diff options
author | Peter Wu <peter@lekensteyn.nl> | 2015-07-09 16:36:49 +0200 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2015-07-15 21:31:44 +0000 |
commit | 85f8a99f354850d5fbf774b04e9721195614d7d8 (patch) | |
tree | 46b79058b029ab5bb3ba90af143e2fbf37e55fb8 /test | |
parent | 79be8312da5f572664e8a56d6e98d92dc34fdc95 (diff) |
ssl-utils: fix failing decryption for some RSA keys
Reported at
https://ask.wireshark.org/questions/43788/struggling-to-decrypt-ssl
"u" requirement is documented at
https://www.gnupg.org/documentation/manuals/gcrypt/RSA-key-parameters.html#RSA-key-parameters
Add regression test (key is generated manually with p and q swapped and
qInv recalculated).
Change-Id: I5505ddcdb54bb47d7a58867b8c3e53fcc0f66dde
Reviewed-on: https://code.wireshark.org/review/9573
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'test')
-rw-r--r-- | test/captures/rsa-p-lt-q.pcap | bin | 0 -> 2111 bytes | |||
-rw-r--r-- | test/keys/rsa-p-lt-q.key | 15 | ||||
-rwxr-xr-x | test/suite-decryption.sh | 16 |
3 files changed, 31 insertions, 0 deletions
diff --git a/test/captures/rsa-p-lt-q.pcap b/test/captures/rsa-p-lt-q.pcap Binary files differnew file mode 100644 index 0000000000..2d2a33fff7 --- /dev/null +++ b/test/captures/rsa-p-lt-q.pcap diff --git a/test/keys/rsa-p-lt-q.key b/test/keys/rsa-p-lt-q.key new file mode 100644 index 0000000000..8fdfa85e7b --- /dev/null +++ b/test/keys/rsa-p-lt-q.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDhP+fIyQK5qfcXejONrbSZPrW8xuVOO6R34/cBVTKDz1D+f/TH +5fTxgZuxnZxsVv//cEK6YRI66q8MmrLejgTucm9Q6LSwJfBXnDenicUkzDz0tdPA +Ng+dpF3WaIRYJ/Dow4Yt8EdPS+NrwtcO4TyThyCLsz28sC2roagex/zmswIDAQAB +AoGBAIBJ82tKAQFZql92vBH/UxLMwpln9oXeNkgKUE40BfdIhmrM2c9YS2+ZT+GT +UNnrmxYTDA425zkjHNvi5+kVnfxW9TsvJmJF2MDx/mtjx8GtMkOiFrqkYGdPRIoz +vg8UZZPKZ+YQY+2AvIFPYSHHvzwJMc+dBUushD091O8aLifRAkEA5tgQKCWrCQTi +qWEx2zzeH4WfZuQ1eufp77vWYG8XkRX6wW2Eb2vSl/avxNN7Ej5KBBB1dtSmAjGM +9oNBYqaqlwJBAPnLxjc9rqc8F/E8uVikd9tzRxFUjHqxG2wEIpGpnAmJ0eb3Xids +NzjGDVkzkKzRPfkZN4H2jAscKhEdZXlv9EUCQCMzy7Lzm5NyhUYjJkEylQTlkZtV +LbqiZxBB6r0l88gSO/0HQGzlWmYGHmO7hEcR7KOWBvOqFe67s61b8rqig90CQB+H +aO1wC6twGlWIpJxbpgU896toUJLr59oqa3KXRequSqAseOXg8tdnqCeqKoiloHzg +gfEVfXephmXCoBxD1UECQCxYuPVRq6sl+UgnH0unPl4F/1biRkunhcYaVx6JQBtz +tRZm0DCietfGzhrfI2IxmEdGzOSoHbA18HLtOqzgwSA= +-----END RSA PRIVATE KEY----- diff --git a/test/suite-decryption.sh b/test/suite-decryption.sh index 3a494c97db..a6c5857c1d 100755 --- a/test/suite-decryption.sh +++ b/test/suite-decryption.sh @@ -119,6 +119,21 @@ decryption_step_ssl() { test_step_ok } +# SSL, using the server's private key with p < q +# (test whether libgcrypt is correctly called) +decryption_step_ssl_rsa_pq() { + $TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS -Tfields -e http.request.uri \ + -o ssl.keys_list:"0.0.0.0,443,http,${TEST_KEYS_DIR//\\/\\\\x5c}/rsa-p-lt-q.key" \ + -r "$CAPTURE_DIR/rsa-p-lt-q.pcap" -Y http \ + | grep / > /dev/null 2>&1 + RETURNVALUE=$? + if [ ! $RETURNVALUE -eq $EXIT_OK ]; then + test_step_failed "Failed to decrypt SSL using the server's RSA private key" + return + fi + test_step_ok +} + # SSL, using the server's private key with password decryption_step_ssl_with_password() { $TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS -Tfields -e http.request.uri \ @@ -246,6 +261,7 @@ tshark_decryption_suite() { test_step_add "IEEE 802.11 WPA EAP Decryption" decryption_step_80211_wpa_eap test_step_add "DTLS Decryption" decryption_step_dtls test_step_add "SSL Decryption (private key)" decryption_step_ssl + test_step_add "SSL Decryption (RSA private key with p smaller than q)" decryption_step_ssl_rsa_pq test_step_add "SSL Decryption (private key with password)" decryption_step_ssl_with_password test_step_add "SSL Decryption (master secret)" decryption_step_ssl_master_secret test_step_add "ZigBee Decryption" decryption_step_zigbee |