1 Topic by SheldonCooper (edited by SheldonCooper 2015-03-02 05:31:44)

  • Registered: 2011-05-31
  • Posts: 24

Topic: DeriveKeys function in keys.c

Hey All,
I was trying to run the snakeoil2.pcap example from wireshark (decrypt ssl with a known private server key). it appears that the sniffer is having some trouble with this file - intially missing the client hello, and after some modificatinos reachingthe DriveKeys function in keys.c where where the "rounds" parameter was calculated to be 9.
this results in a call to SetPrefix (also found in keys.c) with idx value > 6 - which is not a covered as part of the switch case over there.
1. Is 9 a reasonable value to obtain for "rounds"?
2. should the snakeoil2 example be decrypted at all? or is it unsupported for whichever reasons? (which?)

you can obtain the sample capture file and matching key file by downloading snakeoil2_070531.tgz from
http://wiki.wireshark.org/SampleCaptures
or direct link to the download:
http://wiki.wireshark.org/SampleCapture … 070531.tgz


thanks in advance,

DanC

Share

  • todd
  • Moderator
  • Offline
  • Registered: 2010-10-21
  • Posts: 98

Re: DeriveKeys function in keys.c

Hi DanC,

That trace has an SSLv3 AES-256bit key.  Technically AES cipher suites are TLS cipher suites.  wolfSSL in SSL v3 mode, which should NOT be used any longer, has enough rounds for the SSL v3 cipher suites.  We won't be enhancing SSL v3, in fact, we are completely phasing it out of our embedded SSL library.

I hope that helps,
-Todd

Share