diff options
author | Peter Wu <peter@lekensteyn.nl> | 2017-02-07 16:15:01 +0100 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2017-02-07 18:38:46 +0000 |
commit | f958dd5acecda5a9f38500687718dce3ece26ed4 (patch) | |
tree | ce209c4ade6c7dcd65b6dda9ed4f53b9c70b8582 /epan/dissectors/packet-ssl-utils.h | |
parent | 6d08a0e4c7f2c4c9ec10bca8a3d02c9442e5f8d9 (diff) |
TLS13: support Early Data and accept CLIENT_EARLY_TRAFFIC_SECRET
Update "early_data" extension to draft 18 (context field is gone).
Add support for "client_early_traffic_secret" to the keylog.
Support decryption of 0-RTT data (required handling cipher in Client
Hello and handling of "end_of_early_data" alert).
Tested with tls13-18-picotls-earlydata.pcap, early data decrypts
correctly. (The server data is messed up, but that is possibly the
result of broken NewSessionTicket handling which throws a dissector
exception and thus breaks the record sequence number.)
Ping-Bug: 12779
Change-Id: I9e6aeeb08111d5d977f2c0ab855f14d6d86ca87d
Reviewed-on: https://code.wireshark.org/review/19989
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'epan/dissectors/packet-ssl-utils.h')
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 1a6f9e2c31..8ba3f1c451 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -431,6 +431,7 @@ typedef struct _SslDecryptSession { StringInfo psk; StringInfo app_data_segment; SslSession session; + gboolean has_early_data; } SslDecryptSession; @@ -458,6 +459,7 @@ typedef struct { GHashTable *pms; /* Client Random to unencrypted pre-master secret */ /* For TLS 1.3: maps Client Random to derived secret. */ + GHashTable *tls13_client_early; GHashTable *tls13_client_handshake; GHashTable *tls13_server_handshake; GHashTable *tls13_client_appdata; @@ -702,7 +704,6 @@ typedef struct ssl_common_dissect { gint hs_ext_psk_binders_length; gint hs_ext_psk_binders; gint hs_ext_psk_identity_selected; - gint hs_ext_early_data_obfuscated_ticket_age; gint hs_ext_supported_versions_len; gint hs_ext_supported_versions; gint hs_ext_cookie_len; @@ -958,7 +959,7 @@ ssl_common_dissect_t name = { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ - -1, -1, -1, -1, -1, -1, -1, -1, -1, \ + -1, -1, -1, -1, -1, -1, -1, -1, \ }, \ /* ett */ { \ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, \ @@ -1122,11 +1123,6 @@ ssl_common_dissect_t name = { \ FT_UINT16, BASE_DEC, NULL, 0x0, \ NULL, HFILL } \ }, \ - { & name .hf.hs_ext_early_data_obfuscated_ticket_age, \ - { "Obfuscated ticket age", prefix ".handshake.extensions.early_data.obfuscated_ticket_age", \ - FT_UINT32, BASE_DEC, NULL, 0x0, \ - "The time since the client learned about the server configuration that it is using, in milliseconds", HFILL } \ - }, \ { & name .hf.hs_ext_supported_versions_len, \ { "Supported Versions length", prefix ".handshake.extensions.supported_versions_len", \ FT_UINT8, BASE_DEC, NULL, 0x0, \ |