diff options
author | Stig Bjørlykke <stig@bjorlykke.org> | 2021-10-31 12:08:15 +0100 |
---|---|---|
committer | Stig Bjørlykke <stig@bjorlykke.org> | 2021-11-01 12:51:11 +0000 |
commit | 313f85d362cf55773c01bd1edd55433ee85ccdf1 (patch) | |
tree | 6404c11243d61b3d753c0607696d8a0e5fb0b656 | |
parent | 353beb6c6d10cf5e15d5da670328a8b22516d239 (diff) |
tls: Update DTLS 1.2 Connection ID extension
Update DTLS 1.2 Connection ID extension support to final version.
Keep backward compability with the deprecated extention type (53)
from draft-ietf-tls-dtls-connection-id-07.
Closes #17695
-rw-r--r-- | epan/dissectors/packet-tls-utils.c | 44 | ||||
-rw-r--r-- | epan/dissectors/packet-tls-utils.h | 4 |
2 files changed, 36 insertions, 12 deletions
diff --git a/epan/dissectors/packet-tls-utils.c b/epan/dissectors/packet-tls-utils.c index fbc96b3af4..2f53a29ae2 100644 --- a/epan/dissectors/packet-tls-utils.c +++ b/epan/dissectors/packet-tls-utils.c @@ -1208,7 +1208,8 @@ const value_string tls_hello_extension_types[] = { { SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH, "post_handshake_auth" }, /* RFC 8446 */ { SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT, "signature_algorithms_cert" }, /* RFC 8446 */ { SSL_HND_HELLO_EXT_KEY_SHARE, "key_share" }, /* RFC 8446 */ - { SSL_HND_HELLO_EXT_CONNECTION_ID, "connection_id" }, /* draft-ietf-tls-dtls-connection-id-07 */ + { SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED, "connection_id (deprecated)" }, /* draft-ietf-tls-dtls-connection-id-07 */ + { SSL_HND_HELLO_EXT_CONNECTION_ID, "connection_id" }, /* RFC 9146 */ { SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V1, "quic_transport_parameters" }, /* draft-ietf-quic-tls-33 */ { SSL_HND_HELLO_EXT_GREASE_0A0A, "Reserved (GREASE)" }, /* RFC 8701 */ { SSL_HND_HELLO_EXT_GREASE_1A1A, "Reserved (GREASE)" }, /* RFC 8701 */ @@ -4757,22 +4758,40 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder, /* size of plaintext, additional authenticated data and auth tag. */ guint64 lengths[3] = { ciphertext_len, is_v12 ? 13 : 0, auth_tag_len }; if (is_cid) { - lengths[1] = 13 + 1 + cidl; /* cid length (1 byte) + cid (cidl bytes)*/ + if (ssl->session.deprecated_cid) { + lengths[1] += 1 + cidl; /* cid length (1 byte) + cid (cidl bytes) */ + } else { + lengths[1] += 8 + 1 + 1 + cidl; /* seq_num_placeholder + ct + cid length + cid */ + } } gcry_cipher_ctl(decoder->evp, GCRYCTL_SET_CCM_LENGTHS, lengths, sizeof(lengths)); } /* (D)TLS 1.2 needs specific AAD, TLS 1.3 (before -25) uses empty AAD. */ if (is_cid) { /* if connection ID */ - guchar aad[14+DTLS_MAX_CID_LENGTH]; - guint aad_len = 14 + cidl; - phton64(aad, decoder->seq); /* record sequence number */ - phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ - aad[8] = ct; /* TLSCompressed.type */ - phton16(aad + 9, record_version); /* TLSCompressed.version */ - memcpy(aad + 11, cid, cidl); /* cid */ - aad[11 + cidl] = cidl; /* cid_length */ - phton16(aad + 12 + cidl, ciphertext_len); /* TLSCompressed.length */ + guchar aad[23+DTLS_MAX_CID_LENGTH]; + guint aad_len; + if (ssl->session.deprecated_cid) { + aad_len = 13 + 1 + cidl; + phton64(aad, decoder->seq); /* record sequence number */ + phton16(aad, decoder->epoch); /* DTLS 1.2 includes epoch. */ + aad[8] = ct; /* TLSCompressed.type */ + phton16(aad + 9, record_version); /* TLSCompressed.version */ + memcpy(aad + 11, cid, cidl); /* cid */ + aad[11 + cidl] = cidl; /* cid_length */ + phton16(aad + 12 + cidl, ciphertext_len); /* TLSCompressed.length */ + } else { + aad_len = 13 + 8 + 1 + 1 + cidl; + memset(aad, 0xFF, 8); /* seq_num_placeholder */ + aad[8] = ct; /* TLSCompressed.type */ + aad[9] = cidl; /* cid_length */ + aad[10] = ct; /* TLSCompressed.type */ + phton16(aad + 11, record_version); /* TLSCompressed.version */ + phton64(aad + 13, decoder->seq); /* record sequence number */ + phton16(aad + 13, decoder->epoch); /* DTLS 1.2 includes epoch. */ + memcpy(aad + 21, cid, cidl); /* cid */ + phton16(aad + 21 + cidl, ciphertext_len); /* TLSCompressed.length */ + } ssl_print_data("AAD", aad, aad_len); err = gcry_cipher_authenticate(decoder->evp, aad, aad_len); if (err) { @@ -9775,6 +9794,9 @@ ssl_dissect_hnd_extension(ssl_common_dissect_t *hf, tvbuff_t *tvb, proto_tree *t case SSL_HND_HELLO_EXT_ENCRYPTED_SERVER_NAME: offset = ssl_dissect_hnd_hello_ext_esni(hf, tvb, pinfo, ext_tree, offset, next_offset, hnd_type, ssl); break; + case SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED: + session->deprecated_cid = TRUE; + /* FALLTHRU */ case SSL_HND_HELLO_EXT_CONNECTION_ID: offset = ssl_dissect_hnd_hello_ext_connection_id(hf, tvb, pinfo, ext_tree, offset, hnd_type, session, ssl); break; diff --git a/epan/dissectors/packet-tls-utils.h b/epan/dissectors/packet-tls-utils.h index 16f869f698..633c8960cb 100644 --- a/epan/dissectors/packet-tls-utils.h +++ b/epan/dissectors/packet-tls-utils.h @@ -123,7 +123,8 @@ typedef enum { #define SSL_HND_HELLO_EXT_POST_HANDSHAKE_AUTH 49 #define SSL_HND_HELLO_EXT_SIGNATURE_ALGORITHMS_CERT 50 #define SSL_HND_HELLO_EXT_KEY_SHARE 51 -#define SSL_HND_HELLO_EXT_CONNECTION_ID 53 +#define SSL_HND_HELLO_EXT_CONNECTION_ID_DEPRECATED 53 /* draft-ietf-tls-dtls-connection-id-07 */ +#define SSL_HND_HELLO_EXT_CONNECTION_ID 54 #define SSL_HND_HELLO_EXT_QUIC_TRANSPORT_PARAMETERS_V1 57 /* draft-ietf-quic-tls-33 */ #define SSL_HND_HELLO_EXT_GREASE_0A0A 2570 #define SSL_HND_HELLO_EXT_GREASE_1A1A 6682 @@ -474,6 +475,7 @@ typedef struct _SslSession { guint8 *server_cid; guint8 client_cid_len; guint8 server_cid_len; + gboolean deprecated_cid; /* Set when handshake is using the deprecated CID extention type */ } SslSession; /* RFC 5246, section 8.1 says that the master secret is always 48 bytes */ |