ssl/dtls: add keyfile support to dtls

This moves the keyfile and psk options from the ssl code into ssl-utils and then uses them also for dtls. This is the last missing part for bug 9499 from my side. Change-Id: Ie2fe5bc565eabe1e6ce62498c985b8a36e913b0f Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Reviewed-on: https://code.wireshark.org/review/1369 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Michael Mann <mmann78@netscape.net>
2013-12-07 00:55:08 +01:00 · 2013-12-07 00:55:08 +01:00 · 338269fe41
parent 162a8c72f0
commit 338269fe41
4 changed files with 48 additions and 31 deletions
--- a/epan/dissectors/packet-dtls.c
+++ b/epan/dissectors/packet-dtls.c
@ -215,7 +215,7 @@ static gint                dtls_decrypted_data_avail = 0;

 static uat_t *dtlsdecrypt_uat      = NULL;
 static const gchar *dtls_keys_list = NULL;
-static const gchar *dtls_psk       = NULL;
+static ssl_common_options_t dtls_options = { NULL, NULL};
 #ifdef HAVE_LIBGNUTLS
 static const gchar *dtls_debug_file_name = NULL;
 #endif
@ -1546,7 +1546,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo,
            if (!ssl)
                break;

-            if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, dtls_psk, NULL) < 0) {
+            if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, dtls_options.psk, dtls_options.keylog_filename) < 0) {
                ssl_debug_printf("dissect_dtls_handshake can't generate pre master secret\n");
                break;
            }
@ -3396,10 +3396,7 @@ proto_register_dtls(void)
                                     "Semicolon-separated list of private RSA keys used for DTLS decryption. "
                                     "Used by versions of Wireshark prior to 1.6",
                                     &dtls_keys_list);
-
-        prefs_register_string_preference(dtls_module, "psk", "Pre-Shared-Key",
-             "Pre-Shared-Key as HEX string, should be 0 to 16 bytes",
-             &dtls_psk);
+    ssl_common_register_options(dtls_module, &dtls_options);
  }
 #endif

--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@ -5290,6 +5290,39 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t
    return offset;
 }

+#ifdef HAVE_LIBGNUTLS
+void
+ssl_common_register_options(module_t *module, ssl_common_options_t *options)
+{
+        prefs_register_string_preference(module, "psk", "Pre-Shared-Key",
+             "Pre-Shared-Key as HEX string, should be 0 to 16 bytes",
+             &(options->psk));
+
+        prefs_register_filename_preference(module, "keylog_file", "(Pre)-Master-Secret log filename",
+             "The filename of a file which contains a list of \n"
+             "(pre-)master secrets in one of the following formats:\n"
+             "\n"
+             "RSA <EPMS> <PMS>\n"
+             "RSA Session-ID:<SSLID> Master-Key:<MS>\n"
+             "CLIENT_RANDOM <CRAND> <MS>\n"
+             "\n"
+             "Where:\n"
+             "<EPMS> = First 8 bytes of the Encrypted PMS\n"
+             "<PMS> = The Pre-Master-Secret (PMS)\n"
+             "<SSLID> = The SSL Session ID\n"
+             "<MS> = The Master-Secret (MS)\n"
+             "<CRAND> = The Client's random number from the ClientHello message\n"
+             "\n"
+             "(All fields are in hex notation)",
+             &(options->keylog_filename));
+}
+#else
+void
+ssl_common_register_options(module_t *module _U_, ssl_common_options_t *options _U_)
+{
+}
+#endif
+
 /*
 * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
 *
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@ -28,6 +28,7 @@

 #include <glib.h>
 #include <epan/packet.h>
+#include <epan/prefs.h>
 #include <epan/wmem/wmem.h>
 #include <epan/tvbuff.h>
 #include <epan/proto.h>
@ -868,6 +869,13 @@ ssl_common_dissect_t name = {   \
        { & name .ei.hs_ext_cert_status_undecoded, { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE,   \
          "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL }}

+typedef struct ssl_common_options {
+    const gchar        *psk;
+    const gchar        *keylog_filename;
+} ssl_common_options_t;
+
+extern void
+ssl_common_register_options(module_t *module, ssl_common_options_t *options);

 #ifdef SSL_DECRYPT_DEBUG
 extern void
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@ -345,8 +345,7 @@ static gint                ssl_decrypted_data_avail = 0;

 static uat_t              *ssldecrypt_uat           = NULL;
 static const gchar        *ssl_keys_list            = NULL;
-static const gchar        *ssl_psk                  = NULL;
-static const gchar        *ssl_keylog_filename      = NULL;
+static ssl_common_options_t ssl_options = { NULL, NULL};

 /* List of dissectors to call for SSL data */
 static heur_dissector_list_t ssl_heur_subdissector_list;
@ -2106,7 +2105,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo,
                if (!ssl)
                    break;

-                if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, ssl_psk, ssl_keylog_filename) < 0) {
+                if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, ssl_options.psk, ssl_options.keylog_filename) < 0) {
                    ssl_debug_printf("dissect_ssl3_handshake can't generate pre master secret\n");
                    break;
                }
@ -2276,7 +2275,7 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree,
            if (!ssl_restore_session(ssl, ssl_session_hash)) {
                /* If we failed to find the previous session, we may still have
                 * the master secret in the key log. */
-                if (ssl_keylog_lookup(ssl, ssl_keylog_filename, NULL)) {
+                if (ssl_keylog_lookup(ssl, ssl_options.keylog_filename, NULL)) {
                    ssl_debug_printf("  cannot find master secret in keylog file either\n");
                } else {
                    ssl_debug_printf("  found master secret in keylog file\n");
@ -5619,27 +5618,7 @@ proto_register_ssl(void)
             "For troubleshooting ignore the mac check result and decrypt also if the Message Authentication Code (MAC) fails.",
             &ssl_ignore_mac_failed);
 #ifdef HAVE_LIBGNUTLS
-        prefs_register_string_preference(ssl_module, "psk", "Pre-Shared-Key",
-             "Pre-Shared-Key as HEX string, should be 0 to 16 bytes",
-             &ssl_psk);
-
-        prefs_register_filename_preference(ssl_module, "keylog_file", "(Pre)-Master-Secret log filename",
-             "The filename of a file which contains a list of \n"
-             "(pre-)master secrets in one of the following formats:\n"
-             "\n"
-             "RSA <EPMS> <PMS>\n"
-             "RSA Session-ID:<SSLID> Master-Key:<MS>\n"
-             "CLIENT_RANDOM <CRAND> <MS>\n"
-             "\n"
-             "Where:\n"
-             "<EPMS> = First 8 bytes of the Encrypted PMS\n"
-             "<PMS> = The Pre-Master-Secret (PMS)\n"
-             "<SSLID> = The SSL Session ID\n"
-             "<MS> = The Master-Secret (MS)\n"
-             "<CRAND> = The Client's random number from the ClientHello message\n"
-             "\n"
-             "(All fields are in hex notation)",
-             &ssl_keylog_filename);
+        ssl_common_register_options(ssl_module, &ssl_options);
 #endif
    }