Wireshark-commits: [Wireshark-commits] master 2fd4204: QUIC: implement decryption using new traffic
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2fd42045f5afb556a03d8a1090f3278c77798766
Submitter: "Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
2fd4204 by Peter Wu (peter@xxxxxxxxxxxxx):
QUIC: implement decryption using new traffic secrets (draft -13)
QUIC draft -12 and before used the TLS Exporter to derive the protected
payload secrets. Starting with draft -13, the handshake and 1-RTT
protected payloads use keys derived during the TLS 1.3 handshake (but
with the "quic " label for HKDF-Expand-Label instead of "tls13 ").
That unfortunately means that previous CLIENT_HANDSHAKE_TRAFFIC_SECRET,
SERVER_TRAFFIC_SECRET_0, etc. are unusable. As a quick workaround,
extend the key log format with new labels similar to the old one (but
with "QUIC_" prepended to it).
To match draft -13, rename the original "handshake cipher/secret" to
"initial cipher/secret" and add a new "handshake cipher".
Potential limitation: if the client/server addresses/ports change since
the Initial Packet, then a new TLS session is created in the TLS
dissector. Attempting to retrieve secrets after the change will fail
since the Client Random is empty and the secret cannot be linked.
Another more common limitation: (Certificate) handshake messages that
span multiple CRYPTO frames are not correctly recognized.
Change-Id: I2932c3cc851fae51e8becf859db53ccc5f4beeda
Ping-Bug: 13881
Reviewed-on: https://code.wireshark.org/review/29677
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Actions performed:
from 9de95b8 packet-rsl: Fix dissection of "CB Command Type" IE
add 2fd4204 QUIC: implement decryption using new traffic secrets (draft -13)
Summary of changes:
epan/dissectors/packet-quic.c | 122 ++++++++++++++++++++++++++++---------
epan/dissectors/packet-ssl-utils.c | 27 ++++++++
epan/dissectors/packet-ssl-utils.h | 7 +++
epan/dissectors/packet-ssl.c | 78 ++++++++++++++++++++++++
epan/dissectors/packet-ssl.h | 3 +
5 files changed, 208 insertions(+), 29 deletions(-)