WireGuard: implement responder handshake decryption

Transport data decryption will follow later. Bug: 15011 Change-Id: Ib755e43ff54601405b21aeb0045b15d158bc283b Reviewed-on: https://code.wireshark.org/review/28991 Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Peter Wu <peter@lekensteyn.nl> 2018-07-26 19:10:31 +0200
committer: Anders Broman <a.broman58@gmail.com> 2018-08-08 11:25:45 +0000
commit: 31f4c0dce11b54c8f26e04387a6f89b326c37a24 (patch)
tree: 049300e8a1f64ae7755735bb9a1c3fe43856f793 /test
parent: c30b9fc8917a8c3c3b85ef939d2ebb94e03fb5ee (diff)
1 files changed, 27 insertions, 4 deletions
diff --git a/test/suite_decryption.py b/test/suite_decryption.py
index d92eb8af7d..971d78fb5a 100644
--- a/test/suite_decryption.py
+++ b/test/suite_decryption.py
@@ -584,9 +584,9 @@ class case_decrypt_wireguard(subprocesstest.SubprocessTestCase):
         self.assertIn('1\t1\t%s\t%s' % (self.key_Spub_i, ''), lines)
         self.assertIn('13\t1\t%s\t%s' % (self.key_Spub_i, ''), lines)
 
-    def test_decrypt_initiation_static_ephemeral(self):
+    def test_decrypt_full_initiator(self):
         """
-        Check for full initiation decryption using Spriv_r + Epriv_i.
+        Check for full handshake decryption using Spriv_r + Epriv_i.
         The public key Spub_r is provided via the key log as well.
         """
         lines = self.runOne([
@@ -595,11 +595,34 @@ class case_decrypt_wireguard(subprocesstest.SubprocessTestCase):
             '-e', 'wg.ephemeral.known_privkey',
             '-e', 'wg.static',
             '-e', 'wg.timestamp.nanoseconds',
+            '-e', 'wg.handshake_ok',
         ], keylog=[
             '  REMOTE_STATIC_PUBLIC_KEY = %s' % self.key_Spub_r,
             '  LOCAL_STATIC_PRIVATE_KEY = %s' % self.key_Spriv_i_alt,
             '  LOCAL_EPHEMERAL_PRIVATE_KEY = %s' % self.key_Epriv_i0_alt,
             '  LOCAL_EPHEMERAL_PRIVATE_KEY = %s' % self.key_Epriv_i1,
         ])
-        self.assertIn('1\t1\t%s\t%s' % (self.key_Spub_i, '356537872'), lines)
-        self.assertIn('13\t1\t%s\t%s' % (self.key_Spub_i, '490514356'), lines)
+        self.assertIn('1\t1\t%s\t%s\t' % (self.key_Spub_i, '356537872'), lines)
+        self.assertIn('2\t0\t\t\t1', lines)
+        self.assertIn('13\t1\t%s\t%s\t' % (self.key_Spub_i, '490514356'), lines)
+        self.assertIn('14\t0\t\t\t1', lines)
+
+    def test_decrypt_full_responder(self):
+        """Check for full handshake decryption using responder secrets."""
+        lines = self.runOne([
+            '-Tfields',
+            '-e', 'frame.number',
+            '-e', 'wg.ephemeral.known_privkey',
+            '-e', 'wg.static',
+            '-e', 'wg.timestamp.nanoseconds',
+            '-e', 'wg.handshake_ok',
+        ], keylog=[
+            'REMOTE_STATIC_PUBLIC_KEY=%s' % self.key_Spub_i,
+            'LOCAL_STATIC_PRIVATE_KEY=%s' % self.key_Spriv_r,
+            'LOCAL_EPHEMERAL_PRIVATE_KEY=%s' % self.key_Epriv_r0,
+            'LOCAL_EPHEMERAL_PRIVATE_KEY=%s' % self.key_Epriv_r1,
+        ])
+        self.assertIn('1\t0\t%s\t%s\t' % (self.key_Spub_i, '356537872'), lines)
+        self.assertIn('2\t1\t\t\t1', lines)
+        self.assertIn('13\t0\t%s\t%s\t' % (self.key_Spub_i, '490514356'), lines)
+        self.assertIn('14\t1\t\t\t1', lines)
author	Peter Wu <peter@lekensteyn.nl>	2018-07-26 19:10:31 +0200
committer	Anders Broman <a.broman58@gmail.com>	2018-08-08 11:25:45 +0000
commit	31f4c0dce11b54c8f26e04387a6f89b326c37a24 (patch)
tree	049300e8a1f64ae7755735bb9a1c3fe43856f793 /test
parent	c30b9fc8917a8c3c3b85ef939d2ebb94e03fb5ee (diff)