clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name packet-tls-utils.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -ffloat16-excess-precision=fast -fbfloat16-excess-precision=fast -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/builds/wireshark/wireshark/build -fcoverage-compilation-dir=/builds/wireshark/wireshark/build -resource-dir /usr/lib/llvm-18/lib/clang/18 -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -isystem /usr/include/mit-krb5 -isystem /usr/include/libxml2 -isystem /builds/wireshark/wireshark/build/epan/dissectors -isystem /builds/wireshark/wireshark/epan/dissectors -isystem /builds/wireshark/wireshark/epan -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_BUILD_DLL -D WS_DEBUG -D WS_DEBUG_UTF_8 -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -internal-isystem /usr/lib/llvm-18/lib/clang/18/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/13/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -Wno-error=stringop-overflow= -Wno-error=deprecated-declarations -Wno-format-truncation -Wno-pointer-sign -std=gnu11 -ferror-limit 19 -fvisibility=hidden -fwrapv -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcolor-diagnostics -analyzer-output=html -dwarf-debug-flags /usr/lib/llvm-18/bin/clang -### --analyze -x c -D G_DISABLE_DEPRECATED -D G_DISABLE_SINGLE_INCLUDES -D WS_BUILD_DLL -D WS_DEBUG -D WS_DEBUG_UTF_8 -I /builds/wireshark/wireshark/build -I /builds/wireshark/wireshark -I /builds/wireshark/wireshark/include -isystem /usr/include/glib-2.0 -isystem /usr/lib/x86_64-linux-gnu/glib-2.0/include -isystem /usr/include/mit-krb5 -isystem /usr/include/libxml2 -isystem /builds/wireshark/wireshark/build/epan/dissectors -isystem /builds/wireshark/wireshark/epan/dissectors -isystem /builds/wireshark/wireshark/epan -fvisibility=hidden -fno-strict-overflow -fexcess-precision=fast -Wno-error=stringop-overflow= -Wno-error=deprecated-declarations -Wno-format-truncation -fdiagnostics-color=always -Wno-pointer-sign -fmacro-prefix-map=/builds/wireshark/wireshark/= -fmacro-prefix-map=/builds/wireshark/wireshark/build/= -fmacro-prefix-map=../= -std=gnu11 -fPIC /builds/wireshark/wireshark/epan/dissectors/packet-tls-utils.c -o /builds/wireshark/wireshark/sbout/2024-07-23-100257-3329-1 -Xclang -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /builds/wireshark/wireshark/sbout/2024-07-23-100257-3329-1 -x c /builds/wireshark/wireshark/epan/dissectors/packet-tls-utils.c
1 | /* packet-tls-utils.c |
2 | * ssl manipulation functions |
3 | * By Paolo Abeni <[emailprotected]> |
4 | * |
5 | * Copyright (c) 2013, Hauke Mehrtens <[emailprotected]> |
6 | * Copyright (c) 2014, Peter Wu <[emailprotected]> |
7 | * |
8 | * Wireshark - Network traffic analyzer |
9 | * By Gerald Combs <[emailprotected]> |
10 | * Copyright 1998 Gerald Combs |
11 | * |
12 | * SPDX-License-Identifier: GPL-2.0-or-later |
13 | */ |
14 | |
15 | #include "config.h" |
16 | |
17 | #if defined(HAVE_ZLIB1) && !defined(HAVE_ZLIBNG) |
18 | #define ZLIB_CONST |
19 | #define ZLIB_PREFIX(x)x x |
20 | #include <zlib.h> |
21 | typedef z_stream zlib_stream; |
22 | #endif /* HAVE_ZLIB */ |
23 | |
24 | #ifdef HAVE_ZLIBNG |
25 | #define ZLIB_PREFIX(x)x zng_ ## x |
26 | #include <zlib-ng.h> |
27 | typedef zng_stream zlib_stream; |
28 | #endif /* HAVE_ZLIBNG */ |
29 | |
30 | #include <stdlib.h> |
31 | #include <errno(*__errno_location ()).h> |
32 | |
33 | #include <epan/packet.h> |
34 | #include <epan/strutil.h> |
35 | #include <epan/addr_resolv.h> |
36 | #include <epan/expert.h> |
37 | #include <epan/asn1.h> |
38 | #include <epan/proto_data.h> |
39 | #include <epan/oids.h> |
40 | #include <epan/secrets.h> |
41 | |
42 | #include <wsutil/inet_cidr.h> |
43 | #include <wsutil/filesystem.h> |
44 | #include <wsutil/file_util.h> |
45 | #include <wsutil/str_util.h> |
46 | #include <wsutil/report_message.h> |
47 | #include <wsutil/pint.h> |
48 | #include <wsutil/strtoi.h> |
49 | #include <wsutil/wsgcrypt.h> |
50 | #include <wsutil/rsa.h> |
51 | #include <wsutil/ws_assert.h> |
52 | #include "packet-ber.h" |
53 | #include "packet-x509af.h" |
54 | #include "packet-x509if.h" |
55 | #include "packet-tls-utils.h" |
56 | #include "packet-ocsp.h" |
57 | #include "packet-tls.h" |
58 | #include "packet-dtls.h" |
59 | #include "packet-quic.h" |
60 | #if defined(HAVE_LIBGNUTLS1) |
61 | #include <gnutls/abstract.h> |
62 | #endif |
63 | |
64 | /* JA3/JA3S calculations must ignore GREASE values |
65 | * as described in RFC 8701. |
66 | */ |
67 | #define IS_GREASE_TLS(x)((((x) & 0x0f0f) == 0x0a0a) && (((x) & 0xff) == (((x)>>8) & 0xff))) ((((x) & 0x0f0f) == 0x0a0a) && \ |
68 | (((x) & 0xff) == (((x)>>8) & 0xff))) |
69 | |
70 | /* Section 22.3 of RFC 9000 (QUIC) reserves values of this |
71 | * form for a similar purpose as GREASE. |
72 | */ |
73 | #define IS_GREASE_QUIC(x)((x) > 27 ? ((((x) - 27) % 31) == 0) : 0) ((x) > 27 ? ((((x) - 27) % 31) == 0) : 0) |
74 | |
75 | #define DTLS13_MAX_EPOCH10 10 |
76 | |
77 | /* Lookup tables {{{ */ |
78 | const value_string ssl_version_short_names[] = { |
79 | { SSLV2_VERSION0x0002, "SSLv2" }, |
80 | { SSLV3_VERSION0x300, "SSLv3" }, |
81 | { TLSV1_VERSION0x301, "TLSv1" }, |
82 | { TLCPV1_VERSION0x101, "TLCP" }, |
83 | { TLSV1DOT1_VERSION0x302, "TLSv1.1" }, |
84 | { TLSV1DOT2_VERSION0x303, "TLSv1.2" }, |
85 | { TLSV1DOT3_VERSION0x304, "TLSv1.3" }, |
86 | { DTLSV1DOT0_VERSION0xfeff, "DTLSv1.0" }, |
87 | { DTLSV1DOT2_VERSION0xfefd, "DTLSv1.2" }, |
88 | { DTLSV1DOT3_VERSION0xfefc, "DTLSv1.3" }, |
89 | { DTLSV1DOT0_OPENSSL_VERSION0x100, "DTLS 1.0 (OpenSSL pre 0.9.8f)" }, |
90 | { 0x00, NULL((void*)0) } |
91 | }; |
92 | |
93 | const value_string ssl_versions[] = { |
94 | { SSLV2_VERSION0x0002, "SSL 2.0" }, |
95 | { SSLV3_VERSION0x300, "SSL 3.0" }, |
96 | { TLSV1_VERSION0x301, "TLS 1.0" }, |
97 | { TLCPV1_VERSION0x101, "TLCP" }, |
98 | { TLSV1DOT1_VERSION0x302, "TLS 1.1" }, |
99 | { TLSV1DOT2_VERSION0x303, "TLS 1.2" }, |
100 | { TLSV1DOT3_VERSION0x304, "TLS 1.3" }, |
101 | { 0x7F0E, "TLS 1.3 (draft 14)" }, |
102 | { 0x7F0F, "TLS 1.3 (draft 15)" }, |
103 | { 0x7F10, "TLS 1.3 (draft 16)" }, |
104 | { 0x7F11, "TLS 1.3 (draft 17)" }, |
105 | { 0x7F12, "TLS 1.3 (draft 18)" }, |
106 | { 0x7F13, "TLS 1.3 (draft 19)" }, |
107 | { 0x7F14, "TLS 1.3 (draft 20)" }, |
108 | { 0x7F15, "TLS 1.3 (draft 21)" }, |
109 | { 0x7F16, "TLS 1.3 (draft 22)" }, |
110 | { 0x7F17, "TLS 1.3 (draft 23)" }, |
111 | { 0x7F18, "TLS 1.3 (draft 24)" }, |
112 | { 0x7F19, "TLS 1.3 (draft 25)" }, |
113 | { 0x7F1A, "TLS 1.3 (draft 26)" }, |
114 | { 0x7F1B, "TLS 1.3 (draft 27)" }, |
115 | { 0x7F1C, "TLS 1.3 (draft 28)" }, |
116 | { 0xFB17, "TLS 1.3 (Facebook draft 23)" }, |
117 | { 0xFB1A, "TLS 1.3 (Facebook draft 26)" }, |
118 | { DTLSV1DOT0_OPENSSL_VERSION0x100, "DTLS 1.0 (OpenSSL pre 0.9.8f)" }, |
119 | { DTLSV1DOT0_VERSION0xfeff, "DTLS 1.0" }, |
120 | { DTLSV1DOT2_VERSION0xfefd, "DTLS 1.2" }, |
121 | { DTLSV1DOT3_VERSION0xfefc, "DTLS 1.3" }, |
122 | { 0x0A0A, "Reserved (GREASE)" }, /* RFC 8701 */ |
123 | { 0x1A1A, "Reserved (GREASE)" }, /* RFC 8701 */ |
124 | { 0x2A2A, "Reserved (GREASE)" }, /* RFC 8701 */ |
125 | { 0x3A3A, "Reserved (GREASE)" }, /* RFC 8701 */ |
126 | { 0x4A4A, "Reserved (GREASE)" }, /* RFC 8701 */ |
127 | { 0x5A5A, "Reserved (GREASE)" }, /* RFC 8701 */ |
128 | { 0x6A6A, "Reserved (GREASE)" }, /* RFC 8701 */ |
129 | { 0x7A7A, "Reserved (GREASE)" }, /* RFC 8701 */ |
130 | { 0x8A8A, "Reserved (GREASE)" }, /* RFC 8701 */ |
131 | { 0x9A9A, "Reserved (GREASE)" }, /* RFC 8701 */ |
132 | { 0xAAAA, "Reserved (GREASE)" }, /* RFC 8701 */ |
133 | { 0xBABA, "Reserved (GREASE)" }, /* RFC 8701 */ |
134 | { 0xCACA, "Reserved (GREASE)" }, /* RFC 8701 */ |
135 | { 0xDADA, "Reserved (GREASE)" }, /* RFC 8701 */ |
136 | { 0xEAEA, "Reserved (GREASE)" }, /* RFC 8701 */ |
137 | { 0xFAFA, "Reserved (GREASE)" }, /* RFC 8701 */ |
138 | { 0x00, NULL((void*)0) } |
139 | }; |
140 | |
141 | static const value_string ssl_version_ja4_names[] = { |
142 | { 0x0100, "s1" }, |
143 | { SSLV2_VERSION0x0002, "s2" }, |
144 | { SSLV3_VERSION0x300, "s3" }, |
145 | { TLSV1_VERSION0x301, "10" }, |
146 | { TLSV1DOT1_VERSION0x302, "11" }, |
147 | { TLSV1DOT2_VERSION0x303, "12" }, |
148 | { TLSV1DOT3_VERSION0x304, "13" }, |
149 | { DTLSV1DOT0_VERSION0xfeff, "d1" }, |
150 | { DTLSV1DOT2_VERSION0xfefd, "d2" }, |
151 | { DTLSV1DOT3_VERSION0xfefc, "d3" }, |
152 | { 0x00, NULL((void*)0) } |
153 | }; |
154 | |
155 | const value_string ssl_20_msg_types[] = { |
156 | { SSL2_HND_ERROR0x00, "Error" }, |
157 | { SSL2_HND_CLIENT_HELLO0x01, "Client Hello" }, |
158 | { SSL2_HND_CLIENT_MASTER_KEY0x02, "Client Master Key" }, |
159 | { SSL2_HND_CLIENT_FINISHED0x03, "Client Finished" }, |
160 | { SSL2_HND_SERVER_HELLO0x04, "Server Hello" }, |
161 | { SSL2_HND_SERVER_VERIFY0x05, "Server Verify" }, |
162 | { SSL2_HND_SERVER_FINISHED0x06, "Server Finished" }, |
163 | { SSL2_HND_REQUEST_CERTIFICATE0x07, "Request Certificate" }, |
164 | { SSL2_HND_CLIENT_CERTIFICATE0x08, "Client Certificate" }, |
165 | { 0x00, NULL((void*)0) } |
166 | }; |
167 | /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ |
168 | /* Note: sorted by ascending value so value_string-ext can do a binary search */ |
169 | static const value_string ssl_20_cipher_suites[] = { |
170 | { 0x000000, "TLS_NULL_WITH_NULL_NULL" }, |
171 | { 0x000001, "TLS_RSA_WITH_NULL_MD5" }, |
172 | { 0x000002, "TLS_RSA_WITH_NULL_SHA" }, |
173 | { 0x000003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, |
174 | { 0x000004, "TLS_RSA_WITH_RC4_128_MD5" }, |
175 | { 0x000005, "TLS_RSA_WITH_RC4_128_SHA" }, |
176 | { 0x000006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, |
177 | { 0x000007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, |
178 | { 0x000008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, |
179 | { 0x000009, "TLS_RSA_WITH_DES_CBC_SHA" }, |
180 | { 0x00000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, |
181 | { 0x00000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, |
182 | { 0x00000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, |
183 | { 0x00000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, |
184 | { 0x00000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, |
185 | { 0x00000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, |
186 | { 0x000010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, |
187 | { 0x000011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, |
188 | { 0x000012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, |
189 | { 0x000013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, |
190 | { 0x000014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, |
191 | { 0x000015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, |
192 | { 0x000016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, |
193 | { 0x000017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, |
194 | { 0x000018, "TLS_DH_anon_WITH_RC4_128_MD5" }, |
195 | { 0x000019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, |
196 | { 0x00001a, "TLS_DH_anon_WITH_DES_CBC_SHA" }, |
197 | { 0x00001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, |
198 | { 0x00001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" }, |
199 | { 0x00001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, |
200 | #if 0 |
201 | { 0x00001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, |
202 | #endif |
203 | /* RFC 2712 */ |
204 | { 0x00001E, "TLS_KRB5_WITH_DES_CBC_SHA" }, |
205 | { 0x00001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, |
206 | { 0x000020, "TLS_KRB5_WITH_RC4_128_SHA" }, |
207 | { 0x000021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, |
208 | { 0x000022, "TLS_KRB5_WITH_DES_CBC_MD5" }, |
209 | { 0x000023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, |
210 | { 0x000024, "TLS_KRB5_WITH_RC4_128_MD5" }, |
211 | { 0x000025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, |
212 | { 0x000026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, |
213 | { 0x000027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, |
214 | { 0x000028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, |
215 | { 0x000029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, |
216 | { 0x00002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, |
217 | { 0x00002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, |
218 | /* RFC 4785 */ |
219 | { 0x00002C, "TLS_PSK_WITH_NULL_SHA" }, |
220 | { 0x00002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, |
221 | { 0x00002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, |
222 | /* RFC 5246 */ |
223 | { 0x00002f, "TLS_RSA_WITH_AES_128_CBC_SHA" }, |
224 | { 0x000030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, |
225 | { 0x000031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, |
226 | { 0x000032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, |
227 | { 0x000033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, |
228 | { 0x000034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, |
229 | { 0x000035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, |
230 | { 0x000036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, |
231 | { 0x000037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, |
232 | { 0x000038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, |
233 | { 0x000039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, |
234 | { 0x00003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, |
235 | { 0x00003B, "TLS_RSA_WITH_NULL_SHA256" }, |
236 | { 0x00003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, |
237 | { 0x00003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, |
238 | { 0x00003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, |
239 | { 0x00003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, |
240 | { 0x000040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, |
241 | { 0x000041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, |
242 | { 0x000042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, |
243 | { 0x000043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, |
244 | { 0x000044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, |
245 | { 0x000045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, |
246 | { 0x000046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, |
247 | { 0x000047, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, |
248 | { 0x000048, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, |
249 | { 0x000049, "TLS_ECDH_ECDSA_WITH_DES_CBC_SHA" }, |
250 | { 0x00004A, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, |
251 | { 0x00004B, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, |
252 | { 0x00004C, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, |
253 | { 0x000060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" }, |
254 | { 0x000061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" }, |
255 | { 0x000062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" }, |
256 | { 0x000063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" }, |
257 | { 0x000064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" }, |
258 | { 0x000065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" }, |
259 | { 0x000066, "TLS_DHE_DSS_WITH_RC4_128_SHA" }, |
260 | { 0x000067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, |
261 | { 0x000068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, |
262 | { 0x000069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, |
263 | { 0x00006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, |
264 | { 0x00006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, |
265 | { 0x00006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, |
266 | { 0x00006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, |
267 | /* 0x00,0x6E-83 Unassigned */ |
268 | { 0x000084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, |
269 | { 0x000085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, |
270 | { 0x000086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, |
271 | { 0x000087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, |
272 | { 0x000088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, |
273 | { 0x000089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, |
274 | /* RFC 4279 */ |
275 | { 0x00008A, "TLS_PSK_WITH_RC4_128_SHA" }, |
276 | { 0x00008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, |
277 | { 0x00008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, |
278 | { 0x00008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, |
279 | { 0x00008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, |
280 | { 0x00008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, |
281 | { 0x000090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, |
282 | { 0x000091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, |
283 | { 0x000092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, |
284 | { 0x000093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, |
285 | { 0x000094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, |
286 | { 0x000095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, |
287 | /* RFC 4162 */ |
288 | { 0x000096, "TLS_RSA_WITH_SEED_CBC_SHA" }, |
289 | { 0x000097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, |
290 | { 0x000098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, |
291 | { 0x000099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, |
292 | { 0x00009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, |
293 | { 0x00009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, |
294 | /* RFC 5288 */ |
295 | { 0x00009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, |
296 | { 0x00009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, |
297 | { 0x00009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, |
298 | { 0x00009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, |
299 | { 0x0000A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, |
300 | { 0x0000A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, |
301 | { 0x0000A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, |
302 | { 0x0000A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, |
303 | { 0x0000A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, |
304 | { 0x0000A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, |
305 | { 0x0000A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, |
306 | { 0x0000A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, |
307 | /* RFC 5487 */ |
308 | { 0x0000A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, |
309 | { 0x0000A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, |
310 | { 0x0000AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, |
311 | { 0x0000AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, |
312 | { 0x0000AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, |
313 | { 0x0000AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, |
314 | { 0x0000AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, |
315 | { 0x0000AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, |
316 | { 0x0000B0, "TLS_PSK_WITH_NULL_SHA256" }, |
317 | { 0x0000B1, "TLS_PSK_WITH_NULL_SHA384" }, |
318 | { 0x0000B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, |
319 | { 0x0000B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, |
320 | { 0x0000B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, |
321 | { 0x0000B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, |
322 | { 0x0000B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, |
323 | { 0x0000B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, |
324 | { 0x0000B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, |
325 | { 0x0000B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, |
326 | /* From RFC 5932 */ |
327 | { 0x0000BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, |
328 | { 0x0000BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, |
329 | { 0x0000BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, |
330 | { 0x0000BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, |
331 | { 0x0000BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, |
332 | { 0x0000BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, |
333 | { 0x0000C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, |
334 | { 0x0000C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, |
335 | { 0x0000C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, |
336 | { 0x0000C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, |
337 | { 0x0000C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, |
338 | { 0x0000C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, |
339 | /* 0x00,0xC6-FE Unassigned */ |
340 | { 0x0000FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, |
341 | /* 0x01-BF,* Unassigned */ |
342 | /* From RFC 4492 */ |
343 | { 0x00c001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, |
344 | { 0x00c002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, |
345 | { 0x00c003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, |
346 | { 0x00c004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, |
347 | { 0x00c005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, |
348 | { 0x00c006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, |
349 | { 0x00c007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, |
350 | { 0x00c008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, |
351 | { 0x00c009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, |
352 | { 0x00c00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, |
353 | { 0x00c00b, "TLS_ECDH_RSA_WITH_NULL_SHA" }, |
354 | { 0x00c00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, |
355 | { 0x00c00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, |
356 | { 0x00c00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, |
357 | { 0x00c00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, |
358 | { 0x00c010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, |
359 | { 0x00c011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, |
360 | { 0x00c012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, |
361 | { 0x00c013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, |
362 | { 0x00c014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, |
363 | { 0x00c015, "TLS_ECDH_anon_WITH_NULL_SHA" }, |
364 | { 0x00c016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, |
365 | { 0x00c017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, |
366 | { 0x00c018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, |
367 | { 0x00c019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, |
368 | /* RFC 5054 */ |
369 | { 0x00C01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, |
370 | { 0x00C01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, |
371 | { 0x00C01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, |
372 | { 0x00C01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, |
373 | { 0x00C01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, |
374 | { 0x00C01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, |
375 | { 0x00C020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, |
376 | { 0x00C021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, |
377 | { 0x00C022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, |
378 | /* RFC 5589 */ |
379 | { 0x00C023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, |
380 | { 0x00C024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, |
381 | { 0x00C025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, |
382 | { 0x00C026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, |
383 | { 0x00C027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, |
384 | { 0x00C028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, |
385 | { 0x00C029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, |
386 | { 0x00C02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, |
387 | { 0x00C02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, |
388 | { 0x00C02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, |
389 | { 0x00C02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, |
390 | { 0x00C02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, |
391 | { 0x00C02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, |
392 | { 0x00C030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, |
393 | { 0x00C031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, |
394 | { 0x00C032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, |
395 | /* RFC 5489 */ |
396 | { 0x00C033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, |
397 | { 0x00C034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, |
398 | { 0x00C035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, |
399 | { 0x00C036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, |
400 | { 0x00C037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, |
401 | { 0x00C038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, |
402 | { 0x00C039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, |
403 | { 0x00C03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, |
404 | { 0x00C03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, |
405 | /* 0xC0,0x3C-FF Unassigned |
406 | 0xC1-FD,* Unassigned |
407 | 0xFE,0x00-FD Unassigned |
408 | 0xFE,0xFE-FF Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen] |
409 | 0xFF,0x00-FF Reserved for Private Use [RFC5246] |
410 | */ |
411 | |
412 | /* old numbers used in the beginning |
413 | * https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305 */ |
414 | { 0x00CC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, |
415 | { 0x00CC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, |
416 | { 0x00CC15, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, |
417 | |
418 | /* https://tools.ietf.org/html/rfc7905 */ |
419 | { 0x00CCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, |
420 | { 0x00CCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, |
421 | { 0x00CCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, |
422 | { 0x00CCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, |
423 | { 0x00CCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, |
424 | { 0x00CCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, |
425 | { 0x00CCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, |
426 | |
427 | /* GM/T 0024-2014 */ |
428 | { 0x00e001, "ECDHE_SM1_SM3"}, |
429 | { 0x00e003, "ECC_SM1_SM3"}, |
430 | { 0x00e005, "IBSDH_SM1_SM3"}, |
431 | { 0x00e007, "IBC_SM1_SM3"}, |
432 | { 0x00e009, "RSA_SM1_SM3"}, |
433 | { 0x00e00a, "RSA_SM1_SHA1"}, |
434 | { 0x00e011, "ECDHE_SM4_CBC_SM3"}, |
435 | { 0x00e013, "ECC_SM4_CBC_SM3"}, |
436 | { 0x00e015, "IBSDH_SM4_CBC_SM3"}, |
437 | { 0x00e017, "IBC_SM4_CBC_SM3"}, |
438 | { 0x00e019, "RSA_SM4_CBC_SM3"}, |
439 | { 0x00e01a, "RSA_SM4_CBC_SHA1"}, |
440 | { 0x00e01c, "RSA_SM4_CBC_SHA256"}, |
441 | { 0x00e051, "ECDHE_SM4_GCM_SM3"}, |
442 | { 0x00e053, "ECC_SM4_GCM_SM3"}, |
443 | { 0x00e055, "IBSDH_SM4_GCM_SM3"}, |
444 | { 0x00e057, "IBC_SM4_GCM_SM3"}, |
445 | { 0x00e059, "RSA_SM4_GCM_SM3"}, |
446 | { 0x00e05a, "RSA_SM4_GCM_SHA256"}, |
447 | |
448 | /* https://tools.ietf.org/html/draft-josefsson-salsa20-tls */ |
449 | { 0x00E410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" }, |
450 | { 0x00E411, "TLS_RSA_WITH_SALSA20_SHA1" }, |
451 | { 0x00E412, "TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, |
452 | { 0x00E413, "TLS_ECDHE_RSA_WITH_SALSA20_SHA1" }, |
453 | { 0x00E414, "TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1" }, |
454 | { 0x00E415, "TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1" }, |
455 | { 0x00E416, "TLS_PSK_WITH_ESTREAM_SALSA20_SHA1" }, |
456 | { 0x00E417, "TLS_PSK_WITH_SALSA20_SHA1" }, |
457 | { 0x00E418, "TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, |
458 | { 0x00E419, "TLS_ECDHE_PSK_WITH_SALSA20_SHA1" }, |
459 | { 0x00E41A, "TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1" }, |
460 | { 0x00E41B, "TLS_RSA_PSK_WITH_SALSA20_SHA1" }, |
461 | { 0x00E41C, "TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, |
462 | { 0x00E41D, "TLS_DHE_PSK_WITH_SALSA20_SHA1" }, |
463 | { 0x00E41E, "TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, |
464 | { 0x00E41F, "TLS_DHE_RSA_WITH_SALSA20_SHA1" }, |
465 | |
466 | /* these from http://www.mozilla.org/projects/ |
467 | security/pki/nss/ssl/fips-ssl-ciphersuites.html */ |
468 | { 0x00fefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, |
469 | { 0x00feff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, |
470 | { 0x00ffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, |
471 | { 0x00ffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, |
472 | /* note that ciphersuites of {0x00????} are TLS cipher suites in |
473 | * a sslv2 client hello message; the ???? above is the two-byte |
474 | * tls cipher suite id |
475 | */ |
476 | |
477 | { 0x010080, "SSL2_RC4_128_WITH_MD5" }, |
478 | { 0x020080, "SSL2_RC4_128_EXPORT40_WITH_MD5" }, |
479 | { 0x030080, "SSL2_RC2_128_CBC_WITH_MD5" }, |
480 | { 0x040080, "SSL2_RC2_128_CBC_EXPORT40_WITH_MD5" }, |
481 | { 0x050080, "SSL2_IDEA_128_CBC_WITH_MD5" }, |
482 | { 0x060040, "SSL2_DES_64_CBC_WITH_MD5" }, |
483 | { 0x0700c0, "SSL2_DES_192_EDE3_CBC_WITH_MD5" }, |
484 | { 0x080080, "SSL2_RC4_64_WITH_MD5" }, |
485 | |
486 | { 0x00, NULL((void*)0) } |
487 | }; |
488 | |
489 | value_string_ext ssl_20_cipher_suites_ext = VALUE_STRING_EXT_INIT(ssl_20_cipher_suites){ _try_val_to_str_ext_init, 0, (sizeof (ssl_20_cipher_suites) / sizeof ((ssl_20_cipher_suites)[0]))-1, ssl_20_cipher_suites , "ssl_20_cipher_suites" }; |
490 | |
491 | |
492 | /* |
493 | * Supported Groups (formerly named "EC Named Curve"). |
494 | * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 |
495 | */ |
496 | const value_string ssl_extension_curves[] = { |
497 | { 1, "sect163k1" }, |
498 | { 2, "sect163r1" }, |
499 | { 3, "sect163r2" }, |
500 | { 4, "sect193r1" }, |
501 | { 5, "sect193r2" }, |
502 | { 6, "sect233k1" }, |
503 | { 7, "sect233r1" }, |
504 | { 8, "sect239k1" }, |
505 | { 9, "sect283k1" }, |
506 | { 10, "sect283r1" }, |
507 | { 11, "sect409k1" }, |
508 | { 12, "sect409r1" }, |
509 | { 13, "sect571k1" }, |
510 | { 14, "sect571r1" }, |
511 | { 15, "secp160k1" }, |
512 | { 16, "secp160r1" }, |
513 | { 17, "secp160r2" }, |
514 | { 18, "secp192k1" }, |
515 | { 19, "secp192r1" }, |
516 | { 20, "secp224k1" }, |
517 | { 21, "secp224r1" }, |
518 | { 22, "secp256k1" }, |
519 | { 23, "secp256r1" }, |
520 | { 24, "secp384r1" }, |
521 | { 25, "secp521r1" }, |
522 | { 26, "brainpoolP256r1" }, /* RFC 7027 */ |
523 | { 27, "brainpoolP384r1" }, /* RFC 7027 */ |
524 | { 28, "brainpoolP512r1" }, /* RFC 7027 */ |
525 | { 29, "x25519" }, /* RFC 8446 / RFC 8422 */ |
526 | { 30, "x448" }, /* RFC 8446 / RFC 8422 */ |
527 | { 31, "brainpoolP256r1tls13" }, /* RFC8734 */ |
528 | { 32, "brainpoolP384r1tls13" }, /* RFC8734 */ |
529 | { 33, "brainpoolP512r1tls13" }, /* RFC8734 */ |
530 | { 34, "GC256A" }, /* RFC9189 */ |
531 | { 35, "GC256B" }, /* RFC9189 */ |
532 | { 36, "GC256C" }, /* RFC9189 */ |
533 | { 37, "GC256D" }, /* RFC9189 */ |
534 | { 38, "GC512A" }, /* RFC9189 */ |
535 | { 39, "GC512B" }, /* RFC9189 */ |
536 | { 40, "GC512C" }, /* RFC9189 */ |
537 | { 41, "curveSM2" }, /* RFC 8998 */ |
538 | { 256, "ffdhe2048" }, /* RFC 7919 */ |
539 | { 257, "ffdhe3072" }, /* RFC 7919 */ |
540 | { 258, "ffdhe4096" }, /* RFC 7919 */ |
541 | { 259, "ffdhe6144" }, /* RFC 7919 */ |
542 | { 260, "ffdhe8192" }, /* RFC 7919 */ |
543 | /* PQC key exchange algorithms from OQS-OpenSSL, |
544 | see https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/oqs-template/oqs-kem-info.md */ |
545 | { 0x0200, "frodo640aes" }, |
546 | { 0x2F00, "p256_frodo640aes" }, |
547 | { 0x0201, "frodo640shake" }, |
548 | { 0x2F01, "p256_frodo640shake" }, |
549 | { 0x0202, "frodo976aes" }, |
550 | { 0x2F02, "p384_frodo976aes" }, |
551 | { 0x0203, "frodo976shake" }, |
552 | { 0x2F03, "p384_frodo976shake" }, |
553 | { 0x0204, "frodo1344aes" }, |
554 | { 0x2F04, "p521_frodo1344aes" }, |
555 | { 0x0205, "frodo1344shake" }, |
556 | { 0x2F05, "p521_frodo1344shake" }, |
557 | { 0x023A, "kyber512" }, |
558 | { 0x2F3A, "p256_kyber512" }, |
559 | { 0x023C, "kyber768" }, |
560 | { 0x2F3C, "p384_kyber768" }, |
561 | { 0x023D, "kyber1024" }, |
562 | { 0x2F3D, "p521_kyber1024" }, |
563 | { 0x0214, "ntru_hps2048509" }, |
564 | { 0x2F14, "p256_ntru_hps2048509" }, |
565 | { 0x0215, "ntru_hps2048677" }, |
566 | { 0x2F15, "p384_ntru_hps2048677" }, |
567 | { 0x0216, "ntru_hps4096821" }, |
568 | { 0x2F16, "p521_ntru_hps4096821" }, |
569 | { 0x0245, "ntru_hps40961229" }, |
570 | { 0x2F45, "p521_ntru_hps40961229" }, |
571 | { 0x0217, "ntru_hrss701" }, |
572 | { 0x2F17, "p384_ntru_hrss701" }, |
573 | { 0x0246, "ntru_hrss1373" }, |
574 | { 0x2F46, "p521_ntru_hrss1373" }, |
575 | { 0x0218, "lightsaber" }, |
576 | { 0x2F18, "p256_lightsaber" }, |
577 | { 0x0219, "saber" }, |
578 | { 0x2F19, "p384_saber" }, |
579 | { 0x021A, "firesaber" }, |
580 | { 0x2F1A, "p521_firesaber" }, |
581 | { 0x021B, "sidhp434" }, |
582 | { 0x2F1B, "p256_sidhp434" }, |
583 | { 0x021C, "sidhp503" }, |
584 | { 0x2F1C, "p256_sidhp503" }, |
585 | { 0x021D, "sidhp610" }, |
586 | { 0x2F1D, "p384_sidhp610" }, |
587 | { 0x021E, "sidhp751" }, |
588 | { 0x2F1E, "p521_sidhp751" }, |
589 | { 0x021F, "sikep434" }, |
590 | { 0x2F1F, "p256_sikep434" }, |
591 | { 0x0220, "sikep503" }, |
592 | { 0x2F20, "p256_sikep503" }, |
593 | { 0x0221, "sikep610" }, |
594 | { 0x2F21, "p384_sikep610" }, |
595 | { 0x0222, "sikep751" }, |
596 | { 0x2F22, "p521_sikep751" }, |
597 | { 0x0238, "bikel1" }, |
598 | { 0x2F38, "p256_bikel1" }, |
599 | { 0x023B, "bikel3" }, |
600 | { 0x2F3B, "p384_bikel3" }, |
601 | { 0x023E, "kyber90s512" }, |
602 | { 0x2F3E, "p256_kyber90s512" }, |
603 | { 0x023F, "kyber90s768" }, |
604 | { 0x2F3F, "p384_kyber90s768" }, |
605 | { 0x0240, "kyber90s1024" }, |
606 | { 0x2F40, "p521_kyber90s1024" }, |
607 | { 0x022C, "hqc128" }, |
608 | { 0x2F2C, "p256_hqc128" }, |
609 | { 0x022D, "hqc192" }, |
610 | { 0x2F2D, "p384_hqc192" }, |
611 | { 0x022E, "hqc256" }, |
612 | { 0x2F2E, "p521_hqc256" }, |
613 | { 0x022F, "ntrulpr653" }, |
614 | { 0x2F2F, "p256_ntrulpr653" }, |
615 | { 0x0230, "ntrulpr761" }, |
616 | { 0x2F43, "p256_ntrulpr761" }, |
617 | { 0x0231, "ntrulpr857" }, |
618 | { 0x2F31, "p384_ntrulpr857" }, |
619 | { 0x0241, "ntrulpr1277" }, |
620 | { 0x2F41, "p521_ntrulpr1277" }, |
621 | { 0x0232, "sntrup653" }, |
622 | { 0x2F32, "p256_sntrup653" }, |
623 | { 0x0233, "sntrup761" }, |
624 | { 0x2F44, "p256_sntrup761" }, |
625 | { 0x0234, "sntrup857" }, |
626 | { 0x2F34, "p384_sntrup857" }, |
627 | { 0x0242, "sntrup1277" }, |
628 | { 0x2F42, "p521_sntrup1277" }, |
629 | /* Other PQ key exchange algorithms: |
630 | https://blog.cloudflare.com/post-quantum-for-all |
631 | https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.txt */ |
632 | { 0xFE30, "X25519Kyber512Draft00" }, |
633 | { 0xFE31, "X25519Kyber768Draft00 (obsolete value)" }, |
634 | { 0x6399, "X25519Kyber768Draft00" }, |
635 | { 2570, "Reserved (GREASE)" }, /* RFC 8701 */ |
636 | { 6682, "Reserved (GREASE)" }, /* RFC 8701 */ |
637 | { 10794, "Reserved (GREASE)" }, /* RFC 8701 */ |
638 | { 14906, "Reserved (GREASE)" }, /* RFC 8701 */ |
639 | { 19018, "Reserved (GREASE)" }, /* RFC 8701 */ |
640 | { 23130, "Reserved (GREASE)" }, /* RFC 8701 */ |
641 | { 27242, "Reserved (GREASE)" }, /* RFC 8701 */ |
642 | { 31354, "Reserved (GREASE)" }, /* RFC 8701 */ |
643 | { 35466, "Reserved (GREASE)" }, /* RFC 8701 */ |
644 | { 39578, "Reserved (GREASE)" }, /* RFC 8701 */ |
645 | { 43690, "Reserved (GREASE)" }, /* RFC 8701 */ |
646 | { 47802, "Reserved (GREASE)" }, /* RFC 8701 */ |
647 | { 51914, "Reserved (GREASE)" }, /* RFC 8701 */ |
648 | { 56026, "Reserved (GREASE)" }, /* RFC 8701 */ |
649 | { 60138, "Reserved (GREASE)" }, /* RFC 8701 */ |
650 | { 64250, "Reserved (GREASE)" }, /* RFC 8701 */ |
651 | { 0xFF01, "arbitrary_explicit_prime_curves" }, |
652 | { 0xFF02, "arbitrary_explicit_char2_curves" }, |
653 | { 0x00, NULL((void*)0) } |
654 | }; |
655 | |
656 | const value_string ssl_curve_types[] = { |
657 | { 1, "explicit_prime" }, |
658 | { 2, "explicit_char2" }, |
659 | { 3, "named_curve" }, |
660 | { 0x00, NULL((void*)0) } |
661 | }; |
662 | |
663 | const value_string ssl_extension_ec_point_formats[] = { |
664 | { 0, "uncompressed" }, |
665 | { 1, "ansiX962_compressed_prime" }, |
666 | { 2, "ansiX962_compressed_char2" }, |
667 | { 0x00, NULL((void*)0) } |
668 | }; |
669 | |
670 | const value_string ssl_20_certificate_type[] = { |
671 | { 0x00, "N/A" }, |
672 | { 0x01, "X.509 Certificate" }, |
673 | { 0x00, NULL((void*)0) } |
674 | }; |
675 | |
676 | const value_string ssl_31_content_type[] = { |
677 | { 20, "Change Cipher Spec" }, |
678 | { 21, "Alert" }, |
679 | { 22, "Handshake" }, |
680 | { 23, "Application Data" }, |
681 | { 24, "Heartbeat" }, |
682 | { 25, "Connection ID" }, |
683 | { 0x00, NULL((void*)0) } |
684 | }; |
685 | |
686 | #if 0 |
687 | /* XXX - would be used if we dissected the body of a Change Cipher Spec |
688 | message. */ |
689 | const value_string ssl_31_change_cipher_spec[] = { |
690 | { 1, "Change Cipher Spec" }, |
691 | { 0x00, NULL((void*)0) } |
692 | }; |
693 | #endif |
694 | |
695 | const value_string ssl_31_alert_level[] = { |
696 | { 1, "Warning" }, |
697 | { 2, "Fatal" }, |
698 | { 0x00, NULL((void*)0) } |
699 | }; |
700 | |
701 | const value_string ssl_31_alert_description[] = { |
702 | { 0, "Close Notify" }, |
703 | { 1, "End of Early Data" }, |
704 | { 10, "Unexpected Message" }, |
705 | { 20, "Bad Record MAC" }, |
706 | { 21, "Decryption Failed" }, |
707 | { 22, "Record Overflow" }, |
708 | { 30, "Decompression Failure" }, |
709 | { 40, "Handshake Failure" }, |
710 | { 41, "No Certificate" }, |
711 | { 42, "Bad Certificate" }, |
712 | { 43, "Unsupported Certificate" }, |
713 | { 44, "Certificate Revoked" }, |
714 | { 45, "Certificate Expired" }, |
715 | { 46, "Certificate Unknown" }, |
716 | { 47, "Illegal Parameter" }, |
717 | { 48, "Unknown CA" }, |
718 | { 49, "Access Denied" }, |
719 | { 50, "Decode Error" }, |
720 | { 51, "Decrypt Error" }, |
721 | { 60, "Export Restriction" }, |
722 | { 70, "Protocol Version" }, |
723 | { 71, "Insufficient Security" }, |
724 | { 80, "Internal Error" }, |
725 | { 86, "Inappropriate Fallback" }, |
726 | { 90, "User Canceled" }, |
727 | { 100, "No Renegotiation" }, |
728 | { 109, "Missing Extension" }, |
729 | { 110, "Unsupported Extension" }, |
730 | { 111, "Certificate Unobtainable" }, |
731 | { 112, "Unrecognized Name" }, |
732 | { 113, "Bad Certificate Status Response" }, |
733 | { 114, "Bad Certificate Hash Value" }, |
734 | { 115, "Unknown PSK Identity" }, |
735 | { 116, "Certificate Required" }, |
736 | { 120, "No application Protocol" }, |
737 | { 121, "ECH Required" }, |
738 | { 0x00, NULL((void*)0) } |
739 | }; |
740 | |
741 | const value_string ssl_31_handshake_type[] = { |
742 | { SSL_HND_HELLO_REQUEST, "Hello Request" }, |
743 | { SSL_HND_CLIENT_HELLO, "Client Hello" }, |
744 | { SSL_HND_SERVER_HELLO, "Server Hello" }, |
745 | { SSL_HND_HELLO_VERIFY_REQUEST, "Hello Verify Request"}, |
746 | { SSL_HND_NEWSESSION_TICKET, "New Session Ticket" }, |
747 | { SSL_HND_END_OF_EARLY_DATA, "End of Early Data" }, |
748 | { SSL_HND_HELLO_RETRY_REQUEST, "Hello Retry Request" }, |
749 | { SSL_HND_ENCRYPTED_EXTENSIONS, "Encrypted Extensions" }, |
750 | { SSL_HND_CERTIFICATE, "Certificate" }, |
751 | { SSL_HND_SERVER_KEY_EXCHG, "Server Key Exchange" }, |
752 | { SSL_HND_CERT_REQUEST, "Certificate Request" }, |
753 | { SSL_HND_SVR_HELLO_DONE, "Server Hello Done" }, |
754 | { SSL_HND_CERT_VERIFY, "Certificate Verify" }, |
755 | { SSL_HND_CLIENT_KEY_EXCHG, "Client Key Exchange" }, |
756 | { SSL_HND_FINISHED, "Finished" }, |
757 | { SSL_HND_CERT_URL, "Client Certificate URL" }, |
758 | { SSL_HND_CERT_STATUS, "Certificate Status" }, |
759 | { SSL_HND_SUPPLEMENTAL_DATA, "Supplemental Data" }, |
760 | { SSL_HND_KEY_UPDATE, "Key Update" }, |
761 | { SSL_HND_COMPRESSED_CERTIFICATE, "Compressed Certificate" }, |
762 | { SSL_HND_ENCRYPTED_EXTS, "Encrypted Extensions" }, |
763 | { 0x00, NULL((void*)0) } |
764 | }; |
765 | |
766 | const value_string tls_heartbeat_type[] = { |
767 | { 1, "Request" }, |
768 | { 2, "Response" }, |
769 | { 0x00, NULL((void*)0) } |
770 | }; |
771 | |
772 | const value_string tls_heartbeat_mode[] = { |
773 | { 1, "Peer allowed to send requests" }, |
774 | { 2, "Peer not allowed to send requests" }, |
775 | { 0x00, NULL((void*)0) } |
776 | }; |
777 | |
778 | const value_string ssl_31_compression_method[] = { |
779 | { 0, "null" }, |
780 | { 1, "DEFLATE" }, |
781 | { 64, "LZS" }, |
782 | { 0x00, NULL((void*)0) } |
783 | }; |
784 | |
785 | #if 0 |
786 | /* XXX - would be used if we dissected a Signature, as would be |
787 | seen in a server key exchange or certificate verify message. */ |
788 | const value_string ssl_31_key_exchange_algorithm[] = { |
789 | { 0, "RSA" }, |
790 | { 1, "Diffie Hellman" }, |
791 | { 0x00, NULL((void*)0) } |
792 | }; |
793 | |
794 | const value_string ssl_31_signature_algorithm[] = { |
795 | { 0, "Anonymous" }, |
796 | { 1, "RSA" }, |
797 | { 2, "DSA" }, |
798 | { 0x00, NULL((void*)0) } |
799 | }; |
800 | #endif |
801 | |
802 | const value_string ssl_31_client_certificate_type[] = { |
803 | { 1, "RSA Sign" }, |
804 | { 2, "DSS Sign" }, |
805 | { 3, "RSA Fixed DH" }, |
806 | { 4, "DSS Fixed DH" }, |
807 | /* GOST certificate types */ |
808 | /* Section 3.5 of draft-chudov-cryptopro-cptls-04 */ |
809 | { 21, "GOST R 34.10-94" }, |
810 | { 22, "GOST R 34.10-2001" }, |
811 | /* END GOST certificate types */ |
812 | { 64, "ECDSA Sign" }, |
813 | { 65, "RSA Fixed ECDH" }, |
814 | { 66, "ECDSA Fixed ECDH" }, |
815 | { 80, "IBC Params" }, |
816 | { 0x00, NULL((void*)0) } |
817 | }; |
818 | |
819 | #if 0 |
820 | /* XXX - would be used if we dissected exchange keys, as would be |
821 | seen in a client key exchange message. */ |
822 | const value_string ssl_31_public_value_encoding[] = { |
823 | { 0, "Implicit" }, |
824 | { 1, "Explicit" }, |
825 | { 0x00, NULL((void*)0) } |
826 | }; |
827 | #endif |
828 | |
829 | /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ |
830 | /* Note: sorted by ascending value so value_string_ext fcns can do a binary search */ |
831 | static const value_string ssl_31_ciphersuite[] = { |
832 | /* RFC 2246, RFC 4346, RFC 5246 */ |
833 | { 0x0000, "TLS_NULL_WITH_NULL_NULL" }, |
834 | { 0x0001, "TLS_RSA_WITH_NULL_MD5" }, |
835 | { 0x0002, "TLS_RSA_WITH_NULL_SHA" }, |
836 | { 0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5" }, |
837 | { 0x0004, "TLS_RSA_WITH_RC4_128_MD5" }, |
838 | { 0x0005, "TLS_RSA_WITH_RC4_128_SHA" }, |
839 | { 0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5" }, |
840 | { 0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA" }, |
841 | { 0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA" }, |
842 | { 0x0009, "TLS_RSA_WITH_DES_CBC_SHA" }, |
843 | { 0x000a, "TLS_RSA_WITH_3DES_EDE_CBC_SHA" }, |
844 | { 0x000b, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA" }, |
845 | { 0x000c, "TLS_DH_DSS_WITH_DES_CBC_SHA" }, |
846 | { 0x000d, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA" }, |
847 | { 0x000e, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA" }, |
848 | { 0x000f, "TLS_DH_RSA_WITH_DES_CBC_SHA" }, |
849 | { 0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA" }, |
850 | { 0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }, |
851 | { 0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA" }, |
852 | { 0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" }, |
853 | { 0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA" }, |
854 | { 0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA" }, |
855 | { 0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" }, |
856 | { 0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5" }, |
857 | { 0x0018, "TLS_DH_anon_WITH_RC4_128_MD5" }, |
858 | { 0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA" }, |
859 | { 0x001a, "TLS_DH_anon_WITH_DES_CBC_SHA" }, |
860 | { 0x001b, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" }, |
861 | |
862 | { 0x001c, "SSL_FORTEZZA_KEA_WITH_NULL_SHA" }, |
863 | { 0x001d, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA" }, |
864 | #if 0 /* Because it clashes with KRB5, is never used any more, and is safe |
865 | to remove according to David Hopwood <[emailprotected]> |
866 | of the ietf-tls list */ |
867 | { 0x001e, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA" }, |
868 | #endif |
869 | /* RFC 2712 */ |
870 | { 0x001E, "TLS_KRB5_WITH_DES_CBC_SHA" }, |
871 | { 0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA" }, |
872 | { 0x0020, "TLS_KRB5_WITH_RC4_128_SHA" }, |
873 | { 0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA" }, |
874 | { 0x0022, "TLS_KRB5_WITH_DES_CBC_MD5" }, |
875 | { 0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5" }, |
876 | { 0x0024, "TLS_KRB5_WITH_RC4_128_MD5" }, |
877 | { 0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5" }, |
878 | { 0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA" }, |
879 | { 0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA" }, |
880 | { 0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA" }, |
881 | { 0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5" }, |
882 | { 0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5" }, |
883 | { 0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5" }, |
884 | /* RFC 4785 */ |
885 | { 0x002C, "TLS_PSK_WITH_NULL_SHA" }, |
886 | { 0x002D, "TLS_DHE_PSK_WITH_NULL_SHA" }, |
887 | { 0x002E, "TLS_RSA_PSK_WITH_NULL_SHA" }, |
888 | /* RFC 5246 */ |
889 | { 0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA" }, |
890 | { 0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA" }, |
891 | { 0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA" }, |
892 | { 0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA" }, |
893 | { 0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, |
894 | { 0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA" }, |
895 | { 0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA" }, |
896 | { 0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA" }, |
897 | { 0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA" }, |
898 | { 0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }, |
899 | { 0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" }, |
900 | { 0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA" }, |
901 | { 0x003B, "TLS_RSA_WITH_NULL_SHA256" }, |
902 | { 0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256" }, |
903 | { 0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256" }, |
904 | { 0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256" }, |
905 | { 0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256" }, |
906 | { 0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" }, |
907 | /* RFC 4132 */ |
908 | { 0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA" }, |
909 | { 0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA" }, |
910 | { 0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA" }, |
911 | { 0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA" }, |
912 | { 0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA" }, |
913 | { 0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA" }, |
914 | /* 0x00,0x60-66 Reserved to avoid conflicts with widely deployed implementations */ |
915 | /* --- ??? --- */ |
916 | { 0x0060, "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5" }, |
917 | { 0x0061, "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5" }, |
918 | /* draft-ietf-tls-56-bit-ciphersuites-01.txt */ |
919 | { 0x0062, "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA" }, |
920 | { 0x0063, "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA" }, |
921 | { 0x0064, "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA" }, |
922 | { 0x0065, "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA" }, |
923 | { 0x0066, "TLS_DHE_DSS_WITH_RC4_128_SHA" }, |
924 | /* --- ??? ---*/ |
925 | { 0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" }, |
926 | { 0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256" }, |
927 | { 0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256" }, |
928 | { 0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256" }, |
929 | { 0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" }, |
930 | { 0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256" }, |
931 | { 0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256" }, |
932 | /* draft-chudov-cryptopro-cptls-04.txt */ |
933 | { 0x0080, "TLS_GOSTR341094_WITH_28147_CNT_IMIT" }, |
934 | { 0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT" }, |
935 | { 0x0082, "TLS_GOSTR341094_WITH_NULL_GOSTR3411" }, |
936 | { 0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411" }, |
937 | /* RFC 4132 */ |
938 | { 0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA" }, |
939 | { 0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA" }, |
940 | { 0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA" }, |
941 | { 0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA" }, |
942 | { 0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA" }, |
943 | { 0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA" }, |
944 | /* RFC 4279 */ |
945 | { 0x008A, "TLS_PSK_WITH_RC4_128_SHA" }, |
946 | { 0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA" }, |
947 | { 0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA" }, |
948 | { 0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA" }, |
949 | { 0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA" }, |
950 | { 0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA" }, |
951 | { 0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA" }, |
952 | { 0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA" }, |
953 | { 0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA" }, |
954 | { 0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA" }, |
955 | { 0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA" }, |
956 | { 0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA" }, |
957 | /* RFC 4162 */ |
958 | { 0x0096, "TLS_RSA_WITH_SEED_CBC_SHA" }, |
959 | { 0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA" }, |
960 | { 0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA" }, |
961 | { 0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA" }, |
962 | { 0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA" }, |
963 | { 0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA" }, |
964 | /* RFC 5288 */ |
965 | { 0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256" }, |
966 | { 0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384" }, |
967 | { 0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" }, |
968 | { 0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" }, |
969 | { 0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256" }, |
970 | { 0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384" }, |
971 | { 0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256" }, |
972 | { 0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" }, |
973 | { 0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256" }, |
974 | { 0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384" }, |
975 | { 0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256" }, |
976 | { 0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384" }, |
977 | /* RFC 5487 */ |
978 | { 0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256" }, |
979 | { 0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384" }, |
980 | { 0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256" }, |
981 | { 0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384" }, |
982 | { 0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256" }, |
983 | { 0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384" }, |
984 | { 0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256" }, |
985 | { 0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384" }, |
986 | { 0x00B0, "TLS_PSK_WITH_NULL_SHA256" }, |
987 | { 0x00B1, "TLS_PSK_WITH_NULL_SHA384" }, |
988 | { 0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256" }, |
989 | { 0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384" }, |
990 | { 0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256" }, |
991 | { 0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384" }, |
992 | { 0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256" }, |
993 | { 0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384" }, |
994 | { 0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256" }, |
995 | { 0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384" }, |
996 | /* From RFC 5932 */ |
997 | { 0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, |
998 | { 0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, |
999 | { 0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, |
1000 | { 0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256" }, |
1001 | { 0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, |
1002 | { 0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256" }, |
1003 | { 0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, |
1004 | { 0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, |
1005 | { 0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, |
1006 | { 0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256" }, |
1007 | { 0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256" }, |
1008 | { 0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256" }, |
1009 | /* RFC 8998 */ |
1010 | { 0x00C6, "TLS_SM4_GCM_SM3" }, |
1011 | { 0x00C7, "TLS_SM4_CCM_SM3" }, |
1012 | /* 0x00,0xC8-FE Unassigned */ |
1013 | /* From RFC 5746 */ |
1014 | { 0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" }, |
1015 | /* RFC 8701 */ |
1016 | { 0x0A0A, "Reserved (GREASE)" }, |
1017 | /* RFC 8446 */ |
1018 | { 0x1301, "TLS_AES_128_GCM_SHA256" }, |
1019 | { 0x1302, "TLS_AES_256_GCM_SHA384" }, |
1020 | { 0x1303, "TLS_CHACHA20_POLY1305_SHA256" }, |
1021 | { 0x1304, "TLS_AES_128_CCM_SHA256" }, |
1022 | { 0x1305, "TLS_AES_128_CCM_8_SHA256" }, |
1023 | /* RFC 8701 */ |
1024 | { 0x1A1A, "Reserved (GREASE)" }, |
1025 | { 0x2A2A, "Reserved (GREASE)" }, |
1026 | { 0x3A3A, "Reserved (GREASE)" }, |
1027 | { 0x4A4A, "Reserved (GREASE)" }, |
1028 | /* From RFC 7507 */ |
1029 | { 0x5600, "TLS_FALLBACK_SCSV" }, |
1030 | /* RFC 8701 */ |
1031 | { 0x5A5A, "Reserved (GREASE)" }, |
1032 | { 0x6A6A, "Reserved (GREASE)" }, |
1033 | { 0x7A7A, "Reserved (GREASE)" }, |
1034 | { 0x8A8A, "Reserved (GREASE)" }, |
1035 | { 0x9A9A, "Reserved (GREASE)" }, |
1036 | { 0xAAAA, "Reserved (GREASE)" }, |
1037 | { 0xBABA, "Reserved (GREASE)" }, |
1038 | /* From RFC 4492 */ |
1039 | { 0xc001, "TLS_ECDH_ECDSA_WITH_NULL_SHA" }, |
1040 | { 0xc002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA" }, |
1041 | { 0xc003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA" }, |
1042 | { 0xc004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA" }, |
1043 | { 0xc005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" }, |
1044 | { 0xc006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA" }, |
1045 | { 0xc007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA" }, |
1046 | { 0xc008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA" }, |
1047 | { 0xc009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" }, |
1048 | { 0xc00a, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" }, |
1049 | { 0xc00b, "TLS_ECDH_RSA_WITH_NULL_SHA" }, |
1050 | { 0xc00c, "TLS_ECDH_RSA_WITH_RC4_128_SHA" }, |
1051 | { 0xc00d, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" }, |
1052 | { 0xc00e, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA" }, |
1053 | { 0xc00f, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA" }, |
1054 | { 0xc010, "TLS_ECDHE_RSA_WITH_NULL_SHA" }, |
1055 | { 0xc011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA" }, |
1056 | { 0xc012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" }, |
1057 | { 0xc013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" }, |
1058 | { 0xc014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" }, |
1059 | { 0xc015, "TLS_ECDH_anon_WITH_NULL_SHA" }, |
1060 | { 0xc016, "TLS_ECDH_anon_WITH_RC4_128_SHA" }, |
1061 | { 0xc017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" }, |
1062 | { 0xc018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA" }, |
1063 | { 0xc019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" }, |
1064 | /* RFC 5054 */ |
1065 | { 0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA" }, |
1066 | { 0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA" }, |
1067 | { 0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA" }, |
1068 | { 0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA" }, |
1069 | { 0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA" }, |
1070 | { 0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA" }, |
1071 | { 0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA" }, |
1072 | { 0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA" }, |
1073 | { 0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA" }, |
1074 | /* RFC 5589 */ |
1075 | { 0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" }, |
1076 | { 0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" }, |
1077 | { 0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256" }, |
1078 | { 0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384" }, |
1079 | { 0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, |
1080 | { 0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" }, |
1081 | { 0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256" }, |
1082 | { 0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384" }, |
1083 | { 0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" }, |
1084 | { 0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" }, |
1085 | { 0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256" }, |
1086 | { 0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384" }, |
1087 | { 0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" }, |
1088 | { 0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" }, |
1089 | { 0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256" }, |
1090 | { 0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384" }, |
1091 | /* RFC 5489 */ |
1092 | { 0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA" }, |
1093 | { 0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA" }, |
1094 | { 0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA" }, |
1095 | { 0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA" }, |
1096 | { 0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256" }, |
1097 | { 0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384" }, |
1098 | { 0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA" }, |
1099 | { 0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256" }, |
1100 | { 0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384" }, |
1101 | /* RFC 6209 */ |
1102 | { 0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256" }, |
1103 | { 0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384" }, |
1104 | { 0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256" }, |
1105 | { 0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384" }, |
1106 | { 0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256" }, |
1107 | { 0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384" }, |
1108 | { 0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256" }, |
1109 | { 0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384" }, |
1110 | { 0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256" }, |
1111 | { 0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384" }, |
1112 | { 0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256" }, |
1113 | { 0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384" }, |
1114 | { 0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256" }, |
1115 | { 0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384" }, |
1116 | { 0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256" }, |
1117 | { 0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384" }, |
1118 | { 0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256" }, |
1119 | { 0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384" }, |
1120 | { 0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256" }, |
1121 | { 0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384" }, |
1122 | { 0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256" }, |
1123 | { 0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384" }, |
1124 | { 0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256" }, |
1125 | { 0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384" }, |
1126 | { 0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256" }, |
1127 | { 0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384" }, |
1128 | { 0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256" }, |
1129 | { 0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384" }, |
1130 | { 0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256" }, |
1131 | { 0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384" }, |
1132 | { 0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256" }, |
1133 | { 0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384" }, |
1134 | { 0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256" }, |
1135 | { 0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384" }, |
1136 | { 0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256" }, |
1137 | { 0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384" }, |
1138 | { 0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256" }, |
1139 | { 0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384" }, |
1140 | { 0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256" }, |
1141 | { 0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384" }, |
1142 | { 0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256" }, |
1143 | { 0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384" }, |
1144 | { 0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256" }, |
1145 | { 0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384" }, |
1146 | { 0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256" }, |
1147 | { 0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384" }, |
1148 | { 0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256" }, |
1149 | { 0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384" }, |
1150 | { 0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256" }, |
1151 | { 0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384" }, |
1152 | { 0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256" }, |
1153 | { 0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384" }, |
1154 | { 0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256" }, |
1155 | { 0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384" }, |
1156 | /* RFC 6367 */ |
1157 | { 0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, |
1158 | { 0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, |
1159 | { 0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256" }, |
1160 | { 0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384" }, |
1161 | { 0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, |
1162 | { 0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, |
1163 | { 0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256" }, |
1164 | { 0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384" }, |
1165 | { 0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, |
1166 | { 0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, |
1167 | { 0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, |
1168 | { 0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, |
1169 | { 0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, |
1170 | { 0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, |
1171 | { 0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, |
1172 | { 0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, |
1173 | { 0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256" }, |
1174 | { 0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384" }, |
1175 | { 0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256" }, |
1176 | { 0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384" }, |
1177 | { 0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, |
1178 | { 0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, |
1179 | { 0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256" }, |
1180 | { 0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384" }, |
1181 | { 0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, |
1182 | { 0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, |
1183 | { 0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256" }, |
1184 | { 0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384" }, |
1185 | { 0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, |
1186 | { 0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, |
1187 | { 0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, |
1188 | { 0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, |
1189 | { 0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256" }, |
1190 | { 0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384" }, |
1191 | { 0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, |
1192 | { 0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, |
1193 | { 0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, |
1194 | { 0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, |
1195 | { 0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, |
1196 | { 0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, |
1197 | { 0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256" }, |
1198 | { 0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384" }, |
1199 | /* RFC 6655 */ |
1200 | { 0xC09C, "TLS_RSA_WITH_AES_128_CCM" }, |
1201 | { 0xC09D, "TLS_RSA_WITH_AES_256_CCM" }, |
1202 | { 0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM" }, |
1203 | { 0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM" }, |
1204 | { 0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8" }, |
1205 | { 0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8" }, |
1206 | { 0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8" }, |
1207 | { 0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8" }, |
1208 | { 0xC0A4, "TLS_PSK_WITH_AES_128_CCM" }, |
1209 | { 0xC0A5, "TLS_PSK_WITH_AES_256_CCM" }, |
1210 | { 0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM" }, |
1211 | { 0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM" }, |
1212 | { 0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8" }, |
1213 | { 0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8" }, |
1214 | { 0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8" }, |
1215 | { 0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8" }, |
1216 | /* RFC 7251 */ |
1217 | { 0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" }, |
1218 | { 0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" }, |
1219 | { 0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" }, |
1220 | { 0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" }, |
1221 | /* RFC 8492 */ |
1222 | { 0xC0B0, "TLS_ECCPWD_WITH_AES_128_GCM_SHA256" }, |
1223 | { 0xC0B1, "TLS_ECCPWD_WITH_AES_256_GCM_SHA384" }, |
1224 | { 0xC0B2, "TLS_ECCPWD_WITH_AES_128_CCM_SHA256" }, |
1225 | { 0xC0B3, "TLS_ECCPWD_WITH_AES_256_CCM_SHA384" }, |
1226 | /* draft-camwinget-tls-ts13-macciphersuites */ |
1227 | { 0xC0B4, "TLS_SHA256_SHA256" }, |
1228 | { 0xC0B5, "TLS_SHA384_SHA384" }, |
1229 | /* https://www.ietf.org/archive/id/draft-cragie-tls-ecjpake-01.txt */ |
1230 | { 0xC0FF, "TLS_ECJPAKE_WITH_AES_128_CCM_8" }, |
1231 | /* draft-smyshlyaev-tls12-gost-suites */ |
1232 | { 0xC100, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC" }, |
1233 | { 0xC101, "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC" }, |
1234 | { 0xC102, "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT" }, |
1235 | /* draft-smyshlyaev-tls13-gost-suites */ |
1236 | { 0xC103, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L" }, |
1237 | { 0xC104, "TLS_GOSTR341112_256_WITH_MAGMA_MGM_L" }, |
1238 | { 0xC105, "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S" }, |
1239 | { 0xC106, "TLS_GOSTR341112_256_WITH_MAGMA_MGM_S" }, |
1240 | /* RFC 8701 */ |
1241 | { 0xCACA, "Reserved (GREASE)" }, |
1242 | /* |
1243 | 0xC0,0xAB-FF Unassigned |
1244 | 0xC1,0x03-FD,* Unassigned |
1245 | 0xFE,0x00-FD Unassigned |
1246 | 0xFE,0xFE-FF Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen] |
1247 | 0xFF,0x00-FF Reserved for Private Use [RFC5246] |
1248 | */ |
1249 | /* old numbers used in the beginning |
1250 | * https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305 */ |
1251 | { 0xCC13, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, |
1252 | { 0xCC14, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, |
1253 | { 0xCC15, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, |
1254 | /* RFC 7905 */ |
1255 | { 0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, |
1256 | { 0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" }, |
1257 | { 0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" }, |
1258 | { 0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" }, |
1259 | { 0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, |
1260 | { 0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" }, |
1261 | { 0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256" }, |
1262 | /* RFC 8442 */ |
1263 | { 0xD001, "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256" }, |
1264 | { 0xD002, "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384" }, |
1265 | { 0xD003, "TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256" }, |
1266 | { 0xD005, "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256" }, |
1267 | /* RFC 8701 */ |
1268 | { 0xDADA, "Reserved (GREASE)" }, |
1269 | /* GM/T 0024-2014 */ |
1270 | { 0xe001, "ECDHE_SM1_SM3"}, |
1271 | { 0xe003, "ECC_SM1_SM3"}, |
1272 | { 0xe005, "IBSDH_SM1_SM3"}, |
1273 | { 0xe007, "IBC_SM1_SM3"}, |
1274 | { 0xe009, "RSA_SM1_SM3"}, |
1275 | { 0xe00a, "RSA_SM1_SHA1"}, |
1276 | { 0xe011, "ECDHE_SM4_CBC_SM3"}, |
1277 | { 0xe013, "ECC_SM4_CBC_SM3"}, |
1278 | { 0xe015, "IBSDH_SM4_CBC_SM3"}, |
1279 | { 0xe017, "IBC_SM4_CBC_SM3"}, |
1280 | { 0xe019, "RSA_SM4_CBC_SM3"}, |
1281 | { 0xe01a, "RSA_SM4_CBC_SHA1"}, |
1282 | { 0xe01c, "RSA_SM4_CBC_SHA256"}, |
1283 | { 0xe051, "ECDHE_SM4_GCM_SM3"}, |
1284 | { 0xe053, "ECC_SM4_GCM_SM3"}, |
1285 | { 0xe055, "IBSDH_SM4_GCM_SM3"}, |
1286 | { 0xe057, "IBC_SM4_GCM_SM3"}, |
1287 | { 0xe059, "RSA_SM4_GCM_SM3"}, |
1288 | { 0xe05a, "RSA_SM4_GCM_SHA256"}, |
1289 | /* https://tools.ietf.org/html/draft-josefsson-salsa20-tls */ |
1290 | { 0xE410, "TLS_RSA_WITH_ESTREAM_SALSA20_SHA1" }, |
1291 | { 0xE411, "TLS_RSA_WITH_SALSA20_SHA1" }, |
1292 | { 0xE412, "TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, |
1293 | { 0xE413, "TLS_ECDHE_RSA_WITH_SALSA20_SHA1" }, |
1294 | { 0xE414, "TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1" }, |
1295 | { 0xE415, "TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1" }, |
1296 | { 0xE416, "TLS_PSK_WITH_ESTREAM_SALSA20_SHA1" }, |
1297 | { 0xE417, "TLS_PSK_WITH_SALSA20_SHA1" }, |
1298 | { 0xE418, "TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, |
1299 | { 0xE419, "TLS_ECDHE_PSK_WITH_SALSA20_SHA1" }, |
1300 | { 0xE41A, "TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1" }, |
1301 | { 0xE41B, "TLS_RSA_PSK_WITH_SALSA20_SHA1" }, |
1302 | { 0xE41C, "TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1" }, |
1303 | { 0xE41D, "TLS_DHE_PSK_WITH_SALSA20_SHA1" }, |
1304 | { 0xE41E, "TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1" }, |
1305 | { 0xE41F, "TLS_DHE_RSA_WITH_SALSA20_SHA1" }, |
1306 | /* RFC 8701 */ |
1307 | { 0xEAEA, "Reserved (GREASE)" }, |
1308 | { 0xFAFA, "Reserved (GREASE)" }, |
1309 | /* these from http://www.mozilla.org/projects/ |
1310 | security/pki/nss/ssl/fips-ssl-ciphersuites.html */ |
1311 | { 0xfefe, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, |
1312 | { 0xfeff, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, |
1313 | { 0xffe0, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA" }, |
1314 | { 0xffe1, "SSL_RSA_FIPS_WITH_DES_CBC_SHA" }, |
1315 | /* note that ciphersuites 0xff00 - 0xffff are private */ |
1316 | { 0x00, NULL((void*)0) } |
1317 | }; |
1318 | |
1319 | value_string_ext ssl_31_ciphersuite_ext = VALUE_STRING_EXT_INIT(ssl_31_ciphersuite){ _try_val_to_str_ext_init, 0, (sizeof (ssl_31_ciphersuite) / sizeof ((ssl_31_ciphersuite)[0]))-1, ssl_31_ciphersuite, "ssl_31_ciphersuite" }; |
1320 | |
1321 | /* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1 */ |
1322 | const value_string tls_hello_extension_types[] = { |
1323 | { SSL_HND_HELLO_EXT_SERVER_NAME0, "server_name" }, /* RFC 6066 */ |
1324 | { SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH1, "max_fragment_length" },/* RFC 6066 */ |
1325 | { SSL_HND_HELLO_EXT_CLIENT_CERTIFICATE_URL2, "client_certificate_url" }, /* RFC 6066 */ |
1326 | { SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS3, "trusted_ca_keys" }, /* RFC 6066 */ |
1327 | { SSL_HND_HELLO_EXT_TRUNCATED_HMAC4, "truncated_hmac" }, /* RFC 6066 */ |
1328 | { SSL_HND_HELLO_EXT_STATUS_REQUEST5, "status_request" }, /* RFC 6066 */ |
1329 | { SSL_HND_HELLO_EXT_USER_MAPPING6, "user_mapping" }, /* RFC 4681 */ |
1330 | { SSL_HND_HELLO_EXT_CLIENT_AUTHZ7, "client_authz" }, /* RFC 5878 */ |
1331 | { SSL_HND_HELLO_EXT_SERVER_AUTHZ8, "server_authz" }, /* RFC 5878 */ |
1332 | { SSL_HND_HELLO_EXT_CERT_TYPE9, "cert_type" }, /* RFC 6091 */ |
1333 | { SSL_HND_HELLO_EXT_SUPPORTED_GROUPS10, "supported_groups" }, /* RFC 4492, RFC 7919 */ |
1334 | { SSL_HND_HELLO_EXT_EC_POINT_FORMATS11, "ec_point_formats" }, /* RFC 4492 */ |
1335 | { SSL_HND_HELLO_EXT_SRP12, "srp" }, /* RFC 5054 */ |
1336 | { SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS13, "signature_algorithms" }, /* RFC 5246 */ |
1337 | { SSL_HND_HELLO_EXT_USE_SRTP14, "use_srtp" }, /* RFC 5764 */ |
1338 | { SSL_HND_HELLO_EXT_HEARTBEAT15, "heartbeat" }, /* RFC 6520 */ |
1339 | { SSL_HND_HELLO_EXT_ALPN16, "application_layer_protocol_negotiation" }, /* RFC 7301 */ |
1340 | { SSL_HND_HELLO_EXT_STATUS_REQUEST_V217, "status_request_v2" }, /* RFC 6961 */ |
1341 | { SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP18, "signed_certificate_timestamp" }, /* RFC 6962 */ |
1342 | { SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19, "client_certificate_type" }, /* RFC 7250 */ |
1343 | { SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20, "server_certificate_type" }, /* RFC 7250 */ |
1344 | { SSL_HND_HELLO_EXT_PADDING21, "padding" }, /* RFC 7685 */ |
1345 | { SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC22, "encrypt_then_mac" }, /* RFC 7366 */ |
1346 | { SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET23, "extended_master_secret" }, /* RFC 7627 */ |
1347 | { SSL_HND_HELLO_EXT_TOKEN_BINDING24, "token_binding" }, /* https://tools.ietf.org/html/draft-ietf-tokbind-negotiation */ |
1348 | { SSL_HND_HELLO_EXT_CACHED_INFO25, "cached_info" }, /* RFC 7924 */ |
1349 | { SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE27, "compress_certificate" }, /* https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03 */ |
1350 | { SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT28, "record_size_limit" }, /* RFC 8449 */ |
1351 | { SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS34, "delegated_credentials" }, /* draft-ietf-tls-subcerts-10.txt */ |
1352 | { SSL_HND_HELLO_EXT_SESSION_TICKET_TLS35, "session_ticket" }, /* RFC 5077 / RFC 8447 */ |
1353 | { SSL_HND_HELLO_EXT_KEY_SHARE_OLD40, "Reserved (key_share)" }, /* https://tools.ietf.org/html/draft-ietf-tls-tls13-22 (removed in -23) */ |
1354 | { SSL_HND_HELLO_EXT_PRE_SHARED_KEY41, "pre_shared_key" }, /* RFC 8446 */ |
1355 | { SSL_HND_HELLO_EXT_EARLY_DATA42, "early_data" }, /* RFC 8446 */ |
1356 | { SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43, "supported_versions" }, /* RFC 8446 */ |
1357 | { SSL_HND_HELLO_EXT_COOKIE44, "cookie" }, /* RFC 8446 */ |
1358 | { SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES45, "psk_key_exchange_modes" }, /* RFC 8446 */ |
1359 | { SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO46, "Reserved (ticket_early_data_info)" }, /* draft-ietf-tls-tls13-18 (removed in -19) */ |
1360 | { SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES47, "certificate_authorities" }, /* RFC 8446 */ |
1361 | { SSL_HND_HELLO_EXT_OID_FILTERS48, "oid_filters" }, /* RFC 8446 */ |
1362 | { SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH49, "post_handshake_auth" }, /* RFC 8446 */ |
1363 | { SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT50, "signature_algorithms_cert" }, /* RFC 8446 */ |
1364 | { SSL_HND_HELLO_EXT_KEY_SHARE51, "key_share" }, /* RFC 8446 */ |
1365 | { SSL_HND_HELLO_EXT_TRANSPARENCY_INFO52, "transparency_info" }, /* draft-ietf-trans-rfc6962-bis-41 */ |
1366 | { SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED53, "connection_id (deprecated)" }, /* draft-ietf-tls-dtls-connection-id-07 */ |
1367 | { SSL_HND_HELLO_EXT_CONNECTION_ID54, "connection_id" }, /* RFC 9146 */ |
1368 | { SSL_HND_HELLO_EXT_EXTERNAL_ID_HASH55, "external_id_hash" }, /* RFC 8844 */ |
1369 | { SSL_HND_HELLO_EXT_EXTERNAL_SESSION_ID56, "external_session_id" }, /* RFC 8844 */ |
1370 | { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V157, "quic_transport_parameters" }, /* draft-ietf-quic-tls-33 */ |
1371 | { SSL_HND_HELLO_EXT_TICKET_REQUEST58, "ticket_request" }, /* draft-ietf-tls-ticketrequests-07 */ |
1372 | { SSL_HND_HELLO_EXT_DNSSEC_CHAIN59, "dnssec_chain" }, /* RFC 9102 */ |
1373 | { SSL_HND_HELLO_EXT_GREASE_0A0A2570, "Reserved (GREASE)" }, /* RFC 8701 */ |
1374 | { SSL_HND_HELLO_EXT_GREASE_1A1A6682, "Reserved (GREASE)" }, /* RFC 8701 */ |
1375 | { SSL_HND_HELLO_EXT_GREASE_2A2A10794, "Reserved (GREASE)" }, /* RFC 8701 */ |
1376 | { SSL_HND_HELLO_EXT_NPN13172, "next_protocol_negotiation"}, /* https://tools.ietf.org/id/draft-agl-tls-nextprotoneg-03.html */ |
1377 | { SSL_HND_HELLO_EXT_GREASE_3A3A14906, "Reserved (GREASE)" }, /* RFC 8701 */ |
1378 | { SSL_HND_HELLO_EXT_ALPS17513, "application_settings" }, /* draft-vvv-tls-alps-01 */ |
1379 | { SSL_HND_HELLO_EXT_GREASE_4A4A19018, "Reserved (GREASE)" }, /* RFC 8701 */ |
1380 | { SSL_HND_HELLO_EXT_GREASE_5A5A23130, "Reserved (GREASE)" }, /* RFC 8701 */ |
1381 | { SSL_HND_HELLO_EXT_GREASE_6A6A27242, "Reserved (GREASE)" }, /* RFC 8701 */ |
1382 | { SSL_HND_HELLO_EXT_CHANNEL_ID_OLD30031, "channel_id_old" }, /* https://tools.ietf.org/html/draft-balfanz-tls-channelid-00 |
1383 | https://twitter.com/ericlaw/status/274237352531083264 */ |
1384 | { SSL_HND_HELLO_EXT_CHANNEL_ID30032, "channel_id" }, /* https://tools.ietf.org/html/draft-balfanz-tls-channelid-01 |
1385 | https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/sslt.h&l=209 */ |
1386 | { SSL_HND_HELLO_EXT_RENEGOTIATION_INFO65281, "renegotiation_info" }, /* RFC 5746 */ |
1387 | { SSL_HND_HELLO_EXT_GREASE_7A7A31354, "Reserved (GREASE)" }, /* RFC 8701 */ |
1388 | { SSL_HND_HELLO_EXT_GREASE_8A8A35466, "Reserved (GREASE)" }, /* RFC 8701 */ |
1389 | { SSL_HND_HELLO_EXT_GREASE_9A9A39578, "Reserved (GREASE)" }, /* RFC 8701 */ |
1390 | { SSL_HND_HELLO_EXT_GREASE_AAAA43690, "Reserved (GREASE)" }, /* RFC 8701 */ |
1391 | { SSL_HND_HELLO_EXT_GREASE_BABA47802, "Reserved (GREASE)" }, /* RFC 8701 */ |
1392 | { SSL_HND_HELLO_EXT_GREASE_CACA51914, "Reserved (GREASE)" }, /* RFC 8701 */ |
1393 | { SSL_HND_HELLO_EXT_GREASE_DADA56026, "Reserved (GREASE)" }, /* RFC 8701 */ |
1394 | { SSL_HND_HELLO_EXT_GREASE_EAEA60138, "Reserved (GREASE)" }, /* RFC 8701 */ |
1395 | { SSL_HND_HELLO_EXT_GREASE_FAFA64250, "Reserved (GREASE)" }, /* RFC 8701 */ |
1396 | { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS65445, "quic_transport_parameters (drafts version)" }, /* https://tools.ietf.org/html/draft-ietf-quic-tls */ |
1397 | { SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME65486, "encrypted_server_name" }, /* https://tools.ietf.org/html/draft-ietf-tls-esni-01 */ |
1398 | { SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037, "encrypted_client_hello" }, /* https://datatracker.ietf.org/doc/draft-ietf-tls-esni/17/ */ |
1399 | { 0, NULL((void*)0) } |
1400 | }; |
1401 | |
1402 | const value_string tls_hello_ext_server_name_type_vs[] = { |
1403 | { 0, "host_name" }, |
1404 | { 0, NULL((void*)0) } |
1405 | }; |
1406 | |
1407 | /* RFC 6066 Section 4 */ |
1408 | const value_string tls_hello_ext_max_fragment_length[] = { |
1409 | { 1, "512" }, // 2^9 |
1410 | { 2, "1024" }, // 2^10 |
1411 | { 3, "2048" }, // 2^11 |
1412 | { 4, "4096" }, // 2^12 |
1413 | { 0, NULL((void*)0) } |
1414 | }; |
1415 | |
1416 | /* RFC 8446 Section 4.2.9 */ |
1417 | const value_string tls_hello_ext_psk_ke_mode[] = { |
1418 | { 0, "PSK-only key establishment (psk_ke)" }, |
1419 | { 1, "PSK with (EC)DHE key establishment (psk_dhe_ke)" }, |
1420 | { 0, NULL((void*)0) } |
1421 | }; |
1422 | |
1423 | const value_string tls13_key_update_request[] = { |
1424 | { 0, "update_not_requested" }, |
1425 | { 1, "update_requested" }, |
1426 | { 0, NULL((void*)0) } |
1427 | }; |
1428 | |
1429 | /* RFC 5246 7.4.1.4.1 */ |
1430 | /* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ |
1431 | /* Note that the TLS 1.3 SignatureScheme registry reserves all values |
1432 | * with first octet 0x00-0x06 and all values with second octet 0x00-0x03 |
1433 | * for backwards compatibility with TLS 1.2 SignatureAndHashAlgorithm. |
1434 | * |
1435 | * RFC 8422 and RFC 9189 add official support in TLS 1.2 for some algorithms |
1436 | * originally defined for TLS 1.3, and extend the TLS SignatureAlgorithm |
1437 | * and TLS HashAlgorithm registries, but the new values are not compatible |
1438 | * with all of the TLS 1.3-only SignatureSchemes. Adding those values could |
1439 | * cause confusion if used to interpret one of those schemes in a |
1440 | * signature_algorithms extension offered in a TLS 1.3 ClientHello. |
1441 | */ |
1442 | const value_string tls_hash_algorithm[] = { |
1443 | { 0, "None" }, |
1444 | { 1, "MD5" }, |
1445 | { 2, "SHA1" }, |
1446 | { 3, "SHA224" }, |
1447 | { 4, "SHA256" }, |
1448 | { 5, "SHA384" }, |
1449 | { 6, "SHA512" }, |
1450 | #if 0 |
1451 | /* RFC 8422 adds this to the HashAlgorithm registry, but it really |
1452 | * only applies to 0x0807 and 0x0808, not for other TLS 1.3 |
1453 | * SignatureSchemes with 0x08 in the octet used for Hash in TLS 1.2. |
1454 | * E.g., we don't want to display this for 0x0806 rsa_pss_rsae_sha512. |
1455 | */ |
1456 | { 8, "Intrinsic" }, |
1457 | #endif |
1458 | { 0, NULL((void*)0) } |
1459 | }; |
1460 | |
1461 | const value_string tls_signature_algorithm[] = { |
1462 | { 0, "Anonymous" }, |
1463 | { 1, "RSA" }, |
1464 | { 2, "DSA" }, |
1465 | { 3, "ECDSA" }, |
1466 | #if 0 |
1467 | /* As above. */ |
1468 | { 7, "ED25519" }, |
1469 | { 8, "ED448" }, |
1470 | { 64, "GOSTR34102012_256" }, |
1471 | { 65, "GOSTR34102012_512" }, |
1472 | #endif |
1473 | { 0, NULL((void*)0) } |
1474 | }; |
1475 | |
1476 | /* RFC 8446 Section 4.2.3 */ |
1477 | const value_string tls13_signature_algorithm[] = { |
1478 | { 0x0201, "rsa_pkcs1_sha1" }, |
1479 | { 0x0203, "ecdsa_sha1" }, |
1480 | { 0x0401, "rsa_pkcs1_sha256" }, |
1481 | { 0x0403, "ecdsa_secp256r1_sha256" }, |
1482 | { 0x0420, "rsa_pkcs1_sha256_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ |
1483 | { 0x0501, "rsa_pkcs1_sha384" }, |
1484 | { 0x0503, "ecdsa_secp384r1_sha384" }, |
1485 | { 0x0520, "rsa_pkcs1_sha384_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ |
1486 | { 0x0601, "rsa_pkcs1_sha512" }, |
1487 | { 0x0603, "ecdsa_secp521r1_sha512" }, |
1488 | { 0x0620, "rsa_pkcs1_sha512_legacy" }, /* draft-davidben-tls13-pkcs1-01 */ |
1489 | { 0x0708, "sm2sig_sm3" }, |
1490 | { 0x0709, "gostr34102012_256a" }, /* RFC9367 */ |
1491 | { 0x070a, "gostr34102012_256b" }, /* RFC9367 */ |
1492 | { 0x070b, "gostr34102012_256c" }, /* RFC9367 */ |
1493 | { 0x070c, "gostr34102012_256d" }, /* RFC9367 */ |
1494 | { 0x070d, "gostr34102012_512a" }, /* RFC9367 */ |
1495 | { 0x070e, "gostr34102012_512b" }, /* RFC9367 */ |
1496 | { 0x070f, "gostr34102012_512c" }, /* RFC9367 */ |
1497 | { 0x0804, "rsa_pss_rsae_sha256" }, |
1498 | { 0x0805, "rsa_pss_rsae_sha384" }, |
1499 | { 0x0806, "rsa_pss_rsae_sha512" }, |
1500 | { 0x0807, "ed25519" }, |
1501 | { 0x0808, "ed448" }, |
1502 | { 0x0809, "rsa_pss_pss_sha256" }, |
1503 | { 0x080a, "rsa_pss_pss_sha384" }, |
1504 | { 0x080b, "rsa_pss_pss_sha512" }, |
1505 | { 0x081a, "ecdsa_brainpoolP256r1tls13_sha256" }, /* RFC8734 */ |
1506 | { 0x081b, "ecdsa_brainpoolP384r1tls13_sha384" }, /* RFC8734 */ |
1507 | { 0x081c, "ecdsa_brainpoolP512r1tls13_sha512" }, /* RFC8734 */ |
1508 | /* PQC digital signature algorithms from OQS-OpenSSL, |
1509 | see https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/oqs-template/oqs-sig-info.md */ |
1510 | { 0xfea0, "dilithium2" }, |
1511 | { 0xfea1, "p256_dilithium2" }, |
1512 | { 0xfea2, "rsa3072_dilithium2" }, |
1513 | { 0xfea3, "dilithium3" }, |
1514 | { 0xfea4, "p384_dilithium3" }, |
1515 | { 0xfea5, "dilithium5" }, |
1516 | { 0xfea6, "p521_dilithium5" }, |
1517 | { 0xfea7, "dilithium2_aes" }, |
1518 | { 0xfea8, "p256_dilithium2_aes" }, |
1519 | { 0xfea9, "rsa3072_dilithium2_aes" }, |
1520 | { 0xfeaa, "dilithium3_aes" }, |
1521 | { 0xfeab, "p384_dilithium3_aes" }, |
1522 | { 0xfeac, "dilithium5_aes" }, |
1523 | { 0xfead, "p521_dilithium5_aes" }, |
1524 | { 0xfe0b, "falcon512" }, |
1525 | { 0xfe0c, "p256_falcon512" }, |
1526 | { 0xfe0d, "rsa3072_falcon512" }, |
1527 | { 0xfe0e, "falcon1024" }, |
1528 | { 0xfe0f, "p521_falcon1024" }, |
1529 | { 0xfe96, "picnicl1full" }, |
1530 | { 0xfe97, "p256_picnicl1full" }, |
1531 | { 0xfe98, "rsa3072_picnicl1full" }, |
1532 | { 0xfe1b, "picnic3l1" }, |
1533 | { 0xfe1c, "p256_picnic3l1" }, |
1534 | { 0xfe1d, "rsa3072_picnic3l1" }, |
1535 | { 0xfe27, "rainbowIclassic" }, |
1536 | { 0xfe28, "p256_rainbowIclassic" }, |
1537 | { 0xfe29, "rsa3072_rainbowIclassic" }, |
1538 | { 0xfe3c, "rainbowVclassic" }, |
1539 | { 0xfe3d, "p521_rainbowVclassic" }, |
1540 | { 0xfe42, "sphincsharaka128frobust" }, |
1541 | { 0xfe43, "p256_sphincsharaka128frobust" }, |
1542 | { 0xfe44, "rsa3072_sphincsharaka128frobust" }, |
1543 | { 0xfe5e, "sphincssha256128frobust" }, |
1544 | { 0xfe5f, "p256_sphincssha256128frobust" }, |
1545 | { 0xfe60, "rsa3072_sphincssha256128frobust" }, |
1546 | { 0xfe7a, "sphincsshake256128frobust" }, |
1547 | { 0xfe7b, "p256_sphincsshake256128frobust" }, |
1548 | { 0xfe7c, "rsa3072_sphincsshake256128frobust" }, |
1549 | { 0, NULL((void*)0) } |
1550 | }; |
1551 | |
1552 | /* RFC 6091 3.1 */ |
1553 | const value_string tls_certificate_type[] = { |
1554 | { 0, "X.509" }, |
1555 | { 1, "OpenPGP" }, |
1556 | { SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2, "Raw Public Key" }, /* RFC 7250 */ |
1557 | { 0, NULL((void*)0) } |
1558 | }; |
1559 | |
1560 | const value_string tls_cert_chain_type[] = { |
1561 | { SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT1, "Individual Certificates" }, |
1562 | { SSL_HND_CERT_URL_TYPE_PKIPATH2, "PKI Path" }, |
1563 | { 0, NULL((void*)0) } |
1564 | }; |
1565 | |
1566 | const value_string tls_cert_status_type[] = { |
1567 | { SSL_HND_CERT_STATUS_TYPE_OCSP1, "OCSP" }, |
1568 | { SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2, "OCSP Multi" }, |
1569 | { 0, NULL((void*)0) } |
1570 | }; |
1571 | |
1572 | /* Generated by tools/make-tls-ct-logids.py |
1573 | * Last-Modified Sat, 06 Jul 2024 13:38:00 GMT, 156 entries. */ |
1574 | static const bytes_string ct_logids[] = { |
1575 | { (const uint8_t[]){ |
1576 | 0xb2, 0x1e, 0x05, 0xcc, 0x8b, 0xa2, 0xcd, 0x8a, 0x20, 0x4e, 0x87, |
1577 | 0x66, 0xf9, 0x2b, 0xb9, 0x8a, 0x25, 0x20, 0x67, 0x6b, 0xda, 0xfa, |
1578 | 0x70, 0xe7, 0xb2, 0x49, 0x53, 0x2d, 0xef, 0x8b, 0x90, 0x5e, |
1579 | }, |
1580 | 32, "Google 'Argon2020' log" }, |
1581 | { (const uint8_t[]){ |
1582 | 0xf6, 0x5c, 0x94, 0x2f, 0xd1, 0x77, 0x30, 0x22, 0x14, 0x54, 0x18, |
1583 | 0x08, 0x30, 0x94, 0x56, 0x8e, 0xe3, 0x4d, 0x13, 0x19, 0x33, 0xbf, |
1584 | 0xdf, 0x0c, 0x2f, 0x20, 0x0b, 0xcc, 0x4e, 0xf1, 0x64, 0xe3, |
1585 | }, |
1586 | 32, "Google 'Argon2021' log" }, |
1587 | { (const uint8_t[]){ |
1588 | 0x29, 0x79, 0xbe, 0xf0, 0x9e, 0x39, 0x39, 0x21, 0xf0, 0x56, 0x73, |
1589 | 0x9f, 0x63, 0xa5, 0x77, 0xe5, 0xbe, 0x57, 0x7d, 0x9c, 0x60, 0x0a, |
1590 | 0xf8, 0xf9, 0x4d, 0x5d, 0x26, 0x5c, 0x25, 0x5d, 0xc7, 0x84, |
1591 | }, |
1592 | 32, "Google 'Argon2022' log" }, |
1593 | { (const uint8_t[]){ |
1594 | 0xe8, 0x3e, 0xd0, 0xda, 0x3e, 0xf5, 0x06, 0x35, 0x32, 0xe7, 0x57, |
1595 | 0x28, 0xbc, 0x89, 0x6b, 0xc9, 0x03, 0xd3, 0xcb, 0xd1, 0x11, 0x6b, |
1596 | 0xec, 0xeb, 0x69, 0xe1, 0x77, 0x7d, 0x6d, 0x06, 0xbd, 0x6e, |
1597 | }, |
1598 | 32, "Google 'Argon2023' log" }, |
1599 | { (const uint8_t[]){ |
1600 | 0xee, 0xcd, 0xd0, 0x64, 0xd5, 0xdb, 0x1a, 0xce, 0xc5, 0x5c, 0xb7, |
1601 | 0x9d, 0xb4, 0xcd, 0x13, 0xa2, 0x32, 0x87, 0x46, 0x7c, 0xbc, 0xec, |
1602 | 0xde, 0xc3, 0x51, 0x48, 0x59, 0x46, 0x71, 0x1f, 0xb5, 0x9b, |
1603 | }, |
1604 | 32, "Google 'Argon2024' log" }, |
1605 | { (const uint8_t[]){ |
1606 | 0x4e, 0x75, 0xa3, 0x27, 0x5c, 0x9a, 0x10, 0xc3, 0x38, 0x5b, 0x6c, |
1607 | 0xd4, 0xdf, 0x3f, 0x52, 0xeb, 0x1d, 0xf0, 0xe0, 0x8e, 0x1b, 0x8d, |
1608 | 0x69, 0xc0, 0xb1, 0xfa, 0x64, 0xb1, 0x62, 0x9a, 0x39, 0xdf, |
1609 | }, |
1610 | 32, "Google 'Argon2025h1' log" }, |
1611 | { (const uint8_t[]){ |
1612 | 0x12, 0xf1, 0x4e, 0x34, 0xbd, 0x53, 0x72, 0x4c, 0x84, 0x06, 0x19, |
1613 | 0xc3, 0x8f, 0x3f, 0x7a, 0x13, 0xf8, 0xe7, 0xb5, 0x62, 0x87, 0x88, |
1614 | 0x9c, 0x6d, 0x30, 0x05, 0x84, 0xeb, 0xe5, 0x86, 0x26, 0x3a, |
1615 | }, |
1616 | 32, "Google 'Argon2025h2' log" }, |
1617 | { (const uint8_t[]){ |
1618 | 0x0e, 0x57, 0x94, 0xbc, 0xf3, 0xae, 0xa9, 0x3e, 0x33, 0x1b, 0x2c, |
1619 | 0x99, 0x07, 0xb3, 0xf7, 0x90, 0xdf, 0x9b, 0xc2, 0x3d, 0x71, 0x32, |
1620 | 0x25, 0xdd, 0x21, 0xa9, 0x25, 0xac, 0x61, 0xc5, 0x4e, 0x21, |
1621 | }, |
1622 | 32, "Google 'Argon2026h1' log" }, |
1623 | { (const uint8_t[]){ |
1624 | 0xd7, 0x6d, 0x7d, 0x10, 0xd1, 0xa7, 0xf5, 0x77, 0xc2, 0xc7, 0xe9, |
1625 | 0x5f, 0xd7, 0x00, 0xbf, 0xf9, 0x82, 0xc9, 0x33, 0x5a, 0x65, 0xe1, |
1626 | 0xd0, 0xb3, 0x01, 0x73, 0x17, 0xc0, 0xc8, 0xc5, 0x69, 0x77, |
1627 | }, |
1628 | 32, "Google 'Argon2026h2' log" }, |
1629 | { (const uint8_t[]){ |
1630 | 0x07, 0xb7, 0x5c, 0x1b, 0xe5, 0x7d, 0x68, 0xff, 0xf1, 0xb0, 0xc6, |
1631 | 0x1d, 0x23, 0x15, 0xc7, 0xba, 0xe6, 0x57, 0x7c, 0x57, 0x94, 0xb7, |
1632 | 0x6a, 0xee, 0xbc, 0x61, 0x3a, 0x1a, 0x69, 0xd3, 0xa2, 0x1c, |
1633 | }, |
1634 | 32, "Google 'Xenon2020' log" }, |
1635 | { (const uint8_t[]){ |
1636 | 0x7d, 0x3e, 0xf2, 0xf8, 0x8f, 0xff, 0x88, 0x55, 0x68, 0x24, 0xc2, |
1637 | 0xc0, 0xca, 0x9e, 0x52, 0x89, 0x79, 0x2b, 0xc5, 0x0e, 0x78, 0x09, |
1638 | 0x7f, 0x2e, 0x6a, 0x97, 0x68, 0x99, 0x7e, 0x22, 0xf0, 0xd7, |
1639 | }, |
1640 | 32, "Google 'Xenon2021' log" }, |
1641 | { (const uint8_t[]){ |
1642 | 0x46, 0xa5, 0x55, 0xeb, 0x75, 0xfa, 0x91, 0x20, 0x30, 0xb5, 0xa2, |
1643 | 0x89, 0x69, 0xf4, 0xf3, 0x7d, 0x11, 0x2c, 0x41, 0x74, 0xbe, 0xfd, |
1644 | 0x49, 0xb8, 0x85, 0xab, 0xf2, 0xfc, 0x70, 0xfe, 0x6d, 0x47, |
1645 | }, |
1646 | 32, "Google 'Xenon2022' log" }, |
1647 | { (const uint8_t[]){ |
1648 | 0xad, 0xf7, 0xbe, 0xfa, 0x7c, 0xff, 0x10, 0xc8, 0x8b, 0x9d, 0x3d, |
1649 | 0x9c, 0x1e, 0x3e, 0x18, 0x6a, 0xb4, 0x67, 0x29, 0x5d, 0xcf, 0xb1, |
1650 | 0x0c, 0x24, 0xca, 0x85, 0x86, 0x34, 0xeb, 0xdc, 0x82, 0x8a, |
1651 | }, |
1652 | 32, "Google 'Xenon2023' log" }, |
1653 | { (const uint8_t[]){ |
1654 | 0x76, 0xff, 0x88, 0x3f, 0x0a, 0xb6, 0xfb, 0x95, 0x51, 0xc2, 0x61, |
1655 | 0xcc, 0xf5, 0x87, 0xba, 0x34, 0xb4, 0xa4, 0xcd, 0xbb, 0x29, 0xdc, |
1656 | 0x68, 0x42, 0x0a, 0x9f, 0xe6, 0x67, 0x4c, 0x5a, 0x3a, 0x74, |
1657 | }, |
1658 | 32, "Google 'Xenon2024' log" }, |
1659 | { (const uint8_t[]){ |
1660 | 0xcf, 0x11, 0x56, 0xee, 0xd5, 0x2e, 0x7c, 0xaf, 0xf3, 0x87, 0x5b, |
1661 | 0xd9, 0x69, 0x2e, 0x9b, 0xe9, 0x1a, 0x71, 0x67, 0x4a, 0xb0, 0x17, |
1662 | 0xec, 0xac, 0x01, 0xd2, 0x5b, 0x77, 0xce, 0xcc, 0x3b, 0x08, |
1663 | }, |
1664 | 32, "Google 'Xenon2025h1' log" }, |
1665 | { (const uint8_t[]){ |
1666 | 0xdd, 0xdc, 0xca, 0x34, 0x95, 0xd7, 0xe1, 0x16, 0x05, 0xe7, 0x95, |
1667 | 0x32, 0xfa, 0xc7, 0x9f, 0xf8, 0x3d, 0x1c, 0x50, 0xdf, 0xdb, 0x00, |
1668 | 0x3a, 0x14, 0x12, 0x76, 0x0a, 0x2c, 0xac, 0xbb, 0xc8, 0x2a, |
1669 | }, |
1670 | 32, "Google 'Xenon2025h2' log" }, |
1671 | { (const uint8_t[]){ |
1672 | 0x96, 0x97, 0x64, 0xbf, 0x55, 0x58, 0x97, 0xad, 0xf7, 0x43, 0x87, |
1673 | 0x68, 0x37, 0x08, 0x42, 0x77, 0xe9, 0xf0, 0x3a, 0xd5, 0xf6, 0xa4, |
1674 | 0xf3, 0x36, 0x6e, 0x46, 0xa4, 0x3f, 0x0f, 0xca, 0xa9, 0xc6, |
1675 | }, |
1676 | 32, "Google 'Xenon2026h1' log" }, |
1677 | { (const uint8_t[]){ |
1678 | 0xd8, 0x09, 0x55, 0x3b, 0x94, 0x4f, 0x7a, 0xff, 0xc8, 0x16, 0x19, |
1679 | 0x6f, 0x94, 0x4f, 0x85, 0xab, 0xb0, 0xf8, 0xfc, 0x5e, 0x87, 0x55, |
1680 | 0x26, 0x0f, 0x15, 0xd1, 0x2e, 0x72, 0xbb, 0x45, 0x4b, 0x14, |
1681 | }, |
1682 | 32, "Google 'Xenon2026h2' log" }, |
1683 | { (const uint8_t[]){ |
1684 | 0x68, 0xf6, 0x98, 0xf8, 0x1f, 0x64, 0x82, 0xbe, 0x3a, 0x8c, 0xee, |
1685 | 0xb9, 0x28, 0x1d, 0x4c, 0xfc, 0x71, 0x51, 0x5d, 0x67, 0x93, 0xd4, |
1686 | 0x44, 0xd1, 0x0a, 0x67, 0xac, 0xbb, 0x4f, 0x4f, 0xfb, 0xc4, |
1687 | }, |
1688 | 32, "Google 'Aviator' log" }, |
1689 | { (const uint8_t[]){ |
1690 | 0x29, 0x3c, 0x51, 0x96, 0x54, 0xc8, 0x39, 0x65, 0xba, 0xaa, 0x50, |
1691 | 0xfc, 0x58, 0x07, 0xd4, 0xb7, 0x6f, 0xbf, 0x58, 0x7a, 0x29, 0x72, |
1692 | 0xdc, 0xa4, 0xc3, 0x0c, 0xf4, 0xe5, 0x45, 0x47, 0xf4, 0x78, |
1693 | }, |
1694 | 32, "Google 'Icarus' log" }, |
1695 | { (const uint8_t[]){ |
1696 | 0xa4, 0xb9, 0x09, 0x90, 0xb4, 0x18, 0x58, 0x14, 0x87, 0xbb, 0x13, |
1697 | 0xa2, 0xcc, 0x67, 0x70, 0x0a, 0x3c, 0x35, 0x98, 0x04, 0xf9, 0x1b, |
1698 | 0xdf, 0xb8, 0xe3, 0x77, 0xcd, 0x0e, 0xc8, 0x0d, 0xdc, 0x10, |
1699 | }, |
1700 | 32, "Google 'Pilot' log" }, |
1701 | { (const uint8_t[]){ |
1702 | 0xee, 0x4b, 0xbd, 0xb7, 0x75, 0xce, 0x60, 0xba, 0xe1, 0x42, 0x69, |
1703 | 0x1f, 0xab, 0xe1, 0x9e, 0x66, 0xa3, 0x0f, 0x7e, 0x5f, 0xb0, 0x72, |
1704 | 0xd8, 0x83, 0x00, 0xc4, 0x7b, 0x89, 0x7a, 0xa8, 0xfd, 0xcb, |
1705 | }, |
1706 | 32, "Google 'Rocketeer' log" }, |
1707 | { (const uint8_t[]){ |
1708 | 0xbb, 0xd9, 0xdf, 0xbc, 0x1f, 0x8a, 0x71, 0xb5, 0x93, 0x94, 0x23, |
1709 | 0x97, 0xaa, 0x92, 0x7b, 0x47, 0x38, 0x57, 0x95, 0x0a, 0xab, 0x52, |
1710 | 0xe8, 0x1a, 0x90, 0x96, 0x64, 0x36, 0x8e, 0x1e, 0xd1, 0x85, |
1711 | }, |
1712 | 32, "Google 'Skydiver' log" }, |
1713 | { (const uint8_t[]){ |
1714 | 0xfa, 0xd4, 0xc9, 0x7c, 0xc4, 0x9e, 0xe2, 0xf8, 0xac, 0x85, 0xc5, |
1715 | 0xea, 0x5c, 0xea, 0x09, 0xd0, 0x22, 0x0d, 0xbb, 0xf4, 0xe4, 0x9c, |
1716 | 0x6b, 0x50, 0x66, 0x2f, 0xf8, 0x68, 0xf8, 0x6b, 0x8c, 0x28, |
1717 | }, |
1718 | 32, "Google 'Argon2017' log" }, |
1719 | { (const uint8_t[]){ |
1720 | 0xa4, 0x50, 0x12, 0x69, 0x05, 0x5a, 0x15, 0x54, 0x5e, 0x62, 0x11, |
1721 | 0xab, 0x37, 0xbc, 0x10, 0x3f, 0x62, 0xae, 0x55, 0x76, 0xa4, 0x5e, |
1722 | 0x4b, 0x17, 0x14, 0x45, 0x3e, 0x1b, 0x22, 0x10, 0x6a, 0x25, |
1723 | }, |
1724 | 32, "Google 'Argon2018' log" }, |
1725 | { (const uint8_t[]){ |
1726 | 0x63, 0xf2, 0xdb, 0xcd, 0xe8, 0x3b, 0xcc, 0x2c, 0xcf, 0x0b, 0x72, |
1727 | 0x84, 0x27, 0x57, 0x6b, 0x33, 0xa4, 0x8d, 0x61, 0x77, 0x8f, 0xbd, |
1728 | 0x75, 0xa6, 0x38, 0xb1, 0xc7, 0x68, 0x54, 0x4b, 0xd8, 0x8d, |
1729 | }, |
1730 | 32, "Google 'Argon2019' log" }, |
1731 | { (const uint8_t[]){ |
1732 | 0xb1, 0x0c, 0xd5, 0x59, 0xa6, 0xd6, 0x78, 0x46, 0x81, 0x1f, 0x7d, |
1733 | 0xf9, 0xa5, 0x15, 0x32, 0x73, 0x9a, 0xc4, 0x8d, 0x70, 0x3b, 0xea, |
1734 | 0x03, 0x23, 0xda, 0x5d, 0x38, 0x75, 0x5b, 0xc0, 0xad, 0x4e, |
1735 | }, |
1736 | 32, "Google 'Xenon2018' log" }, |
1737 | { (const uint8_t[]){ |
1738 | 0x08, 0x41, 0x14, 0x98, 0x00, 0x71, 0x53, 0x2c, 0x16, 0x19, 0x04, |
1739 | 0x60, 0xbc, 0xfc, 0x47, 0xfd, 0xc2, 0x65, 0x3a, 0xfa, 0x29, 0x2c, |
1740 | 0x72, 0xb3, 0x7f, 0xf8, 0x63, 0xae, 0x29, 0xcc, 0xc9, 0xf0, |
1741 | }, |
1742 | 32, "Google 'Xenon2019' log" }, |
1743 | { (const uint8_t[]){ |
1744 | 0xa8, 0x99, 0xd8, 0x78, 0x0c, 0x92, 0x90, 0xaa, 0xf4, 0x62, 0xf3, |
1745 | 0x18, 0x80, 0xcc, 0xfb, 0xd5, 0x24, 0x51, 0xe9, 0x70, 0xd0, 0xfb, |
1746 | 0xf5, 0x91, 0xef, 0x75, 0xb0, 0xd9, 0x9b, 0x64, 0x56, 0x81, |
1747 | }, |
1748 | 32, "Google 'Submariner' log" }, |
1749 | { (const uint8_t[]){ |
1750 | 0x1d, 0x02, 0x4b, 0x8e, 0xb1, 0x49, 0x8b, 0x34, 0x4d, 0xfd, 0x87, |
1751 | 0xea, 0x3e, 0xfc, 0x09, 0x96, 0xf7, 0x50, 0x6f, 0x23, 0x5d, 0x1d, |
1752 | 0x49, 0x70, 0x61, 0xa4, 0x77, 0x3c, 0x43, 0x9c, 0x25, 0xfb, |
1753 | }, |
1754 | 32, "Google 'Daedalus' log" }, |
1755 | { (const uint8_t[]){ |
1756 | 0xb0, 0xcc, 0x83, 0xe5, 0xa5, 0xf9, 0x7d, 0x6b, 0xaf, 0x7c, 0x09, |
1757 | 0xcc, 0x28, 0x49, 0x04, 0x87, 0x2a, 0xc7, 0xe8, 0x8b, 0x13, 0x2c, |
1758 | 0x63, 0x50, 0xb7, 0xc6, 0xfd, 0x26, 0xe1, 0x6c, 0x6c, 0x77, |
1759 | }, |
1760 | 32, "Google 'Testtube' log" }, |
1761 | { (const uint8_t[]){ |
1762 | 0xc3, 0xbf, 0x03, 0xa7, 0xe1, 0xca, 0x88, 0x41, 0xc6, 0x07, 0xba, |
1763 | 0xe3, 0xff, 0x42, 0x70, 0xfc, 0xa5, 0xec, 0x45, 0xb1, 0x86, 0xeb, |
1764 | 0xbe, 0x4e, 0x2c, 0xf3, 0xfc, 0x77, 0x86, 0x30, 0xf5, 0xf6, |
1765 | }, |
1766 | 32, "Google 'Crucible' log" }, |
1767 | { (const uint8_t[]){ |
1768 | 0x52, 0xeb, 0x4b, 0x22, 0x5e, 0xc8, 0x96, 0x97, 0x48, 0x50, 0x67, |
1769 | 0x5f, 0x23, 0xe4, 0x3b, 0xc1, 0xd0, 0x21, 0xe3, 0x21, 0x4c, 0xe5, |
1770 | 0x2e, 0xcd, 0x5f, 0xa8, 0x7c, 0x20, 0x3c, 0xdf, 0xca, 0x03, |
1771 | }, |
1772 | 32, "Google 'Solera2018' log" }, |
1773 | { (const uint8_t[]){ |
1774 | 0x0b, 0x76, 0x0e, 0x9a, 0x8b, 0x9a, 0x68, 0x2f, 0x88, 0x98, 0x5b, |
1775 | 0x15, 0xe9, 0x47, 0x50, 0x1a, 0x56, 0x44, 0x6b, 0xba, 0x88, 0x30, |
1776 | 0x78, 0x5c, 0x38, 0x42, 0x99, 0x43, 0x86, 0x45, 0x0c, 0x00, |
1777 | }, |
1778 | 32, "Google 'Solera2019' log" }, |
1779 | { (const uint8_t[]){ |
1780 | 0x1f, 0xc7, 0x2c, 0xe5, 0xa1, 0xb7, 0x99, 0xf4, 0x00, 0xc3, 0x59, |
1781 | 0xbf, 0xf9, 0x6c, 0xa3, 0x91, 0x35, 0x48, 0xe8, 0x64, 0x42, 0x20, |
1782 | 0x61, 0x09, 0x52, 0xe9, 0xba, 0x17, 0x74, 0xf7, 0xba, 0xc7, |
1783 | }, |
1784 | 32, "Google 'Solera2020' log" }, |
1785 | { (const uint8_t[]){ |
1786 | 0xa3, 0xc9, 0x98, 0x45, 0xe8, 0x0a, 0xb7, 0xce, 0x00, 0x15, 0x7b, |
1787 | 0x37, 0x42, 0xdf, 0x02, 0x07, 0xdd, 0x27, 0x2b, 0x2b, 0x60, 0x2e, |
1788 | 0xcf, 0x98, 0xee, 0x2c, 0x12, 0xdb, 0x9c, 0x5a, 0xe7, 0xe7, |
1789 | }, |
1790 | 32, "Google 'Solera2021' log" }, |
1791 | { (const uint8_t[]){ |
1792 | 0x69, 0x7a, 0xaf, 0xca, 0x1a, 0x6b, 0x53, 0x6f, 0xae, 0x21, 0x20, |
1793 | 0x50, 0x46, 0xde, 0xba, 0xd7, 0xe0, 0xea, 0xea, 0x13, 0xd2, 0x43, |
1794 | 0x2e, 0x6e, 0x9d, 0x8f, 0xb3, 0x79, 0xf2, 0xb9, 0xaa, 0xf3, |
1795 | }, |
1796 | 32, "Google 'Solera2022' log" }, |
1797 | { (const uint8_t[]){ |
1798 | 0xf9, 0x7e, 0x97, 0xb8, 0xd3, 0x3e, 0xf7, 0xa1, 0x59, 0x02, 0xa5, |
1799 | 0x3a, 0x19, 0xe1, 0x79, 0x90, 0xe5, 0xdc, 0x40, 0x6a, 0x03, 0x18, |
1800 | 0x25, 0xba, 0xad, 0x93, 0xe9, 0x8f, 0x9b, 0x9c, 0x69, 0xcb, |
1801 | }, |
1802 | 32, "Google 'Solera2023' log" }, |
1803 | { (const uint8_t[]){ |
1804 | 0x30, 0x24, 0xce, 0x7e, 0xeb, 0x16, 0x88, 0x62, 0x72, 0x4b, 0xea, |
1805 | 0x70, 0x2e, 0xff, 0xf9, 0x92, 0xcf, 0xe4, 0x56, 0x43, 0x41, 0x91, |
1806 | 0xaa, 0x59, 0x5b, 0x25, 0xf8, 0x02, 0x26, 0xc8, 0x00, 0x17, |
1807 | }, |
1808 | 32, "Google 'Solera2024' log" }, |
1809 | { (const uint8_t[]){ |
1810 | 0x3f, 0xe1, 0xcb, 0x46, 0xed, 0x47, 0x35, 0x79, 0xaf, 0x01, 0x41, |
1811 | 0xf9, 0x72, 0x4d, 0x9d, 0xc4, 0x43, 0x47, 0x2d, 0x75, 0x6e, 0x85, |
1812 | 0xe7, 0x71, 0x9c, 0x55, 0x82, 0x48, 0x5d, 0xd4, 0xe1, 0xe4, |
1813 | }, |
1814 | 32, "Google 'Solera2025h1' log" }, |
1815 | { (const uint8_t[]){ |
1816 | 0x26, 0x02, 0x39, 0x48, 0x87, 0x4c, 0xf7, 0xfc, 0xd0, 0xfb, 0x64, |
1817 | 0x71, 0xa4, 0x3e, 0x84, 0x7e, 0xbb, 0x20, 0x0a, 0xe6, 0xe2, 0xfa, |
1818 | 0x24, 0x23, 0x6d, 0xf6, 0xd1, 0xa6, 0x06, 0x63, 0x0f, 0xb1, |
1819 | }, |
1820 | 32, "Google 'Solera2025h2' log" }, |
1821 | { (const uint8_t[]){ |
1822 | 0x5e, 0xa7, 0x73, 0xf9, 0xdf, 0x56, 0xc0, 0xe7, 0xb5, 0x36, 0x48, |
1823 | 0x7d, 0xd0, 0x49, 0xe0, 0x32, 0x7a, 0x91, 0x9a, 0x0c, 0x84, 0xa1, |
1824 | 0x12, 0x12, 0x84, 0x18, 0x75, 0x96, 0x81, 0x71, 0x45, 0x58, |
1825 | }, |
1826 | 32, "Cloudflare 'Nimbus2020' Log" }, |
1827 | { (const uint8_t[]){ |
1828 | 0x44, 0x94, 0x65, 0x2e, 0xb0, 0xee, 0xce, 0xaf, 0xc4, 0x40, 0x07, |
1829 | 0xd8, 0xa8, 0xfe, 0x28, 0xc0, 0xda, 0xe6, 0x82, 0xbe, 0xd8, 0xcb, |
1830 | 0x31, 0xb5, 0x3f, 0xd3, 0x33, 0x96, 0xb5, 0xb6, 0x81, 0xa8, |
1831 | }, |
1832 | 32, "Cloudflare 'Nimbus2021' Log" }, |
1833 | { (const uint8_t[]){ |
1834 | 0x41, 0xc8, 0xca, 0xb1, 0xdf, 0x22, 0x46, 0x4a, 0x10, 0xc6, 0xa1, |
1835 | 0x3a, 0x09, 0x42, 0x87, 0x5e, 0x4e, 0x31, 0x8b, 0x1b, 0x03, 0xeb, |
1836 | 0xeb, 0x4b, 0xc7, 0x68, 0xf0, 0x90, 0x62, 0x96, 0x06, 0xf6, |
1837 | }, |
1838 | 32, "Cloudflare 'Nimbus2022' Log" }, |
1839 | { (const uint8_t[]){ |
1840 | 0x7a, 0x32, 0x8c, 0x54, 0xd8, 0xb7, 0x2d, 0xb6, 0x20, 0xea, 0x38, |
1841 | 0xe0, 0x52, 0x1e, 0xe9, 0x84, 0x16, 0x70, 0x32, 0x13, 0x85, 0x4d, |
1842 | 0x3b, 0xd2, 0x2b, 0xc1, 0x3a, 0x57, 0xa3, 0x52, 0xeb, 0x52, |
1843 | }, |
1844 | 32, "Cloudflare 'Nimbus2023' Log" }, |
1845 | { (const uint8_t[]){ |
1846 | 0xda, 0xb6, 0xbf, 0x6b, 0x3f, 0xb5, 0xb6, 0x22, 0x9f, 0x9b, 0xc2, |
1847 | 0xbb, 0x5c, 0x6b, 0xe8, 0x70, 0x91, 0x71, 0x6c, 0xbb, 0x51, 0x84, |
1848 | 0x85, 0x34, 0xbd, 0xa4, 0x3d, 0x30, 0x48, 0xd7, 0xfb, 0xab, |
1849 | }, |
1850 | 32, "Cloudflare 'Nimbus2024' Log" }, |
1851 | { (const uint8_t[]){ |
1852 | 0xcc, 0xfb, 0x0f, 0x6a, 0x85, 0x71, 0x09, 0x65, 0xfe, 0x95, 0x9b, |
1853 | 0x53, 0xce, 0xe9, 0xb2, 0x7c, 0x22, 0xe9, 0x85, 0x5c, 0x0d, 0x97, |
1854 | 0x8d, 0xb6, 0xa9, 0x7e, 0x54, 0xc0, 0xfe, 0x4c, 0x0d, 0xb0, |
1855 | }, |
1856 | 32, "Cloudflare 'Nimbus2025'" }, |
1857 | { (const uint8_t[]){ |
1858 | 0x1f, 0xbc, 0x36, 0xe0, 0x02, 0xed, 0xe9, 0x7f, 0x40, 0x19, 0x9e, |
1859 | 0x86, 0xb3, 0x57, 0x3b, 0x8a, 0x42, 0x17, 0xd8, 0x01, 0x87, 0x74, |
1860 | 0x6a, 0xd0, 0xda, 0x03, 0xa0, 0x60, 0x54, 0xd2, 0x0d, 0xf4, |
1861 | }, |
1862 | 32, "Cloudflare 'Nimbus2017' Log" }, |
1863 | { (const uint8_t[]){ |
1864 | 0xdb, 0x74, 0xaf, 0xee, 0xcb, 0x29, 0xec, 0xb1, 0xfe, 0xca, 0x3e, |
1865 | 0x71, 0x6d, 0x2c, 0xe5, 0xb9, 0xaa, 0xbb, 0x36, 0xf7, 0x84, 0x71, |
1866 | 0x83, 0xc7, 0x5d, 0x9d, 0x4f, 0x37, 0xb6, 0x1f, 0xbf, 0x64, |
1867 | }, |
1868 | 32, "Cloudflare 'Nimbus2018' Log" }, |
1869 | { (const uint8_t[]){ |
1870 | 0x74, 0x7e, 0xda, 0x83, 0x31, 0xad, 0x33, 0x10, 0x91, 0x21, 0x9c, |
1871 | 0xce, 0x25, 0x4f, 0x42, 0x70, 0xc2, 0xbf, 0xfd, 0x5e, 0x42, 0x20, |
1872 | 0x08, 0xc6, 0x37, 0x35, 0x79, 0xe6, 0x10, 0x7b, 0xcc, 0x56, |
1873 | }, |
1874 | 32, "Cloudflare 'Nimbus2019' Log" }, |
1875 | { (const uint8_t[]){ |
1876 | 0x56, 0x14, 0x06, 0x9a, 0x2f, 0xd7, 0xc2, 0xec, 0xd3, 0xf5, 0xe1, |
1877 | 0xbd, 0x44, 0xb2, 0x3e, 0xc7, 0x46, 0x76, 0xb9, 0xbc, 0x99, 0x11, |
1878 | 0x5c, 0xc0, 0xef, 0x94, 0x98, 0x55, 0xd6, 0x89, 0xd0, 0xdd, |
1879 | }, |
1880 | 32, "DigiCert Log Server" }, |
1881 | { (const uint8_t[]){ |
1882 | 0x87, 0x75, 0xbf, 0xe7, 0x59, 0x7c, 0xf8, 0x8c, 0x43, 0x99, 0x5f, |
1883 | 0xbd, 0xf3, 0x6e, 0xff, 0x56, 0x8d, 0x47, 0x56, 0x36, 0xff, 0x4a, |
1884 | 0xb5, 0x60, 0xc1, 0xb4, 0xea, 0xff, 0x5e, 0xa0, 0x83, 0x0f, |
1885 | }, |
1886 | 32, "DigiCert Log Server 2" }, |
1887 | { (const uint8_t[]){ |
1888 | 0xf0, 0x95, 0xa4, 0x59, 0xf2, 0x00, 0xd1, 0x82, 0x40, 0x10, 0x2d, |
1889 | 0x2f, 0x93, 0x88, 0x8e, 0xad, 0x4b, 0xfe, 0x1d, 0x47, 0xe3, 0x99, |
1890 | 0xe1, 0xd0, 0x34, 0xa6, 0xb0, 0xa8, 0xaa, 0x8e, 0xb2, 0x73, |
1891 | }, |
1892 | 32, "DigiCert Yeti2020 Log" }, |
1893 | { (const uint8_t[]){ |
1894 | 0x5c, 0xdc, 0x43, 0x92, 0xfe, 0xe6, 0xab, 0x45, 0x44, 0xb1, 0x5e, |
1895 | 0x9a, 0xd4, 0x56, 0xe6, 0x10, 0x37, 0xfb, 0xd5, 0xfa, 0x47, 0xdc, |
1896 | 0xa1, 0x73, 0x94, 0xb2, 0x5e, 0xe6, 0xf6, 0xc7, 0x0e, 0xca, |
1897 | }, |
1898 | 32, "DigiCert Yeti2021 Log" }, |
1899 | { (const uint8_t[]){ |
1900 | 0x22, 0x45, 0x45, 0x07, 0x59, 0x55, 0x24, 0x56, 0x96, 0x3f, 0xa1, |
1901 | 0x2f, 0xf1, 0xf7, 0x6d, 0x86, 0xe0, 0x23, 0x26, 0x63, 0xad, 0xc0, |
1902 | 0x4b, 0x7f, 0x5d, 0xc6, 0x83, 0x5c, 0x6e, 0xe2, 0x0f, 0x02, |
1903 | }, |
1904 | 32, "DigiCert Yeti2022 Log" }, |
1905 | { (const uint8_t[]){ |
1906 | 0x35, 0xcf, 0x19, 0x1b, 0xbf, 0xb1, 0x6c, 0x57, 0xbf, 0x0f, 0xad, |
1907 | 0x4c, 0x6d, 0x42, 0xcb, 0xbb, 0xb6, 0x27, 0x20, 0x26, 0x51, 0xea, |
1908 | 0x3f, 0xe1, 0x2a, 0xef, 0xa8, 0x03, 0xc3, 0x3b, 0xd6, 0x4c, |
1909 | }, |
1910 | 32, "DigiCert Yeti2023 Log" }, |
1911 | { (const uint8_t[]){ |
1912 | 0x48, 0xb0, 0xe3, 0x6b, 0xda, 0xa6, 0x47, 0x34, 0x0f, 0xe5, 0x6a, |
1913 | 0x02, 0xfa, 0x9d, 0x30, 0xeb, 0x1c, 0x52, 0x01, 0xcb, 0x56, 0xdd, |
1914 | 0x2c, 0x81, 0xd9, 0xbb, 0xbf, 0xab, 0x39, 0xd8, 0x84, 0x73, |
1915 | }, |
1916 | 32, "DigiCert Yeti2024 Log" }, |
1917 | { (const uint8_t[]){ |
1918 | 0x7d, 0x59, 0x1e, 0x12, 0xe1, 0x78, 0x2a, 0x7b, 0x1c, 0x61, 0x67, |
1919 | 0x7c, 0x5e, 0xfd, 0xf8, 0xd0, 0x87, 0x5c, 0x14, 0xa0, 0x4e, 0x95, |
1920 | 0x9e, 0xb9, 0x03, 0x2f, 0xd9, 0x0e, 0x8c, 0x2e, 0x79, 0xb8, |
1921 | }, |
1922 | 32, "DigiCert Yeti2025 Log" }, |
1923 | { (const uint8_t[]){ |
1924 | 0xc6, 0x52, 0xa0, 0xec, 0x48, 0xce, 0xb3, 0xfc, 0xab, 0x17, 0x09, |
1925 | 0x92, 0xc4, 0x3a, 0x87, 0x41, 0x33, 0x09, 0xe8, 0x00, 0x65, 0xa2, |
1926 | 0x62, 0x52, 0x40, 0x1b, 0xa3, 0x36, 0x2a, 0x17, 0xc5, 0x65, |
1927 | }, |
1928 | 32, "DigiCert Nessie2020 Log" }, |
1929 | { (const uint8_t[]){ |
1930 | 0xee, 0xc0, 0x95, 0xee, 0x8d, 0x72, 0x64, 0x0f, 0x92, 0xe3, 0xc3, |
1931 | 0xb9, 0x1b, 0xc7, 0x12, 0xa3, 0x69, 0x6a, 0x09, 0x7b, 0x4b, 0x6a, |
1932 | 0x1a, 0x14, 0x38, 0xe6, 0x47, 0xb2, 0xcb, 0xed, 0xc5, 0xf9, |
1933 | }, |
1934 | 32, "DigiCert Nessie2021 Log" }, |
1935 | { (const uint8_t[]){ |
1936 | 0x51, 0xa3, 0xb0, 0xf5, 0xfd, 0x01, 0x79, 0x9c, 0x56, 0x6d, 0xb8, |
1937 | 0x37, 0x78, 0x8f, 0x0c, 0xa4, 0x7a, 0xcc, 0x1b, 0x27, 0xcb, 0xf7, |
1938 | 0x9e, 0x88, 0x42, 0x9a, 0x0d, 0xfe, 0xd4, 0x8b, 0x05, 0xe5, |
1939 | }, |
1940 | 32, "DigiCert Nessie2022 Log" }, |
1941 | { (const uint8_t[]){ |
1942 | 0xb3, 0x73, 0x77, 0x07, 0xe1, 0x84, 0x50, 0xf8, 0x63, 0x86, 0xd6, |
1943 | 0x05, 0xa9, 0xdc, 0x11, 0x09, 0x4a, 0x79, 0x2d, 0xb1, 0x67, 0x0c, |
1944 | 0x0b, 0x87, 0xdc, 0xf0, 0x03, 0x0e, 0x79, 0x36, 0xa5, 0x9a, |
1945 | }, |
1946 | 32, "DigiCert Nessie2023 Log" }, |
1947 | { (const uint8_t[]){ |
1948 | 0x73, 0xd9, 0x9e, 0x89, 0x1b, 0x4c, 0x96, 0x78, 0xa0, 0x20, 0x7d, |
1949 | 0x47, 0x9d, 0xe6, 0xb2, 0xc6, 0x1c, 0xd0, 0x51, 0x5e, 0x71, 0x19, |
1950 | 0x2a, 0x8c, 0x6b, 0x80, 0x10, 0x7a, 0xc1, 0x77, 0x72, 0xb5, |
1951 | }, |
1952 | 32, "DigiCert Nessie2024 Log" }, |
1953 | { (const uint8_t[]){ |
1954 | 0xe6, 0xd2, 0x31, 0x63, 0x40, 0x77, 0x8c, 0xc1, 0x10, 0x41, 0x06, |
1955 | 0xd7, 0x71, 0xb9, 0xce, 0xc1, 0xd2, 0x40, 0xf6, 0x96, 0x84, 0x86, |
1956 | 0xfb, 0xba, 0x87, 0x32, 0x1d, 0xfd, 0x1e, 0x37, 0x8e, 0x50, |
1957 | }, |
1958 | 32, "DigiCert Nessie2025 Log" }, |
1959 | { (const uint8_t[]){ |
1960 | 0xb6, 0x9d, 0xdc, 0xbc, 0x3c, 0x1a, 0xbd, 0xef, 0x6f, 0x9f, 0xd6, |
1961 | 0x0c, 0x88, 0xb1, 0x06, 0x7b, 0x77, 0xf0, 0x82, 0x68, 0x8b, 0x2d, |
1962 | 0x78, 0x65, 0xd0, 0x4b, 0x39, 0xab, 0xe9, 0x27, 0xa5, 0x75, |
1963 | }, |
1964 | 32, "DigiCert 'Wyvern2024h1' Log" }, |
1965 | { (const uint8_t[]){ |
1966 | 0x0c, 0x2a, 0xef, 0x2c, 0x4a, 0x5b, 0x98, 0x83, 0xd4, 0xdd, 0xa3, |
1967 | 0x82, 0xfe, 0x50, 0xfb, 0x51, 0x88, 0xb3, 0xe9, 0x73, 0x33, 0xa1, |
1968 | 0xec, 0x53, 0xa0, 0x9d, 0xc9, 0xa7, 0x9d, 0x0d, 0x08, 0x20, |
1969 | }, |
1970 | 32, "DigiCert 'Wyvern2024h2' Log" }, |
1971 | { (const uint8_t[]){ |
1972 | 0x73, 0x20, 0x22, 0x0f, 0x08, 0x16, 0x8a, 0xf9, 0xf3, 0xc4, 0xa6, |
1973 | 0x8b, 0x0a, 0xb2, 0x6a, 0x9a, 0x4a, 0x00, 0xee, 0xf5, 0x77, 0x85, |
1974 | 0x8a, 0x08, 0x4d, 0x05, 0x00, 0xd4, 0xa5, 0x42, 0x44, 0x59, |
1975 | }, |
1976 | 32, "DigiCert 'Wyvern2025h1' Log" }, |
1977 | { (const uint8_t[]){ |
1978 | 0xed, 0x3c, 0x4b, 0xd6, 0xe8, 0x06, 0xc2, 0xa4, 0xa2, 0x00, 0x57, |
1979 | 0xdb, 0xcb, 0x24, 0xe2, 0x38, 0x01, 0xdf, 0x51, 0x2f, 0xed, 0xc4, |
1980 | 0x86, 0xc5, 0x70, 0x0f, 0x20, 0xdd, 0xb7, 0x3e, 0x3f, 0xe0, |
1981 | }, |
1982 | 32, "DigiCert 'Wyvern2025h2' Log" }, |
1983 | { (const uint8_t[]){ |
1984 | 0xdb, 0x07, 0x6c, 0xde, 0x6a, 0x8b, 0x78, 0xec, 0x58, 0xd6, 0x05, |
1985 | 0x64, 0x96, 0xeb, 0x6a, 0x26, 0xa8, 0xc5, 0x9e, 0x72, 0x12, 0x93, |
1986 | 0xe8, 0xac, 0x03, 0x27, 0xdd, 0xde, 0x89, 0xdb, 0x5a, 0x2a, |
1987 | }, |
1988 | 32, "DigiCert 'Sphinx2024h1' Log" }, |
1989 | { (const uint8_t[]){ |
1990 | 0xdc, 0xc9, 0x5e, 0x6f, 0xa2, 0x99, 0xb9, 0xb0, 0xfd, 0xbd, 0x6c, |
1991 | 0xa6, 0xa3, 0x6e, 0x1d, 0x72, 0xc4, 0x21, 0x2f, 0xdd, 0x1e, 0x0f, |
1992 | 0x47, 0x55, 0x3a, 0x36, 0xd6, 0xcf, 0x1a, 0xd1, 0x1d, 0x8d, |
1993 | }, |
1994 | 32, "DigiCert 'Sphinx2024h2' Log" }, |
1995 | { (const uint8_t[]){ |
1996 | 0xde, 0x85, 0x81, 0xd7, 0x50, 0x24, 0x7c, 0x6b, 0xcd, 0xcb, 0xaf, |
1997 | 0x56, 0x37, 0xc5, 0xe7, 0x81, 0xc6, 0x4c, 0xe4, 0x6e, 0xd6, 0x17, |
1998 | 0x63, 0x9f, 0x8f, 0x34, 0xa7, 0x26, 0xc9, 0xe2, 0xbd, 0x37, |
1999 | }, |
2000 | 32, "DigiCert 'Sphinx2025h1' Log" }, |
2001 | { (const uint8_t[]){ |
2002 | 0xa4, 0x42, 0xc5, 0x06, 0x49, 0x60, 0x61, 0x54, 0x8f, 0x0f, 0xd4, |
2003 | 0xea, 0x9c, 0xfb, 0x7a, 0x2d, 0x26, 0x45, 0x4d, 0x87, 0xa9, 0x7f, |
2004 | 0x2f, 0xdf, 0x45, 0x59, 0xf6, 0x27, 0x4f, 0x3a, 0x84, 0x54, |
2005 | }, |
2006 | 32, "DigiCert 'Sphinx2025h2' Log" }, |
2007 | { (const uint8_t[]){ |
2008 | 0xdd, 0xeb, 0x1d, 0x2b, 0x7a, 0x0d, 0x4f, 0xa6, 0x20, 0x8b, 0x81, |
2009 | 0xad, 0x81, 0x68, 0x70, 0x7e, 0x2e, 0x8e, 0x9d, 0x01, 0xd5, 0x5c, |
2010 | 0x88, 0x8d, 0x3d, 0x11, 0xc4, 0xcd, 0xb6, 0xec, 0xbe, 0xcc, |
2011 | }, |
2012 | 32, "Symantec log" }, |
2013 | { (const uint8_t[]){ |
2014 | 0xbc, 0x78, 0xe1, 0xdf, 0xc5, 0xf6, 0x3c, 0x68, 0x46, 0x49, 0x33, |
2015 | 0x4d, 0xa1, 0x0f, 0xa1, 0x5f, 0x09, 0x79, 0x69, 0x20, 0x09, 0xc0, |
2016 | 0x81, 0xb4, 0xf3, 0xf6, 0x91, 0x7f, 0x3e, 0xd9, 0xb8, 0xa5, |
2017 | }, |
2018 | 32, "Symantec 'Vega' log" }, |
2019 | { (const uint8_t[]){ |
2020 | 0x15, 0x97, 0x04, 0x88, 0xd7, 0xb9, 0x97, 0xa0, 0x5b, 0xeb, 0x52, |
2021 | 0x51, 0x2a, 0xde, 0xe8, 0xd2, 0xe8, 0xb4, 0xa3, 0x16, 0x52, 0x64, |
2022 | 0x12, 0x1a, 0x9f, 0xab, 0xfb, 0xd5, 0xf8, 0x5a, 0xd9, 0x3f, |
2023 | }, |
2024 | 32, "Symantec 'Sirius' log" }, |
2025 | { (const uint8_t[]){ |
2026 | 0x05, 0x9c, 0x01, 0xd3, 0x20, 0xe0, 0x07, 0x84, 0x13, 0x95, 0x80, |
2027 | 0x49, 0x8d, 0x11, 0x7c, 0x90, 0x32, 0x66, 0xaf, 0xaf, 0x72, 0x50, |
2028 | 0xb5, 0xaf, 0x3b, 0x46, 0xa4, 0x3e, 0x11, 0x84, 0x0d, 0x4a, |
2029 | }, |
2030 | 32, "DigiCert Yeti2022-2 Log" }, |
2031 | { (const uint8_t[]){ |
2032 | 0xc1, 0x16, 0x4a, 0xe0, 0xa7, 0x72, 0xd2, 0xd4, 0x39, 0x2d, 0xc8, |
2033 | 0x0a, 0xc1, 0x07, 0x70, 0xd4, 0xf0, 0xc4, 0x9b, 0xde, 0x99, 0x1a, |
2034 | 0x48, 0x40, 0xc1, 0xfa, 0x07, 0x51, 0x64, 0xf6, 0x33, 0x60, |
2035 | }, |
2036 | 32, "DigiCert Yeti2018 Log" }, |
2037 | { (const uint8_t[]){ |
2038 | 0xe2, 0x69, 0x4b, 0xae, 0x26, 0xe8, 0xe9, 0x40, 0x09, 0xe8, 0x86, |
2039 | 0x1b, 0xb6, 0x3b, 0x83, 0xd4, 0x3e, 0xe7, 0xfe, 0x74, 0x88, 0xfb, |
2040 | 0xa4, 0x8f, 0x28, 0x93, 0x01, 0x9d, 0xdd, 0xf1, 0xdb, 0xfe, |
2041 | }, |
2042 | 32, "DigiCert Yeti2019 Log" }, |
2043 | { (const uint8_t[]){ |
2044 | 0x6f, 0xf1, 0x41, 0xb5, 0x64, 0x7e, 0x42, 0x22, 0xf7, 0xef, 0x05, |
2045 | 0x2c, 0xef, 0xae, 0x7c, 0x21, 0xfd, 0x60, 0x8e, 0x27, 0xd2, 0xaf, |
2046 | 0x5a, 0x6e, 0x9f, 0x4b, 0x8a, 0x37, 0xd6, 0x63, 0x3e, 0xe5, |
2047 | }, |
2048 | 32, "DigiCert Nessie2018 Log" }, |
2049 | { (const uint8_t[]){ |
2050 | 0xfe, 0x44, 0x61, 0x08, 0xb1, 0xd0, 0x1a, 0xb7, 0x8a, 0x62, 0xcc, |
2051 | 0xfe, 0xab, 0x6a, 0xb2, 0xb2, 0xba, 0xbf, 0xf3, 0xab, 0xda, 0xd8, |
2052 | 0x0a, 0x4d, 0x8b, 0x30, 0xdf, 0x2d, 0x00, 0x08, 0x83, 0x0c, |
2053 | }, |
2054 | 32, "DigiCert Nessie2019 Log" }, |
2055 | { (const uint8_t[]){ |
2056 | 0xa7, 0xce, 0x4a, 0x4e, 0x62, 0x07, 0xe0, 0xad, 0xde, 0xe5, 0xfd, |
2057 | 0xaa, 0x4b, 0x1f, 0x86, 0x76, 0x87, 0x67, 0xb5, 0xd0, 0x02, 0xa5, |
2058 | 0x5d, 0x47, 0x31, 0x0e, 0x7e, 0x67, 0x0a, 0x95, 0xea, 0xb2, |
2059 | }, |
2060 | 32, "Symantec Deneb" }, |
2061 | { (const uint8_t[]){ |
2062 | 0xcd, 0xb5, 0x17, 0x9b, 0x7f, 0xc1, 0xc0, 0x46, 0xfe, 0xea, 0x31, |
2063 | 0x13, 0x6a, 0x3f, 0x8f, 0x00, 0x2e, 0x61, 0x82, 0xfa, 0xf8, 0x89, |
2064 | 0x6f, 0xec, 0xc8, 0xb2, 0xf5, 0xb5, 0xab, 0x60, 0x49, 0x00, |
2065 | }, |
2066 | 32, "Certly.IO log" }, |
2067 | { (const uint8_t[]){ |
2068 | 0x74, 0x61, 0xb4, 0xa0, 0x9c, 0xfb, 0x3d, 0x41, 0xd7, 0x51, 0x59, |
2069 | 0x57, 0x5b, 0x2e, 0x76, 0x49, 0xa4, 0x45, 0xa8, 0xd2, 0x77, 0x09, |
2070 | 0xb0, 0xcc, 0x56, 0x4a, 0x64, 0x82, 0xb7, 0xeb, 0x41, 0xa3, |
2071 | }, |
2072 | 32, "Izenpe log" }, |
2073 | { (const uint8_t[]){ |
2074 | 0x89, 0x41, 0x44, 0x9c, 0x70, 0x74, 0x2e, 0x06, 0xb9, 0xfc, 0x9c, |
2075 | 0xe7, 0xb1, 0x16, 0xba, 0x00, 0x24, 0xaa, 0x36, 0xd5, 0x9a, 0xf4, |
2076 | 0x4f, 0x02, 0x04, 0x40, 0x4f, 0x00, 0xf7, 0xea, 0x85, 0x66, |
2077 | }, |
2078 | 32, "Izenpe 'Argi' log" }, |
2079 | { (const uint8_t[]){ |
2080 | 0x41, 0xb2, 0xdc, 0x2e, 0x89, 0xe6, 0x3c, 0xe4, 0xaf, 0x1b, 0xa7, |
2081 | 0xbb, 0x29, 0xbf, 0x68, 0xc6, 0xde, 0xe6, 0xf9, 0xf1, 0xcc, 0x04, |
2082 | 0x7e, 0x30, 0xdf, 0xfa, 0xe3, 0xb3, 0xba, 0x25, 0x92, 0x63, |
2083 | }, |
2084 | 32, "WoSign log" }, |
2085 | { (const uint8_t[]){ |
2086 | 0x9e, 0x4f, 0xf7, 0x3d, 0xc3, 0xce, 0x22, 0x0b, 0x69, 0x21, 0x7c, |
2087 | 0x89, 0x9e, 0x46, 0x80, 0x76, 0xab, 0xf8, 0xd7, 0x86, 0x36, 0xd5, |
2088 | 0xcc, 0xfc, 0x85, 0xa3, 0x1a, 0x75, 0x62, 0x8b, 0xa8, 0x8b, |
2089 | }, |
2090 | 32, "WoSign CT log #1" }, |
2091 | { (const uint8_t[]){ |
2092 | 0x63, 0xd0, 0x00, 0x60, 0x26, 0xdd, 0xe1, 0x0b, 0xb0, 0x60, 0x1f, |
2093 | 0x45, 0x24, 0x46, 0x96, 0x5e, 0xe2, 0xb6, 0xea, 0x2c, 0xd4, 0xfb, |
2094 | 0xc9, 0x5a, 0xc8, 0x66, 0xa5, 0x50, 0xaf, 0x90, 0x75, 0xb7, |
2095 | }, |
2096 | 32, "WoSign log 2" }, |
2097 | { (const uint8_t[]){ |
2098 | 0xac, 0x3b, 0x9a, 0xed, 0x7f, 0xa9, 0x67, 0x47, 0x57, 0x15, 0x9e, |
2099 | 0x6d, 0x7d, 0x57, 0x56, 0x72, 0xf9, 0xd9, 0x81, 0x00, 0x94, 0x1e, |
2100 | 0x9b, 0xde, 0xff, 0xec, 0xa1, 0x31, 0x3b, 0x75, 0x78, 0x2d, |
2101 | }, |
2102 | 32, "Venafi log" }, |
2103 | { (const uint8_t[]){ |
2104 | 0x03, 0x01, 0x9d, 0xf3, 0xfd, 0x85, 0xa6, 0x9a, 0x8e, 0xbd, 0x1f, |
2105 | 0xac, 0xc6, 0xda, 0x9b, 0xa7, 0x3e, 0x46, 0x97, 0x74, 0xfe, 0x77, |
2106 | 0xf5, 0x79, 0xfc, 0x5a, 0x08, 0xb8, 0x32, 0x8c, 0x1d, 0x6b, |
2107 | }, |
2108 | 32, "Venafi Gen2 CT log" }, |
2109 | { (const uint8_t[]){ |
2110 | 0xa5, 0x77, 0xac, 0x9c, 0xed, 0x75, 0x48, 0xdd, 0x8f, 0x02, 0x5b, |
2111 | 0x67, 0xa2, 0x41, 0x08, 0x9d, 0xf8, 0x6e, 0x0f, 0x47, 0x6e, 0xc2, |
2112 | 0x03, 0xc2, 0xec, 0xbe, 0xdb, 0x18, 0x5f, 0x28, 0x26, 0x38, |
2113 | }, |
2114 | 32, "CNNIC CT log" }, |
2115 | { (const uint8_t[]){ |
2116 | 0x34, 0xbb, 0x6a, 0xd6, 0xc3, 0xdf, 0x9c, 0x03, 0xee, 0xa8, 0xa4, |
2117 | 0x99, 0xff, 0x78, 0x91, 0x48, 0x6c, 0x9d, 0x5e, 0x5c, 0xac, 0x92, |
2118 | 0xd0, 0x1f, 0x7b, 0xfd, 0x1b, 0xce, 0x19, 0xdb, 0x48, 0xef, |
2119 | }, |
2120 | 32, "StartCom log" }, |
2121 | { (const uint8_t[]){ |
2122 | 0x55, 0x81, 0xd4, 0xc2, 0x16, 0x90, 0x36, 0x01, 0x4a, 0xea, 0x0b, |
2123 | 0x9b, 0x57, 0x3c, 0x53, 0xf0, 0xc0, 0xe4, 0x38, 0x78, 0x70, 0x25, |
2124 | 0x08, 0x17, 0x2f, 0xa3, 0xaa, 0x1d, 0x07, 0x13, 0xd3, 0x0c, |
2125 | }, |
2126 | 32, "Sectigo 'Sabre' CT log" }, |
2127 | { (const uint8_t[]){ |
2128 | 0xa2, 0xe2, 0xbf, 0xd6, 0x1e, 0xde, 0x2f, 0x2f, 0x07, 0xa0, 0xd6, |
2129 | 0x4e, 0x6d, 0x37, 0xa7, 0xdc, 0x65, 0x43, 0xb0, 0xc6, 0xb5, 0x2e, |
2130 | 0xa2, 0xda, 0xb7, 0x8a, 0xf8, 0x9a, 0x6d, 0xf5, 0x17, 0xd8, |
2131 | }, |
2132 | 32, "Sectigo 'Sabre2024h1'" }, |
2133 | { (const uint8_t[]){ |
2134 | 0x19, 0x98, 0x10, 0x71, 0x09, 0xf0, 0xd6, 0x52, 0x2e, 0x30, 0x80, |
2135 | 0xd2, 0x9e, 0x3f, 0x64, 0xbb, 0x83, 0x6e, 0x28, 0xcc, 0xf9, 0x0f, |
2136 | 0x52, 0x8e, 0xee, 0xdf, 0xce, 0x4a, 0x3f, 0x16, 0xb4, 0xca, |
2137 | }, |
2138 | 32, "Sectigo 'Sabre2024h2'" }, |
2139 | { (const uint8_t[]){ |
2140 | 0xe0, 0x92, 0xb3, 0xfc, 0x0c, 0x1d, 0xc8, 0xe7, 0x68, 0x36, 0x1f, |
2141 | 0xde, 0x61, 0xb9, 0x96, 0x4d, 0x0a, 0x52, 0x78, 0x19, 0x8a, 0x72, |
2142 | 0xd6, 0x72, 0xc4, 0xb0, 0x4d, 0xa5, 0x6d, 0x6f, 0x54, 0x04, |
2143 | }, |
2144 | 32, "Sectigo 'Sabre2025h1'" }, |
2145 | { (const uint8_t[]){ |
2146 | 0x1a, 0x04, 0xff, 0x49, 0xd0, 0x54, 0x1d, 0x40, 0xaf, 0xf6, 0xa0, |
2147 | 0xc3, 0xbf, 0xf1, 0xd8, 0xc4, 0x67, 0x2f, 0x4e, 0xec, 0xee, 0x23, |
2148 | 0x40, 0x68, 0x98, 0x6b, 0x17, 0x40, 0x2e, 0xdc, 0x89, 0x7d, |
2149 | }, |
2150 | 32, "Sectigo 'Sabre2025h2'" }, |
2151 | { (const uint8_t[]){ |
2152 | 0x6f, 0x53, 0x76, 0xac, 0x31, 0xf0, 0x31, 0x19, 0xd8, 0x99, 0x00, |
2153 | 0xa4, 0x51, 0x15, 0xff, 0x77, 0x15, 0x1c, 0x11, 0xd9, 0x02, 0xc1, |
2154 | 0x00, 0x29, 0x06, 0x8d, 0xb2, 0x08, 0x9a, 0x37, 0xd9, 0x13, |
2155 | }, |
2156 | 32, "Sectigo 'Mammoth' CT log" }, |
2157 | { (const uint8_t[]){ |
2158 | 0x29, 0xd0, 0x3a, 0x1b, 0xb6, 0x74, 0xaa, 0x71, 0x1c, 0xd3, 0x03, |
2159 | 0x5b, 0x65, 0x57, 0xc1, 0x4f, 0x8a, 0xa7, 0x8b, 0x4f, 0xe8, 0x38, |
2160 | 0x94, 0x49, 0xec, 0xa4, 0x53, 0xf9, 0x44, 0xbd, 0x24, 0x68, |
2161 | }, |
2162 | 32, "Sectigo 'Mammoth2024h1'" }, |
2163 | { (const uint8_t[]){ |
2164 | 0x50, 0x85, 0x01, 0x58, 0xdc, 0xb6, 0x05, 0x95, 0xc0, 0x0e, 0x92, |
2165 | 0xa8, 0x11, 0x02, 0xec, 0xcd, 0xfe, 0x3f, 0x6b, 0x78, 0x58, 0x42, |
2166 | 0x9f, 0x57, 0x98, 0x35, 0x38, 0xc9, 0xda, 0x52, 0x50, 0x63, |
2167 | }, |
2168 | 32, "Sectigo 'Mammoth2024h1b'" }, |
2169 | { (const uint8_t[]){ |
2170 | 0xdf, 0xe1, 0x56, 0xeb, 0xaa, 0x05, 0xaf, 0xb5, 0x9c, 0x0f, 0x86, |
2171 | 0x71, 0x8d, 0xa8, 0xc0, 0x32, 0x4e, 0xae, 0x56, 0xd9, 0x6e, 0xa7, |
2172 | 0xf5, 0xa5, 0x6a, 0x01, 0xd1, 0xc1, 0x3b, 0xbe, 0x52, 0x5c, |
2173 | }, |
2174 | 32, "Sectigo 'Mammoth2024h2'" }, |
2175 | { (const uint8_t[]){ |
2176 | 0x13, 0x4a, 0xdf, 0x1a, 0xb5, 0x98, 0x42, 0x09, 0x78, 0x0c, 0x6f, |
2177 | 0xef, 0x4c, 0x7a, 0x91, 0xa4, 0x16, 0xb7, 0x23, 0x49, 0xce, 0x58, |
2178 | 0x57, 0x6a, 0xdf, 0xae, 0xda, 0xa7, 0xc2, 0xab, 0xe0, 0x22, |
2179 | }, |
2180 | 32, "Sectigo 'Mammoth2025h1'" }, |
2181 | { (const uint8_t[]){ |
2182 | 0xaf, 0x18, 0x1a, 0x28, 0xd6, 0x8c, 0xa3, 0xe0, 0xa9, 0x8a, 0x4c, |
2183 | 0x9c, 0x67, 0xab, 0x09, 0xf8, 0xbb, 0xbc, 0x22, 0xba, 0xae, 0xbc, |
2184 | 0xb1, 0x38, 0xa3, 0xa1, 0x9d, 0xd3, 0xf9, 0xb6, 0x03, 0x0d, |
2185 | }, |
2186 | 32, "Sectigo 'Mammoth2025h2'" }, |
2187 | { (const uint8_t[]){ |
2188 | 0x25, 0x2f, 0x94, 0xc2, 0x2b, 0x29, 0xe9, 0x6e, 0x9f, 0x41, 0x1a, |
2189 | 0x72, 0x07, 0x2b, 0x69, 0x5c, 0x5b, 0x52, 0xff, 0x97, 0xa9, 0x0d, |
2190 | 0x25, 0x40, 0xbb, 0xfc, 0xdc, 0x51, 0xec, 0x4d, 0xee, 0x0b, |
2191 | }, |
2192 | 32, "Sectigo 'Mammoth2026h1'" }, |
2193 | { (const uint8_t[]){ |
2194 | 0x94, 0xb1, 0xc1, 0x8a, 0xb0, 0xd0, 0x57, 0xc4, 0x7b, 0xe0, 0xac, |
2195 | 0x04, 0x0e, 0x1f, 0x2c, 0xbc, 0x8d, 0xc3, 0x75, 0x72, 0x7b, 0xc9, |
2196 | 0x51, 0xf2, 0x0a, 0x52, 0x61, 0x26, 0x86, 0x3b, 0xa7, 0x3c, |
2197 | }, |
2198 | 32, "Sectigo 'Mammoth2026h2'" }, |
2199 | { (const uint8_t[]){ |
2200 | 0x56, 0x6c, 0xd5, 0xa3, 0x76, 0xbe, 0x83, 0xdf, 0xe3, 0x42, 0xb6, |
2201 | 0x75, 0xc4, 0x9c, 0x23, 0x24, 0x98, 0xa7, 0x69, 0xba, 0xc3, 0x82, |
2202 | 0xcb, 0xab, 0x49, 0xa3, 0x87, 0x7d, 0x9a, 0xb3, 0x2d, 0x01, |
2203 | }, |
2204 | 32, "Sectigo 'Sabre2026h1'" }, |
2205 | { (const uint8_t[]){ |
2206 | 0x1f, 0x56, 0xd1, 0xab, 0x94, 0x70, 0x4a, 0x41, 0xdd, 0x3f, 0xea, |
2207 | 0xfd, 0xf4, 0x69, 0x93, 0x55, 0x30, 0x2c, 0x14, 0x31, 0xbf, 0xe6, |
2208 | 0x13, 0x46, 0x08, 0x9f, 0xff, 0xae, 0x79, 0x5d, 0xcc, 0x2f, |
2209 | }, |
2210 | 32, "Sectigo 'Sabre2026h2'" }, |
2211 | { (const uint8_t[]){ |
2212 | 0xdb, 0x76, 0xfd, 0xad, 0xac, 0x65, 0xe7, 0xd0, 0x95, 0x08, 0x88, |
2213 | 0x6e, 0x21, 0x59, 0xbd, 0x8b, 0x90, 0x35, 0x2f, 0x5f, 0xea, 0xd3, |
2214 | 0xe3, 0xdc, 0x5e, 0x22, 0xeb, 0x35, 0x0a, 0xcc, 0x7b, 0x98, |
2215 | }, |
2216 | 32, "Sectigo 'Dodo' CT log" }, |
2217 | { (const uint8_t[]){ |
2218 | 0xe7, 0x12, 0xf2, 0xb0, 0x37, 0x7e, 0x1a, 0x62, 0xfb, 0x8e, 0xc9, |
2219 | 0x0c, 0x61, 0x84, 0xf1, 0xea, 0x7b, 0x37, 0xcb, 0x56, 0x1d, 0x11, |
2220 | 0x26, 0x5b, 0xf3, 0xe0, 0xf3, 0x4b, 0xf2, 0x41, 0x54, 0x6e, |
2221 | }, |
2222 | 32, "Let's Encrypt 'Oak2020' log" }, |
2223 | { (const uint8_t[]){ |
2224 | 0x94, 0x20, 0xbc, 0x1e, 0x8e, 0xd5, 0x8d, 0x6c, 0x88, 0x73, 0x1f, |
2225 | 0x82, 0x8b, 0x22, 0x2c, 0x0d, 0xd1, 0xda, 0x4d, 0x5e, 0x6c, 0x4f, |
2226 | 0x94, 0x3d, 0x61, 0xdb, 0x4e, 0x2f, 0x58, 0x4d, 0xa2, 0xc2, |
2227 | }, |
2228 | 32, "Let's Encrypt 'Oak2021' log" }, |
2229 | { (const uint8_t[]){ |
2230 | 0xdf, 0xa5, 0x5e, 0xab, 0x68, 0x82, 0x4f, 0x1f, 0x6c, 0xad, 0xee, |
2231 | 0xb8, 0x5f, 0x4e, 0x3e, 0x5a, 0xea, 0xcd, 0xa2, 0x12, 0xa4, 0x6a, |
2232 | 0x5e, 0x8e, 0x3b, 0x12, 0xc0, 0x20, 0x44, 0x5c, 0x2a, 0x73, |
2233 | }, |
2234 | 32, "Let's Encrypt 'Oak2022' log" }, |
2235 | { (const uint8_t[]){ |
2236 | 0xb7, 0x3e, 0xfb, 0x24, 0xdf, 0x9c, 0x4d, 0xba, 0x75, 0xf2, 0x39, |
2237 | 0xc5, 0xba, 0x58, 0xf4, 0x6c, 0x5d, 0xfc, 0x42, 0xcf, 0x7a, 0x9f, |
2238 | 0x35, 0xc4, 0x9e, 0x1d, 0x09, 0x81, 0x25, 0xed, 0xb4, 0x99, |
2239 | }, |
2240 | 32, "Let's Encrypt 'Oak2023' log" }, |
2241 | { (const uint8_t[]){ |
2242 | 0x3b, 0x53, 0x77, 0x75, 0x3e, 0x2d, 0xb9, 0x80, 0x4e, 0x8b, 0x30, |
2243 | 0x5b, 0x06, 0xfe, 0x40, 0x3b, 0x67, 0xd8, 0x4f, 0xc3, 0xf4, 0xc7, |
2244 | 0xbd, 0x00, 0x0d, 0x2d, 0x72, 0x6f, 0xe1, 0xfa, 0xd4, 0x17, |
2245 | }, |
2246 | 32, "Let's Encrypt 'Oak2024H1' log" }, |
2247 | { (const uint8_t[]){ |
2248 | 0x3f, 0x17, 0x4b, 0x4f, 0xd7, 0x22, 0x47, 0x58, 0x94, 0x1d, 0x65, |
2249 | 0x1c, 0x84, 0xbe, 0x0d, 0x12, 0xed, 0x90, 0x37, 0x7f, 0x1f, 0x85, |
2250 | 0x6a, 0xeb, 0xc1, 0xbf, 0x28, 0x85, 0xec, 0xf8, 0x64, 0x6e, |
2251 | }, |
2252 | 32, "Let's Encrypt 'Oak2024H2' log" }, |
2253 | { (const uint8_t[]){ |
2254 | 0xa2, 0xe3, 0x0a, 0xe4, 0x45, 0xef, 0xbd, 0xad, 0x9b, 0x7e, 0x38, |
2255 | 0xed, 0x47, 0x67, 0x77, 0x53, 0xd7, 0x82, 0x5b, 0x84, 0x94, 0xd7, |
2256 | 0x2b, 0x5e, 0x1b, 0x2c, 0xc4, 0xb9, 0x50, 0xa4, 0x47, 0xe7, |
2257 | }, |
2258 | 32, "Let's Encrypt 'Oak2025h1'" }, |
2259 | { (const uint8_t[]){ |
2260 | 0x0d, 0xe1, 0xf2, 0x30, 0x2b, 0xd3, 0x0d, 0xc1, 0x40, 0x62, 0x12, |
2261 | 0x09, 0xea, 0x55, 0x2e, 0xfc, 0x47, 0x74, 0x7c, 0xb1, 0xd7, 0xe9, |
2262 | 0x30, 0xef, 0x0e, 0x42, 0x1e, 0xb4, 0x7e, 0x4e, 0xaa, 0x34, |
2263 | }, |
2264 | 32, "Let's Encrypt 'Oak2025h2'" }, |
2265 | { (const uint8_t[]){ |
2266 | 0x65, 0x9b, 0x33, 0x50, 0xf4, 0x3b, 0x12, 0xcc, 0x5e, 0xa5, 0xab, |
2267 | 0x4e, 0xc7, 0x65, 0xd3, 0xfd, 0xe6, 0xc8, 0x82, 0x43, 0x77, 0x77, |
2268 | 0x78, 0xe7, 0x20, 0x03, 0xf9, 0xeb, 0x2b, 0x8c, 0x31, 0x29, |
2269 | }, |
2270 | 32, "Let's Encrypt 'Oak2019' log" }, |
2271 | { (const uint8_t[]){ |
2272 | 0x84, 0x9f, 0x5f, 0x7f, 0x58, 0xd2, 0xbf, 0x7b, 0x54, 0xec, 0xbd, |
2273 | 0x74, 0x61, 0x1c, 0xea, 0x45, 0xc4, 0x9c, 0x98, 0xf1, 0xd6, 0x48, |
2274 | 0x1b, 0xc6, 0xf6, 0x9e, 0x8c, 0x17, 0x4f, 0x24, 0xf3, 0xcf, |
2275 | }, |
2276 | 32, "Let's Encrypt 'Testflume2019' log" }, |
2277 | { (const uint8_t[]){ |
2278 | 0x23, 0x2d, 0x41, 0xa4, 0xcd, 0xac, 0x87, 0xce, 0xd9, 0xf9, 0x43, |
2279 | 0xf4, 0x68, 0xc2, 0x82, 0x09, 0x5a, 0xe0, 0x9d, 0x30, 0xd6, 0x2e, |
2280 | 0x2f, 0xa6, 0x5d, 0xdc, 0x3b, 0x91, 0x9c, 0x2e, 0x46, 0x8f, |
2281 | }, |
2282 | 32, "Let's Encrypt 'Sapling 2022h2' log" }, |
2283 | { (const uint8_t[]){ |
2284 | 0xc1, 0x83, 0x24, 0x0b, 0xf1, 0xa4, 0x50, 0xc7, 0x6f, 0xbb, 0x00, |
2285 | 0x72, 0x69, 0xdc, 0xac, 0x3b, 0xe2, 0x2a, 0x48, 0x05, 0xd4, 0xdb, |
2286 | 0xe0, 0x49, 0x66, 0xc3, 0xc8, 0xab, 0xc4, 0x47, 0xb0, 0x0c, |
2287 | }, |
2288 | 32, "Let's Encrypt 'Sapling 2023h1' log" }, |
2289 | { (const uint8_t[]){ |
2290 | 0xc6, 0x3f, 0x22, 0x18, 0xc3, 0x7d, 0x56, 0xa6, 0xaa, 0x06, 0xb5, |
2291 | 0x96, 0xda, 0x8e, 0x53, 0xd4, 0xd7, 0x15, 0x6d, 0x1e, 0x9b, 0xac, |
2292 | 0x8e, 0x44, 0xd2, 0x20, 0x2d, 0xe6, 0x4d, 0x69, 0xd9, 0xdc, |
2293 | }, |
2294 | 32, "Let's Encrypt 'Testflume2020' log" }, |
2295 | { (const uint8_t[]){ |
2296 | 0x03, 0xed, 0xf1, 0xda, 0x97, 0x76, 0xb6, 0xf3, 0x8c, 0x34, 0x1e, |
2297 | 0x39, 0xed, 0x9d, 0x70, 0x7a, 0x75, 0x70, 0x36, 0x9c, 0xf9, 0x84, |
2298 | 0x4f, 0x32, 0x7f, 0xe9, 0xe1, 0x41, 0x38, 0x36, 0x1b, 0x60, |
2299 | }, |
2300 | 32, "Let's Encrypt 'Testflume2021' log" }, |
2301 | { (const uint8_t[]){ |
2302 | 0x23, 0x27, 0xef, 0xda, 0x35, 0x25, 0x10, 0xdb, 0xc0, 0x19, 0xef, |
2303 | 0x49, 0x1a, 0xe3, 0xff, 0x1c, 0xc5, 0xa4, 0x79, 0xbc, 0xe3, 0x78, |
2304 | 0x78, 0x36, 0x0e, 0xe3, 0x18, 0xcf, 0xfb, 0x64, 0xf8, 0xc8, |
2305 | }, |
2306 | 32, "Let's Encrypt 'Testflume2022' log" }, |
2307 | { (const uint8_t[]){ |
2308 | 0x55, 0x34, 0xb7, 0xab, 0x5a, 0x6a, 0xc3, 0xa7, 0xcb, 0xeb, 0xa6, |
2309 | 0x54, 0x87, 0xb2, 0xa2, 0xd7, 0x1b, 0x48, 0xf6, 0x50, 0xfa, 0x17, |
2310 | 0xc5, 0x19, 0x7c, 0x97, 0xa0, 0xcb, 0x20, 0x76, 0xf3, 0xc6, |
2311 | }, |
2312 | 32, "Let's Encrypt 'Testflume2023' log" }, |
2313 | { (const uint8_t[]){ |
2314 | 0x29, 0x6a, 0xfa, 0x2d, 0x56, 0x8b, 0xca, 0x0d, 0x2e, 0xa8, 0x44, |
2315 | 0x95, 0x6a, 0xe9, 0x72, 0x1f, 0xc3, 0x5f, 0xa3, 0x55, 0xec, 0xda, |
2316 | 0x99, 0x69, 0x3a, 0xaf, 0xd4, 0x58, 0xa7, 0x1a, 0xef, 0xdd, |
2317 | }, |
2318 | 32, "Let's Encrypt 'Clicky' log" }, |
2319 | { (const uint8_t[]){ |
2320 | 0xa5, 0x95, 0x94, 0x3b, 0x53, 0x70, 0xbe, 0xe9, 0x06, 0xe0, 0x05, |
2321 | 0x0d, 0x1f, 0xb5, 0xbb, 0xc6, 0xa4, 0x0e, 0x65, 0xf2, 0x65, 0xae, |
2322 | 0x85, 0x2c, 0x76, 0x36, 0x3f, 0xad, 0xb2, 0x33, 0x36, 0xed, |
2323 | }, |
2324 | 32, "Trust Asia Log2020" }, |
2325 | { (const uint8_t[]){ |
2326 | 0xa8, 0xdc, 0x52, 0xf6, 0x3d, 0x6b, 0x24, 0x25, 0xe5, 0x31, 0xe3, |
2327 | 0x7c, 0xf4, 0xe4, 0x4a, 0x71, 0x4f, 0x14, 0x2a, 0x20, 0x80, 0x3b, |
2328 | 0x0d, 0x04, 0xd2, 0xe2, 0xee, 0x06, 0x64, 0x79, 0x4a, 0x23, |
2329 | }, |
2330 | 32, "Trust Asia CT2021" }, |
2331 | { (const uint8_t[]){ |
2332 | 0x67, 0x8d, 0xb6, 0x5b, 0x3e, 0x74, 0x43, 0xb6, 0xf3, 0xa3, 0x70, |
2333 | 0xd5, 0xe1, 0x3a, 0xb1, 0xb4, 0x3b, 0xe0, 0xa0, 0xd3, 0x51, 0xf7, |
2334 | 0xca, 0x74, 0x22, 0x50, 0xc7, 0xc6, 0xfa, 0x51, 0xa8, 0x8a, |
2335 | }, |
2336 | 32, "Trust Asia Log2021" }, |
2337 | { (const uint8_t[]){ |
2338 | 0xc3, 0x65, 0xf9, 0xb3, 0x65, 0x4f, 0x32, 0x83, 0xc7, 0x9d, 0xa9, |
2339 | 0x8e, 0x93, 0xd7, 0x41, 0x8f, 0x5b, 0xab, 0x7b, 0xe3, 0x25, 0x2c, |
2340 | 0x98, 0xe1, 0xd2, 0xf0, 0x4b, 0xb9, 0xeb, 0x42, 0x7d, 0x23, |
2341 | }, |
2342 | 32, "Trust Asia Log2022" }, |
2343 | { (const uint8_t[]){ |
2344 | 0xe8, 0x7e, 0xa7, 0x66, 0x0b, 0xc2, 0x6c, 0xf6, 0x00, 0x2e, 0xf5, |
2345 | 0x72, 0x5d, 0x3f, 0xe0, 0xe3, 0x31, 0xb9, 0x39, 0x3b, 0xb9, 0x2f, |
2346 | 0xbf, 0x58, 0xeb, 0x3b, 0x90, 0x49, 0xda, 0xf5, 0x43, 0x5a, |
2347 | }, |
2348 | 32, "Trust Asia Log2023" }, |
2349 | { (const uint8_t[]){ |
2350 | 0x30, 0x6d, 0x29, 0x57, 0x6a, 0xd2, 0x1a, 0x9d, 0x4a, 0xe1, 0x2a, |
2351 | 0xca, 0xd8, 0xaa, 0x8a, 0x78, 0x3a, 0xa6, 0x5a, 0x32, 0x11, 0x60, |
2352 | 0xac, 0xff, 0x5b, 0x0e, 0xee, 0x4c, 0xa3, 0x20, 0x1d, 0x05, |
2353 | }, |
2354 | 32, "Trust Asia Log2024" }, |
2355 | { (const uint8_t[]){ |
2356 | 0x87, 0x4f, 0xb5, 0x0d, 0xc0, 0x29, 0xd9, 0x93, 0x1d, 0xe5, 0x73, |
2357 | 0xe9, 0xf2, 0x89, 0x9e, 0x8e, 0x45, 0x33, 0xb3, 0x92, 0xd3, 0x8b, |
2358 | 0x0a, 0x46, 0x25, 0x74, 0xbf, 0x0f, 0xee, 0xb2, 0xfc, 0x1e, |
2359 | }, |
2360 | 32, "Trust Asia Log2024-2" }, |
2361 | { (const uint8_t[]){ |
2362 | 0x28, 0xe2, 0x81, 0x38, 0xfd, 0x83, 0x21, 0x45, 0xe9, 0xa9, 0xd6, |
2363 | 0xaa, 0x75, 0x37, 0x6d, 0x83, 0x77, 0xa8, 0x85, 0x12, 0xb3, 0xc0, |
2364 | 0x7f, 0x72, 0x41, 0x48, 0x21, 0xdc, 0xbd, 0xe9, 0x8c, 0x66, |
2365 | }, |
2366 | 32, "TrustAsia Log2025a" }, |
2367 | { (const uint8_t[]){ |
2368 | 0x28, 0x2c, 0x8b, 0xdd, 0x81, 0x0f, 0xf9, 0x09, 0x12, 0x0a, 0xce, |
2369 | 0x16, 0xd6, 0xe0, 0xec, 0x20, 0x1b, 0xea, 0x82, 0xa3, 0xa4, 0xaf, |
2370 | 0x19, 0xd9, 0xef, 0xfb, 0x59, 0xe8, 0x3f, 0xdc, 0x42, 0x68, |
2371 | }, |
2372 | 32, "TrustAsia Log2025b" }, |
2373 | { (const uint8_t[]){ |
2374 | 0x74, 0xdb, 0x9d, 0x58, 0xf7, 0xd4, 0x7e, 0x9d, 0xfd, 0x78, 0x7a, |
2375 | 0x16, 0x2a, 0x99, 0x1c, 0x18, 0xcf, 0x69, 0x8d, 0xa7, 0xc7, 0x29, |
2376 | 0x91, 0x8c, 0x9a, 0x18, 0xb0, 0x45, 0x0d, 0xba, 0x44, 0xbc, |
2377 | }, |
2378 | 32, "TrustAsia 'log2026a'" }, |
2379 | { (const uint8_t[]){ |
2380 | 0x25, 0xb7, 0xef, 0xde, 0xa1, 0x13, 0x01, 0x93, 0xed, 0x93, 0x07, |
2381 | 0x97, 0x70, 0xaa, 0x32, 0x2a, 0x26, 0x62, 0x0d, 0xe3, 0x5a, 0xc8, |
2382 | 0xaa, 0x7c, 0x75, 0x19, 0x7d, 0xe0, 0xb1, 0xa9, 0xe0, 0x65, |
2383 | }, |
2384 | 32, "TrustAsia 'log2026b'" }, |
2385 | { (const uint8_t[]){ |
2386 | 0x45, 0x35, 0x94, 0x98, 0xd9, 0x3a, 0x89, 0xe0, 0x28, 0x03, 0x08, |
2387 | 0xd3, 0x7d, 0x62, 0x6d, 0xc4, 0x23, 0x75, 0x47, 0x58, 0xdc, 0xe0, |
2388 | 0x37, 0x00, 0x36, 0xfb, 0xab, 0x0e, 0xdf, 0x8a, 0x6b, 0xcf, |
2389 | }, |
2390 | 32, "Trust Asia Log1" }, |
2391 | { (const uint8_t[]){ |
2392 | 0xc9, 0xcf, 0x89, 0x0a, 0x21, 0x10, 0x9c, 0x66, 0x6c, 0xc1, 0x7a, |
2393 | 0x3e, 0xd0, 0x65, 0xc9, 0x30, 0xd0, 0xe0, 0x13, 0x5a, 0x9f, 0xeb, |
2394 | 0xa8, 0x5a, 0xf1, 0x42, 0x10, 0xb8, 0x07, 0x24, 0x21, 0xaa, |
2395 | }, |
2396 | 32, "GDCA CT log #1" }, |
2397 | { (const uint8_t[]){ |
2398 | 0x92, 0x4a, 0x30, 0xf9, 0x09, 0x33, 0x6f, 0xf4, 0x35, 0xd6, 0x99, |
2399 | 0x3a, 0x10, 0xac, 0x75, 0xa2, 0xc6, 0x41, 0x72, 0x8e, 0x7f, 0xc2, |
2400 | 0xd6, 0x59, 0xae, 0x61, 0x88, 0xff, 0xad, 0x40, 0xce, 0x01, |
2401 | }, |
2402 | 32, "GDCA CT log #2" }, |
2403 | { (const uint8_t[]){ |
2404 | 0x71, 0x7e, 0xa7, 0x42, 0x09, 0x75, 0xbe, 0x84, 0xa2, 0x72, 0x35, |
2405 | 0x53, 0xf1, 0x77, 0x7c, 0x26, 0xdd, 0x51, 0xaf, 0x4e, 0x10, 0x21, |
2406 | 0x44, 0x09, 0x4d, 0x90, 0x19, 0xb4, 0x62, 0xfb, 0x66, 0x68, |
2407 | }, |
2408 | 32, "GDCA Log 1" }, |
2409 | { (const uint8_t[]){ |
2410 | 0x14, 0x30, 0x8d, 0x90, 0xcc, 0xd0, 0x30, 0x13, 0x50, 0x05, 0xc0, |
2411 | 0x1c, 0xa5, 0x26, 0xd8, 0x1e, 0x84, 0xe8, 0x76, 0x24, 0xe3, 0x9b, |
2412 | 0x62, 0x48, 0xe0, 0x8f, 0x72, 0x4a, 0xea, 0x3b, 0xb4, 0x2a, |
2413 | }, |
2414 | 32, "GDCA Log 2" }, |
2415 | { (const uint8_t[]){ |
2416 | 0xe0, 0x12, 0x76, 0x29, 0xe9, 0x04, 0x96, 0x56, 0x4e, 0x3d, 0x01, |
2417 | 0x47, 0x98, 0x44, 0x98, 0xaa, 0x48, 0xf8, 0xad, 0xb1, 0x66, 0x00, |
2418 | 0xeb, 0x79, 0x02, 0xa1, 0xef, 0x99, 0x09, 0x90, 0x62, 0x73, |
2419 | }, |
2420 | 32, "PuChuangSiDa CT log" }, |
2421 | { (const uint8_t[]){ |
2422 | 0x53, 0x7b, 0x69, 0xa3, 0x56, 0x43, 0x35, 0xa9, 0xc0, 0x49, 0x04, |
2423 | 0xe3, 0x95, 0x93, 0xb2, 0xc2, 0x98, 0xeb, 0x8d, 0x7a, 0x6e, 0x83, |
2424 | 0x02, 0x36, 0x35, 0xc6, 0x27, 0x24, 0x8c, 0xd6, 0xb4, 0x40, |
2425 | }, |
2426 | 32, "Nordu 'flimsy' log" }, |
2427 | { (const uint8_t[]){ |
2428 | 0xaa, 0xe7, 0x0b, 0x7f, 0x3c, 0xb8, 0xd5, 0x66, 0xc8, 0x6c, 0x2f, |
2429 | 0x16, 0x97, 0x9c, 0x9f, 0x44, 0x5f, 0x69, 0xab, 0x0e, 0xb4, 0x53, |
2430 | 0x55, 0x89, 0xb2, 0xf7, 0x7a, 0x03, 0x01, 0x04, 0xf3, 0xcd, |
2431 | }, |
2432 | 32, "Nordu 'plausible' log" }, |
2433 | { (const uint8_t[]){ |
2434 | 0xcf, 0x55, 0xe2, 0x89, 0x23, 0x49, 0x7c, 0x34, 0x0d, 0x52, 0x06, |
2435 | 0xd0, 0x53, 0x53, 0xae, 0xb2, 0x58, 0x34, 0xb5, 0x2f, 0x1f, 0x8d, |
2436 | 0xc9, 0x52, 0x68, 0x09, 0xf2, 0x12, 0xef, 0xdd, 0x7c, 0xa6, |
2437 | }, |
2438 | 32, "SHECA CT log 1" }, |
2439 | { (const uint8_t[]){ |
2440 | 0x32, 0xdc, 0x59, 0xc2, 0xd4, 0xc4, 0x19, 0x68, 0xd5, 0x6e, 0x14, |
2441 | 0xbc, 0x61, 0xac, 0x8f, 0x0e, 0x45, 0xdb, 0x39, 0xfa, 0xf3, 0xc1, |
2442 | 0x55, 0xaa, 0x42, 0x52, 0xf5, 0x00, 0x1f, 0xa0, 0xc6, 0x23, |
2443 | }, |
2444 | 32, "SHECA CT log 2" }, |
2445 | { (const uint8_t[]){ |
2446 | 0x96, 0x06, 0xc0, 0x2c, 0x69, 0x00, 0x33, 0xaa, 0x1d, 0x14, 0x5f, |
2447 | 0x59, 0xc6, 0xe2, 0x64, 0x8d, 0x05, 0x49, 0xf0, 0xdf, 0x96, 0xaa, |
2448 | 0xb8, 0xdb, 0x91, 0x5a, 0x70, 0xd8, 0xec, 0xf3, 0x90, 0xa5, |
2449 | }, |
2450 | 32, "Akamai CT Log" }, |
2451 | { (const uint8_t[]){ |
2452 | 0x39, 0x37, 0x6f, 0x54, 0x5f, 0x7b, 0x46, 0x07, 0xf5, 0x97, 0x42, |
2453 | 0xd7, 0x68, 0xcd, 0x5d, 0x24, 0x37, 0xbf, 0x34, 0x73, 0xb6, 0x53, |
2454 | 0x4a, 0x48, 0x34, 0xbc, 0xf7, 0x2e, 0x68, 0x1c, 0x83, 0xc9, |
2455 | }, |
2456 | 32, "Alpha CT Log" }, |
2457 | { (const uint8_t[]){ |
2458 | 0xb0, 0xb7, 0x84, 0xbc, 0x81, 0xc0, 0xdd, 0xc4, 0x75, 0x44, 0xe8, |
2459 | 0x83, 0xf0, 0x59, 0x85, 0xbb, 0x90, 0x77, 0xd1, 0x34, 0xd8, 0xab, |
2460 | 0x88, 0xb2, 0xb2, 0xe5, 0x33, 0x98, 0x0b, 0x8e, 0x50, 0x8b, |
2461 | }, |
2462 | 32, "Up In The Air 'Behind the Sofa' log" }, |
2463 | { (const uint8_t[]){ |
2464 | 0x47, 0x44, 0x47, 0x7c, 0x75, 0xde, 0x42, 0x6d, 0x5c, 0x44, 0xef, |
2465 | 0xd4, 0xa9, 0x2c, 0x96, 0x77, 0x59, 0x7f, 0x65, 0x7a, 0x8f, 0xe0, |
2466 | 0xca, 0xdb, 0xc6, 0xd6, 0x16, 0xed, 0xa4, 0x97, 0xc4, 0x25, |
2467 | }, |
2468 | 32, "Qihoo 360 2020" }, |
2469 | { (const uint8_t[]){ |
2470 | 0xc6, 0xd7, 0xed, 0x9e, 0xdb, 0x8e, 0x74, 0xf0, 0xa7, 0x1b, 0x4d, |
2471 | 0x4a, 0x98, 0x4b, 0xcb, 0xeb, 0xab, 0xbd, 0x28, 0xcc, 0x1f, 0xd7, |
2472 | 0x63, 0x29, 0xe8, 0x87, 0x26, 0xcd, 0x4c, 0x25, 0x46, 0x63, |
2473 | }, |
2474 | 32, "Qihoo 360 2021" }, |
2475 | { (const uint8_t[]){ |
2476 | 0x66, 0x3c, 0xb0, 0x9c, 0x1f, 0xcd, 0x9b, 0xaa, 0x62, 0x76, 0x3c, |
2477 | 0xcb, 0x53, 0x4e, 0xec, 0x80, 0x58, 0x12, 0x28, 0x05, 0x07, 0xac, |
2478 | 0x69, 0xa4, 0x5f, 0xcd, 0x38, 0xcf, 0x4c, 0xc7, 0x4c, 0xf1, |
2479 | }, |
2480 | 32, "Qihoo 360 2022" }, |
2481 | { (const uint8_t[]){ |
2482 | 0xe2, 0x64, 0x7f, 0x6e, 0xda, 0x34, 0x05, 0x03, 0xc6, 0x4d, 0x4e, |
2483 | 0x10, 0xa8, 0x69, 0x68, 0x1f, 0xde, 0x9c, 0x5a, 0x2c, 0xf3, 0xb3, |
2484 | 0x2d, 0x5f, 0x20, 0x0b, 0x96, 0x36, 0x05, 0x90, 0x88, 0x23, |
2485 | }, |
2486 | 32, "Qihoo 360 2023" }, |
2487 | { (const uint8_t[]){ |
2488 | 0xc5, 0xcf, 0xe5, 0x4b, 0x61, 0x51, 0xb4, 0x9b, 0x14, 0x2e, 0xd2, |
2489 | 0x63, 0xbd, 0xe7, 0x32, 0x93, 0x36, 0x37, 0x99, 0x79, 0x95, 0x50, |
2490 | 0xae, 0x44, 0x35, 0xcd, 0x1a, 0x69, 0x97, 0xc9, 0xc3, 0xc3, |
2491 | }, |
2492 | 32, "Qihoo 360 v1 2020" }, |
2493 | { (const uint8_t[]){ |
2494 | 0x48, 0x14, 0x58, 0x7c, 0xf2, 0x8b, 0x08, 0xfe, 0x68, 0x3f, 0xd2, |
2495 | 0xbc, 0xd9, 0x45, 0x99, 0x4c, 0x2e, 0xb7, 0x4c, 0x8a, 0xe8, 0xc8, |
2496 | 0x7f, 0xce, 0x42, 0x9b, 0x7c, 0xd3, 0x1d, 0x51, 0xbd, 0xc4, |
2497 | }, |
2498 | 32, "Qihoo 360 v1 2021" }, |
2499 | { (const uint8_t[]){ |
2500 | 0x49, 0x11, 0xb8, 0xd6, 0x14, 0xcf, 0xd3, 0xd9, 0x9f, 0x16, 0xd3, |
2501 | 0x76, 0x54, 0x5e, 0xe1, 0xb8, 0xcc, 0xfc, 0x51, 0x1f, 0x50, 0x9f, |
2502 | 0x08, 0x0b, 0xa0, 0xa0, 0x87, 0xd9, 0x1d, 0xfa, 0xee, 0xa9, |
2503 | }, |
2504 | 32, "Qihoo 360 v1 2022" }, |
2505 | { (const uint8_t[]){ |
2506 | 0xb6, 0x74, 0x0b, 0x12, 0x00, 0x2e, 0x03, 0x3f, 0xd0, 0xe7, 0xe9, |
2507 | 0x41, 0xf4, 0xba, 0x3e, 0xe1, 0xbf, 0xc1, 0x49, 0xb5, 0x24, 0xb4, |
2508 | 0xcf, 0x62, 0x8d, 0x53, 0xef, 0xea, 0x1f, 0x40, 0x3a, 0x8d, |
2509 | }, |
2510 | 32, "Qihoo 360 v1 2023" }, |
2511 | { NULL((void*)0), 0, NULL((void*)0) } |
2512 | }; |
2513 | |
2514 | /* |
2515 | * Application-Layer Protocol Negotiation (ALPN) dissector tables. |
2516 | */ |
2517 | static dissector_table_t ssl_alpn_dissector_table; |
2518 | static dissector_table_t dtls_alpn_dissector_table; |
2519 | |
2520 | /* |
2521 | * Special cases for prefix matching of the ALPN, if the ALPN includes |
2522 | * a version number for a draft or protocol revision. |
2523 | */ |
2524 | typedef struct ssl_alpn_prefix_match_protocol { |
2525 | const char *proto_prefix; |
2526 | const char *dissector_name; |
2527 | } ssl_alpn_prefix_match_protocol_t; |
2528 | |
2529 | static const ssl_alpn_prefix_match_protocol_t ssl_alpn_prefix_match_protocols[] = { |
2530 | /* SPDY moves so fast, just 1, 2 and 3 are registered with IANA but there |
2531 | * already exists 3.1 as of this writing... match the prefix. */ |
2532 | { "spdy/", "spdy" }, |
2533 | /* draft-ietf-httpbis-http2-16 */ |
2534 | { "h2-", "http2" }, /* draft versions */ |
2535 | }; |
2536 | |
2537 | const value_string compress_certificate_algorithm_vals[] = { |
2538 | { 1, "zlib" }, |
2539 | { 2, "brotli" }, |
2540 | { 3, "zstd" }, |
2541 | { 0, NULL((void*)0) } |
2542 | }; |
2543 | |
2544 | |
2545 | const val64_string quic_transport_parameter_id[] = { |
2546 | { SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID0x00, "original_destination_connection_id" }, |
2547 | { SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT0x01, "max_idle_timeout" }, |
2548 | { SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN0x02, "stateless_reset_token" }, |
2549 | { SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE0x03, "max_udp_payload_size" }, |
2550 | { SSL_HND_QUIC_TP_INITIAL_MAX_DATA0x04, "initial_max_data" }, |
2551 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL0x05, "initial_max_stream_data_bidi_local" }, |
2552 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE0x06, "initial_max_stream_data_bidi_remote" }, |
2553 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI0x07, "initial_max_stream_data_uni" }, |
2554 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI0x09, "initial_max_streams_uni" }, |
2555 | { SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI0x08, "initial_max_streams_bidi" }, |
2556 | { SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT0x0a, "ack_delay_exponent" }, |
2557 | { SSL_HND_QUIC_TP_MAX_ACK_DELAY0x0b, "max_ack_delay" }, |
2558 | { SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION0x0c, "disable_active_migration" }, |
2559 | { SSL_HND_QUIC_TP_PREFERRED_ADDRESS0x0d, "preferred_address" }, |
2560 | { SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT0x0e, "active_connection_id_limit" }, |
2561 | { SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID0x0f, "initial_source_connection_id" }, |
2562 | { SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID0x10, "retry_source_connection_id" }, |
2563 | { SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE0x20, "max_datagram_frame_size" }, |
2564 | { SSL_HND_QUIC_TP_CIBIR_ENCODING0x1000, "cibir_encoding" }, |
2565 | { SSL_HND_QUIC_TP_LOSS_BITS0x1057, "loss_bits" }, |
2566 | { SSL_HND_QUIC_TP_GREASE_QUIC_BIT0x2ab2, "grease_quic_bit" }, |
2567 | { SSL_HND_QUIC_TP_ENABLE_TIME_STAMP0x7157, "enable_time_stamp" }, |
2568 | { SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V20x7158, "enable_time_stamp_v2" }, |
2569 | { SSL_HND_QUIC_TP_VERSION_INFORMATION0x11, "version_information" }, |
2570 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD0xde1a, "min_ack_delay" }, |
2571 | { SSL_HND_QUIC_TP_GOOGLE_USER_AGENT0x3129, "google_user_agent" }, |
2572 | { SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED0x312B, "google_key_update_not_yet_supported" }, |
2573 | { SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION0x4752, "google_quic_version" }, |
2574 | { SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT0x3127, "google_initial_rtt" }, |
2575 | { SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE0x312A, "google_support_handshake_done" }, |
2576 | { SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS0x4751, "google_quic_params" }, |
2577 | { SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS0x3128, "google_connection_options" }, |
2578 | { SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY0xFF00, "facebook_partial_reliability" }, |
2579 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V10xFF03DE1A, "min_ack_delay (draft-01)" }, |
2580 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT050xff04de1a, "min_ack_delay (draft-05)" }, |
2581 | { SSL_HND_QUIC_TP_MIN_ACK_DELAY0xff04de1b, "min_ack_delay" }, |
2582 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT040x0f739bbc1b666d04, "enable_multipath (draft-04)" }, |
2583 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT050x0f739bbc1b666d05, "enable_multipath (draft-05)" }, |
2584 | { SSL_HND_QUIC_TP_ENABLE_MULTIPATH0x0f739bbc1b666d06, "enable_multipath (draft-06)" }, |
2585 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATHS0x0f739bbc1b666d07, "initial_max_paths (draft-07/08)" }, |
2586 | { SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID0x0f739bbc1b666d09, "initial_max_path_id" }, |
2587 | { 0, NULL((void*)0) } |
2588 | }; |
2589 | |
2590 | /* https://tools.ietf.org/html/draft-huitema-quic-ts-03 */ |
2591 | const val64_string quic_enable_time_stamp_v2_vals[] = { |
2592 | { 1, "I would like to receive TIME_STAMP frames" }, |
2593 | { 2, "I am able to generate TIME_STAMP frames" }, |
2594 | { 3, "I am able to generate TIME_STAMP frames and I would like to receive them" }, |
2595 | { 0, NULL((void*)0) } |
2596 | }; |
2597 | |
2598 | /* https://tools.ietf.org/html/draft-multipath-04 */ |
2599 | const val64_string quic_enable_multipath_vals[] = { |
2600 | { 0, "don't support multipath" }, |
2601 | { 1, "support multipath as defined in this document" }, |
2602 | { 0, NULL((void*)0) } |
2603 | }; |
2604 | |
2605 | /* https://www.ietf.org/archive/id/draft-ietf-tls-esni-16.txt */ |
2606 | const value_string tls_hello_ext_ech_clienthello_types[] = { |
2607 | { 0, "Outer Client Hello" }, |
2608 | { 1, "Inner Client Hello" }, |
2609 | { 0, NULL((void*)0) } |
2610 | }; |
2611 | |
2612 | /* RFC 9180 */ |
2613 | const value_string kem_id_type_vals[] = { |
2614 | { 0x0000, "Reserved" }, |
2615 | { 0x0010, "DHKEM(P-256, HKDF-SHA256)" }, |
2616 | { 0x0011, "DHKEM(P-384, HKDF-SHA384)" }, |
2617 | { 0x0012, "DHKEM(P-521, HKDF-SHA512)" }, |
2618 | { 0x0020, "DHKEM(X25519, HKDF-SHA256)" }, |
2619 | { 0x0021, "DHKEM(X448, HKDF-SHA512)" }, |
2620 | { 0, NULL((void*)0) } |
2621 | }; |
2622 | const value_string kdf_id_type_vals[] = { |
2623 | { 0x0000, "Reserved" }, |
2624 | { 0x0001, "HKDF-SHA256" }, |
2625 | { 0x0002, "HKDF-SHA384" }, |
2626 | { 0x0003, "HKDF-SHA512" }, |
2627 | { 0, NULL((void*)0) } |
2628 | }; |
2629 | const value_string aead_id_type_vals[] = { |
2630 | { 0x0000, "Reserved" }, |
2631 | { 0x0001, "AES-128-GCM" }, |
2632 | { 0x0002, "AES-256-GCM" }, |
2633 | { 0x0003, "ChaCha20Poly1305" }, |
2634 | { 0xFFFF, "Export-only" }, |
2635 | { 0, NULL((void*)0) } |
2636 | }; |
2637 | |
2638 | const value_string token_binding_key_parameter_vals[] = { |
2639 | { 0, "rsa2048_pkcs1.5" }, |
2640 | { 1, "rsa2048_pss" }, |
2641 | { 2, "ecdsap256" }, |
2642 | { 0, NULL((void*)0) } |
2643 | }; |
2644 | |
2645 | /* Lookup tables }}} */ |
2646 | |
2647 | void |
2648 | quic_transport_parameter_id_base_custom(char *result, uint64_t parameter_id) |
2649 | { |
2650 | const char *label; |
2651 | if (IS_GREASE_QUIC(parameter_id)((parameter_id) > 27 ? ((((parameter_id) - 27) % 31) == 0) : 0)) { |
2652 | label = "GREASE"; |
2653 | } else { |
2654 | label = val64_to_str_const(parameter_id, quic_transport_parameter_id, "Unknown"); |
2655 | } |
2656 | snprintf(result, ITEM_LABEL_LENGTH240, "%s (0x%02" PRIx64"l" "x" ")", label, parameter_id); |
2657 | } |
2658 | |
2659 | /* we keep this internal to packet-tls-utils, as there should be |
2660 | no need to access it any other way. |
2661 | |
2662 | This also allows us to hide the dependency on zlib. |
2663 | */ |
2664 | struct _SslDecompress { |
2665 | int compression; |
2666 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) |
2667 | zlib_stream istream; |
2668 | #endif |
2669 | }; |
2670 | |
2671 | /* To assist in parsing client/server key exchange messages |
2672 | 0 indicates unknown */ |
2673 | int ssl_get_keyex_alg(int cipher) |
2674 | { |
2675 | /* Map Cipher suite number to Key Exchange algorithm {{{ */ |
2676 | switch(cipher) { |
2677 | case 0x0017: |
2678 | case 0x0018: |
2679 | case 0x0019: |
2680 | case 0x001a: |
2681 | case 0x001b: |
2682 | case 0x0034: |
2683 | case 0x003a: |
2684 | case 0x0046: |
2685 | case 0x006c: |
2686 | case 0x006d: |
2687 | case 0x0089: |
2688 | case 0x009b: |
2689 | case 0x00a6: |
2690 | case 0x00a7: |
2691 | case 0x00bf: |
2692 | case 0x00c5: |
2693 | case 0xc084: |
2694 | case 0xc085: |
2695 | return KEX_DH_ANON0x13; |
2696 | case 0x000b: |
2697 | case 0x000c: |
2698 | case 0x000d: |
2699 | case 0x0030: |
2700 | case 0x0036: |
2701 | case 0x003e: |
2702 | case 0x0042: |
2703 | case 0x0068: |
2704 | case 0x0085: |
2705 | case 0x0097: |
2706 | case 0x00a4: |
2707 | case 0x00a5: |
2708 | case 0x00bb: |
2709 | case 0x00c1: |
2710 | case 0xc082: |
2711 | case 0xc083: |
2712 | return KEX_DH_DSS0x14; |
2713 | case 0x000e: |
2714 | case 0x000f: |
2715 | case 0x0010: |
2716 | case 0x0031: |
2717 | case 0x0037: |
2718 | case 0x003f: |
2719 | case 0x0043: |
2720 | case 0x0069: |
2721 | case 0x0086: |
2722 | case 0x0098: |
2723 | case 0x00a0: |
2724 | case 0x00a1: |
2725 | case 0x00bc: |
2726 | case 0x00c2: |
2727 | case 0xc07e: |
2728 | case 0xc07f: |
2729 | return KEX_DH_RSA0x15; |
2730 | case 0x0011: |
2731 | case 0x0012: |
2732 | case 0x0013: |
2733 | case 0x0032: |
2734 | case 0x0038: |
2735 | case 0x0040: |
2736 | case 0x0044: |
2737 | case 0x0063: |
2738 | case 0x0065: |
2739 | case 0x0066: |
2740 | case 0x006a: |
2741 | case 0x0087: |
2742 | case 0x0099: |
2743 | case 0x00a2: |
2744 | case 0x00a3: |
2745 | case 0x00bd: |
2746 | case 0x00c3: |
2747 | case 0xc080: |
2748 | case 0xc081: |
2749 | return KEX_DHE_DSS0x10; |
2750 | case 0x002d: |
2751 | case 0x008e: |
2752 | case 0x008f: |
2753 | case 0x0090: |
2754 | case 0x0091: |
2755 | case 0x00aa: |
2756 | case 0x00ab: |
2757 | case 0x00b2: |
2758 | case 0x00b3: |
2759 | case 0x00b4: |
2760 | case 0x00b5: |
2761 | case 0xc090: |
2762 | case 0xc091: |
2763 | case 0xc096: |
2764 | case 0xc097: |
2765 | case 0xc0a6: |
2766 | case 0xc0a7: |
2767 | case 0xc0aa: |
2768 | case 0xc0ab: |
2769 | case 0xccad: |
2770 | case 0xe41c: |
2771 | case 0xe41d: |
2772 | return KEX_DHE_PSK0x11; |
2773 | case 0x0014: |
2774 | case 0x0015: |
2775 | case 0x0016: |
2776 | case 0x0033: |
2777 | case 0x0039: |
2778 | case 0x0045: |
2779 | case 0x0067: |
2780 | case 0x006b: |
2781 | case 0x0088: |
2782 | case 0x009a: |
2783 | case 0x009e: |
2784 | case 0x009f: |
2785 | case 0x00be: |
2786 | case 0x00c4: |
2787 | case 0xc07c: |
2788 | case 0xc07d: |
2789 | case 0xc09e: |
2790 | case 0xc09f: |
2791 | case 0xc0a2: |
2792 | case 0xc0a3: |
2793 | case 0xccaa: |
2794 | case 0xe41e: |
2795 | case 0xe41f: |
2796 | return KEX_DHE_RSA0x12; |
2797 | case 0xc015: |
2798 | case 0xc016: |
2799 | case 0xc017: |
2800 | case 0xc018: |
2801 | case 0xc019: |
2802 | return KEX_ECDH_ANON0x19; |
2803 | case 0xc001: |
2804 | case 0xc002: |
2805 | case 0xc003: |
2806 | case 0xc004: |
2807 | case 0xc005: |
2808 | case 0xc025: |
2809 | case 0xc026: |
2810 | case 0xc02d: |
2811 | case 0xc02e: |
2812 | case 0xc074: |
2813 | case 0xc075: |
2814 | case 0xc088: |
2815 | case 0xc089: |
2816 | return KEX_ECDH_ECDSA0x1a; |
2817 | case 0xc00b: |
2818 | case 0xc00c: |
2819 | case 0xc00d: |
2820 | case 0xc00e: |
2821 | case 0xc00f: |
2822 | case 0xc029: |
2823 | case 0xc02a: |
2824 | case 0xc031: |
2825 | case 0xc032: |
2826 | case 0xc078: |
2827 | case 0xc079: |
2828 | case 0xc08c: |
2829 | case 0xc08d: |
2830 | return KEX_ECDH_RSA0x1b; |
2831 | case 0xc006: |
2832 | case 0xc007: |
2833 | case 0xc008: |
2834 | case 0xc009: |
2835 | case 0xc00a: |
2836 | case 0xc023: |
2837 | case 0xc024: |
2838 | case 0xc02b: |
2839 | case 0xc02c: |
2840 | case 0xc072: |
2841 | case 0xc073: |
2842 | case 0xc086: |
2843 | case 0xc087: |
2844 | case 0xc0ac: |
2845 | case 0xc0ad: |
2846 | case 0xc0ae: |
2847 | case 0xc0af: |
2848 | case 0xcca9: |
2849 | case 0xe414: |
2850 | case 0xe415: |
2851 | return KEX_ECDHE_ECDSA0x16; |
2852 | case 0xc033: |
2853 | case 0xc034: |
2854 | case 0xc035: |
2855 | case 0xc036: |
2856 | case 0xc037: |
2857 | case 0xc038: |
2858 | case 0xc039: |
2859 | case 0xc03a: |
2860 | case 0xc03b: |
2861 | case 0xc09a: |
2862 | case 0xc09b: |
2863 | case 0xccac: |
2864 | case 0xe418: |
2865 | case 0xe419: |
2866 | case 0xd001: |
2867 | case 0xd002: |
2868 | case 0xd003: |
2869 | case 0xd005: |
2870 | return KEX_ECDHE_PSK0x17; |
2871 | case 0xc010: |
2872 | case 0xc011: |
2873 | case 0xc012: |
2874 | case 0xc013: |
2875 | case 0xc014: |
2876 | case 0xc027: |
2877 | case 0xc028: |
2878 | case 0xc02f: |
2879 | case 0xc030: |
2880 | case 0xc076: |
2881 | case 0xc077: |
2882 | case 0xc08a: |
2883 | case 0xc08b: |
2884 | case 0xcca8: |
2885 | case 0xe412: |
2886 | case 0xe413: |
2887 | return KEX_ECDHE_RSA0x18; |
2888 | case 0x001e: |
2889 | case 0x001f: |
2890 | case 0x0020: |
2891 | case 0x0021: |
2892 | case 0x0022: |
2893 | case 0x0023: |
2894 | case 0x0024: |
2895 | case 0x0025: |
2896 | case 0x0026: |
2897 | case 0x0027: |
2898 | case 0x0028: |
2899 | case 0x0029: |
2900 | case 0x002a: |
2901 | case 0x002b: |
2902 | return KEX_KRB50x1c; |
2903 | case 0x002c: |
2904 | case 0x008a: |
2905 | case 0x008b: |
2906 | case 0x008c: |
2907 | case 0x008d: |
2908 | case 0x00a8: |
2909 | case 0x00a9: |
2910 | case 0x00ae: |
2911 | case 0x00af: |
2912 | case 0x00b0: |
2913 | case 0x00b1: |
2914 | case 0xc064: |
2915 | case 0xc065: |
2916 | case 0xc08e: |
2917 | case 0xc08f: |
2918 | case 0xc094: |
2919 | case 0xc095: |
2920 | case 0xc0a4: |
2921 | case 0xc0a5: |
2922 | case 0xc0a8: |
2923 | case 0xc0a9: |
2924 | case 0xccab: |
2925 | case 0xe416: |
2926 | case 0xe417: |
2927 | return KEX_PSK0x1d; |
2928 | case 0x0001: |
2929 | case 0x0002: |
2930 | case 0x0003: |
2931 | case 0x0004: |
2932 | case 0x0005: |
2933 | case 0x0006: |
2934 | case 0x0007: |
2935 | case 0x0008: |
2936 | case 0x0009: |
2937 | case 0x000a: |
2938 | case 0x002f: |
2939 | case 0x0035: |
2940 | case 0x003b: |
2941 | case 0x003c: |
2942 | case 0x003d: |
2943 | case 0x0041: |
2944 | case 0x0060: |
2945 | case 0x0061: |
2946 | case 0x0062: |
2947 | case 0x0064: |
2948 | case 0x0084: |
2949 | case 0x0096: |
2950 | case 0x009c: |
2951 | case 0x009d: |
2952 | case 0x00ba: |
2953 | case 0x00c0: |
2954 | case 0xc07a: |
2955 | case 0xc07b: |
2956 | case 0xc09c: |
2957 | case 0xc09d: |
2958 | case 0xc0a0: |
2959 | case 0xc0a1: |
2960 | case 0xe410: |
2961 | case 0xe411: |
2962 | case 0xfefe: |
2963 | case 0xfeff: |
2964 | case 0xffe0: |
2965 | case 0xffe1: |
2966 | return KEX_RSA0x1e; |
2967 | case 0x002e: |
2968 | case 0x0092: |
2969 | case 0x0093: |
2970 | case 0x0094: |
2971 | case 0x0095: |
2972 | case 0x00ac: |
2973 | case 0x00ad: |
2974 | case 0x00b6: |
2975 | case 0x00b7: |
2976 | case 0x00b8: |
2977 | case 0x00b9: |
2978 | case 0xc092: |
2979 | case 0xc093: |
2980 | case 0xc098: |
2981 | case 0xc099: |
2982 | case 0xccae: |
2983 | case 0xe41a: |
2984 | case 0xe41b: |
2985 | return KEX_RSA_PSK0x1f; |
2986 | case 0xc01a: |
2987 | case 0xc01d: |
2988 | case 0xc020: |
2989 | return KEX_SRP_SHA0x20; |
2990 | case 0xc01c: |
2991 | case 0xc01f: |
2992 | case 0xc022: |
2993 | return KEX_SRP_SHA_DSS0x21; |
2994 | case 0xc01b: |
2995 | case 0xc01e: |
2996 | case 0xc021: |
2997 | return KEX_SRP_SHA_RSA0x22; |
2998 | case 0xc0ff: |
2999 | return KEX_ECJPAKE0x24; |
3000 | case 0xe003: |
3001 | case 0xe013: |
3002 | case 0xe053: |
3003 | return KEX_ECC_SM20x26; |
3004 | default: |
3005 | break; |
3006 | } |
3007 | |
3008 | return 0; |
3009 | /* }}} */ |
3010 | } |
3011 | |
3012 | static wmem_list_t *connection_id_session_list; |
3013 | |
3014 | void |
3015 | ssl_init_cid_list(void) { |
3016 | connection_id_session_list = wmem_list_new(wmem_file_scope()); |
3017 | } |
3018 | |
3019 | void |
3020 | ssl_cleanup_cid_list(void) { |
3021 | wmem_destroy_list(connection_id_session_list); |
3022 | } |
3023 | |
3024 | void |
3025 | ssl_add_session_by_cid(SslDecryptSession *session) |
3026 | { |
3027 | wmem_list_append(connection_id_session_list, session); |
3028 | } |
3029 | |
3030 | SslDecryptSession * |
3031 | ssl_get_session_by_cid(tvbuff_t *tvb, uint32_t offset) |
3032 | { |
3033 | SslDecryptSession * ssl_cid = NULL((void*)0); |
3034 | wmem_list_frame_t *it = wmem_list_head(connection_id_session_list); |
3035 | |
3036 | while (it != NULL((void*)0) && ssl_cid == NULL((void*)0)) { |
3037 | SslDecryptSession * ssl = (SslDecryptSession *)wmem_list_frame_data(it); |
3038 | DISSECTOR_ASSERT(ssl != NULL)((void) ((ssl != ((void*)0)) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 3038, "ssl != ((void*)0)")))); |
3039 | SslSession *session = &ssl->session; |
3040 | |
3041 | if (session->client_cid_len > 0 && tvb_bytes_exist(tvb, offset, session->client_cid_len)) { |
3042 | if (tvb_memeql(tvb, offset, session->client_cid, session->client_cid_len) == 0) { |
3043 | ssl_cid = ssl; |
3044 | } |
3045 | } |
3046 | |
3047 | if (session->server_cid_len > 0) { |
3048 | if (tvb_memeql(tvb, offset, session->server_cid, session->server_cid_len) == 0) { |
3049 | ssl_cid = ssl; |
3050 | } |
3051 | } |
3052 | |
3053 | it = wmem_list_frame_next(it); |
3054 | } |
3055 | |
3056 | return ssl_cid; |
3057 | } |
3058 | |
3059 | /* StringInfo structure (len + data) functions {{{ */ |
3060 | |
3061 | int |
3062 | ssl_data_alloc(StringInfo* str, size_t len) |
3063 | { |
3064 | str->data = (unsigned char *)g_malloc(len); |
| |
3065 | /* the allocator can return a null pointer for a size equal to 0, |
3066 | * and that must be allowed */ |
3067 | if (len > 0 && !str->data) |
| 23 | | Assuming field 'data' is non-null | |
|
| |
3068 | return -1; |
3069 | str->data_len = (unsigned) len; |
3070 | return 0; |
3071 | } |
3072 | |
3073 | void |
3074 | ssl_data_set(StringInfo* str, const unsigned char* data, unsigned len) |
3075 | { |
3076 | DISSECTOR_ASSERT(data)((void) ((data) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 3076, "data")))); |
3077 | memcpy(str->data, data, len); |
3078 | str->data_len = len; |
3079 | } |
3080 | |
3081 | static int |
3082 | ssl_data_realloc(StringInfo* str, unsigned len) |
3083 | { |
3084 | str->data = (unsigned char *)g_realloc(str->data, len); |
3085 | if (!str->data) |
3086 | return -1; |
3087 | str->data_len = len; |
3088 | return 0; |
3089 | } |
3090 | |
3091 | static StringInfo * |
3092 | ssl_data_clone(StringInfo *str) |
3093 | { |
3094 | StringInfo *cloned_str; |
3095 | cloned_str = (StringInfo *) wmem_alloc0(wmem_file_scope(), |
3096 | sizeof(StringInfo) + str->data_len); |
3097 | cloned_str->data = (unsigned char *) (cloned_str + 1); |
3098 | ssl_data_set(cloned_str, str->data, str->data_len); |
3099 | return cloned_str; |
3100 | } |
3101 | |
3102 | static int |
3103 | ssl_data_copy(StringInfo* dst, StringInfo* src) |
3104 | { |
3105 | if (dst->data_len < src->data_len) { |
3106 | if (ssl_data_realloc(dst, src->data_len)) |
3107 | return -1; |
3108 | } |
3109 | memcpy(dst->data, src->data, src->data_len); |
3110 | dst->data_len = src->data_len; |
3111 | return 0; |
3112 | } |
3113 | |
3114 | /* from_hex converts |hex_len| bytes of hex data from |in| and sets |*out| to |
3115 | * the result. |out->data| will be allocated using wmem_file_scope. Returns true on |
3116 | * success. */ |
3117 | static bool_Bool from_hex(StringInfo* out, const char* in, size_t hex_len) { |
3118 | size_t i; |
3119 | |
3120 | if (hex_len & 1) |
3121 | return false0; |
3122 | |
3123 | out->data = (unsigned char *)wmem_alloc(wmem_file_scope(), hex_len / 2); |
3124 | for (i = 0; i < hex_len / 2; i++) { |
3125 | int a = ws_xton(in[i*2]); |
3126 | int b = ws_xton(in[i*2 + 1]); |
3127 | if (a == -1 || b == -1) |
3128 | return false0; |
3129 | out->data[i] = a << 4 | b; |
3130 | } |
3131 | out->data_len = (unsigned)hex_len / 2; |
3132 | return true1; |
3133 | } |
3134 | /* StringInfo structure (len + data) functions }}} */ |
3135 | |
3136 | |
3137 | /* libgcrypt wrappers for HMAC/message digest operations {{{ */ |
3138 | /* hmac abstraction layer */ |
3139 | #define SSL_HMACgcry_md_hd_t gcry_md_hd_t |
3140 | |
3141 | static inline int |
3142 | ssl_hmac_init(SSL_HMACgcry_md_hd_t* md, int algo) |
3143 | { |
3144 | gcry_error_t err; |
3145 | const char *err_str, *err_src; |
3146 | |
3147 | err = gcry_md_open(md,algo, GCRY_MD_FLAG_HMAC); |
3148 | if (err != 0) { |
3149 | err_str = gcry_strerror(err); |
3150 | err_src = gcry_strsource(err); |
3151 | ssl_debug_printf("ssl_hmac_init(): gcry_md_open failed %s/%s", err_str, err_src); |
3152 | return -1; |
3153 | } |
3154 | return 0; |
3155 | } |
3156 | |
3157 | static inline int |
3158 | ssl_hmac_setkey(SSL_HMACgcry_md_hd_t* md, const void * key, int len) |
3159 | { |
3160 | gcry_error_t err; |
3161 | const char *err_str, *err_src; |
3162 | |
3163 | err = gcry_md_setkey (*(md), key, len); |
3164 | if (err != 0) { |
3165 | err_str = gcry_strerror(err); |
3166 | err_src = gcry_strsource(err); |
3167 | ssl_debug_printf("ssl_hmac_setkey(): gcry_md_setkey failed %s/%s", err_str, err_src); |
3168 | return -1; |
3169 | } |
3170 | return 0; |
3171 | } |
3172 | |
3173 | static inline int |
3174 | ssl_hmac_reset(SSL_HMACgcry_md_hd_t* md) |
3175 | { |
3176 | gcry_md_reset(*md); |
3177 | return 0; |
3178 | } |
3179 | |
3180 | static inline void |
3181 | ssl_hmac_update(SSL_HMACgcry_md_hd_t* md, const void* data, int len) |
3182 | { |
3183 | gcry_md_write(*(md), data, len); |
3184 | } |
3185 | static inline void |
3186 | ssl_hmac_final(SSL_HMACgcry_md_hd_t* md, unsigned char* data, unsigned* datalen) |
3187 | { |
3188 | int algo; |
3189 | unsigned len; |
3190 | |
3191 | algo = gcry_md_get_algo (*(md)); |
3192 | len = gcry_md_get_algo_dlen(algo); |
3193 | DISSECTOR_ASSERT(len <= *datalen)((void) ((len <= *datalen) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 3193, "len <= *datalen")))); |
3194 | memcpy(data, gcry_md_read(*(md), algo), len); |
3195 | *datalen = len; |
3196 | } |
3197 | static inline void |
3198 | ssl_hmac_cleanup(SSL_HMACgcry_md_hd_t* md) |
3199 | { |
3200 | gcry_md_close(*(md)); |
3201 | } |
3202 | |
3203 | /* message digest abstraction layer*/ |
3204 | #define SSL_MDgcry_md_hd_t gcry_md_hd_t |
3205 | |
3206 | static inline int |
3207 | ssl_md_init(SSL_MDgcry_md_hd_t* md, int algo) |
3208 | { |
3209 | gcry_error_t err; |
3210 | const char *err_str, *err_src; |
3211 | err = gcry_md_open(md,algo, 0); |
3212 | if (err != 0) { |
3213 | err_str = gcry_strerror(err); |
3214 | err_src = gcry_strsource(err); |
3215 | ssl_debug_printf("ssl_md_init(): gcry_md_open failed %s/%s", err_str, err_src); |
3216 | return -1; |
3217 | } |
3218 | return 0; |
3219 | } |
3220 | static inline void |
3221 | ssl_md_update(SSL_MDgcry_md_hd_t* md, unsigned char* data, int len) |
3222 | { |
3223 | gcry_md_write(*(md), data, len); |
3224 | } |
3225 | static inline void |
3226 | ssl_md_final(SSL_MDgcry_md_hd_t* md, unsigned char* data, unsigned* datalen) |
3227 | { |
3228 | int algo; |
3229 | int len; |
3230 | algo = gcry_md_get_algo (*(md)); |
3231 | len = gcry_md_get_algo_dlen (algo); |
3232 | memcpy(data, gcry_md_read(*(md), algo), len); |
3233 | *datalen = len; |
3234 | } |
3235 | static inline void |
3236 | ssl_md_cleanup(SSL_MDgcry_md_hd_t* md) |
3237 | { |
3238 | gcry_md_close(*(md)); |
3239 | } |
3240 | |
3241 | static inline void |
3242 | ssl_md_reset(SSL_MDgcry_md_hd_t* md) |
3243 | { |
3244 | gcry_md_reset(*md); |
3245 | } |
3246 | |
3247 | /* md5 /sha abstraction layer */ |
3248 | #define SSL_SHA_CTXgcry_md_hd_t gcry_md_hd_t |
3249 | #define SSL_MD5_CTXgcry_md_hd_t gcry_md_hd_t |
3250 | |
3251 | static inline int |
3252 | ssl_sha_init(SSL_SHA_CTXgcry_md_hd_t* md) |
3253 | { |
3254 | gcry_error_t err; |
3255 | const char *err_str, *err_src; |
3256 | err = gcry_md_open(md, GCRY_MD_SHA1, 0); |
3257 | if (err != 0) { |
3258 | err_str = gcry_strerror(err); |
3259 | err_src = gcry_strsource(err); |
3260 | ssl_debug_printf("ssl_sha_init(): gcry_md_open failed %s/%s", err_str, err_src); |
3261 | return -1; |
3262 | } |
3263 | return 0; |
3264 | } |
3265 | static inline void |
3266 | ssl_sha_update(SSL_SHA_CTXgcry_md_hd_t* md, unsigned char* data, int len) |
3267 | { |
3268 | gcry_md_write(*(md), data, len); |
3269 | } |
3270 | static inline void |
3271 | ssl_sha_final(unsigned char* buf, SSL_SHA_CTXgcry_md_hd_t* md) |
3272 | { |
3273 | memcpy(buf, gcry_md_read(*(md), GCRY_MD_SHA1), |
3274 | gcry_md_get_algo_dlen(GCRY_MD_SHA1)); |
3275 | } |
3276 | |
3277 | static inline void |
3278 | ssl_sha_reset(SSL_SHA_CTXgcry_md_hd_t* md) |
3279 | { |
3280 | gcry_md_reset(*md); |
3281 | } |
3282 | |
3283 | static inline void |
3284 | ssl_sha_cleanup(SSL_SHA_CTXgcry_md_hd_t* md) |
3285 | { |
3286 | gcry_md_close(*(md)); |
3287 | } |
3288 | |
3289 | static inline int |
3290 | ssl_md5_init(SSL_MD5_CTXgcry_md_hd_t* md) |
3291 | { |
3292 | gcry_error_t err; |
3293 | const char *err_str, *err_src; |
3294 | err = gcry_md_open(md,GCRY_MD_MD5, 0); |
3295 | if (err != 0) { |
3296 | err_str = gcry_strerror(err); |
3297 | err_src = gcry_strsource(err); |
3298 | ssl_debug_printf("ssl_md5_init(): gcry_md_open failed %s/%s", err_str, err_src); |
3299 | return -1; |
3300 | } |
3301 | return 0; |
3302 | } |
3303 | static inline void |
3304 | ssl_md5_update(SSL_MD5_CTXgcry_md_hd_t* md, unsigned char* data, int len) |
3305 | { |
3306 | gcry_md_write(*(md), data, len); |
3307 | } |
3308 | static inline void |
3309 | ssl_md5_final(unsigned char* buf, SSL_MD5_CTXgcry_md_hd_t* md) |
3310 | { |
3311 | memcpy(buf, gcry_md_read(*(md), GCRY_MD_MD5), |
3312 | gcry_md_get_algo_dlen(GCRY_MD_MD5)); |
3313 | } |
3314 | |
3315 | static inline void |
3316 | ssl_md5_reset(SSL_MD5_CTXgcry_md_hd_t* md) |
3317 | { |
3318 | gcry_md_reset(*md); |
3319 | } |
3320 | |
3321 | static inline void |
3322 | ssl_md5_cleanup(SSL_MD5_CTXgcry_md_hd_t* md) |
3323 | { |
3324 | gcry_md_close(*(md)); |
3325 | } |
3326 | /* libgcrypt wrappers for HMAC/message digest operations }}} */ |
3327 | |
3328 | /* libgcrypt wrappers for Cipher state manipulation {{{ */ |
3329 | int |
3330 | ssl_cipher_setiv(SSL_CIPHER_CTXgcry_cipher_hd_t *cipher, unsigned char* iv, int iv_len) |
3331 | { |
3332 | int ret; |
3333 | #if 0 |
3334 | unsigned char *ivp; |
3335 | int i; |
3336 | gcry_cipher_hd_t c; |
3337 | c=(gcry_cipher_hd_t)*cipher; |
3338 | #endif |
3339 | ssl_debug_printf("--------------------------------------------------------------------"); |
3340 | #if 0 |
3341 | for(ivp=c->iv,i=0; i < iv_len; i++ ) |
3342 | { |
3343 | ssl_debug_printf("%d ",ivp[i]); |
3344 | i++; |
3345 | } |
3346 | #endif |
3347 | ssl_debug_printf("--------------------------------------------------------------------"); |
3348 | ret = gcry_cipher_setiv(*(cipher), iv, iv_len); |
3349 | #if 0 |
3350 | for(ivp=c->iv,i=0; i < iv_len; i++ ) |
3351 | { |
3352 | ssl_debug_printf("%d ",ivp[i]); |
3353 | i++; |
3354 | } |
3355 | #endif |
3356 | ssl_debug_printf("--------------------------------------------------------------------"); |
3357 | return ret; |
3358 | } |
3359 | /* stream cipher abstraction layer*/ |
3360 | static int |
3361 | ssl_cipher_init(gcry_cipher_hd_t *cipher, int algo, unsigned char* sk, |
3362 | unsigned char* iv, int mode) |
3363 | { |
3364 | int gcry_modes[] = { |
3365 | GCRY_CIPHER_MODE_STREAM, |
3366 | GCRY_CIPHER_MODE_CBC, |
3367 | GCRY_CIPHER_MODE_GCM, |
3368 | GCRY_CIPHER_MODE_CCM, |
3369 | GCRY_CIPHER_MODE_CCM, |
3370 | GCRY_CIPHER_MODE_POLY1305, |
3371 | GCRY_CIPHER_MODE_ECB, /* used for DTLSv1.3 seq number encryption */ |
3372 | }; |
3373 | int err; |
3374 | if (algo == -1) { |
3375 | /* NULL mode */ |
3376 | *(cipher) = (gcry_cipher_hd_t)-1; |
3377 | return 0; |
3378 | } |
3379 | err = gcry_cipher_open(cipher, algo, gcry_modes[mode], 0); |
3380 | if (err !=0) |
3381 | return -1; |
3382 | err = gcry_cipher_setkey(*(cipher), sk, gcry_cipher_get_algo_keylen (algo)); |
3383 | if (err != 0) |
3384 | return -1; |
3385 | /* AEAD cipher suites will set the nonce later. */ |
3386 | if (mode == MODE_CBC) { |
3387 | err = gcry_cipher_setiv(*(cipher), iv, gcry_cipher_get_algo_blklen(algo)); |
3388 | if (err != 0) |
3389 | return -1; |
3390 | } |
3391 | return 0; |
3392 | } |
3393 | static inline int |
3394 | ssl_cipher_decrypt(gcry_cipher_hd_t *cipher, unsigned char * out, int outl, |
3395 | const unsigned char * in, int inl) |
3396 | { |
3397 | if ((*cipher) == (gcry_cipher_hd_t)-1) |
3398 | { |
3399 | if (in && inl) |
3400 | memcpy(out, in, outl < inl ? outl : inl); |
3401 | return 0; |
3402 | } |
3403 | return gcry_cipher_decrypt ( *(cipher), out, outl, in, inl); |
3404 | } |
3405 | static inline int |
3406 | ssl_get_digest_by_name(const char*name) |
3407 | { |
3408 | return gcry_md_map_name(name); |
3409 | } |
3410 | static inline int |
3411 | ssl_get_cipher_by_name(const char* name) |
3412 | { |
3413 | return gcry_cipher_map_name(name); |
3414 | } |
3415 | |
3416 | static inline void |
3417 | ssl_cipher_cleanup(gcry_cipher_hd_t *cipher) |
3418 | { |
3419 | if ((*cipher) != (gcry_cipher_hd_t)-1) |
3420 | gcry_cipher_close(*cipher); |
3421 | *cipher = NULL((void*)0); |
3422 | } |
3423 | /* }}} */ |
3424 | |
3425 | /* Digests, Ciphers and Cipher Suites registry {{{ */ |
3426 | static const SslDigestAlgo digests[]={ |
3427 | {"MD5", 16}, |
3428 | {"SHA1", 20}, |
3429 | {"SHA256", 32}, |
3430 | {"SHA384", 48}, |
3431 | {"SM3", 32}, |
3432 | {"Not Applicable", 0}, |
3433 | }; |
3434 | |
3435 | #define DIGEST_MAX_SIZE48 48 |
3436 | |
3437 | /* get index digest index */ |
3438 | static const SslDigestAlgo * |
3439 | ssl_cipher_suite_dig(const SslCipherSuite *cs) { |
3440 | return &digests[cs->dig - DIG_MD50x40]; |
3441 | } |
3442 | |
3443 | static const char *ciphers[]={ |
3444 | "DES", |
3445 | "3DES", |
3446 | "ARCFOUR", /* libgcrypt does not support rc4, but this should be 100% compatible*/ |
3447 | "RFC2268_128", /* libgcrypt name for RC2 with a 128-bit key */ |
3448 | "IDEA", |
3449 | "AES", |
3450 | "AES256", |
3451 | "CAMELLIA128", |
3452 | "CAMELLIA256", |
3453 | "SEED", |
3454 | "CHACHA20", /* since Libgcrypt 1.7.0 */ |
3455 | "SM1", |
3456 | "SM4", |
3457 | "*UNKNOWN*" |
3458 | }; |
3459 | |
3460 | static const SslCipherSuite cipher_suites[]={ |
3461 | {0x0001,KEX_RSA0x1e, ENC_NULL0x3D, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_WITH_NULL_MD5 */ |
3462 | {0x0002,KEX_RSA0x1e, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA */ |
3463 | {0x0003,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ |
3464 | {0x0004,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_MD5 */ |
3465 | {0x0005,KEX_RSA0x1e, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_WITH_RC4_128_SHA */ |
3466 | {0x0006,KEX_RSA0x1e, ENC_RC20x33, DIG_MD50x40, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ |
3467 | {0x0007,KEX_RSA0x1e, ENC_IDEA0x34, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_IDEA_CBC_SHA */ |
3468 | {0x0008,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ |
3469 | {0x0009,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_DES_CBC_SHA */ |
3470 | {0x000A,KEX_RSA0x1e, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_3DES_EDE_CBC_SHA */ |
3471 | {0x000B,KEX_DH_DSS0x14, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ |
3472 | {0x000C,KEX_DH_DSS0x14, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_DES_CBC_SHA */ |
3473 | {0x000D,KEX_DH_DSS0x14, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA */ |
3474 | {0x000E,KEX_DH_RSA0x15, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ |
3475 | {0x000F,KEX_DH_RSA0x15, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_DES_CBC_SHA */ |
3476 | {0x0010,KEX_DH_RSA0x15, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA */ |
3477 | {0x0011,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ |
3478 | {0x0012,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_DES_CBC_SHA */ |
3479 | {0x0013,KEX_DHE_DSS0x10, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA */ |
3480 | {0x0014,KEX_DHE_RSA0x12, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ |
3481 | {0x0015,KEX_DHE_RSA0x12, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_DES_CBC_SHA */ |
3482 | {0x0016,KEX_DHE_RSA0x12, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ |
3483 | {0x0017,KEX_DH_ANON0x13, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ |
3484 | {0x0018,KEX_DH_ANON0x13, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_DH_anon_WITH_RC4_128_MD5 */ |
3485 | {0x0019,KEX_DH_ANON0x13, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ |
3486 | {0x001A,KEX_DH_ANON0x13, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_DES_CBC_SHA */ |
3487 | {0x001B,KEX_DH_ANON0x13, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_3DES_EDE_CBC_SHA */ |
3488 | {0x002C,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA */ |
3489 | {0x002D,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA */ |
3490 | {0x002E,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA */ |
3491 | {0x002F,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA */ |
3492 | {0x0030,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA */ |
3493 | {0x0031,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA */ |
3494 | {0x0032,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */ |
3495 | {0x0033,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ |
3496 | {0x0034,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ |
3497 | {0x0035,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA */ |
3498 | {0x0036,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA */ |
3499 | {0x0037,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA */ |
3500 | {0x0038,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */ |
3501 | {0x0039,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ |
3502 | {0x003A,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA */ |
3503 | {0x003B,KEX_RSA0x1e, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_RSA_WITH_NULL_SHA256 */ |
3504 | {0x003C,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ |
3505 | {0x003D,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ |
3506 | {0x003E,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_128_CBC_SHA256 */ |
3507 | {0x003F,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_128_CBC_SHA256 */ |
3508 | {0x0040,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 */ |
3509 | {0x0041,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ |
3510 | {0x0042,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA */ |
3511 | {0x0043,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA */ |
3512 | {0x0044,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA */ |
3513 | {0x0045,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ |
3514 | {0x0046,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA */ |
3515 | {0x0060,KEX_RSA0x1e, ENC_RC40x32, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 */ |
3516 | {0x0061,KEX_RSA0x1e, ENC_RC20x33, DIG_MD50x40, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 */ |
3517 | {0x0062,KEX_RSA0x1e, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */ |
3518 | {0x0063,KEX_DHE_DSS0x10, ENC_DES0x30, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */ |
3519 | {0x0064,KEX_RSA0x1e, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */ |
3520 | {0x0065,KEX_DHE_DSS0x10, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA */ |
3521 | {0x0066,KEX_DHE_DSS0x10, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_DSS_WITH_RC4_128_SHA */ |
3522 | {0x0067,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ |
3523 | {0x0068,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_AES_256_CBC_SHA256 */ |
3524 | {0x0069,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_AES_256_CBC_SHA256 */ |
3525 | {0x006A,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 */ |
3526 | {0x006B,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ |
3527 | {0x006C,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */ |
3528 | {0x006D,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */ |
3529 | {0x0084,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ |
3530 | {0x0085,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA */ |
3531 | {0x0086,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA */ |
3532 | {0x0087,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA */ |
3533 | {0x0088,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ |
3534 | {0x0089,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA */ |
3535 | {0x008A,KEX_PSK0x1d, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_PSK_WITH_RC4_128_SHA */ |
3536 | {0x008B,KEX_PSK0x1d, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_3DES_EDE_CBC_SHA */ |
3537 | {0x008C,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_AES_128_CBC_SHA */ |
3538 | {0x008D,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_PSK_WITH_AES_256_CBC_SHA */ |
3539 | {0x008E,KEX_DHE_PSK0x11, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_DHE_PSK_WITH_RC4_128_SHA */ |
3540 | {0x008F,KEX_DHE_PSK0x11, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA */ |
3541 | {0x0090,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA */ |
3542 | {0x0091,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA */ |
3543 | {0x0092,KEX_RSA_PSK0x1f, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_RSA_PSK_WITH_RC4_128_SHA */ |
3544 | {0x0093,KEX_RSA_PSK0x1f, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA */ |
3545 | {0x0094,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA */ |
3546 | {0x0095,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA */ |
3547 | {0x0096,KEX_RSA0x1e, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_RSA_WITH_SEED_CBC_SHA */ |
3548 | {0x0097,KEX_DH_DSS0x14, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_DSS_WITH_SEED_CBC_SHA */ |
3549 | {0x0098,KEX_DH_RSA0x15, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_RSA_WITH_SEED_CBC_SHA */ |
3550 | {0x0099,KEX_DHE_DSS0x10, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_DSS_WITH_SEED_CBC_SHA */ |
3551 | {0x009A,KEX_DHE_RSA0x12, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DHE_RSA_WITH_SEED_CBC_SHA */ |
3552 | {0x009B,KEX_DH_ANON0x13, ENC_SEED0x39, DIG_SHA0x41, MODE_CBC }, /* TLS_DH_anon_WITH_SEED_CBC_SHA */ |
3553 | {0x009C,KEX_RSA0x1e, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ |
3554 | {0x009D,KEX_RSA0x1e, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_WITH_AES_256_GCM_SHA384 */ |
3555 | {0x009E,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ |
3556 | {0x009F,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ |
3557 | {0x00A0,KEX_DH_RSA0x15, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_128_GCM_SHA256 */ |
3558 | {0x00A1,KEX_DH_RSA0x15, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_RSA_WITH_AES_256_GCM_SHA384 */ |
3559 | {0x00A2,KEX_DHE_DSS0x10, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 */ |
3560 | {0x00A3,KEX_DHE_DSS0x10, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 */ |
3561 | {0x00A4,KEX_DH_DSS0x14, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_128_GCM_SHA256 */ |
3562 | {0x00A5,KEX_DH_DSS0x14, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_DSS_WITH_AES_256_GCM_SHA384 */ |
3563 | {0x00A6,KEX_DH_ANON0x13, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */ |
3564 | {0x00A7,KEX_DH_ANON0x13, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ |
3565 | {0x00A8,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_PSK_WITH_AES_128_GCM_SHA256 */ |
3566 | {0x00A9,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_PSK_WITH_AES_256_GCM_SHA384 */ |
3567 | {0x00AA,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */ |
3568 | {0x00AB,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */ |
3569 | {0x00AC,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 */ |
3570 | {0x00AD,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 */ |
3571 | {0x00AE,KEX_PSK0x1d, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ |
3572 | {0x00AF,KEX_PSK0x1d, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ |
3573 | {0x00B0,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA256 */ |
3574 | {0x00B1,KEX_PSK0x1d, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_PSK_WITH_NULL_SHA384 */ |
3575 | {0x00B2,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ |
3576 | {0x00B3,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ |
3577 | {0x00B4,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA256 */ |
3578 | {0x00B5,KEX_DHE_PSK0x11, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_DHE_PSK_WITH_NULL_SHA384 */ |
3579 | {0x00B6,KEX_RSA_PSK0x1f, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 */ |
3580 | {0x00B7,KEX_RSA_PSK0x1f, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 */ |
3581 | {0x00B8,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA256 */ |
3582 | {0x00B9,KEX_RSA_PSK0x1f, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_RSA_PSK_WITH_NULL_SHA384 */ |
3583 | {0x00BA,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ |
3584 | {0x00BB,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 */ |
3585 | {0x00BC,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ |
3586 | {0x00BD,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 */ |
3587 | {0x00BE,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ |
3588 | {0x00BF,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 */ |
3589 | {0x00C0,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ |
3590 | {0x00C1,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 */ |
3591 | {0x00C2,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ |
3592 | {0x00C3,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 */ |
3593 | {0x00C4,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ |
3594 | {0x00C5,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA2560x42, MODE_CBC }, /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */ |
3595 | |
3596 | /* NOTE: TLS 1.3 cipher suites are incompatible with TLS 1.2. */ |
3597 | {0x1301,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_AES_128_GCM_SHA256 */ |
3598 | {0x1302,KEX_TLS130x23, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_AES_256_GCM_SHA384 */ |
3599 | {0x1303,KEX_TLS130x23, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_CHACHA20_POLY1305_SHA256 */ |
3600 | {0x1304,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM }, /* TLS_AES_128_CCM_SHA256 */ |
3601 | {0x1305,KEX_TLS130x23, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM_8 }, /* TLS_AES_128_CCM_8_SHA256 */ |
3602 | {0x00C6,KEX_TLS130x23, ENC_SM40x3C, DIG_SM30x44, MODE_GCM }, /* TLS_SM4_GCM_SM3 */ |
3603 | |
3604 | {0xC001,KEX_ECDH_ECDSA0x1a, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_NULL_SHA */ |
3605 | {0xC002,KEX_ECDH_ECDSA0x1a, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ |
3606 | {0xC003,KEX_ECDH_ECDSA0x1a, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ |
3607 | {0xC004,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ |
3608 | {0xC005,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ |
3609 | {0xC006,KEX_ECDHE_ECDSA0x16, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ |
3610 | {0xC007,KEX_ECDHE_ECDSA0x16, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ |
3611 | {0xC008,KEX_ECDHE_ECDSA0x16, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ |
3612 | {0xC009,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ |
3613 | {0xC00A,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ |
3614 | {0xC00B,KEX_ECDH_RSA0x1b, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_NULL_SHA */ |
3615 | {0xC00C,KEX_ECDH_RSA0x1b, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */ |
3616 | {0xC00D,KEX_ECDH_RSA0x1b, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ |
3617 | {0xC00E,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ |
3618 | {0xC00F,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ |
3619 | {0xC0FF,KEX_ECJPAKE0x24, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECJPAKE_WITH_AES_128_CCM_8 */ |
3620 | {0xC010,KEX_ECDHE_RSA0x18, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_NULL_SHA */ |
3621 | {0xC011,KEX_ECDHE_RSA0x18, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ |
3622 | {0xC012,KEX_ECDHE_RSA0x18, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ |
3623 | {0xC013,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ |
3624 | {0xC014,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ |
3625 | {0xC015,KEX_ECDH_ANON0x19, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_anon_WITH_NULL_SHA */ |
3626 | {0xC016,KEX_ECDH_ANON0x19, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDH_anon_WITH_RC4_128_SHA */ |
3627 | {0xC017,KEX_ECDH_ANON0x19, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */ |
3628 | {0xC018,KEX_ECDH_ANON0x19, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */ |
3629 | {0xC019,KEX_ECDH_ANON0x19, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */ |
3630 | {0xC01A,KEX_SRP_SHA0x20, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA */ |
3631 | {0xC01B,KEX_SRP_SHA_RSA0x22, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA */ |
3632 | {0xC01C,KEX_SRP_SHA_DSS0x21, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA */ |
3633 | {0xC01D,KEX_SRP_SHA0x20, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_AES_128_CBC_SHA */ |
3634 | {0xC01E,KEX_SRP_SHA_RSA0x22, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA */ |
3635 | {0xC01F,KEX_SRP_SHA_DSS0x21, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA */ |
3636 | {0xC020,KEX_SRP_SHA0x20, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_WITH_AES_256_CBC_SHA */ |
3637 | {0xC021,KEX_SRP_SHA_RSA0x22, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA */ |
3638 | {0xC022,KEX_SRP_SHA_DSS0x21, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA */ |
3639 | {0xC023,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 */ |
3640 | {0xC024,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 */ |
3641 | {0xC025,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ |
3642 | {0xC026,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ |
3643 | {0xC027,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ |
3644 | {0xC028,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ |
3645 | {0xC029,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ |
3646 | {0xC02A,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ |
3647 | {0xC02B,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ |
3648 | {0xC02C,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ |
3649 | {0xC02D,KEX_ECDH_ECDSA0x1a, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ |
3650 | {0xC02E,KEX_ECDH_ECDSA0x1a, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ |
3651 | {0xC02F,KEX_ECDHE_RSA0x18, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ |
3652 | {0xC030,KEX_ECDHE_RSA0x18, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ |
3653 | {0xC031,KEX_ECDH_RSA0x1b, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ |
3654 | {0xC032,KEX_ECDH_RSA0x1b, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ |
3655 | {0xC033,KEX_ECDHE_PSK0x17, ENC_RC40x32, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_RC4_128_SHA */ |
3656 | {0xC034,KEX_ECDHE_PSK0x17, ENC_3DES0x31, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA */ |
3657 | {0xC035,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA */ |
3658 | {0xC036,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA0x41, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA */ |
3659 | {0xC037,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ |
3660 | {0xC038,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 */ |
3661 | {0xC039,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA0x41, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA */ |
3662 | {0xC03A,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA2560x42, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ |
3663 | {0xC03B,KEX_ECDHE_PSK0x17, ENC_NULL0x3D, DIG_SHA3840x43, MODE_STREAM}, /* TLS_ECDHE_PSK_WITH_NULL_SHA384 */ |
3664 | {0xC072,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ |
3665 | {0xC073,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */ |
3666 | {0xC074,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 */ |
3667 | {0xC075,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 */ |
3668 | {0xC076,KEX_ECDHE_RSA0x18, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ |
3669 | {0xC077,KEX_ECDHE_RSA0x18, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 */ |
3670 | {0xC078,KEX_ECDH_RSA0x1b, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ |
3671 | {0xC079,KEX_ECDH_RSA0x1b, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 */ |
3672 | {0xC07A,KEX_RSA0x1e, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ |
3673 | {0xC07B,KEX_RSA0x1e, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ |
3674 | {0xC07C,KEX_DHE_RSA0x12, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ |
3675 | {0xC07D,KEX_DHE_RSA0x12, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ |
3676 | {0xC07E,KEX_DH_RSA0x15, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ |
3677 | {0xC07F,KEX_DH_RSA0x15, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ |
3678 | {0xC080,KEX_DHE_DSS0x10, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 */ |
3679 | {0xC081,KEX_DHE_DSS0x10, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 */ |
3680 | {0xC082,KEX_DH_DSS0x14, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 */ |
3681 | {0xC083,KEX_DH_DSS0x14, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */ |
3682 | {0xC084,KEX_DH_ANON0x13, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 */ |
3683 | {0xC085,KEX_DH_ANON0x13, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 */ |
3684 | {0xC086,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */ |
3685 | {0xC087,KEX_ECDHE_ECDSA0x16, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ |
3686 | {0xC088,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 */ |
3687 | {0xC089,KEX_ECDH_ECDSA0x1a, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 */ |
3688 | {0xC08A,KEX_ECDHE_RSA0x18, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ |
3689 | {0xC08B,KEX_ECDHE_RSA0x18, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ |
3690 | {0xC08C,KEX_ECDH_RSA0x1b, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 */ |
3691 | {0xC08D,KEX_ECDH_RSA0x1b, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 */ |
3692 | {0xC08E,KEX_PSK0x1d, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ |
3693 | {0xC08F,KEX_PSK0x1d, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ |
3694 | {0xC090,KEX_DHE_PSK0x11, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ |
3695 | {0xC091,KEX_DHE_PSK0x11, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ |
3696 | {0xC092,KEX_RSA_PSK0x1f, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_GCM }, /* TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 */ |
3697 | {0xC093,KEX_RSA_PSK0x1f, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_GCM }, /* TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 */ |
3698 | {0xC094,KEX_PSK0x1d, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ |
3699 | {0xC095,KEX_PSK0x1d, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ |
3700 | {0xC096,KEX_DHE_PSK0x11, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ |
3701 | {0xC097,KEX_DHE_PSK0x11, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ |
3702 | {0xC098,KEX_RSA_PSK0x1f, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ |
3703 | {0xC099,KEX_RSA_PSK0x1f, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ |
3704 | {0xC09A,KEX_ECDHE_PSK0x17, ENC_CAMELLIA1280x37,DIG_SHA2560x42, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 */ |
3705 | {0xC09B,KEX_ECDHE_PSK0x17, ENC_CAMELLIA2560x38,DIG_SHA3840x43, MODE_CBC }, /* TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 */ |
3706 | {0xC09C,KEX_RSA0x1e, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_RSA_WITH_AES_128_CCM */ |
3707 | {0xC09D,KEX_RSA0x1e, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_RSA_WITH_AES_256_CCM */ |
3708 | {0xC09E,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_128_CCM */ |
3709 | {0xC09F,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_RSA_WITH_AES_256_CCM */ |
3710 | {0xC0A0,KEX_RSA0x1e, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_128_CCM_8 */ |
3711 | {0xC0A1,KEX_RSA0x1e, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_RSA_WITH_AES_256_CCM_8 */ |
3712 | {0xC0A2,KEX_DHE_RSA0x12, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_128_CCM_8 */ |
3713 | {0xC0A3,KEX_DHE_RSA0x12, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_DHE_RSA_WITH_AES_256_CCM_8 */ |
3714 | {0xC0A4,KEX_PSK0x1d, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_PSK_WITH_AES_128_CCM */ |
3715 | {0xC0A5,KEX_PSK0x1d, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_PSK_WITH_AES_256_CCM */ |
3716 | {0xC0A6,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_PSK_WITH_AES_128_CCM */ |
3717 | {0xC0A7,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_DHE_PSK_WITH_AES_256_CCM */ |
3718 | {0xC0A8,KEX_PSK0x1d, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_128_CCM_8 */ |
3719 | {0xC0A9,KEX_PSK0x1d, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_WITH_AES_256_CCM_8 */ |
3720 | {0xC0AA,KEX_DHE_PSK0x11, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_DHE_WITH_AES_128_CCM_8 */ |
3721 | {0xC0AB,KEX_DHE_PSK0x11, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_PSK_DHE_WITH_AES_256_CCM_8 */ |
3722 | {0xC0AC,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_NA0x45, MODE_CCM }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */ |
3723 | {0xC0AD,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_NA0x45, MODE_CCM }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM */ |
3724 | {0xC0AE,KEX_ECDHE_ECDSA0x16, ENC_AES0x35, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ |
3725 | {0xC0AF,KEX_ECDHE_ECDSA0x16, ENC_AES2560x36, DIG_NA0x45, MODE_CCM_8 }, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */ |
3726 | {0xCCA8,KEX_ECDHE_RSA0x18, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ |
3727 | {0xCCA9,KEX_ECDHE_ECDSA0x16, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ |
3728 | {0xCCAA,KEX_DHE_RSA0x12, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ |
3729 | {0xCCAB,KEX_PSK0x1d, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ |
3730 | {0xCCAC,KEX_ECDHE_PSK0x17, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ |
3731 | {0xCCAD,KEX_DHE_PSK0x11, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ |
3732 | {0xCCAE,KEX_RSA_PSK0x1f, ENC_CHACHA200x3A, DIG_SHA2560x42, MODE_POLY1305 }, /* TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 */ |
3733 | {0xD001,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_GCM}, /* TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ |
3734 | {0xD002,KEX_ECDHE_PSK0x17, ENC_AES2560x36, DIG_SHA3840x43, MODE_GCM}, /* TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 */ |
3735 | {0xD003,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM_8}, /* TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 */ |
3736 | {0xD005,KEX_ECDHE_PSK0x17, ENC_AES0x35, DIG_SHA2560x42, MODE_CCM}, /* TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 */ |
3737 | /* GM */ |
3738 | {0xe001,KEX_ECDHE_SM20x25, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* ECDHE_SM1_SM3 */ |
3739 | {0xe003,KEX_ECC_SM20x26, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* ECC_SM1_SM3 */ |
3740 | {0xe005,KEX_IBSDH_SM90x27, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* IBSDH_SM1_SM3 */ |
3741 | {0xe007,KEX_IBC_SM90x28, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* IBC_SM1_SM3 */ |
3742 | {0xe009,KEX_RSA0x1e, ENC_SM10x3B, DIG_SM30x44, MODE_CBC}, /* RSA_SM1_SM3 */ |
3743 | {0xe00a,KEX_RSA0x1e, ENC_SM10x3B, DIG_SHA0x41, MODE_CBC}, /* RSA_SM1_SHA1 */ |
3744 | {0xe011,KEX_ECDHE_SM20x25, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* ECDHE_SM4_CBC_SM3 */ |
3745 | {0xe013,KEX_ECC_SM20x26, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* ECC_SM4_CBC_SM3 */ |
3746 | {0xe015,KEX_IBSDH_SM90x27, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* IBSDH_SM4_CBC_SM3 */ |
3747 | {0xe017,KEX_IBC_SM90x28, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* IBC_SM4_CBC_SM3 */ |
3748 | {0xe019,KEX_RSA0x1e, ENC_SM40x3C, DIG_SM30x44, MODE_CBC}, /* RSA_SM4_CBC_SM3 */ |
3749 | {0xe01a,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA0x41, MODE_CBC}, /* RSA_SM4_CBC_SHA1 */ |
3750 | {0xe01c,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA2560x42, MODE_CBC}, /* RSA_SM4_CBC_SHA256 */ |
3751 | {0xe051,KEX_ECDHE_SM20x25, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* ECDHE_SM4_GCM_SM3 */ |
3752 | {0xe053,KEX_ECC_SM20x26, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* ECC_SM4_GCM_SM3 */ |
3753 | {0xe055,KEX_IBSDH_SM90x27, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* IBSDH_SM4_GCM_SM3 */ |
3754 | {0xe057,KEX_IBC_SM90x28, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* IBC_SM4_GCM_SM3 */ |
3755 | {0xe059,KEX_RSA0x1e, ENC_SM40x3C, DIG_SM30x44, MODE_GCM}, /* RSA_SM4_GCM_SM3 */ |
3756 | {0xe05a,KEX_RSA0x1e, ENC_SM40x3C, DIG_SHA2560x42, MODE_GCM}, /* RSA_SM4_GCM_SHA256 */ |
3757 | {-1, 0, 0, 0, MODE_STREAM} |
3758 | }; |
3759 | |
3760 | #define MAX_BLOCK_SIZE16 16 |
3761 | #define MAX_KEY_SIZE32 32 |
3762 | |
3763 | const SslCipherSuite * |
3764 | ssl_find_cipher(int num) |
3765 | { |
3766 | const SslCipherSuite *c; |
3767 | for(c=cipher_suites;c->number!=-1;c++){ |
3768 | if(c->number==num){ |
3769 | return c; |
3770 | } |
3771 | } |
3772 | |
3773 | return NULL((void*)0); |
3774 | } |
3775 | |
3776 | int |
3777 | ssl_get_cipher_algo(const SslCipherSuite *cipher_suite) |
3778 | { |
3779 | return gcry_cipher_map_name(ciphers[cipher_suite->enc - ENC_START0x30]); |
3780 | } |
3781 | |
3782 | unsigned |
3783 | ssl_get_cipher_blocksize(const SslCipherSuite *cipher_suite) |
3784 | { |
3785 | int cipher_algo; |
3786 | if (cipher_suite->mode != MODE_CBC) return 0; |
3787 | cipher_algo = ssl_get_cipher_by_name(ciphers[cipher_suite->enc - ENC_START0x30]); |
3788 | return (unsigned)gcry_cipher_get_algo_blklen(cipher_algo); |
3789 | } |
3790 | |
3791 | static unsigned |
3792 | ssl_get_cipher_export_keymat_size(int cipher_suite_num) |
3793 | { |
3794 | switch (cipher_suite_num) { |
3795 | /* See RFC 6101 (SSL 3.0), Table 2, column Key Material. */ |
3796 | case 0x0003: /* TLS_RSA_EXPORT_WITH_RC4_40_MD5 */ |
3797 | case 0x0006: /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 */ |
3798 | case 0x0008: /* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA */ |
3799 | case 0x000B: /* TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA */ |
3800 | case 0x000E: /* TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA */ |
3801 | case 0x0011: /* TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA */ |
3802 | case 0x0014: /* TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA */ |
3803 | case 0x0017: /* TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 */ |
3804 | case 0x0019: /* TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA */ |
3805 | return 5; |
3806 | |
3807 | /* not defined in below draft, but "implemented by several vendors", |
3808 | * https://www.ietf.org/mail-archive/web/tls/current/msg00036.html */ |
3809 | case 0x0060: /* TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 */ |
3810 | case 0x0061: /* TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 */ |
3811 | return 7; |
3812 | |
3813 | /* Note: the draft states that DES_CBC needs 8 bytes, but Wireshark always |
3814 | * used 7. Until a pcap proves 8, let's use the old value. Link: |
3815 | * https://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01 */ |
3816 | case 0x0062: /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA */ |
3817 | case 0x0063: /* TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA */ |
3818 | case 0x0064: /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA */ |
3819 | case 0x0065: /* TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA */ |
3820 | return 7; |
3821 | |
3822 | default: |
3823 | return 0; |
3824 | } |
3825 | } |
3826 | |
3827 | /* Digests, Ciphers and Cipher Suites registry }}} */ |
3828 | |
3829 | |
3830 | /* HMAC and the Pseudorandom function {{{ */ |
3831 | static int |
3832 | tls_hash(StringInfo *secret, StringInfo *seed, int md, |
3833 | StringInfo *out, unsigned out_len) |
3834 | { |
3835 | /* RFC 2246 5. HMAC and the pseudorandom function |
3836 | * '+' denotes concatenation. |
3837 | * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + |
3838 | * HMAC_hash(secret, A(2) + seed) + ... |
3839 | * A(0) = seed |
3840 | * A(i) = HMAC_hash(secret, A(i - 1)) |
3841 | */ |
3842 | uint8_t *ptr; |
3843 | unsigned left, tocpy; |
3844 | uint8_t *A; |
3845 | uint8_t _A[DIGEST_MAX_SIZE48], tmp[DIGEST_MAX_SIZE48]; |
3846 | unsigned A_l, tmp_l; |
3847 | SSL_HMACgcry_md_hd_t hm; |
3848 | |
3849 | ptr = out->data; |
3850 | left = out_len; |
3851 | |
3852 | ssl_print_string("tls_hash: hash secret", secret); |
3853 | ssl_print_string("tls_hash: hash seed", seed); |
3854 | /* A(0) = seed */ |
3855 | A = seed->data; |
3856 | A_l = seed->data_len; |
3857 | |
3858 | if (ssl_hmac_init(&hm, md) != 0) { |
3859 | return -1; |
3860 | } |
3861 | while (left) { |
3862 | /* A(i) = HMAC_hash(secret, A(i-1)) */ |
3863 | ssl_hmac_setkey(&hm, secret->data, secret->data_len); |
3864 | ssl_hmac_update(&hm, A, A_l); |
3865 | A_l = sizeof(_A); /* upper bound len for hash output */ |
3866 | ssl_hmac_final(&hm, _A, &A_l); |
3867 | A = _A; |
3868 | |
3869 | /* HMAC_hash(secret, A(i) + seed) */ |
3870 | ssl_hmac_reset(&hm); |
3871 | ssl_hmac_setkey(&hm, secret->data, secret->data_len); |
3872 | ssl_hmac_update(&hm, A, A_l); |
3873 | ssl_hmac_update(&hm, seed->data, seed->data_len); |
3874 | tmp_l = sizeof(tmp); /* upper bound len for hash output */ |
3875 | ssl_hmac_final(&hm, tmp, &tmp_l); |
3876 | ssl_hmac_reset(&hm); |
3877 | |
3878 | /* ssl_hmac_final puts the actual digest output size in tmp_l */ |
3879 | tocpy = MIN(left, tmp_l)(((left) < (tmp_l)) ? (left) : (tmp_l)); |
3880 | memcpy(ptr, tmp, tocpy); |
3881 | ptr += tocpy; |
3882 | left -= tocpy; |
3883 | } |
3884 | ssl_hmac_cleanup(&hm); |
3885 | out->data_len = out_len; |
3886 | |
3887 | ssl_print_string("hash out", out); |
3888 | return 0; |
3889 | } |
3890 | |
3891 | static bool_Bool |
3892 | tls_prf(StringInfo* secret, const char *usage, |
3893 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) |
3894 | { |
3895 | StringInfo seed, sha_out, md5_out; |
3896 | uint8_t *ptr; |
3897 | StringInfo s1, s2; |
3898 | unsigned i,s_l; |
3899 | size_t usage_len, rnd2_len; |
3900 | bool_Bool success = false0; |
3901 | usage_len = strlen(usage); |
3902 | rnd2_len = rnd2 ? rnd2->data_len : 0; |
3903 | |
3904 | /* initialize buffer for sha, md5 random seed*/ |
3905 | if (ssl_data_alloc(&sha_out, MAX(out_len, 20)(((out_len) > (20)) ? (out_len) : (20))) < 0) { |
3906 | ssl_debug_printf("tls_prf: can't allocate sha out\n"); |
3907 | return false0; |
3908 | } |
3909 | if (ssl_data_alloc(&md5_out, MAX(out_len, 16)(((out_len) > (16)) ? (out_len) : (16))) < 0) { |
3910 | ssl_debug_printf("tls_prf: can't allocate md5 out\n"); |
3911 | goto free_sha; |
3912 | } |
3913 | if (ssl_data_alloc(&seed, usage_len+rnd1->data_len+rnd2_len) < 0) { |
3914 | ssl_debug_printf("tls_prf: can't allocate rnd %d\n", |
3915 | (int) (usage_len+rnd1->data_len+rnd2_len)); |
3916 | goto free_md5; |
3917 | } |
3918 | |
3919 | ptr=seed.data; |
3920 | memcpy(ptr,usage,usage_len); |
3921 | ptr+=usage_len; |
3922 | memcpy(ptr,rnd1->data,rnd1->data_len); |
3923 | if (rnd2_len > 0) { |
3924 | ptr+=rnd1->data_len; |
3925 | memcpy(ptr,rnd2->data,rnd2->data_len); |
3926 | /*ptr+=rnd2->data_len;*/ |
3927 | } |
3928 | |
3929 | /* initialize buffer for client/server seeds*/ |
3930 | s_l=secret->data_len/2 + secret->data_len%2; |
3931 | if (ssl_data_alloc(&s1, s_l) < 0) { |
3932 | ssl_debug_printf("tls_prf: can't allocate secret %d\n", s_l); |
3933 | goto free_seed; |
3934 | } |
3935 | if (ssl_data_alloc(&s2, s_l) < 0) { |
3936 | ssl_debug_printf("tls_prf: can't allocate secret(2) %d\n", s_l); |
3937 | goto free_s1; |
3938 | } |
3939 | |
3940 | memcpy(s1.data,secret->data,s_l); |
3941 | memcpy(s2.data,secret->data + (secret->data_len - s_l),s_l); |
3942 | |
3943 | ssl_debug_printf("tls_prf: tls_hash(md5 secret_len %d seed_len %d )\n", s1.data_len, seed.data_len); |
3944 | if(tls_hash(&s1, &seed, ssl_get_digest_by_name("MD5"), &md5_out, out_len) != 0) |
3945 | goto free_s2; |
3946 | ssl_debug_printf("tls_prf: tls_hash(sha)\n"); |
3947 | if(tls_hash(&s2, &seed, ssl_get_digest_by_name("SHA1"), &sha_out, out_len) != 0) |
3948 | goto free_s2; |
3949 | |
3950 | for (i = 0; i < out_len; i++) |
3951 | out->data[i] = md5_out.data[i] ^ sha_out.data[i]; |
3952 | /* success, now store the new meaningful data length */ |
3953 | out->data_len = out_len; |
3954 | success = true1; |
3955 | |
3956 | ssl_print_string("PRF out",out); |
3957 | free_s2: |
3958 | g_free(s2.data); |
3959 | free_s1: |
3960 | g_free(s1.data); |
3961 | free_seed: |
3962 | g_free(seed.data); |
3963 | free_md5: |
3964 | g_free(md5_out.data); |
3965 | free_sha: |
3966 | g_free(sha_out.data); |
3967 | return success; |
3968 | } |
3969 | |
3970 | static bool_Bool |
3971 | tls12_prf(int md, StringInfo* secret, const char* usage, |
3972 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) |
3973 | { |
3974 | StringInfo label_seed; |
3975 | int success; |
3976 | size_t usage_len, rnd2_len; |
3977 | rnd2_len = rnd2 ? rnd2->data_len : 0; |
3978 | |
3979 | usage_len = strlen(usage); |
3980 | if (ssl_data_alloc(&label_seed, usage_len+rnd1->data_len+rnd2_len) < 0) { |
3981 | ssl_debug_printf("tls12_prf: can't allocate label_seed\n"); |
3982 | return false0; |
3983 | } |
3984 | memcpy(label_seed.data, usage, usage_len); |
3985 | memcpy(label_seed.data+usage_len, rnd1->data, rnd1->data_len); |
3986 | if (rnd2_len > 0) |
3987 | memcpy(label_seed.data+usage_len+rnd1->data_len, rnd2->data, rnd2->data_len); |
3988 | |
3989 | ssl_debug_printf("tls12_prf: tls_hash(hash_alg %s secret_len %d seed_len %d )\n", gcry_md_algo_name(md), secret->data_len, label_seed.data_len); |
3990 | success = tls_hash(secret, &label_seed, md, out, out_len); |
3991 | g_free(label_seed.data); |
3992 | if(success != -1){ |
3993 | ssl_print_string("PRF out", out); |
3994 | return true1; |
3995 | } |
3996 | return false0; |
3997 | } |
3998 | |
3999 | static bool_Bool |
4000 | ssl3_generate_export_iv(StringInfo *r1, StringInfo *r2, |
4001 | StringInfo *out, unsigned out_len) |
4002 | { |
4003 | SSL_MD5_CTXgcry_md_hd_t md5; |
4004 | uint8_t tmp[16]; |
4005 | |
4006 | if (ssl_md5_init(&md5) != 0) { |
4007 | return false0; |
4008 | } |
4009 | ssl_md5_update(&md5,r1->data,r1->data_len); |
4010 | ssl_md5_update(&md5,r2->data,r2->data_len); |
4011 | ssl_md5_final(tmp,&md5); |
4012 | ssl_md5_cleanup(&md5); |
4013 | |
4014 | DISSECTOR_ASSERT(out_len <= sizeof(tmp))((void) ((out_len <= sizeof(tmp)) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 4014, "out_len <= sizeof(tmp)")))); |
4015 | ssl_data_set(out, tmp, out_len); |
4016 | ssl_print_string("export iv", out); |
4017 | return true1; |
4018 | } |
4019 | |
4020 | static bool_Bool |
4021 | ssl3_prf(StringInfo* secret, const char* usage, |
4022 | StringInfo* rnd1, StringInfo* rnd2, StringInfo* out, unsigned out_len) |
4023 | { |
4024 | SSL_MD5_CTXgcry_md_hd_t md5; |
4025 | SSL_SHA_CTXgcry_md_hd_t sha; |
4026 | unsigned off; |
4027 | int i = 0,j; |
4028 | uint8_t buf[20]; |
4029 | |
4030 | if (ssl_sha_init(&sha) != 0) { |
4031 | return false0; |
4032 | } |
4033 | if (ssl_md5_init(&md5) != 0) { |
4034 | ssl_sha_cleanup(&sha); |
4035 | return false0; |
4036 | } |
4037 | for (off = 0; off < out_len; off += 16) { |
4038 | unsigned char outbuf[16]; |
4039 | i++; |
4040 | |
4041 | ssl_debug_printf("ssl3_prf: sha1_hash(%d)\n",i); |
4042 | /* A, BB, CCC, ... */ |
4043 | for(j=0;j<i;j++){ |
4044 | buf[j]=64+i; |
4045 | } |
4046 | |
4047 | ssl_sha_update(&sha,buf,i); |
4048 | ssl_sha_update(&sha,secret->data,secret->data_len); |
4049 | |
4050 | if(!strcmp(usage,"client write key") || !strcmp(usage,"server write key")){ |
4051 | if (rnd2) |
4052 | ssl_sha_update(&sha,rnd2->data,rnd2->data_len); |
4053 | ssl_sha_update(&sha,rnd1->data,rnd1->data_len); |
4054 | } |
4055 | else{ |
4056 | ssl_sha_update(&sha,rnd1->data,rnd1->data_len); |
4057 | if (rnd2) |
4058 | ssl_sha_update(&sha,rnd2->data,rnd2->data_len); |
4059 | } |
4060 | |
4061 | ssl_sha_final(buf,&sha); |
4062 | ssl_sha_reset(&sha); |
4063 | |
4064 | ssl_debug_printf("ssl3_prf: md5_hash(%d) datalen %d\n",i, |
4065 | secret->data_len); |
4066 | ssl_md5_update(&md5,secret->data,secret->data_len); |
4067 | ssl_md5_update(&md5,buf,20); |
4068 | ssl_md5_final(outbuf,&md5); |
4069 | ssl_md5_reset(&md5); |
4070 | |
4071 | memcpy(out->data + off, outbuf, MIN(out_len - off, 16)(((out_len - off) < (16)) ? (out_len - off) : (16))); |
4072 | } |
4073 | ssl_sha_cleanup(&sha); |
4074 | ssl_md5_cleanup(&md5); |
4075 | out->data_len = out_len; |
4076 | |
4077 | return true1; |
4078 | } |
4079 | |
4080 | /* out_len is the wanted output length for the pseudorandom function. |
4081 | * Ensure that ssl->cipher_suite is set. */ |
4082 | static bool_Bool |
4083 | prf(SslDecryptSession *ssl, StringInfo *secret, const char *usage, |
4084 | StringInfo *rnd1, StringInfo *rnd2, StringInfo *out, unsigned out_len) |
4085 | { |
4086 | switch (ssl->session.version) { |
4087 | case SSLV3_VERSION0x300: |
4088 | return ssl3_prf(secret, usage, rnd1, rnd2, out, out_len); |
4089 | |
4090 | case TLSV1_VERSION0x301: |
4091 | case TLSV1DOT1_VERSION0x302: |
4092 | case DTLSV1DOT0_VERSION0xfeff: |
4093 | case DTLSV1DOT0_OPENSSL_VERSION0x100: |
4094 | return tls_prf(secret, usage, rnd1, rnd2, out, out_len); |
4095 | |
4096 | default: /* TLSv1.2 */ |
4097 | switch (ssl->cipher_suite->dig) { |
4098 | case DIG_SM30x44: |
4099 | #if GCRYPT_VERSION_NUMBER0x010a03 >= 0x010900 |
4100 | return tls12_prf(GCRY_MD_SM3, secret, usage, rnd1, rnd2, |
4101 | out, out_len); |
4102 | #else |
4103 | return false0; |
4104 | #endif |
4105 | case DIG_SHA3840x43: |
4106 | return tls12_prf(GCRY_MD_SHA384, secret, usage, rnd1, rnd2, |
4107 | out, out_len); |
4108 | default: |
4109 | return tls12_prf(GCRY_MD_SHA256, secret, usage, rnd1, rnd2, |
4110 | out, out_len); |
4111 | } |
4112 | } |
4113 | } |
4114 | |
4115 | static int tls_handshake_hash(SslDecryptSession* ssl, StringInfo* out) |
4116 | { |
4117 | SSL_MD5_CTXgcry_md_hd_t md5; |
4118 | SSL_SHA_CTXgcry_md_hd_t sha; |
4119 | |
4120 | if (ssl_data_alloc(out, 36) < 0) |
| 21 | | Calling 'ssl_data_alloc' | |
|
| 25 | | Returned allocated memory | |
|
| |
4121 | return -1; |
4122 | |
4123 | if (ssl_md5_init(&md5) != 0) |
| |
4124 | return -1; |
4125 | ssl_md5_update(&md5,ssl->handshake_data.data,ssl->handshake_data.data_len); |
4126 | ssl_md5_final(out->data,&md5); |
4127 | ssl_md5_cleanup(&md5); |
4128 | |
4129 | if (ssl_sha_init(&sha) != 0) |
4130 | return -1; |
4131 | ssl_sha_update(&sha,ssl->handshake_data.data,ssl->handshake_data.data_len); |
4132 | ssl_sha_final(out->data+16,&sha); |
4133 | ssl_sha_cleanup(&sha); |
4134 | return 0; |
4135 | } |
4136 | |
4137 | static int tls12_handshake_hash(SslDecryptSession* ssl, int md, StringInfo* out) |
4138 | { |
4139 | SSL_MDgcry_md_hd_t mc; |
4140 | uint8_t tmp[48]; |
4141 | unsigned len; |
4142 | |
4143 | if (ssl_md_init(&mc, md) != 0) |
4144 | return -1; |
4145 | ssl_md_update(&mc,ssl->handshake_data.data,ssl->handshake_data.data_len); |
4146 | ssl_md_final(&mc, tmp, &len); |
4147 | ssl_md_cleanup(&mc); |
4148 | |
4149 | if (ssl_data_alloc(out, len) < 0) |
4150 | return -1; |
4151 | memcpy(out->data, tmp, len); |
4152 | return 0; |
4153 | } |
4154 | |
4155 | /** |
4156 | * Obtains the label prefix used in HKDF-Expand-Label. This function can be |
4157 | * inlined and removed once support for draft 19 and before is dropped. |
4158 | */ |
4159 | static inline const char * |
4160 | tls13_hkdf_label_prefix(SslDecryptSession *ssl_session) |
4161 | { |
4162 | if (ssl_session->session.tls13_draft_version && ssl_session->session.tls13_draft_version < 20) { |
4163 | return "TLS 1.3, "; |
4164 | } else if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { |
4165 | return "dtls13"; |
4166 | } else { |
4167 | return "tls13 "; |
4168 | } |
4169 | } |
4170 | |
4171 | /* |
4172 | * Computes HKDF-Expand-Label(Secret, Label, Hash(context_value), Length) with a |
4173 | * custom label prefix. If "context_hash" is NULL, then an empty context is |
4174 | * used. Otherwise it must have the same length as the hash algorithm output. |
4175 | */ |
4176 | bool_Bool |
4177 | tls13_hkdf_expand_label_context(int md, const StringInfo *secret, |
4178 | const char *label_prefix, const char *label, |
4179 | const uint8_t *context_hash, uint8_t context_length, |
4180 | uint16_t out_len, unsigned char **out) |
4181 | { |
4182 | /* RFC 8446 Section 7.1: |
4183 | * HKDF-Expand-Label(Secret, Label, Context, Length) = |
4184 | * HKDF-Expand(Secret, HkdfLabel, Length) |
4185 | * struct { |
4186 | * uint16 length = Length; |
4187 | * opaque label<7..255> = "tls13 " + Label; // "tls13 " is label prefix. |
4188 | * opaque context<0..255> = Context; |
4189 | * } HkdfLabel; |
4190 | * |
4191 | * RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF): |
4192 | * HKDF-Expand(PRK, info, L) -> OKM |
4193 | */ |
4194 | gcry_error_t err; |
4195 | const unsigned label_prefix_length = (unsigned) strlen(label_prefix); |
4196 | const unsigned label_length = (unsigned) strlen(label); |
4197 | |
4198 | /* Some sanity checks */ |
4199 | DISSECTOR_ASSERT(label_length > 0 && label_prefix_length + label_length <= 255)((void) ((label_length > 0 && label_prefix_length + label_length <= 255) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 4199, "label_length > 0 && label_prefix_length + label_length <= 255" )))); |
4200 | |
4201 | /* info = HkdfLabel { length, label, context } */ |
4202 | GByteArray *info = g_byte_array_new(); |
4203 | const uint16_t length = g_htons(out_len)(((((guint16) ( (guint16) ((guint16) (out_len) >> 8) | ( guint16) ((guint16) (out_len) << 8)))))); |
4204 | g_byte_array_append(info, (const uint8_t *)&length, sizeof(length)); |
4205 | |
4206 | const uint8_t label_vector_length = label_prefix_length + label_length; |
4207 | g_byte_array_append(info, &label_vector_length, 1); |
4208 | g_byte_array_append(info, (const uint8_t *)label_prefix, label_prefix_length); |
4209 | g_byte_array_append(info, (const uint8_t*)label, label_length); |
4210 | |
4211 | g_byte_array_append(info, &context_length, 1); |
4212 | if (context_length) { |
4213 | g_byte_array_append(info, context_hash, context_length); |
4214 | } |
4215 | |
4216 | *out = (unsigned char *)wmem_alloc(NULL((void*)0), out_len); |
4217 | err = hkdf_expand(md, secret->data, secret->data_len, info->data, info->len, *out, out_len); |
4218 | g_byte_array_free(info, true1); |
4219 | |
4220 | if (err) { |
4221 | ssl_debug_printf("%s failed %d: %s\n", G_STRFUNC((const char*) (__func__)), md, gcry_strerror(err)); |
4222 | wmem_free(NULL((void*)0), *out); |
4223 | *out = NULL((void*)0); |
4224 | return false0; |
4225 | } |
4226 | |
4227 | return true1; |
4228 | } |
4229 | |
4230 | bool_Bool |
4231 | tls13_hkdf_expand_label(int md, const StringInfo *secret, |
4232 | const char *label_prefix, const char *label, |
4233 | uint16_t out_len, unsigned char **out) |
4234 | { |
4235 | return tls13_hkdf_expand_label_context(md, secret, label_prefix, label, NULL((void*)0), 0, out_len, out); |
4236 | } |
4237 | /* HMAC and the Pseudorandom function }}} */ |
4238 | |
4239 | /* Record Decompression (after decryption) {{{ */ |
4240 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) |
4241 | /* memory allocation functions for zlib initialization */ |
4242 | static void* ssl_zalloc(void* opaque _U___attribute__((unused)), unsigned int no, unsigned int size) |
4243 | { |
4244 | return g_malloc0(no*size); |
4245 | } |
4246 | static void ssl_zfree(void* opaque _U___attribute__((unused)), void* addr) |
4247 | { |
4248 | g_free(addr); |
4249 | } |
4250 | #endif |
4251 | |
4252 | static SslDecompress* |
4253 | ssl_create_decompressor(int compression) |
4254 | { |
4255 | SslDecompress *decomp; |
4256 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) |
4257 | int err; |
4258 | #endif |
4259 | |
4260 | if (compression == 0) return NULL((void*)0); |
4261 | ssl_debug_printf("ssl_create_decompressor: compression method %d\n", compression); |
4262 | decomp = wmem_new(wmem_file_scope(), SslDecompress)((SslDecompress*)wmem_alloc((wmem_file_scope()), sizeof(SslDecompress ))); |
4263 | decomp->compression = compression; |
4264 | switch (decomp->compression) { |
4265 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) |
4266 | case 1: /* DEFLATE */ |
4267 | decomp->istream.zalloc = ssl_zalloc; |
4268 | decomp->istream.zfree = ssl_zfree; |
4269 | decomp->istream.opaque = Z_NULL0; |
4270 | decomp->istream.next_in = Z_NULL0; |
4271 | decomp->istream.next_out = Z_NULL0; |
4272 | decomp->istream.avail_in = 0; |
4273 | decomp->istream.avail_out = 0; |
4274 | err = ZLIB_PREFIX(inflateInit)(&decomp->istream)inflateInit_((&decomp->istream), "1.3", (int)sizeof(z_stream )); |
4275 | if (err != Z_OK0) { |
4276 | ssl_debug_printf("ssl_create_decompressor: inflateInit_() failed - %d\n", err); |
4277 | return NULL((void*)0); |
4278 | } |
4279 | break; |
4280 | #endif |
4281 | default: |
4282 | ssl_debug_printf("ssl_create_decompressor: unsupported compression method %d\n", decomp->compression); |
4283 | return NULL((void*)0); |
4284 | } |
4285 | return decomp; |
4286 | } |
4287 | |
4288 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) |
4289 | static int |
4290 | ssl_decompress_record(SslDecompress* decomp, const unsigned char* in, unsigned inl, StringInfo* out_str, unsigned* outl) |
4291 | { |
4292 | int err; |
4293 | |
4294 | switch (decomp->compression) { |
4295 | case 1: /* DEFLATE */ |
4296 | err = Z_OK0; |
4297 | if (out_str->data_len < 16384) { /* maximal plain length */ |
4298 | ssl_data_realloc(out_str, 16384); |
4299 | } |
4300 | #ifdef z_constconst |
4301 | decomp->istream.next_in = in; |
4302 | #else |
4303 | DIAG_OFF(cast-qual)clang diagnostic push clang diagnostic ignored "-Wcast-qual"
|
4304 | decomp->istream.next_in = (Bytef *)in; |
4305 | DIAG_ON(cast-qual)clang diagnostic pop |
4306 | #endif |
4307 | decomp->istream.avail_in = inl; |
4308 | decomp->istream.next_out = out_str->data; |
4309 | decomp->istream.avail_out = out_str->data_len; |
4310 | if (inl > 0) |
4311 | err = ZLIB_PREFIX(inflate)inflate(&decomp->istream, Z_SYNC_FLUSH2); |
4312 | if (err != Z_OK0) { |
4313 | ssl_debug_printf("ssl_decompress_record: inflate() failed - %d\n", err); |
4314 | return -1; |
4315 | } |
4316 | *outl = out_str->data_len - decomp->istream.avail_out; |
4317 | break; |
4318 | default: |
4319 | ssl_debug_printf("ssl_decompress_record: unsupported compression method %d\n", decomp->compression); |
4320 | return -1; |
4321 | } |
4322 | return 0; |
4323 | } |
4324 | #else |
4325 | int |
4326 | ssl_decompress_record(SslDecompress* decomp _U___attribute__((unused)), const unsigned char* in _U___attribute__((unused)), unsigned inl _U___attribute__((unused)), StringInfo* out_str _U___attribute__((unused)), unsigned* outl _U___attribute__((unused))) |
4327 | { |
4328 | ssl_debug_printf("ssl_decompress_record: unsupported compression method %d\n", decomp->compression); |
4329 | return -1; |
4330 | } |
4331 | #endif |
4332 | /* Record Decompression (after decryption) }}} */ |
4333 | |
4334 | /* Create a new structure to store decrypted chunks. {{{ */ |
4335 | static SslFlow* |
4336 | ssl_create_flow(void) |
4337 | { |
4338 | SslFlow *flow; |
4339 | |
4340 | flow = wmem_new(wmem_file_scope(), SslFlow)((SslFlow*)wmem_alloc((wmem_file_scope()), sizeof(SslFlow))); |
4341 | flow->byte_seq = 0; |
4342 | flow->flags = 0; |
4343 | flow->multisegment_pdus = wmem_tree_new(wmem_file_scope()); |
4344 | return flow; |
4345 | } |
4346 | /* }}} */ |
4347 | |
4348 | /* Use the negotiated security parameters for decryption. {{{ */ |
4349 | void |
4350 | ssl_change_cipher(SslDecryptSession *ssl_session, bool_Bool server) |
4351 | { |
4352 | SslDecoder **new_decoder = server ? &ssl_session->server_new : &ssl_session->client_new; |
4353 | SslDecoder **dest = server ? &ssl_session->server : &ssl_session->client; |
4354 | ssl_debug_printf("ssl_change_cipher %s%s\n", server ? "SERVER" : "CLIENT", |
4355 | *new_decoder ? "" : " (No decoder found - retransmission?)"); |
4356 | if (*new_decoder) { |
4357 | *dest = *new_decoder; |
4358 | *new_decoder = NULL((void*)0); |
4359 | } |
4360 | } |
4361 | /* }}} */ |
4362 | |
4363 | /* Init cipher state given some security parameters. {{{ */ |
4364 | static bool_Bool |
4365 | ssl_decoder_destroy_cb(wmem_allocator_t *, wmem_cb_event_t, void *); |
4366 | |
4367 | static SslDecoder* |
4368 | ssl_create_decoder(const SslCipherSuite *cipher_suite, int cipher_algo, |
4369 | int compression, uint8_t *mk, uint8_t *sk, uint8_t *sn_key, uint8_t *iv, unsigned iv_length) |
4370 | { |
4371 | SslDecoder *dec; |
4372 | ssl_cipher_mode_t mode = cipher_suite->mode; |
4373 | |
4374 | dec = wmem_new0(wmem_file_scope(), SslDecoder)((SslDecoder*)wmem_alloc0((wmem_file_scope()), sizeof(SslDecoder ))); |
4375 | /* init mac buffer: mac storage is embedded into decoder struct to save a |
4376 | memory allocation and waste samo more memory*/ |
4377 | dec->cipher_suite=cipher_suite; |
4378 | dec->compression = compression; |
4379 | if ((mode == MODE_STREAM && mk != NULL((void*)0)) || mode == MODE_CBC) { |
4380 | // AEAD ciphers use no MAC key, but stream and block ciphers do. Note |
4381 | // the special case for NULL ciphers, even if there is insufficiency |
4382 | // keying material (including MAC key), we will can still create |
4383 | // decoders since "decryption" is easy for such ciphers. |
4384 | dec->mac_key.data = dec->_mac_key_or_write_iv; |
4385 | ssl_data_set(&dec->mac_key, mk, ssl_cipher_suite_dig(cipher_suite)->len); |
4386 | } else if (mode == MODE_GCM || mode == MODE_CCM || mode == MODE_CCM_8 || mode == MODE_POLY1305) { |
4387 | // Input for the nonce, to be used with AEAD ciphers. |
4388 | DISSECTOR_ASSERT(iv_length <= sizeof(dec->_mac_key_or_write_iv))((void) ((iv_length <= sizeof(dec->_mac_key_or_write_iv )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 4388, "iv_length <= sizeof(dec->_mac_key_or_write_iv)" )))); |
4389 | dec->write_iv.data = dec->_mac_key_or_write_iv; |
4390 | ssl_data_set(&dec->write_iv, iv, iv_length); |
4391 | } |
4392 | dec->seq = 0; |
4393 | dec->decomp = ssl_create_decompressor(compression); |
4394 | wmem_register_callback(wmem_file_scope(), ssl_decoder_destroy_cb, dec); |
4395 | |
4396 | if (ssl_cipher_init(&dec->evp,cipher_algo,sk,iv,cipher_suite->mode) < 0) { |
4397 | ssl_debug_printf("%s: can't create cipher id:%d mode:%d\n", G_STRFUNC((const char*) (__func__)), |
4398 | cipher_algo, cipher_suite->mode); |
4399 | return NULL((void*)0); |
4400 | } |
4401 | |
4402 | if (cipher_suite->enc != ENC_NULL0x3D && sn_key != NULL((void*)0)) { |
4403 | if (cipher_suite->enc == ENC_AES0x35 || cipher_suite->enc == ENC_AES2560x36) { |
4404 | mode = MODE_ECB; |
4405 | } else if (cipher_suite->enc == ENC_CHACHA200x3A) { |
4406 | mode = MODE_STREAM; |
4407 | } else { |
4408 | ssl_debug_printf("not supported encryption algorithm for DTLSv1.3\n"); |
4409 | return NULL((void*)0); |
4410 | } |
4411 | |
4412 | if (ssl_cipher_init(&dec->sn_evp, cipher_algo, sn_key, NULL((void*)0), mode) < 0) { |
4413 | ssl_debug_printf("%s: can't create cipher id:%d mode:%d for seq number decryption\n", G_STRFUNC((const char*) (__func__)), |
4414 | cipher_algo, MODE_ECB); |
4415 | ssl_cipher_cleanup(&dec->evp); |
4416 | dec->evp = NULL((void*)0); |
4417 | return NULL((void*)0); |
4418 | } |
4419 | } else { |
4420 | dec->sn_evp = NULL((void*)0); |
4421 | } |
4422 | |
4423 | dec->dtls13_aad.data = NULL((void*)0); |
4424 | dec->dtls13_aad.data_len = 0; |
4425 | ssl_debug_printf("decoder initialized (digest len %d)\n", ssl_cipher_suite_dig(cipher_suite)->len); |
4426 | return dec; |
4427 | } |
4428 | |
4429 | static bool_Bool |
4430 | ssl_decoder_destroy_cb(wmem_allocator_t *allocator _U___attribute__((unused)), wmem_cb_event_t event _U___attribute__((unused)), void *user_data) |
4431 | { |
4432 | SslDecoder *dec = (SslDecoder *) user_data; |
4433 | |
4434 | if (dec->evp) |
4435 | ssl_cipher_cleanup(&dec->evp); |
4436 | if (dec->sn_evp) |
4437 | ssl_cipher_cleanup(&dec->sn_evp); |
4438 | |
4439 | #if defined (HAVE_ZLIB1) || defined (HAVE_ZLIBNG) |
4440 | if (dec->decomp != NULL((void*)0) && dec->decomp->compression == 1 /* DEFLATE */) |
4441 | ZLIB_PREFIX(inflateEnd)inflateEnd(&dec->decomp->istream); |
4442 | #endif |
4443 | |
4444 | return false0; |
4445 | } |
4446 | /* }}} */ |
4447 | |
4448 | /* (Pre-)master secrets calculations {{{ */ |
4449 | #ifdef HAVE_LIBGNUTLS1 |
4450 | static bool_Bool |
4451 | ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session, |
4452 | StringInfo *encrypted_pre_master, |
4453 | GHashTable *key_hash); |
4454 | #endif /* HAVE_LIBGNUTLS */ |
4455 | |
4456 | static bool_Bool |
4457 | ssl_restore_master_key(SslDecryptSession *ssl, const char *label, |
4458 | bool_Bool is_pre_master, GHashTable *ht, StringInfo *key); |
4459 | |
4460 | bool_Bool |
4461 | ssl_generate_pre_master_secret(SslDecryptSession *ssl_session, |
4462 | uint32_t length, tvbuff_t *tvb, uint32_t offset, |
4463 | const char *ssl_psk, packet_info *pinfo, |
4464 | #ifdef HAVE_LIBGNUTLS1 |
4465 | GHashTable *key_hash, |
4466 | #endif |
4467 | const ssl_master_key_map_t *mk_map) |
4468 | { |
4469 | /* check for required session data */ |
4470 | ssl_debug_printf("%s: found SSL_HND_CLIENT_KEY_EXCHG, state %X\n", |
4471 | G_STRFUNC((const char*) (__func__)), ssl_session->state); |
4472 | if ((ssl_session->state & (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))) != |
4473 | (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))) { |
4474 | ssl_debug_printf("%s: not enough data to generate key (required state %X)\n", G_STRFUNC((const char*) (__func__)), |
4475 | (SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4))); |
4476 | return false0; |
4477 | } |
4478 | |
4479 | if (ssl_session->session.version == TLSV1DOT3_VERSION0x304) { |
4480 | ssl_debug_printf("%s: detected TLS 1.3 which has no pre-master secrets\n", G_STRFUNC((const char*) (__func__))); |
4481 | return false0; |
4482 | } |
4483 | |
4484 | /* check to see if the PMS was provided to us*/ |
4485 | if (ssl_restore_master_key(ssl_session, "Unencrypted pre-master secret", true1, |
4486 | mk_map->pms, &ssl_session->client_random)) { |
4487 | return true1; |
4488 | } |
4489 | |
4490 | if (ssl_session->cipher_suite->kex == KEX_PSK0x1d) |
4491 | { |
4492 | /* calculate pre master secret*/ |
4493 | StringInfo pre_master_secret; |
4494 | unsigned psk_len, pre_master_len; |
4495 | |
4496 | if (!ssl_psk || (ssl_psk[0] == 0)) { |
4497 | ssl_debug_printf("%s: can't find pre-shared key\n", G_STRFUNC((const char*) (__func__))); |
4498 | return false0; |
4499 | } |
4500 | |
4501 | /* convert hex string into char*/ |
4502 | if (!from_hex(&ssl_session->psk, ssl_psk, strlen(ssl_psk))) { |
4503 | ssl_debug_printf("%s: ssl.psk/dtls.psk contains invalid hex\n", |
4504 | G_STRFUNC((const char*) (__func__))); |
4505 | return false0; |
4506 | } |
4507 | |
4508 | psk_len = ssl_session->psk.data_len; |
4509 | if (psk_len >= (2 << 15)) { |
4510 | ssl_debug_printf("%s: ssl.psk/dtls.psk must not be larger than 2^15 - 1\n", |
4511 | G_STRFUNC((const char*) (__func__))); |
4512 | return false0; |
4513 | } |
4514 | |
4515 | |
4516 | pre_master_len = psk_len * 2 + 4; |
4517 | |
4518 | pre_master_secret.data = (unsigned char *)wmem_alloc(wmem_file_scope(), pre_master_len); |
4519 | pre_master_secret.data_len = pre_master_len; |
4520 | /* 2 bytes psk_len*/ |
4521 | pre_master_secret.data[0] = psk_len >> 8; |
4522 | pre_master_secret.data[1] = psk_len & 0xFF; |
4523 | /* psk_len bytes times 0*/ |
4524 | memset(&pre_master_secret.data[2], 0, psk_len); |
4525 | /* 2 bytes psk_len*/ |
4526 | pre_master_secret.data[psk_len + 2] = psk_len >> 8; |
4527 | pre_master_secret.data[psk_len + 3] = psk_len & 0xFF; |
4528 | /* psk*/ |
4529 | memcpy(&pre_master_secret.data[psk_len + 4], ssl_session->psk.data, psk_len); |
4530 | |
4531 | ssl_session->pre_master_secret.data = pre_master_secret.data; |
4532 | ssl_session->pre_master_secret.data_len = pre_master_len; |
4533 | /*ssl_debug_printf("pre master secret",&ssl->pre_master_secret);*/ |
4534 | |
4535 | /* Remove the master secret if it was there. |
4536 | This forces keying material regeneration in |
4537 | case we're renegotiating */ |
4538 | ssl_session->state &= ~(SSL_MASTER_SECRET(1<<5)|SSL_HAVE_SESSION_KEY(1<<3)); |
4539 | ssl_session->state |= SSL_PRE_MASTER_SECRET(1<<6); |
4540 | return true1; |
4541 | } |
4542 | else |
4543 | { |
4544 | unsigned encrlen, skip; |
4545 | encrlen = length; |
4546 | skip = 0; |
4547 | |
4548 | /* get encrypted data, on tls1 we have to skip two bytes |
4549 | * (it's the encrypted len and should be equal to record len - 2) |
4550 | * in case of rsa1024 that would be 128 + 2 = 130; for psk not necessary |
4551 | */ |
4552 | if (ssl_session->cipher_suite->kex == KEX_RSA0x1e && |
4553 | (ssl_session->session.version == TLSV1_VERSION0x301 || |
4554 | ssl_session->session.version == TLSV1DOT1_VERSION0x302 || |
4555 | ssl_session->session.version == TLSV1DOT2_VERSION0x303 || |
4556 | ssl_session->session.version == DTLSV1DOT0_VERSION0xfeff || |
4557 | ssl_session->session.version == DTLSV1DOT2_VERSION0xfefd || |
4558 | ssl_session->session.version == TLCPV1_VERSION0x101 )) |
4559 | { |
4560 | encrlen = tvb_get_ntohs(tvb, offset); |
4561 | skip = 2; |
4562 | if (encrlen > length - 2) |
4563 | { |
4564 | ssl_debug_printf("%s: wrong encrypted length (%d max %d)\n", |
4565 | G_STRFUNC((const char*) (__func__)), encrlen, length); |
4566 | return false0; |
4567 | } |
4568 | } |
4569 | /* the valid lower bound is higher than 8, but it is sufficient for the |
4570 | * ssl keylog file below */ |
4571 | if (encrlen < 8) { |
4572 | ssl_debug_printf("%s: invalid encrypted pre-master key length %d\n", |
4573 | G_STRFUNC((const char*) (__func__)), encrlen); |
4574 | return false0; |
4575 | } |
4576 | |
4577 | StringInfo encrypted_pre_master = { |
4578 | .data = (unsigned char *)tvb_memdup(pinfo->pool, tvb, offset + skip, encrlen), |
4579 | .data_len = encrlen, |
4580 | }; |
4581 | |
4582 | #ifdef HAVE_LIBGNUTLS1 |
4583 | /* Try to lookup an appropriate RSA private key to decrypt the Encrypted Pre-Master Secret. */ |
4584 | if (ssl_session->cert_key_id) { |
4585 | if (ssl_decrypt_pre_master_secret(ssl_session, &encrypted_pre_master, key_hash)) |
4586 | return true1; |
4587 | |
4588 | ssl_debug_printf("%s: can't decrypt pre-master secret\n", |
4589 | G_STRFUNC((const char*) (__func__))); |
4590 | } |
4591 | #endif /* HAVE_LIBGNUTLS */ |
4592 | |
4593 | /* try to find the pre-master secret from the encrypted one. The |
4594 | * ssl key logfile stores only the first 8 bytes, so truncate it */ |
4595 | encrypted_pre_master.data_len = 8; |
4596 | if (ssl_restore_master_key(ssl_session, "Encrypted pre-master secret", |
4597 | true1, mk_map->pre_master, &encrypted_pre_master)) |
4598 | return true1; |
4599 | } |
4600 | return false0; |
4601 | } |
4602 | |
4603 | /* Used for (D)TLS 1.2 and earlier versions (not with TLS 1.3). */ |
4604 | int |
4605 | ssl_generate_keyring_material(SslDecryptSession*ssl_session) |
4606 | { |
4607 | StringInfo key_block = { NULL((void*)0), 0 }; |
4608 | uint8_t _iv_c[MAX_BLOCK_SIZE16],_iv_s[MAX_BLOCK_SIZE16]; |
4609 | uint8_t _key_c[MAX_KEY_SIZE32],_key_s[MAX_KEY_SIZE32]; |
4610 | int needed; |
4611 | int cipher_algo = -1; /* special value (-1) for NULL encryption */ |
4612 | unsigned encr_key_len, write_iv_len = 0; |
4613 | bool_Bool is_export_cipher; |
4614 | uint8_t *ptr, *c_iv = NULL((void*)0), *s_iv = NULL((void*)0); |
4615 | uint8_t *c_wk = NULL((void*)0), *s_wk = NULL((void*)0), *c_mk = NULL((void*)0), *s_mk = NULL((void*)0); |
4616 | const SslCipherSuite *cipher_suite = ssl_session->cipher_suite; |
4617 | |
4618 | /* (D)TLS 1.3 is handled directly in tls13_change_key. */ |
4619 | if (ssl_session->session.version7.1 | Field 'version' is not equal to TLSV1DOT3_VERSION | == TLSV1DOT3_VERSION0x304 || ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { |
| 8 | | Assuming field 'version' is not equal to DTLSV1DOT3_VERSION | |
|
| |
4620 | ssl_debug_printf("%s: detected TLS 1.3. Should not have been called!\n", G_STRFUNC((const char*) (__func__))); |
4621 | return -1; |
4622 | } |
4623 | |
4624 | /* check for enough info to proceed */ |
4625 | unsigned need_all = SSL_CIPHER(1<<2)|SSL_CLIENT_RANDOM(1<<0)|SSL_SERVER_RANDOM(1<<1)|SSL_VERSION(1<<4); |
4626 | unsigned need_any = SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6); |
4627 | if (((ssl_session->state & need_all) != need_all) || ((ssl_session->state & need_any) == 0)) { |
| 10 | | Assuming the condition is false | |
|
| 11 | | Assuming the condition is false | |
|
| |
4628 | ssl_debug_printf("ssl_generate_keyring_material not enough data to generate key " |
4629 | "(0x%02X required 0x%02X or 0x%02X)\n", ssl_session->state, |
4630 | need_all|SSL_MASTER_SECRET(1<<5), need_all|SSL_PRE_MASTER_SECRET(1<<6)); |
4631 | /* Special case: for NULL encryption, allow dissection of data even if |
4632 | * the Client Hello is missing (MAC keys are now skipped though). */ |
4633 | need_all = SSL_CIPHER(1<<2)|SSL_VERSION(1<<4); |
4634 | if ((ssl_session->state & need_all) == need_all && |
4635 | cipher_suite->enc == ENC_NULL0x3D) { |
4636 | ssl_debug_printf("%s NULL cipher found, will create a decoder but " |
4637 | "skip MAC validation as keys are missing.\n", G_STRFUNC((const char*) (__func__))); |
4638 | goto create_decoders; |
4639 | } |
4640 | |
4641 | return -1; |
4642 | } |
4643 | |
4644 | /* if master key is not available, generate is from the pre-master secret */ |
4645 | if (!(ssl_session->state & SSL_MASTER_SECRET(1<<5))) { |
| 13 | | Assuming the condition is true | |
|
| |
4646 | if ((ssl_session->state & SSL_EXTENDED_MASTER_SECRET_MASK((1<<7)|(1<<8))) == SSL_EXTENDED_MASTER_SECRET_MASK((1<<7)|(1<<8))) { |
| 15 | | Assuming the condition is true | |
|
| |
4647 | StringInfo handshake_hashed_data; |
4648 | int ret; |
4649 | |
4650 | handshake_hashed_data.data = NULL((void*)0); |
4651 | handshake_hashed_data.data_len = 0; |
4652 | |
4653 | ssl_debug_printf("%s:PRF(pre_master_secret_extended)\n", G_STRFUNC((const char*) (__func__))); |
4654 | ssl_print_string("pre master secret",&ssl_session->pre_master_secret); |
4655 | DISSECTOR_ASSERT(ssl_session->handshake_data.data_len > 0)((void) ((ssl_session->handshake_data.data_len > 0) ? ( void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 4655, "ssl_session->handshake_data.data_len > 0" )))); |
| 17 | | Assuming field 'data_len' is > 0 | |
|
| |
4656 | |
4657 | switch(ssl_session->session.version) { |
| 19 | | Control jumps to 'case 257:' at line 4662 | |
|
4658 | case TLSV1_VERSION0x301: |
4659 | case TLSV1DOT1_VERSION0x302: |
4660 | case DTLSV1DOT0_VERSION0xfeff: |
4661 | case DTLSV1DOT0_OPENSSL_VERSION0x100: |
4662 | case TLCPV1_VERSION0x101: |
4663 | ret = tls_handshake_hash(ssl_session, &handshake_hashed_data); |
| 20 | | Calling 'tls_handshake_hash' | |
|
| 28 | | Returned allocated memory | |
|
4664 | break; |
4665 | default: |
4666 | switch (cipher_suite->dig) { |
4667 | case DIG_SHA3840x43: |
4668 | ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA384, &handshake_hashed_data); |
4669 | break; |
4670 | default: |
4671 | ret = tls12_handshake_hash(ssl_session, GCRY_MD_SHA256, &handshake_hashed_data); |
4672 | break; |
4673 | } |
4674 | break; |
4675 | } |
4676 | if (ret) { |
| 29 | | Execution continues on line 4676 | |
|
| |
4677 | ssl_debug_printf("%s can't generate handshake hash\n", G_STRFUNC((const char*) (__func__))); |
| 31 | | Potential leak of memory pointed to by 'handshake_hashed_data.data' |
|
4678 | return -1; |
4679 | } |
4680 | |
4681 | wmem_free(wmem_file_scope(), ssl_session->handshake_data.data); |
4682 | ssl_session->handshake_data.data = NULL((void*)0); |
4683 | ssl_session->handshake_data.data_len = 0; |
4684 | |
4685 | if (!prf(ssl_session, &ssl_session->pre_master_secret, "extended master secret", |
4686 | &handshake_hashed_data, |
4687 | NULL((void*)0), &ssl_session->master_secret, |
4688 | SSL_MASTER_SECRET_LENGTH48)) { |
4689 | ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC((const char*) (__func__))); |
4690 | g_free(handshake_hashed_data.data); |
4691 | return -1; |
4692 | } |
4693 | g_free(handshake_hashed_data.data); |
4694 | } else { |
4695 | ssl_debug_printf("%s:PRF(pre_master_secret)\n", G_STRFUNC((const char*) (__func__))); |
4696 | ssl_print_string("pre master secret",&ssl_session->pre_master_secret); |
4697 | ssl_print_string("client random",&ssl_session->client_random); |
4698 | ssl_print_string("server random",&ssl_session->server_random); |
4699 | if (!prf(ssl_session, &ssl_session->pre_master_secret, "master secret", |
4700 | &ssl_session->client_random, |
4701 | &ssl_session->server_random, &ssl_session->master_secret, |
4702 | SSL_MASTER_SECRET_LENGTH48)) { |
4703 | ssl_debug_printf("%s can't generate master_secret\n", G_STRFUNC((const char*) (__func__))); |
4704 | return -1; |
4705 | } |
4706 | } |
4707 | ssl_print_string("master secret",&ssl_session->master_secret); |
4708 | |
4709 | /* the pre-master secret has been 'consumed' so we must clear it now */ |
4710 | ssl_session->state &= ~SSL_PRE_MASTER_SECRET(1<<6); |
4711 | ssl_session->state |= SSL_MASTER_SECRET(1<<5); |
4712 | } |
4713 | |
4714 | /* Find the Libgcrypt cipher algorithm for the given SSL cipher suite ID */ |
4715 | if (cipher_suite->enc != ENC_NULL0x3D) { |
4716 | const char *cipher_name = ciphers[cipher_suite->enc-ENC_START0x30]; |
4717 | ssl_debug_printf("%s CIPHER: %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); |
4718 | cipher_algo = ssl_get_cipher_by_name(cipher_name); |
4719 | if (cipher_algo == 0) { |
4720 | ssl_debug_printf("%s can't find cipher %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); |
4721 | return -1; |
4722 | } |
4723 | } |
4724 | |
4725 | /* Export ciphers consume less material from the key block. */ |
4726 | encr_key_len = ssl_get_cipher_export_keymat_size(cipher_suite->number); |
4727 | is_export_cipher = encr_key_len > 0; |
4728 | if (!is_export_cipher && cipher_suite->enc != ENC_NULL0x3D) { |
4729 | encr_key_len = (unsigned)gcry_cipher_get_algo_keylen(cipher_algo); |
4730 | } |
4731 | |
4732 | if (cipher_suite->mode == MODE_CBC) { |
4733 | write_iv_len = (unsigned)gcry_cipher_get_algo_blklen(cipher_algo); |
4734 | } else if (cipher_suite->mode == MODE_GCM || cipher_suite->mode == MODE_CCM || cipher_suite->mode == MODE_CCM_8) { |
4735 | /* account for a four-byte salt for client and server side (from |
4736 | * client_write_IV and server_write_IV), see GCMNonce (RFC 5288) */ |
4737 | write_iv_len = 4; |
4738 | } else if (cipher_suite->mode == MODE_POLY1305) { |
4739 | /* RFC 7905: SecurityParameters.fixed_iv_length is twelve bytes */ |
4740 | write_iv_len = 12; |
4741 | } |
4742 | |
4743 | /* Compute the key block. First figure out how much data we need */ |
4744 | needed = ssl_cipher_suite_dig(cipher_suite)->len*2; /* MAC key */ |
4745 | needed += 2 * encr_key_len; /* encryption key */ |
4746 | needed += 2 * write_iv_len; /* write IV */ |
4747 | |
4748 | key_block.data = (unsigned char *)g_malloc(needed); |
4749 | ssl_debug_printf("%s sess key generation\n", G_STRFUNC((const char*) (__func__))); |
4750 | if (!prf(ssl_session, &ssl_session->master_secret, "key expansion", |
4751 | &ssl_session->server_random,&ssl_session->client_random, |
4752 | &key_block, needed)) { |
4753 | ssl_debug_printf("%s can't generate key_block\n", G_STRFUNC((const char*) (__func__))); |
4754 | goto fail; |
4755 | } |
4756 | ssl_print_string("key expansion", &key_block); |
4757 | |
4758 | ptr=key_block.data; |
4759 | /* client/server write MAC key (for non-AEAD ciphers) */ |
4760 | if (cipher_suite->mode == MODE_STREAM || cipher_suite->mode == MODE_CBC) { |
4761 | c_mk=ptr; ptr+=ssl_cipher_suite_dig(cipher_suite)->len; |
4762 | s_mk=ptr; ptr+=ssl_cipher_suite_dig(cipher_suite)->len; |
4763 | } |
4764 | /* client/server write encryption key */ |
4765 | c_wk=ptr; ptr += encr_key_len; |
4766 | s_wk=ptr; ptr += encr_key_len; |
4767 | /* client/server write IV (used as IV (for CBC) or salt (for AEAD)) */ |
4768 | if (write_iv_len > 0) { |
4769 | c_iv=ptr; ptr += write_iv_len; |
4770 | s_iv=ptr; /* ptr += write_iv_len; */ |
4771 | } |
4772 | |
4773 | /* export ciphers work with a smaller key length */ |
4774 | if (is_export_cipher) { |
4775 | if (cipher_suite->mode == MODE_CBC) { |
4776 | |
4777 | /* We only have room for MAX_BLOCK_SIZE bytes IVs, but that's |
4778 | all we should need. This is a sanity check */ |
4779 | if (write_iv_len > MAX_BLOCK_SIZE16) { |
4780 | ssl_debug_printf("%s cipher suite block must be at most %d nut is %d\n", |
4781 | G_STRFUNC((const char*) (__func__)), MAX_BLOCK_SIZE16, write_iv_len); |
4782 | goto fail; |
4783 | } |
4784 | |
4785 | if(ssl_session->session.version==SSLV3_VERSION0x300){ |
4786 | /* The length of these fields are ignored by this caller */ |
4787 | StringInfo iv_c, iv_s; |
4788 | iv_c.data = _iv_c; |
4789 | iv_s.data = _iv_s; |
4790 | |
4791 | ssl_debug_printf("%s ssl3_generate_export_iv\n", G_STRFUNC((const char*) (__func__))); |
4792 | if (!ssl3_generate_export_iv(&ssl_session->client_random, |
4793 | &ssl_session->server_random, &iv_c, write_iv_len)) { |
4794 | goto fail; |
4795 | } |
4796 | ssl_debug_printf("%s ssl3_generate_export_iv(2)\n", G_STRFUNC((const char*) (__func__))); |
4797 | if (!ssl3_generate_export_iv(&ssl_session->server_random, |
4798 | &ssl_session->client_random, &iv_s, write_iv_len)) { |
4799 | goto fail; |
4800 | } |
4801 | } |
4802 | else{ |
4803 | uint8_t _iv_block[MAX_BLOCK_SIZE16 * 2]; |
4804 | StringInfo iv_block; |
4805 | StringInfo key_null; |
4806 | uint8_t _key_null; |
4807 | |
4808 | key_null.data = &_key_null; |
4809 | key_null.data_len = 0; |
4810 | |
4811 | iv_block.data = _iv_block; |
4812 | |
4813 | ssl_debug_printf("%s prf(iv_block)\n", G_STRFUNC((const char*) (__func__))); |
4814 | if (!prf(ssl_session, &key_null, "IV block", |
4815 | &ssl_session->client_random, |
4816 | &ssl_session->server_random, &iv_block, |
4817 | write_iv_len * 2)) { |
4818 | ssl_debug_printf("%s can't generate tls31 iv block\n", G_STRFUNC((const char*) (__func__))); |
4819 | goto fail; |
4820 | } |
4821 | |
4822 | memcpy(_iv_c, iv_block.data, write_iv_len); |
4823 | memcpy(_iv_s, iv_block.data + write_iv_len, write_iv_len); |
4824 | } |
4825 | |
4826 | c_iv=_iv_c; |
4827 | s_iv=_iv_s; |
4828 | } |
4829 | |
4830 | if (ssl_session->session.version==SSLV3_VERSION0x300){ |
4831 | |
4832 | SSL_MD5_CTXgcry_md_hd_t md5; |
4833 | ssl_debug_printf("%s MD5(client_random)\n", G_STRFUNC((const char*) (__func__))); |
4834 | |
4835 | if (ssl_md5_init(&md5) != 0) |
4836 | goto fail; |
4837 | ssl_md5_update(&md5,c_wk,encr_key_len); |
4838 | ssl_md5_update(&md5,ssl_session->client_random.data, |
4839 | ssl_session->client_random.data_len); |
4840 | ssl_md5_update(&md5,ssl_session->server_random.data, |
4841 | ssl_session->server_random.data_len); |
4842 | ssl_md5_final(_key_c,&md5); |
4843 | ssl_md5_cleanup(&md5); |
4844 | c_wk=_key_c; |
4845 | |
4846 | if (ssl_md5_init(&md5) != 0) |
4847 | goto fail; |
4848 | ssl_debug_printf("%s MD5(server_random)\n", G_STRFUNC((const char*) (__func__))); |
4849 | ssl_md5_update(&md5,s_wk,encr_key_len); |
4850 | ssl_md5_update(&md5,ssl_session->server_random.data, |
4851 | ssl_session->server_random.data_len); |
4852 | ssl_md5_update(&md5,ssl_session->client_random.data, |
4853 | ssl_session->client_random.data_len); |
4854 | ssl_md5_final(_key_s,&md5); |
4855 | ssl_md5_cleanup(&md5); |
4856 | s_wk=_key_s; |
4857 | } |
4858 | else{ |
4859 | StringInfo key_c, key_s, k; |
4860 | key_c.data = _key_c; |
4861 | key_s.data = _key_s; |
4862 | |
4863 | k.data = c_wk; |
4864 | k.data_len = encr_key_len; |
4865 | ssl_debug_printf("%s PRF(key_c)\n", G_STRFUNC((const char*) (__func__))); |
4866 | if (!prf(ssl_session, &k, "client write key", |
4867 | &ssl_session->client_random, |
4868 | &ssl_session->server_random, &key_c, sizeof(_key_c))) { |
4869 | ssl_debug_printf("%s can't generate tll31 server key \n", G_STRFUNC((const char*) (__func__))); |
4870 | goto fail; |
4871 | } |
4872 | c_wk=_key_c; |
4873 | |
4874 | k.data = s_wk; |
4875 | k.data_len = encr_key_len; |
4876 | ssl_debug_printf("%s PRF(key_s)\n", G_STRFUNC((const char*) (__func__))); |
4877 | if (!prf(ssl_session, &k, "server write key", |
4878 | &ssl_session->client_random, |
4879 | &ssl_session->server_random, &key_s, sizeof(_key_s))) { |
4880 | ssl_debug_printf("%s can't generate tll31 client key \n", G_STRFUNC((const char*) (__func__))); |
4881 | goto fail; |
4882 | } |
4883 | s_wk=_key_s; |
4884 | } |
4885 | } |
4886 | |
4887 | /* show key material info */ |
4888 | if (c_mk != NULL((void*)0)) { |
4889 | ssl_print_data("Client MAC key",c_mk,ssl_cipher_suite_dig(cipher_suite)->len); |
4890 | ssl_print_data("Server MAC key",s_mk,ssl_cipher_suite_dig(cipher_suite)->len); |
4891 | } |
4892 | ssl_print_data("Client Write key", c_wk, encr_key_len); |
4893 | ssl_print_data("Server Write key", s_wk, encr_key_len); |
4894 | /* used as IV for CBC mode and the AEAD implicit nonce (salt) */ |
4895 | if (write_iv_len > 0) { |
4896 | ssl_print_data("Client Write IV", c_iv, write_iv_len); |
4897 | ssl_print_data("Server Write IV", s_iv, write_iv_len); |
4898 | } |
4899 | |
4900 | create_decoders: |
4901 | /* create both client and server ciphers*/ |
4902 | ssl_debug_printf("%s ssl_create_decoder(client)\n", G_STRFUNC((const char*) (__func__))); |
4903 | ssl_session->client_new = ssl_create_decoder(cipher_suite, cipher_algo, ssl_session->session.compression, c_mk, c_wk, NULL((void*)0), c_iv, write_iv_len); |
4904 | if (!ssl_session->client_new) { |
4905 | ssl_debug_printf("%s can't init client decoder\n", G_STRFUNC((const char*) (__func__))); |
4906 | goto fail; |
4907 | } |
4908 | ssl_debug_printf("%s ssl_create_decoder(server)\n", G_STRFUNC((const char*) (__func__))); |
4909 | ssl_session->server_new = ssl_create_decoder(cipher_suite, cipher_algo, ssl_session->session.compression, s_mk, s_wk, NULL((void*)0), s_iv, write_iv_len); |
4910 | if (!ssl_session->server_new) { |
4911 | ssl_debug_printf("%s can't init server decoder\n", G_STRFUNC((const char*) (__func__))); |
4912 | goto fail; |
4913 | } |
4914 | |
4915 | /* Continue the SSL stream after renegotiation with new keys. */ |
4916 | ssl_session->client_new->flow = ssl_session->client ? ssl_session->client->flow : ssl_create_flow(); |
4917 | ssl_session->server_new->flow = ssl_session->server ? ssl_session->server->flow : ssl_create_flow(); |
4918 | |
4919 | ssl_debug_printf("%s: client seq %" PRIu64"l" "u" ", server seq %" PRIu64"l" "u" "\n", |
4920 | G_STRFUNC((const char*) (__func__)), ssl_session->client_new->seq, ssl_session->server_new->seq); |
4921 | g_free(key_block.data); |
4922 | ssl_session->state |= SSL_HAVE_SESSION_KEY(1<<3); |
4923 | return 0; |
4924 | |
4925 | fail: |
4926 | g_free(key_block.data); |
4927 | return -1; |
4928 | } |
4929 | |
4930 | /* Generated the key material based on the given secret. */ |
4931 | bool_Bool |
4932 | tls13_generate_keys(SslDecryptSession *ssl_session, const StringInfo *secret, bool_Bool is_from_server) |
4933 | { |
4934 | bool_Bool success = false0; |
4935 | unsigned char *write_key = NULL((void*)0), *write_iv = NULL((void*)0); |
4936 | unsigned char *sn_key = NULL((void*)0); |
4937 | SslDecoder *decoder; |
4938 | unsigned key_length, iv_length; |
4939 | int hash_algo; |
4940 | const SslCipherSuite *cipher_suite = ssl_session->cipher_suite; |
4941 | int cipher_algo; |
4942 | |
4943 | if ((ssl_session->session.version != TLSV1DOT3_VERSION0x304) && (ssl_session->session.version != DTLSV1DOT3_VERSION0xfefc)) { |
4944 | ssl_debug_printf("%s only usable for TLS 1.3, not %#x!\n", G_STRFUNC((const char*) (__func__)), |
4945 | ssl_session->session.version); |
4946 | return false0; |
4947 | } |
4948 | |
4949 | if (cipher_suite == NULL((void*)0)) { |
4950 | ssl_debug_printf("%s Unknown cipher\n", G_STRFUNC((const char*) (__func__))); |
4951 | return false0; |
4952 | } |
4953 | |
4954 | if (cipher_suite->kex != KEX_TLS130x23) { |
4955 | ssl_debug_printf("%s Invalid cipher suite 0x%04x spotted!\n", G_STRFUNC((const char*) (__func__)), cipher_suite->number); |
4956 | return false0; |
4957 | } |
4958 | |
4959 | /* Find the Libgcrypt cipher algorithm for the given SSL cipher suite ID */ |
4960 | const char *cipher_name = ciphers[cipher_suite->enc-ENC_START0x30]; |
4961 | ssl_debug_printf("%s CIPHER: %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); |
4962 | cipher_algo = ssl_get_cipher_by_name(cipher_name); |
4963 | if (cipher_algo == 0) { |
4964 | ssl_debug_printf("%s can't find cipher %s\n", G_STRFUNC((const char*) (__func__)), cipher_name); |
4965 | return false0; |
4966 | } |
4967 | |
4968 | const char *hash_name = ssl_cipher_suite_dig(cipher_suite)->name; |
4969 | hash_algo = ssl_get_digest_by_name(hash_name); |
4970 | if (!hash_algo) { |
4971 | ssl_debug_printf("%s can't find hash function %s\n", G_STRFUNC((const char*) (__func__)), hash_name); |
4972 | return false0; |
4973 | } |
4974 | |
4975 | key_length = (unsigned) gcry_cipher_get_algo_keylen(cipher_algo); |
4976 | /* AES-GCM/AES-CCM/Poly1305-ChaCha20 all have N_MIN=N_MAX = 12. */ |
4977 | iv_length = 12; |
4978 | ssl_debug_printf("%s key_length %u iv_length %u\n", G_STRFUNC((const char*) (__func__)), key_length, iv_length); |
4979 | |
4980 | const char *label_prefix = tls13_hkdf_label_prefix(ssl_session); |
4981 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "key", key_length, &write_key)) { |
4982 | ssl_debug_printf("%s write_key expansion failed\n", G_STRFUNC((const char*) (__func__))); |
4983 | return false0; |
4984 | } |
4985 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "iv", iv_length, &write_iv)) { |
4986 | ssl_debug_printf("%s write_iv expansion failed\n", G_STRFUNC((const char*) (__func__))); |
4987 | goto end; |
4988 | } |
4989 | |
4990 | if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { |
4991 | if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "sn", key_length, &sn_key)) { |
4992 | ssl_debug_printf("%s sn_key expansion failed\n", G_STRFUNC((const char*) (__func__))); |
4993 | goto end; |
4994 | } |
4995 | } |
4996 | |
4997 | ssl_print_data(is_from_server ? "Server Write Key" : "Client Write Key", write_key, key_length); |
4998 | ssl_print_data(is_from_server ? "Server Write IV" : "Client Write IV", write_iv, iv_length); |
4999 | if (ssl_session->session.version == DTLSV1DOT3_VERSION0xfefc) { |
5000 | ssl_print_data(is_from_server ? "Server Write SN" : "Client Write SN", sn_key, key_length); |
5001 | } |
5002 | |
5003 | ssl_debug_printf("%s ssl_create_decoder(%s)\n", G_STRFUNC((const char*) (__func__)), is_from_server ? "server" : "client"); |
5004 | decoder = ssl_create_decoder(cipher_suite, cipher_algo, 0, NULL((void*)0), write_key, sn_key, write_iv, iv_length); |
5005 | if (!decoder) { |
5006 | ssl_debug_printf("%s can't init %s decoder\n", G_STRFUNC((const char*) (__func__)), is_from_server ? "server" : "client"); |
5007 | goto end; |
5008 | } |
5009 | |
5010 | /* Continue the TLS session with new keys, but reuse old flow to keep things |
5011 | * like "Follow TLS" working (by linking application data records). */ |
5012 | if (is_from_server) { |
5013 | decoder->flow = ssl_session->server ? ssl_session->server->flow : ssl_create_flow(); |
5014 | ssl_session->server = decoder; |
5015 | } else { |
5016 | decoder->flow = ssl_session->client ? ssl_session->client->flow : ssl_create_flow(); |
5017 | ssl_session->client = decoder; |
5018 | } |
5019 | ssl_debug_printf("%s %s ready using cipher suite 0x%04x (cipher %s hash %s)\n", G_STRFUNC((const char*) (__func__)), |
5020 | is_from_server ? "Server" : "Client", cipher_suite->number, cipher_name, hash_name); |
5021 | success = true1; |
5022 | |
5023 | end: |
5024 | wmem_free(NULL((void*)0), write_key); |
5025 | wmem_free(NULL((void*)0), write_iv); |
5026 | if (sn_key) |
5027 | wmem_free(NULL((void*)0), sn_key); |
5028 | return success; |
5029 | } |
5030 | /* (Pre-)master secrets calculations }}} */ |
5031 | |
5032 | #ifdef HAVE_LIBGNUTLS1 |
5033 | /* Decrypt RSA pre-master secret using RSA private key. {{{ */ |
5034 | static bool_Bool |
5035 | ssl_decrypt_pre_master_secret(SslDecryptSession *ssl_session, |
5036 | StringInfo *encrypted_pre_master, GHashTable *key_hash) |
5037 | { |
5038 | int ret; |
5039 | |
5040 | if (!encrypted_pre_master) |
5041 | return false0; |
5042 | |
5043 | if (KEX_IS_DH(ssl_session->cipher_suite->kex)((ssl_session->cipher_suite->kex) >= 0x10 && (ssl_session->cipher_suite->kex) <= 0x1b)) { |
5044 | ssl_debug_printf("%s: session uses Diffie-Hellman key exchange " |
5045 | "(cipher suite 0x%04X %s) and cannot be decrypted " |
5046 | "using a RSA private key file.\n", |
5047 | G_STRFUNC((const char*) (__func__)), ssl_session->session.cipher, |
5048 | val_to_str_ext_const(ssl_session->session.cipher, |
5049 | &ssl_31_ciphersuite_ext, "unknown")); |
5050 | return false0; |
5051 | } else if (ssl_session->cipher_suite->kex != KEX_RSA0x1e) { |
5052 | ssl_debug_printf("%s key exchange %d different from KEX_RSA (%d)\n", |
5053 | G_STRFUNC((const char*) (__func__)), ssl_session->cipher_suite->kex, KEX_RSA0x1e); |
5054 | return false0; |
5055 | } |
5056 | |
5057 | gnutls_privkey_t pk = (gnutls_privkey_t)g_hash_table_lookup(key_hash, ssl_session->cert_key_id); |
5058 | |
5059 | ssl_print_string("pre master encrypted", encrypted_pre_master); |
5060 | ssl_debug_printf("%s: RSA_private_decrypt\n", G_STRFUNC((const char*) (__func__))); |
5061 | const gnutls_datum_t epms = { encrypted_pre_master->data, encrypted_pre_master->data_len }; |
5062 | gnutls_datum_t pms = { 0 }; |
5063 | if (pk) { |
5064 | // Try to decrypt using the RSA keys table from (D)TLS preferences. |
5065 | ret = gnutls_privkey_decrypt_data(pk, 0, &epms, &pms); |
5066 | } else { |
5067 | // Try to decrypt using a hardware token. |
5068 | ret = secrets_rsa_decrypt(ssl_session->cert_key_id, epms.data, epms.size, &pms.data, &pms.size); |
5069 | } |
5070 | if (ret < 0) { |
5071 | ssl_debug_printf("%s: decryption failed: %d (%s)\n", G_STRFUNC((const char*) (__func__)), ret, gnutls_strerror(ret)); |
5072 | return false0; |
5073 | } |
5074 | |
5075 | if (pms.size != 48) { |
5076 | ssl_debug_printf("%s wrong pre_master_secret length (%d, expected %d)\n", |
5077 | G_STRFUNC((const char*) (__func__)), pms.size, 48); |
5078 | if (pk) { |
5079 | gnutls_free(pms.data); |
5080 | } else { |
5081 | g_free(pms.data); |
5082 | } |
5083 | return false0; |
5084 | } |
5085 | |
5086 | ssl_session->pre_master_secret.data = (uint8_t *)wmem_memdup(wmem_file_scope(), pms.data, 48); |
5087 | ssl_session->pre_master_secret.data_len = 48; |
5088 | if (pk) { |
5089 | gnutls_free(pms.data); |
5090 | } else { |
5091 | g_free(pms.data); |
5092 | } |
5093 | ssl_print_string("pre master secret", &ssl_session->pre_master_secret); |
5094 | |
5095 | /* Remove the master secret if it was there. |
5096 | This forces keying material regeneration in |
5097 | case we're renegotiating */ |
5098 | ssl_session->state &= ~(SSL_MASTER_SECRET(1<<5)|SSL_HAVE_SESSION_KEY(1<<3)); |
5099 | ssl_session->state |= SSL_PRE_MASTER_SECRET(1<<6); |
5100 | return true1; |
5101 | } /* }}} */ |
5102 | #endif /* HAVE_LIBGNUTLS */ |
5103 | |
5104 | /* Decryption integrity check {{{ */ |
5105 | |
5106 | static int |
5107 | tls_check_mac(SslDecoder*decoder, int ct, int ver, uint8_t* data, |
5108 | uint32_t datalen, uint8_t* mac) |
5109 | { |
5110 | SSL_HMACgcry_md_hd_t hm; |
5111 | int md; |
5112 | uint32_t len; |
5113 | uint8_t buf[DIGEST_MAX_SIZE48]; |
5114 | int16_t temp; |
5115 | |
5116 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); |
5117 | ssl_debug_printf("tls_check_mac mac type:%s md %d\n", |
5118 | ssl_cipher_suite_dig(decoder->cipher_suite)->name, md); |
5119 | |
5120 | if (ssl_hmac_init(&hm,md) != 0) |
5121 | return -1; |
5122 | if (ssl_hmac_setkey(&hm,decoder->mac_key.data,decoder->mac_key.data_len) != 0) |
5123 | return -1; |
5124 | |
5125 | /* hash sequence number */ |
5126 | phton64(buf, decoder->seq); |
5127 | |
5128 | decoder->seq++; |
5129 | |
5130 | ssl_hmac_update(&hm,buf,8); |
5131 | |
5132 | /* hash content type */ |
5133 | buf[0]=ct; |
5134 | ssl_hmac_update(&hm,buf,1); |
5135 | |
5136 | /* hash version,data length and data*/ |
5137 | /* *((int16_t*)buf) = g_htons(ver); */ |
5138 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); |
5139 | memcpy(buf, &temp, 2); |
5140 | ssl_hmac_update(&hm,buf,2); |
5141 | |
5142 | /* *((int16_t*)buf) = g_htons(datalen); */ |
5143 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); |
5144 | memcpy(buf, &temp, 2); |
5145 | ssl_hmac_update(&hm,buf,2); |
5146 | ssl_hmac_update(&hm,data,datalen); |
5147 | |
5148 | /* get digest and digest len*/ |
5149 | len = sizeof(buf); |
5150 | ssl_hmac_final(&hm,buf,&len); |
5151 | ssl_hmac_cleanup(&hm); |
5152 | ssl_print_data("Mac", buf, len); |
5153 | if(memcmp(mac,buf,len)) |
5154 | return -1; |
5155 | |
5156 | return 0; |
5157 | } |
5158 | |
5159 | static int |
5160 | ssl3_check_mac(SslDecoder*decoder,int ct,uint8_t* data, |
5161 | uint32_t datalen, uint8_t* mac) |
5162 | { |
5163 | SSL_MDgcry_md_hd_t mc; |
5164 | int md; |
5165 | uint32_t len; |
5166 | uint8_t buf[64],dgst[20]; |
5167 | int pad_ct; |
5168 | int16_t temp; |
5169 | |
5170 | pad_ct=(decoder->cipher_suite->dig==DIG_SHA0x41)?40:48; |
5171 | |
5172 | /* get cipher used for digest computation */ |
5173 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); |
5174 | if (ssl_md_init(&mc,md) !=0) |
5175 | return -1; |
5176 | |
5177 | /* do hash computation on data && padding */ |
5178 | ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len); |
5179 | |
5180 | /* hash padding*/ |
5181 | memset(buf,0x36,pad_ct); |
5182 | ssl_md_update(&mc,buf,pad_ct); |
5183 | |
5184 | /* hash sequence number */ |
5185 | phton64(buf, decoder->seq); |
5186 | decoder->seq++; |
5187 | ssl_md_update(&mc,buf,8); |
5188 | |
5189 | /* hash content type */ |
5190 | buf[0]=ct; |
5191 | ssl_md_update(&mc,buf,1); |
5192 | |
5193 | /* hash data length in network byte order and data*/ |
5194 | /* *((int16_t* )buf) = g_htons(datalen); */ |
5195 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); |
5196 | memcpy(buf, &temp, 2); |
5197 | ssl_md_update(&mc,buf,2); |
5198 | ssl_md_update(&mc,data,datalen); |
5199 | |
5200 | /* get partial digest */ |
5201 | ssl_md_final(&mc,dgst,&len); |
5202 | ssl_md_reset(&mc); |
5203 | |
5204 | /* hash mac key */ |
5205 | ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len); |
5206 | |
5207 | /* hash padding and partial digest*/ |
5208 | memset(buf,0x5c,pad_ct); |
5209 | ssl_md_update(&mc,buf,pad_ct); |
5210 | ssl_md_update(&mc,dgst,len); |
5211 | |
5212 | ssl_md_final(&mc,dgst,&len); |
5213 | ssl_md_cleanup(&mc); |
5214 | |
5215 | if(memcmp(mac,dgst,len)) |
5216 | return -1; |
5217 | |
5218 | return 0; |
5219 | } |
5220 | |
5221 | static int |
5222 | dtls_check_mac(SslDecryptSession *ssl, SslDecoder*decoder, int ct, uint8_t* data, |
5223 | uint32_t datalen, uint8_t* mac, const unsigned char *cid, uint8_t cidl) |
5224 | { |
5225 | SSL_HMACgcry_md_hd_t hm; |
5226 | int md; |
5227 | uint32_t len; |
5228 | uint8_t buf[DIGEST_MAX_SIZE48]; |
5229 | int16_t temp; |
5230 | |
5231 | int ver = ssl->session.version; |
5232 | bool_Bool is_cid = ((ct == SSL_ID_TLS12_CID) && (ver == DTLSV1DOT2_VERSION0xfefd)); |
5233 | |
5234 | md=ssl_get_digest_by_name(ssl_cipher_suite_dig(decoder->cipher_suite)->name); |
5235 | ssl_debug_printf("dtls_check_mac mac type:%s md %d\n", |
5236 | ssl_cipher_suite_dig(decoder->cipher_suite)->name, md); |
5237 | |
5238 | if (ssl_hmac_init(&hm,md) != 0) |
5239 | return -1; |
5240 | if (ssl_hmac_setkey(&hm,decoder->mac_key.data,decoder->mac_key.data_len) != 0) |
5241 | return -1; |
5242 | |
5243 | ssl_debug_printf("dtls_check_mac seq: %" PRIu64"l" "u" " epoch: %d\n",decoder->seq,decoder->epoch); |
5244 | |
5245 | if (is_cid && !ssl->session.deprecated_cid) { |
5246 | /* hash seq num placeholder */ |
5247 | memset(buf,0xFF,8); |
5248 | ssl_hmac_update(&hm,buf,8); |
5249 | |
5250 | /* hash content type + cid length + content type */ |
5251 | buf[0]=ct; |
5252 | buf[1]=cidl; |
5253 | buf[2]=ct; |
5254 | ssl_hmac_update(&hm,buf,3); |
5255 | |
5256 | /* hash version */ |
5257 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); |
5258 | memcpy(buf, &temp, 2); |
5259 | ssl_hmac_update(&hm,buf,2); |
5260 | |
5261 | /* hash sequence number */ |
5262 | phton64(buf, decoder->seq); |
5263 | buf[0]=decoder->epoch>>8; |
5264 | buf[1]=(uint8_t)decoder->epoch; |
5265 | ssl_hmac_update(&hm,buf,8); |
5266 | |
5267 | /* hash cid */ |
5268 | ssl_hmac_update(&hm,cid,cidl); |
5269 | } else { |
5270 | /* hash sequence number */ |
5271 | phton64(buf, decoder->seq); |
5272 | buf[0]=decoder->epoch>>8; |
5273 | buf[1]=(uint8_t)decoder->epoch; |
5274 | ssl_hmac_update(&hm,buf,8); |
5275 | |
5276 | /* hash content type */ |
5277 | buf[0]=ct; |
5278 | ssl_hmac_update(&hm,buf,1); |
5279 | |
5280 | /* hash version */ |
5281 | temp = g_htons(ver)(((((guint16) ( (guint16) ((guint16) (ver) >> 8) | (guint16 ) ((guint16) (ver) << 8)))))); |
5282 | memcpy(buf, &temp, 2); |
5283 | ssl_hmac_update(&hm,buf,2); |
5284 | |
5285 | if (is_cid && ssl->session.deprecated_cid) { |
5286 | /* hash cid */ |
5287 | ssl_hmac_update(&hm,cid,cidl); |
5288 | |
5289 | /* hash cid length */ |
5290 | buf[0] = cidl; |
5291 | ssl_hmac_update(&hm,buf,1); |
5292 | } |
5293 | } |
5294 | |
5295 | /* data length and data */ |
5296 | temp = g_htons(datalen)(((((guint16) ( (guint16) ((guint16) (datalen) >> 8) | ( guint16) ((guint16) (datalen) << 8)))))); |
5297 | memcpy(buf, &temp, 2); |
5298 | ssl_hmac_update(&hm,buf,2); |
5299 | ssl_hmac_update(&hm,data,datalen); |
5300 | |
5301 | /* get digest and digest len */ |
5302 | len = sizeof(buf); |
5303 | ssl_hmac_final(&hm,buf,&len); |
5304 | ssl_hmac_cleanup(&hm); |
5305 | ssl_print_data("Mac", buf, len); |
5306 | if(memcmp(mac,buf,len)) |
5307 | return -1; |
5308 | |
5309 | return 0; |
5310 | } |
5311 | /* Decryption integrity check }}} */ |
5312 | |
5313 | |
5314 | static bool_Bool |
5315 | tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder, |
5316 | uint8_t ct, uint16_t record_version, |
5317 | bool_Bool ignore_mac_failed, |
5318 | const unsigned char *in, uint16_t inl, |
5319 | const unsigned char *cid, uint8_t cidl, |
5320 | StringInfo *out_str, unsigned *outl) |
5321 | { |
5322 | /* RFC 5246 (TLS 1.2) 6.2.3.3 defines the TLSCipherText.fragment as: |
5323 | * GenericAEADCipher: { nonce_explicit, [content] } |
5324 | * In TLS 1.3 this explicit nonce is gone. |
5325 | * With AES GCM/CCM, "[content]" is actually the concatenation of the |
5326 | * ciphertext and authentication tag. |
5327 | */ |
5328 | const uint16_t version = ssl->session.version; |
5329 | const bool_Bool is_v12 = version == TLSV1DOT2_VERSION0x303 || version == DTLSV1DOT2_VERSION0xfefd || version == TLCPV1_VERSION0x101; |
5330 | gcry_error_t err; |
5331 | const unsigned char *explicit_nonce = NULL((void*)0), *ciphertext; |
5332 | unsigned ciphertext_len, auth_tag_len; |
5333 | unsigned char nonce[12]; |
5334 | const ssl_cipher_mode_t cipher_mode = decoder->cipher_suite->mode; |
5335 | const bool_Bool is_cid = ct == SSL_ID_TLS12_CID && version == DTLSV1DOT2_VERSION0xfefd; |
5336 | const uint8_t draft_version = ssl->session.tls13_draft_version; |
5337 | const unsigned char *auth_tag_wire; |
5338 | unsigned char auth_tag_calc[16]; |
5339 | unsigned char *aad = NULL((void*)0); |
5340 | unsigned aad_len = 0; |
5341 | |
5342 | switch (cipher_mode) { |
5343 | case MODE_GCM: |
5344 | case MODE_CCM: |
5345 | case MODE_POLY1305: |
5346 | auth_tag_len = 16; |
5347 | break; |
5348 | case MODE_CCM_8: |
5349 | auth_tag_len = 8; |
5350 | break; |
5351 | default: |
5352 | ssl_debug_printf("%s unsupported cipher!\n", G_STRFUNC((const char*) (__func__))); |
5353 | return false0; |
5354 | } |
5355 | |
5356 | /* Parse input into explicit nonce (TLS 1.2 only), ciphertext and tag. */ |
5357 | if (is_v12 && cipher_mode != MODE_POLY1305) { |
5358 | if (inl < EXPLICIT_NONCE_LEN8 + auth_tag_len) { |
5359 | ssl_debug_printf("%s input %d is too small for explicit nonce %d and auth tag %d\n", |
5360 | G_STRFUNC((const char*) (__func__)), inl, EXPLICIT_NONCE_LEN8, auth_tag_len); |
5361 | return false0; |
5362 | } |
5363 | explicit_nonce = in; |
5364 | ciphertext = explicit_nonce + EXPLICIT_NONCE_LEN8; |
5365 | ciphertext_len = inl - EXPLICIT_NONCE_LEN8 - auth_tag_len; |
5366 | } else if (version == TLSV1DOT3_VERSION0x304 || version == DTLSV1DOT3_VERSION0xfefc || cipher_mode == MODE_POLY1305) { |
5367 | if (inl < auth_tag_len) { |
5368 | ssl_debug_printf("%s input %d has no space for auth tag %d\n", G_STRFUNC((const char*) (__func__)), inl, auth_tag_len); |
5369 | return false0; |
5370 | } |
5371 | ciphertext = in; |
5372 | ciphertext_len = inl - auth_tag_len; |
5373 | } else { |
5374 | ssl_debug_printf("%s Unexpected TLS version %#x\n", G_STRFUNC((const char*) (__func__)), version); |
5375 | return false0; |
5376 | } |
5377 | auth_tag_wire = ciphertext + ciphertext_len; |
5378 | |
5379 | /* |
5380 | * Nonce construction is version-specific. Note that AEAD_CHACHA20_POLY1305 |
5381 | * (RFC 7905) uses a nonce construction similar to TLS 1.3. |
5382 | */ |
5383 | if (is_v12 && cipher_mode != MODE_POLY1305) { |
5384 | DISSECTOR_ASSERT(decoder->write_iv.data_len == IMPLICIT_NONCE_LEN)((void) ((decoder->write_iv.data_len == 4) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 5384, "decoder->write_iv.data_len == 4")))); |
5385 | /* Implicit (4) and explicit (8) part of nonce. */ |
5386 | memcpy(nonce, decoder->write_iv.data, IMPLICIT_NONCE_LEN4); |
5387 | memcpy(nonce + IMPLICIT_NONCE_LEN4, explicit_nonce, EXPLICIT_NONCE_LEN8); |
5388 | |
5389 | } else if (version == TLSV1DOT3_VERSION0x304 || version == DTLSV1DOT3_VERSION0xfefc || cipher_mode == MODE_POLY1305) { |
5390 | /* |
5391 | * Technically the nonce length must be at least 8 bytes, but for |
5392 | * AES-GCM, AES-CCM and Poly1305-ChaCha20 the nonce length is exact 12. |
5393 | */ |
5394 | const unsigned nonce_len = 12; |
5395 | DISSECTOR_ASSERT(decoder->write_iv.data_len == nonce_len)((void) ((decoder->write_iv.data_len == nonce_len) ? (void )0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 5395, "decoder->write_iv.data_len == nonce_len" )))); |
5396 | memcpy(nonce, decoder->write_iv.data, decoder->write_iv.data_len); |
5397 | /* Sequence number is left-padded with zeroes and XORed with write_iv */ |
5398 | phton64(nonce + nonce_len - 8, pntoh64(nonce + nonce_len - 8) ^ decoder->seq); |
5399 | ssl_debug_printf("%s seq %" PRIu64"l" "u" "\n", G_STRFUNC((const char*) (__func__)), decoder->seq); |
5400 | } |
5401 | |
5402 | /* Set nonce and additional authentication data */ |
5403 | gcry_cipher_reset(decoder->evp)gcry_cipher_ctl ((decoder->evp), GCRYCTL_RESET, ((void*)0) , 0); |
5404 | ssl_print_data("nonce", nonce, 12); |
5405 | err = gcry_cipher_setiv(decoder->evp, nonce, 12); |
5406 | if (err) { |
5407 | ssl_debug_printf("%s failed to set nonce: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); |
5408 | return false0; |
5409 | } |
5410 | |
5411 | /* (D)TLS 1.2 needs specific AAD, TLS 1.3 (before -25) uses empty AAD. */ |
5412 | if (is_cid) { /* if connection ID */ |
5413 | if (ssl->session.deprecated_cid) { |
5414 | aad_len = 14 + cidl; |
5415 | aad = wmem_alloc(wmem_packet_scope(), aad_len); |
5416 | phton64(aad, decoder->seq); /* record sequence number */ |
5417 | phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ |
5418 | aad[8] = ct; /* TLSCompressed.type */ |
5419 | phton16(aad + 9, record_version); /* TLSCompressed.version */ |
5420 | memcpy(aad + 11, cid, cidl); /* cid */ |
5421 | aad[11 + cidl] = cidl; /* cid_length */ |
5422 | phton16(aad + 12 + cidl, ciphertext_len); /* TLSCompressed.length */ |
5423 | } else { |
5424 | aad_len = 23 + cidl; |
5425 | aad = wmem_alloc(wmem_packet_scope(), aad_len); |
5426 | memset(aad, 0xFF, 8); /* seq_num_placeholder */ |
5427 | aad[8] = ct; /* TLSCompressed.type */ |
5428 | aad[9] = cidl; /* cid_length */ |
5429 | aad[10] = ct; /* TLSCompressed.type */ |
5430 | phton16(aad + 11, record_version); /* TLSCompressed.version */ |
5431 | phton64(aad + 13, decoder->seq); /* record sequence number */ |
5432 | phton16(aad + 13, decoder->epoch); /* DTLS 1.2 includes epoch. */ |
5433 | memcpy(aad + 21, cid, cidl); /* cid */ |
5434 | phton16(aad + 21 + cidl, ciphertext_len); /* TLSCompressed.length */ |
5435 | } |
5436 | } else if (is_v12) { |
5437 | aad_len = 13; |
5438 | aad = wmem_alloc(wmem_packet_scope(), aad_len); |
5439 | phton64(aad, decoder->seq); /* record sequence number */ |
5440 | if (version == DTLSV1DOT2_VERSION0xfefd) { |
5441 | phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ |
5442 | } |
5443 | aad[8] = ct; /* TLSCompressed.type */ |
5444 | phton16(aad + 9, record_version); /* TLSCompressed.version */ |
5445 | phton16(aad + 11, ciphertext_len); /* TLSCompressed.length */ |
5446 | } else if (version == DTLSV1DOT3_VERSION0xfefc) { |
5447 | aad_len = decoder->dtls13_aad.data_len; |
5448 | aad = decoder->dtls13_aad.data; |
5449 | } else if (draft_version >= 25 || draft_version == 0) { |
5450 | aad_len = 5; |
5451 | aad = wmem_alloc(wmem_packet_scope(), aad_len); |
5452 | aad[0] = ct; /* TLSCiphertext.opaque_type (23) */ |
5453 | phton16(aad + 1, record_version); /* TLSCiphertext.legacy_record_version (0x0303) */ |
5454 | phton16(aad + 3, inl); /* TLSCiphertext.length */ |
5455 | } |
5456 | |
5457 | if (decoder->cipher_suite->mode == MODE_CCM || decoder->cipher_suite->mode == MODE_CCM_8) { |
5458 | /* size of plaintext, additional authenticated data and auth tag. */ |
5459 | uint64_t lengths[3] = { ciphertext_len, aad_len, auth_tag_len }; |
5460 | |
5461 | gcry_cipher_ctl(decoder->evp, GCRYCTL_SET_CCM_LENGTHS, lengths, sizeof(lengths)); |
5462 | } |
5463 | |
5464 | if (aad && aad_len > 0) { |
5465 | ssl_print_data("AAD", aad, aad_len); |
5466 | err = gcry_cipher_authenticate(decoder->evp, aad, aad_len); |
5467 | if (err) { |
5468 | ssl_debug_printf("%s failed to set AAD: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); |
5469 | return false0; |
5470 | } |
5471 | } |
5472 | |
5473 | /* Decrypt now that nonce and AAD are set. */ |
5474 | err = gcry_cipher_decrypt(decoder->evp, out_str->data, out_str->data_len, ciphertext, ciphertext_len); |
5475 | if (err) { |
5476 | ssl_debug_printf("%s decrypt failed: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); |
5477 | return false0; |
5478 | } |
5479 | |
5480 | /* Check authentication tag for authenticity (replaces MAC) */ |
5481 | err = gcry_cipher_gettag(decoder->evp, auth_tag_calc, auth_tag_len); |
5482 | if (err == 0 && !memcmp(auth_tag_calc, auth_tag_wire, auth_tag_len)) { |
5483 | ssl_print_data("auth_tag(OK)", auth_tag_calc, auth_tag_len); |
5484 | } else { |
5485 | if (err) { |
5486 | ssl_debug_printf("%s cannot obtain tag: %s\n", G_STRFUNC((const char*) (__func__)), gcry_strerror(err)); |
5487 | } else { |
5488 | ssl_debug_printf("%s auth tag mismatch\n", G_STRFUNC((const char*) (__func__))); |
5489 | ssl_print_data("auth_tag(expect)", auth_tag_calc, auth_tag_len); |
5490 | ssl_print_data("auth_tag(actual)", auth_tag_wire, auth_tag_len); |
5491 | } |
5492 | if (ignore_mac_failed) { |
5493 | ssl_debug_printf("%s: auth check failed, but ignored for troubleshooting ;-)\n", G_STRFUNC((const char*) (__func__))); |
5494 | } else { |
5495 | return false0; |
5496 | } |
5497 | } |
5498 | |
5499 | /* |
5500 | * Increment the (implicit) sequence number for TLS 1.2/1.3 and TLCP 1.1. This is done |
5501 | * after successful authentication to ensure that early data is skipped when |
5502 | * CLIENT_EARLY_TRAFFIC_SECRET keys are unavailable. |
5503 | */ |
5504 | if (version == TLSV1DOT2_VERSION0x303 || version == TLSV1DOT3_VERSION0x304 || version == TLCPV1_VERSION0x101) { |
5505 | decoder->seq++; |
5506 | } |
5507 | |
5508 | ssl_print_data("Plaintext", out_str->data, ciphertext_len); |
5509 | *outl = ciphertext_len; |
5510 | return true1; |
5511 | } |
5512 | |
5513 | /* Record decryption glue based on security parameters {{{ */ |
5514 | /* Assume that we are called only for a non-NULL decoder which also means that |
5515 | * we have a non-NULL decoder->cipher_suite. */ |
5516 | int |
5517 | ssl_decrypt_record(SslDecryptSession *ssl, SslDecoder *decoder, uint8_t ct, uint16_t record_version, |
5518 | bool_Bool ignore_mac_failed, |
5519 | const unsigned char *in, uint16_t inl, const unsigned char *cid, uint8_t cidl, |
5520 | StringInfo *comp_str, StringInfo *out_str, unsigned *outl) |
5521 | { |
5522 | unsigned pad, worklen, uncomplen, maclen, mac_fraglen = 0; |
5523 | uint8_t *mac = NULL((void*)0), *mac_frag = NULL((void*)0); |
5524 | |
5525 | ssl_debug_printf("ssl_decrypt_record ciphertext len %d\n", inl); |
5526 | ssl_print_data("Ciphertext",in, inl); |
5527 | |
5528 | if (((ssl->session.version == TLSV1DOT3_VERSION0x304 || ssl->session.version == DTLSV1DOT3_VERSION0xfefc)) |
5529 | != (decoder->cipher_suite->kex == KEX_TLS130x23)) { |
5530 | ssl_debug_printf("%s Invalid cipher suite for the protocol version!\n", G_STRFUNC((const char*) (__func__))); |
5531 | return -1; |
5532 | } |
5533 | |
5534 | /* ensure we have enough storage space for decrypted data */ |
5535 | if (inl > out_str->data_len) |
5536 | { |
5537 | ssl_debug_printf("ssl_decrypt_record: allocating %d bytes for decrypt data (old len %d)\n", |
5538 | inl + 32, out_str->data_len); |
5539 | ssl_data_realloc(out_str, inl + 32); |
5540 | } |
5541 | |
5542 | /* AEAD ciphers (GenericAEADCipher in TLS 1.2; TLS 1.3) have no padding nor |
5543 | * a separate MAC, so use a different routine for simplicity. */ |
5544 | if (decoder->cipher_suite->mode == MODE_GCM || |
5545 | decoder->cipher_suite->mode == MODE_CCM || |
5546 | decoder->cipher_suite->mode == MODE_CCM_8 || |
5547 | decoder->cipher_suite->mode == MODE_POLY1305 || |
5548 | ssl->session.version == TLSV1DOT3_VERSION0x304 || |
5549 | ssl->session.version == DTLSV1DOT3_VERSION0xfefc) { |
5550 | |
5551 | if (!tls_decrypt_aead_record(ssl, decoder, ct, record_version, ignore_mac_failed, in, inl, cid, cidl, out_str, &worklen)) { |
5552 | /* decryption failed */ |
5553 | return -1; |
5554 | } |
5555 | |
5556 | goto skip_mac; |
5557 | } |
5558 | |
5559 | /* RFC 6101/2246: SSLCipherText/TLSCipherText has two structures for types: |
5560 | * (notation: { unencrypted, [ encrypted ] }) |
5561 | * GenericStreamCipher: { [content, mac] } |
5562 | * GenericBlockCipher: { IV (TLS 1.1+), [content, mac, padding, padding_len] } |
5563 | * RFC 5426 (TLS 1.2): TLSCipherText has additionally: |
5564 | * GenericAEADCipher: { nonce_explicit, [content] } |
5565 | * RFC 4347 (DTLS): based on TLS 1.1, only GenericBlockCipher is supported. |
5566 | * RFC 6347 (DTLS 1.2): based on TLS 1.2, includes GenericAEADCipher too. |
5567 | */ |
5568 | |
5569 | maclen = ssl_cipher_suite_dig(decoder->cipher_suite)->len; |
5570 | |
5571 | /* (TLS 1.1 and later, DTLS) Extract explicit IV for GenericBlockCipher */ |
5572 | if (decoder->cipher_suite->mode == MODE_CBC) { |
5573 | unsigned blocksize = 0; |
5574 | |
5575 | switch (ssl->session.version) { |
5576 | case TLSV1DOT1_VERSION0x302: |
5577 | case TLSV1DOT2_VERSION0x303: |
5578 | case DTLSV1DOT0_VERSION0xfeff: |
5579 | case DTLSV1DOT2_VERSION0xfefd: |
5580 | case DTLSV1DOT3_VERSION0xfefc: |
5581 | case DTLSV1DOT0_OPENSSL_VERSION0x100: |
5582 | case TLCPV1_VERSION0x101: |
5583 | blocksize = ssl_get_cipher_blocksize(decoder->cipher_suite); |
5584 | if (inl < blocksize) { |
5585 | ssl_debug_printf("ssl_decrypt_record failed: input %d has no space for IV %d\n", |
5586 | inl, blocksize); |
5587 | return -1; |
5588 | } |
5589 | pad = gcry_cipher_setiv(decoder->evp, in, blocksize); |
5590 | if (pad != 0) { |
5591 | ssl_debug_printf("ssl_decrypt_record failed: failed to set IV: %s %s\n", |
5592 | gcry_strsource (pad), gcry_strerror (pad)); |
5593 | } |
5594 | |
5595 | inl -= blocksize; |
5596 | in += blocksize; |
5597 | break; |
5598 | } |
5599 | |
5600 | /* Encrypt-then-MAC for (D)TLS (RFC 7366) */ |
5601 | if (ssl->state & SSL_ENCRYPT_THEN_MAC(1<<11)) { |
5602 | /* |
5603 | * MAC is calculated over (IV + ) ENCRYPTED contents: |
5604 | * |
5605 | * MAC(MAC_write_key, ... + |
5606 | * IV + // for TLS 1.1 or greater |
5607 | * TLSCiphertext.enc_content); |
5608 | */ |
5609 | if (inl < maclen) { |
5610 | ssl_debug_printf("%s failed: input %d has no space for MAC %d\n", |
5611 | G_STRFUNC((const char*) (__func__)), inl, maclen); |
5612 | return -1; |
5613 | } |
5614 | inl -= maclen; |
5615 | mac = (uint8_t *)in + inl; |
5616 | mac_frag = (uint8_t *)in - blocksize; |
5617 | mac_fraglen = blocksize + inl; |
5618 | } |
5619 | } |
5620 | |
5621 | /* First decrypt*/ |
5622 | if ((pad = ssl_cipher_decrypt(&decoder->evp, out_str->data, out_str->data_len, in, inl)) != 0) { |
5623 | ssl_debug_printf("ssl_decrypt_record failed: ssl_cipher_decrypt: %s %s\n", gcry_strsource (pad), |
5624 | gcry_strerror (pad)); |
5625 | return -1; |
5626 | } |
5627 | |
5628 | ssl_print_data("Plaintext", out_str->data, inl); |
5629 | worklen=inl; |
5630 | |
5631 | |
5632 | /* strip padding for GenericBlockCipher */ |
5633 | if (decoder->cipher_suite->mode == MODE_CBC) { |
5634 | if (inl < 1) { /* Should this check happen earlier? */ |
5635 | ssl_debug_printf("ssl_decrypt_record failed: input length %d too small\n", inl); |
5636 | return -1; |
5637 | } |
5638 | pad=out_str->data[inl-1]; |
5639 | if (worklen <= pad) { |
5640 | ssl_debug_printf("ssl_decrypt_record failed: padding %d too large for work %d\n", |
5641 | pad, worklen); |
5642 | return -1; |
5643 | } |
5644 | worklen-=(pad+1); |
5645 | ssl_debug_printf("ssl_decrypt_record found padding %d final len %d\n", |
5646 | pad, worklen); |
5647 | } |
5648 | |
5649 | /* MAC for GenericStreamCipher and GenericBlockCipher. |
5650 | * (normal case without Encrypt-then-MAC (RFC 7366) extension. */ |
5651 | if (!mac) { |
5652 | /* |
5653 | * MAC is calculated over the DECRYPTED contents: |
5654 | * |
5655 | * MAC(MAC_write_key, ... + TLSCompressed.fragment); |
5656 | */ |
5657 | if (worklen < maclen) { |
5658 | ssl_debug_printf("%s wrong record len/padding outlen %d\n work %d\n", G_STRFUNC((const char*) (__func__)), *outl, worklen); |
5659 | return -1; |
5660 | } |
5661 | worklen -= maclen; |
5662 | mac = out_str->data + worklen; |
5663 | mac_frag = out_str->data; |
5664 | mac_fraglen = worklen; |
5665 | } |
5666 | |
5667 | /* If NULL encryption active and no keys are available, do not bother |
5668 | * checking the MAC. We do not have keys for that. */ |
5669 | if (decoder->cipher_suite->mode == MODE_STREAM && |
5670 | decoder->cipher_suite->enc == ENC_NULL0x3D && |
5671 | !(ssl->state & SSL_MASTER_SECRET(1<<5))) { |
5672 | ssl_debug_printf("MAC check skipped due to missing keys\n"); |
5673 | goto skip_mac; |
5674 | } |
5675 | |
5676 | /* Now check the MAC */ |
5677 | ssl_debug_printf("checking mac (len %d, version %X, ct %d seq %" PRIu64"l" "u" ")\n", |
5678 | worklen, ssl->session.version, ct, decoder->seq); |
5679 | if(ssl->session.version==SSLV3_VERSION0x300){ |
5680 | if(ssl3_check_mac(decoder,ct,mac_frag,mac_fraglen,mac) < 0) { |
5681 | if(ignore_mac_failed) { |
5682 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); |
5683 | } |
5684 | else{ |
5685 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); |
5686 | return -1; |
5687 | } |
5688 | } |
5689 | else{ |
5690 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); |
5691 | } |
5692 | } |
5693 | else if(ssl->session.version==TLSV1_VERSION0x301 || ssl->session.version==TLSV1DOT1_VERSION0x302 || ssl->session.version==TLSV1DOT2_VERSION0x303 || ssl->session.version==TLCPV1_VERSION0x101){ |
5694 | if(tls_check_mac(decoder,ct,ssl->session.version,mac_frag,mac_fraglen,mac)< 0) { |
5695 | if(ignore_mac_failed) { |
5696 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); |
5697 | } |
5698 | else{ |
5699 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); |
5700 | return -1; |
5701 | } |
5702 | } |
5703 | else{ |
5704 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); |
5705 | } |
5706 | } |
5707 | else if(ssl->session.version==DTLSV1DOT0_VERSION0xfeff || |
5708 | ssl->session.version==DTLSV1DOT2_VERSION0xfefd || |
5709 | ssl->session.version==DTLSV1DOT0_OPENSSL_VERSION0x100){ |
5710 | /* Try rfc-compliant mac first, and if failed, try old openssl's non-rfc-compliant mac */ |
5711 | if(dtls_check_mac(ssl,decoder,ct,mac_frag,mac_fraglen,mac,cid,cidl)>= 0) { |
5712 | ssl_debug_printf("ssl_decrypt_record: mac ok\n"); |
5713 | } |
5714 | else if(tls_check_mac(decoder,ct,TLSV1_VERSION0x301,mac_frag,mac_fraglen,mac)>= 0) { |
5715 | ssl_debug_printf("ssl_decrypt_record: dtls rfc-compliant mac failed, but old openssl's non-rfc-compliant mac ok\n"); |
5716 | } |
5717 | else if(ignore_mac_failed) { |
5718 | ssl_debug_printf("ssl_decrypt_record: mac failed, but ignored for troubleshooting ;-)\n"); |
5719 | } |
5720 | else{ |
5721 | ssl_debug_printf("ssl_decrypt_record: mac failed\n"); |
5722 | return -1; |
5723 | } |
5724 | } |
5725 | skip_mac: |
5726 | |
5727 | *outl = worklen; |
5728 | |
5729 | if (decoder->compression > 0) { |
5730 | ssl_debug_printf("ssl_decrypt_record: compression method %d\n", decoder->compression); |
5731 | ssl_data_copy(comp_str, out_str); |
5732 | ssl_print_data("Plaintext compressed", comp_str->data, worklen); |
5733 | if (!decoder->decomp) { |
5734 | ssl_debug_printf("decrypt_ssl3_record: no decoder available\n"); |
5735 | return -1; |
5736 | } |
5737 | if (ssl_decompress_record(decoder->decomp, comp_str->data, worklen, out_str, &uncomplen) < 0) return -1; |
5738 | ssl_print_data("Plaintext uncompressed", out_str->data, uncomplen); |
5739 | *outl = uncomplen; |
5740 | } |
5741 | |
5742 | return 0; |
5743 | } |
5744 | /* Record decryption glue based on security parameters }}} */ |
5745 | |
5746 | |
5747 | |
5748 | #ifdef HAVE_LIBGNUTLS1 |
5749 | |
5750 | /* RSA private key file processing {{{ */ |
5751 | static void |
5752 | ssl_find_private_key_by_pubkey(SslDecryptSession *ssl, |
5753 | gnutls_datum_t *subjectPublicKeyInfo) |
5754 | { |
5755 | gnutls_pubkey_t pubkey = NULL((void*)0); |
5756 | cert_key_id_t key_id; |
5757 | size_t key_id_len = sizeof(key_id); |
5758 | int r; |
5759 | |
5760 | if (!subjectPublicKeyInfo->size) { |
5761 | ssl_debug_printf("%s: could not find SubjectPublicKeyInfo\n", G_STRFUNC((const char*) (__func__))); |
5762 | return; |
5763 | } |
5764 | |
5765 | r = gnutls_pubkey_init(&pubkey); |
5766 | if (r < 0) { |
5767 | ssl_debug_printf("%s: failed to init pubkey: %s\n", |
5768 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); |
5769 | return; |
5770 | } |
5771 | |
5772 | r = gnutls_pubkey_import(pubkey, subjectPublicKeyInfo, GNUTLS_X509_FMT_DER); |
5773 | if (r < 0) { |
5774 | ssl_debug_printf("%s: failed to import pubkey from handshake: %s\n", |
5775 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); |
5776 | goto end; |
5777 | } |
5778 | |
5779 | if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL((void*)0)) != GNUTLS_PK_RSA) { |
5780 | ssl_debug_printf("%s: Not a RSA public key - ignoring.\n", G_STRFUNC((const char*) (__func__))); |
5781 | goto end; |
5782 | } |
5783 | |
5784 | /* Generate a 20-byte SHA-1 hash. */ |
5785 | r = gnutls_pubkey_get_key_id(pubkey, 0, key_id.key_id, &key_id_len); |
5786 | if (r < 0) { |
5787 | ssl_debug_printf("%s: failed to extract key id from pubkey: %s\n", |
5788 | G_STRFUNC((const char*) (__func__)), gnutls_strerror(r)); |
5789 | goto end; |
5790 | } |
5791 | |
5792 | if (key_id_len != sizeof(key_id)) { |
5793 | ssl_debug_printf("%s: expected Key ID size %zu, got %zu\n", |
5794 | G_STRFUNC((const char*) (__func__)), sizeof(key_id), key_id_len); |
5795 | goto end; |
5796 | } |
5797 | |
5798 | ssl_print_data("Certificate.KeyID", key_id.key_id, key_id_len); |
5799 | ssl->cert_key_id = wmem_new(wmem_file_scope(), cert_key_id_t)((cert_key_id_t*)wmem_alloc((wmem_file_scope()), sizeof(cert_key_id_t ))); |
5800 | *ssl->cert_key_id = key_id; |
5801 | |
5802 | end: |
5803 | gnutls_pubkey_deinit(pubkey); |
5804 | } |
5805 | |
5806 | /* RSA private key file processing }}} */ |
5807 | #endif /* HAVE_LIBGNUTLS */ |
5808 | |
5809 | /*--- Start of dissector-related code below ---*/ |
5810 | |
5811 | /* get ssl data for this session. if no ssl data is found allocate a new one*/ |
5812 | SslDecryptSession * |
5813 | ssl_get_session(conversation_t *conversation, dissector_handle_t tls_handle) |
5814 | { |
5815 | void *conv_data; |
5816 | SslDecryptSession *ssl_session; |
5817 | int proto_ssl; |
5818 | |
5819 | proto_ssl = dissector_handle_get_protocol_index(tls_handle); |
5820 | conv_data = conversation_get_proto_data(conversation, proto_ssl); |
5821 | if (conv_data != NULL((void*)0)) |
5822 | return (SslDecryptSession *)conv_data; |
5823 | |
5824 | /* no previous SSL conversation info, initialize it. */ |
5825 | ssl_session = wmem_new0(wmem_file_scope(), SslDecryptSession)((SslDecryptSession*)wmem_alloc0((wmem_file_scope()), sizeof( SslDecryptSession))); |
5826 | |
5827 | /* data_len is the part that is meaningful, not the allocated length */ |
5828 | ssl_session->master_secret.data_len = 0; |
5829 | ssl_session->master_secret.data = ssl_session->_master_secret; |
5830 | ssl_session->session_id.data_len = 0; |
5831 | ssl_session->session_id.data = ssl_session->_session_id; |
5832 | ssl_session->client_random.data_len = 0; |
5833 | ssl_session->client_random.data = ssl_session->_client_random; |
5834 | ssl_session->server_random.data_len = 0; |
5835 | ssl_session->server_random.data = ssl_session->_server_random; |
5836 | ssl_session->session_ticket.data_len = 0; |
5837 | ssl_session->session_ticket.data = NULL((void*)0); /* will be re-alloced as needed */ |
5838 | ssl_session->server_data_for_iv.data_len = 0; |
5839 | ssl_session->server_data_for_iv.data = ssl_session->_server_data_for_iv; |
5840 | ssl_session->client_data_for_iv.data_len = 0; |
5841 | ssl_session->client_data_for_iv.data = ssl_session->_client_data_for_iv; |
5842 | ssl_session->app_data_segment.data = NULL((void*)0); |
5843 | ssl_session->app_data_segment.data_len = 0; |
5844 | ssl_session->handshake_data.data=NULL((void*)0); |
5845 | ssl_session->handshake_data.data_len=0; |
5846 | |
5847 | /* Initialize parameters which are not necessary specific to decryption. */ |
5848 | ssl_session->session.version = SSL_VER_UNKNOWN0; |
5849 | clear_address(&ssl_session->session.srv_addr); |
5850 | ssl_session->session.srv_ptype = PT_NONE; |
5851 | ssl_session->session.srv_port = 0; |
5852 | ssl_session->session.dtls13_current_epoch[0] = ssl_session->session.dtls13_current_epoch[1] = 0; |
5853 | ssl_session->session.dtls13_next_seq_num[0] = ssl_session->session.dtls13_next_seq_num[1] = 0; |
5854 | |
5855 | conversation_add_proto_data(conversation, proto_ssl, ssl_session); |
5856 | return ssl_session; |
5857 | } |
5858 | |
5859 | void ssl_reset_session(SslSession *session, SslDecryptSession *ssl, bool_Bool is_client) |
5860 | { |
5861 | if (ssl) { |
5862 | /* Ensure that secrets are not restored using stale identifiers. Split |
5863 | * between client and server in case the packets somehow got out of order. */ |
5864 | int clear_flags = SSL_HAVE_SESSION_KEY(1<<3) | SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6); |
5865 | |
5866 | if (is_client) { |
5867 | clear_flags |= SSL_CLIENT_EXTENDED_MASTER_SECRET(1<<7); |
5868 | ssl->session_id.data_len = 0; |
5869 | ssl->session_ticket.data_len = 0; |
5870 | ssl->master_secret.data_len = 0; |
5871 | ssl->client_random.data_len = 0; |
5872 | ssl->has_early_data = false0; |
5873 | if (ssl->handshake_data.data_len > 0) { |
5874 | // The EMS handshake hash starts with at the Client Hello, |
5875 | // ensure that any messages before it are forgotten. |
5876 | wmem_free(wmem_file_scope(), ssl->handshake_data.data); |
5877 | ssl->handshake_data.data = NULL((void*)0); |
5878 | ssl->handshake_data.data_len = 0; |
5879 | } |
5880 | } else { |
5881 | clear_flags |= SSL_SERVER_EXTENDED_MASTER_SECRET(1<<8) | SSL_NEW_SESSION_TICKET(1<<10); |
5882 | ssl->server_random.data_len = 0; |
5883 | ssl->pre_master_secret.data_len = 0; |
5884 | #ifdef HAVE_LIBGNUTLS1 |
5885 | ssl->cert_key_id = NULL((void*)0); |
5886 | #endif |
5887 | ssl->psk.data_len = 0; |
5888 | } |
5889 | |
5890 | if (ssl->state & clear_flags) { |
5891 | ssl_debug_printf("%s detected renegotiation, clearing 0x%02x (%s side)\n", |
5892 | G_STRFUNC((const char*) (__func__)), ssl->state & clear_flags, is_client ? "client" : "server"); |
5893 | ssl->state &= ~clear_flags; |
5894 | } |
5895 | } |
5896 | |
5897 | /* These flags might be used for non-decryption purposes and may affect the |
5898 | * dissection, so reset them as well. */ |
5899 | if (is_client) { |
5900 | session->client_cert_type = 0; |
5901 | } else { |
5902 | session->compression = 0; |
5903 | session->server_cert_type = 0; |
5904 | /* session->is_session_resumed is already handled in the ServerHello dissection. */ |
5905 | } |
5906 | session->dtls13_next_seq_num[0] = session->dtls13_next_seq_num[1] = 0; |
5907 | session->dtls13_current_epoch[0] = session->dtls13_current_epoch[1] = 0; |
5908 | } |
5909 | |
5910 | void |
5911 | tls_set_appdata_dissector(dissector_handle_t tls_handle, packet_info *pinfo, |
5912 | dissector_handle_t app_handle) |
5913 | { |
5914 | conversation_t *conversation; |
5915 | SslSession *session; |
5916 | |
5917 | /* Ignore if the TLS or other dissector is disabled. */ |
5918 | if (!tls_handle || !app_handle) |
5919 | return; |
5920 | |
5921 | conversation = find_or_create_conversation(pinfo); |
5922 | session = &ssl_get_session(conversation, tls_handle)->session; |
5923 | session->app_handle = app_handle; |
5924 | } |
5925 | |
5926 | static uint32_t |
5927 | ssl_starttls(dissector_handle_t tls_handle, packet_info *pinfo, |
5928 | dissector_handle_t app_handle, uint32_t last_nontls_frame) |
5929 | { |
5930 | conversation_t *conversation; |
5931 | SslSession *session; |
5932 | |
5933 | /* Ignore if the TLS dissector is disabled. */ |
5934 | if (!tls_handle) |
5935 | return 0; |
5936 | /* The caller should always pass a valid handle to its own dissector. */ |
5937 | DISSECTOR_ASSERT(app_handle)((void) ((app_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 5937, "app_handle")))); |
5938 | |
5939 | conversation = find_or_create_conversation(pinfo); |
5940 | session = &ssl_get_session(conversation, tls_handle)->session; |
5941 | |
5942 | ssl_debug_printf("%s: old frame %d, app_handle=%p (%s)\n", G_STRFUNC((const char*) (__func__)), |
5943 | session->last_nontls_frame, |
5944 | (void *)session->app_handle, |
5945 | dissector_handle_get_dissector_name(session->app_handle)); |
5946 | ssl_debug_printf("%s: current frame %d, app_handle=%p (%s)\n", G_STRFUNC((const char*) (__func__)), |
5947 | pinfo->num, (void *)app_handle, |
5948 | dissector_handle_get_dissector_name(app_handle)); |
5949 | |
5950 | /* Do not switch again if a dissector did it before. */ |
5951 | if (session->last_nontls_frame) { |
5952 | ssl_debug_printf("%s: not overriding previous app handle!\n", G_STRFUNC((const char*) (__func__))); |
5953 | return session->last_nontls_frame; |
5954 | } |
5955 | |
5956 | session->app_handle = app_handle; |
5957 | /* The TLS dissector should be called first for this conversation. */ |
5958 | conversation_set_dissector(conversation, tls_handle); |
5959 | /* TLS starts after this frame. */ |
5960 | session->last_nontls_frame = last_nontls_frame; |
5961 | return 0; |
5962 | } |
5963 | |
5964 | /* ssl_starttls_ack: mark future frames as encrypted. */ |
5965 | uint32_t |
5966 | ssl_starttls_ack(dissector_handle_t tls_handle, packet_info *pinfo, |
5967 | dissector_handle_t app_handle) |
5968 | { |
5969 | return ssl_starttls(tls_handle, pinfo, app_handle, pinfo->num); |
5970 | } |
5971 | |
5972 | uint32_t |
5973 | ssl_starttls_post_ack(dissector_handle_t tls_handle, packet_info *pinfo, |
5974 | dissector_handle_t app_handle) |
5975 | { |
5976 | return ssl_starttls(tls_handle, pinfo, app_handle, pinfo->num - 1); |
5977 | } |
5978 | |
5979 | dissector_handle_t |
5980 | ssl_find_appdata_dissector(const char *name) |
5981 | { |
5982 | /* Accept 'http' for backwards compatibility and sanity. */ |
5983 | if (!strcmp(name, "http")) |
5984 | name = "http-over-tls"; |
5985 | return find_dissector(name); |
5986 | } |
5987 | |
5988 | /* Functions for TLS/DTLS sessions and RSA private keys hashtables. {{{ */ |
5989 | static int |
5990 | ssl_equal (const void *v, const void *v2) |
5991 | { |
5992 | const StringInfo *val1; |
5993 | const StringInfo *val2; |
5994 | val1 = (const StringInfo *)v; |
5995 | val2 = (const StringInfo *)v2; |
5996 | |
5997 | if (val1->data_len == val2->data_len && |
5998 | !memcmp(val1->data, val2->data, val2->data_len)) { |
5999 | return 1; |
6000 | } |
6001 | return 0; |
6002 | } |
6003 | |
6004 | static unsigned |
6005 | ssl_hash (const void *v) |
6006 | { |
6007 | unsigned l,hash; |
6008 | const StringInfo* id; |
6009 | const unsigned* cur; |
6010 | hash = 0; |
6011 | id = (const StringInfo*) v; |
6012 | |
6013 | /* id and id->data are mallocated in ssl_save_master_key(). As such 'data' |
6014 | * should be aligned for any kind of access (for example as a unsigned as |
6015 | * is done below). The intermediate void* cast is to prevent "cast |
6016 | * increases required alignment of target type" warnings on CPUs (such |
6017 | * as SPARCs) that do not allow misaligned memory accesses. |
6018 | */ |
6019 | cur = (const unsigned*)(void*) id->data; |
6020 | |
6021 | for (l=4; (l < id->data_len); l+=4, cur++) |
6022 | hash = hash ^ (*cur); |
6023 | |
6024 | return hash; |
6025 | } |
6026 | /* Functions for TLS/DTLS sessions and RSA private keys hashtables. }}} */ |
6027 | |
6028 | /* Handling of association between tls/dtls ports and clear text protocol. {{{ */ |
6029 | void |
6030 | ssl_association_add(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, unsigned port, bool_Bool tcp) |
6031 | { |
6032 | DISSECTOR_ASSERT(main_handle)((void) ((main_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6032, "main_handle")))); |
6033 | DISSECTOR_ASSERT(subdissector_handle)((void) ((subdissector_handle) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6033, "subdissector_handle")))); |
6034 | /* Registration is required for Export PDU feature to work properly. */ |
6035 | DISSECTOR_ASSERT_HINT(dissector_handle_get_dissector_name(subdissector_handle),((void) ((dissector_handle_get_dissector_name(subdissector_handle )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\" (%s)" , "epan/dissectors/packet-tls-utils.c", 6036, "dissector_handle_get_dissector_name(subdissector_handle)" , "SSL appdata dissectors must register with register_dissector()!" )))) |
6036 | "SSL appdata dissectors must register with register_dissector()!")((void) ((dissector_handle_get_dissector_name(subdissector_handle )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\" (%s)" , "epan/dissectors/packet-tls-utils.c", 6036, "dissector_handle_get_dissector_name(subdissector_handle)" , "SSL appdata dissectors must register with register_dissector()!" )))); |
6037 | ssl_debug_printf("association_add %s port %d handle %p\n", dissector_table_name, port, (void *)subdissector_handle); |
6038 | |
6039 | if (port) { |
6040 | dissector_add_uint(dissector_table_name, port, subdissector_handle); |
6041 | if (tcp) |
6042 | dissector_add_uint("tcp.port", port, main_handle); |
6043 | else |
6044 | dissector_add_uint("udp.port", port, main_handle); |
6045 | dissector_add_uint("sctp.port", port, main_handle); |
6046 | } else { |
6047 | dissector_add_for_decode_as(dissector_table_name, subdissector_handle); |
6048 | } |
6049 | } |
6050 | |
6051 | void |
6052 | ssl_association_remove(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, unsigned port, bool_Bool tcp) |
6053 | { |
6054 | ssl_debug_printf("ssl_association_remove removing %s %u - handle %p\n", |
6055 | tcp?"TCP":"UDP", port, (void *)subdissector_handle); |
6056 | if (main_handle) { |
6057 | dissector_delete_uint(tcp?"tcp.port":"udp.port", port, main_handle); |
6058 | dissector_delete_uint("sctp.port", port, main_handle); |
6059 | } |
6060 | |
6061 | if (port) { |
6062 | dissector_delete_uint(dissector_table_name, port, subdissector_handle); |
6063 | } |
6064 | } |
6065 | |
6066 | void |
6067 | ssl_set_server(SslSession *session, address *addr, port_type ptype, uint32_t port) |
6068 | { |
6069 | copy_address_wmem(wmem_file_scope(), &session->srv_addr, addr); |
6070 | session->srv_ptype = ptype; |
6071 | session->srv_port = port; |
6072 | } |
6073 | |
6074 | int |
6075 | ssl_packet_from_server(SslSession *session, dissector_table_t table, const packet_info *pinfo) |
6076 | { |
6077 | int ret; |
6078 | if (session && session->srv_addr.type != AT_NONE) { |
6079 | ret = (session->srv_ptype == pinfo->ptype) && |
6080 | (session->srv_port == pinfo->srcport) && |
6081 | addresses_equal(&session->srv_addr, &pinfo->src); |
6082 | } else { |
6083 | ret = (dissector_get_uint_handle(table, pinfo->srcport) != 0); |
6084 | } |
6085 | |
6086 | ssl_debug_printf("packet_from_server: is from server - %s\n", (ret)?"TRUE":"FALSE"); |
6087 | return ret; |
6088 | } |
6089 | /* Handling of association between tls/dtls ports and clear text protocol. }}} */ |
6090 | |
6091 | |
6092 | /* Links SSL records with the real packet data. {{{ */ |
6093 | SslPacketInfo * |
6094 | tls_add_packet_info(int proto, packet_info *pinfo, uint8_t curr_layer_num_ssl) |
6095 | { |
6096 | SslPacketInfo *pi = (SslPacketInfo *)p_get_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl); |
6097 | if (!pi) { |
6098 | pi = wmem_new0(wmem_file_scope(), SslPacketInfo)((SslPacketInfo*)wmem_alloc0((wmem_file_scope()), sizeof(SslPacketInfo ))); |
6099 | pi->srcport = pinfo->srcport; |
6100 | pi->destport = pinfo->destport; |
6101 | p_add_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl, pi); |
6102 | } |
6103 | |
6104 | return pi; |
6105 | } |
6106 | |
6107 | /** |
6108 | * Remembers the decrypted TLS record fragment (TLSInnerPlaintext in TLS 1.3) to |
6109 | * avoid the need for a decoder in the second pass. Additionally, it remembers |
6110 | * sequence numbers (for reassembly and Follow TLS Stream). |
6111 | * |
6112 | * @param proto The protocol identifier (proto_ssl or proto_dtls). |
6113 | * @param pinfo The packet where the record originates from. |
6114 | * @param data Decrypted data to store in the record. |
6115 | * @param data_len Length of decrypted record data. |
6116 | * @param record_id The identifier for this record within the current packet. |
6117 | * @param flow Information about sequence numbers, etc. |
6118 | * @param type TLS Content Type (such as handshake or application_data). |
6119 | * @param curr_layer_num_ssl The layer identifier for this TLS session. |
6120 | */ |
6121 | void |
6122 | ssl_add_record_info(int proto, packet_info *pinfo, const unsigned char *data, int data_len, int record_id, SslFlow *flow, ContentType type, uint8_t curr_layer_num_ssl) |
6123 | { |
6124 | SslRecordInfo* rec, **prec; |
6125 | SslPacketInfo *pi = tls_add_packet_info(proto, pinfo, curr_layer_num_ssl); |
6126 | |
6127 | rec = wmem_new(wmem_file_scope(), SslRecordInfo)((SslRecordInfo*)wmem_alloc((wmem_file_scope()), sizeof(SslRecordInfo ))); |
6128 | rec->plain_data = (unsigned char *)wmem_memdup(wmem_file_scope(), data, data_len); |
6129 | rec->data_len = data_len; |
6130 | rec->id = record_id; |
6131 | rec->type = type; |
6132 | rec->next = NULL((void*)0); |
6133 | |
6134 | if (flow && type == SSL_ID_APP_DATA) { |
6135 | rec->seq = flow->byte_seq; |
6136 | rec->flow = flow; |
6137 | flow->byte_seq += data_len; |
6138 | ssl_debug_printf("%s stored decrypted record seq=%d nxtseq=%d flow=%p\n", |
6139 | G_STRFUNC((const char*) (__func__)), rec->seq, rec->seq + data_len, (void*)flow); |
6140 | } |
6141 | |
6142 | /* Remember decrypted records. */ |
6143 | prec = &pi->records; |
6144 | while (*prec) prec = &(*prec)->next; |
6145 | *prec = rec; |
6146 | } |
6147 | |
6148 | /* search in packet data for the specified id; return a newly created tvb for the associated data */ |
6149 | tvbuff_t* |
6150 | ssl_get_record_info(tvbuff_t *parent_tvb, int proto, packet_info *pinfo, int record_id, uint8_t curr_layer_num_ssl, SslRecordInfo **matched_record) |
6151 | { |
6152 | SslRecordInfo* rec; |
6153 | SslPacketInfo* pi; |
6154 | pi = (SslPacketInfo *)p_get_proto_data(wmem_file_scope(), pinfo, proto, curr_layer_num_ssl); |
6155 | |
6156 | if (!pi) |
6157 | return NULL((void*)0); |
6158 | |
6159 | for (rec = pi->records; rec; rec = rec->next) |
6160 | if (rec->id == record_id) { |
6161 | *matched_record = rec; |
6162 | /* link new real_data_tvb with a parent tvb so it is freed when frame dissection is complete */ |
6163 | return tvb_new_child_real_data(parent_tvb, rec->plain_data, rec->data_len, rec->data_len); |
6164 | } |
6165 | |
6166 | return NULL((void*)0); |
6167 | } |
6168 | /* Links SSL records with the real packet data. }}} */ |
6169 | |
6170 | /* initialize/reset per capture state data (ssl sessions cache). {{{ */ |
6171 | void |
6172 | ssl_common_init(ssl_master_key_map_t *mk_map, |
6173 | StringInfo *decrypted_data, StringInfo *compressed_data) |
6174 | { |
6175 | mk_map->session = g_hash_table_new(ssl_hash, ssl_equal); |
6176 | mk_map->tickets = g_hash_table_new(ssl_hash, ssl_equal); |
6177 | mk_map->crandom = g_hash_table_new(ssl_hash, ssl_equal); |
6178 | mk_map->pre_master = g_hash_table_new(ssl_hash, ssl_equal); |
6179 | mk_map->pms = g_hash_table_new(ssl_hash, ssl_equal); |
6180 | mk_map->tls13_client_early = g_hash_table_new(ssl_hash, ssl_equal); |
6181 | mk_map->tls13_client_handshake = g_hash_table_new(ssl_hash, ssl_equal); |
6182 | mk_map->tls13_server_handshake = g_hash_table_new(ssl_hash, ssl_equal); |
6183 | mk_map->tls13_client_appdata = g_hash_table_new(ssl_hash, ssl_equal); |
6184 | mk_map->tls13_server_appdata = g_hash_table_new(ssl_hash, ssl_equal); |
6185 | mk_map->tls13_early_exporter = g_hash_table_new(ssl_hash, ssl_equal); |
6186 | mk_map->tls13_exporter = g_hash_table_new(ssl_hash, ssl_equal); |
6187 | |
6188 | mk_map->used_crandom = g_hash_table_new(ssl_hash, ssl_equal); |
6189 | |
6190 | ssl_data_alloc(decrypted_data, 32); |
6191 | ssl_data_alloc(compressed_data, 32); |
6192 | } |
6193 | |
6194 | void |
6195 | ssl_common_cleanup(ssl_master_key_map_t *mk_map, FILE **ssl_keylog_file, |
6196 | StringInfo *decrypted_data, StringInfo *compressed_data) |
6197 | { |
6198 | g_hash_table_destroy(mk_map->session); |
6199 | g_hash_table_destroy(mk_map->tickets); |
6200 | g_hash_table_destroy(mk_map->crandom); |
6201 | g_hash_table_destroy(mk_map->pre_master); |
6202 | g_hash_table_destroy(mk_map->pms); |
6203 | g_hash_table_destroy(mk_map->tls13_client_early); |
6204 | g_hash_table_destroy(mk_map->tls13_client_handshake); |
6205 | g_hash_table_destroy(mk_map->tls13_server_handshake); |
6206 | g_hash_table_destroy(mk_map->tls13_client_appdata); |
6207 | g_hash_table_destroy(mk_map->tls13_server_appdata); |
6208 | g_hash_table_destroy(mk_map->tls13_early_exporter); |
6209 | g_hash_table_destroy(mk_map->tls13_exporter); |
6210 | |
6211 | g_hash_table_destroy(mk_map->used_crandom); |
6212 | |
6213 | g_free(decrypted_data->data); |
6214 | g_free(compressed_data->data); |
6215 | |
6216 | /* close the previous keylog file now that the cache are cleared, this |
6217 | * allows the cache to be filled with the full keylog file contents. */ |
6218 | if (*ssl_keylog_file) { |
6219 | fclose(*ssl_keylog_file); |
6220 | *ssl_keylog_file = NULL((void*)0); |
6221 | } |
6222 | } |
6223 | /* }}} */ |
6224 | |
6225 | /* parse ssl related preferences (private keys and ports association strings) */ |
6226 | #if defined(HAVE_LIBGNUTLS1) |
6227 | /* Load a single RSA key file item from preferences. {{{ */ |
6228 | void |
6229 | ssl_parse_key_list(const ssldecrypt_assoc_t *uats, GHashTable *key_hash, const char* dissector_table_name, dissector_handle_t main_handle, bool_Bool tcp) |
6230 | { |
6231 | gnutls_x509_privkey_t x509_priv_key; |
6232 | gnutls_privkey_t priv_key = NULL((void*)0); |
6233 | FILE* fp = NULL((void*)0); |
6234 | int ret; |
6235 | size_t key_id_len = 20; |
6236 | unsigned char *key_id = NULL((void*)0); |
6237 | char *err = NULL((void*)0); |
6238 | dissector_handle_t handle; |
6239 | /* try to load keys file first */ |
6240 | fp = ws_fopenfopen(uats->keyfile, "rb"); |
6241 | if (!fp) { |
6242 | report_open_failure(uats->keyfile, errno(*__errno_location ()), false0); |
6243 | return; |
6244 | } |
6245 | |
6246 | if ((int)strlen(uats->password) == 0) { |
6247 | x509_priv_key = rsa_load_pem_key(fp, &err); |
6248 | } else { |
6249 | x509_priv_key = rsa_load_pkcs12(fp, uats->password, &err); |
6250 | } |
6251 | fclose(fp); |
6252 | |
6253 | if (!x509_priv_key) { |
6254 | if (err) { |
6255 | report_failure("Can't load private key from %s: %s", |
6256 | uats->keyfile, err); |
6257 | g_free(err); |
6258 | } else |
6259 | report_failure("Can't load private key from %s: unknown error", |
6260 | uats->keyfile); |
6261 | return; |
6262 | } |
6263 | if (err) { |
6264 | report_failure("Load of private key from %s \"succeeded\" with error %s", |
6265 | uats->keyfile, err); |
6266 | g_free(err); |
6267 | } |
6268 | |
6269 | gnutls_privkey_init(&priv_key); |
6270 | ret = gnutls_privkey_import_x509(priv_key, x509_priv_key, |
6271 | GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE|GNUTLS_PRIVKEY_IMPORT_COPY); |
6272 | if (ret < 0) { |
6273 | report_failure("Can't convert private key %s: %s", |
6274 | uats->keyfile, gnutls_strerror(ret)); |
6275 | goto end; |
6276 | } |
6277 | |
6278 | key_id = (unsigned char *) g_malloc0(key_id_len); |
6279 | ret = gnutls_x509_privkey_get_key_id(x509_priv_key, 0, key_id, &key_id_len); |
6280 | if (ret < 0) { |
6281 | report_failure("Can't calculate public key ID for %s: %s", |
6282 | uats->keyfile, gnutls_strerror(ret)); |
6283 | goto end; |
6284 | } |
6285 | ssl_print_data("KeyID", key_id, key_id_len); |
6286 | if (key_id_len != 20) { |
6287 | report_failure("Expected Key ID size %u for %s, got %zu", 20, |
6288 | uats->keyfile, key_id_len); |
6289 | goto end; |
6290 | } |
6291 | |
6292 | g_hash_table_replace(key_hash, key_id, priv_key); |
6293 | key_id = NULL((void*)0); /* used in key_hash, do not free. */ |
6294 | priv_key = NULL((void*)0); |
6295 | ssl_debug_printf("ssl_init private key file %s successfully loaded.\n", uats->keyfile); |
6296 | |
6297 | handle = ssl_find_appdata_dissector(uats->protocol); |
6298 | if (handle) { |
6299 | /* Port to subprotocol mapping */ |
6300 | uint16_t port = 0; |
6301 | if (ws_strtou16(uats->port, NULL((void*)0), &port)) { |
6302 | if (port > 0) { |
6303 | ssl_debug_printf("ssl_init port '%d' filename '%s' password(only for p12 file) '%s'\n", |
6304 | port, uats->keyfile, uats->password); |
6305 | |
6306 | ssl_association_add(dissector_table_name, main_handle, handle, port, tcp); |
6307 | } |
6308 | } else { |
6309 | if (strcmp(uats->port, "start_tls")) |
6310 | ssl_debug_printf("invalid ssl_init_port: %s\n", uats->port); |
6311 | } |
6312 | } |
6313 | |
6314 | end: |
6315 | gnutls_x509_privkey_deinit(x509_priv_key); |
6316 | gnutls_privkey_deinit(priv_key); |
6317 | g_free(key_id); |
6318 | } |
6319 | /* }}} */ |
6320 | #endif |
6321 | |
6322 | |
6323 | /* Store/load a known (pre-)master secret from/for this SSL session. {{{ */ |
6324 | /** store a known (pre-)master secret into cache */ |
6325 | static void |
6326 | ssl_save_master_key(const char *label, GHashTable *ht, StringInfo *key, |
6327 | StringInfo *mk) |
6328 | { |
6329 | StringInfo *ht_key, *master_secret; |
6330 | |
6331 | if (key->data_len == 0) { |
6332 | ssl_debug_printf("%s: not saving empty %s!\n", G_STRFUNC((const char*) (__func__)), label); |
6333 | return; |
6334 | } |
6335 | |
6336 | if (mk->data_len == 0) { |
6337 | ssl_debug_printf("%s not saving empty (pre-)master secret for %s!\n", |
6338 | G_STRFUNC((const char*) (__func__)), label); |
6339 | return; |
6340 | } |
6341 | |
6342 | /* ssl_hash() depends on session_ticket->data being aligned for unsigned access |
6343 | * so be careful in changing how it is allocated. */ |
6344 | ht_key = ssl_data_clone(key); |
6345 | master_secret = ssl_data_clone(mk); |
6346 | g_hash_table_insert(ht, ht_key, master_secret); |
6347 | |
6348 | ssl_debug_printf("%s inserted (pre-)master secret for %s\n", G_STRFUNC((const char*) (__func__)), label); |
6349 | ssl_print_string("stored key", ht_key); |
6350 | ssl_print_string("stored (pre-)master secret", master_secret); |
6351 | } |
6352 | |
6353 | /** restore a (pre-)master secret given some key in the cache */ |
6354 | static bool_Bool |
6355 | ssl_restore_master_key(SslDecryptSession *ssl, const char *label, |
6356 | bool_Bool is_pre_master, GHashTable *ht, StringInfo *key) |
6357 | { |
6358 | StringInfo *ms; |
6359 | |
6360 | if (key->data_len == 0) { |
6361 | ssl_debug_printf("%s can't restore %smaster secret using an empty %s\n", |
6362 | G_STRFUNC((const char*) (__func__)), is_pre_master ? "pre-" : "", label); |
6363 | return false0; |
6364 | } |
6365 | |
6366 | ms = (StringInfo *)g_hash_table_lookup(ht, key); |
6367 | if (!ms) { |
6368 | ssl_debug_printf("%s can't find %smaster secret by %s\n", G_STRFUNC((const char*) (__func__)), |
6369 | is_pre_master ? "pre-" : "", label); |
6370 | return false0; |
6371 | } |
6372 | |
6373 | /* (pre)master secret found, clear knowledge of other keys and set it in the |
6374 | * current conversation */ |
6375 | ssl->state &= ~(SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6) | |
6376 | SSL_HAVE_SESSION_KEY(1<<3)); |
6377 | if (is_pre_master) { |
6378 | /* unlike master secret, pre-master secret has a variable size (48 for |
6379 | * RSA, varying for PSK) and is therefore not statically allocated */ |
6380 | ssl->pre_master_secret.data = (unsigned char *) wmem_alloc(wmem_file_scope(), |
6381 | ms->data_len); |
6382 | ssl_data_set(&ssl->pre_master_secret, ms->data, ms->data_len); |
6383 | ssl->state |= SSL_PRE_MASTER_SECRET(1<<6); |
6384 | } else { |
6385 | ssl_data_set(&ssl->master_secret, ms->data, ms->data_len); |
6386 | ssl->state |= SSL_MASTER_SECRET(1<<5); |
6387 | } |
6388 | ssl_debug_printf("%s %smaster secret retrieved using %s\n", G_STRFUNC((const char*) (__func__)), |
6389 | is_pre_master ? "pre-" : "", label); |
6390 | ssl_print_string(label, key); |
6391 | ssl_print_string("(pre-)master secret", ms); |
6392 | return true1; |
6393 | } |
6394 | /* Store/load a known (pre-)master secret from/for this SSL session. }}} */ |
6395 | |
6396 | /* Should be called when all parameters are ready (after ChangeCipherSpec), and |
6397 | * the decoder should be attempted to be initialized. {{{*/ |
6398 | void |
6399 | ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map) |
6400 | { |
6401 | if (ssl->session.version == TLSV1DOT3_VERSION0x304) { |
| 1 | Assuming field 'version' is not equal to TLSV1DOT3_VERSION | |
|
| |
6402 | /* TLS 1.3 implementations only provide secrets derived from the master |
6403 | * secret which are loaded in tls13_change_key. No master secrets can be |
6404 | * loaded here, so just return. */ |
6405 | return; |
6406 | } |
6407 | ssl_debug_printf("%s state = 0x%02X\n", G_STRFUNC((const char*) (__func__)), ssl->state); |
6408 | if (ssl->state & SSL_HAVE_SESSION_KEY(1<<3)) { |
| 3 | | Assuming the condition is false | |
|
| |
6409 | ssl_debug_printf(" session key already available, nothing to do.\n"); |
6410 | return; |
6411 | } |
6412 | if (!(ssl->state & SSL_CIPHER(1<<2))) { |
| 5 | | Assuming the condition is false | |
|
6413 | ssl_debug_printf(" Cipher suite (Server Hello) is missing!\n"); |
6414 | return; |
6415 | } |
6416 | |
6417 | /* for decryption, there needs to be a master secret (which can be derived |
6418 | * from pre-master secret). If missing, try to pick a master key from cache |
6419 | * (an earlier packet in the capture or key logfile). */ |
6420 | if (!(ssl->state & (SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6))) && |
| 6 | | Assuming the condition is false | |
|
6421 | !ssl_restore_master_key(ssl, "Session ID", false0, |
6422 | mk_map->session, &ssl->session_id) && |
6423 | (!ssl->session.is_session_resumed || |
6424 | !ssl_restore_master_key(ssl, "Session Ticket", false0, |
6425 | mk_map->tickets, &ssl->session_ticket)) && |
6426 | !ssl_restore_master_key(ssl, "Client Random", false0, |
6427 | mk_map->crandom, &ssl->client_random)) { |
6428 | if (ssl->cipher_suite->enc != ENC_NULL0x3D) { |
6429 | /* how unfortunate, the master secret could not be found */ |
6430 | ssl_debug_printf(" Cannot find master secret\n"); |
6431 | return; |
6432 | } else { |
6433 | ssl_debug_printf(" Cannot find master secret, continuing anyway " |
6434 | "because of a NULL cipher\n"); |
6435 | } |
6436 | } |
6437 | |
6438 | if (ssl_generate_keyring_material(ssl) < 0) { |
| 7 | | Calling 'ssl_generate_keyring_material' | |
|
6439 | ssl_debug_printf("%s can't generate keyring material\n", G_STRFUNC((const char*) (__func__))); |
6440 | return; |
6441 | } |
6442 | /* Save Client Random/ Session ID for "SSL Export Session keys" */ |
6443 | ssl_save_master_key("Client Random", mk_map->crandom, |
6444 | &ssl->client_random, &ssl->master_secret); |
6445 | ssl_save_master_key("Session ID", mk_map->session, |
6446 | &ssl->session_id, &ssl->master_secret); |
6447 | /* Only save the new secrets if the server sent the ticket. The client |
6448 | * ticket might have become stale. */ |
6449 | if (ssl->state & SSL_NEW_SESSION_TICKET(1<<10)) { |
6450 | ssl_save_master_key("Session Ticket", mk_map->tickets, |
6451 | &ssl->session_ticket, &ssl->master_secret); |
6452 | } |
6453 | } /* }}} */ |
6454 | |
6455 | /* Load the traffic key secret from the keylog file. */ |
6456 | StringInfo * |
6457 | tls13_load_secret(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, |
6458 | bool_Bool is_from_server, TLSRecordType type) |
6459 | { |
6460 | GHashTable *key_map; |
6461 | const char *label; |
6462 | |
6463 | if (ssl->session.version != TLSV1DOT3_VERSION0x304 && ssl->session.version != DTLSV1DOT3_VERSION0xfefc) { |
6464 | ssl_debug_printf("%s TLS version %#x is not 1.3\n", G_STRFUNC((const char*) (__func__)), ssl->session.version); |
6465 | return NULL((void*)0); |
6466 | } |
6467 | |
6468 | if (ssl->client_random.data_len == 0) { |
6469 | /* May happen if Hello message is missing and Finished is found. */ |
6470 | ssl_debug_printf("%s missing Client Random\n", G_STRFUNC((const char*) (__func__))); |
6471 | return NULL((void*)0); |
6472 | } |
6473 | |
6474 | switch (type) { |
6475 | case TLS_SECRET_0RTT_APP: |
6476 | DISSECTOR_ASSERT(!is_from_server)((void) ((!is_from_server) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion \"%s\"", "epan/dissectors/packet-tls-utils.c" , 6476, "!is_from_server")))); |
6477 | label = "CLIENT_EARLY_TRAFFIC_SECRET"; |
6478 | key_map = mk_map->tls13_client_early; |
6479 | break; |
6480 | case TLS_SECRET_HANDSHAKE: |
6481 | if (is_from_server) { |
6482 | label = "SERVER_HANDSHAKE_TRAFFIC_SECRET"; |
6483 | key_map = mk_map->tls13_server_handshake; |
6484 | } else { |
6485 | label = "CLIENT_HANDSHAKE_TRAFFIC_SECRET"; |
6486 | key_map = mk_map->tls13_client_handshake; |
6487 | } |
6488 | break; |
6489 | case TLS_SECRET_APP: |
6490 | if (is_from_server) { |
6491 | label = "SERVER_TRAFFIC_SECRET_0"; |
6492 | key_map = mk_map->tls13_server_appdata; |
6493 | } else { |
6494 | label = "CLIENT_TRAFFIC_SECRET_0"; |
6495 | key_map = mk_map->tls13_client_appdata; |
6496 | } |
6497 | break; |
6498 | default: |
6499 | ws_assert_not_reached()ws_log_fatal_full("", LOG_LEVEL_ERROR, "epan/dissectors/packet-tls-utils.c" , 6499, __func__, "assertion \"not reached\" failed"); |
6500 | } |
6501 | |
6502 | /* Transitioning to new keys, mark old ones as unusable. */ |
6503 | ssl_debug_printf("%s transitioning to new key, old state 0x%02x\n", G_STRFUNC((const char*) (__func__)), ssl->state); |
6504 | ssl->state &= ~(SSL_MASTER_SECRET(1<<5) | SSL_PRE_MASTER_SECRET(1<<6) | SSL_HAVE_SESSION_KEY(1<<3)); |
6505 | |
6506 | StringInfo *secret = (StringInfo *)g_hash_table_lookup(key_map, &ssl->client_random); |
6507 | if (!secret) { |
6508 | ssl_debug_printf("%s Cannot find %s, decryption impossible\n", G_STRFUNC((const char*) (__func__)), label); |
6509 | /* Disable decryption, the keys are invalid. */ |
6510 | if (is_from_server) { |
6511 | ssl->server = NULL((void*)0); |
6512 | } else { |
6513 | ssl->client = NULL((void*)0); |
6514 | } |
6515 | return NULL((void*)0); |
6516 | } |
6517 | |
6518 | /* TLS 1.3 secret found, set new keys. */ |
6519 | ssl_debug_printf("%s Retrieved TLS 1.3 traffic secret.\n", G_STRFUNC((const char*) (__func__))); |
6520 | ssl_print_string("Client Random", &ssl->client_random); |
6521 | ssl_print_string(label, secret); |
6522 | return secret; |
6523 | } |
6524 | |
6525 | /* Load the new key. */ |
6526 | void |
6527 | tls13_change_key(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, |
6528 | bool_Bool is_from_server, TLSRecordType type) |
6529 | { |
6530 | if (ssl->state & SSL_QUIC_RECORD_LAYER(1<<13)) { |
6531 | /* |
6532 | * QUIC does not use the TLS record layer for message protection. |
6533 | * The required keys will be extracted later by QUIC. |
6534 | */ |
6535 | return; |
6536 | } |
6537 | |
6538 | StringInfo *secret = tls13_load_secret(ssl, mk_map, is_from_server, type); |
6539 | if (!secret) { |
6540 | return; |
6541 | } |
6542 | |
6543 | if (tls13_generate_keys(ssl, secret, is_from_server)) { |
6544 | /* |
6545 | * Remember the application traffic secret to support Key Update. The |
6546 | * other secrets cannot be used for this purpose, so free them. |
6547 | */ |
6548 | SslDecoder *decoder = is_from_server ? ssl->server : ssl->client; |
6549 | StringInfo *app_secret = &decoder->app_traffic_secret; |
6550 | if (type == TLS_SECRET_APP) { |
6551 | app_secret->data = (unsigned char *) wmem_realloc(wmem_file_scope(), |
6552 | app_secret->data, |
6553 | secret->data_len); |
6554 | ssl_data_set(app_secret, secret->data, secret->data_len); |
6555 | } else { |
6556 | wmem_free(wmem_file_scope(), app_secret->data); |
6557 | app_secret->data = NULL((void*)0); |
6558 | app_secret->data_len = 0; |
6559 | } |
6560 | } |
6561 | } |
6562 | |
6563 | /** |
6564 | * Update to next application data traffic secret for TLS 1.3. The previous |
6565 | * secret should have been set by tls13_change_key. |
6566 | */ |
6567 | void |
6568 | tls13_key_update(SslDecryptSession *ssl, bool_Bool is_from_server) |
6569 | { |
6570 | /* RFC 8446 Section 7.2: |
6571 | * application_traffic_secret_N+1 = |
6572 | * HKDF-Expand-Label(application_traffic_secret_N, |
6573 | * "traffic upd", "", Hash.length) |
6574 | * |
6575 | * Both application_traffic_secret_N are of the same length (Hash.length). |
6576 | */ |
6577 | const SslCipherSuite *cipher_suite = ssl->cipher_suite; |
6578 | SslDecoder *decoder = is_from_server ? ssl->server : ssl->client; |
6579 | StringInfo *app_secret = decoder ? &decoder->app_traffic_secret : NULL((void*)0); |
6580 | uint8_t tls13_draft_version = ssl->session.tls13_draft_version; |
6581 | |
6582 | if (!cipher_suite || !app_secret || app_secret->data_len == 0) { |
6583 | ssl_debug_printf("%s Cannot perform Key Update due to missing info\n", G_STRFUNC((const char*) (__func__))); |
6584 | return; |
6585 | } |
6586 | |
6587 | /* |
6588 | * Previous traffic secret is available, so find the hash function, |
6589 | * expand the new traffic secret and generate new keys. |
6590 | */ |
6591 | const char *hash_name = ssl_cipher_suite_dig(cipher_suite)->name; |
6592 | int hash_algo = ssl_get_digest_by_name(hash_name); |
6593 | const unsigned hash_len = app_secret->data_len; |
6594 | unsigned char *new_secret; |
6595 | const char *label = "traffic upd"; |
6596 | if (tls13_draft_version && tls13_draft_version < 20) { |
6597 | label = "application traffic secret"; |
6598 | } |
6599 | if (!tls13_hkdf_expand_label(hash_algo, app_secret, |
6600 | tls13_hkdf_label_prefix(ssl), |
6601 | label, hash_len, &new_secret)) { |
6602 | ssl_debug_printf("%s traffic_secret_N+1 expansion failed\n", G_STRFUNC((const char*) (__func__))); |
6603 | return; |
6604 | } |
6605 | ssl_data_set(app_secret, new_secret, hash_len); |
6606 | if (tls13_generate_keys(ssl, app_secret, is_from_server)) { |
6607 | /* |
6608 | * Remember the application traffic secret on the new decoder to |
6609 | * support another Key Update. |
6610 | */ |
6611 | decoder = is_from_server ? ssl->server : ssl->client; |
6612 | app_secret = &decoder->app_traffic_secret; |
6613 | app_secret->data = (unsigned char *) wmem_realloc(wmem_file_scope(), |
6614 | app_secret->data, |
6615 | hash_len); |
6616 | ssl_data_set(app_secret, new_secret, hash_len); |
6617 | } |
6618 | wmem_free(NULL((void*)0), new_secret); |
6619 | } |
6620 | |
6621 | void |
6622 | tls_save_crandom(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map) |
6623 | { |
6624 | if (ssl && (ssl->state & SSL_CLIENT_RANDOM(1<<0))) { |
6625 | g_hash_table_add(mk_map->used_crandom, &ssl->client_random); |
6626 | } |
6627 | } |
6628 | |
6629 | /** SSL keylog file handling. {{{ */ |
6630 | |
6631 | static GRegex * |
6632 | ssl_compile_keyfile_regex(void) |
6633 | { |
6634 | #define OCTET "(?:[[:xdigit:]]{2})" |
6635 | const char *pattern = |
6636 | "(?:" |
6637 | /* Matches Client Hellos having this Client Random */ |
6638 | "PMS_CLIENT_RANDOM (?<client_random_pms>" OCTET "{32}) " |
6639 | /* Matches first part of encrypted RSA pre-master secret */ |
6640 | "|RSA (?<encrypted_pmk>" OCTET "{8}) " |
6641 | /* Pre-Master-Secret is given, it is 48 bytes for RSA, |
6642 | but it can be of any length for DHE */ |
6643 | ")(?<pms>" OCTET "+)" |
6644 | "|(?:" |
6645 | /* Matches Server Hellos having a Session ID */ |
6646 | "RSA Session-ID:(?<session_id>" OCTET "+) Master-Key:" |
6647 | /* Matches Client Hellos having this Client Random */ |
6648 | "|CLIENT_RANDOM (?<client_random>" OCTET "{32}) " |
6649 | /* Master-Secret is given, its length is fixed */ |
6650 | ")(?<master_secret>" OCTET "{" G_STRINGIFY(SSL_MASTER_SECRET_LENGTH)"48" "})" |
6651 | "|(?" |
6652 | /* TLS 1.3 Client Random to Derived Secrets mapping. */ |
6653 | ":CLIENT_EARLY_TRAFFIC_SECRET (?<client_early>" OCTET "{32})" |
6654 | "|CLIENT_HANDSHAKE_TRAFFIC_SECRET (?<client_handshake>" OCTET "{32})" |
6655 | "|SERVER_HANDSHAKE_TRAFFIC_SECRET (?<server_handshake>" OCTET "{32})" |
6656 | "|CLIENT_TRAFFIC_SECRET_0 (?<client_appdata>" OCTET "{32})" |
6657 | "|SERVER_TRAFFIC_SECRET_0 (?<server_appdata>" OCTET "{32})" |
6658 | "|EARLY_EXPORTER_SECRET (?<early_exporter>" OCTET "{32})" |
6659 | "|EXPORTER_SECRET (?<exporter>" OCTET "{32})" |
6660 | ") (?<derived_secret>" OCTET "+)"; |
6661 | #undef OCTET |
6662 | static GRegex *regex = NULL((void*)0); |
6663 | GError *gerr = NULL((void*)0); |
6664 | |
6665 | if (!regex) { |
6666 | regex = g_regex_new(pattern, |
6667 | (GRegexCompileFlags)(G_REGEX_OPTIMIZE | G_REGEX_ANCHORED | G_REGEX_RAW), |
6668 | G_REGEX_MATCH_ANCHORED, &gerr); |
6669 | if (gerr) { |
6670 | ssl_debug_printf("%s failed to compile regex: %s\n", G_STRFUNC((const char*) (__func__)), |
6671 | gerr->message); |
6672 | g_error_free(gerr); |
6673 | regex = NULL((void*)0); |
6674 | } |
6675 | } |
6676 | |
6677 | return regex; |
6678 | } |
6679 | |
6680 | typedef struct ssl_master_key_match_group { |
6681 | const char *re_group_name; |
6682 | GHashTable *master_key_ht; |
6683 | } ssl_master_key_match_group_t; |
6684 | |
6685 | void |
6686 | tls_keylog_process_lines(const ssl_master_key_map_t *mk_map, const uint8_t *data, unsigned datalen) |
6687 | { |
6688 | ssl_master_key_match_group_t mk_groups[] = { |
6689 | { "encrypted_pmk", mk_map->pre_master }, |
6690 | { "session_id", mk_map->session }, |
6691 | { "client_random", mk_map->crandom }, |
6692 | { "client_random_pms", mk_map->pms }, |
6693 | /* TLS 1.3 map from Client Random to derived secret. */ |
6694 | { "client_early", mk_map->tls13_client_early }, |
6695 | { "client_handshake", mk_map->tls13_client_handshake }, |
6696 | { "server_handshake", mk_map->tls13_server_handshake }, |
6697 | { "client_appdata", mk_map->tls13_client_appdata }, |
6698 | { "server_appdata", mk_map->tls13_server_appdata }, |
6699 | { "early_exporter", mk_map->tls13_early_exporter }, |
6700 | { "exporter", mk_map->tls13_exporter }, |
6701 | }; |
6702 | |
6703 | /* The format of the file is a series of records with one of the following formats: |
6704 | * - "RSA xxxx yyyy" |
6705 | * Where xxxx are the first 8 bytes of the encrypted pre-master secret (hex-encoded) |
6706 | * Where yyyy is the cleartext pre-master secret (hex-encoded) |
6707 | * (this is the original format introduced with bug 4349) |
6708 | * |
6709 | * - "RSA Session-ID:xxxx Master-Key:yyyy" |
6710 | * Where xxxx is the SSL session ID (hex-encoded) |
6711 | * Where yyyy is the cleartext master secret (hex-encoded) |
6712 | * (added to support openssl s_client Master-Key output) |
6713 | * This is somewhat is a misnomer because there's nothing RSA specific |
6714 | * about this. |
6715 | * |
6716 | * - "PMS_CLIENT_RANDOM xxxx yyyy" |
6717 | * Where xxxx is the client_random from the ClientHello (hex-encoded) |
6718 | * Where yyyy is the cleartext pre-master secret (hex-encoded) |
6719 | * (This format allows SSL connections to be decrypted, if a user can |
6720 | * capture the PMS but could not recover the MS for a specific session |
6721 | * with a SSL Server.) |
6722 | * |
6723 | * - "CLIENT_RANDOM xxxx yyyy" |
6724 | * Where xxxx is the client_random from the ClientHello (hex-encoded) |
6725 | * Where yyyy is the cleartext master secret (hex-encoded) |
6726 | * (This format allows non-RSA SSL connections to be decrypted, i.e. |
6727 | * ECDHE-RSA.) |
6728 | * |
6729 | * - "CLIENT_EARLY_TRAFFIC_SECRET xxxx yyyy" |
6730 | * - "CLIENT_HANDSHAKE_TRAFFIC_SECRET xxxx yyyy" |
6731 | * - "SERVER_HANDSHAKE_TRAFFIC_SECRET xxxx yyyy" |
6732 | * - "CLIENT_TRAFFIC_SECRET_0 xxxx yyyy" |
6733 | * - "SERVER_TRAFFIC_SECRET_0 xxxx yyyy" |
6734 | * - "EARLY_EXPORTER_SECRET xxxx yyyy" |
6735 | * - "EXPORTER_SECRET xxxx yyyy" |
6736 | * Where xxxx is the client_random from the ClientHello (hex-encoded) |
6737 | * Where yyyy is the secret (hex-encoded) derived from the early, |
6738 | * handshake or master secrets. (This format is introduced with TLS 1.3 |
6739 | * and supported by BoringSSL, OpenSSL, etc. See bug 12779.) |
6740 | */ |
6741 | GRegex *regex = ssl_compile_keyfile_regex(); |
6742 | if (!regex) |
6743 | return; |
6744 | |
6745 | const char *next_line = (const char *)data; |
6746 | const char *line_end = next_line + datalen; |
6747 | while (next_line && next_line < line_end) { |
6748 | const char *line = next_line; |
6749 | next_line = (const char *)memchr(line, '\n', line_end - line); |
6750 | ssize_t linelen; |
6751 | |
6752 | if (next_line) { |
6753 | linelen = next_line - line; |
6754 | next_line++; /* drop LF */ |
6755 | } else { |
6756 | linelen = (ssize_t)(line_end - line); |
6757 | } |
6758 | if (linelen > 0 && line[linelen - 1] == '\r') { |
6759 | linelen--; /* drop CR */ |
6760 | } |
6761 | |
6762 | ssl_debug_printf(" checking keylog line: %.*s\n", (int)linelen, line); |
6763 | GMatchInfo *mi; |
6764 | if (g_regex_match_full(regex, line, linelen, 0, G_REGEX_MATCH_ANCHORED, &mi, NULL((void*)0))) { |
6765 | char *hex_key, *hex_pre_ms_or_ms; |
6766 | StringInfo *key = wmem_new(wmem_file_scope(), StringInfo)((StringInfo*)wmem_alloc((wmem_file_scope()), sizeof(StringInfo ))); |
6767 | StringInfo *pre_ms_or_ms = NULL((void*)0); |
6768 | GHashTable *ht = NULL((void*)0); |
6769 | |
6770 | /* Is the PMS being supplied with the PMS_CLIENT_RANDOM |
6771 | * otherwise we will use the Master Secret |
6772 | */ |
6773 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "master_secret"); |
6774 | if (hex_pre_ms_or_ms == NULL((void*)0) || !*hex_pre_ms_or_ms) { |
6775 | g_free(hex_pre_ms_or_ms); |
6776 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "pms"); |
6777 | } |
6778 | if (hex_pre_ms_or_ms == NULL((void*)0) || !*hex_pre_ms_or_ms) { |
6779 | g_free(hex_pre_ms_or_ms); |
6780 | hex_pre_ms_or_ms = g_match_info_fetch_named(mi, "derived_secret"); |
6781 | } |
6782 | /* There is always a match, otherwise the regex is wrong. */ |
6783 | DISSECTOR_ASSERT(hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms))((void) ((hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms )) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 6783, "hex_pre_ms_or_ms && strlen(hex_pre_ms_or_ms)" )))); |
6784 | |
6785 | /* convert from hex to bytes and save to hashtable */ |
6786 | pre_ms_or_ms = wmem_new(wmem_file_scope(), StringInfo)((StringInfo*)wmem_alloc((wmem_file_scope()), sizeof(StringInfo ))); |
6787 | from_hex(pre_ms_or_ms, hex_pre_ms_or_ms, strlen(hex_pre_ms_or_ms)); |
6788 | g_free(hex_pre_ms_or_ms); |
6789 | |
6790 | /* Find a master key from any format (CLIENT_RANDOM, SID, ...) */ |
6791 | for (unsigned i = 0; i < G_N_ELEMENTS(mk_groups)(sizeof (mk_groups) / sizeof ((mk_groups)[0])); i++) { |
6792 | ssl_master_key_match_group_t *g = &mk_groups[i]; |
6793 | hex_key = g_match_info_fetch_named(mi, g->re_group_name); |
6794 | if (hex_key && *hex_key) { |
6795 | ssl_debug_printf(" matched %s\n", g->re_group_name); |
6796 | ht = g->master_key_ht; |
6797 | from_hex(key, hex_key, strlen(hex_key)); |
6798 | g_free(hex_key); |
6799 | break; |
6800 | } |
6801 | g_free(hex_key); |
6802 | } |
6803 | DISSECTOR_ASSERT(ht)((void) ((ht) ? (void)0 : (proto_report_dissector_bug("%s:%u: failed assertion \"%s\"" , "epan/dissectors/packet-tls-utils.c", 6803, "ht")))); /* Cannot be reached, or regex is wrong. */ |
6804 | |
6805 | g_hash_table_insert(ht, key, pre_ms_or_ms); |
6806 | |
6807 | } else if (linelen > 0 && line[0] != '#') { |
6808 | ssl_debug_printf(" unrecognized line\n"); |
6809 | } |
6810 | /* always free match info even if there is no match. */ |
6811 | g_match_info_free(mi); |
6812 | } |
6813 | } |
6814 | |
6815 | void |
6816 | ssl_load_keyfile(const char *tls_keylog_filename, FILE **keylog_file, |
6817 | const ssl_master_key_map_t *mk_map) |
6818 | { |
6819 | /* no need to try if no key log file is configured. */ |
6820 | if (!tls_keylog_filename || !*tls_keylog_filename) { |
6821 | ssl_debug_printf("%s dtls/tls.keylog_file is not configured!\n", |
6822 | G_STRFUNC((const char*) (__func__))); |
6823 | return; |
6824 | } |
6825 | |
6826 | /* Validate regexes before even trying to use it. */ |
6827 | if (!ssl_compile_keyfile_regex()) { |
6828 | return; |
6829 | } |
6830 | |
6831 | ssl_debug_printf("trying to use TLS keylog in %s\n", tls_keylog_filename); |
6832 | |
6833 | /* if the keylog file was deleted/overwritten, re-open it */ |
6834 | if (*keylog_file && file_needs_reopen(ws_filenofileno(*keylog_file), tls_keylog_filename)) { |
6835 | ssl_debug_printf("%s file got deleted, trying to re-open\n", G_STRFUNC((const char*) (__func__))); |
6836 | fclose(*keylog_file); |
6837 | *keylog_file = NULL((void*)0); |
6838 | } |
6839 | |
6840 | if (*keylog_file == NULL((void*)0)) { |
6841 | *keylog_file = ws_fopenfopen(tls_keylog_filename, "r"); |
6842 | if (!*keylog_file) { |
6843 | ssl_debug_printf("%s failed to open SSL keylog\n", G_STRFUNC((const char*) (__func__))); |
6844 | return; |
6845 | } |
6846 | } |
6847 | |
6848 | for (;;) { |
6849 | char buf[1110], *line; |
6850 | line = fgets(buf, sizeof(buf), *keylog_file); |
6851 | if (!line) { |
6852 | if (feof(*keylog_file)) { |
6853 | /* Ensure that newly appended keys can be read in the future. */ |
6854 | clearerr(*keylog_file); |
6855 | } else if (ferror(*keylog_file)) { |
6856 | ssl_debug_printf("%s Error while reading key log file, closing it!\n", G_STRFUNC((const char*) (__func__))); |
6857 | fclose(*keylog_file); |
6858 | *keylog_file = NULL((void*)0); |
6859 | } |
6860 | break; |
6861 | } |
6862 | tls_keylog_process_lines(mk_map, (uint8_t *)line, (int)strlen(line)); |
6863 | } |
6864 | } |
6865 | /** SSL keylog file handling. }}} */ |
6866 | |
6867 | #ifdef SSL_DECRYPT_DEBUG /* {{{ */ |
6868 | |
6869 | static FILE* ssl_debug_file; |
6870 | |
6871 | void |
6872 | ssl_set_debug(const char* name) |
6873 | { |
6874 | static int debug_file_must_be_closed; |
6875 | int use_stderr; |
6876 | |
6877 | use_stderr = name?(strcmp(name, SSL_DEBUG_USE_STDERR"-") == 0):0; |
6878 | |
6879 | if (debug_file_must_be_closed) |
6880 | fclose(ssl_debug_file); |
6881 | |
6882 | if (use_stderr) |
6883 | ssl_debug_file = stderrstderr; |
6884 | else if (!name || (strcmp(name, "") ==0)) |
6885 | ssl_debug_file = NULL((void*)0); |
6886 | else |
6887 | ssl_debug_file = ws_fopenfopen(name, "w"); |
6888 | |
6889 | if (!use_stderr && ssl_debug_file) |
6890 | debug_file_must_be_closed = 1; |
6891 | else |
6892 | debug_file_must_be_closed = 0; |
6893 | |
6894 | ssl_debug_printf("Wireshark SSL debug log \n\n"); |
6895 | #ifdef HAVE_LIBGNUTLS1 |
6896 | ssl_debug_printf("GnuTLS version: %s\n", gnutls_check_version(NULL((void*)0))); |
6897 | #endif |
6898 | ssl_debug_printf("Libgcrypt version: %s\n", gcry_check_version(NULL((void*)0))); |
6899 | ssl_debug_printf("\n"); |
6900 | } |
6901 | |
6902 | void |
6903 | ssl_debug_flush(void) |
6904 | { |
6905 | if (ssl_debug_file) |
6906 | fflush(ssl_debug_file); |
6907 | } |
6908 | |
6909 | void |
6910 | ssl_debug_printf(const char* fmt, ...) |
6911 | { |
6912 | va_list ap; |
6913 | |
6914 | if (!ssl_debug_file) |
6915 | return; |
6916 | |
6917 | va_start(ap, fmt)__builtin_va_start(ap, fmt); |
6918 | vfprintf(ssl_debug_file, fmt, ap); |
6919 | va_end(ap)__builtin_va_end(ap); |
6920 | } |
6921 | |
6922 | void |
6923 | ssl_print_data(const char* name, const unsigned char* data, size_t len) |
6924 | { |
6925 | size_t i, j, k; |
6926 | if (!ssl_debug_file) |
6927 | return; |
6928 | fprintf(ssl_debug_file,"%s[%d]:\n",name, (int) len); |
6929 | for (i=0; i<len; i+=16) { |
6930 | fprintf(ssl_debug_file,"| "); |
6931 | for (j=i, k=0; k<16 && j<len; ++j, ++k) |
6932 | fprintf(ssl_debug_file,"%.2x ",data[j]); |
6933 | for (; k<16; ++k) |
6934 | fprintf(ssl_debug_file," "); |
6935 | fputc('|', ssl_debug_file); |
6936 | for (j=i, k=0; k<16 && j<len; ++j, ++k) { |
6937 | unsigned char c = data[j]; |
6938 | if (!g_ascii_isprint(c)((g_ascii_table[(guchar) (c)] & G_ASCII_PRINT) != 0) || (c=='\t')) c = '.'; |
6939 | fputc(c, ssl_debug_file); |
6940 | } |
6941 | for (; k<16; ++k) |
6942 | fputc(' ', ssl_debug_file); |
6943 | fprintf(ssl_debug_file,"|\n"); |
6944 | } |
6945 | } |
6946 | |
6947 | void |
6948 | ssl_print_string(const char* name, const StringInfo* data) |
6949 | { |
6950 | ssl_print_data(name, data->data, data->data_len); |
6951 | } |
6952 | #endif /* SSL_DECRYPT_DEBUG }}} */ |
6953 | |
6954 | /* UAT preferences callbacks. {{{ */ |
6955 | /* checks for SSL and DTLS UAT key list fields */ |
6956 | |
6957 | bool_Bool |
6958 | ssldecrypt_uat_fld_ip_chk_cb(void* r _U___attribute__((unused)), const char* p _U___attribute__((unused)), unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) |
6959 | { |
6960 | // This should be removed in favor of Decode As. Make it optional. |
6961 | *err = NULL((void*)0); |
6962 | return true1; |
6963 | } |
6964 | |
6965 | bool_Bool |
6966 | ssldecrypt_uat_fld_port_chk_cb(void* r _U___attribute__((unused)), const char* p, unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) |
6967 | { |
6968 | if (!p || strlen(p) == 0u) { |
6969 | // This should be removed in favor of Decode As. Make it optional. |
6970 | *err = NULL((void*)0); |
6971 | return true1; |
6972 | } |
6973 | |
6974 | if (strcmp(p, "start_tls") != 0){ |
6975 | uint16_t port; |
6976 | if (!ws_strtou16(p, NULL((void*)0), &port)) { |
6977 | *err = g_strdup("Invalid port given.")g_strdup_inline ("Invalid port given."); |
6978 | return false0; |
6979 | } |
6980 | } |
6981 | |
6982 | *err = NULL((void*)0); |
6983 | return true1; |
6984 | } |
6985 | |
6986 | bool_Bool |
6987 | ssldecrypt_uat_fld_fileopen_chk_cb(void* r _U___attribute__((unused)), const char* p, unsigned len _U___attribute__((unused)), const void* u1 _U___attribute__((unused)), const void* u2 _U___attribute__((unused)), char** err) |
6988 | { |
6989 | ws_statb64struct stat st; |
6990 | |
6991 | if (!p || strlen(p) == 0u) { |
6992 | *err = g_strdup("No filename given.")g_strdup_inline ("No filename given."); |
6993 | return false0; |
6994 | } else { |
6995 | if (ws_stat64stat(p, &st) != 0) { |
6996 | *err = ws_strdup_printf("File '%s' does not exist or access is denied.", p)wmem_strdup_printf(((void*)0), "File '%s' does not exist or access is denied." , p); |
6997 | return false0; |
6998 | } |
6999 | } |
7000 | |
7001 | *err = NULL((void*)0); |
7002 | return true1; |
7003 | } |
7004 | |
7005 | bool_Bool |
7006 | ssldecrypt_uat_fld_password_chk_cb(void *r _U___attribute__((unused)), const char *p _U___attribute__((unused)), unsigned len _U___attribute__((unused)), const void *u1 _U___attribute__((unused)), const void *u2 _U___attribute__((unused)), char **err) |
7007 | { |
7008 | #if defined(HAVE_LIBGNUTLS1) |
7009 | ssldecrypt_assoc_t* f = (ssldecrypt_assoc_t *)r; |
7010 | FILE *fp = NULL((void*)0); |
7011 | |
7012 | if (p && (strlen(p) > 0u)) { |
7013 | fp = ws_fopenfopen(f->keyfile, "rb"); |
7014 | if (fp) { |
7015 | char *msg = NULL((void*)0); |
7016 | gnutls_x509_privkey_t priv_key = rsa_load_pkcs12(fp, p, &msg); |
7017 | if (!priv_key) { |
7018 | fclose(fp); |
7019 | *err = ws_strdup_printf("Could not load PKCS#12 key file: %s", msg)wmem_strdup_printf(((void*)0), "Could not load PKCS#12 key file: %s" , msg); |
7020 | g_free(msg); |
7021 | return false0; |
7022 | } |
7023 | g_free(msg); |
7024 | gnutls_x509_privkey_deinit(priv_key); |
7025 | fclose(fp); |
7026 | } else { |
7027 | *err = ws_strdup_printf("Leave this field blank if the keyfile is not PKCS#12.")wmem_strdup_printf(((void*)0), "Leave this field blank if the keyfile is not PKCS#12." ); |
7028 | return false0; |
7029 | } |
7030 | } |
7031 | |
7032 | *err = NULL((void*)0); |
7033 | return true1; |
7034 | #else |
7035 | *err = g_strdup("Cannot load key files, support is not compiled in.")g_strdup_inline ("Cannot load key files, support is not compiled in." ); |
7036 | return false0; |
7037 | #endif |
7038 | } |
7039 | /* UAT preferences callbacks. }}} */ |
7040 | |
7041 | /** maximum size of ssl_association_info() string */ |
7042 | #define SSL_ASSOC_MAX_LEN8192 8192 |
7043 | |
7044 | typedef struct ssl_association_info_callback_data |
7045 | { |
7046 | char *str; |
7047 | const char *table_protocol; |
7048 | } ssl_association_info_callback_data_t; |
7049 | |
7050 | /** |
7051 | * callback function used by ssl_association_info() to traverse the SSL associations. |
7052 | */ |
7053 | static void |
7054 | ssl_association_info_(const char *table _U___attribute__((unused)), void *handle, void *user_data) |
7055 | { |
7056 | ssl_association_info_callback_data_t* data = (ssl_association_info_callback_data_t*)user_data; |
7057 | const int l = (const int)strlen(data->str); |
7058 | snprintf(data->str+l, SSL_ASSOC_MAX_LEN8192-l, "'%s' %s\n", dissector_handle_get_description((dissector_handle_t)handle), data->table_protocol); |
7059 | } |
7060 | |
7061 | /** |
7062 | * @return an information string on the SSL protocol associations. The string has ephemeral lifetime/scope. |
7063 | */ |
7064 | char* |
7065 | ssl_association_info(const char* dissector_table_name, const char* table_protocol) |
7066 | { |
7067 | ssl_association_info_callback_data_t data; |
7068 | |
7069 | data.str = (char *)g_malloc0(SSL_ASSOC_MAX_LEN8192); |
7070 | data.table_protocol = table_protocol; |
7071 | dissector_table_foreach_handle(dissector_table_name, ssl_association_info_, &data); |
7072 | return data.str; |
7073 | } |
7074 | |
7075 | |
7076 | /** Begin of code related to dissection of wire data. */ |
7077 | |
7078 | /* Helpers for dissecting Variable-Length Vectors. {{{ */ |
7079 | bool_Bool |
7080 | ssl_add_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
7081 | unsigned offset, unsigned offset_end, uint32_t *ret_length, |
7082 | int hf_length, uint32_t min_value, uint32_t max_value) |
7083 | { |
7084 | unsigned veclen_size; |
7085 | uint32_t veclen_value; |
7086 | proto_item *pi; |
7087 | |
7088 | DISSECTOR_ASSERT_CMPUINT(min_value, <=, max_value)((void) ((min_value <= max_value) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion " "min_value" " " "<=" " " "max_value" " (" "%" "l" "u" " " "<=" " " "%" "l" "u" ")", "epan/dissectors/packet-tls-utils.c" , 7088, (uint64_t)min_value, (uint64_t)max_value)))); |
7089 | if (offset > offset_end) { |
7090 | expert_add_info_format(pinfo, tree, &hf->ei.malformed_buffer_too_small, |
7091 | "Vector offset is past buffer end offset (%u > %u)", |
7092 | offset, offset_end); |
7093 | *ret_length = 0; |
7094 | return false0; /* Cannot read length. */ |
7095 | } |
7096 | |
7097 | if (max_value > 0xffffff) { |
7098 | veclen_size = 4; |
7099 | } else if (max_value > 0xffff) { |
7100 | veclen_size = 3; |
7101 | } else if (max_value > 0xff) { |
7102 | veclen_size = 2; |
7103 | } else { |
7104 | veclen_size = 1; |
7105 | } |
7106 | |
7107 | if (offset_end - offset < veclen_size) { |
7108 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_buffer_too_small, |
7109 | tvb, offset, offset_end - offset, |
7110 | "No more room for vector of length %u", |
7111 | veclen_size); |
7112 | *ret_length = 0; |
7113 | return false0; /* Cannot read length. */ |
7114 | } |
7115 | |
7116 | pi = proto_tree_add_item_ret_uint(tree, hf_length, tvb, offset, veclen_size, ENC_BIG_ENDIAN0x00000000, &veclen_value); |
7117 | offset += veclen_size; |
7118 | |
7119 | if (veclen_value < min_value) { |
7120 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_vector_length, |
7121 | "Vector length %u is smaller than minimum %u", |
7122 | veclen_value, min_value); |
7123 | } else if (veclen_value > max_value) { |
7124 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_vector_length, |
7125 | "Vector length %u is larger than maximum %u", |
7126 | veclen_value, max_value); |
7127 | } |
7128 | |
7129 | if (offset_end - offset < veclen_value) { |
7130 | expert_add_info_format(pinfo, pi, &hf->ei.malformed_buffer_too_small, |
7131 | "Vector length %u is too large, truncating it to %u", |
7132 | veclen_value, offset_end - offset); |
7133 | *ret_length = offset_end - offset; |
7134 | return false0; /* Length is truncated to avoid overflow. */ |
7135 | } |
7136 | |
7137 | *ret_length = veclen_value; |
7138 | return true1; /* Length is OK. */ |
7139 | } |
7140 | |
7141 | bool_Bool |
7142 | ssl_end_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
7143 | unsigned offset, unsigned offset_end) |
7144 | { |
7145 | if (offset < offset_end) { |
7146 | unsigned trailing = offset_end - offset; |
7147 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_trailing_data, |
7148 | tvb, offset, trailing, |
7149 | "%u trailing byte%s unprocessed", |
7150 | trailing, plurality(trailing, " was", "s were")((trailing) == 1 ? (" was") : ("s were"))); |
7151 | return false0; /* unprocessed data warning */ |
7152 | } else if (offset > offset_end) { |
7153 | /* |
7154 | * Returned offset runs past the end. This should not happen and is |
7155 | * possibly a dissector bug. |
7156 | */ |
7157 | unsigned excess = offset - offset_end; |
7158 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.malformed_buffer_too_small, |
7159 | tvb, offset_end, excess, |
7160 | "Dissector processed too much data (%u byte%s)", |
7161 | excess, plurality(excess, "", "s")((excess) == 1 ? ("") : ("s"))); |
7162 | return false0; /* overflow error */ |
7163 | } |
7164 | |
7165 | return true1; /* OK, offset matches. */ |
7166 | } |
7167 | /** }}} */ |
7168 | |
7169 | |
7170 | static uint32_t |
7171 | ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
7172 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
7173 | uint16_t version, int hf_sig_len, int hf_sig); |
7174 | |
7175 | /* change_cipher_spec(20) dissection */ |
7176 | void |
7177 | ssl_dissect_change_cipher_spec(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
7178 | packet_info *pinfo, proto_tree *tree, |
7179 | uint32_t offset, SslSession *session, |
7180 | bool_Bool is_from_server, |
7181 | const SslDecryptSession *ssl) |
7182 | { |
7183 | /* |
7184 | * struct { |
7185 | * enum { change_cipher_spec(1), (255) } type; |
7186 | * } ChangeCipherSpec; |
7187 | */ |
7188 | proto_item *ti; |
7189 | proto_item_set_text(tree, |
7190 | "%s Record Layer: %s Protocol: Change Cipher Spec", |
7191 | val_to_str_const(session->version, ssl_version_short_names, "SSL"), |
7192 | val_to_str_const(SSL_ID_CHG_CIPHER_SPEC, ssl_31_content_type, "unknown")); |
7193 | ti = proto_tree_add_item(tree, hf->hf.change_cipher_spec, tvb, offset, 1, ENC_NA0x00000000); |
7194 | |
7195 | if (session->version == TLSV1DOT3_VERSION0x304) { |
7196 | /* CCS is a dummy message in TLS 1.3, do not parse it further. */ |
7197 | return; |
7198 | } |
7199 | |
7200 | /* Remember frame number of first CCS */ |
7201 | uint32_t *ccs_frame = is_from_server ? &session->server_ccs_frame : &session->client_ccs_frame; |
7202 | if (*ccs_frame == 0) |
7203 | *ccs_frame = pinfo->num; |
7204 | |
7205 | /* Use heuristics to detect an abbreviated handshake, assume that missing |
7206 | * ServerHelloDone implies reusing previously negotiating keys. Then when |
7207 | * a Session ID or ticket is present, it must be a resumed session. |
7208 | * Normally this should be done at the Finished message, but that may be |
7209 | * encrypted so we do it here, at the last cleartext message. */ |
7210 | if (is_from_server && ssl) { |
7211 | if (session->is_session_resumed) { |
7212 | const char *resumed = NULL((void*)0); |
7213 | if (ssl->session_ticket.data_len) { |
7214 | resumed = "Session Ticket"; |
7215 | } else if (ssl->session_id.data_len) { |
7216 | resumed = "Session ID"; |
7217 | } |
7218 | if (resumed) { |
7219 | ssl_debug_printf("%s Session resumption using %s\n", G_STRFUNC((const char*) (__func__)), resumed); |
7220 | } else { |
7221 | /* Can happen if the capture somehow starts in the middle */ |
7222 | ssl_debug_printf("%s No Session resumption, missing packets?\n", G_STRFUNC((const char*) (__func__))); |
7223 | } |
7224 | } else { |
7225 | ssl_debug_printf("%s Not using Session resumption\n", G_STRFUNC((const char*) (__func__))); |
7226 | } |
7227 | } |
7228 | if (is_from_server && session->is_session_resumed) |
7229 | expert_add_info(pinfo, ti, &hf->ei.resumed); |
7230 | } |
7231 | |
7232 | /** Begin of handshake(22) record dissections */ |
7233 | |
7234 | /* Dissects a SignatureScheme (TLS 1.3) or SignatureAndHashAlgorithm (TLS 1.2). |
7235 | * {{{ */ |
7236 | static void |
7237 | tls_dissect_signature_algorithm(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset, ja4_data_t *ja4_data) |
7238 | { |
7239 | uint32_t sighash, hashalg, sigalg; |
7240 | proto_item *ti_sigalg; |
7241 | proto_tree *sigalg_tree; |
7242 | |
7243 | ti_sigalg = proto_tree_add_item_ret_uint(tree, hf->hf.hs_sig_hash_alg, tvb, |
7244 | offset, 2, ENC_BIG_ENDIAN0x00000000, &sighash); |
7245 | if (ja4_data) { |
7246 | wmem_list_append(ja4_data->sighash_list, GUINT_TO_POINTER(sighash)((gpointer) (gulong) (sighash))); |
7247 | } |
7248 | |
7249 | sigalg_tree = proto_item_add_subtree(ti_sigalg, hf->ett.hs_sig_hash_alg); |
7250 | |
7251 | /* TLS 1.2: SignatureAndHashAlgorithm { hash, signature } */ |
7252 | proto_tree_add_item_ret_uint(sigalg_tree, hf->hf.hs_sig_hash_hash, tvb, |
7253 | offset, 1, ENC_BIG_ENDIAN0x00000000, &hashalg); |
7254 | proto_tree_add_item_ret_uint(sigalg_tree, hf->hf.hs_sig_hash_sig, tvb, |
7255 | offset + 1, 1, ENC_BIG_ENDIAN0x00000000, &sigalg); |
7256 | |
7257 | /* No TLS 1.3 SignatureScheme? Fallback to TLS 1.2 interpretation. */ |
7258 | if (!try_val_to_str(sighash, tls13_signature_algorithm)) { |
7259 | proto_item_set_text(ti_sigalg, "Signature Algorithm: %s %s (0x%04x)", |
7260 | val_to_str_const(hashalg, tls_hash_algorithm, "Unknown"), |
7261 | val_to_str_const(sigalg, tls_signature_algorithm, "Unknown"), |
7262 | sighash); |
7263 | } |
7264 | } /* }}} */ |
7265 | |
7266 | /* dissect a list of hash algorithms, return the number of bytes dissected |
7267 | this is used for the signature algorithms extension and for the |
7268 | TLS1.2 certificate request. {{{ */ |
7269 | static int |
7270 | ssl_dissect_hash_alg_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, |
7271 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, ja4_data_t *ja4_data) |
7272 | { |
7273 | /* https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 |
7274 | * struct { |
7275 | * HashAlgorithm hash; |
7276 | * SignatureAlgorithm signature; |
7277 | * } SignatureAndHashAlgorithm; |
7278 | * SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>; |
7279 | */ |
7280 | proto_tree *subtree; |
7281 | proto_item *ti; |
7282 | unsigned sh_alg_length; |
7283 | uint32_t next_offset; |
7284 | |
7285 | /* SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2> */ |
7286 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sh_alg_length, |
7287 | hf->hf.hs_sig_hash_alg_len, 2, UINT16_MAX(65535) - 1)) { |
7288 | return offset_end; |
7289 | } |
7290 | offset += 2; |
7291 | next_offset = offset + sh_alg_length; |
7292 | |
7293 | ti = proto_tree_add_none_format(tree, hf->hf.hs_sig_hash_algs, tvb, offset, sh_alg_length, |
7294 | "Signature Hash Algorithms (%u algorithm%s)", |
7295 | sh_alg_length / 2, plurality(sh_alg_length / 2, "", "s")((sh_alg_length / 2) == 1 ? ("") : ("s"))); |
7296 | subtree = proto_item_add_subtree(ti, hf->ett.hs_sig_hash_algs); |
7297 | |
7298 | while (offset + 2 <= next_offset) { |
7299 | tls_dissect_signature_algorithm(hf, tvb, subtree, offset, ja4_data); |
7300 | offset += 2; |
7301 | } |
7302 | |
7303 | if (!ssl_end_vector(hf, tvb, pinfo, subtree, offset, next_offset)) { |
7304 | offset = next_offset; |
7305 | } |
7306 | |
7307 | return offset; |
7308 | } /* }}} */ |
7309 | |
7310 | /* Dissection of DistinguishedName (for CertificateRequest and |
7311 | * certificate_authorities extension). {{{ */ |
7312 | static uint32_t |
7313 | tls_dissect_certificate_authorities(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
7314 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
7315 | { |
7316 | proto_item *ti; |
7317 | proto_tree *subtree; |
7318 | uint32_t dnames_length, next_offset; |
7319 | asn1_ctx_t asn1_ctx; |
7320 | int dnames_count = 100; /* the maximum number of DNs to add to the tree */ |
7321 | |
7322 | /* Note: minimum length is 0 for TLS 1.1/1.2 and 3 for earlier/later */ |
7323 | /* DistinguishedName certificate_authorities<0..2^16-1> */ |
7324 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &dnames_length, |
7325 | hf->hf.hs_dnames_len, 0, UINT16_MAX(65535))) { |
7326 | return offset_end; |
7327 | } |
7328 | offset += 2; |
7329 | next_offset = offset + dnames_length; |
7330 | |
7331 | if (dnames_length > 0) { |
7332 | ti = proto_tree_add_none_format(tree, |
7333 | hf->hf.hs_dnames, |
7334 | tvb, offset, dnames_length, |
7335 | "Distinguished Names (%d byte%s)", |
7336 | dnames_length, |
7337 | plurality(dnames_length, "", "s")((dnames_length) == 1 ? ("") : ("s"))); |
7338 | subtree = proto_item_add_subtree(ti, hf->ett.dnames); |
7339 | |
7340 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); |
7341 | |
7342 | while (offset < next_offset) { |
7343 | /* get the length of the current certificate */ |
7344 | uint32_t name_length; |
7345 | |
7346 | if (dnames_count-- == 0) { |
7347 | /* stop adding to tree when the list is considered too large |
7348 | * https://gitlab.com/wireshark/wireshark/-/issues/16202 |
7349 | Note: dnames_count must be set low enough not to hit the |
7350 | limit set by PINFO_LAYER_MAX_RECURSION_DEPTH in packet.c |
7351 | */ |
7352 | ti = proto_tree_add_item(subtree, hf->hf.hs_dnames_truncated, |
7353 | tvb, offset, next_offset - offset, ENC_NA0x00000000); |
7354 | proto_item_set_generated(ti); |
7355 | return next_offset; |
7356 | } |
7357 | |
7358 | /* opaque DistinguishedName<1..2^16-1> */ |
7359 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &name_length, |
7360 | hf->hf.hs_dname_len, 1, UINT16_MAX(65535))) { |
7361 | return next_offset; |
7362 | } |
7363 | offset += 2; |
7364 | |
7365 | dissect_x509if_DistinguishedName(false0, tvb, offset, &asn1_ctx, |
7366 | subtree, hf->hf.hs_dname); |
7367 | offset += name_length; |
7368 | } |
7369 | } |
7370 | return offset; |
7371 | } /* }}} */ |
7372 | |
7373 | |
7374 | /** TLS Extensions (in Client Hello and Server Hello). {{{ */ |
7375 | static int |
7376 | ssl_dissect_hnd_hello_ext_sig_hash_algs(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
7377 | proto_tree *tree, packet_info* pinfo, uint32_t offset, uint32_t offset_end, ja4_data_t *ja4_data) |
7378 | { |
7379 | return ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, ja4_data); |
7380 | } |
7381 | |
7382 | static int |
7383 | ssl_dissect_hnd_ext_delegated_credentials(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
7384 | proto_tree *tree, packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type) |
7385 | { |
7386 | if (hnd_type == SSL_HND_CLIENT_HELLO) { |
7387 | /* |
7388 | * struct { |
7389 | * SignatureScheme supported_signature_algorithm<2..2^16-2>; |
7390 | * } SignatureSchemeList; |
7391 | */ |
7392 | |
7393 | return ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, NULL((void*)0)); |
7394 | } else { |
7395 | asn1_ctx_t asn1_ctx; |
7396 | unsigned pubkey_length, sign_length; |
7397 | |
7398 | /* |
7399 | * struct { |
7400 | * uint32 valid_time; |
7401 | * SignatureScheme expected_cert_verify_algorithm; |
7402 | * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; |
7403 | * } Credential; |
7404 | * |
7405 | * struct { |
7406 | * Credential cred; |
7407 | * SignatureScheme algorithm; |
7408 | * opaque signature<0..2^16-1>; |
7409 | * } DelegatedCredential; |
7410 | */ |
7411 | |
7412 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); |
7413 | |
7414 | proto_tree_add_item(tree, hf->hf.hs_cred_valid_time, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
7415 | offset += 4; |
7416 | |
7417 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); |
7418 | offset += 2; |
7419 | |
7420 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &pubkey_length, |
7421 | hf->hf.hs_cred_pubkey_len, 1, G_MAXUINT24((1U << 24) - 1))) { |
7422 | return offset_end; |
7423 | } |
7424 | offset += 3; |
7425 | dissect_x509af_SubjectPublicKeyInfo(false0, tvb, offset, &asn1_ctx, tree, hf->hf.hs_cred_pubkey); |
7426 | offset += pubkey_length; |
7427 | |
7428 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); |
7429 | offset += 2; |
7430 | |
7431 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sign_length, |
7432 | hf->hf.hs_cred_signature_len, 1, UINT16_MAX(65535))) { |
7433 | return offset_end; |
7434 | } |
7435 | offset += 2; |
7436 | proto_tree_add_item(tree, hf->hf.hs_cred_signature, |
7437 | tvb, offset, sign_length, ENC_ASCII0x00000000|ENC_NA0x00000000); |
7438 | offset += sign_length; |
7439 | |
7440 | return offset; |
7441 | } |
7442 | } |
7443 | |
7444 | static int |
7445 | ssl_dissect_hnd_hello_ext_alps(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
7446 | packet_info *pinfo, proto_tree *tree, |
7447 | uint32_t offset, uint32_t offset_end, |
7448 | uint8_t hnd_type) |
7449 | { |
7450 | |
7451 | /* https://datatracker.ietf.org/doc/html/draft-vvv-tls-alps-01#section-4 */ |
7452 | |
7453 | switch (hnd_type) { |
7454 | case SSL_HND_CLIENT_HELLO: { |
7455 | proto_tree *alps_tree; |
7456 | proto_item *ti; |
7457 | uint32_t next_offset, alps_length, name_length; |
7458 | |
7459 | /* |
7460 | * opaque ProtocolName<1..2^8-1>; |
7461 | * struct { |
7462 | * ProtocolName supported_protocols<2..2^16-1> |
7463 | * } ApplicationSettingsSupport; |
7464 | */ |
7465 | |
7466 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &alps_length, |
7467 | hf->hf.hs_ext_alps_len, 2, UINT16_MAX(65535))) { |
7468 | return offset_end; |
7469 | } |
7470 | offset += 2; |
7471 | next_offset = offset + alps_length; |
7472 | |
7473 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_alps_alpn_list, |
7474 | tvb, offset, alps_length, ENC_NA0x00000000); |
7475 | alps_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_alps); |
7476 | |
7477 | /* Parse list (note missing check for end of vector, ssl_add_vector below |
7478 | * ensures that data is always available.) */ |
7479 | while (offset < next_offset) { |
7480 | if (!ssl_add_vector(hf, tvb, pinfo, alps_tree, offset, next_offset, &name_length, |
7481 | hf->hf.hs_ext_alps_alpn_str_len, 1, UINT8_MAX(255))) { |
7482 | return next_offset; |
7483 | } |
7484 | offset++; |
7485 | |
7486 | proto_tree_add_item(alps_tree, hf->hf.hs_ext_alps_alpn_str, |
7487 | tvb, offset, name_length, ENC_ASCII0x00000000|ENC_NA0x00000000); |
7488 | offset += name_length; |
7489 | } |
7490 | |
7491 | return offset; |
7492 | } |
7493 | case SSL_HND_ENCRYPTED_EXTS: |
7494 | /* Opaque blob */ |
7495 | proto_tree_add_item(tree, hf->hf.hs_ext_alps_settings, |
7496 | tvb, offset, offset_end - offset, ENC_ASCII0x00000000|ENC_NA0x00000000); |
7497 | break; |
7498 | } |
7499 | |
7500 | return offset_end; |
7501 | } |
7502 | |
7503 | static int |
7504 | ssl_dissect_hnd_hello_ext_alpn(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
7505 | packet_info *pinfo, proto_tree *tree, |
7506 | uint32_t offset, uint32_t offset_end, |
7507 | uint8_t hnd_type, SslSession *session, |
7508 | bool_Bool is_dtls, ja4_data_t *ja4_data) |
7509 | { |
7510 | |
7511 | /* https://tools.ietf.org/html/rfc7301#section-3.1 |
7512 | * opaque ProtocolName<1..2^8-1>; |
7513 | * struct { |
7514 | * ProtocolName protocol_name_list<2..2^16-1> |
7515 | * } ProtocolNameList; |
7516 | */ |
7517 | proto_tree *alpn_tree; |
7518 | proto_item *ti; |
7519 | uint32_t next_offset, alpn_length, name_length; |
7520 | uint8_t *proto_name = NULL((void*)0), *client_proto_name = NULL((void*)0); |
7521 | |
7522 | /* ProtocolName protocol_name_list<2..2^16-1> */ |
7523 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &alpn_length, |
7524 | hf->hf.hs_ext_alpn_len, 2, UINT16_MAX(65535))) { |
7525 | return offset_end; |
7526 | } |
7527 | offset += 2; |
7528 | next_offset = offset + alpn_length; |
7529 | |
7530 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_alpn_list, |
7531 | tvb, offset, alpn_length, ENC_NA0x00000000); |
7532 | alpn_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_alpn); |
7533 | |
7534 | /* Parse list (note missing check for end of vector, ssl_add_vector below |
7535 | * ensures that data is always available.) */ |
7536 | while (offset < next_offset) { |
7537 | /* opaque ProtocolName<1..2^8-1> */ |
7538 | if (!ssl_add_vector(hf, tvb, pinfo, alpn_tree, offset, next_offset, &name_length, |
7539 | hf->hf.hs_ext_alpn_str_len, 1, UINT8_MAX(255))) { |
7540 | return next_offset; |
7541 | } |
7542 | offset++; |
7543 | |
7544 | proto_tree_add_item(alpn_tree, hf->hf.hs_ext_alpn_str, |
7545 | tvb, offset, name_length, ENC_ASCII0x00000000|ENC_NA0x00000000); |
7546 | if (ja4_data && wmem_strbuf_get_len(ja4_data->alpn) == 0) { |
7547 | const char alpn_first_char = (char)tvb_get_uint8(tvb,offset); |
7548 | const char alpn_last_char = (char)tvb_get_uint8(tvb,offset + name_length - 1); |
7549 | if ((g_ascii_isprint(alpn_first_char)((g_ascii_table[(guchar) (alpn_first_char)] & G_ASCII_PRINT ) != 0)) && g_ascii_isprint(alpn_last_char)((g_ascii_table[(guchar) (alpn_last_char)] & G_ASCII_PRINT ) != 0)) { |
7550 | wmem_strbuf_append_printf(ja4_data->alpn, "%c%c", alpn_first_char, alpn_last_char); |
7551 | } |
7552 | else { |
7553 | wmem_strbuf_append_printf(ja4_data->alpn, "%x%x",(alpn_first_char >> 4) & 0x0F, |
7554 | alpn_last_char & 0x0F); |
7555 | } |
7556 | } |
7557 | /* Remember first ALPN ProtocolName entry for server. */ |
7558 | if (hnd_type == SSL_HND_SERVER_HELLO || hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS) { |
7559 | /* '\0'-terminated string for dissector table match and prefix |
7560 | * comparison purposes. */ |
7561 | proto_name = tvb_get_string_enc(pinfo->pool, tvb, offset, |
7562 | name_length, ENC_ASCII0x00000000); |
7563 | } else if (hnd_type == SSL_HND_CLIENT_HELLO) { |
7564 | client_proto_name = tvb_get_string_enc(pinfo->pool, tvb, offset, |
7565 | name_length, ENC_ASCII0x00000000); |
7566 | } |
7567 | offset += name_length; |
7568 | } |
7569 | |
7570 | /* If ALPN is given in ServerHello, then ProtocolNameList MUST contain |
7571 | * exactly one "ProtocolName". */ |
7572 | if (proto_name) { |
7573 | dissector_handle_t handle; |
7574 | |
7575 | session->alpn_name = wmem_strdup(wmem_file_scope(), proto_name); |
7576 | |
7577 | if (is_dtls) { |
7578 | handle = dissector_get_string_handle(dtls_alpn_dissector_table, |
7579 | proto_name); |
7580 | } else { |
7581 | handle = dissector_get_string_handle(ssl_alpn_dissector_table, |
7582 | proto_name); |
7583 | if (handle == NULL((void*)0)) { |
7584 | /* Try prefix matching */ |
7585 | for (size_t i = 0; i < G_N_ELEMENTS(ssl_alpn_prefix_match_protocols)(sizeof (ssl_alpn_prefix_match_protocols) / sizeof ((ssl_alpn_prefix_match_protocols )[0])); i++) { |
7586 | const ssl_alpn_prefix_match_protocol_t *alpn_proto = &ssl_alpn_prefix_match_protocols[i]; |
7587 | |
7588 | /* string_string is inappropriate as it compares strings |
7589 | * while "byte strings MUST NOT be truncated" (RFC 7301) */ |
7590 | if (g_str_has_prefix(proto_name, alpn_proto->proto_prefix)(__builtin_constant_p (alpn_proto->proto_prefix)? __extension__ ({ const char * const __str = (proto_name); const char * const __prefix = (alpn_proto->proto_prefix); gboolean __result = (0); if (__str == ((void*)0) || __prefix == ((void*)0)) __result = (g_str_has_prefix) (__str, __prefix); else { const size_t __str_len = strlen (((__str) + !(__str))); const size_t __prefix_len = strlen (((__prefix) + !(__prefix))); if (__str_len >= __prefix_len ) __result = memcmp (((__str) + !(__str)), ((__prefix) + !(__prefix )), __prefix_len) == 0; } __result; }) : (g_str_has_prefix) ( proto_name, alpn_proto->proto_prefix) )) { |
7591 | handle = find_dissector(alpn_proto->dissector_name); |
7592 | break; |
7593 | } |
7594 | } |
7595 | } |
7596 | } |
7597 | if (handle != NULL((void*)0)) { |
7598 | /* ProtocolName match, so set the App data dissector handle. |
7599 | * This may override protocols given via the UAT dialog, but |
7600 | * since the ALPN hint is precise, do it anyway. */ |
7601 | ssl_debug_printf("%s: changing handle %p to %p (%s)", G_STRFUNC((const char*) (__func__)), |
7602 | (void *)session->app_handle, |
7603 | (void *)handle, |
7604 | dissector_handle_get_dissector_name(handle)); |
7605 | session->app_handle = handle; |
7606 | } |
7607 | } else if (client_proto_name) { |
7608 | // No current use for looking up the handle as the only consumer of this API is currently the QUIC dissector |
7609 | // and it just needs the string since there are/were various HTTP/3 ALPNs to check for. |
7610 | session->client_alpn_name = wmem_strdup(wmem_file_scope(), client_proto_name); |
7611 | } |
7612 | |
7613 | return offset; |
7614 | } |
7615 | |
7616 | static int |
7617 | ssl_dissect_hnd_hello_ext_npn(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
7618 | packet_info *pinfo, proto_tree *tree, |
7619 | uint32_t offset, uint32_t offset_end) |
7620 | { |
7621 | /* https://tools.ietf.org/html/draft-agl-tls-nextprotoneg-04#page-3 |
7622 | * The "extension_data" field of a "next_protocol_negotiation" extension |
7623 | * in a "ServerHello" contains an optional list of protocols advertised |
7624 | * by the server. Protocols are named by opaque, non-empty byte strings |
7625 | * and the list of protocols is serialized as a concatenation of 8-bit, |
7626 | * length prefixed byte strings. Implementations MUST ensure that the |
7627 | * empty string is not included and that no byte strings are truncated. |
7628 | */ |
7629 | uint32_t npn_length; |
7630 | proto_tree *npn_tree; |
7631 | |
7632 | /* List is optional, do not add tree if there are no entries. */ |
7633 | if (offset == offset_end) { |
7634 | return offset; |
7635 | } |
7636 | |
7637 | npn_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_npn, NULL((void*)0), "Next Protocol Negotiation"); |
7638 | |
7639 | while (offset < offset_end) { |
7640 | /* non-empty, 8-bit length prefixed strings means range 1..255 */ |
7641 | if (!ssl_add_vector(hf, tvb, pinfo, npn_tree, offset, offset_end, &npn_length, |
7642 | hf->hf.hs_ext_npn_str_len, 1, UINT8_MAX(255))) { |
7643 | return offset_end; |
7644 | } |
7645 | offset++; |
7646 | |
7647 | proto_tree_add_item(npn_tree, hf->hf.hs_ext_npn_str, |
7648 | tvb, offset, npn_length, ENC_ASCII0x00000000|ENC_NA0x00000000); |
7649 | offset += npn_length; |
7650 | } |
7651 | |
7652 | return offset; |
7653 | } |
7654 | |
7655 | static int |
7656 | ssl_dissect_hnd_hello_ext_reneg_info(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
7657 | packet_info *pinfo, proto_tree *tree, |
7658 | uint32_t offset, uint32_t offset_end) |
7659 | { |
7660 | /* https://tools.ietf.org/html/rfc5746#section-3.2 |
7661 | * struct { |
7662 | * opaque renegotiated_connection<0..255>; |
7663 | * } RenegotiationInfo; |
7664 | * |
7665 | */ |
7666 | proto_tree *reneg_info_tree; |
7667 | uint32_t reneg_info_length; |
7668 | |
7669 | reneg_info_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_reneg_info, NULL((void*)0), "Renegotiation Info extension"); |
7670 | |
7671 | /* opaque renegotiated_connection<0..255> */ |
7672 | if (!ssl_add_vector(hf, tvb, pinfo, reneg_info_tree, offset, offset_end, &reneg_info_length, |
7673 | hf->hf.hs_ext_reneg_info_len, 0, 255)) { |
7674 | return offset_end; |
7675 | } |
7676 | offset++; |
7677 | |
7678 | if (reneg_info_length > 0) { |
7679 | proto_tree_add_item(reneg_info_tree, hf->hf.hs_ext_reneg_info, tvb, offset, reneg_info_length, ENC_NA0x00000000); |
7680 | offset += reneg_info_length; |
7681 | } |
7682 | |
7683 | return offset; |
7684 | } |
7685 | |
7686 | static int |
7687 | ssl_dissect_hnd_hello_ext_key_share_entry(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
7688 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
7689 | const char **group_name_out) |
7690 | { |
7691 | /* RFC 8446 Section 4.2.8 |
7692 | * struct { |
7693 | * NamedGroup group; |
7694 | * opaque key_exchange<1..2^16-1>; |
7695 | * } KeyShareEntry; |
7696 | */ |
7697 | uint32_t key_exchange_length, group; |
7698 | proto_tree *ks_tree; |
7699 | |
7700 | ks_tree = proto_tree_add_subtree(tree, tvb, offset, 4, hf->ett.hs_ext_key_share_ks, NULL((void*)0), "Key Share Entry"); |
7701 | |
7702 | proto_tree_add_item_ret_uint(ks_tree, hf->hf.hs_ext_key_share_group, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &group); |
7703 | offset += 2; |
7704 | const char *group_name = val_to_str(group, ssl_extension_curves, "Unknown (%u)"); |
7705 | proto_item_append_text(ks_tree, ": Group: %s", group_name); |
7706 | if (group_name_out) { |
7707 | *group_name_out = !IS_GREASE_TLS(group)((((group) & 0x0f0f) == 0x0a0a) && (((group) & 0xff) == (((group)>>8) & 0xff))) ? group_name : NULL((void*)0); |
7708 | } |
7709 | |
7710 | /* opaque key_exchange<1..2^16-1> */ |
7711 | if (!ssl_add_vector(hf, tvb, pinfo, ks_tree, offset, offset_end, &key_exchange_length, |
7712 | hf->hf.hs_ext_key_share_key_exchange_length, 1, UINT16_MAX(65535))) { |
7713 | return offset_end; /* Bad (possible truncated) length, skip to end of KeyShare extension. */ |
7714 | } |
7715 | offset += 2; |
7716 | proto_item_set_len(ks_tree, 2 + 2 + key_exchange_length); |
7717 | proto_item_append_text(ks_tree, ", Key Exchange length: %u", key_exchange_length); |
7718 | |
7719 | proto_tree_add_item(ks_tree, hf->hf.hs_ext_key_share_key_exchange, tvb, offset, key_exchange_length, ENC_NA0x00000000); |
7720 | offset += key_exchange_length; |
7721 | |
7722 | return offset; |
7723 | } |
7724 | |
7725 | static int |
7726 | ssl_dissect_hnd_hello_ext_key_share(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
7727 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
7728 | uint8_t hnd_type) |
7729 | { |
7730 | proto_tree *key_share_tree; |
7731 | uint32_t next_offset; |
7732 | uint32_t client_shares_length; |
7733 | uint32_t group; |
7734 | const char *group_name = NULL((void*)0); |
7735 | |
7736 | if (offset_end <= offset) { /* Check if ext_len == 0 and "overflow" (offset + ext_len) > uint32_t) */ |
7737 | return offset; |
7738 | } |
7739 | |
7740 | key_share_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_key_share, NULL((void*)0), "Key Share extension"); |
7741 | |
7742 | switch(hnd_type){ |
7743 | case SSL_HND_CLIENT_HELLO: |
7744 | /* KeyShareEntry client_shares<0..2^16-1> */ |
7745 | if (!ssl_add_vector(hf, tvb, pinfo, key_share_tree, offset, offset_end, &client_shares_length, |
7746 | hf->hf.hs_ext_key_share_client_length, 0, UINT16_MAX(65535))) { |
7747 | return offset_end; |
7748 | } |
7749 | offset += 2; |
7750 | next_offset = offset + client_shares_length; |
7751 | const char *sep = " "; |
7752 | while (offset + 4 <= next_offset) { /* (NamedGroup (2 bytes), key_exchange (1 byte for length, 1 byte minimum data) */ |
7753 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, key_share_tree, offset, next_offset, &group_name); |
7754 | if (group_name) { |
7755 | proto_item_append_text(tree, "%s%s", sep, group_name); |
7756 | sep = ", "; |
7757 | } |
7758 | } |
7759 | if (!ssl_end_vector(hf, tvb, pinfo, key_share_tree, offset, next_offset)) { |
7760 | return next_offset; |
7761 | } |
7762 | break; |
7763 | case SSL_HND_SERVER_HELLO: |
7764 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, key_share_tree, offset, offset_end, &group_name); |
7765 | if (group_name) { |
7766 | proto_item_append_text(tree, " %s", group_name); |
7767 | } |
7768 | break; |
7769 | case SSL_HND_HELLO_RETRY_REQUEST: |
7770 | proto_tree_add_item_ret_uint(key_share_tree, hf->hf.hs_ext_key_share_selected_group, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &group); |
7771 | offset += 2; |
7772 | group_name = val_to_str(group, ssl_extension_curves, "Unknown (%u)"); |
7773 | proto_item_append_text(tree, " %s", group_name); |
7774 | break; |
7775 | default: /* no default */ |
7776 | break; |
7777 | } |
7778 | |
7779 | return offset; |
7780 | } |
7781 | |
7782 | static int |
7783 | ssl_dissect_hnd_hello_ext_pre_shared_key(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
7784 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
7785 | uint8_t hnd_type) |
7786 | { |
7787 | /* RFC 8446 Section 4.2.11 |
7788 | * struct { |
7789 | * opaque identity<1..2^16-1>; |
7790 | * uint32 obfuscated_ticket_age; |
7791 | * } PskIdentity; |
7792 | * opaque PskBinderEntry<32..255>; |
7793 | * struct { |
7794 | * select (Handshake.msg_type) { |
7795 | * case client_hello: |
7796 | * PskIdentity identities<7..2^16-1>; |
7797 | * PskBinderEntry binders<33..2^16-1>; |
7798 | * case server_hello: |
7799 | * uint16 selected_identity; |
7800 | * }; |
7801 | * } PreSharedKeyExtension; |
7802 | */ |
7803 | |
7804 | proto_tree *psk_tree; |
7805 | |
7806 | psk_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_pre_shared_key, NULL((void*)0), "Pre-Shared Key extension"); |
7807 | |
7808 | switch (hnd_type){ |
7809 | case SSL_HND_CLIENT_HELLO: { |
7810 | uint32_t identities_length, identities_end, binders_length; |
7811 | |
7812 | /* PskIdentity identities<7..2^16-1> */ |
7813 | if (!ssl_add_vector(hf, tvb, pinfo, psk_tree, offset, offset_end, &identities_length, |
7814 | hf->hf.hs_ext_psk_identities_length, 7, UINT16_MAX(65535))) { |
7815 | return offset_end; |
7816 | } |
7817 | offset += 2; |
7818 | identities_end = offset + identities_length; |
7819 | |
7820 | while (offset < identities_end) { |
7821 | uint32_t identity_length; |
7822 | proto_tree *identity_tree; |
7823 | |
7824 | identity_tree = proto_tree_add_subtree(psk_tree, tvb, offset, 4, hf->ett.hs_ext_psk_identity, NULL((void*)0), "PSK Identity ("); |
7825 | |
7826 | /* opaque identity<1..2^16-1> */ |
7827 | if (!ssl_add_vector(hf, tvb, pinfo, identity_tree, offset, identities_end, &identity_length, |
7828 | hf->hf.hs_ext_psk_identity_identity_length, 1, UINT16_MAX(65535))) { |
7829 | return identities_end; |
7830 | } |
7831 | offset += 2; |
7832 | proto_item_append_text(identity_tree, "length: %u)", identity_length); |
7833 | |
7834 | proto_tree_add_item(identity_tree, hf->hf.hs_ext_psk_identity_identity, tvb, offset, identity_length, ENC_BIG_ENDIAN0x00000000); |
7835 | offset += identity_length; |
7836 | |
7837 | proto_tree_add_item(identity_tree, hf->hf.hs_ext_psk_identity_obfuscated_ticket_age, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
7838 | offset += 4; |
7839 | |
7840 | proto_item_set_len(identity_tree, 2 + identity_length + 4); |
7841 | } |
7842 | if (!ssl_end_vector(hf, tvb, pinfo, psk_tree, offset, identities_end)) { |
7843 | offset = identities_end; |
7844 | } |
7845 | |
7846 | /* PskBinderEntry binders<33..2^16-1> */ |
7847 | if (!ssl_add_vector(hf, tvb, pinfo, psk_tree, offset, offset_end, &binders_length, |
7848 | hf->hf.hs_ext_psk_binders_length, 33, UINT16_MAX(65535))) { |
7849 | return offset_end; |
7850 | } |
7851 | offset += 2; |
7852 | |
7853 | proto_tree_add_item(psk_tree, hf->hf.hs_ext_psk_binders, tvb, offset, binders_length, ENC_NA0x00000000); |
7854 | offset += binders_length; |
7855 | } |
7856 | break; |
7857 | case SSL_HND_SERVER_HELLO: { |
7858 | proto_tree_add_item(psk_tree, hf->hf.hs_ext_psk_identity_selected, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
7859 | offset += 2; |
7860 | } |
7861 | break; |
7862 | default: |
7863 | break; |
7864 | } |
7865 | |
7866 | return offset; |
7867 | } |
7868 | |
7869 | static uint32_t |
7870 | ssl_dissect_hnd_hello_ext_early_data(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), |
7871 | proto_tree *tree, uint32_t offset, uint32_t offset_end _U___attribute__((unused)), |
7872 | uint8_t hnd_type, SslDecryptSession *ssl) |
7873 | { |
7874 | /* RFC 8446 Section 4.2.10 |
7875 | * struct {} Empty; |
7876 | * struct { |
7877 | * select (Handshake.msg_type) { |
7878 | * case new_session_ticket: uint32 max_early_data_size; |
7879 | * case client_hello: Empty; |
7880 | * case encrypted_extensions: Empty; |
7881 | * }; |
7882 | * } EarlyDataIndication; |
7883 | */ |
7884 | switch (hnd_type) { |
7885 | case SSL_HND_CLIENT_HELLO: |
7886 | /* Remember that early_data will follow the handshake. */ |
7887 | if (ssl) { |
7888 | ssl_debug_printf("%s found early_data extension\n", G_STRFUNC((const char*) (__func__))); |
7889 | ssl->has_early_data = true1; |
7890 | } |
7891 | break; |
7892 | case SSL_HND_NEWSESSION_TICKET: |
7893 | proto_tree_add_item(tree, hf->hf.hs_ext_max_early_data_size, tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
7894 | offset += 4; |
7895 | break; |
7896 | default: |
7897 | break; |
7898 | } |
7899 | return offset; |
7900 | } |
7901 | |
7902 | static uint16_t |
7903 | tls_try_get_version(bool_Bool is_dtls, uint16_t version, uint8_t *draft_version) |
7904 | { |
7905 | if (draft_version) { |
7906 | *draft_version = 0; |
7907 | } |
7908 | if (!is_dtls) { |
7909 | uint8_t tls13_draft = extract_tls13_draft_version(version); |
7910 | if (tls13_draft != 0) { |
7911 | /* This is TLS 1.3 (a draft version). */ |
7912 | if (draft_version) { |
7913 | *draft_version = tls13_draft; |
7914 | } |
7915 | version = TLSV1DOT3_VERSION0x304; |
7916 | } |
7917 | if (version == 0xfb17 || version == 0xfb1a) { |
7918 | /* Unofficial TLS 1.3 draft version for Facebook fizz. */ |
7919 | tls13_draft = (uint8_t)version; |
7920 | if (draft_version) { |
7921 | *draft_version = tls13_draft; |
7922 | } |
7923 | version = TLSV1DOT3_VERSION0x304; |
7924 | } |
7925 | } |
7926 | |
7927 | switch (version) { |
7928 | case SSLV3_VERSION0x300: |
7929 | case TLSV1_VERSION0x301: |
7930 | case TLSV1DOT1_VERSION0x302: |
7931 | case TLSV1DOT2_VERSION0x303: |
7932 | case TLSV1DOT3_VERSION0x304: |
7933 | case TLCPV1_VERSION0x101: |
7934 | if (is_dtls) |
7935 | return SSL_VER_UNKNOWN0; |
7936 | break; |
7937 | |
7938 | case DTLSV1DOT0_VERSION0xfeff: |
7939 | case DTLSV1DOT0_OPENSSL_VERSION0x100: |
7940 | case DTLSV1DOT2_VERSION0xfefd: |
7941 | case DTLSV1DOT3_VERSION0xfefc: |
7942 | if (!is_dtls) |
7943 | return SSL_VER_UNKNOWN0; |
7944 | break; |
7945 | |
7946 | default: /* invalid version number */ |
7947 | return SSL_VER_UNKNOWN0; |
7948 | } |
7949 | |
7950 | return version; |
7951 | } |
7952 | |
7953 | static int |
7954 | ssl_dissect_hnd_hello_ext_supported_versions(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
7955 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
7956 | SslSession *session, bool_Bool is_dtls, ja4_data_t *ja4_data) |
7957 | { |
7958 | |
7959 | /* RFC 8446 Section 4.2.1 |
7960 | * struct { |
7961 | * ProtocolVersion versions<2..254>; // ClientHello |
7962 | * } SupportedVersions; |
7963 | * Note that ServerHello and HelloRetryRequest are handled by the caller. |
7964 | */ |
7965 | uint32_t versions_length, next_offset; |
7966 | /* ProtocolVersion versions<2..254> */ |
7967 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &versions_length, |
7968 | hf->hf.hs_ext_supported_versions_len, 2, 254)) { |
7969 | return offset_end; |
7970 | } |
7971 | offset++; |
7972 | next_offset = offset + versions_length; |
7973 | |
7974 | unsigned version; |
7975 | unsigned current_version, lowest_version = SSL_VER_UNKNOWN0; |
7976 | uint8_t draft_version, max_draft_version = 0; |
7977 | const char *sep = " "; |
7978 | while (offset + 2 <= next_offset) { |
7979 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_supported_version, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &version); |
7980 | offset += 2; |
7981 | |
7982 | if (!IS_GREASE_TLS(version)((((version) & 0x0f0f) == 0x0a0a) && (((version) & 0xff) == (((version)>>8) & 0xff)))) { |
7983 | proto_item_append_text(tree, "%s%s", sep, val_to_str(version, ssl_versions, "Unknown (0x%04x)")); |
7984 | sep = ", "; |
7985 | } |
7986 | |
7987 | current_version = tls_try_get_version(is_dtls, version, &draft_version); |
7988 | if (session->version == SSL_VER_UNKNOWN0) { |
7989 | if (lowest_version == SSL_VER_UNKNOWN0) { |
7990 | lowest_version = current_version; |
7991 | } else if (current_version != SSL_VER_UNKNOWN0) { |
7992 | if (!is_dtls) { |
7993 | lowest_version = MIN(lowest_version, current_version)(((lowest_version) < (current_version)) ? (lowest_version) : (current_version)); |
7994 | } else { |
7995 | lowest_version = MAX(lowest_version, current_version)(((lowest_version) > (current_version)) ? (lowest_version) : (current_version)); |
7996 | } |
7997 | } |
7998 | } |
7999 | max_draft_version = MAX(draft_version, max_draft_version)(((draft_version) > (max_draft_version)) ? (draft_version) : (max_draft_version)); |
8000 | if (ja4_data && !IS_GREASE_TLS(version)((((version) & 0x0f0f) == 0x0a0a) && (((version) & 0xff) == (((version)>>8) & 0xff)))) { |
8001 | /* The DTLS version numbers get mapped to "00" for unknown per |
8002 | * JA4 spec, but if JA4 ever does support DTLS we'll probably |
8003 | * need to take the MIN instead of MAX here for DTLS. |
8004 | */ |
8005 | ja4_data->max_version = MAX(version, ja4_data->max_version)(((version) > (ja4_data->max_version)) ? (version) : (ja4_data ->max_version)); |
8006 | } |
8007 | } |
8008 | if (session->version == SSL_VER_UNKNOWN0 && lowest_version != SSL_VER_UNKNOWN0) { |
8009 | col_set_str(pinfo->cinfo, COL_PROTOCOL, |
8010 | val_to_str_const(version, ssl_version_short_names, is_dtls ? "DTLS" : "TLS")); |
8011 | } |
8012 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { |
8013 | offset = next_offset; |
8014 | } |
8015 | |
8016 | /* XXX remove this when draft 19 support is dropped, |
8017 | * this is only required for early data decryption. */ |
8018 | if (max_draft_version) { |
8019 | session->tls13_draft_version = max_draft_version; |
8020 | } |
8021 | |
8022 | return offset; |
8023 | } |
8024 | |
8025 | static int |
8026 | ssl_dissect_hnd_hello_ext_cookie(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
8027 | packet_info *pinfo, proto_tree *tree, |
8028 | uint32_t offset, uint32_t offset_end) |
8029 | { |
8030 | /* RFC 8446 Section 4.2.2 |
8031 | * struct { |
8032 | * opaque cookie<1..2^16-1>; |
8033 | * } Cookie; |
8034 | */ |
8035 | uint32_t cookie_length; |
8036 | /* opaque cookie<1..2^16-1> */ |
8037 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cookie_length, |
8038 | hf->hf.hs_ext_cookie_len, 1, UINT16_MAX(65535))) { |
8039 | return offset_end; |
8040 | } |
8041 | offset += 2; |
8042 | |
8043 | proto_tree_add_item(tree, hf->hf.hs_ext_cookie, tvb, offset, cookie_length, ENC_NA0x00000000); |
8044 | offset += cookie_length; |
8045 | |
8046 | return offset; |
8047 | } |
8048 | |
8049 | static int |
8050 | ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
8051 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
8052 | { |
8053 | /* RFC 8446 Section 4.2.9 |
8054 | * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode; |
8055 | * |
8056 | * struct { |
8057 | * PskKeyExchangeMode ke_modes<1..255>; |
8058 | * } PskKeyExchangeModes; |
8059 | */ |
8060 | uint32_t ke_modes_length, next_offset; |
8061 | |
8062 | /* PskKeyExchangeMode ke_modes<1..255> */ |
8063 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &ke_modes_length, |
8064 | hf->hf.hs_ext_psk_ke_modes_length, 1, 255)) { |
8065 | return offset_end; |
8066 | } |
8067 | offset++; |
8068 | next_offset = offset + ke_modes_length; |
8069 | |
8070 | while (offset < next_offset) { |
8071 | proto_tree_add_item(tree, hf->hf.hs_ext_psk_ke_mode, tvb, offset, 1, ENC_NA0x00000000); |
8072 | offset++; |
8073 | } |
8074 | |
8075 | return offset; |
8076 | } |
8077 | |
8078 | static uint32_t |
8079 | ssl_dissect_hnd_hello_ext_certificate_authorities(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
8080 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
8081 | { |
8082 | /* RFC 8446 Section 4.2.4 |
8083 | * opaque DistinguishedName<1..2^16-1>; |
8084 | * struct { |
8085 | * DistinguishedName authorities<3..2^16-1>; |
8086 | * } CertificateAuthoritiesExtension; |
8087 | */ |
8088 | return tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); |
8089 | } |
8090 | |
8091 | static int |
8092 | ssl_dissect_hnd_hello_ext_oid_filters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
8093 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
8094 | { |
8095 | /* RFC 8446 Section 4.2.5 |
8096 | * struct { |
8097 | * opaque certificate_extension_oid<1..2^8-1>; |
8098 | * opaque certificate_extension_values<0..2^16-1>; |
8099 | * } OIDFilter; |
8100 | * struct { |
8101 | * OIDFilter filters<0..2^16-1>; |
8102 | * } OIDFilterExtension; |
8103 | */ |
8104 | proto_tree *subtree; |
8105 | uint32_t filters_length, oid_length, values_length, value_offset; |
8106 | asn1_ctx_t asn1_ctx; |
8107 | const char *oid, *name; |
8108 | |
8109 | /* OIDFilter filters<0..2^16-1> */ |
8110 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &filters_length, |
8111 | hf->hf.hs_ext_psk_ke_modes_length, 0, UINT16_MAX(65535))) { |
8112 | return offset_end; |
8113 | } |
8114 | offset += 2; |
8115 | offset_end = offset + filters_length; |
8116 | |
8117 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); |
8118 | |
8119 | while (offset < offset_end) { |
8120 | subtree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, |
8121 | hf->ett.hs_ext_oid_filter, NULL((void*)0), "OID Filter"); |
8122 | |
8123 | /* opaque certificate_extension_oid<1..2^8-1> */ |
8124 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &oid_length, |
8125 | hf->hf.hs_ext_oid_filters_oid_length, 1, UINT8_MAX(255))) { |
8126 | return offset_end; |
8127 | } |
8128 | offset++; |
8129 | dissect_ber_object_identifier_str(false0, &asn1_ctx, subtree, tvb, offset, |
8130 | hf->hf.hs_ext_oid_filters_oid, &oid); |
8131 | offset += oid_length; |
8132 | |
8133 | /* Append OID to tree label */ |
8134 | name = oid_resolved_from_string(pinfo->pool, oid); |
8135 | proto_item_append_text(subtree, " (%s)", name ? name : oid); |
8136 | |
8137 | /* opaque certificate_extension_values<0..2^16-1> */ |
8138 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &values_length, |
8139 | hf->hf.hs_ext_oid_filters_values_length, 0, UINT16_MAX(65535))) { |
8140 | return offset_end; |
8141 | } |
8142 | offset += 2; |
8143 | proto_item_set_len(subtree, 1 + oid_length + 2 + values_length); |
8144 | if (values_length > 0) { |
8145 | value_offset = offset; |
8146 | value_offset = dissect_ber_identifier(pinfo, subtree, tvb, value_offset, NULL((void*)0), NULL((void*)0), NULL((void*)0)); |
8147 | value_offset = dissect_ber_length(pinfo, subtree, tvb, value_offset, NULL((void*)0), NULL((void*)0)); |
8148 | call_ber_oid_callback(oid, tvb, value_offset, pinfo, subtree, NULL((void*)0)); |
8149 | } |
8150 | offset += values_length; |
8151 | } |
8152 | |
8153 | return offset; |
8154 | } |
8155 | |
8156 | static int |
8157 | ssl_dissect_hnd_hello_ext_server_name(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
8158 | packet_info *pinfo, proto_tree *tree, |
8159 | uint32_t offset, uint32_t offset_end) |
8160 | { |
8161 | /* https://tools.ietf.org/html/rfc6066#section-3 |
8162 | * |
8163 | * struct { |
8164 | * NameType name_type; |
8165 | * select (name_type) { |
8166 | * case host_name: HostName; |
8167 | * } name; |
8168 | * } ServerName; |
8169 | * |
8170 | * enum { |
8171 | * host_name(0), (255) |
8172 | * } NameType; |
8173 | * |
8174 | * opaque HostName<1..2^16-1>; |
8175 | * |
8176 | * struct { |
8177 | * ServerName server_name_list<1..2^16-1> |
8178 | * } ServerNameList; |
8179 | */ |
8180 | proto_tree *server_name_tree; |
8181 | uint32_t list_length, server_name_length, next_offset; |
8182 | |
8183 | /* The server SHALL include "server_name" extension with empty data. */ |
8184 | if (offset == offset_end) { |
8185 | return offset; |
8186 | } |
8187 | |
8188 | server_name_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, hf->ett.hs_ext_server_name, NULL((void*)0), "Server Name Indication extension"); |
8189 | |
8190 | /* ServerName server_name_list<1..2^16-1> */ |
8191 | if (!ssl_add_vector(hf, tvb, pinfo, server_name_tree, offset, offset_end, &list_length, |
8192 | hf->hf.hs_ext_server_name_list_len, 1, UINT16_MAX(65535))) { |
8193 | return offset_end; |
8194 | } |
8195 | offset += 2; |
8196 | next_offset = offset + list_length; |
8197 | |
8198 | while (offset < next_offset) { |
8199 | uint32_t name_type; |
8200 | const uint8_t *server_name = NULL((void*)0); |
8201 | proto_tree_add_item_ret_uint(server_name_tree, hf->hf.hs_ext_server_name_type, |
8202 | tvb, offset, 1, ENC_NA0x00000000, &name_type); |
8203 | offset++; |
8204 | |
8205 | /* opaque HostName<1..2^16-1> */ |
8206 | if (!ssl_add_vector(hf, tvb, pinfo, server_name_tree, offset, next_offset, &server_name_length, |
8207 | hf->hf.hs_ext_server_name_len, 1, UINT16_MAX(65535))) { |
8208 | return next_offset; |
8209 | } |
8210 | offset += 2; |
8211 | |
8212 | proto_tree_add_item_ret_string(server_name_tree, hf->hf.hs_ext_server_name, |
8213 | tvb, offset, server_name_length, ENC_ASCII0x00000000|ENC_NA0x00000000, |
8214 | pinfo->pool, &server_name); |
8215 | offset += server_name_length; |
8216 | // Each type must only occur once, so we don't check for duplicates. |
8217 | if (name_type == 0) { |
8218 | proto_item_append_text(tree, " name=%s", server_name); |
8219 | col_append_fstr(pinfo->cinfo, COL_INFO, " (SNI=%s)", server_name); |
8220 | |
8221 | if (gbl_resolv_flags.handshake_sni_addr_resolution) { |
8222 | // Client Hello: Client (Src) -> Server (Dst) |
8223 | switch (pinfo->dst.type) { |
8224 | case AT_IPv4: |
8225 | if (pinfo->dst.len == sizeof(uint32_t)) { |
8226 | add_ipv4_name(*(uint32_t *)pinfo->dst.data, server_name, false0); |
8227 | } |
8228 | break; |
8229 | case AT_IPv6: |
8230 | if (pinfo->dst.len == sizeof(ws_in6_addr)) { |
8231 | add_ipv6_name(pinfo->dst.data, server_name, false0); |
8232 | } |
8233 | break; |
8234 | } |
8235 | } |
8236 | } |
8237 | } |
8238 | return offset; |
8239 | } |
8240 | |
8241 | static int |
8242 | ssl_dissect_hnd_hello_ext_session_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
8243 | proto_tree *tree, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, SslDecryptSession *ssl) |
8244 | { |
8245 | unsigned ext_len = offset_end - offset; |
8246 | if (hnd_type == SSL_HND_CLIENT_HELLO && ssl && ext_len != 0) { |
8247 | tvb_ensure_bytes_exist(tvb, offset, ext_len); |
8248 | /* Save the Session Ticket such that it can be used as identifier for |
8249 | * restoring a previous Master Secret (in ChangeCipherSpec) */ |
8250 | ssl->session_ticket.data = (unsigned char*)wmem_realloc(wmem_file_scope(), |
8251 | ssl->session_ticket.data, ext_len); |
8252 | ssl->session_ticket.data_len = ext_len; |
8253 | tvb_memcpy(tvb,ssl->session_ticket.data, offset, ext_len); |
8254 | } |
8255 | proto_tree_add_item(tree, hf->hf.hs_ext_session_ticket, |
8256 | tvb, offset, ext_len, ENC_NA0x00000000); |
8257 | return offset + ext_len; |
8258 | } |
8259 | |
8260 | static int |
8261 | ssl_dissect_hnd_hello_ext_cert_type(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
8262 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
8263 | uint8_t hnd_type, uint16_t ext_type, SslSession *session) |
8264 | { |
8265 | uint8_t cert_list_length; |
8266 | uint8_t cert_type; |
8267 | proto_tree *cert_list_tree; |
8268 | proto_item *ti; |
8269 | |
8270 | switch(hnd_type){ |
8271 | case SSL_HND_CLIENT_HELLO: |
8272 | cert_list_length = tvb_get_uint8(tvb, offset); |
8273 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_types_len, |
8274 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
8275 | offset += 1; |
8276 | if (offset_end - offset != (uint32_t)cert_list_length) |
8277 | return offset; |
8278 | |
8279 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_cert_types, tvb, offset, |
8280 | cert_list_length, cert_list_length); |
8281 | proto_item_append_text(ti, " (%d)", cert_list_length); |
8282 | |
8283 | /* make this a subtree */ |
8284 | cert_list_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_cert_types); |
8285 | |
8286 | /* loop over all point formats */ |
8287 | while (cert_list_length > 0) |
8288 | { |
8289 | proto_tree_add_item(cert_list_tree, hf->hf.hs_ext_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
8290 | offset++; |
8291 | cert_list_length--; |
8292 | } |
8293 | break; |
8294 | case SSL_HND_SERVER_HELLO: |
8295 | case SSL_HND_ENCRYPTED_EXTENSIONS: |
8296 | case SSL_HND_CERTIFICATE: |
8297 | cert_type = tvb_get_uint8(tvb, offset); |
8298 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
8299 | offset += 1; |
8300 | if (ext_type == SSL_HND_HELLO_EXT_CERT_TYPE9 || ext_type == SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19) { |
8301 | session->client_cert_type = cert_type; |
8302 | } |
8303 | if (ext_type == SSL_HND_HELLO_EXT_CERT_TYPE9 || ext_type == SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20) { |
8304 | session->server_cert_type = cert_type; |
8305 | } |
8306 | break; |
8307 | default: /* no default */ |
8308 | break; |
8309 | } |
8310 | |
8311 | return offset; |
8312 | } |
8313 | |
8314 | static uint32_t |
8315 | ssl_dissect_hnd_hello_ext_compress_certificate(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
8316 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
8317 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) |
8318 | { |
8319 | uint32_t compress_certificate_algorithms_length, next_offset; |
8320 | |
8321 | /* https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03#section-3.0 |
8322 | * enum { |
8323 | * zlib(1), |
8324 | * brotli(2), |
8325 | * (65535) |
8326 | * } CertificateCompressionAlgorithm; |
8327 | * |
8328 | * struct { |
8329 | * CertificateCompressionAlgorithm algorithms<1..2^8-1>; |
8330 | * } CertificateCompressionAlgorithms; |
8331 | */ |
8332 | switch (hnd_type) { |
8333 | case SSL_HND_CLIENT_HELLO: |
8334 | case SSL_HND_CERT_REQUEST: |
8335 | /* CertificateCompressionAlgorithm algorithms<1..2^8-1>;*/ |
8336 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compress_certificate_algorithms_length, |
8337 | hf->hf.hs_ext_compress_certificate_algorithms_length, 1, UINT8_MAX(255)-1)) { |
8338 | return offset_end; |
8339 | } |
8340 | offset += 1; |
8341 | next_offset = offset + compress_certificate_algorithms_length; |
8342 | |
8343 | while (offset < next_offset) { |
8344 | proto_tree_add_item(tree, hf->hf.hs_ext_compress_certificate_algorithm, |
8345 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
8346 | offset += 2; |
8347 | } |
8348 | break; |
8349 | default: |
8350 | break; |
8351 | } |
8352 | |
8353 | return offset; |
8354 | } |
8355 | |
8356 | static uint32_t |
8357 | ssl_dissect_hnd_hello_ext_token_binding(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
8358 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
8359 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) |
8360 | { |
8361 | uint32_t key_parameters_length, next_offset; |
8362 | proto_item *p_ti; |
8363 | proto_tree *p_tree; |
8364 | |
8365 | /* RFC 8472 |
8366 | * |
8367 | * struct { |
8368 | * uint8 major; |
8369 | * uint8 minor; |
8370 | * } TB_ProtocolVersion; |
8371 | * |
8372 | * enum { |
8373 | * rsa2048_pkcs1.5(0), rsa2048_pss(1), ecdsap256(2), (255) |
8374 | * } TokenBindingKeyParameters; |
8375 | * |
8376 | * struct { |
8377 | * TB_ProtocolVersion token_binding_version; |
8378 | * TokenBindingKeyParameters key_parameters_list<1..2^8-1> |
8379 | * } TokenBindingParameters; |
8380 | */ |
8381 | |
8382 | switch (hnd_type) { |
8383 | case SSL_HND_CLIENT_HELLO: |
8384 | case SSL_HND_SERVER_HELLO: |
8385 | proto_tree_add_item(tree, hf->hf.hs_ext_token_binding_version_major, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
8386 | offset += 1; |
8387 | proto_tree_add_item(tree, hf->hf.hs_ext_token_binding_version_minor, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
8388 | offset += 1; |
8389 | |
8390 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &key_parameters_length, |
8391 | hf->hf.hs_ext_token_binding_key_parameters_length, 1, UINT8_MAX(255))) { |
8392 | return offset_end; |
8393 | } |
8394 | offset += 1; |
8395 | next_offset = offset + key_parameters_length; |
8396 | |
8397 | p_ti = proto_tree_add_none_format(tree, |
8398 | hf->hf.hs_ext_token_binding_key_parameters, |
8399 | tvb, offset, key_parameters_length, |
8400 | "Key parameters identifiers (%d identifier%s)", |
8401 | key_parameters_length, |
8402 | plurality(key_parameters_length, "", "s")((key_parameters_length) == 1 ? ("") : ("s"))); |
8403 | p_tree = proto_item_add_subtree(p_ti, hf->ett.hs_ext_token_binding_key_parameters); |
8404 | |
8405 | while (offset < next_offset) { |
8406 | proto_tree_add_item(p_tree, hf->hf.hs_ext_token_binding_key_parameter, |
8407 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
8408 | offset += 1; |
8409 | } |
8410 | |
8411 | if (!ssl_end_vector(hf, tvb, pinfo, p_tree, offset, next_offset)) { |
8412 | offset = next_offset; |
8413 | } |
8414 | |
8415 | break; |
8416 | default: |
8417 | break; |
8418 | } |
8419 | |
8420 | return offset; |
8421 | } |
8422 | |
8423 | static uint32_t |
8424 | ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
8425 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
8426 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) |
8427 | { |
8428 | bool_Bool use_varint_encoding = true1; // Whether this is draft -27 or newer. |
8429 | uint32_t next_offset; |
8430 | |
8431 | /* https://tools.ietf.org/html/draft-ietf-quic-transport-25#section-18 |
8432 | * |
8433 | * Note: the following structures are not literally defined in the spec, |
8434 | * they instead use an ASCII diagram. |
8435 | * |
8436 | * struct { |
8437 | * uint16 id; |
8438 | * opaque value<0..2^16-1>; |
8439 | * } TransportParameter; // before draft -27 |
8440 | * TransportParameter TransportParameters<0..2^16-1>; // before draft -27 |
8441 | * |
8442 | * struct { |
8443 | * opaque ipv4Address[4]; |
8444 | * uint16 ipv4Port; |
8445 | * opaque ipv6Address[16]; |
8446 | * uint16 ipv6Port; |
8447 | * opaque connectionId<0..18>; |
8448 | * opaque statelessResetToken[16]; |
8449 | * } PreferredAddress; |
8450 | */ |
8451 | |
8452 | if (offset_end - offset >= 6 && |
8453 | 2 + (unsigned)tvb_get_ntohs(tvb, offset) == offset_end - offset && |
8454 | 6 + (unsigned)tvb_get_ntohs(tvb, offset + 4) <= offset_end - offset) { |
8455 | // Assume encoding of Transport Parameters draft -26 or older with at |
8456 | // least one transport parameter that has a valid length. |
8457 | use_varint_encoding = false0; |
8458 | } |
8459 | |
8460 | if (use_varint_encoding) { |
8461 | next_offset = offset_end; |
8462 | } else { |
8463 | uint32_t quic_length; |
8464 | // Assume draft -26 or earlier. |
8465 | /* TransportParameter TransportParameters<0..2^16-1>; */ |
8466 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &quic_length, |
8467 | hf->hf.hs_ext_quictp_len, 0, UINT16_MAX(65535))) { |
8468 | return offset_end; |
8469 | } |
8470 | offset += 2; |
8471 | next_offset = offset + quic_length; |
8472 | } |
8473 | |
8474 | while (offset < next_offset) { |
8475 | uint64_t parameter_type; /* 62-bit space */ |
8476 | uint32_t parameter_length; |
8477 | proto_tree *parameter_tree; |
8478 | uint32_t parameter_end_offset; |
8479 | uint64_t value; |
8480 | uint32_t len = 0, i; |
8481 | |
8482 | parameter_tree = proto_tree_add_subtree(tree, tvb, offset, 2, hf->ett.hs_ext_quictp_parameter, |
8483 | NULL((void*)0), "Parameter"); |
8484 | /* TransportParameter ID and Length. */ |
8485 | if (use_varint_encoding) { |
8486 | uint64_t parameter_length64; |
8487 | uint32_t type_len = 0; |
8488 | |
8489 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_type, |
8490 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, ¶meter_type, &type_len); |
8491 | offset += type_len; |
8492 | |
8493 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_len, |
8494 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, ¶meter_length64, &len); |
8495 | parameter_length = (uint32_t)parameter_length64; |
8496 | offset += len; |
8497 | |
8498 | proto_item_set_len(parameter_tree, type_len + len + parameter_length); |
8499 | } else { |
8500 | parameter_type = tvb_get_ntohs(tvb, offset); |
8501 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_type, |
8502 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
8503 | offset += 2; |
8504 | |
8505 | /* opaque value<0..2^16-1> */ |
8506 | if (!ssl_add_vector(hf, tvb, pinfo, parameter_tree, offset, next_offset, ¶meter_length, |
8507 | hf->hf.hs_ext_quictp_parameter_len_old, 0, UINT16_MAX(65535))) { |
8508 | return next_offset; |
8509 | } |
8510 | offset += 2; |
8511 | |
8512 | proto_item_set_len(parameter_tree, 4 + parameter_length); |
8513 | } |
8514 | |
8515 | if (IS_GREASE_QUIC(parameter_type)((parameter_type) > 27 ? ((((parameter_type) - 27) % 31) == 0) : 0)) { |
8516 | proto_item_append_text(parameter_tree, ": GREASE"); |
8517 | } else { |
8518 | proto_item_append_text(parameter_tree, ": %s", val64_to_str(parameter_type, quic_transport_parameter_id, "Unknown 0x%04x")); |
8519 | } |
8520 | |
8521 | proto_item_append_text(parameter_tree, " (len=%u)", parameter_length); |
8522 | parameter_end_offset = offset + parameter_length; |
8523 | |
8524 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_value, |
8525 | tvb, offset, parameter_length, ENC_NA0x00000000); |
8526 | |
8527 | switch (parameter_type) { |
8528 | case SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID0x00: |
8529 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_original_destination_connection_id, |
8530 | tvb, offset, parameter_length, ENC_NA0x00000000); |
8531 | offset += parameter_length; |
8532 | break; |
8533 | case SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT0x01: |
8534 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_idle_timeout, |
8535 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8536 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u" " ms", value); |
8537 | offset += len; |
8538 | break; |
8539 | case SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN0x02: |
8540 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_stateless_reset_token, |
8541 | tvb, offset, 16, ENC_BIG_ENDIAN0x00000000); |
8542 | quic_add_stateless_reset_token(pinfo, tvb, offset, NULL((void*)0)); |
8543 | offset += 16; |
8544 | break; |
8545 | case SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE0x03: |
8546 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_udp_payload_size, |
8547 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8548 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8549 | /*TODO display expert info about invalid value (< 1252 or >65527) ? */ |
8550 | offset += len; |
8551 | break; |
8552 | case SSL_HND_QUIC_TP_INITIAL_MAX_DATA0x04: |
8553 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_data, |
8554 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8555 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8556 | offset += len; |
8557 | break; |
8558 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL0x05: |
8559 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_local, |
8560 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8561 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8562 | offset += len; |
8563 | break; |
8564 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE0x06: |
8565 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote, |
8566 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8567 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8568 | offset += len; |
8569 | break; |
8570 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI0x07: |
8571 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_stream_data_uni, |
8572 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8573 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8574 | offset += len; |
8575 | break; |
8576 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI0x09: |
8577 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_streams_uni, |
8578 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8579 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8580 | offset += len; |
8581 | break; |
8582 | case SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI0x08: |
8583 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_streams_bidi, |
8584 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8585 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8586 | offset += len; |
8587 | break; |
8588 | case SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT0x0a: |
8589 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_ack_delay_exponent, |
8590 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, NULL((void*)0), &len); |
8591 | /*TODO display multiplier (x8) and expert info about invalid value (> 20) ? */ |
8592 | offset += len; |
8593 | break; |
8594 | case SSL_HND_QUIC_TP_MAX_ACK_DELAY0x0b: |
8595 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_ack_delay, |
8596 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8597 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8598 | offset += len; |
8599 | break; |
8600 | case SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION0x0c: |
8601 | /* No Payload */ |
8602 | break; |
8603 | case SSL_HND_QUIC_TP_PREFERRED_ADDRESS0x0d: { |
8604 | uint32_t connectionid_length; |
8605 | quic_cid_t cid; |
8606 | |
8607 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4address, |
8608 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
8609 | offset += 4; |
8610 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4port, |
8611 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
8612 | offset += 2; |
8613 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6address, |
8614 | tvb, offset, 16, ENC_NA0x00000000); |
8615 | offset += 16; |
8616 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6port, |
8617 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
8618 | offset += 2; |
8619 | |
8620 | if (!ssl_add_vector(hf, tvb, pinfo, parameter_tree, offset, offset_end, &connectionid_length, |
8621 | hf->hf.hs_ext_quictp_parameter_pa_connectionid_length, 0, 20)) { |
8622 | break; |
8623 | } |
8624 | offset += 1; |
8625 | |
8626 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_connectionid, |
8627 | tvb, offset, connectionid_length, ENC_NA0x00000000); |
8628 | if (connectionid_length >= 1 && connectionid_length <= QUIC_MAX_CID_LENGTH20) { |
8629 | cid.len = connectionid_length; |
8630 | // RFC 9000 5.1.1 "If the preferred_address transport |
8631 | // parameter is sent, the sequence number of the supplied |
8632 | // connection ID is 1." |
8633 | cid.seq_num = 1; |
8634 | // Multipath draft-07 "Also, the Path Identifier for the |
8635 | // connection ID specified in the "preferred address" |
8636 | // transport parameter is 0." |
8637 | cid.path_id = 0; |
8638 | tvb_memcpy(tvb, cid.cid, offset, connectionid_length); |
8639 | quic_add_connection(pinfo, &cid); |
8640 | } |
8641 | offset += connectionid_length; |
8642 | |
8643 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_statelessresettoken, |
8644 | tvb, offset, 16, ENC_NA0x00000000); |
8645 | if (connectionid_length >= 1 && connectionid_length <= QUIC_MAX_CID_LENGTH20) { |
8646 | quic_add_stateless_reset_token(pinfo, tvb, offset, &cid); |
8647 | } |
8648 | offset += 16; |
8649 | } |
8650 | break; |
8651 | case SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT0x0e: |
8652 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_active_connection_id_limit, |
8653 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8654 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8655 | offset += len; |
8656 | break; |
8657 | case SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID0x0f: |
8658 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_source_connection_id, |
8659 | tvb, offset, parameter_length, ENC_NA0x00000000); |
8660 | offset += parameter_length; |
8661 | break; |
8662 | case SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID0x10: |
8663 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_retry_source_connection_id, |
8664 | tvb, offset, parameter_length, ENC_NA0x00000000); |
8665 | offset += parameter_length; |
8666 | break; |
8667 | case SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE0x20: |
8668 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_max_datagram_frame_size, |
8669 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8670 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8671 | offset += len; |
8672 | break; |
8673 | case SSL_HND_QUIC_TP_CIBIR_ENCODING0x1000: |
8674 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_cibir_encoding_length, |
8675 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8676 | proto_item_append_text(parameter_tree, " Length: %" PRIu64"l" "u", value); |
8677 | offset += len; |
8678 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_cibir_encoding_offset, |
8679 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8680 | proto_item_append_text(parameter_tree, ", Offset: %" PRIu64"l" "u", value); |
8681 | offset += len; |
8682 | break; |
8683 | case SSL_HND_QUIC_TP_LOSS_BITS0x1057: |
8684 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_loss_bits, |
8685 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8686 | if (len > 0) { |
8687 | quic_add_loss_bits(pinfo, value); |
8688 | } |
8689 | offset += 1; |
8690 | break; |
8691 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD0xde1a: |
8692 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V10xFF03DE1A: |
8693 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT050xff04de1a: |
8694 | case SSL_HND_QUIC_TP_MIN_ACK_DELAY0xff04de1b: |
8695 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_min_ack_delay, |
8696 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8697 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u", value); |
8698 | offset += len; |
8699 | break; |
8700 | case SSL_HND_QUIC_TP_GOOGLE_USER_AGENT0x3129: |
8701 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_user_agent_id, |
8702 | tvb, offset, parameter_length, ENC_ASCII0x00000000|ENC_NA0x00000000); |
8703 | offset += parameter_length; |
8704 | break; |
8705 | case SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED0x312B: |
8706 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_key_update_not_yet_supported, |
8707 | tvb, offset, parameter_length, ENC_NA0x00000000); |
8708 | offset += parameter_length; |
8709 | break; |
8710 | case SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION0x4752: |
8711 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_version, |
8712 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
8713 | offset += 4; |
8714 | if (hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS) { /* From server */ |
8715 | uint32_t versions_length; |
8716 | |
8717 | proto_tree_add_item_ret_uint(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_supported_versions_length, |
8718 | tvb, offset, 1, ENC_NA0x00000000, &versions_length); |
8719 | offset += 1; |
8720 | for (i = 0; i < versions_length / 4; i++) { |
8721 | quic_proto_tree_add_version(tvb, parameter_tree, |
8722 | hf->hf.hs_ext_quictp_parameter_google_supported_version, offset); |
8723 | offset += 4; |
8724 | } |
8725 | } |
8726 | break; |
8727 | case SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT0x3127: |
8728 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_initial_rtt, |
8729 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8730 | proto_item_append_text(parameter_tree, " %" PRIu64"l" "u" " us", value); |
8731 | offset += len; |
8732 | break; |
8733 | case SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE0x312A: |
8734 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_support_handshake_done, |
8735 | tvb, offset, parameter_length, ENC_NA0x00000000); |
8736 | offset += parameter_length; |
8737 | break; |
8738 | case SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS0x4751: |
8739 | /* This field was used for non-standard Google-specific parameters encoded as a |
8740 | * Google QUIC_CRYPTO CHLO and it has been replaced (version >= T051) by individual |
8741 | * parameters. Report it as a bytes blob... */ |
8742 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_params, |
8743 | tvb, offset, parameter_length, ENC_NA0x00000000); |
8744 | /* ... and try decoding it: not sure what the first 4 bytes are (but they seems to be always 0) */ |
8745 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_quic_params_unknown_field, |
8746 | tvb, offset, 4, ENC_NA0x00000000); |
8747 | dissect_gquic_tags(tvb, pinfo, parameter_tree, offset + 4); |
8748 | offset += parameter_length; |
8749 | break; |
8750 | case SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS0x3128: |
8751 | proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_google_connection_options, |
8752 | tvb, offset, parameter_length, ENC_NA0x00000000); |
8753 | offset += parameter_length; |
8754 | break; |
8755 | case SSL_HND_QUIC_TP_ENABLE_TIME_STAMP0x7157: |
8756 | /* No Payload */ |
8757 | break; |
8758 | case SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V20x7158: |
8759 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_enable_time_stamp_v2, |
8760 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8761 | offset += parameter_length; |
8762 | break; |
8763 | case SSL_HND_QUIC_TP_VERSION_INFORMATION0x11: |
8764 | quic_proto_tree_add_version(tvb, parameter_tree, |
8765 | hf->hf.hs_ext_quictp_parameter_chosen_version, offset); |
8766 | offset += 4; |
8767 | for (i = 4; i < parameter_length; i += 4) { |
8768 | quic_proto_tree_add_version(tvb, parameter_tree, |
8769 | hf->hf.hs_ext_quictp_parameter_other_version, offset); |
8770 | offset += 4; |
8771 | } |
8772 | break; |
8773 | case SSL_HND_QUIC_TP_GREASE_QUIC_BIT0x2ab2: |
8774 | /* No Payload */ |
8775 | quic_add_grease_quic_bit(pinfo); |
8776 | break; |
8777 | case SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY0xFF00: |
8778 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_facebook_partial_reliability, |
8779 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8780 | offset += parameter_length; |
8781 | break; |
8782 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT040x0f739bbc1b666d04: |
8783 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_enable_multipath, |
8784 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8785 | if (value == 1) { |
8786 | quic_add_multipath(pinfo, QUIC_MP_NO_PATH_ID1); |
8787 | } |
8788 | offset += parameter_length; |
8789 | break; |
8790 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT050x0f739bbc1b666d05: |
8791 | case SSL_HND_QUIC_TP_ENABLE_MULTIPATH0x0f739bbc1b666d06: |
8792 | /* No Payload */ |
8793 | quic_add_multipath(pinfo, QUIC_MP_NO_PATH_ID1); |
8794 | break; |
8795 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATHS0x0f739bbc1b666d07: |
8796 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_paths, |
8797 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8798 | if (value > 1) { |
8799 | quic_add_multipath(pinfo, QUIC_MP_PATH_ID2); |
8800 | } |
8801 | /* multipath draft-07: "The value of the initial_max_paths |
8802 | * parameter MUST be at least 2." TODO: Expert Info? */ |
8803 | offset += parameter_length; |
8804 | break; |
8805 | case SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID0x0f739bbc1b666d09: |
8806 | proto_tree_add_item_ret_varint(parameter_tree, hf->hf.hs_ext_quictp_parameter_initial_max_path_id, |
8807 | tvb, offset, -1, ENC_VARINT_QUIC0x00000004, &value, &len); |
8808 | if (value > 1) { |
8809 | quic_add_multipath(pinfo, QUIC_MP_PATH_ID2); |
8810 | } |
8811 | offset += parameter_length; |
8812 | break; |
8813 | default: |
8814 | offset += parameter_length; |
8815 | /*TODO display expert info about unknown ? */ |
8816 | break; |
8817 | } |
8818 | |
8819 | if (!ssl_end_vector(hf, tvb, pinfo, parameter_tree, offset, parameter_end_offset)) { |
8820 | /* Dissection did not end at expected location, fix it. */ |
8821 | offset = parameter_end_offset; |
8822 | } |
8823 | } |
8824 | |
8825 | return offset; |
8826 | } |
8827 | |
8828 | static int |
8829 | ssl_dissect_hnd_hello_common(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
8830 | proto_tree *tree, uint32_t offset, |
8831 | SslSession *session, SslDecryptSession *ssl, |
8832 | bool_Bool from_server, bool_Bool is_hrr) |
8833 | { |
8834 | uint8_t sessid_length; |
8835 | proto_tree *rnd_tree; |
8836 | proto_tree *ti_rnd; |
8837 | uint8_t draft_version = session->tls13_draft_version; |
8838 | |
8839 | if (ssl) { |
8840 | StringInfo *rnd; |
8841 | if (from_server) |
8842 | rnd = &ssl->server_random; |
8843 | else |
8844 | rnd = &ssl->client_random; |
8845 | |
8846 | /* save provided random for later keyring generation */ |
8847 | tvb_memcpy(tvb, rnd->data, offset, 32); |
8848 | rnd->data_len = 32; |
8849 | if (from_server) |
8850 | ssl->state |= SSL_SERVER_RANDOM(1<<1); |
8851 | else |
8852 | ssl->state |= SSL_CLIENT_RANDOM(1<<0); |
8853 | ssl_debug_printf("%s found %s RANDOM -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), |
8854 | from_server ? "SERVER" : "CLIENT", ssl->state); |
8855 | } |
8856 | |
8857 | ti_rnd = proto_tree_add_item(tree, hf->hf.hs_random, tvb, offset, 32, ENC_NA0x00000000); |
8858 | |
8859 | if ((session->version != TLSV1DOT3_VERSION0x304) && (session->version != DTLSV1DOT3_VERSION0xfefc)) { /* No time on first bytes random with TLS 1.3 */ |
8860 | |
8861 | rnd_tree = proto_item_add_subtree(ti_rnd, hf->ett.hs_random); |
8862 | /* show the time */ |
8863 | proto_tree_add_item(rnd_tree, hf->hf.hs_random_time, |
8864 | tvb, offset, 4, ENC_TIME_SECS0x00000012|ENC_BIG_ENDIAN0x00000000); |
8865 | offset += 4; |
8866 | |
8867 | /* show the random bytes */ |
8868 | proto_tree_add_item(rnd_tree, hf->hf.hs_random_bytes, |
8869 | tvb, offset, 28, ENC_NA0x00000000); |
8870 | offset += 28; |
8871 | } else { |
8872 | if (is_hrr) { |
8873 | proto_item_append_text(ti_rnd, " (HelloRetryRequest magic)"); |
8874 | } |
8875 | |
8876 | offset += 32; |
8877 | } |
8878 | |
8879 | /* No Session ID with TLS 1.3 on Server Hello before draft -22 */ |
8880 | if (from_server == 0 || !(session->version == TLSV1DOT3_VERSION0x304 && draft_version > 0 && draft_version < 22)) { |
8881 | /* show the session id (length followed by actual Session ID) */ |
8882 | sessid_length = tvb_get_uint8(tvb, offset); |
8883 | proto_tree_add_item(tree, hf->hf.hs_session_id_len, |
8884 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
8885 | offset++; |
8886 | |
8887 | if (ssl) { |
8888 | /* save the authoritative SID for later use in ChangeCipherSpec. |
8889 | * (D)TLS restricts the SID to 32 chars, it does not make sense to |
8890 | * save more, so ignore larger ones. */ |
8891 | if (from_server && sessid_length <= 32) { |
8892 | tvb_memcpy(tvb, ssl->session_id.data, offset, sessid_length); |
8893 | ssl->session_id.data_len = sessid_length; |
8894 | } |
8895 | } |
8896 | if (sessid_length > 0) { |
8897 | proto_tree_add_item(tree, hf->hf.hs_session_id, |
8898 | tvb, offset, sessid_length, ENC_NA0x00000000); |
8899 | offset += sessid_length; |
8900 | } |
8901 | } |
8902 | |
8903 | return offset; |
8904 | } |
8905 | |
8906 | static int |
8907 | ssl_dissect_hnd_hello_ext_status_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
8908 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
8909 | bool_Bool has_length) |
8910 | { |
8911 | /* TLS 1.2/1.3 status_request Client Hello Extension. |
8912 | * TLS 1.2 status_request_v2 CertificateStatusRequestItemV2 type. |
8913 | * https://tools.ietf.org/html/rfc6066#section-8 (status_request) |
8914 | * https://tools.ietf.org/html/rfc6961#section-2.2 (status_request_v2) |
8915 | * struct { |
8916 | * CertificateStatusType status_type; |
8917 | * uint16 request_length; // for status_request_v2 |
8918 | * select (status_type) { |
8919 | * case ocsp: OCSPStatusRequest; |
8920 | * case ocsp_multi: OCSPStatusRequest; |
8921 | * } request; |
8922 | * } CertificateStatusRequest; // CertificateStatusRequestItemV2 |
8923 | * |
8924 | * enum { ocsp(1), ocsp_multi(2), (255) } CertificateStatusType; |
8925 | * struct { |
8926 | * ResponderID responder_id_list<0..2^16-1>; |
8927 | * Extensions request_extensions; |
8928 | * } OCSPStatusRequest; |
8929 | * opaque ResponderID<1..2^16-1>; |
8930 | * opaque Extensions<0..2^16-1>; |
8931 | */ |
8932 | unsigned cert_status_type; |
8933 | |
8934 | cert_status_type = tvb_get_uint8(tvb, offset); |
8935 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_status_type, |
8936 | tvb, offset, 1, ENC_NA0x00000000); |
8937 | offset++; |
8938 | |
8939 | if (has_length) { |
8940 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_status_request_len, |
8941 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
8942 | offset += 2; |
8943 | } |
8944 | |
8945 | switch (cert_status_type) { |
8946 | case SSL_HND_CERT_STATUS_TYPE_OCSP1: |
8947 | case SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2: |
8948 | { |
8949 | uint32_t responder_id_list_len; |
8950 | uint32_t request_extensions_len; |
8951 | |
8952 | /* ResponderID responder_id_list<0..2^16-1> */ |
8953 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &responder_id_list_len, |
8954 | hf->hf.hs_ext_cert_status_responder_id_list_len, 0, UINT16_MAX(65535))) { |
8955 | return offset_end; |
8956 | } |
8957 | offset += 2; |
8958 | if (responder_id_list_len != 0) { |
8959 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.hs_ext_cert_status_undecoded, |
8960 | tvb, offset, responder_id_list_len, |
8961 | "Responder ID list is not implemented, contact Wireshark" |
8962 | " developers if you want this to be supported"); |
8963 | } |
8964 | offset += responder_id_list_len; |
8965 | |
8966 | /* opaque Extensions<0..2^16-1> */ |
8967 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &request_extensions_len, |
8968 | hf->hf.hs_ext_cert_status_request_extensions_len, 0, UINT16_MAX(65535))) { |
8969 | return offset_end; |
8970 | } |
8971 | offset += 2; |
8972 | if (request_extensions_len != 0) { |
8973 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.hs_ext_cert_status_undecoded, |
8974 | tvb, offset, request_extensions_len, |
8975 | "Request Extensions are not implemented, contact" |
8976 | " Wireshark developers if you want this to be supported"); |
8977 | } |
8978 | offset += request_extensions_len; |
8979 | break; |
8980 | } |
8981 | } |
8982 | |
8983 | return offset; |
8984 | } |
8985 | |
8986 | static unsigned |
8987 | ssl_dissect_hnd_hello_ext_status_request_v2(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
8988 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
8989 | { |
8990 | /* https://tools.ietf.org/html/rfc6961#section-2.2 |
8991 | * struct { |
8992 | * CertificateStatusRequestItemV2 certificate_status_req_list<1..2^16-1>; |
8993 | * } CertificateStatusRequestListV2; |
8994 | */ |
8995 | uint32_t req_list_length, next_offset; |
8996 | |
8997 | /* CertificateStatusRequestItemV2 certificate_status_req_list<1..2^16-1> */ |
8998 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &req_list_length, |
8999 | hf->hf.hs_ext_cert_status_request_list_len, 1, UINT16_MAX(65535))) { |
9000 | return offset_end; |
9001 | } |
9002 | offset += 2; |
9003 | next_offset = offset + req_list_length; |
9004 | |
9005 | while (offset < next_offset) { |
9006 | offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, pinfo, tree, offset, next_offset, true1); |
9007 | } |
9008 | |
9009 | return offset; |
9010 | } |
9011 | |
9012 | static uint32_t |
9013 | tls_dissect_ocsp_response(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
9014 | uint32_t offset, uint32_t offset_end) |
9015 | { |
9016 | uint32_t response_length; |
9017 | proto_item *ocsp_resp; |
9018 | proto_tree *ocsp_resp_tree; |
9019 | asn1_ctx_t asn1_ctx; |
9020 | |
9021 | /* opaque OCSPResponse<1..2^24-1>; */ |
9022 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &response_length, |
9023 | hf->hf.hs_ocsp_response_len, 1, G_MAXUINT24((1U << 24) - 1))) { |
9024 | return offset_end; |
9025 | } |
9026 | offset += 3; |
9027 | |
9028 | ocsp_resp = proto_tree_add_item(tree, proto_ocsp, tvb, offset, |
9029 | response_length, ENC_BIG_ENDIAN0x00000000); |
9030 | proto_item_set_text(ocsp_resp, "OCSP Response"); |
9031 | ocsp_resp_tree = proto_item_add_subtree(ocsp_resp, hf->ett.ocsp_response); |
9032 | if (proto_is_protocol_enabled(find_protocol_by_id(proto_ocsp))) { |
9033 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); |
9034 | dissect_ocsp_OCSPResponse(false0, tvb, offset, &asn1_ctx, ocsp_resp_tree, -1); |
9035 | } |
9036 | offset += response_length; |
9037 | |
9038 | return offset; |
9039 | } |
9040 | |
9041 | uint32_t |
9042 | tls_dissect_hnd_certificate_status(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
9043 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
9044 | { |
9045 | /* TLS 1.2 "CertificateStatus" handshake message. |
9046 | * TLS 1.3 "status_request" Certificate extension. |
9047 | * struct { |
9048 | * CertificateStatusType status_type; |
9049 | * select (status_type) { |
9050 | * case ocsp: OCSPResponse; |
9051 | * case ocsp_multi: OCSPResponseList; // status_request_v2 |
9052 | * } response; |
9053 | * } CertificateStatus; |
9054 | * opaque OCSPResponse<1..2^24-1>; |
9055 | * struct { |
9056 | * OCSPResponse ocsp_response_list<1..2^24-1>; |
9057 | * } OCSPResponseList; // status_request_v2 |
9058 | */ |
9059 | uint32_t status_type, resp_list_length, next_offset; |
9060 | |
9061 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_cert_status_type, |
9062 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &status_type); |
9063 | offset += 1; |
9064 | |
9065 | switch (status_type) { |
9066 | case SSL_HND_CERT_STATUS_TYPE_OCSP1: |
9067 | offset = tls_dissect_ocsp_response(hf, tvb, pinfo, tree, offset, offset_end); |
9068 | break; |
9069 | |
9070 | case SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI2: |
9071 | /* OCSPResponse ocsp_response_list<1..2^24-1> */ |
9072 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &resp_list_length, |
9073 | hf->hf.hs_ocsp_response_list_len, 1, G_MAXUINT24((1U << 24) - 1))) { |
9074 | return offset_end; |
9075 | } |
9076 | offset += 3; |
9077 | next_offset = offset + resp_list_length; |
9078 | |
9079 | while (offset < next_offset) { |
9080 | offset = tls_dissect_ocsp_response(hf, tvb, pinfo, tree, offset, next_offset); |
9081 | } |
9082 | break; |
9083 | } |
9084 | |
9085 | return offset; |
9086 | } |
9087 | |
9088 | static unsigned |
9089 | ssl_dissect_hnd_hello_ext_supported_groups(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
9090 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
9091 | wmem_strbuf_t *ja3) |
9092 | { |
9093 | /* RFC 8446 Section 4.2.7 |
9094 | * enum { ..., (0xFFFF) } NamedGroup; |
9095 | * struct { |
9096 | * NamedGroup named_group_list<2..2^16-1> |
9097 | * } NamedGroupList; |
9098 | * |
9099 | * NOTE: "NamedCurve" (RFC 4492) is renamed to "NamedGroup" (RFC 7919) and |
9100 | * the extension itself from "elliptic_curves" to "supported_groups". |
9101 | */ |
9102 | uint32_t groups_length, next_offset; |
9103 | proto_tree *groups_tree; |
9104 | proto_item *ti; |
9105 | char *ja3_dash = ""; |
9106 | |
9107 | /* NamedGroup named_group_list<2..2^16-1> */ |
9108 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &groups_length, |
9109 | hf->hf.hs_ext_supported_groups_len, 2, UINT16_MAX(65535))) { |
9110 | return offset_end; |
9111 | } |
9112 | offset += 2; |
9113 | next_offset = offset + groups_length; |
9114 | |
9115 | ti = proto_tree_add_none_format(tree, |
9116 | hf->hf.hs_ext_supported_groups, |
9117 | tvb, offset, groups_length, |
9118 | "Supported Groups (%d group%s)", |
9119 | groups_length / 2, |
9120 | plurality(groups_length/2, "", "s")((groups_length/2) == 1 ? ("") : ("s"))); |
9121 | |
9122 | /* make this a subtree */ |
9123 | groups_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_groups); |
9124 | |
9125 | if (ja3) { |
9126 | wmem_strbuf_append_c(ja3, ','); |
9127 | } |
9128 | /* loop over all groups */ |
9129 | while (offset + 2 <= offset_end) { |
9130 | uint32_t ext_supported_group; |
9131 | |
9132 | proto_tree_add_item_ret_uint(groups_tree, hf->hf.hs_ext_supported_group, tvb, offset, 2, |
9133 | ENC_BIG_ENDIAN0x00000000, &ext_supported_group); |
9134 | offset += 2; |
9135 | if (ja3 && !IS_GREASE_TLS(ext_supported_group)((((ext_supported_group) & 0x0f0f) == 0x0a0a) && ( ((ext_supported_group) & 0xff) == (((ext_supported_group) >>8) & 0xff)))) { |
9136 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, ext_supported_group); |
9137 | ja3_dash = "-"; |
9138 | } |
9139 | } |
9140 | if (!ssl_end_vector(hf, tvb, pinfo, groups_tree, offset, next_offset)) { |
9141 | offset = next_offset; |
9142 | } |
9143 | |
9144 | return offset; |
9145 | } |
9146 | |
9147 | static int |
9148 | ssl_dissect_hnd_hello_ext_ec_point_formats(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
9149 | proto_tree *tree, uint32_t offset, wmem_strbuf_t *ja3) |
9150 | { |
9151 | uint8_t ecpf_length; |
9152 | proto_tree *ecpf_tree; |
9153 | proto_item *ti; |
9154 | |
9155 | ecpf_length = tvb_get_uint8(tvb, offset); |
9156 | proto_tree_add_item(tree, hf->hf.hs_ext_ec_point_formats_len, |
9157 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
9158 | |
9159 | offset += 1; |
9160 | ti = proto_tree_add_none_format(tree, |
9161 | hf->hf.hs_ext_ec_point_formats, |
9162 | tvb, offset, ecpf_length, |
9163 | "Elliptic curves point formats (%d)", |
9164 | ecpf_length); |
9165 | |
9166 | /* make this a subtree */ |
9167 | ecpf_tree = proto_item_add_subtree(ti, hf->ett.hs_ext_curves_point_formats); |
9168 | |
9169 | if (ja3) { |
9170 | wmem_strbuf_append_c(ja3, ','); |
9171 | } |
9172 | |
9173 | /* loop over all point formats */ |
9174 | while (ecpf_length > 0) |
9175 | { |
9176 | uint32_t ext_ec_point_format; |
9177 | |
9178 | proto_tree_add_item_ret_uint(ecpf_tree, hf->hf.hs_ext_ec_point_format, tvb, offset, 1, |
9179 | ENC_BIG_ENDIAN0x00000000, &ext_ec_point_format); |
9180 | offset++; |
9181 | ecpf_length--; |
9182 | if (ja3) { |
9183 | wmem_strbuf_append_printf(ja3, "%i", ext_ec_point_format); |
9184 | if (ecpf_length > 0) { |
9185 | wmem_strbuf_append_c(ja3, '-'); |
9186 | } |
9187 | } |
9188 | } |
9189 | |
9190 | return offset; |
9191 | } |
9192 | |
9193 | static int |
9194 | ssl_dissect_hnd_hello_ext_srp(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
9195 | packet_info *pinfo, proto_tree *tree, |
9196 | uint32_t offset, uint32_t next_offset) |
9197 | { |
9198 | /* https://tools.ietf.org/html/rfc5054#section-2.8.1 |
9199 | * opaque srp_I<1..2^8-1>; |
9200 | */ |
9201 | uint32_t username_len; |
9202 | |
9203 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, next_offset, &username_len, |
9204 | hf->hf.hs_ext_srp_len, 1, UINT8_MAX(255))) { |
9205 | return next_offset; |
9206 | } |
9207 | offset++; |
9208 | |
9209 | proto_tree_add_item(tree, hf->hf.hs_ext_srp_username, |
9210 | tvb, offset, username_len, ENC_UTF_80x00000002|ENC_NA0x00000000); |
9211 | offset += username_len; |
9212 | |
9213 | return offset; |
9214 | } |
9215 | |
9216 | static uint32_t |
9217 | tls_dissect_sct(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
9218 | uint32_t offset, uint32_t offset_end, uint16_t version) |
9219 | { |
9220 | /* https://tools.ietf.org/html/rfc6962#section-3.2 |
9221 | * enum { v1(0), (255) } Version; |
9222 | * struct { |
9223 | * opaque key_id[32]; |
9224 | * } LogID; |
9225 | * opaque CtExtensions<0..2^16-1>; |
9226 | * struct { |
9227 | * Version sct_version; |
9228 | * LogID id; |
9229 | * uint64 timestamp; |
9230 | * CtExtensions extensions; |
9231 | * digitally-signed struct { ... }; |
9232 | * } SignedCertificateTimestamp; |
9233 | */ |
9234 | uint32_t sct_version; |
9235 | uint64_t sct_timestamp_ms; |
9236 | nstime_t sct_timestamp; |
9237 | uint32_t exts_len; |
9238 | const char *log_name; |
9239 | |
9240 | proto_tree_add_item_ret_uint(tree, hf->hf.sct_sct_version, tvb, offset, 1, ENC_NA0x00000000, &sct_version); |
9241 | offset++; |
9242 | if (sct_version != 0) { |
9243 | // TODO expert info about unknown SCT version? |
9244 | return offset; |
9245 | } |
9246 | proto_tree_add_item(tree, hf->hf.sct_sct_logid, tvb, offset, 32, ENC_BIG_ENDIAN0x00000000); |
9247 | log_name = bytesval_to_str(tvb_get_ptr(tvb, offset, 32), 32, ct_logids, "Unknown Log"); |
9248 | proto_item_append_text(tree, " (%s)", log_name); |
9249 | offset += 32; |
9250 | sct_timestamp_ms = tvb_get_ntoh64(tvb, offset); |
9251 | sct_timestamp.secs = (time_t)(sct_timestamp_ms / 1000); |
9252 | sct_timestamp.nsecs = (int)((sct_timestamp_ms % 1000) * 1000000); |
9253 | proto_tree_add_time(tree, hf->hf.sct_sct_timestamp, tvb, offset, 8, &sct_timestamp); |
9254 | offset += 8; |
9255 | /* opaque CtExtensions<0..2^16-1> */ |
9256 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &exts_len, |
9257 | hf->hf.sct_sct_extensions_length, 0, UINT16_MAX(65535))) { |
9258 | return offset_end; |
9259 | } |
9260 | offset += 2; |
9261 | if (exts_len > 0) { |
9262 | proto_tree_add_item(tree, hf->hf.sct_sct_extensions, tvb, offset, exts_len, ENC_BIG_ENDIAN0x00000000); |
9263 | offset += exts_len; |
9264 | } |
9265 | offset = ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, |
9266 | hf->hf.sct_sct_signature_length, |
9267 | hf->hf.sct_sct_signature); |
9268 | return offset; |
9269 | } |
9270 | |
9271 | uint32_t |
9272 | tls_dissect_sct_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
9273 | uint32_t offset, uint32_t offset_end, uint16_t version) |
9274 | { |
9275 | /* https://tools.ietf.org/html/rfc6962#section-3.3 |
9276 | * opaque SerializedSCT<1..2^16-1>; |
9277 | * struct { |
9278 | * SerializedSCT sct_list <1..2^16-1>; |
9279 | * } SignedCertificateTimestampList; |
9280 | */ |
9281 | uint32_t list_length, sct_length, next_offset; |
9282 | proto_tree *subtree; |
9283 | |
9284 | /* SerializedSCT sct_list <1..2^16-1> */ |
9285 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &list_length, |
9286 | hf->hf.sct_scts_length, 1, UINT16_MAX(65535))) { |
9287 | return offset_end; |
9288 | } |
9289 | offset += 2; |
9290 | |
9291 | while (offset < offset_end) { |
9292 | subtree = proto_tree_add_subtree(tree, tvb, offset, 2, hf->ett.sct, NULL((void*)0), "Signed Certificate Timestamp"); |
9293 | |
9294 | /* opaque SerializedSCT<1..2^16-1> */ |
9295 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &sct_length, |
9296 | hf->hf.sct_sct_length, 1, UINT16_MAX(65535))) { |
9297 | return offset_end; |
9298 | } |
9299 | offset += 2; |
9300 | next_offset = offset + sct_length; |
9301 | proto_item_set_len(subtree, 2 + sct_length); |
9302 | offset = tls_dissect_sct(hf, tvb, pinfo, subtree, offset, next_offset, version); |
9303 | if (!ssl_end_vector(hf, tvb, pinfo, subtree, offset, next_offset)) { |
9304 | offset = next_offset; |
9305 | } |
9306 | } |
9307 | |
9308 | return offset; |
9309 | } |
9310 | |
9311 | static int |
9312 | dissect_ech_hpke_cipher_suite(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo _U___attribute__((unused)), |
9313 | proto_tree *tree, uint32_t offset) |
9314 | { |
9315 | uint32_t kdf_id, aead_id; |
9316 | proto_item *cs_ti; |
9317 | proto_tree *cs_tree; |
9318 | |
9319 | cs_ti = proto_tree_add_item(tree, hf->hf.ech_hpke_keyconfig_cipher_suite, |
9320 | tvb, offset, 4, ENC_NA0x00000000); |
9321 | cs_tree = proto_item_add_subtree(cs_ti, hf->ett.ech_hpke_cipher_suite); |
9322 | |
9323 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.ech_hpke_keyconfig_cipher_suite_kdf_id, |
9324 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &kdf_id); |
9325 | offset += 2; |
9326 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.ech_hpke_keyconfig_cipher_suite_aead_id, |
9327 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &aead_id); |
9328 | offset += 2; |
9329 | |
9330 | proto_item_append_text(cs_ti, ": %s/%s", |
9331 | val_to_str_const(kdf_id, kdf_id_type_vals, "Unknown"), |
9332 | val_to_str_const(aead_id, aead_id_type_vals, "Unknown")); |
9333 | return offset; |
9334 | } |
9335 | |
9336 | static int |
9337 | dissect_ech_hpke_key_config(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
9338 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
9339 | uint32_t *config_id) |
9340 | { |
9341 | uint32_t length, cipher_suite_length; |
9342 | proto_item *kc_ti, *css_ti; |
9343 | proto_tree *kc_tree, *css_tree; |
9344 | uint32_t original_offset = offset, next_offset; |
9345 | |
9346 | kc_ti = proto_tree_add_item(tree, hf->hf.ech_hpke_keyconfig, |
9347 | tvb, offset, -1, ENC_NA0x00000000); |
9348 | kc_tree = proto_item_add_subtree(kc_ti, hf->ett.ech_hpke_keyconfig); |
9349 | |
9350 | proto_tree_add_item_ret_uint(kc_tree, hf->hf.ech_hpke_keyconfig_config_id, |
9351 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, config_id); |
9352 | offset += 1; |
9353 | proto_tree_add_item(kc_tree, hf->hf.ech_hpke_keyconfig_kem_id, |
9354 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
9355 | offset += 2; |
9356 | proto_tree_add_item_ret_uint(kc_tree, hf->hf.ech_hpke_keyconfig_public_key_length, |
9357 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); |
9358 | offset += 2; |
9359 | proto_tree_add_item(kc_tree, hf->hf.ech_hpke_keyconfig_public_key, |
9360 | tvb, offset, length, ENC_NA0x00000000); |
9361 | offset += length; |
9362 | |
9363 | /* HpkeSymmetricCipherSuite cipher_suites<4..2^16-4> */ |
9364 | if (!ssl_add_vector(hf, tvb, pinfo, kc_tree, offset, offset_end, &cipher_suite_length, |
9365 | hf->hf.ech_hpke_keyconfig_cipher_suites_length, 4, UINT16_MAX(65535) - 3)) { |
9366 | return offset_end; |
9367 | } |
9368 | offset += 2; |
9369 | next_offset = offset + cipher_suite_length; |
9370 | |
9371 | css_ti = proto_tree_add_none_format(kc_tree, |
9372 | hf->hf.ech_hpke_keyconfig_cipher_suites, |
9373 | tvb, offset, cipher_suite_length, |
9374 | "Cipher Suites (%d suite%s)", |
9375 | cipher_suite_length / 4, |
9376 | plurality(cipher_suite_length / 4, "", "s")((cipher_suite_length / 4) == 1 ? ("") : ("s"))); |
9377 | css_tree = proto_item_add_subtree(css_ti, hf->ett.ech_hpke_cipher_suites); |
9378 | |
9379 | |
9380 | while (offset + 4 <= next_offset) { |
9381 | offset = dissect_ech_hpke_cipher_suite(hf, tvb, pinfo, css_tree, offset); |
9382 | } |
9383 | |
9384 | if (!ssl_end_vector(hf, tvb, pinfo, css_tree, offset, next_offset)) { |
9385 | offset = next_offset; |
9386 | } |
9387 | |
9388 | proto_item_set_len(kc_ti, offset - original_offset); |
9389 | |
9390 | return offset; |
9391 | } |
9392 | |
9393 | static int |
9394 | dissect_ech_echconfig_contents(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
9395 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
9396 | const uint8_t **public_name, uint32_t *config_id) |
9397 | { |
9398 | uint32_t public_name_length, extensions_length, next_offset; |
9399 | |
9400 | offset = dissect_ech_hpke_key_config(hf, tvb, pinfo, tree, offset, offset_end, config_id); |
9401 | proto_tree_add_item(tree, hf->hf.ech_echconfigcontents_maximum_name_length, |
9402 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
9403 | offset += 1; |
9404 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_echconfigcontents_public_name_length, |
9405 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &public_name_length); |
9406 | offset += 1; |
9407 | proto_tree_add_item_ret_string(tree, hf->hf.ech_echconfigcontents_public_name, |
9408 | tvb, offset, public_name_length, ENC_ASCII0x00000000, pinfo->pool, public_name); |
9409 | offset += public_name_length; |
9410 | |
9411 | /* Extension extensions<0..2^16-1>; */ |
9412 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &extensions_length, |
9413 | hf->hf.ech_echconfigcontents_extensions_length, 0, UINT16_MAX(65535))) { |
9414 | return offset_end; |
9415 | } |
9416 | offset += 2; |
9417 | next_offset = offset + extensions_length; |
9418 | |
9419 | if (extensions_length > 0) { |
9420 | proto_tree_add_item(tree, hf->hf.ech_echconfigcontents_extensions, |
9421 | tvb, offset, extensions_length, ENC_NA0x00000000); |
9422 | } |
9423 | offset += extensions_length; |
9424 | |
9425 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { |
9426 | offset = next_offset; |
9427 | } |
9428 | |
9429 | return offset; |
9430 | } |
9431 | |
9432 | static int |
9433 | dissect_ech_echconfig(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
9434 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
9435 | { |
9436 | uint32_t version, length; |
9437 | proto_item *ech_ti; |
9438 | proto_tree *ech_tree; |
9439 | const uint8_t *public_name = NULL((void*)0); |
9440 | uint32_t config_id = 0; |
9441 | |
9442 | ech_ti = proto_tree_add_item(tree, hf->hf.ech_echconfig, tvb, offset, -1, ENC_NA0x00000000); |
9443 | ech_tree = proto_item_add_subtree(ech_ti, hf->ett.ech_echconfig); |
9444 | |
9445 | proto_tree_add_item_ret_uint(ech_tree, hf->hf.ech_echconfig_version, |
9446 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &version); |
9447 | offset += 2; |
9448 | proto_tree_add_item_ret_uint(ech_tree, hf->hf.ech_echconfig_length, |
9449 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); |
9450 | offset += 2; |
9451 | |
9452 | proto_item_set_len(ech_ti, 4 + length); |
9453 | |
9454 | switch(version) { |
9455 | case 0xfe0d: |
9456 | dissect_ech_echconfig_contents(hf, tvb, pinfo, ech_tree, offset, offset_end, &public_name, &config_id); |
9457 | proto_item_append_text(ech_ti, ": id=%d %s", config_id, public_name); |
9458 | break; |
9459 | |
9460 | default: |
9461 | expert_add_info_format(pinfo, ech_ti, &hf->ei.ech_echconfig_invalid_version, "Unsupported/unknown ECHConfig version 0x%x", version); |
9462 | } |
9463 | |
9464 | return 4 + length; |
9465 | } |
9466 | |
9467 | uint32_t |
9468 | ssl_dissect_ext_ech_echconfiglist(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
9469 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
9470 | { |
9471 | uint32_t echconfiglist_length, next_offset; |
9472 | |
9473 | /* ECHConfig ECHConfigList<1..2^16-1>; */ |
9474 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &echconfiglist_length, |
9475 | hf->hf.ech_echconfiglist_length, 1, UINT16_MAX(65535))) { |
9476 | return offset_end; |
9477 | } |
9478 | offset += 2; |
9479 | next_offset = offset + echconfiglist_length; |
9480 | |
9481 | while (offset < next_offset) { |
9482 | offset += dissect_ech_echconfig(hf, tvb, pinfo, tree, offset, offset_end); |
9483 | } |
9484 | |
9485 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, next_offset)) { |
9486 | offset = next_offset; |
9487 | } |
9488 | |
9489 | return offset; |
9490 | } |
9491 | |
9492 | static uint32_t |
9493 | ssl_dissect_hnd_hello_ext_ech(ssl_common_dissect_t *hf, tvbuff_t *tvb _U___attribute__((unused)), packet_info *pinfo, |
9494 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
9495 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) |
9496 | { |
9497 | uint32_t ch_type, length; |
9498 | proto_item *retry_ti; |
9499 | proto_tree *retry_tree; |
9500 | |
9501 | switch (hnd_type) { |
9502 | case SSL_HND_CLIENT_HELLO: |
9503 | /* |
9504 | * enum { outer(0), inner(1) } ECHClientHelloType; |
9505 | * |
9506 | * struct { |
9507 | * ECHClientHelloType type; |
9508 | * select (ECHClientHello.type) { |
9509 | * case outer: |
9510 | * HpkeSymmetricCipherSuite cipher_suite; |
9511 | * uint8 config_id; |
9512 | * opaque enc<0..2^16-1>; |
9513 | * opaque payload<1..2^16-1>; |
9514 | * case inner: |
9515 | * Empty; |
9516 | * }; |
9517 | * } ECHClientHello; |
9518 | */ |
9519 | |
9520 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_clienthello_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000, &ch_type); |
9521 | offset += 1; |
9522 | switch (ch_type) { |
9523 | case 0: /* outer */ |
9524 | offset = dissect_ech_hpke_cipher_suite(hf, tvb, pinfo, tree, offset); |
9525 | |
9526 | proto_tree_add_item(tree, hf->hf.ech_config_id, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
9527 | offset += 1; |
9528 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_enc_length, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); |
9529 | offset += 2; |
9530 | proto_tree_add_item(tree, hf->hf.ech_enc, tvb, offset, length, ENC_NA0x00000000); |
9531 | offset += length; |
9532 | proto_tree_add_item_ret_uint(tree, hf->hf.ech_payload_length, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &length); |
9533 | offset += 2; |
9534 | proto_tree_add_item(tree, hf->hf.ech_payload, tvb, offset, length, ENC_NA0x00000000); |
9535 | offset += length; |
9536 | break; |
9537 | case 1: /* inner */ |
9538 | /* We will never be here, unless we are going to have support |
9539 | for extracting the ephemeral secrets from endpoints */ |
9540 | break; /* Nothing to do, data is encrypted */ |
9541 | } |
9542 | break; |
9543 | |
9544 | case SSL_HND_ENCRYPTED_EXTENSIONS: |
9545 | /* |
9546 | * struct { |
9547 | * ECHConfigList retry_configs; |
9548 | * } ECHEncryptedExtensions; |
9549 | */ |
9550 | |
9551 | retry_ti = proto_tree_add_item(tree, hf->hf.ech_retry_configs, tvb, offset, offset_end - offset, ENC_NA0x00000000); |
9552 | retry_tree = proto_item_add_subtree(retry_ti, hf->ett.ech_retry_configs); |
9553 | offset = ssl_dissect_ext_ech_echconfiglist(hf, tvb, pinfo, retry_tree, offset, offset_end); |
9554 | break; |
9555 | |
9556 | case SSL_HND_HELLO_RETRY_REQUEST: |
9557 | /* |
9558 | * struct { |
9559 | * opaque confirmation[8]; |
9560 | * } ECHHelloRetryRequest; |
9561 | */ |
9562 | |
9563 | proto_tree_add_item(tree, hf->hf.ech_confirmation, tvb, offset, 8, ENC_NA0x00000000); |
9564 | offset += 8; |
9565 | break; |
9566 | } |
9567 | |
9568 | return offset; |
9569 | } |
9570 | |
9571 | static uint32_t |
9572 | ssl_dissect_hnd_hello_ext_esni(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
9573 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
9574 | uint8_t hnd_type, SslDecryptSession *ssl _U___attribute__((unused))) |
9575 | { |
9576 | uint32_t record_digest_length, encrypted_sni_length; |
9577 | |
9578 | switch (hnd_type) { |
9579 | case SSL_HND_CLIENT_HELLO: |
9580 | /* |
9581 | * struct { |
9582 | * CipherSuite suite; |
9583 | * KeyShareEntry key_share; |
9584 | * opaque record_digest<0..2^16-1>; |
9585 | * opaque encrypted_sni<0..2^16-1>; |
9586 | * } ClientEncryptedSNI; |
9587 | */ |
9588 | proto_tree_add_item(tree, hf->hf.esni_suite, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
9589 | offset += 2; |
9590 | offset = ssl_dissect_hnd_hello_ext_key_share_entry(hf, tvb, pinfo, tree, offset, offset_end, NULL((void*)0)); |
9591 | |
9592 | /* opaque record_digest<0..2^16-1> */ |
9593 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &record_digest_length, |
9594 | hf->hf.esni_record_digest_length, 0, UINT16_MAX(65535))) { |
9595 | return offset_end; |
9596 | } |
9597 | offset += 2; |
9598 | if (record_digest_length > 0) { |
9599 | proto_tree_add_item(tree, hf->hf.esni_record_digest, tvb, offset, record_digest_length, ENC_NA0x00000000); |
9600 | offset += record_digest_length; |
9601 | } |
9602 | |
9603 | /* opaque encrypted_sni<0..2^16-1> */ |
9604 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &encrypted_sni_length, |
9605 | hf->hf.esni_encrypted_sni_length, 0, UINT16_MAX(65535))) { |
9606 | return offset_end; |
9607 | } |
9608 | offset += 2; |
9609 | if (encrypted_sni_length > 0) { |
9610 | proto_tree_add_item(tree, hf->hf.esni_encrypted_sni, tvb, offset, encrypted_sni_length, ENC_NA0x00000000); |
9611 | offset += encrypted_sni_length; |
9612 | } |
9613 | break; |
9614 | |
9615 | case SSL_HND_ENCRYPTED_EXTENSIONS: |
9616 | proto_tree_add_item(tree, hf->hf.esni_nonce, tvb, offset, 16, ENC_NA0x00000000); |
9617 | offset += 16; |
9618 | break; |
9619 | } |
9620 | |
9621 | return offset; |
9622 | } |
9623 | /** TLS Extensions (in Client Hello and Server Hello). }}} */ |
9624 | |
9625 | /* Connection ID dissection. {{{ */ |
9626 | static uint32_t |
9627 | ssl_dissect_ext_connection_id(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
9628 | proto_tree *tree, uint32_t offset, SslDecryptSession *ssl, |
9629 | uint8_t cidl, uint8_t **session_cid, uint8_t *session_cidl) |
9630 | { |
9631 | /* keep track of the decrypt session only for the first pass */ |
9632 | if (cidl > 0 && !PINFO_FD_VISITED(pinfo)((pinfo)->fd->visited)) { |
9633 | tvb_ensure_bytes_exist(tvb, offset + 1, cidl); |
9634 | *session_cidl = cidl; |
9635 | *session_cid = (uint8_t*)wmem_alloc0(wmem_file_scope(), cidl); |
9636 | tvb_memcpy(tvb, *session_cid, offset + 1, cidl); |
9637 | if (ssl) { |
9638 | ssl_add_session_by_cid(ssl); |
9639 | } |
9640 | } |
9641 | |
9642 | proto_tree_add_item(tree, hf->hf.hs_ext_connection_id_length, |
9643 | tvb, offset, 1, ENC_NA0x00000000); |
9644 | offset++; |
9645 | |
9646 | if (cidl > 0) { |
9647 | proto_tree_add_item(tree, hf->hf.hs_ext_connection_id, |
9648 | tvb, offset, cidl, ENC_NA0x00000000); |
9649 | offset += cidl; |
9650 | } |
9651 | |
9652 | return offset; |
9653 | } |
9654 | |
9655 | static uint32_t |
9656 | ssl_dissect_hnd_hello_ext_connection_id(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
9657 | proto_tree *tree, uint32_t offset, uint8_t hnd_type, |
9658 | SslSession *session, SslDecryptSession *ssl) |
9659 | { |
9660 | uint8_t cidl = tvb_get_uint8(tvb, offset); |
9661 | |
9662 | switch (hnd_type) { |
9663 | case SSL_HND_CLIENT_HELLO: |
9664 | session->client_cid_len_present = true1; |
9665 | return ssl_dissect_ext_connection_id(hf, tvb, pinfo, tree, offset, ssl, |
9666 | cidl, &session->client_cid, &session->client_cid_len); |
9667 | case SSL_HND_SERVER_HELLO: |
9668 | session->server_cid_len_present = true1; |
9669 | return ssl_dissect_ext_connection_id(hf, tvb, pinfo, tree, offset, ssl, |
9670 | cidl, &session->server_cid, &session->server_cid_len); |
9671 | default: |
9672 | return offset; |
9673 | } |
9674 | } /* }}} */ |
9675 | |
9676 | /* Whether the Content and Handshake Types are valid; handle Protocol Version. {{{ */ |
9677 | bool_Bool |
9678 | ssl_is_valid_content_type(uint8_t type) |
9679 | { |
9680 | switch ((ContentType) type) { |
9681 | case SSL_ID_CHG_CIPHER_SPEC: |
9682 | case SSL_ID_ALERT: |
9683 | case SSL_ID_HANDSHAKE: |
9684 | case SSL_ID_APP_DATA: |
9685 | case SSL_ID_HEARTBEAT: |
9686 | case SSL_ID_TLS12_CID: |
9687 | case SSL_ID_DTLS13_ACK: |
9688 | return true1; |
9689 | } |
9690 | return false0; |
9691 | } |
9692 | |
9693 | bool_Bool |
9694 | ssl_is_valid_handshake_type(uint8_t hs_type, bool_Bool is_dtls) |
9695 | { |
9696 | switch ((HandshakeType) hs_type) { |
9697 | case SSL_HND_HELLO_VERIFY_REQUEST: |
9698 | /* hello_verify_request is DTLS-only */ |
9699 | return is_dtls; |
9700 | |
9701 | case SSL_HND_HELLO_REQUEST: |
9702 | case SSL_HND_CLIENT_HELLO: |
9703 | case SSL_HND_SERVER_HELLO: |
9704 | case SSL_HND_NEWSESSION_TICKET: |
9705 | case SSL_HND_END_OF_EARLY_DATA: |
9706 | case SSL_HND_HELLO_RETRY_REQUEST: |
9707 | case SSL_HND_ENCRYPTED_EXTENSIONS: |
9708 | case SSL_HND_CERTIFICATE: |
9709 | case SSL_HND_SERVER_KEY_EXCHG: |
9710 | case SSL_HND_CERT_REQUEST: |
9711 | case SSL_HND_SVR_HELLO_DONE: |
9712 | case SSL_HND_CERT_VERIFY: |
9713 | case SSL_HND_CLIENT_KEY_EXCHG: |
9714 | case SSL_HND_FINISHED: |
9715 | case SSL_HND_CERT_URL: |
9716 | case SSL_HND_CERT_STATUS: |
9717 | case SSL_HND_SUPPLEMENTAL_DATA: |
9718 | case SSL_HND_KEY_UPDATE: |
9719 | case SSL_HND_COMPRESSED_CERTIFICATE: |
9720 | case SSL_HND_ENCRYPTED_EXTS: |
9721 | return true1; |
9722 | } |
9723 | return false0; |
9724 | } |
9725 | |
9726 | static bool_Bool |
9727 | ssl_is_authoritative_version_message(uint8_t content_type, uint8_t handshake_type, |
9728 | bool_Bool is_dtls) |
9729 | { |
9730 | /* Consider all valid Handshake messages (except for Client Hello) and |
9731 | * all other valid record types (other than Handshake) */ |
9732 | return (content_type == SSL_ID_HANDSHAKE && |
9733 | ssl_is_valid_handshake_type(handshake_type, is_dtls) && |
9734 | handshake_type != SSL_HND_CLIENT_HELLO) || |
9735 | (content_type != SSL_ID_HANDSHAKE && |
9736 | ssl_is_valid_content_type(content_type)); |
9737 | } |
9738 | |
9739 | /** |
9740 | * Scan a Server Hello handshake message for the negotiated version. For TLS 1.3 |
9741 | * draft 22 and newer, it also checks whether it is a HelloRetryRequest. |
9742 | * Returns true if the supported_versions extension was found, false if not. |
9743 | */ |
9744 | bool_Bool |
9745 | tls_scan_server_hello(tvbuff_t *tvb, uint32_t offset, uint32_t offset_end, |
9746 | uint16_t *server_version, bool_Bool *is_hrr) |
9747 | { |
9748 | /* SHA256("HelloRetryRequest") */ |
9749 | static const uint8_t tls13_hrr_random_magic[] = { |
9750 | 0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e, 0x65, 0xb8, 0x91, |
9751 | 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c |
9752 | }; |
9753 | uint8_t session_id_length; |
9754 | |
9755 | *server_version = tvb_get_ntohs(tvb, offset); |
9756 | |
9757 | /* |
9758 | * Try to look for supported_versions extension. Minimum length: |
9759 | * 2 + 32 + 1 = 35 (version, random, session id length) |
9760 | * 2 + 1 + 2 = 5 (cipher suite, compression method, extensions length) |
9761 | * 2 + 2 + 2 = 6 (ext type, ext len, version) |
9762 | * |
9763 | * We only check for the [legacy_]version field to be [D]TLS 1.2; if it's 1.3, |
9764 | * there's a separate expert info warning for that. |
9765 | */ |
9766 | if ((*server_version == TLSV1DOT2_VERSION0x303 || *server_version == DTLSV1DOT2_VERSION0xfefd) && offset_end - offset >= 46) { |
9767 | offset += 2; |
9768 | if (is_hrr) { |
9769 | *is_hrr = tvb_memeql(tvb, offset, tls13_hrr_random_magic, sizeof(tls13_hrr_random_magic)) == 0; |
9770 | } |
9771 | offset += 32; |
9772 | session_id_length = tvb_get_uint8(tvb, offset); |
9773 | offset++; |
9774 | if (offset_end - offset < session_id_length + 5u) { |
9775 | return false0; |
9776 | } |
9777 | offset += session_id_length + 5; |
9778 | |
9779 | while (offset_end - offset >= 6) { |
9780 | uint16_t ext_type = tvb_get_ntohs(tvb, offset); |
9781 | uint16_t ext_len = tvb_get_ntohs(tvb, offset + 2); |
9782 | if (offset_end - offset < 4u + ext_len) { |
9783 | break; /* not enough data for type, length and data */ |
9784 | } |
9785 | if (ext_type == SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43) { |
9786 | if (ext_len == 2) { |
9787 | *server_version = tvb_get_ntohs(tvb, offset + 4); |
9788 | } |
9789 | return true1; |
9790 | } |
9791 | offset += 4 + ext_len; |
9792 | } |
9793 | } else { |
9794 | if (is_hrr) { |
9795 | *is_hrr = false0; |
9796 | } |
9797 | } |
9798 | return false0; |
9799 | } |
9800 | |
9801 | /** |
9802 | * Scan a Client Hello handshake message to see if the supported_versions |
9803 | * extension is found, in which case the version field is legacy_version. |
9804 | */ |
9805 | static bool_Bool |
9806 | tls_scan_client_hello(tvbuff_t *tvb, uint32_t offset, uint32_t offset_end) |
9807 | { |
9808 | uint8_t session_id_length; |
9809 | |
9810 | uint16_t client_version = tvb_get_ntohs(tvb, offset); |
9811 | |
9812 | /* |
9813 | * Try to look for supported_versions extension. Minimum length: |
9814 | * 2 + 32 + 1 = 35 (version, random, session id length) |
9815 | * 2 + 2 + 1 + 2 = 5 (cipher suite, compression method, extensions length) |
9816 | * 2 + 2 + 2 = 6 (ext type, ext len, version) |
9817 | * |
9818 | * We only check for the [legacy_]version field to be [D]TLS 1.2; if it's 1.3, |
9819 | * there's a separate expert info warning for that. |
9820 | */ |
9821 | if ((client_version == TLSV1DOT2_VERSION0x303 || client_version == DTLSV1DOT2_VERSION0xfefd) && offset_end - offset >= 46) { |
9822 | offset += 2; |
9823 | offset += 32; |
9824 | session_id_length = tvb_get_uint8(tvb, offset); |
9825 | offset++; |
9826 | if (offset_end - offset < session_id_length + 2u) { |
9827 | return false0; |
9828 | } |
9829 | offset += session_id_length; |
9830 | if (client_version == DTLSV1DOT2_VERSION0xfefd) { |
9831 | uint8_t cookie_length = tvb_get_uint8(tvb, offset); |
9832 | offset++; |
9833 | if (offset_end - offset < cookie_length + 2u) { |
9834 | return false0; |
9835 | } |
9836 | } |
9837 | uint16_t cipher_suites_length = tvb_get_ntohs(tvb, offset); |
9838 | offset += 2; |
9839 | if (offset_end - offset < cipher_suites_length + 1u) { |
9840 | return false0; |
9841 | } |
9842 | offset += cipher_suites_length; |
9843 | uint8_t compression_methods_length = tvb_get_uint8(tvb, offset); |
9844 | offset++; |
9845 | if (offset_end - offset < compression_methods_length + 2u) { |
9846 | return false0; |
9847 | } |
9848 | offset += compression_methods_length + 2; |
9849 | |
9850 | while (offset_end - offset >= 6) { |
9851 | uint16_t ext_type = tvb_get_ntohs(tvb, offset); |
9852 | uint16_t ext_len = tvb_get_ntohs(tvb, offset + 2); |
9853 | if (offset_end - offset < 4u + ext_len) { |
9854 | break; /* not enough data for type, length and data */ |
9855 | } |
9856 | if (ext_type == SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43) { |
9857 | return true1; |
9858 | } |
9859 | offset += 4 + ext_len; |
9860 | } |
9861 | } |
9862 | return false0; |
9863 | } |
9864 | void |
9865 | ssl_try_set_version(SslSession *session, SslDecryptSession *ssl, |
9866 | uint8_t content_type, uint8_t handshake_type, |
9867 | bool_Bool is_dtls, uint16_t version) |
9868 | { |
9869 | uint8_t tls13_draft = 0; |
9870 | |
9871 | if (!ssl_is_authoritative_version_message(content_type, handshake_type, |
9872 | is_dtls)) |
9873 | return; |
9874 | |
9875 | version = tls_try_get_version(is_dtls, version, &tls13_draft); |
9876 | if (version == SSL_VER_UNKNOWN0) { |
9877 | return; |
9878 | } |
9879 | |
9880 | session->tls13_draft_version = tls13_draft; |
9881 | session->version = version; |
9882 | if (ssl) { |
9883 | ssl->state |= SSL_VERSION(1<<4); |
9884 | ssl_debug_printf("%s found version 0x%04X -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), version, ssl->state); |
9885 | } |
9886 | } |
9887 | |
9888 | void |
9889 | ssl_check_record_length(ssl_common_dissect_t *hf, packet_info *pinfo, |
9890 | ContentType content_type, |
9891 | unsigned record_length, proto_item *length_pi, |
9892 | uint16_t version, tvbuff_t *decrypted_tvb) |
9893 | { |
9894 | unsigned max_expansion; |
9895 | if (version == TLSV1DOT3_VERSION0x304) { |
9896 | /* TLS 1.3: Max length is 2^14 + 256 */ |
9897 | max_expansion = 256; |
9898 | } else { |
9899 | /* RFC 5246, Section 6.2.3: TLSCiphertext.fragment length MUST NOT exceed 2^14 + 2048 */ |
9900 | max_expansion = 2048; |
9901 | } |
9902 | /* |
9903 | * RFC 5246 (TLS 1.2), Section 6.2.1 forbids zero-length Handshake, Alert |
9904 | * and ChangeCipherSpec. |
9905 | * RFC 6520 (Heartbeats) does not mention zero-length Heartbeat fragments, |
9906 | * so assume it is permitted. |
9907 | * RFC 6347 (DTLS 1.2) does not mention zero-length fragments either, so |
9908 | * assume TLS 1.2 requirements. |
9909 | */ |
9910 | if (record_length == 0 && |
9911 | (content_type == SSL_ID_CHG_CIPHER_SPEC || |
9912 | content_type == SSL_ID_ALERT || |
9913 | content_type == SSL_ID_HANDSHAKE)) { |
9914 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, |
9915 | "Zero-length %s fragments are not allowed", |
9916 | val_to_str_const(content_type, ssl_31_content_type, "unknown")); |
9917 | } |
9918 | if (record_length > TLS_MAX_RECORD_LENGTH0x4000 + max_expansion) { |
9919 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, |
9920 | "TLSCiphertext length MUST NOT exceed 2^14 + %u", max_expansion); |
9921 | } |
9922 | if (decrypted_tvb && tvb_captured_length(decrypted_tvb) > TLS_MAX_RECORD_LENGTH0x4000) { |
9923 | expert_add_info_format(pinfo, length_pi, &hf->ei.record_length_invalid, |
9924 | "TLSPlaintext length MUST NOT exceed 2^14"); |
9925 | } |
9926 | } |
9927 | |
9928 | static void |
9929 | ssl_set_cipher(SslDecryptSession *ssl, uint16_t cipher) |
9930 | { |
9931 | /* store selected cipher suite for decryption */ |
9932 | ssl->session.cipher = cipher; |
9933 | |
9934 | const SslCipherSuite *cs = ssl_find_cipher(cipher); |
9935 | if (!cs) { |
9936 | ssl->cipher_suite = NULL((void*)0); |
9937 | ssl->state &= ~SSL_CIPHER(1<<2); |
9938 | ssl_debug_printf("%s can't find cipher suite 0x%04X\n", G_STRFUNC((const char*) (__func__)), cipher); |
9939 | } else if (ssl->session.version == SSLV3_VERSION0x300 && !(cs->dig == DIG_MD50x40 || cs->dig == DIG_SHA0x41)) { |
9940 | /* A malicious packet capture contains a SSL 3.0 session using a TLS 1.2 |
9941 | * cipher suite that uses for example MACAlgorithm SHA256. Reject that |
9942 | * to avoid a potential buffer overflow in ssl3_check_mac. */ |
9943 | ssl->cipher_suite = NULL((void*)0); |
9944 | ssl->state &= ~SSL_CIPHER(1<<2); |
9945 | ssl_debug_printf("%s invalid SSL 3.0 cipher suite 0x%04X\n", G_STRFUNC((const char*) (__func__)), cipher); |
9946 | } else { |
9947 | /* Cipher found, save this for the delayed decoder init */ |
9948 | ssl->cipher_suite = cs; |
9949 | ssl->state |= SSL_CIPHER(1<<2); |
9950 | ssl_debug_printf("%s found CIPHER 0x%04X %s -> state 0x%02X\n", G_STRFUNC((const char*) (__func__)), cipher, |
9951 | val_to_str_ext_const(cipher, &ssl_31_ciphersuite_ext, "unknown"), |
9952 | ssl->state); |
9953 | } |
9954 | } |
9955 | /* }}} */ |
9956 | |
9957 | |
9958 | /* Client Hello and Server Hello dissections. {{{ */ |
9959 | static int |
9960 | ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, |
9961 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, |
9962 | SslSession *session, SslDecryptSession *ssl, |
9963 | bool_Bool is_dtls, wmem_strbuf_t *ja3, ja4_data_t *ja4_data); |
9964 | void |
9965 | ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
9966 | packet_info *pinfo, proto_tree *tree, uint32_t offset, |
9967 | uint32_t offset_end, SslSession *session, |
9968 | SslDecryptSession *ssl, dtls_hfs_t *dtls_hfs) |
9969 | { |
9970 | /* struct { |
9971 | * ProtocolVersion client_version; |
9972 | * Random random; |
9973 | * SessionID session_id; |
9974 | * opaque cookie<0..32>; //new field for DTLS |
9975 | * CipherSuite cipher_suites<2..2^16-1>; |
9976 | * CompressionMethod compression_methods<1..2^8-1>; |
9977 | * Extension client_hello_extension_list<0..2^16-1>; |
9978 | * } ClientHello; |
9979 | */ |
9980 | proto_item *ti; |
9981 | proto_tree *cs_tree; |
9982 | uint32_t client_version; |
9983 | uint32_t cipher_suite_length; |
9984 | uint32_t compression_methods_length; |
9985 | uint8_t compression_method; |
9986 | uint32_t next_offset; |
9987 | wmem_strbuf_t *ja3 = wmem_strbuf_new(pinfo->pool, ""); |
9988 | char *ja3_hash; |
9989 | char *ja3_dash = ""; |
9990 | char *ja4, *ja4_r, *ja4_hash, *ja4_b, *ja4_c; |
9991 | ja4_data_t ja4_data; |
9992 | wmem_strbuf_t *ja4_a = wmem_strbuf_new(pinfo->pool, ""); |
9993 | wmem_strbuf_t *ja4_br = wmem_strbuf_new(pinfo->pool, ""); |
9994 | wmem_strbuf_t *ja4_cr = wmem_strbuf_new(pinfo->pool, ""); |
9995 | wmem_list_frame_t *curr_entry; |
9996 | |
9997 | ja4_data.max_version = 0; |
9998 | ja4_data.server_name_present = false0; |
9999 | ja4_data.num_cipher_suites = 0; |
10000 | ja4_data.num_extensions = 0; |
10001 | ja4_data.alpn = wmem_strbuf_new(pinfo->pool, ""); |
10002 | ja4_data.cipher_list = wmem_list_new(pinfo->pool); |
10003 | ja4_data.extension_list = wmem_list_new(pinfo->pool); |
10004 | ja4_data.sighash_list = wmem_list_new(pinfo->pool); |
10005 | |
10006 | /* show the client version */ |
10007 | ti = proto_tree_add_item_ret_uint(tree, hf->hf.hs_client_version, tvb, |
10008 | offset, 2, ENC_BIG_ENDIAN0x00000000, |
10009 | &client_version); |
10010 | if (tls_scan_client_hello(tvb, offset, offset_end)) { |
10011 | expert_add_info(pinfo, ti, &hf->ei.legacy_version); |
10012 | } |
10013 | offset += 2; |
10014 | wmem_strbuf_append_printf(ja3, "%i,", client_version); |
10015 | |
10016 | /* |
10017 | * Is it version 1.3? |
10018 | * If so, that's an error; TLS and DTLS 1.3 Client Hellos claim |
10019 | * to be TLS 1.2, and mention 1.3 in an extension. See RFC 8446 |
10020 | * section 4.1.2 "Client Hello" and RFC 9147 Section 5.3 "Client |
10021 | * Hello". |
10022 | */ |
10023 | if (dtls_hfs != NULL((void*)0)) { |
10024 | if (client_version == DTLSV1DOT3_VERSION0xfefc) { |
10025 | /* Don't do that. */ |
10026 | expert_add_info(pinfo, ti, &hf->ei.client_version_error); |
10027 | } |
10028 | } else { |
10029 | if (client_version == TLSV1DOT3_VERSION0x304) { |
10030 | /* Don't do that. */ |
10031 | expert_add_info(pinfo, ti, &hf->ei.client_version_error); |
10032 | } |
10033 | } |
10034 | |
10035 | /* dissect fields that are present in both ClientHello and ServerHello */ |
10036 | offset = ssl_dissect_hnd_hello_common(hf, tvb, tree, offset, session, ssl, false0, false0); |
10037 | |
10038 | /* fields specific for DTLS (cookie_len, cookie) */ |
10039 | if (dtls_hfs != NULL((void*)0)) { |
10040 | uint32_t cookie_length; |
10041 | /* opaque cookie<0..32> (for DTLS only) */ |
10042 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cookie_length, |
10043 | dtls_hfs->hf_dtls_handshake_cookie_len, 0, 32)) { |
10044 | return; |
10045 | } |
10046 | offset++; |
10047 | if (cookie_length > 0) { |
10048 | proto_tree_add_item(tree, dtls_hfs->hf_dtls_handshake_cookie, |
10049 | tvb, offset, cookie_length, ENC_NA0x00000000); |
10050 | offset += cookie_length; |
10051 | } |
10052 | } |
10053 | |
10054 | /* CipherSuite cipher_suites<2..2^16-1> */ |
10055 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cipher_suite_length, |
10056 | hf->hf.hs_cipher_suites_len, 2, UINT16_MAX(65535))) { |
10057 | return; |
10058 | } |
10059 | offset += 2; |
10060 | next_offset = offset + cipher_suite_length; |
10061 | ti = proto_tree_add_none_format(tree, |
10062 | hf->hf.hs_cipher_suites, |
10063 | tvb, offset, cipher_suite_length, |
10064 | "Cipher Suites (%d suite%s)", |
10065 | cipher_suite_length / 2, |
10066 | plurality(cipher_suite_length/2, "", "s")((cipher_suite_length/2) == 1 ? ("") : ("s"))); |
10067 | cs_tree = proto_item_add_subtree(ti, hf->ett.cipher_suites); |
10068 | while (offset + 2 <= next_offset) { |
10069 | uint32_t cipher_suite; |
10070 | |
10071 | proto_tree_add_item_ret_uint(cs_tree, hf->hf.hs_cipher_suite, tvb, offset, 2, |
10072 | ENC_BIG_ENDIAN0x00000000, &cipher_suite); |
10073 | offset += 2; |
10074 | if (!IS_GREASE_TLS(cipher_suite)((((cipher_suite) & 0x0f0f) == 0x0a0a) && (((cipher_suite ) & 0xff) == (((cipher_suite)>>8) & 0xff)))) { |
10075 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, cipher_suite); |
10076 | ja3_dash = "-"; |
10077 | ja4_data.num_cipher_suites += 1; |
10078 | wmem_list_insert_sorted(ja4_data.cipher_list, GUINT_TO_POINTER(cipher_suite)((gpointer) (gulong) (cipher_suite)), wmem_compare_uint); |
10079 | } |
10080 | } |
10081 | wmem_strbuf_append_c(ja3, ','); |
10082 | if (!ssl_end_vector(hf, tvb, pinfo, cs_tree, offset, next_offset)) { |
10083 | offset = next_offset; |
10084 | } |
10085 | |
10086 | /* CompressionMethod compression_methods<1..2^8-1> */ |
10087 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compression_methods_length, |
10088 | hf->hf.hs_comp_methods_len, 1, UINT8_MAX(255))) { |
10089 | return; |
10090 | } |
10091 | offset++; |
10092 | next_offset = offset + compression_methods_length; |
10093 | ti = proto_tree_add_none_format(tree, |
10094 | hf->hf.hs_comp_methods, |
10095 | tvb, offset, compression_methods_length, |
10096 | "Compression Methods (%u method%s)", |
10097 | compression_methods_length, |
10098 | plurality(compression_methods_length,((compression_methods_length) == 1 ? ("") : ("s")) |
10099 | "", "s")((compression_methods_length) == 1 ? ("") : ("s"))); |
10100 | cs_tree = proto_item_add_subtree(ti, hf->ett.comp_methods); |
10101 | while (offset < next_offset) { |
10102 | compression_method = tvb_get_uint8(tvb, offset); |
10103 | /* TODO: make reserved/private comp meth. fields selectable */ |
10104 | if (compression_method < 64) |
10105 | proto_tree_add_uint(cs_tree, hf->hf.hs_comp_method, |
10106 | tvb, offset, 1, compression_method); |
10107 | else if (compression_method > 63 && compression_method < 193) |
10108 | proto_tree_add_uint_format_value(cs_tree, hf->hf.hs_comp_method, tvb, offset, 1, |
10109 | compression_method, "Reserved - to be assigned by IANA (%u)", |
10110 | compression_method); |
10111 | else |
10112 | proto_tree_add_uint_format_value(cs_tree, hf->hf.hs_comp_method, tvb, offset, 1, |
10113 | compression_method, "Private use range (%u)", |
10114 | compression_method); |
10115 | offset++; |
10116 | } |
10117 | |
10118 | /* SSL v3.0 has no extensions, so length field can indeed be missing. */ |
10119 | if (offset < offset_end) { |
10120 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, |
10121 | offset_end, SSL_HND_CLIENT_HELLO, |
10122 | session, ssl, dtls_hfs != NULL((void*)0), ja3, &ja4_data); |
10123 | if (ja4_data.max_version > 0) { |
10124 | client_version = ja4_data.max_version; |
10125 | } |
10126 | } else { |
10127 | wmem_strbuf_append_printf(ja3, ",,"); |
10128 | } |
10129 | |
10130 | if (proto_is_frame_protocol(pinfo->layers,"tcp")) { |
10131 | wmem_strbuf_append(ja4_a, "t"); |
10132 | } else if (proto_is_frame_protocol(pinfo->layers,"quic")) { |
10133 | wmem_strbuf_append(ja4_a, "q"); |
10134 | } else if (proto_is_frame_protocol(pinfo->layers,"dtls")) { |
10135 | wmem_strbuf_append(ja4_a, "d"); |
10136 | } |
10137 | wmem_strbuf_append_printf(ja4_a, "%s", val_to_str_const(client_version, ssl_version_ja4_names, "00")); |
10138 | wmem_strbuf_append_printf(ja4_a, "%s", ja4_data.server_name_present ? "d" : "i"); |
10139 | if (ja4_data.num_cipher_suites > 99) { |
10140 | wmem_strbuf_append(ja4_a, "99"); |
10141 | } else { |
10142 | wmem_strbuf_append_printf(ja4_a, "%02d", ja4_data.num_cipher_suites); |
10143 | } |
10144 | if (ja4_data.num_extensions > 99) { |
10145 | wmem_strbuf_append(ja4_a, "99"); |
10146 | } else { |
10147 | wmem_strbuf_append_printf(ja4_a, "%02d", ja4_data.num_extensions); |
10148 | } |
10149 | if (wmem_strbuf_get_len(ja4_data.alpn) > 0 ) { |
10150 | wmem_strbuf_append_printf(ja4_a, "%s", wmem_strbuf_get_str(ja4_data.alpn)); |
10151 | } else { |
10152 | wmem_strbuf_append(ja4_a, "00"); |
10153 | } |
10154 | |
10155 | curr_entry = wmem_list_head(ja4_data.cipher_list); |
10156 | for (unsigned i = 0; i < wmem_list_count(ja4_data.cipher_list); i++) { |
10157 | wmem_strbuf_append_printf(ja4_br, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); |
10158 | if (i < wmem_list_count(ja4_data.cipher_list) - 1) { |
10159 | wmem_strbuf_append(ja4_br, ","); |
10160 | } |
10161 | curr_entry = wmem_list_frame_next(curr_entry); |
10162 | } |
10163 | |
10164 | curr_entry = wmem_list_head(ja4_data.extension_list); |
10165 | for (unsigned i = 0; i < wmem_list_count(ja4_data.extension_list); i++) { |
10166 | wmem_strbuf_append_printf(ja4_cr, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); |
10167 | if (i < wmem_list_count(ja4_data.extension_list) - 1) { |
10168 | wmem_strbuf_append(ja4_cr, ","); |
10169 | } |
10170 | curr_entry = wmem_list_frame_next(curr_entry); |
10171 | } |
10172 | |
10173 | if (wmem_list_count(ja4_data.sighash_list) > 0) { |
10174 | wmem_strbuf_append(ja4_cr, "_"); |
10175 | curr_entry = wmem_list_head(ja4_data.sighash_list); |
10176 | for (unsigned i = 0; i < wmem_list_count(ja4_data.sighash_list); i++) { |
10177 | wmem_strbuf_append_printf(ja4_cr, "%04x", GPOINTER_TO_UINT(wmem_list_frame_data(curr_entry))((guint) (gulong) (wmem_list_frame_data(curr_entry)))); |
10178 | if (i < wmem_list_count(ja4_data.sighash_list) - 1) { |
10179 | wmem_strbuf_append(ja4_cr, ","); |
10180 | } |
10181 | curr_entry = wmem_list_frame_next(curr_entry); |
10182 | } |
10183 | } |
10184 | ja4_hash = g_compute_checksum_for_string(G_CHECKSUM_SHA256, wmem_strbuf_get_str(ja4_br),-1); |
10185 | ja4_b = wmem_strndup(pinfo->pool, ja4_hash, 12); |
10186 | g_free(ja4_hash); |
10187 | ja4_hash = g_compute_checksum_for_string(G_CHECKSUM_SHA256, wmem_strbuf_get_str(ja4_cr),-1); |
10188 | ja4_c = wmem_strndup(pinfo->pool, ja4_hash, 12); |
10189 | g_free(ja4_hash); |
10190 | |
10191 | ja4 = wmem_strdup_printf(pinfo->pool, "%s_%s_%s", wmem_strbuf_get_str(ja4_a), ja4_b, ja4_c); |
10192 | ja4_r = wmem_strdup_printf(pinfo->pool, "%s_%s_%s", wmem_strbuf_get_str(ja4_a), wmem_strbuf_get_str(ja4_br), wmem_strbuf_get_str(ja4_cr)); |
10193 | |
10194 | ti = proto_tree_add_string(tree, hf->hf.hs_ja4, tvb, offset, 0, ja4); |
10195 | proto_item_set_generated(ti); |
10196 | ti = proto_tree_add_string(tree, hf->hf.hs_ja4_r, tvb, offset, 0, ja4_r); |
10197 | proto_item_set_generated(ti); |
10198 | |
10199 | ja3_hash = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(ja3), |
10200 | wmem_strbuf_get_len(ja3)); |
10201 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3_full, tvb, offset, 0, wmem_strbuf_get_str(ja3)); |
10202 | proto_item_set_generated(ti); |
10203 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3_hash, tvb, offset, 0, ja3_hash); |
10204 | proto_item_set_generated(ti); |
10205 | g_free(ja3_hash); |
10206 | } |
10207 | |
10208 | void |
10209 | ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
10210 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, |
10211 | SslSession *session, SslDecryptSession *ssl, |
10212 | bool_Bool is_dtls, bool_Bool is_hrr) |
10213 | { |
10214 | /* struct { |
10215 | * ProtocolVersion server_version; |
10216 | * Random random; |
10217 | * SessionID session_id; // TLS 1.2 and before |
10218 | * CipherSuite cipher_suite; |
10219 | * CompressionMethod compression_method; // TLS 1.2 and before |
10220 | * Extension server_hello_extension_list<0..2^16-1>; |
10221 | * } ServerHello; |
10222 | */ |
10223 | uint8_t draft_version = session->tls13_draft_version; |
10224 | proto_item *ti; |
10225 | uint32_t server_version; |
10226 | uint32_t cipher_suite; |
10227 | wmem_strbuf_t *ja3 = wmem_strbuf_new(pinfo->pool, ""); |
10228 | char *ja3_hash; |
10229 | |
10230 | col_set_str(pinfo->cinfo, COL_PROTOCOL, |
10231 | val_to_str_const(session->version, ssl_version_short_names, "SSL")); |
10232 | |
10233 | /* Initially assume that the session is resumed. If this is not the case, a |
10234 | * ServerHelloDone will be observed before the ChangeCipherSpec message |
10235 | * which will reset this flag. */ |
10236 | session->is_session_resumed = true1; |
10237 | |
10238 | /* show the server version */ |
10239 | ti = proto_tree_add_item_ret_uint(tree, hf->hf.hs_server_version, tvb, |
10240 | offset, 2, ENC_BIG_ENDIAN0x00000000, &server_version); |
10241 | |
10242 | uint16_t supported_server_version; |
10243 | if (tls_scan_server_hello(tvb, offset, offset_end, &supported_server_version, NULL((void*)0))) { |
10244 | expert_add_info(pinfo, ti, &hf->ei.legacy_version); |
10245 | } |
10246 | /* |
10247 | * Is it version 1.3? |
10248 | * If so, that's an error; TLS and DTLS 1.3 Server Hellos claim |
10249 | * to be TLS 1.2, and mention 1.3 in an extension. See RFC 8446 |
10250 | * section 4.1.3 "Server Hello" and RFC 9147 Section 5.4 "Server |
10251 | * Hello". |
10252 | */ |
10253 | if (is_dtls) { |
10254 | if (server_version == DTLSV1DOT3_VERSION0xfefc) { |
10255 | /* Don't do that. */ |
10256 | expert_add_info(pinfo, ti, &hf->ei.server_version_error); |
10257 | } |
10258 | } else { |
10259 | if (server_version == TLSV1DOT3_VERSION0x304) { |
10260 | /* Don't do that. */ |
10261 | expert_add_info(pinfo, ti, &hf->ei.server_version_error); |
10262 | } |
10263 | } |
10264 | |
10265 | offset += 2; |
10266 | wmem_strbuf_append_printf(ja3, "%i", server_version); |
10267 | |
10268 | /* dissect fields that are present in both ClientHello and ServerHello */ |
10269 | offset = ssl_dissect_hnd_hello_common(hf, tvb, tree, offset, session, ssl, true1, is_hrr); |
10270 | |
10271 | if (ssl) { |
10272 | /* store selected cipher suite for decryption */ |
10273 | ssl_set_cipher(ssl, tvb_get_ntohs(tvb, offset)); |
10274 | } |
10275 | |
10276 | /* now the server-selected cipher suite */ |
10277 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_cipher_suite, |
10278 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &cipher_suite); |
10279 | offset += 2; |
10280 | wmem_strbuf_append_printf(ja3, ",%i,", cipher_suite); |
10281 | |
10282 | /* No compression with TLS 1.3 before draft -22 */ |
10283 | if (!(session->version == TLSV1DOT3_VERSION0x304 && draft_version > 0 && draft_version < 22)) { |
10284 | if (ssl) { |
10285 | /* store selected compression method for decryption */ |
10286 | ssl->session.compression = tvb_get_uint8(tvb, offset); |
10287 | } |
10288 | /* and the server-selected compression method */ |
10289 | proto_tree_add_item(tree, hf->hf.hs_comp_method, |
10290 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
10291 | offset++; |
10292 | } |
10293 | |
10294 | /* SSL v3.0 has no extensions, so length field can indeed be missing. */ |
10295 | if (offset < offset_end) { |
10296 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, |
10297 | offset_end, |
10298 | is_hrr ? SSL_HND_HELLO_RETRY_REQUEST : SSL_HND_SERVER_HELLO, |
10299 | session, ssl, is_dtls, ja3, NULL((void*)0)); |
10300 | } |
10301 | |
10302 | ja3_hash = g_compute_checksum_for_string(G_CHECKSUM_MD5, wmem_strbuf_get_str(ja3), |
10303 | wmem_strbuf_get_len(ja3)); |
10304 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3s_full, tvb, offset, 0, wmem_strbuf_get_str(ja3)); |
10305 | proto_item_set_generated(ti); |
10306 | ti = proto_tree_add_string(tree, hf->hf.hs_ja3s_hash, tvb, offset, 0, ja3_hash); |
10307 | proto_item_set_generated(ti); |
10308 | g_free(ja3_hash); |
10309 | } |
10310 | /* Client Hello and Server Hello dissections. }}} */ |
10311 | |
10312 | /* New Session Ticket dissection. {{{ */ |
10313 | void |
10314 | ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
10315 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
10316 | SslSession *session, SslDecryptSession *ssl, |
10317 | bool_Bool is_dtls, GHashTable *session_hash) |
10318 | { |
10319 | /* https://tools.ietf.org/html/rfc5077#section-3.3 (TLS >= 1.0): |
10320 | * struct { |
10321 | * uint32 ticket_lifetime_hint; |
10322 | * opaque ticket<0..2^16-1>; |
10323 | * } NewSessionTicket; |
10324 | * |
10325 | * RFC 8446 Section 4.6.1 (TLS 1.3): |
10326 | * struct { |
10327 | * uint32 ticket_lifetime; |
10328 | * uint32 ticket_age_add; |
10329 | * opaque ticket_nonce<0..255>; // new in draft -21, updated in -22 |
10330 | * opaque ticket<1..2^16-1>; |
10331 | * Extension extensions<0..2^16-2>; |
10332 | * } NewSessionTicket; |
10333 | */ |
10334 | proto_tree *subtree; |
10335 | proto_item *subitem; |
10336 | uint32_t ticket_len; |
10337 | bool_Bool is_tls13 = session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc; |
10338 | unsigned char draft_version = session->tls13_draft_version; |
10339 | uint32_t lifetime_hint; |
10340 | |
10341 | subtree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, |
10342 | hf->ett.session_ticket, NULL((void*)0), |
10343 | "TLS Session Ticket"); |
10344 | |
10345 | /* ticket lifetime hint */ |
10346 | subitem = proto_tree_add_item_ret_uint(subtree, hf->hf.hs_session_ticket_lifetime_hint, |
10347 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000, &lifetime_hint); |
10348 | offset += 4; |
10349 | |
10350 | if (lifetime_hint >= 60) { |
10351 | char *time_str = unsigned_time_secs_to_str(pinfo->pool, lifetime_hint); |
10352 | proto_item_append_text(subitem, " (%s)", time_str); |
10353 | } |
10354 | |
10355 | if (is_tls13) { |
10356 | |
10357 | /* for TLS 1.3: ticket_age_add */ |
10358 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket_age_add, |
10359 | tvb, offset, 4, ENC_BIG_ENDIAN0x00000000); |
10360 | offset += 4; |
10361 | |
10362 | /* for TLS 1.3: ticket_nonce (coming with Draft 21)*/ |
10363 | if (draft_version == 0 || draft_version >= 21) { |
10364 | uint32_t ticket_nonce_len; |
10365 | |
10366 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &ticket_nonce_len, |
10367 | hf->hf.hs_session_ticket_nonce_len, 0, 255)) { |
10368 | return; |
10369 | } |
10370 | offset++; |
10371 | |
10372 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket_nonce, tvb, offset, ticket_nonce_len, ENC_NA0x00000000); |
10373 | offset += ticket_nonce_len; |
10374 | } |
10375 | |
10376 | } |
10377 | |
10378 | /* opaque ticket<0..2^16-1> (with TLS 1.3 the minimum is 1) */ |
10379 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, offset_end, &ticket_len, |
10380 | hf->hf.hs_session_ticket_len, is_tls13 ? 1 : 0, UINT16_MAX(65535))) { |
10381 | return; |
10382 | } |
10383 | offset += 2; |
10384 | |
10385 | /* Content depends on implementation, so just show data! */ |
10386 | proto_tree_add_item(subtree, hf->hf.hs_session_ticket, |
10387 | tvb, offset, ticket_len, ENC_NA0x00000000); |
10388 | /* save the session ticket to cache for ssl_finalize_decryption */ |
10389 | if (ssl && !is_tls13) { |
10390 | tvb_ensure_bytes_exist(tvb, offset, ticket_len); |
10391 | ssl->session_ticket.data = (unsigned char*)wmem_realloc(wmem_file_scope(), |
10392 | ssl->session_ticket.data, ticket_len); |
10393 | ssl->session_ticket.data_len = ticket_len; |
10394 | tvb_memcpy(tvb, ssl->session_ticket.data, offset, ticket_len); |
10395 | /* NewSessionTicket is received after the first (client) |
10396 | * ChangeCipherSpec, and before the second (server) ChangeCipherSpec. |
10397 | * Since the second CCS has already the session key available it will |
10398 | * just return. To ensure that the session ticket is mapped to a |
10399 | * master key (from the first CCS), save the ticket here too. */ |
10400 | ssl_save_master_key("Session Ticket", session_hash, |
10401 | &ssl->session_ticket, &ssl->master_secret); |
10402 | ssl->state |= SSL_NEW_SESSION_TICKET(1<<10); |
10403 | } |
10404 | offset += ticket_len; |
10405 | |
10406 | if (is_tls13) { |
10407 | ssl_dissect_hnd_extension(hf, tvb, subtree, pinfo, offset, |
10408 | offset_end, SSL_HND_NEWSESSION_TICKET, |
10409 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0)); |
10410 | } |
10411 | } /* }}} */ |
10412 | |
10413 | void |
10414 | ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
10415 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, |
10416 | SslSession *session, SslDecryptSession *ssl, |
10417 | bool_Bool is_dtls) |
10418 | { |
10419 | /* https://tools.ietf.org/html/draft-ietf-tls-tls13-19#section-4.1.4 |
10420 | * struct { |
10421 | * ProtocolVersion server_version; |
10422 | * CipherSuite cipher_suite; // not before draft -19 |
10423 | * Extension extensions<2..2^16-1>; |
10424 | * } HelloRetryRequest; |
10425 | * Note: no longer used since draft -22 |
10426 | */ |
10427 | uint32_t version; |
10428 | uint8_t draft_version; |
10429 | |
10430 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_server_version, tvb, |
10431 | offset, 2, ENC_BIG_ENDIAN0x00000000, &version); |
10432 | draft_version = extract_tls13_draft_version(version); |
10433 | offset += 2; |
10434 | |
10435 | if (draft_version == 0 || draft_version >= 19) { |
10436 | proto_tree_add_item(tree, hf->hf.hs_cipher_suite, |
10437 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
10438 | offset += 2; |
10439 | } |
10440 | |
10441 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, |
10442 | offset_end, SSL_HND_HELLO_RETRY_REQUEST, |
10443 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0)); |
10444 | } |
10445 | |
10446 | void |
10447 | ssl_dissect_hnd_encrypted_extensions(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
10448 | packet_info* pinfo, proto_tree *tree, uint32_t offset, uint32_t offset_end, |
10449 | SslSession *session, SslDecryptSession *ssl, |
10450 | bool_Bool is_dtls) |
10451 | { |
10452 | /* RFC 8446 Section 4.3.1 |
10453 | * struct { |
10454 | * Extension extensions<0..2^16-1>; |
10455 | * } EncryptedExtensions; |
10456 | */ |
10457 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, |
10458 | offset_end, SSL_HND_ENCRYPTED_EXTENSIONS, |
10459 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0)); |
10460 | } |
10461 | |
10462 | /* Certificate and Certificate Request dissections. {{{ */ |
10463 | void |
10464 | ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, |
10465 | uint32_t offset, uint32_t offset_end, packet_info *pinfo, |
10466 | SslSession *session, SslDecryptSession *ssl _U___attribute__((unused)), |
10467 | bool_Bool is_from_server, bool_Bool is_dtls) |
10468 | { |
10469 | /* opaque ASN.1Cert<1..2^24-1>; |
10470 | * |
10471 | * Before RFC 8446 (TLS <= 1.2): |
10472 | * struct { |
10473 | * select(certificate_type) { |
10474 | * |
10475 | * // certificate type defined in RFC 7250 |
10476 | * case RawPublicKey: |
10477 | * opaque ASN.1_subjectPublicKeyInfo<1..2^24-1>; |
10478 | * |
10479 | * // X.509 certificate defined in RFC 5246 |
10480 | * case X.509: |
10481 | * ASN.1Cert certificate_list<0..2^24-1>; |
10482 | * }; |
10483 | * } Certificate; |
10484 | * |
10485 | * RFC 8446 (since draft -20): |
10486 | * struct { |
10487 | * select(certificate_type){ |
10488 | * case RawPublicKey: |
10489 | * // From RFC 7250 ASN.1_subjectPublicKeyInfo |
10490 | * opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; |
10491 | * |
10492 | * case X.509: |
10493 | * opaque cert_data<1..2^24-1>; |
10494 | * } |
10495 | * Extension extensions<0..2^16-1>; |
10496 | * } CertificateEntry; |
10497 | * struct { |
10498 | * opaque certificate_request_context<0..2^8-1>; |
10499 | * CertificateEntry certificate_list<0..2^24-1>; |
10500 | * } Certificate; |
10501 | */ |
10502 | enum { CERT_X509, CERT_RPK } cert_type; |
10503 | asn1_ctx_t asn1_ctx; |
10504 | #if defined(HAVE_LIBGNUTLS1) |
10505 | gnutls_datum_t subjectPublicKeyInfo = { NULL((void*)0), 0 }; |
10506 | unsigned certificate_index = 0; |
10507 | #endif |
10508 | uint32_t next_offset, certificate_list_length, cert_length; |
10509 | proto_tree *subtree = tree; |
10510 | |
10511 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); |
10512 | |
10513 | if ((is_from_server && session->server_cert_type == SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2) || |
10514 | (!is_from_server && session->client_cert_type == SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY2)) { |
10515 | cert_type = CERT_RPK; |
10516 | } else { |
10517 | cert_type = CERT_X509; |
10518 | } |
10519 | |
10520 | #if defined(HAVE_LIBGNUTLS1) |
10521 | /* Ask the pkcs1 dissector to return the public key details */ |
10522 | if (ssl) |
10523 | asn1_ctx.private_data = &subjectPublicKeyInfo; |
10524 | #endif |
10525 | |
10526 | /* TLS 1.3: opaque certificate_request_context<0..2^8-1> */ |
10527 | if (session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc) { |
10528 | uint32_t context_length; |
10529 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &context_length, |
10530 | hf->hf.hs_certificate_request_context_length, 0, UINT8_MAX(255))) { |
10531 | return; |
10532 | } |
10533 | offset++; |
10534 | if (context_length > 0) { |
10535 | proto_tree_add_item(tree, hf->hf.hs_certificate_request_context, |
10536 | tvb, offset, context_length, ENC_NA0x00000000); |
10537 | offset += context_length; |
10538 | } |
10539 | } |
10540 | |
10541 | if ((session->version != TLSV1DOT3_VERSION0x304 && session->version != DTLSV1DOT3_VERSION0xfefc) && cert_type == CERT_RPK) { |
10542 | /* For RPK before TLS 1.3, the single RPK is stored directly without |
10543 | * another "certificate_list" field. */ |
10544 | certificate_list_length = offset_end - offset; |
10545 | next_offset = offset_end; |
10546 | } else { |
10547 | /* CertificateEntry certificate_list<0..2^24-1> */ |
10548 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &certificate_list_length, |
10549 | hf->hf.hs_certificates_len, 0, G_MAXUINT24((1U << 24) - 1))) { |
10550 | return; |
10551 | } |
10552 | offset += 3; /* 24-bit length value */ |
10553 | next_offset = offset + certificate_list_length; |
10554 | } |
10555 | |
10556 | /* RawPublicKey must have one cert, but X.509 can have multiple. */ |
10557 | if (certificate_list_length > 0 && cert_type == CERT_X509) { |
10558 | proto_item *ti; |
10559 | |
10560 | ti = proto_tree_add_none_format(tree, |
10561 | hf->hf.hs_certificates, |
10562 | tvb, offset, certificate_list_length, |
10563 | "Certificates (%u bytes)", |
10564 | certificate_list_length); |
10565 | |
10566 | /* make it a subtree */ |
10567 | subtree = proto_item_add_subtree(ti, hf->ett.certificates); |
10568 | } |
10569 | |
10570 | while (offset < next_offset) { |
10571 | switch (cert_type) { |
10572 | case CERT_RPK: |
10573 | /* TODO add expert info if there is more than one RPK entry (certificate_index > 0) */ |
10574 | /* opaque ASN.1_subjectPublicKeyInfo<1..2^24-1> */ |
10575 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &cert_length, |
10576 | hf->hf.hs_certificate_len, 1, G_MAXUINT24((1U << 24) - 1))) { |
10577 | return; |
10578 | } |
10579 | offset += 3; |
10580 | |
10581 | dissect_x509af_SubjectPublicKeyInfo(false0, tvb, offset, &asn1_ctx, subtree, hf->hf.hs_certificate); |
10582 | offset += cert_length; |
10583 | break; |
10584 | case CERT_X509: |
10585 | /* opaque ASN1Cert<1..2^24-1> */ |
10586 | if (!ssl_add_vector(hf, tvb, pinfo, subtree, offset, next_offset, &cert_length, |
10587 | hf->hf.hs_certificate_len, 1, G_MAXUINT24((1U << 24) - 1))) { |
10588 | return; |
10589 | } |
10590 | offset += 3; |
10591 | |
10592 | dissect_x509af_Certificate(false0, tvb, offset, &asn1_ctx, subtree, hf->hf.hs_certificate); |
10593 | #if defined(HAVE_LIBGNUTLS1) |
10594 | if (is_from_server && ssl && certificate_index == 0) { |
10595 | ssl_find_private_key_by_pubkey(ssl, &subjectPublicKeyInfo); |
10596 | /* Only attempt to get the RSA modulus for the first cert. */ |
10597 | asn1_ctx.private_data = NULL((void*)0); |
10598 | } |
10599 | #endif |
10600 | offset += cert_length; |
10601 | break; |
10602 | } |
10603 | |
10604 | /* TLS 1.3: Extension extensions<0..2^16-1> */ |
10605 | if ((session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc)) { |
10606 | offset = ssl_dissect_hnd_extension(hf, tvb, subtree, pinfo, offset, |
10607 | next_offset, SSL_HND_CERTIFICATE, |
10608 | session, ssl, is_dtls, NULL((void*)0), NULL((void*)0)); |
10609 | } |
10610 | |
10611 | #if defined(HAVE_LIBGNUTLS1) |
10612 | certificate_index++; |
10613 | #endif |
10614 | } |
10615 | } |
10616 | |
10617 | void |
10618 | ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
10619 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
10620 | SslSession *session, bool_Bool is_dtls) |
10621 | { |
10622 | /* From SSL 3.0 and up (note that since TLS 1.1 certificate_authorities can be empty): |
10623 | * enum { |
10624 | * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), |
10625 | * (255) |
10626 | * } ClientCertificateType; |
10627 | * |
10628 | * opaque DistinguishedName<1..2^16-1>; |
10629 | * |
10630 | * struct { |
10631 | * ClientCertificateType certificate_types<1..2^8-1>; |
10632 | * DistinguishedName certificate_authorities<3..2^16-1>; |
10633 | * } CertificateRequest; |
10634 | * |
10635 | * |
10636 | * As per TLSv1.2 (RFC 5246) the format has changed to: |
10637 | * |
10638 | * enum { |
10639 | * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), |
10640 | * rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6), |
10641 | * fortezza_dms_RESERVED(20), (255) |
10642 | * } ClientCertificateType; |
10643 | * |
10644 | * enum { |
10645 | * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), |
10646 | * sha512(6), (255) |
10647 | * } HashAlgorithm; |
10648 | * |
10649 | * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } |
10650 | * SignatureAlgorithm; |
10651 | * |
10652 | * struct { |
10653 | * HashAlgorithm hash; |
10654 | * SignatureAlgorithm signature; |
10655 | * } SignatureAndHashAlgorithm; |
10656 | * |
10657 | * SignatureAndHashAlgorithm |
10658 | * supported_signature_algorithms<2..2^16-2>; |
10659 | * |
10660 | * opaque DistinguishedName<1..2^16-1>; |
10661 | * |
10662 | * struct { |
10663 | * ClientCertificateType certificate_types<1..2^8-1>; |
10664 | * SignatureAndHashAlgorithm supported_signature_algorithms<2^16-1>; |
10665 | * DistinguishedName certificate_authorities<0..2^16-1>; |
10666 | * } CertificateRequest; |
10667 | * |
10668 | * draft-ietf-tls-tls13-18: |
10669 | * struct { |
10670 | * opaque certificate_request_context<0..2^8-1>; |
10671 | * SignatureScheme |
10672 | * supported_signature_algorithms<2..2^16-2>; |
10673 | * DistinguishedName certificate_authorities<0..2^16-1>; |
10674 | * CertificateExtension certificate_extensions<0..2^16-1>; |
10675 | * } CertificateRequest; |
10676 | * |
10677 | * RFC 8446 (since draft-ietf-tls-tls13-19): |
10678 | * |
10679 | * struct { |
10680 | * opaque certificate_request_context<0..2^8-1>; |
10681 | * Extension extensions<2..2^16-1>; |
10682 | * } CertificateRequest; |
10683 | */ |
10684 | proto_item *ti; |
10685 | proto_tree *subtree; |
10686 | uint32_t next_offset; |
10687 | asn1_ctx_t asn1_ctx; |
10688 | bool_Bool is_tls13 = (session->version == TLSV1DOT3_VERSION0x304 || session->version == DTLSV1DOT3_VERSION0xfefc); |
10689 | unsigned char draft_version = session->tls13_draft_version; |
10690 | |
10691 | if (!tree) |
10692 | return; |
10693 | |
10694 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true1, pinfo); |
10695 | |
10696 | if (is_tls13) { |
10697 | uint32_t context_length; |
10698 | /* opaque certificate_request_context<0..2^8-1> */ |
10699 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &context_length, |
10700 | hf->hf.hs_certificate_request_context_length, 0, UINT8_MAX(255))) { |
10701 | return; |
10702 | } |
10703 | offset++; |
10704 | if (context_length > 0) { |
10705 | proto_tree_add_item(tree, hf->hf.hs_certificate_request_context, |
10706 | tvb, offset, context_length, ENC_NA0x00000000); |
10707 | offset += context_length; |
10708 | } |
10709 | } else { |
10710 | uint32_t cert_types_count; |
10711 | /* ClientCertificateType certificate_types<1..2^8-1> */ |
10712 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &cert_types_count, |
10713 | hf->hf.hs_cert_types_count, 1, UINT8_MAX(255))) { |
10714 | return; |
10715 | } |
10716 | offset++; |
10717 | next_offset = offset + cert_types_count; |
10718 | |
10719 | ti = proto_tree_add_none_format(tree, |
10720 | hf->hf.hs_cert_types, |
10721 | tvb, offset, cert_types_count, |
10722 | "Certificate types (%u type%s)", |
10723 | cert_types_count, |
10724 | plurality(cert_types_count, "", "s")((cert_types_count) == 1 ? ("") : ("s"))); |
10725 | subtree = proto_item_add_subtree(ti, hf->ett.cert_types); |
10726 | |
10727 | while (offset < next_offset) { |
10728 | proto_tree_add_item(subtree, hf->hf.hs_cert_type, tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
10729 | offset++; |
10730 | } |
10731 | } |
10732 | |
10733 | if (session->version == TLSV1DOT2_VERSION0x303 || session->version == DTLSV1DOT2_VERSION0xfefd || |
10734 | (is_tls13 && (draft_version > 0 && draft_version < 19))) { |
10735 | offset = ssl_dissect_hash_alg_list(hf, tvb, tree, pinfo, offset, offset_end, NULL((void*)0)); |
10736 | } |
10737 | |
10738 | if (is_tls13 && (draft_version == 0 || draft_version >= 19)) { |
10739 | /* |
10740 | * TLS 1.3 draft 19 and newer: Extensions. |
10741 | * SslDecryptSession pointer is NULL because Certificate Extensions |
10742 | * should not influence decryption state. |
10743 | */ |
10744 | ssl_dissect_hnd_extension(hf, tvb, tree, pinfo, offset, |
10745 | offset_end, SSL_HND_CERT_REQUEST, |
10746 | session, NULL((void*)0), is_dtls, NULL((void*)0), NULL((void*)0)); |
10747 | } else if (is_tls13 && draft_version <= 18) { |
10748 | /* |
10749 | * TLS 1.3 draft 18 and older: certificate_authorities and |
10750 | * certificate_extensions (a vector of OID mappings). |
10751 | */ |
10752 | offset = tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); |
10753 | ssl_dissect_hnd_hello_ext_oid_filters(hf, tvb, pinfo, tree, offset, offset_end); |
10754 | } else { |
10755 | /* for TLS 1.2 and older, the certificate_authorities field. */ |
10756 | tls_dissect_certificate_authorities(hf, tvb, pinfo, tree, offset, offset_end); |
10757 | } |
10758 | } |
10759 | /* Certificate and Certificate Request dissections. }}} */ |
10760 | |
10761 | void |
10762 | ssl_dissect_hnd_cli_cert_verify(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
10763 | proto_tree *tree, uint32_t offset, uint32_t offset_end, uint16_t version) |
10764 | { |
10765 | ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, |
10766 | hf->hf.hs_client_cert_vrfy_sig_len, |
10767 | hf->hf.hs_client_cert_vrfy_sig); |
10768 | } |
10769 | |
10770 | /* Finished dissection. {{{ */ |
10771 | void |
10772 | ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
10773 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
10774 | const SslSession *session, ssl_hfs_t *ssl_hfs) |
10775 | { |
10776 | /* For SSLv3: |
10777 | * struct { |
10778 | * opaque md5_hash[16]; |
10779 | * opaque sha_hash[20]; |
10780 | * } Finished; |
10781 | * |
10782 | * For (D)TLS: |
10783 | * struct { |
10784 | * opaque verify_data[12]; |
10785 | * } Finished; |
10786 | * |
10787 | * For TLS 1.3: |
10788 | * struct { |
10789 | * opaque verify_data[Hash.length]; |
10790 | * } |
10791 | */ |
10792 | if (!tree) |
10793 | return; |
10794 | |
10795 | if (session->version == SSLV3_VERSION0x300) { |
10796 | if (ssl_hfs != NULL((void*)0)) { |
10797 | proto_tree_add_item(tree, ssl_hfs->hs_md5_hash, |
10798 | tvb, offset, 16, ENC_NA0x00000000); |
10799 | proto_tree_add_item(tree, ssl_hfs->hs_sha_hash, |
10800 | tvb, offset + 16, 20, ENC_NA0x00000000); |
10801 | } |
10802 | } else { |
10803 | /* Length should be 12 for TLS before 1.3, assume this is the case. */ |
10804 | proto_tree_add_item(tree, hf->hf.hs_finished, |
10805 | tvb, offset, offset_end - offset, ENC_NA0x00000000); |
10806 | } |
10807 | } /* }}} */ |
10808 | |
10809 | /* RFC 6066 Certificate URL handshake message dissection. {{{ */ |
10810 | void |
10811 | ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset) |
10812 | { |
10813 | uint16_t url_hash_len; |
10814 | |
10815 | /* enum { |
10816 | * individual_certs(0), pkipath(1), (255) |
10817 | * } CertChainType; |
10818 | * |
10819 | * struct { |
10820 | * CertChainType type; |
10821 | * URLAndHash url_and_hash_list<1..2^16-1>; |
10822 | * } CertificateURL; |
10823 | * |
10824 | * struct { |
10825 | * opaque url<1..2^16-1>; |
10826 | * unint8 padding; |
10827 | * opaque SHA1Hash[20]; |
10828 | * } URLAndHash; |
10829 | */ |
10830 | |
10831 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_type, |
10832 | tvb, offset, 1, ENC_NA0x00000000); |
10833 | offset++; |
10834 | |
10835 | url_hash_len = tvb_get_ntohs(tvb, offset); |
10836 | proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_url_hash_list_len, |
10837 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
10838 | offset += 2; |
10839 | while (url_hash_len-- > 0) { |
10840 | proto_item *urlhash_item; |
10841 | proto_tree *urlhash_tree; |
10842 | uint16_t url_len; |
10843 | |
10844 | urlhash_item = proto_tree_add_item(tree, hf->hf.hs_ext_cert_url_item, |
10845 | tvb, offset, -1, ENC_NA0x00000000); |
10846 | urlhash_tree = proto_item_add_subtree(urlhash_item, hf->ett.urlhash); |
10847 | |
10848 | url_len = tvb_get_ntohs(tvb, offset); |
10849 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_url_len, |
10850 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
10851 | offset += 2; |
10852 | |
10853 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_url, |
10854 | tvb, offset, url_len, ENC_ASCII0x00000000|ENC_NA0x00000000); |
10855 | offset += url_len; |
10856 | |
10857 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_padding, |
10858 | tvb, offset, 1, ENC_NA0x00000000); |
10859 | offset++; |
10860 | /* Note: RFC 6066 says that padding must be 0x01 */ |
10861 | |
10862 | proto_tree_add_item(urlhash_tree, hf->hf.hs_ext_cert_url_sha1, |
10863 | tvb, offset, 20, ENC_NA0x00000000); |
10864 | offset += 20; |
10865 | } |
10866 | } /* }}} */ |
10867 | |
10868 | void |
10869 | ssl_dissect_hnd_compress_certificate(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, |
10870 | uint32_t offset, uint32_t offset_end, packet_info *pinfo, |
10871 | SslSession *session, SslDecryptSession *ssl, |
10872 | bool_Bool is_from_server, bool_Bool is_dtls) |
10873 | { |
10874 | uint32_t algorithm, uncompressed_length; |
10875 | uint32_t compressed_certificate_message_length; |
10876 | tvbuff_t *uncompressed_tvb = NULL((void*)0); |
10877 | proto_item *ti; |
10878 | /* |
10879 | * enum { |
10880 | * zlib(1), |
10881 | * brotli(2), |
10882 | * zstd(3), |
10883 | * (65535) |
10884 | * } CertificateCompressionAlgorithm; |
10885 | * |
10886 | * struct { |
10887 | * CertificateCompressionAlgorithm algorithm; |
10888 | * uint24 uncompressed_length; |
10889 | * opaque compressed_certificate_message<1..2^24-1>; |
10890 | * } CompressedCertificate; |
10891 | */ |
10892 | |
10893 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_compress_certificate_algorithm, |
10894 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &algorithm); |
10895 | offset += 2; |
10896 | |
10897 | proto_tree_add_item_ret_uint(tree, hf->hf.hs_ext_compress_certificate_uncompressed_length, |
10898 | tvb, offset, 3, ENC_BIG_ENDIAN0x00000000, &uncompressed_length); |
10899 | offset += 3; |
10900 | |
10901 | /* opaque compressed_certificate_message<1..2^24-1>; */ |
10902 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &compressed_certificate_message_length, |
10903 | hf->hf.hs_ext_compress_certificate_compressed_certificate_message_length, 1, G_MAXUINT24((1U << 24) - 1))) { |
10904 | return; |
10905 | } |
10906 | offset += 3; |
10907 | |
10908 | ti = proto_tree_add_item(tree, hf->hf.hs_ext_compress_certificate_compressed_certificate_message, |
10909 | tvb, offset, compressed_certificate_message_length, ENC_NA0x00000000); |
10910 | |
10911 | /* Certificate decompression following algorithm */ |
10912 | switch (algorithm) { |
10913 | case 2: /* brotli */ |
10914 | uncompressed_tvb = tvb_child_uncompress_brotli(tvb, tvb, offset, compressed_certificate_message_length); |
10915 | break; |
10916 | /* TODO: add other algorithms */ |
10917 | } |
10918 | |
10919 | if (uncompressed_tvb) { |
10920 | proto_tree *uncompressed_tree; |
10921 | |
10922 | if (uncompressed_length != tvb_captured_length(uncompressed_tvb)) { |
10923 | proto_tree_add_expert_format(tree, pinfo, &hf->ei.decompression_error, |
10924 | tvb, offset, offset_end - offset, |
10925 | "Invalid uncompressed length %u (expected %u)", |
10926 | tvb_captured_length(uncompressed_tvb), |
10927 | uncompressed_length); |
10928 | } else { |
10929 | uncompressed_tree = proto_item_add_subtree(ti, hf->ett.uncompressed_certificates); |
10930 | ssl_dissect_hnd_cert(hf, uncompressed_tvb, uncompressed_tree, |
10931 | 0, uncompressed_length, pinfo, session, ssl, is_from_server, is_dtls); |
10932 | add_new_data_source(pinfo, uncompressed_tvb, "Uncompressed certificate(s)"); |
10933 | } |
10934 | } |
10935 | } |
10936 | |
10937 | /* Dissection of TLS Extensions in Client Hello, Server Hello, etc. {{{ */ |
10938 | static int |
10939 | ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, |
10940 | packet_info* pinfo, uint32_t offset, uint32_t offset_end, uint8_t hnd_type, |
10941 | SslSession *session, SslDecryptSession *ssl, |
10942 | bool_Bool is_dtls, wmem_strbuf_t *ja3, ja4_data_t *ja4_data) |
10943 | { |
10944 | uint32_t exts_len; |
10945 | uint16_t ext_type; |
10946 | uint32_t ext_len; |
10947 | uint32_t next_offset; |
10948 | proto_tree *ext_tree; |
10949 | bool_Bool is_tls13 = session->version == TLSV1DOT3_VERSION0x304; |
10950 | wmem_strbuf_t *ja3_sg = wmem_strbuf_new(pinfo->pool, ""); |
10951 | wmem_strbuf_t *ja3_ecpf = wmem_strbuf_new(pinfo->pool, ""); |
10952 | char *ja3_dash = ""; |
10953 | unsigned supported_version; |
10954 | |
10955 | /* Extension extensions<0..2^16-2> (for TLS 1.3 HRR/CR min-length is 2) */ |
10956 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &exts_len, |
10957 | hf->hf.hs_exts_len, 0, UINT16_MAX(65535))) { |
10958 | return offset_end; |
10959 | } |
10960 | offset += 2; |
10961 | offset_end = offset + exts_len; |
10962 | |
10963 | if (ja4_data) { |
10964 | ja4_data->num_extensions = 0; |
10965 | } |
10966 | while (offset_end - offset >= 4) |
10967 | { |
10968 | ext_type = tvb_get_ntohs(tvb, offset); |
10969 | ext_len = tvb_get_ntohs(tvb, offset + 2); |
10970 | |
10971 | if (ja4_data && !IS_GREASE_TLS(ext_type)((((ext_type) & 0x0f0f) == 0x0a0a) && (((ext_type ) & 0xff) == (((ext_type)>>8) & 0xff)))) { |
10972 | ja4_data->num_extensions += 1; |
10973 | if (ext_type != SSL_HND_HELLO_EXT_SERVER_NAME0 && |
10974 | ext_type != SSL_HND_HELLO_EXT_ALPN16) { |
10975 | wmem_list_insert_sorted(ja4_data->extension_list, GUINT_TO_POINTER(ext_type)((gpointer) (gulong) (ext_type)), wmem_compare_uint); |
10976 | } |
10977 | } |
10978 | |
10979 | ext_tree = proto_tree_add_subtree_format(tree, tvb, offset, 4 + ext_len, hf->ett.hs_ext, NULL((void*)0), |
10980 | "Extension: %s (len=%u)", val_to_str(ext_type, |
10981 | tls_hello_extension_types, |
10982 | "Unknown type %u"), ext_len); |
10983 | |
10984 | proto_tree_add_uint(ext_tree, hf->hf.hs_ext_type, |
10985 | tvb, offset, 2, ext_type); |
10986 | offset += 2; |
10987 | if (ja3 && !IS_GREASE_TLS(ext_type)((((ext_type) & 0x0f0f) == 0x0a0a) && (((ext_type ) & 0xff) == (((ext_type)>>8) & 0xff)))) { |
10988 | wmem_strbuf_append_printf(ja3, "%s%i",ja3_dash, ext_type); |
10989 | ja3_dash = "-"; |
10990 | } |
10991 | |
10992 | /* opaque extension_data<0..2^16-1> */ |
10993 | if (!ssl_add_vector(hf, tvb, pinfo, ext_tree, offset, offset_end, &ext_len, |
10994 | hf->hf.hs_ext_len, 0, UINT16_MAX(65535))) { |
10995 | return offset_end; |
10996 | } |
10997 | offset += 2; |
10998 | next_offset = offset + ext_len; |
10999 | |
11000 | switch (ext_type) { |
11001 | case SSL_HND_HELLO_EXT_SERVER_NAME0: |
11002 | if (hnd_type == SSL_HND_CLIENT_HELLO) { |
11003 | offset = ssl_dissect_hnd_hello_ext_server_name(hf, tvb, pinfo, ext_tree, offset, next_offset); |
11004 | if (ja4_data) { |
11005 | ja4_data->server_name_present = true1; |
11006 | } |
11007 | } |
11008 | break; |
11009 | case SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH1: |
11010 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_max_fragment_length, tvb, offset, 1, ENC_NA0x00000000); |
11011 | offset += 1; |
11012 | break; |
11013 | case SSL_HND_HELLO_EXT_STATUS_REQUEST5: |
11014 | if (hnd_type == SSL_HND_CLIENT_HELLO) { |
11015 | offset = ssl_dissect_hnd_hello_ext_status_request(hf, tvb, pinfo, ext_tree, offset, next_offset, false0); |
11016 | } else if (is_tls13 && hnd_type == SSL_HND_CERTIFICATE) { |
11017 | offset = tls_dissect_hnd_certificate_status(hf, tvb, pinfo, ext_tree, offset, next_offset); |
11018 | } |
11019 | break; |
11020 | case SSL_HND_HELLO_EXT_CERT_TYPE9: |
11021 | offset = ssl_dissect_hnd_hello_ext_cert_type(hf, tvb, ext_tree, |
11022 | offset, next_offset, |
11023 | hnd_type, ext_type, |
11024 | session); |
11025 | break; |
11026 | case SSL_HND_HELLO_EXT_SUPPORTED_GROUPS10: |
11027 | if (hnd_type == SSL_HND_CLIENT_HELLO) { |
11028 | offset = ssl_dissect_hnd_hello_ext_supported_groups(hf, tvb, pinfo, ext_tree, offset, |
11029 | next_offset, ja3_sg); |
11030 | } else { |
11031 | offset = ssl_dissect_hnd_hello_ext_supported_groups(hf, tvb, pinfo, ext_tree, offset, |
11032 | next_offset, NULL((void*)0)); |
11033 | } |
11034 | break; |
11035 | case SSL_HND_HELLO_EXT_EC_POINT_FORMATS11: |
11036 | if (hnd_type == SSL_HND_CLIENT_HELLO) { |
11037 | offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset, ja3_ecpf); |
11038 | } else { |
11039 | offset = ssl_dissect_hnd_hello_ext_ec_point_formats(hf, tvb, ext_tree, offset, NULL((void*)0)); |
11040 | } |
11041 | break; |
11042 | break; |
11043 | case SSL_HND_HELLO_EXT_SRP12: |
11044 | offset = ssl_dissect_hnd_hello_ext_srp(hf, tvb, pinfo, ext_tree, offset, next_offset); |
11045 | break; |
11046 | case SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS13: |
11047 | offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, pinfo, offset, next_offset, ja4_data); |
11048 | break; |
11049 | case SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT50: /* since TLS 1.3 draft -23 */ |
11050 | offset = ssl_dissect_hnd_hello_ext_sig_hash_algs(hf, tvb, ext_tree, pinfo, offset, next_offset, NULL((void*)0)); |
11051 | break; |
11052 | case SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS34: |
11053 | offset = ssl_dissect_hnd_ext_delegated_credentials(hf, tvb, ext_tree, pinfo, offset, next_offset, hnd_type); |
11054 | break; |
11055 | case SSL_HND_HELLO_EXT_USE_SRTP14: |
11056 | if (is_dtls) { |
11057 | if (hnd_type == SSL_HND_CLIENT_HELLO) { |
11058 | offset = dtls_dissect_hnd_hello_ext_use_srtp(pinfo, tvb, ext_tree, offset, next_offset, false0); |
11059 | } else if (hnd_type == SSL_HND_SERVER_HELLO) { |
11060 | offset = dtls_dissect_hnd_hello_ext_use_srtp(pinfo, tvb, ext_tree, offset, next_offset, true1); |
11061 | } |
11062 | } else { |
11063 | // XXX expert info: This extension MUST only be used with DTLS, and not with TLS. |
11064 | } |
11065 | break; |
11066 | case SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO65037: |
11067 | offset = ssl_dissect_hnd_hello_ext_ech(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); |
11068 | break; |
11069 | case SSL_HND_HELLO_EXT_HEARTBEAT15: |
11070 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_heartbeat_mode, |
11071 | tvb, offset, 1, ENC_BIG_ENDIAN0x00000000); |
11072 | offset++; |
11073 | break; |
11074 | case SSL_HND_HELLO_EXT_ALPN16: |
11075 | offset = ssl_dissect_hnd_hello_ext_alpn(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, session, is_dtls, ja4_data); |
11076 | break; |
11077 | case SSL_HND_HELLO_EXT_STATUS_REQUEST_V217: |
11078 | if (hnd_type == SSL_HND_CLIENT_HELLO) |
11079 | offset = ssl_dissect_hnd_hello_ext_status_request_v2(hf, tvb, pinfo, ext_tree, offset, next_offset); |
11080 | break; |
11081 | case SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP18: |
11082 | // TLS 1.3 note: SCT only appears in EE in draft -16 and before. |
11083 | if (hnd_type == SSL_HND_SERVER_HELLO || hnd_type == SSL_HND_ENCRYPTED_EXTENSIONS || hnd_type == SSL_HND_CERTIFICATE) |
11084 | offset = tls_dissect_sct_list(hf, tvb, pinfo, ext_tree, offset, next_offset, session->version); |
11085 | break; |
11086 | case SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE19: |
11087 | case SSL_HND_HELLO_EXT_SERVER_CERT_TYPE20: |
11088 | offset = ssl_dissect_hnd_hello_ext_cert_type(hf, tvb, ext_tree, |
11089 | offset, next_offset, |
11090 | hnd_type, ext_type, |
11091 | session); |
11092 | break; |
11093 | case SSL_HND_HELLO_EXT_PADDING21: |
11094 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_padding_data, tvb, offset, ext_len, ENC_NA0x00000000); |
11095 | offset += ext_len; |
11096 | break; |
11097 | case SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC22: |
11098 | if (ssl && hnd_type == SSL_HND_SERVER_HELLO) { |
11099 | ssl_debug_printf("%s enabling Encrypt-then-MAC\n", G_STRFUNC((const char*) (__func__))); |
11100 | ssl->state |= SSL_ENCRYPT_THEN_MAC(1<<11); |
11101 | } |
11102 | break; |
11103 | case SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET23: |
11104 | if (ssl) { |
11105 | switch (hnd_type) { |
11106 | case SSL_HND_CLIENT_HELLO: |
11107 | ssl->state |= SSL_CLIENT_EXTENDED_MASTER_SECRET(1<<7); |
11108 | break; |
11109 | case SSL_HND_SERVER_HELLO: |
11110 | ssl->state |= SSL_SERVER_EXTENDED_MASTER_SECRET(1<<8); |
11111 | break; |
11112 | default: /* no default */ |
11113 | break; |
11114 | } |
11115 | } |
11116 | break; |
11117 | case SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE27: |
11118 | offset = ssl_dissect_hnd_hello_ext_compress_certificate(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); |
11119 | break; |
11120 | case SSL_HND_HELLO_EXT_TOKEN_BINDING24: |
11121 | offset = ssl_dissect_hnd_hello_ext_token_binding(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); |
11122 | break; |
11123 | case SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT28: |
11124 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_record_size_limit, |
11125 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
11126 | offset += 2; |
11127 | break; |
11128 | case SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS65445: |
11129 | case SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V157: |
11130 | offset = ssl_dissect_hnd_hello_ext_quic_transport_parameters(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); |
11131 | break; |
11132 | case SSL_HND_HELLO_EXT_SESSION_TICKET_TLS35: |
11133 | offset = ssl_dissect_hnd_hello_ext_session_ticket(hf, tvb, ext_tree, offset, next_offset, hnd_type, ssl); |
11134 | break; |
11135 | case SSL_HND_HELLO_EXT_KEY_SHARE_OLD40: /* used before TLS 1.3 draft -23 */ |
11136 | case SSL_HND_HELLO_EXT_KEY_SHARE51: |
11137 | offset = ssl_dissect_hnd_hello_ext_key_share(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); |
11138 | break; |
11139 | case SSL_HND_HELLO_EXT_PRE_SHARED_KEY41: |
11140 | offset = ssl_dissect_hnd_hello_ext_pre_shared_key(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); |
11141 | break; |
11142 | case SSL_HND_HELLO_EXT_EARLY_DATA42: |
11143 | case SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO46: |
11144 | offset = ssl_dissect_hnd_hello_ext_early_data(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); |
11145 | break; |
11146 | case SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS43: |
11147 | switch (hnd_type) { |
11148 | case SSL_HND_CLIENT_HELLO: |
11149 | offset = ssl_dissect_hnd_hello_ext_supported_versions(hf, tvb, pinfo, ext_tree, offset, next_offset, session, is_dtls, ja4_data); |
11150 | break; |
11151 | case SSL_HND_SERVER_HELLO: |
11152 | case SSL_HND_HELLO_RETRY_REQUEST: |
11153 | proto_tree_add_item_ret_uint(ext_tree, hf->hf.hs_ext_supported_version, tvb, offset, 2, ENC_BIG_ENDIAN0x00000000, &supported_version); |
11154 | offset += 2; |
11155 | proto_item_append_text(ext_tree, " %s", val_to_str(supported_version, ssl_versions, "Unknown (0x%04x)")); |
11156 | break; |
11157 | } |
11158 | break; |
11159 | case SSL_HND_HELLO_EXT_COOKIE44: |
11160 | offset = ssl_dissect_hnd_hello_ext_cookie(hf, tvb, pinfo, ext_tree, offset, next_offset); |
11161 | break; |
11162 | case SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES45: |
11163 | offset = ssl_dissect_hnd_hello_ext_psk_key_exchange_modes(hf, tvb, pinfo, ext_tree, offset, next_offset); |
11164 | break; |
11165 | case SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES47: |
11166 | offset = ssl_dissect_hnd_hello_ext_certificate_authorities(hf, tvb, pinfo, ext_tree, offset, next_offset); |
11167 | break; |
11168 | case SSL_HND_HELLO_EXT_OID_FILTERS48: |
11169 | offset = ssl_dissect_hnd_hello_ext_oid_filters(hf, tvb, pinfo, ext_tree, offset, next_offset); |
11170 | break; |
11171 | case SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH49: |
11172 | break; |
11173 | case SSL_HND_HELLO_EXT_NPN13172: |
11174 | offset = ssl_dissect_hnd_hello_ext_npn(hf, tvb, pinfo, ext_tree, offset, next_offset); |
11175 | break; |
11176 | case SSL_HND_HELLO_EXT_ALPS17513: |
11177 | offset = ssl_dissect_hnd_hello_ext_alps(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type); |
11178 | break; |
11179 | case SSL_HND_HELLO_EXT_RENEGOTIATION_INFO65281: |
11180 | offset = ssl_dissect_hnd_hello_ext_reneg_info(hf, tvb, pinfo, ext_tree, offset, next_offset); |
11181 | break; |
11182 | case SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME65486: |
11183 | offset = ssl_dissect_hnd_hello_ext_esni(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); |
11184 | break; |
11185 | case SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED53: |
11186 | session->deprecated_cid = true1; |
11187 | /* FALLTHRU */ |
11188 | case SSL_HND_HELLO_EXT_CONNECTION_ID54: |
11189 | offset = ssl_dissect_hnd_hello_ext_connection_id(hf, tvb, pinfo, ext_tree, offset, hnd_type, session, ssl); |
11190 | break; |
11191 | default: |
11192 | proto_tree_add_item(ext_tree, hf->hf.hs_ext_data, |
11193 | tvb, offset, ext_len, ENC_NA0x00000000); |
11194 | offset += ext_len; |
11195 | break; |
11196 | } |
11197 | |
11198 | if (!ssl_end_vector(hf, tvb, pinfo, ext_tree, offset, next_offset)) { |
11199 | /* Dissection did not end at expected location, fix it. */ |
11200 | offset = next_offset; |
11201 | } |
11202 | } |
11203 | |
11204 | if (ja3) { |
11205 | if (hnd_type == SSL_HND_CLIENT_HELLO) { |
11206 | if(wmem_strbuf_get_len(ja3_sg) > 0) { |
11207 | wmem_strbuf_append_printf(ja3, "%s", wmem_strbuf_get_str(ja3_sg)); |
11208 | } else { |
11209 | wmem_strbuf_append_c(ja3, ','); |
11210 | } |
11211 | if(wmem_strbuf_get_len(ja3_ecpf) > 0) { |
11212 | wmem_strbuf_append_printf(ja3, "%s", wmem_strbuf_get_str(ja3_ecpf)); |
11213 | } else { |
11214 | wmem_strbuf_append_c(ja3, ','); |
11215 | } |
11216 | } |
11217 | } |
11218 | |
11219 | /* Check if Extensions vector is correctly terminated. */ |
11220 | if (!ssl_end_vector(hf, tvb, pinfo, tree, offset, offset_end)) { |
11221 | offset = offset_end; |
11222 | } |
11223 | |
11224 | return offset; |
11225 | } /* }}} */ |
11226 | |
11227 | |
11228 | /* ClientKeyExchange algo-specific dissectors. {{{ */ |
11229 | |
11230 | static void |
11231 | dissect_ssl3_hnd_cli_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11232 | proto_tree *tree, uint32_t offset, |
11233 | uint32_t length) |
11234 | { |
11235 | int point_len; |
11236 | proto_tree *ssl_ecdh_tree; |
11237 | |
11238 | ssl_ecdh_tree = proto_tree_add_subtree(tree, tvb, offset, length, |
11239 | hf->ett.keyex_params, NULL((void*)0), "EC Diffie-Hellman Client Params"); |
11240 | |
11241 | /* point */ |
11242 | point_len = tvb_get_uint8(tvb, offset); |
11243 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point_len, tvb, |
11244 | offset, 1, ENC_BIG_ENDIAN0x00000000); |
11245 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_client_keyex_point, tvb, |
11246 | offset + 1, point_len, ENC_NA0x00000000); |
11247 | } |
11248 | |
11249 | static void |
11250 | dissect_ssl3_hnd_cli_keyex_dhe(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11251 | proto_tree *tree, uint32_t offset, uint32_t length) |
11252 | { |
11253 | int yc_len; |
11254 | proto_tree *ssl_dh_tree; |
11255 | |
11256 | ssl_dh_tree = proto_tree_add_subtree(tree, tvb, offset, length, |
11257 | hf->ett.keyex_params, NULL((void*)0), "Diffie-Hellman Client Params"); |
11258 | |
11259 | /* ClientDiffieHellmanPublic.dh_public (explicit) */ |
11260 | yc_len = tvb_get_ntohs(tvb, offset); |
11261 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc_len, tvb, |
11262 | offset, 2, ENC_BIG_ENDIAN0x00000000); |
11263 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_client_keyex_yc, tvb, |
11264 | offset + 2, yc_len, ENC_NA0x00000000); |
11265 | } |
11266 | |
11267 | static void |
11268 | dissect_ssl3_hnd_cli_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11269 | proto_tree *tree, uint32_t offset, |
11270 | uint32_t length, const SslSession *session) |
11271 | { |
11272 | int epms_len; |
11273 | proto_tree *ssl_rsa_tree; |
11274 | |
11275 | ssl_rsa_tree = proto_tree_add_subtree(tree, tvb, offset, length, |
11276 | hf->ett.keyex_params, NULL((void*)0), "RSA Encrypted PreMaster Secret"); |
11277 | |
11278 | /* EncryptedPreMasterSecret.pre_master_secret */ |
11279 | switch (session->version) { |
11280 | case SSLV2_VERSION0x0002: |
11281 | case SSLV3_VERSION0x300: |
11282 | case DTLSV1DOT0_OPENSSL_VERSION0x100: |
11283 | /* OpenSSL pre-0.9.8f DTLS and pre-TLS quirk: 2-octet length vector is |
11284 | * not present. The handshake contents represents the EPMS, see: |
11285 | * https://gitlab.com/wireshark/wireshark/-/issues/10222 */ |
11286 | epms_len = length; |
11287 | break; |
11288 | |
11289 | default: |
11290 | /* TLS and DTLS include vector length before EPMS */ |
11291 | epms_len = tvb_get_ntohs(tvb, offset); |
11292 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms_len, tvb, |
11293 | offset, 2, ENC_BIG_ENDIAN0x00000000); |
11294 | offset += 2; |
11295 | break; |
11296 | } |
11297 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_client_keyex_epms, tvb, |
11298 | offset, epms_len, ENC_NA0x00000000); |
11299 | } |
11300 | |
11301 | /* Used in PSK cipher suites */ |
11302 | static uint32_t |
11303 | dissect_ssl3_hnd_cli_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11304 | proto_tree *tree, uint32_t offset) |
11305 | { |
11306 | unsigned identity_len; |
11307 | proto_tree *ssl_psk_tree; |
11308 | |
11309 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, -1, |
11310 | hf->ett.keyex_params, NULL((void*)0), "PSK Client Params"); |
11311 | /* identity */ |
11312 | identity_len = tvb_get_ntohs(tvb, offset); |
11313 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, tvb, |
11314 | offset, 2, ENC_BIG_ENDIAN0x00000000); |
11315 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, tvb, |
11316 | offset + 2, identity_len, ENC_NA0x00000000); |
11317 | |
11318 | proto_item_set_len(ssl_psk_tree, 2 + identity_len); |
11319 | return 2 + identity_len; |
11320 | } |
11321 | |
11322 | /* Used in RSA PSK cipher suites */ |
11323 | static void |
11324 | dissect_ssl3_hnd_cli_keyex_rsa_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11325 | proto_tree *tree, uint32_t offset, |
11326 | uint32_t length) |
11327 | { |
11328 | int identity_len, epms_len; |
11329 | proto_tree *ssl_psk_tree; |
11330 | |
11331 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, length, |
11332 | hf->ett.keyex_params, NULL((void*)0), "RSA PSK Client Params"); |
11333 | |
11334 | /* identity */ |
11335 | identity_len = tvb_get_ntohs(tvb, offset); |
11336 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity_len, |
11337 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
11338 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_identity, |
11339 | tvb, offset + 2, identity_len, ENC_NA0x00000000); |
11340 | offset += 2 + identity_len; |
11341 | |
11342 | /* Yc */ |
11343 | epms_len = tvb_get_ntohs(tvb, offset); |
11344 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms_len, tvb, |
11345 | offset, 2, ENC_BIG_ENDIAN0x00000000); |
11346 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_client_keyex_epms, tvb, |
11347 | offset + 2, epms_len, ENC_NA0x00000000); |
11348 | } |
11349 | |
11350 | /* Used in Diffie-Hellman PSK cipher suites */ |
11351 | static void |
11352 | dissect_ssl3_hnd_cli_keyex_dhe_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11353 | proto_tree *tree, uint32_t offset, uint32_t length) |
11354 | { |
11355 | /* |
11356 | * struct { |
11357 | * select (KeyExchangeAlgorithm) { |
11358 | * case diffie_hellman_psk: |
11359 | * opaque psk_identity<0..2^16-1>; |
11360 | * ClientDiffieHellmanPublic public; |
11361 | * } exchange_keys; |
11362 | * } ClientKeyExchange; |
11363 | */ |
11364 | |
11365 | uint32_t psk_len = dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); |
11366 | dissect_ssl3_hnd_cli_keyex_dhe(hf, tvb, tree, offset + psk_len, length - psk_len); |
11367 | } |
11368 | |
11369 | /* Used in EC Diffie-Hellman PSK cipher suites */ |
11370 | static void |
11371 | dissect_ssl3_hnd_cli_keyex_ecdh_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11372 | proto_tree *tree, uint32_t offset, uint32_t length) |
11373 | { |
11374 | /* |
11375 | * struct { |
11376 | * select (KeyExchangeAlgorithm) { |
11377 | * case ec_diffie_hellman_psk: |
11378 | * opaque psk_identity<0..2^16-1>; |
11379 | * ClientECDiffieHellmanPublic public; |
11380 | * } exchange_keys; |
11381 | * } ClientKeyExchange; |
11382 | */ |
11383 | |
11384 | uint32_t psk_len = dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); |
11385 | dissect_ssl3_hnd_cli_keyex_ecdh(hf, tvb, tree, offset + psk_len, length - psk_len); |
11386 | } |
11387 | |
11388 | /* Used in EC J-PAKE cipher suites */ |
11389 | static void |
11390 | dissect_ssl3_hnd_cli_keyex_ecjpake(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11391 | proto_tree *tree, uint32_t offset, |
11392 | uint32_t length) |
11393 | { |
11394 | /* |
11395 | * struct { |
11396 | * ECPoint V; |
11397 | * opaque r<1..2^8-1>; |
11398 | * } ECSchnorrZKP; |
11399 | * |
11400 | * struct { |
11401 | * ECPoint X; |
11402 | * ECSchnorrZKP zkp; |
11403 | * } ECJPAKEKeyKP; |
11404 | * |
11405 | * struct { |
11406 | * ECJPAKEKeyKP ecjpake_key_kp; |
11407 | * } ClientECJPAKEParams; |
11408 | * |
11409 | * select (KeyExchangeAlgorithm) { |
11410 | * case ecjpake: |
11411 | * ClientECJPAKEParams params; |
11412 | * } ClientKeyExchange; |
11413 | */ |
11414 | |
11415 | int point_len; |
11416 | proto_tree *ssl_ecjpake_tree; |
11417 | |
11418 | ssl_ecjpake_tree = proto_tree_add_subtree(tree, tvb, offset, length, |
11419 | hf->ett.keyex_params, NULL((void*)0), |
11420 | "EC J-PAKE Client Params"); |
11421 | |
11422 | /* ECJPAKEKeyKP.X */ |
11423 | point_len = tvb_get_uint8(tvb, offset); |
11424 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_xc_len, tvb, |
11425 | offset, 1, ENC_BIG_ENDIAN0x00000000); |
11426 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_xc, tvb, |
11427 | offset + 1, point_len, ENC_NA0x00000000); |
11428 | offset += 1 + point_len; |
11429 | |
11430 | /* ECJPAKEKeyKP.zkp.V */ |
11431 | point_len = tvb_get_uint8(tvb, offset); |
11432 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_vc_len, tvb, |
11433 | offset, 1, ENC_BIG_ENDIAN0x00000000); |
11434 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_vc, tvb, |
11435 | offset + 1, point_len, ENC_NA0x00000000); |
11436 | offset += 1 + point_len; |
11437 | |
11438 | /* ECJPAKEKeyKP.zkp.r */ |
11439 | point_len = tvb_get_uint8(tvb, offset); |
11440 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_rc_len, tvb, |
11441 | offset, 1, ENC_BIG_ENDIAN0x00000000); |
11442 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_client_keyex_rc, tvb, |
11443 | offset + 1, point_len, ENC_NA0x00000000); |
11444 | } |
11445 | |
11446 | static void |
11447 | dissect_ssl3_hnd_cli_keyex_ecc_sm2(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11448 | proto_tree *tree, uint32_t offset, |
11449 | uint32_t length) |
11450 | { |
11451 | int epms_len; |
11452 | proto_tree *ssl_ecc_sm2_tree; |
11453 | |
11454 | ssl_ecc_sm2_tree = proto_tree_add_subtree(tree, tvb, offset, length, |
11455 | hf->ett.keyex_params, NULL((void*)0), |
11456 | "ECC-SM2 Encrypted PreMaster Secret"); |
11457 | |
11458 | epms_len = tvb_get_ntohs(tvb, offset); |
11459 | proto_tree_add_item(ssl_ecc_sm2_tree, hf->hf.hs_client_keyex_epms_len, tvb, |
11460 | offset, 2, ENC_BIG_ENDIAN0x00000000); |
11461 | offset += 2; |
11462 | proto_tree_add_item(ssl_ecc_sm2_tree, hf->hf.hs_client_keyex_epms, tvb, |
11463 | offset, epms_len, ENC_NA0x00000000); |
11464 | } |
11465 | /* ClientKeyExchange algo-specific dissectors. }}} */ |
11466 | |
11467 | |
11468 | /* Dissects DigitallySigned (see RFC 5246 4.7 Cryptographic Attributes). {{{ */ |
11469 | static uint32_t |
11470 | ssl_dissect_digitally_signed(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
11471 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
11472 | uint16_t version, int hf_sig_len, int hf_sig) |
11473 | { |
11474 | uint32_t sig_len; |
11475 | |
11476 | switch (version) { |
11477 | case TLSV1DOT2_VERSION0x303: |
11478 | case DTLSV1DOT2_VERSION0xfefd: |
11479 | case TLSV1DOT3_VERSION0x304: |
11480 | case DTLSV1DOT3_VERSION0xfefc: |
11481 | tls_dissect_signature_algorithm(hf, tvb, tree, offset, NULL((void*)0)); |
11482 | offset += 2; |
11483 | break; |
11484 | |
11485 | default: |
11486 | break; |
11487 | } |
11488 | |
11489 | /* Sig */ |
11490 | if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &sig_len, |
11491 | hf_sig_len, 0, UINT16_MAX(65535))) { |
11492 | return offset_end; |
11493 | } |
11494 | offset += 2; |
11495 | proto_tree_add_item(tree, hf_sig, tvb, offset, sig_len, ENC_NA0x00000000); |
11496 | offset += sig_len; |
11497 | return offset; |
11498 | } /* }}} */ |
11499 | |
11500 | /* ServerKeyExchange algo-specific dissectors. {{{ */ |
11501 | |
11502 | /* dissects signed_params inside a ServerKeyExchange for some keyex algos */ |
11503 | static void |
11504 | dissect_ssl3_hnd_srv_keyex_sig(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
11505 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
11506 | uint16_t version) |
11507 | { |
11508 | /* |
11509 | * TLSv1.2 (RFC 5246 sec 7.4.8) |
11510 | * struct { |
11511 | * digitally-signed struct { |
11512 | * opaque handshake_messages[handshake_messages_length]; |
11513 | * } |
11514 | * } CertificateVerify; |
11515 | * |
11516 | * TLSv1.0/TLSv1.1 (RFC 5436 sec 7.4.8 and 7.4.3) works essentially the same |
11517 | * as TLSv1.2, but the hash algorithms are not explicit in digitally-signed. |
11518 | * |
11519 | * SSLv3 (RFC 6101 sec 5.6.8) essentially works the same as TLSv1.0 but it |
11520 | * does more hashing including the master secret and padding. |
11521 | */ |
11522 | ssl_dissect_digitally_signed(hf, tvb, pinfo, tree, offset, offset_end, version, |
11523 | hf->hf.hs_server_keyex_sig_len, |
11524 | hf->hf.hs_server_keyex_sig); |
11525 | } |
11526 | |
11527 | static uint32_t |
11528 | dissect_tls_ecparameters(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset, uint32_t offset_end) |
11529 | { |
11530 | /* |
11531 | * RFC 4492 ECC cipher suites for TLS |
11532 | * |
11533 | * struct { |
11534 | * ECCurveType curve_type; |
11535 | * select (curve_type) { |
11536 | * case explicit_prime: |
11537 | * ... |
11538 | * case explicit_char2: |
11539 | * ... |
11540 | * case named_curve: |
11541 | * NamedCurve namedcurve; |
11542 | * }; |
11543 | * } ECParameters; |
11544 | */ |
11545 | |
11546 | int curve_type; |
11547 | |
11548 | /* ECParameters.curve_type */ |
11549 | curve_type = tvb_get_uint8(tvb, offset); |
11550 | proto_tree_add_item(tree, hf->hf.hs_server_keyex_curve_type, tvb, |
11551 | offset, 1, ENC_BIG_ENDIAN0x00000000); |
11552 | offset++; |
11553 | |
11554 | if (curve_type != 3) |
11555 | return offset_end; /* only named_curves are supported */ |
11556 | |
11557 | /* case curve_type == named_curve; ECParameters.namedcurve */ |
11558 | proto_tree_add_item(tree, hf->hf.hs_server_keyex_named_curve, tvb, |
11559 | offset, 2, ENC_BIG_ENDIAN0x00000000); |
11560 | offset += 2; |
11561 | |
11562 | return offset; |
11563 | } |
11564 | |
11565 | static void |
11566 | dissect_ssl3_hnd_srv_keyex_ecdh(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
11567 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
11568 | uint16_t version, bool_Bool anon) |
11569 | { |
11570 | /* |
11571 | * RFC 4492 ECC cipher suites for TLS |
11572 | * |
11573 | * struct { |
11574 | * opaque point <1..2^8-1>; |
11575 | * } ECPoint; |
11576 | * |
11577 | * struct { |
11578 | * ECParameters curve_params; |
11579 | * ECPoint public; |
11580 | * } ServerECDHParams; |
11581 | * |
11582 | * select (KeyExchangeAlgorithm) { |
11583 | * case ec_diffie_hellman: |
11584 | * ServerECDHParams params; |
11585 | * Signature signed_params; |
11586 | * } ServerKeyExchange; |
11587 | */ |
11588 | |
11589 | int point_len; |
11590 | proto_tree *ssl_ecdh_tree; |
11591 | |
11592 | ssl_ecdh_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, |
11593 | hf->ett.keyex_params, NULL((void*)0), "EC Diffie-Hellman Server Params"); |
11594 | |
11595 | offset = dissect_tls_ecparameters(hf, tvb, ssl_ecdh_tree, offset, offset_end); |
11596 | if (offset >= offset_end) |
11597 | return; /* only named_curves are supported */ |
11598 | |
11599 | /* ECPoint.point */ |
11600 | point_len = tvb_get_uint8(tvb, offset); |
11601 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point_len, tvb, |
11602 | offset, 1, ENC_BIG_ENDIAN0x00000000); |
11603 | proto_tree_add_item(ssl_ecdh_tree, hf->hf.hs_server_keyex_point, tvb, |
11604 | offset + 1, point_len, ENC_NA0x00000000); |
11605 | offset += 1 + point_len; |
11606 | |
11607 | /* Signature (if non-anonymous KEX) */ |
11608 | if (!anon) { |
11609 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_ecdh_tree, offset, offset_end, version); |
11610 | } |
11611 | } |
11612 | |
11613 | static void |
11614 | dissect_ssl3_hnd_srv_keyex_dhe(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
11615 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
11616 | uint16_t version, bool_Bool anon) |
11617 | { |
11618 | int p_len, g_len, ys_len; |
11619 | proto_tree *ssl_dh_tree; |
11620 | |
11621 | ssl_dh_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, |
11622 | hf->ett.keyex_params, NULL((void*)0), "Diffie-Hellman Server Params"); |
11623 | |
11624 | /* p */ |
11625 | p_len = tvb_get_ntohs(tvb, offset); |
11626 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p_len, tvb, |
11627 | offset, 2, ENC_BIG_ENDIAN0x00000000); |
11628 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_p, tvb, |
11629 | offset + 2, p_len, ENC_NA0x00000000); |
11630 | offset += 2 + p_len; |
11631 | |
11632 | /* g */ |
11633 | g_len = tvb_get_ntohs(tvb, offset); |
11634 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g_len, tvb, |
11635 | offset, 2, ENC_BIG_ENDIAN0x00000000); |
11636 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_g, tvb, |
11637 | offset + 2, g_len, ENC_NA0x00000000); |
11638 | offset += 2 + g_len; |
11639 | |
11640 | /* Ys */ |
11641 | ys_len = tvb_get_ntohs(tvb, offset); |
11642 | proto_tree_add_uint(ssl_dh_tree, hf->hf.hs_server_keyex_ys_len, tvb, |
11643 | offset, 2, ys_len); |
11644 | proto_tree_add_item(ssl_dh_tree, hf->hf.hs_server_keyex_ys, tvb, |
11645 | offset + 2, ys_len, ENC_NA0x00000000); |
11646 | offset += 2 + ys_len; |
11647 | |
11648 | /* Signature (if non-anonymous KEX) */ |
11649 | if (!anon) { |
11650 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_dh_tree, offset, offset_end, version); |
11651 | } |
11652 | } |
11653 | |
11654 | /* Only used in RSA-EXPORT cipher suites */ |
11655 | static void |
11656 | dissect_ssl3_hnd_srv_keyex_rsa(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
11657 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
11658 | uint16_t version) |
11659 | { |
11660 | int modulus_len, exponent_len; |
11661 | proto_tree *ssl_rsa_tree; |
11662 | |
11663 | ssl_rsa_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, |
11664 | hf->ett.keyex_params, NULL((void*)0), "RSA-EXPORT Server Params"); |
11665 | |
11666 | /* modulus */ |
11667 | modulus_len = tvb_get_ntohs(tvb, offset); |
11668 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus_len, tvb, |
11669 | offset, 2, ENC_BIG_ENDIAN0x00000000); |
11670 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_modulus, tvb, |
11671 | offset + 2, modulus_len, ENC_NA0x00000000); |
11672 | offset += 2 + modulus_len; |
11673 | |
11674 | /* exponent */ |
11675 | exponent_len = tvb_get_ntohs(tvb, offset); |
11676 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent_len, |
11677 | tvb, offset, 2, ENC_BIG_ENDIAN0x00000000); |
11678 | proto_tree_add_item(ssl_rsa_tree, hf->hf.hs_server_keyex_exponent, |
11679 | tvb, offset + 2, exponent_len, ENC_NA0x00000000); |
11680 | offset += 2 + exponent_len; |
11681 | |
11682 | /* Signature */ |
11683 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_rsa_tree, offset, offset_end, version); |
11684 | } |
11685 | |
11686 | /* Used in RSA PSK and PSK cipher suites */ |
11687 | static uint32_t |
11688 | dissect_ssl3_hnd_srv_keyex_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11689 | proto_tree *tree, uint32_t offset) |
11690 | { |
11691 | unsigned hint_len; |
11692 | proto_tree *ssl_psk_tree; |
11693 | |
11694 | ssl_psk_tree = proto_tree_add_subtree(tree, tvb, offset, -1, |
11695 | hf->ett.keyex_params, NULL((void*)0), "PSK Server Params"); |
11696 | |
11697 | /* hint */ |
11698 | hint_len = tvb_get_ntohs(tvb, offset); |
11699 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint_len, tvb, |
11700 | offset, 2, ENC_BIG_ENDIAN0x00000000); |
11701 | proto_tree_add_item(ssl_psk_tree, hf->hf.hs_server_keyex_hint, tvb, |
11702 | offset + 2, hint_len, ENC_NA0x00000000); |
11703 | |
11704 | proto_item_set_len(ssl_psk_tree, 2 + hint_len); |
11705 | return 2 + hint_len; |
11706 | } |
11707 | |
11708 | /* Used in Diffie-Hellman PSK cipher suites */ |
11709 | static void |
11710 | dissect_ssl3_hnd_srv_keyex_dhe_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
11711 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
11712 | { |
11713 | /* |
11714 | * struct { |
11715 | * select (KeyExchangeAlgorithm) { |
11716 | * case diffie_hellman_psk: |
11717 | * opaque psk_identity_hint<0..2^16-1>; |
11718 | * ServerDHParams params; |
11719 | * }; |
11720 | * } ServerKeyExchange; |
11721 | */ |
11722 | |
11723 | uint32_t psk_len = dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); |
11724 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset + psk_len, offset_end, 0, true1); |
11725 | } |
11726 | |
11727 | /* Used in EC Diffie-Hellman PSK cipher suites */ |
11728 | static void |
11729 | dissect_ssl3_hnd_srv_keyex_ecdh_psk(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
11730 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
11731 | { |
11732 | /* |
11733 | * struct { |
11734 | * select (KeyExchangeAlgorithm) { |
11735 | * case ec_diffie_hellman_psk: |
11736 | * opaque psk_identity_hint<0..2^16-1>; |
11737 | * ServerECDHParams params; |
11738 | * }; |
11739 | * } ServerKeyExchange; |
11740 | */ |
11741 | |
11742 | uint32_t psk_len = dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); |
11743 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset + psk_len, offset_end, 0, true1); |
11744 | } |
11745 | |
11746 | /* Used in EC J-PAKE cipher suites */ |
11747 | static void |
11748 | dissect_ssl3_hnd_srv_keyex_ecjpake(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11749 | proto_tree *tree, uint32_t offset, uint32_t offset_end) |
11750 | { |
11751 | /* |
11752 | * struct { |
11753 | * ECPoint V; |
11754 | * opaque r<1..2^8-1>; |
11755 | * } ECSchnorrZKP; |
11756 | * |
11757 | * struct { |
11758 | * ECPoint X; |
11759 | * ECSchnorrZKP zkp; |
11760 | * } ECJPAKEKeyKP; |
11761 | * |
11762 | * struct { |
11763 | * ECParameters curve_params; |
11764 | * ECJPAKEKeyKP ecjpake_key_kp; |
11765 | * } ServerECJPAKEParams; |
11766 | * |
11767 | * select (KeyExchangeAlgorithm) { |
11768 | * case ecjpake: |
11769 | * ServerECJPAKEParams params; |
11770 | * } ServerKeyExchange; |
11771 | */ |
11772 | |
11773 | int point_len; |
11774 | proto_tree *ssl_ecjpake_tree; |
11775 | |
11776 | ssl_ecjpake_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, |
11777 | hf->ett.keyex_params, NULL((void*)0), |
11778 | "EC J-PAKE Server Params"); |
11779 | |
11780 | offset = dissect_tls_ecparameters(hf, tvb, ssl_ecjpake_tree, offset, offset_end); |
11781 | if (offset >= offset_end) |
11782 | return; /* only named_curves are supported */ |
11783 | |
11784 | /* ECJPAKEKeyKP.X */ |
11785 | point_len = tvb_get_uint8(tvb, offset); |
11786 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_xs_len, tvb, |
11787 | offset, 1, ENC_BIG_ENDIAN0x00000000); |
11788 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_xs, tvb, |
11789 | offset + 1, point_len, ENC_NA0x00000000); |
11790 | offset += 1 + point_len; |
11791 | |
11792 | /* ECJPAKEKeyKP.zkp.V */ |
11793 | point_len = tvb_get_uint8(tvb, offset); |
11794 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_vs_len, tvb, |
11795 | offset, 1, ENC_BIG_ENDIAN0x00000000); |
11796 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_vs, tvb, |
11797 | offset + 1, point_len, ENC_NA0x00000000); |
11798 | offset += 1 + point_len; |
11799 | |
11800 | /* ECJPAKEKeyKP.zkp.r */ |
11801 | point_len = tvb_get_uint8(tvb, offset); |
11802 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_rs_len, tvb, |
11803 | offset, 1, ENC_BIG_ENDIAN0x00000000); |
11804 | proto_tree_add_item(ssl_ecjpake_tree, hf->hf.hs_server_keyex_rs, tvb, |
11805 | offset + 1, point_len, ENC_NA0x00000000); |
11806 | } |
11807 | |
11808 | /* Only used in ECC-SM2-EXPORT cipher suites */ |
11809 | static void |
11810 | dissect_ssl3_hnd_srv_keyex_ecc_sm2(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
11811 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
11812 | uint16_t version) |
11813 | { |
11814 | proto_tree *ssl_ecc_sm2_tree; |
11815 | |
11816 | ssl_ecc_sm2_tree = proto_tree_add_subtree(tree, tvb, offset, offset_end - offset, |
11817 | hf->ett.keyex_params, NULL((void*)0), "ECC-SM2-EXPORT Server Params"); |
11818 | |
11819 | /* Signature */ |
11820 | dissect_ssl3_hnd_srv_keyex_sig(hf, tvb, pinfo, ssl_ecc_sm2_tree, offset, offset_end, version); |
11821 | } |
11822 | /* ServerKeyExchange algo-specific dissectors. }}} */ |
11823 | |
11824 | /* Client Key Exchange and Server Key Exchange handshake dissections. {{{ */ |
11825 | void |
11826 | ssl_dissect_hnd_cli_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11827 | proto_tree *tree, uint32_t offset, uint32_t length, |
11828 | const SslSession *session) |
11829 | { |
11830 | switch (ssl_get_keyex_alg(session->cipher)) { |
11831 | case KEX_DH_ANON0x13: /* RFC 5246; DHE_DSS, DHE_RSA, DH_DSS, DH_RSA, DH_ANON: ClientDiffieHellmanPublic */ |
11832 | case KEX_DH_DSS0x14: |
11833 | case KEX_DH_RSA0x15: |
11834 | case KEX_DHE_DSS0x10: |
11835 | case KEX_DHE_RSA0x12: |
11836 | dissect_ssl3_hnd_cli_keyex_dhe(hf, tvb, tree, offset, length); |
11837 | break; |
11838 | case KEX_DHE_PSK0x11: /* RFC 4279; diffie_hellman_psk: psk_identity, ClientDiffieHellmanPublic */ |
11839 | dissect_ssl3_hnd_cli_keyex_dhe_psk(hf, tvb, tree, offset, length); |
11840 | break; |
11841 | case KEX_ECDH_ANON0x19: /* RFC 4492; ec_diffie_hellman: ClientECDiffieHellmanPublic */ |
11842 | case KEX_ECDH_ECDSA0x1a: |
11843 | case KEX_ECDH_RSA0x1b: |
11844 | case KEX_ECDHE_ECDSA0x16: |
11845 | case KEX_ECDHE_RSA0x18: |
11846 | dissect_ssl3_hnd_cli_keyex_ecdh(hf, tvb, tree, offset, length); |
11847 | break; |
11848 | case KEX_ECDHE_PSK0x17: /* RFC 5489; ec_diffie_hellman_psk: psk_identity, ClientECDiffieHellmanPublic */ |
11849 | dissect_ssl3_hnd_cli_keyex_ecdh_psk(hf, tvb, tree, offset, length); |
11850 | break; |
11851 | case KEX_KRB50x1c: /* RFC 2712; krb5: KerberosWrapper */ |
11852 | /* XXX: implement support for KRB5 */ |
11853 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, |
11854 | tvb, offset, length, |
11855 | "Kerberos ciphersuites (RFC 2712) are not implemented, contact Wireshark" |
11856 | " developers if you want them to be supported"); |
11857 | break; |
11858 | case KEX_PSK0x1d: /* RFC 4279; psk: psk_identity */ |
11859 | dissect_ssl3_hnd_cli_keyex_psk(hf, tvb, tree, offset); |
11860 | break; |
11861 | case KEX_RSA0x1e: /* RFC 5246; rsa: EncryptedPreMasterSecret */ |
11862 | dissect_ssl3_hnd_cli_keyex_rsa(hf, tvb, tree, offset, length, session); |
11863 | break; |
11864 | case KEX_RSA_PSK0x1f: /* RFC 4279; rsa_psk: psk_identity, EncryptedPreMasterSecret */ |
11865 | dissect_ssl3_hnd_cli_keyex_rsa_psk(hf, tvb, tree, offset, length); |
11866 | break; |
11867 | case KEX_SRP_SHA0x20: /* RFC 5054; srp: ClientSRPPublic */ |
11868 | case KEX_SRP_SHA_DSS0x21: |
11869 | case KEX_SRP_SHA_RSA0x22: |
11870 | /* XXX: implement support for SRP_SHA* */ |
11871 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, |
11872 | tvb, offset, length, |
11873 | "SRP_SHA ciphersuites (RFC 5054) are not implemented, contact Wireshark" |
11874 | " developers if you want them to be supported"); |
11875 | break; |
11876 | case KEX_ECJPAKE0x24: /* https://tools.ietf.org/html/draft-cragie-tls-ecjpake-01 used in Thread Commissioning */ |
11877 | dissect_ssl3_hnd_cli_keyex_ecjpake(hf, tvb, tree, offset, length); |
11878 | break; |
11879 | case KEX_ECC_SM20x26: /* GB/T 38636 */ |
11880 | dissect_ssl3_hnd_cli_keyex_ecc_sm2(hf, tvb, tree, offset, length); |
11881 | break; |
11882 | default: |
11883 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, |
11884 | tvb, offset, length); |
11885 | break; |
11886 | } |
11887 | } |
11888 | |
11889 | void |
11890 | ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
11891 | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
11892 | const SslSession *session) |
11893 | { |
11894 | switch (ssl_get_keyex_alg(session->cipher)) { |
11895 | case KEX_DH_ANON0x13: /* RFC 5246; ServerDHParams */ |
11896 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset, offset_end, session->version, true1); |
11897 | break; |
11898 | case KEX_DH_DSS0x14: /* RFC 5246; not allowed */ |
11899 | case KEX_DH_RSA0x15: |
11900 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_srv_keyex_illegal, |
11901 | tvb, offset, offset_end - offset); |
11902 | break; |
11903 | case KEX_DHE_DSS0x10: /* RFC 5246; dhe_dss, dhe_rsa: ServerDHParams, Signature */ |
11904 | case KEX_DHE_RSA0x12: |
11905 | dissect_ssl3_hnd_srv_keyex_dhe(hf, tvb, pinfo, tree, offset, offset_end, session->version, false0); |
11906 | break; |
11907 | case KEX_DHE_PSK0x11: /* RFC 4279; diffie_hellman_psk: psk_identity_hint, ServerDHParams */ |
11908 | dissect_ssl3_hnd_srv_keyex_dhe_psk(hf, tvb, pinfo, tree, offset, offset_end); |
11909 | break; |
11910 | case KEX_ECDH_ANON0x19: /* RFC 4492; ec_diffie_hellman: ServerECDHParams (without signature for anon) */ |
11911 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset, offset_end, session->version, true1); |
11912 | break; |
11913 | case KEX_ECDHE_PSK0x17: /* RFC 5489; psk_identity_hint, ServerECDHParams */ |
11914 | dissect_ssl3_hnd_srv_keyex_ecdh_psk(hf, tvb, pinfo, tree, offset, offset_end); |
11915 | break; |
11916 | case KEX_ECDH_ECDSA0x1a: /* RFC 4492; ec_diffie_hellman: ServerECDHParams, Signature */ |
11917 | case KEX_ECDH_RSA0x1b: |
11918 | case KEX_ECDHE_ECDSA0x16: |
11919 | case KEX_ECDHE_RSA0x18: |
11920 | dissect_ssl3_hnd_srv_keyex_ecdh(hf, tvb, pinfo, tree, offset, offset_end, session->version, false0); |
11921 | break; |
11922 | case KEX_KRB50x1c: /* RFC 2712; not allowed */ |
11923 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_srv_keyex_illegal, |
11924 | tvb, offset, offset_end - offset); |
11925 | break; |
11926 | case KEX_PSK0x1d: /* RFC 4279; psk, rsa: psk_identity */ |
11927 | case KEX_RSA_PSK0x1f: |
11928 | dissect_ssl3_hnd_srv_keyex_psk(hf, tvb, tree, offset); |
11929 | break; |
11930 | case KEX_RSA0x1e: /* only allowed if the public key in the server certificate is longer than 512 bits */ |
11931 | dissect_ssl3_hnd_srv_keyex_rsa(hf, tvb, pinfo, tree, offset, offset_end, session->version); |
11932 | break; |
11933 | case KEX_ECC_SM20x26: /* GB/T 38636 */ |
11934 | dissect_ssl3_hnd_srv_keyex_ecc_sm2(hf, tvb, pinfo, tree, offset, offset_end, session->version); |
11935 | break; |
11936 | case KEX_SRP_SHA0x20: /* RFC 5054; srp: ServerSRPParams, Signature */ |
11937 | case KEX_SRP_SHA_DSS0x21: |
11938 | case KEX_SRP_SHA_RSA0x22: |
11939 | /* XXX: implement support for SRP_SHA* */ |
11940 | proto_tree_add_expert_format(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, |
11941 | tvb, offset, offset_end - offset, |
11942 | "SRP_SHA ciphersuites (RFC 5054) are not implemented, contact Wireshark" |
11943 | " developers if you want them to be supported"); |
11944 | break; |
11945 | case KEX_ECJPAKE0x24: /* https://tools.ietf.org/html/draft-cragie-tls-ecjpake-01 used in Thread Commissioning */ |
11946 | dissect_ssl3_hnd_srv_keyex_ecjpake(hf, tvb, tree, offset, offset_end); |
11947 | break; |
11948 | default: |
11949 | proto_tree_add_expert(tree, NULL((void*)0), &hf->ei.hs_ciphersuite_undecoded, |
11950 | tvb, offset, offset_end - offset); |
11951 | break; |
11952 | } |
11953 | } |
11954 | /* Client Key Exchange and Server Key Exchange handshake dissections. }}} */ |
11955 | |
11956 | void |
11957 | tls13_dissect_hnd_key_update(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
11958 | proto_tree *tree, uint32_t offset) |
11959 | { |
11960 | /* RFC 8446 Section 4.6.3 |
11961 | * enum { |
11962 | * update_not_requested(0), update_requested(1), (255) |
11963 | * } KeyUpdateRequest; |
11964 | * |
11965 | * struct { |
11966 | * KeyUpdateRequest request_update; |
11967 | * } KeyUpdate; |
11968 | */ |
11969 | proto_tree_add_item(tree, hf->hf.hs_key_update_request_update, tvb, offset, 1, ENC_NA0x00000000); |
11970 | } |
11971 | |
11972 | void |
11973 | ssl_common_register_ssl_alpn_dissector_table(const char *name, |
11974 | const char *ui_name, const int proto) |
11975 | { |
11976 | ssl_alpn_dissector_table = register_dissector_table(name, ui_name, |
11977 | proto, FT_STRING, STRING_CASE_SENSITIVE0); |
11978 | register_dissector_table_alias(ssl_alpn_dissector_table, "ssl.handshake.extensions_alpn_str"); |
11979 | } |
11980 | |
11981 | void |
11982 | ssl_common_register_dtls_alpn_dissector_table(const char *name, |
11983 | const char *ui_name, const int proto) |
11984 | { |
11985 | dtls_alpn_dissector_table = register_dissector_table(name, ui_name, |
11986 | proto, FT_STRING, STRING_CASE_SENSITIVE0); |
11987 | register_dissector_table_alias(ssl_alpn_dissector_table, "dtls.handshake.extensions_alpn_str"); |
11988 | } |
11989 | |
11990 | void |
11991 | ssl_common_register_options(module_t *module, ssl_common_options_t *options, bool_Bool is_dtls) |
11992 | { |
11993 | prefs_register_string_preference(module, "psk", "Pre-Shared Key", |
11994 | "Pre-Shared Key as HEX string. Should be 0 to 16 bytes.", |
11995 | &(options->psk)); |
11996 | |
11997 | if (is_dtls) { |
11998 | prefs_register_obsolete_preference(module, "keylog_file"); |
11999 | prefs_register_static_text_preference(module, "keylog_file_removed", |
12000 | "The (Pre)-Master-Secret log filename preference can be configured in the TLS protocol preferences.", |
12001 | "Use the TLS protocol preference to configure the keylog file for both DTLS and TLS."); |
12002 | return; |
12003 | } |
12004 | |
12005 | prefs_register_filename_preference(module, "keylog_file", "(Pre)-Master-Secret log filename", |
12006 | "The name of a file which contains a list of \n" |
12007 | "(pre-)master secrets in one of the following formats:\n" |
12008 | "\n" |
12009 | "RSA <EPMS> <PMS>\n" |
12010 | "RSA Session-ID:<SSLID> Master-Key:<MS>\n" |
12011 | "CLIENT_RANDOM <CRAND> <MS>\n" |
12012 | "PMS_CLIENT_RANDOM <CRAND> <PMS>\n" |
12013 | "\n" |
12014 | "Where:\n" |
12015 | "<EPMS> = First 8 bytes of the Encrypted PMS\n" |
12016 | "<PMS> = The Pre-Master-Secret (PMS) used to derive the MS\n" |
12017 | "<SSLID> = The SSL Session ID\n" |
12018 | "<MS> = The Master-Secret (MS)\n" |
12019 | "<CRAND> = The Client's random number from the ClientHello message\n" |
12020 | "\n" |
12021 | "(All fields are in hex notation)", |
12022 | &(options->keylog_filename), false0); |
12023 | } |
12024 | |
12025 | void |
12026 | ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, uint32_t offset, uint32_t length) |
12027 | { |
12028 | if (ssl_session && ssl_session->session.version != TLSV1DOT3_VERSION0x304 && !(ssl_session->state & SSL_MASTER_SECRET(1<<5))) { |
12029 | uint32_t old_length = ssl_session->handshake_data.data_len; |
12030 | ssl_debug_printf("Calculating hash with offset %d %d\n", offset, length); |
12031 | if (tvb) { |
12032 | if (tvb_bytes_exist(tvb, offset, length)) { |
12033 | ssl_session->handshake_data.data = (unsigned char *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length); |
12034 | tvb_memcpy(tvb, ssl_session->handshake_data.data + old_length, offset, length); |
12035 | ssl_session->handshake_data.data_len += length; |
12036 | } |
12037 | } else { |
12038 | /* DTLS calculates the hash as if each handshake message had been |
12039 | * sent as a single fragment (RFC 6347, section 4.2.6) and passes |
12040 | * in a null tvbuff to add 3 bytes for a zero fragment offset. |
12041 | */ |
12042 | DISSECTOR_ASSERT_CMPINT(length, <, 4)((void) ((length < 4) ? (void)0 : (proto_report_dissector_bug ("%s:%u: failed assertion " "length" " " "<" " " "4" " (" "%" "l" "d" " " "<" " " "%" "l" "d" ")", "epan/dissectors/packet-tls-utils.c" , 12042, (int64_t)length, (int64_t)4)))); |
12043 | ssl_session->handshake_data.data = (unsigned char *)wmem_realloc(wmem_file_scope(), ssl_session->handshake_data.data, old_length + length); |
12044 | memset(ssl_session->handshake_data.data + old_length, 0, length); |
12045 | ssl_session->handshake_data.data_len += length; |
12046 | } |
12047 | } |
12048 | } |
12049 | |
12050 | |
12051 | /* |
12052 | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
12053 | * |
12054 | * Local variables: |
12055 | * c-basic-offset: 4 |
12056 | * tab-width: 8 |
12057 | * indent-tabs-mode: nil |
12058 | * End: |
12059 | * |
12060 | * vi: set shiftwidth=4 tabstop=8 expandtab: |
12061 | * :indentSize=4:tabSize=8:noTabs=true: |
12062 | */ |