I have the Client Random and Master Secret. It was written by FF like stated here. So I have the Master Secret in a 96 Bytes Hexvalue. Can someone tell where in the Source Code of wireshark I can find the function that takes this value and calculates the 128 or 256 bit AES Key for calculating the KeyBlock (where can find that function too?) which is needed to decrypt the SSL data. Thanks! asked 24 Mar '16, 05:02  monkey521 |
One Answer:
If you would like to know how keys are derived from this master secret, have a look at RFC 5246 section 6.3 (TLS 1.2, Key Calculation). As for the Wireshark source code, have a look at epan/dissectors/packet-ssl-utils.c, function ssl_generate_keyring_material. You can also enable the SSL debug log at the SSL protocol preferences and read the generated file for better understanding. answered 24 Mar '16, 07:40  Lekensteyn |
thank you this looks like what i have been looking for. now i need to learn some c to translate it into java ;)