URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8f3ebb4ea33ce427a76d444340c1a03a5d0a84c8
Submitter: Alexis La Goutte (alexis.lagoutte@xxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
8f3ebb4 by Peter Wu (peter@xxxxxxxxxxxxx):
TLS13: implement trial decryption for early data
Rather than relying on the advertised ciphers in the Client Hello (which
might not match the early data cipher), try all TLS 1.3 ciphers when the
0rtt secret is available.
Whenever the client advertises the "early_data" extension, we will try
to decrypt it when keys are available. This is tried before decrypting
normal handshake/application data because a server might reject early
data and then no End Of Early Data (EOED) message is available. Care is
taken to decrypt as much 0RTT data as possible, only when when EOED is
seen *or* when 0RTT decryption fails, then it will switch to HS secrets.
Requires at least Libgcrypt 1.6 for verifying the auth tags, otherwise
it cannot recognize whether the "decrypted" result is correct.
Since the negotiated draft version is not known during Client Hello,
rely on heuristics to guess the actual draft. This is relevant since the
key expansion changed in draft 20. (Test with comment 56 in bug 12779.)
Change-Id: Ied3f2b4b9f38d1280a6158c3a3aff8296c035fc3
Ping-Bug: 12779
Bug: 14308
Reviewed-on: https://code.wireshark.org/review/26445
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Actions performed:
from ab40224 (D)TLS: restrict ssl.ignore_ssl_mac_failed preference to ssl
adds 8f3ebb4 TLS13: implement trial decryption for early data
Summary of changes:
epan/dissectors/packet-ssl-utils.c | 25 ++++----
epan/dissectors/packet-ssl-utils.h | 1 +
epan/dissectors/packet-ssl.c | 113 +++++++++++++++++++++++++++++++++++--
3 files changed, 124 insertions(+), 15 deletions(-)