diff options
author | Peter Wu <peter@lekensteyn.nl> | 2019-01-17 17:52:52 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2019-01-17 21:33:25 +0000 |
commit | cbe7f26a86c2d24e3525bdea9faa3b2b307d8c95 (patch) | |
tree | ae40757d75a0e9a86246bbc6cea73fbd406c1525 /test | |
parent | cda1a591e9a835f626aacc0843a71bc6f25ce13b (diff) |
DTLS: add DSB support, use the key log file from the TLS dissector
The DTLS and TLS dissectors already share code for parsing the key log
file contents but the actual key material was stored separately. As
implementations (like GnuTLS) write the TLS and DTLS secrets to the same
file (specified by the SSLKEYLOGFILE environment variable), it seems
reasonable to combine them.
This also enables use of the pcapng Decryption Secrets Block for
decryption of DTLS traces. The dtls.keylog_file preference has become
obsolete and can no longer be used (this was not tested anyway).
A new test was added based on dtls12-aes128ccm8.pcap, the master secret
was extracted using the tls.debug_file preference.
Bug: 15252
Change-Id: Idfd52c251da966fe111dea37bc3fb143d968f744
Reviewed-on: https://code.wireshark.org/review/31577
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'test')
-rw-r--r-- | test/captures/dtls12-aes128ccm8-dsb.pcapng | bin | 0 -> 2044 bytes | |||
-rw-r--r-- | test/suite_decryption.py | 10 |
2 files changed, 10 insertions, 0 deletions
diff --git a/test/captures/dtls12-aes128ccm8-dsb.pcapng b/test/captures/dtls12-aes128ccm8-dsb.pcapng Binary files differnew file mode 100644 index 0000000000..9a9bf4e519 --- /dev/null +++ b/test/captures/dtls12-aes128ccm8-dsb.pcapng diff --git a/test/suite_decryption.py b/test/suite_decryption.py index 1cbdaf33bb..a282069d7e 100644 --- a/test/suite_decryption.py +++ b/test/suite_decryption.py @@ -107,6 +107,16 @@ class case_decrypt_dtls(subprocesstest.SubprocessTestCase): wfm_count = self.countOutput('Works for me!.') self.assertTrue(dt_count == 7 and wfm_count == 2) + def test_dtls_dsb_aes128ccm8(self, cmd_tshark, capture_file): + '''DTLS 1.2 with master secrets in a pcapng Decryption Secrets Block.''' + self.assertRun((cmd_tshark, + '-r', capture_file('dtls12-aes128ccm8-dsb.pcapng'), + '-x' + )) + dt_count = self.countOutput('Decrypted DTLS') + wfm_count = self.countOutput('Works for me!.') + self.assertTrue(dt_count == 7 and wfm_count == 2) + def test_dtls_udt(self, cmd_tshark, dirs, capture_file, features): '''UDT over DTLS 1.2 with RSA key''' if not features.have_gnutls: |