1
在研究这个问题时遇到的很多例子中,提到了长度= 12。TLS 1.2 SHA384:“Finished”消息中verify_data的长度应该是多少?
但是:
按照RFC,verify_data长度总是12 较旧版本的。但是,在TLS 1.2中,长度可能会更长 - 取决于密码套件。
struct {
opaque verify_data[verify_data_length];
} Finished;
verify_data
PRF(master_secret, finished_label, Hash(handshake_messages))
[0..verify_data_length-1];
In previous versions of TLS, the verify_data was always 12 octets
long. In the current version of TLS, it depends on the cipher
suite. Any cipher suite which does not explicitly specify
verify_data_length has a verify_data_length equal to 12. This
includes all existing cipher suites. Note that this
representation has the same encoding as with previous versions.
Future cipher suites MAY specify other lengths but such length
MUST be at least 12 bytes.
verify_data被定义为使用某种算法的PRF。 AFAIK并根据rfc4868,使用SHA384的情况下,输出PRF长度将是48而不是12。
PRF-HMAC-SHA-384 = afd03944d84895626b0825f4ab46907f
15f9dadbe4101ec682aa034c7cebc59c
faea9ea9076ede7f4af152e8b2fa9cb6
我还记录了使用SHA384的SSL流的PCAP和verify_data长度为12:
使用SHA384时应该是什么结构,完成消息的长度是多少?
谢谢!