forked from osmocom/wireshark
ssl/dtls: add keyfile support to dtls
This moves the keyfile and psk options from the ssl code into ssl-utils and then uses them also for dtls. This is the last missing part for bug 9499 from my side. Change-Id: Ie2fe5bc565eabe1e6ce62498c985b8a36e913b0f Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Reviewed-on: https://code.wireshark.org/review/1369 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
parent
162a8c72f0
commit
338269fe41
|
@ -215,7 +215,7 @@ static gint dtls_decrypted_data_avail = 0;
|
|||
|
||||
static uat_t *dtlsdecrypt_uat = NULL;
|
||||
static const gchar *dtls_keys_list = NULL;
|
||||
static const gchar *dtls_psk = NULL;
|
||||
static ssl_common_options_t dtls_options = { NULL, NULL};
|
||||
#ifdef HAVE_LIBGNUTLS
|
||||
static const gchar *dtls_debug_file_name = NULL;
|
||||
#endif
|
||||
|
@ -1546,7 +1546,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|||
if (!ssl)
|
||||
break;
|
||||
|
||||
if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, dtls_psk, NULL) < 0) {
|
||||
if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, dtls_options.psk, dtls_options.keylog_filename) < 0) {
|
||||
ssl_debug_printf("dissect_dtls_handshake can't generate pre master secret\n");
|
||||
break;
|
||||
}
|
||||
|
@ -3396,10 +3396,7 @@ proto_register_dtls(void)
|
|||
"Semicolon-separated list of private RSA keys used for DTLS decryption. "
|
||||
"Used by versions of Wireshark prior to 1.6",
|
||||
&dtls_keys_list);
|
||||
|
||||
prefs_register_string_preference(dtls_module, "psk", "Pre-Shared-Key",
|
||||
"Pre-Shared-Key as HEX string, should be 0 to 16 bytes",
|
||||
&dtls_psk);
|
||||
ssl_common_register_options(dtls_module, &dtls_options);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
|
@ -5290,6 +5290,39 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t
|
|||
return offset;
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBGNUTLS
|
||||
void
|
||||
ssl_common_register_options(module_t *module, ssl_common_options_t *options)
|
||||
{
|
||||
prefs_register_string_preference(module, "psk", "Pre-Shared-Key",
|
||||
"Pre-Shared-Key as HEX string, should be 0 to 16 bytes",
|
||||
&(options->psk));
|
||||
|
||||
prefs_register_filename_preference(module, "keylog_file", "(Pre)-Master-Secret log filename",
|
||||
"The filename of a file which contains a list of \n"
|
||||
"(pre-)master secrets in one of the following formats:\n"
|
||||
"\n"
|
||||
"RSA <EPMS> <PMS>\n"
|
||||
"RSA Session-ID:<SSLID> Master-Key:<MS>\n"
|
||||
"CLIENT_RANDOM <CRAND> <MS>\n"
|
||||
"\n"
|
||||
"Where:\n"
|
||||
"<EPMS> = First 8 bytes of the Encrypted PMS\n"
|
||||
"<PMS> = The Pre-Master-Secret (PMS)\n"
|
||||
"<SSLID> = The SSL Session ID\n"
|
||||
"<MS> = The Master-Secret (MS)\n"
|
||||
"<CRAND> = The Client's random number from the ClientHello message\n"
|
||||
"\n"
|
||||
"(All fields are in hex notation)",
|
||||
&(options->keylog_filename));
|
||||
}
|
||||
#else
|
||||
void
|
||||
ssl_common_register_options(module_t *module _U_, ssl_common_options_t *options _U_)
|
||||
{
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
||||
*
|
||||
|
|
|
@ -28,6 +28,7 @@
|
|||
|
||||
#include <glib.h>
|
||||
#include <epan/packet.h>
|
||||
#include <epan/prefs.h>
|
||||
#include <epan/wmem/wmem.h>
|
||||
#include <epan/tvbuff.h>
|
||||
#include <epan/proto.h>
|
||||
|
@ -868,6 +869,13 @@ ssl_common_dissect_t name = { \
|
|||
{ & name .ei.hs_ext_cert_status_undecoded, { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, \
|
||||
"Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL }}
|
||||
|
||||
typedef struct ssl_common_options {
|
||||
const gchar *psk;
|
||||
const gchar *keylog_filename;
|
||||
} ssl_common_options_t;
|
||||
|
||||
extern void
|
||||
ssl_common_register_options(module_t *module, ssl_common_options_t *options);
|
||||
|
||||
#ifdef SSL_DECRYPT_DEBUG
|
||||
extern void
|
||||
|
|
|
@ -345,8 +345,7 @@ static gint ssl_decrypted_data_avail = 0;
|
|||
|
||||
static uat_t *ssldecrypt_uat = NULL;
|
||||
static const gchar *ssl_keys_list = NULL;
|
||||
static const gchar *ssl_psk = NULL;
|
||||
static const gchar *ssl_keylog_filename = NULL;
|
||||
static ssl_common_options_t ssl_options = { NULL, NULL};
|
||||
|
||||
/* List of dissectors to call for SSL data */
|
||||
static heur_dissector_list_t ssl_heur_subdissector_list;
|
||||
|
@ -2106,7 +2105,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
|
|||
if (!ssl)
|
||||
break;
|
||||
|
||||
if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, ssl_psk, ssl_keylog_filename) < 0) {
|
||||
if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, ssl_options.psk, ssl_options.keylog_filename) < 0) {
|
||||
ssl_debug_printf("dissect_ssl3_handshake can't generate pre master secret\n");
|
||||
break;
|
||||
}
|
||||
|
@ -2276,7 +2275,7 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
|
|||
if (!ssl_restore_session(ssl, ssl_session_hash)) {
|
||||
/* If we failed to find the previous session, we may still have
|
||||
* the master secret in the key log. */
|
||||
if (ssl_keylog_lookup(ssl, ssl_keylog_filename, NULL)) {
|
||||
if (ssl_keylog_lookup(ssl, ssl_options.keylog_filename, NULL)) {
|
||||
ssl_debug_printf(" cannot find master secret in keylog file either\n");
|
||||
} else {
|
||||
ssl_debug_printf(" found master secret in keylog file\n");
|
||||
|
@ -5619,27 +5618,7 @@ proto_register_ssl(void)
|
|||
"For troubleshooting ignore the mac check result and decrypt also if the Message Authentication Code (MAC) fails.",
|
||||
&ssl_ignore_mac_failed);
|
||||
#ifdef HAVE_LIBGNUTLS
|
||||
prefs_register_string_preference(ssl_module, "psk", "Pre-Shared-Key",
|
||||
"Pre-Shared-Key as HEX string, should be 0 to 16 bytes",
|
||||
&ssl_psk);
|
||||
|
||||
prefs_register_filename_preference(ssl_module, "keylog_file", "(Pre)-Master-Secret log filename",
|
||||
"The filename of a file which contains a list of \n"
|
||||
"(pre-)master secrets in one of the following formats:\n"
|
||||
"\n"
|
||||
"RSA <EPMS> <PMS>\n"
|
||||
"RSA Session-ID:<SSLID> Master-Key:<MS>\n"
|
||||
"CLIENT_RANDOM <CRAND> <MS>\n"
|
||||
"\n"
|
||||
"Where:\n"
|
||||
"<EPMS> = First 8 bytes of the Encrypted PMS\n"
|
||||
"<PMS> = The Pre-Master-Secret (PMS)\n"
|
||||
"<SSLID> = The SSL Session ID\n"
|
||||
"<MS> = The Master-Secret (MS)\n"
|
||||
"<CRAND> = The Client's random number from the ClientHello message\n"
|
||||
"\n"
|
||||
"(All fields are in hex notation)",
|
||||
&ssl_keylog_filename);
|
||||
ssl_common_register_options(ssl_module, &ssl_options);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue