Ask Your Question
0

Incorrect Data while Decrypting Application data using psk cipher in wireshark

asked 2020-08-30 09:30:06 +0000

technogeek12 gravatar image

I am using python library(sslpsk) to achieve the secure communication (https) between server and client for PSK ciphersuites in TLSV1.2
with the initial code added using this library, i've started to test the changes using host address - 127.0.0.1 with port - 4443 for ciphersuite PSK-AES128-GCM-SHA256.

since the cipher uses PSK - key is available in advance and configured in sever and client scripts.
When i execute the scripts, Data exchange happens between server and client Ping Pong Surprsingly when i try to decrypt the application data in wireshark - Data is not decrypted correctly.


I have added PSK key by clicking in Application data --> Application Data Protocol -->Protocol preferences --> Pre-Shared Key .

Instead when i try to decrypt Application data, I can able to see data ping - 06 06 e2 d6 and for pong - 76 cc 07 ab.
I expect the application data after decrypt would be ping – 70 69 6e 67, pong – 70 6f 6e 67.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2020-08-30 11:25:38 +0000

Bob Jones gravatar image

Testing this ciphersuite with openssl, decryption worked as expected:

openssl s_server -cipher  PSK-AES128-GCM-SHA256 -nocert -psk 123456 -tls1_2
openssl s_client -psk 123456 -connect testvm:4433

Openssl is 1.1.1 on both ends and Wireshark is v3.2.6. I suspect your issue is elsewhere, and not with Wireshark. You mention https, but TLS is not https... https uses TLS, but it also implies that http protocol is in use.

TLSv1.2 Record Layer: Handshake Protocol: Server Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 57
    Handshake Protocol: Server Hello
        Handshake Type: Server Hello (2)
        Length: 53
        Version: TLS 1.2 (0x0303)
        Random: 893eca02087ef5d4e0ca187fb868fcf90b90f8b797a4312c…
        Session ID Length: 0
        Cipher Suite: TLS_PSK_WITH_AES_128_GCM_SHA256 (0x00a8)

Decrypted data, from the Decrypted TLS tabs:

0000   70 69 6e 67 0d 0a                                 ping..
0000   70 6f 6e 67 0d 0a                                 pong..
edit flag offensive delete link more

Comments

Yes, I have verified that it works with openssl. However, when i use py library sslpsk, I could see incorrect data is exchanged ,when psk key is added in order to decrypt the App data in wire shark. Nevertheless, I can see ping <-> pong data is exchanged between server and client. How is this possible, when the data send over port is incorrect, how can data exchange happens between server and client correctly? I am amazed with the behavior.

Therefore, I guess, there is suspicion code in py script which causes this problem?

technogeek12 gravatar imagetechnogeek12 ( 2020-08-30 15:37:41 +0000 )edit

Can you provide a sample capture and the PSK?

Chuckc gravatar imageChuckc ( 2020-08-30 16:11:16 +0000 )edit

Sorry @Chuckc @ Bob Jones i could not able to attach files. I il provide you the link for github code shortly.

technogeek12 gravatar imagetechnogeek12 ( 2020-09-06 02:26:35 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-08-30 09:30:06 +0000

Seen: 5,071 times

Last updated: Aug 30 '20