Skip to content

Fix dissection of TLS communication with NULL Cipher. #1986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 22, 2019
Merged

Fix dissection of TLS communication with NULL Cipher. #1986

merged 1 commit into from
Jun 22, 2019

Conversation

wasilukm
Copy link
Contributor

@wasilukm wasilukm commented Apr 13, 2019
edited
Loading

Due to invalid handling of TLS record length, fields (MSG and MAC) were
incorrectly interpreted in packets encrypted with NULL Cipher.

fixes #1976

@codecov
Copy link

codecov bot commented Apr 13, 2019
edited
Loading

Codecov Report

Merging #1986 into master will decrease coverage by 1.49%.
The diff coverage is 85.71%.

@@            Coverage Diff            @@
##           master    #1986     +/-   ##
=========================================
- Coverage   85.87%   84.37%   -1.5%     
=========================================
  Files         187      187             
  Lines       43007    43007             
=========================================
- Hits        36933    36288    -645     
- Misses       6074     6719    +645
Impacted Files Coverage Δ
scapy/layers/tls/record.py 91.22% <100%> (-0.88%) ⬇️
scapy/layers/tls/cert.py 84.27% <83.33%> (ø) ⬆️
scapy/contrib/cansocket_python_can.py 37.7% <0%> (-54.1%) ⬇️
scapy/contrib/cansocket_native.py 29.57% <0%> (-50.71%) ⬇️
scapy/arch/linux.py 52.14% <0%> (-22.42%) ⬇️
scapy/contrib/isotp.py 65.97% <0%> (-22.34%) ⬇️
scapy/supersocket.py 53.87% <0%> (-18.22%) ⬇️
scapy/arch/common.py 78.26% <0%> (-13.05%) ⬇️
scapy/arch/pcapdnet.py 47.81% <0%> (-9.23%) ⬇️
scapy/layers/l2.py 75.43% <0%> (-8.94%) ⬇️
... and 23 more

@gpotter2
Copy link
Member

It would be great if you could add a unit test for that. For instance a packet to dissect. See the .uts files in test/.

The format is custom (historic reasons), but quite self explicit 😄

@wasilukm
Copy link
Contributor Author

Yeah I'm woring on UT.
BTW. I wonder why coverage report is so bad.

@gpotter2
Copy link
Member

gpotter2 commented Apr 14, 2019
edited
Loading

The Travis tests didn't because it's a draft.
We can't do much about this, therefore only Windows tests (AppVeyor) were launched

@wasilukm wasilukm force-pushed the fix/tls/null_cipher_dissect branch from a211881 to 4182fb3 Compare April 14, 2019 22:05
@wasilukm wasilukm marked this pull request as ready for review April 14, 2019 22:05
@gpotter2 gpotter2 added the tls label Apr 15, 2019
gpotter2
gpotter2 reviewed Apr 15, 2019
View reviewed changes
@wasilukm wasilukm force-pushed the fix/tls/null_cipher_dissect branch 2 times, most recently from a13c347 to 076c355 Compare April 15, 2019 20:00
wasilukm
wasilukm commented Apr 15, 2019
View reviewed changes
@wasilukm wasilukm force-pushed the fix/tls/null_cipher_dissect branch 2 times, most recently from 8abee7d to cfbc067 Compare April 16, 2019 20:32
@wasilukm
Fix dissection of TLS communication with NULL Cipher.
31ec77b 
Due to invalid handling of TLS record length, fields (MSG and MAC) were
incorrectly interpreted in packets encrypted with NULL Cipher.
@wasilukm wasilukm force-pushed the fix/tls/null_cipher_dissect branch from cfbc067 to 31ec77b Compare April 16, 2019 20:54
@wasilukm
Copy link
Contributor Author

@gpotter2 is anything else which needs to be addressed? Could you please consider approving the change?

@gpotter2
Copy link
Member

Looks okay to me, though I'm not familiar enough with TLS to confirm it won't break anything.
Other maintainers will merge it :-)

@gpotter2 gpotter2 mentioned this pull request Apr 23, 2019
Closed
27 tasks
@gpotter2
Copy link
Member

I had another look at this. The fix you've done seems wrong.

The code clearly says the deciphered_len should only be defined when something was actually deciphered (not the case with a null encoding), therefore the issue is more likely in the place that uses deciphered_len

@wasilukm
Copy link
Contributor Author

@gpotter2 thanks for the feedback.
I would assume that null cipher automatically becomes deciphered but I may be wrong as I'm not TLS expert.
Do you have any clue where to look?

@p-l- p-l- merged commit 10af736 into secdev:master Jun 22, 2019
@guedou
Copy link
Member

guedou commented Jun 22, 2019 via email

@wasilukm wasilukm deleted the fix/tls/null_cipher_dissect branch June 24, 2019 07:13
gpotter2 added a commit that referenced this pull request Jun 29, 2019
@gpotter2
Revert small part of #1986
59b60ae
@gpotter2 gpotter2 mentioned this pull request Jun 29, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpotter2 gpotter2 gpotter2 approved these changes

Assignees
No one assigned
Labels
tls
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dissecting TLS with NULL cipher
4 participants
@wasilukm @gpotter2 @guedou @p-l-