Wireshark-bugs: [Wireshark-bugs] [Bug 9499] DTLS: add decrypt support for TLS_PSK_WITH_AES_128_C
Date: Thu, 05 Dec 2013 00:50:29 +0000

Comment # 12 on bug 9499 from
(In reply to comment #8)
> Created attachment 12216 [details]
> AES256_CCM_8 and AES256_CBC_SHA capture (dump.pcapng.gz)
> 
> (In reply to comment #7)
> > (In reply to comment #6)
> > [..]
> > > https://git.lekensteyn.nl/peter/wireshark-notes/tree/generate-wireshark-cs
> > 
> > Nice script I will have a look at it. I did the changes manually, is there
> > some documentation I am missing which references this script?
> 
> It is mentioned at http://wiki.wireshark.org/SSL (Testing SSL / adding new
> cipher suites). Example usage (using suites.txt in the same repo):
> 
>     grep -vE 'SRP|ARIA|PSK|KRB' suites.txt | ./generate-wireshark-cs
> 
> I noticed that CCM does not have a HMAC included, is that correct?

Yes CCM is an authenticating cipher, it builds its own mac with aes. The last 8
or 16 bytes are the MAC, over the encrypted data itself and some additional
data. It is not checked by wireshark.

> Attached is a capture generated with CyaSSL (patched to output the
> pre-master secret). (See
> https://git.lekensteyn.nl/peter/wireshark-notes/commit/
> ?id=befe0f77dd2246e437e61cefb861bf9a6d4ff82b for the patch and instruction
> to generate your own capture).
> 
> The AES-CCM-8 cipher suite does not get decrypted properly (the nonce is
> likely invalid) while the AES256_CBC_SHA one is fine (to rule out mistakes
> in the cyassl patch). Premaster is following in the next attachment.

There was a problem in the patch it used AES128 when it should use AES256, this
was fixed and I was able to decrypt your trace and some traces I generated with
cyassl.


You are receiving this mail because:
  • You are watching all bug changes.