Wireshark mailing list archives

Trying to decode a TLS 1.3 with null cipher

From: Ahmed Elsherbiny <sherboah () gmail com>
Date: Fri, 1 May 2020 14:10:01 -0700

Hello,

I've written a dissector for a custom protocol. The dissector works well,
and now I'm trying to run the protocol over TLS 1.3.

The cipher suite being used is TLS_SHA256_SHA256 (Code: 0xC0B4). This is a
new cipher suite, it is used for integrity and has a null cipher (The
payload is actually plaintext). It is still in draft form, here is the
document that describes it:
https://www.ietf.org/id/draft-camwinget-tls-ts13-macciphersuites-05.txt

Looking at the ServerHello packet, Wireshark shows the CipherSuite as
Unknown (0xC0B4). Consequently, it does not provide a "Decrypted
application data" tab and does not pass the data to my dissector.

This is what the TLS debug log shows:
*For the ServerHelloMessage:*
dissect_ssl enter frame #2 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000025F9CC7D780, ssl_session = 0000025F9CC7DEF0
  record: offset = 0, reported_length_remaining = 128
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 123, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 119 bytes,
remaining 128
ssl_try_set_version found version 0x0304 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher can't find cipher suite 0xC0B4
ssl_load_keyfile dtls/tls.keylog_file is not configured!
tls13_load_secret transitioning to new key, old state 0x93
tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption
impossible
tls13_load_secret transitioning to new key, old state 0x93
tls13_load_secret Cannot find SERVER_HANDSHAKE_TRAFFIC_SECRET, decryption
impossible

*For the Application Message:  *
dissect_ssl enter frame #3 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000025F9CC7D780, ssl_session = 0000025F9CC7DEF0
  record: offset = 0, reported_length_remaining = 44
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 39, ssl state 0x93
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available

I tried adding the cipher-suite to packet-tls-utils.c and recompiling
Wireshark. This is the line that I added, since the document says that
Diffie-Helman is the only key exchange that can be used. I'm not completely
sure that I'm using the correct macros - I don't fully understand TLS.

{0xC0B4, KEX_DH_ANON, ENC_NULL, DIG_SHA256, MODE_GCM }

After recompiling Wireshark with this line added, this is what I get:
*For the ServerHelloMessage: *
dissect_ssl enter frame #2 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000018ED3796780, ssl_session = 0000018ED3796EF0
  record: offset = 0, reported_length_remaining = 128
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 123, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 119 bytes,
remaining 128
ssl_try_set_version found version 0x0304 -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0xC0B4 unknown -> state 0x97
ssl_load_keyfile dtls/tls.keylog_file is not configured!
tls13_load_secret transitioning to new key, old state 0x97
tls13_load_secret Cannot find CLIENT_HANDSHAKE_TRAFFIC_SECRET, decryption
impossible
tls13_load_secret transitioning to new key, old state 0x97
tls13_load_secret Cannot find SERVER_HANDSHAKE_TRAFFIC_SECRET, decryption
impossible

*For the Application Message:   *
dissect_ssl enter frame #3 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000018ED3796780, ssl_session = 0000018ED3796EF0
  record: offset = 0, reported_length_remaining = 44
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 39, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available

Notice the highlighted text. The message changed from "Can't find cipher
suite" to "found CIPHER 0xC0B4 unknown". So I might be doing something
right here. But it seems to still expect a key. I should be able to proceed
without keys, since this particular cipher-suite does not encrypt the
payload.

Appreciate if someone could help me figure this out. Thanks in advance!

Regards,
Ahmed ElSherbiny

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 01)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)
  - Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 02)
    - Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)
    - Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 04)
    - Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 04)
    - Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 05)
    - Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 07)