Wireshark-dev: [Wireshark-dev] Trying to decode a TLS 1.3 with null cipher
From: Ahmed Elsherbiny <sherboah@xxxxxxxxx>
Date: Fri, 1 May 2020 14:10:01 -0700
Hello,
I've written a dissector for a custom protocol. The dissector works well, and now I'm trying to run the protocol over TLS 1.3.
The cipher suite being used is TLS_SHA256_SHA256 (Code: 0xC0B4). This is a new cipher suite, it is used for integrity and has a null cipher (The payload is actually plaintext). It is still in draft form, here is the document that describes it: https://www.ietf.org/id/draft-camwinget-tls-ts13-macciphersuites-05.txt
Looking at the ServerHello packet, Wireshark shows the CipherSuite as Unknown (0xC0B4). Consequently, it does not provide a "Decrypted application data" tab and does not pass the data to my dissector.
This is what the TLS debug log shows:
For the ServerHelloMessage:
dissect_ssl enter frame #2 (first time)
packet_from_server: is from server - TRUE
conversation = 0000025F9CC7D780, ssl_session = 0000025F9CC7DEF0
record: offset = 0, reported_length_remaining = 128
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 123, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 119 bytes, remaining 128
ssl_try_set_version found version 0x0304 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher can't find cipher suite 0xC0B4
ssl_load_keyfile dtls/tls.keylog_file is not configured!
tls13_load_secret transitioning to new key, old state 0x93
tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
tls13_load_secret transitioning to new key, old state 0x93
tls13_load_secret Cannot find SERVER_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
packet_from_server: is from server - TRUE
conversation = 0000025F9CC7D780, ssl_session = 0000025F9CC7DEF0
record: offset = 0, reported_length_remaining = 128
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 123, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 119 bytes, remaining 128
ssl_try_set_version found version 0x0304 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher can't find cipher suite 0xC0B4
ssl_load_keyfile dtls/tls.keylog_file is not configured!
tls13_load_secret transitioning to new key, old state 0x93
tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
tls13_load_secret transitioning to new key, old state 0x93
tls13_load_secret Cannot find SERVER_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
For the Application Message:
dissect_ssl enter frame #3 (first time)
packet_from_server: is from server - TRUE
conversation = 0000025F9CC7D780, ssl_session = 0000025F9CC7DEF0
record: offset = 0, reported_length_remaining = 44
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 39, ssl state 0x93
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
packet_from_server: is from server - TRUE
conversation = 0000025F9CC7D780, ssl_session = 0000025F9CC7DEF0
record: offset = 0, reported_length_remaining = 44
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 39, ssl state 0x93
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
I tried adding the cipher-suite to packet-tls-utils.c and recompiling Wireshark. This is the line that I added, since the document says that Diffie-Helman is the only key exchange that can be used. I'm not completely sure that I'm using the correct macros - I don't fully understand TLS.
{0xC0B4, KEX_DH_ANON, ENC_NULL, DIG_SHA256, MODE_GCM }
After recompiling Wireshark with this line added, this is what I get:
For the ServerHelloMessage:
dissect_ssl enter frame #2 (first time)
packet_from_server: is from server - TRUE
conversation = 0000018ED3796780, ssl_session = 0000018ED3796EF0
record: offset = 0, reported_length_remaining = 128
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 123, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 119 bytes, remaining 128
ssl_try_set_version found version 0x0304 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0xC0B4 unknown -> state 0x97
ssl_load_keyfile dtls/tls.keylog_file is not configured!
tls13_load_secret transitioning to new key, old state 0x97
tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
tls13_load_secret transitioning to new key, old state 0x97
tls13_load_secret Cannot find SERVER_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
packet_from_server: is from server - TRUE
conversation = 0000018ED3796780, ssl_session = 0000018ED3796EF0
record: offset = 0, reported_length_remaining = 128
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 123, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 119 bytes, remaining 128
ssl_try_set_version found version 0x0304 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0xC0B4 unknown -> state 0x97
ssl_load_keyfile dtls/tls.keylog_file is not configured!
tls13_load_secret transitioning to new key, old state 0x97
tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
tls13_load_secret transitioning to new key, old state 0x97
tls13_load_secret Cannot find SERVER_HANDSHAKE_TRAFFIC_SECRET, decryption impossible
For the Application Message:
dissect_ssl enter frame #3 (first time)
packet_from_server: is from server - TRUE
conversation = 0000018ED3796780, ssl_session = 0000018ED3796EF0
record: offset = 0, reported_length_remaining = 44
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 39, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #3 (first time)
packet_from_server: is from server - TRUE
conversation = 0000018ED3796780, ssl_session = 0000018ED3796EF0
record: offset = 0, reported_length_remaining = 44
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 39, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
Notice the highlighted text. The message changed from "Can't find cipher suite" to "found CIPHER 0xC0B4 unknown". So I might be doing something right here. But it seems to still expect a key. I should be able to proceed without keys, since this particular cipher-suite does not encrypt the payload.
Appreciate if someone could help me figure this out. Thanks in advance!
Regards,
Ahmed ElSherbiny
- Follow-Ups:
- Prev by Date: Re: [Wireshark-dev] Support for TLS1.2 decryption using derived keys
- Next by Date: Re: [Wireshark-dev] Support for TLS1.2 decryption using derived keys
- Previous by thread: Re: [Wireshark-dev] Support for TLS1.2 decryption using derived keys
- Next by thread: Re: [Wireshark-dev] Trying to decode a TLS 1.3 with null cipher
- Index(es):