Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 6847] New: Patch to fix DTLS decryption

Date: Wed, 15 Feb 2012 20:28:48 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6847

           Summary: Patch to fix DTLS decryption
           Product: Wireshark
           Version: 1.7.x (Experimental)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: piyomaru3141@xxxxxxxxx


Created attachment 7844
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7844
Patch to fix DTLS decryption

Build Information:
wireshark 1.7.1 (SVN Rev 41030 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.20.1, with Cairo 1.8.10, with Pango 1.28.0, with
GLib 2.24.1, with libpcap, with libz 1.2.3.3, with POSIX capabilities (Linux),
with SMI 0.4.8, with c-ares 1.7.0, with Lua 5.1, without Python, with GnuTLS
2.8.5, with Gcrypt 1.4.4, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Feb 18 2010 22:31:30), without AirPcap.

Running on Linux 2.6.32-22-generic, with locale C, with libpcap version 1.0.0,
with libz 1.2.3.3, GnuTLS 2.8.5, Gcrypt 1.4.4.

Built using gcc 4.4.3.

--
Wireshark has DTLS decryption function but currently it doesn't work as
reported in bug#6769.

Through my research it seems that wireshark's decryption code supports old
openssl's non-RFC-4346-compliant DTLS 1.0 only and it has been broken since
some time or other.

This patch will fix it and make some enhancements.
Key modifications are:
* Fix decryption for old openssl's non-RFC-4346-compliant DTLS 1.0.
* Add decryption capability for RFC 4346-compliant DTLS 1.0.
* Enable DTLS record decompression.

I also attach trace and key acquired using net-snmp 5.7.1 and openssl 1.0.0e.
With this trace, you can check decryption for RFC-compliant DTLS and
decompression.

As for non-RFC-compliant DTLS, download sample capture and key from DTLS wiki
page (http://wiki.wireshark.org/DTLS) and use them to check.

Detailed procedure to decrypt is described in bug#6769
(http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6769).

When using my trace and key, pls use the following paremeters in the step4 of
the procedure:
  IP address         : 127.0.0.1
  Port               : 10161
  Protocol           : snmp
  Key File           : c:\temp_x\snmpd_fixed.key
  Password (p12 file): (leave blank)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.