Ethereal-dev: Re: [Ethereal-dev] Dissector SSL : patch + bugs
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "authesserre samuel" <sauthess@xxxxxxxxx>
Date: Fri, 19 May 2006 10:47:22 +0200
Sorry for spam I forgot to attach the file....
I correct my mistake...
sorry for this mistake
Samuel
--
++++++++++++++++++++++++++
+ Authesserre Samuel +
+ 12 rue de la défense passive+
+ 14000 CAEN +
+ FRANCE +
+ 06-27-28-13-32 +
+ sauthess@xxxxxxxxx +
++++++++++++++++++++++++++
I correct my mistake...
sorry for this mistake
Samuel
On 5/19/06, authesserre samuel <
sauthess@xxxxxxxxx> wrote:
hi,
You will find at the end of this mail the patch for 0.99.0 version of ethereal that integrate modifications for TLS 1.1 and renegotiation (made in colaboration with Paolo Abeni < paolo.abeni@xxxxxxxx>, the decryption modifications author)
I have, I think follow your advices...
put the patch in ethereal 0.99.0 directory and run "patch -p1 < ethereal-0.99.0-TLS1.1.patch" command.
To not have problem with TCP checksums disable it in options. (I haven't time to find problem now but I will search later)
I have one question : how the ethereal file versionning work ? (for example $Id: packet-tcp.c 17681 2006-03-20 10:52:53Z sahlberg $)
If someone can explain me how thats work or where I can find solution I will thank him ;)
I wish that's will be useful
regards,
Samuel
On 5/18/06, authesserre samuel <sauthess@xxxxxxxxx> wrote:hi,
Thanks for your answer ;)
I will follow your advices...
I precise that for comparisons I have followed the scheme in the file that I modify (== 0x300 isnt mine ;) )
It's my first work on ethereal's dissector and I have some difficulties ;)
I have made another adaptation of ssl dissector to decrypt DTLS, dissection is ok and decryption too but HMAC calculation isn't good that's why I work on TLS 1.1 before finish my dissector and give you the result ;)
I have found the problem : TCP checksum calculation aren't good so desegmentation is impossible..... (I have tested in tcp dissector to not test checksum and in ssl debug I can see decrypted data (with good HMAC calculation ;) ) )
I will search to correct the problem
thanks
Samuel
---------- Forwarded message ----------
From: Jaap Keuter < jaap.keuter@xxxxxxxxx>
Date: May 18, 2006 3:13 PM
Subject: Re: [Ethereal-dev] Dissector SSL : patch + bugs
To: Ethereal development < ethereal-dev@xxxxxxxxxxxx >
Hi Samuel,
Thank you for looking into this. I've glanced through your code (I'm no
expert on this stuff) and can only make the following suggestions:
1. Please supply patches against the development tree. 'svn diff' or
'diff -ur' provide the most usable patch files. This way you can leave out
the SAMUEL marks and can we look at just the changes.
2. Please don't leave out the dot in the version, use TLSV1DOT1_... as
symbol
3. Please use the defines. You define TLSV1DOT1_VERSION, so please use
that in the code, in comparisons like ->version == TLSV1DOT1_VERSION).
Thanx,
Jaap
On Thu, 18 May 2006, authesserre samuel wrote:
> Hi,
>
> This little mail to give you a little adaptation of SSL/TLS dissector who
> allow TLS 1.1 dissection. (all differences are marked by /* SAMUEL */ that
> allow you to compare easily the 2 versions)
> I have realized this with mod_gnutls for apache (the only free
> implementation I've found of TLS 1.1) and opera (who is the only web
> navigator that use TLS 1.1).
>
> I have founded an error in the original plugin that I don't success to
> correct :
> the TCP desegmentation doesn't work correctly, I give you capture of TLS 1.0and
> 1.1 but the result is the same. I have compared http dissector with ssl
> dissector and the source are similar (the desegmentation part... ;) ) so I
> don't understand where the problem come from (the pinfo->can_desegment = 0
> in all time so this can't work correctly, but normally it should be equal to
> 1 ??).
>
> Use of mod_gnutls allow me to see an other bug : it's due to segmentation of
> application data in SSL/TLS : the gnutls module put header and data of HTTP
> traffic in differents TCP packets so the data is bad analysed and the plugin
> show "data (n bytes)" (in the log the capture and decryption is good) (see
> packet 24 and 25 of the TLS 1.1 capture for exemple)
> The problem is that we can't see the data of the packet whereas the data are
> correctly decrypted....
>
> I have already send a mail to the creator of the decryption part of the
> plugin but I think that the error came with the first version of the plugin
> so I ask you help...
>
> best regards
>
> --
> ++++++++++++++++++++++++++
> + Authesserre Samuel +
> + 12 rue de la défense passive+
> + 14000 CAEN +
> + FRANCE +
> + 06-27-28-13-32 +
> + sauthess@xxxxxxxxx +
> ++++++++++++++++++++++++++
>
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
--
++++++++++++++++++++++++++
+ Authesserre Samuel +
+ 12 rue de la défense passive+
+ 14000 CAEN +
+ FRANCE +
+ 06-27-28-13-32 +
+ sauthess@xxxxxxxxx +
++++++++++++++++++++++++++--
++++++++++++++++++++++++++
+ Authesserre Samuel +
+ 12 rue de la défense passive+
+ 14000 CAEN +
+ FRANCE +
+ 06-27-28-13-32 +
+ sauthess@xxxxxxxxx +
++++++++++++++++++++++++++
--
++++++++++++++++++++++++++
+ Authesserre Samuel +
+ 12 rue de la défense passive+
+ 14000 CAEN +
+ FRANCE +
+ 06-27-28-13-32 +
+ sauthess@xxxxxxxxx +
++++++++++++++++++++++++++
Seulement dans ethereal-0.99.0-TLS1.1/: AUTHORS-SHORT
Seulement dans ethereal-0.99.0-TLS1.1/: AUTHORS-SHORT-FORMAT
Seulement dans ethereal-0.99.0-TLS1.1/: config.h
Seulement dans ethereal-0.99.0-TLS1.1/: config.log
Seulement dans ethereal-0.99.0-TLS1.1/: config.status
Seulement dans ethereal-0.99.0-TLS1.1/: .deps
Seulement dans ethereal-0.99.0-TLS1.1/doc: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/doc: pod2htmd.tmp
Seulement dans ethereal-0.99.0-TLS1.1/doc: pod2htmi.tmp
Seulement dans ethereal-0.99.0-TLS1.1/: doxygen.cfg
Seulement dans ethereal-0.99.0-TLS1.1/epan: .deps
Seulement dans ethereal-0.99.0-TLS1.1/epan/dfilter: .deps
Seulement dans ethereal-0.99.0-TLS1.1/epan/dfilter: grammar.out
Seulement dans ethereal-0.99.0-TLS1.1/epan/dfilter: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/epan/dissectors: .deps
Seulement dans ethereal-0.99.0-TLS1.1/epan/dissectors: Makefile
diff -ur ethereal-0.99.0/epan/dissectors/packet-ssl.c ethereal-0.99.0-TLS1.1/epan/dissectors/packet-ssl.c
--- ethereal-0.99.0/epan/dissectors/packet-ssl.c 2006-04-17 16:46:50.000000000 +0200
+++ ethereal-0.99.0-TLS1.1/epan/dissectors/packet-ssl.c 2006-05-19 09:51:39.410893216 +0200
@@ -231,6 +231,7 @@
static GTree* ssl_associations = NULL;
static dissector_handle_t ssl_handle = NULL;
static StringInfo ssl_decrypted_data = {NULL, 0};
+static int ssl_decrypted_data_avail = 0;
/* Hash Functions for ssl sessions table and private keys table*/
static gint
@@ -349,6 +350,44 @@
return ret;
}
+/* add to packet data a newly allocated tvb with the specified real data*/
+static void
+ssl_add_record_info(packet_info *pinfo, unsigned char* data, int data_len, int record_id)
+{
+ unsigned char* real_data = se_alloc(data_len);
+ SslRecordInfo* rec = se_alloc(sizeof(SslRecordInfo));
+ SslPacketInfo* pi = p_get_proto_data(pinfo->fd, proto_ssl);
+ if (!pi)
+ {
+ pi = se_alloc0(sizeof(SslPacketInfo));
+ p_add_proto_data(pinfo->fd, proto_ssl,pi);
+ }
+
+ rec->id = record_id;
+ rec->tvb = tvb_new_real_data(real_data, data_len, data_len);
+ memcpy(real_data, data, data_len);
+
+ /* head insertion */
+ rec->next= pi->handshake_data;
+ pi->handshake_data = rec;
+}
+
+/* search in packet data the tvbuff associated to the specified id */
+static tvbuff_t*
+ssl_get_record_info(packet_info *pinfo, int record_id)
+{
+ SslRecordInfo* rec;
+ SslPacketInfo* pi = p_get_proto_data(pinfo->fd, proto_ssl);
+ if (!pi)
+ return NULL;
+
+ for (rec = pi->handshake_data; rec; rec = rec->next)
+ if (rec->id == record_id)
+ return rec->tvb;
+
+ return NULL;
+}
+
/* initialize/reset per capture state data (ssl sessions cache) */
static void
ssl_init(void)
@@ -553,14 +592,17 @@
#define SSL_VER_SSLv2 1
#define SSL_VER_SSLv3 2
#define SSL_VER_TLS 3
-#define SSL_VER_PCT 4
+#define SSL_VER_TLSv1DOT1 4
+#define SSL_VER_PCT 5
/* corresponds to the #defines above */
+
static const gchar* ssl_version_short_names[] = {
"SSL",
"SSLv2",
"SSLv3",
- "TLS",
+ "TLSv1",
+ "TLSv1.1",
"PCT"
};
@@ -773,6 +815,7 @@
};
static const value_string ssl_versions[] = {
+ { 0x0302, "TLS 1.1" },
{ 0x0301, "TLS 1.0" },
{ 0x0300, "SSL 3.0" },
{ 0x0002, "SSL 2.0" },
@@ -1373,18 +1416,21 @@
/* Desegmentation return check */
if (need_desegmentation)
return;
+
/* set up for next record in frame, if any */
first_record_in_frame = FALSE;
}
tap_queue_packet(ssl_tap, pinfo, (gpointer)proto_ssl);
+
}
-static void
+static int
decrypt_ssl3_record(tvbuff_t *tvb, packet_info *pinfo, guint32 offset,
guint32 record_length, guint8 content_type, SslDecryptSession* ssl,
gboolean save_plaintext)
{
- int len, direction;
+ int ret = 0;
+ int direction;
SslDecoder* decoder;
/* if we can decrypt and decryption have success
@@ -1393,7 +1439,7 @@
record_length, ssl->state);
if (!(ssl->state & SSL_HAVE_SESSION_KEY)) {
ssl_debug_printf("decrypt_ssl3_record: no session key\n");
- return ;
+ return ret;
}
/* retrive decoder for this packet direction*/
@@ -1419,46 +1465,48 @@
/* run decryption and add decrypted payload to protocol data, if decryption
* is successful*/
- len = ssl_decrypted_data.data_len;
- if ((ssl_decrypt_record(ssl, decoder,
- content_type, tvb_get_ptr(tvb, offset, record_length),
- record_length, ssl_decrypted_data.data, &len) == 0) &&
- save_plaintext)
+ ssl_decrypted_data_avail = ssl_decrypted_data.data_len;
+ if (ssl_decrypt_record(ssl, decoder,
+ content_type, tvb_get_ptr(tvb, offset, record_length),
+ record_length, ssl_decrypted_data.data, &ssl_decrypted_data_avail) == 0)
+ ret = 1;
+ if (ret && save_plaintext)
{
- StringInfo* data = p_get_proto_data(pinfo->fd, proto_ssl);
- if (!data)
+ SslPacketInfo* pi = p_get_proto_data(pinfo->fd, proto_ssl);
+ if (!pi)
{
ssl_debug_printf("decrypt_ssl3_record: allocating app_data %d "
- "bytes for app data\n", len);
+ "bytes for app data\n", ssl_decrypted_data_avail);
/* first app data record: allocate and put packet data*/
- data = se_alloc(sizeof(StringInfo));
- data->data = se_alloc(len);
- data->data_len = len;
- memcpy(data->data, ssl_decrypted_data.data, len);
+ pi = se_alloc0(sizeof(SslPacketInfo));
+ pi->app_data.data = se_alloc(ssl_decrypted_data_avail);
+ pi->app_data.data_len = ssl_decrypted_data_avail;
+ memcpy(pi->app_data.data, ssl_decrypted_data.data, ssl_decrypted_data_avail);
}
else {
unsigned char* store;
/* update previus record*/
ssl_debug_printf("decrypt_ssl3_record: reallocating app_data "
"%d bytes for app data (total %d appdata bytes)\n",
- len, data->data_len + len);
- store = se_alloc(data->data_len + len);
- memcpy(store, data->data, data->data_len);
- memcpy(&store[data->data_len], ssl_decrypted_data.data, len);
- data->data_len += len;
+ ssl_decrypted_data_avail, pi->app_data.data_len + ssl_decrypted_data_avail);
+ store = se_alloc(pi->app_data.data_len + ssl_decrypted_data_avail);
+ memcpy(store, pi->app_data.data, pi->app_data.data_len);
+ memcpy(&store[pi->app_data.data_len], ssl_decrypted_data.data, ssl_decrypted_data_avail);
+ pi->app_data.data_len += ssl_decrypted_data_avail;
/* old decrypted data ptr here appare to be leaked, but it's
* collected by emem allocator */
- data->data = store;
+ pi->app_data.data = store;
/* data ptr is changed, so remove old one and re-add the new one*/
ssl_debug_printf("decrypt_ssl3_record: removing old app_data ptr\n");
p_remove_proto_data(pinfo->fd, proto_ssl);
}
- ssl_debug_printf("decrypt_ssl3_record: setting decrypted app_data ptr %p\n",data);
- p_add_proto_data(pinfo->fd, proto_ssl, data);
+ ssl_debug_printf("decrypt_ssl3_record: setting decrypted app_data ptr %p\n",pi);
+ p_add_proto_data(pinfo->fd, proto_ssl, pi);
}
+ return ret;
}
@@ -1500,12 +1548,12 @@
proto_tree *ti = NULL;
proto_tree *ssl_record_tree = NULL;
guint32 available_bytes = 0;
- StringInfo* decrypted;
+ SslPacketInfo* pi;
SslAssociation* association;
available_bytes = tvb_length_remaining(tvb, offset);
- /*
+ /*
* Can we do reassembly?
*/
if (ssl_desegment && pinfo->can_desegment) {
@@ -1618,7 +1666,7 @@
if (*conv_version == SSL_VER_UNKNOWN
&& ssl_is_authoritative_version_message(content_type, next_byte))
{
- if (version == 0x0300)
+ if (version == SSLV3_VERSION)
{
*conv_version = SSL_VER_SSLv3;
if (ssl) {
@@ -1627,7 +1675,7 @@
}
/*ssl_set_conv_version(pinfo, ssl->version);*/
}
- else if (version == 0x0301)
+ else if (version == TLSV1_VERSION)
{
*conv_version = SSL_VER_TLS;
@@ -1637,19 +1685,34 @@
}
/*ssl_set_conv_version(pinfo, ssl->version);*/
}
+ else if (version == TLSV1DOT1_VERSION)
+ {
+
+ *conv_version = SSL_VER_TLSv1DOT1;
+ if (ssl) {
+ ssl->version_netorder = version;
+ ssl->state |= SSL_VERSION;
+ }
+ /*ssl_set_conv_version(pinfo, ssl->version);*/
+ }
}
if (check_col(pinfo->cinfo, COL_PROTOCOL))
{
- if (version == 0x0300)
+ if (version == SSLV3_VERSION)
{
col_set_str(pinfo->cinfo, COL_PROTOCOL,
ssl_version_short_names[SSL_VER_SSLv3]);
}
- else if (version == 0x0301)
+ else if (version == TLSV1_VERSION)
{
col_set_str(pinfo->cinfo, COL_PROTOCOL,
ssl_version_short_names[SSL_VER_TLS]);
}
+ else if (version == TLSV1DOT1_VERSION)
+ {
+ col_set_str(pinfo->cinfo, COL_PROTOCOL,
+ ssl_version_short_names[SSL_VER_TLSv1DOT1]);
+ }
else
{
col_set_str(pinfo->cinfo, COL_PROTOCOL,
@@ -1671,6 +1734,7 @@
col_append_str(pinfo->cinfo, COL_INFO, "Change Cipher Spec");
dissect_ssl3_change_cipher_spec(tvb, ssl_record_tree,
offset, conv_version, content_type);
+ ssl_debug_printf("dissect_ssl3_change_cipher_spec\n");
break;
case SSL_ID_ALERT:
if (ssl)
@@ -1680,12 +1744,27 @@
conv_version);
break;
case SSL_ID_HANDSHAKE:
- if (ssl)
- decrypt_ssl3_record(tvb, pinfo, offset,
- record_length, content_type, ssl, FALSE);
- dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
+ {
+ tvbuff_t* decrypted=0;
+ /* try to decrypt handshake record, if possible. Store decrypted
+ * record for later usage. The offset is used as 'key' to itentify
+ * this record into the packet (we can have multiple handshake records
+ * in the same frame) */
+ if (ssl && decrypt_ssl3_record(tvb, pinfo, offset,
+ record_length, content_type, ssl, FALSE))
+ ssl_add_record_info(pinfo, ssl_decrypted_data.data,
+ ssl_decrypted_data_avail, offset);
+
+ /* try to retrive and use decrypted handshake record, if any. */
+ decrypted = ssl_get_record_info(pinfo, offset);
+ if (decrypted)
+ dissect_ssl3_handshake(decrypted, pinfo, ssl_record_tree, 0,
+ decrypted->length, conv_version, ssl, content_type);
+ else
+ dissect_ssl3_handshake(tvb, pinfo, ssl_record_tree, offset,
record_length, conv_version, ssl, content_type);
break;
+ }
case SSL_ID_APP_DATA:
if (ssl)
decrypt_ssl3_record(tvb, pinfo, offset,
@@ -1709,34 +1788,35 @@
ssl_version_short_names[*conv_version],
val_to_str(content_type, ssl_31_content_type, "unknown"),
association?association->info:"Application Data");
-
+
/* show decrypted data info, if available */
- decrypted = p_get_proto_data(pinfo->fd, proto_ssl);
- if (decrypted)
+ pi = p_get_proto_data(pinfo->fd, proto_ssl);
+ if (pi && pi->app_data.data)
{
tvbuff_t* new_tvb;
/* try to dissect decrypted data*/
- ssl_debug_printf("dissect_ssl3_record decrypted len %d\n", decrypted->data_len);
+ ssl_debug_printf("dissect_ssl3_record decrypted len %d\n",
+ pi->app_data.data_len);
/* create new tvbuff for the decrypted data */
- new_tvb = tvb_new_real_data(decrypted->data,
- decrypted->data_len, decrypted->data_len);
+ new_tvb = tvb_new_real_data(pi->app_data.data,
+ pi->app_data.data_len, pi->app_data.data_len);
tvb_set_free_cb(new_tvb, g_free);
/* tvb_set_child_real_data_tvbuff(tvb, new_tvb); */
/* find out a dissector using server port*/
if (association && association->handle) {
ssl_debug_printf("dissect_ssl3_record found association %p\n", association);
- ssl_print_text_data("decrypted app data",decrypted->data,
- decrypted->data_len);
+ ssl_print_text_data("decrypted app data",pi->app_data.data,
+ pi->app_data.data_len);
call_dissector(association->handle, new_tvb, pinfo, ssl_record_tree);
}
/* add raw decrypted data only if a decoder is not found*/
else
proto_tree_add_string(ssl_record_tree, hf_ssl_record_appdata_decrypted, tvb,
- offset, decrypted->data_len, (char*) decrypted->data);
+ offset, pi->app_data.data_len, (char*) pi->app_data.data);
}
else {
tvb_ensure_bytes_exist(tvb, offset, record_length);
@@ -2030,10 +2110,10 @@
break;
}
- /* get encrypted data, on tls1 we have to byte to skip
+ /* get encrypted data, on tls1 we have to skip two bytes
* (it's the encrypted len and should be equal to record len - 2)
*/
- if (ssl->version == SSL_VER_TLS)
+ if (ssl->version == SSL_VER_TLS||ssl->version == SSL_VER_TLSv1DOT1)
{
encrlen = tvb_get_ntohs(tvb, offset);
skip = 2;
@@ -2121,11 +2201,6 @@
ssl_restore_session(ssl);
}
else {
- /* reset state on renegotiation*/
- if (!from_server)
- ssl->state &= ~(SSL_HAVE_SESSION_KEY|SSL_MASTER_SECRET|
- SSL_CIPHER|SSL_SERVER_RANDOM);
-
tvb_memcpy(tvb,ssl->session_id.data, offset+33, session_id_length);
ssl->session_id.data_len = session_id_length;
}
@@ -3745,7 +3820,7 @@
/* now check to see if the version byte appears valid */
version = tvb_get_ntohs(tvb, offset + 1);
- if (version != 0x0300 && version != 0x0301)
+ if (version != SSLV3_VERSION && version != TLSV1_VERSION && version != TLSV1DOT1_VERSION)
{
return 0;
}
@@ -4342,3 +4417,4 @@
/* add now dissector to default ports.*/
ssl_parse();
}
+
diff -ur ethereal-0.99.0/epan/dissectors/packet-ssl-utils.c ethereal-0.99.0-TLS1.1/epan/dissectors/packet-ssl-utils.c
--- ethereal-0.99.0/epan/dissectors/packet-ssl-utils.c 2006-04-17 16:46:39.000000000 +0200
+++ ethereal-0.99.0-TLS1.1/epan/dissectors/packet-ssl-utils.c 2006-05-19 09:56:11.780486744 +0200
@@ -179,6 +179,13 @@
return gcry_cipher_map_name(name);
}
+static inline void
+ssl_cipher_cleanup(gcry_cipher_hd_t *cipher)
+{
+ gcry_cipher_close(*cipher);
+ *cipher = NULL;
+}
+
/* private key abstraction layer */
static inline int
ssl_get_key_len(SSL_PRIVATE_KEY* pk) {return gcry_pk_get_nbits (pk); }
@@ -337,7 +344,7 @@
static const char *ciphers[]={
"DES",
- "DES3",
+ "3DES",
"ARCFOUR", /* gnutls does not support rc4, but this should be 100% compatible*/
"RC2",
"IDEA",
@@ -355,9 +362,9 @@
{5,KEX_RSA,SIG_RSA,ENC_RC4,1,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
{6,KEX_RSA,SIG_RSA,ENC_RC2,8,128,40,DIG_SHA,20,1, SSL_CIPHER_MODE_STREAM},
{7,KEX_RSA,SIG_RSA,ENC_IDEA,8,128,128,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
- {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA,20,1, SSL_CIPHER_MODE_STREAM},
- {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
- {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
+ {8,KEX_RSA,SIG_RSA,ENC_DES,8,64,40,DIG_SHA,20,1, SSL_CIPHER_MODE_CBC},
+ {9,KEX_RSA,SIG_RSA,ENC_DES,8,64,64,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},
+ {10,KEX_RSA,SIG_RSA,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_CBC},
{11,KEX_DH,SIG_DSS,ENC_DES,8,64,40,DIG_SHA,20,1, SSL_CIPHER_MODE_STREAM},
{12,KEX_DH,SIG_DSS,ENC_DES,8,64,64,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
{13,KEX_DH,SIG_DSS,ENC_3DES,8,192,192,DIG_SHA,20,0, SSL_CIPHER_MODE_STREAM},
@@ -591,7 +598,7 @@
}
if (ciph == 0) {
ssl_debug_printf("ssl_create_decoder can't find cipher %s\n",
- ciphers[(cipher_suite->enc-0x30) > 7 ? 7 : (cipher_suite->enc-0x30)]);
+ ciphers[(cipher_suite->enc-0x30) > 7 ? 7 : (cipher_suite->enc-0x30)]);
return -1;
}
@@ -600,6 +607,10 @@
dec->cipher_suite=cipher_suite;
dec->mac_key.data = dec->_mac_key;
ssl_data_set(&dec->mac_key, mk, cipher_suite->dig_len);
+ dec->seq = 0;
+
+ if (dec->evp)
+ ssl_cipher_cleanup(&dec->evp);
if (ssl_cipher_init(&dec->evp,ciph,sk,iv,cipher_suite->mode) < 0) {
ssl_debug_printf("ssl_create_decoder: can't create cipher id:%d mode:%d\n",
@@ -812,7 +823,9 @@
ssl_debug_printf("ssl_generate_keyring_material can't init client decoder\n");
goto fail;
}
-
+
+ ssl_debug_printf("ssl_generate_keyring_material client seq %d server seq %d\n",
+ ssl_session->client.seq, ssl_session->server.seq);
g_free(key_block.data);
return 0;
@@ -853,7 +866,7 @@
/* Remove the master secret if it was there.
This force keying material regeneration in
case we're renegotiating */
- ssl_session->state &= ~SSL_MASTER_SECRET;
+ ssl_session->state &= ~(SSL_MASTER_SECRET|SSL_HAVE_SESSION_KEY);
return 0;
}
@@ -926,10 +939,7 @@
/* get cipher used for digest comptuation */
md=ssl_get_digest_by_name(digests[decoder->cipher_suite->dig-0x40]);
- ssl_debug_printf("ssl3_check_mac digest%s md %d\n",
- digests[decoder->cipher_suite->dig-0x40], md);
ssl_md_init(&mc,md);
- ssl_debug_printf("ssl3_check_mac memory digest %p\n",mc);
/* do hash computation on data && padding */
ssl_md_update(&mc,decoder->mac_key.data,decoder->mac_key.data_len);
@@ -981,7 +991,8 @@
{
int pad, worklen;
guint8 *mac;
-
+
+
ssl_debug_printf("ssl_decrypt_record ciphertext len %d\n", inl);
ssl_print_data("Ciphertext",in, inl);
@@ -1009,19 +1020,26 @@
return -1;
}
mac=out+worklen;
- /*ssl_print_data("Record data",out,*outl);*/
+
+ /* if TLS 1.1 we use the transmitted IV and remove it after (to not modify dissector in others parts)*/
+ if(ssl->version_netorder==TLSV1DOT1_VERSION){
+ gcry_cipher_setiv(decoder->evp, out,decoder->cipher_suite->block);
+ worklen=worklen-decoder->cipher_suite->block;
+ memcpy(out,out+decoder->cipher_suite->block,worklen);
+ }
/* Now check the MAC */
- ssl_debug_printf("checking mac (len %d, version %X, ct %d)\n", worklen,ssl->version_netorder, ct);
- if(ssl->version_netorder==0x300){
+ ssl_debug_printf("checking mac (len %d, version %X, ct %d seq %d)\n",
+ worklen, ssl->version_netorder, ct, decoder->seq);
+ if(ssl->version_netorder==SSLV3_VERSION){
if(ssl3_check_mac(decoder,ct,out,worklen,mac) < 0) {
- ssl_debug_printf("ssl_decrypt_record: mac falied\n");
+ ssl_debug_printf("ssl_decrypt_record: mac failed\n");
return -1;
}
}
else{
if(tls_check_mac(decoder,ct,ssl->version_netorder,out,worklen,mac)< 0) {
- ssl_debug_printf("ssl_decrypt_record: mac falied\n");
+ ssl_debug_printf("ssl_decrypt_record: mac failed\n");
return -1;
}
}
@@ -1326,3 +1344,4 @@
ssl_print_data(name, data->data, data->data_len);
}
#endif /* SSL_DECRYPT_DEBUG */
+
Seulement dans ethereal-0.99.0-TLS1.1/epan/dissectors: packet-ssl-utils.c~
diff -ur ethereal-0.99.0/epan/dissectors/packet-ssl-utils.h ethereal-0.99.0-TLS1.1/epan/dissectors/packet-ssl-utils.h
--- ethereal-0.99.0/epan/dissectors/packet-ssl-utils.h 2006-04-17 16:46:39.000000000 +0200
+++ ethereal-0.99.0-TLS1.1/epan/dissectors/packet-ssl-utils.h 2006-05-19 09:51:58.325017832 +0200
@@ -59,6 +59,7 @@
#define SSLV3_VERSION 0x300
#define TLSV1_VERSION 0x301
+#define TLSV1DOT1_VERSION 0x302
#define SSL_CLIENT_RANDOM 1
#define SSL_SERVER_RANDOM 2
@@ -113,10 +114,18 @@
#define DIG_MD5 0x40
#define DIG_SHA 0x41
-/*typedef struct _SslService {
- address addr;
- guint port;
-} SslService;*/
+struct tvbuff;
+
+typedef struct _SslRecordInfo {
+ struct tvbuff* tvb;
+ int id;
+ struct _SslRecordInfo* next;
+} SslRecordInfo;
+
+typedef struct {
+ StringInfo app_data;
+ SslRecordInfo* handshake_data;
+} SslPacketInfo;
typedef struct _SslDecryptSession {
unsigned char _master_secret[48];
@@ -230,3 +239,4 @@
#endif
#endif
+
Seulement dans ethereal-0.99.0/epan/dissectors: x11-declarations.h
Seulement dans ethereal-0.99.0/epan/dissectors: x11-register-info.h
Seulement dans ethereal-0.99.0-TLS1.1/epan: doxygen.cfg
Seulement dans ethereal-0.99.0-TLS1.1/epan: dtd_grammar.out
Seulement dans ethereal-0.99.0-TLS1.1/epan/ftypes: .deps
Seulement dans ethereal-0.99.0-TLS1.1/epan/ftypes: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/epan: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/gtk: .deps
Seulement dans ethereal-0.99.0-TLS1.1/gtk: doxygen.cfg
Seulement dans ethereal-0.99.0-TLS1.1/gtk: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/help: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/: libtool
Seulement dans ethereal-0.99.0-TLS1.1/: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/packaging: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/packaging/nsis: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/packaging/rpm: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/packaging/rpm/SPECS: ethereal.spec
Seulement dans ethereal-0.99.0-TLS1.1/packaging/rpm/SPECS: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/packaging/svr4: checkinstall
Seulement dans ethereal-0.99.0-TLS1.1/packaging/svr4: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/packaging/svr4: pkginfo
Seulement dans ethereal-0.99.0-TLS1.1/plugins/acn: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/acn: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/agentx: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/agentx: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/artnet: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/artnet: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/asn1: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/asn1: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/ciscosm: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/ciscosm: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/docsis: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/docsis: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/enttec: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/enttec: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/giop: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/giop: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/gryphon: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/gryphon: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/h223: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/h223: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/irda: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/irda: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/lua: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/lua: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/lwres: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/lwres: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/mate: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/mate: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/mate: mate_grammar.out
Seulement dans ethereal-0.99.0-TLS1.1/plugins/megaco: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/megaco: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/mgcp: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/mgcp: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/opsi: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/opsi: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/pcli: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/pcli: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/profinet: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/profinet: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/rdm: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/rdm: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/rlm: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/rlm: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/rtnet: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/rtnet: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/rudp: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/rudp: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/stats_tree: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/stats_tree: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/plugins/v5ua: .deps
Seulement dans ethereal-0.99.0-TLS1.1/plugins/v5ua: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/: stamp-h1
Seulement dans ethereal-0.99.0/: svnversion.h
Seulement dans ethereal-0.99.0-TLS1.1/tools/lemon: .deps
Seulement dans ethereal-0.99.0-TLS1.1/tools/lemon: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/tools: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/wiretap: config.h
Seulement dans ethereal-0.99.0-TLS1.1/wiretap: config.log
Seulement dans ethereal-0.99.0-TLS1.1/wiretap: config.status
Seulement dans ethereal-0.99.0-TLS1.1/wiretap: .deps
Seulement dans ethereal-0.99.0-TLS1.1/wiretap: libtool
Seulement dans ethereal-0.99.0-TLS1.1/wiretap: Makefile
Seulement dans ethereal-0.99.0-TLS1.1/wiretap: stamp-h1
_______________________________________________ Ethereal-dev mailing list Ethereal-dev@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-dev
- References:
- [Ethereal-dev] Dissector SSL : patch + bugs
- From: authesserre samuel
- Re: [Ethereal-dev] Dissector SSL : patch + bugs
- From: Jaap Keuter
- Fwd: [Ethereal-dev] Dissector SSL : patch + bugs
- From: authesserre samuel
- Re: [Ethereal-dev] Dissector SSL : patch + bugs
- From: authesserre samuel
- [Ethereal-dev] Dissector SSL : patch + bugs
- Prev by Date: Re: [Ethereal-dev] Dissector SSL : patch + bugs
- Next by Date: [Ethereal-dev] problems building ehtereal on windows xp
- Previous by thread: Re: [Ethereal-dev] Dissector SSL : patch + bugs
- Next by thread: [Ethereal-dev] problem building ethereal : in nmake -f Makefile.nmake step
- Index(es):
