TLS v 1.1 MAC计算

时间:2012-05-03 12:55:22

标签: python cryptography ssl

我正在尝试根据6.2.3.2 here一节中给出的详细信息,使用CBC计算TLS v 1.1 Client Finished数据包的MAC!

以下是我写的函数:

def SendSSLPacket(self, hsMsg, seq, renegotiate):
        rec = hsMsg
        recLen = len(rec)
        rec_len_packed = pack('>H', recLen)

                    #
                    # The following initIV is just for testing
                    # Will be replaced by random number later
                    #
        initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"

        rec1 = ""
        for index in range(0, len(rec)):
            rec1 = rec1 + chr(ord(rec[index]) ^ ord(initIV[index]))

        self.seqNum = pack('>Q', seq)

        m = hmac.new(initIV, 
            digestmod=sha1)
        m.update(self.seqNum)
        m.update("\x16")
        m.update("\x03")
        m.update("\x02")
        m.update(rec_len_packed)
        m.update(rec)
        m = m.digest()

        self.HexStrDisplay("Final MAC", Str2HexStr(m))

        currentLength = len(rec + m) + 1
        blockLength = 16
        pad_len = blockLength - \
            (currentLength % blockLength)

        self.log("Padding Length: %s" % (str(pad_len)))

        padding = ''
        for iter in range(0, pad_len + 1):
            padding = padding + \
            struct.pack('B', pad_len)

        self.HexStrDisplay("Padding", Str2HexStr(padding))

        self.sslStruct['recordPlusMAC'] = \
            initIV + rec1 + m + padding
        self.HexStrDisplay("Final Packet", Str2HexStr(
            self.sslStruct['recordPlusMAC']))

        if renegotiate == 1:
            enc_hs_with_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'])
            encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC'])


        if renegotiate == 0:
            enc_hs_wo_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'] )
            encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC'])



        packLen = len(encryptedData)

        self.sslStruct['encryptedRecordPlusMAC'] = \
            tls11RecHeaderDefault + \
            Pack2Bytes(packLen) + encryptedData
        self.HexStrDisplay("Encrypted Packet",
            Str2HexStr(self.sslStruct['encryptedRecordPlusMAC']))

        self.socket.send(
            self.sslStruct['encryptedRecordPlusMAC'])

服务器虽然抛出了以下错误:

3079400200:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:496:

如果有人可以帮助我找出问题,那就太棒了

1 个答案:

答案 0 :(得分:1)

嗯,完成了polarssl代码(看起来简单明了)

以下对我有用:

def SendSSLPacket(self, hsMsg, seq, renegotiate):
        rec = hsMsg
        recLen = len(rec)
        rec_len_packed = pack('>H', recLen)

        self.seqNum = pack('>Q', seq)

        #
        # The following initIV is just for testing
        # Will be replaced by random number later
        #
        initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"


        m = hmac.new(self.sslStruct['wMacPtr'], 
            digestmod=sha1)
        m.update(self.seqNum)
        m.update("\x16")
        m.update("\x03")
        m.update("\x02")
        m.update(rec_len_packed)
        m.update(rec)
        m = m.digest()


        self.HexStrDisplay("Final MAC", Str2HexStr(m))

        currentLength = len(rec + m) + 1
        blockLength = 16
        pad_len = blockLength - \
            (currentLength % blockLength)

        if pad_len == blockLength:
            pad_len = 0

        self.log("Padding Length: %s" % (str(pad_len)))

        padding = ''
        for iter in range(0, pad_len + 1):
            padding = padding + \
            struct.pack('B', pad_len)

        self.HexStrDisplay("Padding", Str2HexStr(padding))

        self.sslStruct['recordPlusMAC'] = \
            initIV + rec + m + padding
        self.HexStrDisplay("Final Packet", Str2HexStr(
            self.sslStruct['recordPlusMAC']))

        if renegotiate == 1:
            enc_hs_with_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr'])
            encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC'])

        if renegotiate == 0:
            enc_hs_wo_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr'] )
            encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC'])


        packLen = len(encryptedData)

        self.sslStruct['encryptedRecordPlusMAC'] = \
            tls11RecHeaderDefault + \
            Pack2Bytes(packLen) + encryptedData
        self.HexStrDisplay("Encrypted Packet",
            Str2HexStr(self.sslStruct['encryptedRecordPlusMAC']))

        self.socket.send(
            self.sslStruct['encryptedRecordPlusMAC'])