diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2017-02-11 12:02:40 +0100 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2017-02-11 13:22:56 +0000 |
| commit | 6cc7a7031d039facf4e3d39a322589ec39807424 (patch) | |
| tree | 468358df87a3710fcc989893b87766d76aa007e6 /epan/dissectors/packet-ssl-utils.h | |
| parent | eb1a63f3bcd30e8e844f2a72ac9c3e7a82871638 (diff) | |
TLS13: handle Key Update for decryption
Generate new key upon receipt of Key Update message. Untested.
Note that the "traffic_secret" field in SslDecryptSession was unused and
since the client and server have two different encryption states, store
the application traffic secret in SslDecoder.
Change-Id: Iefca3f6cb75745a996fecb0fe7769c876dc9c4ee
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/20013
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.h')
| -rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 82303bfa13..bb56664e7d 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -316,6 +316,7 @@ typedef struct _SslDecoder { guint64 seq; /**< Implicit (TLS) or explicit (DTLS) record sequence number. */ guint16 epoch; SslFlow *flow; + StringInfo app_traffic_secret; /**< TLS 1.3 application traffic secret (if applicable), wmem file scope. */ } SslDecoder; #define KEX_DHE_DSS 0x10 @@ -412,7 +413,6 @@ typedef struct _SslDecryptSession { StringInfo server_random; StringInfo client_random; StringInfo master_secret; - StringInfo traffic_secret; /**< TLS 1.3 traffic secret, wmem file scope. */ StringInfo handshake_data; /* the data store for this StringInfo must be allocated explicitly with a capture lifetime scope */ StringInfo pre_master_secret; @@ -632,6 +632,9 @@ ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map); extern void tls13_change_key(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map, gboolean is_from_server, TLSRecordType type); + +extern void +tls13_key_update(SslDecryptSession *ssl, gboolean is_from_server); #else /* ! HAVE_LIBGCRYPT */ static inline void ssl_finalize_decryption(SslDecryptSession *ssl _U_, ssl_master_key_map_t *mk_map _U_) @@ -643,6 +646,11 @@ tls13_change_key(SslDecryptSession *ssl _U_, ssl_master_key_map_t *mk_map _U_, gboolean is_from_server _U_, TLSRecordType type _U_) { } + +static inline void +tls13_key_update(SslDecryptSession *ssl _U_, gboolean is_from_server _U_) +{ +} #endif /* ! HAVE_LIBGCRYPT */ extern gboolean |