Hi,
I am trying to decrypt SSL/TLS traffic encrypted with a pre-shared key.
The cipher I use is PSK-AES128-CBC-SHA. I use the built-in openssl
server (s_server) and client (s_client) and it works well but traffic
decryption does not work. I've already specified a ssl_debug file in
wireshark and set the pre-shared key to the same I pass as an openssl
argument.
The ssl_debug log complains about (just an excerpt, other frames has the
same error messages):
##################################
dissect_ssl enter frame #166 (first time)
ssl_session_init: initializing ptr 0000000007B521D0 size 688
conversation = 0000000007B51B30, ssl_session = 0000000007B521D0
record: offset = 0, reported_length_remaining = 327
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 322, ssl state 0x00
association_find: TCP port 49185 found 0000000000000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 318 bytes,
remaining 327
packet_from_server: is from server - FALSE
ssl_find_private_key server 192.168.0.146:4443
ssl_find_private_key can't find private key for this server! Try it
again with universal port 0
ssl_find_private_key can't find private key for this server (universal
port)! Try it again with universal address 0.0.0.0
ssl_find_private_key can't find any private key!
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
##################################
dissect_ssl enter frame #168 (first time)
conversation = 0000000007B51B30, ssl_session = 0000000007B521D0
record: offset = 0, reported_length_remaining = 72
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 58, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes,
remaining 63
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
trying to use SSL keylog in
failed to open SSL keylog
cannot find master secret in keylog file either
dissect_ssl3_hnd_srv_hello found CIPHER 0x008C -> state 0x17
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x17
required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material
record: offset = 63, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 68 length 0 bytes,
remaining 72
##################################
I don't understand the errors, because if TLS-PSK is used, no private
key or master-secret has to be given. Or am I completely wrong about this?
General information:
OS: Win7 64bit
Wireshark: Version 1.10.5 (SVN Rev 54262 from /trunk-1.10) (64-bit)
Thanks for any response!
- steffen
