Wireshark-dev: Re: [Wireshark-dev] Embed SSL keylog file in pcap-ng

From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Fri, 4 May 2018 10:15:34 +0200
Hi Ben,

On Thu, May 03, 2018 at 04:13:33PM -0700, Ben Higgins wrote:
> We're pretty interested in embedding SSL key log information into pcap-ng
> to make it really convenient to open up a single file and get SSL/TLS
> sessions decrypted.
> 
> I looked around and found a ticket and some wiki content related to this
> subject:
> 
> - "use capture file comment to configure SSL dissector" is at
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9616
> - https://wiki.wireshark.org/Development/PcapNg#Wishlist includes "SSL
> session keys" with a description and a link to the above ticket
> - and there's https://wiki.wireshark.org/DecryptionBlock -- what's
> described here is sounds really cool but in practice might be pretty tricky
> to implement

Looks like you have done your homework, that is pretty much the current
state :-)

> What I'd like to do is instead create a new pcap-ng block type that we can
> put SSL keylog file contents into verbatim. Then we can leverage existing
> code in Wireshark for parsing keylog files. I'd also rather keep this
> scoped to keylog files and not private keys (since private keys are longer
> term secrets and are more sensitive to deal with and everything's heading
> toward PFS anyway).
> 
> Any thoughts on this proposal? If folks are open to this approach then we'd
> be interested in writing up a patch.

The TLS key log file is indeed sufficient for decryption. If people
still use RSA key files for some legacy configuration, then Wireshark
can currently already generate a key log file for you (File -> Export
SSL Session keys).

At the moment I am not sure how the pcapng process works, but having a
specification would probably be nice for other interested parties. While
Wireshark supports multiple key log formats, I guess that those from
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format
should be mentioned explicitly (except for RSA). All other formats might
work, but there will be no guarantees on the long term.

The specification should also answer:
- Where in the pcapng file should the block be located? The information
  must be available before the TLS dissector is invoked.
- If it can be anywhere, can there be multiple blocks?
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl