diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2013-12-07 00:55:08 +0100 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2014-04-27 18:00:21 +0000 |
commit | 338269fe41d6617a089a81d7e2ed0aa4e71819d7 (patch) | |
tree | 2a0814a0469adc657fa3bad2e98f57b602cc6fc1 | |
parent | 162a8c72f0ead25b443c8adf664d05faf7766517 (diff) | |
download | wireshark-338269fe41d6617a089a81d7e2ed0aa4e71819d7.tar.gz |
ssl/dtls: add keyfile support to dtls
This moves the keyfile and psk options from the ssl code into ssl-utils
and then uses them also for dtls.
This is the last missing part for bug 9499 from my side.
Change-Id: Ie2fe5bc565eabe1e6ce62498c985b8a36e913b0f
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-on: https://code.wireshark.org/review/1369
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
-rw-r--r-- | epan/dissectors/packet-dtls.c | 9 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 33 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 8 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl.c | 29 |
4 files changed, 48 insertions, 31 deletions
diff --git a/epan/dissectors/packet-dtls.c b/epan/dissectors/packet-dtls.c index 20d2219f7c..7bb8a7689a 100644 --- a/epan/dissectors/packet-dtls.c +++ b/epan/dissectors/packet-dtls.c @@ -215,7 +215,7 @@ static gint dtls_decrypted_data_avail = 0; static uat_t *dtlsdecrypt_uat = NULL; static const gchar *dtls_keys_list = NULL; -static const gchar *dtls_psk = NULL; +static ssl_common_options_t dtls_options = { NULL, NULL}; #ifdef HAVE_LIBGNUTLS static const gchar *dtls_debug_file_name = NULL; #endif @@ -1546,7 +1546,7 @@ dissect_dtls_handshake(tvbuff_t *tvb, packet_info *pinfo, if (!ssl) break; - if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, dtls_psk, NULL) < 0) { + if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, dtls_options.psk, dtls_options.keylog_filename) < 0) { ssl_debug_printf("dissect_dtls_handshake can't generate pre master secret\n"); break; } @@ -3396,10 +3396,7 @@ proto_register_dtls(void) "Semicolon-separated list of private RSA keys used for DTLS decryption. " "Used by versions of Wireshark prior to 1.6", &dtls_keys_list); - - prefs_register_string_preference(dtls_module, "psk", "Pre-Shared-Key", - "Pre-Shared-Key as HEX string, should be 0 to 16 bytes", - &dtls_psk); + ssl_common_register_options(dtls_module, &dtls_options); } #endif diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 7917681771..248e827e13 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -5290,6 +5290,39 @@ ssl_dissect_hnd_hello_ext(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t return offset; } +#ifdef HAVE_LIBGNUTLS +void +ssl_common_register_options(module_t *module, ssl_common_options_t *options) +{ + prefs_register_string_preference(module, "psk", "Pre-Shared-Key", + "Pre-Shared-Key as HEX string, should be 0 to 16 bytes", + &(options->psk)); + + prefs_register_filename_preference(module, "keylog_file", "(Pre)-Master-Secret log filename", + "The filename of a file which contains a list of \n" + "(pre-)master secrets in one of the following formats:\n" + "\n" + "RSA <EPMS> <PMS>\n" + "RSA Session-ID:<SSLID> Master-Key:<MS>\n" + "CLIENT_RANDOM <CRAND> <MS>\n" + "\n" + "Where:\n" + "<EPMS> = First 8 bytes of the Encrypted PMS\n" + "<PMS> = The Pre-Master-Secret (PMS)\n" + "<SSLID> = The SSL Session ID\n" + "<MS> = The Master-Secret (MS)\n" + "<CRAND> = The Client's random number from the ClientHello message\n" + "\n" + "(All fields are in hex notation)", + &(options->keylog_filename)); +} +#else +void +ssl_common_register_options(module_t *module _U_, ssl_common_options_t *options _U_) +{ +} +#endif + /* * Editor modelines - http://www.wireshark.org/tools/modelines.html * diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 23628a996d..6a18618be0 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -28,6 +28,7 @@ #include <glib.h> #include <epan/packet.h> +#include <epan/prefs.h> #include <epan/wmem/wmem.h> #include <epan/tvbuff.h> #include <epan/proto.h> @@ -868,6 +869,13 @@ ssl_common_dissect_t name = { \ { & name .ei.hs_ext_cert_status_undecoded, { prefix ".handshake.status_request.undecoded", PI_UNDECODED, PI_NOTE, \ "Responder ID list or Request Extensions are not implemented, contact Wireshark developers if you want this to be supported", EXPFILL }} +typedef struct ssl_common_options { + const gchar *psk; + const gchar *keylog_filename; +} ssl_common_options_t; + +extern void +ssl_common_register_options(module_t *module, ssl_common_options_t *options); #ifdef SSL_DECRYPT_DEBUG extern void diff --git a/epan/dissectors/packet-ssl.c b/epan/dissectors/packet-ssl.c index 6f17f1eb14..230422ba45 100644 --- a/epan/dissectors/packet-ssl.c +++ b/epan/dissectors/packet-ssl.c @@ -345,8 +345,7 @@ static gint ssl_decrypted_data_avail = 0; static uat_t *ssldecrypt_uat = NULL; static const gchar *ssl_keys_list = NULL; -static const gchar *ssl_psk = NULL; -static const gchar *ssl_keylog_filename = NULL; +static ssl_common_options_t ssl_options = { NULL, NULL}; /* List of dissectors to call for SSL data */ static heur_dissector_list_t ssl_heur_subdissector_list; @@ -2106,7 +2105,7 @@ dissect_ssl3_handshake(tvbuff_t *tvb, packet_info *pinfo, if (!ssl) break; - if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, ssl_psk, ssl_keylog_filename) < 0) { + if (ssl_generate_pre_master_secret(ssl, length, tvb, offset, ssl_options.psk, ssl_options.keylog_filename) < 0) { ssl_debug_printf("dissect_ssl3_handshake can't generate pre master secret\n"); break; } @@ -2276,7 +2275,7 @@ dissect_ssl3_hnd_hello_common(tvbuff_t *tvb, proto_tree *tree, if (!ssl_restore_session(ssl, ssl_session_hash)) { /* If we failed to find the previous session, we may still have * the master secret in the key log. */ - if (ssl_keylog_lookup(ssl, ssl_keylog_filename, NULL)) { + if (ssl_keylog_lookup(ssl, ssl_options.keylog_filename, NULL)) { ssl_debug_printf(" cannot find master secret in keylog file either\n"); } else { ssl_debug_printf(" found master secret in keylog file\n"); @@ -5619,27 +5618,7 @@ proto_register_ssl(void) "For troubleshooting ignore the mac check result and decrypt also if the Message Authentication Code (MAC) fails.", &ssl_ignore_mac_failed); #ifdef HAVE_LIBGNUTLS - prefs_register_string_preference(ssl_module, "psk", "Pre-Shared-Key", - "Pre-Shared-Key as HEX string, should be 0 to 16 bytes", - &ssl_psk); - - prefs_register_filename_preference(ssl_module, "keylog_file", "(Pre)-Master-Secret log filename", - "The filename of a file which contains a list of \n" - "(pre-)master secrets in one of the following formats:\n" - "\n" - "RSA <EPMS> <PMS>\n" - "RSA Session-ID:<SSLID> Master-Key:<MS>\n" - "CLIENT_RANDOM <CRAND> <MS>\n" - "\n" - "Where:\n" - "<EPMS> = First 8 bytes of the Encrypted PMS\n" - "<PMS> = The Pre-Master-Secret (PMS)\n" - "<SSLID> = The SSL Session ID\n" - "<MS> = The Master-Secret (MS)\n" - "<CRAND> = The Client's random number from the ClientHello message\n" - "\n" - "(All fields are in hex notation)", - &ssl_keylog_filename); + ssl_common_register_options(ssl_module, &ssl_options); #endif } |