12 #ifndef __PACKET_TLS_UTILS_H__
13 #define __PACKET_TLS_UTILS_H__
27 #include <gnutls/x509.h>
28 #include <gnutls/pkcs12.h>
32 #define SSL_CIPHER_CTX gcry_cipher_hd_t
33 #define SSL_DECRYPT_DEBUG
38 SSL_ID_CHG_CIPHER_SPEC = 0x14,
40 SSL_ID_HANDSHAKE = 0x16,
41 SSL_ID_APP_DATA = 0x17,
42 SSL_ID_HEARTBEAT = 0x18,
43 SSL_ID_TLS12_CID = 0x19,
44 SSL_ID_DTLS13_ACK = 0x1A,
48 SSL_HND_HELLO_REQUEST = 0,
49 SSL_HND_CLIENT_HELLO = 1,
50 SSL_HND_SERVER_HELLO = 2,
51 SSL_HND_HELLO_VERIFY_REQUEST = 3,
52 SSL_HND_NEWSESSION_TICKET = 4,
53 SSL_HND_END_OF_EARLY_DATA = 5,
54 SSL_HND_HELLO_RETRY_REQUEST = 6,
55 SSL_HND_ENCRYPTED_EXTENSIONS = 8,
56 SSL_HND_CERTIFICATE = 11,
57 SSL_HND_SERVER_KEY_EXCHG = 12,
58 SSL_HND_CERT_REQUEST = 13,
59 SSL_HND_SVR_HELLO_DONE = 14,
60 SSL_HND_CERT_VERIFY = 15,
61 SSL_HND_CLIENT_KEY_EXCHG = 16,
62 SSL_HND_FINISHED = 20,
63 SSL_HND_CERT_URL = 21,
64 SSL_HND_CERT_STATUS = 22,
65 SSL_HND_SUPPLEMENTAL_DATA = 23,
66 SSL_HND_KEY_UPDATE = 24,
67 SSL_HND_COMPRESSED_CERTIFICATE = 25,
70 SSL_HND_ENCRYPTED_EXTS = 67
73 #define SSL2_HND_ERROR 0x00
74 #define SSL2_HND_CLIENT_HELLO 0x01
75 #define SSL2_HND_CLIENT_MASTER_KEY 0x02
76 #define SSL2_HND_CLIENT_FINISHED 0x03
77 #define SSL2_HND_SERVER_HELLO 0x04
78 #define SSL2_HND_SERVER_VERIFY 0x05
79 #define SSL2_HND_SERVER_FINISHED 0x06
80 #define SSL2_HND_REQUEST_CERTIFICATE 0x07
81 #define SSL2_HND_CLIENT_CERTIFICATE 0x08
83 #define SSL_HND_HELLO_EXT_SERVER_NAME 0
84 #define SSL_HND_HELLO_EXT_MAX_FRAGMENT_LENGTH 1
85 #define SSL_HND_HELLO_EXT_CLIENT_CERTIFICATE_URL 2
86 #define SSL_HND_HELLO_EXT_TRUSTED_CA_KEYS 3
87 #define SSL_HND_HELLO_EXT_TRUNCATED_HMAC 4
88 #define SSL_HND_HELLO_EXT_STATUS_REQUEST 5
89 #define SSL_HND_HELLO_EXT_USER_MAPPING 6
90 #define SSL_HND_HELLO_EXT_CLIENT_AUTHZ 7
91 #define SSL_HND_HELLO_EXT_SERVER_AUTHZ 8
92 #define SSL_HND_HELLO_EXT_CERT_TYPE 9
93 #define SSL_HND_HELLO_EXT_SUPPORTED_GROUPS 10
94 #define SSL_HND_HELLO_EXT_EC_POINT_FORMATS 11
95 #define SSL_HND_HELLO_EXT_SRP 12
96 #define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS 13
97 #define SSL_HND_HELLO_EXT_USE_SRTP 14
98 #define SSL_HND_HELLO_EXT_HEARTBEAT 15
99 #define SSL_HND_HELLO_EXT_ALPN 16
100 #define SSL_HND_HELLO_EXT_STATUS_REQUEST_V2 17
101 #define SSL_HND_HELLO_EXT_SIGNED_CERTIFICATE_TIMESTAMP 18
102 #define SSL_HND_HELLO_EXT_CLIENT_CERT_TYPE 19
103 #define SSL_HND_HELLO_EXT_SERVER_CERT_TYPE 20
104 #define SSL_HND_HELLO_EXT_PADDING 21
105 #define SSL_HND_HELLO_EXT_ENCRYPT_THEN_MAC 22
106 #define SSL_HND_HELLO_EXT_EXTENDED_MASTER_SECRET 23
107 #define SSL_HND_HELLO_EXT_TOKEN_BINDING 24
108 #define SSL_HND_HELLO_EXT_CACHED_INFO 25
109 #define SSL_HND_HELLO_EXT_COMPRESS_CERTIFICATE 27
110 #define SSL_HND_HELLO_EXT_RECORD_SIZE_LIMIT 28
112 #define SSL_HND_HELLO_EXT_DELEGATED_CREDENTIALS 34
113 #define SSL_HND_HELLO_EXT_SESSION_TICKET_TLS 35
115 #define SSL_HND_HELLO_EXT_KEY_SHARE_OLD 40
116 #define SSL_HND_HELLO_EXT_PRE_SHARED_KEY 41
117 #define SSL_HND_HELLO_EXT_EARLY_DATA 42
118 #define SSL_HND_HELLO_EXT_SUPPORTED_VERSIONS 43
119 #define SSL_HND_HELLO_EXT_COOKIE 44
120 #define SSL_HND_HELLO_EXT_PSK_KEY_EXCHANGE_MODES 45
121 #define SSL_HND_HELLO_EXT_TICKET_EARLY_DATA_INFO 46
122 #define SSL_HND_HELLO_EXT_CERTIFICATE_AUTHORITIES 47
123 #define SSL_HND_HELLO_EXT_OID_FILTERS 48
124 #define SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH 49
125 #define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT 50
126 #define SSL_HND_HELLO_EXT_KEY_SHARE 51
127 #define SSL_HND_HELLO_EXT_TRANSPARENCY_INFO 52
128 #define SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED 53
129 #define SSL_HND_HELLO_EXT_CONNECTION_ID 54
130 #define SSL_HND_HELLO_EXT_EXTERNAL_ID_HASH 55
131 #define SSL_HND_HELLO_EXT_EXTERNAL_SESSION_ID 56
132 #define SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V1 57
133 #define SSL_HND_HELLO_EXT_TICKET_REQUEST 58
134 #define SSL_HND_HELLO_EXT_DNSSEC_CHAIN 59
135 #define SSL_HND_HELLO_EXT_GREASE_0A0A 2570
136 #define SSL_HND_HELLO_EXT_GREASE_1A1A 6682
137 #define SSL_HND_HELLO_EXT_GREASE_2A2A 10794
138 #define SSL_HND_HELLO_EXT_NPN 13172
139 #define SSL_HND_HELLO_EXT_GREASE_3A3A 14906
140 #define SSL_HND_HELLO_EXT_ALPS 17513
141 #define SSL_HND_HELLO_EXT_GREASE_4A4A 19018
142 #define SSL_HND_HELLO_EXT_GREASE_5A5A 23130
143 #define SSL_HND_HELLO_EXT_GREASE_6A6A 27242
144 #define SSL_HND_HELLO_EXT_CHANNEL_ID_OLD 30031
145 #define SSL_HND_HELLO_EXT_CHANNEL_ID 30032
146 #define SSL_HND_HELLO_EXT_GREASE_7A7A 31354
147 #define SSL_HND_HELLO_EXT_GREASE_8A8A 35466
148 #define SSL_HND_HELLO_EXT_GREASE_9A9A 39578
149 #define SSL_HND_HELLO_EXT_GREASE_AAAA 43690
150 #define SSL_HND_HELLO_EXT_GREASE_BABA 47802
151 #define SSL_HND_HELLO_EXT_GREASE_CACA 51914
152 #define SSL_HND_HELLO_EXT_GREASE_DADA 56026
153 #define SSL_HND_HELLO_EXT_GREASE_EAEA 60138
154 #define SSL_HND_HELLO_EXT_GREASE_FAFA 64250
155 #define SSL_HND_HELLO_EXT_ENCRYPTED_CLIENT_HELLO 65037
156 #define SSL_HND_HELLO_EXT_RENEGOTIATION_INFO 65281
157 #define SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS 65445
158 #define SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME 65486
160 #define SSL_HND_CERT_URL_TYPE_INDIVIDUAL_CERT 1
161 #define SSL_HND_CERT_URL_TYPE_PKIPATH 2
162 #define SSL_HND_CERT_STATUS_TYPE_OCSP 1
163 #define SSL_HND_CERT_STATUS_TYPE_OCSP_MULTI 2
164 #define SSL_HND_CERT_TYPE_RAW_PUBLIC_KEY 2
167 #define SSL_HND_QUIC_TP_ORIGINAL_DESTINATION_CONNECTION_ID 0x00
168 #define SSL_HND_QUIC_TP_MAX_IDLE_TIMEOUT 0x01
169 #define SSL_HND_QUIC_TP_STATELESS_RESET_TOKEN 0x02
170 #define SSL_HND_QUIC_TP_MAX_UDP_PAYLOAD_SIZE 0x03
171 #define SSL_HND_QUIC_TP_INITIAL_MAX_DATA 0x04
172 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL 0x05
173 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE 0x06
174 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAM_DATA_UNI 0x07
175 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_BIDI 0x08
176 #define SSL_HND_QUIC_TP_INITIAL_MAX_STREAMS_UNI 0x09
177 #define SSL_HND_QUIC_TP_ACK_DELAY_EXPONENT 0x0a
178 #define SSL_HND_QUIC_TP_MAX_ACK_DELAY 0x0b
179 #define SSL_HND_QUIC_TP_DISABLE_ACTIVE_MIGRATION 0x0c
180 #define SSL_HND_QUIC_TP_PREFERRED_ADDRESS 0x0d
181 #define SSL_HND_QUIC_TP_ACTIVE_CONNECTION_ID_LIMIT 0x0e
182 #define SSL_HND_QUIC_TP_INITIAL_SOURCE_CONNECTION_ID 0x0f
183 #define SSL_HND_QUIC_TP_RETRY_SOURCE_CONNECTION_ID 0x10
184 #define SSL_HND_QUIC_TP_VERSION_INFORMATION 0x11
185 #define SSL_HND_QUIC_TP_MAX_DATAGRAM_FRAME_SIZE 0x20
186 #define SSL_HND_QUIC_TP_CIBIR_ENCODING 0x1000
187 #define SSL_HND_QUIC_TP_LOSS_BITS 0x1057
188 #define SSL_HND_QUIC_TP_GREASE_QUIC_BIT 0x2ab2
189 #define SSL_HND_QUIC_TP_ENABLE_TIME_STAMP 0x7157
190 #define SSL_HND_QUIC_TP_ENABLE_TIME_STAMP_V2 0x7158
191 #define SSL_HND_QUIC_TP_MIN_ACK_DELAY_OLD 0xde1a
193 #define SSL_HND_QUIC_TP_GOOGLE_USER_AGENT 0x3129
194 #define SSL_HND_QUIC_TP_GOOGLE_KEY_UPDATE_NOT_YET_SUPPORTED 0x312B
195 #define SSL_HND_QUIC_TP_GOOGLE_QUIC_VERSION 0x4752
196 #define SSL_HND_QUIC_TP_GOOGLE_INITIAL_RTT 0x3127
197 #define SSL_HND_QUIC_TP_GOOGLE_SUPPORT_HANDSHAKE_DONE 0x312A
198 #define SSL_HND_QUIC_TP_GOOGLE_QUIC_PARAMS 0x4751
199 #define SSL_HND_QUIC_TP_GOOGLE_CONNECTION_OPTIONS 0x3128
201 #define SSL_HND_QUIC_TP_FACEBOOK_PARTIAL_RELIABILITY 0xFF00
202 #define SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT_V1 0xFF03DE1A
203 #define SSL_HND_QUIC_TP_MIN_ACK_DELAY_DRAFT05 0xff04de1a
204 #define SSL_HND_QUIC_TP_MIN_ACK_DELAY 0xff04de1b
205 #define SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT04 0x0f739bbc1b666d04
206 #define SSL_HND_QUIC_TP_ENABLE_MULTIPATH_DRAFT05 0x0f739bbc1b666d05
207 #define SSL_HND_QUIC_TP_ENABLE_MULTIPATH 0x0f739bbc1b666d06
208 #define SSL_HND_QUIC_TP_INITIAL_MAX_PATHS 0x0f739bbc1b666d07
225 extern const value_string ssl_31_key_exchange_algorithm[];
227 extern const value_string ssl_31_client_certificate_type[];
228 extern const value_string ssl_31_public_value_encoding[];
238 extern const value_string ssl_extension_ec_point_formats[];
240 extern const value_string tls_hello_ext_server_name_type_vs[];
241 extern const value_string tls_hello_ext_max_fragment_length[];
244 extern const value_string compress_certificate_algorithm_vals[];
245 extern const val64_string quic_transport_parameter_id[];
247 extern const val64_string quic_enable_time_stamp_v2_vals[];
249 extern const value_string tls_hello_ext_ech_clienthello_types[];
253 extern const value_string token_binding_key_parameter_vals[];
261 #define SSL_WRITE_KEY 1
263 #define SSL_VER_UNKNOWN 0
264 #define SSLV2_VERSION 0x0002
266 #define SSLV3_VERSION 0x300
267 #define TLSV1_VERSION 0x301
268 #define TLCPV1_VERSION 0x101
269 #define TLSV1DOT1_VERSION 0x302
270 #define TLSV1DOT2_VERSION 0x303
271 #define TLSV1DOT3_VERSION 0x304
272 #define DTLSV1DOT0_VERSION 0xfeff
273 #define DTLSV1DOT0_OPENSSL_VERSION 0x100
274 #define DTLSV1DOT2_VERSION 0xfefd
275 #define DTLSV1DOT3_VERSION 0xfefc
278 static inline guint8 extract_tls13_draft_version(guint32 version) {
279 if ((version & 0xff00) == 0x7f00) {
280 return (guint8) version;
286 #define SSL_CLIENT_RANDOM (1<<0)
287 #define SSL_SERVER_RANDOM (1<<1)
288 #define SSL_CIPHER (1<<2)
289 #define SSL_HAVE_SESSION_KEY (1<<3)
290 #define SSL_VERSION (1<<4)
291 #define SSL_MASTER_SECRET (1<<5)
292 #define SSL_PRE_MASTER_SECRET (1<<6)
293 #define SSL_CLIENT_EXTENDED_MASTER_SECRET (1<<7)
294 #define SSL_SERVER_EXTENDED_MASTER_SECRET (1<<8)
295 #define SSL_NEW_SESSION_TICKET (1<<10)
296 #define SSL_ENCRYPT_THEN_MAC (1<<11)
297 #define SSL_SEEN_0RTT_APPDATA (1<<12)
298 #define SSL_QUIC_RECORD_LAYER (1<<13)
300 #define SSL_EXTENDED_MASTER_SECRET_MASK (SSL_CLIENT_EXTENDED_MASTER_SECRET|SSL_SERVER_EXTENDED_MASTER_SECRET)
314 #define IMPLICIT_NONCE_LEN 4
315 #define EXPLICIT_NONCE_LEN 8
316 #define TLS13_AEAD_NONCE_LENGTH 12
321 TLS_SECRET_HANDSHAKE,
325 #define SSL_DEBUG_USE_STDERR "-"
327 #define SSLV2_MAX_SESSION_ID_LENGTH_IN_BYTES 16
330 #define TLS_MAX_RECORD_LENGTH 0x4000
337 ssl_cipher_mode_t mode;
351 guchar _mac_key_or_write_iv[48];
354 SSL_CIPHER_CTX sn_evp;
357 guint64 dtls13_epoch;
365 #define KEX_DHE_DSS 0x10
366 #define KEX_DHE_PSK 0x11
367 #define KEX_DHE_RSA 0x12
368 #define KEX_DH_ANON 0x13
369 #define KEX_DH_DSS 0x14
370 #define KEX_DH_RSA 0x15
371 #define KEX_ECDHE_ECDSA 0x16
372 #define KEX_ECDHE_PSK 0x17
373 #define KEX_ECDHE_RSA 0x18
374 #define KEX_ECDH_ANON 0x19
375 #define KEX_ECDH_ECDSA 0x1a
376 #define KEX_ECDH_RSA 0x1b
377 #define KEX_KRB5 0x1c
380 #define KEX_RSA_PSK 0x1f
381 #define KEX_SRP_SHA 0x20
382 #define KEX_SRP_SHA_DSS 0x21
383 #define KEX_SRP_SHA_RSA 0x22
384 #define KEX_IS_DH(n) ((n) >= KEX_DHE_DSS && (n) <= KEX_ECDH_RSA)
385 #define KEX_TLS13 0x23
386 #define KEX_ECJPAKE 0x24
388 #define KEX_ECDHE_SM2 0x25
389 #define KEX_ECC_SM2 0x26
390 #define KEX_IBSDH_SM9 0x27
391 #define KEX_IBC_SM9 0x28
395 #define ENC_START 0x30
397 #define ENC_3DES 0x31
400 #define ENC_IDEA 0x34
402 #define ENC_AES256 0x36
403 #define ENC_CAMELLIA128 0x37
404 #define ENC_CAMELLIA256 0x38
405 #define ENC_SEED 0x39
406 #define ENC_CHACHA20 0x3A
409 #define ENC_NULL 0x3D
414 #define DIG_SHA256 0x42
415 #define DIG_SHA384 0x43
433 guint16 dtls13_seq_suffix;
464 guchar tls13_draft_version;
465 gint8 client_cert_type;
466 gint8 server_cert_type;
467 guint32 client_ccs_frame;
468 guint32 server_ccs_frame;
478 const char *alpn_name;
480 const char *client_alpn_name;
481 guint32 last_nontls_frame;
482 gboolean is_session_resumed;
485 guint32 client_hs_reassembly_id;
486 guint32 server_hs_reassembly_id;
497 guint8 client_cid_len;
498 gboolean client_cid_len_present;
499 guint8 server_cid_len;
500 gboolean server_cid_len_present;
501 gboolean deprecated_cid;
502 guint64 dtls13_current_epoch[2];
503 guint64 dtls13_next_seq_num[2];
507 #define SSL_MASTER_SECRET_LENGTH 48
513 guchar _master_secret[SSL_MASTER_SECRET_LENGTH];
514 guchar _session_id[256];
515 guchar _client_random[32];
516 guchar _server_random[32];
525 guchar _server_data_for_iv[24];
527 guchar _client_data_for_iv[24];
536 #if defined(HAVE_LIBGNUTLS)
537 struct cert_key_id *cert_key_id;
542 gboolean has_early_data;
549 guint64 sequence_number;
563 const gchar *keylog_filename;
571 GHashTable *pre_master;
576 GHashTable *tls13_client_early;
577 GHashTable *tls13_client_handshake;
578 GHashTable *tls13_server_handshake;
579 GHashTable *tls13_client_appdata;
580 GHashTable *tls13_server_appdata;
581 GHashTable *tls13_early_exporter;
582 GHashTable *tls13_exporter;
590 GHashTable *used_crandom;
593 gint ssl_get_keyex_alg(gint cipher);
595 void quic_transport_parameter_id_base_custom(gchar *result, guint64 parameter_id);
597 bool ssldecrypt_uat_fld_ip_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
598 bool ssldecrypt_uat_fld_port_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
599 bool ssldecrypt_uat_fld_fileopen_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
600 bool ssldecrypt_uat_fld_password_chk_cb(
void*,
const char*,
unsigned,
const void*,
const void*,
char** err);
601 gchar* ssl_association_info(
const char* dissector_table_name,
const char* table_protocol);
604 void ssl_init_cid_list(
void);
607 void ssl_cleanup_cid_list(
void);
632 ssl_set_server(
SslSession *session,
address *addr, port_type ptype, guint32 port);
654 WS_DLL_PUBLIC guint32
666 WS_DLL_PUBLIC guint32
671 ssl_find_appdata_dissector(
const char *name);
679 ssl_data_set(
StringInfo* buf,
const guchar* src, guint len);
688 ssl_cipher_setiv(SSL_CIPHER_CTX *cipher, guchar* iv, gint iv_len);
694 ssl_find_cipher(
int num);
710 guint32 length,
tvbuff_t *tvb, guint32 offset,
712 #ifdef HAVE_LIBGNUTLS
713 GHashTable *key_hash,
743 gboolean ignore_mac_failed,
744 const guchar *in, guint16 inl,
const guchar *cid, guint8 cidl,
762 tls_add_packet_info(gint proto,
packet_info *pinfo, guint8 curr_layer_num_ssl);
766 ssl_add_record_info(gint proto,
packet_info *pinfo,
const guchar *data, gint data_len, gint record_id,
SslFlow *flow, ContentType type, guint8 curr_layer_num_ssl);
786 tls_get_master_key_map(gboolean load_secrets);
794 ssl_load_keyfile(
const gchar *ssl_keylog_filename, FILE **keylog_file,
797 #ifdef HAVE_LIBGNUTLS
818 gboolean is_from_server, TLSRecordType type);
822 gboolean is_from_server, TLSRecordType type);
828 ssl_is_valid_content_type(guint8 type);
831 ssl_is_valid_handshake_type(guint8 hs_type, gboolean is_dtls);
834 tls_scan_server_hello(
tvbuff_t *tvb, guint32 offset, guint32 offset_end,
835 guint16 *server_version,
bool *is_hrr);
839 guint8 content_type, guint8 handshake_type,
840 gboolean is_dtls, guint16 version);
848 gint change_cipher_spec;
850 gint hs_ext_alpn_len;
851 gint hs_ext_alpn_list;
852 gint hs_ext_alpn_str;
853 gint hs_ext_alpn_str_len;
854 gint hs_ext_cert_url_item;
855 gint hs_ext_cert_url_padding;
856 gint hs_ext_cert_url_sha1;
857 gint hs_ext_cert_url_type;
858 gint hs_ext_cert_url_url;
859 gint hs_ext_cert_url_url_hash_list_len;
860 gint hs_ext_cert_url_url_len;
861 gint hs_ext_cert_status_type;
862 gint hs_ext_cert_status_request_len;
863 gint hs_ext_cert_status_responder_id_list_len;
864 gint hs_ext_cert_status_request_extensions_len;
865 gint hs_ext_cert_status_request_list_len;
866 gint hs_ocsp_response_list_len;
867 gint hs_ocsp_response_len;
868 gint hs_ext_cert_type;
869 gint hs_ext_cert_types;
870 gint hs_ext_cert_types_len;
872 gint hs_ext_ec_point_format;
873 gint hs_ext_ec_point_formats;
874 gint hs_ext_ec_point_formats_len;
876 gint hs_ext_srp_username;
877 gint hs_ext_supported_group;
878 gint hs_ext_supported_groups;
879 gint hs_ext_supported_groups_len;
880 gint hs_ext_heartbeat_mode;
883 gint hs_ext_npn_str_len;
884 gint hs_ext_reneg_info_len;
885 gint hs_ext_reneg_info;
886 gint hs_ext_key_share_client_length;
887 gint hs_ext_key_share_group;
888 gint hs_ext_key_share_key_exchange_length;
889 gint hs_ext_key_share_key_exchange;
890 gint hs_ext_key_share_selected_group;
891 gint hs_ext_psk_identities_length;
892 gint hs_ext_psk_identity_identity_length;
893 gint hs_ext_psk_identity_identity;
894 gint hs_ext_psk_identity_obfuscated_ticket_age;
895 gint hs_ext_psk_binders_length;
896 gint hs_ext_psk_binders;
897 gint hs_ext_psk_identity_selected;
898 gint hs_ext_session_ticket;
899 gint hs_ext_supported_versions_len;
900 gint hs_ext_supported_version;
901 gint hs_ext_cookie_len;
903 gint hs_ext_server_name;
904 gint hs_ext_server_name_len;
905 gint hs_ext_server_name_list_len;
906 gint hs_ext_server_name_type;
907 gint hs_ext_max_fragment_length;
908 gint hs_ext_padding_data;
910 gint hs_ext_connection_id_length;
911 gint hs_ext_connection_id;
912 gint hs_sig_hash_alg;
913 gint hs_sig_hash_alg_len;
914 gint hs_sig_hash_algs;
915 gint hs_sig_hash_hash;
916 gint hs_sig_hash_sig;
917 gint hs_client_keyex_epms_len;
918 gint hs_client_keyex_epms;
919 gint hs_server_keyex_modulus_len;
920 gint hs_server_keyex_exponent_len;
921 gint hs_server_keyex_sig_len;
922 gint hs_server_keyex_p_len;
923 gint hs_server_keyex_g_len;
924 gint hs_server_keyex_ys_len;
925 gint hs_client_keyex_yc_len;
926 gint hs_client_keyex_point_len;
927 gint hs_server_keyex_point_len;
928 gint hs_server_keyex_p;
929 gint hs_server_keyex_g;
930 gint hs_server_keyex_curve_type;
931 gint hs_server_keyex_named_curve;
932 gint hs_server_keyex_ys;
933 gint hs_client_keyex_yc;
934 gint hs_server_keyex_point;
935 gint hs_client_keyex_point;
936 gint hs_server_keyex_xs_len;
937 gint hs_client_keyex_xc_len;
938 gint hs_server_keyex_xs;
939 gint hs_client_keyex_xc;
940 gint hs_server_keyex_vs_len;
941 gint hs_client_keyex_vc_len;
942 gint hs_server_keyex_vs;
943 gint hs_client_keyex_vc;
944 gint hs_server_keyex_rs_len;
945 gint hs_client_keyex_rc_len;
946 gint hs_server_keyex_rs;
947 gint hs_client_keyex_rc;
948 gint hs_server_keyex_modulus;
949 gint hs_server_keyex_exponent;
950 gint hs_server_keyex_sig;
951 gint hs_server_keyex_hint_len;
952 gint hs_server_keyex_hint;
953 gint hs_client_keyex_identity_len;
954 gint hs_client_keyex_identity;
955 gint hs_certificates_len;
956 gint hs_certificates;
957 gint hs_certificate_len;
959 gint hs_cert_types_count;
964 gint hs_dnames_truncated;
969 gint hs_random_bytes;
971 gint hs_session_id_len;
972 gint hs_client_version;
973 gint hs_server_version;
974 gint hs_cipher_suites_len;
975 gint hs_cipher_suites;
976 gint hs_cipher_suite;
977 gint hs_comp_methods_len;
978 gint hs_comp_methods;
980 gint hs_session_ticket_lifetime_hint;
981 gint hs_session_ticket_age_add;
982 gint hs_session_ticket_nonce_len;
983 gint hs_session_ticket_nonce;
984 gint hs_session_ticket_len;
985 gint hs_session_ticket;
987 gint hs_client_cert_vrfy_sig_len;
988 gint hs_client_cert_vrfy_sig;
997 gint hs_ext_psk_ke_modes_length;
998 gint hs_ext_psk_ke_mode;
999 gint hs_certificate_request_context_length;
1000 gint hs_certificate_request_context;
1001 gint hs_key_update_request_update;
1002 gint sct_scts_length;
1003 gint sct_sct_length;
1004 gint sct_sct_version;
1006 gint sct_sct_timestamp;
1007 gint sct_sct_extensions_length;
1008 gint sct_sct_extensions;
1009 gint sct_sct_signature;
1010 gint sct_sct_signature_length;
1011 gint hs_ext_max_early_data_size;
1012 gint hs_ext_oid_filters_length;
1013 gint hs_ext_oid_filters_oid_length;
1014 gint hs_ext_oid_filters_oid;
1015 gint hs_ext_oid_filters_values_length;
1016 gint hs_cred_valid_time;
1017 gint hs_cred_pubkey;
1018 gint hs_cred_pubkey_len;
1019 gint hs_cred_signature;
1020 gint hs_cred_signature_len;
1023 gint hs_ext_compress_certificate_algorithms_length;
1024 gint hs_ext_compress_certificate_algorithm;
1025 gint hs_ext_compress_certificate_uncompressed_length;
1026 gint hs_ext_compress_certificate_compressed_certificate_message_length;
1027 gint hs_ext_compress_certificate_compressed_certificate_message;
1030 gint hs_ext_token_binding_version_major;
1031 gint hs_ext_token_binding_version_minor;
1032 gint hs_ext_token_binding_key_parameters;
1033 gint hs_ext_token_binding_key_parameters_length;
1034 gint hs_ext_token_binding_key_parameter;
1036 gint hs_ext_record_size_limit;
1039 gint hs_ext_quictp_len;
1040 gint hs_ext_quictp_parameter;
1041 gint hs_ext_quictp_parameter_type;
1042 gint hs_ext_quictp_parameter_len;
1043 gint hs_ext_quictp_parameter_len_old;
1044 gint hs_ext_quictp_parameter_value;
1045 gint hs_ext_quictp_parameter_original_destination_connection_id;
1046 gint hs_ext_quictp_parameter_max_idle_timeout;
1047 gint hs_ext_quictp_parameter_stateless_reset_token;
1048 gint hs_ext_quictp_parameter_initial_max_data;
1049 gint hs_ext_quictp_parameter_initial_max_stream_data_bidi_local;
1050 gint hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote;
1051 gint hs_ext_quictp_parameter_initial_max_stream_data_uni;
1052 gint hs_ext_quictp_parameter_initial_max_streams_bidi;
1053 gint hs_ext_quictp_parameter_initial_max_streams_uni;
1054 gint hs_ext_quictp_parameter_ack_delay_exponent;
1055 gint hs_ext_quictp_parameter_max_ack_delay;
1056 gint hs_ext_quictp_parameter_max_udp_payload_size;
1057 gint hs_ext_quictp_parameter_pa_ipv4address;
1058 gint hs_ext_quictp_parameter_pa_ipv6address;
1059 gint hs_ext_quictp_parameter_pa_ipv4port;
1060 gint hs_ext_quictp_parameter_pa_ipv6port;
1061 gint hs_ext_quictp_parameter_pa_connectionid_length;
1062 gint hs_ext_quictp_parameter_pa_connectionid;
1063 gint hs_ext_quictp_parameter_pa_statelessresettoken;
1064 gint hs_ext_quictp_parameter_active_connection_id_limit;
1065 gint hs_ext_quictp_parameter_initial_source_connection_id;
1066 gint hs_ext_quictp_parameter_retry_source_connection_id;
1067 gint hs_ext_quictp_parameter_max_datagram_frame_size;
1068 gint hs_ext_quictp_parameter_cibir_encoding_length;
1069 gint hs_ext_quictp_parameter_cibir_encoding_offset;
1070 gint hs_ext_quictp_parameter_loss_bits;
1071 gint hs_ext_quictp_parameter_enable_time_stamp_v2;
1072 gint hs_ext_quictp_parameter_min_ack_delay;
1073 gint hs_ext_quictp_parameter_google_user_agent_id;
1074 gint hs_ext_quictp_parameter_google_key_update_not_yet_supported;
1075 gint hs_ext_quictp_parameter_google_quic_version;
1076 gint hs_ext_quictp_parameter_google_initial_rtt;
1077 gint hs_ext_quictp_parameter_google_support_handshake_done;
1078 gint hs_ext_quictp_parameter_google_quic_params;
1079 gint hs_ext_quictp_parameter_google_quic_params_unknown_field;
1080 gint hs_ext_quictp_parameter_google_connection_options;
1081 gint hs_ext_quictp_parameter_google_supported_versions_length;
1082 gint hs_ext_quictp_parameter_google_supported_version;
1083 gint hs_ext_quictp_parameter_facebook_partial_reliability;
1084 gint hs_ext_quictp_parameter_chosen_version;
1085 gint hs_ext_quictp_parameter_other_version;
1086 gint hs_ext_quictp_parameter_enable_multipath;
1087 gint hs_ext_quictp_parameter_initial_max_paths;
1090 gint esni_record_digest_length;
1091 gint esni_record_digest;
1092 gint esni_encrypted_sni_length;
1093 gint esni_encrypted_sni;
1096 gint ech_echconfiglist_length;
1097 gint ech_echconfiglist;
1099 gint ech_echconfig_version;
1100 gint ech_echconfig_length;
1101 gint ech_echconfigcontents_maximum_name_length;
1102 gint ech_echconfigcontents_public_name_length;
1103 gint ech_echconfigcontents_public_name;
1104 gint ech_echconfigcontents_extensions_length;
1105 gint ech_echconfigcontents_extensions;
1106 gint ech_hpke_keyconfig;
1107 gint ech_hpke_keyconfig_config_id;
1108 gint ech_hpke_keyconfig_kem_id;
1109 gint ech_hpke_keyconfig_public_key_length;
1110 gint ech_hpke_keyconfig_public_key;
1111 gint ech_hpke_keyconfig_cipher_suites;
1112 gint ech_hpke_keyconfig_cipher_suites_length;
1113 gint ech_hpke_keyconfig_cipher_suite;
1114 gint ech_hpke_keyconfig_cipher_suite_kdf_id;
1115 gint ech_hpke_keyconfig_cipher_suite_aead_id;
1116 gint ech_clienthello_type;
1117 gint ech_cipher_suite;
1119 gint ech_enc_length;
1121 gint ech_payload_length;
1123 gint ech_confirmation;
1124 gint ech_retry_configs;
1126 gint hs_ext_alps_len;
1127 gint hs_ext_alps_alpn_list;
1128 gint hs_ext_alps_alpn_str;
1129 gint hs_ext_alps_alpn_str_len;
1130 gint hs_ext_alps_settings;
1137 gint hs_ext_cert_types;
1139 gint hs_ext_curves_point_formats;
1141 gint hs_ext_reneg_info;
1142 gint hs_ext_key_share;
1143 gint hs_ext_key_share_ks;
1144 gint hs_ext_pre_shared_key;
1145 gint hs_ext_psk_identity;
1146 gint hs_ext_server_name;
1147 gint hs_ext_oid_filter;
1148 gint hs_ext_quictp_parameter;
1149 gint hs_sig_hash_alg;
1150 gint hs_sig_hash_algs;
1159 gint session_ticket;
1163 gint uncompressed_certificates;
1165 gint ech_echconfiglist;
1167 gint ech_retry_configs;
1168 gint ech_hpke_keyconfig;
1169 gint ech_hpke_cipher_suites;
1170 gint ech_hpke_cipher_suite;
1171 gint hs_ext_token_binding_key_parameters;
1199 gint hf_dtls_handshake_cookie_len;
1200 gint hf_dtls_handshake_cookie;
1214 guint32 max_version;
1215 gboolean server_name_present;
1216 gint num_cipher_suites;
1217 gint num_extensions;
1227 #define G_MAXUINT24 ((1U << 24) - 1)
1243 guint offset, guint offset_end, guint32 *ret_length,
1244 int hf_length, guint32 min_value, guint32 max_value);
1256 guint offset, guint offset_end);
1262 ContentType content_type,
1264 guint16 version,
tvbuff_t *decrypted_tvb);
1270 gboolean is_from_server,
1282 proto_tree *tree, guint32 offset, guint32 offset_end,
1284 gboolean is_dtls, gboolean is_hrr);
1288 proto_tree *tree, guint32 offset, guint32 offset_end,
1294 proto_tree *tree, guint32 offset, guint32 offset_end,
1300 proto_tree *tree, guint32 offset, guint32 offset_end,
1302 gboolean is_dtls, GHashTable *session_hash);
1306 guint32 offset, guint32 offset_end,
packet_info *pinfo,
1308 gboolean is_from_server, gboolean is_dtls);
1312 proto_tree *tree, guint32 offset, guint32 offset_end,
1317 proto_tree *tree, guint32 offset, guint32 offset_end, guint16 version);
1321 proto_tree *tree, guint32 offset, guint32 offset_end,
1329 proto_tree *tree, guint32 offset, guint32 offset_end);
1333 proto_tree *tree, guint32 offset, guint32 length,
1338 proto_tree *tree, guint32 offset, guint32 offset_end,
1347 guint32 offset, guint32 offset_end, guint16 version);
1350 tls13_hkdf_expand_label_context(
int md,
const StringInfo *secret,
1351 const char *label_prefix,
const char *label,
1352 const guint8 *context, guint8 context_length,
1353 guint16 out_len, guchar **out);
1356 tls13_hkdf_expand_label(
int md,
const StringInfo *secret,
1357 const char *label_prefix,
const char *label,
1358 guint16 out_len, guchar **out);
1362 guint32 offset, guint32 offset_end,
packet_info *pinfo,
1364 gboolean is_from_server _U_, gboolean is_dtls _U_);
1366 #define SSL_COMMON_LIST_T(name) \
1367 ssl_common_dissect_t name;
1371 #define SSL_COMMON_HF_LIST(name, prefix) \
1372 { & name .hf.change_cipher_spec, \
1373 { "Change Cipher Spec Message", prefix ".change_cipher_spec", \
1374 FT_NONE, BASE_NONE, NULL, 0x0, \
1375 "Signals a change in cipher specifications", HFILL } \
1377 { & name .hf.hs_exts_len, \
1378 { "Extensions Length", prefix ".handshake.extensions_length", \
1379 FT_UINT16, BASE_DEC, NULL, 0x0, \
1380 "Length of hello extensions", HFILL } \
1382 { & name .hf.hs_ext_type, \
1383 { "Type", prefix ".handshake.extension.type", \
1384 FT_UINT16, BASE_DEC, VALS(tls_hello_extension_types), 0x0, \
1385 "Hello extension type", HFILL } \
1387 { & name .hf.hs_ext_len, \
1388 { "Length", prefix ".handshake.extension.len", \
1389 FT_UINT16, BASE_DEC, NULL, 0x0, \
1390 "Length of a hello extension", HFILL } \
1392 { & name .hf.hs_ext_data, \
1393 { "Data", prefix ".handshake.extension.data", \
1394 FT_BYTES, BASE_NONE, NULL, 0x0, \
1395 "Hello Extension data", HFILL } \
1397 { & name .hf.hs_ext_supported_groups_len, \
1398 { "Supported Groups List Length", prefix ".handshake.extensions_supported_groups_length", \
1399 FT_UINT16, BASE_DEC, NULL, 0x0, \
1402 { & name .hf.hs_ext_supported_groups, \
1403 { "Supported Groups List", prefix ".handshake.extensions_supported_groups", \
1404 FT_NONE, BASE_NONE, NULL, 0x0, \
1405 "List of supported groups (formerly Supported Elliptic Curves)", HFILL } \
1407 { & name .hf.hs_ext_supported_group, \
1408 { "Supported Group", prefix ".handshake.extensions_supported_group", \
1409 FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \
1412 { & name .hf.hs_ext_ec_point_formats_len, \
1413 { "EC point formats Length", prefix ".handshake.extensions_ec_point_formats_length", \
1414 FT_UINT8, BASE_DEC, NULL, 0x0, \
1415 "Length of elliptic curves point formats field", HFILL } \
1417 { & name .hf.hs_ext_ec_point_formats, \
1418 { "EC point formats", prefix ".handshake.extensions_ec_point_formats", \
1419 FT_NONE, BASE_NONE, NULL, 0x0, \
1420 "List of elliptic curves point format", HFILL } \
1422 { & name .hf.hs_ext_ec_point_format, \
1423 { "EC point format", prefix ".handshake.extensions_ec_point_format", \
1424 FT_UINT8, BASE_DEC, VALS(ssl_extension_ec_point_formats), 0x0, \
1425 "Elliptic curves point format", HFILL } \
1427 { & name .hf.hs_ext_srp_len, \
1428 { "SRP username length", prefix ".handshake.extensions_srp_len", \
1429 FT_UINT8, BASE_DEC, NULL, 0x0, \
1430 "Length of Secure Remote Password username field", HFILL } \
1432 { & name .hf.hs_ext_srp_username, \
1433 { "SRP username", prefix ".handshake.extensions_srp_username", \
1434 FT_STRING, BASE_NONE, NULL, 0x0, \
1435 "Secure Remote Password username", HFILL } \
1437 { & name .hf.hs_ext_alpn_len, \
1438 { "ALPN Extension Length", prefix ".handshake.extensions_alpn_len", \
1439 FT_UINT16, BASE_DEC, NULL, 0x0, \
1440 "Length of the ALPN Extension", HFILL } \
1442 { & name .hf.hs_ext_alpn_list, \
1443 { "ALPN Protocol", prefix ".handshake.extensions_alpn_list", \
1444 FT_NONE, BASE_NONE, NULL, 0x0, \
1447 { & name .hf.hs_ext_alpn_str_len, \
1448 { "ALPN string length", prefix ".handshake.extensions_alpn_str_len", \
1449 FT_UINT8, BASE_DEC, NULL, 0x0, \
1450 "Length of ALPN string", HFILL } \
1452 { & name .hf.hs_ext_alpn_str, \
1453 { "ALPN Next Protocol", prefix ".handshake.extensions_alpn_str", \
1454 FT_STRING, BASE_NONE, NULL, 0x00, \
1457 { & name .hf.hs_ext_npn_str_len, \
1458 { "Protocol string length", prefix ".handshake.extensions_npn_str_len", \
1459 FT_UINT8, BASE_DEC, NULL, 0x0, \
1460 "Length of next protocol string", HFILL } \
1462 { & name .hf.hs_ext_npn_str, \
1463 { "Next Protocol", prefix ".handshake.extensions_npn", \
1464 FT_STRING, BASE_NONE, NULL, 0x0, \
1467 { & name .hf.hs_ext_reneg_info_len, \
1468 { "Renegotiation info extension length", prefix ".handshake.extensions_reneg_info_len", \
1469 FT_UINT8, BASE_DEC, NULL, 0x0, \
1472 { & name .hf.hs_ext_reneg_info, \
1473 { "Renegotiation info", prefix ".handshake.extensions_reneg_info",\
1474 FT_BYTES, BASE_NONE, NULL, 0x0, \
1477 { & name .hf.hs_ext_key_share_client_length, \
1478 { "Client Key Share Length", prefix ".handshake.extensions_key_share_client_length", \
1479 FT_UINT16, BASE_DEC, NULL, 0x00, \
1482 { & name .hf.hs_ext_key_share_group, \
1483 { "Group", prefix ".handshake.extensions_key_share_group", \
1484 FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \
1487 { & name .hf.hs_ext_key_share_key_exchange_length, \
1488 { "Key Exchange Length", prefix ".handshake.extensions_key_share_key_exchange_length", \
1489 FT_UINT16, BASE_DEC, NULL, 0x00, \
1492 { & name .hf.hs_ext_key_share_key_exchange, \
1493 { "Key Exchange", prefix ".handshake.extensions_key_share_key_exchange", \
1494 FT_BYTES, BASE_NONE, NULL, 0x0, \
1497 { & name .hf.hs_ext_key_share_selected_group, \
1498 { "Selected Group", prefix ".handshake.extensions_key_share_selected_group", \
1499 FT_UINT16, BASE_DEC, VALS(ssl_extension_curves), 0x00, \
1502 { & name .hf.hs_ext_psk_identities_length, \
1503 { "Identities Length", prefix ".handshake.extensions.psk.identities.length", \
1504 FT_UINT16, BASE_DEC, NULL, 0x0, \
1507 { & name .hf.hs_ext_psk_identity_identity_length, \
1508 { "Identity Length", prefix ".handshake.extensions.psk.identity.identity_length", \
1509 FT_UINT16, BASE_DEC, NULL, 0x0, \
1512 { & name .hf.hs_ext_psk_identity_identity, \
1513 { "Identity", prefix ".handshake.extensions.psk.identity.identity", \
1514 FT_BYTES, BASE_NONE, NULL, 0x0, \
1517 { & name .hf.hs_ext_psk_identity_obfuscated_ticket_age, \
1518 { "Obfuscated Ticket Age", prefix ".handshake.extensions.psk.identity.obfuscated_ticket_age", \
1519 FT_UINT32, BASE_DEC, NULL, 0x0, \
1522 { & name .hf.hs_ext_psk_binders_length, \
1523 { "PSK Binders length", prefix ".handshake.extensions.psk.binders_len", \
1524 FT_UINT16, BASE_DEC, NULL, 0x0, \
1527 { & name .hf.hs_ext_psk_binders, \
1528 { "PSK Binders", prefix ".handshake.extensions.psk.binders", \
1529 FT_NONE, BASE_NONE, NULL, 0x0, \
1532 { & name .hf.hs_ext_psk_identity_selected, \
1533 { "Selected Identity", prefix ".handshake.extensions.psk.identity.selected", \
1534 FT_UINT16, BASE_DEC, NULL, 0x0, \
1537 { & name .hf.hs_ext_session_ticket, \
1538 { "Session Ticket", prefix ".handshake.extensions.session_ticket", \
1539 FT_BYTES, BASE_NONE, NULL, 0x0, \
1542 { & name .hf.hs_ext_supported_versions_len, \
1543 { "Supported Versions length", prefix ".handshake.extensions.supported_versions_len", \
1544 FT_UINT8, BASE_DEC, NULL, 0x0, \
1547 { & name .hf.hs_ext_supported_version, \
1548 { "Supported Version", prefix ".handshake.extensions.supported_version", \
1549 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
1552 { & name .hf.hs_ext_cookie_len, \
1553 { "Cookie length", prefix ".handshake.extensions.cookie_len", \
1554 FT_UINT16, BASE_DEC, NULL, 0x0, \
1557 { & name .hf.hs_ext_cookie, \
1558 { "Cookie", prefix ".handshake.extensions.cookie", \
1559 FT_BYTES, BASE_NONE, NULL, 0x0, \
1562 { & name .hf.hs_ext_server_name_list_len, \
1563 { "Server Name list length", prefix ".handshake.extensions_server_name_list_len", \
1564 FT_UINT16, BASE_DEC, NULL, 0x0, \
1565 "Length of server name list", HFILL } \
1567 { & name .hf.hs_ext_server_name_len, \
1568 { "Server Name length", prefix ".handshake.extensions_server_name_len", \
1569 FT_UINT16, BASE_DEC, NULL, 0x0, \
1570 "Length of server name string", HFILL } \
1572 { & name .hf.hs_ext_server_name_type, \
1573 { "Server Name Type", prefix ".handshake.extensions_server_name_type", \
1574 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_server_name_type_vs), 0x0, \
1577 { & name .hf.hs_ext_server_name, \
1578 { "Server Name", prefix ".handshake.extensions_server_name", \
1579 FT_STRING, BASE_NONE, NULL, 0x0, \
1582 { & name .hf.hs_ext_max_fragment_length, \
1583 { "Maximum Fragment Length", prefix ".handshake.max_fragment_length", \
1584 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_max_fragment_length), 0x00, \
1585 "Maximum fragment length that an endpoint is willing to receive", HFILL } \
1587 { & name .hf.hs_ext_padding_data, \
1588 { "Padding Data", prefix ".handshake.extensions_padding_data", \
1589 FT_BYTES, BASE_NONE, NULL, 0x0, \
1590 "Must be zero", HFILL } \
1592 { & name .hf.hs_ext_cert_url_type, \
1593 { "Certificate Chain Type", prefix ".handshake.cert_url_type", \
1594 FT_UINT8, BASE_DEC, VALS(tls_cert_chain_type), 0x0, \
1595 "Certificate Chain Type for Client Certificate URL", HFILL } \
1597 { & name .hf.hs_ext_cert_url_url_hash_list_len, \
1598 { "URL and Hash list Length", prefix ".handshake.cert_url.url_hash_len", \
1599 FT_UINT16, BASE_DEC, NULL, 0x0, \
1602 { & name .hf.hs_ext_cert_url_item, \
1603 { "URL and Hash", prefix ".handshake.cert_url.url_hash", \
1604 FT_NONE, BASE_NONE, NULL, 0x0, \
1607 { & name .hf.hs_ext_cert_url_url_len, \
1608 { "URL Length", prefix ".handshake.cert_url.url_len", \
1609 FT_UINT16, BASE_DEC, NULL, 0x0, \
1612 { & name .hf.hs_ext_cert_type, \
1613 { "Certificate Type", prefix ".handshake.cert_type.type", \
1614 FT_UINT8, BASE_HEX, VALS(tls_certificate_type), 0x0, \
1617 { & name .hf.hs_ext_cert_types, \
1618 { "Certificate Type List", prefix ".handshake.cert_type.types", \
1619 FT_NONE, BASE_NONE, NULL, 0x0, \
1622 { & name .hf.hs_ext_cert_types_len, \
1623 { "Certificate Type List Length", prefix ".handshake.cert_type.types_len", \
1624 FT_UINT8, BASE_DEC, NULL, 0x0, \
1627 { & name .hf.hs_ext_cert_url_url, \
1628 { "URL", prefix ".handshake.cert_url.url", \
1629 FT_STRING, BASE_NONE, NULL, 0x0, \
1630 "URL used to fetch the certificate(s)", HFILL } \
1632 { & name .hf.hs_ext_cert_url_padding, \
1633 { "Padding", prefix ".handshake.cert_url.padding", \
1634 FT_NONE, BASE_NONE, NULL, 0x0, \
1635 "Padding that MUST be 0x01 for backwards compatibility", HFILL } \
1637 { & name .hf.hs_ext_cert_url_sha1, \
1638 { "SHA1 Hash", prefix ".handshake.cert_url.sha1", \
1639 FT_BYTES, BASE_NONE, NULL, 0x0, \
1640 "SHA1 Hash of the certificate", HFILL } \
1642 { & name .hf.hs_ext_cert_status_type, \
1643 { "Certificate Status Type", prefix ".handshake.extensions_status_request_type", \
1644 FT_UINT8, BASE_DEC, VALS(tls_cert_status_type), 0x0, \
1647 { & name .hf.hs_ext_cert_status_request_len, \
1648 { "Certificate Status Length", prefix ".handshake.extensions_status_request_len", \
1649 FT_UINT16, BASE_DEC, NULL, 0x0, \
1652 { & name .hf.hs_ext_cert_status_responder_id_list_len, \
1653 { "Responder ID list Length", prefix ".handshake.extensions_status_request_responder_ids_len", \
1654 FT_UINT16, BASE_DEC, NULL, 0x0, \
1657 { & name .hf.hs_ext_cert_status_request_extensions_len, \
1658 { "Request Extensions Length", prefix ".handshake.extensions_status_request_exts_len", \
1659 FT_UINT16, BASE_DEC, NULL, 0x0, \
1662 { & name .hf.hs_ext_cert_status_request_list_len, \
1663 { "Certificate Status List Length", prefix ".handshake.extensions_status_request_list_len", \
1664 FT_UINT16, BASE_DEC, NULL, 0x0, \
1665 "CertificateStatusRequestItemV2 list length", HFILL } \
1667 { & name .hf.hs_ocsp_response_list_len, \
1668 { "OCSP Response List Length", prefix ".handshake.ocsp_response_list_len", \
1669 FT_UINT24, BASE_DEC, NULL, 0x0, \
1670 "OCSPResponseList length", HFILL } \
1672 { & name .hf.hs_ocsp_response_len, \
1673 { "OCSP Response Length", prefix ".handshake.ocsp_response_len", \
1674 FT_UINT24, BASE_DEC, NULL, 0x0, \
1677 { & name .hf.hs_sig_hash_alg_len, \
1678 { "Signature Hash Algorithms Length", prefix ".handshake.sig_hash_alg_len", \
1679 FT_UINT16, BASE_DEC, NULL, 0x0, \
1680 "Length of Signature Hash Algorithms", HFILL } \
1682 { & name .hf.hs_sig_hash_algs, \
1683 { "Signature Algorithms", prefix ".handshake.sig_hash_algs", \
1684 FT_NONE, BASE_NONE, NULL, 0x0, \
1685 "List of supported Signature Algorithms", HFILL } \
1687 { & name .hf.hs_sig_hash_alg, \
1688 { "Signature Algorithm", prefix ".handshake.sig_hash_alg", \
1689 FT_UINT16, BASE_HEX, VALS(tls13_signature_algorithm), 0x0, \
1692 { & name .hf.hs_sig_hash_hash, \
1693 { "Signature Hash Algorithm Hash", prefix ".handshake.sig_hash_hash", \
1694 FT_UINT8, BASE_DEC, VALS(tls_hash_algorithm), 0x0, \
1695 "Hash algorithm (TLS 1.2)", HFILL } \
1697 { & name .hf.hs_sig_hash_sig, \
1698 { "Signature Hash Algorithm Signature", prefix ".handshake.sig_hash_sig", \
1699 FT_UINT8, BASE_DEC, VALS(tls_signature_algorithm), 0x0, \
1700 "Signature algorithm (TLS 1.2)", HFILL } \
1702 { & name .hf.hs_client_keyex_epms_len, \
1703 { "Encrypted PreMaster length", prefix ".handshake.epms_len", \
1704 FT_UINT16, BASE_DEC, NULL, 0x0, \
1705 "Length of encrypted PreMaster secret", HFILL } \
1707 { & name .hf.hs_client_keyex_epms, \
1708 { "Encrypted PreMaster", prefix ".handshake.epms", \
1709 FT_BYTES, BASE_NONE, NULL, 0x0, \
1710 "Encrypted PreMaster secret", HFILL } \
1712 { & name .hf.hs_server_keyex_modulus_len, \
1713 { "Modulus Length", prefix ".handshake.modulus_len", \
1714 FT_UINT16, BASE_DEC, NULL, 0x0, \
1715 "Length of RSA-EXPORT modulus", HFILL } \
1717 { & name .hf.hs_server_keyex_exponent_len, \
1718 { "Exponent Length", prefix ".handshake.exponent_len", \
1719 FT_UINT16, BASE_DEC, NULL, 0x0, \
1720 "Length of RSA-EXPORT exponent", HFILL } \
1722 { & name .hf.hs_server_keyex_sig_len, \
1723 { "Signature Length", prefix ".handshake.sig_len", \
1724 FT_UINT16, BASE_DEC, NULL, 0x0, \
1725 "Length of Signature", HFILL } \
1727 { & name .hf.hs_server_keyex_p_len, \
1728 { "p Length", prefix ".handshake.p_len", \
1729 FT_UINT16, BASE_DEC, NULL, 0x0, \
1730 "Length of p", HFILL } \
1732 { & name .hf.hs_server_keyex_g_len, \
1733 { "g Length", prefix ".handshake.g_len", \
1734 FT_UINT16, BASE_DEC, NULL, 0x0, \
1735 "Length of g", HFILL } \
1737 { & name .hf.hs_server_keyex_ys_len, \
1738 { "Pubkey Length", prefix ".handshake.ys_len", \
1739 FT_UINT16, BASE_DEC, NULL, 0x0, \
1740 "Length of server's Diffie-Hellman public key", HFILL } \
1742 { & name .hf.hs_client_keyex_yc_len, \
1743 { "Pubkey Length", prefix ".handshake.yc_len", \
1744 FT_UINT16, BASE_DEC, NULL, 0x0, \
1745 "Length of client's Diffie-Hellman public key", HFILL } \
1747 { & name .hf.hs_client_keyex_point_len, \
1748 { "Pubkey Length", prefix ".handshake.client_point_len", \
1749 FT_UINT8, BASE_DEC, NULL, 0x0, \
1750 "Length of client's EC Diffie-Hellman public key", HFILL } \
1752 { & name .hf.hs_server_keyex_point_len, \
1753 { "Pubkey Length", prefix ".handshake.server_point_len", \
1754 FT_UINT8, BASE_DEC, NULL, 0x0, \
1755 "Length of server's EC Diffie-Hellman public key", HFILL } \
1757 { & name .hf.hs_server_keyex_p, \
1758 { "p", prefix ".handshake.p", \
1759 FT_BYTES, BASE_NONE, NULL, 0x0, \
1760 "Diffie-Hellman p", HFILL } \
1762 { & name .hf.hs_server_keyex_g, \
1763 { "g", prefix ".handshake.g", \
1764 FT_BYTES, BASE_NONE, NULL, 0x0, \
1765 "Diffie-Hellman g", HFILL } \
1767 { & name .hf.hs_server_keyex_curve_type, \
1768 { "Curve Type", prefix ".handshake.server_curve_type", \
1769 FT_UINT8, BASE_HEX, VALS(ssl_curve_types), 0x0, \
1770 "Server curve_type", HFILL } \
1772 { & name .hf.hs_server_keyex_named_curve, \
1773 { "Named Curve", prefix ".handshake.server_named_curve", \
1774 FT_UINT16, BASE_HEX, VALS(ssl_extension_curves), 0x0, \
1775 "Server named_curve", HFILL } \
1777 { & name .hf.hs_server_keyex_ys, \
1778 { "Pubkey", prefix ".handshake.ys", \
1779 FT_BYTES, BASE_NONE, NULL, 0x0, \
1780 "Diffie-Hellman server pubkey", HFILL } \
1782 { & name .hf.hs_client_keyex_yc, \
1783 { "Pubkey", prefix ".handshake.yc", \
1784 FT_BYTES, BASE_NONE, NULL, 0x0, \
1785 "Diffie-Hellman client pubkey", HFILL } \
1787 { & name .hf.hs_server_keyex_point, \
1788 { "Pubkey", prefix ".handshake.server_point", \
1789 FT_BYTES, BASE_NONE, NULL, 0x0, \
1790 "EC Diffie-Hellman server pubkey", HFILL } \
1792 { & name .hf.hs_client_keyex_point, \
1793 { "Pubkey", prefix ".handshake.client_point", \
1794 FT_BYTES, BASE_NONE, NULL, 0x0, \
1795 "EC Diffie-Hellman client pubkey", HFILL } \
1797 { & name .hf.hs_server_keyex_xs_len, \
1798 { "Pubkey Length", prefix ".handshake.xs_len", \
1799 FT_UINT8, BASE_DEC, NULL, 0x0, \
1800 "Length of EC J-PAKE server public key", HFILL } \
1802 { & name .hf.hs_client_keyex_xc_len, \
1803 { "Pubkey Length", prefix ".handshake.xc_len", \
1804 FT_UINT8, BASE_DEC, NULL, 0x0, \
1805 "Length of EC J-PAKE client public key", HFILL } \
1807 { & name .hf.hs_server_keyex_xs, \
1808 { "Pubkey", prefix ".handshake.xs", \
1809 FT_BYTES, BASE_NONE, NULL, 0x0, \
1810 "EC J-PAKE server public key", HFILL } \
1812 { & name .hf.hs_client_keyex_xc, \
1813 { "Pubkey", prefix ".handshake.xc", \
1814 FT_BYTES, BASE_NONE, NULL, 0x0, \
1815 "EC J-PAKE client public key", HFILL } \
1817 { & name .hf.hs_server_keyex_vs_len, \
1818 { "Ephemeral Pubkey Length", prefix ".handshake.vs_len", \
1819 FT_UINT8, BASE_DEC, NULL, 0x0, \
1820 "Length of EC J-PAKE server ephemeral public key", HFILL } \
1822 { & name .hf.hs_client_keyex_vc_len, \
1823 { "Ephemeral Pubkey Length", prefix ".handshake.vc_len", \
1824 FT_UINT8, BASE_DEC, NULL, 0x0, \
1825 "Length of EC J-PAKE client ephemeral public key", HFILL } \
1827 { & name .hf.hs_server_keyex_vs, \
1828 { "Ephemeral Pubkey", prefix ".handshake.vs", \
1829 FT_BYTES, BASE_NONE, NULL, 0x0, \
1830 "EC J-PAKE server ephemeral public key", HFILL } \
1832 { & name .hf.hs_client_keyex_vc, \
1833 { "Ephemeral Pubkey", prefix ".handshake.vc", \
1834 FT_BYTES, BASE_NONE, NULL, 0x0, \
1835 "EC J-PAKE client ephemeral public key", HFILL } \
1837 { & name .hf.hs_server_keyex_rs_len, \
1838 { "Schnorr signature Length", prefix ".handshake.rs_len", \
1839 FT_UINT8, BASE_DEC, NULL, 0x0, \
1840 "Length of EC J-PAKE server Schnorr signature", HFILL } \
1842 { & name .hf.hs_client_keyex_rc_len, \
1843 { "Schnorr signature Length", prefix ".handshake.rc_len", \
1844 FT_UINT8, BASE_DEC, NULL, 0x0, \
1845 "Length of EC J-PAKE client Schnorr signature", HFILL } \
1847 { & name .hf.hs_server_keyex_rs, \
1848 { "Schnorr signature", prefix ".handshake.rs", \
1849 FT_BYTES, BASE_NONE, NULL, 0x0, \
1850 "EC J-PAKE server Schnorr signature", HFILL } \
1852 { & name .hf.hs_client_keyex_rc, \
1853 { "Schnorr signature", prefix ".handshake.rc", \
1854 FT_BYTES, BASE_NONE, NULL, 0x0, \
1855 "EC J-PAKE client Schnorr signature", HFILL } \
1857 { & name .hf.hs_server_keyex_modulus, \
1858 { "Modulus", prefix ".handshake.modulus", \
1859 FT_BYTES, BASE_NONE, NULL, 0x0, \
1860 "RSA-EXPORT modulus", HFILL } \
1862 { & name .hf.hs_server_keyex_exponent, \
1863 { "Exponent", prefix ".handshake.exponent", \
1864 FT_BYTES, BASE_NONE, NULL, 0x0, \
1865 "RSA-EXPORT exponent", HFILL } \
1867 { & name .hf.hs_server_keyex_sig, \
1868 { "Signature", prefix ".handshake.sig", \
1869 FT_BYTES, BASE_NONE, NULL, 0x0, \
1870 "Diffie-Hellman server signature", HFILL } \
1872 { & name .hf.hs_server_keyex_hint_len, \
1873 { "Hint Length", prefix ".handshake.hint_len", \
1874 FT_UINT16, BASE_DEC, NULL, 0x0, \
1875 "Length of PSK Hint", HFILL } \
1877 { & name .hf.hs_server_keyex_hint, \
1878 { "Hint", prefix ".handshake.hint", \
1879 FT_BYTES, BASE_NONE, NULL, 0x0, \
1880 "PSK Hint", HFILL } \
1882 { & name .hf.hs_client_keyex_identity_len, \
1883 { "Identity Length", prefix ".handshake.identity_len", \
1884 FT_UINT16, BASE_DEC, NULL, 0x0, \
1885 "Length of PSK Identity", HFILL } \
1887 { & name .hf.hs_client_keyex_identity, \
1888 { "Identity", prefix ".handshake.identity", \
1889 FT_BYTES, BASE_NONE, NULL, 0x0, \
1890 "PSK Identity", HFILL } \
1892 { & name .hf.hs_ext_heartbeat_mode, \
1893 { "Mode", prefix ".handshake.extension.heartbeat.mode", \
1894 FT_UINT8, BASE_DEC, VALS(tls_heartbeat_mode), 0x0, \
1895 "Heartbeat extension mode", HFILL } \
1897 { & name .hf.hs_certificates_len, \
1898 { "Certificates Length", prefix ".handshake.certificates_length", \
1899 FT_UINT24, BASE_DEC, NULL, 0x0, \
1900 "Length of certificates field", HFILL } \
1902 { & name .hf.hs_certificates, \
1903 { "Certificates", prefix ".handshake.certificates", \
1904 FT_NONE, BASE_NONE, NULL, 0x0, \
1905 "List of certificates", HFILL } \
1907 { & name .hf.hs_certificate, \
1908 { "Certificate", prefix ".handshake.certificate", \
1909 FT_BYTES, BASE_NONE, NULL, 0x0, \
1912 { & name .hf.hs_certificate_len, \
1913 { "Certificate Length", prefix ".handshake.certificate_length", \
1914 FT_UINT24, BASE_DEC, NULL, 0x0, \
1915 "Length of certificate", HFILL } \
1917 { & name .hf.hs_cert_types_count, \
1918 { "Certificate types count", prefix ".handshake.cert_types_count",\
1919 FT_UINT8, BASE_DEC, NULL, 0x0, \
1920 "Count of certificate types", HFILL } \
1922 { & name .hf.hs_cert_types, \
1923 { "Certificate types", prefix ".handshake.cert_types", \
1924 FT_NONE, BASE_NONE, NULL, 0x0, \
1925 "List of certificate types", HFILL } \
1927 { & name .hf.hs_cert_type, \
1928 { "Certificate type", prefix ".handshake.cert_type", \
1929 FT_UINT8, BASE_DEC, VALS(ssl_31_client_certificate_type), 0x0, \
1932 { & name .hf.hs_dnames_len, \
1933 { "Distinguished Names Length", prefix ".handshake.dnames_len", \
1934 FT_UINT16, BASE_DEC, NULL, 0x0, \
1935 "Length of list of CAs that server trusts", HFILL } \
1937 { & name .hf.hs_dnames, \
1938 { "Distinguished Names", prefix ".handshake.dnames", \
1939 FT_NONE, BASE_NONE, NULL, 0x0, \
1940 "List of CAs that server trusts", HFILL } \
1942 { & name .hf.hs_dname_len, \
1943 { "Distinguished Name Length", prefix ".handshake.dname_len", \
1944 FT_UINT16, BASE_DEC, NULL, 0x0, \
1945 "Length of distinguished name", HFILL } \
1947 { & name .hf.hs_dnames_truncated, \
1948 { "Tree view truncated", prefix ".handshake.dnames_truncated", \
1949 FT_NONE, BASE_NONE, NULL, 0x00, \
1950 "Some Distinguished Names are not added to tree pane to limit resources", HFILL } \
1952 { & name .hf.hs_dname, \
1953 { "Distinguished Name", prefix ".handshake.dname", \
1954 FT_NONE, BASE_NONE, NULL, 0x0, \
1955 "Distinguished name of a CA that server trusts", HFILL } \
1957 { & name .hf.hs_random, \
1958 { "Random", prefix ".handshake.random", \
1959 FT_BYTES, BASE_NONE, NULL, 0x0, \
1960 "Random values used for deriving keys", HFILL } \
1962 { & name .hf.hs_random_time, \
1963 { "GMT Unix Time", prefix ".handshake.random_time", \
1964 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0, \
1965 "Unix time field of random structure", HFILL } \
1967 { & name .hf.hs_random_bytes, \
1968 { "Random Bytes", prefix ".handshake.random_bytes", \
1969 FT_BYTES, BASE_NONE, NULL, 0x0, \
1970 "Random values used for deriving keys", HFILL } \
1972 { & name .hf.hs_session_id, \
1973 { "Session ID", prefix ".handshake.session_id", \
1974 FT_BYTES, BASE_NONE, NULL, 0x0, \
1975 "Identifies the SSL session, allowing later resumption", HFILL }\
1977 { & name .hf.hs_session_id_len, \
1978 { "Session ID Length", prefix ".handshake.session_id_length", \
1979 FT_UINT8, BASE_DEC, NULL, 0x0, \
1980 "Length of Session ID field", HFILL } \
1982 { & name .hf.hs_client_version, \
1983 { "Version", prefix ".handshake.version", \
1984 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
1985 "Maximum version supported by client [legacy_version if supported_versions ext is present]", HFILL } \
1987 { & name .hf.hs_server_version, \
1988 { "Version", prefix ".handshake.version", \
1989 FT_UINT16, BASE_HEX, VALS(ssl_versions), 0x0, \
1990 "Version selected by server [legacy_version if supported_versions ext is present]", HFILL } \
1992 { & name .hf.hs_cipher_suites_len, \
1993 { "Cipher Suites Length", prefix ".handshake.cipher_suites_length", \
1994 FT_UINT16, BASE_DEC, NULL, 0x0, \
1995 "Length of cipher suites field", HFILL } \
1997 { & name .hf.hs_cipher_suites, \
1998 { "Cipher Suites", prefix ".handshake.ciphersuites", \
1999 FT_NONE, BASE_NONE, NULL, 0x0, \
2000 "List of cipher suites supported by client", HFILL } \
2002 { & name .hf.hs_cipher_suite, \
2003 { "Cipher Suite", prefix ".handshake.ciphersuite", \
2004 FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0, \
2007 { & name .hf.hs_comp_methods_len, \
2008 { "Compression Methods Length", prefix ".handshake.comp_methods_length", \
2009 FT_UINT8, BASE_DEC, NULL, 0x0, \
2010 "Length of compression methods field", HFILL } \
2012 { & name .hf.hs_comp_methods, \
2013 { "Compression Methods", prefix ".handshake.comp_methods", \
2014 FT_NONE, BASE_NONE, NULL, 0x0, \
2015 "List of compression methods supported by client", HFILL } \
2017 { & name .hf.hs_comp_method, \
2018 { "Compression Method", prefix ".handshake.comp_method", \
2019 FT_UINT8, BASE_DEC, VALS(ssl_31_compression_method), 0x0, \
2022 { & name .hf.hs_session_ticket_lifetime_hint, \
2023 { "Session Ticket Lifetime Hint", \
2024 prefix ".handshake.session_ticket_lifetime_hint", \
2025 FT_UINT32, BASE_DEC|BASE_UNIT_STRING, &units_second_seconds, 0x0, \
2026 "New Session Ticket Lifetime Hint", HFILL } \
2028 { & name .hf.hs_session_ticket_age_add, \
2029 { "Session Ticket Age Add", \
2030 prefix ".handshake.session_ticket_age_add", \
2031 FT_UINT32, BASE_DEC, NULL, 0x0, \
2032 "Random 32-bit value to obscure age of ticket", HFILL } \
2034 { & name .hf.hs_session_ticket_nonce_len, \
2035 { "Session Ticket Nonce Length", prefix ".handshake.session_ticket_nonce_length", \
2036 FT_UINT8, BASE_DEC, NULL, 0x0, \
2039 { & name .hf.hs_session_ticket_nonce, \
2040 { "Session Ticket Nonce", prefix ".handshake.session_ticket_nonce", \
2041 FT_BYTES, BASE_NONE, NULL, 0x0, \
2042 "A unique per-ticket value", HFILL } \
2044 { & name .hf.hs_session_ticket_len, \
2045 { "Session Ticket Length", prefix ".handshake.session_ticket_length", \
2046 FT_UINT16, BASE_DEC, NULL, 0x0, \
2047 "New Session Ticket Length", HFILL } \
2049 { & name .hf.hs_session_ticket, \
2050 { "Session Ticket", prefix ".handshake.session_ticket", \
2051 FT_BYTES, BASE_NONE, NULL, 0x0, \
2052 "New Session Ticket", HFILL } \
2054 { & name .hf.hs_finished, \
2055 { "Verify Data", prefix ".handshake.verify_data", \
2056 FT_NONE, BASE_NONE, NULL, 0x0, \
2057 "Opaque verification data", HFILL } \
2059 { & name .hf.hs_client_cert_vrfy_sig_len, \
2060 { "Signature length", prefix ".handshake.client_cert_vrfy.sig_len", \
2061 FT_UINT16, BASE_DEC, NULL, 0x0, \
2062 "Length of CertificateVerify's signature", HFILL } \
2064 { & name .hf.hs_client_cert_vrfy_sig, \
2065 { "Signature", prefix ".handshake.client_cert_vrfy.sig", \
2066 FT_BYTES, BASE_NONE, NULL, 0x0, \
2067 "CertificateVerify's signature", HFILL } \
2069 { & name .hf.hs_ja3_full, \
2070 { "JA3 Fullstring", prefix ".handshake.ja3_full", \
2071 FT_STRING, BASE_NONE, NULL, 0x0, \
2074 { & name .hf.hs_ja3_hash, \
2075 { "JA3", prefix ".handshake.ja3", \
2076 FT_STRING, BASE_NONE, NULL, 0x0, \
2079 { & name .hf.hs_ja3s_full, \
2080 { "JA3S Fullstring", prefix ".handshake.ja3s_full", \
2081 FT_STRING, BASE_NONE, NULL, 0x0, \
2084 { & name .hf.hs_ja3s_hash, \
2085 { "JA3S", prefix ".handshake.ja3s", \
2086 FT_STRING, BASE_NONE, NULL, 0x0, \
2089 { & name .hf.hs_ja4, \
2090 { "JA4", prefix ".handshake.ja4", \
2091 FT_STRING, BASE_NONE, NULL, 0x0, \
2094 { & name .hf.hs_ja4_r, \
2095 { "JA4_r", prefix ".handshake.ja4_r", \
2096 FT_STRING, BASE_NONE, NULL, 0x0, \
2099 { & name .hf.hs_ext_psk_ke_modes_length, \
2100 { "PSK Key Exchange Modes Length", prefix ".extension.psk_ke_modes_length", \
2101 FT_UINT8, BASE_DEC, NULL, 0x0, \
2104 { & name .hf.hs_ext_psk_ke_mode, \
2105 { "PSK Key Exchange Mode", prefix ".extension.psk_ke_mode", \
2106 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_psk_ke_mode), 0x0, \
2107 "Key exchange modes where the client supports use of PSKs", HFILL } \
2109 { & name .hf.hs_certificate_request_context_length, \
2110 { "Certificate Request Context Length", prefix ".handshake.certificate_request_context_length", \
2111 FT_UINT8, BASE_DEC, NULL, 0x0, \
2114 { & name .hf.hs_certificate_request_context, \
2115 { "Certificate Request Context", prefix ".handshake.certificate_request_context", \
2116 FT_BYTES, BASE_NONE, NULL, 0x0, \
2117 "Value from CertificateRequest or empty for server auth", HFILL } \
2119 { & name .hf.hs_key_update_request_update, \
2120 { "Key Update Request", prefix ".handshake.key_update.request_update", \
2121 FT_UINT8, BASE_DEC, VALS(tls13_key_update_request), 0x00, \
2122 "Whether the receiver should also update its keys", HFILL } \
2124 { & name .hf.sct_scts_length, \
2125 { "Serialized SCT List Length", prefix ".sct.scts_length", \
2126 FT_UINT16, BASE_DEC, NULL, 0x00, \
2129 { & name .hf.sct_sct_length, \
2130 { "Serialized SCT Length", prefix ".sct.sct_length", \
2131 FT_UINT16, BASE_DEC, NULL, 0x00, \
2134 { & name .hf.sct_sct_version, \
2135 { "SCT Version", prefix ".sct.sct_version", \
2136 FT_UINT8, BASE_DEC, NULL, 0x00, \
2137 "SCT Protocol version (v1 (0) is defined in RFC 6962)", HFILL } \
2139 { & name .hf.sct_sct_logid, \
2140 { "Log ID", prefix ".sct.sct_logid", \
2141 FT_BYTES, BASE_NONE, NULL, 0x00, \
2142 "SHA-256 hash of log's public key", HFILL } \
2144 { & name .hf.sct_sct_timestamp, \
2145 { "Timestamp", prefix ".sct.sct_timestamp", \
2146 FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x00, \
2147 "Timestamp of issuance", HFILL } \
2149 { & name .hf.sct_sct_extensions_length, \
2150 { "Extensions length", prefix ".sct.sct_extensions_length", \
2151 FT_UINT16, BASE_DEC, NULL, 0x00, \
2152 "Length of future extensions to this protocol (currently none)", HFILL } \
2154 { & name .hf.sct_sct_extensions, \
2155 { "Extensions", prefix ".sct.sct_extensions", \
2156 FT_NONE, BASE_NONE, NULL, 0x00, \
2157 "Future extensions to this protocol (currently none)", HFILL } \
2159 { & name .hf.sct_sct_signature_length, \
2160 { "Signature Length", prefix ".sct.sct_signature_length", \
2161 FT_UINT16, BASE_DEC, NULL, 0x00, \
2164 { & name .hf.sct_sct_signature, \
2165 { "Signature", prefix ".sct.sct_signature", \
2166 FT_BYTES, BASE_NONE, NULL, 0x00, \
2169 { & name .hf.hs_ext_max_early_data_size, \
2170 { "Maximum Early Data Size", prefix ".early_data.max_early_data_size", \
2171 FT_UINT32, BASE_DEC, NULL, 0x00, \
2172 "Maximum amount of 0-RTT data that the client may send", HFILL } \
2174 { & name .hf.hs_ext_oid_filters_length, \
2175 { "OID Filters Length", prefix ".extension.oid_filters_length", \
2176 FT_UINT16, BASE_DEC, NULL, 0x00, \
2179 { & name .hf.hs_ext_oid_filters_oid_length, \
2180 { "Certificate Extension OID Length", prefix ".extension.oid_filters.oid_length", \
2181 FT_UINT8, BASE_DEC, NULL, 0x00, \
2184 { & name .hf.hs_ext_oid_filters_oid, \
2185 { "Certificate Extension OID", prefix ".extension.oid_filters.oid", \
2186 FT_OID, BASE_NONE, NULL, 0x00, \
2189 { & name .hf.hs_ext_oid_filters_values_length, \
2190 { "Certificate Extension Values Length", prefix ".extension.oid_filters.values_length", \
2191 FT_UINT16, BASE_DEC, NULL, 0x00, \
2194 { & name .hf.hs_cred_valid_time, \
2195 { "Valid Time", prefix ".handshake.cred.valid_time", \
2196 FT_UINT16, BASE_DEC, NULL, 0x0, \
2197 "Delegated Credentials Valid Time", HFILL } \
2199 { & name .hf.hs_cred_pubkey, \
2200 { "Subject Public Key Info", prefix ".handshake.cred.pubkey", \
2201 FT_BYTES, BASE_NONE, NULL, 0x0, \
2202 "Delegated Credentials Subject Public Key Info", HFILL } \
2204 { & name .hf.hs_cred_pubkey_len, \
2205 { "Subject Public Key Info Length", prefix ".handshake.cred.pubkey_len", \
2206 FT_UINT24, BASE_DEC, NULL, 0x0, \
2207 "Delegated Credentials Subject Public Key Info Length", HFILL } \
2209 { & name .hf.hs_cred_signature, \
2210 { "Signature", prefix ".handshake.cred.signature", \
2211 FT_BYTES, BASE_NONE, NULL, 0x0, \
2212 "Delegated Credentials Signature", HFILL } \
2214 { & name .hf.hs_cred_signature_len, \
2215 { "Signature Length", prefix ".handshake.cred.signature_len", \
2216 FT_UINT16, BASE_DEC, NULL, 0x0, \
2217 "Delegated Credentials Signature Length", HFILL } \
2219 { & name .hf.hs_ext_compress_certificate_algorithms_length, \
2220 { "Algorithms Length", prefix ".compress_certificate.algorithms_length", \
2221 FT_UINT8, BASE_DEC, NULL, 0x00, \
2224 { & name .hf.hs_ext_compress_certificate_algorithm, \
2225 { "Algorithm", prefix ".compress_certificate.algorithm", \
2226 FT_UINT16, BASE_DEC, VALS(compress_certificate_algorithm_vals), 0x00, \
2229 { & name .hf.hs_ext_compress_certificate_uncompressed_length, \
2230 { "Uncompressed Length", prefix ".compress_certificate.uncompressed_length", \
2231 FT_UINT24, BASE_DEC, NULL, 0x00, \
2234 { & name .hf.hs_ext_compress_certificate_compressed_certificate_message_length, \
2235 { "Length", prefix ".compress_certificate.compressed_certificate_message.length", \
2236 FT_UINT24, BASE_DEC, NULL, 0x00, \
2239 { & name .hf.hs_ext_compress_certificate_compressed_certificate_message, \
2240 { "Compressed Certificate Message", prefix ".compress_certificate.compressed_certificate_message", \
2241 FT_BYTES, BASE_NONE, NULL, 0x00, \
2244 { & name .hf.hs_ext_token_binding_version_major, \
2245 { "Protocol Major Version", prefix ".token_binding.version_major", \
2246 FT_UINT8, BASE_HEX, NULL, 0x00, \
2247 "Major version of the Token Binding protocol", HFILL } \
2249 { & name .hf.hs_ext_token_binding_version_minor, \
2250 { "Protocol Minor Version", prefix ".token_binding.version_minor", \
2251 FT_UINT8, BASE_HEX, NULL, 0x00, \
2252 "Minor version of the Token Binding protocol", HFILL } \
2254 { & name .hf.hs_ext_token_binding_key_parameters, \
2255 { "Key Parameters", prefix ".token_binding.key_parameters", \
2256 FT_NONE, BASE_NONE, NULL, 0x0, \
2259 { & name .hf.hs_ext_token_binding_key_parameters_length, \
2260 { "Key Parameters Length", prefix ".token_binding.key_parameters_length", \
2261 FT_UINT8, BASE_DEC, NULL, 0x00, \
2262 "Length of the key parameters list", HFILL } \
2264 { & name .hf.hs_ext_token_binding_key_parameter, \
2265 { "Key Parameter", prefix ".token_binding.key_parameter", \
2266 FT_UINT8, BASE_DEC, VALS(token_binding_key_parameter_vals), 0x00, \
2267 "Identifier of the Token Binding key parameter", HFILL } \
2269 { & name .hf.hs_ext_record_size_limit, \
2270 { "Record Size Limit", prefix ".record_size_limit", \
2271 FT_UINT16, BASE_DEC, NULL, 0x00, \
2272 "Maximum record size that an endpoint is willing to receive", HFILL } \
2274 { & name .hf.hs_ext_quictp_len, \
2275 { "Parameters Length", prefix ".quic.len", \
2276 FT_UINT16, BASE_DEC, NULL, 0x00, \
2279 { & name .hf.hs_ext_quictp_parameter, \
2280 { "Parameter", prefix ".quic.parameter", \
2281 FT_NONE, BASE_NONE, NULL, 0x00, \
2284 { & name .hf.hs_ext_quictp_parameter_type, \
2285 { "Type", prefix ".quic.parameter.type", \
2286 FT_UINT64, BASE_CUSTOM, CF_FUNC(quic_transport_parameter_id_base_custom), 0x00, \
2289 { & name .hf.hs_ext_quictp_parameter_len, \
2290 { "Length", prefix ".quic.parameter.length", \
2291 FT_UINT64, BASE_DEC, NULL, 0x00, \
2294 { & name .hf.hs_ext_quictp_parameter_len_old, \
2295 { "Length", prefix ".quic.parameter.length.old", \
2296 FT_UINT16, BASE_DEC, NULL, 0x00, \
2299 { & name .hf.hs_ext_quictp_parameter_value, \
2300 { "Value", prefix ".quic.parameter.value", \
2301 FT_BYTES, BASE_NONE, NULL, 0x00, \
2304 { & name .hf.hs_ext_quictp_parameter_original_destination_connection_id, \
2305 { "original_destination_connection_id", prefix ".quic.parameter.original_destination_connection_id", \
2306 FT_BYTES, BASE_NONE, NULL, 0x00, \
2307 "Destination Connection ID from the first Initial packet sent by the client", HFILL } \
2309 { & name .hf.hs_ext_quictp_parameter_max_idle_timeout, \
2310 { "max_idle_timeout", prefix ".quic.parameter.max_idle_timeout", \
2311 FT_UINT64, BASE_DEC, NULL, 0x00, \
2312 "In milliseconds", HFILL } \
2314 { & name .hf.hs_ext_quictp_parameter_stateless_reset_token, \
2315 { "stateless_reset_token", prefix ".quic.parameter.stateless_reset_token", \
2316 FT_BYTES, BASE_NONE, NULL, 0x00, \
2317 "Used in verifying a stateless reset", HFILL } \
2319 { & name .hf.hs_ext_quictp_parameter_max_udp_payload_size, \
2320 { "max_udp_payload_size", prefix ".quic.parameter.max_udp_payload_size", \
2321 FT_UINT64, BASE_DEC, NULL, 0x00, \
2322 "Maximum UDP payload size that the endpoint is willing to receive", HFILL } \
2324 { & name .hf.hs_ext_quictp_parameter_initial_max_data, \
2325 { "initial_max_data", prefix ".quic.parameter.initial_max_data", \
2326 FT_UINT64, BASE_DEC, NULL, 0x00, \
2327 "Contains the initial value for the maximum amount of data that can be sent on the connection", HFILL } \
2329 { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_local, \
2330 { "initial_max_stream_data_bidi_local", prefix ".quic.parameter.initial_max_stream_data_bidi_local", \
2331 FT_UINT64, BASE_DEC, NULL, 0x00, \
2332 "Initial stream maximum data for bidirectional, locally-initiated streams", HFILL } \
2334 { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_bidi_remote, \
2335 { "initial_max_stream_data_bidi_remote", prefix ".quic.parameter.initial_max_stream_data_bidi_remote", \
2336 FT_UINT64, BASE_DEC, NULL, 0x00, \
2337 "Initial stream maximum data for bidirectional, peer-initiated streams", HFILL } \
2339 { & name .hf.hs_ext_quictp_parameter_initial_max_stream_data_uni, \
2340 { "initial_max_stream_data_uni", prefix ".quic.parameter.initial_max_stream_data_uni", \
2341 FT_UINT64, BASE_DEC, NULL, 0x00, \
2342 "Initial stream maximum data for unidirectional streams parameter", HFILL } \
2344 { & name .hf.hs_ext_quictp_parameter_initial_max_streams_bidi, \
2345 { "initial_max_streams_bidi", prefix ".quic.parameter.initial_max_streams_bidi", \
2346 FT_UINT64, BASE_DEC, NULL, 0x00, \
2347 "Initial maximum number of application-owned bidirectional streams", HFILL } \
2349 { & name .hf.hs_ext_quictp_parameter_initial_max_streams_uni, \
2350 { "initial_max_streams_uni", prefix ".quic.parameter.initial_max_streams_uni", \
2351 FT_UINT64, BASE_DEC, NULL, 0x00, \
2352 "Initial maximum number of application-owned unidirectional streams", HFILL } \
2354 { & name .hf.hs_ext_quictp_parameter_ack_delay_exponent, \
2355 { "ack_delay_exponent", prefix ".quic.parameter.ack_delay_exponent", \
2356 FT_UINT64, BASE_DEC, NULL, 0x00, \
2357 "Indicating an exponent used to decode the ACK Delay field in the ACK frame,", HFILL } \
2359 { & name .hf.hs_ext_quictp_parameter_max_ack_delay, \
2360 { "max_ack_delay", prefix ".quic.parameter.max_ack_delay", \
2361 FT_UINT64, BASE_DEC, NULL, 0x00, \
2362 "Indicating the maximum amount of time in milliseconds by which it will delay sending of acknowledgments", HFILL } \
2364 { & name .hf.hs_ext_quictp_parameter_pa_ipv4address, \
2365 { "ipv4Address", prefix ".quic.parameter.preferred_address.ipv4address", \
2366 FT_IPv4, BASE_NONE, NULL, 0x00, \
2369 { & name .hf.hs_ext_quictp_parameter_pa_ipv6address, \
2370 { "ipv6Address", prefix ".quic.parameter.preferred_address.ipv6address", \
2371 FT_IPv6, BASE_NONE, NULL, 0x00, \
2374 { & name .hf.hs_ext_quictp_parameter_pa_ipv4port, \
2375 { "ipv4Port", prefix ".quic.parameter.preferred_address.ipv4port", \
2376 FT_UINT16, BASE_DEC, NULL, 0x00, \
2379 { & name .hf.hs_ext_quictp_parameter_pa_ipv6port, \
2380 { "ipv6Port", prefix ".quic.parameter.preferred_address.ipv6port", \
2381 FT_UINT16, BASE_DEC, NULL, 0x00, \
2384 { & name .hf.hs_ext_quictp_parameter_pa_connectionid_length, \
2385 { "Length", prefix ".quic.parameter.preferred_address.connectionid.length", \
2386 FT_UINT8, BASE_DEC, NULL, 0x00, \
2387 "Length of connectionId Field", HFILL } \
2389 { & name .hf.hs_ext_quictp_parameter_pa_connectionid, \
2390 { "connectionId", prefix ".quic.parameter.preferred_address.connectionid", \
2391 FT_BYTES, BASE_NONE, NULL, 0x00, \
2394 { & name .hf.hs_ext_quictp_parameter_pa_statelessresettoken, \
2395 { "statelessResetToken", prefix ".quic.parameter.preferred_address.statelessresettoken", \
2396 FT_BYTES, BASE_NONE, NULL, 0x00, \
2399 { & name .hf.hs_ext_quictp_parameter_active_connection_id_limit, \
2400 { "Active Connection ID Limit", prefix ".quic.parameter.active_connection_id_limit", \
2401 FT_UINT64, BASE_DEC, NULL, 0x00, \
2404 { & name .hf.hs_ext_quictp_parameter_initial_source_connection_id, \
2405 { "Initial Source Connection ID", prefix ".quic.parameter.initial_source_connection_id", \
2406 FT_BYTES, BASE_NONE, NULL, 0x00, \
2409 { & name .hf.hs_ext_quictp_parameter_retry_source_connection_id, \
2410 { "Retry Source Connection ID", prefix ".quic.parameter.retry_source_connection_id", \
2411 FT_BYTES, BASE_NONE, NULL, 0x00, \
2414 { & name .hf.hs_ext_quictp_parameter_max_datagram_frame_size, \
2415 { "max_datagram_frame_size", prefix ".quic.parameter.max_datagram_frame_size", \
2416 FT_UINT64, BASE_DEC, NULL, 0x00, \
2419 { & name .hf.hs_ext_quictp_parameter_cibir_encoding_length, \
2420 { "length", prefix ".quic.parameter.cibir_encoding.length", \
2421 FT_UINT64, BASE_DEC, NULL, 0x00, \
2424 { & name .hf.hs_ext_quictp_parameter_cibir_encoding_offset, \
2425 { "offset", prefix ".quic.parameter.cibir_encoding.offset", \
2426 FT_UINT64, BASE_DEC, NULL, 0x00, \
2429 { & name .hf.hs_ext_quictp_parameter_loss_bits, \
2430 { "loss_bits", prefix ".quic.parameter.loss_bits", \
2431 FT_UINT64, BASE_DEC, NULL, 0x00, \
2434 { & name .hf.hs_ext_quictp_parameter_enable_time_stamp_v2, \
2435 { "Enable TimestampV2", prefix ".quic.parameter.enable_time_stamp_v2", \
2436 FT_UINT64, BASE_DEC|BASE_VAL64_STRING, VALS64(quic_enable_time_stamp_v2_vals), 0x00, \
2439 { & name .hf.hs_ext_quictp_parameter_min_ack_delay, \
2440 { "min_ack_delay", prefix ".quic.parameter.min_ack_delay", \
2441 FT_UINT64, BASE_DEC, NULL, 0x00, \
2444 { & name .hf.hs_ext_quictp_parameter_google_user_agent_id, \
2445 { "Google UserAgent", prefix ".quic.parameter.google.user_agent", \
2446 FT_STRING, BASE_NONE, NULL, 0x00, \
2449 { & name .hf.hs_ext_quictp_parameter_google_key_update_not_yet_supported, \
2450 { "Google Key Update not yet supported", prefix ".quic.parameter.google.key_update_not_yet_supported", \
2451 FT_NONE, BASE_NONE, NULL, 0x00, \
2454 { & name .hf.hs_ext_quictp_parameter_google_quic_version, \
2455 { "Google QUIC version", prefix ".quic.parameter.google.quic_version", \
2456 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2459 { & name .hf.hs_ext_quictp_parameter_google_initial_rtt, \
2460 { "Google Initial RTT", prefix ".quic.parameter.google.initial_rtt", \
2461 FT_UINT64, BASE_DEC, NULL, 0x00, \
2464 { & name .hf.hs_ext_quictp_parameter_google_support_handshake_done, \
2465 { "Google Support Handshake Done", prefix ".quic.parameter.google.support_handshake_done", \
2466 FT_NONE, BASE_NONE, NULL, 0x00, \
2469 { & name .hf.hs_ext_quictp_parameter_google_quic_params, \
2470 { "Google QUIC parameters", prefix ".quic.parameter.google.quic_params", \
2471 FT_BYTES, BASE_NONE, NULL, 0x00, \
2474 { & name .hf.hs_ext_quictp_parameter_google_quic_params_unknown_field, \
2475 { "Google Unknown Field", prefix ".quic.parameter.google.quic_params_unknown_field", \
2476 FT_BYTES, BASE_NONE, NULL, 0x00, \
2479 { & name .hf.hs_ext_quictp_parameter_google_connection_options, \
2480 { "Google Connection options", prefix ".quic.parameter.google.connection_options", \
2481 FT_BYTES, BASE_NONE, NULL, 0x00, \
2484 { & name .hf.hs_ext_quictp_parameter_google_supported_versions_length, \
2485 { "Google Supported Versions Length", prefix ".quic.parameter.google.supported_versions_length", \
2486 FT_UINT8, BASE_DEC, NULL, 0x00, \
2489 { & name .hf.hs_ext_quictp_parameter_google_supported_version, \
2490 { "Google Supported Version", prefix ".quic.parameter.google.supported_version", \
2491 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2494 { & name .hf.hs_ext_quictp_parameter_facebook_partial_reliability, \
2495 { "Facebook Partial Reliability", prefix ".quic.parameter.facebook.partial_reliability", \
2496 FT_UINT64, BASE_DEC, NULL, 0x00, \
2499 { & name .hf.hs_ext_quictp_parameter_chosen_version, \
2500 { "Chosen Version", prefix ".quic.parameter.vi.chosen_version", \
2501 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2504 { & name .hf.hs_ext_quictp_parameter_other_version, \
2505 { "Other Version", prefix ".quic.parameter.vi.other_version", \
2506 FT_UINT32, BASE_RANGE_STRING | BASE_HEX, RVALS(quic_version_vals), 0x00, \
2509 { & name .hf.hs_ext_quictp_parameter_enable_multipath, \
2510 { "Enable Multipath", prefix ".quic.parameter.enable_multipath", \
2511 FT_UINT64, BASE_DEC|BASE_VAL64_STRING, VALS64(quic_enable_multipath_vals), 0x00, \
2514 { & name .hf.hs_ext_quictp_parameter_initial_max_paths, \
2515 { "Initial Max Paths", prefix ".quic.parameter.initial_max_paths", \
2516 FT_UINT64, BASE_DEC, NULL, 0x00, \
2519 { & name .hf.hs_ext_connection_id_length, \
2520 { "Connection ID length", prefix ".connection_id_length", \
2521 FT_UINT8, BASE_DEC, NULL, 0x00, \
2524 { & name .hf.hs_ext_connection_id, \
2525 { "Connection ID", prefix ".connection_id", \
2526 FT_BYTES, BASE_NONE, NULL, 0x00, \
2529 { & name .hf.esni_suite, \
2530 { "Cipher Suite", prefix ".esni.suite", \
2531 FT_UINT16, BASE_HEX|BASE_EXT_STRING, &ssl_31_ciphersuite_ext, 0x0, \
2532 "Cipher suite used to encrypt the SNI", HFILL } \
2534 { & name .hf.esni_record_digest_length, \
2535 { "Record Digest Length", prefix ".esni.record_digest_length", \
2536 FT_UINT16, BASE_DEC, NULL, 0x00, \
2539 { & name .hf.esni_record_digest, \
2540 { "Record Digest", prefix ".esni.record_digest", \
2541 FT_BYTES, BASE_NONE, NULL, 0x00, \
2542 "Cryptographic hash of the ESNIKeys from which the ESNI key was obtained", HFILL } \
2544 { & name .hf.esni_encrypted_sni_length, \
2545 { "Encrypted SNI Length", prefix ".esni.encrypted_sni_length", \
2546 FT_UINT16, BASE_DEC, NULL, 0x00, \
2549 { & name .hf.esni_encrypted_sni, \
2550 { "Encrypted SNI", prefix ".esni.encrypted_sni", \
2551 FT_BYTES, BASE_NONE, NULL, 0x00, \
2552 "The encrypted ClientESNIInner structure", HFILL } \
2554 { & name .hf.esni_nonce, \
2555 { "Nonce", prefix ".esni.nonce", \
2556 FT_BYTES, BASE_NONE, NULL, 0x00, \
2557 "Contents of ClientESNIInner.nonce", HFILL } \
2559 { & name .hf.ech_echconfiglist_length, \
2560 { "ECHConfigList length", prefix ".ech.echconfiglist_length", \
2561 FT_UINT16, BASE_DEC, NULL, 0x0, \
2562 "Encrypted ClientHello (ECH) Configurations length", HFILL } \
2564 { & name .hf.ech_echconfiglist, \
2565 { "ECHConfigList", prefix ".ech.echconfiglist", \
2566 FT_NONE, BASE_NONE, NULL, 0x0, \
2567 "Encrypted ClientHello (ECH) Configurations", HFILL } \
2569 { & name .hf.ech_echconfig, \
2570 { "ECHConfig", prefix ".ech.echconfig", \
2571 FT_NONE, BASE_NONE, NULL, 0x0, \
2572 "Encrypted ClientHello (ECH) Configuration", HFILL } \
2574 { & name .hf.ech_echconfig_version, \
2575 { "Version", prefix ".ech.echconfig.version", \
2576 FT_UINT16, BASE_HEX, NULL, 0x0, \
2577 "Encrypted ClientHello: ECHConfig version", HFILL } \
2579 { & name .hf.ech_echconfig_length, \
2580 { "Length", prefix ".ech.echconfig.length", \
2581 FT_UINT16, BASE_DEC, NULL, 0x0, \
2582 "Encrypted ClientHello: ECHConfig length", HFILL } \
2584 { & name .hf.ech_echconfigcontents_maximum_name_length, \
2585 { "Maximum Name Length", prefix ".ech.echconfigcontents.maximum_name_length", \
2586 FT_UINT8, BASE_DEC, NULL, 0x0, \
2587 "The longest name of a backend server, if known", HFILL } \
2589 { & name .hf.ech_echconfigcontents_public_name_length, \
2590 { "Public Name length", prefix ".ech.echconfigcontents.public_name_length", \
2591 FT_UINT8, BASE_DEC, NULL, 0x0, \
2592 "Length of the Public Name field", HFILL } \
2594 { & name .hf.ech_echconfigcontents_public_name, \
2595 { "Public Name", prefix ".ech.echconfigcontents.public_name", \
2596 FT_STRING, BASE_NONE, NULL, 0x0, \
2597 "The DNS name of the client-facing server, i.e., the entity trusted to update the ECH configuration", HFILL } \
2599 { & name .hf.ech_echconfigcontents_extensions_length, \
2600 { "Extensions length", prefix ".ech.echconfigcontents.extensions_length", \
2601 FT_UINT16, BASE_DEC, NULL, 0x0, \
2602 "Length of the Extensions field", HFILL } \
2604 { & name .hf.ech_echconfigcontents_extensions, \
2605 { "Extensions", prefix ".ech.echconfigcontents.extensions", \
2606 FT_BYTES, BASE_NONE, NULL, 0x0, \
2607 "A list of extensions that the client must take into consideration when generating a ClientHello message", HFILL } \
2609 { & name .hf.ech_hpke_keyconfig, \
2610 { "HPKE Key Config", prefix ".ech.hpke.keyconfig", \
2611 FT_NONE, BASE_NONE, NULL, 0x0, \
2612 "HPKE Key Config", HFILL } \
2614 { & name .hf.ech_hpke_keyconfig_config_id, \
2615 { "Config Id", prefix ".ech.hpke.keyconfig.config_id", \
2616 FT_UINT8, BASE_DEC, NULL, 0x0, \
2617 "HPKE Config Id", HFILL } \
2619 { & name .hf.ech_hpke_keyconfig_kem_id, \
2620 { "KEM Id", prefix ".ech.hpke.keyconfig.kem_id", \
2621 FT_UINT16, BASE_DEC, VALS(kem_id_type_vals), 0x0, \
2622 "HPKE KEM Id", HFILL } \
2624 { & name .hf.ech_hpke_keyconfig_public_key_length, \
2625 { "Public Key length", prefix ".ech.hpke.keyconfig.public_key_length", \
2626 FT_UINT16, BASE_DEC, NULL, 0x0, \
2627 "HPKE Public Key length", HFILL } \
2629 { & name .hf.ech_hpke_keyconfig_public_key, \
2630 { "Public Key", prefix ".ech.hpke.keyconfig.public_key", \
2631 FT_BYTES, BASE_NONE, NULL, 0x0, \
2632 "HPKE Public Key", HFILL } \
2634 { & name .hf.ech_hpke_keyconfig_cipher_suites, \
2635 { "Cipher Suites", prefix ".ech.hpke.keyconfig.cipher_suites", \
2636 FT_NONE, BASE_NONE, NULL, 0x0, \
2637 "HPKE Cipher Suites", HFILL } \
2639 { & name .hf.ech_hpke_keyconfig_cipher_suites_length, \
2640 { "Cipher Suites length", prefix ".ech.hpke.keyconfig.cipher_suites_length", \
2641 FT_UINT16, BASE_DEC, NULL, 0x0, \
2642 "HPKE Cipher Suites length", HFILL } \
2644 { & name .hf.ech_hpke_keyconfig_cipher_suite, \
2645 { "Cipher Suite", prefix ".ech.hpke.keyconfig.cipher_suite", \
2646 FT_NONE, BASE_NONE, NULL, 0x0, \
2647 "HPKE Cipher Suite", HFILL } \
2649 { & name .hf.ech_hpke_keyconfig_cipher_suite_kdf_id, \
2650 { "KDF Id", prefix ".ech.hpke.keyconfig.cipher_suite.kdf_id", \
2651 FT_UINT16, BASE_DEC, VALS(kdf_id_type_vals), 0x0, \
2652 "HPKE KDF Id", HFILL } \
2654 { & name .hf.ech_hpke_keyconfig_cipher_suite_aead_id, \
2655 { "AEAD Id", prefix ".ech.hpke.keyconfig.cipher_suite.aead_id", \
2656 FT_UINT16, BASE_DEC, VALS(aead_id_type_vals), 0x0, \
2657 "HPKE AEAD Id", HFILL } \
2659 { & name .hf.ech_clienthello_type, \
2660 { "Client Hello type", prefix ".ech.client_hello_type", \
2661 FT_UINT8, BASE_DEC, VALS(tls_hello_ext_ech_clienthello_types), 0x0, \
2662 "Client Hello type", HFILL } \
2664 { & name .hf.ech_cipher_suite, \
2665 { "Cipher Suite", prefix ".ech.cipher_suite", \
2666 FT_NONE, BASE_NONE, NULL, 0x0, \
2667 "The cipher suite used to encrypt ClientHelloInner", HFILL } \
2669 { & name .hf.ech_config_id, \
2670 { "Config Id", prefix ".ech.config_id", \
2671 FT_UINT8, BASE_DEC, NULL, 0x0, \
2672 "The ECHConfigContents.key_config.config_id for the chosen ECHConfig", HFILL } \
2674 { & name .hf.ech_enc_length, \
2675 { "Enc length", prefix ".ech.enc_length", \
2676 FT_UINT16, BASE_DEC, NULL, 0x0, \
2679 { & name .hf.ech_enc, \
2680 { "Enc", prefix ".ech.enc", \
2681 FT_BYTES, BASE_NONE, NULL, 0x0, \
2682 "The HPKE encapsulated key, used by servers to decrypt the corresponding payload field", HFILL } \
2684 { & name .hf.ech_payload_length, \
2685 { "Payload length", prefix ".ech.payload_length", \
2686 FT_UINT16, BASE_DEC, NULL, 0x0, \
2687 "Payload Length", HFILL } \
2689 { & name .hf.ech_payload, \
2690 { "Payload", prefix ".ech.payload", \
2691 FT_BYTES, BASE_NONE, NULL, 0x0, \
2692 "The serialized and encrypted ClientHelloInner structure", HFILL } \
2694 { & name .hf.ech_confirmation, \
2695 { "Confirmation", prefix ".ech.confirmation", \
2696 FT_BYTES, BASE_NONE, NULL, 0x0, \
2697 "Confirmation of ECH acceptance in a HelloRetryRequest", HFILL } \
2699 { & name .hf.ech_retry_configs, \
2700 { "Retry Configs", prefix ".ech.retry_configs", \
2701 FT_NONE, BASE_NONE, NULL, 0x0, \
2702 "ECHConfig structures for one-time use by the client in a retry connection", HFILL } \
2704 { & name .hf.hs_ext_alps_len, \
2705 { "ALPS Extension Length", prefix ".handshake.extensions_alps_len", \
2706 FT_UINT16, BASE_DEC, NULL, 0x0, \
2707 "Length of the ALPS Extension", HFILL } \
2709 { & name .hf.hs_ext_alps_alpn_list, \
2710 { "Supported ALPN List", prefix ".handshake.extensions_alps_alpn_list", \
2711 FT_NONE, BASE_NONE, NULL, 0x0, \
2712 "List of supported ALPN by ALPS", HFILL } \
2714 { & name .hf.hs_ext_alps_alpn_str_len, \
2715 { "Supported ALPN Length", prefix ".handshake.extensions_alps_alpn_str_len", \
2716 FT_UINT8, BASE_DEC, NULL, 0x0, \
2717 "Length of ALPN string", HFILL } \
2719 { & name .hf.hs_ext_alps_alpn_str, \
2720 { "Supported ALPN", prefix ".handshake.extensions_alps_alpn_str", \
2721 FT_STRING, BASE_NONE, NULL, 0x00, \
2722 "ALPN supported by ALPS", HFILL } \
2724 { & name .hf.hs_ext_alps_settings, \
2725 { "ALPN Opaque Settings", prefix ".handshake.extensions_alps.settings", \
2726 FT_BYTES, BASE_NONE, NULL, 0x00, \
2727 "ALPN Opaque Settings", HFILL } \
2732 #define SSL_COMMON_ETT_LIST(name) \
2733 & name .ett.hs_ext, \
2734 & name .ett.hs_ext_alpn, \
2735 & name .ett.hs_ext_cert_types, \
2736 & name .ett.hs_ext_groups, \
2737 & name .ett.hs_ext_curves_point_formats, \
2738 & name .ett.hs_ext_npn, \
2739 & name .ett.hs_ext_reneg_info, \
2740 & name .ett.hs_ext_key_share, \
2741 & name .ett.hs_ext_key_share_ks, \
2742 & name .ett.hs_ext_pre_shared_key, \
2743 & name .ett.hs_ext_psk_identity, \
2744 & name .ett.hs_ext_server_name, \
2745 & name .ett.hs_ext_oid_filter, \
2746 & name .ett.hs_ext_quictp_parameter, \
2747 & name .ett.hs_sig_hash_alg, \
2748 & name .ett.hs_sig_hash_algs, \
2749 & name .ett.urlhash, \
2750 & name .ett.keyex_params, \
2751 & name .ett.certificates, \
2752 & name .ett.cert_types, \
2753 & name .ett.dnames, \
2754 & name .ett.hs_random, \
2755 & name .ett.cipher_suites, \
2756 & name .ett.comp_methods, \
2757 & name .ett.session_ticket, \
2759 & name .ett.cert_status, \
2760 & name .ett.ocsp_response, \
2761 & name .ett.uncompressed_certificates, \
2762 & name .ett.hs_ext_alps, \
2763 & name .ett.ech_echconfiglist, \
2764 & name .ett.ech_echconfig, \
2765 & name .ett.ech_retry_configs, \
2766 & name .ett.ech_hpke_keyconfig, \
2767 & name .ett.ech_hpke_cipher_suites, \
2768 & name .ett.ech_hpke_cipher_suite, \
2769 & name .ett.hs_ext_token_binding_key_parameters, \
2774 #define SSL_COMMON_EI_LIST(name, prefix) \
2775 { & name .ei.client_version_error, \
2776 { prefix ".handshake.client_version_error", PI_PROTOCOL, PI_WARN, \
2777 "Client Hello legacy version field specifies version 1.3, not version 1.2; some servers may not be able to handle that.", EXPFILL } \
2779 { & name .ei.server_version_error, \
2780 { prefix ".handshake.server_version_error", PI_PROTOCOL, PI_WARN, \
2781 "Server Hello legacy version field specifies version 1.3, not version 1.2; some middleboxes may not be able to handle that.", EXPFILL } \
2783 { & name .ei.legacy_version, \
2784 { prefix ".handshake.legacy_version", PI_DEPRECATED, PI_CHAT, \
2785 "This legacy_version field MUST be ignored. The supported_versions extension is present and MUST be used instead.", EXPFILL } \
2787 { & name .ei.malformed_vector_length, \
2788 { prefix ".malformed.vector_length", PI_PROTOCOL, PI_WARN, \
2789 "Variable vector length is outside the permitted range", EXPFILL } \
2791 { & name .ei.malformed_buffer_too_small, \
2792 { prefix ".malformed.buffer_too_small", PI_MALFORMED, PI_ERROR, \
2793 "Malformed message, not enough data is available", EXPFILL } \
2795 { & name .ei.malformed_trailing_data, \
2796 { prefix ".malformed.trailing_data", PI_PROTOCOL, PI_WARN, \
2797 "Undecoded trailing data is present", EXPFILL } \
2799 { & name .ei.hs_ext_cert_status_undecoded, \
2800 { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, \
2801 "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL } \
2803 { & name .ei.hs_ciphersuite_undecoded, \
2804 { prefix ".handshake.ciphersuite.undecoded", PI_UNDECODED, PI_NOTE, \
2805 "Ciphersuite not implemented, contact Wireshark developers if you want this to be supported", EXPFILL } \
2807 { & name .ei.hs_srv_keyex_illegal, \
2808 { prefix ".handshake.server_keyex_illegal", PI_PROTOCOL, PI_WARN, \
2809 "It is not legal to send the ServerKeyExchange message for this ciphersuite", EXPFILL } \
2811 { & name .ei.resumed, \
2812 { prefix ".resumed", PI_SEQUENCE, PI_NOTE, \
2813 "This session reuses previously negotiated keys (Session resumption)", EXPFILL } \
2815 { & name .ei.record_length_invalid, \
2816 { prefix ".record.length.invalid", PI_PROTOCOL, PI_ERROR, \
2817 "Record fragment length is too small or too large", EXPFILL } \
2819 { & name .ei.decompression_error, \
2820 { prefix ".decompression_error", PI_PROTOCOL, PI_ERROR, \
2821 "Decompression error", EXPFILL } \
2823 { & name .ei.ech_echconfig_invalid_version, \
2824 { prefix ".ech_echconfig_invalid_version", PI_PROTOCOL, PI_ERROR, \
2825 "Invalid/unknown ECHConfig version", EXPFILL } \
2830 ssl_common_register_ssl_alpn_dissector_table(
const char *name,
2831 const char *ui_name,
const int proto);
2834 ssl_common_register_dtls_alpn_dissector_table(
const char *name,
2835 const char *ui_name,
const int proto);
2840 #ifdef SSL_DECRYPT_DEBUG
2842 ssl_debug_printf(
const gchar* fmt,...) G_GNUC_PRINTF(1,2);
2844 ssl_print_data(const gchar* name, const guchar* data,
size_t len);
2846 ssl_print_string(const gchar* name, const
StringInfo* data);
2848 ssl_set_debug(const gchar* name);
2850 ssl_debug_flush(
void);
2854 static inline void G_GNUC_PRINTF(1,2)
2855 ssl_debug_printf(const gchar* fmt _U_,...)
2858 #define ssl_print_data(a, b, c)
2859 #define ssl_print_string(a, b)
2860 #define ssl_set_debug(name)
2861 #define ssl_debug_flush()
2868 proto_tree *tree, guint32 offset, guint32 offset_end);
Definition: packet-tls-utils.h:331
Definition: packet-tls-utils.h:347
StringInfo dtls13_aad
Definition: packet-tls-utils.h:358
StringInfo app_traffic_secret
Definition: packet-tls-utils.h:361
guint64 seq
Definition: packet-tls-utils.h:357
Definition: packet-tls-utils.c:2639
Definition: packet-tls-utils.h:511
Definition: packet-tls-utils.h:339
Definition: packet-tls-utils.h:423
SslFlow * flow
Definition: packet-tls-utils.h:429
guint32 seq
Definition: packet-tls-utils.h:431
gint id
Definition: packet-tls-utils.h:426
guint data_len
Definition: packet-tls-utils.h:425
guchar * plain_data
Definition: packet-tls-utils.h:424
ContentType type
Definition: packet-tls-utils.h:428
Definition: packet-tls-utils.h:459
Definition: packet-tls-utils.h:256
Definition: packet-tls-utils.h:440
guint record_id
Definition: packet-tls-utils.h:441
int is_last
Definition: packet-tls-utils.h:446
guint32 offset
Definition: packet-tls-utils.h:444
guint8 type
Definition: packet-tls-utils.h:445
guint reassembly_id
Definition: packet-tls-utils.h:443
Definition: packet_info.h:44
Definition: value_string.h:293
Definition: packet-tls-utils.h:552
Definition: value_string.h:133
Definition: value_string.h:170
Definition: value_string.h:26
Definition: wmem_list.c:23
Definition: wmem_strbuf.h:42
Definition: wmem_tree-int.h:48
Definition: packet-tls-utils.h:418
Definition: packet-tls-utils.h:450
Definition: packet-tls-utils.h:546
Definition: conversation.h:220
Definition: packet-tls-utils.h:1197
Definition: packet-tls-utils.h:1212
Definition: prefs-int.h:27
Definition: packet-tls-utils.h:845
Definition: packet-tls-utils.h:560
Definition: packet-tls-utils.h:1205
Definition: packet-tls-utils.h:566
Definition: tvbuff-int.h:35