On Mon December 20 2010, Yigit wrote:
>
> Hello all,
> I have seen one or two related previous subjects but they didn't solve my
> problem. So I am posting a new one.
>
> There is an application on my computer which connects to a server using
> openssl. I have to see their traffic which means either I decrypt all
> sniffed packets or I print all decrypted packets to a file inside openssl.
>
Or: Wireshark
Just ask Google, they know wireshark
Mike
> The application uses SSLv3 (method version : 768). And it almost always uses
> the cipher suite TLS-DHE-RSA-AES-256-CBC-SHA.
>
> Now, I have edited the ssl3_setup_key_block function in s3_enc.c file. At
> the end of the function, I print the master key, key block, client random
> and server random to a file. I retrieve those by calling;
> Master key : s->s3->master_key (with the length of s->s3->master_key_length
> which is naturally 48 bytes),
> Key Block : s->s3->tmp.key_block,
> Client Random : s->s3->client_random,
> Server Random : s->s3->server_random
>
> I recompile openssl package with this and replace the dll which the
> application uses and it prints these to the file.
>
> Now, as far as I know, the key block must have a structure like;
> {
> Client Write MAC Secret (20 bytes for this cipher suite)
> Server Write MAC Secret (20 bytes)
> Client Write Secret (32 bytes)
> Server Write Secret (32 bytes)
> Client Write IV (16 bytes)
> Server Write IV (16 bytes)
> }
>
> However, whatever I tried, I couldn't successfully decrypt any packet with
> the keys and IV's I got from this key block. It gives no meaningful output.
> By the way, I start decrypting packets discarding the first 5 bytes which
> are; 17h (Content Type : Application data), 03h 00h (Version : SSLv3) XX XX
> (Length of message in bytes). In addition, again as far as I know, any
> decrypted packet must have the structure of :
> {
> Plain Text (since there is no compression used),
> MAC Field,
> Padding,
> Padding Length
> }
> And I couldn't see anything that seemed like padding and padding-length from
> my decryptions, so I can deduce that the keys or IVs I use are definitely
> false ones, unless my decryption method is bugged. I use a 3rd party library
> to decrypt aes256 and I wrote the code to apply the cbc mode myself, but I
> am pretty sure there are no mistakes there.
>
> Now, http://www.ietf.org/rfc/rfc2246.txt explains how to calculate the key
> block from master key, client random and master random. So when I calculate
> the key block from these variables, the resulting key block is different
> from the one printed on the file. And I think it suggests I am doing
> something fundamentally wrong. And the decryptions which are performed by
> this "calculated key block" also produce meaningless outputs.
>
> http://www.ietf.org/rfc/rfc2246.txt also says, for "exportable" cipher
> suites, client write secrets and server write secrets need another operation
> in order to obtain final write keys. Now, I don't know what "exportable"
> means in this case and although I think this cipher suite is not exportable,
> I produced final write secrets from write secrets accordingly. And
> decryptions using these are also resulted with failure.
>
> Alternatively, I edited the SSL_write and SSL_read functions to print
> decrypted or unencrypted packets to another file. But it always prints
> "�òS^#cYJC". So I am stuck there too.
>
> If anyone sees what my flaw is, what I am doing wrong and what I should do,
> I will appreciate the help.
>
> Best regards, thanks in advance,
> Yigit
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
