1. 首页
  2. 问答
  3. TLS v 1.1 MAC计算

TLS v 1.1 MAC计算

2012-05-03 51 views
2

我想根据6.2.3.2 here中给出的细节使用CBC计算TLS v 1.1客户端完成的数据包的MAC地址!TLS v 1.1 MAC计算

以下是我写的函数:

def SendSSLPacket(self, hsMsg, seq, renegotiate): 
     rec = hsMsg 
     recLen = len(rec) 
     rec_len_packed = pack('>H', recLen) 

        # 
        # The following initIV is just for testing 
        # Will be replaced by random number later 
        # 
     initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02" 

     rec1 = "" 
     for index in range(0, len(rec)): 
      rec1 = rec1 + chr(ord(rec[index])^ord(initIV[index])) 

     self.seqNum = pack('>Q', seq) 

     m = hmac.new(initIV, 
      digestmod=sha1) 
     m.update(self.seqNum) 
     m.update("\x16") 
     m.update("\x03") 
     m.update("\x02") 
     m.update(rec_len_packed) 
     m.update(rec) 
     m = m.digest() 

     self.HexStrDisplay("Final MAC", Str2HexStr(m)) 

     currentLength = len(rec + m) + 1 
     blockLength = 16 
     pad_len = blockLength - \ 
      (currentLength % blockLength) 

     self.log("Padding Length: %s" % (str(pad_len))) 

     padding = '' 
     for iter in range(0, pad_len + 1): 
      padding = padding + \ 
      struct.pack('B', pad_len) 

     self.HexStrDisplay("Padding", Str2HexStr(padding)) 

     self.sslStruct['recordPlusMAC'] = \ 
      initIV + rec1 + m + padding 
     self.HexStrDisplay("Final Packet", Str2HexStr(
      self.sslStruct['recordPlusMAC'])) 

     if renegotiate == 1: 
      enc_hs_with_reneg = AES.new(self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr']) 
      encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC']) 


     if renegotiate == 0: 
      enc_hs_wo_reneg = AES.new(self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr']) 
      encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC']) 



     packLen = len(encryptedData) 

     self.sslStruct['encryptedRecordPlusMAC'] = \ 
      tls11RecHeaderDefault + \ 
      Pack2Bytes(packLen) + encryptedData 
     self.HexStrDisplay("Encrypted Packet", 
      Str2HexStr(self.sslStruct['encryptedRecordPlusMAC'])) 

     self.socket.send(
      self.sslStruct['encryptedRecordPlusMAC'])

服务器虽然抛出了以下错误:

3079400200:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:496:

这将是巨大的,如果有人可以帮助我找到了什么出错了

来源

2012-05-03 Deaf Ear

+0

使用计算器几点提示:不要忘了接受的答案(包括你自己)。检查您的标签,例如只是标记openssl不会将您的问题暴露给公众;至少使用[tag:加密]或[tag:cryptography]作为更一般的标签并指示您的编程语言。 –

回答

1

好吧,经过polarssl代码(看起来简单明了)

以下为我工作:

def SendSSLPacket(self, hsMsg, seq, renegotiate): 
     rec = hsMsg 
     recLen = len(rec) 
     rec_len_packed = pack('>H', recLen) 

     self.seqNum = pack('>Q', seq) 

     # 
     # The following initIV is just for testing 
     # Will be replaced by random number later 
     # 
     initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02" 


     m = hmac.new(self.sslStruct['wMacPtr'], 
      digestmod=sha1) 
     m.update(self.seqNum) 
     m.update("\x16") 
     m.update("\x03") 
     m.update("\x02") 
     m.update(rec_len_packed) 
     m.update(rec) 
     m = m.digest() 


     self.HexStrDisplay("Final MAC", Str2HexStr(m)) 

     currentLength = len(rec + m) + 1 
     blockLength = 16 
     pad_len = blockLength - \ 
      (currentLength % blockLength) 

     if pad_len == blockLength: 
      pad_len = 0 

     self.log("Padding Length: %s" % (str(pad_len))) 

     padding = '' 
     for iter in range(0, pad_len + 1): 
      padding = padding + \ 
      struct.pack('B', pad_len) 

     self.HexStrDisplay("Padding", Str2HexStr(padding)) 

     self.sslStruct['recordPlusMAC'] = \ 
      initIV + rec + m + padding 
     self.HexStrDisplay("Final Packet", Str2HexStr(
      self.sslStruct['recordPlusMAC'])) 

     if renegotiate == 1: 
      enc_hs_with_reneg = AES.new(self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr']) 
      encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC']) 

     if renegotiate == 0: 
      enc_hs_wo_reneg = AES.new(self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr']) 
      encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC']) 


     packLen = len(encryptedData) 

     self.sslStruct['encryptedRecordPlusMAC'] = \ 
      tls11RecHeaderDefault + \ 
      Pack2Bytes(packLen) + encryptedData 
     self.HexStrDisplay("Encrypted Packet", 
      Str2HexStr(self.sslStruct['encryptedRecordPlusMAC'])) 

     self.socket.send(
      self.sslStruct['encryptedRecordPlusMAC'])

来源

2012-05-04 07:13:44

+0

感谢您报告DeafEar,您可以接受您自己的答案(过一段时间后) –

相关问题

 相关问题