dtls and decrypt

asked 2021-10-01 07:52:16 +0000

nicho2 gravatar image

updated 2021-10-01 08:18:29 +0000

grahamb gravatar image

Hello,

My problem is i can't decrypt the communication between my client and my server.

The server select cipher : TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256

also i extract the master secret and put in the pre_master_secret file as:

CLIENT_RANDOM 6152ff1dc3973d0b4c10701242cf42f840b795e6ff37c28d9ec07094c85fd454 076350f53ff3f8ab50370bb9d4c60584436728949c46a0dbcf96f1b26b20717fb122d145328fa4956656d9f9df926c3e
CLIENT_RANDOM 6152ff1d78be0b76c69e6e33fba517970a606db9b46a5901722ef183f6e22ea6 076350f53ff3f8ab50370bb9d4c60584436728949c46a0dbcf96f1b26b20717fb122d145328fa4956656d9f9df926c3e
CLIENT_RANDOM 61559de3ddd6c76c631887d7eeb8fa331bc11afca80fe71cc23a689267a8f83f c6dc1021a93d4c006615a883c6f30baaa31866353c9018646b1cfc3f2b1de730340e77a8c0b46c70c12ae25c1c8a63d0

I see in the log file , it's seems doing something:

Wireshark SSL debug log 

Wireshark version: 3.4.8 (v3.4.8-0-g3e1ffae201b8)
GnuTLS version:    3.6.3
Libgcrypt version: 1.8.3

KeyID[20]:
| 97 6d 25 f7 5a 0d 5b 85 4e e0 6e be 31 aa 88 0a |.m%.Z.[.N.n.1...|
| f2 ae 35 7c                                     |..5|            |
ssl_init private key file C:/temp/essai_pip_azure/sh_dir/server-prk.pem successfully loaded.
ssl_init port '4443' filename 'C:/temp/essai_pip_azure/sh_dir/server-prk.pem' password(only for p12 file) ''
association_add dtls.port port 4443 handle 000002198D3A2830

dissect_dtls enter frame #1 (first time)
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22 epoch 0 seq 0
decrypt_dtls_record: no session key
Calculating hash with offset 13 382
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_dtls enter frame #2 (first time)
packet_from_server: is from server - TRUE
ssl_try_set_version found version 0xFEFD -> state 0x91
dissect_dtls_record: content_type 22 epoch 0 seq 0
decrypt_dtls_record: no session key
Calculating hash with offset 13 47
dissect_dtls_handshake erasing previous handshake_messages: 429

dissect_dtls enter frame #3 (first time)
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22 epoch 0 seq 1
decrypt_dtls_record: no session key
Calculating hash with offset 13 414
ssl_reset_session detected renegotiation, clearing 0x80 (client side)
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x11

dissect_dtls enter frame #4 (first time)
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22 epoch 0 seq 1
decrypt_dtls_record: no session key
Calculating hash with offset 13 99
ssl_try_set_version found version 0xFEFD -> state 0x91
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0xCCA8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -> state 0x97
dissect_dtls_record: content_type 22 epoch 0 seq 2
decrypt_dtls_record: no session key
Calculating hash with offset 125 833
Certificate.KeyID[20]:
| 97 6d 25 f7 5a 0d 5b 85 4e e0 6e be 31 aa 88 0a |.m%.Z.[.N.n.1...|
| f2 ae 35 7c                                     |..5|            |
dissect_dtls_record: content_type 22 epoch 0 seq 3
decrypt_dtls_record: no session key
Calculating hash with offset 971 409
dissect_dtls_record: content_type 22 epoch 0 seq 4
decrypt_dtls_record: no session key
Calculating hash with offset 1393 105
dissect_dtls_record: content_type 22 epoch 0 seq 5
decrypt_dtls_record: no session key
Calculating hash with offset 1511 12

dissect_dtls enter frame #5 (first time)
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22 epoch 0 seq 2
decrypt_dtls_record: no session key
Calculating hash with offset 13 15
dissect_dtls_record: content_type 22 epoch 0 seq 3
decrypt_dtls_record: no session key
Calculating hash with offset 41 146
trying to use TLS keylog in C:\temp\pre_master_secret.txt
  checking keylog line: CLIENT_RANDOM 6152ff1dc3973d0b4c10701242cf42f840b795e6ff37c28d9ec07094c85fd454 076350f53ff3f8ab50370bb9d4c60584436728949c46a0dbcf96f1b26b20717fb122d145328fa4956656d9f9df926c3e
    matched client_random
  checking keylog line: CLIENT_RANDOM 6152ff1d78be0b76c69e6e33fba517970a606db9b46a5901722ef183f6e22ea6 076350f53ff3f8ab50370bb9d4c60584436728949c46a0dbcf96f1b26b20717fb122d145328fa4956656d9f9df926c3e
    matched client_random
  checking keylog line: CLIENT_RANDOM 61559de3ddd6c76c631887d7eeb8fa331bc11afca80fe71cc23a689267a8f83f c6dc1021a93d4c006615a883c6f30baaa31866353c9018646b1cfc3f2b1de730340e77a8c0b46c70c12ae25c1c8a63d0
    matched client_random
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 197
ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret
ssl_decrypt_pre_master_secret: session uses Diffie-Hellman ...
(more)
edit retag flag offensive close merge delete