Hello all,
I have seen one or two related previous subjects but they didn't solve my
problem. So I am posting a new one.
There is an application on my computer which connects to a server using
openssl. I have to see their traffic which means either I decrypt all
sniffed packets or I print all decrypted packets to a file inside openssl.
The application uses SSLv3 (method version : 768). And it almost always uses
the cipher suite TLS-DHE-RSA-AES-256-CBC-SHA.
Now, I have edited the ssl3_setup_key_block function in s3_enc.c file. At
the end of the function, I print the master key, key block, client random
and server random to a file. I retrieve those by calling;
Master key : s->s3->master_key (with the length of s->s3->master_key_length
which is naturally 48 bytes),
Key Block : s->s3->tmp.key_block,
Client Random : s->s3->client_random,
Server Random : s->s3->server_random
I recompile openssl package with this and replace the dll which the
application uses and it prints these to the file.
Now, as far as I know, the key block must have a structure like;
{
Client Write MAC Secret (20 bytes for this cipher suite)
Server Write MAC Secret (20 bytes)
Client Write Secret (32 bytes)
Server Write Secret (32 bytes)
Client Write IV (16 bytes)
Server Write IV (16 bytes)
}
However, whatever I tried, I couldn't successfully decrypt any packet with
the keys and IV's I got from this key block. It gives no meaningful output.
By the way, I start decrypting packets discarding the first 5 bytes which
are; 17h (Content Type : Application data), 03h 00h (Version : SSLv3) XX XX
(Length of message in bytes). In addition, again as far as I know, any
decrypted packet must have the structure of :
{
Plain Text (since there is no compression used),
MAC Field,
Padding,
Padding Length
}
And I couldn't see anything that seemed like padding and padding-length from
my decryptions, so I can deduce that the keys or IVs I use are definitely
false ones, unless my decryption method is bugged. I use a 3rd party library
to decrypt aes256 and I wrote the code to apply the cbc mode myself, but I
am pretty sure there are no mistakes there.
Now, http://www.ietf.org/rfc/rfc2246.txt explains how to calculate the key
block from master key, client random and master random. So when I calculate
the key block from these variables, the resulting key block is different
from the one printed on the file. And I think it suggests I am doing
something fundamentally wrong. And the decryptions which are performed by
this "calculated key block" also produce meaningless outputs.
http://www.ietf.org/rfc/rfc2246.txt also says, for "exportable" cipher
suites, client write secrets and server write secrets need another operation
in order to obtain final write keys. Now, I don't know what "exportable"
means in this case and although I think this cipher suite is not exportable,
I produced final write secrets from write secrets accordingly. And
decryptions using these are also resulted with failure.
Alternatively, I edited the SSL_write and SSL_read functions to print
decrypted or unencrypted packets to another file. But it always prints
"�òS^#cYJC". So I am stuck there too.
If anyone sees what my flaw is, what I am doing wrong and what I should do,
I will appreciate the help.
Best regards, thanks in advance,
Yigit
--
View this message in context:
http://old.nabble.com/Decrypting-SSL-packets-with-the-keys-retrieved-from-openssl-tp30498813p30498813.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
