diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2016-09-20 21:26:43 +0200 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2017-01-29 01:52:58 +0100 |
| commit | 380e87ebf19c2ecbcd6dfcc977d70b5971559446 (patch) | |
| tree | b422874df0bac8a342f7f9d75b0234e53de174b6 /epan/dissectors/packet-ssl-utils.h | |
| parent | ec9ce3fdad014274ce00de1768f9e11395a77e37 (diff) | |
| download | wireshark-ssl-aead-fixes.tar.gz | |
[WIP] ssl: add AEAD auth tag validation [rv2]ssl-aead-fixes
TODO
- pull AEAD init/check outside function (for re-use with TLS1.3?)
- fix sequence number for nonce, need to check what is wrong
- more testing (+ extend test suite)? CCM seems to work. GCM auth check
seems still broken.
- test with older libgcrypt versions (currently tested with 1.7.6).
Change-Id: I94dd2fd70e1281d85c954abfe523f7483d9ac68b
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.h')
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 8760103922..50240b5351 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -268,6 +268,19 @@ typedef enum { MODE_CCM_8 /* AEAD_AES_{128,256}_CCM with 8 byte auth tag */ } ssl_cipher_mode_t; +static inline gboolean +ssl_is_aead_cipher(ssl_cipher_mode_t mode) +{ + switch (mode) { + case MODE_GCM: + case MODE_CCM: + case MODE_CCM_8: + return TRUE; + default: + return FALSE; + } +} + /* Explicit nonce length */ #define SSL_EX_NONCE_LEN_GCM 8 /* RFC 5288 - section 3 */ @@ -544,6 +557,7 @@ ssl_change_cipher(SslDecryptSession *ssl_session, gboolean server); @param ssl ssl_session the store all the session data @param decoder the stream decoder to be used @param ct the content type of this ssl record + @param record_version the version as contained in the record @param in a pointer to the ssl record to be decrypted @param inl the record length @param comp_str a pointer to the store the compression data @@ -551,8 +565,8 @@ ssl_change_cipher(SslDecryptSession *ssl_session, gboolean server); @param outl the decrypted data len @return 0 on success */ extern gint -ssl_decrypt_record(SslDecryptSession* ssl,SslDecoder* decoder, gint ct, - const guchar* in, guint inl, StringInfo* comp_str, StringInfo* out_str, guint* outl); +ssl_decrypt_record(SslDecryptSession *ssl, SslDecoder *decoder, guint8 ct, guint16 record_version, + const guchar *in, guint16 inl, StringInfo *comp_str, StringInfo *out_str, guint *outl); /* Common part bitween SSL and DTLS dissectors */ |