TLS 1.3: CCM ciphers not decrypted due to invalid AAD length

asked 2022-08-18 13:20:53 +0000

Gauri
1 ●2 ●3

updated 2022-08-23 15:36:28 +0000

Recently I had implemented a callback function SSL_CTX_set_keylog_callback()that sets the TLS key logging callback. This callback is called whenever TLS key material is generated or received, in order to allow applications to store this keying material for debugging purposes. I am able to get the required keys and also using that keys I am able to decrypt the packets but some cipher suite are not decrypted. This below 3 ciphers are able to decrypt TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384

And with same config and same code change this below cipher suites are not decrypted, although I am getting the required keys for this. TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_8_SHA256

I came to know that those 3 working cipher suite are default ciphers and the last two non-working collections need to be explicitly added if required. When creating a list. https://www.microfocus.com/documentat...

May I know if Wireshark supports all 5 tlsv1.3 ciphers or not?

edit retag flag offensive close merge delete

Comments

Can you set the preference for TLS debug file (tls.debug_logfile) (TLS preference settings), do the decode and check the log for errors.

I get these - tls_decrypt_aead_record failed to set AAD: Invalid length - and would like to confirm the same for your decode.

https://github.com/gpg/libgcrypt/blob...:

  if (abuflen > c->u_mode.ccm.aadlen)
    return GPG_ERR_INV_LENGTH;

packet-tls-utils.c:

Chuckc ( 2022-08-18 22:14:02 +0000 )edit

Yes, I have tried the same as you suggested, I am also getting the same error.

Gauri ( 2022-08-19 06:37:46 +0000 )edit

Update title on the Gitlab issue also.

Chuckc ( 2022-08-23 15:42:18 +0000 )edit

7885: tls 1.3: set CCM aad_len for draft >= 25 is merged in and available to test in the Automated builds (Version 4.1.0rc0-94-g4915b646d074 (v4.1.0rc0-94-g4915b646d074). or newer)

Chuckc ( 2022-08-25 02:23:58 +0000 )edit

add a comment

Comments

18277: Unable to decrypt TLS 1.3 packets with the keys got using SSL_CTX_set_keylog_callback openssl API in Wireshark

Chuckc ( 2022-08-21 17:34:48 +0000 )edit

As you mentioned I have raised a ticket for the issue we are facing, also saw your comments there, just wanted to know is there any update on this issue, I am doing some enhancements for tls and we needed this data but we are stuck because of this, hence contacting you.

Thanks in advance!

Gauri ( 2022-08-23 13:13:17 +0000 )edit

You could try changing the title to be more specific: "TLS 1.3: CCM ciphers not decrypted due to invalid AAD length".
That moves it back up to the top of the issues list and might get more attention.

Chuckc ( 2022-08-23 14:03:49 +0000 )edit

If you setup a build environment, this change would allow you to decode TLS 1.3 >= than draft 25. The final change to the Wireshark code will need to take the draft version into account and set the value accordingly.

wireshark$ git diff
diff --git a/epan/dissectors/packet-tls-utils.c b/epan/dissectors/packet-tls-utils.c
index 64c6e97f34..79f1b18052 100644
--- a/epan/dissectors/packet-tls-utils.c
+++ b/epan/dissectors/packet-tls-utils.c
@@ -4965,7 +4965,7 @@ tls_decrypt_aead_record(SslDecryptSession *ssl, SslDecoder *decoder,

     if (decoder->cipher_suite->mode == MODE_CCM || decoder->cipher_suite->mode == MODE_CCM_8) {
         /* size of plaintext, additional authenticated data and auth tag. */
-        guint64 lengths[3] = { ciphertext_len, is_v12 ? 13 : 0, auth_tag_len };
+        guint64 lengths[3] = { ciphertext_len, is_v12 ? 13 : 5, auth_tag_len };
         if (is_cid) {
             if (ssl->session.deprecated_cid) {
                 lengths[1] += 1 + cidl; /* cid length (1 byte) + cid (cidl bytes) */

Chuckc ( 2022-08-23 15:08:59 +0000 )edit

Thanks for the response, with this change would I able to decrypt TLSv1.3:CCM and whether this code change would be available in the next version of wireshark official release?

Gauri ( 2022-08-23 15:45:56 +0000 )edit

see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

TLS 1.3: CCM ciphers not decrypted due to invalid AAD length

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

TLS 1.3: CCM ciphers not decrypted due to invalid AAD length edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

TLS 1.3: CCM ciphers not decrypted due to invalid AAD length