ssl,dtls: simplify keyfile handling

Previously, the keylog file would be fully parsed when an encrypted pre-master secret is encountered or in the ChangeCipherSpec stage. There was also a lot of duplication in the key logfile parsing. This patch simplifies the key logfile parsing by using regular expressions. Rather than scanning the key logfile for a specific key, do this scan once at ssl init and save the results to a hashtable. The map for session ID/tickets to master keys already existed, another one for client random to master key and encrypted pre-master to pre-master was added. This could later also be wired to the "Export SSL Keys" menu item for improved reliability (when no session ID or tickets are available, the client random could be used). The ssl_{save,restore}_session{,_ticket} functions have been converted to a single function that looks up a key (sid / client random / encr. pre-master) to a (pre-)master secret. Other minor changes: return booleans for some functions that can only fail/pass. Remove some functions from the ssl-utils header that have become private a few commits ago. Remove some outstanding issues from the comments in packet-ssl as they are already done, add myself to the ssl-utils header. These changes pass the test suite and the sample Session Ticket-enabled capture from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5963 On-the-fly decryption are broken with this patch since keylog files are read once at the start of a capture. This will be solved in a future patch. Change-Id: Idb343abe161950b5f3ff61bee093d0f4ef9655bd Reviewed-on: https://code.wireshark.org/review/3057 Reviewed-by: Evan Huus <eapache@gmail.com> Petri-Dish: Evan Huus <eapache@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
author: Peter Wu <peter@lekensteyn.nl> 2014-07-19 11:06:25 +0200
committer: Michael Mann <mmann78@netscape.net> 2014-07-31 11:08:18 +0000
commit: 7939d32ce29ad05548266cf8fd074b0b56fb7e37 (patch)
tree: 11806d53517525e13e35c358c6547e4f21015745 /epan/dissectors/packet-ssl-utils.h
parent: a1032fa62e2c779c00cda3390598b84674ccdb88 (diff)
1 files changed, 22 insertions, 39 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h
index 0e8c43f823..75f95499e3 100644
--- a/epan/dissectors/packet-ssl-utils.h
+++ b/epan/dissectors/packet-ssl-utils.h
@@ -421,6 +421,21 @@ typedef struct _ssldecrypt_assoc_t {
     char* password;
 } ssldecrypt_assoc_t;
 
+typedef struct ssl_common_options {
+    const gchar        *psk;
+    const gchar        *keylog_filename;
+} ssl_common_options_t;
+
+/** Map from something to a (pre-)master secret */
+typedef struct {
+    GHashTable *session;    /*< Session ID/Ticket to master secret. It uses the
+                                observation that Session IDs are 1-32 bytes and
+                                tickets are much longer */
+    GHashTable *crandom;    /*< Client Random to master secret */
+    GHashTable *pre_master; /*< First 8 bytes of encrypted pre-master secret to
+                                pre-master secret */
+} ssl_master_key_map_t;
+
 gint ssl_get_keyex_alg(gint cipher);
 
 gboolean ssldecrypt_uat_fld_ip_chk_cb(void*, const char*, unsigned, const void*, const void*, const char** err);
@@ -475,10 +490,11 @@ ssl_find_private_key(SslDecryptSession *ssl_session, GHashTable *key_hash, GTree
 extern gint
 ssl_find_cipher(int num,SslCipherSuite* cs);
 
-int
+gboolean
 ssl_generate_pre_master_secret(SslDecryptSession *ssl_session,
                                guint32 length, tvbuff_t *tvb, guint32 offset,
-                               const gchar *ssl_psk, const gchar *keylog_filename);
+                               const gchar *ssl_psk,
+                               const ssl_master_key_map_t *mk_map);
 
 /** Expand the pre_master_secret to generate all the session information
  * (master secret, session keys, ivs)
@@ -490,26 +506,6 @@ ssl_generate_keyring_material(SslDecryptSession*ssl_session);
 extern void
 ssl_change_cipher(SslDecryptSession *ssl_session, gboolean server);
 
-/** Try to find the pre-master secret for the given encrypted pre-master secret
-    from a log of secrets.
- @param ssl_session the store for the decrypted pre_master_secret
- @param ssl_keylog_filename a file that contains a log of secrets (may be NULL)
- @param encrypted_pre_master the rsa encrypted pre_master_secret (may be NULL)
- @return 0 on success */
-int
-ssl_keylog_lookup(SslDecryptSession* ssl_session,
-                  const gchar* ssl_keylog_filename,
-                  StringInfo* encrypted_pre_master);
-
-/** Try to decrypt in place the encrypted pre_master_secret
- @param ssl_session the store for the decrypted pre_master_secret
- @param encrypted_pre_master the rsa encrypted pre_master_secret
- @param pk the private key to be used for decryption
- @return 0 on success */
-extern gint
-ssl_decrypt_pre_master_secret(SslDecryptSession*ssl_session,
-    StringInfo* encrypted_pre_master, SSL_PRIVATE_KEY *pk);
-
 /** Try to decrypt an ssl record
  @param ssl ssl_session the store all the session data
  @param decoder the stream decoder to be used
@@ -579,7 +575,9 @@ ssl_get_data_info(int proto, packet_info *pinfo, gint key);
 
 /* initialize/reset per capture state data (ssl sessions cache) */
 extern void
-ssl_common_init(GHashTable **session_hash, StringInfo *decrypted_data, StringInfo *compressed_data);
+ssl_common_init(ssl_master_key_map_t *master_key_map,
+                StringInfo *decrypted_data, StringInfo *compressed_data,
+                const ssl_common_options_t *options);
 
 /* parse ssl related preferences (private keys and ports association strings) */
 extern void
@@ -589,18 +587,8 @@ ssl_parse_key_list(const ssldecrypt_assoc_t * uats, GHashTable *key_hash, GTree*
 extern void
 ssl_save_session(SslDecryptSession* ssl, GHashTable *session_hash);
 
-extern gboolean
-ssl_restore_session(SslDecryptSession* ssl, GHashTable *session_hash);
-
-extern void
-ssl_save_session_ticket(SslDecryptSession* ssl, GHashTable *session_hash);
-
-extern gboolean
-ssl_restore_session_ticket(SslDecryptSession* ssl, GHashTable *session_hash);
-
 extern void
-ssl_finalize_decryption(SslDecryptSession *ssl, GHashTable *session_hash,
-                        const char *keylog_filename);
+ssl_finalize_decryption(SslDecryptSession *ssl, ssl_master_key_map_t *mk_map);
 
 extern gboolean
 ssl_is_valid_content_type(guint8 type);
@@ -1351,11 +1339,6 @@ ssl_common_dissect_t name = {   \
     }
 /* }}} */
 
-typedef struct ssl_common_options {
-    const gchar        *psk;
-    const gchar        *keylog_filename;
-} ssl_common_options_t;
-
 extern void
 ssl_common_register_options(module_t *module, ssl_common_options_t *options);
author	Peter Wu <peter@lekensteyn.nl>	2014-07-19 11:06:25 +0200
committer	Michael Mann <mmann78@netscape.net>	2014-07-31 11:08:18 +0000
commit	7939d32ce29ad05548266cf8fd074b0b56fb7e37 (patch)
tree	11806d53517525e13e35c358c6547e4f21015745 /epan/dissectors/packet-ssl-utils.h
parent	a1032fa62e2c779c00cda3390598b84674ccdb88 (diff)