From 52a667143929ace46929bfb6ad15b6a856cdbe77 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Sat, 17 Nov 2018 13:56:12 +0100
Subject: wiretap: add read/write support for Decryption Secrets Block (DSB)

Support reading and writing pcapng files with DSBs. A DSB may occur
multiple times but should appear before packets that need those
decryption secrets (so it cannot be moved to the end like NRB). The TLS
dissector will be updated in the future to make use of these secrets.
pcapng spec update: https://github.com/pcapng/pcapng/pull/54

As DSBs may be interleaved with packets, do not even try to read it in
pcapng_open (as is done for IDBs). Instead process them during the
sequential read, appending them to the 'wtap::dsbs' array.

Writing is more complicated, secrets may initially not be available when
'wtap_dumper' is created. As they may become available in 'wtap::dsbs'
as more packets are read, allow 'wtap_dumper::dsbs_growing' to reference
this array. This saves every user from checking/dumping DSBs.

If the wtap user needs to insert extra DSBs (while preserving existing
DSBs), they can set the 'wtap_dumper::dsbs_initial' field.

The test file was creating using a patched editcap (future patch) and
combined using mergecap (which required a change to preserve the DSBs).

Change-Id: I74e4ee3171bd852a89ea0f6fbae9e0f65ed6eda9
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30692
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 test/captures/tls12-dsb.pcapng | Bin 0 -> 10260 bytes
 test/keys/tls12-dsb-1.keys     |   2 ++
 test/keys/tls12-dsb-2.keys     |   1 +
 test/suite_fileformats.py      |  47 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 50 insertions(+)
 create mode 100644 test/captures/tls12-dsb.pcapng
 create mode 100644 test/keys/tls12-dsb-1.keys
 create mode 100644 test/keys/tls12-dsb-2.keys

(limited to 'test')

diff --git a/test/captures/tls12-dsb.pcapng b/test/captures/tls12-dsb.pcapng
new file mode 100644
index 0000000000..d9bf1ab5d7
Binary files /dev/null and b/test/captures/tls12-dsb.pcapng differ
diff --git a/test/keys/tls12-dsb-1.keys b/test/keys/tls12-dsb-1.keys
new file mode 100644
index 0000000000..e6d535e8be
--- /dev/null
+++ b/test/keys/tls12-dsb-1.keys
@@ -0,0 +1,2 @@
+# first
+CLIENT_RANDOM f67a28b386b31c620d76c0026fdd9888edbe6bf0f5b715b2caca158f84ae9d66 cc38e78182b9dfd74ef3103d79bbc99cfc9b4dad209ed209062b5481e63353128da7571b13cfd4d3a5ae7d0520fb346d
diff --git a/test/keys/tls12-dsb-2.keys b/test/keys/tls12-dsb-2.keys
new file mode 100644
index 0000000000..d32fd4a215
--- /dev/null
+++ b/test/keys/tls12-dsb-2.keys
@@ -0,0 +1 @@
+CLIENT_RANDOM 1e0d63b41d7c7bb639559cfc9f06ffd5c65fe4a9df31abc5af833b0d834436f4 c7f5dda54fb417181cb26e52112afaf9e1756addd77d3c479d96a609c0d3c9bb9929c8475cafb4dbad8f72e868a43e02
diff --git a/test/suite_fileformats.py b/test/suite_fileformats.py
index 1d482dff43..66c9880929 100644
--- a/test/suite_fileformats.py
+++ b/test/suite_fileformats.py
@@ -110,6 +110,53 @@ class case_fileformat_pcapng(subprocesstest.SubprocessTestCase):
             )
         self.assertTrue(self.diffOutput(capture_proc.stdout_str, fileformats_baseline_str, 'tshark', baseline_file))
 
+@fixtures.fixture
+def check_pcapng_dsb_fields(request, cmd_tshark):
+    '''Factory that checks whether the DSB within the capture file matches.'''
+    self = request.instance
+    def check_dsb_fields_real(outfile, fields):
+        proc = self.runProcess((cmd_tshark,
+                '-r', outfile,
+                '-Xread_format:MIME Files Format',
+                '-Tfields',
+                '-e', 'pcapng.dsb.secrets_type',
+                '-e', 'pcapng.dsb.secrets_length',
+                '-e', 'pcapng.dsb.secrets_data',
+                '-Y', 'pcapng.dsb.secrets_data'
+            ))
+        # Convert "t1,t2 l1,l2 v1,2" -> [(t1, l1, v1), (t2, l2, v2)]
+        output = proc.stdout_str.strip()
+        actual = list(zip(*[x.split(",") for x in output.split('\t')]))
+        def format_field(field):
+            t, l, v = field
+            v_hex = ''.join('%02x' % c for c in v)
+            return ('0x%08x' % t, str(l), v_hex)
+        fields = [format_field(field) for field in fields]
+        self.assertEqual(fields, actual)
+    return check_dsb_fields_real
+
+
+@fixtures.mark_usefixtures('base_env')
+@fixtures.uses_fixtures
+class case_fileformat_pcapng_dsb(subprocesstest.SubprocessTestCase):
+    def test_pcapng_dsb_1(self, cmd_tshark, dirs, capture_file, check_pcapng_dsb_fields):
+        '''Check that DSBs are preserved while rewriting files.'''
+        dsb_keys1 = os.path.join(dirs.key_dir, 'tls12-dsb-1.keys')
+        dsb_keys2 = os.path.join(dirs.key_dir, 'tls12-dsb-2.keys')
+        outfile = self.filename_from_id('tls12-dsb-same.pcapng')
+        self.runProcess((cmd_tshark,
+            '-r', capture_file('tls12-dsb.pcapng'),
+            '-w', outfile,
+        ))
+        with open(dsb_keys1, 'r') as f:
+            dsb1_contents = f.read().encode('utf8')
+        with open(dsb_keys2, 'r') as f:
+            dsb2_contents = f.read().encode('utf8')
+        check_pcapng_dsb_fields(outfile, (
+            (0x544c534b, len(dsb1_contents), dsb1_contents),
+            (0x544c534b, len(dsb2_contents), dsb2_contents),
+        ))
+
 
 @fixtures.mark_usefixtures('test_env')
 @fixtures.uses_fixtures
-- 
cgit v1.2.3