2
我想根据6.2.3.2 here中给出的细节使用CBC计算TLS v 1.1客户端完成的数据包的MAC地址!TLS v 1.1 MAC计算
以下是我写的函数:
def SendSSLPacket(self, hsMsg, seq, renegotiate):
rec = hsMsg
recLen = len(rec)
rec_len_packed = pack('>H', recLen)
#
# The following initIV is just for testing
# Will be replaced by random number later
#
initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"
rec1 = ""
for index in range(0, len(rec)):
rec1 = rec1 + chr(ord(rec[index])^ord(initIV[index]))
self.seqNum = pack('>Q', seq)
m = hmac.new(initIV,
digestmod=sha1)
m.update(self.seqNum)
m.update("\x16")
m.update("\x03")
m.update("\x02")
m.update(rec_len_packed)
m.update(rec)
m = m.digest()
self.HexStrDisplay("Final MAC", Str2HexStr(m))
currentLength = len(rec + m) + 1
blockLength = 16
pad_len = blockLength - \
(currentLength % blockLength)
self.log("Padding Length: %s" % (str(pad_len)))
padding = ''
for iter in range(0, pad_len + 1):
padding = padding + \
struct.pack('B', pad_len)
self.HexStrDisplay("Padding", Str2HexStr(padding))
self.sslStruct['recordPlusMAC'] = \
initIV + rec1 + m + padding
self.HexStrDisplay("Final Packet", Str2HexStr(
self.sslStruct['recordPlusMAC']))
if renegotiate == 1:
enc_hs_with_reneg = AES.new(self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'])
encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC'])
if renegotiate == 0:
enc_hs_wo_reneg = AES.new(self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'])
encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC'])
packLen = len(encryptedData)
self.sslStruct['encryptedRecordPlusMAC'] = \
tls11RecHeaderDefault + \
Pack2Bytes(packLen) + encryptedData
self.HexStrDisplay("Encrypted Packet",
Str2HexStr(self.sslStruct['encryptedRecordPlusMAC']))
self.socket.send(
self.sslStruct['encryptedRecordPlusMAC'])
服务器虽然抛出了以下错误:
3079400200:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:496:
这将是巨大的,如果有人可以帮助我找到了什么出错了
使用计算器几点提示:不要忘了接受的答案(包括你自己)。检查您的标签,例如只是标记openssl不会将您的问题暴露给公众;至少使用[tag:加密]或[tag:cryptography]作为更一般的标签并指示您的编程语言。 –