[openssl-users] Need some information about TLS with AES-GCM

Medulla Oblongata medulla_oblongata at outlook.com
Thu Mar 3 16:07:56 UTC 2016

I'm running server and client and they communicate using DTLS over UDP and cipher suite in use is AES-GCM-SHA384.
What i want to do here is to decrypt the packets which are sent by the client but i keep failing to do so.
To do this i obviously need the clients write key, nonce, the actual encrypted data and the additional data like it's specified here https://tools.ietf.org/html/rfc5246 in section
The key is the easy part, that i can get from the client. 
Next part is the nonce, which to my understanding and according to this https://tools.ietf.org/html/rfc5116 document is built from 2 parts, the explicit part which is the first 8 bytes after the UDP header just before the ciphertext and the 4 byte salt which is negotiated during the handshake, those two are then concatenated (salt + 8bytes of data) and this is then used as a 12 byte initialization vector.
Then there is the additional data which according to this https://tools.ietf.org/html/rfc5246 (section is:seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length
Now, what i would like to do is to use https://raw.githubusercontent.com/openssl/openssl/master/demos/evp/aesgcm.c this as a template and decrypt the data that's in the packet but when i plug in the encrypted data, key, aad and IV it just fails.
The only problem here is with the tag which is used in the example after the data is decrypted and before the EVP_DecryptFinal_ex function is called. I assume that it is appended to the data before encryption and i have to get it after the data is decrypted, is this correct?
So question is, what im doing wrong? Do i derive the IV and additional data correctly? 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160303/ead718b9/attachment.html>

More information about the openssl-users mailing list