Wireshark-bugs: [Wireshark-bugs] [Bug 9499] DTLS: add decrypt support for TLS_PSK_WITH_AES_128_C
Comment # 13
on bug 9499
from Peter Wu
(In reply to comment #12)
> (In reply to comment #8)
> [..]
>
> Yes CCM is an authenticating cipher, it builds its own mac with aes. The
> last 8 or 16 bytes are the MAC, over the encrypted data itself and some
> additional data. It is not checked by wireshark.
Then I would suggest to add a DIG_NA (Not Applicable) macro and use that
instead
of some arbitrary, unrelated digest.
> There was a problem in the patch it used AES128 when it should use AES256,
> this was fixed and I was able to decrypt your trace and some traces I
> generated with cyassl.
Great, confirmed working!
Some minor comments:
- There is a line with white space only in packet-ssl-utils.c (before `if
(ssl_session->cipher_suite.kex == KEX_PSK)`)
- I think you had too much beer here: "ssl_generate_pre_master_serect" (should
be "secret" ;))
Besides that, you can consider the dtls PSK patch reviewed. Although the diff
looks large, most of them come from re-indentation and changing whitespace.
Where necessary, "break" has been replaced by "return" and some redundant code
has been removed from the DTLS code.
For the CCM patch (packet-ssl-utils.h), the "16 Bit Auth" should be "8 byte
auth tag". Personally, I would abbreviate it to: AEAD_AES_{128,256}_CCM too,
but I leave that up to you. With the DIG_NA comment noted above, you can also
consider this reviewed.
You are receiving this mail because:
- You are watching all bug changes.