This name is displayed in the SSL prototcol tree (Application Data
Protocol: http-over-tls), rename to avoid possible user confusion.
Modify the SSL dissector such that both "http" and "http-over-tls"
invoke the same dissector function.
Change-Id: I2d52890a8ec8fa88b6390b133a11df607a5ec3dc
Reviewed-on: https://code.wireshark.org/review/17481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
IKEv2:
Fixed bug with AEAD ciphers with 8- and 12-byte length ICVs and
libgcrypt 1.6.x - gcry_cipher_checktag() returned INVALID_LENGTH.
Fixed for merged changeset https://code.wireshark.org/review/17078
Added support for verification of encrypted data with HMAC_MD5_128
[RFC4595] and HMAC_SHA1_160 [RFC4595] integrity algorithms
Added IKEv2 decryption suite for few combinations of encryption and
integrity algorithms: 3DES-CBC/SHA1_160, AES-128-CCM-12, AES-128-CCM-12
(using CTR mode), AES-192-CTR/SHA2-512, AES-256-CBC/SHA2-256,
AES-256-CCM-16, AES-256-GCM-16, AES-256-GCM-8
Change-Id: Ic564b25f1fd41e913c605322b7b8aa030cf90ddf
Reviewed-on: https://code.wireshark.org/review/17213
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add regression tests for bugs 12610 and 12620
Bug: 12610
Bug: 12620
Change-Id: I6325a3ccb3e27fd4d3be52190e8763737b99fe73
Reviewed-on: https://code.wireshark.org/review/17083
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add an ESP decryption test using the capture+keys from bug 12671.
Change-Id: I5f7ce477ec74d59c1043345728a1444842912b96
Ping-Bug: 12671
Reviewed-on: https://code.wireshark.org/review/16733
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
The "http" dissector is what's used for protocols other than TCP, SCTP,
and SSL/TLS.
Change-Id: Ib5138d3a082f1017b7ef190e5128a21eb9a49e92
Reviewed-on: https://code.wireshark.org/review/14947
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Add a test to check decryption of management frames
Bug: 11995
Change-Id: I588d0f17b9e5efc841266b9dae4764e5e931be3f
Reviewed-on: https://code.wireshark.org/review/13259
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.
Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).
For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)
Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.
Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.
It was tested primary with WPA-CCMP, but TKIP is also working.
One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.
Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This was suggested in review 2297. Capture and key are from bug 7951.
Bug: 7951
Change-Id: I820c5e839b20ec464cc1be438633d5311f657fb2
Signed-off-by: Alex Badea <abadea@ixiacom.com>
Reviewed-on: https://code.wireshark.org/review/4143
Reviewed-by: Evan Huus <eapache@gmail.com>
It was intended to change the DTLS decryption test, but changed the SSL test
file instead, which led to the SSL test mysteriously failing. The SSL capture
really is http, so that's the right protocol, and the port is the standard 443,
not 4433 (which was perhaps a typo?).
Change-Id: I84448c2326d2a4301a4bba9607f8ba90a495531d
Reviewed-on: https://code.wireshark.org/review/1401
Reviewed-by: Evan Huus <eapache@gmail.com>
Follow-up to g757db64e484b009c33b67b5fa38e109d7b8f5e78 which changed the filter
being tested but didn't change the target protocol, so the test was still
failing because it was still trying to use HTTP.
Change-Id: I6675cfad3bba63f7a536eb7ae82e4b25132d108e
Reviewed-on: https://code.wireshark.org/review/1375
Reviewed-by: Evan Huus <eapache@gmail.com>
Peter Wu