From ffb8bbd37227f466d228f20ae30b87504d4e1760 Mon Sep 17 00:00:00 2001 From: Simon Graham Date: Tue, 4 Jul 2017 10:38:24 -0400 Subject: [PATCH] Add support for dissecting UDT over DTLS Includes adding per-conversation data to store whether we are over DTLS or UDP and registering as a heuristic sub-dissector for DTLS. Future changes will add more use of the conversation structure. Also included is a capture of UDT over DTLS in test/captures/udt-dtls.pcapng.gz, the associated private key for the session in test/keys/udt-dtls.key and a new test in the decryption suite to check this works. Change-Id: I76826d3b35768d0b58f5335063884616968e5784 Reviewed-on: https://code.wireshark.org/review/22533 Reviewed-by: Peter Wu Petri-Dish: Peter Wu Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann --- epan/dissectors/packet-udt.c | 91 ++++++++++++++++++++++--------- test/captures/udt-dtls.pcapng.gz | Bin 0 -> 16379 bytes test/keys/udt-dtls.key | 28 ++++++++++ test/suite-decryption.sh | 20 +++++++ 4 files changed, 114 insertions(+), 25 deletions(-) create mode 100644 test/captures/udt-dtls.pcapng.gz create mode 100644 test/keys/udt-dtls.key diff --git a/epan/dissectors/packet-udt.c b/epan/dissectors/packet-udt.c index 92b364bc87..a9f2d06e42 100644 --- a/epan/dissectors/packet-udt.c +++ b/epan/dissectors/packet-udt.c @@ -31,6 +31,13 @@ #include #include +/* + * Per-conversation information + */ +typedef struct _udt_conversation { + gboolean is_dtls; +} udt_conversation; + /* * based on http://tools.ietf.org/html/draft-gg-udt-03 */ @@ -111,10 +118,10 @@ static int dissect_udt(tvbuff_t *tvb, packet_info* pinfo, proto_tree *parent_tree, void *data _U_) { - proto_tree *tree; - proto_item *udt_item; - int is_control, type; - guint i; + proto_tree *tree; + proto_item *udt_item; + int is_control, type; + guint i; col_set_str(pinfo->cinfo, COL_PROTOCOL, "UDT"); col_clear(pinfo->cinfo, COL_INFO); @@ -312,34 +319,65 @@ dissect_udt(tvbuff_t *tvb, packet_info* pinfo, proto_tree *parent_tree, } static gboolean -dissect_udt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +dissect_udt_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data, gboolean is_dtls) { conversation_t *conv; - - /* Must have at least 24 captured bytes for heuristic check */ - if (tvb_captured_length(tvb) < 24) - return FALSE; - - /* detect handshake control packet */ - if (tvb_get_ntohl(tvb, 0) != (0x80000000 | UDT_PACKET_TYPE_HANDSHAKE)) - return FALSE; - - /* must be version 4 */ - if ((tvb_get_ntohl(tvb, 16) != 4)) - return FALSE; - - /* must be datagram or stream */ - if ((tvb_get_ntohl(tvb, 20) != UDT_HANDSHAKE_TYPE_DGRAM) - && (tvb_get_ntohl(tvb, 20) != UDT_HANDSHAKE_TYPE_STREAM)) - return FALSE; + udt_conversation *udt_conv; conv = find_or_create_conversation(pinfo); - conversation_set_dissector(conv, udt_handle); - dissect_udt(tvb, pinfo, tree, data); + udt_conv = (udt_conversation *)conversation_get_proto_data(conv, proto_udt); + if (udt_conv) { + // Already identified conversation as UDT - BUT we might have been called from + // the other dissector. + if (is_dtls != udt_conv->is_dtls) + return FALSE; + dissect_udt(tvb, pinfo, tree, data); + } else { + // Check if this is UDT... + + /* Must have at least 24 captured bytes for heuristic check */ + if (tvb_captured_length(tvb) < 24) + return FALSE; + + /* detect handshake control packet */ + if (tvb_get_ntohl(tvb, 0) != (0x80000000 | UDT_PACKET_TYPE_HANDSHAKE)) + return FALSE; + + /* must be version 4 */ + if ((tvb_get_ntohl(tvb, 16) != 4)) + return FALSE; + + /* must be datagram or stream */ + if ((tvb_get_ntohl(tvb, 20) != UDT_HANDSHAKE_TYPE_DGRAM) + && (tvb_get_ntohl(tvb, 20) != UDT_HANDSHAKE_TYPE_STREAM)) + return FALSE; + + /* This looks like UDT! */ + udt_conv = wmem_new0(wmem_file_scope(), udt_conversation); + udt_conv->is_dtls = is_dtls; + conversation_add_proto_data(conv, proto_udt, udt_conv); + // DTLS should remain the dissector of record for encrypted conversations + if (!is_dtls) + conversation_set_dissector(conv, udt_handle); + + dissect_udt(tvb, pinfo, tree, data); + } return TRUE; } +static gboolean +dissect_udt_heur_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +{ + return dissect_udt_heur(tvb, pinfo, tree, data, FALSE /* Not DTLS */); +} + +static gboolean +dissect_udt_heur_dtls(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +{ + return dissect_udt_heur(tvb, pinfo, tree, data, TRUE /* Is DTLS */); +} + void proto_register_udt(void) { expert_module_t *expert_udt; @@ -493,13 +531,16 @@ void proto_register_udt(void) expert_udt = expert_register_protocol(proto_udt); expert_register_field_array(expert_udt, ei, array_length(ei)); + + register_dissector("udt", dissect_udt, proto_udt); } void proto_reg_handoff_udt(void) { udt_handle = create_dissector_handle(dissect_udt, proto_udt); - heur_dissector_add("udp", dissect_udt_heur, "UDT over UDP", "udt_udp", proto_udt, HEURISTIC_ENABLE); + heur_dissector_add("udp", dissect_udt_heur_udp, "UDT over UDP", "udt_udp", proto_udt, HEURISTIC_ENABLE); + heur_dissector_add("dtls", dissect_udt_heur_dtls, "UDT over DTLS", "udt_dtls", proto_udt, HEURISTIC_ENABLE); dissector_add_for_decode_as_with_preference("udp.port", udt_handle); } diff --git a/test/captures/udt-dtls.pcapng.gz b/test/captures/udt-dtls.pcapng.gz new file mode 100644 index 0000000000000000000000000000000000000000..67750f37298a5a3b680f9cbd045cfbd399098283 GIT binary patch literal 16379 zcmVxVV`gTGnVFd# zGc(72N$&nncFv8W_e)Q&q*7P6XS&u}Ra4)z#sv)r2kj340Hk?ouz|iGU;il}02%;0 zE1kZXBcZC9wV{oR10e^YqLIC`nSl|ZoSuONArmd3zLS}yAt47lBNG4=KnDBmQVI!p3jlXaE4h#evSz$iWc+0{{g900Do$ z2L3%KOaR7Dz5lIyu4eadx*2}z?)Y7I`@eJp{r{-j{a?D7I(CuNzqfzX|D*Va`k%Vr zi6j5e4FLSm{6jkl<;gREQ`_#}d6R$uzTf+Q3dYMTD({CKoYs^}&C<7Trj}N!;$})n z)BmT>AAOJftMB&CU8Iul?UFxbmTu1YGqaN4G7CWn`PDZt!123t(|_i$>Hmw&{w(hQ zHph{Fyu1Vb~oP=`Vq#WP2UHVw`I?hw?#`r^S^}<;=Xa>wY0aO z6H>T{L{a)~3IO)q5)j~DiGeu506@&XC-=R4KY|zoKnxgtL39{>fyFXGfPsL4p#XJ< zh??DBYik(cz@exE#RKo)fPi4Y0F0tcFpN;(Aj+WND8R~!Oz4cLKTaTF;iUB(9P|uK zog9oD9UYk97-4=~hlT}JG_o{iLS%&haS8(ae*$I1$ADwvVB}!@z6>z3va+aSz_Bnf zvM{mzbNc^TKfXZ3|F!@G1_1E|LI8Zf4h`%J1O(W4Vg1l5FP)2{UZYX55wKaD7>Vmk z&+S)WV*$NyL#Q=TMQzQxAG2n=99&$6uSg+w7+7iE?%L`T7FQkXc}2nDsLS9Ehm+OT zf4soYf-RNRrqdG%u$iw{U>af48hali8&E_8XTnxKTm2eBqN9JfgU{0}+ z3{z*=Svo8>e7ke7E_BcZ-3TL45@|f1(_}BSE{Rx zzs7Wd(A1J}-iC!UFlSsONd7&Ui|^*aH5wBO34tm|r@j&bl9xOv`Ag|QXwSTSASm_x zgj=0;BTq&?tIPu;R@ZY~b1!U>h(^_pkgOsw$oI*SBgZJii1$4?Ja|xaP*fBh@bxd} zUnr7uPCetChl{jFLn0Une*BpP6q6C%`_C_c{qX`6P%uUiAfVU(nl>OmqV{0|29dJ5 z+IWM*L(%8u{L#4Q_6WAg>(FYygLV7Tsz(14@>rBtlxOmEx`BK;gr_*O;A=vLyD_Zp zMRS=%&;zZfP9Ey)!?Fj(X2Gzuc(jl#<*W*_Q{NYU`DM1ZJ<11o9P3#mmFr#5z4LC* zpSe{hPxbCf(+iI^CO$I2dqc}STGMn67siDn_=&;Z9ma~n4V13>iV5BoEz#wj@)Z!>>%(?5UAAwX1e@v(I zio>eT%gJ@JQKS6=m4IW_lWu^S0O82YIF1~jRQLFvRE7$-G1&%gWLxXkClCYx3;#dI z|0zG#kRNMF2hgvzByemODf9dJkNV&1B2bJu(~q^}pzh!6B9NyN?Z5f}f=B$ZV*UJ- z0|5g8RH!t!+Zg-0G>bvh91cjz9*QBv`e~DRV0Bhe(5#K!hc-H4%C`Mh+qOUUoSeHJ{M|o`(IdPYMyD!sMmbpx0EeoB@p*bPyB!AM|n{jEm zd1TbTH%7&_$q*_gB*>LnbB5F;Yrsz@zOcy~&UduT!#oq9tI@-`q4AjV0pp`s+4_>Sv_X`7y;nDcPhU_tjUzX zE=)ui3scwvwZVT8k}}ssGm`9klu>fBQ83W{F>XJ`ukc@7lUdnC3i#d*_!CoI#8Lmi zR0EuuzlhAHj4YE zUGVy&ze^OK2>{;wnUGqUB~bAneLr*#{7Yx?`Yuwz_jbXb_?v9b{FA?BzwtMqa|7c) z%76g2SLNL9pj}<$F=|s*ZaX(Zv^8hR0~{f;$ygc>0+7vG1wQtgZ<2xOk&bDE@G3&I z*sE|%+LU7((P?tfee&PZ2A`4yB>O8%+;)pzzXP}ri${Hg!HeavtE^6|g&P8LV|L*4NluCJ^ zRKAal8nI{nOiKyXXsw%ym4yG90@+;G4L6AO#jl$%M5t@DRXWNK+2yiwd&an9JPEQe zB&-~;soB1tMQAMQX+i=PL>ErE8v2qQHhV73%7Vt)g%~BwQlk_NjX{_4M;~Ed|2iHl zKgXl=_wlGI`{e@|U@JRce8~u;xf|&bFXie0(?68^I%@{P1CVoi5qr~CJ^X5Ii1;95 z^-6dhSetdgO*~R95!7-HhHT^Z^&64*ImA*?WQYj)Vbo#l$g8dhSmkcFDx{|gcuvx1 zv5oEc^;s|roq(1AV=X($xV{SXIlVvn@M=5!n-A7Me6I_j6aVD{1YmpQluUt?&@qM) zd2QG@R`X@#4f&XOo_E@Y!bvCGn8PcR?$VPFnwb!b_z08Ww=0)i@AOf()E*y7-L(Kp z24Y6nCW;la;je?(DZJ@Lk6TFXL4DWgvGZp*S{Ow9!NKQ_Mr2ktm%~j$YT(Nhp&7Y< z^x@%j^tXA1{ik_lmH(R$7ImTmKHj30Ajlvq{92XUtKprRZL5m9w^d=07W18+ zWxm(ng%hsUG$Rpv5BLU$Gr6mfd{eo-`yU^W;JdLAL|fdK$N>VJ<1*rGYl4<9>* z{~iypUgD)+K0v`L`{!)RN(*%-Og1o0EKF`QwwS}isOV>vP%&b*^|q(_)-0a+ulVJO zKwj;oYXTpHss~|xNq~p&$n1s9e7&fK*wDt9@{hWP<80etdpO~BjaN>0&s5^2g9+SY8-&Z%bJ;xU_blOWWg(F}bHi2TB1WrLYridkS zLHhyp95oVa?T*Svd4v${x|R;2g-y!KB`B!xNZtV??&w_VO92 z)GaU-WO+BbL}yB} zLGik!dXeQ0$d_v`qIyH+r!Q1;7mQ+rA_Ex!9^X>RG;=f0>nMEhiW%*R?Wh7RYtlp( zH8~yUK3ti8gx2@0T($vEF>;aukp|Cd#(Ks-V{0D^&d)<;nWO0y#A~>_Izf`%o!4y> z1XNqZ;*&rFEt`|(ci+zSuoCDau#9J@WzGIEk%s@dS0EwR$Z)iyvk?Q0yA|wBN0KaC zlEg>um|*gP)u`RBJfJHZoDeGwd{LL(Y-7dhPZ8YvVq@jaa1Yv>$|{<}$1M=gT_(6d znYT=wqpI$_uJB6*yt(tlEQ27?C`++g_E?$O;0+^4w4da53Y+fu8&!8DNelG^KW3#s zc49aI=52uNv)7uoAhgZKcrbzFhuXKLrUwMpVSwCNS??X0-%{Y0(a-JKjk{b*Jq|kJ zXqO5Ig5D}4+$DF#^CfvCz7P<2vL&E1a!5O^wOF4SK@5C0S5_SL4o*Yhr+wBr^t!>M z8e2{?zP|&`S7V}w>cFt{b*D$^U237$bYs9;wB-May&lk@Jch*x$X$Q;_a(MytG7lG&z>a zlZKKIN)}1d9t-!O6%dY>Dz&beAgVg|JE$x<kN5YkWqU!`nXU?Ac7 zDyi#>8knX71*D!XGsA)pJilMhP6KC(p=c;?#X9Hv&Iy|>Y~hG|OPCfKj>v_gPhXKM z8#o%x{4~WKW?q;1(T+D-?1I@R27!TG!RYT;_)~hRyo1!4J!UgmbBI21Qb=6!0Ij@q z@&z+OUtx7dpm<&mDHmp5V$;O$C7RAxZ|b~X^@B$X2g_~Sz}mpAQ-wRnTS{~67Q2E` zp9t3x1{~M$d76uG#@k-RBxCF!H0VgqX$Iq|pnnTD=rARvzLy3=yU$ocJ{{A+E~C5C z2=l>N`23dlo|9R=I~klep7~{d`ze$n;0eID+Xlsgdf=bEYgD z)-`T{eEt5NzZ})dLEuZ4#r#Lo8QSP3^M^gmVaV!kKM{#Tyve+0O?<|A>L{SMFXcEQ z%F#-J;9;E7?qC3NDEjl$W(w5;i;guxJzRlY^=0cfXQR!OeC8~c=X2agAw-+Bh5}-x zGrK|ZEjg9N=Tw#)ComY47(dtl9|&0Z7th+ibD-gSyWvk zpQX;ozXe`xiVQ$05G533YbgX_F~^m|7|v-u9_`SxYY1G|qogk@zL74cBh>ydGk$|B z?x-K8YGng4u&}2_z(Y>Ri!Cy`K{(SmgI4|1&wukR(Ce>!8~NdDd-`|2@y7r11rAop z9+Kte>#Hbz(M(v~;oRjJh3?&x5hyvRIu8k@hU#&?eLkq?+{@7U#pX2Uwq_Z2jYiuR zY()$NT~VdFUr)|Y77bnzwcr!5ZJ4dDjxOlOd9)Xc_e_=^y%4awX4>mtrpCq?O^g~u z$oFJCvk0|~jtxa=fcxH!On)<6ciR}+d_Q1dFWO6MY&IGE@SHiDgNYGBc#bFl zYQ@9F2sB=GR@@K|;47*`#ge33c@16l5*TP>=F*u0TX9Fi4{erWbUs)Ra4SmR*p3R% zD-4P(X%Y3Nilh)gA~2`p(}`Rq4w@}x8dUm?oJgkN{Ta<$(r=3G#5<{oM7HC}I1>q2 zGdMg8+=Gu($#>~KT_ZbYo~}xG)1@t)k8If+AkXER z5utNk8nv#d-?GV*4QDR6{id6PD{|a(ybK{ghDPUyQGnDccOZ65NyHS+4OBeN zZ(iPtIW!UvwE`ikP35Y_@fgXTO%qx+rSX-5%}wEzN$4XiPpjyjEuxp}0#VoW_8I=4oAmLw|z9G}LUN)723Y z>mvoq&JpclLz-Aabfaiw7u=A~wO({wLMbX66?5Ze3q3#D>R>v+%`jRJlt6uFU!>Ru^&}VNj=MVK?PgEeqEem^IuUQhc(MmUy9Kdho^OA)XgPRtiAJ^Hz{H8!SMbb*;)6vPZxXu z_PQC;_jcv>EjnBXmi8ym#s>Z%-8Q0F!=Q!*Yc)EA=B3b=(E34AXp-5Kuv!5Z^3zqi zZS;Ueph(n0mN_w@m^p;nrMNfLKp;&4CE=)5Zh3naU7y5NaL*nzeg~3fRiUlmQ(y*f zL(5kR!%CA23&?8zt8X~ZwRvx_1=wy#`qZrtK$ALetMPV;BsPv|gCeevSII|;=vZPG zjy&&I%x*V4qwC76}w^buwzM%2|gs-WLb*>7Hx^}-Mog|Iej8d?)t zBh)U7hKghCX52b!b(j`Yv~vQ>Erp;f$jdjkybiq?w;j3poG}T4lEE<<2E&jtrUbpS zc5Gk8g%_c><3tt4xeja-KIWKcT<_UWP(FWlao6y2@b25AlEg%NT1L0l*`bgg{qw8K9ZJ5orwTsF$FMtm4$b7%4jN%wYyh*b1TpO&! zVcaJ!EPP-NbGz+=SmW89h!Mq>fzctvZ#p$Fu{!pN8?A3-Fm0k70u@;;XQ;NSU{+WLzF5CCs`dgDqW@ekirm_wXDyWd$DO81m9>v$bSw7}OZU>t!HK2EEe8=nqxy!r-;;%4tkla>aS3Y8H2$0NM zpHez$(xjOV{hvpT{-8J&GXayd|=TIp(Ql z9-pAjSSW*(Sp%QS$keaRR~hl|dj{QM{1!EBPB;{=snc|wCgc1@n@zEo=FFmizZ$}T zeL24-5|LCtB$t!`662x-{Xu@b?3~hnRe=rE*Fw?o&R**?ELv}xEi{^^5u)q05D4%7 z#~F!SE@7q_Oo{4iyoJH+%p*a=N7M>NuwcW6?WOAm*;A+qXZ)f|Da^X?=?e zZwmVPeR33_Gl5r;>K$YE7*A-*>>7c2*sok9Z%KtS0wnai z0$M-2KMSaDzw12X?)G5-exPeyZ+6MC1djF8{M)yb}*@pS>w z@};-S!eLw?p(JzAHDE(O%ETdfL-F15?$GiAB01TL5LK%D2l&u81Ue=L_(rauQc0e0 z%&O5ped&Q!Sgsvo!={0l<* zm@*EnVT-g@|HOU@|7_q1P%Q9+xe7OAh_e{-6VydEp8>A+6HenOb8FR6jti2gSZ3L> z`jpYdoshv9co#)2@7R+3_RN5O#-V1^Qm%n}?x}XHLncIwkdpIzU{t;2Aa!Dsu1sjF zOZyLDY9ujqtkX$BP!D0CezV2YU+%ms%k!Qd)PbL--g=XHbNC#CWb7jYM+>h^hv8Hf zVCA|4JkwYdq-F_k;=C>a@iPZDecU?i2p#5)WK|!}v#0R@Y=M?M^x%7r!(hoQcUoUt z2ybFxgyz&_>okID3D@EGJ~qxtu#Ah`jL~j=hQLUYZjj?*B7DS`x72H*_dEek4rjJg zGYmp_qLP>|H{8a!9%fV7(3bg>)wH~W_)I|OQSP>SH%I#xh&TNq!rh~E)sSq7$zlT( zW9O>BYa&W0mN+UHL(}24NSCkTJ!=?iZ29OhSlpRpO$qiAHdl$u>g#B>DCc&N#G)&d za?eQ#R1egH#NkE*Q3VRVJ1FXhDspqbGjnS&;bUEz)X+#PAm=IWAi6-B=6G}={MCmq z^Jmk-?PnL}Q==me5D6-&A&EPiIIUf*Rz3=d3vU(98fBE}F!mi+<2n%VMnl)3?QPd7 zs=SBhPj^d|>b&Ge#n-1e#)-|6^vz9y)|%}6$)9C_V1=Bh$Vo|=OtoO5>iX}<;VCKW ztRngd3J^T!4t%J9{d=OOD|LnJG^=!$`jG7Zrg4pNthv3P`>OdA{s^_5e2)siedu>l!5 ztvZHKO9ts6XSuoSW5I><$2l{n#+m8x>%$c&hHFsNv;*J}*cVd_XzUp2TX#7!N14#JiEl+aU?9IAJ7Q6U`nWWP&er%nND7cxRfv&+g-KTXmj z%g4v)N*mA~MEM~M~A25zL$jC1bbcFknrz(>w5Ub0VsfX zC+K20aCu^n>2Rxz>Ixa{^>M~cI)AEZeCzY$X9!(N7!4#O*~pbkQ!j_lU*_2_Q@xu8 z7lM7$NyjXXAYk+jP0eqK5R^#SVx~Isj*>oxj(nCror|pC`^Xx5OoEJ-&Q!yGL>*81u{u;p5Zp zah2w4P{}Y^zI1Tco3PiPAaOSx_j;Hg6?MxLNeKd9UA+(p)aP6hUZS{LcHmc1OYjt@ zqRphbOzKXJw~dJO}_I zvp1gJs8LqF6|WzoNcLzPB1y}F-HM^&R8Xs;O`S=ZAv>bkJGnGB*hgTyH6#qW{uFQf zMr`e!uwB%4_uzR^1hPv&fGJg59TG<-LxcfL@+1iG-59t;imaD9*|8N~NW{5^O5VCR8PTKwbp zgu?f74UY*kT%x~GVJ6`-P3-u)SONPYL#%9s3HAdMsUz)(7e0{rVxnVM>UZzabd4H8ft z>aerUq00oPE zl+F2C6zc{f3y?r1yM)T zMN774=y$7$n&@m|%LZ$G5M3HJ#98jeF?1NQIka|qC>BCxx`qQcAD|LMN#ifxVd;m- z!B8(Tol^HMORHAc@h_qmZy}b0%J-x=BZH$!dou4|5h`q1yGN+-v8(M_Pp6CEd>CM| z7zjc0fNRQF7Es$bXI~AX1a>P@S6}0kCl?PseKVV~_rbBpg=BGMKF?9&%VQs%_Nn=( z;%bXtIX^QsjRXVnzM2WkCq4@I<%w|)g$5V%nIYb-Q`nChopW&#UliF{mb{;b3|cJ`$S^fy#6^cA5G zuS{BT?5K`DKQ3^il@G76H&NXXxyt9ZNaxGStY)Kf#tmM8pCiD!$w)ofS8PsytB?8U z2oW${E(Gcf>L;8^mfaVWLc7y|84kcQl$=!2(tNZP&EfMw<*@Cgs;VPVWQj{1hvH2t zA=_xD!zl%?1C07forE7}r3jHR-V@BRl{nCBkZM+B_))>*zL7@yMpeOXZp7v&%W<$c zS(g3b`0hh8<`Ig7^V>9%rcKF$K}{!?$dCrSk2$-A!eVS@{aNvD$rS_n2! zGkwkFZAw0+8v{`i@QgayfQ=mI+qL&N5V6 z`P11}$fCEgH zIDF;Ce_Wb{KR6`@Y|7nQ7{h*oMQmi#girCh-ENn6tM@G| zl=78ED!dL8>J7$AH~})QpqQ zUCC(_@%RowNt-6X?VR3Z;@^`zzZPBB_Z%hE>=fYZFnW~mxF+l@dd(d{cc&fa`CmCf zEd_nJ^-ysWxdD?w$2*%t1*R911!OSJ48RZ(a(lJ+=^WU3= z=Ke^Vea6;<-ZrKj;J`;Zkk}FZq+dp84*1$+N)MCA3;Y>L{;J@PWw3NJY({*X+8P_X zF8Q1Bmq3`|5a>KvC9Vxjizn>h#*?x>*kr-^y-r~`TVpvJrW_Jr@o8Fj-7G_4U*)3! z#$!68F}7sE4-XDt-pMszYH6@2z~VcxaKts(B6=0i#93cC@2n@QS;JG?e4pXb*3cN5 zz)y+tDzZqBQ)JX@T{88&pnwy0Bu+SPWoLY@(e_t1ny6&L9vVdeIe~B$q)n*aq`VEo z=GCuXxHkh=Kd|gP;40{x7fk^nv*cF=OorcS2wW*7eq|}*Eh0rq6-o0ny=vTL_9E1t zY;r&}(@6j}+QS|P9B)E#8wNZ#m#1ZM?v;E!@$sF_8|~YHghyu=6xuqjQL_*LEUTrC zG_K~*Ftw5}nBbO-%G$hSu3z85M9-BWel=alFnHXul`c-3b1>S0dxQzk|8mo#5KXtZ zU5L^{eTe|xUP8z)*R(3^P|O>&t}YE?YH=a#^EhgImWOG}$spQlV*C^~Yu7TO9!AUl zF(rUVA@Mu2^?-XDhgYG)l8h6%*%6*D(?u*e*Q!VP4trN@h3aB5~A)8kuV3 zvosn{-~<%;o_Ek%M0|_lgbkMLE<8DOM7@GgeF6II#js5B>F}*{Lh&MSBQ9CN0t;VD zNnnCfuX}bGHG#}glmRz~MC*ioA#D$WhUJxPgEl9krC6cPouoO*qzn$d16c-lrJ74D zvRQ2($4*Hh^0dZ_(6qB@Cym|UKBV5)@`G$lPy^~~JT#5?lu2fFzPdwby8h4Z(%h(( zr59cXa_iGkO#5?7x3la$j#X}yI;EVHp*K%nEHwo?UsW160L7G}FZ+_>Sea0^izyZ7;*W$r5EAfwa@6#j( z?0ES#ar&(WO4jW+%S(%FqUN0tl?d2PO^y6|9UQTrC(UI`d9t*XvdGaqO)tU~A-A-e zTPK zf|H7I`>OHi>re|blTYYR%D2v?{t@o{V|{`-f$H{^NK3U)>|FM>=D}10NPsciaW`5U zP4$e$=jP;8>)yO?Anh!=d7=1vt4vlr2Tzz|Immoz;!w!kEfo9AzJ?BWS}ppyohm&pJ`)3O4dUi@p*CLgvB-SdWz_ik++D zEu~$Xg3^9YLtA?vi_z>SvZYHn&NgaXgZUBq5H2kdwII_F2Afds zbqi_RJ!`mBjR{YU~1gKAeO7%mJ?uZ$nV!f;}}B0_SO1nw(& z0=_eqDGt}v6jKX*q*svvx*OF8WQWLC;o+c>s?Yb3cjtw*@G_MdU75i4>v1?rqXQ=3 z0e$%6G@xkyr#Q3J&W|=Zy?tvj$M6j%qWJ_{hzPuq@>w~c{ce8MZ<5_CJ zcvNl1Y_xp!yTo}Al=%sc&kF4yc!nA*&I{%NDz|p2v+1FEul6Ecep3G8Yoda>nWwS% zfW?bralnSe(29K+K9PI*Y;yfDiA!XYfMvO%KJsTyU-q4DGjQ3Cev13P-D-G;$ErkQ z>tWeuokW4@#gN;Myj*n+Jbn{{N5OI5;aZ$KJ0VTV_;u8e=Pk0y#+YFH3g74Jy@%pw zFxN&%9Tu)G9=q}KyN6Ds^kI-E&68Y9D3pD%`D}49;#i&i%}4X2*|N82xt4q!`BIwQ zZo1sd&(;s*F13>L1hyu=1uOJ^ocK+?HHRv0xOMO3u~3L#Uo#x#FNDxX=icK9&V-um zOs;~^t3!SbLYr}vf!X*Z51I*&2YL(9>z3!pzpr6za9Eg{JA#w?PF91R2d-@s1zIPa ze=xS^rSP>3x`&frV>%X$ueYfATk`TZ8S7HPHq|&UOz>=UX!rBvgLGiC+|_at5zW(h z`{;_Yarc&YTm5e)gqCucbz|$emDxpB&Jid|_Iz{bO^H-JU+}Vgk*!Uw%<)yy6o+Sr zp&@p>ncvD^Zc=zy>9=<3#Z&v9ttmy>et!ar!w<*-c|XcWe$))da;yQiRWUpVrIRnm zAO!o)9MM1}%Piuk8m4>^DdvzQw0rOX*ZF2I1~O$!mIQZs+$QPkGQ`?*bvqNq2m*DY z4(wB3b3vlVA*mu$k-q~GIh3#IV?iSs|FEKoU=XXFHxabL8Q9}m>xWo4x|U&qjxGK- ziH1D24LWa6l2>n*;?v6=6z}w|pu>sxD1#d`T=*FiF`tdKse!S%8?tGSS3P#K%ta$3 zES@BE8$n!4W0r6Yq$10I_H$hVRBzw#~iC*OE~ z=i9~FFAg98yj4M|BZO5{XFAvNN3nH-!_$#1sC?x455tgZZ6r>sr5j zA%a!L@+vTdO@WE(&Jug-%ZyNaY3FW_8K!+B8R6x)Iu~K^AXPbiV7g=WrD#*{wNq2R zKXS(!y>&%eqa~XgCxh3)w8?-A;dBg#% zeC}ixkrHppAg1YwAT-_r7NdoW<!#s|nM&5IZZ= z#~O+&GBSZ0xQiIkt7>>FS@EBP?@MiY&u;SRGo_QJj8icfl3lfy&R?nqOX^DS>0zs;LbA( z%8prlw-U0zYa+Ydsn9%ixa6cfnFJCs3Hm1oF7w$)MjauC7G^!Ux@MB`UljQ+O+%p%j8$Rj53DF{_m2yJ@gCspg?lO1^i5f9l`e?^~id*lOry64I6%Ra;q4`c(pyp>)-CKP%xi zp8OOlH>5u|&Mc9t>yjbDJ2{@&XPwZU*>4}C}n zOXkMtumUf}))^J5K0*A~1KI7MXXRaJ=t>U*DSK&7OBqARljZ0hn_xQT69r%-ni;2Z ze%RnLLkZv4+OM%G%DVxOS&jp0S7lJ$Qe`u37G-K!o41g-2)tG8^>4YXU(t- zsI`J@aN}3`HBGrRk_K~QBSV-5V|nAdUDMGo%t;Nd(IYnJgOja01h>@q_|CrcB~WDC zJ=0DkpOwl++P|QI)cVyjBQO%82(RJNm=~*EV<`>yiGINi9RA!?nFJA9wW4=u=SU?y(i|GsBH~T{?*6{oLku-0cT62304@6{vgx^ zfotzh?h`J{le=7{ldhwpl6#gIZx)t+eLSi>BHsm+R8hQ+tu1CAM&Y#h z<{)GNWzC}T7hS)>_tS|%{qQu=X!u`Cp0Z$%c?v#x_rj|WVD7D8l9X9U;aQA^JYY`N zx}Yxb^sJ`dKM=nv!f|%z*c^Pl_x68rk%(P2dE>dVbyQ=bf9pX9Ol{jvUAj$-R$NuQ zglpV5rqha41;GrtepH6i&OfNWdbe2>m2DBp8g*Ho%)ShfY9EL)ku>Hm8H2zR%sa@dvPgz{Xk+cBa=%A?LaFZp~`Nnv-fp_%ei}F zddAX}I9#vvANkgu@K?UY|KuC@?|h?a`NaVwfOqN0nry0XYcILP{LvRO;F{-JozEyN z!)vN4`9gf0UnFNtd9u>3_ynk)J{6KMWilV{&UQVel(eE3JHExRB#uQQ)gIqHURg~jC^)CSkxc&tnI5P4u&t$Gdde^&0Scm>5VrZS zn0)m|zHul1m2U|@`3Chn-(H)4`9cP(%s7@-b}^|xJsXTd0uuv9DW!kt{sMuH+4E#M zmk|<2G{7e+Iti7|w|mPcPk?L0=Tm#*QpiV399h-7njV%Pd{3?{>bb1B-`9~}Rk^X8 zt1`&Ve-Xu;Y_Z5YB)xl}e{wqp4XFb$$1>!NNtC1BZAt(p{fv$d(*!K8+QH-4Yg^3y zP0UVa3vLXQI=~GS54gNp2x|R|6dxP0^fJRrtg6A;<5;lt|dke55e1r9CKTEsVlu3 zu3nu5kNg>kEhhCL{YzQvxbTNtDmRz-2`yjmHxc{lHfr)bSiD^p$^(GT`1}2{B7anB zEf+%Uq420S-Y>6tpx&sk3W!`wcc)<3t1>e$$;@VCM^P&!YOe@+^?c{#N>}Rnb>gt4 z#{QK)J-47yv{8p6z@AV@Y?jA+sUEkk;S#d4Cr+d9iHDWt0v({1Er4iLkXfP{&hfR~ z@SP_dOy%y(S|Ds_9m6MXRTxqa>w78LJJ0XaOa)1hl7g94fF$`XlO#yC)x%uRE3q1y z63I>+6Zsbs@9fGSe0@NIRGz5^=aOgqis)#~yJFdL8d)^TF3A8o!4a6Ta{E%E4--!8**Jz$`)1x$@zc|LZQE|)`v-U5 zX+G^Hszl*><+OOJBuGj#z5F4i@DyC+VFtZy+;mP^y&D`*WM8vf z86CbDFZ5;UiZCxxdpZYOve!*;FKIA!u>>6+kVa{Zq7FME)DkcRoPZ7Ba5>Pp?s;m0 zv)s%$4&Z}|e7JIYwd4jJG|^93#c5|B$u}J^5lAU%qF>4PuL)oq{my}Zejtt1nQ5aXQM+fn?1+_*C_!;E2-OQ{YgXT zW~~8E)@a)w8b6>`zRR_<4#~lkj>=M2P;SGUUd4u~L(DNc<#t=^l zA!RD~nKC zD&5MC8~GXk)3mrS$hJ#yX)uPxxdd1@^J5| zIMFu&p76aB$4EP!bKQ!BFZ*zegruNJuRn46zA6URb^kzw0G-F#<^x@PZb{SV z5+SPlw*}?{#7V!-lTt+U=@~=*1bsQL@LFdfeqf!VT^#zzGt~LFJ!3{2_=!@{o>9sdP zGOdjySzQ@_#R&pnBCCdVrg0L;qw)oYpI|>FHhFd7n$^&*4iYqkML<(NM;Jx0BfZ_r zCy*bZEDGA`l1S<(G>W}z4e&}70+Guz6@f-jbpIpY$`k*}x5S@(=#EK%mEyzo?EzF({ zeVF|I^hvUI>1h{s)yC6H9!`t?COz+@LTF52>#mnbqou0&vjkClCey%~(y4vJH`tSE zEpdJo>#H}BTk8kXI1K4{TAC%4!CMO!|KVHGzkER@A0fGXZ~v(OYagGPIKdzG@hL<7 zYu^JXKw!yBUfaRoWI@GX|*p!#ih2XTwQ0w;mj zNEW^uD>1rk=?wI51ZZ`nVwf<2|Jnci?|DI${cB$Qul&s{(thUe@LT@MqlLe8q5%X* zSG#l<6<4$r$bF{oJS{I()NflH`)Q9(9#h&#N7FP4?#&VdDH^R_cqdglx+MvML8>Wv zfrQSR>tYD#@8bpjGcW#~U+U>!^JDl^ey9KXKW1=%oQhojL3aD9s^;B=Uj^qEb?%Q$ zJO1t-dCN}*K};OM=F|dpaF)agP`msZM8>=}N3Bv=32+1ypPQ(`r%pRR6Nq$W11A8k zh6DyF*2@r7*8Z4ZC)Dv@^0O}bp>x;x_xvtwf9XUA2xzYe92&ysUtQIb-SO*2=)TNo z;g8(WIeci3cvope4~+N9E_V6cOj)_zs%v|`a_L~)0G3ujcTF~k0k`!vRr05v{|A`} J%zjWw005sY*=PU& literal 0 HcmV?d00001 diff --git a/test/keys/udt-dtls.key b/test/keys/udt-dtls.key new file mode 100644 index 0000000000..b4db542e94 --- /dev/null +++ b/test/keys/udt-dtls.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDg/jR4vVFNpBta +s1uv4IXhqpePHIIuOoOnb2sK6G8gXdCxKm406JLecNuIqq0eUydH6oawar96vYGM +lLKTfvMnN3RgL3wNG6G+x+zYPjMaS6G+X8SPAG/XtlIxzDFdzliJT4WpKw1nNa7V +sryYTYLZ4aX0hbbETuvXhdZTqCUYX8t2TYyTjeTBybWLyXcWZReGShHPlThn55b0 +rtUXkUQoTl3iv330jvJX8MN8haRLwr4+s2jYIGhsINdvMziGo89Eh1FYJXeC4en0 +FTEzIx9XA8FiVA8Rf1EEJv6syIvE11GGBCrX0Hu1brg7n6Y0TvkQGcL8tbrFDKlE +W7HlQk9TAgMBAAECggEBALfNk8orRxc5gItJSRbWQilH9saYEJV5ggIv2G+x0M7N +NWb2dc/NS+ZipkXwwLqsTcPHiT7oBgNce1AATh6GsFeSSwUk5Z/DuhAkPY2uyoqp +zLm8fNQiFDxSGrXJzW6H2vZZu6Smoi11wp2bhcyaTdJ3L98huVyH6M1J7fyruZo9 +Z8GssyCSujfze7cIc7Py1wEEC0+LzGijkc70HDgsxwj6TXKx/ifXi+5tCCesA3z1 +6AIe0zMTcwpXRbdEZGO9fvBxGoK9hwiVJ6/sPmxFXWpBfu6TMLJjLcwwvnoNuWdH +83+PfD+sdE7zo6CUEGDHPvJ/Fyq5lIGjEP0ErruGKPkCgYEA9PyUvC3nHkGN+5t9 +JNDaNZWEaiBW7w5yQN5MnQCwK3I8ajE+EDoPl0YDhJW4HFS/iwu8WZeb4pN0WLkT +C2K7Tfb+9G7ebLoQ997l0zEcnHqiKA1CqGpu/g0mcVlGFExthvgv9rmt+1QLTXHJ +F/YirWCTyyIgw11iY2ap8u7kSK0CgYEA6xuHHFTtH2pjRXxuOBhwsvA+8oNd/4A8 +phNfJgS7t9LYDMqzyer0ixdkae1vH4peZ1USn6326Vx53hYulH0A69iNM7zrNWM7 +JI+y0ftyb/Ji7CwpQAd3JVjUjvoQljrpPqrArm8fGhTucqS8E1fY1u98b3N85RrY +u3uAcwGb9/8CgYAys08ovqs1FMYIiz5T7zEpo77ao8S6BphYmmjqmSjcZPDh3T0F +6K4vVVsHBmEq49McOJqLRBgLxQ5wCiVJ1u4CjZpoBcXcZIl8ctHHakOMksiaV1wz +NIux4hDRpnMdYk/MffKXMggymksYhPLkFZlJnlIX2QFEzT++aJHFZ/EwpQKBgCs8 +QLiBFao1UlQw8cP3GqKNc8X9Sof1+TFBVroTHMJNT9XqYO28+4OopZqlQ041j+7I +wkgDIekATJj+00oTQtwcUrs0/rwup22tz2C2MPFNTcvIwz03Ij4H++7fJbW617Hi +jNSHMt0FBGSozr1v5jyAhg2o20r2iOzRZWnA3gHZAoGAXkvhtQxD5sdypzUhs6uS +d3PgKTbQK8PLU5KGl7DZ2oaemQ2QUQw0J9tlEQRItTxB+MDf21FddD8n6c1a3zJa +gay7xiarE8JN0pHoQ1qCqZBwWXQRSPiNu8Bxu2oPpUi2iQdBVQG1bACQOToVUDpv +wCW2aisjPbg71ZkZEvhk2cg= +-----END PRIVATE KEY----- diff --git a/test/suite-decryption.sh b/test/suite-decryption.sh index a5774708a8..8f81812252 100755 --- a/test/suite-decryption.sh +++ b/test/suite-decryption.sh @@ -176,6 +176,25 @@ decryption_step_dtls_psk_aes128ccm8() { test_step_ok } +# UDT over DTLS 1.2 with RSA key +decryption_step_udt_dtls() { + TEST_KEYS_FILE="$TESTS_DIR/keys/udt-dtls.key" + if [ "$WS_SYSTEM" == "Windows" ] ; then + TEST_KEYS_FILE="`cygpath -w $TEST_KEYS_FILE`" + fi + $TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \ + -o dtls.keys_list:"0.0.0.0,0,data,$TEST_KEYS_FILE" \ + -Y "dtls && udt.type==ack" \ + -r "$CAPTURE_DIR/udt-dtls.pcapng.gz" \ + | grep UDT > /dev/null + RETURNVALUE=$? + if [ ! $RETURNVALUE -eq $EXIT_OK ]; then + test_step_failed "Failed to decrypt UDT/DTLS using the server's RSA private key" + return + fi + test_step_ok +} + # IPsec ESP # https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12671 decryption_step_ipsec_esp() { @@ -633,6 +652,7 @@ tshark_decryption_suite() { test_step_add "IEEE 802.11 WPA TDLS Decryption" decryption_step_80211_wpa_tdls test_step_add "DTLS Decryption" decryption_step_dtls test_step_add "DTLS 1.2 Decryption (PSK AES-128-CCM-8)" decryption_step_dtls_psk_aes128ccm8 + test_step_add "UDT over DTLS 1.2 Decryption" decryption_step_udt_dtls test_step_add "IPsec ESP Decryption" decryption_step_ipsec_esp test_step_add "SSL Decryption (private key)" decryption_step_ssl test_step_add "SSL Decryption (RSA private key with p smaller than q)" decryption_step_ssl_rsa_pq