0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, | |||
990 | { 0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, | |||
991 | { 0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, | |||
992 | { 0x00B0, "TLS_PSK_WITH_NULL_SHA256" }, | |||
993 | { 0x00B1, "TLS_PSK_WITH_NULL_SHA384" }, | |||
994 | { 0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, | |||
995 | { 0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, | |||
996 | { 0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, | |||
997 | { 0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, | |||
998 | { 0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, | |||
999 | { 0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, | |||
1000 | { 0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, | |||
1001 | { 0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, | |||
1002 | /* From RFC 5932 */ | |||
1003 | { 0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1004 | { 0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1005 | { 0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1006 | { 0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1007 | { 0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1008 | { 0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1009 | { 0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
1010 | { 0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
1011 | { 0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
1012 | { 0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
1013 | { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
1014 | { 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, | |||
1015 | /* RFC 8998 */ | |||
1016 | { 0x00C6, "TLS_SM4_GCM_SM3" }, | |||
1017 | { 0x00C7, "TLS_SM4_CCM_SM3" }, | |||
1018 | /* 0x00,0xC8-FE Unassigned */ | |||
1019 | /* From RFC 5746 */ | |||
1020 | { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, | |||
1021 | /* RFC 8701 */ | |||
1022 | { 0x0A0A, "Reserved (GREASE)" }, | |||
1023 | /* RFC 8446 */ | |||
1024 | { 0x1301, "TLS_AES_128_GCM_SHA256" }, | |||
1025 | { 0x1302, "TLS_AES_256_GCM_SHA384" }, | |||
1026 | { 0x1303, "TLS_CHACHA20_POLY1305_SHA256" }, | |||
1027 | { 0x1304, "TLS_AES_128_CCM_SHA256" }, | |||
1028 | { 0x1305, "TLS_AES_128_CCM_8_SHA256" }, | |||
1029 | /* RFC 8701 */ | |||
1030 | { 0x1A1A, "Reserved (GREASE)" }, | |||
1031 | { 0x2A2A, "Reserved (GREASE)" }, | |||
1032 | { 0x3A3A, "Reserved (GREASE)" }, | |||
1033 | { 0x4A4A, "Reserved (GREASE)" }, | |||
1034 | /* From RFC 7507 */ | |||
1035 | { 0x5600, "TLS_FALLBACK_SCSV" }, | |||
1036 | /* RFC 8701 */ | |||
1037 | { 0x5A5A, "Reserved (GREASE)" }, | |||
1038 | { 0x6A6A, "Reserved (GREASE)" }, | |||
1039 | { 0x7A7A, "Reserved (GREASE)" }, | |||
1040 | { 0x8A8A, "Reserved (GREASE)" }, | |||
1041 | { 0x9A9A, "Reserved (GREASE)" }, | |||
1042 | { 0xAAAA, "Reserved (GREASE)" }, | |||
1043 | { 0xBABA, "Reserved (GREASE)" }, | |||
1044 | /* From RFC 4492 */ | |||
1045 | { 0xc001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, | |||
1046 | { 0xc002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, | |||
1047 | { 0xc003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | |||
1048 | { 0xc004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, | |||
1049 | { 0xc005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, | |||
1050 | { 0xc006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, | |||
1051 | { 0xc007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, | |||
1052 | { 0xc008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | |||
1053 | { 0xc009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, | |||
1054 | { 0xc00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, | |||
1055 | { 0xc00b, "TLS_ECDH_RSA_WITH_NULL_SHA" }, | |||
1056 | { 0xc00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, | |||
1057 | { 0xc00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
1058 | { 0xc00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, | |||
1059 | { 0xc00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, | |||
1060 | { 0xc010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, | |||
1061 | { 0xc011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, | |||
1062 | { 0xc012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
1063 | { 0xc013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, | |||
1064 | { 0xc014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, | |||
1065 | { 0xc015, "TLS_ECDH_anon_WITH_NULL_SHA" }, | |||
1066 | { 0xc016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, | |||
1067 | { 0xc017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, | |||
1068 | { 0xc018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, | |||
1069 | { 0xc019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, | |||
1070 | /* RFC 5054 */ | |||
1071 | { 0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, | |||
1072 | { 0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, | |||
1073 | { 0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, | |||
1074 | { 0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, | |||
1075 | { 0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, | |||
1076 | { 0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, | |||
1077 | { 0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, | |||
1078 | { 0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, | |||
1079 | { 0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, | |||
1080 | /* RFC 5589 */ | |||
1081 | { 0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, | |||
1082 | { 0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, | |||
1083 | { 0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, | |||
1084 | { 0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, | |||
1085 | { 0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, | |||
1086 | { 0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, | |||
1087 | { 0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, | |||
1088 | { 0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, | |||
1089 | { 0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, | |||
1090 | { 0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, | |||
1091 | { 0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, | |||
1092 | { 0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, | |||
1093 | { 0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, | |||
1094 | { 0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, | |||
1095 | { 0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, | |||
1096 | { 0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, | |||
1097 | /* RFC 5489 */ | |||
1098 | { 0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, | |||
1099 | { 0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | |||
1100 | { 0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, | |||
1101 | { 0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, | |||
1102 | { 0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, | |||
1103 | { 0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, | |||
1104 | { 0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, | |||
1105 | { 0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, | |||
1106 | { 0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, | |||
1107 | /* RFC 6209 */ | |||
1108 | { 0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256" }, | |||
1109 | { 0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384" }, | |||
1110 | { 0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" }, | |||
1111 | { 0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" }, | |||
1112 | { 0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" }, | |||
1113 | { 0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" }, | |||
1114 | { 0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" }, | |||
1115 | { 0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" }, | |||
1116 | { 0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" }, | |||
1117 | { 0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" }, | |||
1118 | { 0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" }, | |||
1119 | { 0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" }, | |||
1120 | { 0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" }, | |||
1121 | { 0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" }, | |||
1122 | { 0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" }, | |||
1123 | { 0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" }, | |||
1124 | { 0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" }, | |||
1125 | { 0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" }, | |||
1126 | { 0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" }, | |||
1127 | { 0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" }, | |||
1128 | { 0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256" }, | |||
1129 | { 0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384" }, | |||
1130 | { 0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" }, | |||
1131 | { 0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" }, | |||
1132 | { 0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" }, | |||
1133 | { 0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" }, | |||
1134 | { 0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" }, | |||
1135 | { 0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" }, | |||
1136 | { 0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" }, | |||
1137 | { 0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" }, | |||
1138 | { 0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" }, | |||
1139 | { 0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" }, | |||
1140 | { 0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" }, | |||
1141 | { 0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" }, | |||
1142 | { 0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" }, | |||
1143 | { 0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" }, | |||
1144 | { 0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" }, | |||
1145 | { 0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" }, | |||
1146 | { 0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" }, | |||
1147 | { 0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" }, | |||
1148 | { 0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256" }, | |||
1149 | { 0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384" }, | |||
1150 | { 0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" }, | |||
1151 | { 0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" }, | |||
1152 | { 0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" }, | |||
1153 | { 0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" }, | |||
1154 | { 0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256" }, | |||
1155 | { 0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384" }, | |||
1156 | { 0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" }, | |||
1157 | { 0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" }, | |||
1158 | { 0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" }, | |||
1159 | { 0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" }, | |||
1160 | { 0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" }, | |||
1161 | { 0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" }, | |||
1162 | /* RFC 6367 */ | |||
1163 | { 0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1164 | { 0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
1165 | { 0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1166 | { 0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
1167 | { 0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1168 | { 0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
1169 | { 0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1170 | { 0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
1171 | { 0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1172 | { 0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1173 | { 0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1174 | { 0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1175 | { 0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1176 | { 0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1177 | { 0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1178 | { 0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1179 | { 0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1180 | { 0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1181 | { 0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1182 | { 0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1183 | { 0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1184 | { 0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1185 | { 0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1186 | { 0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1187 | { 0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1188 | { 0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1189 | { 0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1190 | { 0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1191 | { 0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1192 | { 0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1193 | { 0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1194 | { 0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1195 | { 0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, | |||
1196 | { 0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, | |||
1197 | { 0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1198 | { 0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
1199 | { 0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1200 | { 0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
1201 | { 0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1202 | { 0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
1203 | { 0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | |||
1204 | { 0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | |||
1205 | /* RFC 6655 */ | |||
1206 | { 0xC09C, "TLS_RSA_WITH_AES_128_CCM" }, | |||
1207 | { 0xC09D, "TLS_RSA_WITH_AES_256_CCM" }, | |||
1208 | { 0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM" }, | |||
1209 | { 0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM" }, | |||
1210 | { 0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8" }, | |||
1211 | { 0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8" }, | |||
1212 | { 0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8" }, | |||
1213 | { 0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8" }, | |||
1214 | { 0xC0A4, "TLS_PSK_WITH_AES_128_CCM" }, | |||
1215 | { 0xC0A5, "TLS_PSK_WITH_AES_256_CCM" }, | |||
1216 | { 0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM" }, | |||
1217 | { 0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM" }, | |||
1218 | { 0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8" }, | |||
1219 | { 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8" }, | |||
1220 | { 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8" }, | |||
1221 | { 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8" }, | |||
1222 | /* RFC 7251 */ | |||
1223 | { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" }, | |||
1224 | { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" }, | |||
1225 | { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" }, | |||
1226 | { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" }, | |||
1227 | /* RFC 8492 */ | |||
1228 | { 0xC0B0, "TLS_ECCPWD_WITH_AES_128_GCM_SHA256" }, | |||
1229 | { 0xC0B1, "TLS_ECCPWD_WITH_AES_256_GCM_SHA384" }, | |||
1230 | { 0xC0B2, "TLS_ECCPWD_WITH_AES_128_CCM_SHA256" }, | |||
1231 | { 0xC0B3, "TLS_ECCPWD_WITH_AES_256_CCM_SHA384" }, | |||
1232 | /* draft-camwinget-tls-ts13-macciphersuites */ | |||
1233 | { 0xC0B4, "TLS_SHA256_SHA256" }, | |||
1234 | { 0xC0B5, "TLS_SHA384_SHA384" }, | |||
1235 | /* https://www.ietf.org/archive/id/draft-cragie-tls-ecjpake-01.txt */ | |||
1236 | { 0xC0FF, "TLS_ECJPAKE_WITH_AES_128_CCM_8" }, | |||
1237 | /* draft-smyshlyaev-tls12-gost-suites */ | |||
1238 | { 0xC100, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC" }, | |||
1239 | { 0xC101, "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC" }, | |||
1240 | { 0xC102, "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT" }, | |||
1241 | /* draft-smyshlyaev-tls13-gost-suites */ | |||
1242 | { 0xC103, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L" }, | |||
1243 | { 0xC104, "TLS_GOSTR341112_256_WITH_MAGMA_MGM_L" }, | |||
1244 | { 0xC105, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S" }, | |||
1245 | { 0xC106, "TLS_GOSTR341112_256_WITH_MAGMA_MGM_S" }, | |||
1246 | /* RFC 8701 */ | |||
1247 | { 0xCACA, "Reserved (GREASE)" }, | |||
1248 | /* | |||
1249 | 0xC0,0xAB-FF Unassigned | |||
1250 | 0xC1,0x03-FD,* Unassigned | |||
1251 | 0xFE,0x00-FD Unassigned | |||
1252 | 0xFE,0xFE-FF Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen] | |||
1253 | 0xFF,0x00-FF Reserved for Private Use [RFC5246] | |||
1254 | */ | |||
1255 | /* old numbers used in the beginning | |||
1256 | * https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305 */ | |||
1257 | { 0xCC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
1258 | { 0xCC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
1259 | { 0xCC15, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
1260 | /* RFC 7905 */ | |||
1261 | { 0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
1262 | { 0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
1263 | { 0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | |||
1264 | { 0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
1265 | { 0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
1266 | { 0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
1267 | { 0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | |||
1268 | /* RFC 8442 */ | |||
1269 | { 0xD001, "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256" }, | |||
1270 | { 0xD002, "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384" }, | |||
1271 | { 0xD003, "TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256" }, | |||
1272 | { 0xD005, "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256" }, | |||
1273 | /* RFC 8701 */ | |||
1274 | { 0xDADA, "Reserved (GREASE)" }, | |||
1275 | /* GM/T 0024-2014 */ | |||
1276 | { 0xe001, "ECDHE_SM1_SM3"}, | |||
1277 | { 0xe003, "ECC_SM1_SM3"}, | |||
1278 | { 0xe005, "IBSDH_SM1_SM3"}, | |||
1279 | { 0xe007, "IBC_SM1_SM3"}, | |||
1280 | { 0xe009, "RSA_SM1_SM3"}, | |||
1281 | { 0xe00a, "RSA_SM1_SHA1"}, | |||
1282 | { 0xe011, "ECDHE_SM4_CBC_SM3"}, | |||
1283 | { 0xe013, "ECC_SM4_CBC_SM3"}, | |||
1284 | { 0xe015, "IBSDH_SM4_CBC_SM3"}, | |||
1285 | { 0xe017, "IBC_SM4_CBC_SM3"}, | |||
1286 | { 0xe019, "RSA_SM4_CBC_SM3"}, | |||
1287 | { 0xe01a, "RSA_SM4_CBC_SHA1"}, | |||
1288 | { 0xe01c, "RSA_SM4_CBC_SHA256"}, | |||
1289 | { 0xe051, "ECDHE_SM4_GCM_SM3"}, | |||
1290 | { 0xe053, "ECC_SM4_GCM_SM3"}, | |||
1291 | { 0xe055, "IBSDH_SM4_GCM_SM3"}, | |||
1292 | { 0xe057, "IBC_SM4_GCM_SM3"}, | |||
1293 | { 0xe059, "RSA_SM4_GCM_SM3"}, | |||
1294 | { 0xe05a, "RSA_SM4_GCM_SHA256"}, | |||
1295 | /* https://tools.ietf.org/html/draft-josefsson-salsa20-tls */ | |||
1296 | { 0xE410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
1297 | { 0xE411, "TLS_RSA_WITH_SALSA20_SHA1" }, | |||
1298 | { 0xE412, "TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
1299 | { 0xE413, "TLS_ECDHE_RSA_WITH_SALSA20_SHA1" }, | |||
1300 | { 0xE414, "TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
1301 | { 0xE415, "TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1" }, | |||
1302 | { 0xE416, "TLS_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
1303 | { 0xE417, "TLS_PSK_WITH_SALSA20_SHA1" }, | |||
1304 | { 0xE418, "TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
1305 | { 0xE419, "TLS_ECDHE_PSK_WITH_SALSA20_SHA1" }, | |||
1306 | { 0xE41A, "TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
1307 | { 0xE41B, "TLS_RSA_PSK_WITH_SALSA20_SHA1" }, | |||
1308 | { 0xE41C, "TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | |||
1309 | { 0xE41D, "TLS_DHE_PSK_WITH_SALSA20_SHA1" }, | |||
1310 | { 0xE41E, "TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | |||
1311 | { 0xE41F, "TLS_DHE_RSA_WITH_SALSA20_SHA1" }, | |||
1312 | /* RFC 8701 */ | |||
1313 | { 0xEAEA, "Reserved (GREASE)" }, | |||
1314 | { 0xFAFA, "Reserved (GREASE)" }, | |||
1315 | /* these from http://www.mozilla.org/projects/ | |||
1316 | security/pki/nss/ssl/fips-ssl-ciphersuites.html */ | |||
1317 | { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, | |||
1318 | { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | |||
1319 | { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | |||
1320 | { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA" }, | |||
1321 | /* note that ciphersuites 0xff00 - 0xffff are private */ | |||
1322 | { 0x00, NULL((void*)0) } | |||
1323 | }; | |||
1324 | ||||
1325 | value_string_ext ssl_31_ciphersuite_ext = VALUE_STRING_EXT_INIT(ssl_31_ciphersuite){ _try_val_to_str_ext_init, 0, (sizeof (ssl_31_ciphersuite) / sizeof ((ssl_31_ciphersuite)[0]))-1, ssl_31_ciphersuite, "ssl_31_ciphersuite" }; | |||
1326 | ||||
1327 | /* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1 */ | |||
1328 | const value_string tls_hello_extension_types[] = { | |||
1329 | { SSL_HND_HELLO_EXT_SERVER_NAME0, "server_name" }, /* RFC 6066 */ | |||
1330 | { SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH1, "max_fragment_length" },/* RFC 6066 */ | |||
1331 | { SSL_HND_HELLO_EXT_CLIENT_CERTIFICATE_URL2, "client_certificate_url" }, /* RFC 6066 */ | |||
1332 | { SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS3, "trusted_ca_keys" }, /* RFC 6066 */ | |||
1333 | { SSL_HND_HELLO_EXT_TRUNCATED_HMAC4, "truncated_hmac" }, /* RFC 6066 */ | |||
1334 | { SSL_HND_HELLO_EXT_STATUS_REQUEST5, "status_request" }, /* RFC 6066 */ | |||
1335 | { SSL_HND_HELLO_EXT_USER_MAPPING6, "user_mapping" }, /* RFC 4681 */ | |||
1336 | { SSL_HND_HELLO_EXT_CLIENT_AUTHZ7, "client_authz" }, /* RFC 5878 */ | |||
1337 | { SSL_HND_HELLO_EXT_SERVER_AUTHZ8, "server_authz" }, /* RFC 5878 */ | |||
1338 | { SSL_HND_HELLO_EXT_CERT_TYPE9, "cert_type" }, /* RFC 6091 */ | |||
1339 | { SSL_HND_HELLO_EXT_SUPPORTED_GROUPS10, "supported_groups" }, /* RFC 4492, RFC 7919 */ | |||
1340 | { SSL_HND_HELLO_EXT_EC_POINT_FORMATS11, "ec_point_formats" }, /* RFC 4492 */ | |||
1341 | { SSL_HND_HELLO_EXT_SRP12, "srp" }, /* RFC 5054 */ | |||
1342 | { SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS13, "signature_algorithms" }, /* RFC 5246 */ | |||
1343 | { SSL_HND_HELLO_EXT_USE_SRTP14, "use_srtp" }, /* RFC 5764 */ | |||
1344 | { SSL_HND_HELLO_EXT_HEARTBEAT15, "heartbeat" }, /* RFC 6520 */ | |||
1345 | { SSL_HND_HELLO_EXT_ALPN16, "application_layer_protocol_negotiation" }, /* RFC 7301 */ | |||
1346 | { SSL_HND_HELLO_EXT_STATUS_REQUEST_V217, "status_request_v2" }, /* RFC 6961 */ | |||
1347 | { SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP18, "signed_certificate_timestamp" }, /* RFC 6962 */ | |||
1348 | { SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19, "client_certificate_type" }, /* RFC 7250 */ | |||
1349 | { SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20, "server_certificate_type" }, /* RFC 7250 */ | |||
1350 | { SSL_HND_HELLO_EXT_PADDING21, "padding" }, /* RFC 7685 */ | |||
1351 | { SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC22, "encrypt_then_mac" }, /* RFC 7366 */ | |||
1352 | { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET23, "extended_master_secret" }, /* RFC 7627 */ | |||
1353 | { SSL_HND_HELLO_EXT_TOKEN_BINDING24, "token_binding" }, /* https://tools.ietf.org/html/draft-ietf-tokbind-negotiation */ | |||
1354 | { SSL_HND_HELLO_EXT_CACHED_INFO25, "cached_info" }, /* RFC 7924 */ | |||
1355 | { SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE27, "compress_certificate" }, /* https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03 */ | |||
1356 | { SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT28, "record_size_limit" }, /* RFC 8449 */ | |||
1357 | { SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS34, "delegated_credentials" }, /* draft-ietf-tls-subcerts-10.txt */ | |||
1358 | { SSL_HND_HELLO_EXT_SESSION_TICKET_TLS35, "session_ticket" }, /* RFC 5077 / RFC 8447 */ | |||
1359 | { SSL_HND_HELLO_EXT_KEY_SHARE_OLD40, "Reserved (key_share)" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-22 (removed in -23) */ | |||
1360 | { SSL_HND_HELLO_EXT_PRE_SHARED_KEY41, "pre_shared_key" }, /* RFC 8446 */ | |||
1361 | { SSL_HND_HELLO_EXT_EARLY_DATA42, "early_data" }, /* RFC 8446 */ | |||
1362 | { SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43, "supported_versions" }, /* RFC 8446 */ | |||
1363 | { SSL_HND_HELLO_EXT_COOKIE44, "cookie" }, /* RFC 8446 */ | |||
1364 | { SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES45, "psk_key_exchange_modes" }, /* RFC 8446 */ | |||
1365 | { SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO46, "Reserved (ticket_early_data_info)" }, /* draft-ietf-tls-tls13-18 (removed in -19) */ | |||
1366 | { SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES47, "certificate_authorities" }, /* RFC 8446 */ | |||
1367 | { SSL_HND_HELLO_EXT_OID_FILTERS48, "oid_filters" }, /* RFC 8446 */ | |||
1368 | { SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH49, "post_handshake_auth" }, /* RFC 8446 */ | |||
1369 | { SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT50, "signature_algorithms_cert" }, /* RFC 8446 */ | |||
1370 | { SSL_HND_HELLO_EXT_KEY_SHARE51, "key_share" }, /* RFC 8446 */ | |||
1371 | { SSL_HND_HELLO_EXT_TRANSPARENCY_INFO52, "transparency_info" }, /* draft-ietf-trans-rfc6962-bis-41 */ | |||
1372 | { SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED53, "connection_id (deprecated)" }, /* draft-ietf-tls-dtls-connection-id-07 */ | |||
1373 | { SSL_HND_HELLO_EXT_CONNECTION_ID54, "connection_id" }, /* RFC 9146 */ | |||
1374 | { SSL_HND_HELLO_EXT_EXTERNAL_ID_HASH55, "external_id_hash" }, /* RFC 8844 */ | |||
1375 | { SSL_HND_HELLO_EXT_EXTERNAL_SESSION_ID56, "external_session_id" }, /* RFC 8844 */ | |||
1376 | { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V157, "quic_transport_parameters" }, /* draft-ietf-quic-tls-33 */ | |||
1377 | { SSL_HND_HELLO_EXT_TICKET_REQUEST58, "ticket_request" }, /* draft-ietf-tls-ticketrequests-07 */ | |||
1378 | { SSL_HND_HELLO_EXT_DNSSEC_CHAIN59, "dnssec_chain" }, /* RFC 9102 */ | |||
1379 | { SSL_HND_HELLO_EXT_GREASE_0A0A2570, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1380 | { SSL_HND_HELLO_EXT_GREASE_1A1A6682, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1381 | { SSL_HND_HELLO_EXT_GREASE_2A2A10794, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1382 | { SSL_HND_HELLO_EXT_NPN13172, "next_protocol_negotiation"}, /* https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-03.html */ | |||
1383 | { SSL_HND_HELLO_EXT_GREASE_3A3A14906, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1384 | { SSL_HND_HELLO_EXT_ALPS17513, "application_settings" }, /* draft-vvv-tls-alps-01 */ | |||
1385 | { SSL_HND_HELLO_EXT_GREASE_4A4A19018, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1386 | { SSL_HND_HELLO_EXT_GREASE_5A5A23130, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1387 | { SSL_HND_HELLO_EXT_GREASE_6A6A27242, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1388 | { SSL_HND_HELLO_EXT_CHANNEL_ID_OLD30031, "channel_id_old" }, /* https://tools.ietf.org/html/draft-balfanz-tls-channelid-00 | |||
1389 | https://twitter.com/ericlaw/status/274237352531083264 */ | |||
1390 | { SSL_HND_HELLO_EXT_CHANNEL_ID30032, "channel_id" }, /* https://tools.ietf.org/html/draft-balfanz-tls-channelid-01 | |||
1391 | https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/sslt.h&l=209 */ | |||
1392 | { SSL_HND_HELLO_EXT_RENEGOTIATION_INFO65281, "renegotiation_info" }, /* RFC 5746 */ | |||
1393 | { SSL_HND_HELLO_EXT_GREASE_7A7A31354, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1394 | { SSL_HND_HELLO_EXT_GREASE_8A8A35466, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1395 | { SSL_HND_HELLO_EXT_GREASE_9A9A39578, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1396 | { SSL_HND_HELLO_EXT_GREASE_AAAA43690, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1397 | { SSL_HND_HELLO_EXT_GREASE_BABA47802, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1398 | { SSL_HND_HELLO_EXT_GREASE_CACA51914, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1399 | { SSL_HND_HELLO_EXT_GREASE_DADA56026, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1400 | { SSL_HND_HELLO_EXT_GREASE_EAEA60138, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1401 | { SSL_HND_HELLO_EXT_GREASE_FAFA64250, "Reserved (GREASE)" }, /* RFC 8701 */ | |||
1402 | { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS65445, "quic_transport_parameters (drafts version)" }, /* https://tools.ietf.org/html/draft-ietf-quic-tls */ | |||
1403 | { SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME65486, "encrypted_server_name" }, /* https://tools.ietf.org/html/draft-ietf-tls-esni-01 */ | |||
1404 | { SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037, "encrypted_client_hello" }, /* https://datatracker.ietf.org/doc/draft-ietf-tls-esni/17/ */ | |||
1405 | { SSL_HND_HELLO_EXT_ECH_OUTER_EXTENSIONS64768, "ech_outer_extensions" }, /* https://datatracker.ietf.org/doc/draft-ietf-tls-esni/17/ */ | |||
1406 | { 0, NULL((void*)0) } | |||
1407 | }; | |||
1408 | ||||
1409 | const value_string tls_hello_ext_server_name_type_vs[] = { | |||
1410 | { 0, "host_name" }, | |||
1411 | { 0, NULL((void*)0) } | |||
1412 | }; | |||
1413 | ||||
1414 | /* RFC 6066 Section 4 */ | |||
1415 | const value_string tls_hello_ext_max_fragment_length[] = { | |||
1416 | { 1, "512" }, // 2^9 | |||
1417 | { 2, "1024" }, // 2^10 | |||
1418 | { 3, "2048" }, // 2^11 | |||
1419 | { 4, "4096" }, // 2^12 | |||
1420 | { 0, NULL((void*)0) } | |||
1421 | }; | |||
1422 | ||||
1423 | /* RFC 8446 Section 4.2.9 */ | |||
1424 | const value_string tls_hello_ext_psk_ke_mode[] = { | |||
1425 | { 0, "PSK-only key establishment (psk_ke)" }, | |||
1426 | { 1, "PSK with (EC)DHE key establishment (psk_dhe_ke)" }, | |||
1427 | { 0, NULL((void*)0) } | |||
1428 | }; | |||
1429 | ||||
1430 | /* RFC 6066 Section 6 */ | |||
1431 | const value_string tls_hello_ext_trusted_ca_key_type[] = { | |||
1432 | {0, "pre_agreed"}, | |||
1433 | {1, "key_sha1_hash"}, | |||
1434 | {2, "x509_name"}, | |||
1435 | {3, "cert_sha1_hash"}, | |||
1436 | {0, NULL((void*)0)} | |||
1437 | }; | |||
1438 | ||||
1439 | const value_string tls13_key_update_request[] = { | |||
1440 | { 0, "update_not_requested" }, | |||
1441 | { 1, "update_requested" }, | |||
1442 | { 0, NULL((void*)0) } | |||
1443 | }; | |||
1444 | ||||
1445 | /* RFC 5246 7.4.1.4.1 */ | |||
1446 | /* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ | |||
1447 | /* Note that the TLS 1.3 SignatureScheme registry reserves all values | |||
1448 | * with first octet 0x00-0x06 and all values with second octet 0x00-0x03 | |||
1449 | * for backwards compatibility with TLS 1.2 SignatureAndHashAlgorithm. | |||
1450 | * | |||
1451 | * RFC 8422 and RFC 9189 add official support in TLS 1.2 for some algorithms | |||
1452 | * originally defined for TLS 1.3, and extend the TLS SignatureAlgorithm | |||
1453 | * and TLS HashAlgorithm registries, but the new values are not compatible | |||
1454 | * with all of the TLS 1.3-only SignatureSchemes. Adding those values could | |||
1455 | * cause confusion if used to interpret one of those schemes in a | |||
1456 | * signature_algorithms extension offered in a TLS 1.3 ClientHello. | |||
1457 | */ | |||
1458 | const value_string tls_hash_algorithm[] = { | |||
1459 | { 0, "None" }, | |||
1460 | { 1, "MD5" }, | |||
1461 | { 2, "SHA1" }, | |||
1462 | { 3, "SHA224" }, | |||
1463 | { 4, "SHA256" }, | |||
1464 | { 5, "SHA384" }, | |||
1465 | { 6, "SHA512" }, | |||
1466 | #if 0 | |||
1467 | /* RFC 8422 adds this to the HashAlgorithm registry, but it really | |||
1468 | * only applies to 0x0807 and 0x0808, not for other TLS 1.3 | |||
1469 | * SignatureSchemes with 0x08 in the octet used for Hash in TLS 1.2. | |||
1470 | * E.g., we don't want to display this for 0x0806 rsa_pss_rsae_sha512. | |||
1471 | */ | |||
1472 | { 8, "Intrinsic" }, | |||
1473 | #endif | |||
1474 | { 0, NULL((void*)0) } | |||
1475 | }; | |||
1476 | ||||
1477 | const value_string tls_signature_algorithm[] = { | |||
1478 | { 0, "Anonymous" }, | |||
1479 | { 1, "RSA" }, | |||
1480 | { 2, "DSA" }, | |||
1481 | { 3, "ECDSA" }, | |||
1482 | #if 0 | |||
1483 | /* As above. */ | |||
1484 | { 7, "ED25519" }, | |||
1485 | { 8, "ED448" }, | |||
1486 | { 64, "GOSTR34102012_256" }, | |||
1487 | { 65, "GOSTR34102012_512" }, | |||
1488 | #endif | |||
1489 | { 0, NULL((void*)0) } | |||
1490 | }; | |||
1491 | ||||
1492 | /* RFC 8446 Section 4.2.3 */ | |||
1493 | const value_string tls13_signature_algorithm[] = { | |||
1494 | { 0x0201, "rsa_pkcs1_sha1" }, | |||
1495 | { 0x0203, "ecdsa_sha1" }, | |||
1496 | { 0x0401, "rsa_pkcs1_sha256" }, | |||
1497 | { 0x0403, "ecdsa_secp256r1_sha256" }, | |||
1498 | { 0x0420, "rsa_pkcs1_sha256_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ | |||
1499 | { 0x0501, "rsa_pkcs1_sha384" }, | |||
1500 | { 0x0503, "ecdsa_secp384r1_sha384" }, | |||
1501 | { 0x0520, "rsa_pkcs1_sha384_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ | |||
1502 | { 0x0601, "rsa_pkcs1_sha512" }, | |||
1503 | { 0x0603, "ecdsa_secp521r1_sha512" }, | |||
1504 | { 0x0620, "rsa_pkcs1_sha512_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ | |||
1505 | { 0x0708, "sm2sig_sm3" }, | |||
1506 | { 0x0709, "gostr34102012_256a" }, /* RFC9367 */ | |||
1507 | { 0x070a, "gostr34102012_256b" }, /* RFC9367 */ | |||
1508 | { 0x070b, "gostr34102012_256c" }, /* RFC9367 */ | |||
1509 | { 0x070c, "gostr34102012_256d" }, /* RFC9367 */ | |||
1510 | { 0x070d, "gostr34102012_512a" }, /* RFC9367 */ | |||
1511 | { 0x070e, "gostr34102012_512b" }, /* RFC9367 */ | |||
1512 | { 0x070f, "gostr34102012_512c" }, /* RFC9367 */ | |||
1513 | { 0x0804, "rsa_pss_rsae_sha256" }, | |||
1514 | { 0x0805, "rsa_pss_rsae_sha384" }, | |||
1515 | { 0x0806, "rsa_pss_rsae_sha512" }, | |||
1516 | { 0x0807, "ed25519" }, | |||
1517 | { 0x0808, "ed448" }, | |||
1518 | { 0x0809, "rsa_pss_pss_sha256" }, | |||
1519 | { 0x080a, "rsa_pss_pss_sha384" }, | |||
1520 | { 0x080b, "rsa_pss_pss_sha512" }, | |||
1521 | { 0x081a, "ecdsa_brainpoolP256r1tls13_sha256" }, /* RFC8734 */ | |||
1522 | { 0x081b, "ecdsa_brainpoolP384r1tls13_sha384" }, /* RFC8734 */ | |||
1523 | { 0x081c, "ecdsa_brainpoolP512r1tls13_sha512" }, /* RFC8734 */ | |||
1524 | /* PQC digital signature algorithms from OQS-OpenSSL, | |||
1525 | see https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/oqs-template/oqs-sig-info.md */ | |||
1526 | { 0xfea0, "dilithium2" }, | |||
1527 | { 0xfea1, "p256_dilithium2" }, | |||
1528 | { 0xfea2, "rsa3072_dilithium2" }, | |||
1529 | { 0xfea3, "dilithium3" }, | |||
1530 | { 0xfea4, "p384_dilithium3" }, | |||
1531 | { 0xfea5, "dilithium5" }, | |||
1532 | { 0xfea6, "p521_dilithium5" }, | |||
1533 | { 0xfea7, "dilithium2_aes" }, | |||
1534 | { 0xfea8, "p256_dilithium2_aes" }, | |||
1535 | { 0xfea9, "rsa3072_dilithium2_aes" }, | |||
1536 | { 0xfeaa, "dilithium3_aes" }, | |||
1537 | { 0xfeab, "p384_dilithium3_aes" }, | |||
1538 | { 0xfeac, "dilithium5_aes" }, | |||
1539 | { 0xfead, "p521_dilithium5_aes" }, | |||
1540 | { 0xfe0b, "falcon512" }, | |||
1541 | { 0xfe0c, "p256_falcon512" }, | |||
1542 | { 0xfe0d, "rsa3072_falcon512" }, | |||
1543 | { 0xfe0e, "falcon1024" }, | |||
1544 | { 0xfe0f, "p521_falcon1024" }, | |||
1545 | { 0xfe96, "picnicl1full" }, | |||
1546 | { 0xfe97, "p256_picnicl1full" }, | |||
1547 | { 0xfe98, "rsa3072_picnicl1full" }, | |||
1548 | { 0xfe1b, "picnic3l1" }, | |||
1549 | { 0xfe1c, "p256_picnic3l1" }, | |||
1550 | { 0xfe1d, "rsa3072_picnic3l1" }, | |||
1551 | { 0xfe27, "rainbowIclassic" }, | |||
1552 | { 0xfe28, "p256_rainbowIclassic" }, | |||
1553 | { 0xfe29, "rsa3072_rainbowIclassic" }, | |||
1554 | { 0xfe3c, "rainbowVclassic" }, | |||
1555 | { 0xfe3d, "p521_rainbowVclassic" }, | |||
1556 | { 0xfe42, "sphincsharaka128frobust" }, | |||
1557 | { 0xfe43, "p256_sphincsharaka128frobust" }, | |||
1558 | { 0xfe44, "rsa3072_sphincsharaka128frobust" }, | |||
1559 | { 0xfe5e, "sphincssha256128frobust" }, | |||
1560 | { 0xfe5f, "p256_sphincssha256128frobust" }, | |||
1561 | { 0xfe60, "rsa3072_sphincssha256128frobust" }, | |||
1562 | { 0xfe7a, "sphincsshake256128frobust" }, | |||
1563 | { 0xfe7b, "p256_sphincsshake256128frobust" }, | |||
1564 | { 0xfe7c, "rsa3072_sphincsshake256128frobust" }, | |||
1565 | { 0, NULL((void*)0) } | |||
1566 | }; | |||
1567 | ||||
1568 | /* RFC 6091 3.1 */ | |||
1569 | const value_string tls_certificate_type[] = { | |||
1570 | { 0, "X.509" }, | |||
1571 | { 1, "OpenPGP" }, | |||
1572 | { SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2, "Raw Public Key" }, /* RFC 7250 */ | |||
1573 | { 0, NULL((void*)0) } | |||
1574 | }; | |||
1575 | ||||
1576 | const value_string tls_cert_chain_type[] = { | |||
1577 | { SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT1, "Individual Certificates" }, | |||
1578 | { SSL_HND_CERT_URL_TYPE_PKIPATH2, "PKI Path" }, | |||
1579 | { 0, NULL((void*)0) } | |||
1580 | }; | |||
1581 | ||||
1582 | const value_string tls_cert_status_type[] = { | |||
1583 | { SSL_HND_CERT_STATUS_TYPE_OCSP1, "OCSP" }, | |||
1584 | { SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2, "OCSP Multi" }, | |||
1585 | { 0, NULL((void*)0) } | |||
1586 | }; | |||
1587 | ||||
1588 | /* Generated by tools/make-tls-ct-logids.py | |||
1589 | * Last-Modified Sat, 05 Oct 2024 13:48:00 GMT, 165 entries. */ | |||
1590 | static const bytes_string ct_logids[] = { | |||
1591 | { (const uint8_t[]){ | |||
1592 | 0xb2, 0x1e, 0x05, 0xcc, 0x8b, 0xa2, 0xcd, 0x8a, 0x20, 0x4e, 0x87, | |||
1593 | 0x66, 0xf9, 0x2b, 0xb9, 0x8a, 0x25, 0x20, 0x67, 0x6b, 0xda, 0xfa, | |||
1594 | 0x70, 0xe7, 0xb2, 0x49, 0x53, 0x2d, 0xef, 0x8b, 0x90, 0x5e, | |||
1595 | }, | |||
1596 | 32, "Google 'Argon2020' log" }, | |||
1597 | { (const uint8_t[]){ | |||
1598 | 0xf6, 0x5c, 0x94, 0x2f, 0xd1, 0x77, 0x30, 0x22, 0x14, 0x54, 0x18, | |||
1599 | 0x08, 0x30, 0x94, 0x56, 0x8e, 0xe3, 0x4d, 0x13, 0x19, 0x33, 0xbf, | |||
1600 | 0xdf, 0x0c, 0x2f, 0x20, 0x0b, 0xcc, 0x4e, 0xf1, 0x64, 0xe3, | |||
1601 | }, | |||
1602 | 32, "Google 'Argon2021' log" }, | |||
1603 | { (const uint8_t[]){ | |||
1604 | 0x29, 0x79, 0xbe, 0xf0, 0x9e, 0x39, 0x39, 0x21, 0xf0, 0x56, 0x73, | |||
1605 | 0x9f, 0x63, 0xa5, 0x77, 0xe5, 0xbe, 0x57, 0x7d, 0x9c, 0x60, 0x0a, | |||
1606 | 0xf8, 0xf9, 0x4d, 0x5d, 0x26, 0x5c, 0x25, 0x5d, 0xc7, 0x84, | |||
1607 | }, | |||
1608 | 32, "Google 'Argon2022' log" }, | |||
1609 | { (const uint8_t[]){ | |||
1610 | 0xe8, 0x3e, 0xd0, 0xda, 0x3e, 0xf5, 0x06, 0x35, 0x32, 0xe7, 0x57, | |||
1611 | 0x28, 0xbc, 0x89, 0x6b, 0xc9, 0x03, 0xd3, 0xcb, 0xd1, 0x11, 0x6b, | |||
1612 | 0xec, 0xeb, 0x69, 0xe1, 0x77, 0x7d, 0x6d, 0x06, 0xbd, 0x6e, | |||
1613 | }, | |||
1614 | 32, "Google 'Argon2023' log" }, | |||
1615 | { (const uint8_t[]){ | |||
1616 | 0xee, 0xcd, 0xd0, 0x64, 0xd5, 0xdb, 0x1a, 0xce, 0xc5, 0x5c, 0xb7, | |||
1617 | 0x9d, 0xb4, 0xcd, 0x13, 0xa2, 0x32, 0x87, 0x46, 0x7c, 0xbc, 0xec, | |||
1618 | 0xde, 0xc3, 0x51, 0x48, 0x59, 0x46, 0x71, 0x1f, 0xb5, 0x9b, | |||
1619 | }, | |||
1620 | 32, "Google 'Argon2024' log" }, | |||
1621 | { (const uint8_t[]){ | |||
1622 | 0x4e, 0x75, 0xa3, 0x27, 0x5c, 0x9a, 0x10, 0xc3, 0x38, 0x5b, 0x6c, | |||
1623 | 0xd4, 0xdf, 0x3f, 0x52, 0xeb, 0x1d, 0xf0, 0xe0, 0x8e, 0x1b, 0x8d, | |||
1624 | 0x69, 0xc0, 0xb1, 0xfa, 0x64, 0xb1, 0x62, 0x9a, 0x39, 0xdf, | |||
1625 | }, | |||
1626 | 32, "Google 'Argon2025h1' log" }, | |||
1627 | { (const uint8_t[]){ | |||
1628 | 0x12, 0xf1, 0x4e, 0x34, 0xbd, 0x53, 0x72, 0x4c, 0x84, 0x06, 0x19, | |||
1629 | 0xc3, 0x8f, 0x3f, 0x7a, 0x13, 0xf8, 0xe7, 0xb5, 0x62, 0x87, 0x88, | |||
1630 | 0x9c, 0x6d, 0x30, 0x05, 0x84, 0xeb, 0xe5, 0x86, 0x26, 0x3a, | |||
1631 | }, | |||
1632 | 32, "Google 'Argon2025h2' log" }, | |||
1633 | { (const uint8_t[]){ | |||
1634 | 0x0e, 0x57, 0x94, 0xbc, 0xf3, 0xae, 0xa9, 0x3e, 0x33, 0x1b, 0x2c, | |||
1635 | 0x99, 0x07, 0xb3, 0xf7, 0x90, 0xdf, 0x9b, 0xc2, 0x3d, 0x71, 0x32, | |||
1636 | 0x25, 0xdd, 0x21, 0xa9, 0x25, 0xac, 0x61, 0xc5, 0x4e, 0x21, | |||
1637 | }, | |||
1638 | 32, "Google 'Argon2026h1' log" }, | |||
1639 | { (const uint8_t[]){ | |||
1640 | 0xd7, 0x6d, 0x7d, 0x10, 0xd1, 0xa7, 0xf5, 0x77, 0xc2, 0xc7, 0xe9, | |||
1641 | 0x5f, 0xd7, 0x00, 0xbf, 0xf9, 0x82, 0xc9, 0x33, 0x5a, 0x65, 0xe1, | |||
1642 | 0xd0, 0xb3, 0x01, 0x73, 0x17, 0xc0, 0xc8, 0xc5, 0x69, 0x77, | |||
1643 | }, | |||
1644 | 32, "Google 'Argon2026h2' log" }, | |||
1645 | { (const uint8_t[]){ | |||
1646 | 0x07, 0xb7, 0x5c, 0x1b, 0xe5, 0x7d, 0x68, 0xff, 0xf1, 0xb0, 0xc6, | |||
1647 | 0x1d, 0x23, 0x15, 0xc7, 0xba, 0xe6, 0x57, 0x7c, 0x57, 0x94, 0xb7, | |||
1648 | 0x6a, 0xee, 0xbc, 0x61, 0x3a, 0x1a, 0x69, 0xd3, 0xa2, 0x1c, | |||
1649 | }, | |||
1650 | 32, "Google 'Xenon2020' log" }, | |||
1651 | { (const uint8_t[]){ | |||
1652 | 0x7d, 0x3e, 0xf2, 0xf8, 0x8f, 0xff, 0x88, 0x55, 0x68, 0x24, 0xc2, | |||
1653 | 0xc0, 0xca, 0x9e, 0x52, 0x89, 0x79, 0x2b, 0xc5, 0x0e, 0x78, 0x09, | |||
1654 | 0x7f, 0x2e, 0x6a, 0x97, 0x68, 0x99, 0x7e, 0x22, 0xf0, 0xd7, | |||
1655 | }, | |||
1656 | 32, "Google 'Xenon2021' log" }, | |||
1657 | { (const uint8_t[]){ | |||
1658 | 0x46, 0xa5, 0x55, 0xeb, 0x75, 0xfa, 0x91, 0x20, 0x30, 0xb5, 0xa2, | |||
1659 | 0x89, 0x69, 0xf4, 0xf3, 0x7d, 0x11, 0x2c, 0x41, 0x74, 0xbe, 0xfd, | |||
1660 | 0x49, 0xb8, 0x85, 0xab, 0xf2, 0xfc, 0x70, 0xfe, 0x6d, 0x47, | |||
1661 | }, | |||
1662 | 32, "Google 'Xenon2022' log" }, | |||
1663 | { (const uint8_t[]){ | |||
1664 | 0xad, 0xf7, 0xbe, 0xfa, 0x7c, 0xff, 0x10, 0xc8, 0x8b, 0x9d, 0x3d, | |||
1665 | 0x9c, 0x1e, 0x3e, 0x18, 0x6a, 0xb4, 0x67, 0x29, 0x5d, 0xcf, 0xb1, | |||
1666 | 0x0c, 0x24, 0xca, 0x85, 0x86, 0x34, 0xeb, 0xdc, 0x82, 0x8a, | |||
1667 | }, | |||
1668 | 32, "Google 'Xenon2023' log" }, | |||
1669 | { (const uint8_t[]){ | |||
1670 | 0x76, 0xff, 0x88, 0x3f, 0x0a, 0xb6, 0xfb, 0x95, 0x51, 0xc2, 0x61, | |||
1671 | 0xcc, 0xf5, 0x87, 0xba, 0x34, 0xb4, 0xa4, 0xcd, 0xbb, 0x29, 0xdc, | |||
1672 | 0x68, 0x42, 0x0a, 0x9f, 0xe6, 0x67, 0x4c, 0x5a, 0x3a, 0x74, | |||
1673 | }, | |||
1674 | 32, "Google 'Xenon2024' log" }, | |||
1675 | { (const uint8_t[]){ | |||
1676 | 0xcf, 0x11, 0x56, 0xee, 0xd5, 0x2e, 0x7c, 0xaf, 0xf3, 0x87, 0x5b, | |||
1677 | 0xd9, 0x69, 0x2e, 0x9b, 0xe9, 0x1a, 0x71, 0x67, 0x4a, 0xb0, 0x17, | |||
1678 | 0xec, 0xac, 0x01, 0xd2, 0x5b, 0x77, 0xce, 0xcc, 0x3b, 0x08, | |||
1679 | }, | |||
1680 | 32, "Google 'Xenon2025h1' log" }, | |||
1681 | { (const uint8_t[]){ | |||
1682 | 0xdd, 0xdc, 0xca, 0x34, 0x95, 0xd7, 0xe1, 0x16, 0x05, 0xe7, 0x95, | |||
1683 | 0x32, 0xfa, 0xc7, 0x9f, 0xf8, 0x3d, 0x1c, 0x50, 0xdf, 0xdb, 0x00, | |||
1684 | 0x3a, 0x14, 0x12, 0x76, 0x0a, 0x2c, 0xac, 0xbb, 0xc8, 0x2a, | |||
1685 | }, | |||
1686 | 32, "Google 'Xenon2025h2' log" }, | |||
1687 | { (const uint8_t[]){ | |||
1688 | 0x96, 0x97, 0x64, 0xbf, 0x55, 0x58, 0x97, 0xad, 0xf7, 0x43, 0x87, | |||
1689 | 0x68, 0x37, 0x08, 0x42, 0x77, 0xe9, 0xf0, 0x3a, 0xd5, 0xf6, 0xa4, | |||
1690 | 0xf3, 0x36, 0x6e, 0x46, 0xa4, 0x3f, 0x0f, 0xca, 0xa9, 0xc6, | |||
1691 | }, | |||
1692 | 32, "Google 'Xenon2026h1' log" }, | |||
1693 | { (const uint8_t[]){ | |||
1694 | 0xd8, 0x09, 0x55, 0x3b, 0x94, 0x4f, 0x7a, 0xff, 0xc8, 0x16, 0x19, | |||
1695 | 0x6f, 0x94, 0x4f, 0x85, 0xab, 0xb0, 0xf8, 0xfc, 0x5e, 0x87, 0x55, | |||
1696 | 0x26, 0x0f, 0x15, 0xd1, 0x2e, 0x72, 0xbb, 0x45, 0x4b, 0x14, | |||
1697 | }, | |||
1698 | 32, "Google 'Xenon2026h2' log" }, | |||
1699 | { (const uint8_t[]){ | |||
1700 | 0x68, 0xf6, 0x98, 0xf8, 0x1f, 0x64, 0x82, 0xbe, 0x3a, 0x8c, 0xee, | |||
1701 | 0xb9, 0x28, 0x1d, 0x4c, 0xfc, 0x71, 0x51, 0x5d, 0x67, 0x93, 0xd4, | |||
1702 | 0x44, 0xd1, 0x0a, 0x67, 0xac, 0xbb, 0x4f, 0x4f, 0xfb, 0xc4, | |||
1703 | }, | |||
1704 | 32, "Google 'Aviator' log" }, | |||
1705 | { (const uint8_t[]){ | |||
1706 | 0x29, 0x3c, 0x51, 0x96, 0x54, 0xc8, 0x39, 0x65, 0xba, 0xaa, 0x50, | |||
1707 | 0xfc, 0x58, 0x07, 0xd4, 0xb7, 0x6f, 0xbf, 0x58, 0x7a, 0x29, 0x72, | |||
1708 | 0xdc, 0xa4, 0xc3, 0x0c, 0xf4, 0xe5, 0x45, 0x47, 0xf4, 0x78, | |||
1709 | }, | |||
1710 | 32, "Google 'Icarus' log" }, | |||
1711 | { (const uint8_t[]){ | |||
1712 | 0xa4, 0xb9, 0x09, 0x90, 0xb4, 0x18, 0x58, 0x14, 0x87, 0xbb, 0x13, | |||
1713 | 0xa2, 0xcc, 0x67, 0x70, 0x0a, 0x3c, 0x35, 0x98, 0x04, 0xf9, 0x1b, | |||
1714 | 0xdf, 0xb8, 0xe3, 0x77, 0xcd, 0x0e, 0xc8, 0x0d, 0xdc, 0x10, | |||
1715 | }, | |||
1716 | 32, "Google 'Pilot' log" }, | |||
1717 | { (const uint8_t[]){ | |||
1718 | 0xee, 0x4b, 0xbd, 0xb7, 0x75, 0xce, 0x60, 0xba, 0xe1, 0x42, 0x69, | |||
1719 | 0x1f, 0xab, 0xe1, 0x9e, 0x66, 0xa3, 0x0f, 0x7e, 0x5f, 0xb0, 0x72, | |||
1720 | 0xd8, 0x83, 0x00, 0xc4, 0x7b, 0x89, 0x7a, 0xa8, 0xfd, 0xcb, | |||
1721 | }, | |||
1722 | 32, "Google 'Rocketeer' log" }, | |||
1723 | { (const uint8_t[]){ | |||
1724 | 0xbb, 0xd9, 0xdf, 0xbc, 0x1f, 0x8a, 0x71, 0xb5, 0x93, 0x94, 0x23, | |||
1725 | 0x97, 0xaa, 0x92, 0x7b, 0x47, 0x38, 0x57, 0x95, 0x0a, 0xab, 0x52, | |||
1726 | 0xe8, 0x1a, 0x90, 0x96, 0x64, 0x36, 0x8e, 0x1e, 0xd1, 0x85, | |||
1727 | }, | |||
1728 | 32, "Google 'Skydiver' log" }, | |||
1729 | { (const uint8_t[]){ | |||
1730 | 0xfa, 0xd4, 0xc9, 0x7c, 0xc4, 0x9e, 0xe2, 0xf8, 0xac, 0x85, 0xc5, | |||
1731 | 0xea, 0x5c, 0xea, 0x09, 0xd0, 0x22, 0x0d, 0xbb, 0xf4, 0xe4, 0x9c, | |||
1732 | 0x6b, 0x50, 0x66, 0x2f, 0xf8, 0x68, 0xf8, 0x6b, 0x8c, 0x28, | |||
1733 | }, | |||
1734 | 32, "Google 'Argon2017' log" }, | |||
1735 | { (const uint8_t[]){ | |||
1736 | 0xa4, 0x50, 0x12, 0x69, 0x05, 0x5a, 0x15, 0x54, 0x5e, 0x62, 0x11, | |||
1737 | 0xab, 0x37, 0xbc, 0x10, 0x3f, 0x62, 0xae, 0x55, 0x76, 0xa4, 0x5e, | |||
1738 | 0x4b, 0x17, 0x14, 0x45, 0x3e, 0x1b, 0x22, 0x10, 0x6a, 0x25, | |||
1739 | }, | |||
1740 | 32, "Google 'Argon2018' log" }, | |||
1741 | { (const uint8_t[]){ | |||
1742 | 0x63, 0xf2, 0xdb, 0xcd, 0xe8, 0x3b, 0xcc, 0x2c, 0xcf, 0x0b, 0x72, | |||
1743 | 0x84, 0x27, 0x57, 0x6b, 0x33, 0xa4, 0x8d, 0x61, 0x77, 0x8f, 0xbd, | |||
1744 | 0x75, 0xa6, 0x38, 0xb1, 0xc7, 0x68, 0x54, 0x4b, 0xd8, 0x8d, | |||
1745 | }, | |||
1746 | 32, "Google 'Argon2019' log" }, | |||
1747 | { (const uint8_t[]){ | |||
1748 | 0xb1, 0x0c, 0xd5, 0x59, 0xa6, 0xd6, 0x78, 0x46, 0x81, 0x1f, 0x7d, | |||
1749 | 0xf9, 0xa5, 0x15, 0x32, 0x73, 0x9a, 0xc4, 0x8d, 0x70, 0x3b, 0xea, | |||
1750 | 0x03, 0x23, 0xda, 0x5d, 0x38, 0x75, 0x5b, 0xc0, 0xad, 0x4e, | |||
1751 | }, | |||
1752 | 32, "Google 'Xenon2018' log" }, | |||
1753 | { (const uint8_t[]){ | |||
1754 | 0x08, 0x41, 0x14, 0x98, 0x00, 0x71, 0x53, 0x2c, 0x16, 0x19, 0x04, | |||
1755 | 0x60, 0xbc, 0xfc, 0x47, 0xfd, 0xc2, 0x65, 0x3a, 0xfa, 0x29, 0x2c, | |||
1756 | 0x72, 0xb3, 0x7f, 0xf8, 0x63, 0xae, 0x29, 0xcc, 0xc9, 0xf0, | |||
1757 | }, | |||
1758 | 32, "Google 'Xenon2019' log" }, | |||
1759 | { (const uint8_t[]){ | |||
1760 | 0xa8, 0x99, 0xd8, 0x78, 0x0c, 0x92, 0x90, 0xaa, 0xf4, 0x62, 0xf3, | |||
1761 | 0x18, 0x80, 0xcc, 0xfb, 0xd5, 0x24, 0x51, 0xe9, 0x70, 0xd0, 0xfb, | |||
1762 | 0xf5, 0x91, 0xef, 0x75, 0xb0, 0xd9, 0x9b, 0x64, 0x56, 0x81, | |||
1763 | }, | |||
1764 | 32, "Google 'Submariner' log" }, | |||
1765 | { (const uint8_t[]){ | |||
1766 | 0x1d, 0x02, 0x4b, 0x8e, 0xb1, 0x49, 0x8b, 0x34, 0x4d, 0xfd, 0x87, | |||
1767 | 0xea, 0x3e, 0xfc, 0x09, 0x96, 0xf7, 0x50, 0x6f, 0x23, 0x5d, 0x1d, | |||
1768 | 0x49, 0x70, 0x61, 0xa4, 0x77, 0x3c, 0x43, 0x9c, 0x25, 0xfb, | |||
1769 | }, | |||
1770 | 32, "Google 'Daedalus' log" }, | |||
1771 | { (const uint8_t[]){ | |||
1772 | 0xb0, 0xcc, 0x83, 0xe5, 0xa5, 0xf9, 0x7d, 0x6b, 0xaf, 0x7c, 0x09, | |||
1773 | 0xcc, 0x28, 0x49, 0x04, 0x87, 0x2a, 0xc7, 0xe8, 0x8b, 0x13, 0x2c, | |||
1774 | 0x63, 0x50, 0xb7, 0xc6, 0xfd, 0x26, 0xe1, 0x6c, 0x6c, 0x77, | |||
1775 | }, | |||
1776 | 32, "Google 'Testtube' log" }, | |||
1777 | { (const uint8_t[]){ | |||
1778 | 0xc3, 0xbf, 0x03, 0xa7, 0xe1, 0xca, 0x88, 0x41, 0xc6, 0x07, 0xba, | |||
1779 | 0xe3, 0xff, 0x42, 0x70, 0xfc, 0xa5, 0xec, 0x45, 0xb1, 0x86, 0xeb, | |||
1780 | 0xbe, 0x4e, 0x2c, 0xf3, 0xfc, 0x77, 0x86, 0x30, 0xf5, 0xf6, | |||
1781 | }, | |||
1782 | 32, "Google 'Crucible' log" }, | |||
1783 | { (const uint8_t[]){ | |||
1784 | 0x52, 0xeb, 0x4b, 0x22, 0x5e, 0xc8, 0x96, 0x97, 0x48, 0x50, 0x67, | |||
1785 | 0x5f, 0x23, 0xe4, 0x3b, 0xc1, 0xd0, 0x21, 0xe3, 0x21, 0x4c, 0xe5, | |||
1786 | 0x2e, 0xcd, 0x5f, 0xa8, 0x7c, 0x20, 0x3c, 0xdf, 0xca, 0x03, | |||
1787 | }, | |||
1788 | 32, "Google 'Solera2018' log" }, | |||
1789 | { (const uint8_t[]){ | |||
1790 | 0x0b, 0x76, 0x0e, 0x9a, 0x8b, 0x9a, 0x68, 0x2f, 0x88, 0x98, 0x5b, | |||
1791 | 0x15, 0xe9, 0x47, 0x50, 0x1a, 0x56, 0x44, 0x6b, 0xba, 0x88, 0x30, | |||
1792 | 0x78, 0x5c, 0x38, 0x42, 0x99, 0x43, 0x86, 0x45, 0x0c, 0x00, | |||
1793 | }, | |||
1794 | 32, "Google 'Solera2019' log" }, | |||
1795 | { (const uint8_t[]){ | |||
1796 | 0x1f, 0xc7, 0x2c, 0xe5, 0xa1, 0xb7, 0x99, 0xf4, 0x00, 0xc3, 0x59, | |||
1797 | 0xbf, 0xf9, 0x6c, 0xa3, 0x91, 0x35, 0x48, 0xe8, 0x64, 0x42, 0x20, | |||
1798 | 0x61, 0x09, 0x52, 0xe9, 0xba, 0x17, 0x74, 0xf7, 0xba, 0xc7, | |||
1799 | }, | |||
1800 | 32, "Google 'Solera2020' log" }, | |||
1801 | { (const uint8_t[]){ | |||
1802 | 0xa3, 0xc9, 0x98, 0x45, 0xe8, 0x0a, 0xb7, 0xce, 0x00, 0x15, 0x7b, | |||
1803 | 0x37, 0x42, 0xdf, 0x02, 0x07, 0xdd, 0x27, 0x2b, 0x2b, 0x60, 0x2e, | |||
1804 | 0xcf, 0x98, 0xee, 0x2c, 0x12, 0xdb, 0x9c, 0x5a, 0xe7, 0xe7, | |||
1805 | }, | |||
1806 | 32, "Google 'Solera2021' log" }, | |||
1807 | { (const uint8_t[]){ | |||
1808 | 0x69, 0x7a, 0xaf, 0xca, 0x1a, 0x6b, 0x53, 0x6f, 0xae, 0x21, 0x20, | |||
1809 | 0x50, 0x46, 0xde, 0xba, 0xd7, 0xe0, 0xea, 0xea, 0x13, 0xd2, 0x43, | |||
1810 | 0x2e, 0x6e, 0x9d, 0x8f, 0xb3, 0x79, 0xf2, 0xb9, 0xaa, 0xf3, | |||
1811 | }, | |||
1812 | 32, "Google 'Solera2022' log" }, | |||
1813 | { (const uint8_t[]){ | |||
1814 | 0xf9, 0x7e, 0x97, 0xb8, 0xd3, 0x3e, 0xf7, 0xa1, 0x59, 0x02, 0xa5, | |||
1815 | 0x3a, 0x19, 0xe1, 0x79, 0x90, 0xe5, 0xdc, 0x40, 0x6a, 0x03, 0x18, | |||
1816 | 0x25, 0xba, 0xad, 0x93, 0xe9, 0x8f, 0x9b, 0x9c, 0x69, 0xcb, | |||
1817 | }, | |||
1818 | 32, "Google 'Solera2023' log" }, | |||
1819 | { (const uint8_t[]){ | |||
1820 | 0x30, 0x24, 0xce, 0x7e, 0xeb, 0x16, 0x88, 0x62, 0x72, 0x4b, 0xea, | |||
1821 | 0x70, 0x2e, 0xff, 0xf9, 0x92, 0xcf, 0xe4, 0x56, 0x43, 0x41, 0x91, | |||
1822 | 0xaa, 0x59, 0x5b, 0x25, 0xf8, 0x02, 0x26, 0xc8, 0x00, 0x17, | |||
1823 | }, | |||
1824 | 32, "Google 'Solera2024' log" }, | |||
1825 | { (const uint8_t[]){ | |||
1826 | 0x3f, 0xe1, 0xcb, 0x46, 0xed, 0x47, 0x35, 0x79, 0xaf, 0x01, 0x41, | |||
1827 | 0xf9, 0x72, 0x4d, 0x9d, 0xc4, 0x43, 0x47, 0x2d, 0x75, 0x6e, 0x85, | |||
1828 | 0xe7, 0x71, 0x9c, 0x55, 0x82, 0x48, 0x5d, 0xd4, 0xe1, 0xe4, | |||
1829 | }, | |||
1830 | 32, "Google 'Solera2025h1' log" }, | |||
1831 | { (const uint8_t[]){ | |||
1832 | 0x26, 0x02, 0x39, 0x48, 0x87, 0x4c, 0xf7, 0xfc, 0xd0, 0xfb, 0x64, | |||
1833 | 0x71, 0xa4, 0x3e, 0x84, 0x7e, 0xbb, 0x20, 0x0a, 0xe6, 0xe2, 0xfa, | |||
1834 | 0x24, 0x23, 0x6d, 0xf6, 0xd1, 0xa6, 0x06, 0x63, 0x0f, 0xb1, | |||
1835 | }, | |||
1836 | 32, "Google 'Solera2025h2' log" }, | |||
1837 | { (const uint8_t[]){ | |||
1838 | 0xc8, 0x4b, 0x90, 0x7a, 0x07, 0xbe, 0xaa, 0x29, 0xa6, 0x14, 0xc2, | |||
1839 | 0x45, 0x84, 0xb7, 0xa3, 0xf6, 0x62, 0x43, 0x94, 0x68, 0x7b, 0x25, | |||
1840 | 0xfe, 0x62, 0x83, 0x8b, 0x71, 0xec, 0x42, 0x2a, 0xd2, 0xf9, | |||
1841 | }, | |||
1842 | 32, "Google 'Solera2026h1' log" }, | |||
1843 | { (const uint8_t[]){ | |||
1844 | 0x62, 0xe9, 0x00, 0x60, 0x04, 0xa3, 0x07, 0x95, 0x5a, 0x75, 0x44, | |||
1845 | 0xb4, 0xd5, 0x84, 0xa9, 0x62, 0x68, 0xca, 0x1d, 0x6e, 0x45, 0x85, | |||
1846 | 0xad, 0xf0, 0x91, 0x6d, 0xfe, 0x5f, 0xdc, 0x1f, 0x04, 0xdb, | |||
1847 | }, | |||
1848 | 32, "Google 'Solera2026h2' log" }, | |||
1849 | { (const uint8_t[]){ | |||
1850 | 0x5e, 0xa7, 0x73, 0xf9, 0xdf, 0x56, 0xc0, 0xe7, 0xb5, 0x36, 0x48, | |||
1851 | 0x7d, 0xd0, 0x49, 0xe0, 0x32, 0x7a, 0x91, 0x9a, 0x0c, 0x84, 0xa1, | |||
1852 | 0x12, 0x12, 0x84, 0x18, 0x75, 0x96, 0x81, 0x71, 0x45, 0x58, | |||
1853 | }, | |||
1854 | 32, "Cloudflare 'Nimbus2020' Log" }, | |||
1855 | { (const uint8_t[]){ | |||
1856 | 0x44, 0x94, 0x65, 0x2e, 0xb0, 0xee, 0xce, 0xaf, 0xc4, 0x40, 0x07, | |||
1857 | 0xd8, 0xa8, 0xfe, 0x28, 0xc0, 0xda, 0xe6, 0x82, 0xbe, 0xd8, 0xcb, | |||
1858 | 0x31, 0xb5, 0x3f, 0xd3, 0x33, 0x96, 0xb5, 0xb6, 0x81, 0xa8, | |||
1859 | }, | |||
1860 | 32, "Cloudflare 'Nimbus2021' Log" }, | |||
1861 | { (const uint8_t[]){ | |||
1862 | 0x41, 0xc8, 0xca, 0xb1, 0xdf, 0x22, 0x46, 0x4a, 0x10, 0xc6, 0xa1, | |||
1863 | 0x3a, 0x09, 0x42, 0x87, 0x5e, 0x4e, 0x31, 0x8b, 0x1b, 0x03, 0xeb, | |||
1864 | 0xeb, 0x4b, 0xc7, 0x68, 0xf0, 0x90, 0x62, 0x96, 0x06, 0xf6, | |||
1865 | }, | |||
1866 | 32, "Cloudflare 'Nimbus2022' Log" }, | |||
1867 | { (const uint8_t[]){ | |||
1868 | 0x7a, 0x32, 0x8c, 0x54, 0xd8, 0xb7, 0x2d, 0xb6, 0x20, 0xea, 0x38, | |||
1869 | 0xe0, 0x52, 0x1e, 0xe9, 0x84, 0x16, 0x70, 0x32, 0x13, 0x85, 0x4d, | |||
1870 | 0x3b, 0xd2, 0x2b, 0xc1, 0x3a, 0x57, 0xa3, 0x52, 0xeb, 0x52, | |||
1871 | }, | |||
1872 | 32, "Cloudflare 'Nimbus2023' Log" }, | |||
1873 | { (const uint8_t[]){ | |||
1874 | 0xda, 0xb6, 0xbf, 0x6b, 0x3f, 0xb5, 0xb6, 0x22, 0x9f, 0x9b, 0xc2, | |||
1875 | 0xbb, 0x5c, 0x6b, 0xe8, 0x70, 0x91, 0x71, 0x6c, 0xbb, 0x51, 0x84, | |||
1876 | 0x85, 0x34, 0xbd, 0xa4, 0x3d, 0x30, 0x48, 0xd7, 0xfb, 0xab, | |||
1877 | }, | |||
1878 | 32, "Cloudflare 'Nimbus2024' Log" }, | |||
1879 | { (const uint8_t[]){ | |||
1880 | 0xcc, 0xfb, 0x0f, 0x6a, 0x85, 0x71, 0x09, 0x65, 0xfe, 0x95, 0x9b, | |||
1881 | 0x53, 0xce, 0xe9, 0xb2, 0x7c, 0x22, 0xe9, 0x85, 0x5c, 0x0d, 0x97, | |||
1882 | 0x8d, 0xb6, 0xa9, 0x7e, 0x54, 0xc0, 0xfe, 0x4c, 0x0d, 0xb0, | |||
1883 | }, | |||
1884 | 32, "Cloudflare 'Nimbus2025'" }, | |||
1885 | { (const uint8_t[]){ | |||
1886 | 0xcb, 0x38, 0xf7, 0x15, 0x89, 0x7c, 0x84, 0xa1, 0x44, 0x5f, 0x5b, | |||
1887 | 0xc1, 0xdd, 0xfb, 0xc9, 0x6e, 0xf2, 0x9a, 0x59, 0xcd, 0x47, 0x0a, | |||
1888 | 0x69, 0x05, 0x85, 0xb0, 0xcb, 0x14, 0xc3, 0x14, 0x58, 0xe7, | |||
1889 | }, | |||
1890 | 32, "Cloudflare 'Nimbus2026'" }, | |||
1891 | { (const uint8_t[]){ | |||
1892 | 0x1f, 0xbc, 0x36, 0xe0, 0x02, 0xed, 0xe9, 0x7f, 0x40, 0x19, 0x9e, | |||
1893 | 0x86, 0xb3, 0x57, 0x3b, 0x8a, 0x42, 0x17, 0xd8, 0x01, 0x87, 0x74, | |||
1894 | 0x6a, 0xd0, 0xda, 0x03, 0xa0, 0x60, 0x54, 0xd2, 0x0d, 0xf4, | |||
1895 | }, | |||
1896 | 32, "Cloudflare 'Nimbus2017' Log" }, | |||
1897 | { (const uint8_t[]){ | |||
1898 | 0xdb, 0x74, 0xaf, 0xee, 0xcb, 0x29, 0xec, 0xb1, 0xfe, 0xca, 0x3e, | |||
1899 | 0x71, 0x6d, 0x2c, 0xe5, 0xb9, 0xaa, 0xbb, 0x36, 0xf7, 0x84, 0x71, | |||
1900 | 0x83, 0xc7, 0x5d, 0x9d, 0x4f, 0x37, 0xb6, 0x1f, 0xbf, 0x64, | |||
1901 | }, | |||
1902 | 32, "Cloudflare 'Nimbus2018' Log" }, | |||
1903 | { (const uint8_t[]){ | |||
1904 | 0x74, 0x7e, 0xda, 0x83, 0x31, 0xad, 0x33, 0x10, 0x91, 0x21, 0x9c, | |||
1905 | 0xce, 0x25, 0x4f, 0x42, 0x70, 0xc2, 0xbf, 0xfd, 0x5e, 0x42, 0x20, | |||
1906 | 0x08, 0xc6, 0x37, 0x35, 0x79, 0xe6, 0x10, 0x7b, 0xcc, 0x56, | |||
1907 | }, | |||
1908 | 32, "Cloudflare 'Nimbus2019' Log" }, | |||
1909 | { (const uint8_t[]){ | |||
1910 | 0x56, 0x14, 0x06, 0x9a, 0x2f, 0xd7, 0xc2, 0xec, 0xd3, 0xf5, 0xe1, | |||
1911 | 0xbd, 0x44, 0xb2, 0x3e, 0xc7, 0x46, 0x76, 0xb9, 0xbc, 0x99, 0x11, | |||
1912 | 0x5c, 0xc0, 0xef, 0x94, 0x98, 0x55, 0xd6, 0x89, 0xd0, 0xdd, | |||
1913 | }, | |||
1914 | 32, "DigiCert Log Server" }, | |||
1915 | { (const uint8_t[]){ | |||
1916 | 0x87, 0x75, 0xbf, 0xe7, 0x59, 0x7c, 0xf8, 0x8c, 0x43, 0x99, 0x5f, | |||
1917 | 0xbd, 0xf3, 0x6e, 0xff, 0x56, 0x8d, 0x47, 0x56, 0x36, 0xff, 0x4a, | |||
1918 | 0xb5, 0x60, 0xc1, 0xb4, 0xea, 0xff, 0x5e, 0xa0, 0x83, 0x0f, | |||
1919 | }, | |||
1920 | 32, "DigiCert Log Server 2" }, | |||
1921 | { (const uint8_t[]){ | |||
1922 | 0xf0, 0x95, 0xa4, 0x59, 0xf2, 0x00, 0xd1, 0x82, 0x40, 0x10, 0x2d, | |||
1923 | 0x2f, 0x93, 0x88, 0x8e, 0xad, 0x4b, 0xfe, 0x1d, 0x47, 0xe3, 0x99, | |||
1924 | 0xe1, 0xd0, 0x34, 0xa6, 0xb0, 0xa8, 0xaa, 0x8e, 0xb2, 0x73, | |||
1925 | }, | |||
1926 | 32, "DigiCert Yeti2020 Log" }, | |||
1927 | { (const uint8_t[]){ | |||
1928 | 0x5c, 0xdc, 0x43, 0x92, 0xfe, 0xe6, 0xab, 0x45, 0x44, 0xb1, 0x5e, | |||
1929 | 0x9a, 0xd4, 0x56, 0xe6, 0x10, 0x37, 0xfb, 0xd5, 0xfa, 0x47, 0xdc, | |||
1930 | 0xa1, 0x73, 0x94, 0xb2, 0x5e, 0xe6, 0xf6, 0xc7, 0x0e, 0xca, | |||
1931 | }, | |||
1932 | 32, "DigiCert Yeti2021 Log" }, | |||
1933 | { (const uint8_t[]){ | |||
1934 | 0x22, 0x45, 0x45, 0x07, 0x59, 0x55, 0x24, 0x56, 0x96, 0x3f, 0xa1, | |||
1935 | 0x2f, 0xf1, 0xf7, 0x6d, 0x86, 0xe0, 0x23, 0x26, 0x63, 0xad, 0xc0, | |||
1936 | 0x4b, 0x7f, 0x5d, 0xc6, 0x83, 0x5c, 0x6e, 0xe2, 0x0f, 0x02, | |||
1937 | }, | |||
1938 | 32, "DigiCert Yeti2022 Log" }, | |||
1939 | { (const uint8_t[]){ | |||
1940 | 0x35, 0xcf, 0x19, 0x1b, 0xbf, 0xb1, 0x6c, 0x57, 0xbf, 0x0f, 0xad, | |||
1941 | 0x4c, 0x6d, 0x42, 0xcb, 0xbb, 0xb6, 0x27, 0x20, 0x26, 0x51, 0xea, | |||
1942 | 0x3f, 0xe1, 0x2a, 0xef, 0xa8, 0x03, 0xc3, 0x3b, 0xd6, 0x4c, | |||
1943 | }, | |||
1944 | 32, "DigiCert Yeti2023 Log" }, | |||
1945 | { (const uint8_t[]){ | |||
1946 | 0x48, 0xb0, 0xe3, 0x6b, 0xda, 0xa6, 0x47, 0x34, 0x0f, 0xe5, 0x6a, | |||
1947 | 0x02, 0xfa, 0x9d, 0x30, 0xeb, 0x1c, 0x52, 0x01, 0xcb, 0x56, 0xdd, | |||
1948 | 0x2c, 0x81, 0xd9, 0xbb, 0xbf, 0xab, 0x39, 0xd8, 0x84, 0x73, | |||
1949 | }, | |||
1950 | 32, "DigiCert Yeti2024 Log" }, | |||
1951 | { (const uint8_t[]){ | |||
1952 | 0x7d, 0x59, 0x1e, 0x12, 0xe1, 0x78, 0x2a, 0x7b, 0x1c, 0x61, 0x67, | |||
1953 | 0x7c, 0x5e, 0xfd, 0xf8, 0xd0, 0x87, 0x5c, 0x14, 0xa0, 0x4e, 0x95, | |||
1954 | 0x9e, 0xb9, 0x03, 0x2f, 0xd9, 0x0e, 0x8c, 0x2e, 0x79, 0xb8, | |||
1955 | }, | |||
1956 | 32, "DigiCert Yeti2025 Log" }, | |||
1957 | { (const uint8_t[]){ | |||
1958 | 0xc6, 0x52, 0xa0, 0xec, 0x48, 0xce, 0xb3, 0xfc, 0xab, 0x17, 0x09, | |||
1959 | 0x92, 0xc4, 0x3a, 0x87, 0x41, 0x33, 0x09, 0xe8, 0x00, 0x65, 0xa2, | |||
1960 | 0x62, 0x52, 0x40, 0x1b, 0xa3, 0x36, 0x2a, 0x17, 0xc5, 0x65, | |||
1961 | }, | |||
1962 | 32, "DigiCert Nessie2020 Log" }, | |||
1963 | { (const uint8_t[]){ | |||
1964 | 0xee, 0xc0, 0x95, 0xee, 0x8d, 0x72, 0x64, 0x0f, 0x92, 0xe3, 0xc3, | |||
1965 | 0xb9, 0x1b, 0xc7, 0x12, 0xa3, 0x69, 0x6a, 0x09, 0x7b, 0x4b, 0x6a, | |||
1966 | 0x1a, 0x14, 0x38, 0xe6, 0x47, 0xb2, 0xcb, 0xed, 0xc5, 0xf9, | |||
1967 | }, | |||
1968 | 32, "DigiCert Nessie2021 Log" }, | |||
1969 | { (const uint8_t[]){ | |||
1970 | 0x51, 0xa3, 0xb0, 0xf5, 0xfd, 0x01, 0x79, 0x9c, 0x56, 0x6d, 0xb8, | |||
1971 | 0x37, 0x78, 0x8f, 0x0c, 0xa4, 0x7a, 0xcc, 0x1b, 0x27, 0xcb, 0xf7, | |||
1972 | 0x9e, 0x88, 0x42, 0x9a, 0x0d, 0xfe, 0xd4, 0x8b, 0x05, 0xe5, | |||
1973 | }, | |||
1974 | 32, "DigiCert Nessie2022 Log" }, | |||
1975 | { (const uint8_t[]){ | |||
1976 | 0xb3, 0x73, 0x77, 0x07, 0xe1, 0x84, 0x50, 0xf8, 0x63, 0x86, 0xd6, | |||
1977 | 0x05, 0xa9, 0xdc, 0x11, 0x09, 0x4a, 0x79, 0x2d, 0xb1, 0x67, 0x0c, | |||
1978 | 0x0b, 0x87, 0xdc, 0xf0, 0x03, 0x0e, 0x79, 0x36, 0xa5, 0x9a, | |||
1979 | }, | |||
1980 | 32, "DigiCert Nessie2023 Log" }, | |||
1981 | { (const uint8_t[]){ | |||
1982 | 0x73, 0xd9, 0x9e, 0x89, 0x1b, 0x4c, 0x96, 0x78, 0xa0, 0x20, 0x7d, | |||
1983 | 0x47, 0x9d, 0xe6, 0xb2, 0xc6, 0x1c, 0xd0, 0x51, 0x5e, 0x71, 0x19, | |||
1984 | 0x2a, 0x8c, 0x6b, 0x80, 0x10, 0x7a, 0xc1, 0x77, 0x72, 0xb5, | |||
1985 | }, | |||
1986 | 32, "DigiCert Nessie2024 Log" }, | |||
1987 | { (const uint8_t[]){ | |||
1988 | 0xe6, 0xd2, 0x31, 0x63, 0x40, 0x77, 0x8c, 0xc1, 0x10, 0x41, 0x06, | |||
1989 | 0xd7, 0x71, 0xb9, 0xce, 0xc1, 0xd2, 0x40, 0xf6, 0x96, 0x84, 0x86, | |||
1990 | 0xfb, 0xba, 0x87, 0x32, 0x1d, 0xfd, 0x1e, 0x37, 0x8e, 0x50, | |||
1991 | }, | |||
1992 | 32, "DigiCert Nessie2025 Log" }, | |||
1993 | { (const uint8_t[]){ | |||
1994 | 0xb6, 0x9d, 0xdc, 0xbc, 0x3c, 0x1a, 0xbd, 0xef, 0x6f, 0x9f, 0xd6, | |||
1995 | 0x0c, 0x88, 0xb1, 0x06, 0x7b, 0x77, 0xf0, 0x82, 0x68, 0x8b, 0x2d, | |||
1996 | 0x78, 0x65, 0xd0, 0x4b, 0x39, 0xab, 0xe9, 0x27, 0xa5, 0x75, | |||
1997 | }, | |||
1998 | 32, "DigiCert 'Wyvern2024h1' Log" }, | |||
1999 | { (const uint8_t[]){ | |||
2000 | 0x0c, 0x2a, 0xef, 0x2c, 0x4a, 0x5b, 0x98, 0x83, 0xd4, 0xdd, 0xa3, | |||
2001 | 0x82, 0xfe, 0x50, 0xfb, 0x51, 0x88, 0xb3, 0xe9, 0x73, 0x33, 0xa1, | |||
2002 | 0xec, 0x53, 0xa0, 0x9d, 0xc9, 0xa7, 0x9d, 0x0d, 0x08, 0x20, | |||
2003 | }, | |||
2004 | 32, "DigiCert 'Wyvern2024h2' Log" }, | |||
2005 | { (const uint8_t[]){ | |||
2006 | 0x73, 0x20, 0x22, 0x0f, 0x08, 0x16, 0x8a, 0xf9, 0xf3, 0xc4, 0xa6, | |||
2007 | 0x8b, 0x0a, 0xb2, 0x6a, 0x9a, 0x4a, 0x00, 0xee, 0xf5, 0x77, 0x85, | |||
2008 | 0x8a, 0x08, 0x4d, 0x05, 0x00, 0xd4, 0xa5, 0x42, 0x44, 0x59, | |||
2009 | }, | |||
2010 | 32, "DigiCert 'Wyvern2025h1' Log" }, | |||
2011 | { (const uint8_t[]){ | |||
2012 | 0xed, 0x3c, 0x4b, 0xd6, 0xe8, 0x06, 0xc2, 0xa4, 0xa2, 0x00, 0x57, | |||
2013 | 0xdb, 0xcb, 0x24, 0xe2, 0x38, 0x01, 0xdf, 0x51, 0x2f, 0xed, 0xc4, | |||
2014 | 0x86, 0xc5, 0x70, 0x0f, 0x20, 0xdd, 0xb7, 0x3e, 0x3f, 0xe0, | |||
2015 | }, | |||
2016 | 32, "DigiCert 'Wyvern2025h2' Log" }, | |||
2017 | { (const uint8_t[]){ | |||
2018 | 0x64, 0x11, 0xc4, 0x6c, 0xa4, 0x12, 0xec, 0xa7, 0x89, 0x1c, 0xa2, | |||
2019 | 0x02, 0x2e, 0x00, 0xbc, 0xab, 0x4f, 0x28, 0x07, 0xd4, 0x1e, 0x35, | |||
2020 | 0x27, 0xab, 0xea, 0xfe, 0xd5, 0x03, 0xc9, 0x7d, 0xcd, 0xf0, | |||
2021 | }, | |||
2022 | 32, "DigiCert 'Wyvern2026h1'" }, | |||
2023 | { (const uint8_t[]){ | |||
2024 | 0xc2, 0x31, 0x7e, 0x57, 0x45, 0x19, 0xa3, 0x45, 0xee, 0x7f, 0x38, | |||
2025 | 0xde, 0xb2, 0x90, 0x41, 0xeb, 0xc7, 0xc2, 0x21, 0x5a, 0x22, 0xbf, | |||
2026 | 0x7f, 0xd5, 0xb5, 0xad, 0x76, 0x9a, 0xd9, 0x0e, 0x52, 0xcd, | |||
2027 | }, | |||
2028 | 32, "DigiCert 'Wyvern2026h2'" }, | |||
2029 | { (const uint8_t[]){ | |||
2030 | 0xdb, 0x07, 0x6c, 0xde, 0x6a, 0x8b, 0x78, 0xec, 0x58, 0xd6, 0x05, | |||
2031 | 0x64, 0x96, 0xeb, 0x6a, 0x26, 0xa8, 0xc5, 0x9e, 0x72, 0x12, 0x93, | |||
2032 | 0xe8, 0xac, 0x03, 0x27, 0xdd, 0xde, 0x89, 0xdb, 0x5a, 0x2a, | |||
2033 | }, | |||
2034 | 32, "DigiCert 'Sphinx2024h1' Log" }, | |||
2035 | { (const uint8_t[]){ | |||
2036 | 0xdc, 0xc9, 0x5e, 0x6f, 0xa2, 0x99, 0xb9, 0xb0, 0xfd, 0xbd, 0x6c, | |||
2037 | 0xa6, 0xa3, 0x6e, 0x1d, 0x72, 0xc4, 0x21, 0x2f, 0xdd, 0x1e, 0x0f, | |||
2038 | 0x47, 0x55, 0x3a, 0x36, 0xd6, 0xcf, 0x1a, 0xd1, 0x1d, 0x8d, | |||
2039 | }, | |||
2040 | 32, "DigiCert 'Sphinx2024h2' Log" }, | |||
2041 | { (const uint8_t[]){ | |||
2042 | 0xde, 0x85, 0x81, 0xd7, 0x50, 0x24, 0x7c, 0x6b, 0xcd, 0xcb, 0xaf, | |||
2043 | 0x56, 0x37, 0xc5, 0xe7, 0x81, 0xc6, 0x4c, 0xe4, 0x6e, 0xd6, 0x17, | |||
2044 | 0x63, 0x9f, 0x8f, 0x34, 0xa7, 0x26, 0xc9, 0xe2, 0xbd, 0x37, | |||
2045 | }, | |||
2046 | 32, "DigiCert 'Sphinx2025h1' Log" }, | |||
2047 | { (const uint8_t[]){ | |||
2048 | 0xa4, 0x42, 0xc5, 0x06, 0x49, 0x60, 0x61, 0x54, 0x8f, 0x0f, 0xd4, | |||
2049 | 0xea, 0x9c, 0xfb, 0x7a, 0x2d, 0x26, 0x45, 0x4d, 0x87, 0xa9, 0x7f, | |||
2050 | 0x2f, 0xdf, 0x45, 0x59, 0xf6, 0x27, 0x4f, 0x3a, 0x84, 0x54, | |||
2051 | }, | |||
2052 | 32, "DigiCert 'Sphinx2025h2' Log" }, | |||
2053 | { (const uint8_t[]){ | |||
2054 | 0x49, 0x9c, 0x9b, 0x69, 0xde, 0x1d, 0x7c, 0xec, 0xfc, 0x36, 0xde, | |||
2055 | 0xcd, 0x87, 0x64, 0xa6, 0xb8, 0x5b, 0xaf, 0x0a, 0x87, 0x80, 0x19, | |||
2056 | 0xd1, 0x55, 0x52, 0xfb, 0xe9, 0xeb, 0x29, 0xdd, 0xf8, 0xc3, | |||
2057 | }, | |||
2058 | 32, "DigiCert 'Sphinx2026h1'" }, | |||
2059 | { (const uint8_t[]){ | |||
2060 | 0x94, 0x4e, 0x43, 0x87, 0xfa, 0xec, 0xc1, 0xef, 0x81, 0xf3, 0x19, | |||
2061 | 0x24, 0x26, 0xa8, 0x18, 0x65, 0x01, 0xc7, 0xd3, 0x5f, 0x38, 0x02, | |||
2062 | 0x01, 0x3f, 0x72, 0x67, 0x7d, 0x55, 0x37, 0x2e, 0x19, 0xd8, | |||
2063 | }, | |||
2064 | 32, "DigiCert 'Sphinx2026h2'" }, | |||
2065 | { (const uint8_t[]){ | |||
2066 | 0xdd, 0xeb, 0x1d, 0x2b, 0x7a, 0x0d, 0x4f, 0xa6, 0x20, 0x8b, 0x81, | |||
2067 | 0xad, 0x81, 0x68, 0x70, 0x7e, 0x2e, 0x8e, 0x9d, 0x01, 0xd5, 0x5c, | |||
2068 | 0x88, 0x8d, 0x3d, 0x11, 0xc4, 0xcd, 0xb6, 0xec, 0xbe, 0xcc, | |||
2069 | }, | |||
2070 | 32, "Symantec log" }, | |||
2071 | { (const uint8_t[]){ | |||
2072 | 0xbc, 0x78, 0xe1, 0xdf, 0xc5, 0xf6, 0x3c, 0x68, 0x46, 0x49, 0x33, | |||
2073 | 0x4d, 0xa1, 0x0f, 0xa1, 0x5f, 0x09, 0x79, 0x69, 0x20, 0x09, 0xc0, | |||
2074 | 0x81, 0xb4, 0xf3, 0xf6, 0x91, 0x7f, 0x3e, 0xd9, 0xb8, 0xa5, | |||
2075 | }, | |||
2076 | 32, "Symantec 'Vega' log" }, | |||
2077 | { (const uint8_t[]){ | |||
2078 | 0x15, 0x97, 0x04, 0x88, 0xd7, 0xb9, 0x97, 0xa0, 0x5b, 0xeb, 0x52, | |||
2079 | 0x51, 0x2a, 0xde, 0xe8, 0xd2, 0xe8, 0xb4, 0xa3, 0x16, 0x52, 0x64, | |||
2080 | 0x12, 0x1a, 0x9f, 0xab, 0xfb, 0xd5, 0xf8, 0x5a, 0xd9, 0x3f, | |||
2081 | }, | |||
2082 | 32, "Symantec 'Sirius' log" }, | |||
2083 | { (const uint8_t[]){ | |||
2084 | 0x05, 0x9c, 0x01, 0xd3, 0x20, 0xe0, 0x07, 0x84, 0x13, 0x95, 0x80, | |||
2085 | 0x49, 0x8d, 0x11, 0x7c, 0x90, 0x32, 0x66, 0xaf, 0xaf, 0x72, 0x50, | |||
2086 | 0xb5, 0xaf, 0x3b, 0x46, 0xa4, 0x3e, 0x11, 0x84, 0x0d, 0x4a, | |||
2087 | }, | |||
2088 | 32, "DigiCert Yeti2022-2 Log" }, | |||
2089 | { (const uint8_t[]){ | |||
2090 | 0xc1, 0x16, 0x4a, 0xe0, 0xa7, 0x72, 0xd2, 0xd4, 0x39, 0x2d, 0xc8, | |||
2091 | 0x0a, 0xc1, 0x07, 0x70, 0xd4, 0xf0, 0xc4, 0x9b, 0xde, 0x99, 0x1a, | |||
2092 | 0x48, 0x40, 0xc1, 0xfa, 0x07, 0x51, 0x64, 0xf6, 0x33, 0x60, | |||
2093 | }, | |||
2094 | 32, "DigiCert Yeti2018 Log" }, | |||
2095 | { (const uint8_t[]){ | |||
2096 | 0xe2, 0x69, 0x4b, 0xae, 0x26, 0xe8, 0xe9, 0x40, 0x09, 0xe8, 0x86, | |||
2097 | 0x1b, 0xb6, 0x3b, 0x83, 0xd4, 0x3e, 0xe7, 0xfe, 0x74, 0x88, 0xfb, | |||
2098 | 0xa4, 0x8f, 0x28, 0x93, 0x01, 0x9d, 0xdd, 0xf1, 0xdb, 0xfe, | |||
2099 | }, | |||
2100 | 32, "DigiCert Yeti2019 Log" }, | |||
2101 | { (const uint8_t[]){ | |||
2102 | 0x6f, 0xf1, 0x41, 0xb5, 0x64, 0x7e, 0x42, 0x22, 0xf7, 0xef, 0x05, | |||
2103 | 0x2c, 0xef, 0xae, 0x7c, 0x21, 0xfd, 0x60, 0x8e, 0x27, 0xd2, 0xaf, | |||
2104 | 0x5a, 0x6e, 0x9f, 0x4b, 0x8a, 0x37, 0xd6, 0x63, 0x3e, 0xe5, | |||
2105 | }, | |||
2106 | 32, "DigiCert Nessie2018 Log" }, | |||
2107 | { (const uint8_t[]){ | |||
2108 | 0xfe, 0x44, 0x61, 0x08, 0xb1, 0xd0, 0x1a, 0xb7, 0x8a, 0x62, 0xcc, | |||
2109 | 0xfe, 0xab, 0x6a, 0xb2, 0xb2, 0xba, 0xbf, 0xf3, 0xab, 0xda, 0xd8, | |||
2110 | 0x0a, 0x4d, 0x8b, 0x30, 0xdf, 0x2d, 0x00, 0x08, 0x83, 0x0c, | |||
2111 | }, | |||
2112 | 32, "DigiCert Nessie2019 Log" }, | |||
2113 | { (const uint8_t[]){ | |||
2114 | 0xa7, 0xce, 0x4a, 0x4e, 0x62, 0x07, 0xe0, 0xad, 0xde, 0xe5, 0xfd, | |||
2115 | 0xaa, 0x4b, 0x1f, 0x86, 0x76, 0x87, 0x67, 0xb5, 0xd0, 0x02, 0xa5, | |||
2116 | 0x5d, 0x47, 0x31, 0x0e, 0x7e, 0x67, 0x0a, 0x95, 0xea, 0xb2, | |||
2117 | }, | |||
2118 | 32, "Symantec Deneb" }, | |||
2119 | { (const uint8_t[]){ | |||
2120 | 0xcd, 0xb5, 0x17, 0x9b, 0x7f, 0xc1, 0xc0, 0x46, 0xfe, 0xea, 0x31, | |||
2121 | 0x13, 0x6a, 0x3f, 0x8f, 0x00, 0x2e, 0x61, 0x82, 0xfa, 0xf8, 0x89, | |||
2122 | 0x6f, 0xec, 0xc8, 0xb2, 0xf5, 0xb5, 0xab, 0x60, 0x49, 0x00, | |||
2123 | }, | |||
2124 | 32, "Certly.IO log" }, | |||
2125 | { (const uint8_t[]){ | |||
2126 | 0x74, 0x61, 0xb4, 0xa0, 0x9c, 0xfb, 0x3d, 0x41, 0xd7, 0x51, 0x59, | |||
2127 | 0x57, 0x5b, 0x2e, 0x76, 0x49, 0xa4, 0x45, 0xa8, 0xd2, 0x77, 0x09, | |||
2128 | 0xb0, 0xcc, 0x56, 0x4a, 0x64, 0x82, 0xb7, 0xeb, 0x41, 0xa3, | |||
2129 | }, | |||
2130 | 32, "Izenpe log" }, | |||
2131 | { (const uint8_t[]){ | |||
2132 | 0x89, 0x41, 0x44, 0x9c, 0x70, 0x74, 0x2e, 0x06, 0xb9, 0xfc, 0x9c, | |||
2133 | 0xe7, 0xb1, 0x16, 0xba, 0x00, 0x24, 0xaa, 0x36, 0xd5, 0x9a, 0xf4, | |||
2134 | 0x4f, 0x02, 0x04, 0x40, 0x4f, 0x00, 0xf7, 0xea, 0x85, 0x66, | |||
2135 | }, | |||
2136 | 32, "Izenpe 'Argi' log" }, | |||
2137 | { (const uint8_t[]){ | |||
2138 | 0x41, 0xb2, 0xdc, 0x2e, 0x89, 0xe6, 0x3c, 0xe4, 0xaf, 0x1b, 0xa7, | |||
2139 | 0xbb, 0x29, 0xbf, 0x68, 0xc6, 0xde, 0xe6, 0xf9, 0xf1, 0xcc, 0x04, | |||
2140 | 0x7e, 0x30, 0xdf, 0xfa, 0xe3, 0xb3, 0xba, 0x25, 0x92, 0x63, | |||
2141 | }, | |||
2142 | 32, "WoSign log" }, | |||
2143 | { (const uint8_t[]){ | |||
2144 | 0x9e, 0x4f, 0xf7, 0x3d, 0xc3, 0xce, 0x22, 0x0b, 0x69, 0x21, 0x7c, | |||
2145 | 0x89, 0x9e, 0x46, 0x80, 0x76, 0xab, 0xf8, 0xd7, 0x86, 0x36, 0xd5, | |||
2146 | 0xcc, 0xfc, 0x85, 0xa3, 0x1a, 0x75, 0x62, 0x8b, 0xa8, 0x8b, | |||
2147 | }, | |||
2148 | 32, "WoSign CT log #1" }, | |||
2149 | { (const uint8_t[]){ | |||
2150 | 0x63, 0xd0, 0x00, 0x60, 0x26, 0xdd, 0xe1, 0x0b, 0xb0, 0x60, 0x1f, | |||
2151 | 0x45, 0x24, 0x46, 0x96, 0x5e, 0xe2, 0xb6, 0xea, 0x2c, 0xd4, 0xfb, | |||
2152 | 0xc9, 0x5a, 0xc8, 0x66, 0xa5, 0x50, 0xaf, 0x90, 0x75, 0xb7, | |||
2153 | }, | |||
2154 | 32, "WoSign log 2" }, | |||
2155 | { (const uint8_t[]){ | |||
2156 | 0xac, 0x3b, 0x9a, 0xed, 0x7f, 0xa9, 0x67, 0x47, 0x57, 0x15, 0x9e, | |||
2157 | 0x6d, 0x7d, 0x57, 0x56, 0x72, 0xf9, 0xd9, 0x81, 0x00, 0x94, 0x1e, | |||
2158 | 0x9b, 0xde, 0xff, 0xec, 0xa1, 0x31, 0x3b, 0x75, 0x78, 0x2d, | |||
2159 | }, | |||
2160 | 32, "Venafi log" }, | |||
2161 | { (const uint8_t[]){ | |||
2162 | 0x03, 0x01, 0x9d, 0xf3, 0xfd, 0x85, 0xa6, 0x9a, 0x8e, 0xbd, 0x1f, | |||
2163 | 0xac, 0xc6, 0xda, 0x9b, 0xa7, 0x3e, 0x46, 0x97, 0x74, 0xfe, 0x77, | |||
2164 | 0xf5, 0x79, 0xfc, 0x5a, 0x08, 0xb8, 0x32, 0x8c, 0x1d, 0x6b, | |||
2165 | }, | |||
2166 | 32, "Venafi Gen2 CT log" }, | |||
2167 | { (const uint8_t[]){ | |||
2168 | 0xa5, 0x77, 0xac, 0x9c, 0xed, 0x75, 0x48, 0xdd, 0x8f, 0x02, 0x5b, | |||
2169 | 0x67, 0xa2, 0x41, 0x08, 0x9d, 0xf8, 0x6e, 0x0f, 0x47, 0x6e, 0xc2, | |||
2170 | 0x03, 0xc2, 0xec, 0xbe, 0xdb, 0x18, 0x5f, 0x28, 0x26, 0x38, | |||
2171 | }, | |||
2172 | 32, "CNNIC CT log" }, | |||
2173 | { (const uint8_t[]){ | |||
2174 | 0x34, 0xbb, 0x6a, 0xd6, 0xc3, 0xdf, 0x9c, 0x03, 0xee, 0xa8, 0xa4, | |||
2175 | 0x99, 0xff, 0x78, 0x91, 0x48, 0x6c, 0x9d, 0x5e, 0x5c, 0xac, 0x92, | |||
2176 | 0xd0, 0x1f, 0x7b, 0xfd, 0x1b, 0xce, 0x19, 0xdb, 0x48, 0xef, | |||
2177 | }, | |||
2178 | 32, "StartCom log" }, | |||
2179 | { (const uint8_t[]){ | |||
2180 | 0x55, 0x81, 0xd4, 0xc2, 0x16, 0x90, 0x36, 0x01, 0x4a, 0xea, 0x0b, | |||
2181 | 0x9b, 0x57, 0x3c, 0x53, 0xf0, 0xc0, 0xe4, 0x38, 0x78, 0x70, 0x25, | |||
2182 | 0x08, 0x17, 0x2f, 0xa3, 0xaa, 0x1d, 0x07, 0x13, 0xd3, 0x0c, | |||
2183 | }, | |||
2184 | 32, "Sectigo 'Sabre' CT log" }, | |||
2185 | { (const uint8_t[]){ | |||
2186 | 0xa2, 0xe2, 0xbf, 0xd6, 0x1e, 0xde, 0x2f, 0x2f, 0x07, 0xa0, 0xd6, | |||
2187 | 0x4e, 0x6d, 0x37, 0xa7, 0xdc, 0x65, 0x43, 0xb0, 0xc6, 0xb5, 0x2e, | |||
2188 | 0xa2, 0xda, 0xb7, 0x8a, 0xf8, 0x9a, 0x6d, 0xf5, 0x17, 0xd8, | |||
2189 | }, | |||
2190 | 32, "Sectigo 'Sabre2024h1'" }, | |||
2191 | { (const uint8_t[]){ | |||
2192 | 0x19, 0x98, 0x10, 0x71, 0x09, 0xf0, 0xd6, 0x52, 0x2e, 0x30, 0x80, | |||
2193 | 0xd2, 0x9e, 0x3f, 0x64, 0xbb, 0x83, 0x6e, 0x28, 0xcc, 0xf9, 0x0f, | |||
2194 | 0x52, 0x8e, 0xee, 0xdf, 0xce, 0x4a, 0x3f, 0x16, 0xb4, 0xca, | |||
2195 | }, | |||
2196 | 32, "Sectigo 'Sabre2024h2'" }, | |||
2197 | { (const uint8_t[]){ | |||
2198 | 0xe0, 0x92, 0xb3, 0xfc, 0x0c, 0x1d, 0xc8, 0xe7, 0x68, 0x36, 0x1f, | |||
2199 | 0xde, 0x61, 0xb9, 0x96, 0x4d, 0x0a, 0x52, 0x78, 0x19, 0x8a, 0x72, | |||
2200 | 0xd6, 0x72, 0xc4, 0xb0, 0x4d, 0xa5, 0x6d, 0x6f, 0x54, 0x04, | |||
2201 | }, | |||
2202 | 32, "Sectigo 'Sabre2025h1'" }, | |||
2203 | { (const uint8_t[]){ | |||
2204 | 0x1a, 0x04, 0xff, 0x49, 0xd0, 0x54, 0x1d, 0x40, 0xaf, 0xf6, 0xa0, | |||
2205 | 0xc3, 0xbf, 0xf1, 0xd8, 0xc4, 0x67, 0x2f, 0x4e, 0xec, 0xee, 0x23, | |||
2206 | 0x40, 0x68, 0x98, 0x6b, 0x17, 0x40, 0x2e, 0xdc, 0x89, 0x7d, | |||
2207 | }, | |||
2208 | 32, "Sectigo 'Sabre2025h2'" }, | |||
2209 | { (const uint8_t[]){ | |||
2210 | 0x6f, 0x53, 0x76, 0xac, 0x31, 0xf0, 0x31, 0x19, 0xd8, 0x99, 0x00, | |||
2211 | 0xa4, 0x51, 0x15, 0xff, 0x77, 0x15, 0x1c, 0x11, 0xd9, 0x02, 0xc1, | |||
2212 | 0x00, 0x29, 0x06, 0x8d, 0xb2, 0x08, 0x9a, 0x37, 0xd9, 0x13, | |||
2213 | }, | |||
2214 | 32, "Sectigo 'Mammoth' CT log" }, | |||
2215 | { (const uint8_t[]){ | |||
2216 | 0x29, 0xd0, 0x3a, 0x1b, 0xb6, 0x74, 0xaa, 0x71, 0x1c, 0xd3, 0x03, | |||
2217 | 0x5b, 0x65, 0x57, 0xc1, 0x4f, 0x8a, 0xa7, 0x8b, 0x4f, 0xe8, 0x38, | |||
2218 | 0x94, 0x49, 0xec, 0xa4, 0x53, 0xf9, 0x44, 0xbd, 0x24, 0x68, | |||
2219 | }, | |||
2220 | 32, "Sectigo 'Mammoth2024h1'" }, | |||
2221 | { (const uint8_t[]){ | |||
2222 | 0x50, 0x85, 0x01, 0x58, 0xdc, 0xb6, 0x05, 0x95, 0xc0, 0x0e, 0x92, | |||
2223 | 0xa8, 0x11, 0x02, 0xec, 0xcd, 0xfe, 0x3f, 0x6b, 0x78, 0x58, 0x42, | |||
2224 | 0x9f, 0x57, 0x98, 0x35, 0x38, 0xc9, 0xda, 0x52, 0x50, 0x63, | |||
2225 | }, | |||
2226 | 32, "Sectigo 'Mammoth2024h1b'" }, | |||
2227 | { (const uint8_t[]){ | |||
2228 | 0xdf, 0xe1, 0x56, 0xeb, 0xaa, 0x05, 0xaf, 0xb5, 0x9c, 0x0f, 0x86, | |||
2229 | 0x71, 0x8d, 0xa8, 0xc0, 0x32, 0x4e, 0xae, 0x56, 0xd9, 0x6e, 0xa7, | |||
2230 | 0xf5, 0xa5, 0x6a, 0x01, 0xd1, 0xc1, 0x3b, 0xbe, 0x52, 0x5c, | |||
2231 | }, | |||
2232 | 32, "Sectigo 'Mammoth2024h2'" }, | |||
2233 | { (const uint8_t[]){ | |||
2234 | 0x13, 0x4a, 0xdf, 0x1a, 0xb5, 0x98, 0x42, 0x09, 0x78, 0x0c, 0x6f, | |||
2235 | 0xef, 0x4c, 0x7a, 0x91, 0xa4, 0x16, 0xb7, 0x23, 0x49, 0xce, 0x58, | |||
2236 | 0x57, 0x6a, 0xdf, 0xae, 0xda, 0xa7, 0xc2, 0xab, 0xe0, 0x22, | |||
2237 | }, | |||
2238 | 32, "Sectigo 'Mammoth2025h1'" }, | |||
2239 | { (const uint8_t[]){ | |||
2240 | 0xaf, 0x18, 0x1a, 0x28, 0xd6, 0x8c, 0xa3, 0xe0, 0xa9, 0x8a, 0x4c, | |||
2241 | 0x9c, 0x67, 0xab, 0x09, 0xf8, 0xbb, 0xbc, 0x22, 0xba, 0xae, 0xbc, | |||
2242 | 0xb1, 0x38, 0xa3, 0xa1, 0x9d, 0xd3, 0xf9, 0xb6, 0x03, 0x0d, | |||
2243 | }, | |||
2244 | 32, "Sectigo 'Mammoth2025h2'" }, | |||
2245 | { (const uint8_t[]){ | |||
2246 | 0x25, 0x2f, 0x94, 0xc2, 0x2b, 0x29, 0xe9, 0x6e, 0x9f, 0x41, 0x1a, | |||
2247 | 0x72, 0x07, 0x2b, 0x69, 0x5c, 0x5b, 0x52, 0xff, 0x97, 0xa9, 0x0d, | |||
2248 | 0x25, 0x40, 0xbb, 0xfc, 0xdc, 0x51, 0xec, 0x4d, 0xee, 0x0b, | |||
2249 | }, | |||
2250 | 32, "Sectigo 'Mammoth2026h1'" }, | |||
2251 | { (const uint8_t[]){ | |||
2252 | 0x94, 0xb1, 0xc1, 0x8a, 0xb0, 0xd0, 0x57, 0xc4, 0x7b, 0xe0, 0xac, | |||
2253 | 0x04, 0x0e, 0x1f, 0x2c, 0xbc, 0x8d, 0xc3, 0x75, 0x72, 0x7b, 0xc9, | |||
2254 | 0x51, 0xf2, 0x0a, 0x52, 0x61, 0x26, 0x86, 0x3b, 0xa7, 0x3c, | |||
2255 | }, | |||
2256 | 32, "Sectigo 'Mammoth2026h2'" }, | |||
2257 | { (const uint8_t[]){ | |||
2258 | 0x56, 0x6c, 0xd5, 0xa3, 0x76, 0xbe, 0x83, 0xdf, 0xe3, 0x42, 0xb6, | |||
2259 | 0x75, 0xc4, 0x9c, 0x23, 0x24, 0x98, 0xa7, 0x69, 0xba, 0xc3, 0x82, | |||
2260 | 0xcb, 0xab, 0x49, 0xa3, 0x87, 0x7d, 0x9a, 0xb3, 0x2d, 0x01, | |||
2261 | }, | |||
2262 | 32, "Sectigo 'Sabre2026h1'" }, | |||
2263 | { (const uint8_t[]){ | |||
2264 | 0x1f, 0x56, 0xd1, 0xab, 0x94, 0x70, 0x4a, 0x41, 0xdd, 0x3f, 0xea, | |||
2265 | 0xfd, 0xf4, 0x69, 0x93, 0x55, 0x30, 0x2c, 0x14, 0x31, 0xbf, 0xe6, | |||
2266 | 0x13, 0x46, 0x08, 0x9f, 0xff, 0xae, 0x79, 0x5d, 0xcc, 0x2f, | |||
2267 | }, | |||
2268 | 32, "Sectigo 'Sabre2026h2'" }, | |||
2269 | { (const uint8_t[]){ | |||
2270 | 0xdb, 0x76, 0xfd, 0xad, 0xac, 0x65, 0xe7, 0xd0, 0x95, 0x08, 0x88, | |||
2271 | 0x6e, 0x21, 0x59, 0xbd, 0x8b, 0x90, 0x35, 0x2f, 0x5f, 0xea, 0xd3, | |||
2272 | 0xe3, 0xdc, 0x5e, 0x22, 0xeb, 0x35, 0x0a, 0xcc, 0x7b, 0x98, | |||
2273 | }, | |||
2274 | 32, "Sectigo 'Dodo' CT log" }, | |||
2275 | { (const uint8_t[]){ | |||
2276 | 0xe7, 0x12, 0xf2, 0xb0, 0x37, 0x7e, 0x1a, 0x62, 0xfb, 0x8e, 0xc9, | |||
2277 | 0x0c, 0x61, 0x84, 0xf1, 0xea, 0x7b, 0x37, 0xcb, 0x56, 0x1d, 0x11, | |||
2278 | 0x26, 0x5b, 0xf3, 0xe0, 0xf3, 0x4b, 0xf2, 0x41, 0x54, 0x6e, | |||
2279 | }, | |||
2280 | 32, "Let's Encrypt 'Oak2020' log" }, | |||
2281 | { (const uint8_t[]){ | |||
2282 | 0x94, 0x20, 0xbc, 0x1e, 0x8e, 0xd5, 0x8d, 0x6c, 0x88, 0x73, 0x1f, | |||
2283 | 0x82, 0x8b, 0x22, 0x2c, 0x0d, 0xd1, 0xda, 0x4d, 0x5e, 0x6c, 0x4f, | |||
2284 | 0x94, 0x3d, 0x61, 0xdb, 0x4e, 0x2f, 0x58, 0x4d, 0xa2, 0xc2, | |||
2285 | }, | |||
2286 | 32, "Let's Encrypt 'Oak2021' log" }, | |||
2287 | { (const uint8_t[]){ | |||
2288 | 0xdf, 0xa5, 0x5e, 0xab, 0x68, 0x82, 0x4f, 0x1f, 0x6c, 0xad, 0xee, | |||
2289 | 0xb8, 0x5f, 0x4e, 0x3e, 0x5a, 0xea, 0xcd, 0xa2, 0x12, 0xa4, 0x6a, | |||
2290 | 0x5e, 0x8e, 0x3b, 0x12, 0xc0, 0x20, 0x44, 0x5c, 0x2a, 0x73, | |||
2291 | }, | |||
2292 | 32, "Let's Encrypt 'Oak2022' log" }, | |||
2293 | { (const uint8_t[]){ | |||
2294 | 0xb7, 0x3e, 0xfb, 0x24, 0xdf, 0x9c, 0x4d, 0xba, 0x75, 0xf2, 0x39, | |||
2295 | 0xc5, 0xba, 0x58, 0xf4, 0x6c, 0x5d, 0xfc, 0x42, 0xcf, 0x7a, 0x9f, | |||
2296 | 0x35, 0xc4, 0x9e, 0x1d, 0x09, 0x81, 0x25, 0xed, 0xb4, 0x99, | |||
2297 | }, | |||
2298 | 32, "Let's Encrypt 'Oak2023' log" }, | |||
2299 | { (const uint8_t[]){ | |||
2300 | 0x3b, 0x53, 0x77, 0x75, 0x3e, 0x2d, 0xb9, 0x80, 0x4e, 0x8b, 0x30, | |||
2301 | 0x5b, 0x06, 0xfe, 0x40, 0x3b, 0x67, 0xd8, 0x4f, 0xc3, 0xf4, 0xc7, | |||
2302 | 0xbd, 0x00, 0x0d, 0x2d, 0x72, 0x6f, 0xe1, 0xfa, 0xd4, 0x17, | |||
2303 | }, | |||
2304 | 32, "Let's Encrypt 'Oak2024H1' log" }, | |||
2305 | { (const uint8_t[]){ | |||
2306 | 0x3f, 0x17, 0x4b, 0x4f, 0xd7, 0x22, 0x47, 0x58, 0x94, 0x1d, 0x65, | |||
2307 | 0x1c, 0x84, 0xbe, 0x0d, 0x12, 0xed, 0x90, 0x37, 0x7f, 0x1f, 0x85, | |||
2308 | 0x6a, 0xeb, 0xc1, 0xbf, 0x28, 0x85, 0xec, 0xf8, 0x64, 0x6e, | |||
2309 | }, | |||
2310 | 32, "Let's Encrypt 'Oak2024H2' log" }, | |||
2311 | { (const uint8_t[]){ | |||
2312 | 0xa2, 0xe3, 0x0a, 0xe4, 0x45, 0xef, 0xbd, 0xad, 0x9b, 0x7e, 0x38, | |||
2313 | 0xed, 0x47, 0x67, 0x77, 0x53, 0xd7, 0x82, 0x5b, 0x84, 0x94, 0xd7, | |||
2314 | 0x2b, 0x5e, 0x1b, 0x2c, 0xc4, 0xb9, 0x50, 0xa4, 0x47, 0xe7, | |||
2315 | }, | |||
2316 | 32, "Let's Encrypt 'Oak2025h1'" }, | |||
2317 | { (const uint8_t[]){ | |||
2318 | 0x0d, 0xe1, 0xf2, 0x30, 0x2b, 0xd3, 0x0d, 0xc1, 0x40, 0x62, 0x12, | |||
2319 | 0x09, 0xea, 0x55, 0x2e, 0xfc, 0x47, 0x74, 0x7c, 0xb1, 0xd7, 0xe9, | |||
2320 | 0x30, 0xef, 0x0e, 0x42, 0x1e, 0xb4, 0x7e, 0x4e, 0xaa, 0x34, | |||
2321 | }, | |||
2322 | 32, "Let's Encrypt 'Oak2025h2'" }, | |||
2323 | { (const uint8_t[]){ | |||
2324 | 0x19, 0x86, 0xd4, 0xc7, 0x28, 0xaa, 0x6f, 0xfe, 0xba, 0x03, 0x6f, | |||
2325 | 0x78, 0x2a, 0x4d, 0x01, 0x91, 0xaa, 0xce, 0x2d, 0x72, 0x31, 0x0f, | |||
2326 | 0xae, 0xce, 0x5d, 0x70, 0x41, 0x2d, 0x25, 0x4c, 0xc7, 0xd4, | |||
2327 | }, | |||
2328 | 32, "Let's Encrypt 'Oak2026h1'" }, | |||
2329 | { (const uint8_t[]){ | |||
2330 | 0xac, 0xab, 0x30, 0x70, 0x6c, 0xeb, 0xec, 0x84, 0x31, 0xf4, 0x13, | |||
2331 | 0xd2, 0xf4, 0x91, 0x5f, 0x11, 0x1e, 0x42, 0x24, 0x43, 0xb1, 0xf2, | |||
2332 | 0xa6, 0x8c, 0x4f, 0x3c, 0x2b, 0x3b, 0xa7, 0x1e, 0x02, 0xc3, | |||
2333 | }, | |||
2334 | 32, "Let's Encrypt 'Oak2026h2'" }, | |||
2335 | { (const uint8_t[]){ | |||
2336 | 0x65, 0x9b, 0x33, 0x50, 0xf4, 0x3b, 0x12, 0xcc, 0x5e, 0xa5, 0xab, | |||
2337 | 0x4e, 0xc7, 0x65, 0xd3, 0xfd, 0xe6, 0xc8, 0x82, 0x43, 0x77, 0x77, | |||
2338 | 0x78, 0xe7, 0x20, 0x03, 0xf9, 0xeb, 0x2b, 0x8c, 0x31, 0x29, | |||
2339 | }, | |||
2340 | 32, "Let's Encrypt 'Oak2019' log" }, | |||
2341 | { (const uint8_t[]){ | |||
2342 | 0x84, 0x9f, 0x5f, 0x7f, 0x58, 0xd2, 0xbf, 0x7b, 0x54, 0xec, 0xbd, | |||
2343 | 0x74, 0x61, 0x1c, 0xea, 0x45, 0xc4, 0x9c, 0x98, 0xf1, 0xd6, 0x48, | |||
2344 | 0x1b, 0xc6, 0xf6, 0x9e, 0x8c, 0x17, 0x4f, 0x24, 0xf3, 0xcf, | |||
2345 | }, | |||
2346 | 32, "Let's Encrypt 'Testflume2019' log" }, | |||
2347 | { (const uint8_t[]){ | |||
2348 | 0x23, 0x2d, 0x41, 0xa4, 0xcd, 0xac, 0x87, 0xce, 0xd9, 0xf9, 0x43, | |||
2349 | 0xf4, 0x68, 0xc2, 0x82, 0x09, 0x5a, 0xe0, 0x9d, 0x30, 0xd6, 0x2e, | |||
2350 | 0x2f, 0xa6, 0x5d, 0xdc, 0x3b, 0x91, 0x9c, 0x2e, 0x46, 0x8f, | |||
2351 | }, | |||
2352 | 32, "Let's Encrypt 'Sapling 2022h2' log" }, | |||
2353 | { (const uint8_t[]){ | |||
2354 | 0xc1, 0x83, 0x24, 0x0b, 0xf1, 0xa4, 0x50, 0xc7, 0x6f, 0xbb, 0x00, | |||
2355 | 0x72, 0x69, 0xdc, 0xac, 0x3b, 0xe2, 0x2a, 0x48, 0x05, 0xd4, 0xdb, | |||
2356 | 0xe0, 0x49, 0x66, 0xc3, 0xc8, 0xab, 0xc4, 0x47, 0xb0, 0x0c, | |||
2357 | }, | |||
2358 | 32, "Let's Encrypt 'Sapling 2023h1' log" }, | |||
2359 | { (const uint8_t[]){ | |||
2360 | 0xc6, 0x3f, 0x22, 0x18, 0xc3, 0x7d, 0x56, 0xa6, 0xaa, 0x06, 0xb5, | |||
2361 | 0x96, 0xda, 0x8e, 0x53, 0xd4, 0xd7, 0x15, 0x6d, 0x1e, 0x9b, 0xac, | |||
2362 | 0x8e, 0x44, 0xd2, 0x20, 0x2d, 0xe6, 0x4d, 0x69, 0xd9, 0xdc, | |||
2363 | }, | |||
2364 | 32, "Let's Encrypt 'Testflume2020' log" }, | |||
2365 | { (const uint8_t[]){ | |||
2366 | 0x03, 0xed, 0xf1, 0xda, 0x97, 0x76, 0xb6, 0xf3, 0x8c, 0x34, 0x1e, | |||
2367 | 0x39, 0xed, 0x9d, 0x70, 0x7a, 0x75, 0x70, 0x36, 0x9c, 0xf9, 0x84, | |||
2368 | 0x4f, 0x32, 0x7f, 0xe9, 0xe1, 0x41, 0x38, 0x36, 0x1b, 0x60, | |||
2369 | }, | |||
2370 | 32, "Let's Encrypt 'Testflume2021' log" }, | |||
2371 | { (const uint8_t[]){ | |||
2372 | 0x23, 0x27, 0xef, 0xda, 0x35, 0x25, 0x10, 0xdb, 0xc0, 0x19, 0xef, | |||
2373 | 0x49, 0x1a, 0xe3, 0xff, 0x1c, 0xc5, 0xa4, 0x79, 0xbc, 0xe3, 0x78, | |||
2374 | 0x78, 0x36, 0x0e, 0xe3, 0x18, 0xcf, 0xfb, 0x64, 0xf8, 0xc8, | |||
2375 | }, | |||
2376 | 32, "Let's Encrypt 'Testflume2022' log" }, | |||
2377 | { (const uint8_t[]){ | |||
2378 | 0x55, 0x34, 0xb7, 0xab, 0x5a, 0x6a, 0xc3, 0xa7, 0xcb, 0xeb, 0xa6, | |||
2379 | 0x54, 0x87, 0xb2, 0xa2, 0xd7, 0x1b, 0x48, 0xf6, 0x50, 0xfa, 0x17, | |||
2380 | 0xc5, 0x19, 0x7c, 0x97, 0xa0, 0xcb, 0x20, 0x76, 0xf3, 0xc6, | |||
2381 | }, | |||
2382 | 32, "Let's Encrypt 'Testflume2023' log" }, | |||
2383 | { (const uint8_t[]){ | |||
2384 | 0x29, 0x6a, 0xfa, 0x2d, 0x56, 0x8b, 0xca, 0x0d, 0x2e, 0xa8, 0x44, | |||
2385 | 0x95, 0x6a, 0xe9, 0x72, 0x1f, 0xc3, 0x5f, 0xa3, 0x55, 0xec, 0xda, | |||
2386 | 0x99, 0x69, 0x3a, 0xaf, 0xd4, 0x58, 0xa7, 0x1a, 0xef, 0xdd, | |||
2387 | }, | |||
2388 | 32, "Let's Encrypt 'Clicky' log" }, | |||
2389 | { (const uint8_t[]){ | |||
2390 | 0xa5, 0x95, 0x94, 0x3b, 0x53, 0x70, 0xbe, 0xe9, 0x06, 0xe0, 0x05, | |||
2391 | 0x0d, 0x1f, 0xb5, 0xbb, 0xc6, 0xa4, 0x0e, 0x65, 0xf2, 0x65, 0xae, | |||
2392 | 0x85, 0x2c, 0x76, 0x36, 0x3f, 0xad, 0xb2, 0x33, 0x36, 0xed, | |||
2393 | }, | |||
2394 | 32, "Trust Asia Log2020" }, | |||
2395 | { (const uint8_t[]){ | |||
2396 | 0xa8, 0xdc, 0x52, 0xf6, 0x3d, 0x6b, 0x24, 0x25, 0xe5, 0x31, 0xe3, | |||
2397 | 0x7c, 0xf4, 0xe4, 0x4a, 0x71, 0x4f, 0x14, 0x2a, 0x20, 0x80, 0x3b, | |||
2398 | 0x0d, 0x04, 0xd2, 0xe2, 0xee, 0x06, 0x64, 0x79, 0x4a, 0x23, | |||
2399 | }, | |||
2400 | 32, "Trust Asia CT2021" }, | |||
2401 | { (const uint8_t[]){ | |||
2402 | 0x67, 0x8d, 0xb6, 0x5b, 0x3e, 0x74, 0x43, 0xb6, 0xf3, 0xa3, 0x70, | |||
2403 | 0xd5, 0xe1, 0x3a, 0xb1, 0xb4, 0x3b, 0xe0, 0xa0, 0xd3, 0x51, 0xf7, | |||
2404 | 0xca, 0x74, 0x22, 0x50, 0xc7, 0xc6, 0xfa, 0x51, 0xa8, 0x8a, | |||
2405 | }, | |||
2406 | 32, "Trust Asia Log2021" }, | |||
2407 | { (const uint8_t[]){ | |||
2408 | 0xc3, 0x65, 0xf9, 0xb3, 0x65, 0x4f, 0x32, 0x83, 0xc7, 0x9d, 0xa9, | |||
2409 | 0x8e, 0x93, 0xd7, 0x41, 0x8f, 0x5b, 0xab, 0x7b, 0xe3, 0x25, 0x2c, | |||
2410 | 0x98, 0xe1, 0xd2, 0xf0, 0x4b, 0xb9, 0xeb, 0x42, 0x7d, 0x23, | |||
2411 | }, | |||
2412 | 32, "Trust Asia Log2022" }, | |||
2413 | { (const uint8_t[]){ | |||
2414 | 0xe8, 0x7e, 0xa7, 0x66, 0x0b, 0xc2, 0x6c, 0xf6, 0x00, 0x2e, 0xf5, | |||
2415 | 0x72, 0x5d, 0x3f, 0xe0, 0xe3, 0x31, 0xb9, 0x39, 0x3b, 0xb9, 0x2f, | |||
2416 | 0xbf, 0x58, 0xeb, 0x3b, 0x90, 0x49, 0xda, 0xf5, 0x43, 0x5a, | |||
2417 | }, | |||
2418 | 32, "Trust Asia Log2023" }, | |||
2419 | { (const uint8_t[]){ | |||
2420 | 0x30, 0x6d, 0x29, 0x57, 0x6a, 0xd2, 0x1a, 0x9d, 0x4a, 0xe1, 0x2a, | |||
2421 | 0xca, 0xd8, 0xaa, 0x8a, 0x78, 0x3a, 0xa6, 0x5a, 0x32, 0x11, 0x60, | |||
2422 | 0xac, 0xff, 0x5b, 0x0e, 0xee, 0x4c, 0xa3, 0x20, 0x1d, 0x05, | |||
2423 | }, | |||
2424 | 32, "Trust Asia Log2024" }, | |||
2425 | { (const uint8_t[]){ | |||
2426 | 0x87, 0x4f, 0xb5, 0x0d, 0xc0, 0x29, 0xd9, 0x93, 0x1d, 0xe5, 0x73, | |||
2427 | 0xe9, 0xf2, 0x89, 0x9e, 0x8e, 0x45, 0x33, 0xb3, 0x92, 0xd3, 0x8b, | |||
2428 | 0x0a, 0x46, 0x25, 0x74, 0xbf, 0x0f, 0xee, 0xb2, 0xfc, 0x1e, | |||
2429 | }, | |||
2430 | 32, "Trust Asia Log2024-2" }, | |||
2431 | { (const uint8_t[]){ | |||
2432 | 0x28, 0xe2, 0x81, 0x38, 0xfd, 0x83, 0x21, 0x45, 0xe9, 0xa9, 0xd6, | |||
2433 | 0xaa, 0x75, 0x37, 0x6d, 0x83, 0x77, 0xa8, 0x85, 0x12, 0xb3, 0xc0, | |||
2434 | 0x7f, 0x72, 0x41, 0x48, 0x21, 0xdc, 0xbd, 0xe9, 0x8c, 0x66, | |||
2435 | }, | |||
2436 | 32, "TrustAsia Log2025a" }, | |||
2437 | { (const uint8_t[]){ | |||
2438 | 0x28, 0x2c, 0x8b, 0xdd, 0x81, 0x0f, 0xf9, 0x09, 0x12, 0x0a, 0xce, | |||
2439 | 0x16, 0xd6, 0xe0, 0xec, 0x20, 0x1b, 0xea, 0x82, 0xa3, 0xa4, 0xaf, | |||
2440 | 0x19, 0xd9, 0xef, 0xfb, 0x59, 0xe8, 0x3f, 0xdc, 0x42, 0x68, | |||
2441 | }, | |||
2442 | 32, "TrustAsia Log2025b" }, | |||
2443 | { (const uint8_t[]){ | |||
2444 | 0x74, 0xdb, 0x9d, 0x58, 0xf7, 0xd4, 0x7e, 0x9d, 0xfd, 0x78, 0x7a, | |||
2445 | 0x16, 0x2a, 0x99, 0x1c, 0x18, 0xcf, 0x69, 0x8d, 0xa7, 0xc7, 0x29, | |||
2446 | 0x91, 0x8c, 0x9a, 0x18, 0xb0, 0x45, 0x0d, 0xba, 0x44, 0xbc, | |||
2447 | }, | |||
2448 | 32, "TrustAsia 'log2026a'" }, | |||
2449 | { (const uint8_t[]){ | |||
2450 | 0x25, 0xb7, 0xef, 0xde, 0xa1, 0x13, 0x01, 0x93, 0xed, 0x93, 0x07, | |||
2451 | 0x97, 0x70, 0xaa, 0x32, 0x2a, 0x26, 0x62, 0x0d, 0xe3, 0x5a, 0xc8, | |||
2452 | 0xaa, 0x7c, 0x75, 0x19, 0x7d, 0xe0, 0xb1, 0xa9, 0xe0, 0x65, | |||
2453 | }, | |||
2454 | 32, "TrustAsia 'log2026b'" }, | |||
2455 | { (const uint8_t[]){ | |||
2456 | 0x45, 0x35, 0x94, 0x98, 0xd9, 0x3a, 0x89, 0xe0, 0x28, 0x03, 0x08, | |||
2457 | 0xd3, 0x7d, 0x62, 0x6d, 0xc4, 0x23, 0x75, 0x47, 0x58, 0xdc, 0xe0, | |||
2458 | 0x37, 0x00, 0x36, 0xfb, 0xab, 0x0e, 0xdf, 0x8a, 0x6b, 0xcf, | |||
2459 | }, | |||
2460 | 32, "Trust Asia Log1" }, | |||
2461 | { (const uint8_t[]){ | |||
2462 | 0xc9, 0xcf, 0x89, 0x0a, 0x21, 0x10, 0x9c, 0x66, 0x6c, 0xc1, 0x7a, | |||
2463 | 0x3e, 0xd0, 0x65, 0xc9, 0x30, 0xd0, 0xe0, 0x13, 0x5a, 0x9f, 0xeb, | |||
2464 | 0xa8, 0x5a, 0xf1, 0x42, 0x10, 0xb8, 0x07, 0x24, 0x21, 0xaa, | |||
2465 | }, | |||
2466 | 32, "GDCA CT log #1" }, | |||
2467 | { (const uint8_t[]){ | |||
2468 | 0x92, 0x4a, 0x30, 0xf9, 0x09, 0x33, 0x6f, 0xf4, 0x35, 0xd6, 0x99, | |||
2469 | 0x3a, 0x10, 0xac, 0x75, 0xa2, 0xc6, 0x41, 0x72, 0x8e, 0x7f, 0xc2, | |||
2470 | 0xd6, 0x59, 0xae, 0x61, 0x88, 0xff, 0xad, 0x40, 0xce, 0x01, | |||
2471 | }, | |||
2472 | 32, "GDCA CT log #2" }, | |||
2473 | { (const uint8_t[]){ | |||
2474 | 0x71, 0x7e, 0xa7, 0x42, 0x09, 0x75, 0xbe, 0x84, 0xa2, 0x72, 0x35, | |||
2475 | 0x53, 0xf1, 0x77, 0x7c, 0x26, 0xdd, 0x51, 0xaf, 0x4e, 0x10, 0x21, | |||
2476 | 0x44, 0x09, 0x4d, 0x90, 0x19, 0xb4, 0x62, 0xfb, 0x66, 0x68, | |||
2477 | }, | |||
2478 | 32, "GDCA Log 1" }, | |||
2479 | { (const uint8_t[]){ | |||
2480 | 0x14, 0x30, 0x8d, 0x90, 0xcc, 0xd0, 0x30, 0x13, 0x50, 0x05, 0xc0, | |||
2481 | 0x1c, 0xa5, 0x26, 0xd8, 0x1e, 0x84, 0xe8, 0x76, 0x24, 0xe3, 0x9b, | |||
2482 | 0x62, 0x48, 0xe0, 0x8f, 0x72, 0x4a, 0xea, 0x3b, 0xb4, 0x2a, | |||
2483 | }, | |||
2484 | 32, "GDCA Log 2" }, | |||
2485 | { (const uint8_t[]){ | |||
2486 | 0xe0, 0x12, 0x76, 0x29, 0xe9, 0x04, 0x96, 0x56, 0x4e, 0x3d, 0x01, | |||
2487 | 0x47, 0x98, 0x44, 0x98, 0xaa, 0x48, 0xf8, 0xad, 0xb1, 0x66, 0x00, | |||
2488 | 0xeb, 0x79, 0x02, 0xa1, 0xef, 0x99, 0x09, 0x90, 0x62, 0x73, | |||
2489 | }, | |||
2490 | 32, "PuChuangSiDa CT log" }, | |||
2491 | { (const uint8_t[]){ | |||
2492 | 0x53, 0x7b, 0x69, 0xa3, 0x56, 0x43, 0x35, 0xa9, 0xc0, 0x49, 0x04, | |||
2493 | 0xe3, 0x95, 0x93, 0xb2, 0xc2, 0x98, 0xeb, 0x8d, 0x7a, 0x6e, 0x83, | |||
2494 | 0x02, 0x36, 0x35, 0xc6, 0x27, 0x24, 0x8c, 0xd6, 0xb4, 0x40, | |||
2495 | }, | |||
2496 | 32, "Nordu 'flimsy' log" }, | |||
2497 | { (const uint8_t[]){ | |||
2498 | 0xaa, 0xe7, 0x0b, 0x7f, 0x3c, 0xb8, 0xd5, 0x66, 0xc8, 0x6c, 0x2f, | |||
2499 | 0x16, 0x97, 0x9c, 0x9f, 0x44, 0x5f, 0x69, 0xab, 0x0e, 0xb4, 0x53, | |||
2500 | 0x55, 0x89, 0xb2, 0xf7, 0x7a, 0x03, 0x01, 0x04, 0xf3, 0xcd, | |||
2501 | }, | |||
2502 | 32, "Nordu 'plausible' log" }, | |||
2503 | { (const uint8_t[]){ | |||
2504 | 0xcf, 0x55, 0xe2, 0x89, 0x23, 0x49, 0x7c, 0x34, 0x0d, 0x52, 0x06, | |||
2505 | 0xd0, 0x53, 0x53, 0xae, 0xb2, 0x58, 0x34, 0xb5, 0x2f, 0x1f, 0x8d, | |||
2506 | 0xc9, 0x52, 0x68, 0x09, 0xf2, 0x12, 0xef, 0xdd, 0x7c, 0xa6, | |||
2507 | }, | |||
2508 | 32, "SHECA CT log 1" }, | |||
2509 | { (const uint8_t[]){ | |||
2510 | 0x32, 0xdc, 0x59, 0xc2, 0xd4, 0xc4, 0x19, 0x68, 0xd5, 0x6e, 0x14, | |||
2511 | 0xbc, 0x61, 0xac, 0x8f, 0x0e, 0x45, 0xdb, 0x39, 0xfa, 0xf3, 0xc1, | |||
2512 | 0x55, 0xaa, 0x42, 0x52, 0xf5, 0x00, 0x1f, 0xa0, 0xc6, 0x23, | |||
2513 | }, | |||
2514 | 32, "SHECA CT log 2" }, | |||
2515 | { (const uint8_t[]){ | |||
2516 | 0x96, 0x06, 0xc0, 0x2c, 0x69, 0x00, 0x33, 0xaa, 0x1d, 0x14, 0x5f, | |||
2517 | 0x59, 0xc6, 0xe2, 0x64, 0x8d, 0x05, 0x49, 0xf0, 0xdf, 0x96, 0xaa, | |||
2518 | 0xb8, 0xdb, 0x91, 0x5a, 0x70, 0xd8, 0xec, 0xf3, 0x90, 0xa5, | |||
2519 | }, | |||
2520 | 32, "Akamai CT Log" }, | |||
2521 | { (const uint8_t[]){ | |||
2522 | 0x39, 0x37, 0x6f, 0x54, 0x5f, 0x7b, 0x46, 0x07, 0xf5, 0x97, 0x42, | |||
2523 | 0xd7, 0x68, 0xcd, 0x5d, 0x24, 0x37, 0xbf, 0x34, 0x73, 0xb6, 0x53, | |||
2524 | 0x4a, 0x48, 0x34, 0xbc, 0xf7, 0x2e, 0x68, 0x1c, 0x83, 0xc9, | |||
2525 | }, | |||
2526 | 32, "Alpha CT Log" }, | |||
2527 | { (const uint8_t[]){ | |||
2528 | 0xb0, 0xb7, 0x84, 0xbc, 0x81, 0xc0, 0xdd, 0xc4, 0x75, 0x44, 0xe8, | |||
2529 | 0x83, 0xf0, 0x59, 0x85, 0xbb, 0x90, 0x77, 0xd1, 0x34, 0xd8, 0xab, | |||
2530 | 0x88, 0xb2, 0xb2, 0xe5, 0x33, 0x98, 0x0b, 0x8e, 0x50, 0x8b, | |||
2531 | }, | |||
2532 | 32, "Up In The Air 'Behind the Sofa' log" }, | |||
2533 | { (const uint8_t[]){ | |||
2534 | 0x47, 0x44, 0x47, 0x7c, 0x75, 0xde, 0x42, 0x6d, 0x5c, 0x44, 0xef, | |||
2535 | 0xd4, 0xa9, 0x2c, 0x96, 0x77, 0x59, 0x7f, 0x65, 0x7a, 0x8f, 0xe0, | |||
2536 | 0xca, 0xdb, 0xc6, 0xd6, 0x16, 0xed, 0xa4, 0x97, 0xc4, 0x25, | |||
2537 | }, | |||
2538 | 32, "Qihoo 360 2020" }, | |||
2539 | { (const uint8_t[]){ | |||
2540 | 0xc6, 0xd7, 0xed, 0x9e, 0xdb, 0x8e, 0x74, 0xf0, 0xa7, 0x1b, 0x4d, | |||
2541 | 0x4a, 0x98, 0x4b, 0xcb, 0xeb, 0xab, 0xbd, 0x28, 0xcc, 0x1f, 0xd7, | |||
2542 | 0x63, 0x29, 0xe8, 0x87, 0x26, 0xcd, 0x4c, 0x25, 0x46, 0x63, | |||
2543 | }, | |||
2544 | 32, "Qihoo 360 2021" }, | |||
2545 | { (const uint8_t[]){ | |||
2546 | 0x66, 0x3c, 0xb0, 0x9c, 0x1f, 0xcd, 0x9b, 0xaa, 0x62, 0x76, 0x3c, | |||
2547 | 0xcb, 0x53, 0x4e, 0xec, 0x80, 0x58, 0x12, 0x28, 0x05, 0x07, 0xac, | |||
2548 | 0x69, 0xa4, 0x5f, 0xcd, 0x38, 0xcf, 0x4c, 0xc7, 0x4c, 0xf1, | |||
2549 | }, | |||
2550 | 32, "Qihoo 360 2022" }, | |||
2551 | { (const uint8_t[]){ | |||
2552 | 0xe2, 0x64, 0x7f, 0x6e, 0xda, 0x34, 0x05, 0x03, 0xc6, 0x4d, 0x4e, | |||
2553 | 0x10, 0xa8, 0x69, 0x68, 0x1f, 0xde, 0x9c, 0x5a, 0x2c, 0xf3, 0xb3, | |||
2554 | 0x2d, 0x5f, 0x20, 0x0b, 0x96, 0x36, 0x05, 0x90, 0x88, 0x23, | |||
2555 | }, | |||
2556 | 32, "Qihoo 360 2023" }, | |||
2557 | { (const uint8_t[]){ | |||
2558 | 0xc5, 0xcf, 0xe5, 0x4b, 0x61, 0x51, 0xb4, 0x9b, 0x14, 0x2e, 0xd2, | |||
2559 | 0x63, 0xbd, 0xe7, 0x32, 0x93, 0x36, 0x37, 0x99, 0x79, 0x95, 0x50, | |||
2560 | 0xae, 0x44, 0x35, 0xcd, 0x1a, 0x69, 0x97, 0xc9, 0xc3, 0xc3, | |||
2561 | }, | |||
2562 | 32, "Qihoo 360 v1 2020" }, | |||
2563 | { (const uint8_t[]){ | |||
2564 | 0x48, 0x14, 0x58, 0x7c, 0xf2, 0x8b, 0x08, 0xfe, 0x68, 0x3f, 0xd2, | |||
2565 | 0xbc, 0xd9, 0x45, 0x99, 0x4c, 0x2e, 0xb7, 0x4c, 0x8a, 0xe8, 0xc8, | |||
2566 | 0x7f, 0xce, 0x42, 0x9b, 0x7c, 0xd3, 0x1d, 0x51, 0xbd, 0xc4, | |||
2567 | }, | |||
2568 | 32, "Qihoo 360 v1 2021" }, | |||
2569 | { (const uint8_t[]){ | |||
2570 | 0x49, 0x11, 0xb8, 0xd6, 0x14, 0xcf, 0xd3, 0xd9, 0x9f, 0x16, 0xd3, | |||
2571 | 0x76, 0x54, 0x5e, 0xe1, 0xb8, 0xcc, 0xfc, 0x51, 0x1f, 0x50, 0x9f, | |||
2572 | 0x08, 0x0b, 0xa0, 0xa0, 0x87, 0xd9, 0x1d, 0xfa, 0xee, 0xa9, | |||
2573 | }, | |||
2574 | 32, "Qihoo 360 v1 2022" }, | |||
2575 | { (const uint8_t[]){ | |||
2576 | 0xb6, 0x74, 0x0b, 0x12, 0x00, 0x2e, 0x03, 0x3f, 0xd0, 0xe7, 0xe9, | |||
2577 | 0x41, 0xf4, 0xba, 0x3e, 0xe1, 0xbf, 0xc1, 0x49, 0xb5, 0x24, 0xb4, | |||
2578 | 0xcf, 0x62, 0x8d, 0x53, 0xef, 0xea, 0x1f, 0x40, 0x3a, 0x8d, | |||
2579 | }, | |||
2580 | 32, "Qihoo 360 v1 2023" }, | |||
2581 | { NULL((void*)0), 0, NULL((void*)0) } | |||
2582 | }; | |||
2583 | ||||
2584 | /* | |||
2585 | * Application-Layer Protocol Negotiation (ALPN) dissector tables. | |||
2586 | */ | |||
2587 | static dissector_table_t ssl_alpn_dissector_table; | |||
2588 | static dissector_table_t dtls_alpn_dissector_table; | |||
2589 | ||||
2590 | /* | |||
2591 | * Special cases for prefix matching of the ALPN, if the ALPN includes | |||
2592 | * a version number for a draft or protocol revision. | |||
2593 | */ | |||
2594 | typedef struct ssl_alpn_prefix_match_protocol { | |||
2595 | const char *proto_prefix; | |||
2596 | const char *dissector_name; | |||
2597 | } ssl_alpn_prefix_match_protocol_t; | |||
2598 | ||||
2599 | static const ssl_alpn_prefix_match_protocol_t ssl_alpn_prefix_match_protocols[] = { | |||
2600 | /* SPDY moves so fast, just 1, 2 and 3 are registered with IANA but there | |||
2601 | * already exists 3.1 as of this writing... match the prefix. */ | |||
2602 | { "spdy/", "spdy" }, | |||
2603 | /* draft-ietf-httpbis-http2-16 */ | |||
2604 | { "h2-", "http2" }, /* draft versions */ | |||
2605 | }; | |||
2606 | ||||
2607 | const value_string compress_certificate_algorithm_vals[] = { | |||
2608 | { 1, "zlib" }, | |||
2609 | { 2, "brotli" }, | |||
2610 | { 3, "zstd" }, | |||
2611 | { 0, NULL((void*)0) } | |||
2612 | }; | |||
2613 | ||||
2614 | ||||
2615 | const val64_string quic_transport_parameter_id[] = { | |||
2616 | { SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID0x00, "original_destination_connection_id" }, | |||
2617 | { SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT0x01, "max_idle_timeout" }, | |||
2618 | { SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN0x02, "stateless_reset_token" }, | |||
2619 | { SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE0x03, "max_udp_payload_size" }, | |||
2620 | { SSL_HND_QUIC_TP_INITIAL_MAX_DATA0x04, "initial_max_data" }, | |||
2621 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL0x05, "initial_max_stream_data_bidi_local" }, | |||
2622 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE0x06, "initial_max_stream_data_bidi_remote" }, | |||
2623 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI0x07, "initial_max_stream_data_uni" }, | |||
2624 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI0x09, "initial_max_streams_uni" }, | |||
2625 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI0x08, "initial_max_streams_bidi" }, | |||
2626 | { SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT0x0a, "ack_delay_exponent" }, | |||
2627 | { SSL_HND_QUIC_TP_MAX_ACK_DELAY0x0b, "max_ack_delay" }, | |||
2628 | { SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION0x0c, "disable_active_migration" }, | |||
2629 | { SSL_HND_QUIC_TP_PREFERRED_ADDRESS0x0d, "preferred_address" }, | |||
2630 | { SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT0x0e, "active_connection_id_limit" }, | |||
2631 | { SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID0x0f, "initial_source_connection_id" }, | |||
2632 | { SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID0x10, "retry_source_connection_id" }, | |||
2633 | { SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE0x20, "max_datagram_frame_size" }, | |||
2634 | { SSL_HND_QUIC_TP_CIBIR_ENCODING0x1000, "cibir_encoding" }, | |||
2635 | { SSL_HND_QUIC_TP_LOSS_BITS0x1057, "loss_bits" }, | |||
2636 | { SSL_HND_QUIC_TP_GREASE_QUIC_BIT0x2ab2, "grease_quic_bit" }, | |||
2637 | { SSL_HND_QUIC_TP_ENABLE_TIME_STAMP0x7157, "enable_time_stamp" }, | |||
2638 | { SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V20x7158, "enable_time_stamp_v2" }, | |||
2639 | { SSL_HND_QUIC_TP_VERSION_INFORMATION0x11, "version_information" }, | |||
2640 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD0xde1a, "min_ack_delay" }, | |||
2641 | { SSL_HND_QUIC_TP_GOOGLE_USER_AGENT0x3129, "google_user_agent" }, | |||
2642 | { SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED0x312B, "google_key_update_not_yet_supported" }, | |||
2643 | { SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION0x4752, "google_quic_version" }, | |||
2644 | { SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT0x3127, "google_initial_rtt" }, | |||
2645 | { SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE0x312A, "google_support_handshake_done" }, | |||
2646 | { SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS0x4751, "google_quic_params" }, | |||
2647 | { SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS0x3128, "google_connection_options" }, | |||
2648 | { SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY0xFF00, "facebook_partial_reliability" }, | |||
2649 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V10xFF03DE1A, "min_ack_delay (draft-01)" }, | |||
2650 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT050xff04de1a, "min_ack_delay (draft-05)" }, | |||
2651 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY0xff04de1b, "min_ack_delay" }, | |||
2652 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT040x0f739bbc1b666d04, "enable_multipath (draft-04)" }, | |||
2653 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT050x0f739bbc1b666d05, "enable_multipath (draft-05)" }, | |||
2654 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH0x0f739bbc1b666d06, "enable_multipath (draft-06)" }, | |||
2655 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATHS0x0f739bbc1b666d07, "initial_max_paths (draft-07/08)" }, | |||
2656 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT090x0f739bbc1b666d09, "initial_max_path_id (draft-09/10)" }, | |||
2657 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID0x0f739bbc1b666d11, "initial_max_path_id" }, | |||
2658 | { 0, NULL((void*)0) } | |||
2659 | }; | |||
2660 | ||||
2661 | /* https://tools.ietf.org/html/draft-huitema-quic-ts-03 */ | |||
2662 | const val64_string quic_enable_time_stamp_v2_vals[] = { | |||
2663 | { 1, "I would like to receive TIME_STAMP frames" }, | |||
2664 | { 2, "I am able to generate TIME_STAMP frames" }, | |||
2665 | { 3, "I am able to generate TIME_STAMP frames and I would like to receive them" }, | |||
2666 | { 0, NULL((void*)0) } | |||
2667 | }; | |||
2668 | ||||
2669 | /* https://tools.ietf.org/html/draft-multipath-04 */ | |||
2670 | const val64_string quic_enable_multipath_vals[] = { | |||
2671 | { 0, "don't support multipath" }, | |||
2672 | { 1, "support multipath as defined in this document" }, | |||
2673 | { 0, NULL((void*)0) } | |||
2674 | }; | |||
2675 | ||||
2676 | /* https://www.ietf.org/archive/id/draft-ietf-tls-esni-16.txt */ | |||
2677 | const value_string tls_hello_ext_ech_clienthello_types[] = { | |||
2678 | { 0, "Outer Client Hello" }, | |||
2679 | { 1, "Inner Client Hello" }, | |||
2680 | { 0, NULL((void*)0) } | |||
2681 | }; | |||
2682 | ||||
2683 | /* RFC 9180 */ | |||
2684 | const value_string kem_id_type_vals[] = { | |||
2685 | { 0x0000, "Reserved" }, | |||
2686 | { 0x0010, "DHKEM(P-256, HKDF-SHA256)" }, | |||
2687 | { 0x0011, "DHKEM(P-384, HKDF-SHA384)" }, | |||
2688 | { 0x0012, "DHKEM(P-521, HKDF-SHA512)" }, | |||
2689 | { 0x0020, "DHKEM(X25519, HKDF-SHA256)" }, | |||
2690 | { 0x0021, "DHKEM(X448, HKDF-SHA512)" }, | |||
2691 | { 0, NULL((void*)0) } | |||
2692 | }; | |||
2693 | const value_string kdf_id_type_vals[] = { | |||
2694 | { 0x0000, "Reserved" }, | |||
2695 | { 0x0001, "HKDF-SHA256" }, | |||
2696 | { 0x0002, "HKDF-SHA384" }, | |||
2697 | { 0x0003, "HKDF-SHA512" }, | |||
2698 | { 0, NULL((void*)0) } | |||
2699 | }; | |||
2700 | const value_string aead_id_type_vals[] = { | |||
2701 | { 0x0000, "Reserved" }, | |||
2702 | { 0x0001, "AES-128-GCM" }, | |||
2703 | { 0x0002, "AES-256-GCM" }, | |||
2704 | { 0x0003, "ChaCha20Poly1305" }, | |||
2705 | { 0xFFFF, "Export-only" }, | |||
2706 | { 0, NULL((void*)0) } | |||
2707 | }; | |||
2708 | ||||
2709 | const value_string token_binding_key_parameter_vals[] = { | |||
2710 | { 0, "rsa2048_pkcs1.5" }, | |||
2711 | { 1, "rsa2048_pss" }, | |||
2712 | { 2, "ecdsap256" }, | |||
2713 | { 0, NULL((void*)0) } | |||
2714 | }; | |||
2715 | ||||
2716 | /* Lookup tables }}} */ | |||
2717 | ||||
2718 | void | |||
2719 | quic_transport_parameter_id_base_custom(char *result, uint64_t parameter_id) | |||
2720 | { | |||
2721 | const char *label; | |||
2722 | if (IS_GREASE_QUIC(parameter_id)((parameter_id) > 27 ? ((((parameter_id) - 27) % 31) == 0) : 0)) { | |||
2723 | label = "GREASE"; | |||
2724 | } else { | |||
2725 | label = val64_to_str_const(parameter_id, quic_transport_parameter_id, "Unknown"); | |||
2726 | } | |||
2727 | snprintf(result, ITEM_LABEL_LENGTH240, "%s (0x%02" PRIx64"l" "x" ")", label, parameter_id); | |||
2728 | } | |||
2729 | ||||
2730 | /* we keep this internal to packet-tls-utils, as there should be | |||
2731 | no need to access it any other way. | |||
2732 | ||||
2733 | This also allows us to hide the dependency on zlib. | |||
2734 | */ | |||
2735 | struct _SslDecompress { | |||
2736 | int compression; | |||
2737 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | |||
2738 | zlib_stream istream; | |||
2739 | #endif | |||
2740 | }; | |||
2741 | ||||
2742 | /* To assist in parsing client/server key exchange messages | |||
2743 | 0 indicates unknown */ | |||
2744 | int ssl_get_keyex_alg(int cipher) | |||
2745 | { | |||
2746 | /* Map Cipher suite number to Key Exchange algorithm {{{ */ | |||
2747 | switch(cipher) { | |||
2748 | case 0x0017: | |||
2749 | case 0x0018: | |||
2750 | case 0x0019: | |||
2751 | case 0x001a: | |||
2752 | case 0x001b: | |||
2753 | case 0x0034: | |||
2754 | case 0x003a: | |||
2755 | case 0x0046: | |||
2756 | case 0x006c: | |||
2757 | case 0x006d: | |||
2758 | case 0x0089: | |||
2759 | case 0x009b: | |||
2760 | case 0x00a6: | |||
2761 | case 0x00a7: | |||
2762 | case 0x00bf: | |||
2763 | case 0x00c5: | |||
2764 | case 0xc084: | |||
2765 | case 0xc085: | |||
2766 | return KEX_DH_ANON0x13; | |||
2767 | case 0x000b: | |||
2768 | case 0x000c: | |||
2769 | case 0x000d: | |||
2770 | case 0x0030: | |||
2771 | case 0x0036: | |||
2772 | case 0x003e: | |||
2773 | case 0x0042: | |||
2774 | case 0x0068: | |||
2775 | case 0x0085: | |||
2776 | case 0x0097: | |||
2777 | case 0x00a4: | |||
2778 | case 0x00a5: | |||
2779 | case 0x00bb: | |||
2780 | case 0x00c1: | |||
2781 | case 0xc082: | |||
2782 | case 0xc083: | |||
2783 | return KEX_DH_DSS0x14; | |||
2784 | case 0x000e: | |||
2785 | case 0x000f: | |||
2786 | case 0x0010: | |||
2787 | case 0x0031: | |||
2788 | case 0x0037: | |||
2789 | case 0x003f: | |||
2790 | case 0x0043: | |||
2791 | case 0x0069: | |||
2792 | case 0x0086: | |||
2793 | case 0x0098: | |||
2794 | case 0x00a0: | |||
2795 | case 0x00a1: | |||
2796 | case 0x00bc: | |||
2797 | case 0x00c2: | |||
2798 | case 0xc07e: | |||
2799 | case 0xc07f: | |||
2800 | return KEX_DH_RSA0x15; | |||
2801 | case 0x0011: | |||
2802 | case 0x0012: | |||
2803 | case 0x0013: | |||
2804 | case 0x0032: | |||
2805 | case 0x0038: | |||
2806 | case 0x0040: | |||
2807 | case 0x0044: | |||
2808 | case 0x0063: | |||
2809 | case 0x0065: | |||
2810 | case 0x0066: | |||
2811 | case 0x006a: | |||
2812 | case 0x0087: | |||
2813 | case 0x0099: | |||
2814 | case 0x00a2: | |||
2815 | case 0x00a3: | |||
2816 | case 0x00bd: | |||
2817 | case 0x00c3: | |||
2818 | case 0xc080: | |||
2819 | case 0xc081: | |||
2820 | return KEX_DHE_DSS0x10; | |||
2821 | case 0x002d: | |||
2822 | case 0x008e: | |||
2823 | case 0x008f: | |||
2824 | case 0x0090: | |||
2825 | case 0x0091: | |||
2826 | case 0x00aa: | |||
2827 | case 0x00ab: | |||
2828 | case 0x00b2: | |||
2829 | case 0x00b3: | |||
2830 | case 0x00b4: | |||
2831 | case 0x00b5: | |||
2832 | case 0xc090: | |||
2833 | case 0xc091: | |||
2834 | case 0xc096: | |||
2835 | case 0xc097: | |||
2836 | case 0xc0a6: | |||
2837 | case 0xc0a7: | |||
2838 | case 0xc0aa: | |||
2839 | case 0xc0ab: | |||
2840 | case 0xccad: | |||
2841 | case 0xe41c: | |||
2842 | case 0xe41d: | |||
2843 | return KEX_DHE_PSK0x11; | |||
2844 | case 0x0014: | |||
2845 | case 0x0015: | |||
2846 | case 0x0016: | |||
2847 | case 0x0033: | |||
2848 | case 0x0039: | |||
2849 | case 0x0045: | |||
2850 | case 0x0067: | |||
2851 | case 0x006b: | |||
2852 | case 0x0088: | |||
2853 | case 0x009a: | |||
2854 | case 0x009e: | |||
2855 | case 0x009f: | |||
2856 | case 0x00be: | |||
2857 | case 0x00c4: | |||
2858 | case 0xc07c: | |||
2859 | case 0xc07d: | |||
2860 | case 0xc09e: | |||
2861 | case 0xc09f: | |||
2862 | case 0xc0a2: | |||
2863 | case 0xc0a3: | |||
2864 | case 0xccaa: | |||
2865 | case 0xe41e: | |||
2866 | case 0xe41f: | |||
2867 | return KEX_DHE_RSA0x12; | |||
2868 | case 0xc015: | |||
2869 | case 0xc016: | |||
2870 | case 0xc017: | |||
2871 | case 0xc018: | |||
2872 | case 0xc019: | |||
2873 | return KEX_ECDH_ANON0x19; | |||
2874 | case 0xc001: | |||
2875 | case 0xc002: | |||
2876 | case 0xc003: | |||
2877 | case 0xc004: | |||
2878 | case 0xc005: | |||
2879 | case 0xc025: | |||
2880 | case 0xc026: | |||
2881 | case 0xc02d: | |||
2882 | case 0xc02e: | |||
2883 | case 0xc074: | |||
2884 | case 0xc075: | |||
2885 | case 0xc088: | |||
2886 | case 0xc089: | |||
2887 | return KEX_ECDH_ECDSA0x1a; | |||
2888 | case 0xc00b: | |||
2889 | case 0xc00c: | |||
2890 | case 0xc00d: | |||
2891 | case 0xc00e: | |||
2892 | case 0xc00f: | |||
2893 | case 0xc029: | |||
2894 | case 0xc02a: | |||
2895 | case 0xc031: | |||
2896 | case 0xc032: | |||
2897 | case 0xc078: | |||
2898 | case 0xc079: | |||
2899 | case 0xc08c: | |||
2900 | case 0xc08d: | |||
2901 | return KEX_ECDH_RSA0x1b; | |||
2902 | case 0xc006: | |||
2903 | case 0xc007: | |||
2904 | case 0xc008: | |||
2905 | case 0xc009: | |||
2906 | case 0xc00a: | |||
2907 | case 0xc023: | |||
2908 | case 0xc024: | |||
2909 | case 0xc02b: | |||
2910 | case 0xc02c: | |||
2911 | case 0xc072: | |||
2912 | case 0xc073: | |||
2913 | case 0xc086: | |||
2914 | case 0xc087: | |||
2915 | case 0xc0ac: | |||
2916 | case 0xc0ad: | |||
2917 | case 0xc0ae: | |||
2918 | case 0xc0af: | |||
2919 | case 0xcca9: | |||
2920 | case 0xe414: | |||
2921 | case 0xe415: | |||
2922 | return KEX_ECDHE_ECDSA0x16; | |||
2923 | case 0xc033: | |||
2924 | case 0xc034: | |||
2925 | case 0xc035: | |||
2926 | case 0xc036: | |||
2927 | case 0xc037: | |||
2928 | case 0xc038: | |||
2929 | case 0xc039: | |||
2930 | case 0xc03a: | |||
2931 | case 0xc03b: | |||
2932 | case 0xc09a: | |||
2933 | case 0xc09b: | |||
2934 | case 0xccac: | |||
2935 | case 0xe418: | |||
2936 | case 0xe419: | |||
2937 | case 0xd001: | |||
2938 | case 0xd002: | |||
2939 | case 0xd003: | |||
2940 | case 0xd005: | |||
2941 | return KEX_ECDHE_PSK0x17; | |||
2942 | case 0xc010: | |||
2943 | case 0xc011: | |||
2944 | case 0xc012: | |||
2945 | case 0xc013: | |||
2946 | case 0xc014: | |||
2947 | case 0xc027: | |||
2948 | case 0xc028: | |||
2949 | case 0xc02f: | |||
2950 | case 0xc030: | |||
2951 | case 0xc076: | |||
2952 | case 0xc077: | |||
2953 | case 0xc08a: | |||
2954 | case 0xc08b: | |||
2955 | case 0xcca8: | |||
2956 | case 0xe412: | |||
2957 | case 0xe413: | |||
2958 | return KEX_ECDHE_RSA0x18; | |||
2959 | case 0x001e: | |||
2960 | case 0x001f: | |||
2961 | case 0x0020: | |||
2962 | case 0x0021: | |||
2963 | case 0x0022: | |||
2964 | case 0x0023: | |||
2965 | case 0x0024: | |||
2966 | case 0x0025: | |||
2967 | case 0x0026: | |||
2968 | case 0x0027: | |||
2969 | case 0x0028: | |||
2970 | case 0x0029: | |||
2971 | case 0x002a: | |||
2972 | case 0x002b: | |||
2973 | return KEX_KRB50x1c; | |||
2974 | case 0x002c: | |||
2975 | case 0x008a: | |||
2976 | case 0x008b: | |||
2977 | case 0x008c: | |||
2978 | case 0x008d: | |||
2979 | case 0x00a8: | |||
2980 | case 0x00a9: | |||
2981 | case 0x00ae: | |||
2982 | case 0x00af: | |||
2983 | case 0x00b0: | |||
2984 | case 0x00b1: | |||
2985 | case 0xc064: | |||
2986 | case 0xc065: | |||
2987 | case 0xc08e: | |||
2988 | case 0xc08f: | |||
2989 | case 0xc094: | |||
2990 | case 0xc095: | |||
2991 | case 0xc0a4: | |||
2992 | case 0xc0a5: | |||
2993 | case 0xc0a8: | |||
2994 | case 0xc0a9: | |||
2995 | case 0xccab: | |||
2996 | case 0xe416: | |||
2997 | case 0xe417: | |||
2998 | return KEX_PSK0x1d; | |||
2999 | case 0x0001: | |||
3000 | case 0x0002: | |||
3001 | case 0x0003: | |||
3002 | case 0x0004: | |||
3003 | case 0x0005: | |||
3004 | case 0x0006: | |||
3005 | case 0x0007: | |||
3006 | case 0x0008: | |||
3007 | case 0x0009: | |||
3008 | case 0x000a: | |||
3009 | case 0x002f: | |||
3010 | case 0x0035: | |||
3011 | case 0x003b: | |||
3012 | case 0x003c: | |||
3013 | case 0x003d: | |||
3014 | case 0x0041: | |||
3015 | case 0x0060: | |||
3016 | case 0x0061: | |||
3017 | case 0x0062: | |||
3018 | case 0x0064: | |||
3019 | case 0x0084: | |||
3020 | case 0x0096: | |||
3021 | case 0x009c: | |||
3022 | case 0x009d: | |||
3023 | case 0x00ba: | |||
3024 | case 0x00c0: | |||
3025 | case 0xc07a: | |||
3026 | case 0xc07b: | |||
3027 | case 0xc09c: | |||
3028 | case 0xc09d: | |||
3029 | case 0xc0a0: | |||
3030 | case 0xc0a1: | |||
3031 | case 0xe410: | |||
3032 | case 0xe411: | |||
3033 | case 0xfefe: | |||
3034 | case 0xfeff: | |||
3035 | case 0xffe0: | |||
3036 | case 0xffe1: | |||
3037 | return KEX_RSA0x1e; | |||
3038 | case 0x002e: | |||
3039 | case 0x0092: | |||
3040 | case 0x0093: | |||
3041 | case 0x0094: | |||
3042 | case 0x0095: | |||
3043 | case 0x00ac: | |||
3044 | case 0x00ad: | |||
3045 | case 0x00b6: | |||
3046 | case 0x00b7: | |||
3047 | case 0x00b8: | |||
3048 | case 0x00b9: | |||
3049 | case 0xc092: | |||
3050 | case 0xc093: | |||
3051 | case 0xc098: | |||
3052 | case 0xc099: | |||
3053 | case 0xccae: | |||
3054 | case 0xe41a: | |||
3055 | case 0xe41b: | |||
3056 | return KEX_RSA_PSK0x1f; | |||
3057 | case 0xc01a: | |||
3058 | case 0xc01d: | |||
3059 | case 0xc020: | |||
3060 | return KEX_SRP_SHA0x20; | |||
3061 | case 0xc01c: | |||
3062 | case 0xc01f: | |||
3063 | case 0xc022: | |||
3064 | return KEX_SRP_SHA_DSS0x21; | |||
3065 | case 0xc01b: | |||
3066 | case 0xc01e: | |||
3067 | case 0xc021: | |||
3068 | return KEX_SRP_SHA_RSA0x22; | |||
3069 | case 0xc0ff: | |||
3070 | return KEX_ECJPAKE0x24; | |||
3071 | case 0xe003: | |||
3072 | case 0xe013: | |||
3073 | case 0xe053: | |||
3074 | return KEX_ECC_SM20x26; | |||
3075 | default: | |||
3076 | break; | |||
3077 | } | |||
3078 | ||||
3079 | return 0; | |||
3080 | /* }}} */ | |||
3081 | } | |||
3082 | ||||
3083 | static wmem_list_t *connection_id_session_list; | |||
3084 | ||||
3085 | void | |||
3086 | ssl_init_cid_list(void) { | |||
3087 | connection_id_session_list = wmem_list_new(wmem_file_scope()); | |||
3088 | } | |||
3089 | ||||
3090 | void | |||
3091 | ssl_cleanup_cid_list(void) { | |||
3092 | wmem_destroy_list(connection_id_session_list); | |||
3093 | } | |||
3094 | ||||
3095 | void | |||
3096 | ssl_add_session_by_cid(SslDecryptSession *session) | |||
3097 | { | |||
3098 | wmem_list_append(connection_id_session_list, session); | |||
3099 | } | |||
3100 | ||||
3101 | SslDecryptSession * | |||
3102 | ssl_get_session_by_cid(tvbuff_t *tvb, uint32_t offset) | |||
3103 | { | |||
3104 | SslDecryptSession * ssl_cid = NULL((void*)0); | |||
3105 | wmem_list_frame_t *it = wmem_list_head(connection_id_session_list); | |||
3106 | ||||
3107 | while (it != NULL((void*)0) && ssl_cid == NULL((void*)0)) { | |||
3108 | SslDecryptSession * ssl = (SslDecryptSession *)wmem_list_frame_data(it); | |||
3109 | DISSECTOR_ASSERT(ssl != NULL)((void) ((ssl != ((void*)0)) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 3109, "ssl != ((void*)0)")))); | |||
3110 | SslSession *session = &ssl->session; | |||
3111 | ||||
3112 | if (session->client_cid_len > 0 && tvb_bytes_exist(tvb, offset, session->client_cid_len)) { | |||
3113 | if (tvb_memeql(tvb, offset, session->client_cid, session->client_cid_len) == 0) { | |||
3114 | ssl_cid = ssl; | |||
3115 | } | |||
3116 | } | |||
3117 | ||||
3118 | if (session->server_cid_len > 0) { | |||
3119 | if (tvb_memeql(tvb, offset, session->server_cid, session->server_cid_len) == 0) { | |||
3120 | ssl_cid = ssl; | |||
3121 | } | |||
3122 | } | |||
3123 | ||||
3124 | it = wmem_list_frame_next(it); | |||
3125 | } | |||
3126 | ||||
3127 | return ssl_cid; | |||
3128 | } | |||
3129 | ||||
3130 | /* StringInfo structure (len + data) functions {{{ */ | |||
3131 | ||||
3132 | int | |||
3133 | ssl_data_alloc(StringInfo* str, size_t len) | |||
3134 | { | |||
3135 | str->data = (unsigned char *)g_malloc(len); | |||
3136 | /* the allocator can return a null pointer for a size equal to 0, | |||
3137 | * and that must be allowed */ | |||
3138 | if (len
| |||
3139 | return -1; | |||
3140 | str->data_len = (unsigned) len; | |||
3141 | return 0; | |||
3142 | } | |||
3143 | ||||
3144 | void | |||
3145 | ssl_data_set(StringInfo* str, const unsigned char* data, unsigned len) | |||
3146 | { | |||
3147 | DISSECTOR_ASSERT(data)((void) ((data) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 3147, "data")))); | |||
3148 | memcpy(str->data, data, len); | |||
3149 | str->data_len = len; | |||
3150 | } | |||
3151 | ||||
3152 | static int | |||
3153 | ssl_data_realloc(StringInfo* str, unsigned len) | |||
3154 | { | |||
3155 | str->data = (unsigned char *)g_realloc(str->data, len); | |||
3156 | if (!str->data) | |||
3157 | return -1; | |||
3158 | str->data_len = len; | |||
3159 | return 0; | |||
3160 | } | |||
3161 | ||||
3162 | static StringInfo * | |||
3163 | ssl_data_clone(StringInfo *str) | |||
3164 | { | |||
3165 | StringInfo *cloned_str; | |||
3166 | cloned_str = (StringInfo *) wmem_alloc0(wmem_file_scope(), | |||
3167 | sizeof(StringInfo) + str->data_len); | |||
3168 | cloned_str->data = (unsigned char *) (cloned_str + 1); | |||
3169 | ssl_data_set(cloned_str, str->data, str->data_len); | |||
3170 | return cloned_str; | |||
3171 | } | |||
3172 | ||||
3173 | static int | |||
3174 | ssl_data_copy(StringInfo* dst, StringInfo* src) | |||
3175 | { | |||
3176 | if (dst->data_len < src->data_len) { | |||
3177 | if (ssl_data_realloc(dst, src->data_len)) | |||
3178 | return -1; | |||
3179 | } | |||
3180 | memcpy(dst->data, src->data, src->data_len); | |||
3181 | dst->data_len = src->data_len; | |||
3182 | return 0; | |||
3183 | } | |||
3184 | ||||
3185 | /* from_hex converts |hex_len| bytes of hex data from |in| and sets |*out| to | |||
3186 | * the result. |out->data| will be allocated using wmem_file_scope. Returns true on | |||
3187 | * success. */ | |||
3188 | static bool_Bool from_hex(StringInfo* out, const char* in, size_t hex_len) { | |||
3189 | size_t i; | |||
3190 | ||||
3191 | if (hex_len & 1) | |||
3192 | return false0; | |||
3193 | ||||
3194 | out->data = (unsigned char *)wmem_alloc(wmem_file_scope(), hex_len / 2); | |||
3195 | for (i = 0; i < hex_len / 2; i++) { | |||
3196 | int a = ws_xton(in[i*2]); | |||
3197 | int b = ws_xton(in[i*2 + 1]); | |||
3198 | if (a == -1 || b == -1) | |||
3199 | return false0; | |||
3200 | out->data[i] = a << 4 | b; | |||
3201 | } | |||
3202 | out->data_len = (unsigned)hex_len / 2; | |||
3203 | return true1; | |||
3204 | } | |||
3205 | /* StringInfo structure (len + data) functions }}} */ | |||
3206 | ||||
3207 | ||||
3208 | /* libgcrypt wrappers for HMAC/message digest operations {{{ */ | |||
3209 | /* hmac abstraction layer */ | |||
3210 | #define SSL_HMACgcry_md_hd_t gcry_md_hd_t | |||
3211 | ||||
3212 | static inline int | |||
3213 | ssl_hmac_init(SSL_HMACgcry_md_hd_t* md, int algo) | |||
3214 | { | |||
3215 | gcry_error_t err; | |||
3216 | const char *err_str, *err_src; | |||
3217 | ||||
3218 | err = gcry_md_open(md,algo, GCRY_MD_FLAG_HMAC); | |||
3219 | if (err != 0) { | |||
3220 | err_str = gcry_strerror(err); | |||
3221 | err_src = gcry_strsource(err); | |||
3222 | ssl_debug_printf("ssl_hmac_init(): gcry_md_open failed %s/%s", err_str, err_src); | |||
3223 | return -1; | |||
3224 | } | |||
3225 | return 0; | |||
3226 | } | |||
3227 | ||||
3228 | static inline int | |||
3229 | ssl_hmac_setkey(SSL_HMACgcry_md_hd_t* md, const void * key, int len) | |||
3230 | { | |||
3231 | gcry_error_t err; | |||
3232 | const char *err_str, *err_src; | |||
3233 | ||||
3234 | err = gcry_md_setkey (*(md), key, len); | |||
3235 | if (err != 0) { | |||
3236 | err_str = gcry_strerror(err); | |||
3237 | err_src = gcry_strsource(err); | |||
3238 | ssl_debug_printf("ssl_hmac_setkey(): gcry_md_setkey failed %s/%s", err_str, err_src); | |||
3239 | return -1; | |||
3240 | } | |||
3241 | return 0; | |||
3242 | } | |||
3243 | ||||
3244 | static inline int | |||
3245 | ssl_hmac_reset(SSL_HMACgcry_md_hd_t* md) | |||
3246 | { | |||
3247 | gcry_md_reset(*md); | |||
3248 | return 0; | |||
3249 | } | |||
3250 | ||||
3251 | static inline void | |||
3252 | ssl_hmac_update(SSL_HMACgcry_md_hd_t* md, const void* data, int len) | |||
3253 | { | |||
3254 | gcry_md_write(*(md), data, len); | |||
3255 | } | |||
3256 | static inline void | |||
3257 | ssl_hmac_final(SSL_HMACgcry_md_hd_t* md, unsigned char* data, unsigned* datalen) | |||
3258 | { | |||
3259 | int algo; | |||
3260 | unsigned len; | |||
3261 | ||||
3262 | algo = gcry_md_get_algo (*(md)); | |||
3263 | len = gcry_md_get_algo_dlen(algo); | |||
3264 | DISSECTOR_ASSERT(len <= *datalen)((void) ((len <= *datalen) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 3264, "len <= *datalen")))); | |||
3265 | memcpy(data, gcry_md_read(*(md), algo), len); | |||
3266 | *datalen = len; | |||
3267 | } | |||
3268 | static inline void | |||
3269 | ssl_hmac_cleanup(SSL_HMACgcry_md_hd_t* md) | |||
3270 | { | |||
3271 | gcry_md_close(*(md)); | |||
3272 | } | |||
3273 | ||||
3274 | /* message digest abstraction layer*/ | |||
3275 | #define SSL_MDgcry_md_hd_t gcry_md_hd_t | |||
3276 | ||||
3277 | static inline int | |||
3278 | ssl_md_init(SSL_MDgcry_md_hd_t* md, int algo) | |||
3279 | { | |||
3280 | gcry_error_t err; | |||
3281 | const char *err_str, *err_src; | |||
3282 | err = gcry_md_open(md,algo, 0); | |||
3283 | if (err != 0) { | |||
3284 | err_str = gcry_strerror(err); | |||
3285 | err_src = gcry_strsource(err); | |||
3286 | ssl_debug_printf("ssl_md_init(): gcry_md_open failed %s/%s", err_str, err_src); | |||
3287 | return -1; | |||
3288 | } | |||
3289 | return 0; | |||
3290 | } | |||
3291 | static inline void | |||
3292 | ssl_md_update(SSL_MDgcry_md_hd_t* md, unsigned char* data, int len) | |||
3293 | { | |||
3294 | gcry_md_write(*(md), data, len); | |||
3295 | } | |||
3296 | static inline void | |||
3297 | ssl_md_final(SSL_MDgcry_md_hd_t* md, unsigned char* data, unsigned* datalen) | |||
3298 | { | |||
3299 | int algo; | |||
3300 | int len; | |||
3301 | algo = gcry_md_get_algo (*(md)); | |||
3302 | len = gcry_md_get_algo_dlen (algo); | |||
3303 | memcpy(data, gcry_md_read(*(md), algo), len); | |||
3304 | *datalen = len; | |||
3305 | } | |||
3306 | static inline void | |||
3307 | ssl_md_cleanup(SSL_MDgcry_md_hd_t* md) | |||
3308 | { | |||
3309 | gcry_md_close(*(md)); | |||
3310 | } | |||
3311 | ||||
3312 | static inline void | |||
3313 | ssl_md_reset(SSL_MDgcry_md_hd_t* md) | |||
3314 | { | |||
3315 | gcry_md_reset(*md); | |||
3316 | } | |||
3317 | ||||
3318 | /* md5 /sha abstraction layer */ | |||
3319 | #define SSL_SHA_CTXgcry_md_hd_t gcry_md_hd_t | |||
3320 | #define SSL_MD5_CTXgcry_md_hd_t gcry_md_hd_t | |||
3321 | ||||
3322 | static inline int | |||
3323 | ssl_sha_init(SSL_SHA_CTXgcry_md_hd_t* md) | |||
3324 | { | |||
3325 | gcry_error_t err; | |||
3326 | const char *err_str, *err_src; | |||
3327 | err = gcry_md_open(md, GCRY_MD_SHA1, 0); | |||
3328 | if (err != 0) { | |||
3329 | err_str = gcry_strerror(err); | |||
3330 | err_src = gcry_strsource(err); | |||
3331 | ssl_debug_printf("ssl_sha_init(): gcry_md_open failed %s/%s", err_str, err_src); | |||
3332 | return -1; | |||
3333 | } | |||
3334 | return 0; | |||
3335 | } | |||
3336 | static inline void | |||
3337 | ssl_sha_update(SSL_SHA_CTXgcry_md_hd_t* md, unsigned char* data, int len) | |||
3338 | { | |||
3339 | gcry_md_write(*(md), data, len); | |||
3340 | } | |||
3341 | static inline void | |||
3342 | ssl_sha_final(unsigned char* buf, SSL_SHA_CTXgcry_md_hd_t* md) | |||
3343 | { | |||
3344 | memcpy(buf, gcry_md_read(*(md), GCRY_MD_SHA1), | |||
3345 | gcry_md_get_algo_dlen(GCRY_MD_SHA1)); | |||
3346 | } | |||
3347 | ||||
3348 | static inline void | |||
3349 | ssl_sha_reset(SSL_SHA_CTXgcry_md_hd_t* md) | |||
3350 | { | |||
3351 | gcry_md_reset(*md); | |||
3352 | } | |||
3353 | ||||
3354 | static inline void | |||
3355 | ssl_sha_cleanup(SSL_SHA_CTXgcry_md_hd_t* md) | |||
3356 | { | |||
3357 | gcry_md_close(*(md)); | |||
3358 | } | |||
3359 | ||||
3360 | static inline int | |||
3361 | ssl_md5_init(SSL_MD5_CTXgcry_md_hd_t* md) | |||
3362 | { | |||
3363 | gcry_error_t err; | |||
3364 | const char *err_str, *err_src; | |||
3365 | err = gcry_md_open(md,GCRY_MD_MD5, 0); | |||
3366 | if (err != 0) { | |||
3367 | err_str = gcry_strerror(err); | |||
3368 | err_src = gcry_strsource(err); | |||
3369 | ssl_debug_printf("ssl_md5_init(): gcry_md_open failed %s/%s", err_str, err_src); | |||
3370 | return -1; | |||
3371 | } | |||
3372 | return 0; | |||
3373 | } | |||
3374 | static inline void | |||
3375 | ssl_md5_update(SSL_MD5_CTXgcry_md_hd_t* md, unsigned char* data, int len) | |||
3376 | { | |||
3377 | gcry_md_write(*(md), data, len); | |||
3378 | } | |||
3379 | static inline void | |||
3380 | ssl_md5_final(unsigned char* buf, SSL_MD5_CTXgcry_md_hd_t* md) | |||
3381 | { | |||
3382 | memcpy(buf, gcry_md_read(*(md), GCRY_MD_MD5), | |||
3383 | gcry_md_get_algo_dlen(GCRY_MD_MD5)); | |||
3384 | } | |||
3385 | ||||
3386 | static inline void | |||
3387 | ssl_md5_reset(SSL_MD5_CTXgcry_md_hd_t* md) | |||
3388 | { | |||
3389 | gcry_md_reset(*md); | |||
3390 | } | |||
3391 | ||||
3392 | static inline void | |||
3393 | ssl_md5_cleanup(SSL_MD5_CTXgcry_md_hd_t* md) | |||
3394 | { | |||
3395 | gcry_md_close(*(md)); | |||
3396 | } | |||
3397 | /* libgcrypt wrappers for HMAC/message digest operations }}} */ | |||
3398 | ||||
3399 | /* libgcrypt wrappers for Cipher state manipulation {{{ */ | |||
3400 | int | |||
3401 | ssl_cipher_setiv(SSL_CIPHER_CTXgcry_cipher_hd_t *cipher, unsigned char* iv, int iv_len) | |||
3402 | { | |||
3403 | int ret; | |||
3404 | #if 0 | |||
3405 | unsigned char *ivp; | |||
3406 | int i; | |||
3407 | gcry_cipher_hd_t c; | |||
3408 | c=(gcry_cipher_hd_t)*cipher; | |||
3409 | #endif | |||
3410 | ssl_debug_printf("--------------------------------------------------------------------"); | |||
3411 | #if 0 | |||
3412 | for(ivp=c->iv,i=0; i < iv_len; i++ ) | |||
3413 | { | |||
3414 | ssl_debug_printf("%d ",ivp[i]); | |||
3415 | i++; | |||
3416 | } | |||
3417 | #endif | |||
3418 | ssl_debug_printf("--------------------------------------------------------------------"); | |||
3419 | ret = gcry_cipher_setiv(*(cipher), iv, iv_len); | |||
3420 | #if 0 | |||
3421 | for(ivp=c->iv,i=0; i < iv_len; i++ ) | |||
3422 | { | |||
3423 | ssl_debug_printf("%d ",ivp[i]); | |||
3424 | i++; | |||
3425 | } | |||
3426 | #endif | |||
3427 | ssl_debug_printf("--------------------------------------------------------------------"); | |||
3428 | return ret; | |||
3429 | } | |||
3430 | /* stream cipher abstraction layer*/ | |||
3431 | static int | |||
3432 | ssl_cipher_init(gcry_cipher_hd_t *cipher, int algo, unsigned char* sk, | |||
3433 | unsigned char* iv, int mode) | |||
3434 | { | |||
3435 | int gcry_modes[] = { | |||
3436 | GCRY_CIPHER_MODE_STREAM, | |||
3437 | GCRY_CIPHER_MODE_CBC, | |||
3438 | GCRY_CIPHER_MODE_GCM, | |||
3439 | GCRY_CIPHER_MODE_CCM, | |||
3440 | GCRY_CIPHER_MODE_CCM, | |||
3441 | GCRY_CIPHER_MODE_POLY1305, | |||
3442 | GCRY_CIPHER_MODE_ECB, /* used for DTLSv1.3 seq number encryption */ | |||
3443 | }; | |||
3444 | int err; | |||
3445 | if (algo == -1) { | |||
3446 | /* NULL mode */ | |||
3447 | *(cipher) = (gcry_cipher_hd_t)-1; | |||
3448 | return 0; | |||
3449 | } | |||
3450 | err = gcry_cipher_open(cipher, algo, gcry_modes[mode], 0); | |||
3451 | if (err !=0) | |||
3452 | return -1; | |||
3453 | err = gcry_cipher_setkey(*(cipher), sk, gcry_cipher_get_algo_keylen (algo)); | |||
3454 | if (err != 0) | |||
3455 | return -1; | |||
3456 | /* AEAD cipher suites will set the nonce later. */ | |||
3457 | if (mode == MODE_CBC) { | |||
3458 | err = gcry_cipher_setiv(*(cipher), iv, gcry_cipher_get_algo_blklen(algo)); | |||
3459 | if (err != 0) | |||
3460 | return -1; | |||
3461 | } | |||
3462 | return 0; | |||
3463 | } | |||
3464 | static inline int | |||
3465 | ssl_cipher_decrypt(gcry_cipher_hd_t *cipher, unsigned char * out, int outl, | |||
3466 | const unsigned char * in, int inl) | |||
3467 | { | |||
3468 | if ((*cipher) == (gcry_cipher_hd_t)-1) | |||
3469 | { | |||
3470 | if (in && inl) | |||
3471 | memcpy(out, in, outl < inl ? outl : inl); | |||
3472 | return 0; | |||
3473 | } | |||
3474 | return gcry_cipher_decrypt ( *(cipher), out, outl, in, inl); | |||
3475 | } | |||
3476 | static inline int | |||
3477 | ssl_get_digest_by_name(const char*name) | |||
3478 | { | |||
3479 | return gcry_md_map_name(name); | |||
3480 | } | |||
3481 | static inline int | |||
3482 | ssl_get_cipher_by_name(const char* name) | |||
3483 | { | |||
3484 | return gcry_cipher_map_name(name); | |||
3485 | } | |||
3486 | ||||
3487 | static inline void | |||
3488 | ssl_cipher_cleanup(gcry_cipher_hd_t *cipher) | |||
3489 | { | |||
3490 | if ((*cipher) != (gcry_cipher_hd_t)-1) | |||
3491 | gcry_cipher_close(*cipher); | |||
3492 | *cipher = NULL((void*)0); | |||
3493 | } | |||
3494 | /* }}} */ | |||
3495 | ||||
3496 | /* Digests, Ciphers and Cipher Suites registry {{{ */ | |||
3497 | static const SslDigestAlgo digests[]={ | |||
3498 | {"MD5", 16}, | |||
3499 | {"SHA1", 20}, | |||
3500 | {"SHA256", 32}, | |||
3501 | {"SHA384", 48}, | |||
3502 | {"SM3", 32}, | |||
3503 | {"Not Applicable", 0}, | |||
3504 | }; | |||
3505 | ||||
3506 | #define DIGEST_MAX_SIZE48 48 | |||
3507 | ||||
3508 | /* get index digest index */ | |||
3509 | static const SslDigestAlgo * | |||
3510 | ssl_cipher_suite_dig(const SslCipherSuite *cs) { | |||
3511 | return &digests[cs->dig - DIG_MD50x40]; | |||
3512 | } | |||
3513 | ||||
3514 | static const char *ciphers[]={ | |||
3515 | "DES", | |||
3516 | "3DES", | |||
3517 | "ARCFOUR", /* libgcrypt does not support rc4, but this should be 100% compatible*/ | |||
3518 | "RFC2268_128", /* libgcrypt name for RC2 with a 128-bit key */ | |||
3519 | "IDEA", | |||
3520 | "AES", | |||
3521 | "AES256", | |||
3522 | "CAMELLIA128", | |||
3523 | "CAMELLIA256", | |||
3524 | "SEED", | |||
3525 | "CHACHA20", /* since Libgcrypt 1.7.0 */ | |||
3526 | "SM1", | |||
3527 | "SM4", | |||
3528 | "*UNKNOWN*" | |||
3529 | }; | |||
3530 | ||||
3531 | static const SslCipherSuite cipher_suites[]={ | |||
3532 | {0x0001,KEX_RSA0x1e, ENC_NULL0x3D, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_WITH_NULL_MD5 */ | |||
3533 | {0x0002,KEX_RSA0x1e, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA */ | |||
3534 | {0x0003,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ | |||
3535 | {0x0004,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_MD5 */ | |||
3536 | {0x0005,KEX_RSA0x1e, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_SHA */ | |||
3537 | {0x0006,KEX_RSA0x1e, ENC_RC20x33, DIG_MD50x40, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ | |||
3538 | {0x0007,KEX_RSA0x1e, ENC_IDEA0x34, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_IDEA_CBC_SHA */ | |||
3539 | {0x0008,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
3540 | {0x0009,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_DES_CBC_SHA */ | |||
3541 | {0x000A,KEX_RSA0x1e, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
3542 | {0x000B,KEX_DH_DSS0x14, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ | |||
3543 | {0x000C,KEX_DH_DSS0x14, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_DES_CBC_SHA */ | |||
3544 | {0x000D,KEX_DH_DSS0x14, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */ | |||
3545 | {0x000E,KEX_DH_RSA0x15, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
3546 | {0x000F,KEX_DH_RSA0x15, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_DES_CBC_SHA */ | |||
3547 | {0x0010,KEX_DH_RSA0x15, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
3548 | {0x0011,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ | |||
3549 | {0x0012,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */ | |||
3550 | {0x0013,KEX_DHE_DSS0x10, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */ | |||
3551 | {0x0014,KEX_DHE_RSA0x12, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
3552 | {0x0015,KEX_DHE_RSA0x12, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */ | |||
3553 | {0x0016,KEX_DHE_RSA0x12, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
3554 | {0x0017,KEX_DH_ANON0x13, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ | |||
3555 | {0x0018,KEX_DH_ANON0x13, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_DH_anon_WITH_RC4_128_MD5 */ | |||
3556 | {0x0019,KEX_DH_ANON0x13, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ | |||
3557 | {0x001A,KEX_DH_ANON0x13, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_DES_CBC_SHA */ | |||
3558 | {0x001B,KEX_DH_ANON0x13, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */ | |||
3559 | {0x002C,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA */ | |||
3560 | {0x002D,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA */ | |||
3561 | {0x002E,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA */ | |||
3562 | {0x002F,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA */ | |||
3563 | {0x0030,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */ | |||
3564 | {0x0031,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */ | |||
3565 | {0x0032,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */ | |||
3566 | {0x0033,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ | |||
3567 | {0x0034,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ | |||
3568 | {0x0035,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA */ | |||
3569 | {0x0036,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */ | |||
3570 | {0x0037,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */ | |||
3571 | {0x0038,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */ | |||
3572 | {0x0039,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ | |||
3573 | {0x003A,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA */ | |||
3574 | {0x003B,KEX_RSA0x1e, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA256 */ | |||
3575 | {0x003C,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ | |||
3576 | {0x003D,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ | |||
3577 | {0x003E,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */ | |||
3578 | {0x003F,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */ | |||
3579 | {0x0040,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */ | |||
3580 | {0x0041,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ | |||
3581 | {0x0042,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */ | |||
3582 | {0x0043,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */ | |||
3583 | {0x0044,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */ | |||
3584 | {0x0045,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ | |||
3585 | {0x0046,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */ | |||
3586 | {0x0060,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 */ | |||
3587 | {0x0061,KEX_RSA0x1e, ENC_RC20x33, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 */ | |||
3588 | {0x0062,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */ | |||
3589 | {0x0063,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */ | |||
3590 | {0x0064,KEX_RSA0x1e, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */ | |||
3591 | {0x0065,KEX_DHE_DSS0x10, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA */ | |||
3592 | {0x0066,KEX_DHE_DSS0x10, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_DSS_WITH_RC4_128_SHA */ | |||
3593 | {0x0067,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ | |||
3594 | {0x0068,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */ | |||
3595 | {0x0069,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */ | |||
3596 | {0x006A,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */ | |||
3597 | {0x006B,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ | |||
3598 | {0x006C,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */ | |||
3599 | {0x006D,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */ | |||
3600 | {0x0084,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ | |||
3601 | {0x0085,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */ | |||
3602 | {0x0086,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */ | |||
3603 | {0x0087,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */ | |||
3604 | {0x0088,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ | |||
3605 | {0x0089,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */ | |||
3606 | {0x008A,KEX_PSK0x1d, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_PSK_WITH_RC4_128_SHA */ | |||
3607 | {0x008B,KEX_PSK0x1d, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_3DES_EDE_CBC_SHA */ | |||
3608 | {0x008C,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_AES_128_CBC_SHA */ | |||
3609 | {0x008D,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_AES_256_CBC_SHA */ | |||
3610 | {0x008E,KEX_DHE_PSK0x11, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_PSK_WITH_RC4_128_SHA */ | |||
3611 | {0x008F,KEX_DHE_PSK0x11, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA */ | |||
3612 | {0x0090,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA */ | |||
3613 | {0x0091,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA */ | |||
3614 | {0x0092,KEX_RSA_PSK0x1f, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_PSK_WITH_RC4_128_SHA */ | |||
3615 | {0x0093,KEX_RSA_PSK0x1f, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA */ | |||
3616 | {0x0094,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA */ | |||
3617 | {0x0095,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA */ | |||
3618 | {0x0096,KEX_RSA0x1e, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_SEED_CBC_SHA */ | |||
3619 | {0x0097,KEX_DH_DSS0x14, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_SEED_CBC_SHA */ | |||
3620 | {0x0098,KEX_DH_RSA0x15, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_SEED_CBC_SHA */ | |||
3621 | {0x0099,KEX_DHE_DSS0x10, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */ | |||
3622 | {0x009A,KEX_DHE_RSA0x12, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */ | |||
3623 | {0x009B,KEX_DH_ANON0x13, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_SEED_CBC_SHA */ | |||
3624 | {0x009C,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ | |||
3625 | {0x009D,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_WITH_AES_256_GCM_SHA384 */ | |||
3626 | {0x009E,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ | |||
3627 | {0x009F,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ | |||
3628 | {0x00A0,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */ | |||
3629 | {0x00A1,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */ | |||
3630 | {0x00A2,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */ | |||
3631 | {0x00A3,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */ | |||
3632 | {0x00A4,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */ | |||
3633 | {0x00A5,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */ | |||
3634 | {0x00A6,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */ | |||
3635 | {0x00A7,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ | |||
3636 | {0x00A8,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_PSK_WITH_AES_128_GCM_SHA256 */ | |||
3637 | {0x00A9,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_PSK_WITH_AES_256_GCM_SHA384 */ | |||
3638 | {0x00AA,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */ | |||
3639 | {0x00AB,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */ | |||
3640 | {0x00AC,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 */ | |||
3641 | {0x00AD,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 */ | |||
3642 | {0x00AE,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ | |||
3643 | {0x00AF,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ | |||
3644 | {0x00B0,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA256 */ | |||
3645 | {0x00B1,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA384 */ | |||
3646 | {0x00B2,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ | |||
3647 | {0x00B3,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ | |||
3648 | {0x00B4,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA256 */ | |||
3649 | {0x00B5,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA384 */ | |||
3650 | {0x00B6,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 */ | |||
3651 | {0x00B7,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 */ | |||
3652 | {0x00B8,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA256 */ | |||
3653 | {0x00B9,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA384 */ | |||
3654 | {0x00BA,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3655 | {0x00BB,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3656 | {0x00BC,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3657 | {0x00BD,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3658 | {0x00BE,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3659 | {0x00BF,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3660 | {0x00C0,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
3661 | {0x00C1,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
3662 | {0x00C2,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
3663 | {0x00C3,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
3664 | {0x00C4,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
3665 | {0x00C5,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */ | |||
3666 | ||||
3667 | /* NOTE: TLS 1.3 cipher suites are incompatible with TLS 1.2. */ | |||
3668 | {0x1301,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_AES_128_GCM_SHA256 */ | |||
3669 | {0x1302,KEX_TLS130x23, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_AES_256_GCM_SHA384 */ | |||
3670 | {0x1303,KEX_TLS130x23, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_CHACHA20_POLY1305_SHA256 */ | |||
3671 | {0x1304,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM }, /* TLS_AES_128_CCM_SHA256 */ | |||
3672 | {0x1305,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM_8 }, /* TLS_AES_128_CCM_8_SHA256 */ | |||
3673 | {0x00C6,KEX_TLS130x23, ENC_SM40x3C, DIG_SM30x44, MODE_GCM }, /* TLS_SM4_GCM_SM3 */ | |||
3674 | ||||
3675 | {0xC001,KEX_ECDH_ECDSA0x1a, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_NULL_SHA */ | |||
3676 | {0xC002,KEX_ECDH_ECDSA0x1a, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ | |||
3677 | {0xC003,KEX_ECDH_ECDSA0x1a, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ | |||
3678 | {0xC004,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ | |||
3679 | {0xC005,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ | |||
3680 | {0xC006,KEX_ECDHE_ECDSA0x16, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ | |||
3681 | {0xC007,KEX_ECDHE_ECDSA0x16, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ | |||
3682 | {0xC008,KEX_ECDHE_ECDSA0x16, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ | |||
3683 | {0xC009,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ | |||
3684 | {0xC00A,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ | |||
3685 | {0xC00B,KEX_ECDH_RSA0x1b, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_NULL_SHA */ | |||
3686 | {0xC00C,KEX_ECDH_RSA0x1b, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */ | |||
3687 | {0xC00D,KEX_ECDH_RSA0x1b, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
3688 | {0xC00E,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ | |||
3689 | {0xC00F,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ | |||
3690 | {0xC0FF,KEX_ECJPAKE0x24, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECJPAKE_WITH_AES_128_CCM_8 */ | |||
3691 | {0xC010,KEX_ECDHE_RSA0x18, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */ | |||
3692 | {0xC011,KEX_ECDHE_RSA0x18, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ | |||
3693 | {0xC012,KEX_ECDHE_RSA0x18, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
3694 | {0xC013,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ | |||
3695 | {0xC014,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ | |||
3696 | {0xC015,KEX_ECDH_ANON0x19, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_anon_WITH_NULL_SHA */ | |||
3697 | {0xC016,KEX_ECDH_ANON0x19, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_anon_WITH_RC4_128_SHA */ | |||
3698 | {0xC017,KEX_ECDH_ANON0x19, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */ | |||
3699 | {0xC018,KEX_ECDH_ANON0x19, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */ | |||
3700 | {0xC019,KEX_ECDH_ANON0x19, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */ | |||
3701 | {0xC01A,KEX_SRP_SHA0x20, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA */ | |||
3702 | {0xC01B,KEX_SRP_SHA_RSA0x22, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA */ | |||
3703 | {0xC01C,KEX_SRP_SHA_DSS0x21, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA */ | |||
3704 | {0xC01D,KEX_SRP_SHA0x20, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_AES_128_CBC_SHA */ | |||
3705 | {0xC01E,KEX_SRP_SHA_RSA0x22, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA */ | |||
3706 | {0xC01F,KEX_SRP_SHA_DSS0x21, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA */ | |||
3707 | {0xC020,KEX_SRP_SHA0x20, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_AES_256_CBC_SHA */ | |||
3708 | {0xC021,KEX_SRP_SHA_RSA0x22, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA */ | |||
3709 | {0xC022,KEX_SRP_SHA_DSS0x21, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA */ | |||
3710 | {0xC023,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */ | |||
3711 | {0xC024,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */ | |||
3712 | {0xC025,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ | |||
3713 | {0xC026,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ | |||
3714 | {0xC027,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ | |||
3715 | {0xC028,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ | |||
3716 | {0xC029,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ | |||
3717 | {0xC02A,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ | |||
3718 | {0xC02B,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ | |||
3719 | {0xC02C,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ | |||
3720 | {0xC02D,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ | |||
3721 | {0xC02E,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ | |||
3722 | {0xC02F,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ | |||
3723 | {0xC030,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ | |||
3724 | {0xC031,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ | |||
3725 | {0xC032,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ | |||
3726 | {0xC033,KEX_ECDHE_PSK0x17, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_RC4_128_SHA */ | |||
3727 | {0xC034,KEX_ECDHE_PSK0x17, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA */ | |||
3728 | {0xC035,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA */ | |||
3729 | {0xC036,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA */ | |||
3730 | {0xC037,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ | |||
3731 | {0xC038,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 */ | |||
3732 | {0xC039,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA */ | |||
3733 | {0xC03A,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ | |||
3734 | {0xC03B,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA384 */ | |||
3735 | {0xC072,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3736 | {0xC073,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
3737 | {0xC074,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3738 | {0xC075,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
3739 | {0xC076,KEX_ECDHE_RSA0x18, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3740 | {0xC077,KEX_ECDHE_RSA0x18, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
3741 | {0xC078,KEX_ECDH_RSA0x1b, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3742 | {0xC079,KEX_ECDH_RSA0x1b, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
3743 | {0xC07A,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3744 | {0xC07B,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3745 | {0xC07C,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3746 | {0xC07D,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3747 | {0xC07E,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3748 | {0xC07F,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3749 | {0xC080,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3750 | {0xC081,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3751 | {0xC082,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3752 | {0xC083,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3753 | {0xC084,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3754 | {0xC085,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3755 | {0xC086,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3756 | {0xC087,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3757 | {0xC088,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3758 | {0xC089,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3759 | {0xC08A,KEX_ECDHE_RSA0x18, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3760 | {0xC08B,KEX_ECDHE_RSA0x18, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3761 | {0xC08C,KEX_ECDH_RSA0x1b, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3762 | {0xC08D,KEX_ECDH_RSA0x1b, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3763 | {0xC08E,KEX_PSK0x1d, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3764 | {0xC08F,KEX_PSK0x1d, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3765 | {0xC090,KEX_DHE_PSK0x11, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3766 | {0xC091,KEX_DHE_PSK0x11, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3767 | {0xC092,KEX_RSA_PSK0x1f, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ | |||
3768 | {0xC093,KEX_RSA_PSK0x1f, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ | |||
3769 | {0xC094,KEX_PSK0x1d, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3770 | {0xC095,KEX_PSK0x1d, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
3771 | {0xC096,KEX_DHE_PSK0x11, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3772 | {0xC097,KEX_DHE_PSK0x11, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
3773 | {0xC098,KEX_RSA_PSK0x1f, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3774 | {0xC099,KEX_RSA_PSK0x1f, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
3775 | {0xC09A,KEX_ECDHE_PSK0x17, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | |||
3776 | {0xC09B,KEX_ECDHE_PSK0x17, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | |||
3777 | {0xC09C,KEX_RSA0x1e, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_RSA_WITH_AES_128_CCM */ | |||
3778 | {0xC09D,KEX_RSA0x1e, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_RSA_WITH_AES_256_CCM */ | |||
3779 | {0xC09E,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_128_CCM */ | |||
3780 | {0xC09F,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_256_CCM */ | |||
3781 | {0xC0A0,KEX_RSA0x1e, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_128_CCM_8 */ | |||
3782 | {0xC0A1,KEX_RSA0x1e, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_256_CCM_8 */ | |||
3783 | {0xC0A2,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_128_CCM_8 */ | |||
3784 | {0xC0A3,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_256_CCM_8 */ | |||
3785 | {0xC0A4,KEX_PSK0x1d, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_PSK_WITH_AES_128_CCM */ | |||
3786 | {0xC0A5,KEX_PSK0x1d, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_PSK_WITH_AES_256_CCM */ | |||
3787 | {0xC0A6,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_PSK_WITH_AES_128_CCM */ | |||
3788 | {0xC0A7,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_PSK_WITH_AES_256_CCM */ | |||
3789 | {0xC0A8,KEX_PSK0x1d, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_128_CCM_8 */ | |||
3790 | {0xC0A9,KEX_PSK0x1d, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_256_CCM_8 */ | |||
3791 | {0xC0AA,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_DHE_WITH_AES_128_CCM_8 */ | |||
3792 | {0xC0AB,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_DHE_WITH_AES_256_CCM_8 */ | |||
3793 | {0xC0AC,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */ | |||
3794 | {0xC0AD,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM */ | |||
3795 | {0xC0AE,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ | |||
3796 | {0xC0AF,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */ | |||
3797 | {0xCCA8,KEX_ECDHE_RSA0x18, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ | |||
3798 | {0xCCA9,KEX_ECDHE_ECDSA0x16, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ | |||
3799 | {0xCCAA,KEX_DHE_RSA0x12, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ | |||
3800 | {0xCCAB,KEX_PSK0x1d, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | |||
3801 | {0xCCAC,KEX_ECDHE_PSK0x17, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | |||
3802 | {0xCCAD,KEX_DHE_PSK0x11, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | |||
3803 | {0xCCAE,KEX_RSA_PSK0x1f, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | |||
3804 | {0xD001,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM}, /* TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ | |||
3805 | {0xD002,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM}, /* TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 */ | |||
3806 | {0xD003,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM_8}, /* TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 */ | |||
3807 | {0xD005,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM}, /* TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 */ | |||
3808 | /* GM */ | |||
3809 | {0xe001,KEX_ECDHE_SM20x25, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* ECDHE_SM1_SM3 */ | |||
3810 | {0xe003,KEX_ECC_SM20x26, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* ECC_SM1_SM3 */ | |||
3811 | {0xe005,KEX_IBSDH_SM90x27, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* IBSDH_SM1_SM3 */ | |||
3812 | {0xe007,KEX_IBC_SM90x28, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* IBC_SM1_SM3 */ | |||
3813 | {0xe009,KEX_RSA0x1e, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* RSA_SM1_SM3 */ | |||
3814 | {0xe00a,KEX_RSA0x1e, ENC_SM10x3B, DIG_SHA0x41, MODE_CBC}, /* RSA_SM1_SHA1 */ | |||
3815 | {0xe011,KEX_ECDHE_SM20x25, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* ECDHE_SM4_CBC_SM3 */ | |||
3816 | {0xe013,KEX_ECC_SM20x26, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* ECC_SM4_CBC_SM3 */ | |||
3817 | {0xe015,KEX_IBSDH_SM90x27, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* IBSDH_SM4_CBC_SM3 */ | |||
3818 | {0xe017,KEX_IBC_SM90x28, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* IBC_SM4_CBC_SM3 */ | |||
3819 | {0xe019,KEX_RSA0x1e, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* RSA_SM4_CBC_SM3 */ | |||
3820 | {0xe01a,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA0x41, MODE_CBC}, /* RSA_SM4_CBC_SHA1 */ | |||
3821 | {0xe01c,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA2560x42, MODE_CBC}, /* RSA_SM4_CBC_SHA256 */ | |||
3822 | {0xe051,KEX_ECDHE_SM20x25, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* ECDHE_SM4_GCM_SM3 */ | |||
3823 | {0xe053,KEX_ECC_SM20x26, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* ECC_SM4_GCM_SM3 */ | |||
3824 | {0xe055,KEX_IBSDH_SM90x27, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* IBSDH_SM4_GCM_SM3 */ | |||
3825 | {0xe057,KEX_IBC_SM90x28, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* IBC_SM4_GCM_SM3 */ | |||
3826 | {0xe059,KEX_RSA0x1e, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* RSA_SM4_GCM_SM3 */ | |||
3827 | {0xe05a,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA2560x42, MODE_GCM}, /* RSA_SM4_GCM_SHA256 */ | |||
3828 | {-1, 0, 0, 0, MODE_STREAM} | |||
3829 | }; | |||
3830 | ||||
3831 | #define MAX_BLOCK_SIZE16 16 | |||
3832 | #define MAX_KEY_SIZE32 32 | |||
3833 | ||||
3834 | const SslCipherSuite * | |||
3835 | ssl_find_cipher(int num) | |||
3836 | { | |||
3837 | const SslCipherSuite *c; | |||
3838 | for(c=cipher_suites;c->number!=-1;c++){ | |||
3839 | if(c->number==num){ | |||
3840 | return c; | |||
3841 | } | |||
3842 | } | |||
3843 | ||||
3844 | return NULL((void*)0); | |||
3845 | } | |||
3846 | ||||
3847 | int | |||
3848 | ssl_get_cipher_algo(const SslCipherSuite *cipher_suite) | |||
3849 | { | |||
3850 | return gcry_cipher_map_name(ciphers[cipher_suite->enc - ENC_START0x30]); | |||
3851 | } | |||
3852 | ||||
3853 | unsigned | |||
3854 | ssl_get_cipher_blocksize(const SslCipherSuite *cipher_suite) | |||
3855 | { | |||
3856 | int cipher_algo; | |||
3857 | if (cipher_suite->mode != MODE_CBC) return 0; | |||
3858 | cipher_algo = ssl_get_cipher_by_name(ciphers[cipher_suite->enc - ENC_START0x30]); | |||
3859 | return (unsigned)gcry_cipher_get_algo_blklen(cipher_algo); | |||
3860 | } | |||
3861 | ||||
3862 | static unsigned | |||
3863 | ssl_get_cipher_export_keymat_size(int cipher_suite_num) | |||
3864 | { | |||
3865 | switch (cipher_suite_num) { | |||
3866 | /* See RFC 6101 (SSL 3.0), Table 2, column Key Material. */ | |||
3867 | case 0x0003: /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ | |||
3868 | case 0x0006: /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ | |||
3869 | case 0x0008: /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
3870 | case 0x000B: /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ | |||
3871 | case 0x000E: /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
3872 | case 0x0011: /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ | |||
3873 | case 0x0014: /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ | |||
3874 | case 0x0017: /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ | |||
3875 | case 0x0019: /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ | |||
3876 | return 5; | |||
3877 | ||||
3878 | /* not defined in below draft, but "implemented by several vendors", | |||
3879 | * https://www.ietf.org/mail-archive/web/tls/current/msg00036.html */ | |||
3880 | case 0x0060: /* TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 */ | |||
3881 | case 0x0061: /* TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 */ | |||
3882 | return 7; | |||
3883 | ||||
3884 | /* Note: the draft states that DES_CBC needs 8 bytes, but Wireshark always | |||
3885 | * used 7. Until a pcap proves 8, let's use the old value. Link: | |||
3886 | * https://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01 */ | |||
3887 | case 0x0062: /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */ | |||
3888 | case 0x0063: /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */ | |||
3889 | case 0x0064: /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */ | |||
3890 | case 0x0065: /* TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA */ | |||
3891 | return 7; | |||
3892 | ||||
3893 | default: | |||
3894 | return 0; | |||
3895 | } | |||
3896 | } | |||
3897 | ||||
3898 | /* Digests, Ciphers and Cipher Suites registry }}} */ | |||
3899 | ||||
3900 | ||||
3901 | /* HMAC and the Pseudorandom function {{{ */ | |||
3902 | static int | |||
3903 | tls_hash(StringInfo *secret, StringInfo *seed, int md, | |||
3904 | StringInfo *out, unsigned out_len) | |||
3905 | { | |||
3906 | /* RFC 2246 5. HMAC and the pseudorandom function | |||
3907 | * '+' denotes concatenation. | |||
3908 | * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + | |||
3909 | * HMAC_hash(secret, A(2) + seed) + ... | |||
3910 | * A(0) = seed | |||
3911 | * A(i) = HMAC_hash(secret, A(i - 1)) | |||
3912 | */ | |||
3913 | uint8_t *ptr; | |||
3914 | unsigned left, tocpy; | |||
3915 | uint8_t *A; | |||
3916 | uint8_t _A[DIGEST_MAX_SIZE48], tmp[DIGEST_MAX_SIZE48]; | |||
3917 | unsigned A_l, tmp_l; | |||
3918 | SSL_HMACgcry_md_hd_t hm; | |||
3919 | ||||
3920 | ptr = out->data; | |||
3921 | left = out_len; | |||
3922 | ||||
3923 | ssl_print_string("tls_hash: hash secret", secret); | |||
3924 | ssl_print_string("tls_hash: hash seed", seed); | |||
3925 | /* A(0) = seed */ | |||
3926 | A = seed->data; | |||
3927 | A_l = seed->data_len; | |||
3928 | ||||
3929 | if (ssl_hmac_init(&hm, md) != 0) { | |||
3930 | return -1; | |||
3931 | } | |||
3932 | while (left) { | |||
3933 | /* A(i) = HMAC_hash(secret, A(i-1)) */ | |||
3934 | ssl_hmac_setkey(&hm, secret->data, secret->data_len); | |||
3935 | ssl_hmac_update(&hm, A, A_l); | |||
3936 | A_l = sizeof(_A); /* upper bound len for hash output */ | |||
3937 | ssl_hmac_final(&hm, _A, &A_l); | |||
3938 | A = _A; | |||
3939 | ||||
3940 | /* HMAC_hash(secret, A(i) + seed) */ | |||
3941 | ssl_hmac_reset(&hm); | |||
3942 | ssl_hmac_setkey(&hm, secret->data, secret->data_len); | |||
3943 | ssl_hmac_update(&hm, A, A_l); | |||
3944 | ssl_hmac_update(&hm, seed->data, seed->data_len); | |||
3945 | tmp_l = sizeof(tmp); /* upper bound len for hash output */ | |||
3946 | ssl_hmac_final(&hm, tmp, &tmp_l); | |||
3947 | ssl_hmac_reset(&hm); | |||
3948 | ||||
3949 | /* ssl_hmac_final puts the actual digest output size in tmp_l */ | |||
3950 | tocpy = MIN(left, tmp_l)(((left) < (tmp_l)) ? (left) : (tmp_l)); | |||
3951 | memcpy(ptr, tmp, tocpy); | |||
3952 | ptr += tocpy; | |||
3953 | left -= tocpy; | |||
3954 | } | |||
3955 | ssl_hmac_cleanup(&hm); | |||
3956 | out->data_len = out_len; | |||
3957 | ||||
3958 | ssl_print_string("hash out", out); | |||
3959 | return 0; | |||
3960 | } | |||
3961 | ||||
3962 | static bool_Bool | |||
3963 | tls_prf(StringInfo* secret, const char *usage, | |||
3964 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) | |||
3965 | { | |||
3966 | StringInfo seed, sha_out, md5_out; | |||
3967 | uint8_t *ptr; | |||
3968 | StringInfo s1, s2; | |||
3969 | unsigned i,s_l; | |||
3970 | size_t usage_len, rnd2_len; | |||
3971 | bool_Bool success = false0; | |||
3972 | usage_len = strlen(usage); | |||
3973 | rnd2_len = rnd2 ? rnd2->data_len : 0; | |||
3974 | ||||
3975 | /* initialize buffer for sha, md5 random seed*/ | |||
3976 | if (ssl_data_alloc(&sha_out, MAX(out_len, 20)(((out_len) > (20)) ? (out_len) : (20))) < 0) { | |||
3977 | ssl_debug_printf("tls_prf: can't allocate sha out\n"); | |||
3978 | return false0; | |||
3979 | } | |||
3980 | if (ssl_data_alloc(&md5_out, MAX(out_len, 16)(((out_len) > (16)) ? (out_len) : (16))) < 0) { | |||
3981 | ssl_debug_printf("tls_prf: can't allocate md5 out\n"); | |||
3982 | goto free_sha; | |||
3983 | } | |||
3984 | if (ssl_data_alloc(&seed, usage_len+rnd1->data_len+rnd2_len) < 0) { | |||
3985 | ssl_debug_printf("tls_prf: can't allocate rnd %d\n", | |||
3986 | (int) (usage_len+rnd1->data_len+rnd2_len)); | |||
3987 | goto free_md5; | |||
3988 | } | |||
3989 | ||||
3990 | ptr=seed.data; | |||
3991 | memcpy(ptr,usage,usage_len); | |||
3992 | ptr+=usage_len; | |||
3993 | memcpy(ptr,rnd1->data,rnd1->data_len); | |||
3994 | if (rnd2_len > 0) { | |||
3995 | ptr+=rnd1->data_len; | |||
3996 | memcpy(ptr,rnd2->data,rnd2->data_len); | |||
3997 | /*ptr+=rnd2->data_len;*/ | |||
3998 | } | |||
3999 | ||||
4000 | /* initialize buffer for client/server seeds*/ | |||
4001 | s_l=secret->data_len/2 + secret->data_len%2; | |||
4002 | if (ssl_data_alloc(&s1, s_l) < 0) { | |||
4003 | ssl_debug_printf("tls_prf: can't allocate secret %d\n", s_l); | |||
4004 | goto free_seed; | |||
4005 | } | |||
4006 | if (ssl_data_alloc(&s2, s_l) < 0) { | |||
4007 | ssl_debug_printf("tls_prf: can't allocate secret(2) %d\n", s_l); | |||
4008 | goto free_s1; | |||
4009 | } | |||
4010 | ||||
4011 | memcpy(s1.data,secret->data,s_l); | |||
4012 | memcpy(s2.data,secret->data + (secret->data_len - s_l),s_l); | |||
4013 | ||||
4014 | ssl_debug_printf("tls_prf: tls_hash(md5 secret_len %d seed_len %d )\n", s1.data_len, seed.data_len); | |||
4015 | if(tls_hash(&s1, &seed, ssl_get_digest_by_name("MD5"), &md5_out, out_len) != 0) | |||
4016 | goto free_s2; | |||
4017 | ssl_debug_printf("tls_prf: tls_hash(sha)\n"); | |||
4018 | if(tls_hash(&s2, &seed, ssl_get_digest_by_name("SHA1"), &sha_out, out_len) != 0) | |||
4019 | goto free_s2; | |||
4020 | ||||
4021 | for (i = 0; i < out_len; i++) | |||
4022 | out->data[i] = md5_out.data[i] ^ sha_out.data[i]; | |||
4023 | /* success, now store the new meaningful data length */ | |||
4024 | out->data_len = out_len; | |||
4025 | success = true1; | |||
4026 | ||||
4027 | ssl_print_string("PRF out",out); | |||
4028 | free_s2: | |||
4029 | g_free(s2.data); | |||
4030 | free_s1: | |||
4031 | g_free(s1.data); | |||
4032 | free_seed: | |||
4033 | g_free(seed.data); | |||
4034 | free_md5: | |||
4035 | g_free(md5_out.data); | |||
4036 | free_sha: | |||
4037 | g_free(sha_out.data); | |||
4038 | return success; | |||
4039 | } | |||
4040 | ||||
4041 | static bool_Bool | |||
4042 | tls12_prf(int md, StringInfo* secret, const char* usage, | |||
4043 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) | |||
4044 | { | |||
4045 | StringInfo label_seed; | |||
4046 | int success; | |||
4047 | size_t usage_len, rnd2_len; | |||
4048 | rnd2_len = rnd2 ? rnd2->data_len : 0; | |||
4049 | ||||
4050 | usage_len = strlen(usage); | |||
4051 | if (ssl_data_alloc(&label_seed, usage_len+rnd1->data_len+rnd2_len) < 0) { | |||
4052 | ssl_debug_printf("tls12_prf: can't allocate label_seed\n"); | |||
4053 | return false0; | |||
4054 | } | |||
4055 | memcpy(label_seed.data, usage, usage_len); | |||
4056 | memcpy(label_seed.data+usage_len, rnd1->data, rnd1->data_len); | |||
4057 | if (rnd2_len > 0) | |||
4058 | memcpy(label_seed.data+usage_len+rnd1->data_len, rnd2->data, rnd2->data_len); | |||
4059 | ||||
4060 | ssl_debug_printf("tls12_prf: tls_hash(hash_alg %s secret_len %d seed_len %d )\n", gcry_md_algo_name(md), secret->data_len, label_seed.data_len); | |||
4061 | success = tls_hash(secret, &label_seed, md, out, out_len); | |||
4062 | g_free(label_seed.data); | |||
4063 | if(success != -1){ | |||
4064 | ssl_print_string("PRF out", out); | |||
4065 | return true1; | |||
4066 | } | |||
4067 | return false0; | |||
4068 | } | |||
4069 | ||||
4070 | static bool_Bool | |||
4071 | ssl3_generate_export_iv(StringInfo *r1, StringInfo *r2, | |||
4072 | StringInfo *out, unsigned out_len) | |||
4073 | { | |||
4074 | SSL_MD5_CTXgcry_md_hd_t md5; | |||
4075 | uint8_t tmp[16]; | |||
4076 | ||||
4077 | if (ssl_md5_init(&md5) != 0) { | |||
4078 | return false0; | |||
4079 | } | |||
4080 | ssl_md5_update(&md5,r1->data,r1->data_len); | |||
4081 | ssl_md5_update(&md5,r2->data,r2->data_len); | |||
4082 | ssl_md5_final(tmp,&md5); | |||
4083 | ssl_md5_cleanup(&md5); | |||
4084 | ||||
4085 | DISSECTOR_ASSERT(out_len <= sizeof(tmp))((void) ((out_len <= sizeof(tmp)) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 4085, "out_len <= sizeof(tmp)")))); | |||
4086 | ssl_data_set(out, tmp, out_len); | |||
4087 | ssl_print_string("export iv", out); | |||
4088 | return true1; | |||
4089 | } | |||
4090 | ||||
4091 | static bool_Bool | |||
4092 | ssl3_prf(StringInfo* secret, const char* usage, | |||
4093 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) | |||
4094 | { | |||
4095 | SSL_MD5_CTXgcry_md_hd_t md5; | |||
4096 | SSL_SHA_CTXgcry_md_hd_t sha; | |||
4097 | unsigned off; | |||
4098 | int i = 0,j; | |||
4099 | uint8_t buf[20]; | |||
4100 | ||||
4101 | if (ssl_sha_init(&sha) != 0) { | |||
4102 | return false0; | |||
4103 | } | |||
4104 | if (ssl_md5_init(&md5) != 0) { | |||
4105 | ssl_sha_cleanup(&sha); | |||
4106 | return false0; | |||
4107 | } | |||
4108 | for (off = 0; off < out_len; off += 16) { | |||
4109 | unsigned char outbuf[16]; | |||
4110 | i++; | |||
4111 | ||||
4112 | ssl_debug_printf("ssl3_prf: sha1_hash(%d)\n",i); | |||
4113 | /* A, BB, CCC, ... */ | |||
4114 | for(j=0;j<i;j++){ | |||
4115 | buf[j]=64+i; | |||
4116 | } | |||
4117 | ||||
4118 | ssl_sha_update(&sha,buf,i); | |||
4119 | ssl_sha_update(&sha,secret->data,secret->data_len); | |||
4120 | ||||
4121 | if(!strcmp(usage,"client write key") || !strcmp(usage,"server write key")){ | |||
4122 | if (rnd2) | |||
4123 | ssl_sha_update(&sha,rnd2->data,rnd2->data_len); | |||
4124 | ssl_sha_update(&sha,rnd1->data,rnd1->data_len); | |||
4125 | } | |||
4126 | else{ | |||
4127 | ssl_sha_update(&sha,rnd1->data,rnd1->data_len); | |||
4128 | if (rnd2) | |||
4129 | ssl_sha_update(&sha,rnd2->data,rnd2->data_len); | |||
4130 | } | |||
4131 | ||||
4132 | ssl_sha_final(buf,&sha); | |||
4133 | ssl_sha_reset(&sha); | |||
4134 | ||||
4135 | ssl_debug_printf("ssl3_prf: md5_hash(%d) datalen %d\n",i, | |||
4136 | secret->data_len); | |||
4137 | ssl_md5_update(&md5,secret->data,secret->data_len); | |||
4138 | ssl_md5_update(&md5,buf,20); | |||
4139 | ssl_md5_final(outbuf,&md5); | |||
4140 | ssl_md5_reset(&md5); | |||
4141 | ||||
4142 | memcpy(out->data + off, outbuf, MIN(out_len - off, 16)(((out_len - off) < (16)) ? (out_len - off) : (16))); | |||
4143 | } | |||
4144 | ssl_sha_cleanup(&sha); | |||
4145 | ssl_md5_cleanup(&md5); | |||
4146 | out->data_len = out_len; | |||
4147 | ||||
4148 | return true1; | |||
4149 | } | |||
4150 | ||||
4151 | /* out_len is the wanted output length for the pseudorandom function. | |||
4152 | * Ensure that ssl->cipher_suite is set. */ | |||
4153 | static bool_Bool | |||
4154 | prf(SslDecryptSession *ssl, StringInfo *secret, const char *usage, | |||
4155 | StringInfo *rnd1, StringInfo *rnd2, StringInfo *out, unsigned out_len) | |||
4156 | { | |||
4157 | switch (ssl->session.version) { | |||
4158 | case SSLV3_VERSION0x300: | |||
4159 | return ssl3_prf(secret, usage, rnd1, rnd2, out, out_len); | |||
4160 | ||||
4161 | case TLSV1_VERSION0x301: | |||
4162 | case TLSV1DOT1_VERSION0x302: | |||
4163 | case DTLSV1DOT0_VERSION0xfeff: | |||
4164 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | |||
4165 | return tls_prf(secret, usage, rnd1, rnd2, out, out_len); | |||
4166 | ||||
4167 | default: /* TLSv1.2 */ | |||
4168 | switch (ssl->cipher_suite->dig) { | |||
4169 | case DIG_SM30x44: | |||
4170 | #if GCRYPT_VERSION_NUMBER0x010a03 >= 0x010900 | |||
4171 | return tls12_prf(GCRY_MD_SM3, secret, usage, rnd1, rnd2, | |||
4172 | out, out_len); | |||
4173 | #else | |||
4174 | return false0; | |||
4175 | #endif | |||
4176 | case DIG_SHA3840x43: | |||
4177 | return tls12_prf(GCRY_MD_SHA384, secret, usage, rnd1, rnd2, | |||
4178 | out, out_len); | |||
4179 | default: | |||
4180 | return tls12_prf(GCRY_MD_SHA256, secret, usage, rnd1, rnd2, | |||
4181 | out, out_len); | |||
4182 | } | |||
4183 | } | |||
4184 | } | |||
4185 | ||||
4186 | static int tls_handshake_hash(SslDecryptSession* ssl, StringInfo* out) | |||
4187 | { | |||
4188 | SSL_MD5_CTXgcry_md_hd_t md5; | |||
4189 | SSL_SHA_CTXgcry_md_hd_t sha; | |||
4190 | ||||
4191 | if (ssl_data_alloc(out, 36) < 0) | |||
4192 | return -1; | |||
4193 | ||||
4194 | if (ssl_md5_init(&md5) != 0) | |||
4195 | return -1; | |||
4196 | ssl_md5_update(&md5,ssl->handshake_data.data,ssl->handshake_data.data_len); | |||
4197 | ssl_md5_final(out->data,&md5); | |||
4198 | ssl_md5_cleanup(&md5); | |||
4199 | ||||
4200 | if (ssl_sha_init(&sha) != 0) | |||
4201 | return -1; | |||
4202 | ssl_sha_update(&sha,ssl->handshake_data.data,ssl->handshake_data.data_len); | |||
4203 | ssl_sha_final(out->data+16,&sha); | |||
4204 | ssl_sha_cleanup(&sha); | |||
4205 | return 0; | |||
4206 | } | |||
4207 | ||||
4208 | static int tls12_handshake_hash(SslDecryptSession* ssl, int md, StringInfo* out) | |||
4209 | { | |||
4210 | SSL_MDgcry_md_hd_t mc; | |||
4211 | uint8_t tmp[48]; | |||
4212 | unsigned len; | |||
4213 | ||||
4214 | if (ssl_md_init(&mc, md) != 0) | |||
4215 | return -1; | |||
4216 | ssl_md_update(&mc,ssl->handshake_data.data,ssl->handshake_data.data_len); | |||
4217 | ssl_md_final(&mc, tmp, &len); | |||
4218 | ssl_md_cleanup(&mc); | |||
4219 | ||||
4220 | if (ssl_data_alloc(out, len) < 0) | |||
4221 | return -1; | |||
4222 | memcpy(out->data, tmp, len); | |||
4223 | return 0; | |||
4224 | } | |||
4225 | ||||
4226 | /** | |||
4227 | * Obtains the label prefix used in HKDF-Expand-Label. This function can be | |||
4228 | * inlined and removed once support for draft 19 and before is dropped. | |||
4229 | */ | |||
4230 | static inline const char * | |||
4231 | tls13_hkdf_label_prefix(SslDecryptSession *ssl_session) | |||
4232 | { | |||
4233 | if (ssl_session->session.tls13_draft_version && ssl_session->session.tls13_draft_version < 20) { | |||
4234 | return "TLS 1.3, "; | |||
4235 | } else if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { | |||
4236 | return "dtls13"; | |||
4237 | } else { | |||
4238 | return "tls13 "; | |||
4239 | } | |||
4240 | } | |||
4241 | ||||
4242 | /* | |||
4243 | * Computes HKDF-Expand-Label(Secret, Label, Hash(context_value), Length) with a | |||
4244 | * custom label prefix. If "context_hash" is NULL, then an empty context is | |||
4245 | * used. Otherwise it must have the same length as the hash algorithm output. | |||
4246 | */ | |||
4247 | bool_Bool | |||
4248 | tls13_hkdf_expand_label_context(int md, const StringInfo *secret, | |||
4249 | const char *label_prefix, const char *label, | |||
4250 | const uint8_t *context_hash, uint8_t context_length, | |||
4251 | uint16_t out_len, unsigned char **out) | |||
4252 | { | |||
4253 | /* RFC 8446 Section 7.1: | |||
4254 | * HKDF-Expand-Label(Secret, Label, Context, Length) = | |||
4255 | * HKDF-Expand(Secret, HkdfLabel, Length) | |||
4256 | * struct { | |||
4257 | * uint16 length = Length; | |||
4258 | * opaque label<7..255> = "tls13 " + Label; // "tls13 " is label prefix. | |||
4259 | * opaque context<0..255> = Context; | |||
4260 | * } HkdfLabel; | |||
4261 | * | |||
4262 | * RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF): | |||
4263 | * HKDF-Expand(PRK, info, L) -> OKM | |||
4264 | */ | |||
4265 | gcry_error_t err; | |||
4266 | const unsigned label_prefix_length = (unsigned) strlen(label_prefix); | |||
4267 | const unsigned label_length = (unsigned) strlen(label); | |||
4268 | ||||
4269 | /* Some sanity checks */ | |||
4270 | DISSECTOR_ASSERT(label_length > 0 && label_prefix_length + label_length <= 255)((void) ((label_length > 0 && label_prefix_length + label_length <= 255) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 4270, "label_length > 0 && label_prefix_length + label_length <= 255" )))); | |||
4271 | ||||
4272 | /* info = HkdfLabel { length, label, context } */ | |||
4273 | GByteArray *info = g_byte_array_new(); | |||
4274 | const uint16_t length = g_htons(out_len)(((((guint16) ( (guint16) ((guint16) (out_len) >> 8) | ( guint16) ((guint16) (out_len) << 8)))))); | |||
4275 | g_byte_array_append(info, (const uint8_t *)&length, sizeof(length)); | |||
4276 | ||||
4277 | const uint8_t label_vector_length = label_prefix_length + label_length; | |||
4278 | g_byte_array_append(info, &label_vector_length, 1); | |||
4279 | g_byte_array_append(info, (const uint8_t *)label_prefix, label_prefix_length); | |||
4280 | g_byte_array_append(info, (const uint8_t*)label, label_length); | |||
4281 | ||||
4282 | g_byte_array_append(info, &context_length, 1); | |||
4283 | if (context_length) { | |||
4284 | g_byte_array_append(info, context_hash, context_length); | |||
4285 | } | |||
4286 | ||||
4287 | *out = (unsigned char *)wmem_alloc(NULL((void*)0), out_len); | |||
4288 | err = hkdf_expand(md, secret->data, secret->data_len, info->data, info->len, *out, out_len); | |||
4289 | g_byte_array_free(info, true1); | |||
4290 | ||||
4291 | if (err) { | |||
4292 | ssl_debug_printf("%s failed %d: %s\n", G_STRFUNC((const char*) (__func__)), md, gcry_strerror(err)); | |||
4293 | wmem_free(NULL((void*)0), *out); | |||
4294 | *out = NULL((void*)0); | |||
4295 | return false0; | |||
4296 | } | |||
4297 | ||||
4298 | return true1; | |||
4299 | } | |||
4300 | ||||
4301 | bool_Bool | |||
4302 | tls13_hkdf_expand_label(int md, const StringInfo *secret, | |||
4303 | const char *label_prefix, const char *label, | |||
4304 | uint16_t out_len, unsigned char **out) | |||
4305 | { | |||
4306 | return tls13_hkdf_expand_label_context(md, secret, label_prefix, label, NULL((void*)0), 0, out_len, out); | |||
4307 | } | |||
4308 | /* HMAC and the Pseudorandom function }}} */ | |||
4309 | ||||
4310 | /* Record Decompression (after decryption) {{{ */ | |||
4311 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | |||
4312 | /* memory allocation functions for zlib initialization */ | |||
4313 | static void* ssl_zalloc(void* opaque _U___attribute__((unused)), unsigned int no, unsigned int size) | |||
4314 | { | |||
4315 | return g_malloc0(no*size); | |||
4316 | } | |||
4317 | static void ssl_zfree(void* opaque _U___attribute__((unused)), void* addr) | |||
4318 | { | |||
4319 | g_free(addr); | |||
4320 | } | |||
4321 | #endif | |||
4322 | ||||
4323 | static SslDecompress* | |||
4324 | ssl_create_decompressor(int compression) | |||
4325 | { | |||
4326 | SslDecompress *decomp; | |||
4327 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | |||
4328 | int err; | |||
4329 | #endif | |||
4330 | ||||
4331 | if (compression == 0) return NULL((void*)0); | |||
4332 | ssl_debug_printf("ssl_create_decompressor: compression method %d\n", compression); | |||
4333 | decomp = wmem_new(wmem_file_scope(), SslDecompress)((SslDecompress*)wmem_alloc((wmem_file_scope()), sizeof(SslDecompress ))); | |||
4334 | decomp->compression = compression; | |||
4335 | switch (decomp->compression) { | |||
4336 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | |||
4337 | case 1: /* DEFLATE */ | |||
4338 | decomp->istream.zalloc = ssl_zalloc; | |||
4339 | decomp->istream.zfree = ssl_zfree; | |||
4340 | decomp->istream.opaque = Z_NULL0; | |||
4341 | decomp->istream.next_in = Z_NULL0; | |||
4342 | decomp->istream.next_out = Z_NULL0; | |||
4343 | decomp->istream.avail_in = 0; | |||
4344 | decomp->istream.avail_out = 0; | |||
4345 | err = ZLIB_PREFIX(inflateInit)(&decomp->istream)inflateInit_((&decomp->istream), "1.3", (int)sizeof(z_stream )); | |||
4346 | if (err != Z_OK0) { | |||
4347 | ssl_debug_printf("ssl_create_decompressor: inflateInit_() failed - %d\n", err); | |||
4348 | return NULL((void*)0); | |||
4349 | } | |||
4350 | break; | |||
4351 | #endif | |||
4352 | default: | |||
4353 | ssl_debug_printf("ssl_create_decompressor: unsupported compression method %d\n", decomp->compression); | |||
4354 | return NULL((void*)0); | |||
4355 | } | |||
4356 | return decomp; | |||
4357 | } | |||
4358 | ||||
4359 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | |||
4360 | static int | |||
4361 | ssl_decompress_record(SslDecompress* decomp, const unsigned char* in, unsigned inl, StringInfo* out_str, unsigned* outl) | |||
4362 | { | |||
4363 | int err; | |||
4364 | ||||
4365 | switch (decomp->compression) { | |||
4366 | case 1: /* DEFLATE */ | |||
4367 | err = Z_OK0; | |||
4368 | if (out_str->data_len < 16384) { /* maximal plain length */ | |||
4369 | ssl_data_realloc(out_str, 16384); | |||
4370 | } | |||
4371 | #ifdef z_constconst | |||
4372 | decomp->istream.next_in = in; | |||
4373 | #else | |||
4374 | DIAG_OFF(cast-qual)clang diagnostic push
clang diagnostic ignored "-Wcast-qual" | |||
4375 | decomp->istream.next_in = (Bytef *)in; | |||
4376 | DIAG_ON(cast-qual)clang diagnostic pop | |||
4377 | #endif | |||
4378 | decomp->istream.avail_in = inl; | |||
4379 | decomp->istream.next_out = out_str->data; | |||
4380 | decomp->istream.avail_out = out_str->data_len; | |||
4381 | if (inl > 0) | |||
4382 | err = ZLIB_PREFIX(inflate)inflate(&decomp->istream, Z_SYNC_FLUSH2); | |||
4383 | if (err != Z_OK0) { | |||
4384 | ssl_debug_printf("ssl_decompress_record: inflate() failed - %d\n", err); | |||
4385 | return -1; | |||
4386 | } | |||
4387 | *outl = out_str->data_len - decomp->istream.avail_out; | |||
4388 | break; | |||
4389 | default: | |||
4390 | ssl_debug_printf("ssl_decompress_record: unsupported compression method %d\n", decomp->compression); | |||
4391 | return -1; | |||
4392 | } | |||
4393 | return 0; | |||
4394 | } | |||
4395 | #else | |||
4396 | int | |||
4397 | ssl_decompress_record(SslDecompress* decomp _U___attribute__((unused)), const unsigned char* in _U___attribute__((unused)), unsigned inl _U___attribute__((unused)), StringInfo* out_str _U___attribute__((unused)), unsigned* outl _U___attribute__((unused))) | |||
4398 | { | |||
4399 | ssl_debug_printf("ssl_decompress_record: unsupported compression method %d\n", decomp->compression); | |||
4400 | return -1; | |||
4401 | } | |||
4402 | #endif | |||
4403 | /* Record Decompression (after decryption) }}} */ | |||
4404 | ||||
4405 | /* Create a new structure to store decrypted chunks. {{{ */ | |||
4406 | static SslFlow* | |||
4407 | ssl_create_flow(void) | |||
4408 | { | |||
4409 | SslFlow *flow; | |||
4410 | ||||
4411 | flow = wmem_new(wmem_file_scope(), SslFlow)((SslFlow*)wmem_alloc((wmem_file_scope()), sizeof(SslFlow))); | |||
4412 | flow->byte_seq = 0; | |||
4413 | flow->flags = 0; | |||
4414 | flow->multisegment_pdus = wmem_tree_new(wmem_file_scope()); | |||
4415 | return flow; | |||
4416 | } | |||
4417 | /* }}} */ | |||
4418 | ||||
4419 | /* Use the negotiated security parameters for decryption. {{{ */ | |||
4420 | void | |||
4421 | ssl_change_cipher(SslDecryptSession *ssl_session, bool_Bool server) | |||
4422 | { | |||
4423 | SslDecoder **new_decoder = server ? &ssl_session->server_new : &ssl_session->client_new; | |||
4424 | SslDecoder **dest = server ? &ssl_session->server : &ssl_session->client; | |||
4425 | ssl_debug_printf("ssl_change_cipher %s%s\n", server ? "SERVER" : "CLIENT", | |||
4426 | *new_decoder ? "" : " (No decoder found - retransmission?)"); | |||
4427 | if (*new_decoder) { | |||
4428 | *dest = *new_decoder; | |||
4429 | *new_decoder = NULL((void*)0); | |||
4430 | } | |||
4431 | } | |||
4432 | /* }}} */ | |||
4433 | ||||
4434 | /* Init cipher state given some security parameters. {{{ */ | |||
4435 | static bool_Bool | |||
4436 | ssl_decoder_destroy_cb(wmem_allocator_t *, wmem_cb_event_t, void *); | |||
4437 | ||||
4438 | static SslDecoder* | |||
4439 | ssl_create_decoder(const SslCipherSuite *cipher_suite, int cipher_algo, | |||
4440 | int compression, uint8_t *mk, uint8_t *sk, uint8_t *sn_key, uint8_t *iv, unsigned iv_length) | |||
4441 | { | |||
4442 | SslDecoder *dec; | |||
4443 | ssl_cipher_mode_t mode = cipher_suite->mode; | |||
4444 | ||||
4445 | dec = wmem_new0(wmem_file_scope(), SslDecoder)((SslDecoder*)wmem_alloc0((wmem_file_scope()), sizeof(SslDecoder ))); | |||
4446 | /* init mac buffer: mac storage is embedded into decoder struct to save a | |||
4447 | memory allocation and waste samo more memory*/ | |||
4448 | dec->cipher_suite=cipher_suite; | |||
4449 | dec->compression = compression; | |||
4450 | if ((mode == MODE_STREAM && mk != NULL((void*)0)) || mode == MODE_CBC) { | |||
4451 | // AEAD ciphers use no MAC key, but stream and block ciphers do. Note | |||
4452 | // the special case for NULL ciphers, even if there is insufficiency | |||
4453 | // keying material (including MAC key), we will can still create | |||
4454 | // decoders since "decryption" is easy for such ciphers. | |||
4455 | dec->mac_key.data = dec->_mac_key_or_write_iv; | |||
4456 | ssl_data_set(&dec->mac_key, mk, ssl_cipher_suite_dig(cipher_suite)->len); | |||
4457 | } else if (mode == MODE_GCM || mode == MODE_CCM || mode == MODE_CCM_8 || mode == MODE_POLY1305) { | |||
4458 | // Input for the nonce, to be used with AEAD ciphers. | |||
4459 | DISSECTOR_ASSERT(iv_length <= sizeof(dec->_mac_key_or_write_iv))((void) ((iv_length <= sizeof(dec->_mac_key_or_write_iv )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 4459, "iv_length <= sizeof(dec->_mac_key_or_write_iv)" )))); | |||
4460 | dec->write_iv.data = dec->_mac_key_or_write_iv; | |||
4461 | ssl_data_set(&dec->write_iv, iv, iv_length); | |||
4462 | } | |||
4463 | dec->seq = 0; | |||
4464 | dec->decomp = ssl_create_decompressor(compression); | |||
4465 | wmem_register_callback(wmem_file_scope(), ssl_decoder_destroy_cb, dec); | |||
4466 | ||||
4467 | if (ssl_cipher_init(&dec->evp,cipher_algo,sk,iv,cipher_suite->mode) < 0) { | |||
4468 | ssl_debug_printf("%s: can't create cipher id:%d mode:%d\n", G_STRFUNC((const char*) (__func__)), | |||
4469 | cipher_algo, cipher_suite->mode); | |||
4470 | return NULL((void*)0); | |||
4471 | } | |||
4472 | ||||
4473 | if (cipher_suite->enc != ENC_NULL0x3D && sn_key != NULL((void*)0)) { | |||
4474 | if (cipher_suite->enc == ENC_AES0x35 || cipher_suite->enc == ENC_AES2560x36) { | |||
4475 | mode = MODE_ECB; | |||
4476 | } else if (cipher_suite->enc == ENC_CHACHA200x3A) { | |||
4477 | mode = MODE_STREAM; | |||
4478 | } else { | |||
4479 | ssl_debug_printf("not supported encryption algorithm for DTLSv1.3\n"); | |||
4480 | return NULL((void*)0); | |||
4481 | } | |||
4482 | ||||
4483 | if (ssl_cipher_init(&dec->sn_evp, cipher_algo, sn_key, NULL((void*)0), mode) < 0) { | |||
4484 | ssl_debug_printf("%s: can't create cipher id:%d mode:%d for seq number decryption\n", G_STRFUNC((const char*) (__func__)), | |||
4485 | cipher_algo, MODE_ECB); | |||
4486 | ssl_cipher_cleanup(&dec->evp); | |||
4487 | dec->evp = NULL((void*)0); | |||
4488 | return NULL((void*)0); | |||
4489 | } | |||
4490 | } else { | |||
4491 | dec->sn_evp = NULL((void*)0); | |||
4492 | } | |||
4493 | ||||
4494 | dec->dtls13_aad.data = NULL((void*)0); | |||
4495 | dec->dtls13_aad.data_len = 0; | |||
4496 | ssl_debug_printf("decoder initialized (digest len %d)\n", ssl_cipher_suite_dig(cipher_suite)->len); | |||
4497 | return dec; | |||
4498 | } | |||
4499 | ||||
4500 | static bool_Bool | |||
4501 | ssl_decoder_destroy_cb(wmem_allocator_t *allocator _U___attribute__((unused)), wmem_cb_event_t event _U___attribute__((unused)), void *user_data) | |||
4502 | { | |||
4503 | SslDecoder *dec = (SslDecoder *) user_data; | |||
4504 | ||||
4505 | if (dec->evp) | |||
4506 | ssl_cipher_cleanup(&dec->evp); | |||
4507 | if (dec->sn_evp) | |||
4508 | ssl_cipher_cleanup(&dec->sn_evp); | |||
4509 | ||||
4510 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | |||
4511 | if (dec->decomp != NULL((void*)0) && dec->decomp->compression == 1 /* DEFLATE */) | |||
4512 | ZLIB_PREFIX(inflateEnd)inflateEnd(&dec->decomp->istream); | |||
4513 | #endif | |||
4514 | ||||
4515 | return false0; | |||
4516 | } | |||
4517 | /* }}} */ | |||
4518 | ||||
4519 | /* (Pre-)master secrets calculations {{{ */ | |||
4520 | #ifdef HAVE_LIBGNUTLS1 | |||
4521 | static bool_Bool | |||
4522 | ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session, | |||
4523 | StringInfo *encrypted_pre_master, | |||
4524 | GHashTable *key_hash); | |||
4525 | #endif /* HAVE_LIBGNUTLS */ | |||
4526 | ||||
4527 | static bool_Bool | |||
4528 | ssl_restore_master_key(SslDecryptSession *ssl, const char *label, | |||
4529 | bool_Bool is_pre_master, GHashTable *ht, StringInfo *key); | |||
4530 | ||||
4531 | bool_Bool | |||
4532 | ssl_generate_pre_master_secret(SslDecryptSession *ssl_session, | |||
4533 | uint32_t length, tvbuff_t *tvb, uint32_t offset, | |||
4534 | const char *ssl_psk, packet_info *pinfo, | |||
4535 | #ifdef HAVE_LIBGNUTLS1 | |||
4536 | GHashTable *key_hash, | |||
4537 | #endif | |||
4538 | const ssl_master_key_map_t *mk_map) | |||
4539 | { | |||
4540 | /* check for required session data */ | |||
4541 | ssl_debug_printf("%s: found SSL_HND_CLIENT_KEY_EXCHG, state %X\n", | |||
4542 | G_STRFUNC((const char*) (__func__)), ssl_session->state); | |||
4543 | if ((ssl_session->state & (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))) != | |||
4544 | (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))) { | |||
4545 | ssl_debug_printf("%s: not enough data to generate key (required state %X)\n", G_STRFUNC((const char*) (__func__)), | |||
4546 | (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))); | |||
4547 | return false0; | |||
4548 | } | |||
4549 | ||||
4550 | if (ssl_session->session.version == TLSV1DOT3_VERSION0x304) { | |||
4551 | ssl_debug_printf("%s: detected TLS 1.3 which has no pre-master secrets\n", G_STRFUNC((const char*) (__func__))); | |||
4552 | return false0; | |||
4553 | } | |||
4554 | ||||
4555 | /* check to see if the PMS was provided to us*/ | |||
4556 | if (ssl_restore_master_key(ssl_session, "Unencrypted pre-master secret", true1, | |||
4557 | mk_map->pms, &ssl_session->client_random)) { | |||
4558 | return true1; | |||
4559 | } | |||
4560 | ||||
4561 | if (ssl_session->cipher_suite->kex == KEX_PSK0x1d) | |||
4562 | { | |||
4563 | /* calculate pre master secret*/ | |||
4564 | StringInfo pre_master_secret; | |||
4565 | unsigned psk_len, pre_master_len; | |||
4566 | ||||
4567 | if (!ssl_psk || (ssl_psk[0] == 0)) { | |||
4568 | ssl_debug_printf("%s: can't find pre-shared key\n", G_STRFUNC((const char*) (__func__))); | |||
4569 | return false0; | |||
4570 | } | |||
4571 | ||||
4572 | /* convert hex string into char*/ | |||
4573 | if (!from_hex(&ssl_session->psk, ssl_psk, strlen(ssl_psk))) { | |||
4574 | ssl_debug_printf("%s: ssl.psk/dtls.psk contains invalid hex\n", | |||
4575 | G_STRFUNC((const char*) (__func__))); | |||
4576 | return false0; | |||
4577 | } | |||
4578 | ||||
4579 | psk_len = ssl_session->psk.data_len; | |||
4580 | if (psk_len >= (2 << 15)) { | |||
4581 | ssl_debug_printf("%s: ssl.psk/dtls.psk must not be larger than 2^15 - 1\n", | |||
4582 | G_STRFUNC((const char*) (__func__))); | |||
4583 | return false0; | |||
4584 | } | |||
4585 | ||||
4586 | ||||
4587 | pre_master_len = psk_len * 2 + 4; | |||
4588 | ||||
4589 | pre_master_secret.data = (unsigned char *)wmem_alloc(wmem_file_scope(), pre_master_len); | |||
4590 | pre_master_secret.data_len = pre_master_len; | |||
4591 | /* 2 bytes psk_len*/ | |||
4592 | pre_master_secret.data[0] = psk_len >> 8; | |||
4593 | pre_master_secret.data[1] = psk_len & 0xFF; | |||
4594 | /* psk_len bytes times 0*/ | |||
4595 | memset(&pre_master_secret.data[2], 0, psk_len); | |||
4596 | /* 2 bytes psk_len*/ | |||
4597 | pre_master_secret.data[psk_len + 2] = psk_len >> 8; | |||
4598 | pre_master_secret.data[psk_len + 3] = psk_len & 0xFF; | |||
4599 | /* psk*/ | |||
4600 | memcpy(&pre_master_secret.data[psk_len + 4], ssl_session->psk.data, psk_len); | |||
4601 | ||||
4602 | ssl_session->pre_master_secret.data = pre_master_secret.data; | |||
4603 | ssl_session->pre_master_secret.data_len = pre_master_len; | |||
4604 | /*ssl_debug_printf("pre master secret",&ssl->pre_master_secret);*/ | |||
4605 | ||||
4606 | /* Remove the master secret if it was there. | |||
4607 | This forces keying material regeneration in | |||
4608 | case we're renegotiating */ | |||
4609 | ssl_session->state &= ~(SSL_MASTER_SECRET(1<<5)|SSL_HAVE_SESSION_KEY(1<<3)); | |||
4610 | ssl_session->state |= SSL_PRE_MASTER_SECRET(1<<6); | |||
4611 | return true1; | |||
4612 | } | |||
4613 | else | |||
4614 | { | |||
4615 | unsigned encrlen, skip; | |||
4616 | encrlen = length; | |||
4617 | skip = 0; | |||
4618 | ||||
4619 | /* get encrypted data, on tls1 we have to skip two bytes | |||
4620 | * (it's the encrypted len and should be equal to record len - 2) | |||
4621 | * in case of rsa1024 that would be 128 + 2 = 130; for psk not necessary | |||
4622 | */ | |||
4623 | if (ssl_session->cipher_suite->kex == KEX_RSA0x1e && | |||
4624 | (ssl_session->session.version == TLSV1_VERSION0x301 || | |||
4625 | ssl_session->session.version == TLSV1DOT1_VERSION0x302 || | |||
4626 | ssl_session->session.version == TLSV1DOT2_VERSION0x303 || | |||
4627 | ssl_session->session.version == DTLSV1DOT0_VERSION0xfeff || | |||
4628 | ssl_session->session.version == DTLSV1DOT2_VERSION0xfefd || | |||
4629 | ssl_session->session.version == TLCPV1_VERSION0x101 )) | |||
4630 | { | |||
4631 | encrlen = tvb_get_ntohs(tvb, offset); | |||
4632 | skip = 2; | |||
4633 | if (encrlen > length - 2) | |||
4634 | { | |||
4635 | ssl_debug_printf("%s: wrong encrypted length (%d max %d)\n", | |||
4636 | G_STRFUNC((const char*) (__func__)), encrlen, length); | |||
4637 | return false0; | |||
4638 | } | |||
4639 | } | |||
4640 | /* the valid lower bound is higher than 8, but it is sufficient for the | |||
4641 | * ssl keylog file below */ | |||
4642 | if (encrlen < 8) { | |||
4643 | ssl_debug_printf("%s: invalid encrypted pre-master key length %d\n", | |||
4644 | G_STRFUNC((const char*) (__func__)), encrlen); | |||
4645 | return false0; | |||
4646 | } | |||
4647 | ||||
4648 | StringInfo encrypted_pre_master = { | |||
4649 | .data = (unsigned char *)tvb_memdup(pinfo->pool, tvb, offset + skip, encrlen), | |||
4650 | .data_len = encrlen, | |||
4651 | }; | |||
4652 | ||||
4653 | #ifdef HAVE_LIBGNUTLS1 | |||
4654 | /* Try to lookup an appropriate RSA private key to decrypt the Encrypted Pre-Master Secret. */ | |||
4655 | if (ssl_session->cert_key_id) { | |||
4656 | if (ssl_decrypt_pre_master_secret(ssl_session, &encrypted_pre_master, key_hash)) | |||
4657 | return true1; | |||
4658 | ||||
4659 | ssl_debug_printf("%s: can't decrypt pre-master secret\n", | |||
4660 | G_STRFUNC((const char*) (__func__))); | |||
4661 | } | |||
4662 | #endif /* HAVE_LIBGNUTLS */ | |||
4663 | ||||
4664 | /* try to find the pre-master secret from the encrypted one. The | |||
4665 | * ssl key logfile stores only the first 8 bytes, so truncate it */ | |||
4666 | encrypted_pre_master.data_len = 8; | |||
4667 | if (ssl_restore_master_key(ssl_session, "Encrypted pre-master secret", | |||
4668 | true1, mk_map->pre_master, &encrypted_pre_master)) | |||
4669 | return true1; | |||
4670 | } | |||
4671 | return false0; | |||
4672 | } | |||
4673 | ||||
4674 | /* Used for (D)TLS 1.2 and earlier versions (not with TLS 1.3). */ | |||
4675 | int | |||
4676 | ssl_generate_keyring_material(SslDecryptSession*ssl_session) | |||
4677 | { | |||
4678 | StringInfo key_block = { NULL((void*)0), 0 }; | |||
4679 | uint8_t _iv_c[MAX_BLOCK_SIZE16],_iv_s[MAX_BLOCK_SIZE16]; | |||
4680 | uint8_t _key_c[MAX_KEY_SIZE32],_key_s[MAX_KEY_SIZE32]; | |||
4681 | int needed; | |||
4682 | int cipher_algo = -1; /* special value (-1) for NULL encryption */ | |||
4683 | unsigned encr_key_len, write_iv_len = 0; | |||
4684 | bool_Bool is_export_cipher; | |||
4685 | uint8_t *ptr, *c_iv = NULL((void*)0), *s_iv = NULL((void*)0); | |||
4686 | uint8_t *c_wk = NULL((void*)0), *s_wk = NULL((void*)0), *c_mk = NULL((void*)0), *s_mk = NULL((void*)0); | |||
4687 | const SslCipherSuite *cipher_suite = ssl_session->cipher_suite; | |||
4688 | ||||
4689 | /* (D)TLS 1.3 is handled directly in tls13_change_key. */ | |||
4690 | if (ssl_session->session.version
| |||
4691 | ssl_debug_printf("%s: detected TLS 1.3. Should not have been called!\n", G_STRFUNC((const char*) (__func__))); | |||
4692 | return -1; | |||
4693 | } | |||
4694 | ||||
4695 | /* check for enough info to proceed */ | |||
4696 | unsigned need_all = SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4); | |||
4697 | unsigned need_any = SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6); | |||
4698 | if (((ssl_session->state & need_all) != need_all) || ((ssl_session->state & need_any) == 0)) { | |||
4699 | ssl_debug_printf("ssl_generate_keyring_material not enough data to generate key " | |||
4700 | "(0x%02X required 0x%02X or 0x%02X)\n", ssl_session->state, | |||
4701 | need_all|SSL_MASTER_SECRET(1<<5), need_all|SSL_PRE_MASTER_SECRET(1<<6)); | |||
4702 | /* Special case: for NULL encryption, allow dissection of data even if | |||
4703 | * the Client Hello is missing (MAC keys are now skipped though). */ | |||
4704 | need_all = SSL_CIPHER(1<<2)|SSL_VERSION(1<<4); | |||
4705 | if ((ssl_session->state & need_all) == need_all && | |||
4706 | cipher_suite->enc == ENC_NULL0x3D) { | |||
4707 | ssl_debug_printf("%s NULL cipher found, will create a decoder but " | |||
4708 | "skip MAC validation as keys are missing.\n", G_STRFUNC((const char*) (__func__))); | |||
4709 | goto create_decoders; | |||
4710 | } | |||
4711 | ||||
4712 | return -1; | |||
4713 | } | |||
4714 | ||||
4715 | /* if master key is not available, generate is from the pre-master secret */ | |||
4716 | if (!(ssl_session->state & SSL_MASTER_SECRET(1<<5))) { | |||
4717 | if ((ssl_session->state & SSL_EXTENDED_MASTER_SECRET_MASK((1<<7)|(1<<8))) == SSL_EXTENDED_MASTER_SECRET_MASK((1<<7)|(1<<8))) { | |||
4718 | StringInfo handshake_hashed_data; | |||
4719 | int ret; | |||
4720 | ||||
4721 | handshake_hashed_data.data = NULL((void*)0); | |||
4722 | handshake_hashed_data.data_len = 0; | |||
4723 | ||||
4724 | ssl_debug_printf("%s:PRF(pre_master_secret_extended)\n", G_STRFUNC((const char*) (__func__))); | |||
4725 | ssl_print_string("pre master secret",&ssl_session->pre_master_secret); | |||
4726 | DISSECTOR_ASSERT(ssl_session->handshake_data.data_len > 0)((void) ((ssl_session->handshake_data.data_len > 0) ? ( void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 4726, "ssl_session->handshake_data.data_len > 0" )))); | |||
4727 | ||||
4728 | switch(ssl_session->session.version) { | |||
4729 | case TLSV1_VERSION0x301: | |||
4730 | case TLSV1DOT1_VERSION0x302: | |||
4731 | case DTLSV1DOT0_VERSION0xfeff: | |||
4732 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | |||
4733 | case TLCPV1_VERSION0x101: | |||
4734 | ret = tls_handshake_hash(ssl_session, &handshake_hashed_data); | |||
4735 | break; | |||
4736 | default: | |||
4737 | switch (cipher_suite->dig) { | |||
4738 | case DIG_SHA3840x43: | |||
4739 | ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA384, &handshake_hashed_data); | |||
4740 | break; | |||
4741 | default: | |||
4742 | ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA256, &handshake_hashed_data); | |||
4743 | break; | |||
4744 | } | |||
4745 | break; | |||
4746 | } | |||
4747 | if (ret
| |||
4748 | ssl_debug_printf("%s can't generate handshake hash\n", G_STRFUNC((const char*) (__func__))); | |||
| ||||
4749 | return -1; | |||
4750 | } | |||
4751 | ||||
4752 | wmem_free(wmem_file_scope(), ssl_session->handshake_data.data); | |||
4753 | ssl_session->handshake_data.data = NULL((void*)0); | |||
4754 | ssl_session->handshake_data.data_len = 0; | |||
4755 | ||||
4756 | if (!prf(ssl_session, &ssl_session->pre_master_secret, "extended master secret", | |||
4757 | &handshake_hashed_data, | |||
4758 | NULL((void*)0), &ssl_session->master_secret, | |||
4759 | SSL_MASTER_SECRET_LENGTH48)) { | |||
4760 | ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC((const char*) (__func__))); | |||
4761 | g_free(handshake_hashed_data.data); | |||
4762 | return -1; | |||
4763 | } | |||
4764 | g_free(handshake_hashed_data.data); | |||
4765 | } else { | |||
4766 | ssl_debug_printf("%s:PRF(pre_master_secret)\n", G_STRFUNC((const char*) (__func__))); | |||
4767 | ssl_print_string("pre master secret",&ssl_session->pre_master_secret); | |||
4768 | ssl_print_string("client random",&ssl_session->client_random); | |||
4769 | ssl_print_string("server random",&ssl_session->server_random); | |||
4770 | if (!prf(ssl_session, &ssl_session->pre_master_secret, "master secret", | |||
4771 | &ssl_session->client_random, | |||
4772 | &ssl_session->server_random, &ssl_session->master_secret, | |||
4773 | SSL_MASTER_SECRET_LENGTH48)) { | |||
4774 | ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC((const char*) (__func__))); | |||
4775 | return -1; | |||
4776 | } | |||
4777 | } | |||
4778 | ssl_print_string("master secret",&ssl_session->master_secret); | |||
4779 | ||||
4780 | /* the pre-master secret has been 'consumed' so we must clear it now */ | |||
4781 | ssl_session->state &= ~SSL_PRE_MASTER_SECRET(1<<6); | |||
4782 | ssl_session->state |= SSL_MASTER_SECRET(1<<5); | |||
4783 | } | |||
4784 | ||||
4785 | /* Find the Libgcrypt cipher algorithm for the given SSL cipher suite ID */ | |||
4786 | if (cipher_suite->enc != ENC_NULL0x3D) { | |||
4787 | const char *cipher_name = ciphers[cipher_suite->enc-ENC_START0x30]; | |||
4788 | ssl_debug_printf("%s CIPHER: %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | |||
4789 | cipher_algo = ssl_get_cipher_by_name(cipher_name); | |||
4790 | if (cipher_algo == 0) { | |||
4791 | ssl_debug_printf("%s can't find cipher %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | |||
4792 | return -1; | |||
4793 | } | |||
4794 | } | |||
4795 | ||||
4796 | /* Export ciphers consume less material from the key block. */ | |||
4797 | encr_key_len = ssl_get_cipher_export_keymat_size(cipher_suite->number); | |||
4798 | is_export_cipher = encr_key_len > 0; | |||
4799 | if (!is_export_cipher && cipher_suite->enc != ENC_NULL0x3D) { | |||
4800 | encr_key_len = (unsigned)gcry_cipher_get_algo_keylen(cipher_algo); | |||
4801 | } | |||
4802 | ||||
4803 | if (cipher_suite->mode == MODE_CBC) { | |||
4804 | write_iv_len = (unsigned)gcry_cipher_get_algo_blklen(cipher_algo); | |||
4805 | } else if (cipher_suite->mode == MODE_GCM || cipher_suite->mode == MODE_CCM || cipher_suite->mode == MODE_CCM_8) { | |||
4806 | /* account for a four-byte salt for client and server side (from | |||
4807 | * client_write_IV and server_write_IV), see GCMNonce (RFC 5288) */ | |||
4808 | write_iv_len = 4; | |||
4809 | } else if (cipher_suite->mode == MODE_POLY1305) { | |||
4810 | /* RFC 7905: SecurityParameters.fixed_iv_length is twelve bytes */ | |||
4811 | write_iv_len = 12; | |||
4812 | } | |||
4813 | ||||
4814 | /* Compute the key block. First figure out how much data we need */ | |||
4815 | needed = ssl_cipher_suite_dig(cipher_suite)->len*2; /* MAC key */ | |||
4816 | needed += 2 * encr_key_len; /* encryption key */ | |||
4817 | needed += 2 * write_iv_len; /* write IV */ | |||
4818 | ||||
4819 | key_block.data = (unsigned char *)g_malloc(needed); | |||
4820 | ssl_debug_printf("%s sess key generation\n", G_STRFUNC((const char*) (__func__))); | |||
4821 | if (!prf(ssl_session, &ssl_session->master_secret, "key expansion", | |||
4822 | &ssl_session->server_random,&ssl_session->client_random, | |||
4823 | &key_block, needed)) { | |||
4824 | ssl_debug_printf("%s can't generate key_block\n", G_STRFUNC((const char*) (__func__))); | |||
4825 | goto fail; | |||
4826 | } | |||
4827 | ssl_print_string("key expansion", &key_block); | |||
4828 | ||||
4829 | ptr=key_block.data; | |||
4830 | /* client/server write MAC key (for non-AEAD ciphers) */ | |||
4831 | if (cipher_suite->mode == MODE_STREAM || cipher_suite->mode == MODE_CBC) { | |||
4832 | c_mk=ptr; ptr+=ssl_cipher_suite_dig(cipher_suite)->len; | |||
4833 | s_mk=ptr; ptr+=ssl_cipher_suite_dig(cipher_suite)->len; | |||
4834 | } | |||
4835 | /* client/server write encryption key */ | |||
4836 | c_wk=ptr; ptr += encr_key_len; | |||
4837 | s_wk=ptr; ptr += encr_key_len; | |||
4838 | /* client/server write IV (used as IV (for CBC) or salt (for AEAD)) */ | |||
4839 | if (write_iv_len > 0) { | |||
4840 | c_iv=ptr; ptr += write_iv_len; | |||
4841 | s_iv=ptr; /* ptr += write_iv_len; */ | |||
4842 | } | |||
4843 | ||||
4844 | /* export ciphers work with a smaller key length */ | |||
4845 | if (is_export_cipher) { | |||
4846 | if (cipher_suite->mode == MODE_CBC) { | |||
4847 | ||||
4848 | /* We only have room for MAX_BLOCK_SIZE bytes IVs, but that's | |||
4849 | all we should need. This is a sanity check */ | |||
4850 | if (write_iv_len > MAX_BLOCK_SIZE16) { | |||
4851 | ssl_debug_printf("%s cipher suite block must be at most %d nut is %d\n", | |||
4852 | G_STRFUNC((const char*) (__func__)), MAX_BLOCK_SIZE16, write_iv_len); | |||
4853 | goto fail; | |||
4854 | } | |||
4855 | ||||
4856 | if(ssl_session->session.version==SSLV3_VERSION0x300){ | |||
4857 | /* The length of these fields are ignored by this caller */ | |||
4858 | StringInfo iv_c, iv_s; | |||
4859 | iv_c.data = _iv_c; | |||
4860 | iv_s.data = _iv_s; | |||
4861 | ||||
4862 | ssl_debug_printf("%s ssl3_generate_export_iv\n", G_STRFUNC((const char*) (__func__))); | |||
4863 | if (!ssl3_generate_export_iv(&ssl_session->client_random, | |||
4864 | &ssl_session->server_random, &iv_c, write_iv_len)) { | |||
4865 | goto fail; | |||
4866 | } | |||
4867 | ssl_debug_printf("%s ssl3_generate_export_iv(2)\n", G_STRFUNC((const char*) (__func__))); | |||
4868 | if (!ssl3_generate_export_iv(&ssl_session->server_random, | |||
4869 | &ssl_session->client_random, &iv_s, write_iv_len)) { | |||
4870 | goto fail; | |||
4871 | } | |||
4872 | } | |||
4873 | else{ | |||
4874 | uint8_t _iv_block[MAX_BLOCK_SIZE16 * 2]; | |||
4875 | StringInfo iv_block; | |||
4876 | StringInfo key_null; | |||
4877 | uint8_t _key_null; | |||
4878 | ||||
4879 | key_null.data = &_key_null; | |||
4880 | key_null.data_len = 0; | |||
4881 | ||||
4882 | iv_block.data = _iv_block; | |||
4883 | ||||
4884 | ssl_debug_printf("%s prf(iv_block)\n", G_STRFUNC((const char*) (__func__))); | |||
4885 | if (!prf(ssl_session, &key_null, "IV block", | |||
4886 | &ssl_session->client_random, | |||
4887 | &ssl_session->server_random, &iv_block, | |||
4888 | write_iv_len * 2)) { | |||
4889 | ssl_debug_printf("%s can't generate tls31 iv block\n", G_STRFUNC((const char*) (__func__))); | |||
4890 | goto fail; | |||
4891 | } | |||
4892 | ||||
4893 | memcpy(_iv_c, iv_block.data, write_iv_len); | |||
4894 | memcpy(_iv_s, iv_block.data + write_iv_len, write_iv_len); | |||
4895 | } | |||
4896 | ||||
4897 | c_iv=_iv_c; | |||
4898 | s_iv=_iv_s; | |||
4899 | } | |||
4900 | ||||
4901 | if (ssl_session->session.version==SSLV3_VERSION0x300){ | |||
4902 | ||||
4903 | SSL_MD5_CTXgcry_md_hd_t md5; | |||
4904 | ssl_debug_printf("%s MD5(client_random)\n", G_STRFUNC((const char*) (__func__))); | |||
4905 | ||||
4906 | if (ssl_md5_init(&md5) != 0) | |||
4907 | goto fail; | |||
4908 | ssl_md5_update(&md5,c_wk,encr_key_len); | |||
4909 | ssl_md5_update(&md5,ssl_session->client_random.data, | |||
4910 | ssl_session->client_random.data_len); | |||
4911 | ssl_md5_update(&md5,ssl_session->server_random.data, | |||
4912 | ssl_session->server_random.data_len); | |||
4913 | ssl_md5_final(_key_c,&md5); | |||
4914 | ssl_md5_cleanup(&md5); | |||
4915 | c_wk=_key_c; | |||
4916 | ||||
4917 | if (ssl_md5_init(&md5) != 0) | |||
4918 | goto fail; | |||
4919 | ssl_debug_printf("%s MD5(server_random)\n", G_STRFUNC((const char*) (__func__))); | |||
4920 | ssl_md5_update(&md5,s_wk,encr_key_len); | |||
4921 | ssl_md5_update(&md5,ssl_session->server_random.data, | |||
4922 | ssl_session->server_random.data_len); | |||
4923 | ssl_md5_update(&md5,ssl_session->client_random.data, | |||
4924 | ssl_session->client_random.data_len); | |||
4925 | ssl_md5_final(_key_s,&md5); | |||
4926 | ssl_md5_cleanup(&md5); | |||
4927 | s_wk=_key_s; | |||
4928 | } | |||
4929 | else{ | |||
4930 | StringInfo key_c, key_s, k; | |||
4931 | key_c.data = _key_c; | |||
4932 | key_s.data = _key_s; | |||
4933 | ||||
4934 | k.data = c_wk; | |||
4935 | k.data_len = encr_key_len; | |||
4936 | ssl_debug_printf("%s PRF(key_c)\n", G_STRFUNC((const char*) (__func__))); | |||
4937 | if (!prf(ssl_session, &k, "client write key", | |||
4938 | &ssl_session->client_random, | |||
4939 | &ssl_session->server_random, &key_c, sizeof(_key_c))) { | |||
4940 | ssl_debug_printf("%s can't generate tll31 server key \n", G_STRFUNC((const char*) (__func__))); | |||
4941 | goto fail; | |||
4942 | } | |||
4943 | c_wk=_key_c; | |||
4944 | ||||
4945 | k.data = s_wk; | |||
4946 | k.data_len = encr_key_len; | |||
4947 | ssl_debug_printf("%s PRF(key_s)\n", G_STRFUNC((const char*) (__func__))); | |||
4948 | if (!prf(ssl_session, &k, "server write key", | |||
4949 | &ssl_session->client_random, | |||
4950 | &ssl_session->server_random, &key_s, sizeof(_key_s))) { | |||
4951 | ssl_debug_printf("%s can't generate tll31 client key \n", G_STRFUNC((const char*) (__func__))); | |||
4952 | goto fail; | |||
4953 | } | |||
4954 | s_wk=_key_s; | |||
4955 | } | |||
4956 | } | |||
4957 | ||||
4958 | /* show key material info */ | |||
4959 | if (c_mk != NULL((void*)0)) { | |||
4960 | ssl_print_data("Client MAC key",c_mk,ssl_cipher_suite_dig(cipher_suite)->len); | |||
4961 | ssl_print_data("Server MAC key",s_mk,ssl_cipher_suite_dig(cipher_suite)->len); | |||
4962 | } | |||
4963 | ssl_print_data("Client Write key", c_wk, encr_key_len); | |||
4964 | ssl_print_data("Server Write key", s_wk, encr_key_len); | |||
4965 | /* used as IV for CBC mode and the AEAD implicit nonce (salt) */ | |||
4966 | if (write_iv_len > 0) { | |||
4967 | ssl_print_data("Client Write IV", c_iv, write_iv_len); | |||
4968 | ssl_print_data("Server Write IV", s_iv, write_iv_len); | |||
4969 | } | |||
4970 | ||||
4971 | create_decoders: | |||
4972 | /* create both client and server ciphers*/ | |||
4973 | ssl_debug_printf("%s ssl_create_decoder(client)\n", G_STRFUNC((const char*) (__func__))); | |||
4974 | ssl_session->client_new = ssl_create_decoder(cipher_suite, cipher_algo, ssl_session->session.compression, c_mk, c_wk, NULL((void*)0), c_iv, write_iv_len); | |||
4975 | if (!ssl_session->client_new) { | |||
4976 | ssl_debug_printf("%s can't init client decoder\n", G_STRFUNC((const char*) (__func__))); | |||
4977 | goto fail; | |||
4978 | } | |||
4979 | ssl_debug_printf("%s ssl_create_decoder(server)\n", G_STRFUNC((const char*) (__func__))); | |||
4980 | ssl_session->server_new = ssl_create_decoder(cipher_suite, cipher_algo, ssl_session->session.compression, s_mk, s_wk, NULL((void*)0), s_iv, write_iv_len); | |||
4981 | if (!ssl_session->server_new) { | |||
4982 | ssl_debug_printf("%s can't init server decoder\n", G_STRFUNC((const char*) (__func__))); | |||
4983 | goto fail; | |||
4984 | } | |||
4985 | ||||
4986 | /* Continue the SSL stream after renegotiation with new keys. */ | |||
4987 | ssl_session->client_new->flow = ssl_session->client ? ssl_session->client->flow : ssl_create_flow(); | |||
4988 | ssl_session->server_new->flow = ssl_session->server ? ssl_session->server->flow : ssl_create_flow(); | |||
4989 | ||||
4990 | ssl_debug_printf("%s: client seq %" PRIu64"l" "u" ", server seq %" PRIu64"l" "u" "\n", | |||
4991 | G_STRFUNC((const char*) (__func__)), ssl_session->client_new->seq, ssl_session->server_new->seq); | |||
4992 | g_free(key_block.data); | |||
4993 | ssl_session->state |= SSL_HAVE_SESSION_KEY(1<<3); | |||
4994 | return 0; | |||
4995 | ||||
4996 | fail: | |||
4997 | g_free(key_block.data); | |||
4998 | return -1; | |||
4999 | } | |||
5000 | ||||
5001 | /* Generated the key material based on the given secret. */ | |||
5002 | bool_Bool | |||
5003 | tls13_generate_keys(SslDecryptSession *ssl_session, const StringInfo *secret, bool_Bool is_from_server) | |||
5004 | { | |||
5005 | bool_Bool success = false0; | |||
5006 | unsigned char *write_key = NULL((void*)0), *write_iv = NULL((void*)0); | |||
5007 | unsigned char *sn_key = NULL((void*)0); | |||
5008 | SslDecoder *decoder; | |||
5009 | unsigned key_length, iv_length; | |||
5010 | int hash_algo; | |||
5011 | const SslCipherSuite *cipher_suite = ssl_session->cipher_suite; | |||
5012 | int cipher_algo; | |||
5013 | ||||
5014 | if ((ssl_session->session.version != TLSV1DOT3_VERSION0x304) && (ssl_session->session.version != DTLSV1DOT3_VERSION0xfefc)) { | |||
5015 | ssl_debug_printf("%s only usable for TLS 1.3, not %#x!\n", G_STRFUNC((const char*) (__func__)), | |||
5016 | ssl_session->session.version); | |||
5017 | return false0; | |||
5018 | } | |||
5019 | ||||
5020 | if (cipher_suite == NULL((void*)0)) { | |||
5021 | ssl_debug_printf("%s Unknown cipher\n", G_STRFUNC((const char*) (__func__))); | |||
5022 | return false0; | |||
5023 | } | |||
5024 | ||||
5025 | if (cipher_suite->kex != KEX_TLS130x23) { | |||
5026 | ssl_debug_printf("%s Invalid cipher suite 0x%04x spotted!\n", G_STRFUNC((const char*) (__func__)), cipher_suite->number); | |||
5027 | return false0; | |||
5028 | } | |||
5029 | ||||
5030 | /* Find the Libgcrypt cipher algorithm for the given SSL cipher suite ID */ | |||
5031 | const char *cipher_name = ciphers[cipher_suite->enc-ENC_START0x30]; | |||
5032 | ssl_debug_printf("%s CIPHER: %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | |||
5033 | cipher_algo = ssl_get_cipher_by_name(cipher_name); | |||
5034 | if (cipher_algo == 0) { | |||
5035 | ssl_debug_printf("%s can't find cipher %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | |||
5036 | return false0; | |||
5037 | } | |||
5038 | ||||
5039 | const char *hash_name = ssl_cipher_suite_dig(cipher_suite)->name; | |||
5040 | hash_algo = ssl_get_digest_by_name(hash_name); | |||
5041 | if (!hash_algo) { | |||
5042 | ssl_debug_printf("%s can't find hash function %s\n", G_STRFUNC((const char*) (__func__)), hash_name); | |||
5043 | return false0; | |||
5044 | } | |||
5045 | ||||
5046 | key_length = (unsigned) gcry_cipher_get_algo_keylen(cipher_algo); | |||
5047 | /* AES-GCM/AES-CCM/Poly1305-ChaCha20 all have N_MIN=N_MAX = 12. */ | |||
5048 | iv_length = 12; | |||
5049 | ssl_debug_printf("%s key_length %u iv_length %u\n", G_STRFUNC((const char*) (__func__)), key_length, iv_length); | |||
5050 | ||||
5051 | const char *label_prefix = tls13_hkdf_label_prefix(ssl_session); | |||
5052 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "key", key_length, &write_key)) { | |||
5053 | ssl_debug_printf("%s write_key expansion failed\n", G_STRFUNC((const char*) (__func__))); | |||
5054 | return false0; | |||
5055 | } | |||
5056 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "iv", iv_length, &write_iv)) { | |||
5057 | ssl_debug_printf("%s write_iv expansion failed\n", G_STRFUNC((const char*) (__func__))); | |||
5058 | goto end; | |||
5059 | } | |||
5060 | ||||
5061 | if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { | |||
5062 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "sn", key_length, &sn_key)) { | |||
5063 | ssl_debug_printf("%s sn_key expansion failed\n", G_STRFUNC((const char*) (__func__))); | |||
5064 | goto end; | |||
5065 | } | |||
5066 | } | |||
5067 | ||||
5068 | ssl_print_data(is_from_server ? "Server Write Key" : "Client Write Key", write_key, key_length); | |||
5069 | ssl_print_data(is_from_server ? "Server Write IV" : "Client Write IV", write_iv, iv_length); | |||
5070 | if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { | |||
5071 | ssl_print_data(is_from_server ? "Server Write SN" : "Client Write SN", sn_key, key_length); | |||
5072 | } | |||
5073 | ||||
5074 | ssl_debug_printf("%s ssl_create_decoder(%s)\n", G_STRFUNC((const char*) (__func__)), is_from_server ? "server" : "client"); | |||
5075 | decoder = ssl_create_decoder(cipher_suite, cipher_algo, 0, NULL((void*)0), write_key, sn_key, write_iv, iv_length); | |||
5076 | if (!decoder) { | |||
5077 | ssl_debug_printf("%s can't init %s decoder\n", G_STRFUNC((const char*) (__func__)), is_from_server ? "server" : "client"); | |||
5078 | goto end; | |||
5079 | } | |||
5080 | ||||
5081 | /* Continue the TLS session with new keys, but reuse old flow to keep things | |||
5082 | * like "Follow TLS" working (by linking application data records). */ | |||
5083 | if (is_from_server) { | |||
5084 | decoder->flow = ssl_session->server ? ssl_session->server->flow : ssl_create_flow(); | |||
5085 | ssl_session->server = decoder; | |||
5086 | } else { | |||
5087 | decoder->flow = ssl_session->client ? ssl_session->client->flow : ssl_create_flow(); | |||
5088 | ssl_session->client = decoder; | |||
5089 | } | |||
5090 | ssl_debug_printf("%s %s ready using cipher suite 0x%04x (cipher %s hash %s)\n", G_STRFUNC((const char*) (__func__)), | |||
5091 | is_from_server ? "Server" : "Client", cipher_suite->number, cipher_name, hash_name); | |||
5092 | success = true1; | |||
5093 | ||||
5094 | end: | |||
5095 | wmem_free(NULL((void*)0), write_key); | |||
5096 | wmem_free(NULL((void*)0), write_iv); | |||
5097 | if (sn_key) | |||
5098 | wmem_free(NULL((void*)0), sn_key); | |||
5099 | return success; | |||
5100 | } | |||
5101 | /* (Pre-)master secrets calculations }}} */ | |||
5102 | ||||
5103 | #ifdef HAVE_LIBGNUTLS1 | |||
5104 | /* Decrypt RSA pre-master secret using RSA private key. {{{ */ | |||
5105 | static bool_Bool | |||
5106 | ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session, | |||
5107 | StringInfo *encrypted_pre_master, GHashTable *key_hash) | |||
5108 | { | |||
5109 | int ret; | |||
5110 | ||||
5111 | if (!encrypted_pre_master) | |||
5112 | return false0; | |||
5113 | ||||
5114 | if (KEX_IS_DH(ssl_session->cipher_suite->kex)((ssl_session->cipher_suite->kex) >= 0x10 && (ssl_session->cipher_suite->kex) <= 0x1b)) { | |||
5115 | ssl_debug_printf("%s: session uses Diffie-Hellman key exchange " | |||
5116 | "(cipher suite 0x%04X %s) and cannot be decrypted " | |||
5117 | "using a RSA private key file.\n", | |||
5118 | G_STRFUNC((const char*) (__func__)), ssl_session->session.cipher, | |||
5119 | val_to_str_ext_const(ssl_session->session.cipher, | |||
5120 | &ssl_31_ciphersuite_ext, "unknown")); | |||
5121 | return false0; | |||
5122 | } else if (ssl_session->cipher_suite->kex != KEX_RSA0x1e) { | |||
5123 | ssl_debug_printf("%s key exchange %d different from KEX_RSA (%d)\n", | |||
5124 | G_STRFUNC((const char*) (__func__)), ssl_session->cipher_suite->kex, KEX_RSA0x1e); | |||
5125 | return false0; | |||
5126 | } | |||
5127 | ||||
5128 | gnutls_privkey_t pk = (gnutls_privkey_t)g_hash_table_lookup(key_hash, ssl_session->cert_key_id); | |||
5129 | ||||
5130 | ssl_print_string("pre master encrypted", encrypted_pre_master); | |||
5131 | ssl_debug_printf("%s: RSA_private_decrypt\n", G_STRFUNC((const char*) (__func__))); | |||
5132 | const gnutls_datum_t epms = { encrypted_pre_master->data, encrypted_pre_master->data_len }; | |||
5133 | gnutls_datum_t pms = { 0 }; | |||
5134 | if (pk) { | |||
5135 | // Try to decrypt using the RSA keys table from (D)TLS preferences. | |||
5136 | ret = gnutls_privkey_decrypt_data(pk, 0, &epms, &pms); | |||
5137 | } else { | |||
5138 | // Try to decrypt using a hardware token. | |||
5139 | ret = secrets_rsa_decrypt(ssl_session->cert_key_id, epms.data, epms.size, &pms.data, &pms.size); | |||
5140 | } | |||
5141 | if (ret < 0) { | |||
5142 | ssl_debug_printf("%s: decryption failed: %d (%s)\n", G_STRFUNC((const char*) (__func__)), ret, gnutls_strerror(ret)); | |||
5143 | return false0; | |||
5144 | } | |||
5145 | ||||
5146 | if (pms.size != 48) { | |||
5147 | ssl_debug_printf("%s wrong pre_master_secret length (%d, expected %d)\n", | |||
5148 | G_STRFUNC((const char*) (__func__)), pms.size, 48); | |||
5149 | if (pk) { | |||
5150 | gnutls_free(pms.data); | |||
5151 | } else { | |||
5152 | g_free(pms.data); | |||
5153 | } | |||
5154 | return false0; | |||
5155 | } | |||
5156 | ||||
5157 | ssl_session->pre_master_secret.data = (uint8_t *)wmem_memdup(wmem_file_scope(), pms.data, 48); | |||
5158 | ssl_session->pre_master_secret.data_len = 48; | |||
5159 | if (pk) { | |||
5160 | gnutls_free(pms.data); | |||
5161 | } else { | |||
5162 | g_free(pms.data); | |||
5163 | } | |||
5164 | ssl_print_string("pre master secret", &ssl_session->pre_master_secret); | |||
5165 | ||||
5166 | /* Remove the master secret if it was there. | |||
5167 | This forces keying material regeneration in | |||
5168 | case we're renegotiating */ | |||
5169 | ssl_session->state &= ~(SSL_MASTER_SECRET(1<<5)|SSL_HAVE_SESSION_KEY(1<<3)); | |||
5170 | ssl_session->state |= SSL_PRE_MASTER_SECRET(1<<6); | |||
5171 | return true1; | |||
5172 | } /* }}} */ | |||
5173 | #endif /* HAVE_LIBGNUTLS */ | |||
5174 | ||||
5175 | /* Decryption integrity check {{{ */ | |||
5176 | ||||
5177 | static int | |||
5178 | tls_check_mac(SslDecoder*decoder, int ct, int ver, uint8_t* data, | |||
5179 | uint32_t datalen, uint8_t* mac) | |||
5180 | { | |||
5181 | SSL_HMACgcry_md_hd_t hm; | |||
5182 | int md; | |||
5183 | uint32_t len; | |||
5184 | uint8_t buf[DIGEST_MAX_SIZE48]; | |||
5185 | int16_t temp; | |||
5186 | ||||
5187 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); | |||
5188 | ssl_debug_printf("tls_check_mac mac type:%s md %d\n", | |||
5189 | ssl_cipher_suite_dig(decoder->cipher_suite)->name, md); | |||
5190 | ||||
5191 | if (ssl_hmac_init(&hm,md) != 0) | |||
5192 | return -1; | |||
5193 | if (ssl_hmac_setkey(&hm,decoder->mac_key.data,decoder->mac_key.data_len) != 0) | |||
5194 | return -1; | |||
5195 | ||||
5196 | /* hash sequence number */ | |||
5197 | phton64(buf, decoder->seq); | |||
5198 | ||||
5199 | decoder->seq++; | |||
5200 | ||||
5201 | ssl_hmac_update(&hm,buf,8); | |||
5202 | ||||
5203 | /* hash content type */ | |||
5204 | buf[0]=ct; | |||
5205 | ssl_hmac_update(&hm,buf,1); | |||
5206 | ||||
5207 | /* hash version,data length and data*/ | |||
5208 | /* *((int16_t*)buf) = g_htons(ver); */ | |||
5209 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); | |||
5210 | memcpy(buf, &temp, 2); | |||
5211 | ssl_hmac_update(&hm,buf,2); | |||
5212 | ||||
5213 | /* *((int16_t*)buf) = g_htons(datalen); */ | |||
5214 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); | |||
5215 | memcpy(buf, &temp, 2); | |||
5216 | ssl_hmac_update(&hm,buf,2); | |||
5217 | ssl_hmac_update(&hm,data,datalen); | |||
5218 | ||||
5219 | /* get digest and digest len*/ | |||
5220 | len = sizeof(buf); | |||
5221 | ssl_hmac_final(&hm,buf,&len); | |||
5222 | ssl_hmac_cleanup(&hm); | |||
5223 | ssl_print_data("Mac", buf, len); | |||
5224 | if(memcmp(mac,buf,len)) | |||
5225 | return -1; | |||
5226 | ||||
5227 | return 0; | |||
5228 | } | |||
5229 | ||||
5230 | static int | |||
5231 | ssl3_check_mac(SslDecoder*decoder,int ct,uint8_t* data, | |||
5232 | uint32_t datalen, uint8_t* mac) | |||
5233 | { | |||
5234 | SSL_MDgcry_md_hd_t mc; | |||
5235 | int md; | |||
5236 | uint32_t len; | |||
5237 | uint8_t buf[64],dgst[20]; | |||
5238 | int pad_ct; | |||
5239 | int16_t temp; | |||
5240 | ||||
5241 | pad_ct=(decoder->cipher_suite->dig==DIG_SHA0x41)?40:48; | |||
5242 | ||||
5243 | /* get cipher used for digest computation */ | |||
5244 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); | |||
5245 | if (ssl_md_init(&mc,md) !=0) | |||
5246 | return -1; | |||
5247 | ||||
5248 | /* do hash computation on data && padding */ | |||
5249 | ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len); | |||
5250 | ||||
5251 | /* hash padding*/ | |||
5252 | memset(buf,0x36,pad_ct); | |||
5253 | ssl_md_update(&mc,buf,pad_ct); | |||
5254 | ||||
5255 | /* hash sequence number */ | |||
5256 | phton64(buf, decoder->seq); | |||
5257 | decoder->seq++; | |||
5258 | ssl_md_update(&mc,buf,8); | |||
5259 | ||||
5260 | /* hash content type */ | |||
5261 | buf[0]=ct; | |||
5262 | ssl_md_update(&mc,buf,1); | |||
5263 | ||||
5264 | /* hash data length in network byte order and data*/ | |||
5265 | /* *((int16_t* )buf) = g_htons(datalen); */ | |||
5266 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); | |||
5267 | memcpy(buf, &temp, 2); | |||
5268 | ssl_md_update(&mc,buf,2); | |||
5269 | ssl_md_update(&mc,data,datalen); | |||
5270 | ||||
5271 | /* get partial digest */ | |||
5272 | ssl_md_final(&mc,dgst,&len); | |||
5273 | ssl_md_reset(&mc); | |||
5274 | ||||
5275 | /* hash mac key */ | |||
5276 | ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len); | |||
5277 | ||||
5278 | /* hash padding and partial digest*/ | |||
5279 | memset(buf,0x5c,pad_ct); | |||
5280 | ssl_md_update(&mc,buf,pad_ct); | |||
5281 | ssl_md_update(&mc,dgst,len); | |||
5282 | ||||
5283 | ssl_md_final(&mc,dgst,&len); | |||
5284 | ssl_md_cleanup(&mc); | |||
5285 | ||||
5286 | if(memcmp(mac,dgst,len)) | |||
5287 | return -1; | |||
5288 | ||||
5289 | return 0; | |||
5290 | } | |||
5291 | ||||
5292 | static int | |||
5293 | dtls_check_mac(SslDecryptSession *ssl, SslDecoder*decoder, int ct, uint8_t* data, | |||
5294 | uint32_t datalen, uint8_t* mac, const unsigned char *cid, uint8_t cidl) | |||
5295 | { | |||
5296 | SSL_HMACgcry_md_hd_t hm; | |||
5297 | int md; | |||
5298 | uint32_t len; | |||
5299 | uint8_t buf[DIGEST_MAX_SIZE48]; | |||
5300 | int16_t temp; | |||
5301 | ||||
5302 | int ver = ssl->session.version; | |||
5303 | bool_Bool is_cid = ((ct == SSL_ID_TLS12_CID) && (ver == DTLSV1DOT2_VERSION0xfefd)); | |||
5304 | ||||
5305 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); | |||
5306 | ssl_debug_printf("dtls_check_mac mac type:%s md %d\n", | |||
5307 | ssl_cipher_suite_dig(decoder->cipher_suite)->name, md); | |||
5308 | ||||
5309 | if (ssl_hmac_init(&hm,md) != 0) | |||
5310 | return -1; | |||
5311 | if (ssl_hmac_setkey(&hm,decoder->mac_key.data,decoder->mac_key.data_len) != 0) | |||
5312 | return -1; | |||
5313 | ||||
5314 | ssl_debug_printf("dtls_check_mac seq: %" PRIu64"l" "u" " epoch: %d\n",decoder->seq,decoder->epoch); | |||
5315 | ||||
5316 | if (is_cid && !ssl->session.deprecated_cid) { | |||
5317 | /* hash seq num placeholder */ | |||
5318 | memset(buf,0xFF,8); | |||
5319 | ssl_hmac_update(&hm,buf,8); | |||
5320 | ||||
5321 | /* hash content type + cid length + content type */ | |||
5322 | buf[0]=ct; | |||
5323 | buf[1]=cidl; | |||
5324 | buf[2]=ct; | |||
5325 | ssl_hmac_update(&hm,buf,3); | |||
5326 | ||||
5327 | /* hash version */ | |||
5328 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); | |||
5329 | memcpy(buf, &temp, 2); | |||
5330 | ssl_hmac_update(&hm,buf,2); | |||
5331 | ||||
5332 | /* hash sequence number */ | |||
5333 | phton64(buf, decoder->seq); | |||
5334 | buf[0]=decoder->epoch>>8; | |||
5335 | buf[1]=(uint8_t)decoder->epoch; | |||
5336 | ssl_hmac_update(&hm,buf,8); | |||
5337 | ||||
5338 | /* hash cid */ | |||
5339 | ssl_hmac_update(&hm,cid,cidl); | |||
5340 | } else { | |||
5341 | /* hash sequence number */ | |||
5342 | phton64(buf, decoder->seq); | |||
5343 | buf[0]=decoder->epoch>>8; | |||
5344 | buf[1]=(uint8_t)decoder->epoch; | |||
5345 | ssl_hmac_update(&hm,buf,8); | |||
5346 | ||||
5347 | /* hash content type */ | |||
5348 | buf[0]=ct; | |||
5349 | ssl_hmac_update(&hm,buf,1); | |||
5350 | ||||
5351 | /* hash version */ | |||
5352 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); | |||
5353 | memcpy(buf, &temp, 2); | |||
5354 | ssl_hmac_update(&hm,buf,2); | |||
5355 | ||||
5356 | if (is_cid && ssl->session.deprecated_cid) { | |||
5357 | /* hash cid */ | |||
5358 | ssl_hmac_update(&hm,cid,cidl); | |||
5359 | ||||
5360 | /* hash cid length */ | |||
5361 | buf[0] = cidl; | |||
5362 | ssl_hmac_update(&hm,buf,1); | |||
5363 | } | |||
5364 | } | |||
5365 | ||||
5366 | /* data length and data */ | |||
5367 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); | |||
5368 | memcpy(buf, &temp, 2); | |||
5369 | ssl_hmac_update(&hm,buf,2); | |||
5370 | ssl_hmac_update(&hm,data,datalen); | |||
5371 | ||||
5372 | /* get digest and digest len */ | |||
5373 | len = sizeof(buf); | |||
5374 | ssl_hmac_final(&hm,buf,&len); | |||
5375 | ssl_hmac_cleanup(&hm); | |||
5376 | ssl_print_data("Mac", buf, len); | |||
5377 | if(memcmp(mac,buf,len)) | |||
5378 | return -1; | |||
5379 | ||||
5380 | return 0; | |||
5381 | } | |||
5382 | /* Decryption integrity check }}} */ | |||
5383 | ||||
5384 | ||||
5385 | static bool_Bool | |||
5386 | tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder, | |||
5387 | uint8_t ct, uint16_t record_version, | |||
5388 | bool_Bool ignore_mac_failed, | |||
5389 | const unsigned char *in, uint16_t inl, | |||
5390 | const unsigned char *cid, uint8_t cidl, | |||
5391 | StringInfo *out_str, unsigned *outl) | |||
5392 | { | |||
5393 | /* RFC 5246 (TLS 1.2) 6.2.3.3 defines the TLSCipherText.fragment as: | |||
5394 | * GenericAEADCipher: { nonce_explicit, [content] } | |||
5395 | * In TLS 1.3 this explicit nonce is gone. | |||
5396 | * With AES GCM/CCM, "[content]" is actually the concatenation of the | |||
5397 | * ciphertext and authentication tag. | |||
5398 | */ | |||
5399 | const uint16_t version = ssl->session.version; | |||
5400 | const bool_Bool is_v12 = version == TLSV1DOT2_VERSION0x303 || version == DTLSV1DOT2_VERSION0xfefd || version == TLCPV1_VERSION0x101; | |||
5401 | gcry_error_t err; | |||
5402 | const unsigned char *explicit_nonce = NULL((void*)0), *ciphertext; | |||
5403 | unsigned ciphertext_len, auth_tag_len; | |||
5404 | unsigned char nonce[12]; | |||
5405 | const ssl_cipher_mode_t cipher_mode = decoder->cipher_suite->mode; | |||
5406 | const bool_Bool is_cid = ct == SSL_ID_TLS12_CID && version == DTLSV1DOT2_VERSION0xfefd; | |||
5407 | const uint8_t draft_version = ssl->session.tls13_draft_version; | |||
5408 | const unsigned char *auth_tag_wire; | |||
5409 | unsigned char auth_tag_calc[16]; | |||
5410 | unsigned char *aad = NULL((void*)0); | |||
5411 | unsigned aad_len = 0; | |||
5412 | ||||
5413 | switch (cipher_mode) { | |||
5414 | case MODE_GCM: | |||
5415 | case MODE_CCM: | |||
5416 | case MODE_POLY1305: | |||
5417 | auth_tag_len = 16; | |||
5418 | break; | |||
5419 | case MODE_CCM_8: | |||
5420 | auth_tag_len = 8; | |||
5421 | break; | |||
5422 | default: | |||
5423 | ssl_debug_printf("%s unsupported cipher!\n", G_STRFUNC((const char*) (__func__))); | |||
5424 | return false0; | |||
5425 | } | |||
5426 | ||||
5427 | /* Parse input into explicit nonce (TLS 1.2 only), ciphertext and tag. */ | |||
5428 | if (is_v12 && cipher_mode != MODE_POLY1305) { | |||
5429 | if (inl < EXPLICIT_NONCE_LEN8 + auth_tag_len) { | |||
5430 | ssl_debug_printf("%s input %d is too small for explicit nonce %d and auth tag %d\n", | |||
5431 | G_STRFUNC((const char*) (__func__)), inl, EXPLICIT_NONCE_LEN8, auth_tag_len); | |||
5432 | return false0; | |||
5433 | } | |||
5434 | explicit_nonce = in; | |||
5435 | ciphertext = explicit_nonce + EXPLICIT_NONCE_LEN8; | |||
5436 | ciphertext_len = inl - EXPLICIT_NONCE_LEN8 - auth_tag_len; | |||
5437 | } else if (version == TLSV1DOT3_VERSION0x304 || version == DTLSV1DOT3_VERSION0xfefc || cipher_mode == MODE_POLY1305) { | |||
5438 | if (inl < auth_tag_len) { | |||
5439 | ssl_debug_printf("%s input %d has no space for auth tag %d\n", G_STRFUNC((const char*) (__func__)), inl, auth_tag_len); | |||
5440 | return false0; | |||
5441 | } | |||
5442 | ciphertext = in; | |||
5443 | ciphertext_len = inl - auth_tag_len; | |||
5444 | } else { | |||
5445 | ssl_debug_printf("%s Unexpected TLS version %#x\n", G_STRFUNC((const char*) (__func__)), version); | |||
5446 | return false0; | |||
5447 | } | |||
5448 | auth_tag_wire = ciphertext + ciphertext_len; | |||
5449 | ||||
5450 | /* | |||
5451 | * Nonce construction is version-specific. Note that AEAD_CHACHA20_POLY1305 | |||
5452 | * (RFC 7905) uses a nonce construction similar to TLS 1.3. | |||
5453 | */ | |||
5454 | if (is_v12 && cipher_mode != MODE_POLY1305) { | |||
5455 | DISSECTOR_ASSERT(decoder->write_iv.data_len == IMPLICIT_NONCE_LEN)((void) ((decoder->write_iv.data_len == 4) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 5455, "decoder->write_iv.data_len == 4")))); | |||
5456 | /* Implicit (4) and explicit (8) part of nonce. */ | |||
5457 | memcpy(nonce, decoder->write_iv.data, IMPLICIT_NONCE_LEN4); | |||
5458 | memcpy(nonce + IMPLICIT_NONCE_LEN4, explicit_nonce, EXPLICIT_NONCE_LEN8); | |||
5459 | ||||
5460 | } else if (version == TLSV1DOT3_VERSION0x304 || version == DTLSV1DOT3_VERSION0xfefc || cipher_mode == MODE_POLY1305) { | |||
5461 | /* | |||
5462 | * Technically the nonce length must be at least 8 bytes, but for | |||
5463 | * AES-GCM, AES-CCM and Poly1305-ChaCha20 the nonce length is exact 12. | |||
5464 | */ | |||
5465 | const unsigned nonce_len = 12; | |||
5466 | DISSECTOR_ASSERT(decoder->write_iv.data_len == nonce_len)((void) ((decoder->write_iv.data_len == nonce_len) ? (void )0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 5466, "decoder->write_iv.data_len == nonce_len" )))); | |||
5467 | memcpy(nonce, decoder->write_iv.data, decoder->write_iv.data_len); | |||
5468 | /* Sequence number is left-padded with zeroes and XORed with write_iv */ | |||
5469 | phton64(nonce + nonce_len - 8, pntoh64(nonce + nonce_len - 8) ^ decoder->seq); | |||
5470 | ssl_debug_printf("%s seq %" PRIu64"l" "u" "\n", G_STRFUNC((const char*) (__func__)), decoder->seq); | |||
5471 | } | |||
5472 | ||||
5473 | /* Set nonce and additional authentication data */ | |||
5474 | gcry_cipher_reset(decoder->evp)gcry_cipher_ctl ((decoder->evp), GCRYCTL_RESET, ((void*)0) , 0); | |||
5475 | ssl_print_data("nonce", nonce, 12); | |||
5476 | err = gcry_cipher_setiv(decoder->evp, nonce, 12); | |||
5477 | if (err) { | |||
5478 | ssl_debug_printf("%s failed to set nonce: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | |||
5479 | return false0; | |||
5480 | } | |||
5481 | ||||
5482 | /* (D)TLS 1.2 needs specific AAD, TLS 1.3 (before -25) uses empty AAD. */ | |||
5483 | if (is_cid) { /* if connection ID */ | |||
5484 | if (ssl->session.deprecated_cid) { | |||
5485 | aad_len = 14 + cidl; | |||
5486 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | |||
5487 | phton64(aad, decoder->seq); /* record sequence number */ | |||
5488 | phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ | |||
5489 | aad[8] = ct; /* TLSCompressed.type */ | |||
5490 | phton16(aad + 9, record_version); /* TLSCompressed.version */ | |||
5491 | memcpy(aad + 11, cid, cidl); /* cid */ | |||
5492 | aad[11 + cidl] = cidl; /* cid_length */ | |||
5493 | phton16(aad + 12 + cidl, ciphertext_len); /* TLSCompressed.length */ | |||
5494 | } else { | |||
5495 | aad_len = 23 + cidl; | |||
5496 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | |||
5497 | memset(aad, 0xFF, 8); /* seq_num_placeholder */ | |||
5498 | aad[8] = ct; /* TLSCompressed.type */ | |||
5499 | aad[9] = cidl; /* cid_length */ | |||
5500 | aad[10] = ct; /* TLSCompressed.type */ | |||
5501 | phton16(aad + 11, record_version); /* TLSCompressed.version */ | |||
5502 | phton64(aad + 13, decoder->seq); /* record sequence number */ | |||
5503 | phton16(aad + 13, decoder->epoch); /* DTLS 1.2 includes epoch. */ | |||
5504 | memcpy(aad + 21, cid, cidl); /* cid */ | |||
5505 | phton16(aad + 21 + cidl, ciphertext_len); /* TLSCompressed.length */ | |||
5506 | } | |||
5507 | } else if (is_v12) { | |||
5508 | aad_len = 13; | |||
5509 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | |||
5510 | phton64(aad, decoder->seq); /* record sequence number */ | |||
5511 | if (version == DTLSV1DOT2_VERSION0xfefd) { | |||
5512 | phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ | |||
5513 | } | |||
5514 | aad[8] = ct; /* TLSCompressed.type */ | |||
5515 | phton16(aad + 9, record_version); /* TLSCompressed.version */ | |||
5516 | phton16(aad + 11, ciphertext_len); /* TLSCompressed.length */ | |||
5517 | } else if (version == DTLSV1DOT3_VERSION0xfefc) { | |||
5518 | aad_len = decoder->dtls13_aad.data_len; | |||
5519 | aad = decoder->dtls13_aad.data; | |||
5520 | } else if (draft_version >= 25 || draft_version == 0) { | |||
5521 | aad_len = 5; | |||
5522 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | |||
5523 | aad[0] = ct; /* TLSCiphertext.opaque_type (23) */ | |||
5524 | phton16(aad + 1, record_version); /* TLSCiphertext.legacy_record_version (0x0303) */ | |||
5525 | phton16(aad + 3, inl); /* TLSCiphertext.length */ | |||
5526 | } | |||
5527 | ||||
5528 | if (decoder->cipher_suite->mode == MODE_CCM || decoder->cipher_suite->mode == MODE_CCM_8) { | |||
5529 | /* size of plaintext, additional authenticated data and auth tag. */ | |||
5530 | uint64_t lengths[3] = { ciphertext_len, aad_len, auth_tag_len }; | |||
5531 | ||||
5532 | gcry_cipher_ctl(decoder->evp, GCRYCTL_SET_CCM_LENGTHS, lengths, sizeof(lengths)); | |||
5533 | } | |||
5534 | ||||
5535 | if (aad && aad_len > 0) { | |||
5536 | ssl_print_data("AAD", aad, aad_len); | |||
5537 | err = gcry_cipher_authenticate(decoder->evp, aad, aad_len); | |||
5538 | if (err) { | |||
5539 | ssl_debug_printf("%s failed to set AAD: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | |||
5540 | return false0; | |||
5541 | } | |||
5542 | } | |||
5543 | ||||
5544 | /* Decrypt now that nonce and AAD are set. */ | |||
5545 | err = gcry_cipher_decrypt(decoder->evp, out_str->data, out_str->data_len, ciphertext, ciphertext_len); | |||
5546 | if (err) { | |||
5547 | ssl_debug_printf("%s decrypt failed: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | |||
5548 | return false0; | |||
5549 | } | |||
5550 | ||||
5551 | /* Check authentication tag for authenticity (replaces MAC) */ | |||
5552 | err = gcry_cipher_gettag(decoder->evp, auth_tag_calc, auth_tag_len); | |||
5553 | if (err == 0 && !memcmp(auth_tag_calc, auth_tag_wire, auth_tag_len)) { | |||
5554 | ssl_print_data("auth_tag(OK)", auth_tag_calc, auth_tag_len); | |||
5555 | } else { | |||
5556 | if (err) { | |||
5557 | ssl_debug_printf("%s cannot obtain tag: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | |||
5558 | } else { | |||
5559 | ssl_debug_printf("%s auth tag mismatch\n", G_STRFUNC((const char*) (__func__))); | |||
5560 | ssl_print_data("auth_tag(expect)", auth_tag_calc, auth_tag_len); | |||
5561 | ssl_print_data("auth_tag(actual)", auth_tag_wire, auth_tag_len); | |||
5562 | } | |||
5563 | if (ignore_mac_failed) { | |||
5564 | ssl_debug_printf("%s: auth check failed, but ignored for troubleshooting ;-)\n", G_STRFUNC((const char*) (__func__))); | |||
5565 | } else { | |||
5566 | return false0; | |||
5567 | } | |||
5568 | } | |||
5569 | ||||
5570 | /* | |||
5571 | * Increment the (implicit) sequence number for TLS 1.2/1.3 and TLCP 1.1. This is done | |||
5572 | * after successful authentication to ensure that early data is skipped when | |||
5573 | * CLIENT_EARLY_TRAFFIC_SECRET keys are unavailable. | |||
5574 | */ | |||
5575 | if (version == TLSV1DOT2_VERSION0x303 || version == TLSV1DOT3_VERSION0x304 || version == TLCPV1_VERSION0x101) { | |||
5576 | decoder->seq++; | |||
5577 | } | |||
5578 | ||||
5579 | ssl_print_data("Plaintext", out_str->data, ciphertext_len); | |||
5580 | *outl = ciphertext_len; | |||
5581 | return true1; | |||
5582 | } | |||
5583 | ||||
5584 | /* Record decryption glue based on security parameters {{{ */ | |||
5585 | /* Assume that we are called only for a non-NULL decoder which also means that | |||
5586 | * we have a non-NULL decoder->cipher_suite. */ | |||
5587 | int | |||
5588 | ssl_decrypt_record(SslDecryptSession *ssl, SslDecoder *decoder, uint8_t ct, uint16_t record_version, | |||
5589 | bool_Bool ignore_mac_failed, | |||
5590 | const unsigned char *in, uint16_t inl, const unsigned char *cid, uint8_t cidl, | |||
5591 | StringInfo *comp_str, StringInfo *out_str, unsigned *outl) | |||
5592 | { | |||
5593 | unsigned pad, worklen, uncomplen, maclen, mac_fraglen = 0; | |||
5594 | uint8_t *mac = NULL((void*)0), *mac_frag = NULL((void*)0); | |||
5595 | ||||
5596 | ssl_debug_printf("ssl_decrypt_record ciphertext len %d\n", inl); | |||
5597 | ssl_print_data("Ciphertext",in, inl); | |||
5598 | ||||
5599 | if (((ssl->session.version == TLSV1DOT3_VERSION0x304 || ssl->session.version == DTLSV1DOT3_VERSION0xfefc)) | |||
5600 | != (decoder->cipher_suite->kex == KEX_TLS130x23)) { | |||
5601 | ssl_debug_printf("%s Invalid cipher suite for the protocol version!\n", G_STRFUNC((const char*) (__func__))); | |||
5602 | return -1; | |||
5603 | } | |||
5604 | ||||
5605 | /* ensure we have enough storage space for decrypted data */ | |||
5606 | if (inl > out_str->data_len) | |||
5607 | { | |||
5608 | ssl_debug_printf("ssl_decrypt_record: allocating %d bytes for decrypt data (old len %d)\n", | |||
5609 | inl + 32, out_str->data_len); | |||
5610 | ssl_data_realloc(out_str, inl + 32); | |||
5611 | } | |||
5612 | ||||
5613 | /* AEAD ciphers (GenericAEADCipher in TLS 1.2; TLS 1.3) have no padding nor | |||
5614 | * a separate MAC, so use a different routine for simplicity. */ | |||
5615 | if (decoder->cipher_suite->mode == MODE_GCM || | |||
5616 | decoder->cipher_suite->mode == MODE_CCM || | |||
5617 | decoder->cipher_suite->mode == MODE_CCM_8 || | |||
5618 | decoder->cipher_suite->mode == MODE_POLY1305 || | |||
5619 | ssl->session.version == TLSV1DOT3_VERSION0x304 || | |||
5620 | ssl->session.version == DTLSV1DOT3_VERSION0xfefc) { | |||
5621 | ||||
5622 | if (!tls_decrypt_aead_record(ssl, decoder, ct, record_version, ignore_mac_failed, in, inl, cid, cidl, out_str, &worklen)) { | |||
5623 | /* decryption failed */ | |||
5624 | return -1; | |||
5625 | } | |||
5626 | ||||
5627 | goto skip_mac; | |||
5628 | } | |||
5629 | ||||
5630 | /* RFC 6101/2246: SSLCipherText/TLSCipherText has two structures for types: | |||
5631 | * (notation: { unencrypted, [ encrypted ] }) | |||
5632 | * GenericStreamCipher: { [content, mac] } | |||
5633 | * GenericBlockCipher: { IV (TLS 1.1+), [content, mac, padding, padding_len] } | |||
5634 | * RFC 5426 (TLS 1.2): TLSCipherText has additionally: | |||
5635 | * GenericAEADCipher: { nonce_explicit, [content] } | |||
5636 | * RFC 4347 (DTLS): based on TLS 1.1, only GenericBlockCipher is supported. | |||
5637 | * RFC 6347 (DTLS 1.2): based on TLS 1.2, includes GenericAEADCipher too. | |||
5638 | */ | |||
5639 | ||||
5640 | maclen = ssl_cipher_suite_dig(decoder->cipher_suite)->len; | |||
5641 | ||||
5642 | /* (TLS 1.1 and later, DTLS) Extract explicit IV for GenericBlockCipher */ | |||
5643 | if (decoder->cipher_suite->mode == MODE_CBC) { | |||
5644 | unsigned blocksize = 0; | |||
5645 | ||||
5646 | switch (ssl->session.version) { | |||
5647 | case TLSV1DOT1_VERSION0x302: | |||
5648 | case TLSV1DOT2_VERSION0x303: | |||
5649 | case DTLSV1DOT0_VERSION0xfeff: | |||
5650 | case DTLSV1DOT2_VERSION0xfefd: | |||
5651 | case DTLSV1DOT3_VERSION0xfefc: | |||
5652 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | |||
5653 | case TLCPV1_VERSION0x101: | |||
5654 | blocksize = ssl_get_cipher_blocksize(decoder->cipher_suite); | |||
5655 | if (inl < blocksize) { | |||
5656 | ssl_debug_printf("ssl_decrypt_record failed: input %d has no space for IV %d\n", | |||
5657 | inl, blocksize); | |||
5658 | return -1; | |||
5659 | } | |||
5660 | pad = gcry_cipher_setiv(decoder->evp, in, blocksize); | |||
5661 | if (pad != 0) { | |||
5662 | ssl_debug_printf("ssl_decrypt_record failed: failed to set IV: %s %s\n", | |||
5663 | gcry_strsource (pad), gcry_strerror (pad)); | |||
5664 | } | |||
5665 | ||||
5666 | inl -= blocksize; | |||
5667 | in += blocksize; | |||
5668 | break; | |||
5669 | } | |||
5670 | ||||
5671 | /* Encrypt-then-MAC for (D)TLS (RFC 7366) */ | |||
5672 | if (ssl->state & SSL_ENCRYPT_THEN_MAC(1<<11)) { | |||
5673 | /* | |||
5674 | * MAC is calculated over (IV + ) ENCRYPTED contents: | |||
5675 | * | |||
5676 | * MAC(MAC_write_key, ... + | |||
5677 | * IV + // for TLS 1.1 or greater | |||
5678 | * TLSCiphertext.enc_content); | |||
5679 | */ | |||
5680 | if (inl < maclen) { | |||
5681 | ssl_debug_printf("%s failed: input %d has no space for MAC %d\n", | |||
5682 | G_STRFUNC((const char*) (__func__)), inl, maclen); | |||
5683 | return -1; | |||
5684 | } | |||
5685 | inl -= maclen; | |||
5686 | mac = (uint8_t *)in + inl; | |||
5687 | mac_frag = (uint8_t *)in - blocksize; | |||
5688 | mac_fraglen = blocksize + inl; | |||
5689 | } | |||
5690 | } | |||
5691 | ||||
5692 | /* First decrypt*/ | |||
5693 | if ((pad = ssl_cipher_decrypt(&decoder->evp, out_str->data, out_str->data_len, in, inl)) != 0) { | |||
5694 | ssl_debug_printf("ssl_decrypt_record failed: ssl_cipher_decrypt: %s %s\n", gcry_strsource (pad), | |||
5695 | gcry_strerror (pad)); | |||
5696 | return -1; | |||
5697 | } | |||
5698 | ||||
5699 | ssl_print_data("Plaintext", out_str->data, inl); | |||
5700 | worklen=inl; | |||
5701 | ||||
5702 | ||||
5703 | /* strip padding for GenericBlockCipher */ | |||
5704 | if (decoder->cipher_suite->mode == MODE_CBC) { | |||
5705 | if (inl < 1) { /* Should this check happen earlier? */ | |||
5706 | ssl_debug_printf("ssl_decrypt_record failed: input length %d too small\n", inl); | |||
5707 | return -1; | |||
5708 | } | |||
5709 | pad=out_str->data[inl-1]; | |||
5710 | if (worklen <= pad) { | |||
5711 | ssl_debug_printf("ssl_decrypt_record failed: padding %d too large for work %d\n", | |||
5712 | pad, worklen); | |||
5713 | return -1; | |||
5714 | } | |||
5715 | worklen-=(pad+1); | |||
5716 | ssl_debug_printf("ssl_decrypt_record found padding %d final len %d\n", | |||
5717 | pad, worklen); | |||
5718 | } | |||
5719 | ||||
5720 | /* MAC for GenericStreamCipher and GenericBlockCipher. | |||
5721 | * (normal case without Encrypt-then-MAC (RFC 7366) extension. */ | |||
5722 | if (!mac) { | |||
5723 | /* | |||
5724 | * MAC is calculated over the DECRYPTED contents: | |||
5725 | * | |||
5726 | * MAC(MAC_write_key, ... + TLSCompressed.fragment); | |||
5727 | */ | |||
5728 | if (worklen < maclen) { | |||
5729 | ssl_debug_printf("%s wrong record len/padding outlen %d\n work %d\n", G_STRFUNC((const char*) (__func__)), *outl, worklen); | |||
5730 | return -1; | |||
5731 | } | |||
5732 | worklen -= maclen; | |||
5733 | mac = out_str->data + worklen; | |||
5734 | mac_frag = out_str->data; | |||
5735 | mac_fraglen = worklen; | |||
5736 | } | |||
5737 | ||||
5738 | /* If NULL encryption active and no keys are available, do not bother | |||
5739 | * checking the MAC. We do not have keys for that. */ | |||
5740 | if (decoder->cipher_suite->mode == MODE_STREAM && | |||
5741 | decoder->cipher_suite->enc == ENC_NULL0x3D && | |||
5742 | !(ssl->state & SSL_MASTER_SECRET(1<<5))) { | |||
5743 | ssl_debug_printf("MAC check skipped due to missing keys\n"); | |||
5744 | goto skip_mac; | |||
5745 | } | |||
5746 | ||||
5747 | /* Now check the MAC */ | |||
5748 | ssl_debug_printf("checking mac (len %d, version %X, ct %d seq %" PRIu64"l" "u" ")\n", | |||
5749 | worklen, ssl->session.version, ct, decoder->seq); | |||
5750 | if(ssl->session.version==SSLV3_VERSION0x300){ | |||
5751 | if(ssl3_check_mac(decoder,ct,mac_frag,mac_fraglen,mac) < 0) { | |||
5752 | if(ignore_mac_failed) { | |||
5753 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); | |||
5754 | } | |||
5755 | else{ | |||
5756 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); | |||
5757 | return -1; | |||
5758 | } | |||
5759 | } | |||
5760 | else{ | |||
5761 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); | |||
5762 | } | |||
5763 | } | |||
5764 | else if(ssl->session.version==TLSV1_VERSION0x301 || ssl->session.version==TLSV1DOT1_VERSION0x302 || ssl->session.version==TLSV1DOT2_VERSION0x303 || ssl->session.version==TLCPV1_VERSION0x101){ | |||
5765 | if(tls_check_mac(decoder,ct,ssl->session.version,mac_frag,mac_fraglen,mac)< 0) { | |||
5766 | if(ignore_mac_failed) { | |||
5767 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); | |||
5768 | } | |||
5769 | else{ | |||
5770 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); | |||
5771 | return -1; | |||
5772 | } | |||
5773 | } | |||
5774 | else{ | |||
5775 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); | |||
5776 | } | |||
5777 | } | |||
5778 | else if(ssl->session.version==DTLSV1DOT0_VERSION0xfeff || | |||
5779 | ssl->session.version==DTLSV1DOT2_VERSION0xfefd || | |||
5780 | ssl->session.version==DTLSV1DOT0_OPENSSL_VERSION0x100){ | |||
5781 | /* Try rfc-compliant mac first, and if failed, try old openssl's non-rfc-compliant mac */ | |||
5782 | if(dtls_check_mac(ssl,decoder,ct,mac_frag,mac_fraglen,mac,cid,cidl)>= 0) { | |||
5783 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); | |||
5784 | } | |||
5785 | else if(tls_check_mac(decoder,ct,TLSV1_VERSION0x301,mac_frag,mac_fraglen,mac)>= 0) { | |||
5786 | ssl_debug_printf("ssl_decrypt_record: dtls rfc-compliant mac failed, but old openssl's non-rfc-compliant mac ok\n"); | |||
5787 | } | |||
5788 | else if(ignore_mac_failed) { | |||
5789 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); | |||
5790 | } | |||
5791 | else{ | |||
5792 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); | |||
5793 | return -1; | |||
5794 | } | |||
5795 | } | |||
5796 | skip_mac: | |||
5797 | ||||
5798 | *outl = worklen; | |||
5799 | ||||
5800 | if (decoder->compression > 0) { | |||
5801 | ssl_debug_printf("ssl_decrypt_record: compression method %d\n", decoder->compression); | |||
5802 | ssl_data_copy(comp_str, out_str); | |||
5803 | ssl_print_data("Plaintext compressed", comp_str->data, worklen); | |||
5804 | if (!decoder->decomp) { | |||
5805 | ssl_debug_printf("decrypt_ssl3_record: no decoder available\n"); | |||
5806 | return -1; | |||
5807 | } | |||
5808 | if (ssl_decompress_record(decoder->decomp, comp_str->data, worklen, out_str, &uncomplen) < 0) return -1; | |||
5809 | ssl_print_data("Plaintext uncompressed", out_str->data, uncomplen); | |||
5810 | *outl = uncomplen; | |||
5811 | } | |||
5812 | ||||
5813 | return 0; | |||
5814 | } | |||
5815 | /* Record decryption glue based on security parameters }}} */ | |||
5816 | ||||
5817 | ||||
5818 | ||||
5819 | #ifdef HAVE_LIBGNUTLS1 | |||
5820 | ||||
5821 | /* RSA private key file processing {{{ */ | |||
5822 | static void | |||
5823 | ssl_find_private_key_by_pubkey(SslDecryptSession *ssl, | |||
5824 | gnutls_datum_t *subjectPublicKeyInfo) | |||
5825 | { | |||
5826 | gnutls_pubkey_t pubkey = NULL((void*)0); | |||
5827 | cert_key_id_t key_id; | |||
5828 | size_t key_id_len = sizeof(key_id); | |||
5829 | int r; | |||
5830 | ||||
5831 | if (!subjectPublicKeyInfo->size) { | |||
5832 | ssl_debug_printf("%s: could not find SubjectPublicKeyInfo\n", G_STRFUNC((const char*) (__func__))); | |||
5833 | return; | |||
5834 | } | |||
5835 | ||||
5836 | r = gnutls_pubkey_init(&pubkey); | |||
5837 | if (r < 0) { | |||
5838 | ssl_debug_printf("%s: failed to init pubkey: %s\n", | |||
5839 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); | |||
5840 | return; | |||
5841 | } | |||
5842 | ||||
5843 | r = gnutls_pubkey_import(pubkey, subjectPublicKeyInfo, GNUTLS_X509_FMT_DER); | |||
5844 | if (r < 0) { | |||
5845 | ssl_debug_printf("%s: failed to import pubkey from handshake: %s\n", | |||
5846 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); | |||
5847 | goto end; | |||
5848 | } | |||
5849 | ||||
5850 | if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL((void*)0)) != GNUTLS_PK_RSA) { | |||
5851 | ssl_debug_printf("%s: Not a RSA public key - ignoring.\n", G_STRFUNC((const char*) (__func__))); | |||
5852 | goto end; | |||
5853 | } | |||
5854 | ||||
5855 | /* Generate a 20-byte SHA-1 hash. */ | |||
5856 | r = gnutls_pubkey_get_key_id(pubkey, 0, key_id.key_id, &key_id_len); | |||
5857 | if (r < 0) { | |||
5858 | ssl_debug_printf("%s: failed to extract key id from pubkey: %s\n", | |||
5859 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); | |||
5860 | goto end; | |||
5861 | } | |||
5862 | ||||
5863 | if (key_id_len != sizeof(key_id)) { | |||
5864 | ssl_debug_printf("%s: expected Key ID size %zu, got %zu\n", | |||
5865 | G_STRFUNC((const char*) (__func__)), sizeof(key_id), key_id_len); | |||
5866 | goto end; | |||
5867 | } | |||
5868 | ||||
5869 | ssl_print_data("Certificate.KeyID", key_id.key_id, key_id_len); | |||
5870 | ssl->cert_key_id = wmem_new(wmem_file_scope(), cert_key_id_t)((cert_key_id_t*)wmem_alloc((wmem_file_scope()), sizeof(cert_key_id_t ))); | |||
5871 | *ssl->cert_key_id = key_id; | |||
5872 | ||||
5873 | end: | |||
5874 | gnutls_pubkey_deinit(pubkey); | |||
5875 | } | |||
5876 | ||||
5877 | /* RSA private key file processing }}} */ | |||
5878 | #endif /* HAVE_LIBGNUTLS */ | |||
5879 | ||||
5880 | /*--- Start of dissector-related code below ---*/ | |||
5881 | ||||
5882 | /* get ssl data for this session. if no ssl data is found allocate a new one*/ | |||
5883 | SslDecryptSession * | |||
5884 | ssl_get_session(conversation_t *conversation, dissector_handle_t tls_handle) | |||
5885 | { | |||
5886 | void *conv_data; | |||
5887 | SslDecryptSession *ssl_session; | |||
5888 | int proto_ssl; | |||
5889 | ||||
5890 | proto_ssl = dissector_handle_get_protocol_index(tls_handle); | |||
5891 | conv_data = conversation_get_proto_data(conversation, proto_ssl); | |||
5892 | if (conv_data != NULL((void*)0)) | |||
5893 | return (SslDecryptSession *)conv_data; | |||
5894 | ||||
5895 | /* no previous SSL conversation info, initialize it. */ | |||
5896 | ssl_session = wmem_new0(wmem_file_scope(), SslDecryptSession)((SslDecryptSession*)wmem_alloc0((wmem_file_scope()), sizeof( SslDecryptSession))); | |||
5897 | ||||
5898 | /* data_len is the part that is meaningful, not the allocated length */ | |||
5899 | ssl_session->master_secret.data_len = 0; | |||
5900 | ssl_session->master_secret.data = ssl_session->_master_secret; | |||
5901 | ssl_session->session_id.data_len = 0; | |||
5902 | ssl_session->session_id.data = ssl_session->_session_id; | |||
5903 | ssl_session->client_random.data_len = 0; | |||
5904 | ssl_session->client_random.data = ssl_session->_client_random; | |||
5905 | ssl_session->server_random.data_len = 0; | |||
5906 | ssl_session->server_random.data = ssl_session->_server_random; | |||
5907 | ssl_session->session_ticket.data_len = 0; | |||
5908 | ssl_session->session_ticket.data = NULL((void*)0); /* will be re-alloced as needed */ | |||
5909 | ssl_session->server_data_for_iv.data_len = 0; | |||
5910 | ssl_session->server_data_for_iv.data = ssl_session->_server_data_for_iv; | |||
5911 | ssl_session->client_data_for_iv.data_len = 0; | |||
5912 | ssl_session->client_data_for_iv.data = ssl_session->_client_data_for_iv; | |||
5913 | ssl_session->app_data_segment.data = NULL((void*)0); | |||
5914 | ssl_session->app_data_segment.data_len = 0; | |||
5915 | ssl_session->handshake_data.data=NULL((void*)0); | |||
5916 | ssl_session->handshake_data.data_len=0; | |||
5917 | ssl_session->ech_transcript.data=NULL((void*)0); | |||
5918 | ssl_session->ech_transcript.data_len=0; | |||
5919 | ||||
5920 | /* Initialize parameters which are not necessary specific to decryption. */ | |||
5921 | ssl_session->session.version = SSL_VER_UNKNOWN0; | |||
5922 | clear_address(&ssl_session->session.srv_addr); | |||
5923 | ssl_session->session.srv_ptype = PT_NONE; | |||
5924 | ssl_session->session.srv_port = 0; | |||
5925 | ssl_session->session.dtls13_current_epoch[0] = ssl_session->session.dtls13_current_epoch[1] = 0; | |||
5926 | ssl_session->session.dtls13_next_seq_num[0] = ssl_session->session.dtls13_next_seq_num[1] = 0; | |||
5927 | ssl_session->session.client_random.data_len = 0; | |||
5928 | ssl_session->session.client_random.data = ssl_session->session._client_random; | |||
5929 | memset(ssl_session->session.ech_confirmation, 0, sizeof(ssl_session->session.ech_confirmation)); | |||
5930 | memset(ssl_session->session.hrr_ech_confirmation, 0, sizeof(ssl_session->session.hrr_ech_confirmation)); | |||
5931 | memset(ssl_session->session.first_ech_auth_tag, 0, sizeof(ssl_session->session.first_ech_auth_tag)); | |||
5932 | ssl_session->session.ech = FALSE(0); | |||
5933 | ssl_session->session.hrr_ech_declined = FALSE(0); | |||
5934 | ssl_session->session.first_ch_ech_frame = 0; | |||
5935 | ||||
5936 | conversation_add_proto_data(conversation, proto_ssl, ssl_session); | |||
5937 | return ssl_session; | |||
5938 | } | |||
5939 | ||||
5940 | void ssl_reset_session(SslSession *session, SslDecryptSession *ssl, bool_Bool is_client) | |||
5941 | { | |||
5942 | if (ssl) { | |||
5943 | /* Ensure that secrets are not restored using stale identifiers. Split | |||
5944 | * between client and server in case the packets somehow got out of order. */ | |||
5945 | int clear_flags = SSL_HAVE_SESSION_KEY(1<<3) | SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6); | |||
5946 | ||||
5947 | if (is_client) { | |||
5948 | clear_flags |= SSL_CLIENT_EXTENDED_MASTER_SECRET(1<<7); | |||
5949 | ssl->session_id.data_len = 0; | |||
5950 | ssl->session_ticket.data_len = 0; | |||
5951 | ssl->master_secret.data_len = 0; | |||
5952 | ssl->client_random.data_len = 0; | |||
5953 | ssl->has_early_data = false0; | |||
5954 | if (ssl->handshake_data.data_len > 0) { | |||
5955 | // The EMS handshake hash starts with at the Client Hello, | |||
5956 | // ensure that any messages before it are forgotten. | |||
5957 | wmem_free(wmem_file_scope(), ssl->handshake_data.data); | |||
5958 | ssl->handshake_data.data = NULL((void*)0); | |||
5959 | ssl->handshake_data.data_len = 0; | |||
5960 | } | |||
5961 | } else { | |||
5962 | clear_flags |= SSL_SERVER_EXTENDED_MASTER_SECRET(1<<8) | SSL_NEW_SESSION_TICKET(1<<10); | |||
5963 | ssl->server_random.data_len = 0; | |||
5964 | ssl->pre_master_secret.data_len = 0; | |||
5965 | #ifdef HAVE_LIBGNUTLS1 | |||
5966 | ssl->cert_key_id = NULL((void*)0); | |||
5967 | #endif | |||
5968 | ssl->psk.data_len = 0; | |||
5969 | } | |||
5970 | ||||
5971 | if (ssl->state & clear_flags) { | |||
5972 | ssl_debug_printf("%s detected renegotiation, clearing 0x%02x (%s side)\n", | |||
5973 | G_STRFUNC((const char*) (__func__)), ssl->state & clear_flags, is_client ? "client" : "server"); | |||
5974 | ssl->state &= ~clear_flags; | |||
5975 | } | |||
5976 | } | |||
5977 | ||||
5978 | /* These flags might be used for non-decryption purposes and may affect the | |||
5979 | * dissection, so reset them as well. */ | |||
5980 | if (is_client) { | |||
5981 | session->client_cert_type = 0; | |||
5982 | } else { | |||
5983 | session->compression = 0; | |||
5984 | session->server_cert_type = 0; | |||
5985 | /* session->is_session_resumed is already handled in the ServerHello dissection. */ | |||
5986 | } | |||
5987 | session->dtls13_next_seq_num[0] = session->dtls13_next_seq_num[1] = 0; | |||
5988 | session->dtls13_current_epoch[0] = session->dtls13_current_epoch[1] = 0; | |||
5989 | } | |||
5990 | ||||
5991 | void | |||
5992 | tls_set_appdata_dissector(dissector_handle_t tls_handle, packet_info *pinfo, | |||
5993 | dissector_handle_t app_handle) | |||
5994 | { | |||
5995 | conversation_t *conversation; | |||
5996 | SslSession *session; | |||
5997 | ||||
5998 | /* Ignore if the TLS or other dissector is disabled. */ | |||
5999 | if (!tls_handle || !app_handle) | |||
6000 | return; | |||
6001 | ||||
6002 | conversation = find_or_create_conversation(pinfo); | |||
6003 | session = &ssl_get_session(conversation, tls_handle)->session; | |||
6004 | session->app_handle = app_handle; | |||
6005 | } | |||
6006 | ||||
6007 | static uint32_t | |||
6008 | ssl_starttls(dissector_handle_t tls_handle, packet_info *pinfo, | |||
6009 | dissector_handle_t app_handle, uint32_t last_nontls_frame) | |||
6010 | { | |||
6011 | conversation_t *conversation; | |||
6012 | SslSession *session; | |||
6013 | ||||
6014 | /* Ignore if the TLS dissector is disabled. */ | |||
6015 | if (!tls_handle) | |||
6016 | return 0; | |||
6017 | /* The caller should always pass a valid handle to its own dissector. */ | |||
6018 | DISSECTOR_ASSERT(app_handle)((void) ((app_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6018, "app_handle")))); | |||
6019 | ||||
6020 | conversation = find_or_create_conversation(pinfo); | |||
6021 | session = &ssl_get_session(conversation, tls_handle)->session; | |||
6022 | ||||
6023 | ssl_debug_printf("%s: old frame %d, app_handle=%p (%s)\n", G_STRFUNC((const char*) (__func__)), | |||
6024 | session->last_nontls_frame, | |||
6025 | (void *)session->app_handle, | |||
6026 | dissector_handle_get_dissector_name(session->app_handle)); | |||
6027 | ssl_debug_printf("%s: current frame %d, app_handle=%p (%s)\n", G_STRFUNC((const char*) (__func__)), | |||
6028 | pinfo->num, (void *)app_handle, | |||
6029 | dissector_handle_get_dissector_name(app_handle)); | |||
6030 | ||||
6031 | /* Do not switch again if a dissector did it before. */ | |||
6032 | if (session->last_nontls_frame) { | |||
6033 | ssl_debug_printf("%s: not overriding previous app handle!\n", G_STRFUNC((const char*) (__func__))); | |||
6034 | return session->last_nontls_frame; | |||
6035 | } | |||
6036 | ||||
6037 | session->app_handle = app_handle; | |||
6038 | /* The TLS dissector should be called first for this conversation. */ | |||
6039 | conversation_set_dissector(conversation, tls_handle); | |||
6040 | /* TLS starts after this frame. */ | |||
6041 | session->last_nontls_frame = last_nontls_frame; | |||
6042 | return 0; | |||
6043 | } | |||
6044 | ||||
6045 | /* ssl_starttls_ack: mark future frames as encrypted. */ | |||
6046 | uint32_t | |||
6047 | ssl_starttls_ack(dissector_handle_t tls_handle, packet_info *pinfo, | |||
6048 | dissector_handle_t app_handle) | |||
6049 | { | |||
6050 | return ssl_starttls(tls_handle, pinfo, app_handle, pinfo->num); | |||
6051 | } | |||
6052 | ||||
6053 | uint32_t | |||
6054 | ssl_starttls_post_ack(dissector_handle_t tls_handle, packet_info *pinfo, | |||
6055 | dissector_handle_t app_handle) | |||
6056 | { | |||
6057 | return ssl_starttls(tls_handle, pinfo, app_handle, pinfo->num - 1); | |||
6058 | } | |||
6059 | ||||
6060 | dissector_handle_t | |||
6061 | ssl_find_appdata_dissector(const char *name) | |||
6062 | { | |||
6063 | /* Accept 'http' for backwards compatibility and sanity. */ | |||
6064 | if (!strcmp(name, "http")) | |||
6065 | name = "http-over-tls"; | |||
6066 | /* XXX - Should this check to see if the dissector is actually added for | |||
6067 | * Decode As in the appropriate table? | |||
6068 | */ | |||
6069 | return find_dissector(name); | |||
6070 | } | |||
6071 | ||||
6072 | /* Functions for TLS/DTLS sessions and RSA private keys hashtables. {{{ */ | |||
6073 | static int | |||
6074 | ssl_equal (const void *v, const void *v2) | |||
6075 | { | |||
6076 | const StringInfo *val1; | |||
6077 | const StringInfo *val2; | |||
6078 | val1 = (const StringInfo *)v; | |||
6079 | val2 = (const StringInfo *)v2; | |||
6080 | ||||
6081 | if (val1->data_len == val2->data_len && | |||
6082 | !memcmp(val1->data, val2->data, val2->data_len)) { | |||
6083 | return 1; | |||
6084 | } | |||
6085 | return 0; | |||
6086 | } | |||
6087 | ||||
6088 | static unsigned | |||
6089 | ssl_hash (const void *v) | |||
6090 | { | |||
6091 | unsigned l,hash; | |||
6092 | const StringInfo* id; | |||
6093 | const unsigned* cur; | |||
6094 | hash = 0; | |||
6095 | id = (const StringInfo*) v; | |||
6096 | ||||
6097 | /* id and id->data are mallocated in ssl_save_master_key(). As such 'data' | |||
6098 | * should be aligned for any kind of access (for example as a unsigned as | |||
6099 | * is done below). The intermediate void* cast is to prevent "cast | |||
6100 | * increases required alignment of target type" warnings on CPUs (such | |||
6101 | * as SPARCs) that do not allow misaligned memory accesses. | |||
6102 | */ | |||
6103 | cur = (const unsigned*)(void*) id->data; | |||
6104 | ||||
6105 | for (l=4; (l < id->data_len); l+=4, cur++) | |||
6106 | hash = hash ^ (*cur); | |||
6107 | ||||
6108 | return hash; | |||
6109 | } | |||
6110 | /* Functions for TLS/DTLS sessions and RSA private keys hashtables. }}} */ | |||
6111 | ||||
6112 | /* Handling of association between tls/dtls ports and clear text protocol. {{{ */ | |||
6113 | void | |||
6114 | ssl_association_add(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, unsigned port, bool_Bool tcp) | |||
6115 | { | |||
6116 | DISSECTOR_ASSERT(main_handle)((void) ((main_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6116, "main_handle")))); | |||
6117 | DISSECTOR_ASSERT(subdissector_handle)((void) ((subdissector_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6117, "subdissector_handle")))); | |||
6118 | /* Registration is required for Export PDU feature to work properly. */ | |||
6119 | DISSECTOR_ASSERT_HINT(dissector_handle_get_dissector_name(subdissector_handle),((void) ((dissector_handle_get_dissector_name(subdissector_handle )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\" (%s)" , "epan/dissectors/packet-tls-utils.c", 6120, "dissector_handle_get_dissector_name(subdissector_handle)" , "SSL appdata dissectors must register with register_dissector()!" )))) | |||
6120 | "SSL appdata dissectors must register with register_dissector()!")((void) ((dissector_handle_get_dissector_name(subdissector_handle )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\" (%s)" , "epan/dissectors/packet-tls-utils.c", 6120, "dissector_handle_get_dissector_name(subdissector_handle)" , "SSL appdata dissectors must register with register_dissector()!" )))); | |||
6121 | ssl_debug_printf("association_add %s port %d handle %p\n", dissector_table_name, port, (void *)subdissector_handle); | |||
6122 | ||||
6123 | if (port) { | |||
6124 | dissector_add_uint(dissector_table_name, port, subdissector_handle); | |||
6125 | if (tcp) | |||
6126 | dissector_add_uint("tcp.port", port, main_handle); | |||
6127 | else | |||
6128 | dissector_add_uint("udp.port", port, main_handle); | |||
6129 | dissector_add_uint("sctp.port", port, main_handle); | |||
6130 | } else { | |||
6131 | dissector_add_for_decode_as(dissector_table_name, subdissector_handle); | |||
6132 | } | |||
6133 | } | |||
6134 | ||||
6135 | void | |||
6136 | ssl_association_remove(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, unsigned port, bool_Bool tcp) | |||
6137 | { | |||
6138 | ssl_debug_printf("ssl_association_remove removing %s %u - handle %p\n", | |||
6139 | tcp?"TCP":"UDP", port, (void *)subdissector_handle); | |||
6140 | if (main_handle) { | |||
6141 | dissector_delete_uint(tcp?"tcp.port":"udp.port", port, main_handle); | |||
6142 | dissector_delete_uint("sctp.port", port, main_handle); | |||
6143 | } | |||
6144 | ||||
6145 | if (port) { | |||
6146 | dissector_delete_uint(dissector_table_name, port, subdissector_handle); | |||
6147 | } | |||
6148 | } | |||
6149 | ||||
6150 | void | |||
6151 | ssl_set_server(SslSession *session, address *addr, port_type ptype, uint32_t port) | |||
6152 | { | |||
6153 | copy_address_wmem(wmem_file_scope(), &session->srv_addr, addr); | |||
6154 | session->srv_ptype = ptype; | |||
6155 | session->srv_port = port; | |||
6156 | } | |||
6157 | ||||
6158 | int | |||
6159 | ssl_packet_from_server(SslSession *session, dissector_table_t table, const packet_info *pinfo) | |||
6160 | { | |||
6161 | int ret; | |||
6162 | if (session && session->srv_addr.type != AT_NONE) { | |||
6163 | ret = (session->srv_ptype == pinfo->ptype) && | |||
6164 | (session->srv_port == pinfo->srcport) && | |||
6165 | addresses_equal(&session->srv_addr, &pinfo->src); | |||
6166 | } else { | |||
6167 | ret = (dissector_get_uint_handle(table, pinfo->srcport) != 0); | |||
6168 | } | |||
6169 | ||||
6170 | ssl_debug_printf("packet_from_server: is from server - %s\n", (ret)?"TRUE":"FALSE"); | |||
6171 | return ret; | |||
6172 | } | |||
6173 | /* Handling of association between tls/dtls ports and clear text protocol. }}} */ | |||
6174 | ||||
6175 | ||||
6176 | /* Links SSL records with the real packet data. {{{ */ | |||
6177 | SslPacketInfo * | |||
6178 | tls_add_packet_info(int proto, packet_info *pinfo, uint8_t curr_layer_num_ssl) | |||
6179 | { | |||
6180 | SslPacketInfo *pi = (SslPacketInfo *)p_get_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl); | |||
6181 | if (!pi) { | |||
6182 | pi = wmem_new0(wmem_file_scope(), SslPacketInfo)((SslPacketInfo*)wmem_alloc0((wmem_file_scope()), sizeof(SslPacketInfo ))); | |||
6183 | pi->srcport = pinfo->srcport; | |||
6184 | pi->destport = pinfo->destport; | |||
6185 | p_add_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl, pi); | |||
6186 | } | |||
6187 | ||||
6188 | return pi; | |||
6189 | } | |||
6190 | ||||
6191 | /** | |||
6192 | * Remembers the decrypted TLS record fragment (TLSInnerPlaintext in TLS 1.3) to | |||
6193 | * avoid the need for a decoder in the second pass. Additionally, it remembers | |||
6194 | * sequence numbers (for reassembly and Follow TLS Stream). | |||
6195 | * | |||
6196 | * @param proto The protocol identifier (proto_ssl or proto_dtls). | |||
6197 | * @param pinfo The packet where the record originates from. | |||
6198 | * @param data Decrypted data to store in the record. | |||
6199 | * @param data_len Length of decrypted record data. | |||
6200 | * @param record_id The identifier for this record within the current packet. | |||
6201 | * @param flow Information about sequence numbers, etc. | |||
6202 | * @param type TLS Content Type (such as handshake or application_data). | |||
6203 | * @param curr_layer_num_ssl The layer identifier for this TLS session. | |||
6204 | */ | |||
6205 | void | |||
6206 | ssl_add_record_info(int proto, packet_info *pinfo, const unsigned char *data, int data_len, int record_id, SslFlow *flow, ContentType type, uint8_t curr_layer_num_ssl) | |||
6207 | { | |||
6208 | SslRecordInfo* rec, **prec; | |||
6209 | SslPacketInfo *pi = tls_add_packet_info(proto, pinfo, curr_layer_num_ssl); | |||
6210 | ||||
6211 | rec = wmem_new(wmem_file_scope(), SslRecordInfo)((SslRecordInfo*)wmem_alloc((wmem_file_scope()), sizeof(SslRecordInfo ))); | |||
6212 | rec->plain_data = (unsigned char *)wmem_memdup(wmem_file_scope(), data, data_len); | |||
6213 | rec->data_len = data_len; | |||
6214 | rec->id = record_id; | |||
6215 | rec->type = type; | |||
6216 | rec->next = NULL((void*)0); | |||
6217 | ||||
6218 | if (flow && type == SSL_ID_APP_DATA) { | |||
6219 | rec->seq = flow->byte_seq; | |||
6220 | rec->flow = flow; | |||
6221 | flow->byte_seq += data_len; | |||
6222 | ssl_debug_printf("%s stored decrypted record seq=%d nxtseq=%d flow=%p\n", | |||
6223 | G_STRFUNC((const char*) (__func__)), rec->seq, rec->seq + data_len, (void*)flow); | |||
6224 | } | |||
6225 | ||||
6226 | /* Remember decrypted records. */ | |||
6227 | prec = &pi->records; | |||
6228 | while (*prec) prec = &(*prec)->next; | |||
6229 | *prec = rec; | |||
6230 | } | |||
6231 | ||||
6232 | /* search in packet data for the specified id; return a newly created tvb for the associated data */ | |||
6233 | tvbuff_t* | |||
6234 | ssl_get_record_info(tvbuff_t *parent_tvb, int proto, packet_info *pinfo, int record_id, uint8_t curr_layer_num_ssl, SslRecordInfo **matched_record) | |||
6235 | { | |||
6236 | SslRecordInfo* rec; | |||
6237 | SslPacketInfo* pi; | |||
6238 | pi = (SslPacketInfo *)p_get_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl); | |||
6239 | ||||
6240 | if (!pi) | |||
6241 | return NULL((void*)0); | |||
6242 | ||||
6243 | for (rec = pi->records; rec; rec = rec->next) | |||
6244 | if (rec->id == record_id) { | |||
6245 | *matched_record = rec; | |||
6246 | /* link new real_data_tvb with a parent tvb so it is freed when frame dissection is complete */ | |||
6247 | return tvb_new_child_real_data(parent_tvb, rec->plain_data, rec->data_len, rec->data_len); | |||
6248 | } | |||
6249 | ||||
6250 | return NULL((void*)0); | |||
6251 | } | |||
6252 | /* Links SSL records with the real packet data. }}} */ | |||
6253 | ||||
6254 | /* initialize/reset per capture state data (ssl sessions cache). {{{ */ | |||
6255 | void | |||
6256 | ssl_common_init(ssl_master_key_map_t *mk_map, | |||
6257 | StringInfo *decrypted_data, StringInfo *compressed_data) | |||
6258 | { | |||
6259 | mk_map->session = g_hash_table_new(ssl_hash, ssl_equal); | |||
6260 | mk_map->tickets = g_hash_table_new(ssl_hash, ssl_equal); | |||
6261 | mk_map->crandom = g_hash_table_new(ssl_hash, ssl_equal); | |||
6262 | mk_map->pre_master = g_hash_table_new(ssl_hash, ssl_equal); | |||
6263 | mk_map->pms = g_hash_table_new(ssl_hash, ssl_equal); | |||
6264 | mk_map->tls13_client_early = g_hash_table_new(ssl_hash, ssl_equal); | |||
6265 | mk_map->tls13_client_handshake = g_hash_table_new(ssl_hash, ssl_equal); | |||
6266 | mk_map->tls13_server_handshake = g_hash_table_new(ssl_hash, ssl_equal); | |||
6267 | mk_map->tls13_client_appdata = g_hash_table_new(ssl_hash, ssl_equal); | |||
6268 | mk_map->tls13_server_appdata = g_hash_table_new(ssl_hash, ssl_equal); | |||
6269 | mk_map->tls13_early_exporter = g_hash_table_new(ssl_hash, ssl_equal); | |||
6270 | mk_map->tls13_exporter = g_hash_table_new(ssl_hash, ssl_equal); | |||
6271 | ||||
6272 | mk_map->ech_secret = g_hash_table_new(ssl_hash, ssl_equal); | |||
6273 | mk_map->ech_config = g_hash_table_new(ssl_hash, ssl_equal); | |||
6274 | ||||
6275 | mk_map->used_crandom = g_hash_table_new(ssl_hash, ssl_equal); | |||
6276 | ||||
6277 | ssl_data_alloc(decrypted_data, 32); | |||
6278 | ssl_data_alloc(compressed_data, 32); | |||
6279 | } | |||
6280 | ||||
6281 | void | |||
6282 | ssl_common_cleanup(ssl_master_key_map_t *mk_map, FILE **ssl_keylog_file, | |||
6283 | StringInfo *decrypted_data, StringInfo *compressed_data) | |||
6284 | { | |||
6285 | g_hash_table_destroy(mk_map->session); | |||
6286 | g_hash_table_destroy(mk_map->tickets); | |||
6287 | g_hash_table_destroy(mk_map->crandom); | |||
6288 | g_hash_table_destroy(mk_map->pre_master); | |||
6289 | g_hash_table_destroy(mk_map->pms); | |||
6290 | g_hash_table_destroy(mk_map->tls13_client_early); | |||
6291 | g_hash_table_destroy(mk_map->tls13_client_handshake); | |||
6292 | g_hash_table_destroy(mk_map->tls13_server_handshake); | |||
6293 | g_hash_table_destroy(mk_map->tls13_client_appdata); | |||
6294 | g_hash_table_destroy(mk_map->tls13_server_appdata); | |||
6295 | g_hash_table_destroy(mk_map->tls13_early_exporter); | |||
6296 | g_hash_table_destroy(mk_map->tls13_exporter); | |||
6297 | ||||
6298 | g_hash_table_destroy(mk_map->ech_secret); | |||
6299 | g_hash_table_destroy(mk_map->ech_config); | |||
6300 | ||||
6301 | g_hash_table_destroy(mk_map->used_crandom); | |||
6302 | ||||
6303 | g_free(decrypted_data->data); | |||
6304 | g_free(compressed_data->data); | |||
6305 | ||||
6306 | /* close the previous keylog file now that the cache are cleared, this | |||
6307 | * allows the cache to be filled with the full keylog file contents. */ | |||
6308 | if (*ssl_keylog_file) { | |||
6309 | fclose(*ssl_keylog_file); | |||
6310 | *ssl_keylog_file = NULL((void*)0); | |||
6311 | } | |||
6312 | } | |||
6313 | /* }}} */ | |||
6314 | ||||
6315 | /* parse ssl related preferences (private keys and ports association strings) */ | |||
6316 | #if defined(HAVE_LIBGNUTLS1) | |||
6317 | /* Load a single RSA key file item from preferences. {{{ */ | |||
6318 | void | |||
6319 | ssl_parse_key_list(const ssldecrypt_assoc_t *uats, GHashTable *key_hash, const char* dissector_table_name, dissector_handle_t main_handle, bool_Bool tcp) | |||
6320 | { | |||
6321 | gnutls_x509_privkey_t x509_priv_key; | |||
6322 | gnutls_privkey_t priv_key = NULL((void*)0); | |||
6323 | FILE* fp = NULL((void*)0); | |||
6324 | int ret; | |||
6325 | size_t key_id_len = 20; | |||
6326 | unsigned char *key_id = NULL((void*)0); | |||
6327 | char *err = NULL((void*)0); | |||
6328 | dissector_handle_t handle; | |||
6329 | /* try to load keys file first */ | |||
6330 | fp = ws_fopenfopen(uats->keyfile, "rb"); | |||
6331 | if (!fp) { | |||
6332 | report_open_failure(uats->keyfile, errno(*__errno_location ()), false0); | |||
6333 | return; | |||
6334 | } | |||
6335 | ||||
6336 | if ((int)strlen(uats->password) == 0) { | |||
6337 | x509_priv_key = rsa_load_pem_key(fp, &err); | |||
6338 | } else { | |||
6339 | x509_priv_key = rsa_load_pkcs12(fp, uats->password, &err); | |||
6340 | } | |||
6341 | fclose(fp); | |||
6342 | ||||
6343 | if (!x509_priv_key) { | |||
6344 | if (err) { | |||
6345 | report_failure("Can't load private key from %s: %s", | |||
6346 | uats->keyfile, err); | |||
6347 | g_free(err); | |||
6348 | } else | |||
6349 | report_failure("Can't load private key from %s: unknown error", | |||
6350 | uats->keyfile); | |||
6351 | return; | |||
6352 | } | |||
6353 | if (err) { | |||
6354 | report_failure("Load of private key from %s \"succeeded\" with error %s", | |||
6355 | uats->keyfile, err); | |||
6356 | g_free(err); | |||
6357 | } | |||
6358 | ||||
6359 | gnutls_privkey_init(&priv_key); | |||
6360 | ret = gnutls_privkey_import_x509(priv_key, x509_priv_key, | |||
6361 | GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE|GNUTLS_PRIVKEY_IMPORT_COPY); | |||
6362 | if (ret < 0) { | |||
6363 | report_failure("Can't convert private key %s: %s", | |||
6364 | uats->keyfile, gnutls_strerror(ret)); | |||
6365 | goto end; | |||
6366 | } | |||
6367 | ||||
6368 | key_id = (unsigned char *) g_malloc0(key_id_len); | |||
6369 | ret = gnutls_x509_privkey_get_key_id(x509_priv_key, 0, key_id, &key_id_len); | |||
6370 | if (ret < 0) { | |||
6371 | report_failure("Can't calculate public key ID for %s: %s", | |||
6372 | uats->keyfile, gnutls_strerror(ret)); | |||
6373 | goto end; | |||
6374 | } | |||
6375 | ssl_print_data("KeyID", key_id, key_id_len); | |||
6376 | if (key_id_len != 20) { | |||
6377 | report_failure("Expected Key ID size %u for %s, got %zu", 20, | |||
6378 | uats->keyfile, key_id_len); | |||
6379 | goto end; | |||
6380 | } | |||
6381 | ||||
6382 | g_hash_table_replace(key_hash, key_id, priv_key); | |||
6383 | key_id = NULL((void*)0); /* used in key_hash, do not free. */ | |||
6384 | priv_key = NULL((void*)0); | |||
6385 | ssl_debug_printf("ssl_init private key file %s successfully loaded.\n", uats->keyfile); | |||
6386 | ||||
6387 | handle = ssl_find_appdata_dissector(uats->protocol); | |||
6388 | if (handle) { | |||
6389 | /* Port to subprotocol mapping */ | |||
6390 | uint16_t port = 0; | |||
6391 | if (ws_strtou16(uats->port, NULL((void*)0), &port)) { | |||
6392 | if (port > 0) { | |||
6393 | ssl_debug_printf("ssl_init port '%d' filename '%s' password(only for p12 file) '%s'\n", | |||
6394 | port, uats->keyfile, uats->password); | |||
6395 | ||||
6396 | ssl_association_add(dissector_table_name, main_handle, handle, port, tcp); | |||
6397 | } | |||
6398 | } else { | |||
6399 | if (strcmp(uats->port, "start_tls")) | |||
6400 | ssl_debug_printf("invalid ssl_init_port: %s\n", uats->port); | |||
6401 | } | |||
6402 | } | |||
6403 | ||||
6404 | end: | |||
6405 | gnutls_x509_privkey_deinit(x509_priv_key); | |||
6406 | gnutls_privkey_deinit(priv_key); | |||
6407 | g_free(key_id); | |||
6408 | } | |||
6409 | /* }}} */ | |||
6410 | #endif | |||
6411 | ||||
6412 | ||||
6413 | /* Store/load a known (pre-)master secret from/for this SSL session. {{{ */ | |||
6414 | /** store a known (pre-)master secret into cache */ | |||
6415 | static void | |||
6416 | ssl_save_master_key(const char *label, GHashTable *ht, StringInfo *key, | |||
6417 | StringInfo *mk) | |||
6418 | { | |||
6419 | StringInfo *ht_key, *master_secret; | |||
6420 | ||||
6421 | if (key->data_len == 0) { | |||
6422 | ssl_debug_printf("%s: not saving empty %s!\n", G_STRFUNC((const char*) (__func__)), label); | |||
6423 | return; | |||
6424 | } | |||
6425 | ||||
6426 | if (mk->data_len == 0) { | |||
6427 | ssl_debug_printf("%s not saving empty (pre-)master secret for %s!\n", | |||
6428 | G_STRFUNC((const char*) (__func__)), label); | |||
6429 | return; | |||
6430 | } | |||
6431 | ||||
6432 | /* ssl_hash() depends on session_ticket->data being aligned for unsigned access | |||
6433 | * so be careful in changing how it is allocated. */ | |||
6434 | ht_key = ssl_data_clone(key); | |||
6435 | master_secret = ssl_data_clone(mk); | |||
6436 | g_hash_table_insert(ht, ht_key, master_secret); | |||
6437 | ||||
6438 | ssl_debug_printf("%s inserted (pre-)master secret for %s\n", G_STRFUNC((const char*) (__func__)), label); | |||
6439 | ssl_print_string("stored key", ht_key); | |||
6440 | ssl_print_string("stored (pre-)master secret", master_secret); | |||
6441 | } | |||
6442 | ||||
6443 | /** restore a (pre-)master secret given some key in the cache */ | |||
6444 | static bool_Bool | |||
6445 | ssl_restore_master_key(SslDecryptSession *ssl, const char *label, | |||
6446 | bool_Bool is_pre_master, GHashTable *ht, StringInfo *key) | |||
6447 | { | |||
6448 | StringInfo *ms; | |||
6449 | ||||
6450 | if (key->data_len == 0) { | |||
6451 | ssl_debug_printf("%s can't restore %smaster secret using an empty %s\n", | |||
6452 | G_STRFUNC((const char*) (__func__)), is_pre_master ? "pre-" : "", label); | |||
6453 | return false0; | |||
6454 | } | |||
6455 | ||||
6456 | ms = (StringInfo *)g_hash_table_lookup(ht, key); | |||
6457 | if (!ms) { | |||
6458 | ssl_debug_printf("%s can't find %smaster secret by %s\n", G_STRFUNC((const char*) (__func__)), | |||
6459 | is_pre_master ? "pre-" : "", label); | |||
6460 | return false0; | |||
6461 | } | |||
6462 | ||||
6463 | /* (pre)master secret found, clear knowledge of other keys and set it in the | |||
6464 | * current conversation */ | |||
6465 | ssl->state &= ~(SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6) | | |||
6466 | SSL_HAVE_SESSION_KEY(1<<3)); | |||
6467 | if (is_pre_master) { | |||
6468 | /* unlike master secret, pre-master secret has a variable size (48 for | |||
6469 | * RSA, varying for PSK) and is therefore not statically allocated */ | |||
6470 | ssl->pre_master_secret.data = (unsigned char *) wmem_alloc(wmem_file_scope(), | |||
6471 | ms->data_len); | |||
6472 | ssl_data_set(&ssl->pre_master_secret, ms->data, ms->data_len); | |||
6473 | ssl->state |= SSL_PRE_MASTER_SECRET(1<<6); | |||
6474 | } else { | |||
6475 | ssl_data_set(&ssl->master_secret, ms->data, ms->data_len); | |||
6476 | ssl->state |= SSL_MASTER_SECRET(1<<5); | |||
6477 | } | |||
6478 | ssl_debug_printf("%s %smaster secret retrieved using %s\n", G_STRFUNC((const char*) (__func__)), | |||
6479 | is_pre_master ? "pre-" : "", label); | |||
6480 | ssl_print_string(label, key); | |||
6481 | ssl_print_string("(pre-)master secret", ms); | |||
6482 | return true1; | |||
6483 | } | |||
6484 | /* Store/load a known (pre-)master secret from/for this SSL session. }}} */ | |||
6485 | ||||
6486 | /* Should be called when all parameters are ready (after ChangeCipherSpec), and | |||
6487 | * the decoder should be attempted to be initialized. {{{*/ | |||
6488 | void | |||
6489 | ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map) | |||
6490 | { | |||
6491 | if (ssl->session.version == TLSV1DOT3_VERSION0x304) { | |||
| ||||
6492 | /* TLS 1.3 implementations only provide secrets derived from the master | |||
6493 | * secret which are loaded in tls13_change_key. No master secrets can be | |||
6494 | * loaded here, so just return. */ | |||
6495 | return; | |||
6496 | } | |||
6497 | ssl_debug_printf("%s state = 0x%02X\n", G_STRFUNC((const char*) (__func__)), ssl->state); | |||
6498 | if (ssl->state & SSL_HAVE_SESSION_KEY(1<<3)) { | |||
6499 | ssl_debug_printf(" session key already available, nothing to do.\n"); | |||
6500 | return; | |||
6501 | } | |||
6502 | if (!(ssl->state & SSL_CIPHER(1<<2))) { | |||
6503 | ssl_debug_printf(" Cipher suite (Server Hello) is missing!\n"); | |||
6504 | return; | |||
6505 | } | |||
6506 | ||||
6507 | /* for decryption, there needs to be a master secret (which can be derived | |||
6508 | * from pre-master secret). If missing, try to pick a master key from cache | |||
6509 | * (an earlier packet in the capture or key logfile). */ | |||
6510 | if (!(ssl->state & (SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6))) && | |||
6511 | !ssl_restore_master_key(ssl, "Session ID", false0, | |||
6512 | mk_map->session, &ssl->session_id) && | |||
6513 | (!ssl->session.is_session_resumed || | |||
6514 | !ssl_restore_master_key(ssl, "Session Ticket", false0, | |||
6515 | mk_map->tickets, &ssl->session_ticket)) && | |||
6516 | !ssl_restore_master_key(ssl, "Client Random", false0, | |||
6517 | mk_map->crandom, &ssl->client_random)) { | |||
6518 | if (ssl->cipher_suite->enc != ENC_NULL0x3D) { | |||
6519 | /* how unfortunate, the master secret could not be found */ | |||
6520 | ssl_debug_printf(" Cannot find master secret\n"); | |||
6521 | return; | |||
6522 | } else { | |||
6523 | ssl_debug_printf(" Cannot find master secret, continuing anyway " | |||
6524 | "because of a NULL cipher\n"); | |||
6525 | } | |||
6526 | } | |||
6527 | ||||
6528 | if (ssl_generate_keyring_material(ssl) < 0) { | |||
6529 | ssl_debug_printf("%s can't generate keyring material\n", G_STRFUNC((const char*) (__func__))); | |||
6530 | return; | |||
6531 | } | |||
6532 | /* Save Client Random/ Session ID for "SSL Export Session keys" */ | |||
6533 | ssl_save_master_key("Client Random", mk_map->crandom, | |||
6534 | &ssl->client_random, &ssl->master_secret); | |||
6535 | ssl_save_master_key("Session ID", mk_map->session, | |||
6536 | &ssl->session_id, &ssl->master_secret); | |||
6537 | /* Only save the new secrets if the server sent the ticket. The client | |||
6538 | * ticket might have become stale. */ | |||
6539 | if (ssl->state & SSL_NEW_SESSION_TICKET(1<<10)) { | |||
6540 | ssl_save_master_key("Session Ticket", mk_map->tickets, | |||
6541 | &ssl->session_ticket, &ssl->master_secret); | |||
6542 | } | |||
6543 | } /* }}} */ | |||
6544 | ||||
6545 | /* Load the traffic key secret from the keylog file. */ | |||
6546 | StringInfo * | |||
6547 | tls13_load_secret(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, | |||
6548 | bool_Bool is_from_server, TLSRecordType type) | |||
6549 | { | |||
6550 | GHashTable *key_map; | |||
6551 | const char *label; | |||
6552 | ||||
6553 | if (ssl->session.version != TLSV1DOT3_VERSION0x304 && ssl->session.version != DTLSV1DOT3_VERSION0xfefc) { | |||
6554 | ssl_debug_printf("%s TLS version %#x is not 1.3\n", G_STRFUNC((const char*) (__func__)), ssl->session.version); | |||
6555 | return NULL((void*)0); | |||
6556 | } | |||
6557 | ||||
6558 | if (ssl->client_random.data_len == 0) { | |||
6559 | /* May happen if Hello message is missing and Finished is found. */ | |||
6560 | ssl_debug_printf("%s missing Client Random\n", G_STRFUNC((const char*) (__func__))); | |||
6561 | return NULL((void*)0); | |||
6562 | } | |||
6563 | ||||
6564 | switch (type) { | |||
6565 | case TLS_SECRET_0RTT_APP: | |||
6566 | DISSECTOR_ASSERT(!is_from_server)((void) ((!is_from_server) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6566, "!is_from_server")))); | |||
6567 | label = "CLIENT_EARLY_TRAFFIC_SECRET"; | |||
6568 | key_map = mk_map->tls13_client_early; | |||
6569 | break; | |||
6570 | case TLS_SECRET_HANDSHAKE: | |||
6571 | if (is_from_server) { | |||
6572 | label = "SERVER_HANDSHAKE_TRAFFIC_SECRET"; | |||
6573 | key_map = mk_map->tls13_server_handshake; | |||
6574 | } else { | |||
6575 | label = "CLIENT_HANDSHAKE_TRAFFIC_SECRET"; | |||
6576 | key_map = mk_map->tls13_client_handshake; | |||
6577 | } | |||
6578 | break; | |||
6579 | case TLS_SECRET_APP: | |||
6580 | if (is_from_server) { | |||
6581 | label = "SERVER_TRAFFIC_SECRET_0"; | |||
6582 | key_map = mk_map->tls13_server_appdata; | |||
6583 | } else { | |||
6584 | label = "CLIENT_TRAFFIC_SECRET_0"; | |||
6585 | key_map = mk_map->tls13_client_appdata; | |||
6586 | } | |||
6587 | break; | |||
6588 | default: | |||
6589 | ws_assert_not_reached()ws_log_fatal_full("", LOG_LEVEL_ERROR, "epan/dissectors/packet-tls-utils.c" , 6589, __func__, "assertion \"not reached\" failed"); | |||
6590 | } | |||
6591 | ||||
6592 | /* Transitioning to new keys, mark old ones as unusable. */ | |||
6593 | ssl_debug_printf("%s transitioning to new key, old state 0x%02x\n", G_STRFUNC((const char*) (__func__)), ssl->state); | |||
6594 | ssl->state &= ~(SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6) | SSL_HAVE_SESSION_KEY(1<<3)); | |||
6595 | ||||
6596 | StringInfo *secret = (StringInfo *)g_hash_table_lookup(key_map, &ssl->client_random); | |||
6597 | if (!secret) { | |||
6598 | ssl_debug_printf("%s Cannot find %s, decryption impossible\n", G_STRFUNC((const char*) (__func__)), label); | |||
6599 | /* Disable decryption, the keys are invalid. */ | |||
6600 | if (is_from_server) { | |||
6601 | ssl->server = NULL((void*)0); | |||
6602 | } else { | |||
6603 | ssl->client = NULL((void*)0); | |||
6604 | } | |||
6605 | return NULL((void*)0); | |||
6606 | } | |||
6607 | ||||
6608 | /* TLS 1.3 secret found, set new keys. */ | |||
6609 | ssl_debug_printf("%s Retrieved TLS 1.3 traffic secret.\n", G_STRFUNC((const char*) (__func__))); | |||
6610 | ssl_print_string("Client Random", &ssl->client_random); | |||
6611 | ssl_print_string(label, secret); | |||
6612 | return secret; | |||
6613 | } | |||
6614 | ||||
6615 | /* Load the new key. */ | |||
6616 | void | |||
6617 | tls13_change_key(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, | |||
6618 | bool_Bool is_from_server, TLSRecordType type) | |||
6619 | { | |||
6620 | if (ssl->state & SSL_QUIC_RECORD_LAYER(1<<13)) { | |||
6621 | /* | |||
6622 | * QUIC does not use the TLS record layer for message protection. | |||
6623 | * The required keys will be extracted later by QUIC. | |||
6624 | */ | |||
6625 | return; | |||
6626 | } | |||
6627 | ||||
6628 | StringInfo *secret = tls13_load_secret(ssl, mk_map, is_from_server, type); | |||
6629 | if (!secret) { | |||
6630 | return; | |||
6631 | } | |||
6632 | ||||
6633 | if (tls13_generate_keys(ssl, secret, is_from_server)) { | |||
6634 | /* | |||
6635 | * Remember the application traffic secret to support Key Update. The | |||
6636 | * other secrets cannot be used for this purpose, so free them. | |||
6637 | */ | |||
6638 | SslDecoder *decoder = is_from_server ? ssl->server : ssl->client; | |||
6639 | StringInfo *app_secret = &decoder->app_traffic_secret; | |||
6640 | if (type == TLS_SECRET_APP) { | |||
6641 | app_secret->data = (unsigned char *) wmem_realloc(wmem_file_scope(), | |||
6642 | app_secret->data, | |||
6643 | secret->data_len); | |||
6644 | ssl_data_set(app_secret, secret->data, secret->data_len); | |||
6645 | } else { | |||
6646 | wmem_free(wmem_file_scope(), app_secret->data); | |||
6647 | app_secret->data = NULL((void*)0); | |||
6648 | app_secret->data_len = 0; | |||
6649 | } | |||
6650 | } | |||
6651 | } | |||
6652 | ||||
6653 | /** | |||
6654 | * Update to next application data traffic secret for TLS 1.3. The previous | |||
6655 | * secret should have been set by tls13_change_key. | |||
6656 | */ | |||
6657 | void | |||
6658 | tls13_key_update(SslDecryptSession *ssl, bool_Bool is_from_server) | |||
6659 | { | |||
6660 | /* RFC 8446 Section 7.2: | |||
6661 | * application_traffic_secret_N+1 = | |||
6662 | * HKDF-Expand-Label(application_traffic_secret_N, | |||
6663 | * "traffic upd", "", Hash.length) | |||
6664 | * | |||
6665 | * Both application_traffic_secret_N are of the same length (Hash.length). | |||
6666 | */ | |||
6667 | const SslCipherSuite *cipher_suite = ssl->cipher_suite; | |||
6668 | SslDecoder *decoder = is_from_server ? ssl->server : ssl->client; | |||
6669 | StringInfo *app_secret = decoder ? &decoder->app_traffic_secret : NULL((void*)0); | |||
6670 | uint8_t tls13_draft_version = ssl->session.tls13_draft_version; | |||
6671 | ||||
6672 | if (!cipher_suite || !app_secret || app_secret->data_len == 0) { | |||
6673 | ssl_debug_printf("%s Cannot perform Key Update due to missing info\n", G_STRFUNC((const char*) (__func__))); | |||
6674 | return; | |||
6675 | } | |||
6676 | ||||
6677 | /* | |||
6678 | * Previous traffic secret is available, so find the hash function, | |||
6679 | * expand the new traffic secret and generate new keys. | |||
6680 | */ | |||
6681 | const char *hash_name = ssl_cipher_suite_dig(cipher_suite)->name; | |||
6682 | int hash_algo = ssl_get_digest_by_name(hash_name); | |||
6683 | const unsigned hash_len = app_secret->data_len; | |||
6684 | unsigned char *new_secret; | |||
6685 | const char *label = "traffic upd"; | |||
6686 | if (tls13_draft_version && tls13_draft_version < 20) { | |||
6687 | label = "application traffic secret"; | |||
6688 | } | |||
6689 | if (!tls13_hkdf_expand_label(hash_algo, app_secret, | |||
6690 | tls13_hkdf_label_prefix(ssl), | |||
6691 | label, hash_len, &new_secret)) { | |||
6692 | ssl_debug_printf("%s traffic_secret_N+1 expansion failed\n", G_STRFUNC((const char*) (__func__))); | |||
6693 | return; | |||
6694 | } | |||
6695 | ssl_data_set(app_secret, new_secret, hash_len); | |||
6696 | if (tls13_generate_keys(ssl, app_secret, is_from_server)) { | |||
6697 | /* | |||
6698 | * Remember the application traffic secret on the new decoder to | |||
6699 | * support another Key Update. | |||
6700 | */ | |||
6701 | decoder = is_from_server ? ssl->server : ssl->client; | |||
6702 | app_secret = &decoder->app_traffic_secret; | |||
6703 | app_secret->data = (unsigned char *) wmem_realloc(wmem_file_scope(), | |||
6704 | app_secret->data, | |||
6705 | hash_len); | |||
6706 | ssl_data_set(app_secret, new_secret, hash_len); | |||
6707 | } | |||
6708 | wmem_free(NULL((void*)0), new_secret); | |||
6709 | } | |||
6710 | ||||
6711 | void | |||
6712 | tls_save_crandom(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map) | |||
6713 | { | |||
6714 | if (ssl && (ssl->state & SSL_CLIENT_RANDOM(1<<0))) { | |||
6715 | g_hash_table_add(mk_map->used_crandom, &ssl->client_random); | |||
6716 | } | |||
6717 | } | |||
6718 | ||||
6719 | /** SSL keylog file handling. {{{ */ | |||
6720 | ||||
6721 | static GRegex * | |||
6722 | ssl_compile_keyfile_regex(void) | |||
6723 | { | |||
6724 | #define OCTET "(?:[[:xdigit:]]{2})" | |||
6725 | const char *pattern = | |||
6726 | "(?:" | |||
6727 | /* Matches Client Hellos having this Client Random */ | |||
6728 | "PMS_CLIENT_RANDOM (?<client_random_pms>" OCTET "{32}) " | |||
6729 | /* Matches first part of encrypted RSA pre-master secret */ | |||
6730 | "|RSA (?<encrypted_pmk>" OCTET "{8}) " | |||
6731 | /* Pre-Master-Secret is given, it is 48 bytes for RSA, | |||
6732 | but it can be of any length for DHE */ | |||
6733 | ")(?<pms>" OCTET "+)" | |||
6734 | "|(?:" | |||
6735 | /* Matches Server Hellos having a Session ID */ | |||
6736 | "RSA Session-ID:(?<session_id>" OCTET "+) Master-Key:" | |||
6737 | /* Matches Client Hellos having this Client Random */ | |||
6738 | "|CLIENT_RANDOM (?<client_random>" OCTET "{32}) " | |||
6739 | /* Master-Secret is given, its length is fixed */ | |||
6740 | ")(?<master_secret>" OCTET "{" G_STRINGIFY(SSL_MASTER_SECRET_LENGTH)"48" "})" | |||
6741 | "|(?" | |||
6742 | /* TLS 1.3 Client Random to Derived Secrets mapping. */ | |||
6743 | ":CLIENT_EARLY_TRAFFIC_SECRET (?<client_early>" OCTET "{32})" | |||
6744 | "|CLIENT_HANDSHAKE_TRAFFIC_SECRET (?<client_handshake>" OCTET "{32})" | |||
6745 | "|SERVER_HANDSHAKE_TRAFFIC_SECRET (?<server_handshake>" OCTET "{32})" | |||
6746 | "|CLIENT_TRAFFIC_SECRET_0 (?<client_appdata>" OCTET "{32})" | |||
6747 | "|SERVER_TRAFFIC_SECRET_0 (?<server_appdata>" OCTET "{32})" | |||
6748 | "|EARLY_EXPORTER_SECRET (?<early_exporter>" OCTET "{32})" | |||
6749 | "|EXPORTER_SECRET (?<exporter>" OCTET "{32})" | |||
6750 | /* ECH. Secret length is defined by HPKE KEM Nsecret and can vary between 32 and 64 bytes */ | |||
6751 | /* These labels and their notation are specified in draft-ietf-tls-ech-keylogfile-01 */ | |||
6752 | "|ECH_SECRET (?<ech_secret>" OCTET "{32,64})" | |||
6753 | "|ECH_CONFIG (?<ech_config>" OCTET "{22,})" | |||
6754 | ") (?<derived_secret>" OCTET "+)"; | |||
6755 | #undef OCTET | |||
6756 | static GRegex *regex = NULL((void*)0); | |||
6757 | GError *gerr = NULL((void*)0); | |||
6758 | ||||
6759 | if (!regex) { | |||
6760 | regex = g_regex_new(pattern, | |||
6761 | (GRegexCompileFlags)(G_REGEX_OPTIMIZE | G_REGEX_ANCHORED | G_REGEX_RAW), | |||
6762 | G_REGEX_MATCH_ANCHORED, &gerr); | |||
6763 | if (gerr) { | |||
6764 | ssl_debug_printf("%s failed to compile regex: %s\n", G_STRFUNC((const char*) (__func__)), | |||
6765 | gerr->message); | |||
6766 | g_error_free(gerr); | |||
6767 | regex = NULL((void*)0); | |||
6768 | } | |||
6769 | } | |||
6770 | ||||
6771 | return regex; | |||
6772 | } | |||
6773 | ||||
6774 | typedef struct ssl_master_key_match_group { | |||
6775 | const char *re_group_name; | |||
6776 | GHashTable *master_key_ht; | |||
6777 | } ssl_master_key_match_group_t; | |||
6778 | ||||
6779 | void | |||
6780 | tls_keylog_process_lines(const ssl_master_key_map_t *mk_map, const uint8_t *data, unsigned datalen) | |||
6781 | { | |||
6782 | ssl_master_key_match_group_t mk_groups[] = { | |||
6783 | { "encrypted_pmk", mk_map->pre_master }, | |||
6784 | { "session_id", mk_map->session }, | |||
6785 | { "client_random", mk_map->crandom }, | |||
6786 | { "client_random_pms", mk_map->pms }, | |||
6787 | /* TLS 1.3 map from Client Random to derived secret. */ | |||
6788 | { "client_early", mk_map->tls13_client_early }, | |||
6789 | { "client_handshake", mk_map->tls13_client_handshake }, | |||
6790 | { "server_handshake", mk_map->tls13_server_handshake }, | |||
6791 | { "client_appdata", mk_map->tls13_client_appdata }, | |||
6792 | { "server_appdata", mk_map->tls13_server_appdata }, | |||
6793 | { "early_exporter", mk_map->tls13_early_exporter }, | |||
6794 | { "exporter", mk_map->tls13_exporter }, | |||
6795 | { "ech_secret", mk_map->ech_secret }, | |||
6796 | { "ech_config", mk_map->ech_config }, | |||
6797 | }; | |||
6798 | ||||
6799 | /* The format of the file is a series of records with one of the following formats: | |||
6800 | * - "RSA xxxx yyyy" | |||
6801 | * Where xxxx are the first 8 bytes of the encrypted pre-master secret (hex-encoded) | |||
6802 | * Where yyyy is the cleartext pre-master secret (hex-encoded) | |||
6803 | * (this is the original format introduced with bug 4349) | |||
6804 | * | |||
6805 | * - "RSA Session-ID:xxxx Master-Key:yyyy" | |||
6806 | * Where xxxx is the SSL session ID (hex-encoded) | |||
6807 | * Where yyyy is the cleartext master secret (hex-encoded) | |||
6808 | * (added to support openssl s_client Master-Key output) | |||
6809 | * This is somewhat is a misnomer because there's nothing RSA specific | |||
6810 | * about this. | |||
6811 | * | |||
6812 | * - "PMS_CLIENT_RANDOM xxxx yyyy" | |||
6813 | * Where xxxx is the client_random from the ClientHello (hex-encoded) | |||
6814 | * Where yyyy is the cleartext pre-master secret (hex-encoded) | |||
6815 | * (This format allows SSL connections to be decrypted, if a user can | |||
6816 | * capture the PMS but could not recover the MS for a specific session | |||
6817 | * with a SSL Server.) | |||
6818 | * | |||
6819 | * - "CLIENT_RANDOM xxxx yyyy" | |||
6820 | * Where xxxx is the client_random from the ClientHello (hex-encoded) | |||
6821 | * Where yyyy is the cleartext master secret (hex-encoded) | |||
6822 | * (This format allows non-RSA SSL connections to be decrypted, i.e. | |||
6823 | * ECDHE-RSA.) | |||
6824 | * | |||
6825 | * - "CLIENT_EARLY_TRAFFIC_SECRET xxxx yyyy" | |||
6826 | * - "CLIENT_HANDSHAKE_TRAFFIC_SECRET xxxx yyyy" | |||
6827 | * - "SERVER_HANDSHAKE_TRAFFIC_SECRET xxxx yyyy" | |||
6828 | * - "CLIENT_TRAFFIC_SECRET_0 xxxx yyyy" | |||
6829 | * - "SERVER_TRAFFIC_SECRET_0 xxxx yyyy" | |||
6830 | * - "EARLY_EXPORTER_SECRET xxxx yyyy" | |||
6831 | * - "EXPORTER_SECRET xxxx yyyy" | |||
6832 | * Where xxxx is the client_random from the ClientHello (hex-encoded) | |||
6833 | * Where yyyy is the secret (hex-encoded) derived from the early, | |||
6834 | * handshake or master secrets. (This format is introduced with TLS 1.3 | |||
6835 | * and supported by BoringSSL, OpenSSL, etc. See bug 12779.) | |||
6836 | */ | |||
6837 | GRegex *regex = ssl_compile_keyfile_regex(); | |||
6838 | if (!regex) | |||
6839 | return; | |||
6840 | ||||
6841 | const char *next_line = (const char *)data; | |||
6842 | const char *line_end = next_line + datalen; | |||
6843 | while (next_line && next_line < line_end) { | |||
6844 | const char *line = next_line; | |||
6845 | next_line = (const char *)memchr(line, '\n', line_end - line); | |||
6846 | ssize_t linelen; | |||
6847 | ||||
6848 | if (next_line) { | |||
6849 | linelen = next_line - line; | |||
6850 | next_line++; /* drop LF */ | |||
6851 | } else { | |||
6852 | linelen = (ssize_t)(line_end - line); | |||
6853 | } | |||
6854 | if (linelen > 0 && line[linelen - 1] == '\r') { | |||
6855 | linelen--; /* drop CR */ | |||
6856 | } | |||
6857 | ||||
6858 | ssl_debug_printf(" checking keylog line: %.*s\n", (int)linelen, line); | |||
6859 | GMatchInfo *mi; | |||
6860 | if (g_regex_match_full(regex, line, linelen, 0, G_REGEX_MATCH_ANCHORED, &mi, NULL((void*)0))) { | |||
6861 | char *hex_key, *hex_pre_ms_or_ms; | |||
6862 | StringInfo *key = wmem_new(wmem_file_scope(), StringInfo)((StringInfo*)wmem_alloc((wmem_file_scope()), sizeof(StringInfo ))); | |||
6863 | StringInfo *pre_ms_or_ms = NULL((void*)0); | |||
6864 | GHashTable *ht = NULL((void*)0); | |||
6865 | ||||
6866 | /* Is the PMS being supplied with the PMS_CLIENT_RANDOM | |||
6867 | * otherwise we will use the Master Secret | |||
6868 | */ | |||
6869 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "master_secret"); | |||
6870 | if (hex_pre_ms_or_ms == NULL((void*)0) || !*hex_pre_ms_or_ms) { | |||
6871 | g_free(hex_pre_ms_or_ms); | |||
6872 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "pms"); | |||
6873 | } | |||
6874 | if (hex_pre_ms_or_ms == NULL((void*)0) || !*hex_pre_ms_or_ms) { | |||
6875 | g_free(hex_pre_ms_or_ms); | |||
6876 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "derived_secret"); | |||
6877 | } | |||
6878 | /* There is always a match, otherwise the regex is wrong. */ | |||
6879 | DISSECTOR_ASSERT(hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms))((void) ((hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 6879, "hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms)" )))); | |||
6880 | ||||
6881 | /* convert from hex to bytes and save to hashtable */ | |||
6882 | pre_ms_or_ms = wmem_new(wmem_file_scope(), StringInfo)((StringInfo*)wmem_alloc((wmem_file_scope()), sizeof(StringInfo ))); | |||
6883 | from_hex(pre_ms_or_ms, hex_pre_ms_or_ms, strlen(hex_pre_ms_or_ms)); | |||
6884 | g_free(hex_pre_ms_or_ms); | |||
6885 | ||||
6886 | /* Find a master key from any format (CLIENT_RANDOM, SID, ...) */ | |||
6887 | for (unsigned i = 0; i < G_N_ELEMENTS(mk_groups)(sizeof (mk_groups) / sizeof ((mk_groups)[0])); i++) { | |||
6888 | ssl_master_key_match_group_t *g = &mk_groups[i]; | |||
6889 | hex_key = g_match_info_fetch_named(mi, g->re_group_name); | |||
6890 | if (hex_key && *hex_key) { | |||
6891 | ssl_debug_printf(" matched %s\n", g->re_group_name); | |||
6892 | ht = g->master_key_ht; | |||
6893 | from_hex(key, hex_key, strlen(hex_key)); | |||
6894 | g_free(hex_key); | |||
6895 | break; | |||
6896 | } | |||
6897 | g_free(hex_key); | |||
6898 | } | |||
6899 | DISSECTOR_ASSERT(ht)((void) ((ht) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 6899, "ht")))); /* Cannot be reached, or regex is wrong. */ | |||
6900 | ||||
6901 | g_hash_table_insert(ht, key, pre_ms_or_ms); | |||
6902 | ||||
6903 | } else if (linelen > 0 && line[0] != '#') { | |||
6904 | ssl_debug_printf(" unrecognized line\n"); | |||
6905 | } | |||
6906 | /* always free match info even if there is no match. */ | |||
6907 | g_match_info_free(mi); | |||
6908 | } | |||
6909 | } | |||
6910 | ||||
6911 | void | |||
6912 | ssl_load_keyfile(const char *tls_keylog_filename, FILE **keylog_file, | |||
6913 | const ssl_master_key_map_t *mk_map) | |||
6914 | { | |||
6915 | /* no need to try if no key log file is configured. */ | |||
6916 | if (!tls_keylog_filename || !*tls_keylog_filename) { | |||
6917 | ssl_debug_printf("%s dtls/tls.keylog_file is not configured!\n", | |||
6918 | G_STRFUNC((const char*) (__func__))); | |||
6919 | return; | |||
6920 | } | |||
6921 | ||||
6922 | /* Validate regexes before even trying to use it. */ | |||
6923 | if (!ssl_compile_keyfile_regex()) { | |||
6924 | return; | |||
6925 | } | |||
6926 | ||||
6927 | ssl_debug_printf("trying to use TLS keylog in %s\n", tls_keylog_filename); | |||
6928 | ||||
6929 | /* if the keylog file was deleted/overwritten, re-open it */ | |||
6930 | if (*keylog_file && file_needs_reopen(ws_filenofileno(*keylog_file), tls_keylog_filename)) { | |||
6931 | ssl_debug_printf("%s file got deleted, trying to re-open\n", G_STRFUNC((const char*) (__func__))); | |||
6932 | fclose(*keylog_file); | |||
6933 | *keylog_file = NULL((void*)0); | |||
6934 | } | |||
6935 | ||||
6936 | if (*keylog_file == NULL((void*)0)) { | |||
6937 | *keylog_file = ws_fopenfopen(tls_keylog_filename, "r"); | |||
6938 | if (!*keylog_file) { | |||
6939 | ssl_debug_printf("%s failed to open SSL keylog\n", G_STRFUNC((const char*) (__func__))); | |||
6940 | return; | |||
6941 | } | |||
6942 | } | |||
6943 | ||||
6944 | for (;;) { | |||
6945 | char buf[1110], *line; | |||
6946 | line = fgets(buf, sizeof(buf), *keylog_file); | |||
6947 | if (!line) { | |||
6948 | if (feof(*keylog_file)) { | |||
6949 | /* Ensure that newly appended keys can be read in the future. */ | |||
6950 | clearerr(*keylog_file); | |||
6951 | } else if (ferror(*keylog_file)) { | |||
6952 | ssl_debug_printf("%s Error while reading key log file, closing it!\n", G_STRFUNC((const char*) (__func__))); | |||
6953 | fclose(*keylog_file); | |||
6954 | *keylog_file = NULL((void*)0); | |||
6955 | } | |||
6956 | break; | |||
6957 | } | |||
6958 | tls_keylog_process_lines(mk_map, (uint8_t *)line, (int)strlen(line)); | |||
6959 | } | |||
6960 | } | |||
6961 | /** SSL keylog file handling. }}} */ | |||
6962 | ||||
6963 | #ifdef SSL_DECRYPT_DEBUG /* {{{ */ | |||
6964 | ||||
6965 | static FILE* ssl_debug_file; | |||
6966 | ||||
6967 | void | |||
6968 | ssl_set_debug(const char* name) | |||
6969 | { | |||
6970 | static int debug_file_must_be_closed; | |||
6971 | int use_stderr; | |||
6972 | ||||
6973 | use_stderr = name?(strcmp(name, SSL_DEBUG_USE_STDERR"-") == 0):0; | |||
6974 | ||||
6975 | if (debug_file_must_be_closed) | |||
6976 | fclose(ssl_debug_file); | |||
6977 | ||||
6978 | if (use_stderr) | |||
6979 | ssl_debug_file = stderrstderr; | |||
6980 | else if (!name || (strcmp(name, "") ==0)) | |||
6981 | ssl_debug_file = NULL((void*)0); | |||
6982 | else | |||
6983 | ssl_debug_file = ws_fopenfopen(name, "w"); | |||
6984 | ||||
6985 | if (!use_stderr && ssl_debug_file) | |||
6986 | debug_file_must_be_closed = 1; | |||
6987 | else | |||
6988 | debug_file_must_be_closed = 0; | |||
6989 | ||||
6990 | ssl_debug_printf("Wireshark SSL debug log \n\n"); | |||
6991 | #ifdef HAVE_LIBGNUTLS1 | |||
6992 | ssl_debug_printf("GnuTLS version: %s\n", gnutls_check_version(NULL((void*)0))); | |||
6993 | #endif | |||
6994 | ssl_debug_printf("Libgcrypt version: %s\n", gcry_check_version(NULL((void*)0))); | |||
6995 | ssl_debug_printf("\n"); | |||
6996 | } | |||
6997 | ||||
6998 | void | |||
6999 | ssl_debug_flush(void) | |||
7000 | { | |||
7001 | if (ssl_debug_file) | |||
7002 | fflush(ssl_debug_file); | |||
7003 | } | |||
7004 | ||||
7005 | void | |||
7006 | ssl_debug_printf(const char* fmt, ...) | |||
7007 | { | |||
7008 | va_list ap; | |||
7009 | ||||
7010 | if (!ssl_debug_file) | |||
7011 | return; | |||
7012 | ||||
7013 | va_start(ap, fmt)__builtin_va_start(ap, fmt); | |||
7014 | vfprintf(ssl_debug_file, fmt, ap); | |||
7015 | va_end(ap)__builtin_va_end(ap); | |||
7016 | } | |||
7017 | ||||
7018 | void | |||
7019 | ssl_print_data(const char* name, const unsigned char* data, size_t len) | |||
7020 | { | |||
7021 | size_t i, j, k; | |||
7022 | if (!ssl_debug_file) | |||
7023 | return; | |||
7024 | fprintf(ssl_debug_file,"%s[%d]:\n",name, (int) len); | |||
7025 | for (i=0; i<len; i+=16) { | |||
7026 | fprintf(ssl_debug_file,"| "); | |||
7027 | for (j=i, k=0; k<16 && j<len; ++j, ++k) | |||
7028 | fprintf(ssl_debug_file,"%.2x ",data[j]); | |||
7029 | for (; k<16; ++k) | |||
7030 | fprintf(ssl_debug_file," "); | |||
7031 | fputc('|', ssl_debug_file); | |||
7032 | for (j=i, k=0; k<16 && j<len; ++j, ++k) { | |||
7033 | unsigned char c = data[j]; | |||
7034 | if (!g_ascii_isprint(c)((g_ascii_table[(guchar) (c)] & G_ASCII_PRINT) != 0) || (c=='\t')) c = '.'; | |||
7035 | fputc(c, ssl_debug_file); | |||
7036 | } | |||
7037 | for (; k<16; ++k) | |||
7038 | fputc(' ', ssl_debug_file); | |||
7039 | fprintf(ssl_debug_file,"|\n"); | |||
7040 | } | |||
7041 | } | |||
7042 | ||||
7043 | void | |||
7044 | ssl_print_string(const char* name, const StringInfo* data) | |||
7045 | { | |||
7046 | ssl_print_data(name, data->data, data->data_len); | |||
7047 | } | |||
7048 | #endif /* SSL_DECRYPT_DEBUG }}} */ | |||
7049 | ||||
7050 | /* UAT preferences callbacks. {{{ */ | |||
7051 | /* checks for SSL and DTLS UAT key list fields */ | |||
7052 | ||||
7053 | bool_Bool | |||
7054 | ssldecrypt_uat_fld_ip_chk_cb(void* r _U___attribute__((unused)), const char* p _U___attribute__((unused)), unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) | |||
7055 | { | |||
7056 | // This should be removed in favor of Decode As. Make it optional. | |||
7057 | *err = NULL((void*)0); | |||
7058 | return true1; | |||
7059 | } | |||
7060 | ||||
7061 | bool_Bool | |||
7062 | ssldecrypt_uat_fld_port_chk_cb(void* r _U___attribute__((unused)), const char* p, unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) | |||
7063 | { | |||
7064 | if (!p || strlen(p) == 0u) { | |||
7065 | // This should be removed in favor of Decode As. Make it optional. | |||
7066 | *err = NULL((void*)0); | |||
7067 | return true1; | |||
7068 | } | |||
7069 | ||||
7070 | if (strcmp(p, "start_tls") != 0){ | |||
7071 | uint16_t port; | |||
7072 | if (!ws_strtou16(p, NULL((void*)0), &port)) { | |||
7073 | *err = g_strdup("Invalid port given.")g_strdup_inline ("Invalid port given."); | |||
7074 | return false0; | |||
7075 | } | |||
7076 | } | |||
7077 | ||||
7078 | *err = NULL((void*)0); | |||
7079 | return true1; | |||
7080 | } | |||
7081 | ||||
7082 | bool_Bool | |||
7083 | ssldecrypt_uat_fld_fileopen_chk_cb(void* r _U___attribute__((unused)), const char* p, unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) | |||
7084 | { | |||
7085 | ws_statb64struct stat st; | |||
7086 | ||||
7087 | if (!p || strlen(p) == 0u) { | |||
7088 | *err = g_strdup("No filename given.")g_strdup_inline ("No filename given."); | |||
7089 | return false0; | |||
7090 | } else { | |||
7091 | if (ws_stat64stat(p, &st) != 0) { | |||
7092 | *err = ws_strdup_printf("File '%s' does not exist or access is denied.", p)wmem_strdup_printf(((void*)0), "File '%s' does not exist or access is denied." , p); | |||
7093 | return false0; | |||
7094 | } | |||
7095 | } | |||
7096 | ||||
7097 | *err = NULL((void*)0); | |||
7098 | return true1; | |||
7099 | } | |||
7100 | ||||
7101 | bool_Bool | |||
7102 | ssldecrypt_uat_fld_password_chk_cb(void *r _U___attribute__((unused)), const char *p _U___attribute__((unused)), unsigned len _U___attribute__((unused)), const void *u1 _U___attribute__((unused)), const void *u2 _U___attribute__((unused)), char **err) | |||
7103 | { | |||
7104 | #if defined(HAVE_LIBGNUTLS1) | |||
7105 | ssldecrypt_assoc_t* f = (ssldecrypt_assoc_t *)r; | |||
7106 | FILE *fp = NULL((void*)0); | |||
7107 | ||||
7108 | if (p && (strlen(p) > 0u)) { | |||
7109 | fp = ws_fopenfopen(f->keyfile, "rb"); | |||
7110 | if (fp) { | |||
7111 | char *msg = NULL((void*)0); | |||
7112 | gnutls_x509_privkey_t priv_key = rsa_load_pkcs12(fp, p, &msg); | |||
7113 | if (!priv_key) { | |||
7114 | fclose(fp); | |||
7115 | *err = ws_strdup_printf("Could not load PKCS#12 key file: %s", msg)wmem_strdup_printf(((void*)0), "Could not load PKCS#12 key file: %s" , msg); | |||
7116 | g_free(msg); | |||
7117 | return false0; | |||
7118 | } | |||
7119 | g_free(msg); | |||
7120 | gnutls_x509_privkey_deinit(priv_key); | |||
7121 | fclose(fp); | |||
7122 | } else { | |||
7123 | *err = ws_strdup_printf("Leave this field blank if the keyfile is not PKCS#12.")wmem_strdup_printf(((void*)0), "Leave this field blank if the keyfile is not PKCS#12." ); | |||
7124 | return false0; | |||
7125 | } | |||
7126 | } | |||
7127 | ||||
7128 | *err = NULL((void*)0); | |||
7129 | return true1; | |||
7130 | #else | |||
7131 | *err = g_strdup("Cannot load key files, support is not compiled in.")g_strdup_inline ("Cannot load key files, support is not compiled in." ); | |||
7132 | return false0; | |||
7133 | #endif | |||
7134 | } | |||
7135 | /* UAT preferences callbacks. }}} */ | |||
7136 | ||||
7137 | /** maximum size of ssl_association_info() string */ | |||
7138 | #define SSL_ASSOC_MAX_LEN8192 8192 | |||
7139 | ||||
7140 | typedef struct ssl_association_info_callback_data | |||
7141 | { | |||
7142 | char *str; | |||
7143 | const char *table_protocol; | |||
7144 | } ssl_association_info_callback_data_t; | |||
7145 | ||||
7146 | /** | |||
7147 | * callback function used by ssl_association_info() to traverse the SSL associations. | |||
7148 | */ | |||
7149 | static void | |||
7150 | ssl_association_info_(const char *table _U___attribute__((unused)), void *handle, void *user_data) | |||
7151 | { | |||
7152 | ssl_association_info_callback_data_t* data = (ssl_association_info_callback_data_t*)user_data; | |||
7153 | const int l = (const int)strlen(data->str); | |||
7154 | snprintf(data->str+l, SSL_ASSOC_MAX_LEN8192-l, "'%s' (%s)\n", dissector_handle_get_dissector_name((dissector_handle_t)handle), dissector_handle_get_description((dissector_handle_t)handle)); | |||
7155 | } | |||
7156 | ||||
7157 | /** | |||
7158 | * @return an information string on the SSL protocol associations. The string must be freed. | |||
7159 | */ | |||
7160 | char* | |||
7161 | ssl_association_info(const char* dissector_table_name, const char* table_protocol) | |||
7162 | { | |||
7163 | ssl_association_info_callback_data_t data; | |||
7164 | ||||
7165 | data.str = (char *)g_malloc0(SSL_ASSOC_MAX_LEN8192); | |||
7166 | data.table_protocol = table_protocol; | |||
7167 | dissector_table_foreach_handle(dissector_table_name, ssl_association_info_, &data); | |||
7168 | return data.str; | |||
7169 | } | |||
7170 | ||||
7171 | ||||
7172 | /** Begin of code related to dissection of wire data. */ | |||
7173 | ||||
7174 | /* Helpers for dissecting Variable-Length Vectors. {{{ */ | |||
7175 | bool_Bool | |||
7176 | ssl_add_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
7177 | unsigned offset, unsigned offset_end, uint32_t *ret_length, | |||
7178 | int hf_length, uint32_t min_value, uint32_t max_value) | |||
7179 | { | |||
7180 | unsigned veclen_size; | |||
7181 | uint32_t veclen_value; | |||
7182 | proto_item *pi; | |||
7183 | ||||
7184 | DISSECTOR_ASSERT_CMPUINT(min_value, <=, max_value)((void) ((min_value <= max_value) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion " "min_value" " " "<=" " " "max_value" " (" "%" "l" "u" " " "<=" " " "%" "l" "u" ")", "epan/dissectors/packet-tls-utils.c" , 7184, (uint64_t)min_value, (uint64_t)max_value)))); | |||
7185 | if (offset > offset_end) { | |||
7186 | expert_add_info_format(pinfo, tree, &hf->ei.malformed_buffer_too_small, | |||
7187 | "Vector offset is past buffer end offset (%u > %u)", | |||
7188 | offset, offset_end); | |||
7189 | *ret_length = 0; | |||
7190 | return false0; /* Cannot read length. */ | |||
7191 | } | |||
7192 | ||||
7193 | if (max_value > 0xffffff) { | |||
7194 | veclen_size = 4; | |||
7195 | } else if (max_value > 0xffff) { | |||
7196 | veclen_size = 3; | |||
7197 | } else if (max_value > 0xff) { | |||
7198 | veclen_size = 2; | |||
7199 | } else { | |||
7200 | veclen_size = 1; | |||
7201 | } | |||
7202 | ||||
7203 | if (offset_end - offset < veclen_size) { | |||
7204 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_buffer_too_small, | |||
7205 | tvb, offset, offset_end - offset, | |||
7206 | "No more room for vector of length %u", | |||
7207 | veclen_size); | |||
7208 | *ret_length = 0; | |||
7209 | return false0; /* Cannot read length. */ | |||
7210 | } | |||
7211 | ||||
7212 | pi = proto_tree_add_item_ret_uint(tree, hf_length, tvb, offset, veclen_size, ENC_BIG_ENDIAN0x00000000, &veclen_value); | |||
7213 | offset += veclen_size; | |||
7214 | ||||
7215 | if (veclen_value < min_value) { | |||
7216 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_vector_length, | |||
7217 | "Vector length %u is smaller than minimum %u", | |||
7218 | veclen_value, min_value); | |||
7219 | } else if (veclen_value > max_value) { | |||
7220 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_vector_length, | |||
7221 | "Vector length %u is larger than maximum %u", | |||
7222 | veclen_value, max_value); | |||
7223 | } | |||
7224 | ||||
7225 | if (offset_end - offset < veclen_value) { | |||
7226 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_buffer_too_small, | |||
7227 | "Vector length %u is too large, truncating it to %u", | |||
7228 | veclen_value, offset_end - offset); | |||
7229 | *ret_length = offset_end - offset; | |||
7230 | return false0; /* Length is truncated to avoid overflow. */ | |||
7231 | } | |||
7232 | ||||
7233 | *ret_length = veclen_value; | |||
7234 | return true1; /* Length is OK. */ | |||
7235 | } | |||
7236 | ||||
7237 | bool_Bool | |||
7238 | ssl_end_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
7239 | unsigned offset, unsigned offset_end) | |||
7240 | { | |||
7241 | if (offset < offset_end) { | |||
7242 | unsigned trailing = offset_end - offset; | |||
7243 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_trailing_data, | |||
7244 | tvb, offset, trailing, | |||
7245 | "%u trailing byte%s unprocessed", | |||
7246 | trailing, plurality(trailing, " was", "s were")((trailing) == 1 ? (" was") : ("s were"))); | |||
7247 | return false0; /* unprocessed data warning */ | |||
7248 | } else if (offset > offset_end) { | |||
7249 | /* | |||
7250 | * Returned offset runs past the end. This should not happen and is | |||
7251 | * possibly a dissector bug. | |||
7252 | */ | |||
7253 | unsigned excess = offset - offset_end; | |||
7254 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_buffer_too_small, | |||
7255 | tvb, offset_end, excess, | |||
7256 | "Dissector processed too much data (%u byte%s)", | |||
7257 | excess, plurality(excess, "", "s")((excess) == 1 ? ("") : ("s"))); | |||
7258 | return false0; /* overflow error */ | |||
7259 | } | |||
7260 | ||||
7261 | return true1; /* OK, offset matches. */ | |||
7262 | } | |||
7263 | /** }}} */ | |||
7264 | ||||
7265 | ||||
7266 | static uint32_t | |||
7267 | ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
7268 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
7269 | uint16_t version, int hf_sig_len, int hf_sig); | |||
7270 | ||||
7271 | /* change_cipher_spec(20) dissection */ | |||
7272 | void | |||
7273 | ssl_dissect_change_cipher_spec(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
7274 | packet_info *pinfo, proto_tree *tree, | |||
7275 | uint32_t offset, SslSession *session, | |||
7276 | bool_Bool is_from_server, | |||
7277 | const SslDecryptSession *ssl) | |||
7278 | { | |||
7279 | /* | |||
7280 | * struct { | |||
7281 | * enum { change_cipher_spec(1), (255) } type; | |||
7282 | * } ChangeCipherSpec; | |||
7283 | */ | |||
7284 | proto_item *ti; | |||
7285 | proto_item_set_text(tree, | |||
7286 | "%s Record Layer: %s Protocol: Change Cipher Spec", | |||
7287 | val_to_str_const(session->version, ssl_version_short_names, "SSL"), | |||
7288 | val_to_str_const(SSL_ID_CHG_CIPHER_SPEC, ssl_31_content_type, "unknown")); | |||
7289 | ti = proto_tree_add_item(tree, hf->hf.change_cipher_spec, tvb, offset, 1, ENC_NA0x00000000); | |||
7290 | ||||
7291 | if (session->version == TLSV1DOT3_VERSION0x304) { | |||
7292 | /* CCS is a dummy message in TLS 1.3, do not parse it further. */ | |||
7293 | return; | |||
7294 | } | |||
7295 | ||||
7296 | /* Remember frame number of first CCS */ | |||
7297 | uint32_t *ccs_frame = is_from_server ? &session->server_ccs_frame : &session->client_ccs_frame; | |||
7298 | if (*ccs_frame == 0) | |||
7299 | *ccs_frame = pinfo->num; | |||
7300 | ||||
7301 | /* Use heuristics to detect an abbreviated handshake, assume that missing | |||
7302 | * ServerHelloDone implies reusing previously negotiating keys. Then when | |||
7303 | * a Session ID or ticket is present, it must be a resumed session. | |||
7304 | * Normally this should be done at the Finished message, but that may be | |||
7305 | * encrypted so we do it here, at the last cleartext message. */ | |||
7306 | if (is_from_server && ssl) { | |||
7307 | if (session->is_session_resumed) { | |||
7308 | const char *resumed = NULL((void*)0); | |||
7309 | if (ssl->session_ticket.data_len) { | |||
7310 | resumed = "Session Ticket"; | |||
7311 | } else if (ssl->session_id.data_len) { | |||
7312 | resumed = "Session ID"; | |||
7313 | } | |||
7314 | if (resumed) { | |||
7315 | ssl_debug_printf("%s Session resumption using %s\n", G_STRFUNC((const char*) (__func__)), resumed); | |||
7316 | } else { | |||
7317 | /* Can happen if the capture somehow starts in the middle */ | |||
7318 | ssl_debug_printf("%s No Session resumption, missing packets?\n", G_STRFUNC((const char*) (__func__))); | |||
7319 | } | |||
7320 | } else { | |||
7321 | ssl_debug_printf("%s Not using Session resumption\n", G_STRFUNC((const char*) (__func__))); | |||
7322 | } | |||
7323 | } | |||
7324 | if (is_from_server && session->is_session_resumed) | |||
7325 | expert_add_info(pinfo, ti, &hf->ei.resumed); | |||
7326 | } | |||
7327 | ||||
7328 | /** Begin of handshake(22) record dissections */ | |||
7329 | ||||
7330 | /* Dissects a SignatureScheme (TLS 1.3) or SignatureAndHashAlgorithm (TLS 1.2). | |||
7331 | * {{{ */ | |||
7332 | static void | |||
7333 | tls_dissect_signature_algorithm(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset, ja4_data_t *ja4_data) | |||
7334 | { | |||
7335 | uint32_t sighash, hashalg, sigalg; | |||
7336 | proto_item *ti_sigalg; | |||
7337 | proto_tree *sigalg_tree; | |||
7338 | ||||
7339 | ti_sigalg = proto_tree_add_item_ret_uint(tree, hf->hf.hs_sig_hash_alg, tvb, | |||
7340 | offset, 2, ENC_BIG_ENDIAN0x00000000, &sighash); | |||
7341 | if (ja4_data) { | |||
7342 | wmem_list_append(ja4_data->sighash_list, GUINT_TO_POINTER(sighash)((gpointer) (gulong) (sighash))); | |||
7343 | } | |||
7344 | ||||
7345 | sigalg_tree = proto_item_add_subtree(ti_sigalg, hf->ett.hs_sig_hash_alg); | |||
7346 | ||||
7347 | /* TLS 1.2: SignatureAndHashAlgorithm { hash, signature } */ | |||
7348 | proto_tree_add_item_ret_uint(sigalg_tree, hf->hf.hs_sig_hash_hash, tvb, | |||
7349 | offset, 1, ENC_BIG_ENDIAN0x00000000, &hashalg); | |||
7350 | proto_tree_add_item_ret_uint(sigalg_tree, hf->hf.hs_sig_hash_sig, tvb, | |||
7351 | offset + 1, 1, ENC_BIG_ENDIAN0x00000000, &sigalg); | |||
7352 | ||||
7353 | /* No TLS 1.3 SignatureScheme? Fallback to TLS 1.2 interpretation. */ | |||
7354 | if (!try_val_to_str(sighash, tls13_signature_algorithm)) { | |||
7355 | proto_item_set_text(ti_sigalg, "Signature Algorithm: %s %s (0x%04x)", | |||
7356 | val_to_str_const(hashalg, tls_hash_algorithm, "Unknown"), | |||
7357 | val_to_str_const(sigalg, tls_signature_algorithm, "Unknown"), | |||
7358 | sighash); | |||
7359 | } | |||
7360 | } /* }}} */ | |||
7361 | ||||
7362 | /* dissect a list of hash algorithms, return the number of bytes dissected | |||
7363 | this is used for the signature algorithms extension and for the | |||
7364 | TLS1.2 certificate request. {{{ */ | |||
7365 | static int | |||
7366 | ssl_dissect_hash_alg_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | |||
7367 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, ja4_data_t *ja4_data) | |||
7368 | { | |||
7369 | /* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | |||
7370 | * struct { | |||
7371 | * HashAlgorithm hash; | |||
7372 | * SignatureAlgorithm signature; | |||
7373 | * } SignatureAndHashAlgorithm; | |||
7374 | * SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>; | |||
7375 | */ | |||
7376 | proto_tree *subtree; | |||
7377 | proto_item *ti; | |||
7378 | unsigned sh_alg_length; | |||
7379 | uint32_t next_offset; | |||
7380 | ||||
7381 | /* SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2> */ | |||
7382 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sh_alg_length, | |||
7383 | hf->hf.hs_sig_hash_alg_len, 2, UINT16_MAX(65535) - 1)) { | |||
7384 | return offset_end; | |||
7385 | } | |||
7386 | offset += 2; | |||
7387 | next_offset = offset + sh_alg_length; | |||
7388 | ||||
7389 | ti = proto_tree_add_none_format(tree, hf->hf.hs_sig_hash_algs, tvb, offset, sh_alg_length, | |||
7390 | "Signature Hash Algorithms (%u algorithm%s)", | |||
7391 | sh_alg_length / 2, plurality(sh_alg_length / 2, "", "s")((sh_alg_length / 2) == 1 ? ("") : ("s"))); | |||
7392 | subtree = proto_item_add_subtree(ti, hf->ett.hs_sig_hash_algs); | |||
7393 | ||||
7394 | while (offset + 2 <= next_offset) { | |||
7395 | tls_dissect_signature_algorithm(hf, tvb, subtree, offset, ja4_data); | |||
7396 | offset += 2; | |||
7397 | } | |||
7398 | ||||
7399 | if (!ssl_end_vector(hf, tvb, pinfo, subtree, offset, next_offset)) { | |||
7400 | offset = next_offset; | |||
7401 | } | |||
7402 | ||||
7403 | return offset; | |||
7404 | } /* }}} */ | |||
7405 | ||||
7406 | /* Dissection of DistinguishedName (for CertificateRequest and | |||
7407 | * certificate_authorities extension). {{{ */ | |||
7408 | static uint32_t | |||
7409 | tls_dissect_certificate_authorities(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
7410 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
7411 | { | |||
7412 | proto_item *ti; | |||
7413 | proto_tree *subtree; | |||
7414 | uint32_t dnames_length, next_offset; | |||
7415 | asn1_ctx_t asn1_ctx; | |||
7416 | int dnames_count = 100; /* the maximum number of DNs to add to the tree */ | |||
7417 | ||||
7418 | /* Note: minimum length is 0 for TLS 1.1/1.2 and 3 for earlier/later */ | |||
7419 | /* DistinguishedName certificate_authorities<0..2^16-1> */ | |||
7420 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &dnames_length, | |||
7421 | hf->hf.hs_dnames_len, 0, UINT16_MAX(65535))) { | |||
7422 | return offset_end; | |||
7423 | } | |||
7424 | offset += 2; | |||
7425 | next_offset = offset + dnames_length; | |||
7426 | ||||
7427 | if (dnames_length > 0) { | |||
7428 | ti = proto_tree_add_none_format(tree, | |||
7429 | hf->hf.hs_dnames, | |||
7430 | tvb, offset, dnames_length, | |||
7431 | "Distinguished Names (%d byte%s)", | |||
7432 | dnames_length, | |||
7433 | plurality(dnames_length, "", "s")((dnames_length) == 1 ? ("") : ("s"))); | |||
7434 | subtree = proto_item_add_subtree(ti, hf->ett.dnames); | |||
7435 | ||||
7436 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
7437 | ||||
7438 | while (offset < next_offset) { | |||
7439 | /* get the length of the current certificate */ | |||
7440 | uint32_t name_length; | |||
7441 | ||||
7442 | if (dnames_count-- == 0) { | |||
7443 | /* stop adding to tree when the list is considered too large | |||
7444 | * https://gitlab.com/wireshark/wireshark/-/issues/16202 | |||
7445 | Note: dnames_count must be set low enough not to hit the | |||
7446 | limit set by PINFO_LAYER_MAX_RECURSION_DEPTH in packet.c | |||
7447 | */ | |||
7448 | ti = proto_tree_add_item(subtree, hf->hf.hs_dnames_truncated, | |||
7449 | tvb, offset, next_offset - offset, ENC_NA0x00000000); | |||
7450 | proto_item_set_generated(ti); | |||
7451 | return next_offset; | |||
7452 | } | |||
7453 | ||||
7454 | /* opaque DistinguishedName<1..2^16-1> */ | |||
7455 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &name_length, | |||
7456 | hf->hf.hs_dname_len, 1, UINT16_MAX(65535))) { | |||
7457 | return next_offset; | |||
7458 | } | |||
7459 | offset += 2; | |||
7460 | ||||
7461 | dissect_x509if_DistinguishedName(false0, tvb, offset, &asn1_ctx, | |||
7462 | subtree, hf->hf.hs_dname); | |||
7463 | offset += name_length; | |||
7464 | } | |||
7465 | } | |||
7466 | return offset; | |||
7467 | } /* }}} */ | |||
7468 | ||||
7469 | ||||
7470 | /** TLS Extensions (in Client Hello and Server Hello). {{{ */ | |||
7471 | static int | |||
7472 | ssl_dissect_hnd_hello_ext_sig_hash_algs(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
7473 | proto_tree *tree, packet_info* pinfo, uint32_t offset, uint32_t offset_end, ja4_data_t *ja4_data) | |||
7474 | { | |||
7475 | return ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, ja4_data); | |||
7476 | } | |||
7477 | ||||
7478 | static int | |||
7479 | ssl_dissect_hnd_ext_delegated_credentials(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
7480 | proto_tree *tree, packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type) | |||
7481 | { | |||
7482 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
7483 | /* | |||
7484 | * struct { | |||
7485 | * SignatureScheme supported_signature_algorithm<2..2^16-2>; | |||
7486 | * } SignatureSchemeList; | |||
7487 | */ | |||
7488 | ||||
7489 | return ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, NULL((void*)0)); | |||
7490 | } else { | |||
7491 | asn1_ctx_t asn1_ctx; | |||
7492 | unsigned pubkey_length, sign_length; | |||
7493 | ||||
7494 | /* | |||
7495 | * struct { | |||
7496 | * uint32 valid_time; | |||
7497 | * SignatureScheme expected_cert_verify_algorithm; | |||
7498 | * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; | |||
7499 | * } Credential; | |||
7500 | * | |||
7501 | * struct { | |||
7502 | * Credential cred; | |||
7503 | * SignatureScheme algorithm; | |||
7504 | * opaque signature<0..2^16-1>; | |||
7505 | * } DelegatedCredential; | |||
7506 | */ | |||
7507 | ||||
7508 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
7509 | ||||
7510 | proto_tree_add_item(tree, hf->hf.hs_cred_valid_time, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
7511 | offset += 4; | |||
7512 | ||||
7513 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); | |||
7514 | offset += 2; | |||
7515 | ||||
7516 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &pubkey_length, | |||
7517 | hf->hf.hs_cred_pubkey_len, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
7518 | return offset_end; | |||
7519 | } | |||
7520 | offset += 3; | |||
7521 | dissect_x509af_SubjectPublicKeyInfo(false0, tvb, offset, &asn1_ctx, tree, hf->hf.hs_cred_pubkey); | |||
7522 | offset += pubkey_length; | |||
7523 | ||||
7524 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); | |||
7525 | offset += 2; | |||
7526 | ||||
7527 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sign_length, | |||
7528 | hf->hf.hs_cred_signature_len, 1, UINT16_MAX(65535))) { | |||
7529 | return offset_end; | |||
7530 | } | |||
7531 | offset += 2; | |||
7532 | proto_tree_add_item(tree, hf->hf.hs_cred_signature, | |||
7533 | tvb, offset, sign_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
7534 | offset += sign_length; | |||
7535 | ||||
7536 | return offset; | |||
7537 | } | |||
7538 | } | |||
7539 | ||||
7540 | static int | |||
7541 | ssl_dissect_hnd_hello_ext_alps(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
7542 | packet_info *pinfo, proto_tree *tree, | |||
7543 | uint32_t offset, uint32_t offset_end, | |||
7544 | uint8_t hnd_type) | |||
7545 | { | |||
7546 | ||||
7547 | /* https://datatracker.ietf.org/doc/html/draft-vvv-tls-alps-01#section-4 */ | |||
7548 | ||||
7549 | switch (hnd_type) { | |||
7550 | case SSL_HND_CLIENT_HELLO: { | |||
7551 | proto_tree *alps_tree; | |||
7552 | proto_item *ti; | |||
7553 | uint32_t next_offset, alps_length, name_length; | |||
7554 | ||||
7555 | /* | |||
7556 | * opaque ProtocolName<1..2^8-1>; | |||
7557 | * struct { | |||
7558 | * ProtocolName supported_protocols<2..2^16-1> | |||
7559 | * } ApplicationSettingsSupport; | |||
7560 | */ | |||
7561 | ||||
7562 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &alps_length, | |||
7563 | hf->hf.hs_ext_alps_len, 2, UINT16_MAX(65535))) { | |||
7564 | return offset_end; | |||
7565 | } | |||
7566 | offset += 2; | |||
7567 | next_offset = offset + alps_length; | |||
7568 | ||||
7569 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_alps_alpn_list, | |||
7570 | tvb, offset, alps_length, ENC_NA0x00000000); | |||
7571 | alps_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_alps); | |||
7572 | ||||
7573 | /* Parse list (note missing check for end of vector, ssl_add_vector below | |||
7574 | * ensures that data is always available.) */ | |||
7575 | while (offset < next_offset) { | |||
7576 | if (!ssl_add_vector(hf, tvb, pinfo, alps_tree, offset, next_offset, &name_length, | |||
7577 | hf->hf.hs_ext_alps_alpn_str_len, 1, UINT8_MAX(255))) { | |||
7578 | return next_offset; | |||
7579 | } | |||
7580 | offset++; | |||
7581 | ||||
7582 | proto_tree_add_item(alps_tree, hf->hf.hs_ext_alps_alpn_str, | |||
7583 | tvb, offset, name_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
7584 | offset += name_length; | |||
7585 | } | |||
7586 | ||||
7587 | return offset; | |||
7588 | } | |||
7589 | case SSL_HND_ENCRYPTED_EXTS: | |||
7590 | /* Opaque blob */ | |||
7591 | proto_tree_add_item(tree, hf->hf.hs_ext_alps_settings, | |||
7592 | tvb, offset, offset_end - offset, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
7593 | break; | |||
7594 | } | |||
7595 | ||||
7596 | return offset_end; | |||
7597 | } | |||
7598 | ||||
7599 | static int | |||
7600 | ssl_dissect_hnd_hello_ext_alpn(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
7601 | packet_info *pinfo, proto_tree *tree, | |||
7602 | uint32_t offset, uint32_t offset_end, | |||
7603 | uint8_t hnd_type, SslSession *session, | |||
7604 | bool_Bool is_dtls, ja4_data_t *ja4_data) | |||
7605 | { | |||
7606 | ||||
7607 | /* https://tools.ietf.org/html/rfc7301#section-3.1 | |||
7608 | * opaque ProtocolName<1..2^8-1>; | |||
7609 | * struct { | |||
7610 | * ProtocolName protocol_name_list<2..2^16-1> | |||
7611 | * } ProtocolNameList; | |||
7612 | */ | |||
7613 | proto_tree *alpn_tree; | |||
7614 | proto_item *ti; | |||
7615 | uint32_t next_offset, alpn_length, name_length; | |||
7616 | uint8_t *proto_name = NULL((void*)0), *client_proto_name = NULL((void*)0); | |||
7617 | ||||
7618 | /* ProtocolName protocol_name_list<2..2^16-1> */ | |||
7619 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &alpn_length, | |||
7620 | hf->hf.hs_ext_alpn_len, 2, UINT16_MAX(65535))) { | |||
7621 | return offset_end; | |||
7622 | } | |||
7623 | offset += 2; | |||
7624 | next_offset = offset + alpn_length; | |||
7625 | ||||
7626 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_alpn_list, | |||
7627 | tvb, offset, alpn_length, ENC_NA0x00000000); | |||
7628 | alpn_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_alpn); | |||
7629 | ||||
7630 | /* Parse list (note missing check for end of vector, ssl_add_vector below | |||
7631 | * ensures that data is always available.) */ | |||
7632 | while (offset < next_offset) { | |||
7633 | /* opaque ProtocolName<1..2^8-1> */ | |||
7634 | if (!ssl_add_vector(hf, tvb, pinfo, alpn_tree, offset, next_offset, &name_length, | |||
7635 | hf->hf.hs_ext_alpn_str_len, 1, UINT8_MAX(255))) { | |||
7636 | return next_offset; | |||
7637 | } | |||
7638 | offset++; | |||
7639 | ||||
7640 | proto_tree_add_item(alpn_tree, hf->hf.hs_ext_alpn_str, | |||
7641 | tvb, offset, name_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
7642 | if (ja4_data && wmem_strbuf_get_len(ja4_data->alpn) == 0) { | |||
7643 | const char alpn_first_char = (char)tvb_get_uint8(tvb,offset); | |||
7644 | const char alpn_last_char = (char)tvb_get_uint8(tvb,offset + name_length - 1); | |||
7645 | if ((g_ascii_isprint(alpn_first_char)((g_ascii_table[(guchar) (alpn_first_char)] & G_ASCII_PRINT ) != 0)) && g_ascii_isprint(alpn_last_char)((g_ascii_table[(guchar) (alpn_last_char)] & G_ASCII_PRINT ) != 0)) { | |||
7646 | wmem_strbuf_append_printf(ja4_data->alpn, "%c%c", alpn_first_char, alpn_last_char); | |||
7647 | } | |||
7648 | else { | |||
7649 | wmem_strbuf_append_printf(ja4_data->alpn, "%x%x",(alpn_first_char >> 4) & 0x0F, | |||
7650 | alpn_last_char & 0x0F); | |||
7651 | } | |||
7652 | } | |||
7653 | /* Remember first ALPN ProtocolName entry for server. */ | |||
7654 | if (hnd_type == SSL_HND_SERVER_HELLO || hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS) { | |||
7655 | /* '\0'-terminated string for dissector table match and prefix | |||
7656 | * comparison purposes. */ | |||
7657 | proto_name = tvb_get_string_enc(pinfo->pool, tvb, offset, | |||
7658 | name_length, ENC_ASCII0x00000000); | |||
7659 | } else if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
7660 | client_proto_name = tvb_get_string_enc(pinfo->pool, tvb, offset, | |||
7661 | name_length, ENC_ASCII0x00000000); | |||
7662 | } | |||
7663 | offset += name_length; | |||
7664 | } | |||
7665 | ||||
7666 | /* If ALPN is given in ServerHello, then ProtocolNameList MUST contain | |||
7667 | * exactly one "ProtocolName". */ | |||
7668 | if (proto_name) { | |||
7669 | dissector_handle_t handle; | |||
7670 | ||||
7671 | session->alpn_name = wmem_strdup(wmem_file_scope(), proto_name); | |||
7672 | ||||
7673 | if (is_dtls) { | |||
7674 | handle = dissector_get_string_handle(dtls_alpn_dissector_table, | |||
7675 | proto_name); | |||
7676 | } else { | |||
7677 | handle = dissector_get_string_handle(ssl_alpn_dissector_table, | |||
7678 | proto_name); | |||
7679 | if (handle == NULL((void*)0)) { | |||
7680 | /* Try prefix matching */ | |||
7681 | for (size_t i = 0; i < G_N_ELEMENTS(ssl_alpn_prefix_match_protocols)(sizeof (ssl_alpn_prefix_match_protocols) / sizeof ((ssl_alpn_prefix_match_protocols )[0])); i++) { | |||
7682 | const ssl_alpn_prefix_match_protocol_t *alpn_proto = &ssl_alpn_prefix_match_protocols[i]; | |||
7683 | ||||
7684 | /* string_string is inappropriate as it compares strings | |||
7685 | * while "byte strings MUST NOT be truncated" (RFC 7301) */ | |||
7686 | if (g_str_has_prefix(proto_name, alpn_proto->proto_prefix)(__builtin_constant_p (alpn_proto->proto_prefix)? __extension__ ({ const char * const __str = (proto_name); const char * const __prefix = (alpn_proto->proto_prefix); gboolean __result = (0); if (__str == ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix); else { const size_t __str_len = strlen (((__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix))); if (__str_len >= __prefix_len ) __result = memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix )), __prefix_len) == 0; } __result; }) : (g_str_has_prefix) ( proto_name, alpn_proto->proto_prefix) )) { | |||
7687 | handle = find_dissector(alpn_proto->dissector_name); | |||
7688 | break; | |||
7689 | } | |||
7690 | } | |||
7691 | } | |||
7692 | } | |||
7693 | if (handle != NULL((void*)0)) { | |||
7694 | /* ProtocolName match, so set the App data dissector handle. | |||
7695 | * This may override protocols given via the UAT dialog, but | |||
7696 | * since the ALPN hint is precise, do it anyway. */ | |||
7697 | ssl_debug_printf("%s: changing handle %p to %p (%s)", G_STRFUNC((const char*) (__func__)), | |||
7698 | (void *)session->app_handle, | |||
7699 | (void *)handle, | |||
7700 | dissector_handle_get_dissector_name(handle)); | |||
7701 | session->app_handle = handle; | |||
7702 | } | |||
7703 | } else if (client_proto_name) { | |||
7704 | // No current use for looking up the handle as the only consumer of this API is currently the QUIC dissector | |||
7705 | // and it just needs the string since there are/were various HTTP/3 ALPNs to check for. | |||
7706 | session->client_alpn_name = wmem_strdup(wmem_file_scope(), client_proto_name); | |||
7707 | } | |||
7708 | ||||
7709 | return offset; | |||
7710 | } | |||
7711 | ||||
7712 | static int | |||
7713 | ssl_dissect_hnd_hello_ext_npn(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
7714 | packet_info *pinfo, proto_tree *tree, | |||
7715 | uint32_t offset, uint32_t offset_end) | |||
7716 | { | |||
7717 | /* https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-3 | |||
7718 | * The "extension_data" field of a "next_protocol_negotiation" extension | |||
7719 | * in a "ServerHello" contains an optional list of protocols advertised | |||
7720 | * by the server. Protocols are named by opaque, non-empty byte strings | |||
7721 | * and the list of protocols is serialized as a concatenation of 8-bit, | |||
7722 | * length prefixed byte strings. Implementations MUST ensure that the | |||
7723 | * empty string is not included and that no byte strings are truncated. | |||
7724 | */ | |||
7725 | uint32_t npn_length; | |||
7726 | proto_tree *npn_tree; | |||
7727 | ||||
7728 | /* List is optional, do not add tree if there are no entries. */ | |||
7729 | if (offset == offset_end) { | |||
7730 | return offset; | |||
7731 | } | |||
7732 | ||||
7733 | npn_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_npn, NULL((void*)0), "Next Protocol Negotiation"); | |||
7734 | ||||
7735 | while (offset < offset_end) { | |||
7736 | /* non-empty, 8-bit length prefixed strings means range 1..255 */ | |||
7737 | if (!ssl_add_vector(hf, tvb, pinfo, npn_tree, offset, offset_end, &npn_length, | |||
7738 | hf->hf.hs_ext_npn_str_len, 1, UINT8_MAX(255))) { | |||
7739 | return offset_end; | |||
7740 | } | |||
7741 | offset++; | |||
7742 | ||||
7743 | proto_tree_add_item(npn_tree, hf->hf.hs_ext_npn_str, | |||
7744 | tvb, offset, npn_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
7745 | offset += npn_length; | |||
7746 | } | |||
7747 | ||||
7748 | return offset; | |||
7749 | } | |||
7750 | ||||
7751 | static int | |||
7752 | ssl_dissect_hnd_hello_ext_reneg_info(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
7753 | packet_info *pinfo, proto_tree *tree, | |||
7754 | uint32_t offset, uint32_t offset_end) | |||
7755 | { | |||
7756 | /* https://tools.ietf.org/html/rfc5746#section-3.2 | |||
7757 | * struct { | |||
7758 | * opaque renegotiated_connection<0..255>; | |||
7759 | * } RenegotiationInfo; | |||
7760 | * | |||
7761 | */ | |||
7762 | proto_tree *reneg_info_tree; | |||
7763 | uint32_t reneg_info_length; | |||
7764 | ||||
7765 | reneg_info_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_reneg_info, NULL((void*)0), "Renegotiation Info extension"); | |||
7766 | ||||
7767 | /* opaque renegotiated_connection<0..255> */ | |||
7768 | if (!ssl_add_vector(hf, tvb, pinfo, reneg_info_tree, offset, offset_end, &reneg_info_length, | |||
7769 | hf->hf.hs_ext_reneg_info_len, 0, 255)) { | |||
7770 | return offset_end; | |||
7771 | } | |||
7772 | offset++; | |||
7773 | ||||
7774 | if (reneg_info_length > 0) { | |||
7775 | proto_tree_add_item(reneg_info_tree, hf->hf.hs_ext_reneg_info, tvb, offset, reneg_info_length, ENC_NA0x00000000); | |||
7776 | offset += reneg_info_length; | |||
7777 | } | |||
7778 | ||||
7779 | return offset; | |||
7780 | } | |||
7781 | ||||
7782 | static int | |||
7783 | ssl_dissect_hnd_hello_ext_key_share_entry(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
7784 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
7785 | const char **group_name_out) | |||
7786 | { | |||
7787 | /* RFC 8446 Section 4.2.8 | |||
7788 | * struct { | |||
7789 | * NamedGroup group; | |||
7790 | * opaque key_exchange<1..2^16-1>; | |||
7791 | * } KeyShareEntry; | |||
7792 | */ | |||
7793 | uint32_t key_exchange_length, group; | |||
7794 | proto_tree *ks_tree; | |||
7795 | ||||
7796 | ks_tree = proto_tree_add_subtree(tree, tvb, offset, 4, hf->ett.hs_ext_key_share_ks, NULL((void*)0), "Key Share Entry"); | |||
7797 | ||||
7798 | proto_tree_add_item_ret_uint(ks_tree, hf->hf.hs_ext_key_share_group, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &group); | |||
7799 | offset += 2; | |||
7800 | const char *group_name = val_to_str(group, ssl_extension_curves, "Unknown (%u)"); | |||
7801 | proto_item_append_text(ks_tree, ": Group: %s", group_name); | |||
7802 | if (group_name_out) { | |||
7803 | *group_name_out = !IS_GREASE_TLS(group)((((group) & 0x0f0f) == 0x0a0a) && (((group) & 0xff) == (((group)>>8) & 0xff))) ? group_name : NULL((void*)0); | |||
7804 | } | |||
7805 | ||||
7806 | /* opaque key_exchange<1..2^16-1> */ | |||
7807 | if (!ssl_add_vector(hf, tvb, pinfo, ks_tree, offset, offset_end, &key_exchange_length, | |||
7808 | hf->hf.hs_ext_key_share_key_exchange_length, 1, UINT16_MAX(65535))) { | |||
7809 | return offset_end; /* Bad (possible truncated) length, skip to end of KeyShare extension. */ | |||
7810 | } | |||
7811 | offset += 2; | |||
7812 | proto_item_set_len(ks_tree, 2 + 2 + key_exchange_length); | |||
7813 | proto_item_append_text(ks_tree, ", Key Exchange length: %u", key_exchange_length); | |||
7814 | ||||
7815 | proto_tree_add_item(ks_tree, hf->hf.hs_ext_key_share_key_exchange, tvb, offset, key_exchange_length, ENC_NA0x00000000); | |||
7816 | offset += key_exchange_length; | |||
7817 | ||||
7818 | return offset; | |||
7819 | } | |||
7820 | ||||
7821 | static int | |||
7822 | ssl_dissect_hnd_hello_ext_key_share(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
7823 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
7824 | uint8_t hnd_type) | |||
7825 | { | |||
7826 | proto_tree *key_share_tree; | |||
7827 | uint32_t next_offset; | |||
7828 | uint32_t client_shares_length; | |||
7829 | uint32_t group; | |||
7830 | const char *group_name = NULL((void*)0); | |||
7831 | ||||
7832 | if (offset_end <= offset) { /* Check if ext_len == 0 and "overflow" (offset + ext_len) > uint32_t) */ | |||
7833 | return offset; | |||
7834 | } | |||
7835 | ||||
7836 | key_share_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_key_share, NULL((void*)0), "Key Share extension"); | |||
7837 | ||||
7838 | switch(hnd_type){ | |||
7839 | case SSL_HND_CLIENT_HELLO: | |||
7840 | /* KeyShareEntry client_shares<0..2^16-1> */ | |||
7841 | if (!ssl_add_vector(hf, tvb, pinfo, key_share_tree, offset, offset_end, &client_shares_length, | |||
7842 | hf->hf.hs_ext_key_share_client_length, 0, UINT16_MAX(65535))) { | |||
7843 | return offset_end; | |||
7844 | } | |||
7845 | offset += 2; | |||
7846 | next_offset = offset + client_shares_length; | |||
7847 | const char *sep = " "; | |||
7848 | while (offset + 4 <= next_offset) { /* (NamedGroup (2 bytes), key_exchange (1 byte for length, 1 byte minimum data) */ | |||
7849 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, key_share_tree, offset, next_offset, &group_name); | |||
7850 | if (group_name) { | |||
7851 | proto_item_append_text(tree, "%s%s", sep, group_name); | |||
7852 | sep = ", "; | |||
7853 | } | |||
7854 | } | |||
7855 | if (!ssl_end_vector(hf, tvb, pinfo, key_share_tree, offset, next_offset)) { | |||
7856 | return next_offset; | |||
7857 | } | |||
7858 | break; | |||
7859 | case SSL_HND_SERVER_HELLO: | |||
7860 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, key_share_tree, offset, offset_end, &group_name); | |||
7861 | if (group_name) { | |||
7862 | proto_item_append_text(tree, " %s", group_name); | |||
7863 | } | |||
7864 | break; | |||
7865 | case SSL_HND_HELLO_RETRY_REQUEST: | |||
7866 | proto_tree_add_item_ret_uint(key_share_tree, hf->hf.hs_ext_key_share_selected_group, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &group); | |||
7867 | offset += 2; | |||
7868 | group_name = val_to_str(group, ssl_extension_curves, "Unknown (%u)"); | |||
7869 | proto_item_append_text(tree, " %s", group_name); | |||
7870 | break; | |||
7871 | default: /* no default */ | |||
7872 | break; | |||
7873 | } | |||
7874 | ||||
7875 | return offset; | |||
7876 | } | |||
7877 | ||||
7878 | static int | |||
7879 | ssl_dissect_hnd_hello_ext_pre_shared_key(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
7880 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
7881 | uint8_t hnd_type) | |||
7882 | { | |||
7883 | /* RFC 8446 Section 4.2.11 | |||
7884 | * struct { | |||
7885 | * opaque identity<1..2^16-1>; | |||
7886 | * uint32 obfuscated_ticket_age; | |||
7887 | * } PskIdentity; | |||
7888 | * opaque PskBinderEntry<32..255>; | |||
7889 | * struct { | |||
7890 | * select (Handshake.msg_type) { | |||
7891 | * case client_hello: | |||
7892 | * PskIdentity identities<7..2^16-1>; | |||
7893 | * PskBinderEntry binders<33..2^16-1>; | |||
7894 | * case server_hello: | |||
7895 | * uint16 selected_identity; | |||
7896 | * }; | |||
7897 | * } PreSharedKeyExtension; | |||
7898 | */ | |||
7899 | ||||
7900 | proto_tree *psk_tree; | |||
7901 | ||||
7902 | psk_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_pre_shared_key, NULL((void*)0), "Pre-Shared Key extension"); | |||
7903 | ||||
7904 | switch (hnd_type){ | |||
7905 | case SSL_HND_CLIENT_HELLO: { | |||
7906 | uint32_t identities_length, identities_end, binders_length; | |||
7907 | ||||
7908 | /* PskIdentity identities<7..2^16-1> */ | |||
7909 | if (!ssl_add_vector(hf, tvb, pinfo, psk_tree, offset, offset_end, &identities_length, | |||
7910 | hf->hf.hs_ext_psk_identities_length, 7, UINT16_MAX(65535))) { | |||
7911 | return offset_end; | |||
7912 | } | |||
7913 | offset += 2; | |||
7914 | identities_end = offset + identities_length; | |||
7915 | ||||
7916 | while (offset < identities_end) { | |||
7917 | uint32_t identity_length; | |||
7918 | proto_tree *identity_tree; | |||
7919 | ||||
7920 | identity_tree = proto_tree_add_subtree(psk_tree, tvb, offset, 4, hf->ett.hs_ext_psk_identity, NULL((void*)0), "PSK Identity ("); | |||
7921 | ||||
7922 | /* opaque identity<1..2^16-1> */ | |||
7923 | if (!ssl_add_vector(hf, tvb, pinfo, identity_tree, offset, identities_end, &identity_length, | |||
7924 | hf->hf.hs_ext_psk_identity_identity_length, 1, UINT16_MAX(65535))) { | |||
7925 | return identities_end; | |||
7926 | } | |||
7927 | offset += 2; | |||
7928 | proto_item_append_text(identity_tree, "length: %u)", identity_length); | |||
7929 | ||||
7930 | proto_tree_add_item(identity_tree, hf->hf.hs_ext_psk_identity_identity, tvb, offset, identity_length, ENC_BIG_ENDIAN0x00000000); | |||
7931 | offset += identity_length; | |||
7932 | ||||
7933 | proto_tree_add_item(identity_tree, hf->hf.hs_ext_psk_identity_obfuscated_ticket_age, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
7934 | offset += 4; | |||
7935 | ||||
7936 | proto_item_set_len(identity_tree, 2 + identity_length + 4); | |||
7937 | } | |||
7938 | if (!ssl_end_vector(hf, tvb, pinfo, psk_tree, offset, identities_end)) { | |||
7939 | offset = identities_end; | |||
7940 | } | |||
7941 | ||||
7942 | /* PskBinderEntry binders<33..2^16-1> */ | |||
7943 | if (!ssl_add_vector(hf, tvb, pinfo, psk_tree, offset, offset_end, &binders_length, | |||
7944 | hf->hf.hs_ext_psk_binders_length, 33, UINT16_MAX(65535))) { | |||
7945 | return offset_end; | |||
7946 | } | |||
7947 | offset += 2; | |||
7948 | ||||
7949 | proto_tree_add_item(psk_tree, hf->hf.hs_ext_psk_binders, tvb, offset, binders_length, ENC_NA0x00000000); | |||
7950 | offset += binders_length; | |||
7951 | } | |||
7952 | break; | |||
7953 | case SSL_HND_SERVER_HELLO: { | |||
7954 | proto_tree_add_item(psk_tree, hf->hf.hs_ext_psk_identity_selected, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
7955 | offset += 2; | |||
7956 | } | |||
7957 | break; | |||
7958 | default: | |||
7959 | break; | |||
7960 | } | |||
7961 | ||||
7962 | return offset; | |||
7963 | } | |||
7964 | ||||
7965 | static uint32_t | |||
7966 | ssl_dissect_hnd_hello_ext_early_data(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), | |||
7967 | proto_tree *tree, uint32_t offset, uint32_t offset_end _U___attribute__((unused)), | |||
7968 | uint8_t hnd_type, SslDecryptSession *ssl) | |||
7969 | { | |||
7970 | /* RFC 8446 Section 4.2.10 | |||
7971 | * struct {} Empty; | |||
7972 | * struct { | |||
7973 | * select (Handshake.msg_type) { | |||
7974 | * case new_session_ticket: uint32 max_early_data_size; | |||
7975 | * case client_hello: Empty; | |||
7976 | * case encrypted_extensions: Empty; | |||
7977 | * }; | |||
7978 | * } EarlyDataIndication; | |||
7979 | */ | |||
7980 | switch (hnd_type) { | |||
7981 | case SSL_HND_CLIENT_HELLO: | |||
7982 | /* Remember that early_data will follow the handshake. */ | |||
7983 | if (ssl) { | |||
7984 | ssl_debug_printf("%s found early_data extension\n", G_STRFUNC((const char*) (__func__))); | |||
7985 | ssl->has_early_data = true1; | |||
7986 | } | |||
7987 | break; | |||
7988 | case SSL_HND_NEWSESSION_TICKET: | |||
7989 | proto_tree_add_item(tree, hf->hf.hs_ext_max_early_data_size, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
7990 | offset += 4; | |||
7991 | break; | |||
7992 | default: | |||
7993 | break; | |||
7994 | } | |||
7995 | return offset; | |||
7996 | } | |||
7997 | ||||
7998 | static uint16_t | |||
7999 | tls_try_get_version(bool_Bool is_dtls, uint16_t version, uint8_t *draft_version) | |||
8000 | { | |||
8001 | if (draft_version) { | |||
8002 | *draft_version = 0; | |||
8003 | } | |||
8004 | if (!is_dtls) { | |||
8005 | uint8_t tls13_draft = extract_tls13_draft_version(version); | |||
8006 | if (tls13_draft != 0) { | |||
8007 | /* This is TLS 1.3 (a draft version). */ | |||
8008 | if (draft_version) { | |||
8009 | *draft_version = tls13_draft; | |||
8010 | } | |||
8011 | version = TLSV1DOT3_VERSION0x304; | |||
8012 | } | |||
8013 | if (version == 0xfb17 || version == 0xfb1a) { | |||
8014 | /* Unofficial TLS 1.3 draft version for Facebook fizz. */ | |||
8015 | tls13_draft = (uint8_t)version; | |||
8016 | if (draft_version) { | |||
8017 | *draft_version = tls13_draft; | |||
8018 | } | |||
8019 | version = TLSV1DOT3_VERSION0x304; | |||
8020 | } | |||
8021 | } | |||
8022 | ||||
8023 | switch (version) { | |||
8024 | case SSLV3_VERSION0x300: | |||
8025 | case TLSV1_VERSION0x301: | |||
8026 | case TLSV1DOT1_VERSION0x302: | |||
8027 | case TLSV1DOT2_VERSION0x303: | |||
8028 | case TLSV1DOT3_VERSION0x304: | |||
8029 | case TLCPV1_VERSION0x101: | |||
8030 | if (is_dtls) | |||
8031 | return SSL_VER_UNKNOWN0; | |||
8032 | break; | |||
8033 | ||||
8034 | case DTLSV1DOT0_VERSION0xfeff: | |||
8035 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | |||
8036 | case DTLSV1DOT2_VERSION0xfefd: | |||
8037 | case DTLSV1DOT3_VERSION0xfefc: | |||
8038 | if (!is_dtls) | |||
8039 | return SSL_VER_UNKNOWN0; | |||
8040 | break; | |||
8041 | ||||
8042 | default: /* invalid version number */ | |||
8043 | return SSL_VER_UNKNOWN0; | |||
8044 | } | |||
8045 | ||||
8046 | return version; | |||
8047 | } | |||
8048 | ||||
8049 | static int | |||
8050 | ssl_dissect_hnd_hello_ext_supported_versions(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
8051 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
8052 | SslSession *session, bool_Bool is_dtls, ja4_data_t *ja4_data) | |||
8053 | { | |||
8054 | ||||
8055 | /* RFC 8446 Section 4.2.1 | |||
8056 | * struct { | |||
8057 | * ProtocolVersion versions<2..254>; // ClientHello | |||
8058 | * } SupportedVersions; | |||
8059 | * Note that ServerHello and HelloRetryRequest are handled by the caller. | |||
8060 | */ | |||
8061 | uint32_t versions_length, next_offset; | |||
8062 | /* ProtocolVersion versions<2..254> */ | |||
8063 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &versions_length, | |||
8064 | hf->hf.hs_ext_supported_versions_len, 2, 254)) { | |||
8065 | return offset_end; | |||
8066 | } | |||
8067 | offset++; | |||
8068 | next_offset = offset + versions_length; | |||
8069 | ||||
8070 | unsigned version; | |||
8071 | unsigned current_version, lowest_version = SSL_VER_UNKNOWN0; | |||
8072 | uint8_t draft_version, max_draft_version = 0; | |||
8073 | const char *sep = " "; | |||
8074 | while (offset + 2 <= next_offset) { | |||
8075 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_supported_version, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &version); | |||
8076 | offset += 2; | |||
8077 | ||||
8078 | if (!IS_GREASE_TLS(version)((((version) & 0x0f0f) == 0x0a0a) && (((version) & 0xff) == (((version)>>8) & 0xff)))) { | |||
8079 | proto_item_append_text(tree, "%s%s", sep, val_to_str(version, ssl_versions, "Unknown (0x%04x)")); | |||
8080 | sep = ", "; | |||
8081 | } | |||
8082 | ||||
8083 | current_version = tls_try_get_version(is_dtls, version, &draft_version); | |||
8084 | if (session->version == SSL_VER_UNKNOWN0) { | |||
8085 | if (lowest_version == SSL_VER_UNKNOWN0) { | |||
8086 | lowest_version = current_version; | |||
8087 | } else if (current_version != SSL_VER_UNKNOWN0) { | |||
8088 | if (!is_dtls) { | |||
8089 | lowest_version = MIN(lowest_version, current_version)(((lowest_version) < (current_version)) ? (lowest_version) : (current_version)); | |||
8090 | } else { | |||
8091 | lowest_version = MAX(lowest_version, current_version)(((lowest_version) > (current_version)) ? (lowest_version) : (current_version)); | |||
8092 | } | |||
8093 | } | |||
8094 | } | |||
8095 | max_draft_version = MAX(draft_version, max_draft_version)(((draft_version) > (max_draft_version)) ? (draft_version) : (max_draft_version)); | |||
8096 | if (ja4_data && !IS_GREASE_TLS(version)((((version) & 0x0f0f) == 0x0a0a) && (((version) & 0xff) == (((version)>>8) & 0xff)))) { | |||
8097 | /* The DTLS version numbers get mapped to "00" for unknown per | |||
8098 | * JA4 spec, but if JA4 ever does support DTLS we'll probably | |||
8099 | * need to take the MIN instead of MAX here for DTLS. | |||
8100 | */ | |||
8101 | ja4_data->max_version = MAX(version, ja4_data->max_version)(((version) > (ja4_data->max_version)) ? (version) : (ja4_data ->max_version)); | |||
8102 | } | |||
8103 | } | |||
8104 | if (session->version == SSL_VER_UNKNOWN0 && lowest_version != SSL_VER_UNKNOWN0) { | |||
8105 | col_set_str(pinfo->cinfo, COL_PROTOCOL, | |||
8106 | val_to_str_const(version, ssl_version_short_names, is_dtls ? "DTLS" : "TLS")); | |||
8107 | } | |||
8108 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { | |||
8109 | offset = next_offset; | |||
8110 | } | |||
8111 | ||||
8112 | /* XXX remove this when draft 19 support is dropped, | |||
8113 | * this is only required for early data decryption. */ | |||
8114 | if (max_draft_version) { | |||
8115 | session->tls13_draft_version = max_draft_version; | |||
8116 | } | |||
8117 | ||||
8118 | return offset; | |||
8119 | } | |||
8120 | ||||
8121 | static int | |||
8122 | ssl_dissect_hnd_hello_ext_cookie(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
8123 | packet_info *pinfo, proto_tree *tree, | |||
8124 | uint32_t offset, uint32_t offset_end) | |||
8125 | { | |||
8126 | /* RFC 8446 Section 4.2.2 | |||
8127 | * struct { | |||
8128 | * opaque cookie<1..2^16-1>; | |||
8129 | * } Cookie; | |||
8130 | */ | |||
8131 | uint32_t cookie_length; | |||
8132 | /* opaque cookie<1..2^16-1> */ | |||
8133 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cookie_length, | |||
8134 | hf->hf.hs_ext_cookie_len, 1, UINT16_MAX(65535))) { | |||
8135 | return offset_end; | |||
8136 | } | |||
8137 | offset += 2; | |||
8138 | ||||
8139 | proto_tree_add_item(tree, hf->hf.hs_ext_cookie, tvb, offset, cookie_length, ENC_NA0x00000000); | |||
8140 | offset += cookie_length; | |||
8141 | ||||
8142 | return offset; | |||
8143 | } | |||
8144 | ||||
8145 | static int | |||
8146 | ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
8147 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
8148 | { | |||
8149 | /* RFC 8446 Section 4.2.9 | |||
8150 | * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; | |||
8151 | * | |||
8152 | * struct { | |||
8153 | * PskKeyExchangeMode ke_modes<1..255>; | |||
8154 | * } PskKeyExchangeModes; | |||
8155 | */ | |||
8156 | uint32_t ke_modes_length, next_offset; | |||
8157 | ||||
8158 | /* PskKeyExchangeMode ke_modes<1..255> */ | |||
8159 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &ke_modes_length, | |||
8160 | hf->hf.hs_ext_psk_ke_modes_length, 1, 255)) { | |||
8161 | return offset_end; | |||
8162 | } | |||
8163 | offset++; | |||
8164 | next_offset = offset + ke_modes_length; | |||
8165 | ||||
8166 | while (offset < next_offset) { | |||
8167 | proto_tree_add_item(tree, hf->hf.hs_ext_psk_ke_mode, tvb, offset, 1, ENC_NA0x00000000); | |||
8168 | offset++; | |||
8169 | } | |||
8170 | ||||
8171 | return offset; | |||
8172 | } | |||
8173 | ||||
8174 | static uint32_t | |||
8175 | ssl_dissect_hnd_hello_ext_certificate_authorities(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
8176 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
8177 | { | |||
8178 | /* RFC 8446 Section 4.2.4 | |||
8179 | * opaque DistinguishedName<1..2^16-1>; | |||
8180 | * struct { | |||
8181 | * DistinguishedName authorities<3..2^16-1>; | |||
8182 | * } CertificateAuthoritiesExtension; | |||
8183 | */ | |||
8184 | return tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); | |||
8185 | } | |||
8186 | ||||
8187 | static int | |||
8188 | ssl_dissect_hnd_hello_ext_oid_filters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
8189 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
8190 | { | |||
8191 | /* RFC 8446 Section 4.2.5 | |||
8192 | * struct { | |||
8193 | * opaque certificate_extension_oid<1..2^8-1>; | |||
8194 | * opaque certificate_extension_values<0..2^16-1>; | |||
8195 | * } OIDFilter; | |||
8196 | * struct { | |||
8197 | * OIDFilter filters<0..2^16-1>; | |||
8198 | * } OIDFilterExtension; | |||
8199 | */ | |||
8200 | proto_tree *subtree; | |||
8201 | uint32_t filters_length, oid_length, values_length, value_offset; | |||
8202 | asn1_ctx_t asn1_ctx; | |||
8203 | const char *oid, *name; | |||
8204 | ||||
8205 | /* OIDFilter filters<0..2^16-1> */ | |||
8206 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &filters_length, | |||
8207 | hf->hf.hs_ext_psk_ke_modes_length, 0, UINT16_MAX(65535))) { | |||
8208 | return offset_end; | |||
8209 | } | |||
8210 | offset += 2; | |||
8211 | offset_end = offset + filters_length; | |||
8212 | ||||
8213 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
8214 | ||||
8215 | while (offset < offset_end) { | |||
8216 | subtree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
8217 | hf->ett.hs_ext_oid_filter, NULL((void*)0), "OID Filter"); | |||
8218 | ||||
8219 | /* opaque certificate_extension_oid<1..2^8-1> */ | |||
8220 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &oid_length, | |||
8221 | hf->hf.hs_ext_oid_filters_oid_length, 1, UINT8_MAX(255))) { | |||
8222 | return offset_end; | |||
8223 | } | |||
8224 | offset++; | |||
8225 | dissect_ber_object_identifier_str(false0, &asn1_ctx, subtree, tvb, offset, | |||
8226 | hf->hf.hs_ext_oid_filters_oid, &oid); | |||
8227 | offset += oid_length; | |||
8228 | ||||
8229 | /* Append OID to tree label */ | |||
8230 | name = oid_resolved_from_string(pinfo->pool, oid); | |||
8231 | proto_item_append_text(subtree, " (%s)", name ? name : oid); | |||
8232 | ||||
8233 | /* opaque certificate_extension_values<0..2^16-1> */ | |||
8234 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &values_length, | |||
8235 | hf->hf.hs_ext_oid_filters_values_length, 0, UINT16_MAX(65535))) { | |||
8236 | return offset_end; | |||
8237 | } | |||
8238 | offset += 2; | |||
8239 | proto_item_set_len(subtree, 1 + oid_length + 2 + values_length); | |||
8240 | if (values_length > 0) { | |||
8241 | value_offset = offset; | |||
8242 | value_offset = dissect_ber_identifier(pinfo, subtree, tvb, value_offset, NULL((void*)0), NULL((void*)0), NULL((void*)0)); | |||
8243 | value_offset = dissect_ber_length(pinfo, subtree, tvb, value_offset, NULL((void*)0), NULL((void*)0)); | |||
8244 | call_ber_oid_callback(oid, tvb, value_offset, pinfo, subtree, NULL((void*)0)); | |||
8245 | } | |||
8246 | offset += values_length; | |||
8247 | } | |||
8248 | ||||
8249 | return offset; | |||
8250 | } | |||
8251 | ||||
8252 | static int | |||
8253 | ssl_dissect_hnd_hello_ext_server_name(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
8254 | packet_info *pinfo, proto_tree *tree, | |||
8255 | uint32_t offset, uint32_t offset_end) | |||
8256 | { | |||
8257 | /* https://tools.ietf.org/html/rfc6066#section-3 | |||
8258 | * | |||
8259 | * struct { | |||
8260 | * NameType name_type; | |||
8261 | * select (name_type) { | |||
8262 | * case host_name: HostName; | |||
8263 | * } name; | |||
8264 | * } ServerName; | |||
8265 | * | |||
8266 | * enum { | |||
8267 | * host_name(0), (255) | |||
8268 | * } NameType; | |||
8269 | * | |||
8270 | * opaque HostName<1..2^16-1>; | |||
8271 | * | |||
8272 | * struct { | |||
8273 | * ServerName server_name_list<1..2^16-1> | |||
8274 | * } ServerNameList; | |||
8275 | */ | |||
8276 | proto_tree *server_name_tree; | |||
8277 | uint32_t list_length, server_name_length, next_offset; | |||
8278 | ||||
8279 | /* The server SHALL include "server_name" extension with empty data. */ | |||
8280 | if (offset == offset_end) { | |||
8281 | return offset; | |||
8282 | } | |||
8283 | ||||
8284 | server_name_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_server_name, NULL((void*)0), "Server Name Indication extension"); | |||
8285 | ||||
8286 | /* ServerName server_name_list<1..2^16-1> */ | |||
8287 | if (!ssl_add_vector(hf, tvb, pinfo, server_name_tree, offset, offset_end, &list_length, | |||
8288 | hf->hf.hs_ext_server_name_list_len, 1, UINT16_MAX(65535))) { | |||
8289 | return offset_end; | |||
8290 | } | |||
8291 | offset += 2; | |||
8292 | next_offset = offset + list_length; | |||
8293 | ||||
8294 | while (offset < next_offset) { | |||
8295 | uint32_t name_type; | |||
8296 | const uint8_t *server_name = NULL((void*)0); | |||
8297 | proto_tree_add_item_ret_uint(server_name_tree, hf->hf.hs_ext_server_name_type, | |||
8298 | tvb, offset, 1, ENC_NA0x00000000, &name_type); | |||
8299 | offset++; | |||
8300 | ||||
8301 | /* opaque HostName<1..2^16-1> */ | |||
8302 | if (!ssl_add_vector(hf, tvb, pinfo, server_name_tree, offset, next_offset, &server_name_length, | |||
8303 | hf->hf.hs_ext_server_name_len, 1, UINT16_MAX(65535))) { | |||
8304 | return next_offset; | |||
8305 | } | |||
8306 | offset += 2; | |||
8307 | ||||
8308 | proto_tree_add_item_ret_string(server_name_tree, hf->hf.hs_ext_server_name, | |||
8309 | tvb, offset, server_name_length, ENC_ASCII0x00000000|ENC_NA0x00000000, | |||
8310 | pinfo->pool, &server_name); | |||
8311 | offset += server_name_length; | |||
8312 | // Each type must only occur once, so we don't check for duplicates. | |||
8313 | if (name_type == 0) { | |||
8314 | proto_item_append_text(tree, " name=%s", server_name); | |||
8315 | col_append_fstr(pinfo->cinfo, COL_INFO, " (SNI=%s)", server_name); | |||
8316 | ||||
8317 | if (gbl_resolv_flags.handshake_sni_addr_resolution) { | |||
8318 | // Client Hello: Client (Src) -> Server (Dst) | |||
8319 | switch (pinfo->dst.type) { | |||
8320 | case AT_IPv4: | |||
8321 | if (pinfo->dst.len == sizeof(uint32_t)) { | |||
8322 | add_ipv4_name(*(uint32_t *)pinfo->dst.data, server_name, false0); | |||
8323 | } | |||
8324 | break; | |||
8325 | case AT_IPv6: | |||
8326 | if (pinfo->dst.len == sizeof(ws_in6_addr)) { | |||
8327 | add_ipv6_name(pinfo->dst.data, server_name, false0); | |||
8328 | } | |||
8329 | break; | |||
8330 | } | |||
8331 | } | |||
8332 | } | |||
8333 | } | |||
8334 | return offset; | |||
8335 | } | |||
8336 | ||||
8337 | static int | |||
8338 | ssl_dissect_hnd_hello_ext_session_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
8339 | proto_tree *tree, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, SslDecryptSession *ssl) | |||
8340 | { | |||
8341 | unsigned ext_len = offset_end - offset; | |||
8342 | if (hnd_type == SSL_HND_CLIENT_HELLO && ssl && ext_len != 0) { | |||
8343 | tvb_ensure_bytes_exist(tvb, offset, ext_len); | |||
8344 | /* Save the Session Ticket such that it can be used as identifier for | |||
8345 | * restoring a previous Master Secret (in ChangeCipherSpec) */ | |||
8346 | ssl->session_ticket.data = (unsigned char*)wmem_realloc(wmem_file_scope(), | |||
8347 | ssl->session_ticket.data, ext_len); | |||
8348 | ssl->session_ticket.data_len = ext_len; | |||
8349 | tvb_memcpy(tvb,ssl->session_ticket.data, offset, ext_len); | |||
8350 | } | |||
8351 | proto_tree_add_item(tree, hf->hf.hs_ext_session_ticket, | |||
8352 | tvb, offset, ext_len, ENC_NA0x00000000); | |||
8353 | return offset + ext_len; | |||
8354 | } | |||
8355 | ||||
8356 | static int | |||
8357 | ssl_dissect_hnd_hello_ext_cert_type(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
8358 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
8359 | uint8_t hnd_type, uint16_t ext_type, SslSession *session) | |||
8360 | { | |||
8361 | uint8_t cert_list_length; | |||
8362 | uint8_t cert_type; | |||
8363 | proto_tree *cert_list_tree; | |||
8364 | proto_item *ti; | |||
8365 | ||||
8366 | switch(hnd_type){ | |||
8367 | case SSL_HND_CLIENT_HELLO: | |||
8368 | cert_list_length = tvb_get_uint8(tvb, offset); | |||
8369 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_types_len, | |||
8370 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
8371 | offset += 1; | |||
8372 | if (offset_end - offset != (uint32_t)cert_list_length) | |||
8373 | return offset; | |||
8374 | ||||
8375 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_cert_types, tvb, offset, | |||
8376 | cert_list_length, cert_list_length); | |||
8377 | proto_item_append_text(ti, " (%d)", cert_list_length); | |||
8378 | ||||
8379 | /* make this a subtree */ | |||
8380 | cert_list_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_cert_types); | |||
8381 | ||||
8382 | /* loop over all point formats */ | |||
8383 | while (cert_list_length > 0) | |||
8384 | { | |||
8385 | proto_tree_add_item(cert_list_tree, hf->hf.hs_ext_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
8386 | offset++; | |||
8387 | cert_list_length--; | |||
8388 | } | |||
8389 | break; | |||
8390 | case SSL_HND_SERVER_HELLO: | |||
8391 | case SSL_HND_ENCRYPTED_EXTENSIONS: | |||
8392 | case SSL_HND_CERTIFICATE: | |||
8393 | cert_type = tvb_get_uint8(tvb, offset); | |||
8394 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
8395 | offset += 1; | |||
8396 | if (ext_type == SSL_HND_HELLO_EXT_CERT_TYPE9 || ext_type == SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19) { | |||
8397 | session->client_cert_type = cert_type; | |||
8398 | } | |||
8399 | if (ext_type == SSL_HND_HELLO_EXT_CERT_TYPE9 || ext_type == SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20) { | |||
8400 | session->server_cert_type = cert_type; | |||
8401 | } | |||
8402 | break; | |||
8403 | default: /* no default */ | |||
8404 | break; | |||
8405 | } | |||
8406 | ||||
8407 | return offset; | |||
8408 | } | |||
8409 | ||||
8410 | static uint32_t | |||
8411 | ssl_dissect_hnd_hello_ext_compress_certificate(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
8412 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
8413 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | |||
8414 | { | |||
8415 | uint32_t compress_certificate_algorithms_length, next_offset; | |||
8416 | ||||
8417 | /* https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03#section-3.0 | |||
8418 | * enum { | |||
8419 | * zlib(1), | |||
8420 | * brotli(2), | |||
8421 | * (65535) | |||
8422 | * } CertificateCompressionAlgorithm; | |||
8423 | * | |||
8424 | * struct { | |||
8425 | * CertificateCompressionAlgorithm algorithms<1..2^8-1>; | |||
8426 | * } CertificateCompressionAlgorithms; | |||
8427 | */ | |||
8428 | switch (hnd_type) { | |||
8429 | case SSL_HND_CLIENT_HELLO: | |||
8430 | case SSL_HND_CERT_REQUEST: | |||
8431 | /* CertificateCompressionAlgorithm algorithms<1..2^8-1>;*/ | |||
8432 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compress_certificate_algorithms_length, | |||
8433 | hf->hf.hs_ext_compress_certificate_algorithms_length, 1, UINT8_MAX(255)-1)) { | |||
8434 | return offset_end; | |||
8435 | } | |||
8436 | offset += 1; | |||
8437 | next_offset = offset + compress_certificate_algorithms_length; | |||
8438 | ||||
8439 | while (offset < next_offset) { | |||
8440 | proto_tree_add_item(tree, hf->hf.hs_ext_compress_certificate_algorithm, | |||
8441 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
8442 | offset += 2; | |||
8443 | } | |||
8444 | break; | |||
8445 | default: | |||
8446 | break; | |||
8447 | } | |||
8448 | ||||
8449 | return offset; | |||
8450 | } | |||
8451 | ||||
8452 | static uint32_t | |||
8453 | ssl_dissect_hnd_hello_ext_token_binding(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
8454 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
8455 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | |||
8456 | { | |||
8457 | uint32_t key_parameters_length, next_offset; | |||
8458 | proto_item *p_ti; | |||
8459 | proto_tree *p_tree; | |||
8460 | ||||
8461 | /* RFC 8472 | |||
8462 | * | |||
8463 | * struct { | |||
8464 | * uint8 major; | |||
8465 | * uint8 minor; | |||
8466 | * } TB_ProtocolVersion; | |||
8467 | * | |||
8468 | * enum { | |||
8469 | * rsa2048_pkcs1.5(0), rsa2048_pss(1), ecdsap256(2), (255) | |||
8470 | * } TokenBindingKeyParameters; | |||
8471 | * | |||
8472 | * struct { | |||
8473 | * TB_ProtocolVersion token_binding_version; | |||
8474 | * TokenBindingKeyParameters key_parameters_list<1..2^8-1> | |||
8475 | * } TokenBindingParameters; | |||
8476 | */ | |||
8477 | ||||
8478 | switch (hnd_type) { | |||
8479 | case SSL_HND_CLIENT_HELLO: | |||
8480 | case SSL_HND_SERVER_HELLO: | |||
8481 | proto_tree_add_item(tree, hf->hf.hs_ext_token_binding_version_major, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
8482 | offset += 1; | |||
8483 | proto_tree_add_item(tree, hf->hf.hs_ext_token_binding_version_minor, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
8484 | offset += 1; | |||
8485 | ||||
8486 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &key_parameters_length, | |||
8487 | hf->hf.hs_ext_token_binding_key_parameters_length, 1, UINT8_MAX(255))) { | |||
8488 | return offset_end; | |||
8489 | } | |||
8490 | offset += 1; | |||
8491 | next_offset = offset + key_parameters_length; | |||
8492 | ||||
8493 | p_ti = proto_tree_add_none_format(tree, | |||
8494 | hf->hf.hs_ext_token_binding_key_parameters, | |||
8495 | tvb, offset, key_parameters_length, | |||
8496 | "Key parameters identifiers (%d identifier%s)", | |||
8497 | key_parameters_length, | |||
8498 | plurality(key_parameters_length, "", "s")((key_parameters_length) == 1 ? ("") : ("s"))); | |||
8499 | p_tree = proto_item_add_subtree(p_ti, hf->ett.hs_ext_token_binding_key_parameters); | |||
8500 | ||||
8501 | while (offset < next_offset) { | |||
8502 | proto_tree_add_item(p_tree, hf->hf.hs_ext_token_binding_key_parameter, | |||
8503 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
8504 | offset += 1; | |||
8505 | } | |||
8506 | ||||
8507 | if (!ssl_end_vector(hf, tvb, pinfo, p_tree, offset, next_offset)) { | |||
8508 | offset = next_offset; | |||
8509 | } | |||
8510 | ||||
8511 | break; | |||
8512 | default: | |||
8513 | break; | |||
8514 | } | |||
8515 | ||||
8516 | return offset; | |||
8517 | } | |||
8518 | ||||
8519 | static uint32_t | |||
8520 | ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
8521 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
8522 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | |||
8523 | { | |||
8524 | bool_Bool use_varint_encoding = true1; // Whether this is draft -27 or newer. | |||
8525 | uint32_t next_offset; | |||
8526 | ||||
8527 | /* https://tools.ietf.org/html/draft-ietf-quic-transport-25#section-18 | |||
8528 | * | |||
8529 | * Note: the following structures are not literally defined in the spec, | |||
8530 | * they instead use an ASCII diagram. | |||
8531 | * | |||
8532 | * struct { | |||
8533 | * uint16 id; | |||
8534 | * opaque value<0..2^16-1>; | |||
8535 | * } TransportParameter; // before draft -27 | |||
8536 | * TransportParameter TransportParameters<0..2^16-1>; // before draft -27 | |||
8537 | * | |||
8538 | * struct { | |||
8539 | * opaque ipv4Address[4]; | |||
8540 | * uint16 ipv4Port; | |||
8541 | * opaque ipv6Address[16]; | |||
8542 | * uint16 ipv6Port; | |||
8543 | * opaque connectionId<0..18>; | |||
8544 | * opaque statelessResetToken[16]; | |||
8545 | * } PreferredAddress; | |||
8546 | */ | |||
8547 | ||||
8548 | if (offset_end - offset >= 6 && | |||
8549 | 2 + (unsigned)tvb_get_ntohs(tvb, offset) == offset_end - offset && | |||
8550 | 6 + (unsigned)tvb_get_ntohs(tvb, offset + 4) <= offset_end - offset) { | |||
8551 | // Assume encoding of Transport Parameters draft -26 or older with at | |||
8552 | // least one transport parameter that has a valid length. | |||
8553 | use_varint_encoding = false0; | |||
8554 | } | |||
8555 | ||||
8556 | if (use_varint_encoding) { | |||
8557 | next_offset = offset_end; | |||
8558 | } else { | |||
8559 | uint32_t quic_length; | |||
8560 | // Assume draft -26 or earlier. | |||
8561 | /* TransportParameter TransportParameters<0..2^16-1>; */ | |||
8562 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &quic_length, | |||
8563 | hf->hf.hs_ext_quictp_len, 0, UINT16_MAX(65535))) { | |||
8564 | return offset_end; | |||
8565 | } | |||
8566 | offset += 2; | |||
8567 | next_offset = offset + quic_length; | |||
8568 | } | |||
8569 | ||||
8570 | while (offset < next_offset) { | |||
8571 | uint64_t parameter_type; /* 62-bit space */ | |||
8572 | uint32_t parameter_length; | |||
8573 | proto_tree *parameter_tree; | |||
8574 | uint32_t parameter_end_offset; | |||
8575 | uint64_t value; | |||
8576 | uint32_t len = 0, i; | |||
8577 | ||||
8578 | parameter_tree = proto_tree_add_subtree(tree, tvb, offset, 2, hf->ett.hs_ext_quictp_parameter, | |||
8579 | NULL((void*)0), "Parameter"); | |||
8580 | /* TransportParameter ID and Length. */ | |||
8581 | if (use_varint_encoding) { | |||
8582 | uint64_t parameter_length64; | |||
8583 | uint32_t type_len = 0; | |||
8584 | ||||
8585 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_type, | |||
8586 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, ¶meter_type, &type_len); | |||
8587 | offset += type_len; | |||
8588 | ||||
8589 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_len, | |||
8590 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, ¶meter_length64, &len); | |||
8591 | parameter_length = (uint32_t)parameter_length64; | |||
8592 | offset += len; | |||
8593 | ||||
8594 | proto_item_set_len(parameter_tree, type_len + len + parameter_length); | |||
8595 | } else { | |||
8596 | parameter_type = tvb_get_ntohs(tvb, offset); | |||
8597 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_type, | |||
8598 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
8599 | offset += 2; | |||
8600 | ||||
8601 | /* opaque value<0..2^16-1> */ | |||
8602 | if (!ssl_add_vector(hf, tvb, pinfo, parameter_tree, offset, next_offset, ¶meter_length, | |||
8603 | hf->hf.hs_ext_quictp_parameter_len_old, 0, UINT16_MAX(65535))) { | |||
8604 | return next_offset; | |||
8605 | } | |||
8606 | offset += 2; | |||
8607 | ||||
8608 | proto_item_set_len(parameter_tree, 4 + parameter_length); | |||
8609 | } | |||
8610 | ||||
8611 | if (IS_GREASE_QUIC(parameter_type)((parameter_type) > 27 ? ((((parameter_type) - 27) % 31) == 0) : 0)) { | |||
8612 | proto_item_append_text(parameter_tree, ": GREASE"); | |||
8613 | } else { | |||
8614 | proto_item_append_text(parameter_tree, ": %s", val64_to_str(parameter_type, quic_transport_parameter_id, "Unknown 0x%04x")); | |||
8615 | } | |||
8616 | ||||
8617 | proto_item_append_text(parameter_tree, " (len=%u)", parameter_length); | |||
8618 | parameter_end_offset = offset + parameter_length; | |||
8619 | ||||
8620 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_value, | |||
8621 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
8622 | ||||
8623 | switch (parameter_type) { | |||
8624 | case SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID0x00: | |||
8625 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_original_destination_connection_id, | |||
8626 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
8627 | offset += parameter_length; | |||
8628 | break; | |||
8629 | case SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT0x01: | |||
8630 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_idle_timeout, | |||
8631 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8632 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u" " ms", value); | |||
8633 | offset += len; | |||
8634 | break; | |||
8635 | case SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN0x02: | |||
8636 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_stateless_reset_token, | |||
8637 | tvb, offset, 16, ENC_BIG_ENDIAN0x00000000); | |||
8638 | quic_add_stateless_reset_token(pinfo, tvb, offset, NULL((void*)0)); | |||
8639 | offset += 16; | |||
8640 | break; | |||
8641 | case SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE0x03: | |||
8642 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_udp_payload_size, | |||
8643 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8644 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8645 | /*TODO display expert info about invalid value (< 1252 or >65527) ? */ | |||
8646 | offset += len; | |||
8647 | break; | |||
8648 | case SSL_HND_QUIC_TP_INITIAL_MAX_DATA0x04: | |||
8649 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_data, | |||
8650 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8651 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8652 | offset += len; | |||
8653 | break; | |||
8654 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL0x05: | |||
8655 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_local, | |||
8656 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8657 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8658 | offset += len; | |||
8659 | break; | |||
8660 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE0x06: | |||
8661 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote, | |||
8662 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8663 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8664 | offset += len; | |||
8665 | break; | |||
8666 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI0x07: | |||
8667 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_uni, | |||
8668 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8669 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8670 | offset += len; | |||
8671 | break; | |||
8672 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI0x09: | |||
8673 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_streams_uni, | |||
8674 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8675 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8676 | offset += len; | |||
8677 | break; | |||
8678 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI0x08: | |||
8679 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_streams_bidi, | |||
8680 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8681 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8682 | offset += len; | |||
8683 | break; | |||
8684 | case SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT0x0a: | |||
8685 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_ack_delay_exponent, | |||
8686 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, NULL((void*)0), &len); | |||
8687 | /*TODO display multiplier (x8) and expert info about invalid value (> 20) ? */ | |||
8688 | offset += len; | |||
8689 | break; | |||
8690 | case SSL_HND_QUIC_TP_MAX_ACK_DELAY0x0b: | |||
8691 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_ack_delay, | |||
8692 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8693 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8694 | offset += len; | |||
8695 | break; | |||
8696 | case SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION0x0c: | |||
8697 | /* No Payload */ | |||
8698 | break; | |||
8699 | case SSL_HND_QUIC_TP_PREFERRED_ADDRESS0x0d: { | |||
8700 | uint32_t connectionid_length; | |||
8701 | quic_cid_t cid; | |||
8702 | ||||
8703 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4address, | |||
8704 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
8705 | offset += 4; | |||
8706 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4port, | |||
8707 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
8708 | offset += 2; | |||
8709 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6address, | |||
8710 | tvb, offset, 16, ENC_NA0x00000000); | |||
8711 | offset += 16; | |||
8712 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6port, | |||
8713 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
8714 | offset += 2; | |||
8715 | /* XXX - Should we add these addresses and ports as addresses that the client | |||
8716 | * is allowed / expected to migrate the server address to? Right now we don't | |||
8717 | * enforce that (see RFC 9000 Section 9, which implies that while the client | |||
8718 | * can migrate to whatever address it wants, it can only migrate the server | |||
8719 | * address to the Server's Preferred Address as in 9.6. Also Issue #20165.) | |||
8720 | */ | |||
8721 | ||||
8722 | if (!ssl_add_vector(hf, tvb, pinfo, parameter_tree, offset, offset_end, &connectionid_length, | |||
8723 | hf->hf.hs_ext_quictp_parameter_pa_connectionid_length, 0, 20)) { | |||
8724 | break; | |||
8725 | } | |||
8726 | offset += 1; | |||
8727 | ||||
8728 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_connectionid, | |||
8729 | tvb, offset, connectionid_length, ENC_NA0x00000000); | |||
8730 | if (connectionid_length >= 1 && connectionid_length <= QUIC_MAX_CID_LENGTH20) { | |||
8731 | cid.len = connectionid_length; | |||
8732 | // RFC 9000 5.1.1 "If the preferred_address transport | |||
8733 | // parameter is sent, the sequence number of the supplied | |||
8734 | // connection ID is 1." | |||
8735 | cid.seq_num = 1; | |||
8736 | // Multipath draft-07 "Also, the Path Identifier for the | |||
8737 | // connection ID specified in the "preferred address" | |||
8738 | // transport parameter is 0." | |||
8739 | cid.path_id = 0; | |||
8740 | tvb_memcpy(tvb, cid.cid, offset, connectionid_length); | |||
8741 | quic_add_connection(pinfo, &cid); | |||
8742 | } | |||
8743 | offset += connectionid_length; | |||
8744 | ||||
8745 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_statelessresettoken, | |||
8746 | tvb, offset, 16, ENC_NA0x00000000); | |||
8747 | if (connectionid_length >= 1 && connectionid_length <= QUIC_MAX_CID_LENGTH20) { | |||
8748 | quic_add_stateless_reset_token(pinfo, tvb, offset, &cid); | |||
8749 | } | |||
8750 | offset += 16; | |||
8751 | } | |||
8752 | break; | |||
8753 | case SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT0x0e: | |||
8754 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_active_connection_id_limit, | |||
8755 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8756 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8757 | offset += len; | |||
8758 | break; | |||
8759 | case SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID0x0f: | |||
8760 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_source_connection_id, | |||
8761 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
8762 | offset += parameter_length; | |||
8763 | break; | |||
8764 | case SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID0x10: | |||
8765 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_retry_source_connection_id, | |||
8766 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
8767 | offset += parameter_length; | |||
8768 | break; | |||
8769 | case SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE0x20: | |||
8770 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_datagram_frame_size, | |||
8771 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8772 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8773 | offset += len; | |||
8774 | break; | |||
8775 | case SSL_HND_QUIC_TP_CIBIR_ENCODING0x1000: | |||
8776 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_cibir_encoding_length, | |||
8777 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8778 | proto_item_append_text(parameter_tree, " Length: %" PRIu64"l" "u", value); | |||
8779 | offset += len; | |||
8780 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_cibir_encoding_offset, | |||
8781 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8782 | proto_item_append_text(parameter_tree, ", Offset: %" PRIu64"l" "u", value); | |||
8783 | offset += len; | |||
8784 | break; | |||
8785 | case SSL_HND_QUIC_TP_LOSS_BITS0x1057: | |||
8786 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_loss_bits, | |||
8787 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8788 | if (len > 0) { | |||
8789 | quic_add_loss_bits(pinfo, value); | |||
8790 | } | |||
8791 | offset += 1; | |||
8792 | break; | |||
8793 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD0xde1a: | |||
8794 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V10xFF03DE1A: | |||
8795 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT050xff04de1a: | |||
8796 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY0xff04de1b: | |||
8797 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_min_ack_delay, | |||
8798 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8799 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | |||
8800 | offset += len; | |||
8801 | break; | |||
8802 | case SSL_HND_QUIC_TP_GOOGLE_USER_AGENT0x3129: | |||
8803 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_user_agent_id, | |||
8804 | tvb, offset, parameter_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
8805 | offset += parameter_length; | |||
8806 | break; | |||
8807 | case SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED0x312B: | |||
8808 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_key_update_not_yet_supported, | |||
8809 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
8810 | offset += parameter_length; | |||
8811 | break; | |||
8812 | case SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION0x4752: | |||
8813 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_version, | |||
8814 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
8815 | offset += 4; | |||
8816 | if (hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS) { /* From server */ | |||
8817 | uint32_t versions_length; | |||
8818 | ||||
8819 | proto_tree_add_item_ret_uint(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_supported_versions_length, | |||
8820 | tvb, offset, 1, ENC_NA0x00000000, &versions_length); | |||
8821 | offset += 1; | |||
8822 | for (i = 0; i < versions_length / 4; i++) { | |||
8823 | quic_proto_tree_add_version(tvb, parameter_tree, | |||
8824 | hf->hf.hs_ext_quictp_parameter_google_supported_version, offset); | |||
8825 | offset += 4; | |||
8826 | } | |||
8827 | } | |||
8828 | break; | |||
8829 | case SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT0x3127: | |||
8830 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_initial_rtt, | |||
8831 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8832 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u" " us", value); | |||
8833 | offset += len; | |||
8834 | break; | |||
8835 | case SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE0x312A: | |||
8836 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_support_handshake_done, | |||
8837 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
8838 | offset += parameter_length; | |||
8839 | break; | |||
8840 | case SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS0x4751: | |||
8841 | /* This field was used for non-standard Google-specific parameters encoded as a | |||
8842 | * Google QUIC_CRYPTO CHLO and it has been replaced (version >= T051) by individual | |||
8843 | * parameters. Report it as a bytes blob... */ | |||
8844 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_params, | |||
8845 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
8846 | /* ... and try decoding it: not sure what the first 4 bytes are (but they seems to be always 0) */ | |||
8847 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_params_unknown_field, | |||
8848 | tvb, offset, 4, ENC_NA0x00000000); | |||
8849 | dissect_gquic_tags(tvb, pinfo, parameter_tree, offset + 4); | |||
8850 | offset += parameter_length; | |||
8851 | break; | |||
8852 | case SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS0x3128: | |||
8853 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_connection_options, | |||
8854 | tvb, offset, parameter_length, ENC_NA0x00000000); | |||
8855 | offset += parameter_length; | |||
8856 | break; | |||
8857 | case SSL_HND_QUIC_TP_ENABLE_TIME_STAMP0x7157: | |||
8858 | /* No Payload */ | |||
8859 | break; | |||
8860 | case SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V20x7158: | |||
8861 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_enable_time_stamp_v2, | |||
8862 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8863 | offset += parameter_length; | |||
8864 | break; | |||
8865 | case SSL_HND_QUIC_TP_VERSION_INFORMATION0x11: | |||
8866 | quic_proto_tree_add_version(tvb, parameter_tree, | |||
8867 | hf->hf.hs_ext_quictp_parameter_chosen_version, offset); | |||
8868 | offset += 4; | |||
8869 | for (i = 4; i < parameter_length; i += 4) { | |||
8870 | quic_proto_tree_add_version(tvb, parameter_tree, | |||
8871 | hf->hf.hs_ext_quictp_parameter_other_version, offset); | |||
8872 | offset += 4; | |||
8873 | } | |||
8874 | break; | |||
8875 | case SSL_HND_QUIC_TP_GREASE_QUIC_BIT0x2ab2: | |||
8876 | /* No Payload */ | |||
8877 | quic_add_grease_quic_bit(pinfo); | |||
8878 | break; | |||
8879 | case SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY0xFF00: | |||
8880 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_facebook_partial_reliability, | |||
8881 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8882 | offset += parameter_length; | |||
8883 | break; | |||
8884 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT040x0f739bbc1b666d04: | |||
8885 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_enable_multipath, | |||
8886 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8887 | if (value == 1) { | |||
8888 | quic_add_multipath(pinfo, QUIC_MP_NO_PATH_ID1); | |||
8889 | } | |||
8890 | offset += parameter_length; | |||
8891 | break; | |||
8892 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT050x0f739bbc1b666d05: | |||
8893 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH0x0f739bbc1b666d06: | |||
8894 | /* No Payload */ | |||
8895 | quic_add_multipath(pinfo, QUIC_MP_NO_PATH_ID1); | |||
8896 | break; | |||
8897 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATHS0x0f739bbc1b666d07: | |||
8898 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_paths, | |||
8899 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8900 | if (value > 1) { | |||
8901 | quic_add_multipath(pinfo, QUIC_MP_PATH_ID2); | |||
8902 | } | |||
8903 | /* multipath draft-07: "The value of the initial_max_paths | |||
8904 | * parameter MUST be at least 2." TODO: Expert Info? */ | |||
8905 | offset += parameter_length; | |||
8906 | break; | |||
8907 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT090x0f739bbc1b666d09: | |||
8908 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID0x0f739bbc1b666d11: | |||
8909 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_path_id, | |||
8910 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | |||
8911 | /* multipath draft-09 and later: "If an endpoint receives an | |||
8912 | * initial_max_path_id transport parameter with value 0, the | |||
8913 | * peer aims to enable the multipath extension without allowing | |||
8914 | * extra paths immediately." | |||
8915 | */ | |||
8916 | quic_add_multipath(pinfo, QUIC_MP_PATH_ID2); | |||
8917 | offset += parameter_length; | |||
8918 | break; | |||
8919 | default: | |||
8920 | offset += parameter_length; | |||
8921 | /*TODO display expert info about unknown ? */ | |||
8922 | break; | |||
8923 | } | |||
8924 | ||||
8925 | if (!ssl_end_vector(hf, tvb, pinfo, parameter_tree, offset, parameter_end_offset)) { | |||
8926 | /* Dissection did not end at expected location, fix it. */ | |||
8927 | offset = parameter_end_offset; | |||
8928 | } | |||
8929 | } | |||
8930 | ||||
8931 | return offset; | |||
8932 | } | |||
8933 | ||||
8934 | static int | |||
8935 | ssl_dissect_hnd_hello_common(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
8936 | proto_tree *tree, uint32_t offset, | |||
8937 | SslSession *session, SslDecryptSession *ssl, | |||
8938 | bool_Bool from_server, bool_Bool is_hrr) | |||
8939 | { | |||
8940 | uint8_t sessid_length; | |||
8941 | proto_item *ti; | |||
8942 | proto_tree *rnd_tree; | |||
8943 | proto_tree *ti_rnd; | |||
8944 | proto_tree *ech_confirm_tree; | |||
8945 | uint8_t draft_version = session->tls13_draft_version; | |||
8946 | ||||
8947 | if (ssl) { | |||
8948 | StringInfo *rnd; | |||
8949 | if (from_server) | |||
8950 | rnd = &ssl->server_random; | |||
8951 | else | |||
8952 | rnd = &ssl->client_random; | |||
8953 | ||||
8954 | /* save provided random for later keyring generation */ | |||
8955 | tvb_memcpy(tvb, rnd->data, offset, 32); | |||
8956 | rnd->data_len = 32; | |||
8957 | if (from_server) | |||
8958 | ssl->state |= SSL_SERVER_RANDOM(1<<1); | |||
8959 | else | |||
8960 | ssl->state |= SSL_CLIENT_RANDOM(1<<0); | |||
8961 | ssl_debug_printf("%s found %s RANDOM -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), | |||
8962 | from_server ? "SERVER" : "CLIENT", ssl->state); | |||
8963 | } | |||
8964 | ||||
8965 | if (!from_server && session->client_random.data_len == 0) { | |||
8966 | session->client_random.data_len = 32; | |||
8967 | tvb_memcpy(tvb, session->client_random.data, offset, 32); | |||
8968 | } | |||
8969 | ||||
8970 | ti_rnd = proto_tree_add_item(tree, hf->hf.hs_random, tvb, offset, 32, ENC_NA0x00000000); | |||
8971 | ||||
8972 | if ((session->version != TLSV1DOT3_VERSION0x304) && (session->version != DTLSV1DOT3_VERSION0xfefc)) { /* No time on first bytes random with TLS 1.3 */ | |||
8973 | ||||
8974 | rnd_tree = proto_item_add_subtree(ti_rnd, hf->ett.hs_random); | |||
8975 | /* show the time */ | |||
8976 | proto_tree_add_item(rnd_tree, hf->hf.hs_random_time, | |||
8977 | tvb, offset, 4, ENC_TIME_SECS0x00000012|ENC_BIG_ENDIAN0x00000000); | |||
8978 | offset += 4; | |||
8979 | ||||
8980 | /* show the random bytes */ | |||
8981 | proto_tree_add_item(rnd_tree, hf->hf.hs_random_bytes, | |||
8982 | tvb, offset, 28, ENC_NA0x00000000); | |||
8983 | offset += 28; | |||
8984 | } else { | |||
8985 | if (is_hrr) { | |||
8986 | proto_item_append_text(ti_rnd, " (HelloRetryRequest magic)"); | |||
8987 | } else if (from_server && session->ech) { | |||
8988 | ech_confirm_tree = proto_item_add_subtree(ti_rnd, hf->ett.hs_random); | |||
8989 | proto_tree_add_item(ech_confirm_tree, hf->hf.hs_ech_confirm, tvb, offset + 24, 8, ENC_NA0x00000000); | |||
8990 | ti = proto_tree_add_bytes_with_length(ech_confirm_tree, hf->hf.hs_ech_confirm_compute, tvb, offset + 24, 0, | |||
8991 | session->ech_confirmation, 8); | |||
8992 | proto_item_set_generated(ti); | |||
8993 | if (memcmp(session->ech_confirmation, tvb_get_ptr(tvb, offset+24, 8), 8)) { | |||
8994 | expert_add_info(pinfo, ti, &hf->ei.ech_rejected); | |||
8995 | } else { | |||
8996 | expert_add_info(pinfo, ti, &hf->ei.ech_accepted); | |||
8997 | } | |||
8998 | } | |||
8999 | ||||
9000 | offset += 32; | |||
9001 | } | |||
9002 | ||||
9003 | /* No Session ID with TLS 1.3 on Server Hello before draft -22 */ | |||
9004 | if (from_server == 0 || !(session->version == TLSV1DOT3_VERSION0x304 && draft_version > 0 && draft_version < 22)) { | |||
9005 | /* show the session id (length followed by actual Session ID) */ | |||
9006 | sessid_length = tvb_get_uint8(tvb, offset); | |||
9007 | proto_tree_add_item(tree, hf->hf.hs_session_id_len, | |||
9008 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
9009 | offset++; | |||
9010 | ||||
9011 | if (ssl) { | |||
9012 | /* save the authoritative SID for later use in ChangeCipherSpec. | |||
9013 | * (D)TLS restricts the SID to 32 chars, it does not make sense to | |||
9014 | * save more, so ignore larger ones. */ | |||
9015 | if (from_server && sessid_length <= 32) { | |||
9016 | tvb_memcpy(tvb, ssl->session_id.data, offset, sessid_length); | |||
9017 | ssl->session_id.data_len = sessid_length; | |||
9018 | } | |||
9019 | } | |||
9020 | if (sessid_length > 0) { | |||
9021 | proto_tree_add_item(tree, hf->hf.hs_session_id, | |||
9022 | tvb, offset, sessid_length, ENC_NA0x00000000); | |||
9023 | offset += sessid_length; | |||
9024 | } | |||
9025 | } | |||
9026 | ||||
9027 | return offset; | |||
9028 | } | |||
9029 | ||||
9030 | static int | |||
9031 | ssl_dissect_hnd_hello_ext_status_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9032 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
9033 | bool_Bool has_length) | |||
9034 | { | |||
9035 | /* TLS 1.2/1.3 status_request Client Hello Extension. | |||
9036 | * TLS 1.2 status_request_v2 CertificateStatusRequestItemV2 type. | |||
9037 | * https://tools.ietf.org/html/rfc6066#section-8 (status_request) | |||
9038 | * https://tools.ietf.org/html/rfc6961#section-2.2 (status_request_v2) | |||
9039 | * struct { | |||
9040 | * CertificateStatusType status_type; | |||
9041 | * uint16 request_length; // for status_request_v2 | |||
9042 | * select (status_type) { | |||
9043 | * case ocsp: OCSPStatusRequest; | |||
9044 | * case ocsp_multi: OCSPStatusRequest; | |||
9045 | * } request; | |||
9046 | * } CertificateStatusRequest; // CertificateStatusRequestItemV2 | |||
9047 | * | |||
9048 | * enum { ocsp(1), ocsp_multi(2), (255) } CertificateStatusType; | |||
9049 | * struct { | |||
9050 | * ResponderID responder_id_list<0..2^16-1>; | |||
9051 | * Extensions request_extensions; | |||
9052 | * } OCSPStatusRequest; | |||
9053 | * opaque ResponderID<1..2^16-1>; | |||
9054 | * opaque Extensions<0..2^16-1>; | |||
9055 | */ | |||
9056 | unsigned cert_status_type; | |||
9057 | ||||
9058 | cert_status_type = tvb_get_uint8(tvb, offset); | |||
9059 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_status_type, | |||
9060 | tvb, offset, 1, ENC_NA0x00000000); | |||
9061 | offset++; | |||
9062 | ||||
9063 | if (has_length) { | |||
9064 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_status_request_len, | |||
9065 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
9066 | offset += 2; | |||
9067 | } | |||
9068 | ||||
9069 | switch (cert_status_type) { | |||
9070 | case SSL_HND_CERT_STATUS_TYPE_OCSP1: | |||
9071 | case SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2: | |||
9072 | { | |||
9073 | uint32_t responder_id_list_len; | |||
9074 | uint32_t request_extensions_len; | |||
9075 | ||||
9076 | /* ResponderID responder_id_list<0..2^16-1> */ | |||
9077 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &responder_id_list_len, | |||
9078 | hf->hf.hs_ext_cert_status_responder_id_list_len, 0, UINT16_MAX(65535))) { | |||
9079 | return offset_end; | |||
9080 | } | |||
9081 | offset += 2; | |||
9082 | if (responder_id_list_len != 0) { | |||
9083 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.hs_ext_cert_status_undecoded, | |||
9084 | tvb, offset, responder_id_list_len, | |||
9085 | "Responder ID list is not implemented, contact Wireshark" | |||
9086 | " developers if you want this to be supported"); | |||
9087 | } | |||
9088 | offset += responder_id_list_len; | |||
9089 | ||||
9090 | /* opaque Extensions<0..2^16-1> */ | |||
9091 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &request_extensions_len, | |||
9092 | hf->hf.hs_ext_cert_status_request_extensions_len, 0, UINT16_MAX(65535))) { | |||
9093 | return offset_end; | |||
9094 | } | |||
9095 | offset += 2; | |||
9096 | if (request_extensions_len != 0) { | |||
9097 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.hs_ext_cert_status_undecoded, | |||
9098 | tvb, offset, request_extensions_len, | |||
9099 | "Request Extensions are not implemented, contact" | |||
9100 | " Wireshark developers if you want this to be supported"); | |||
9101 | } | |||
9102 | offset += request_extensions_len; | |||
9103 | break; | |||
9104 | } | |||
9105 | } | |||
9106 | ||||
9107 | return offset; | |||
9108 | } | |||
9109 | ||||
9110 | static unsigned | |||
9111 | ssl_dissect_hnd_hello_ext_status_request_v2(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9112 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
9113 | { | |||
9114 | /* https://tools.ietf.org/html/rfc6961#section-2.2 | |||
9115 | * struct { | |||
9116 | * CertificateStatusRequestItemV2 certificate_status_req_list<1..2^16-1>; | |||
9117 | * } CertificateStatusRequestListV2; | |||
9118 | */ | |||
9119 | uint32_t req_list_length, next_offset; | |||
9120 | ||||
9121 | /* CertificateStatusRequestItemV2 certificate_status_req_list<1..2^16-1> */ | |||
9122 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &req_list_length, | |||
9123 | hf->hf.hs_ext_cert_status_request_list_len, 1, UINT16_MAX(65535))) { | |||
9124 | return offset_end; | |||
9125 | } | |||
9126 | offset += 2; | |||
9127 | next_offset = offset + req_list_length; | |||
9128 | ||||
9129 | while (offset < next_offset) { | |||
9130 | offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, pinfo, tree, offset, next_offset, true1); | |||
9131 | } | |||
9132 | ||||
9133 | return offset; | |||
9134 | } | |||
9135 | ||||
9136 | static uint32_t | |||
9137 | tls_dissect_ocsp_response(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
9138 | uint32_t offset, uint32_t offset_end) | |||
9139 | { | |||
9140 | uint32_t response_length; | |||
9141 | proto_item *ocsp_resp; | |||
9142 | proto_tree *ocsp_resp_tree; | |||
9143 | asn1_ctx_t asn1_ctx; | |||
9144 | ||||
9145 | /* opaque OCSPResponse<1..2^24-1>; */ | |||
9146 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &response_length, | |||
9147 | hf->hf.hs_ocsp_response_len, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
9148 | return offset_end; | |||
9149 | } | |||
9150 | offset += 3; | |||
9151 | ||||
9152 | ocsp_resp = proto_tree_add_item(tree, proto_ocsp, tvb, offset, | |||
9153 | response_length, ENC_BIG_ENDIAN0x00000000); | |||
9154 | proto_item_set_text(ocsp_resp, "OCSP Response"); | |||
9155 | ocsp_resp_tree = proto_item_add_subtree(ocsp_resp, hf->ett.ocsp_response); | |||
9156 | if (proto_is_protocol_enabled(find_protocol_by_id(proto_ocsp))) { | |||
9157 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
9158 | dissect_ocsp_OCSPResponse(false0, tvb, offset, &asn1_ctx, ocsp_resp_tree, -1); | |||
9159 | } | |||
9160 | offset += response_length; | |||
9161 | ||||
9162 | return offset; | |||
9163 | } | |||
9164 | ||||
9165 | uint32_t | |||
9166 | tls_dissect_hnd_certificate_status(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9167 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
9168 | { | |||
9169 | /* TLS 1.2 "CertificateStatus" handshake message. | |||
9170 | * TLS 1.3 "status_request" Certificate extension. | |||
9171 | * struct { | |||
9172 | * CertificateStatusType status_type; | |||
9173 | * select (status_type) { | |||
9174 | * case ocsp: OCSPResponse; | |||
9175 | * case ocsp_multi: OCSPResponseList; // status_request_v2 | |||
9176 | * } response; | |||
9177 | * } CertificateStatus; | |||
9178 | * opaque OCSPResponse<1..2^24-1>; | |||
9179 | * struct { | |||
9180 | * OCSPResponse ocsp_response_list<1..2^24-1>; | |||
9181 | * } OCSPResponseList; // status_request_v2 | |||
9182 | */ | |||
9183 | uint32_t status_type, resp_list_length, next_offset; | |||
9184 | ||||
9185 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_cert_status_type, | |||
9186 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &status_type); | |||
9187 | offset += 1; | |||
9188 | ||||
9189 | switch (status_type) { | |||
9190 | case SSL_HND_CERT_STATUS_TYPE_OCSP1: | |||
9191 | offset = tls_dissect_ocsp_response(hf, tvb, pinfo, tree, offset, offset_end); | |||
9192 | break; | |||
9193 | ||||
9194 | case SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2: | |||
9195 | /* OCSPResponse ocsp_response_list<1..2^24-1> */ | |||
9196 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &resp_list_length, | |||
9197 | hf->hf.hs_ocsp_response_list_len, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
9198 | return offset_end; | |||
9199 | } | |||
9200 | offset += 3; | |||
9201 | next_offset = offset + resp_list_length; | |||
9202 | ||||
9203 | while (offset < next_offset) { | |||
9204 | offset = tls_dissect_ocsp_response(hf, tvb, pinfo, tree, offset, next_offset); | |||
9205 | } | |||
9206 | break; | |||
9207 | } | |||
9208 | ||||
9209 | return offset; | |||
9210 | } | |||
9211 | ||||
9212 | static unsigned | |||
9213 | ssl_dissect_hnd_hello_ext_supported_groups(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9214 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
9215 | wmem_strbuf_t *ja3) | |||
9216 | { | |||
9217 | /* RFC 8446 Section 4.2.7 | |||
9218 | * enum { ..., (0xFFFF) } NamedGroup; | |||
9219 | * struct { | |||
9220 | * NamedGroup named_group_list<2..2^16-1> | |||
9221 | * } NamedGroupList; | |||
9222 | * | |||
9223 | * NOTE: "NamedCurve" (RFC 4492) is renamed to "NamedGroup" (RFC 7919) and | |||
9224 | * the extension itself from "elliptic_curves" to "supported_groups". | |||
9225 | */ | |||
9226 | uint32_t groups_length, next_offset; | |||
9227 | proto_tree *groups_tree; | |||
9228 | proto_item *ti; | |||
9229 | char *ja3_dash = ""; | |||
9230 | ||||
9231 | /* NamedGroup named_group_list<2..2^16-1> */ | |||
9232 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &groups_length, | |||
9233 | hf->hf.hs_ext_supported_groups_len, 2, UINT16_MAX(65535))) { | |||
9234 | return offset_end; | |||
9235 | } | |||
9236 | offset += 2; | |||
9237 | next_offset = offset + groups_length; | |||
9238 | ||||
9239 | ti = proto_tree_add_none_format(tree, | |||
9240 | hf->hf.hs_ext_supported_groups, | |||
9241 | tvb, offset, groups_length, | |||
9242 | "Supported Groups (%d group%s)", | |||
9243 | groups_length / 2, | |||
9244 | plurality(groups_length/2, "", "s")((groups_length/2) == 1 ? ("") : ("s"))); | |||
9245 | ||||
9246 | /* make this a subtree */ | |||
9247 | groups_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_groups); | |||
9248 | ||||
9249 | if (ja3) { | |||
9250 | wmem_strbuf_append_c(ja3, ','); | |||
9251 | } | |||
9252 | /* loop over all groups */ | |||
9253 | while (offset + 2 <= offset_end) { | |||
9254 | uint32_t ext_supported_group; | |||
9255 | ||||
9256 | proto_tree_add_item_ret_uint(groups_tree, hf->hf.hs_ext_supported_group, tvb, offset, 2, | |||
9257 | ENC_BIG_ENDIAN0x00000000, &ext_supported_group); | |||
9258 | offset += 2; | |||
9259 | if (ja3 && !IS_GREASE_TLS(ext_supported_group)((((ext_supported_group) & 0x0f0f) == 0x0a0a) && ( ((ext_supported_group) & 0xff) == (((ext_supported_group) >>8) & 0xff)))) { | |||
9260 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, ext_supported_group); | |||
9261 | ja3_dash = "-"; | |||
9262 | } | |||
9263 | } | |||
9264 | if (!ssl_end_vector(hf, tvb, pinfo, groups_tree, offset, next_offset)) { | |||
9265 | offset = next_offset; | |||
9266 | } | |||
9267 | ||||
9268 | return offset; | |||
9269 | } | |||
9270 | ||||
9271 | static int | |||
9272 | ssl_dissect_hnd_hello_ext_ec_point_formats(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
9273 | proto_tree *tree, uint32_t offset, wmem_strbuf_t *ja3) | |||
9274 | { | |||
9275 | uint8_t ecpf_length; | |||
9276 | proto_tree *ecpf_tree; | |||
9277 | proto_item *ti; | |||
9278 | ||||
9279 | ecpf_length = tvb_get_uint8(tvb, offset); | |||
9280 | proto_tree_add_item(tree, hf->hf.hs_ext_ec_point_formats_len, | |||
9281 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
9282 | ||||
9283 | offset += 1; | |||
9284 | ti = proto_tree_add_none_format(tree, | |||
9285 | hf->hf.hs_ext_ec_point_formats, | |||
9286 | tvb, offset, ecpf_length, | |||
9287 | "Elliptic curves point formats (%d)", | |||
9288 | ecpf_length); | |||
9289 | ||||
9290 | /* make this a subtree */ | |||
9291 | ecpf_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_curves_point_formats); | |||
9292 | ||||
9293 | if (ja3) { | |||
9294 | wmem_strbuf_append_c(ja3, ','); | |||
9295 | } | |||
9296 | ||||
9297 | /* loop over all point formats */ | |||
9298 | while (ecpf_length > 0) | |||
9299 | { | |||
9300 | uint32_t ext_ec_point_format; | |||
9301 | ||||
9302 | proto_tree_add_item_ret_uint(ecpf_tree, hf->hf.hs_ext_ec_point_format, tvb, offset, 1, | |||
9303 | ENC_BIG_ENDIAN0x00000000, &ext_ec_point_format); | |||
9304 | offset++; | |||
9305 | ecpf_length--; | |||
9306 | if (ja3) { | |||
9307 | wmem_strbuf_append_printf(ja3, "%i", ext_ec_point_format); | |||
9308 | if (ecpf_length > 0) { | |||
9309 | wmem_strbuf_append_c(ja3, '-'); | |||
9310 | } | |||
9311 | } | |||
9312 | } | |||
9313 | ||||
9314 | return offset; | |||
9315 | } | |||
9316 | ||||
9317 | static int | |||
9318 | ssl_dissect_hnd_hello_ext_srp(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
9319 | packet_info *pinfo, proto_tree *tree, | |||
9320 | uint32_t offset, uint32_t next_offset) | |||
9321 | { | |||
9322 | /* https://tools.ietf.org/html/rfc5054#section-2.8.1 | |||
9323 | * opaque srp_I<1..2^8-1>; | |||
9324 | */ | |||
9325 | uint32_t username_len; | |||
9326 | ||||
9327 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, next_offset, &username_len, | |||
9328 | hf->hf.hs_ext_srp_len, 1, UINT8_MAX(255))) { | |||
9329 | return next_offset; | |||
9330 | } | |||
9331 | offset++; | |||
9332 | ||||
9333 | proto_tree_add_item(tree, hf->hf.hs_ext_srp_username, | |||
9334 | tvb, offset, username_len, ENC_UTF_80x00000002|ENC_NA0x00000000); | |||
9335 | offset += username_len; | |||
9336 | ||||
9337 | return offset; | |||
9338 | } | |||
9339 | ||||
9340 | static uint32_t | |||
9341 | tls_dissect_sct(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
9342 | uint32_t offset, uint32_t offset_end, uint16_t version) | |||
9343 | { | |||
9344 | /* https://tools.ietf.org/html/rfc6962#section-3.2 | |||
9345 | * enum { v1(0), (255) } Version; | |||
9346 | * struct { | |||
9347 | * opaque key_id[32]; | |||
9348 | * } LogID; | |||
9349 | * opaque CtExtensions<0..2^16-1>; | |||
9350 | * struct { | |||
9351 | * Version sct_version; | |||
9352 | * LogID id; | |||
9353 | * uint64 timestamp; | |||
9354 | * CtExtensions extensions; | |||
9355 | * digitally-signed struct { ... }; | |||
9356 | * } SignedCertificateTimestamp; | |||
9357 | */ | |||
9358 | uint32_t sct_version; | |||
9359 | uint64_t sct_timestamp_ms; | |||
9360 | nstime_t sct_timestamp; | |||
9361 | uint32_t exts_len; | |||
9362 | const char *log_name; | |||
9363 | ||||
9364 | proto_tree_add_item_ret_uint(tree, hf->hf.sct_sct_version, tvb, offset, 1, ENC_NA0x00000000, &sct_version); | |||
9365 | offset++; | |||
9366 | if (sct_version != 0) { | |||
9367 | // TODO expert info about unknown SCT version? | |||
9368 | return offset; | |||
9369 | } | |||
9370 | proto_tree_add_item(tree, hf->hf.sct_sct_logid, tvb, offset, 32, ENC_BIG_ENDIAN0x00000000); | |||
9371 | log_name = bytesval_to_str(tvb_get_ptr(tvb, offset, 32), 32, ct_logids, "Unknown Log"); | |||
9372 | proto_item_append_text(tree, " (%s)", log_name); | |||
9373 | offset += 32; | |||
9374 | sct_timestamp_ms = tvb_get_ntoh64(tvb, offset); | |||
9375 | sct_timestamp.secs = (time_t)(sct_timestamp_ms / 1000); | |||
9376 | sct_timestamp.nsecs = (int)((sct_timestamp_ms % 1000) * 1000000); | |||
9377 | proto_tree_add_time(tree, hf->hf.sct_sct_timestamp, tvb, offset, 8, &sct_timestamp); | |||
9378 | offset += 8; | |||
9379 | /* opaque CtExtensions<0..2^16-1> */ | |||
9380 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &exts_len, | |||
9381 | hf->hf.sct_sct_extensions_length, 0, UINT16_MAX(65535))) { | |||
9382 | return offset_end; | |||
9383 | } | |||
9384 | offset += 2; | |||
9385 | if (exts_len > 0) { | |||
9386 | proto_tree_add_item(tree, hf->hf.sct_sct_extensions, tvb, offset, exts_len, ENC_BIG_ENDIAN0x00000000); | |||
9387 | offset += exts_len; | |||
9388 | } | |||
9389 | offset = ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, | |||
9390 | hf->hf.sct_sct_signature_length, | |||
9391 | hf->hf.sct_sct_signature); | |||
9392 | return offset; | |||
9393 | } | |||
9394 | ||||
9395 | uint32_t | |||
9396 | tls_dissect_sct_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
9397 | uint32_t offset, uint32_t offset_end, uint16_t version) | |||
9398 | { | |||
9399 | /* https://tools.ietf.org/html/rfc6962#section-3.3 | |||
9400 | * opaque SerializedSCT<1..2^16-1>; | |||
9401 | * struct { | |||
9402 | * SerializedSCT sct_list <1..2^16-1>; | |||
9403 | * } SignedCertificateTimestampList; | |||
9404 | */ | |||
9405 | uint32_t list_length, sct_length, next_offset; | |||
9406 | proto_tree *subtree; | |||
9407 | ||||
9408 | /* SerializedSCT sct_list <1..2^16-1> */ | |||
9409 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &list_length, | |||
9410 | hf->hf.sct_scts_length, 1, UINT16_MAX(65535))) { | |||
9411 | return offset_end; | |||
9412 | } | |||
9413 | offset += 2; | |||
9414 | ||||
9415 | while (offset < offset_end) { | |||
9416 | subtree = proto_tree_add_subtree(tree, tvb, offset, 2, hf->ett.sct, NULL((void*)0), "Signed Certificate Timestamp"); | |||
9417 | ||||
9418 | /* opaque SerializedSCT<1..2^16-1> */ | |||
9419 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &sct_length, | |||
9420 | hf->hf.sct_sct_length, 1, UINT16_MAX(65535))) { | |||
9421 | return offset_end; | |||
9422 | } | |||
9423 | offset += 2; | |||
9424 | next_offset = offset + sct_length; | |||
9425 | proto_item_set_len(subtree, 2 + sct_length); | |||
9426 | offset = tls_dissect_sct(hf, tvb, pinfo, subtree, offset, next_offset, version); | |||
9427 | if (!ssl_end_vector(hf, tvb, pinfo, subtree, offset, next_offset)) { | |||
9428 | offset = next_offset; | |||
9429 | } | |||
9430 | } | |||
9431 | ||||
9432 | return offset; | |||
9433 | } | |||
9434 | ||||
9435 | static int | |||
9436 | dissect_ech_hpke_cipher_suite(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), | |||
9437 | proto_tree *tree, uint32_t offset) | |||
9438 | { | |||
9439 | uint32_t kdf_id, aead_id; | |||
9440 | proto_item *cs_ti; | |||
9441 | proto_tree *cs_tree; | |||
9442 | ||||
9443 | cs_ti = proto_tree_add_item(tree, hf->hf.ech_hpke_keyconfig_cipher_suite, | |||
9444 | tvb, offset, 4, ENC_NA0x00000000); | |||
9445 | cs_tree = proto_item_add_subtree(cs_ti, hf->ett.ech_hpke_cipher_suite); | |||
9446 | ||||
9447 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.ech_hpke_keyconfig_cipher_suite_kdf_id, | |||
9448 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &kdf_id); | |||
9449 | offset += 2; | |||
9450 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.ech_hpke_keyconfig_cipher_suite_aead_id, | |||
9451 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &aead_id); | |||
9452 | offset += 2; | |||
9453 | ||||
9454 | proto_item_append_text(cs_ti, ": %s/%s", | |||
9455 | val_to_str_const(kdf_id, kdf_id_type_vals, "Unknown"), | |||
9456 | val_to_str_const(aead_id, aead_id_type_vals, "Unknown")); | |||
9457 | return offset; | |||
9458 | } | |||
9459 | ||||
9460 | static int | |||
9461 | dissect_ech_hpke_key_config(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9462 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
9463 | uint32_t *config_id) | |||
9464 | { | |||
9465 | uint32_t length, cipher_suite_length; | |||
9466 | proto_item *kc_ti, *css_ti; | |||
9467 | proto_tree *kc_tree, *css_tree; | |||
9468 | uint32_t original_offset = offset, next_offset; | |||
9469 | ||||
9470 | kc_ti = proto_tree_add_item(tree, hf->hf.ech_hpke_keyconfig, | |||
9471 | tvb, offset, -1, ENC_NA0x00000000); | |||
9472 | kc_tree = proto_item_add_subtree(kc_ti, hf->ett.ech_hpke_keyconfig); | |||
9473 | ||||
9474 | proto_tree_add_item_ret_uint(kc_tree, hf->hf.ech_hpke_keyconfig_config_id, | |||
9475 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, config_id); | |||
9476 | offset += 1; | |||
9477 | proto_tree_add_item(kc_tree, hf->hf.ech_hpke_keyconfig_kem_id, | |||
9478 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
9479 | offset += 2; | |||
9480 | proto_tree_add_item_ret_uint(kc_tree, hf->hf.ech_hpke_keyconfig_public_key_length, | |||
9481 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | |||
9482 | offset += 2; | |||
9483 | proto_tree_add_item(kc_tree, hf->hf.ech_hpke_keyconfig_public_key, | |||
9484 | tvb, offset, length, ENC_NA0x00000000); | |||
9485 | offset += length; | |||
9486 | ||||
9487 | /* HpkeSymmetricCipherSuite cipher_suites<4..2^16-4> */ | |||
9488 | if (!ssl_add_vector(hf, tvb, pinfo, kc_tree, offset, offset_end, &cipher_suite_length, | |||
9489 | hf->hf.ech_hpke_keyconfig_cipher_suites_length, 4, UINT16_MAX(65535) - 3)) { | |||
9490 | return offset_end; | |||
9491 | } | |||
9492 | offset += 2; | |||
9493 | next_offset = offset + cipher_suite_length; | |||
9494 | ||||
9495 | css_ti = proto_tree_add_none_format(kc_tree, | |||
9496 | hf->hf.ech_hpke_keyconfig_cipher_suites, | |||
9497 | tvb, offset, cipher_suite_length, | |||
9498 | "Cipher Suites (%d suite%s)", | |||
9499 | cipher_suite_length / 4, | |||
9500 | plurality(cipher_suite_length / 4, "", "s")((cipher_suite_length / 4) == 1 ? ("") : ("s"))); | |||
9501 | css_tree = proto_item_add_subtree(css_ti, hf->ett.ech_hpke_cipher_suites); | |||
9502 | ||||
9503 | ||||
9504 | while (offset + 4 <= next_offset) { | |||
9505 | offset = dissect_ech_hpke_cipher_suite(hf, tvb, pinfo, css_tree, offset); | |||
9506 | } | |||
9507 | ||||
9508 | if (!ssl_end_vector(hf, tvb, pinfo, css_tree, offset, next_offset)) { | |||
9509 | offset = next_offset; | |||
9510 | } | |||
9511 | ||||
9512 | proto_item_set_len(kc_ti, offset - original_offset); | |||
9513 | ||||
9514 | return offset; | |||
9515 | } | |||
9516 | ||||
9517 | static int | |||
9518 | dissect_ech_echconfig_contents(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9519 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
9520 | const uint8_t **public_name, uint32_t *config_id) | |||
9521 | { | |||
9522 | uint32_t public_name_length, extensions_length, next_offset; | |||
9523 | ||||
9524 | offset = dissect_ech_hpke_key_config(hf, tvb, pinfo, tree, offset, offset_end, config_id); | |||
9525 | proto_tree_add_item(tree, hf->hf.ech_echconfigcontents_maximum_name_length, | |||
9526 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
9527 | offset += 1; | |||
9528 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_echconfigcontents_public_name_length, | |||
9529 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &public_name_length); | |||
9530 | offset += 1; | |||
9531 | proto_tree_add_item_ret_string(tree, hf->hf.ech_echconfigcontents_public_name, | |||
9532 | tvb, offset, public_name_length, ENC_ASCII0x00000000, pinfo->pool, public_name); | |||
9533 | offset += public_name_length; | |||
9534 | ||||
9535 | /* Extension extensions<0..2^16-1>; */ | |||
9536 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &extensions_length, | |||
9537 | hf->hf.ech_echconfigcontents_extensions_length, 0, UINT16_MAX(65535))) { | |||
9538 | return offset_end; | |||
9539 | } | |||
9540 | offset += 2; | |||
9541 | next_offset = offset + extensions_length; | |||
9542 | ||||
9543 | if (extensions_length > 0) { | |||
9544 | proto_tree_add_item(tree, hf->hf.ech_echconfigcontents_extensions, | |||
9545 | tvb, offset, extensions_length, ENC_NA0x00000000); | |||
9546 | } | |||
9547 | offset += extensions_length; | |||
9548 | ||||
9549 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { | |||
9550 | offset = next_offset; | |||
9551 | } | |||
9552 | ||||
9553 | return offset; | |||
9554 | } | |||
9555 | ||||
9556 | static int | |||
9557 | dissect_ech_echconfig(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9558 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
9559 | { | |||
9560 | uint32_t version, length; | |||
9561 | proto_item *ech_ti; | |||
9562 | proto_tree *ech_tree; | |||
9563 | const uint8_t *public_name = NULL((void*)0); | |||
9564 | uint32_t config_id = 0; | |||
9565 | ||||
9566 | ech_ti = proto_tree_add_item(tree, hf->hf.ech_echconfig, tvb, offset, -1, ENC_NA0x00000000); | |||
9567 | ech_tree = proto_item_add_subtree(ech_ti, hf->ett.ech_echconfig); | |||
9568 | ||||
9569 | proto_tree_add_item_ret_uint(ech_tree, hf->hf.ech_echconfig_version, | |||
9570 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &version); | |||
9571 | offset += 2; | |||
9572 | proto_tree_add_item_ret_uint(ech_tree, hf->hf.ech_echconfig_length, | |||
9573 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | |||
9574 | offset += 2; | |||
9575 | ||||
9576 | proto_item_set_len(ech_ti, 4 + length); | |||
9577 | ||||
9578 | switch(version) { | |||
9579 | case 0xfe0d: | |||
9580 | dissect_ech_echconfig_contents(hf, tvb, pinfo, ech_tree, offset, offset_end, &public_name, &config_id); | |||
9581 | proto_item_append_text(ech_ti, ": id=%d %s", config_id, public_name); | |||
9582 | break; | |||
9583 | ||||
9584 | default: | |||
9585 | expert_add_info_format(pinfo, ech_ti, &hf->ei.ech_echconfig_invalid_version, "Unsupported/unknown ECHConfig version 0x%x", version); | |||
9586 | } | |||
9587 | ||||
9588 | return 4 + length; | |||
9589 | } | |||
9590 | ||||
9591 | uint32_t | |||
9592 | ssl_dissect_ext_ech_echconfiglist(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9593 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
9594 | { | |||
9595 | uint32_t echconfiglist_length, next_offset; | |||
9596 | ||||
9597 | /* ECHConfig ECHConfigList<1..2^16-1>; */ | |||
9598 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &echconfiglist_length, | |||
9599 | hf->hf.ech_echconfiglist_length, 1, UINT16_MAX(65535))) { | |||
9600 | return offset_end; | |||
9601 | } | |||
9602 | offset += 2; | |||
9603 | next_offset = offset + echconfiglist_length; | |||
9604 | ||||
9605 | while (offset < next_offset) { | |||
9606 | offset += dissect_ech_echconfig(hf, tvb, pinfo, tree, offset, offset_end); | |||
9607 | } | |||
9608 | ||||
9609 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { | |||
9610 | offset = next_offset; | |||
9611 | } | |||
9612 | ||||
9613 | return offset; | |||
9614 | } | |||
9615 | ||||
9616 | static uint32_t | |||
9617 | ssl_dissect_hnd_ech_outer_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
9618 | uint32_t offset, uint32_t offset_end) | |||
9619 | { | |||
9620 | uint32_t ext_length, next_offset; | |||
9621 | proto_tree *ext_tree; | |||
9622 | proto_item *ti; | |||
9623 | ||||
9624 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &ext_length, | |||
9625 | hf->hf.hs_ext_ech_outer_ext_len, 2, G_MAXUINT8((guint8) 0xff))) { | |||
9626 | return offset_end; | |||
9627 | } | |||
9628 | offset += 1; | |||
9629 | next_offset = offset + ext_length; | |||
9630 | ||||
9631 | ti = proto_tree_add_none_format(tree, | |||
9632 | hf->hf.hs_ext_ech_outer_ext, | |||
9633 | tvb, offset, ext_length, | |||
9634 | "Outer Extensions (%d extension%s)", | |||
9635 | ext_length / 2, | |||
9636 | plurality(ext_length/2, "", "s")((ext_length/2) == 1 ? ("") : ("s"))); | |||
9637 | ||||
9638 | ext_tree = proto_item_add_subtree(ti, hf->ett.hs_ext); | |||
9639 | ||||
9640 | while (offset + 2 <= offset_end) { | |||
9641 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_type, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
9642 | offset += 2; | |||
9643 | } | |||
9644 | ||||
9645 | if (!ssl_end_vector(hf, tvb, pinfo, ext_tree, offset, next_offset)) { | |||
9646 | offset = next_offset; | |||
9647 | } | |||
9648 | ||||
9649 | return offset; | |||
9650 | } | |||
9651 | ||||
9652 | static uint32_t | |||
9653 | // NOLINTNEXTLINE(misc-no-recursion) | |||
9654 | ssl_dissect_hnd_hello_ext_ech(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9655 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
9656 | uint8_t hnd_type, SslSession *session, SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, | |||
9657 | uint32_t initial_offset, uint32_t hello_length) | |||
9658 | { | |||
9659 | uint32_t ch_type, length; | |||
9660 | proto_item *ti, *payload_ti; | |||
9661 | proto_tree *retry_tree, *payload_tree; | |||
9662 | ||||
9663 | switch (hnd_type) { | |||
9664 | case SSL_HND_CLIENT_HELLO: | |||
9665 | /* | |||
9666 | * enum { outer(0), inner(1) } ECHClientHelloType; | |||
9667 | * | |||
9668 | * struct { | |||
9669 | * ECHClientHelloType type; | |||
9670 | * select (ECHClientHello.type) { | |||
9671 | * case outer: | |||
9672 | * HpkeSymmetricCipherSuite cipher_suite; | |||
9673 | * uint8 config_id; | |||
9674 | * opaque enc<0..2^16-1>; | |||
9675 | * opaque payload<1..2^16-1>; | |||
9676 | * case inner: | |||
9677 | * Empty; | |||
9678 | * }; | |||
9679 | * } ECHClientHello; | |||
9680 | */ | |||
9681 | ||||
9682 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_clienthello_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &ch_type); | |||
9683 | offset += 1; | |||
9684 | switch (ch_type) { | |||
9685 | case 0: /* outer */ | |||
9686 | if (ssl && session->first_ch_ech_frame == 0) { | |||
9687 | session->first_ch_ech_frame = pinfo->num; | |||
9688 | } | |||
9689 | offset = dissect_ech_hpke_cipher_suite(hf, tvb, pinfo, tree, offset); | |||
9690 | uint16_t kdf_id = tvb_get_ntohs(tvb, offset - 4); | |||
9691 | uint16_t aead_id = tvb_get_ntohs(tvb, offset - 2); | |||
9692 | ||||
9693 | proto_tree_add_item(tree, hf->hf.ech_config_id, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
9694 | uint8_t config_id = tvb_get_uint8(tvb, offset); | |||
9695 | offset += 1; | |||
9696 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_enc_length, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | |||
9697 | offset += 2; | |||
9698 | proto_tree_add_item(tree, hf->hf.ech_enc, tvb, offset, length, ENC_NA0x00000000); | |||
9699 | offset += length; | |||
9700 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_payload_length, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | |||
9701 | offset += 2; | |||
9702 | payload_ti = proto_tree_add_item(tree, hf->hf.ech_payload, tvb, offset, length, ENC_NA0x00000000); | |||
9703 | offset += length; | |||
9704 | ||||
9705 | if (!mk_map) { | |||
9706 | break; | |||
9707 | } | |||
9708 | if (session->client_random.data_len == 0) { | |||
9709 | ssl_debug_printf("%s missing Client Random\n", G_STRFUNC((const char*) (__func__))); | |||
9710 | break; | |||
9711 | } | |||
9712 | StringInfo *ech_secret = (StringInfo *)g_hash_table_lookup(mk_map->ech_secret, &session->client_random); | |||
9713 | StringInfo *ech_config = (StringInfo *)g_hash_table_lookup(mk_map->ech_config, &session->client_random); | |||
9714 | if (!ech_secret || !ech_config) { | |||
9715 | ssl_debug_printf("%s Cannot find ECH_SECRET or ECH_CONFIG, Encrypted Client Hello decryption impossible\n", | |||
9716 | G_STRFUNC((const char*) (__func__))); | |||
9717 | break; | |||
9718 | } | |||
9719 | ||||
9720 | if (hpke_hkdf_len(kdf_id) == 0) { | |||
9721 | ssl_debug_printf("Unsupported KDF\n"); | |||
9722 | break; | |||
9723 | } | |||
9724 | ||||
9725 | if (hpke_aead_key_len(aead_id) == 0) { | |||
9726 | ssl_debug_printf("Unsupported AEAD\n"); | |||
9727 | break; | |||
9728 | } | |||
9729 | ||||
9730 | size_t aead_nonce_len = hpke_aead_nonce_len(aead_id); | |||
9731 | ||||
9732 | uint16_t version = GUINT16_FROM_BE(*(uint16_t *)ech_config->data)(((((guint16) ( (guint16) ((guint16) (*(uint16_t *)ech_config ->data) >> 8) | (guint16) ((guint16) (*(uint16_t *)ech_config ->data) << 8)))))); | |||
9733 | if (version != SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037) { | |||
9734 | ssl_debug_printf("Unexpected version in ECH Config\n"); | |||
9735 | break; | |||
9736 | } | |||
9737 | uint32_t ech_config_offset = 2; | |||
9738 | if (GUINT16_FROM_BE(*(uint16_t *)(ech_config->data + ech_config_offset))(((((guint16) ( (guint16) ((guint16) (*(uint16_t *)(ech_config ->data + ech_config_offset)) >> 8) | (guint16) ((guint16 ) (*(uint16_t *)(ech_config->data + ech_config_offset)) << 8)))))) != ech_config->data_len - 4) { | |||
9739 | ssl_debug_printf("Malformed ECH Config, invalid length\n"); | |||
9740 | break; | |||
9741 | } | |||
9742 | ech_config_offset += 2; | |||
9743 | if (*(ech_config->data + ech_config_offset) != config_id) { | |||
9744 | ssl_debug_printf("ECH Config version mismatch\n"); | |||
9745 | break; | |||
9746 | } | |||
9747 | ech_config_offset += 1; | |||
9748 | uint16_t kem_id_be = *(uint16_t *)(ech_config->data + ech_config_offset); | |||
9749 | uint16_t kem_id = GUINT16_FROM_BE(kem_id_be)(((((guint16) ( (guint16) ((guint16) (kem_id_be) >> 8) | (guint16) ((guint16) (kem_id_be) << 8)))))); | |||
9750 | uint8_t suite_id[HPKE_SUIT_ID_LEN10]; | |||
9751 | hpke_suite_id(kem_id, kdf_id, aead_id, suite_id); | |||
9752 | GByteArray *info = g_byte_array_new(); | |||
9753 | g_byte_array_append(info, "tls ech", 8); | |||
9754 | g_byte_array_append(info, ech_config->data, ech_config->data_len); | |||
9755 | uint8_t key[AEAD_MAX_KEY_LENGTH32]; | |||
9756 | uint8_t base_nonce[HPKE_AEAD_NONCE_LENGTH12]; | |||
9757 | if (hpke_key_schedule(kdf_id, aead_id, ech_secret->data, ech_secret->data_len, suite_id, info->data, info->len, HPKE_MODE_BASE0, | |||
9758 | key, base_nonce)) { | |||
9759 | g_byte_array_free(info, TRUE(!(0))); | |||
9760 | break; | |||
9761 | } | |||
9762 | g_byte_array_free(info, TRUE(!(0))); | |||
9763 | gcry_cipher_hd_t cipher; | |||
9764 | if (hpke_setup_aead(&cipher, aead_id, key) || | |||
9765 | hpke_set_nonce(cipher, !session->hrr_ech_declined && pinfo->num > session->first_ch_ech_frame, base_nonce, aead_nonce_len)) { | |||
9766 | gcry_cipher_close(cipher); | |||
9767 | break; | |||
9768 | } | |||
9769 | const uint8_t *payload = tvb_get_ptr(tvb, offset - length, length); | |||
9770 | uint8_t *ech_aad = (uint8_t *)wmem_alloc(NULL((void*)0), hello_length); | |||
9771 | tvb_memcpy(tvb, ech_aad, initial_offset, hello_length); | |||
9772 | memset(ech_aad + offset - length - initial_offset, 0, length); | |||
9773 | if (gcry_cipher_authenticate(cipher, ech_aad, hello_length)) { | |||
9774 | gcry_cipher_close(cipher); | |||
9775 | wmem_free(NULL((void*)0), ech_aad); | |||
9776 | break; | |||
9777 | } | |||
9778 | wmem_free(NULL((void*)0), ech_aad); | |||
9779 | uint8_t *ech_decrypted_data = (uint8_t *)wmem_alloc(pinfo->pool, length - 16); | |||
9780 | if (gcry_cipher_decrypt(cipher, ech_decrypted_data, length - 16, payload, length - 16)) { | |||
9781 | gcry_cipher_close(cipher); | |||
9782 | break; | |||
9783 | } | |||
9784 | guchar ech_auth_tag_calc[16]; | |||
9785 | if (gcry_cipher_gettag(cipher, ech_auth_tag_calc, 16)) { | |||
9786 | gcry_cipher_close(cipher); | |||
9787 | break; | |||
9788 | } | |||
9789 | if (ssl && !session->hrr_ech_declined && session->first_ch_ech_frame == pinfo->num) | |||
9790 | memcpy(session->first_ech_auth_tag, ech_auth_tag_calc, 16); | |||
9791 | gcry_cipher_close(cipher); | |||
9792 | if (memcmp(pinfo->num > session->first_ch_ech_frame ? ech_auth_tag_calc : session->first_ech_auth_tag, | |||
9793 | payload + length - 16, 16)) { | |||
9794 | ssl_debug_printf("%s ECH auth tag mismatch\n", G_STRFUNC((const char*) (__func__))); | |||
9795 | } else { | |||
9796 | payload_tree = proto_item_add_subtree(payload_ti, hf->ett.ech_decrypt); | |||
9797 | tvbuff_t *ech_tvb = tvb_new_child_real_data(tvb, ech_decrypted_data, length - 16, length - 16); | |||
9798 | add_new_data_source(pinfo, ech_tvb, "Client Hello Inner"); | |||
9799 | if (ssl) { | |||
9800 | tvb_memcpy(ech_tvb, ssl->client_random.data, 2, 32); | |||
9801 | uint32_t len_offset = ssl->ech_transcript.data_len; | |||
9802 | if (ssl->ech_transcript.data_len > 0) | |||
9803 | ssl->ech_transcript.data = (guchar*)wmem_realloc(wmem_file_scope(), ssl->ech_transcript.data, | |||
9804 | ssl->ech_transcript.data_len + hello_length + 4); | |||
9805 | else | |||
9806 | ssl->ech_transcript.data = (guchar*)wmem_alloc(wmem_file_scope(), hello_length + 4); | |||
9807 | ssl->ech_transcript.data[ssl->ech_transcript.data_len] = SSL_HND_CLIENT_HELLO; | |||
9808 | ssl->ech_transcript.data[ssl->ech_transcript.data_len + 1] = 0; | |||
9809 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len + 4, 0, 34); | |||
9810 | ssl->ech_transcript.data_len += 38; | |||
9811 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, initial_offset + 34, | |||
9812 | tvb_get_uint8(tvb, initial_offset + 34) + 1); | |||
9813 | ssl->ech_transcript.data_len += tvb_get_uint8(tvb, initial_offset + 34) + 1; | |||
9814 | uint32_t ech_offset = 35 + tvb_get_uint8(ech_tvb, 34); | |||
9815 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, ech_offset, | |||
9816 | 2 + tvb_get_ntohs(ech_tvb, ech_offset)); | |||
9817 | ssl->ech_transcript.data_len += 2 + tvb_get_ntohs(ech_tvb, ech_offset); | |||
9818 | ech_offset += 2 + tvb_get_ntohs(ech_tvb, ech_offset); | |||
9819 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, ech_offset, | |||
9820 | 1 + tvb_get_uint8(ech_tvb, ech_offset)); | |||
9821 | ssl->ech_transcript.data_len += 1 + tvb_get_uint8(ech_tvb, ech_offset); | |||
9822 | ech_offset += 1 + tvb_get_uint8(ech_tvb, ech_offset); | |||
9823 | uint32_t ech_extensions_len_offset = ssl->ech_transcript.data_len; | |||
9824 | ssl->ech_transcript.data_len += 2; | |||
9825 | uint16_t extensions_end = ech_offset + tvb_get_ntohs(ech_tvb, ech_offset) + 2; | |||
9826 | ech_offset += 2; | |||
9827 | while (extensions_end - ech_offset >= 4) { | |||
9828 | if (tvb_get_ntohs(ech_tvb, ech_offset) != SSL_HND_HELLO_EXT_ECH_OUTER_EXTENSIONS64768) { | |||
9829 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, ech_offset, | |||
9830 | 4 + tvb_get_ntohs(ech_tvb, ech_offset + 2)); | |||
9831 | ssl->ech_transcript.data_len += 4 + tvb_get_ntohs(ech_tvb, ech_offset + 2); | |||
9832 | ech_offset += 4 + tvb_get_ntohs(ech_tvb, ech_offset + 2); | |||
9833 | } else if (tvb_get_ntohs(ech_tvb, ech_offset + 2) > 0) { | |||
9834 | uint8_t outer_extensions_end = tvb_get_uint8(ech_tvb, ech_offset + 4) + ech_offset + 5; | |||
9835 | ech_offset += 5; | |||
9836 | uint16_t outer_offset = initial_offset + 35 + tvb_get_uint8(tvb, initial_offset + 34); | |||
9837 | outer_offset += tvb_get_ntohs(tvb, outer_offset) + 2; | |||
9838 | outer_offset += tvb_get_uint8(tvb, outer_offset) + 3; | |||
9839 | while (outer_extensions_end - ech_offset >= 2) { | |||
9840 | while (hello_length - outer_offset >= 4) { | |||
9841 | if (tvb_get_ntohs(tvb, outer_offset) == tvb_get_ntohs(ech_tvb, ech_offset)) { | |||
9842 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, outer_offset, | |||
9843 | 4 + tvb_get_ntohs(tvb, outer_offset + 2)); | |||
9844 | ssl->ech_transcript.data_len += 4 + tvb_get_ntohs(tvb, outer_offset + 2); | |||
9845 | outer_offset += 4 + tvb_get_ntohs(tvb, outer_offset + 2); | |||
9846 | break; | |||
9847 | } else { | |||
9848 | outer_offset += 4 + tvb_get_ntohs(tvb, outer_offset + 2); | |||
9849 | } | |||
9850 | } | |||
9851 | ech_offset += 2; | |||
9852 | } | |||
9853 | } | |||
9854 | } | |||
9855 | uint16_t ech_extensions_len_be = GUINT16_TO_BE(ssl->ech_transcript.data_len - ech_extensions_len_offset - 2)((((guint16) ( (guint16) ((guint16) (ssl->ech_transcript.data_len - ech_extensions_len_offset - 2) >> 8) | (guint16) ((guint16 ) (ssl->ech_transcript.data_len - ech_extensions_len_offset - 2) << 8))))); | |||
9856 | *(ssl->ech_transcript.data + ech_extensions_len_offset) = ech_extensions_len_be & 0xff; | |||
9857 | *(ssl->ech_transcript.data + ech_extensions_len_offset + 1) = (ech_extensions_len_be >> 8); | |||
9858 | *(ssl->ech_transcript.data + len_offset + 2) = ((ssl->ech_transcript.data_len - len_offset - 4) >> 8); | |||
9859 | *(ssl->ech_transcript.data + len_offset + 3) = (ssl->ech_transcript.data_len - len_offset - 4) & 0xff; | |||
9860 | } | |||
9861 | uint32_t ech_padding_begin = (uint32_t)ssl_dissect_hnd_cli_hello(hf, ech_tvb, pinfo, payload_tree, 0, length - 16, session, | |||
9862 | ssl, NULL((void*)0), mk_map); | |||
9863 | if (ech_padding_begin < length - 16) { | |||
9864 | proto_tree_add_item(payload_tree, hf->hf.ech_padding_data, ech_tvb, ech_padding_begin, length - 16 - ech_padding_begin, | |||
9865 | ENC_NA0x00000000); | |||
9866 | } | |||
9867 | } | |||
9868 | ||||
9869 | break; | |||
9870 | case 1: /* inner */ | |||
9871 | break; | |||
9872 | } | |||
9873 | break; | |||
9874 | ||||
9875 | case SSL_HND_ENCRYPTED_EXTENSIONS: | |||
9876 | /* | |||
9877 | * struct { | |||
9878 | * ECHConfigList retry_configs; | |||
9879 | * } ECHEncryptedExtensions; | |||
9880 | */ | |||
9881 | ||||
9882 | ti = proto_tree_add_item(tree, hf->hf.ech_retry_configs, tvb, offset, offset_end - offset, ENC_NA0x00000000); | |||
9883 | retry_tree = proto_item_add_subtree(ti, hf->ett.ech_retry_configs); | |||
9884 | offset = ssl_dissect_ext_ech_echconfiglist(hf, tvb, pinfo, retry_tree, offset, offset_end); | |||
9885 | break; | |||
9886 | ||||
9887 | case SSL_HND_HELLO_RETRY_REQUEST: | |||
9888 | /* | |||
9889 | * struct { | |||
9890 | * opaque confirmation[8]; | |||
9891 | * } ECHHelloRetryRequest; | |||
9892 | */ | |||
9893 | ||||
9894 | proto_tree_add_item(tree, hf->hf.ech_confirmation, tvb, offset, 8, ENC_NA0x00000000); | |||
9895 | if (session->ech) { | |||
9896 | ti = proto_tree_add_bytes_with_length(tree, hf->hf.hs_ech_confirm_compute, tvb, offset, 0, session->hrr_ech_confirmation, 8); | |||
9897 | proto_item_set_generated(ti); | |||
9898 | if (memcmp(session->hrr_ech_confirmation, tvb_get_ptr(tvb, offset, 8), 8)) { | |||
9899 | expert_add_info(pinfo, ti, &hf->ei.ech_rejected); | |||
9900 | } else { | |||
9901 | expert_add_info(pinfo, ti, &hf->ei.ech_accepted); | |||
9902 | } | |||
9903 | } | |||
9904 | offset += 8; | |||
9905 | break; | |||
9906 | } | |||
9907 | ||||
9908 | return offset; | |||
9909 | } | |||
9910 | ||||
9911 | static uint32_t | |||
9912 | ssl_dissect_hnd_hello_ext_esni(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9913 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
9914 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | |||
9915 | { | |||
9916 | uint32_t record_digest_length, encrypted_sni_length; | |||
9917 | ||||
9918 | switch (hnd_type) { | |||
9919 | case SSL_HND_CLIENT_HELLO: | |||
9920 | /* | |||
9921 | * struct { | |||
9922 | * CipherSuite suite; | |||
9923 | * KeyShareEntry key_share; | |||
9924 | * opaque record_digest<0..2^16-1>; | |||
9925 | * opaque encrypted_sni<0..2^16-1>; | |||
9926 | * } ClientEncryptedSNI; | |||
9927 | */ | |||
9928 | proto_tree_add_item(tree, hf->hf.esni_suite, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
9929 | offset += 2; | |||
9930 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, tree, offset, offset_end, NULL((void*)0)); | |||
9931 | ||||
9932 | /* opaque record_digest<0..2^16-1> */ | |||
9933 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &record_digest_length, | |||
9934 | hf->hf.esni_record_digest_length, 0, UINT16_MAX(65535))) { | |||
9935 | return offset_end; | |||
9936 | } | |||
9937 | offset += 2; | |||
9938 | if (record_digest_length > 0) { | |||
9939 | proto_tree_add_item(tree, hf->hf.esni_record_digest, tvb, offset, record_digest_length, ENC_NA0x00000000); | |||
9940 | offset += record_digest_length; | |||
9941 | } | |||
9942 | ||||
9943 | /* opaque encrypted_sni<0..2^16-1> */ | |||
9944 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &encrypted_sni_length, | |||
9945 | hf->hf.esni_encrypted_sni_length, 0, UINT16_MAX(65535))) { | |||
9946 | return offset_end; | |||
9947 | } | |||
9948 | offset += 2; | |||
9949 | if (encrypted_sni_length > 0) { | |||
9950 | proto_tree_add_item(tree, hf->hf.esni_encrypted_sni, tvb, offset, encrypted_sni_length, ENC_NA0x00000000); | |||
9951 | offset += encrypted_sni_length; | |||
9952 | } | |||
9953 | break; | |||
9954 | ||||
9955 | case SSL_HND_ENCRYPTED_EXTENSIONS: | |||
9956 | proto_tree_add_item(tree, hf->hf.esni_nonce, tvb, offset, 16, ENC_NA0x00000000); | |||
9957 | offset += 16; | |||
9958 | break; | |||
9959 | } | |||
9960 | ||||
9961 | return offset; | |||
9962 | } | |||
9963 | /** TLS Extensions (in Client Hello and Server Hello). }}} */ | |||
9964 | ||||
9965 | /* Connection ID dissection. {{{ */ | |||
9966 | static uint32_t | |||
9967 | ssl_dissect_ext_connection_id(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9968 | proto_tree *tree, uint32_t offset, SslDecryptSession *ssl, | |||
9969 | uint8_t cidl, uint8_t **session_cid, uint8_t *session_cidl) | |||
9970 | { | |||
9971 | /* keep track of the decrypt session only for the first pass */ | |||
9972 | if (cidl > 0 && !PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) { | |||
9973 | tvb_ensure_bytes_exist(tvb, offset + 1, cidl); | |||
9974 | *session_cidl = cidl; | |||
9975 | *session_cid = (uint8_t*)wmem_alloc0(wmem_file_scope(), cidl); | |||
9976 | tvb_memcpy(tvb, *session_cid, offset + 1, cidl); | |||
9977 | if (ssl) { | |||
9978 | ssl_add_session_by_cid(ssl); | |||
9979 | } | |||
9980 | } | |||
9981 | ||||
9982 | proto_tree_add_item(tree, hf->hf.hs_ext_connection_id_length, | |||
9983 | tvb, offset, 1, ENC_NA0x00000000); | |||
9984 | offset++; | |||
9985 | ||||
9986 | if (cidl > 0) { | |||
9987 | proto_tree_add_item(tree, hf->hf.hs_ext_connection_id, | |||
9988 | tvb, offset, cidl, ENC_NA0x00000000); | |||
9989 | offset += cidl; | |||
9990 | } | |||
9991 | ||||
9992 | return offset; | |||
9993 | } | |||
9994 | ||||
9995 | static uint32_t | |||
9996 | ssl_dissect_hnd_hello_ext_connection_id(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
9997 | proto_tree *tree, uint32_t offset, uint8_t hnd_type, | |||
9998 | SslSession *session, SslDecryptSession *ssl) | |||
9999 | { | |||
10000 | uint8_t cidl = tvb_get_uint8(tvb, offset); | |||
10001 | ||||
10002 | switch (hnd_type) { | |||
10003 | case SSL_HND_CLIENT_HELLO: | |||
10004 | session->client_cid_len_present = true1; | |||
10005 | return ssl_dissect_ext_connection_id(hf, tvb, pinfo, tree, offset, ssl, | |||
10006 | cidl, &session->client_cid, &session->client_cid_len); | |||
10007 | case SSL_HND_SERVER_HELLO: | |||
10008 | session->server_cid_len_present = true1; | |||
10009 | return ssl_dissect_ext_connection_id(hf, tvb, pinfo, tree, offset, ssl, | |||
10010 | cidl, &session->server_cid, &session->server_cid_len); | |||
10011 | default: | |||
10012 | return offset; | |||
10013 | } | |||
10014 | } /* }}} */ | |||
10015 | ||||
10016 | /* Trusted CA dissection. {{{ */ | |||
10017 | static uint32_t | |||
10018 | ssl_dissect_hnd_hello_ext_trusted_ca_keys(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | |||
10019 | uint32_t offset, uint32_t offset_end) | |||
10020 | { | |||
10021 | proto_item *ti; | |||
10022 | proto_tree *subtree; | |||
10023 | uint32_t keys_length, next_offset; | |||
10024 | ||||
10025 | /* | |||
10026 | * struct { | |||
10027 | * TrustedAuthority trusted_authorities_list<0..2^16-1>; | |||
10028 | * } TrustedAuthorities; | |||
10029 | * | |||
10030 | * struct { | |||
10031 | * IdentifierType identifier_type; | |||
10032 | * select (identifier_type) { | |||
10033 | * case pre_agreed: struct {}; | |||
10034 | * case key_sha1_hash: SHA1Hash; | |||
10035 | * case x509_name: DistinguishedName; | |||
10036 | * case cert_sha1_hash: SHA1Hash; | |||
10037 | * } identifier; | |||
10038 | * } TrustedAuthority; | |||
10039 | * | |||
10040 | * enum { | |||
10041 | * pre_agreed(0), key_sha1_hash(1), x509_name(2), | |||
10042 | * cert_sha1_hash(3), (255) | |||
10043 | * } IdentifierType; | |||
10044 | * | |||
10045 | * opaque DistinguishedName<1..2^16-1>; | |||
10046 | * | |||
10047 | */ | |||
10048 | ||||
10049 | ||||
10050 | /* TrustedAuthority trusted_authorities_list<0..2^16-1> */ | |||
10051 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &keys_length, hf->hf.hs_ext_trusted_ca_keys_len, | |||
10052 | 0, UINT16_MAX(65535))) | |||
10053 | { | |||
10054 | return offset_end; | |||
10055 | } | |||
10056 | offset += 2; | |||
10057 | next_offset = offset + keys_length; | |||
10058 | ||||
10059 | if (keys_length > 0) | |||
10060 | { | |||
10061 | ti = proto_tree_add_none_format(tree, hf->hf.hs_ext_trusted_ca_keys_list, tvb, offset, keys_length, | |||
10062 | "Trusted CA keys (%d byte%s)", keys_length, plurality(keys_length, "", "s")((keys_length) == 1 ? ("") : ("s"))); | |||
10063 | subtree = proto_item_add_subtree(ti, hf->ett.hs_ext_trusted_ca_keys); | |||
10064 | ||||
10065 | while (offset < next_offset) | |||
10066 | { | |||
10067 | uint32_t identifier_type; | |||
10068 | proto_tree *trusted_key_tree; | |||
10069 | proto_item *trusted_key_item; | |||
10070 | asn1_ctx_t asn1_ctx; | |||
10071 | uint32_t key_len = 0; | |||
10072 | ||||
10073 | identifier_type = tvb_get_uint8(tvb, offset); | |||
10074 | ||||
10075 | // Use 0 as length for now as we'll only know the size when we decode the identifier | |||
10076 | trusted_key_item = proto_tree_add_none_format(subtree, hf->hf.hs_ext_trusted_ca_key, tvb, | |||
10077 | offset, 0, "Trusted CA Key"); | |||
10078 | trusted_key_tree = proto_item_add_subtree(trusted_key_item, hf->ett.hs_ext_trusted_ca_key); | |||
10079 | ||||
10080 | proto_tree_add_uint(trusted_key_tree, hf->hf.hs_ext_trusted_ca_key_type, tvb, | |||
10081 | offset, 1, identifier_type); | |||
10082 | offset++; | |||
10083 | ||||
10084 | /* | |||
10085 | * enum { | |||
10086 | * pre_agreed(0), key_sha1_hash(1), x509_name(2), | |||
10087 | * cert_sha1_hash(3), (255) | |||
10088 | * } IdentifierType; | |||
10089 | */ | |||
10090 | switch (identifier_type) | |||
10091 | { | |||
10092 | case 0: | |||
10093 | key_len = 0; | |||
10094 | break; | |||
10095 | case 2: | |||
10096 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
10097 | ||||
10098 | uint32_t name_length; | |||
10099 | /* opaque DistinguishedName<1..2^16-1> */ | |||
10100 | if (!ssl_add_vector(hf, tvb, pinfo, trusted_key_tree, offset, next_offset, &name_length, | |||
10101 | hf->hf.hs_ext_trusted_ca_key_dname_len, 1, UINT16_MAX(65535))) { | |||
10102 | return next_offset; | |||
10103 | } | |||
10104 | offset += 2; | |||
10105 | ||||
10106 | dissect_x509if_DistinguishedName(false0, tvb, offset, &asn1_ctx, | |||
10107 | trusted_key_tree, hf->hf.hs_ext_trusted_ca_key_dname); | |||
10108 | offset += name_length; | |||
10109 | break; | |||
10110 | case 1: | |||
10111 | case 3: | |||
10112 | key_len = 20; | |||
10113 | /* opaque SHA1Hash[20]; */ | |||
10114 | proto_tree_add_item(trusted_key_tree, hf->hf.hs_ext_trusted_ca_key_hash, tvb, | |||
10115 | offset, 20, ENC_NA0x00000000); | |||
10116 | break; | |||
10117 | ||||
10118 | default: | |||
10119 | key_len = 0; | |||
10120 | /*TODO display expert info about unknown ? */ | |||
10121 | break; | |||
10122 | } | |||
10123 | proto_item_set_len(trusted_key_item, 1 + key_len); | |||
10124 | offset += key_len; | |||
10125 | } | |||
10126 | } | |||
10127 | ||||
10128 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) | |||
10129 | { | |||
10130 | offset = next_offset; | |||
10131 | } | |||
10132 | ||||
10133 | return offset; | |||
10134 | } /* }}} */ | |||
10135 | ||||
10136 | ||||
10137 | /* Whether the Content and Handshake Types are valid; handle Protocol Version. {{{ */ | |||
10138 | bool_Bool | |||
10139 | ssl_is_valid_content_type(uint8_t type) | |||
10140 | { | |||
10141 | switch ((ContentType) type) { | |||
10142 | case SSL_ID_CHG_CIPHER_SPEC: | |||
10143 | case SSL_ID_ALERT: | |||
10144 | case SSL_ID_HANDSHAKE: | |||
10145 | case SSL_ID_APP_DATA: | |||
10146 | case SSL_ID_HEARTBEAT: | |||
10147 | case SSL_ID_TLS12_CID: | |||
10148 | case SSL_ID_DTLS13_ACK: | |||
10149 | return true1; | |||
10150 | } | |||
10151 | return false0; | |||
10152 | } | |||
10153 | ||||
10154 | bool_Bool | |||
10155 | ssl_is_valid_handshake_type(uint8_t hs_type, bool_Bool is_dtls) | |||
10156 | { | |||
10157 | switch ((HandshakeType) hs_type) { | |||
10158 | case SSL_HND_HELLO_VERIFY_REQUEST: | |||
10159 | /* hello_verify_request is DTLS-only */ | |||
10160 | return is_dtls; | |||
10161 | ||||
10162 | case SSL_HND_HELLO_REQUEST: | |||
10163 | case SSL_HND_CLIENT_HELLO: | |||
10164 | case SSL_HND_SERVER_HELLO: | |||
10165 | case SSL_HND_NEWSESSION_TICKET: | |||
10166 | case SSL_HND_END_OF_EARLY_DATA: | |||
10167 | case SSL_HND_HELLO_RETRY_REQUEST: | |||
10168 | case SSL_HND_ENCRYPTED_EXTENSIONS: | |||
10169 | case SSL_HND_CERTIFICATE: | |||
10170 | case SSL_HND_SERVER_KEY_EXCHG: | |||
10171 | case SSL_HND_CERT_REQUEST: | |||
10172 | case SSL_HND_SVR_HELLO_DONE: | |||
10173 | case SSL_HND_CERT_VERIFY: | |||
10174 | case SSL_HND_CLIENT_KEY_EXCHG: | |||
10175 | case SSL_HND_FINISHED: | |||
10176 | case SSL_HND_CERT_URL: | |||
10177 | case SSL_HND_CERT_STATUS: | |||
10178 | case SSL_HND_SUPPLEMENTAL_DATA: | |||
10179 | case SSL_HND_KEY_UPDATE: | |||
10180 | case SSL_HND_COMPRESSED_CERTIFICATE: | |||
10181 | case SSL_HND_ENCRYPTED_EXTS: | |||
10182 | return true1; | |||
10183 | case SSL_HND_MESSAGE_HASH: | |||
10184 | return false0; | |||
10185 | } | |||
10186 | return false0; | |||
10187 | } | |||
10188 | ||||
10189 | static bool_Bool | |||
10190 | ssl_is_authoritative_version_message(uint8_t content_type, uint8_t handshake_type, | |||
10191 | bool_Bool is_dtls) | |||
10192 | { | |||
10193 | /* Consider all valid Handshake messages (except for Client Hello) and | |||
10194 | * all other valid record types (other than Handshake) */ | |||
10195 | return (content_type == SSL_ID_HANDSHAKE && | |||
10196 | ssl_is_valid_handshake_type(handshake_type, is_dtls) && | |||
10197 | handshake_type != SSL_HND_CLIENT_HELLO) || | |||
10198 | (content_type != SSL_ID_HANDSHAKE && | |||
10199 | ssl_is_valid_content_type(content_type)); | |||
10200 | } | |||
10201 | ||||
10202 | /** | |||
10203 | * Scan a Server Hello handshake message for the negotiated version. For TLS 1.3 | |||
10204 | * draft 22 and newer, it also checks whether it is a HelloRetryRequest. | |||
10205 | * Returns true if the supported_versions extension was found, false if not. | |||
10206 | */ | |||
10207 | bool_Bool | |||
10208 | tls_scan_server_hello(tvbuff_t *tvb, uint32_t offset, uint32_t offset_end, | |||
10209 | uint16_t *server_version, bool_Bool *is_hrr) | |||
10210 | { | |||
10211 | /* SHA256("HelloRetryRequest") */ | |||
10212 | static const uint8_t tls13_hrr_random_magic[] = { | |||
10213 | 0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e, 0x65, 0xb8, 0x91, | |||
10214 | 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c | |||
10215 | }; | |||
10216 | uint8_t session_id_length; | |||
10217 | ||||
10218 | *server_version = tvb_get_ntohs(tvb, offset); | |||
10219 | ||||
10220 | /* | |||
10221 | * Try to look for supported_versions extension. Minimum length: | |||
10222 | * 2 + 32 + 1 = 35 (version, random, session id length) | |||
10223 | * 2 + 1 + 2 = 5 (cipher suite, compression method, extensions length) | |||
10224 | * 2 + 2 + 2 = 6 (ext type, ext len, version) | |||
10225 | * | |||
10226 | * We only check for the [legacy_]version field to be [D]TLS 1.2; if it's 1.3, | |||
10227 | * there's a separate expert info warning for that. | |||
10228 | */ | |||
10229 | if ((*server_version == TLSV1DOT2_VERSION0x303 || *server_version == DTLSV1DOT2_VERSION0xfefd) && offset_end - offset >= 46) { | |||
10230 | offset += 2; | |||
10231 | if (is_hrr) { | |||
10232 | *is_hrr = tvb_memeql(tvb, offset, tls13_hrr_random_magic, sizeof(tls13_hrr_random_magic)) == 0; | |||
10233 | } | |||
10234 | offset += 32; | |||
10235 | session_id_length = tvb_get_uint8(tvb, offset); | |||
10236 | offset++; | |||
10237 | if (offset_end - offset < session_id_length + 5u) { | |||
10238 | return false0; | |||
10239 | } | |||
10240 | offset += session_id_length + 5; | |||
10241 | ||||
10242 | while (offset_end - offset >= 6) { | |||
10243 | uint16_t ext_type = tvb_get_ntohs(tvb, offset); | |||
10244 | uint16_t ext_len = tvb_get_ntohs(tvb, offset + 2); | |||
10245 | if (offset_end - offset < 4u + ext_len) { | |||
10246 | break; /* not enough data for type, length and data */ | |||
10247 | } | |||
10248 | if (ext_type == SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43) { | |||
10249 | if (ext_len == 2) { | |||
10250 | *server_version = tvb_get_ntohs(tvb, offset + 4); | |||
10251 | } | |||
10252 | return true1; | |||
10253 | } | |||
10254 | offset += 4 + ext_len; | |||
10255 | } | |||
10256 | } else { | |||
10257 | if (is_hrr) { | |||
10258 | *is_hrr = false0; | |||
10259 | } | |||
10260 | } | |||
10261 | return false0; | |||
10262 | } | |||
10263 | ||||
10264 | /** | |||
10265 | * Scan a Client Hello handshake message to see if the supported_versions | |||
10266 | * extension is found, in which case the version field is legacy_version. | |||
10267 | */ | |||
10268 | static bool_Bool | |||
10269 | tls_scan_client_hello(tvbuff_t *tvb, uint32_t offset, uint32_t offset_end) | |||
10270 | { | |||
10271 | uint8_t session_id_length; | |||
10272 | ||||
10273 | uint16_t client_version = tvb_get_ntohs(tvb, offset); | |||
10274 | ||||
10275 | /* | |||
10276 | * Try to look for supported_versions extension. Minimum length: | |||
10277 | * 2 + 32 + 1 = 35 (version, random, session id length) | |||
10278 | * 2 + 2 + 1 + 2 = 5 (cipher suite, compression method, extensions length) | |||
10279 | * 2 + 2 + 2 = 6 (ext type, ext len, version) | |||
10280 | * | |||
10281 | * We only check for the [legacy_]version field to be [D]TLS 1.2; if it's 1.3, | |||
10282 | * there's a separate expert info warning for that. | |||
10283 | */ | |||
10284 | if ((client_version == TLSV1DOT2_VERSION0x303 || client_version == DTLSV1DOT2_VERSION0xfefd) && offset_end - offset >= 46) { | |||
10285 | offset += 2; | |||
10286 | offset += 32; | |||
10287 | session_id_length = tvb_get_uint8(tvb, offset); | |||
10288 | offset++; | |||
10289 | if (offset_end - offset < session_id_length + 2u) { | |||
10290 | return false0; | |||
10291 | } | |||
10292 | offset += session_id_length; | |||
10293 | if (client_version == DTLSV1DOT2_VERSION0xfefd) { | |||
10294 | uint8_t cookie_length = tvb_get_uint8(tvb, offset); | |||
10295 | offset++; | |||
10296 | if (offset_end - offset < cookie_length + 2u) { | |||
10297 | return false0; | |||
10298 | } | |||
10299 | } | |||
10300 | uint16_t cipher_suites_length = tvb_get_ntohs(tvb, offset); | |||
10301 | offset += 2; | |||
10302 | if (offset_end - offset < cipher_suites_length + 1u) { | |||
10303 | return false0; | |||
10304 | } | |||
10305 | offset += cipher_suites_length; | |||
10306 | uint8_t compression_methods_length = tvb_get_uint8(tvb, offset); | |||
10307 | offset++; | |||
10308 | if (offset_end - offset < compression_methods_length + 2u) { | |||
10309 | return false0; | |||
10310 | } | |||
10311 | offset += compression_methods_length + 2; | |||
10312 | ||||
10313 | while (offset_end - offset >= 6) { | |||
10314 | uint16_t ext_type = tvb_get_ntohs(tvb, offset); | |||
10315 | uint16_t ext_len = tvb_get_ntohs(tvb, offset + 2); | |||
10316 | if (offset_end - offset < 4u + ext_len) { | |||
10317 | break; /* not enough data for type, length and data */ | |||
10318 | } | |||
10319 | if (ext_type == SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43) { | |||
10320 | return true1; | |||
10321 | } | |||
10322 | offset += 4 + ext_len; | |||
10323 | } | |||
10324 | } | |||
10325 | return false0; | |||
10326 | } | |||
10327 | void | |||
10328 | ssl_try_set_version(SslSession *session, SslDecryptSession *ssl, | |||
10329 | uint8_t content_type, uint8_t handshake_type, | |||
10330 | bool_Bool is_dtls, uint16_t version) | |||
10331 | { | |||
10332 | uint8_t tls13_draft = 0; | |||
10333 | ||||
10334 | if (!ssl_is_authoritative_version_message(content_type, handshake_type, | |||
10335 | is_dtls)) | |||
10336 | return; | |||
10337 | ||||
10338 | version = tls_try_get_version(is_dtls, version, &tls13_draft); | |||
10339 | if (version == SSL_VER_UNKNOWN0) { | |||
10340 | return; | |||
10341 | } | |||
10342 | ||||
10343 | session->tls13_draft_version = tls13_draft; | |||
10344 | session->version = version; | |||
10345 | if (ssl) { | |||
10346 | ssl->state |= SSL_VERSION(1<<4); | |||
10347 | ssl_debug_printf("%s found version 0x%04X -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), version, ssl->state); | |||
10348 | } | |||
10349 | } | |||
10350 | ||||
10351 | void | |||
10352 | ssl_check_record_length(ssl_common_dissect_t *hf, packet_info *pinfo, | |||
10353 | ContentType content_type, | |||
10354 | unsigned record_length, proto_item *length_pi, | |||
10355 | uint16_t version, tvbuff_t *decrypted_tvb) | |||
10356 | { | |||
10357 | unsigned max_expansion; | |||
10358 | if (version == TLSV1DOT3_VERSION0x304) { | |||
10359 | /* TLS 1.3: Max length is 2^14 + 256 */ | |||
10360 | max_expansion = 256; | |||
10361 | } else { | |||
10362 | /* RFC 5246, Section 6.2.3: TLSCiphertext.fragment length MUST NOT exceed 2^14 + 2048 */ | |||
10363 | max_expansion = 2048; | |||
10364 | } | |||
10365 | /* | |||
10366 | * RFC 5246 (TLS 1.2), Section 6.2.1 forbids zero-length Handshake, Alert | |||
10367 | * and ChangeCipherSpec. | |||
10368 | * RFC 6520 (Heartbeats) does not mention zero-length Heartbeat fragments, | |||
10369 | * so assume it is permitted. | |||
10370 | * RFC 6347 (DTLS 1.2) does not mention zero-length fragments either, so | |||
10371 | * assume TLS 1.2 requirements. | |||
10372 | */ | |||
10373 | if (record_length == 0 && | |||
10374 | (content_type == SSL_ID_CHG_CIPHER_SPEC || | |||
10375 | content_type == SSL_ID_ALERT || | |||
10376 | content_type == SSL_ID_HANDSHAKE)) { | |||
10377 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, | |||
10378 | "Zero-length %s fragments are not allowed", | |||
10379 | val_to_str_const(content_type, ssl_31_content_type, "unknown")); | |||
10380 | } | |||
10381 | if (record_length > TLS_MAX_RECORD_LENGTH0x4000 + max_expansion) { | |||
10382 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, | |||
10383 | "TLSCiphertext length MUST NOT exceed 2^14 + %u", max_expansion); | |||
10384 | } | |||
10385 | if (decrypted_tvb && tvb_captured_length(decrypted_tvb) > TLS_MAX_RECORD_LENGTH0x4000) { | |||
10386 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, | |||
10387 | "TLSPlaintext length MUST NOT exceed 2^14"); | |||
10388 | } | |||
10389 | } | |||
10390 | ||||
10391 | static void | |||
10392 | ssl_set_cipher(SslDecryptSession *ssl, uint16_t cipher) | |||
10393 | { | |||
10394 | /* store selected cipher suite for decryption */ | |||
10395 | ssl->session.cipher = cipher; | |||
10396 | ||||
10397 | const SslCipherSuite *cs = ssl_find_cipher(cipher); | |||
10398 | if (!cs) { | |||
10399 | ssl->cipher_suite = NULL((void*)0); | |||
10400 | ssl->state &= ~SSL_CIPHER(1<<2); | |||
10401 | ssl_debug_printf("%s can't find cipher suite 0x%04X\n", G_STRFUNC((const char*) (__func__)), cipher); | |||
10402 | } else if (ssl->session.version == SSLV3_VERSION0x300 && !(cs->dig == DIG_MD50x40 || cs->dig == DIG_SHA0x41)) { | |||
10403 | /* A malicious packet capture contains a SSL 3.0 session using a TLS 1.2 | |||
10404 | * cipher suite that uses for example MACAlgorithm SHA256. Reject that | |||
10405 | * to avoid a potential buffer overflow in ssl3_check_mac. */ | |||
10406 | ssl->cipher_suite = NULL((void*)0); | |||
10407 | ssl->state &= ~SSL_CIPHER(1<<2); | |||
10408 | ssl_debug_printf("%s invalid SSL 3.0 cipher suite 0x%04X\n", G_STRFUNC((const char*) (__func__)), cipher); | |||
10409 | } else { | |||
10410 | /* Cipher found, save this for the delayed decoder init */ | |||
10411 | ssl->cipher_suite = cs; | |||
10412 | ssl->state |= SSL_CIPHER(1<<2); | |||
10413 | ssl_debug_printf("%s found CIPHER 0x%04X %s -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), cipher, | |||
10414 | val_to_str_ext_const(cipher, &ssl_31_ciphersuite_ext, "unknown"), | |||
10415 | ssl->state); | |||
10416 | } | |||
10417 | } | |||
10418 | /* }}} */ | |||
10419 | ||||
10420 | ||||
10421 | /* Client Hello and Server Hello dissections. {{{ */ | |||
10422 | static int | |||
10423 | ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | |||
10424 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, | |||
10425 | SslSession *session, SslDecryptSession *ssl, | |||
10426 | bool_Bool is_dtls, wmem_strbuf_t *ja3, ja4_data_t *ja4_data, | |||
10427 | ssl_master_key_map_t *mk_map, uint32_t initial_offset, uint32_t hello_length); | |||
10428 | int | |||
10429 | // NOLINTNEXTLINE(misc-no-recursion) | |||
10430 | ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
10431 | packet_info *pinfo, proto_tree *tree, uint32_t offset, | |||
10432 | uint32_t offset_end, SslSession *session, | |||
10433 | SslDecryptSession *ssl, dtls_hfs_t *dtls_hfs, ssl_master_key_map_t *mk_map) | |||
10434 | { | |||
10435 | /* struct { | |||
10436 | * ProtocolVersion client_version; | |||
10437 | * Random random; | |||
10438 | * SessionID session_id; | |||
10439 | * opaque cookie<0..32>; //new field for DTLS | |||
10440 | * CipherSuite cipher_suites<2..2^16-1>; | |||
10441 | * CompressionMethod compression_methods<1..2^8-1>; | |||
10442 | * Extension client_hello_extension_list<0..2^16-1>; | |||
10443 | * } ClientHello; | |||
10444 | */ | |||
10445 | proto_item *ti; | |||
10446 | proto_tree *cs_tree; | |||
10447 | uint32_t client_version; | |||
10448 | uint32_t cipher_suite_length; | |||
10449 | uint32_t compression_methods_length; | |||
10450 | uint8_t compression_method; | |||
10451 | uint32_t next_offset; | |||
10452 | uint32_t initial_offset = offset; | |||
10453 | uint32_t hello_length = offset_end - initial_offset; | |||
10454 | wmem_strbuf_t *ja3 = wmem_strbuf_new(pinfo->pool, ""); | |||
10455 | char *ja3_hash; | |||
10456 | char *ja3_dash = ""; | |||
10457 | char *ja4, *ja4_r, *ja4_hash, *ja4_b, *ja4_c; | |||
10458 | ja4_data_t ja4_data; | |||
10459 | wmem_strbuf_t *ja4_a = wmem_strbuf_new(pinfo->pool, ""); | |||
10460 | wmem_strbuf_t *ja4_br = wmem_strbuf_new(pinfo->pool, ""); | |||
10461 | wmem_strbuf_t *ja4_cr = wmem_strbuf_new(pinfo->pool, ""); | |||
10462 | wmem_list_frame_t *curr_entry; | |||
10463 | ||||
10464 | ja4_data.max_version = 0; | |||
10465 | ja4_data.server_name_present = false0; | |||
10466 | ja4_data.num_cipher_suites = 0; | |||
10467 | ja4_data.num_extensions = 0; | |||
10468 | ja4_data.alpn = wmem_strbuf_new(pinfo->pool, ""); | |||
10469 | ja4_data.cipher_list = wmem_list_new(pinfo->pool); | |||
10470 | ja4_data.extension_list = wmem_list_new(pinfo->pool); | |||
10471 | ja4_data.sighash_list = wmem_list_new(pinfo->pool); | |||
10472 | ||||
10473 | /* show the client version */ | |||
10474 | ti = proto_tree_add_item_ret_uint(tree, hf->hf.hs_client_version, tvb, | |||
10475 | offset, 2, ENC_BIG_ENDIAN0x00000000, | |||
10476 | &client_version); | |||
10477 | if (tls_scan_client_hello(tvb, offset, offset_end)) { | |||
10478 | expert_add_info(pinfo, ti, &hf->ei.legacy_version); | |||
10479 | } | |||
10480 | offset += 2; | |||
10481 | wmem_strbuf_append_printf(ja3, "%i,", client_version); | |||
10482 | ||||
10483 | /* | |||
10484 | * Is it version 1.3? | |||
10485 | * If so, that's an error; TLS and DTLS 1.3 Client Hellos claim | |||
10486 | * to be TLS 1.2, and mention 1.3 in an extension. See RFC 8446 | |||
10487 | * section 4.1.2 "Client Hello" and RFC 9147 Section 5.3 "Client | |||
10488 | * Hello". | |||
10489 | */ | |||
10490 | if (dtls_hfs != NULL((void*)0)) { | |||
10491 | if (client_version == DTLSV1DOT3_VERSION0xfefc) { | |||
10492 | /* Don't do that. */ | |||
10493 | expert_add_info(pinfo, ti, &hf->ei.client_version_error); | |||
10494 | } | |||
10495 | } else { | |||
10496 | if (client_version == TLSV1DOT3_VERSION0x304) { | |||
10497 | /* Don't do that. */ | |||
10498 | expert_add_info(pinfo, ti, &hf->ei.client_version_error); | |||
10499 | } | |||
10500 | } | |||
10501 | ||||
10502 | /* dissect fields that are present in both ClientHello and ServerHello */ | |||
10503 | offset = ssl_dissect_hnd_hello_common(hf, tvb, pinfo, tree, offset, session, ssl, false0, false0); | |||
10504 | ||||
10505 | /* fields specific for DTLS (cookie_len, cookie) */ | |||
10506 | if (dtls_hfs != NULL((void*)0)) { | |||
10507 | uint32_t cookie_length; | |||
10508 | /* opaque cookie<0..32> (for DTLS only) */ | |||
10509 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cookie_length, | |||
10510 | dtls_hfs->hf_dtls_handshake_cookie_len, 0, 32)) { | |||
10511 | return offset; | |||
10512 | } | |||
10513 | offset++; | |||
10514 | if (cookie_length > 0) { | |||
10515 | proto_tree_add_item(tree, dtls_hfs->hf_dtls_handshake_cookie, | |||
10516 | tvb, offset, cookie_length, ENC_NA0x00000000); | |||
10517 | offset += cookie_length; | |||
10518 | } | |||
10519 | } | |||
10520 | ||||
10521 | /* CipherSuite cipher_suites<2..2^16-1> */ | |||
10522 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cipher_suite_length, | |||
10523 | hf->hf.hs_cipher_suites_len, 2, UINT16_MAX(65535))) { | |||
10524 | return offset; | |||
10525 | } | |||
10526 | offset += 2; | |||
10527 | next_offset = offset + cipher_suite_length; | |||
10528 | ti = proto_tree_add_none_format(tree, | |||
10529 | hf->hf.hs_cipher_suites, | |||
10530 | tvb, offset, cipher_suite_length, | |||
10531 | "Cipher Suites (%d suite%s)", | |||
10532 | cipher_suite_length / 2, | |||
10533 | plurality(cipher_suite_length/2, "", "s")((cipher_suite_length/2) == 1 ? ("") : ("s"))); | |||
10534 | cs_tree = proto_item_add_subtree(ti, hf->ett.cipher_suites); | |||
10535 | while (offset + 2 <= next_offset) { | |||
10536 | uint32_t cipher_suite; | |||
10537 | ||||
10538 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.hs_cipher_suite, tvb, offset, 2, | |||
10539 | ENC_BIG_ENDIAN0x00000000, &cipher_suite); | |||
10540 | offset += 2; | |||
10541 | if (!IS_GREASE_TLS(cipher_suite)((((cipher_suite) & 0x0f0f) == 0x0a0a) && (((cipher_suite ) & 0xff) == (((cipher_suite)>>8) & 0xff)))) { | |||
10542 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, cipher_suite); | |||
10543 | ja3_dash = "-"; | |||
10544 | ja4_data.num_cipher_suites += 1; | |||
10545 | wmem_list_insert_sorted(ja4_data.cipher_list, GUINT_TO_POINTER(cipher_suite)((gpointer) (gulong) (cipher_suite)), wmem_compare_uint); | |||
10546 | } | |||
10547 | } | |||
10548 | wmem_strbuf_append_c(ja3, ','); | |||
10549 | if (!ssl_end_vector(hf, tvb, pinfo, cs_tree, offset, next_offset)) { | |||
10550 | offset = next_offset; | |||
10551 | } | |||
10552 | ||||
10553 | /* CompressionMethod compression_methods<1..2^8-1> */ | |||
10554 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compression_methods_length, | |||
10555 | hf->hf.hs_comp_methods_len, 1, UINT8_MAX(255))) { | |||
10556 | return offset; | |||
10557 | } | |||
10558 | offset++; | |||
10559 | next_offset = offset + compression_methods_length; | |||
10560 | ti = proto_tree_add_none_format(tree, | |||
10561 | hf->hf.hs_comp_methods, | |||
10562 | tvb, offset, compression_methods_length, | |||
10563 | "Compression Methods (%u method%s)", | |||
10564 | compression_methods_length, | |||
10565 | plurality(compression_methods_length,((compression_methods_length) == 1 ? ("") : ("s")) | |||
10566 | "", "s")((compression_methods_length) == 1 ? ("") : ("s"))); | |||
10567 | cs_tree = proto_item_add_subtree(ti, hf->ett.comp_methods); | |||
10568 | while (offset < next_offset) { | |||
10569 | compression_method = tvb_get_uint8(tvb, offset); | |||
10570 | /* TODO: make reserved/private comp meth. fields selectable */ | |||
10571 | if (compression_method < 64) | |||
10572 | proto_tree_add_uint(cs_tree, hf->hf.hs_comp_method, | |||
10573 | tvb, offset, 1, compression_method); | |||
10574 | else if (compression_method > 63 && compression_method < 193) | |||
10575 | proto_tree_add_uint_format_value(cs_tree, hf->hf.hs_comp_method, tvb, offset, 1, | |||
10576 | compression_method, "Reserved - to be assigned by IANA (%u)", | |||
10577 | compression_method); | |||
10578 | else | |||
10579 | proto_tree_add_uint_format_value(cs_tree, hf->hf.hs_comp_method, tvb, offset, 1, | |||
10580 | compression_method, "Private use range (%u)", | |||
10581 | compression_method); | |||
10582 | offset++; | |||
10583 | } | |||
10584 | ||||
10585 | /* SSL v3.0 has no extensions, so length field can indeed be missing. */ | |||
10586 | if (offset < offset_end) { | |||
10587 | offset = ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | |||
10588 | offset_end, SSL_HND_CLIENT_HELLO, | |||
10589 | session, ssl, dtls_hfs != NULL((void*)0), ja3, &ja4_data, mk_map, initial_offset, hello_length); | |||
10590 | if (ja4_data.max_version > 0) { | |||
10591 | client_version = ja4_data.max_version; | |||
10592 | } | |||
10593 | } else { | |||
10594 | wmem_strbuf_append_printf(ja3, ",,"); | |||
10595 | } | |||
10596 | ||||
10597 | if (proto_is_frame_protocol(pinfo->layers,"tcp")) { | |||
10598 | wmem_strbuf_append(ja4_a, "t"); | |||
10599 | } else if (proto_is_frame_protocol(pinfo->layers,"quic")) { | |||
10600 | wmem_strbuf_append(ja4_a, "q"); | |||
10601 | } else if (proto_is_frame_protocol(pinfo->layers,"dtls")) { | |||
10602 | wmem_strbuf_append(ja4_a, "d"); | |||
10603 | } | |||
10604 | wmem_strbuf_append_printf(ja4_a, "%s", val_to_str_const(client_version, ssl_version_ja4_names, "00")); | |||
10605 | wmem_strbuf_append_printf(ja4_a, "%s", ja4_data.server_name_present ? "d" : "i"); | |||
10606 | if (ja4_data.num_cipher_suites > 99) { | |||
10607 | wmem_strbuf_append(ja4_a, "99"); | |||
10608 | } else { | |||
10609 | wmem_strbuf_append_printf(ja4_a, "%02d", ja4_data.num_cipher_suites); | |||
10610 | } | |||
10611 | if (ja4_data.num_extensions > 99) { | |||
10612 | wmem_strbuf_append(ja4_a, "99"); | |||
10613 | } else { | |||
10614 | wmem_strbuf_append_printf(ja4_a, "%02d", ja4_data.num_extensions); | |||
10615 | } | |||
10616 | if (wmem_strbuf_get_len(ja4_data.alpn) > 0 ) { | |||
10617 | wmem_strbuf_append_printf(ja4_a, "%s", wmem_strbuf_get_str(ja4_data.alpn)); | |||
10618 | } else { | |||
10619 | wmem_strbuf_append(ja4_a, "00"); | |||
10620 | } | |||
10621 | ||||
10622 | curr_entry = wmem_list_head(ja4_data.cipher_list); | |||
10623 | for (unsigned i = 0; i < wmem_list_count(ja4_data.cipher_list); i++) { | |||
10624 | wmem_strbuf_append_printf(ja4_br, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); | |||
10625 | if (i < wmem_list_count(ja4_data.cipher_list) - 1) { | |||
10626 | wmem_strbuf_append(ja4_br, ","); | |||
10627 | } | |||
10628 | curr_entry = wmem_list_frame_next(curr_entry); | |||
10629 | } | |||
10630 | ||||
10631 | curr_entry = wmem_list_head(ja4_data.extension_list); | |||
10632 | for (unsigned i = 0; i < wmem_list_count(ja4_data.extension_list); i++) { | |||
10633 | wmem_strbuf_append_printf(ja4_cr, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); | |||
10634 | if (i < wmem_list_count(ja4_data.extension_list) - 1) { | |||
10635 | wmem_strbuf_append(ja4_cr, ","); | |||
10636 | } | |||
10637 | curr_entry = wmem_list_frame_next(curr_entry); | |||
10638 | } | |||
10639 | ||||
10640 | if (wmem_list_count(ja4_data.sighash_list) > 0) { | |||
10641 | wmem_strbuf_append(ja4_cr, "_"); | |||
10642 | curr_entry = wmem_list_head(ja4_data.sighash_list); | |||
10643 | for (unsigned i = 0; i < wmem_list_count(ja4_data.sighash_list); i++) { | |||
10644 | wmem_strbuf_append_printf(ja4_cr, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); | |||
10645 | if (i < wmem_list_count(ja4_data.sighash_list) - 1) { | |||
10646 | wmem_strbuf_append(ja4_cr, ","); | |||
10647 | } | |||
10648 | curr_entry = wmem_list_frame_next(curr_entry); | |||
10649 | } | |||
10650 | } | |||
10651 | ja4_hash = g_compute_checksum_for_string(G_CHECKSUM_SHA256, wmem_strbuf_get_str(ja4_br),-1); | |||
10652 | ja4_b = wmem_strndup(pinfo->pool, ja4_hash, 12); | |||
10653 | g_free(ja4_hash); | |||
10654 | if ( wmem_strbuf_get_len(ja4_cr) == 0 ) { | |||
10655 | ja4_hash = g_strdup("000000000000")g_strdup_inline ("000000000000"); | |||
10656 | } else { | |||
10657 | ja4_hash = g_compute_checksum_for_string(G_CHECKSUM_SHA256, wmem_strbuf_get_str(ja4_cr),-1); | |||
10658 | } | |||
10659 | ja4_c = wmem_strndup(pinfo->pool, ja4_hash, 12); | |||
10660 | g_free(ja4_hash); | |||
10661 | ||||
10662 | ja4 = wmem_strdup_printf(pinfo->pool, "%s_%s_%s", wmem_strbuf_get_str(ja4_a), ja4_b, ja4_c); | |||
10663 | ja4_r = wmem_strdup_printf(pinfo->pool, "%s_%s_%s", wmem_strbuf_get_str(ja4_a), wmem_strbuf_get_str(ja4_br), wmem_strbuf_get_str(ja4_cr)); | |||
10664 | ||||
10665 | ti = proto_tree_add_string(tree, hf->hf.hs_ja4, tvb, offset, 0, ja4); | |||
10666 | proto_item_set_generated(ti); | |||
10667 | ti = proto_tree_add_string(tree, hf->hf.hs_ja4_r, tvb, offset, 0, ja4_r); | |||
10668 | proto_item_set_generated(ti); | |||
10669 | ||||
10670 | ja3_hash = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(ja3), | |||
10671 | wmem_strbuf_get_len(ja3)); | |||
10672 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3_full, tvb, offset, 0, wmem_strbuf_get_str(ja3)); | |||
10673 | proto_item_set_generated(ti); | |||
10674 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3_hash, tvb, offset, 0, ja3_hash); | |||
10675 | proto_item_set_generated(ti); | |||
10676 | g_free(ja3_hash); | |||
10677 | return offset; | |||
10678 | } | |||
10679 | ||||
10680 | void | |||
10681 | ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
10682 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
10683 | SslSession *session, SslDecryptSession *ssl, | |||
10684 | bool_Bool is_dtls, bool_Bool is_hrr) | |||
10685 | { | |||
10686 | /* struct { | |||
10687 | * ProtocolVersion server_version; | |||
10688 | * Random random; | |||
10689 | * SessionID session_id; // TLS 1.2 and before | |||
10690 | * CipherSuite cipher_suite; | |||
10691 | * CompressionMethod compression_method; // TLS 1.2 and before | |||
10692 | * Extension server_hello_extension_list<0..2^16-1>; | |||
10693 | * } ServerHello; | |||
10694 | */ | |||
10695 | uint8_t draft_version = session->tls13_draft_version; | |||
10696 | proto_item *ti; | |||
10697 | uint32_t server_version; | |||
10698 | uint32_t cipher_suite; | |||
10699 | uint32_t initial_offset = offset; | |||
10700 | wmem_strbuf_t *ja3 = wmem_strbuf_new(pinfo->pool, ""); | |||
10701 | char *ja3_hash; | |||
10702 | ||||
10703 | col_set_str(pinfo->cinfo, COL_PROTOCOL, | |||
10704 | val_to_str_const(session->version, ssl_version_short_names, "SSL")); | |||
10705 | ||||
10706 | /* Initially assume that the session is resumed. If this is not the case, a | |||
10707 | * ServerHelloDone will be observed before the ChangeCipherSpec message | |||
10708 | * which will reset this flag. */ | |||
10709 | session->is_session_resumed = true1; | |||
10710 | ||||
10711 | /* show the server version */ | |||
10712 | ti = proto_tree_add_item_ret_uint(tree, hf->hf.hs_server_version, tvb, | |||
10713 | offset, 2, ENC_BIG_ENDIAN0x00000000, &server_version); | |||
10714 | ||||
10715 | uint16_t supported_server_version; | |||
10716 | if (tls_scan_server_hello(tvb, offset, offset_end, &supported_server_version, NULL((void*)0))) { | |||
10717 | expert_add_info(pinfo, ti, &hf->ei.legacy_version); | |||
10718 | } | |||
10719 | /* | |||
10720 | * Is it version 1.3? | |||
10721 | * If so, that's an error; TLS and DTLS 1.3 Server Hellos claim | |||
10722 | * to be TLS 1.2, and mention 1.3 in an extension. See RFC 8446 | |||
10723 | * section 4.1.3 "Server Hello" and RFC 9147 Section 5.4 "Server | |||
10724 | * Hello". | |||
10725 | */ | |||
10726 | if (is_dtls) { | |||
10727 | if (server_version == DTLSV1DOT3_VERSION0xfefc) { | |||
10728 | /* Don't do that. */ | |||
10729 | expert_add_info(pinfo, ti, &hf->ei.server_version_error); | |||
10730 | } | |||
10731 | } else { | |||
10732 | if (server_version == TLSV1DOT3_VERSION0x304) { | |||
10733 | /* Don't do that. */ | |||
10734 | expert_add_info(pinfo, ti, &hf->ei.server_version_error); | |||
10735 | } | |||
10736 | } | |||
10737 | ||||
10738 | offset += 2; | |||
10739 | wmem_strbuf_append_printf(ja3, "%i", server_version); | |||
10740 | ||||
10741 | /* dissect fields that are present in both ClientHello and ServerHello */ | |||
10742 | offset = ssl_dissect_hnd_hello_common(hf, tvb, pinfo, tree, offset, session, ssl, true1, is_hrr); | |||
10743 | ||||
10744 | if (ssl) { | |||
10745 | /* store selected cipher suite for decryption */ | |||
10746 | ssl_set_cipher(ssl, tvb_get_ntohs(tvb, offset)); | |||
10747 | } | |||
10748 | ||||
10749 | /* now the server-selected cipher suite */ | |||
10750 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_cipher_suite, | |||
10751 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &cipher_suite); | |||
10752 | offset += 2; | |||
10753 | wmem_strbuf_append_printf(ja3, ",%i,", cipher_suite); | |||
10754 | ||||
10755 | /* No compression with TLS 1.3 before draft -22 */ | |||
10756 | if (!(session->version == TLSV1DOT3_VERSION0x304 && draft_version > 0 && draft_version < 22)) { | |||
10757 | if (ssl) { | |||
10758 | /* store selected compression method for decryption */ | |||
10759 | ssl->session.compression = tvb_get_uint8(tvb, offset); | |||
10760 | } | |||
10761 | /* and the server-selected compression method */ | |||
10762 | proto_tree_add_item(tree, hf->hf.hs_comp_method, | |||
10763 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
10764 | offset++; | |||
10765 | } | |||
10766 | ||||
10767 | /* SSL v3.0 has no extensions, so length field can indeed be missing. */ | |||
10768 | if (offset < offset_end) { | |||
10769 | offset = ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | |||
10770 | offset_end, | |||
10771 | is_hrr ? SSL_HND_HELLO_RETRY_REQUEST : SSL_HND_SERVER_HELLO, | |||
10772 | session, ssl, is_dtls, ja3, NULL((void*)0), NULL((void*)0), 0, 0); | |||
10773 | } | |||
10774 | ||||
10775 | if (ssl && ssl->ech_transcript.data_len > 0 && (ssl->state & SSL_CIPHER(1<<2)) && ssl->client_random.data_len > 0) { | |||
10776 | int hash_algo = ssl_get_digest_by_name(ssl_cipher_suite_dig(ssl->cipher_suite)->name); | |||
10777 | if (hash_algo) { | |||
10778 | SSL_MDgcry_md_hd_t mc; | |||
10779 | guchar transcript_hash[DIGEST_MAX_SIZE48]; | |||
10780 | guchar prk[DIGEST_MAX_SIZE48]; | |||
10781 | guchar *ech_verify_out = NULL((void*)0); | |||
10782 | unsigned int len; | |||
10783 | ssl_md_init(&mc, hash_algo); | |||
10784 | ssl_md_update(&mc, ssl->ech_transcript.data, ssl->ech_transcript.data_len); | |||
10785 | if (is_hrr) { | |||
10786 | ssl_md_final(&mc, transcript_hash, &len); | |||
10787 | ssl_md_cleanup(&mc); | |||
10788 | wmem_free(wmem_file_scope(), ssl->ech_transcript.data); | |||
10789 | ssl->ech_transcript.data_len = 4 + len; | |||
10790 | ssl->ech_transcript.data = (guchar*)wmem_alloc(wmem_file_scope(), 4 + len + 4 + offset_end - initial_offset); | |||
10791 | ssl->ech_transcript.data[0] = SSL_HND_MESSAGE_HASH; | |||
10792 | ssl->ech_transcript.data[1] = 0; | |||
10793 | ssl->ech_transcript.data[2] = 0; | |||
10794 | ssl->ech_transcript.data[3] = len; | |||
10795 | memcpy(ssl->ech_transcript.data + 4, transcript_hash, len); | |||
10796 | ssl_md_init(&mc, hash_algo); | |||
10797 | ssl_md_update(&mc, ssl->ech_transcript.data, 4 + len); | |||
10798 | } else { | |||
10799 | ssl->ech_transcript.data = wmem_realloc(wmem_file_scope(), ssl->ech_transcript.data, | |||
10800 | ssl->ech_transcript.data_len + 4 + offset_end - initial_offset); | |||
10801 | } | |||
10802 | if (initial_offset > 4) { | |||
10803 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, initial_offset - 4, | |||
10804 | 4 + offset_end - initial_offset); | |||
10805 | if (is_hrr) | |||
10806 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, initial_offset-4, 38), 38); | |||
10807 | else | |||
10808 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, initial_offset-4, 30), 30); | |||
10809 | } else { | |||
10810 | uint8_t prefix[4] = {SSL_HND_SERVER_HELLO, 0x00, 0x00, 0x00}; | |||
10811 | prefix[2] = ((offset - initial_offset) >> 8); | |||
10812 | prefix[3] = (offset - initial_offset) & 0xff; | |||
10813 | memcpy(ssl->ech_transcript.data + ssl->ech_transcript.data_len, prefix, 4); | |||
10814 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len + 4, initial_offset, | |||
10815 | offset_end - initial_offset); | |||
10816 | ssl_md_update(&mc, prefix, 4); | |||
10817 | if (is_hrr) | |||
10818 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, initial_offset, 34), 34); | |||
10819 | else | |||
10820 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, initial_offset, 26), 26); | |||
10821 | } | |||
10822 | ssl->ech_transcript.data_len += 4 + offset_end - initial_offset; | |||
10823 | uint8_t zeros[8] = { 0 }; | |||
10824 | uint32_t confirmation_offset = initial_offset + 26; | |||
10825 | if (is_hrr) { | |||
10826 | uint32_t hrr_offset = initial_offset + 34; | |||
10827 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, hrr_offset, | |||
10828 | tvb_get_uint8(tvb, hrr_offset) + 1), tvb_get_uint8(tvb, hrr_offset) + 1); | |||
10829 | hrr_offset += tvb_get_uint8(tvb, hrr_offset) + 1; | |||
10830 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, hrr_offset, 3), 3); | |||
10831 | hrr_offset += 3; | |||
10832 | uint16_t extensions_end = hrr_offset + tvb_get_ntohs(tvb, hrr_offset) + 2; | |||
10833 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, hrr_offset, 2), 2); | |||
10834 | hrr_offset += 2; | |||
10835 | while (extensions_end - hrr_offset >= 4) { | |||
10836 | if (tvb_get_ntohs(tvb, hrr_offset) == SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037 && | |||
10837 | tvb_get_ntohs(tvb, hrr_offset + 2) == 8) { | |||
10838 | confirmation_offset = hrr_offset + 4; | |||
10839 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, hrr_offset, 4), 4); | |||
10840 | ssl_md_update(&mc, zeros, 8); | |||
10841 | hrr_offset += 12; | |||
10842 | } else { | |||
10843 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, hrr_offset, tvb_get_ntohs(tvb, hrr_offset + 2) + 4), | |||
10844 | tvb_get_ntohs(tvb, hrr_offset + 2) + 4); | |||
10845 | hrr_offset += tvb_get_ntohs(tvb, hrr_offset + 2) + 4; | |||
10846 | } | |||
10847 | } | |||
10848 | } else { | |||
10849 | ssl_md_update(&mc, zeros, 8); | |||
10850 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, initial_offset + 34, offset - initial_offset - 34), | |||
10851 | offset - initial_offset - 34); | |||
10852 | } | |||
10853 | ssl_md_final(&mc, transcript_hash, &len); | |||
10854 | ssl_md_cleanup(&mc); | |||
10855 | hkdf_extract(hash_algo, NULL((void*)0), 0, ssl->client_random.data, 32, prk); | |||
10856 | StringInfo prk_string = {prk, len}; | |||
10857 | tls13_hkdf_expand_label_context(hash_algo, &prk_string, tls13_hkdf_label_prefix(ssl), | |||
10858 | is_hrr ? "hrr ech accept confirmation" : "ech accept confirmation", | |||
10859 | transcript_hash, len, 8, &ech_verify_out); | |||
10860 | memcpy(is_hrr ? ssl->session.hrr_ech_confirmation : ssl->session.ech_confirmation, ech_verify_out, 8); | |||
10861 | if (tvb_memeql(tvb, confirmation_offset, ech_verify_out, 8) == -1) { | |||
10862 | if (is_hrr) { | |||
10863 | ssl->session.hrr_ech_declined = TRUE(!(0)); | |||
10864 | ssl->session.first_ch_ech_frame = 0; | |||
10865 | } | |||
10866 | memcpy(ssl->client_random.data, ssl->session.client_random.data, ssl->session.client_random.data_len); | |||
10867 | ssl_print_data("Updated Client Random", ssl->client_random.data, 32); | |||
10868 | } | |||
10869 | wmem_free(NULL((void*)0), ech_verify_out); | |||
10870 | ssl->session.ech = TRUE(!(0)); | |||
10871 | } | |||
10872 | } | |||
10873 | ||||
10874 | ja3_hash = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(ja3), | |||
10875 | wmem_strbuf_get_len(ja3)); | |||
10876 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3s_full, tvb, offset, 0, wmem_strbuf_get_str(ja3)); | |||
10877 | proto_item_set_generated(ti); | |||
10878 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3s_hash, tvb, offset, 0, ja3_hash); | |||
10879 | proto_item_set_generated(ti); | |||
10880 | g_free(ja3_hash); | |||
10881 | } | |||
10882 | /* Client Hello and Server Hello dissections. }}} */ | |||
10883 | ||||
10884 | /* New Session Ticket dissection. {{{ */ | |||
10885 | void | |||
10886 | ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
10887 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
10888 | SslSession *session, SslDecryptSession *ssl, | |||
10889 | bool_Bool is_dtls, GHashTable *session_hash) | |||
10890 | { | |||
10891 | /* https://tools.ietf.org/html/rfc5077#section-3.3 (TLS >= 1.0): | |||
10892 | * struct { | |||
10893 | * uint32 ticket_lifetime_hint; | |||
10894 | * opaque ticket<0..2^16-1>; | |||
10895 | * } NewSessionTicket; | |||
10896 | * | |||
10897 | * RFC 8446 Section 4.6.1 (TLS 1.3): | |||
10898 | * struct { | |||
10899 | * uint32 ticket_lifetime; | |||
10900 | * uint32 ticket_age_add; | |||
10901 | * opaque ticket_nonce<0..255>; // new in draft -21, updated in -22 | |||
10902 | * opaque ticket<1..2^16-1>; | |||
10903 | * Extension extensions<0..2^16-2>; | |||
10904 | * } NewSessionTicket; | |||
10905 | */ | |||
10906 | proto_tree *subtree; | |||
10907 | proto_item *subitem; | |||
10908 | uint32_t ticket_len; | |||
10909 | bool_Bool is_tls13 = session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc; | |||
10910 | unsigned char draft_version = session->tls13_draft_version; | |||
10911 | uint32_t lifetime_hint; | |||
10912 | ||||
10913 | subtree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
10914 | hf->ett.session_ticket, NULL((void*)0), | |||
10915 | "TLS Session Ticket"); | |||
10916 | ||||
10917 | /* ticket lifetime hint */ | |||
10918 | subitem = proto_tree_add_item_ret_uint(subtree, hf->hf.hs_session_ticket_lifetime_hint, | |||
10919 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &lifetime_hint); | |||
10920 | offset += 4; | |||
10921 | ||||
10922 | if (lifetime_hint >= 60) { | |||
10923 | char *time_str = unsigned_time_secs_to_str(pinfo->pool, lifetime_hint); | |||
10924 | proto_item_append_text(subitem, " (%s)", time_str); | |||
10925 | } | |||
10926 | ||||
10927 | if (is_tls13) { | |||
10928 | ||||
10929 | /* for TLS 1.3: ticket_age_add */ | |||
10930 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket_age_add, | |||
10931 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | |||
10932 | offset += 4; | |||
10933 | ||||
10934 | /* for TLS 1.3: ticket_nonce (coming with Draft 21)*/ | |||
10935 | if (draft_version == 0 || draft_version >= 21) { | |||
10936 | uint32_t ticket_nonce_len; | |||
10937 | ||||
10938 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &ticket_nonce_len, | |||
10939 | hf->hf.hs_session_ticket_nonce_len, 0, 255)) { | |||
10940 | return; | |||
10941 | } | |||
10942 | offset++; | |||
10943 | ||||
10944 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket_nonce, tvb, offset, ticket_nonce_len, ENC_NA0x00000000); | |||
10945 | offset += ticket_nonce_len; | |||
10946 | } | |||
10947 | ||||
10948 | } | |||
10949 | ||||
10950 | /* opaque ticket<0..2^16-1> (with TLS 1.3 the minimum is 1) */ | |||
10951 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &ticket_len, | |||
10952 | hf->hf.hs_session_ticket_len, is_tls13 ? 1 : 0, UINT16_MAX(65535))) { | |||
10953 | return; | |||
10954 | } | |||
10955 | offset += 2; | |||
10956 | ||||
10957 | /* Content depends on implementation, so just show data! */ | |||
10958 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket, | |||
10959 | tvb, offset, ticket_len, ENC_NA0x00000000); | |||
10960 | /* save the session ticket to cache for ssl_finalize_decryption */ | |||
10961 | if (ssl && !is_tls13) { | |||
10962 | tvb_ensure_bytes_exist(tvb, offset, ticket_len); | |||
10963 | ssl->session_ticket.data = (unsigned char*)wmem_realloc(wmem_file_scope(), | |||
10964 | ssl->session_ticket.data, ticket_len); | |||
10965 | ssl->session_ticket.data_len = ticket_len; | |||
10966 | tvb_memcpy(tvb, ssl->session_ticket.data, offset, ticket_len); | |||
10967 | /* NewSessionTicket is received after the first (client) | |||
10968 | * ChangeCipherSpec, and before the second (server) ChangeCipherSpec. | |||
10969 | * Since the second CCS has already the session key available it will | |||
10970 | * just return. To ensure that the session ticket is mapped to a | |||
10971 | * master key (from the first CCS), save the ticket here too. */ | |||
10972 | ssl_save_master_key("Session Ticket", session_hash, | |||
10973 | &ssl->session_ticket, &ssl->master_secret); | |||
10974 | ssl->state |= SSL_NEW_SESSION_TICKET(1<<10); | |||
10975 | } | |||
10976 | offset += ticket_len; | |||
10977 | ||||
10978 | if (is_tls13) { | |||
10979 | ssl_dissect_hnd_extension(hf, tvb, subtree, pinfo, offset, | |||
10980 | offset_end, SSL_HND_NEWSESSION_TICKET, | |||
10981 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | |||
10982 | } | |||
10983 | } /* }}} */ | |||
10984 | ||||
10985 | void | |||
10986 | ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
10987 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
10988 | SslSession *session, SslDecryptSession *ssl, | |||
10989 | bool_Bool is_dtls) | |||
10990 | { | |||
10991 | /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.1.4 | |||
10992 | * struct { | |||
10993 | * ProtocolVersion server_version; | |||
10994 | * CipherSuite cipher_suite; // not before draft -19 | |||
10995 | * Extension extensions<2..2^16-1>; | |||
10996 | * } HelloRetryRequest; | |||
10997 | * Note: no longer used since draft -22 | |||
10998 | */ | |||
10999 | uint32_t version; | |||
11000 | uint8_t draft_version; | |||
11001 | ||||
11002 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_server_version, tvb, | |||
11003 | offset, 2, ENC_BIG_ENDIAN0x00000000, &version); | |||
11004 | draft_version = extract_tls13_draft_version(version); | |||
11005 | offset += 2; | |||
11006 | ||||
11007 | if (draft_version == 0 || draft_version >= 19) { | |||
11008 | proto_tree_add_item(tree, hf->hf.hs_cipher_suite, | |||
11009 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
11010 | offset += 2; | |||
11011 | } | |||
11012 | ||||
11013 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | |||
11014 | offset_end, SSL_HND_HELLO_RETRY_REQUEST, | |||
11015 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | |||
11016 | } | |||
11017 | ||||
11018 | void | |||
11019 | ssl_dissect_hnd_encrypted_extensions(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
11020 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
11021 | SslSession *session, SslDecryptSession *ssl, | |||
11022 | bool_Bool is_dtls) | |||
11023 | { | |||
11024 | /* RFC 8446 Section 4.3.1 | |||
11025 | * struct { | |||
11026 | * Extension extensions<0..2^16-1>; | |||
11027 | * } EncryptedExtensions; | |||
11028 | */ | |||
11029 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | |||
11030 | offset_end, SSL_HND_ENCRYPTED_EXTENSIONS, | |||
11031 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | |||
11032 | } | |||
11033 | ||||
11034 | /* Certificate and Certificate Request dissections. {{{ */ | |||
11035 | void | |||
11036 | ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | |||
11037 | uint32_t offset, uint32_t offset_end, packet_info *pinfo, | |||
11038 | SslSession *session, SslDecryptSession *ssl _U___attribute__((unused)), | |||
11039 | bool_Bool is_from_server, bool_Bool is_dtls) | |||
11040 | { | |||
11041 | /* opaque ASN.1Cert<1..2^24-1>; | |||
11042 | * | |||
11043 | * Before RFC 8446 (TLS <= 1.2): | |||
11044 | * struct { | |||
11045 | * select(certificate_type) { | |||
11046 | * | |||
11047 | * // certificate type defined in RFC 7250 | |||
11048 | * case RawPublicKey: | |||
11049 | * opaque ASN.1_subjectPublicKeyInfo<1..2^24-1>; | |||
11050 | * | |||
11051 | * // X.509 certificate defined in RFC 5246 | |||
11052 | * case X.509: | |||
11053 | * ASN.1Cert certificate_list<0..2^24-1>; | |||
11054 | * }; | |||
11055 | * } Certificate; | |||
11056 | * | |||
11057 | * RFC 8446 (since draft -20): | |||
11058 | * struct { | |||
11059 | * select(certificate_type){ | |||
11060 | * case RawPublicKey: | |||
11061 | * // From RFC 7250 ASN.1_subjectPublicKeyInfo | |||
11062 | * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; | |||
11063 | * | |||
11064 | * case X.509: | |||
11065 | * opaque cert_data<1..2^24-1>; | |||
11066 | * } | |||
11067 | * Extension extensions<0..2^16-1>; | |||
11068 | * } CertificateEntry; | |||
11069 | * struct { | |||
11070 | * opaque certificate_request_context<0..2^8-1>; | |||
11071 | * CertificateEntry certificate_list<0..2^24-1>; | |||
11072 | * } Certificate; | |||
11073 | */ | |||
11074 | enum { CERT_X509, CERT_RPK } cert_type; | |||
11075 | asn1_ctx_t asn1_ctx; | |||
11076 | #if defined(HAVE_LIBGNUTLS1) | |||
11077 | gnutls_datum_t subjectPublicKeyInfo = { NULL((void*)0), 0 }; | |||
11078 | unsigned certificate_index = 0; | |||
11079 | #endif | |||
11080 | uint32_t next_offset, certificate_list_length, cert_length; | |||
11081 | proto_tree *subtree = tree; | |||
11082 | ||||
11083 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
11084 | ||||
11085 | if ((is_from_server && session->server_cert_type == SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2) || | |||
11086 | (!is_from_server && session->client_cert_type == SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2)) { | |||
11087 | cert_type = CERT_RPK; | |||
11088 | } else { | |||
11089 | cert_type = CERT_X509; | |||
11090 | } | |||
11091 | ||||
11092 | #if defined(HAVE_LIBGNUTLS1) | |||
11093 | /* Ask the pkcs1 dissector to return the public key details */ | |||
11094 | if (ssl) | |||
11095 | asn1_ctx.private_data = &subjectPublicKeyInfo; | |||
11096 | #endif | |||
11097 | ||||
11098 | /* TLS 1.3: opaque certificate_request_context<0..2^8-1> */ | |||
11099 | if (session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc) { | |||
11100 | uint32_t context_length; | |||
11101 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &context_length, | |||
11102 | hf->hf.hs_certificate_request_context_length, 0, UINT8_MAX(255))) { | |||
11103 | return; | |||
11104 | } | |||
11105 | offset++; | |||
11106 | if (context_length > 0) { | |||
11107 | proto_tree_add_item(tree, hf->hf.hs_certificate_request_context, | |||
11108 | tvb, offset, context_length, ENC_NA0x00000000); | |||
11109 | offset += context_length; | |||
11110 | } | |||
11111 | } | |||
11112 | ||||
11113 | if ((session->version != TLSV1DOT3_VERSION0x304 && session->version != DTLSV1DOT3_VERSION0xfefc) && cert_type == CERT_RPK) { | |||
11114 | /* For RPK before TLS 1.3, the single RPK is stored directly without | |||
11115 | * another "certificate_list" field. */ | |||
11116 | certificate_list_length = offset_end - offset; | |||
11117 | next_offset = offset_end; | |||
11118 | } else { | |||
11119 | /* CertificateEntry certificate_list<0..2^24-1> */ | |||
11120 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &certificate_list_length, | |||
11121 | hf->hf.hs_certificates_len, 0, G_MAXUINT24((1U << 24) - 1))) { | |||
11122 | return; | |||
11123 | } | |||
11124 | offset += 3; /* 24-bit length value */ | |||
11125 | next_offset = offset + certificate_list_length; | |||
11126 | } | |||
11127 | ||||
11128 | /* RawPublicKey must have one cert, but X.509 can have multiple. */ | |||
11129 | if (certificate_list_length > 0 && cert_type == CERT_X509) { | |||
11130 | proto_item *ti; | |||
11131 | ||||
11132 | ti = proto_tree_add_none_format(tree, | |||
11133 | hf->hf.hs_certificates, | |||
11134 | tvb, offset, certificate_list_length, | |||
11135 | "Certificates (%u bytes)", | |||
11136 | certificate_list_length); | |||
11137 | ||||
11138 | /* make it a subtree */ | |||
11139 | subtree = proto_item_add_subtree(ti, hf->ett.certificates); | |||
11140 | } | |||
11141 | ||||
11142 | while (offset < next_offset) { | |||
11143 | switch (cert_type) { | |||
11144 | case CERT_RPK: | |||
11145 | /* TODO add expert info if there is more than one RPK entry (certificate_index > 0) */ | |||
11146 | /* opaque ASN.1_subjectPublicKeyInfo<1..2^24-1> */ | |||
11147 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &cert_length, | |||
11148 | hf->hf.hs_certificate_len, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
11149 | return; | |||
11150 | } | |||
11151 | offset += 3; | |||
11152 | ||||
11153 | dissect_x509af_SubjectPublicKeyInfo(false0, tvb, offset, &asn1_ctx, subtree, hf->hf.hs_certificate); | |||
11154 | offset += cert_length; | |||
11155 | break; | |||
11156 | case CERT_X509: | |||
11157 | /* opaque ASN1Cert<1..2^24-1> */ | |||
11158 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &cert_length, | |||
11159 | hf->hf.hs_certificate_len, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
11160 | return; | |||
11161 | } | |||
11162 | offset += 3; | |||
11163 | ||||
11164 | dissect_x509af_Certificate(false0, tvb, offset, &asn1_ctx, subtree, hf->hf.hs_certificate); | |||
11165 | #if defined(HAVE_LIBGNUTLS1) | |||
11166 | if (is_from_server && ssl && certificate_index == 0) { | |||
11167 | ssl_find_private_key_by_pubkey(ssl, &subjectPublicKeyInfo); | |||
11168 | /* Only attempt to get the RSA modulus for the first cert. */ | |||
11169 | asn1_ctx.private_data = NULL((void*)0); | |||
11170 | } | |||
11171 | #endif | |||
11172 | offset += cert_length; | |||
11173 | break; | |||
11174 | } | |||
11175 | ||||
11176 | /* TLS 1.3: Extension extensions<0..2^16-1> */ | |||
11177 | if ((session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc)) { | |||
11178 | offset = ssl_dissect_hnd_extension(hf, tvb, subtree, pinfo, offset, | |||
11179 | next_offset, SSL_HND_CERTIFICATE, | |||
11180 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | |||
11181 | } | |||
11182 | ||||
11183 | #if defined(HAVE_LIBGNUTLS1) | |||
11184 | certificate_index++; | |||
11185 | #endif | |||
11186 | } | |||
11187 | } | |||
11188 | ||||
11189 | void | |||
11190 | ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
11191 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
11192 | SslSession *session, bool_Bool is_dtls) | |||
11193 | { | |||
11194 | /* From SSL 3.0 and up (note that since TLS 1.1 certificate_authorities can be empty): | |||
11195 | * enum { | |||
11196 | * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), | |||
11197 | * (255) | |||
11198 | * } ClientCertificateType; | |||
11199 | * | |||
11200 | * opaque DistinguishedName<1..2^16-1>; | |||
11201 | * | |||
11202 | * struct { | |||
11203 | * ClientCertificateType certificate_types<1..2^8-1>; | |||
11204 | * DistinguishedName certificate_authorities<3..2^16-1>; | |||
11205 | * } CertificateRequest; | |||
11206 | * | |||
11207 | * | |||
11208 | * As per TLSv1.2 (RFC 5246) the format has changed to: | |||
11209 | * | |||
11210 | * enum { | |||
11211 | * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), | |||
11212 | * rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6), | |||
11213 | * fortezza_dms_RESERVED(20), (255) | |||
11214 | * } ClientCertificateType; | |||
11215 | * | |||
11216 | * enum { | |||
11217 | * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), | |||
11218 | * sha512(6), (255) | |||
11219 | * } HashAlgorithm; | |||
11220 | * | |||
11221 | * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } | |||
11222 | * SignatureAlgorithm; | |||
11223 | * | |||
11224 | * struct { | |||
11225 | * HashAlgorithm hash; | |||
11226 | * SignatureAlgorithm signature; | |||
11227 | * } SignatureAndHashAlgorithm; | |||
11228 | * | |||
11229 | * SignatureAndHashAlgorithm | |||
11230 | * supported_signature_algorithms<2..2^16-2>; | |||
11231 | * | |||
11232 | * opaque DistinguishedName<1..2^16-1>; | |||
11233 | * | |||
11234 | * struct { | |||
11235 | * ClientCertificateType certificate_types<1..2^8-1>; | |||
11236 | * SignatureAndHashAlgorithm supported_signature_algorithms<2^16-1>; | |||
11237 | * DistinguishedName certificate_authorities<0..2^16-1>; | |||
11238 | * } CertificateRequest; | |||
11239 | * | |||
11240 | * draft-ietf-tls-tls13-18: | |||
11241 | * struct { | |||
11242 | * opaque certificate_request_context<0..2^8-1>; | |||
11243 | * SignatureScheme | |||
11244 | * supported_signature_algorithms<2..2^16-2>; | |||
11245 | * DistinguishedName certificate_authorities<0..2^16-1>; | |||
11246 | * CertificateExtension certificate_extensions<0..2^16-1>; | |||
11247 | * } CertificateRequest; | |||
11248 | * | |||
11249 | * RFC 8446 (since draft-ietf-tls-tls13-19): | |||
11250 | * | |||
11251 | * struct { | |||
11252 | * opaque certificate_request_context<0..2^8-1>; | |||
11253 | * Extension extensions<2..2^16-1>; | |||
11254 | * } CertificateRequest; | |||
11255 | */ | |||
11256 | proto_item *ti; | |||
11257 | proto_tree *subtree; | |||
11258 | uint32_t next_offset; | |||
11259 | asn1_ctx_t asn1_ctx; | |||
11260 | bool_Bool is_tls13 = (session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc); | |||
11261 | unsigned char draft_version = session->tls13_draft_version; | |||
11262 | ||||
11263 | if (!tree) | |||
11264 | return; | |||
11265 | ||||
11266 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | |||
11267 | ||||
11268 | if (is_tls13) { | |||
11269 | uint32_t context_length; | |||
11270 | /* opaque certificate_request_context<0..2^8-1> */ | |||
11271 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &context_length, | |||
11272 | hf->hf.hs_certificate_request_context_length, 0, UINT8_MAX(255))) { | |||
11273 | return; | |||
11274 | } | |||
11275 | offset++; | |||
11276 | if (context_length > 0) { | |||
11277 | proto_tree_add_item(tree, hf->hf.hs_certificate_request_context, | |||
11278 | tvb, offset, context_length, ENC_NA0x00000000); | |||
11279 | offset += context_length; | |||
11280 | } | |||
11281 | } else { | |||
11282 | uint32_t cert_types_count; | |||
11283 | /* ClientCertificateType certificate_types<1..2^8-1> */ | |||
11284 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cert_types_count, | |||
11285 | hf->hf.hs_cert_types_count, 1, UINT8_MAX(255))) { | |||
11286 | return; | |||
11287 | } | |||
11288 | offset++; | |||
11289 | next_offset = offset + cert_types_count; | |||
11290 | ||||
11291 | ti = proto_tree_add_none_format(tree, | |||
11292 | hf->hf.hs_cert_types, | |||
11293 | tvb, offset, cert_types_count, | |||
11294 | "Certificate types (%u type%s)", | |||
11295 | cert_types_count, | |||
11296 | plurality(cert_types_count, "", "s")((cert_types_count) == 1 ? ("") : ("s"))); | |||
11297 | subtree = proto_item_add_subtree(ti, hf->ett.cert_types); | |||
11298 | ||||
11299 | while (offset < next_offset) { | |||
11300 | proto_tree_add_item(subtree, hf->hf.hs_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
11301 | offset++; | |||
11302 | } | |||
11303 | } | |||
11304 | ||||
11305 | if (session->version == TLSV1DOT2_VERSION0x303 || session->version == DTLSV1DOT2_VERSION0xfefd || | |||
11306 | (is_tls13 && (draft_version > 0 && draft_version < 19))) { | |||
11307 | offset = ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, NULL((void*)0)); | |||
11308 | } | |||
11309 | ||||
11310 | if (is_tls13 && (draft_version == 0 || draft_version >= 19)) { | |||
11311 | /* | |||
11312 | * TLS 1.3 draft 19 and newer: Extensions. | |||
11313 | * SslDecryptSession pointer is NULL because Certificate Extensions | |||
11314 | * should not influence decryption state. | |||
11315 | */ | |||
11316 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | |||
11317 | offset_end, SSL_HND_CERT_REQUEST, | |||
11318 | session, NULL((void*)0), is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | |||
11319 | } else if (is_tls13 && draft_version <= 18) { | |||
11320 | /* | |||
11321 | * TLS 1.3 draft 18 and older: certificate_authorities and | |||
11322 | * certificate_extensions (a vector of OID mappings). | |||
11323 | */ | |||
11324 | offset = tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); | |||
11325 | ssl_dissect_hnd_hello_ext_oid_filters(hf, tvb, pinfo, tree, offset, offset_end); | |||
11326 | } else { | |||
11327 | /* for TLS 1.2 and older, the certificate_authorities field. */ | |||
11328 | tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); | |||
11329 | } | |||
11330 | } | |||
11331 | /* Certificate and Certificate Request dissections. }}} */ | |||
11332 | ||||
11333 | void | |||
11334 | ssl_dissect_hnd_cli_cert_verify(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
11335 | proto_tree *tree, uint32_t offset, uint32_t offset_end, uint16_t version) | |||
11336 | { | |||
11337 | ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, | |||
11338 | hf->hf.hs_client_cert_vrfy_sig_len, | |||
11339 | hf->hf.hs_client_cert_vrfy_sig); | |||
11340 | } | |||
11341 | ||||
11342 | /* Finished dissection. {{{ */ | |||
11343 | void | |||
11344 | ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
11345 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
11346 | const SslSession *session, ssl_hfs_t *ssl_hfs) | |||
11347 | { | |||
11348 | /* For SSLv3: | |||
11349 | * struct { | |||
11350 | * opaque md5_hash[16]; | |||
11351 | * opaque sha_hash[20]; | |||
11352 | * } Finished; | |||
11353 | * | |||
11354 | * For (D)TLS: | |||
11355 | * struct { | |||
11356 | * opaque verify_data[12]; | |||
11357 | * } Finished; | |||
11358 | * | |||
11359 | * For TLS 1.3: | |||
11360 | * struct { | |||
11361 | * opaque verify_data[Hash.length]; | |||
11362 | * } | |||
11363 | */ | |||
11364 | if (!tree) | |||
11365 | return; | |||
11366 | ||||
11367 | if (session->version == SSLV3_VERSION0x300) { | |||
11368 | if (ssl_hfs != NULL((void*)0)) { | |||
11369 | proto_tree_add_item(tree, ssl_hfs->hs_md5_hash, | |||
11370 | tvb, offset, 16, ENC_NA0x00000000); | |||
11371 | proto_tree_add_item(tree, ssl_hfs->hs_sha_hash, | |||
11372 | tvb, offset + 16, 20, ENC_NA0x00000000); | |||
11373 | } | |||
11374 | } else { | |||
11375 | /* Length should be 12 for TLS before 1.3, assume this is the case. */ | |||
11376 | proto_tree_add_item(tree, hf->hf.hs_finished, | |||
11377 | tvb, offset, offset_end - offset, ENC_NA0x00000000); | |||
11378 | } | |||
11379 | } /* }}} */ | |||
11380 | ||||
11381 | /* RFC 6066 Certificate URL handshake message dissection. {{{ */ | |||
11382 | void | |||
11383 | ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset) | |||
11384 | { | |||
11385 | uint16_t url_hash_len; | |||
11386 | ||||
11387 | /* enum { | |||
11388 | * individual_certs(0), pkipath(1), (255) | |||
11389 | * } CertChainType; | |||
11390 | * | |||
11391 | * struct { | |||
11392 | * CertChainType type; | |||
11393 | * URLAndHash url_and_hash_list<1..2^16-1>; | |||
11394 | * } CertificateURL; | |||
11395 | * | |||
11396 | * struct { | |||
11397 | * opaque url<1..2^16-1>; | |||
11398 | * unint8 padding; | |||
11399 | * opaque SHA1Hash[20]; | |||
11400 | * } URLAndHash; | |||
11401 | */ | |||
11402 | ||||
11403 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_type, | |||
11404 | tvb, offset, 1, ENC_NA0x00000000); | |||
11405 | offset++; | |||
11406 | ||||
11407 | url_hash_len = tvb_get_ntohs(tvb, offset); | |||
11408 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_url_hash_list_len, | |||
11409 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
11410 | offset += 2; | |||
11411 | while (url_hash_len-- > 0) { | |||
11412 | proto_item *urlhash_item; | |||
11413 | proto_tree *urlhash_tree; | |||
11414 | uint16_t url_len; | |||
11415 | ||||
11416 | urlhash_item = proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_item, | |||
11417 | tvb, offset, -1, ENC_NA0x00000000); | |||
11418 | urlhash_tree = proto_item_add_subtree(urlhash_item, hf->ett.urlhash); | |||
11419 | ||||
11420 | url_len = tvb_get_ntohs(tvb, offset); | |||
11421 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_url_len, | |||
11422 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
11423 | offset += 2; | |||
11424 | ||||
11425 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_url, | |||
11426 | tvb, offset, url_len, ENC_ASCII0x00000000|ENC_NA0x00000000); | |||
11427 | offset += url_len; | |||
11428 | ||||
11429 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_padding, | |||
11430 | tvb, offset, 1, ENC_NA0x00000000); | |||
11431 | offset++; | |||
11432 | /* Note: RFC 6066 says that padding must be 0x01 */ | |||
11433 | ||||
11434 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_sha1, | |||
11435 | tvb, offset, 20, ENC_NA0x00000000); | |||
11436 | offset += 20; | |||
11437 | } | |||
11438 | } /* }}} */ | |||
11439 | ||||
11440 | void | |||
11441 | ssl_dissect_hnd_compress_certificate(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | |||
11442 | uint32_t offset, uint32_t offset_end, packet_info *pinfo, | |||
11443 | SslSession *session, SslDecryptSession *ssl, | |||
11444 | bool_Bool is_from_server, bool_Bool is_dtls) | |||
11445 | { | |||
11446 | uint32_t algorithm, uncompressed_length; | |||
11447 | uint32_t compressed_certificate_message_length; | |||
11448 | tvbuff_t *uncompressed_tvb = NULL((void*)0); | |||
11449 | proto_item *ti; | |||
11450 | /* | |||
11451 | * enum { | |||
11452 | * zlib(1), | |||
11453 | * brotli(2), | |||
11454 | * zstd(3), | |||
11455 | * (65535) | |||
11456 | * } CertificateCompressionAlgorithm; | |||
11457 | * | |||
11458 | * struct { | |||
11459 | * CertificateCompressionAlgorithm algorithm; | |||
11460 | * uint24 uncompressed_length; | |||
11461 | * opaque compressed_certificate_message<1..2^24-1>; | |||
11462 | * } CompressedCertificate; | |||
11463 | */ | |||
11464 | ||||
11465 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_compress_certificate_algorithm, | |||
11466 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &algorithm); | |||
11467 | offset += 2; | |||
11468 | ||||
11469 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_compress_certificate_uncompressed_length, | |||
11470 | tvb, offset, 3, ENC_BIG_ENDIAN0x00000000, &uncompressed_length); | |||
11471 | offset += 3; | |||
11472 | ||||
11473 | /* opaque compressed_certificate_message<1..2^24-1>; */ | |||
11474 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compressed_certificate_message_length, | |||
11475 | hf->hf.hs_ext_compress_certificate_compressed_certificate_message_length, 1, G_MAXUINT24((1U << 24) - 1))) { | |||
11476 | return; | |||
11477 | } | |||
11478 | offset += 3; | |||
11479 | ||||
11480 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_compress_certificate_compressed_certificate_message, | |||
11481 | tvb, offset, compressed_certificate_message_length, ENC_NA0x00000000); | |||
11482 | ||||
11483 | /* Certificate decompression following algorithm */ | |||
11484 | switch (algorithm) { | |||
11485 | case 1: /* zlib */ | |||
11486 | uncompressed_tvb = tvb_child_uncompress_zlib(tvb, tvb, offset, compressed_certificate_message_length); | |||
11487 | break; | |||
11488 | case 2: /* brotli */ | |||
11489 | uncompressed_tvb = tvb_child_uncompress_brotli(tvb, tvb, offset, compressed_certificate_message_length); | |||
11490 | break; | |||
11491 | case 3: /* zstd */ | |||
11492 | uncompressed_tvb = tvb_child_uncompress_zstd(tvb, tvb, offset, compressed_certificate_message_length); | |||
11493 | break; | |||
11494 | } | |||
11495 | ||||
11496 | if (uncompressed_tvb) { | |||
11497 | proto_tree *uncompressed_tree; | |||
11498 | ||||
11499 | if (uncompressed_length != tvb_captured_length(uncompressed_tvb)) { | |||
11500 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.decompression_error, | |||
11501 | tvb, offset, offset_end - offset, | |||
11502 | "Invalid uncompressed length %u (expected %u)", | |||
11503 | tvb_captured_length(uncompressed_tvb), | |||
11504 | uncompressed_length); | |||
11505 | } else { | |||
11506 | uncompressed_tree = proto_item_add_subtree(ti, hf->ett.uncompressed_certificates); | |||
11507 | ssl_dissect_hnd_cert(hf, uncompressed_tvb, uncompressed_tree, | |||
11508 | 0, uncompressed_length, pinfo, session, ssl, is_from_server, is_dtls); | |||
11509 | add_new_data_source(pinfo, uncompressed_tvb, "Uncompressed certificate(s)"); | |||
11510 | } | |||
11511 | } | |||
11512 | } | |||
11513 | ||||
11514 | /* Dissection of TLS Extensions in Client Hello, Server Hello, etc. {{{ */ | |||
11515 | static int | |||
11516 | // NOLINTNEXTLINE(misc-no-recursion) | |||
11517 | ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | |||
11518 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, | |||
11519 | SslSession *session, SslDecryptSession *ssl, | |||
11520 | bool_Bool is_dtls, wmem_strbuf_t *ja3, ja4_data_t *ja4_data, | |||
11521 | ssl_master_key_map_t *mk_map, uint32_t initial_offset, uint32_t hello_length) | |||
11522 | { | |||
11523 | uint32_t exts_len; | |||
11524 | uint16_t ext_type; | |||
11525 | uint32_t ext_len; | |||
11526 | uint32_t next_offset; | |||
11527 | proto_tree *ext_tree; | |||
11528 | bool_Bool is_tls13 = session->version == TLSV1DOT3_VERSION0x304; | |||
11529 | wmem_strbuf_t *ja3_sg = wmem_strbuf_new(pinfo->pool, ""); | |||
11530 | wmem_strbuf_t *ja3_ecpf = wmem_strbuf_new(pinfo->pool, ""); | |||
11531 | char *ja3_dash = ""; | |||
11532 | unsigned supported_version; | |||
11533 | ||||
11534 | /* Extension extensions<0..2^16-2> (for TLS 1.3 HRR/CR min-length is 2) */ | |||
11535 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &exts_len, | |||
11536 | hf->hf.hs_exts_len, 0, UINT16_MAX(65535))) { | |||
11537 | return offset_end; | |||
11538 | } | |||
11539 | offset += 2; | |||
11540 | offset_end = offset + exts_len; | |||
11541 | ||||
11542 | if (ja4_data) { | |||
11543 | ja4_data->num_extensions = 0; | |||
11544 | } | |||
11545 | while (offset_end - offset >= 4) | |||
11546 | { | |||
11547 | ext_type = tvb_get_ntohs(tvb, offset); | |||
11548 | ext_len = tvb_get_ntohs(tvb, offset + 2); | |||
11549 | ||||
11550 | if (ja4_data && !IS_GREASE_TLS(ext_type)((((ext_type) & 0x0f0f) == 0x0a0a) && (((ext_type ) & 0xff) == (((ext_type)>>8) & 0xff)))) { | |||
11551 | ja4_data->num_extensions += 1; | |||
11552 | if (ext_type != SSL_HND_HELLO_EXT_SERVER_NAME0 && | |||
11553 | ext_type != SSL_HND_HELLO_EXT_ALPN16) { | |||
11554 | wmem_list_insert_sorted(ja4_data->extension_list, GUINT_TO_POINTER(ext_type)((gpointer) (gulong) (ext_type)), wmem_compare_uint); | |||
11555 | } | |||
11556 | } | |||
11557 | ||||
11558 | ext_tree = proto_tree_add_subtree_format(tree, tvb, offset, 4 + ext_len, hf->ett.hs_ext, NULL((void*)0), | |||
11559 | "Extension: %s (len=%u)", val_to_str(ext_type, | |||
11560 | tls_hello_extension_types, | |||
11561 | "Unknown type %u"), ext_len); | |||
11562 | ||||
11563 | proto_tree_add_uint(ext_tree, hf->hf.hs_ext_type, | |||
11564 | tvb, offset, 2, ext_type); | |||
11565 | offset += 2; | |||
11566 | if (ja3 && !IS_GREASE_TLS(ext_type)((((ext_type) & 0x0f0f) == 0x0a0a) && (((ext_type ) & 0xff) == (((ext_type)>>8) & 0xff)))) { | |||
11567 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, ext_type); | |||
11568 | ja3_dash = "-"; | |||
11569 | } | |||
11570 | ||||
11571 | /* opaque extension_data<0..2^16-1> */ | |||
11572 | if (!ssl_add_vector(hf, tvb, pinfo, ext_tree, offset, offset_end, &ext_len, | |||
11573 | hf->hf.hs_ext_len, 0, UINT16_MAX(65535))) { | |||
11574 | return offset_end; | |||
11575 | } | |||
11576 | offset += 2; | |||
11577 | next_offset = offset + ext_len; | |||
11578 | ||||
11579 | switch (ext_type) { | |||
11580 | case SSL_HND_HELLO_EXT_SERVER_NAME0: | |||
11581 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
11582 | offset = ssl_dissect_hnd_hello_ext_server_name(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11583 | if (ja4_data) { | |||
11584 | ja4_data->server_name_present = true1; | |||
11585 | } | |||
11586 | } | |||
11587 | break; | |||
11588 | case SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH1: | |||
11589 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_max_fragment_length, tvb, offset, 1, ENC_NA0x00000000); | |||
11590 | offset += 1; | |||
11591 | break; | |||
11592 | case SSL_HND_HELLO_EXT_STATUS_REQUEST5: | |||
11593 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
11594 | offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, pinfo, ext_tree, offset, next_offset, false0); | |||
11595 | } else if (is_tls13 && hnd_type == SSL_HND_CERTIFICATE) { | |||
11596 | offset = tls_dissect_hnd_certificate_status(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11597 | } | |||
11598 | break; | |||
11599 | case SSL_HND_HELLO_EXT_CERT_TYPE9: | |||
11600 | offset = ssl_dissect_hnd_hello_ext_cert_type(hf, tvb, ext_tree, | |||
11601 | offset, next_offset, | |||
11602 | hnd_type, ext_type, | |||
11603 | session); | |||
11604 | break; | |||
11605 | case SSL_HND_HELLO_EXT_SUPPORTED_GROUPS10: | |||
11606 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
11607 | offset = ssl_dissect_hnd_hello_ext_supported_groups(hf, tvb, pinfo, ext_tree, offset, | |||
11608 | next_offset, ja3_sg); | |||
11609 | } else { | |||
11610 | offset = ssl_dissect_hnd_hello_ext_supported_groups(hf, tvb, pinfo, ext_tree, offset, | |||
11611 | next_offset, NULL((void*)0)); | |||
11612 | } | |||
11613 | break; | |||
11614 | case SSL_HND_HELLO_EXT_EC_POINT_FORMATS11: | |||
11615 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
11616 | offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset, ja3_ecpf); | |||
11617 | } else { | |||
11618 | offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset, NULL((void*)0)); | |||
11619 | } | |||
11620 | break; | |||
11621 | break; | |||
11622 | case SSL_HND_HELLO_EXT_SRP12: | |||
11623 | offset = ssl_dissect_hnd_hello_ext_srp(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11624 | break; | |||
11625 | case SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS13: | |||
11626 | offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, pinfo, offset, next_offset, ja4_data); | |||
11627 | break; | |||
11628 | case SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT50: /* since TLS 1.3 draft -23 */ | |||
11629 | offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, pinfo, offset, next_offset, NULL((void*)0)); | |||
11630 | break; | |||
11631 | case SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS34: | |||
11632 | offset = ssl_dissect_hnd_ext_delegated_credentials(hf, tvb, ext_tree, pinfo, offset, next_offset, hnd_type); | |||
11633 | break; | |||
11634 | case SSL_HND_HELLO_EXT_USE_SRTP14: | |||
11635 | if (is_dtls) { | |||
11636 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
11637 | offset = dtls_dissect_hnd_hello_ext_use_srtp(pinfo, tvb, ext_tree, offset, next_offset, false0); | |||
11638 | } else if (hnd_type == SSL_HND_SERVER_HELLO) { | |||
11639 | offset = dtls_dissect_hnd_hello_ext_use_srtp(pinfo, tvb, ext_tree, offset, next_offset, true1); | |||
11640 | } | |||
11641 | } else { | |||
11642 | // XXX expert info: This extension MUST only be used with DTLS, and not with TLS. | |||
11643 | } | |||
11644 | break; | |||
11645 | case SSL_HND_HELLO_EXT_ECH_OUTER_EXTENSIONS64768: | |||
11646 | offset = ssl_dissect_hnd_ech_outer_ext(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11647 | break; | |||
11648 | case SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037: | |||
11649 | offset = ssl_dissect_hnd_hello_ext_ech(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, session, ssl, mk_map, initial_offset, hello_length); | |||
11650 | break; | |||
11651 | case SSL_HND_HELLO_EXT_HEARTBEAT15: | |||
11652 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_heartbeat_mode, | |||
11653 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
11654 | offset++; | |||
11655 | break; | |||
11656 | case SSL_HND_HELLO_EXT_ALPN16: | |||
11657 | offset = ssl_dissect_hnd_hello_ext_alpn(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, session, is_dtls, ja4_data); | |||
11658 | break; | |||
11659 | case SSL_HND_HELLO_EXT_STATUS_REQUEST_V217: | |||
11660 | if (hnd_type == SSL_HND_CLIENT_HELLO) | |||
11661 | offset = ssl_dissect_hnd_hello_ext_status_request_v2(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11662 | break; | |||
11663 | case SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP18: | |||
11664 | // TLS 1.3 note: SCT only appears in EE in draft -16 and before. | |||
11665 | if (hnd_type == SSL_HND_SERVER_HELLO || hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS || hnd_type == SSL_HND_CERTIFICATE) | |||
11666 | offset = tls_dissect_sct_list(hf, tvb, pinfo, ext_tree, offset, next_offset, session->version); | |||
11667 | break; | |||
11668 | case SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19: | |||
11669 | case SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20: | |||
11670 | offset = ssl_dissect_hnd_hello_ext_cert_type(hf, tvb, ext_tree, | |||
11671 | offset, next_offset, | |||
11672 | hnd_type, ext_type, | |||
11673 | session); | |||
11674 | break; | |||
11675 | case SSL_HND_HELLO_EXT_PADDING21: | |||
11676 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_padding_data, tvb, offset, ext_len, ENC_NA0x00000000); | |||
11677 | offset += ext_len; | |||
11678 | break; | |||
11679 | case SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC22: | |||
11680 | if (ssl && hnd_type == SSL_HND_SERVER_HELLO) { | |||
11681 | ssl_debug_printf("%s enabling Encrypt-then-MAC\n", G_STRFUNC((const char*) (__func__))); | |||
11682 | ssl->state |= SSL_ENCRYPT_THEN_MAC(1<<11); | |||
11683 | } | |||
11684 | break; | |||
11685 | case SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET23: | |||
11686 | if (ssl) { | |||
11687 | switch (hnd_type) { | |||
11688 | case SSL_HND_CLIENT_HELLO: | |||
11689 | ssl->state |= SSL_CLIENT_EXTENDED_MASTER_SECRET(1<<7); | |||
11690 | break; | |||
11691 | case SSL_HND_SERVER_HELLO: | |||
11692 | ssl->state |= SSL_SERVER_EXTENDED_MASTER_SECRET(1<<8); | |||
11693 | break; | |||
11694 | default: /* no default */ | |||
11695 | break; | |||
11696 | } | |||
11697 | } | |||
11698 | break; | |||
11699 | case SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE27: | |||
11700 | offset = ssl_dissect_hnd_hello_ext_compress_certificate(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | |||
11701 | break; | |||
11702 | case SSL_HND_HELLO_EXT_TOKEN_BINDING24: | |||
11703 | offset = ssl_dissect_hnd_hello_ext_token_binding(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | |||
11704 | break; | |||
11705 | case SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT28: | |||
11706 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_record_size_limit, | |||
11707 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
11708 | offset += 2; | |||
11709 | break; | |||
11710 | case SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS65445: | |||
11711 | case SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V157: | |||
11712 | offset = ssl_dissect_hnd_hello_ext_quic_transport_parameters(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | |||
11713 | break; | |||
11714 | case SSL_HND_HELLO_EXT_SESSION_TICKET_TLS35: | |||
11715 | offset = ssl_dissect_hnd_hello_ext_session_ticket(hf, tvb, ext_tree, offset, next_offset, hnd_type, ssl); | |||
11716 | break; | |||
11717 | case SSL_HND_HELLO_EXT_KEY_SHARE_OLD40: /* used before TLS 1.3 draft -23 */ | |||
11718 | case SSL_HND_HELLO_EXT_KEY_SHARE51: | |||
11719 | offset = ssl_dissect_hnd_hello_ext_key_share(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); | |||
11720 | break; | |||
11721 | case SSL_HND_HELLO_EXT_PRE_SHARED_KEY41: | |||
11722 | offset = ssl_dissect_hnd_hello_ext_pre_shared_key(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); | |||
11723 | break; | |||
11724 | case SSL_HND_HELLO_EXT_EARLY_DATA42: | |||
11725 | case SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO46: | |||
11726 | offset = ssl_dissect_hnd_hello_ext_early_data(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | |||
11727 | break; | |||
11728 | case SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43: | |||
11729 | switch (hnd_type) { | |||
11730 | case SSL_HND_CLIENT_HELLO: | |||
11731 | offset = ssl_dissect_hnd_hello_ext_supported_versions(hf, tvb, pinfo, ext_tree, offset, next_offset, session, is_dtls, ja4_data); | |||
11732 | break; | |||
11733 | case SSL_HND_SERVER_HELLO: | |||
11734 | case SSL_HND_HELLO_RETRY_REQUEST: | |||
11735 | proto_tree_add_item_ret_uint(ext_tree, hf->hf.hs_ext_supported_version, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &supported_version); | |||
11736 | offset += 2; | |||
11737 | proto_item_append_text(ext_tree, " %s", val_to_str(supported_version, ssl_versions, "Unknown (0x%04x)")); | |||
11738 | break; | |||
11739 | } | |||
11740 | break; | |||
11741 | case SSL_HND_HELLO_EXT_COOKIE44: | |||
11742 | offset = ssl_dissect_hnd_hello_ext_cookie(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11743 | break; | |||
11744 | case SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES45: | |||
11745 | offset = ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11746 | break; | |||
11747 | case SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES47: | |||
11748 | offset = ssl_dissect_hnd_hello_ext_certificate_authorities(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11749 | break; | |||
11750 | case SSL_HND_HELLO_EXT_OID_FILTERS48: | |||
11751 | offset = ssl_dissect_hnd_hello_ext_oid_filters(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11752 | break; | |||
11753 | case SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH49: | |||
11754 | break; | |||
11755 | case SSL_HND_HELLO_EXT_NPN13172: | |||
11756 | offset = ssl_dissect_hnd_hello_ext_npn(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11757 | break; | |||
11758 | case SSL_HND_HELLO_EXT_ALPS17513: | |||
11759 | offset = ssl_dissect_hnd_hello_ext_alps(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); | |||
11760 | break; | |||
11761 | case SSL_HND_HELLO_EXT_RENEGOTIATION_INFO65281: | |||
11762 | offset = ssl_dissect_hnd_hello_ext_reneg_info(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11763 | break; | |||
11764 | case SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME65486: | |||
11765 | offset = ssl_dissect_hnd_hello_ext_esni(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | |||
11766 | break; | |||
11767 | case SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED53: | |||
11768 | session->deprecated_cid = true1; | |||
11769 | /* FALLTHRU */ | |||
11770 | case SSL_HND_HELLO_EXT_CONNECTION_ID54: | |||
11771 | offset = ssl_dissect_hnd_hello_ext_connection_id(hf, tvb, pinfo, ext_tree, offset, hnd_type, session, ssl); | |||
11772 | break; | |||
11773 | case SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS3: | |||
11774 | offset = ssl_dissect_hnd_hello_ext_trusted_ca_keys(hf, tvb, pinfo, ext_tree, offset, next_offset); | |||
11775 | break; | |||
11776 | default: | |||
11777 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_data, | |||
11778 | tvb, offset, ext_len, ENC_NA0x00000000); | |||
11779 | offset += ext_len; | |||
11780 | break; | |||
11781 | } | |||
11782 | ||||
11783 | if (!ssl_end_vector(hf, tvb, pinfo, ext_tree, offset, next_offset)) { | |||
11784 | /* Dissection did not end at expected location, fix it. */ | |||
11785 | offset = next_offset; | |||
11786 | } | |||
11787 | } | |||
11788 | ||||
11789 | if (ja3) { | |||
11790 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | |||
11791 | if(wmem_strbuf_get_len(ja3_sg) > 0) { | |||
11792 | wmem_strbuf_append_printf(ja3, "%s", wmem_strbuf_get_str(ja3_sg)); | |||
11793 | } else { | |||
11794 | wmem_strbuf_append_c(ja3, ','); | |||
11795 | } | |||
11796 | if(wmem_strbuf_get_len(ja3_ecpf) > 0) { | |||
11797 | wmem_strbuf_append_printf(ja3, "%s", wmem_strbuf_get_str(ja3_ecpf)); | |||
11798 | } else { | |||
11799 | wmem_strbuf_append_c(ja3, ','); | |||
11800 | } | |||
11801 | } | |||
11802 | } | |||
11803 | ||||
11804 | /* Check if Extensions vector is correctly terminated. */ | |||
11805 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, offset_end)) { | |||
11806 | offset = offset_end; | |||
11807 | } | |||
11808 | ||||
11809 | return offset; | |||
11810 | } /* }}} */ | |||
11811 | ||||
11812 | ||||
11813 | /* ClientKeyExchange algo-specific dissectors. {{{ */ | |||
11814 | ||||
11815 | static void | |||
11816 | dissect_ssl3_hnd_cli_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
11817 | proto_tree *tree, uint32_t offset, | |||
11818 | uint32_t length) | |||
11819 | { | |||
11820 | int point_len; | |||
11821 | proto_tree *ssl_ecdh_tree; | |||
11822 | ||||
11823 | ssl_ecdh_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
11824 | hf->ett.keyex_params, NULL((void*)0), "EC Diffie-Hellman Client Params"); | |||
11825 | ||||
11826 | /* point */ | |||
11827 | point_len = tvb_get_uint8(tvb, offset); | |||
11828 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point_len, tvb, | |||
11829 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
11830 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point, tvb, | |||
11831 | offset + 1, point_len, ENC_NA0x00000000); | |||
11832 | } | |||
11833 | ||||
11834 | static void | |||
11835 | dissect_ssl3_hnd_cli_keyex_dhe(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
11836 | proto_tree *tree, uint32_t offset, uint32_t length) | |||
11837 | { | |||
11838 | int yc_len; | |||
11839 | proto_tree *ssl_dh_tree; | |||
11840 | ||||
11841 | ssl_dh_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
11842 | hf->ett.keyex_params, NULL((void*)0), "Diffie-Hellman Client Params"); | |||
11843 | ||||
11844 | /* ClientDiffieHellmanPublic.dh_public (explicit) */ | |||
11845 | yc_len = tvb_get_ntohs(tvb, offset); | |||
11846 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc_len, tvb, | |||
11847 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
11848 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc, tvb, | |||
11849 | offset + 2, yc_len, ENC_NA0x00000000); | |||
11850 | } | |||
11851 | ||||
11852 | static void | |||
11853 | dissect_ssl3_hnd_cli_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
11854 | proto_tree *tree, uint32_t offset, | |||
11855 | uint32_t length, const SslSession *session) | |||
11856 | { | |||
11857 | int epms_len; | |||
11858 | proto_tree *ssl_rsa_tree; | |||
11859 | ||||
11860 | ssl_rsa_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
11861 | hf->ett.keyex_params, NULL((void*)0), "RSA Encrypted PreMaster Secret"); | |||
11862 | ||||
11863 | /* EncryptedPreMasterSecret.pre_master_secret */ | |||
11864 | switch (session->version) { | |||
11865 | case SSLV2_VERSION0x0002: | |||
11866 | case SSLV3_VERSION0x300: | |||
11867 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | |||
11868 | /* OpenSSL pre-0.9.8f DTLS and pre-TLS quirk: 2-octet length vector is | |||
11869 | * not present. The handshake contents represents the EPMS, see: | |||
11870 | * https://gitlab.com/wireshark/wireshark/-/issues/10222 */ | |||
11871 | epms_len = length; | |||
11872 | break; | |||
11873 | ||||
11874 | default: | |||
11875 | /* TLS and DTLS include vector length before EPMS */ | |||
11876 | epms_len = tvb_get_ntohs(tvb, offset); | |||
11877 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms_len, tvb, | |||
11878 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
11879 | offset += 2; | |||
11880 | break; | |||
11881 | } | |||
11882 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms, tvb, | |||
11883 | offset, epms_len, ENC_NA0x00000000); | |||
11884 | } | |||
11885 | ||||
11886 | /* Used in PSK cipher suites */ | |||
11887 | static uint32_t | |||
11888 | dissect_ssl3_hnd_cli_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
11889 | proto_tree *tree, uint32_t offset) | |||
11890 | { | |||
11891 | unsigned identity_len; | |||
11892 | proto_tree *ssl_psk_tree; | |||
11893 | ||||
11894 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, -1, | |||
11895 | hf->ett.keyex_params, NULL((void*)0), "PSK Client Params"); | |||
11896 | /* identity */ | |||
11897 | identity_len = tvb_get_ntohs(tvb, offset); | |||
11898 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, tvb, | |||
11899 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
11900 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, tvb, | |||
11901 | offset + 2, identity_len, ENC_NA0x00000000); | |||
11902 | ||||
11903 | proto_item_set_len(ssl_psk_tree, 2 + identity_len); | |||
11904 | return 2 + identity_len; | |||
11905 | } | |||
11906 | ||||
11907 | /* Used in RSA PSK cipher suites */ | |||
11908 | static void | |||
11909 | dissect_ssl3_hnd_cli_keyex_rsa_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
11910 | proto_tree *tree, uint32_t offset, | |||
11911 | uint32_t length) | |||
11912 | { | |||
11913 | int identity_len, epms_len; | |||
11914 | proto_tree *ssl_psk_tree; | |||
11915 | ||||
11916 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
11917 | hf->ett.keyex_params, NULL((void*)0), "RSA PSK Client Params"); | |||
11918 | ||||
11919 | /* identity */ | |||
11920 | identity_len = tvb_get_ntohs(tvb, offset); | |||
11921 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, | |||
11922 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
11923 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, | |||
11924 | tvb, offset + 2, identity_len, ENC_NA0x00000000); | |||
11925 | offset += 2 + identity_len; | |||
11926 | ||||
11927 | /* Yc */ | |||
11928 | epms_len = tvb_get_ntohs(tvb, offset); | |||
11929 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms_len, tvb, | |||
11930 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
11931 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms, tvb, | |||
11932 | offset + 2, epms_len, ENC_NA0x00000000); | |||
11933 | } | |||
11934 | ||||
11935 | /* Used in Diffie-Hellman PSK cipher suites */ | |||
11936 | static void | |||
11937 | dissect_ssl3_hnd_cli_keyex_dhe_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
11938 | proto_tree *tree, uint32_t offset, uint32_t length) | |||
11939 | { | |||
11940 | /* | |||
11941 | * struct { | |||
11942 | * select (KeyExchangeAlgorithm) { | |||
11943 | * case diffie_hellman_psk: | |||
11944 | * opaque psk_identity<0..2^16-1>; | |||
11945 | * ClientDiffieHellmanPublic public; | |||
11946 | * } exchange_keys; | |||
11947 | * } ClientKeyExchange; | |||
11948 | */ | |||
11949 | ||||
11950 | uint32_t psk_len = dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); | |||
11951 | dissect_ssl3_hnd_cli_keyex_dhe(hf, tvb, tree, offset + psk_len, length - psk_len); | |||
11952 | } | |||
11953 | ||||
11954 | /* Used in EC Diffie-Hellman PSK cipher suites */ | |||
11955 | static void | |||
11956 | dissect_ssl3_hnd_cli_keyex_ecdh_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
11957 | proto_tree *tree, uint32_t offset, uint32_t length) | |||
11958 | { | |||
11959 | /* | |||
11960 | * struct { | |||
11961 | * select (KeyExchangeAlgorithm) { | |||
11962 | * case ec_diffie_hellman_psk: | |||
11963 | * opaque psk_identity<0..2^16-1>; | |||
11964 | * ClientECDiffieHellmanPublic public; | |||
11965 | * } exchange_keys; | |||
11966 | * } ClientKeyExchange; | |||
11967 | */ | |||
11968 | ||||
11969 | uint32_t psk_len = dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); | |||
11970 | dissect_ssl3_hnd_cli_keyex_ecdh(hf, tvb, tree, offset + psk_len, length - psk_len); | |||
11971 | } | |||
11972 | ||||
11973 | /* Used in EC J-PAKE cipher suites */ | |||
11974 | static void | |||
11975 | dissect_ssl3_hnd_cli_keyex_ecjpake(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
11976 | proto_tree *tree, uint32_t offset, | |||
11977 | uint32_t length) | |||
11978 | { | |||
11979 | /* | |||
11980 | * struct { | |||
11981 | * ECPoint V; | |||
11982 | * opaque r<1..2^8-1>; | |||
11983 | * } ECSchnorrZKP; | |||
11984 | * | |||
11985 | * struct { | |||
11986 | * ECPoint X; | |||
11987 | * ECSchnorrZKP zkp; | |||
11988 | * } ECJPAKEKeyKP; | |||
11989 | * | |||
11990 | * struct { | |||
11991 | * ECJPAKEKeyKP ecjpake_key_kp; | |||
11992 | * } ClientECJPAKEParams; | |||
11993 | * | |||
11994 | * select (KeyExchangeAlgorithm) { | |||
11995 | * case ecjpake: | |||
11996 | * ClientECJPAKEParams params; | |||
11997 | * } ClientKeyExchange; | |||
11998 | */ | |||
11999 | ||||
12000 | int point_len; | |||
12001 | proto_tree *ssl_ecjpake_tree; | |||
12002 | ||||
12003 | ssl_ecjpake_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
12004 | hf->ett.keyex_params, NULL((void*)0), | |||
12005 | "EC J-PAKE Client Params"); | |||
12006 | ||||
12007 | /* ECJPAKEKeyKP.X */ | |||
12008 | point_len = tvb_get_uint8(tvb, offset); | |||
12009 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_xc_len, tvb, | |||
12010 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
12011 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_xc, tvb, | |||
12012 | offset + 1, point_len, ENC_NA0x00000000); | |||
12013 | offset += 1 + point_len; | |||
12014 | ||||
12015 | /* ECJPAKEKeyKP.zkp.V */ | |||
12016 | point_len = tvb_get_uint8(tvb, offset); | |||
12017 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_vc_len, tvb, | |||
12018 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
12019 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_vc, tvb, | |||
12020 | offset + 1, point_len, ENC_NA0x00000000); | |||
12021 | offset += 1 + point_len; | |||
12022 | ||||
12023 | /* ECJPAKEKeyKP.zkp.r */ | |||
12024 | point_len = tvb_get_uint8(tvb, offset); | |||
12025 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_rc_len, tvb, | |||
12026 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
12027 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_rc, tvb, | |||
12028 | offset + 1, point_len, ENC_NA0x00000000); | |||
12029 | } | |||
12030 | ||||
12031 | static void | |||
12032 | dissect_ssl3_hnd_cli_keyex_ecc_sm2(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
12033 | proto_tree *tree, uint32_t offset, | |||
12034 | uint32_t length) | |||
12035 | { | |||
12036 | int epms_len; | |||
12037 | proto_tree *ssl_ecc_sm2_tree; | |||
12038 | ||||
12039 | ssl_ecc_sm2_tree = proto_tree_add_subtree(tree, tvb, offset, length, | |||
12040 | hf->ett.keyex_params, NULL((void*)0), | |||
12041 | "ECC-SM2 Encrypted PreMaster Secret"); | |||
12042 | ||||
12043 | epms_len = tvb_get_ntohs(tvb, offset); | |||
12044 | proto_tree_add_item(ssl_ecc_sm2_tree, hf->hf.hs_client_keyex_epms_len, tvb, | |||
12045 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
12046 | offset += 2; | |||
12047 | proto_tree_add_item(ssl_ecc_sm2_tree, hf->hf.hs_client_keyex_epms, tvb, | |||
12048 | offset, epms_len, ENC_NA0x00000000); | |||
12049 | } | |||
12050 | /* ClientKeyExchange algo-specific dissectors. }}} */ | |||
12051 | ||||
12052 | ||||
12053 | /* Dissects DigitallySigned (see RFC 5246 4.7 Cryptographic Attributes). {{{ */ | |||
12054 | static uint32_t | |||
12055 | ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
12056 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
12057 | uint16_t version, int hf_sig_len, int hf_sig) | |||
12058 | { | |||
12059 | uint32_t sig_len; | |||
12060 | ||||
12061 | switch (version) { | |||
12062 | case TLSV1DOT2_VERSION0x303: | |||
12063 | case DTLSV1DOT2_VERSION0xfefd: | |||
12064 | case TLSV1DOT3_VERSION0x304: | |||
12065 | case DTLSV1DOT3_VERSION0xfefc: | |||
12066 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); | |||
12067 | offset += 2; | |||
12068 | break; | |||
12069 | ||||
12070 | default: | |||
12071 | break; | |||
12072 | } | |||
12073 | ||||
12074 | /* Sig */ | |||
12075 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sig_len, | |||
12076 | hf_sig_len, 0, UINT16_MAX(65535))) { | |||
12077 | return offset_end; | |||
12078 | } | |||
12079 | offset += 2; | |||
12080 | proto_tree_add_item(tree, hf_sig, tvb, offset, sig_len, ENC_NA0x00000000); | |||
12081 | offset += sig_len; | |||
12082 | return offset; | |||
12083 | } /* }}} */ | |||
12084 | ||||
12085 | /* ServerKeyExchange algo-specific dissectors. {{{ */ | |||
12086 | ||||
12087 | /* dissects signed_params inside a ServerKeyExchange for some keyex algos */ | |||
12088 | static void | |||
12089 | dissect_ssl3_hnd_srv_keyex_sig(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
12090 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
12091 | uint16_t version) | |||
12092 | { | |||
12093 | /* | |||
12094 | * TLSv1.2 (RFC 5246 sec 7.4.8) | |||
12095 | * struct { | |||
12096 | * digitally-signed struct { | |||
12097 | * opaque handshake_messages[handshake_messages_length]; | |||
12098 | * } | |||
12099 | * } CertificateVerify; | |||
12100 | * | |||
12101 | * TLSv1.0/TLSv1.1 (RFC 5436 sec 7.4.8 and 7.4.3) works essentially the same | |||
12102 | * as TLSv1.2, but the hash algorithms are not explicit in digitally-signed. | |||
12103 | * | |||
12104 | * SSLv3 (RFC 6101 sec 5.6.8) essentially works the same as TLSv1.0 but it | |||
12105 | * does more hashing including the master secret and padding. | |||
12106 | */ | |||
12107 | ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, | |||
12108 | hf->hf.hs_server_keyex_sig_len, | |||
12109 | hf->hf.hs_server_keyex_sig); | |||
12110 | } | |||
12111 | ||||
12112 | static uint32_t | |||
12113 | dissect_tls_ecparameters(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
12114 | { | |||
12115 | /* | |||
12116 | * RFC 4492 ECC cipher suites for TLS | |||
12117 | * | |||
12118 | * struct { | |||
12119 | * ECCurveType curve_type; | |||
12120 | * select (curve_type) { | |||
12121 | * case explicit_prime: | |||
12122 | * ... | |||
12123 | * case explicit_char2: | |||
12124 | * ... | |||
12125 | * case named_curve: | |||
12126 | * NamedCurve namedcurve; | |||
12127 | * }; | |||
12128 | * } ECParameters; | |||
12129 | */ | |||
12130 | ||||
12131 | int curve_type; | |||
12132 | ||||
12133 | /* ECParameters.curve_type */ | |||
12134 | curve_type = tvb_get_uint8(tvb, offset); | |||
12135 | proto_tree_add_item(tree, hf->hf.hs_server_keyex_curve_type, tvb, | |||
12136 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
12137 | offset++; | |||
12138 | ||||
12139 | if (curve_type != 3) | |||
12140 | return offset_end; /* only named_curves are supported */ | |||
12141 | ||||
12142 | /* case curve_type == named_curve; ECParameters.namedcurve */ | |||
12143 | proto_tree_add_item(tree, hf->hf.hs_server_keyex_named_curve, tvb, | |||
12144 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
12145 | offset += 2; | |||
12146 | ||||
12147 | return offset; | |||
12148 | } | |||
12149 | ||||
12150 | static void | |||
12151 | dissect_ssl3_hnd_srv_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
12152 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
12153 | uint16_t version, bool_Bool anon) | |||
12154 | { | |||
12155 | /* | |||
12156 | * RFC 4492 ECC cipher suites for TLS | |||
12157 | * | |||
12158 | * struct { | |||
12159 | * opaque point <1..2^8-1>; | |||
12160 | * } ECPoint; | |||
12161 | * | |||
12162 | * struct { | |||
12163 | * ECParameters curve_params; | |||
12164 | * ECPoint public; | |||
12165 | * } ServerECDHParams; | |||
12166 | * | |||
12167 | * select (KeyExchangeAlgorithm) { | |||
12168 | * case ec_diffie_hellman: | |||
12169 | * ServerECDHParams params; | |||
12170 | * Signature signed_params; | |||
12171 | * } ServerKeyExchange; | |||
12172 | */ | |||
12173 | ||||
12174 | int point_len; | |||
12175 | proto_tree *ssl_ecdh_tree; | |||
12176 | ||||
12177 | ssl_ecdh_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
12178 | hf->ett.keyex_params, NULL((void*)0), "EC Diffie-Hellman Server Params"); | |||
12179 | ||||
12180 | offset = dissect_tls_ecparameters(hf, tvb, ssl_ecdh_tree, offset, offset_end); | |||
12181 | if (offset >= offset_end) | |||
12182 | return; /* only named_curves are supported */ | |||
12183 | ||||
12184 | /* ECPoint.point */ | |||
12185 | point_len = tvb_get_uint8(tvb, offset); | |||
12186 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point_len, tvb, | |||
12187 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
12188 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point, tvb, | |||
12189 | offset + 1, point_len, ENC_NA0x00000000); | |||
12190 | offset += 1 + point_len; | |||
12191 | ||||
12192 | /* Signature (if non-anonymous KEX) */ | |||
12193 | if (!anon) { | |||
12194 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_ecdh_tree, offset, offset_end, version); | |||
12195 | } | |||
12196 | } | |||
12197 | ||||
12198 | static void | |||
12199 | dissect_ssl3_hnd_srv_keyex_dhe(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
12200 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
12201 | uint16_t version, bool_Bool anon) | |||
12202 | { | |||
12203 | int p_len, g_len, ys_len; | |||
12204 | proto_tree *ssl_dh_tree; | |||
12205 | ||||
12206 | ssl_dh_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
12207 | hf->ett.keyex_params, NULL((void*)0), "Diffie-Hellman Server Params"); | |||
12208 | ||||
12209 | /* p */ | |||
12210 | p_len = tvb_get_ntohs(tvb, offset); | |||
12211 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p_len, tvb, | |||
12212 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
12213 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p, tvb, | |||
12214 | offset + 2, p_len, ENC_NA0x00000000); | |||
12215 | offset += 2 + p_len; | |||
12216 | ||||
12217 | /* g */ | |||
12218 | g_len = tvb_get_ntohs(tvb, offset); | |||
12219 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g_len, tvb, | |||
12220 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
12221 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g, tvb, | |||
12222 | offset + 2, g_len, ENC_NA0x00000000); | |||
12223 | offset += 2 + g_len; | |||
12224 | ||||
12225 | /* Ys */ | |||
12226 | ys_len = tvb_get_ntohs(tvb, offset); | |||
12227 | proto_tree_add_uint(ssl_dh_tree, hf->hf.hs_server_keyex_ys_len, tvb, | |||
12228 | offset, 2, ys_len); | |||
12229 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_ys, tvb, | |||
12230 | offset + 2, ys_len, ENC_NA0x00000000); | |||
12231 | offset += 2 + ys_len; | |||
12232 | ||||
12233 | /* Signature (if non-anonymous KEX) */ | |||
12234 | if (!anon) { | |||
12235 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_dh_tree, offset, offset_end, version); | |||
12236 | } | |||
12237 | } | |||
12238 | ||||
12239 | /* Only used in RSA-EXPORT cipher suites */ | |||
12240 | static void | |||
12241 | dissect_ssl3_hnd_srv_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
12242 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
12243 | uint16_t version) | |||
12244 | { | |||
12245 | int modulus_len, exponent_len; | |||
12246 | proto_tree *ssl_rsa_tree; | |||
12247 | ||||
12248 | ssl_rsa_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
12249 | hf->ett.keyex_params, NULL((void*)0), "RSA-EXPORT Server Params"); | |||
12250 | ||||
12251 | /* modulus */ | |||
12252 | modulus_len = tvb_get_ntohs(tvb, offset); | |||
12253 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus_len, tvb, | |||
12254 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
12255 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus, tvb, | |||
12256 | offset + 2, modulus_len, ENC_NA0x00000000); | |||
12257 | offset += 2 + modulus_len; | |||
12258 | ||||
12259 | /* exponent */ | |||
12260 | exponent_len = tvb_get_ntohs(tvb, offset); | |||
12261 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent_len, | |||
12262 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
12263 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent, | |||
12264 | tvb, offset + 2, exponent_len, ENC_NA0x00000000); | |||
12265 | offset += 2 + exponent_len; | |||
12266 | ||||
12267 | /* Signature */ | |||
12268 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_rsa_tree, offset, offset_end, version); | |||
12269 | } | |||
12270 | ||||
12271 | /* Used in RSA PSK and PSK cipher suites */ | |||
12272 | static uint32_t | |||
12273 | dissect_ssl3_hnd_srv_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
12274 | proto_tree *tree, uint32_t offset) | |||
12275 | { | |||
12276 | unsigned hint_len; | |||
12277 | proto_tree *ssl_psk_tree; | |||
12278 | ||||
12279 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, -1, | |||
12280 | hf->ett.keyex_params, NULL((void*)0), "PSK Server Params"); | |||
12281 | ||||
12282 | /* hint */ | |||
12283 | hint_len = tvb_get_ntohs(tvb, offset); | |||
12284 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint_len, tvb, | |||
12285 | offset, 2, ENC_BIG_ENDIAN0x00000000); | |||
12286 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint, tvb, | |||
12287 | offset + 2, hint_len, ENC_NA0x00000000); | |||
12288 | ||||
12289 | proto_item_set_len(ssl_psk_tree, 2 + hint_len); | |||
12290 | return 2 + hint_len; | |||
12291 | } | |||
12292 | ||||
12293 | /* Used in Diffie-Hellman PSK cipher suites */ | |||
12294 | static void | |||
12295 | dissect_ssl3_hnd_srv_keyex_dhe_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
12296 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
12297 | { | |||
12298 | /* | |||
12299 | * struct { | |||
12300 | * select (KeyExchangeAlgorithm) { | |||
12301 | * case diffie_hellman_psk: | |||
12302 | * opaque psk_identity_hint<0..2^16-1>; | |||
12303 | * ServerDHParams params; | |||
12304 | * }; | |||
12305 | * } ServerKeyExchange; | |||
12306 | */ | |||
12307 | ||||
12308 | uint32_t psk_len = dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); | |||
12309 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset + psk_len, offset_end, 0, true1); | |||
12310 | } | |||
12311 | ||||
12312 | /* Used in EC Diffie-Hellman PSK cipher suites */ | |||
12313 | static void | |||
12314 | dissect_ssl3_hnd_srv_keyex_ecdh_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
12315 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
12316 | { | |||
12317 | /* | |||
12318 | * struct { | |||
12319 | * select (KeyExchangeAlgorithm) { | |||
12320 | * case ec_diffie_hellman_psk: | |||
12321 | * opaque psk_identity_hint<0..2^16-1>; | |||
12322 | * ServerECDHParams params; | |||
12323 | * }; | |||
12324 | * } ServerKeyExchange; | |||
12325 | */ | |||
12326 | ||||
12327 | uint32_t psk_len = dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); | |||
12328 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset + psk_len, offset_end, 0, true1); | |||
12329 | } | |||
12330 | ||||
12331 | /* Used in EC J-PAKE cipher suites */ | |||
12332 | static void | |||
12333 | dissect_ssl3_hnd_srv_keyex_ecjpake(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
12334 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | |||
12335 | { | |||
12336 | /* | |||
12337 | * struct { | |||
12338 | * ECPoint V; | |||
12339 | * opaque r<1..2^8-1>; | |||
12340 | * } ECSchnorrZKP; | |||
12341 | * | |||
12342 | * struct { | |||
12343 | * ECPoint X; | |||
12344 | * ECSchnorrZKP zkp; | |||
12345 | * } ECJPAKEKeyKP; | |||
12346 | * | |||
12347 | * struct { | |||
12348 | * ECParameters curve_params; | |||
12349 | * ECJPAKEKeyKP ecjpake_key_kp; | |||
12350 | * } ServerECJPAKEParams; | |||
12351 | * | |||
12352 | * select (KeyExchangeAlgorithm) { | |||
12353 | * case ecjpake: | |||
12354 | * ServerECJPAKEParams params; | |||
12355 | * } ServerKeyExchange; | |||
12356 | */ | |||
12357 | ||||
12358 | int point_len; | |||
12359 | proto_tree *ssl_ecjpake_tree; | |||
12360 | ||||
12361 | ssl_ecjpake_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
12362 | hf->ett.keyex_params, NULL((void*)0), | |||
12363 | "EC J-PAKE Server Params"); | |||
12364 | ||||
12365 | offset = dissect_tls_ecparameters(hf, tvb, ssl_ecjpake_tree, offset, offset_end); | |||
12366 | if (offset >= offset_end) | |||
12367 | return; /* only named_curves are supported */ | |||
12368 | ||||
12369 | /* ECJPAKEKeyKP.X */ | |||
12370 | point_len = tvb_get_uint8(tvb, offset); | |||
12371 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_xs_len, tvb, | |||
12372 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
12373 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_xs, tvb, | |||
12374 | offset + 1, point_len, ENC_NA0x00000000); | |||
12375 | offset += 1 + point_len; | |||
12376 | ||||
12377 | /* ECJPAKEKeyKP.zkp.V */ | |||
12378 | point_len = tvb_get_uint8(tvb, offset); | |||
12379 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_vs_len, tvb, | |||
12380 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
12381 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_vs, tvb, | |||
12382 | offset + 1, point_len, ENC_NA0x00000000); | |||
12383 | offset += 1 + point_len; | |||
12384 | ||||
12385 | /* ECJPAKEKeyKP.zkp.r */ | |||
12386 | point_len = tvb_get_uint8(tvb, offset); | |||
12387 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_rs_len, tvb, | |||
12388 | offset, 1, ENC_BIG_ENDIAN0x00000000); | |||
12389 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_rs, tvb, | |||
12390 | offset + 1, point_len, ENC_NA0x00000000); | |||
12391 | } | |||
12392 | ||||
12393 | /* Only used in ECC-SM2-EXPORT cipher suites */ | |||
12394 | static void | |||
12395 | dissect_ssl3_hnd_srv_keyex_ecc_sm2(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
12396 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
12397 | uint16_t version) | |||
12398 | { | |||
12399 | proto_tree *ssl_ecc_sm2_tree; | |||
12400 | ||||
12401 | ssl_ecc_sm2_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | |||
12402 | hf->ett.keyex_params, NULL((void*)0), "ECC-SM2-EXPORT Server Params"); | |||
12403 | ||||
12404 | /* Signature */ | |||
12405 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_ecc_sm2_tree, offset, offset_end, version); | |||
12406 | } | |||
12407 | /* ServerKeyExchange algo-specific dissectors. }}} */ | |||
12408 | ||||
12409 | /* Client Key Exchange and Server Key Exchange handshake dissections. {{{ */ | |||
12410 | void | |||
12411 | ssl_dissect_hnd_cli_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
12412 | proto_tree *tree, uint32_t offset, uint32_t length, | |||
12413 | const SslSession *session) | |||
12414 | { | |||
12415 | switch (ssl_get_keyex_alg(session->cipher)) { | |||
12416 | case KEX_DH_ANON0x13: /* RFC 5246; DHE_DSS, DHE_RSA, DH_DSS, DH_RSA, DH_ANON: ClientDiffieHellmanPublic */ | |||
12417 | case KEX_DH_DSS0x14: | |||
12418 | case KEX_DH_RSA0x15: | |||
12419 | case KEX_DHE_DSS0x10: | |||
12420 | case KEX_DHE_RSA0x12: | |||
12421 | dissect_ssl3_hnd_cli_keyex_dhe(hf, tvb, tree, offset, length); | |||
12422 | break; | |||
12423 | case KEX_DHE_PSK0x11: /* RFC 4279; diffie_hellman_psk: psk_identity, ClientDiffieHellmanPublic */ | |||
12424 | dissect_ssl3_hnd_cli_keyex_dhe_psk(hf, tvb, tree, offset, length); | |||
12425 | break; | |||
12426 | case KEX_ECDH_ANON0x19: /* RFC 4492; ec_diffie_hellman: ClientECDiffieHellmanPublic */ | |||
12427 | case KEX_ECDH_ECDSA0x1a: | |||
12428 | case KEX_ECDH_RSA0x1b: | |||
12429 | case KEX_ECDHE_ECDSA0x16: | |||
12430 | case KEX_ECDHE_RSA0x18: | |||
12431 | dissect_ssl3_hnd_cli_keyex_ecdh(hf, tvb, tree, offset, length); | |||
12432 | break; | |||
12433 | case KEX_ECDHE_PSK0x17: /* RFC 5489; ec_diffie_hellman_psk: psk_identity, ClientECDiffieHellmanPublic */ | |||
12434 | dissect_ssl3_hnd_cli_keyex_ecdh_psk(hf, tvb, tree, offset, length); | |||
12435 | break; | |||
12436 | case KEX_KRB50x1c: /* RFC 2712; krb5: KerberosWrapper */ | |||
12437 | /* XXX: implement support for KRB5 */ | |||
12438 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | |||
12439 | tvb, offset, length, | |||
12440 | "Kerberos ciphersuites (RFC 2712) are not implemented, contact Wireshark" | |||
12441 | " developers if you want them to be supported"); | |||
12442 | break; | |||
12443 | case KEX_PSK0x1d: /* RFC 4279; psk: psk_identity */ | |||
12444 | dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); | |||
12445 | break; | |||
12446 | case KEX_RSA0x1e: /* RFC 5246; rsa: EncryptedPreMasterSecret */ | |||
12447 | dissect_ssl3_hnd_cli_keyex_rsa(hf, tvb, tree, offset, length, session); | |||
12448 | break; | |||
12449 | case KEX_RSA_PSK0x1f: /* RFC 4279; rsa_psk: psk_identity, EncryptedPreMasterSecret */ | |||
12450 | dissect_ssl3_hnd_cli_keyex_rsa_psk(hf, tvb, tree, offset, length); | |||
12451 | break; | |||
12452 | case KEX_SRP_SHA0x20: /* RFC 5054; srp: ClientSRPPublic */ | |||
12453 | case KEX_SRP_SHA_DSS0x21: | |||
12454 | case KEX_SRP_SHA_RSA0x22: | |||
12455 | /* XXX: implement support for SRP_SHA* */ | |||
12456 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | |||
12457 | tvb, offset, length, | |||
12458 | "SRP_SHA ciphersuites (RFC 5054) are not implemented, contact Wireshark" | |||
12459 | " developers if you want them to be supported"); | |||
12460 | break; | |||
12461 | case KEX_ECJPAKE0x24: /* https://tools.ietf.org/html/draft-cragie-tls-ecjpake-01 used in Thread Commissioning */ | |||
12462 | dissect_ssl3_hnd_cli_keyex_ecjpake(hf, tvb, tree, offset, length); | |||
12463 | break; | |||
12464 | case KEX_ECC_SM20x26: /* GB/T 38636 */ | |||
12465 | dissect_ssl3_hnd_cli_keyex_ecc_sm2(hf, tvb, tree, offset, length); | |||
12466 | break; | |||
12467 | default: | |||
12468 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | |||
12469 | tvb, offset, length); | |||
12470 | break; | |||
12471 | } | |||
12472 | } | |||
12473 | ||||
12474 | void | |||
12475 | ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | |||
12476 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | |||
12477 | const SslSession *session) | |||
12478 | { | |||
12479 | switch (ssl_get_keyex_alg(session->cipher)) { | |||
12480 | case KEX_DH_ANON0x13: /* RFC 5246; ServerDHParams */ | |||
12481 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset, offset_end, session->version, true1); | |||
12482 | break; | |||
12483 | case KEX_DH_DSS0x14: /* RFC 5246; not allowed */ | |||
12484 | case KEX_DH_RSA0x15: | |||
12485 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_srv_keyex_illegal, | |||
12486 | tvb, offset, offset_end - offset); | |||
12487 | break; | |||
12488 | case KEX_DHE_DSS0x10: /* RFC 5246; dhe_dss, dhe_rsa: ServerDHParams, Signature */ | |||
12489 | case KEX_DHE_RSA0x12: | |||
12490 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset, offset_end, session->version, false0); | |||
12491 | break; | |||
12492 | case KEX_DHE_PSK0x11: /* RFC 4279; diffie_hellman_psk: psk_identity_hint, ServerDHParams */ | |||
12493 | dissect_ssl3_hnd_srv_keyex_dhe_psk(hf, tvb, pinfo, tree, offset, offset_end); | |||
12494 | break; | |||
12495 | case KEX_ECDH_ANON0x19: /* RFC 4492; ec_diffie_hellman: ServerECDHParams (without signature for anon) */ | |||
12496 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset, offset_end, session->version, true1); | |||
12497 | break; | |||
12498 | case KEX_ECDHE_PSK0x17: /* RFC 5489; psk_identity_hint, ServerECDHParams */ | |||
12499 | dissect_ssl3_hnd_srv_keyex_ecdh_psk(hf, tvb, pinfo, tree, offset, offset_end); | |||
12500 | break; | |||
12501 | case KEX_ECDH_ECDSA0x1a: /* RFC 4492; ec_diffie_hellman: ServerECDHParams, Signature */ | |||
12502 | case KEX_ECDH_RSA0x1b: | |||
12503 | case KEX_ECDHE_ECDSA0x16: | |||
12504 | case KEX_ECDHE_RSA0x18: | |||
12505 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset, offset_end, session->version, false0); | |||
12506 | break; | |||
12507 | case KEX_KRB50x1c: /* RFC 2712; not allowed */ | |||
12508 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_srv_keyex_illegal, | |||
12509 | tvb, offset, offset_end - offset); | |||
12510 | break; | |||
12511 | case KEX_PSK0x1d: /* RFC 4279; psk, rsa: psk_identity */ | |||
12512 | case KEX_RSA_PSK0x1f: | |||
12513 | dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); | |||
12514 | break; | |||
12515 | case KEX_RSA0x1e: /* only allowed if the public key in the server certificate is longer than 512 bits */ | |||
12516 | dissect_ssl3_hnd_srv_keyex_rsa(hf, tvb, pinfo, tree, offset, offset_end, session->version); | |||
12517 | break; | |||
12518 | case KEX_ECC_SM20x26: /* GB/T 38636 */ | |||
12519 | dissect_ssl3_hnd_srv_keyex_ecc_sm2(hf, tvb, pinfo, tree, offset, offset_end, session->version); | |||
12520 | break; | |||
12521 | case KEX_SRP_SHA0x20: /* RFC 5054; srp: ServerSRPParams, Signature */ | |||
12522 | case KEX_SRP_SHA_DSS0x21: | |||
12523 | case KEX_SRP_SHA_RSA0x22: | |||
12524 | /* XXX: implement support for SRP_SHA* */ | |||
12525 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | |||
12526 | tvb, offset, offset_end - offset, | |||
12527 | "SRP_SHA ciphersuites (RFC 5054) are not implemented, contact Wireshark" | |||
12528 | " developers if you want them to be supported"); | |||
12529 | break; | |||
12530 | case KEX_ECJPAKE0x24: /* https://tools.ietf.org/html/draft-cragie-tls-ecjpake-01 used in Thread Commissioning */ | |||
12531 | dissect_ssl3_hnd_srv_keyex_ecjpake(hf, tvb, tree, offset, offset_end); | |||
12532 | break; | |||
12533 | default: | |||
12534 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | |||
12535 | tvb, offset, offset_end - offset); | |||
12536 | break; | |||
12537 | } | |||
12538 | } | |||
12539 | /* Client Key Exchange and Server Key Exchange handshake dissections. }}} */ | |||
12540 | ||||
12541 | void | |||
12542 | tls13_dissect_hnd_key_update(ssl_common_dissect_t *hf, tvbuff_t *tvb, | |||
12543 | proto_tree *tree, uint32_t offset) | |||
12544 | { | |||
12545 | /* RFC 8446 Section 4.6.3 | |||
12546 | * enum { | |||
12547 | * update_not_requested(0), update_requested(1), (255) | |||
12548 | * } KeyUpdateRequest; | |||
12549 | * | |||
12550 | * struct { | |||
12551 | * KeyUpdateRequest request_update; | |||
12552 | * } KeyUpdate; | |||
12553 | */ | |||
12554 | proto_tree_add_item(tree, hf->hf.hs_key_update_request_update, tvb, offset, 1, ENC_NA0x00000000); | |||
12555 | } | |||
12556 | ||||
12557 | void | |||
12558 | ssl_common_register_ssl_alpn_dissector_table(const char *name, | |||
12559 | const char *ui_name, const int proto) | |||
12560 | { | |||
12561 | ssl_alpn_dissector_table = register_dissector_table(name, ui_name, | |||
12562 | proto, FT_STRING, STRING_CASE_SENSITIVE0); | |||
12563 | register_dissector_table_alias(ssl_alpn_dissector_table, "ssl.handshake.extensions_alpn_str"); | |||
12564 | } | |||
12565 | ||||
12566 | void | |||
12567 | ssl_common_register_dtls_alpn_dissector_table(const char *name, | |||
12568 | const char *ui_name, const int proto) | |||
12569 | { | |||
12570 | dtls_alpn_dissector_table = register_dissector_table(name, ui_name, | |||
12571 | proto, FT_STRING, STRING_CASE_SENSITIVE0); | |||
12572 | register_dissector_table_alias(ssl_alpn_dissector_table, "dtls.handshake.extensions_alpn_str"); | |||
12573 | } | |||
12574 | ||||
12575 | void | |||
12576 | ssl_common_register_options(module_t *module, ssl_common_options_t *options, bool_Bool is_dtls) | |||
12577 | { | |||
12578 | prefs_register_string_preference(module, "psk", "Pre-Shared Key", | |||
12579 | "Pre-Shared Key as HEX string. Should be 0 to 16 bytes.", | |||
12580 | &(options->psk)); | |||
12581 | ||||
12582 | if (is_dtls) { | |||
12583 | prefs_register_obsolete_preference(module, "keylog_file"); | |||
12584 | prefs_register_static_text_preference(module, "keylog_file_removed", | |||
12585 | "The (Pre)-Master-Secret log filename preference can be configured in the TLS protocol preferences.", | |||
12586 | "Use the TLS protocol preference to configure the keylog file for both DTLS and TLS."); | |||
12587 | return; | |||
12588 | } | |||
12589 | ||||
12590 | prefs_register_filename_preference(module, "keylog_file", "(Pre)-Master-Secret log filename", | |||
12591 | "The name of a file which contains a list of \n" | |||
12592 | "(pre-)master secrets in one of the following formats:\n" | |||
12593 | "\n" | |||
12594 | "RSA <EPMS> <PMS>\n" | |||
12595 | "RSA Session-ID:<SSLID> Master-Key:<MS>\n" | |||
12596 | "CLIENT_RANDOM <CRAND> <MS>\n" | |||
12597 | "PMS_CLIENT_RANDOM <CRAND> <PMS>\n" | |||
12598 | "\n" | |||
12599 | "Where:\n" | |||
12600 | "<EPMS> = First 8 bytes of the Encrypted PMS\n" | |||
12601 | "<PMS> = The Pre-Master-Secret (PMS) used to derive the MS\n" | |||
12602 | "<SSLID> = The SSL Session ID\n" | |||
12603 | "<MS> = The Master-Secret (MS)\n" | |||
12604 | "<CRAND> = The Client's random number from the ClientHello message\n" | |||
12605 | "\n" | |||
12606 | "(All fields are in hex notation)", | |||
12607 | &(options->keylog_filename), false0); | |||
12608 | } | |||
12609 | ||||
12610 | void | |||
12611 | ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, uint32_t offset, uint32_t length) | |||
12612 | { | |||
12613 | if (ssl_session && ssl_session->session.version != TLSV1DOT3_VERSION0x304 && !(ssl_session->state & SSL_MASTER_SECRET(1<<5))) { | |||
12614 | uint32_t old_length = ssl_session->handshake_data.data_len; | |||
12615 | ssl_debug_printf("Calculating hash with offset %d %d\n", offset, length); | |||
12616 | if (tvb) { | |||
12617 | if (tvb_bytes_exist(tvb, offset, length)) { | |||
12618 | ssl_session->handshake_data.data = (unsigned char *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length); | |||
12619 | tvb_memcpy(tvb, ssl_session->handshake_data.data + old_length, offset, length); | |||
12620 | ssl_session->handshake_data.data_len += length; | |||
12621 | } | |||
12622 | } else { | |||
12623 | /* DTLS calculates the hash as if each handshake message had been | |||
12624 | * sent as a single fragment (RFC 6347, section 4.2.6) and passes | |||
12625 | * in a null tvbuff to add 3 bytes for a zero fragment offset. | |||
12626 | */ | |||
12627 | DISSECTOR_ASSERT_CMPINT(length, <, 4)((void) ((length < 4) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion " "length" " " "<" " " "4" " (" "%" "l" "d" " " "<" " " "%" "l" "d" ")", "epan/dissectors/packet-tls-utils.c" , 12627, (int64_t)length, (int64_t)4)))); | |||
12628 | ssl_session->handshake_data.data = (unsigned char *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length); | |||
12629 | memset(ssl_session->handshake_data.data + old_length, 0, length); | |||
12630 | ssl_session->handshake_data.data_len += length; | |||
12631 | } | |||
12632 | } | |||
12633 | } | |||
12634 | ||||
12635 | ||||
12636 | /* | |||
12637 | * Editor modelines - https://www.wireshark.org/tools/modelines.html | |||
12638 | * | |||
12639 | * Local variables: | |||
12640 | * c-basic-offset: 4 | |||
12641 | * tab-width: 8 | |||
12642 | * indent-tabs-mode: nil | |||
12643 | * End: | |||
12644 | * | |||
12645 | * vi: set shiftwidth=4 tabstop=8 expandtab: | |||
12646 | * :indentSize=4:tabSize=8:noTabs=true: | |||
12647 | */ |