Wireshark-dev: [Wireshark-dev] Trying to decode a TLS 1.3 with null cipher
From: Ahmed Elsherbiny <sherboah@xxxxxxxxx>
Date: Fri, 1 May 2020 14:10:01 -0700
Hello,

I've written a dissector for a custom protocol. The dissector works well, and now I'm trying to run the protocol over TLS 1.3.

The cipher suite being used is TLS_SHA256_SHA256 (Code: 0xC0B4). This is a new cipher suite, it is used for integrity and has a null cipher (The payload is actually plaintext). It is still in draft form, here is the document that describes it: https://www.ietf.org/id/draft-camwinget-tls-ts13-macciphersuites-05.txt

Looking at the ServerHello packet, Wireshark shows the CipherSuite as Unknown (0xC0B4). Consequently, it does not provide a "Decrypted application data" tab and does not pass the data to my dissector.

This is what the TLS debug log shows:
For the ServerHelloMessage:
dissect_ssl enter frame #2 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000025F9CC7D780, ssl_session = 0000025F9CC7DEF0
  record: offset = 0, reported_length_remaining = 128
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 123, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 119 bytes, remaining 128
ssl_try_set_version found version 0x0304 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher can't find cipher suite 0xC0B4

ssl_load_keyfile dtls/tls.keylog_file is not configured!
tls13_load_secret transitioning to new key, old state 0x93
tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
tls13_load_secret transitioning to new key, old state 0x93
tls13_load_secret Cannot find SERVER_HANDSHAKE_TRAFFIC_SECRET, decryption impossible

For the Application Message:  
dissect_ssl enter frame #3 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000025F9CC7D780, ssl_session = 0000025F9CC7DEF0
  record: offset = 0, reported_length_remaining = 44
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 39, ssl state 0x93
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available

I tried adding the cipher-suite to packet-tls-utils.c and recompiling Wireshark. This is the line that I added, since the document says that Diffie-Helman is the only key exchange that can be used. I'm not completely sure that I'm using the correct macros - I don't fully understand TLS.

{0xC0B4, KEX_DH_ANON, ENC_NULL, DIG_SHA256, MODE_GCM }

After recompiling Wireshark with this line added, this is what I get:
For the ServerHelloMessage:  
dissect_ssl enter frame #2 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000018ED3796780, ssl_session = 0000018ED3796EF0
  record: offset = 0, reported_length_remaining = 128
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 123, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 119 bytes, remaining 128
ssl_try_set_version found version 0x0304 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0xC0B4 unknown -> state 0x97
ssl_load_keyfile dtls/tls.keylog_file is not configured!
tls13_load_secret transitioning to new key, old state 0x97
tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
tls13_load_secret transitioning to new key, old state 0x97
tls13_load_secret Cannot find SERVER_HANDSHAKE_TRAFFIC_SECRET, decryption impossible

For the Application Message:    
dissect_ssl enter frame #3 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000018ED3796780, ssl_session = 0000018ED3796EF0
  record: offset = 0, reported_length_remaining = 44
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 39, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available

Notice the highlighted text. The message changed from "Can't find cipher suite" to "found CIPHER 0xC0B4 unknown". So I might be doing something right here. But it seems to still expect a key. I should be able to proceed without keys, since this particular cipher-suite does not encrypt the payload.

Appreciate if someone could help me figure this out. Thanks in advance!

Regards,
Ahmed ElSherbiny