12#ifndef __PACKET_TLS_UTILS_H__
13#define __PACKET_TLS_UTILS_H__
27#include <gnutls/x509.h>
28#include <gnutls/pkcs12.h>
32#define SSL_CIPHER_CTX gcry_cipher_hd_t
33#define SSL_DECRYPT_DEBUG
38 SSL_ID_CHG_CIPHER_SPEC = 0x14,
40 SSL_ID_HANDSHAKE = 0x16,
41 SSL_ID_APP_DATA = 0x17,
42 SSL_ID_HEARTBEAT = 0x18,
43 SSL_ID_TLS12_CID = 0x19,
44 SSL_ID_DTLS13_ACK = 0x1A,
48 SSL_HND_HELLO_REQUEST = 0,
49 SSL_HND_CLIENT_HELLO = 1,
50 SSL_HND_SERVER_HELLO = 2,
51 SSL_HND_HELLO_VERIFY_REQUEST = 3,
52 SSL_HND_NEWSESSION_TICKET = 4,
53 SSL_HND_END_OF_EARLY_DATA = 5,
54 SSL_HND_HELLO_RETRY_REQUEST = 6,
55 SSL_HND_ENCRYPTED_EXTENSIONS = 8,
56 SSL_HND_CERTIFICATE = 11,
57 SSL_HND_SERVER_KEY_EXCHG = 12,
58 SSL_HND_CERT_REQUEST = 13,
59 SSL_HND_SVR_HELLO_DONE = 14,
60 SSL_HND_CERT_VERIFY = 15,
61 SSL_HND_CLIENT_KEY_EXCHG = 16,
62 SSL_HND_FINISHED = 20,
63 SSL_HND_CERT_URL = 21,
64 SSL_HND_CERT_STATUS = 22,
65 SSL_HND_SUPPLEMENTAL_DATA = 23,
66 SSL_HND_KEY_UPDATE = 24,
67 SSL_HND_COMPRESSED_CERTIFICATE = 25,
70 SSL_HND_ENCRYPTED_EXTS = 67
73#define SSL2_HND_ERROR 0x00
74#define SSL2_HND_CLIENT_HELLO 0x01
75#define SSL2_HND_CLIENT_MASTER_KEY 0x02
76#define SSL2_HND_CLIENT_FINISHED 0x03
77#define SSL2_HND_SERVER_HELLO 0x04
78#define SSL2_HND_SERVER_VERIFY 0x05
79#define SSL2_HND_SERVER_FINISHED 0x06
80#define SSL2_HND_REQUEST_CERTIFICATE 0x07
81#define SSL2_HND_CLIENT_CERTIFICATE 0x08
83#define SSL_HND_HELLO_EXT_SERVER_NAME 0
84#define SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH 1
85#define SSL_HND_HELLO_EXT_CLIENT_CERTIFICATE_URL 2
86#define SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS 3
87#define SSL_HND_HELLO_EXT_TRUNCATED_HMAC 4
88#define SSL_HND_HELLO_EXT_STATUS_REQUEST 5
89#define SSL_HND_HELLO_EXT_USER_MAPPING 6
90#define SSL_HND_HELLO_EXT_CLIENT_AUTHZ 7
91#define SSL_HND_HELLO_EXT_SERVER_AUTHZ 8
92#define SSL_HND_HELLO_EXT_CERT_TYPE 9
93#define SSL_HND_HELLO_EXT_SUPPORTED_GROUPS 10
94#define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 11
95#define SSL_HND_HELLO_EXT_SRP 12
96#define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS 13
97#define SSL_HND_HELLO_EXT_USE_SRTP 14
98#define SSL_HND_HELLO_EXT_HEARTBEAT 15
99#define SSL_HND_HELLO_EXT_ALPN 16
100#define SSL_HND_HELLO_EXT_STATUS_REQUEST_V2 17
101#define SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP 18
102#define SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE 19
103#define SSL_HND_HELLO_EXT_SERVER_CERT_TYPE 20
104#define SSL_HND_HELLO_EXT_PADDING 21
105#define SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC 22
106#define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET 23
107#define SSL_HND_HELLO_EXT_TOKEN_BINDING 24
108#define SSL_HND_HELLO_EXT_CACHED_INFO 25
109#define SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE 27
110#define SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT 28
112#define SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS 34
113#define SSL_HND_HELLO_EXT_SESSION_TICKET_TLS 35
115#define SSL_HND_HELLO_EXT_KEY_SHARE_OLD 40
116#define SSL_HND_HELLO_EXT_PRE_SHARED_KEY 41
117#define SSL_HND_HELLO_EXT_EARLY_DATA 42
118#define SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS 43
119#define SSL_HND_HELLO_EXT_COOKIE 44
120#define SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES 45
121#define SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO 46
122#define SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES 47
123#define SSL_HND_HELLO_EXT_OID_FILTERS 48
124#define SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH 49
125#define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT 50
126#define SSL_HND_HELLO_EXT_KEY_SHARE 51
127#define SSL_HND_HELLO_EXT_TRANSPARENCY_INFO 52
128#define SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED 53
129#define SSL_HND_HELLO_EXT_CONNECTION_ID 54
130#define SSL_HND_HELLO_EXT_EXTERNAL_ID_HASH 55
131#define SSL_HND_HELLO_EXT_EXTERNAL_SESSION_ID 56
132#define SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V1 57
133#define SSL_HND_HELLO_EXT_TICKET_REQUEST 58
134#define SSL_HND_HELLO_EXT_DNSSEC_CHAIN 59
135#define SSL_HND_HELLO_EXT_GREASE_0A0A 2570
136#define SSL_HND_HELLO_EXT_GREASE_1A1A 6682
137#define SSL_HND_HELLO_EXT_GREASE_2A2A 10794
138#define SSL_HND_HELLO_EXT_NPN 13172
139#define SSL_HND_HELLO_EXT_GREASE_3A3A 14906
140#define SSL_HND_HELLO_EXT_ALPS 17513
141#define SSL_HND_HELLO_EXT_GREASE_4A4A 19018
142#define SSL_HND_HELLO_EXT_GREASE_5A5A 23130
143#define SSL_HND_HELLO_EXT_GREASE_6A6A 27242
144#define SSL_HND_HELLO_EXT_CHANNEL_ID_OLD 30031
145#define SSL_HND_HELLO_EXT_CHANNEL_ID 30032
146#define SSL_HND_HELLO_EXT_GREASE_7A7A 31354
147#define SSL_HND_HELLO_EXT_GREASE_8A8A 35466
148#define SSL_HND_HELLO_EXT_GREASE_9A9A 39578
149#define SSL_HND_HELLO_EXT_GREASE_AAAA 43690
150#define SSL_HND_HELLO_EXT_GREASE_BABA 47802
151#define SSL_HND_HELLO_EXT_GREASE_CACA 51914
152#define SSL_HND_HELLO_EXT_GREASE_DADA 56026
153#define SSL_HND_HELLO_EXT_GREASE_EAEA 60138
154#define SSL_HND_HELLO_EXT_GREASE_FAFA 64250
155#define SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO 65037
156#define SSL_HND_HELLO_EXT_RENEGOTIATION_INFO 65281
157#define SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS 65445
158#define SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME 65486
160#define SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT 1
161#define SSL_HND_CERT_URL_TYPE_PKIPATH 2
162#define SSL_HND_CERT_STATUS_TYPE_OCSP 1
163#define SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI 2
164#define SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY 2
167#define SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID 0x00
168#define SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT 0x01
169#define SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN 0x02
170#define SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE 0x03
171#define SSL_HND_QUIC_TP_INITIAL_MAX_DATA 0x04
172#define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL 0x05
173#define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE 0x06
174#define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI 0x07
175#define SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI 0x08
176#define SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI 0x09
177#define SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT 0x0a
178#define SSL_HND_QUIC_TP_MAX_ACK_DELAY 0x0b
179#define SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION 0x0c
180#define SSL_HND_QUIC_TP_PREFERRED_ADDRESS 0x0d
181#define SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT 0x0e
182#define SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID 0x0f
183#define SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID 0x10
184#define SSL_HND_QUIC_TP_VERSION_INFORMATION 0x11
185#define SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE 0x20
186#define SSL_HND_QUIC_TP_CIBIR_ENCODING 0x1000
187#define SSL_HND_QUIC_TP_LOSS_BITS 0x1057
188#define SSL_HND_QUIC_TP_GREASE_QUIC_BIT 0x2ab2
189#define SSL_HND_QUIC_TP_ENABLE_TIME_STAMP 0x7157
190#define SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V2 0x7158
191#define SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD 0xde1a
193#define SSL_HND_QUIC_TP_GOOGLE_USER_AGENT 0x3129
194#define SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED 0x312B
195#define SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION 0x4752
196#define SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT 0x3127
197#define SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE 0x312A
198#define SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS 0x4751
199#define SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS 0x3128
201#define SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY 0xFF00
202#define SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V1 0xFF03DE1A
203#define SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT05 0xff04de1a
204#define SSL_HND_QUIC_TP_MIN_ACK_DELAY 0xff04de1b
205#define SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT04 0x0f739bbc1b666d04
206#define SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT05 0x0f739bbc1b666d05
207#define SSL_HND_QUIC_TP_ENABLE_MULTIPATH 0x0f739bbc1b666d06
208#define SSL_HND_QUIC_TP_INITIAL_MAX_PATHS 0x0f739bbc1b666d07
209#define SSL_HND_QUIC_TP_INITIAL_MAX_PATH_ID 0x0f739bbc1b666d09
227extern const value_string ssl_31_key_exchange_algorithm[];
229extern const value_string ssl_31_client_certificate_type[];
230extern const value_string ssl_31_public_value_encoding[];
240extern const value_string ssl_extension_ec_point_formats[];
242extern const value_string tls_hello_ext_server_name_type_vs[];
243extern const value_string tls_hello_ext_max_fragment_length[];
245extern const value_string tls_hello_ext_trusted_ca_key_type[];
247extern const value_string compress_certificate_algorithm_vals[];
250extern const val64_string quic_enable_time_stamp_v2_vals[];
252extern const value_string tls_hello_ext_ech_clienthello_types[];
256extern const value_string token_binding_key_parameter_vals[];
264#define SSL_WRITE_KEY 1
266#define SSL_VER_UNKNOWN 0
267#define SSLV2_VERSION 0x0002
269#define SSLV3_VERSION 0x300
270#define TLSV1_VERSION 0x301
271#define TLCPV1_VERSION 0x101
272#define TLSV1DOT1_VERSION 0x302
273#define TLSV1DOT2_VERSION 0x303
274#define TLSV1DOT3_VERSION 0x304
275#define DTLSV1DOT0_VERSION 0xfeff
276#define DTLSV1DOT0_OPENSSL_VERSION 0x100
277#define DTLSV1DOT2_VERSION 0xfefd
278#define DTLSV1DOT3_VERSION 0xfefc
281static inline uint8_t extract_tls13_draft_version(uint32_t version) {
282 if ((version & 0xff00) == 0x7f00) {
283 return (uint8_t) version;
289#define SSL_CLIENT_RANDOM (1<<0)
290#define SSL_SERVER_RANDOM (1<<1)
291#define SSL_CIPHER (1<<2)
292#define SSL_HAVE_SESSION_KEY (1<<3)
293#define SSL_VERSION (1<<4)
294#define SSL_MASTER_SECRET (1<<5)
295#define SSL_PRE_MASTER_SECRET (1<<6)
296#define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7)
297#define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8)
298#define SSL_NEW_SESSION_TICKET (1<<10)
299#define SSL_ENCRYPT_THEN_MAC (1<<11)
300#define SSL_SEEN_0RTT_APPDATA (1<<12)
301#define SSL_QUIC_RECORD_LAYER (1<<13)
303#define SSL_EXTENDED_MASTER_SECRET_MASK (SSL_CLIENT_EXTENDED_MASTER_SECRET|SSL_SERVER_EXTENDED_MASTER_SECRET)
317#define IMPLICIT_NONCE_LEN 4
318#define EXPLICIT_NONCE_LEN 8
319#define TLS13_AEAD_NONCE_LENGTH 12
324 TLS_SECRET_HANDSHAKE,
328#define SSL_DEBUG_USE_STDERR "-"
330#define SSLV2_MAX_SESSION_ID_LENGTH_IN_BYTES 16
333#define TLS_MAX_RECORD_LENGTH 0x4000
340 ssl_cipher_mode_t mode;
354 unsigned char _mac_key_or_write_iv[48];
357 SSL_CIPHER_CTX sn_evp;
360 uint64_t dtls13_epoch;
368#define KEX_DHE_DSS 0x10
369#define KEX_DHE_PSK 0x11
370#define KEX_DHE_RSA 0x12
371#define KEX_DH_ANON 0x13
372#define KEX_DH_DSS 0x14
373#define KEX_DH_RSA 0x15
374#define KEX_ECDHE_ECDSA 0x16
375#define KEX_ECDHE_PSK 0x17
376#define KEX_ECDHE_RSA 0x18
377#define KEX_ECDH_ANON 0x19
378#define KEX_ECDH_ECDSA 0x1a
379#define KEX_ECDH_RSA 0x1b
383#define KEX_RSA_PSK 0x1f
384#define KEX_SRP_SHA 0x20
385#define KEX_SRP_SHA_DSS 0x21
386#define KEX_SRP_SHA_RSA 0x22
387#define KEX_IS_DH(n) ((n) >= KEX_DHE_DSS && (n) <= KEX_ECDH_RSA)
388#define KEX_TLS13 0x23
389#define KEX_ECJPAKE 0x24
391#define KEX_ECDHE_SM2 0x25
392#define KEX_ECC_SM2 0x26
393#define KEX_IBSDH_SM9 0x27
394#define KEX_IBC_SM9 0x28
398#define ENC_START 0x30
405#define ENC_AES256 0x36
406#define ENC_CAMELLIA128 0x37
407#define ENC_CAMELLIA256 0x38
409#define ENC_CHACHA20 0x3A
417#define DIG_SHA256 0x42
418#define DIG_SHA384 0x43
436 uint16_t dtls13_seq_suffix;
467 unsigned char tls13_draft_version;
468 int8_t client_cert_type;
469 int8_t server_cert_type;
470 uint32_t client_ccs_frame;
471 uint32_t server_ccs_frame;
481 const char *alpn_name;
483 const char *client_alpn_name;
484 uint32_t last_nontls_frame;
485 bool is_session_resumed;
488 uint32_t client_hs_reassembly_id;
489 uint32_t server_hs_reassembly_id;
500 uint8_t client_cid_len;
501 bool client_cid_len_present;
502 uint8_t server_cid_len;
503 bool server_cid_len_present;
505 uint64_t dtls13_current_epoch[2];
506 uint64_t dtls13_next_seq_num[2];
510#define SSL_MASTER_SECRET_LENGTH 48
516 unsigned char _master_secret[SSL_MASTER_SECRET_LENGTH];
517 unsigned char _session_id[256];
518 unsigned char _client_random[32];
519 unsigned char _server_random[32];
528 unsigned char _server_data_for_iv[24];
530 unsigned char _client_data_for_iv[24];
539#if defined(HAVE_LIBGNUTLS)
540 struct cert_key_id *cert_key_id;
552 uint64_t sequence_number;
566 const char *keylog_filename;
574 GHashTable *pre_master;
579 GHashTable *tls13_client_early;
580 GHashTable *tls13_client_handshake;
581 GHashTable *tls13_server_handshake;
582 GHashTable *tls13_client_appdata;
583 GHashTable *tls13_server_appdata;
584 GHashTable *tls13_early_exporter;
585 GHashTable *tls13_exporter;
593 GHashTable *used_crandom;
596int ssl_get_keyex_alg(
int cipher);
598void quic_transport_parameter_id_base_custom(
char *result, uint64_t parameter_id);
600bool ssldecrypt_uat_fld_ip_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
601bool ssldecrypt_uat_fld_port_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
602bool ssldecrypt_uat_fld_fileopen_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
603bool ssldecrypt_uat_fld_password_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
604char* ssl_association_info(
const char* dissector_table_name,
const char* table_protocol);
607void ssl_init_cid_list(
void);
610void ssl_cleanup_cid_list(
void);
635ssl_set_server(
SslSession *session,
address *addr, port_type ptype, uint32_t port);
657WS_DLL_PUBLIC uint32_t
669WS_DLL_PUBLIC uint32_t
674ssl_find_appdata_dissector(
const char *name);
682ssl_data_set(
StringInfo* buf,
const unsigned char* src,
unsigned len);
691ssl_cipher_setiv(SSL_CIPHER_CTX *cipher,
unsigned char* iv,
int iv_len);
697ssl_find_cipher(
int num);
713 uint32_t length,
tvbuff_t *tvb, uint32_t offset,
716 GHashTable *key_hash,
746 bool ignore_mac_failed,
747 const unsigned char *in, uint16_t inl,
const unsigned char *cid, uint8_t cidl,
765tls_add_packet_info(
int proto,
packet_info *pinfo, uint8_t curr_layer_num_ssl);
769ssl_add_record_info(
int proto,
packet_info *pinfo,
const unsigned char *data,
int data_len,
int record_id,
SslFlow *flow, ContentType type, uint8_t curr_layer_num_ssl);
789tls_get_master_key_map(
bool load_secrets);
797ssl_load_keyfile(
const char *ssl_keylog_filename, FILE **keylog_file,
821 bool is_from_server, TLSRecordType type);
825 bool is_from_server, TLSRecordType type);
831ssl_is_valid_content_type(uint8_t type);
834ssl_is_valid_handshake_type(uint8_t hs_type,
bool is_dtls);
837tls_scan_server_hello(
tvbuff_t *tvb, uint32_t offset, uint32_t offset_end,
838 uint16_t *server_version,
bool *is_hrr);
842 uint8_t content_type, uint8_t handshake_type,
843 bool is_dtls, uint16_t version);
851 int change_cipher_spec;
854 int hs_ext_alpn_list;
856 int hs_ext_alpn_str_len;
857 int hs_ext_cert_url_item;
858 int hs_ext_cert_url_padding;
859 int hs_ext_cert_url_sha1;
860 int hs_ext_cert_url_type;
861 int hs_ext_cert_url_url;
862 int hs_ext_cert_url_url_hash_list_len;
863 int hs_ext_cert_url_url_len;
864 int hs_ext_cert_status_type;
865 int hs_ext_cert_status_request_len;
866 int hs_ext_cert_status_responder_id_list_len;
867 int hs_ext_cert_status_request_extensions_len;
868 int hs_ext_cert_status_request_list_len;
869 int hs_ocsp_response_list_len;
870 int hs_ocsp_response_len;
871 int hs_ext_cert_type;
872 int hs_ext_cert_types;
873 int hs_ext_cert_types_len;
875 int hs_ext_ec_point_format;
876 int hs_ext_ec_point_formats;
877 int hs_ext_ec_point_formats_len;
879 int hs_ext_srp_username;
880 int hs_ext_supported_group;
881 int hs_ext_supported_groups;
882 int hs_ext_supported_groups_len;
883 int hs_ext_heartbeat_mode;
886 int hs_ext_npn_str_len;
887 int hs_ext_reneg_info_len;
888 int hs_ext_reneg_info;
889 int hs_ext_key_share_client_length;
890 int hs_ext_key_share_group;
891 int hs_ext_key_share_key_exchange_length;
892 int hs_ext_key_share_key_exchange;
893 int hs_ext_key_share_selected_group;
894 int hs_ext_psk_identities_length;
895 int hs_ext_psk_identity_identity_length;
896 int hs_ext_psk_identity_identity;
897 int hs_ext_psk_identity_obfuscated_ticket_age;
898 int hs_ext_psk_binders_length;
899 int hs_ext_psk_binders;
900 int hs_ext_psk_identity_selected;
901 int hs_ext_session_ticket;
902 int hs_ext_supported_versions_len;
903 int hs_ext_supported_version;
904 int hs_ext_cookie_len;
906 int hs_ext_server_name;
907 int hs_ext_server_name_len;
908 int hs_ext_server_name_list_len;
909 int hs_ext_server_name_type;
910 int hs_ext_max_fragment_length;
911 int hs_ext_padding_data;
913 int hs_ext_connection_id_length;
914 int hs_ext_connection_id;
915 int hs_ext_trusted_ca_keys_len;
916 int hs_ext_trusted_ca_keys_list;
917 int hs_ext_trusted_ca_key;
918 int hs_ext_trusted_ca_key_type;
919 int hs_ext_trusted_ca_key_hash;
920 int hs_ext_trusted_ca_key_dname_len;
921 int hs_ext_trusted_ca_key_dname;
923 int hs_sig_hash_alg_len;
924 int hs_sig_hash_algs;
925 int hs_sig_hash_hash;
927 int hs_client_keyex_epms_len;
928 int hs_client_keyex_epms;
929 int hs_server_keyex_modulus_len;
930 int hs_server_keyex_exponent_len;
931 int hs_server_keyex_sig_len;
932 int hs_server_keyex_p_len;
933 int hs_server_keyex_g_len;
934 int hs_server_keyex_ys_len;
935 int hs_client_keyex_yc_len;
936 int hs_client_keyex_point_len;
937 int hs_server_keyex_point_len;
938 int hs_server_keyex_p;
939 int hs_server_keyex_g;
940 int hs_server_keyex_curve_type;
941 int hs_server_keyex_named_curve;
942 int hs_server_keyex_ys;
943 int hs_client_keyex_yc;
944 int hs_server_keyex_point;
945 int hs_client_keyex_point;
946 int hs_server_keyex_xs_len;
947 int hs_client_keyex_xc_len;
948 int hs_server_keyex_xs;
949 int hs_client_keyex_xc;
950 int hs_server_keyex_vs_len;
951 int hs_client_keyex_vc_len;
952 int hs_server_keyex_vs;
953 int hs_client_keyex_vc;
954 int hs_server_keyex_rs_len;
955 int hs_client_keyex_rc_len;
956 int hs_server_keyex_rs;
957 int hs_client_keyex_rc;
958 int hs_server_keyex_modulus;
959 int hs_server_keyex_exponent;
960 int hs_server_keyex_sig;
961 int hs_server_keyex_hint_len;
962 int hs_server_keyex_hint;
963 int hs_client_keyex_identity_len;
964 int hs_client_keyex_identity;
965 int hs_certificates_len;
967 int hs_certificate_len;
969 int hs_cert_types_count;
974 int hs_dnames_truncated;
981 int hs_session_id_len;
982 int hs_client_version;
983 int hs_server_version;
984 int hs_cipher_suites_len;
985 int hs_cipher_suites;
987 int hs_comp_methods_len;
990 int hs_session_ticket_lifetime_hint;
991 int hs_session_ticket_age_add;
992 int hs_session_ticket_nonce_len;
993 int hs_session_ticket_nonce;
994 int hs_session_ticket_len;
995 int hs_session_ticket;
997 int hs_client_cert_vrfy_sig_len;
998 int hs_client_cert_vrfy_sig;
1007 int hs_ext_psk_ke_modes_length;
1008 int hs_ext_psk_ke_mode;
1009 int hs_certificate_request_context_length;
1010 int hs_certificate_request_context;
1011 int hs_key_update_request_update;
1012 int sct_scts_length;
1014 int sct_sct_version;
1016 int sct_sct_timestamp;
1017 int sct_sct_extensions_length;
1018 int sct_sct_extensions;
1019 int sct_sct_signature;
1020 int sct_sct_signature_length;
1021 int hs_ext_max_early_data_size;
1022 int hs_ext_oid_filters_length;
1023 int hs_ext_oid_filters_oid_length;
1024 int hs_ext_oid_filters_oid;
1025 int hs_ext_oid_filters_values_length;
1026 int hs_cred_valid_time;
1028 int hs_cred_pubkey_len;
1029 int hs_cred_signature;
1030 int hs_cred_signature_len;
1033 int hs_ext_compress_certificate_algorithms_length;
1034 int hs_ext_compress_certificate_algorithm;
1035 int hs_ext_compress_certificate_uncompressed_length;
1036 int hs_ext_compress_certificate_compressed_certificate_message_length;
1037 int hs_ext_compress_certificate_compressed_certificate_message;
1040 int hs_ext_token_binding_version_major;
1041 int hs_ext_token_binding_version_minor;
1042 int hs_ext_token_binding_key_parameters;
1043 int hs_ext_token_binding_key_parameters_length;
1044 int hs_ext_token_binding_key_parameter;
1046 int hs_ext_record_size_limit;
1049 int hs_ext_quictp_len;
1050 int hs_ext_quictp_parameter;
1051 int hs_ext_quictp_parameter_type;
1052 int hs_ext_quictp_parameter_len;
1053 int hs_ext_quictp_parameter_len_old;
1054 int hs_ext_quictp_parameter_value;
1055 int hs_ext_quictp_parameter_original_destination_connection_id;
1056 int hs_ext_quictp_parameter_max_idle_timeout;
1057 int hs_ext_quictp_parameter_stateless_reset_token;
1058 int hs_ext_quictp_parameter_initial_max_data;
1059 int hs_ext_quictp_parameter_initial_max_stream_data_bidi_local;
1060 int hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote;
1061 int hs_ext_quictp_parameter_initial_max_stream_data_uni;
1062 int hs_ext_quictp_parameter_initial_max_streams_bidi;
1063 int hs_ext_quictp_parameter_initial_max_streams_uni;
1064 int hs_ext_quictp_parameter_ack_delay_exponent;
1065 int hs_ext_quictp_parameter_max_ack_delay;
1066 int hs_ext_quictp_parameter_max_udp_payload_size;
1067 int hs_ext_quictp_parameter_pa_ipv4address;
1068 int hs_ext_quictp_parameter_pa_ipv6address;
1069 int hs_ext_quictp_parameter_pa_ipv4port;
1070 int hs_ext_quictp_parameter_pa_ipv6port;
1071 int hs_ext_quictp_parameter_pa_connectionid_length;
1072 int hs_ext_quictp_parameter_pa_connectionid;
1073 int hs_ext_quictp_parameter_pa_statelessresettoken;
1074 int hs_ext_quictp_parameter_active_connection_id_limit;
1075 int hs_ext_quictp_parameter_initial_source_connection_id;
1076 int hs_ext_quictp_parameter_retry_source_connection_id;
1077 int hs_ext_quictp_parameter_max_datagram_frame_size;
1078 int hs_ext_quictp_parameter_cibir_encoding_length;
1079 int hs_ext_quictp_parameter_cibir_encoding_offset;
1080 int hs_ext_quictp_parameter_loss_bits;
1081 int hs_ext_quictp_parameter_enable_time_stamp_v2;
1082 int hs_ext_quictp_parameter_min_ack_delay;
1083 int hs_ext_quictp_parameter_google_user_agent_id;
1084 int hs_ext_quictp_parameter_google_key_update_not_yet_supported;
1085 int hs_ext_quictp_parameter_google_quic_version;
1086 int hs_ext_quictp_parameter_google_initial_rtt;
1087 int hs_ext_quictp_parameter_google_support_handshake_done;
1088 int hs_ext_quictp_parameter_google_quic_params;
1089 int hs_ext_quictp_parameter_google_quic_params_unknown_field;
1090 int hs_ext_quictp_parameter_google_connection_options;
1091 int hs_ext_quictp_parameter_google_supported_versions_length;
1092 int hs_ext_quictp_parameter_google_supported_version;
1093 int hs_ext_quictp_parameter_facebook_partial_reliability;
1094 int hs_ext_quictp_parameter_chosen_version;
1095 int hs_ext_quictp_parameter_other_version;
1096 int hs_ext_quictp_parameter_enable_multipath;
1097 int hs_ext_quictp_parameter_initial_max_paths;
1098 int hs_ext_quictp_parameter_initial_max_path_id;
1101 int esni_record_digest_length;
1102 int esni_record_digest;
1103 int esni_encrypted_sni_length;
1104 int esni_encrypted_sni;
1107 int ech_echconfiglist_length;
1108 int ech_echconfiglist;
1110 int ech_echconfig_version;
1111 int ech_echconfig_length;
1112 int ech_echconfigcontents_maximum_name_length;
1113 int ech_echconfigcontents_public_name_length;
1114 int ech_echconfigcontents_public_name;
1115 int ech_echconfigcontents_extensions_length;
1116 int ech_echconfigcontents_extensions;
1117 int ech_hpke_keyconfig;
1118 int ech_hpke_keyconfig_config_id;
1119 int ech_hpke_keyconfig_kem_id;
1120 int ech_hpke_keyconfig_public_key_length;
1121 int ech_hpke_keyconfig_public_key;
1122 int ech_hpke_keyconfig_cipher_suites;
1123 int ech_hpke_keyconfig_cipher_suites_length;
1124 int ech_hpke_keyconfig_cipher_suite;
1125 int ech_hpke_keyconfig_cipher_suite_kdf_id;
1126 int ech_hpke_keyconfig_cipher_suite_aead_id;
1127 int ech_clienthello_type;
1128 int ech_cipher_suite;
1132 int ech_payload_length;
1134 int ech_confirmation;
1135 int ech_retry_configs;
1137 int hs_ext_alps_len;
1138 int hs_ext_alps_alpn_list;
1139 int hs_ext_alps_alpn_str;
1140 int hs_ext_alps_alpn_str_len;
1141 int hs_ext_alps_settings;
1148 int hs_ext_cert_types;
1150 int hs_ext_curves_point_formats;
1152 int hs_ext_reneg_info;
1153 int hs_ext_key_share;
1154 int hs_ext_key_share_ks;
1155 int hs_ext_pre_shared_key;
1156 int hs_ext_psk_identity;
1157 int hs_ext_server_name;
1158 int hs_ext_oid_filter;
1159 int hs_ext_quictp_parameter;
1160 int hs_ext_trusted_ca_keys;
1161 int hs_ext_trusted_ca_key;
1162 int hs_sig_hash_alg;
1163 int hs_sig_hash_algs;
1176 int uncompressed_certificates;
1178 int ech_echconfiglist;
1180 int ech_retry_configs;
1181 int ech_hpke_keyconfig;
1182 int ech_hpke_cipher_suites;
1183 int ech_hpke_cipher_suite;
1184 int hs_ext_token_binding_key_parameters;
1212 int hf_dtls_handshake_cookie_len;
1213 int hf_dtls_handshake_cookie;
1227 uint32_t max_version;
1228 bool server_name_present;
1229 int num_cipher_suites;
1240#define G_MAXUINT24 ((1U << 24) - 1)
1256 unsigned offset,
unsigned offset_end, uint32_t *ret_length,
1257 int hf_length, uint32_t min_value, uint32_t max_value);
1269 unsigned offset,
unsigned offset_end);
1275 ContentType content_type,
1276 unsigned record_length,
proto_item *length_pi,
1277 uint16_t version,
tvbuff_t *decrypted_tvb);
1283 bool is_from_server,
1295 proto_tree *tree, uint32_t offset, uint32_t offset_end,
1297 bool is_dtls,
bool is_hrr);
1301 proto_tree *tree, uint32_t offset, uint32_t offset_end,
1307 proto_tree *tree, uint32_t offset, uint32_t offset_end,
1313 proto_tree *tree, uint32_t offset, uint32_t offset_end,
1315 bool is_dtls, GHashTable *session_hash);
1319 uint32_t offset, uint32_t offset_end,
packet_info *pinfo,
1321 bool is_from_server,
bool is_dtls);
1325 proto_tree *tree, uint32_t offset, uint32_t offset_end,
1330 proto_tree *tree, uint32_t offset, uint32_t offset_end, uint16_t version);
1334 proto_tree *tree, uint32_t offset, uint32_t offset_end,
1342 proto_tree *tree, uint32_t offset, uint32_t offset_end);
1346 proto_tree *tree, uint32_t offset, uint32_t length,
1351 proto_tree *tree, uint32_t offset, uint32_t offset_end,
1360 uint32_t offset, uint32_t offset_end, uint16_t version);
1363tls13_hkdf_expand_label_context(
int md,
const StringInfo *secret,
1364 const char *label_prefix,
const char *label,
1365 const uint8_t *context, uint8_t context_length,
1366 uint16_t out_len,
unsigned char **out);
1369tls13_hkdf_expand_label(
int md,
const StringInfo *secret,
1370 const char *label_prefix,
const char *label,
1371 uint16_t out_len,
unsigned char **out);
1375 uint32_t offset, uint32_t offset_end,
packet_info *pinfo,
1377 bool is_from_server _U_,
bool is_dtls _U_);
1379#define SSL_COMMON_LIST_T(name) \
1380ssl_common_dissect_t name;
1384#define SSL_COMMON_HF_LIST(name, prefix) \
1385 { & name .hf.change_cipher_spec, \
1386 { "Change Cipher Spec Message", prefix ".change_cipher_spec", \
1387 FT_NONE, BASE_NONE, NULL, 0x0, \
1388 "Signals a change in cipher specifications", HFILL } \
1390 { & name .hf.hs_exts_len, \
1391 { "Extensions Length", prefix ".handshake.extensions_length", \
1392 FT_UINT16, BASE_DEC, NULL, 0x0, \
1393 "Length of hello extensions", HFILL } \
1395 { & name .hf.hs_ext_type, \
1396 { "Type", prefix ".handshake.extension.type", \
1397 FT_UINT16, BASE_DEC, VALS(tls_hello_extension_types), 0x0, \
1398 "Hello extension type", HFILL } \
1400 { & name .hf.hs_ext_len, \
1401 { "Length", prefix ".handshake.extension.len", \
1402 FT_UINT16, BASE_DEC, NULL, 0x0, \
1403 "Length of a hello extension", HFILL } \
1405 { & name .hf.hs_ext_data, \
1406 { "Data", prefix ".handshake.extension.data", \
1407 FT_BYTES, BASE_NONE, NULL, 0x0, \
1408 "Hello Extension data", HFILL } \
1410 { & name .hf.hs_ext_supported_groups_len, \
1411 { "Supported Groups List Length", prefix ".handshake.extensions_supported_groups_length", \
1412 FT_UINT16, BASE_DEC, NULL, 0x0, \
1415 { & name .hf.hs_ext_supported_groups, \
1416 { "Supported Groups List", prefix ".handshake.extensions_supported_groups", \
1417 FT_NONE, BASE_NONE, NULL, 0x0, \
1418 "List of supported groups (formerly Supported Elliptic Curves)", HFILL } \
1420 { & name .hf.hs_ext_supported_group, \
1421 { "Supported Group", prefix ".handshake.extensions_supported_group", \
1422 FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \
1425 { & name .hf.hs_ext_ec_point_formats_len, \
1426 { "EC point formats Length", prefix ".handshake.extensions_ec_point_formats_length", \
1427 FT_UINT8, BASE_DEC, NULL, 0x0, \
1428 "Length of elliptic curves point formats field", HFILL } \
1430 { & name .hf.hs_ext_ec_point_formats, \
1431 { "EC point formats", prefix ".handshake.extensions_ec_point_formats", \
1432 FT_NONE, BASE_NONE, NULL, 0x0, \
1433 "List of elliptic curves point format", HFILL } \
1435 { & name .hf.hs_ext_ec_point_format, \
1436 { "EC point format", prefix ".handshake.extensions_ec_point_format", \
1437 FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, \
1438 "Elliptic curves point format", HFILL } \
1440 { & name .hf.hs_ext_srp_len, \
1441 { "SRP username length", prefix ".handshake.extensions_srp_len", \
1442 FT_UINT8, BASE_DEC, NULL, 0x0, \
1443 "Length of Secure Remote Password username field", HFILL } \
1445 { & name .hf.hs_ext_srp_username, \
1446 { "SRP username", prefix ".handshake.extensions_srp_username", \
1447 FT_STRING, BASE_NONE, NULL, 0x0, \
1448 "Secure Remote Password username", HFILL } \
1450 { & name .hf.hs_ext_alpn_len, \
1451 { "ALPN Extension Length", prefix ".handshake.extensions_alpn_len", \
1452 FT_UINT16, BASE_DEC, NULL, 0x0, \
1453 "Length of the ALPN Extension", HFILL } \
1455 { & name .hf.hs_ext_alpn_list, \
1456 { "ALPN Protocol", prefix ".handshake.extensions_alpn_list", \
1457 FT_NONE, BASE_NONE, NULL, 0x0, \
1460 { & name .hf.hs_ext_alpn_str_len, \
1461 { "ALPN string length", prefix ".handshake.extensions_alpn_str_len", \
1462 FT_UINT8, BASE_DEC, NULL, 0x0, \
1463 "Length of ALPN string", HFILL } \
1465 { & name .hf.hs_ext_alpn_str, \
1466 { "ALPN Next Protocol", prefix ".handshake.extensions_alpn_str", \
1467 FT_STRING, BASE_NONE, NULL, 0x00, \
1470 { & name .hf.hs_ext_npn_str_len, \
1471 { "Protocol string length", prefix ".handshake.extensions_npn_str_len", \
1472 FT_UINT8, BASE_DEC, NULL, 0x0, \
1473 "Length of next protocol string", HFILL } \
1475 { & name .hf.hs_ext_npn_str, \
1476 { "Next Protocol", prefix ".handshake.extensions_npn", \
1477 FT_STRING, BASE_NONE, NULL, 0x0, \
1480 { & name .hf.hs_ext_reneg_info_len, \
1481 { "Renegotiation info extension length", prefix ".handshake.extensions_reneg_info_len", \
1482 FT_UINT8, BASE_DEC, NULL, 0x0, \
1485 { & name .hf.hs_ext_reneg_info, \
1486 { "Renegotiation info", prefix ".handshake.extensions_reneg_info",\
1487 FT_BYTES, BASE_NONE, NULL, 0x0, \
1490 { & name .hf.hs_ext_key_share_client_length, \
1491 { "Client Key Share Length", prefix ".handshake.extensions_key_share_client_length", \
1492 FT_UINT16, BASE_DEC, NULL, 0x00, \
1495 { & name .hf.hs_ext_key_share_group, \
1496 { "Group", prefix ".handshake.extensions_key_share_group", \
1497 FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \
1500 { & name .hf.hs_ext_key_share_key_exchange_length, \
1501 { "Key Exchange Length", prefix ".handshake.extensions_key_share_key_exchange_length", \
1502 FT_UINT16, BASE_DEC, NULL, 0x00, \
1505 { & name .hf.hs_ext_key_share_key_exchange, \
1506 { "Key Exchange", prefix ".handshake.extensions_key_share_key_exchange", \
1507 FT_BYTES, BASE_NONE, NULL, 0x0, \
1510 { & name .hf.hs_ext_key_share_selected_group, \
1511 { "Selected Group", prefix ".handshake.extensions_key_share_selected_group", \
1512 FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \
1515 { & name .hf.hs_ext_psk_identities_length, \
1516 { "Identities Length", prefix ".handshake.extensions.psk.identities.length", \
1517 FT_UINT16, BASE_DEC, NULL, 0x0, \
1520 { & name .hf.hs_ext_psk_identity_identity_length, \
1521 { "Identity Length", prefix ".handshake.extensions.psk.identity.identity_length", \
1522 FT_UINT16, BASE_DEC, NULL, 0x0, \
1525 { & name .hf.hs_ext_psk_identity_identity, \
1526 { "Identity", prefix ".handshake.extensions.psk.identity.identity", \
1527 FT_BYTES, BASE_NONE, NULL, 0x0, \
1530 { & name .hf.hs_ext_psk_identity_obfuscated_ticket_age, \
1531 { "Obfuscated Ticket Age", prefix ".handshake.extensions.psk.identity.obfuscated_ticket_age", \
1532 FT_UINT32, BASE_DEC, NULL, 0x0, \
1535 { & name .hf.hs_ext_psk_binders_length, \
1536 { "PSK Binders length", prefix ".handshake.extensions.psk.binders_len", \
1537 FT_UINT16, BASE_DEC, NULL, 0x0, \
1540 { & name .hf.hs_ext_psk_binders, \
1541 { "PSK Binders", prefix ".handshake.extensions.psk.binders", \
1542 FT_NONE, BASE_NONE, NULL, 0x0, \
1545 { & name .hf.hs_ext_psk_identity_selected, \
1546 { "Selected Identity", prefix ".handshake.extensions.psk.identity.selected", \
1547 FT_UINT16, BASE_DEC, NULL, 0x0, \
1550 { & name .hf.hs_ext_session_ticket, \
1551 { "Session Ticket", prefix ".handshake.extensions.session_ticket", \
1552 FT_BYTES, BASE_NONE, NULL, 0x0, \
1555 { & name .hf.hs_ext_supported_versions_len, \
1556 { "Supported Versions length", prefix ".handshake.extensions.supported_versions_len", \
1557 FT_UINT8, BASE_DEC, NULL, 0x0, \
1560 { & name .hf.hs_ext_supported_version, \
1561 { "Supported Version", prefix ".handshake.extensions.supported_version", \
1562 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
1565 { & name .hf.hs_ext_cookie_len, \
1566 { "Cookie length", prefix ".handshake.extensions.cookie_len", \
1567 FT_UINT16, BASE_DEC, NULL, 0x0, \
1570 { & name .hf.hs_ext_cookie, \
1571 { "Cookie", prefix ".handshake.extensions.cookie", \
1572 FT_BYTES, BASE_NONE, NULL, 0x0, \
1575 { & name .hf.hs_ext_server_name_list_len, \
1576 { "Server Name list length", prefix ".handshake.extensions_server_name_list_len", \
1577 FT_UINT16, BASE_DEC, NULL, 0x0, \
1578 "Length of server name list", HFILL } \
1580 { & name .hf.hs_ext_server_name_len, \
1581 { "Server Name length", prefix ".handshake.extensions_server_name_len", \
1582 FT_UINT16, BASE_DEC, NULL, 0x0, \
1583 "Length of server name string", HFILL } \
1585 { & name .hf.hs_ext_server_name_type, \
1586 { "Server Name Type", prefix ".handshake.extensions_server_name_type", \
1587 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_server_name_type_vs), 0x0, \
1590 { & name .hf.hs_ext_server_name, \
1591 { "Server Name", prefix ".handshake.extensions_server_name", \
1592 FT_STRING, BASE_NONE, NULL, 0x0, \
1595 { & name .hf.hs_ext_max_fragment_length, \
1596 { "Maximum Fragment Length", prefix ".handshake.max_fragment_length", \
1597 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_max_fragment_length), 0x00, \
1598 "Maximum fragment length that an endpoint is willing to receive", HFILL } \
1600 { & name .hf.hs_ext_padding_data, \
1601 { "Padding Data", prefix ".handshake.extensions_padding_data", \
1602 FT_BYTES, BASE_NONE, NULL, 0x0, \
1603 "Must be zero", HFILL } \
1605 { & name .hf.hs_ext_cert_url_type, \
1606 { "Certificate Chain Type", prefix ".handshake.cert_url_type", \
1607 FT_UINT8, BASE_DEC, VALS(tls_cert_chain_type), 0x0, \
1608 "Certificate Chain Type for Client Certificate URL", HFILL } \
1610 { & name .hf.hs_ext_cert_url_url_hash_list_len, \
1611 { "URL and Hash list Length", prefix ".handshake.cert_url.url_hash_len", \
1612 FT_UINT16, BASE_DEC, NULL, 0x0, \
1615 { & name .hf.hs_ext_cert_url_item, \
1616 { "URL and Hash", prefix ".handshake.cert_url.url_hash", \
1617 FT_NONE, BASE_NONE, NULL, 0x0, \
1620 { & name .hf.hs_ext_cert_url_url_len, \
1621 { "URL Length", prefix ".handshake.cert_url.url_len", \
1622 FT_UINT16, BASE_DEC, NULL, 0x0, \
1625 { & name .hf.hs_ext_cert_type, \
1626 { "Certificate Type", prefix ".handshake.cert_type.type", \
1627 FT_UINT8, BASE_HEX, VALS(tls_certificate_type), 0x0, \
1630 { & name .hf.hs_ext_cert_types, \
1631 { "Certificate Type List", prefix ".handshake.cert_type.types", \
1632 FT_NONE, BASE_NONE, NULL, 0x0, \
1635 { & name .hf.hs_ext_cert_types_len, \
1636 { "Certificate Type List Length", prefix ".handshake.cert_type.types_len", \
1637 FT_UINT8, BASE_DEC, NULL, 0x0, \
1640 { & name .hf.hs_ext_cert_url_url, \
1641 { "URL", prefix ".handshake.cert_url.url", \
1642 FT_STRING, BASE_NONE, NULL, 0x0, \
1643 "URL used to fetch the certificate(s)", HFILL } \
1645 { & name .hf.hs_ext_cert_url_padding, \
1646 { "Padding", prefix ".handshake.cert_url.padding", \
1647 FT_NONE, BASE_NONE, NULL, 0x0, \
1648 "Padding that MUST be 0x01 for backwards compatibility", HFILL } \
1650 { & name .hf.hs_ext_cert_url_sha1, \
1651 { "SHA1 Hash", prefix ".handshake.cert_url.sha1", \
1652 FT_BYTES, BASE_NONE, NULL, 0x0, \
1653 "SHA1 Hash of the certificate", HFILL } \
1655 { & name .hf.hs_ext_cert_status_type, \
1656 { "Certificate Status Type", prefix ".handshake.extensions_status_request_type", \
1657 FT_UINT8, BASE_DEC, VALS(tls_cert_status_type), 0x0, \
1660 { & name .hf.hs_ext_cert_status_request_len, \
1661 { "Certificate Status Length", prefix ".handshake.extensions_status_request_len", \
1662 FT_UINT16, BASE_DEC, NULL, 0x0, \
1665 { & name .hf.hs_ext_cert_status_responder_id_list_len, \
1666 { "Responder ID list Length", prefix ".handshake.extensions_status_request_responder_ids_len", \
1667 FT_UINT16, BASE_DEC, NULL, 0x0, \
1670 { & name .hf.hs_ext_cert_status_request_extensions_len, \
1671 { "Request Extensions Length", prefix ".handshake.extensions_status_request_exts_len", \
1672 FT_UINT16, BASE_DEC, NULL, 0x0, \
1675 { & name .hf.hs_ext_cert_status_request_list_len, \
1676 { "Certificate Status List Length", prefix ".handshake.extensions_status_request_list_len", \
1677 FT_UINT16, BASE_DEC, NULL, 0x0, \
1678 "CertificateStatusRequestItemV2 list length", HFILL } \
1680 { & name .hf.hs_ocsp_response_list_len, \
1681 { "OCSP Response List Length", prefix ".handshake.ocsp_response_list_len", \
1682 FT_UINT24, BASE_DEC, NULL, 0x0, \
1683 "OCSPResponseList length", HFILL } \
1685 { & name .hf.hs_ocsp_response_len, \
1686 { "OCSP Response Length", prefix ".handshake.ocsp_response_len", \
1687 FT_UINT24, BASE_DEC, NULL, 0x0, \
1690 { & name .hf.hs_sig_hash_alg_len, \
1691 { "Signature Hash Algorithms Length", prefix ".handshake.sig_hash_alg_len", \
1692 FT_UINT16, BASE_DEC, NULL, 0x0, \
1693 "Length of Signature Hash Algorithms", HFILL } \
1695 { & name .hf.hs_sig_hash_algs, \
1696 { "Signature Algorithms", prefix ".handshake.sig_hash_algs", \
1697 FT_NONE, BASE_NONE, NULL, 0x0, \
1698 "List of supported Signature Algorithms", HFILL } \
1700 { & name .hf.hs_sig_hash_alg, \
1701 { "Signature Algorithm", prefix ".handshake.sig_hash_alg", \
1702 FT_UINT16, BASE_HEX, VALS(tls13_signature_algorithm), 0x0, \
1705 { & name .hf.hs_sig_hash_hash, \
1706 { "Signature Hash Algorithm Hash", prefix ".handshake.sig_hash_hash", \
1707 FT_UINT8, BASE_DEC, VALS(tls_hash_algorithm), 0x0, \
1708 "Hash algorithm (TLS 1.2)", HFILL } \
1710 { & name .hf.hs_sig_hash_sig, \
1711 { "Signature Hash Algorithm Signature", prefix ".handshake.sig_hash_sig", \
1712 FT_UINT8, BASE_DEC, VALS(tls_signature_algorithm), 0x0, \
1713 "Signature algorithm (TLS 1.2)", HFILL } \
1715 { & name .hf.hs_client_keyex_epms_len, \
1716 { "Encrypted PreMaster length", prefix ".handshake.epms_len", \
1717 FT_UINT16, BASE_DEC, NULL, 0x0, \
1718 "Length of encrypted PreMaster secret", HFILL } \
1720 { & name .hf.hs_client_keyex_epms, \
1721 { "Encrypted PreMaster", prefix ".handshake.epms", \
1722 FT_BYTES, BASE_NONE, NULL, 0x0, \
1723 "Encrypted PreMaster secret", HFILL } \
1725 { & name .hf.hs_server_keyex_modulus_len, \
1726 { "Modulus Length", prefix ".handshake.modulus_len", \
1727 FT_UINT16, BASE_DEC, NULL, 0x0, \
1728 "Length of RSA-EXPORT modulus", HFILL } \
1730 { & name .hf.hs_server_keyex_exponent_len, \
1731 { "Exponent Length", prefix ".handshake.exponent_len", \
1732 FT_UINT16, BASE_DEC, NULL, 0x0, \
1733 "Length of RSA-EXPORT exponent", HFILL } \
1735 { & name .hf.hs_server_keyex_sig_len, \
1736 { "Signature Length", prefix ".handshake.sig_len", \
1737 FT_UINT16, BASE_DEC, NULL, 0x0, \
1738 "Length of Signature", HFILL } \
1740 { & name .hf.hs_server_keyex_p_len, \
1741 { "p Length", prefix ".handshake.p_len", \
1742 FT_UINT16, BASE_DEC, NULL, 0x0, \
1743 "Length of p", HFILL } \
1745 { & name .hf.hs_server_keyex_g_len, \
1746 { "g Length", prefix ".handshake.g_len", \
1747 FT_UINT16, BASE_DEC, NULL, 0x0, \
1748 "Length of g", HFILL } \
1750 { & name .hf.hs_server_keyex_ys_len, \
1751 { "Pubkey Length", prefix ".handshake.ys_len", \
1752 FT_UINT16, BASE_DEC, NULL, 0x0, \
1753 "Length of server's Diffie-Hellman public key", HFILL } \
1755 { & name .hf.hs_client_keyex_yc_len, \
1756 { "Pubkey Length", prefix ".handshake.yc_len", \
1757 FT_UINT16, BASE_DEC, NULL, 0x0, \
1758 "Length of client's Diffie-Hellman public key", HFILL } \
1760 { & name .hf.hs_client_keyex_point_len, \
1761 { "Pubkey Length", prefix ".handshake.client_point_len", \
1762 FT_UINT8, BASE_DEC, NULL, 0x0, \
1763 "Length of client's EC Diffie-Hellman public key", HFILL } \
1765 { & name .hf.hs_server_keyex_point_len, \
1766 { "Pubkey Length", prefix ".handshake.server_point_len", \
1767 FT_UINT8, BASE_DEC, NULL, 0x0, \
1768 "Length of server's EC Diffie-Hellman public key", HFILL } \
1770 { & name .hf.hs_server_keyex_p, \
1771 { "p", prefix ".handshake.p", \
1772 FT_BYTES, BASE_NONE, NULL, 0x0, \
1773 "Diffie-Hellman p", HFILL } \
1775 { & name .hf.hs_server_keyex_g, \
1776 { "g", prefix ".handshake.g", \
1777 FT_BYTES, BASE_NONE, NULL, 0x0, \
1778 "Diffie-Hellman g", HFILL } \
1780 { & name .hf.hs_server_keyex_curve_type, \
1781 { "Curve Type", prefix ".handshake.server_curve_type", \
1782 FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0, \
1783 "Server curve_type", HFILL } \
1785 { & name .hf.hs_server_keyex_named_curve, \
1786 { "Named Curve", prefix ".handshake.server_named_curve", \
1787 FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \
1788 "Server named_curve", HFILL } \
1790 { & name .hf.hs_server_keyex_ys, \
1791 { "Pubkey", prefix ".handshake.ys", \
1792 FT_BYTES, BASE_NONE, NULL, 0x0, \
1793 "Diffie-Hellman server pubkey", HFILL } \
1795 { & name .hf.hs_client_keyex_yc, \
1796 { "Pubkey", prefix ".handshake.yc", \
1797 FT_BYTES, BASE_NONE, NULL, 0x0, \
1798 "Diffie-Hellman client pubkey", HFILL } \
1800 { & name .hf.hs_server_keyex_point, \
1801 { "Pubkey", prefix ".handshake.server_point", \
1802 FT_BYTES, BASE_NONE, NULL, 0x0, \
1803 "EC Diffie-Hellman server pubkey", HFILL } \
1805 { & name .hf.hs_client_keyex_point, \
1806 { "Pubkey", prefix ".handshake.client_point", \
1807 FT_BYTES, BASE_NONE, NULL, 0x0, \
1808 "EC Diffie-Hellman client pubkey", HFILL } \
1810 { & name .hf.hs_server_keyex_xs_len, \
1811 { "Pubkey Length", prefix ".handshake.xs_len", \
1812 FT_UINT8, BASE_DEC, NULL, 0x0, \
1813 "Length of EC J-PAKE server public key", HFILL } \
1815 { & name .hf.hs_client_keyex_xc_len, \
1816 { "Pubkey Length", prefix ".handshake.xc_len", \
1817 FT_UINT8, BASE_DEC, NULL, 0x0, \
1818 "Length of EC J-PAKE client public key", HFILL } \
1820 { & name .hf.hs_server_keyex_xs, \
1821 { "Pubkey", prefix ".handshake.xs", \
1822 FT_BYTES, BASE_NONE, NULL, 0x0, \
1823 "EC J-PAKE server public key", HFILL } \
1825 { & name .hf.hs_client_keyex_xc, \
1826 { "Pubkey", prefix ".handshake.xc", \
1827 FT_BYTES, BASE_NONE, NULL, 0x0, \
1828 "EC J-PAKE client public key", HFILL } \
1830 { & name .hf.hs_server_keyex_vs_len, \
1831 { "Ephemeral Pubkey Length", prefix ".handshake.vs_len", \
1832 FT_UINT8, BASE_DEC, NULL, 0x0, \
1833 "Length of EC J-PAKE server ephemeral public key", HFILL } \
1835 { & name .hf.hs_client_keyex_vc_len, \
1836 { "Ephemeral Pubkey Length", prefix ".handshake.vc_len", \
1837 FT_UINT8, BASE_DEC, NULL, 0x0, \
1838 "Length of EC J-PAKE client ephemeral public key", HFILL } \
1840 { & name .hf.hs_server_keyex_vs, \
1841 { "Ephemeral Pubkey", prefix ".handshake.vs", \
1842 FT_BYTES, BASE_NONE, NULL, 0x0, \
1843 "EC J-PAKE server ephemeral public key", HFILL } \
1845 { & name .hf.hs_client_keyex_vc, \
1846 { "Ephemeral Pubkey", prefix ".handshake.vc", \
1847 FT_BYTES, BASE_NONE, NULL, 0x0, \
1848 "EC J-PAKE client ephemeral public key", HFILL } \
1850 { & name .hf.hs_server_keyex_rs_len, \
1851 { "Schnorr signature Length", prefix ".handshake.rs_len", \
1852 FT_UINT8, BASE_DEC, NULL, 0x0, \
1853 "Length of EC J-PAKE server Schnorr signature", HFILL } \
1855 { & name .hf.hs_client_keyex_rc_len, \
1856 { "Schnorr signature Length", prefix ".handshake.rc_len", \
1857 FT_UINT8, BASE_DEC, NULL, 0x0, \
1858 "Length of EC J-PAKE client Schnorr signature", HFILL } \
1860 { & name .hf.hs_server_keyex_rs, \
1861 { "Schnorr signature", prefix ".handshake.rs", \
1862 FT_BYTES, BASE_NONE, NULL, 0x0, \
1863 "EC J-PAKE server Schnorr signature", HFILL } \
1865 { & name .hf.hs_client_keyex_rc, \
1866 { "Schnorr signature", prefix ".handshake.rc", \
1867 FT_BYTES, BASE_NONE, NULL, 0x0, \
1868 "EC J-PAKE client Schnorr signature", HFILL } \
1870 { & name .hf.hs_server_keyex_modulus, \
1871 { "Modulus", prefix ".handshake.modulus", \
1872 FT_BYTES, BASE_NONE, NULL, 0x0, \
1873 "RSA-EXPORT modulus", HFILL } \
1875 { & name .hf.hs_server_keyex_exponent, \
1876 { "Exponent", prefix ".handshake.exponent", \
1877 FT_BYTES, BASE_NONE, NULL, 0x0, \
1878 "RSA-EXPORT exponent", HFILL } \
1880 { & name .hf.hs_server_keyex_sig, \
1881 { "Signature", prefix ".handshake.sig", \
1882 FT_BYTES, BASE_NONE, NULL, 0x0, \
1883 "Diffie-Hellman server signature", HFILL } \
1885 { & name .hf.hs_server_keyex_hint_len, \
1886 { "Hint Length", prefix ".handshake.hint_len", \
1887 FT_UINT16, BASE_DEC, NULL, 0x0, \
1888 "Length of PSK Hint", HFILL } \
1890 { & name .hf.hs_server_keyex_hint, \
1891 { "Hint", prefix ".handshake.hint", \
1892 FT_BYTES, BASE_NONE, NULL, 0x0, \
1893 "PSK Hint", HFILL } \
1895 { & name .hf.hs_client_keyex_identity_len, \
1896 { "Identity Length", prefix ".handshake.identity_len", \
1897 FT_UINT16, BASE_DEC, NULL, 0x0, \
1898 "Length of PSK Identity", HFILL } \
1900 { & name .hf.hs_client_keyex_identity, \
1901 { "Identity", prefix ".handshake.identity", \
1902 FT_BYTES, BASE_NONE, NULL, 0x0, \
1903 "PSK Identity", HFILL } \
1905 { & name .hf.hs_ext_heartbeat_mode, \
1906 { "Mode", prefix ".handshake.extension.heartbeat.mode", \
1907 FT_UINT8, BASE_DEC, VALS(tls_heartbeat_mode), 0x0, \
1908 "Heartbeat extension mode", HFILL } \
1910 { & name .hf.hs_certificates_len, \
1911 { "Certificates Length", prefix ".handshake.certificates_length", \
1912 FT_UINT24, BASE_DEC, NULL, 0x0, \
1913 "Length of certificates field", HFILL } \
1915 { & name .hf.hs_certificates, \
1916 { "Certificates", prefix ".handshake.certificates", \
1917 FT_NONE, BASE_NONE, NULL, 0x0, \
1918 "List of certificates", HFILL } \
1920 { & name .hf.hs_certificate, \
1921 { "Certificate", prefix ".handshake.certificate", \
1922 FT_BYTES, BASE_NONE, NULL, 0x0, \
1925 { & name .hf.hs_certificate_len, \
1926 { "Certificate Length", prefix ".handshake.certificate_length", \
1927 FT_UINT24, BASE_DEC, NULL, 0x0, \
1928 "Length of certificate", HFILL } \
1930 { & name .hf.hs_cert_types_count, \
1931 { "Certificate types count", prefix ".handshake.cert_types_count",\
1932 FT_UINT8, BASE_DEC, NULL, 0x0, \
1933 "Count of certificate types", HFILL } \
1935 { & name .hf.hs_cert_types, \
1936 { "Certificate types", prefix ".handshake.cert_types", \
1937 FT_NONE, BASE_NONE, NULL, 0x0, \
1938 "List of certificate types", HFILL } \
1940 { & name .hf.hs_cert_type, \
1941 { "Certificate type", prefix ".handshake.cert_type", \
1942 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0, \
1945 { & name .hf.hs_dnames_len, \
1946 { "Distinguished Names Length", prefix ".handshake.dnames_len", \
1947 FT_UINT16, BASE_DEC, NULL, 0x0, \
1948 "Length of list of CAs that server trusts", HFILL } \
1950 { & name .hf.hs_dnames, \
1951 { "Distinguished Names", prefix ".handshake.dnames", \
1952 FT_NONE, BASE_NONE, NULL, 0x0, \
1953 "List of CAs that server trusts", HFILL } \
1955 { & name .hf.hs_dname_len, \
1956 { "Distinguished Name Length", prefix ".handshake.dname_len", \
1957 FT_UINT16, BASE_DEC, NULL, 0x0, \
1958 "Length of distinguished name", HFILL } \
1960 { & name .hf.hs_dnames_truncated, \
1961 { "Tree view truncated", prefix ".handshake.dnames_truncated", \
1962 FT_NONE, BASE_NONE, NULL, 0x00, \
1963 "Some Distinguished Names are not added to tree pane to limit resources", HFILL } \
1965 { & name .hf.hs_dname, \
1966 { "Distinguished Name", prefix ".handshake.dname", \
1967 FT_NONE, BASE_NONE, NULL, 0x0, \
1968 "Distinguished name of a CA that server trusts", HFILL } \
1970 { & name .hf.hs_random, \
1971 { "Random", prefix ".handshake.random", \
1972 FT_BYTES, BASE_NONE, NULL, 0x0, \
1973 "Random values used for deriving keys", HFILL } \
1975 { & name .hf.hs_random_time, \
1976 { "GMT Unix Time", prefix ".handshake.random_time", \
1977 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, \
1978 "Unix time field of random structure", HFILL } \
1980 { & name .hf.hs_random_bytes, \
1981 { "Random Bytes", prefix ".handshake.random_bytes", \
1982 FT_BYTES, BASE_NONE, NULL, 0x0, \
1983 "Random values used for deriving keys", HFILL } \
1985 { & name .hf.hs_session_id, \
1986 { "Session ID", prefix ".handshake.session_id", \
1987 FT_BYTES, BASE_NONE, NULL, 0x0, \
1988 "Identifies the SSL session, allowing later resumption", HFILL }\
1990 { & name .hf.hs_session_id_len, \
1991 { "Session ID Length", prefix ".handshake.session_id_length", \
1992 FT_UINT8, BASE_DEC, NULL, 0x0, \
1993 "Length of Session ID field", HFILL } \
1995 { & name .hf.hs_client_version, \
1996 { "Version", prefix ".handshake.version", \
1997 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
1998 "Maximum version supported by client [legacy_version if supported_versions ext is present]", HFILL } \
2000 { & name .hf.hs_server_version, \
2001 { "Version", prefix ".handshake.version", \
2002 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
2003 "Version selected by server [legacy_version if supported_versions ext is present]", HFILL } \
2005 { & name .hf.hs_cipher_suites_len, \
2006 { "Cipher Suites Length", prefix ".handshake.cipher_suites_length", \
2007 FT_UINT16, BASE_DEC, NULL, 0x0, \
2008 "Length of cipher suites field", HFILL } \
2010 { & name .hf.hs_cipher_suites, \
2011 { "Cipher Suites", prefix ".handshake.ciphersuites", \
2012 FT_NONE, BASE_NONE, NULL, 0x0, \
2013 "List of cipher suites supported by client", HFILL } \
2015 { & name .hf.hs_cipher_suite, \
2016 { "Cipher Suite", prefix ".handshake.ciphersuite", \
2017 FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0, \
2020 { & name .hf.hs_comp_methods_len, \
2021 { "Compression Methods Length", prefix ".handshake.comp_methods_length", \
2022 FT_UINT8, BASE_DEC, NULL, 0x0, \
2023 "Length of compression methods field", HFILL } \
2025 { & name .hf.hs_comp_methods, \
2026 { "Compression Methods", prefix ".handshake.comp_methods", \
2027 FT_NONE, BASE_NONE, NULL, 0x0, \
2028 "List of compression methods supported by client", HFILL } \
2030 { & name .hf.hs_comp_method, \
2031 { "Compression Method", prefix ".handshake.comp_method", \
2032 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0, \
2035 { & name .hf.hs_session_ticket_lifetime_hint, \
2036 { "Session Ticket Lifetime Hint", \
2037 prefix ".handshake.session_ticket_lifetime_hint", \
2038 FT_UINT32, BASE_DEC|BASE_UNIT_STRING, UNS(&units_second_seconds), 0x0, \
2039 "New Session Ticket Lifetime Hint", HFILL } \
2041 { & name .hf.hs_session_ticket_age_add, \
2042 { "Session Ticket Age Add", \
2043 prefix ".handshake.session_ticket_age_add", \
2044 FT_UINT32, BASE_DEC, NULL, 0x0, \
2045 "Random 32-bit value to obscure age of ticket", HFILL } \
2047 { & name .hf.hs_session_ticket_nonce_len, \
2048 { "Session Ticket Nonce Length", prefix ".handshake.session_ticket_nonce_length", \
2049 FT_UINT8, BASE_DEC, NULL, 0x0, \
2052 { & name .hf.hs_session_ticket_nonce, \
2053 { "Session Ticket Nonce", prefix ".handshake.session_ticket_nonce", \
2054 FT_BYTES, BASE_NONE, NULL, 0x0, \
2055 "A unique per-ticket value", HFILL } \
2057 { & name .hf.hs_session_ticket_len, \
2058 { "Session Ticket Length", prefix ".handshake.session_ticket_length", \
2059 FT_UINT16, BASE_DEC, NULL, 0x0, \
2060 "New Session Ticket Length", HFILL } \
2062 { & name .hf.hs_session_ticket, \
2063 { "Session Ticket", prefix ".handshake.session_ticket", \
2064 FT_BYTES, BASE_NONE, NULL, 0x0, \
2065 "New Session Ticket", HFILL } \
2067 { & name .hf.hs_finished, \
2068 { "Verify Data", prefix ".handshake.verify_data", \
2069 FT_NONE, BASE_NONE, NULL, 0x0, \
2070 "Opaque verification data", HFILL } \
2072 { & name .hf.hs_client_cert_vrfy_sig_len, \
2073 { "Signature length", prefix ".handshake.client_cert_vrfy.sig_len", \
2074 FT_UINT16, BASE_DEC, NULL, 0x0, \
2075 "Length of CertificateVerify's signature", HFILL } \
2077 { & name .hf.hs_client_cert_vrfy_sig, \
2078 { "Signature", prefix ".handshake.client_cert_vrfy.sig", \
2079 FT_BYTES, BASE_NONE, NULL, 0x0, \
2080 "CertificateVerify's signature", HFILL } \
2082 { & name .hf.hs_ja3_full, \
2083 { "JA3 Fullstring", prefix ".handshake.ja3_full", \
2084 FT_STRING, BASE_NONE, NULL, 0x0, \
2087 { & name .hf.hs_ja3_hash, \
2088 { "JA3", prefix ".handshake.ja3", \
2089 FT_STRING, BASE_NONE, NULL, 0x0, \
2092 { & name .hf.hs_ja3s_full, \
2093 { "JA3S Fullstring", prefix ".handshake.ja3s_full", \
2094 FT_STRING, BASE_NONE, NULL, 0x0, \
2097 { & name .hf.hs_ja3s_hash, \
2098 { "JA3S", prefix ".handshake.ja3s", \
2099 FT_STRING, BASE_NONE, NULL, 0x0, \
2102 { & name .hf.hs_ja4, \
2103 { "JA4", prefix ".handshake.ja4", \
2104 FT_STRING, BASE_NONE, NULL, 0x0, \
2107 { & name .hf.hs_ja4_r, \
2108 { "JA4_r", prefix ".handshake.ja4_r", \
2109 FT_STRING, BASE_NONE, NULL, 0x0, \
2112 { & name .hf.hs_ext_psk_ke_modes_length, \
2113 { "PSK Key Exchange Modes Length", prefix ".extension.psk_ke_modes_length", \
2114 FT_UINT8, BASE_DEC, NULL, 0x0, \
2117 { & name .hf.hs_ext_psk_ke_mode, \
2118 { "PSK Key Exchange Mode", prefix ".extension.psk_ke_mode", \
2119 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_psk_ke_mode), 0x0, \
2120 "Key exchange modes where the client supports use of PSKs", HFILL } \
2122 { & name .hf.hs_certificate_request_context_length, \
2123 { "Certificate Request Context Length", prefix ".handshake.certificate_request_context_length", \
2124 FT_UINT8, BASE_DEC, NULL, 0x0, \
2127 { & name .hf.hs_certificate_request_context, \
2128 { "Certificate Request Context", prefix ".handshake.certificate_request_context", \
2129 FT_BYTES, BASE_NONE, NULL, 0x0, \
2130 "Value from CertificateRequest or empty for server auth", HFILL } \
2132 { & name .hf.hs_key_update_request_update, \
2133 { "Key Update Request", prefix ".handshake.key_update.request_update", \
2134 FT_UINT8, BASE_DEC, VALS(tls13_key_update_request), 0x00, \
2135 "Whether the receiver should also update its keys", HFILL } \
2137 { & name .hf.sct_scts_length, \
2138 { "Serialized SCT List Length", prefix ".sct.scts_length", \
2139 FT_UINT16, BASE_DEC, NULL, 0x00, \
2142 { & name .hf.sct_sct_length, \
2143 { "Serialized SCT Length", prefix ".sct.sct_length", \
2144 FT_UINT16, BASE_DEC, NULL, 0x00, \
2147 { & name .hf.sct_sct_version, \
2148 { "SCT Version", prefix ".sct.sct_version", \
2149 FT_UINT8, BASE_DEC, NULL, 0x00, \
2150 "SCT Protocol version (v1 (0) is defined in RFC 6962)", HFILL } \
2152 { & name .hf.sct_sct_logid, \
2153 { "Log ID", prefix ".sct.sct_logid", \
2154 FT_BYTES, BASE_NONE, NULL, 0x00, \
2155 "SHA-256 hash of log's public key", HFILL } \
2157 { & name .hf.sct_sct_timestamp, \
2158 { "Timestamp", prefix ".sct.sct_timestamp", \
2159 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x00, \
2160 "Timestamp of issuance", HFILL } \
2162 { & name .hf.sct_sct_extensions_length, \
2163 { "Extensions length", prefix ".sct.sct_extensions_length", \
2164 FT_UINT16, BASE_DEC, NULL, 0x00, \
2165 "Length of future extensions to this protocol (currently none)", HFILL } \
2167 { & name .hf.sct_sct_extensions, \
2168 { "Extensions", prefix ".sct.sct_extensions", \
2169 FT_NONE, BASE_NONE, NULL, 0x00, \
2170 "Future extensions to this protocol (currently none)", HFILL } \
2172 { & name .hf.sct_sct_signature_length, \
2173 { "Signature Length", prefix ".sct.sct_signature_length", \
2174 FT_UINT16, BASE_DEC, NULL, 0x00, \
2177 { & name .hf.sct_sct_signature, \
2178 { "Signature", prefix ".sct.sct_signature", \
2179 FT_BYTES, BASE_NONE, NULL, 0x00, \
2182 { & name .hf.hs_ext_max_early_data_size, \
2183 { "Maximum Early Data Size", prefix ".early_data.max_early_data_size", \
2184 FT_UINT32, BASE_DEC, NULL, 0x00, \
2185 "Maximum amount of 0-RTT data that the client may send", HFILL } \
2187 { & name .hf.hs_ext_oid_filters_length, \
2188 { "OID Filters Length", prefix ".extension.oid_filters_length", \
2189 FT_UINT16, BASE_DEC, NULL, 0x00, \
2192 { & name .hf.hs_ext_oid_filters_oid_length, \
2193 { "Certificate Extension OID Length", prefix ".extension.oid_filters.oid_length", \
2194 FT_UINT8, BASE_DEC, NULL, 0x00, \
2197 { & name .hf.hs_ext_oid_filters_oid, \
2198 { "Certificate Extension OID", prefix ".extension.oid_filters.oid", \
2199 FT_OID, BASE_NONE, NULL, 0x00, \
2202 { & name .hf.hs_ext_oid_filters_values_length, \
2203 { "Certificate Extension Values Length", prefix ".extension.oid_filters.values_length", \
2204 FT_UINT16, BASE_DEC, NULL, 0x00, \
2207 { & name .hf.hs_cred_valid_time, \
2208 { "Valid Time", prefix ".handshake.cred.valid_time", \
2209 FT_UINT16, BASE_DEC, NULL, 0x0, \
2210 "Delegated Credentials Valid Time", HFILL } \
2212 { & name .hf.hs_cred_pubkey, \
2213 { "Subject Public Key Info", prefix ".handshake.cred.pubkey", \
2214 FT_BYTES, BASE_NONE, NULL, 0x0, \
2215 "Delegated Credentials Subject Public Key Info", HFILL } \
2217 { & name .hf.hs_cred_pubkey_len, \
2218 { "Subject Public Key Info Length", prefix ".handshake.cred.pubkey_len", \
2219 FT_UINT24, BASE_DEC, NULL, 0x0, \
2220 "Delegated Credentials Subject Public Key Info Length", HFILL } \
2222 { & name .hf.hs_cred_signature, \
2223 { "Signature", prefix ".handshake.cred.signature", \
2224 FT_BYTES, BASE_NONE, NULL, 0x0, \
2225 "Delegated Credentials Signature", HFILL } \
2227 { & name .hf.hs_cred_signature_len, \
2228 { "Signature Length", prefix ".handshake.cred.signature_len", \
2229 FT_UINT16, BASE_DEC, NULL, 0x0, \
2230 "Delegated Credentials Signature Length", HFILL } \
2232 { & name .hf.hs_ext_compress_certificate_algorithms_length, \
2233 { "Algorithms Length", prefix ".compress_certificate.algorithms_length", \
2234 FT_UINT8, BASE_DEC, NULL, 0x00, \
2237 { & name .hf.hs_ext_compress_certificate_algorithm, \
2238 { "Algorithm", prefix ".compress_certificate.algorithm", \
2239 FT_UINT16, BASE_DEC, VALS(compress_certificate_algorithm_vals), 0x00, \
2242 { & name .hf.hs_ext_compress_certificate_uncompressed_length, \
2243 { "Uncompressed Length", prefix ".compress_certificate.uncompressed_length", \
2244 FT_UINT24, BASE_DEC, NULL, 0x00, \
2247 { & name .hf.hs_ext_compress_certificate_compressed_certificate_message_length, \
2248 { "Length", prefix ".compress_certificate.compressed_certificate_message.length", \
2249 FT_UINT24, BASE_DEC, NULL, 0x00, \
2252 { & name .hf.hs_ext_compress_certificate_compressed_certificate_message, \
2253 { "Compressed Certificate Message", prefix ".compress_certificate.compressed_certificate_message", \
2254 FT_BYTES, BASE_NONE, NULL, 0x00, \
2257 { & name .hf.hs_ext_token_binding_version_major, \
2258 { "Protocol Major Version", prefix ".token_binding.version_major", \
2259 FT_UINT8, BASE_HEX, NULL, 0x00, \
2260 "Major version of the Token Binding protocol", HFILL } \
2262 { & name .hf.hs_ext_token_binding_version_minor, \
2263 { "Protocol Minor Version", prefix ".token_binding.version_minor", \
2264 FT_UINT8, BASE_HEX, NULL, 0x00, \
2265 "Minor version of the Token Binding protocol", HFILL } \
2267 { & name .hf.hs_ext_token_binding_key_parameters, \
2268 { "Key Parameters", prefix ".token_binding.key_parameters", \
2269 FT_NONE, BASE_NONE, NULL, 0x0, \
2272 { & name .hf.hs_ext_token_binding_key_parameters_length, \
2273 { "Key Parameters Length", prefix ".token_binding.key_parameters_length", \
2274 FT_UINT8, BASE_DEC, NULL, 0x00, \
2275 "Length of the key parameters list", HFILL } \
2277 { & name .hf.hs_ext_token_binding_key_parameter, \
2278 { "Key Parameter", prefix ".token_binding.key_parameter", \
2279 FT_UINT8, BASE_DEC, VALS(token_binding_key_parameter_vals), 0x00, \
2280 "Identifier of the Token Binding key parameter", HFILL } \
2282 { & name .hf.hs_ext_record_size_limit, \
2283 { "Record Size Limit", prefix ".record_size_limit", \
2284 FT_UINT16, BASE_DEC, NULL, 0x00, \
2285 "Maximum record size that an endpoint is willing to receive", HFILL } \
2287 { & name .hf.hs_ext_quictp_len, \
2288 { "Parameters Length", prefix ".quic.len", \
2289 FT_UINT16, BASE_DEC, NULL, 0x00, \
2292 { & name .hf.hs_ext_quictp_parameter, \
2293 { "Parameter", prefix ".quic.parameter", \
2294 FT_NONE, BASE_NONE, NULL, 0x00, \
2297 { & name .hf.hs_ext_quictp_parameter_type, \
2298 { "Type", prefix ".quic.parameter.type", \
2299 FT_UINT64, BASE_CUSTOM, CF_FUNC(quic_transport_parameter_id_base_custom), 0x00, \
2302 { & name .hf.hs_ext_quictp_parameter_len, \
2303 { "Length", prefix ".quic.parameter.length", \
2304 FT_UINT64, BASE_DEC, NULL, 0x00, \
2307 { & name .hf.hs_ext_quictp_parameter_len_old, \
2308 { "Length", prefix ".quic.parameter.length.old", \
2309 FT_UINT16, BASE_DEC, NULL, 0x00, \
2312 { & name .hf.hs_ext_quictp_parameter_value, \
2313 { "Value", prefix ".quic.parameter.value", \
2314 FT_BYTES, BASE_NONE, NULL, 0x00, \
2317 { & name .hf.hs_ext_quictp_parameter_original_destination_connection_id, \
2318 { "original_destination_connection_id", prefix ".quic.parameter.original_destination_connection_id", \
2319 FT_BYTES, BASE_NONE, NULL, 0x00, \
2320 "Destination Connection ID from the first Initial packet sent by the client", HFILL } \
2322 { & name .hf.hs_ext_quictp_parameter_max_idle_timeout, \
2323 { "max_idle_timeout", prefix ".quic.parameter.max_idle_timeout", \
2324 FT_UINT64, BASE_DEC, NULL, 0x00, \
2325 "In milliseconds", HFILL } \
2327 { & name .hf.hs_ext_quictp_parameter_stateless_reset_token, \
2328 { "stateless_reset_token", prefix ".quic.parameter.stateless_reset_token", \
2329 FT_BYTES, BASE_NONE, NULL, 0x00, \
2330 "Used in verifying a stateless reset", HFILL } \
2332 { & name .hf.hs_ext_quictp_parameter_max_udp_payload_size, \
2333 { "max_udp_payload_size", prefix ".quic.parameter.max_udp_payload_size", \
2334 FT_UINT64, BASE_DEC, NULL, 0x00, \
2335 "Maximum UDP payload size that the endpoint is willing to receive", HFILL } \
2337 { & name .hf.hs_ext_quictp_parameter_initial_max_data, \
2338 { "initial_max_data", prefix ".quic.parameter.initial_max_data", \
2339 FT_UINT64, BASE_DEC, NULL, 0x00, \
2340 "Contains the initial value for the maximum amount of data that can be sent on the connection", HFILL } \
2342 { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_local, \
2343 { "initial_max_stream_data_bidi_local", prefix ".quic.parameter.initial_max_stream_data_bidi_local", \
2344 FT_UINT64, BASE_DEC, NULL, 0x00, \
2345 "Initial stream maximum data for bidirectional, locally-initiated streams", HFILL } \
2347 { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote, \
2348 { "initial_max_stream_data_bidi_remote", prefix ".quic.parameter.initial_max_stream_data_bidi_remote", \
2349 FT_UINT64, BASE_DEC, NULL, 0x00, \
2350 "Initial stream maximum data for bidirectional, peer-initiated streams", HFILL } \
2352 { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_uni, \
2353 { "initial_max_stream_data_uni", prefix ".quic.parameter.initial_max_stream_data_uni", \
2354 FT_UINT64, BASE_DEC, NULL, 0x00, \
2355 "Initial stream maximum data for unidirectional streams parameter", HFILL } \
2357 { & name .hf.hs_ext_quictp_parameter_initial_max_streams_bidi, \
2358 { "initial_max_streams_bidi", prefix ".quic.parameter.initial_max_streams_bidi", \
2359 FT_UINT64, BASE_DEC, NULL, 0x00, \
2360 "Initial maximum number of application-owned bidirectional streams", HFILL } \
2362 { & name .hf.hs_ext_quictp_parameter_initial_max_streams_uni, \
2363 { "initial_max_streams_uni", prefix ".quic.parameter.initial_max_streams_uni", \
2364 FT_UINT64, BASE_DEC, NULL, 0x00, \
2365 "Initial maximum number of application-owned unidirectional streams", HFILL } \
2367 { & name .hf.hs_ext_quictp_parameter_ack_delay_exponent, \
2368 { "ack_delay_exponent", prefix ".quic.parameter.ack_delay_exponent", \
2369 FT_UINT64, BASE_DEC, NULL, 0x00, \
2370 "Indicating an exponent used to decode the ACK Delay field in the ACK frame,", HFILL } \
2372 { & name .hf.hs_ext_quictp_parameter_max_ack_delay, \
2373 { "max_ack_delay", prefix ".quic.parameter.max_ack_delay", \
2374 FT_UINT64, BASE_DEC, NULL, 0x00, \
2375 "Indicating the maximum amount of time in milliseconds by which it will delay sending of acknowledgments", HFILL } \
2377 { & name .hf.hs_ext_quictp_parameter_pa_ipv4address, \
2378 { "ipv4Address", prefix ".quic.parameter.preferred_address.ipv4address", \
2379 FT_IPv4, BASE_NONE, NULL, 0x00, \
2382 { & name .hf.hs_ext_quictp_parameter_pa_ipv6address, \
2383 { "ipv6Address", prefix ".quic.parameter.preferred_address.ipv6address", \
2384 FT_IPv6, BASE_NONE, NULL, 0x00, \
2387 { & name .hf.hs_ext_quictp_parameter_pa_ipv4port, \
2388 { "ipv4Port", prefix ".quic.parameter.preferred_address.ipv4port", \
2389 FT_UINT16, BASE_DEC, NULL, 0x00, \
2392 { & name .hf.hs_ext_quictp_parameter_pa_ipv6port, \
2393 { "ipv6Port", prefix ".quic.parameter.preferred_address.ipv6port", \
2394 FT_UINT16, BASE_DEC, NULL, 0x00, \
2397 { & name .hf.hs_ext_quictp_parameter_pa_connectionid_length, \
2398 { "Length", prefix ".quic.parameter.preferred_address.connectionid.length", \
2399 FT_UINT8, BASE_DEC, NULL, 0x00, \
2400 "Length of connectionId Field", HFILL } \
2402 { & name .hf.hs_ext_quictp_parameter_pa_connectionid, \
2403 { "connectionId", prefix ".quic.parameter.preferred_address.connectionid", \
2404 FT_BYTES, BASE_NONE, NULL, 0x00, \
2407 { & name .hf.hs_ext_quictp_parameter_pa_statelessresettoken, \
2408 { "statelessResetToken", prefix ".quic.parameter.preferred_address.statelessresettoken", \
2409 FT_BYTES, BASE_NONE, NULL, 0x00, \
2412 { & name .hf.hs_ext_quictp_parameter_active_connection_id_limit, \
2413 { "Active Connection ID Limit", prefix ".quic.parameter.active_connection_id_limit", \
2414 FT_UINT64, BASE_DEC, NULL, 0x00, \
2417 { & name .hf.hs_ext_quictp_parameter_initial_source_connection_id, \
2418 { "Initial Source Connection ID", prefix ".quic.parameter.initial_source_connection_id", \
2419 FT_BYTES, BASE_NONE, NULL, 0x00, \
2422 { & name .hf.hs_ext_quictp_parameter_retry_source_connection_id, \
2423 { "Retry Source Connection ID", prefix ".quic.parameter.retry_source_connection_id", \
2424 FT_BYTES, BASE_NONE, NULL, 0x00, \
2427 { & name .hf.hs_ext_quictp_parameter_max_datagram_frame_size, \
2428 { "max_datagram_frame_size", prefix ".quic.parameter.max_datagram_frame_size", \
2429 FT_UINT64, BASE_DEC, NULL, 0x00, \
2432 { & name .hf.hs_ext_quictp_parameter_cibir_encoding_length, \
2433 { "length", prefix ".quic.parameter.cibir_encoding.length", \
2434 FT_UINT64, BASE_DEC, NULL, 0x00, \
2437 { & name .hf.hs_ext_quictp_parameter_cibir_encoding_offset, \
2438 { "offset", prefix ".quic.parameter.cibir_encoding.offset", \
2439 FT_UINT64, BASE_DEC, NULL, 0x00, \
2442 { & name .hf.hs_ext_quictp_parameter_loss_bits, \
2443 { "loss_bits", prefix ".quic.parameter.loss_bits", \
2444 FT_UINT64, BASE_DEC, NULL, 0x00, \
2447 { & name .hf.hs_ext_quictp_parameter_enable_time_stamp_v2, \
2448 { "Enable TimestampV2", prefix ".quic.parameter.enable_time_stamp_v2", \
2449 FT_UINT64, BASE_DEC|BASE_VAL64_STRING, VALS64(quic_enable_time_stamp_v2_vals), 0x00, \
2452 { & name .hf.hs_ext_quictp_parameter_min_ack_delay, \
2453 { "min_ack_delay", prefix ".quic.parameter.min_ack_delay", \
2454 FT_UINT64, BASE_DEC, NULL, 0x00, \
2457 { & name .hf.hs_ext_quictp_parameter_google_user_agent_id, \
2458 { "Google UserAgent", prefix ".quic.parameter.google.user_agent", \
2459 FT_STRING, BASE_NONE, NULL, 0x00, \
2462 { & name .hf.hs_ext_quictp_parameter_google_key_update_not_yet_supported, \
2463 { "Google Key Update not yet supported", prefix ".quic.parameter.google.key_update_not_yet_supported", \
2464 FT_NONE, BASE_NONE, NULL, 0x00, \
2467 { & name .hf.hs_ext_quictp_parameter_google_quic_version, \
2468 { "Google QUIC version", prefix ".quic.parameter.google.quic_version", \
2469 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2472 { & name .hf.hs_ext_quictp_parameter_google_initial_rtt, \
2473 { "Google Initial RTT", prefix ".quic.parameter.google.initial_rtt", \
2474 FT_UINT64, BASE_DEC, NULL, 0x00, \
2477 { & name .hf.hs_ext_quictp_parameter_google_support_handshake_done, \
2478 { "Google Support Handshake Done", prefix ".quic.parameter.google.support_handshake_done", \
2479 FT_NONE, BASE_NONE, NULL, 0x00, \
2482 { & name .hf.hs_ext_quictp_parameter_google_quic_params, \
2483 { "Google QUIC parameters", prefix ".quic.parameter.google.quic_params", \
2484 FT_BYTES, BASE_NONE, NULL, 0x00, \
2487 { & name .hf.hs_ext_quictp_parameter_google_quic_params_unknown_field, \
2488 { "Google Unknown Field", prefix ".quic.parameter.google.quic_params_unknown_field", \
2489 FT_BYTES, BASE_NONE, NULL, 0x00, \
2492 { & name .hf.hs_ext_quictp_parameter_google_connection_options, \
2493 { "Google Connection options", prefix ".quic.parameter.google.connection_options", \
2494 FT_BYTES, BASE_NONE, NULL, 0x00, \
2497 { & name .hf.hs_ext_quictp_parameter_google_supported_versions_length, \
2498 { "Google Supported Versions Length", prefix ".quic.parameter.google.supported_versions_length", \
2499 FT_UINT8, BASE_DEC, NULL, 0x00, \
2502 { & name .hf.hs_ext_quictp_parameter_google_supported_version, \
2503 { "Google Supported Version", prefix ".quic.parameter.google.supported_version", \
2504 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2507 { & name .hf.hs_ext_quictp_parameter_facebook_partial_reliability, \
2508 { "Facebook Partial Reliability", prefix ".quic.parameter.facebook.partial_reliability", \
2509 FT_UINT64, BASE_DEC, NULL, 0x00, \
2512 { & name .hf.hs_ext_quictp_parameter_chosen_version, \
2513 { "Chosen Version", prefix ".quic.parameter.vi.chosen_version", \
2514 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2517 { & name .hf.hs_ext_quictp_parameter_other_version, \
2518 { "Other Version", prefix ".quic.parameter.vi.other_version", \
2519 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2522 { & name .hf.hs_ext_quictp_parameter_enable_multipath, \
2523 { "Enable Multipath", prefix ".quic.parameter.enable_multipath", \
2524 FT_UINT64, BASE_DEC|BASE_VAL64_STRING, VALS64(quic_enable_multipath_vals), 0x00, \
2527 { & name .hf.hs_ext_quictp_parameter_initial_max_paths, \
2528 { "Initial Max Paths", prefix ".quic.parameter.initial_max_paths", \
2529 FT_UINT64, BASE_DEC, NULL, 0x00, \
2532 { & name .hf.hs_ext_quictp_parameter_initial_max_path_id, \
2533 { "Initial Max Path ID", prefix ".quic.parameter.initial_max_path_id", \
2534 FT_UINT64, BASE_DEC, NULL, 0x00, \
2537 { & name .hf.hs_ext_connection_id_length, \
2538 { "Connection ID length", prefix ".connection_id_length", \
2539 FT_UINT8, BASE_DEC, NULL, 0x00, \
2542 { & name .hf.hs_ext_connection_id, \
2543 { "Connection ID", prefix ".connection_id", \
2544 FT_BYTES, BASE_NONE, NULL, 0x00, \
2547 { & name .hf.hs_ext_trusted_ca_keys_len, \
2548 { "Trusted CA keys length", prefix ".handshake.trusted_ca.keys_length", \
2549 FT_UINT16, BASE_DEC, NULL, 0x00, \
2550 "Length of Trusted CA keys extension", HFILL } \
2552 { & name .hf.hs_ext_trusted_ca_keys_list, \
2553 { "Trusted CA keys", prefix ".handshake.trusted_ca.keys", \
2554 FT_NONE, BASE_NONE, NULL, 0x00, \
2555 "List of Trusted CA keys", HFILL } \
2557 { & name .hf.hs_ext_trusted_ca_key, \
2558 { "Trusted CA key", prefix ".handshake.trusted_ca.key", \
2559 FT_NONE, BASE_NONE, NULL, 0x0, \
2562 { & name .hf.hs_ext_trusted_ca_key_type, \
2563 { "Trusted CA key type", prefix ".handshake.trusted_ca.key_type", \
2564 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_trusted_ca_key_type), 0x00, \
2565 "Type of Trusted CA key", HFILL } \
2567 { & name .hf.hs_ext_trusted_ca_key_hash, \
2568 { "Trusted CA key hash", prefix ".handshake.trusted_ca.key_hash", \
2569 FT_BYTES, BASE_NONE, NULL, 0x00, \
2572 { & name .hf.hs_ext_trusted_ca_key_dname_len, \
2573 { "Distinguished Name Length", prefix ".handshake.trusted_ca.key_dname_len", \
2574 FT_UINT16, BASE_DEC, NULL, 0x0, \
2575 "Length of distinguished name", HFILL } \
2577 { & name .hf.hs_ext_trusted_ca_key_dname, \
2578 { "Distinguished Name", prefix ".handshake.trusted_ca.key_dname", \
2579 FT_NONE, BASE_NONE, NULL, 0x0, \
2580 "Distinguished name of a CA that the client trusts", HFILL } \
2582 { & name .hf.esni_suite, \
2583 { "Cipher Suite", prefix ".esni.suite", \
2584 FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0, \
2585 "Cipher suite used to encrypt the SNI", HFILL } \
2587 { & name .hf.esni_record_digest_length, \
2588 { "Record Digest Length", prefix ".esni.record_digest_length", \
2589 FT_UINT16, BASE_DEC, NULL, 0x00, \
2592 { & name .hf.esni_record_digest, \
2593 { "Record Digest", prefix ".esni.record_digest", \
2594 FT_BYTES, BASE_NONE, NULL, 0x00, \
2595 "Cryptographic hash of the ESNIKeys from which the ESNI key was obtained", HFILL } \
2597 { & name .hf.esni_encrypted_sni_length, \
2598 { "Encrypted SNI Length", prefix ".esni.encrypted_sni_length", \
2599 FT_UINT16, BASE_DEC, NULL, 0x00, \
2602 { & name .hf.esni_encrypted_sni, \
2603 { "Encrypted SNI", prefix ".esni.encrypted_sni", \
2604 FT_BYTES, BASE_NONE, NULL, 0x00, \
2605 "The encrypted ClientESNIInner structure", HFILL } \
2607 { & name .hf.esni_nonce, \
2608 { "Nonce", prefix ".esni.nonce", \
2609 FT_BYTES, BASE_NONE, NULL, 0x00, \
2610 "Contents of ClientESNIInner.nonce", HFILL } \
2612 { & name .hf.ech_echconfiglist_length, \
2613 { "ECHConfigList length", prefix ".ech.echconfiglist_length", \
2614 FT_UINT16, BASE_DEC, NULL, 0x0, \
2615 "Encrypted ClientHello (ECH) Configurations length", HFILL } \
2617 { & name .hf.ech_echconfiglist, \
2618 { "ECHConfigList", prefix ".ech.echconfiglist", \
2619 FT_NONE, BASE_NONE, NULL, 0x0, \
2620 "Encrypted ClientHello (ECH) Configurations", HFILL } \
2622 { & name .hf.ech_echconfig, \
2623 { "ECHConfig", prefix ".ech.echconfig", \
2624 FT_NONE, BASE_NONE, NULL, 0x0, \
2625 "Encrypted ClientHello (ECH) Configuration", HFILL } \
2627 { & name .hf.ech_echconfig_version, \
2628 { "Version", prefix ".ech.echconfig.version", \
2629 FT_UINT16, BASE_HEX, NULL, 0x0, \
2630 "Encrypted ClientHello: ECHConfig version", HFILL } \
2632 { & name .hf.ech_echconfig_length, \
2633 { "Length", prefix ".ech.echconfig.length", \
2634 FT_UINT16, BASE_DEC, NULL, 0x0, \
2635 "Encrypted ClientHello: ECHConfig length", HFILL } \
2637 { & name .hf.ech_echconfigcontents_maximum_name_length, \
2638 { "Maximum Name Length", prefix ".ech.echconfigcontents.maximum_name_length", \
2639 FT_UINT8, BASE_DEC, NULL, 0x0, \
2640 "The longest name of a backend server, if known", HFILL } \
2642 { & name .hf.ech_echconfigcontents_public_name_length, \
2643 { "Public Name length", prefix ".ech.echconfigcontents.public_name_length", \
2644 FT_UINT8, BASE_DEC, NULL, 0x0, \
2645 "Length of the Public Name field", HFILL } \
2647 { & name .hf.ech_echconfigcontents_public_name, \
2648 { "Public Name", prefix ".ech.echconfigcontents.public_name", \
2649 FT_STRING, BASE_NONE, NULL, 0x0, \
2650 "The DNS name of the client-facing server, i.e., the entity trusted to update the ECH configuration", HFILL } \
2652 { & name .hf.ech_echconfigcontents_extensions_length, \
2653 { "Extensions length", prefix ".ech.echconfigcontents.extensions_length", \
2654 FT_UINT16, BASE_DEC, NULL, 0x0, \
2655 "Length of the Extensions field", HFILL } \
2657 { & name .hf.ech_echconfigcontents_extensions, \
2658 { "Extensions", prefix ".ech.echconfigcontents.extensions", \
2659 FT_BYTES, BASE_NONE, NULL, 0x0, \
2660 "A list of extensions that the client must take into consideration when generating a ClientHello message", HFILL } \
2662 { & name .hf.ech_hpke_keyconfig, \
2663 { "HPKE Key Config", prefix ".ech.hpke.keyconfig", \
2664 FT_NONE, BASE_NONE, NULL, 0x0, \
2665 "HPKE Key Config", HFILL } \
2667 { & name .hf.ech_hpke_keyconfig_config_id, \
2668 { "Config Id", prefix ".ech.hpke.keyconfig.config_id", \
2669 FT_UINT8, BASE_DEC, NULL, 0x0, \
2670 "HPKE Config Id", HFILL } \
2672 { & name .hf.ech_hpke_keyconfig_kem_id, \
2673 { "KEM Id", prefix ".ech.hpke.keyconfig.kem_id", \
2674 FT_UINT16, BASE_DEC, VALS(kem_id_type_vals), 0x0, \
2675 "HPKE KEM Id", HFILL } \
2677 { & name .hf.ech_hpke_keyconfig_public_key_length, \
2678 { "Public Key length", prefix ".ech.hpke.keyconfig.public_key_length", \
2679 FT_UINT16, BASE_DEC, NULL, 0x0, \
2680 "HPKE Public Key length", HFILL } \
2682 { & name .hf.ech_hpke_keyconfig_public_key, \
2683 { "Public Key", prefix ".ech.hpke.keyconfig.public_key", \
2684 FT_BYTES, BASE_NONE, NULL, 0x0, \
2685 "HPKE Public Key", HFILL } \
2687 { & name .hf.ech_hpke_keyconfig_cipher_suites, \
2688 { "Cipher Suites", prefix ".ech.hpke.keyconfig.cipher_suites", \
2689 FT_NONE, BASE_NONE, NULL, 0x0, \
2690 "HPKE Cipher Suites", HFILL } \
2692 { & name .hf.ech_hpke_keyconfig_cipher_suites_length, \
2693 { "Cipher Suites length", prefix ".ech.hpke.keyconfig.cipher_suites_length", \
2694 FT_UINT16, BASE_DEC, NULL, 0x0, \
2695 "HPKE Cipher Suites length", HFILL } \
2697 { & name .hf.ech_hpke_keyconfig_cipher_suite, \
2698 { "Cipher Suite", prefix ".ech.hpke.keyconfig.cipher_suite", \
2699 FT_NONE, BASE_NONE, NULL, 0x0, \
2700 "HPKE Cipher Suite", HFILL } \
2702 { & name .hf.ech_hpke_keyconfig_cipher_suite_kdf_id, \
2703 { "KDF Id", prefix ".ech.hpke.keyconfig.cipher_suite.kdf_id", \
2704 FT_UINT16, BASE_DEC, VALS(kdf_id_type_vals), 0x0, \
2705 "HPKE KDF Id", HFILL } \
2707 { & name .hf.ech_hpke_keyconfig_cipher_suite_aead_id, \
2708 { "AEAD Id", prefix ".ech.hpke.keyconfig.cipher_suite.aead_id", \
2709 FT_UINT16, BASE_DEC, VALS(aead_id_type_vals), 0x0, \
2710 "HPKE AEAD Id", HFILL } \
2712 { & name .hf.ech_clienthello_type, \
2713 { "Client Hello type", prefix ".ech.client_hello_type", \
2714 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_ech_clienthello_types), 0x0, \
2715 "Client Hello type", HFILL } \
2717 { & name .hf.ech_cipher_suite, \
2718 { "Cipher Suite", prefix ".ech.cipher_suite", \
2719 FT_NONE, BASE_NONE, NULL, 0x0, \
2720 "The cipher suite used to encrypt ClientHelloInner", HFILL } \
2722 { & name .hf.ech_config_id, \
2723 { "Config Id", prefix ".ech.config_id", \
2724 FT_UINT8, BASE_DEC, NULL, 0x0, \
2725 "The ECHConfigContents.key_config.config_id for the chosen ECHConfig", HFILL } \
2727 { & name .hf.ech_enc_length, \
2728 { "Enc length", prefix ".ech.enc_length", \
2729 FT_UINT16, BASE_DEC, NULL, 0x0, \
2732 { & name .hf.ech_enc, \
2733 { "Enc", prefix ".ech.enc", \
2734 FT_BYTES, BASE_NONE, NULL, 0x0, \
2735 "The HPKE encapsulated key, used by servers to decrypt the corresponding payload field", HFILL } \
2737 { & name .hf.ech_payload_length, \
2738 { "Payload length", prefix ".ech.payload_length", \
2739 FT_UINT16, BASE_DEC, NULL, 0x0, \
2740 "Payload Length", HFILL } \
2742 { & name .hf.ech_payload, \
2743 { "Payload", prefix ".ech.payload", \
2744 FT_BYTES, BASE_NONE, NULL, 0x0, \
2745 "The serialized and encrypted ClientHelloInner structure", HFILL } \
2747 { & name .hf.ech_confirmation, \
2748 { "Confirmation", prefix ".ech.confirmation", \
2749 FT_BYTES, BASE_NONE, NULL, 0x0, \
2750 "Confirmation of ECH acceptance in a HelloRetryRequest", HFILL } \
2752 { & name .hf.ech_retry_configs, \
2753 { "Retry Configs", prefix ".ech.retry_configs", \
2754 FT_NONE, BASE_NONE, NULL, 0x0, \
2755 "ECHConfig structures for one-time use by the client in a retry connection", HFILL } \
2757 { & name .hf.hs_ext_alps_len, \
2758 { "ALPS Extension Length", prefix ".handshake.extensions_alps_len", \
2759 FT_UINT16, BASE_DEC, NULL, 0x0, \
2760 "Length of the ALPS Extension", HFILL } \
2762 { & name .hf.hs_ext_alps_alpn_list, \
2763 { "Supported ALPN List", prefix ".handshake.extensions_alps_alpn_list", \
2764 FT_NONE, BASE_NONE, NULL, 0x0, \
2765 "List of supported ALPN by ALPS", HFILL } \
2767 { & name .hf.hs_ext_alps_alpn_str_len, \
2768 { "Supported ALPN Length", prefix ".handshake.extensions_alps_alpn_str_len", \
2769 FT_UINT8, BASE_DEC, NULL, 0x0, \
2770 "Length of ALPN string", HFILL } \
2772 { & name .hf.hs_ext_alps_alpn_str, \
2773 { "Supported ALPN", prefix ".handshake.extensions_alps_alpn_str", \
2774 FT_STRING, BASE_NONE, NULL, 0x00, \
2775 "ALPN supported by ALPS", HFILL } \
2777 { & name .hf.hs_ext_alps_settings, \
2778 { "ALPN Opaque Settings", prefix ".handshake.extensions_alps.settings", \
2779 FT_BYTES, BASE_NONE, NULL, 0x00, \
2780 "ALPN Opaque Settings", HFILL } \
2785#define SSL_COMMON_ETT_LIST(name) \
2786 & name .ett.hs_ext, \
2787 & name .ett.hs_ext_alpn, \
2788 & name .ett.hs_ext_cert_types, \
2789 & name .ett.hs_ext_groups, \
2790 & name .ett.hs_ext_curves_point_formats, \
2791 & name .ett.hs_ext_npn, \
2792 & name .ett.hs_ext_reneg_info, \
2793 & name .ett.hs_ext_key_share, \
2794 & name .ett.hs_ext_key_share_ks, \
2795 & name .ett.hs_ext_pre_shared_key, \
2796 & name .ett.hs_ext_psk_identity, \
2797 & name .ett.hs_ext_server_name, \
2798 & name .ett.hs_ext_oid_filter, \
2799 & name .ett.hs_ext_quictp_parameter, \
2800 & name .ett.hs_ext_trusted_ca_keys, \
2801 & name .ett.hs_ext_trusted_ca_key, \
2802 & name .ett.hs_sig_hash_alg, \
2803 & name .ett.hs_sig_hash_algs, \
2804 & name .ett.urlhash, \
2805 & name .ett.keyex_params, \
2806 & name .ett.certificates, \
2807 & name .ett.cert_types, \
2808 & name .ett.dnames, \
2809 & name .ett.hs_random, \
2810 & name .ett.cipher_suites, \
2811 & name .ett.comp_methods, \
2812 & name .ett.session_ticket, \
2814 & name .ett.cert_status, \
2815 & name .ett.ocsp_response, \
2816 & name .ett.uncompressed_certificates, \
2817 & name .ett.hs_ext_alps, \
2818 & name .ett.ech_echconfiglist, \
2819 & name .ett.ech_echconfig, \
2820 & name .ett.ech_retry_configs, \
2821 & name .ett.ech_hpke_keyconfig, \
2822 & name .ett.ech_hpke_cipher_suites, \
2823 & name .ett.ech_hpke_cipher_suite, \
2824 & name .ett.hs_ext_token_binding_key_parameters, \
2829#define SSL_COMMON_EI_LIST(name, prefix) \
2830 { & name .ei.client_version_error, \
2831 { prefix ".handshake.client_version_error", PI_PROTOCOL, PI_WARN, \
2832 "Client Hello legacy version field specifies version 1.3, not version 1.2; some servers may not be able to handle that.", EXPFILL } \
2834 { & name .ei.server_version_error, \
2835 { prefix ".handshake.server_version_error", PI_PROTOCOL, PI_WARN, \
2836 "Server Hello legacy version field specifies version 1.3, not version 1.2; some middleboxes may not be able to handle that.", EXPFILL } \
2838 { & name .ei.legacy_version, \
2839 { prefix ".handshake.legacy_version", PI_DEPRECATED, PI_CHAT, \
2840 "This legacy_version field MUST be ignored. The supported_versions extension is present and MUST be used instead.", EXPFILL } \
2842 { & name .ei.malformed_vector_length, \
2843 { prefix ".malformed.vector_length", PI_PROTOCOL, PI_WARN, \
2844 "Variable vector length is outside the permitted range", EXPFILL } \
2846 { & name .ei.malformed_buffer_too_small, \
2847 { prefix ".malformed.buffer_too_small", PI_MALFORMED, PI_ERROR, \
2848 "Malformed message, not enough data is available", EXPFILL } \
2850 { & name .ei.malformed_trailing_data, \
2851 { prefix ".malformed.trailing_data", PI_PROTOCOL, PI_WARN, \
2852 "Undecoded trailing data is present", EXPFILL } \
2854 { & name .ei.hs_ext_cert_status_undecoded, \
2855 { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, \
2856 "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL } \
2858 { & name .ei.hs_ciphersuite_undecoded, \
2859 { prefix ".handshake.ciphersuite.undecoded", PI_UNDECODED, PI_NOTE, \
2860 "Ciphersuite not implemented, contact Wireshark developers if you want this to be supported", EXPFILL } \
2862 { & name .ei.hs_srv_keyex_illegal, \
2863 { prefix ".handshake.server_keyex_illegal", PI_PROTOCOL, PI_WARN, \
2864 "It is not legal to send the ServerKeyExchange message for this ciphersuite", EXPFILL } \
2866 { & name .ei.resumed, \
2867 { prefix ".resumed", PI_SEQUENCE, PI_NOTE, \
2868 "This session reuses previously negotiated keys (Session resumption)", EXPFILL } \
2870 { & name .ei.record_length_invalid, \
2871 { prefix ".record.length.invalid", PI_PROTOCOL, PI_ERROR, \
2872 "Record fragment length is too small or too large", EXPFILL } \
2874 { & name .ei.decompression_error, \
2875 { prefix ".decompression_error", PI_PROTOCOL, PI_ERROR, \
2876 "Decompression error", EXPFILL } \
2878 { & name .ei.ech_echconfig_invalid_version, \
2879 { prefix ".ech_echconfig_invalid_version", PI_PROTOCOL, PI_ERROR, \
2880 "Invalid/unknown ECHConfig version", EXPFILL } \
2885ssl_common_register_ssl_alpn_dissector_table(
const char *name,
2886 const char *ui_name,
const int proto);
2889ssl_common_register_dtls_alpn_dissector_table(
const char *name,
2890 const char *ui_name,
const int proto);
2895#ifdef SSL_DECRYPT_DEBUG
2897ssl_debug_printf(
const char* fmt,...) G_GNUC_PRINTF(1,2);
2899ssl_print_data(const
char* name, const
unsigned char* data,
size_t len);
2901ssl_print_string(const
char* name, const
StringInfo* data);
2903ssl_set_debug(const
char* name);
2905ssl_debug_flush(
void);
2909static inline void G_GNUC_PRINTF(1,2)
2910ssl_debug_printf(const
char* fmt _U_,...)
2913#define ssl_print_data(a, b, c)
2914#define ssl_print_string(a, b)
2915#define ssl_set_debug(name)
2916#define ssl_debug_flush()
2923 proto_tree *tree, uint32_t offset, uint32_t offset_end);
Definition packet-tls-utils.h:334
Definition packet-tls-utils.h:350
StringInfo dtls13_aad
Definition packet-tls-utils.h:361
StringInfo app_traffic_secret
Definition packet-tls-utils.h:364
uint64_t seq
Definition packet-tls-utils.h:360
Definition packet-tls-utils.c:2721
Definition packet-tls-utils.h:514
Definition packet-tls-utils.h:342
Definition packet-tls-utils.h:426
SslFlow * flow
Definition packet-tls-utils.h:432
unsigned data_len
Definition packet-tls-utils.h:428
uint32_t seq
Definition packet-tls-utils.h:434
int id
Definition packet-tls-utils.h:429
ContentType type
Definition packet-tls-utils.h:431
unsigned char * plain_data
Definition packet-tls-utils.h:427
Definition packet-tls-utils.h:462
Definition packet-tls-utils.h:259
Definition packet-tls-utils.h:443
unsigned reassembly_id
Definition packet-tls-utils.h:446
uint8_t type
Definition packet-tls-utils.h:448
int is_last
Definition packet-tls-utils.h:449
uint32_t offset
Definition packet-tls-utils.h:447
unsigned record_id
Definition packet-tls-utils.h:444
Definition packet_info.h:43
Definition value_string.h:292
Definition packet-tls-utils.h:555
Definition value_string.h:132
Definition value_string.h:169
Definition value_string.h:25
Definition wmem_list.c:23
Definition wmem_strbuf.h:42
Definition wmem_tree-int.h:48
Definition packet-tls-utils.h:421
Definition packet-tls-utils.h:453
Definition packet-tls-utils.h:549
Definition conversation.h:221
Definition packet-tls-utils.h:1210
Definition packet-tls-utils.h:1225
Definition prefs-int.h:27
Definition packet-tls-utils.h:848
Definition packet-tls-utils.h:563
Definition packet-tls-utils.h:1218
Definition packet-tls-utils.h:569
Definition tvbuff-int.h:35