Incorrect interpretation of algorithm name in packet-tls-utils.c
Summary
when I run the Version 4.2.4 (v4.2.4-0-g1fe5bce8d665) on a capture file having TLSv1.2 protocol, I found it mis-recognize algorithm 0x0804 as "unknown" hash and "SM2" signature,although it correctly identify it as "rsa_pss_rsae_sha256". Infact that is not true. 0x0804 can not be futher dissected into 08 and 04. I checked the source file and found out the error in packet-tls-utils.c: it misassigned 4 to SM2 which I failed to find the referrence, according to the implicit rule (but I am not sure the standard referrence) that the algorithm id is composed by hash-id+signature-id, the "sm2sig_sm3" 0x0708 should suggest 7 as SM3 and 8 as SM2, absolutely not 4.
const value_string tls_hash_algorithm[] = {
{ 0, "None" },
{ 1, "MD5" },
{ 2, "SHA1" },
{ 3, "SHA224" },
{ 4, "SHA256" },
{ 5, "SHA384" },
{ 6, "SHA512" },
{ 7, "SM3" },
{ 0, NULL }
};
const value_string tls_signature_algorithm[] = {
{ 0, "Anonymous" },
{ 1, "RSA" },
{ 2, "DSA" },
{ 3, "ECDSA" },
{ 4, "SM2" },
{ 0, NULL }
};
/* RFC 8446 Section 4.2.3 */
const value_string tls13_signature_algorithm[] = {
{ 0x0201, "rsa_pkcs1_sha1" },
{ 0x0203, "ecdsa_sha1" },
{ 0x0401, "rsa_pkcs1_sha256" },
{ 0x0403, "ecdsa_secp256r1_sha256" },
{ 0x0420, "rsa_pkcs1_sha256_legacy" }, /* draft-davidben-tls13-pkcs1-01 */
{ 0x0501, "rsa_pkcs1_sha384" },
{ 0x0503, "ecdsa_secp384r1_sha384" },
{ 0x0520, "rsa_pkcs1_sha384_legacy" }, /* draft-davidben-tls13-pkcs1-01 */
{ 0x0601, "rsa_pkcs1_sha512" },
{ 0x0603, "ecdsa_secp521r1_sha512" },
{ 0x0620, "rsa_pkcs1_sha512_legacy" }, /* draft-davidben-tls13-pkcs1-01 */
{ 0x0708, "sm2sig_sm3" },
{ 0x0709, "gostr34102012_256a" }, /* RFC9367 */
{ 0x070a, "gostr34102012_256b" }, /* RFC9367 */
{ 0x070b, "gostr34102012_256c" }, /* RFC9367 */
{ 0x070c, "gostr34102012_256d" }, /* RFC9367 */
{ 0x070d, "gostr34102012_512a" }, /* RFC9367 */
{ 0x070e, "gostr34102012_512b" }, /* RFC9367 */
{ 0x070f, "gostr34102012_512c" }, /* RFC9367 */
{ 0x0804, "rsa_pss_rsae_sha256" },`
Sample capture file
Steps to reproduce
Just run the current version wireshark on the capture file ,click and expande on the No. 70 packet
What is the current bug behavior?
It misunderstood 0x0804 as unknown hash and SM2 signature, acutually it should be sha256 hash and rsa-pss signature.
What is the expected correct behavior?
it should be sha256 hash and rsa-pss signature.
Build information
No build problem