Menu
▾
▴
#8 TLS1.1 and TLS1.2 app data decrypt support
ssldump -d will decrypt data. This patch adds decryption support for TLS1.1 and 1.2. Does not include DTLS. Also adds cipher string recognition for TLS1.1 and TLS1.2 ciphers.
Note, be sure to use a recent version of OpenSSL that includes AES128/256/512 support.
TLS1.1 / TLS1.2 app data decrypt support
There are two minor issues with the patch:
1) Doesn't factor in hash agility for the HMAC (which is up to the cipher-suite, but has a lower-bound of SHA256 for previously-defined ciphersuites), which prevented the PRF from deriving the proper keying material for ciphersuites with weaker HMACs.
2) Currently tries to remove explicit IVs from stream ciphers (an oversight), which prevents decryption of streams using stream ciphers.
David and I solved #1 by giving the HMAC a lower-bound MAX(DIG_SHA256, ssl->cs->dig)-0x40, and #2 by ensuring ssl->cs->block > 1.
Since I'm not seeing an immediately obvious way of including a new attachment in this artifact, below is a diff against ssldump-0.9b3 with the ssldump.tls12-appdata-decrypt.patch applied:
diff -pur ssldump-0.9b3/ssl/ssldecode.c ssldump-0.9b3-modified/ssl/ssldecode.c
--- ssldump-0.9b3/ssl/ssldecode.c 2012-07-14 16:58:02.581306589 -0700
+++ ssldump-0.9b3-modified/ssl/ssldecode.c 2012-07-14 17:04:06.622785719 -0700
@@ -682,7 +682,7 @@ static int tls12_prf(ssl,secret,usage,rn
Data *sha_out=0;
Data *seed;
UCHAR *ptr;
- int i;
+ int i, dgi;
if(r=r_data_alloc(&sha_out,MAX(out->len,64))) /* assume max SHA512 */
ABORT(r);
@@ -694,9 +694,10 @@ static int tls12_prf(ssl,secret,usage,rn
memcpy(ptr,rnd2->data,rnd2->len); ptr+=rnd2->len;
/* Earlier versions of openssl didn't have SHA256 of course... */
- if ((md=EVP_get_digestbyname(digests[ssl->cs->dig-0x40])) == NULL) {
+ dgi = MAX(DIG_SHA256, ssl->cs->dig)-0x40;
+ if ((md=EVP_get_digestbyname(digests[dgi])) == NULL) {
DBG((0,"Cannot get EVP for digest %s, openssl library current?",
- digests[ssl->cs->dig-0x40]));
+ digests[dgi]));
ERETURN(SSL_BAD_MAC);
}
if(r=tls_P_hash(ssl,secret,seed,md,sha_out))
diff -pur ssldump-0.9b3/ssl/ssl_rec.c ssldump-0.9b3-modified/ssl/ssl_rec.c
--- ssldump-0.9b3/ssl/ssl_rec.c 2012-07-14 16:58:02.581306589 -0700
+++ ssldump-0.9b3-modified/ssl/ssl_rec.c 2012-07-14 17:03:11.322561686 -0700
@@ -198,7 +198,9 @@ int ssl_decode_rec_data(ssl,d,ct,version
ERETURN(r);
}
else{
- if (ssl->version>=0x0302) { /* for 1.1 and beyond, remove explicit IV */
+ /* TLS 1.1 and beyond: remove explicit IV, only used with
+ * non-stream ciphers. */
+ if (ssl->version>=0x0302 && ssl->cs->block > 1) {
UINT4 blk = ssl->cs->block;
if (blk <= *outl) {
*outl-=blk;
Hi,
I am very new with ssldump and having very limited knowledge about Linux.
Can you tell me procedure to install provided patch in F5 LTM?
My lab appliance currently running on 12.1.1 Hotfix HF2 on which I would like to install this patch.
Thanks in advance.
Regards,
Mihir