diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2019-07-16 00:03:42 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2019-07-16 06:36:19 +0000 |
| commit | b2a437e1c8d175d4bcb79e9041af547d3ead2b24 (patch) | |
| tree | 38d674e8d985f2456a053dfd2e532898d39d5877 | |
| parent | 954b958aa10fbc448b624911825183408d510fe3 (diff) | |
QUIC: remove support for draft -18 and older
Update all comments to the latest draft version (draft -22) and remove
support for draft -18 and older.
Bug: 13881
Change-Id: Ide3a5b8f94ffbfa8281415f3cebdecd84346bc48
Reviewed-on: https://code.wireshark.org/review/33958
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-quic.c | 21 | ||||
| -rw-r--r-- | epan/dissectors/packet-tls-utils.c | 127 | ||||
| -rw-r--r-- | epan/dissectors/packet-tls-utils.h | 26 |
3 files changed, 29 insertions, 145 deletions
diff --git a/epan/dissectors/packet-quic.c b/epan/dissectors/packet-quic.c index 4e484f17bc..79c0ebadbd 100644 --- a/epan/dissectors/packet-quic.c +++ b/epan/dissectors/packet-quic.c @@ -12,9 +12,9 @@ /* * See https://quicwg.org - * https://tools.ietf.org/html/draft-ietf-quic-transport-20 - * https://tools.ietf.org/html/draft-ietf-quic-tls-20 - * https://tools.ietf.org/html/draft-ietf-quic-invariants-04 + * https://tools.ietf.org/html/draft-ietf-quic-transport-22 + * https://tools.ietf.org/html/draft-ietf-quic-tls-22 + * https://tools.ietf.org/html/draft-ietf-quic-invariants-05 */ #include <config.h> @@ -186,7 +186,7 @@ typedef struct quic_cipher { // TODO hp_cipher does not change after KeyUpdate, but is still tied to the // current encryption level (initial, 0rtt, handshake, appdata). // Maybe move this into quic_info_data (2x) and quic_pp_state? - // See https://tools.ietf.org/html/draft-ietf-quic-tls-17#section-5.4 + // See https://tools.ietf.org/html/draft-ietf-quic-tls-22#section-5.4 gcry_cipher_hd_t hp_cipher; /**< Header protection cipher. */ gcry_cipher_hd_t pp_cipher; /**< Packet protection cipher. */ guint8 pp_iv[TLS13_AEAD_NONCE_LENGTH]; @@ -422,7 +422,6 @@ static const range_string quic_transport_error_code_vals[] = { { 0x0006, 0x0006, "FINAL_SIZE_ERROR" }, { 0x0007, 0x0007, "FRAME_ENCODING_ERROR" }, { 0x0008, 0x0008, "TRANSPORT_PARAMETER_ERROR" }, - { 0x0009, 0x0009, "VERSION_NEGOTIATION_ERROR" }, // removed in draft -19 { 0x000A, 0x000A, "PROTOCOL_VIOLATION" }, { 0x000C, 0x000C, "INVALID_MIGRATION" }, { 0x000D, 0x000D, "CRYPTO_BUFFER_EXCEEDED" }, @@ -489,7 +488,7 @@ quic_decrypt_header(tvbuff_t *tvb, guint pn_offset, gcry_cipher_hd_t hp_cipher, } // Sample is always 16 bytes and starts after PKN (assuming length 4). - // https://tools.ietf.org/html/draft-ietf-quic-tls-17#section-5.4.2 + // https://tools.ietf.org/html/draft-ietf-quic-tls-22#section-5.4.2 guint8 sample[16]; tvb_memcpy(tvb, sample, pn_offset + 4, 16); @@ -520,7 +519,7 @@ quic_decrypt_header(tvbuff_t *tvb, guint pn_offset, gcry_cipher_hd_t hp_cipher, return FALSE; } - // https://tools.ietf.org/html/draft-ietf-quic-tls-17#section-5.4.1 + // https://tools.ietf.org/html/draft-ietf-quic-tls-22#section-5.4.1 guint8 packet0 = tvb_get_guint8(tvb, 0); if ((packet0 & 0x80) == 0x80) { // Long header: 4 bits masked @@ -652,7 +651,7 @@ quic_cids_is_known_length(const quic_cid_t *cid) static quic_info_data_t * quic_connection_find_dcid(packet_info *pinfo, const quic_cid_t *dcid, gboolean *from_server) { - /* https://tools.ietf.org/html/draft-ietf-quic-transport-13#section-6.2 + /* https://tools.ietf.org/html/draft-ietf-quic-transport-22#section-5.2 * * "If the packet has a Destination Connection ID corresponding to an * existing connection, QUIC processes that packet accordingly." @@ -1257,7 +1256,7 @@ quic_cipher_init(quic_cipher *cipher, int hash_algo, guint8 key_length, guint8 * * the (encrypted) packet number length is also included. * * The actual packet number must be constructed according to - * https://tools.ietf.org/html/draft-ietf-quic-transport-13#section-4.8 + * https://tools.ietf.org/html/draft-ietf-quic-transport-22#section-12.3 */ static void quic_decrypt_message(quic_cipher *cipher, tvbuff_t *head, guint header_length, @@ -1397,7 +1396,7 @@ quic_derive_initial_secrets(const quic_cid_t *cid, /** * Maps a Packet Protection cipher to the Packet Number protection cipher. - * See https://tools.ietf.org/html/draft-ietf-quic-tls-17#section-5.4.3 + * See https://tools.ietf.org/html/draft-ietf-quic-tls-22#section-5.4.3 */ static gboolean quic_get_pn_cipher_algo(int cipher_algo, int *hp_cipher_mode) @@ -2471,7 +2470,7 @@ proto_register_quic(void) FT_UINT32, BASE_HEX, VALS(quic_version_vals), 0x0, NULL, HFILL } }, - { &hf_quic_vn_unused, /* <= draft-07 */ + { &hf_quic_vn_unused, { "Unused", "quic.vn.unused", FT_UINT8, BASE_HEX, NULL, 0x7F, NULL, HFILL } diff --git a/epan/dissectors/packet-tls-utils.c b/epan/dissectors/packet-tls-utils.c index a34be253d9..05fd2be2fa 100644 --- a/epan/dissectors/packet-tls-utils.c +++ b/epan/dissectors/packet-tls-utils.c @@ -6589,11 +6589,11 @@ ssl_dissect_hnd_hello_ext_compress_certificate(ssl_common_dissect_t *hf, tvbuff_ static guint32 ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 offset, guint32 offset_end, - guint8 hnd_type, SslDecryptSession *ssl _U_) + guint8 hnd_type _U_, SslDecryptSession *ssl _U_) { - guint32 quic_length, parameter_length, supported_versions_length, next_offset; + guint32 quic_length, parameter_length, next_offset; - /* https://tools.ietf.org/html/draft-ietf-quic-transport-17#section-18 + /* https://tools.ietf.org/html/draft-ietf-quic-transport-22#section-18 * uint32 QuicVersion; * enum { * original_connection_id(0), @@ -6618,32 +6618,8 @@ ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tv * opaque value<0..2^16-1>; * } TransportParameter; * - * // draft -18 and before - * struct { - * select (Handshake.msg_type) { - * case client_hello: - * QuicVersion initial_version; - * - * case encrypted_extensions: - * QuicVersion negotiated_version; - * QuicVersion supported_versions<4..2^8-4>; - * }; - * TransportParameter parameters<0..2^16-1>; - * } TransportParameters; - * - * // since draft 19 * TransportParameter TransportParameters<0..2^16-1>; * - * // draft -17 and before - * struct { - * enum { IPv4(4), IPv6(6), (15) } ipVersion; - * opaque ipAddress<4..2^8-1>; - * uint16 port; - * opaque connectionId<0..18>; - * opaque statelessResetToken[16]; - * } PreferredAddress; - * - * // Since draft -18 * struct { * opaque ipv4Address[4]; * uint16 ipv4Port; @@ -6653,42 +6629,6 @@ ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tv * opaque statelessResetToken[16]; * } PreferredAddress; */ - // Heuristically detect draft -18 vs draft -19. - if (offset_end - offset >= 4 && tvb_get_ntohs(tvb, offset) != offset_end - offset - 2) { - // Draft -18 and before start with a (draft) version field. For CH, this - // can be an arbitrary number that triggers a Version Negotiation - // packet. Draft -19 always begins with a vector, so assume that - // anything that does not have a vector length is an older draft. - switch (hnd_type) { - case SSL_HND_CLIENT_HELLO: - proto_tree_add_item(tree, hf->hf.hs_ext_quictp_initial_version, - tvb, offset, 4, ENC_BIG_ENDIAN); - offset += 4; - break; - case SSL_HND_ENCRYPTED_EXTENSIONS: - proto_tree_add_item(tree, hf->hf.hs_ext_quictp_negotiated_version, - tvb, offset, 4, ENC_BIG_ENDIAN); - offset += 4; - /* QuicVersion supported_versions<4..2^8-4>;*/ - if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &supported_versions_length, - hf->hf.hs_ext_quictp_supported_versions_len, 4, G_MAXUINT8-3)) { - return offset_end; - } - offset += 1; - next_offset = offset + supported_versions_length; - - while (offset < next_offset) { - proto_tree_add_item(tree, hf->hf.hs_ext_quictp_supported_versions, - tvb, offset, 4, ENC_BIG_ENDIAN); - offset += 4; - } - break; - case SSL_HND_NEWSESSION_TICKET: - break; - default: - return offset; - } - } /* TransportParameter TransportParameters<0..2^16-1>; */ if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &quic_length, @@ -6802,52 +6742,21 @@ ssl_dissect_hnd_hello_ext_quic_transport_parameters(ssl_common_dissect_t *hf, tv /* No Payload */ break; case SSL_HND_QUIC_TP_PREFERRED_ADDRESS: { - guint32 ipversion, ipaddress_length, connectionid_length; - // Heuristically detect draft -17 vs draft -18. - ipversion = tvb_get_guint8(tvb, offset); - if (ipversion == 4 || ipversion == 6) { - // Draft -17 and earlier. - proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipversion, - tvb, offset, 1, ENC_BIG_ENDIAN); - offset += 1; - if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &ipaddress_length, - hf->hf.hs_ext_quictp_parameter_pa_ipaddress_length, 4, G_MAXUINT8-1)) { - break; - } - offset += 1; - switch (ipversion) { - case 4: - proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4address, - tvb, offset, 4, ENC_BIG_ENDIAN); - offset += 4; - proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4port, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - break; - case 6: - proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6address, - tvb, offset, 16, ENC_NA); - offset += 16; - proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6port, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - break; - } - } else { - // Since draft -18 - proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4address, - tvb, offset, 4, ENC_BIG_ENDIAN); - offset += 4; - proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4port, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6address, - tvb, offset, 16, ENC_NA); - offset += 16; - proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6port, - tvb, offset, 2, ENC_BIG_ENDIAN); - offset += 2; - } + guint32 connectionid_length; + + // Since draft -18 + proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4address, + tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv4port, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6address, + tvb, offset, 16, ENC_NA); + offset += 16; + proto_tree_add_item(parameter_tree, hf->hf.hs_ext_quictp_parameter_pa_ipv6port, + tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; if (!ssl_add_vector(hf, tvb, pinfo, tree, offset, offset_end, &connectionid_length, hf->hf.hs_ext_quictp_parameter_pa_connectionid_length, 0, 18)) { diff --git a/epan/dissectors/packet-tls-utils.h b/epan/dissectors/packet-tls-utils.h index d06bae0774..fe1009f191 100644 --- a/epan/dissectors/packet-tls-utils.h +++ b/epan/dissectors/packet-tls-utils.h @@ -877,10 +877,6 @@ typedef struct ssl_common_dissect { gint hs_ext_record_size_limit; /* QUIC Transport Parameters */ - gint hs_ext_quictp_negotiated_version; - gint hs_ext_quictp_initial_version; - gint hs_ext_quictp_supported_versions_len; - gint hs_ext_quictp_supported_versions; gint hs_ext_quictp_len; gint hs_ext_quictp_parameter; gint hs_ext_quictp_parameter_type; @@ -1135,7 +1131,7 @@ ssl_common_dissect_t name = { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ - -1, -1, -1, -1, -1, -1, -1, -1, \ + -1, -1, -1, -1, \ }, \ /* ett */ { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ @@ -1891,26 +1887,6 @@ ssl_common_dissect_t name = { \ FT_UINT16, BASE_DEC, NULL, 0x00, \ "Maximum record size that an endpoint is willing to receive", HFILL } \ }, \ - { & name .hf.hs_ext_quictp_negotiated_version, \ - { "Negotiated Version", prefix ".quic.negotiated_version", \ - FT_UINT32, BASE_HEX, VALS(quic_version_vals), 0x00, \ - NULL, HFILL } \ - }, \ - { & name .hf.hs_ext_quictp_initial_version, \ - { "Initial Version", prefix ".quic.initial_version", \ - FT_UINT32, BASE_HEX, VALS(quic_version_vals), 0x00, \ - NULL, HFILL } \ - }, \ - { & name .hf.hs_ext_quictp_supported_versions_len, \ - { "Supported Versions Length", prefix ".quic.supported_versions.len", \ - FT_UINT16, BASE_DEC, NULL, 0x00, \ - NULL, HFILL } \ - }, \ - { & name .hf.hs_ext_quictp_supported_versions, \ - { "Supported Versions", prefix ".quic.supported_versions", \ - FT_UINT32, BASE_HEX, VALS(quic_version_vals), 0x00, \ - NULL, HFILL } \ - }, \ { & name .hf.hs_ext_quictp_len, \ { "Parameters Length", prefix ".quic.len", \ FT_UINT16, BASE_DEC, NULL, 0x00, \ |