summaryrefslogtreecommitdiff
path: root/decrypt
diff options
context:
space:
mode:
authorPeter Wu <lekensteyn@gmail.com>2013-10-01 22:52:34 +0200
committerPeter Wu <lekensteyn@gmail.com>2013-10-01 22:52:34 +0200
commit7bb3df540d659fe6c674a26b9a10704629a9bf6f (patch)
treee258923ca1a7be9d23d9f2fc758501f09b717de0 /decrypt
parent4f49800cadaa467aadfbe079de6392f72a1232d8 (diff)
downloadwireshark-notes-7bb3df540d659fe6c674a26b9a10704629a9bf6f.tar.gz
decrypt: support other ciphers, handle smaller key material
Diffstat (limited to 'decrypt')
-rwxr-xr-xdecrypt44
1 files changed, 36 insertions, 8 deletions
diff --git a/decrypt b/decrypt
index e1300bd..b5a20c9 100755
--- a/decrypt
+++ b/decrypt
@@ -4,14 +4,14 @@
#IV=
#KEY=
-C=aes-256-cbc
+C=${CIPHER:-aes-256-cbc}
if [ $# -ge 2 -a $# -le 3 ]; then
debug_file="$1"
mode=$2
start_frame=$3
- eval $(awk -vstart_frame=$start_frame '
+ material=$(awk -vstart_frame=$start_frame '
function try_name(name) {
if (frame >= start_frame && !found[name]) {
key_name = name;
@@ -20,8 +20,9 @@ function try_name(name) {
}
/^\| / {
if (key_name) {
- for (i=2; i<18; i++)
- key = key $i;
+ # handle at most 16 bytes of hex data
+ key = substr($0, 3, 3 * 16);
+ gsub(/ /, "", key);
}
}
! /^\| / {
@@ -38,6 +39,9 @@ function try_name(name) {
/^Server Write IV/ { try_name("SIV"); }
' "$debug_file")
+ [ -z "${SHOWKEYS:+x}" ] || echo "$material" >&2
+ eval "$material"
+
[ -z "$IV" ] || echo "Warning: IV from debug won't be used" >&2
[ -z "$KEY" ] || echo "Warning: KEY from debug won't be used" >&2
@@ -57,8 +61,23 @@ function try_name(name) {
elif [ $# -lt 2 ]; then
if [ -z "$IV" -o -z "$KEY" ]; then
- echo "Usage: echo hh hh.. | $0 debug-file mode [start frame]" >&2
- echo "Usage: IV=... KEY=... $0 hh hh hh hh.." >&2
+ cat <<EOF >&2
+Usage: echo hh hh.. | $0 debug-file mode [start-frame]
+Usage: IV=... KEY=... $0 hh hh hh hh..
+
+debug-file is created with 'wireshark -o ssl.debug_file:debug-file'
+
+mode is either c(lient) or s(server).
+
+Only the first Master Secret starting at or after start-frame are used (if
+omitted, it will use the first occurrence).
+
+The CIPHER environment variable (default: aes-256-cbc) can be used to specify to
+cipher.
+
+Set the SHOWKEYS envvar to show the keys and ciphers extracted from the debug
+file.
+EOF
exit 1
fi
fi
@@ -67,8 +86,17 @@ if [ $# -gt 3 ]; then
echo "$*"
else
awk '
-/^\| / { for (i=2; i<18; i++) print $i; }
-! /^\| / { print; }
+{
+ for (i=1; i<NF; i++) {
+ if ($i ~ /^[0-9a-fA-F]{2}/) {
+ print $i;
+ } else if (i > 1) {
+ # do not stop for at the first | in "| 12 34 |", but at
+ # the last "|"
+ break;
+ }
+ }
+}
'
fi |
xxd -ps -r |