Wireshark-bugs: [Wireshark-bugs] [Bug 6277] New: TLS Diffie-Hellman key exchange dissection supp

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 28 Aug 2011 23:37:57 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6277

           Summary: TLS Diffie-Hellman key exchange dissection support
           Product: Wireshark
           Version: SVN
          Platform: x86-64
        OS/Version: Ubuntu
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxxxxxxx


Created an attachment (id=6880)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6880)
Example pcap that illustrates server key exchange and client key exchange not
dissected into their Diffie-Hellman parameters.

Build Information:
wireshark 1.7.0 (SVN Rev 38754 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.22.0, with Cairo 1.10.0, with Pango 1.28.2, with
GLib 2.26.1, with libpcap 1.1.1, with libz 1.2.3.4, without POSIX capabilities,
with threads support, without SMI, without c-ares, without ADNS, without Lua,
with Python 2.6.6, with GnuTLS 2.8.0, with Gcrypt 1.4.5, without Kerberos,
without GeoIP, without PortAudio, without AirPcap.

Running on Linux 2.6.35-30-generic, with locale en_US.UTF-8, with libpcap
version 1.1.1, with libz 1.2.3.4, GnuTLS 2.8.6, Gcrypt 1.4.5.

Built using gcc 4.4.5.

--
To my knowledge, Wireshark does not dissect TLS Server or Client Key Exchange
messages. I've written a simple patch that adds support for two specific Cipher
Suites: 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA.

In theory it should work with any DH exchanges, but I've limited it to
dissecting only those two for now.

I have fuzz tested this code (using fuzz-test.sh) with some pcaps, including
(among others) the attached.

TODO items:
- Allow this to dissect more cipher suites.
- Detect and dissect RSA key exchanges (same format, just different parameter
names).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.