12 #ifndef __PACKET_TLS_UTILS_H__
13 #define __PACKET_TLS_UTILS_H__
27 #include <gnutls/x509.h>
28 #include <gnutls/pkcs12.h>
32 #define SSL_CIPHER_CTX gcry_cipher_hd_t
33 #define SSL_DECRYPT_DEBUG
38 SSL_ID_CHG_CIPHER_SPEC = 0x14,
40 SSL_ID_HANDSHAKE = 0x16,
41 SSL_ID_APP_DATA = 0x17,
42 SSL_ID_HEARTBEAT = 0x18,
43 SSL_ID_TLS12_CID = 0x19
47 SSL_HND_HELLO_REQUEST = 0,
48 SSL_HND_CLIENT_HELLO = 1,
49 SSL_HND_SERVER_HELLO = 2,
50 SSL_HND_HELLO_VERIFY_REQUEST = 3,
51 SSL_HND_NEWSESSION_TICKET = 4,
52 SSL_HND_END_OF_EARLY_DATA = 5,
53 SSL_HND_HELLO_RETRY_REQUEST = 6,
54 SSL_HND_ENCRYPTED_EXTENSIONS = 8,
55 SSL_HND_CERTIFICATE = 11,
56 SSL_HND_SERVER_KEY_EXCHG = 12,
57 SSL_HND_CERT_REQUEST = 13,
58 SSL_HND_SVR_HELLO_DONE = 14,
59 SSL_HND_CERT_VERIFY = 15,
60 SSL_HND_CLIENT_KEY_EXCHG = 16,
61 SSL_HND_FINISHED = 20,
62 SSL_HND_CERT_URL = 21,
63 SSL_HND_CERT_STATUS = 22,
64 SSL_HND_SUPPLEMENTAL_DATA = 23,
65 SSL_HND_KEY_UPDATE = 24,
66 SSL_HND_COMPRESSED_CERTIFICATE = 25,
69 SSL_HND_ENCRYPTED_EXTS = 67
72 #define SSL2_HND_ERROR 0x00
73 #define SSL2_HND_CLIENT_HELLO 0x01
74 #define SSL2_HND_CLIENT_MASTER_KEY 0x02
75 #define SSL2_HND_CLIENT_FINISHED 0x03
76 #define SSL2_HND_SERVER_HELLO 0x04
77 #define SSL2_HND_SERVER_VERIFY 0x05
78 #define SSL2_HND_SERVER_FINISHED 0x06
79 #define SSL2_HND_REQUEST_CERTIFICATE 0x07
80 #define SSL2_HND_CLIENT_CERTIFICATE 0x08
82 #define SSL_HND_HELLO_EXT_SERVER_NAME 0
83 #define SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH 1
84 #define SSL_HND_HELLO_EXT_CLIENT_CERTIFICATE_URL 2
85 #define SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS 3
86 #define SSL_HND_HELLO_EXT_TRUNCATED_HMAC 4
87 #define SSL_HND_HELLO_EXT_STATUS_REQUEST 5
88 #define SSL_HND_HELLO_EXT_USER_MAPPING 6
89 #define SSL_HND_HELLO_EXT_CLIENT_AUTHZ 7
90 #define SSL_HND_HELLO_EXT_SERVER_AUTHZ 8
91 #define SSL_HND_HELLO_EXT_CERT_TYPE 9
92 #define SSL_HND_HELLO_EXT_SUPPORTED_GROUPS 10
93 #define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 11
94 #define SSL_HND_HELLO_EXT_SRP 12
95 #define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS 13
96 #define SSL_HND_HELLO_EXT_USE_SRTP 14
97 #define SSL_HND_HELLO_EXT_HEARTBEAT 15
98 #define SSL_HND_HELLO_EXT_ALPN 16
99 #define SSL_HND_HELLO_EXT_STATUS_REQUEST_V2 17
100 #define SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP 18
101 #define SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE 19
102 #define SSL_HND_HELLO_EXT_SERVER_CERT_TYPE 20
103 #define SSL_HND_HELLO_EXT_PADDING 21
104 #define SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC 22
105 #define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET 23
106 #define SSL_HND_HELLO_EXT_TOKEN_BINDING 24
107 #define SSL_HND_HELLO_EXT_CACHED_INFO 25
108 #define SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE 27
109 #define SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT 28
111 #define SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS 34
112 #define SSL_HND_HELLO_EXT_SESSION_TICKET_TLS 35
114 #define SSL_HND_HELLO_EXT_KEY_SHARE_OLD 40
115 #define SSL_HND_HELLO_EXT_PRE_SHARED_KEY 41
116 #define SSL_HND_HELLO_EXT_EARLY_DATA 42
117 #define SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS 43
118 #define SSL_HND_HELLO_EXT_COOKIE 44
119 #define SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES 45
120 #define SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO 46
121 #define SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES 47
122 #define SSL_HND_HELLO_EXT_OID_FILTERS 48
123 #define SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH 49
124 #define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT 50
125 #define SSL_HND_HELLO_EXT_KEY_SHARE 51
126 #define SSL_HND_HELLO_EXT_TRANSPARENCY_INFO 52
127 #define SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED 53
128 #define SSL_HND_HELLO_EXT_CONNECTION_ID 54
129 #define SSL_HND_HELLO_EXT_EXTERNAL_ID_HASH 55
130 #define SSL_HND_HELLO_EXT_EXTERNAL_SESSION_ID 56
131 #define SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V1 57
132 #define SSL_HND_HELLO_EXT_TICKET_REQUEST 58
133 #define SSL_HND_HELLO_EXT_DNSSEC_CHAIN 59
134 #define SSL_HND_HELLO_EXT_GREASE_0A0A 2570
135 #define SSL_HND_HELLO_EXT_GREASE_1A1A 6682
136 #define SSL_HND_HELLO_EXT_GREASE_2A2A 10794
137 #define SSL_HND_HELLO_EXT_NPN 13172
138 #define SSL_HND_HELLO_EXT_GREASE_3A3A 14906
139 #define SSL_HND_HELLO_EXT_ALPS 17513
140 #define SSL_HND_HELLO_EXT_GREASE_4A4A 19018
141 #define SSL_HND_HELLO_EXT_GREASE_5A5A 23130
142 #define SSL_HND_HELLO_EXT_GREASE_6A6A 27242
143 #define SSL_HND_HELLO_EXT_CHANNEL_ID_OLD 30031
144 #define SSL_HND_HELLO_EXT_CHANNEL_ID 30032
145 #define SSL_HND_HELLO_EXT_GREASE_7A7A 31354
146 #define SSL_HND_HELLO_EXT_GREASE_8A8A 35466
147 #define SSL_HND_HELLO_EXT_GREASE_9A9A 39578
148 #define SSL_HND_HELLO_EXT_GREASE_AAAA 43690
149 #define SSL_HND_HELLO_EXT_GREASE_BABA 47802
150 #define SSL_HND_HELLO_EXT_GREASE_CACA 51914
151 #define SSL_HND_HELLO_EXT_GREASE_DADA 56026
152 #define SSL_HND_HELLO_EXT_GREASE_EAEA 60138
153 #define SSL_HND_HELLO_EXT_GREASE_FAFA 64250
154 #define SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO 65037
155 #define SSL_HND_HELLO_EXT_RENEGOTIATION_INFO 65281
156 #define SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS 65445
157 #define SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME 65486
159 #define SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT 1
160 #define SSL_HND_CERT_URL_TYPE_PKIPATH 2
161 #define SSL_HND_CERT_STATUS_TYPE_OCSP 1
162 #define SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI 2
163 #define SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY 2
166 #define SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID 0x00
167 #define SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT 0x01
168 #define SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN 0x02
169 #define SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE 0x03
170 #define SSL_HND_QUIC_TP_INITIAL_MAX_DATA 0x04
171 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL 0x05
172 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE 0x06
173 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI 0x07
174 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI 0x08
175 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI 0x09
176 #define SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT 0x0a
177 #define SSL_HND_QUIC_TP_MAX_ACK_DELAY 0x0b
178 #define SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION 0x0c
179 #define SSL_HND_QUIC_TP_PREFERRED_ADDRESS 0x0d
180 #define SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT 0x0e
181 #define SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID 0x0f
182 #define SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID 0x10
183 #define SSL_HND_QUIC_TP_VERSION_INFORMATION 0x11
184 #define SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE 0x20
185 #define SSL_HND_QUIC_TP_CIBIR_ENCODING 0x1000
186 #define SSL_HND_QUIC_TP_LOSS_BITS 0x1057
187 #define SSL_HND_QUIC_TP_GREASE_QUIC_BIT 0x2ab2
188 #define SSL_HND_QUIC_TP_ENABLE_TIME_STAMP 0x7157
189 #define SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V2 0x7158
190 #define SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD 0xde1a
192 #define SSL_HND_QUIC_TP_GOOGLE_USER_AGENT 0x3129
193 #define SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED 0x312B
194 #define SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION 0x4752
195 #define SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT 0x3127
196 #define SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE 0x312A
197 #define SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS 0x4751
198 #define SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS 0x3128
200 #define SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY 0xFF00
201 #define SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V1 0xFF03DE1A
202 #define SSL_HND_QUIC_TP_MIN_ACK_DELAY 0xFF04DE1A
203 #define SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT04 0x0F739BBC1B666D04
204 #define SSL_HND_QUIC_TP_ENABLE_MULTIPATH 0x0F739BBC1B666D05
221 extern const value_string ssl_31_key_exchange_algorithm[];
223 extern const value_string ssl_31_client_certificate_type[];
224 extern const value_string ssl_31_public_value_encoding[];
234 extern const value_string ssl_extension_ec_point_formats[];
236 extern const value_string tls_hello_ext_server_name_type_vs[];
237 extern const value_string tls_hello_ext_max_fragment_length[];
240 extern const value_string compress_certificate_algorithm_vals[];
241 extern const val64_string quic_transport_parameter_id[];
243 extern const val64_string quic_enable_time_stamp_v2_vals[];
245 extern const value_string tls_hello_ext_ech_clienthello_types[];
249 extern const value_string token_binding_key_parameter_vals[];
257 #define SSL_WRITE_KEY 1
259 #define SSL_VER_UNKNOWN 0
260 #define SSLV2_VERSION 0x0002
262 #define SSLV3_VERSION 0x300
263 #define TLSV1_VERSION 0x301
264 #define TLCPV1_VERSION 0x101
265 #define TLSV1DOT1_VERSION 0x302
266 #define TLSV1DOT2_VERSION 0x303
267 #define TLSV1DOT3_VERSION 0x304
268 #define DTLSV1DOT0_VERSION 0xfeff
269 #define DTLSV1DOT0_OPENSSL_VERSION 0x100
270 #define DTLSV1DOT2_VERSION 0xfefd
271 #define DTLSV1DOT3_VERSION 0xfefc
274 static inline guint8 extract_tls13_draft_version(guint32 version) {
275 if ((version & 0xff00) == 0x7f00) {
276 return (guint8) version;
282 #define SSL_CLIENT_RANDOM (1<<0)
283 #define SSL_SERVER_RANDOM (1<<1)
284 #define SSL_CIPHER (1<<2)
285 #define SSL_HAVE_SESSION_KEY (1<<3)
286 #define SSL_VERSION (1<<4)
287 #define SSL_MASTER_SECRET (1<<5)
288 #define SSL_PRE_MASTER_SECRET (1<<6)
289 #define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7)
290 #define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8)
291 #define SSL_NEW_SESSION_TICKET (1<<10)
292 #define SSL_ENCRYPT_THEN_MAC (1<<11)
293 #define SSL_SEEN_0RTT_APPDATA (1<<12)
294 #define SSL_QUIC_RECORD_LAYER (1<<13)
296 #define SSL_EXTENDED_MASTER_SECRET_MASK (SSL_CLIENT_EXTENDED_MASTER_SECRET|SSL_SERVER_EXTENDED_MASTER_SECRET)
309 #define IMPLICIT_NONCE_LEN 4
310 #define EXPLICIT_NONCE_LEN 8
311 #define TLS13_AEAD_NONCE_LENGTH 12
316 TLS_SECRET_HANDSHAKE,
320 #define SSL_DEBUG_USE_STDERR "-"
322 #define SSLV2_MAX_SESSION_ID_LENGTH_IN_BYTES 16
325 #define TLS_MAX_RECORD_LENGTH 0x4000
332 ssl_cipher_mode_t mode;
346 guchar _mac_key_or_write_iv[48];
363 guint8 iv[TLS13_AEAD_NONCE_LENGTH];
366 #define KEX_DHE_DSS 0x10
367 #define KEX_DHE_PSK 0x11
368 #define KEX_DHE_RSA 0x12
369 #define KEX_DH_ANON 0x13
370 #define KEX_DH_DSS 0x14
371 #define KEX_DH_RSA 0x15
372 #define KEX_ECDHE_ECDSA 0x16
373 #define KEX_ECDHE_PSK 0x17
374 #define KEX_ECDHE_RSA 0x18
375 #define KEX_ECDH_ANON 0x19
376 #define KEX_ECDH_ECDSA 0x1a
377 #define KEX_ECDH_RSA 0x1b
378 #define KEX_KRB5 0x1c
381 #define KEX_RSA_PSK 0x1f
382 #define KEX_SRP_SHA 0x20
383 #define KEX_SRP_SHA_DSS 0x21
384 #define KEX_SRP_SHA_RSA 0x22
385 #define KEX_IS_DH(n) ((n) >= KEX_DHE_DSS && (n) <= KEX_ECDH_RSA)
386 #define KEX_TLS13 0x23
387 #define KEX_ECJPAKE 0x24
389 #define KEX_ECDHE_SM2 0x25
390 #define KEX_ECC_SM2 0x26
391 #define KEX_IBSDH_SM9 0x27
392 #define KEX_IBC_SM9 0x28
396 #define ENC_START 0x30
398 #define ENC_3DES 0x31
401 #define ENC_IDEA 0x34
403 #define ENC_AES256 0x36
404 #define ENC_CAMELLIA128 0x37
405 #define ENC_CAMELLIA256 0x38
406 #define ENC_SEED 0x39
407 #define ENC_CHACHA20 0x3A
410 #define ENC_NULL 0x3D
415 #define DIG_SHA256 0x42
416 #define DIG_SHA384 0x43
464 guchar tls13_draft_version;
465 gint8 client_cert_type;
466 gint8 server_cert_type;
467 guint32 client_ccs_frame;
468 guint32 server_ccs_frame;
478 const char *alpn_name;
479 guint32 last_nontls_frame;
480 gboolean is_session_resumed;
483 guint32 client_hs_reassembly_id;
484 guint32 server_hs_reassembly_id;
495 guint8 client_cid_len;
496 gboolean client_cid_len_present;
497 guint8 server_cid_len;
498 gboolean server_cid_len_present;
499 gboolean deprecated_cid;
503 #define SSL_MASTER_SECRET_LENGTH 48
509 guchar _master_secret[SSL_MASTER_SECRET_LENGTH];
510 guchar _session_id[256];
511 guchar _client_random[32];
512 guchar _server_random[32];
521 guchar _server_data_for_iv[24];
523 guchar _client_data_for_iv[24];
532 #if defined(HAVE_LIBGNUTLS)
533 struct cert_key_id *cert_key_id;
538 gboolean has_early_data;
553 const gchar *keylog_filename;
561 GHashTable *pre_master;
566 GHashTable *tls13_client_early;
567 GHashTable *tls13_client_handshake;
568 GHashTable *tls13_server_handshake;
569 GHashTable *tls13_client_appdata;
570 GHashTable *tls13_server_appdata;
571 GHashTable *tls13_early_exporter;
572 GHashTable *tls13_exporter;
580 GHashTable *used_crandom;
583 gint ssl_get_keyex_alg(gint cipher);
585 void quic_transport_parameter_id_base_custom(gchar *result, guint64 parameter_id);
587 bool ssldecrypt_uat_fld_ip_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
588 bool ssldecrypt_uat_fld_port_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
589 bool ssldecrypt_uat_fld_fileopen_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
590 bool ssldecrypt_uat_fld_password_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
591 gchar* ssl_association_info(
const char* dissector_table_name,
const char* table_protocol);
594 void ssl_init_cid_list(
void);
597 void ssl_cleanup_cid_list(
void);
622 ssl_set_server(
SslSession *session,
address *addr, port_type ptype, guint32 port);
644 WS_DLL_PUBLIC guint32
656 WS_DLL_PUBLIC guint32
661 ssl_find_appdata_dissector(
const char *name);
669 ssl_data_set(
StringInfo* buf,
const guchar* src, guint len);
678 ssl_cipher_setiv(SSL_CIPHER_CTX *cipher, guchar* iv, gint iv_len);
684 ssl_find_cipher(
int num);
700 guint32 length,
tvbuff_t *tvb, guint32 offset,
701 const gchar *ssl_psk,
702 #ifdef HAVE_LIBGNUTLS
703 GHashTable *key_hash,
733 gboolean ignore_mac_failed,
734 const guchar *in, guint16 inl,
const guchar *cid, guint8 cidl,
743 tls13_cipher_create(
const char *label_prefix,
int cipher_algo,
int cipher_mode,
int hash_algo,
const StringInfo *secret,
const gchar **error);
760 tls_add_packet_info(gint proto,
packet_info *pinfo, guint8 curr_layer_num_ssl);
764 ssl_add_record_info(gint proto,
packet_info *pinfo,
const guchar *data, gint data_len, gint record_id,
SslFlow *flow, ContentType type, guint8 curr_layer_num_ssl);
784 tls_get_master_key_map(gboolean load_secrets);
792 ssl_load_keyfile(
const gchar *ssl_keylog_filename, FILE **keylog_file,
795 #ifdef HAVE_LIBGNUTLS
816 gboolean is_from_server, TLSRecordType type);
820 gboolean is_from_server, TLSRecordType type);
826 ssl_is_valid_content_type(guint8 type);
829 ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls);
832 tls_scan_server_hello(
tvbuff_t *tvb, guint32 offset, guint32 offset_end,
833 guint16 *server_version, gboolean *is_hrr);
837 guint8 content_type, guint8 handshake_type,
838 gboolean is_dtls, guint16 version);
846 gint change_cipher_spec;
848 gint hs_ext_alpn_len;
849 gint hs_ext_alpn_list;
850 gint hs_ext_alpn_str;
851 gint hs_ext_alpn_str_len;
852 gint hs_ext_cert_url_item;
853 gint hs_ext_cert_url_padding;
854 gint hs_ext_cert_url_sha1;
855 gint hs_ext_cert_url_type;
856 gint hs_ext_cert_url_url;
857 gint hs_ext_cert_url_url_hash_list_len;
858 gint hs_ext_cert_url_url_len;
859 gint hs_ext_cert_status_type;
860 gint hs_ext_cert_status_request_len;
861 gint hs_ext_cert_status_responder_id_list_len;
862 gint hs_ext_cert_status_request_extensions_len;
863 gint hs_ext_cert_status_request_list_len;
864 gint hs_ocsp_response_list_len;
865 gint hs_ocsp_response_len;
866 gint hs_ext_cert_type;
867 gint hs_ext_cert_types;
868 gint hs_ext_cert_types_len;
870 gint hs_ext_ec_point_format;
871 gint hs_ext_ec_point_formats;
872 gint hs_ext_ec_point_formats_len;
874 gint hs_ext_srp_username;
875 gint hs_ext_supported_group;
876 gint hs_ext_supported_groups;
877 gint hs_ext_supported_groups_len;
878 gint hs_ext_heartbeat_mode;
881 gint hs_ext_npn_str_len;
882 gint hs_ext_reneg_info_len;
883 gint hs_ext_reneg_info;
884 gint hs_ext_key_share_client_length;
885 gint hs_ext_key_share_group;
886 gint hs_ext_key_share_key_exchange_length;
887 gint hs_ext_key_share_key_exchange;
888 gint hs_ext_key_share_selected_group;
889 gint hs_ext_psk_identities_length;
890 gint hs_ext_psk_identity_identity_length;
891 gint hs_ext_psk_identity_identity;
892 gint hs_ext_psk_identity_obfuscated_ticket_age;
893 gint hs_ext_psk_binders_length;
894 gint hs_ext_psk_binders;
895 gint hs_ext_psk_identity_selected;
896 gint hs_ext_session_ticket;
897 gint hs_ext_supported_versions_len;
898 gint hs_ext_supported_version;
899 gint hs_ext_cookie_len;
901 gint hs_ext_server_name;
902 gint hs_ext_server_name_len;
903 gint hs_ext_server_name_list_len;
904 gint hs_ext_server_name_type;
905 gint hs_ext_max_fragment_length;
906 gint hs_ext_padding_data;
908 gint hs_ext_connection_id_length;
909 gint hs_ext_connection_id;
910 gint hs_sig_hash_alg;
911 gint hs_sig_hash_alg_len;
912 gint hs_sig_hash_algs;
913 gint hs_sig_hash_hash;
914 gint hs_sig_hash_sig;
915 gint hs_client_keyex_epms_len;
916 gint hs_client_keyex_epms;
917 gint hs_server_keyex_modulus_len;
918 gint hs_server_keyex_exponent_len;
919 gint hs_server_keyex_sig_len;
920 gint hs_server_keyex_p_len;
921 gint hs_server_keyex_g_len;
922 gint hs_server_keyex_ys_len;
923 gint hs_client_keyex_yc_len;
924 gint hs_client_keyex_point_len;
925 gint hs_server_keyex_point_len;
926 gint hs_server_keyex_p;
927 gint hs_server_keyex_g;
928 gint hs_server_keyex_curve_type;
929 gint hs_server_keyex_named_curve;
930 gint hs_server_keyex_ys;
931 gint hs_client_keyex_yc;
932 gint hs_server_keyex_point;
933 gint hs_client_keyex_point;
934 gint hs_server_keyex_xs_len;
935 gint hs_client_keyex_xc_len;
936 gint hs_server_keyex_xs;
937 gint hs_client_keyex_xc;
938 gint hs_server_keyex_vs_len;
939 gint hs_client_keyex_vc_len;
940 gint hs_server_keyex_vs;
941 gint hs_client_keyex_vc;
942 gint hs_server_keyex_rs_len;
943 gint hs_client_keyex_rc_len;
944 gint hs_server_keyex_rs;
945 gint hs_client_keyex_rc;
946 gint hs_server_keyex_modulus;
947 gint hs_server_keyex_exponent;
948 gint hs_server_keyex_sig;
949 gint hs_server_keyex_hint_len;
950 gint hs_server_keyex_hint;
951 gint hs_client_keyex_identity_len;
952 gint hs_client_keyex_identity;
953 gint hs_certificates_len;
954 gint hs_certificates;
955 gint hs_certificate_len;
957 gint hs_cert_types_count;
962 gint hs_dnames_truncated;
967 gint hs_random_bytes;
969 gint hs_session_id_len;
970 gint hs_client_version;
971 gint hs_server_version;
972 gint hs_cipher_suites_len;
973 gint hs_cipher_suites;
974 gint hs_cipher_suite;
975 gint hs_comp_methods_len;
976 gint hs_comp_methods;
978 gint hs_session_ticket_lifetime_hint;
979 gint hs_session_ticket_age_add;
980 gint hs_session_ticket_nonce_len;
981 gint hs_session_ticket_nonce;
982 gint hs_session_ticket_len;
983 gint hs_session_ticket;
985 gint hs_client_cert_vrfy_sig_len;
986 gint hs_client_cert_vrfy_sig;
995 gint hs_ext_psk_ke_modes_length;
996 gint hs_ext_psk_ke_mode;
997 gint hs_certificate_request_context_length;
998 gint hs_certificate_request_context;
999 gint hs_key_update_request_update;
1000 gint sct_scts_length;
1001 gint sct_sct_length;
1002 gint sct_sct_version;
1004 gint sct_sct_timestamp;
1005 gint sct_sct_extensions_length;
1006 gint sct_sct_extensions;
1007 gint sct_sct_signature;
1008 gint sct_sct_signature_length;
1009 gint hs_ext_max_early_data_size;
1010 gint hs_ext_oid_filters_length;
1011 gint hs_ext_oid_filters_oid_length;
1012 gint hs_ext_oid_filters_oid;
1013 gint hs_ext_oid_filters_values_length;
1014 gint hs_cred_valid_time;
1015 gint hs_cred_pubkey;
1016 gint hs_cred_pubkey_len;
1017 gint hs_cred_signature;
1018 gint hs_cred_signature_len;
1021 gint hs_ext_compress_certificate_algorithms_length;
1022 gint hs_ext_compress_certificate_algorithm;
1023 gint hs_ext_compress_certificate_uncompressed_length;
1024 gint hs_ext_compress_certificate_compressed_certificate_message_length;
1025 gint hs_ext_compress_certificate_compressed_certificate_message;
1028 gint hs_ext_token_binding_version_major;
1029 gint hs_ext_token_binding_version_minor;
1030 gint hs_ext_token_binding_key_parameters;
1031 gint hs_ext_token_binding_key_parameters_length;
1032 gint hs_ext_token_binding_key_parameter;
1034 gint hs_ext_record_size_limit;
1037 gint hs_ext_quictp_len;
1038 gint hs_ext_quictp_parameter;
1039 gint hs_ext_quictp_parameter_type;
1040 gint hs_ext_quictp_parameter_len;
1041 gint hs_ext_quictp_parameter_len_old;
1042 gint hs_ext_quictp_parameter_value;
1043 gint hs_ext_quictp_parameter_original_destination_connection_id;
1044 gint hs_ext_quictp_parameter_max_idle_timeout;
1045 gint hs_ext_quictp_parameter_stateless_reset_token;
1046 gint hs_ext_quictp_parameter_initial_max_data;
1047 gint hs_ext_quictp_parameter_initial_max_stream_data_bidi_local;
1048 gint hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote;
1049 gint hs_ext_quictp_parameter_initial_max_stream_data_uni;
1050 gint hs_ext_quictp_parameter_initial_max_streams_bidi;
1051 gint hs_ext_quictp_parameter_initial_max_streams_uni;
1052 gint hs_ext_quictp_parameter_ack_delay_exponent;
1053 gint hs_ext_quictp_parameter_max_ack_delay;
1054 gint hs_ext_quictp_parameter_max_udp_payload_size;
1055 gint hs_ext_quictp_parameter_pa_ipv4address;
1056 gint hs_ext_quictp_parameter_pa_ipv6address;
1057 gint hs_ext_quictp_parameter_pa_ipv4port;
1058 gint hs_ext_quictp_parameter_pa_ipv6port;
1059 gint hs_ext_quictp_parameter_pa_connectionid_length;
1060 gint hs_ext_quictp_parameter_pa_connectionid;
1061 gint hs_ext_quictp_parameter_pa_statelessresettoken;
1062 gint hs_ext_quictp_parameter_active_connection_id_limit;
1063 gint hs_ext_quictp_parameter_initial_source_connection_id;
1064 gint hs_ext_quictp_parameter_retry_source_connection_id;
1065 gint hs_ext_quictp_parameter_max_datagram_frame_size;
1066 gint hs_ext_quictp_parameter_cibir_encoding_length;
1067 gint hs_ext_quictp_parameter_cibir_encoding_offset;
1068 gint hs_ext_quictp_parameter_loss_bits;
1069 gint hs_ext_quictp_parameter_enable_time_stamp_v2;
1070 gint hs_ext_quictp_parameter_min_ack_delay;
1071 gint hs_ext_quictp_parameter_google_user_agent_id;
1072 gint hs_ext_quictp_parameter_google_key_update_not_yet_supported;
1073 gint hs_ext_quictp_parameter_google_quic_version;
1074 gint hs_ext_quictp_parameter_google_initial_rtt;
1075 gint hs_ext_quictp_parameter_google_support_handshake_done;
1076 gint hs_ext_quictp_parameter_google_quic_params;
1077 gint hs_ext_quictp_parameter_google_quic_params_unknown_field;
1078 gint hs_ext_quictp_parameter_google_connection_options;
1079 gint hs_ext_quictp_parameter_google_supported_versions_length;
1080 gint hs_ext_quictp_parameter_google_supported_version;
1081 gint hs_ext_quictp_parameter_facebook_partial_reliability;
1082 gint hs_ext_quictp_parameter_chosen_version;
1083 gint hs_ext_quictp_parameter_other_version;
1084 gint hs_ext_quictp_parameter_enable_multipath;
1087 gint esni_record_digest_length;
1088 gint esni_record_digest;
1089 gint esni_encrypted_sni_length;
1090 gint esni_encrypted_sni;
1093 gint ech_echconfiglist_length;
1094 gint ech_echconfiglist;
1096 gint ech_echconfig_version;
1097 gint ech_echconfig_length;
1098 gint ech_echconfigcontents_maximum_name_length;
1099 gint ech_echconfigcontents_public_name_length;
1100 gint ech_echconfigcontents_public_name;
1101 gint ech_echconfigcontents_extensions_length;
1102 gint ech_echconfigcontents_extensions;
1103 gint ech_hpke_keyconfig;
1104 gint ech_hpke_keyconfig_config_id;
1105 gint ech_hpke_keyconfig_kem_id;
1106 gint ech_hpke_keyconfig_public_key_length;
1107 gint ech_hpke_keyconfig_public_key;
1108 gint ech_hpke_keyconfig_cipher_suites;
1109 gint ech_hpke_keyconfig_cipher_suites_length;
1110 gint ech_hpke_keyconfig_cipher_suite;
1111 gint ech_hpke_keyconfig_cipher_suite_kdf_id;
1112 gint ech_hpke_keyconfig_cipher_suite_aead_id;
1113 gint ech_clienthello_type;
1114 gint ech_cipher_suite;
1116 gint ech_enc_length;
1118 gint ech_payload_length;
1120 gint ech_confirmation;
1121 gint ech_retry_configs;
1123 gint hs_ext_alps_len;
1124 gint hs_ext_alps_alpn_list;
1125 gint hs_ext_alps_alpn_str;
1126 gint hs_ext_alps_alpn_str_len;
1127 gint hs_ext_alps_settings;
1134 gint hs_ext_cert_types;
1136 gint hs_ext_curves_point_formats;
1138 gint hs_ext_reneg_info;
1139 gint hs_ext_key_share;
1140 gint hs_ext_key_share_ks;
1141 gint hs_ext_pre_shared_key;
1142 gint hs_ext_psk_identity;
1143 gint hs_ext_server_name;
1144 gint hs_ext_oid_filter;
1145 gint hs_ext_quictp_parameter;
1146 gint hs_sig_hash_alg;
1147 gint hs_sig_hash_algs;
1156 gint session_ticket;
1160 gint uncompressed_certificates;
1162 gint ech_echconfiglist;
1164 gint ech_retry_configs;
1165 gint ech_hpke_keyconfig;
1166 gint ech_hpke_cipher_suites;
1167 gint ech_hpke_cipher_suite;
1168 gint hs_ext_token_binding_key_parameters;
1192 gint hf_dtls_handshake_cookie_len;
1193 gint hf_dtls_handshake_cookie;
1207 guint32 max_version;
1208 gboolean server_name_present;
1209 gint num_cipher_suites;
1210 gint num_extensions;
1220 #define G_MAXUINT24 ((1U << 24) - 1)
1236 guint offset, guint offset_end, guint32 *ret_length,
1237 int hf_length, guint32 min_value, guint32 max_value);
1249 guint offset, guint offset_end);
1255 ContentType content_type,
1257 guint16 version,
tvbuff_t *decrypted_tvb);
1263 gboolean is_from_server,
1275 proto_tree *tree, guint32 offset, guint32 offset_end,
1277 gboolean is_dtls, gboolean is_hrr);
1281 proto_tree *tree, guint32 offset, guint32 offset_end,
1287 proto_tree *tree, guint32 offset, guint32 offset_end,
1293 proto_tree *tree, guint32 offset, guint32 offset_end,
1295 gboolean is_dtls, GHashTable *session_hash);
1299 guint32 offset, guint32 offset_end,
packet_info *pinfo,
1301 gboolean is_from_server, gboolean is_dtls);
1305 proto_tree *tree, guint32 offset, guint32 offset_end,
1310 proto_tree *tree, guint32 offset, guint32 offset_end, guint16 version);
1314 proto_tree *tree, guint32 offset, guint32 offset_end,
1322 proto_tree *tree, guint32 offset, guint32 offset_end);
1326 proto_tree *tree, guint32 offset, guint32 length,
1331 proto_tree *tree, guint32 offset, guint32 offset_end,
1340 guint32 offset, guint32 offset_end, guint16 version);
1343 tls13_hkdf_expand_label_context(
int md,
const StringInfo *secret,
1344 const char *label_prefix,
const char *label,
1345 const guint8 *context, guint8 context_length,
1346 guint16 out_len, guchar **out);
1349 tls13_hkdf_expand_label(
int md,
const StringInfo *secret,
1350 const char *label_prefix,
const char *label,
1351 guint16 out_len, guchar **out);
1355 guint32 offset, guint32 offset_end,
packet_info *pinfo,
1357 gboolean is_from_server _U_, gboolean is_dtls _U_);
1359 #define SSL_COMMON_LIST_T(name) \
1360 ssl_common_dissect_t name = { \
1362 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1363 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1364 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1365 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1366 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1367 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1368 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1369 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1370 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1371 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1372 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1373 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1374 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1375 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1376 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1377 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1378 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 \
1381 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1382 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \
1383 -1, -1, -1, -1, -1 \
1386 EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, EI_INIT, \
1393 #define SSL_COMMON_HF_LIST(name, prefix) \
1394 { & name .hf.change_cipher_spec, \
1395 { "Change Cipher Spec Message", prefix ".change_cipher_spec", \
1396 FT_NONE, BASE_NONE, NULL, 0x0, \
1397 "Signals a change in cipher specifications", HFILL } \
1399 { & name .hf.hs_exts_len, \
1400 { "Extensions Length", prefix ".handshake.extensions_length", \
1401 FT_UINT16, BASE_DEC, NULL, 0x0, \
1402 "Length of hello extensions", HFILL } \
1404 { & name .hf.hs_ext_type, \
1405 { "Type", prefix ".handshake.extension.type", \
1406 FT_UINT16, BASE_DEC, VALS(tls_hello_extension_types), 0x0, \
1407 "Hello extension type", HFILL } \
1409 { & name .hf.hs_ext_len, \
1410 { "Length", prefix ".handshake.extension.len", \
1411 FT_UINT16, BASE_DEC, NULL, 0x0, \
1412 "Length of a hello extension", HFILL } \
1414 { & name .hf.hs_ext_data, \
1415 { "Data", prefix ".handshake.extension.data", \
1416 FT_BYTES, BASE_NONE, NULL, 0x0, \
1417 "Hello Extension data", HFILL } \
1419 { & name .hf.hs_ext_supported_groups_len, \
1420 { "Supported Groups List Length", prefix ".handshake.extensions_supported_groups_length", \
1421 FT_UINT16, BASE_DEC, NULL, 0x0, \
1424 { & name .hf.hs_ext_supported_groups, \
1425 { "Supported Groups List", prefix ".handshake.extensions_supported_groups", \
1426 FT_NONE, BASE_NONE, NULL, 0x0, \
1427 "List of supported groups (formerly Supported Elliptic Curves)", HFILL } \
1429 { & name .hf.hs_ext_supported_group, \
1430 { "Supported Group", prefix ".handshake.extensions_supported_group", \
1431 FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \
1434 { & name .hf.hs_ext_ec_point_formats_len, \
1435 { "EC point formats Length", prefix ".handshake.extensions_ec_point_formats_length", \
1436 FT_UINT8, BASE_DEC, NULL, 0x0, \
1437 "Length of elliptic curves point formats field", HFILL } \
1439 { & name .hf.hs_ext_ec_point_formats, \
1440 { "EC point formats", prefix ".handshake.extensions_ec_point_formats", \
1441 FT_NONE, BASE_NONE, NULL, 0x0, \
1442 "List of elliptic curves point format", HFILL } \
1444 { & name .hf.hs_ext_ec_point_format, \
1445 { "EC point format", prefix ".handshake.extensions_ec_point_format", \
1446 FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, \
1447 "Elliptic curves point format", HFILL } \
1449 { & name .hf.hs_ext_srp_len, \
1450 { "SRP username length", prefix ".handshake.extensions_srp_len", \
1451 FT_UINT8, BASE_DEC, NULL, 0x0, \
1452 "Length of Secure Remote Password username field", HFILL } \
1454 { & name .hf.hs_ext_srp_username, \
1455 { "SRP username", prefix ".handshake.extensions_srp_username", \
1456 FT_STRING, BASE_NONE, NULL, 0x0, \
1457 "Secure Remote Password username", HFILL } \
1459 { & name .hf.hs_ext_alpn_len, \
1460 { "ALPN Extension Length", prefix ".handshake.extensions_alpn_len", \
1461 FT_UINT16, BASE_DEC, NULL, 0x0, \
1462 "Length of the ALPN Extension", HFILL } \
1464 { & name .hf.hs_ext_alpn_list, \
1465 { "ALPN Protocol", prefix ".handshake.extensions_alpn_list", \
1466 FT_NONE, BASE_NONE, NULL, 0x0, \
1469 { & name .hf.hs_ext_alpn_str_len, \
1470 { "ALPN string length", prefix ".handshake.extensions_alpn_str_len", \
1471 FT_UINT8, BASE_DEC, NULL, 0x0, \
1472 "Length of ALPN string", HFILL } \
1474 { & name .hf.hs_ext_alpn_str, \
1475 { "ALPN Next Protocol", prefix ".handshake.extensions_alpn_str", \
1476 FT_STRING, BASE_NONE, NULL, 0x00, \
1479 { & name .hf.hs_ext_npn_str_len, \
1480 { "Protocol string length", prefix ".handshake.extensions_npn_str_len", \
1481 FT_UINT8, BASE_DEC, NULL, 0x0, \
1482 "Length of next protocol string", HFILL } \
1484 { & name .hf.hs_ext_npn_str, \
1485 { "Next Protocol", prefix ".handshake.extensions_npn", \
1486 FT_STRING, BASE_NONE, NULL, 0x0, \
1489 { & name .hf.hs_ext_reneg_info_len, \
1490 { "Renegotiation info extension length", prefix ".handshake.extensions_reneg_info_len", \
1491 FT_UINT8, BASE_DEC, NULL, 0x0, \
1494 { & name .hf.hs_ext_reneg_info, \
1495 { "Renegotiation info", prefix ".handshake.extensions_reneg_info",\
1496 FT_BYTES, BASE_NONE, NULL, 0x0, \
1499 { & name .hf.hs_ext_key_share_client_length, \
1500 { "Client Key Share Length", prefix ".handshake.extensions_key_share_client_length", \
1501 FT_UINT16, BASE_DEC, NULL, 0x00, \
1504 { & name .hf.hs_ext_key_share_group, \
1505 { "Group", prefix ".handshake.extensions_key_share_group", \
1506 FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \
1509 { & name .hf.hs_ext_key_share_key_exchange_length, \
1510 { "Key Exchange Length", prefix ".handshake.extensions_key_share_key_exchange_length", \
1511 FT_UINT16, BASE_DEC, NULL, 0x00, \
1514 { & name .hf.hs_ext_key_share_key_exchange, \
1515 { "Key Exchange", prefix ".handshake.extensions_key_share_key_exchange", \
1516 FT_BYTES, BASE_NONE, NULL, 0x0, \
1519 { & name .hf.hs_ext_key_share_selected_group, \
1520 { "Selected Group", prefix ".handshake.extensions_key_share_selected_group", \
1521 FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \
1524 { & name .hf.hs_ext_psk_identities_length, \
1525 { "Identities Length", prefix ".handshake.extensions.psk.identities.length", \
1526 FT_UINT16, BASE_DEC, NULL, 0x0, \
1529 { & name .hf.hs_ext_psk_identity_identity_length, \
1530 { "Identity Length", prefix ".handshake.extensions.psk.identity.identity_length", \
1531 FT_UINT16, BASE_DEC, NULL, 0x0, \
1534 { & name .hf.hs_ext_psk_identity_identity, \
1535 { "Identity", prefix ".handshake.extensions.psk.identity.identity", \
1536 FT_BYTES, BASE_NONE, NULL, 0x0, \
1539 { & name .hf.hs_ext_psk_identity_obfuscated_ticket_age, \
1540 { "Obfuscated Ticket Age", prefix ".handshake.extensions.psk.identity.obfuscated_ticket_age", \
1541 FT_UINT32, BASE_DEC, NULL, 0x0, \
1544 { & name .hf.hs_ext_psk_binders_length, \
1545 { "PSK Binders length", prefix ".handshake.extensions.psk.binders_len", \
1546 FT_UINT16, BASE_DEC, NULL, 0x0, \
1549 { & name .hf.hs_ext_psk_binders, \
1550 { "PSK Binders", prefix ".handshake.extensions.psk.binders", \
1551 FT_NONE, BASE_NONE, NULL, 0x0, \
1554 { & name .hf.hs_ext_psk_identity_selected, \
1555 { "Selected Identity", prefix ".handshake.extensions.psk.identity.selected", \
1556 FT_UINT16, BASE_DEC, NULL, 0x0, \
1559 { & name .hf.hs_ext_session_ticket, \
1560 { "Session Ticket", prefix ".handshake.extensions.session_ticket", \
1561 FT_BYTES, BASE_NONE, NULL, 0x0, \
1564 { & name .hf.hs_ext_supported_versions_len, \
1565 { "Supported Versions length", prefix ".handshake.extensions.supported_versions_len", \
1566 FT_UINT8, BASE_DEC, NULL, 0x0, \
1569 { & name .hf.hs_ext_supported_version, \
1570 { "Supported Version", prefix ".handshake.extensions.supported_version", \
1571 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
1574 { & name .hf.hs_ext_cookie_len, \
1575 { "Cookie length", prefix ".handshake.extensions.cookie_len", \
1576 FT_UINT16, BASE_DEC, NULL, 0x0, \
1579 { & name .hf.hs_ext_cookie, \
1580 { "Cookie", prefix ".handshake.extensions.cookie", \
1581 FT_BYTES, BASE_NONE, NULL, 0x0, \
1584 { & name .hf.hs_ext_server_name_list_len, \
1585 { "Server Name list length", prefix ".handshake.extensions_server_name_list_len", \
1586 FT_UINT16, BASE_DEC, NULL, 0x0, \
1587 "Length of server name list", HFILL } \
1589 { & name .hf.hs_ext_server_name_len, \
1590 { "Server Name length", prefix ".handshake.extensions_server_name_len", \
1591 FT_UINT16, BASE_DEC, NULL, 0x0, \
1592 "Length of server name string", HFILL } \
1594 { & name .hf.hs_ext_server_name_type, \
1595 { "Server Name Type", prefix ".handshake.extensions_server_name_type", \
1596 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_server_name_type_vs), 0x0, \
1599 { & name .hf.hs_ext_server_name, \
1600 { "Server Name", prefix ".handshake.extensions_server_name", \
1601 FT_STRING, BASE_NONE, NULL, 0x0, \
1604 { & name .hf.hs_ext_max_fragment_length, \
1605 { "Maximum Fragment Length", prefix ".handshake.max_fragment_length", \
1606 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_max_fragment_length), 0x00, \
1607 "Maximum fragment length that an endpoint is willing to receive", HFILL } \
1609 { & name .hf.hs_ext_padding_data, \
1610 { "Padding Data", prefix ".handshake.extensions_padding_data", \
1611 FT_BYTES, BASE_NONE, NULL, 0x0, \
1612 "Must be zero", HFILL } \
1614 { & name .hf.hs_ext_cert_url_type, \
1615 { "Certificate Chain Type", prefix ".handshake.cert_url_type", \
1616 FT_UINT8, BASE_DEC, VALS(tls_cert_chain_type), 0x0, \
1617 "Certificate Chain Type for Client Certificate URL", HFILL } \
1619 { & name .hf.hs_ext_cert_url_url_hash_list_len, \
1620 { "URL and Hash list Length", prefix ".handshake.cert_url.url_hash_len", \
1621 FT_UINT16, BASE_DEC, NULL, 0x0, \
1624 { & name .hf.hs_ext_cert_url_item, \
1625 { "URL and Hash", prefix ".handshake.cert_url.url_hash", \
1626 FT_NONE, BASE_NONE, NULL, 0x0, \
1629 { & name .hf.hs_ext_cert_url_url_len, \
1630 { "URL Length", prefix ".handshake.cert_url.url_len", \
1631 FT_UINT16, BASE_DEC, NULL, 0x0, \
1634 { & name .hf.hs_ext_cert_type, \
1635 { "Certificate Type", prefix ".handshake.cert_type.type", \
1636 FT_UINT8, BASE_HEX, VALS(tls_certificate_type), 0x0, \
1639 { & name .hf.hs_ext_cert_types, \
1640 { "Certificate Type List", prefix ".handshake.cert_type.types", \
1641 FT_NONE, BASE_NONE, NULL, 0x0, \
1644 { & name .hf.hs_ext_cert_types_len, \
1645 { "Certificate Type List Length", prefix ".handshake.cert_type.types_len", \
1646 FT_UINT8, BASE_DEC, NULL, 0x0, \
1649 { & name .hf.hs_ext_cert_url_url, \
1650 { "URL", prefix ".handshake.cert_url.url", \
1651 FT_STRING, BASE_NONE, NULL, 0x0, \
1652 "URL used to fetch the certificate(s)", HFILL } \
1654 { & name .hf.hs_ext_cert_url_padding, \
1655 { "Padding", prefix ".handshake.cert_url.padding", \
1656 FT_NONE, BASE_NONE, NULL, 0x0, \
1657 "Padding that MUST be 0x01 for backwards compatibility", HFILL } \
1659 { & name .hf.hs_ext_cert_url_sha1, \
1660 { "SHA1 Hash", prefix ".handshake.cert_url.sha1", \
1661 FT_BYTES, BASE_NONE, NULL, 0x0, \
1662 "SHA1 Hash of the certificate", HFILL } \
1664 { & name .hf.hs_ext_cert_status_type, \
1665 { "Certificate Status Type", prefix ".handshake.extensions_status_request_type", \
1666 FT_UINT8, BASE_DEC, VALS(tls_cert_status_type), 0x0, \
1669 { & name .hf.hs_ext_cert_status_request_len, \
1670 { "Certificate Status Length", prefix ".handshake.extensions_status_request_len", \
1671 FT_UINT16, BASE_DEC, NULL, 0x0, \
1674 { & name .hf.hs_ext_cert_status_responder_id_list_len, \
1675 { "Responder ID list Length", prefix ".handshake.extensions_status_request_responder_ids_len", \
1676 FT_UINT16, BASE_DEC, NULL, 0x0, \
1679 { & name .hf.hs_ext_cert_status_request_extensions_len, \
1680 { "Request Extensions Length", prefix ".handshake.extensions_status_request_exts_len", \
1681 FT_UINT16, BASE_DEC, NULL, 0x0, \
1684 { & name .hf.hs_ext_cert_status_request_list_len, \
1685 { "Certificate Status List Length", prefix ".handshake.extensions_status_request_list_len", \
1686 FT_UINT16, BASE_DEC, NULL, 0x0, \
1687 "CertificateStatusRequestItemV2 list length", HFILL } \
1689 { & name .hf.hs_ocsp_response_list_len, \
1690 { "OCSP Response List Length", prefix ".handshake.ocsp_response_list_len", \
1691 FT_UINT24, BASE_DEC, NULL, 0x0, \
1692 "OCSPResponseList length", HFILL } \
1694 { & name .hf.hs_ocsp_response_len, \
1695 { "OCSP Response Length", prefix ".handshake.ocsp_response_len", \
1696 FT_UINT24, BASE_DEC, NULL, 0x0, \
1699 { & name .hf.hs_sig_hash_alg_len, \
1700 { "Signature Hash Algorithms Length", prefix ".handshake.sig_hash_alg_len", \
1701 FT_UINT16, BASE_DEC, NULL, 0x0, \
1702 "Length of Signature Hash Algorithms", HFILL } \
1704 { & name .hf.hs_sig_hash_algs, \
1705 { "Signature Algorithms", prefix ".handshake.sig_hash_algs", \
1706 FT_NONE, BASE_NONE, NULL, 0x0, \
1707 "List of supported Signature Algorithms", HFILL } \
1709 { & name .hf.hs_sig_hash_alg, \
1710 { "Signature Algorithm", prefix ".handshake.sig_hash_alg", \
1711 FT_UINT16, BASE_HEX, VALS(tls13_signature_algorithm), 0x0, \
1714 { & name .hf.hs_sig_hash_hash, \
1715 { "Signature Hash Algorithm Hash", prefix ".handshake.sig_hash_hash", \
1716 FT_UINT8, BASE_DEC, VALS(tls_hash_algorithm), 0x0, \
1717 "Hash algorithm (TLS 1.2)", HFILL } \
1719 { & name .hf.hs_sig_hash_sig, \
1720 { "Signature Hash Algorithm Signature", prefix ".handshake.sig_hash_sig", \
1721 FT_UINT8, BASE_DEC, VALS(tls_signature_algorithm), 0x0, \
1722 "Signature algorithm (TLS 1.2)", HFILL } \
1724 { & name .hf.hs_client_keyex_epms_len, \
1725 { "Encrypted PreMaster length", prefix ".handshake.epms_len", \
1726 FT_UINT16, BASE_DEC, NULL, 0x0, \
1727 "Length of encrypted PreMaster secret", HFILL } \
1729 { & name .hf.hs_client_keyex_epms, \
1730 { "Encrypted PreMaster", prefix ".handshake.epms", \
1731 FT_BYTES, BASE_NONE, NULL, 0x0, \
1732 "Encrypted PreMaster secret", HFILL } \
1734 { & name .hf.hs_server_keyex_modulus_len, \
1735 { "Modulus Length", prefix ".handshake.modulus_len", \
1736 FT_UINT16, BASE_DEC, NULL, 0x0, \
1737 "Length of RSA-EXPORT modulus", HFILL } \
1739 { & name .hf.hs_server_keyex_exponent_len, \
1740 { "Exponent Length", prefix ".handshake.exponent_len", \
1741 FT_UINT16, BASE_DEC, NULL, 0x0, \
1742 "Length of RSA-EXPORT exponent", HFILL } \
1744 { & name .hf.hs_server_keyex_sig_len, \
1745 { "Signature Length", prefix ".handshake.sig_len", \
1746 FT_UINT16, BASE_DEC, NULL, 0x0, \
1747 "Length of Signature", HFILL } \
1749 { & name .hf.hs_server_keyex_p_len, \
1750 { "p Length", prefix ".handshake.p_len", \
1751 FT_UINT16, BASE_DEC, NULL, 0x0, \
1752 "Length of p", HFILL } \
1754 { & name .hf.hs_server_keyex_g_len, \
1755 { "g Length", prefix ".handshake.g_len", \
1756 FT_UINT16, BASE_DEC, NULL, 0x0, \
1757 "Length of g", HFILL } \
1759 { & name .hf.hs_server_keyex_ys_len, \
1760 { "Pubkey Length", prefix ".handshake.ys_len", \
1761 FT_UINT16, BASE_DEC, NULL, 0x0, \
1762 "Length of server's Diffie-Hellman public key", HFILL } \
1764 { & name .hf.hs_client_keyex_yc_len, \
1765 { "Pubkey Length", prefix ".handshake.yc_len", \
1766 FT_UINT16, BASE_DEC, NULL, 0x0, \
1767 "Length of client's Diffie-Hellman public key", HFILL } \
1769 { & name .hf.hs_client_keyex_point_len, \
1770 { "Pubkey Length", prefix ".handshake.client_point_len", \
1771 FT_UINT8, BASE_DEC, NULL, 0x0, \
1772 "Length of client's EC Diffie-Hellman public key", HFILL } \
1774 { & name .hf.hs_server_keyex_point_len, \
1775 { "Pubkey Length", prefix ".handshake.server_point_len", \
1776 FT_UINT8, BASE_DEC, NULL, 0x0, \
1777 "Length of server's EC Diffie-Hellman public key", HFILL } \
1779 { & name .hf.hs_server_keyex_p, \
1780 { "p", prefix ".handshake.p", \
1781 FT_BYTES, BASE_NONE, NULL, 0x0, \
1782 "Diffie-Hellman p", HFILL } \
1784 { & name .hf.hs_server_keyex_g, \
1785 { "g", prefix ".handshake.g", \
1786 FT_BYTES, BASE_NONE, NULL, 0x0, \
1787 "Diffie-Hellman g", HFILL } \
1789 { & name .hf.hs_server_keyex_curve_type, \
1790 { "Curve Type", prefix ".handshake.server_curve_type", \
1791 FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0, \
1792 "Server curve_type", HFILL } \
1794 { & name .hf.hs_server_keyex_named_curve, \
1795 { "Named Curve", prefix ".handshake.server_named_curve", \
1796 FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \
1797 "Server named_curve", HFILL } \
1799 { & name .hf.hs_server_keyex_ys, \
1800 { "Pubkey", prefix ".handshake.ys", \
1801 FT_BYTES, BASE_NONE, NULL, 0x0, \
1802 "Diffie-Hellman server pubkey", HFILL } \
1804 { & name .hf.hs_client_keyex_yc, \
1805 { "Pubkey", prefix ".handshake.yc", \
1806 FT_BYTES, BASE_NONE, NULL, 0x0, \
1807 "Diffie-Hellman client pubkey", HFILL } \
1809 { & name .hf.hs_server_keyex_point, \
1810 { "Pubkey", prefix ".handshake.server_point", \
1811 FT_BYTES, BASE_NONE, NULL, 0x0, \
1812 "EC Diffie-Hellman server pubkey", HFILL } \
1814 { & name .hf.hs_client_keyex_point, \
1815 { "Pubkey", prefix ".handshake.client_point", \
1816 FT_BYTES, BASE_NONE, NULL, 0x0, \
1817 "EC Diffie-Hellman client pubkey", HFILL } \
1819 { & name .hf.hs_server_keyex_xs_len, \
1820 { "Pubkey Length", prefix ".handshake.xs_len", \
1821 FT_UINT8, BASE_DEC, NULL, 0x0, \
1822 "Length of EC J-PAKE server public key", HFILL } \
1824 { & name .hf.hs_client_keyex_xc_len, \
1825 { "Pubkey Length", prefix ".handshake.xc_len", \
1826 FT_UINT8, BASE_DEC, NULL, 0x0, \
1827 "Length of EC J-PAKE client public key", HFILL } \
1829 { & name .hf.hs_server_keyex_xs, \
1830 { "Pubkey", prefix ".handshake.xs", \
1831 FT_BYTES, BASE_NONE, NULL, 0x0, \
1832 "EC J-PAKE server public key", HFILL } \
1834 { & name .hf.hs_client_keyex_xc, \
1835 { "Pubkey", prefix ".handshake.xc", \
1836 FT_BYTES, BASE_NONE, NULL, 0x0, \
1837 "EC J-PAKE client public key", HFILL } \
1839 { & name .hf.hs_server_keyex_vs_len, \
1840 { "Ephemeral Pubkey Length", prefix ".handshake.vs_len", \
1841 FT_UINT8, BASE_DEC, NULL, 0x0, \
1842 "Length of EC J-PAKE server ephemeral public key", HFILL } \
1844 { & name .hf.hs_client_keyex_vc_len, \
1845 { "Ephemeral Pubkey Length", prefix ".handshake.vc_len", \
1846 FT_UINT8, BASE_DEC, NULL, 0x0, \
1847 "Length of EC J-PAKE client ephemeral public key", HFILL } \
1849 { & name .hf.hs_server_keyex_vs, \
1850 { "Ephemeral Pubkey", prefix ".handshake.vs", \
1851 FT_BYTES, BASE_NONE, NULL, 0x0, \
1852 "EC J-PAKE server ephemeral public key", HFILL } \
1854 { & name .hf.hs_client_keyex_vc, \
1855 { "Ephemeral Pubkey", prefix ".handshake.vc", \
1856 FT_BYTES, BASE_NONE, NULL, 0x0, \
1857 "EC J-PAKE client ephemeral public key", HFILL } \
1859 { & name .hf.hs_server_keyex_rs_len, \
1860 { "Schnorr signature Length", prefix ".handshake.rs_len", \
1861 FT_UINT8, BASE_DEC, NULL, 0x0, \
1862 "Length of EC J-PAKE server Schnorr signature", HFILL } \
1864 { & name .hf.hs_client_keyex_rc_len, \
1865 { "Schnorr signature Length", prefix ".handshake.rc_len", \
1866 FT_UINT8, BASE_DEC, NULL, 0x0, \
1867 "Length of EC J-PAKE client Schnorr signature", HFILL } \
1869 { & name .hf.hs_server_keyex_rs, \
1870 { "Schnorr signature", prefix ".handshake.rs", \
1871 FT_BYTES, BASE_NONE, NULL, 0x0, \
1872 "EC J-PAKE server Schnorr signature", HFILL } \
1874 { & name .hf.hs_client_keyex_rc, \
1875 { "Schnorr signature", prefix ".handshake.rc", \
1876 FT_BYTES, BASE_NONE, NULL, 0x0, \
1877 "EC J-PAKE client Schnorr signature", HFILL } \
1879 { & name .hf.hs_server_keyex_modulus, \
1880 { "Modulus", prefix ".handshake.modulus", \
1881 FT_BYTES, BASE_NONE, NULL, 0x0, \
1882 "RSA-EXPORT modulus", HFILL } \
1884 { & name .hf.hs_server_keyex_exponent, \
1885 { "Exponent", prefix ".handshake.exponent", \
1886 FT_BYTES, BASE_NONE, NULL, 0x0, \
1887 "RSA-EXPORT exponent", HFILL } \
1889 { & name .hf.hs_server_keyex_sig, \
1890 { "Signature", prefix ".handshake.sig", \
1891 FT_BYTES, BASE_NONE, NULL, 0x0, \
1892 "Diffie-Hellman server signature", HFILL } \
1894 { & name .hf.hs_server_keyex_hint_len, \
1895 { "Hint Length", prefix ".handshake.hint_len", \
1896 FT_UINT16, BASE_DEC, NULL, 0x0, \
1897 "Length of PSK Hint", HFILL } \
1899 { & name .hf.hs_server_keyex_hint, \
1900 { "Hint", prefix ".handshake.hint", \
1901 FT_BYTES, BASE_NONE, NULL, 0x0, \
1902 "PSK Hint", HFILL } \
1904 { & name .hf.hs_client_keyex_identity_len, \
1905 { "Identity Length", prefix ".handshake.identity_len", \
1906 FT_UINT16, BASE_DEC, NULL, 0x0, \
1907 "Length of PSK Identity", HFILL } \
1909 { & name .hf.hs_client_keyex_identity, \
1910 { "Identity", prefix ".handshake.identity", \
1911 FT_BYTES, BASE_NONE, NULL, 0x0, \
1912 "PSK Identity", HFILL } \
1914 { & name .hf.hs_ext_heartbeat_mode, \
1915 { "Mode", prefix ".handshake.extension.heartbeat.mode", \
1916 FT_UINT8, BASE_DEC, VALS(tls_heartbeat_mode), 0x0, \
1917 "Heartbeat extension mode", HFILL } \
1919 { & name .hf.hs_certificates_len, \
1920 { "Certificates Length", prefix ".handshake.certificates_length", \
1921 FT_UINT24, BASE_DEC, NULL, 0x0, \
1922 "Length of certificates field", HFILL } \
1924 { & name .hf.hs_certificates, \
1925 { "Certificates", prefix ".handshake.certificates", \
1926 FT_NONE, BASE_NONE, NULL, 0x0, \
1927 "List of certificates", HFILL } \
1929 { & name .hf.hs_certificate, \
1930 { "Certificate", prefix ".handshake.certificate", \
1931 FT_BYTES, BASE_NONE, NULL, 0x0, \
1934 { & name .hf.hs_certificate_len, \
1935 { "Certificate Length", prefix ".handshake.certificate_length", \
1936 FT_UINT24, BASE_DEC, NULL, 0x0, \
1937 "Length of certificate", HFILL } \
1939 { & name .hf.hs_cert_types_count, \
1940 { "Certificate types count", prefix ".handshake.cert_types_count",\
1941 FT_UINT8, BASE_DEC, NULL, 0x0, \
1942 "Count of certificate types", HFILL } \
1944 { & name .hf.hs_cert_types, \
1945 { "Certificate types", prefix ".handshake.cert_types", \
1946 FT_NONE, BASE_NONE, NULL, 0x0, \
1947 "List of certificate types", HFILL } \
1949 { & name .hf.hs_cert_type, \
1950 { "Certificate type", prefix ".handshake.cert_type", \
1951 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0, \
1954 { & name .hf.hs_dnames_len, \
1955 { "Distinguished Names Length", prefix ".handshake.dnames_len", \
1956 FT_UINT16, BASE_DEC, NULL, 0x0, \
1957 "Length of list of CAs that server trusts", HFILL } \
1959 { & name .hf.hs_dnames, \
1960 { "Distinguished Names", prefix ".handshake.dnames", \
1961 FT_NONE, BASE_NONE, NULL, 0x0, \
1962 "List of CAs that server trusts", HFILL } \
1964 { & name .hf.hs_dname_len, \
1965 { "Distinguished Name Length", prefix ".handshake.dname_len", \
1966 FT_UINT16, BASE_DEC, NULL, 0x0, \
1967 "Length of distinguished name", HFILL } \
1969 { & name .hf.hs_dnames_truncated, \
1970 { "Tree view truncated", prefix ".handshake.dnames_truncated", \
1971 FT_NONE, BASE_NONE, NULL, 0x00, \
1972 "Some Distinguished Names are not added to tree pane to limit resources", HFILL } \
1974 { & name .hf.hs_dname, \
1975 { "Distinguished Name", prefix ".handshake.dname", \
1976 FT_NONE, BASE_NONE, NULL, 0x0, \
1977 "Distinguished name of a CA that server trusts", HFILL } \
1979 { & name .hf.hs_random, \
1980 { "Random", prefix ".handshake.random", \
1981 FT_BYTES, BASE_NONE, NULL, 0x0, \
1982 "Random values used for deriving keys", HFILL } \
1984 { & name .hf.hs_random_time, \
1985 { "GMT Unix Time", prefix ".handshake.random_time", \
1986 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, \
1987 "Unix time field of random structure", HFILL } \
1989 { & name .hf.hs_random_bytes, \
1990 { "Random Bytes", prefix ".handshake.random_bytes", \
1991 FT_BYTES, BASE_NONE, NULL, 0x0, \
1992 "Random values used for deriving keys", HFILL } \
1994 { & name .hf.hs_session_id, \
1995 { "Session ID", prefix ".handshake.session_id", \
1996 FT_BYTES, BASE_NONE, NULL, 0x0, \
1997 "Identifies the SSL session, allowing later resumption", HFILL }\
1999 { & name .hf.hs_session_id_len, \
2000 { "Session ID Length", prefix ".handshake.session_id_length", \
2001 FT_UINT8, BASE_DEC, NULL, 0x0, \
2002 "Length of Session ID field", HFILL } \
2004 { & name .hf.hs_client_version, \
2005 { "Version", prefix ".handshake.version", \
2006 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
2007 "Maximum version supported by client", HFILL } \
2009 { & name .hf.hs_server_version, \
2010 { "Version", prefix ".handshake.version", \
2011 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
2012 "Version selected by server", HFILL } \
2014 { & name .hf.hs_cipher_suites_len, \
2015 { "Cipher Suites Length", prefix ".handshake.cipher_suites_length", \
2016 FT_UINT16, BASE_DEC, NULL, 0x0, \
2017 "Length of cipher suites field", HFILL } \
2019 { & name .hf.hs_cipher_suites, \
2020 { "Cipher Suites", prefix ".handshake.ciphersuites", \
2021 FT_NONE, BASE_NONE, NULL, 0x0, \
2022 "List of cipher suites supported by client", HFILL } \
2024 { & name .hf.hs_cipher_suite, \
2025 { "Cipher Suite", prefix ".handshake.ciphersuite", \
2026 FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0, \
2029 { & name .hf.hs_comp_methods_len, \
2030 { "Compression Methods Length", prefix ".handshake.comp_methods_length", \
2031 FT_UINT8, BASE_DEC, NULL, 0x0, \
2032 "Length of compression methods field", HFILL } \
2034 { & name .hf.hs_comp_methods, \
2035 { "Compression Methods", prefix ".handshake.comp_methods", \
2036 FT_NONE, BASE_NONE, NULL, 0x0, \
2037 "List of compression methods supported by client", HFILL } \
2039 { & name .hf.hs_comp_method, \
2040 { "Compression Method", prefix ".handshake.comp_method", \
2041 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0, \
2044 { & name .hf.hs_session_ticket_lifetime_hint, \
2045 { "Session Ticket Lifetime Hint", \
2046 prefix ".handshake.session_ticket_lifetime_hint", \
2047 FT_UINT32, BASE_DEC|BASE_UNIT_STRING, &units_second_seconds, 0x0, \
2048 "New Session Ticket Lifetime Hint", HFILL } \
2050 { & name .hf.hs_session_ticket_age_add, \
2051 { "Session Ticket Age Add", \
2052 prefix ".handshake.session_ticket_age_add", \
2053 FT_UINT32, BASE_DEC, NULL, 0x0, \
2054 "Random 32-bit value to obscure age of ticket", HFILL } \
2056 { & name .hf.hs_session_ticket_nonce_len, \
2057 { "Session Ticket Nonce Length", prefix ".handshake.session_ticket_nonce_length", \
2058 FT_UINT8, BASE_DEC, NULL, 0x0, \
2061 { & name .hf.hs_session_ticket_nonce, \
2062 { "Session Ticket Nonce", prefix ".handshake.session_ticket_nonce", \
2063 FT_BYTES, BASE_NONE, NULL, 0x0, \
2064 "A unique per-ticket value", HFILL } \
2066 { & name .hf.hs_session_ticket_len, \
2067 { "Session Ticket Length", prefix ".handshake.session_ticket_length", \
2068 FT_UINT16, BASE_DEC, NULL, 0x0, \
2069 "New Session Ticket Length", HFILL } \
2071 { & name .hf.hs_session_ticket, \
2072 { "Session Ticket", prefix ".handshake.session_ticket", \
2073 FT_BYTES, BASE_NONE, NULL, 0x0, \
2074 "New Session Ticket", HFILL } \
2076 { & name .hf.hs_finished, \
2077 { "Verify Data", prefix ".handshake.verify_data", \
2078 FT_NONE, BASE_NONE, NULL, 0x0, \
2079 "Opaque verification data", HFILL } \
2081 { & name .hf.hs_client_cert_vrfy_sig_len, \
2082 { "Signature length", prefix ".handshake.client_cert_vrfy.sig_len", \
2083 FT_UINT16, BASE_DEC, NULL, 0x0, \
2084 "Length of CertificateVerify's signature", HFILL } \
2086 { & name .hf.hs_client_cert_vrfy_sig, \
2087 { "Signature", prefix ".handshake.client_cert_vrfy.sig", \
2088 FT_BYTES, BASE_NONE, NULL, 0x0, \
2089 "CertificateVerify's signature", HFILL } \
2091 { & name .hf.hs_ja3_full, \
2092 { "JA3 Fullstring", prefix ".handshake.ja3_full", \
2093 FT_STRING, BASE_NONE, NULL, 0x0, \
2096 { & name .hf.hs_ja3_hash, \
2097 { "JA3", prefix ".handshake.ja3", \
2098 FT_STRING, BASE_NONE, NULL, 0x0, \
2101 { & name .hf.hs_ja3s_full, \
2102 { "JA3S Fullstring", prefix ".handshake.ja3s_full", \
2103 FT_STRING, BASE_NONE, NULL, 0x0, \
2106 { & name .hf.hs_ja3s_hash, \
2107 { "JA3S", prefix ".handshake.ja3s", \
2108 FT_STRING, BASE_NONE, NULL, 0x0, \
2111 { & name .hf.hs_ja4, \
2112 { "JA4", prefix ".handshake.ja4", \
2113 FT_STRING, BASE_NONE, NULL, 0x0, \
2116 { & name .hf.hs_ja4_r, \
2117 { "JA4_r", prefix ".handshake.ja4_r", \
2118 FT_STRING, BASE_NONE, NULL, 0x0, \
2121 { & name .hf.hs_ext_psk_ke_modes_length, \
2122 { "PSK Key Exchange Modes Length", prefix ".extension.psk_ke_modes_length", \
2123 FT_UINT8, BASE_DEC, NULL, 0x0, \
2126 { & name .hf.hs_ext_psk_ke_mode, \
2127 { "PSK Key Exchange Mode", prefix ".extension.psk_ke_mode", \
2128 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_psk_ke_mode), 0x0, \
2129 "Key exchange modes where the client supports use of PSKs", HFILL } \
2131 { & name .hf.hs_certificate_request_context_length, \
2132 { "Certificate Request Context Length", prefix ".handshake.certificate_request_context_length", \
2133 FT_UINT8, BASE_DEC, NULL, 0x0, \
2136 { & name .hf.hs_certificate_request_context, \
2137 { "Certificate Request Context", prefix ".handshake.certificate_request_context", \
2138 FT_BYTES, BASE_NONE, NULL, 0x0, \
2139 "Value from CertificateRequest or empty for server auth", HFILL } \
2141 { & name .hf.hs_key_update_request_update, \
2142 { "Key Update Request", prefix ".handshake.key_update.request_update", \
2143 FT_UINT8, BASE_DEC, VALS(tls13_key_update_request), 0x00, \
2144 "Whether the receiver should also update its keys", HFILL } \
2146 { & name .hf.sct_scts_length, \
2147 { "Serialized SCT List Length", prefix ".sct.scts_length", \
2148 FT_UINT16, BASE_DEC, NULL, 0x00, \
2151 { & name .hf.sct_sct_length, \
2152 { "Serialized SCT Length", prefix ".sct.sct_length", \
2153 FT_UINT16, BASE_DEC, NULL, 0x00, \
2156 { & name .hf.sct_sct_version, \
2157 { "SCT Version", prefix ".sct.sct_version", \
2158 FT_UINT8, BASE_DEC, NULL, 0x00, \
2159 "SCT Protocol version (v1 (0) is defined in RFC 6962)", HFILL } \
2161 { & name .hf.sct_sct_logid, \
2162 { "Log ID", prefix ".sct.sct_logid", \
2163 FT_BYTES, BASE_NONE, NULL, 0x00, \
2164 "SHA-256 hash of log's public key", HFILL } \
2166 { & name .hf.sct_sct_timestamp, \
2167 { "Timestamp", prefix ".sct.sct_timestamp", \
2168 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x00, \
2169 "Timestamp of issuance", HFILL } \
2171 { & name .hf.sct_sct_extensions_length, \
2172 { "Extensions length", prefix ".sct.sct_extensions_length", \
2173 FT_UINT16, BASE_DEC, NULL, 0x00, \
2174 "Length of future extensions to this protocol (currently none)", HFILL } \
2176 { & name .hf.sct_sct_extensions, \
2177 { "Extensions", prefix ".sct.sct_extensions", \
2178 FT_NONE, BASE_NONE, NULL, 0x00, \
2179 "Future extensions to this protocol (currently none)", HFILL } \
2181 { & name .hf.sct_sct_signature_length, \
2182 { "Signature Length", prefix ".sct.sct_signature_length", \
2183 FT_UINT16, BASE_DEC, NULL, 0x00, \
2186 { & name .hf.sct_sct_signature, \
2187 { "Signature", prefix ".sct.sct_signature", \
2188 FT_BYTES, BASE_NONE, NULL, 0x00, \
2191 { & name .hf.hs_ext_max_early_data_size, \
2192 { "Maximum Early Data Size", prefix ".early_data.max_early_data_size", \
2193 FT_UINT32, BASE_DEC, NULL, 0x00, \
2194 "Maximum amount of 0-RTT data that the client may send", HFILL } \
2196 { & name .hf.hs_ext_oid_filters_length, \
2197 { "OID Filters Length", prefix ".extension.oid_filters_length", \
2198 FT_UINT16, BASE_DEC, NULL, 0x00, \
2201 { & name .hf.hs_ext_oid_filters_oid_length, \
2202 { "Certificate Extension OID Length", prefix ".extension.oid_filters.oid_length", \
2203 FT_UINT8, BASE_DEC, NULL, 0x00, \
2206 { & name .hf.hs_ext_oid_filters_oid, \
2207 { "Certificate Extension OID", prefix ".extension.oid_filters.oid", \
2208 FT_OID, BASE_NONE, NULL, 0x00, \
2211 { & name .hf.hs_ext_oid_filters_values_length, \
2212 { "Certificate Extension Values Length", prefix ".extension.oid_filters.values_length", \
2213 FT_UINT16, BASE_DEC, NULL, 0x00, \
2216 { & name .hf.hs_cred_valid_time, \
2217 { "Valid Time", prefix ".handshake.cred.valid_time", \
2218 FT_UINT16, BASE_DEC, NULL, 0x0, \
2219 "Delegated Credentials Valid Time", HFILL } \
2221 { & name .hf.hs_cred_pubkey, \
2222 { "Subject Public Key Info", prefix ".handshake.cred.pubkey", \
2223 FT_BYTES, BASE_NONE, NULL, 0x0, \
2224 "Delegated Credentials Subject Public Key Info", HFILL } \
2226 { & name .hf.hs_cred_pubkey_len, \
2227 { "Subject Public Key Info Length", prefix ".handshake.cred.pubkey_len", \
2228 FT_UINT24, BASE_DEC, NULL, 0x0, \
2229 "Delegated Credentials Subject Public Key Info Length", HFILL } \
2231 { & name .hf.hs_cred_signature, \
2232 { "Signature", prefix ".handshake.cred.signature", \
2233 FT_BYTES, BASE_NONE, NULL, 0x0, \
2234 "Delegated Credentials Signature", HFILL } \
2236 { & name .hf.hs_cred_signature_len, \
2237 { "Signature Length", prefix ".handshake.cred.signature_len", \
2238 FT_UINT16, BASE_DEC, NULL, 0x0, \
2239 "Delegated Credentials Signature Length", HFILL } \
2241 { & name .hf.hs_ext_compress_certificate_algorithms_length, \
2242 { "Algorithms Length", prefix ".compress_certificate.algorithms_length", \
2243 FT_UINT8, BASE_DEC, NULL, 0x00, \
2246 { & name .hf.hs_ext_compress_certificate_algorithm, \
2247 { "Algorithm", prefix ".compress_certificate.algorithm", \
2248 FT_UINT16, BASE_DEC, VALS(compress_certificate_algorithm_vals), 0x00, \
2251 { & name .hf.hs_ext_compress_certificate_uncompressed_length, \
2252 { "Uncompressed Length", prefix ".compress_certificate.uncompressed_length", \
2253 FT_UINT24, BASE_DEC, NULL, 0x00, \
2256 { & name .hf.hs_ext_compress_certificate_compressed_certificate_message_length, \
2257 { "Length", prefix ".compress_certificate.compressed_certificate_message.length", \
2258 FT_UINT24, BASE_DEC, NULL, 0x00, \
2261 { & name .hf.hs_ext_compress_certificate_compressed_certificate_message, \
2262 { "Compressed Certificate Message", prefix ".compress_certificate.compressed_certificate_message", \
2263 FT_BYTES, BASE_NONE, NULL, 0x00, \
2266 { & name .hf.hs_ext_token_binding_version_major, \
2267 { "Protocol Major Version", prefix ".token_binding.version_major", \
2268 FT_UINT8, BASE_HEX, NULL, 0x00, \
2269 "Major version of the Token Binding protocol", HFILL } \
2271 { & name .hf.hs_ext_token_binding_version_minor, \
2272 { "Protocol Minor Version", prefix ".token_binding.version_minor", \
2273 FT_UINT8, BASE_HEX, NULL, 0x00, \
2274 "Minor version of the Token Binding protocol", HFILL } \
2276 { & name .hf.hs_ext_token_binding_key_parameters, \
2277 { "Key Parameters", prefix ".token_binding.key_parameters", \
2278 FT_NONE, BASE_NONE, NULL, 0x0, \
2281 { & name .hf.hs_ext_token_binding_key_parameters_length, \
2282 { "Key Parameters Length", prefix ".token_binding.key_parameters_length", \
2283 FT_UINT8, BASE_DEC, NULL, 0x00, \
2284 "Length of the key parameters list", HFILL } \
2286 { & name .hf.hs_ext_token_binding_key_parameter, \
2287 { "Key Parameter", prefix ".token_binding.key_parameter", \
2288 FT_UINT8, BASE_DEC, VALS(token_binding_key_parameter_vals), 0x00, \
2289 "Identifier of the Token Binding key parameter", HFILL } \
2291 { & name .hf.hs_ext_record_size_limit, \
2292 { "Record Size Limit", prefix ".record_size_limit", \
2293 FT_UINT16, BASE_DEC, NULL, 0x00, \
2294 "Maximum record size that an endpoint is willing to receive", HFILL } \
2296 { & name .hf.hs_ext_quictp_len, \
2297 { "Parameters Length", prefix ".quic.len", \
2298 FT_UINT16, BASE_DEC, NULL, 0x00, \
2301 { & name .hf.hs_ext_quictp_parameter, \
2302 { "Parameter", prefix ".quic.parameter", \
2303 FT_NONE, BASE_NONE, NULL, 0x00, \
2306 { & name .hf.hs_ext_quictp_parameter_type, \
2307 { "Type", prefix ".quic.parameter.type", \
2308 FT_UINT64, BASE_CUSTOM, CF_FUNC(quic_transport_parameter_id_base_custom), 0x00, \
2311 { & name .hf.hs_ext_quictp_parameter_len, \
2312 { "Length", prefix ".quic.parameter.length", \
2313 FT_UINT64, BASE_DEC, NULL, 0x00, \
2316 { & name .hf.hs_ext_quictp_parameter_len_old, \
2317 { "Length", prefix ".quic.parameter.lengt.old", \
2318 FT_UINT16, BASE_DEC, NULL, 0x00, \
2321 { & name .hf.hs_ext_quictp_parameter_value, \
2322 { "Value", prefix ".quic.parameter.value", \
2323 FT_BYTES, BASE_NONE, NULL, 0x00, \
2326 { & name .hf.hs_ext_quictp_parameter_original_destination_connection_id, \
2327 { "original_destination_connection_id", prefix ".quic.parameter.original_destination_connection_id", \
2328 FT_BYTES, BASE_NONE, NULL, 0x00, \
2329 "Destination Connection ID from the first Initial packet sent by the client", HFILL } \
2331 { & name .hf.hs_ext_quictp_parameter_max_idle_timeout, \
2332 { "max_idle_timeout", prefix ".quic.parameter.max_idle_timeout", \
2333 FT_UINT64, BASE_DEC, NULL, 0x00, \
2334 "In milliseconds", HFILL } \
2336 { & name .hf.hs_ext_quictp_parameter_stateless_reset_token, \
2337 { "stateless_reset_token", prefix ".quic.parameter.stateless_reset_token", \
2338 FT_BYTES, BASE_NONE, NULL, 0x00, \
2339 "Used in verifying a stateless reset", HFILL } \
2341 { & name .hf.hs_ext_quictp_parameter_max_udp_payload_size, \
2342 { "max_udp_payload_size", prefix ".quic.parameter.max_udp_payload_size", \
2343 FT_UINT64, BASE_DEC, NULL, 0x00, \
2344 "Maximum UDP payload size that the endpoint is willing to receive", HFILL } \
2346 { & name .hf.hs_ext_quictp_parameter_initial_max_data, \
2347 { "initial_max_data", prefix ".quic.parameter.initial_max_data", \
2348 FT_UINT64, BASE_DEC, NULL, 0x00, \
2349 "Contains the initial value for the maximum amount of data that can be sent on the connection", HFILL } \
2351 { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_local, \
2352 { "initial_max_stream_data_bidi_local", prefix ".quic.parameter.initial_max_stream_data_bidi_local", \
2353 FT_UINT64, BASE_DEC, NULL, 0x00, \
2354 "Initial stream maximum data for bidirectional, locally-initiated streams", HFILL } \
2356 { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote, \
2357 { "initial_max_stream_data_bidi_remote", prefix ".quic.parameter.initial_max_stream_data_bidi_remote", \
2358 FT_UINT64, BASE_DEC, NULL, 0x00, \
2359 "Initial stream maximum data for bidirectional, peer-initiated streams", HFILL } \
2361 { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_uni, \
2362 { "initial_max_stream_data_uni", prefix ".quic.parameter.initial_max_stream_data_uni", \
2363 FT_UINT64, BASE_DEC, NULL, 0x00, \
2364 "Initial stream maximum data for unidirectional streams parameter", HFILL } \
2366 { & name .hf.hs_ext_quictp_parameter_initial_max_streams_bidi, \
2367 { "initial_max_streams_bidi", prefix ".quic.parameter.initial_max_streams_bidi", \
2368 FT_UINT64, BASE_DEC, NULL, 0x00, \
2369 "Initial maximum number of application-owned bidirectional streams", HFILL } \
2371 { & name .hf.hs_ext_quictp_parameter_initial_max_streams_uni, \
2372 { "initial_max_streams_uni", prefix ".quic.parameter.initial_max_streams_uni", \
2373 FT_UINT64, BASE_DEC, NULL, 0x00, \
2374 "Initial maximum number of application-owned unidirectional streams", HFILL } \
2376 { & name .hf.hs_ext_quictp_parameter_ack_delay_exponent, \
2377 { "ack_delay_exponent", prefix ".quic.parameter.ack_delay_exponent", \
2378 FT_UINT64, BASE_DEC, NULL, 0x00, \
2379 "Indicating an exponent used to decode the ACK Delay field in the ACK frame,", HFILL } \
2381 { & name .hf.hs_ext_quictp_parameter_max_ack_delay, \
2382 { "max_ack_delay", prefix ".quic.parameter.max_ack_delay", \
2383 FT_UINT64, BASE_DEC, NULL, 0x00, \
2384 "Indicating the maximum amount of time in milliseconds by which it will delay sending of acknowledgments", HFILL } \
2386 { & name .hf.hs_ext_quictp_parameter_pa_ipv4address, \
2387 { "ipv4Address", prefix ".quic.parameter.preferred_address.ipv4address", \
2388 FT_IPv4, BASE_NONE, NULL, 0x00, \
2391 { & name .hf.hs_ext_quictp_parameter_pa_ipv6address, \
2392 { "ipv6Address", prefix ".quic.parameter.preferred_address.ipv6address", \
2393 FT_IPv6, BASE_NONE, NULL, 0x00, \
2396 { & name .hf.hs_ext_quictp_parameter_pa_ipv4port, \
2397 { "ipv4Port", prefix ".quic.parameter.preferred_address.ipv4port", \
2398 FT_UINT16, BASE_DEC, NULL, 0x00, \
2401 { & name .hf.hs_ext_quictp_parameter_pa_ipv6port, \
2402 { "ipv6Port", prefix ".quic.parameter.preferred_address.ipv6port", \
2403 FT_UINT16, BASE_DEC, NULL, 0x00, \
2406 { & name .hf.hs_ext_quictp_parameter_pa_connectionid_length, \
2407 { "Length", prefix ".quic.parameter.preferred_address.connectionid.length", \
2408 FT_UINT8, BASE_DEC, NULL, 0x00, \
2409 "Length of connectionId Field", HFILL } \
2411 { & name .hf.hs_ext_quictp_parameter_pa_connectionid, \
2412 { "connectionId", prefix ".quic.parameter.preferred_address.connectionid", \
2413 FT_BYTES, BASE_NONE, NULL, 0x00, \
2416 { & name .hf.hs_ext_quictp_parameter_pa_statelessresettoken, \
2417 { "statelessResetToken", prefix ".quic.parameter.preferred_address.statelessresettoken", \
2418 FT_BYTES, BASE_NONE, NULL, 0x00, \
2421 { & name .hf.hs_ext_quictp_parameter_active_connection_id_limit, \
2422 { "Active Connection ID Limit", prefix ".quic.parameter.active_connection_id_limit", \
2423 FT_UINT64, BASE_DEC, NULL, 0x00, \
2426 { & name .hf.hs_ext_quictp_parameter_initial_source_connection_id, \
2427 { "Initial Source Connection ID", prefix ".quic.parameter.initial_source_connection_id", \
2428 FT_BYTES, BASE_NONE, NULL, 0x00, \
2431 { & name .hf.hs_ext_quictp_parameter_retry_source_connection_id, \
2432 { "Retry Source Connection ID", prefix ".quic.parameter.retry_source_connection_id", \
2433 FT_BYTES, BASE_NONE, NULL, 0x00, \
2436 { & name .hf.hs_ext_quictp_parameter_max_datagram_frame_size, \
2437 { "max_datagram_frame_size", prefix ".quic.parameter.max_datagram_frame_size", \
2438 FT_UINT64, BASE_DEC, NULL, 0x00, \
2441 { & name .hf.hs_ext_quictp_parameter_cibir_encoding_length, \
2442 { "length", prefix ".quic.parameter.cibir_encoding.length", \
2443 FT_UINT64, BASE_DEC, NULL, 0x00, \
2446 { & name .hf.hs_ext_quictp_parameter_cibir_encoding_offset, \
2447 { "offset", prefix ".quic.parameter.cibir_encoding.offset", \
2448 FT_UINT64, BASE_DEC, NULL, 0x00, \
2451 { & name .hf.hs_ext_quictp_parameter_loss_bits, \
2452 { "loss_bits", prefix ".quic.parameter.loss_bits", \
2453 FT_UINT64, BASE_DEC, NULL, 0x00, \
2456 { & name .hf.hs_ext_quictp_parameter_enable_time_stamp_v2, \
2457 { "Enable TimestampV2", prefix ".quic.parameter.enable_time_stamp_v2", \
2458 FT_UINT64, BASE_DEC|BASE_VAL64_STRING, VALS64(quic_enable_time_stamp_v2_vals), 0x00, \
2461 { & name .hf.hs_ext_quictp_parameter_min_ack_delay, \
2462 { "min_ack_delay", prefix ".quic.parameter.min_ack_delay", \
2463 FT_UINT64, BASE_DEC, NULL, 0x00, \
2466 { & name .hf.hs_ext_quictp_parameter_google_user_agent_id, \
2467 { "Google UserAgent", prefix ".quic.parameter.google.user_agent", \
2468 FT_STRING, BASE_NONE, NULL, 0x00, \
2471 { & name .hf.hs_ext_quictp_parameter_google_key_update_not_yet_supported, \
2472 { "Google Key Update not yet supported", prefix ".quic.parameter.google.key_update_not_yet_supported", \
2473 FT_NONE, BASE_NONE, NULL, 0x00, \
2476 { & name .hf.hs_ext_quictp_parameter_google_quic_version, \
2477 { "Google QUIC version", prefix ".quic.parameter.google.quic_version", \
2478 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2481 { & name .hf.hs_ext_quictp_parameter_google_initial_rtt, \
2482 { "Google Initial RTT", prefix ".quic.parameter.google.initial_rtt", \
2483 FT_UINT64, BASE_DEC, NULL, 0x00, \
2486 { & name .hf.hs_ext_quictp_parameter_google_support_handshake_done, \
2487 { "Google Support Handshake Done", prefix ".quic.parameter.google.support_handshake_done", \
2488 FT_NONE, BASE_NONE, NULL, 0x00, \
2491 { & name .hf.hs_ext_quictp_parameter_google_quic_params, \
2492 { "Google QUIC parameters", prefix ".quic.parameter.google.quic_params", \
2493 FT_BYTES, BASE_NONE, NULL, 0x00, \
2496 { & name .hf.hs_ext_quictp_parameter_google_quic_params_unknown_field, \
2497 { "Google Unknown Field", prefix ".quic.parameter.google.quic_params_unknown_field", \
2498 FT_BYTES, BASE_NONE, NULL, 0x00, \
2501 { & name .hf.hs_ext_quictp_parameter_google_connection_options, \
2502 { "Google Connection options", prefix ".quic.parameter.google.connection_options", \
2503 FT_BYTES, BASE_NONE, NULL, 0x00, \
2506 { & name .hf.hs_ext_quictp_parameter_google_supported_versions_length, \
2507 { "Google Supported Versions Length", prefix ".quic.parameter.google.supported_versions_length", \
2508 FT_UINT8, BASE_DEC, NULL, 0x00, \
2511 { & name .hf.hs_ext_quictp_parameter_google_supported_version, \
2512 { "Google Supported Version", prefix ".quic.parameter.google.supported_version", \
2513 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2516 { & name .hf.hs_ext_quictp_parameter_facebook_partial_reliability, \
2517 { "Facebook Partial Reliability", prefix ".quic.parameter.facebook.partial_reliability", \
2518 FT_UINT64, BASE_DEC, NULL, 0x00, \
2521 { & name .hf.hs_ext_quictp_parameter_chosen_version, \
2522 { "Chosen Version", prefix ".quic.parameter.vi.chosen_version", \
2523 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2526 { & name .hf.hs_ext_quictp_parameter_other_version, \
2527 { "Other Version", prefix ".quic.parameter.vi.other_version", \
2528 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2531 { & name .hf.hs_ext_quictp_parameter_enable_multipath, \
2532 { "Enable Multipath", prefix ".quic.parameter.enable_multipath", \
2533 FT_UINT64, BASE_DEC|BASE_VAL64_STRING, VALS64(quic_enable_multipath_vals), 0x00, \
2536 { & name .hf.hs_ext_connection_id_length, \
2537 { "Connection ID length", prefix ".connection_id_length", \
2538 FT_UINT8, BASE_DEC, NULL, 0x00, \
2541 { & name .hf.hs_ext_connection_id, \
2542 { "Connection ID", prefix ".connection_id", \
2543 FT_BYTES, BASE_NONE, NULL, 0x00, \
2546 { & name .hf.esni_suite, \
2547 { "Cipher Suite", prefix ".esni.suite", \
2548 FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0, \
2549 "Cipher suite used to encrypt the SNI", HFILL } \
2551 { & name .hf.esni_record_digest_length, \
2552 { "Record Digest Length", prefix ".esni.record_digest_length", \
2553 FT_UINT16, BASE_DEC, NULL, 0x00, \
2556 { & name .hf.esni_record_digest, \
2557 { "Record Digest", prefix ".esni.record_digest", \
2558 FT_BYTES, BASE_NONE, NULL, 0x00, \
2559 "Cryptographic hash of the ESNIKeys from which the ESNI key was obtained", HFILL } \
2561 { & name .hf.esni_encrypted_sni_length, \
2562 { "Encrypted SNI Length", prefix ".esni.encrypted_sni_length", \
2563 FT_UINT16, BASE_DEC, NULL, 0x00, \
2566 { & name .hf.esni_encrypted_sni, \
2567 { "Encrypted SNI", prefix ".esni.encrypted_sni", \
2568 FT_BYTES, BASE_NONE, NULL, 0x00, \
2569 "The encrypted ClientESNIInner structure", HFILL } \
2571 { & name .hf.esni_nonce, \
2572 { "Nonce", prefix ".esni.nonce", \
2573 FT_BYTES, BASE_NONE, NULL, 0x00, \
2574 "Contents of ClientESNIInner.nonce", HFILL } \
2576 { & name .hf.ech_echconfiglist_length, \
2577 { "ECHConfigList length", prefix ".ech.echconfiglist_length", \
2578 FT_UINT16, BASE_DEC, NULL, 0x0, \
2579 "Encrypted ClientHello (ECH) Configurations length", HFILL } \
2581 { & name .hf.ech_echconfiglist, \
2582 { "ECHConfigList", prefix ".ech.echconfiglist", \
2583 FT_NONE, BASE_NONE, NULL, 0x0, \
2584 "Encrypted ClientHello (ECH) Configurations", HFILL } \
2586 { & name .hf.ech_echconfig, \
2587 { "ECHConfig", prefix ".ech.echconfig", \
2588 FT_NONE, BASE_NONE, NULL, 0x0, \
2589 "Encrypted ClientHello (ECH) Configuration", HFILL } \
2591 { & name .hf.ech_echconfig_version, \
2592 { "Version", prefix ".ech.echconfig.version", \
2593 FT_UINT16, BASE_HEX, NULL, 0x0, \
2594 "Encrypted ClientHello: ECHConfig version", HFILL } \
2596 { & name .hf.ech_echconfig_length, \
2597 { "Length", prefix ".ech.echconfig.length", \
2598 FT_UINT16, BASE_DEC, NULL, 0x0, \
2599 "Encrypted ClientHello: ECHConfig length", HFILL } \
2601 { & name .hf.ech_echconfigcontents_maximum_name_length, \
2602 { "Maximum Name Length", prefix ".ech.echconfigcontents.maximum_name_length", \
2603 FT_UINT8, BASE_DEC, NULL, 0x0, \
2604 "The longest name of a backend server, if known", HFILL } \
2606 { & name .hf.ech_echconfigcontents_public_name_length, \
2607 { "Public Name length", prefix ".ech.echconfigcontents.public_name_length", \
2608 FT_UINT8, BASE_DEC, NULL, 0x0, \
2609 "Length of the Public Name field", HFILL } \
2611 { & name .hf.ech_echconfigcontents_public_name, \
2612 { "Public Name", prefix ".ech.echconfigcontents.public_name", \
2613 FT_STRING, BASE_NONE, NULL, 0x0, \
2614 "The DNS name of the client-facing server, i.e., the entity trusted to update the ECH configuration", HFILL } \
2616 { & name .hf.ech_echconfigcontents_extensions_length, \
2617 { "Extensions length", prefix ".ech.echconfigcontents.extensions_length", \
2618 FT_UINT16, BASE_DEC, NULL, 0x0, \
2619 "Length of the Extensions field", HFILL } \
2621 { & name .hf.ech_echconfigcontents_extensions, \
2622 { "Extensions", prefix ".ech.echconfigcontents.extensions", \
2623 FT_BYTES, BASE_NONE, NULL, 0x0, \
2624 "A list of extensions that the client must take into consideration when generating a ClientHello message", HFILL } \
2626 { & name .hf.ech_hpke_keyconfig, \
2627 { "HKPE Key Config", prefix ".ech.hpke.keyconfig", \
2628 FT_NONE, BASE_NONE, NULL, 0x0, \
2629 "HPKE Key Config", HFILL } \
2631 { & name .hf.ech_hpke_keyconfig_config_id, \
2632 { "Config Id", prefix ".ech.hpke.keyconfig.config_id", \
2633 FT_UINT8, BASE_DEC, NULL, 0x0, \
2634 "HPKE Config Id", HFILL } \
2636 { & name .hf.ech_hpke_keyconfig_kem_id, \
2637 { "KEM Id", prefix ".ech.hpke.keyconfig.kem_id", \
2638 FT_UINT16, BASE_DEC, VALS(kem_id_type_vals), 0x0, \
2639 "HPKE KEM Id", HFILL } \
2641 { & name .hf.ech_hpke_keyconfig_public_key_length, \
2642 { "Public Key length", prefix ".ech.hpke.keyconfig.public_key_length", \
2643 FT_UINT16, BASE_DEC, NULL, 0x0, \
2644 "HPKE Public Key length", HFILL } \
2646 { & name .hf.ech_hpke_keyconfig_public_key, \
2647 { "Public Key", prefix ".ech.hpke.keyconfig.public_key", \
2648 FT_BYTES, BASE_NONE, NULL, 0x0, \
2649 "HPKE Public Key", HFILL } \
2651 { & name .hf.ech_hpke_keyconfig_cipher_suites, \
2652 { "Cipher Suites", prefix ".ech.hpke.keyconfig.cipher_suites", \
2653 FT_NONE, BASE_NONE, NULL, 0x0, \
2654 "HPKE Cipher Suites", HFILL } \
2656 { & name .hf.ech_hpke_keyconfig_cipher_suites_length, \
2657 { "Cipher Suites length", prefix ".ech.hpke.keyconfig.cipher_suites_length", \
2658 FT_UINT16, BASE_DEC, NULL, 0x0, \
2659 "HPKE Cipher Suites length", HFILL } \
2661 { & name .hf.ech_hpke_keyconfig_cipher_suite, \
2662 { "Cipher Suite", prefix ".ech.hpke.keyconfig.cipher_suite", \
2663 FT_NONE, BASE_NONE, NULL, 0x0, \
2664 "HPKE Cipher Suite", HFILL } \
2666 { & name .hf.ech_hpke_keyconfig_cipher_suite_kdf_id, \
2667 { "KDF Id", prefix ".ech.hpke.keyconfig.cipher_suite.kdf_id", \
2668 FT_UINT16, BASE_DEC, VALS(kdf_id_type_vals), 0x0, \
2669 "HKPE KDF Id", HFILL } \
2671 { & name .hf.ech_hpke_keyconfig_cipher_suite_aead_id, \
2672 { "AEAD Id", prefix ".ech.hpke.keyconfig.cipher_suite.aead_id", \
2673 FT_UINT16, BASE_DEC, VALS(aead_id_type_vals), 0x0, \
2674 "HKPE AEAD Id", HFILL } \
2676 { & name .hf.ech_clienthello_type, \
2677 { "Client Hello type", prefix ".ech.client_hello_type", \
2678 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_ech_clienthello_types), 0x0, \
2679 "Client Hello type", HFILL } \
2681 { & name .hf.ech_cipher_suite, \
2682 { "Cipher Suite", prefix ".ech.cipher_suite", \
2683 FT_NONE, BASE_NONE, NULL, 0x0, \
2684 "The cipher suite used to encrypt ClientHelloInner", HFILL } \
2686 { & name .hf.ech_config_id, \
2687 { "Config Id", prefix ".ech.config_id", \
2688 FT_UINT8, BASE_DEC, NULL, 0x0, \
2689 "The ECHConfigContents.key_config.config_id for the chosen ECHConfig", HFILL } \
2691 { & name .hf.ech_enc_length, \
2692 { "Enc length", prefix ".ech.enc_length", \
2693 FT_UINT16, BASE_DEC, NULL, 0x0, \
2696 { & name .hf.ech_enc, \
2697 { "Enc", prefix ".ech.enc", \
2698 FT_BYTES, BASE_NONE, NULL, 0x0, \
2699 "The HPKE encapsulated key, used by servers to decrypt the corresponding payload field", HFILL } \
2701 { & name .hf.ech_payload_length, \
2702 { "Payload length", prefix ".ech.payload_length", \
2703 FT_UINT16, BASE_DEC, NULL, 0x0, \
2704 "Payload Length", HFILL } \
2706 { & name .hf.ech_payload, \
2707 { "Payload", prefix ".ech.payload", \
2708 FT_BYTES, BASE_NONE, NULL, 0x0, \
2709 "The serialized and encrypted ClientHelloInner structure", HFILL } \
2711 { & name .hf.ech_confirmation, \
2712 { "Confirmation", prefix ".ech.confirmation", \
2713 FT_BYTES, BASE_NONE, NULL, 0x0, \
2714 "Confirmation of ECH acceptance in a HelloRetryRequest", HFILL } \
2716 { & name .hf.ech_retry_configs, \
2717 { "Retry Configs", prefix ".ech.retry_configs", \
2718 FT_NONE, BASE_NONE, NULL, 0x0, \
2719 "ECHConfig structures for one-time use by the client in a retry connection", HFILL } \
2721 { & name .hf.hs_ext_alps_len, \
2722 { "ALPS Extension Length", prefix ".handshake.extensions_alps_len", \
2723 FT_UINT16, BASE_DEC, NULL, 0x0, \
2724 "Length of the ALPS Extension", HFILL } \
2726 { & name .hf.hs_ext_alps_alpn_list, \
2727 { "Supported ALPN List", prefix ".handshake.extensions_alps_alpn_list", \
2728 FT_NONE, BASE_NONE, NULL, 0x0, \
2729 "List of supported ALPN by ALPS", HFILL } \
2731 { & name .hf.hs_ext_alps_alpn_str_len, \
2732 { "Supported ALPN Length", prefix ".handshake.extensions_alps_alpn_str_len", \
2733 FT_UINT8, BASE_DEC, NULL, 0x0, \
2734 "Length of ALPN string", HFILL } \
2736 { & name .hf.hs_ext_alps_alpn_str, \
2737 { "Supported ALPN", prefix ".handshake.extensions_alps_alpn_str", \
2738 FT_STRING, BASE_NONE, NULL, 0x00, \
2739 "ALPN supported by ALPS", HFILL } \
2741 { & name .hf.hs_ext_alps_settings, \
2742 { "ALPN Opaque Settings", prefix ".handshake.extensions_alps.settings", \
2743 FT_BYTES, BASE_NONE, NULL, 0x00, \
2744 "ALPN Opaque Settings", HFILL } \
2749 #define SSL_COMMON_ETT_LIST(name) \
2750 & name .ett.hs_ext, \
2751 & name .ett.hs_ext_alpn, \
2752 & name .ett.hs_ext_cert_types, \
2753 & name .ett.hs_ext_groups, \
2754 & name .ett.hs_ext_curves_point_formats, \
2755 & name .ett.hs_ext_npn, \
2756 & name .ett.hs_ext_reneg_info, \
2757 & name .ett.hs_ext_key_share, \
2758 & name .ett.hs_ext_key_share_ks, \
2759 & name .ett.hs_ext_pre_shared_key, \
2760 & name .ett.hs_ext_psk_identity, \
2761 & name .ett.hs_ext_server_name, \
2762 & name .ett.hs_ext_oid_filter, \
2763 & name .ett.hs_ext_quictp_parameter, \
2764 & name .ett.hs_sig_hash_alg, \
2765 & name .ett.hs_sig_hash_algs, \
2766 & name .ett.urlhash, \
2767 & name .ett.keyex_params, \
2768 & name .ett.certificates, \
2769 & name .ett.cert_types, \
2770 & name .ett.dnames, \
2771 & name .ett.hs_random, \
2772 & name .ett.cipher_suites, \
2773 & name .ett.comp_methods, \
2774 & name .ett.session_ticket, \
2776 & name .ett.cert_status, \
2777 & name .ett.ocsp_response, \
2778 & name .ett.uncompressed_certificates, \
2779 & name .ett.hs_ext_alps, \
2780 & name .ett.ech_echconfiglist, \
2781 & name .ett.ech_echconfig, \
2782 & name .ett.ech_retry_configs, \
2783 & name .ett.ech_hpke_keyconfig, \
2784 & name .ett.ech_hpke_cipher_suites, \
2785 & name .ett.ech_hpke_cipher_suite, \
2786 & name .ett.hs_ext_token_binding_key_parameters, \
2791 #define SSL_COMMON_EI_LIST(name, prefix) \
2792 { & name .ei.client_version_error, \
2793 { prefix ".handshake.client_version_error", PI_PROTOCOL, PI_WARN, \
2794 "Client Hello legacy version field specifies version 1.3, not version 1.2; some servers may not be able to handle that.", EXPFILL } \
2796 { & name .ei.malformed_vector_length, \
2797 { prefix ".malformed.vector_length", PI_PROTOCOL, PI_WARN, \
2798 "Variable vector length is outside the permitted range", EXPFILL } \
2800 { & name .ei.malformed_buffer_too_small, \
2801 { prefix ".malformed.buffer_too_small", PI_MALFORMED, PI_ERROR, \
2802 "Malformed message, not enough data is available", EXPFILL } \
2804 { & name .ei.malformed_trailing_data, \
2805 { prefix ".malformed.trailing_data", PI_PROTOCOL, PI_WARN, \
2806 "Undecoded trailing data is present", EXPFILL } \
2808 { & name .ei.hs_ext_cert_status_undecoded, \
2809 { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, \
2810 "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL } \
2812 { & name .ei.resumed, \
2813 { prefix ".resumed", PI_SEQUENCE, PI_NOTE, \
2814 "This session reuses previously negotiated keys (Session resumption)", EXPFILL } \
2816 { & name .ei.record_length_invalid, \
2817 { prefix ".record.length.invalid", PI_PROTOCOL, PI_ERROR, \
2818 "Record fragment length is too small or too large", EXPFILL } \
2820 { & name .ei.decompression_error, \
2821 { prefix ".decompression_error", PI_PROTOCOL, PI_ERROR, \
2822 "Decompression error", EXPFILL } \
2824 { & name .ei.ech_echconfig_invalid_version, \
2825 { prefix ".ech_echconfig_invalid_version", PI_PROTOCOL, PI_ERROR, \
2826 "Invalid/unknown ECHConfig version", EXPFILL } \
2831 ssl_common_register_ssl_alpn_dissector_table(
const char *name,
2832 const char *ui_name,
const int proto);
2835 ssl_common_register_dtls_alpn_dissector_table(
const char *name,
2836 const char *ui_name,
const int proto);
2841 #ifdef SSL_DECRYPT_DEBUG
2843 ssl_debug_printf(
const gchar* fmt,...) G_GNUC_PRINTF(1,2);
2845 ssl_print_data(const gchar* name, const guchar* data,
size_t len);
2847 ssl_print_string(const gchar* name, const
StringInfo* data);
2849 ssl_set_debug(const gchar* name);
2851 ssl_debug_flush(
void);
2855 static inline void G_GNUC_PRINTF(1,2)
2856 ssl_debug_printf(const gchar* fmt _U_,...)
2859 #define ssl_print_data(a, b, c)
2860 #define ssl_print_string(a, b)
2861 #define ssl_set_debug(name)
2862 #define ssl_debug_flush()
2869 proto_tree *tree, guint32 offset, guint32 offset_end);
Definition: packet-tls-utils.h:326
Definition: packet-tls-utils.h:342
StringInfo app_traffic_secret
Definition: packet-tls-utils.h:353
guint64 seq
Definition: packet-tls-utils.h:350
Definition: packet-tls-utils.c:2471
Definition: packet-tls-utils.h:507
Definition: packet-tls-utils.h:334
Definition: packet-tls-utils.h:424
SslFlow * flow
Definition: packet-tls-utils.h:430
guint32 seq
Definition: packet-tls-utils.h:432
gint id
Definition: packet-tls-utils.h:427
guint data_len
Definition: packet-tls-utils.h:426
guchar * plain_data
Definition: packet-tls-utils.h:425
ContentType type
Definition: packet-tls-utils.h:429
Definition: packet-tls-utils.h:459
Definition: packet-tls-utils.h:252
Definition: packet-tls-utils.h:440
guint record_id
Definition: packet-tls-utils.h:441
int is_last
Definition: packet-tls-utils.h:446
guint32 offset
Definition: packet-tls-utils.h:444
guint8 type
Definition: packet-tls-utils.h:445
guint reassembly_id
Definition: packet-tls-utils.h:443
Definition: packet_info.h:44
Definition: value_string.h:293
Definition: packet-tls-utils.h:542
Definition: value_string.h:133
Definition: value_string.h:170
Definition: value_string.h:26
Definition: wmem_list.c:23
Definition: wmem_strbuf.h:42
Definition: wmem_tree-int.h:48
Definition: packet-tls-utils.h:419
Definition: packet-tls-utils.h:450
Definition: conversation.h:202
Definition: packet-tls-utils.h:1190
Definition: packet-tls-utils.h:1205
Definition: prefs-int.h:27
Definition: packet-tls-utils.h:843
Definition: packet-tls-utils.h:550
Definition: packet-tls-utils.h:1198
Definition: packet-tls-utils.h:556
Definition: packet-tls-utils.h:360
Definition: tvbuff-int.h:35