wiretap: add read/write support for Decryption Secrets Block (DSB)

Support reading and writing pcapng files with DSBs. A DSB may occur multiple times but should appear before packets that need those decryption secrets (so it cannot be moved to the end like NRB). The TLS dissector will be updated in the future to make use of these secrets. pcapng spec update: https://github.com/pcapng/pcapng/pull/54 As DSBs may be interleaved with packets, do not even try to read it in pcapng_open (as is done for IDBs). Instead process them during the sequential read, appending them to the 'wtap::dsbs' array. Writing is more complicated, secrets may initially not be available when 'wtap_dumper' is created. As they may become available in 'wtap::dsbs' as more packets are read, allow 'wtap_dumper::dsbs_growing' to reference this array. This saves every user from checking/dumping DSBs. If the wtap user needs to insert extra DSBs (while preserving existing DSBs), they can set the 'wtap_dumper::dsbs_initial' field. The test file was creating using a patched editcap (future patch) and combined using mergecap (which required a change to preserve the DSBs). Change-Id: I74e4ee3171bd852a89ea0f6fbae9e0f65ed6eda9 Ping-Bug: 15252 Reviewed-on: https://code.wireshark.org/review/30692 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Peter Wu <peter@lekensteyn.nl> 2018-11-17 13:56:12 +0100
committer: Anders Broman <a.broman58@gmail.com> 2018-11-20 05:12:37 +0000
commit: 52a667143929ace46929bfb6ad15b6a856cdbe77 (patch)
tree: 97dfedc45dd07c47116ba06cb13457f04a5d48df /test
parent: ad21e3121f3307ee6cc2b4a2b296ef6dd83152ed (diff)
4 files changed, 50 insertions, 0 deletions
diff --git a/test/captures/tls12-dsb.pcapng b/test/captures/tls12-dsb.pcapng
new file mode 100644
index 0000000000..d9bf1ab5d7
--- /dev/null
+++ b/test/captures/tls12-dsb.pcapng
diff --git a/test/keys/tls12-dsb-1.keys b/test/keys/tls12-dsb-1.keys
new file mode 100644
index 0000000000..e6d535e8be
--- /dev/null
+++ b/test/keys/tls12-dsb-1.keys
@@ -0,0 +1,2 @@
+# first
+CLIENT_RANDOM f67a28b386b31c620d76c0026fdd9888edbe6bf0f5b715b2caca158f84ae9d66 cc38e78182b9dfd74ef3103d79bbc99cfc9b4dad209ed209062b5481e63353128da7571b13cfd4d3a5ae7d0520fb346d
diff --git a/test/keys/tls12-dsb-2.keys b/test/keys/tls12-dsb-2.keys
new file mode 100644
index 0000000000..d32fd4a215
--- /dev/null
+++ b/test/keys/tls12-dsb-2.keys
@@ -0,0 +1 @@
+CLIENT_RANDOM 1e0d63b41d7c7bb639559cfc9f06ffd5c65fe4a9df31abc5af833b0d834436f4 c7f5dda54fb417181cb26e52112afaf9e1756addd77d3c479d96a609c0d3c9bb9929c8475cafb4dbad8f72e868a43e02
diff --git a/test/suite_fileformats.py b/test/suite_fileformats.py
index 1d482dff43..66c9880929 100644
--- a/test/suite_fileformats.py
+++ b/test/suite_fileformats.py
@@ -110,6 +110,53 @@ class case_fileformat_pcapng(subprocesstest.SubprocessTestCase):
             )
         self.assertTrue(self.diffOutput(capture_proc.stdout_str, fileformats_baseline_str, 'tshark', baseline_file))
 
+@fixtures.fixture
+def check_pcapng_dsb_fields(request, cmd_tshark):
+    '''Factory that checks whether the DSB within the capture file matches.'''
+    self = request.instance
+    def check_dsb_fields_real(outfile, fields):
+        proc = self.runProcess((cmd_tshark,
+                '-r', outfile,
+                '-Xread_format:MIME Files Format',
+                '-Tfields',
+                '-e', 'pcapng.dsb.secrets_type',
+                '-e', 'pcapng.dsb.secrets_length',
+                '-e', 'pcapng.dsb.secrets_data',
+                '-Y', 'pcapng.dsb.secrets_data'
+            ))
+        # Convert "t1,t2 l1,l2 v1,2" -> [(t1, l1, v1), (t2, l2, v2)]
+        output = proc.stdout_str.strip()
+        actual = list(zip(*[x.split(",") for x in output.split('\t')]))
+        def format_field(field):
+            t, l, v = field
+            v_hex = ''.join('%02x' % c for c in v)
+            return ('0x%08x' % t, str(l), v_hex)
+        fields = [format_field(field) for field in fields]
+        self.assertEqual(fields, actual)
+    return check_dsb_fields_real
+
+
+@fixtures.mark_usefixtures('base_env')
+@fixtures.uses_fixtures
+class case_fileformat_pcapng_dsb(subprocesstest.SubprocessTestCase):
+    def test_pcapng_dsb_1(self, cmd_tshark, dirs, capture_file, check_pcapng_dsb_fields):
+        '''Check that DSBs are preserved while rewriting files.'''
+        dsb_keys1 = os.path.join(dirs.key_dir, 'tls12-dsb-1.keys')
+        dsb_keys2 = os.path.join(dirs.key_dir, 'tls12-dsb-2.keys')
+        outfile = self.filename_from_id('tls12-dsb-same.pcapng')
+        self.runProcess((cmd_tshark,
+            '-r', capture_file('tls12-dsb.pcapng'),
+            '-w', outfile,
+        ))
+        with open(dsb_keys1, 'r') as f:
+            dsb1_contents = f.read().encode('utf8')
+        with open(dsb_keys2, 'r') as f:
+            dsb2_contents = f.read().encode('utf8')
+        check_pcapng_dsb_fields(outfile, (
+            (0x544c534b, len(dsb1_contents), dsb1_contents),
+            (0x544c534b, len(dsb2_contents), dsb2_contents),
+        ))
+
 
 @fixtures.mark_usefixtures('test_env')
 @fixtures.uses_fixtures
author	Peter Wu <peter@lekensteyn.nl>	2018-11-17 13:56:12 +0100
committer	Anders Broman <a.broman58@gmail.com>	2018-11-20 05:12:37 +0000
commit	52a667143929ace46929bfb6ad15b6a856cdbe77 (patch)
tree	97dfedc45dd07c47116ba06cb13457f04a5d48df /test
parent	ad21e3121f3307ee6cc2b4a2b296ef6dd83152ed (diff)