Wireshark-bugs: [Wireshark-bugs] [Bug 9499] DTLS: add decrypt support for TLS_PSK_WITH_AES_128_C
Comment # 18
on bug 9499
from Hauke Mehrtens
(In reply to comment #13)
> (In reply to comment #12)
> > (In reply to comment #8)
> > [..]
> >
> > Yes CCM is an authenticating cipher, it builds its own mac with aes. The
> > last 8 or 16 bytes are the MAC, over the encrypted data itself and some
> > additional data. It is not checked by wireshark.
>
> Then I would suggest to add a DIG_NA (Not Applicable) macro and use that
> instead
> of some arbitrary, unrelated digest.
I added this in the last patch
> > There was a problem in the patch it used AES128 when it should use AES256,
> > this was fixed and I was able to decrypt your trace and some traces I
> > generated with cyassl.
>
> Great, confirmed working!
Nice to hear that.
> Some minor comments:
>
> - There is a line with white space only in packet-ssl-utils.c (before `if
> (ssl_session->cipher_suite.kex == KEX_PSK)`)
Fixed there and in one more place.
> - I think you had too much beer here: "ssl_generate_pre_master_serect"
> (should be "secret" ;))
Fixed, it was too late in the night.
> Besides that, you can consider the dtls PSK patch reviewed. Although the
> diff looks large, most of them come from re-indentation and changing
> whitespace. Where necessary, "break" has been replaced by "return" and some
> redundant code has been removed from the DTLS code.
>
> For the CCM patch (packet-ssl-utils.h), the "16 Bit Auth" should be "8 byte
> auth tag". Personally, I would abbreviate it to: AEAD_AES_{128,256}_CCM too,
> but I leave that up to you. With the DIG_NA comment noted above, you can
> also consider this reviewed.
I changed this.
I removed the patch converting the SSL Cipher list from decimal to hex, I will
work on your script and make it generate this list automatically and send a
patch later.
You are receiving this mail because:
- You are watching all bug changes.