Wireshark-dev: Re: [Wireshark-dev] Trying to decode a TLS 1.3 with null cipher
From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Sun, 3 May 2020 00:20:13 +0200
Hi Ahmed,

I have posted a patch at https://code.wireshark.org/review/37034 which
should allow you to see the plaintext. However there is a big open
question about the draft specification. Can you share some more details
on your implementation, in particular which TLS library do you use?

Without more answers, this patch will not be merged.

Kind regards,
Peter

On Sat, May 02, 2020 at 10:55:07AM -0700, Ahmed Elsherbiny wrote:
> Wow this is great news, thank you Peter!
> 
> Regards,
> Ahmed
> 
> On Sat, May 2, 2020 at 10:21 AM Peter Wu <peter@xxxxxxxxxxxxx> wrote:
> 
> > Hi Ahmed,
> >
> > On Fri, May 01, 2020 at 02:10:01PM -0700, Ahmed Elsherbiny wrote:
> > > Hello,
> > >
> > > I've written a dissector for a custom protocol. The dissector works well,
> > > and now I'm trying to run the protocol over TLS 1.3.
> > >
> > > The cipher suite being used is TLS_SHA256_SHA256 (Code: 0xC0B4). This is
> > a
> > > new cipher suite, it is used for integrity and has a null cipher (The
> > > payload is actually plaintext). It is still in draft form, here is the
> > > document that describes it:
> > > https://www.ietf.org/id/draft-camwinget-tls-ts13-macciphersuites-05.txt
> > >
> > > Looking at the ServerHello packet, Wireshark shows the CipherSuite as
> > > Unknown (0xC0B4). Consequently, it does not provide a "Decrypted
> > > application data" tab and does not pass the data to my dissector.
> >
> > The new cipher name was added in the development build via commit
> > v3.3.0rc0-513-g3e2a837cc0 (https://code.wireshark.org/review/36052). It
> > is not present in the stable build yet.
> >
> > > This is what the TLS debug log shows:
> > [..]
> > > I tried adding the cipher-suite to packet-tls-utils.c and recompiling
> > > Wireshark. This is the line that I added, since the document says that
> > > Diffie-Helman is the only key exchange that can be used. I'm not
> > completely
> > > sure that I'm using the correct macros - I don't fully understand TLS.
> > >
> > > {0xC0B4, KEX_DH_ANON, ENC_NULL, DIG_SHA256, MODE_GCM }
> >
> > This is not correct, TLS 1.3 has a different key exchange (KEX_TLS13)
> > and more changes are needed to ensure that existing TLS 1.3 ciphers do
> > not break while adding support for this new cipher.
> >
> > I've created a test samples for the two ciphers and posted these at
> > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16543
> >
> > I hope to have a patch available tomorrow.
> > --
> > Kind regards,
> > Peter Wu
> > https://lekensteyn.nl