diff options
-rw-r--r-- | epan/dissectors/packet-quic.c | 11 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.c | 46 | ||||
-rw-r--r-- | epan/dissectors/packet-ssl-utils.h | 8 |
3 files changed, 33 insertions, 32 deletions
diff --git a/epan/dissectors/packet-quic.c b/epan/dissectors/packet-quic.c index 2416fd78e0..152d266a0b 100644 --- a/epan/dissectors/packet-quic.c +++ b/epan/dissectors/packet-quic.c @@ -588,8 +588,6 @@ dissect_quic_frame_type(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *quic_ } #endif /* HAVE_LIBGCRYPT_AEAD */ -/* TLS 1.3 draft used by the draft-ietf-quic-tls-07 */ -#define QUIC_TLS13_VERSION 21 #define QUIC_LONG_HEADER_LENGTH 17 #ifdef HAVE_LIBGCRYPT_AEAD @@ -719,13 +717,13 @@ quic_derive_cleartext_secrets(guint64 cid, label_prefix = "tls13 "; - if (!tls13_hkdf_expand_label_common(GCRY_MD_SHA256, &secret, label_prefix, client_label, + if (!tls13_hkdf_expand_label(GCRY_MD_SHA256, &secret, label_prefix, client_label, HASH_SHA2_256_LENGTH, client_cleartext_secret)) { *error = "Key expansion (client) failed"; return FALSE; } - if (!tls13_hkdf_expand_label_common(GCRY_MD_SHA256, &secret, label_prefix, server_label, + if (!tls13_hkdf_expand_label(GCRY_MD_SHA256, &secret, label_prefix, server_label, HASH_SHA2_256_LENGTH, server_cleartext_secret)) { wmem_free(NULL, *client_cleartext_secret); *client_cleartext_secret = NULL; @@ -743,6 +741,7 @@ quic_create_cleartext_decoders(guint64 cid, const gchar **error, quic_info_data_ tls13_cipher *client_cipher, *server_cipher; StringInfo client_secret = { NULL, HASH_SHA2_256_LENGTH }; StringInfo server_secret = { NULL, HASH_SHA2_256_LENGTH }; + const char *hkdf_label_prefix = "tls13 "; /* TODO extract from packet/conversation */ if (!quic_derive_cleartext_secrets(cid, &client_secret.data, &server_secret.data, quic_info, error)) { @@ -751,8 +750,8 @@ quic_create_cleartext_decoders(guint64 cid, const gchar **error, quic_info_data_ } /* Cleartext packets are protected with AEAD_AES_128_GCM */ - client_cipher = tls13_cipher_create(QUIC_TLS13_VERSION, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, GCRY_MD_SHA256, &client_secret, error); - server_cipher = tls13_cipher_create(QUIC_TLS13_VERSION, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, GCRY_MD_SHA256, &server_secret, error); + client_cipher = tls13_cipher_create(hkdf_label_prefix, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, GCRY_MD_SHA256, &client_secret, error); + server_cipher = tls13_cipher_create(hkdf_label_prefix, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_GCM, GCRY_MD_SHA256, &server_secret, error); wmem_free(NULL, client_secret.data); wmem_free(NULL, server_secret.data); diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c index 904e3ea898..803704e8a3 100644 --- a/epan/dissectors/packet-ssl-utils.c +++ b/epan/dissectors/packet-ssl-utils.c @@ -2743,12 +2743,26 @@ static gint tls12_handshake_hash(SslDecryptSession* ssl, gint md, StringInfo* ou return 0; } +/** + * Obtains the label prefix used in HKDF-Expand-Label. This function can be + * inlined and removed once support for draft 19 and before is dropped. + */ +static inline const char * +tls13_hkdf_label_prefix(guint8 tls13_draft_version) +{ + if (tls13_draft_version && tls13_draft_version < 20) { + return "TLS 1.3, "; + } else { + return "tls13 "; + } +} + /* * Computes HKDF-Expand-Label(Secret, Label, "", Length) with a custom label * prefix. */ gboolean -tls13_hkdf_expand_label_common(int md, const StringInfo *secret, +tls13_hkdf_expand_label(int md, const StringInfo *secret, const char *label_prefix, const char *label, guint16 out_len, guchar **out) { @@ -2797,20 +2811,6 @@ tls13_hkdf_expand_label_common(int md, const StringInfo *secret, return TRUE; } - -static gboolean -tls13_hkdf_expand_label(guchar draft_version, - int md, const StringInfo *secret, const char *label, - guint16 out_len, guchar **out) -{ - if (draft_version && draft_version < 20) { - /* Draft -19 and before use a different prefix. - * TODO remove this once implementations are updated for D20. */ - return tls13_hkdf_expand_label_common(md, secret, "TLS 1.3, ", label, out_len, out); - } else { - return tls13_hkdf_expand_label_common(md, secret, "tls13 ", label, out_len, out); - } -} /* HMAC and the Pseudorandom function }}} */ /* Record Decompression (after decryption) {{{ */ @@ -3007,7 +3007,7 @@ tls13_cipher_destroy_cb(wmem_allocator_t *allocator _U_, wmem_cb_event_t event _ } tls13_cipher * -tls13_cipher_create(guint8 tls13_draft_version, int cipher_algo, int cipher_mode, int hash_algo, const StringInfo *secret, const gchar **error) +tls13_cipher_create(const char *label_prefix, int cipher_algo, int cipher_mode, int hash_algo, const StringInfo *secret, const gchar **error) { tls13_cipher *cipher = NULL; guchar *write_key = NULL, *write_iv = NULL; @@ -3022,11 +3022,11 @@ tls13_cipher_create(guint8 tls13_draft_version, int cipher_algo, int cipher_mode key_length = (guint) gcry_cipher_get_algo_keylen(cipher_algo); iv_length = TLS13_AEAD_NONCE_LENGTH; - if (!tls13_hkdf_expand_label(tls13_draft_version, hash_algo, secret, "key", key_length, &write_key)) { + if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "key", key_length, &write_key)) { *error = "Key expansion (key) failed"; return NULL; } - if (!tls13_hkdf_expand_label(tls13_draft_version, hash_algo, secret, "iv", iv_length, &write_iv)) { + if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "iv", iv_length, &write_iv)) { *error = "Key expansion (IV) failed"; goto end; } @@ -3577,11 +3577,12 @@ tls13_generate_keys(SslDecryptSession *ssl_session, const StringInfo *secret, gb iv_length = 12; ssl_debug_printf("%s key_length %u iv_length %u\n", G_STRFUNC, key_length, iv_length); - if (!tls13_hkdf_expand_label(ssl_session->session.tls13_draft_version, hash_algo, secret, "key", key_length, &write_key)) { + const char *label_prefix = tls13_hkdf_label_prefix(ssl_session->session.tls13_draft_version); + if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "key", key_length, &write_key)) { ssl_debug_printf("%s write_key expansion failed\n", G_STRFUNC); return FALSE; } - if (!tls13_hkdf_expand_label(ssl_session->session.tls13_draft_version, hash_algo, secret, "iv", iv_length, &write_iv)) { + if (!tls13_hkdf_expand_label(hash_algo, secret, label_prefix, "iv", iv_length, &write_iv)) { ssl_debug_printf("%s write_iv expansion failed\n", G_STRFUNC); goto end; } @@ -5056,8 +5057,9 @@ tls13_key_update(SslDecryptSession *ssl, gboolean is_from_server) int hash_algo = ssl_get_digest_by_name(hash_name); const guint hash_len = app_secret->data_len; guchar *new_secret; - if (!tls13_hkdf_expand_label(ssl->session.tls13_draft_version, - hash_algo, app_secret, "application traffic secret", + if (!tls13_hkdf_expand_label(hash_algo, app_secret, + tls13_hkdf_label_prefix(ssl->session.tls13_draft_version), + "application traffic secret", hash_len, &new_secret)) { ssl_debug_printf("%s traffic_secret_N+1 expansion failed\n", G_STRFUNC); return; diff --git a/epan/dissectors/packet-ssl-utils.h b/epan/dissectors/packet-ssl-utils.h index 536c4c9fc0..a441862b04 100644 --- a/epan/dissectors/packet-ssl-utils.h +++ b/epan/dissectors/packet-ssl-utils.h @@ -632,7 +632,7 @@ ssl_decrypt_record(SslDecryptSession *ssl, SslDecoder *decoder, guint8 ct, guint * and mode are Libgcrypt identifiers. */ tls13_cipher * -tls13_cipher_create(guint8 tls13_draft_version, int cipher_algo, int cipher_mode, int hash_algo, const StringInfo *secret, const gchar **error); +tls13_cipher_create(const char *label_prefix, int cipher_algo, int cipher_mode, int hash_algo, const StringInfo *secret, const gchar **error); /* Common part bitween SSL and DTLS dissectors */ @@ -1073,9 +1073,9 @@ tls_dissect_sct_list(ssl_common_dissect_t *hf, tvbuff_t *tvb, packet_info *pinfo guint32 offset, guint32 offset_end, guint16 version); extern gboolean -tls13_hkdf_expand_label_common(int md, const StringInfo *secret, - const char *label_prefix, const char *label, - guint16 out_len, guchar **out); +tls13_hkdf_expand_label(int md, const StringInfo *secret, + const char *label_prefix, const char *label, + guint16 out_len, guchar **out); /* {{{ */ #define SSL_COMMON_LIST_T(name) \ |