SSL: Add support for private key password when decrypting

SSL traffic from tshark with -o ssl.keys_list. For example, as used in a new test also added in this commit: -o "ssl.keys_list: 127.0.0.1,9131,http,$TEST_KEYS_DIR/key.p12,WebAS" Change-Id: Ia6960fa4ae88182277f6d22d84ec9170ea74d54e Reviewed-on: https://code.wireshark.org/review/8746 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2015-06-03 14:42:51 -05:00 · 2015-06-03 14:42:51 -05:00 · 5f9a52dc95
parent fde38c099f
commit 5f9a52dc95
4 changed files with 19 additions and 3 deletions
--- a/epan/dissectors/packet-ssl.c
+++ b/epan/dissectors/packet-ssl.c
@ -413,10 +413,11 @@ ssl_parse_old_keys(void)
    if (ssldecrypt_uat && ssl_keys_list && ssl_keys_list[0]) {
        old_keys = wmem_strsplit(NULL, ssl_keys_list, ";", 0);
        for (i = 0; old_keys[i] != NULL; i++) {
-            parts = wmem_strsplit(NULL, old_keys[i], ",", 4);
+            parts = wmem_strsplit(NULL, old_keys[i], ",", 5);
            if (parts[0] && parts[1] && parts[2] && parts[3]) {
-                uat_entry = wmem_strdup_printf(NULL, "\"%s\",\"%s\",\"%s\",\"%s\",\"\"",
-                                parts[0], parts[1], parts[2], parts[3]);
+                const gchar *password = parts[4] ? parts[4] : "";
+                uat_entry = wmem_strdup_printf(NULL, "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\"",
+                                parts[0], parts[1], parts[2], parts[3], password);
                if (!uat_load_str(ssldecrypt_uat, uat_entry, &err)) {
                    ssl_debug_printf("ssl_parse_old_keys: Can't load UAT string %s: %s\n",
                                     uat_entry, err);
--- a/test/captures/dmgr.pcapng
+++ b/test/captures/dmgr.pcapng
--- a/test/keys/key.p12
+++ b/test/keys/key.p12
--- a/test/suite-decryption.sh
+++ b/test/suite-decryption.sh
@ -119,6 +119,20 @@ decryption_step_ssl() {
 	test_step_ok
 }

+# SSL, using the server's private key with password
+decryption_step_ssl_with_password() {
+	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS -Tfields -e http.request.uri \
+		-o "ssl.keys_list: 127.0.0.1,9131,http,$TEST_KEYS_DIR/key.p12,WebAS" \
+		-r "$CAPTURE_DIR/dmgr.pcapng" -Y http \
+		| grep unsecureLogon.jsp > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt SSL using the server's private key with password"
+		return
+	fi
+	test_step_ok
+}
+
 # SSL, using the master secret
 decryption_step_ssl_master_secret() {
 	$TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS -Tfields -e http.request.uri \
@ -233,6 +247,7 @@ tshark_decryption_suite() {
 	test_step_add "IEEE 802.11 WPA EAP Decryption" decryption_step_80211_wpa_eap
 	test_step_add "DTLS Decryption" decryption_step_dtls
 	test_step_add "SSL Decryption (private key)" decryption_step_ssl
+	test_step_add "SSL Decryption (private key with password)" decryption_step_ssl_with_password
 	test_step_add "SSL Decryption (master secret)" decryption_step_ssl_master_secret
 	test_step_add "ZigBee Decryption" decryption_step_zigbee
 	test_step_add "ANSI C12.22 Decryption" decryption_step_c1222