search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-wtls.c
blobfff2e2b32cbf83444850e0d37b368ccc5ae70354
1 /* packet-wtls.c
2 *
3 * Routines to dissect WTLS component of WAP traffic.
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * WAP dissector based on original work by Ben Fowler
10 * Updated by Neil Hunter <neil.hunter@energis-squared.com>
11 * WTLS support by Alexandre P. Ferreira (Splice IP)
12 *
13 * SPDX-License-Identifier: GPL-2.0-or-later
14 */
15
16 #define WS_LOG_DOMAIN "packet-wtls"
17
18 #include "config.h"
19 #include <wireshark.h>
20
21 #include <epan/packet.h>
22 #include <epan/iana_charsets.h>
23 #include "packet-wap.h"
24 #include "packet-wtls.h"
25
26 void proto_register_wtls(void);
27 void proto_reg_handoff_wtls(void);
28
29 static dissector_handle_t wtls_handle;
30
31 /* File scoped variables for the protocol and registered fields */
32 static int proto_wtls;
33
34 /* These fields used by fixed part of header */
35 static int hf_wtls_record;
36 static int hf_wtls_record_type;
37 static int hf_wtls_record_length;
38 static int hf_wtls_record_sequence;
39 static int hf_wtls_record_ciphered;
40 static int hf_wtls_hands;
41 static int hf_wtls_hands_type;
42 static int hf_wtls_hands_length;
43 static int hf_wtls_hands_cli_hello;
44 static int hf_wtls_hands_cli_hello_version;
45 static int hf_wtls_hands_cli_hello_gmt;
46 static int hf_wtls_hands_cli_hello_random;
47 static int hf_wtls_hands_cli_hello_session;
48 static int hf_wtls_hands_cli_hello_session_str;
49 static int hf_wtls_hands_cli_hello_cli_key_id;
50 static int hf_wtls_hands_cli_hello_cli_key_len;
51 static int hf_wtls_hands_cli_hello_trust_key_id;
52 static int hf_wtls_hands_cli_hello_key_exchange;
53 static int hf_wtls_hands_cli_hello_key_exchange_suite;
54 static int hf_wtls_hands_cli_hello_key_parameter_index;
55 static int hf_wtls_hands_cli_hello_key_parameter_set;
56 static int hf_wtls_hands_cli_hello_key_identifier_type;
57 static int hf_wtls_hands_cli_hello_key_identifier_charset;
58 static int hf_wtls_hands_cli_hello_key_identifier_size;
59 static int hf_wtls_hands_cli_hello_key_identifier;
60 static int hf_wtls_hands_cli_hello_key_identifier_str;
61 static int hf_wtls_hands_cli_hello_cipher_suite;
62 static int hf_wtls_hands_cli_hello_cipher_suite_item;
63 static int hf_wtls_hands_cli_hello_compression_methods;
64 static int hf_wtls_hands_cli_hello_compression;
65 static int hf_wtls_hands_cli_hello_sequence_mode;
66 static int hf_wtls_hands_cli_hello_key_refresh;
67 static int hf_wtls_hands_serv_hello;
68 static int hf_wtls_hands_serv_hello_version;
69 static int hf_wtls_hands_serv_hello_gmt;
70 static int hf_wtls_hands_serv_hello_random;
71 static int hf_wtls_hands_serv_hello_session;
72 static int hf_wtls_hands_serv_hello_session_str;
73 static int hf_wtls_hands_serv_hello_cli_key_id;
74 static int hf_wtls_hands_serv_hello_cipher_suite_item;
75 static int hf_wtls_hands_serv_hello_cipher_bulk;
76 static int hf_wtls_hands_serv_hello_cipher_mac;
77 static int hf_wtls_hands_serv_hello_compression;
78 static int hf_wtls_hands_serv_hello_sequence_mode;
79 static int hf_wtls_hands_serv_hello_key_refresh;
80 static int hf_wtls_hands_certificates;
81 static int hf_wtls_hands_certificate;
82 static int hf_wtls_hands_certificate_type;
83 static int hf_wtls_hands_certificate_wtls_version;
84 static int hf_wtls_hands_certificate_wtls_signature_type;
85 static int hf_wtls_hands_certificate_wtls_issuer_type;
86 static int hf_wtls_hands_certificate_wtls_issuer_charset;
87 static int hf_wtls_hands_certificate_wtls_issuer_size;
88 static int hf_wtls_hands_certificate_wtls_issuer_name;
89 static int hf_wtls_hands_certificate_wtls_valid_not_before;
90 static int hf_wtls_hands_certificate_wtls_valid_not_after;
91 static int hf_wtls_hands_certificate_wtls_subject_type;
92 static int hf_wtls_hands_certificate_wtls_subject_charset;
93 static int hf_wtls_hands_certificate_wtls_subject_size;
94 static int hf_wtls_hands_certificate_wtls_subject_name;
95 static int hf_wtls_hands_certificate_wtls_public_key_type;
96 static int hf_wtls_hands_certificate_wtls_key_parameter_index;
97 static int hf_wtls_hands_certificate_wtls_key_parameter_set;
98 static int hf_wtls_hands_certificate_wtls_rsa_exponent;
99 static int hf_wtls_hands_certificate_wtls_rsa_modules;
100 static int hf_wtls_hands_certificate_wtls_signature;
101 static int hf_wtls_alert;
102 static int hf_wtls_alert_level;
103 static int hf_wtls_alert_description;
104
105 /* Initialize the subtree pointers */
106 static int ett_wtls;
107 static int ett_wtls_rec;
108 static int ett_wtls_msg_type;
109 static int ett_wtls_msg_type_item;
110 static int ett_wtls_msg_type_item_sub;
111 static int ett_wtls_msg_type_item_sub_sub;
112
113 static const value_string wtls_vals_record_type[] = {
114 { 1, "change_cipher_data" },
115 { 2, "alert" },
116 { 3, "handshake" },
117 { 4, "application_data" },
118 { 0, NULL }
119 };
120 static value_string_ext wtls_vals_record_type_ext = VALUE_STRING_EXT_INIT(wtls_vals_record_type);
121
122 static const value_string wtls_vals_cipher_bulk[] = {
123 { 0, "Null" },
124 { 1, "RC5 CBC 40" },
125 { 2, "RC5 CBC 56" },
126 { 3, "RC5 CBC" },
127 { 4, "DES CBC 40" },
128 { 5, "DES CBC" },
129 { 6, "3DES CBC cwEDE40" },
130 { 7, "IDEA CBC 40" },
131 { 8, "IDEA CBC 56" },
132 { 9, "IDEA CBC" },
133 { 0, NULL }
134 };
135 static value_string_ext wtls_vals_cipher_bulk_ext = VALUE_STRING_EXT_INIT(wtls_vals_cipher_bulk);
136
137 static const value_string wtls_vals_cipher_mac[] = {
138 { 0, "SHA 0" },
139 { 1, "SHA 40 " },
140 { 2, "SHA 80" },
141 { 3, "SHA" },
142 { 4, "SHA XOR 40" },
143 { 5, "MD5 40" },
144 { 6, "MD5 80" },
145 { 7, "MD5" },
146 { 0, NULL }
147 };
148 static value_string_ext wtls_vals_cipher_mac_ext = VALUE_STRING_EXT_INIT(wtls_vals_cipher_mac);
149
150 static const value_string wtls_vals_handshake_type[] = {
151 { 0, "Hello Request" },
152 { 1, "Client Hello" },
153 { 2, "Server Hello" },
154 { 11, "Certificate" },
155 { 12, "Server Key Exchange" },
156 { 13, "Certificate Request" },
157 { 14, "Server Hello Done" },
158 { 15, "Certificate Verify" },
159 { 16, "Client Key Exchange" },
160 { 20, "Finished" },
161 { 0, NULL }
162 };
163 static value_string_ext wtls_vals_handshake_type_ext = VALUE_STRING_EXT_INIT(wtls_vals_handshake_type);
164
165 static const value_string wtls_vals_key_exchange_suite[] = {
166 { 0, "NULL" },
167 { 1, "Shared Secret" },
168 { 2, "Diffie Hellman Anonymous" },
169 { 3, "Diffie Hellman Anonymous 512" },
170 { 4, "Diffie Hellman Anonymous 768" },
171 { 5, "RSA Anonymous" },
172 { 6, "RSA Anonymous 512" },
173 { 7, "RSA Anonymous 768" },
174 { 8, "RSA" },
175 { 9, "RSA 512" },
176 { 10, "RSA 768" },
177 { 11, "EC Diffie Hellman Anonymous" },
178 { 12, "EC Diffie Hellman Anonymous 113" },
179 { 13, "EC Diffie Hellman Anonymous 131" },
180 { 14, "EC Diffie Hellman ECDSA" },
181 { 15, "EC Diffie Hellman Anonymous Uncomp" },
182 { 16, "EC Diffie Hellman Anonymous Uncomp 113" },
183 { 17, "EC Diffie Hellman Anonymous Uncomp 131" },
184 { 18, "EC Diffie Hellman ECDSA Uncomp" },
185 { 0x00, NULL }
186 };
187 static value_string_ext wtls_vals_key_exchange_suite_ext = VALUE_STRING_EXT_INIT(wtls_vals_key_exchange_suite);
188
189 static const value_string wtls_vals_identifier_type[] = {
190 { 0, "No identifier" },
191 { 1, "Textual Name" },
192 { 2, "Binary Name" },
193 { 254, "SHA-1 Hash of Public Key" },
194 { 255, "x509 Distinguished Name" },
195 { 0, NULL }
196 };
197 static value_string_ext wtls_vals_identifier_type_ext = VALUE_STRING_EXT_INIT(wtls_vals_identifier_type);
198
199 static const value_string wtls_vals_certificate_type[] = {
200 { 1, "WTLS" },
201 { 2, "X.509" },
202 { 3, "X.968" },
203 { 4, "URL" },
204 { 0, NULL }
205 };
206 static value_string_ext wtls_vals_certificate_type_ext = VALUE_STRING_EXT_INIT(wtls_vals_certificate_type);
207
208 static const value_string wtls_vals_compression[] = {
209 { 0, "Null" },
210 { 0, NULL }
211 };
212
213 static const value_string wtls_vals_sequence_mode[] = {
214 { 0, "Off" },
215 { 1, "Implicit" },
216 { 2, "Explicit" },
217 { 0, NULL }
218 };
219
220 static const value_string wtls_vals_certificate_signature[] = {
221 { 0, "Anonymous" },
222 { 1, "ECDSA_SHA" },
223 { 2, "RSA_SHA" },
224 { 0, NULL }
225 };
226
227 static const value_string wtls_vals_public_key_type[] = {
228 { 2, "RSA" },
229 { 3, "ECDH" },
230 { 4, "ECSA" },
231 { 0, NULL }
232 };
233
234 static const value_string wtls_vals_alert_level[] = {
235 { 1, "Warning" },
236 { 2, "Critical" },
237 { 3, "Fatal" },
238 { 0, NULL }
239 };
240
241 static const value_string wtls_vals_alert_description[] = {
242 { 0, "connection_close_notify"},
243 { 1, "session_close_notify"},
244 { 5, "no_connection"},
245 { 10, "unexpected_message"},
246 { 11, "time_required"},
247 { 20, "bad_record_mac"},
248 { 21, "decryption_failed"},
249 { 22, "record_overflow"},
250 { 30, "decompression_failure"},
251 { 40, "handshake_failure"},
252 { 42, "bad_certificate"},
253 { 43, "unsupported_certificate"},
254 { 44, "certificate_revoked"},
255 { 45, "certificate_expired"},
256 { 46, "certificate_unknown"},
257 { 47, "illegal_parameter"},
258 { 48, "unknown_ca"},
259 { 49, "access_denied"},
260 { 50, "decode_error"},
261 { 51, "decrypt_error"},
262 { 52, "unknown_key_id"},
263 { 53, "disabled_key_id"},
264 { 54, "key_exchange_disabled"},
265 { 55, "session_not_ready"},
266 { 56, "unknown_parameter_index"},
267 { 57, "duplicate_finished_received"},
268 { 60, "export_restriction"},
269 { 70, "protocol_version"},
270 { 71, "insufficient_security"},
271 { 80, "internal_error"},
272 { 90, "user_canceled"},
273 { 100, "no_renegotiation"},
274 { 0, NULL }
275 };
276 static value_string_ext wtls_vals_alert_description_ext = VALUE_STRING_EXT_INIT(wtls_vals_alert_description);
277
278 #define WTLS_RECORD_TYPE_LENGTH 0x80
279 #define WTLS_RECORD_TYPE_SEQUENCE 0x40
280 #define WTLS_RECORD_TYPE_CIPHER_CUR 0x20
281 #define WTLS_RECORD_CONTENT_TYPE 0x0f
282
283 #define WTLS_ALERT 0x02
284 #define WTLS_PLAIN_HANDSHAKE 0x03
285
286 #define WTLS_HANDSHAKE_CLIENT_HELLO 1
287 #define WTLS_HANDSHAKE_SERVER_HELLO 2
288 #define WTLS_HANDSHAKE_CERTIFICATE 11
289
290 #define CERTIFICATE_WTLS 1
291 #define CERTIFICATE_X509 2
292 #define CERTIFICATE_X968 3
293 #define CERTIFICATE_URL 4
294
295 #define IDENTIFIER_NULL 0
296 #define IDENTIFIER_TEXT 1
297 #define IDENTIFIER_BIN 2
298 #define IDENTIFIER_SHA_1 254
299 #define IDENTIFIER_X509 255
300
301 #define PUBLIC_KEY_RSA 2
302 #define PUBLIC_KEY_ECDH 3
303 #define PUBLIC_KEY_ECDSA 4
304
305 static void dissect_wtls_handshake (proto_tree *, tvbuff_t *, unsigned, unsigned);
306
307 /* Code to actually dissect the packets */
308 static int
309 dissect_wtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
310 {
311 int offset = 0;
312
313 char pdut;
314 unsigned count = 0;
315 unsigned offset_wtls = 0;
316
317 /* Set up structures we will need to add the protocol subtree and manage it */
318 proto_item *ti;
319 proto_tree *wtls_tree;
320 proto_tree *wtls_rec_tree;
321 proto_tree *wtls_msg_type_tree;
322
323 switch ( pinfo->match_uint )
324 {
325 case UDP_PORT_WTLS_WSP:
326 col_set_str(pinfo->cinfo, COL_PROTOCOL, "WTLS+WSP" );
327 break;
328 case UDP_PORT_WTLS_WTP_WSP:
329 col_set_str(pinfo->cinfo, COL_PROTOCOL, "WTLS+WTP+WSP" );
330 break;
331 }
332
333 /* Develop the string to put in the Info column */
334 col_set_str(pinfo->cinfo, COL_INFO, "WTLS");
335
336 /* In the interest of speed, if "tree" is NULL, don't do any work not
337 necessary to generate protocol tree items. */
338
339 if (tree) {
340 ti = proto_tree_add_item(tree, proto_wtls, tvb, offset_wtls,
341 -1, ENC_NA);
342 wtls_tree = proto_item_add_subtree(ti, ett_wtls);
343
344 for (offset_wtls=0; offset_wtls < (tvb_reported_length(tvb)-1);) {
345 pdut = tvb_get_uint8 (tvb, offset_wtls);
346
347 offset = offset_wtls+1;
348
349 if (pdut & WTLS_RECORD_TYPE_SEQUENCE) {
350 offset+=2;
351 }
352 if (pdut & WTLS_RECORD_TYPE_LENGTH) {
353 count = tvb_get_ntohs(tvb, offset);
354 offset+=2;
355 count += offset-offset_wtls;
356 }
357 else {
358 count = tvb_reported_length_remaining (tvb, offset_wtls);
359 }
360 ti = proto_tree_add_uint(wtls_tree, hf_wtls_record, tvb, offset_wtls,
361 count, pdut);
362 wtls_rec_tree = proto_item_add_subtree(ti, ett_wtls_rec);
363
364 offset = offset_wtls;
365
366 proto_tree_add_item (wtls_rec_tree, hf_wtls_record_type,
367 tvb,offset,1,ENC_BIG_ENDIAN);
368
369 offset++;
370
371 offset_wtls += count;
372
373 if (pdut & WTLS_RECORD_TYPE_SEQUENCE) {
374 proto_tree_add_item (wtls_rec_tree, hf_wtls_record_sequence,
375 tvb,offset,2,ENC_BIG_ENDIAN);
376 offset+=2;
377 }
378 if (pdut & WTLS_RECORD_TYPE_LENGTH) {
379 count = tvb_get_ntohs(tvb, offset);
380 proto_tree_add_item (wtls_rec_tree, hf_wtls_record_length,
381 tvb,offset,2,ENC_BIG_ENDIAN);
382 offset+=2;
383 }
384 else {
385 count = tvb_reported_length_remaining (tvb, offset);
386 }
387
388 if (pdut & WTLS_RECORD_TYPE_CIPHER_CUR) {
389 proto_tree_add_item (wtls_rec_tree, hf_wtls_record_ciphered,
390 tvb,offset,count,ENC_NA);
391 continue;
392 }
393
394 switch (pdut & WTLS_RECORD_CONTENT_TYPE) {
395 case WTLS_PLAIN_HANDSHAKE :
396 dissect_wtls_handshake(wtls_rec_tree,tvb,offset,count);
397 break;
398 case WTLS_ALERT :
399 ti = proto_tree_add_item(wtls_rec_tree, hf_wtls_alert, tvb, offset,
400 count, ENC_NA);
401 wtls_msg_type_tree = proto_item_add_subtree(ti, ett_wtls_msg_type);
402 proto_tree_add_item (wtls_msg_type_tree, hf_wtls_alert_level,
403 tvb,offset,1,ENC_BIG_ENDIAN);
404 offset+=1;
405 proto_tree_add_item (wtls_msg_type_tree, hf_wtls_alert_description,
406 tvb,offset,1,ENC_BIG_ENDIAN);
407 /*offset+=1;*/
408 break;
409 default:
410 /*offset+=count;*/
411 break;
412 }
413 }
414 }
415 return tvb_captured_length(tvb);
416 }
417
418 static int
419 add_text_identifier(tvbuff_t *tvb, int offset, int hf_charset,
420 int hf_size, int hf_str, proto_tree *tree)
421 {
422 uint8_t size;
423 int client_size = 0;
424
425 proto_tree_add_item(tree, hf_charset, tvb, offset, 2, ENC_BIG_ENDIAN);
426 offset+=2;
427 size = tvb_get_uint8 (tvb, offset);
428 proto_tree_add_item(tree, hf_size, tvb, offset, 1, ENC_BIG_ENDIAN);
429 offset++;
430 proto_tree_add_item(tree, hf_str, tvb, offset, size, ENC_BIG_ENDIAN);
431 /*offset+=size;*/
432 client_size+=size+3;
433 ws_debug("text id size = %d, client_size = %d",
434 size, client_size);
435 return client_size;
436 }
437
438 static int
439 add_session_id(proto_tree *tree, int hf, int hf_str, tvbuff_t *tvb, int offset)
440 {
441 unsigned count;
442 unsigned i;
443 uint64_t session_id;
444
445 count = tvb_get_uint8(tvb, offset);
446 if (count == 0)
447 proto_tree_add_string (tree, hf_str, tvb, offset, count+1, "NULL");
448 else if (count <= 8) {
449 session_id = 0;
450 for (i = 0; i < count; i++)
451 session_id = (session_id << 8) | tvb_get_uint8(tvb, offset + i);
452 proto_tree_add_uint64 (tree, hf, tvb, offset, count+1, session_id);
453 } else {
454 proto_tree_add_item(tree, hf, tvb, offset, count+1, ENC_NA);
455 }
456 return offset+1+count;
457 }
458
459 static void
460 dissect_wtls_handshake(proto_tree *tree, tvbuff_t *tvb, unsigned offset, unsigned count)
461 {
462 char pdu_msg_type;
463 int client_size = 0;
464 unsigned value = 0;
465 int size = 0;
466 unsigned public_key = 0;
467 char valStr[1024];
468 const char *valBulk = NULL;
469 const char *valMac = NULL;
470
471 proto_item *ti;
472 proto_item *cli_key_item;
473 proto_tree *wtls_msg_type_tree;
474 proto_tree *wtls_msg_type_item_tree;
475 proto_tree *wtls_msg_type_item_sub_tree;
476 proto_tree *wtls_msg_type_item_sub_sub_tree;
477
478 pdu_msg_type = tvb_get_uint8 (tvb, offset);
479 ti = proto_tree_add_uint(tree, hf_wtls_hands, tvb, offset,count, pdu_msg_type);
480 wtls_msg_type_tree = proto_item_add_subtree(ti, ett_wtls_msg_type);
481
482 proto_tree_add_item (wtls_msg_type_tree, hf_wtls_hands_type,
483 tvb,offset,1,ENC_BIG_ENDIAN);
484 offset+=1;
485 count = tvb_get_ntohs (tvb, offset);
486 proto_tree_add_item (wtls_msg_type_tree, hf_wtls_hands_length,
487 tvb,offset,2,ENC_BIG_ENDIAN);
488 offset+=2;
489 switch(pdu_msg_type) {
490 case WTLS_HANDSHAKE_CLIENT_HELLO :
491 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_cli_hello, tvb, offset,
492 count, ENC_NA);
493 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
494 proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_version,
495 tvb,offset,1,ENC_BIG_ENDIAN);
496 offset++;
497 proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_gmt, tvb,
498 offset, 4, ENC_TIME_SECS|ENC_BIG_ENDIAN);
499 offset+=4;
500 proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_cli_hello_random,
501 tvb,offset,12,ENC_NA);
502 offset+=12;
503 offset = add_session_id (wtls_msg_type_item_tree,
504 hf_wtls_hands_cli_hello_session,
505 hf_wtls_hands_cli_hello_session_str,
506 tvb, offset);
507
508 /* process client_key_ids structure */
509 count = tvb_get_ntohs (tvb, offset);
510 ti = proto_tree_add_item(wtls_msg_type_item_tree,
511 hf_wtls_hands_cli_hello_cli_key_id, tvb, offset,
512 count+2, ENC_NA);
513 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
514
515 /* display length of client_key_ids structure */
516 proto_tree_add_item(wtls_msg_type_item_sub_tree,
517 hf_wtls_hands_cli_hello_cli_key_len,
518 tvb,offset,2,ENC_BIG_ENDIAN);
519 offset+=2;
520
521 /* cycle through client_key_ids entries */
522 for (;count > 0;count-=client_size) {
523 /* get encryption suite id (one byte) */
524 value = tvb_get_uint8 (tvb, offset);
525 cli_key_item = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
526 hf_wtls_hands_cli_hello_key_exchange, tvb, offset,1,
527 value);
528 client_size=1;
529 wtls_msg_type_item_sub_sub_tree = proto_item_add_subtree(cli_key_item,
530 ett_wtls_msg_type_item_sub_sub);
531 proto_tree_add_uint(wtls_msg_type_item_sub_sub_tree,
532 hf_wtls_hands_cli_hello_key_exchange_suite,
533 tvb,offset,1,value);
534 offset++;
535 ws_debug("encryption suite = %d, client_size = %d", value, client_size);
536
537 /* get parameter index (one byte) */
538 value = tvb_get_uint8 (tvb, offset);
539 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
540 hf_wtls_hands_cli_hello_key_parameter_index,
541 tvb,offset,1,ENC_BIG_ENDIAN);
542 offset++;
543 client_size++;
544 ws_debug("parameter index = %d, client_size = %d", value, client_size);
545
546 /* explicit parameters present in next field */
547 if (value == 0xff) {
548 size = tvb_get_ntohs (tvb, offset);
549 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
550 hf_wtls_hands_cli_hello_key_parameter_set,
551 tvb,offset,size+2,ENC_ASCII);
552 offset+=size+2;
553 client_size+=size+2;
554 }
555
556 /* get identifier type */
557 value = tvb_get_uint8 (tvb, offset);
558 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
559 hf_wtls_hands_cli_hello_key_identifier_type,
560 tvb,offset,1,ENC_BIG_ENDIAN);
561 offset++;
562 client_size++;
563 ws_debug("identifier type = %d, client_size = %d", value, client_size);
564
565 /* identifier present in next field */
566 /* note: value 0x0 means no identifier */
567 switch(value) {
568 case IDENTIFIER_TEXT :
569 /* text identifier */
570 /* not tested */
571 size = add_text_identifier(
572 tvb, offset,
573 hf_wtls_hands_cli_hello_key_identifier_charset,
574 hf_wtls_hands_cli_hello_key_identifier_size,
575 hf_wtls_hands_cli_hello_key_identifier_str,
576 wtls_msg_type_item_sub_sub_tree);
577 offset += size;
578 client_size += size;
579 break;
580 case IDENTIFIER_BIN :
581 /* binary identifier */
582 size = tvb_get_uint8 (tvb, offset);
583 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
584 hf_wtls_hands_cli_hello_key_identifier_size,
585 tvb,offset,1,ENC_BIG_ENDIAN);
586 offset++;
587 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
588 hf_wtls_hands_cli_hello_key_identifier,
589 tvb,offset,size,ENC_NA);
590 offset+=size;
591 client_size+=size+1;
592 ws_debug("binary id size = %d, client_size = %d",
593 size, client_size);
594 break;
595 case IDENTIFIER_SHA_1 :
596 /* SHA-1 hash of the public key */
597 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
598 hf_wtls_hands_cli_hello_key_identifier,
599 tvb,offset,20,ENC_NA);
600 offset+=20;
601 client_size+=20;
602 ws_debug("SHA-1 hash size = 20, client_size = %d",
603 client_size);
604 break;
605 case IDENTIFIER_X509 :
606 /* X.509 distinguished name */
607 /* not tested */
608 size = tvb_get_uint8 (tvb, offset);
609 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
610 hf_wtls_hands_cli_hello_key_identifier_size,
611 tvb,offset,1,ENC_BIG_ENDIAN);
612 offset++;
613 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
614 hf_wtls_hands_cli_hello_key_identifier,
615 tvb,offset,size,ENC_NA);
616 offset+=size;
617 client_size+=size+1;
618 ws_debug("X.509 name size = %d, client_size = %d",
619 size, client_size);
620 break;
621 }
622
623 proto_item_set_len(cli_key_item, client_size);
624 }
625
626 /* process trusted_keys structure */
627 count = tvb_get_ntohs (tvb, offset);
628 ti = proto_tree_add_item(wtls_msg_type_item_tree,
629 hf_wtls_hands_cli_hello_trust_key_id, tvb, offset,
630 count+2, ENC_NA);
631 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
632
633 /* display length of trusted_keys structure */
634 proto_tree_add_item(wtls_msg_type_item_sub_tree,
635 hf_wtls_hands_cli_hello_cli_key_len,
636 tvb,offset,2,ENC_BIG_ENDIAN);
637
638 offset+=2;
639 for (;count > 0;count-=client_size) {
640 /* get encryption suite id (one byte) */
641 value = tvb_get_uint8 (tvb, offset);
642 cli_key_item = proto_tree_add_uint(wtls_msg_type_item_sub_tree,
643 hf_wtls_hands_cli_hello_key_exchange, tvb, offset,1,
644 value);
645 client_size=1;
646 wtls_msg_type_item_sub_sub_tree = proto_item_add_subtree(cli_key_item,
647 ett_wtls_msg_type_item_sub_sub);
648 proto_tree_add_uint(wtls_msg_type_item_sub_sub_tree,
649 hf_wtls_hands_cli_hello_key_exchange_suite,
650 tvb,offset,1,value);
651 offset++;
652 ws_debug("encryption suite = %d, client_size = %d", value, client_size);
653
654 /* get parameter index (one byte) */
655 value = tvb_get_uint8 (tvb, offset);
656 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
657 hf_wtls_hands_cli_hello_key_parameter_index,
658 tvb,offset,1,ENC_BIG_ENDIAN);
659 offset++;
660 client_size++;
661 ws_debug("parameter index = %d, client_size = %d", value, client_size);
662
663 /* explicit parameters present in next field */
664 if (value == 0xff) {
665 size = tvb_get_ntohs (tvb, offset);
666 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
667 hf_wtls_hands_cli_hello_key_parameter_set,
668 tvb,offset,size+2,ENC_ASCII);
669 offset+=size+2;
670 client_size+=size+2;
671 }
672
673 /* get identifier type */
674 value = tvb_get_uint8 (tvb, offset);
675 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
676 hf_wtls_hands_cli_hello_key_identifier_type,
677 tvb,offset,1,ENC_BIG_ENDIAN);
678 offset++;
679 client_size++;
680 ws_debug("identifier type = %d, client_size = %d", value, client_size);
681
682 /* identifier present in next field */
683 /* note: value 0x0 means no identifier */
684 switch (value) {
685 case IDENTIFIER_TEXT :
686 /* text identifier */
687 /* not tested */
688 size = add_text_identifier(
689 tvb, offset,
690 hf_wtls_hands_cli_hello_key_identifier_charset,
691 hf_wtls_hands_cli_hello_key_identifier_size,
692 hf_wtls_hands_cli_hello_key_identifier_str,
693 wtls_msg_type_item_sub_sub_tree);
694 offset += size;
695 client_size += size;
696 break;
697 case IDENTIFIER_BIN :
698 /* binary identifier */
699 size = tvb_get_uint8 (tvb, offset);
700 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
701 hf_wtls_hands_cli_hello_key_identifier_size,
702 tvb,offset,1,ENC_BIG_ENDIAN);
703 offset++;
704 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
705 hf_wtls_hands_cli_hello_key_identifier,
706 tvb,offset,size,ENC_NA);
707 offset+=size;
708 client_size+=size+1;
709 ws_debug("binary id size = %d, client_size = %d",
710 size, client_size);
711 break;
712 case IDENTIFIER_SHA_1 :
713 /* SHA-1 hash of the public key */
714 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
715 hf_wtls_hands_cli_hello_key_identifier,
716 tvb,offset,20,ENC_NA);
717 offset+=20;
718 client_size+=20;
719 ws_debug("SHA-1 hash size = 20, client_size = %d",
720 client_size);
721 break;
722 case IDENTIFIER_X509 :
723 /* X.509 distinguished name */
724 /* not tested */
725 size = tvb_get_uint8 (tvb, offset);
726 /* need to fetch identifier and display it */
727 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
728 hf_wtls_hands_cli_hello_key_identifier_size,
729 tvb,offset,1,ENC_BIG_ENDIAN);
730 offset++;
731 proto_tree_add_item(wtls_msg_type_item_sub_sub_tree,
732 hf_wtls_hands_cli_hello_key_identifier,
733 tvb,offset,size,ENC_NA);
734 offset+=size;
735 client_size+=size+1;
736 ws_debug("X.509 name size = %d, client_size = %d",
737 size, client_size);
738 break;
739 }
740 proto_item_set_len(cli_key_item, client_size);
741 }
742
743 /* process cipher_suites structure */
744 count = tvb_get_uint8 (tvb, offset);
745 ti = proto_tree_add_item(wtls_msg_type_item_tree,
746 hf_wtls_hands_cli_hello_cipher_suite, tvb, offset,
747 count+1, ENC_NA);
748 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
749 offset+=1;
750 for (;count > 0;count-=client_size) {
751 value = tvb_get_uint8 (tvb, offset);
752 valBulk = try_val_to_str_ext(value, &wtls_vals_cipher_bulk_ext);
753 offset++;
754 client_size=1;
755 valMac = try_val_to_str_ext(tvb_get_uint8 (tvb, offset), &wtls_vals_cipher_mac_ext);
756 if (valBulk != NULL)
757 {
758 if (valMac != NULL)
759 {
760 snprintf(valStr,1024,"%s, %s",valBulk,valMac);
761 }
762 else
763 {
764 snprintf(valStr,1024,"%s, Unknown MAC (0x%02x)",valBulk,tvb_get_uint8 (tvb, offset));
765 }
766 }
767 else
768 {
769 if (valMac != NULL)
770 {
771 snprintf(valStr,1024,"Unknown Bulk (0x%02x), %s",value,valMac);
772 }
773 else
774 {
775 snprintf(valStr,1024,"Unknown Bulk (0x%02x), Unknown MAC (0x%02x)",value,
776 tvb_get_uint8 (tvb, offset));
777 }
778 }
779 offset++;
780 client_size++;
781 proto_tree_add_string(wtls_msg_type_item_sub_tree,
782 hf_wtls_hands_cli_hello_cipher_suite_item, tvb, offset-2,2,
783 valStr);
784 }
785 count = tvb_get_uint8 (tvb, offset);
786 ti = proto_tree_add_item(wtls_msg_type_item_tree,
787 hf_wtls_hands_cli_hello_compression_methods, tvb, offset,
788 count+1, ENC_NA);
789 wtls_msg_type_item_sub_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item_sub);
790 offset+=1;
791 for (;count > 0;count-=client_size) {
792 client_size=0;
793 proto_tree_add_item(wtls_msg_type_item_sub_tree,
794 hf_wtls_hands_cli_hello_compression, tvb, offset,1,
795 ENC_LITTLE_ENDIAN);
796 offset++;
797 client_size++;
798 }
799 proto_tree_add_item(wtls_msg_type_item_tree,
800 hf_wtls_hands_cli_hello_sequence_mode, tvb, offset,
801 1, ENC_LITTLE_ENDIAN);
802 offset++;
803 proto_tree_add_item(wtls_msg_type_item_tree,
804 hf_wtls_hands_cli_hello_key_refresh, tvb, offset,
805 1, ENC_LITTLE_ENDIAN);
806 break;
807 case WTLS_HANDSHAKE_SERVER_HELLO :
808 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_serv_hello, tvb, offset,
809 count, ENC_NA);
810 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
811 proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_version,
812 tvb,offset,1,ENC_BIG_ENDIAN);
813 offset++;
814 proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_gmt, tvb,
815 offset, 4, ENC_TIME_SECS|ENC_BIG_ENDIAN);
816 offset+=4;
817 proto_tree_add_item (wtls_msg_type_item_tree, hf_wtls_hands_serv_hello_random,
818 tvb,offset,12,ENC_NA);
819 offset+=12;
820 offset = add_session_id (wtls_msg_type_item_tree,
821 hf_wtls_hands_serv_hello_session,
822 hf_wtls_hands_serv_hello_session_str,
823 tvb, offset);
824 proto_tree_add_item(wtls_msg_type_item_tree,
825 hf_wtls_hands_serv_hello_cli_key_id,
826 tvb,offset,1,ENC_BIG_ENDIAN);
827 offset++;
828 cli_key_item = proto_tree_add_item(wtls_msg_type_item_tree,
829 hf_wtls_hands_serv_hello_cipher_suite_item, tvb, offset,2,
830 ENC_NA);
831 wtls_msg_type_item_sub_tree = proto_item_add_subtree(cli_key_item,
832 ett_wtls_msg_type_item_sub);
833 proto_tree_add_item(wtls_msg_type_item_sub_tree,
834 hf_wtls_hands_serv_hello_cipher_bulk,
835 tvb,offset,1,ENC_BIG_ENDIAN);
836 offset++;
837 proto_tree_add_item(wtls_msg_type_item_sub_tree,
838 hf_wtls_hands_serv_hello_cipher_mac,
839 tvb,offset,1,ENC_BIG_ENDIAN);
840 offset++;
841 proto_tree_add_item(wtls_msg_type_item_tree,
842 hf_wtls_hands_serv_hello_compression, tvb, offset,1,
843 ENC_LITTLE_ENDIAN);
844 offset++;
845 proto_tree_add_item(wtls_msg_type_item_tree,
846 hf_wtls_hands_serv_hello_sequence_mode, tvb, offset,
847 1, ENC_LITTLE_ENDIAN);
848 offset++;
849 proto_tree_add_item(wtls_msg_type_item_tree,
850 hf_wtls_hands_serv_hello_key_refresh, tvb, offset,
851 1, ENC_LITTLE_ENDIAN);
852 offset++;
853 break;
854 case WTLS_HANDSHAKE_CERTIFICATE :
855 ti = proto_tree_add_item(wtls_msg_type_tree, hf_wtls_hands_certificates,
856 tvb, offset,count, ENC_NA);
857 wtls_msg_type_item_tree = proto_item_add_subtree(ti, ett_wtls_msg_type_item);
858 count = tvb_get_ntohs (tvb, offset);
859 offset+=2;
860 for (;count > 0;count-=client_size) {
861 cli_key_item = proto_tree_add_item(wtls_msg_type_item_tree,
862 hf_wtls_hands_certificate, tvb, offset,1,
863 ENC_NA);
864 client_size=0;
865 wtls_msg_type_item_sub_tree = proto_item_add_subtree(cli_key_item,
866 ett_wtls_msg_type_item_sub);
867 proto_item_set_len(cli_key_item, client_size);
868 value = tvb_get_uint8 (tvb, offset);
869 proto_tree_add_item(wtls_msg_type_item_sub_tree,
870 hf_wtls_hands_certificate_type, tvb, offset,1,
871 ENC_LITTLE_ENDIAN);
872 offset++;
873 client_size++;
874 switch(value) {
875 case CERTIFICATE_WTLS:
876 proto_tree_add_item(wtls_msg_type_item_sub_tree,
877 hf_wtls_hands_certificate_wtls_version,
878 tvb, offset,1,
879 ENC_LITTLE_ENDIAN);
880 offset++;
881 client_size++;
882 proto_tree_add_item(wtls_msg_type_item_sub_tree,
883 hf_wtls_hands_certificate_wtls_signature_type,
884 tvb, offset,1,
885 ENC_LITTLE_ENDIAN);
886 offset++;
887 client_size++;
888 value = tvb_get_uint8 (tvb, offset);
889 proto_tree_add_item(wtls_msg_type_item_sub_tree,
890 hf_wtls_hands_certificate_wtls_issuer_type,
891 tvb, offset,1,
892 ENC_LITTLE_ENDIAN);
893 offset++;
894 client_size++;
895 switch (value) {
896 case IDENTIFIER_NULL :
897 break;
898 case IDENTIFIER_TEXT :
899 value = add_text_identifier(tvb, offset,
900 hf_wtls_hands_certificate_wtls_issuer_charset,
901 hf_wtls_hands_certificate_wtls_issuer_size,
902 hf_wtls_hands_certificate_wtls_issuer_name,
903 wtls_msg_type_item_sub_tree);
904 offset += value;
905 client_size += value;
906 break;
907 case IDENTIFIER_BIN :
908 break;
909 case IDENTIFIER_SHA_1 :
910 break;
911 case IDENTIFIER_X509 :
912 break;
913 }
914 proto_tree_add_item (wtls_msg_type_item_sub_tree,
915 hf_wtls_hands_certificate_wtls_valid_not_before,
916 tvb, offset, 4, ENC_TIME_SECS|ENC_BIG_ENDIAN);
917 offset+=4;
918 client_size+=4;
919 proto_tree_add_item (wtls_msg_type_item_sub_tree,
920 hf_wtls_hands_certificate_wtls_valid_not_after,
921 tvb, offset, 4, ENC_TIME_SECS|ENC_BIG_ENDIAN);
922 offset+=4;
923 client_size+=4;
924 value = tvb_get_uint8 (tvb, offset);
925 proto_tree_add_item(wtls_msg_type_item_sub_tree,
926 hf_wtls_hands_certificate_wtls_subject_type,
927 tvb, offset,1,
928 ENC_LITTLE_ENDIAN);
929 offset++;
930 client_size++;
931 switch (value) {
932 case IDENTIFIER_NULL :
933 break;
934 case IDENTIFIER_TEXT :
935 value = add_text_identifier(tvb, offset,
936 hf_wtls_hands_certificate_wtls_subject_charset,
937 hf_wtls_hands_certificate_wtls_subject_size,
938 hf_wtls_hands_certificate_wtls_subject_name,
939 wtls_msg_type_item_sub_tree);
940 offset += value;
941 client_size += value;
942 break;
943 case IDENTIFIER_BIN :
944 break;
945 case IDENTIFIER_SHA_1 :
946 break;
947 case IDENTIFIER_X509 :
948 break;
949 }
950 public_key = tvb_get_uint8 (tvb, offset);
951 proto_tree_add_item(wtls_msg_type_item_sub_tree,
952 hf_wtls_hands_certificate_wtls_public_key_type,
953 tvb, offset,1,
954 ENC_LITTLE_ENDIAN);
955 offset++;
956 client_size++;
957 value = tvb_get_uint8 (tvb, offset);
958 proto_tree_add_item(wtls_msg_type_item_sub_tree,
959 hf_wtls_hands_certificate_wtls_key_parameter_index,
960 tvb,offset,1,ENC_BIG_ENDIAN);
961 offset++;
962 client_size++;
963 if (value == 0xff) {
964 size = tvb_get_ntohs (tvb, offset);
965 proto_tree_add_item(wtls_msg_type_item_sub_tree,
966 hf_wtls_hands_certificate_wtls_key_parameter_set,
967 tvb,offset,size+2,ENC_ASCII);
968 offset+=size+2;
969 client_size+=size+2;
970 }
971 switch (public_key) {
972 case PUBLIC_KEY_RSA :
973 value = tvb_get_ntohs (tvb, offset);
974 proto_tree_add_uint(wtls_msg_type_item_sub_tree,
975 hf_wtls_hands_certificate_wtls_rsa_exponent,
976 tvb,offset,value+2,value*8);
977 offset+=2+value;
978 client_size+=2+value;
979 value = tvb_get_ntohs (tvb, offset);
980 proto_tree_add_uint(wtls_msg_type_item_sub_tree,
981 hf_wtls_hands_certificate_wtls_rsa_modules,
982 tvb,offset,value+2,value*8);
983 offset+=2+value;
984 client_size+=2+value;
985 break;
986 case PUBLIC_KEY_ECDH :
987 break;
988 case PUBLIC_KEY_ECDSA :
989 break;
990 }
991 value = tvb_get_ntohs (tvb, offset);
992 proto_tree_add_uint(wtls_msg_type_item_sub_tree,
993 hf_wtls_hands_certificate_wtls_signature,
994 tvb,offset,2+value,value*8);
995 offset+=2+value;
996 client_size+=2+value;
997 break;
998 case CERTIFICATE_X509:
999 case CERTIFICATE_X968:
1000 value = tvb_get_ntohs (tvb, offset);
1001 offset+=2;
1002 client_size+=2;
1003 client_size += value;
1004 offset += value;
1005 break;
1006 case CERTIFICATE_URL:
1007 value = tvb_get_uint8 (tvb, offset);
1008 offset++;
1009 client_size++;
1010 client_size += value;
1011 offset += value;
1012 break;
1013 }
1014 proto_item_set_len(cli_key_item, client_size);
1015 }
1016 break;
1017 default:
1018 /*offset+=count;*/
1019 break;
1020 }
1021 }
1022
1023 /* Register the protocol with Wireshark */
1024 void
1025 proto_register_wtls(void)
1026 {
1027
1028 /* Setup list of header fields */
1029 static hf_register_info hf[] = {
1030 { &hf_wtls_record,
1031 { "Record",
1032 "wtls.record",
1033 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_record_type_ext, 0x0f,
1034 NULL, HFILL
1035 }
1036 },
1037 { &hf_wtls_record_type,
1038 { "Record Type",
1039 "wtls.rec_type",
1040 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_record_type_ext, 0x0f,
1041 NULL, HFILL
1042 }
1043 },
1044 { &hf_wtls_record_length,
1045 { "Record Length",
1046 "wtls.rec_length",
1047 FT_UINT16, BASE_DEC, NULL, 0x00,
1048 NULL, HFILL
1049 }
1050 },
1051 { &hf_wtls_record_sequence,
1052 { "Record Sequence",
1053 "wtls.rec_seq",
1054 FT_UINT16, BASE_DEC, NULL, 0x00,
1055 NULL, HFILL
1056 }
1057 },
1058 { &hf_wtls_record_ciphered,
1059 { "Record Ciphered",
1060 "wtls.rec_cipher",
1061 FT_NONE, BASE_NONE, NULL, 0x00,
1062 NULL, HFILL
1063 }
1064 },
1065 { &hf_wtls_hands,
1066 { "Handshake",
1067 "wtls.handshake",
1068 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_handshake_type_ext, 0x00,
1069 NULL, HFILL
1070 }
1071 },
1072 { &hf_wtls_hands_type,
1073 { "Type",
1074 "wtls.handshake.type",
1075 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_handshake_type_ext, 0x00,
1076 NULL, HFILL
1077 }
1078 },
1079 { &hf_wtls_hands_length,
1080 { "Length",
1081 "wtls.handshake.length",
1082 FT_UINT16, BASE_DEC, NULL, 0x00,
1083 NULL, HFILL
1084 }
1085 },
1086 { &hf_wtls_hands_cli_hello,
1087 { "Client Hello",
1088 "wtls.handshake.client_hello",
1089 FT_NONE, BASE_NONE, NULL, 0x00,
1090 NULL, HFILL
1091 }
1092 },
1093 { &hf_wtls_hands_cli_hello_version,
1094 { "Version",
1095 "wtls.handshake.client_hello.version",
1096 FT_UINT8, BASE_DEC, NULL, 0x00,
1097 NULL, HFILL
1098 }
1099 },
1100 { &hf_wtls_hands_cli_hello_gmt,
1101 { "Time GMT",
1102 "wtls.handshake.client_hello.gmt",
1103 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x00,
1104 NULL, HFILL
1105 }
1106 },
1107 { &hf_wtls_hands_cli_hello_random,
1108 { "Random",
1109 "wtls.handshake.client_hello.random",
1110 FT_NONE, BASE_NONE, NULL, 0x00,
1111 NULL, HFILL
1112 }
1113 },
1114 { &hf_wtls_hands_cli_hello_session,
1115 { "Session ID",
1116 "wtls.handshake.client_hello.sessionid",
1117 FT_UINT64, BASE_HEX_DEC, NULL, 0x00,
1118 NULL, HFILL
1119 }
1120 },
1121 { &hf_wtls_hands_cli_hello_session_str,
1122 { "Session ID",
1123 "wtls.handshake.client_hello.session.str",
1124 FT_STRING, BASE_NONE, NULL, 0x00,
1125 NULL, HFILL
1126 }
1127 },
1128 { &hf_wtls_hands_cli_hello_cli_key_id,
1129 { "Client Keys",
1130 "wtls.handshake.client_hello.client_keys_id",
1131 FT_NONE, BASE_NONE, NULL, 0x00,
1132 NULL , HFILL
1133 }
1134 },
1135 { &hf_wtls_hands_cli_hello_cli_key_len,
1136 { "Length",
1137 "wtls.handshake.client_hello.client_keys_len",
1138 FT_UINT16, BASE_DEC, NULL, 0x00,
1139 NULL , HFILL
1140 }
1141 },
1142 { &hf_wtls_hands_cli_hello_trust_key_id,
1143 { "Trusted Keys",
1144 "wtls.handshake.client_hello.trusted_keys_id",
1145 FT_NONE, BASE_NONE, NULL, 0x00,
1146 NULL , HFILL
1147 }
1148 },
1149 { &hf_wtls_hands_cli_hello_key_exchange,
1150 { "Key Exchange",
1151 "wtls.handshake.client_hello.key.key_exchange",
1152 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_key_exchange_suite_ext, 0x00,
1153 NULL, HFILL
1154 }
1155 },
1156 { &hf_wtls_hands_cli_hello_key_exchange_suite,
1157 { "Suite",
1158 "wtls.handshake.client_hello.key.key_exchange.suite",
1159 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_key_exchange_suite_ext, 0x00,
1160 NULL, HFILL
1161 }
1162 },
1163 { &hf_wtls_hands_cli_hello_key_parameter_index,
1164 { "Parameter Index",
1165 "wtls.handshake.client_hello.parameter_index",
1166 FT_UINT8, BASE_DEC, NULL, 0x00,
1167 NULL, HFILL
1168 }
1169 },
1170 { &hf_wtls_hands_cli_hello_key_parameter_set,
1171 { "Parameter Set",
1172 "wtls.handshake.client_hello.parameter",
1173 FT_STRING, BASE_NONE, NULL, 0x00,
1174 NULL, HFILL
1175 }
1176 },
1177 { &hf_wtls_hands_cli_hello_key_identifier_type,
1178 { "Identifier Type",
1179 "wtls.handshake.client_hello.ident_type",
1180 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_identifier_type_ext, 0x00,
1181 NULL, HFILL
1182 }
1183 },
1184 { &hf_wtls_hands_cli_hello_key_identifier_charset,
1185 { "Identifier CharSet",
1186 "wtls.handshake.client_hello.ident_charset",
1187 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &mibenum_vals_character_sets_ext, 0x00,
1188 NULL, HFILL
1189 }
1190 },
1191 { &hf_wtls_hands_cli_hello_key_identifier_size,
1192 { "Identifier Size",
1193 "wtls.handshake.client_hello.ident_size",
1194 FT_UINT8, BASE_DEC, NULL, 0x00,
1195 NULL, HFILL
1196 }
1197 },
1198 { &hf_wtls_hands_cli_hello_key_identifier,
1199 { "Identifier",
1200 "wtls.handshake.client_hello.identifier",
1201 FT_NONE, BASE_NONE, NULL, 0x00,
1202 NULL, HFILL
1203 }
1204 },
1205 { &hf_wtls_hands_cli_hello_key_identifier_str,
1206 { "Identifier Name",
1207 "wtls.handshake.client_hello.ident_name",
1208 FT_STRING, BASE_NONE, NULL, 0x00,
1209 NULL, HFILL
1210 }
1211 },
1212 { &hf_wtls_hands_cli_hello_cipher_suite,
1213 { "Cipher Suites",
1214 "wtls.handshake.client_hello.ciphers",
1215 FT_NONE, BASE_NONE, NULL, 0x00,
1216 "Cipher Suite", HFILL
1217 }
1218 },
1219 { &hf_wtls_hands_cli_hello_cipher_suite_item,
1220 { "Cipher",
1221 "wtls.handshake.client_hello.cipher",
1222 FT_STRING, BASE_NONE, NULL, 0x00,
1223 NULL, HFILL
1224 }
1225 },
1226 { &hf_wtls_hands_cli_hello_compression_methods,
1227 { "Compression Methods",
1228 "wtls.handshake.client_hello.comp_methods",
1229 FT_NONE, BASE_NONE, NULL, 0x00,
1230 NULL, HFILL
1231 }
1232 },
1233 { &hf_wtls_hands_cli_hello_compression,
1234 { "Compression",
1235 "wtls.handshake.client_hello.compression",
1236 FT_UINT8, BASE_HEX, VALS ( wtls_vals_compression ), 0x00,
1237 NULL, HFILL
1238 }
1239 },
1240 { &hf_wtls_hands_cli_hello_sequence_mode,
1241 { "Sequence Mode",
1242 "wtls.handshake.client_hello.sequence_mode",
1243 FT_UINT8, BASE_DEC, VALS ( wtls_vals_sequence_mode ), 0x00,
1244 NULL, HFILL
1245 }
1246 },
1247 { &hf_wtls_hands_cli_hello_key_refresh,
1248 { "Refresh",
1249 "wtls.handshake.client_hello.refresh",
1250 FT_UINT8, BASE_DEC, NULL, 0x00,
1251 NULL, HFILL
1252 }
1253 },
1254 { &hf_wtls_hands_serv_hello,
1255 { "Server Hello",
1256 "wtls.handshake.server_hello",
1257 FT_NONE, BASE_NONE, NULL, 0x00,
1258 NULL, HFILL
1259 }
1260 },
1261 { &hf_wtls_hands_serv_hello_version,
1262 { "Version",
1263 "wtls.handshake.server_hello.version",
1264 FT_UINT8, BASE_DEC, NULL, 0x00,
1265 NULL, HFILL
1266 }
1267 },
1268 { &hf_wtls_hands_serv_hello_gmt,
1269 { "Time GMT",
1270 "wtls.handshake.server_hello.gmt",
1271 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x00,
1272 NULL, HFILL
1273 }
1274 },
1275 { &hf_wtls_hands_serv_hello_random,
1276 { "Random",
1277 "wtls.handshake.server_hello.random",
1278 FT_NONE, BASE_NONE, NULL, 0x00,
1279 NULL, HFILL
1280 }
1281 },
1282 { &hf_wtls_hands_serv_hello_session,
1283 { "Session ID",
1284 "wtls.handshake.server_hello.sessionid",
1285 FT_UINT64, BASE_HEX_DEC, NULL, 0x00,
1286 NULL, HFILL
1287 }
1288 },
1289 { &hf_wtls_hands_serv_hello_session_str,
1290 { "Session ID",
1291 "wtls.handshake.server_hello.session.str",
1292 FT_STRING, BASE_NONE, NULL, 0x00,
1293 NULL, HFILL
1294 }
1295 },
1296 { &hf_wtls_hands_serv_hello_cli_key_id,
1297 { "Client Key ID",
1298 "wtls.handshake.server_hello.key",
1299 FT_UINT8, BASE_HEX, NULL, 0x00,
1300 NULL, HFILL
1301 }
1302 },
1303 { &hf_wtls_hands_serv_hello_cipher_suite_item,
1304 { "Cipher",
1305 "wtls.handshake.server_hello.cipher",
1306 FT_NONE, BASE_NONE, NULL, 0x00,
1307 NULL, HFILL
1308 }
1309 },
1310 { &hf_wtls_hands_serv_hello_cipher_bulk,
1311 { "Cipher Bulk",
1312 "wtls.handshake.server_hello.cipher.bulk",
1313 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_cipher_bulk_ext, 0x00,
1314 NULL, HFILL
1315 }
1316 },
1317 { &hf_wtls_hands_serv_hello_cipher_mac,
1318 { "Cipher MAC",
1319 "wtls.handshake.server_hello.cipher.mac",
1320 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_cipher_mac_ext, 0x00,
1321 NULL, HFILL
1322 }
1323 },
1324 { &hf_wtls_hands_serv_hello_compression,
1325 { "Compression",
1326 "wtls.handshake.server_hello.compression",
1327 FT_UINT8, BASE_HEX, VALS ( wtls_vals_compression ), 0x00,
1328 NULL, HFILL
1329 }
1330 },
1331 { &hf_wtls_hands_serv_hello_sequence_mode,
1332 { "Sequence Mode",
1333 "wtls.handshake.server_hello.sequence_mode",
1334 FT_UINT8, BASE_DEC, VALS ( wtls_vals_sequence_mode ), 0x00,
1335 NULL, HFILL
1336 }
1337 },
1338 { &hf_wtls_hands_serv_hello_key_refresh,
1339 { "Refresh",
1340 "wtls.handshake.server_hello.refresh",
1341 FT_UINT8, BASE_DEC, NULL, 0x00,
1342 NULL, HFILL
1343 }
1344 },
1345 { &hf_wtls_hands_certificates,
1346 { "Certificates",
1347 "wtls.handshake.certificates",
1348 FT_NONE, BASE_NONE, NULL, 0x00,
1349 NULL, HFILL
1350 }
1351 },
1352 { &hf_wtls_hands_certificate,
1353 { "Certificate",
1354 "wtls.handshake.certificate",
1355 FT_NONE, BASE_NONE, NULL, 0x00,
1356 NULL, HFILL
1357 }
1358 },
1359 { &hf_wtls_hands_certificate_type,
1360 { "Type",
1361 "wtls.handshake.certificate.type",
1362 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_certificate_type_ext, 0x00,
1363 NULL, HFILL
1364 }
1365 },
1366 { &hf_wtls_hands_certificate_wtls_version,
1367 { "Version",
1368 "wtls.handshake.certificate.version",
1369 FT_UINT8, BASE_HEX, NULL, 0x00,
1370 NULL, HFILL
1371 }
1372 },
1373 { &hf_wtls_hands_certificate_wtls_signature_type,
1374 { "Signature Type",
1375 "wtls.handshake.certificate.signature.type",
1376 FT_UINT8, BASE_DEC, VALS ( wtls_vals_certificate_signature ), 0x00,
1377 NULL, HFILL
1378 }
1379 },
1380 { &hf_wtls_hands_certificate_wtls_signature,
1381 { "Signature Size",
1382 "wtls.handshake.certificate.signature.signature",
1383 FT_UINT32, BASE_DEC, NULL, 0x00,
1384 NULL, HFILL
1385 }
1386 },
1387 { &hf_wtls_hands_certificate_wtls_issuer_type,
1388 { "Issuer",
1389 "wtls.handshake.certificate.issuer.type",
1390 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_identifier_type_ext, 0x00,
1391 NULL, HFILL
1392 }
1393 },
1394 { &hf_wtls_hands_certificate_wtls_issuer_charset,
1395 { "Charset",
1396 "wtls.handshake.certificate.issuer.charset",
1397 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &mibenum_vals_character_sets_ext, 0x00,
1398 NULL, HFILL
1399 }
1400 },
1401 { &hf_wtls_hands_certificate_wtls_issuer_size,
1402 { "Size",
1403 "wtls.handshake.certificate.issuer.size",
1404 FT_UINT8, BASE_DEC, NULL, 0x00,
1405 NULL, HFILL
1406 }
1407 },
1408 { &hf_wtls_hands_certificate_wtls_issuer_name,
1409 { "Name",
1410 "wtls.handshake.certificate.issuer.name",
1411 FT_STRING, BASE_NONE, NULL, 0x00,
1412 NULL, HFILL
1413 }
1414 },
1415 { &hf_wtls_hands_certificate_wtls_valid_not_before,
1416 { "Valid not before",
1417 "wtls.handshake.certificate.before",
1418 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x00,
1419 NULL, HFILL
1420 }
1421 },
1422 { &hf_wtls_hands_certificate_wtls_valid_not_after,
1423 { "Valid not after",
1424 "wtls.handshake.certificate.after",
1425 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x00,
1426 NULL, HFILL
1427 }
1428 },
1429 { &hf_wtls_hands_certificate_wtls_subject_type,
1430 { "Subject",
1431 "wtls.handshake.certificate.subject.type",
1432 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_identifier_type_ext, 0x00,
1433 NULL, HFILL
1434 }
1435 },
1436 { &hf_wtls_hands_certificate_wtls_subject_charset,
1437 { "Charset",
1438 "wtls.handshake.certificate.subject.charset",
1439 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &mibenum_vals_character_sets_ext, 0x00,
1440 NULL, HFILL
1441 }
1442 },
1443 { &hf_wtls_hands_certificate_wtls_subject_size,
1444 { "Size",
1445 "wtls.handshake.certificate.subject.size",
1446 FT_UINT8, BASE_DEC, NULL, 0x00,
1447 NULL, HFILL
1448 }
1449 },
1450 { &hf_wtls_hands_certificate_wtls_subject_name,
1451 { "Name",
1452 "wtls.handshake.certificate.subject.name",
1453 FT_STRING, BASE_NONE, NULL, 0x00,
1454 NULL, HFILL
1455 }
1456 },
1457 { &hf_wtls_hands_certificate_wtls_public_key_type,
1458 { "Public Key Type",
1459 "wtls.handshake.certificate.public.type",
1460 FT_UINT8, BASE_DEC, VALS ( wtls_vals_public_key_type ), 0x00,
1461 NULL, HFILL
1462 }
1463 },
1464 { &hf_wtls_hands_certificate_wtls_key_parameter_index,
1465 { "Parameter Index",
1466 "wtls.handshake.certificate.parameter_index",
1467 FT_UINT8, BASE_DEC, NULL, 0x00,
1468 NULL, HFILL
1469 }
1470 },
1471 { &hf_wtls_hands_certificate_wtls_key_parameter_set,
1472 { "Parameter Set",
1473 "wtls.handshake.certificate.parameter",
1474 FT_STRING, BASE_NONE, NULL, 0x00,
1475 NULL, HFILL
1476 }
1477 },
1478 { &hf_wtls_hands_certificate_wtls_rsa_exponent,
1479 { "RSA Exponent Size",
1480 "wtls.handshake.certificate.rsa.exponent",
1481 FT_UINT32, BASE_DEC, NULL, 0x00,
1482 NULL, HFILL
1483 }
1484 },
1485 { &hf_wtls_hands_certificate_wtls_rsa_modules,
1486 { "RSA Modulus Size",
1487 "wtls.handshake.certificate.rsa.modules",
1488 FT_UINT32, BASE_DEC, NULL, 0x00,
1489 NULL, HFILL
1490 }
1491 },
1492 { &hf_wtls_alert,
1493 { "Alert",
1494 "wtls.alert",
1495 FT_NONE, BASE_NONE, NULL, 0x00,
1496 NULL, HFILL
1497 }
1498 },
1499 { &hf_wtls_alert_level,
1500 { "Level",
1501 "wtls.alert.level",
1502 FT_UINT8, BASE_DEC, VALS ( wtls_vals_alert_level ), 0x00,
1503 NULL, HFILL
1504 }
1505 },
1506 { &hf_wtls_alert_description,
1507 { "Description",
1508 "wtls.alert.description",
1509 FT_UINT8, BASE_DEC|BASE_EXT_STRING, &wtls_vals_alert_description_ext, 0x00,
1510 NULL, HFILL
1511 }
1512 },
1513 };
1514
1515 /* Setup protocol subtree array */
1516 static int *ett[] = {
1517 &ett_wtls,
1518 &ett_wtls_rec,
1519 &ett_wtls_msg_type,
1520 &ett_wtls_msg_type_item,
1521 &ett_wtls_msg_type_item_sub,
1522 &ett_wtls_msg_type_item_sub_sub,
1523 };
1524
1525 /* Register the protocol name and description */
1526 proto_wtls = proto_register_protocol("Wireless Transport Layer Security", "WTLS", "wtls" );
1527
1528 /* Required function calls to register the header fields and subtrees used */
1529 proto_register_field_array(proto_wtls, hf, array_length(hf));
1530 proto_register_subtree_array(ett, array_length(ett));
1531
1532 /* Register our dissector handle */
1533 wtls_handle = register_dissector("wtls", dissect_wtls, proto_wtls);
1534 }
1535
1536 void
1537 proto_reg_handoff_wtls(void)
1538 {
1539 dissector_add_uint_range_with_preference("udp.port", UDP_PORT_WTLS_RANGE, wtls_handle);
1540 }
1541
1542 /*
1543 * Editor modelines - https://www.wireshark.org/tools/modelines.html
1544 *
1545 * Local variables:
1546 * c-basic-offset: 8
1547 * tab-width: 8
1548 * indent-tabs-mode: t
1549 * End:
1550 *
1551 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1552 * :indentSize=8:tabSize=8:noTabs=false:
1553 */
Metzes wireshark repo