1. 首頁
  2. 問答
  3. TLS v 1.1 MAC計算

TLS v 1.1 MAC計算

2012-05-03 78 views
2

我想根據6.2.3.2 here中給出的細節使用CBC計算TLS v 1.1客戶端完成的數據包的MAC地址!TLS v 1.1 MAC計算

以下是我寫的函數:

def SendSSLPacket(self, hsMsg, seq, renegotiate): 
     rec = hsMsg 
     recLen = len(rec) 
     rec_len_packed = pack('>H', recLen) 

        # 
        # The following initIV is just for testing 
        # Will be replaced by random number later 
        # 
     initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02" 

     rec1 = "" 
     for index in range(0, len(rec)): 
      rec1 = rec1 + chr(ord(rec[index])^ord(initIV[index])) 

     self.seqNum = pack('>Q', seq) 

     m = hmac.new(initIV, 
      digestmod=sha1) 
     m.update(self.seqNum) 
     m.update("\x16") 
     m.update("\x03") 
     m.update("\x02") 
     m.update(rec_len_packed) 
     m.update(rec) 
     m = m.digest() 

     self.HexStrDisplay("Final MAC", Str2HexStr(m)) 

     currentLength = len(rec + m) + 1 
     blockLength = 16 
     pad_len = blockLength - \ 
      (currentLength % blockLength) 

     self.log("Padding Length: %s" % (str(pad_len))) 

     padding = '' 
     for iter in range(0, pad_len + 1): 
      padding = padding + \ 
      struct.pack('B', pad_len) 

     self.HexStrDisplay("Padding", Str2HexStr(padding)) 

     self.sslStruct['recordPlusMAC'] = \ 
      initIV + rec1 + m + padding 
     self.HexStrDisplay("Final Packet", Str2HexStr(
      self.sslStruct['recordPlusMAC'])) 

     if renegotiate == 1: 
      enc_hs_with_reneg = AES.new(self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr']) 
      encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC']) 


     if renegotiate == 0: 
      enc_hs_wo_reneg = AES.new(self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr']) 
      encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC']) 



     packLen = len(encryptedData) 

     self.sslStruct['encryptedRecordPlusMAC'] = \ 
      tls11RecHeaderDefault + \ 
      Pack2Bytes(packLen) + encryptedData 
     self.HexStrDisplay("Encrypted Packet", 
      Str2HexStr(self.sslStruct['encryptedRecordPlusMAC'])) 

     self.socket.send(
      self.sslStruct['encryptedRecordPlusMAC'])

服務器雖然拋出了以下錯誤:

3079400200:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:496:

這將是巨大的,如果有人可以幫助我找到了什麼出錯了

來源

2012-05-03 Deaf Ear

+0

使用計算器幾點提示:不要忘了接受的答案(包括你自己)。檢查您的標籤,例如只是標記openssl不會將您的問題暴露給公衆;至少使用[tag:加密]或[tag:cryptography]作爲更一般的標籤並指示您的編程語言。 –

回答

1

好吧,經過polarssl代碼(看起來簡單明瞭)

以下爲我工作:

def SendSSLPacket(self, hsMsg, seq, renegotiate): 
     rec = hsMsg 
     recLen = len(rec) 
     rec_len_packed = pack('>H', recLen) 

     self.seqNum = pack('>Q', seq) 

     # 
     # The following initIV is just for testing 
     # Will be replaced by random number later 
     # 
     initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02" 


     m = hmac.new(self.sslStruct['wMacPtr'], 
      digestmod=sha1) 
     m.update(self.seqNum) 
     m.update("\x16") 
     m.update("\x03") 
     m.update("\x02") 
     m.update(rec_len_packed) 
     m.update(rec) 
     m = m.digest() 


     self.HexStrDisplay("Final MAC", Str2HexStr(m)) 

     currentLength = len(rec + m) + 1 
     blockLength = 16 
     pad_len = blockLength - \ 
      (currentLength % blockLength) 

     if pad_len == blockLength: 
      pad_len = 0 

     self.log("Padding Length: %s" % (str(pad_len))) 

     padding = '' 
     for iter in range(0, pad_len + 1): 
      padding = padding + \ 
      struct.pack('B', pad_len) 

     self.HexStrDisplay("Padding", Str2HexStr(padding)) 

     self.sslStruct['recordPlusMAC'] = \ 
      initIV + rec + m + padding 
     self.HexStrDisplay("Final Packet", Str2HexStr(
      self.sslStruct['recordPlusMAC'])) 

     if renegotiate == 1: 
      enc_hs_with_reneg = AES.new(self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr']) 
      encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC']) 

     if renegotiate == 0: 
      enc_hs_wo_reneg = AES.new(self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr']) 
      encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC']) 


     packLen = len(encryptedData) 

     self.sslStruct['encryptedRecordPlusMAC'] = \ 
      tls11RecHeaderDefault + \ 
      Pack2Bytes(packLen) + encryptedData 
     self.HexStrDisplay("Encrypted Packet", 
      Str2HexStr(self.sslStruct['encryptedRecordPlusMAC'])) 

     self.socket.send(
      self.sslStruct['encryptedRecordPlusMAC'])

來源

2012-05-04 07:13:44

+0

感謝您報告DeafEar,您可以接受您自己的答案(過一段時間後) –

相關問題

 相關問題