From 94b211977acebf6730a07275554430e640a5679c Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Tue, 21 May 2019 18:06:49 +0100
Subject: Add support for embedding WireGuard keys in a pcapng file

pcapng spec update is here: https://github.com/pcapng/pcapng/pull/62

Bug: 15571
Change-Id: I2f1921b1da70ac0bab8c38dd5138a9dfe7843fea
Reviewed-on: https://code.wireshark.org/review/33300
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 test/captures/wireguard-ping-tcp-dsb.pcapng | Bin 0 -> 5912 bytes
 test/suite_decryption.py                    |  25 +++++++++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 test/captures/wireguard-ping-tcp-dsb.pcapng

(limited to 'test')

diff --git a/test/captures/wireguard-ping-tcp-dsb.pcapng b/test/captures/wireguard-ping-tcp-dsb.pcapng
new file mode 100644
index 0000000000..d15790f395
Binary files /dev/null and b/test/captures/wireguard-ping-tcp-dsb.pcapng differ
diff --git a/test/suite_decryption.py b/test/suite_decryption.py
index 68f189588a..06cca6367e 100644
--- a/test/suite_decryption.py
+++ b/test/suite_decryption.py
@@ -723,6 +723,31 @@ class case_decrypt_wireguard(subprocesstest.SubprocessTestCase):
         self.assertIn('17\t\t\t\t\t\t443', lines)
         self.assertIn('18\t\t\t\t\t\t49472', lines)
 
+    def test_decrypt_wg_full_initiator_dsb(self, run_wireguard_test):
+        """
+        Similar to test_decrypt_full_initiator, but using decryption keys
+        embedded in the pcapng file. The embedded secrets do not contain leading
+        spaces nor spaces around the '=' character.
+        """
+        lines = run_wireguard_test(self, [
+            '-Tfields',
+            '-e', 'frame.number',
+            '-e', 'wg.ephemeral.known_privkey',
+            '-e', 'wg.static',
+            '-e', 'wg.timestamp.nanoseconds',
+            '-e', 'wg.handshake_ok',
+            '-e', 'icmp.type',
+            '-e', 'tcp.dstport',
+        ], pcap_file='wireguard-ping-tcp-dsb.pcapng')
+        self.assertIn('1\t1\t%s\t%s\t\t\t' % (self.key_Spub_i, '356537872'), lines)
+        self.assertIn('2\t0\t\t\t1\t\t', lines)
+        self.assertIn('3\t\t\t\t\t8\t', lines)
+        self.assertIn('4\t\t\t\t\t0\t', lines)
+        self.assertIn('13\t1\t%s\t%s\t\t\t' % (self.key_Spub_i, '490514356'), lines)
+        self.assertIn('14\t0\t\t\t1\t\t', lines)
+        self.assertIn('17\t\t\t\t\t\t443', lines)
+        self.assertIn('18\t\t\t\t\t\t49472', lines)
+
     def test_decrypt_full_responder(self, run_wireguard_test):
         """Check for full handshake decryption using responder secrets."""
         lines = run_wireguard_test(self, [
-- 
cgit v1.2.3