decrypt_crypto: Support QUIC v2

Attempt to refactor in order to re-use common code between the two versions.
zeek · Jan 4, 2024 · 00170c6 · 00170c6
1 parent 6a7b6c1
commit 00170c6
Show file tree

Hide file tree

Showing 2 changed files with 216 additions and 141 deletions.
diff --git a/analyzer/QUIC.spicy b/analyzer/QUIC.spicy
@@ -8,6 +8,7 @@ import zeek;
 
 # The interface to the C++ code that handles the decryption of the INITIAL packet payload using well-known keys
 public function decrypt_crypto_payload(
+  version: uint32,
   all_data: bytes,
   connection_id: bytes,
   encrypted_offset: uint64,
@@ -430,6 +431,7 @@ type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
       # This means that here, we can try to decrypt the initial packet!
       # All data is accessible via the `long_header` unit
       self.decrypted_data = decrypt_crypto_payload(
+        self.long_header.version,
         self.all_data,
         self.long_header.dest_conn_id,
         self.long_header.encrypted_offset,
@@ -449,6 +451,7 @@ type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
       # Assuming that the client set up the connection, this can be considered the first
       # received Initial from the client. So disable change of ConnectionID's afterwards
       self.decrypted_data = decrypt_crypto_payload(
+        self.long_header.version,
         self.all_data,
         context.initial_destination_conn_id,
         self.long_header.encrypted_offset,