static void TestDecryptTls()
{
ShaPrfAlgorithm.Test100();
var secret = "64e2d01fa9bd9e7da52377465b6ce5d6e2fe37517d54199ed4d2714b4741494c7a702f972fd8d23a94ef89d9f0c3a880";
var clientRandom = "029b68c172bc58b0463396de16b69a64f49109a1af6e8ce177aabd7323645693";
var serverRandom = "79b72bc1cb4465b284b8796b65b08a4b6d8d741b36b5d75634ce612345e6f744";
var cipherBytes = new Span <byte>(File.ReadAllBytes("encrypted.raw"));
var prf = new ShaPrfAlgorithm();
var keyBlockBytes = prf.GetSecretBytes(ByteString.StringToByteArray(secret),
"key expansion",
ByteString.Combine(ByteString.StringToByteArray(serverRandom), ByteString.StringToByteArray(clientRandom)), 40);
var keyBlock = new TlsKeyBlock(keyBlockBytes, 0, 16, 4);
var sequenceNumber = 1ul;
var fixedNonce = keyBlock.ClientIV.Slice(0, 4);
var recordNonce = cipherBytes.Slice(0, 8);
// nonce = client_iv + sequence_id
var nonce = ByteString.Combine(fixedNonce.ToArray(), recordNonce.ToArray());
// additional_data = seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length;
// TLSCompressed.length = Length - recordIv.size - Mac.size
var additionalData = ByteString.Combine(
BitConverter.GetBytes(sequenceNumber).Reverse().ToArray(),
new byte[] { 0x17, 0x03, 0x03, 0x01, 0xc7 - (8 + 16) });
var gsm = new GcmBlockCipher(new AesEngine());
var plainBytes = TlsDecoder.DecryptAead(gsm, keyBlock.ClientWriteKey, nonce, cipherBytes.Slice(8), additionalData);
Console.WriteLine(Encoding.ASCII.GetString(plainBytes));
}
private static void DumpApplicationData(TlsDecoder tlsDecoder, TlsKeys tlsKeys, TlsPacket.TlsApplicationData tlsData, ulong seqNumber, string filename)
{
var plainBytes = tlsDecoder.DecryptApplicationData(tlsKeys, tlsData, seqNumber);
if (tlsDecoder.Compression == TlsPacket.CompressionMethods.Deflate)
{
plainBytes = tlsDecoder.Decompress(plainBytes);
}
File.WriteAllBytes($"{filename}.txt", plainBytes);
}
private static void DumpConversationContent(TlsDecoder tlsDecoder, TcpStreamConversation conversation, IEnumerable <TlsPacket.TlsApplicationData> clientDataRecords, IEnumerable <TlsPacket.TlsApplicationData> serverDataRecords)
{
var convKeyString = conversation.ConversationKey.ToString().Replace('>', '_').Replace(':', '_');
var clientKeys = tlsDecoder.KeyBlock.GetClientKeys();
foreach (var clientData in clientDataRecords.Select((x, i) => (Data: x, Seqnum: i + 1)))
{
DumpApplicationData(tlsDecoder, clientKeys, clientData.Data, (ulong)clientData.Seqnum, $"{convKeyString}-client-{clientData.Seqnum}");
}
var serverKeys = tlsDecoder.KeyBlock.GetServerKeys();
foreach (var serverData in serverDataRecords.Select((x, i) => (Data: x, Seqnum: i + 1)))
{
DumpApplicationData(tlsDecoder, serverKeys, serverData.Data, (ulong)serverData.Seqnum, $"{convKeyString}-server-{serverData.Seqnum}");
}
}
public TlsDecoderBuilder()
{
m_tlsDecoder = new TlsDecoder();
}
