Comment # 12
on bug 9499
from Hauke Mehrtens
(In reply to comment #8)
> Created attachment 12216 [details]
> AES256_CCM_8 and AES256_CBC_SHA capture (dump.pcapng.gz)
>
> (In reply to comment #7)
> > (In reply to comment #6)
> > [..]
> > > https://git.lekensteyn.nl/peter/wireshark-notes/tree/generate-wireshark-cs
> >
> > Nice script I will have a look at it. I did the changes manually, is there
> > some documentation I am missing which references this script?
>
> It is mentioned at http://wiki.wireshark.org/SSL (Testing SSL / adding new
> cipher suites). Example usage (using suites.txt in the same repo):
>
> grep -vE 'SRP|ARIA|PSK|KRB' suites.txt | ./generate-wireshark-cs
>
> I noticed that CCM does not have a HMAC included, is that correct?
Yes CCM is an authenticating cipher, it builds its own mac with aes. The last 8
or 16 bytes are the MAC, over the encrypted data itself and some additional
data. It is not checked by wireshark.
> Attached is a capture generated with CyaSSL (patched to output the
> pre-master secret). (See
> https://git.lekensteyn.nl/peter/wireshark-notes/commit/
> ?id=befe0f77dd2246e437e61cefb861bf9a6d4ff82b for the patch and instruction
> to generate your own capture).
>
> The AES-CCM-8 cipher suite does not get decrypted properly (the nonce is
> likely invalid) while the AES256_CBC_SHA one is fine (to rule out mistakes
> in the cyassl patch). Premaster is following in the next attachment.
There was a problem in the patch it used AES128 when it should use AES256, this
was fixed and I was able to decrypt your trace and some traces I generated with
cyassl.
You are receiving this mail because:
- You are watching all bug changes.
