Wireshark-bugs: [Wireshark-bugs] [Bug 10783] Add Decryption support for Lwmesh
Date: Sun, 09 Aug 2015 13:04:27 +0000

Comment # 19 on bug 10783 from
I had a quick look over the patch, it looks a lot better to me now (didn't test
it, though). It seems most of my previous comments have been addressed, but I
think these three were not yet fixed. Could you comment on them?

 - If the encryption key does not have the right format, there is no real
feedback about it. I've been doing some trial-and-error to find out that
colon-separated hex-bytes is the way to go. If the format is wrong (e.g.
without the colons) or the key is too short, it only shows "key missing" or
something similar.

 - The code opens and closes a new gcrypt object for each 16-byte block being
decrypted. I don't know gcrypt, but I would not expect that to be needed (I
even wonder if gcrypt cannot handle the 16-byte chunking and cipher feedback
chaining method used already? Seems it does:
https://www.gnupg.org/documentation/manuals/gcrypt/Available-cipher-modes.html
though perhaps that doesn't allow also calculating the MIC?).

- The code currently only dissects un-encrypted command packets, but I think it
should also try to dissect succesfully decrypted command packets as well?
Non-command packets are shown only as a hex dump in the treeview, it would be
useful if you could somehow also see the ASCII interpretation of those bytes
(not sure how to approach that, though).


You are receiving this mail because:
  • You are watching all bug changes.