Unable to decrypt PSK based DTLS traffic which uses Connection ID
Summary
Pre-Shared Key based DTLS traffic, which uses Connection ID extension (RFC9146), is not decrypted by Wireshark after providing Pre-Shared Key.
Application layer protocol is CoAP.
Steps to reproduce
- Establish a DTLS connection with PSK authentication in a way that DTLS clients side uses Connection ID extension (https://datatracker.ietf.org/doc/html/rfc9146) and server side doesn't
- Collect pcap (including handshake + application layer communication)
- Open pcap in Wireshark and provide DTLS PSK to decrypt the traffic
- Check whether traffic is properly decrypted
What is the current bug behavior?
- Only server-initiated traffic (without Connection ID) is properly decrypted by Wireshark.
- Client-initiated traffic (DTLS packets with Connection ID) is not decrypted
What is the expected correct behavior?
- Providing valid PSK should decrypt the whole DTLS communication (including packets with Connection ID)
Sample capture file
coap-dtls-CID_363338383732313263396165376530373165353934393261.pcapng
Pre-shared key: 363338383732313263396165376530373165353934393261
- Packet n.9: server-initiated packet decrypted
- Packet n.10: client-initiated packet not decrypted
Relevant logs and/or screenshots
Build information
Version 4.0.1 (v4.0.1-0-ge9f3970b1527).
Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.32, build 31332),
with GLib 2.72.3, with PCRE2, with zlib 1.2.12, with Qt 5.15.2, with libpcap,
with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.10.1, with
Kerberos (MIT), with MaxMind, with nghttp2 1.46.0, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.14, with libsmi 0.4.8, with
QtMultimedia, with automatic updates using WinSparkle 0.5.7, with AirPcap, with
SpeexDSP (using bundled resampler), with Minizip, with binary plugins.
Running on 64-bit Windows 10 (21H2), build 19044, with Intel(R) Core(TM)
i5-8365U CPU @ 1.60GHz (with SSE4.2), with 40675 MB of physical memory, with
GLib 2.72.3, with PCRE2 10.40 2022-04-14, with Qt 5.15.2, with Npcap version
1.71, based on libpcap version 1.10.2-PRE-GIT, with c-ares 1.18.1, with GnuTLS
3.6.3, with Gcrypt 1.10.1, with nghttp2 1.46.0, with brotli 1.0.9, with LZ4
1.9.3, with Zstandard 1.5.2, without AirPcap, with light display mode, without
HiDPI, with LC_TYPE=English_United Kingdom.utf8, binary plugins supported.