Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
843 views
in Technique[技术] by (71.8m points)

c - How do I extract the pre-master secret using an OpenSSL-based client?

I have an application I'm making that uses OpenSSL 1.0.2 and I'd like to examine the traffic with Wireshark. Wireshark can (allegedly) decrypt TLS conversations provided you give it the pre-master secret.

If I'm using a cipher suite like TLS_RSA_WITH_AES_256_CBC_SHA256; can anyone tell me how to get the pre-master secret out of an SSL or SSL_CTX struct? I'm OK with hacking opaque structures within the SSL object - this isn't for anything that would ship in a product; I just want to know how to populate a pre-master secret file for Wireshark.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I recommend using the master key, which is easier to get at. To the best of my knowledge the pre-master key only exists ephemerally on the stack in OpenSSL. The master key is available in ssl_session_st (defined in ssl.h in the 1.0.2 branch but moved to ssl_locl.h in a later version). The SSL member variable session is a pointer to its ssl_session_st (aka SSL_SESSION).

Wireshark can use the master key as well as the pre-master key to decrypt connections. Here are the formats that Wireshark supports as of this writing:

  • RSA xxxx yyyy Where xxxx are the first 8 bytes of the encrypted pre-master secret (hex-encoded) Where yyyy is the cleartext pre-master secret (hex-encoded) (this is the original format introduced with bug 4349)

  • RSA Session-ID:xxxx Master-Key:yyyy Where xxxx is the SSL session ID (hex-encoded) Where yyyy is the cleartext master secret (hex-encoded) (added to support openssl s_client Master-Key output) This is somewhat is a misnomer because there's nothing RSA specific about this.

  • PMS_CLIENT_RANDOM xxxx yyyy Where xxxx is the client_random from the ClientHello (hex-encoded) Where yyyy is the cleartext pre-master secret (hex-encoded) (This format allows SSL connections to be decrypted, if a user can capture the PMS but could not recover the MS for a specific session with a SSL Server.)

  • CLIENT_RANDOM xxxx yyyy Where xxxx is the client_random from the ClientHello (hex-encoded) Where yyyy is the cleartext master secret (hex-encoded) (This format allows non-RSA SSL connections to be decrypted, i.e. ECDHE-RSA.)

Note that neither the pre-master key nor the master key is the symmetric key (your question title implies that you may think it is). The symmetric key is derived from the master key and client/server random data.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...