/src/wireshark/epan/dissectors/packet-tls-utils.h
Line | Count | Source |
1 | | /* packet-tls-utils.h |
2 | | * ssl manipulation functions |
3 | | * By Paolo Abeni <paolo.abeni@email.com> |
4 | | * |
5 | | * Wireshark - Network traffic analyzer |
6 | | * By Gerald Combs <gerald@wireshark.org> |
7 | | * Copyright 1998 Gerald Combs |
8 | | * |
9 | | * SPDX-License-Identifier: GPL-2.0-or-later |
10 | | */ |
11 | | |
12 | | #ifndef __PACKET_TLS_UTILS_H__ |
13 | | #define __PACKET_TLS_UTILS_H__ |
14 | | |
15 | | #include <stdio.h> /* some APIs we declare take a stdio stream as an argument */ |
16 | | |
17 | | #include <glib.h> |
18 | | #include <epan/packet.h> |
19 | | #include <epan/prefs.h> |
20 | | #include <epan/wmem_scopes.h> |
21 | | #include <epan/expert.h> |
22 | | #include <epan/conversation.h> |
23 | | #include <epan/tap.h> |
24 | | #include <epan/unit_strings.h> |
25 | | #include <wsutil/wsgcrypt.h> |
26 | | |
27 | | /* TODO inline this now that Libgcrypt is mandatory? */ |
28 | | #define SSL_CIPHER_CTX gcry_cipher_hd_t |
29 | | #define SSL_DECRYPT_DEBUG |
30 | | |
31 | | |
32 | | /* other defines */ |
33 | | typedef enum { |
34 | | SSL_ID_CHG_CIPHER_SPEC = 0x14, |
35 | | SSL_ID_ALERT = 0x15, |
36 | | SSL_ID_HANDSHAKE = 0x16, |
37 | | SSL_ID_APP_DATA = 0x17, |
38 | | SSL_ID_HEARTBEAT = 0x18, |
39 | | SSL_ID_TLS12_CID = 0x19, |
40 | | SSL_ID_DTLS13_ACK = 0x1A, |
41 | | } ContentType; |
42 | | |
43 | | typedef enum { |
44 | | SSL_HND_HELLO_REQUEST = 0, |
45 | | SSL_HND_CLIENT_HELLO = 1, |
46 | | SSL_HND_SERVER_HELLO = 2, |
47 | | SSL_HND_HELLO_VERIFY_REQUEST = 3, |
48 | | SSL_HND_NEWSESSION_TICKET = 4, |
49 | | SSL_HND_END_OF_EARLY_DATA = 5, |
50 | | SSL_HND_HELLO_RETRY_REQUEST = 6, |
51 | | SSL_HND_ENCRYPTED_EXTENSIONS = 8, |
52 | | SSL_HND_CERTIFICATE = 11, |
53 | | SSL_HND_SERVER_KEY_EXCHG = 12, |
54 | | SSL_HND_CERT_REQUEST = 13, |
55 | | SSL_HND_SVR_HELLO_DONE = 14, |
56 | | SSL_HND_CERT_VERIFY = 15, |
57 | | SSL_HND_CLIENT_KEY_EXCHG = 16, |
58 | | SSL_HND_FINISHED = 20, |
59 | | SSL_HND_CERT_URL = 21, |
60 | | SSL_HND_CERT_STATUS = 22, |
61 | | SSL_HND_SUPPLEMENTAL_DATA = 23, |
62 | | SSL_HND_KEY_UPDATE = 24, |
63 | | SSL_HND_COMPRESSED_CERTIFICATE = 25, |
64 | | /* Encrypted Extensions was NextProtocol in draft-agl-tls-nextprotoneg-03 |
65 | | * and changed in draft 04. Not to be confused with TLS 1.3 EE. */ |
66 | | SSL_HND_ENCRYPTED_EXTS = 67, |
67 | | SSL_HND_MESSAGE_HASH = 254 |
68 | | } HandshakeType; |
69 | | |
70 | 9 | #define SSL2_HND_ERROR 0x00 |
71 | 29 | #define SSL2_HND_CLIENT_HELLO 0x01 |
72 | 19 | #define SSL2_HND_CLIENT_MASTER_KEY 0x02 |
73 | 0 | #define SSL2_HND_CLIENT_FINISHED 0x03 |
74 | 26 | #define SSL2_HND_SERVER_HELLO 0x04 |
75 | 0 | #define SSL2_HND_SERVER_VERIFY 0x05 |
76 | 0 | #define SSL2_HND_SERVER_FINISHED 0x06 |
77 | 0 | #define SSL2_HND_REQUEST_CERTIFICATE 0x07 |
78 | 0 | #define SSL2_HND_CLIENT_CERTIFICATE 0x08 |
79 | | |
80 | 1.90k | #define SSL_HND_HELLO_EXT_SERVER_NAME 0 |
81 | 8 | #define SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH 1 |
82 | | #define SSL_HND_HELLO_EXT_CLIENT_CERTIFICATE_URL 2 |
83 | 13 | #define SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS 3 |
84 | | #define SSL_HND_HELLO_EXT_TRUNCATED_HMAC 4 |
85 | 2 | #define SSL_HND_HELLO_EXT_STATUS_REQUEST 5 |
86 | | #define SSL_HND_HELLO_EXT_USER_MAPPING 6 |
87 | | #define SSL_HND_HELLO_EXT_CLIENT_AUTHZ 7 |
88 | | #define SSL_HND_HELLO_EXT_SERVER_AUTHZ 8 |
89 | 1 | #define SSL_HND_HELLO_EXT_CERT_TYPE 9 |
90 | 10 | #define SSL_HND_HELLO_EXT_SUPPORTED_GROUPS 10 /* renamed from "elliptic_curves" (RFC 7919 / TLS 1.3) */ |
91 | 3 | #define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 11 |
92 | 1 | #define SSL_HND_HELLO_EXT_SRP 12 |
93 | 3 | #define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS 13 |
94 | 4 | #define SSL_HND_HELLO_EXT_USE_SRTP 14 |
95 | 1 | #define SSL_HND_HELLO_EXT_HEARTBEAT 15 |
96 | 189 | #define SSL_HND_HELLO_EXT_ALPN 16 |
97 | 0 | #define SSL_HND_HELLO_EXT_STATUS_REQUEST_V2 17 |
98 | 1 | #define SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP 18 |
99 | 0 | #define SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE 19 |
100 | 1 | #define SSL_HND_HELLO_EXT_SERVER_CERT_TYPE 20 |
101 | 2 | #define SSL_HND_HELLO_EXT_PADDING 21 |
102 | 6 | #define SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC 22 |
103 | 0 | #define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET 23 |
104 | 0 | #define SSL_HND_HELLO_EXT_TOKEN_BINDING 24 |
105 | | #define SSL_HND_HELLO_EXT_CACHED_INFO 25 |
106 | 3 | #define SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE 27 |
107 | 1 | #define SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT 28 |
108 | | /* 26-33 Unassigned*/ |
109 | 0 | #define SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS 34 /* draft-ietf-tls-subcerts-10.txt */ |
110 | 5 | #define SSL_HND_HELLO_EXT_SESSION_TICKET_TLS 35 |
111 | | /* RFC 8446 (TLS 1.3) */ |
112 | 3 | #define SSL_HND_HELLO_EXT_KEY_SHARE_OLD 40 /* draft-ietf-tls-tls13-22 (removed in -23) */ |
113 | 0 | #define SSL_HND_HELLO_EXT_PRE_SHARED_KEY 41 |
114 | 0 | #define SSL_HND_HELLO_EXT_EARLY_DATA 42 |
115 | 98 | #define SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS 43 |
116 | 2 | #define SSL_HND_HELLO_EXT_COOKIE 44 |
117 | 5 | #define SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES 45 |
118 | 2 | #define SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO 46 /* draft-ietf-tls-tls13-18 (removed in -19) */ |
119 | 0 | #define SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES 47 |
120 | 1 | #define SSL_HND_HELLO_EXT_OID_FILTERS 48 |
121 | 0 | #define SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH 49 |
122 | 1 | #define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT 50 |
123 | 3 | #define SSL_HND_HELLO_EXT_KEY_SHARE 51 |
124 | | #define SSL_HND_HELLO_EXT_TRANSPARENCY_INFO 52 /* draft-ietf-trans-rfc6962-bis-41 */ |
125 | 2 | #define SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED 53 /* draft-ietf-tls-dtls-connection-id-07 */ |
126 | 3 | #define SSL_HND_HELLO_EXT_CONNECTION_ID 54 |
127 | | #define SSL_HND_HELLO_EXT_EXTERNAL_ID_HASH 55 /* RFC 8844 */ |
128 | | #define SSL_HND_HELLO_EXT_EXTERNAL_SESSION_ID 56 /* RFC 8844 */ |
129 | 1 | #define SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V1 57 /* draft-ietf-quic-tls-33 */ |
130 | | #define SSL_HND_HELLO_EXT_TICKET_REQUEST 58 /* draft-ietf-tls-ticketrequests-07 */ |
131 | | #define SSL_HND_HELLO_EXT_DNSSEC_CHAIN 59 /* RFC 9102 */ |
132 | | #define SSL_HND_HELLO_EXT_GREASE_0A0A 2570 |
133 | | #define SSL_HND_HELLO_EXT_GREASE_1A1A 6682 |
134 | | #define SSL_HND_HELLO_EXT_GREASE_2A2A 10794 |
135 | 0 | #define SSL_HND_HELLO_EXT_NPN 13172 /* 0x3374 */ |
136 | | #define SSL_HND_HELLO_EXT_GREASE_3A3A 14906 |
137 | 0 | #define SSL_HND_HELLO_EXT_ALPS_OLD 17513 /* draft-vvv-tls-alps-01, previous value used in BoringSSL implementation */ |
138 | 0 | #define SSL_HND_HELLO_EXT_ALPS 17613 /* draft-vvv-tls-alps-01, current value used in BoringSSL implementation */ |
139 | | #define SSL_HND_HELLO_EXT_GREASE_4A4A 19018 |
140 | | #define SSL_HND_HELLO_EXT_GREASE_5A5A 23130 |
141 | | #define SSL_HND_HELLO_EXT_GREASE_6A6A 27242 |
142 | | #define SSL_HND_HELLO_EXT_CHANNEL_ID_OLD 30031 /* 0x754f */ |
143 | | #define SSL_HND_HELLO_EXT_CHANNEL_ID 30032 /* 0x7550 */ |
144 | | #define SSL_HND_HELLO_EXT_GREASE_7A7A 31354 |
145 | | #define SSL_HND_HELLO_EXT_GREASE_8A8A 35466 |
146 | | #define SSL_HND_HELLO_EXT_GREASE_9A9A 39578 |
147 | | #define SSL_HND_HELLO_EXT_GREASE_AAAA 43690 |
148 | | #define SSL_HND_HELLO_EXT_GREASE_BABA 47802 |
149 | | #define SSL_HND_HELLO_EXT_GREASE_CACA 51914 |
150 | | #define SSL_HND_HELLO_EXT_GREASE_DADA 56026 |
151 | | #define SSL_HND_HELLO_EXT_GREASE_EAEA 60138 |
152 | | #define SSL_HND_HELLO_EXT_GREASE_FAFA 64250 |
153 | 3 | #define SSL_HND_HELLO_EXT_ECH_OUTER_EXTENSIONS 64768 /* 0xfd00 draft-ietf-tls-esni-16 */ |
154 | 0 | #define SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO 65037 /* 0xfe0d draft-ietf-tls-esni-16 */ |
155 | 7 | #define SSL_HND_HELLO_EXT_RENEGOTIATION_INFO 65281 /* 0xFF01 */ |
156 | 0 | #define SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS 65445 /* 0xffa5 draft-ietf-quic-tls-13 */ |
157 | 0 | #define SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME 65486 /* 0xffce draft-ietf-tls-esni-01 */ |
158 | | |
159 | | #define SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT 1 |
160 | | #define SSL_HND_CERT_URL_TYPE_PKIPATH 2 |
161 | 0 | #define SSL_HND_CERT_STATUS_TYPE_OCSP 1 |
162 | 0 | #define SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI 2 |
163 | 0 | #define SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY 2 |
164 | | |
165 | | /* https://github.com/quicwg/base-drafts/wiki/Temporary-IANA-Registry#quic-transport-parameters */ |
166 | 0 | #define SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID 0x00 |
167 | 0 | #define SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT 0x01 |
168 | 0 | #define SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN 0x02 |
169 | 0 | #define SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE 0x03 |
170 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_DATA 0x04 |
171 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL 0x05 |
172 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE 0x06 |
173 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI 0x07 |
174 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI 0x08 |
175 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI 0x09 |
176 | 0 | #define SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT 0x0a |
177 | 0 | #define SSL_HND_QUIC_TP_MAX_ACK_DELAY 0x0b |
178 | 0 | #define SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION 0x0c |
179 | 0 | #define SSL_HND_QUIC_TP_PREFERRED_ADDRESS 0x0d |
180 | 0 | #define SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT 0x0e |
181 | 0 | #define SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID 0x0f |
182 | 0 | #define SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID 0x10 |
183 | 0 | #define SSL_HND_QUIC_TP_VERSION_INFORMATION 0x11 /* https://tools.ietf.org/html/draft-ietf-quic-version-negotiation-14 */ |
184 | 0 | #define SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE 0x20 /* https://datatracker.ietf.org/doc/html/draft-ietf-quic-datagram-06 */ |
185 | 0 | #define SSL_HND_QUIC_TP_CIBIR_ENCODING 0x1000 /* https://datatracker.ietf.org/doc/html/draft-banks-quic-cibir-01 */ |
186 | 0 | #define SSL_HND_QUIC_TP_LOSS_BITS 0x1057 /* https://tools.ietf.org/html/draft-ferrieuxhamchaoui-quic-lossbits-03 */ |
187 | 0 | #define SSL_HND_QUIC_TP_GREASE_QUIC_BIT 0x2ab2 /* RFC 9287 */ |
188 | 0 | #define SSL_HND_QUIC_TP_ENABLE_TIME_STAMP 0x7157 /* https://tools.ietf.org/html/draft-huitema-quic-ts-02 */ |
189 | 0 | #define SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V2 0x7158 /* https://tools.ietf.org/html/draft-huitema-quic-ts-03 */ |
190 | 0 | #define SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD 0xde1a /* https://tools.ietf.org/html/draft-iyengar-quic-delayed-ack-00 */ |
191 | | /* https://quiche.googlesource.com/quiche/+/refs/heads/master/quic/core/crypto/transport_parameters.cc */ |
192 | 0 | #define SSL_HND_QUIC_TP_GOOGLE_USER_AGENT 0x3129 |
193 | 0 | #define SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED 0x312B |
194 | 0 | #define SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION 0x4752 |
195 | 0 | #define SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT 0x3127 |
196 | 0 | #define SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE 0x312A |
197 | 0 | #define SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS 0x4751 |
198 | 0 | #define SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS 0x3128 |
199 | | /* https://github.com/facebookincubator/mvfst/blob/master/quic/QuicConstants.h */ |
200 | 0 | #define SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY 0xFF00 |
201 | 0 | #define SSL_HND_QUIC_TP_VERSION_INFORMATION_DRAFT 0xff73db /* https://datatracker.ietf.org/doc/draft-ietf-quic-version-negotiation/13/ */ |
202 | 0 | #define SSL_HND_QUIC_TP_ADDRESS_DISCOVERY 0x9f81a176 /* https://tools.ietf.org/html/draft-ietf-quic-address-discovery-00 */ |
203 | 0 | #define SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V1 0xFF03DE1A /* https://tools.ietf.org/html/draft-ietf-quic-ack-frequency-01 */ |
204 | 0 | #define SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT05 0xff04de1a /* https://tools.ietf.org/html/draft-ietf-quic-ack-frequency-04 / draft-05 */ |
205 | 0 | #define SSL_HND_QUIC_TP_MIN_ACK_DELAY 0xff04de1b /* https://tools.ietf.org/html/draft-ietf-quic-ack-frequency-07 */ |
206 | 0 | #define SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT04 0x0f739bbc1b666d04 /* https://tools.ietf.org/html/draft-ietf-quic-multipath-04 */ |
207 | 0 | #define SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT05 0x0f739bbc1b666d05 /* https://tools.ietf.org/html/draft-ietf-quic-multipath-05 */ |
208 | 0 | #define SSL_HND_QUIC_TP_ENABLE_MULTIPATH 0x0f739bbc1b666d06 /* https://tools.ietf.org/html/draft-ietf-quic-multipath-06 */ |
209 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_PATHS 0x0f739bbc1b666d07 /* https://tools.ietf.org/html/draft-ietf-quic-multipath-07 */ |
210 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT09 0x0f739bbc1b666d09 /* https://tools.ietf.org/html/draft-ietf-quic-multipath-09 */ |
211 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT11 0x0f739bbc1b666d11 /* https://tools.ietf.org/html/draft-ietf-quic-multipath-11 */ |
212 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID_DRAFT12 0x0f739bbc1b666d0c /* https://tools.ietf.org/html/draft-ietf-quic-multipath-12 */ |
213 | 0 | #define SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID 0x0f739bbc1b666d0d /* https://tools.ietf.org/html/draft-ietf-quic-multipath-13 */ |
214 | | |
215 | | /* |
216 | | * Lookup tables |
217 | | */ |
218 | | extern const value_string ssl_version_short_names[]; |
219 | | extern const value_string ssl_20_msg_types[]; |
220 | | extern value_string_ext ssl_20_cipher_suites_ext; |
221 | | extern const value_string ssl_20_certificate_type[]; |
222 | | extern const value_string ssl_31_content_type[]; |
223 | | extern const value_string ssl_versions[]; |
224 | | extern const value_string ssl_31_change_cipher_spec[]; |
225 | | extern const value_string ssl_31_alert_level[]; |
226 | | extern const value_string ssl_31_alert_description[]; |
227 | | extern const value_string ssl_31_handshake_type[]; |
228 | | extern const value_string tls_heartbeat_type[]; |
229 | | extern const value_string tls_heartbeat_mode[]; |
230 | | extern const value_string ssl_31_compression_method[]; |
231 | | extern const value_string ssl_31_key_exchange_algorithm[]; |
232 | | extern const value_string ssl_31_signature_algorithm[]; |
233 | | extern const value_string ssl_31_client_certificate_type[]; |
234 | | extern const value_string ssl_31_public_value_encoding[]; |
235 | | extern value_string_ext ssl_31_ciphersuite_ext; |
236 | | extern const value_string tls_hello_extension_types[]; |
237 | | extern const value_string tls_hash_algorithm[]; |
238 | | extern const value_string tls_signature_algorithm[]; |
239 | | extern const value_string tls13_signature_algorithm[]; |
240 | | extern const value_string tls_certificate_type[]; |
241 | | extern const value_string tls_cert_chain_type[]; |
242 | | extern const value_string tls_cert_status_type[]; |
243 | | extern const value_string ssl_extension_curves[]; |
244 | | extern const value_string ssl_extension_ec_point_formats[]; |
245 | | extern const value_string ssl_curve_types[]; |
246 | | extern const value_string tls_hello_ext_server_name_type_vs[]; |
247 | | extern const value_string tls_hello_ext_max_fragment_length[]; |
248 | | extern const value_string tls_hello_ext_psk_ke_mode[]; |
249 | | extern const value_string tls_hello_ext_trusted_ca_key_type[]; |
250 | | extern const value_string tls13_key_update_request[]; |
251 | | extern const value_string compress_certificate_algorithm_vals[]; |
252 | | extern const val64_string quic_transport_parameter_id[]; |
253 | | extern const range_string quic_version_vals[]; |
254 | | extern const val64_string quic_address_discovery_vals[]; |
255 | | extern const val64_string quic_enable_time_stamp_v2_vals[]; |
256 | | extern const val64_string quic_enable_multipath_vals[]; |
257 | | extern const value_string tls_hello_ext_ech_clienthello_types[]; |
258 | | extern const value_string kem_id_type_vals[]; |
259 | | extern const value_string kdf_id_type_vals[]; |
260 | | extern const value_string aead_id_type_vals[]; |
261 | | extern const value_string token_binding_key_parameter_vals[]; |
262 | | |
263 | | /* XXX Should we use GByteArray instead? */ |
264 | | typedef struct _StringInfo { |
265 | | unsigned char *data; /* Backing storage which may be larger than data_len */ |
266 | | unsigned data_len; /* Length of the meaningful part of data */ |
267 | | } StringInfo; |
268 | | |
269 | | #define SSL_WRITE_KEY 1 |
270 | | |
271 | 1.23k | #define SSL_VER_UNKNOWN 0 |
272 | 146 | #define SSLV2_VERSION 0x0002 /* not in record layer, SSL_CLIENT_SERVER from |
273 | | http://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html */ |
274 | 150 | #define SSLV3_VERSION 0x300 |
275 | 292 | #define TLSV1_VERSION 0x301 |
276 | 191 | #define TLCPV1_VERSION 0x101 |
277 | 292 | #define TLSV1DOT1_VERSION 0x302 |
278 | 820 | #define TLSV1DOT2_VERSION 0x303 |
279 | 2.26k | #define TLSV1DOT3_VERSION 0x304 |
280 | 66 | #define DTLSV1DOT0_VERSION 0xfeff |
281 | 350 | #define DTLSV1DOT0_OPENSSL_VERSION 0x100 |
282 | 1.04k | #define DTLSV1DOT2_VERSION 0xfefd |
283 | 1.18k | #define DTLSV1DOT3_VERSION 0xfefc |
284 | | |
285 | | /* Returns the TLS 1.3 draft version or 0 if not applicable. */ |
286 | 6 | static inline uint8_t extract_tls13_draft_version(uint32_t version) { |
287 | 6 | if ((version & 0xff00) == 0x7f00) { |
288 | 0 | return (uint8_t) version; |
289 | 0 | } |
290 | 6 | return 0; |
291 | 6 | } Unexecuted instantiation: packet-dtls.c:extract_tls13_draft_version Unexecuted instantiation: packet-eap.c:extract_tls13_draft_version Unexecuted instantiation: packet-enip.c:extract_tls13_draft_version Unexecuted instantiation: packet-ftp.c:extract_tls13_draft_version Unexecuted instantiation: packet-imap.c:extract_tls13_draft_version Unexecuted instantiation: packet-mysql.c:extract_tls13_draft_version Unexecuted instantiation: packet-nbd.c:extract_tls13_draft_version Unexecuted instantiation: packet-nntp.c:extract_tls13_draft_version Unexecuted instantiation: packet-pcp.c:extract_tls13_draft_version Unexecuted instantiation: packet-pgsql.c:extract_tls13_draft_version Unexecuted instantiation: packet-pop.c:extract_tls13_draft_version Unexecuted instantiation: packet-quic.c:extract_tls13_draft_version Unexecuted instantiation: packet-reload.c:extract_tls13_draft_version Unexecuted instantiation: packet-smtp.c:extract_tls13_draft_version Unexecuted instantiation: packet-tcpcl.c:extract_tls13_draft_version Unexecuted instantiation: packet-telnet.c:extract_tls13_draft_version packet-tls-utils.c:extract_tls13_draft_version Line | Count | Source | 286 | 6 | static inline uint8_t extract_tls13_draft_version(uint32_t version) { | 287 | 6 | if ((version & 0xff00) == 0x7f00) { | 288 | 0 | return (uint8_t) version; | 289 | 0 | } | 290 | 6 | return 0; | 291 | 6 | } |
Unexecuted instantiation: packet-tls.c:extract_tls13_draft_version Unexecuted instantiation: packet-ldap.c:extract_tls13_draft_version Unexecuted instantiation: packet-xmpp-core.c:extract_tls13_draft_version |
292 | | |
293 | | |
294 | 257 | #define SSL_CLIENT_RANDOM (1<<0) |
295 | 40 | #define SSL_SERVER_RANDOM (1<<1) |
296 | 45 | #define SSL_CIPHER (1<<2) |
297 | 222 | #define SSL_HAVE_SESSION_KEY (1<<3) |
298 | 41 | #define SSL_VERSION (1<<4) |
299 | 742 | #define SSL_MASTER_SECRET (1<<5) |
300 | 218 | #define SSL_PRE_MASTER_SECRET (1<<6) |
301 | 185 | #define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7) |
302 | 32 | #define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8) |
303 | 32 | #define SSL_NEW_SESSION_TICKET (1<<10) |
304 | 0 | #define SSL_ENCRYPT_THEN_MAC (1<<11) |
305 | 0 | #define SSL_SEEN_0RTT_APPDATA (1<<12) |
306 | 28 | #define SSL_QUIC_RECORD_LAYER (1<<13) /* For QUIC (draft >= -13) */ |
307 | | |
308 | 0 | #define SSL_EXTENDED_MASTER_SECRET_MASK (SSL_CLIENT_EXTENDED_MASTER_SECRET|SSL_SERVER_EXTENDED_MASTER_SECRET) |
309 | | |
310 | | /* SSL Cipher Suite modes */ |
311 | | typedef enum { |
312 | | MODE_STREAM, /* GenericStreamCipher */ |
313 | | MODE_CBC, /* GenericBlockCipher */ |
314 | | MODE_GCM, /* GenericAEADCipher */ |
315 | | MODE_CCM, /* AEAD_AES_{128,256}_CCM with 16 byte auth tag */ |
316 | | MODE_CCM_8, /* AEAD_AES_{128,256}_CCM with 8 byte auth tag */ |
317 | | MODE_POLY1305, /* AEAD_CHACHA20_POLY1305 with 16 byte auth tag (RFC 7905) */ |
318 | | MODE_ECB, /* ECB: used to perform record seq number encryption in DTLSv1.3 */ |
319 | | } ssl_cipher_mode_t; |
320 | | |
321 | | /* Explicit and implicit nonce length (RFC 5116 - Section 3.2.1) */ |
322 | 0 | #define IMPLICIT_NONCE_LEN 4 |
323 | 0 | #define EXPLICIT_NONCE_LEN 8 |
324 | 24 | #define TLS13_AEAD_NONCE_LENGTH 12 |
325 | | |
326 | | /* TLS 1.3 Record type for selecting the appropriate secret. */ |
327 | | typedef enum { |
328 | | TLS_SECRET_0RTT_APP, |
329 | | TLS_SECRET_HANDSHAKE, |
330 | | TLS_SECRET_APP, |
331 | | } TLSRecordType; |
332 | | |
333 | 0 | #define SSL_DEBUG_USE_STDERR "-" |
334 | | |
335 | 9 | #define SSLV2_MAX_SESSION_ID_LENGTH_IN_BYTES 16 |
336 | | |
337 | | /* Record fragment lengths MUST NOT exceed 2^14 (= 0x4000) */ |
338 | 446 | #define TLS_MAX_RECORD_LENGTH 0x4000 |
339 | | |
340 | | typedef struct _SslCipherSuite { |
341 | | int number; |
342 | | int kex; |
343 | | int enc; |
344 | | int dig; |
345 | | ssl_cipher_mode_t mode; |
346 | | } SslCipherSuite; |
347 | | |
348 | | typedef struct _SslFlow { |
349 | | uint32_t byte_seq; |
350 | | uint16_t flags; |
351 | | wmem_tree_t *multisegment_pdus; |
352 | | } SslFlow; |
353 | | |
354 | | typedef struct _SslDecompress SslDecompress; |
355 | | |
356 | | typedef struct _SslDecoder { |
357 | | const SslCipherSuite *cipher_suite; |
358 | | int compression; |
359 | | unsigned char _mac_key_or_write_iv[48]; |
360 | | StringInfo mac_key; /* for block and stream ciphers */ |
361 | | StringInfo write_iv; /* for AEAD ciphers (at least GCM, CCM) */ |
362 | | SSL_CIPHER_CTX sn_evp; /* used to decrypt serial number in DTLSv1.3 */ |
363 | | SSL_CIPHER_CTX evp; |
364 | | SslDecompress *decomp; |
365 | | uint64_t dtls13_epoch; |
366 | | uint64_t seq; /**< Implicit (TLS) or explicit (DTLS) record sequence number. */ |
367 | | StringInfo dtls13_aad; /**< Additional Authenticated Data for DTLS 1.3. */ |
368 | | uint16_t epoch; |
369 | | SslFlow *flow; |
370 | | StringInfo app_traffic_secret; /**< TLS 1.3 application traffic secret (if applicable), wmem file scope. */ |
371 | | } SslDecoder; |
372 | | |
373 | 0 | #define KEX_DHE_DSS 0x10 |
374 | 0 | #define KEX_DHE_PSK 0x11 |
375 | 0 | #define KEX_DHE_RSA 0x12 |
376 | 0 | #define KEX_DH_ANON 0x13 |
377 | 0 | #define KEX_DH_DSS 0x14 |
378 | 0 | #define KEX_DH_RSA 0x15 |
379 | 0 | #define KEX_ECDHE_ECDSA 0x16 |
380 | 0 | #define KEX_ECDHE_PSK 0x17 |
381 | 0 | #define KEX_ECDHE_RSA 0x18 |
382 | 0 | #define KEX_ECDH_ANON 0x19 |
383 | 0 | #define KEX_ECDH_ECDSA 0x1a |
384 | 0 | #define KEX_ECDH_RSA 0x1b |
385 | 0 | #define KEX_KRB5 0x1c |
386 | 0 | #define KEX_PSK 0x1d |
387 | 0 | #define KEX_RSA 0x1e |
388 | 0 | #define KEX_RSA_PSK 0x1f |
389 | 0 | #define KEX_SRP_SHA 0x20 |
390 | 0 | #define KEX_SRP_SHA_DSS 0x21 |
391 | 0 | #define KEX_SRP_SHA_RSA 0x22 |
392 | | #define KEX_IS_DH(n) ((n) >= KEX_DHE_DSS && (n) <= KEX_ECDH_RSA) |
393 | 0 | #define KEX_TLS13 0x23 |
394 | 0 | #define KEX_ECJPAKE 0x24 |
395 | | |
396 | | #define KEX_ECDHE_SM2 0x25 |
397 | 0 | #define KEX_ECC_SM2 0x26 |
398 | | #define KEX_IBSDH_SM9 0x27 |
399 | | #define KEX_IBC_SM9 0x28 |
400 | | |
401 | | /* Order is significant, must match "ciphers" array in packet-tls-utils.c */ |
402 | | |
403 | 0 | #define ENC_START 0x30 |
404 | | #define ENC_DES 0x30 |
405 | | #define ENC_3DES 0x31 |
406 | | #define ENC_RC4 0x32 |
407 | | #define ENC_RC2 0x33 |
408 | | #define ENC_IDEA 0x34 |
409 | 0 | #define ENC_AES 0x35 |
410 | 0 | #define ENC_AES256 0x36 |
411 | | #define ENC_CAMELLIA128 0x37 |
412 | | #define ENC_CAMELLIA256 0x38 |
413 | | #define ENC_SEED 0x39 |
414 | 0 | #define ENC_CHACHA20 0x3A |
415 | | #define ENC_SM1 0x3B |
416 | | #define ENC_SM4 0x3C |
417 | 1 | #define ENC_NULL 0x3D |
418 | | |
419 | | |
420 | 0 | #define DIG_MD5 0x40 |
421 | 0 | #define DIG_SHA 0x41 |
422 | | #define DIG_SHA256 0x42 |
423 | 0 | #define DIG_SHA384 0x43 |
424 | 0 | #define DIG_SM3 0x44 |
425 | 0 | #define DIG_NA 0x45 /* Not Applicable */ |
426 | | |
427 | | typedef struct { |
428 | | const char *name; |
429 | | unsigned len; |
430 | | } SslDigestAlgo; |
431 | | |
432 | | typedef struct _SslRecordInfo { |
433 | | unsigned char *plain_data; /**< Decrypted data. */ |
434 | | unsigned plain_data_len; /**< Total length of decrypted data, |
435 | | including the content type and padding |
436 | | if the TLS version supports them. */ |
437 | | unsigned content_len; /**< Length of the part of the decrypted data |
438 | | corresponding to the record content. */ |
439 | | int id; /**< Identifies the exact record within a frame |
440 | | (there can be multiple records in a frame). */ |
441 | | ContentType type; /**< Content type of the decrypted record data. */ |
442 | | SslFlow *flow; /**< Flow where this record fragment is a part of. |
443 | | Can be NULL if this record type may not be fragmented. */ |
444 | | uint64_t record_seq; /**< Implicit (TLS) or explicit (DTLS) record sequence number. */ |
445 | | uint32_t seq; /**< Data offset within the flow. */ |
446 | | struct _SslRecordInfo* next; |
447 | | } SslRecordInfo; |
448 | | |
449 | | /** |
450 | | * Stored information about a part of a reassembled handshake message. A single |
451 | | * handshake record is uniquely identified by (record_id, reassembly_id). |
452 | | */ |
453 | | typedef struct _TlsHsFragment { |
454 | | unsigned record_id; /**< Identifies the exact record within a frame |
455 | | (there can be multiple records in a frame). */ |
456 | | unsigned reassembly_id; /**< Identifies the reassembly that this fragment is part of. */ |
457 | | uint32_t offset; /**< Offset within a reassembly. */ |
458 | | uint8_t type; /**< Handshake type (first byte of the buffer). */ |
459 | | int is_last : 1; /**< Whether this fragment completes the message. */ |
460 | | struct _TlsHsFragment *next; |
461 | | } TlsHsFragment; |
462 | | |
463 | | typedef struct { |
464 | | SslRecordInfo *records; /**< Decrypted records within this frame. */ |
465 | | TlsHsFragment *hs_fragments; /**< Handshake records that are part of a reassembly. */ |
466 | | uint32_t srcport; /**< Used for Decode As */ |
467 | | uint32_t destport; |
468 | | int cipher; /**< Cipher at time of Key Exchange handshake message. |
469 | | Session cipher can change in renegotiation. */ |
470 | | } SslPacketInfo; |
471 | | |
472 | | typedef struct _SslSession { |
473 | | int cipher; |
474 | | int compression; |
475 | | uint16_t version; |
476 | | unsigned char tls13_draft_version; |
477 | | unsigned char _client_random[32]; |
478 | | int8_t client_cert_type; |
479 | | int8_t server_cert_type; |
480 | | uint32_t client_ccs_frame; |
481 | | uint32_t server_ccs_frame; |
482 | | uint32_t first_ch_ech_frame; |
483 | | StringInfo client_random; |
484 | | bool ech; |
485 | | bool hrr_ech_declined; |
486 | | unsigned char ech_confirmation[8]; |
487 | | unsigned char hrr_ech_confirmation[8]; |
488 | | unsigned char first_ech_auth_tag[16]; |
489 | | |
490 | | /* The address/proto/port of the server as determined from heuristics |
491 | | * (e.g. ClientHello) or set externally (via ssl_set_master_secret()). */ |
492 | | address srv_addr; |
493 | | port_type srv_ptype; |
494 | | unsigned srv_port; |
495 | | |
496 | | uint32_t stream; |
497 | | |
498 | | /* The Application layer protocol if known (for STARTTLS support) */ |
499 | | dissector_handle_t app_handle; |
500 | | const char *alpn_name; |
501 | | /* The ALPN the client requested, not necessarily the one chosen */ |
502 | | const char *client_alpn_name; |
503 | | uint32_t last_nontls_frame; |
504 | | bool is_session_resumed; |
505 | | |
506 | | /* First pass only: track an in-progress handshake reassembly (>0) */ |
507 | | uint32_t client_hs_reassembly_id; |
508 | | uint32_t server_hs_reassembly_id; |
509 | | |
510 | | /* Connection ID extension |
511 | | |
512 | | struct { |
513 | | opaque cid<0..2^8-1>; |
514 | | } ConnectionId; |
515 | | */ |
516 | | |
517 | | uint8_t *client_cid; |
518 | | uint8_t *server_cid; |
519 | | uint8_t client_cid_len; |
520 | | bool client_cid_len_present; |
521 | | uint8_t server_cid_len; |
522 | | bool server_cid_len_present; |
523 | | bool deprecated_cid; /* Set when handshake is using the deprecated CID extension type */ |
524 | | uint64_t dtls13_current_epoch[2]; /* max epoch (for server and client respectively) */ |
525 | | uint64_t dtls13_next_seq_num[2]; /* DTLSv1.3 next expected seq number (for server and client respectively) */ |
526 | | } SslSession; |
527 | | |
528 | | /* RFC 5246, section 8.1 says that the master secret is always 48 bytes */ |
529 | 0 | #define SSL_MASTER_SECRET_LENGTH 48 |
530 | | |
531 | | struct cert_key_id; /* defined in epan/secrets.h */ |
532 | | |
533 | | /* This holds state information for a SSL conversation */ |
534 | | typedef struct _SslDecryptSession { |
535 | | unsigned char _master_secret[SSL_MASTER_SECRET_LENGTH]; |
536 | | unsigned char _session_id[256]; |
537 | | unsigned char _client_random[32]; |
538 | | unsigned char _server_random[32]; |
539 | | StringInfo session_id; |
540 | | StringInfo session_ticket; |
541 | | StringInfo server_random; |
542 | | StringInfo client_random; |
543 | | StringInfo master_secret; |
544 | | StringInfo handshake_data; |
545 | | /* the data store for this StringInfo must be allocated explicitly with a capture lifetime scope */ |
546 | | StringInfo pre_master_secret; |
547 | | unsigned char _server_data_for_iv[24]; |
548 | | StringInfo server_data_for_iv; |
549 | | unsigned char _client_data_for_iv[24]; |
550 | | StringInfo client_data_for_iv; |
551 | | |
552 | | int state; |
553 | | const SslCipherSuite *cipher_suite; |
554 | | SslDecoder *server; |
555 | | SslDecoder *client; |
556 | | SslDecoder *server_new; |
557 | | SslDecoder *client_new; |
558 | | #if defined(HAVE_LIBGNUTLS) |
559 | | struct cert_key_id *cert_key_id; /**< SHA-1 Key ID of public key in certificate. */ |
560 | | #endif |
561 | | StringInfo psk; |
562 | | StringInfo app_data_segment; |
563 | | SslSession session; |
564 | | bool has_early_data; |
565 | | StringInfo ech_transcript; |
566 | | |
567 | | } SslDecryptSession; |
568 | | |
569 | | /* RecordNumber - RFC 9147 section 4 */ |
570 | | typedef struct { |
571 | | uint64_t epoch; |
572 | | uint64_t sequence_number; |
573 | | } SslRecordNumber; |
574 | | |
575 | | /* User Access Table */ |
576 | | typedef struct _ssldecrypt_assoc_t { |
577 | | char* ipaddr; |
578 | | char* port; |
579 | | char* protocol; |
580 | | char* keyfile; |
581 | | char* password; |
582 | | } ssldecrypt_assoc_t; |
583 | | |
584 | | typedef struct ssl_common_options { |
585 | | const char *psk; |
586 | | const char *keylog_filename; |
587 | | } ssl_common_options_t; |
588 | | |
589 | | /** Map from something to a (pre-)master secret */ |
590 | | typedef struct { |
591 | | GHashTable *session; /* Session ID (1-32 bytes) to master secret. */ |
592 | | GHashTable *tickets; /* Session Ticket to master secret. */ |
593 | | GHashTable *crandom; /* Client Random to master secret */ |
594 | | GHashTable *pre_master; /* First 8 bytes of encrypted pre-master secret to |
595 | | pre-master secret */ |
596 | | GHashTable *pms; /* Client Random to unencrypted pre-master secret */ |
597 | | |
598 | | /* For TLS 1.3: maps Client Random to derived secret. */ |
599 | | GHashTable *tls13_client_early; |
600 | | GHashTable *tls13_client_handshake; |
601 | | GHashTable *tls13_server_handshake; |
602 | | GHashTable *tls13_client_appdata; |
603 | | GHashTable *tls13_server_appdata; |
604 | | GHashTable *tls13_early_exporter; |
605 | | GHashTable *tls13_exporter; |
606 | | GHashTable *ech_secret; |
607 | | GHashTable *ech_config; |
608 | | |
609 | | /* The hash tables above store the static keylog file contents and secrets |
610 | | * from any DSB, not all of which may be used, in addition to any master |
611 | | * secrets derived at runtime ([D]TLS < 1.3). These store the used |
612 | | * Client Random for exporting master secrets and derived secrets in |
613 | | * TLS Export Sessions or adding a DSB. |
614 | | */ |
615 | | GHashTable *used_crandom; |
616 | | } ssl_master_key_map_t; |
617 | | |
618 | | int ssl_get_keyex_alg(int cipher); |
619 | | |
620 | | void quic_transport_parameter_id_base_custom(char *result, uint64_t parameter_id); |
621 | | |
622 | | bool ssldecrypt_uat_fld_ip_chk_cb(void*, const char*, unsigned, const void*, const void*, char** err); |
623 | | bool ssldecrypt_uat_fld_port_chk_cb(void*, const char*, unsigned, const void*, const void*, char** err); |
624 | | bool ssldecrypt_uat_fld_fileopen_chk_cb(void*, const char*, unsigned, const void*, const void*, char** err); |
625 | | bool ssldecrypt_uat_fld_password_chk_cb(void*, const char*, unsigned, const void*, const void*, char** err); |
626 | | char* ssl_association_info(const char* dissector_table_name, const char* table_protocol); |
627 | | |
628 | | /** Initialize the list of sessions with connection ID */ |
629 | | void ssl_init_cid_list(void); |
630 | | |
631 | | /** Release resource allocated for the list of sessions with connection ID */ |
632 | | void ssl_cleanup_cid_list(void); |
633 | | |
634 | | /** Add a session to the list of sessions using connection ID */ |
635 | | void ssl_add_session_by_cid(SslDecryptSession *ssl); |
636 | | |
637 | | /** |
638 | | * Return a session with a matching connection ID |
639 | | * @param tvb a buffer containing a connection ID |
640 | | * @param offset offset of the connection ID in tvb |
641 | | */ |
642 | | SslDecryptSession *ssl_get_session_by_cid(tvbuff_t *tvb, uint32_t offset); |
643 | | |
644 | | /** Retrieve a SslSession, creating it if it did not already exist. |
645 | | * @param conversation The SSL conversation. |
646 | | * @param tls_handle The dissector handle for SSL or DTLS. |
647 | | */ |
648 | | extern SslDecryptSession * |
649 | | ssl_get_session(conversation_t *conversation, dissector_handle_t tls_handle); |
650 | | |
651 | | /** Resets the decryption parameters for the next decoder. */ |
652 | | extern void |
653 | | ssl_reset_session(SslSession *session, SslDecryptSession *ssl, bool is_client); |
654 | | |
655 | | /** Set server address and port */ |
656 | | extern void |
657 | | ssl_set_server(SslSession *session, address *addr, port_type ptype, uint32_t port); |
658 | | |
659 | | /** Sets the application data protocol dissector. Intended to be called by |
660 | | * protocols that encapsulate TLS instead of switching to it using STARTTLS. |
661 | | * @param tls_handle The dissector handle for TLS or DTLS. |
662 | | * @param pinfo Packet Info. |
663 | | * @param app_handle Dissector handle for the protocol inside the decrypted |
664 | | * Application Data record. |
665 | | */ |
666 | | WS_DLL_PUBLIC void |
667 | | tls_set_appdata_dissector(dissector_handle_t tls_handle, packet_info *pinfo, |
668 | | dissector_handle_t app_handle); |
669 | | |
670 | | /** Marks this packet as the last one before switching to SSL that is supposed |
671 | | * to encapsulate this protocol. |
672 | | * @param tls_handle The dissector handle for SSL or DTLS. |
673 | | * @param pinfo Packet Info. |
674 | | * @param app_handle Dissector handle for the protocol inside the decrypted |
675 | | * Application Data record. |
676 | | * @return 0 for the first STARTTLS acknowledgement (success) or if tls_handle |
677 | | * is NULL. >0 if STARTTLS was started before. |
678 | | */ |
679 | | WS_DLL_PUBLIC uint32_t |
680 | | ssl_starttls_ack(dissector_handle_t tls_handle, packet_info *pinfo, |
681 | | dissector_handle_t app_handle); |
682 | | |
683 | | /** Marks this packet as belonging to an SSL conversation started with STARTTLS. |
684 | | * @param tls_handle The dissector handle for SSL or DTLS. |
685 | | * @param pinfo Packet Info. |
686 | | * @param app_handle Dissector handle for the protocol inside the decrypted |
687 | | * Application Data record. |
688 | | * @return 0 for the first STARTTLS acknowledgement (success) or if tls_handle |
689 | | * is NULL. >0 if STARTTLS was started before. |
690 | | */ |
691 | | WS_DLL_PUBLIC uint32_t |
692 | | ssl_starttls_post_ack(dissector_handle_t tls_handle, packet_info *pinfo, |
693 | | dissector_handle_t app_handle); |
694 | | |
695 | | extern dissector_handle_t |
696 | | ssl_find_appdata_dissector(const char *name); |
697 | | |
698 | | /** set the data and len for the stringInfo buffer. buf should be big enough to |
699 | | * contain the provided data |
700 | | @param buf the buffer to update |
701 | | @param src the data source |
702 | | @param len the source data len */ |
703 | | extern void |
704 | | ssl_data_set(StringInfo* buf, const unsigned char* src, unsigned len); |
705 | | |
706 | | /** alloc the data with the specified len for the stringInfo buffer. |
707 | | @param str the data source |
708 | | @param len the source data len */ |
709 | | extern int |
710 | | ssl_data_alloc(StringInfo* str, size_t len); |
711 | | |
712 | | extern int |
713 | | ssl_cipher_setiv(SSL_CIPHER_CTX *cipher, unsigned char* iv, int iv_len); |
714 | | |
715 | | /** Search for the specified cipher suite id |
716 | | @param num the id of the cipher suite to be searched |
717 | | @return pointer to the cipher suite struct (or NULL if not found). */ |
718 | | extern const SslCipherSuite * |
719 | | ssl_find_cipher(int num); |
720 | | |
721 | | |
722 | | /** Returns the Libgcrypt cipher identifier or 0 if unavailable. */ |
723 | | int |
724 | | ssl_get_cipher_algo(const SslCipherSuite *cipher_suite); |
725 | | |
726 | | /** Obtains the block size for a CBC block cipher. |
727 | | * @param cipher_suite a cipher suite as returned by ssl_find_cipher(). |
728 | | * @return the block size of a cipher or 0 if unavailable. |
729 | | */ |
730 | | unsigned |
731 | | ssl_get_cipher_blocksize(const SslCipherSuite *cipher_suite); |
732 | | |
733 | | bool |
734 | | ssl_generate_pre_master_secret(SslDecryptSession *ssl_session, |
735 | | uint32_t length, tvbuff_t *tvb, uint32_t offset, |
736 | | const char *ssl_psk, packet_info *pinfo, |
737 | | #ifdef HAVE_LIBGNUTLS |
738 | | GHashTable *key_hash, |
739 | | #endif |
740 | | const ssl_master_key_map_t *mk_map); |
741 | | |
742 | | /** Expand the pre_master_secret to generate all the session information |
743 | | * (master secret, session keys, ivs) |
744 | | @param ssl_session the store for all the session data |
745 | | @return 0 on success */ |
746 | | extern int |
747 | | ssl_generate_keyring_material(SslDecryptSession*ssl_session); |
748 | | |
749 | | extern void |
750 | | ssl_change_cipher(SslDecryptSession *ssl_session, bool server); |
751 | | |
752 | | /** Try to decrypt an ssl record |
753 | | @param allocator scope allocation of the decrypted data |
754 | | @param ssl ssl_session the store all the session data |
755 | | @param decoder the stream decoder to be used |
756 | | @param ct the content type of this ssl record |
757 | | @param record_version the version as contained in the record |
758 | | @param ignore_mac_failed whether to ignore MAC or authenticity failures |
759 | | @param in a pointer to the ssl record to be decrypted |
760 | | @param inl the record length |
761 | | @param cid a pointer to the connection ID to use in AEAD or NULL |
762 | | @param cidl the connection ID length or 0 if cid is NULL |
763 | | @param comp_str a pointer to the store the compression data |
764 | | @param out_str a pointer to the store for the decrypted data |
765 | | @param outl the decrypted data len |
766 | | @return 0 on success */ |
767 | | extern int |
768 | | ssl_decrypt_record(wmem_allocator_t* allocator, SslDecryptSession *ssl, SslDecoder *decoder, uint8_t ct, uint16_t record_version, |
769 | | bool ignore_mac_failed, |
770 | | const unsigned char *in, uint16_t inl, const unsigned char *cid, uint8_t cidl, |
771 | | StringInfo *comp_str, StringInfo *out_str, unsigned *outl); |
772 | | |
773 | | |
774 | | /* Common part between TLS and DTLS dissectors */ |
775 | | |
776 | | /* handling of association between tls/dtls ports and clear text protocol */ |
777 | | extern void |
778 | | ssl_association_add(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, unsigned port, bool tcp); |
779 | | |
780 | | extern void |
781 | | ssl_association_remove(const char* dissector_table_name, dissector_handle_t main_handle, dissector_handle_t subdissector_handle, unsigned port, bool tcp); |
782 | | |
783 | | extern int |
784 | | ssl_packet_from_server(SslSession *session, dissector_table_t table, const packet_info *pinfo); |
785 | | |
786 | | /* Obtain information about the current TLS layer. */ |
787 | | SslPacketInfo * |
788 | | tls_add_packet_info(int proto, packet_info *pinfo, uint8_t curr_layer_num_ssl); |
789 | | |
790 | | /* add to packet data a copy of the specified real data */ |
791 | | extern void |
792 | | ssl_add_record_info(int proto, packet_info *pinfo, |
793 | | const unsigned char *plain_data, int plain_data_len, int content_len, |
794 | | int record_id, SslFlow *flow, ContentType type, uint8_t curr_layer_num_ssl, |
795 | | uint64_t record_seq); |
796 | | |
797 | | /* search in packet data for the specified id; return a newly created tvb for the associated data */ |
798 | | extern tvbuff_t* |
799 | | ssl_get_record_info(tvbuff_t *parent_tvb, int proto, packet_info *pinfo, int record_id, uint8_t curr_layer_num_ssl, SslRecordInfo **matched_record); |
800 | | |
801 | | /* initialize/reset per capture state data (ssl sessions cache) */ |
802 | | extern void |
803 | | ssl_common_init(ssl_master_key_map_t *master_key_map, |
804 | | StringInfo *decrypted_data, StringInfo *compressed_data); |
805 | | extern void |
806 | | ssl_common_cleanup(ssl_master_key_map_t *master_key_map, FILE **ssl_keylog_file, |
807 | | StringInfo *decrypted_data, StringInfo *compressed_data); |
808 | | |
809 | | /** |
810 | | * Access to the keys in the TLS dissector, for use by the DTLS dissector. |
811 | | * (This is a transition function, it would be nice if the static keylog file |
812 | | * contents was separated from keys derived at runtime.) |
813 | | */ |
814 | | WS_DLL_PUBLIC ssl_master_key_map_t * |
815 | | tls_get_master_key_map(bool load_secrets); |
816 | | |
817 | | /* Process lines from the TLS key log and populate the secrets map. */ |
818 | | extern void |
819 | | tls_keylog_process_lines(const ssl_master_key_map_t *mk_map, const uint8_t *data, unsigned len); |
820 | | |
821 | | /* tries to update the secrets cache from the given filename */ |
822 | | extern void |
823 | | ssl_load_keyfile(const char *ssl_keylog_filename, FILE **keylog_file, |
824 | | const ssl_master_key_map_t *mk_map); |
825 | | |
826 | | #ifdef HAVE_LIBGNUTLS |
827 | | /* parse ssl related preferences (private keys and ports association strings) */ |
828 | | extern void |
829 | | ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, const char* dissector_table_name, dissector_handle_t main_handle, bool tcp); |
830 | | #endif |
831 | | |
832 | | extern void |
833 | | ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map); |
834 | | |
835 | | /** |
836 | | * Mark a Client Random as used (not just present in the keylog file), |
837 | | * to enable "Export TLS Sessions Keys" or "Inject Secrets" |
838 | | */ |
839 | | extern void |
840 | | tls_save_crandom(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map); |
841 | | |
842 | | extern bool |
843 | | tls13_generate_keys(SslDecryptSession *ssl_session, const StringInfo *secret, bool is_from_server); |
844 | | |
845 | | extern StringInfo * |
846 | | tls13_load_secret(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, |
847 | | bool is_from_server, TLSRecordType type); |
848 | | |
849 | | extern void |
850 | | tls13_change_key(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, |
851 | | bool is_from_server, TLSRecordType type); |
852 | | |
853 | | extern void |
854 | | tls13_key_update(SslDecryptSession *ssl, bool is_from_server); |
855 | | |
856 | | extern bool |
857 | | ssl_is_valid_content_type(uint8_t type); |
858 | | |
859 | | extern bool |
860 | | ssl_is_valid_handshake_type(uint8_t hs_type, bool is_dtls); |
861 | | |
862 | | extern bool |
863 | | tls_scan_server_hello(tvbuff_t *tvb, uint32_t offset, uint32_t offset_end, |
864 | | uint16_t *server_version, bool *is_hrr); |
865 | | |
866 | | extern void |
867 | | ssl_try_set_version(SslSession *session, SslDecryptSession *ssl, |
868 | | uint8_t content_type, uint8_t handshake_type, |
869 | | bool is_dtls, uint16_t version); |
870 | | |
871 | | extern void |
872 | | ssl_calculate_handshake_hash(SslDecryptSession *ssl_session, tvbuff_t *tvb, uint32_t offset, uint32_t length); |
873 | | |
874 | | /* common header fields, subtrees and expert info for SSL and DTLS dissectors */ |
875 | | typedef struct ssl_common_dissect { |
876 | | struct { |
877 | | int change_cipher_spec; |
878 | | int hs_exts_len; |
879 | | int hs_ext_alpn_len; |
880 | | int hs_ext_alpn_list; |
881 | | int hs_ext_alpn_str; |
882 | | int hs_ext_alpn_str_len; |
883 | | int hs_ext_cert_url_item; |
884 | | int hs_ext_cert_url_padding; |
885 | | int hs_ext_cert_url_sha1; |
886 | | int hs_ext_cert_url_type; |
887 | | int hs_ext_cert_url_url; |
888 | | int hs_ext_cert_url_url_hash_list_len; |
889 | | int hs_ext_cert_url_url_len; |
890 | | int hs_ext_cert_status_type; |
891 | | int hs_ext_cert_status_request_len; |
892 | | int hs_ext_cert_status_responder_id_list_len; |
893 | | int hs_ext_cert_status_request_extensions_len; |
894 | | int hs_ext_cert_status_request_list_len; |
895 | | int hs_ocsp_response_list_len; |
896 | | int hs_ocsp_response_len; |
897 | | int hs_ext_cert_type; |
898 | | int hs_ext_cert_types; |
899 | | int hs_ext_cert_types_len; |
900 | | int hs_ext_data; |
901 | | int hs_ext_ec_point_format; |
902 | | int hs_ext_ec_point_formats; |
903 | | int hs_ext_ec_point_formats_len; |
904 | | int hs_ext_srp_len; |
905 | | int hs_ext_srp_username; |
906 | | int hs_ext_supported_group; |
907 | | int hs_ext_supported_groups; |
908 | | int hs_ext_supported_groups_len; |
909 | | int hs_ext_ech_outer_ext; |
910 | | int hs_ext_ech_outer_ext_len; |
911 | | int hs_ech_confirm; |
912 | | int hs_ech_confirm_compute; |
913 | | int hs_ext_heartbeat_mode; |
914 | | int hs_ext_len; |
915 | | int hs_ext_npn_str; |
916 | | int hs_ext_npn_str_len; |
917 | | int hs_ext_reneg_info_len; |
918 | | int hs_ext_reneg_info; |
919 | | int hs_ext_key_share_client_length; |
920 | | int hs_ext_key_share_group; |
921 | | int hs_ext_key_share_key_exchange_length; |
922 | | int hs_ext_key_share_key_exchange; |
923 | | int hs_ext_key_share_selected_group; |
924 | | int hs_ext_psk_identities_length; |
925 | | int hs_ext_psk_identity_identity_length; |
926 | | int hs_ext_psk_identity_identity; |
927 | | int hs_ext_psk_identity_obfuscated_ticket_age; |
928 | | int hs_ext_psk_binders_length; |
929 | | int hs_ext_psk_binders; |
930 | | int hs_ext_psk_binder; |
931 | | int hs_ext_psk_binder_binder_length; |
932 | | int hs_ext_psk_binder_binder; |
933 | | int hs_ext_psk_identity_selected; |
934 | | int hs_ext_session_ticket; |
935 | | int hs_ext_supported_versions_len; |
936 | | int hs_ext_supported_version; |
937 | | int hs_ext_cookie_len; |
938 | | int hs_ext_cookie; |
939 | | int hs_ext_server_name; |
940 | | int hs_ext_server_name_len; |
941 | | int hs_ext_server_name_list_len; |
942 | | int hs_ext_server_name_type; |
943 | | int hs_ext_max_fragment_length; |
944 | | int hs_ext_padding_data; |
945 | | int hs_ext; |
946 | | int hs_ext_type; |
947 | | int hs_ext_connection_id_length; |
948 | | int hs_ext_connection_id; |
949 | | int hs_ext_trusted_ca_keys_len; |
950 | | int hs_ext_trusted_ca_keys_list; |
951 | | int hs_ext_trusted_ca_key; |
952 | | int hs_ext_trusted_ca_key_type; |
953 | | int hs_ext_trusted_ca_key_hash; |
954 | | int hs_ext_trusted_ca_key_dname_len; |
955 | | int hs_ext_trusted_ca_key_dname; |
956 | | int hs_sig_hash_alg; |
957 | | int hs_sig_hash_alg_len; |
958 | | int hs_sig_hash_algs; |
959 | | int hs_sig_hash_hash; |
960 | | int hs_sig_hash_sig; |
961 | | int hs_client_keyex_epms_len; |
962 | | int hs_client_keyex_epms; |
963 | | int hs_server_keyex_modulus_len; |
964 | | int hs_server_keyex_exponent_len; |
965 | | int hs_server_keyex_sig_len; |
966 | | int hs_server_keyex_p_len; |
967 | | int hs_server_keyex_g_len; |
968 | | int hs_server_keyex_ys_len; |
969 | | int hs_client_keyex_yc_len; |
970 | | int hs_client_keyex_point_len; |
971 | | int hs_server_keyex_point_len; |
972 | | int hs_server_keyex_p; |
973 | | int hs_server_keyex_g; |
974 | | int hs_server_keyex_curve_type; |
975 | | int hs_server_keyex_named_curve; |
976 | | int hs_server_keyex_ys; |
977 | | int hs_client_keyex_yc; |
978 | | int hs_server_keyex_point; |
979 | | int hs_client_keyex_point; |
980 | | int hs_server_keyex_xs_len; |
981 | | int hs_client_keyex_xc_len; |
982 | | int hs_server_keyex_xs; |
983 | | int hs_client_keyex_xc; |
984 | | int hs_server_keyex_vs_len; |
985 | | int hs_client_keyex_vc_len; |
986 | | int hs_server_keyex_vs; |
987 | | int hs_client_keyex_vc; |
988 | | int hs_server_keyex_rs_len; |
989 | | int hs_client_keyex_rc_len; |
990 | | int hs_server_keyex_rs; |
991 | | int hs_client_keyex_rc; |
992 | | int hs_server_keyex_modulus; |
993 | | int hs_server_keyex_exponent; |
994 | | int hs_server_keyex_sig; |
995 | | int hs_server_keyex_hint_len; |
996 | | int hs_server_keyex_hint; |
997 | | int hs_client_keyex_identity_len; |
998 | | int hs_client_keyex_identity; |
999 | | int hs_certificates_len; |
1000 | | int hs_certificates; |
1001 | | int hs_certificate_len; |
1002 | | int hs_certificate; |
1003 | | int hs_cert_types_count; |
1004 | | int hs_cert_types; |
1005 | | int hs_cert_type; |
1006 | | int hs_dnames_len; |
1007 | | int hs_dnames; |
1008 | | int hs_dnames_truncated; |
1009 | | int hs_dname_len; |
1010 | | int hs_dname; |
1011 | | int hs_random; |
1012 | | int hs_random_time; |
1013 | | int hs_random_bytes; |
1014 | | int hs_session_id; |
1015 | | int hs_session_id_len; |
1016 | | int hs_client_version; |
1017 | | int hs_server_version; |
1018 | | int hs_cipher_suites_len; |
1019 | | int hs_cipher_suites; |
1020 | | int hs_cipher_suite; |
1021 | | int hs_comp_methods_len; |
1022 | | int hs_comp_methods; |
1023 | | int hs_comp_method; |
1024 | | int hs_session_ticket_lifetime_hint; |
1025 | | int hs_session_ticket_age_add; |
1026 | | int hs_session_ticket_nonce_len; |
1027 | | int hs_session_ticket_nonce; |
1028 | | int hs_session_ticket_len; |
1029 | | int hs_session_ticket; |
1030 | | int hs_finished; |
1031 | | int hs_client_cert_vrfy_sig_len; |
1032 | | int hs_client_cert_vrfy_sig; |
1033 | | int hs_ja3_full; |
1034 | | int hs_ja3_hash; |
1035 | | int hs_ja3s_full; |
1036 | | int hs_ja3s_hash; |
1037 | | int hs_ja4; |
1038 | | int hs_ja4_r; |
1039 | | |
1040 | | /* TLS 1.3 */ |
1041 | | int hs_ext_psk_ke_modes_length; |
1042 | | int hs_ext_psk_ke_mode; |
1043 | | int hs_certificate_request_context_length; |
1044 | | int hs_certificate_request_context; |
1045 | | int hs_key_update_request_update; |
1046 | | int sct_scts_length; |
1047 | | int sct_sct_length; |
1048 | | int sct_sct_version; |
1049 | | int sct_sct_logid; |
1050 | | int sct_sct_timestamp; |
1051 | | int sct_sct_extensions_length; |
1052 | | int sct_sct_extensions; |
1053 | | int sct_sct_signature; |
1054 | | int sct_sct_signature_length; |
1055 | | int hs_ext_max_early_data_size; |
1056 | | int hs_ext_oid_filters_length; |
1057 | | int hs_ext_oid_filters_oid_length; |
1058 | | int hs_ext_oid_filters_oid; |
1059 | | int hs_ext_oid_filters_values_length; |
1060 | | int hs_cred_valid_time; |
1061 | | int hs_cred_pubkey; |
1062 | | int hs_cred_pubkey_len; |
1063 | | int hs_cred_signature; |
1064 | | int hs_cred_signature_len; |
1065 | | |
1066 | | /* compress_certificate */ |
1067 | | int hs_ext_compress_certificate_algorithms_length; |
1068 | | int hs_ext_compress_certificate_algorithm; |
1069 | | int hs_ext_compress_certificate_uncompressed_length; |
1070 | | int hs_ext_compress_certificate_compressed_certificate_message_length; |
1071 | | int hs_ext_compress_certificate_compressed_certificate_message; |
1072 | | |
1073 | | /* Token Binding Negotiation */ |
1074 | | int hs_ext_token_binding_version_major; |
1075 | | int hs_ext_token_binding_version_minor; |
1076 | | int hs_ext_token_binding_key_parameters; |
1077 | | int hs_ext_token_binding_key_parameters_length; |
1078 | | int hs_ext_token_binding_key_parameter; |
1079 | | |
1080 | | int hs_ext_record_size_limit; |
1081 | | |
1082 | | /* QUIC Transport Parameters */ |
1083 | | int hs_ext_quictp_len; |
1084 | | int hs_ext_quictp_parameter; |
1085 | | int hs_ext_quictp_parameter_type; |
1086 | | int hs_ext_quictp_parameter_len; |
1087 | | int hs_ext_quictp_parameter_len_old; |
1088 | | int hs_ext_quictp_parameter_value; |
1089 | | int hs_ext_quictp_parameter_original_destination_connection_id; |
1090 | | int hs_ext_quictp_parameter_max_idle_timeout; |
1091 | | int hs_ext_quictp_parameter_stateless_reset_token; |
1092 | | int hs_ext_quictp_parameter_initial_max_data; |
1093 | | int hs_ext_quictp_parameter_initial_max_stream_data_bidi_local; |
1094 | | int hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote; |
1095 | | int hs_ext_quictp_parameter_initial_max_stream_data_uni; |
1096 | | int hs_ext_quictp_parameter_initial_max_streams_bidi; |
1097 | | int hs_ext_quictp_parameter_initial_max_streams_uni; |
1098 | | int hs_ext_quictp_parameter_ack_delay_exponent; |
1099 | | int hs_ext_quictp_parameter_max_ack_delay; |
1100 | | int hs_ext_quictp_parameter_max_udp_payload_size; |
1101 | | int hs_ext_quictp_parameter_pa_ipv4address; |
1102 | | int hs_ext_quictp_parameter_pa_ipv6address; |
1103 | | int hs_ext_quictp_parameter_pa_ipv4port; |
1104 | | int hs_ext_quictp_parameter_pa_ipv6port; |
1105 | | int hs_ext_quictp_parameter_pa_connectionid_length; |
1106 | | int hs_ext_quictp_parameter_pa_connectionid; |
1107 | | int hs_ext_quictp_parameter_pa_statelessresettoken; |
1108 | | int hs_ext_quictp_parameter_active_connection_id_limit; |
1109 | | int hs_ext_quictp_parameter_initial_source_connection_id; |
1110 | | int hs_ext_quictp_parameter_retry_source_connection_id; |
1111 | | int hs_ext_quictp_parameter_max_datagram_frame_size; |
1112 | | int hs_ext_quictp_parameter_cibir_encoding_length; |
1113 | | int hs_ext_quictp_parameter_cibir_encoding_offset; |
1114 | | int hs_ext_quictp_parameter_loss_bits; |
1115 | | int hs_ext_quictp_parameter_address_discovery; |
1116 | | int hs_ext_quictp_parameter_enable_time_stamp_v2; |
1117 | | int hs_ext_quictp_parameter_min_ack_delay; |
1118 | | int hs_ext_quictp_parameter_google_user_agent_id; |
1119 | | int hs_ext_quictp_parameter_google_key_update_not_yet_supported; |
1120 | | int hs_ext_quictp_parameter_google_quic_version; |
1121 | | int hs_ext_quictp_parameter_google_initial_rtt; |
1122 | | int hs_ext_quictp_parameter_google_support_handshake_done; |
1123 | | int hs_ext_quictp_parameter_google_quic_params; |
1124 | | int hs_ext_quictp_parameter_google_quic_params_unknown_field; |
1125 | | int hs_ext_quictp_parameter_google_connection_options; |
1126 | | int hs_ext_quictp_parameter_google_supported_versions_length; |
1127 | | int hs_ext_quictp_parameter_google_supported_version; |
1128 | | int hs_ext_quictp_parameter_facebook_partial_reliability; |
1129 | | int hs_ext_quictp_parameter_chosen_version; |
1130 | | int hs_ext_quictp_parameter_other_version; |
1131 | | int hs_ext_quictp_parameter_enable_multipath; |
1132 | | int hs_ext_quictp_parameter_initial_max_paths; |
1133 | | int hs_ext_quictp_parameter_initial_max_path_id; |
1134 | | |
1135 | | int esni_suite; |
1136 | | int esni_record_digest_length; |
1137 | | int esni_record_digest; |
1138 | | int esni_encrypted_sni_length; |
1139 | | int esni_encrypted_sni; |
1140 | | int esni_nonce; |
1141 | | |
1142 | | int ech_echconfiglist_length; |
1143 | | int ech_echconfiglist; |
1144 | | int ech_echconfig; |
1145 | | int ech_echconfig_version; |
1146 | | int ech_echconfig_length; |
1147 | | int ech_echconfigcontents_maximum_name_length; |
1148 | | int ech_echconfigcontents_public_name_length; |
1149 | | int ech_echconfigcontents_public_name; |
1150 | | int ech_echconfigcontents_extensions_length; |
1151 | | int ech_echconfigcontents_extensions; |
1152 | | int ech_hpke_keyconfig; |
1153 | | int ech_hpke_keyconfig_config_id; |
1154 | | int ech_hpke_keyconfig_kem_id; |
1155 | | int ech_hpke_keyconfig_public_key_length; |
1156 | | int ech_hpke_keyconfig_public_key; |
1157 | | int ech_hpke_keyconfig_cipher_suites; |
1158 | | int ech_hpke_keyconfig_cipher_suites_length; |
1159 | | int ech_hpke_keyconfig_cipher_suite; |
1160 | | int ech_hpke_keyconfig_cipher_suite_kdf_id; |
1161 | | int ech_hpke_keyconfig_cipher_suite_aead_id; |
1162 | | int ech_clienthello_type; |
1163 | | int ech_cipher_suite; |
1164 | | int ech_config_id; |
1165 | | int ech_enc_length; |
1166 | | int ech_enc; |
1167 | | int ech_payload_length; |
1168 | | int ech_payload; |
1169 | | int ech_confirmation; |
1170 | | int ech_retry_configs; |
1171 | | int ech_padding_data; |
1172 | | |
1173 | | int hs_ext_alps_len; |
1174 | | int hs_ext_alps_alpn_list; |
1175 | | int hs_ext_alps_alpn_str; |
1176 | | int hs_ext_alps_alpn_str_len; |
1177 | | int hs_ext_alps_settings; |
1178 | | |
1179 | | /* do not forget to update SSL_COMMON_HF_LIST! */ |
1180 | | } hf; |
1181 | | struct { |
1182 | | int hs_ext; |
1183 | | int hs_ext_alpn; |
1184 | | int hs_ext_cert_types; |
1185 | | int hs_ext_groups; |
1186 | | int hs_ext_curves_point_formats; |
1187 | | int hs_ext_npn; |
1188 | | int hs_ext_reneg_info; |
1189 | | int hs_ext_key_share; |
1190 | | int hs_ext_key_share_ks; |
1191 | | int hs_ext_pre_shared_key; |
1192 | | int hs_ext_psk_identity; |
1193 | | int hs_ext_psk_binders; |
1194 | | int hs_ext_psk_binder; |
1195 | | int hs_ext_server_name; |
1196 | | int hs_ext_oid_filter; |
1197 | | int hs_ext_quictp_parameter; |
1198 | | int hs_ext_trusted_ca_keys; |
1199 | | int hs_ext_trusted_ca_key; |
1200 | | int hs_sig_hash_alg; |
1201 | | int hs_sig_hash_algs; |
1202 | | int urlhash; |
1203 | | int keyex_params; |
1204 | | int certificates; |
1205 | | int cert_types; |
1206 | | int dnames; |
1207 | | int hs_random; |
1208 | | int cipher_suites; |
1209 | | int comp_methods; |
1210 | | int session_ticket; |
1211 | | int sct; |
1212 | | int cert_status; |
1213 | | int ocsp_response; |
1214 | | int uncompressed_certificates; |
1215 | | int hs_ext_alps; |
1216 | | int ech_echconfiglist; |
1217 | | int ech_echconfig; |
1218 | | int ech_retry_configs; |
1219 | | int ech_hpke_keyconfig; |
1220 | | int ech_hpke_cipher_suites; |
1221 | | int ech_hpke_cipher_suite; |
1222 | | int ech_decrypt; |
1223 | | int hs_ext_token_binding_key_parameters; |
1224 | | |
1225 | | /* do not forget to update SSL_COMMON_ETT_LIST! */ |
1226 | | } ett; |
1227 | | struct { |
1228 | | /* Generic expert info for malformed packets. */ |
1229 | | expert_field client_version_error; |
1230 | | expert_field server_version_error; |
1231 | | expert_field legacy_version; |
1232 | | expert_field malformed_vector_length; |
1233 | | expert_field malformed_buffer_too_small; |
1234 | | expert_field malformed_trailing_data; |
1235 | | |
1236 | | expert_field hs_ext_cert_status_undecoded; |
1237 | | expert_field hs_ciphersuite_undecoded; |
1238 | | expert_field hs_srv_keyex_illegal; |
1239 | | expert_field resumed; |
1240 | | expert_field record_length_invalid; |
1241 | | expert_field decompression_error; |
1242 | | |
1243 | | expert_field ech_echconfig_invalid_version; |
1244 | | expert_field ech_accepted; |
1245 | | expert_field ech_rejected; |
1246 | | |
1247 | | /* do not forget to update SSL_COMMON_EI_LIST! */ |
1248 | | } ei; |
1249 | | } ssl_common_dissect_t; |
1250 | | |
1251 | | /* Header fields specific to DTLS. See packet-dtls.c */ |
1252 | | typedef struct { |
1253 | | int hf_dtls_handshake_cookie_len; |
1254 | | int hf_dtls_handshake_cookie; |
1255 | | |
1256 | | /* Do not forget to initialize dtls_hfs to -1 in packet-dtls.c! */ |
1257 | | } dtls_hfs_t; |
1258 | | |
1259 | | /* Header fields specific to SSL. See packet-tls.c */ |
1260 | | typedef struct { |
1261 | | int hs_md5_hash; |
1262 | | int hs_sha_hash; |
1263 | | |
1264 | | /* Do not forget to initialize ssl_hfs to -1 in packet-tls.c! */ |
1265 | | } ssl_hfs_t; |
1266 | | |
1267 | | typedef struct { |
1268 | | uint32_t max_version; |
1269 | | bool server_name_present; |
1270 | | int num_cipher_suites; |
1271 | | int num_extensions; |
1272 | | wmem_strbuf_t *alpn; |
1273 | | wmem_list_t *cipher_list; |
1274 | | wmem_list_t *extension_list; |
1275 | | wmem_list_t *sighash_list; |
1276 | | } ja4_data_t; |
1277 | | |
1278 | | |
1279 | | /* Helpers for dissecting Variable-Length Vectors. {{{ */ |
1280 | | /* Largest value that fits in a 24-bit number (2^24-1). */ |
1281 | 0 | #define G_MAXUINT24 ((1U << 24) - 1) |
1282 | | |
1283 | | /** |
1284 | | * Helper for dissection of variable-length vectors (RFC 5246, section 4.3). It |
1285 | | * adds a length field to the tree and writes the validated length value into |
1286 | | * "ret_length" (which is truncated if it exceeds "offset_end"). |
1287 | | * |
1288 | | * The size of the field is derived from "max_value" (for example, 8 and 255 |
1289 | | * require one byte while 400 needs two bytes). Expert info is added if the |
1290 | | * length field from the tvb is outside the (min_value, max_value) range. |
1291 | | * |
1292 | | * Returns true if there is enough space for the length field and data elements |
1293 | | * and false otherwise. |
1294 | | */ |
1295 | | extern bool |
1296 | | ssl_add_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
1297 | | unsigned offset, unsigned offset_end, uint32_t *ret_length, |
1298 | | int hf_length, uint32_t min_value, uint32_t max_value); |
1299 | | |
1300 | | /** |
1301 | | * Helper to check whether the data in a vector with multiple elements is |
1302 | | * correctly dissected. If the current "offset" (normally the value after |
1303 | | * adding all kinds of fields) does not match "offset_end" (the end of the |
1304 | | * vector), expert info is added. |
1305 | | * |
1306 | | * Returns true if the offset matches the end of the vector and false otherwise. |
1307 | | */ |
1308 | | extern bool |
1309 | | ssl_end_vector(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
1310 | | unsigned offset, unsigned offset_end); |
1311 | | /* }}} */ |
1312 | | |
1313 | | |
1314 | | extern void |
1315 | | ssl_check_record_length(ssl_common_dissect_t *hf, packet_info *pinfo, |
1316 | | ContentType content_type, |
1317 | | unsigned record_length, proto_item *length_pi, |
1318 | | uint16_t version, tvbuff_t *decrypted_tvb); |
1319 | | |
1320 | | void |
1321 | | ssl_dissect_change_cipher_spec(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
1322 | | packet_info *pinfo, proto_tree *tree, |
1323 | | uint32_t offset, SslSession *session, |
1324 | | bool is_from_server, |
1325 | | const SslDecryptSession *ssl); |
1326 | | |
1327 | | extern int |
1328 | | ssl_dissect_hnd_cli_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
1329 | | packet_info *pinfo, proto_tree *tree, uint32_t offset, |
1330 | | uint32_t offset_end, SslSession *session, |
1331 | | SslDecryptSession *ssl, |
1332 | | dtls_hfs_t *dtls_hfs, ssl_master_key_map_t *mk_map); |
1333 | | |
1334 | | extern void |
1335 | | ssl_dissect_hnd_srv_hello(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo, |
1336 | | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
1337 | | SslSession *session, SslDecryptSession *ssl, |
1338 | | bool is_dtls, bool is_hrr); |
1339 | | |
1340 | | extern void |
1341 | | ssl_dissect_hnd_hello_retry_request(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo, |
1342 | | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
1343 | | SslSession *session, SslDecryptSession *ssl, |
1344 | | bool is_dtls); |
1345 | | |
1346 | | extern void |
1347 | | ssl_dissect_hnd_encrypted_extensions(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info* pinfo, |
1348 | | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
1349 | | SslSession *session, SslDecryptSession *ssl, |
1350 | | bool is_dtls); |
1351 | | |
1352 | | extern void |
1353 | | ssl_dissect_hnd_new_ses_ticket(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
1354 | | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
1355 | | SslSession *session, SslDecryptSession *ssl, |
1356 | | bool is_dtls, GHashTable *session_hash); |
1357 | | |
1358 | | extern void |
1359 | | ssl_dissect_hnd_cert(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, |
1360 | | uint32_t offset, uint32_t offset_end, packet_info *pinfo, |
1361 | | SslSession *session, SslDecryptSession *ssl, |
1362 | | bool is_from_server, bool is_dtls); |
1363 | | |
1364 | | extern void |
1365 | | ssl_dissect_hnd_cert_req(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
1366 | | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
1367 | | SslSession *session, bool is_dtls); |
1368 | | |
1369 | | extern void |
1370 | | ssl_dissect_hnd_cli_cert_verify(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
1371 | | proto_tree *tree, uint32_t offset, uint32_t offset_end, uint16_t version); |
1372 | | |
1373 | | extern void |
1374 | | ssl_dissect_hnd_finished(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
1375 | | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
1376 | | const SslSession *session, ssl_hfs_t *ssl_hfs); |
1377 | | |
1378 | | extern void |
1379 | | ssl_dissect_hnd_cert_url(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, uint32_t offset); |
1380 | | |
1381 | | extern uint32_t |
1382 | | tls_dissect_hnd_certificate_status(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
1383 | | proto_tree *tree, uint32_t offset, uint32_t offset_end); |
1384 | | |
1385 | | extern void |
1386 | | ssl_dissect_hnd_cli_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
1387 | | proto_tree *tree, uint32_t offset, uint32_t length, |
1388 | | const SslSession *session); |
1389 | | |
1390 | | extern void |
1391 | | ssl_dissect_hnd_srv_keyex(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
1392 | | proto_tree *tree, uint32_t offset, uint32_t offset_end, |
1393 | | const SslSession *session); |
1394 | | |
1395 | | extern void |
1396 | | tls13_dissect_hnd_key_update(ssl_common_dissect_t *hf, tvbuff_t *tvb, |
1397 | | proto_tree *tree, uint32_t offset); |
1398 | | |
1399 | | extern uint32_t |
1400 | | tls_dissect_sct_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
1401 | | uint32_t offset, uint32_t offset_end, uint16_t version); |
1402 | | |
1403 | | extern bool |
1404 | | tls13_hkdf_expand_label_context(int md, const StringInfo *secret, |
1405 | | const char *label_prefix, const char *label, |
1406 | | const uint8_t *context, uint8_t context_length, |
1407 | | uint16_t out_len, unsigned char **out); |
1408 | | |
1409 | | extern bool |
1410 | | tls13_hkdf_expand_label(int md, const StringInfo *secret, |
1411 | | const char *label_prefix, const char *label, |
1412 | | uint16_t out_len, unsigned char **out); |
1413 | | |
1414 | | extern void |
1415 | | ssl_dissect_hnd_compress_certificate(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *tree, |
1416 | | uint32_t offset, uint32_t offset_end, packet_info *pinfo, |
1417 | | SslSession *session _U_, SslDecryptSession *ssl _U_, |
1418 | | bool is_from_server _U_, bool is_dtls _U_); |
1419 | | |
1420 | | extern tap_packet_status |
1421 | | ssl_follow_tap_listener(void *tapdata, packet_info *pinfo, epan_dissect_t *edt _U_, const void *ssl, tap_flags_t flags _U_); |
1422 | | |
1423 | | /* {{{ */ |
1424 | | #define SSL_COMMON_LIST_T(name) \ |
1425 | | ssl_common_dissect_t name |
1426 | | /* }}} */ |
1427 | | |
1428 | | /* {{{ */ |
1429 | | #define SSL_COMMON_HF_LIST(name, prefix) \ |
1430 | 28 | { & name .hf.change_cipher_spec, \ |
1431 | 28 | { "Change Cipher Spec Message", prefix ".change_cipher_spec", \ |
1432 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1433 | 28 | "Signals a change in cipher specifications", HFILL } \ |
1434 | 28 | }, \ |
1435 | 28 | { & name .hf.hs_exts_len, \ |
1436 | 28 | { "Extensions Length", prefix ".handshake.extensions_length", \ |
1437 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1438 | 28 | "Length of hello extensions", HFILL } \ |
1439 | 28 | }, \ |
1440 | 28 | { & name .hf.hs_ext, \ |
1441 | 28 | { "Extension", prefix ".handshake.extension", \ |
1442 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1443 | 28 | "Hello extension", HFILL } \ |
1444 | 28 | }, \ |
1445 | 28 | { & name .hf.hs_ext_type, \ |
1446 | 28 | { "Type", prefix ".handshake.extension.type", \ |
1447 | 28 | FT_UINT16, BASE_DEC, VALS(tls_hello_extension_types), 0x0, \ |
1448 | 28 | "Hello extension type", HFILL } \ |
1449 | 28 | }, \ |
1450 | 28 | { & name .hf.hs_ext_len, \ |
1451 | 28 | { "Length", prefix ".handshake.extension.len", \ |
1452 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1453 | 28 | "Length of a hello extension", HFILL } \ |
1454 | 28 | }, \ |
1455 | 28 | { & name .hf.hs_ext_data, \ |
1456 | 28 | { "Data", prefix ".handshake.extension.data", \ |
1457 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1458 | 28 | "Hello Extension data", HFILL } \ |
1459 | 28 | }, \ |
1460 | 28 | { & name .hf.hs_ext_ech_outer_ext_len, \ |
1461 | 28 | { "Outer Extensions List Length", prefix ".handshake.extensions_ech_outer_extensions_length", \ |
1462 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1463 | 28 | NULL, HFILL } \ |
1464 | 28 | }, \ |
1465 | 28 | { & name .hf.hs_ext_ech_outer_ext, \ |
1466 | 28 | { "Outer Extensions List", prefix ".handshake.extensions_ech_outer_extensions", \ |
1467 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1468 | 28 | "List of extensions derived from Outer Client Hello", HFILL } \ |
1469 | 28 | }, \ |
1470 | 28 | { & name .hf.hs_ech_confirm, \ |
1471 | 28 | { "ECH Confirmation Bytes", prefix ".handshake.ech_confirm", \ |
1472 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1473 | 28 | NULL, HFILL } \ |
1474 | 28 | }, \ |
1475 | 28 | { & name .hf.hs_ech_confirm_compute, \ |
1476 | 28 | { "Computed ECH Confirmation Bytes", prefix ".handshake.ech_confirm_compute", \ |
1477 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1478 | 28 | NULL, HFILL } \ |
1479 | 28 | }, \ |
1480 | 28 | { & name .hf.hs_ext_supported_groups_len, \ |
1481 | 28 | { "Supported Groups List Length", prefix ".handshake.extensions_supported_groups_length", \ |
1482 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1483 | 28 | NULL, HFILL } \ |
1484 | 28 | }, \ |
1485 | 28 | { & name .hf.hs_ext_supported_groups, \ |
1486 | 28 | { "Supported Groups List", prefix ".handshake.extensions_supported_groups", \ |
1487 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1488 | 28 | "List of supported groups (formerly Supported Elliptic Curves)", HFILL } \ |
1489 | 28 | }, \ |
1490 | 28 | { & name .hf.hs_ext_supported_group, \ |
1491 | 28 | { "Supported Group", prefix ".handshake.extensions_supported_group", \ |
1492 | 28 | FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \ |
1493 | 28 | NULL, HFILL } \ |
1494 | 28 | }, \ |
1495 | 28 | { & name .hf.hs_ext_ec_point_formats_len, \ |
1496 | 28 | { "EC point formats Length", prefix ".handshake.extensions_ec_point_formats_length", \ |
1497 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1498 | 28 | "Length of elliptic curves point formats field", HFILL } \ |
1499 | 28 | }, \ |
1500 | 28 | { & name .hf.hs_ext_ec_point_formats, \ |
1501 | 28 | { "EC point formats", prefix ".handshake.extensions_ec_point_formats", \ |
1502 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1503 | 28 | "List of elliptic curves point format", HFILL } \ |
1504 | 28 | }, \ |
1505 | 28 | { & name .hf.hs_ext_ec_point_format, \ |
1506 | 28 | { "EC point format", prefix ".handshake.extensions_ec_point_format", \ |
1507 | 28 | FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, \ |
1508 | 28 | "Elliptic curves point format", HFILL } \ |
1509 | 28 | }, \ |
1510 | 28 | { & name .hf.hs_ext_srp_len, \ |
1511 | 28 | { "SRP username length", prefix ".handshake.extensions_srp_len", \ |
1512 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1513 | 28 | "Length of Secure Remote Password username field", HFILL } \ |
1514 | 28 | }, \ |
1515 | 28 | { & name .hf.hs_ext_srp_username, \ |
1516 | 28 | { "SRP username", prefix ".handshake.extensions_srp_username", \ |
1517 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
1518 | 28 | "Secure Remote Password username", HFILL } \ |
1519 | 28 | }, \ |
1520 | 28 | { & name .hf.hs_ext_alpn_len, \ |
1521 | 28 | { "ALPN Extension Length", prefix ".handshake.extensions_alpn_len", \ |
1522 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1523 | 28 | "Length of the ALPN Extension", HFILL } \ |
1524 | 28 | }, \ |
1525 | 28 | { & name .hf.hs_ext_alpn_list, \ |
1526 | 28 | { "ALPN Protocol", prefix ".handshake.extensions_alpn_list", \ |
1527 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1528 | 28 | NULL, HFILL } \ |
1529 | 28 | }, \ |
1530 | 28 | { & name .hf.hs_ext_alpn_str_len, \ |
1531 | 28 | { "ALPN string length", prefix ".handshake.extensions_alpn_str_len", \ |
1532 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1533 | 28 | "Length of ALPN string", HFILL } \ |
1534 | 28 | }, \ |
1535 | 28 | { & name .hf.hs_ext_alpn_str, \ |
1536 | 28 | { "ALPN Next Protocol", prefix ".handshake.extensions_alpn_str", \ |
1537 | 28 | FT_STRING, BASE_NONE, NULL, 0x00, \ |
1538 | 28 | NULL, HFILL } \ |
1539 | 28 | }, \ |
1540 | 28 | { & name .hf.hs_ext_npn_str_len, \ |
1541 | 28 | { "Protocol string length", prefix ".handshake.extensions_npn_str_len", \ |
1542 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1543 | 28 | "Length of next protocol string", HFILL } \ |
1544 | 28 | }, \ |
1545 | 28 | { & name .hf.hs_ext_npn_str, \ |
1546 | 28 | { "Next Protocol", prefix ".handshake.extensions_npn", \ |
1547 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
1548 | 28 | NULL, HFILL } \ |
1549 | 28 | }, \ |
1550 | 28 | { & name .hf.hs_ext_reneg_info_len, \ |
1551 | 28 | { "Renegotiation info extension length", prefix ".handshake.extensions_reneg_info_len", \ |
1552 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1553 | 28 | NULL, HFILL } \ |
1554 | 28 | }, \ |
1555 | 28 | { & name .hf.hs_ext_reneg_info, \ |
1556 | 28 | { "Renegotiation info", prefix ".handshake.extensions_reneg_info",\ |
1557 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1558 | 28 | NULL, HFILL } \ |
1559 | 28 | }, \ |
1560 | 28 | { & name .hf.hs_ext_key_share_client_length, \ |
1561 | 28 | { "Client Key Share Length", prefix ".handshake.extensions_key_share_client_length", \ |
1562 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
1563 | 28 | NULL, HFILL } \ |
1564 | 28 | }, \ |
1565 | 28 | { & name .hf.hs_ext_key_share_group, \ |
1566 | 28 | { "Group", prefix ".handshake.extensions_key_share_group", \ |
1567 | 28 | FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \ |
1568 | 28 | NULL, HFILL } \ |
1569 | 28 | }, \ |
1570 | 28 | { & name .hf.hs_ext_key_share_key_exchange_length, \ |
1571 | 28 | { "Key Exchange Length", prefix ".handshake.extensions_key_share_key_exchange_length", \ |
1572 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
1573 | 28 | NULL, HFILL } \ |
1574 | 28 | }, \ |
1575 | 28 | { & name .hf.hs_ext_key_share_key_exchange, \ |
1576 | 28 | { "Key Exchange", prefix ".handshake.extensions_key_share_key_exchange", \ |
1577 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1578 | 28 | NULL, HFILL } \ |
1579 | 28 | }, \ |
1580 | 28 | { & name .hf.hs_ext_key_share_selected_group, \ |
1581 | 28 | { "Selected Group", prefix ".handshake.extensions_key_share_selected_group", \ |
1582 | 28 | FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \ |
1583 | 28 | NULL, HFILL } \ |
1584 | 28 | }, \ |
1585 | 28 | { & name .hf.hs_ext_psk_identities_length, \ |
1586 | 28 | { "Identities Length", prefix ".handshake.extensions.psk.identities.length", \ |
1587 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1588 | 28 | NULL, HFILL } \ |
1589 | 28 | }, \ |
1590 | 28 | { & name .hf.hs_ext_psk_identity_identity_length, \ |
1591 | 28 | { "Identity Length", prefix ".handshake.extensions.psk.identity.identity_length", \ |
1592 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1593 | 28 | NULL, HFILL } \ |
1594 | 28 | }, \ |
1595 | 28 | { & name .hf.hs_ext_psk_identity_identity, \ |
1596 | 28 | { "Identity", prefix ".handshake.extensions.psk.identity.identity", \ |
1597 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1598 | 28 | NULL, HFILL } \ |
1599 | 28 | }, \ |
1600 | 28 | { & name .hf.hs_ext_psk_identity_obfuscated_ticket_age, \ |
1601 | 28 | { "Obfuscated Ticket Age", prefix ".handshake.extensions.psk.identity.obfuscated_ticket_age", \ |
1602 | 28 | FT_UINT32, BASE_DEC, NULL, 0x0, \ |
1603 | 28 | NULL, HFILL } \ |
1604 | 28 | }, \ |
1605 | 28 | { & name .hf.hs_ext_psk_binders_length, \ |
1606 | 28 | { "PSK Binders length", prefix ".handshake.extensions.psk.binders_len", \ |
1607 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1608 | 28 | NULL, HFILL } \ |
1609 | 28 | }, \ |
1610 | 28 | { & name .hf.hs_ext_psk_binders, \ |
1611 | 28 | { "PSK Binders", prefix ".handshake.extensions.psk.binders", \ |
1612 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1613 | 28 | NULL, HFILL } \ |
1614 | 28 | }, \ |
1615 | 28 | { & name .hf.hs_ext_psk_binder, \ |
1616 | 28 | { "PSK Binder", prefix ".handshake.extensions.psk.binder", \ |
1617 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1618 | 28 | NULL, HFILL } \ |
1619 | 28 | }, \ |
1620 | 28 | { & name .hf.hs_ext_psk_binder_binder_length, \ |
1621 | 28 | { "Binder Length", prefix ".handshake.extensions.psk.binder.binder_length", \ |
1622 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1623 | 28 | NULL, HFILL } \ |
1624 | 28 | }, \ |
1625 | 28 | { & name .hf.hs_ext_psk_binder_binder, \ |
1626 | 28 | { "Binder", prefix ".handshake.extensions.psk.binder.binder", \ |
1627 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1628 | 28 | NULL, HFILL } \ |
1629 | 28 | }, \ |
1630 | 28 | { & name .hf.hs_ext_psk_identity_selected, \ |
1631 | 28 | { "Selected Identity", prefix ".handshake.extensions.psk.identity.selected", \ |
1632 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1633 | 28 | NULL, HFILL } \ |
1634 | 28 | }, \ |
1635 | 28 | { & name .hf.hs_ext_session_ticket, \ |
1636 | 28 | { "Session Ticket", prefix ".handshake.extensions.session_ticket", \ |
1637 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1638 | 28 | NULL, HFILL } \ |
1639 | 28 | }, \ |
1640 | 28 | { & name .hf.hs_ext_supported_versions_len, \ |
1641 | 28 | { "Supported Versions length", prefix ".handshake.extensions.supported_versions_len", \ |
1642 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1643 | 28 | NULL, HFILL } \ |
1644 | 28 | }, \ |
1645 | 28 | { & name .hf.hs_ext_supported_version, \ |
1646 | 28 | { "Supported Version", prefix ".handshake.extensions.supported_version", \ |
1647 | 28 | FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \ |
1648 | 28 | NULL, HFILL } \ |
1649 | 28 | }, \ |
1650 | 28 | { & name .hf.hs_ext_cookie_len, \ |
1651 | 28 | { "Cookie length", prefix ".handshake.extensions.cookie_len", \ |
1652 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1653 | 28 | NULL, HFILL } \ |
1654 | 28 | }, \ |
1655 | 28 | { & name .hf.hs_ext_cookie, \ |
1656 | 28 | { "Cookie", prefix ".handshake.extensions.cookie", \ |
1657 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1658 | 28 | NULL, HFILL } \ |
1659 | 28 | }, \ |
1660 | 28 | { & name .hf.hs_ext_server_name_list_len, \ |
1661 | 28 | { "Server Name list length", prefix ".handshake.extensions_server_name_list_len", \ |
1662 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1663 | 28 | "Length of server name list", HFILL } \ |
1664 | 28 | }, \ |
1665 | 28 | { & name .hf.hs_ext_server_name_len, \ |
1666 | 28 | { "Server Name length", prefix ".handshake.extensions_server_name_len", \ |
1667 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1668 | 28 | "Length of server name string", HFILL } \ |
1669 | 28 | }, \ |
1670 | 28 | { & name .hf.hs_ext_server_name_type, \ |
1671 | 28 | { "Server Name Type", prefix ".handshake.extensions_server_name_type", \ |
1672 | 28 | FT_UINT8, BASE_DEC, VALS(tls_hello_ext_server_name_type_vs), 0x0, \ |
1673 | 28 | NULL, HFILL } \ |
1674 | 28 | }, \ |
1675 | 28 | { & name .hf.hs_ext_server_name, \ |
1676 | 28 | { "Server Name", prefix ".handshake.extensions_server_name", \ |
1677 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
1678 | 28 | NULL, HFILL } \ |
1679 | 28 | }, \ |
1680 | 28 | { & name .hf.hs_ext_max_fragment_length, \ |
1681 | 28 | { "Maximum Fragment Length", prefix ".handshake.max_fragment_length", \ |
1682 | 28 | FT_UINT8, BASE_DEC, VALS(tls_hello_ext_max_fragment_length), 0x00, \ |
1683 | 28 | "Maximum fragment length that an endpoint is willing to receive", HFILL } \ |
1684 | 28 | }, \ |
1685 | 28 | { & name .hf.hs_ext_padding_data, \ |
1686 | 28 | { "Padding Data", prefix ".handshake.extensions_padding_data", \ |
1687 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1688 | 28 | "Must be zero", HFILL } \ |
1689 | 28 | }, \ |
1690 | 28 | { & name .hf.hs_ext_cert_url_type, \ |
1691 | 28 | { "Certificate Chain Type", prefix ".handshake.cert_url_type", \ |
1692 | 28 | FT_UINT8, BASE_DEC, VALS(tls_cert_chain_type), 0x0, \ |
1693 | 28 | "Certificate Chain Type for Client Certificate URL", HFILL } \ |
1694 | 28 | }, \ |
1695 | 28 | { & name .hf.hs_ext_cert_url_url_hash_list_len, \ |
1696 | 28 | { "URL and Hash list Length", prefix ".handshake.cert_url.url_hash_len", \ |
1697 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1698 | 28 | NULL, HFILL } \ |
1699 | 28 | }, \ |
1700 | 28 | { & name .hf.hs_ext_cert_url_item, \ |
1701 | 28 | { "URL and Hash", prefix ".handshake.cert_url.url_hash", \ |
1702 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1703 | 28 | NULL, HFILL } \ |
1704 | 28 | }, \ |
1705 | 28 | { & name .hf.hs_ext_cert_url_url_len, \ |
1706 | 28 | { "URL Length", prefix ".handshake.cert_url.url_len", \ |
1707 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1708 | 28 | NULL, HFILL } \ |
1709 | 28 | }, \ |
1710 | 28 | { & name .hf.hs_ext_cert_type, \ |
1711 | 28 | { "Certificate Type", prefix ".handshake.cert_type.type", \ |
1712 | 28 | FT_UINT8, BASE_HEX, VALS(tls_certificate_type), 0x0, \ |
1713 | 28 | NULL, HFILL } \ |
1714 | 28 | }, \ |
1715 | 28 | { & name .hf.hs_ext_cert_types, \ |
1716 | 28 | { "Certificate Type List", prefix ".handshake.cert_type.types", \ |
1717 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1718 | 28 | NULL, HFILL } \ |
1719 | 28 | }, \ |
1720 | 28 | { & name .hf.hs_ext_cert_types_len, \ |
1721 | 28 | { "Certificate Type List Length", prefix ".handshake.cert_type.types_len", \ |
1722 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1723 | 28 | NULL, HFILL } \ |
1724 | 28 | }, \ |
1725 | 28 | { & name .hf.hs_ext_cert_url_url, \ |
1726 | 28 | { "URL", prefix ".handshake.cert_url.url", \ |
1727 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
1728 | 28 | "URL used to fetch the certificate(s)", HFILL } \ |
1729 | 28 | }, \ |
1730 | 28 | { & name .hf.hs_ext_cert_url_padding, \ |
1731 | 28 | { "Padding", prefix ".handshake.cert_url.padding", \ |
1732 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1733 | 28 | "Padding that MUST be 0x01 for backwards compatibility", HFILL } \ |
1734 | 28 | }, \ |
1735 | 28 | { & name .hf.hs_ext_cert_url_sha1, \ |
1736 | 28 | { "SHA1 Hash", prefix ".handshake.cert_url.sha1", \ |
1737 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1738 | 28 | "SHA1 Hash of the certificate", HFILL } \ |
1739 | 28 | }, \ |
1740 | 28 | { & name .hf.hs_ext_cert_status_type, \ |
1741 | 28 | { "Certificate Status Type", prefix ".handshake.extensions_status_request_type", \ |
1742 | 28 | FT_UINT8, BASE_DEC, VALS(tls_cert_status_type), 0x0, \ |
1743 | 28 | NULL, HFILL } \ |
1744 | 28 | }, \ |
1745 | 28 | { & name .hf.hs_ext_cert_status_request_len, \ |
1746 | 28 | { "Certificate Status Length", prefix ".handshake.extensions_status_request_len", \ |
1747 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1748 | 28 | NULL, HFILL } \ |
1749 | 28 | }, \ |
1750 | 28 | { & name .hf.hs_ext_cert_status_responder_id_list_len, \ |
1751 | 28 | { "Responder ID list Length", prefix ".handshake.extensions_status_request_responder_ids_len", \ |
1752 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1753 | 28 | NULL, HFILL } \ |
1754 | 28 | }, \ |
1755 | 28 | { & name .hf.hs_ext_cert_status_request_extensions_len, \ |
1756 | 28 | { "Request Extensions Length", prefix ".handshake.extensions_status_request_exts_len", \ |
1757 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1758 | 28 | NULL, HFILL } \ |
1759 | 28 | }, \ |
1760 | 28 | { & name .hf.hs_ext_cert_status_request_list_len, \ |
1761 | 28 | { "Certificate Status List Length", prefix ".handshake.extensions_status_request_list_len", \ |
1762 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1763 | 28 | "CertificateStatusRequestItemV2 list length", HFILL } \ |
1764 | 28 | }, \ |
1765 | 28 | { & name .hf.hs_ocsp_response_list_len, \ |
1766 | 28 | { "OCSP Response List Length", prefix ".handshake.ocsp_response_list_len", \ |
1767 | 28 | FT_UINT24, BASE_DEC, NULL, 0x0, \ |
1768 | 28 | "OCSPResponseList length", HFILL } \ |
1769 | 28 | }, \ |
1770 | 28 | { & name .hf.hs_ocsp_response_len, \ |
1771 | 28 | { "OCSP Response Length", prefix ".handshake.ocsp_response_len", \ |
1772 | 28 | FT_UINT24, BASE_DEC, NULL, 0x0, \ |
1773 | 28 | NULL, HFILL } \ |
1774 | 28 | }, \ |
1775 | 28 | { & name .hf.hs_sig_hash_alg_len, \ |
1776 | 28 | { "Signature Hash Algorithms Length", prefix ".handshake.sig_hash_alg_len", \ |
1777 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1778 | 28 | "Length of Signature Hash Algorithms", HFILL } \ |
1779 | 28 | }, \ |
1780 | 28 | { & name .hf.hs_sig_hash_algs, \ |
1781 | 28 | { "Signature Algorithms", prefix ".handshake.sig_hash_algs", \ |
1782 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
1783 | 28 | "List of supported Signature Algorithms", HFILL } \ |
1784 | 28 | }, \ |
1785 | 28 | { & name .hf.hs_sig_hash_alg, \ |
1786 | 28 | { "Signature Algorithm", prefix ".handshake.sig_hash_alg", \ |
1787 | 28 | FT_UINT16, BASE_HEX, VALS(tls13_signature_algorithm), 0x0, \ |
1788 | 28 | NULL, HFILL } \ |
1789 | 28 | }, \ |
1790 | 28 | { & name .hf.hs_sig_hash_hash, \ |
1791 | 28 | { "Signature Hash Algorithm Hash", prefix ".handshake.sig_hash_hash", \ |
1792 | 28 | FT_UINT8, BASE_DEC, VALS(tls_hash_algorithm), 0x0, \ |
1793 | 28 | "Hash algorithm (TLS 1.2)", HFILL } \ |
1794 | 28 | }, \ |
1795 | 28 | { & name .hf.hs_sig_hash_sig, \ |
1796 | 28 | { "Signature Hash Algorithm Signature", prefix ".handshake.sig_hash_sig", \ |
1797 | 28 | FT_UINT8, BASE_DEC, VALS(tls_signature_algorithm), 0x0, \ |
1798 | 28 | "Signature algorithm (TLS 1.2)", HFILL } \ |
1799 | 28 | }, \ |
1800 | 28 | { & name .hf.hs_client_keyex_epms_len, \ |
1801 | 28 | { "Encrypted PreMaster length", prefix ".handshake.epms_len", \ |
1802 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1803 | 28 | "Length of encrypted PreMaster secret", HFILL } \ |
1804 | 28 | }, \ |
1805 | 28 | { & name .hf.hs_client_keyex_epms, \ |
1806 | 28 | { "Encrypted PreMaster", prefix ".handshake.epms", \ |
1807 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1808 | 28 | "Encrypted PreMaster secret", HFILL } \ |
1809 | 28 | }, \ |
1810 | 28 | { & name .hf.hs_server_keyex_modulus_len, \ |
1811 | 28 | { "Modulus Length", prefix ".handshake.modulus_len", \ |
1812 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1813 | 28 | "Length of RSA-EXPORT modulus", HFILL } \ |
1814 | 28 | }, \ |
1815 | 28 | { & name .hf.hs_server_keyex_exponent_len, \ |
1816 | 28 | { "Exponent Length", prefix ".handshake.exponent_len", \ |
1817 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1818 | 28 | "Length of RSA-EXPORT exponent", HFILL } \ |
1819 | 28 | }, \ |
1820 | 28 | { & name .hf.hs_server_keyex_sig_len, \ |
1821 | 28 | { "Signature Length", prefix ".handshake.sig_len", \ |
1822 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1823 | 28 | "Length of Signature", HFILL } \ |
1824 | 28 | }, \ |
1825 | 28 | { & name .hf.hs_server_keyex_p_len, \ |
1826 | 28 | { "p Length", prefix ".handshake.p_len", \ |
1827 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1828 | 28 | "Length of p", HFILL } \ |
1829 | 28 | }, \ |
1830 | 28 | { & name .hf.hs_server_keyex_g_len, \ |
1831 | 28 | { "g Length", prefix ".handshake.g_len", \ |
1832 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1833 | 28 | "Length of g", HFILL } \ |
1834 | 28 | }, \ |
1835 | 28 | { & name .hf.hs_server_keyex_ys_len, \ |
1836 | 28 | { "Pubkey Length", prefix ".handshake.ys_len", \ |
1837 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1838 | 28 | "Length of server's Diffie-Hellman public key", HFILL } \ |
1839 | 28 | }, \ |
1840 | 28 | { & name .hf.hs_client_keyex_yc_len, \ |
1841 | 28 | { "Pubkey Length", prefix ".handshake.yc_len", \ |
1842 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1843 | 28 | "Length of client's Diffie-Hellman public key", HFILL } \ |
1844 | 28 | }, \ |
1845 | 28 | { & name .hf.hs_client_keyex_point_len, \ |
1846 | 28 | { "Pubkey Length", prefix ".handshake.client_point_len", \ |
1847 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1848 | 28 | "Length of client's EC Diffie-Hellman public key", HFILL } \ |
1849 | 28 | }, \ |
1850 | 28 | { & name .hf.hs_server_keyex_point_len, \ |
1851 | 28 | { "Pubkey Length", prefix ".handshake.server_point_len", \ |
1852 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1853 | 28 | "Length of server's EC Diffie-Hellman public key", HFILL } \ |
1854 | 28 | }, \ |
1855 | 28 | { & name .hf.hs_server_keyex_p, \ |
1856 | 28 | { "p", prefix ".handshake.p", \ |
1857 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1858 | 28 | "Diffie-Hellman p", HFILL } \ |
1859 | 28 | }, \ |
1860 | 28 | { & name .hf.hs_server_keyex_g, \ |
1861 | 28 | { "g", prefix ".handshake.g", \ |
1862 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1863 | 28 | "Diffie-Hellman g", HFILL } \ |
1864 | 28 | }, \ |
1865 | 28 | { & name .hf.hs_server_keyex_curve_type, \ |
1866 | 28 | { "Curve Type", prefix ".handshake.server_curve_type", \ |
1867 | 28 | FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0, \ |
1868 | 28 | "Server curve_type", HFILL } \ |
1869 | 28 | }, \ |
1870 | 28 | { & name .hf.hs_server_keyex_named_curve, \ |
1871 | 28 | { "Named Curve", prefix ".handshake.server_named_curve", \ |
1872 | 28 | FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \ |
1873 | 28 | "Server named_curve", HFILL } \ |
1874 | 28 | }, \ |
1875 | 28 | { & name .hf.hs_server_keyex_ys, \ |
1876 | 28 | { "Pubkey", prefix ".handshake.ys", \ |
1877 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1878 | 28 | "Diffie-Hellman server pubkey", HFILL } \ |
1879 | 28 | }, \ |
1880 | 28 | { & name .hf.hs_client_keyex_yc, \ |
1881 | 28 | { "Pubkey", prefix ".handshake.yc", \ |
1882 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1883 | 28 | "Diffie-Hellman client pubkey", HFILL } \ |
1884 | 28 | }, \ |
1885 | 28 | { & name .hf.hs_server_keyex_point, \ |
1886 | 28 | { "Pubkey", prefix ".handshake.server_point", \ |
1887 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1888 | 28 | "EC Diffie-Hellman server pubkey", HFILL } \ |
1889 | 28 | }, \ |
1890 | 28 | { & name .hf.hs_client_keyex_point, \ |
1891 | 28 | { "Pubkey", prefix ".handshake.client_point", \ |
1892 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1893 | 28 | "EC Diffie-Hellman client pubkey", HFILL } \ |
1894 | 28 | }, \ |
1895 | 28 | { & name .hf.hs_server_keyex_xs_len, \ |
1896 | 28 | { "Pubkey Length", prefix ".handshake.xs_len", \ |
1897 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1898 | 28 | "Length of EC J-PAKE server public key", HFILL } \ |
1899 | 28 | }, \ |
1900 | 28 | { & name .hf.hs_client_keyex_xc_len, \ |
1901 | 28 | { "Pubkey Length", prefix ".handshake.xc_len", \ |
1902 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1903 | 28 | "Length of EC J-PAKE client public key", HFILL } \ |
1904 | 28 | }, \ |
1905 | 28 | { & name .hf.hs_server_keyex_xs, \ |
1906 | 28 | { "Pubkey", prefix ".handshake.xs", \ |
1907 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1908 | 28 | "EC J-PAKE server public key", HFILL } \ |
1909 | 28 | }, \ |
1910 | 28 | { & name .hf.hs_client_keyex_xc, \ |
1911 | 28 | { "Pubkey", prefix ".handshake.xc", \ |
1912 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1913 | 28 | "EC J-PAKE client public key", HFILL } \ |
1914 | 28 | }, \ |
1915 | 28 | { & name .hf.hs_server_keyex_vs_len, \ |
1916 | 28 | { "Ephemeral Pubkey Length", prefix ".handshake.vs_len", \ |
1917 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1918 | 28 | "Length of EC J-PAKE server ephemeral public key", HFILL } \ |
1919 | 28 | }, \ |
1920 | 28 | { & name .hf.hs_client_keyex_vc_len, \ |
1921 | 28 | { "Ephemeral Pubkey Length", prefix ".handshake.vc_len", \ |
1922 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1923 | 28 | "Length of EC J-PAKE client ephemeral public key", HFILL } \ |
1924 | 28 | }, \ |
1925 | 28 | { & name .hf.hs_server_keyex_vs, \ |
1926 | 28 | { "Ephemeral Pubkey", prefix ".handshake.vs", \ |
1927 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1928 | 28 | "EC J-PAKE server ephemeral public key", HFILL } \ |
1929 | 28 | }, \ |
1930 | 28 | { & name .hf.hs_client_keyex_vc, \ |
1931 | 28 | { "Ephemeral Pubkey", prefix ".handshake.vc", \ |
1932 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1933 | 28 | "EC J-PAKE client ephemeral public key", HFILL } \ |
1934 | 28 | }, \ |
1935 | 28 | { & name .hf.hs_server_keyex_rs_len, \ |
1936 | 28 | { "Schnorr signature Length", prefix ".handshake.rs_len", \ |
1937 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1938 | 28 | "Length of EC J-PAKE server Schnorr signature", HFILL } \ |
1939 | 28 | }, \ |
1940 | 28 | { & name .hf.hs_client_keyex_rc_len, \ |
1941 | 28 | { "Schnorr signature Length", prefix ".handshake.rc_len", \ |
1942 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
1943 | 28 | "Length of EC J-PAKE client Schnorr signature", HFILL } \ |
1944 | 28 | }, \ |
1945 | 28 | { & name .hf.hs_server_keyex_rs, \ |
1946 | 28 | { "Schnorr signature", prefix ".handshake.rs", \ |
1947 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1948 | 28 | "EC J-PAKE server Schnorr signature", HFILL } \ |
1949 | 28 | }, \ |
1950 | 28 | { & name .hf.hs_client_keyex_rc, \ |
1951 | 28 | { "Schnorr signature", prefix ".handshake.rc", \ |
1952 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1953 | 28 | "EC J-PAKE client Schnorr signature", HFILL } \ |
1954 | 28 | }, \ |
1955 | 28 | { & name .hf.hs_server_keyex_modulus, \ |
1956 | 28 | { "Modulus", prefix ".handshake.modulus", \ |
1957 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1958 | 28 | "RSA-EXPORT modulus", HFILL } \ |
1959 | 28 | }, \ |
1960 | 28 | { & name .hf.hs_server_keyex_exponent, \ |
1961 | 28 | { "Exponent", prefix ".handshake.exponent", \ |
1962 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1963 | 28 | "RSA-EXPORT exponent", HFILL } \ |
1964 | 28 | }, \ |
1965 | 28 | { & name .hf.hs_server_keyex_sig, \ |
1966 | 28 | { "Signature", prefix ".handshake.sig", \ |
1967 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1968 | 28 | "Diffie-Hellman server signature", HFILL } \ |
1969 | 28 | }, \ |
1970 | 28 | { & name .hf.hs_server_keyex_hint_len, \ |
1971 | 28 | { "Hint Length", prefix ".handshake.hint_len", \ |
1972 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1973 | 28 | "Length of PSK Hint", HFILL } \ |
1974 | 28 | }, \ |
1975 | 28 | { & name .hf.hs_server_keyex_hint, \ |
1976 | 28 | { "Hint", prefix ".handshake.hint", \ |
1977 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1978 | 28 | "PSK Hint", HFILL } \ |
1979 | 28 | }, \ |
1980 | 28 | { & name .hf.hs_client_keyex_identity_len, \ |
1981 | 28 | { "Identity Length", prefix ".handshake.identity_len", \ |
1982 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
1983 | 28 | "Length of PSK Identity", HFILL } \ |
1984 | 28 | }, \ |
1985 | 28 | { & name .hf.hs_client_keyex_identity, \ |
1986 | 28 | { "Identity", prefix ".handshake.identity", \ |
1987 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
1988 | 28 | "PSK Identity", HFILL } \ |
1989 | 28 | }, \ |
1990 | 28 | { & name .hf.hs_ext_heartbeat_mode, \ |
1991 | 28 | { "Mode", prefix ".handshake.extension.heartbeat.mode", \ |
1992 | 28 | FT_UINT8, BASE_DEC, VALS(tls_heartbeat_mode), 0x0, \ |
1993 | 28 | "Heartbeat extension mode", HFILL } \ |
1994 | 28 | }, \ |
1995 | 28 | { & name .hf.hs_certificates_len, \ |
1996 | 28 | { "Certificates Length", prefix ".handshake.certificates_length", \ |
1997 | 28 | FT_UINT24, BASE_DEC, NULL, 0x0, \ |
1998 | 28 | "Length of certificates field", HFILL } \ |
1999 | 28 | }, \ |
2000 | 28 | { & name .hf.hs_certificates, \ |
2001 | 28 | { "Certificates", prefix ".handshake.certificates", \ |
2002 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2003 | 28 | "List of certificates", HFILL } \ |
2004 | 28 | }, \ |
2005 | 28 | { & name .hf.hs_certificate, \ |
2006 | 28 | { "Certificate", prefix ".handshake.certificate", \ |
2007 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2008 | 28 | NULL, HFILL } \ |
2009 | 28 | }, \ |
2010 | 28 | { & name .hf.hs_certificate_len, \ |
2011 | 28 | { "Certificate Length", prefix ".handshake.certificate_length", \ |
2012 | 28 | FT_UINT24, BASE_DEC, NULL, 0x0, \ |
2013 | 28 | "Length of certificate", HFILL } \ |
2014 | 28 | }, \ |
2015 | 28 | { & name .hf.hs_cert_types_count, \ |
2016 | 28 | { "Certificate types count", prefix ".handshake.cert_types_count",\ |
2017 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2018 | 28 | "Count of certificate types", HFILL } \ |
2019 | 28 | }, \ |
2020 | 28 | { & name .hf.hs_cert_types, \ |
2021 | 28 | { "Certificate types", prefix ".handshake.cert_types", \ |
2022 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2023 | 28 | "List of certificate types", HFILL } \ |
2024 | 28 | }, \ |
2025 | 28 | { & name .hf.hs_cert_type, \ |
2026 | 28 | { "Certificate type", prefix ".handshake.cert_type", \ |
2027 | 28 | FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0, \ |
2028 | 28 | NULL, HFILL } \ |
2029 | 28 | }, \ |
2030 | 28 | { & name .hf.hs_dnames_len, \ |
2031 | 28 | { "Distinguished Names Length", prefix ".handshake.dnames_len", \ |
2032 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2033 | 28 | "Length of list of CAs that server trusts", HFILL } \ |
2034 | 28 | }, \ |
2035 | 28 | { & name .hf.hs_dnames, \ |
2036 | 28 | { "Distinguished Names", prefix ".handshake.dnames", \ |
2037 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2038 | 28 | "List of CAs that server trusts", HFILL } \ |
2039 | 28 | }, \ |
2040 | 28 | { & name .hf.hs_dname_len, \ |
2041 | 28 | { "Distinguished Name Length", prefix ".handshake.dname_len", \ |
2042 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2043 | 28 | "Length of distinguished name", HFILL } \ |
2044 | 28 | }, \ |
2045 | 28 | { & name .hf.hs_dnames_truncated, \ |
2046 | 28 | { "Tree view truncated", prefix ".handshake.dnames_truncated", \ |
2047 | 28 | FT_NONE, BASE_NONE, NULL, 0x00, \ |
2048 | 28 | "Some Distinguished Names are not added to tree pane to limit resources", HFILL } \ |
2049 | 28 | }, \ |
2050 | 28 | { & name .hf.hs_dname, \ |
2051 | 28 | { "Distinguished Name", prefix ".handshake.dname", \ |
2052 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2053 | 28 | "Distinguished name of a CA that server trusts", HFILL } \ |
2054 | 28 | }, \ |
2055 | 28 | { & name .hf.hs_random, \ |
2056 | 28 | { "Random", prefix ".handshake.random", \ |
2057 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2058 | 28 | "Random values used for deriving keys", HFILL } \ |
2059 | 28 | }, \ |
2060 | 28 | { & name .hf.hs_random_time, \ |
2061 | 28 | { "GMT Unix Time", prefix ".handshake.random_time", \ |
2062 | 28 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, \ |
2063 | 28 | "Unix time field of random structure", HFILL } \ |
2064 | 28 | }, \ |
2065 | 28 | { & name .hf.hs_random_bytes, \ |
2066 | 28 | { "Random Bytes", prefix ".handshake.random_bytes", \ |
2067 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2068 | 28 | "Random values used for deriving keys", HFILL } \ |
2069 | 28 | }, \ |
2070 | 28 | { & name .hf.hs_session_id, \ |
2071 | 28 | { "Session ID", prefix ".handshake.session_id", \ |
2072 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2073 | 28 | "Identifies the SSL session, allowing later resumption", HFILL }\ |
2074 | 28 | }, \ |
2075 | 28 | { & name .hf.hs_session_id_len, \ |
2076 | 28 | { "Session ID Length", prefix ".handshake.session_id_length", \ |
2077 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2078 | 28 | "Length of Session ID field", HFILL } \ |
2079 | 28 | }, \ |
2080 | 28 | { & name .hf.hs_client_version, \ |
2081 | 28 | { "Version", prefix ".handshake.version", \ |
2082 | 28 | FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \ |
2083 | 28 | "Maximum version supported by client [legacy_version if supported_versions ext is present]", HFILL } \ |
2084 | 28 | }, \ |
2085 | 28 | { & name .hf.hs_server_version, \ |
2086 | 28 | { "Version", prefix ".handshake.version", \ |
2087 | 28 | FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \ |
2088 | 28 | "Version selected by server [legacy_version if supported_versions ext is present]", HFILL } \ |
2089 | 28 | }, \ |
2090 | 28 | { & name .hf.hs_cipher_suites_len, \ |
2091 | 28 | { "Cipher Suites Length", prefix ".handshake.cipher_suites_length", \ |
2092 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2093 | 28 | "Length of cipher suites field", HFILL } \ |
2094 | 28 | }, \ |
2095 | 28 | { & name .hf.hs_cipher_suites, \ |
2096 | 28 | { "Cipher Suites", prefix ".handshake.ciphersuites", \ |
2097 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2098 | 28 | "List of cipher suites supported by client", HFILL } \ |
2099 | 28 | }, \ |
2100 | 28 | { & name .hf.hs_cipher_suite, \ |
2101 | 28 | { "Cipher Suite", prefix ".handshake.ciphersuite", \ |
2102 | 28 | FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0, \ |
2103 | 28 | NULL, HFILL } \ |
2104 | 28 | }, \ |
2105 | 28 | { & name .hf.hs_comp_methods_len, \ |
2106 | 28 | { "Compression Methods Length", prefix ".handshake.comp_methods_length", \ |
2107 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2108 | 28 | "Length of compression methods field", HFILL } \ |
2109 | 28 | }, \ |
2110 | 28 | { & name .hf.hs_comp_methods, \ |
2111 | 28 | { "Compression Methods", prefix ".handshake.comp_methods", \ |
2112 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2113 | 28 | "List of compression methods supported by client", HFILL } \ |
2114 | 28 | }, \ |
2115 | 28 | { & name .hf.hs_comp_method, \ |
2116 | 28 | { "Compression Method", prefix ".handshake.comp_method", \ |
2117 | 28 | FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0, \ |
2118 | 28 | NULL, HFILL } \ |
2119 | 28 | }, \ |
2120 | 28 | { & name .hf.hs_session_ticket_lifetime_hint, \ |
2121 | 28 | { "Session Ticket Lifetime Hint", \ |
2122 | 28 | prefix ".handshake.session_ticket_lifetime_hint", \ |
2123 | 28 | FT_UINT32, BASE_DEC|BASE_UNIT_STRING, UNS(&units_second_seconds), 0x0, \ |
2124 | 28 | "New Session Ticket Lifetime Hint", HFILL } \ |
2125 | 28 | }, \ |
2126 | 28 | { & name .hf.hs_session_ticket_age_add, \ |
2127 | 28 | { "Session Ticket Age Add", \ |
2128 | 28 | prefix ".handshake.session_ticket_age_add", \ |
2129 | 28 | FT_UINT32, BASE_DEC, NULL, 0x0, \ |
2130 | 28 | "Random 32-bit value to obscure age of ticket", HFILL } \ |
2131 | 28 | }, \ |
2132 | 28 | { & name .hf.hs_session_ticket_nonce_len, \ |
2133 | 28 | { "Session Ticket Nonce Length", prefix ".handshake.session_ticket_nonce_length", \ |
2134 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2135 | 28 | NULL, HFILL } \ |
2136 | 28 | }, \ |
2137 | 28 | { & name .hf.hs_session_ticket_nonce, \ |
2138 | 28 | { "Session Ticket Nonce", prefix ".handshake.session_ticket_nonce", \ |
2139 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2140 | 28 | "A unique per-ticket value", HFILL } \ |
2141 | 28 | }, \ |
2142 | 28 | { & name .hf.hs_session_ticket_len, \ |
2143 | 28 | { "Session Ticket Length", prefix ".handshake.session_ticket_length", \ |
2144 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2145 | 28 | "New Session Ticket Length", HFILL } \ |
2146 | 28 | }, \ |
2147 | 28 | { & name .hf.hs_session_ticket, \ |
2148 | 28 | { "Session Ticket", prefix ".handshake.session_ticket", \ |
2149 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2150 | 28 | "New Session Ticket", HFILL } \ |
2151 | 28 | }, \ |
2152 | 28 | { & name .hf.hs_finished, \ |
2153 | 28 | { "Verify Data", prefix ".handshake.verify_data", \ |
2154 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2155 | 28 | "Opaque verification data", HFILL } \ |
2156 | 28 | }, \ |
2157 | 28 | { & name .hf.hs_client_cert_vrfy_sig_len, \ |
2158 | 28 | { "Signature length", prefix ".handshake.client_cert_vrfy.sig_len", \ |
2159 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2160 | 28 | "Length of CertificateVerify's signature", HFILL } \ |
2161 | 28 | }, \ |
2162 | 28 | { & name .hf.hs_client_cert_vrfy_sig, \ |
2163 | 28 | { "Signature", prefix ".handshake.client_cert_vrfy.sig", \ |
2164 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2165 | 28 | "CertificateVerify's signature", HFILL } \ |
2166 | 28 | }, \ |
2167 | 28 | { & name .hf.hs_ja3_full, \ |
2168 | 28 | { "JA3 Fullstring", prefix ".handshake.ja3_full", \ |
2169 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
2170 | 28 | NULL, HFILL } \ |
2171 | 28 | }, \ |
2172 | 28 | { & name .hf.hs_ja3_hash, \ |
2173 | 28 | { "JA3", prefix ".handshake.ja3", \ |
2174 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
2175 | 28 | NULL, HFILL } \ |
2176 | 28 | }, \ |
2177 | 28 | { & name .hf.hs_ja3s_full, \ |
2178 | 28 | { "JA3S Fullstring", prefix ".handshake.ja3s_full", \ |
2179 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
2180 | 28 | NULL, HFILL } \ |
2181 | 28 | }, \ |
2182 | 28 | { & name .hf.hs_ja3s_hash, \ |
2183 | 28 | { "JA3S", prefix ".handshake.ja3s", \ |
2184 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
2185 | 28 | NULL, HFILL } \ |
2186 | 28 | }, \ |
2187 | 28 | { & name .hf.hs_ja4, \ |
2188 | 28 | { "JA4", prefix ".handshake.ja4", \ |
2189 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
2190 | 28 | NULL, HFILL } \ |
2191 | 28 | }, \ |
2192 | 28 | { & name .hf.hs_ja4_r, \ |
2193 | 28 | { "JA4_r", prefix ".handshake.ja4_r", \ |
2194 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
2195 | 28 | NULL, HFILL } \ |
2196 | 28 | }, \ |
2197 | 28 | { & name .hf.hs_ext_psk_ke_modes_length, \ |
2198 | 28 | { "PSK Key Exchange Modes Length", prefix ".extension.psk_ke_modes_length", \ |
2199 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2200 | 28 | NULL, HFILL } \ |
2201 | 28 | }, \ |
2202 | 28 | { & name .hf.hs_ext_psk_ke_mode, \ |
2203 | 28 | { "PSK Key Exchange Mode", prefix ".extension.psk_ke_mode", \ |
2204 | 28 | FT_UINT8, BASE_DEC, VALS(tls_hello_ext_psk_ke_mode), 0x0, \ |
2205 | 28 | "Key exchange modes where the client supports use of PSKs", HFILL } \ |
2206 | 28 | }, \ |
2207 | 28 | { & name .hf.hs_certificate_request_context_length, \ |
2208 | 28 | { "Certificate Request Context Length", prefix ".handshake.certificate_request_context_length", \ |
2209 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2210 | 28 | NULL, HFILL } \ |
2211 | 28 | }, \ |
2212 | 28 | { & name .hf.hs_certificate_request_context, \ |
2213 | 28 | { "Certificate Request Context", prefix ".handshake.certificate_request_context", \ |
2214 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2215 | 28 | "Value from CertificateRequest or empty for server auth", HFILL } \ |
2216 | 28 | }, \ |
2217 | 28 | { & name .hf.hs_key_update_request_update, \ |
2218 | 28 | { "Key Update Request", prefix ".handshake.key_update.request_update", \ |
2219 | 28 | FT_UINT8, BASE_DEC, VALS(tls13_key_update_request), 0x00, \ |
2220 | 28 | "Whether the receiver should also update its keys", HFILL } \ |
2221 | 28 | }, \ |
2222 | 28 | { & name .hf.sct_scts_length, \ |
2223 | 28 | { "Serialized SCT List Length", prefix ".sct.scts_length", \ |
2224 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2225 | 28 | NULL, HFILL } \ |
2226 | 28 | }, \ |
2227 | 28 | { & name .hf.sct_sct_length, \ |
2228 | 28 | { "Serialized SCT Length", prefix ".sct.sct_length", \ |
2229 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2230 | 28 | NULL, HFILL } \ |
2231 | 28 | }, \ |
2232 | 28 | { & name .hf.sct_sct_version, \ |
2233 | 28 | { "SCT Version", prefix ".sct.sct_version", \ |
2234 | 28 | FT_UINT8, BASE_DEC, NULL, 0x00, \ |
2235 | 28 | "SCT Protocol version (v1 (0) is defined in RFC 6962)", HFILL } \ |
2236 | 28 | }, \ |
2237 | 28 | { & name .hf.sct_sct_logid, \ |
2238 | 28 | { "Log ID", prefix ".sct.sct_logid", \ |
2239 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2240 | 28 | "SHA-256 hash of log's public key", HFILL } \ |
2241 | 28 | }, \ |
2242 | 28 | { & name .hf.sct_sct_timestamp, \ |
2243 | 28 | { "Timestamp", prefix ".sct.sct_timestamp", \ |
2244 | 28 | FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x00, \ |
2245 | 28 | "Timestamp of issuance", HFILL } \ |
2246 | 28 | }, \ |
2247 | 28 | { & name .hf.sct_sct_extensions_length, \ |
2248 | 28 | { "Extensions length", prefix ".sct.sct_extensions_length", \ |
2249 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2250 | 28 | "Length of future extensions to this protocol (currently none)", HFILL } \ |
2251 | 28 | }, \ |
2252 | 28 | { & name .hf.sct_sct_extensions, \ |
2253 | 28 | { "Extensions", prefix ".sct.sct_extensions", \ |
2254 | 28 | FT_NONE, BASE_NONE, NULL, 0x00, \ |
2255 | 28 | "Future extensions to this protocol (currently none)", HFILL } \ |
2256 | 28 | }, \ |
2257 | 28 | { & name .hf.sct_sct_signature_length, \ |
2258 | 28 | { "Signature Length", prefix ".sct.sct_signature_length", \ |
2259 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2260 | 28 | NULL, HFILL } \ |
2261 | 28 | }, \ |
2262 | 28 | { & name .hf.sct_sct_signature, \ |
2263 | 28 | { "Signature", prefix ".sct.sct_signature", \ |
2264 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2265 | 28 | NULL, HFILL } \ |
2266 | 28 | }, \ |
2267 | 28 | { & name .hf.hs_ext_max_early_data_size, \ |
2268 | 28 | { "Maximum Early Data Size", prefix ".early_data.max_early_data_size", \ |
2269 | 28 | FT_UINT32, BASE_DEC, NULL, 0x00, \ |
2270 | 28 | "Maximum amount of 0-RTT data that the client may send", HFILL } \ |
2271 | 28 | }, \ |
2272 | 28 | { & name .hf.hs_ext_oid_filters_length, \ |
2273 | 28 | { "OID Filters Length", prefix ".extension.oid_filters_length", \ |
2274 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2275 | 28 | NULL, HFILL } \ |
2276 | 28 | }, \ |
2277 | 28 | { & name .hf.hs_ext_oid_filters_oid_length, \ |
2278 | 28 | { "Certificate Extension OID Length", prefix ".extension.oid_filters.oid_length", \ |
2279 | 28 | FT_UINT8, BASE_DEC, NULL, 0x00, \ |
2280 | 28 | NULL, HFILL } \ |
2281 | 28 | }, \ |
2282 | 28 | { & name .hf.hs_ext_oid_filters_oid, \ |
2283 | 28 | { "Certificate Extension OID", prefix ".extension.oid_filters.oid", \ |
2284 | 28 | FT_OID, BASE_NONE, NULL, 0x00, \ |
2285 | 28 | NULL, HFILL } \ |
2286 | 28 | }, \ |
2287 | 28 | { & name .hf.hs_ext_oid_filters_values_length, \ |
2288 | 28 | { "Certificate Extension Values Length", prefix ".extension.oid_filters.values_length", \ |
2289 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2290 | 28 | NULL, HFILL } \ |
2291 | 28 | }, \ |
2292 | 28 | { & name .hf.hs_cred_valid_time, \ |
2293 | 28 | { "Valid Time", prefix ".handshake.cred.valid_time", \ |
2294 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2295 | 28 | "Delegated Credentials Valid Time", HFILL } \ |
2296 | 28 | }, \ |
2297 | 28 | { & name .hf.hs_cred_pubkey, \ |
2298 | 28 | { "Subject Public Key Info", prefix ".handshake.cred.pubkey", \ |
2299 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2300 | 28 | "Delegated Credentials Subject Public Key Info", HFILL } \ |
2301 | 28 | }, \ |
2302 | 28 | { & name .hf.hs_cred_pubkey_len, \ |
2303 | 28 | { "Subject Public Key Info Length", prefix ".handshake.cred.pubkey_len", \ |
2304 | 28 | FT_UINT24, BASE_DEC, NULL, 0x0, \ |
2305 | 28 | "Delegated Credentials Subject Public Key Info Length", HFILL } \ |
2306 | 28 | }, \ |
2307 | 28 | { & name .hf.hs_cred_signature, \ |
2308 | 28 | { "Signature", prefix ".handshake.cred.signature", \ |
2309 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2310 | 28 | "Delegated Credentials Signature", HFILL } \ |
2311 | 28 | }, \ |
2312 | 28 | { & name .hf.hs_cred_signature_len, \ |
2313 | 28 | { "Signature Length", prefix ".handshake.cred.signature_len", \ |
2314 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2315 | 28 | "Delegated Credentials Signature Length", HFILL } \ |
2316 | 28 | }, \ |
2317 | 28 | { & name .hf.hs_ext_compress_certificate_algorithms_length, \ |
2318 | 28 | { "Algorithms Length", prefix ".compress_certificate.algorithms_length", \ |
2319 | 28 | FT_UINT8, BASE_DEC, NULL, 0x00, \ |
2320 | 28 | NULL, HFILL } \ |
2321 | 28 | }, \ |
2322 | 28 | { & name .hf.hs_ext_compress_certificate_algorithm, \ |
2323 | 28 | { "Algorithm", prefix ".compress_certificate.algorithm", \ |
2324 | 28 | FT_UINT16, BASE_DEC, VALS(compress_certificate_algorithm_vals), 0x00, \ |
2325 | 28 | NULL, HFILL } \ |
2326 | 28 | }, \ |
2327 | 28 | { & name .hf.hs_ext_compress_certificate_uncompressed_length, \ |
2328 | 28 | { "Uncompressed Length", prefix ".compress_certificate.uncompressed_length", \ |
2329 | 28 | FT_UINT24, BASE_DEC, NULL, 0x00, \ |
2330 | 28 | NULL, HFILL } \ |
2331 | 28 | }, \ |
2332 | 28 | { & name .hf.hs_ext_compress_certificate_compressed_certificate_message_length, \ |
2333 | 28 | { "Length", prefix ".compress_certificate.compressed_certificate_message.length", \ |
2334 | 28 | FT_UINT24, BASE_DEC, NULL, 0x00, \ |
2335 | 28 | NULL, HFILL } \ |
2336 | 28 | }, \ |
2337 | 28 | { & name .hf.hs_ext_compress_certificate_compressed_certificate_message, \ |
2338 | 28 | { "Compressed Certificate Message", prefix ".compress_certificate.compressed_certificate_message", \ |
2339 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2340 | 28 | NULL, HFILL } \ |
2341 | 28 | }, \ |
2342 | 28 | { & name .hf.hs_ext_token_binding_version_major, \ |
2343 | 28 | { "Protocol Major Version", prefix ".token_binding.version_major", \ |
2344 | 28 | FT_UINT8, BASE_HEX, NULL, 0x00, \ |
2345 | 28 | "Major version of the Token Binding protocol", HFILL } \ |
2346 | 28 | }, \ |
2347 | 28 | { & name .hf.hs_ext_token_binding_version_minor, \ |
2348 | 28 | { "Protocol Minor Version", prefix ".token_binding.version_minor", \ |
2349 | 28 | FT_UINT8, BASE_HEX, NULL, 0x00, \ |
2350 | 28 | "Minor version of the Token Binding protocol", HFILL } \ |
2351 | 28 | }, \ |
2352 | 28 | { & name .hf.hs_ext_token_binding_key_parameters, \ |
2353 | 28 | { "Key Parameters", prefix ".token_binding.key_parameters", \ |
2354 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2355 | 28 | NULL, HFILL } \ |
2356 | 28 | }, \ |
2357 | 28 | { & name .hf.hs_ext_token_binding_key_parameters_length, \ |
2358 | 28 | { "Key Parameters Length", prefix ".token_binding.key_parameters_length", \ |
2359 | 28 | FT_UINT8, BASE_DEC, NULL, 0x00, \ |
2360 | 28 | "Length of the key parameters list", HFILL } \ |
2361 | 28 | }, \ |
2362 | 28 | { & name .hf.hs_ext_token_binding_key_parameter, \ |
2363 | 28 | { "Key Parameter", prefix ".token_binding.key_parameter", \ |
2364 | 28 | FT_UINT8, BASE_DEC, VALS(token_binding_key_parameter_vals), 0x00, \ |
2365 | 28 | "Identifier of the Token Binding key parameter", HFILL } \ |
2366 | 28 | }, \ |
2367 | 28 | { & name .hf.hs_ext_record_size_limit, \ |
2368 | 28 | { "Record Size Limit", prefix ".record_size_limit", \ |
2369 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2370 | 28 | "Maximum record size that an endpoint is willing to receive", HFILL } \ |
2371 | 28 | }, \ |
2372 | 28 | { & name .hf.hs_ext_quictp_len, \ |
2373 | 28 | { "Parameters Length", prefix ".quic.len", \ |
2374 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2375 | 28 | NULL, HFILL } \ |
2376 | 28 | }, \ |
2377 | 28 | { & name .hf.hs_ext_quictp_parameter, \ |
2378 | 28 | { "Parameter", prefix ".quic.parameter", \ |
2379 | 28 | FT_NONE, BASE_NONE, NULL, 0x00, \ |
2380 | 28 | NULL, HFILL } \ |
2381 | 28 | }, \ |
2382 | 28 | { & name .hf.hs_ext_quictp_parameter_type, \ |
2383 | 28 | { "Type", prefix ".quic.parameter.type", \ |
2384 | 28 | FT_UINT64, BASE_CUSTOM, CF_FUNC(quic_transport_parameter_id_base_custom), 0x00, \ |
2385 | 28 | NULL, HFILL } \ |
2386 | 28 | }, \ |
2387 | 28 | { & name .hf.hs_ext_quictp_parameter_len, \ |
2388 | 28 | { "Length", prefix ".quic.parameter.length", \ |
2389 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2390 | 28 | NULL, HFILL } \ |
2391 | 28 | }, \ |
2392 | 28 | { & name .hf.hs_ext_quictp_parameter_len_old, \ |
2393 | 28 | { "Length", prefix ".quic.parameter.length.old", \ |
2394 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2395 | 28 | NULL, HFILL } \ |
2396 | 28 | }, \ |
2397 | 28 | { & name .hf.hs_ext_quictp_parameter_value, \ |
2398 | 28 | { "Value", prefix ".quic.parameter.value", \ |
2399 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2400 | 28 | NULL, HFILL } \ |
2401 | 28 | }, \ |
2402 | 28 | { & name .hf.hs_ext_quictp_parameter_original_destination_connection_id, \ |
2403 | 28 | { "original_destination_connection_id", prefix ".quic.parameter.original_destination_connection_id", \ |
2404 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2405 | 28 | "Destination Connection ID from the first Initial packet sent by the client", HFILL } \ |
2406 | 28 | }, \ |
2407 | 28 | { & name .hf.hs_ext_quictp_parameter_max_idle_timeout, \ |
2408 | 28 | { "max_idle_timeout", prefix ".quic.parameter.max_idle_timeout", \ |
2409 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2410 | 28 | "In milliseconds", HFILL } \ |
2411 | 28 | }, \ |
2412 | 28 | { & name .hf.hs_ext_quictp_parameter_stateless_reset_token, \ |
2413 | 28 | { "stateless_reset_token", prefix ".quic.parameter.stateless_reset_token", \ |
2414 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2415 | 28 | "Used in verifying a stateless reset", HFILL } \ |
2416 | 28 | }, \ |
2417 | 28 | { & name .hf.hs_ext_quictp_parameter_max_udp_payload_size, \ |
2418 | 28 | { "max_udp_payload_size", prefix ".quic.parameter.max_udp_payload_size", \ |
2419 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2420 | 28 | "Maximum UDP payload size that the endpoint is willing to receive", HFILL } \ |
2421 | 28 | }, \ |
2422 | 28 | { & name .hf.hs_ext_quictp_parameter_initial_max_data, \ |
2423 | 28 | { "initial_max_data", prefix ".quic.parameter.initial_max_data", \ |
2424 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2425 | 28 | "Contains the initial value for the maximum amount of data that can be sent on the connection", HFILL } \ |
2426 | 28 | }, \ |
2427 | 28 | { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_local, \ |
2428 | 28 | { "initial_max_stream_data_bidi_local", prefix ".quic.parameter.initial_max_stream_data_bidi_local", \ |
2429 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2430 | 28 | "Initial stream maximum data for bidirectional, locally-initiated streams", HFILL } \ |
2431 | 28 | }, \ |
2432 | 28 | { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote, \ |
2433 | 28 | { "initial_max_stream_data_bidi_remote", prefix ".quic.parameter.initial_max_stream_data_bidi_remote", \ |
2434 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2435 | 28 | "Initial stream maximum data for bidirectional, peer-initiated streams", HFILL } \ |
2436 | 28 | }, \ |
2437 | 28 | { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_uni, \ |
2438 | 28 | { "initial_max_stream_data_uni", prefix ".quic.parameter.initial_max_stream_data_uni", \ |
2439 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2440 | 28 | "Initial stream maximum data for unidirectional streams parameter", HFILL } \ |
2441 | 28 | }, \ |
2442 | 28 | { & name .hf.hs_ext_quictp_parameter_initial_max_streams_bidi, \ |
2443 | 28 | { "initial_max_streams_bidi", prefix ".quic.parameter.initial_max_streams_bidi", \ |
2444 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2445 | 28 | "Initial maximum number of application-owned bidirectional streams", HFILL } \ |
2446 | 28 | }, \ |
2447 | 28 | { & name .hf.hs_ext_quictp_parameter_initial_max_streams_uni, \ |
2448 | 28 | { "initial_max_streams_uni", prefix ".quic.parameter.initial_max_streams_uni", \ |
2449 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2450 | 28 | "Initial maximum number of application-owned unidirectional streams", HFILL } \ |
2451 | 28 | }, \ |
2452 | 28 | { & name .hf.hs_ext_quictp_parameter_ack_delay_exponent, \ |
2453 | 28 | { "ack_delay_exponent", prefix ".quic.parameter.ack_delay_exponent", \ |
2454 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2455 | 28 | "Indicating an exponent used to decode the ACK Delay field in the ACK frame,", HFILL } \ |
2456 | 28 | }, \ |
2457 | 28 | { & name .hf.hs_ext_quictp_parameter_max_ack_delay, \ |
2458 | 28 | { "max_ack_delay", prefix ".quic.parameter.max_ack_delay", \ |
2459 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2460 | 28 | "Indicating the maximum amount of time in milliseconds by which it will delay sending of acknowledgments", HFILL } \ |
2461 | 28 | }, \ |
2462 | 28 | { & name .hf.hs_ext_quictp_parameter_pa_ipv4address, \ |
2463 | 28 | { "ipv4Address", prefix ".quic.parameter.preferred_address.ipv4address", \ |
2464 | 28 | FT_IPv4, BASE_NONE, NULL, 0x00, \ |
2465 | 28 | NULL, HFILL } \ |
2466 | 28 | }, \ |
2467 | 28 | { & name .hf.hs_ext_quictp_parameter_pa_ipv6address, \ |
2468 | 28 | { "ipv6Address", prefix ".quic.parameter.preferred_address.ipv6address", \ |
2469 | 28 | FT_IPv6, BASE_NONE, NULL, 0x00, \ |
2470 | 28 | NULL, HFILL } \ |
2471 | 28 | }, \ |
2472 | 28 | { & name .hf.hs_ext_quictp_parameter_pa_ipv4port, \ |
2473 | 28 | { "ipv4Port", prefix ".quic.parameter.preferred_address.ipv4port", \ |
2474 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2475 | 28 | NULL, HFILL } \ |
2476 | 28 | }, \ |
2477 | 28 | { & name .hf.hs_ext_quictp_parameter_pa_ipv6port, \ |
2478 | 28 | { "ipv6Port", prefix ".quic.parameter.preferred_address.ipv6port", \ |
2479 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2480 | 28 | NULL, HFILL } \ |
2481 | 28 | }, \ |
2482 | 28 | { & name .hf.hs_ext_quictp_parameter_pa_connectionid_length, \ |
2483 | 28 | { "Length", prefix ".quic.parameter.preferred_address.connectionid.length", \ |
2484 | 28 | FT_UINT8, BASE_DEC, NULL, 0x00, \ |
2485 | 28 | "Length of connectionId Field", HFILL } \ |
2486 | 28 | }, \ |
2487 | 28 | { & name .hf.hs_ext_quictp_parameter_pa_connectionid, \ |
2488 | 28 | { "connectionId", prefix ".quic.parameter.preferred_address.connectionid", \ |
2489 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2490 | 28 | NULL, HFILL } \ |
2491 | 28 | }, \ |
2492 | 28 | { & name .hf.hs_ext_quictp_parameter_pa_statelessresettoken, \ |
2493 | 28 | { "statelessResetToken", prefix ".quic.parameter.preferred_address.statelessresettoken", \ |
2494 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2495 | 28 | NULL, HFILL } \ |
2496 | 28 | }, \ |
2497 | 28 | { & name .hf.hs_ext_quictp_parameter_active_connection_id_limit, \ |
2498 | 28 | { "Active Connection ID Limit", prefix ".quic.parameter.active_connection_id_limit", \ |
2499 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2500 | 28 | NULL, HFILL } \ |
2501 | 28 | }, \ |
2502 | 28 | { & name .hf.hs_ext_quictp_parameter_initial_source_connection_id, \ |
2503 | 28 | { "Initial Source Connection ID", prefix ".quic.parameter.initial_source_connection_id", \ |
2504 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2505 | 28 | NULL, HFILL } \ |
2506 | 28 | }, \ |
2507 | 28 | { & name .hf.hs_ext_quictp_parameter_retry_source_connection_id, \ |
2508 | 28 | { "Retry Source Connection ID", prefix ".quic.parameter.retry_source_connection_id", \ |
2509 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2510 | 28 | NULL, HFILL } \ |
2511 | 28 | }, \ |
2512 | 28 | { & name .hf.hs_ext_quictp_parameter_max_datagram_frame_size, \ |
2513 | 28 | { "max_datagram_frame_size", prefix ".quic.parameter.max_datagram_frame_size", \ |
2514 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2515 | 28 | NULL, HFILL } \ |
2516 | 28 | }, \ |
2517 | 28 | { & name .hf.hs_ext_quictp_parameter_cibir_encoding_length, \ |
2518 | 28 | { "length", prefix ".quic.parameter.cibir_encoding.length", \ |
2519 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2520 | 28 | NULL, HFILL } \ |
2521 | 28 | }, \ |
2522 | 28 | { & name .hf.hs_ext_quictp_parameter_cibir_encoding_offset, \ |
2523 | 28 | { "offset", prefix ".quic.parameter.cibir_encoding.offset", \ |
2524 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2525 | 28 | NULL, HFILL } \ |
2526 | 28 | }, \ |
2527 | 28 | { & name .hf.hs_ext_quictp_parameter_loss_bits, \ |
2528 | 28 | { "loss_bits", prefix ".quic.parameter.loss_bits", \ |
2529 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2530 | 28 | NULL, HFILL } \ |
2531 | 28 | }, \ |
2532 | 28 | { & name .hf.hs_ext_quictp_parameter_address_discovery, \ |
2533 | 28 | { "address_discovery", prefix ".quic.parameter.address_discovery", \ |
2534 | 28 | FT_UINT64, BASE_DEC|BASE_VAL64_STRING, VALS64(quic_address_discovery_vals), 0x00, \ |
2535 | 28 | NULL, HFILL } \ |
2536 | 28 | }, \ |
2537 | 28 | { & name .hf.hs_ext_quictp_parameter_enable_time_stamp_v2, \ |
2538 | 28 | { "Enable TimestampV2", prefix ".quic.parameter.enable_time_stamp_v2", \ |
2539 | 28 | FT_UINT64, BASE_DEC|BASE_VAL64_STRING, VALS64(quic_enable_time_stamp_v2_vals), 0x00, \ |
2540 | 28 | NULL, HFILL } \ |
2541 | 28 | }, \ |
2542 | 28 | { & name .hf.hs_ext_quictp_parameter_min_ack_delay, \ |
2543 | 28 | { "min_ack_delay", prefix ".quic.parameter.min_ack_delay", \ |
2544 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2545 | 28 | NULL, HFILL } \ |
2546 | 28 | }, \ |
2547 | 28 | { & name .hf.hs_ext_quictp_parameter_google_user_agent_id, \ |
2548 | 28 | { "Google UserAgent", prefix ".quic.parameter.google.user_agent", \ |
2549 | 28 | FT_STRING, BASE_NONE, NULL, 0x00, \ |
2550 | 28 | NULL, HFILL } \ |
2551 | 28 | }, \ |
2552 | 28 | { & name .hf.hs_ext_quictp_parameter_google_key_update_not_yet_supported, \ |
2553 | 28 | { "Google Key Update not yet supported", prefix ".quic.parameter.google.key_update_not_yet_supported", \ |
2554 | 28 | FT_NONE, BASE_NONE, NULL, 0x00, \ |
2555 | 28 | NULL, HFILL } \ |
2556 | 28 | }, \ |
2557 | 28 | { & name .hf.hs_ext_quictp_parameter_google_quic_version, \ |
2558 | 28 | { "Google QUIC version", prefix ".quic.parameter.google.quic_version", \ |
2559 | 28 | FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \ |
2560 | 28 | NULL, HFILL } \ |
2561 | 28 | }, \ |
2562 | 28 | { & name .hf.hs_ext_quictp_parameter_google_initial_rtt, \ |
2563 | 28 | { "Google Initial RTT", prefix ".quic.parameter.google.initial_rtt", \ |
2564 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2565 | 28 | NULL, HFILL } \ |
2566 | 28 | }, \ |
2567 | 28 | { & name .hf.hs_ext_quictp_parameter_google_support_handshake_done, \ |
2568 | 28 | { "Google Support Handshake Done", prefix ".quic.parameter.google.support_handshake_done", \ |
2569 | 28 | FT_NONE, BASE_NONE, NULL, 0x00, \ |
2570 | 28 | NULL, HFILL } \ |
2571 | 28 | }, \ |
2572 | 28 | { & name .hf.hs_ext_quictp_parameter_google_quic_params, \ |
2573 | 28 | { "Google QUIC parameters", prefix ".quic.parameter.google.quic_params", \ |
2574 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2575 | 28 | NULL, HFILL } \ |
2576 | 28 | }, \ |
2577 | 28 | { & name .hf.hs_ext_quictp_parameter_google_quic_params_unknown_field, \ |
2578 | 28 | { "Google Unknown Field", prefix ".quic.parameter.google.quic_params_unknown_field", \ |
2579 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2580 | 28 | NULL, HFILL } \ |
2581 | 28 | }, \ |
2582 | 28 | { & name .hf.hs_ext_quictp_parameter_google_connection_options, \ |
2583 | 28 | { "Google Connection options", prefix ".quic.parameter.google.connection_options", \ |
2584 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2585 | 28 | NULL, HFILL } \ |
2586 | 28 | }, \ |
2587 | 28 | { & name .hf.hs_ext_quictp_parameter_google_supported_versions_length, \ |
2588 | 28 | { "Google Supported Versions Length", prefix ".quic.parameter.google.supported_versions_length", \ |
2589 | 28 | FT_UINT8, BASE_DEC, NULL, 0x00, \ |
2590 | 28 | NULL, HFILL } \ |
2591 | 28 | }, \ |
2592 | 28 | { & name .hf.hs_ext_quictp_parameter_google_supported_version, \ |
2593 | 28 | { "Google Supported Version", prefix ".quic.parameter.google.supported_version", \ |
2594 | 28 | FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \ |
2595 | 28 | NULL, HFILL } \ |
2596 | 28 | }, \ |
2597 | 28 | { & name .hf.hs_ext_quictp_parameter_facebook_partial_reliability, \ |
2598 | 28 | { "Facebook Partial Reliability", prefix ".quic.parameter.facebook.partial_reliability", \ |
2599 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2600 | 28 | NULL, HFILL } \ |
2601 | 28 | }, \ |
2602 | 28 | { & name .hf.hs_ext_quictp_parameter_chosen_version, \ |
2603 | 28 | { "Chosen Version", prefix ".quic.parameter.vi.chosen_version", \ |
2604 | 28 | FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \ |
2605 | 28 | NULL, HFILL } \ |
2606 | 28 | }, \ |
2607 | 28 | { & name .hf.hs_ext_quictp_parameter_other_version, \ |
2608 | 28 | { "Other Version", prefix ".quic.parameter.vi.other_version", \ |
2609 | 28 | FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \ |
2610 | 28 | NULL, HFILL } \ |
2611 | 28 | }, \ |
2612 | 28 | { & name .hf.hs_ext_quictp_parameter_enable_multipath, \ |
2613 | 28 | { "Enable Multipath", prefix ".quic.parameter.enable_multipath", \ |
2614 | 28 | FT_UINT64, BASE_DEC|BASE_VAL64_STRING, VALS64(quic_enable_multipath_vals), 0x00, \ |
2615 | 28 | NULL, HFILL } \ |
2616 | 28 | }, \ |
2617 | 28 | { & name .hf.hs_ext_quictp_parameter_initial_max_paths, \ |
2618 | 28 | { "Initial Max Paths", prefix ".quic.parameter.initial_max_paths", \ |
2619 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2620 | 28 | NULL, HFILL } \ |
2621 | 28 | }, \ |
2622 | 28 | { & name .hf.hs_ext_quictp_parameter_initial_max_path_id, \ |
2623 | 28 | { "Initial Max Path ID", prefix ".quic.parameter.initial_max_path_id", \ |
2624 | 28 | FT_UINT64, BASE_DEC, NULL, 0x00, \ |
2625 | 28 | NULL, HFILL } \ |
2626 | 28 | }, \ |
2627 | 28 | { & name .hf.hs_ext_connection_id_length, \ |
2628 | 28 | { "Connection ID length", prefix ".connection_id_length", \ |
2629 | 28 | FT_UINT8, BASE_DEC, NULL, 0x00, \ |
2630 | 28 | NULL, HFILL } \ |
2631 | 28 | }, \ |
2632 | 28 | { & name .hf.hs_ext_connection_id, \ |
2633 | 28 | { "Connection ID", prefix ".connection_id", \ |
2634 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2635 | 28 | NULL, HFILL } \ |
2636 | 28 | }, \ |
2637 | 28 | { & name .hf.hs_ext_trusted_ca_keys_len, \ |
2638 | 28 | { "Trusted CA keys length", prefix ".handshake.trusted_ca.keys_length", \ |
2639 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2640 | 28 | "Length of Trusted CA keys extension", HFILL } \ |
2641 | 28 | }, \ |
2642 | 28 | { & name .hf.hs_ext_trusted_ca_keys_list, \ |
2643 | 28 | { "Trusted CA keys", prefix ".handshake.trusted_ca.keys", \ |
2644 | 28 | FT_NONE, BASE_NONE, NULL, 0x00, \ |
2645 | 28 | "List of Trusted CA keys", HFILL } \ |
2646 | 28 | }, \ |
2647 | 28 | { & name .hf.hs_ext_trusted_ca_key, \ |
2648 | 28 | { "Trusted CA key", prefix ".handshake.trusted_ca.key", \ |
2649 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2650 | 28 | NULL, HFILL } \ |
2651 | 28 | }, \ |
2652 | 28 | { & name .hf.hs_ext_trusted_ca_key_type, \ |
2653 | 28 | { "Trusted CA key type", prefix ".handshake.trusted_ca.key_type", \ |
2654 | 28 | FT_UINT8, BASE_DEC, VALS(tls_hello_ext_trusted_ca_key_type), 0x00, \ |
2655 | 28 | "Type of Trusted CA key", HFILL } \ |
2656 | 28 | }, \ |
2657 | 28 | { & name .hf.hs_ext_trusted_ca_key_hash, \ |
2658 | 28 | { "Trusted CA key hash", prefix ".handshake.trusted_ca.key_hash", \ |
2659 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2660 | 28 | NULL, HFILL } \ |
2661 | 28 | }, \ |
2662 | 28 | { & name .hf.hs_ext_trusted_ca_key_dname_len, \ |
2663 | 28 | { "Distinguished Name Length", prefix ".handshake.trusted_ca.key_dname_len", \ |
2664 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2665 | 28 | "Length of distinguished name", HFILL } \ |
2666 | 28 | }, \ |
2667 | 28 | { & name .hf.hs_ext_trusted_ca_key_dname, \ |
2668 | 28 | { "Distinguished Name", prefix ".handshake.trusted_ca.key_dname", \ |
2669 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2670 | 28 | "Distinguished name of a CA that the client trusts", HFILL } \ |
2671 | 28 | }, \ |
2672 | 28 | { & name .hf.esni_suite, \ |
2673 | 28 | { "Cipher Suite", prefix ".esni.suite", \ |
2674 | 28 | FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0, \ |
2675 | 28 | "Cipher suite used to encrypt the SNI", HFILL } \ |
2676 | 28 | }, \ |
2677 | 28 | { & name .hf.esni_record_digest_length, \ |
2678 | 28 | { "Record Digest Length", prefix ".esni.record_digest_length", \ |
2679 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2680 | 28 | NULL, HFILL } \ |
2681 | 28 | }, \ |
2682 | 28 | { & name .hf.esni_record_digest, \ |
2683 | 28 | { "Record Digest", prefix ".esni.record_digest", \ |
2684 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2685 | 28 | "Cryptographic hash of the ESNIKeys from which the ESNI key was obtained", HFILL } \ |
2686 | 28 | }, \ |
2687 | 28 | { & name .hf.esni_encrypted_sni_length, \ |
2688 | 28 | { "Encrypted SNI Length", prefix ".esni.encrypted_sni_length", \ |
2689 | 28 | FT_UINT16, BASE_DEC, NULL, 0x00, \ |
2690 | 28 | NULL, HFILL } \ |
2691 | 28 | }, \ |
2692 | 28 | { & name .hf.esni_encrypted_sni, \ |
2693 | 28 | { "Encrypted SNI", prefix ".esni.encrypted_sni", \ |
2694 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2695 | 28 | "The encrypted ClientESNIInner structure", HFILL } \ |
2696 | 28 | }, \ |
2697 | 28 | { & name .hf.esni_nonce, \ |
2698 | 28 | { "Nonce", prefix ".esni.nonce", \ |
2699 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2700 | 28 | "Contents of ClientESNIInner.nonce", HFILL } \ |
2701 | 28 | }, \ |
2702 | 28 | { & name .hf.ech_echconfiglist_length, \ |
2703 | 28 | { "ECHConfigList length", prefix ".ech.echconfiglist_length", \ |
2704 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2705 | 28 | "Encrypted ClientHello (ECH) Configurations length", HFILL } \ |
2706 | 28 | }, \ |
2707 | 28 | { & name .hf.ech_echconfiglist, \ |
2708 | 28 | { "ECHConfigList", prefix ".ech.echconfiglist", \ |
2709 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2710 | 28 | "Encrypted ClientHello (ECH) Configurations", HFILL } \ |
2711 | 28 | }, \ |
2712 | 28 | { & name .hf.ech_echconfig, \ |
2713 | 28 | { "ECHConfig", prefix ".ech.echconfig", \ |
2714 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2715 | 28 | "Encrypted ClientHello (ECH) Configuration", HFILL } \ |
2716 | 28 | }, \ |
2717 | 28 | { & name .hf.ech_echconfig_version, \ |
2718 | 28 | { "Version", prefix ".ech.echconfig.version", \ |
2719 | 28 | FT_UINT16, BASE_HEX, NULL, 0x0, \ |
2720 | 28 | "Encrypted ClientHello: ECHConfig version", HFILL } \ |
2721 | 28 | }, \ |
2722 | 28 | { & name .hf.ech_echconfig_length, \ |
2723 | 28 | { "Length", prefix ".ech.echconfig.length", \ |
2724 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2725 | 28 | "Encrypted ClientHello: ECHConfig length", HFILL } \ |
2726 | 28 | }, \ |
2727 | 28 | { & name .hf.ech_echconfigcontents_maximum_name_length, \ |
2728 | 28 | { "Maximum Name Length", prefix ".ech.echconfigcontents.maximum_name_length", \ |
2729 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2730 | 28 | "The longest name of a backend server, if known", HFILL } \ |
2731 | 28 | }, \ |
2732 | 28 | { & name .hf.ech_echconfigcontents_public_name_length, \ |
2733 | 28 | { "Public Name length", prefix ".ech.echconfigcontents.public_name_length", \ |
2734 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2735 | 28 | "Length of the Public Name field", HFILL } \ |
2736 | 28 | }, \ |
2737 | 28 | { & name .hf.ech_echconfigcontents_public_name, \ |
2738 | 28 | { "Public Name", prefix ".ech.echconfigcontents.public_name", \ |
2739 | 28 | FT_STRING, BASE_NONE, NULL, 0x0, \ |
2740 | 28 | "The DNS name of the client-facing server, i.e., the entity trusted to update the ECH configuration", HFILL } \ |
2741 | 28 | }, \ |
2742 | 28 | { & name .hf.ech_echconfigcontents_extensions_length, \ |
2743 | 28 | { "Extensions length", prefix ".ech.echconfigcontents.extensions_length", \ |
2744 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2745 | 28 | "Length of the Extensions field", HFILL } \ |
2746 | 28 | }, \ |
2747 | 28 | { & name .hf.ech_echconfigcontents_extensions, \ |
2748 | 28 | { "Extensions", prefix ".ech.echconfigcontents.extensions", \ |
2749 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2750 | 28 | "A list of extensions that the client must take into consideration when generating a ClientHello message", HFILL } \ |
2751 | 28 | }, \ |
2752 | 28 | { & name .hf.ech_hpke_keyconfig, \ |
2753 | 28 | { "HPKE Key Config", prefix ".ech.hpke.keyconfig", \ |
2754 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2755 | 28 | "HPKE Key Config", HFILL } \ |
2756 | 28 | }, \ |
2757 | 28 | { & name .hf.ech_hpke_keyconfig_config_id, \ |
2758 | 28 | { "Config Id", prefix ".ech.hpke.keyconfig.config_id", \ |
2759 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2760 | 28 | "HPKE Config Id", HFILL } \ |
2761 | 28 | }, \ |
2762 | 28 | { & name .hf.ech_hpke_keyconfig_kem_id, \ |
2763 | 28 | { "KEM Id", prefix ".ech.hpke.keyconfig.kem_id", \ |
2764 | 28 | FT_UINT16, BASE_DEC, VALS(kem_id_type_vals), 0x0, \ |
2765 | 28 | "HPKE KEM Id", HFILL } \ |
2766 | 28 | }, \ |
2767 | 28 | { & name .hf.ech_hpke_keyconfig_public_key_length, \ |
2768 | 28 | { "Public Key length", prefix ".ech.hpke.keyconfig.public_key_length", \ |
2769 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2770 | 28 | "HPKE Public Key length", HFILL } \ |
2771 | 28 | }, \ |
2772 | 28 | { & name .hf.ech_hpke_keyconfig_public_key, \ |
2773 | 28 | { "Public Key", prefix ".ech.hpke.keyconfig.public_key", \ |
2774 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2775 | 28 | "HPKE Public Key", HFILL } \ |
2776 | 28 | }, \ |
2777 | 28 | { & name .hf.ech_hpke_keyconfig_cipher_suites, \ |
2778 | 28 | { "Cipher Suites", prefix ".ech.hpke.keyconfig.cipher_suites", \ |
2779 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2780 | 28 | "HPKE Cipher Suites", HFILL } \ |
2781 | 28 | }, \ |
2782 | 28 | { & name .hf.ech_hpke_keyconfig_cipher_suites_length, \ |
2783 | 28 | { "Cipher Suites length", prefix ".ech.hpke.keyconfig.cipher_suites_length", \ |
2784 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2785 | 28 | "HPKE Cipher Suites length", HFILL } \ |
2786 | 28 | }, \ |
2787 | 28 | { & name .hf.ech_hpke_keyconfig_cipher_suite, \ |
2788 | 28 | { "Cipher Suite", prefix ".ech.hpke.keyconfig.cipher_suite", \ |
2789 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2790 | 28 | "HPKE Cipher Suite", HFILL } \ |
2791 | 28 | }, \ |
2792 | 28 | { & name .hf.ech_hpke_keyconfig_cipher_suite_kdf_id, \ |
2793 | 28 | { "KDF Id", prefix ".ech.hpke.keyconfig.cipher_suite.kdf_id", \ |
2794 | 28 | FT_UINT16, BASE_DEC, VALS(kdf_id_type_vals), 0x0, \ |
2795 | 28 | "HPKE KDF Id", HFILL } \ |
2796 | 28 | }, \ |
2797 | 28 | { & name .hf.ech_hpke_keyconfig_cipher_suite_aead_id, \ |
2798 | 28 | { "AEAD Id", prefix ".ech.hpke.keyconfig.cipher_suite.aead_id", \ |
2799 | 28 | FT_UINT16, BASE_DEC, VALS(aead_id_type_vals), 0x0, \ |
2800 | 28 | "HPKE AEAD Id", HFILL } \ |
2801 | 28 | }, \ |
2802 | 28 | { & name .hf.ech_clienthello_type, \ |
2803 | 28 | { "Client Hello type", prefix ".ech.client_hello_type", \ |
2804 | 28 | FT_UINT8, BASE_DEC, VALS(tls_hello_ext_ech_clienthello_types), 0x0, \ |
2805 | 28 | "Client Hello type", HFILL } \ |
2806 | 28 | }, \ |
2807 | 28 | { & name .hf.ech_cipher_suite, \ |
2808 | 28 | { "Cipher Suite", prefix ".ech.cipher_suite", \ |
2809 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2810 | 28 | "The cipher suite used to encrypt ClientHelloInner", HFILL } \ |
2811 | 28 | }, \ |
2812 | 28 | { & name .hf.ech_config_id, \ |
2813 | 28 | { "Config Id", prefix ".ech.config_id", \ |
2814 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2815 | 28 | "The ECHConfigContents.key_config.config_id for the chosen ECHConfig", HFILL } \ |
2816 | 28 | }, \ |
2817 | 28 | { & name .hf.ech_enc_length, \ |
2818 | 28 | { "Enc length", prefix ".ech.enc_length", \ |
2819 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2820 | 28 | NULL, HFILL } \ |
2821 | 28 | }, \ |
2822 | 28 | { & name .hf.ech_enc, \ |
2823 | 28 | { "Enc", prefix ".ech.enc", \ |
2824 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2825 | 28 | "The HPKE encapsulated key, used by servers to decrypt the corresponding payload field", HFILL } \ |
2826 | 28 | }, \ |
2827 | 28 | { & name .hf.ech_payload_length, \ |
2828 | 28 | { "Payload length", prefix ".ech.payload_length", \ |
2829 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2830 | 28 | "Payload Length", HFILL } \ |
2831 | 28 | }, \ |
2832 | 28 | { & name .hf.ech_payload, \ |
2833 | 28 | { "Payload", prefix ".ech.payload", \ |
2834 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2835 | 28 | "The serialized and encrypted ClientHelloInner structure", HFILL } \ |
2836 | 28 | }, \ |
2837 | 28 | { & name .hf.ech_confirmation, \ |
2838 | 28 | { "Confirmation", prefix ".ech.confirmation", \ |
2839 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2840 | 28 | "Confirmation of ECH acceptance in a HelloRetryRequest", HFILL } \ |
2841 | 28 | }, \ |
2842 | 28 | { & name .hf.ech_retry_configs, \ |
2843 | 28 | { "Retry Configs", prefix ".ech.retry_configs", \ |
2844 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2845 | 28 | "ECHConfig structures for one-time use by the client in a retry connection", HFILL } \ |
2846 | 28 | }, \ |
2847 | 28 | { & name .hf.ech_padding_data, \ |
2848 | 28 | { "ECH Encrypted Padding", prefix ".ech.encrypted_padding", \ |
2849 | 28 | FT_BYTES, BASE_NONE, NULL, 0x0, \ |
2850 | 28 | "Must be zero", HFILL } \ |
2851 | 28 | }, \ |
2852 | 28 | { & name .hf.hs_ext_alps_len, \ |
2853 | 28 | { "ALPS Extension Length", prefix ".handshake.extensions_alps_len", \ |
2854 | 28 | FT_UINT16, BASE_DEC, NULL, 0x0, \ |
2855 | 28 | "Length of the ALPS Extension", HFILL } \ |
2856 | 28 | }, \ |
2857 | 28 | { & name .hf.hs_ext_alps_alpn_list, \ |
2858 | 28 | { "Supported ALPN List", prefix ".handshake.extensions_alps_alpn_list", \ |
2859 | 28 | FT_NONE, BASE_NONE, NULL, 0x0, \ |
2860 | 28 | "List of supported ALPN by ALPS", HFILL } \ |
2861 | 28 | }, \ |
2862 | 28 | { & name .hf.hs_ext_alps_alpn_str_len, \ |
2863 | 28 | { "Supported ALPN Length", prefix ".handshake.extensions_alps_alpn_str_len", \ |
2864 | 28 | FT_UINT8, BASE_DEC, NULL, 0x0, \ |
2865 | 28 | "Length of ALPN string", HFILL } \ |
2866 | 28 | }, \ |
2867 | 28 | { & name .hf.hs_ext_alps_alpn_str, \ |
2868 | 28 | { "Supported ALPN", prefix ".handshake.extensions_alps_alpn_str", \ |
2869 | 28 | FT_STRING, BASE_NONE, NULL, 0x00, \ |
2870 | 28 | "ALPN supported by ALPS", HFILL } \ |
2871 | 28 | }, \ |
2872 | 28 | { & name .hf.hs_ext_alps_settings, \ |
2873 | 28 | { "ALPN Opaque Settings", prefix ".handshake.extensions_alps.settings", \ |
2874 | 28 | FT_BYTES, BASE_NONE, NULL, 0x00, \ |
2875 | 28 | "ALPN Opaque Settings", HFILL } \ |
2876 | 28 | } |
2877 | | /* }}} */ |
2878 | | |
2879 | | /* {{{ */ |
2880 | | #define SSL_COMMON_ETT_LIST(name) \ |
2881 | 28 | & name .ett.hs_ext, \ |
2882 | 28 | & name .ett.hs_ext_alpn, \ |
2883 | 28 | & name .ett.hs_ext_cert_types, \ |
2884 | 28 | & name .ett.hs_ext_groups, \ |
2885 | 28 | & name .ett.hs_ext_curves_point_formats, \ |
2886 | 28 | & name .ett.hs_ext_npn, \ |
2887 | 28 | & name .ett.hs_ext_reneg_info, \ |
2888 | 28 | & name .ett.hs_ext_key_share, \ |
2889 | 28 | & name .ett.hs_ext_key_share_ks, \ |
2890 | 28 | & name .ett.hs_ext_pre_shared_key, \ |
2891 | 28 | & name .ett.hs_ext_psk_identity, \ |
2892 | 28 | & name .ett.hs_ext_psk_binders, \ |
2893 | 28 | & name .ett.hs_ext_psk_binder, \ |
2894 | 28 | & name .ett.hs_ext_server_name, \ |
2895 | 28 | & name .ett.hs_ext_oid_filter, \ |
2896 | 28 | & name .ett.hs_ext_quictp_parameter, \ |
2897 | 28 | & name .ett.hs_ext_trusted_ca_keys, \ |
2898 | 28 | & name .ett.hs_ext_trusted_ca_key, \ |
2899 | 28 | & name .ett.hs_sig_hash_alg, \ |
2900 | 28 | & name .ett.hs_sig_hash_algs, \ |
2901 | 28 | & name .ett.urlhash, \ |
2902 | 28 | & name .ett.keyex_params, \ |
2903 | 28 | & name .ett.certificates, \ |
2904 | 28 | & name .ett.cert_types, \ |
2905 | 28 | & name .ett.dnames, \ |
2906 | 28 | & name .ett.hs_random, \ |
2907 | 28 | & name .ett.cipher_suites, \ |
2908 | 28 | & name .ett.comp_methods, \ |
2909 | 28 | & name .ett.session_ticket, \ |
2910 | 28 | & name .ett.sct, \ |
2911 | 28 | & name .ett.cert_status, \ |
2912 | 28 | & name .ett.ocsp_response, \ |
2913 | 28 | & name .ett.uncompressed_certificates, \ |
2914 | 28 | & name .ett.hs_ext_alps, \ |
2915 | 28 | & name .ett.ech_echconfiglist, \ |
2916 | 28 | & name .ett.ech_echconfig, \ |
2917 | 28 | & name .ett.ech_retry_configs, \ |
2918 | 28 | & name .ett.ech_hpke_keyconfig, \ |
2919 | 28 | & name .ett.ech_hpke_cipher_suites, \ |
2920 | 28 | & name .ett.ech_hpke_cipher_suite, \ |
2921 | 28 | & name .ett.ech_decrypt, \ |
2922 | 28 | & name .ett.hs_ext_token_binding_key_parameters, \ |
2923 | | |
2924 | | /* }}} */ |
2925 | | |
2926 | | /* {{{ */ |
2927 | | #define SSL_COMMON_EI_LIST(name, prefix) \ |
2928 | 28 | { & name .ei.client_version_error, \ |
2929 | 28 | { prefix ".handshake.client_version_error", PI_PROTOCOL, PI_WARN, \ |
2930 | 28 | "Client Hello legacy version field specifies version 1.3, not version 1.2; some servers may not be able to handle that.", EXPFILL } \ |
2931 | 28 | }, \ |
2932 | 28 | { & name .ei.server_version_error, \ |
2933 | 28 | { prefix ".handshake.server_version_error", PI_PROTOCOL, PI_WARN, \ |
2934 | 28 | "Server Hello legacy version field specifies version 1.3, not version 1.2; some middleboxes may not be able to handle that.", EXPFILL } \ |
2935 | 28 | }, \ |
2936 | 28 | { & name .ei.legacy_version, \ |
2937 | 28 | { prefix ".handshake.legacy_version", PI_DEPRECATED, PI_CHAT, \ |
2938 | 28 | "This legacy_version field MUST be ignored. The supported_versions extension is present and MUST be used instead.", EXPFILL } \ |
2939 | 28 | }, \ |
2940 | 28 | { & name .ei.malformed_vector_length, \ |
2941 | 28 | { prefix ".malformed.vector_length", PI_PROTOCOL, PI_WARN, \ |
2942 | 28 | "Variable vector length is outside the permitted range", EXPFILL } \ |
2943 | 28 | }, \ |
2944 | 28 | { & name .ei.malformed_buffer_too_small, \ |
2945 | 28 | { prefix ".malformed.buffer_too_small", PI_MALFORMED, PI_ERROR, \ |
2946 | 28 | "Malformed message, not enough data is available", EXPFILL } \ |
2947 | 28 | }, \ |
2948 | 28 | { & name .ei.malformed_trailing_data, \ |
2949 | 28 | { prefix ".malformed.trailing_data", PI_PROTOCOL, PI_WARN, \ |
2950 | 28 | "Undecoded trailing data is present", EXPFILL } \ |
2951 | 28 | }, \ |
2952 | 28 | { & name .ei.hs_ext_cert_status_undecoded, \ |
2953 | 28 | { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, \ |
2954 | 28 | "Responder ID list or Request Extensions are not implemented", EXPFILL } \ |
2955 | 28 | }, \ |
2956 | 28 | { & name .ei.hs_ciphersuite_undecoded, \ |
2957 | 28 | { prefix ".handshake.ciphersuite.undecoded", PI_UNDECODED, PI_NOTE, \ |
2958 | 28 | "Ciphersuite not implemented", EXPFILL } \ |
2959 | 28 | }, \ |
2960 | 28 | { & name .ei.hs_srv_keyex_illegal, \ |
2961 | 28 | { prefix ".handshake.server_keyex_illegal", PI_PROTOCOL, PI_WARN, \ |
2962 | 28 | "It is not legal to send the ServerKeyExchange message for this ciphersuite", EXPFILL } \ |
2963 | 28 | }, \ |
2964 | 28 | { & name .ei.resumed, \ |
2965 | 28 | { prefix ".resumed", PI_SEQUENCE, PI_NOTE, \ |
2966 | 28 | "This session reuses previously negotiated keys (Session resumption)", EXPFILL } \ |
2967 | 28 | }, \ |
2968 | 28 | { & name .ei.record_length_invalid, \ |
2969 | 28 | { prefix ".record.length.invalid", PI_PROTOCOL, PI_ERROR, \ |
2970 | 28 | "Record fragment length is too small or too large", EXPFILL } \ |
2971 | 28 | }, \ |
2972 | 28 | { & name .ei.decompression_error, \ |
2973 | 28 | { prefix ".decompression_error", PI_PROTOCOL, PI_ERROR, \ |
2974 | 28 | "Decompression error", EXPFILL } \ |
2975 | 28 | }, \ |
2976 | 28 | { & name .ei.ech_echconfig_invalid_version, \ |
2977 | 28 | { prefix ".ech_echconfig_invalid_version", PI_PROTOCOL, PI_ERROR, \ |
2978 | 28 | "Invalid/unknown ECHConfig version", EXPFILL } \ |
2979 | 28 | }, \ |
2980 | 28 | { & name .ei.ech_accepted, \ |
2981 | 28 | { prefix ".ech_accepted", PI_PROTOCOL, PI_NOTE, \ |
2982 | 28 | "Calculated ECH Confirmation matches Server Random bytes, ECH was accepted", EXPFILL } \ |
2983 | 28 | }, \ |
2984 | 28 | { & name .ei.ech_rejected, \ |
2985 | 28 | { prefix ".ech_rejected", PI_PROTOCOL, PI_WARN, \ |
2986 | 28 | "Calculated ECH Confirmation does not match Server Random bytes, ECH was rejected", EXPFILL } \ |
2987 | 28 | } |
2988 | | /* }}} */ |
2989 | | |
2990 | | extern void |
2991 | | ssl_common_register_ssl_alpn_dissector_table(const char *name, |
2992 | | const char *ui_name, const int proto); |
2993 | | |
2994 | | extern void |
2995 | | ssl_common_register_dtls_alpn_dissector_table(const char *name, |
2996 | | const char *ui_name, const int proto); |
2997 | | |
2998 | | extern void |
2999 | | ssl_common_register_options(module_t *module, ssl_common_options_t *options, bool is_dtls); |
3000 | | |
3001 | | #ifdef SSL_DECRYPT_DEBUG |
3002 | | extern void |
3003 | | ssl_debug_printf(const char* fmt,...) G_GNUC_PRINTF(1,2); |
3004 | | extern void |
3005 | | ssl_print_data(const char* name, const unsigned char* data, size_t len); |
3006 | | extern void |
3007 | | ssl_print_string(const char* name, const StringInfo* data); |
3008 | | extern void |
3009 | | ssl_set_debug(const char* name); |
3010 | | extern void |
3011 | | ssl_debug_flush(void); |
3012 | | #else |
3013 | | |
3014 | | /* No debug: nullify debug operation*/ |
3015 | | static inline void G_GNUC_PRINTF(1,2) |
3016 | | ssl_debug_printf(const char* fmt _U_,...) |
3017 | | { |
3018 | | } |
3019 | | #define ssl_print_data(a, b, c) |
3020 | | #define ssl_print_string(a, b) |
3021 | | #define ssl_set_debug(name) |
3022 | | #define ssl_debug_flush() |
3023 | | |
3024 | | #endif /* SSL_DECRYPT_DEBUG */ |
3025 | | |
3026 | | |
3027 | | uint32_t |
3028 | | ssl_dissect_ext_ech_echconfiglist(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, |
3029 | | proto_tree *tree, uint32_t offset, uint32_t offset_end); |
3030 | | |
3031 | | #endif /* __PACKET_TLS_UTILS_H__ */ |
3032 | | |
3033 | | /* |
3034 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
3035 | | * |
3036 | | * Local variables: |
3037 | | * c-basic-offset: 4 |
3038 | | * tab-width: 8 |
3039 | | * indent-tabs-mode: nil |
3040 | | * End: |
3041 | | * |
3042 | | * vi: set shiftwidth=4 tabstop=8 expandtab: |
3043 | | * :indentSize=4:tabSize=8:noTabs=true: |
3044 | | */ |