File: | builds/wireshark/wireshark/epan/dissectors/packet-tls-utils.c |
Warning: | line 3511, column 21 Access to field 'dig' results in a dereference of a null pointer (loaded from variable 'cs') |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* packet-tls-utils.c | ||||
2 | * ssl manipulation functions | ||||
3 | * By Paolo Abeni <[email protected]> | ||||
4 | * | ||||
5 | * Copyright (c) 2013, Hauke Mehrtens <[email protected]> | ||||
6 | * Copyright (c) 2014, Peter Wu <[email protected]> | ||||
7 | * | ||||
8 | * Wireshark - Network traffic analyzer | ||||
9 | * By Gerald Combs <[email protected]> | ||||
10 | * Copyright 1998 Gerald Combs | ||||
11 | * | ||||
12 | * SPDX-License-Identifier: GPL-2.0-or-later | ||||
13 | */ | ||||
14 | |||||
15 | #include "config.h" | ||||
16 | |||||
17 | #if defined(HAVE_ZLIB1) && !defined(HAVE_ZLIBNG) | ||||
18 | #define ZLIB_CONST | ||||
19 | #define ZLIB_PREFIX(x)x x | ||||
20 | #include <zlib.h> | ||||
21 | typedef z_stream zlib_stream; | ||||
22 | #endif /* HAVE_ZLIB */ | ||||
23 | |||||
24 | #ifdef HAVE_ZLIBNG | ||||
25 | #define ZLIB_PREFIX(x)x zng_ ## x | ||||
26 | #include <zlib-ng.h> | ||||
27 | typedef zng_stream zlib_stream; | ||||
28 | #endif /* HAVE_ZLIBNG */ | ||||
29 | |||||
30 | #include <stdlib.h> | ||||
31 | #include <errno(*__errno_location ()).h> | ||||
32 | |||||
33 | #include <epan/packet.h> | ||||
34 | #include <epan/strutil.h> | ||||
35 | #include <epan/addr_resolv.h> | ||||
36 | #include <epan/expert.h> | ||||
37 | #include <epan/asn1.h> | ||||
38 | #include <epan/proto_data.h> | ||||
39 | #include <epan/oids.h> | ||||
40 | #include <epan/secrets.h> | ||||
41 | |||||
42 | #include <wsutil/inet_cidr.h> | ||||
43 | #include <wsutil/filesystem.h> | ||||
44 | #include <wsutil/file_util.h> | ||||
45 | #include <wsutil/str_util.h> | ||||
46 | #include <wsutil/report_message.h> | ||||
47 | #include <wsutil/pint.h> | ||||
48 | #include <wsutil/strtoi.h> | ||||
49 | #include <wsutil/wsgcrypt.h> | ||||
50 | #include <wsutil/rsa.h> | ||||
51 | #include <wsutil/ws_assert.h> | ||||
52 | #include "packet-ber.h" | ||||
53 | #include "packet-x509af.h" | ||||
54 | #include "packet-x509if.h" | ||||
55 | #include "packet-tls-utils.h" | ||||
56 | #include "packet-ocsp.h" | ||||
57 | #include "packet-tls.h" | ||||
58 | #include "packet-dtls.h" | ||||
59 | #include "packet-quic.h" | ||||
60 | #if defined(HAVE_LIBGNUTLS1) | ||||
61 | #include <gnutls/abstract.h> | ||||
62 | #endif | ||||
63 | |||||
64 | /* JA3/JA3S calculations must ignore GREASE values | ||||
65 | * as described in RFC 8701. | ||||
66 | */ | ||||
67 | #define IS_GREASE_TLS(x)((((x) & 0x0f0f) == 0x0a0a) && (((x) & 0xff) == (((x)>>8) & 0xff))) ((((x) & 0x0f0f) == 0x0a0a) && \ | ||||
68 | (((x) & 0xff) == (((x)>>8) & 0xff))) | ||||
69 | |||||
70 | /* Section 22.3 of RFC 9000 (QUIC) reserves values of this | ||||
71 | * form for a similar purpose as GREASE. | ||||
72 | */ | ||||
73 | #define IS_GREASE_QUIC(x)((x) > 27 ? ((((x) - 27) % 31) == 0) : 0) ((x) > 27 ? ((((x) - 27) % 31) == 0) : 0) | ||||
74 | |||||
75 | #define DTLS13_MAX_EPOCH10 10 | ||||
76 | |||||
77 | /* Lookup tables {{{ */ | ||||
78 | const value_string ssl_version_short_names[] = { | ||||
79 | { SSLV2_VERSION0x0002, "SSLv2" }, | ||||
80 | { SSLV3_VERSION0x300, "SSLv3" }, | ||||
81 | { TLSV1_VERSION0x301, "TLSv1" }, | ||||
82 | { TLCPV1_VERSION0x101, "TLCP" }, | ||||
83 | { TLSV1DOT1_VERSION0x302, "TLSv1.1" }, | ||||
84 | { TLSV1DOT2_VERSION0x303, "TLSv1.2" }, | ||||
85 | { TLSV1DOT3_VERSION0x304, "TLSv1.3" }, | ||||
86 | { DTLSV1DOT0_VERSION0xfeff, "DTLSv1.0" }, | ||||
87 | { DTLSV1DOT2_VERSION0xfefd, "DTLSv1.2" }, | ||||
88 | { DTLSV1DOT3_VERSION0xfefc, "DTLSv1.3" }, | ||||
89 | { DTLSV1DOT0_OPENSSL_VERSION0x100, "DTLS 1.0 (OpenSSL pre 0.9.8f)" }, | ||||
90 | { 0x00, NULL((void*)0) } | ||||
91 | }; | ||||
92 | |||||
93 | const value_string ssl_versions[] = { | ||||
94 | { SSLV2_VERSION0x0002, "SSL 2.0" }, | ||||
95 | { SSLV3_VERSION0x300, "SSL 3.0" }, | ||||
96 | { TLSV1_VERSION0x301, "TLS 1.0" }, | ||||
97 | { TLCPV1_VERSION0x101, "TLCP" }, | ||||
98 | { TLSV1DOT1_VERSION0x302, "TLS 1.1" }, | ||||
99 | { TLSV1DOT2_VERSION0x303, "TLS 1.2" }, | ||||
100 | { TLSV1DOT3_VERSION0x304, "TLS 1.3" }, | ||||
101 | { 0x7F0E, "TLS 1.3 (draft 14)" }, | ||||
102 | { 0x7F0F, "TLS 1.3 (draft 15)" }, | ||||
103 | { 0x7F10, "TLS 1.3 (draft 16)" }, | ||||
104 | { 0x7F11, "TLS 1.3 (draft 17)" }, | ||||
105 | { 0x7F12, "TLS 1.3 (draft 18)" }, | ||||
106 | { 0x7F13, "TLS 1.3 (draft 19)" }, | ||||
107 | { 0x7F14, "TLS 1.3 (draft 20)" }, | ||||
108 | { 0x7F15, "TLS 1.3 (draft 21)" }, | ||||
109 | { 0x7F16, "TLS 1.3 (draft 22)" }, | ||||
110 | { 0x7F17, "TLS 1.3 (draft 23)" }, | ||||
111 | { 0x7F18, "TLS 1.3 (draft 24)" }, | ||||
112 | { 0x7F19, "TLS 1.3 (draft 25)" }, | ||||
113 | { 0x7F1A, "TLS 1.3 (draft 26)" }, | ||||
114 | { 0x7F1B, "TLS 1.3 (draft 27)" }, | ||||
115 | { 0x7F1C, "TLS 1.3 (draft 28)" }, | ||||
116 | { 0xFB17, "TLS 1.3 (Facebook draft 23)" }, | ||||
117 | { 0xFB1A, "TLS 1.3 (Facebook draft 26)" }, | ||||
118 | { DTLSV1DOT0_OPENSSL_VERSION0x100, "DTLS 1.0 (OpenSSL pre 0.9.8f)" }, | ||||
119 | { DTLSV1DOT0_VERSION0xfeff, "DTLS 1.0" }, | ||||
120 | { DTLSV1DOT2_VERSION0xfefd, "DTLS 1.2" }, | ||||
121 | { DTLSV1DOT3_VERSION0xfefc, "DTLS 1.3" }, | ||||
122 | { 0x0A0A, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
123 | { 0x1A1A, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
124 | { 0x2A2A, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
125 | { 0x3A3A, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
126 | { 0x4A4A, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
127 | { 0x5A5A, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
128 | { 0x6A6A, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
129 | { 0x7A7A, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
130 | { 0x8A8A, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
131 | { 0x9A9A, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
132 | { 0xAAAA, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
133 | { 0xBABA, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
134 | { 0xCACA, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
135 | { 0xDADA, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
136 | { 0xEAEA, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
137 | { 0xFAFA, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
138 | { 0x00, NULL((void*)0) } | ||||
139 | }; | ||||
140 | |||||
141 | static const value_string ssl_version_ja4_names[] = { | ||||
142 | { 0x0100, "s1" }, | ||||
143 | { SSLV2_VERSION0x0002, "s2" }, | ||||
144 | { SSLV3_VERSION0x300, "s3" }, | ||||
145 | { TLSV1_VERSION0x301, "10" }, | ||||
146 | { TLSV1DOT1_VERSION0x302, "11" }, | ||||
147 | { TLSV1DOT2_VERSION0x303, "12" }, | ||||
148 | { TLSV1DOT3_VERSION0x304, "13" }, | ||||
149 | { DTLSV1DOT0_VERSION0xfeff, "d1" }, | ||||
150 | { DTLSV1DOT2_VERSION0xfefd, "d2" }, | ||||
151 | { DTLSV1DOT3_VERSION0xfefc, "d3" }, | ||||
152 | { 0x00, NULL((void*)0) } | ||||
153 | }; | ||||
154 | |||||
155 | const value_string ssl_20_msg_types[] = { | ||||
156 | { SSL2_HND_ERROR0x00, "Error" }, | ||||
157 | { SSL2_HND_CLIENT_HELLO0x01, "Client Hello" }, | ||||
158 | { SSL2_HND_CLIENT_MASTER_KEY0x02, "Client Master Key" }, | ||||
159 | { SSL2_HND_CLIENT_FINISHED0x03, "Client Finished" }, | ||||
160 | { SSL2_HND_SERVER_HELLO0x04, "Server Hello" }, | ||||
161 | { SSL2_HND_SERVER_VERIFY0x05, "Server Verify" }, | ||||
162 | { SSL2_HND_SERVER_FINISHED0x06, "Server Finished" }, | ||||
163 | { SSL2_HND_REQUEST_CERTIFICATE0x07, "Request Certificate" }, | ||||
164 | { SSL2_HND_CLIENT_CERTIFICATE0x08, "Client Certificate" }, | ||||
165 | { 0x00, NULL((void*)0) } | ||||
166 | }; | ||||
167 | /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ | ||||
168 | /* Note: sorted by ascending value so value_string-ext can do a binary search */ | ||||
169 | static const value_string ssl_20_cipher_suites[] = { | ||||
170 | { 0x000000, "TLS_NULL_WITH_NULL_NULL" }, | ||||
171 | { 0x000001, "TLS_RSA_WITH_NULL_MD5" }, | ||||
172 | { 0x000002, "TLS_RSA_WITH_NULL_SHA" }, | ||||
173 | { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, | ||||
174 | { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" }, | ||||
175 | { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" }, | ||||
176 | { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, | ||||
177 | { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, | ||||
178 | { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
179 | { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" }, | ||||
180 | { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
181 | { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
182 | { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, | ||||
183 | { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, | ||||
184 | { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
185 | { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, | ||||
186 | { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
187 | { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
188 | { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, | ||||
189 | { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, | ||||
190 | { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
191 | { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, | ||||
192 | { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
193 | { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, | ||||
194 | { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" }, | ||||
195 | { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
196 | { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" }, | ||||
197 | { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, | ||||
198 | { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" }, | ||||
199 | { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, | ||||
200 | #if 0 | ||||
201 | { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, | ||||
202 | #endif | ||||
203 | /* RFC 2712 */ | ||||
204 | { 0x00001E, "TLS_KRB5_WITH_DES_CBC_SHA" }, | ||||
205 | { 0x00001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, | ||||
206 | { 0x000020, "TLS_KRB5_WITH_RC4_128_SHA" }, | ||||
207 | { 0x000021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, | ||||
208 | { 0x000022, "TLS_KRB5_WITH_DES_CBC_MD5" }, | ||||
209 | { 0x000023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, | ||||
210 | { 0x000024, "TLS_KRB5_WITH_RC4_128_MD5" }, | ||||
211 | { 0x000025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, | ||||
212 | { 0x000026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, | ||||
213 | { 0x000027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, | ||||
214 | { 0x000028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, | ||||
215 | { 0x000029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, | ||||
216 | { 0x00002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, | ||||
217 | { 0x00002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, | ||||
218 | /* RFC 4785 */ | ||||
219 | { 0x00002C, "TLS_PSK_WITH_NULL_SHA" }, | ||||
220 | { 0x00002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, | ||||
221 | { 0x00002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, | ||||
222 | /* RFC 5246 */ | ||||
223 | { 0x00002f, "TLS_RSA_WITH_AES_128_CBC_SHA" }, | ||||
224 | { 0x000030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, | ||||
225 | { 0x000031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, | ||||
226 | { 0x000032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, | ||||
227 | { 0x000033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, | ||||
228 | { 0x000034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, | ||||
229 | { 0x000035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, | ||||
230 | { 0x000036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, | ||||
231 | { 0x000037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, | ||||
232 | { 0x000038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, | ||||
233 | { 0x000039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, | ||||
234 | { 0x00003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, | ||||
235 | { 0x00003B, "TLS_RSA_WITH_NULL_SHA256" }, | ||||
236 | { 0x00003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, | ||||
237 | { 0x00003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, | ||||
238 | { 0x00003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, | ||||
239 | { 0x00003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, | ||||
240 | { 0x000040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, | ||||
241 | { 0x000041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
242 | { 0x000042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
243 | { 0x000043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
244 | { 0x000044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
245 | { 0x000045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
246 | { 0x000046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
247 | { 0x000047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, | ||||
248 | { 0x000048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, | ||||
249 | { 0x000049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" }, | ||||
250 | { 0x00004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
251 | { 0x00004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, | ||||
252 | { 0x00004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, | ||||
253 | { 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" }, | ||||
254 | { 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" }, | ||||
255 | { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" }, | ||||
256 | { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" }, | ||||
257 | { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" }, | ||||
258 | { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" }, | ||||
259 | { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" }, | ||||
260 | { 0x000067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, | ||||
261 | { 0x000068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, | ||||
262 | { 0x000069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, | ||||
263 | { 0x00006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, | ||||
264 | { 0x00006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, | ||||
265 | { 0x00006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, | ||||
266 | { 0x00006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, | ||||
267 | /* 0x00,0x6E-83 Unassigned */ | ||||
268 | { 0x000084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
269 | { 0x000085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
270 | { 0x000086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
271 | { 0x000087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
272 | { 0x000088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
273 | { 0x000089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
274 | /* RFC 4279 */ | ||||
275 | { 0x00008A, "TLS_PSK_WITH_RC4_128_SHA" }, | ||||
276 | { 0x00008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, | ||||
277 | { 0x00008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, | ||||
278 | { 0x00008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, | ||||
279 | { 0x00008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, | ||||
280 | { 0x00008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | ||||
281 | { 0x000090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, | ||||
282 | { 0x000091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, | ||||
283 | { 0x000092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, | ||||
284 | { 0x000093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, | ||||
285 | { 0x000094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, | ||||
286 | { 0x000095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, | ||||
287 | /* RFC 4162 */ | ||||
288 | { 0x000096, "TLS_RSA_WITH_SEED_CBC_SHA" }, | ||||
289 | { 0x000097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, | ||||
290 | { 0x000098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, | ||||
291 | { 0x000099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, | ||||
292 | { 0x00009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, | ||||
293 | { 0x00009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, | ||||
294 | /* RFC 5288 */ | ||||
295 | { 0x00009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, | ||||
296 | { 0x00009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, | ||||
297 | { 0x00009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, | ||||
298 | { 0x00009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, | ||||
299 | { 0x0000A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, | ||||
300 | { 0x0000A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, | ||||
301 | { 0x0000A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, | ||||
302 | { 0x0000A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, | ||||
303 | { 0x0000A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, | ||||
304 | { 0x0000A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, | ||||
305 | { 0x0000A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, | ||||
306 | { 0x0000A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, | ||||
307 | /* RFC 5487 */ | ||||
308 | { 0x0000A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, | ||||
309 | { 0x0000A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, | ||||
310 | { 0x0000AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, | ||||
311 | { 0x0000AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, | ||||
312 | { 0x0000AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, | ||||
313 | { 0x0000AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, | ||||
314 | { 0x0000AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, | ||||
315 | { 0x0000AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, | ||||
316 | { 0x0000B0, "TLS_PSK_WITH_NULL_SHA256" }, | ||||
317 | { 0x0000B1, "TLS_PSK_WITH_NULL_SHA384" }, | ||||
318 | { 0x0000B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, | ||||
319 | { 0x0000B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, | ||||
320 | { 0x0000B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, | ||||
321 | { 0x0000B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, | ||||
322 | { 0x0000B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, | ||||
323 | { 0x0000B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, | ||||
324 | { 0x0000B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, | ||||
325 | { 0x0000B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, | ||||
326 | /* From RFC 5932 */ | ||||
327 | { 0x0000BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
328 | { 0x0000BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
329 | { 0x0000BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
330 | { 0x0000BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
331 | { 0x0000BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
332 | { 0x0000BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
333 | { 0x0000C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
334 | { 0x0000C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
335 | { 0x0000C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
336 | { 0x0000C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
337 | { 0x0000C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
338 | { 0x0000C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
339 | /* 0x00,0xC6-FE Unassigned */ | ||||
340 | { 0x0000FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, | ||||
341 | /* 0x01-BF,* Unassigned */ | ||||
342 | /* From RFC 4492 */ | ||||
343 | { 0x00c001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, | ||||
344 | { 0x00c002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, | ||||
345 | { 0x00c003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
346 | { 0x00c004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, | ||||
347 | { 0x00c005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, | ||||
348 | { 0x00c006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, | ||||
349 | { 0x00c007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, | ||||
350 | { 0x00c008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
351 | { 0x00c009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, | ||||
352 | { 0x00c00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, | ||||
353 | { 0x00c00b, "TLS_ECDH_RSA_WITH_NULL_SHA" }, | ||||
354 | { 0x00c00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, | ||||
355 | { 0x00c00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
356 | { 0x00c00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, | ||||
357 | { 0x00c00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, | ||||
358 | { 0x00c010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, | ||||
359 | { 0x00c011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, | ||||
360 | { 0x00c012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
361 | { 0x00c013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, | ||||
362 | { 0x00c014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, | ||||
363 | { 0x00c015, "TLS_ECDH_anon_WITH_NULL_SHA" }, | ||||
364 | { 0x00c016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, | ||||
365 | { 0x00c017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, | ||||
366 | { 0x00c018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, | ||||
367 | { 0x00c019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, | ||||
368 | /* RFC 5054 */ | ||||
369 | { 0x00C01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, | ||||
370 | { 0x00C01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
371 | { 0x00C01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, | ||||
372 | { 0x00C01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, | ||||
373 | { 0x00C01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, | ||||
374 | { 0x00C01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, | ||||
375 | { 0x00C020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, | ||||
376 | { 0x00C021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, | ||||
377 | { 0x00C022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, | ||||
378 | /* RFC 5589 */ | ||||
379 | { 0x00C023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, | ||||
380 | { 0x00C024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, | ||||
381 | { 0x00C025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, | ||||
382 | { 0x00C026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, | ||||
383 | { 0x00C027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, | ||||
384 | { 0x00C028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, | ||||
385 | { 0x00C029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, | ||||
386 | { 0x00C02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, | ||||
387 | { 0x00C02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, | ||||
388 | { 0x00C02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, | ||||
389 | { 0x00C02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, | ||||
390 | { 0x00C02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, | ||||
391 | { 0x00C02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, | ||||
392 | { 0x00C030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, | ||||
393 | { 0x00C031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, | ||||
394 | { 0x00C032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, | ||||
395 | /* RFC 5489 */ | ||||
396 | { 0x00C033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, | ||||
397 | { 0x00C034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | ||||
398 | { 0x00C035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, | ||||
399 | { 0x00C036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, | ||||
400 | { 0x00C037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, | ||||
401 | { 0x00C038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, | ||||
402 | { 0x00C039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, | ||||
403 | { 0x00C03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, | ||||
404 | { 0x00C03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, | ||||
405 | /* 0xC0,0x3C-FF Unassigned | ||||
406 | 0xC1-FD,* Unassigned | ||||
407 | 0xFE,0x00-FD Unassigned | ||||
408 | 0xFE,0xFE-FF Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen] | ||||
409 | 0xFF,0x00-FF Reserved for Private Use [RFC5246] | ||||
410 | */ | ||||
411 | |||||
412 | /* old numbers used in the beginning | ||||
413 | * https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305 */ | ||||
414 | { 0x00CC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
415 | { 0x00CC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
416 | { 0x00CC15, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
417 | |||||
418 | /* https://tools.ietf.org/html/rfc7905 */ | ||||
419 | { 0x00CCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
420 | { 0x00CCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
421 | { 0x00CCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
422 | { 0x00CCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
423 | { 0x00CCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
424 | { 0x00CCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
425 | { 0x00CCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
426 | |||||
427 | /* GM/T 0024-2014 */ | ||||
428 | { 0x00e001, "ECDHE_SM1_SM3"}, | ||||
429 | { 0x00e003, "ECC_SM1_SM3"}, | ||||
430 | { 0x00e005, "IBSDH_SM1_SM3"}, | ||||
431 | { 0x00e007, "IBC_SM1_SM3"}, | ||||
432 | { 0x00e009, "RSA_SM1_SM3"}, | ||||
433 | { 0x00e00a, "RSA_SM1_SHA1"}, | ||||
434 | { 0x00e011, "ECDHE_SM4_CBC_SM3"}, | ||||
435 | { 0x00e013, "ECC_SM4_CBC_SM3"}, | ||||
436 | { 0x00e015, "IBSDH_SM4_CBC_SM3"}, | ||||
437 | { 0x00e017, "IBC_SM4_CBC_SM3"}, | ||||
438 | { 0x00e019, "RSA_SM4_CBC_SM3"}, | ||||
439 | { 0x00e01a, "RSA_SM4_CBC_SHA1"}, | ||||
440 | { 0x00e01c, "RSA_SM4_CBC_SHA256"}, | ||||
441 | { 0x00e051, "ECDHE_SM4_GCM_SM3"}, | ||||
442 | { 0x00e053, "ECC_SM4_GCM_SM3"}, | ||||
443 | { 0x00e055, "IBSDH_SM4_GCM_SM3"}, | ||||
444 | { 0x00e057, "IBC_SM4_GCM_SM3"}, | ||||
445 | { 0x00e059, "RSA_SM4_GCM_SM3"}, | ||||
446 | { 0x00e05a, "RSA_SM4_GCM_SHA256"}, | ||||
447 | |||||
448 | /* https://tools.ietf.org/html/draft-josefsson-salsa20-tls */ | ||||
449 | { 0x00E410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
450 | { 0x00E411, "TLS_RSA_WITH_SALSA20_SHA1" }, | ||||
451 | { 0x00E412, "TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
452 | { 0x00E413, "TLS_ECDHE_RSA_WITH_SALSA20_SHA1" }, | ||||
453 | { 0x00E414, "TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
454 | { 0x00E415, "TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1" }, | ||||
455 | { 0x00E416, "TLS_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
456 | { 0x00E417, "TLS_PSK_WITH_SALSA20_SHA1" }, | ||||
457 | { 0x00E418, "TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
458 | { 0x00E419, "TLS_ECDHE_PSK_WITH_SALSA20_SHA1" }, | ||||
459 | { 0x00E41A, "TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
460 | { 0x00E41B, "TLS_RSA_PSK_WITH_SALSA20_SHA1" }, | ||||
461 | { 0x00E41C, "TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
462 | { 0x00E41D, "TLS_DHE_PSK_WITH_SALSA20_SHA1" }, | ||||
463 | { 0x00E41E, "TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
464 | { 0x00E41F, "TLS_DHE_RSA_WITH_SALSA20_SHA1" }, | ||||
465 | |||||
466 | /* these from http://www.mozilla.org/projects/ | ||||
467 | security/pki/nss/ssl/fips-ssl-ciphersuites.html */ | ||||
468 | { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, | ||||
469 | { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | ||||
470 | { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | ||||
471 | { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, | ||||
472 | /* note that ciphersuites of {0x00????} are TLS cipher suites in | ||||
473 | * a sslv2 client hello message; the ???? above is the two-byte | ||||
474 | * tls cipher suite id | ||||
475 | */ | ||||
476 | |||||
477 | { 0x010080, "SSL2_RC4_128_WITH_MD5" }, | ||||
478 | { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" }, | ||||
479 | { 0x030080, "SSL2_RC2_128_CBC_WITH_MD5" }, | ||||
480 | { 0x040080, "SSL2_RC2_128_CBC_EXPORT40_WITH_MD5" }, | ||||
481 | { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" }, | ||||
482 | { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" }, | ||||
483 | { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" }, | ||||
484 | { 0x080080, "SSL2_RC4_64_WITH_MD5" }, | ||||
485 | |||||
486 | { 0x00, NULL((void*)0) } | ||||
487 | }; | ||||
488 | |||||
489 | value_string_ext ssl_20_cipher_suites_ext = VALUE_STRING_EXT_INIT(ssl_20_cipher_suites){ _try_val_to_str_ext_init, 0, (sizeof (ssl_20_cipher_suites) / sizeof ((ssl_20_cipher_suites)[0]))-1, ssl_20_cipher_suites , "ssl_20_cipher_suites" }; | ||||
490 | |||||
491 | |||||
492 | /* | ||||
493 | * Supported Groups (formerly named "EC Named Curve"). | ||||
494 | * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 | ||||
495 | */ | ||||
496 | const value_string ssl_extension_curves[] = { | ||||
497 | { 1, "sect163k1" }, | ||||
498 | { 2, "sect163r1" }, | ||||
499 | { 3, "sect163r2" }, | ||||
500 | { 4, "sect193r1" }, | ||||
501 | { 5, "sect193r2" }, | ||||
502 | { 6, "sect233k1" }, | ||||
503 | { 7, "sect233r1" }, | ||||
504 | { 8, "sect239k1" }, | ||||
505 | { 9, "sect283k1" }, | ||||
506 | { 10, "sect283r1" }, | ||||
507 | { 11, "sect409k1" }, | ||||
508 | { 12, "sect409r1" }, | ||||
509 | { 13, "sect571k1" }, | ||||
510 | { 14, "sect571r1" }, | ||||
511 | { 15, "secp160k1" }, | ||||
512 | { 16, "secp160r1" }, | ||||
513 | { 17, "secp160r2" }, | ||||
514 | { 18, "secp192k1" }, | ||||
515 | { 19, "secp192r1" }, | ||||
516 | { 20, "secp224k1" }, | ||||
517 | { 21, "secp224r1" }, | ||||
518 | { 22, "secp256k1" }, | ||||
519 | { 23, "secp256r1" }, | ||||
520 | { 24, "secp384r1" }, | ||||
521 | { 25, "secp521r1" }, | ||||
522 | { 26, "brainpoolP256r1" }, /* RFC 7027 */ | ||||
523 | { 27, "brainpoolP384r1" }, /* RFC 7027 */ | ||||
524 | { 28, "brainpoolP512r1" }, /* RFC 7027 */ | ||||
525 | { 29, "x25519" }, /* RFC 8446 / RFC 8422 */ | ||||
526 | { 30, "x448" }, /* RFC 8446 / RFC 8422 */ | ||||
527 | { 31, "brainpoolP256r1tls13" }, /* RFC8734 */ | ||||
528 | { 32, "brainpoolP384r1tls13" }, /* RFC8734 */ | ||||
529 | { 33, "brainpoolP512r1tls13" }, /* RFC8734 */ | ||||
530 | { 34, "GC256A" }, /* RFC9189 */ | ||||
531 | { 35, "GC256B" }, /* RFC9189 */ | ||||
532 | { 36, "GC256C" }, /* RFC9189 */ | ||||
533 | { 37, "GC256D" }, /* RFC9189 */ | ||||
534 | { 38, "GC512A" }, /* RFC9189 */ | ||||
535 | { 39, "GC512B" }, /* RFC9189 */ | ||||
536 | { 40, "GC512C" }, /* RFC9189 */ | ||||
537 | { 41, "curveSM2" }, /* RFC 8998 */ | ||||
538 | { 256, "ffdhe2048" }, /* RFC 7919 */ | ||||
539 | { 257, "ffdhe3072" }, /* RFC 7919 */ | ||||
540 | { 258, "ffdhe4096" }, /* RFC 7919 */ | ||||
541 | { 259, "ffdhe6144" }, /* RFC 7919 */ | ||||
542 | { 260, "ffdhe8192" }, /* RFC 7919 */ | ||||
543 | { 2570, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
544 | { 4587, "SecP256r1MLKEM768" }, /* draft-kwiatkowski-tls-ecdhe-mlkem-02 */ | ||||
545 | { 4588, "X25519MLKEM768" }, /* draft-kwiatkowski-tls-ecdhe-mlkem-02 */ | ||||
546 | { 6682, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
547 | { 10794, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
548 | { 14906, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
549 | { 19018, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
550 | { 23130, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
551 | { 25497, "X25519Kyber768Draft00 (OBSOLETE)" }, /* draft-tls-westerbaan-xyber768d00-02 */ | ||||
552 | { 25498, "SecP256r1Kyber768Draft00 (OBSOLETE)" }, /* draft-kwiatkowski-tls-ecdhe-kyber-01 */ | ||||
553 | { 27242, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
554 | { 31354, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
555 | { 35466, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
556 | { 39578, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
557 | { 43690, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
558 | { 47802, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
559 | { 51914, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
560 | { 56026, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
561 | { 60138, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
562 | { 64250, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
563 | { 0xFF01, "arbitrary_explicit_prime_curves" }, | ||||
564 | { 0xFF02, "arbitrary_explicit_char2_curves" }, | ||||
565 | /* Below are various unofficial values that have been used for testing. */ | ||||
566 | /* PQC key exchange algorithms from OQS-OpenSSL, | ||||
567 | see https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/oqs-kem-info.md | ||||
568 | These use IANA unassigned values and this list may be incomplete. | ||||
569 | */ | ||||
570 | { 0x0200, "frodo640aes" }, | ||||
571 | { 0x2F00, "p256_frodo640aes" }, | ||||
572 | { 0x0201, "frodo640shake" }, | ||||
573 | { 0x2F01, "p256_frodo640shake" }, | ||||
574 | { 0x0202, "frodo976aes" }, | ||||
575 | { 0x2F02, "p384_frodo976aes" }, | ||||
576 | { 0x0203, "frodo976shake" }, | ||||
577 | { 0x2F03, "p384_frodo976shake" }, | ||||
578 | { 0x0204, "frodo1344aes" }, | ||||
579 | { 0x2F04, "p521_frodo1344aes" }, | ||||
580 | { 0x0205, "frodo1344shake" }, | ||||
581 | { 0x2F05, "p521_frodo1344shake" }, | ||||
582 | { 0x023A, "kyber512" }, | ||||
583 | { 0x2F3A, "p256_kyber512" }, | ||||
584 | { 0x023C, "kyber768" }, | ||||
585 | { 0x2F3C, "p384_kyber768" }, | ||||
586 | { 0x023D, "kyber1024" }, | ||||
587 | { 0x2F3D, "p521_kyber1024" }, | ||||
588 | { 0x0214, "ntru_hps2048509" }, | ||||
589 | { 0x2F14, "p256_ntru_hps2048509" }, | ||||
590 | { 0x0215, "ntru_hps2048677" }, | ||||
591 | { 0x2F15, "p384_ntru_hps2048677" }, | ||||
592 | { 0x0216, "ntru_hps4096821" }, | ||||
593 | { 0x2F16, "p521_ntru_hps4096821" }, | ||||
594 | { 0x0245, "ntru_hps40961229" }, | ||||
595 | { 0x2F45, "p521_ntru_hps40961229" }, | ||||
596 | { 0x0217, "ntru_hrss701" }, | ||||
597 | { 0x2F17, "p384_ntru_hrss701" }, | ||||
598 | { 0x0246, "ntru_hrss1373" }, | ||||
599 | { 0x2F46, "p521_ntru_hrss1373" }, | ||||
600 | { 0x0218, "lightsaber" }, | ||||
601 | { 0x2F18, "p256_lightsaber" }, | ||||
602 | { 0x0219, "saber" }, | ||||
603 | { 0x2F19, "p384_saber" }, | ||||
604 | { 0x021A, "firesaber" }, | ||||
605 | { 0x2F1A, "p521_firesaber" }, | ||||
606 | { 0x021B, "sidhp434" }, | ||||
607 | { 0x2F1B, "p256_sidhp434" }, | ||||
608 | { 0x021C, "sidhp503" }, | ||||
609 | { 0x2F1C, "p256_sidhp503" }, | ||||
610 | { 0x021D, "sidhp610" }, | ||||
611 | { 0x2F1D, "p384_sidhp610" }, | ||||
612 | { 0x021E, "sidhp751" }, | ||||
613 | { 0x2F1E, "p521_sidhp751" }, | ||||
614 | { 0x021F, "sikep434" }, | ||||
615 | { 0x2F1F, "p256_sikep434" }, | ||||
616 | { 0x0220, "sikep503" }, | ||||
617 | { 0x2F20, "p256_sikep503" }, | ||||
618 | { 0x0221, "sikep610" }, | ||||
619 | { 0x2F21, "p384_sikep610" }, | ||||
620 | { 0x0222, "sikep751" }, | ||||
621 | { 0x2F22, "p521_sikep751" }, | ||||
622 | { 0x0238, "bikel1" }, | ||||
623 | { 0x2F38, "p256_bikel1" }, | ||||
624 | { 0x023B, "bikel3" }, | ||||
625 | { 0x2F3B, "p384_bikel3" }, | ||||
626 | { 0x023E, "kyber90s512" }, | ||||
627 | { 0x2F3E, "p256_kyber90s512" }, | ||||
628 | { 0x023F, "kyber90s768" }, | ||||
629 | { 0x2F3F, "p384_kyber90s768" }, | ||||
630 | { 0x0240, "kyber90s1024" }, | ||||
631 | { 0x2F40, "p521_kyber90s1024" }, | ||||
632 | { 0x022C, "hqc128" }, | ||||
633 | { 0x2F2C, "p256_hqc128" }, | ||||
634 | { 0x022D, "hqc192" }, | ||||
635 | { 0x2F2D, "p384_hqc192" }, | ||||
636 | { 0x022E, "hqc256" }, | ||||
637 | { 0x2F2E, "p521_hqc256" }, | ||||
638 | { 0x022F, "ntrulpr653" }, | ||||
639 | { 0x2F2F, "p256_ntrulpr653" }, | ||||
640 | { 0x0230, "ntrulpr761" }, | ||||
641 | { 0x2F43, "p256_ntrulpr761" }, | ||||
642 | { 0x0231, "ntrulpr857" }, | ||||
643 | { 0x2F31, "p384_ntrulpr857" }, | ||||
644 | { 0x0241, "ntrulpr1277" }, | ||||
645 | { 0x2F41, "p521_ntrulpr1277" }, | ||||
646 | { 0x0232, "sntrup653" }, | ||||
647 | { 0x2F32, "p256_sntrup653" }, | ||||
648 | { 0x0233, "sntrup761" }, | ||||
649 | { 0x2F44, "p256_sntrup761" }, | ||||
650 | { 0x0234, "sntrup857" }, | ||||
651 | { 0x2F34, "p384_sntrup857" }, | ||||
652 | { 0x0242, "sntrup1277" }, | ||||
653 | { 0x2F42, "p521_sntrup1277" }, | ||||
654 | /* Other PQ key exchange algorithms, using Reserved for Private Use values | ||||
655 | https://blog.cloudflare.com/post-quantum-for-all | ||||
656 | https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.txt */ | ||||
657 | { 0xFE30, "X25519Kyber512Draft00 (OBSOLETE)" }, | ||||
658 | { 0xFE31, "X25519Kyber768Draft00 (OBSOLETE)" }, | ||||
659 | { 0x00, NULL((void*)0) } | ||||
660 | }; | ||||
661 | |||||
662 | const value_string ssl_curve_types[] = { | ||||
663 | { 1, "explicit_prime" }, | ||||
664 | { 2, "explicit_char2" }, | ||||
665 | { 3, "named_curve" }, | ||||
666 | { 0x00, NULL((void*)0) } | ||||
667 | }; | ||||
668 | |||||
669 | const value_string ssl_extension_ec_point_formats[] = { | ||||
670 | { 0, "uncompressed" }, | ||||
671 | { 1, "ansiX962_compressed_prime" }, | ||||
672 | { 2, "ansiX962_compressed_char2" }, | ||||
673 | { 0x00, NULL((void*)0) } | ||||
674 | }; | ||||
675 | |||||
676 | const value_string ssl_20_certificate_type[] = { | ||||
677 | { 0x00, "N/A" }, | ||||
678 | { 0x01, "X.509 Certificate" }, | ||||
679 | { 0x00, NULL((void*)0) } | ||||
680 | }; | ||||
681 | |||||
682 | const value_string ssl_31_content_type[] = { | ||||
683 | { 20, "Change Cipher Spec" }, | ||||
684 | { 21, "Alert" }, | ||||
685 | { 22, "Handshake" }, | ||||
686 | { 23, "Application Data" }, | ||||
687 | { 24, "Heartbeat" }, | ||||
688 | { 25, "Connection ID" }, | ||||
689 | { 0x00, NULL((void*)0) } | ||||
690 | }; | ||||
691 | |||||
692 | #if 0 | ||||
693 | /* XXX - would be used if we dissected the body of a Change Cipher Spec | ||||
694 | message. */ | ||||
695 | const value_string ssl_31_change_cipher_spec[] = { | ||||
696 | { 1, "Change Cipher Spec" }, | ||||
697 | { 0x00, NULL((void*)0) } | ||||
698 | }; | ||||
699 | #endif | ||||
700 | |||||
701 | const value_string ssl_31_alert_level[] = { | ||||
702 | { 1, "Warning" }, | ||||
703 | { 2, "Fatal" }, | ||||
704 | { 0x00, NULL((void*)0) } | ||||
705 | }; | ||||
706 | |||||
707 | const value_string ssl_31_alert_description[] = { | ||||
708 | { 0, "Close Notify" }, | ||||
709 | { 1, "End of Early Data" }, | ||||
710 | { 10, "Unexpected Message" }, | ||||
711 | { 20, "Bad Record MAC" }, | ||||
712 | { 21, "Decryption Failed" }, | ||||
713 | { 22, "Record Overflow" }, | ||||
714 | { 30, "Decompression Failure" }, | ||||
715 | { 40, "Handshake Failure" }, | ||||
716 | { 41, "No Certificate" }, | ||||
717 | { 42, "Bad Certificate" }, | ||||
718 | { 43, "Unsupported Certificate" }, | ||||
719 | { 44, "Certificate Revoked" }, | ||||
720 | { 45, "Certificate Expired" }, | ||||
721 | { 46, "Certificate Unknown" }, | ||||
722 | { 47, "Illegal Parameter" }, | ||||
723 | { 48, "Unknown CA" }, | ||||
724 | { 49, "Access Denied" }, | ||||
725 | { 50, "Decode Error" }, | ||||
726 | { 51, "Decrypt Error" }, | ||||
727 | { 60, "Export Restriction" }, | ||||
728 | { 70, "Protocol Version" }, | ||||
729 | { 71, "Insufficient Security" }, | ||||
730 | { 80, "Internal Error" }, | ||||
731 | { 86, "Inappropriate Fallback" }, | ||||
732 | { 90, "User Canceled" }, | ||||
733 | { 100, "No Renegotiation" }, | ||||
734 | { 109, "Missing Extension" }, | ||||
735 | { 110, "Unsupported Extension" }, | ||||
736 | { 111, "Certificate Unobtainable" }, | ||||
737 | { 112, "Unrecognized Name" }, | ||||
738 | { 113, "Bad Certificate Status Response" }, | ||||
739 | { 114, "Bad Certificate Hash Value" }, | ||||
740 | { 115, "Unknown PSK Identity" }, | ||||
741 | { 116, "Certificate Required" }, | ||||
742 | { 120, "No application Protocol" }, | ||||
743 | { 121, "ECH Required" }, | ||||
744 | { 0x00, NULL((void*)0) } | ||||
745 | }; | ||||
746 | |||||
747 | const value_string ssl_31_handshake_type[] = { | ||||
748 | { SSL_HND_HELLO_REQUEST, "Hello Request" }, | ||||
749 | { SSL_HND_CLIENT_HELLO, "Client Hello" }, | ||||
750 | { SSL_HND_SERVER_HELLO, "Server Hello" }, | ||||
751 | { SSL_HND_HELLO_VERIFY_REQUEST, "Hello Verify Request"}, | ||||
752 | { SSL_HND_NEWSESSION_TICKET, "New Session Ticket" }, | ||||
753 | { SSL_HND_END_OF_EARLY_DATA, "End of Early Data" }, | ||||
754 | { SSL_HND_HELLO_RETRY_REQUEST, "Hello Retry Request" }, | ||||
755 | { SSL_HND_ENCRYPTED_EXTENSIONS, "Encrypted Extensions" }, | ||||
756 | { SSL_HND_CERTIFICATE, "Certificate" }, | ||||
757 | { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" }, | ||||
758 | { SSL_HND_CERT_REQUEST, "Certificate Request" }, | ||||
759 | { SSL_HND_SVR_HELLO_DONE, "Server Hello Done" }, | ||||
760 | { SSL_HND_CERT_VERIFY, "Certificate Verify" }, | ||||
761 | { SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" }, | ||||
762 | { SSL_HND_FINISHED, "Finished" }, | ||||
763 | { SSL_HND_CERT_URL, "Client Certificate URL" }, | ||||
764 | { SSL_HND_CERT_STATUS, "Certificate Status" }, | ||||
765 | { SSL_HND_SUPPLEMENTAL_DATA, "Supplemental Data" }, | ||||
766 | { SSL_HND_KEY_UPDATE, "Key Update" }, | ||||
767 | { SSL_HND_COMPRESSED_CERTIFICATE, "Compressed Certificate" }, | ||||
768 | { SSL_HND_ENCRYPTED_EXTS, "Encrypted Extensions" }, | ||||
769 | { 0x00, NULL((void*)0) } | ||||
770 | }; | ||||
771 | |||||
772 | const value_string tls_heartbeat_type[] = { | ||||
773 | { 1, "Request" }, | ||||
774 | { 2, "Response" }, | ||||
775 | { 0x00, NULL((void*)0) } | ||||
776 | }; | ||||
777 | |||||
778 | const value_string tls_heartbeat_mode[] = { | ||||
779 | { 1, "Peer allowed to send requests" }, | ||||
780 | { 2, "Peer not allowed to send requests" }, | ||||
781 | { 0x00, NULL((void*)0) } | ||||
782 | }; | ||||
783 | |||||
784 | const value_string ssl_31_compression_method[] = { | ||||
785 | { 0, "null" }, | ||||
786 | { 1, "DEFLATE" }, | ||||
787 | { 64, "LZS" }, | ||||
788 | { 0x00, NULL((void*)0) } | ||||
789 | }; | ||||
790 | |||||
791 | #if 0 | ||||
792 | /* XXX - would be used if we dissected a Signature, as would be | ||||
793 | seen in a server key exchange or certificate verify message. */ | ||||
794 | const value_string ssl_31_key_exchange_algorithm[] = { | ||||
795 | { 0, "RSA" }, | ||||
796 | { 1, "Diffie Hellman" }, | ||||
797 | { 0x00, NULL((void*)0) } | ||||
798 | }; | ||||
799 | |||||
800 | const value_string ssl_31_signature_algorithm[] = { | ||||
801 | { 0, "Anonymous" }, | ||||
802 | { 1, "RSA" }, | ||||
803 | { 2, "DSA" }, | ||||
804 | { 0x00, NULL((void*)0) } | ||||
805 | }; | ||||
806 | #endif | ||||
807 | |||||
808 | const value_string ssl_31_client_certificate_type[] = { | ||||
809 | { 1, "RSA Sign" }, | ||||
810 | { 2, "DSS Sign" }, | ||||
811 | { 3, "RSA Fixed DH" }, | ||||
812 | { 4, "DSS Fixed DH" }, | ||||
813 | /* GOST certificate types */ | ||||
814 | /* Section 3.5 of draft-chudov-cryptopro-cptls-04 */ | ||||
815 | { 21, "GOST R 34.10-94" }, | ||||
816 | { 22, "GOST R 34.10-2001" }, | ||||
817 | /* END GOST certificate types */ | ||||
818 | { 64, "ECDSA Sign" }, | ||||
819 | { 65, "RSA Fixed ECDH" }, | ||||
820 | { 66, "ECDSA Fixed ECDH" }, | ||||
821 | { 80, "IBC Params" }, | ||||
822 | { 0x00, NULL((void*)0) } | ||||
823 | }; | ||||
824 | |||||
825 | #if 0 | ||||
826 | /* XXX - would be used if we dissected exchange keys, as would be | ||||
827 | seen in a client key exchange message. */ | ||||
828 | const value_string ssl_31_public_value_encoding[] = { | ||||
829 | { 0, "Implicit" }, | ||||
830 | { 1, "Explicit" }, | ||||
831 | { 0x00, NULL((void*)0) } | ||||
832 | }; | ||||
833 | #endif | ||||
834 | |||||
835 | /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ | ||||
836 | /* Note: sorted by ascending value so value_string_ext fcns can do a binary search */ | ||||
837 | static const value_string ssl_31_ciphersuite[] = { | ||||
838 | /* RFC 2246, RFC 4346, RFC 5246 */ | ||||
839 | { 0x0000, "TLS_NULL_WITH_NULL_NULL" }, | ||||
840 | { 0x0001, "TLS_RSA_WITH_NULL_MD5" }, | ||||
841 | { 0x0002, "TLS_RSA_WITH_NULL_SHA" }, | ||||
842 | { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, | ||||
843 | { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" }, | ||||
844 | { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" }, | ||||
845 | { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, | ||||
846 | { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, | ||||
847 | { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
848 | { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" }, | ||||
849 | { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
850 | { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
851 | { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, | ||||
852 | { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, | ||||
853 | { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
854 | { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, | ||||
855 | { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
856 | { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
857 | { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, | ||||
858 | { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, | ||||
859 | { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
860 | { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, | ||||
861 | { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
862 | { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, | ||||
863 | { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" }, | ||||
864 | { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, | ||||
865 | { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" }, | ||||
866 | { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, | ||||
867 | |||||
868 | { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" }, | ||||
869 | { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, | ||||
870 | #if 0 /* Because it clashes with KRB5, is never used any more, and is safe | ||||
871 | to remove according to David Hopwood <[email protected]> | ||||
872 | of the ietf-tls list */ | ||||
873 | { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, | ||||
874 | #endif | ||||
875 | /* RFC 2712 */ | ||||
876 | { 0x001E, "TLS_KRB5_WITH_DES_CBC_SHA" }, | ||||
877 | { 0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, | ||||
878 | { 0x0020, "TLS_KRB5_WITH_RC4_128_SHA" }, | ||||
879 | { 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, | ||||
880 | { 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5" }, | ||||
881 | { 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, | ||||
882 | { 0x0024, "TLS_KRB5_WITH_RC4_128_MD5" }, | ||||
883 | { 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, | ||||
884 | { 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, | ||||
885 | { 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, | ||||
886 | { 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, | ||||
887 | { 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, | ||||
888 | { 0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, | ||||
889 | { 0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, | ||||
890 | /* RFC 4785 */ | ||||
891 | { 0x002C, "TLS_PSK_WITH_NULL_SHA" }, | ||||
892 | { 0x002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, | ||||
893 | { 0x002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, | ||||
894 | /* RFC 5246 */ | ||||
895 | { 0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA" }, | ||||
896 | { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, | ||||
897 | { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, | ||||
898 | { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, | ||||
899 | { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, | ||||
900 | { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, | ||||
901 | { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, | ||||
902 | { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, | ||||
903 | { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, | ||||
904 | { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, | ||||
905 | { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, | ||||
906 | { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, | ||||
907 | { 0x003B, "TLS_RSA_WITH_NULL_SHA256" }, | ||||
908 | { 0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, | ||||
909 | { 0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, | ||||
910 | { 0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, | ||||
911 | { 0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, | ||||
912 | { 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, | ||||
913 | /* RFC 4132 */ | ||||
914 | { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
915 | { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
916 | { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
917 | { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
918 | { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
919 | { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, | ||||
920 | /* 0x00,0x60-66 Reserved to avoid conflicts with widely deployed implementations */ | ||||
921 | /* --- ??? --- */ | ||||
922 | { 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" }, | ||||
923 | { 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" }, | ||||
924 | /* draft-ietf-tls-56-bit-ciphersuites-01.txt */ | ||||
925 | { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" }, | ||||
926 | { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" }, | ||||
927 | { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" }, | ||||
928 | { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" }, | ||||
929 | { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" }, | ||||
930 | /* --- ??? ---*/ | ||||
931 | { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, | ||||
932 | { 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, | ||||
933 | { 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, | ||||
934 | { 0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, | ||||
935 | { 0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, | ||||
936 | { 0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, | ||||
937 | { 0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, | ||||
938 | /* draft-chudov-cryptopro-cptls-04.txt */ | ||||
939 | { 0x0080, "TLS_GOSTR341094_WITH_28147_CNT_IMIT" }, | ||||
940 | { 0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT" }, | ||||
941 | { 0x0082, "TLS_GOSTR341094_WITH_NULL_GOSTR3411" }, | ||||
942 | { 0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411" }, | ||||
943 | /* RFC 4132 */ | ||||
944 | { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
945 | { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
946 | { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
947 | { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
948 | { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
949 | { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, | ||||
950 | /* RFC 4279 */ | ||||
951 | { 0x008A, "TLS_PSK_WITH_RC4_128_SHA" }, | ||||
952 | { 0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, | ||||
953 | { 0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, | ||||
954 | { 0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, | ||||
955 | { 0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, | ||||
956 | { 0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | ||||
957 | { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, | ||||
958 | { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, | ||||
959 | { 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, | ||||
960 | { 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, | ||||
961 | { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, | ||||
962 | { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, | ||||
963 | /* RFC 4162 */ | ||||
964 | { 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA" }, | ||||
965 | { 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, | ||||
966 | { 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, | ||||
967 | { 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, | ||||
968 | { 0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, | ||||
969 | { 0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, | ||||
970 | /* RFC 5288 */ | ||||
971 | { 0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, | ||||
972 | { 0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, | ||||
973 | { 0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, | ||||
974 | { 0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, | ||||
975 | { 0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, | ||||
976 | { 0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, | ||||
977 | { 0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, | ||||
978 | { 0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, | ||||
979 | { 0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, | ||||
980 | { 0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, | ||||
981 | { 0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, | ||||
982 | { 0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, | ||||
983 | /* RFC 5487 */ | ||||
984 | { 0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, | ||||
985 | { 0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, | ||||
986 | { 0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, | ||||
987 | { 0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, | ||||
988 | { 0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, | ||||
989 | { 0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, | ||||
990 | { 0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, | ||||
991 | { 0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, | ||||
992 | { 0x00B0, "TLS_PSK_WITH_NULL_SHA256" }, | ||||
993 | { 0x00B1, "TLS_PSK_WITH_NULL_SHA384" }, | ||||
994 | { 0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, | ||||
995 | { 0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, | ||||
996 | { 0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, | ||||
997 | { 0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, | ||||
998 | { 0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, | ||||
999 | { 0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, | ||||
1000 | { 0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, | ||||
1001 | { 0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, | ||||
1002 | /* From RFC 5932 */ | ||||
1003 | { 0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1004 | { 0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1005 | { 0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1006 | { 0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1007 | { 0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1008 | { 0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1009 | { 0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
1010 | { 0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
1011 | { 0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
1012 | { 0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
1013 | { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
1014 | { 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, | ||||
1015 | /* RFC 8998 */ | ||||
1016 | { 0x00C6, "TLS_SM4_GCM_SM3" }, | ||||
1017 | { 0x00C7, "TLS_SM4_CCM_SM3" }, | ||||
1018 | /* 0x00,0xC8-FE Unassigned */ | ||||
1019 | /* From RFC 5746 */ | ||||
1020 | { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, | ||||
1021 | /* RFC 8701 */ | ||||
1022 | { 0x0A0A, "Reserved (GREASE)" }, | ||||
1023 | /* RFC 8446 */ | ||||
1024 | { 0x1301, "TLS_AES_128_GCM_SHA256" }, | ||||
1025 | { 0x1302, "TLS_AES_256_GCM_SHA384" }, | ||||
1026 | { 0x1303, "TLS_CHACHA20_POLY1305_SHA256" }, | ||||
1027 | { 0x1304, "TLS_AES_128_CCM_SHA256" }, | ||||
1028 | { 0x1305, "TLS_AES_128_CCM_8_SHA256" }, | ||||
1029 | /* RFC 8701 */ | ||||
1030 | { 0x1A1A, "Reserved (GREASE)" }, | ||||
1031 | { 0x2A2A, "Reserved (GREASE)" }, | ||||
1032 | { 0x3A3A, "Reserved (GREASE)" }, | ||||
1033 | { 0x4A4A, "Reserved (GREASE)" }, | ||||
1034 | /* From RFC 7507 */ | ||||
1035 | { 0x5600, "TLS_FALLBACK_SCSV" }, | ||||
1036 | /* RFC 8701 */ | ||||
1037 | { 0x5A5A, "Reserved (GREASE)" }, | ||||
1038 | { 0x6A6A, "Reserved (GREASE)" }, | ||||
1039 | { 0x7A7A, "Reserved (GREASE)" }, | ||||
1040 | { 0x8A8A, "Reserved (GREASE)" }, | ||||
1041 | { 0x9A9A, "Reserved (GREASE)" }, | ||||
1042 | { 0xAAAA, "Reserved (GREASE)" }, | ||||
1043 | { 0xBABA, "Reserved (GREASE)" }, | ||||
1044 | /* From RFC 4492 */ | ||||
1045 | { 0xc001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, | ||||
1046 | { 0xc002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, | ||||
1047 | { 0xc003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
1048 | { 0xc004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, | ||||
1049 | { 0xc005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, | ||||
1050 | { 0xc006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, | ||||
1051 | { 0xc007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, | ||||
1052 | { 0xc008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
1053 | { 0xc009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, | ||||
1054 | { 0xc00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, | ||||
1055 | { 0xc00b, "TLS_ECDH_RSA_WITH_NULL_SHA" }, | ||||
1056 | { 0xc00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, | ||||
1057 | { 0xc00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
1058 | { 0xc00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, | ||||
1059 | { 0xc00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, | ||||
1060 | { 0xc010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, | ||||
1061 | { 0xc011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, | ||||
1062 | { 0xc012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
1063 | { 0xc013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, | ||||
1064 | { 0xc014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, | ||||
1065 | { 0xc015, "TLS_ECDH_anon_WITH_NULL_SHA" }, | ||||
1066 | { 0xc016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, | ||||
1067 | { 0xc017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, | ||||
1068 | { 0xc018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, | ||||
1069 | { 0xc019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, | ||||
1070 | /* RFC 5054 */ | ||||
1071 | { 0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, | ||||
1072 | { 0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, | ||||
1073 | { 0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, | ||||
1074 | { 0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, | ||||
1075 | { 0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, | ||||
1076 | { 0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, | ||||
1077 | { 0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, | ||||
1078 | { 0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, | ||||
1079 | { 0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, | ||||
1080 | /* RFC 5589 */ | ||||
1081 | { 0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, | ||||
1082 | { 0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, | ||||
1083 | { 0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, | ||||
1084 | { 0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, | ||||
1085 | { 0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, | ||||
1086 | { 0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, | ||||
1087 | { 0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, | ||||
1088 | { 0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, | ||||
1089 | { 0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, | ||||
1090 | { 0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, | ||||
1091 | { 0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, | ||||
1092 | { 0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, | ||||
1093 | { 0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, | ||||
1094 | { 0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, | ||||
1095 | { 0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, | ||||
1096 | { 0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, | ||||
1097 | /* RFC 5489 */ | ||||
1098 | { 0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, | ||||
1099 | { 0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, | ||||
1100 | { 0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, | ||||
1101 | { 0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, | ||||
1102 | { 0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, | ||||
1103 | { 0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, | ||||
1104 | { 0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, | ||||
1105 | { 0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, | ||||
1106 | { 0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, | ||||
1107 | /* RFC 6209 */ | ||||
1108 | { 0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256" }, | ||||
1109 | { 0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384" }, | ||||
1110 | { 0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" }, | ||||
1111 | { 0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" }, | ||||
1112 | { 0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" }, | ||||
1113 | { 0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" }, | ||||
1114 | { 0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" }, | ||||
1115 | { 0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" }, | ||||
1116 | { 0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" }, | ||||
1117 | { 0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" }, | ||||
1118 | { 0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" }, | ||||
1119 | { 0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" }, | ||||
1120 | { 0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" }, | ||||
1121 | { 0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" }, | ||||
1122 | { 0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" }, | ||||
1123 | { 0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" }, | ||||
1124 | { 0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" }, | ||||
1125 | { 0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" }, | ||||
1126 | { 0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" }, | ||||
1127 | { 0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" }, | ||||
1128 | { 0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256" }, | ||||
1129 | { 0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384" }, | ||||
1130 | { 0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" }, | ||||
1131 | { 0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" }, | ||||
1132 | { 0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" }, | ||||
1133 | { 0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" }, | ||||
1134 | { 0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" }, | ||||
1135 | { 0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" }, | ||||
1136 | { 0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" }, | ||||
1137 | { 0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" }, | ||||
1138 | { 0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" }, | ||||
1139 | { 0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" }, | ||||
1140 | { 0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" }, | ||||
1141 | { 0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" }, | ||||
1142 | { 0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" }, | ||||
1143 | { 0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" }, | ||||
1144 | { 0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" }, | ||||
1145 | { 0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" }, | ||||
1146 | { 0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" }, | ||||
1147 | { 0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" }, | ||||
1148 | { 0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256" }, | ||||
1149 | { 0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384" }, | ||||
1150 | { 0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" }, | ||||
1151 | { 0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" }, | ||||
1152 | { 0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" }, | ||||
1153 | { 0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" }, | ||||
1154 | { 0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256" }, | ||||
1155 | { 0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384" }, | ||||
1156 | { 0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" }, | ||||
1157 | { 0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" }, | ||||
1158 | { 0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" }, | ||||
1159 | { 0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" }, | ||||
1160 | { 0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" }, | ||||
1161 | { 0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" }, | ||||
1162 | /* RFC 6367 */ | ||||
1163 | { 0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1164 | { 0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, | ||||
1165 | { 0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1166 | { 0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, | ||||
1167 | { 0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1168 | { 0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, | ||||
1169 | { 0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1170 | { 0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, | ||||
1171 | { 0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1172 | { 0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1173 | { 0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1174 | { 0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1175 | { 0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1176 | { 0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1177 | { 0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1178 | { 0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1179 | { 0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1180 | { 0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1181 | { 0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1182 | { 0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1183 | { 0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1184 | { 0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1185 | { 0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1186 | { 0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1187 | { 0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1188 | { 0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1189 | { 0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1190 | { 0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1191 | { 0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1192 | { 0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1193 | { 0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1194 | { 0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1195 | { 0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, | ||||
1196 | { 0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, | ||||
1197 | { 0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1198 | { 0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | ||||
1199 | { 0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1200 | { 0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | ||||
1201 | { 0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1202 | { 0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | ||||
1203 | { 0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, | ||||
1204 | { 0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, | ||||
1205 | /* RFC 6655 */ | ||||
1206 | { 0xC09C, "TLS_RSA_WITH_AES_128_CCM" }, | ||||
1207 | { 0xC09D, "TLS_RSA_WITH_AES_256_CCM" }, | ||||
1208 | { 0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM" }, | ||||
1209 | { 0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM" }, | ||||
1210 | { 0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8" }, | ||||
1211 | { 0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8" }, | ||||
1212 | { 0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8" }, | ||||
1213 | { 0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8" }, | ||||
1214 | { 0xC0A4, "TLS_PSK_WITH_AES_128_CCM" }, | ||||
1215 | { 0xC0A5, "TLS_PSK_WITH_AES_256_CCM" }, | ||||
1216 | { 0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM" }, | ||||
1217 | { 0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM" }, | ||||
1218 | { 0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8" }, | ||||
1219 | { 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8" }, | ||||
1220 | { 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8" }, | ||||
1221 | { 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8" }, | ||||
1222 | /* RFC 7251 */ | ||||
1223 | { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" }, | ||||
1224 | { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" }, | ||||
1225 | { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" }, | ||||
1226 | { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" }, | ||||
1227 | /* RFC 8492 */ | ||||
1228 | { 0xC0B0, "TLS_ECCPWD_WITH_AES_128_GCM_SHA256" }, | ||||
1229 | { 0xC0B1, "TLS_ECCPWD_WITH_AES_256_GCM_SHA384" }, | ||||
1230 | { 0xC0B2, "TLS_ECCPWD_WITH_AES_128_CCM_SHA256" }, | ||||
1231 | { 0xC0B3, "TLS_ECCPWD_WITH_AES_256_CCM_SHA384" }, | ||||
1232 | /* draft-camwinget-tls-ts13-macciphersuites */ | ||||
1233 | { 0xC0B4, "TLS_SHA256_SHA256" }, | ||||
1234 | { 0xC0B5, "TLS_SHA384_SHA384" }, | ||||
1235 | /* https://www.ietf.org/archive/id/draft-cragie-tls-ecjpake-01.txt */ | ||||
1236 | { 0xC0FF, "TLS_ECJPAKE_WITH_AES_128_CCM_8" }, | ||||
1237 | /* draft-smyshlyaev-tls12-gost-suites */ | ||||
1238 | { 0xC100, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC" }, | ||||
1239 | { 0xC101, "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC" }, | ||||
1240 | { 0xC102, "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT" }, | ||||
1241 | /* draft-smyshlyaev-tls13-gost-suites */ | ||||
1242 | { 0xC103, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L" }, | ||||
1243 | { 0xC104, "TLS_GOSTR341112_256_WITH_MAGMA_MGM_L" }, | ||||
1244 | { 0xC105, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S" }, | ||||
1245 | { 0xC106, "TLS_GOSTR341112_256_WITH_MAGMA_MGM_S" }, | ||||
1246 | /* RFC 8701 */ | ||||
1247 | { 0xCACA, "Reserved (GREASE)" }, | ||||
1248 | /* | ||||
1249 | 0xC0,0xAB-FF Unassigned | ||||
1250 | 0xC1,0x03-FD,* Unassigned | ||||
1251 | 0xFE,0x00-FD Unassigned | ||||
1252 | 0xFE,0xFE-FF Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen] | ||||
1253 | 0xFF,0x00-FF Reserved for Private Use [RFC5246] | ||||
1254 | */ | ||||
1255 | /* old numbers used in the beginning | ||||
1256 | * https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305 */ | ||||
1257 | { 0xCC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
1258 | { 0xCC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
1259 | { 0xCC15, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
1260 | /* RFC 7905 */ | ||||
1261 | { 0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
1262 | { 0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
1263 | { 0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
1264 | { 0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
1265 | { 0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
1266 | { 0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
1267 | { 0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, | ||||
1268 | /* RFC 8442 */ | ||||
1269 | { 0xD001, "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256" }, | ||||
1270 | { 0xD002, "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384" }, | ||||
1271 | { 0xD003, "TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256" }, | ||||
1272 | { 0xD005, "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256" }, | ||||
1273 | /* RFC 8701 */ | ||||
1274 | { 0xDADA, "Reserved (GREASE)" }, | ||||
1275 | /* GM/T 0024-2014 */ | ||||
1276 | { 0xe001, "ECDHE_SM1_SM3"}, | ||||
1277 | { 0xe003, "ECC_SM1_SM3"}, | ||||
1278 | { 0xe005, "IBSDH_SM1_SM3"}, | ||||
1279 | { 0xe007, "IBC_SM1_SM3"}, | ||||
1280 | { 0xe009, "RSA_SM1_SM3"}, | ||||
1281 | { 0xe00a, "RSA_SM1_SHA1"}, | ||||
1282 | { 0xe011, "ECDHE_SM4_CBC_SM3"}, | ||||
1283 | { 0xe013, "ECC_SM4_CBC_SM3"}, | ||||
1284 | { 0xe015, "IBSDH_SM4_CBC_SM3"}, | ||||
1285 | { 0xe017, "IBC_SM4_CBC_SM3"}, | ||||
1286 | { 0xe019, "RSA_SM4_CBC_SM3"}, | ||||
1287 | { 0xe01a, "RSA_SM4_CBC_SHA1"}, | ||||
1288 | { 0xe01c, "RSA_SM4_CBC_SHA256"}, | ||||
1289 | { 0xe051, "ECDHE_SM4_GCM_SM3"}, | ||||
1290 | { 0xe053, "ECC_SM4_GCM_SM3"}, | ||||
1291 | { 0xe055, "IBSDH_SM4_GCM_SM3"}, | ||||
1292 | { 0xe057, "IBC_SM4_GCM_SM3"}, | ||||
1293 | { 0xe059, "RSA_SM4_GCM_SM3"}, | ||||
1294 | { 0xe05a, "RSA_SM4_GCM_SHA256"}, | ||||
1295 | /* https://tools.ietf.org/html/draft-josefsson-salsa20-tls */ | ||||
1296 | { 0xE410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
1297 | { 0xE411, "TLS_RSA_WITH_SALSA20_SHA1" }, | ||||
1298 | { 0xE412, "TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
1299 | { 0xE413, "TLS_ECDHE_RSA_WITH_SALSA20_SHA1" }, | ||||
1300 | { 0xE414, "TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
1301 | { 0xE415, "TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1" }, | ||||
1302 | { 0xE416, "TLS_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
1303 | { 0xE417, "TLS_PSK_WITH_SALSA20_SHA1" }, | ||||
1304 | { 0xE418, "TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
1305 | { 0xE419, "TLS_ECDHE_PSK_WITH_SALSA20_SHA1" }, | ||||
1306 | { 0xE41A, "TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
1307 | { 0xE41B, "TLS_RSA_PSK_WITH_SALSA20_SHA1" }, | ||||
1308 | { 0xE41C, "TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
1309 | { 0xE41D, "TLS_DHE_PSK_WITH_SALSA20_SHA1" }, | ||||
1310 | { 0xE41E, "TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, | ||||
1311 | { 0xE41F, "TLS_DHE_RSA_WITH_SALSA20_SHA1" }, | ||||
1312 | /* RFC 8701 */ | ||||
1313 | { 0xEAEA, "Reserved (GREASE)" }, | ||||
1314 | { 0xFAFA, "Reserved (GREASE)" }, | ||||
1315 | /* these from http://www.mozilla.org/projects/ | ||||
1316 | security/pki/nss/ssl/fips-ssl-ciphersuites.html */ | ||||
1317 | { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, | ||||
1318 | { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | ||||
1319 | { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, | ||||
1320 | { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA" }, | ||||
1321 | /* note that ciphersuites 0xff00 - 0xffff are private */ | ||||
1322 | { 0x00, NULL((void*)0) } | ||||
1323 | }; | ||||
1324 | |||||
1325 | value_string_ext ssl_31_ciphersuite_ext = VALUE_STRING_EXT_INIT(ssl_31_ciphersuite){ _try_val_to_str_ext_init, 0, (sizeof (ssl_31_ciphersuite) / sizeof ((ssl_31_ciphersuite)[0]))-1, ssl_31_ciphersuite, "ssl_31_ciphersuite" }; | ||||
1326 | |||||
1327 | /* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1 */ | ||||
1328 | const value_string tls_hello_extension_types[] = { | ||||
1329 | { SSL_HND_HELLO_EXT_SERVER_NAME0, "server_name" }, /* RFC 6066 */ | ||||
1330 | { SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH1, "max_fragment_length" },/* RFC 6066 */ | ||||
1331 | { SSL_HND_HELLO_EXT_CLIENT_CERTIFICATE_URL2, "client_certificate_url" }, /* RFC 6066 */ | ||||
1332 | { SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS3, "trusted_ca_keys" }, /* RFC 6066 */ | ||||
1333 | { SSL_HND_HELLO_EXT_TRUNCATED_HMAC4, "truncated_hmac" }, /* RFC 6066 */ | ||||
1334 | { SSL_HND_HELLO_EXT_STATUS_REQUEST5, "status_request" }, /* RFC 6066 */ | ||||
1335 | { SSL_HND_HELLO_EXT_USER_MAPPING6, "user_mapping" }, /* RFC 4681 */ | ||||
1336 | { SSL_HND_HELLO_EXT_CLIENT_AUTHZ7, "client_authz" }, /* RFC 5878 */ | ||||
1337 | { SSL_HND_HELLO_EXT_SERVER_AUTHZ8, "server_authz" }, /* RFC 5878 */ | ||||
1338 | { SSL_HND_HELLO_EXT_CERT_TYPE9, "cert_type" }, /* RFC 6091 */ | ||||
1339 | { SSL_HND_HELLO_EXT_SUPPORTED_GROUPS10, "supported_groups" }, /* RFC 4492, RFC 7919 */ | ||||
1340 | { SSL_HND_HELLO_EXT_EC_POINT_FORMATS11, "ec_point_formats" }, /* RFC 4492 */ | ||||
1341 | { SSL_HND_HELLO_EXT_SRP12, "srp" }, /* RFC 5054 */ | ||||
1342 | { SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS13, "signature_algorithms" }, /* RFC 5246 */ | ||||
1343 | { SSL_HND_HELLO_EXT_USE_SRTP14, "use_srtp" }, /* RFC 5764 */ | ||||
1344 | { SSL_HND_HELLO_EXT_HEARTBEAT15, "heartbeat" }, /* RFC 6520 */ | ||||
1345 | { SSL_HND_HELLO_EXT_ALPN16, "application_layer_protocol_negotiation" }, /* RFC 7301 */ | ||||
1346 | { SSL_HND_HELLO_EXT_STATUS_REQUEST_V217, "status_request_v2" }, /* RFC 6961 */ | ||||
1347 | { SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP18, "signed_certificate_timestamp" }, /* RFC 6962 */ | ||||
1348 | { SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19, "client_certificate_type" }, /* RFC 7250 */ | ||||
1349 | { SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20, "server_certificate_type" }, /* RFC 7250 */ | ||||
1350 | { SSL_HND_HELLO_EXT_PADDING21, "padding" }, /* RFC 7685 */ | ||||
1351 | { SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC22, "encrypt_then_mac" }, /* RFC 7366 */ | ||||
1352 | { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET23, "extended_master_secret" }, /* RFC 7627 */ | ||||
1353 | { SSL_HND_HELLO_EXT_TOKEN_BINDING24, "token_binding" }, /* https://tools.ietf.org/html/draft-ietf-tokbind-negotiation */ | ||||
1354 | { SSL_HND_HELLO_EXT_CACHED_INFO25, "cached_info" }, /* RFC 7924 */ | ||||
1355 | { SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE27, "compress_certificate" }, /* https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03 */ | ||||
1356 | { SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT28, "record_size_limit" }, /* RFC 8449 */ | ||||
1357 | { SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS34, "delegated_credentials" }, /* draft-ietf-tls-subcerts-10.txt */ | ||||
1358 | { SSL_HND_HELLO_EXT_SESSION_TICKET_TLS35, "session_ticket" }, /* RFC 5077 / RFC 8447 */ | ||||
1359 | { SSL_HND_HELLO_EXT_KEY_SHARE_OLD40, "Reserved (key_share)" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-22 (removed in -23) */ | ||||
1360 | { SSL_HND_HELLO_EXT_PRE_SHARED_KEY41, "pre_shared_key" }, /* RFC 8446 */ | ||||
1361 | { SSL_HND_HELLO_EXT_EARLY_DATA42, "early_data" }, /* RFC 8446 */ | ||||
1362 | { SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43, "supported_versions" }, /* RFC 8446 */ | ||||
1363 | { SSL_HND_HELLO_EXT_COOKIE44, "cookie" }, /* RFC 8446 */ | ||||
1364 | { SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES45, "psk_key_exchange_modes" }, /* RFC 8446 */ | ||||
1365 | { SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO46, "Reserved (ticket_early_data_info)" }, /* draft-ietf-tls-tls13-18 (removed in -19) */ | ||||
1366 | { SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES47, "certificate_authorities" }, /* RFC 8446 */ | ||||
1367 | { SSL_HND_HELLO_EXT_OID_FILTERS48, "oid_filters" }, /* RFC 8446 */ | ||||
1368 | { SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH49, "post_handshake_auth" }, /* RFC 8446 */ | ||||
1369 | { SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT50, "signature_algorithms_cert" }, /* RFC 8446 */ | ||||
1370 | { SSL_HND_HELLO_EXT_KEY_SHARE51, "key_share" }, /* RFC 8446 */ | ||||
1371 | { SSL_HND_HELLO_EXT_TRANSPARENCY_INFO52, "transparency_info" }, /* draft-ietf-trans-rfc6962-bis-41 */ | ||||
1372 | { SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED53, "connection_id (deprecated)" }, /* draft-ietf-tls-dtls-connection-id-07 */ | ||||
1373 | { SSL_HND_HELLO_EXT_CONNECTION_ID54, "connection_id" }, /* RFC 9146 */ | ||||
1374 | { SSL_HND_HELLO_EXT_EXTERNAL_ID_HASH55, "external_id_hash" }, /* RFC 8844 */ | ||||
1375 | { SSL_HND_HELLO_EXT_EXTERNAL_SESSION_ID56, "external_session_id" }, /* RFC 8844 */ | ||||
1376 | { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V157, "quic_transport_parameters" }, /* draft-ietf-quic-tls-33 */ | ||||
1377 | { SSL_HND_HELLO_EXT_TICKET_REQUEST58, "ticket_request" }, /* draft-ietf-tls-ticketrequests-07 */ | ||||
1378 | { SSL_HND_HELLO_EXT_DNSSEC_CHAIN59, "dnssec_chain" }, /* RFC 9102 */ | ||||
1379 | { SSL_HND_HELLO_EXT_GREASE_0A0A2570, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1380 | { SSL_HND_HELLO_EXT_GREASE_1A1A6682, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1381 | { SSL_HND_HELLO_EXT_GREASE_2A2A10794, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1382 | { SSL_HND_HELLO_EXT_NPN13172, "next_protocol_negotiation"}, /* https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-03.html */ | ||||
1383 | { SSL_HND_HELLO_EXT_GREASE_3A3A14906, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1384 | { SSL_HND_HELLO_EXT_ALPS17513, "application_settings" }, /* draft-vvv-tls-alps-01 */ | ||||
1385 | { SSL_HND_HELLO_EXT_GREASE_4A4A19018, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1386 | { SSL_HND_HELLO_EXT_GREASE_5A5A23130, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1387 | { SSL_HND_HELLO_EXT_GREASE_6A6A27242, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1388 | { SSL_HND_HELLO_EXT_CHANNEL_ID_OLD30031, "channel_id_old" }, /* https://tools.ietf.org/html/draft-balfanz-tls-channelid-00 | ||||
1389 | https://twitter.com/ericlaw/status/274237352531083264 */ | ||||
1390 | { SSL_HND_HELLO_EXT_CHANNEL_ID30032, "channel_id" }, /* https://tools.ietf.org/html/draft-balfanz-tls-channelid-01 | ||||
1391 | https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/sslt.h&l=209 */ | ||||
1392 | { SSL_HND_HELLO_EXT_RENEGOTIATION_INFO65281, "renegotiation_info" }, /* RFC 5746 */ | ||||
1393 | { SSL_HND_HELLO_EXT_GREASE_7A7A31354, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1394 | { SSL_HND_HELLO_EXT_GREASE_8A8A35466, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1395 | { SSL_HND_HELLO_EXT_GREASE_9A9A39578, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1396 | { SSL_HND_HELLO_EXT_GREASE_AAAA43690, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1397 | { SSL_HND_HELLO_EXT_GREASE_BABA47802, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1398 | { SSL_HND_HELLO_EXT_GREASE_CACA51914, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1399 | { SSL_HND_HELLO_EXT_GREASE_DADA56026, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1400 | { SSL_HND_HELLO_EXT_GREASE_EAEA60138, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1401 | { SSL_HND_HELLO_EXT_GREASE_FAFA64250, "Reserved (GREASE)" }, /* RFC 8701 */ | ||||
1402 | { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS65445, "quic_transport_parameters (drafts version)" }, /* https://tools.ietf.org/html/draft-ietf-quic-tls */ | ||||
1403 | { SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME65486, "encrypted_server_name" }, /* https://tools.ietf.org/html/draft-ietf-tls-esni-01 */ | ||||
1404 | { SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037, "encrypted_client_hello" }, /* https://datatracker.ietf.org/doc/draft-ietf-tls-esni/17/ */ | ||||
1405 | { SSL_HND_HELLO_EXT_ECH_OUTER_EXTENSIONS64768, "ech_outer_extensions" }, /* https://datatracker.ietf.org/doc/draft-ietf-tls-esni/17/ */ | ||||
1406 | { 0, NULL((void*)0) } | ||||
1407 | }; | ||||
1408 | |||||
1409 | const value_string tls_hello_ext_server_name_type_vs[] = { | ||||
1410 | { 0, "host_name" }, | ||||
1411 | { 0, NULL((void*)0) } | ||||
1412 | }; | ||||
1413 | |||||
1414 | /* RFC 6066 Section 4 */ | ||||
1415 | const value_string tls_hello_ext_max_fragment_length[] = { | ||||
1416 | { 1, "512" }, // 2^9 | ||||
1417 | { 2, "1024" }, // 2^10 | ||||
1418 | { 3, "2048" }, // 2^11 | ||||
1419 | { 4, "4096" }, // 2^12 | ||||
1420 | { 0, NULL((void*)0) } | ||||
1421 | }; | ||||
1422 | |||||
1423 | /* RFC 8446 Section 4.2.9 */ | ||||
1424 | const value_string tls_hello_ext_psk_ke_mode[] = { | ||||
1425 | { 0, "PSK-only key establishment (psk_ke)" }, | ||||
1426 | { 1, "PSK with (EC)DHE key establishment (psk_dhe_ke)" }, | ||||
1427 | { 0, NULL((void*)0) } | ||||
1428 | }; | ||||
1429 | |||||
1430 | /* RFC 6066 Section 6 */ | ||||
1431 | const value_string tls_hello_ext_trusted_ca_key_type[] = { | ||||
1432 | {0, "pre_agreed"}, | ||||
1433 | {1, "key_sha1_hash"}, | ||||
1434 | {2, "x509_name"}, | ||||
1435 | {3, "cert_sha1_hash"}, | ||||
1436 | {0, NULL((void*)0)} | ||||
1437 | }; | ||||
1438 | |||||
1439 | const value_string tls13_key_update_request[] = { | ||||
1440 | { 0, "update_not_requested" }, | ||||
1441 | { 1, "update_requested" }, | ||||
1442 | { 0, NULL((void*)0) } | ||||
1443 | }; | ||||
1444 | |||||
1445 | /* RFC 5246 7.4.1.4.1 */ | ||||
1446 | /* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ | ||||
1447 | /* Note that the TLS 1.3 SignatureScheme registry reserves all values | ||||
1448 | * with first octet 0x00-0x06 and all values with second octet 0x00-0x03 | ||||
1449 | * for backwards compatibility with TLS 1.2 SignatureAndHashAlgorithm. | ||||
1450 | * | ||||
1451 | * RFC 8422 and RFC 9189 add official support in TLS 1.2 for some algorithms | ||||
1452 | * originally defined for TLS 1.3, and extend the TLS SignatureAlgorithm | ||||
1453 | * and TLS HashAlgorithm registries, but the new values are not compatible | ||||
1454 | * with all of the TLS 1.3-only SignatureSchemes. Adding those values could | ||||
1455 | * cause confusion if used to interpret one of those schemes in a | ||||
1456 | * signature_algorithms extension offered in a TLS 1.3 ClientHello. | ||||
1457 | */ | ||||
1458 | const value_string tls_hash_algorithm[] = { | ||||
1459 | { 0, "None" }, | ||||
1460 | { 1, "MD5" }, | ||||
1461 | { 2, "SHA1" }, | ||||
1462 | { 3, "SHA224" }, | ||||
1463 | { 4, "SHA256" }, | ||||
1464 | { 5, "SHA384" }, | ||||
1465 | { 6, "SHA512" }, | ||||
1466 | #if 0 | ||||
1467 | /* RFC 8422 adds this to the HashAlgorithm registry, but it really | ||||
1468 | * only applies to 0x0807 and 0x0808, not for other TLS 1.3 | ||||
1469 | * SignatureSchemes with 0x08 in the octet used for Hash in TLS 1.2. | ||||
1470 | * E.g., we don't want to display this for 0x0806 rsa_pss_rsae_sha512. | ||||
1471 | */ | ||||
1472 | { 8, "Intrinsic" }, | ||||
1473 | #endif | ||||
1474 | { 0, NULL((void*)0) } | ||||
1475 | }; | ||||
1476 | |||||
1477 | const value_string tls_signature_algorithm[] = { | ||||
1478 | { 0, "Anonymous" }, | ||||
1479 | { 1, "RSA" }, | ||||
1480 | { 2, "DSA" }, | ||||
1481 | { 3, "ECDSA" }, | ||||
1482 | #if 0 | ||||
1483 | /* As above. */ | ||||
1484 | { 7, "ED25519" }, | ||||
1485 | { 8, "ED448" }, | ||||
1486 | { 64, "GOSTR34102012_256" }, | ||||
1487 | { 65, "GOSTR34102012_512" }, | ||||
1488 | #endif | ||||
1489 | { 0, NULL((void*)0) } | ||||
1490 | }; | ||||
1491 | |||||
1492 | /* RFC 8446 Section 4.2.3 */ | ||||
1493 | const value_string tls13_signature_algorithm[] = { | ||||
1494 | { 0x0201, "rsa_pkcs1_sha1" }, | ||||
1495 | { 0x0203, "ecdsa_sha1" }, | ||||
1496 | { 0x0401, "rsa_pkcs1_sha256" }, | ||||
1497 | { 0x0403, "ecdsa_secp256r1_sha256" }, | ||||
1498 | { 0x0420, "rsa_pkcs1_sha256_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ | ||||
1499 | { 0x0501, "rsa_pkcs1_sha384" }, | ||||
1500 | { 0x0503, "ecdsa_secp384r1_sha384" }, | ||||
1501 | { 0x0520, "rsa_pkcs1_sha384_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ | ||||
1502 | { 0x0601, "rsa_pkcs1_sha512" }, | ||||
1503 | { 0x0603, "ecdsa_secp521r1_sha512" }, | ||||
1504 | { 0x0620, "rsa_pkcs1_sha512_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ | ||||
1505 | { 0x0708, "sm2sig_sm3" }, | ||||
1506 | { 0x0709, "gostr34102012_256a" }, /* RFC9367 */ | ||||
1507 | { 0x070a, "gostr34102012_256b" }, /* RFC9367 */ | ||||
1508 | { 0x070b, "gostr34102012_256c" }, /* RFC9367 */ | ||||
1509 | { 0x070c, "gostr34102012_256d" }, /* RFC9367 */ | ||||
1510 | { 0x070d, "gostr34102012_512a" }, /* RFC9367 */ | ||||
1511 | { 0x070e, "gostr34102012_512b" }, /* RFC9367 */ | ||||
1512 | { 0x070f, "gostr34102012_512c" }, /* RFC9367 */ | ||||
1513 | { 0x0804, "rsa_pss_rsae_sha256" }, | ||||
1514 | { 0x0805, "rsa_pss_rsae_sha384" }, | ||||
1515 | { 0x0806, "rsa_pss_rsae_sha512" }, | ||||
1516 | { 0x0807, "ed25519" }, | ||||
1517 | { 0x0808, "ed448" }, | ||||
1518 | { 0x0809, "rsa_pss_pss_sha256" }, | ||||
1519 | { 0x080a, "rsa_pss_pss_sha384" }, | ||||
1520 | { 0x080b, "rsa_pss_pss_sha512" }, | ||||
1521 | { 0x081a, "ecdsa_brainpoolP256r1tls13_sha256" }, /* RFC8734 */ | ||||
1522 | { 0x081b, "ecdsa_brainpoolP384r1tls13_sha384" }, /* RFC8734 */ | ||||
1523 | { 0x081c, "ecdsa_brainpoolP512r1tls13_sha512" }, /* RFC8734 */ | ||||
1524 | /* PQC digital signature algorithms from OQS-OpenSSL, | ||||
1525 | see https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/oqs-template/oqs-sig-info.md */ | ||||
1526 | { 0xfea0, "dilithium2" }, | ||||
1527 | { 0xfea1, "p256_dilithium2" }, | ||||
1528 | { 0xfea2, "rsa3072_dilithium2" }, | ||||
1529 | { 0xfea3, "dilithium3" }, | ||||
1530 | { 0xfea4, "p384_dilithium3" }, | ||||
1531 | { 0xfea5, "dilithium5" }, | ||||
1532 | { 0xfea6, "p521_dilithium5" }, | ||||
1533 | { 0xfea7, "dilithium2_aes" }, | ||||
1534 | { 0xfea8, "p256_dilithium2_aes" }, | ||||
1535 | { 0xfea9, "rsa3072_dilithium2_aes" }, | ||||
1536 | { 0xfeaa, "dilithium3_aes" }, | ||||
1537 | { 0xfeab, "p384_dilithium3_aes" }, | ||||
1538 | { 0xfeac, "dilithium5_aes" }, | ||||
1539 | { 0xfead, "p521_dilithium5_aes" }, | ||||
1540 | { 0xfe0b, "falcon512" }, | ||||
1541 | { 0xfe0c, "p256_falcon512" }, | ||||
1542 | { 0xfe0d, "rsa3072_falcon512" }, | ||||
1543 | { 0xfe0e, "falcon1024" }, | ||||
1544 | { 0xfe0f, "p521_falcon1024" }, | ||||
1545 | { 0xfe96, "picnicl1full" }, | ||||
1546 | { 0xfe97, "p256_picnicl1full" }, | ||||
1547 | { 0xfe98, "rsa3072_picnicl1full" }, | ||||
1548 | { 0xfe1b, "picnic3l1" }, | ||||
1549 | { 0xfe1c, "p256_picnic3l1" }, | ||||
1550 | { 0xfe1d, "rsa3072_picnic3l1" }, | ||||
1551 | { 0xfe27, "rainbowIclassic" }, | ||||
1552 | { 0xfe28, "p256_rainbowIclassic" }, | ||||
1553 | { 0xfe29, "rsa3072_rainbowIclassic" }, | ||||
1554 | { 0xfe3c, "rainbowVclassic" }, | ||||
1555 | { 0xfe3d, "p521_rainbowVclassic" }, | ||||
1556 | { 0xfe42, "sphincsharaka128frobust" }, | ||||
1557 | { 0xfe43, "p256_sphincsharaka128frobust" }, | ||||
1558 | { 0xfe44, "rsa3072_sphincsharaka128frobust" }, | ||||
1559 | { 0xfe5e, "sphincssha256128frobust" }, | ||||
1560 | { 0xfe5f, "p256_sphincssha256128frobust" }, | ||||
1561 | { 0xfe60, "rsa3072_sphincssha256128frobust" }, | ||||
1562 | { 0xfe7a, "sphincsshake256128frobust" }, | ||||
1563 | { 0xfe7b, "p256_sphincsshake256128frobust" }, | ||||
1564 | { 0xfe7c, "rsa3072_sphincsshake256128frobust" }, | ||||
1565 | { 0, NULL((void*)0) } | ||||
1566 | }; | ||||
1567 | |||||
1568 | /* RFC 6091 3.1 */ | ||||
1569 | const value_string tls_certificate_type[] = { | ||||
1570 | { 0, "X.509" }, | ||||
1571 | { 1, "OpenPGP" }, | ||||
1572 | { SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2, "Raw Public Key" }, /* RFC 7250 */ | ||||
1573 | { 0, NULL((void*)0) } | ||||
1574 | }; | ||||
1575 | |||||
1576 | const value_string tls_cert_chain_type[] = { | ||||
1577 | { SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT1, "Individual Certificates" }, | ||||
1578 | { SSL_HND_CERT_URL_TYPE_PKIPATH2, "PKI Path" }, | ||||
1579 | { 0, NULL((void*)0) } | ||||
1580 | }; | ||||
1581 | |||||
1582 | const value_string tls_cert_status_type[] = { | ||||
1583 | { SSL_HND_CERT_STATUS_TYPE_OCSP1, "OCSP" }, | ||||
1584 | { SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2, "OCSP Multi" }, | ||||
1585 | { 0, NULL((void*)0) } | ||||
1586 | }; | ||||
1587 | |||||
1588 | /* Generated by tools/make-tls-ct-logids.py | ||||
1589 | * Last-Modified Sat, 05 Oct 2024 13:48:00 GMT, 165 entries. */ | ||||
1590 | static const bytes_string ct_logids[] = { | ||||
1591 | { (const uint8_t[]){ | ||||
1592 | 0xb2, 0x1e, 0x05, 0xcc, 0x8b, 0xa2, 0xcd, 0x8a, 0x20, 0x4e, 0x87, | ||||
1593 | 0x66, 0xf9, 0x2b, 0xb9, 0x8a, 0x25, 0x20, 0x67, 0x6b, 0xda, 0xfa, | ||||
1594 | 0x70, 0xe7, 0xb2, 0x49, 0x53, 0x2d, 0xef, 0x8b, 0x90, 0x5e, | ||||
1595 | }, | ||||
1596 | 32, "Google 'Argon2020' log" }, | ||||
1597 | { (const uint8_t[]){ | ||||
1598 | 0xf6, 0x5c, 0x94, 0x2f, 0xd1, 0x77, 0x30, 0x22, 0x14, 0x54, 0x18, | ||||
1599 | 0x08, 0x30, 0x94, 0x56, 0x8e, 0xe3, 0x4d, 0x13, 0x19, 0x33, 0xbf, | ||||
1600 | 0xdf, 0x0c, 0x2f, 0x20, 0x0b, 0xcc, 0x4e, 0xf1, 0x64, 0xe3, | ||||
1601 | }, | ||||
1602 | 32, "Google 'Argon2021' log" }, | ||||
1603 | { (const uint8_t[]){ | ||||
1604 | 0x29, 0x79, 0xbe, 0xf0, 0x9e, 0x39, 0x39, 0x21, 0xf0, 0x56, 0x73, | ||||
1605 | 0x9f, 0x63, 0xa5, 0x77, 0xe5, 0xbe, 0x57, 0x7d, 0x9c, 0x60, 0x0a, | ||||
1606 | 0xf8, 0xf9, 0x4d, 0x5d, 0x26, 0x5c, 0x25, 0x5d, 0xc7, 0x84, | ||||
1607 | }, | ||||
1608 | 32, "Google 'Argon2022' log" }, | ||||
1609 | { (const uint8_t[]){ | ||||
1610 | 0xe8, 0x3e, 0xd0, 0xda, 0x3e, 0xf5, 0x06, 0x35, 0x32, 0xe7, 0x57, | ||||
1611 | 0x28, 0xbc, 0x89, 0x6b, 0xc9, 0x03, 0xd3, 0xcb, 0xd1, 0x11, 0x6b, | ||||
1612 | 0xec, 0xeb, 0x69, 0xe1, 0x77, 0x7d, 0x6d, 0x06, 0xbd, 0x6e, | ||||
1613 | }, | ||||
1614 | 32, "Google 'Argon2023' log" }, | ||||
1615 | { (const uint8_t[]){ | ||||
1616 | 0xee, 0xcd, 0xd0, 0x64, 0xd5, 0xdb, 0x1a, 0xce, 0xc5, 0x5c, 0xb7, | ||||
1617 | 0x9d, 0xb4, 0xcd, 0x13, 0xa2, 0x32, 0x87, 0x46, 0x7c, 0xbc, 0xec, | ||||
1618 | 0xde, 0xc3, 0x51, 0x48, 0x59, 0x46, 0x71, 0x1f, 0xb5, 0x9b, | ||||
1619 | }, | ||||
1620 | 32, "Google 'Argon2024' log" }, | ||||
1621 | { (const uint8_t[]){ | ||||
1622 | 0x4e, 0x75, 0xa3, 0x27, 0x5c, 0x9a, 0x10, 0xc3, 0x38, 0x5b, 0x6c, | ||||
1623 | 0xd4, 0xdf, 0x3f, 0x52, 0xeb, 0x1d, 0xf0, 0xe0, 0x8e, 0x1b, 0x8d, | ||||
1624 | 0x69, 0xc0, 0xb1, 0xfa, 0x64, 0xb1, 0x62, 0x9a, 0x39, 0xdf, | ||||
1625 | }, | ||||
1626 | 32, "Google 'Argon2025h1' log" }, | ||||
1627 | { (const uint8_t[]){ | ||||
1628 | 0x12, 0xf1, 0x4e, 0x34, 0xbd, 0x53, 0x72, 0x4c, 0x84, 0x06, 0x19, | ||||
1629 | 0xc3, 0x8f, 0x3f, 0x7a, 0x13, 0xf8, 0xe7, 0xb5, 0x62, 0x87, 0x88, | ||||
1630 | 0x9c, 0x6d, 0x30, 0x05, 0x84, 0xeb, 0xe5, 0x86, 0x26, 0x3a, | ||||
1631 | }, | ||||
1632 | 32, "Google 'Argon2025h2' log" }, | ||||
1633 | { (const uint8_t[]){ | ||||
1634 | 0x0e, 0x57, 0x94, 0xbc, 0xf3, 0xae, 0xa9, 0x3e, 0x33, 0x1b, 0x2c, | ||||
1635 | 0x99, 0x07, 0xb3, 0xf7, 0x90, 0xdf, 0x9b, 0xc2, 0x3d, 0x71, 0x32, | ||||
1636 | 0x25, 0xdd, 0x21, 0xa9, 0x25, 0xac, 0x61, 0xc5, 0x4e, 0x21, | ||||
1637 | }, | ||||
1638 | 32, "Google 'Argon2026h1' log" }, | ||||
1639 | { (const uint8_t[]){ | ||||
1640 | 0xd7, 0x6d, 0x7d, 0x10, 0xd1, 0xa7, 0xf5, 0x77, 0xc2, 0xc7, 0xe9, | ||||
1641 | 0x5f, 0xd7, 0x00, 0xbf, 0xf9, 0x82, 0xc9, 0x33, 0x5a, 0x65, 0xe1, | ||||
1642 | 0xd0, 0xb3, 0x01, 0x73, 0x17, 0xc0, 0xc8, 0xc5, 0x69, 0x77, | ||||
1643 | }, | ||||
1644 | 32, "Google 'Argon2026h2' log" }, | ||||
1645 | { (const uint8_t[]){ | ||||
1646 | 0x07, 0xb7, 0x5c, 0x1b, 0xe5, 0x7d, 0x68, 0xff, 0xf1, 0xb0, 0xc6, | ||||
1647 | 0x1d, 0x23, 0x15, 0xc7, 0xba, 0xe6, 0x57, 0x7c, 0x57, 0x94, 0xb7, | ||||
1648 | 0x6a, 0xee, 0xbc, 0x61, 0x3a, 0x1a, 0x69, 0xd3, 0xa2, 0x1c, | ||||
1649 | }, | ||||
1650 | 32, "Google 'Xenon2020' log" }, | ||||
1651 | { (const uint8_t[]){ | ||||
1652 | 0x7d, 0x3e, 0xf2, 0xf8, 0x8f, 0xff, 0x88, 0x55, 0x68, 0x24, 0xc2, | ||||
1653 | 0xc0, 0xca, 0x9e, 0x52, 0x89, 0x79, 0x2b, 0xc5, 0x0e, 0x78, 0x09, | ||||
1654 | 0x7f, 0x2e, 0x6a, 0x97, 0x68, 0x99, 0x7e, 0x22, 0xf0, 0xd7, | ||||
1655 | }, | ||||
1656 | 32, "Google 'Xenon2021' log" }, | ||||
1657 | { (const uint8_t[]){ | ||||
1658 | 0x46, 0xa5, 0x55, 0xeb, 0x75, 0xfa, 0x91, 0x20, 0x30, 0xb5, 0xa2, | ||||
1659 | 0x89, 0x69, 0xf4, 0xf3, 0x7d, 0x11, 0x2c, 0x41, 0x74, 0xbe, 0xfd, | ||||
1660 | 0x49, 0xb8, 0x85, 0xab, 0xf2, 0xfc, 0x70, 0xfe, 0x6d, 0x47, | ||||
1661 | }, | ||||
1662 | 32, "Google 'Xenon2022' log" }, | ||||
1663 | { (const uint8_t[]){ | ||||
1664 | 0xad, 0xf7, 0xbe, 0xfa, 0x7c, 0xff, 0x10, 0xc8, 0x8b, 0x9d, 0x3d, | ||||
1665 | 0x9c, 0x1e, 0x3e, 0x18, 0x6a, 0xb4, 0x67, 0x29, 0x5d, 0xcf, 0xb1, | ||||
1666 | 0x0c, 0x24, 0xca, 0x85, 0x86, 0x34, 0xeb, 0xdc, 0x82, 0x8a, | ||||
1667 | }, | ||||
1668 | 32, "Google 'Xenon2023' log" }, | ||||
1669 | { (const uint8_t[]){ | ||||
1670 | 0x76, 0xff, 0x88, 0x3f, 0x0a, 0xb6, 0xfb, 0x95, 0x51, 0xc2, 0x61, | ||||
1671 | 0xcc, 0xf5, 0x87, 0xba, 0x34, 0xb4, 0xa4, 0xcd, 0xbb, 0x29, 0xdc, | ||||
1672 | 0x68, 0x42, 0x0a, 0x9f, 0xe6, 0x67, 0x4c, 0x5a, 0x3a, 0x74, | ||||
1673 | }, | ||||
1674 | 32, "Google 'Xenon2024' log" }, | ||||
1675 | { (const uint8_t[]){ | ||||
1676 | 0xcf, 0x11, 0x56, 0xee, 0xd5, 0x2e, 0x7c, 0xaf, 0xf3, 0x87, 0x5b, | ||||
1677 | 0xd9, 0x69, 0x2e, 0x9b, 0xe9, 0x1a, 0x71, 0x67, 0x4a, 0xb0, 0x17, | ||||
1678 | 0xec, 0xac, 0x01, 0xd2, 0x5b, 0x77, 0xce, 0xcc, 0x3b, 0x08, | ||||
1679 | }, | ||||
1680 | 32, "Google 'Xenon2025h1' log" }, | ||||
1681 | { (const uint8_t[]){ | ||||
1682 | 0xdd, 0xdc, 0xca, 0x34, 0x95, 0xd7, 0xe1, 0x16, 0x05, 0xe7, 0x95, | ||||
1683 | 0x32, 0xfa, 0xc7, 0x9f, 0xf8, 0x3d, 0x1c, 0x50, 0xdf, 0xdb, 0x00, | ||||
1684 | 0x3a, 0x14, 0x12, 0x76, 0x0a, 0x2c, 0xac, 0xbb, 0xc8, 0x2a, | ||||
1685 | }, | ||||
1686 | 32, "Google 'Xenon2025h2' log" }, | ||||
1687 | { (const uint8_t[]){ | ||||
1688 | 0x96, 0x97, 0x64, 0xbf, 0x55, 0x58, 0x97, 0xad, 0xf7, 0x43, 0x87, | ||||
1689 | 0x68, 0x37, 0x08, 0x42, 0x77, 0xe9, 0xf0, 0x3a, 0xd5, 0xf6, 0xa4, | ||||
1690 | 0xf3, 0x36, 0x6e, 0x46, 0xa4, 0x3f, 0x0f, 0xca, 0xa9, 0xc6, | ||||
1691 | }, | ||||
1692 | 32, "Google 'Xenon2026h1' log" }, | ||||
1693 | { (const uint8_t[]){ | ||||
1694 | 0xd8, 0x09, 0x55, 0x3b, 0x94, 0x4f, 0x7a, 0xff, 0xc8, 0x16, 0x19, | ||||
1695 | 0x6f, 0x94, 0x4f, 0x85, 0xab, 0xb0, 0xf8, 0xfc, 0x5e, 0x87, 0x55, | ||||
1696 | 0x26, 0x0f, 0x15, 0xd1, 0x2e, 0x72, 0xbb, 0x45, 0x4b, 0x14, | ||||
1697 | }, | ||||
1698 | 32, "Google 'Xenon2026h2' log" }, | ||||
1699 | { (const uint8_t[]){ | ||||
1700 | 0x68, 0xf6, 0x98, 0xf8, 0x1f, 0x64, 0x82, 0xbe, 0x3a, 0x8c, 0xee, | ||||
1701 | 0xb9, 0x28, 0x1d, 0x4c, 0xfc, 0x71, 0x51, 0x5d, 0x67, 0x93, 0xd4, | ||||
1702 | 0x44, 0xd1, 0x0a, 0x67, 0xac, 0xbb, 0x4f, 0x4f, 0xfb, 0xc4, | ||||
1703 | }, | ||||
1704 | 32, "Google 'Aviator' log" }, | ||||
1705 | { (const uint8_t[]){ | ||||
1706 | 0x29, 0x3c, 0x51, 0x96, 0x54, 0xc8, 0x39, 0x65, 0xba, 0xaa, 0x50, | ||||
1707 | 0xfc, 0x58, 0x07, 0xd4, 0xb7, 0x6f, 0xbf, 0x58, 0x7a, 0x29, 0x72, | ||||
1708 | 0xdc, 0xa4, 0xc3, 0x0c, 0xf4, 0xe5, 0x45, 0x47, 0xf4, 0x78, | ||||
1709 | }, | ||||
1710 | 32, "Google 'Icarus' log" }, | ||||
1711 | { (const uint8_t[]){ | ||||
1712 | 0xa4, 0xb9, 0x09, 0x90, 0xb4, 0x18, 0x58, 0x14, 0x87, 0xbb, 0x13, | ||||
1713 | 0xa2, 0xcc, 0x67, 0x70, 0x0a, 0x3c, 0x35, 0x98, 0x04, 0xf9, 0x1b, | ||||
1714 | 0xdf, 0xb8, 0xe3, 0x77, 0xcd, 0x0e, 0xc8, 0x0d, 0xdc, 0x10, | ||||
1715 | }, | ||||
1716 | 32, "Google 'Pilot' log" }, | ||||
1717 | { (const uint8_t[]){ | ||||
1718 | 0xee, 0x4b, 0xbd, 0xb7, 0x75, 0xce, 0x60, 0xba, 0xe1, 0x42, 0x69, | ||||
1719 | 0x1f, 0xab, 0xe1, 0x9e, 0x66, 0xa3, 0x0f, 0x7e, 0x5f, 0xb0, 0x72, | ||||
1720 | 0xd8, 0x83, 0x00, 0xc4, 0x7b, 0x89, 0x7a, 0xa8, 0xfd, 0xcb, | ||||
1721 | }, | ||||
1722 | 32, "Google 'Rocketeer' log" }, | ||||
1723 | { (const uint8_t[]){ | ||||
1724 | 0xbb, 0xd9, 0xdf, 0xbc, 0x1f, 0x8a, 0x71, 0xb5, 0x93, 0x94, 0x23, | ||||
1725 | 0x97, 0xaa, 0x92, 0x7b, 0x47, 0x38, 0x57, 0x95, 0x0a, 0xab, 0x52, | ||||
1726 | 0xe8, 0x1a, 0x90, 0x96, 0x64, 0x36, 0x8e, 0x1e, 0xd1, 0x85, | ||||
1727 | }, | ||||
1728 | 32, "Google 'Skydiver' log" }, | ||||
1729 | { (const uint8_t[]){ | ||||
1730 | 0xfa, 0xd4, 0xc9, 0x7c, 0xc4, 0x9e, 0xe2, 0xf8, 0xac, 0x85, 0xc5, | ||||
1731 | 0xea, 0x5c, 0xea, 0x09, 0xd0, 0x22, 0x0d, 0xbb, 0xf4, 0xe4, 0x9c, | ||||
1732 | 0x6b, 0x50, 0x66, 0x2f, 0xf8, 0x68, 0xf8, 0x6b, 0x8c, 0x28, | ||||
1733 | }, | ||||
1734 | 32, "Google 'Argon2017' log" }, | ||||
1735 | { (const uint8_t[]){ | ||||
1736 | 0xa4, 0x50, 0x12, 0x69, 0x05, 0x5a, 0x15, 0x54, 0x5e, 0x62, 0x11, | ||||
1737 | 0xab, 0x37, 0xbc, 0x10, 0x3f, 0x62, 0xae, 0x55, 0x76, 0xa4, 0x5e, | ||||
1738 | 0x4b, 0x17, 0x14, 0x45, 0x3e, 0x1b, 0x22, 0x10, 0x6a, 0x25, | ||||
1739 | }, | ||||
1740 | 32, "Google 'Argon2018' log" }, | ||||
1741 | { (const uint8_t[]){ | ||||
1742 | 0x63, 0xf2, 0xdb, 0xcd, 0xe8, 0x3b, 0xcc, 0x2c, 0xcf, 0x0b, 0x72, | ||||
1743 | 0x84, 0x27, 0x57, 0x6b, 0x33, 0xa4, 0x8d, 0x61, 0x77, 0x8f, 0xbd, | ||||
1744 | 0x75, 0xa6, 0x38, 0xb1, 0xc7, 0x68, 0x54, 0x4b, 0xd8, 0x8d, | ||||
1745 | }, | ||||
1746 | 32, "Google 'Argon2019' log" }, | ||||
1747 | { (const uint8_t[]){ | ||||
1748 | 0xb1, 0x0c, 0xd5, 0x59, 0xa6, 0xd6, 0x78, 0x46, 0x81, 0x1f, 0x7d, | ||||
1749 | 0xf9, 0xa5, 0x15, 0x32, 0x73, 0x9a, 0xc4, 0x8d, 0x70, 0x3b, 0xea, | ||||
1750 | 0x03, 0x23, 0xda, 0x5d, 0x38, 0x75, 0x5b, 0xc0, 0xad, 0x4e, | ||||
1751 | }, | ||||
1752 | 32, "Google 'Xenon2018' log" }, | ||||
1753 | { (const uint8_t[]){ | ||||
1754 | 0x08, 0x41, 0x14, 0x98, 0x00, 0x71, 0x53, 0x2c, 0x16, 0x19, 0x04, | ||||
1755 | 0x60, 0xbc, 0xfc, 0x47, 0xfd, 0xc2, 0x65, 0x3a, 0xfa, 0x29, 0x2c, | ||||
1756 | 0x72, 0xb3, 0x7f, 0xf8, 0x63, 0xae, 0x29, 0xcc, 0xc9, 0xf0, | ||||
1757 | }, | ||||
1758 | 32, "Google 'Xenon2019' log" }, | ||||
1759 | { (const uint8_t[]){ | ||||
1760 | 0xa8, 0x99, 0xd8, 0x78, 0x0c, 0x92, 0x90, 0xaa, 0xf4, 0x62, 0xf3, | ||||
1761 | 0x18, 0x80, 0xcc, 0xfb, 0xd5, 0x24, 0x51, 0xe9, 0x70, 0xd0, 0xfb, | ||||
1762 | 0xf5, 0x91, 0xef, 0x75, 0xb0, 0xd9, 0x9b, 0x64, 0x56, 0x81, | ||||
1763 | }, | ||||
1764 | 32, "Google 'Submariner' log" }, | ||||
1765 | { (const uint8_t[]){ | ||||
1766 | 0x1d, 0x02, 0x4b, 0x8e, 0xb1, 0x49, 0x8b, 0x34, 0x4d, 0xfd, 0x87, | ||||
1767 | 0xea, 0x3e, 0xfc, 0x09, 0x96, 0xf7, 0x50, 0x6f, 0x23, 0x5d, 0x1d, | ||||
1768 | 0x49, 0x70, 0x61, 0xa4, 0x77, 0x3c, 0x43, 0x9c, 0x25, 0xfb, | ||||
1769 | }, | ||||
1770 | 32, "Google 'Daedalus' log" }, | ||||
1771 | { (const uint8_t[]){ | ||||
1772 | 0xb0, 0xcc, 0x83, 0xe5, 0xa5, 0xf9, 0x7d, 0x6b, 0xaf, 0x7c, 0x09, | ||||
1773 | 0xcc, 0x28, 0x49, 0x04, 0x87, 0x2a, 0xc7, 0xe8, 0x8b, 0x13, 0x2c, | ||||
1774 | 0x63, 0x50, 0xb7, 0xc6, 0xfd, 0x26, 0xe1, 0x6c, 0x6c, 0x77, | ||||
1775 | }, | ||||
1776 | 32, "Google 'Testtube' log" }, | ||||
1777 | { (const uint8_t[]){ | ||||
1778 | 0xc3, 0xbf, 0x03, 0xa7, 0xe1, 0xca, 0x88, 0x41, 0xc6, 0x07, 0xba, | ||||
1779 | 0xe3, 0xff, 0x42, 0x70, 0xfc, 0xa5, 0xec, 0x45, 0xb1, 0x86, 0xeb, | ||||
1780 | 0xbe, 0x4e, 0x2c, 0xf3, 0xfc, 0x77, 0x86, 0x30, 0xf5, 0xf6, | ||||
1781 | }, | ||||
1782 | 32, "Google 'Crucible' log" }, | ||||
1783 | { (const uint8_t[]){ | ||||
1784 | 0x52, 0xeb, 0x4b, 0x22, 0x5e, 0xc8, 0x96, 0x97, 0x48, 0x50, 0x67, | ||||
1785 | 0x5f, 0x23, 0xe4, 0x3b, 0xc1, 0xd0, 0x21, 0xe3, 0x21, 0x4c, 0xe5, | ||||
1786 | 0x2e, 0xcd, 0x5f, 0xa8, 0x7c, 0x20, 0x3c, 0xdf, 0xca, 0x03, | ||||
1787 | }, | ||||
1788 | 32, "Google 'Solera2018' log" }, | ||||
1789 | { (const uint8_t[]){ | ||||
1790 | 0x0b, 0x76, 0x0e, 0x9a, 0x8b, 0x9a, 0x68, 0x2f, 0x88, 0x98, 0x5b, | ||||
1791 | 0x15, 0xe9, 0x47, 0x50, 0x1a, 0x56, 0x44, 0x6b, 0xba, 0x88, 0x30, | ||||
1792 | 0x78, 0x5c, 0x38, 0x42, 0x99, 0x43, 0x86, 0x45, 0x0c, 0x00, | ||||
1793 | }, | ||||
1794 | 32, "Google 'Solera2019' log" }, | ||||
1795 | { (const uint8_t[]){ | ||||
1796 | 0x1f, 0xc7, 0x2c, 0xe5, 0xa1, 0xb7, 0x99, 0xf4, 0x00, 0xc3, 0x59, | ||||
1797 | 0xbf, 0xf9, 0x6c, 0xa3, 0x91, 0x35, 0x48, 0xe8, 0x64, 0x42, 0x20, | ||||
1798 | 0x61, 0x09, 0x52, 0xe9, 0xba, 0x17, 0x74, 0xf7, 0xba, 0xc7, | ||||
1799 | }, | ||||
1800 | 32, "Google 'Solera2020' log" }, | ||||
1801 | { (const uint8_t[]){ | ||||
1802 | 0xa3, 0xc9, 0x98, 0x45, 0xe8, 0x0a, 0xb7, 0xce, 0x00, 0x15, 0x7b, | ||||
1803 | 0x37, 0x42, 0xdf, 0x02, 0x07, 0xdd, 0x27, 0x2b, 0x2b, 0x60, 0x2e, | ||||
1804 | 0xcf, 0x98, 0xee, 0x2c, 0x12, 0xdb, 0x9c, 0x5a, 0xe7, 0xe7, | ||||
1805 | }, | ||||
1806 | 32, "Google 'Solera2021' log" }, | ||||
1807 | { (const uint8_t[]){ | ||||
1808 | 0x69, 0x7a, 0xaf, 0xca, 0x1a, 0x6b, 0x53, 0x6f, 0xae, 0x21, 0x20, | ||||
1809 | 0x50, 0x46, 0xde, 0xba, 0xd7, 0xe0, 0xea, 0xea, 0x13, 0xd2, 0x43, | ||||
1810 | 0x2e, 0x6e, 0x9d, 0x8f, 0xb3, 0x79, 0xf2, 0xb9, 0xaa, 0xf3, | ||||
1811 | }, | ||||
1812 | 32, "Google 'Solera2022' log" }, | ||||
1813 | { (const uint8_t[]){ | ||||
1814 | 0xf9, 0x7e, 0x97, 0xb8, 0xd3, 0x3e, 0xf7, 0xa1, 0x59, 0x02, 0xa5, | ||||
1815 | 0x3a, 0x19, 0xe1, 0x79, 0x90, 0xe5, 0xdc, 0x40, 0x6a, 0x03, 0x18, | ||||
1816 | 0x25, 0xba, 0xad, 0x93, 0xe9, 0x8f, 0x9b, 0x9c, 0x69, 0xcb, | ||||
1817 | }, | ||||
1818 | 32, "Google 'Solera2023' log" }, | ||||
1819 | { (const uint8_t[]){ | ||||
1820 | 0x30, 0x24, 0xce, 0x7e, 0xeb, 0x16, 0x88, 0x62, 0x72, 0x4b, 0xea, | ||||
1821 | 0x70, 0x2e, 0xff, 0xf9, 0x92, 0xcf, 0xe4, 0x56, 0x43, 0x41, 0x91, | ||||
1822 | 0xaa, 0x59, 0x5b, 0x25, 0xf8, 0x02, 0x26, 0xc8, 0x00, 0x17, | ||||
1823 | }, | ||||
1824 | 32, "Google 'Solera2024' log" }, | ||||
1825 | { (const uint8_t[]){ | ||||
1826 | 0x3f, 0xe1, 0xcb, 0x46, 0xed, 0x47, 0x35, 0x79, 0xaf, 0x01, 0x41, | ||||
1827 | 0xf9, 0x72, 0x4d, 0x9d, 0xc4, 0x43, 0x47, 0x2d, 0x75, 0x6e, 0x85, | ||||
1828 | 0xe7, 0x71, 0x9c, 0x55, 0x82, 0x48, 0x5d, 0xd4, 0xe1, 0xe4, | ||||
1829 | }, | ||||
1830 | 32, "Google 'Solera2025h1' log" }, | ||||
1831 | { (const uint8_t[]){ | ||||
1832 | 0x26, 0x02, 0x39, 0x48, 0x87, 0x4c, 0xf7, 0xfc, 0xd0, 0xfb, 0x64, | ||||
1833 | 0x71, 0xa4, 0x3e, 0x84, 0x7e, 0xbb, 0x20, 0x0a, 0xe6, 0xe2, 0xfa, | ||||
1834 | 0x24, 0x23, 0x6d, 0xf6, 0xd1, 0xa6, 0x06, 0x63, 0x0f, 0xb1, | ||||
1835 | }, | ||||
1836 | 32, "Google 'Solera2025h2' log" }, | ||||
1837 | { (const uint8_t[]){ | ||||
1838 | 0xc8, 0x4b, 0x90, 0x7a, 0x07, 0xbe, 0xaa, 0x29, 0xa6, 0x14, 0xc2, | ||||
1839 | 0x45, 0x84, 0xb7, 0xa3, 0xf6, 0x62, 0x43, 0x94, 0x68, 0x7b, 0x25, | ||||
1840 | 0xfe, 0x62, 0x83, 0x8b, 0x71, 0xec, 0x42, 0x2a, 0xd2, 0xf9, | ||||
1841 | }, | ||||
1842 | 32, "Google 'Solera2026h1' log" }, | ||||
1843 | { (const uint8_t[]){ | ||||
1844 | 0x62, 0xe9, 0x00, 0x60, 0x04, 0xa3, 0x07, 0x95, 0x5a, 0x75, 0x44, | ||||
1845 | 0xb4, 0xd5, 0x84, 0xa9, 0x62, 0x68, 0xca, 0x1d, 0x6e, 0x45, 0x85, | ||||
1846 | 0xad, 0xf0, 0x91, 0x6d, 0xfe, 0x5f, 0xdc, 0x1f, 0x04, 0xdb, | ||||
1847 | }, | ||||
1848 | 32, "Google 'Solera2026h2' log" }, | ||||
1849 | { (const uint8_t[]){ | ||||
1850 | 0x5e, 0xa7, 0x73, 0xf9, 0xdf, 0x56, 0xc0, 0xe7, 0xb5, 0x36, 0x48, | ||||
1851 | 0x7d, 0xd0, 0x49, 0xe0, 0x32, 0x7a, 0x91, 0x9a, 0x0c, 0x84, 0xa1, | ||||
1852 | 0x12, 0x12, 0x84, 0x18, 0x75, 0x96, 0x81, 0x71, 0x45, 0x58, | ||||
1853 | }, | ||||
1854 | 32, "Cloudflare 'Nimbus2020' Log" }, | ||||
1855 | { (const uint8_t[]){ | ||||
1856 | 0x44, 0x94, 0x65, 0x2e, 0xb0, 0xee, 0xce, 0xaf, 0xc4, 0x40, 0x07, | ||||
1857 | 0xd8, 0xa8, 0xfe, 0x28, 0xc0, 0xda, 0xe6, 0x82, 0xbe, 0xd8, 0xcb, | ||||
1858 | 0x31, 0xb5, 0x3f, 0xd3, 0x33, 0x96, 0xb5, 0xb6, 0x81, 0xa8, | ||||
1859 | }, | ||||
1860 | 32, "Cloudflare 'Nimbus2021' Log" }, | ||||
1861 | { (const uint8_t[]){ | ||||
1862 | 0x41, 0xc8, 0xca, 0xb1, 0xdf, 0x22, 0x46, 0x4a, 0x10, 0xc6, 0xa1, | ||||
1863 | 0x3a, 0x09, 0x42, 0x87, 0x5e, 0x4e, 0x31, 0x8b, 0x1b, 0x03, 0xeb, | ||||
1864 | 0xeb, 0x4b, 0xc7, 0x68, 0xf0, 0x90, 0x62, 0x96, 0x06, 0xf6, | ||||
1865 | }, | ||||
1866 | 32, "Cloudflare 'Nimbus2022' Log" }, | ||||
1867 | { (const uint8_t[]){ | ||||
1868 | 0x7a, 0x32, 0x8c, 0x54, 0xd8, 0xb7, 0x2d, 0xb6, 0x20, 0xea, 0x38, | ||||
1869 | 0xe0, 0x52, 0x1e, 0xe9, 0x84, 0x16, 0x70, 0x32, 0x13, 0x85, 0x4d, | ||||
1870 | 0x3b, 0xd2, 0x2b, 0xc1, 0x3a, 0x57, 0xa3, 0x52, 0xeb, 0x52, | ||||
1871 | }, | ||||
1872 | 32, "Cloudflare 'Nimbus2023' Log" }, | ||||
1873 | { (const uint8_t[]){ | ||||
1874 | 0xda, 0xb6, 0xbf, 0x6b, 0x3f, 0xb5, 0xb6, 0x22, 0x9f, 0x9b, 0xc2, | ||||
1875 | 0xbb, 0x5c, 0x6b, 0xe8, 0x70, 0x91, 0x71, 0x6c, 0xbb, 0x51, 0x84, | ||||
1876 | 0x85, 0x34, 0xbd, 0xa4, 0x3d, 0x30, 0x48, 0xd7, 0xfb, 0xab, | ||||
1877 | }, | ||||
1878 | 32, "Cloudflare 'Nimbus2024' Log" }, | ||||
1879 | { (const uint8_t[]){ | ||||
1880 | 0xcc, 0xfb, 0x0f, 0x6a, 0x85, 0x71, 0x09, 0x65, 0xfe, 0x95, 0x9b, | ||||
1881 | 0x53, 0xce, 0xe9, 0xb2, 0x7c, 0x22, 0xe9, 0x85, 0x5c, 0x0d, 0x97, | ||||
1882 | 0x8d, 0xb6, 0xa9, 0x7e, 0x54, 0xc0, 0xfe, 0x4c, 0x0d, 0xb0, | ||||
1883 | }, | ||||
1884 | 32, "Cloudflare 'Nimbus2025'" }, | ||||
1885 | { (const uint8_t[]){ | ||||
1886 | 0xcb, 0x38, 0xf7, 0x15, 0x89, 0x7c, 0x84, 0xa1, 0x44, 0x5f, 0x5b, | ||||
1887 | 0xc1, 0xdd, 0xfb, 0xc9, 0x6e, 0xf2, 0x9a, 0x59, 0xcd, 0x47, 0x0a, | ||||
1888 | 0x69, 0x05, 0x85, 0xb0, 0xcb, 0x14, 0xc3, 0x14, 0x58, 0xe7, | ||||
1889 | }, | ||||
1890 | 32, "Cloudflare 'Nimbus2026'" }, | ||||
1891 | { (const uint8_t[]){ | ||||
1892 | 0x1f, 0xbc, 0x36, 0xe0, 0x02, 0xed, 0xe9, 0x7f, 0x40, 0x19, 0x9e, | ||||
1893 | 0x86, 0xb3, 0x57, 0x3b, 0x8a, 0x42, 0x17, 0xd8, 0x01, 0x87, 0x74, | ||||
1894 | 0x6a, 0xd0, 0xda, 0x03, 0xa0, 0x60, 0x54, 0xd2, 0x0d, 0xf4, | ||||
1895 | }, | ||||
1896 | 32, "Cloudflare 'Nimbus2017' Log" }, | ||||
1897 | { (const uint8_t[]){ | ||||
1898 | 0xdb, 0x74, 0xaf, 0xee, 0xcb, 0x29, 0xec, 0xb1, 0xfe, 0xca, 0x3e, | ||||
1899 | 0x71, 0x6d, 0x2c, 0xe5, 0xb9, 0xaa, 0xbb, 0x36, 0xf7, 0x84, 0x71, | ||||
1900 | 0x83, 0xc7, 0x5d, 0x9d, 0x4f, 0x37, 0xb6, 0x1f, 0xbf, 0x64, | ||||
1901 | }, | ||||
1902 | 32, "Cloudflare 'Nimbus2018' Log" }, | ||||
1903 | { (const uint8_t[]){ | ||||
1904 | 0x74, 0x7e, 0xda, 0x83, 0x31, 0xad, 0x33, 0x10, 0x91, 0x21, 0x9c, | ||||
1905 | 0xce, 0x25, 0x4f, 0x42, 0x70, 0xc2, 0xbf, 0xfd, 0x5e, 0x42, 0x20, | ||||
1906 | 0x08, 0xc6, 0x37, 0x35, 0x79, 0xe6, 0x10, 0x7b, 0xcc, 0x56, | ||||
1907 | }, | ||||
1908 | 32, "Cloudflare 'Nimbus2019' Log" }, | ||||
1909 | { (const uint8_t[]){ | ||||
1910 | 0x56, 0x14, 0x06, 0x9a, 0x2f, 0xd7, 0xc2, 0xec, 0xd3, 0xf5, 0xe1, | ||||
1911 | 0xbd, 0x44, 0xb2, 0x3e, 0xc7, 0x46, 0x76, 0xb9, 0xbc, 0x99, 0x11, | ||||
1912 | 0x5c, 0xc0, 0xef, 0x94, 0x98, 0x55, 0xd6, 0x89, 0xd0, 0xdd, | ||||
1913 | }, | ||||
1914 | 32, "DigiCert Log Server" }, | ||||
1915 | { (const uint8_t[]){ | ||||
1916 | 0x87, 0x75, 0xbf, 0xe7, 0x59, 0x7c, 0xf8, 0x8c, 0x43, 0x99, 0x5f, | ||||
1917 | 0xbd, 0xf3, 0x6e, 0xff, 0x56, 0x8d, 0x47, 0x56, 0x36, 0xff, 0x4a, | ||||
1918 | 0xb5, 0x60, 0xc1, 0xb4, 0xea, 0xff, 0x5e, 0xa0, 0x83, 0x0f, | ||||
1919 | }, | ||||
1920 | 32, "DigiCert Log Server 2" }, | ||||
1921 | { (const uint8_t[]){ | ||||
1922 | 0xf0, 0x95, 0xa4, 0x59, 0xf2, 0x00, 0xd1, 0x82, 0x40, 0x10, 0x2d, | ||||
1923 | 0x2f, 0x93, 0x88, 0x8e, 0xad, 0x4b, 0xfe, 0x1d, 0x47, 0xe3, 0x99, | ||||
1924 | 0xe1, 0xd0, 0x34, 0xa6, 0xb0, 0xa8, 0xaa, 0x8e, 0xb2, 0x73, | ||||
1925 | }, | ||||
1926 | 32, "DigiCert Yeti2020 Log" }, | ||||
1927 | { (const uint8_t[]){ | ||||
1928 | 0x5c, 0xdc, 0x43, 0x92, 0xfe, 0xe6, 0xab, 0x45, 0x44, 0xb1, 0x5e, | ||||
1929 | 0x9a, 0xd4, 0x56, 0xe6, 0x10, 0x37, 0xfb, 0xd5, 0xfa, 0x47, 0xdc, | ||||
1930 | 0xa1, 0x73, 0x94, 0xb2, 0x5e, 0xe6, 0xf6, 0xc7, 0x0e, 0xca, | ||||
1931 | }, | ||||
1932 | 32, "DigiCert Yeti2021 Log" }, | ||||
1933 | { (const uint8_t[]){ | ||||
1934 | 0x22, 0x45, 0x45, 0x07, 0x59, 0x55, 0x24, 0x56, 0x96, 0x3f, 0xa1, | ||||
1935 | 0x2f, 0xf1, 0xf7, 0x6d, 0x86, 0xe0, 0x23, 0x26, 0x63, 0xad, 0xc0, | ||||
1936 | 0x4b, 0x7f, 0x5d, 0xc6, 0x83, 0x5c, 0x6e, 0xe2, 0x0f, 0x02, | ||||
1937 | }, | ||||
1938 | 32, "DigiCert Yeti2022 Log" }, | ||||
1939 | { (const uint8_t[]){ | ||||
1940 | 0x35, 0xcf, 0x19, 0x1b, 0xbf, 0xb1, 0x6c, 0x57, 0xbf, 0x0f, 0xad, | ||||
1941 | 0x4c, 0x6d, 0x42, 0xcb, 0xbb, 0xb6, 0x27, 0x20, 0x26, 0x51, 0xea, | ||||
1942 | 0x3f, 0xe1, 0x2a, 0xef, 0xa8, 0x03, 0xc3, 0x3b, 0xd6, 0x4c, | ||||
1943 | }, | ||||
1944 | 32, "DigiCert Yeti2023 Log" }, | ||||
1945 | { (const uint8_t[]){ | ||||
1946 | 0x48, 0xb0, 0xe3, 0x6b, 0xda, 0xa6, 0x47, 0x34, 0x0f, 0xe5, 0x6a, | ||||
1947 | 0x02, 0xfa, 0x9d, 0x30, 0xeb, 0x1c, 0x52, 0x01, 0xcb, 0x56, 0xdd, | ||||
1948 | 0x2c, 0x81, 0xd9, 0xbb, 0xbf, 0xab, 0x39, 0xd8, 0x84, 0x73, | ||||
1949 | }, | ||||
1950 | 32, "DigiCert Yeti2024 Log" }, | ||||
1951 | { (const uint8_t[]){ | ||||
1952 | 0x7d, 0x59, 0x1e, 0x12, 0xe1, 0x78, 0x2a, 0x7b, 0x1c, 0x61, 0x67, | ||||
1953 | 0x7c, 0x5e, 0xfd, 0xf8, 0xd0, 0x87, 0x5c, 0x14, 0xa0, 0x4e, 0x95, | ||||
1954 | 0x9e, 0xb9, 0x03, 0x2f, 0xd9, 0x0e, 0x8c, 0x2e, 0x79, 0xb8, | ||||
1955 | }, | ||||
1956 | 32, "DigiCert Yeti2025 Log" }, | ||||
1957 | { (const uint8_t[]){ | ||||
1958 | 0xc6, 0x52, 0xa0, 0xec, 0x48, 0xce, 0xb3, 0xfc, 0xab, 0x17, 0x09, | ||||
1959 | 0x92, 0xc4, 0x3a, 0x87, 0x41, 0x33, 0x09, 0xe8, 0x00, 0x65, 0xa2, | ||||
1960 | 0x62, 0x52, 0x40, 0x1b, 0xa3, 0x36, 0x2a, 0x17, 0xc5, 0x65, | ||||
1961 | }, | ||||
1962 | 32, "DigiCert Nessie2020 Log" }, | ||||
1963 | { (const uint8_t[]){ | ||||
1964 | 0xee, 0xc0, 0x95, 0xee, 0x8d, 0x72, 0x64, 0x0f, 0x92, 0xe3, 0xc3, | ||||
1965 | 0xb9, 0x1b, 0xc7, 0x12, 0xa3, 0x69, 0x6a, 0x09, 0x7b, 0x4b, 0x6a, | ||||
1966 | 0x1a, 0x14, 0x38, 0xe6, 0x47, 0xb2, 0xcb, 0xed, 0xc5, 0xf9, | ||||
1967 | }, | ||||
1968 | 32, "DigiCert Nessie2021 Log" }, | ||||
1969 | { (const uint8_t[]){ | ||||
1970 | 0x51, 0xa3, 0xb0, 0xf5, 0xfd, 0x01, 0x79, 0x9c, 0x56, 0x6d, 0xb8, | ||||
1971 | 0x37, 0x78, 0x8f, 0x0c, 0xa4, 0x7a, 0xcc, 0x1b, 0x27, 0xcb, 0xf7, | ||||
1972 | 0x9e, 0x88, 0x42, 0x9a, 0x0d, 0xfe, 0xd4, 0x8b, 0x05, 0xe5, | ||||
1973 | }, | ||||
1974 | 32, "DigiCert Nessie2022 Log" }, | ||||
1975 | { (const uint8_t[]){ | ||||
1976 | 0xb3, 0x73, 0x77, 0x07, 0xe1, 0x84, 0x50, 0xf8, 0x63, 0x86, 0xd6, | ||||
1977 | 0x05, 0xa9, 0xdc, 0x11, 0x09, 0x4a, 0x79, 0x2d, 0xb1, 0x67, 0x0c, | ||||
1978 | 0x0b, 0x87, 0xdc, 0xf0, 0x03, 0x0e, 0x79, 0x36, 0xa5, 0x9a, | ||||
1979 | }, | ||||
1980 | 32, "DigiCert Nessie2023 Log" }, | ||||
1981 | { (const uint8_t[]){ | ||||
1982 | 0x73, 0xd9, 0x9e, 0x89, 0x1b, 0x4c, 0x96, 0x78, 0xa0, 0x20, 0x7d, | ||||
1983 | 0x47, 0x9d, 0xe6, 0xb2, 0xc6, 0x1c, 0xd0, 0x51, 0x5e, 0x71, 0x19, | ||||
1984 | 0x2a, 0x8c, 0x6b, 0x80, 0x10, 0x7a, 0xc1, 0x77, 0x72, 0xb5, | ||||
1985 | }, | ||||
1986 | 32, "DigiCert Nessie2024 Log" }, | ||||
1987 | { (const uint8_t[]){ | ||||
1988 | 0xe6, 0xd2, 0x31, 0x63, 0x40, 0x77, 0x8c, 0xc1, 0x10, 0x41, 0x06, | ||||
1989 | 0xd7, 0x71, 0xb9, 0xce, 0xc1, 0xd2, 0x40, 0xf6, 0x96, 0x84, 0x86, | ||||
1990 | 0xfb, 0xba, 0x87, 0x32, 0x1d, 0xfd, 0x1e, 0x37, 0x8e, 0x50, | ||||
1991 | }, | ||||
1992 | 32, "DigiCert Nessie2025 Log" }, | ||||
1993 | { (const uint8_t[]){ | ||||
1994 | 0xb6, 0x9d, 0xdc, 0xbc, 0x3c, 0x1a, 0xbd, 0xef, 0x6f, 0x9f, 0xd6, | ||||
1995 | 0x0c, 0x88, 0xb1, 0x06, 0x7b, 0x77, 0xf0, 0x82, 0x68, 0x8b, 0x2d, | ||||
1996 | 0x78, 0x65, 0xd0, 0x4b, 0x39, 0xab, 0xe9, 0x27, 0xa5, 0x75, | ||||
1997 | }, | ||||
1998 | 32, "DigiCert 'Wyvern2024h1' Log" }, | ||||
1999 | { (const uint8_t[]){ | ||||
2000 | 0x0c, 0x2a, 0xef, 0x2c, 0x4a, 0x5b, 0x98, 0x83, 0xd4, 0xdd, 0xa3, | ||||
2001 | 0x82, 0xfe, 0x50, 0xfb, 0x51, 0x88, 0xb3, 0xe9, 0x73, 0x33, 0xa1, | ||||
2002 | 0xec, 0x53, 0xa0, 0x9d, 0xc9, 0xa7, 0x9d, 0x0d, 0x08, 0x20, | ||||
2003 | }, | ||||
2004 | 32, "DigiCert 'Wyvern2024h2' Log" }, | ||||
2005 | { (const uint8_t[]){ | ||||
2006 | 0x73, 0x20, 0x22, 0x0f, 0x08, 0x16, 0x8a, 0xf9, 0xf3, 0xc4, 0xa6, | ||||
2007 | 0x8b, 0x0a, 0xb2, 0x6a, 0x9a, 0x4a, 0x00, 0xee, 0xf5, 0x77, 0x85, | ||||
2008 | 0x8a, 0x08, 0x4d, 0x05, 0x00, 0xd4, 0xa5, 0x42, 0x44, 0x59, | ||||
2009 | }, | ||||
2010 | 32, "DigiCert 'Wyvern2025h1' Log" }, | ||||
2011 | { (const uint8_t[]){ | ||||
2012 | 0xed, 0x3c, 0x4b, 0xd6, 0xe8, 0x06, 0xc2, 0xa4, 0xa2, 0x00, 0x57, | ||||
2013 | 0xdb, 0xcb, 0x24, 0xe2, 0x38, 0x01, 0xdf, 0x51, 0x2f, 0xed, 0xc4, | ||||
2014 | 0x86, 0xc5, 0x70, 0x0f, 0x20, 0xdd, 0xb7, 0x3e, 0x3f, 0xe0, | ||||
2015 | }, | ||||
2016 | 32, "DigiCert 'Wyvern2025h2' Log" }, | ||||
2017 | { (const uint8_t[]){ | ||||
2018 | 0x64, 0x11, 0xc4, 0x6c, 0xa4, 0x12, 0xec, 0xa7, 0x89, 0x1c, 0xa2, | ||||
2019 | 0x02, 0x2e, 0x00, 0xbc, 0xab, 0x4f, 0x28, 0x07, 0xd4, 0x1e, 0x35, | ||||
2020 | 0x27, 0xab, 0xea, 0xfe, 0xd5, 0x03, 0xc9, 0x7d, 0xcd, 0xf0, | ||||
2021 | }, | ||||
2022 | 32, "DigiCert 'Wyvern2026h1'" }, | ||||
2023 | { (const uint8_t[]){ | ||||
2024 | 0xc2, 0x31, 0x7e, 0x57, 0x45, 0x19, 0xa3, 0x45, 0xee, 0x7f, 0x38, | ||||
2025 | 0xde, 0xb2, 0x90, 0x41, 0xeb, 0xc7, 0xc2, 0x21, 0x5a, 0x22, 0xbf, | ||||
2026 | 0x7f, 0xd5, 0xb5, 0xad, 0x76, 0x9a, 0xd9, 0x0e, 0x52, 0xcd, | ||||
2027 | }, | ||||
2028 | 32, "DigiCert 'Wyvern2026h2'" }, | ||||
2029 | { (const uint8_t[]){ | ||||
2030 | 0xdb, 0x07, 0x6c, 0xde, 0x6a, 0x8b, 0x78, 0xec, 0x58, 0xd6, 0x05, | ||||
2031 | 0x64, 0x96, 0xeb, 0x6a, 0x26, 0xa8, 0xc5, 0x9e, 0x72, 0x12, 0x93, | ||||
2032 | 0xe8, 0xac, 0x03, 0x27, 0xdd, 0xde, 0x89, 0xdb, 0x5a, 0x2a, | ||||
2033 | }, | ||||
2034 | 32, "DigiCert 'Sphinx2024h1' Log" }, | ||||
2035 | { (const uint8_t[]){ | ||||
2036 | 0xdc, 0xc9, 0x5e, 0x6f, 0xa2, 0x99, 0xb9, 0xb0, 0xfd, 0xbd, 0x6c, | ||||
2037 | 0xa6, 0xa3, 0x6e, 0x1d, 0x72, 0xc4, 0x21, 0x2f, 0xdd, 0x1e, 0x0f, | ||||
2038 | 0x47, 0x55, 0x3a, 0x36, 0xd6, 0xcf, 0x1a, 0xd1, 0x1d, 0x8d, | ||||
2039 | }, | ||||
2040 | 32, "DigiCert 'Sphinx2024h2' Log" }, | ||||
2041 | { (const uint8_t[]){ | ||||
2042 | 0xde, 0x85, 0x81, 0xd7, 0x50, 0x24, 0x7c, 0x6b, 0xcd, 0xcb, 0xaf, | ||||
2043 | 0x56, 0x37, 0xc5, 0xe7, 0x81, 0xc6, 0x4c, 0xe4, 0x6e, 0xd6, 0x17, | ||||
2044 | 0x63, 0x9f, 0x8f, 0x34, 0xa7, 0x26, 0xc9, 0xe2, 0xbd, 0x37, | ||||
2045 | }, | ||||
2046 | 32, "DigiCert 'Sphinx2025h1' Log" }, | ||||
2047 | { (const uint8_t[]){ | ||||
2048 | 0xa4, 0x42, 0xc5, 0x06, 0x49, 0x60, 0x61, 0x54, 0x8f, 0x0f, 0xd4, | ||||
2049 | 0xea, 0x9c, 0xfb, 0x7a, 0x2d, 0x26, 0x45, 0x4d, 0x87, 0xa9, 0x7f, | ||||
2050 | 0x2f, 0xdf, 0x45, 0x59, 0xf6, 0x27, 0x4f, 0x3a, 0x84, 0x54, | ||||
2051 | }, | ||||
2052 | 32, "DigiCert 'Sphinx2025h2' Log" }, | ||||
2053 | { (const uint8_t[]){ | ||||
2054 | 0x49, 0x9c, 0x9b, 0x69, 0xde, 0x1d, 0x7c, 0xec, 0xfc, 0x36, 0xde, | ||||
2055 | 0xcd, 0x87, 0x64, 0xa6, 0xb8, 0x5b, 0xaf, 0x0a, 0x87, 0x80, 0x19, | ||||
2056 | 0xd1, 0x55, 0x52, 0xfb, 0xe9, 0xeb, 0x29, 0xdd, 0xf8, 0xc3, | ||||
2057 | }, | ||||
2058 | 32, "DigiCert 'Sphinx2026h1'" }, | ||||
2059 | { (const uint8_t[]){ | ||||
2060 | 0x94, 0x4e, 0x43, 0x87, 0xfa, 0xec, 0xc1, 0xef, 0x81, 0xf3, 0x19, | ||||
2061 | 0x24, 0x26, 0xa8, 0x18, 0x65, 0x01, 0xc7, 0xd3, 0x5f, 0x38, 0x02, | ||||
2062 | 0x01, 0x3f, 0x72, 0x67, 0x7d, 0x55, 0x37, 0x2e, 0x19, 0xd8, | ||||
2063 | }, | ||||
2064 | 32, "DigiCert 'Sphinx2026h2'" }, | ||||
2065 | { (const uint8_t[]){ | ||||
2066 | 0xdd, 0xeb, 0x1d, 0x2b, 0x7a, 0x0d, 0x4f, 0xa6, 0x20, 0x8b, 0x81, | ||||
2067 | 0xad, 0x81, 0x68, 0x70, 0x7e, 0x2e, 0x8e, 0x9d, 0x01, 0xd5, 0x5c, | ||||
2068 | 0x88, 0x8d, 0x3d, 0x11, 0xc4, 0xcd, 0xb6, 0xec, 0xbe, 0xcc, | ||||
2069 | }, | ||||
2070 | 32, "Symantec log" }, | ||||
2071 | { (const uint8_t[]){ | ||||
2072 | 0xbc, 0x78, 0xe1, 0xdf, 0xc5, 0xf6, 0x3c, 0x68, 0x46, 0x49, 0x33, | ||||
2073 | 0x4d, 0xa1, 0x0f, 0xa1, 0x5f, 0x09, 0x79, 0x69, 0x20, 0x09, 0xc0, | ||||
2074 | 0x81, 0xb4, 0xf3, 0xf6, 0x91, 0x7f, 0x3e, 0xd9, 0xb8, 0xa5, | ||||
2075 | }, | ||||
2076 | 32, "Symantec 'Vega' log" }, | ||||
2077 | { (const uint8_t[]){ | ||||
2078 | 0x15, 0x97, 0x04, 0x88, 0xd7, 0xb9, 0x97, 0xa0, 0x5b, 0xeb, 0x52, | ||||
2079 | 0x51, 0x2a, 0xde, 0xe8, 0xd2, 0xe8, 0xb4, 0xa3, 0x16, 0x52, 0x64, | ||||
2080 | 0x12, 0x1a, 0x9f, 0xab, 0xfb, 0xd5, 0xf8, 0x5a, 0xd9, 0x3f, | ||||
2081 | }, | ||||
2082 | 32, "Symantec 'Sirius' log" }, | ||||
2083 | { (const uint8_t[]){ | ||||
2084 | 0x05, 0x9c, 0x01, 0xd3, 0x20, 0xe0, 0x07, 0x84, 0x13, 0x95, 0x80, | ||||
2085 | 0x49, 0x8d, 0x11, 0x7c, 0x90, 0x32, 0x66, 0xaf, 0xaf, 0x72, 0x50, | ||||
2086 | 0xb5, 0xaf, 0x3b, 0x46, 0xa4, 0x3e, 0x11, 0x84, 0x0d, 0x4a, | ||||
2087 | }, | ||||
2088 | 32, "DigiCert Yeti2022-2 Log" }, | ||||
2089 | { (const uint8_t[]){ | ||||
2090 | 0xc1, 0x16, 0x4a, 0xe0, 0xa7, 0x72, 0xd2, 0xd4, 0x39, 0x2d, 0xc8, | ||||
2091 | 0x0a, 0xc1, 0x07, 0x70, 0xd4, 0xf0, 0xc4, 0x9b, 0xde, 0x99, 0x1a, | ||||
2092 | 0x48, 0x40, 0xc1, 0xfa, 0x07, 0x51, 0x64, 0xf6, 0x33, 0x60, | ||||
2093 | }, | ||||
2094 | 32, "DigiCert Yeti2018 Log" }, | ||||
2095 | { (const uint8_t[]){ | ||||
2096 | 0xe2, 0x69, 0x4b, 0xae, 0x26, 0xe8, 0xe9, 0x40, 0x09, 0xe8, 0x86, | ||||
2097 | 0x1b, 0xb6, 0x3b, 0x83, 0xd4, 0x3e, 0xe7, 0xfe, 0x74, 0x88, 0xfb, | ||||
2098 | 0xa4, 0x8f, 0x28, 0x93, 0x01, 0x9d, 0xdd, 0xf1, 0xdb, 0xfe, | ||||
2099 | }, | ||||
2100 | 32, "DigiCert Yeti2019 Log" }, | ||||
2101 | { (const uint8_t[]){ | ||||
2102 | 0x6f, 0xf1, 0x41, 0xb5, 0x64, 0x7e, 0x42, 0x22, 0xf7, 0xef, 0x05, | ||||
2103 | 0x2c, 0xef, 0xae, 0x7c, 0x21, 0xfd, 0x60, 0x8e, 0x27, 0xd2, 0xaf, | ||||
2104 | 0x5a, 0x6e, 0x9f, 0x4b, 0x8a, 0x37, 0xd6, 0x63, 0x3e, 0xe5, | ||||
2105 | }, | ||||
2106 | 32, "DigiCert Nessie2018 Log" }, | ||||
2107 | { (const uint8_t[]){ | ||||
2108 | 0xfe, 0x44, 0x61, 0x08, 0xb1, 0xd0, 0x1a, 0xb7, 0x8a, 0x62, 0xcc, | ||||
2109 | 0xfe, 0xab, 0x6a, 0xb2, 0xb2, 0xba, 0xbf, 0xf3, 0xab, 0xda, 0xd8, | ||||
2110 | 0x0a, 0x4d, 0x8b, 0x30, 0xdf, 0x2d, 0x00, 0x08, 0x83, 0x0c, | ||||
2111 | }, | ||||
2112 | 32, "DigiCert Nessie2019 Log" }, | ||||
2113 | { (const uint8_t[]){ | ||||
2114 | 0xa7, 0xce, 0x4a, 0x4e, 0x62, 0x07, 0xe0, 0xad, 0xde, 0xe5, 0xfd, | ||||
2115 | 0xaa, 0x4b, 0x1f, 0x86, 0x76, 0x87, 0x67, 0xb5, 0xd0, 0x02, 0xa5, | ||||
2116 | 0x5d, 0x47, 0x31, 0x0e, 0x7e, 0x67, 0x0a, 0x95, 0xea, 0xb2, | ||||
2117 | }, | ||||
2118 | 32, "Symantec Deneb" }, | ||||
2119 | { (const uint8_t[]){ | ||||
2120 | 0xcd, 0xb5, 0x17, 0x9b, 0x7f, 0xc1, 0xc0, 0x46, 0xfe, 0xea, 0x31, | ||||
2121 | 0x13, 0x6a, 0x3f, 0x8f, 0x00, 0x2e, 0x61, 0x82, 0xfa, 0xf8, 0x89, | ||||
2122 | 0x6f, 0xec, 0xc8, 0xb2, 0xf5, 0xb5, 0xab, 0x60, 0x49, 0x00, | ||||
2123 | }, | ||||
2124 | 32, "Certly.IO log" }, | ||||
2125 | { (const uint8_t[]){ | ||||
2126 | 0x74, 0x61, 0xb4, 0xa0, 0x9c, 0xfb, 0x3d, 0x41, 0xd7, 0x51, 0x59, | ||||
2127 | 0x57, 0x5b, 0x2e, 0x76, 0x49, 0xa4, 0x45, 0xa8, 0xd2, 0x77, 0x09, | ||||
2128 | 0xb0, 0xcc, 0x56, 0x4a, 0x64, 0x82, 0xb7, 0xeb, 0x41, 0xa3, | ||||
2129 | }, | ||||
2130 | 32, "Izenpe log" }, | ||||
2131 | { (const uint8_t[]){ | ||||
2132 | 0x89, 0x41, 0x44, 0x9c, 0x70, 0x74, 0x2e, 0x06, 0xb9, 0xfc, 0x9c, | ||||
2133 | 0xe7, 0xb1, 0x16, 0xba, 0x00, 0x24, 0xaa, 0x36, 0xd5, 0x9a, 0xf4, | ||||
2134 | 0x4f, 0x02, 0x04, 0x40, 0x4f, 0x00, 0xf7, 0xea, 0x85, 0x66, | ||||
2135 | }, | ||||
2136 | 32, "Izenpe 'Argi' log" }, | ||||
2137 | { (const uint8_t[]){ | ||||
2138 | 0x41, 0xb2, 0xdc, 0x2e, 0x89, 0xe6, 0x3c, 0xe4, 0xaf, 0x1b, 0xa7, | ||||
2139 | 0xbb, 0x29, 0xbf, 0x68, 0xc6, 0xde, 0xe6, 0xf9, 0xf1, 0xcc, 0x04, | ||||
2140 | 0x7e, 0x30, 0xdf, 0xfa, 0xe3, 0xb3, 0xba, 0x25, 0x92, 0x63, | ||||
2141 | }, | ||||
2142 | 32, "WoSign log" }, | ||||
2143 | { (const uint8_t[]){ | ||||
2144 | 0x9e, 0x4f, 0xf7, 0x3d, 0xc3, 0xce, 0x22, 0x0b, 0x69, 0x21, 0x7c, | ||||
2145 | 0x89, 0x9e, 0x46, 0x80, 0x76, 0xab, 0xf8, 0xd7, 0x86, 0x36, 0xd5, | ||||
2146 | 0xcc, 0xfc, 0x85, 0xa3, 0x1a, 0x75, 0x62, 0x8b, 0xa8, 0x8b, | ||||
2147 | }, | ||||
2148 | 32, "WoSign CT log #1" }, | ||||
2149 | { (const uint8_t[]){ | ||||
2150 | 0x63, 0xd0, 0x00, 0x60, 0x26, 0xdd, 0xe1, 0x0b, 0xb0, 0x60, 0x1f, | ||||
2151 | 0x45, 0x24, 0x46, 0x96, 0x5e, 0xe2, 0xb6, 0xea, 0x2c, 0xd4, 0xfb, | ||||
2152 | 0xc9, 0x5a, 0xc8, 0x66, 0xa5, 0x50, 0xaf, 0x90, 0x75, 0xb7, | ||||
2153 | }, | ||||
2154 | 32, "WoSign log 2" }, | ||||
2155 | { (const uint8_t[]){ | ||||
2156 | 0xac, 0x3b, 0x9a, 0xed, 0x7f, 0xa9, 0x67, 0x47, 0x57, 0x15, 0x9e, | ||||
2157 | 0x6d, 0x7d, 0x57, 0x56, 0x72, 0xf9, 0xd9, 0x81, 0x00, 0x94, 0x1e, | ||||
2158 | 0x9b, 0xde, 0xff, 0xec, 0xa1, 0x31, 0x3b, 0x75, 0x78, 0x2d, | ||||
2159 | }, | ||||
2160 | 32, "Venafi log" }, | ||||
2161 | { (const uint8_t[]){ | ||||
2162 | 0x03, 0x01, 0x9d, 0xf3, 0xfd, 0x85, 0xa6, 0x9a, 0x8e, 0xbd, 0x1f, | ||||
2163 | 0xac, 0xc6, 0xda, 0x9b, 0xa7, 0x3e, 0x46, 0x97, 0x74, 0xfe, 0x77, | ||||
2164 | 0xf5, 0x79, 0xfc, 0x5a, 0x08, 0xb8, 0x32, 0x8c, 0x1d, 0x6b, | ||||
2165 | }, | ||||
2166 | 32, "Venafi Gen2 CT log" }, | ||||
2167 | { (const uint8_t[]){ | ||||
2168 | 0xa5, 0x77, 0xac, 0x9c, 0xed, 0x75, 0x48, 0xdd, 0x8f, 0x02, 0x5b, | ||||
2169 | 0x67, 0xa2, 0x41, 0x08, 0x9d, 0xf8, 0x6e, 0x0f, 0x47, 0x6e, 0xc2, | ||||
2170 | 0x03, 0xc2, 0xec, 0xbe, 0xdb, 0x18, 0x5f, 0x28, 0x26, 0x38, | ||||
2171 | }, | ||||
2172 | 32, "CNNIC CT log" }, | ||||
2173 | { (const uint8_t[]){ | ||||
2174 | 0x34, 0xbb, 0x6a, 0xd6, 0xc3, 0xdf, 0x9c, 0x03, 0xee, 0xa8, 0xa4, | ||||
2175 | 0x99, 0xff, 0x78, 0x91, 0x48, 0x6c, 0x9d, 0x5e, 0x5c, 0xac, 0x92, | ||||
2176 | 0xd0, 0x1f, 0x7b, 0xfd, 0x1b, 0xce, 0x19, 0xdb, 0x48, 0xef, | ||||
2177 | }, | ||||
2178 | 32, "StartCom log" }, | ||||
2179 | { (const uint8_t[]){ | ||||
2180 | 0x55, 0x81, 0xd4, 0xc2, 0x16, 0x90, 0x36, 0x01, 0x4a, 0xea, 0x0b, | ||||
2181 | 0x9b, 0x57, 0x3c, 0x53, 0xf0, 0xc0, 0xe4, 0x38, 0x78, 0x70, 0x25, | ||||
2182 | 0x08, 0x17, 0x2f, 0xa3, 0xaa, 0x1d, 0x07, 0x13, 0xd3, 0x0c, | ||||
2183 | }, | ||||
2184 | 32, "Sectigo 'Sabre' CT log" }, | ||||
2185 | { (const uint8_t[]){ | ||||
2186 | 0xa2, 0xe2, 0xbf, 0xd6, 0x1e, 0xde, 0x2f, 0x2f, 0x07, 0xa0, 0xd6, | ||||
2187 | 0x4e, 0x6d, 0x37, 0xa7, 0xdc, 0x65, 0x43, 0xb0, 0xc6, 0xb5, 0x2e, | ||||
2188 | 0xa2, 0xda, 0xb7, 0x8a, 0xf8, 0x9a, 0x6d, 0xf5, 0x17, 0xd8, | ||||
2189 | }, | ||||
2190 | 32, "Sectigo 'Sabre2024h1'" }, | ||||
2191 | { (const uint8_t[]){ | ||||
2192 | 0x19, 0x98, 0x10, 0x71, 0x09, 0xf0, 0xd6, 0x52, 0x2e, 0x30, 0x80, | ||||
2193 | 0xd2, 0x9e, 0x3f, 0x64, 0xbb, 0x83, 0x6e, 0x28, 0xcc, 0xf9, 0x0f, | ||||
2194 | 0x52, 0x8e, 0xee, 0xdf, 0xce, 0x4a, 0x3f, 0x16, 0xb4, 0xca, | ||||
2195 | }, | ||||
2196 | 32, "Sectigo 'Sabre2024h2'" }, | ||||
2197 | { (const uint8_t[]){ | ||||
2198 | 0xe0, 0x92, 0xb3, 0xfc, 0x0c, 0x1d, 0xc8, 0xe7, 0x68, 0x36, 0x1f, | ||||
2199 | 0xde, 0x61, 0xb9, 0x96, 0x4d, 0x0a, 0x52, 0x78, 0x19, 0x8a, 0x72, | ||||
2200 | 0xd6, 0x72, 0xc4, 0xb0, 0x4d, 0xa5, 0x6d, 0x6f, 0x54, 0x04, | ||||
2201 | }, | ||||
2202 | 32, "Sectigo 'Sabre2025h1'" }, | ||||
2203 | { (const uint8_t[]){ | ||||
2204 | 0x1a, 0x04, 0xff, 0x49, 0xd0, 0x54, 0x1d, 0x40, 0xaf, 0xf6, 0xa0, | ||||
2205 | 0xc3, 0xbf, 0xf1, 0xd8, 0xc4, 0x67, 0x2f, 0x4e, 0xec, 0xee, 0x23, | ||||
2206 | 0x40, 0x68, 0x98, 0x6b, 0x17, 0x40, 0x2e, 0xdc, 0x89, 0x7d, | ||||
2207 | }, | ||||
2208 | 32, "Sectigo 'Sabre2025h2'" }, | ||||
2209 | { (const uint8_t[]){ | ||||
2210 | 0x6f, 0x53, 0x76, 0xac, 0x31, 0xf0, 0x31, 0x19, 0xd8, 0x99, 0x00, | ||||
2211 | 0xa4, 0x51, 0x15, 0xff, 0x77, 0x15, 0x1c, 0x11, 0xd9, 0x02, 0xc1, | ||||
2212 | 0x00, 0x29, 0x06, 0x8d, 0xb2, 0x08, 0x9a, 0x37, 0xd9, 0x13, | ||||
2213 | }, | ||||
2214 | 32, "Sectigo 'Mammoth' CT log" }, | ||||
2215 | { (const uint8_t[]){ | ||||
2216 | 0x29, 0xd0, 0x3a, 0x1b, 0xb6, 0x74, 0xaa, 0x71, 0x1c, 0xd3, 0x03, | ||||
2217 | 0x5b, 0x65, 0x57, 0xc1, 0x4f, 0x8a, 0xa7, 0x8b, 0x4f, 0xe8, 0x38, | ||||
2218 | 0x94, 0x49, 0xec, 0xa4, 0x53, 0xf9, 0x44, 0xbd, 0x24, 0x68, | ||||
2219 | }, | ||||
2220 | 32, "Sectigo 'Mammoth2024h1'" }, | ||||
2221 | { (const uint8_t[]){ | ||||
2222 | 0x50, 0x85, 0x01, 0x58, 0xdc, 0xb6, 0x05, 0x95, 0xc0, 0x0e, 0x92, | ||||
2223 | 0xa8, 0x11, 0x02, 0xec, 0xcd, 0xfe, 0x3f, 0x6b, 0x78, 0x58, 0x42, | ||||
2224 | 0x9f, 0x57, 0x98, 0x35, 0x38, 0xc9, 0xda, 0x52, 0x50, 0x63, | ||||
2225 | }, | ||||
2226 | 32, "Sectigo 'Mammoth2024h1b'" }, | ||||
2227 | { (const uint8_t[]){ | ||||
2228 | 0xdf, 0xe1, 0x56, 0xeb, 0xaa, 0x05, 0xaf, 0xb5, 0x9c, 0x0f, 0x86, | ||||
2229 | 0x71, 0x8d, 0xa8, 0xc0, 0x32, 0x4e, 0xae, 0x56, 0xd9, 0x6e, 0xa7, | ||||
2230 | 0xf5, 0xa5, 0x6a, 0x01, 0xd1, 0xc1, 0x3b, 0xbe, 0x52, 0x5c, | ||||
2231 | }, | ||||
2232 | 32, "Sectigo 'Mammoth2024h2'" }, | ||||
2233 | { (const uint8_t[]){ | ||||
2234 | 0x13, 0x4a, 0xdf, 0x1a, 0xb5, 0x98, 0x42, 0x09, 0x78, 0x0c, 0x6f, | ||||
2235 | 0xef, 0x4c, 0x7a, 0x91, 0xa4, 0x16, 0xb7, 0x23, 0x49, 0xce, 0x58, | ||||
2236 | 0x57, 0x6a, 0xdf, 0xae, 0xda, 0xa7, 0xc2, 0xab, 0xe0, 0x22, | ||||
2237 | }, | ||||
2238 | 32, "Sectigo 'Mammoth2025h1'" }, | ||||
2239 | { (const uint8_t[]){ | ||||
2240 | 0xaf, 0x18, 0x1a, 0x28, 0xd6, 0x8c, 0xa3, 0xe0, 0xa9, 0x8a, 0x4c, | ||||
2241 | 0x9c, 0x67, 0xab, 0x09, 0xf8, 0xbb, 0xbc, 0x22, 0xba, 0xae, 0xbc, | ||||
2242 | 0xb1, 0x38, 0xa3, 0xa1, 0x9d, 0xd3, 0xf9, 0xb6, 0x03, 0x0d, | ||||
2243 | }, | ||||
2244 | 32, "Sectigo 'Mammoth2025h2'" }, | ||||
2245 | { (const uint8_t[]){ | ||||
2246 | 0x25, 0x2f, 0x94, 0xc2, 0x2b, 0x29, 0xe9, 0x6e, 0x9f, 0x41, 0x1a, | ||||
2247 | 0x72, 0x07, 0x2b, 0x69, 0x5c, 0x5b, 0x52, 0xff, 0x97, 0xa9, 0x0d, | ||||
2248 | 0x25, 0x40, 0xbb, 0xfc, 0xdc, 0x51, 0xec, 0x4d, 0xee, 0x0b, | ||||
2249 | }, | ||||
2250 | 32, "Sectigo 'Mammoth2026h1'" }, | ||||
2251 | { (const uint8_t[]){ | ||||
2252 | 0x94, 0xb1, 0xc1, 0x8a, 0xb0, 0xd0, 0x57, 0xc4, 0x7b, 0xe0, 0xac, | ||||
2253 | 0x04, 0x0e, 0x1f, 0x2c, 0xbc, 0x8d, 0xc3, 0x75, 0x72, 0x7b, 0xc9, | ||||
2254 | 0x51, 0xf2, 0x0a, 0x52, 0x61, 0x26, 0x86, 0x3b, 0xa7, 0x3c, | ||||
2255 | }, | ||||
2256 | 32, "Sectigo 'Mammoth2026h2'" }, | ||||
2257 | { (const uint8_t[]){ | ||||
2258 | 0x56, 0x6c, 0xd5, 0xa3, 0x76, 0xbe, 0x83, 0xdf, 0xe3, 0x42, 0xb6, | ||||
2259 | 0x75, 0xc4, 0x9c, 0x23, 0x24, 0x98, 0xa7, 0x69, 0xba, 0xc3, 0x82, | ||||
2260 | 0xcb, 0xab, 0x49, 0xa3, 0x87, 0x7d, 0x9a, 0xb3, 0x2d, 0x01, | ||||
2261 | }, | ||||
2262 | 32, "Sectigo 'Sabre2026h1'" }, | ||||
2263 | { (const uint8_t[]){ | ||||
2264 | 0x1f, 0x56, 0xd1, 0xab, 0x94, 0x70, 0x4a, 0x41, 0xdd, 0x3f, 0xea, | ||||
2265 | 0xfd, 0xf4, 0x69, 0x93, 0x55, 0x30, 0x2c, 0x14, 0x31, 0xbf, 0xe6, | ||||
2266 | 0x13, 0x46, 0x08, 0x9f, 0xff, 0xae, 0x79, 0x5d, 0xcc, 0x2f, | ||||
2267 | }, | ||||
2268 | 32, "Sectigo 'Sabre2026h2'" }, | ||||
2269 | { (const uint8_t[]){ | ||||
2270 | 0xdb, 0x76, 0xfd, 0xad, 0xac, 0x65, 0xe7, 0xd0, 0x95, 0x08, 0x88, | ||||
2271 | 0x6e, 0x21, 0x59, 0xbd, 0x8b, 0x90, 0x35, 0x2f, 0x5f, 0xea, 0xd3, | ||||
2272 | 0xe3, 0xdc, 0x5e, 0x22, 0xeb, 0x35, 0x0a, 0xcc, 0x7b, 0x98, | ||||
2273 | }, | ||||
2274 | 32, "Sectigo 'Dodo' CT log" }, | ||||
2275 | { (const uint8_t[]){ | ||||
2276 | 0xe7, 0x12, 0xf2, 0xb0, 0x37, 0x7e, 0x1a, 0x62, 0xfb, 0x8e, 0xc9, | ||||
2277 | 0x0c, 0x61, 0x84, 0xf1, 0xea, 0x7b, 0x37, 0xcb, 0x56, 0x1d, 0x11, | ||||
2278 | 0x26, 0x5b, 0xf3, 0xe0, 0xf3, 0x4b, 0xf2, 0x41, 0x54, 0x6e, | ||||
2279 | }, | ||||
2280 | 32, "Let's Encrypt 'Oak2020' log" }, | ||||
2281 | { (const uint8_t[]){ | ||||
2282 | 0x94, 0x20, 0xbc, 0x1e, 0x8e, 0xd5, 0x8d, 0x6c, 0x88, 0x73, 0x1f, | ||||
2283 | 0x82, 0x8b, 0x22, 0x2c, 0x0d, 0xd1, 0xda, 0x4d, 0x5e, 0x6c, 0x4f, | ||||
2284 | 0x94, 0x3d, 0x61, 0xdb, 0x4e, 0x2f, 0x58, 0x4d, 0xa2, 0xc2, | ||||
2285 | }, | ||||
2286 | 32, "Let's Encrypt 'Oak2021' log" }, | ||||
2287 | { (const uint8_t[]){ | ||||
2288 | 0xdf, 0xa5, 0x5e, 0xab, 0x68, 0x82, 0x4f, 0x1f, 0x6c, 0xad, 0xee, | ||||
2289 | 0xb8, 0x5f, 0x4e, 0x3e, 0x5a, 0xea, 0xcd, 0xa2, 0x12, 0xa4, 0x6a, | ||||
2290 | 0x5e, 0x8e, 0x3b, 0x12, 0xc0, 0x20, 0x44, 0x5c, 0x2a, 0x73, | ||||
2291 | }, | ||||
2292 | 32, "Let's Encrypt 'Oak2022' log" }, | ||||
2293 | { (const uint8_t[]){ | ||||
2294 | 0xb7, 0x3e, 0xfb, 0x24, 0xdf, 0x9c, 0x4d, 0xba, 0x75, 0xf2, 0x39, | ||||
2295 | 0xc5, 0xba, 0x58, 0xf4, 0x6c, 0x5d, 0xfc, 0x42, 0xcf, 0x7a, 0x9f, | ||||
2296 | 0x35, 0xc4, 0x9e, 0x1d, 0x09, 0x81, 0x25, 0xed, 0xb4, 0x99, | ||||
2297 | }, | ||||
2298 | 32, "Let's Encrypt 'Oak2023' log" }, | ||||
2299 | { (const uint8_t[]){ | ||||
2300 | 0x3b, 0x53, 0x77, 0x75, 0x3e, 0x2d, 0xb9, 0x80, 0x4e, 0x8b, 0x30, | ||||
2301 | 0x5b, 0x06, 0xfe, 0x40, 0x3b, 0x67, 0xd8, 0x4f, 0xc3, 0xf4, 0xc7, | ||||
2302 | 0xbd, 0x00, 0x0d, 0x2d, 0x72, 0x6f, 0xe1, 0xfa, 0xd4, 0x17, | ||||
2303 | }, | ||||
2304 | 32, "Let's Encrypt 'Oak2024H1' log" }, | ||||
2305 | { (const uint8_t[]){ | ||||
2306 | 0x3f, 0x17, 0x4b, 0x4f, 0xd7, 0x22, 0x47, 0x58, 0x94, 0x1d, 0x65, | ||||
2307 | 0x1c, 0x84, 0xbe, 0x0d, 0x12, 0xed, 0x90, 0x37, 0x7f, 0x1f, 0x85, | ||||
2308 | 0x6a, 0xeb, 0xc1, 0xbf, 0x28, 0x85, 0xec, 0xf8, 0x64, 0x6e, | ||||
2309 | }, | ||||
2310 | 32, "Let's Encrypt 'Oak2024H2' log" }, | ||||
2311 | { (const uint8_t[]){ | ||||
2312 | 0xa2, 0xe3, 0x0a, 0xe4, 0x45, 0xef, 0xbd, 0xad, 0x9b, 0x7e, 0x38, | ||||
2313 | 0xed, 0x47, 0x67, 0x77, 0x53, 0xd7, 0x82, 0x5b, 0x84, 0x94, 0xd7, | ||||
2314 | 0x2b, 0x5e, 0x1b, 0x2c, 0xc4, 0xb9, 0x50, 0xa4, 0x47, 0xe7, | ||||
2315 | }, | ||||
2316 | 32, "Let's Encrypt 'Oak2025h1'" }, | ||||
2317 | { (const uint8_t[]){ | ||||
2318 | 0x0d, 0xe1, 0xf2, 0x30, 0x2b, 0xd3, 0x0d, 0xc1, 0x40, 0x62, 0x12, | ||||
2319 | 0x09, 0xea, 0x55, 0x2e, 0xfc, 0x47, 0x74, 0x7c, 0xb1, 0xd7, 0xe9, | ||||
2320 | 0x30, 0xef, 0x0e, 0x42, 0x1e, 0xb4, 0x7e, 0x4e, 0xaa, 0x34, | ||||
2321 | }, | ||||
2322 | 32, "Let's Encrypt 'Oak2025h2'" }, | ||||
2323 | { (const uint8_t[]){ | ||||
2324 | 0x19, 0x86, 0xd4, 0xc7, 0x28, 0xaa, 0x6f, 0xfe, 0xba, 0x03, 0x6f, | ||||
2325 | 0x78, 0x2a, 0x4d, 0x01, 0x91, 0xaa, 0xce, 0x2d, 0x72, 0x31, 0x0f, | ||||
2326 | 0xae, 0xce, 0x5d, 0x70, 0x41, 0x2d, 0x25, 0x4c, 0xc7, 0xd4, | ||||
2327 | }, | ||||
2328 | 32, "Let's Encrypt 'Oak2026h1'" }, | ||||
2329 | { (const uint8_t[]){ | ||||
2330 | 0xac, 0xab, 0x30, 0x70, 0x6c, 0xeb, 0xec, 0x84, 0x31, 0xf4, 0x13, | ||||
2331 | 0xd2, 0xf4, 0x91, 0x5f, 0x11, 0x1e, 0x42, 0x24, 0x43, 0xb1, 0xf2, | ||||
2332 | 0xa6, 0x8c, 0x4f, 0x3c, 0x2b, 0x3b, 0xa7, 0x1e, 0x02, 0xc3, | ||||
2333 | }, | ||||
2334 | 32, "Let's Encrypt 'Oak2026h2'" }, | ||||
2335 | { (const uint8_t[]){ | ||||
2336 | 0x65, 0x9b, 0x33, 0x50, 0xf4, 0x3b, 0x12, 0xcc, 0x5e, 0xa5, 0xab, | ||||
2337 | 0x4e, 0xc7, 0x65, 0xd3, 0xfd, 0xe6, 0xc8, 0x82, 0x43, 0x77, 0x77, | ||||
2338 | 0x78, 0xe7, 0x20, 0x03, 0xf9, 0xeb, 0x2b, 0x8c, 0x31, 0x29, | ||||
2339 | }, | ||||
2340 | 32, "Let's Encrypt 'Oak2019' log" }, | ||||
2341 | { (const uint8_t[]){ | ||||
2342 | 0x84, 0x9f, 0x5f, 0x7f, 0x58, 0xd2, 0xbf, 0x7b, 0x54, 0xec, 0xbd, | ||||
2343 | 0x74, 0x61, 0x1c, 0xea, 0x45, 0xc4, 0x9c, 0x98, 0xf1, 0xd6, 0x48, | ||||
2344 | 0x1b, 0xc6, 0xf6, 0x9e, 0x8c, 0x17, 0x4f, 0x24, 0xf3, 0xcf, | ||||
2345 | }, | ||||
2346 | 32, "Let's Encrypt 'Testflume2019' log" }, | ||||
2347 | { (const uint8_t[]){ | ||||
2348 | 0x23, 0x2d, 0x41, 0xa4, 0xcd, 0xac, 0x87, 0xce, 0xd9, 0xf9, 0x43, | ||||
2349 | 0xf4, 0x68, 0xc2, 0x82, 0x09, 0x5a, 0xe0, 0x9d, 0x30, 0xd6, 0x2e, | ||||
2350 | 0x2f, 0xa6, 0x5d, 0xdc, 0x3b, 0x91, 0x9c, 0x2e, 0x46, 0x8f, | ||||
2351 | }, | ||||
2352 | 32, "Let's Encrypt 'Sapling 2022h2' log" }, | ||||
2353 | { (const uint8_t[]){ | ||||
2354 | 0xc1, 0x83, 0x24, 0x0b, 0xf1, 0xa4, 0x50, 0xc7, 0x6f, 0xbb, 0x00, | ||||
2355 | 0x72, 0x69, 0xdc, 0xac, 0x3b, 0xe2, 0x2a, 0x48, 0x05, 0xd4, 0xdb, | ||||
2356 | 0xe0, 0x49, 0x66, 0xc3, 0xc8, 0xab, 0xc4, 0x47, 0xb0, 0x0c, | ||||
2357 | }, | ||||
2358 | 32, "Let's Encrypt 'Sapling 2023h1' log" }, | ||||
2359 | { (const uint8_t[]){ | ||||
2360 | 0xc6, 0x3f, 0x22, 0x18, 0xc3, 0x7d, 0x56, 0xa6, 0xaa, 0x06, 0xb5, | ||||
2361 | 0x96, 0xda, 0x8e, 0x53, 0xd4, 0xd7, 0x15, 0x6d, 0x1e, 0x9b, 0xac, | ||||
2362 | 0x8e, 0x44, 0xd2, 0x20, 0x2d, 0xe6, 0x4d, 0x69, 0xd9, 0xdc, | ||||
2363 | }, | ||||
2364 | 32, "Let's Encrypt 'Testflume2020' log" }, | ||||
2365 | { (const uint8_t[]){ | ||||
2366 | 0x03, 0xed, 0xf1, 0xda, 0x97, 0x76, 0xb6, 0xf3, 0x8c, 0x34, 0x1e, | ||||
2367 | 0x39, 0xed, 0x9d, 0x70, 0x7a, 0x75, 0x70, 0x36, 0x9c, 0xf9, 0x84, | ||||
2368 | 0x4f, 0x32, 0x7f, 0xe9, 0xe1, 0x41, 0x38, 0x36, 0x1b, 0x60, | ||||
2369 | }, | ||||
2370 | 32, "Let's Encrypt 'Testflume2021' log" }, | ||||
2371 | { (const uint8_t[]){ | ||||
2372 | 0x23, 0x27, 0xef, 0xda, 0x35, 0x25, 0x10, 0xdb, 0xc0, 0x19, 0xef, | ||||
2373 | 0x49, 0x1a, 0xe3, 0xff, 0x1c, 0xc5, 0xa4, 0x79, 0xbc, 0xe3, 0x78, | ||||
2374 | 0x78, 0x36, 0x0e, 0xe3, 0x18, 0xcf, 0xfb, 0x64, 0xf8, 0xc8, | ||||
2375 | }, | ||||
2376 | 32, "Let's Encrypt 'Testflume2022' log" }, | ||||
2377 | { (const uint8_t[]){ | ||||
2378 | 0x55, 0x34, 0xb7, 0xab, 0x5a, 0x6a, 0xc3, 0xa7, 0xcb, 0xeb, 0xa6, | ||||
2379 | 0x54, 0x87, 0xb2, 0xa2, 0xd7, 0x1b, 0x48, 0xf6, 0x50, 0xfa, 0x17, | ||||
2380 | 0xc5, 0x19, 0x7c, 0x97, 0xa0, 0xcb, 0x20, 0x76, 0xf3, 0xc6, | ||||
2381 | }, | ||||
2382 | 32, "Let's Encrypt 'Testflume2023' log" }, | ||||
2383 | { (const uint8_t[]){ | ||||
2384 | 0x29, 0x6a, 0xfa, 0x2d, 0x56, 0x8b, 0xca, 0x0d, 0x2e, 0xa8, 0x44, | ||||
2385 | 0x95, 0x6a, 0xe9, 0x72, 0x1f, 0xc3, 0x5f, 0xa3, 0x55, 0xec, 0xda, | ||||
2386 | 0x99, 0x69, 0x3a, 0xaf, 0xd4, 0x58, 0xa7, 0x1a, 0xef, 0xdd, | ||||
2387 | }, | ||||
2388 | 32, "Let's Encrypt 'Clicky' log" }, | ||||
2389 | { (const uint8_t[]){ | ||||
2390 | 0xa5, 0x95, 0x94, 0x3b, 0x53, 0x70, 0xbe, 0xe9, 0x06, 0xe0, 0x05, | ||||
2391 | 0x0d, 0x1f, 0xb5, 0xbb, 0xc6, 0xa4, 0x0e, 0x65, 0xf2, 0x65, 0xae, | ||||
2392 | 0x85, 0x2c, 0x76, 0x36, 0x3f, 0xad, 0xb2, 0x33, 0x36, 0xed, | ||||
2393 | }, | ||||
2394 | 32, "Trust Asia Log2020" }, | ||||
2395 | { (const uint8_t[]){ | ||||
2396 | 0xa8, 0xdc, 0x52, 0xf6, 0x3d, 0x6b, 0x24, 0x25, 0xe5, 0x31, 0xe3, | ||||
2397 | 0x7c, 0xf4, 0xe4, 0x4a, 0x71, 0x4f, 0x14, 0x2a, 0x20, 0x80, 0x3b, | ||||
2398 | 0x0d, 0x04, 0xd2, 0xe2, 0xee, 0x06, 0x64, 0x79, 0x4a, 0x23, | ||||
2399 | }, | ||||
2400 | 32, "Trust Asia CT2021" }, | ||||
2401 | { (const uint8_t[]){ | ||||
2402 | 0x67, 0x8d, 0xb6, 0x5b, 0x3e, 0x74, 0x43, 0xb6, 0xf3, 0xa3, 0x70, | ||||
2403 | 0xd5, 0xe1, 0x3a, 0xb1, 0xb4, 0x3b, 0xe0, 0xa0, 0xd3, 0x51, 0xf7, | ||||
2404 | 0xca, 0x74, 0x22, 0x50, 0xc7, 0xc6, 0xfa, 0x51, 0xa8, 0x8a, | ||||
2405 | }, | ||||
2406 | 32, "Trust Asia Log2021" }, | ||||
2407 | { (const uint8_t[]){ | ||||
2408 | 0xc3, 0x65, 0xf9, 0xb3, 0x65, 0x4f, 0x32, 0x83, 0xc7, 0x9d, 0xa9, | ||||
2409 | 0x8e, 0x93, 0xd7, 0x41, 0x8f, 0x5b, 0xab, 0x7b, 0xe3, 0x25, 0x2c, | ||||
2410 | 0x98, 0xe1, 0xd2, 0xf0, 0x4b, 0xb9, 0xeb, 0x42, 0x7d, 0x23, | ||||
2411 | }, | ||||
2412 | 32, "Trust Asia Log2022" }, | ||||
2413 | { (const uint8_t[]){ | ||||
2414 | 0xe8, 0x7e, 0xa7, 0x66, 0x0b, 0xc2, 0x6c, 0xf6, 0x00, 0x2e, 0xf5, | ||||
2415 | 0x72, 0x5d, 0x3f, 0xe0, 0xe3, 0x31, 0xb9, 0x39, 0x3b, 0xb9, 0x2f, | ||||
2416 | 0xbf, 0x58, 0xeb, 0x3b, 0x90, 0x49, 0xda, 0xf5, 0x43, 0x5a, | ||||
2417 | }, | ||||
2418 | 32, "Trust Asia Log2023" }, | ||||
2419 | { (const uint8_t[]){ | ||||
2420 | 0x30, 0x6d, 0x29, 0x57, 0x6a, 0xd2, 0x1a, 0x9d, 0x4a, 0xe1, 0x2a, | ||||
2421 | 0xca, 0xd8, 0xaa, 0x8a, 0x78, 0x3a, 0xa6, 0x5a, 0x32, 0x11, 0x60, | ||||
2422 | 0xac, 0xff, 0x5b, 0x0e, 0xee, 0x4c, 0xa3, 0x20, 0x1d, 0x05, | ||||
2423 | }, | ||||
2424 | 32, "Trust Asia Log2024" }, | ||||
2425 | { (const uint8_t[]){ | ||||
2426 | 0x87, 0x4f, 0xb5, 0x0d, 0xc0, 0x29, 0xd9, 0x93, 0x1d, 0xe5, 0x73, | ||||
2427 | 0xe9, 0xf2, 0x89, 0x9e, 0x8e, 0x45, 0x33, 0xb3, 0x92, 0xd3, 0x8b, | ||||
2428 | 0x0a, 0x46, 0x25, 0x74, 0xbf, 0x0f, 0xee, 0xb2, 0xfc, 0x1e, | ||||
2429 | }, | ||||
2430 | 32, "Trust Asia Log2024-2" }, | ||||
2431 | { (const uint8_t[]){ | ||||
2432 | 0x28, 0xe2, 0x81, 0x38, 0xfd, 0x83, 0x21, 0x45, 0xe9, 0xa9, 0xd6, | ||||
2433 | 0xaa, 0x75, 0x37, 0x6d, 0x83, 0x77, 0xa8, 0x85, 0x12, 0xb3, 0xc0, | ||||
2434 | 0x7f, 0x72, 0x41, 0x48, 0x21, 0xdc, 0xbd, 0xe9, 0x8c, 0x66, | ||||
2435 | }, | ||||
2436 | 32, "TrustAsia Log2025a" }, | ||||
2437 | { (const uint8_t[]){ | ||||
2438 | 0x28, 0x2c, 0x8b, 0xdd, 0x81, 0x0f, 0xf9, 0x09, 0x12, 0x0a, 0xce, | ||||
2439 | 0x16, 0xd6, 0xe0, 0xec, 0x20, 0x1b, 0xea, 0x82, 0xa3, 0xa4, 0xaf, | ||||
2440 | 0x19, 0xd9, 0xef, 0xfb, 0x59, 0xe8, 0x3f, 0xdc, 0x42, 0x68, | ||||
2441 | }, | ||||
2442 | 32, "TrustAsia Log2025b" }, | ||||
2443 | { (const uint8_t[]){ | ||||
2444 | 0x74, 0xdb, 0x9d, 0x58, 0xf7, 0xd4, 0x7e, 0x9d, 0xfd, 0x78, 0x7a, | ||||
2445 | 0x16, 0x2a, 0x99, 0x1c, 0x18, 0xcf, 0x69, 0x8d, 0xa7, 0xc7, 0x29, | ||||
2446 | 0x91, 0x8c, 0x9a, 0x18, 0xb0, 0x45, 0x0d, 0xba, 0x44, 0xbc, | ||||
2447 | }, | ||||
2448 | 32, "TrustAsia 'log2026a'" }, | ||||
2449 | { (const uint8_t[]){ | ||||
2450 | 0x25, 0xb7, 0xef, 0xde, 0xa1, 0x13, 0x01, 0x93, 0xed, 0x93, 0x07, | ||||
2451 | 0x97, 0x70, 0xaa, 0x32, 0x2a, 0x26, 0x62, 0x0d, 0xe3, 0x5a, 0xc8, | ||||
2452 | 0xaa, 0x7c, 0x75, 0x19, 0x7d, 0xe0, 0xb1, 0xa9, 0xe0, 0x65, | ||||
2453 | }, | ||||
2454 | 32, "TrustAsia 'log2026b'" }, | ||||
2455 | { (const uint8_t[]){ | ||||
2456 | 0x45, 0x35, 0x94, 0x98, 0xd9, 0x3a, 0x89, 0xe0, 0x28, 0x03, 0x08, | ||||
2457 | 0xd3, 0x7d, 0x62, 0x6d, 0xc4, 0x23, 0x75, 0x47, 0x58, 0xdc, 0xe0, | ||||
2458 | 0x37, 0x00, 0x36, 0xfb, 0xab, 0x0e, 0xdf, 0x8a, 0x6b, 0xcf, | ||||
2459 | }, | ||||
2460 | 32, "Trust Asia Log1" }, | ||||
2461 | { (const uint8_t[]){ | ||||
2462 | 0xc9, 0xcf, 0x89, 0x0a, 0x21, 0x10, 0x9c, 0x66, 0x6c, 0xc1, 0x7a, | ||||
2463 | 0x3e, 0xd0, 0x65, 0xc9, 0x30, 0xd0, 0xe0, 0x13, 0x5a, 0x9f, 0xeb, | ||||
2464 | 0xa8, 0x5a, 0xf1, 0x42, 0x10, 0xb8, 0x07, 0x24, 0x21, 0xaa, | ||||
2465 | }, | ||||
2466 | 32, "GDCA CT log #1" }, | ||||
2467 | { (const uint8_t[]){ | ||||
2468 | 0x92, 0x4a, 0x30, 0xf9, 0x09, 0x33, 0x6f, 0xf4, 0x35, 0xd6, 0x99, | ||||
2469 | 0x3a, 0x10, 0xac, 0x75, 0xa2, 0xc6, 0x41, 0x72, 0x8e, 0x7f, 0xc2, | ||||
2470 | 0xd6, 0x59, 0xae, 0x61, 0x88, 0xff, 0xad, 0x40, 0xce, 0x01, | ||||
2471 | }, | ||||
2472 | 32, "GDCA CT log #2" }, | ||||
2473 | { (const uint8_t[]){ | ||||
2474 | 0x71, 0x7e, 0xa7, 0x42, 0x09, 0x75, 0xbe, 0x84, 0xa2, 0x72, 0x35, | ||||
2475 | 0x53, 0xf1, 0x77, 0x7c, 0x26, 0xdd, 0x51, 0xaf, 0x4e, 0x10, 0x21, | ||||
2476 | 0x44, 0x09, 0x4d, 0x90, 0x19, 0xb4, 0x62, 0xfb, 0x66, 0x68, | ||||
2477 | }, | ||||
2478 | 32, "GDCA Log 1" }, | ||||
2479 | { (const uint8_t[]){ | ||||
2480 | 0x14, 0x30, 0x8d, 0x90, 0xcc, 0xd0, 0x30, 0x13, 0x50, 0x05, 0xc0, | ||||
2481 | 0x1c, 0xa5, 0x26, 0xd8, 0x1e, 0x84, 0xe8, 0x76, 0x24, 0xe3, 0x9b, | ||||
2482 | 0x62, 0x48, 0xe0, 0x8f, 0x72, 0x4a, 0xea, 0x3b, 0xb4, 0x2a, | ||||
2483 | }, | ||||
2484 | 32, "GDCA Log 2" }, | ||||
2485 | { (const uint8_t[]){ | ||||
2486 | 0xe0, 0x12, 0x76, 0x29, 0xe9, 0x04, 0x96, 0x56, 0x4e, 0x3d, 0x01, | ||||
2487 | 0x47, 0x98, 0x44, 0x98, 0xaa, 0x48, 0xf8, 0xad, 0xb1, 0x66, 0x00, | ||||
2488 | 0xeb, 0x79, 0x02, 0xa1, 0xef, 0x99, 0x09, 0x90, 0x62, 0x73, | ||||
2489 | }, | ||||
2490 | 32, "PuChuangSiDa CT log" }, | ||||
2491 | { (const uint8_t[]){ | ||||
2492 | 0x53, 0x7b, 0x69, 0xa3, 0x56, 0x43, 0x35, 0xa9, 0xc0, 0x49, 0x04, | ||||
2493 | 0xe3, 0x95, 0x93, 0xb2, 0xc2, 0x98, 0xeb, 0x8d, 0x7a, 0x6e, 0x83, | ||||
2494 | 0x02, 0x36, 0x35, 0xc6, 0x27, 0x24, 0x8c, 0xd6, 0xb4, 0x40, | ||||
2495 | }, | ||||
2496 | 32, "Nordu 'flimsy' log" }, | ||||
2497 | { (const uint8_t[]){ | ||||
2498 | 0xaa, 0xe7, 0x0b, 0x7f, 0x3c, 0xb8, 0xd5, 0x66, 0xc8, 0x6c, 0x2f, | ||||
2499 | 0x16, 0x97, 0x9c, 0x9f, 0x44, 0x5f, 0x69, 0xab, 0x0e, 0xb4, 0x53, | ||||
2500 | 0x55, 0x89, 0xb2, 0xf7, 0x7a, 0x03, 0x01, 0x04, 0xf3, 0xcd, | ||||
2501 | }, | ||||
2502 | 32, "Nordu 'plausible' log" }, | ||||
2503 | { (const uint8_t[]){ | ||||
2504 | 0xcf, 0x55, 0xe2, 0x89, 0x23, 0x49, 0x7c, 0x34, 0x0d, 0x52, 0x06, | ||||
2505 | 0xd0, 0x53, 0x53, 0xae, 0xb2, 0x58, 0x34, 0xb5, 0x2f, 0x1f, 0x8d, | ||||
2506 | 0xc9, 0x52, 0x68, 0x09, 0xf2, 0x12, 0xef, 0xdd, 0x7c, 0xa6, | ||||
2507 | }, | ||||
2508 | 32, "SHECA CT log 1" }, | ||||
2509 | { (const uint8_t[]){ | ||||
2510 | 0x32, 0xdc, 0x59, 0xc2, 0xd4, 0xc4, 0x19, 0x68, 0xd5, 0x6e, 0x14, | ||||
2511 | 0xbc, 0x61, 0xac, 0x8f, 0x0e, 0x45, 0xdb, 0x39, 0xfa, 0xf3, 0xc1, | ||||
2512 | 0x55, 0xaa, 0x42, 0x52, 0xf5, 0x00, 0x1f, 0xa0, 0xc6, 0x23, | ||||
2513 | }, | ||||
2514 | 32, "SHECA CT log 2" }, | ||||
2515 | { (const uint8_t[]){ | ||||
2516 | 0x96, 0x06, 0xc0, 0x2c, 0x69, 0x00, 0x33, 0xaa, 0x1d, 0x14, 0x5f, | ||||
2517 | 0x59, 0xc6, 0xe2, 0x64, 0x8d, 0x05, 0x49, 0xf0, 0xdf, 0x96, 0xaa, | ||||
2518 | 0xb8, 0xdb, 0x91, 0x5a, 0x70, 0xd8, 0xec, 0xf3, 0x90, 0xa5, | ||||
2519 | }, | ||||
2520 | 32, "Akamai CT Log" }, | ||||
2521 | { (const uint8_t[]){ | ||||
2522 | 0x39, 0x37, 0x6f, 0x54, 0x5f, 0x7b, 0x46, 0x07, 0xf5, 0x97, 0x42, | ||||
2523 | 0xd7, 0x68, 0xcd, 0x5d, 0x24, 0x37, 0xbf, 0x34, 0x73, 0xb6, 0x53, | ||||
2524 | 0x4a, 0x48, 0x34, 0xbc, 0xf7, 0x2e, 0x68, 0x1c, 0x83, 0xc9, | ||||
2525 | }, | ||||
2526 | 32, "Alpha CT Log" }, | ||||
2527 | { (const uint8_t[]){ | ||||
2528 | 0xb0, 0xb7, 0x84, 0xbc, 0x81, 0xc0, 0xdd, 0xc4, 0x75, 0x44, 0xe8, | ||||
2529 | 0x83, 0xf0, 0x59, 0x85, 0xbb, 0x90, 0x77, 0xd1, 0x34, 0xd8, 0xab, | ||||
2530 | 0x88, 0xb2, 0xb2, 0xe5, 0x33, 0x98, 0x0b, 0x8e, 0x50, 0x8b, | ||||
2531 | }, | ||||
2532 | 32, "Up In The Air 'Behind the Sofa' log" }, | ||||
2533 | { (const uint8_t[]){ | ||||
2534 | 0x47, 0x44, 0x47, 0x7c, 0x75, 0xde, 0x42, 0x6d, 0x5c, 0x44, 0xef, | ||||
2535 | 0xd4, 0xa9, 0x2c, 0x96, 0x77, 0x59, 0x7f, 0x65, 0x7a, 0x8f, 0xe0, | ||||
2536 | 0xca, 0xdb, 0xc6, 0xd6, 0x16, 0xed, 0xa4, 0x97, 0xc4, 0x25, | ||||
2537 | }, | ||||
2538 | 32, "Qihoo 360 2020" }, | ||||
2539 | { (const uint8_t[]){ | ||||
2540 | 0xc6, 0xd7, 0xed, 0x9e, 0xdb, 0x8e, 0x74, 0xf0, 0xa7, 0x1b, 0x4d, | ||||
2541 | 0x4a, 0x98, 0x4b, 0xcb, 0xeb, 0xab, 0xbd, 0x28, 0xcc, 0x1f, 0xd7, | ||||
2542 | 0x63, 0x29, 0xe8, 0x87, 0x26, 0xcd, 0x4c, 0x25, 0x46, 0x63, | ||||
2543 | }, | ||||
2544 | 32, "Qihoo 360 2021" }, | ||||
2545 | { (const uint8_t[]){ | ||||
2546 | 0x66, 0x3c, 0xb0, 0x9c, 0x1f, 0xcd, 0x9b, 0xaa, 0x62, 0x76, 0x3c, | ||||
2547 | 0xcb, 0x53, 0x4e, 0xec, 0x80, 0x58, 0x12, 0x28, 0x05, 0x07, 0xac, | ||||
2548 | 0x69, 0xa4, 0x5f, 0xcd, 0x38, 0xcf, 0x4c, 0xc7, 0x4c, 0xf1, | ||||
2549 | }, | ||||
2550 | 32, "Qihoo 360 2022" }, | ||||
2551 | { (const uint8_t[]){ | ||||
2552 | 0xe2, 0x64, 0x7f, 0x6e, 0xda, 0x34, 0x05, 0x03, 0xc6, 0x4d, 0x4e, | ||||
2553 | 0x10, 0xa8, 0x69, 0x68, 0x1f, 0xde, 0x9c, 0x5a, 0x2c, 0xf3, 0xb3, | ||||
2554 | 0x2d, 0x5f, 0x20, 0x0b, 0x96, 0x36, 0x05, 0x90, 0x88, 0x23, | ||||
2555 | }, | ||||
2556 | 32, "Qihoo 360 2023" }, | ||||
2557 | { (const uint8_t[]){ | ||||
2558 | 0xc5, 0xcf, 0xe5, 0x4b, 0x61, 0x51, 0xb4, 0x9b, 0x14, 0x2e, 0xd2, | ||||
2559 | 0x63, 0xbd, 0xe7, 0x32, 0x93, 0x36, 0x37, 0x99, 0x79, 0x95, 0x50, | ||||
2560 | 0xae, 0x44, 0x35, 0xcd, 0x1a, 0x69, 0x97, 0xc9, 0xc3, 0xc3, | ||||
2561 | }, | ||||
2562 | 32, "Qihoo 360 v1 2020" }, | ||||
2563 | { (const uint8_t[]){ | ||||
2564 | 0x48, 0x14, 0x58, 0x7c, 0xf2, 0x8b, 0x08, 0xfe, 0x68, 0x3f, 0xd2, | ||||
2565 | 0xbc, 0xd9, 0x45, 0x99, 0x4c, 0x2e, 0xb7, 0x4c, 0x8a, 0xe8, 0xc8, | ||||
2566 | 0x7f, 0xce, 0x42, 0x9b, 0x7c, 0xd3, 0x1d, 0x51, 0xbd, 0xc4, | ||||
2567 | }, | ||||
2568 | 32, "Qihoo 360 v1 2021" }, | ||||
2569 | { (const uint8_t[]){ | ||||
2570 | 0x49, 0x11, 0xb8, 0xd6, 0x14, 0xcf, 0xd3, 0xd9, 0x9f, 0x16, 0xd3, | ||||
2571 | 0x76, 0x54, 0x5e, 0xe1, 0xb8, 0xcc, 0xfc, 0x51, 0x1f, 0x50, 0x9f, | ||||
2572 | 0x08, 0x0b, 0xa0, 0xa0, 0x87, 0xd9, 0x1d, 0xfa, 0xee, 0xa9, | ||||
2573 | }, | ||||
2574 | 32, "Qihoo 360 v1 2022" }, | ||||
2575 | { (const uint8_t[]){ | ||||
2576 | 0xb6, 0x74, 0x0b, 0x12, 0x00, 0x2e, 0x03, 0x3f, 0xd0, 0xe7, 0xe9, | ||||
2577 | 0x41, 0xf4, 0xba, 0x3e, 0xe1, 0xbf, 0xc1, 0x49, 0xb5, 0x24, 0xb4, | ||||
2578 | 0xcf, 0x62, 0x8d, 0x53, 0xef, 0xea, 0x1f, 0x40, 0x3a, 0x8d, | ||||
2579 | }, | ||||
2580 | 32, "Qihoo 360 v1 2023" }, | ||||
2581 | { NULL((void*)0), 0, NULL((void*)0) } | ||||
2582 | }; | ||||
2583 | |||||
2584 | /* | ||||
2585 | * Application-Layer Protocol Negotiation (ALPN) dissector tables. | ||||
2586 | */ | ||||
2587 | static dissector_table_t ssl_alpn_dissector_table; | ||||
2588 | static dissector_table_t dtls_alpn_dissector_table; | ||||
2589 | |||||
2590 | /* | ||||
2591 | * Special cases for prefix matching of the ALPN, if the ALPN includes | ||||
2592 | * a version number for a draft or protocol revision. | ||||
2593 | */ | ||||
2594 | typedef struct ssl_alpn_prefix_match_protocol { | ||||
2595 | const char *proto_prefix; | ||||
2596 | const char *dissector_name; | ||||
2597 | } ssl_alpn_prefix_match_protocol_t; | ||||
2598 | |||||
2599 | static const ssl_alpn_prefix_match_protocol_t ssl_alpn_prefix_match_protocols[] = { | ||||
2600 | /* SPDY moves so fast, just 1, 2 and 3 are registered with IANA but there | ||||
2601 | * already exists 3.1 as of this writing... match the prefix. */ | ||||
2602 | { "spdy/", "spdy" }, | ||||
2603 | /* draft-ietf-httpbis-http2-16 */ | ||||
2604 | { "h2-", "http2" }, /* draft versions */ | ||||
2605 | }; | ||||
2606 | |||||
2607 | const value_string compress_certificate_algorithm_vals[] = { | ||||
2608 | { 1, "zlib" }, | ||||
2609 | { 2, "brotli" }, | ||||
2610 | { 3, "zstd" }, | ||||
2611 | { 0, NULL((void*)0) } | ||||
2612 | }; | ||||
2613 | |||||
2614 | |||||
2615 | const val64_string quic_transport_parameter_id[] = { | ||||
2616 | { SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID0x00, "original_destination_connection_id" }, | ||||
2617 | { SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT0x01, "max_idle_timeout" }, | ||||
2618 | { SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN0x02, "stateless_reset_token" }, | ||||
2619 | { SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE0x03, "max_udp_payload_size" }, | ||||
2620 | { SSL_HND_QUIC_TP_INITIAL_MAX_DATA0x04, "initial_max_data" }, | ||||
2621 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL0x05, "initial_max_stream_data_bidi_local" }, | ||||
2622 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE0x06, "initial_max_stream_data_bidi_remote" }, | ||||
2623 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI0x07, "initial_max_stream_data_uni" }, | ||||
2624 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI0x09, "initial_max_streams_uni" }, | ||||
2625 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI0x08, "initial_max_streams_bidi" }, | ||||
2626 | { SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT0x0a, "ack_delay_exponent" }, | ||||
2627 | { SSL_HND_QUIC_TP_MAX_ACK_DELAY0x0b, "max_ack_delay" }, | ||||
2628 | { SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION0x0c, "disable_active_migration" }, | ||||
2629 | { SSL_HND_QUIC_TP_PREFERRED_ADDRESS0x0d, "preferred_address" }, | ||||
2630 | { SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT0x0e, "active_connection_id_limit" }, | ||||
2631 | { SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID0x0f, "initial_source_connection_id" }, | ||||
2632 | { SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID0x10, "retry_source_connection_id" }, | ||||
2633 | { SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE0x20, "max_datagram_frame_size" }, | ||||
2634 | { SSL_HND_QUIC_TP_CIBIR_ENCODING0x1000, "cibir_encoding" }, | ||||
2635 | { SSL_HND_QUIC_TP_LOSS_BITS0x1057, "loss_bits" }, | ||||
2636 | { SSL_HND_QUIC_TP_GREASE_QUIC_BIT0x2ab2, "grease_quic_bit" }, | ||||
2637 | { SSL_HND_QUIC_TP_ENABLE_TIME_STAMP0x7157, "enable_time_stamp" }, | ||||
2638 | { SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V20x7158, "enable_time_stamp_v2" }, | ||||
2639 | { SSL_HND_QUIC_TP_VERSION_INFORMATION0x11, "version_information" }, | ||||
2640 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD0xde1a, "min_ack_delay" }, | ||||
2641 | { SSL_HND_QUIC_TP_GOOGLE_USER_AGENT0x3129, "google_user_agent" }, | ||||
2642 | { SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED0x312B, "google_key_update_not_yet_supported" }, | ||||
2643 | { SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION0x4752, "google_quic_version" }, | ||||
2644 | { SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT0x3127, "google_initial_rtt" }, | ||||
2645 | { SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE0x312A, "google_support_handshake_done" }, | ||||
2646 | { SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS0x4751, "google_quic_params" }, | ||||
2647 | { SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS0x3128, "google_connection_options" }, | ||||
2648 | { SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY0xFF00, "facebook_partial_reliability" }, | ||||
2649 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V10xFF03DE1A, "min_ack_delay (draft-01)" }, | ||||
2650 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT050xff04de1a, "min_ack_delay (draft-05)" }, | ||||
2651 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY0xff04de1b, "min_ack_delay" }, | ||||
2652 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT040x0f739bbc1b666d04, "enable_multipath (draft-04)" }, | ||||
2653 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT050x0f739bbc1b666d05, "enable_multipath (draft-05)" }, | ||||
2654 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH0x0f739bbc1b666d06, "enable_multipath (draft-06)" }, | ||||
2655 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATHS0x0f739bbc1b666d07, "initial_max_paths (draft-07/08)" }, | ||||
2656 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT090x0f739bbc1b666d09, "initial_max_path_id (draft-09/10)" }, | ||||
2657 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID0x0f739bbc1b666d11, "initial_max_path_id" }, | ||||
2658 | { 0, NULL((void*)0) } | ||||
2659 | }; | ||||
2660 | |||||
2661 | /* https://tools.ietf.org/html/draft-huitema-quic-ts-03 */ | ||||
2662 | const val64_string quic_enable_time_stamp_v2_vals[] = { | ||||
2663 | { 1, "I would like to receive TIME_STAMP frames" }, | ||||
2664 | { 2, "I am able to generate TIME_STAMP frames" }, | ||||
2665 | { 3, "I am able to generate TIME_STAMP frames and I would like to receive them" }, | ||||
2666 | { 0, NULL((void*)0) } | ||||
2667 | }; | ||||
2668 | |||||
2669 | /* https://tools.ietf.org/html/draft-multipath-04 */ | ||||
2670 | const val64_string quic_enable_multipath_vals[] = { | ||||
2671 | { 0, "don't support multipath" }, | ||||
2672 | { 1, "support multipath as defined in this document" }, | ||||
2673 | { 0, NULL((void*)0) } | ||||
2674 | }; | ||||
2675 | |||||
2676 | /* https://www.ietf.org/archive/id/draft-ietf-tls-esni-16.txt */ | ||||
2677 | const value_string tls_hello_ext_ech_clienthello_types[] = { | ||||
2678 | { 0, "Outer Client Hello" }, | ||||
2679 | { 1, "Inner Client Hello" }, | ||||
2680 | { 0, NULL((void*)0) } | ||||
2681 | }; | ||||
2682 | |||||
2683 | /* RFC 9180 */ | ||||
2684 | const value_string kem_id_type_vals[] = { | ||||
2685 | { 0x0000, "Reserved" }, | ||||
2686 | { 0x0010, "DHKEM(P-256, HKDF-SHA256)" }, | ||||
2687 | { 0x0011, "DHKEM(P-384, HKDF-SHA384)" }, | ||||
2688 | { 0x0012, "DHKEM(P-521, HKDF-SHA512)" }, | ||||
2689 | { 0x0020, "DHKEM(X25519, HKDF-SHA256)" }, | ||||
2690 | { 0x0021, "DHKEM(X448, HKDF-SHA512)" }, | ||||
2691 | { 0, NULL((void*)0) } | ||||
2692 | }; | ||||
2693 | const value_string kdf_id_type_vals[] = { | ||||
2694 | { 0x0000, "Reserved" }, | ||||
2695 | { 0x0001, "HKDF-SHA256" }, | ||||
2696 | { 0x0002, "HKDF-SHA384" }, | ||||
2697 | { 0x0003, "HKDF-SHA512" }, | ||||
2698 | { 0, NULL((void*)0) } | ||||
2699 | }; | ||||
2700 | const value_string aead_id_type_vals[] = { | ||||
2701 | { 0x0000, "Reserved" }, | ||||
2702 | { 0x0001, "AES-128-GCM" }, | ||||
2703 | { 0x0002, "AES-256-GCM" }, | ||||
2704 | { 0x0003, "ChaCha20Poly1305" }, | ||||
2705 | { 0xFFFF, "Export-only" }, | ||||
2706 | { 0, NULL((void*)0) } | ||||
2707 | }; | ||||
2708 | |||||
2709 | const value_string token_binding_key_parameter_vals[] = { | ||||
2710 | { 0, "rsa2048_pkcs1.5" }, | ||||
2711 | { 1, "rsa2048_pss" }, | ||||
2712 | { 2, "ecdsap256" }, | ||||
2713 | { 0, NULL((void*)0) } | ||||
2714 | }; | ||||
2715 | |||||
2716 | /* Lookup tables }}} */ | ||||
2717 | |||||
2718 | void | ||||
2719 | quic_transport_parameter_id_base_custom(char *result, uint64_t parameter_id) | ||||
2720 | { | ||||
2721 | const char *label; | ||||
2722 | if (IS_GREASE_QUIC(parameter_id)((parameter_id) > 27 ? ((((parameter_id) - 27) % 31) == 0) : 0)) { | ||||
2723 | label = "GREASE"; | ||||
2724 | } else { | ||||
2725 | label = val64_to_str_const(parameter_id, quic_transport_parameter_id, "Unknown"); | ||||
2726 | } | ||||
2727 | snprintf(result, ITEM_LABEL_LENGTH240, "%s (0x%02" PRIx64"l" "x" ")", label, parameter_id); | ||||
2728 | } | ||||
2729 | |||||
2730 | /* we keep this internal to packet-tls-utils, as there should be | ||||
2731 | no need to access it any other way. | ||||
2732 | |||||
2733 | This also allows us to hide the dependency on zlib. | ||||
2734 | */ | ||||
2735 | struct _SslDecompress { | ||||
2736 | int compression; | ||||
2737 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | ||||
2738 | zlib_stream istream; | ||||
2739 | #endif | ||||
2740 | }; | ||||
2741 | |||||
2742 | /* To assist in parsing client/server key exchange messages | ||||
2743 | 0 indicates unknown */ | ||||
2744 | int ssl_get_keyex_alg(int cipher) | ||||
2745 | { | ||||
2746 | /* Map Cipher suite number to Key Exchange algorithm {{{ */ | ||||
2747 | switch(cipher) { | ||||
2748 | case 0x0017: | ||||
2749 | case 0x0018: | ||||
2750 | case 0x0019: | ||||
2751 | case 0x001a: | ||||
2752 | case 0x001b: | ||||
2753 | case 0x0034: | ||||
2754 | case 0x003a: | ||||
2755 | case 0x0046: | ||||
2756 | case 0x006c: | ||||
2757 | case 0x006d: | ||||
2758 | case 0x0089: | ||||
2759 | case 0x009b: | ||||
2760 | case 0x00a6: | ||||
2761 | case 0x00a7: | ||||
2762 | case 0x00bf: | ||||
2763 | case 0x00c5: | ||||
2764 | case 0xc084: | ||||
2765 | case 0xc085: | ||||
2766 | return KEX_DH_ANON0x13; | ||||
2767 | case 0x000b: | ||||
2768 | case 0x000c: | ||||
2769 | case 0x000d: | ||||
2770 | case 0x0030: | ||||
2771 | case 0x0036: | ||||
2772 | case 0x003e: | ||||
2773 | case 0x0042: | ||||
2774 | case 0x0068: | ||||
2775 | case 0x0085: | ||||
2776 | case 0x0097: | ||||
2777 | case 0x00a4: | ||||
2778 | case 0x00a5: | ||||
2779 | case 0x00bb: | ||||
2780 | case 0x00c1: | ||||
2781 | case 0xc082: | ||||
2782 | case 0xc083: | ||||
2783 | return KEX_DH_DSS0x14; | ||||
2784 | case 0x000e: | ||||
2785 | case 0x000f: | ||||
2786 | case 0x0010: | ||||
2787 | case 0x0031: | ||||
2788 | case 0x0037: | ||||
2789 | case 0x003f: | ||||
2790 | case 0x0043: | ||||
2791 | case 0x0069: | ||||
2792 | case 0x0086: | ||||
2793 | case 0x0098: | ||||
2794 | case 0x00a0: | ||||
2795 | case 0x00a1: | ||||
2796 | case 0x00bc: | ||||
2797 | case 0x00c2: | ||||
2798 | case 0xc07e: | ||||
2799 | case 0xc07f: | ||||
2800 | return KEX_DH_RSA0x15; | ||||
2801 | case 0x0011: | ||||
2802 | case 0x0012: | ||||
2803 | case 0x0013: | ||||
2804 | case 0x0032: | ||||
2805 | case 0x0038: | ||||
2806 | case 0x0040: | ||||
2807 | case 0x0044: | ||||
2808 | case 0x0063: | ||||
2809 | case 0x0065: | ||||
2810 | case 0x0066: | ||||
2811 | case 0x006a: | ||||
2812 | case 0x0087: | ||||
2813 | case 0x0099: | ||||
2814 | case 0x00a2: | ||||
2815 | case 0x00a3: | ||||
2816 | case 0x00bd: | ||||
2817 | case 0x00c3: | ||||
2818 | case 0xc080: | ||||
2819 | case 0xc081: | ||||
2820 | return KEX_DHE_DSS0x10; | ||||
2821 | case 0x002d: | ||||
2822 | case 0x008e: | ||||
2823 | case 0x008f: | ||||
2824 | case 0x0090: | ||||
2825 | case 0x0091: | ||||
2826 | case 0x00aa: | ||||
2827 | case 0x00ab: | ||||
2828 | case 0x00b2: | ||||
2829 | case 0x00b3: | ||||
2830 | case 0x00b4: | ||||
2831 | case 0x00b5: | ||||
2832 | case 0xc090: | ||||
2833 | case 0xc091: | ||||
2834 | case 0xc096: | ||||
2835 | case 0xc097: | ||||
2836 | case 0xc0a6: | ||||
2837 | case 0xc0a7: | ||||
2838 | case 0xc0aa: | ||||
2839 | case 0xc0ab: | ||||
2840 | case 0xccad: | ||||
2841 | case 0xe41c: | ||||
2842 | case 0xe41d: | ||||
2843 | return KEX_DHE_PSK0x11; | ||||
2844 | case 0x0014: | ||||
2845 | case 0x0015: | ||||
2846 | case 0x0016: | ||||
2847 | case 0x0033: | ||||
2848 | case 0x0039: | ||||
2849 | case 0x0045: | ||||
2850 | case 0x0067: | ||||
2851 | case 0x006b: | ||||
2852 | case 0x0088: | ||||
2853 | case 0x009a: | ||||
2854 | case 0x009e: | ||||
2855 | case 0x009f: | ||||
2856 | case 0x00be: | ||||
2857 | case 0x00c4: | ||||
2858 | case 0xc07c: | ||||
2859 | case 0xc07d: | ||||
2860 | case 0xc09e: | ||||
2861 | case 0xc09f: | ||||
2862 | case 0xc0a2: | ||||
2863 | case 0xc0a3: | ||||
2864 | case 0xccaa: | ||||
2865 | case 0xe41e: | ||||
2866 | case 0xe41f: | ||||
2867 | return KEX_DHE_RSA0x12; | ||||
2868 | case 0xc015: | ||||
2869 | case 0xc016: | ||||
2870 | case 0xc017: | ||||
2871 | case 0xc018: | ||||
2872 | case 0xc019: | ||||
2873 | return KEX_ECDH_ANON0x19; | ||||
2874 | case 0xc001: | ||||
2875 | case 0xc002: | ||||
2876 | case 0xc003: | ||||
2877 | case 0xc004: | ||||
2878 | case 0xc005: | ||||
2879 | case 0xc025: | ||||
2880 | case 0xc026: | ||||
2881 | case 0xc02d: | ||||
2882 | case 0xc02e: | ||||
2883 | case 0xc074: | ||||
2884 | case 0xc075: | ||||
2885 | case 0xc088: | ||||
2886 | case 0xc089: | ||||
2887 | return KEX_ECDH_ECDSA0x1a; | ||||
2888 | case 0xc00b: | ||||
2889 | case 0xc00c: | ||||
2890 | case 0xc00d: | ||||
2891 | case 0xc00e: | ||||
2892 | case 0xc00f: | ||||
2893 | case 0xc029: | ||||
2894 | case 0xc02a: | ||||
2895 | case 0xc031: | ||||
2896 | case 0xc032: | ||||
2897 | case 0xc078: | ||||
2898 | case 0xc079: | ||||
2899 | case 0xc08c: | ||||
2900 | case 0xc08d: | ||||
2901 | return KEX_ECDH_RSA0x1b; | ||||
2902 | case 0xc006: | ||||
2903 | case 0xc007: | ||||
2904 | case 0xc008: | ||||
2905 | case 0xc009: | ||||
2906 | case 0xc00a: | ||||
2907 | case 0xc023: | ||||
2908 | case 0xc024: | ||||
2909 | case 0xc02b: | ||||
2910 | case 0xc02c: | ||||
2911 | case 0xc072: | ||||
2912 | case 0xc073: | ||||
2913 | case 0xc086: | ||||
2914 | case 0xc087: | ||||
2915 | case 0xc0ac: | ||||
2916 | case 0xc0ad: | ||||
2917 | case 0xc0ae: | ||||
2918 | case 0xc0af: | ||||
2919 | case 0xcca9: | ||||
2920 | case 0xe414: | ||||
2921 | case 0xe415: | ||||
2922 | return KEX_ECDHE_ECDSA0x16; | ||||
2923 | case 0xc033: | ||||
2924 | case 0xc034: | ||||
2925 | case 0xc035: | ||||
2926 | case 0xc036: | ||||
2927 | case 0xc037: | ||||
2928 | case 0xc038: | ||||
2929 | case 0xc039: | ||||
2930 | case 0xc03a: | ||||
2931 | case 0xc03b: | ||||
2932 | case 0xc09a: | ||||
2933 | case 0xc09b: | ||||
2934 | case 0xccac: | ||||
2935 | case 0xe418: | ||||
2936 | case 0xe419: | ||||
2937 | case 0xd001: | ||||
2938 | case 0xd002: | ||||
2939 | case 0xd003: | ||||
2940 | case 0xd005: | ||||
2941 | return KEX_ECDHE_PSK0x17; | ||||
2942 | case 0xc010: | ||||
2943 | case 0xc011: | ||||
2944 | case 0xc012: | ||||
2945 | case 0xc013: | ||||
2946 | case 0xc014: | ||||
2947 | case 0xc027: | ||||
2948 | case 0xc028: | ||||
2949 | case 0xc02f: | ||||
2950 | case 0xc030: | ||||
2951 | case 0xc076: | ||||
2952 | case 0xc077: | ||||
2953 | case 0xc08a: | ||||
2954 | case 0xc08b: | ||||
2955 | case 0xcca8: | ||||
2956 | case 0xe412: | ||||
2957 | case 0xe413: | ||||
2958 | return KEX_ECDHE_RSA0x18; | ||||
2959 | case 0x001e: | ||||
2960 | case 0x001f: | ||||
2961 | case 0x0020: | ||||
2962 | case 0x0021: | ||||
2963 | case 0x0022: | ||||
2964 | case 0x0023: | ||||
2965 | case 0x0024: | ||||
2966 | case 0x0025: | ||||
2967 | case 0x0026: | ||||
2968 | case 0x0027: | ||||
2969 | case 0x0028: | ||||
2970 | case 0x0029: | ||||
2971 | case 0x002a: | ||||
2972 | case 0x002b: | ||||
2973 | return KEX_KRB50x1c; | ||||
2974 | case 0x002c: | ||||
2975 | case 0x008a: | ||||
2976 | case 0x008b: | ||||
2977 | case 0x008c: | ||||
2978 | case 0x008d: | ||||
2979 | case 0x00a8: | ||||
2980 | case 0x00a9: | ||||
2981 | case 0x00ae: | ||||
2982 | case 0x00af: | ||||
2983 | case 0x00b0: | ||||
2984 | case 0x00b1: | ||||
2985 | case 0xc064: | ||||
2986 | case 0xc065: | ||||
2987 | case 0xc08e: | ||||
2988 | case 0xc08f: | ||||
2989 | case 0xc094: | ||||
2990 | case 0xc095: | ||||
2991 | case 0xc0a4: | ||||
2992 | case 0xc0a5: | ||||
2993 | case 0xc0a8: | ||||
2994 | case 0xc0a9: | ||||
2995 | case 0xccab: | ||||
2996 | case 0xe416: | ||||
2997 | case 0xe417: | ||||
2998 | return KEX_PSK0x1d; | ||||
2999 | case 0x0001: | ||||
3000 | case 0x0002: | ||||
3001 | case 0x0003: | ||||
3002 | case 0x0004: | ||||
3003 | case 0x0005: | ||||
3004 | case 0x0006: | ||||
3005 | case 0x0007: | ||||
3006 | case 0x0008: | ||||
3007 | case 0x0009: | ||||
3008 | case 0x000a: | ||||
3009 | case 0x002f: | ||||
3010 | case 0x0035: | ||||
3011 | case 0x003b: | ||||
3012 | case 0x003c: | ||||
3013 | case 0x003d: | ||||
3014 | case 0x0041: | ||||
3015 | case 0x0060: | ||||
3016 | case 0x0061: | ||||
3017 | case 0x0062: | ||||
3018 | case 0x0064: | ||||
3019 | case 0x0084: | ||||
3020 | case 0x0096: | ||||
3021 | case 0x009c: | ||||
3022 | case 0x009d: | ||||
3023 | case 0x00ba: | ||||
3024 | case 0x00c0: | ||||
3025 | case 0xc07a: | ||||
3026 | case 0xc07b: | ||||
3027 | case 0xc09c: | ||||
3028 | case 0xc09d: | ||||
3029 | case 0xc0a0: | ||||
3030 | case 0xc0a1: | ||||
3031 | case 0xe410: | ||||
3032 | case 0xe411: | ||||
3033 | case 0xfefe: | ||||
3034 | case 0xfeff: | ||||
3035 | case 0xffe0: | ||||
3036 | case 0xffe1: | ||||
3037 | return KEX_RSA0x1e; | ||||
3038 | case 0x002e: | ||||
3039 | case 0x0092: | ||||
3040 | case 0x0093: | ||||
3041 | case 0x0094: | ||||
3042 | case 0x0095: | ||||
3043 | case 0x00ac: | ||||
3044 | case 0x00ad: | ||||
3045 | case 0x00b6: | ||||
3046 | case 0x00b7: | ||||
3047 | case 0x00b8: | ||||
3048 | case 0x00b9: | ||||
3049 | case 0xc092: | ||||
3050 | case 0xc093: | ||||
3051 | case 0xc098: | ||||
3052 | case 0xc099: | ||||
3053 | case 0xccae: | ||||
3054 | case 0xe41a: | ||||
3055 | case 0xe41b: | ||||
3056 | return KEX_RSA_PSK0x1f; | ||||
3057 | case 0xc01a: | ||||
3058 | case 0xc01d: | ||||
3059 | case 0xc020: | ||||
3060 | return KEX_SRP_SHA0x20; | ||||
3061 | case 0xc01c: | ||||
3062 | case 0xc01f: | ||||
3063 | case 0xc022: | ||||
3064 | return KEX_SRP_SHA_DSS0x21; | ||||
3065 | case 0xc01b: | ||||
3066 | case 0xc01e: | ||||
3067 | case 0xc021: | ||||
3068 | return KEX_SRP_SHA_RSA0x22; | ||||
3069 | case 0xc0ff: | ||||
3070 | return KEX_ECJPAKE0x24; | ||||
3071 | case 0xe003: | ||||
3072 | case 0xe013: | ||||
3073 | case 0xe053: | ||||
3074 | return KEX_ECC_SM20x26; | ||||
3075 | default: | ||||
3076 | break; | ||||
3077 | } | ||||
3078 | |||||
3079 | return 0; | ||||
3080 | /* }}} */ | ||||
3081 | } | ||||
3082 | |||||
3083 | static wmem_list_t *connection_id_session_list; | ||||
3084 | |||||
3085 | void | ||||
3086 | ssl_init_cid_list(void) { | ||||
3087 | connection_id_session_list = wmem_list_new(wmem_file_scope()); | ||||
3088 | } | ||||
3089 | |||||
3090 | void | ||||
3091 | ssl_cleanup_cid_list(void) { | ||||
3092 | wmem_destroy_list(connection_id_session_list); | ||||
3093 | } | ||||
3094 | |||||
3095 | void | ||||
3096 | ssl_add_session_by_cid(SslDecryptSession *session) | ||||
3097 | { | ||||
3098 | wmem_list_append(connection_id_session_list, session); | ||||
3099 | } | ||||
3100 | |||||
3101 | SslDecryptSession * | ||||
3102 | ssl_get_session_by_cid(tvbuff_t *tvb, uint32_t offset) | ||||
3103 | { | ||||
3104 | SslDecryptSession * ssl_cid = NULL((void*)0); | ||||
3105 | wmem_list_frame_t *it = wmem_list_head(connection_id_session_list); | ||||
3106 | |||||
3107 | while (it != NULL((void*)0) && ssl_cid == NULL((void*)0)) { | ||||
3108 | SslDecryptSession * ssl = (SslDecryptSession *)wmem_list_frame_data(it); | ||||
3109 | DISSECTOR_ASSERT(ssl != NULL)((void) ((ssl != ((void*)0)) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 3109, "ssl != ((void*)0)")))); | ||||
3110 | SslSession *session = &ssl->session; | ||||
3111 | |||||
3112 | if (session->client_cid_len > 0 && tvb_bytes_exist(tvb, offset, session->client_cid_len)) { | ||||
3113 | if (tvb_memeql(tvb, offset, session->client_cid, session->client_cid_len) == 0) { | ||||
3114 | ssl_cid = ssl; | ||||
3115 | } | ||||
3116 | } | ||||
3117 | |||||
3118 | if (session->server_cid_len > 0) { | ||||
3119 | if (tvb_memeql(tvb, offset, session->server_cid, session->server_cid_len) == 0) { | ||||
3120 | ssl_cid = ssl; | ||||
3121 | } | ||||
3122 | } | ||||
3123 | |||||
3124 | it = wmem_list_frame_next(it); | ||||
3125 | } | ||||
3126 | |||||
3127 | return ssl_cid; | ||||
3128 | } | ||||
3129 | |||||
3130 | /* StringInfo structure (len + data) functions {{{ */ | ||||
3131 | |||||
3132 | int | ||||
3133 | ssl_data_alloc(StringInfo* str, size_t len) | ||||
3134 | { | ||||
3135 | str->data = (unsigned char *)g_malloc(len); | ||||
3136 | /* the allocator can return a null pointer for a size equal to 0, | ||||
3137 | * and that must be allowed */ | ||||
3138 | if (len > 0 && !str->data) | ||||
3139 | return -1; | ||||
3140 | str->data_len = (unsigned) len; | ||||
3141 | return 0; | ||||
3142 | } | ||||
3143 | |||||
3144 | void | ||||
3145 | ssl_data_set(StringInfo* str, const unsigned char* data, unsigned len) | ||||
3146 | { | ||||
3147 | DISSECTOR_ASSERT(data)((void) ((data) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 3147, "data")))); | ||||
3148 | memcpy(str->data, data, len); | ||||
3149 | str->data_len = len; | ||||
3150 | } | ||||
3151 | |||||
3152 | static int | ||||
3153 | ssl_data_realloc(StringInfo* str, unsigned len) | ||||
3154 | { | ||||
3155 | str->data = (unsigned char *)g_realloc(str->data, len); | ||||
3156 | if (!str->data) | ||||
3157 | return -1; | ||||
3158 | str->data_len = len; | ||||
3159 | return 0; | ||||
3160 | } | ||||
3161 | |||||
3162 | static StringInfo * | ||||
3163 | ssl_data_clone(StringInfo *str) | ||||
3164 | { | ||||
3165 | StringInfo *cloned_str; | ||||
3166 | cloned_str = (StringInfo *) wmem_alloc0(wmem_file_scope(), | ||||
3167 | sizeof(StringInfo) + str->data_len); | ||||
3168 | cloned_str->data = (unsigned char *) (cloned_str + 1); | ||||
3169 | ssl_data_set(cloned_str, str->data, str->data_len); | ||||
3170 | return cloned_str; | ||||
3171 | } | ||||
3172 | |||||
3173 | static int | ||||
3174 | ssl_data_copy(StringInfo* dst, StringInfo* src) | ||||
3175 | { | ||||
3176 | if (dst->data_len < src->data_len) { | ||||
3177 | if (ssl_data_realloc(dst, src->data_len)) | ||||
3178 | return -1; | ||||
3179 | } | ||||
3180 | memcpy(dst->data, src->data, src->data_len); | ||||
3181 | dst->data_len = src->data_len; | ||||
3182 | return 0; | ||||
3183 | } | ||||
3184 | |||||
3185 | /* from_hex converts |hex_len| bytes of hex data from |in| and sets |*out| to | ||||
3186 | * the result. |out->data| will be allocated using wmem_file_scope. Returns true on | ||||
3187 | * success. */ | ||||
3188 | static bool_Bool from_hex(StringInfo* out, const char* in, size_t hex_len) { | ||||
3189 | size_t i; | ||||
3190 | |||||
3191 | if (hex_len & 1) | ||||
3192 | return false0; | ||||
3193 | |||||
3194 | out->data = (unsigned char *)wmem_alloc(wmem_file_scope(), hex_len / 2); | ||||
3195 | for (i = 0; i < hex_len / 2; i++) { | ||||
3196 | int a = ws_xton(in[i*2]); | ||||
3197 | int b = ws_xton(in[i*2 + 1]); | ||||
3198 | if (a == -1 || b == -1) | ||||
3199 | return false0; | ||||
3200 | out->data[i] = a << 4 | b; | ||||
3201 | } | ||||
3202 | out->data_len = (unsigned)hex_len / 2; | ||||
3203 | return true1; | ||||
3204 | } | ||||
3205 | /* StringInfo structure (len + data) functions }}} */ | ||||
3206 | |||||
3207 | |||||
3208 | /* libgcrypt wrappers for HMAC/message digest operations {{{ */ | ||||
3209 | /* hmac abstraction layer */ | ||||
3210 | #define SSL_HMACgcry_md_hd_t gcry_md_hd_t | ||||
3211 | |||||
3212 | static inline int | ||||
3213 | ssl_hmac_init(SSL_HMACgcry_md_hd_t* md, int algo) | ||||
3214 | { | ||||
3215 | gcry_error_t err; | ||||
3216 | const char *err_str, *err_src; | ||||
3217 | |||||
3218 | err = gcry_md_open(md,algo, GCRY_MD_FLAG_HMAC); | ||||
3219 | if (err != 0) { | ||||
3220 | err_str = gcry_strerror(err); | ||||
3221 | err_src = gcry_strsource(err); | ||||
3222 | ssl_debug_printf("ssl_hmac_init(): gcry_md_open failed %s/%s", err_str, err_src); | ||||
3223 | return -1; | ||||
3224 | } | ||||
3225 | return 0; | ||||
3226 | } | ||||
3227 | |||||
3228 | static inline int | ||||
3229 | ssl_hmac_setkey(SSL_HMACgcry_md_hd_t* md, const void * key, int len) | ||||
3230 | { | ||||
3231 | gcry_error_t err; | ||||
3232 | const char *err_str, *err_src; | ||||
3233 | |||||
3234 | err = gcry_md_setkey (*(md), key, len); | ||||
3235 | if (err != 0) { | ||||
3236 | err_str = gcry_strerror(err); | ||||
3237 | err_src = gcry_strsource(err); | ||||
3238 | ssl_debug_printf("ssl_hmac_setkey(): gcry_md_setkey failed %s/%s", err_str, err_src); | ||||
3239 | return -1; | ||||
3240 | } | ||||
3241 | return 0; | ||||
3242 | } | ||||
3243 | |||||
3244 | static inline int | ||||
3245 | ssl_hmac_reset(SSL_HMACgcry_md_hd_t* md) | ||||
3246 | { | ||||
3247 | gcry_md_reset(*md); | ||||
3248 | return 0; | ||||
3249 | } | ||||
3250 | |||||
3251 | static inline void | ||||
3252 | ssl_hmac_update(SSL_HMACgcry_md_hd_t* md, const void* data, int len) | ||||
3253 | { | ||||
3254 | gcry_md_write(*(md), data, len); | ||||
3255 | } | ||||
3256 | static inline void | ||||
3257 | ssl_hmac_final(SSL_HMACgcry_md_hd_t* md, unsigned char* data, unsigned* datalen) | ||||
3258 | { | ||||
3259 | int algo; | ||||
3260 | unsigned len; | ||||
3261 | |||||
3262 | algo = gcry_md_get_algo (*(md)); | ||||
3263 | len = gcry_md_get_algo_dlen(algo); | ||||
3264 | DISSECTOR_ASSERT(len <= *datalen)((void) ((len <= *datalen) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 3264, "len <= *datalen")))); | ||||
3265 | memcpy(data, gcry_md_read(*(md), algo), len); | ||||
3266 | *datalen = len; | ||||
3267 | } | ||||
3268 | static inline void | ||||
3269 | ssl_hmac_cleanup(SSL_HMACgcry_md_hd_t* md) | ||||
3270 | { | ||||
3271 | gcry_md_close(*(md)); | ||||
3272 | } | ||||
3273 | |||||
3274 | /* message digest abstraction layer*/ | ||||
3275 | #define SSL_MDgcry_md_hd_t gcry_md_hd_t | ||||
3276 | |||||
3277 | static inline int | ||||
3278 | ssl_md_init(SSL_MDgcry_md_hd_t* md, int algo) | ||||
3279 | { | ||||
3280 | gcry_error_t err; | ||||
3281 | const char *err_str, *err_src; | ||||
3282 | err = gcry_md_open(md,algo, 0); | ||||
3283 | if (err != 0) { | ||||
3284 | err_str = gcry_strerror(err); | ||||
3285 | err_src = gcry_strsource(err); | ||||
3286 | ssl_debug_printf("ssl_md_init(): gcry_md_open failed %s/%s", err_str, err_src); | ||||
3287 | return -1; | ||||
3288 | } | ||||
3289 | return 0; | ||||
3290 | } | ||||
3291 | static inline void | ||||
3292 | ssl_md_update(SSL_MDgcry_md_hd_t* md, unsigned char* data, int len) | ||||
3293 | { | ||||
3294 | gcry_md_write(*(md), data, len); | ||||
3295 | } | ||||
3296 | static inline void | ||||
3297 | ssl_md_final(SSL_MDgcry_md_hd_t* md, unsigned char* data, unsigned* datalen) | ||||
3298 | { | ||||
3299 | int algo; | ||||
3300 | int len; | ||||
3301 | algo = gcry_md_get_algo (*(md)); | ||||
3302 | len = gcry_md_get_algo_dlen (algo); | ||||
3303 | memcpy(data, gcry_md_read(*(md), algo), len); | ||||
3304 | *datalen = len; | ||||
3305 | } | ||||
3306 | static inline void | ||||
3307 | ssl_md_cleanup(SSL_MDgcry_md_hd_t* md) | ||||
3308 | { | ||||
3309 | gcry_md_close(*(md)); | ||||
3310 | } | ||||
3311 | |||||
3312 | static inline void | ||||
3313 | ssl_md_reset(SSL_MDgcry_md_hd_t* md) | ||||
3314 | { | ||||
3315 | gcry_md_reset(*md); | ||||
3316 | } | ||||
3317 | |||||
3318 | /* md5 /sha abstraction layer */ | ||||
3319 | #define SSL_SHA_CTXgcry_md_hd_t gcry_md_hd_t | ||||
3320 | #define SSL_MD5_CTXgcry_md_hd_t gcry_md_hd_t | ||||
3321 | |||||
3322 | static inline int | ||||
3323 | ssl_sha_init(SSL_SHA_CTXgcry_md_hd_t* md) | ||||
3324 | { | ||||
3325 | gcry_error_t err; | ||||
3326 | const char *err_str, *err_src; | ||||
3327 | err = gcry_md_open(md, GCRY_MD_SHA1, 0); | ||||
3328 | if (err != 0) { | ||||
3329 | err_str = gcry_strerror(err); | ||||
3330 | err_src = gcry_strsource(err); | ||||
3331 | ssl_debug_printf("ssl_sha_init(): gcry_md_open failed %s/%s", err_str, err_src); | ||||
3332 | return -1; | ||||
3333 | } | ||||
3334 | return 0; | ||||
3335 | } | ||||
3336 | static inline void | ||||
3337 | ssl_sha_update(SSL_SHA_CTXgcry_md_hd_t* md, unsigned char* data, int len) | ||||
3338 | { | ||||
3339 | gcry_md_write(*(md), data, len); | ||||
3340 | } | ||||
3341 | static inline void | ||||
3342 | ssl_sha_final(unsigned char* buf, SSL_SHA_CTXgcry_md_hd_t* md) | ||||
3343 | { | ||||
3344 | memcpy(buf, gcry_md_read(*(md), GCRY_MD_SHA1), | ||||
3345 | gcry_md_get_algo_dlen(GCRY_MD_SHA1)); | ||||
3346 | } | ||||
3347 | |||||
3348 | static inline void | ||||
3349 | ssl_sha_reset(SSL_SHA_CTXgcry_md_hd_t* md) | ||||
3350 | { | ||||
3351 | gcry_md_reset(*md); | ||||
3352 | } | ||||
3353 | |||||
3354 | static inline void | ||||
3355 | ssl_sha_cleanup(SSL_SHA_CTXgcry_md_hd_t* md) | ||||
3356 | { | ||||
3357 | gcry_md_close(*(md)); | ||||
3358 | } | ||||
3359 | |||||
3360 | static inline int | ||||
3361 | ssl_md5_init(SSL_MD5_CTXgcry_md_hd_t* md) | ||||
3362 | { | ||||
3363 | gcry_error_t err; | ||||
3364 | const char *err_str, *err_src; | ||||
3365 | err = gcry_md_open(md,GCRY_MD_MD5, 0); | ||||
3366 | if (err != 0) { | ||||
3367 | err_str = gcry_strerror(err); | ||||
3368 | err_src = gcry_strsource(err); | ||||
3369 | ssl_debug_printf("ssl_md5_init(): gcry_md_open failed %s/%s", err_str, err_src); | ||||
3370 | return -1; | ||||
3371 | } | ||||
3372 | return 0; | ||||
3373 | } | ||||
3374 | static inline void | ||||
3375 | ssl_md5_update(SSL_MD5_CTXgcry_md_hd_t* md, unsigned char* data, int len) | ||||
3376 | { | ||||
3377 | gcry_md_write(*(md), data, len); | ||||
3378 | } | ||||
3379 | static inline void | ||||
3380 | ssl_md5_final(unsigned char* buf, SSL_MD5_CTXgcry_md_hd_t* md) | ||||
3381 | { | ||||
3382 | memcpy(buf, gcry_md_read(*(md), GCRY_MD_MD5), | ||||
3383 | gcry_md_get_algo_dlen(GCRY_MD_MD5)); | ||||
3384 | } | ||||
3385 | |||||
3386 | static inline void | ||||
3387 | ssl_md5_reset(SSL_MD5_CTXgcry_md_hd_t* md) | ||||
3388 | { | ||||
3389 | gcry_md_reset(*md); | ||||
3390 | } | ||||
3391 | |||||
3392 | static inline void | ||||
3393 | ssl_md5_cleanup(SSL_MD5_CTXgcry_md_hd_t* md) | ||||
3394 | { | ||||
3395 | gcry_md_close(*(md)); | ||||
3396 | } | ||||
3397 | /* libgcrypt wrappers for HMAC/message digest operations }}} */ | ||||
3398 | |||||
3399 | /* libgcrypt wrappers for Cipher state manipulation {{{ */ | ||||
3400 | int | ||||
3401 | ssl_cipher_setiv(SSL_CIPHER_CTXgcry_cipher_hd_t *cipher, unsigned char* iv, int iv_len) | ||||
3402 | { | ||||
3403 | int ret; | ||||
3404 | #if 0 | ||||
3405 | unsigned char *ivp; | ||||
3406 | int i; | ||||
3407 | gcry_cipher_hd_t c; | ||||
3408 | c=(gcry_cipher_hd_t)*cipher; | ||||
3409 | #endif | ||||
3410 | ssl_debug_printf("--------------------------------------------------------------------"); | ||||
3411 | #if 0 | ||||
3412 | for(ivp=c->iv,i=0; i < iv_len; i++ ) | ||||
3413 | { | ||||
3414 | ssl_debug_printf("%d ",ivp[i]); | ||||
3415 | i++; | ||||
3416 | } | ||||
3417 | #endif | ||||
3418 | ssl_debug_printf("--------------------------------------------------------------------"); | ||||
3419 | ret = gcry_cipher_setiv(*(cipher), iv, iv_len); | ||||
3420 | #if 0 | ||||
3421 | for(ivp=c->iv,i=0; i < iv_len; i++ ) | ||||
3422 | { | ||||
3423 | ssl_debug_printf("%d ",ivp[i]); | ||||
3424 | i++; | ||||
3425 | } | ||||
3426 | #endif | ||||
3427 | ssl_debug_printf("--------------------------------------------------------------------"); | ||||
3428 | return ret; | ||||
3429 | } | ||||
3430 | /* stream cipher abstraction layer*/ | ||||
3431 | static int | ||||
3432 | ssl_cipher_init(gcry_cipher_hd_t *cipher, int algo, unsigned char* sk, | ||||
3433 | unsigned char* iv, int mode) | ||||
3434 | { | ||||
3435 | int gcry_modes[] = { | ||||
3436 | GCRY_CIPHER_MODE_STREAM, | ||||
3437 | GCRY_CIPHER_MODE_CBC, | ||||
3438 | GCRY_CIPHER_MODE_GCM, | ||||
3439 | GCRY_CIPHER_MODE_CCM, | ||||
3440 | GCRY_CIPHER_MODE_CCM, | ||||
3441 | GCRY_CIPHER_MODE_POLY1305, | ||||
3442 | GCRY_CIPHER_MODE_ECB, /* used for DTLSv1.3 seq number encryption */ | ||||
3443 | }; | ||||
3444 | int err; | ||||
3445 | if (algo == -1) { | ||||
3446 | /* NULL mode */ | ||||
3447 | *(cipher) = (gcry_cipher_hd_t)-1; | ||||
3448 | return 0; | ||||
3449 | } | ||||
3450 | err = gcry_cipher_open(cipher, algo, gcry_modes[mode], 0); | ||||
3451 | if (err !=0) | ||||
3452 | return -1; | ||||
3453 | err = gcry_cipher_setkey(*(cipher), sk, gcry_cipher_get_algo_keylen (algo)); | ||||
3454 | if (err != 0) | ||||
3455 | return -1; | ||||
3456 | /* AEAD cipher suites will set the nonce later. */ | ||||
3457 | if (mode == MODE_CBC) { | ||||
3458 | err = gcry_cipher_setiv(*(cipher), iv, gcry_cipher_get_algo_blklen(algo)); | ||||
3459 | if (err != 0) | ||||
3460 | return -1; | ||||
3461 | } | ||||
3462 | return 0; | ||||
3463 | } | ||||
3464 | static inline int | ||||
3465 | ssl_cipher_decrypt(gcry_cipher_hd_t *cipher, unsigned char * out, int outl, | ||||
3466 | const unsigned char * in, int inl) | ||||
3467 | { | ||||
3468 | if ((*cipher) == (gcry_cipher_hd_t)-1) | ||||
3469 | { | ||||
3470 | if (in && inl) | ||||
3471 | memcpy(out, in, outl < inl ? outl : inl); | ||||
3472 | return 0; | ||||
3473 | } | ||||
3474 | return gcry_cipher_decrypt ( *(cipher), out, outl, in, inl); | ||||
3475 | } | ||||
3476 | static inline int | ||||
3477 | ssl_get_digest_by_name(const char*name) | ||||
3478 | { | ||||
3479 | return gcry_md_map_name(name); | ||||
3480 | } | ||||
3481 | static inline int | ||||
3482 | ssl_get_cipher_by_name(const char* name) | ||||
3483 | { | ||||
3484 | return gcry_cipher_map_name(name); | ||||
3485 | } | ||||
3486 | |||||
3487 | static inline void | ||||
3488 | ssl_cipher_cleanup(gcry_cipher_hd_t *cipher) | ||||
3489 | { | ||||
3490 | if ((*cipher) != (gcry_cipher_hd_t)-1) | ||||
3491 | gcry_cipher_close(*cipher); | ||||
3492 | *cipher = NULL((void*)0); | ||||
3493 | } | ||||
3494 | /* }}} */ | ||||
3495 | |||||
3496 | /* Digests, Ciphers and Cipher Suites registry {{{ */ | ||||
3497 | static const SslDigestAlgo digests[]={ | ||||
3498 | {"MD5", 16}, | ||||
3499 | {"SHA1", 20}, | ||||
3500 | {"SHA256", 32}, | ||||
3501 | {"SHA384", 48}, | ||||
3502 | {"SM3", 32}, | ||||
3503 | {"Not Applicable", 0}, | ||||
3504 | }; | ||||
3505 | |||||
3506 | #define DIGEST_MAX_SIZE48 48 | ||||
3507 | |||||
3508 | /* get index digest index */ | ||||
3509 | static const SslDigestAlgo * | ||||
3510 | ssl_cipher_suite_dig(const SslCipherSuite *cs) { | ||||
3511 | return &digests[cs->dig - DIG_MD50x40]; | ||||
| |||||
3512 | } | ||||
3513 | |||||
3514 | static const char *ciphers[]={ | ||||
3515 | "DES", | ||||
3516 | "3DES", | ||||
3517 | "ARCFOUR", /* libgcrypt does not support rc4, but this should be 100% compatible*/ | ||||
3518 | "RFC2268_128", /* libgcrypt name for RC2 with a 128-bit key */ | ||||
3519 | "IDEA", | ||||
3520 | "AES", | ||||
3521 | "AES256", | ||||
3522 | "CAMELLIA128", | ||||
3523 | "CAMELLIA256", | ||||
3524 | "SEED", | ||||
3525 | "CHACHA20", /* since Libgcrypt 1.7.0 */ | ||||
3526 | "SM1", | ||||
3527 | "SM4", | ||||
3528 | "*UNKNOWN*" | ||||
3529 | }; | ||||
3530 | |||||
3531 | static const SslCipherSuite cipher_suites[]={ | ||||
3532 | {0x0001,KEX_RSA0x1e, ENC_NULL0x3D, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_WITH_NULL_MD5 */ | ||||
3533 | {0x0002,KEX_RSA0x1e, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA */ | ||||
3534 | {0x0003,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ | ||||
3535 | {0x0004,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_MD5 */ | ||||
3536 | {0x0005,KEX_RSA0x1e, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_SHA */ | ||||
3537 | {0x0006,KEX_RSA0x1e, ENC_RC20x33, DIG_MD50x40, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ | ||||
3538 | {0x0007,KEX_RSA0x1e, ENC_IDEA0x34, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_IDEA_CBC_SHA */ | ||||
3539 | {0x0008,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3540 | {0x0009,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_DES_CBC_SHA */ | ||||
3541 | {0x000A,KEX_RSA0x1e, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */ | ||||
3542 | {0x000B,KEX_DH_DSS0x14, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3543 | {0x000C,KEX_DH_DSS0x14, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_DES_CBC_SHA */ | ||||
3544 | {0x000D,KEX_DH_DSS0x14, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */ | ||||
3545 | {0x000E,KEX_DH_RSA0x15, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3546 | {0x000F,KEX_DH_RSA0x15, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_DES_CBC_SHA */ | ||||
3547 | {0x0010,KEX_DH_RSA0x15, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */ | ||||
3548 | {0x0011,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3549 | {0x0012,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */ | ||||
3550 | {0x0013,KEX_DHE_DSS0x10, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */ | ||||
3551 | {0x0014,KEX_DHE_RSA0x12, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3552 | {0x0015,KEX_DHE_RSA0x12, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */ | ||||
3553 | {0x0016,KEX_DHE_RSA0x12, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ | ||||
3554 | {0x0017,KEX_DH_ANON0x13, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ | ||||
3555 | {0x0018,KEX_DH_ANON0x13, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_DH_anon_WITH_RC4_128_MD5 */ | ||||
3556 | {0x0019,KEX_DH_ANON0x13, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3557 | {0x001A,KEX_DH_ANON0x13, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_DES_CBC_SHA */ | ||||
3558 | {0x001B,KEX_DH_ANON0x13, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */ | ||||
3559 | {0x002C,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA */ | ||||
3560 | {0x002D,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA */ | ||||
3561 | {0x002E,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA */ | ||||
3562 | {0x002F,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA */ | ||||
3563 | {0x0030,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */ | ||||
3564 | {0x0031,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */ | ||||
3565 | {0x0032,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */ | ||||
3566 | {0x0033,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ | ||||
3567 | {0x0034,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ | ||||
3568 | {0x0035,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA */ | ||||
3569 | {0x0036,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */ | ||||
3570 | {0x0037,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */ | ||||
3571 | {0x0038,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */ | ||||
3572 | {0x0039,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ | ||||
3573 | {0x003A,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA */ | ||||
3574 | {0x003B,KEX_RSA0x1e, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA256 */ | ||||
3575 | {0x003C,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ | ||||
3576 | {0x003D,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ | ||||
3577 | {0x003E,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */ | ||||
3578 | {0x003F,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */ | ||||
3579 | {0x0040,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */ | ||||
3580 | {0x0041,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ | ||||
3581 | {0x0042,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */ | ||||
3582 | {0x0043,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */ | ||||
3583 | {0x0044,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */ | ||||
3584 | {0x0045,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ | ||||
3585 | {0x0046,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */ | ||||
3586 | {0x0060,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 */ | ||||
3587 | {0x0061,KEX_RSA0x1e, ENC_RC20x33, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 */ | ||||
3588 | {0x0062,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */ | ||||
3589 | {0x0063,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */ | ||||
3590 | {0x0064,KEX_RSA0x1e, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */ | ||||
3591 | {0x0065,KEX_DHE_DSS0x10, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA */ | ||||
3592 | {0x0066,KEX_DHE_DSS0x10, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_DSS_WITH_RC4_128_SHA */ | ||||
3593 | {0x0067,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ | ||||
3594 | {0x0068,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */ | ||||
3595 | {0x0069,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */ | ||||
3596 | {0x006A,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */ | ||||
3597 | {0x006B,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ | ||||
3598 | {0x006C,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */ | ||||
3599 | {0x006D,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */ | ||||
3600 | {0x0084,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ | ||||
3601 | {0x0085,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */ | ||||
3602 | {0x0086,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */ | ||||
3603 | {0x0087,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */ | ||||
3604 | {0x0088,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ | ||||
3605 | {0x0089,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */ | ||||
3606 | {0x008A,KEX_PSK0x1d, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_PSK_WITH_RC4_128_SHA */ | ||||
3607 | {0x008B,KEX_PSK0x1d, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_3DES_EDE_CBC_SHA */ | ||||
3608 | {0x008C,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_AES_128_CBC_SHA */ | ||||
3609 | {0x008D,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_AES_256_CBC_SHA */ | ||||
3610 | {0x008E,KEX_DHE_PSK0x11, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_PSK_WITH_RC4_128_SHA */ | ||||
3611 | {0x008F,KEX_DHE_PSK0x11, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA */ | ||||
3612 | {0x0090,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA */ | ||||
3613 | {0x0091,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA */ | ||||
3614 | {0x0092,KEX_RSA_PSK0x1f, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_PSK_WITH_RC4_128_SHA */ | ||||
3615 | {0x0093,KEX_RSA_PSK0x1f, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA */ | ||||
3616 | {0x0094,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA */ | ||||
3617 | {0x0095,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA */ | ||||
3618 | {0x0096,KEX_RSA0x1e, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_SEED_CBC_SHA */ | ||||
3619 | {0x0097,KEX_DH_DSS0x14, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_SEED_CBC_SHA */ | ||||
3620 | {0x0098,KEX_DH_RSA0x15, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_SEED_CBC_SHA */ | ||||
3621 | {0x0099,KEX_DHE_DSS0x10, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */ | ||||
3622 | {0x009A,KEX_DHE_RSA0x12, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */ | ||||
3623 | {0x009B,KEX_DH_ANON0x13, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_SEED_CBC_SHA */ | ||||
3624 | {0x009C,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ | ||||
3625 | {0x009D,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_WITH_AES_256_GCM_SHA384 */ | ||||
3626 | {0x009E,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ | ||||
3627 | {0x009F,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ | ||||
3628 | {0x00A0,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */ | ||||
3629 | {0x00A1,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */ | ||||
3630 | {0x00A2,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */ | ||||
3631 | {0x00A3,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */ | ||||
3632 | {0x00A4,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */ | ||||
3633 | {0x00A5,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */ | ||||
3634 | {0x00A6,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */ | ||||
3635 | {0x00A7,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ | ||||
3636 | {0x00A8,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_PSK_WITH_AES_128_GCM_SHA256 */ | ||||
3637 | {0x00A9,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_PSK_WITH_AES_256_GCM_SHA384 */ | ||||
3638 | {0x00AA,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */ | ||||
3639 | {0x00AB,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */ | ||||
3640 | {0x00AC,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 */ | ||||
3641 | {0x00AD,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 */ | ||||
3642 | {0x00AE,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ | ||||
3643 | {0x00AF,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ | ||||
3644 | {0x00B0,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA256 */ | ||||
3645 | {0x00B1,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA384 */ | ||||
3646 | {0x00B2,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ | ||||
3647 | {0x00B3,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ | ||||
3648 | {0x00B4,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA256 */ | ||||
3649 | {0x00B5,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA384 */ | ||||
3650 | {0x00B6,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 */ | ||||
3651 | {0x00B7,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 */ | ||||
3652 | {0x00B8,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA256 */ | ||||
3653 | {0x00B9,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA384 */ | ||||
3654 | {0x00BA,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3655 | {0x00BB,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3656 | {0x00BC,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3657 | {0x00BD,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3658 | {0x00BE,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3659 | {0x00BF,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3660 | {0x00C0,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ | ||||
3661 | {0x00C1,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */ | ||||
3662 | {0x00C2,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ | ||||
3663 | {0x00C3,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */ | ||||
3664 | {0x00C4,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ | ||||
3665 | {0x00C5,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */ | ||||
3666 | |||||
3667 | /* NOTE: TLS 1.3 cipher suites are incompatible with TLS 1.2. */ | ||||
3668 | {0x1301,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_AES_128_GCM_SHA256 */ | ||||
3669 | {0x1302,KEX_TLS130x23, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_AES_256_GCM_SHA384 */ | ||||
3670 | {0x1303,KEX_TLS130x23, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_CHACHA20_POLY1305_SHA256 */ | ||||
3671 | {0x1304,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM }, /* TLS_AES_128_CCM_SHA256 */ | ||||
3672 | {0x1305,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM_8 }, /* TLS_AES_128_CCM_8_SHA256 */ | ||||
3673 | {0x00C6,KEX_TLS130x23, ENC_SM40x3C, DIG_SM30x44, MODE_GCM }, /* TLS_SM4_GCM_SM3 */ | ||||
3674 | |||||
3675 | {0xC001,KEX_ECDH_ECDSA0x1a, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_NULL_SHA */ | ||||
3676 | {0xC002,KEX_ECDH_ECDSA0x1a, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ | ||||
3677 | {0xC003,KEX_ECDH_ECDSA0x1a, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ | ||||
3678 | {0xC004,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ | ||||
3679 | {0xC005,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ | ||||
3680 | {0xC006,KEX_ECDHE_ECDSA0x16, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ | ||||
3681 | {0xC007,KEX_ECDHE_ECDSA0x16, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ | ||||
3682 | {0xC008,KEX_ECDHE_ECDSA0x16, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ | ||||
3683 | {0xC009,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ | ||||
3684 | {0xC00A,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ | ||||
3685 | {0xC00B,KEX_ECDH_RSA0x1b, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_NULL_SHA */ | ||||
3686 | {0xC00C,KEX_ECDH_RSA0x1b, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */ | ||||
3687 | {0xC00D,KEX_ECDH_RSA0x1b, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ | ||||
3688 | {0xC00E,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ | ||||
3689 | {0xC00F,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ | ||||
3690 | {0xC0FF,KEX_ECJPAKE0x24, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECJPAKE_WITH_AES_128_CCM_8 */ | ||||
3691 | {0xC010,KEX_ECDHE_RSA0x18, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */ | ||||
3692 | {0xC011,KEX_ECDHE_RSA0x18, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ | ||||
3693 | {0xC012,KEX_ECDHE_RSA0x18, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ | ||||
3694 | {0xC013,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ | ||||
3695 | {0xC014,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ | ||||
3696 | {0xC015,KEX_ECDH_ANON0x19, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_anon_WITH_NULL_SHA */ | ||||
3697 | {0xC016,KEX_ECDH_ANON0x19, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_anon_WITH_RC4_128_SHA */ | ||||
3698 | {0xC017,KEX_ECDH_ANON0x19, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */ | ||||
3699 | {0xC018,KEX_ECDH_ANON0x19, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */ | ||||
3700 | {0xC019,KEX_ECDH_ANON0x19, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */ | ||||
3701 | {0xC01A,KEX_SRP_SHA0x20, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA */ | ||||
3702 | {0xC01B,KEX_SRP_SHA_RSA0x22, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA */ | ||||
3703 | {0xC01C,KEX_SRP_SHA_DSS0x21, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA */ | ||||
3704 | {0xC01D,KEX_SRP_SHA0x20, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_AES_128_CBC_SHA */ | ||||
3705 | {0xC01E,KEX_SRP_SHA_RSA0x22, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA */ | ||||
3706 | {0xC01F,KEX_SRP_SHA_DSS0x21, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA */ | ||||
3707 | {0xC020,KEX_SRP_SHA0x20, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_AES_256_CBC_SHA */ | ||||
3708 | {0xC021,KEX_SRP_SHA_RSA0x22, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA */ | ||||
3709 | {0xC022,KEX_SRP_SHA_DSS0x21, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA */ | ||||
3710 | {0xC023,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */ | ||||
3711 | {0xC024,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */ | ||||
3712 | {0xC025,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ | ||||
3713 | {0xC026,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ | ||||
3714 | {0xC027,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ | ||||
3715 | {0xC028,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ | ||||
3716 | {0xC029,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ | ||||
3717 | {0xC02A,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ | ||||
3718 | {0xC02B,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ | ||||
3719 | {0xC02C,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ | ||||
3720 | {0xC02D,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ | ||||
3721 | {0xC02E,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ | ||||
3722 | {0xC02F,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ | ||||
3723 | {0xC030,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ | ||||
3724 | {0xC031,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ | ||||
3725 | {0xC032,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ | ||||
3726 | {0xC033,KEX_ECDHE_PSK0x17, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_RC4_128_SHA */ | ||||
3727 | {0xC034,KEX_ECDHE_PSK0x17, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA */ | ||||
3728 | {0xC035,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA */ | ||||
3729 | {0xC036,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA */ | ||||
3730 | {0xC037,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ | ||||
3731 | {0xC038,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 */ | ||||
3732 | {0xC039,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA */ | ||||
3733 | {0xC03A,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ | ||||
3734 | {0xC03B,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA384 */ | ||||
3735 | {0xC072,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3736 | {0xC073,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */ | ||||
3737 | {0xC074,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3738 | {0xC075,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */ | ||||
3739 | {0xC076,KEX_ECDHE_RSA0x18, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3740 | {0xC077,KEX_ECDHE_RSA0x18, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 */ | ||||
3741 | {0xC078,KEX_ECDH_RSA0x1b, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3742 | {0xC079,KEX_ECDH_RSA0x1b, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 */ | ||||
3743 | {0xC07A,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3744 | {0xC07B,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3745 | {0xC07C,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3746 | {0xC07D,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3747 | {0xC07E,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3748 | {0xC07F,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3749 | {0xC080,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3750 | {0xC081,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3751 | {0xC082,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3752 | {0xC083,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3753 | {0xC084,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3754 | {0xC085,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3755 | {0xC086,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3756 | {0xC087,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3757 | {0xC088,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3758 | {0xC089,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3759 | {0xC08A,KEX_ECDHE_RSA0x18, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3760 | {0xC08B,KEX_ECDHE_RSA0x18, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3761 | {0xC08C,KEX_ECDH_RSA0x1b, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3762 | {0xC08D,KEX_ECDH_RSA0x1b, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3763 | {0xC08E,KEX_PSK0x1d, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3764 | {0xC08F,KEX_PSK0x1d, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3765 | {0xC090,KEX_DHE_PSK0x11, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3766 | {0xC091,KEX_DHE_PSK0x11, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3767 | {0xC092,KEX_RSA_PSK0x1f, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ | ||||
3768 | {0xC093,KEX_RSA_PSK0x1f, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ | ||||
3769 | {0xC094,KEX_PSK0x1d, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3770 | {0xC095,KEX_PSK0x1d, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | ||||
3771 | {0xC096,KEX_DHE_PSK0x11, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3772 | {0xC097,KEX_DHE_PSK0x11, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | ||||
3773 | {0xC098,KEX_RSA_PSK0x1f, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3774 | {0xC099,KEX_RSA_PSK0x1f, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | ||||
3775 | {0xC09A,KEX_ECDHE_PSK0x17, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ | ||||
3776 | {0xC09B,KEX_ECDHE_PSK0x17, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ | ||||
3777 | {0xC09C,KEX_RSA0x1e, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_RSA_WITH_AES_128_CCM */ | ||||
3778 | {0xC09D,KEX_RSA0x1e, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_RSA_WITH_AES_256_CCM */ | ||||
3779 | {0xC09E,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_128_CCM */ | ||||
3780 | {0xC09F,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_256_CCM */ | ||||
3781 | {0xC0A0,KEX_RSA0x1e, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_128_CCM_8 */ | ||||
3782 | {0xC0A1,KEX_RSA0x1e, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_256_CCM_8 */ | ||||
3783 | {0xC0A2,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_128_CCM_8 */ | ||||
3784 | {0xC0A3,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_256_CCM_8 */ | ||||
3785 | {0xC0A4,KEX_PSK0x1d, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_PSK_WITH_AES_128_CCM */ | ||||
3786 | {0xC0A5,KEX_PSK0x1d, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_PSK_WITH_AES_256_CCM */ | ||||
3787 | {0xC0A6,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_PSK_WITH_AES_128_CCM */ | ||||
3788 | {0xC0A7,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_PSK_WITH_AES_256_CCM */ | ||||
3789 | {0xC0A8,KEX_PSK0x1d, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_128_CCM_8 */ | ||||
3790 | {0xC0A9,KEX_PSK0x1d, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_256_CCM_8 */ | ||||
3791 | {0xC0AA,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_DHE_WITH_AES_128_CCM_8 */ | ||||
3792 | {0xC0AB,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_DHE_WITH_AES_256_CCM_8 */ | ||||
3793 | {0xC0AC,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */ | ||||
3794 | {0xC0AD,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM */ | ||||
3795 | {0xC0AE,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ | ||||
3796 | {0xC0AF,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */ | ||||
3797 | {0xCCA8,KEX_ECDHE_RSA0x18, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ | ||||
3798 | {0xCCA9,KEX_ECDHE_ECDSA0x16, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ | ||||
3799 | {0xCCAA,KEX_DHE_RSA0x12, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ | ||||
3800 | {0xCCAB,KEX_PSK0x1d, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | ||||
3801 | {0xCCAC,KEX_ECDHE_PSK0x17, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | ||||
3802 | {0xCCAD,KEX_DHE_PSK0x11, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | ||||
3803 | {0xCCAE,KEX_RSA_PSK0x1f, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 */ | ||||
3804 | {0xD001,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM}, /* TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ | ||||
3805 | {0xD002,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM}, /* TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 */ | ||||
3806 | {0xD003,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM_8}, /* TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 */ | ||||
3807 | {0xD005,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM}, /* TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 */ | ||||
3808 | /* GM */ | ||||
3809 | {0xe001,KEX_ECDHE_SM20x25, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* ECDHE_SM1_SM3 */ | ||||
3810 | {0xe003,KEX_ECC_SM20x26, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* ECC_SM1_SM3 */ | ||||
3811 | {0xe005,KEX_IBSDH_SM90x27, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* IBSDH_SM1_SM3 */ | ||||
3812 | {0xe007,KEX_IBC_SM90x28, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* IBC_SM1_SM3 */ | ||||
3813 | {0xe009,KEX_RSA0x1e, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* RSA_SM1_SM3 */ | ||||
3814 | {0xe00a,KEX_RSA0x1e, ENC_SM10x3B, DIG_SHA0x41, MODE_CBC}, /* RSA_SM1_SHA1 */ | ||||
3815 | {0xe011,KEX_ECDHE_SM20x25, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* ECDHE_SM4_CBC_SM3 */ | ||||
3816 | {0xe013,KEX_ECC_SM20x26, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* ECC_SM4_CBC_SM3 */ | ||||
3817 | {0xe015,KEX_IBSDH_SM90x27, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* IBSDH_SM4_CBC_SM3 */ | ||||
3818 | {0xe017,KEX_IBC_SM90x28, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* IBC_SM4_CBC_SM3 */ | ||||
3819 | {0xe019,KEX_RSA0x1e, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* RSA_SM4_CBC_SM3 */ | ||||
3820 | {0xe01a,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA0x41, MODE_CBC}, /* RSA_SM4_CBC_SHA1 */ | ||||
3821 | {0xe01c,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA2560x42, MODE_CBC}, /* RSA_SM4_CBC_SHA256 */ | ||||
3822 | {0xe051,KEX_ECDHE_SM20x25, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* ECDHE_SM4_GCM_SM3 */ | ||||
3823 | {0xe053,KEX_ECC_SM20x26, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* ECC_SM4_GCM_SM3 */ | ||||
3824 | {0xe055,KEX_IBSDH_SM90x27, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* IBSDH_SM4_GCM_SM3 */ | ||||
3825 | {0xe057,KEX_IBC_SM90x28, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* IBC_SM4_GCM_SM3 */ | ||||
3826 | {0xe059,KEX_RSA0x1e, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* RSA_SM4_GCM_SM3 */ | ||||
3827 | {0xe05a,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA2560x42, MODE_GCM}, /* RSA_SM4_GCM_SHA256 */ | ||||
3828 | {-1, 0, 0, 0, MODE_STREAM} | ||||
3829 | }; | ||||
3830 | |||||
3831 | #define MAX_BLOCK_SIZE16 16 | ||||
3832 | #define MAX_KEY_SIZE32 32 | ||||
3833 | |||||
3834 | const SslCipherSuite * | ||||
3835 | ssl_find_cipher(int num) | ||||
3836 | { | ||||
3837 | const SslCipherSuite *c; | ||||
3838 | for(c=cipher_suites;c->number!=-1;c++){ | ||||
3839 | if(c->number==num){ | ||||
3840 | return c; | ||||
3841 | } | ||||
3842 | } | ||||
3843 | |||||
3844 | return NULL((void*)0); | ||||
3845 | } | ||||
3846 | |||||
3847 | int | ||||
3848 | ssl_get_cipher_algo(const SslCipherSuite *cipher_suite) | ||||
3849 | { | ||||
3850 | return gcry_cipher_map_name(ciphers[cipher_suite->enc - ENC_START0x30]); | ||||
3851 | } | ||||
3852 | |||||
3853 | unsigned | ||||
3854 | ssl_get_cipher_blocksize(const SslCipherSuite *cipher_suite) | ||||
3855 | { | ||||
3856 | int cipher_algo; | ||||
3857 | if (cipher_suite->mode != MODE_CBC) return 0; | ||||
3858 | cipher_algo = ssl_get_cipher_by_name(ciphers[cipher_suite->enc - ENC_START0x30]); | ||||
3859 | return (unsigned)gcry_cipher_get_algo_blklen(cipher_algo); | ||||
3860 | } | ||||
3861 | |||||
3862 | static unsigned | ||||
3863 | ssl_get_cipher_export_keymat_size(int cipher_suite_num) | ||||
3864 | { | ||||
3865 | switch (cipher_suite_num) { | ||||
3866 | /* See RFC 6101 (SSL 3.0), Table 2, column Key Material. */ | ||||
3867 | case 0x0003: /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ | ||||
3868 | case 0x0006: /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ | ||||
3869 | case 0x0008: /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3870 | case 0x000B: /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3871 | case 0x000E: /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3872 | case 0x0011: /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3873 | case 0x0014: /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3874 | case 0x0017: /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ | ||||
3875 | case 0x0019: /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ | ||||
3876 | return 5; | ||||
3877 | |||||
3878 | /* not defined in below draft, but "implemented by several vendors", | ||||
3879 | * https://www.ietf.org/mail-archive/web/tls/current/msg00036.html */ | ||||
3880 | case 0x0060: /* TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 */ | ||||
3881 | case 0x0061: /* TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 */ | ||||
3882 | return 7; | ||||
3883 | |||||
3884 | /* Note: the draft states that DES_CBC needs 8 bytes, but Wireshark always | ||||
3885 | * used 7. Until a pcap proves 8, let's use the old value. Link: | ||||
3886 | * https://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01 */ | ||||
3887 | case 0x0062: /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */ | ||||
3888 | case 0x0063: /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */ | ||||
3889 | case 0x0064: /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */ | ||||
3890 | case 0x0065: /* TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA */ | ||||
3891 | return 7; | ||||
3892 | |||||
3893 | default: | ||||
3894 | return 0; | ||||
3895 | } | ||||
3896 | } | ||||
3897 | |||||
3898 | /* Digests, Ciphers and Cipher Suites registry }}} */ | ||||
3899 | |||||
3900 | |||||
3901 | /* HMAC and the Pseudorandom function {{{ */ | ||||
3902 | static int | ||||
3903 | tls_hash(StringInfo *secret, StringInfo *seed, int md, | ||||
3904 | StringInfo *out, unsigned out_len) | ||||
3905 | { | ||||
3906 | /* RFC 2246 5. HMAC and the pseudorandom function | ||||
3907 | * '+' denotes concatenation. | ||||
3908 | * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + | ||||
3909 | * HMAC_hash(secret, A(2) + seed) + ... | ||||
3910 | * A(0) = seed | ||||
3911 | * A(i) = HMAC_hash(secret, A(i - 1)) | ||||
3912 | */ | ||||
3913 | uint8_t *ptr; | ||||
3914 | unsigned left, tocpy; | ||||
3915 | uint8_t *A; | ||||
3916 | uint8_t _A[DIGEST_MAX_SIZE48], tmp[DIGEST_MAX_SIZE48]; | ||||
3917 | unsigned A_l, tmp_l; | ||||
3918 | SSL_HMACgcry_md_hd_t hm; | ||||
3919 | |||||
3920 | ptr = out->data; | ||||
3921 | left = out_len; | ||||
3922 | |||||
3923 | ssl_print_string("tls_hash: hash secret", secret); | ||||
3924 | ssl_print_string("tls_hash: hash seed", seed); | ||||
3925 | /* A(0) = seed */ | ||||
3926 | A = seed->data; | ||||
3927 | A_l = seed->data_len; | ||||
3928 | |||||
3929 | if (ssl_hmac_init(&hm, md) != 0) { | ||||
3930 | return -1; | ||||
3931 | } | ||||
3932 | while (left) { | ||||
3933 | /* A(i) = HMAC_hash(secret, A(i-1)) */ | ||||
3934 | ssl_hmac_setkey(&hm, secret->data, secret->data_len); | ||||
3935 | ssl_hmac_update(&hm, A, A_l); | ||||
3936 | A_l = sizeof(_A); /* upper bound len for hash output */ | ||||
3937 | ssl_hmac_final(&hm, _A, &A_l); | ||||
3938 | A = _A; | ||||
3939 | |||||
3940 | /* HMAC_hash(secret, A(i) + seed) */ | ||||
3941 | ssl_hmac_reset(&hm); | ||||
3942 | ssl_hmac_setkey(&hm, secret->data, secret->data_len); | ||||
3943 | ssl_hmac_update(&hm, A, A_l); | ||||
3944 | ssl_hmac_update(&hm, seed->data, seed->data_len); | ||||
3945 | tmp_l = sizeof(tmp); /* upper bound len for hash output */ | ||||
3946 | ssl_hmac_final(&hm, tmp, &tmp_l); | ||||
3947 | ssl_hmac_reset(&hm); | ||||
3948 | |||||
3949 | /* ssl_hmac_final puts the actual digest output size in tmp_l */ | ||||
3950 | tocpy = MIN(left, tmp_l)(((left) < (tmp_l)) ? (left) : (tmp_l)); | ||||
3951 | memcpy(ptr, tmp, tocpy); | ||||
3952 | ptr += tocpy; | ||||
3953 | left -= tocpy; | ||||
3954 | } | ||||
3955 | ssl_hmac_cleanup(&hm); | ||||
3956 | out->data_len = out_len; | ||||
3957 | |||||
3958 | ssl_print_string("hash out", out); | ||||
3959 | return 0; | ||||
3960 | } | ||||
3961 | |||||
3962 | static bool_Bool | ||||
3963 | tls_prf(StringInfo* secret, const char *usage, | ||||
3964 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) | ||||
3965 | { | ||||
3966 | StringInfo seed, sha_out, md5_out; | ||||
3967 | uint8_t *ptr; | ||||
3968 | StringInfo s1, s2; | ||||
3969 | unsigned i,s_l; | ||||
3970 | size_t usage_len, rnd2_len; | ||||
3971 | bool_Bool success = false0; | ||||
3972 | usage_len = strlen(usage); | ||||
3973 | rnd2_len = rnd2 ? rnd2->data_len : 0; | ||||
3974 | |||||
3975 | /* initialize buffer for sha, md5 random seed*/ | ||||
3976 | if (ssl_data_alloc(&sha_out, MAX(out_len, 20)(((out_len) > (20)) ? (out_len) : (20))) < 0) { | ||||
3977 | ssl_debug_printf("tls_prf: can't allocate sha out\n"); | ||||
3978 | return false0; | ||||
3979 | } | ||||
3980 | if (ssl_data_alloc(&md5_out, MAX(out_len, 16)(((out_len) > (16)) ? (out_len) : (16))) < 0) { | ||||
3981 | ssl_debug_printf("tls_prf: can't allocate md5 out\n"); | ||||
3982 | goto free_sha; | ||||
3983 | } | ||||
3984 | if (ssl_data_alloc(&seed, usage_len+rnd1->data_len+rnd2_len) < 0) { | ||||
3985 | ssl_debug_printf("tls_prf: can't allocate rnd %d\n", | ||||
3986 | (int) (usage_len+rnd1->data_len+rnd2_len)); | ||||
3987 | goto free_md5; | ||||
3988 | } | ||||
3989 | |||||
3990 | ptr=seed.data; | ||||
3991 | memcpy(ptr,usage,usage_len); | ||||
3992 | ptr+=usage_len; | ||||
3993 | memcpy(ptr,rnd1->data,rnd1->data_len); | ||||
3994 | if (rnd2_len > 0) { | ||||
3995 | ptr+=rnd1->data_len; | ||||
3996 | memcpy(ptr,rnd2->data,rnd2->data_len); | ||||
3997 | /*ptr+=rnd2->data_len;*/ | ||||
3998 | } | ||||
3999 | |||||
4000 | /* initialize buffer for client/server seeds*/ | ||||
4001 | s_l=secret->data_len/2 + secret->data_len%2; | ||||
4002 | if (ssl_data_alloc(&s1, s_l) < 0) { | ||||
4003 | ssl_debug_printf("tls_prf: can't allocate secret %d\n", s_l); | ||||
4004 | goto free_seed; | ||||
4005 | } | ||||
4006 | if (ssl_data_alloc(&s2, s_l) < 0) { | ||||
4007 | ssl_debug_printf("tls_prf: can't allocate secret(2) %d\n", s_l); | ||||
4008 | goto free_s1; | ||||
4009 | } | ||||
4010 | |||||
4011 | memcpy(s1.data,secret->data,s_l); | ||||
4012 | memcpy(s2.data,secret->data + (secret->data_len - s_l),s_l); | ||||
4013 | |||||
4014 | ssl_debug_printf("tls_prf: tls_hash(md5 secret_len %d seed_len %d )\n", s1.data_len, seed.data_len); | ||||
4015 | if(tls_hash(&s1, &seed, ssl_get_digest_by_name("MD5"), &md5_out, out_len) != 0) | ||||
4016 | goto free_s2; | ||||
4017 | ssl_debug_printf("tls_prf: tls_hash(sha)\n"); | ||||
4018 | if(tls_hash(&s2, &seed, ssl_get_digest_by_name("SHA1"), &sha_out, out_len) != 0) | ||||
4019 | goto free_s2; | ||||
4020 | |||||
4021 | for (i = 0; i < out_len; i++) | ||||
4022 | out->data[i] = md5_out.data[i] ^ sha_out.data[i]; | ||||
4023 | /* success, now store the new meaningful data length */ | ||||
4024 | out->data_len = out_len; | ||||
4025 | success = true1; | ||||
4026 | |||||
4027 | ssl_print_string("PRF out",out); | ||||
4028 | free_s2: | ||||
4029 | g_free(s2.data); | ||||
4030 | free_s1: | ||||
4031 | g_free(s1.data); | ||||
4032 | free_seed: | ||||
4033 | g_free(seed.data); | ||||
4034 | free_md5: | ||||
4035 | g_free(md5_out.data); | ||||
4036 | free_sha: | ||||
4037 | g_free(sha_out.data); | ||||
4038 | return success; | ||||
4039 | } | ||||
4040 | |||||
4041 | static bool_Bool | ||||
4042 | tls12_prf(int md, StringInfo* secret, const char* usage, | ||||
4043 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) | ||||
4044 | { | ||||
4045 | StringInfo label_seed; | ||||
4046 | int success; | ||||
4047 | size_t usage_len, rnd2_len; | ||||
4048 | rnd2_len = rnd2 ? rnd2->data_len : 0; | ||||
4049 | |||||
4050 | usage_len = strlen(usage); | ||||
4051 | if (ssl_data_alloc(&label_seed, usage_len+rnd1->data_len+rnd2_len) < 0) { | ||||
4052 | ssl_debug_printf("tls12_prf: can't allocate label_seed\n"); | ||||
4053 | return false0; | ||||
4054 | } | ||||
4055 | memcpy(label_seed.data, usage, usage_len); | ||||
4056 | memcpy(label_seed.data+usage_len, rnd1->data, rnd1->data_len); | ||||
4057 | if (rnd2_len > 0) | ||||
4058 | memcpy(label_seed.data+usage_len+rnd1->data_len, rnd2->data, rnd2->data_len); | ||||
4059 | |||||
4060 | ssl_debug_printf("tls12_prf: tls_hash(hash_alg %s secret_len %d seed_len %d )\n", gcry_md_algo_name(md), secret->data_len, label_seed.data_len); | ||||
4061 | success = tls_hash(secret, &label_seed, md, out, out_len); | ||||
4062 | g_free(label_seed.data); | ||||
4063 | if(success != -1){ | ||||
4064 | ssl_print_string("PRF out", out); | ||||
4065 | return true1; | ||||
4066 | } | ||||
4067 | return false0; | ||||
4068 | } | ||||
4069 | |||||
4070 | static bool_Bool | ||||
4071 | ssl3_generate_export_iv(StringInfo *r1, StringInfo *r2, | ||||
4072 | StringInfo *out, unsigned out_len) | ||||
4073 | { | ||||
4074 | SSL_MD5_CTXgcry_md_hd_t md5; | ||||
4075 | uint8_t tmp[16]; | ||||
4076 | |||||
4077 | if (ssl_md5_init(&md5) != 0) { | ||||
4078 | return false0; | ||||
4079 | } | ||||
4080 | ssl_md5_update(&md5,r1->data,r1->data_len); | ||||
4081 | ssl_md5_update(&md5,r2->data,r2->data_len); | ||||
4082 | ssl_md5_final(tmp,&md5); | ||||
4083 | ssl_md5_cleanup(&md5); | ||||
4084 | |||||
4085 | DISSECTOR_ASSERT(out_len <= sizeof(tmp))((void) ((out_len <= sizeof(tmp)) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 4085, "out_len <= sizeof(tmp)")))); | ||||
4086 | ssl_data_set(out, tmp, out_len); | ||||
4087 | ssl_print_string("export iv", out); | ||||
4088 | return true1; | ||||
4089 | } | ||||
4090 | |||||
4091 | static bool_Bool | ||||
4092 | ssl3_prf(StringInfo* secret, const char* usage, | ||||
4093 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) | ||||
4094 | { | ||||
4095 | SSL_MD5_CTXgcry_md_hd_t md5; | ||||
4096 | SSL_SHA_CTXgcry_md_hd_t sha; | ||||
4097 | unsigned off; | ||||
4098 | int i = 0,j; | ||||
4099 | uint8_t buf[20]; | ||||
4100 | |||||
4101 | if (ssl_sha_init(&sha) != 0) { | ||||
4102 | return false0; | ||||
4103 | } | ||||
4104 | if (ssl_md5_init(&md5) != 0) { | ||||
4105 | ssl_sha_cleanup(&sha); | ||||
4106 | return false0; | ||||
4107 | } | ||||
4108 | for (off = 0; off < out_len; off += 16) { | ||||
4109 | unsigned char outbuf[16]; | ||||
4110 | i++; | ||||
4111 | |||||
4112 | ssl_debug_printf("ssl3_prf: sha1_hash(%d)\n",i); | ||||
4113 | /* A, BB, CCC, ... */ | ||||
4114 | for(j=0;j<i;j++){ | ||||
4115 | buf[j]=64+i; | ||||
4116 | } | ||||
4117 | |||||
4118 | ssl_sha_update(&sha,buf,i); | ||||
4119 | ssl_sha_update(&sha,secret->data,secret->data_len); | ||||
4120 | |||||
4121 | if(!strcmp(usage,"client write key") || !strcmp(usage,"server write key")){ | ||||
4122 | if (rnd2) | ||||
4123 | ssl_sha_update(&sha,rnd2->data,rnd2->data_len); | ||||
4124 | ssl_sha_update(&sha,rnd1->data,rnd1->data_len); | ||||
4125 | } | ||||
4126 | else{ | ||||
4127 | ssl_sha_update(&sha,rnd1->data,rnd1->data_len); | ||||
4128 | if (rnd2) | ||||
4129 | ssl_sha_update(&sha,rnd2->data,rnd2->data_len); | ||||
4130 | } | ||||
4131 | |||||
4132 | ssl_sha_final(buf,&sha); | ||||
4133 | ssl_sha_reset(&sha); | ||||
4134 | |||||
4135 | ssl_debug_printf("ssl3_prf: md5_hash(%d) datalen %d\n",i, | ||||
4136 | secret->data_len); | ||||
4137 | ssl_md5_update(&md5,secret->data,secret->data_len); | ||||
4138 | ssl_md5_update(&md5,buf,20); | ||||
4139 | ssl_md5_final(outbuf,&md5); | ||||
4140 | ssl_md5_reset(&md5); | ||||
4141 | |||||
4142 | memcpy(out->data + off, outbuf, MIN(out_len - off, 16)(((out_len - off) < (16)) ? (out_len - off) : (16))); | ||||
4143 | } | ||||
4144 | ssl_sha_cleanup(&sha); | ||||
4145 | ssl_md5_cleanup(&md5); | ||||
4146 | out->data_len = out_len; | ||||
4147 | |||||
4148 | return true1; | ||||
4149 | } | ||||
4150 | |||||
4151 | /* out_len is the wanted output length for the pseudorandom function. | ||||
4152 | * Ensure that ssl->cipher_suite is set. */ | ||||
4153 | static bool_Bool | ||||
4154 | prf(SslDecryptSession *ssl, StringInfo *secret, const char *usage, | ||||
4155 | StringInfo *rnd1, StringInfo *rnd2, StringInfo *out, unsigned out_len) | ||||
4156 | { | ||||
4157 | switch (ssl->session.version) { | ||||
4158 | case SSLV3_VERSION0x300: | ||||
4159 | return ssl3_prf(secret, usage, rnd1, rnd2, out, out_len); | ||||
4160 | |||||
4161 | case TLSV1_VERSION0x301: | ||||
4162 | case TLSV1DOT1_VERSION0x302: | ||||
4163 | case DTLSV1DOT0_VERSION0xfeff: | ||||
4164 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | ||||
4165 | return tls_prf(secret, usage, rnd1, rnd2, out, out_len); | ||||
4166 | |||||
4167 | default: /* TLSv1.2 */ | ||||
4168 | switch (ssl->cipher_suite->dig) { | ||||
4169 | case DIG_SM30x44: | ||||
4170 | #if GCRYPT_VERSION_NUMBER0x010a03 >= 0x010900 | ||||
4171 | return tls12_prf(GCRY_MD_SM3, secret, usage, rnd1, rnd2, | ||||
4172 | out, out_len); | ||||
4173 | #else | ||||
4174 | return false0; | ||||
4175 | #endif | ||||
4176 | case DIG_SHA3840x43: | ||||
4177 | return tls12_prf(GCRY_MD_SHA384, secret, usage, rnd1, rnd2, | ||||
4178 | out, out_len); | ||||
4179 | default: | ||||
4180 | return tls12_prf(GCRY_MD_SHA256, secret, usage, rnd1, rnd2, | ||||
4181 | out, out_len); | ||||
4182 | } | ||||
4183 | } | ||||
4184 | } | ||||
4185 | |||||
4186 | static int tls_handshake_hash(SslDecryptSession* ssl, StringInfo* out) | ||||
4187 | { | ||||
4188 | SSL_MD5_CTXgcry_md_hd_t md5; | ||||
4189 | SSL_SHA_CTXgcry_md_hd_t sha; | ||||
4190 | |||||
4191 | if (ssl_data_alloc(out, 36) < 0) | ||||
4192 | return -1; | ||||
4193 | |||||
4194 | if (ssl_md5_init(&md5) != 0) | ||||
4195 | return -1; | ||||
4196 | ssl_md5_update(&md5,ssl->handshake_data.data,ssl->handshake_data.data_len); | ||||
4197 | ssl_md5_final(out->data,&md5); | ||||
4198 | ssl_md5_cleanup(&md5); | ||||
4199 | |||||
4200 | if (ssl_sha_init(&sha) != 0) | ||||
4201 | return -1; | ||||
4202 | ssl_sha_update(&sha,ssl->handshake_data.data,ssl->handshake_data.data_len); | ||||
4203 | ssl_sha_final(out->data+16,&sha); | ||||
4204 | ssl_sha_cleanup(&sha); | ||||
4205 | return 0; | ||||
4206 | } | ||||
4207 | |||||
4208 | static int tls12_handshake_hash(SslDecryptSession* ssl, int md, StringInfo* out) | ||||
4209 | { | ||||
4210 | SSL_MDgcry_md_hd_t mc; | ||||
4211 | uint8_t tmp[48]; | ||||
4212 | unsigned len; | ||||
4213 | |||||
4214 | if (ssl_md_init(&mc, md) != 0) | ||||
4215 | return -1; | ||||
4216 | ssl_md_update(&mc,ssl->handshake_data.data,ssl->handshake_data.data_len); | ||||
4217 | ssl_md_final(&mc, tmp, &len); | ||||
4218 | ssl_md_cleanup(&mc); | ||||
4219 | |||||
4220 | if (ssl_data_alloc(out, len) < 0) | ||||
4221 | return -1; | ||||
4222 | memcpy(out->data, tmp, len); | ||||
4223 | return 0; | ||||
4224 | } | ||||
4225 | |||||
4226 | /** | ||||
4227 | * Obtains the label prefix used in HKDF-Expand-Label. This function can be | ||||
4228 | * inlined and removed once support for draft 19 and before is dropped. | ||||
4229 | */ | ||||
4230 | static inline const char * | ||||
4231 | tls13_hkdf_label_prefix(SslDecryptSession *ssl_session) | ||||
4232 | { | ||||
4233 | if (ssl_session->session.tls13_draft_version && ssl_session->session.tls13_draft_version < 20) { | ||||
4234 | return "TLS 1.3, "; | ||||
4235 | } else if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { | ||||
4236 | return "dtls13"; | ||||
4237 | } else { | ||||
4238 | return "tls13 "; | ||||
4239 | } | ||||
4240 | } | ||||
4241 | |||||
4242 | /* | ||||
4243 | * Computes HKDF-Expand-Label(Secret, Label, Hash(context_value), Length) with a | ||||
4244 | * custom label prefix. If "context_hash" is NULL, then an empty context is | ||||
4245 | * used. Otherwise it must have the same length as the hash algorithm output. | ||||
4246 | */ | ||||
4247 | bool_Bool | ||||
4248 | tls13_hkdf_expand_label_context(int md, const StringInfo *secret, | ||||
4249 | const char *label_prefix, const char *label, | ||||
4250 | const uint8_t *context_hash, uint8_t context_length, | ||||
4251 | uint16_t out_len, unsigned char **out) | ||||
4252 | { | ||||
4253 | /* RFC 8446 Section 7.1: | ||||
4254 | * HKDF-Expand-Label(Secret, Label, Context, Length) = | ||||
4255 | * HKDF-Expand(Secret, HkdfLabel, Length) | ||||
4256 | * struct { | ||||
4257 | * uint16 length = Length; | ||||
4258 | * opaque label<7..255> = "tls13 " + Label; // "tls13 " is label prefix. | ||||
4259 | * opaque context<0..255> = Context; | ||||
4260 | * } HkdfLabel; | ||||
4261 | * | ||||
4262 | * RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF): | ||||
4263 | * HKDF-Expand(PRK, info, L) -> OKM | ||||
4264 | */ | ||||
4265 | gcry_error_t err; | ||||
4266 | const unsigned label_prefix_length = (unsigned) strlen(label_prefix); | ||||
4267 | const unsigned label_length = (unsigned) strlen(label); | ||||
4268 | |||||
4269 | /* Some sanity checks */ | ||||
4270 | DISSECTOR_ASSERT(label_length > 0 && label_prefix_length + label_length <= 255)((void) ((label_length > 0 && label_prefix_length + label_length <= 255) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 4270, "label_length > 0 && label_prefix_length + label_length <= 255" )))); | ||||
4271 | |||||
4272 | /* info = HkdfLabel { length, label, context } */ | ||||
4273 | GByteArray *info = g_byte_array_new(); | ||||
4274 | const uint16_t length = g_htons(out_len)(((((guint16) ( (guint16) ((guint16) (out_len) >> 8) | ( guint16) ((guint16) (out_len) << 8)))))); | ||||
4275 | g_byte_array_append(info, (const uint8_t *)&length, sizeof(length)); | ||||
4276 | |||||
4277 | const uint8_t label_vector_length = label_prefix_length + label_length; | ||||
4278 | g_byte_array_append(info, &label_vector_length, 1); | ||||
4279 | g_byte_array_append(info, (const uint8_t *)label_prefix, label_prefix_length); | ||||
4280 | g_byte_array_append(info, (const uint8_t*)label, label_length); | ||||
4281 | |||||
4282 | g_byte_array_append(info, &context_length, 1); | ||||
4283 | if (context_length) { | ||||
4284 | g_byte_array_append(info, context_hash, context_length); | ||||
4285 | } | ||||
4286 | |||||
4287 | *out = (unsigned char *)wmem_alloc(NULL((void*)0), out_len); | ||||
4288 | err = hkdf_expand(md, secret->data, secret->data_len, info->data, info->len, *out, out_len); | ||||
4289 | g_byte_array_free(info, true1); | ||||
4290 | |||||
4291 | if (err) { | ||||
4292 | ssl_debug_printf("%s failed %d: %s\n", G_STRFUNC((const char*) (__func__)), md, gcry_strerror(err)); | ||||
4293 | wmem_free(NULL((void*)0), *out); | ||||
4294 | *out = NULL((void*)0); | ||||
4295 | return false0; | ||||
4296 | } | ||||
4297 | |||||
4298 | return true1; | ||||
4299 | } | ||||
4300 | |||||
4301 | bool_Bool | ||||
4302 | tls13_hkdf_expand_label(int md, const StringInfo *secret, | ||||
4303 | const char *label_prefix, const char *label, | ||||
4304 | uint16_t out_len, unsigned char **out) | ||||
4305 | { | ||||
4306 | return tls13_hkdf_expand_label_context(md, secret, label_prefix, label, NULL((void*)0), 0, out_len, out); | ||||
4307 | } | ||||
4308 | /* HMAC and the Pseudorandom function }}} */ | ||||
4309 | |||||
4310 | /* Record Decompression (after decryption) {{{ */ | ||||
4311 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | ||||
4312 | /* memory allocation functions for zlib initialization */ | ||||
4313 | static void* ssl_zalloc(void* opaque _U___attribute__((unused)), unsigned int no, unsigned int size) | ||||
4314 | { | ||||
4315 | return g_malloc0(no*size); | ||||
4316 | } | ||||
4317 | static void ssl_zfree(void* opaque _U___attribute__((unused)), void* addr) | ||||
4318 | { | ||||
4319 | g_free(addr); | ||||
4320 | } | ||||
4321 | #endif | ||||
4322 | |||||
4323 | static SslDecompress* | ||||
4324 | ssl_create_decompressor(int compression) | ||||
4325 | { | ||||
4326 | SslDecompress *decomp; | ||||
4327 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | ||||
4328 | int err; | ||||
4329 | #endif | ||||
4330 | |||||
4331 | if (compression == 0) return NULL((void*)0); | ||||
4332 | ssl_debug_printf("ssl_create_decompressor: compression method %d\n", compression); | ||||
4333 | decomp = wmem_new(wmem_file_scope(), SslDecompress)((SslDecompress*)wmem_alloc((wmem_file_scope()), sizeof(SslDecompress ))); | ||||
4334 | decomp->compression = compression; | ||||
4335 | switch (decomp->compression) { | ||||
4336 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | ||||
4337 | case 1: /* DEFLATE */ | ||||
4338 | decomp->istream.zalloc = ssl_zalloc; | ||||
4339 | decomp->istream.zfree = ssl_zfree; | ||||
4340 | decomp->istream.opaque = Z_NULL0; | ||||
4341 | decomp->istream.next_in = Z_NULL0; | ||||
4342 | decomp->istream.next_out = Z_NULL0; | ||||
4343 | decomp->istream.avail_in = 0; | ||||
4344 | decomp->istream.avail_out = 0; | ||||
4345 | err = ZLIB_PREFIX(inflateInit)(&decomp->istream)inflateInit_((&decomp->istream), "1.3", (int)sizeof(z_stream )); | ||||
4346 | if (err != Z_OK0) { | ||||
4347 | ssl_debug_printf("ssl_create_decompressor: inflateInit_() failed - %d\n", err); | ||||
4348 | return NULL((void*)0); | ||||
4349 | } | ||||
4350 | break; | ||||
4351 | #endif | ||||
4352 | default: | ||||
4353 | ssl_debug_printf("ssl_create_decompressor: unsupported compression method %d\n", decomp->compression); | ||||
4354 | return NULL((void*)0); | ||||
4355 | } | ||||
4356 | return decomp; | ||||
4357 | } | ||||
4358 | |||||
4359 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | ||||
4360 | static int | ||||
4361 | ssl_decompress_record(SslDecompress* decomp, const unsigned char* in, unsigned inl, StringInfo* out_str, unsigned* outl) | ||||
4362 | { | ||||
4363 | int err; | ||||
4364 | |||||
4365 | switch (decomp->compression) { | ||||
4366 | case 1: /* DEFLATE */ | ||||
4367 | err = Z_OK0; | ||||
4368 | if (out_str->data_len < 16384) { /* maximal plain length */ | ||||
4369 | ssl_data_realloc(out_str, 16384); | ||||
4370 | } | ||||
4371 | #ifdef z_constconst | ||||
4372 | decomp->istream.next_in = in; | ||||
4373 | #else | ||||
4374 | DIAG_OFF(cast-qual)clang diagnostic push
clang diagnostic ignored "-Wcast-qual" | ||||
4375 | decomp->istream.next_in = (Bytef *)in; | ||||
4376 | DIAG_ON(cast-qual)clang diagnostic pop | ||||
4377 | #endif | ||||
4378 | decomp->istream.avail_in = inl; | ||||
4379 | decomp->istream.next_out = out_str->data; | ||||
4380 | decomp->istream.avail_out = out_str->data_len; | ||||
4381 | if (inl > 0) | ||||
4382 | err = ZLIB_PREFIX(inflate)inflate(&decomp->istream, Z_SYNC_FLUSH2); | ||||
4383 | if (err != Z_OK0) { | ||||
4384 | ssl_debug_printf("ssl_decompress_record: inflate() failed - %d\n", err); | ||||
4385 | return -1; | ||||
4386 | } | ||||
4387 | *outl = out_str->data_len - decomp->istream.avail_out; | ||||
4388 | break; | ||||
4389 | default: | ||||
4390 | ssl_debug_printf("ssl_decompress_record: unsupported compression method %d\n", decomp->compression); | ||||
4391 | return -1; | ||||
4392 | } | ||||
4393 | return 0; | ||||
4394 | } | ||||
4395 | #else | ||||
4396 | int | ||||
4397 | ssl_decompress_record(SslDecompress* decomp _U___attribute__((unused)), const unsigned char* in _U___attribute__((unused)), unsigned inl _U___attribute__((unused)), StringInfo* out_str _U___attribute__((unused)), unsigned* outl _U___attribute__((unused))) | ||||
4398 | { | ||||
4399 | ssl_debug_printf("ssl_decompress_record: unsupported compression method %d\n", decomp->compression); | ||||
4400 | return -1; | ||||
4401 | } | ||||
4402 | #endif | ||||
4403 | /* Record Decompression (after decryption) }}} */ | ||||
4404 | |||||
4405 | /* Create a new structure to store decrypted chunks. {{{ */ | ||||
4406 | static SslFlow* | ||||
4407 | ssl_create_flow(void) | ||||
4408 | { | ||||
4409 | SslFlow *flow; | ||||
4410 | |||||
4411 | flow = wmem_new(wmem_file_scope(), SslFlow)((SslFlow*)wmem_alloc((wmem_file_scope()), sizeof(SslFlow))); | ||||
4412 | flow->byte_seq = 0; | ||||
4413 | flow->flags = 0; | ||||
4414 | flow->multisegment_pdus = wmem_tree_new(wmem_file_scope()); | ||||
4415 | return flow; | ||||
4416 | } | ||||
4417 | /* }}} */ | ||||
4418 | |||||
4419 | /* Use the negotiated security parameters for decryption. {{{ */ | ||||
4420 | void | ||||
4421 | ssl_change_cipher(SslDecryptSession *ssl_session, bool_Bool server) | ||||
4422 | { | ||||
4423 | SslDecoder **new_decoder = server ? &ssl_session->server_new : &ssl_session->client_new; | ||||
4424 | SslDecoder **dest = server ? &ssl_session->server : &ssl_session->client; | ||||
4425 | ssl_debug_printf("ssl_change_cipher %s%s\n", server ? "SERVER" : "CLIENT", | ||||
4426 | *new_decoder ? "" : " (No decoder found - retransmission?)"); | ||||
4427 | if (*new_decoder) { | ||||
4428 | *dest = *new_decoder; | ||||
4429 | *new_decoder = NULL((void*)0); | ||||
4430 | } | ||||
4431 | } | ||||
4432 | /* }}} */ | ||||
4433 | |||||
4434 | /* Init cipher state given some security parameters. {{{ */ | ||||
4435 | static bool_Bool | ||||
4436 | ssl_decoder_destroy_cb(wmem_allocator_t *, wmem_cb_event_t, void *); | ||||
4437 | |||||
4438 | static SslDecoder* | ||||
4439 | ssl_create_decoder(const SslCipherSuite *cipher_suite, int cipher_algo, | ||||
4440 | int compression, uint8_t *mk, uint8_t *sk, uint8_t *sn_key, uint8_t *iv, unsigned iv_length) | ||||
4441 | { | ||||
4442 | SslDecoder *dec; | ||||
4443 | ssl_cipher_mode_t mode = cipher_suite->mode; | ||||
4444 | |||||
4445 | dec = wmem_new0(wmem_file_scope(), SslDecoder)((SslDecoder*)wmem_alloc0((wmem_file_scope()), sizeof(SslDecoder ))); | ||||
4446 | /* init mac buffer: mac storage is embedded into decoder struct to save a | ||||
4447 | memory allocation and waste samo more memory*/ | ||||
4448 | dec->cipher_suite=cipher_suite; | ||||
4449 | dec->compression = compression; | ||||
4450 | if ((mode == MODE_STREAM && mk != NULL((void*)0)) || mode == MODE_CBC) { | ||||
4451 | // AEAD ciphers use no MAC key, but stream and block ciphers do. Note | ||||
4452 | // the special case for NULL ciphers, even if there is insufficiency | ||||
4453 | // keying material (including MAC key), we will can still create | ||||
4454 | // decoders since "decryption" is easy for such ciphers. | ||||
4455 | dec->mac_key.data = dec->_mac_key_or_write_iv; | ||||
4456 | ssl_data_set(&dec->mac_key, mk, ssl_cipher_suite_dig(cipher_suite)->len); | ||||
4457 | } else if (mode == MODE_GCM || mode == MODE_CCM || mode == MODE_CCM_8 || mode == MODE_POLY1305) { | ||||
4458 | // Input for the nonce, to be used with AEAD ciphers. | ||||
4459 | DISSECTOR_ASSERT(iv_length <= sizeof(dec->_mac_key_or_write_iv))((void) ((iv_length <= sizeof(dec->_mac_key_or_write_iv )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 4459, "iv_length <= sizeof(dec->_mac_key_or_write_iv)" )))); | ||||
4460 | dec->write_iv.data = dec->_mac_key_or_write_iv; | ||||
4461 | ssl_data_set(&dec->write_iv, iv, iv_length); | ||||
4462 | } | ||||
4463 | dec->seq = 0; | ||||
4464 | dec->decomp = ssl_create_decompressor(compression); | ||||
4465 | wmem_register_callback(wmem_file_scope(), ssl_decoder_destroy_cb, dec); | ||||
4466 | |||||
4467 | if (ssl_cipher_init(&dec->evp,cipher_algo,sk,iv,cipher_suite->mode) < 0) { | ||||
4468 | ssl_debug_printf("%s: can't create cipher id:%d mode:%d\n", G_STRFUNC((const char*) (__func__)), | ||||
4469 | cipher_algo, cipher_suite->mode); | ||||
4470 | return NULL((void*)0); | ||||
4471 | } | ||||
4472 | |||||
4473 | if (cipher_suite->enc != ENC_NULL0x3D && sn_key != NULL((void*)0)) { | ||||
4474 | if (cipher_suite->enc == ENC_AES0x35 || cipher_suite->enc == ENC_AES2560x36) { | ||||
4475 | mode = MODE_ECB; | ||||
4476 | } else if (cipher_suite->enc == ENC_CHACHA200x3A) { | ||||
4477 | mode = MODE_STREAM; | ||||
4478 | } else { | ||||
4479 | ssl_debug_printf("not supported encryption algorithm for DTLSv1.3\n"); | ||||
4480 | return NULL((void*)0); | ||||
4481 | } | ||||
4482 | |||||
4483 | if (ssl_cipher_init(&dec->sn_evp, cipher_algo, sn_key, NULL((void*)0), mode) < 0) { | ||||
4484 | ssl_debug_printf("%s: can't create cipher id:%d mode:%d for seq number decryption\n", G_STRFUNC((const char*) (__func__)), | ||||
4485 | cipher_algo, MODE_ECB); | ||||
4486 | ssl_cipher_cleanup(&dec->evp); | ||||
4487 | dec->evp = NULL((void*)0); | ||||
4488 | return NULL((void*)0); | ||||
4489 | } | ||||
4490 | } else { | ||||
4491 | dec->sn_evp = NULL((void*)0); | ||||
4492 | } | ||||
4493 | |||||
4494 | dec->dtls13_aad.data = NULL((void*)0); | ||||
4495 | dec->dtls13_aad.data_len = 0; | ||||
4496 | ssl_debug_printf("decoder initialized (digest len %d)\n", ssl_cipher_suite_dig(cipher_suite)->len); | ||||
4497 | return dec; | ||||
4498 | } | ||||
4499 | |||||
4500 | static bool_Bool | ||||
4501 | ssl_decoder_destroy_cb(wmem_allocator_t *allocator _U___attribute__((unused)), wmem_cb_event_t event _U___attribute__((unused)), void *user_data) | ||||
4502 | { | ||||
4503 | SslDecoder *dec = (SslDecoder *) user_data; | ||||
4504 | |||||
4505 | if (dec->evp) | ||||
4506 | ssl_cipher_cleanup(&dec->evp); | ||||
4507 | if (dec->sn_evp) | ||||
4508 | ssl_cipher_cleanup(&dec->sn_evp); | ||||
4509 | |||||
4510 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) | ||||
4511 | if (dec->decomp != NULL((void*)0) && dec->decomp->compression == 1 /* DEFLATE */) | ||||
4512 | ZLIB_PREFIX(inflateEnd)inflateEnd(&dec->decomp->istream); | ||||
4513 | #endif | ||||
4514 | |||||
4515 | return false0; | ||||
4516 | } | ||||
4517 | /* }}} */ | ||||
4518 | |||||
4519 | /* (Pre-)master secrets calculations {{{ */ | ||||
4520 | #ifdef HAVE_LIBGNUTLS1 | ||||
4521 | static bool_Bool | ||||
4522 | ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session, | ||||
4523 | StringInfo *encrypted_pre_master, | ||||
4524 | GHashTable *key_hash); | ||||
4525 | #endif /* HAVE_LIBGNUTLS */ | ||||
4526 | |||||
4527 | static bool_Bool | ||||
4528 | ssl_restore_master_key(SslDecryptSession *ssl, const char *label, | ||||
4529 | bool_Bool is_pre_master, GHashTable *ht, StringInfo *key); | ||||
4530 | |||||
4531 | bool_Bool | ||||
4532 | ssl_generate_pre_master_secret(SslDecryptSession *ssl_session, | ||||
4533 | uint32_t length, tvbuff_t *tvb, uint32_t offset, | ||||
4534 | const char *ssl_psk, packet_info *pinfo, | ||||
4535 | #ifdef HAVE_LIBGNUTLS1 | ||||
4536 | GHashTable *key_hash, | ||||
4537 | #endif | ||||
4538 | const ssl_master_key_map_t *mk_map) | ||||
4539 | { | ||||
4540 | /* check for required session data */ | ||||
4541 | ssl_debug_printf("%s: found SSL_HND_CLIENT_KEY_EXCHG, state %X\n", | ||||
4542 | G_STRFUNC((const char*) (__func__)), ssl_session->state); | ||||
4543 | if ((ssl_session->state & (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))) != | ||||
4544 | (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))) { | ||||
4545 | ssl_debug_printf("%s: not enough data to generate key (required state %X)\n", G_STRFUNC((const char*) (__func__)), | ||||
4546 | (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))); | ||||
4547 | return false0; | ||||
4548 | } | ||||
4549 | |||||
4550 | if (ssl_session->session.version == TLSV1DOT3_VERSION0x304) { | ||||
4551 | ssl_debug_printf("%s: detected TLS 1.3 which has no pre-master secrets\n", G_STRFUNC((const char*) (__func__))); | ||||
4552 | return false0; | ||||
4553 | } | ||||
4554 | |||||
4555 | /* check to see if the PMS was provided to us*/ | ||||
4556 | if (ssl_restore_master_key(ssl_session, "Unencrypted pre-master secret", true1, | ||||
4557 | mk_map->pms, &ssl_session->client_random)) { | ||||
4558 | return true1; | ||||
4559 | } | ||||
4560 | |||||
4561 | if (ssl_session->cipher_suite->kex == KEX_PSK0x1d) | ||||
4562 | { | ||||
4563 | /* calculate pre master secret*/ | ||||
4564 | StringInfo pre_master_secret; | ||||
4565 | unsigned psk_len, pre_master_len; | ||||
4566 | |||||
4567 | if (!ssl_psk || (ssl_psk[0] == 0)) { | ||||
4568 | ssl_debug_printf("%s: can't find pre-shared key\n", G_STRFUNC((const char*) (__func__))); | ||||
4569 | return false0; | ||||
4570 | } | ||||
4571 | |||||
4572 | /* convert hex string into char*/ | ||||
4573 | if (!from_hex(&ssl_session->psk, ssl_psk, strlen(ssl_psk))) { | ||||
4574 | ssl_debug_printf("%s: ssl.psk/dtls.psk contains invalid hex\n", | ||||
4575 | G_STRFUNC((const char*) (__func__))); | ||||
4576 | return false0; | ||||
4577 | } | ||||
4578 | |||||
4579 | psk_len = ssl_session->psk.data_len; | ||||
4580 | if (psk_len >= (2 << 15)) { | ||||
4581 | ssl_debug_printf("%s: ssl.psk/dtls.psk must not be larger than 2^15 - 1\n", | ||||
4582 | G_STRFUNC((const char*) (__func__))); | ||||
4583 | return false0; | ||||
4584 | } | ||||
4585 | |||||
4586 | |||||
4587 | pre_master_len = psk_len * 2 + 4; | ||||
4588 | |||||
4589 | pre_master_secret.data = (unsigned char *)wmem_alloc(wmem_file_scope(), pre_master_len); | ||||
4590 | pre_master_secret.data_len = pre_master_len; | ||||
4591 | /* 2 bytes psk_len*/ | ||||
4592 | pre_master_secret.data[0] = psk_len >> 8; | ||||
4593 | pre_master_secret.data[1] = psk_len & 0xFF; | ||||
4594 | /* psk_len bytes times 0*/ | ||||
4595 | memset(&pre_master_secret.data[2], 0, psk_len); | ||||
4596 | /* 2 bytes psk_len*/ | ||||
4597 | pre_master_secret.data[psk_len + 2] = psk_len >> 8; | ||||
4598 | pre_master_secret.data[psk_len + 3] = psk_len & 0xFF; | ||||
4599 | /* psk*/ | ||||
4600 | memcpy(&pre_master_secret.data[psk_len + 4], ssl_session->psk.data, psk_len); | ||||
4601 | |||||
4602 | ssl_session->pre_master_secret.data = pre_master_secret.data; | ||||
4603 | ssl_session->pre_master_secret.data_len = pre_master_len; | ||||
4604 | /*ssl_debug_printf("pre master secret",&ssl->pre_master_secret);*/ | ||||
4605 | |||||
4606 | /* Remove the master secret if it was there. | ||||
4607 | This forces keying material regeneration in | ||||
4608 | case we're renegotiating */ | ||||
4609 | ssl_session->state &= ~(SSL_MASTER_SECRET(1<<5)|SSL_HAVE_SESSION_KEY(1<<3)); | ||||
4610 | ssl_session->state |= SSL_PRE_MASTER_SECRET(1<<6); | ||||
4611 | return true1; | ||||
4612 | } | ||||
4613 | else | ||||
4614 | { | ||||
4615 | unsigned encrlen, skip; | ||||
4616 | encrlen = length; | ||||
4617 | skip = 0; | ||||
4618 | |||||
4619 | /* get encrypted data, on tls1 we have to skip two bytes | ||||
4620 | * (it's the encrypted len and should be equal to record len - 2) | ||||
4621 | * in case of rsa1024 that would be 128 + 2 = 130; for psk not necessary | ||||
4622 | */ | ||||
4623 | if (ssl_session->cipher_suite->kex == KEX_RSA0x1e && | ||||
4624 | (ssl_session->session.version == TLSV1_VERSION0x301 || | ||||
4625 | ssl_session->session.version == TLSV1DOT1_VERSION0x302 || | ||||
4626 | ssl_session->session.version == TLSV1DOT2_VERSION0x303 || | ||||
4627 | ssl_session->session.version == DTLSV1DOT0_VERSION0xfeff || | ||||
4628 | ssl_session->session.version == DTLSV1DOT2_VERSION0xfefd || | ||||
4629 | ssl_session->session.version == TLCPV1_VERSION0x101 )) | ||||
4630 | { | ||||
4631 | encrlen = tvb_get_ntohs(tvb, offset); | ||||
4632 | skip = 2; | ||||
4633 | if (encrlen > length - 2) | ||||
4634 | { | ||||
4635 | ssl_debug_printf("%s: wrong encrypted length (%d max %d)\n", | ||||
4636 | G_STRFUNC((const char*) (__func__)), encrlen, length); | ||||
4637 | return false0; | ||||
4638 | } | ||||
4639 | } | ||||
4640 | /* the valid lower bound is higher than 8, but it is sufficient for the | ||||
4641 | * ssl keylog file below */ | ||||
4642 | if (encrlen < 8) { | ||||
4643 | ssl_debug_printf("%s: invalid encrypted pre-master key length %d\n", | ||||
4644 | G_STRFUNC((const char*) (__func__)), encrlen); | ||||
4645 | return false0; | ||||
4646 | } | ||||
4647 | |||||
4648 | StringInfo encrypted_pre_master = { | ||||
4649 | .data = (unsigned char *)tvb_memdup(pinfo->pool, tvb, offset + skip, encrlen), | ||||
4650 | .data_len = encrlen, | ||||
4651 | }; | ||||
4652 | |||||
4653 | #ifdef HAVE_LIBGNUTLS1 | ||||
4654 | /* Try to lookup an appropriate RSA private key to decrypt the Encrypted Pre-Master Secret. */ | ||||
4655 | if (ssl_session->cert_key_id) { | ||||
4656 | if (ssl_decrypt_pre_master_secret(ssl_session, &encrypted_pre_master, key_hash)) | ||||
4657 | return true1; | ||||
4658 | |||||
4659 | ssl_debug_printf("%s: can't decrypt pre-master secret\n", | ||||
4660 | G_STRFUNC((const char*) (__func__))); | ||||
4661 | } | ||||
4662 | #endif /* HAVE_LIBGNUTLS */ | ||||
4663 | |||||
4664 | /* try to find the pre-master secret from the encrypted one. The | ||||
4665 | * ssl key logfile stores only the first 8 bytes, so truncate it */ | ||||
4666 | encrypted_pre_master.data_len = 8; | ||||
4667 | if (ssl_restore_master_key(ssl_session, "Encrypted pre-master secret", | ||||
4668 | true1, mk_map->pre_master, &encrypted_pre_master)) | ||||
4669 | return true1; | ||||
4670 | } | ||||
4671 | return false0; | ||||
4672 | } | ||||
4673 | |||||
4674 | /* Used for (D)TLS 1.2 and earlier versions (not with TLS 1.3). */ | ||||
4675 | int | ||||
4676 | ssl_generate_keyring_material(SslDecryptSession*ssl_session) | ||||
4677 | { | ||||
4678 | StringInfo key_block = { NULL((void*)0), 0 }; | ||||
4679 | uint8_t _iv_c[MAX_BLOCK_SIZE16],_iv_s[MAX_BLOCK_SIZE16]; | ||||
4680 | uint8_t _key_c[MAX_KEY_SIZE32],_key_s[MAX_KEY_SIZE32]; | ||||
4681 | int needed; | ||||
4682 | int cipher_algo = -1; /* special value (-1) for NULL encryption */ | ||||
4683 | unsigned encr_key_len, write_iv_len = 0; | ||||
4684 | bool_Bool is_export_cipher; | ||||
4685 | uint8_t *ptr, *c_iv = NULL((void*)0), *s_iv = NULL((void*)0); | ||||
4686 | uint8_t *c_wk = NULL((void*)0), *s_wk = NULL((void*)0), *c_mk = NULL((void*)0), *s_mk = NULL((void*)0); | ||||
4687 | const SslCipherSuite *cipher_suite = ssl_session->cipher_suite; | ||||
4688 | |||||
4689 | /* (D)TLS 1.3 is handled directly in tls13_change_key. */ | ||||
4690 | if (ssl_session->session.version == TLSV1DOT3_VERSION0x304 || ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { | ||||
4691 | ssl_debug_printf("%s: detected TLS 1.3. Should not have been called!\n", G_STRFUNC((const char*) (__func__))); | ||||
4692 | return -1; | ||||
4693 | } | ||||
4694 | |||||
4695 | /* check for enough info to proceed */ | ||||
4696 | unsigned need_all = SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4); | ||||
4697 | unsigned need_any = SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6); | ||||
4698 | if (((ssl_session->state & need_all) != need_all) || ((ssl_session->state & need_any) == 0)) { | ||||
4699 | ssl_debug_printf("ssl_generate_keyring_material not enough data to generate key " | ||||
4700 | "(0x%02X required 0x%02X or 0x%02X)\n", ssl_session->state, | ||||
4701 | need_all|SSL_MASTER_SECRET(1<<5), need_all|SSL_PRE_MASTER_SECRET(1<<6)); | ||||
4702 | /* Special case: for NULL encryption, allow dissection of data even if | ||||
4703 | * the Client Hello is missing (MAC keys are now skipped though). */ | ||||
4704 | need_all = SSL_CIPHER(1<<2)|SSL_VERSION(1<<4); | ||||
4705 | if ((ssl_session->state & need_all) == need_all && | ||||
4706 | cipher_suite->enc == ENC_NULL0x3D) { | ||||
4707 | ssl_debug_printf("%s NULL cipher found, will create a decoder but " | ||||
4708 | "skip MAC validation as keys are missing.\n", G_STRFUNC((const char*) (__func__))); | ||||
4709 | goto create_decoders; | ||||
4710 | } | ||||
4711 | |||||
4712 | return -1; | ||||
4713 | } | ||||
4714 | |||||
4715 | /* if master key is not available, generate is from the pre-master secret */ | ||||
4716 | if (!(ssl_session->state & SSL_MASTER_SECRET(1<<5))) { | ||||
4717 | if ((ssl_session->state & SSL_EXTENDED_MASTER_SECRET_MASK((1<<7)|(1<<8))) == SSL_EXTENDED_MASTER_SECRET_MASK((1<<7)|(1<<8))) { | ||||
4718 | StringInfo handshake_hashed_data; | ||||
4719 | int ret; | ||||
4720 | |||||
4721 | handshake_hashed_data.data = NULL((void*)0); | ||||
4722 | handshake_hashed_data.data_len = 0; | ||||
4723 | |||||
4724 | ssl_debug_printf("%s:PRF(pre_master_secret_extended)\n", G_STRFUNC((const char*) (__func__))); | ||||
4725 | ssl_print_string("pre master secret",&ssl_session->pre_master_secret); | ||||
4726 | DISSECTOR_ASSERT(ssl_session->handshake_data.data_len > 0)((void) ((ssl_session->handshake_data.data_len > 0) ? ( void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 4726, "ssl_session->handshake_data.data_len > 0" )))); | ||||
4727 | |||||
4728 | switch(ssl_session->session.version) { | ||||
4729 | case TLSV1_VERSION0x301: | ||||
4730 | case TLSV1DOT1_VERSION0x302: | ||||
4731 | case DTLSV1DOT0_VERSION0xfeff: | ||||
4732 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | ||||
4733 | case TLCPV1_VERSION0x101: | ||||
4734 | ret = tls_handshake_hash(ssl_session, &handshake_hashed_data); | ||||
4735 | break; | ||||
4736 | default: | ||||
4737 | switch (cipher_suite->dig) { | ||||
4738 | case DIG_SHA3840x43: | ||||
4739 | ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA384, &handshake_hashed_data); | ||||
4740 | break; | ||||
4741 | default: | ||||
4742 | ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA256, &handshake_hashed_data); | ||||
4743 | break; | ||||
4744 | } | ||||
4745 | break; | ||||
4746 | } | ||||
4747 | if (ret) { | ||||
4748 | ssl_debug_printf("%s can't generate handshake hash\n", G_STRFUNC((const char*) (__func__))); | ||||
4749 | return -1; | ||||
4750 | } | ||||
4751 | |||||
4752 | wmem_free(wmem_file_scope(), ssl_session->handshake_data.data); | ||||
4753 | ssl_session->handshake_data.data = NULL((void*)0); | ||||
4754 | ssl_session->handshake_data.data_len = 0; | ||||
4755 | |||||
4756 | if (!prf(ssl_session, &ssl_session->pre_master_secret, "extended master secret", | ||||
4757 | &handshake_hashed_data, | ||||
4758 | NULL((void*)0), &ssl_session->master_secret, | ||||
4759 | SSL_MASTER_SECRET_LENGTH48)) { | ||||
4760 | ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC((const char*) (__func__))); | ||||
4761 | g_free(handshake_hashed_data.data); | ||||
4762 | return -1; | ||||
4763 | } | ||||
4764 | g_free(handshake_hashed_data.data); | ||||
4765 | } else { | ||||
4766 | ssl_debug_printf("%s:PRF(pre_master_secret)\n", G_STRFUNC((const char*) (__func__))); | ||||
4767 | ssl_print_string("pre master secret",&ssl_session->pre_master_secret); | ||||
4768 | ssl_print_string("client random",&ssl_session->client_random); | ||||
4769 | ssl_print_string("server random",&ssl_session->server_random); | ||||
4770 | if (!prf(ssl_session, &ssl_session->pre_master_secret, "master secret", | ||||
4771 | &ssl_session->client_random, | ||||
4772 | &ssl_session->server_random, &ssl_session->master_secret, | ||||
4773 | SSL_MASTER_SECRET_LENGTH48)) { | ||||
4774 | ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC((const char*) (__func__))); | ||||
4775 | return -1; | ||||
4776 | } | ||||
4777 | } | ||||
4778 | ssl_print_string("master secret",&ssl_session->master_secret); | ||||
4779 | |||||
4780 | /* the pre-master secret has been 'consumed' so we must clear it now */ | ||||
4781 | ssl_session->state &= ~SSL_PRE_MASTER_SECRET(1<<6); | ||||
4782 | ssl_session->state |= SSL_MASTER_SECRET(1<<5); | ||||
4783 | } | ||||
4784 | |||||
4785 | /* Find the Libgcrypt cipher algorithm for the given SSL cipher suite ID */ | ||||
4786 | if (cipher_suite->enc != ENC_NULL0x3D) { | ||||
4787 | const char *cipher_name = ciphers[cipher_suite->enc-ENC_START0x30]; | ||||
4788 | ssl_debug_printf("%s CIPHER: %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | ||||
4789 | cipher_algo = ssl_get_cipher_by_name(cipher_name); | ||||
4790 | if (cipher_algo == 0) { | ||||
4791 | ssl_debug_printf("%s can't find cipher %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | ||||
4792 | return -1; | ||||
4793 | } | ||||
4794 | } | ||||
4795 | |||||
4796 | /* Export ciphers consume less material from the key block. */ | ||||
4797 | encr_key_len = ssl_get_cipher_export_keymat_size(cipher_suite->number); | ||||
4798 | is_export_cipher = encr_key_len > 0; | ||||
4799 | if (!is_export_cipher && cipher_suite->enc != ENC_NULL0x3D) { | ||||
4800 | encr_key_len = (unsigned)gcry_cipher_get_algo_keylen(cipher_algo); | ||||
4801 | } | ||||
4802 | |||||
4803 | if (cipher_suite->mode == MODE_CBC) { | ||||
4804 | write_iv_len = (unsigned)gcry_cipher_get_algo_blklen(cipher_algo); | ||||
4805 | } else if (cipher_suite->mode == MODE_GCM || cipher_suite->mode == MODE_CCM || cipher_suite->mode == MODE_CCM_8) { | ||||
4806 | /* account for a four-byte salt for client and server side (from | ||||
4807 | * client_write_IV and server_write_IV), see GCMNonce (RFC 5288) */ | ||||
4808 | write_iv_len = 4; | ||||
4809 | } else if (cipher_suite->mode == MODE_POLY1305) { | ||||
4810 | /* RFC 7905: SecurityParameters.fixed_iv_length is twelve bytes */ | ||||
4811 | write_iv_len = 12; | ||||
4812 | } | ||||
4813 | |||||
4814 | /* Compute the key block. First figure out how much data we need */ | ||||
4815 | needed = ssl_cipher_suite_dig(cipher_suite)->len*2; /* MAC key */ | ||||
4816 | needed += 2 * encr_key_len; /* encryption key */ | ||||
4817 | needed += 2 * write_iv_len; /* write IV */ | ||||
4818 | |||||
4819 | key_block.data = (unsigned char *)g_malloc(needed); | ||||
4820 | ssl_debug_printf("%s sess key generation\n", G_STRFUNC((const char*) (__func__))); | ||||
4821 | if (!prf(ssl_session, &ssl_session->master_secret, "key expansion", | ||||
4822 | &ssl_session->server_random,&ssl_session->client_random, | ||||
4823 | &key_block, needed)) { | ||||
4824 | ssl_debug_printf("%s can't generate key_block\n", G_STRFUNC((const char*) (__func__))); | ||||
4825 | goto fail; | ||||
4826 | } | ||||
4827 | ssl_print_string("key expansion", &key_block); | ||||
4828 | |||||
4829 | ptr=key_block.data; | ||||
4830 | /* client/server write MAC key (for non-AEAD ciphers) */ | ||||
4831 | if (cipher_suite->mode == MODE_STREAM || cipher_suite->mode == MODE_CBC) { | ||||
4832 | c_mk=ptr; ptr+=ssl_cipher_suite_dig(cipher_suite)->len; | ||||
4833 | s_mk=ptr; ptr+=ssl_cipher_suite_dig(cipher_suite)->len; | ||||
4834 | } | ||||
4835 | /* client/server write encryption key */ | ||||
4836 | c_wk=ptr; ptr += encr_key_len; | ||||
4837 | s_wk=ptr; ptr += encr_key_len; | ||||
4838 | /* client/server write IV (used as IV (for CBC) or salt (for AEAD)) */ | ||||
4839 | if (write_iv_len > 0) { | ||||
4840 | c_iv=ptr; ptr += write_iv_len; | ||||
4841 | s_iv=ptr; /* ptr += write_iv_len; */ | ||||
4842 | } | ||||
4843 | |||||
4844 | /* export ciphers work with a smaller key length */ | ||||
4845 | if (is_export_cipher) { | ||||
4846 | if (cipher_suite->mode == MODE_CBC) { | ||||
4847 | |||||
4848 | /* We only have room for MAX_BLOCK_SIZE bytes IVs, but that's | ||||
4849 | all we should need. This is a sanity check */ | ||||
4850 | if (write_iv_len > MAX_BLOCK_SIZE16) { | ||||
4851 | ssl_debug_printf("%s cipher suite block must be at most %d nut is %d\n", | ||||
4852 | G_STRFUNC((const char*) (__func__)), MAX_BLOCK_SIZE16, write_iv_len); | ||||
4853 | goto fail; | ||||
4854 | } | ||||
4855 | |||||
4856 | if(ssl_session->session.version==SSLV3_VERSION0x300){ | ||||
4857 | /* The length of these fields are ignored by this caller */ | ||||
4858 | StringInfo iv_c, iv_s; | ||||
4859 | iv_c.data = _iv_c; | ||||
4860 | iv_s.data = _iv_s; | ||||
4861 | |||||
4862 | ssl_debug_printf("%s ssl3_generate_export_iv\n", G_STRFUNC((const char*) (__func__))); | ||||
4863 | if (!ssl3_generate_export_iv(&ssl_session->client_random, | ||||
4864 | &ssl_session->server_random, &iv_c, write_iv_len)) { | ||||
4865 | goto fail; | ||||
4866 | } | ||||
4867 | ssl_debug_printf("%s ssl3_generate_export_iv(2)\n", G_STRFUNC((const char*) (__func__))); | ||||
4868 | if (!ssl3_generate_export_iv(&ssl_session->server_random, | ||||
4869 | &ssl_session->client_random, &iv_s, write_iv_len)) { | ||||
4870 | goto fail; | ||||
4871 | } | ||||
4872 | } | ||||
4873 | else{ | ||||
4874 | uint8_t _iv_block[MAX_BLOCK_SIZE16 * 2]; | ||||
4875 | StringInfo iv_block; | ||||
4876 | StringInfo key_null; | ||||
4877 | uint8_t _key_null; | ||||
4878 | |||||
4879 | key_null.data = &_key_null; | ||||
4880 | key_null.data_len = 0; | ||||
4881 | |||||
4882 | iv_block.data = _iv_block; | ||||
4883 | |||||
4884 | ssl_debug_printf("%s prf(iv_block)\n", G_STRFUNC((const char*) (__func__))); | ||||
4885 | if (!prf(ssl_session, &key_null, "IV block", | ||||
4886 | &ssl_session->client_random, | ||||
4887 | &ssl_session->server_random, &iv_block, | ||||
4888 | write_iv_len * 2)) { | ||||
4889 | ssl_debug_printf("%s can't generate tls31 iv block\n", G_STRFUNC((const char*) (__func__))); | ||||
4890 | goto fail; | ||||
4891 | } | ||||
4892 | |||||
4893 | memcpy(_iv_c, iv_block.data, write_iv_len); | ||||
4894 | memcpy(_iv_s, iv_block.data + write_iv_len, write_iv_len); | ||||
4895 | } | ||||
4896 | |||||
4897 | c_iv=_iv_c; | ||||
4898 | s_iv=_iv_s; | ||||
4899 | } | ||||
4900 | |||||
4901 | if (ssl_session->session.version==SSLV3_VERSION0x300){ | ||||
4902 | |||||
4903 | SSL_MD5_CTXgcry_md_hd_t md5; | ||||
4904 | ssl_debug_printf("%s MD5(client_random)\n", G_STRFUNC((const char*) (__func__))); | ||||
4905 | |||||
4906 | if (ssl_md5_init(&md5) != 0) | ||||
4907 | goto fail; | ||||
4908 | ssl_md5_update(&md5,c_wk,encr_key_len); | ||||
4909 | ssl_md5_update(&md5,ssl_session->client_random.data, | ||||
4910 | ssl_session->client_random.data_len); | ||||
4911 | ssl_md5_update(&md5,ssl_session->server_random.data, | ||||
4912 | ssl_session->server_random.data_len); | ||||
4913 | ssl_md5_final(_key_c,&md5); | ||||
4914 | ssl_md5_cleanup(&md5); | ||||
4915 | c_wk=_key_c; | ||||
4916 | |||||
4917 | if (ssl_md5_init(&md5) != 0) | ||||
4918 | goto fail; | ||||
4919 | ssl_debug_printf("%s MD5(server_random)\n", G_STRFUNC((const char*) (__func__))); | ||||
4920 | ssl_md5_update(&md5,s_wk,encr_key_len); | ||||
4921 | ssl_md5_update(&md5,ssl_session->server_random.data, | ||||
4922 | ssl_session->server_random.data_len); | ||||
4923 | ssl_md5_update(&md5,ssl_session->client_random.data, | ||||
4924 | ssl_session->client_random.data_len); | ||||
4925 | ssl_md5_final(_key_s,&md5); | ||||
4926 | ssl_md5_cleanup(&md5); | ||||
4927 | s_wk=_key_s; | ||||
4928 | } | ||||
4929 | else{ | ||||
4930 | StringInfo key_c, key_s, k; | ||||
4931 | key_c.data = _key_c; | ||||
4932 | key_s.data = _key_s; | ||||
4933 | |||||
4934 | k.data = c_wk; | ||||
4935 | k.data_len = encr_key_len; | ||||
4936 | ssl_debug_printf("%s PRF(key_c)\n", G_STRFUNC((const char*) (__func__))); | ||||
4937 | if (!prf(ssl_session, &k, "client write key", | ||||
4938 | &ssl_session->client_random, | ||||
4939 | &ssl_session->server_random, &key_c, sizeof(_key_c))) { | ||||
4940 | ssl_debug_printf("%s can't generate tll31 server key \n", G_STRFUNC((const char*) (__func__))); | ||||
4941 | goto fail; | ||||
4942 | } | ||||
4943 | c_wk=_key_c; | ||||
4944 | |||||
4945 | k.data = s_wk; | ||||
4946 | k.data_len = encr_key_len; | ||||
4947 | ssl_debug_printf("%s PRF(key_s)\n", G_STRFUNC((const char*) (__func__))); | ||||
4948 | if (!prf(ssl_session, &k, "server write key", | ||||
4949 | &ssl_session->client_random, | ||||
4950 | &ssl_session->server_random, &key_s, sizeof(_key_s))) { | ||||
4951 | ssl_debug_printf("%s can't generate tll31 client key \n", G_STRFUNC((const char*) (__func__))); | ||||
4952 | goto fail; | ||||
4953 | } | ||||
4954 | s_wk=_key_s; | ||||
4955 | } | ||||
4956 | } | ||||
4957 | |||||
4958 | /* show key material info */ | ||||
4959 | if (c_mk != NULL((void*)0)) { | ||||
4960 | ssl_print_data("Client MAC key",c_mk,ssl_cipher_suite_dig(cipher_suite)->len); | ||||
4961 | ssl_print_data("Server MAC key",s_mk,ssl_cipher_suite_dig(cipher_suite)->len); | ||||
4962 | } | ||||
4963 | ssl_print_data("Client Write key", c_wk, encr_key_len); | ||||
4964 | ssl_print_data("Server Write key", s_wk, encr_key_len); | ||||
4965 | /* used as IV for CBC mode and the AEAD implicit nonce (salt) */ | ||||
4966 | if (write_iv_len > 0) { | ||||
4967 | ssl_print_data("Client Write IV", c_iv, write_iv_len); | ||||
4968 | ssl_print_data("Server Write IV", s_iv, write_iv_len); | ||||
4969 | } | ||||
4970 | |||||
4971 | create_decoders: | ||||
4972 | /* create both client and server ciphers*/ | ||||
4973 | ssl_debug_printf("%s ssl_create_decoder(client)\n", G_STRFUNC((const char*) (__func__))); | ||||
4974 | ssl_session->client_new = ssl_create_decoder(cipher_suite, cipher_algo, ssl_session->session.compression, c_mk, c_wk, NULL((void*)0), c_iv, write_iv_len); | ||||
4975 | if (!ssl_session->client_new) { | ||||
4976 | ssl_debug_printf("%s can't init client decoder\n", G_STRFUNC((const char*) (__func__))); | ||||
4977 | goto fail; | ||||
4978 | } | ||||
4979 | ssl_debug_printf("%s ssl_create_decoder(server)\n", G_STRFUNC((const char*) (__func__))); | ||||
4980 | ssl_session->server_new = ssl_create_decoder(cipher_suite, cipher_algo, ssl_session->session.compression, s_mk, s_wk, NULL((void*)0), s_iv, write_iv_len); | ||||
4981 | if (!ssl_session->server_new) { | ||||
4982 | ssl_debug_printf("%s can't init server decoder\n", G_STRFUNC((const char*) (__func__))); | ||||
4983 | goto fail; | ||||
4984 | } | ||||
4985 | |||||
4986 | /* Continue the SSL stream after renegotiation with new keys. */ | ||||
4987 | ssl_session->client_new->flow = ssl_session->client ? ssl_session->client->flow : ssl_create_flow(); | ||||
4988 | ssl_session->server_new->flow = ssl_session->server ? ssl_session->server->flow : ssl_create_flow(); | ||||
4989 | |||||
4990 | ssl_debug_printf("%s: client seq %" PRIu64"l" "u" ", server seq %" PRIu64"l" "u" "\n", | ||||
4991 | G_STRFUNC((const char*) (__func__)), ssl_session->client_new->seq, ssl_session->server_new->seq); | ||||
4992 | g_free(key_block.data); | ||||
4993 | ssl_session->state |= SSL_HAVE_SESSION_KEY(1<<3); | ||||
4994 | return 0; | ||||
4995 | |||||
4996 | fail: | ||||
4997 | g_free(key_block.data); | ||||
4998 | return -1; | ||||
4999 | } | ||||
5000 | |||||
5001 | /* Generated the key material based on the given secret. */ | ||||
5002 | bool_Bool | ||||
5003 | tls13_generate_keys(SslDecryptSession *ssl_session, const StringInfo *secret, bool_Bool is_from_server) | ||||
5004 | { | ||||
5005 | bool_Bool success = false0; | ||||
5006 | unsigned char *write_key = NULL((void*)0), *write_iv = NULL((void*)0); | ||||
5007 | unsigned char *sn_key = NULL((void*)0); | ||||
5008 | SslDecoder *decoder; | ||||
5009 | unsigned key_length, iv_length; | ||||
5010 | int hash_algo; | ||||
5011 | const SslCipherSuite *cipher_suite = ssl_session->cipher_suite; | ||||
5012 | int cipher_algo; | ||||
5013 | |||||
5014 | if ((ssl_session->session.version != TLSV1DOT3_VERSION0x304) && (ssl_session->session.version != DTLSV1DOT3_VERSION0xfefc)) { | ||||
5015 | ssl_debug_printf("%s only usable for TLS 1.3, not %#x!\n", G_STRFUNC((const char*) (__func__)), | ||||
5016 | ssl_session->session.version); | ||||
5017 | return false0; | ||||
5018 | } | ||||
5019 | |||||
5020 | if (cipher_suite == NULL((void*)0)) { | ||||
5021 | ssl_debug_printf("%s Unknown cipher\n", G_STRFUNC((const char*) (__func__))); | ||||
5022 | return false0; | ||||
5023 | } | ||||
5024 | |||||
5025 | if (cipher_suite->kex != KEX_TLS130x23) { | ||||
5026 | ssl_debug_printf("%s Invalid cipher suite 0x%04x spotted!\n", G_STRFUNC((const char*) (__func__)), cipher_suite->number); | ||||
5027 | return false0; | ||||
5028 | } | ||||
5029 | |||||
5030 | /* Find the Libgcrypt cipher algorithm for the given SSL cipher suite ID */ | ||||
5031 | const char *cipher_name = ciphers[cipher_suite->enc-ENC_START0x30]; | ||||
5032 | ssl_debug_printf("%s CIPHER: %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | ||||
5033 | cipher_algo = ssl_get_cipher_by_name(cipher_name); | ||||
5034 | if (cipher_algo == 0) { | ||||
5035 | ssl_debug_printf("%s can't find cipher %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); | ||||
5036 | return false0; | ||||
5037 | } | ||||
5038 | |||||
5039 | const char *hash_name = ssl_cipher_suite_dig(cipher_suite)->name; | ||||
5040 | hash_algo = ssl_get_digest_by_name(hash_name); | ||||
5041 | if (!hash_algo) { | ||||
5042 | ssl_debug_printf("%s can't find hash function %s\n", G_STRFUNC((const char*) (__func__)), hash_name); | ||||
5043 | return false0; | ||||
5044 | } | ||||
5045 | |||||
5046 | key_length = (unsigned) gcry_cipher_get_algo_keylen(cipher_algo); | ||||
5047 | /* AES-GCM/AES-CCM/Poly1305-ChaCha20 all have N_MIN=N_MAX = 12. */ | ||||
5048 | iv_length = 12; | ||||
5049 | ssl_debug_printf("%s key_length %u iv_length %u\n", G_STRFUNC((const char*) (__func__)), key_length, iv_length); | ||||
5050 | |||||
5051 | const char *label_prefix = tls13_hkdf_label_prefix(ssl_session); | ||||
5052 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "key", key_length, &write_key)) { | ||||
5053 | ssl_debug_printf("%s write_key expansion failed\n", G_STRFUNC((const char*) (__func__))); | ||||
5054 | return false0; | ||||
5055 | } | ||||
5056 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "iv", iv_length, &write_iv)) { | ||||
5057 | ssl_debug_printf("%s write_iv expansion failed\n", G_STRFUNC((const char*) (__func__))); | ||||
5058 | goto end; | ||||
5059 | } | ||||
5060 | |||||
5061 | if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { | ||||
5062 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "sn", key_length, &sn_key)) { | ||||
5063 | ssl_debug_printf("%s sn_key expansion failed\n", G_STRFUNC((const char*) (__func__))); | ||||
5064 | goto end; | ||||
5065 | } | ||||
5066 | } | ||||
5067 | |||||
5068 | ssl_print_data(is_from_server ? "Server Write Key" : "Client Write Key", write_key, key_length); | ||||
5069 | ssl_print_data(is_from_server ? "Server Write IV" : "Client Write IV", write_iv, iv_length); | ||||
5070 | if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { | ||||
5071 | ssl_print_data(is_from_server ? "Server Write SN" : "Client Write SN", sn_key, key_length); | ||||
5072 | } | ||||
5073 | |||||
5074 | ssl_debug_printf("%s ssl_create_decoder(%s)\n", G_STRFUNC((const char*) (__func__)), is_from_server ? "server" : "client"); | ||||
5075 | decoder = ssl_create_decoder(cipher_suite, cipher_algo, 0, NULL((void*)0), write_key, sn_key, write_iv, iv_length); | ||||
5076 | if (!decoder) { | ||||
5077 | ssl_debug_printf("%s can't init %s decoder\n", G_STRFUNC((const char*) (__func__)), is_from_server ? "server" : "client"); | ||||
5078 | goto end; | ||||
5079 | } | ||||
5080 | |||||
5081 | /* Continue the TLS session with new keys, but reuse old flow to keep things | ||||
5082 | * like "Follow TLS" working (by linking application data records). */ | ||||
5083 | if (is_from_server) { | ||||
5084 | decoder->flow = ssl_session->server ? ssl_session->server->flow : ssl_create_flow(); | ||||
5085 | ssl_session->server = decoder; | ||||
5086 | } else { | ||||
5087 | decoder->flow = ssl_session->client ? ssl_session->client->flow : ssl_create_flow(); | ||||
5088 | ssl_session->client = decoder; | ||||
5089 | } | ||||
5090 | ssl_debug_printf("%s %s ready using cipher suite 0x%04x (cipher %s hash %s)\n", G_STRFUNC((const char*) (__func__)), | ||||
5091 | is_from_server ? "Server" : "Client", cipher_suite->number, cipher_name, hash_name); | ||||
5092 | success = true1; | ||||
5093 | |||||
5094 | end: | ||||
5095 | wmem_free(NULL((void*)0), write_key); | ||||
5096 | wmem_free(NULL((void*)0), write_iv); | ||||
5097 | if (sn_key) | ||||
5098 | wmem_free(NULL((void*)0), sn_key); | ||||
5099 | return success; | ||||
5100 | } | ||||
5101 | /* (Pre-)master secrets calculations }}} */ | ||||
5102 | |||||
5103 | #ifdef HAVE_LIBGNUTLS1 | ||||
5104 | /* Decrypt RSA pre-master secret using RSA private key. {{{ */ | ||||
5105 | static bool_Bool | ||||
5106 | ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session, | ||||
5107 | StringInfo *encrypted_pre_master, GHashTable *key_hash) | ||||
5108 | { | ||||
5109 | int ret; | ||||
5110 | |||||
5111 | if (!encrypted_pre_master) | ||||
5112 | return false0; | ||||
5113 | |||||
5114 | if (KEX_IS_DH(ssl_session->cipher_suite->kex)((ssl_session->cipher_suite->kex) >= 0x10 && (ssl_session->cipher_suite->kex) <= 0x1b)) { | ||||
5115 | ssl_debug_printf("%s: session uses Diffie-Hellman key exchange " | ||||
5116 | "(cipher suite 0x%04X %s) and cannot be decrypted " | ||||
5117 | "using a RSA private key file.\n", | ||||
5118 | G_STRFUNC((const char*) (__func__)), ssl_session->session.cipher, | ||||
5119 | val_to_str_ext_const(ssl_session->session.cipher, | ||||
5120 | &ssl_31_ciphersuite_ext, "unknown")); | ||||
5121 | return false0; | ||||
5122 | } else if (ssl_session->cipher_suite->kex != KEX_RSA0x1e) { | ||||
5123 | ssl_debug_printf("%s key exchange %d different from KEX_RSA (%d)\n", | ||||
5124 | G_STRFUNC((const char*) (__func__)), ssl_session->cipher_suite->kex, KEX_RSA0x1e); | ||||
5125 | return false0; | ||||
5126 | } | ||||
5127 | |||||
5128 | gnutls_privkey_t pk = (gnutls_privkey_t)g_hash_table_lookup(key_hash, ssl_session->cert_key_id); | ||||
5129 | |||||
5130 | ssl_print_string("pre master encrypted", encrypted_pre_master); | ||||
5131 | ssl_debug_printf("%s: RSA_private_decrypt\n", G_STRFUNC((const char*) (__func__))); | ||||
5132 | const gnutls_datum_t epms = { encrypted_pre_master->data, encrypted_pre_master->data_len }; | ||||
5133 | gnutls_datum_t pms = { 0 }; | ||||
5134 | if (pk) { | ||||
5135 | // Try to decrypt using the RSA keys table from (D)TLS preferences. | ||||
5136 | ret = gnutls_privkey_decrypt_data(pk, 0, &epms, &pms); | ||||
5137 | } else { | ||||
5138 | // Try to decrypt using a hardware token. | ||||
5139 | ret = secrets_rsa_decrypt(ssl_session->cert_key_id, epms.data, epms.size, &pms.data, &pms.size); | ||||
5140 | } | ||||
5141 | if (ret < 0) { | ||||
5142 | ssl_debug_printf("%s: decryption failed: %d (%s)\n", G_STRFUNC((const char*) (__func__)), ret, gnutls_strerror(ret)); | ||||
5143 | return false0; | ||||
5144 | } | ||||
5145 | |||||
5146 | if (pms.size != 48) { | ||||
5147 | ssl_debug_printf("%s wrong pre_master_secret length (%d, expected %d)\n", | ||||
5148 | G_STRFUNC((const char*) (__func__)), pms.size, 48); | ||||
5149 | if (pk) { | ||||
5150 | gnutls_free(pms.data); | ||||
5151 | } else { | ||||
5152 | g_free(pms.data); | ||||
5153 | } | ||||
5154 | return false0; | ||||
5155 | } | ||||
5156 | |||||
5157 | ssl_session->pre_master_secret.data = (uint8_t *)wmem_memdup(wmem_file_scope(), pms.data, 48); | ||||
5158 | ssl_session->pre_master_secret.data_len = 48; | ||||
5159 | if (pk) { | ||||
5160 | gnutls_free(pms.data); | ||||
5161 | } else { | ||||
5162 | g_free(pms.data); | ||||
5163 | } | ||||
5164 | ssl_print_string("pre master secret", &ssl_session->pre_master_secret); | ||||
5165 | |||||
5166 | /* Remove the master secret if it was there. | ||||
5167 | This forces keying material regeneration in | ||||
5168 | case we're renegotiating */ | ||||
5169 | ssl_session->state &= ~(SSL_MASTER_SECRET(1<<5)|SSL_HAVE_SESSION_KEY(1<<3)); | ||||
5170 | ssl_session->state |= SSL_PRE_MASTER_SECRET(1<<6); | ||||
5171 | return true1; | ||||
5172 | } /* }}} */ | ||||
5173 | #endif /* HAVE_LIBGNUTLS */ | ||||
5174 | |||||
5175 | /* Decryption integrity check {{{ */ | ||||
5176 | |||||
5177 | static int | ||||
5178 | tls_check_mac(SslDecoder*decoder, int ct, int ver, uint8_t* data, | ||||
5179 | uint32_t datalen, uint8_t* mac) | ||||
5180 | { | ||||
5181 | SSL_HMACgcry_md_hd_t hm; | ||||
5182 | int md; | ||||
5183 | uint32_t len; | ||||
5184 | uint8_t buf[DIGEST_MAX_SIZE48]; | ||||
5185 | int16_t temp; | ||||
5186 | |||||
5187 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); | ||||
5188 | ssl_debug_printf("tls_check_mac mac type:%s md %d\n", | ||||
5189 | ssl_cipher_suite_dig(decoder->cipher_suite)->name, md); | ||||
5190 | |||||
5191 | if (ssl_hmac_init(&hm,md) != 0) | ||||
5192 | return -1; | ||||
5193 | if (ssl_hmac_setkey(&hm,decoder->mac_key.data,decoder->mac_key.data_len) != 0) | ||||
5194 | return -1; | ||||
5195 | |||||
5196 | /* hash sequence number */ | ||||
5197 | phton64(buf, decoder->seq); | ||||
5198 | |||||
5199 | decoder->seq++; | ||||
5200 | |||||
5201 | ssl_hmac_update(&hm,buf,8); | ||||
5202 | |||||
5203 | /* hash content type */ | ||||
5204 | buf[0]=ct; | ||||
5205 | ssl_hmac_update(&hm,buf,1); | ||||
5206 | |||||
5207 | /* hash version,data length and data*/ | ||||
5208 | /* *((int16_t*)buf) = g_htons(ver); */ | ||||
5209 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); | ||||
5210 | memcpy(buf, &temp, 2); | ||||
5211 | ssl_hmac_update(&hm,buf,2); | ||||
5212 | |||||
5213 | /* *((int16_t*)buf) = g_htons(datalen); */ | ||||
5214 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); | ||||
5215 | memcpy(buf, &temp, 2); | ||||
5216 | ssl_hmac_update(&hm,buf,2); | ||||
5217 | ssl_hmac_update(&hm,data,datalen); | ||||
5218 | |||||
5219 | /* get digest and digest len*/ | ||||
5220 | len = sizeof(buf); | ||||
5221 | ssl_hmac_final(&hm,buf,&len); | ||||
5222 | ssl_hmac_cleanup(&hm); | ||||
5223 | ssl_print_data("Mac", buf, len); | ||||
5224 | if(memcmp(mac,buf,len)) | ||||
5225 | return -1; | ||||
5226 | |||||
5227 | return 0; | ||||
5228 | } | ||||
5229 | |||||
5230 | static int | ||||
5231 | ssl3_check_mac(SslDecoder*decoder,int ct,uint8_t* data, | ||||
5232 | uint32_t datalen, uint8_t* mac) | ||||
5233 | { | ||||
5234 | SSL_MDgcry_md_hd_t mc; | ||||
5235 | int md; | ||||
5236 | uint32_t len; | ||||
5237 | uint8_t buf[64],dgst[20]; | ||||
5238 | int pad_ct; | ||||
5239 | int16_t temp; | ||||
5240 | |||||
5241 | pad_ct=(decoder->cipher_suite->dig==DIG_SHA0x41)?40:48; | ||||
5242 | |||||
5243 | /* get cipher used for digest computation */ | ||||
5244 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); | ||||
5245 | if (ssl_md_init(&mc,md) !=0) | ||||
5246 | return -1; | ||||
5247 | |||||
5248 | /* do hash computation on data && padding */ | ||||
5249 | ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len); | ||||
5250 | |||||
5251 | /* hash padding*/ | ||||
5252 | memset(buf,0x36,pad_ct); | ||||
5253 | ssl_md_update(&mc,buf,pad_ct); | ||||
5254 | |||||
5255 | /* hash sequence number */ | ||||
5256 | phton64(buf, decoder->seq); | ||||
5257 | decoder->seq++; | ||||
5258 | ssl_md_update(&mc,buf,8); | ||||
5259 | |||||
5260 | /* hash content type */ | ||||
5261 | buf[0]=ct; | ||||
5262 | ssl_md_update(&mc,buf,1); | ||||
5263 | |||||
5264 | /* hash data length in network byte order and data*/ | ||||
5265 | /* *((int16_t* )buf) = g_htons(datalen); */ | ||||
5266 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); | ||||
5267 | memcpy(buf, &temp, 2); | ||||
5268 | ssl_md_update(&mc,buf,2); | ||||
5269 | ssl_md_update(&mc,data,datalen); | ||||
5270 | |||||
5271 | /* get partial digest */ | ||||
5272 | ssl_md_final(&mc,dgst,&len); | ||||
5273 | ssl_md_reset(&mc); | ||||
5274 | |||||
5275 | /* hash mac key */ | ||||
5276 | ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len); | ||||
5277 | |||||
5278 | /* hash padding and partial digest*/ | ||||
5279 | memset(buf,0x5c,pad_ct); | ||||
5280 | ssl_md_update(&mc,buf,pad_ct); | ||||
5281 | ssl_md_update(&mc,dgst,len); | ||||
5282 | |||||
5283 | ssl_md_final(&mc,dgst,&len); | ||||
5284 | ssl_md_cleanup(&mc); | ||||
5285 | |||||
5286 | if(memcmp(mac,dgst,len)) | ||||
5287 | return -1; | ||||
5288 | |||||
5289 | return 0; | ||||
5290 | } | ||||
5291 | |||||
5292 | static int | ||||
5293 | dtls_check_mac(SslDecryptSession *ssl, SslDecoder*decoder, int ct, uint8_t* data, | ||||
5294 | uint32_t datalen, uint8_t* mac, const unsigned char *cid, uint8_t cidl) | ||||
5295 | { | ||||
5296 | SSL_HMACgcry_md_hd_t hm; | ||||
5297 | int md; | ||||
5298 | uint32_t len; | ||||
5299 | uint8_t buf[DIGEST_MAX_SIZE48]; | ||||
5300 | int16_t temp; | ||||
5301 | |||||
5302 | int ver = ssl->session.version; | ||||
5303 | bool_Bool is_cid = ((ct == SSL_ID_TLS12_CID) && (ver == DTLSV1DOT2_VERSION0xfefd)); | ||||
5304 | |||||
5305 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); | ||||
5306 | ssl_debug_printf("dtls_check_mac mac type:%s md %d\n", | ||||
5307 | ssl_cipher_suite_dig(decoder->cipher_suite)->name, md); | ||||
5308 | |||||
5309 | if (ssl_hmac_init(&hm,md) != 0) | ||||
5310 | return -1; | ||||
5311 | if (ssl_hmac_setkey(&hm,decoder->mac_key.data,decoder->mac_key.data_len) != 0) | ||||
5312 | return -1; | ||||
5313 | |||||
5314 | ssl_debug_printf("dtls_check_mac seq: %" PRIu64"l" "u" " epoch: %d\n",decoder->seq,decoder->epoch); | ||||
5315 | |||||
5316 | if (is_cid && !ssl->session.deprecated_cid) { | ||||
5317 | /* hash seq num placeholder */ | ||||
5318 | memset(buf,0xFF,8); | ||||
5319 | ssl_hmac_update(&hm,buf,8); | ||||
5320 | |||||
5321 | /* hash content type + cid length + content type */ | ||||
5322 | buf[0]=ct; | ||||
5323 | buf[1]=cidl; | ||||
5324 | buf[2]=ct; | ||||
5325 | ssl_hmac_update(&hm,buf,3); | ||||
5326 | |||||
5327 | /* hash version */ | ||||
5328 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); | ||||
5329 | memcpy(buf, &temp, 2); | ||||
5330 | ssl_hmac_update(&hm,buf,2); | ||||
5331 | |||||
5332 | /* hash sequence number */ | ||||
5333 | phton64(buf, decoder->seq); | ||||
5334 | buf[0]=decoder->epoch>>8; | ||||
5335 | buf[1]=(uint8_t)decoder->epoch; | ||||
5336 | ssl_hmac_update(&hm,buf,8); | ||||
5337 | |||||
5338 | /* hash cid */ | ||||
5339 | ssl_hmac_update(&hm,cid,cidl); | ||||
5340 | } else { | ||||
5341 | /* hash sequence number */ | ||||
5342 | phton64(buf, decoder->seq); | ||||
5343 | buf[0]=decoder->epoch>>8; | ||||
5344 | buf[1]=(uint8_t)decoder->epoch; | ||||
5345 | ssl_hmac_update(&hm,buf,8); | ||||
5346 | |||||
5347 | /* hash content type */ | ||||
5348 | buf[0]=ct; | ||||
5349 | ssl_hmac_update(&hm,buf,1); | ||||
5350 | |||||
5351 | /* hash version */ | ||||
5352 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); | ||||
5353 | memcpy(buf, &temp, 2); | ||||
5354 | ssl_hmac_update(&hm,buf,2); | ||||
5355 | |||||
5356 | if (is_cid && ssl->session.deprecated_cid) { | ||||
5357 | /* hash cid */ | ||||
5358 | ssl_hmac_update(&hm,cid,cidl); | ||||
5359 | |||||
5360 | /* hash cid length */ | ||||
5361 | buf[0] = cidl; | ||||
5362 | ssl_hmac_update(&hm,buf,1); | ||||
5363 | } | ||||
5364 | } | ||||
5365 | |||||
5366 | /* data length and data */ | ||||
5367 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); | ||||
5368 | memcpy(buf, &temp, 2); | ||||
5369 | ssl_hmac_update(&hm,buf,2); | ||||
5370 | ssl_hmac_update(&hm,data,datalen); | ||||
5371 | |||||
5372 | /* get digest and digest len */ | ||||
5373 | len = sizeof(buf); | ||||
5374 | ssl_hmac_final(&hm,buf,&len); | ||||
5375 | ssl_hmac_cleanup(&hm); | ||||
5376 | ssl_print_data("Mac", buf, len); | ||||
5377 | if(memcmp(mac,buf,len)) | ||||
5378 | return -1; | ||||
5379 | |||||
5380 | return 0; | ||||
5381 | } | ||||
5382 | /* Decryption integrity check }}} */ | ||||
5383 | |||||
5384 | |||||
5385 | static bool_Bool | ||||
5386 | tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder, | ||||
5387 | uint8_t ct, uint16_t record_version, | ||||
5388 | bool_Bool ignore_mac_failed, | ||||
5389 | const unsigned char *in, uint16_t inl, | ||||
5390 | const unsigned char *cid, uint8_t cidl, | ||||
5391 | StringInfo *out_str, unsigned *outl) | ||||
5392 | { | ||||
5393 | /* RFC 5246 (TLS 1.2) 6.2.3.3 defines the TLSCipherText.fragment as: | ||||
5394 | * GenericAEADCipher: { nonce_explicit, [content] } | ||||
5395 | * In TLS 1.3 this explicit nonce is gone. | ||||
5396 | * With AES GCM/CCM, "[content]" is actually the concatenation of the | ||||
5397 | * ciphertext and authentication tag. | ||||
5398 | */ | ||||
5399 | const uint16_t version = ssl->session.version; | ||||
5400 | const bool_Bool is_v12 = version == TLSV1DOT2_VERSION0x303 || version == DTLSV1DOT2_VERSION0xfefd || version == TLCPV1_VERSION0x101; | ||||
5401 | gcry_error_t err; | ||||
5402 | const unsigned char *explicit_nonce = NULL((void*)0), *ciphertext; | ||||
5403 | unsigned ciphertext_len, auth_tag_len; | ||||
5404 | unsigned char nonce[12]; | ||||
5405 | const ssl_cipher_mode_t cipher_mode = decoder->cipher_suite->mode; | ||||
5406 | const bool_Bool is_cid = ct == SSL_ID_TLS12_CID && version == DTLSV1DOT2_VERSION0xfefd; | ||||
5407 | const uint8_t draft_version = ssl->session.tls13_draft_version; | ||||
5408 | const unsigned char *auth_tag_wire; | ||||
5409 | unsigned char auth_tag_calc[16]; | ||||
5410 | unsigned char *aad = NULL((void*)0); | ||||
5411 | unsigned aad_len = 0; | ||||
5412 | |||||
5413 | switch (cipher_mode) { | ||||
5414 | case MODE_GCM: | ||||
5415 | case MODE_CCM: | ||||
5416 | case MODE_POLY1305: | ||||
5417 | auth_tag_len = 16; | ||||
5418 | break; | ||||
5419 | case MODE_CCM_8: | ||||
5420 | auth_tag_len = 8; | ||||
5421 | break; | ||||
5422 | default: | ||||
5423 | ssl_debug_printf("%s unsupported cipher!\n", G_STRFUNC((const char*) (__func__))); | ||||
5424 | return false0; | ||||
5425 | } | ||||
5426 | |||||
5427 | /* Parse input into explicit nonce (TLS 1.2 only), ciphertext and tag. */ | ||||
5428 | if (is_v12 && cipher_mode != MODE_POLY1305) { | ||||
5429 | if (inl < EXPLICIT_NONCE_LEN8 + auth_tag_len) { | ||||
5430 | ssl_debug_printf("%s input %d is too small for explicit nonce %d and auth tag %d\n", | ||||
5431 | G_STRFUNC((const char*) (__func__)), inl, EXPLICIT_NONCE_LEN8, auth_tag_len); | ||||
5432 | return false0; | ||||
5433 | } | ||||
5434 | explicit_nonce = in; | ||||
5435 | ciphertext = explicit_nonce + EXPLICIT_NONCE_LEN8; | ||||
5436 | ciphertext_len = inl - EXPLICIT_NONCE_LEN8 - auth_tag_len; | ||||
5437 | } else if (version == TLSV1DOT3_VERSION0x304 || version == DTLSV1DOT3_VERSION0xfefc || cipher_mode == MODE_POLY1305) { | ||||
5438 | if (inl < auth_tag_len) { | ||||
5439 | ssl_debug_printf("%s input %d has no space for auth tag %d\n", G_STRFUNC((const char*) (__func__)), inl, auth_tag_len); | ||||
5440 | return false0; | ||||
5441 | } | ||||
5442 | ciphertext = in; | ||||
5443 | ciphertext_len = inl - auth_tag_len; | ||||
5444 | } else { | ||||
5445 | ssl_debug_printf("%s Unexpected TLS version %#x\n", G_STRFUNC((const char*) (__func__)), version); | ||||
5446 | return false0; | ||||
5447 | } | ||||
5448 | auth_tag_wire = ciphertext + ciphertext_len; | ||||
5449 | |||||
5450 | /* | ||||
5451 | * Nonce construction is version-specific. Note that AEAD_CHACHA20_POLY1305 | ||||
5452 | * (RFC 7905) uses a nonce construction similar to TLS 1.3. | ||||
5453 | */ | ||||
5454 | if (is_v12 && cipher_mode != MODE_POLY1305) { | ||||
5455 | DISSECTOR_ASSERT(decoder->write_iv.data_len == IMPLICIT_NONCE_LEN)((void) ((decoder->write_iv.data_len == 4) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 5455, "decoder->write_iv.data_len == 4")))); | ||||
5456 | /* Implicit (4) and explicit (8) part of nonce. */ | ||||
5457 | memcpy(nonce, decoder->write_iv.data, IMPLICIT_NONCE_LEN4); | ||||
5458 | memcpy(nonce + IMPLICIT_NONCE_LEN4, explicit_nonce, EXPLICIT_NONCE_LEN8); | ||||
5459 | |||||
5460 | } else if (version == TLSV1DOT3_VERSION0x304 || version == DTLSV1DOT3_VERSION0xfefc || cipher_mode == MODE_POLY1305) { | ||||
5461 | /* | ||||
5462 | * Technically the nonce length must be at least 8 bytes, but for | ||||
5463 | * AES-GCM, AES-CCM and Poly1305-ChaCha20 the nonce length is exact 12. | ||||
5464 | */ | ||||
5465 | const unsigned nonce_len = 12; | ||||
5466 | DISSECTOR_ASSERT(decoder->write_iv.data_len == nonce_len)((void) ((decoder->write_iv.data_len == nonce_len) ? (void )0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 5466, "decoder->write_iv.data_len == nonce_len" )))); | ||||
5467 | memcpy(nonce, decoder->write_iv.data, decoder->write_iv.data_len); | ||||
5468 | /* Sequence number is left-padded with zeroes and XORed with write_iv */ | ||||
5469 | phton64(nonce + nonce_len - 8, pntoh64(nonce + nonce_len - 8) ^ decoder->seq); | ||||
5470 | ssl_debug_printf("%s seq %" PRIu64"l" "u" "\n", G_STRFUNC((const char*) (__func__)), decoder->seq); | ||||
5471 | } | ||||
5472 | |||||
5473 | /* Set nonce and additional authentication data */ | ||||
5474 | gcry_cipher_reset(decoder->evp)gcry_cipher_ctl ((decoder->evp), GCRYCTL_RESET, ((void*)0) , 0); | ||||
5475 | ssl_print_data("nonce", nonce, 12); | ||||
5476 | err = gcry_cipher_setiv(decoder->evp, nonce, 12); | ||||
5477 | if (err) { | ||||
5478 | ssl_debug_printf("%s failed to set nonce: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | ||||
5479 | return false0; | ||||
5480 | } | ||||
5481 | |||||
5482 | /* (D)TLS 1.2 needs specific AAD, TLS 1.3 (before -25) uses empty AAD. */ | ||||
5483 | if (is_cid) { /* if connection ID */ | ||||
5484 | if (ssl->session.deprecated_cid) { | ||||
5485 | aad_len = 14 + cidl; | ||||
5486 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | ||||
5487 | phton64(aad, decoder->seq); /* record sequence number */ | ||||
5488 | phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ | ||||
5489 | aad[8] = ct; /* TLSCompressed.type */ | ||||
5490 | phton16(aad + 9, record_version); /* TLSCompressed.version */ | ||||
5491 | memcpy(aad + 11, cid, cidl); /* cid */ | ||||
5492 | aad[11 + cidl] = cidl; /* cid_length */ | ||||
5493 | phton16(aad + 12 + cidl, ciphertext_len); /* TLSCompressed.length */ | ||||
5494 | } else { | ||||
5495 | aad_len = 23 + cidl; | ||||
5496 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | ||||
5497 | memset(aad, 0xFF, 8); /* seq_num_placeholder */ | ||||
5498 | aad[8] = ct; /* TLSCompressed.type */ | ||||
5499 | aad[9] = cidl; /* cid_length */ | ||||
5500 | aad[10] = ct; /* TLSCompressed.type */ | ||||
5501 | phton16(aad + 11, record_version); /* TLSCompressed.version */ | ||||
5502 | phton64(aad + 13, decoder->seq); /* record sequence number */ | ||||
5503 | phton16(aad + 13, decoder->epoch); /* DTLS 1.2 includes epoch. */ | ||||
5504 | memcpy(aad + 21, cid, cidl); /* cid */ | ||||
5505 | phton16(aad + 21 + cidl, ciphertext_len); /* TLSCompressed.length */ | ||||
5506 | } | ||||
5507 | } else if (is_v12) { | ||||
5508 | aad_len = 13; | ||||
5509 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | ||||
5510 | phton64(aad, decoder->seq); /* record sequence number */ | ||||
5511 | if (version == DTLSV1DOT2_VERSION0xfefd) { | ||||
5512 | phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ | ||||
5513 | } | ||||
5514 | aad[8] = ct; /* TLSCompressed.type */ | ||||
5515 | phton16(aad + 9, record_version); /* TLSCompressed.version */ | ||||
5516 | phton16(aad + 11, ciphertext_len); /* TLSCompressed.length */ | ||||
5517 | } else if (version == DTLSV1DOT3_VERSION0xfefc) { | ||||
5518 | aad_len = decoder->dtls13_aad.data_len; | ||||
5519 | aad = decoder->dtls13_aad.data; | ||||
5520 | } else if (draft_version >= 25 || draft_version == 0) { | ||||
5521 | aad_len = 5; | ||||
5522 | aad = wmem_alloc(wmem_packet_scope(), aad_len); | ||||
5523 | aad[0] = ct; /* TLSCiphertext.opaque_type (23) */ | ||||
5524 | phton16(aad + 1, record_version); /* TLSCiphertext.legacy_record_version (0x0303) */ | ||||
5525 | phton16(aad + 3, inl); /* TLSCiphertext.length */ | ||||
5526 | } | ||||
5527 | |||||
5528 | if (decoder->cipher_suite->mode == MODE_CCM || decoder->cipher_suite->mode == MODE_CCM_8) { | ||||
5529 | /* size of plaintext, additional authenticated data and auth tag. */ | ||||
5530 | uint64_t lengths[3] = { ciphertext_len, aad_len, auth_tag_len }; | ||||
5531 | |||||
5532 | gcry_cipher_ctl(decoder->evp, GCRYCTL_SET_CCM_LENGTHS, lengths, sizeof(lengths)); | ||||
5533 | } | ||||
5534 | |||||
5535 | if (aad && aad_len > 0) { | ||||
5536 | ssl_print_data("AAD", aad, aad_len); | ||||
5537 | err = gcry_cipher_authenticate(decoder->evp, aad, aad_len); | ||||
5538 | if (err) { | ||||
5539 | ssl_debug_printf("%s failed to set AAD: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | ||||
5540 | return false0; | ||||
5541 | } | ||||
5542 | } | ||||
5543 | |||||
5544 | /* Decrypt now that nonce and AAD are set. */ | ||||
5545 | err = gcry_cipher_decrypt(decoder->evp, out_str->data, out_str->data_len, ciphertext, ciphertext_len); | ||||
5546 | if (err) { | ||||
5547 | ssl_debug_printf("%s decrypt failed: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | ||||
5548 | return false0; | ||||
5549 | } | ||||
5550 | |||||
5551 | /* Check authentication tag for authenticity (replaces MAC) */ | ||||
5552 | err = gcry_cipher_gettag(decoder->evp, auth_tag_calc, auth_tag_len); | ||||
5553 | if (err == 0 && !memcmp(auth_tag_calc, auth_tag_wire, auth_tag_len)) { | ||||
5554 | ssl_print_data("auth_tag(OK)", auth_tag_calc, auth_tag_len); | ||||
5555 | } else { | ||||
5556 | if (err) { | ||||
5557 | ssl_debug_printf("%s cannot obtain tag: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); | ||||
5558 | } else { | ||||
5559 | ssl_debug_printf("%s auth tag mismatch\n", G_STRFUNC((const char*) (__func__))); | ||||
5560 | ssl_print_data("auth_tag(expect)", auth_tag_calc, auth_tag_len); | ||||
5561 | ssl_print_data("auth_tag(actual)", auth_tag_wire, auth_tag_len); | ||||
5562 | } | ||||
5563 | if (ignore_mac_failed) { | ||||
5564 | ssl_debug_printf("%s: auth check failed, but ignored for troubleshooting ;-)\n", G_STRFUNC((const char*) (__func__))); | ||||
5565 | } else { | ||||
5566 | return false0; | ||||
5567 | } | ||||
5568 | } | ||||
5569 | |||||
5570 | /* | ||||
5571 | * Increment the (implicit) sequence number for TLS 1.2/1.3 and TLCP 1.1. This is done | ||||
5572 | * after successful authentication to ensure that early data is skipped when | ||||
5573 | * CLIENT_EARLY_TRAFFIC_SECRET keys are unavailable. | ||||
5574 | */ | ||||
5575 | if (version == TLSV1DOT2_VERSION0x303 || version == TLSV1DOT3_VERSION0x304 || version == TLCPV1_VERSION0x101) { | ||||
5576 | decoder->seq++; | ||||
5577 | } | ||||
5578 | |||||
5579 | ssl_print_data("Plaintext", out_str->data, ciphertext_len); | ||||
5580 | *outl = ciphertext_len; | ||||
5581 | return true1; | ||||
5582 | } | ||||
5583 | |||||
5584 | /* Record decryption glue based on security parameters {{{ */ | ||||
5585 | /* Assume that we are called only for a non-NULL decoder which also means that | ||||
5586 | * we have a non-NULL decoder->cipher_suite. */ | ||||
5587 | int | ||||
5588 | ssl_decrypt_record(SslDecryptSession *ssl, SslDecoder *decoder, uint8_t ct, uint16_t record_version, | ||||
5589 | bool_Bool ignore_mac_failed, | ||||
5590 | const unsigned char *in, uint16_t inl, const unsigned char *cid, uint8_t cidl, | ||||
5591 | StringInfo *comp_str, StringInfo *out_str, unsigned *outl) | ||||
5592 | { | ||||
5593 | unsigned pad, worklen, uncomplen, maclen, mac_fraglen = 0; | ||||
5594 | uint8_t *mac = NULL((void*)0), *mac_frag = NULL((void*)0); | ||||
5595 | |||||
5596 | ssl_debug_printf("ssl_decrypt_record ciphertext len %d\n", inl); | ||||
5597 | ssl_print_data("Ciphertext",in, inl); | ||||
5598 | |||||
5599 | if (((ssl->session.version == TLSV1DOT3_VERSION0x304 || ssl->session.version == DTLSV1DOT3_VERSION0xfefc)) | ||||
5600 | != (decoder->cipher_suite->kex == KEX_TLS130x23)) { | ||||
5601 | ssl_debug_printf("%s Invalid cipher suite for the protocol version!\n", G_STRFUNC((const char*) (__func__))); | ||||
5602 | return -1; | ||||
5603 | } | ||||
5604 | |||||
5605 | /* ensure we have enough storage space for decrypted data */ | ||||
5606 | if (inl > out_str->data_len) | ||||
5607 | { | ||||
5608 | ssl_debug_printf("ssl_decrypt_record: allocating %d bytes for decrypt data (old len %d)\n", | ||||
5609 | inl + 32, out_str->data_len); | ||||
5610 | ssl_data_realloc(out_str, inl + 32); | ||||
5611 | } | ||||
5612 | |||||
5613 | /* AEAD ciphers (GenericAEADCipher in TLS 1.2; TLS 1.3) have no padding nor | ||||
5614 | * a separate MAC, so use a different routine for simplicity. */ | ||||
5615 | if (decoder->cipher_suite->mode == MODE_GCM || | ||||
5616 | decoder->cipher_suite->mode == MODE_CCM || | ||||
5617 | decoder->cipher_suite->mode == MODE_CCM_8 || | ||||
5618 | decoder->cipher_suite->mode == MODE_POLY1305 || | ||||
5619 | ssl->session.version == TLSV1DOT3_VERSION0x304 || | ||||
5620 | ssl->session.version == DTLSV1DOT3_VERSION0xfefc) { | ||||
5621 | |||||
5622 | if (!tls_decrypt_aead_record(ssl, decoder, ct, record_version, ignore_mac_failed, in, inl, cid, cidl, out_str, &worklen)) { | ||||
5623 | /* decryption failed */ | ||||
5624 | return -1; | ||||
5625 | } | ||||
5626 | |||||
5627 | goto skip_mac; | ||||
5628 | } | ||||
5629 | |||||
5630 | /* RFC 6101/2246: SSLCipherText/TLSCipherText has two structures for types: | ||||
5631 | * (notation: { unencrypted, [ encrypted ] }) | ||||
5632 | * GenericStreamCipher: { [content, mac] } | ||||
5633 | * GenericBlockCipher: { IV (TLS 1.1+), [content, mac, padding, padding_len] } | ||||
5634 | * RFC 5426 (TLS 1.2): TLSCipherText has additionally: | ||||
5635 | * GenericAEADCipher: { nonce_explicit, [content] } | ||||
5636 | * RFC 4347 (DTLS): based on TLS 1.1, only GenericBlockCipher is supported. | ||||
5637 | * RFC 6347 (DTLS 1.2): based on TLS 1.2, includes GenericAEADCipher too. | ||||
5638 | */ | ||||
5639 | |||||
5640 | maclen = ssl_cipher_suite_dig(decoder->cipher_suite)->len; | ||||
5641 | |||||
5642 | /* (TLS 1.1 and later, DTLS) Extract explicit IV for GenericBlockCipher */ | ||||
5643 | if (decoder->cipher_suite->mode == MODE_CBC) { | ||||
5644 | unsigned blocksize = 0; | ||||
5645 | |||||
5646 | switch (ssl->session.version) { | ||||
5647 | case TLSV1DOT1_VERSION0x302: | ||||
5648 | case TLSV1DOT2_VERSION0x303: | ||||
5649 | case DTLSV1DOT0_VERSION0xfeff: | ||||
5650 | case DTLSV1DOT2_VERSION0xfefd: | ||||
5651 | case DTLSV1DOT3_VERSION0xfefc: | ||||
5652 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | ||||
5653 | case TLCPV1_VERSION0x101: | ||||
5654 | blocksize = ssl_get_cipher_blocksize(decoder->cipher_suite); | ||||
5655 | if (inl < blocksize) { | ||||
5656 | ssl_debug_printf("ssl_decrypt_record failed: input %d has no space for IV %d\n", | ||||
5657 | inl, blocksize); | ||||
5658 | return -1; | ||||
5659 | } | ||||
5660 | pad = gcry_cipher_setiv(decoder->evp, in, blocksize); | ||||
5661 | if (pad != 0) { | ||||
5662 | ssl_debug_printf("ssl_decrypt_record failed: failed to set IV: %s %s\n", | ||||
5663 | gcry_strsource (pad), gcry_strerror (pad)); | ||||
5664 | } | ||||
5665 | |||||
5666 | inl -= blocksize; | ||||
5667 | in += blocksize; | ||||
5668 | break; | ||||
5669 | } | ||||
5670 | |||||
5671 | /* Encrypt-then-MAC for (D)TLS (RFC 7366) */ | ||||
5672 | if (ssl->state & SSL_ENCRYPT_THEN_MAC(1<<11)) { | ||||
5673 | /* | ||||
5674 | * MAC is calculated over (IV + ) ENCRYPTED contents: | ||||
5675 | * | ||||
5676 | * MAC(MAC_write_key, ... + | ||||
5677 | * IV + // for TLS 1.1 or greater | ||||
5678 | * TLSCiphertext.enc_content); | ||||
5679 | */ | ||||
5680 | if (inl < maclen) { | ||||
5681 | ssl_debug_printf("%s failed: input %d has no space for MAC %d\n", | ||||
5682 | G_STRFUNC((const char*) (__func__)), inl, maclen); | ||||
5683 | return -1; | ||||
5684 | } | ||||
5685 | inl -= maclen; | ||||
5686 | mac = (uint8_t *)in + inl; | ||||
5687 | mac_frag = (uint8_t *)in - blocksize; | ||||
5688 | mac_fraglen = blocksize + inl; | ||||
5689 | } | ||||
5690 | } | ||||
5691 | |||||
5692 | /* First decrypt*/ | ||||
5693 | if ((pad = ssl_cipher_decrypt(&decoder->evp, out_str->data, out_str->data_len, in, inl)) != 0) { | ||||
5694 | ssl_debug_printf("ssl_decrypt_record failed: ssl_cipher_decrypt: %s %s\n", gcry_strsource (pad), | ||||
5695 | gcry_strerror (pad)); | ||||
5696 | return -1; | ||||
5697 | } | ||||
5698 | |||||
5699 | ssl_print_data("Plaintext", out_str->data, inl); | ||||
5700 | worklen=inl; | ||||
5701 | |||||
5702 | |||||
5703 | /* strip padding for GenericBlockCipher */ | ||||
5704 | if (decoder->cipher_suite->mode == MODE_CBC) { | ||||
5705 | if (inl < 1) { /* Should this check happen earlier? */ | ||||
5706 | ssl_debug_printf("ssl_decrypt_record failed: input length %d too small\n", inl); | ||||
5707 | return -1; | ||||
5708 | } | ||||
5709 | pad=out_str->data[inl-1]; | ||||
5710 | if (worklen <= pad) { | ||||
5711 | ssl_debug_printf("ssl_decrypt_record failed: padding %d too large for work %d\n", | ||||
5712 | pad, worklen); | ||||
5713 | return -1; | ||||
5714 | } | ||||
5715 | worklen-=(pad+1); | ||||
5716 | ssl_debug_printf("ssl_decrypt_record found padding %d final len %d\n", | ||||
5717 | pad, worklen); | ||||
5718 | } | ||||
5719 | |||||
5720 | /* MAC for GenericStreamCipher and GenericBlockCipher. | ||||
5721 | * (normal case without Encrypt-then-MAC (RFC 7366) extension. */ | ||||
5722 | if (!mac) { | ||||
5723 | /* | ||||
5724 | * MAC is calculated over the DECRYPTED contents: | ||||
5725 | * | ||||
5726 | * MAC(MAC_write_key, ... + TLSCompressed.fragment); | ||||
5727 | */ | ||||
5728 | if (worklen < maclen) { | ||||
5729 | ssl_debug_printf("%s wrong record len/padding outlen %d\n work %d\n", G_STRFUNC((const char*) (__func__)), *outl, worklen); | ||||
5730 | return -1; | ||||
5731 | } | ||||
5732 | worklen -= maclen; | ||||
5733 | mac = out_str->data + worklen; | ||||
5734 | mac_frag = out_str->data; | ||||
5735 | mac_fraglen = worklen; | ||||
5736 | } | ||||
5737 | |||||
5738 | /* If NULL encryption active and no keys are available, do not bother | ||||
5739 | * checking the MAC. We do not have keys for that. */ | ||||
5740 | if (decoder->cipher_suite->mode == MODE_STREAM && | ||||
5741 | decoder->cipher_suite->enc == ENC_NULL0x3D && | ||||
5742 | !(ssl->state & SSL_MASTER_SECRET(1<<5))) { | ||||
5743 | ssl_debug_printf("MAC check skipped due to missing keys\n"); | ||||
5744 | goto skip_mac; | ||||
5745 | } | ||||
5746 | |||||
5747 | /* Now check the MAC */ | ||||
5748 | ssl_debug_printf("checking mac (len %d, version %X, ct %d seq %" PRIu64"l" "u" ")\n", | ||||
5749 | worklen, ssl->session.version, ct, decoder->seq); | ||||
5750 | if(ssl->session.version==SSLV3_VERSION0x300){ | ||||
5751 | if(ssl3_check_mac(decoder,ct,mac_frag,mac_fraglen,mac) < 0) { | ||||
5752 | if(ignore_mac_failed) { | ||||
5753 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); | ||||
5754 | } | ||||
5755 | else{ | ||||
5756 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); | ||||
5757 | return -1; | ||||
5758 | } | ||||
5759 | } | ||||
5760 | else{ | ||||
5761 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); | ||||
5762 | } | ||||
5763 | } | ||||
5764 | else if(ssl->session.version==TLSV1_VERSION0x301 || ssl->session.version==TLSV1DOT1_VERSION0x302 || ssl->session.version==TLSV1DOT2_VERSION0x303 || ssl->session.version==TLCPV1_VERSION0x101){ | ||||
5765 | if(tls_check_mac(decoder,ct,ssl->session.version,mac_frag,mac_fraglen,mac)< 0) { | ||||
5766 | if(ignore_mac_failed) { | ||||
5767 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); | ||||
5768 | } | ||||
5769 | else{ | ||||
5770 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); | ||||
5771 | return -1; | ||||
5772 | } | ||||
5773 | } | ||||
5774 | else{ | ||||
5775 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); | ||||
5776 | } | ||||
5777 | } | ||||
5778 | else if(ssl->session.version==DTLSV1DOT0_VERSION0xfeff || | ||||
5779 | ssl->session.version==DTLSV1DOT2_VERSION0xfefd || | ||||
5780 | ssl->session.version==DTLSV1DOT0_OPENSSL_VERSION0x100){ | ||||
5781 | /* Try rfc-compliant mac first, and if failed, try old openssl's non-rfc-compliant mac */ | ||||
5782 | if(dtls_check_mac(ssl,decoder,ct,mac_frag,mac_fraglen,mac,cid,cidl)>= 0) { | ||||
5783 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); | ||||
5784 | } | ||||
5785 | else if(tls_check_mac(decoder,ct,TLSV1_VERSION0x301,mac_frag,mac_fraglen,mac)>= 0) { | ||||
5786 | ssl_debug_printf("ssl_decrypt_record: dtls rfc-compliant mac failed, but old openssl's non-rfc-compliant mac ok\n"); | ||||
5787 | } | ||||
5788 | else if(ignore_mac_failed) { | ||||
5789 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); | ||||
5790 | } | ||||
5791 | else{ | ||||
5792 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); | ||||
5793 | return -1; | ||||
5794 | } | ||||
5795 | } | ||||
5796 | skip_mac: | ||||
5797 | |||||
5798 | *outl = worklen; | ||||
5799 | |||||
5800 | if (decoder->compression > 0) { | ||||
5801 | ssl_debug_printf("ssl_decrypt_record: compression method %d\n", decoder->compression); | ||||
5802 | ssl_data_copy(comp_str, out_str); | ||||
5803 | ssl_print_data("Plaintext compressed", comp_str->data, worklen); | ||||
5804 | if (!decoder->decomp) { | ||||
5805 | ssl_debug_printf("decrypt_ssl3_record: no decoder available\n"); | ||||
5806 | return -1; | ||||
5807 | } | ||||
5808 | if (ssl_decompress_record(decoder->decomp, comp_str->data, worklen, out_str, &uncomplen) < 0) return -1; | ||||
5809 | ssl_print_data("Plaintext uncompressed", out_str->data, uncomplen); | ||||
5810 | *outl = uncomplen; | ||||
5811 | } | ||||
5812 | |||||
5813 | return 0; | ||||
5814 | } | ||||
5815 | /* Record decryption glue based on security parameters }}} */ | ||||
5816 | |||||
5817 | |||||
5818 | |||||
5819 | #ifdef HAVE_LIBGNUTLS1 | ||||
5820 | |||||
5821 | /* RSA private key file processing {{{ */ | ||||
5822 | static void | ||||
5823 | ssl_find_private_key_by_pubkey(SslDecryptSession *ssl, | ||||
5824 | gnutls_datum_t *subjectPublicKeyInfo) | ||||
5825 | { | ||||
5826 | gnutls_pubkey_t pubkey = NULL((void*)0); | ||||
5827 | cert_key_id_t key_id; | ||||
5828 | size_t key_id_len = sizeof(key_id); | ||||
5829 | int r; | ||||
5830 | |||||
5831 | if (!subjectPublicKeyInfo->size) { | ||||
5832 | ssl_debug_printf("%s: could not find SubjectPublicKeyInfo\n", G_STRFUNC((const char*) (__func__))); | ||||
5833 | return; | ||||
5834 | } | ||||
5835 | |||||
5836 | r = gnutls_pubkey_init(&pubkey); | ||||
5837 | if (r < 0) { | ||||
5838 | ssl_debug_printf("%s: failed to init pubkey: %s\n", | ||||
5839 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); | ||||
5840 | return; | ||||
5841 | } | ||||
5842 | |||||
5843 | r = gnutls_pubkey_import(pubkey, subjectPublicKeyInfo, GNUTLS_X509_FMT_DER); | ||||
5844 | if (r < 0) { | ||||
5845 | ssl_debug_printf("%s: failed to import pubkey from handshake: %s\n", | ||||
5846 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); | ||||
5847 | goto end; | ||||
5848 | } | ||||
5849 | |||||
5850 | if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL((void*)0)) != GNUTLS_PK_RSA) { | ||||
5851 | ssl_debug_printf("%s: Not a RSA public key - ignoring.\n", G_STRFUNC((const char*) (__func__))); | ||||
5852 | goto end; | ||||
5853 | } | ||||
5854 | |||||
5855 | /* Generate a 20-byte SHA-1 hash. */ | ||||
5856 | r = gnutls_pubkey_get_key_id(pubkey, 0, key_id.key_id, &key_id_len); | ||||
5857 | if (r < 0) { | ||||
5858 | ssl_debug_printf("%s: failed to extract key id from pubkey: %s\n", | ||||
5859 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); | ||||
5860 | goto end; | ||||
5861 | } | ||||
5862 | |||||
5863 | if (key_id_len != sizeof(key_id)) { | ||||
5864 | ssl_debug_printf("%s: expected Key ID size %zu, got %zu\n", | ||||
5865 | G_STRFUNC((const char*) (__func__)), sizeof(key_id), key_id_len); | ||||
5866 | goto end; | ||||
5867 | } | ||||
5868 | |||||
5869 | ssl_print_data("Certificate.KeyID", key_id.key_id, key_id_len); | ||||
5870 | ssl->cert_key_id = wmem_new(wmem_file_scope(), cert_key_id_t)((cert_key_id_t*)wmem_alloc((wmem_file_scope()), sizeof(cert_key_id_t ))); | ||||
5871 | *ssl->cert_key_id = key_id; | ||||
5872 | |||||
5873 | end: | ||||
5874 | gnutls_pubkey_deinit(pubkey); | ||||
5875 | } | ||||
5876 | |||||
5877 | /* RSA private key file processing }}} */ | ||||
5878 | #endif /* HAVE_LIBGNUTLS */ | ||||
5879 | |||||
5880 | /*--- Start of dissector-related code below ---*/ | ||||
5881 | |||||
5882 | /* get ssl data for this session. if no ssl data is found allocate a new one*/ | ||||
5883 | SslDecryptSession * | ||||
5884 | ssl_get_session(conversation_t *conversation, dissector_handle_t tls_handle) | ||||
5885 | { | ||||
5886 | void *conv_data; | ||||
5887 | SslDecryptSession *ssl_session; | ||||
5888 | int proto_ssl; | ||||
5889 | |||||
5890 | proto_ssl = dissector_handle_get_protocol_index(tls_handle); | ||||
5891 | conv_data = conversation_get_proto_data(conversation, proto_ssl); | ||||
5892 | if (conv_data != NULL((void*)0)) | ||||
5893 | return (SslDecryptSession *)conv_data; | ||||
5894 | |||||
5895 | /* no previous SSL conversation info, initialize it. */ | ||||
5896 | ssl_session = wmem_new0(wmem_file_scope(), SslDecryptSession)((SslDecryptSession*)wmem_alloc0((wmem_file_scope()), sizeof( SslDecryptSession))); | ||||
5897 | |||||
5898 | /* data_len is the part that is meaningful, not the allocated length */ | ||||
5899 | ssl_session->master_secret.data_len = 0; | ||||
5900 | ssl_session->master_secret.data = ssl_session->_master_secret; | ||||
5901 | ssl_session->session_id.data_len = 0; | ||||
5902 | ssl_session->session_id.data = ssl_session->_session_id; | ||||
5903 | ssl_session->client_random.data_len = 0; | ||||
5904 | ssl_session->client_random.data = ssl_session->_client_random; | ||||
5905 | ssl_session->server_random.data_len = 0; | ||||
5906 | ssl_session->server_random.data = ssl_session->_server_random; | ||||
5907 | ssl_session->session_ticket.data_len = 0; | ||||
5908 | ssl_session->session_ticket.data = NULL((void*)0); /* will be re-alloced as needed */ | ||||
5909 | ssl_session->server_data_for_iv.data_len = 0; | ||||
5910 | ssl_session->server_data_for_iv.data = ssl_session->_server_data_for_iv; | ||||
5911 | ssl_session->client_data_for_iv.data_len = 0; | ||||
5912 | ssl_session->client_data_for_iv.data = ssl_session->_client_data_for_iv; | ||||
5913 | ssl_session->app_data_segment.data = NULL((void*)0); | ||||
5914 | ssl_session->app_data_segment.data_len = 0; | ||||
5915 | ssl_session->handshake_data.data=NULL((void*)0); | ||||
5916 | ssl_session->handshake_data.data_len=0; | ||||
5917 | ssl_session->ech_transcript.data=NULL((void*)0); | ||||
5918 | ssl_session->ech_transcript.data_len=0; | ||||
5919 | |||||
5920 | /* Initialize parameters which are not necessary specific to decryption. */ | ||||
5921 | ssl_session->session.version = SSL_VER_UNKNOWN0; | ||||
5922 | clear_address(&ssl_session->session.srv_addr); | ||||
5923 | ssl_session->session.srv_ptype = PT_NONE; | ||||
5924 | ssl_session->session.srv_port = 0; | ||||
5925 | ssl_session->session.dtls13_current_epoch[0] = ssl_session->session.dtls13_current_epoch[1] = 0; | ||||
5926 | ssl_session->session.dtls13_next_seq_num[0] = ssl_session->session.dtls13_next_seq_num[1] = 0; | ||||
5927 | ssl_session->session.client_random.data_len = 0; | ||||
5928 | ssl_session->session.client_random.data = ssl_session->session._client_random; | ||||
5929 | memset(ssl_session->session.ech_confirmation, 0, sizeof(ssl_session->session.ech_confirmation)); | ||||
5930 | memset(ssl_session->session.hrr_ech_confirmation, 0, sizeof(ssl_session->session.hrr_ech_confirmation)); | ||||
5931 | memset(ssl_session->session.first_ech_auth_tag, 0, sizeof(ssl_session->session.first_ech_auth_tag)); | ||||
5932 | ssl_session->session.ech = FALSE(0); | ||||
5933 | ssl_session->session.hrr_ech_declined = FALSE(0); | ||||
5934 | ssl_session->session.first_ch_ech_frame = 0; | ||||
5935 | |||||
5936 | conversation_add_proto_data(conversation, proto_ssl, ssl_session); | ||||
5937 | return ssl_session; | ||||
5938 | } | ||||
5939 | |||||
5940 | void ssl_reset_session(SslSession *session, SslDecryptSession *ssl, bool_Bool is_client) | ||||
5941 | { | ||||
5942 | if (ssl) { | ||||
5943 | /* Ensure that secrets are not restored using stale identifiers. Split | ||||
5944 | * between client and server in case the packets somehow got out of order. */ | ||||
5945 | int clear_flags = SSL_HAVE_SESSION_KEY(1<<3) | SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6); | ||||
5946 | |||||
5947 | if (is_client) { | ||||
5948 | clear_flags |= SSL_CLIENT_EXTENDED_MASTER_SECRET(1<<7); | ||||
5949 | ssl->session_id.data_len = 0; | ||||
5950 | ssl->session_ticket.data_len = 0; | ||||
5951 | ssl->master_secret.data_len = 0; | ||||
5952 | ssl->client_random.data_len = 0; | ||||
5953 | ssl->has_early_data = false0; | ||||
5954 | if (ssl->handshake_data.data_len > 0) { | ||||
5955 | // The EMS handshake hash starts with at the Client Hello, | ||||
5956 | // ensure that any messages before it are forgotten. | ||||
5957 | wmem_free(wmem_file_scope(), ssl->handshake_data.data); | ||||
5958 | ssl->handshake_data.data = NULL((void*)0); | ||||
5959 | ssl->handshake_data.data_len = 0; | ||||
5960 | } | ||||
5961 | } else { | ||||
5962 | clear_flags |= SSL_SERVER_EXTENDED_MASTER_SECRET(1<<8) | SSL_NEW_SESSION_TICKET(1<<10); | ||||
5963 | ssl->server_random.data_len = 0; | ||||
5964 | ssl->pre_master_secret.data_len = 0; | ||||
5965 | #ifdef HAVE_LIBGNUTLS1 | ||||
5966 | ssl->cert_key_id = NULL((void*)0); | ||||
5967 | #endif | ||||
5968 | ssl->psk.data_len = 0; | ||||
5969 | } | ||||
5970 | |||||
5971 | if (ssl->state & clear_flags) { | ||||
5972 | ssl_debug_printf("%s detected renegotiation, clearing 0x%02x (%s side)\n", | ||||
5973 | G_STRFUNC((const char*) (__func__)), ssl->state & clear_flags, is_client ? "client" : "server"); | ||||
5974 | ssl->state &= ~clear_flags; | ||||
5975 | } | ||||
5976 | } | ||||
5977 | |||||
5978 | /* These flags might be used for non-decryption purposes and may affect the | ||||
5979 | * dissection, so reset them as well. */ | ||||
5980 | if (is_client) { | ||||
5981 | session->client_cert_type = 0; | ||||
5982 | } else { | ||||
5983 | session->compression = 0; | ||||
5984 | session->server_cert_type = 0; | ||||
5985 | /* session->is_session_resumed is already handled in the ServerHello dissection. */ | ||||
5986 | } | ||||
5987 | session->dtls13_next_seq_num[0] = session->dtls13_next_seq_num[1] = 0; | ||||
5988 | session->dtls13_current_epoch[0] = session->dtls13_current_epoch[1] = 0; | ||||
5989 | } | ||||
5990 | |||||
5991 | void | ||||
5992 | tls_set_appdata_dissector(dissector_handle_t tls_handle, packet_info *pinfo, | ||||
5993 | dissector_handle_t app_handle) | ||||
5994 | { | ||||
5995 | conversation_t *conversation; | ||||
5996 | SslSession *session; | ||||
5997 | |||||
5998 | /* Ignore if the TLS or other dissector is disabled. */ | ||||
5999 | if (!tls_handle || !app_handle) | ||||
6000 | return; | ||||
6001 | |||||
6002 | conversation = find_or_create_conversation(pinfo); | ||||
6003 | session = &ssl_get_session(conversation, tls_handle)->session; | ||||
6004 | session->app_handle = app_handle; | ||||
6005 | } | ||||
6006 | |||||
6007 | static uint32_t | ||||
6008 | ssl_starttls(dissector_handle_t tls_handle, packet_info *pinfo, | ||||
6009 | dissector_handle_t app_handle, uint32_t last_nontls_frame) | ||||
6010 | { | ||||
6011 | conversation_t *conversation; | ||||
6012 | SslSession *session; | ||||
6013 | |||||
6014 | /* Ignore if the TLS dissector is disabled. */ | ||||
6015 | if (!tls_handle) | ||||
6016 | return 0; | ||||
6017 | /* The caller should always pass a valid handle to its own dissector. */ | ||||
6018 | DISSECTOR_ASSERT(app_handle)((void) ((app_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6018, "app_handle")))); | ||||
6019 | |||||
6020 | conversation = find_or_create_conversation(pinfo); | ||||
6021 | session = &ssl_get_session(conversation, tls_handle)->session; | ||||
6022 | |||||
6023 | ssl_debug_printf("%s: old frame %d, app_handle=%p (%s)\n", G_STRFUNC((const char*) (__func__)), | ||||
6024 | session->last_nontls_frame, | ||||
6025 | (void *)session->app_handle, | ||||
6026 | dissector_handle_get_dissector_name(session->app_handle)); | ||||
6027 | ssl_debug_printf("%s: current frame %d, app_handle=%p (%s)\n", G_STRFUNC((const char*) (__func__)), | ||||
6028 | pinfo->num, (void *)app_handle, | ||||
6029 | dissector_handle_get_dissector_name(app_handle)); | ||||
6030 | |||||
6031 | /* Do not switch again if a dissector did it before. */ | ||||
6032 | if (session->last_nontls_frame) { | ||||
6033 | ssl_debug_printf("%s: not overriding previous app handle!\n", G_STRFUNC((const char*) (__func__))); | ||||
6034 | return session->last_nontls_frame; | ||||
6035 | } | ||||
6036 | |||||
6037 | session->app_handle = app_handle; | ||||
6038 | /* The TLS dissector should be called first for this conversation. */ | ||||
6039 | conversation_set_dissector(conversation, tls_handle); | ||||
6040 | /* TLS starts after this frame. */ | ||||
6041 | session->last_nontls_frame = last_nontls_frame; | ||||
6042 | return 0; | ||||
6043 | } | ||||
6044 | |||||
6045 | /* ssl_starttls_ack: mark future frames as encrypted. */ | ||||
6046 | uint32_t | ||||
6047 | ssl_starttls_ack(dissector_handle_t tls_handle, packet_info *pinfo, | ||||
6048 | dissector_handle_t app_handle) | ||||
6049 | { | ||||
6050 | return ssl_starttls(tls_handle, pinfo, app_handle, pinfo->num); | ||||
6051 | } | ||||
6052 | |||||
6053 | uint32_t | ||||
6054 | ssl_starttls_post_ack(dissector_handle_t tls_handle, packet_info *pinfo, | ||||
6055 | dissector_handle_t app_handle) | ||||
6056 | { | ||||
6057 | return ssl_starttls(tls_handle, pinfo, app_handle, pinfo->num - 1); | ||||
6058 | } | ||||
6059 | |||||
6060 | dissector_handle_t | ||||
6061 | ssl_find_appdata_dissector(const char *name) | ||||
6062 | { | ||||
6063 | /* Accept 'http' for backwards compatibility and sanity. */ | ||||
6064 | if (!strcmp(name, "http")) | ||||
6065 | name = "http-over-tls"; | ||||
6066 | /* XXX - Should this check to see if the dissector is actually added for | ||||
6067 | * Decode As in the appropriate table? | ||||
6068 | */ | ||||
6069 | return find_dissector(name); | ||||
6070 | } | ||||
6071 | |||||
6072 | /* Functions for TLS/DTLS sessions and RSA private keys hashtables. {{{ */ | ||||
6073 | static int | ||||
6074 | ssl_equal (const void *v, const void *v2) | ||||
6075 | { | ||||
6076 | const StringInfo *val1; | ||||
6077 | const StringInfo *val2; | ||||
6078 | val1 = (const StringInfo *)v; | ||||
6079 | val2 = (const StringInfo *)v2; | ||||
6080 | |||||
6081 | if (val1->data_len == val2->data_len && | ||||
6082 | !memcmp(val1->data, val2->data, val2->data_len)) { | ||||
6083 | return 1; | ||||
6084 | } | ||||
6085 | return 0; | ||||
6086 | } | ||||
6087 | |||||
6088 | static unsigned | ||||
6089 | ssl_hash (const void *v) | ||||
6090 | { | ||||
6091 | unsigned l,hash; | ||||
6092 | const StringInfo* id; | ||||
6093 | const unsigned* cur; | ||||
6094 | hash = 0; | ||||
6095 | id = (const StringInfo*) v; | ||||
6096 | |||||
6097 | /* id and id->data are mallocated in ssl_save_master_key(). As such 'data' | ||||
6098 | * should be aligned for any kind of access (for example as a unsigned as | ||||
6099 | * is done below). The intermediate void* cast is to prevent "cast | ||||
6100 | * increases required alignment of target type" warnings on CPUs (such | ||||
6101 | * as SPARCs) that do not allow misaligned memory accesses. | ||||
6102 | */ | ||||
6103 | cur = (const unsigned*)(void*) id->data; | ||||
6104 | |||||
6105 | for (l=4; (l < id->data_len); l+=4, cur++) | ||||
6106 | hash = hash ^ (*cur); | ||||
6107 | |||||
6108 | return hash; | ||||
6109 | } | ||||
6110 | /* Functions for TLS/DTLS sessions and RSA private keys hashtables. }}} */ | ||||
6111 | |||||
6112 | /* Handling of association between tls/dtls ports and clear text protocol. {{{ */ | ||||
6113 | void | ||||
6114 | ssl_association_add(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, unsigned port, bool_Bool tcp) | ||||
6115 | { | ||||
6116 | DISSECTOR_ASSERT(main_handle)((void) ((main_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6116, "main_handle")))); | ||||
6117 | DISSECTOR_ASSERT(subdissector_handle)((void) ((subdissector_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6117, "subdissector_handle")))); | ||||
6118 | /* Registration is required for Export PDU feature to work properly. */ | ||||
6119 | DISSECTOR_ASSERT_HINT(dissector_handle_get_dissector_name(subdissector_handle),((void) ((dissector_handle_get_dissector_name(subdissector_handle )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\" (%s)" , "epan/dissectors/packet-tls-utils.c", 6120, "dissector_handle_get_dissector_name(subdissector_handle)" , "SSL appdata dissectors must register with register_dissector()!" )))) | ||||
6120 | "SSL appdata dissectors must register with register_dissector()!")((void) ((dissector_handle_get_dissector_name(subdissector_handle )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\" (%s)" , "epan/dissectors/packet-tls-utils.c", 6120, "dissector_handle_get_dissector_name(subdissector_handle)" , "SSL appdata dissectors must register with register_dissector()!" )))); | ||||
6121 | ssl_debug_printf("association_add %s port %d handle %p\n", dissector_table_name, port, (void *)subdissector_handle); | ||||
6122 | |||||
6123 | if (port) { | ||||
6124 | dissector_add_uint(dissector_table_name, port, subdissector_handle); | ||||
6125 | if (tcp) | ||||
6126 | dissector_add_uint("tcp.port", port, main_handle); | ||||
6127 | else | ||||
6128 | dissector_add_uint("udp.port", port, main_handle); | ||||
6129 | dissector_add_uint("sctp.port", port, main_handle); | ||||
6130 | } else { | ||||
6131 | dissector_add_for_decode_as(dissector_table_name, subdissector_handle); | ||||
6132 | } | ||||
6133 | } | ||||
6134 | |||||
6135 | void | ||||
6136 | ssl_association_remove(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, unsigned port, bool_Bool tcp) | ||||
6137 | { | ||||
6138 | ssl_debug_printf("ssl_association_remove removing %s %u - handle %p\n", | ||||
6139 | tcp?"TCP":"UDP", port, (void *)subdissector_handle); | ||||
6140 | if (main_handle) { | ||||
6141 | dissector_delete_uint(tcp?"tcp.port":"udp.port", port, main_handle); | ||||
6142 | dissector_delete_uint("sctp.port", port, main_handle); | ||||
6143 | } | ||||
6144 | |||||
6145 | if (port) { | ||||
6146 | dissector_delete_uint(dissector_table_name, port, subdissector_handle); | ||||
6147 | } | ||||
6148 | } | ||||
6149 | |||||
6150 | void | ||||
6151 | ssl_set_server(SslSession *session, address *addr, port_type ptype, uint32_t port) | ||||
6152 | { | ||||
6153 | copy_address_wmem(wmem_file_scope(), &session->srv_addr, addr); | ||||
6154 | session->srv_ptype = ptype; | ||||
6155 | session->srv_port = port; | ||||
6156 | } | ||||
6157 | |||||
6158 | int | ||||
6159 | ssl_packet_from_server(SslSession *session, dissector_table_t table, const packet_info *pinfo) | ||||
6160 | { | ||||
6161 | int ret; | ||||
6162 | if (session && session->srv_addr.type != AT_NONE) { | ||||
6163 | ret = (session->srv_ptype == pinfo->ptype) && | ||||
6164 | (session->srv_port == pinfo->srcport) && | ||||
6165 | addresses_equal(&session->srv_addr, &pinfo->src); | ||||
6166 | } else { | ||||
6167 | ret = (dissector_get_uint_handle(table, pinfo->srcport) != 0); | ||||
6168 | } | ||||
6169 | |||||
6170 | ssl_debug_printf("packet_from_server: is from server - %s\n", (ret)?"TRUE":"FALSE"); | ||||
6171 | return ret; | ||||
6172 | } | ||||
6173 | /* Handling of association between tls/dtls ports and clear text protocol. }}} */ | ||||
6174 | |||||
6175 | |||||
6176 | /* Links SSL records with the real packet data. {{{ */ | ||||
6177 | SslPacketInfo * | ||||
6178 | tls_add_packet_info(int proto, packet_info *pinfo, uint8_t curr_layer_num_ssl) | ||||
6179 | { | ||||
6180 | SslPacketInfo *pi = (SslPacketInfo *)p_get_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl); | ||||
6181 | if (!pi) { | ||||
6182 | pi = wmem_new0(wmem_file_scope(), SslPacketInfo)((SslPacketInfo*)wmem_alloc0((wmem_file_scope()), sizeof(SslPacketInfo ))); | ||||
6183 | pi->srcport = pinfo->srcport; | ||||
6184 | pi->destport = pinfo->destport; | ||||
6185 | p_add_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl, pi); | ||||
6186 | } | ||||
6187 | |||||
6188 | return pi; | ||||
6189 | } | ||||
6190 | |||||
6191 | /** | ||||
6192 | * Remembers the decrypted TLS record fragment (TLSInnerPlaintext in TLS 1.3) to | ||||
6193 | * avoid the need for a decoder in the second pass. Additionally, it remembers | ||||
6194 | * sequence numbers (for reassembly and Follow TLS Stream). | ||||
6195 | * | ||||
6196 | * @param proto The protocol identifier (proto_ssl or proto_dtls). | ||||
6197 | * @param pinfo The packet where the record originates from. | ||||
6198 | * @param data Decrypted data to store in the record. | ||||
6199 | * @param data_len Length of decrypted record data. | ||||
6200 | * @param record_id The identifier for this record within the current packet. | ||||
6201 | * @param flow Information about sequence numbers, etc. | ||||
6202 | * @param type TLS Content Type (such as handshake or application_data). | ||||
6203 | * @param curr_layer_num_ssl The layer identifier for this TLS session. | ||||
6204 | */ | ||||
6205 | void | ||||
6206 | ssl_add_record_info(int proto, packet_info *pinfo, const unsigned char *data, int data_len, int record_id, SslFlow *flow, ContentType type, uint8_t curr_layer_num_ssl) | ||||
6207 | { | ||||
6208 | SslRecordInfo* rec, **prec; | ||||
6209 | SslPacketInfo *pi = tls_add_packet_info(proto, pinfo, curr_layer_num_ssl); | ||||
6210 | |||||
6211 | rec = wmem_new(wmem_file_scope(), SslRecordInfo)((SslRecordInfo*)wmem_alloc((wmem_file_scope()), sizeof(SslRecordInfo ))); | ||||
6212 | rec->plain_data = (unsigned char *)wmem_memdup(wmem_file_scope(), data, data_len); | ||||
6213 | rec->data_len = data_len; | ||||
6214 | rec->id = record_id; | ||||
6215 | rec->type = type; | ||||
6216 | rec->next = NULL((void*)0); | ||||
6217 | |||||
6218 | if (flow && type == SSL_ID_APP_DATA) { | ||||
6219 | rec->seq = flow->byte_seq; | ||||
6220 | rec->flow = flow; | ||||
6221 | flow->byte_seq += data_len; | ||||
6222 | ssl_debug_printf("%s stored decrypted record seq=%d nxtseq=%d flow=%p\n", | ||||
6223 | G_STRFUNC((const char*) (__func__)), rec->seq, rec->seq + data_len, (void*)flow); | ||||
6224 | } | ||||
6225 | |||||
6226 | /* Remember decrypted records. */ | ||||
6227 | prec = &pi->records; | ||||
6228 | while (*prec) prec = &(*prec)->next; | ||||
6229 | *prec = rec; | ||||
6230 | } | ||||
6231 | |||||
6232 | /* search in packet data for the specified id; return a newly created tvb for the associated data */ | ||||
6233 | tvbuff_t* | ||||
6234 | ssl_get_record_info(tvbuff_t *parent_tvb, int proto, packet_info *pinfo, int record_id, uint8_t curr_layer_num_ssl, SslRecordInfo **matched_record) | ||||
6235 | { | ||||
6236 | SslRecordInfo* rec; | ||||
6237 | SslPacketInfo* pi; | ||||
6238 | pi = (SslPacketInfo *)p_get_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl); | ||||
6239 | |||||
6240 | if (!pi) | ||||
6241 | return NULL((void*)0); | ||||
6242 | |||||
6243 | for (rec = pi->records; rec; rec = rec->next) | ||||
6244 | if (rec->id == record_id) { | ||||
6245 | *matched_record = rec; | ||||
6246 | /* link new real_data_tvb with a parent tvb so it is freed when frame dissection is complete */ | ||||
6247 | return tvb_new_child_real_data(parent_tvb, rec->plain_data, rec->data_len, rec->data_len); | ||||
6248 | } | ||||
6249 | |||||
6250 | return NULL((void*)0); | ||||
6251 | } | ||||
6252 | /* Links SSL records with the real packet data. }}} */ | ||||
6253 | |||||
6254 | /* initialize/reset per capture state data (ssl sessions cache). {{{ */ | ||||
6255 | void | ||||
6256 | ssl_common_init(ssl_master_key_map_t *mk_map, | ||||
6257 | StringInfo *decrypted_data, StringInfo *compressed_data) | ||||
6258 | { | ||||
6259 | mk_map->session = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6260 | mk_map->tickets = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6261 | mk_map->crandom = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6262 | mk_map->pre_master = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6263 | mk_map->pms = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6264 | mk_map->tls13_client_early = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6265 | mk_map->tls13_client_handshake = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6266 | mk_map->tls13_server_handshake = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6267 | mk_map->tls13_client_appdata = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6268 | mk_map->tls13_server_appdata = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6269 | mk_map->tls13_early_exporter = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6270 | mk_map->tls13_exporter = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6271 | |||||
6272 | mk_map->ech_secret = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6273 | mk_map->ech_config = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6274 | |||||
6275 | mk_map->used_crandom = g_hash_table_new(ssl_hash, ssl_equal); | ||||
6276 | |||||
6277 | ssl_data_alloc(decrypted_data, 32); | ||||
6278 | ssl_data_alloc(compressed_data, 32); | ||||
6279 | } | ||||
6280 | |||||
6281 | void | ||||
6282 | ssl_common_cleanup(ssl_master_key_map_t *mk_map, FILE **ssl_keylog_file, | ||||
6283 | StringInfo *decrypted_data, StringInfo *compressed_data) | ||||
6284 | { | ||||
6285 | g_hash_table_destroy(mk_map->session); | ||||
6286 | g_hash_table_destroy(mk_map->tickets); | ||||
6287 | g_hash_table_destroy(mk_map->crandom); | ||||
6288 | g_hash_table_destroy(mk_map->pre_master); | ||||
6289 | g_hash_table_destroy(mk_map->pms); | ||||
6290 | g_hash_table_destroy(mk_map->tls13_client_early); | ||||
6291 | g_hash_table_destroy(mk_map->tls13_client_handshake); | ||||
6292 | g_hash_table_destroy(mk_map->tls13_server_handshake); | ||||
6293 | g_hash_table_destroy(mk_map->tls13_client_appdata); | ||||
6294 | g_hash_table_destroy(mk_map->tls13_server_appdata); | ||||
6295 | g_hash_table_destroy(mk_map->tls13_early_exporter); | ||||
6296 | g_hash_table_destroy(mk_map->tls13_exporter); | ||||
6297 | |||||
6298 | g_hash_table_destroy(mk_map->ech_secret); | ||||
6299 | g_hash_table_destroy(mk_map->ech_config); | ||||
6300 | |||||
6301 | g_hash_table_destroy(mk_map->used_crandom); | ||||
6302 | |||||
6303 | g_free(decrypted_data->data); | ||||
6304 | g_free(compressed_data->data); | ||||
6305 | |||||
6306 | /* close the previous keylog file now that the cache are cleared, this | ||||
6307 | * allows the cache to be filled with the full keylog file contents. */ | ||||
6308 | if (*ssl_keylog_file) { | ||||
6309 | fclose(*ssl_keylog_file); | ||||
6310 | *ssl_keylog_file = NULL((void*)0); | ||||
6311 | } | ||||
6312 | } | ||||
6313 | /* }}} */ | ||||
6314 | |||||
6315 | /* parse ssl related preferences (private keys and ports association strings) */ | ||||
6316 | #if defined(HAVE_LIBGNUTLS1) | ||||
6317 | /* Load a single RSA key file item from preferences. {{{ */ | ||||
6318 | void | ||||
6319 | ssl_parse_key_list(const ssldecrypt_assoc_t *uats, GHashTable *key_hash, const char* dissector_table_name, dissector_handle_t main_handle, bool_Bool tcp) | ||||
6320 | { | ||||
6321 | gnutls_x509_privkey_t x509_priv_key; | ||||
6322 | gnutls_privkey_t priv_key = NULL((void*)0); | ||||
6323 | FILE* fp = NULL((void*)0); | ||||
6324 | int ret; | ||||
6325 | size_t key_id_len = 20; | ||||
6326 | unsigned char *key_id = NULL((void*)0); | ||||
6327 | char *err = NULL((void*)0); | ||||
6328 | dissector_handle_t handle; | ||||
6329 | /* try to load keys file first */ | ||||
6330 | fp = ws_fopenfopen(uats->keyfile, "rb"); | ||||
6331 | if (!fp) { | ||||
6332 | report_open_failure(uats->keyfile, errno(*__errno_location ()), false0); | ||||
6333 | return; | ||||
6334 | } | ||||
6335 | |||||
6336 | if ((int)strlen(uats->password) == 0) { | ||||
6337 | x509_priv_key = rsa_load_pem_key(fp, &err); | ||||
6338 | } else { | ||||
6339 | x509_priv_key = rsa_load_pkcs12(fp, uats->password, &err); | ||||
6340 | } | ||||
6341 | fclose(fp); | ||||
6342 | |||||
6343 | if (!x509_priv_key) { | ||||
6344 | if (err) { | ||||
6345 | report_failure("Can't load private key from %s: %s", | ||||
6346 | uats->keyfile, err); | ||||
6347 | g_free(err); | ||||
6348 | } else | ||||
6349 | report_failure("Can't load private key from %s: unknown error", | ||||
6350 | uats->keyfile); | ||||
6351 | return; | ||||
6352 | } | ||||
6353 | if (err) { | ||||
6354 | report_failure("Load of private key from %s \"succeeded\" with error %s", | ||||
6355 | uats->keyfile, err); | ||||
6356 | g_free(err); | ||||
6357 | } | ||||
6358 | |||||
6359 | gnutls_privkey_init(&priv_key); | ||||
6360 | ret = gnutls_privkey_import_x509(priv_key, x509_priv_key, | ||||
6361 | GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE|GNUTLS_PRIVKEY_IMPORT_COPY); | ||||
6362 | if (ret < 0) { | ||||
6363 | report_failure("Can't convert private key %s: %s", | ||||
6364 | uats->keyfile, gnutls_strerror(ret)); | ||||
6365 | goto end; | ||||
6366 | } | ||||
6367 | |||||
6368 | key_id = (unsigned char *) g_malloc0(key_id_len); | ||||
6369 | ret = gnutls_x509_privkey_get_key_id(x509_priv_key, 0, key_id, &key_id_len); | ||||
6370 | if (ret < 0) { | ||||
6371 | report_failure("Can't calculate public key ID for %s: %s", | ||||
6372 | uats->keyfile, gnutls_strerror(ret)); | ||||
6373 | goto end; | ||||
6374 | } | ||||
6375 | ssl_print_data("KeyID", key_id, key_id_len); | ||||
6376 | if (key_id_len != 20) { | ||||
6377 | report_failure("Expected Key ID size %u for %s, got %zu", 20, | ||||
6378 | uats->keyfile, key_id_len); | ||||
6379 | goto end; | ||||
6380 | } | ||||
6381 | |||||
6382 | g_hash_table_replace(key_hash, key_id, priv_key); | ||||
6383 | key_id = NULL((void*)0); /* used in key_hash, do not free. */ | ||||
6384 | priv_key = NULL((void*)0); | ||||
6385 | ssl_debug_printf("ssl_init private key file %s successfully loaded.\n", uats->keyfile); | ||||
6386 | |||||
6387 | handle = ssl_find_appdata_dissector(uats->protocol); | ||||
6388 | if (handle) { | ||||
6389 | /* Port to subprotocol mapping */ | ||||
6390 | uint16_t port = 0; | ||||
6391 | if (ws_strtou16(uats->port, NULL((void*)0), &port)) { | ||||
6392 | if (port > 0) { | ||||
6393 | ssl_debug_printf("ssl_init port '%d' filename '%s' password(only for p12 file) '%s'\n", | ||||
6394 | port, uats->keyfile, uats->password); | ||||
6395 | |||||
6396 | ssl_association_add(dissector_table_name, main_handle, handle, port, tcp); | ||||
6397 | } | ||||
6398 | } else { | ||||
6399 | if (strcmp(uats->port, "start_tls")) | ||||
6400 | ssl_debug_printf("invalid ssl_init_port: %s\n", uats->port); | ||||
6401 | } | ||||
6402 | } | ||||
6403 | |||||
6404 | end: | ||||
6405 | gnutls_x509_privkey_deinit(x509_priv_key); | ||||
6406 | gnutls_privkey_deinit(priv_key); | ||||
6407 | g_free(key_id); | ||||
6408 | } | ||||
6409 | /* }}} */ | ||||
6410 | #endif | ||||
6411 | |||||
6412 | |||||
6413 | /* Store/load a known (pre-)master secret from/for this SSL session. {{{ */ | ||||
6414 | /** store a known (pre-)master secret into cache */ | ||||
6415 | static void | ||||
6416 | ssl_save_master_key(const char *label, GHashTable *ht, StringInfo *key, | ||||
6417 | StringInfo *mk) | ||||
6418 | { | ||||
6419 | StringInfo *ht_key, *master_secret; | ||||
6420 | |||||
6421 | if (key->data_len == 0) { | ||||
6422 | ssl_debug_printf("%s: not saving empty %s!\n", G_STRFUNC((const char*) (__func__)), label); | ||||
6423 | return; | ||||
6424 | } | ||||
6425 | |||||
6426 | if (mk->data_len == 0) { | ||||
6427 | ssl_debug_printf("%s not saving empty (pre-)master secret for %s!\n", | ||||
6428 | G_STRFUNC((const char*) (__func__)), label); | ||||
6429 | return; | ||||
6430 | } | ||||
6431 | |||||
6432 | /* ssl_hash() depends on session_ticket->data being aligned for unsigned access | ||||
6433 | * so be careful in changing how it is allocated. */ | ||||
6434 | ht_key = ssl_data_clone(key); | ||||
6435 | master_secret = ssl_data_clone(mk); | ||||
6436 | g_hash_table_insert(ht, ht_key, master_secret); | ||||
6437 | |||||
6438 | ssl_debug_printf("%s inserted (pre-)master secret for %s\n", G_STRFUNC((const char*) (__func__)), label); | ||||
6439 | ssl_print_string("stored key", ht_key); | ||||
6440 | ssl_print_string("stored (pre-)master secret", master_secret); | ||||
6441 | } | ||||
6442 | |||||
6443 | /** restore a (pre-)master secret given some key in the cache */ | ||||
6444 | static bool_Bool | ||||
6445 | ssl_restore_master_key(SslDecryptSession *ssl, const char *label, | ||||
6446 | bool_Bool is_pre_master, GHashTable *ht, StringInfo *key) | ||||
6447 | { | ||||
6448 | StringInfo *ms; | ||||
6449 | |||||
6450 | if (key->data_len == 0) { | ||||
6451 | ssl_debug_printf("%s can't restore %smaster secret using an empty %s\n", | ||||
6452 | G_STRFUNC((const char*) (__func__)), is_pre_master ? "pre-" : "", label); | ||||
6453 | return false0; | ||||
6454 | } | ||||
6455 | |||||
6456 | ms = (StringInfo *)g_hash_table_lookup(ht, key); | ||||
6457 | if (!ms) { | ||||
6458 | ssl_debug_printf("%s can't find %smaster secret by %s\n", G_STRFUNC((const char*) (__func__)), | ||||
6459 | is_pre_master ? "pre-" : "", label); | ||||
6460 | return false0; | ||||
6461 | } | ||||
6462 | |||||
6463 | /* (pre)master secret found, clear knowledge of other keys and set it in the | ||||
6464 | * current conversation */ | ||||
6465 | ssl->state &= ~(SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6) | | ||||
6466 | SSL_HAVE_SESSION_KEY(1<<3)); | ||||
6467 | if (is_pre_master) { | ||||
6468 | /* unlike master secret, pre-master secret has a variable size (48 for | ||||
6469 | * RSA, varying for PSK) and is therefore not statically allocated */ | ||||
6470 | ssl->pre_master_secret.data = (unsigned char *) wmem_alloc(wmem_file_scope(), | ||||
6471 | ms->data_len); | ||||
6472 | ssl_data_set(&ssl->pre_master_secret, ms->data, ms->data_len); | ||||
6473 | ssl->state |= SSL_PRE_MASTER_SECRET(1<<6); | ||||
6474 | } else { | ||||
6475 | ssl_data_set(&ssl->master_secret, ms->data, ms->data_len); | ||||
6476 | ssl->state |= SSL_MASTER_SECRET(1<<5); | ||||
6477 | } | ||||
6478 | ssl_debug_printf("%s %smaster secret retrieved using %s\n", G_STRFUNC((const char*) (__func__)), | ||||
6479 | is_pre_master ? "pre-" : "", label); | ||||
6480 | ssl_print_string(label, key); | ||||
6481 | ssl_print_string("(pre-)master secret", ms); | ||||
6482 | return true1; | ||||
6483 | } | ||||
6484 | /* Store/load a known (pre-)master secret from/for this SSL session. }}} */ | ||||
6485 | |||||
6486 | /* Should be called when all parameters are ready (after ChangeCipherSpec), and | ||||
6487 | * the decoder should be attempted to be initialized. {{{*/ | ||||
6488 | void | ||||
6489 | ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map) | ||||
6490 | { | ||||
6491 | if (ssl->session.version == TLSV1DOT3_VERSION0x304) { | ||||
6492 | /* TLS 1.3 implementations only provide secrets derived from the master | ||||
6493 | * secret which are loaded in tls13_change_key. No master secrets can be | ||||
6494 | * loaded here, so just return. */ | ||||
6495 | return; | ||||
6496 | } | ||||
6497 | ssl_debug_printf("%s state = 0x%02X\n", G_STRFUNC((const char*) (__func__)), ssl->state); | ||||
6498 | if (ssl->state & SSL_HAVE_SESSION_KEY(1<<3)) { | ||||
6499 | ssl_debug_printf(" session key already available, nothing to do.\n"); | ||||
6500 | return; | ||||
6501 | } | ||||
6502 | if (!(ssl->state & SSL_CIPHER(1<<2))) { | ||||
6503 | ssl_debug_printf(" Cipher suite (Server Hello) is missing!\n"); | ||||
6504 | return; | ||||
6505 | } | ||||
6506 | |||||
6507 | /* for decryption, there needs to be a master secret (which can be derived | ||||
6508 | * from pre-master secret). If missing, try to pick a master key from cache | ||||
6509 | * (an earlier packet in the capture or key logfile). */ | ||||
6510 | if (!(ssl->state & (SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6))) && | ||||
6511 | !ssl_restore_master_key(ssl, "Session ID", false0, | ||||
6512 | mk_map->session, &ssl->session_id) && | ||||
6513 | (!ssl->session.is_session_resumed || | ||||
6514 | !ssl_restore_master_key(ssl, "Session Ticket", false0, | ||||
6515 | mk_map->tickets, &ssl->session_ticket)) && | ||||
6516 | !ssl_restore_master_key(ssl, "Client Random", false0, | ||||
6517 | mk_map->crandom, &ssl->client_random)) { | ||||
6518 | if (ssl->cipher_suite->enc != ENC_NULL0x3D) { | ||||
6519 | /* how unfortunate, the master secret could not be found */ | ||||
6520 | ssl_debug_printf(" Cannot find master secret\n"); | ||||
6521 | return; | ||||
6522 | } else { | ||||
6523 | ssl_debug_printf(" Cannot find master secret, continuing anyway " | ||||
6524 | "because of a NULL cipher\n"); | ||||
6525 | } | ||||
6526 | } | ||||
6527 | |||||
6528 | if (ssl_generate_keyring_material(ssl) < 0) { | ||||
6529 | ssl_debug_printf("%s can't generate keyring material\n", G_STRFUNC((const char*) (__func__))); | ||||
6530 | return; | ||||
6531 | } | ||||
6532 | /* Save Client Random/ Session ID for "SSL Export Session keys" */ | ||||
6533 | ssl_save_master_key("Client Random", mk_map->crandom, | ||||
6534 | &ssl->client_random, &ssl->master_secret); | ||||
6535 | ssl_save_master_key("Session ID", mk_map->session, | ||||
6536 | &ssl->session_id, &ssl->master_secret); | ||||
6537 | /* Only save the new secrets if the server sent the ticket. The client | ||||
6538 | * ticket might have become stale. */ | ||||
6539 | if (ssl->state & SSL_NEW_SESSION_TICKET(1<<10)) { | ||||
6540 | ssl_save_master_key("Session Ticket", mk_map->tickets, | ||||
6541 | &ssl->session_ticket, &ssl->master_secret); | ||||
6542 | } | ||||
6543 | } /* }}} */ | ||||
6544 | |||||
6545 | /* Load the traffic key secret from the keylog file. */ | ||||
6546 | StringInfo * | ||||
6547 | tls13_load_secret(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, | ||||
6548 | bool_Bool is_from_server, TLSRecordType type) | ||||
6549 | { | ||||
6550 | GHashTable *key_map; | ||||
6551 | const char *label; | ||||
6552 | |||||
6553 | if (ssl->session.version != TLSV1DOT3_VERSION0x304 && ssl->session.version != DTLSV1DOT3_VERSION0xfefc) { | ||||
6554 | ssl_debug_printf("%s TLS version %#x is not 1.3\n", G_STRFUNC((const char*) (__func__)), ssl->session.version); | ||||
6555 | return NULL((void*)0); | ||||
6556 | } | ||||
6557 | |||||
6558 | if (ssl->client_random.data_len == 0) { | ||||
6559 | /* May happen if Hello message is missing and Finished is found. */ | ||||
6560 | ssl_debug_printf("%s missing Client Random\n", G_STRFUNC((const char*) (__func__))); | ||||
6561 | return NULL((void*)0); | ||||
6562 | } | ||||
6563 | |||||
6564 | switch (type) { | ||||
6565 | case TLS_SECRET_0RTT_APP: | ||||
6566 | DISSECTOR_ASSERT(!is_from_server)((void) ((!is_from_server) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6566, "!is_from_server")))); | ||||
6567 | label = "CLIENT_EARLY_TRAFFIC_SECRET"; | ||||
6568 | key_map = mk_map->tls13_client_early; | ||||
6569 | break; | ||||
6570 | case TLS_SECRET_HANDSHAKE: | ||||
6571 | if (is_from_server) { | ||||
6572 | label = "SERVER_HANDSHAKE_TRAFFIC_SECRET"; | ||||
6573 | key_map = mk_map->tls13_server_handshake; | ||||
6574 | } else { | ||||
6575 | label = "CLIENT_HANDSHAKE_TRAFFIC_SECRET"; | ||||
6576 | key_map = mk_map->tls13_client_handshake; | ||||
6577 | } | ||||
6578 | break; | ||||
6579 | case TLS_SECRET_APP: | ||||
6580 | if (is_from_server) { | ||||
6581 | label = "SERVER_TRAFFIC_SECRET_0"; | ||||
6582 | key_map = mk_map->tls13_server_appdata; | ||||
6583 | } else { | ||||
6584 | label = "CLIENT_TRAFFIC_SECRET_0"; | ||||
6585 | key_map = mk_map->tls13_client_appdata; | ||||
6586 | } | ||||
6587 | break; | ||||
6588 | default: | ||||
6589 | ws_assert_not_reached()ws_log_fatal_full("", LOG_LEVEL_ERROR, "epan/dissectors/packet-tls-utils.c" , 6589, __func__, "assertion \"not reached\" failed"); | ||||
6590 | } | ||||
6591 | |||||
6592 | /* Transitioning to new keys, mark old ones as unusable. */ | ||||
6593 | ssl_debug_printf("%s transitioning to new key, old state 0x%02x\n", G_STRFUNC((const char*) (__func__)), ssl->state); | ||||
6594 | ssl->state &= ~(SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6) | SSL_HAVE_SESSION_KEY(1<<3)); | ||||
6595 | |||||
6596 | StringInfo *secret = (StringInfo *)g_hash_table_lookup(key_map, &ssl->client_random); | ||||
6597 | if (!secret) { | ||||
6598 | ssl_debug_printf("%s Cannot find %s, decryption impossible\n", G_STRFUNC((const char*) (__func__)), label); | ||||
6599 | /* Disable decryption, the keys are invalid. */ | ||||
6600 | if (is_from_server) { | ||||
6601 | ssl->server = NULL((void*)0); | ||||
6602 | } else { | ||||
6603 | ssl->client = NULL((void*)0); | ||||
6604 | } | ||||
6605 | return NULL((void*)0); | ||||
6606 | } | ||||
6607 | |||||
6608 | /* TLS 1.3 secret found, set new keys. */ | ||||
6609 | ssl_debug_printf("%s Retrieved TLS 1.3 traffic secret.\n", G_STRFUNC((const char*) (__func__))); | ||||
6610 | ssl_print_string("Client Random", &ssl->client_random); | ||||
6611 | ssl_print_string(label, secret); | ||||
6612 | return secret; | ||||
6613 | } | ||||
6614 | |||||
6615 | /* Load the new key. */ | ||||
6616 | void | ||||
6617 | tls13_change_key(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, | ||||
6618 | bool_Bool is_from_server, TLSRecordType type) | ||||
6619 | { | ||||
6620 | if (ssl->state & SSL_QUIC_RECORD_LAYER(1<<13)) { | ||||
6621 | /* | ||||
6622 | * QUIC does not use the TLS record layer for message protection. | ||||
6623 | * The required keys will be extracted later by QUIC. | ||||
6624 | */ | ||||
6625 | return; | ||||
6626 | } | ||||
6627 | |||||
6628 | StringInfo *secret = tls13_load_secret(ssl, mk_map, is_from_server, type); | ||||
6629 | if (!secret) { | ||||
6630 | return; | ||||
6631 | } | ||||
6632 | |||||
6633 | if (tls13_generate_keys(ssl, secret, is_from_server)) { | ||||
6634 | /* | ||||
6635 | * Remember the application traffic secret to support Key Update. The | ||||
6636 | * other secrets cannot be used for this purpose, so free them. | ||||
6637 | */ | ||||
6638 | SslDecoder *decoder = is_from_server ? ssl->server : ssl->client; | ||||
6639 | StringInfo *app_secret = &decoder->app_traffic_secret; | ||||
6640 | if (type == TLS_SECRET_APP) { | ||||
6641 | app_secret->data = (unsigned char *) wmem_realloc(wmem_file_scope(), | ||||
6642 | app_secret->data, | ||||
6643 | secret->data_len); | ||||
6644 | ssl_data_set(app_secret, secret->data, secret->data_len); | ||||
6645 | } else { | ||||
6646 | wmem_free(wmem_file_scope(), app_secret->data); | ||||
6647 | app_secret->data = NULL((void*)0); | ||||
6648 | app_secret->data_len = 0; | ||||
6649 | } | ||||
6650 | } | ||||
6651 | } | ||||
6652 | |||||
6653 | /** | ||||
6654 | * Update to next application data traffic secret for TLS 1.3. The previous | ||||
6655 | * secret should have been set by tls13_change_key. | ||||
6656 | */ | ||||
6657 | void | ||||
6658 | tls13_key_update(SslDecryptSession *ssl, bool_Bool is_from_server) | ||||
6659 | { | ||||
6660 | /* RFC 8446 Section 7.2: | ||||
6661 | * application_traffic_secret_N+1 = | ||||
6662 | * HKDF-Expand-Label(application_traffic_secret_N, | ||||
6663 | * "traffic upd", "", Hash.length) | ||||
6664 | * | ||||
6665 | * Both application_traffic_secret_N are of the same length (Hash.length). | ||||
6666 | */ | ||||
6667 | const SslCipherSuite *cipher_suite = ssl->cipher_suite; | ||||
6668 | SslDecoder *decoder = is_from_server ? ssl->server : ssl->client; | ||||
6669 | StringInfo *app_secret = decoder ? &decoder->app_traffic_secret : NULL((void*)0); | ||||
6670 | uint8_t tls13_draft_version = ssl->session.tls13_draft_version; | ||||
6671 | |||||
6672 | if (!cipher_suite || !app_secret || app_secret->data_len == 0) { | ||||
6673 | ssl_debug_printf("%s Cannot perform Key Update due to missing info\n", G_STRFUNC((const char*) (__func__))); | ||||
6674 | return; | ||||
6675 | } | ||||
6676 | |||||
6677 | /* | ||||
6678 | * Previous traffic secret is available, so find the hash function, | ||||
6679 | * expand the new traffic secret and generate new keys. | ||||
6680 | */ | ||||
6681 | const char *hash_name = ssl_cipher_suite_dig(cipher_suite)->name; | ||||
6682 | int hash_algo = ssl_get_digest_by_name(hash_name); | ||||
6683 | const unsigned hash_len = app_secret->data_len; | ||||
6684 | unsigned char *new_secret; | ||||
6685 | const char *label = "traffic upd"; | ||||
6686 | if (tls13_draft_version && tls13_draft_version < 20) { | ||||
6687 | label = "application traffic secret"; | ||||
6688 | } | ||||
6689 | if (!tls13_hkdf_expand_label(hash_algo, app_secret, | ||||
6690 | tls13_hkdf_label_prefix(ssl), | ||||
6691 | label, hash_len, &new_secret)) { | ||||
6692 | ssl_debug_printf("%s traffic_secret_N+1 expansion failed\n", G_STRFUNC((const char*) (__func__))); | ||||
6693 | return; | ||||
6694 | } | ||||
6695 | ssl_data_set(app_secret, new_secret, hash_len); | ||||
6696 | if (tls13_generate_keys(ssl, app_secret, is_from_server)) { | ||||
6697 | /* | ||||
6698 | * Remember the application traffic secret on the new decoder to | ||||
6699 | * support another Key Update. | ||||
6700 | */ | ||||
6701 | decoder = is_from_server ? ssl->server : ssl->client; | ||||
6702 | app_secret = &decoder->app_traffic_secret; | ||||
6703 | app_secret->data = (unsigned char *) wmem_realloc(wmem_file_scope(), | ||||
6704 | app_secret->data, | ||||
6705 | hash_len); | ||||
6706 | ssl_data_set(app_secret, new_secret, hash_len); | ||||
6707 | } | ||||
6708 | wmem_free(NULL((void*)0), new_secret); | ||||
6709 | } | ||||
6710 | |||||
6711 | void | ||||
6712 | tls_save_crandom(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map) | ||||
6713 | { | ||||
6714 | if (ssl && (ssl->state & SSL_CLIENT_RANDOM(1<<0))) { | ||||
6715 | g_hash_table_add(mk_map->used_crandom, &ssl->client_random); | ||||
6716 | } | ||||
6717 | } | ||||
6718 | |||||
6719 | /** SSL keylog file handling. {{{ */ | ||||
6720 | |||||
6721 | static GRegex * | ||||
6722 | ssl_compile_keyfile_regex(void) | ||||
6723 | { | ||||
6724 | #define OCTET "(?:[[:xdigit:]]{2})" | ||||
6725 | const char *pattern = | ||||
6726 | "(?:" | ||||
6727 | /* Matches Client Hellos having this Client Random */ | ||||
6728 | "PMS_CLIENT_RANDOM (?<client_random_pms>" OCTET "{32}) " | ||||
6729 | /* Matches first part of encrypted RSA pre-master secret */ | ||||
6730 | "|RSA (?<encrypted_pmk>" OCTET "{8}) " | ||||
6731 | /* Pre-Master-Secret is given, it is 48 bytes for RSA, | ||||
6732 | but it can be of any length for DHE */ | ||||
6733 | ")(?<pms>" OCTET "+)" | ||||
6734 | "|(?:" | ||||
6735 | /* Matches Server Hellos having a Session ID */ | ||||
6736 | "RSA Session-ID:(?<session_id>" OCTET "+) Master-Key:" | ||||
6737 | /* Matches Client Hellos having this Client Random */ | ||||
6738 | "|CLIENT_RANDOM (?<client_random>" OCTET "{32}) " | ||||
6739 | /* Master-Secret is given, its length is fixed */ | ||||
6740 | ")(?<master_secret>" OCTET "{" G_STRINGIFY(SSL_MASTER_SECRET_LENGTH)"48" "})" | ||||
6741 | "|(?" | ||||
6742 | /* TLS 1.3 Client Random to Derived Secrets mapping. */ | ||||
6743 | ":CLIENT_EARLY_TRAFFIC_SECRET (?<client_early>" OCTET "{32})" | ||||
6744 | "|CLIENT_HANDSHAKE_TRAFFIC_SECRET (?<client_handshake>" OCTET "{32})" | ||||
6745 | "|SERVER_HANDSHAKE_TRAFFIC_SECRET (?<server_handshake>" OCTET "{32})" | ||||
6746 | "|CLIENT_TRAFFIC_SECRET_0 (?<client_appdata>" OCTET "{32})" | ||||
6747 | "|SERVER_TRAFFIC_SECRET_0 (?<server_appdata>" OCTET "{32})" | ||||
6748 | "|EARLY_EXPORTER_SECRET (?<early_exporter>" OCTET "{32})" | ||||
6749 | "|EXPORTER_SECRET (?<exporter>" OCTET "{32})" | ||||
6750 | /* ECH. Secret length is defined by HPKE KEM Nsecret and can vary between 32 and 64 bytes */ | ||||
6751 | /* These labels and their notation are specified in draft-ietf-tls-ech-keylogfile-01 */ | ||||
6752 | "|ECH_SECRET (?<ech_secret>" OCTET "{32,64})" | ||||
6753 | "|ECH_CONFIG (?<ech_config>" OCTET "{22,})" | ||||
6754 | ") (?<derived_secret>" OCTET "+)"; | ||||
6755 | #undef OCTET | ||||
6756 | static GRegex *regex = NULL((void*)0); | ||||
6757 | GError *gerr = NULL((void*)0); | ||||
6758 | |||||
6759 | if (!regex) { | ||||
6760 | regex = g_regex_new(pattern, | ||||
6761 | (GRegexCompileFlags)(G_REGEX_OPTIMIZE | G_REGEX_ANCHORED | G_REGEX_RAW), | ||||
6762 | G_REGEX_MATCH_ANCHORED, &gerr); | ||||
6763 | if (gerr) { | ||||
6764 | ssl_debug_printf("%s failed to compile regex: %s\n", G_STRFUNC((const char*) (__func__)), | ||||
6765 | gerr->message); | ||||
6766 | g_error_free(gerr); | ||||
6767 | regex = NULL((void*)0); | ||||
6768 | } | ||||
6769 | } | ||||
6770 | |||||
6771 | return regex; | ||||
6772 | } | ||||
6773 | |||||
6774 | typedef struct ssl_master_key_match_group { | ||||
6775 | const char *re_group_name; | ||||
6776 | GHashTable *master_key_ht; | ||||
6777 | } ssl_master_key_match_group_t; | ||||
6778 | |||||
6779 | void | ||||
6780 | tls_keylog_process_lines(const ssl_master_key_map_t *mk_map, const uint8_t *data, unsigned datalen) | ||||
6781 | { | ||||
6782 | ssl_master_key_match_group_t mk_groups[] = { | ||||
6783 | { "encrypted_pmk", mk_map->pre_master }, | ||||
6784 | { "session_id", mk_map->session }, | ||||
6785 | { "client_random", mk_map->crandom }, | ||||
6786 | { "client_random_pms", mk_map->pms }, | ||||
6787 | /* TLS 1.3 map from Client Random to derived secret. */ | ||||
6788 | { "client_early", mk_map->tls13_client_early }, | ||||
6789 | { "client_handshake", mk_map->tls13_client_handshake }, | ||||
6790 | { "server_handshake", mk_map->tls13_server_handshake }, | ||||
6791 | { "client_appdata", mk_map->tls13_client_appdata }, | ||||
6792 | { "server_appdata", mk_map->tls13_server_appdata }, | ||||
6793 | { "early_exporter", mk_map->tls13_early_exporter }, | ||||
6794 | { "exporter", mk_map->tls13_exporter }, | ||||
6795 | { "ech_secret", mk_map->ech_secret }, | ||||
6796 | { "ech_config", mk_map->ech_config }, | ||||
6797 | }; | ||||
6798 | |||||
6799 | /* The format of the file is a series of records with one of the following formats: | ||||
6800 | * - "RSA xxxx yyyy" | ||||
6801 | * Where xxxx are the first 8 bytes of the encrypted pre-master secret (hex-encoded) | ||||
6802 | * Where yyyy is the cleartext pre-master secret (hex-encoded) | ||||
6803 | * (this is the original format introduced with bug 4349) | ||||
6804 | * | ||||
6805 | * - "RSA Session-ID:xxxx Master-Key:yyyy" | ||||
6806 | * Where xxxx is the SSL session ID (hex-encoded) | ||||
6807 | * Where yyyy is the cleartext master secret (hex-encoded) | ||||
6808 | * (added to support openssl s_client Master-Key output) | ||||
6809 | * This is somewhat is a misnomer because there's nothing RSA specific | ||||
6810 | * about this. | ||||
6811 | * | ||||
6812 | * - "PMS_CLIENT_RANDOM xxxx yyyy" | ||||
6813 | * Where xxxx is the client_random from the ClientHello (hex-encoded) | ||||
6814 | * Where yyyy is the cleartext pre-master secret (hex-encoded) | ||||
6815 | * (This format allows SSL connections to be decrypted, if a user can | ||||
6816 | * capture the PMS but could not recover the MS for a specific session | ||||
6817 | * with a SSL Server.) | ||||
6818 | * | ||||
6819 | * - "CLIENT_RANDOM xxxx yyyy" | ||||
6820 | * Where xxxx is the client_random from the ClientHello (hex-encoded) | ||||
6821 | * Where yyyy is the cleartext master secret (hex-encoded) | ||||
6822 | * (This format allows non-RSA SSL connections to be decrypted, i.e. | ||||
6823 | * ECDHE-RSA.) | ||||
6824 | * | ||||
6825 | * - "CLIENT_EARLY_TRAFFIC_SECRET xxxx yyyy" | ||||
6826 | * - "CLIENT_HANDSHAKE_TRAFFIC_SECRET xxxx yyyy" | ||||
6827 | * - "SERVER_HANDSHAKE_TRAFFIC_SECRET xxxx yyyy" | ||||
6828 | * - "CLIENT_TRAFFIC_SECRET_0 xxxx yyyy" | ||||
6829 | * - "SERVER_TRAFFIC_SECRET_0 xxxx yyyy" | ||||
6830 | * - "EARLY_EXPORTER_SECRET xxxx yyyy" | ||||
6831 | * - "EXPORTER_SECRET xxxx yyyy" | ||||
6832 | * Where xxxx is the client_random from the ClientHello (hex-encoded) | ||||
6833 | * Where yyyy is the secret (hex-encoded) derived from the early, | ||||
6834 | * handshake or master secrets. (This format is introduced with TLS 1.3 | ||||
6835 | * and supported by BoringSSL, OpenSSL, etc. See bug 12779.) | ||||
6836 | */ | ||||
6837 | GRegex *regex = ssl_compile_keyfile_regex(); | ||||
6838 | if (!regex) | ||||
6839 | return; | ||||
6840 | |||||
6841 | const char *next_line = (const char *)data; | ||||
6842 | const char *line_end = next_line + datalen; | ||||
6843 | while (next_line && next_line < line_end) { | ||||
6844 | const char *line = next_line; | ||||
6845 | next_line = (const char *)memchr(line, '\n', line_end - line); | ||||
6846 | ssize_t linelen; | ||||
6847 | |||||
6848 | if (next_line) { | ||||
6849 | linelen = next_line - line; | ||||
6850 | next_line++; /* drop LF */ | ||||
6851 | } else { | ||||
6852 | linelen = (ssize_t)(line_end - line); | ||||
6853 | } | ||||
6854 | if (linelen > 0 && line[linelen - 1] == '\r') { | ||||
6855 | linelen--; /* drop CR */ | ||||
6856 | } | ||||
6857 | |||||
6858 | ssl_debug_printf(" checking keylog line: %.*s\n", (int)linelen, line); | ||||
6859 | GMatchInfo *mi; | ||||
6860 | if (g_regex_match_full(regex, line, linelen, 0, G_REGEX_MATCH_ANCHORED, &mi, NULL((void*)0))) { | ||||
6861 | char *hex_key, *hex_pre_ms_or_ms; | ||||
6862 | StringInfo *key = wmem_new(wmem_file_scope(), StringInfo)((StringInfo*)wmem_alloc((wmem_file_scope()), sizeof(StringInfo ))); | ||||
6863 | StringInfo *pre_ms_or_ms = NULL((void*)0); | ||||
6864 | GHashTable *ht = NULL((void*)0); | ||||
6865 | |||||
6866 | /* Is the PMS being supplied with the PMS_CLIENT_RANDOM | ||||
6867 | * otherwise we will use the Master Secret | ||||
6868 | */ | ||||
6869 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "master_secret"); | ||||
6870 | if (hex_pre_ms_or_ms == NULL((void*)0) || !*hex_pre_ms_or_ms) { | ||||
6871 | g_free(hex_pre_ms_or_ms); | ||||
6872 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "pms"); | ||||
6873 | } | ||||
6874 | if (hex_pre_ms_or_ms == NULL((void*)0) || !*hex_pre_ms_or_ms) { | ||||
6875 | g_free(hex_pre_ms_or_ms); | ||||
6876 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "derived_secret"); | ||||
6877 | } | ||||
6878 | /* There is always a match, otherwise the regex is wrong. */ | ||||
6879 | DISSECTOR_ASSERT(hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms))((void) ((hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 6879, "hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms)" )))); | ||||
6880 | |||||
6881 | /* convert from hex to bytes and save to hashtable */ | ||||
6882 | pre_ms_or_ms = wmem_new(wmem_file_scope(), StringInfo)((StringInfo*)wmem_alloc((wmem_file_scope()), sizeof(StringInfo ))); | ||||
6883 | from_hex(pre_ms_or_ms, hex_pre_ms_or_ms, strlen(hex_pre_ms_or_ms)); | ||||
6884 | g_free(hex_pre_ms_or_ms); | ||||
6885 | |||||
6886 | /* Find a master key from any format (CLIENT_RANDOM, SID, ...) */ | ||||
6887 | for (unsigned i = 0; i < G_N_ELEMENTS(mk_groups)(sizeof (mk_groups) / sizeof ((mk_groups)[0])); i++) { | ||||
6888 | ssl_master_key_match_group_t *g = &mk_groups[i]; | ||||
6889 | hex_key = g_match_info_fetch_named(mi, g->re_group_name); | ||||
6890 | if (hex_key && *hex_key) { | ||||
6891 | ssl_debug_printf(" matched %s\n", g->re_group_name); | ||||
6892 | ht = g->master_key_ht; | ||||
6893 | from_hex(key, hex_key, strlen(hex_key)); | ||||
6894 | g_free(hex_key); | ||||
6895 | break; | ||||
6896 | } | ||||
6897 | g_free(hex_key); | ||||
6898 | } | ||||
6899 | DISSECTOR_ASSERT(ht)((void) ((ht) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 6899, "ht")))); /* Cannot be reached, or regex is wrong. */ | ||||
6900 | |||||
6901 | g_hash_table_insert(ht, key, pre_ms_or_ms); | ||||
6902 | |||||
6903 | } else if (linelen > 0 && line[0] != '#') { | ||||
6904 | ssl_debug_printf(" unrecognized line\n"); | ||||
6905 | } | ||||
6906 | /* always free match info even if there is no match. */ | ||||
6907 | g_match_info_free(mi); | ||||
6908 | } | ||||
6909 | } | ||||
6910 | |||||
6911 | void | ||||
6912 | ssl_load_keyfile(const char *tls_keylog_filename, FILE **keylog_file, | ||||
6913 | const ssl_master_key_map_t *mk_map) | ||||
6914 | { | ||||
6915 | /* no need to try if no key log file is configured. */ | ||||
6916 | if (!tls_keylog_filename || !*tls_keylog_filename) { | ||||
6917 | ssl_debug_printf("%s dtls/tls.keylog_file is not configured!\n", | ||||
6918 | G_STRFUNC((const char*) (__func__))); | ||||
6919 | return; | ||||
6920 | } | ||||
6921 | |||||
6922 | /* Validate regexes before even trying to use it. */ | ||||
6923 | if (!ssl_compile_keyfile_regex()) { | ||||
6924 | return; | ||||
6925 | } | ||||
6926 | |||||
6927 | ssl_debug_printf("trying to use TLS keylog in %s\n", tls_keylog_filename); | ||||
6928 | |||||
6929 | /* if the keylog file was deleted/overwritten, re-open it */ | ||||
6930 | if (*keylog_file && file_needs_reopen(ws_filenofileno(*keylog_file), tls_keylog_filename)) { | ||||
6931 | ssl_debug_printf("%s file got deleted, trying to re-open\n", G_STRFUNC((const char*) (__func__))); | ||||
6932 | fclose(*keylog_file); | ||||
6933 | *keylog_file = NULL((void*)0); | ||||
6934 | } | ||||
6935 | |||||
6936 | if (*keylog_file == NULL((void*)0)) { | ||||
6937 | *keylog_file = ws_fopenfopen(tls_keylog_filename, "r"); | ||||
6938 | if (!*keylog_file) { | ||||
6939 | ssl_debug_printf("%s failed to open SSL keylog\n", G_STRFUNC((const char*) (__func__))); | ||||
6940 | return; | ||||
6941 | } | ||||
6942 | } | ||||
6943 | |||||
6944 | for (;;) { | ||||
6945 | char buf[1110], *line; | ||||
6946 | line = fgets(buf, sizeof(buf), *keylog_file); | ||||
6947 | if (!line) { | ||||
6948 | if (feof(*keylog_file)) { | ||||
6949 | /* Ensure that newly appended keys can be read in the future. */ | ||||
6950 | clearerr(*keylog_file); | ||||
6951 | } else if (ferror(*keylog_file)) { | ||||
6952 | ssl_debug_printf("%s Error while reading key log file, closing it!\n", G_STRFUNC((const char*) (__func__))); | ||||
6953 | fclose(*keylog_file); | ||||
6954 | *keylog_file = NULL((void*)0); | ||||
6955 | } | ||||
6956 | break; | ||||
6957 | } | ||||
6958 | tls_keylog_process_lines(mk_map, (uint8_t *)line, (int)strlen(line)); | ||||
6959 | } | ||||
6960 | } | ||||
6961 | /** SSL keylog file handling. }}} */ | ||||
6962 | |||||
6963 | #ifdef SSL_DECRYPT_DEBUG /* {{{ */ | ||||
6964 | |||||
6965 | static FILE* ssl_debug_file; | ||||
6966 | |||||
6967 | void | ||||
6968 | ssl_set_debug(const char* name) | ||||
6969 | { | ||||
6970 | static int debug_file_must_be_closed; | ||||
6971 | int use_stderr; | ||||
6972 | |||||
6973 | use_stderr = name?(strcmp(name, SSL_DEBUG_USE_STDERR"-") == 0):0; | ||||
6974 | |||||
6975 | if (debug_file_must_be_closed) | ||||
6976 | fclose(ssl_debug_file); | ||||
6977 | |||||
6978 | if (use_stderr) | ||||
6979 | ssl_debug_file = stderrstderr; | ||||
6980 | else if (!name || (strcmp(name, "") ==0)) | ||||
6981 | ssl_debug_file = NULL((void*)0); | ||||
6982 | else | ||||
6983 | ssl_debug_file = ws_fopenfopen(name, "w"); | ||||
6984 | |||||
6985 | if (!use_stderr && ssl_debug_file) | ||||
6986 | debug_file_must_be_closed = 1; | ||||
6987 | else | ||||
6988 | debug_file_must_be_closed = 0; | ||||
6989 | |||||
6990 | ssl_debug_printf("Wireshark SSL debug log \n\n"); | ||||
6991 | #ifdef HAVE_LIBGNUTLS1 | ||||
6992 | ssl_debug_printf("GnuTLS version: %s\n", gnutls_check_version(NULL((void*)0))); | ||||
6993 | #endif | ||||
6994 | ssl_debug_printf("Libgcrypt version: %s\n", gcry_check_version(NULL((void*)0))); | ||||
6995 | ssl_debug_printf("\n"); | ||||
6996 | } | ||||
6997 | |||||
6998 | void | ||||
6999 | ssl_debug_flush(void) | ||||
7000 | { | ||||
7001 | if (ssl_debug_file) | ||||
7002 | fflush(ssl_debug_file); | ||||
7003 | } | ||||
7004 | |||||
7005 | void | ||||
7006 | ssl_debug_printf(const char* fmt, ...) | ||||
7007 | { | ||||
7008 | va_list ap; | ||||
7009 | |||||
7010 | if (!ssl_debug_file) | ||||
7011 | return; | ||||
7012 | |||||
7013 | va_start(ap, fmt)__builtin_va_start(ap, fmt); | ||||
7014 | vfprintf(ssl_debug_file, fmt, ap); | ||||
7015 | va_end(ap)__builtin_va_end(ap); | ||||
7016 | } | ||||
7017 | |||||
7018 | void | ||||
7019 | ssl_print_data(const char* name, const unsigned char* data, size_t len) | ||||
7020 | { | ||||
7021 | size_t i, j, k; | ||||
7022 | if (!ssl_debug_file) | ||||
7023 | return; | ||||
7024 | fprintf(ssl_debug_file,"%s[%d]:\n",name, (int) len); | ||||
7025 | for (i=0; i<len; i+=16) { | ||||
7026 | fprintf(ssl_debug_file,"| "); | ||||
7027 | for (j=i, k=0; k<16 && j<len; ++j, ++k) | ||||
7028 | fprintf(ssl_debug_file,"%.2x ",data[j]); | ||||
7029 | for (; k<16; ++k) | ||||
7030 | fprintf(ssl_debug_file," "); | ||||
7031 | fputc('|', ssl_debug_file); | ||||
7032 | for (j=i, k=0; k<16 && j<len; ++j, ++k) { | ||||
7033 | unsigned char c = data[j]; | ||||
7034 | if (!g_ascii_isprint(c)((g_ascii_table[(guchar) (c)] & G_ASCII_PRINT) != 0) || (c=='\t')) c = '.'; | ||||
7035 | fputc(c, ssl_debug_file); | ||||
7036 | } | ||||
7037 | for (; k<16; ++k) | ||||
7038 | fputc(' ', ssl_debug_file); | ||||
7039 | fprintf(ssl_debug_file,"|\n"); | ||||
7040 | } | ||||
7041 | } | ||||
7042 | |||||
7043 | void | ||||
7044 | ssl_print_string(const char* name, const StringInfo* data) | ||||
7045 | { | ||||
7046 | ssl_print_data(name, data->data, data->data_len); | ||||
7047 | } | ||||
7048 | #endif /* SSL_DECRYPT_DEBUG }}} */ | ||||
7049 | |||||
7050 | /* UAT preferences callbacks. {{{ */ | ||||
7051 | /* checks for SSL and DTLS UAT key list fields */ | ||||
7052 | |||||
7053 | bool_Bool | ||||
7054 | ssldecrypt_uat_fld_ip_chk_cb(void* r _U___attribute__((unused)), const char* p _U___attribute__((unused)), unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) | ||||
7055 | { | ||||
7056 | // This should be removed in favor of Decode As. Make it optional. | ||||
7057 | *err = NULL((void*)0); | ||||
7058 | return true1; | ||||
7059 | } | ||||
7060 | |||||
7061 | bool_Bool | ||||
7062 | ssldecrypt_uat_fld_port_chk_cb(void* r _U___attribute__((unused)), const char* p, unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) | ||||
7063 | { | ||||
7064 | if (!p || strlen(p) == 0u) { | ||||
7065 | // This should be removed in favor of Decode As. Make it optional. | ||||
7066 | *err = NULL((void*)0); | ||||
7067 | return true1; | ||||
7068 | } | ||||
7069 | |||||
7070 | if (strcmp(p, "start_tls") != 0){ | ||||
7071 | uint16_t port; | ||||
7072 | if (!ws_strtou16(p, NULL((void*)0), &port)) { | ||||
7073 | *err = g_strdup("Invalid port given.")g_strdup_inline ("Invalid port given."); | ||||
7074 | return false0; | ||||
7075 | } | ||||
7076 | } | ||||
7077 | |||||
7078 | *err = NULL((void*)0); | ||||
7079 | return true1; | ||||
7080 | } | ||||
7081 | |||||
7082 | bool_Bool | ||||
7083 | ssldecrypt_uat_fld_fileopen_chk_cb(void* r _U___attribute__((unused)), const char* p, unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) | ||||
7084 | { | ||||
7085 | ws_statb64struct stat st; | ||||
7086 | |||||
7087 | if (!p || strlen(p) == 0u) { | ||||
7088 | *err = g_strdup("No filename given.")g_strdup_inline ("No filename given."); | ||||
7089 | return false0; | ||||
7090 | } else { | ||||
7091 | if (ws_stat64stat(p, &st) != 0) { | ||||
7092 | *err = ws_strdup_printf("File '%s' does not exist or access is denied.", p)wmem_strdup_printf(((void*)0), "File '%s' does not exist or access is denied." , p); | ||||
7093 | return false0; | ||||
7094 | } | ||||
7095 | } | ||||
7096 | |||||
7097 | *err = NULL((void*)0); | ||||
7098 | return true1; | ||||
7099 | } | ||||
7100 | |||||
7101 | bool_Bool | ||||
7102 | ssldecrypt_uat_fld_password_chk_cb(void *r _U___attribute__((unused)), const char *p _U___attribute__((unused)), unsigned len _U___attribute__((unused)), const void *u1 _U___attribute__((unused)), const void *u2 _U___attribute__((unused)), char **err) | ||||
7103 | { | ||||
7104 | #if defined(HAVE_LIBGNUTLS1) | ||||
7105 | ssldecrypt_assoc_t* f = (ssldecrypt_assoc_t *)r; | ||||
7106 | FILE *fp = NULL((void*)0); | ||||
7107 | |||||
7108 | if (p && (strlen(p) > 0u)) { | ||||
7109 | fp = ws_fopenfopen(f->keyfile, "rb"); | ||||
7110 | if (fp) { | ||||
7111 | char *msg = NULL((void*)0); | ||||
7112 | gnutls_x509_privkey_t priv_key = rsa_load_pkcs12(fp, p, &msg); | ||||
7113 | if (!priv_key) { | ||||
7114 | fclose(fp); | ||||
7115 | *err = ws_strdup_printf("Could not load PKCS#12 key file: %s", msg)wmem_strdup_printf(((void*)0), "Could not load PKCS#12 key file: %s" , msg); | ||||
7116 | g_free(msg); | ||||
7117 | return false0; | ||||
7118 | } | ||||
7119 | g_free(msg); | ||||
7120 | gnutls_x509_privkey_deinit(priv_key); | ||||
7121 | fclose(fp); | ||||
7122 | } else { | ||||
7123 | *err = ws_strdup_printf("Leave this field blank if the keyfile is not PKCS#12.")wmem_strdup_printf(((void*)0), "Leave this field blank if the keyfile is not PKCS#12." ); | ||||
7124 | return false0; | ||||
7125 | } | ||||
7126 | } | ||||
7127 | |||||
7128 | *err = NULL((void*)0); | ||||
7129 | return true1; | ||||
7130 | #else | ||||
7131 | *err = g_strdup("Cannot load key files, support is not compiled in.")g_strdup_inline ("Cannot load key files, support is not compiled in." ); | ||||
7132 | return false0; | ||||
7133 | #endif | ||||
7134 | } | ||||
7135 | /* UAT preferences callbacks. }}} */ | ||||
7136 | |||||
7137 | /** maximum size of ssl_association_info() string */ | ||||
7138 | #define SSL_ASSOC_MAX_LEN8192 8192 | ||||
7139 | |||||
7140 | typedef struct ssl_association_info_callback_data | ||||
7141 | { | ||||
7142 | char *str; | ||||
7143 | const char *table_protocol; | ||||
7144 | } ssl_association_info_callback_data_t; | ||||
7145 | |||||
7146 | /** | ||||
7147 | * callback function used by ssl_association_info() to traverse the SSL associations. | ||||
7148 | */ | ||||
7149 | static void | ||||
7150 | ssl_association_info_(const char *table _U___attribute__((unused)), void *handle, void *user_data) | ||||
7151 | { | ||||
7152 | ssl_association_info_callback_data_t* data = (ssl_association_info_callback_data_t*)user_data; | ||||
7153 | const int l = (const int)strlen(data->str); | ||||
7154 | snprintf(data->str+l, SSL_ASSOC_MAX_LEN8192-l, "'%s' (%s)\n", dissector_handle_get_dissector_name((dissector_handle_t)handle), dissector_handle_get_description((dissector_handle_t)handle)); | ||||
7155 | } | ||||
7156 | |||||
7157 | /** | ||||
7158 | * @return an information string on the SSL protocol associations. The string must be freed. | ||||
7159 | */ | ||||
7160 | char* | ||||
7161 | ssl_association_info(const char* dissector_table_name, const char* table_protocol) | ||||
7162 | { | ||||
7163 | ssl_association_info_callback_data_t data; | ||||
7164 | |||||
7165 | data.str = (char *)g_malloc0(SSL_ASSOC_MAX_LEN8192); | ||||
7166 | data.table_protocol = table_protocol; | ||||
7167 | dissector_table_foreach_handle(dissector_table_name, ssl_association_info_, &data); | ||||
7168 | return data.str; | ||||
7169 | } | ||||
7170 | |||||
7171 | |||||
7172 | /** Begin of code related to dissection of wire data. */ | ||||
7173 | |||||
7174 | /* Helpers for dissecting Variable-Length Vectors. {{{ */ | ||||
7175 | bool_Bool | ||||
7176 | ssl_add_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | ||||
7177 | unsigned offset, unsigned offset_end, uint32_t *ret_length, | ||||
7178 | int hf_length, uint32_t min_value, uint32_t max_value) | ||||
7179 | { | ||||
7180 | unsigned veclen_size; | ||||
7181 | uint32_t veclen_value; | ||||
7182 | proto_item *pi; | ||||
7183 | |||||
7184 | DISSECTOR_ASSERT_CMPUINT(min_value, <=, max_value)((void) ((min_value <= max_value) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion " "min_value" " " "<=" " " "max_value" " (" "%" "l" "u" " " "<=" " " "%" "l" "u" ")", "epan/dissectors/packet-tls-utils.c" , 7184, (uint64_t)min_value, (uint64_t)max_value)))); | ||||
7185 | if (offset > offset_end) { | ||||
7186 | expert_add_info_format(pinfo, tree, &hf->ei.malformed_buffer_too_small, | ||||
7187 | "Vector offset is past buffer end offset (%u > %u)", | ||||
7188 | offset, offset_end); | ||||
7189 | *ret_length = 0; | ||||
7190 | return false0; /* Cannot read length. */ | ||||
7191 | } | ||||
7192 | |||||
7193 | if (max_value > 0xffffff) { | ||||
7194 | veclen_size = 4; | ||||
7195 | } else if (max_value > 0xffff) { | ||||
7196 | veclen_size = 3; | ||||
7197 | } else if (max_value > 0xff) { | ||||
7198 | veclen_size = 2; | ||||
7199 | } else { | ||||
7200 | veclen_size = 1; | ||||
7201 | } | ||||
7202 | |||||
7203 | if (offset_end - offset < veclen_size) { | ||||
7204 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_buffer_too_small, | ||||
7205 | tvb, offset, offset_end - offset, | ||||
7206 | "No more room for vector of length %u", | ||||
7207 | veclen_size); | ||||
7208 | *ret_length = 0; | ||||
7209 | return false0; /* Cannot read length. */ | ||||
7210 | } | ||||
7211 | |||||
7212 | pi = proto_tree_add_item_ret_uint(tree, hf_length, tvb, offset, veclen_size, ENC_BIG_ENDIAN0x00000000, &veclen_value); | ||||
7213 | offset += veclen_size; | ||||
7214 | |||||
7215 | if (veclen_value < min_value) { | ||||
7216 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_vector_length, | ||||
7217 | "Vector length %u is smaller than minimum %u", | ||||
7218 | veclen_value, min_value); | ||||
7219 | } else if (veclen_value > max_value) { | ||||
7220 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_vector_length, | ||||
7221 | "Vector length %u is larger than maximum %u", | ||||
7222 | veclen_value, max_value); | ||||
7223 | } | ||||
7224 | |||||
7225 | if (offset_end - offset < veclen_value) { | ||||
7226 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_buffer_too_small, | ||||
7227 | "Vector length %u is too large, truncating it to %u", | ||||
7228 | veclen_value, offset_end - offset); | ||||
7229 | *ret_length = offset_end - offset; | ||||
7230 | return false0; /* Length is truncated to avoid overflow. */ | ||||
7231 | } | ||||
7232 | |||||
7233 | *ret_length = veclen_value; | ||||
7234 | return true1; /* Length is OK. */ | ||||
7235 | } | ||||
7236 | |||||
7237 | bool_Bool | ||||
7238 | ssl_end_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | ||||
7239 | unsigned offset, unsigned offset_end) | ||||
7240 | { | ||||
7241 | if (offset < offset_end) { | ||||
7242 | unsigned trailing = offset_end - offset; | ||||
7243 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_trailing_data, | ||||
7244 | tvb, offset, trailing, | ||||
7245 | "%u trailing byte%s unprocessed", | ||||
7246 | trailing, plurality(trailing, " was", "s were")((trailing) == 1 ? (" was") : ("s were"))); | ||||
7247 | return false0; /* unprocessed data warning */ | ||||
7248 | } else if (offset > offset_end) { | ||||
7249 | /* | ||||
7250 | * Returned offset runs past the end. This should not happen and is | ||||
7251 | * possibly a dissector bug. | ||||
7252 | */ | ||||
7253 | unsigned excess = offset - offset_end; | ||||
7254 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_buffer_too_small, | ||||
7255 | tvb, offset_end, excess, | ||||
7256 | "Dissector processed too much data (%u byte%s)", | ||||
7257 | excess, plurality(excess, "", "s")((excess) == 1 ? ("") : ("s"))); | ||||
7258 | return false0; /* overflow error */ | ||||
7259 | } | ||||
7260 | |||||
7261 | return true1; /* OK, offset matches. */ | ||||
7262 | } | ||||
7263 | /** }}} */ | ||||
7264 | |||||
7265 | |||||
7266 | static uint32_t | ||||
7267 | ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
7268 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
7269 | uint16_t version, int hf_sig_len, int hf_sig); | ||||
7270 | |||||
7271 | /* change_cipher_spec(20) dissection */ | ||||
7272 | void | ||||
7273 | ssl_dissect_change_cipher_spec(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
7274 | packet_info *pinfo, proto_tree *tree, | ||||
7275 | uint32_t offset, SslSession *session, | ||||
7276 | bool_Bool is_from_server, | ||||
7277 | const SslDecryptSession *ssl) | ||||
7278 | { | ||||
7279 | /* | ||||
7280 | * struct { | ||||
7281 | * enum { change_cipher_spec(1), (255) } type; | ||||
7282 | * } ChangeCipherSpec; | ||||
7283 | */ | ||||
7284 | proto_item *ti; | ||||
7285 | proto_item_set_text(tree, | ||||
7286 | "%s Record Layer: %s Protocol: Change Cipher Spec", | ||||
7287 | val_to_str_const(session->version, ssl_version_short_names, "SSL"), | ||||
7288 | val_to_str_const(SSL_ID_CHG_CIPHER_SPEC, ssl_31_content_type, "unknown")); | ||||
7289 | ti = proto_tree_add_item(tree, hf->hf.change_cipher_spec, tvb, offset, 1, ENC_NA0x00000000); | ||||
7290 | |||||
7291 | if (session->version == TLSV1DOT3_VERSION0x304) { | ||||
7292 | /* CCS is a dummy message in TLS 1.3, do not parse it further. */ | ||||
7293 | return; | ||||
7294 | } | ||||
7295 | |||||
7296 | /* Remember frame number of first CCS */ | ||||
7297 | uint32_t *ccs_frame = is_from_server ? &session->server_ccs_frame : &session->client_ccs_frame; | ||||
7298 | if (*ccs_frame == 0) | ||||
7299 | *ccs_frame = pinfo->num; | ||||
7300 | |||||
7301 | /* Use heuristics to detect an abbreviated handshake, assume that missing | ||||
7302 | * ServerHelloDone implies reusing previously negotiating keys. Then when | ||||
7303 | * a Session ID or ticket is present, it must be a resumed session. | ||||
7304 | * Normally this should be done at the Finished message, but that may be | ||||
7305 | * encrypted so we do it here, at the last cleartext message. */ | ||||
7306 | if (is_from_server && ssl) { | ||||
7307 | if (session->is_session_resumed) { | ||||
7308 | const char *resumed = NULL((void*)0); | ||||
7309 | if (ssl->session_ticket.data_len) { | ||||
7310 | resumed = "Session Ticket"; | ||||
7311 | } else if (ssl->session_id.data_len) { | ||||
7312 | resumed = "Session ID"; | ||||
7313 | } | ||||
7314 | if (resumed) { | ||||
7315 | ssl_debug_printf("%s Session resumption using %s\n", G_STRFUNC((const char*) (__func__)), resumed); | ||||
7316 | } else { | ||||
7317 | /* Can happen if the capture somehow starts in the middle */ | ||||
7318 | ssl_debug_printf("%s No Session resumption, missing packets?\n", G_STRFUNC((const char*) (__func__))); | ||||
7319 | } | ||||
7320 | } else { | ||||
7321 | ssl_debug_printf("%s Not using Session resumption\n", G_STRFUNC((const char*) (__func__))); | ||||
7322 | } | ||||
7323 | } | ||||
7324 | if (is_from_server && session->is_session_resumed) | ||||
7325 | expert_add_info(pinfo, ti, &hf->ei.resumed); | ||||
7326 | } | ||||
7327 | |||||
7328 | /** Begin of handshake(22) record dissections */ | ||||
7329 | |||||
7330 | /* Dissects a SignatureScheme (TLS 1.3) or SignatureAndHashAlgorithm (TLS 1.2). | ||||
7331 | * {{{ */ | ||||
7332 | static void | ||||
7333 | tls_dissect_signature_algorithm(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset, ja4_data_t *ja4_data) | ||||
7334 | { | ||||
7335 | uint32_t sighash, hashalg, sigalg; | ||||
7336 | proto_item *ti_sigalg; | ||||
7337 | proto_tree *sigalg_tree; | ||||
7338 | |||||
7339 | ti_sigalg = proto_tree_add_item_ret_uint(tree, hf->hf.hs_sig_hash_alg, tvb, | ||||
7340 | offset, 2, ENC_BIG_ENDIAN0x00000000, &sighash); | ||||
7341 | if (ja4_data) { | ||||
7342 | wmem_list_append(ja4_data->sighash_list, GUINT_TO_POINTER(sighash)((gpointer) (gulong) (sighash))); | ||||
7343 | } | ||||
7344 | |||||
7345 | sigalg_tree = proto_item_add_subtree(ti_sigalg, hf->ett.hs_sig_hash_alg); | ||||
7346 | |||||
7347 | /* TLS 1.2: SignatureAndHashAlgorithm { hash, signature } */ | ||||
7348 | proto_tree_add_item_ret_uint(sigalg_tree, hf->hf.hs_sig_hash_hash, tvb, | ||||
7349 | offset, 1, ENC_BIG_ENDIAN0x00000000, &hashalg); | ||||
7350 | proto_tree_add_item_ret_uint(sigalg_tree, hf->hf.hs_sig_hash_sig, tvb, | ||||
7351 | offset + 1, 1, ENC_BIG_ENDIAN0x00000000, &sigalg); | ||||
7352 | |||||
7353 | /* No TLS 1.3 SignatureScheme? Fallback to TLS 1.2 interpretation. */ | ||||
7354 | if (!try_val_to_str(sighash, tls13_signature_algorithm)) { | ||||
7355 | proto_item_set_text(ti_sigalg, "Signature Algorithm: %s %s (0x%04x)", | ||||
7356 | val_to_str_const(hashalg, tls_hash_algorithm, "Unknown"), | ||||
7357 | val_to_str_const(sigalg, tls_signature_algorithm, "Unknown"), | ||||
7358 | sighash); | ||||
7359 | } | ||||
7360 | } /* }}} */ | ||||
7361 | |||||
7362 | /* dissect a list of hash algorithms, return the number of bytes dissected | ||||
7363 | this is used for the signature algorithms extension and for the | ||||
7364 | TLS1.2 certificate request. {{{ */ | ||||
7365 | static int | ||||
7366 | ssl_dissect_hash_alg_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | ||||
7367 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, ja4_data_t *ja4_data) | ||||
7368 | { | ||||
7369 | /* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 | ||||
7370 | * struct { | ||||
7371 | * HashAlgorithm hash; | ||||
7372 | * SignatureAlgorithm signature; | ||||
7373 | * } SignatureAndHashAlgorithm; | ||||
7374 | * SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>; | ||||
7375 | */ | ||||
7376 | proto_tree *subtree; | ||||
7377 | proto_item *ti; | ||||
7378 | unsigned sh_alg_length; | ||||
7379 | uint32_t next_offset; | ||||
7380 | |||||
7381 | /* SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2> */ | ||||
7382 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sh_alg_length, | ||||
7383 | hf->hf.hs_sig_hash_alg_len, 2, UINT16_MAX(65535) - 1)) { | ||||
7384 | return offset_end; | ||||
7385 | } | ||||
7386 | offset += 2; | ||||
7387 | next_offset = offset + sh_alg_length; | ||||
7388 | |||||
7389 | ti = proto_tree_add_none_format(tree, hf->hf.hs_sig_hash_algs, tvb, offset, sh_alg_length, | ||||
7390 | "Signature Hash Algorithms (%u algorithm%s)", | ||||
7391 | sh_alg_length / 2, plurality(sh_alg_length / 2, "", "s")((sh_alg_length / 2) == 1 ? ("") : ("s"))); | ||||
7392 | subtree = proto_item_add_subtree(ti, hf->ett.hs_sig_hash_algs); | ||||
7393 | |||||
7394 | while (offset + 2 <= next_offset) { | ||||
7395 | tls_dissect_signature_algorithm(hf, tvb, subtree, offset, ja4_data); | ||||
7396 | offset += 2; | ||||
7397 | } | ||||
7398 | |||||
7399 | if (!ssl_end_vector(hf, tvb, pinfo, subtree, offset, next_offset)) { | ||||
7400 | offset = next_offset; | ||||
7401 | } | ||||
7402 | |||||
7403 | return offset; | ||||
7404 | } /* }}} */ | ||||
7405 | |||||
7406 | /* Dissection of DistinguishedName (for CertificateRequest and | ||||
7407 | * certificate_authorities extension). {{{ */ | ||||
7408 | static uint32_t | ||||
7409 | tls_dissect_certificate_authorities(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
7410 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
7411 | { | ||||
7412 | proto_item *ti; | ||||
7413 | proto_tree *subtree; | ||||
7414 | uint32_t dnames_length, next_offset; | ||||
7415 | asn1_ctx_t asn1_ctx; | ||||
7416 | int dnames_count = 100; /* the maximum number of DNs to add to the tree */ | ||||
7417 | |||||
7418 | /* Note: minimum length is 0 for TLS 1.1/1.2 and 3 for earlier/later */ | ||||
7419 | /* DistinguishedName certificate_authorities<0..2^16-1> */ | ||||
7420 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &dnames_length, | ||||
7421 | hf->hf.hs_dnames_len, 0, UINT16_MAX(65535))) { | ||||
7422 | return offset_end; | ||||
7423 | } | ||||
7424 | offset += 2; | ||||
7425 | next_offset = offset + dnames_length; | ||||
7426 | |||||
7427 | if (dnames_length > 0) { | ||||
7428 | ti = proto_tree_add_none_format(tree, | ||||
7429 | hf->hf.hs_dnames, | ||||
7430 | tvb, offset, dnames_length, | ||||
7431 | "Distinguished Names (%d byte%s)", | ||||
7432 | dnames_length, | ||||
7433 | plurality(dnames_length, "", "s")((dnames_length) == 1 ? ("") : ("s"))); | ||||
7434 | subtree = proto_item_add_subtree(ti, hf->ett.dnames); | ||||
7435 | |||||
7436 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | ||||
7437 | |||||
7438 | while (offset < next_offset) { | ||||
7439 | /* get the length of the current certificate */ | ||||
7440 | uint32_t name_length; | ||||
7441 | |||||
7442 | if (dnames_count-- == 0) { | ||||
7443 | /* stop adding to tree when the list is considered too large | ||||
7444 | * https://gitlab.com/wireshark/wireshark/-/issues/16202 | ||||
7445 | Note: dnames_count must be set low enough not to hit the | ||||
7446 | limit set by PINFO_LAYER_MAX_RECURSION_DEPTH in packet.c | ||||
7447 | */ | ||||
7448 | ti = proto_tree_add_item(subtree, hf->hf.hs_dnames_truncated, | ||||
7449 | tvb, offset, next_offset - offset, ENC_NA0x00000000); | ||||
7450 | proto_item_set_generated(ti); | ||||
7451 | return next_offset; | ||||
7452 | } | ||||
7453 | |||||
7454 | /* opaque DistinguishedName<1..2^16-1> */ | ||||
7455 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &name_length, | ||||
7456 | hf->hf.hs_dname_len, 1, UINT16_MAX(65535))) { | ||||
7457 | return next_offset; | ||||
7458 | } | ||||
7459 | offset += 2; | ||||
7460 | |||||
7461 | dissect_x509if_DistinguishedName(false0, tvb, offset, &asn1_ctx, | ||||
7462 | subtree, hf->hf.hs_dname); | ||||
7463 | offset += name_length; | ||||
7464 | } | ||||
7465 | } | ||||
7466 | return offset; | ||||
7467 | } /* }}} */ | ||||
7468 | |||||
7469 | |||||
7470 | /** TLS Extensions (in Client Hello and Server Hello). {{{ */ | ||||
7471 | static int | ||||
7472 | ssl_dissect_hnd_hello_ext_sig_hash_algs(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
7473 | proto_tree *tree, packet_info* pinfo, uint32_t offset, uint32_t offset_end, ja4_data_t *ja4_data) | ||||
7474 | { | ||||
7475 | return ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, ja4_data); | ||||
7476 | } | ||||
7477 | |||||
7478 | static int | ||||
7479 | ssl_dissect_hnd_ext_delegated_credentials(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
7480 | proto_tree *tree, packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type) | ||||
7481 | { | ||||
7482 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | ||||
7483 | /* | ||||
7484 | * struct { | ||||
7485 | * SignatureScheme supported_signature_algorithm<2..2^16-2>; | ||||
7486 | * } SignatureSchemeList; | ||||
7487 | */ | ||||
7488 | |||||
7489 | return ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, NULL((void*)0)); | ||||
7490 | } else { | ||||
7491 | asn1_ctx_t asn1_ctx; | ||||
7492 | unsigned pubkey_length, sign_length; | ||||
7493 | |||||
7494 | /* | ||||
7495 | * struct { | ||||
7496 | * uint32 valid_time; | ||||
7497 | * SignatureScheme expected_cert_verify_algorithm; | ||||
7498 | * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; | ||||
7499 | * } Credential; | ||||
7500 | * | ||||
7501 | * struct { | ||||
7502 | * Credential cred; | ||||
7503 | * SignatureScheme algorithm; | ||||
7504 | * opaque signature<0..2^16-1>; | ||||
7505 | * } DelegatedCredential; | ||||
7506 | */ | ||||
7507 | |||||
7508 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | ||||
7509 | |||||
7510 | proto_tree_add_item(tree, hf->hf.hs_cred_valid_time, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | ||||
7511 | offset += 4; | ||||
7512 | |||||
7513 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); | ||||
7514 | offset += 2; | ||||
7515 | |||||
7516 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &pubkey_length, | ||||
7517 | hf->hf.hs_cred_pubkey_len, 1, G_MAXUINT24((1U << 24) - 1))) { | ||||
7518 | return offset_end; | ||||
7519 | } | ||||
7520 | offset += 3; | ||||
7521 | dissect_x509af_SubjectPublicKeyInfo(false0, tvb, offset, &asn1_ctx, tree, hf->hf.hs_cred_pubkey); | ||||
7522 | offset += pubkey_length; | ||||
7523 | |||||
7524 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); | ||||
7525 | offset += 2; | ||||
7526 | |||||
7527 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sign_length, | ||||
7528 | hf->hf.hs_cred_signature_len, 1, UINT16_MAX(65535))) { | ||||
7529 | return offset_end; | ||||
7530 | } | ||||
7531 | offset += 2; | ||||
7532 | proto_tree_add_item(tree, hf->hf.hs_cred_signature, | ||||
7533 | tvb, offset, sign_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | ||||
7534 | offset += sign_length; | ||||
7535 | |||||
7536 | return offset; | ||||
7537 | } | ||||
7538 | } | ||||
7539 | |||||
7540 | static int | ||||
7541 | ssl_dissect_hnd_hello_ext_alps(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
7542 | packet_info *pinfo, proto_tree *tree, | ||||
7543 | uint32_t offset, uint32_t offset_end, | ||||
7544 | uint8_t hnd_type) | ||||
7545 | { | ||||
7546 | |||||
7547 | /* https://datatracker.ietf.org/doc/html/draft-vvv-tls-alps-01#section-4 */ | ||||
7548 | |||||
7549 | switch (hnd_type) { | ||||
7550 | case SSL_HND_CLIENT_HELLO: { | ||||
7551 | proto_tree *alps_tree; | ||||
7552 | proto_item *ti; | ||||
7553 | uint32_t next_offset, alps_length, name_length; | ||||
7554 | |||||
7555 | /* | ||||
7556 | * opaque ProtocolName<1..2^8-1>; | ||||
7557 | * struct { | ||||
7558 | * ProtocolName supported_protocols<2..2^16-1> | ||||
7559 | * } ApplicationSettingsSupport; | ||||
7560 | */ | ||||
7561 | |||||
7562 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &alps_length, | ||||
7563 | hf->hf.hs_ext_alps_len, 2, UINT16_MAX(65535))) { | ||||
7564 | return offset_end; | ||||
7565 | } | ||||
7566 | offset += 2; | ||||
7567 | next_offset = offset + alps_length; | ||||
7568 | |||||
7569 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_alps_alpn_list, | ||||
7570 | tvb, offset, alps_length, ENC_NA0x00000000); | ||||
7571 | alps_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_alps); | ||||
7572 | |||||
7573 | /* Parse list (note missing check for end of vector, ssl_add_vector below | ||||
7574 | * ensures that data is always available.) */ | ||||
7575 | while (offset < next_offset) { | ||||
7576 | if (!ssl_add_vector(hf, tvb, pinfo, alps_tree, offset, next_offset, &name_length, | ||||
7577 | hf->hf.hs_ext_alps_alpn_str_len, 1, UINT8_MAX(255))) { | ||||
7578 | return next_offset; | ||||
7579 | } | ||||
7580 | offset++; | ||||
7581 | |||||
7582 | proto_tree_add_item(alps_tree, hf->hf.hs_ext_alps_alpn_str, | ||||
7583 | tvb, offset, name_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | ||||
7584 | offset += name_length; | ||||
7585 | } | ||||
7586 | |||||
7587 | return offset; | ||||
7588 | } | ||||
7589 | case SSL_HND_ENCRYPTED_EXTS: | ||||
7590 | /* Opaque blob */ | ||||
7591 | proto_tree_add_item(tree, hf->hf.hs_ext_alps_settings, | ||||
7592 | tvb, offset, offset_end - offset, ENC_ASCII0x00000000|ENC_NA0x00000000); | ||||
7593 | break; | ||||
7594 | } | ||||
7595 | |||||
7596 | return offset_end; | ||||
7597 | } | ||||
7598 | |||||
7599 | static int | ||||
7600 | ssl_dissect_hnd_hello_ext_alpn(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
7601 | packet_info *pinfo, proto_tree *tree, | ||||
7602 | uint32_t offset, uint32_t offset_end, | ||||
7603 | uint8_t hnd_type, SslSession *session, | ||||
7604 | bool_Bool is_dtls, ja4_data_t *ja4_data) | ||||
7605 | { | ||||
7606 | |||||
7607 | /* https://tools.ietf.org/html/rfc7301#section-3.1 | ||||
7608 | * opaque ProtocolName<1..2^8-1>; | ||||
7609 | * struct { | ||||
7610 | * ProtocolName protocol_name_list<2..2^16-1> | ||||
7611 | * } ProtocolNameList; | ||||
7612 | */ | ||||
7613 | proto_tree *alpn_tree; | ||||
7614 | proto_item *ti; | ||||
7615 | uint32_t next_offset, alpn_length, name_length; | ||||
7616 | uint8_t *proto_name = NULL((void*)0), *client_proto_name = NULL((void*)0); | ||||
7617 | |||||
7618 | /* ProtocolName protocol_name_list<2..2^16-1> */ | ||||
7619 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &alpn_length, | ||||
7620 | hf->hf.hs_ext_alpn_len, 2, UINT16_MAX(65535))) { | ||||
7621 | return offset_end; | ||||
7622 | } | ||||
7623 | offset += 2; | ||||
7624 | next_offset = offset + alpn_length; | ||||
7625 | |||||
7626 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_alpn_list, | ||||
7627 | tvb, offset, alpn_length, ENC_NA0x00000000); | ||||
7628 | alpn_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_alpn); | ||||
7629 | |||||
7630 | /* Parse list (note missing check for end of vector, ssl_add_vector below | ||||
7631 | * ensures that data is always available.) */ | ||||
7632 | while (offset < next_offset) { | ||||
7633 | /* opaque ProtocolName<1..2^8-1> */ | ||||
7634 | if (!ssl_add_vector(hf, tvb, pinfo, alpn_tree, offset, next_offset, &name_length, | ||||
7635 | hf->hf.hs_ext_alpn_str_len, 1, UINT8_MAX(255))) { | ||||
7636 | return next_offset; | ||||
7637 | } | ||||
7638 | offset++; | ||||
7639 | |||||
7640 | proto_tree_add_item(alpn_tree, hf->hf.hs_ext_alpn_str, | ||||
7641 | tvb, offset, name_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | ||||
7642 | if (ja4_data && wmem_strbuf_get_len(ja4_data->alpn) == 0) { | ||||
7643 | const char alpn_first_char = (char)tvb_get_uint8(tvb,offset); | ||||
7644 | const char alpn_last_char = (char)tvb_get_uint8(tvb,offset + name_length - 1); | ||||
7645 | if ((g_ascii_isprint(alpn_first_char)((g_ascii_table[(guchar) (alpn_first_char)] & G_ASCII_PRINT ) != 0)) && g_ascii_isprint(alpn_last_char)((g_ascii_table[(guchar) (alpn_last_char)] & G_ASCII_PRINT ) != 0)) { | ||||
7646 | wmem_strbuf_append_printf(ja4_data->alpn, "%c%c", alpn_first_char, alpn_last_char); | ||||
7647 | } | ||||
7648 | else { | ||||
7649 | wmem_strbuf_append_printf(ja4_data->alpn, "%x%x",(alpn_first_char >> 4) & 0x0F, | ||||
7650 | alpn_last_char & 0x0F); | ||||
7651 | } | ||||
7652 | } | ||||
7653 | /* Remember first ALPN ProtocolName entry for server. */ | ||||
7654 | if (hnd_type == SSL_HND_SERVER_HELLO || hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS) { | ||||
7655 | /* '\0'-terminated string for dissector table match and prefix | ||||
7656 | * comparison purposes. */ | ||||
7657 | proto_name = tvb_get_string_enc(pinfo->pool, tvb, offset, | ||||
7658 | name_length, ENC_ASCII0x00000000); | ||||
7659 | } else if (hnd_type == SSL_HND_CLIENT_HELLO) { | ||||
7660 | client_proto_name = tvb_get_string_enc(pinfo->pool, tvb, offset, | ||||
7661 | name_length, ENC_ASCII0x00000000); | ||||
7662 | } | ||||
7663 | offset += name_length; | ||||
7664 | } | ||||
7665 | |||||
7666 | /* If ALPN is given in ServerHello, then ProtocolNameList MUST contain | ||||
7667 | * exactly one "ProtocolName". */ | ||||
7668 | if (proto_name) { | ||||
7669 | dissector_handle_t handle; | ||||
7670 | |||||
7671 | session->alpn_name = wmem_strdup(wmem_file_scope(), proto_name); | ||||
7672 | |||||
7673 | if (is_dtls) { | ||||
7674 | handle = dissector_get_string_handle(dtls_alpn_dissector_table, | ||||
7675 | proto_name); | ||||
7676 | } else { | ||||
7677 | handle = dissector_get_string_handle(ssl_alpn_dissector_table, | ||||
7678 | proto_name); | ||||
7679 | if (handle == NULL((void*)0)) { | ||||
7680 | /* Try prefix matching */ | ||||
7681 | for (size_t i = 0; i < G_N_ELEMENTS(ssl_alpn_prefix_match_protocols)(sizeof (ssl_alpn_prefix_match_protocols) / sizeof ((ssl_alpn_prefix_match_protocols )[0])); i++) { | ||||
7682 | const ssl_alpn_prefix_match_protocol_t *alpn_proto = &ssl_alpn_prefix_match_protocols[i]; | ||||
7683 | |||||
7684 | /* string_string is inappropriate as it compares strings | ||||
7685 | * while "byte strings MUST NOT be truncated" (RFC 7301) */ | ||||
7686 | if (g_str_has_prefix(proto_name, alpn_proto->proto_prefix)(__builtin_constant_p (alpn_proto->proto_prefix)? __extension__ ({ const char * const __str = (proto_name); const char * const __prefix = (alpn_proto->proto_prefix); gboolean __result = (0); if (__str == ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix); else { const size_t __str_len = strlen (((__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix))); if (__str_len >= __prefix_len ) __result = memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix )), __prefix_len) == 0; } __result; }) : (g_str_has_prefix) ( proto_name, alpn_proto->proto_prefix) )) { | ||||
7687 | handle = find_dissector(alpn_proto->dissector_name); | ||||
7688 | break; | ||||
7689 | } | ||||
7690 | } | ||||
7691 | } | ||||
7692 | } | ||||
7693 | if (handle != NULL((void*)0)) { | ||||
7694 | /* ProtocolName match, so set the App data dissector handle. | ||||
7695 | * This may override protocols given via the UAT dialog, but | ||||
7696 | * since the ALPN hint is precise, do it anyway. */ | ||||
7697 | ssl_debug_printf("%s: changing handle %p to %p (%s)", G_STRFUNC((const char*) (__func__)), | ||||
7698 | (void *)session->app_handle, | ||||
7699 | (void *)handle, | ||||
7700 | dissector_handle_get_dissector_name(handle)); | ||||
7701 | session->app_handle = handle; | ||||
7702 | } | ||||
7703 | } else if (client_proto_name) { | ||||
7704 | // No current use for looking up the handle as the only consumer of this API is currently the QUIC dissector | ||||
7705 | // and it just needs the string since there are/were various HTTP/3 ALPNs to check for. | ||||
7706 | session->client_alpn_name = wmem_strdup(wmem_file_scope(), client_proto_name); | ||||
7707 | } | ||||
7708 | |||||
7709 | return offset; | ||||
7710 | } | ||||
7711 | |||||
7712 | static int | ||||
7713 | ssl_dissect_hnd_hello_ext_npn(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
7714 | packet_info *pinfo, proto_tree *tree, | ||||
7715 | uint32_t offset, uint32_t offset_end) | ||||
7716 | { | ||||
7717 | /* https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-3 | ||||
7718 | * The "extension_data" field of a "next_protocol_negotiation" extension | ||||
7719 | * in a "ServerHello" contains an optional list of protocols advertised | ||||
7720 | * by the server. Protocols are named by opaque, non-empty byte strings | ||||
7721 | * and the list of protocols is serialized as a concatenation of 8-bit, | ||||
7722 | * length prefixed byte strings. Implementations MUST ensure that the | ||||
7723 | * empty string is not included and that no byte strings are truncated. | ||||
7724 | */ | ||||
7725 | uint32_t npn_length; | ||||
7726 | proto_tree *npn_tree; | ||||
7727 | |||||
7728 | /* List is optional, do not add tree if there are no entries. */ | ||||
7729 | if (offset == offset_end) { | ||||
7730 | return offset; | ||||
7731 | } | ||||
7732 | |||||
7733 | npn_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_npn, NULL((void*)0), "Next Protocol Negotiation"); | ||||
7734 | |||||
7735 | while (offset < offset_end) { | ||||
7736 | /* non-empty, 8-bit length prefixed strings means range 1..255 */ | ||||
7737 | if (!ssl_add_vector(hf, tvb, pinfo, npn_tree, offset, offset_end, &npn_length, | ||||
7738 | hf->hf.hs_ext_npn_str_len, 1, UINT8_MAX(255))) { | ||||
7739 | return offset_end; | ||||
7740 | } | ||||
7741 | offset++; | ||||
7742 | |||||
7743 | proto_tree_add_item(npn_tree, hf->hf.hs_ext_npn_str, | ||||
7744 | tvb, offset, npn_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | ||||
7745 | offset += npn_length; | ||||
7746 | } | ||||
7747 | |||||
7748 | return offset; | ||||
7749 | } | ||||
7750 | |||||
7751 | static int | ||||
7752 | ssl_dissect_hnd_hello_ext_reneg_info(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
7753 | packet_info *pinfo, proto_tree *tree, | ||||
7754 | uint32_t offset, uint32_t offset_end) | ||||
7755 | { | ||||
7756 | /* https://tools.ietf.org/html/rfc5746#section-3.2 | ||||
7757 | * struct { | ||||
7758 | * opaque renegotiated_connection<0..255>; | ||||
7759 | * } RenegotiationInfo; | ||||
7760 | * | ||||
7761 | */ | ||||
7762 | proto_tree *reneg_info_tree; | ||||
7763 | uint32_t reneg_info_length; | ||||
7764 | |||||
7765 | reneg_info_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_reneg_info, NULL((void*)0), "Renegotiation Info extension"); | ||||
7766 | |||||
7767 | /* opaque renegotiated_connection<0..255> */ | ||||
7768 | if (!ssl_add_vector(hf, tvb, pinfo, reneg_info_tree, offset, offset_end, &reneg_info_length, | ||||
7769 | hf->hf.hs_ext_reneg_info_len, 0, 255)) { | ||||
7770 | return offset_end; | ||||
7771 | } | ||||
7772 | offset++; | ||||
7773 | |||||
7774 | if (reneg_info_length > 0) { | ||||
7775 | proto_tree_add_item(reneg_info_tree, hf->hf.hs_ext_reneg_info, tvb, offset, reneg_info_length, ENC_NA0x00000000); | ||||
7776 | offset += reneg_info_length; | ||||
7777 | } | ||||
7778 | |||||
7779 | return offset; | ||||
7780 | } | ||||
7781 | |||||
7782 | static int | ||||
7783 | ssl_dissect_hnd_hello_ext_key_share_entry(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
7784 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
7785 | const char **group_name_out) | ||||
7786 | { | ||||
7787 | /* RFC 8446 Section 4.2.8 | ||||
7788 | * struct { | ||||
7789 | * NamedGroup group; | ||||
7790 | * opaque key_exchange<1..2^16-1>; | ||||
7791 | * } KeyShareEntry; | ||||
7792 | */ | ||||
7793 | uint32_t key_exchange_length, group; | ||||
7794 | proto_tree *ks_tree; | ||||
7795 | |||||
7796 | ks_tree = proto_tree_add_subtree(tree, tvb, offset, 4, hf->ett.hs_ext_key_share_ks, NULL((void*)0), "Key Share Entry"); | ||||
7797 | |||||
7798 | proto_tree_add_item_ret_uint(ks_tree, hf->hf.hs_ext_key_share_group, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &group); | ||||
7799 | offset += 2; | ||||
7800 | const char *group_name = val_to_str(group, ssl_extension_curves, "Unknown (%u)"); | ||||
7801 | proto_item_append_text(ks_tree, ": Group: %s", group_name); | ||||
7802 | if (group_name_out) { | ||||
7803 | *group_name_out = !IS_GREASE_TLS(group)((((group) & 0x0f0f) == 0x0a0a) && (((group) & 0xff) == (((group)>>8) & 0xff))) ? group_name : NULL((void*)0); | ||||
7804 | } | ||||
7805 | |||||
7806 | /* opaque key_exchange<1..2^16-1> */ | ||||
7807 | if (!ssl_add_vector(hf, tvb, pinfo, ks_tree, offset, offset_end, &key_exchange_length, | ||||
7808 | hf->hf.hs_ext_key_share_key_exchange_length, 1, UINT16_MAX(65535))) { | ||||
7809 | return offset_end; /* Bad (possible truncated) length, skip to end of KeyShare extension. */ | ||||
7810 | } | ||||
7811 | offset += 2; | ||||
7812 | proto_item_set_len(ks_tree, 2 + 2 + key_exchange_length); | ||||
7813 | proto_item_append_text(ks_tree, ", Key Exchange length: %u", key_exchange_length); | ||||
7814 | |||||
7815 | proto_tree_add_item(ks_tree, hf->hf.hs_ext_key_share_key_exchange, tvb, offset, key_exchange_length, ENC_NA0x00000000); | ||||
7816 | offset += key_exchange_length; | ||||
7817 | |||||
7818 | return offset; | ||||
7819 | } | ||||
7820 | |||||
7821 | static int | ||||
7822 | ssl_dissect_hnd_hello_ext_key_share(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
7823 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
7824 | uint8_t hnd_type) | ||||
7825 | { | ||||
7826 | proto_tree *key_share_tree; | ||||
7827 | uint32_t next_offset; | ||||
7828 | uint32_t client_shares_length; | ||||
7829 | uint32_t group; | ||||
7830 | const char *group_name = NULL((void*)0); | ||||
7831 | |||||
7832 | if (offset_end <= offset) { /* Check if ext_len == 0 and "overflow" (offset + ext_len) > uint32_t) */ | ||||
7833 | return offset; | ||||
7834 | } | ||||
7835 | |||||
7836 | key_share_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_key_share, NULL((void*)0), "Key Share extension"); | ||||
7837 | |||||
7838 | switch(hnd_type){ | ||||
7839 | case SSL_HND_CLIENT_HELLO: | ||||
7840 | /* KeyShareEntry client_shares<0..2^16-1> */ | ||||
7841 | if (!ssl_add_vector(hf, tvb, pinfo, key_share_tree, offset, offset_end, &client_shares_length, | ||||
7842 | hf->hf.hs_ext_key_share_client_length, 0, UINT16_MAX(65535))) { | ||||
7843 | return offset_end; | ||||
7844 | } | ||||
7845 | offset += 2; | ||||
7846 | next_offset = offset + client_shares_length; | ||||
7847 | const char *sep = " "; | ||||
7848 | while (offset + 4 <= next_offset) { /* (NamedGroup (2 bytes), key_exchange (1 byte for length, 1 byte minimum data) */ | ||||
7849 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, key_share_tree, offset, next_offset, &group_name); | ||||
7850 | if (group_name) { | ||||
7851 | proto_item_append_text(tree, "%s%s", sep, group_name); | ||||
7852 | sep = ", "; | ||||
7853 | } | ||||
7854 | } | ||||
7855 | if (!ssl_end_vector(hf, tvb, pinfo, key_share_tree, offset, next_offset)) { | ||||
7856 | return next_offset; | ||||
7857 | } | ||||
7858 | break; | ||||
7859 | case SSL_HND_SERVER_HELLO: | ||||
7860 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, key_share_tree, offset, offset_end, &group_name); | ||||
7861 | if (group_name) { | ||||
7862 | proto_item_append_text(tree, " %s", group_name); | ||||
7863 | } | ||||
7864 | break; | ||||
7865 | case SSL_HND_HELLO_RETRY_REQUEST: | ||||
7866 | proto_tree_add_item_ret_uint(key_share_tree, hf->hf.hs_ext_key_share_selected_group, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &group); | ||||
7867 | offset += 2; | ||||
7868 | group_name = val_to_str(group, ssl_extension_curves, "Unknown (%u)"); | ||||
7869 | proto_item_append_text(tree, " %s", group_name); | ||||
7870 | break; | ||||
7871 | default: /* no default */ | ||||
7872 | break; | ||||
7873 | } | ||||
7874 | |||||
7875 | return offset; | ||||
7876 | } | ||||
7877 | |||||
7878 | static int | ||||
7879 | ssl_dissect_hnd_hello_ext_pre_shared_key(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
7880 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
7881 | uint8_t hnd_type) | ||||
7882 | { | ||||
7883 | /* RFC 8446 Section 4.2.11 | ||||
7884 | * struct { | ||||
7885 | * opaque identity<1..2^16-1>; | ||||
7886 | * uint32 obfuscated_ticket_age; | ||||
7887 | * } PskIdentity; | ||||
7888 | * opaque PskBinderEntry<32..255>; | ||||
7889 | * struct { | ||||
7890 | * select (Handshake.msg_type) { | ||||
7891 | * case client_hello: | ||||
7892 | * PskIdentity identities<7..2^16-1>; | ||||
7893 | * PskBinderEntry binders<33..2^16-1>; | ||||
7894 | * case server_hello: | ||||
7895 | * uint16 selected_identity; | ||||
7896 | * }; | ||||
7897 | * } PreSharedKeyExtension; | ||||
7898 | */ | ||||
7899 | |||||
7900 | proto_tree *psk_tree; | ||||
7901 | |||||
7902 | psk_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_pre_shared_key, NULL((void*)0), "Pre-Shared Key extension"); | ||||
7903 | |||||
7904 | switch (hnd_type){ | ||||
7905 | case SSL_HND_CLIENT_HELLO: { | ||||
7906 | uint32_t identities_length, identities_end, binders_length; | ||||
7907 | |||||
7908 | /* PskIdentity identities<7..2^16-1> */ | ||||
7909 | if (!ssl_add_vector(hf, tvb, pinfo, psk_tree, offset, offset_end, &identities_length, | ||||
7910 | hf->hf.hs_ext_psk_identities_length, 7, UINT16_MAX(65535))) { | ||||
7911 | return offset_end; | ||||
7912 | } | ||||
7913 | offset += 2; | ||||
7914 | identities_end = offset + identities_length; | ||||
7915 | |||||
7916 | while (offset < identities_end) { | ||||
7917 | uint32_t identity_length; | ||||
7918 | proto_tree *identity_tree; | ||||
7919 | |||||
7920 | identity_tree = proto_tree_add_subtree(psk_tree, tvb, offset, 4, hf->ett.hs_ext_psk_identity, NULL((void*)0), "PSK Identity ("); | ||||
7921 | |||||
7922 | /* opaque identity<1..2^16-1> */ | ||||
7923 | if (!ssl_add_vector(hf, tvb, pinfo, identity_tree, offset, identities_end, &identity_length, | ||||
7924 | hf->hf.hs_ext_psk_identity_identity_length, 1, UINT16_MAX(65535))) { | ||||
7925 | return identities_end; | ||||
7926 | } | ||||
7927 | offset += 2; | ||||
7928 | proto_item_append_text(identity_tree, "length: %u)", identity_length); | ||||
7929 | |||||
7930 | proto_tree_add_item(identity_tree, hf->hf.hs_ext_psk_identity_identity, tvb, offset, identity_length, ENC_BIG_ENDIAN0x00000000); | ||||
7931 | offset += identity_length; | ||||
7932 | |||||
7933 | proto_tree_add_item(identity_tree, hf->hf.hs_ext_psk_identity_obfuscated_ticket_age, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | ||||
7934 | offset += 4; | ||||
7935 | |||||
7936 | proto_item_set_len(identity_tree, 2 + identity_length + 4); | ||||
7937 | } | ||||
7938 | if (!ssl_end_vector(hf, tvb, pinfo, psk_tree, offset, identities_end)) { | ||||
7939 | offset = identities_end; | ||||
7940 | } | ||||
7941 | |||||
7942 | /* PskBinderEntry binders<33..2^16-1> */ | ||||
7943 | if (!ssl_add_vector(hf, tvb, pinfo, psk_tree, offset, offset_end, &binders_length, | ||||
7944 | hf->hf.hs_ext_psk_binders_length, 33, UINT16_MAX(65535))) { | ||||
7945 | return offset_end; | ||||
7946 | } | ||||
7947 | offset += 2; | ||||
7948 | |||||
7949 | proto_tree_add_item(psk_tree, hf->hf.hs_ext_psk_binders, tvb, offset, binders_length, ENC_NA0x00000000); | ||||
7950 | offset += binders_length; | ||||
7951 | } | ||||
7952 | break; | ||||
7953 | case SSL_HND_SERVER_HELLO: { | ||||
7954 | proto_tree_add_item(psk_tree, hf->hf.hs_ext_psk_identity_selected, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
7955 | offset += 2; | ||||
7956 | } | ||||
7957 | break; | ||||
7958 | default: | ||||
7959 | break; | ||||
7960 | } | ||||
7961 | |||||
7962 | return offset; | ||||
7963 | } | ||||
7964 | |||||
7965 | static uint32_t | ||||
7966 | ssl_dissect_hnd_hello_ext_early_data(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), | ||||
7967 | proto_tree *tree, uint32_t offset, uint32_t offset_end _U___attribute__((unused)), | ||||
7968 | uint8_t hnd_type, SslDecryptSession *ssl) | ||||
7969 | { | ||||
7970 | /* RFC 8446 Section 4.2.10 | ||||
7971 | * struct {} Empty; | ||||
7972 | * struct { | ||||
7973 | * select (Handshake.msg_type) { | ||||
7974 | * case new_session_ticket: uint32 max_early_data_size; | ||||
7975 | * case client_hello: Empty; | ||||
7976 | * case encrypted_extensions: Empty; | ||||
7977 | * }; | ||||
7978 | * } EarlyDataIndication; | ||||
7979 | */ | ||||
7980 | switch (hnd_type) { | ||||
7981 | case SSL_HND_CLIENT_HELLO: | ||||
7982 | /* Remember that early_data will follow the handshake. */ | ||||
7983 | if (ssl) { | ||||
7984 | ssl_debug_printf("%s found early_data extension\n", G_STRFUNC((const char*) (__func__))); | ||||
7985 | ssl->has_early_data = true1; | ||||
7986 | } | ||||
7987 | break; | ||||
7988 | case SSL_HND_NEWSESSION_TICKET: | ||||
7989 | proto_tree_add_item(tree, hf->hf.hs_ext_max_early_data_size, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | ||||
7990 | offset += 4; | ||||
7991 | break; | ||||
7992 | default: | ||||
7993 | break; | ||||
7994 | } | ||||
7995 | return offset; | ||||
7996 | } | ||||
7997 | |||||
7998 | static uint16_t | ||||
7999 | tls_try_get_version(bool_Bool is_dtls, uint16_t version, uint8_t *draft_version) | ||||
8000 | { | ||||
8001 | if (draft_version) { | ||||
8002 | *draft_version = 0; | ||||
8003 | } | ||||
8004 | if (!is_dtls) { | ||||
8005 | uint8_t tls13_draft = extract_tls13_draft_version(version); | ||||
8006 | if (tls13_draft != 0) { | ||||
8007 | /* This is TLS 1.3 (a draft version). */ | ||||
8008 | if (draft_version) { | ||||
8009 | *draft_version = tls13_draft; | ||||
8010 | } | ||||
8011 | version = TLSV1DOT3_VERSION0x304; | ||||
8012 | } | ||||
8013 | if (version == 0xfb17 || version == 0xfb1a) { | ||||
8014 | /* Unofficial TLS 1.3 draft version for Facebook fizz. */ | ||||
8015 | tls13_draft = (uint8_t)version; | ||||
8016 | if (draft_version) { | ||||
8017 | *draft_version = tls13_draft; | ||||
8018 | } | ||||
8019 | version = TLSV1DOT3_VERSION0x304; | ||||
8020 | } | ||||
8021 | } | ||||
8022 | |||||
8023 | switch (version) { | ||||
8024 | case SSLV3_VERSION0x300: | ||||
8025 | case TLSV1_VERSION0x301: | ||||
8026 | case TLSV1DOT1_VERSION0x302: | ||||
8027 | case TLSV1DOT2_VERSION0x303: | ||||
8028 | case TLSV1DOT3_VERSION0x304: | ||||
8029 | case TLCPV1_VERSION0x101: | ||||
8030 | if (is_dtls) | ||||
8031 | return SSL_VER_UNKNOWN0; | ||||
8032 | break; | ||||
8033 | |||||
8034 | case DTLSV1DOT0_VERSION0xfeff: | ||||
8035 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | ||||
8036 | case DTLSV1DOT2_VERSION0xfefd: | ||||
8037 | case DTLSV1DOT3_VERSION0xfefc: | ||||
8038 | if (!is_dtls) | ||||
8039 | return SSL_VER_UNKNOWN0; | ||||
8040 | break; | ||||
8041 | |||||
8042 | default: /* invalid version number */ | ||||
8043 | return SSL_VER_UNKNOWN0; | ||||
8044 | } | ||||
8045 | |||||
8046 | return version; | ||||
8047 | } | ||||
8048 | |||||
8049 | static int | ||||
8050 | ssl_dissect_hnd_hello_ext_supported_versions(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
8051 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
8052 | SslSession *session, bool_Bool is_dtls, ja4_data_t *ja4_data) | ||||
8053 | { | ||||
8054 | |||||
8055 | /* RFC 8446 Section 4.2.1 | ||||
8056 | * struct { | ||||
8057 | * ProtocolVersion versions<2..254>; // ClientHello | ||||
8058 | * } SupportedVersions; | ||||
8059 | * Note that ServerHello and HelloRetryRequest are handled by the caller. | ||||
8060 | */ | ||||
8061 | uint32_t versions_length, next_offset; | ||||
8062 | /* ProtocolVersion versions<2..254> */ | ||||
8063 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &versions_length, | ||||
8064 | hf->hf.hs_ext_supported_versions_len, 2, 254)) { | ||||
8065 | return offset_end; | ||||
8066 | } | ||||
8067 | offset++; | ||||
8068 | next_offset = offset + versions_length; | ||||
8069 | |||||
8070 | unsigned version; | ||||
8071 | unsigned current_version, lowest_version = SSL_VER_UNKNOWN0; | ||||
8072 | uint8_t draft_version, max_draft_version = 0; | ||||
8073 | const char *sep = " "; | ||||
8074 | while (offset + 2 <= next_offset) { | ||||
8075 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_supported_version, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &version); | ||||
8076 | offset += 2; | ||||
8077 | |||||
8078 | if (!IS_GREASE_TLS(version)((((version) & 0x0f0f) == 0x0a0a) && (((version) & 0xff) == (((version)>>8) & 0xff)))) { | ||||
8079 | proto_item_append_text(tree, "%s%s", sep, val_to_str(version, ssl_versions, "Unknown (0x%04x)")); | ||||
8080 | sep = ", "; | ||||
8081 | } | ||||
8082 | |||||
8083 | current_version = tls_try_get_version(is_dtls, version, &draft_version); | ||||
8084 | if (session->version == SSL_VER_UNKNOWN0) { | ||||
8085 | if (lowest_version == SSL_VER_UNKNOWN0) { | ||||
8086 | lowest_version = current_version; | ||||
8087 | } else if (current_version != SSL_VER_UNKNOWN0) { | ||||
8088 | if (!is_dtls) { | ||||
8089 | lowest_version = MIN(lowest_version, current_version)(((lowest_version) < (current_version)) ? (lowest_version) : (current_version)); | ||||
8090 | } else { | ||||
8091 | lowest_version = MAX(lowest_version, current_version)(((lowest_version) > (current_version)) ? (lowest_version) : (current_version)); | ||||
8092 | } | ||||
8093 | } | ||||
8094 | } | ||||
8095 | max_draft_version = MAX(draft_version, max_draft_version)(((draft_version) > (max_draft_version)) ? (draft_version) : (max_draft_version)); | ||||
8096 | if (ja4_data && !IS_GREASE_TLS(version)((((version) & 0x0f0f) == 0x0a0a) && (((version) & 0xff) == (((version)>>8) & 0xff)))) { | ||||
8097 | /* The DTLS version numbers get mapped to "00" for unknown per | ||||
8098 | * JA4 spec, but if JA4 ever does support DTLS we'll probably | ||||
8099 | * need to take the MIN instead of MAX here for DTLS. | ||||
8100 | */ | ||||
8101 | ja4_data->max_version = MAX(version, ja4_data->max_version)(((version) > (ja4_data->max_version)) ? (version) : (ja4_data ->max_version)); | ||||
8102 | } | ||||
8103 | } | ||||
8104 | if (session->version == SSL_VER_UNKNOWN0 && lowest_version != SSL_VER_UNKNOWN0) { | ||||
8105 | col_set_str(pinfo->cinfo, COL_PROTOCOL, | ||||
8106 | val_to_str_const(version, ssl_version_short_names, is_dtls ? "DTLS" : "TLS")); | ||||
8107 | } | ||||
8108 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { | ||||
8109 | offset = next_offset; | ||||
8110 | } | ||||
8111 | |||||
8112 | /* XXX remove this when draft 19 support is dropped, | ||||
8113 | * this is only required for early data decryption. */ | ||||
8114 | if (max_draft_version) { | ||||
8115 | session->tls13_draft_version = max_draft_version; | ||||
8116 | } | ||||
8117 | |||||
8118 | return offset; | ||||
8119 | } | ||||
8120 | |||||
8121 | static int | ||||
8122 | ssl_dissect_hnd_hello_ext_cookie(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
8123 | packet_info *pinfo, proto_tree *tree, | ||||
8124 | uint32_t offset, uint32_t offset_end) | ||||
8125 | { | ||||
8126 | /* RFC 8446 Section 4.2.2 | ||||
8127 | * struct { | ||||
8128 | * opaque cookie<1..2^16-1>; | ||||
8129 | * } Cookie; | ||||
8130 | */ | ||||
8131 | uint32_t cookie_length; | ||||
8132 | /* opaque cookie<1..2^16-1> */ | ||||
8133 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cookie_length, | ||||
8134 | hf->hf.hs_ext_cookie_len, 1, UINT16_MAX(65535))) { | ||||
8135 | return offset_end; | ||||
8136 | } | ||||
8137 | offset += 2; | ||||
8138 | |||||
8139 | proto_tree_add_item(tree, hf->hf.hs_ext_cookie, tvb, offset, cookie_length, ENC_NA0x00000000); | ||||
8140 | offset += cookie_length; | ||||
8141 | |||||
8142 | return offset; | ||||
8143 | } | ||||
8144 | |||||
8145 | static int | ||||
8146 | ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
8147 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
8148 | { | ||||
8149 | /* RFC 8446 Section 4.2.9 | ||||
8150 | * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; | ||||
8151 | * | ||||
8152 | * struct { | ||||
8153 | * PskKeyExchangeMode ke_modes<1..255>; | ||||
8154 | * } PskKeyExchangeModes; | ||||
8155 | */ | ||||
8156 | uint32_t ke_modes_length, next_offset; | ||||
8157 | |||||
8158 | /* PskKeyExchangeMode ke_modes<1..255> */ | ||||
8159 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &ke_modes_length, | ||||
8160 | hf->hf.hs_ext_psk_ke_modes_length, 1, 255)) { | ||||
8161 | return offset_end; | ||||
8162 | } | ||||
8163 | offset++; | ||||
8164 | next_offset = offset + ke_modes_length; | ||||
8165 | |||||
8166 | while (offset < next_offset) { | ||||
8167 | proto_tree_add_item(tree, hf->hf.hs_ext_psk_ke_mode, tvb, offset, 1, ENC_NA0x00000000); | ||||
8168 | offset++; | ||||
8169 | } | ||||
8170 | |||||
8171 | return offset; | ||||
8172 | } | ||||
8173 | |||||
8174 | static uint32_t | ||||
8175 | ssl_dissect_hnd_hello_ext_certificate_authorities(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
8176 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
8177 | { | ||||
8178 | /* RFC 8446 Section 4.2.4 | ||||
8179 | * opaque DistinguishedName<1..2^16-1>; | ||||
8180 | * struct { | ||||
8181 | * DistinguishedName authorities<3..2^16-1>; | ||||
8182 | * } CertificateAuthoritiesExtension; | ||||
8183 | */ | ||||
8184 | return tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); | ||||
8185 | } | ||||
8186 | |||||
8187 | static int | ||||
8188 | ssl_dissect_hnd_hello_ext_oid_filters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
8189 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
8190 | { | ||||
8191 | /* RFC 8446 Section 4.2.5 | ||||
8192 | * struct { | ||||
8193 | * opaque certificate_extension_oid<1..2^8-1>; | ||||
8194 | * opaque certificate_extension_values<0..2^16-1>; | ||||
8195 | * } OIDFilter; | ||||
8196 | * struct { | ||||
8197 | * OIDFilter filters<0..2^16-1>; | ||||
8198 | * } OIDFilterExtension; | ||||
8199 | */ | ||||
8200 | proto_tree *subtree; | ||||
8201 | uint32_t filters_length, oid_length, values_length, value_offset; | ||||
8202 | asn1_ctx_t asn1_ctx; | ||||
8203 | const char *oid, *name; | ||||
8204 | |||||
8205 | /* OIDFilter filters<0..2^16-1> */ | ||||
8206 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &filters_length, | ||||
8207 | hf->hf.hs_ext_psk_ke_modes_length, 0, UINT16_MAX(65535))) { | ||||
8208 | return offset_end; | ||||
8209 | } | ||||
8210 | offset += 2; | ||||
8211 | offset_end = offset + filters_length; | ||||
8212 | |||||
8213 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | ||||
8214 | |||||
8215 | while (offset < offset_end) { | ||||
8216 | subtree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | ||||
8217 | hf->ett.hs_ext_oid_filter, NULL((void*)0), "OID Filter"); | ||||
8218 | |||||
8219 | /* opaque certificate_extension_oid<1..2^8-1> */ | ||||
8220 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &oid_length, | ||||
8221 | hf->hf.hs_ext_oid_filters_oid_length, 1, UINT8_MAX(255))) { | ||||
8222 | return offset_end; | ||||
8223 | } | ||||
8224 | offset++; | ||||
8225 | dissect_ber_object_identifier_str(false0, &asn1_ctx, subtree, tvb, offset, | ||||
8226 | hf->hf.hs_ext_oid_filters_oid, &oid); | ||||
8227 | offset += oid_length; | ||||
8228 | |||||
8229 | /* Append OID to tree label */ | ||||
8230 | name = oid_resolved_from_string(pinfo->pool, oid); | ||||
8231 | proto_item_append_text(subtree, " (%s)", name ? name : oid); | ||||
8232 | |||||
8233 | /* opaque certificate_extension_values<0..2^16-1> */ | ||||
8234 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &values_length, | ||||
8235 | hf->hf.hs_ext_oid_filters_values_length, 0, UINT16_MAX(65535))) { | ||||
8236 | return offset_end; | ||||
8237 | } | ||||
8238 | offset += 2; | ||||
8239 | proto_item_set_len(subtree, 1 + oid_length + 2 + values_length); | ||||
8240 | if (values_length > 0) { | ||||
8241 | value_offset = offset; | ||||
8242 | value_offset = dissect_ber_identifier(pinfo, subtree, tvb, value_offset, NULL((void*)0), NULL((void*)0), NULL((void*)0)); | ||||
8243 | value_offset = dissect_ber_length(pinfo, subtree, tvb, value_offset, NULL((void*)0), NULL((void*)0)); | ||||
8244 | call_ber_oid_callback(oid, tvb, value_offset, pinfo, subtree, NULL((void*)0)); | ||||
8245 | } | ||||
8246 | offset += values_length; | ||||
8247 | } | ||||
8248 | |||||
8249 | return offset; | ||||
8250 | } | ||||
8251 | |||||
8252 | static int | ||||
8253 | ssl_dissect_hnd_hello_ext_server_name(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
8254 | packet_info *pinfo, proto_tree *tree, | ||||
8255 | uint32_t offset, uint32_t offset_end) | ||||
8256 | { | ||||
8257 | /* https://tools.ietf.org/html/rfc6066#section-3 | ||||
8258 | * | ||||
8259 | * struct { | ||||
8260 | * NameType name_type; | ||||
8261 | * select (name_type) { | ||||
8262 | * case host_name: HostName; | ||||
8263 | * } name; | ||||
8264 | * } ServerName; | ||||
8265 | * | ||||
8266 | * enum { | ||||
8267 | * host_name(0), (255) | ||||
8268 | * } NameType; | ||||
8269 | * | ||||
8270 | * opaque HostName<1..2^16-1>; | ||||
8271 | * | ||||
8272 | * struct { | ||||
8273 | * ServerName server_name_list<1..2^16-1> | ||||
8274 | * } ServerNameList; | ||||
8275 | */ | ||||
8276 | proto_tree *server_name_tree; | ||||
8277 | uint32_t list_length, server_name_length, next_offset; | ||||
8278 | |||||
8279 | /* The server SHALL include "server_name" extension with empty data. */ | ||||
8280 | if (offset == offset_end) { | ||||
8281 | return offset; | ||||
8282 | } | ||||
8283 | |||||
8284 | server_name_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_server_name, NULL((void*)0), "Server Name Indication extension"); | ||||
8285 | |||||
8286 | /* ServerName server_name_list<1..2^16-1> */ | ||||
8287 | if (!ssl_add_vector(hf, tvb, pinfo, server_name_tree, offset, offset_end, &list_length, | ||||
8288 | hf->hf.hs_ext_server_name_list_len, 1, UINT16_MAX(65535))) { | ||||
8289 | return offset_end; | ||||
8290 | } | ||||
8291 | offset += 2; | ||||
8292 | next_offset = offset + list_length; | ||||
8293 | |||||
8294 | while (offset < next_offset) { | ||||
8295 | uint32_t name_type; | ||||
8296 | const uint8_t *server_name = NULL((void*)0); | ||||
8297 | proto_tree_add_item_ret_uint(server_name_tree, hf->hf.hs_ext_server_name_type, | ||||
8298 | tvb, offset, 1, ENC_NA0x00000000, &name_type); | ||||
8299 | offset++; | ||||
8300 | |||||
8301 | /* opaque HostName<1..2^16-1> */ | ||||
8302 | if (!ssl_add_vector(hf, tvb, pinfo, server_name_tree, offset, next_offset, &server_name_length, | ||||
8303 | hf->hf.hs_ext_server_name_len, 1, UINT16_MAX(65535))) { | ||||
8304 | return next_offset; | ||||
8305 | } | ||||
8306 | offset += 2; | ||||
8307 | |||||
8308 | proto_tree_add_item_ret_string(server_name_tree, hf->hf.hs_ext_server_name, | ||||
8309 | tvb, offset, server_name_length, ENC_ASCII0x00000000|ENC_NA0x00000000, | ||||
8310 | pinfo->pool, &server_name); | ||||
8311 | offset += server_name_length; | ||||
8312 | // Each type must only occur once, so we don't check for duplicates. | ||||
8313 | if (name_type == 0) { | ||||
8314 | proto_item_append_text(tree, " name=%s", server_name); | ||||
8315 | col_append_fstr(pinfo->cinfo, COL_INFO, " (SNI=%s)", server_name); | ||||
8316 | |||||
8317 | if (gbl_resolv_flags.handshake_sni_addr_resolution) { | ||||
8318 | // Client Hello: Client (Src) -> Server (Dst) | ||||
8319 | switch (pinfo->dst.type) { | ||||
8320 | case AT_IPv4: | ||||
8321 | if (pinfo->dst.len == sizeof(uint32_t)) { | ||||
8322 | add_ipv4_name(*(uint32_t *)pinfo->dst.data, server_name, false0); | ||||
8323 | } | ||||
8324 | break; | ||||
8325 | case AT_IPv6: | ||||
8326 | if (pinfo->dst.len == sizeof(ws_in6_addr)) { | ||||
8327 | add_ipv6_name(pinfo->dst.data, server_name, false0); | ||||
8328 | } | ||||
8329 | break; | ||||
8330 | } | ||||
8331 | } | ||||
8332 | } | ||||
8333 | } | ||||
8334 | return offset; | ||||
8335 | } | ||||
8336 | |||||
8337 | static int | ||||
8338 | ssl_dissect_hnd_hello_ext_session_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
8339 | proto_tree *tree, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, SslDecryptSession *ssl) | ||||
8340 | { | ||||
8341 | unsigned ext_len = offset_end - offset; | ||||
8342 | if (hnd_type == SSL_HND_CLIENT_HELLO && ssl && ext_len != 0) { | ||||
8343 | tvb_ensure_bytes_exist(tvb, offset, ext_len); | ||||
8344 | /* Save the Session Ticket such that it can be used as identifier for | ||||
8345 | * restoring a previous Master Secret (in ChangeCipherSpec) */ | ||||
8346 | ssl->session_ticket.data = (unsigned char*)wmem_realloc(wmem_file_scope(), | ||||
8347 | ssl->session_ticket.data, ext_len); | ||||
8348 | ssl->session_ticket.data_len = ext_len; | ||||
8349 | tvb_memcpy(tvb,ssl->session_ticket.data, offset, ext_len); | ||||
8350 | } | ||||
8351 | proto_tree_add_item(tree, hf->hf.hs_ext_session_ticket, | ||||
8352 | tvb, offset, ext_len, ENC_NA0x00000000); | ||||
8353 | return offset + ext_len; | ||||
8354 | } | ||||
8355 | |||||
8356 | static int | ||||
8357 | ssl_dissect_hnd_hello_ext_cert_type(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
8358 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
8359 | uint8_t hnd_type, uint16_t ext_type, SslSession *session) | ||||
8360 | { | ||||
8361 | uint8_t cert_list_length; | ||||
8362 | uint8_t cert_type; | ||||
8363 | proto_tree *cert_list_tree; | ||||
8364 | proto_item *ti; | ||||
8365 | |||||
8366 | switch(hnd_type){ | ||||
8367 | case SSL_HND_CLIENT_HELLO: | ||||
8368 | cert_list_length = tvb_get_uint8(tvb, offset); | ||||
8369 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_types_len, | ||||
8370 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
8371 | offset += 1; | ||||
8372 | if (offset_end - offset != (uint32_t)cert_list_length) | ||||
8373 | return offset; | ||||
8374 | |||||
8375 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_cert_types, tvb, offset, | ||||
8376 | cert_list_length, cert_list_length); | ||||
8377 | proto_item_append_text(ti, " (%d)", cert_list_length); | ||||
8378 | |||||
8379 | /* make this a subtree */ | ||||
8380 | cert_list_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_cert_types); | ||||
8381 | |||||
8382 | /* loop over all point formats */ | ||||
8383 | while (cert_list_length > 0) | ||||
8384 | { | ||||
8385 | proto_tree_add_item(cert_list_tree, hf->hf.hs_ext_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
8386 | offset++; | ||||
8387 | cert_list_length--; | ||||
8388 | } | ||||
8389 | break; | ||||
8390 | case SSL_HND_SERVER_HELLO: | ||||
8391 | case SSL_HND_ENCRYPTED_EXTENSIONS: | ||||
8392 | case SSL_HND_CERTIFICATE: | ||||
8393 | cert_type = tvb_get_uint8(tvb, offset); | ||||
8394 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
8395 | offset += 1; | ||||
8396 | if (ext_type == SSL_HND_HELLO_EXT_CERT_TYPE9 || ext_type == SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19) { | ||||
8397 | session->client_cert_type = cert_type; | ||||
8398 | } | ||||
8399 | if (ext_type == SSL_HND_HELLO_EXT_CERT_TYPE9 || ext_type == SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20) { | ||||
8400 | session->server_cert_type = cert_type; | ||||
8401 | } | ||||
8402 | break; | ||||
8403 | default: /* no default */ | ||||
8404 | break; | ||||
8405 | } | ||||
8406 | |||||
8407 | return offset; | ||||
8408 | } | ||||
8409 | |||||
8410 | static uint32_t | ||||
8411 | ssl_dissect_hnd_hello_ext_compress_certificate(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
8412 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
8413 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | ||||
8414 | { | ||||
8415 | uint32_t compress_certificate_algorithms_length, next_offset; | ||||
8416 | |||||
8417 | /* https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03#section-3.0 | ||||
8418 | * enum { | ||||
8419 | * zlib(1), | ||||
8420 | * brotli(2), | ||||
8421 | * (65535) | ||||
8422 | * } CertificateCompressionAlgorithm; | ||||
8423 | * | ||||
8424 | * struct { | ||||
8425 | * CertificateCompressionAlgorithm algorithms<1..2^8-1>; | ||||
8426 | * } CertificateCompressionAlgorithms; | ||||
8427 | */ | ||||
8428 | switch (hnd_type) { | ||||
8429 | case SSL_HND_CLIENT_HELLO: | ||||
8430 | case SSL_HND_CERT_REQUEST: | ||||
8431 | /* CertificateCompressionAlgorithm algorithms<1..2^8-1>;*/ | ||||
8432 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compress_certificate_algorithms_length, | ||||
8433 | hf->hf.hs_ext_compress_certificate_algorithms_length, 1, UINT8_MAX(255)-1)) { | ||||
8434 | return offset_end; | ||||
8435 | } | ||||
8436 | offset += 1; | ||||
8437 | next_offset = offset + compress_certificate_algorithms_length; | ||||
8438 | |||||
8439 | while (offset < next_offset) { | ||||
8440 | proto_tree_add_item(tree, hf->hf.hs_ext_compress_certificate_algorithm, | ||||
8441 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
8442 | offset += 2; | ||||
8443 | } | ||||
8444 | break; | ||||
8445 | default: | ||||
8446 | break; | ||||
8447 | } | ||||
8448 | |||||
8449 | return offset; | ||||
8450 | } | ||||
8451 | |||||
8452 | static uint32_t | ||||
8453 | ssl_dissect_hnd_hello_ext_token_binding(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
8454 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
8455 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | ||||
8456 | { | ||||
8457 | uint32_t key_parameters_length, next_offset; | ||||
8458 | proto_item *p_ti; | ||||
8459 | proto_tree *p_tree; | ||||
8460 | |||||
8461 | /* RFC 8472 | ||||
8462 | * | ||||
8463 | * struct { | ||||
8464 | * uint8 major; | ||||
8465 | * uint8 minor; | ||||
8466 | * } TB_ProtocolVersion; | ||||
8467 | * | ||||
8468 | * enum { | ||||
8469 | * rsa2048_pkcs1.5(0), rsa2048_pss(1), ecdsap256(2), (255) | ||||
8470 | * } TokenBindingKeyParameters; | ||||
8471 | * | ||||
8472 | * struct { | ||||
8473 | * TB_ProtocolVersion token_binding_version; | ||||
8474 | * TokenBindingKeyParameters key_parameters_list<1..2^8-1> | ||||
8475 | * } TokenBindingParameters; | ||||
8476 | */ | ||||
8477 | |||||
8478 | switch (hnd_type) { | ||||
8479 | case SSL_HND_CLIENT_HELLO: | ||||
8480 | case SSL_HND_SERVER_HELLO: | ||||
8481 | proto_tree_add_item(tree, hf->hf.hs_ext_token_binding_version_major, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
8482 | offset += 1; | ||||
8483 | proto_tree_add_item(tree, hf->hf.hs_ext_token_binding_version_minor, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
8484 | offset += 1; | ||||
8485 | |||||
8486 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &key_parameters_length, | ||||
8487 | hf->hf.hs_ext_token_binding_key_parameters_length, 1, UINT8_MAX(255))) { | ||||
8488 | return offset_end; | ||||
8489 | } | ||||
8490 | offset += 1; | ||||
8491 | next_offset = offset + key_parameters_length; | ||||
8492 | |||||
8493 | p_ti = proto_tree_add_none_format(tree, | ||||
8494 | hf->hf.hs_ext_token_binding_key_parameters, | ||||
8495 | tvb, offset, key_parameters_length, | ||||
8496 | "Key parameters identifiers (%d identifier%s)", | ||||
8497 | key_parameters_length, | ||||
8498 | plurality(key_parameters_length, "", "s")((key_parameters_length) == 1 ? ("") : ("s"))); | ||||
8499 | p_tree = proto_item_add_subtree(p_ti, hf->ett.hs_ext_token_binding_key_parameters); | ||||
8500 | |||||
8501 | while (offset < next_offset) { | ||||
8502 | proto_tree_add_item(p_tree, hf->hf.hs_ext_token_binding_key_parameter, | ||||
8503 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
8504 | offset += 1; | ||||
8505 | } | ||||
8506 | |||||
8507 | if (!ssl_end_vector(hf, tvb, pinfo, p_tree, offset, next_offset)) { | ||||
8508 | offset = next_offset; | ||||
8509 | } | ||||
8510 | |||||
8511 | break; | ||||
8512 | default: | ||||
8513 | break; | ||||
8514 | } | ||||
8515 | |||||
8516 | return offset; | ||||
8517 | } | ||||
8518 | |||||
8519 | static uint32_t | ||||
8520 | ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
8521 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
8522 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | ||||
8523 | { | ||||
8524 | bool_Bool use_varint_encoding = true1; // Whether this is draft -27 or newer. | ||||
8525 | uint32_t next_offset; | ||||
8526 | |||||
8527 | /* https://tools.ietf.org/html/draft-ietf-quic-transport-25#section-18 | ||||
8528 | * | ||||
8529 | * Note: the following structures are not literally defined in the spec, | ||||
8530 | * they instead use an ASCII diagram. | ||||
8531 | * | ||||
8532 | * struct { | ||||
8533 | * uint16 id; | ||||
8534 | * opaque value<0..2^16-1>; | ||||
8535 | * } TransportParameter; // before draft -27 | ||||
8536 | * TransportParameter TransportParameters<0..2^16-1>; // before draft -27 | ||||
8537 | * | ||||
8538 | * struct { | ||||
8539 | * opaque ipv4Address[4]; | ||||
8540 | * uint16 ipv4Port; | ||||
8541 | * opaque ipv6Address[16]; | ||||
8542 | * uint16 ipv6Port; | ||||
8543 | * opaque connectionId<0..18>; | ||||
8544 | * opaque statelessResetToken[16]; | ||||
8545 | * } PreferredAddress; | ||||
8546 | */ | ||||
8547 | |||||
8548 | if (offset_end - offset >= 6 && | ||||
8549 | 2 + (unsigned)tvb_get_ntohs(tvb, offset) == offset_end - offset && | ||||
8550 | 6 + (unsigned)tvb_get_ntohs(tvb, offset + 4) <= offset_end - offset) { | ||||
8551 | // Assume encoding of Transport Parameters draft -26 or older with at | ||||
8552 | // least one transport parameter that has a valid length. | ||||
8553 | use_varint_encoding = false0; | ||||
8554 | } | ||||
8555 | |||||
8556 | if (use_varint_encoding) { | ||||
8557 | next_offset = offset_end; | ||||
8558 | } else { | ||||
8559 | uint32_t quic_length; | ||||
8560 | // Assume draft -26 or earlier. | ||||
8561 | /* TransportParameter TransportParameters<0..2^16-1>; */ | ||||
8562 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &quic_length, | ||||
8563 | hf->hf.hs_ext_quictp_len, 0, UINT16_MAX(65535))) { | ||||
8564 | return offset_end; | ||||
8565 | } | ||||
8566 | offset += 2; | ||||
8567 | next_offset = offset + quic_length; | ||||
8568 | } | ||||
8569 | |||||
8570 | while (offset < next_offset) { | ||||
8571 | uint64_t parameter_type; /* 62-bit space */ | ||||
8572 | uint32_t parameter_length; | ||||
8573 | proto_tree *parameter_tree; | ||||
8574 | uint32_t parameter_end_offset; | ||||
8575 | uint64_t value; | ||||
8576 | uint32_t len = 0, i; | ||||
8577 | |||||
8578 | parameter_tree = proto_tree_add_subtree(tree, tvb, offset, 2, hf->ett.hs_ext_quictp_parameter, | ||||
8579 | NULL((void*)0), "Parameter"); | ||||
8580 | /* TransportParameter ID and Length. */ | ||||
8581 | if (use_varint_encoding) { | ||||
8582 | uint64_t parameter_length64; | ||||
8583 | uint32_t type_len = 0; | ||||
8584 | |||||
8585 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_type, | ||||
8586 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, ¶meter_type, &type_len); | ||||
8587 | offset += type_len; | ||||
8588 | |||||
8589 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_len, | ||||
8590 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, ¶meter_length64, &len); | ||||
8591 | parameter_length = (uint32_t)parameter_length64; | ||||
8592 | offset += len; | ||||
8593 | |||||
8594 | proto_item_set_len(parameter_tree, type_len + len + parameter_length); | ||||
8595 | } else { | ||||
8596 | parameter_type = tvb_get_ntohs(tvb, offset); | ||||
8597 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_type, | ||||
8598 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
8599 | offset += 2; | ||||
8600 | |||||
8601 | /* opaque value<0..2^16-1> */ | ||||
8602 | if (!ssl_add_vector(hf, tvb, pinfo, parameter_tree, offset, next_offset, ¶meter_length, | ||||
8603 | hf->hf.hs_ext_quictp_parameter_len_old, 0, UINT16_MAX(65535))) { | ||||
8604 | return next_offset; | ||||
8605 | } | ||||
8606 | offset += 2; | ||||
8607 | |||||
8608 | proto_item_set_len(parameter_tree, 4 + parameter_length); | ||||
8609 | } | ||||
8610 | |||||
8611 | if (IS_GREASE_QUIC(parameter_type)((parameter_type) > 27 ? ((((parameter_type) - 27) % 31) == 0) : 0)) { | ||||
8612 | proto_item_append_text(parameter_tree, ": GREASE"); | ||||
8613 | } else { | ||||
8614 | proto_item_append_text(parameter_tree, ": %s", val64_to_str(parameter_type, quic_transport_parameter_id, "Unknown 0x%04x")); | ||||
8615 | } | ||||
8616 | |||||
8617 | proto_item_append_text(parameter_tree, " (len=%u)", parameter_length); | ||||
8618 | parameter_end_offset = offset + parameter_length; | ||||
8619 | |||||
8620 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_value, | ||||
8621 | tvb, offset, parameter_length, ENC_NA0x00000000); | ||||
8622 | |||||
8623 | switch (parameter_type) { | ||||
8624 | case SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID0x00: | ||||
8625 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_original_destination_connection_id, | ||||
8626 | tvb, offset, parameter_length, ENC_NA0x00000000); | ||||
8627 | offset += parameter_length; | ||||
8628 | break; | ||||
8629 | case SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT0x01: | ||||
8630 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_idle_timeout, | ||||
8631 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8632 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u" " ms", value); | ||||
8633 | offset += len; | ||||
8634 | break; | ||||
8635 | case SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN0x02: | ||||
8636 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_stateless_reset_token, | ||||
8637 | tvb, offset, 16, ENC_BIG_ENDIAN0x00000000); | ||||
8638 | quic_add_stateless_reset_token(pinfo, tvb, offset, NULL((void*)0)); | ||||
8639 | offset += 16; | ||||
8640 | break; | ||||
8641 | case SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE0x03: | ||||
8642 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_udp_payload_size, | ||||
8643 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8644 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8645 | /*TODO display expert info about invalid value (< 1252 or >65527) ? */ | ||||
8646 | offset += len; | ||||
8647 | break; | ||||
8648 | case SSL_HND_QUIC_TP_INITIAL_MAX_DATA0x04: | ||||
8649 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_data, | ||||
8650 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8651 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8652 | offset += len; | ||||
8653 | break; | ||||
8654 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL0x05: | ||||
8655 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_local, | ||||
8656 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8657 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8658 | offset += len; | ||||
8659 | break; | ||||
8660 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE0x06: | ||||
8661 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote, | ||||
8662 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8663 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8664 | offset += len; | ||||
8665 | break; | ||||
8666 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI0x07: | ||||
8667 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_uni, | ||||
8668 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8669 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8670 | offset += len; | ||||
8671 | break; | ||||
8672 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI0x09: | ||||
8673 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_streams_uni, | ||||
8674 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8675 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8676 | offset += len; | ||||
8677 | break; | ||||
8678 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI0x08: | ||||
8679 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_streams_bidi, | ||||
8680 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8681 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8682 | offset += len; | ||||
8683 | break; | ||||
8684 | case SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT0x0a: | ||||
8685 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_ack_delay_exponent, | ||||
8686 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, NULL((void*)0), &len); | ||||
8687 | /*TODO display multiplier (x8) and expert info about invalid value (> 20) ? */ | ||||
8688 | offset += len; | ||||
8689 | break; | ||||
8690 | case SSL_HND_QUIC_TP_MAX_ACK_DELAY0x0b: | ||||
8691 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_ack_delay, | ||||
8692 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8693 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8694 | offset += len; | ||||
8695 | break; | ||||
8696 | case SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION0x0c: | ||||
8697 | /* No Payload */ | ||||
8698 | break; | ||||
8699 | case SSL_HND_QUIC_TP_PREFERRED_ADDRESS0x0d: { | ||||
8700 | uint32_t connectionid_length; | ||||
8701 | quic_cid_t cid; | ||||
8702 | |||||
8703 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4address, | ||||
8704 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | ||||
8705 | offset += 4; | ||||
8706 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4port, | ||||
8707 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
8708 | offset += 2; | ||||
8709 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6address, | ||||
8710 | tvb, offset, 16, ENC_NA0x00000000); | ||||
8711 | offset += 16; | ||||
8712 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6port, | ||||
8713 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
8714 | offset += 2; | ||||
8715 | /* XXX - Should we add these addresses and ports as addresses that the client | ||||
8716 | * is allowed / expected to migrate the server address to? Right now we don't | ||||
8717 | * enforce that (see RFC 9000 Section 9, which implies that while the client | ||||
8718 | * can migrate to whatever address it wants, it can only migrate the server | ||||
8719 | * address to the Server's Preferred Address as in 9.6. Also Issue #20165.) | ||||
8720 | */ | ||||
8721 | |||||
8722 | if (!ssl_add_vector(hf, tvb, pinfo, parameter_tree, offset, offset_end, &connectionid_length, | ||||
8723 | hf->hf.hs_ext_quictp_parameter_pa_connectionid_length, 0, 20)) { | ||||
8724 | break; | ||||
8725 | } | ||||
8726 | offset += 1; | ||||
8727 | |||||
8728 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_connectionid, | ||||
8729 | tvb, offset, connectionid_length, ENC_NA0x00000000); | ||||
8730 | if (connectionid_length >= 1 && connectionid_length <= QUIC_MAX_CID_LENGTH20) { | ||||
8731 | cid.len = connectionid_length; | ||||
8732 | // RFC 9000 5.1.1 "If the preferred_address transport | ||||
8733 | // parameter is sent, the sequence number of the supplied | ||||
8734 | // connection ID is 1." | ||||
8735 | cid.seq_num = 1; | ||||
8736 | // Multipath draft-07 "Also, the Path Identifier for the | ||||
8737 | // connection ID specified in the "preferred address" | ||||
8738 | // transport parameter is 0." | ||||
8739 | cid.path_id = 0; | ||||
8740 | tvb_memcpy(tvb, cid.cid, offset, connectionid_length); | ||||
8741 | quic_add_connection(pinfo, &cid); | ||||
8742 | } | ||||
8743 | offset += connectionid_length; | ||||
8744 | |||||
8745 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_statelessresettoken, | ||||
8746 | tvb, offset, 16, ENC_NA0x00000000); | ||||
8747 | if (connectionid_length >= 1 && connectionid_length <= QUIC_MAX_CID_LENGTH20) { | ||||
8748 | quic_add_stateless_reset_token(pinfo, tvb, offset, &cid); | ||||
8749 | } | ||||
8750 | offset += 16; | ||||
8751 | } | ||||
8752 | break; | ||||
8753 | case SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT0x0e: | ||||
8754 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_active_connection_id_limit, | ||||
8755 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8756 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8757 | offset += len; | ||||
8758 | break; | ||||
8759 | case SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID0x0f: | ||||
8760 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_source_connection_id, | ||||
8761 | tvb, offset, parameter_length, ENC_NA0x00000000); | ||||
8762 | offset += parameter_length; | ||||
8763 | break; | ||||
8764 | case SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID0x10: | ||||
8765 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_retry_source_connection_id, | ||||
8766 | tvb, offset, parameter_length, ENC_NA0x00000000); | ||||
8767 | offset += parameter_length; | ||||
8768 | break; | ||||
8769 | case SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE0x20: | ||||
8770 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_datagram_frame_size, | ||||
8771 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8772 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8773 | offset += len; | ||||
8774 | break; | ||||
8775 | case SSL_HND_QUIC_TP_CIBIR_ENCODING0x1000: | ||||
8776 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_cibir_encoding_length, | ||||
8777 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8778 | proto_item_append_text(parameter_tree, " Length: %" PRIu64"l" "u", value); | ||||
8779 | offset += len; | ||||
8780 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_cibir_encoding_offset, | ||||
8781 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8782 | proto_item_append_text(parameter_tree, ", Offset: %" PRIu64"l" "u", value); | ||||
8783 | offset += len; | ||||
8784 | break; | ||||
8785 | case SSL_HND_QUIC_TP_LOSS_BITS0x1057: | ||||
8786 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_loss_bits, | ||||
8787 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8788 | if (len > 0) { | ||||
8789 | quic_add_loss_bits(pinfo, value); | ||||
8790 | } | ||||
8791 | offset += 1; | ||||
8792 | break; | ||||
8793 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD0xde1a: | ||||
8794 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V10xFF03DE1A: | ||||
8795 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT050xff04de1a: | ||||
8796 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY0xff04de1b: | ||||
8797 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_min_ack_delay, | ||||
8798 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8799 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); | ||||
8800 | offset += len; | ||||
8801 | break; | ||||
8802 | case SSL_HND_QUIC_TP_GOOGLE_USER_AGENT0x3129: | ||||
8803 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_user_agent_id, | ||||
8804 | tvb, offset, parameter_length, ENC_ASCII0x00000000|ENC_NA0x00000000); | ||||
8805 | offset += parameter_length; | ||||
8806 | break; | ||||
8807 | case SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED0x312B: | ||||
8808 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_key_update_not_yet_supported, | ||||
8809 | tvb, offset, parameter_length, ENC_NA0x00000000); | ||||
8810 | offset += parameter_length; | ||||
8811 | break; | ||||
8812 | case SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION0x4752: | ||||
8813 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_version, | ||||
8814 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | ||||
8815 | offset += 4; | ||||
8816 | if (hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS) { /* From server */ | ||||
8817 | uint32_t versions_length; | ||||
8818 | |||||
8819 | proto_tree_add_item_ret_uint(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_supported_versions_length, | ||||
8820 | tvb, offset, 1, ENC_NA0x00000000, &versions_length); | ||||
8821 | offset += 1; | ||||
8822 | for (i = 0; i < versions_length / 4; i++) { | ||||
8823 | quic_proto_tree_add_version(tvb, parameter_tree, | ||||
8824 | hf->hf.hs_ext_quictp_parameter_google_supported_version, offset); | ||||
8825 | offset += 4; | ||||
8826 | } | ||||
8827 | } | ||||
8828 | break; | ||||
8829 | case SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT0x3127: | ||||
8830 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_initial_rtt, | ||||
8831 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8832 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u" " us", value); | ||||
8833 | offset += len; | ||||
8834 | break; | ||||
8835 | case SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE0x312A: | ||||
8836 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_support_handshake_done, | ||||
8837 | tvb, offset, parameter_length, ENC_NA0x00000000); | ||||
8838 | offset += parameter_length; | ||||
8839 | break; | ||||
8840 | case SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS0x4751: | ||||
8841 | /* This field was used for non-standard Google-specific parameters encoded as a | ||||
8842 | * Google QUIC_CRYPTO CHLO and it has been replaced (version >= T051) by individual | ||||
8843 | * parameters. Report it as a bytes blob... */ | ||||
8844 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_params, | ||||
8845 | tvb, offset, parameter_length, ENC_NA0x00000000); | ||||
8846 | /* ... and try decoding it: not sure what the first 4 bytes are (but they seems to be always 0) */ | ||||
8847 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_params_unknown_field, | ||||
8848 | tvb, offset, 4, ENC_NA0x00000000); | ||||
8849 | dissect_gquic_tags(tvb, pinfo, parameter_tree, offset + 4); | ||||
8850 | offset += parameter_length; | ||||
8851 | break; | ||||
8852 | case SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS0x3128: | ||||
8853 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_connection_options, | ||||
8854 | tvb, offset, parameter_length, ENC_NA0x00000000); | ||||
8855 | offset += parameter_length; | ||||
8856 | break; | ||||
8857 | case SSL_HND_QUIC_TP_ENABLE_TIME_STAMP0x7157: | ||||
8858 | /* No Payload */ | ||||
8859 | break; | ||||
8860 | case SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V20x7158: | ||||
8861 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_enable_time_stamp_v2, | ||||
8862 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8863 | offset += parameter_length; | ||||
8864 | break; | ||||
8865 | case SSL_HND_QUIC_TP_VERSION_INFORMATION0x11: | ||||
8866 | quic_proto_tree_add_version(tvb, parameter_tree, | ||||
8867 | hf->hf.hs_ext_quictp_parameter_chosen_version, offset); | ||||
8868 | offset += 4; | ||||
8869 | for (i = 4; i < parameter_length; i += 4) { | ||||
8870 | quic_proto_tree_add_version(tvb, parameter_tree, | ||||
8871 | hf->hf.hs_ext_quictp_parameter_other_version, offset); | ||||
8872 | offset += 4; | ||||
8873 | } | ||||
8874 | break; | ||||
8875 | case SSL_HND_QUIC_TP_GREASE_QUIC_BIT0x2ab2: | ||||
8876 | /* No Payload */ | ||||
8877 | quic_add_grease_quic_bit(pinfo); | ||||
8878 | break; | ||||
8879 | case SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY0xFF00: | ||||
8880 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_facebook_partial_reliability, | ||||
8881 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8882 | offset += parameter_length; | ||||
8883 | break; | ||||
8884 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT040x0f739bbc1b666d04: | ||||
8885 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_enable_multipath, | ||||
8886 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8887 | if (value == 1) { | ||||
8888 | quic_add_multipath(pinfo, QUIC_MP_NO_PATH_ID1); | ||||
8889 | } | ||||
8890 | offset += parameter_length; | ||||
8891 | break; | ||||
8892 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT050x0f739bbc1b666d05: | ||||
8893 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH0x0f739bbc1b666d06: | ||||
8894 | /* No Payload */ | ||||
8895 | quic_add_multipath(pinfo, QUIC_MP_NO_PATH_ID1); | ||||
8896 | break; | ||||
8897 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATHS0x0f739bbc1b666d07: | ||||
8898 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_paths, | ||||
8899 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8900 | if (value > 1) { | ||||
8901 | quic_add_multipath(pinfo, QUIC_MP_PATH_ID2); | ||||
8902 | } | ||||
8903 | /* multipath draft-07: "The value of the initial_max_paths | ||||
8904 | * parameter MUST be at least 2." TODO: Expert Info? */ | ||||
8905 | offset += parameter_length; | ||||
8906 | break; | ||||
8907 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT090x0f739bbc1b666d09: | ||||
8908 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID0x0f739bbc1b666d11: | ||||
8909 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_path_id, | ||||
8910 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); | ||||
8911 | /* multipath draft-09 and later: "If an endpoint receives an | ||||
8912 | * initial_max_path_id transport parameter with value 0, the | ||||
8913 | * peer aims to enable the multipath extension without allowing | ||||
8914 | * extra paths immediately." | ||||
8915 | */ | ||||
8916 | quic_add_multipath(pinfo, QUIC_MP_PATH_ID2); | ||||
8917 | offset += parameter_length; | ||||
8918 | break; | ||||
8919 | default: | ||||
8920 | offset += parameter_length; | ||||
8921 | /*TODO display expert info about unknown ? */ | ||||
8922 | break; | ||||
8923 | } | ||||
8924 | |||||
8925 | if (!ssl_end_vector(hf, tvb, pinfo, parameter_tree, offset, parameter_end_offset)) { | ||||
8926 | /* Dissection did not end at expected location, fix it. */ | ||||
8927 | offset = parameter_end_offset; | ||||
8928 | } | ||||
8929 | } | ||||
8930 | |||||
8931 | return offset; | ||||
8932 | } | ||||
8933 | |||||
8934 | static int | ||||
8935 | ssl_dissect_hnd_hello_common(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
8936 | proto_tree *tree, uint32_t offset, | ||||
8937 | SslSession *session, SslDecryptSession *ssl, | ||||
8938 | bool_Bool from_server, bool_Bool is_hrr) | ||||
8939 | { | ||||
8940 | uint8_t sessid_length; | ||||
8941 | proto_item *ti; | ||||
8942 | proto_tree *rnd_tree; | ||||
8943 | proto_tree *ti_rnd; | ||||
8944 | proto_tree *ech_confirm_tree; | ||||
8945 | uint8_t draft_version = session->tls13_draft_version; | ||||
8946 | |||||
8947 | if (ssl) { | ||||
8948 | StringInfo *rnd; | ||||
8949 | if (from_server
| ||||
8950 | rnd = &ssl->server_random; | ||||
8951 | else | ||||
8952 | rnd = &ssl->client_random; | ||||
8953 | |||||
8954 | /* save provided random for later keyring generation */ | ||||
8955 | tvb_memcpy(tvb, rnd->data, offset, 32); | ||||
8956 | rnd->data_len = 32; | ||||
8957 | if (from_server
| ||||
8958 | ssl->state |= SSL_SERVER_RANDOM(1<<1); | ||||
8959 | else | ||||
8960 | ssl->state |= SSL_CLIENT_RANDOM(1<<0); | ||||
8961 | ssl_debug_printf("%s found %s RANDOM -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), | ||||
8962 | from_server
| ||||
8963 | } | ||||
8964 | |||||
8965 | if (!from_server
| ||||
8966 | session->client_random.data_len = 32; | ||||
8967 | tvb_memcpy(tvb, session->client_random.data, offset, 32); | ||||
8968 | } | ||||
8969 | |||||
8970 | ti_rnd = proto_tree_add_item(tree, hf->hf.hs_random, tvb, offset, 32, ENC_NA0x00000000); | ||||
8971 | |||||
8972 | if ((session->version != TLSV1DOT3_VERSION0x304) && (session->version != DTLSV1DOT3_VERSION0xfefc)) { /* No time on first bytes random with TLS 1.3 */ | ||||
8973 | |||||
8974 | rnd_tree = proto_item_add_subtree(ti_rnd, hf->ett.hs_random); | ||||
8975 | /* show the time */ | ||||
8976 | proto_tree_add_item(rnd_tree, hf->hf.hs_random_time, | ||||
8977 | tvb, offset, 4, ENC_TIME_SECS0x00000012|ENC_BIG_ENDIAN0x00000000); | ||||
8978 | offset += 4; | ||||
8979 | |||||
8980 | /* show the random bytes */ | ||||
8981 | proto_tree_add_item(rnd_tree, hf->hf.hs_random_bytes, | ||||
8982 | tvb, offset, 28, ENC_NA0x00000000); | ||||
8983 | offset += 28; | ||||
8984 | } else { | ||||
8985 | if (is_hrr) { | ||||
8986 | proto_item_append_text(ti_rnd, " (HelloRetryRequest magic)"); | ||||
8987 | } else if (from_server && session->ech) { | ||||
8988 | ech_confirm_tree = proto_item_add_subtree(ti_rnd, hf->ett.hs_random); | ||||
8989 | proto_tree_add_item(ech_confirm_tree, hf->hf.hs_ech_confirm, tvb, offset + 24, 8, ENC_NA0x00000000); | ||||
8990 | ti = proto_tree_add_bytes_with_length(ech_confirm_tree, hf->hf.hs_ech_confirm_compute, tvb, offset + 24, 0, | ||||
8991 | session->ech_confirmation, 8); | ||||
8992 | proto_item_set_generated(ti); | ||||
8993 | if (memcmp(session->ech_confirmation, tvb_get_ptr(tvb, offset+24, 8), 8)) { | ||||
8994 | expert_add_info(pinfo, ti, &hf->ei.ech_rejected); | ||||
8995 | } else { | ||||
8996 | expert_add_info(pinfo, ti, &hf->ei.ech_accepted); | ||||
8997 | } | ||||
8998 | } | ||||
8999 | |||||
9000 | offset += 32; | ||||
9001 | } | ||||
9002 | |||||
9003 | /* No Session ID with TLS 1.3 on Server Hello before draft -22 */ | ||||
9004 | if (from_server
| ||||
9005 | /* show the session id (length followed by actual Session ID) */ | ||||
9006 | sessid_length = tvb_get_uint8(tvb, offset); | ||||
9007 | proto_tree_add_item(tree, hf->hf.hs_session_id_len, | ||||
9008 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
9009 | offset++; | ||||
9010 | |||||
9011 | if (ssl
| ||||
9012 | /* save the authoritative SID for later use in ChangeCipherSpec. | ||||
9013 | * (D)TLS restricts the SID to 32 chars, it does not make sense to | ||||
9014 | * save more, so ignore larger ones. */ | ||||
9015 | if (from_server
| ||||
9016 | tvb_memcpy(tvb, ssl->session_id.data, offset, sessid_length); | ||||
9017 | ssl->session_id.data_len = sessid_length; | ||||
9018 | } | ||||
9019 | } | ||||
9020 | if (sessid_length
| ||||
9021 | proto_tree_add_item(tree, hf->hf.hs_session_id, | ||||
9022 | tvb, offset, sessid_length, ENC_NA0x00000000); | ||||
9023 | offset += sessid_length; | ||||
9024 | } | ||||
9025 | } | ||||
9026 | |||||
9027 | return offset; | ||||
9028 | } | ||||
9029 | |||||
9030 | static int | ||||
9031 | ssl_dissect_hnd_hello_ext_status_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9032 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
9033 | bool_Bool has_length) | ||||
9034 | { | ||||
9035 | /* TLS 1.2/1.3 status_request Client Hello Extension. | ||||
9036 | * TLS 1.2 status_request_v2 CertificateStatusRequestItemV2 type. | ||||
9037 | * https://tools.ietf.org/html/rfc6066#section-8 (status_request) | ||||
9038 | * https://tools.ietf.org/html/rfc6961#section-2.2 (status_request_v2) | ||||
9039 | * struct { | ||||
9040 | * CertificateStatusType status_type; | ||||
9041 | * uint16 request_length; // for status_request_v2 | ||||
9042 | * select (status_type) { | ||||
9043 | * case ocsp: OCSPStatusRequest; | ||||
9044 | * case ocsp_multi: OCSPStatusRequest; | ||||
9045 | * } request; | ||||
9046 | * } CertificateStatusRequest; // CertificateStatusRequestItemV2 | ||||
9047 | * | ||||
9048 | * enum { ocsp(1), ocsp_multi(2), (255) } CertificateStatusType; | ||||
9049 | * struct { | ||||
9050 | * ResponderID responder_id_list<0..2^16-1>; | ||||
9051 | * Extensions request_extensions; | ||||
9052 | * } OCSPStatusRequest; | ||||
9053 | * opaque ResponderID<1..2^16-1>; | ||||
9054 | * opaque Extensions<0..2^16-1>; | ||||
9055 | */ | ||||
9056 | unsigned cert_status_type; | ||||
9057 | |||||
9058 | cert_status_type = tvb_get_uint8(tvb, offset); | ||||
9059 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_status_type, | ||||
9060 | tvb, offset, 1, ENC_NA0x00000000); | ||||
9061 | offset++; | ||||
9062 | |||||
9063 | if (has_length) { | ||||
9064 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_status_request_len, | ||||
9065 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
9066 | offset += 2; | ||||
9067 | } | ||||
9068 | |||||
9069 | switch (cert_status_type) { | ||||
9070 | case SSL_HND_CERT_STATUS_TYPE_OCSP1: | ||||
9071 | case SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2: | ||||
9072 | { | ||||
9073 | uint32_t responder_id_list_len; | ||||
9074 | uint32_t request_extensions_len; | ||||
9075 | |||||
9076 | /* ResponderID responder_id_list<0..2^16-1> */ | ||||
9077 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &responder_id_list_len, | ||||
9078 | hf->hf.hs_ext_cert_status_responder_id_list_len, 0, UINT16_MAX(65535))) { | ||||
9079 | return offset_end; | ||||
9080 | } | ||||
9081 | offset += 2; | ||||
9082 | if (responder_id_list_len != 0) { | ||||
9083 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.hs_ext_cert_status_undecoded, | ||||
9084 | tvb, offset, responder_id_list_len, | ||||
9085 | "Responder ID list is not implemented, contact Wireshark" | ||||
9086 | " developers if you want this to be supported"); | ||||
9087 | } | ||||
9088 | offset += responder_id_list_len; | ||||
9089 | |||||
9090 | /* opaque Extensions<0..2^16-1> */ | ||||
9091 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &request_extensions_len, | ||||
9092 | hf->hf.hs_ext_cert_status_request_extensions_len, 0, UINT16_MAX(65535))) { | ||||
9093 | return offset_end; | ||||
9094 | } | ||||
9095 | offset += 2; | ||||
9096 | if (request_extensions_len != 0) { | ||||
9097 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.hs_ext_cert_status_undecoded, | ||||
9098 | tvb, offset, request_extensions_len, | ||||
9099 | "Request Extensions are not implemented, contact" | ||||
9100 | " Wireshark developers if you want this to be supported"); | ||||
9101 | } | ||||
9102 | offset += request_extensions_len; | ||||
9103 | break; | ||||
9104 | } | ||||
9105 | } | ||||
9106 | |||||
9107 | return offset; | ||||
9108 | } | ||||
9109 | |||||
9110 | static unsigned | ||||
9111 | ssl_dissect_hnd_hello_ext_status_request_v2(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9112 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
9113 | { | ||||
9114 | /* https://tools.ietf.org/html/rfc6961#section-2.2 | ||||
9115 | * struct { | ||||
9116 | * CertificateStatusRequestItemV2 certificate_status_req_list<1..2^16-1>; | ||||
9117 | * } CertificateStatusRequestListV2; | ||||
9118 | */ | ||||
9119 | uint32_t req_list_length, next_offset; | ||||
9120 | |||||
9121 | /* CertificateStatusRequestItemV2 certificate_status_req_list<1..2^16-1> */ | ||||
9122 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &req_list_length, | ||||
9123 | hf->hf.hs_ext_cert_status_request_list_len, 1, UINT16_MAX(65535))) { | ||||
9124 | return offset_end; | ||||
9125 | } | ||||
9126 | offset += 2; | ||||
9127 | next_offset = offset + req_list_length; | ||||
9128 | |||||
9129 | while (offset < next_offset) { | ||||
9130 | offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, pinfo, tree, offset, next_offset, true1); | ||||
9131 | } | ||||
9132 | |||||
9133 | return offset; | ||||
9134 | } | ||||
9135 | |||||
9136 | static uint32_t | ||||
9137 | tls_dissect_ocsp_response(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | ||||
9138 | uint32_t offset, uint32_t offset_end) | ||||
9139 | { | ||||
9140 | uint32_t response_length; | ||||
9141 | proto_item *ocsp_resp; | ||||
9142 | proto_tree *ocsp_resp_tree; | ||||
9143 | asn1_ctx_t asn1_ctx; | ||||
9144 | |||||
9145 | /* opaque OCSPResponse<1..2^24-1>; */ | ||||
9146 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &response_length, | ||||
9147 | hf->hf.hs_ocsp_response_len, 1, G_MAXUINT24((1U << 24) - 1))) { | ||||
9148 | return offset_end; | ||||
9149 | } | ||||
9150 | offset += 3; | ||||
9151 | |||||
9152 | ocsp_resp = proto_tree_add_item(tree, proto_ocsp, tvb, offset, | ||||
9153 | response_length, ENC_BIG_ENDIAN0x00000000); | ||||
9154 | proto_item_set_text(ocsp_resp, "OCSP Response"); | ||||
9155 | ocsp_resp_tree = proto_item_add_subtree(ocsp_resp, hf->ett.ocsp_response); | ||||
9156 | if (proto_is_protocol_enabled(find_protocol_by_id(proto_ocsp))) { | ||||
9157 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | ||||
9158 | dissect_ocsp_OCSPResponse(false0, tvb, offset, &asn1_ctx, ocsp_resp_tree, -1); | ||||
9159 | } | ||||
9160 | offset += response_length; | ||||
9161 | |||||
9162 | return offset; | ||||
9163 | } | ||||
9164 | |||||
9165 | uint32_t | ||||
9166 | tls_dissect_hnd_certificate_status(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9167 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
9168 | { | ||||
9169 | /* TLS 1.2 "CertificateStatus" handshake message. | ||||
9170 | * TLS 1.3 "status_request" Certificate extension. | ||||
9171 | * struct { | ||||
9172 | * CertificateStatusType status_type; | ||||
9173 | * select (status_type) { | ||||
9174 | * case ocsp: OCSPResponse; | ||||
9175 | * case ocsp_multi: OCSPResponseList; // status_request_v2 | ||||
9176 | * } response; | ||||
9177 | * } CertificateStatus; | ||||
9178 | * opaque OCSPResponse<1..2^24-1>; | ||||
9179 | * struct { | ||||
9180 | * OCSPResponse ocsp_response_list<1..2^24-1>; | ||||
9181 | * } OCSPResponseList; // status_request_v2 | ||||
9182 | */ | ||||
9183 | uint32_t status_type, resp_list_length, next_offset; | ||||
9184 | |||||
9185 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_cert_status_type, | ||||
9186 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &status_type); | ||||
9187 | offset += 1; | ||||
9188 | |||||
9189 | switch (status_type) { | ||||
9190 | case SSL_HND_CERT_STATUS_TYPE_OCSP1: | ||||
9191 | offset = tls_dissect_ocsp_response(hf, tvb, pinfo, tree, offset, offset_end); | ||||
9192 | break; | ||||
9193 | |||||
9194 | case SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2: | ||||
9195 | /* OCSPResponse ocsp_response_list<1..2^24-1> */ | ||||
9196 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &resp_list_length, | ||||
9197 | hf->hf.hs_ocsp_response_list_len, 1, G_MAXUINT24((1U << 24) - 1))) { | ||||
9198 | return offset_end; | ||||
9199 | } | ||||
9200 | offset += 3; | ||||
9201 | next_offset = offset + resp_list_length; | ||||
9202 | |||||
9203 | while (offset < next_offset) { | ||||
9204 | offset = tls_dissect_ocsp_response(hf, tvb, pinfo, tree, offset, next_offset); | ||||
9205 | } | ||||
9206 | break; | ||||
9207 | } | ||||
9208 | |||||
9209 | return offset; | ||||
9210 | } | ||||
9211 | |||||
9212 | static unsigned | ||||
9213 | ssl_dissect_hnd_hello_ext_supported_groups(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9214 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
9215 | wmem_strbuf_t *ja3) | ||||
9216 | { | ||||
9217 | /* RFC 8446 Section 4.2.7 | ||||
9218 | * enum { ..., (0xFFFF) } NamedGroup; | ||||
9219 | * struct { | ||||
9220 | * NamedGroup named_group_list<2..2^16-1> | ||||
9221 | * } NamedGroupList; | ||||
9222 | * | ||||
9223 | * NOTE: "NamedCurve" (RFC 4492) is renamed to "NamedGroup" (RFC 7919) and | ||||
9224 | * the extension itself from "elliptic_curves" to "supported_groups". | ||||
9225 | */ | ||||
9226 | uint32_t groups_length, next_offset; | ||||
9227 | proto_tree *groups_tree; | ||||
9228 | proto_item *ti; | ||||
9229 | char *ja3_dash = ""; | ||||
9230 | |||||
9231 | /* NamedGroup named_group_list<2..2^16-1> */ | ||||
9232 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &groups_length, | ||||
9233 | hf->hf.hs_ext_supported_groups_len, 2, UINT16_MAX(65535))) { | ||||
9234 | return offset_end; | ||||
9235 | } | ||||
9236 | offset += 2; | ||||
9237 | next_offset = offset + groups_length; | ||||
9238 | |||||
9239 | ti = proto_tree_add_none_format(tree, | ||||
9240 | hf->hf.hs_ext_supported_groups, | ||||
9241 | tvb, offset, groups_length, | ||||
9242 | "Supported Groups (%d group%s)", | ||||
9243 | groups_length / 2, | ||||
9244 | plurality(groups_length/2, "", "s")((groups_length/2) == 1 ? ("") : ("s"))); | ||||
9245 | |||||
9246 | /* make this a subtree */ | ||||
9247 | groups_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_groups); | ||||
9248 | |||||
9249 | if (ja3) { | ||||
9250 | wmem_strbuf_append_c(ja3, ','); | ||||
9251 | } | ||||
9252 | /* loop over all groups */ | ||||
9253 | while (offset + 2 <= offset_end) { | ||||
9254 | uint32_t ext_supported_group; | ||||
9255 | |||||
9256 | proto_tree_add_item_ret_uint(groups_tree, hf->hf.hs_ext_supported_group, tvb, offset, 2, | ||||
9257 | ENC_BIG_ENDIAN0x00000000, &ext_supported_group); | ||||
9258 | offset += 2; | ||||
9259 | if (ja3 && !IS_GREASE_TLS(ext_supported_group)((((ext_supported_group) & 0x0f0f) == 0x0a0a) && ( ((ext_supported_group) & 0xff) == (((ext_supported_group) >>8) & 0xff)))) { | ||||
9260 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, ext_supported_group); | ||||
9261 | ja3_dash = "-"; | ||||
9262 | } | ||||
9263 | } | ||||
9264 | if (!ssl_end_vector(hf, tvb, pinfo, groups_tree, offset, next_offset)) { | ||||
9265 | offset = next_offset; | ||||
9266 | } | ||||
9267 | |||||
9268 | return offset; | ||||
9269 | } | ||||
9270 | |||||
9271 | static int | ||||
9272 | ssl_dissect_hnd_hello_ext_ec_point_formats(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
9273 | proto_tree *tree, uint32_t offset, wmem_strbuf_t *ja3) | ||||
9274 | { | ||||
9275 | uint8_t ecpf_length; | ||||
9276 | proto_tree *ecpf_tree; | ||||
9277 | proto_item *ti; | ||||
9278 | |||||
9279 | ecpf_length = tvb_get_uint8(tvb, offset); | ||||
9280 | proto_tree_add_item(tree, hf->hf.hs_ext_ec_point_formats_len, | ||||
9281 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
9282 | |||||
9283 | offset += 1; | ||||
9284 | ti = proto_tree_add_none_format(tree, | ||||
9285 | hf->hf.hs_ext_ec_point_formats, | ||||
9286 | tvb, offset, ecpf_length, | ||||
9287 | "Elliptic curves point formats (%d)", | ||||
9288 | ecpf_length); | ||||
9289 | |||||
9290 | /* make this a subtree */ | ||||
9291 | ecpf_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_curves_point_formats); | ||||
9292 | |||||
9293 | if (ja3) { | ||||
9294 | wmem_strbuf_append_c(ja3, ','); | ||||
9295 | } | ||||
9296 | |||||
9297 | /* loop over all point formats */ | ||||
9298 | while (ecpf_length > 0) | ||||
9299 | { | ||||
9300 | uint32_t ext_ec_point_format; | ||||
9301 | |||||
9302 | proto_tree_add_item_ret_uint(ecpf_tree, hf->hf.hs_ext_ec_point_format, tvb, offset, 1, | ||||
9303 | ENC_BIG_ENDIAN0x00000000, &ext_ec_point_format); | ||||
9304 | offset++; | ||||
9305 | ecpf_length--; | ||||
9306 | if (ja3) { | ||||
9307 | wmem_strbuf_append_printf(ja3, "%i", ext_ec_point_format); | ||||
9308 | if (ecpf_length > 0) { | ||||
9309 | wmem_strbuf_append_c(ja3, '-'); | ||||
9310 | } | ||||
9311 | } | ||||
9312 | } | ||||
9313 | |||||
9314 | return offset; | ||||
9315 | } | ||||
9316 | |||||
9317 | static int | ||||
9318 | ssl_dissect_hnd_hello_ext_srp(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
9319 | packet_info *pinfo, proto_tree *tree, | ||||
9320 | uint32_t offset, uint32_t next_offset) | ||||
9321 | { | ||||
9322 | /* https://tools.ietf.org/html/rfc5054#section-2.8.1 | ||||
9323 | * opaque srp_I<1..2^8-1>; | ||||
9324 | */ | ||||
9325 | uint32_t username_len; | ||||
9326 | |||||
9327 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, next_offset, &username_len, | ||||
9328 | hf->hf.hs_ext_srp_len, 1, UINT8_MAX(255))) { | ||||
9329 | return next_offset; | ||||
9330 | } | ||||
9331 | offset++; | ||||
9332 | |||||
9333 | proto_tree_add_item(tree, hf->hf.hs_ext_srp_username, | ||||
9334 | tvb, offset, username_len, ENC_UTF_80x00000002|ENC_NA0x00000000); | ||||
9335 | offset += username_len; | ||||
9336 | |||||
9337 | return offset; | ||||
9338 | } | ||||
9339 | |||||
9340 | static uint32_t | ||||
9341 | tls_dissect_sct(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | ||||
9342 | uint32_t offset, uint32_t offset_end, uint16_t version) | ||||
9343 | { | ||||
9344 | /* https://tools.ietf.org/html/rfc6962#section-3.2 | ||||
9345 | * enum { v1(0), (255) } Version; | ||||
9346 | * struct { | ||||
9347 | * opaque key_id[32]; | ||||
9348 | * } LogID; | ||||
9349 | * opaque CtExtensions<0..2^16-1>; | ||||
9350 | * struct { | ||||
9351 | * Version sct_version; | ||||
9352 | * LogID id; | ||||
9353 | * uint64 timestamp; | ||||
9354 | * CtExtensions extensions; | ||||
9355 | * digitally-signed struct { ... }; | ||||
9356 | * } SignedCertificateTimestamp; | ||||
9357 | */ | ||||
9358 | uint32_t sct_version; | ||||
9359 | uint64_t sct_timestamp_ms; | ||||
9360 | nstime_t sct_timestamp; | ||||
9361 | uint32_t exts_len; | ||||
9362 | const char *log_name; | ||||
9363 | |||||
9364 | proto_tree_add_item_ret_uint(tree, hf->hf.sct_sct_version, tvb, offset, 1, ENC_NA0x00000000, &sct_version); | ||||
9365 | offset++; | ||||
9366 | if (sct_version != 0) { | ||||
9367 | // TODO expert info about unknown SCT version? | ||||
9368 | return offset; | ||||
9369 | } | ||||
9370 | proto_tree_add_item(tree, hf->hf.sct_sct_logid, tvb, offset, 32, ENC_BIG_ENDIAN0x00000000); | ||||
9371 | log_name = bytesval_to_str(tvb_get_ptr(tvb, offset, 32), 32, ct_logids, "Unknown Log"); | ||||
9372 | proto_item_append_text(tree, " (%s)", log_name); | ||||
9373 | offset += 32; | ||||
9374 | sct_timestamp_ms = tvb_get_ntoh64(tvb, offset); | ||||
9375 | sct_timestamp.secs = (time_t)(sct_timestamp_ms / 1000); | ||||
9376 | sct_timestamp.nsecs = (int)((sct_timestamp_ms % 1000) * 1000000); | ||||
9377 | proto_tree_add_time(tree, hf->hf.sct_sct_timestamp, tvb, offset, 8, &sct_timestamp); | ||||
9378 | offset += 8; | ||||
9379 | /* opaque CtExtensions<0..2^16-1> */ | ||||
9380 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &exts_len, | ||||
9381 | hf->hf.sct_sct_extensions_length, 0, UINT16_MAX(65535))) { | ||||
9382 | return offset_end; | ||||
9383 | } | ||||
9384 | offset += 2; | ||||
9385 | if (exts_len > 0) { | ||||
9386 | proto_tree_add_item(tree, hf->hf.sct_sct_extensions, tvb, offset, exts_len, ENC_BIG_ENDIAN0x00000000); | ||||
9387 | offset += exts_len; | ||||
9388 | } | ||||
9389 | offset = ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, | ||||
9390 | hf->hf.sct_sct_signature_length, | ||||
9391 | hf->hf.sct_sct_signature); | ||||
9392 | return offset; | ||||
9393 | } | ||||
9394 | |||||
9395 | uint32_t | ||||
9396 | tls_dissect_sct_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | ||||
9397 | uint32_t offset, uint32_t offset_end, uint16_t version) | ||||
9398 | { | ||||
9399 | /* https://tools.ietf.org/html/rfc6962#section-3.3 | ||||
9400 | * opaque SerializedSCT<1..2^16-1>; | ||||
9401 | * struct { | ||||
9402 | * SerializedSCT sct_list <1..2^16-1>; | ||||
9403 | * } SignedCertificateTimestampList; | ||||
9404 | */ | ||||
9405 | uint32_t list_length, sct_length, next_offset; | ||||
9406 | proto_tree *subtree; | ||||
9407 | |||||
9408 | /* SerializedSCT sct_list <1..2^16-1> */ | ||||
9409 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &list_length, | ||||
9410 | hf->hf.sct_scts_length, 1, UINT16_MAX(65535))) { | ||||
9411 | return offset_end; | ||||
9412 | } | ||||
9413 | offset += 2; | ||||
9414 | |||||
9415 | while (offset < offset_end) { | ||||
9416 | subtree = proto_tree_add_subtree(tree, tvb, offset, 2, hf->ett.sct, NULL((void*)0), "Signed Certificate Timestamp"); | ||||
9417 | |||||
9418 | /* opaque SerializedSCT<1..2^16-1> */ | ||||
9419 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &sct_length, | ||||
9420 | hf->hf.sct_sct_length, 1, UINT16_MAX(65535))) { | ||||
9421 | return offset_end; | ||||
9422 | } | ||||
9423 | offset += 2; | ||||
9424 | next_offset = offset + sct_length; | ||||
9425 | proto_item_set_len(subtree, 2 + sct_length); | ||||
9426 | offset = tls_dissect_sct(hf, tvb, pinfo, subtree, offset, next_offset, version); | ||||
9427 | if (!ssl_end_vector(hf, tvb, pinfo, subtree, offset, next_offset)) { | ||||
9428 | offset = next_offset; | ||||
9429 | } | ||||
9430 | } | ||||
9431 | |||||
9432 | return offset; | ||||
9433 | } | ||||
9434 | |||||
9435 | static int | ||||
9436 | dissect_ech_hpke_cipher_suite(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), | ||||
9437 | proto_tree *tree, uint32_t offset) | ||||
9438 | { | ||||
9439 | uint32_t kdf_id, aead_id; | ||||
9440 | proto_item *cs_ti; | ||||
9441 | proto_tree *cs_tree; | ||||
9442 | |||||
9443 | cs_ti = proto_tree_add_item(tree, hf->hf.ech_hpke_keyconfig_cipher_suite, | ||||
9444 | tvb, offset, 4, ENC_NA0x00000000); | ||||
9445 | cs_tree = proto_item_add_subtree(cs_ti, hf->ett.ech_hpke_cipher_suite); | ||||
9446 | |||||
9447 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.ech_hpke_keyconfig_cipher_suite_kdf_id, | ||||
9448 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &kdf_id); | ||||
9449 | offset += 2; | ||||
9450 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.ech_hpke_keyconfig_cipher_suite_aead_id, | ||||
9451 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &aead_id); | ||||
9452 | offset += 2; | ||||
9453 | |||||
9454 | proto_item_append_text(cs_ti, ": %s/%s", | ||||
9455 | val_to_str_const(kdf_id, kdf_id_type_vals, "Unknown"), | ||||
9456 | val_to_str_const(aead_id, aead_id_type_vals, "Unknown")); | ||||
9457 | return offset; | ||||
9458 | } | ||||
9459 | |||||
9460 | static int | ||||
9461 | dissect_ech_hpke_key_config(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9462 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
9463 | uint32_t *config_id) | ||||
9464 | { | ||||
9465 | uint32_t length, cipher_suite_length; | ||||
9466 | proto_item *kc_ti, *css_ti; | ||||
9467 | proto_tree *kc_tree, *css_tree; | ||||
9468 | uint32_t original_offset = offset, next_offset; | ||||
9469 | |||||
9470 | kc_ti = proto_tree_add_item(tree, hf->hf.ech_hpke_keyconfig, | ||||
9471 | tvb, offset, -1, ENC_NA0x00000000); | ||||
9472 | kc_tree = proto_item_add_subtree(kc_ti, hf->ett.ech_hpke_keyconfig); | ||||
9473 | |||||
9474 | proto_tree_add_item_ret_uint(kc_tree, hf->hf.ech_hpke_keyconfig_config_id, | ||||
9475 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, config_id); | ||||
9476 | offset += 1; | ||||
9477 | proto_tree_add_item(kc_tree, hf->hf.ech_hpke_keyconfig_kem_id, | ||||
9478 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
9479 | offset += 2; | ||||
9480 | proto_tree_add_item_ret_uint(kc_tree, hf->hf.ech_hpke_keyconfig_public_key_length, | ||||
9481 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | ||||
9482 | offset += 2; | ||||
9483 | proto_tree_add_item(kc_tree, hf->hf.ech_hpke_keyconfig_public_key, | ||||
9484 | tvb, offset, length, ENC_NA0x00000000); | ||||
9485 | offset += length; | ||||
9486 | |||||
9487 | /* HpkeSymmetricCipherSuite cipher_suites<4..2^16-4> */ | ||||
9488 | if (!ssl_add_vector(hf, tvb, pinfo, kc_tree, offset, offset_end, &cipher_suite_length, | ||||
9489 | hf->hf.ech_hpke_keyconfig_cipher_suites_length, 4, UINT16_MAX(65535) - 3)) { | ||||
9490 | return offset_end; | ||||
9491 | } | ||||
9492 | offset += 2; | ||||
9493 | next_offset = offset + cipher_suite_length; | ||||
9494 | |||||
9495 | css_ti = proto_tree_add_none_format(kc_tree, | ||||
9496 | hf->hf.ech_hpke_keyconfig_cipher_suites, | ||||
9497 | tvb, offset, cipher_suite_length, | ||||
9498 | "Cipher Suites (%d suite%s)", | ||||
9499 | cipher_suite_length / 4, | ||||
9500 | plurality(cipher_suite_length / 4, "", "s")((cipher_suite_length / 4) == 1 ? ("") : ("s"))); | ||||
9501 | css_tree = proto_item_add_subtree(css_ti, hf->ett.ech_hpke_cipher_suites); | ||||
9502 | |||||
9503 | |||||
9504 | while (offset + 4 <= next_offset) { | ||||
9505 | offset = dissect_ech_hpke_cipher_suite(hf, tvb, pinfo, css_tree, offset); | ||||
9506 | } | ||||
9507 | |||||
9508 | if (!ssl_end_vector(hf, tvb, pinfo, css_tree, offset, next_offset)) { | ||||
9509 | offset = next_offset; | ||||
9510 | } | ||||
9511 | |||||
9512 | proto_item_set_len(kc_ti, offset - original_offset); | ||||
9513 | |||||
9514 | return offset; | ||||
9515 | } | ||||
9516 | |||||
9517 | static int | ||||
9518 | dissect_ech_echconfig_contents(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9519 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
9520 | const uint8_t **public_name, uint32_t *config_id) | ||||
9521 | { | ||||
9522 | uint32_t public_name_length, extensions_length, next_offset; | ||||
9523 | |||||
9524 | offset = dissect_ech_hpke_key_config(hf, tvb, pinfo, tree, offset, offset_end, config_id); | ||||
9525 | proto_tree_add_item(tree, hf->hf.ech_echconfigcontents_maximum_name_length, | ||||
9526 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
9527 | offset += 1; | ||||
9528 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_echconfigcontents_public_name_length, | ||||
9529 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &public_name_length); | ||||
9530 | offset += 1; | ||||
9531 | proto_tree_add_item_ret_string(tree, hf->hf.ech_echconfigcontents_public_name, | ||||
9532 | tvb, offset, public_name_length, ENC_ASCII0x00000000, pinfo->pool, public_name); | ||||
9533 | offset += public_name_length; | ||||
9534 | |||||
9535 | /* Extension extensions<0..2^16-1>; */ | ||||
9536 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &extensions_length, | ||||
9537 | hf->hf.ech_echconfigcontents_extensions_length, 0, UINT16_MAX(65535))) { | ||||
9538 | return offset_end; | ||||
9539 | } | ||||
9540 | offset += 2; | ||||
9541 | next_offset = offset + extensions_length; | ||||
9542 | |||||
9543 | if (extensions_length > 0) { | ||||
9544 | proto_tree_add_item(tree, hf->hf.ech_echconfigcontents_extensions, | ||||
9545 | tvb, offset, extensions_length, ENC_NA0x00000000); | ||||
9546 | } | ||||
9547 | offset += extensions_length; | ||||
9548 | |||||
9549 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { | ||||
9550 | offset = next_offset; | ||||
9551 | } | ||||
9552 | |||||
9553 | return offset; | ||||
9554 | } | ||||
9555 | |||||
9556 | static int | ||||
9557 | dissect_ech_echconfig(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9558 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
9559 | { | ||||
9560 | uint32_t version, length; | ||||
9561 | proto_item *ech_ti; | ||||
9562 | proto_tree *ech_tree; | ||||
9563 | const uint8_t *public_name = NULL((void*)0); | ||||
9564 | uint32_t config_id = 0; | ||||
9565 | |||||
9566 | ech_ti = proto_tree_add_item(tree, hf->hf.ech_echconfig, tvb, offset, -1, ENC_NA0x00000000); | ||||
9567 | ech_tree = proto_item_add_subtree(ech_ti, hf->ett.ech_echconfig); | ||||
9568 | |||||
9569 | proto_tree_add_item_ret_uint(ech_tree, hf->hf.ech_echconfig_version, | ||||
9570 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &version); | ||||
9571 | offset += 2; | ||||
9572 | proto_tree_add_item_ret_uint(ech_tree, hf->hf.ech_echconfig_length, | ||||
9573 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | ||||
9574 | offset += 2; | ||||
9575 | |||||
9576 | proto_item_set_len(ech_ti, 4 + length); | ||||
9577 | |||||
9578 | switch(version) { | ||||
9579 | case 0xfe0d: | ||||
9580 | dissect_ech_echconfig_contents(hf, tvb, pinfo, ech_tree, offset, offset_end, &public_name, &config_id); | ||||
9581 | proto_item_append_text(ech_ti, ": id=%d %s", config_id, public_name); | ||||
9582 | break; | ||||
9583 | |||||
9584 | default: | ||||
9585 | expert_add_info_format(pinfo, ech_ti, &hf->ei.ech_echconfig_invalid_version, "Unsupported/unknown ECHConfig version 0x%x", version); | ||||
9586 | } | ||||
9587 | |||||
9588 | return 4 + length; | ||||
9589 | } | ||||
9590 | |||||
9591 | uint32_t | ||||
9592 | ssl_dissect_ext_ech_echconfiglist(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9593 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
9594 | { | ||||
9595 | uint32_t echconfiglist_length, next_offset; | ||||
9596 | |||||
9597 | /* ECHConfig ECHConfigList<1..2^16-1>; */ | ||||
9598 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &echconfiglist_length, | ||||
9599 | hf->hf.ech_echconfiglist_length, 1, UINT16_MAX(65535))) { | ||||
9600 | return offset_end; | ||||
9601 | } | ||||
9602 | offset += 2; | ||||
9603 | next_offset = offset + echconfiglist_length; | ||||
9604 | |||||
9605 | while (offset < next_offset) { | ||||
9606 | offset += dissect_ech_echconfig(hf, tvb, pinfo, tree, offset, offset_end); | ||||
9607 | } | ||||
9608 | |||||
9609 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { | ||||
9610 | offset = next_offset; | ||||
9611 | } | ||||
9612 | |||||
9613 | return offset; | ||||
9614 | } | ||||
9615 | |||||
9616 | static uint32_t | ||||
9617 | ssl_dissect_hnd_ech_outer_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | ||||
9618 | uint32_t offset, uint32_t offset_end) | ||||
9619 | { | ||||
9620 | uint32_t ext_length, next_offset; | ||||
9621 | proto_tree *ext_tree; | ||||
9622 | proto_item *ti; | ||||
9623 | |||||
9624 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &ext_length, | ||||
9625 | hf->hf.hs_ext_ech_outer_ext_len, 2, G_MAXUINT8((guint8) 0xff))) { | ||||
9626 | return offset_end; | ||||
9627 | } | ||||
9628 | offset += 1; | ||||
9629 | next_offset = offset + ext_length; | ||||
9630 | |||||
9631 | ti = proto_tree_add_none_format(tree, | ||||
9632 | hf->hf.hs_ext_ech_outer_ext, | ||||
9633 | tvb, offset, ext_length, | ||||
9634 | "Outer Extensions (%d extension%s)", | ||||
9635 | ext_length / 2, | ||||
9636 | plurality(ext_length/2, "", "s")((ext_length/2) == 1 ? ("") : ("s"))); | ||||
9637 | |||||
9638 | ext_tree = proto_item_add_subtree(ti, hf->ett.hs_ext); | ||||
9639 | |||||
9640 | while (offset + 2 <= offset_end) { | ||||
9641 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_type, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
9642 | offset += 2; | ||||
9643 | } | ||||
9644 | |||||
9645 | if (!ssl_end_vector(hf, tvb, pinfo, ext_tree, offset, next_offset)) { | ||||
9646 | offset = next_offset; | ||||
9647 | } | ||||
9648 | |||||
9649 | return offset; | ||||
9650 | } | ||||
9651 | |||||
9652 | static uint32_t | ||||
9653 | // NOLINTNEXTLINE(misc-no-recursion) | ||||
9654 | ssl_dissect_hnd_hello_ext_ech(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9655 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
9656 | uint8_t hnd_type, SslSession *session, SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, | ||||
9657 | uint32_t initial_offset, uint32_t hello_length) | ||||
9658 | { | ||||
9659 | uint32_t ch_type, length; | ||||
9660 | proto_item *ti, *payload_ti; | ||||
9661 | proto_tree *retry_tree, *payload_tree; | ||||
9662 | |||||
9663 | switch (hnd_type) { | ||||
9664 | case SSL_HND_CLIENT_HELLO: | ||||
9665 | /* | ||||
9666 | * enum { outer(0), inner(1) } ECHClientHelloType; | ||||
9667 | * | ||||
9668 | * struct { | ||||
9669 | * ECHClientHelloType type; | ||||
9670 | * select (ECHClientHello.type) { | ||||
9671 | * case outer: | ||||
9672 | * HpkeSymmetricCipherSuite cipher_suite; | ||||
9673 | * uint8 config_id; | ||||
9674 | * opaque enc<0..2^16-1>; | ||||
9675 | * opaque payload<1..2^16-1>; | ||||
9676 | * case inner: | ||||
9677 | * Empty; | ||||
9678 | * }; | ||||
9679 | * } ECHClientHello; | ||||
9680 | */ | ||||
9681 | |||||
9682 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_clienthello_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &ch_type); | ||||
9683 | offset += 1; | ||||
9684 | switch (ch_type) { | ||||
9685 | case 0: /* outer */ | ||||
9686 | if (ssl && session->first_ch_ech_frame == 0) { | ||||
9687 | session->first_ch_ech_frame = pinfo->num; | ||||
9688 | } | ||||
9689 | offset = dissect_ech_hpke_cipher_suite(hf, tvb, pinfo, tree, offset); | ||||
9690 | uint16_t kdf_id = tvb_get_ntohs(tvb, offset - 4); | ||||
9691 | uint16_t aead_id = tvb_get_ntohs(tvb, offset - 2); | ||||
9692 | |||||
9693 | proto_tree_add_item(tree, hf->hf.ech_config_id, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
9694 | uint8_t config_id = tvb_get_uint8(tvb, offset); | ||||
9695 | offset += 1; | ||||
9696 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_enc_length, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | ||||
9697 | offset += 2; | ||||
9698 | proto_tree_add_item(tree, hf->hf.ech_enc, tvb, offset, length, ENC_NA0x00000000); | ||||
9699 | offset += length; | ||||
9700 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_payload_length, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); | ||||
9701 | offset += 2; | ||||
9702 | payload_ti = proto_tree_add_item(tree, hf->hf.ech_payload, tvb, offset, length, ENC_NA0x00000000); | ||||
9703 | offset += length; | ||||
9704 | |||||
9705 | if (!mk_map) { | ||||
9706 | break; | ||||
9707 | } | ||||
9708 | if (session->client_random.data_len == 0) { | ||||
9709 | ssl_debug_printf("%s missing Client Random\n", G_STRFUNC((const char*) (__func__))); | ||||
9710 | break; | ||||
9711 | } | ||||
9712 | StringInfo *ech_secret = (StringInfo *)g_hash_table_lookup(mk_map->ech_secret, &session->client_random); | ||||
9713 | StringInfo *ech_config = (StringInfo *)g_hash_table_lookup(mk_map->ech_config, &session->client_random); | ||||
9714 | if (!ech_secret || !ech_config) { | ||||
9715 | ssl_debug_printf("%s Cannot find ECH_SECRET or ECH_CONFIG, Encrypted Client Hello decryption impossible\n", | ||||
9716 | G_STRFUNC((const char*) (__func__))); | ||||
9717 | break; | ||||
9718 | } | ||||
9719 | |||||
9720 | if (hpke_hkdf_len(kdf_id) == 0) { | ||||
9721 | ssl_debug_printf("Unsupported KDF\n"); | ||||
9722 | break; | ||||
9723 | } | ||||
9724 | |||||
9725 | if (hpke_aead_key_len(aead_id) == 0) { | ||||
9726 | ssl_debug_printf("Unsupported AEAD\n"); | ||||
9727 | break; | ||||
9728 | } | ||||
9729 | |||||
9730 | size_t aead_nonce_len = hpke_aead_nonce_len(aead_id); | ||||
9731 | |||||
9732 | uint16_t version = GUINT16_FROM_BE(*(uint16_t *)ech_config->data)(((((guint16) ( (guint16) ((guint16) (*(uint16_t *)ech_config ->data) >> 8) | (guint16) ((guint16) (*(uint16_t *)ech_config ->data) << 8)))))); | ||||
9733 | if (version != SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037) { | ||||
9734 | ssl_debug_printf("Unexpected version in ECH Config\n"); | ||||
9735 | break; | ||||
9736 | } | ||||
9737 | uint32_t ech_config_offset = 2; | ||||
9738 | if (GUINT16_FROM_BE(*(uint16_t *)(ech_config->data + ech_config_offset))(((((guint16) ( (guint16) ((guint16) (*(uint16_t *)(ech_config ->data + ech_config_offset)) >> 8) | (guint16) ((guint16 ) (*(uint16_t *)(ech_config->data + ech_config_offset)) << 8)))))) != ech_config->data_len - 4) { | ||||
9739 | ssl_debug_printf("Malformed ECH Config, invalid length\n"); | ||||
9740 | break; | ||||
9741 | } | ||||
9742 | ech_config_offset += 2; | ||||
9743 | if (*(ech_config->data + ech_config_offset) != config_id) { | ||||
9744 | ssl_debug_printf("ECH Config version mismatch\n"); | ||||
9745 | break; | ||||
9746 | } | ||||
9747 | ech_config_offset += 1; | ||||
9748 | uint16_t kem_id_be = *(uint16_t *)(ech_config->data + ech_config_offset); | ||||
9749 | uint16_t kem_id = GUINT16_FROM_BE(kem_id_be)(((((guint16) ( (guint16) ((guint16) (kem_id_be) >> 8) | (guint16) ((guint16) (kem_id_be) << 8)))))); | ||||
9750 | uint8_t suite_id[HPKE_SUIT_ID_LEN10]; | ||||
9751 | hpke_suite_id(kem_id, kdf_id, aead_id, suite_id); | ||||
9752 | GByteArray *info = g_byte_array_new(); | ||||
9753 | g_byte_array_append(info, "tls ech", 8); | ||||
9754 | g_byte_array_append(info, ech_config->data, ech_config->data_len); | ||||
9755 | uint8_t key[AEAD_MAX_KEY_LENGTH32]; | ||||
9756 | uint8_t base_nonce[HPKE_AEAD_NONCE_LENGTH12]; | ||||
9757 | if (hpke_key_schedule(kdf_id, aead_id, ech_secret->data, ech_secret->data_len, suite_id, info->data, info->len, HPKE_MODE_BASE0, | ||||
9758 | key, base_nonce)) { | ||||
9759 | g_byte_array_free(info, TRUE(!(0))); | ||||
9760 | break; | ||||
9761 | } | ||||
9762 | g_byte_array_free(info, TRUE(!(0))); | ||||
9763 | gcry_cipher_hd_t cipher; | ||||
9764 | if (hpke_setup_aead(&cipher, aead_id, key) || | ||||
9765 | hpke_set_nonce(cipher, !session->hrr_ech_declined && pinfo->num > session->first_ch_ech_frame, base_nonce, aead_nonce_len)) { | ||||
9766 | gcry_cipher_close(cipher); | ||||
9767 | break; | ||||
9768 | } | ||||
9769 | const uint8_t *payload = tvb_get_ptr(tvb, offset - length, length); | ||||
9770 | uint8_t *ech_aad = (uint8_t *)wmem_alloc(NULL((void*)0), hello_length); | ||||
9771 | tvb_memcpy(tvb, ech_aad, initial_offset, hello_length); | ||||
9772 | memset(ech_aad + offset - length - initial_offset, 0, length); | ||||
9773 | if (gcry_cipher_authenticate(cipher, ech_aad, hello_length)) { | ||||
9774 | gcry_cipher_close(cipher); | ||||
9775 | wmem_free(NULL((void*)0), ech_aad); | ||||
9776 | break; | ||||
9777 | } | ||||
9778 | wmem_free(NULL((void*)0), ech_aad); | ||||
9779 | uint8_t *ech_decrypted_data = (uint8_t *)wmem_alloc(pinfo->pool, length - 16); | ||||
9780 | if (gcry_cipher_decrypt(cipher, ech_decrypted_data, length - 16, payload, length - 16)) { | ||||
9781 | gcry_cipher_close(cipher); | ||||
9782 | break; | ||||
9783 | } | ||||
9784 | guchar ech_auth_tag_calc[16]; | ||||
9785 | if (gcry_cipher_gettag(cipher, ech_auth_tag_calc, 16)) { | ||||
9786 | gcry_cipher_close(cipher); | ||||
9787 | break; | ||||
9788 | } | ||||
9789 | if (ssl && !session->hrr_ech_declined && session->first_ch_ech_frame == pinfo->num) | ||||
9790 | memcpy(session->first_ech_auth_tag, ech_auth_tag_calc, 16); | ||||
9791 | gcry_cipher_close(cipher); | ||||
9792 | if (memcmp(pinfo->num > session->first_ch_ech_frame ? ech_auth_tag_calc : session->first_ech_auth_tag, | ||||
9793 | payload + length - 16, 16)) { | ||||
9794 | ssl_debug_printf("%s ECH auth tag mismatch\n", G_STRFUNC((const char*) (__func__))); | ||||
9795 | } else { | ||||
9796 | payload_tree = proto_item_add_subtree(payload_ti, hf->ett.ech_decrypt); | ||||
9797 | tvbuff_t *ech_tvb = tvb_new_child_real_data(tvb, ech_decrypted_data, length - 16, length - 16); | ||||
9798 | add_new_data_source(pinfo, ech_tvb, "Client Hello Inner"); | ||||
9799 | if (ssl) { | ||||
9800 | tvb_memcpy(ech_tvb, ssl->client_random.data, 2, 32); | ||||
9801 | uint32_t len_offset = ssl->ech_transcript.data_len; | ||||
9802 | if (ssl->ech_transcript.data_len > 0) | ||||
9803 | ssl->ech_transcript.data = (guchar*)wmem_realloc(wmem_file_scope(), ssl->ech_transcript.data, | ||||
9804 | ssl->ech_transcript.data_len + hello_length + 4); | ||||
9805 | else | ||||
9806 | ssl->ech_transcript.data = (guchar*)wmem_alloc(wmem_file_scope(), hello_length + 4); | ||||
9807 | ssl->ech_transcript.data[ssl->ech_transcript.data_len] = SSL_HND_CLIENT_HELLO; | ||||
9808 | ssl->ech_transcript.data[ssl->ech_transcript.data_len + 1] = 0; | ||||
9809 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len + 4, 0, 34); | ||||
9810 | ssl->ech_transcript.data_len += 38; | ||||
9811 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, initial_offset + 34, | ||||
9812 | tvb_get_uint8(tvb, initial_offset + 34) + 1); | ||||
9813 | ssl->ech_transcript.data_len += tvb_get_uint8(tvb, initial_offset + 34) + 1; | ||||
9814 | uint32_t ech_offset = 35 + tvb_get_uint8(ech_tvb, 34); | ||||
9815 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, ech_offset, | ||||
9816 | 2 + tvb_get_ntohs(ech_tvb, ech_offset)); | ||||
9817 | ssl->ech_transcript.data_len += 2 + tvb_get_ntohs(ech_tvb, ech_offset); | ||||
9818 | ech_offset += 2 + tvb_get_ntohs(ech_tvb, ech_offset); | ||||
9819 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, ech_offset, | ||||
9820 | 1 + tvb_get_uint8(ech_tvb, ech_offset)); | ||||
9821 | ssl->ech_transcript.data_len += 1 + tvb_get_uint8(ech_tvb, ech_offset); | ||||
9822 | ech_offset += 1 + tvb_get_uint8(ech_tvb, ech_offset); | ||||
9823 | uint32_t ech_extensions_len_offset = ssl->ech_transcript.data_len; | ||||
9824 | ssl->ech_transcript.data_len += 2; | ||||
9825 | uint16_t extensions_end = ech_offset + tvb_get_ntohs(ech_tvb, ech_offset) + 2; | ||||
9826 | ech_offset += 2; | ||||
9827 | while (extensions_end - ech_offset >= 4) { | ||||
9828 | if (tvb_get_ntohs(ech_tvb, ech_offset) != SSL_HND_HELLO_EXT_ECH_OUTER_EXTENSIONS64768) { | ||||
9829 | tvb_memcpy(ech_tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, ech_offset, | ||||
9830 | 4 + tvb_get_ntohs(ech_tvb, ech_offset + 2)); | ||||
9831 | ssl->ech_transcript.data_len += 4 + tvb_get_ntohs(ech_tvb, ech_offset + 2); | ||||
9832 | ech_offset += 4 + tvb_get_ntohs(ech_tvb, ech_offset + 2); | ||||
9833 | } else if (tvb_get_ntohs(ech_tvb, ech_offset + 2) > 0) { | ||||
9834 | uint8_t outer_extensions_end = tvb_get_uint8(ech_tvb, ech_offset + 4) + ech_offset + 5; | ||||
9835 | ech_offset += 5; | ||||
9836 | uint16_t outer_offset = initial_offset + 35 + tvb_get_uint8(tvb, initial_offset + 34); | ||||
9837 | outer_offset += tvb_get_ntohs(tvb, outer_offset) + 2; | ||||
9838 | outer_offset += tvb_get_uint8(tvb, outer_offset) + 3; | ||||
9839 | while (outer_extensions_end - ech_offset >= 2) { | ||||
9840 | while (hello_length - outer_offset >= 4) { | ||||
9841 | if (tvb_get_ntohs(tvb, outer_offset) == tvb_get_ntohs(ech_tvb, ech_offset)) { | ||||
9842 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, outer_offset, | ||||
9843 | 4 + tvb_get_ntohs(tvb, outer_offset + 2)); | ||||
9844 | ssl->ech_transcript.data_len += 4 + tvb_get_ntohs(tvb, outer_offset + 2); | ||||
9845 | outer_offset += 4 + tvb_get_ntohs(tvb, outer_offset + 2); | ||||
9846 | break; | ||||
9847 | } else { | ||||
9848 | outer_offset += 4 + tvb_get_ntohs(tvb, outer_offset + 2); | ||||
9849 | } | ||||
9850 | } | ||||
9851 | ech_offset += 2; | ||||
9852 | } | ||||
9853 | } | ||||
9854 | } | ||||
9855 | uint16_t ech_extensions_len_be = GUINT16_TO_BE(ssl->ech_transcript.data_len - ech_extensions_len_offset - 2)((((guint16) ( (guint16) ((guint16) (ssl->ech_transcript.data_len - ech_extensions_len_offset - 2) >> 8) | (guint16) ((guint16 ) (ssl->ech_transcript.data_len - ech_extensions_len_offset - 2) << 8))))); | ||||
9856 | *(ssl->ech_transcript.data + ech_extensions_len_offset) = ech_extensions_len_be & 0xff; | ||||
9857 | *(ssl->ech_transcript.data + ech_extensions_len_offset + 1) = (ech_extensions_len_be >> 8); | ||||
9858 | *(ssl->ech_transcript.data + len_offset + 2) = ((ssl->ech_transcript.data_len - len_offset - 4) >> 8); | ||||
9859 | *(ssl->ech_transcript.data + len_offset + 3) = (ssl->ech_transcript.data_len - len_offset - 4) & 0xff; | ||||
9860 | } | ||||
9861 | uint32_t ech_padding_begin = (uint32_t)ssl_dissect_hnd_cli_hello(hf, ech_tvb, pinfo, payload_tree, 0, length - 16, session, | ||||
9862 | ssl, NULL((void*)0), mk_map); | ||||
9863 | if (ech_padding_begin < length - 16) { | ||||
9864 | proto_tree_add_item(payload_tree, hf->hf.ech_padding_data, ech_tvb, ech_padding_begin, length - 16 - ech_padding_begin, | ||||
9865 | ENC_NA0x00000000); | ||||
9866 | } | ||||
9867 | } | ||||
9868 | |||||
9869 | break; | ||||
9870 | case 1: /* inner */ | ||||
9871 | break; | ||||
9872 | } | ||||
9873 | break; | ||||
9874 | |||||
9875 | case SSL_HND_ENCRYPTED_EXTENSIONS: | ||||
9876 | /* | ||||
9877 | * struct { | ||||
9878 | * ECHConfigList retry_configs; | ||||
9879 | * } ECHEncryptedExtensions; | ||||
9880 | */ | ||||
9881 | |||||
9882 | ti = proto_tree_add_item(tree, hf->hf.ech_retry_configs, tvb, offset, offset_end - offset, ENC_NA0x00000000); | ||||
9883 | retry_tree = proto_item_add_subtree(ti, hf->ett.ech_retry_configs); | ||||
9884 | offset = ssl_dissect_ext_ech_echconfiglist(hf, tvb, pinfo, retry_tree, offset, offset_end); | ||||
9885 | break; | ||||
9886 | |||||
9887 | case SSL_HND_HELLO_RETRY_REQUEST: | ||||
9888 | /* | ||||
9889 | * struct { | ||||
9890 | * opaque confirmation[8]; | ||||
9891 | * } ECHHelloRetryRequest; | ||||
9892 | */ | ||||
9893 | |||||
9894 | proto_tree_add_item(tree, hf->hf.ech_confirmation, tvb, offset, 8, ENC_NA0x00000000); | ||||
9895 | if (session->ech) { | ||||
9896 | ti = proto_tree_add_bytes_with_length(tree, hf->hf.hs_ech_confirm_compute, tvb, offset, 0, session->hrr_ech_confirmation, 8); | ||||
9897 | proto_item_set_generated(ti); | ||||
9898 | if (memcmp(session->hrr_ech_confirmation, tvb_get_ptr(tvb, offset, 8), 8)) { | ||||
9899 | expert_add_info(pinfo, ti, &hf->ei.ech_rejected); | ||||
9900 | } else { | ||||
9901 | expert_add_info(pinfo, ti, &hf->ei.ech_accepted); | ||||
9902 | } | ||||
9903 | } | ||||
9904 | offset += 8; | ||||
9905 | break; | ||||
9906 | } | ||||
9907 | |||||
9908 | return offset; | ||||
9909 | } | ||||
9910 | |||||
9911 | static uint32_t | ||||
9912 | ssl_dissect_hnd_hello_ext_esni(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9913 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
9914 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) | ||||
9915 | { | ||||
9916 | uint32_t record_digest_length, encrypted_sni_length; | ||||
9917 | |||||
9918 | switch (hnd_type) { | ||||
9919 | case SSL_HND_CLIENT_HELLO: | ||||
9920 | /* | ||||
9921 | * struct { | ||||
9922 | * CipherSuite suite; | ||||
9923 | * KeyShareEntry key_share; | ||||
9924 | * opaque record_digest<0..2^16-1>; | ||||
9925 | * opaque encrypted_sni<0..2^16-1>; | ||||
9926 | * } ClientEncryptedSNI; | ||||
9927 | */ | ||||
9928 | proto_tree_add_item(tree, hf->hf.esni_suite, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
9929 | offset += 2; | ||||
9930 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, tree, offset, offset_end, NULL((void*)0)); | ||||
9931 | |||||
9932 | /* opaque record_digest<0..2^16-1> */ | ||||
9933 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &record_digest_length, | ||||
9934 | hf->hf.esni_record_digest_length, 0, UINT16_MAX(65535))) { | ||||
9935 | return offset_end; | ||||
9936 | } | ||||
9937 | offset += 2; | ||||
9938 | if (record_digest_length > 0) { | ||||
9939 | proto_tree_add_item(tree, hf->hf.esni_record_digest, tvb, offset, record_digest_length, ENC_NA0x00000000); | ||||
9940 | offset += record_digest_length; | ||||
9941 | } | ||||
9942 | |||||
9943 | /* opaque encrypted_sni<0..2^16-1> */ | ||||
9944 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &encrypted_sni_length, | ||||
9945 | hf->hf.esni_encrypted_sni_length, 0, UINT16_MAX(65535))) { | ||||
9946 | return offset_end; | ||||
9947 | } | ||||
9948 | offset += 2; | ||||
9949 | if (encrypted_sni_length > 0) { | ||||
9950 | proto_tree_add_item(tree, hf->hf.esni_encrypted_sni, tvb, offset, encrypted_sni_length, ENC_NA0x00000000); | ||||
9951 | offset += encrypted_sni_length; | ||||
9952 | } | ||||
9953 | break; | ||||
9954 | |||||
9955 | case SSL_HND_ENCRYPTED_EXTENSIONS: | ||||
9956 | proto_tree_add_item(tree, hf->hf.esni_nonce, tvb, offset, 16, ENC_NA0x00000000); | ||||
9957 | offset += 16; | ||||
9958 | break; | ||||
9959 | } | ||||
9960 | |||||
9961 | return offset; | ||||
9962 | } | ||||
9963 | /** TLS Extensions (in Client Hello and Server Hello). }}} */ | ||||
9964 | |||||
9965 | /* Connection ID dissection. {{{ */ | ||||
9966 | static uint32_t | ||||
9967 | ssl_dissect_ext_connection_id(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9968 | proto_tree *tree, uint32_t offset, SslDecryptSession *ssl, | ||||
9969 | uint8_t cidl, uint8_t **session_cid, uint8_t *session_cidl) | ||||
9970 | { | ||||
9971 | /* keep track of the decrypt session only for the first pass */ | ||||
9972 | if (cidl > 0 && !PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) { | ||||
9973 | tvb_ensure_bytes_exist(tvb, offset + 1, cidl); | ||||
9974 | *session_cidl = cidl; | ||||
9975 | *session_cid = (uint8_t*)wmem_alloc0(wmem_file_scope(), cidl); | ||||
9976 | tvb_memcpy(tvb, *session_cid, offset + 1, cidl); | ||||
9977 | if (ssl) { | ||||
9978 | ssl_add_session_by_cid(ssl); | ||||
9979 | } | ||||
9980 | } | ||||
9981 | |||||
9982 | proto_tree_add_item(tree, hf->hf.hs_ext_connection_id_length, | ||||
9983 | tvb, offset, 1, ENC_NA0x00000000); | ||||
9984 | offset++; | ||||
9985 | |||||
9986 | if (cidl > 0) { | ||||
9987 | proto_tree_add_item(tree, hf->hf.hs_ext_connection_id, | ||||
9988 | tvb, offset, cidl, ENC_NA0x00000000); | ||||
9989 | offset += cidl; | ||||
9990 | } | ||||
9991 | |||||
9992 | return offset; | ||||
9993 | } | ||||
9994 | |||||
9995 | static uint32_t | ||||
9996 | ssl_dissect_hnd_hello_ext_connection_id(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
9997 | proto_tree *tree, uint32_t offset, uint8_t hnd_type, | ||||
9998 | SslSession *session, SslDecryptSession *ssl) | ||||
9999 | { | ||||
10000 | uint8_t cidl = tvb_get_uint8(tvb, offset); | ||||
10001 | |||||
10002 | switch (hnd_type) { | ||||
10003 | case SSL_HND_CLIENT_HELLO: | ||||
10004 | session->client_cid_len_present = true1; | ||||
10005 | return ssl_dissect_ext_connection_id(hf, tvb, pinfo, tree, offset, ssl, | ||||
10006 | cidl, &session->client_cid, &session->client_cid_len); | ||||
10007 | case SSL_HND_SERVER_HELLO: | ||||
10008 | session->server_cid_len_present = true1; | ||||
10009 | return ssl_dissect_ext_connection_id(hf, tvb, pinfo, tree, offset, ssl, | ||||
10010 | cidl, &session->server_cid, &session->server_cid_len); | ||||
10011 | default: | ||||
10012 | return offset; | ||||
10013 | } | ||||
10014 | } /* }}} */ | ||||
10015 | |||||
10016 | /* Trusted CA dissection. {{{ */ | ||||
10017 | static uint32_t | ||||
10018 | ssl_dissect_hnd_hello_ext_trusted_ca_keys(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, | ||||
10019 | uint32_t offset, uint32_t offset_end) | ||||
10020 | { | ||||
10021 | proto_item *ti; | ||||
10022 | proto_tree *subtree; | ||||
10023 | uint32_t keys_length, next_offset; | ||||
10024 | |||||
10025 | /* | ||||
10026 | * struct { | ||||
10027 | * TrustedAuthority trusted_authorities_list<0..2^16-1>; | ||||
10028 | * } TrustedAuthorities; | ||||
10029 | * | ||||
10030 | * struct { | ||||
10031 | * IdentifierType identifier_type; | ||||
10032 | * select (identifier_type) { | ||||
10033 | * case pre_agreed: struct {}; | ||||
10034 | * case key_sha1_hash: SHA1Hash; | ||||
10035 | * case x509_name: DistinguishedName; | ||||
10036 | * case cert_sha1_hash: SHA1Hash; | ||||
10037 | * } identifier; | ||||
10038 | * } TrustedAuthority; | ||||
10039 | * | ||||
10040 | * enum { | ||||
10041 | * pre_agreed(0), key_sha1_hash(1), x509_name(2), | ||||
10042 | * cert_sha1_hash(3), (255) | ||||
10043 | * } IdentifierType; | ||||
10044 | * | ||||
10045 | * opaque DistinguishedName<1..2^16-1>; | ||||
10046 | * | ||||
10047 | */ | ||||
10048 | |||||
10049 | |||||
10050 | /* TrustedAuthority trusted_authorities_list<0..2^16-1> */ | ||||
10051 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &keys_length, hf->hf.hs_ext_trusted_ca_keys_len, | ||||
10052 | 0, UINT16_MAX(65535))) | ||||
10053 | { | ||||
10054 | return offset_end; | ||||
10055 | } | ||||
10056 | offset += 2; | ||||
10057 | next_offset = offset + keys_length; | ||||
10058 | |||||
10059 | if (keys_length > 0) | ||||
10060 | { | ||||
10061 | ti = proto_tree_add_none_format(tree, hf->hf.hs_ext_trusted_ca_keys_list, tvb, offset, keys_length, | ||||
10062 | "Trusted CA keys (%d byte%s)", keys_length, plurality(keys_length, "", "s")((keys_length) == 1 ? ("") : ("s"))); | ||||
10063 | subtree = proto_item_add_subtree(ti, hf->ett.hs_ext_trusted_ca_keys); | ||||
10064 | |||||
10065 | while (offset < next_offset) | ||||
10066 | { | ||||
10067 | uint32_t identifier_type; | ||||
10068 | proto_tree *trusted_key_tree; | ||||
10069 | proto_item *trusted_key_item; | ||||
10070 | asn1_ctx_t asn1_ctx; | ||||
10071 | uint32_t key_len = 0; | ||||
10072 | |||||
10073 | identifier_type = tvb_get_uint8(tvb, offset); | ||||
10074 | |||||
10075 | // Use 0 as length for now as we'll only know the size when we decode the identifier | ||||
10076 | trusted_key_item = proto_tree_add_none_format(subtree, hf->hf.hs_ext_trusted_ca_key, tvb, | ||||
10077 | offset, 0, "Trusted CA Key"); | ||||
10078 | trusted_key_tree = proto_item_add_subtree(trusted_key_item, hf->ett.hs_ext_trusted_ca_key); | ||||
10079 | |||||
10080 | proto_tree_add_uint(trusted_key_tree, hf->hf.hs_ext_trusted_ca_key_type, tvb, | ||||
10081 | offset, 1, identifier_type); | ||||
10082 | offset++; | ||||
10083 | |||||
10084 | /* | ||||
10085 | * enum { | ||||
10086 | * pre_agreed(0), key_sha1_hash(1), x509_name(2), | ||||
10087 | * cert_sha1_hash(3), (255) | ||||
10088 | * } IdentifierType; | ||||
10089 | */ | ||||
10090 | switch (identifier_type) | ||||
10091 | { | ||||
10092 | case 0: | ||||
10093 | key_len = 0; | ||||
10094 | break; | ||||
10095 | case 2: | ||||
10096 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | ||||
10097 | |||||
10098 | uint32_t name_length; | ||||
10099 | /* opaque DistinguishedName<1..2^16-1> */ | ||||
10100 | if (!ssl_add_vector(hf, tvb, pinfo, trusted_key_tree, offset, next_offset, &name_length, | ||||
10101 | hf->hf.hs_ext_trusted_ca_key_dname_len, 1, UINT16_MAX(65535))) { | ||||
10102 | return next_offset; | ||||
10103 | } | ||||
10104 | offset += 2; | ||||
10105 | |||||
10106 | dissect_x509if_DistinguishedName(false0, tvb, offset, &asn1_ctx, | ||||
10107 | trusted_key_tree, hf->hf.hs_ext_trusted_ca_key_dname); | ||||
10108 | offset += name_length; | ||||
10109 | break; | ||||
10110 | case 1: | ||||
10111 | case 3: | ||||
10112 | key_len = 20; | ||||
10113 | /* opaque SHA1Hash[20]; */ | ||||
10114 | proto_tree_add_item(trusted_key_tree, hf->hf.hs_ext_trusted_ca_key_hash, tvb, | ||||
10115 | offset, 20, ENC_NA0x00000000); | ||||
10116 | break; | ||||
10117 | |||||
10118 | default: | ||||
10119 | key_len = 0; | ||||
10120 | /*TODO display expert info about unknown ? */ | ||||
10121 | break; | ||||
10122 | } | ||||
10123 | proto_item_set_len(trusted_key_item, 1 + key_len); | ||||
10124 | offset += key_len; | ||||
10125 | } | ||||
10126 | } | ||||
10127 | |||||
10128 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) | ||||
10129 | { | ||||
10130 | offset = next_offset; | ||||
10131 | } | ||||
10132 | |||||
10133 | return offset; | ||||
10134 | } /* }}} */ | ||||
10135 | |||||
10136 | |||||
10137 | /* Whether the Content and Handshake Types are valid; handle Protocol Version. {{{ */ | ||||
10138 | bool_Bool | ||||
10139 | ssl_is_valid_content_type(uint8_t type) | ||||
10140 | { | ||||
10141 | switch ((ContentType) type) { | ||||
10142 | case SSL_ID_CHG_CIPHER_SPEC: | ||||
10143 | case SSL_ID_ALERT: | ||||
10144 | case SSL_ID_HANDSHAKE: | ||||
10145 | case SSL_ID_APP_DATA: | ||||
10146 | case SSL_ID_HEARTBEAT: | ||||
10147 | case SSL_ID_TLS12_CID: | ||||
10148 | case SSL_ID_DTLS13_ACK: | ||||
10149 | return true1; | ||||
10150 | } | ||||
10151 | return false0; | ||||
10152 | } | ||||
10153 | |||||
10154 | bool_Bool | ||||
10155 | ssl_is_valid_handshake_type(uint8_t hs_type, bool_Bool is_dtls) | ||||
10156 | { | ||||
10157 | switch ((HandshakeType) hs_type) { | ||||
10158 | case SSL_HND_HELLO_VERIFY_REQUEST: | ||||
10159 | /* hello_verify_request is DTLS-only */ | ||||
10160 | return is_dtls; | ||||
10161 | |||||
10162 | case SSL_HND_HELLO_REQUEST: | ||||
10163 | case SSL_HND_CLIENT_HELLO: | ||||
10164 | case SSL_HND_SERVER_HELLO: | ||||
10165 | case SSL_HND_NEWSESSION_TICKET: | ||||
10166 | case SSL_HND_END_OF_EARLY_DATA: | ||||
10167 | case SSL_HND_HELLO_RETRY_REQUEST: | ||||
10168 | case SSL_HND_ENCRYPTED_EXTENSIONS: | ||||
10169 | case SSL_HND_CERTIFICATE: | ||||
10170 | case SSL_HND_SERVER_KEY_EXCHG: | ||||
10171 | case SSL_HND_CERT_REQUEST: | ||||
10172 | case SSL_HND_SVR_HELLO_DONE: | ||||
10173 | case SSL_HND_CERT_VERIFY: | ||||
10174 | case SSL_HND_CLIENT_KEY_EXCHG: | ||||
10175 | case SSL_HND_FINISHED: | ||||
10176 | case SSL_HND_CERT_URL: | ||||
10177 | case SSL_HND_CERT_STATUS: | ||||
10178 | case SSL_HND_SUPPLEMENTAL_DATA: | ||||
10179 | case SSL_HND_KEY_UPDATE: | ||||
10180 | case SSL_HND_COMPRESSED_CERTIFICATE: | ||||
10181 | case SSL_HND_ENCRYPTED_EXTS: | ||||
10182 | return true1; | ||||
10183 | case SSL_HND_MESSAGE_HASH: | ||||
10184 | return false0; | ||||
10185 | } | ||||
10186 | return false0; | ||||
10187 | } | ||||
10188 | |||||
10189 | static bool_Bool | ||||
10190 | ssl_is_authoritative_version_message(uint8_t content_type, uint8_t handshake_type, | ||||
10191 | bool_Bool is_dtls) | ||||
10192 | { | ||||
10193 | /* Consider all valid Handshake messages (except for Client Hello) and | ||||
10194 | * all other valid record types (other than Handshake) */ | ||||
10195 | return (content_type == SSL_ID_HANDSHAKE && | ||||
10196 | ssl_is_valid_handshake_type(handshake_type, is_dtls) && | ||||
10197 | handshake_type != SSL_HND_CLIENT_HELLO) || | ||||
10198 | (content_type != SSL_ID_HANDSHAKE && | ||||
10199 | ssl_is_valid_content_type(content_type)); | ||||
10200 | } | ||||
10201 | |||||
10202 | /** | ||||
10203 | * Scan a Server Hello handshake message for the negotiated version. For TLS 1.3 | ||||
10204 | * draft 22 and newer, it also checks whether it is a HelloRetryRequest. | ||||
10205 | * Returns true if the supported_versions extension was found, false if not. | ||||
10206 | */ | ||||
10207 | bool_Bool | ||||
10208 | tls_scan_server_hello(tvbuff_t *tvb, uint32_t offset, uint32_t offset_end, | ||||
10209 | uint16_t *server_version, bool_Bool *is_hrr) | ||||
10210 | { | ||||
10211 | /* SHA256("HelloRetryRequest") */ | ||||
10212 | static const uint8_t tls13_hrr_random_magic[] = { | ||||
10213 | 0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e, 0x65, 0xb8, 0x91, | ||||
10214 | 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c | ||||
10215 | }; | ||||
10216 | uint8_t session_id_length; | ||||
10217 | |||||
10218 | *server_version = tvb_get_ntohs(tvb, offset); | ||||
10219 | |||||
10220 | /* | ||||
10221 | * Try to look for supported_versions extension. Minimum length: | ||||
10222 | * 2 + 32 + 1 = 35 (version, random, session id length) | ||||
10223 | * 2 + 1 + 2 = 5 (cipher suite, compression method, extensions length) | ||||
10224 | * 2 + 2 + 2 = 6 (ext type, ext len, version) | ||||
10225 | * | ||||
10226 | * We only check for the [legacy_]version field to be [D]TLS 1.2; if it's 1.3, | ||||
10227 | * there's a separate expert info warning for that. | ||||
10228 | */ | ||||
10229 | if ((*server_version == TLSV1DOT2_VERSION0x303 || *server_version == DTLSV1DOT2_VERSION0xfefd) && offset_end - offset >= 46) { | ||||
10230 | offset += 2; | ||||
10231 | if (is_hrr) { | ||||
10232 | *is_hrr = tvb_memeql(tvb, offset, tls13_hrr_random_magic, sizeof(tls13_hrr_random_magic)) == 0; | ||||
10233 | } | ||||
10234 | offset += 32; | ||||
10235 | session_id_length = tvb_get_uint8(tvb, offset); | ||||
10236 | offset++; | ||||
10237 | if (offset_end - offset < session_id_length + 5u) { | ||||
10238 | return false0; | ||||
10239 | } | ||||
10240 | offset += session_id_length + 5; | ||||
10241 | |||||
10242 | while (offset_end - offset >= 6) { | ||||
10243 | uint16_t ext_type = tvb_get_ntohs(tvb, offset); | ||||
10244 | uint16_t ext_len = tvb_get_ntohs(tvb, offset + 2); | ||||
10245 | if (offset_end - offset < 4u + ext_len) { | ||||
10246 | break; /* not enough data for type, length and data */ | ||||
10247 | } | ||||
10248 | if (ext_type == SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43) { | ||||
10249 | if (ext_len == 2) { | ||||
10250 | *server_version = tvb_get_ntohs(tvb, offset + 4); | ||||
10251 | } | ||||
10252 | return true1; | ||||
10253 | } | ||||
10254 | offset += 4 + ext_len; | ||||
10255 | } | ||||
10256 | } else { | ||||
10257 | if (is_hrr) { | ||||
10258 | *is_hrr = false0; | ||||
10259 | } | ||||
10260 | } | ||||
10261 | return false0; | ||||
10262 | } | ||||
10263 | |||||
10264 | /** | ||||
10265 | * Scan a Client Hello handshake message to see if the supported_versions | ||||
10266 | * extension is found, in which case the version field is legacy_version. | ||||
10267 | */ | ||||
10268 | static bool_Bool | ||||
10269 | tls_scan_client_hello(tvbuff_t *tvb, uint32_t offset, uint32_t offset_end) | ||||
10270 | { | ||||
10271 | uint8_t session_id_length; | ||||
10272 | |||||
10273 | uint16_t client_version = tvb_get_ntohs(tvb, offset); | ||||
10274 | |||||
10275 | /* | ||||
10276 | * Try to look for supported_versions extension. Minimum length: | ||||
10277 | * 2 + 32 + 1 = 35 (version, random, session id length) | ||||
10278 | * 2 + 2 + 1 + 2 = 5 (cipher suite, compression method, extensions length) | ||||
10279 | * 2 + 2 + 2 = 6 (ext type, ext len, version) | ||||
10280 | * | ||||
10281 | * We only check for the [legacy_]version field to be [D]TLS 1.2; if it's 1.3, | ||||
10282 | * there's a separate expert info warning for that. | ||||
10283 | */ | ||||
10284 | if ((client_version == TLSV1DOT2_VERSION0x303 || client_version == DTLSV1DOT2_VERSION0xfefd) && offset_end - offset >= 46) { | ||||
10285 | offset += 2; | ||||
10286 | offset += 32; | ||||
10287 | session_id_length = tvb_get_uint8(tvb, offset); | ||||
10288 | offset++; | ||||
10289 | if (offset_end - offset < session_id_length + 2u) { | ||||
10290 | return false0; | ||||
10291 | } | ||||
10292 | offset += session_id_length; | ||||
10293 | if (client_version == DTLSV1DOT2_VERSION0xfefd) { | ||||
10294 | uint8_t cookie_length = tvb_get_uint8(tvb, offset); | ||||
10295 | offset++; | ||||
10296 | if (offset_end - offset < cookie_length + 2u) { | ||||
10297 | return false0; | ||||
10298 | } | ||||
10299 | } | ||||
10300 | uint16_t cipher_suites_length = tvb_get_ntohs(tvb, offset); | ||||
10301 | offset += 2; | ||||
10302 | if (offset_end - offset < cipher_suites_length + 1u) { | ||||
10303 | return false0; | ||||
10304 | } | ||||
10305 | offset += cipher_suites_length; | ||||
10306 | uint8_t compression_methods_length = tvb_get_uint8(tvb, offset); | ||||
10307 | offset++; | ||||
10308 | if (offset_end - offset < compression_methods_length + 2u) { | ||||
10309 | return false0; | ||||
10310 | } | ||||
10311 | offset += compression_methods_length + 2; | ||||
10312 | |||||
10313 | while (offset_end - offset >= 6) { | ||||
10314 | uint16_t ext_type = tvb_get_ntohs(tvb, offset); | ||||
10315 | uint16_t ext_len = tvb_get_ntohs(tvb, offset + 2); | ||||
10316 | if (offset_end - offset < 4u + ext_len) { | ||||
10317 | break; /* not enough data for type, length and data */ | ||||
10318 | } | ||||
10319 | if (ext_type == SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43) { | ||||
10320 | return true1; | ||||
10321 | } | ||||
10322 | offset += 4 + ext_len; | ||||
10323 | } | ||||
10324 | } | ||||
10325 | return false0; | ||||
10326 | } | ||||
10327 | void | ||||
10328 | ssl_try_set_version(SslSession *session, SslDecryptSession *ssl, | ||||
10329 | uint8_t content_type, uint8_t handshake_type, | ||||
10330 | bool_Bool is_dtls, uint16_t version) | ||||
10331 | { | ||||
10332 | uint8_t tls13_draft = 0; | ||||
10333 | |||||
10334 | if (!ssl_is_authoritative_version_message(content_type, handshake_type, | ||||
10335 | is_dtls)) | ||||
10336 | return; | ||||
10337 | |||||
10338 | version = tls_try_get_version(is_dtls, version, &tls13_draft); | ||||
10339 | if (version == SSL_VER_UNKNOWN0) { | ||||
10340 | return; | ||||
10341 | } | ||||
10342 | |||||
10343 | session->tls13_draft_version = tls13_draft; | ||||
10344 | session->version = version; | ||||
10345 | if (ssl) { | ||||
10346 | ssl->state |= SSL_VERSION(1<<4); | ||||
10347 | ssl_debug_printf("%s found version 0x%04X -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), version, ssl->state); | ||||
10348 | } | ||||
10349 | } | ||||
10350 | |||||
10351 | void | ||||
10352 | ssl_check_record_length(ssl_common_dissect_t *hf, packet_info *pinfo, | ||||
10353 | ContentType content_type, | ||||
10354 | unsigned record_length, proto_item *length_pi, | ||||
10355 | uint16_t version, tvbuff_t *decrypted_tvb) | ||||
10356 | { | ||||
10357 | unsigned max_expansion; | ||||
10358 | if (version == TLSV1DOT3_VERSION0x304) { | ||||
10359 | /* TLS 1.3: Max length is 2^14 + 256 */ | ||||
10360 | max_expansion = 256; | ||||
10361 | } else { | ||||
10362 | /* RFC 5246, Section 6.2.3: TLSCiphertext.fragment length MUST NOT exceed 2^14 + 2048 */ | ||||
10363 | max_expansion = 2048; | ||||
10364 | } | ||||
10365 | /* | ||||
10366 | * RFC 5246 (TLS 1.2), Section 6.2.1 forbids zero-length Handshake, Alert | ||||
10367 | * and ChangeCipherSpec. | ||||
10368 | * RFC 6520 (Heartbeats) does not mention zero-length Heartbeat fragments, | ||||
10369 | * so assume it is permitted. | ||||
10370 | * RFC 6347 (DTLS 1.2) does not mention zero-length fragments either, so | ||||
10371 | * assume TLS 1.2 requirements. | ||||
10372 | */ | ||||
10373 | if (record_length == 0 && | ||||
10374 | (content_type == SSL_ID_CHG_CIPHER_SPEC || | ||||
10375 | content_type == SSL_ID_ALERT || | ||||
10376 | content_type == SSL_ID_HANDSHAKE)) { | ||||
10377 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, | ||||
10378 | "Zero-length %s fragments are not allowed", | ||||
10379 | val_to_str_const(content_type, ssl_31_content_type, "unknown")); | ||||
10380 | } | ||||
10381 | if (record_length > TLS_MAX_RECORD_LENGTH0x4000 + max_expansion) { | ||||
10382 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, | ||||
10383 | "TLSCiphertext length MUST NOT exceed 2^14 + %u", max_expansion); | ||||
10384 | } | ||||
10385 | if (decrypted_tvb && tvb_captured_length(decrypted_tvb) > TLS_MAX_RECORD_LENGTH0x4000) { | ||||
10386 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, | ||||
10387 | "TLSPlaintext length MUST NOT exceed 2^14"); | ||||
10388 | } | ||||
10389 | } | ||||
10390 | |||||
10391 | static void | ||||
10392 | ssl_set_cipher(SslDecryptSession *ssl, uint16_t cipher) | ||||
10393 | { | ||||
10394 | /* store selected cipher suite for decryption */ | ||||
10395 | ssl->session.cipher = cipher; | ||||
10396 | |||||
10397 | const SslCipherSuite *cs = ssl_find_cipher(cipher); | ||||
10398 | if (!cs) { | ||||
10399 | ssl->cipher_suite = NULL((void*)0); | ||||
10400 | ssl->state &= ~SSL_CIPHER(1<<2); | ||||
10401 | ssl_debug_printf("%s can't find cipher suite 0x%04X\n", G_STRFUNC((const char*) (__func__)), cipher); | ||||
10402 | } else if (ssl->session.version == SSLV3_VERSION0x300 && !(cs->dig == DIG_MD50x40 || cs->dig == DIG_SHA0x41)) { | ||||
10403 | /* A malicious packet capture contains a SSL 3.0 session using a TLS 1.2 | ||||
10404 | * cipher suite that uses for example MACAlgorithm SHA256. Reject that | ||||
10405 | * to avoid a potential buffer overflow in ssl3_check_mac. */ | ||||
10406 | ssl->cipher_suite = NULL((void*)0); | ||||
10407 | ssl->state &= ~SSL_CIPHER(1<<2); | ||||
10408 | ssl_debug_printf("%s invalid SSL 3.0 cipher suite 0x%04X\n", G_STRFUNC((const char*) (__func__)), cipher); | ||||
10409 | } else { | ||||
10410 | /* Cipher found, save this for the delayed decoder init */ | ||||
10411 | ssl->cipher_suite = cs; | ||||
10412 | ssl->state |= SSL_CIPHER(1<<2); | ||||
10413 | ssl_debug_printf("%s found CIPHER 0x%04X %s -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), cipher, | ||||
10414 | val_to_str_ext_const(cipher, &ssl_31_ciphersuite_ext, "unknown"), | ||||
10415 | ssl->state); | ||||
10416 | } | ||||
10417 | } | ||||
10418 | /* }}} */ | ||||
10419 | |||||
10420 | |||||
10421 | /* Client Hello and Server Hello dissections. {{{ */ | ||||
10422 | static int | ||||
10423 | ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | ||||
10424 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, | ||||
10425 | SslSession *session, SslDecryptSession *ssl, | ||||
10426 | bool_Bool is_dtls, wmem_strbuf_t *ja3, ja4_data_t *ja4_data, | ||||
10427 | ssl_master_key_map_t *mk_map, uint32_t initial_offset, uint32_t hello_length); | ||||
10428 | int | ||||
10429 | // NOLINTNEXTLINE(misc-no-recursion) | ||||
10430 | ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
10431 | packet_info *pinfo, proto_tree *tree, uint32_t offset, | ||||
10432 | uint32_t offset_end, SslSession *session, | ||||
10433 | SslDecryptSession *ssl, dtls_hfs_t *dtls_hfs, ssl_master_key_map_t *mk_map) | ||||
10434 | { | ||||
10435 | /* struct { | ||||
10436 | * ProtocolVersion client_version; | ||||
10437 | * Random random; | ||||
10438 | * SessionID session_id; | ||||
10439 | * opaque cookie<0..32>; //new field for DTLS | ||||
10440 | * CipherSuite cipher_suites<2..2^16-1>; | ||||
10441 | * CompressionMethod compression_methods<1..2^8-1>; | ||||
10442 | * Extension client_hello_extension_list<0..2^16-1>; | ||||
10443 | * } ClientHello; | ||||
10444 | */ | ||||
10445 | proto_item *ti; | ||||
10446 | proto_tree *cs_tree; | ||||
10447 | uint32_t client_version; | ||||
10448 | uint32_t cipher_suite_length; | ||||
10449 | uint32_t compression_methods_length; | ||||
10450 | uint8_t compression_method; | ||||
10451 | uint32_t next_offset; | ||||
10452 | uint32_t initial_offset = offset; | ||||
10453 | uint32_t hello_length = offset_end - initial_offset; | ||||
10454 | wmem_strbuf_t *ja3 = wmem_strbuf_new(pinfo->pool, ""); | ||||
10455 | char *ja3_hash; | ||||
10456 | char *ja3_dash = ""; | ||||
10457 | char *ja4, *ja4_r, *ja4_hash, *ja4_b, *ja4_c; | ||||
10458 | ja4_data_t ja4_data; | ||||
10459 | wmem_strbuf_t *ja4_a = wmem_strbuf_new(pinfo->pool, ""); | ||||
10460 | wmem_strbuf_t *ja4_br = wmem_strbuf_new(pinfo->pool, ""); | ||||
10461 | wmem_strbuf_t *ja4_cr = wmem_strbuf_new(pinfo->pool, ""); | ||||
10462 | wmem_list_frame_t *curr_entry; | ||||
10463 | |||||
10464 | ja4_data.max_version = 0; | ||||
10465 | ja4_data.server_name_present = false0; | ||||
10466 | ja4_data.num_cipher_suites = 0; | ||||
10467 | ja4_data.num_extensions = 0; | ||||
10468 | ja4_data.alpn = wmem_strbuf_new(pinfo->pool, ""); | ||||
10469 | ja4_data.cipher_list = wmem_list_new(pinfo->pool); | ||||
10470 | ja4_data.extension_list = wmem_list_new(pinfo->pool); | ||||
10471 | ja4_data.sighash_list = wmem_list_new(pinfo->pool); | ||||
10472 | |||||
10473 | /* show the client version */ | ||||
10474 | ti = proto_tree_add_item_ret_uint(tree, hf->hf.hs_client_version, tvb, | ||||
10475 | offset, 2, ENC_BIG_ENDIAN0x00000000, | ||||
10476 | &client_version); | ||||
10477 | if (tls_scan_client_hello(tvb, offset, offset_end)) { | ||||
10478 | expert_add_info(pinfo, ti, &hf->ei.legacy_version); | ||||
10479 | } | ||||
10480 | offset += 2; | ||||
10481 | wmem_strbuf_append_printf(ja3, "%i,", client_version); | ||||
10482 | |||||
10483 | /* | ||||
10484 | * Is it version 1.3? | ||||
10485 | * If so, that's an error; TLS and DTLS 1.3 Client Hellos claim | ||||
10486 | * to be TLS 1.2, and mention 1.3 in an extension. See RFC 8446 | ||||
10487 | * section 4.1.2 "Client Hello" and RFC 9147 Section 5.3 "Client | ||||
10488 | * Hello". | ||||
10489 | */ | ||||
10490 | if (dtls_hfs != NULL((void*)0)) { | ||||
10491 | if (client_version == DTLSV1DOT3_VERSION0xfefc) { | ||||
10492 | /* Don't do that. */ | ||||
10493 | expert_add_info(pinfo, ti, &hf->ei.client_version_error); | ||||
10494 | } | ||||
10495 | } else { | ||||
10496 | if (client_version == TLSV1DOT3_VERSION0x304) { | ||||
10497 | /* Don't do that. */ | ||||
10498 | expert_add_info(pinfo, ti, &hf->ei.client_version_error); | ||||
10499 | } | ||||
10500 | } | ||||
10501 | |||||
10502 | /* dissect fields that are present in both ClientHello and ServerHello */ | ||||
10503 | offset = ssl_dissect_hnd_hello_common(hf, tvb, pinfo, tree, offset, session, ssl, false0, false0); | ||||
10504 | |||||
10505 | /* fields specific for DTLS (cookie_len, cookie) */ | ||||
10506 | if (dtls_hfs != NULL((void*)0)) { | ||||
10507 | uint32_t cookie_length; | ||||
10508 | /* opaque cookie<0..32> (for DTLS only) */ | ||||
10509 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cookie_length, | ||||
10510 | dtls_hfs->hf_dtls_handshake_cookie_len, 0, 32)) { | ||||
10511 | return offset; | ||||
10512 | } | ||||
10513 | offset++; | ||||
10514 | if (cookie_length > 0) { | ||||
10515 | proto_tree_add_item(tree, dtls_hfs->hf_dtls_handshake_cookie, | ||||
10516 | tvb, offset, cookie_length, ENC_NA0x00000000); | ||||
10517 | offset += cookie_length; | ||||
10518 | } | ||||
10519 | } | ||||
10520 | |||||
10521 | /* CipherSuite cipher_suites<2..2^16-1> */ | ||||
10522 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cipher_suite_length, | ||||
10523 | hf->hf.hs_cipher_suites_len, 2, UINT16_MAX(65535))) { | ||||
10524 | return offset; | ||||
10525 | } | ||||
10526 | offset += 2; | ||||
10527 | next_offset = offset + cipher_suite_length; | ||||
10528 | ti = proto_tree_add_none_format(tree, | ||||
10529 | hf->hf.hs_cipher_suites, | ||||
10530 | tvb, offset, cipher_suite_length, | ||||
10531 | "Cipher Suites (%d suite%s)", | ||||
10532 | cipher_suite_length / 2, | ||||
10533 | plurality(cipher_suite_length/2, "", "s")((cipher_suite_length/2) == 1 ? ("") : ("s"))); | ||||
10534 | cs_tree = proto_item_add_subtree(ti, hf->ett.cipher_suites); | ||||
10535 | while (offset + 2 <= next_offset) { | ||||
10536 | uint32_t cipher_suite; | ||||
10537 | |||||
10538 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.hs_cipher_suite, tvb, offset, 2, | ||||
10539 | ENC_BIG_ENDIAN0x00000000, &cipher_suite); | ||||
10540 | offset += 2; | ||||
10541 | if (!IS_GREASE_TLS(cipher_suite)((((cipher_suite) & 0x0f0f) == 0x0a0a) && (((cipher_suite ) & 0xff) == (((cipher_suite)>>8) & 0xff)))) { | ||||
10542 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, cipher_suite); | ||||
10543 | ja3_dash = "-"; | ||||
10544 | ja4_data.num_cipher_suites += 1; | ||||
10545 | wmem_list_insert_sorted(ja4_data.cipher_list, GUINT_TO_POINTER(cipher_suite)((gpointer) (gulong) (cipher_suite)), wmem_compare_uint); | ||||
10546 | } | ||||
10547 | } | ||||
10548 | wmem_strbuf_append_c(ja3, ','); | ||||
10549 | if (!ssl_end_vector(hf, tvb, pinfo, cs_tree, offset, next_offset)) { | ||||
10550 | offset = next_offset; | ||||
10551 | } | ||||
10552 | |||||
10553 | /* CompressionMethod compression_methods<1..2^8-1> */ | ||||
10554 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compression_methods_length, | ||||
10555 | hf->hf.hs_comp_methods_len, 1, UINT8_MAX(255))) { | ||||
10556 | return offset; | ||||
10557 | } | ||||
10558 | offset++; | ||||
10559 | next_offset = offset + compression_methods_length; | ||||
10560 | ti = proto_tree_add_none_format(tree, | ||||
10561 | hf->hf.hs_comp_methods, | ||||
10562 | tvb, offset, compression_methods_length, | ||||
10563 | "Compression Methods (%u method%s)", | ||||
10564 | compression_methods_length, | ||||
10565 | plurality(compression_methods_length,((compression_methods_length) == 1 ? ("") : ("s")) | ||||
10566 | "", "s")((compression_methods_length) == 1 ? ("") : ("s"))); | ||||
10567 | cs_tree = proto_item_add_subtree(ti, hf->ett.comp_methods); | ||||
10568 | while (offset < next_offset) { | ||||
10569 | compression_method = tvb_get_uint8(tvb, offset); | ||||
10570 | /* TODO: make reserved/private comp meth. fields selectable */ | ||||
10571 | if (compression_method < 64) | ||||
10572 | proto_tree_add_uint(cs_tree, hf->hf.hs_comp_method, | ||||
10573 | tvb, offset, 1, compression_method); | ||||
10574 | else if (compression_method > 63 && compression_method < 193) | ||||
10575 | proto_tree_add_uint_format_value(cs_tree, hf->hf.hs_comp_method, tvb, offset, 1, | ||||
10576 | compression_method, "Reserved - to be assigned by IANA (%u)", | ||||
10577 | compression_method); | ||||
10578 | else | ||||
10579 | proto_tree_add_uint_format_value(cs_tree, hf->hf.hs_comp_method, tvb, offset, 1, | ||||
10580 | compression_method, "Private use range (%u)", | ||||
10581 | compression_method); | ||||
10582 | offset++; | ||||
10583 | } | ||||
10584 | |||||
10585 | /* SSL v3.0 has no extensions, so length field can indeed be missing. */ | ||||
10586 | if (offset < offset_end) { | ||||
10587 | offset = ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | ||||
10588 | offset_end, SSL_HND_CLIENT_HELLO, | ||||
10589 | session, ssl, dtls_hfs != NULL((void*)0), ja3, &ja4_data, mk_map, initial_offset, hello_length); | ||||
10590 | if (ja4_data.max_version > 0) { | ||||
10591 | client_version = ja4_data.max_version; | ||||
10592 | } | ||||
10593 | } else { | ||||
10594 | wmem_strbuf_append_printf(ja3, ",,"); | ||||
10595 | } | ||||
10596 | |||||
10597 | if (proto_is_frame_protocol(pinfo->layers,"tcp")) { | ||||
10598 | wmem_strbuf_append(ja4_a, "t"); | ||||
10599 | } else if (proto_is_frame_protocol(pinfo->layers,"quic")) { | ||||
10600 | wmem_strbuf_append(ja4_a, "q"); | ||||
10601 | } else if (proto_is_frame_protocol(pinfo->layers,"dtls")) { | ||||
10602 | wmem_strbuf_append(ja4_a, "d"); | ||||
10603 | } | ||||
10604 | wmem_strbuf_append_printf(ja4_a, "%s", val_to_str_const(client_version, ssl_version_ja4_names, "00")); | ||||
10605 | wmem_strbuf_append_printf(ja4_a, "%s", ja4_data.server_name_present ? "d" : "i"); | ||||
10606 | if (ja4_data.num_cipher_suites > 99) { | ||||
10607 | wmem_strbuf_append(ja4_a, "99"); | ||||
10608 | } else { | ||||
10609 | wmem_strbuf_append_printf(ja4_a, "%02d", ja4_data.num_cipher_suites); | ||||
10610 | } | ||||
10611 | if (ja4_data.num_extensions > 99) { | ||||
10612 | wmem_strbuf_append(ja4_a, "99"); | ||||
10613 | } else { | ||||
10614 | wmem_strbuf_append_printf(ja4_a, "%02d", ja4_data.num_extensions); | ||||
10615 | } | ||||
10616 | if (wmem_strbuf_get_len(ja4_data.alpn) > 0 ) { | ||||
10617 | wmem_strbuf_append_printf(ja4_a, "%s", wmem_strbuf_get_str(ja4_data.alpn)); | ||||
10618 | } else { | ||||
10619 | wmem_strbuf_append(ja4_a, "00"); | ||||
10620 | } | ||||
10621 | |||||
10622 | curr_entry = wmem_list_head(ja4_data.cipher_list); | ||||
10623 | for (unsigned i = 0; i < wmem_list_count(ja4_data.cipher_list); i++) { | ||||
10624 | wmem_strbuf_append_printf(ja4_br, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); | ||||
10625 | if (i < wmem_list_count(ja4_data.cipher_list) - 1) { | ||||
10626 | wmem_strbuf_append(ja4_br, ","); | ||||
10627 | } | ||||
10628 | curr_entry = wmem_list_frame_next(curr_entry); | ||||
10629 | } | ||||
10630 | |||||
10631 | curr_entry = wmem_list_head(ja4_data.extension_list); | ||||
10632 | for (unsigned i = 0; i < wmem_list_count(ja4_data.extension_list); i++) { | ||||
10633 | wmem_strbuf_append_printf(ja4_cr, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); | ||||
10634 | if (i < wmem_list_count(ja4_data.extension_list) - 1) { | ||||
10635 | wmem_strbuf_append(ja4_cr, ","); | ||||
10636 | } | ||||
10637 | curr_entry = wmem_list_frame_next(curr_entry); | ||||
10638 | } | ||||
10639 | |||||
10640 | if (wmem_list_count(ja4_data.sighash_list) > 0) { | ||||
10641 | wmem_strbuf_append(ja4_cr, "_"); | ||||
10642 | curr_entry = wmem_list_head(ja4_data.sighash_list); | ||||
10643 | for (unsigned i = 0; i < wmem_list_count(ja4_data.sighash_list); i++) { | ||||
10644 | wmem_strbuf_append_printf(ja4_cr, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); | ||||
10645 | if (i < wmem_list_count(ja4_data.sighash_list) - 1) { | ||||
10646 | wmem_strbuf_append(ja4_cr, ","); | ||||
10647 | } | ||||
10648 | curr_entry = wmem_list_frame_next(curr_entry); | ||||
10649 | } | ||||
10650 | } | ||||
10651 | ja4_hash = g_compute_checksum_for_string(G_CHECKSUM_SHA256, wmem_strbuf_get_str(ja4_br),-1); | ||||
10652 | ja4_b = wmem_strndup(pinfo->pool, ja4_hash, 12); | ||||
10653 | g_free(ja4_hash); | ||||
10654 | if ( wmem_strbuf_get_len(ja4_cr) == 0 ) { | ||||
10655 | ja4_hash = g_strdup("000000000000")g_strdup_inline ("000000000000"); | ||||
10656 | } else { | ||||
10657 | ja4_hash = g_compute_checksum_for_string(G_CHECKSUM_SHA256, wmem_strbuf_get_str(ja4_cr),-1); | ||||
10658 | } | ||||
10659 | ja4_c = wmem_strndup(pinfo->pool, ja4_hash, 12); | ||||
10660 | g_free(ja4_hash); | ||||
10661 | |||||
10662 | ja4 = wmem_strdup_printf(pinfo->pool, "%s_%s_%s", wmem_strbuf_get_str(ja4_a), ja4_b, ja4_c); | ||||
10663 | ja4_r = wmem_strdup_printf(pinfo->pool, "%s_%s_%s", wmem_strbuf_get_str(ja4_a), wmem_strbuf_get_str(ja4_br), wmem_strbuf_get_str(ja4_cr)); | ||||
10664 | |||||
10665 | ti = proto_tree_add_string(tree, hf->hf.hs_ja4, tvb, offset, 0, ja4); | ||||
10666 | proto_item_set_generated(ti); | ||||
10667 | ti = proto_tree_add_string(tree, hf->hf.hs_ja4_r, tvb, offset, 0, ja4_r); | ||||
10668 | proto_item_set_generated(ti); | ||||
10669 | |||||
10670 | ja3_hash = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(ja3), | ||||
10671 | wmem_strbuf_get_len(ja3)); | ||||
10672 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3_full, tvb, offset, 0, wmem_strbuf_get_str(ja3)); | ||||
10673 | proto_item_set_generated(ti); | ||||
10674 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3_hash, tvb, offset, 0, ja3_hash); | ||||
10675 | proto_item_set_generated(ti); | ||||
10676 | g_free(ja3_hash); | ||||
10677 | return offset; | ||||
10678 | } | ||||
10679 | |||||
10680 | void | ||||
10681 | ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
10682 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
10683 | SslSession *session, SslDecryptSession *ssl, | ||||
10684 | bool_Bool is_dtls, bool_Bool is_hrr) | ||||
10685 | { | ||||
10686 | /* struct { | ||||
10687 | * ProtocolVersion server_version; | ||||
10688 | * Random random; | ||||
10689 | * SessionID session_id; // TLS 1.2 and before | ||||
10690 | * CipherSuite cipher_suite; | ||||
10691 | * CompressionMethod compression_method; // TLS 1.2 and before | ||||
10692 | * Extension server_hello_extension_list<0..2^16-1>; | ||||
10693 | * } ServerHello; | ||||
10694 | */ | ||||
10695 | uint8_t draft_version = session->tls13_draft_version; | ||||
10696 | proto_item *ti; | ||||
10697 | uint32_t server_version; | ||||
10698 | uint32_t cipher_suite; | ||||
10699 | uint32_t initial_offset = offset; | ||||
10700 | wmem_strbuf_t *ja3 = wmem_strbuf_new(pinfo->pool, ""); | ||||
10701 | char *ja3_hash; | ||||
10702 | |||||
10703 | col_set_str(pinfo->cinfo, COL_PROTOCOL, | ||||
10704 | val_to_str_const(session->version, ssl_version_short_names, "SSL")); | ||||
10705 | |||||
10706 | /* Initially assume that the session is resumed. If this is not the case, a | ||||
10707 | * ServerHelloDone will be observed before the ChangeCipherSpec message | ||||
10708 | * which will reset this flag. */ | ||||
10709 | session->is_session_resumed = true1; | ||||
10710 | |||||
10711 | /* show the server version */ | ||||
10712 | ti = proto_tree_add_item_ret_uint(tree, hf->hf.hs_server_version, tvb, | ||||
10713 | offset, 2, ENC_BIG_ENDIAN0x00000000, &server_version); | ||||
10714 | |||||
10715 | uint16_t supported_server_version; | ||||
10716 | if (tls_scan_server_hello(tvb, offset, offset_end, &supported_server_version, NULL((void*)0))) { | ||||
| |||||
10717 | expert_add_info(pinfo, ti, &hf->ei.legacy_version); | ||||
10718 | } | ||||
10719 | /* | ||||
10720 | * Is it version 1.3? | ||||
10721 | * If so, that's an error; TLS and DTLS 1.3 Server Hellos claim | ||||
10722 | * to be TLS 1.2, and mention 1.3 in an extension. See RFC 8446 | ||||
10723 | * section 4.1.3 "Server Hello" and RFC 9147 Section 5.4 "Server | ||||
10724 | * Hello". | ||||
10725 | */ | ||||
10726 | if (is_dtls) { | ||||
10727 | if (server_version == DTLSV1DOT3_VERSION0xfefc) { | ||||
10728 | /* Don't do that. */ | ||||
10729 | expert_add_info(pinfo, ti, &hf->ei.server_version_error); | ||||
10730 | } | ||||
10731 | } else { | ||||
10732 | if (server_version == TLSV1DOT3_VERSION0x304) { | ||||
10733 | /* Don't do that. */ | ||||
10734 | expert_add_info(pinfo, ti, &hf->ei.server_version_error); | ||||
10735 | } | ||||
10736 | } | ||||
10737 | |||||
10738 | offset += 2; | ||||
10739 | wmem_strbuf_append_printf(ja3, "%i", server_version); | ||||
10740 | |||||
10741 | /* dissect fields that are present in both ClientHello and ServerHello */ | ||||
10742 | offset = ssl_dissect_hnd_hello_common(hf, tvb, pinfo, tree, offset, session, ssl, true1, is_hrr); | ||||
10743 | |||||
10744 | if (ssl
| ||||
10745 | /* store selected cipher suite for decryption */ | ||||
10746 | ssl_set_cipher(ssl, tvb_get_ntohs(tvb, offset)); | ||||
10747 | } | ||||
10748 | |||||
10749 | /* now the server-selected cipher suite */ | ||||
10750 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_cipher_suite, | ||||
10751 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &cipher_suite); | ||||
10752 | offset += 2; | ||||
10753 | wmem_strbuf_append_printf(ja3, ",%i,", cipher_suite); | ||||
10754 | |||||
10755 | /* No compression with TLS 1.3 before draft -22 */ | ||||
10756 | if (!(session->version
| ||||
10757 | if (ssl
| ||||
10758 | /* store selected compression method for decryption */ | ||||
10759 | ssl->session.compression = tvb_get_uint8(tvb, offset); | ||||
10760 | } | ||||
10761 | /* and the server-selected compression method */ | ||||
10762 | proto_tree_add_item(tree, hf->hf.hs_comp_method, | ||||
10763 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
10764 | offset++; | ||||
10765 | } | ||||
10766 | |||||
10767 | /* SSL v3.0 has no extensions, so length field can indeed be missing. */ | ||||
10768 | if (offset < offset_end) { | ||||
10769 | offset = ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | ||||
10770 | offset_end, | ||||
10771 | is_hrr ? SSL_HND_HELLO_RETRY_REQUEST : SSL_HND_SERVER_HELLO, | ||||
10772 | session, ssl, is_dtls, ja3, NULL((void*)0), NULL((void*)0), 0, 0); | ||||
10773 | } | ||||
10774 | |||||
10775 | if (ssl
| ||||
10776 | int hash_algo = ssl_get_digest_by_name(ssl_cipher_suite_dig(ssl->cipher_suite)->name); | ||||
10777 | if (hash_algo) { | ||||
10778 | SSL_MDgcry_md_hd_t mc; | ||||
10779 | guchar transcript_hash[DIGEST_MAX_SIZE48]; | ||||
10780 | guchar prk[DIGEST_MAX_SIZE48]; | ||||
10781 | guchar *ech_verify_out = NULL((void*)0); | ||||
10782 | unsigned int len; | ||||
10783 | ssl_md_init(&mc, hash_algo); | ||||
10784 | ssl_md_update(&mc, ssl->ech_transcript.data, ssl->ech_transcript.data_len); | ||||
10785 | if (is_hrr) { | ||||
10786 | ssl_md_final(&mc, transcript_hash, &len); | ||||
10787 | ssl_md_cleanup(&mc); | ||||
10788 | wmem_free(wmem_file_scope(), ssl->ech_transcript.data); | ||||
10789 | ssl->ech_transcript.data_len = 4 + len; | ||||
10790 | ssl->ech_transcript.data = (guchar*)wmem_alloc(wmem_file_scope(), 4 + len + 4 + offset_end - initial_offset); | ||||
10791 | ssl->ech_transcript.data[0] = SSL_HND_MESSAGE_HASH; | ||||
10792 | ssl->ech_transcript.data[1] = 0; | ||||
10793 | ssl->ech_transcript.data[2] = 0; | ||||
10794 | ssl->ech_transcript.data[3] = len; | ||||
10795 | memcpy(ssl->ech_transcript.data + 4, transcript_hash, len); | ||||
10796 | ssl_md_init(&mc, hash_algo); | ||||
10797 | ssl_md_update(&mc, ssl->ech_transcript.data, 4 + len); | ||||
10798 | } else { | ||||
10799 | ssl->ech_transcript.data = wmem_realloc(wmem_file_scope(), ssl->ech_transcript.data, | ||||
10800 | ssl->ech_transcript.data_len + 4 + offset_end - initial_offset); | ||||
10801 | } | ||||
10802 | if (initial_offset > 4) { | ||||
10803 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len, initial_offset - 4, | ||||
10804 | 4 + offset_end - initial_offset); | ||||
10805 | if (is_hrr) | ||||
10806 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, initial_offset-4, 38), 38); | ||||
10807 | else | ||||
10808 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, initial_offset-4, 30), 30); | ||||
10809 | } else { | ||||
10810 | uint8_t prefix[4] = {SSL_HND_SERVER_HELLO, 0x00, 0x00, 0x00}; | ||||
10811 | prefix[2] = ((offset - initial_offset) >> 8); | ||||
10812 | prefix[3] = (offset - initial_offset) & 0xff; | ||||
10813 | memcpy(ssl->ech_transcript.data + ssl->ech_transcript.data_len, prefix, 4); | ||||
10814 | tvb_memcpy(tvb, ssl->ech_transcript.data + ssl->ech_transcript.data_len + 4, initial_offset, | ||||
10815 | offset_end - initial_offset); | ||||
10816 | ssl_md_update(&mc, prefix, 4); | ||||
10817 | if (is_hrr) | ||||
10818 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, initial_offset, 34), 34); | ||||
10819 | else | ||||
10820 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, initial_offset, 26), 26); | ||||
10821 | } | ||||
10822 | ssl->ech_transcript.data_len += 4 + offset_end - initial_offset; | ||||
10823 | uint8_t zeros[8] = { 0 }; | ||||
10824 | uint32_t confirmation_offset = initial_offset + 26; | ||||
10825 | if (is_hrr) { | ||||
10826 | uint32_t hrr_offset = initial_offset + 34; | ||||
10827 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, hrr_offset, | ||||
10828 | tvb_get_uint8(tvb, hrr_offset) + 1), tvb_get_uint8(tvb, hrr_offset) + 1); | ||||
10829 | hrr_offset += tvb_get_uint8(tvb, hrr_offset) + 1; | ||||
10830 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, hrr_offset, 3), 3); | ||||
10831 | hrr_offset += 3; | ||||
10832 | uint16_t extensions_end = hrr_offset + tvb_get_ntohs(tvb, hrr_offset) + 2; | ||||
10833 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, hrr_offset, 2), 2); | ||||
10834 | hrr_offset += 2; | ||||
10835 | while (extensions_end - hrr_offset >= 4) { | ||||
10836 | if (tvb_get_ntohs(tvb, hrr_offset) == SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037 && | ||||
10837 | tvb_get_ntohs(tvb, hrr_offset + 2) == 8) { | ||||
10838 | confirmation_offset = hrr_offset + 4; | ||||
10839 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, hrr_offset, 4), 4); | ||||
10840 | ssl_md_update(&mc, zeros, 8); | ||||
10841 | hrr_offset += 12; | ||||
10842 | } else { | ||||
10843 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, hrr_offset, tvb_get_ntohs(tvb, hrr_offset + 2) + 4), | ||||
10844 | tvb_get_ntohs(tvb, hrr_offset + 2) + 4); | ||||
10845 | hrr_offset += tvb_get_ntohs(tvb, hrr_offset + 2) + 4; | ||||
10846 | } | ||||
10847 | } | ||||
10848 | } else { | ||||
10849 | ssl_md_update(&mc, zeros, 8); | ||||
10850 | ssl_md_update(&mc, (guchar *)tvb_get_ptr(tvb, initial_offset + 34, offset - initial_offset - 34), | ||||
10851 | offset - initial_offset - 34); | ||||
10852 | } | ||||
10853 | ssl_md_final(&mc, transcript_hash, &len); | ||||
10854 | ssl_md_cleanup(&mc); | ||||
10855 | hkdf_extract(hash_algo, NULL((void*)0), 0, ssl->client_random.data, 32, prk); | ||||
10856 | StringInfo prk_string = {prk, len}; | ||||
10857 | tls13_hkdf_expand_label_context(hash_algo, &prk_string, tls13_hkdf_label_prefix(ssl), | ||||
10858 | is_hrr ? "hrr ech accept confirmation" : "ech accept confirmation", | ||||
10859 | transcript_hash, len, 8, &ech_verify_out); | ||||
10860 | memcpy(is_hrr ? ssl->session.hrr_ech_confirmation : ssl->session.ech_confirmation, ech_verify_out, 8); | ||||
10861 | if (tvb_memeql(tvb, confirmation_offset, ech_verify_out, 8) == -1) { | ||||
10862 | if (is_hrr) { | ||||
10863 | ssl->session.hrr_ech_declined = TRUE(!(0)); | ||||
10864 | ssl->session.first_ch_ech_frame = 0; | ||||
10865 | } | ||||
10866 | memcpy(ssl->client_random.data, ssl->session.client_random.data, ssl->session.client_random.data_len); | ||||
10867 | ssl_print_data("Updated Client Random", ssl->client_random.data, 32); | ||||
10868 | } | ||||
10869 | wmem_free(NULL((void*)0), ech_verify_out); | ||||
10870 | ssl->session.ech = TRUE(!(0)); | ||||
10871 | } | ||||
10872 | } | ||||
10873 | |||||
10874 | ja3_hash = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(ja3), | ||||
10875 | wmem_strbuf_get_len(ja3)); | ||||
10876 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3s_full, tvb, offset, 0, wmem_strbuf_get_str(ja3)); | ||||
10877 | proto_item_set_generated(ti); | ||||
10878 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3s_hash, tvb, offset, 0, ja3_hash); | ||||
10879 | proto_item_set_generated(ti); | ||||
10880 | g_free(ja3_hash); | ||||
10881 | } | ||||
10882 | /* Client Hello and Server Hello dissections. }}} */ | ||||
10883 | |||||
10884 | /* New Session Ticket dissection. {{{ */ | ||||
10885 | void | ||||
10886 | ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
10887 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
10888 | SslSession *session, SslDecryptSession *ssl, | ||||
10889 | bool_Bool is_dtls, GHashTable *session_hash) | ||||
10890 | { | ||||
10891 | /* https://tools.ietf.org/html/rfc5077#section-3.3 (TLS >= 1.0): | ||||
10892 | * struct { | ||||
10893 | * uint32 ticket_lifetime_hint; | ||||
10894 | * opaque ticket<0..2^16-1>; | ||||
10895 | * } NewSessionTicket; | ||||
10896 | * | ||||
10897 | * RFC 8446 Section 4.6.1 (TLS 1.3): | ||||
10898 | * struct { | ||||
10899 | * uint32 ticket_lifetime; | ||||
10900 | * uint32 ticket_age_add; | ||||
10901 | * opaque ticket_nonce<0..255>; // new in draft -21, updated in -22 | ||||
10902 | * opaque ticket<1..2^16-1>; | ||||
10903 | * Extension extensions<0..2^16-2>; | ||||
10904 | * } NewSessionTicket; | ||||
10905 | */ | ||||
10906 | proto_tree *subtree; | ||||
10907 | proto_item *subitem; | ||||
10908 | uint32_t ticket_len; | ||||
10909 | bool_Bool is_tls13 = session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc; | ||||
10910 | unsigned char draft_version = session->tls13_draft_version; | ||||
10911 | uint32_t lifetime_hint; | ||||
10912 | |||||
10913 | subtree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | ||||
10914 | hf->ett.session_ticket, NULL((void*)0), | ||||
10915 | "TLS Session Ticket"); | ||||
10916 | |||||
10917 | /* ticket lifetime hint */ | ||||
10918 | subitem = proto_tree_add_item_ret_uint(subtree, hf->hf.hs_session_ticket_lifetime_hint, | ||||
10919 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &lifetime_hint); | ||||
10920 | offset += 4; | ||||
10921 | |||||
10922 | if (lifetime_hint >= 60) { | ||||
10923 | char *time_str = unsigned_time_secs_to_str(pinfo->pool, lifetime_hint); | ||||
10924 | proto_item_append_text(subitem, " (%s)", time_str); | ||||
10925 | } | ||||
10926 | |||||
10927 | if (is_tls13) { | ||||
10928 | |||||
10929 | /* for TLS 1.3: ticket_age_add */ | ||||
10930 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket_age_add, | ||||
10931 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); | ||||
10932 | offset += 4; | ||||
10933 | |||||
10934 | /* for TLS 1.3: ticket_nonce (coming with Draft 21)*/ | ||||
10935 | if (draft_version == 0 || draft_version >= 21) { | ||||
10936 | uint32_t ticket_nonce_len; | ||||
10937 | |||||
10938 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &ticket_nonce_len, | ||||
10939 | hf->hf.hs_session_ticket_nonce_len, 0, 255)) { | ||||
10940 | return; | ||||
10941 | } | ||||
10942 | offset++; | ||||
10943 | |||||
10944 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket_nonce, tvb, offset, ticket_nonce_len, ENC_NA0x00000000); | ||||
10945 | offset += ticket_nonce_len; | ||||
10946 | } | ||||
10947 | |||||
10948 | } | ||||
10949 | |||||
10950 | /* opaque ticket<0..2^16-1> (with TLS 1.3 the minimum is 1) */ | ||||
10951 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &ticket_len, | ||||
10952 | hf->hf.hs_session_ticket_len, is_tls13 ? 1 : 0, UINT16_MAX(65535))) { | ||||
10953 | return; | ||||
10954 | } | ||||
10955 | offset += 2; | ||||
10956 | |||||
10957 | /* Content depends on implementation, so just show data! */ | ||||
10958 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket, | ||||
10959 | tvb, offset, ticket_len, ENC_NA0x00000000); | ||||
10960 | /* save the session ticket to cache for ssl_finalize_decryption */ | ||||
10961 | if (ssl && !is_tls13) { | ||||
10962 | tvb_ensure_bytes_exist(tvb, offset, ticket_len); | ||||
10963 | ssl->session_ticket.data = (unsigned char*)wmem_realloc(wmem_file_scope(), | ||||
10964 | ssl->session_ticket.data, ticket_len); | ||||
10965 | ssl->session_ticket.data_len = ticket_len; | ||||
10966 | tvb_memcpy(tvb, ssl->session_ticket.data, offset, ticket_len); | ||||
10967 | /* NewSessionTicket is received after the first (client) | ||||
10968 | * ChangeCipherSpec, and before the second (server) ChangeCipherSpec. | ||||
10969 | * Since the second CCS has already the session key available it will | ||||
10970 | * just return. To ensure that the session ticket is mapped to a | ||||
10971 | * master key (from the first CCS), save the ticket here too. */ | ||||
10972 | ssl_save_master_key("Session Ticket", session_hash, | ||||
10973 | &ssl->session_ticket, &ssl->master_secret); | ||||
10974 | ssl->state |= SSL_NEW_SESSION_TICKET(1<<10); | ||||
10975 | } | ||||
10976 | offset += ticket_len; | ||||
10977 | |||||
10978 | if (is_tls13) { | ||||
10979 | ssl_dissect_hnd_extension(hf, tvb, subtree, pinfo, offset, | ||||
10980 | offset_end, SSL_HND_NEWSESSION_TICKET, | ||||
10981 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | ||||
10982 | } | ||||
10983 | } /* }}} */ | ||||
10984 | |||||
10985 | void | ||||
10986 | ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
10987 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
10988 | SslSession *session, SslDecryptSession *ssl, | ||||
10989 | bool_Bool is_dtls) | ||||
10990 | { | ||||
10991 | /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.1.4 | ||||
10992 | * struct { | ||||
10993 | * ProtocolVersion server_version; | ||||
10994 | * CipherSuite cipher_suite; // not before draft -19 | ||||
10995 | * Extension extensions<2..2^16-1>; | ||||
10996 | * } HelloRetryRequest; | ||||
10997 | * Note: no longer used since draft -22 | ||||
10998 | */ | ||||
10999 | uint32_t version; | ||||
11000 | uint8_t draft_version; | ||||
11001 | |||||
11002 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_server_version, tvb, | ||||
11003 | offset, 2, ENC_BIG_ENDIAN0x00000000, &version); | ||||
11004 | draft_version = extract_tls13_draft_version(version); | ||||
11005 | offset += 2; | ||||
11006 | |||||
11007 | if (draft_version == 0 || draft_version >= 19) { | ||||
11008 | proto_tree_add_item(tree, hf->hf.hs_cipher_suite, | ||||
11009 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
11010 | offset += 2; | ||||
11011 | } | ||||
11012 | |||||
11013 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | ||||
11014 | offset_end, SSL_HND_HELLO_RETRY_REQUEST, | ||||
11015 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | ||||
11016 | } | ||||
11017 | |||||
11018 | void | ||||
11019 | ssl_dissect_hnd_encrypted_extensions(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
11020 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
11021 | SslSession *session, SslDecryptSession *ssl, | ||||
11022 | bool_Bool is_dtls) | ||||
11023 | { | ||||
11024 | /* RFC 8446 Section 4.3.1 | ||||
11025 | * struct { | ||||
11026 | * Extension extensions<0..2^16-1>; | ||||
11027 | * } EncryptedExtensions; | ||||
11028 | */ | ||||
11029 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | ||||
11030 | offset_end, SSL_HND_ENCRYPTED_EXTENSIONS, | ||||
11031 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | ||||
11032 | } | ||||
11033 | |||||
11034 | /* Certificate and Certificate Request dissections. {{{ */ | ||||
11035 | void | ||||
11036 | ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | ||||
11037 | uint32_t offset, uint32_t offset_end, packet_info *pinfo, | ||||
11038 | SslSession *session, SslDecryptSession *ssl _U___attribute__((unused)), | ||||
11039 | bool_Bool is_from_server, bool_Bool is_dtls) | ||||
11040 | { | ||||
11041 | /* opaque ASN.1Cert<1..2^24-1>; | ||||
11042 | * | ||||
11043 | * Before RFC 8446 (TLS <= 1.2): | ||||
11044 | * struct { | ||||
11045 | * select(certificate_type) { | ||||
11046 | * | ||||
11047 | * // certificate type defined in RFC 7250 | ||||
11048 | * case RawPublicKey: | ||||
11049 | * opaque ASN.1_subjectPublicKeyInfo<1..2^24-1>; | ||||
11050 | * | ||||
11051 | * // X.509 certificate defined in RFC 5246 | ||||
11052 | * case X.509: | ||||
11053 | * ASN.1Cert certificate_list<0..2^24-1>; | ||||
11054 | * }; | ||||
11055 | * } Certificate; | ||||
11056 | * | ||||
11057 | * RFC 8446 (since draft -20): | ||||
11058 | * struct { | ||||
11059 | * select(certificate_type){ | ||||
11060 | * case RawPublicKey: | ||||
11061 | * // From RFC 7250 ASN.1_subjectPublicKeyInfo | ||||
11062 | * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; | ||||
11063 | * | ||||
11064 | * case X.509: | ||||
11065 | * opaque cert_data<1..2^24-1>; | ||||
11066 | * } | ||||
11067 | * Extension extensions<0..2^16-1>; | ||||
11068 | * } CertificateEntry; | ||||
11069 | * struct { | ||||
11070 | * opaque certificate_request_context<0..2^8-1>; | ||||
11071 | * CertificateEntry certificate_list<0..2^24-1>; | ||||
11072 | * } Certificate; | ||||
11073 | */ | ||||
11074 | enum { CERT_X509, CERT_RPK } cert_type; | ||||
11075 | asn1_ctx_t asn1_ctx; | ||||
11076 | #if defined(HAVE_LIBGNUTLS1) | ||||
11077 | gnutls_datum_t subjectPublicKeyInfo = { NULL((void*)0), 0 }; | ||||
11078 | unsigned certificate_index = 0; | ||||
11079 | #endif | ||||
11080 | uint32_t next_offset, certificate_list_length, cert_length; | ||||
11081 | proto_tree *subtree = tree; | ||||
11082 | |||||
11083 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | ||||
11084 | |||||
11085 | if ((is_from_server && session->server_cert_type == SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2) || | ||||
11086 | (!is_from_server && session->client_cert_type == SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2)) { | ||||
11087 | cert_type = CERT_RPK; | ||||
11088 | } else { | ||||
11089 | cert_type = CERT_X509; | ||||
11090 | } | ||||
11091 | |||||
11092 | #if defined(HAVE_LIBGNUTLS1) | ||||
11093 | /* Ask the pkcs1 dissector to return the public key details */ | ||||
11094 | if (ssl) | ||||
11095 | asn1_ctx.private_data = &subjectPublicKeyInfo; | ||||
11096 | #endif | ||||
11097 | |||||
11098 | /* TLS 1.3: opaque certificate_request_context<0..2^8-1> */ | ||||
11099 | if (session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc) { | ||||
11100 | uint32_t context_length; | ||||
11101 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &context_length, | ||||
11102 | hf->hf.hs_certificate_request_context_length, 0, UINT8_MAX(255))) { | ||||
11103 | return; | ||||
11104 | } | ||||
11105 | offset++; | ||||
11106 | if (context_length > 0) { | ||||
11107 | proto_tree_add_item(tree, hf->hf.hs_certificate_request_context, | ||||
11108 | tvb, offset, context_length, ENC_NA0x00000000); | ||||
11109 | offset += context_length; | ||||
11110 | } | ||||
11111 | } | ||||
11112 | |||||
11113 | if ((session->version != TLSV1DOT3_VERSION0x304 && session->version != DTLSV1DOT3_VERSION0xfefc) && cert_type == CERT_RPK) { | ||||
11114 | /* For RPK before TLS 1.3, the single RPK is stored directly without | ||||
11115 | * another "certificate_list" field. */ | ||||
11116 | certificate_list_length = offset_end - offset; | ||||
11117 | next_offset = offset_end; | ||||
11118 | } else { | ||||
11119 | /* CertificateEntry certificate_list<0..2^24-1> */ | ||||
11120 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &certificate_list_length, | ||||
11121 | hf->hf.hs_certificates_len, 0, G_MAXUINT24((1U << 24) - 1))) { | ||||
11122 | return; | ||||
11123 | } | ||||
11124 | offset += 3; /* 24-bit length value */ | ||||
11125 | next_offset = offset + certificate_list_length; | ||||
11126 | } | ||||
11127 | |||||
11128 | /* RawPublicKey must have one cert, but X.509 can have multiple. */ | ||||
11129 | if (certificate_list_length > 0 && cert_type == CERT_X509) { | ||||
11130 | proto_item *ti; | ||||
11131 | |||||
11132 | ti = proto_tree_add_none_format(tree, | ||||
11133 | hf->hf.hs_certificates, | ||||
11134 | tvb, offset, certificate_list_length, | ||||
11135 | "Certificates (%u bytes)", | ||||
11136 | certificate_list_length); | ||||
11137 | |||||
11138 | /* make it a subtree */ | ||||
11139 | subtree = proto_item_add_subtree(ti, hf->ett.certificates); | ||||
11140 | } | ||||
11141 | |||||
11142 | while (offset < next_offset) { | ||||
11143 | switch (cert_type) { | ||||
11144 | case CERT_RPK: | ||||
11145 | /* TODO add expert info if there is more than one RPK entry (certificate_index > 0) */ | ||||
11146 | /* opaque ASN.1_subjectPublicKeyInfo<1..2^24-1> */ | ||||
11147 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &cert_length, | ||||
11148 | hf->hf.hs_certificate_len, 1, G_MAXUINT24((1U << 24) - 1))) { | ||||
11149 | return; | ||||
11150 | } | ||||
11151 | offset += 3; | ||||
11152 | |||||
11153 | dissect_x509af_SubjectPublicKeyInfo(false0, tvb, offset, &asn1_ctx, subtree, hf->hf.hs_certificate); | ||||
11154 | offset += cert_length; | ||||
11155 | break; | ||||
11156 | case CERT_X509: | ||||
11157 | /* opaque ASN1Cert<1..2^24-1> */ | ||||
11158 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &cert_length, | ||||
11159 | hf->hf.hs_certificate_len, 1, G_MAXUINT24((1U << 24) - 1))) { | ||||
11160 | return; | ||||
11161 | } | ||||
11162 | offset += 3; | ||||
11163 | |||||
11164 | dissect_x509af_Certificate(false0, tvb, offset, &asn1_ctx, subtree, hf->hf.hs_certificate); | ||||
11165 | #if defined(HAVE_LIBGNUTLS1) | ||||
11166 | if (is_from_server && ssl && certificate_index == 0) { | ||||
11167 | ssl_find_private_key_by_pubkey(ssl, &subjectPublicKeyInfo); | ||||
11168 | /* Only attempt to get the RSA modulus for the first cert. */ | ||||
11169 | asn1_ctx.private_data = NULL((void*)0); | ||||
11170 | } | ||||
11171 | #endif | ||||
11172 | offset += cert_length; | ||||
11173 | break; | ||||
11174 | } | ||||
11175 | |||||
11176 | /* TLS 1.3: Extension extensions<0..2^16-1> */ | ||||
11177 | if ((session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc)) { | ||||
11178 | offset = ssl_dissect_hnd_extension(hf, tvb, subtree, pinfo, offset, | ||||
11179 | next_offset, SSL_HND_CERTIFICATE, | ||||
11180 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | ||||
11181 | } | ||||
11182 | |||||
11183 | #if defined(HAVE_LIBGNUTLS1) | ||||
11184 | certificate_index++; | ||||
11185 | #endif | ||||
11186 | } | ||||
11187 | } | ||||
11188 | |||||
11189 | void | ||||
11190 | ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
11191 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
11192 | SslSession *session, bool_Bool is_dtls) | ||||
11193 | { | ||||
11194 | /* From SSL 3.0 and up (note that since TLS 1.1 certificate_authorities can be empty): | ||||
11195 | * enum { | ||||
11196 | * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), | ||||
11197 | * (255) | ||||
11198 | * } ClientCertificateType; | ||||
11199 | * | ||||
11200 | * opaque DistinguishedName<1..2^16-1>; | ||||
11201 | * | ||||
11202 | * struct { | ||||
11203 | * ClientCertificateType certificate_types<1..2^8-1>; | ||||
11204 | * DistinguishedName certificate_authorities<3..2^16-1>; | ||||
11205 | * } CertificateRequest; | ||||
11206 | * | ||||
11207 | * | ||||
11208 | * As per TLSv1.2 (RFC 5246) the format has changed to: | ||||
11209 | * | ||||
11210 | * enum { | ||||
11211 | * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), | ||||
11212 | * rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6), | ||||
11213 | * fortezza_dms_RESERVED(20), (255) | ||||
11214 | * } ClientCertificateType; | ||||
11215 | * | ||||
11216 | * enum { | ||||
11217 | * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), | ||||
11218 | * sha512(6), (255) | ||||
11219 | * } HashAlgorithm; | ||||
11220 | * | ||||
11221 | * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } | ||||
11222 | * SignatureAlgorithm; | ||||
11223 | * | ||||
11224 | * struct { | ||||
11225 | * HashAlgorithm hash; | ||||
11226 | * SignatureAlgorithm signature; | ||||
11227 | * } SignatureAndHashAlgorithm; | ||||
11228 | * | ||||
11229 | * SignatureAndHashAlgorithm | ||||
11230 | * supported_signature_algorithms<2..2^16-2>; | ||||
11231 | * | ||||
11232 | * opaque DistinguishedName<1..2^16-1>; | ||||
11233 | * | ||||
11234 | * struct { | ||||
11235 | * ClientCertificateType certificate_types<1..2^8-1>; | ||||
11236 | * SignatureAndHashAlgorithm supported_signature_algorithms<2^16-1>; | ||||
11237 | * DistinguishedName certificate_authorities<0..2^16-1>; | ||||
11238 | * } CertificateRequest; | ||||
11239 | * | ||||
11240 | * draft-ietf-tls-tls13-18: | ||||
11241 | * struct { | ||||
11242 | * opaque certificate_request_context<0..2^8-1>; | ||||
11243 | * SignatureScheme | ||||
11244 | * supported_signature_algorithms<2..2^16-2>; | ||||
11245 | * DistinguishedName certificate_authorities<0..2^16-1>; | ||||
11246 | * CertificateExtension certificate_extensions<0..2^16-1>; | ||||
11247 | * } CertificateRequest; | ||||
11248 | * | ||||
11249 | * RFC 8446 (since draft-ietf-tls-tls13-19): | ||||
11250 | * | ||||
11251 | * struct { | ||||
11252 | * opaque certificate_request_context<0..2^8-1>; | ||||
11253 | * Extension extensions<2..2^16-1>; | ||||
11254 | * } CertificateRequest; | ||||
11255 | */ | ||||
11256 | proto_item *ti; | ||||
11257 | proto_tree *subtree; | ||||
11258 | uint32_t next_offset; | ||||
11259 | asn1_ctx_t asn1_ctx; | ||||
11260 | bool_Bool is_tls13 = (session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc); | ||||
11261 | unsigned char draft_version = session->tls13_draft_version; | ||||
11262 | |||||
11263 | if (!tree) | ||||
11264 | return; | ||||
11265 | |||||
11266 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); | ||||
11267 | |||||
11268 | if (is_tls13) { | ||||
11269 | uint32_t context_length; | ||||
11270 | /* opaque certificate_request_context<0..2^8-1> */ | ||||
11271 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &context_length, | ||||
11272 | hf->hf.hs_certificate_request_context_length, 0, UINT8_MAX(255))) { | ||||
11273 | return; | ||||
11274 | } | ||||
11275 | offset++; | ||||
11276 | if (context_length > 0) { | ||||
11277 | proto_tree_add_item(tree, hf->hf.hs_certificate_request_context, | ||||
11278 | tvb, offset, context_length, ENC_NA0x00000000); | ||||
11279 | offset += context_length; | ||||
11280 | } | ||||
11281 | } else { | ||||
11282 | uint32_t cert_types_count; | ||||
11283 | /* ClientCertificateType certificate_types<1..2^8-1> */ | ||||
11284 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cert_types_count, | ||||
11285 | hf->hf.hs_cert_types_count, 1, UINT8_MAX(255))) { | ||||
11286 | return; | ||||
11287 | } | ||||
11288 | offset++; | ||||
11289 | next_offset = offset + cert_types_count; | ||||
11290 | |||||
11291 | ti = proto_tree_add_none_format(tree, | ||||
11292 | hf->hf.hs_cert_types, | ||||
11293 | tvb, offset, cert_types_count, | ||||
11294 | "Certificate types (%u type%s)", | ||||
11295 | cert_types_count, | ||||
11296 | plurality(cert_types_count, "", "s")((cert_types_count) == 1 ? ("") : ("s"))); | ||||
11297 | subtree = proto_item_add_subtree(ti, hf->ett.cert_types); | ||||
11298 | |||||
11299 | while (offset < next_offset) { | ||||
11300 | proto_tree_add_item(subtree, hf->hf.hs_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
11301 | offset++; | ||||
11302 | } | ||||
11303 | } | ||||
11304 | |||||
11305 | if (session->version == TLSV1DOT2_VERSION0x303 || session->version == DTLSV1DOT2_VERSION0xfefd || | ||||
11306 | (is_tls13 && (draft_version > 0 && draft_version < 19))) { | ||||
11307 | offset = ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, NULL((void*)0)); | ||||
11308 | } | ||||
11309 | |||||
11310 | if (is_tls13 && (draft_version == 0 || draft_version >= 19)) { | ||||
11311 | /* | ||||
11312 | * TLS 1.3 draft 19 and newer: Extensions. | ||||
11313 | * SslDecryptSession pointer is NULL because Certificate Extensions | ||||
11314 | * should not influence decryption state. | ||||
11315 | */ | ||||
11316 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, | ||||
11317 | offset_end, SSL_HND_CERT_REQUEST, | ||||
11318 | session, NULL((void*)0), is_dtls, NULL((void*)0), NULL((void*)0), NULL((void*)0), 0, 0); | ||||
11319 | } else if (is_tls13 && draft_version <= 18) { | ||||
11320 | /* | ||||
11321 | * TLS 1.3 draft 18 and older: certificate_authorities and | ||||
11322 | * certificate_extensions (a vector of OID mappings). | ||||
11323 | */ | ||||
11324 | offset = tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); | ||||
11325 | ssl_dissect_hnd_hello_ext_oid_filters(hf, tvb, pinfo, tree, offset, offset_end); | ||||
11326 | } else { | ||||
11327 | /* for TLS 1.2 and older, the certificate_authorities field. */ | ||||
11328 | tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); | ||||
11329 | } | ||||
11330 | } | ||||
11331 | /* Certificate and Certificate Request dissections. }}} */ | ||||
11332 | |||||
11333 | void | ||||
11334 | ssl_dissect_hnd_cli_cert_verify(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
11335 | proto_tree *tree, uint32_t offset, uint32_t offset_end, uint16_t version) | ||||
11336 | { | ||||
11337 | ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, | ||||
11338 | hf->hf.hs_client_cert_vrfy_sig_len, | ||||
11339 | hf->hf.hs_client_cert_vrfy_sig); | ||||
11340 | } | ||||
11341 | |||||
11342 | /* Finished dissection. {{{ */ | ||||
11343 | void | ||||
11344 | ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
11345 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
11346 | const SslSession *session, ssl_hfs_t *ssl_hfs) | ||||
11347 | { | ||||
11348 | /* For SSLv3: | ||||
11349 | * struct { | ||||
11350 | * opaque md5_hash[16]; | ||||
11351 | * opaque sha_hash[20]; | ||||
11352 | * } Finished; | ||||
11353 | * | ||||
11354 | * For (D)TLS: | ||||
11355 | * struct { | ||||
11356 | * opaque verify_data[12]; | ||||
11357 | * } Finished; | ||||
11358 | * | ||||
11359 | * For TLS 1.3: | ||||
11360 | * struct { | ||||
11361 | * opaque verify_data[Hash.length]; | ||||
11362 | * } | ||||
11363 | */ | ||||
11364 | if (!tree) | ||||
11365 | return; | ||||
11366 | |||||
11367 | if (session->version == SSLV3_VERSION0x300) { | ||||
11368 | if (ssl_hfs != NULL((void*)0)) { | ||||
11369 | proto_tree_add_item(tree, ssl_hfs->hs_md5_hash, | ||||
11370 | tvb, offset, 16, ENC_NA0x00000000); | ||||
11371 | proto_tree_add_item(tree, ssl_hfs->hs_sha_hash, | ||||
11372 | tvb, offset + 16, 20, ENC_NA0x00000000); | ||||
11373 | } | ||||
11374 | } else { | ||||
11375 | /* Length should be 12 for TLS before 1.3, assume this is the case. */ | ||||
11376 | proto_tree_add_item(tree, hf->hf.hs_finished, | ||||
11377 | tvb, offset, offset_end - offset, ENC_NA0x00000000); | ||||
11378 | } | ||||
11379 | } /* }}} */ | ||||
11380 | |||||
11381 | /* RFC 6066 Certificate URL handshake message dissection. {{{ */ | ||||
11382 | void | ||||
11383 | ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset) | ||||
11384 | { | ||||
11385 | uint16_t url_hash_len; | ||||
11386 | |||||
11387 | /* enum { | ||||
11388 | * individual_certs(0), pkipath(1), (255) | ||||
11389 | * } CertChainType; | ||||
11390 | * | ||||
11391 | * struct { | ||||
11392 | * CertChainType type; | ||||
11393 | * URLAndHash url_and_hash_list<1..2^16-1>; | ||||
11394 | * } CertificateURL; | ||||
11395 | * | ||||
11396 | * struct { | ||||
11397 | * opaque url<1..2^16-1>; | ||||
11398 | * unint8 padding; | ||||
11399 | * opaque SHA1Hash[20]; | ||||
11400 | * } URLAndHash; | ||||
11401 | */ | ||||
11402 | |||||
11403 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_type, | ||||
11404 | tvb, offset, 1, ENC_NA0x00000000); | ||||
11405 | offset++; | ||||
11406 | |||||
11407 | url_hash_len = tvb_get_ntohs(tvb, offset); | ||||
11408 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_url_hash_list_len, | ||||
11409 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
11410 | offset += 2; | ||||
11411 | while (url_hash_len-- > 0) { | ||||
11412 | proto_item *urlhash_item; | ||||
11413 | proto_tree *urlhash_tree; | ||||
11414 | uint16_t url_len; | ||||
11415 | |||||
11416 | urlhash_item = proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_item, | ||||
11417 | tvb, offset, -1, ENC_NA0x00000000); | ||||
11418 | urlhash_tree = proto_item_add_subtree(urlhash_item, hf->ett.urlhash); | ||||
11419 | |||||
11420 | url_len = tvb_get_ntohs(tvb, offset); | ||||
11421 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_url_len, | ||||
11422 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
11423 | offset += 2; | ||||
11424 | |||||
11425 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_url, | ||||
11426 | tvb, offset, url_len, ENC_ASCII0x00000000|ENC_NA0x00000000); | ||||
11427 | offset += url_len; | ||||
11428 | |||||
11429 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_padding, | ||||
11430 | tvb, offset, 1, ENC_NA0x00000000); | ||||
11431 | offset++; | ||||
11432 | /* Note: RFC 6066 says that padding must be 0x01 */ | ||||
11433 | |||||
11434 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_sha1, | ||||
11435 | tvb, offset, 20, ENC_NA0x00000000); | ||||
11436 | offset += 20; | ||||
11437 | } | ||||
11438 | } /* }}} */ | ||||
11439 | |||||
11440 | void | ||||
11441 | ssl_dissect_hnd_compress_certificate(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | ||||
11442 | uint32_t offset, uint32_t offset_end, packet_info *pinfo, | ||||
11443 | SslSession *session, SslDecryptSession *ssl, | ||||
11444 | bool_Bool is_from_server, bool_Bool is_dtls) | ||||
11445 | { | ||||
11446 | uint32_t algorithm, uncompressed_length; | ||||
11447 | uint32_t compressed_certificate_message_length; | ||||
11448 | tvbuff_t *uncompressed_tvb = NULL((void*)0); | ||||
11449 | proto_item *ti; | ||||
11450 | /* | ||||
11451 | * enum { | ||||
11452 | * zlib(1), | ||||
11453 | * brotli(2), | ||||
11454 | * zstd(3), | ||||
11455 | * (65535) | ||||
11456 | * } CertificateCompressionAlgorithm; | ||||
11457 | * | ||||
11458 | * struct { | ||||
11459 | * CertificateCompressionAlgorithm algorithm; | ||||
11460 | * uint24 uncompressed_length; | ||||
11461 | * opaque compressed_certificate_message<1..2^24-1>; | ||||
11462 | * } CompressedCertificate; | ||||
11463 | */ | ||||
11464 | |||||
11465 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_compress_certificate_algorithm, | ||||
11466 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &algorithm); | ||||
11467 | offset += 2; | ||||
11468 | |||||
11469 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_compress_certificate_uncompressed_length, | ||||
11470 | tvb, offset, 3, ENC_BIG_ENDIAN0x00000000, &uncompressed_length); | ||||
11471 | offset += 3; | ||||
11472 | |||||
11473 | /* opaque compressed_certificate_message<1..2^24-1>; */ | ||||
11474 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compressed_certificate_message_length, | ||||
11475 | hf->hf.hs_ext_compress_certificate_compressed_certificate_message_length, 1, G_MAXUINT24((1U << 24) - 1))) { | ||||
11476 | return; | ||||
11477 | } | ||||
11478 | offset += 3; | ||||
11479 | |||||
11480 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_compress_certificate_compressed_certificate_message, | ||||
11481 | tvb, offset, compressed_certificate_message_length, ENC_NA0x00000000); | ||||
11482 | |||||
11483 | /* Certificate decompression following algorithm */ | ||||
11484 | switch (algorithm) { | ||||
11485 | case 1: /* zlib */ | ||||
11486 | uncompressed_tvb = tvb_child_uncompress_zlib(tvb, tvb, offset, compressed_certificate_message_length); | ||||
11487 | break; | ||||
11488 | case 2: /* brotli */ | ||||
11489 | uncompressed_tvb = tvb_child_uncompress_brotli(tvb, tvb, offset, compressed_certificate_message_length); | ||||
11490 | break; | ||||
11491 | case 3: /* zstd */ | ||||
11492 | uncompressed_tvb = tvb_child_uncompress_zstd(tvb, tvb, offset, compressed_certificate_message_length); | ||||
11493 | break; | ||||
11494 | } | ||||
11495 | |||||
11496 | if (uncompressed_tvb) { | ||||
11497 | proto_tree *uncompressed_tree; | ||||
11498 | |||||
11499 | if (uncompressed_length != tvb_captured_length(uncompressed_tvb)) { | ||||
11500 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.decompression_error, | ||||
11501 | tvb, offset, offset_end - offset, | ||||
11502 | "Invalid uncompressed length %u (expected %u)", | ||||
11503 | tvb_captured_length(uncompressed_tvb), | ||||
11504 | uncompressed_length); | ||||
11505 | } else { | ||||
11506 | uncompressed_tree = proto_item_add_subtree(ti, hf->ett.uncompressed_certificates); | ||||
11507 | ssl_dissect_hnd_cert(hf, uncompressed_tvb, uncompressed_tree, | ||||
11508 | 0, uncompressed_length, pinfo, session, ssl, is_from_server, is_dtls); | ||||
11509 | add_new_data_source(pinfo, uncompressed_tvb, "Uncompressed certificate(s)"); | ||||
11510 | } | ||||
11511 | } | ||||
11512 | } | ||||
11513 | |||||
11514 | /* Dissection of TLS Extensions in Client Hello, Server Hello, etc. {{{ */ | ||||
11515 | static int | ||||
11516 | // NOLINTNEXTLINE(misc-no-recursion) | ||||
11517 | ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, | ||||
11518 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, | ||||
11519 | SslSession *session, SslDecryptSession *ssl, | ||||
11520 | bool_Bool is_dtls, wmem_strbuf_t *ja3, ja4_data_t *ja4_data, | ||||
11521 | ssl_master_key_map_t *mk_map, uint32_t initial_offset, uint32_t hello_length) | ||||
11522 | { | ||||
11523 | uint32_t exts_len; | ||||
11524 | uint16_t ext_type; | ||||
11525 | uint32_t ext_len; | ||||
11526 | uint32_t next_offset; | ||||
11527 | proto_tree *ext_tree; | ||||
11528 | bool_Bool is_tls13 = session->version == TLSV1DOT3_VERSION0x304; | ||||
11529 | wmem_strbuf_t *ja3_sg = wmem_strbuf_new(pinfo->pool, ""); | ||||
11530 | wmem_strbuf_t *ja3_ecpf = wmem_strbuf_new(pinfo->pool, ""); | ||||
11531 | char *ja3_dash = ""; | ||||
11532 | unsigned supported_version; | ||||
11533 | |||||
11534 | /* Extension extensions<0..2^16-2> (for TLS 1.3 HRR/CR min-length is 2) */ | ||||
11535 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &exts_len, | ||||
11536 | hf->hf.hs_exts_len, 0, UINT16_MAX(65535))) { | ||||
11537 | return offset_end; | ||||
11538 | } | ||||
11539 | offset += 2; | ||||
11540 | offset_end = offset + exts_len; | ||||
11541 | |||||
11542 | if (ja4_data) { | ||||
11543 | ja4_data->num_extensions = 0; | ||||
11544 | } | ||||
11545 | while (offset_end - offset >= 4) | ||||
11546 | { | ||||
11547 | ext_type = tvb_get_ntohs(tvb, offset); | ||||
11548 | ext_len = tvb_get_ntohs(tvb, offset + 2); | ||||
11549 | |||||
11550 | if (ja4_data && !IS_GREASE_TLS(ext_type)((((ext_type) & 0x0f0f) == 0x0a0a) && (((ext_type ) & 0xff) == (((ext_type)>>8) & 0xff)))) { | ||||
11551 | ja4_data->num_extensions += 1; | ||||
11552 | if (ext_type != SSL_HND_HELLO_EXT_SERVER_NAME0 && | ||||
11553 | ext_type != SSL_HND_HELLO_EXT_ALPN16) { | ||||
11554 | wmem_list_insert_sorted(ja4_data->extension_list, GUINT_TO_POINTER(ext_type)((gpointer) (gulong) (ext_type)), wmem_compare_uint); | ||||
11555 | } | ||||
11556 | } | ||||
11557 | |||||
11558 | ext_tree = proto_tree_add_subtree_format(tree, tvb, offset, 4 + ext_len, hf->ett.hs_ext, NULL((void*)0), | ||||
11559 | "Extension: %s (len=%u)", val_to_str(ext_type, | ||||
11560 | tls_hello_extension_types, | ||||
11561 | "Unknown type %u"), ext_len); | ||||
11562 | |||||
11563 | proto_tree_add_uint(ext_tree, hf->hf.hs_ext_type, | ||||
11564 | tvb, offset, 2, ext_type); | ||||
11565 | offset += 2; | ||||
11566 | if (ja3 && !IS_GREASE_TLS(ext_type)((((ext_type) & 0x0f0f) == 0x0a0a) && (((ext_type ) & 0xff) == (((ext_type)>>8) & 0xff)))) { | ||||
11567 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, ext_type); | ||||
11568 | ja3_dash = "-"; | ||||
11569 | } | ||||
11570 | |||||
11571 | /* opaque extension_data<0..2^16-1> */ | ||||
11572 | if (!ssl_add_vector(hf, tvb, pinfo, ext_tree, offset, offset_end, &ext_len, | ||||
11573 | hf->hf.hs_ext_len, 0, UINT16_MAX(65535))) { | ||||
11574 | return offset_end; | ||||
11575 | } | ||||
11576 | offset += 2; | ||||
11577 | next_offset = offset + ext_len; | ||||
11578 | |||||
11579 | switch (ext_type) { | ||||
11580 | case SSL_HND_HELLO_EXT_SERVER_NAME0: | ||||
11581 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | ||||
11582 | offset = ssl_dissect_hnd_hello_ext_server_name(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11583 | if (ja4_data) { | ||||
11584 | ja4_data->server_name_present = true1; | ||||
11585 | } | ||||
11586 | } | ||||
11587 | break; | ||||
11588 | case SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH1: | ||||
11589 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_max_fragment_length, tvb, offset, 1, ENC_NA0x00000000); | ||||
11590 | offset += 1; | ||||
11591 | break; | ||||
11592 | case SSL_HND_HELLO_EXT_STATUS_REQUEST5: | ||||
11593 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | ||||
11594 | offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, pinfo, ext_tree, offset, next_offset, false0); | ||||
11595 | } else if (is_tls13 && hnd_type == SSL_HND_CERTIFICATE) { | ||||
11596 | offset = tls_dissect_hnd_certificate_status(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11597 | } | ||||
11598 | break; | ||||
11599 | case SSL_HND_HELLO_EXT_CERT_TYPE9: | ||||
11600 | offset = ssl_dissect_hnd_hello_ext_cert_type(hf, tvb, ext_tree, | ||||
11601 | offset, next_offset, | ||||
11602 | hnd_type, ext_type, | ||||
11603 | session); | ||||
11604 | break; | ||||
11605 | case SSL_HND_HELLO_EXT_SUPPORTED_GROUPS10: | ||||
11606 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | ||||
11607 | offset = ssl_dissect_hnd_hello_ext_supported_groups(hf, tvb, pinfo, ext_tree, offset, | ||||
11608 | next_offset, ja3_sg); | ||||
11609 | } else { | ||||
11610 | offset = ssl_dissect_hnd_hello_ext_supported_groups(hf, tvb, pinfo, ext_tree, offset, | ||||
11611 | next_offset, NULL((void*)0)); | ||||
11612 | } | ||||
11613 | break; | ||||
11614 | case SSL_HND_HELLO_EXT_EC_POINT_FORMATS11: | ||||
11615 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | ||||
11616 | offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset, ja3_ecpf); | ||||
11617 | } else { | ||||
11618 | offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset, NULL((void*)0)); | ||||
11619 | } | ||||
11620 | break; | ||||
11621 | break; | ||||
11622 | case SSL_HND_HELLO_EXT_SRP12: | ||||
11623 | offset = ssl_dissect_hnd_hello_ext_srp(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11624 | break; | ||||
11625 | case SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS13: | ||||
11626 | offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, pinfo, offset, next_offset, ja4_data); | ||||
11627 | break; | ||||
11628 | case SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT50: /* since TLS 1.3 draft -23 */ | ||||
11629 | offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, pinfo, offset, next_offset, NULL((void*)0)); | ||||
11630 | break; | ||||
11631 | case SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS34: | ||||
11632 | offset = ssl_dissect_hnd_ext_delegated_credentials(hf, tvb, ext_tree, pinfo, offset, next_offset, hnd_type); | ||||
11633 | break; | ||||
11634 | case SSL_HND_HELLO_EXT_USE_SRTP14: | ||||
11635 | if (is_dtls) { | ||||
11636 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | ||||
11637 | offset = dtls_dissect_hnd_hello_ext_use_srtp(pinfo, tvb, ext_tree, offset, next_offset, false0); | ||||
11638 | } else if (hnd_type == SSL_HND_SERVER_HELLO) { | ||||
11639 | offset = dtls_dissect_hnd_hello_ext_use_srtp(pinfo, tvb, ext_tree, offset, next_offset, true1); | ||||
11640 | } | ||||
11641 | } else { | ||||
11642 | // XXX expert info: This extension MUST only be used with DTLS, and not with TLS. | ||||
11643 | } | ||||
11644 | break; | ||||
11645 | case SSL_HND_HELLO_EXT_ECH_OUTER_EXTENSIONS64768: | ||||
11646 | offset = ssl_dissect_hnd_ech_outer_ext(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11647 | break; | ||||
11648 | case SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037: | ||||
11649 | offset = ssl_dissect_hnd_hello_ext_ech(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, session, ssl, mk_map, initial_offset, hello_length); | ||||
11650 | break; | ||||
11651 | case SSL_HND_HELLO_EXT_HEARTBEAT15: | ||||
11652 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_heartbeat_mode, | ||||
11653 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
11654 | offset++; | ||||
11655 | break; | ||||
11656 | case SSL_HND_HELLO_EXT_ALPN16: | ||||
11657 | offset = ssl_dissect_hnd_hello_ext_alpn(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, session, is_dtls, ja4_data); | ||||
11658 | break; | ||||
11659 | case SSL_HND_HELLO_EXT_STATUS_REQUEST_V217: | ||||
11660 | if (hnd_type == SSL_HND_CLIENT_HELLO) | ||||
11661 | offset = ssl_dissect_hnd_hello_ext_status_request_v2(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11662 | break; | ||||
11663 | case SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP18: | ||||
11664 | // TLS 1.3 note: SCT only appears in EE in draft -16 and before. | ||||
11665 | if (hnd_type == SSL_HND_SERVER_HELLO || hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS || hnd_type == SSL_HND_CERTIFICATE) | ||||
11666 | offset = tls_dissect_sct_list(hf, tvb, pinfo, ext_tree, offset, next_offset, session->version); | ||||
11667 | break; | ||||
11668 | case SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19: | ||||
11669 | case SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20: | ||||
11670 | offset = ssl_dissect_hnd_hello_ext_cert_type(hf, tvb, ext_tree, | ||||
11671 | offset, next_offset, | ||||
11672 | hnd_type, ext_type, | ||||
11673 | session); | ||||
11674 | break; | ||||
11675 | case SSL_HND_HELLO_EXT_PADDING21: | ||||
11676 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_padding_data, tvb, offset, ext_len, ENC_NA0x00000000); | ||||
11677 | offset += ext_len; | ||||
11678 | break; | ||||
11679 | case SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC22: | ||||
11680 | if (ssl && hnd_type == SSL_HND_SERVER_HELLO) { | ||||
11681 | ssl_debug_printf("%s enabling Encrypt-then-MAC\n", G_STRFUNC((const char*) (__func__))); | ||||
11682 | ssl->state |= SSL_ENCRYPT_THEN_MAC(1<<11); | ||||
11683 | } | ||||
11684 | break; | ||||
11685 | case SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET23: | ||||
11686 | if (ssl) { | ||||
11687 | switch (hnd_type) { | ||||
11688 | case SSL_HND_CLIENT_HELLO: | ||||
11689 | ssl->state |= SSL_CLIENT_EXTENDED_MASTER_SECRET(1<<7); | ||||
11690 | break; | ||||
11691 | case SSL_HND_SERVER_HELLO: | ||||
11692 | ssl->state |= SSL_SERVER_EXTENDED_MASTER_SECRET(1<<8); | ||||
11693 | break; | ||||
11694 | default: /* no default */ | ||||
11695 | break; | ||||
11696 | } | ||||
11697 | } | ||||
11698 | break; | ||||
11699 | case SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE27: | ||||
11700 | offset = ssl_dissect_hnd_hello_ext_compress_certificate(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | ||||
11701 | break; | ||||
11702 | case SSL_HND_HELLO_EXT_TOKEN_BINDING24: | ||||
11703 | offset = ssl_dissect_hnd_hello_ext_token_binding(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | ||||
11704 | break; | ||||
11705 | case SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT28: | ||||
11706 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_record_size_limit, | ||||
11707 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
11708 | offset += 2; | ||||
11709 | break; | ||||
11710 | case SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS65445: | ||||
11711 | case SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V157: | ||||
11712 | offset = ssl_dissect_hnd_hello_ext_quic_transport_parameters(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | ||||
11713 | break; | ||||
11714 | case SSL_HND_HELLO_EXT_SESSION_TICKET_TLS35: | ||||
11715 | offset = ssl_dissect_hnd_hello_ext_session_ticket(hf, tvb, ext_tree, offset, next_offset, hnd_type, ssl); | ||||
11716 | break; | ||||
11717 | case SSL_HND_HELLO_EXT_KEY_SHARE_OLD40: /* used before TLS 1.3 draft -23 */ | ||||
11718 | case SSL_HND_HELLO_EXT_KEY_SHARE51: | ||||
11719 | offset = ssl_dissect_hnd_hello_ext_key_share(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); | ||||
11720 | break; | ||||
11721 | case SSL_HND_HELLO_EXT_PRE_SHARED_KEY41: | ||||
11722 | offset = ssl_dissect_hnd_hello_ext_pre_shared_key(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); | ||||
11723 | break; | ||||
11724 | case SSL_HND_HELLO_EXT_EARLY_DATA42: | ||||
11725 | case SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO46: | ||||
11726 | offset = ssl_dissect_hnd_hello_ext_early_data(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | ||||
11727 | break; | ||||
11728 | case SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43: | ||||
11729 | switch (hnd_type) { | ||||
11730 | case SSL_HND_CLIENT_HELLO: | ||||
11731 | offset = ssl_dissect_hnd_hello_ext_supported_versions(hf, tvb, pinfo, ext_tree, offset, next_offset, session, is_dtls, ja4_data); | ||||
11732 | break; | ||||
11733 | case SSL_HND_SERVER_HELLO: | ||||
11734 | case SSL_HND_HELLO_RETRY_REQUEST: | ||||
11735 | proto_tree_add_item_ret_uint(ext_tree, hf->hf.hs_ext_supported_version, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &supported_version); | ||||
11736 | offset += 2; | ||||
11737 | proto_item_append_text(ext_tree, " %s", val_to_str(supported_version, ssl_versions, "Unknown (0x%04x)")); | ||||
11738 | break; | ||||
11739 | } | ||||
11740 | break; | ||||
11741 | case SSL_HND_HELLO_EXT_COOKIE44: | ||||
11742 | offset = ssl_dissect_hnd_hello_ext_cookie(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11743 | break; | ||||
11744 | case SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES45: | ||||
11745 | offset = ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11746 | break; | ||||
11747 | case SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES47: | ||||
11748 | offset = ssl_dissect_hnd_hello_ext_certificate_authorities(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11749 | break; | ||||
11750 | case SSL_HND_HELLO_EXT_OID_FILTERS48: | ||||
11751 | offset = ssl_dissect_hnd_hello_ext_oid_filters(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11752 | break; | ||||
11753 | case SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH49: | ||||
11754 | break; | ||||
11755 | case SSL_HND_HELLO_EXT_NPN13172: | ||||
11756 | offset = ssl_dissect_hnd_hello_ext_npn(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11757 | break; | ||||
11758 | case SSL_HND_HELLO_EXT_ALPS17513: | ||||
11759 | offset = ssl_dissect_hnd_hello_ext_alps(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); | ||||
11760 | break; | ||||
11761 | case SSL_HND_HELLO_EXT_RENEGOTIATION_INFO65281: | ||||
11762 | offset = ssl_dissect_hnd_hello_ext_reneg_info(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11763 | break; | ||||
11764 | case SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME65486: | ||||
11765 | offset = ssl_dissect_hnd_hello_ext_esni(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); | ||||
11766 | break; | ||||
11767 | case SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED53: | ||||
11768 | session->deprecated_cid = true1; | ||||
11769 | /* FALLTHRU */ | ||||
11770 | case SSL_HND_HELLO_EXT_CONNECTION_ID54: | ||||
11771 | offset = ssl_dissect_hnd_hello_ext_connection_id(hf, tvb, pinfo, ext_tree, offset, hnd_type, session, ssl); | ||||
11772 | break; | ||||
11773 | case SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS3: | ||||
11774 | offset = ssl_dissect_hnd_hello_ext_trusted_ca_keys(hf, tvb, pinfo, ext_tree, offset, next_offset); | ||||
11775 | break; | ||||
11776 | default: | ||||
11777 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_data, | ||||
11778 | tvb, offset, ext_len, ENC_NA0x00000000); | ||||
11779 | offset += ext_len; | ||||
11780 | break; | ||||
11781 | } | ||||
11782 | |||||
11783 | if (!ssl_end_vector(hf, tvb, pinfo, ext_tree, offset, next_offset)) { | ||||
11784 | /* Dissection did not end at expected location, fix it. */ | ||||
11785 | offset = next_offset; | ||||
11786 | } | ||||
11787 | } | ||||
11788 | |||||
11789 | if (ja3) { | ||||
11790 | if (hnd_type == SSL_HND_CLIENT_HELLO) { | ||||
11791 | if(wmem_strbuf_get_len(ja3_sg) > 0) { | ||||
11792 | wmem_strbuf_append_printf(ja3, "%s", wmem_strbuf_get_str(ja3_sg)); | ||||
11793 | } else { | ||||
11794 | wmem_strbuf_append_c(ja3, ','); | ||||
11795 | } | ||||
11796 | if(wmem_strbuf_get_len(ja3_ecpf) > 0) { | ||||
11797 | wmem_strbuf_append_printf(ja3, "%s", wmem_strbuf_get_str(ja3_ecpf)); | ||||
11798 | } else { | ||||
11799 | wmem_strbuf_append_c(ja3, ','); | ||||
11800 | } | ||||
11801 | } | ||||
11802 | } | ||||
11803 | |||||
11804 | /* Check if Extensions vector is correctly terminated. */ | ||||
11805 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, offset_end)) { | ||||
11806 | offset = offset_end; | ||||
11807 | } | ||||
11808 | |||||
11809 | return offset; | ||||
11810 | } /* }}} */ | ||||
11811 | |||||
11812 | |||||
11813 | /* ClientKeyExchange algo-specific dissectors. {{{ */ | ||||
11814 | |||||
11815 | static void | ||||
11816 | dissect_ssl3_hnd_cli_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
11817 | proto_tree *tree, uint32_t offset, | ||||
11818 | uint32_t length) | ||||
11819 | { | ||||
11820 | int point_len; | ||||
11821 | proto_tree *ssl_ecdh_tree; | ||||
11822 | |||||
11823 | ssl_ecdh_tree = proto_tree_add_subtree(tree, tvb, offset, length, | ||||
11824 | hf->ett.keyex_params, NULL((void*)0), "EC Diffie-Hellman Client Params"); | ||||
11825 | |||||
11826 | /* point */ | ||||
11827 | point_len = tvb_get_uint8(tvb, offset); | ||||
11828 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point_len, tvb, | ||||
11829 | offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
11830 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point, tvb, | ||||
11831 | offset + 1, point_len, ENC_NA0x00000000); | ||||
11832 | } | ||||
11833 | |||||
11834 | static void | ||||
11835 | dissect_ssl3_hnd_cli_keyex_dhe(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
11836 | proto_tree *tree, uint32_t offset, uint32_t length) | ||||
11837 | { | ||||
11838 | int yc_len; | ||||
11839 | proto_tree *ssl_dh_tree; | ||||
11840 | |||||
11841 | ssl_dh_tree = proto_tree_add_subtree(tree, tvb, offset, length, | ||||
11842 | hf->ett.keyex_params, NULL((void*)0), "Diffie-Hellman Client Params"); | ||||
11843 | |||||
11844 | /* ClientDiffieHellmanPublic.dh_public (explicit) */ | ||||
11845 | yc_len = tvb_get_ntohs(tvb, offset); | ||||
11846 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc_len, tvb, | ||||
11847 | offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
11848 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc, tvb, | ||||
11849 | offset + 2, yc_len, ENC_NA0x00000000); | ||||
11850 | } | ||||
11851 | |||||
11852 | static void | ||||
11853 | dissect_ssl3_hnd_cli_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
11854 | proto_tree *tree, uint32_t offset, | ||||
11855 | uint32_t length, const SslSession *session) | ||||
11856 | { | ||||
11857 | int epms_len; | ||||
11858 | proto_tree *ssl_rsa_tree; | ||||
11859 | |||||
11860 | ssl_rsa_tree = proto_tree_add_subtree(tree, tvb, offset, length, | ||||
11861 | hf->ett.keyex_params, NULL((void*)0), "RSA Encrypted PreMaster Secret"); | ||||
11862 | |||||
11863 | /* EncryptedPreMasterSecret.pre_master_secret */ | ||||
11864 | switch (session->version) { | ||||
11865 | case SSLV2_VERSION0x0002: | ||||
11866 | case SSLV3_VERSION0x300: | ||||
11867 | case DTLSV1DOT0_OPENSSL_VERSION0x100: | ||||
11868 | /* OpenSSL pre-0.9.8f DTLS and pre-TLS quirk: 2-octet length vector is | ||||
11869 | * not present. The handshake contents represents the EPMS, see: | ||||
11870 | * https://gitlab.com/wireshark/wireshark/-/issues/10222 */ | ||||
11871 | epms_len = length; | ||||
11872 | break; | ||||
11873 | |||||
11874 | default: | ||||
11875 | /* TLS and DTLS include vector length before EPMS */ | ||||
11876 | epms_len = tvb_get_ntohs(tvb, offset); | ||||
11877 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms_len, tvb, | ||||
11878 | offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
11879 | offset += 2; | ||||
11880 | break; | ||||
11881 | } | ||||
11882 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms, tvb, | ||||
11883 | offset, epms_len, ENC_NA0x00000000); | ||||
11884 | } | ||||
11885 | |||||
11886 | /* Used in PSK cipher suites */ | ||||
11887 | static uint32_t | ||||
11888 | dissect_ssl3_hnd_cli_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
11889 | proto_tree *tree, uint32_t offset) | ||||
11890 | { | ||||
11891 | unsigned identity_len; | ||||
11892 | proto_tree *ssl_psk_tree; | ||||
11893 | |||||
11894 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, -1, | ||||
11895 | hf->ett.keyex_params, NULL((void*)0), "PSK Client Params"); | ||||
11896 | /* identity */ | ||||
11897 | identity_len = tvb_get_ntohs(tvb, offset); | ||||
11898 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, tvb, | ||||
11899 | offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
11900 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, tvb, | ||||
11901 | offset + 2, identity_len, ENC_NA0x00000000); | ||||
11902 | |||||
11903 | proto_item_set_len(ssl_psk_tree, 2 + identity_len); | ||||
11904 | return 2 + identity_len; | ||||
11905 | } | ||||
11906 | |||||
11907 | /* Used in RSA PSK cipher suites */ | ||||
11908 | static void | ||||
11909 | dissect_ssl3_hnd_cli_keyex_rsa_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
11910 | proto_tree *tree, uint32_t offset, | ||||
11911 | uint32_t length) | ||||
11912 | { | ||||
11913 | int identity_len, epms_len; | ||||
11914 | proto_tree *ssl_psk_tree; | ||||
11915 | |||||
11916 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, length, | ||||
11917 | hf->ett.keyex_params, NULL((void*)0), "RSA PSK Client Params"); | ||||
11918 | |||||
11919 | /* identity */ | ||||
11920 | identity_len = tvb_get_ntohs(tvb, offset); | ||||
11921 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, | ||||
11922 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
11923 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, | ||||
11924 | tvb, offset + 2, identity_len, ENC_NA0x00000000); | ||||
11925 | offset += 2 + identity_len; | ||||
11926 | |||||
11927 | /* Yc */ | ||||
11928 | epms_len = tvb_get_ntohs(tvb, offset); | ||||
11929 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms_len, tvb, | ||||
11930 | offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
11931 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms, tvb, | ||||
11932 | offset + 2, epms_len, ENC_NA0x00000000); | ||||
11933 | } | ||||
11934 | |||||
11935 | /* Used in Diffie-Hellman PSK cipher suites */ | ||||
11936 | static void | ||||
11937 | dissect_ssl3_hnd_cli_keyex_dhe_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
11938 | proto_tree *tree, uint32_t offset, uint32_t length) | ||||
11939 | { | ||||
11940 | /* | ||||
11941 | * struct { | ||||
11942 | * select (KeyExchangeAlgorithm) { | ||||
11943 | * case diffie_hellman_psk: | ||||
11944 | * opaque psk_identity<0..2^16-1>; | ||||
11945 | * ClientDiffieHellmanPublic public; | ||||
11946 | * } exchange_keys; | ||||
11947 | * } ClientKeyExchange; | ||||
11948 | */ | ||||
11949 | |||||
11950 | uint32_t psk_len = dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); | ||||
11951 | dissect_ssl3_hnd_cli_keyex_dhe(hf, tvb, tree, offset + psk_len, length - psk_len); | ||||
11952 | } | ||||
11953 | |||||
11954 | /* Used in EC Diffie-Hellman PSK cipher suites */ | ||||
11955 | static void | ||||
11956 | dissect_ssl3_hnd_cli_keyex_ecdh_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
11957 | proto_tree *tree, uint32_t offset, uint32_t length) | ||||
11958 | { | ||||
11959 | /* | ||||
11960 | * struct { | ||||
11961 | * select (KeyExchangeAlgorithm) { | ||||
11962 | * case ec_diffie_hellman_psk: | ||||
11963 | * opaque psk_identity<0..2^16-1>; | ||||
11964 | * ClientECDiffieHellmanPublic public; | ||||
11965 | * } exchange_keys; | ||||
11966 | * } ClientKeyExchange; | ||||
11967 | */ | ||||
11968 | |||||
11969 | uint32_t psk_len = dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); | ||||
11970 | dissect_ssl3_hnd_cli_keyex_ecdh(hf, tvb, tree, offset + psk_len, length - psk_len); | ||||
11971 | } | ||||
11972 | |||||
11973 | /* Used in EC J-PAKE cipher suites */ | ||||
11974 | static void | ||||
11975 | dissect_ssl3_hnd_cli_keyex_ecjpake(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
11976 | proto_tree *tree, uint32_t offset, | ||||
11977 | uint32_t length) | ||||
11978 | { | ||||
11979 | /* | ||||
11980 | * struct { | ||||
11981 | * ECPoint V; | ||||
11982 | * opaque r<1..2^8-1>; | ||||
11983 | * } ECSchnorrZKP; | ||||
11984 | * | ||||
11985 | * struct { | ||||
11986 | * ECPoint X; | ||||
11987 | * ECSchnorrZKP zkp; | ||||
11988 | * } ECJPAKEKeyKP; | ||||
11989 | * | ||||
11990 | * struct { | ||||
11991 | * ECJPAKEKeyKP ecjpake_key_kp; | ||||
11992 | * } ClientECJPAKEParams; | ||||
11993 | * | ||||
11994 | * select (KeyExchangeAlgorithm) { | ||||
11995 | * case ecjpake: | ||||
11996 | * ClientECJPAKEParams params; | ||||
11997 | * } ClientKeyExchange; | ||||
11998 | */ | ||||
11999 | |||||
12000 | int point_len; | ||||
12001 | proto_tree *ssl_ecjpake_tree; | ||||
12002 | |||||
12003 | ssl_ecjpake_tree = proto_tree_add_subtree(tree, tvb, offset, length, | ||||
12004 | hf->ett.keyex_params, NULL((void*)0), | ||||
12005 | "EC J-PAKE Client Params"); | ||||
12006 | |||||
12007 | /* ECJPAKEKeyKP.X */ | ||||
12008 | point_len = tvb_get_uint8(tvb, offset); | ||||
12009 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_xc_len, tvb, | ||||
12010 | offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
12011 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_xc, tvb, | ||||
12012 | offset + 1, point_len, ENC_NA0x00000000); | ||||
12013 | offset += 1 + point_len; | ||||
12014 | |||||
12015 | /* ECJPAKEKeyKP.zkp.V */ | ||||
12016 | point_len = tvb_get_uint8(tvb, offset); | ||||
12017 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_vc_len, tvb, | ||||
12018 | offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
12019 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_vc, tvb, | ||||
12020 | offset + 1, point_len, ENC_NA0x00000000); | ||||
12021 | offset += 1 + point_len; | ||||
12022 | |||||
12023 | /* ECJPAKEKeyKP.zkp.r */ | ||||
12024 | point_len = tvb_get_uint8(tvb, offset); | ||||
12025 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_rc_len, tvb, | ||||
12026 | offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
12027 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_rc, tvb, | ||||
12028 | offset + 1, point_len, ENC_NA0x00000000); | ||||
12029 | } | ||||
12030 | |||||
12031 | static void | ||||
12032 | dissect_ssl3_hnd_cli_keyex_ecc_sm2(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
12033 | proto_tree *tree, uint32_t offset, | ||||
12034 | uint32_t length) | ||||
12035 | { | ||||
12036 | int epms_len; | ||||
12037 | proto_tree *ssl_ecc_sm2_tree; | ||||
12038 | |||||
12039 | ssl_ecc_sm2_tree = proto_tree_add_subtree(tree, tvb, offset, length, | ||||
12040 | hf->ett.keyex_params, NULL((void*)0), | ||||
12041 | "ECC-SM2 Encrypted PreMaster Secret"); | ||||
12042 | |||||
12043 | epms_len = tvb_get_ntohs(tvb, offset); | ||||
12044 | proto_tree_add_item(ssl_ecc_sm2_tree, hf->hf.hs_client_keyex_epms_len, tvb, | ||||
12045 | offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
12046 | offset += 2; | ||||
12047 | proto_tree_add_item(ssl_ecc_sm2_tree, hf->hf.hs_client_keyex_epms, tvb, | ||||
12048 | offset, epms_len, ENC_NA0x00000000); | ||||
12049 | } | ||||
12050 | /* ClientKeyExchange algo-specific dissectors. }}} */ | ||||
12051 | |||||
12052 | |||||
12053 | /* Dissects DigitallySigned (see RFC 5246 4.7 Cryptographic Attributes). {{{ */ | ||||
12054 | static uint32_t | ||||
12055 | ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
12056 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
12057 | uint16_t version, int hf_sig_len, int hf_sig) | ||||
12058 | { | ||||
12059 | uint32_t sig_len; | ||||
12060 | |||||
12061 | switch (version) { | ||||
12062 | case TLSV1DOT2_VERSION0x303: | ||||
12063 | case DTLSV1DOT2_VERSION0xfefd: | ||||
12064 | case TLSV1DOT3_VERSION0x304: | ||||
12065 | case DTLSV1DOT3_VERSION0xfefc: | ||||
12066 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); | ||||
12067 | offset += 2; | ||||
12068 | break; | ||||
12069 | |||||
12070 | default: | ||||
12071 | break; | ||||
12072 | } | ||||
12073 | |||||
12074 | /* Sig */ | ||||
12075 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sig_len, | ||||
12076 | hf_sig_len, 0, UINT16_MAX(65535))) { | ||||
12077 | return offset_end; | ||||
12078 | } | ||||
12079 | offset += 2; | ||||
12080 | proto_tree_add_item(tree, hf_sig, tvb, offset, sig_len, ENC_NA0x00000000); | ||||
12081 | offset += sig_len; | ||||
12082 | return offset; | ||||
12083 | } /* }}} */ | ||||
12084 | |||||
12085 | /* ServerKeyExchange algo-specific dissectors. {{{ */ | ||||
12086 | |||||
12087 | /* dissects signed_params inside a ServerKeyExchange for some keyex algos */ | ||||
12088 | static void | ||||
12089 | dissect_ssl3_hnd_srv_keyex_sig(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
12090 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
12091 | uint16_t version) | ||||
12092 | { | ||||
12093 | /* | ||||
12094 | * TLSv1.2 (RFC 5246 sec 7.4.8) | ||||
12095 | * struct { | ||||
12096 | * digitally-signed struct { | ||||
12097 | * opaque handshake_messages[handshake_messages_length]; | ||||
12098 | * } | ||||
12099 | * } CertificateVerify; | ||||
12100 | * | ||||
12101 | * TLSv1.0/TLSv1.1 (RFC 5436 sec 7.4.8 and 7.4.3) works essentially the same | ||||
12102 | * as TLSv1.2, but the hash algorithms are not explicit in digitally-signed. | ||||
12103 | * | ||||
12104 | * SSLv3 (RFC 6101 sec 5.6.8) essentially works the same as TLSv1.0 but it | ||||
12105 | * does more hashing including the master secret and padding. | ||||
12106 | */ | ||||
12107 | ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, | ||||
12108 | hf->hf.hs_server_keyex_sig_len, | ||||
12109 | hf->hf.hs_server_keyex_sig); | ||||
12110 | } | ||||
12111 | |||||
12112 | static uint32_t | ||||
12113 | dissect_tls_ecparameters(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
12114 | { | ||||
12115 | /* | ||||
12116 | * RFC 4492 ECC cipher suites for TLS | ||||
12117 | * | ||||
12118 | * struct { | ||||
12119 | * ECCurveType curve_type; | ||||
12120 | * select (curve_type) { | ||||
12121 | * case explicit_prime: | ||||
12122 | * ... | ||||
12123 | * case explicit_char2: | ||||
12124 | * ... | ||||
12125 | * case named_curve: | ||||
12126 | * NamedCurve namedcurve; | ||||
12127 | * }; | ||||
12128 | * } ECParameters; | ||||
12129 | */ | ||||
12130 | |||||
12131 | int curve_type; | ||||
12132 | |||||
12133 | /* ECParameters.curve_type */ | ||||
12134 | curve_type = tvb_get_uint8(tvb, offset); | ||||
12135 | proto_tree_add_item(tree, hf->hf.hs_server_keyex_curve_type, tvb, | ||||
12136 | offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
12137 | offset++; | ||||
12138 | |||||
12139 | if (curve_type != 3) | ||||
12140 | return offset_end; /* only named_curves are supported */ | ||||
12141 | |||||
12142 | /* case curve_type == named_curve; ECParameters.namedcurve */ | ||||
12143 | proto_tree_add_item(tree, hf->hf.hs_server_keyex_named_curve, tvb, | ||||
12144 | offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
12145 | offset += 2; | ||||
12146 | |||||
12147 | return offset; | ||||
12148 | } | ||||
12149 | |||||
12150 | static void | ||||
12151 | dissect_ssl3_hnd_srv_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
12152 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
12153 | uint16_t version, bool_Bool anon) | ||||
12154 | { | ||||
12155 | /* | ||||
12156 | * RFC 4492 ECC cipher suites for TLS | ||||
12157 | * | ||||
12158 | * struct { | ||||
12159 | * opaque point <1..2^8-1>; | ||||
12160 | * } ECPoint; | ||||
12161 | * | ||||
12162 | * struct { | ||||
12163 | * ECParameters curve_params; | ||||
12164 | * ECPoint public; | ||||
12165 | * } ServerECDHParams; | ||||
12166 | * | ||||
12167 | * select (KeyExchangeAlgorithm) { | ||||
12168 | * case ec_diffie_hellman: | ||||
12169 | * ServerECDHParams params; | ||||
12170 | * Signature signed_params; | ||||
12171 | * } ServerKeyExchange; | ||||
12172 | */ | ||||
12173 | |||||
12174 | int point_len; | ||||
12175 | proto_tree *ssl_ecdh_tree; | ||||
12176 | |||||
12177 | ssl_ecdh_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | ||||
12178 | hf->ett.keyex_params, NULL((void*)0), "EC Diffie-Hellman Server Params"); | ||||
12179 | |||||
12180 | offset = dissect_tls_ecparameters(hf, tvb, ssl_ecdh_tree, offset, offset_end); | ||||
12181 | if (offset >= offset_end) | ||||
12182 | return; /* only named_curves are supported */ | ||||
12183 | |||||
12184 | /* ECPoint.point */ | ||||
12185 | point_len = tvb_get_uint8(tvb, offset); | ||||
12186 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point_len, tvb, | ||||
12187 | offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
12188 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point, tvb, | ||||
12189 | offset + 1, point_len, ENC_NA0x00000000); | ||||
12190 | offset += 1 + point_len; | ||||
12191 | |||||
12192 | /* Signature (if non-anonymous KEX) */ | ||||
12193 | if (!anon) { | ||||
12194 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_ecdh_tree, offset, offset_end, version); | ||||
12195 | } | ||||
12196 | } | ||||
12197 | |||||
12198 | static void | ||||
12199 | dissect_ssl3_hnd_srv_keyex_dhe(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
12200 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
12201 | uint16_t version, bool_Bool anon) | ||||
12202 | { | ||||
12203 | int p_len, g_len, ys_len; | ||||
12204 | proto_tree *ssl_dh_tree; | ||||
12205 | |||||
12206 | ssl_dh_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | ||||
12207 | hf->ett.keyex_params, NULL((void*)0), "Diffie-Hellman Server Params"); | ||||
12208 | |||||
12209 | /* p */ | ||||
12210 | p_len = tvb_get_ntohs(tvb, offset); | ||||
12211 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p_len, tvb, | ||||
12212 | offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
12213 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p, tvb, | ||||
12214 | offset + 2, p_len, ENC_NA0x00000000); | ||||
12215 | offset += 2 + p_len; | ||||
12216 | |||||
12217 | /* g */ | ||||
12218 | g_len = tvb_get_ntohs(tvb, offset); | ||||
12219 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g_len, tvb, | ||||
12220 | offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
12221 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g, tvb, | ||||
12222 | offset + 2, g_len, ENC_NA0x00000000); | ||||
12223 | offset += 2 + g_len; | ||||
12224 | |||||
12225 | /* Ys */ | ||||
12226 | ys_len = tvb_get_ntohs(tvb, offset); | ||||
12227 | proto_tree_add_uint(ssl_dh_tree, hf->hf.hs_server_keyex_ys_len, tvb, | ||||
12228 | offset, 2, ys_len); | ||||
12229 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_ys, tvb, | ||||
12230 | offset + 2, ys_len, ENC_NA0x00000000); | ||||
12231 | offset += 2 + ys_len; | ||||
12232 | |||||
12233 | /* Signature (if non-anonymous KEX) */ | ||||
12234 | if (!anon) { | ||||
12235 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_dh_tree, offset, offset_end, version); | ||||
12236 | } | ||||
12237 | } | ||||
12238 | |||||
12239 | /* Only used in RSA-EXPORT cipher suites */ | ||||
12240 | static void | ||||
12241 | dissect_ssl3_hnd_srv_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
12242 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
12243 | uint16_t version) | ||||
12244 | { | ||||
12245 | int modulus_len, exponent_len; | ||||
12246 | proto_tree *ssl_rsa_tree; | ||||
12247 | |||||
12248 | ssl_rsa_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | ||||
12249 | hf->ett.keyex_params, NULL((void*)0), "RSA-EXPORT Server Params"); | ||||
12250 | |||||
12251 | /* modulus */ | ||||
12252 | modulus_len = tvb_get_ntohs(tvb, offset); | ||||
12253 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus_len, tvb, | ||||
12254 | offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
12255 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus, tvb, | ||||
12256 | offset + 2, modulus_len, ENC_NA0x00000000); | ||||
12257 | offset += 2 + modulus_len; | ||||
12258 | |||||
12259 | /* exponent */ | ||||
12260 | exponent_len = tvb_get_ntohs(tvb, offset); | ||||
12261 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent_len, | ||||
12262 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
12263 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent, | ||||
12264 | tvb, offset + 2, exponent_len, ENC_NA0x00000000); | ||||
12265 | offset += 2 + exponent_len; | ||||
12266 | |||||
12267 | /* Signature */ | ||||
12268 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_rsa_tree, offset, offset_end, version); | ||||
12269 | } | ||||
12270 | |||||
12271 | /* Used in RSA PSK and PSK cipher suites */ | ||||
12272 | static uint32_t | ||||
12273 | dissect_ssl3_hnd_srv_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
12274 | proto_tree *tree, uint32_t offset) | ||||
12275 | { | ||||
12276 | unsigned hint_len; | ||||
12277 | proto_tree *ssl_psk_tree; | ||||
12278 | |||||
12279 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, -1, | ||||
12280 | hf->ett.keyex_params, NULL((void*)0), "PSK Server Params"); | ||||
12281 | |||||
12282 | /* hint */ | ||||
12283 | hint_len = tvb_get_ntohs(tvb, offset); | ||||
12284 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint_len, tvb, | ||||
12285 | offset, 2, ENC_BIG_ENDIAN0x00000000); | ||||
12286 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint, tvb, | ||||
12287 | offset + 2, hint_len, ENC_NA0x00000000); | ||||
12288 | |||||
12289 | proto_item_set_len(ssl_psk_tree, 2 + hint_len); | ||||
12290 | return 2 + hint_len; | ||||
12291 | } | ||||
12292 | |||||
12293 | /* Used in Diffie-Hellman PSK cipher suites */ | ||||
12294 | static void | ||||
12295 | dissect_ssl3_hnd_srv_keyex_dhe_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
12296 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
12297 | { | ||||
12298 | /* | ||||
12299 | * struct { | ||||
12300 | * select (KeyExchangeAlgorithm) { | ||||
12301 | * case diffie_hellman_psk: | ||||
12302 | * opaque psk_identity_hint<0..2^16-1>; | ||||
12303 | * ServerDHParams params; | ||||
12304 | * }; | ||||
12305 | * } ServerKeyExchange; | ||||
12306 | */ | ||||
12307 | |||||
12308 | uint32_t psk_len = dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); | ||||
12309 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset + psk_len, offset_end, 0, true1); | ||||
12310 | } | ||||
12311 | |||||
12312 | /* Used in EC Diffie-Hellman PSK cipher suites */ | ||||
12313 | static void | ||||
12314 | dissect_ssl3_hnd_srv_keyex_ecdh_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
12315 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
12316 | { | ||||
12317 | /* | ||||
12318 | * struct { | ||||
12319 | * select (KeyExchangeAlgorithm) { | ||||
12320 | * case ec_diffie_hellman_psk: | ||||
12321 | * opaque psk_identity_hint<0..2^16-1>; | ||||
12322 | * ServerECDHParams params; | ||||
12323 | * }; | ||||
12324 | * } ServerKeyExchange; | ||||
12325 | */ | ||||
12326 | |||||
12327 | uint32_t psk_len = dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); | ||||
12328 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset + psk_len, offset_end, 0, true1); | ||||
12329 | } | ||||
12330 | |||||
12331 | /* Used in EC J-PAKE cipher suites */ | ||||
12332 | static void | ||||
12333 | dissect_ssl3_hnd_srv_keyex_ecjpake(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
12334 | proto_tree *tree, uint32_t offset, uint32_t offset_end) | ||||
12335 | { | ||||
12336 | /* | ||||
12337 | * struct { | ||||
12338 | * ECPoint V; | ||||
12339 | * opaque r<1..2^8-1>; | ||||
12340 | * } ECSchnorrZKP; | ||||
12341 | * | ||||
12342 | * struct { | ||||
12343 | * ECPoint X; | ||||
12344 | * ECSchnorrZKP zkp; | ||||
12345 | * } ECJPAKEKeyKP; | ||||
12346 | * | ||||
12347 | * struct { | ||||
12348 | * ECParameters curve_params; | ||||
12349 | * ECJPAKEKeyKP ecjpake_key_kp; | ||||
12350 | * } ServerECJPAKEParams; | ||||
12351 | * | ||||
12352 | * select (KeyExchangeAlgorithm) { | ||||
12353 | * case ecjpake: | ||||
12354 | * ServerECJPAKEParams params; | ||||
12355 | * } ServerKeyExchange; | ||||
12356 | */ | ||||
12357 | |||||
12358 | int point_len; | ||||
12359 | proto_tree *ssl_ecjpake_tree; | ||||
12360 | |||||
12361 | ssl_ecjpake_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | ||||
12362 | hf->ett.keyex_params, NULL((void*)0), | ||||
12363 | "EC J-PAKE Server Params"); | ||||
12364 | |||||
12365 | offset = dissect_tls_ecparameters(hf, tvb, ssl_ecjpake_tree, offset, offset_end); | ||||
12366 | if (offset >= offset_end) | ||||
12367 | return; /* only named_curves are supported */ | ||||
12368 | |||||
12369 | /* ECJPAKEKeyKP.X */ | ||||
12370 | point_len = tvb_get_uint8(tvb, offset); | ||||
12371 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_xs_len, tvb, | ||||
12372 | offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
12373 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_xs, tvb, | ||||
12374 | offset + 1, point_len, ENC_NA0x00000000); | ||||
12375 | offset += 1 + point_len; | ||||
12376 | |||||
12377 | /* ECJPAKEKeyKP.zkp.V */ | ||||
12378 | point_len = tvb_get_uint8(tvb, offset); | ||||
12379 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_vs_len, tvb, | ||||
12380 | offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
12381 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_vs, tvb, | ||||
12382 | offset + 1, point_len, ENC_NA0x00000000); | ||||
12383 | offset += 1 + point_len; | ||||
12384 | |||||
12385 | /* ECJPAKEKeyKP.zkp.r */ | ||||
12386 | point_len = tvb_get_uint8(tvb, offset); | ||||
12387 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_rs_len, tvb, | ||||
12388 | offset, 1, ENC_BIG_ENDIAN0x00000000); | ||||
12389 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_rs, tvb, | ||||
12390 | offset + 1, point_len, ENC_NA0x00000000); | ||||
12391 | } | ||||
12392 | |||||
12393 | /* Only used in ECC-SM2-EXPORT cipher suites */ | ||||
12394 | static void | ||||
12395 | dissect_ssl3_hnd_srv_keyex_ecc_sm2(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
12396 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
12397 | uint16_t version) | ||||
12398 | { | ||||
12399 | proto_tree *ssl_ecc_sm2_tree; | ||||
12400 | |||||
12401 | ssl_ecc_sm2_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, | ||||
12402 | hf->ett.keyex_params, NULL((void*)0), "ECC-SM2-EXPORT Server Params"); | ||||
12403 | |||||
12404 | /* Signature */ | ||||
12405 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_ecc_sm2_tree, offset, offset_end, version); | ||||
12406 | } | ||||
12407 | /* ServerKeyExchange algo-specific dissectors. }}} */ | ||||
12408 | |||||
12409 | /* Client Key Exchange and Server Key Exchange handshake dissections. {{{ */ | ||||
12410 | void | ||||
12411 | ssl_dissect_hnd_cli_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
12412 | proto_tree *tree, uint32_t offset, uint32_t length, | ||||
12413 | const SslSession *session) | ||||
12414 | { | ||||
12415 | switch (ssl_get_keyex_alg(session->cipher)) { | ||||
12416 | case KEX_DH_ANON0x13: /* RFC 5246; DHE_DSS, DHE_RSA, DH_DSS, DH_RSA, DH_ANON: ClientDiffieHellmanPublic */ | ||||
12417 | case KEX_DH_DSS0x14: | ||||
12418 | case KEX_DH_RSA0x15: | ||||
12419 | case KEX_DHE_DSS0x10: | ||||
12420 | case KEX_DHE_RSA0x12: | ||||
12421 | dissect_ssl3_hnd_cli_keyex_dhe(hf, tvb, tree, offset, length); | ||||
12422 | break; | ||||
12423 | case KEX_DHE_PSK0x11: /* RFC 4279; diffie_hellman_psk: psk_identity, ClientDiffieHellmanPublic */ | ||||
12424 | dissect_ssl3_hnd_cli_keyex_dhe_psk(hf, tvb, tree, offset, length); | ||||
12425 | break; | ||||
12426 | case KEX_ECDH_ANON0x19: /* RFC 4492; ec_diffie_hellman: ClientECDiffieHellmanPublic */ | ||||
12427 | case KEX_ECDH_ECDSA0x1a: | ||||
12428 | case KEX_ECDH_RSA0x1b: | ||||
12429 | case KEX_ECDHE_ECDSA0x16: | ||||
12430 | case KEX_ECDHE_RSA0x18: | ||||
12431 | dissect_ssl3_hnd_cli_keyex_ecdh(hf, tvb, tree, offset, length); | ||||
12432 | break; | ||||
12433 | case KEX_ECDHE_PSK0x17: /* RFC 5489; ec_diffie_hellman_psk: psk_identity, ClientECDiffieHellmanPublic */ | ||||
12434 | dissect_ssl3_hnd_cli_keyex_ecdh_psk(hf, tvb, tree, offset, length); | ||||
12435 | break; | ||||
12436 | case KEX_KRB50x1c: /* RFC 2712; krb5: KerberosWrapper */ | ||||
12437 | /* XXX: implement support for KRB5 */ | ||||
12438 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | ||||
12439 | tvb, offset, length, | ||||
12440 | "Kerberos ciphersuites (RFC 2712) are not implemented, contact Wireshark" | ||||
12441 | " developers if you want them to be supported"); | ||||
12442 | break; | ||||
12443 | case KEX_PSK0x1d: /* RFC 4279; psk: psk_identity */ | ||||
12444 | dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); | ||||
12445 | break; | ||||
12446 | case KEX_RSA0x1e: /* RFC 5246; rsa: EncryptedPreMasterSecret */ | ||||
12447 | dissect_ssl3_hnd_cli_keyex_rsa(hf, tvb, tree, offset, length, session); | ||||
12448 | break; | ||||
12449 | case KEX_RSA_PSK0x1f: /* RFC 4279; rsa_psk: psk_identity, EncryptedPreMasterSecret */ | ||||
12450 | dissect_ssl3_hnd_cli_keyex_rsa_psk(hf, tvb, tree, offset, length); | ||||
12451 | break; | ||||
12452 | case KEX_SRP_SHA0x20: /* RFC 5054; srp: ClientSRPPublic */ | ||||
12453 | case KEX_SRP_SHA_DSS0x21: | ||||
12454 | case KEX_SRP_SHA_RSA0x22: | ||||
12455 | /* XXX: implement support for SRP_SHA* */ | ||||
12456 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | ||||
12457 | tvb, offset, length, | ||||
12458 | "SRP_SHA ciphersuites (RFC 5054) are not implemented, contact Wireshark" | ||||
12459 | " developers if you want them to be supported"); | ||||
12460 | break; | ||||
12461 | case KEX_ECJPAKE0x24: /* https://tools.ietf.org/html/draft-cragie-tls-ecjpake-01 used in Thread Commissioning */ | ||||
12462 | dissect_ssl3_hnd_cli_keyex_ecjpake(hf, tvb, tree, offset, length); | ||||
12463 | break; | ||||
12464 | case KEX_ECC_SM20x26: /* GB/T 38636 */ | ||||
12465 | dissect_ssl3_hnd_cli_keyex_ecc_sm2(hf, tvb, tree, offset, length); | ||||
12466 | break; | ||||
12467 | default: | ||||
12468 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | ||||
12469 | tvb, offset, length); | ||||
12470 | break; | ||||
12471 | } | ||||
12472 | } | ||||
12473 | |||||
12474 | void | ||||
12475 | ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, | ||||
12476 | proto_tree *tree, uint32_t offset, uint32_t offset_end, | ||||
12477 | const SslSession *session) | ||||
12478 | { | ||||
12479 | switch (ssl_get_keyex_alg(session->cipher)) { | ||||
12480 | case KEX_DH_ANON0x13: /* RFC 5246; ServerDHParams */ | ||||
12481 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset, offset_end, session->version, true1); | ||||
12482 | break; | ||||
12483 | case KEX_DH_DSS0x14: /* RFC 5246; not allowed */ | ||||
12484 | case KEX_DH_RSA0x15: | ||||
12485 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_srv_keyex_illegal, | ||||
12486 | tvb, offset, offset_end - offset); | ||||
12487 | break; | ||||
12488 | case KEX_DHE_DSS0x10: /* RFC 5246; dhe_dss, dhe_rsa: ServerDHParams, Signature */ | ||||
12489 | case KEX_DHE_RSA0x12: | ||||
12490 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset, offset_end, session->version, false0); | ||||
12491 | break; | ||||
12492 | case KEX_DHE_PSK0x11: /* RFC 4279; diffie_hellman_psk: psk_identity_hint, ServerDHParams */ | ||||
12493 | dissect_ssl3_hnd_srv_keyex_dhe_psk(hf, tvb, pinfo, tree, offset, offset_end); | ||||
12494 | break; | ||||
12495 | case KEX_ECDH_ANON0x19: /* RFC 4492; ec_diffie_hellman: ServerECDHParams (without signature for anon) */ | ||||
12496 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset, offset_end, session->version, true1); | ||||
12497 | break; | ||||
12498 | case KEX_ECDHE_PSK0x17: /* RFC 5489; psk_identity_hint, ServerECDHParams */ | ||||
12499 | dissect_ssl3_hnd_srv_keyex_ecdh_psk(hf, tvb, pinfo, tree, offset, offset_end); | ||||
12500 | break; | ||||
12501 | case KEX_ECDH_ECDSA0x1a: /* RFC 4492; ec_diffie_hellman: ServerECDHParams, Signature */ | ||||
12502 | case KEX_ECDH_RSA0x1b: | ||||
12503 | case KEX_ECDHE_ECDSA0x16: | ||||
12504 | case KEX_ECDHE_RSA0x18: | ||||
12505 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset, offset_end, session->version, false0); | ||||
12506 | break; | ||||
12507 | case KEX_KRB50x1c: /* RFC 2712; not allowed */ | ||||
12508 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_srv_keyex_illegal, | ||||
12509 | tvb, offset, offset_end - offset); | ||||
12510 | break; | ||||
12511 | case KEX_PSK0x1d: /* RFC 4279; psk, rsa: psk_identity */ | ||||
12512 | case KEX_RSA_PSK0x1f: | ||||
12513 | dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); | ||||
12514 | break; | ||||
12515 | case KEX_RSA0x1e: /* only allowed if the public key in the server certificate is longer than 512 bits */ | ||||
12516 | dissect_ssl3_hnd_srv_keyex_rsa(hf, tvb, pinfo, tree, offset, offset_end, session->version); | ||||
12517 | break; | ||||
12518 | case KEX_ECC_SM20x26: /* GB/T 38636 */ | ||||
12519 | dissect_ssl3_hnd_srv_keyex_ecc_sm2(hf, tvb, pinfo, tree, offset, offset_end, session->version); | ||||
12520 | break; | ||||
12521 | case KEX_SRP_SHA0x20: /* RFC 5054; srp: ServerSRPParams, Signature */ | ||||
12522 | case KEX_SRP_SHA_DSS0x21: | ||||
12523 | case KEX_SRP_SHA_RSA0x22: | ||||
12524 | /* XXX: implement support for SRP_SHA* */ | ||||
12525 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | ||||
12526 | tvb, offset, offset_end - offset, | ||||
12527 | "SRP_SHA ciphersuites (RFC 5054) are not implemented, contact Wireshark" | ||||
12528 | " developers if you want them to be supported"); | ||||
12529 | break; | ||||
12530 | case KEX_ECJPAKE0x24: /* https://tools.ietf.org/html/draft-cragie-tls-ecjpake-01 used in Thread Commissioning */ | ||||
12531 | dissect_ssl3_hnd_srv_keyex_ecjpake(hf, tvb, tree, offset, offset_end); | ||||
12532 | break; | ||||
12533 | default: | ||||
12534 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, | ||||
12535 | tvb, offset, offset_end - offset); | ||||
12536 | break; | ||||
12537 | } | ||||
12538 | } | ||||
12539 | /* Client Key Exchange and Server Key Exchange handshake dissections. }}} */ | ||||
12540 | |||||
12541 | void | ||||
12542 | tls13_dissect_hnd_key_update(ssl_common_dissect_t *hf, tvbuff_t *tvb, | ||||
12543 | proto_tree *tree, uint32_t offset) | ||||
12544 | { | ||||
12545 | /* RFC 8446 Section 4.6.3 | ||||
12546 | * enum { | ||||
12547 | * update_not_requested(0), update_requested(1), (255) | ||||
12548 | * } KeyUpdateRequest; | ||||
12549 | * | ||||
12550 | * struct { | ||||
12551 | * KeyUpdateRequest request_update; | ||||
12552 | * } KeyUpdate; | ||||
12553 | */ | ||||
12554 | proto_tree_add_item(tree, hf->hf.hs_key_update_request_update, tvb, offset, 1, ENC_NA0x00000000); | ||||
12555 | } | ||||
12556 | |||||
12557 | void | ||||
12558 | ssl_common_register_ssl_alpn_dissector_table(const char *name, | ||||
12559 | const char *ui_name, const int proto) | ||||
12560 | { | ||||
12561 | ssl_alpn_dissector_table = register_dissector_table(name, ui_name, | ||||
12562 | proto, FT_STRING, STRING_CASE_SENSITIVE0); | ||||
12563 | register_dissector_table_alias(ssl_alpn_dissector_table, "ssl.handshake.extensions_alpn_str"); | ||||
12564 | } | ||||
12565 | |||||
12566 | void | ||||
12567 | ssl_common_register_dtls_alpn_dissector_table(const char *name, | ||||
12568 | const char *ui_name, const int proto) | ||||
12569 | { | ||||
12570 | dtls_alpn_dissector_table = register_dissector_table(name, ui_name, | ||||
12571 | proto, FT_STRING, STRING_CASE_SENSITIVE0); | ||||
12572 | register_dissector_table_alias(ssl_alpn_dissector_table, "dtls.handshake.extensions_alpn_str"); | ||||
12573 | } | ||||
12574 | |||||
12575 | void | ||||
12576 | ssl_common_register_options(module_t *module, ssl_common_options_t *options, bool_Bool is_dtls) | ||||
12577 | { | ||||
12578 | prefs_register_string_preference(module, "psk", "Pre-Shared Key", | ||||
12579 | "Pre-Shared Key as HEX string. Should be 0 to 16 bytes.", | ||||
12580 | &(options->psk)); | ||||
12581 | |||||
12582 | if (is_dtls) { | ||||
12583 | prefs_register_obsolete_preference(module, "keylog_file"); | ||||
12584 | prefs_register_static_text_preference(module, "keylog_file_removed", | ||||
12585 | "The (Pre)-Master-Secret log filename preference can be configured in the TLS protocol preferences.", | ||||
12586 | "Use the TLS protocol preference to configure the keylog file for both DTLS and TLS."); | ||||
12587 | return; | ||||
12588 | } | ||||
12589 | |||||
12590 | prefs_register_filename_preference(module, "keylog_file", "(Pre)-Master-Secret log filename", | ||||
12591 | "The name of a file which contains a list of \n" | ||||
12592 | "(pre-)master secrets in one of the following formats:\n" | ||||
12593 | "\n" | ||||
12594 | "RSA <EPMS> <PMS>\n" | ||||
12595 | "RSA Session-ID:<SSLID> Master-Key:<MS>\n" | ||||
12596 | "CLIENT_RANDOM <CRAND> <MS>\n" | ||||
12597 | "PMS_CLIENT_RANDOM <CRAND> <PMS>\n" | ||||
12598 | "\n" | ||||
12599 | "Where:\n" | ||||
12600 | "<EPMS> = First 8 bytes of the Encrypted PMS\n" | ||||
12601 | "<PMS> = The Pre-Master-Secret (PMS) used to derive the MS\n" | ||||
12602 | "<SSLID> = The SSL Session ID\n" | ||||
12603 | "<MS> = The Master-Secret (MS)\n" | ||||
12604 | "<CRAND> = The Client's random number from the ClientHello message\n" | ||||
12605 | "\n" | ||||
12606 | "(All fields are in hex notation)", | ||||
12607 | &(options->keylog_filename), false0); | ||||
12608 | } | ||||
12609 | |||||
12610 | void | ||||
12611 | ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, uint32_t offset, uint32_t length) | ||||
12612 | { | ||||
12613 | if (ssl_session && ssl_session->session.version != TLSV1DOT3_VERSION0x304 && !(ssl_session->state & SSL_MASTER_SECRET(1<<5))) { | ||||
12614 | uint32_t old_length = ssl_session->handshake_data.data_len; | ||||
12615 | ssl_debug_printf("Calculating hash with offset %d %d\n", offset, length); | ||||
12616 | if (tvb) { | ||||
12617 | if (tvb_bytes_exist(tvb, offset, length)) { | ||||
12618 | ssl_session->handshake_data.data = (unsigned char *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length); | ||||
12619 | tvb_memcpy(tvb, ssl_session->handshake_data.data + old_length, offset, length); | ||||
12620 | ssl_session->handshake_data.data_len += length; | ||||
12621 | } | ||||
12622 | } else { | ||||
12623 | /* DTLS calculates the hash as if each handshake message had been | ||||
12624 | * sent as a single fragment (RFC 6347, section 4.2.6) and passes | ||||
12625 | * in a null tvbuff to add 3 bytes for a zero fragment offset. | ||||
12626 | */ | ||||
12627 | DISSECTOR_ASSERT_CMPINT(length, <, 4)((void) ((length < 4) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion " "length" " " "<" " " "4" " (" "%" "l" "d" " " "<" " " "%" "l" "d" ")", "epan/dissectors/packet-tls-utils.c" , 12627, (int64_t)length, (int64_t)4)))); | ||||
12628 | ssl_session->handshake_data.data = (unsigned char *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length); | ||||
12629 | memset(ssl_session->handshake_data.data + old_length, 0, length); | ||||
12630 | ssl_session->handshake_data.data_len += length; | ||||
12631 | } | ||||
12632 | } | ||||
12633 | } | ||||
12634 | |||||
12635 | |||||
12636 | /* | ||||
12637 | * Editor modelines - https://www.wireshark.org/tools/modelines.html | ||||
12638 | * | ||||
12639 | * Local variables: | ||||
12640 | * c-basic-offset: 4 | ||||
12641 | * tab-width: 8 | ||||
12642 | * indent-tabs-mode: nil | ||||
12643 | * End: | ||||
12644 | * | ||||
12645 | * vi: set shiftwidth=4 tabstop=8 expandtab: | ||||
12646 | * :indentSize=4:tabSize=8:noTabs=true: | ||||
12647 | */ |