我正在尝试根据6.2.3.2 here一节中给出的详细信息,使用CBC计算TLS v 1.1 Client Finished数据包的MAC!
以下是我写的函数:
def SendSSLPacket(self, hsMsg, seq, renegotiate):
rec = hsMsg
recLen = len(rec)
rec_len_packed = pack('>H', recLen)
#
# The following initIV is just for testing
# Will be replaced by random number later
#
initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"
rec1 = ""
for index in range(0, len(rec)):
rec1 = rec1 + chr(ord(rec[index]) ^ ord(initIV[index]))
self.seqNum = pack('>Q', seq)
m = hmac.new(initIV,
digestmod=sha1)
m.update(self.seqNum)
m.update("\x16")
m.update("\x03")
m.update("\x02")
m.update(rec_len_packed)
m.update(rec)
m = m.digest()
self.HexStrDisplay("Final MAC", Str2HexStr(m))
currentLength = len(rec + m) + 1
blockLength = 16
pad_len = blockLength - \
(currentLength % blockLength)
self.log("Padding Length: %s" % (str(pad_len)))
padding = ''
for iter in range(0, pad_len + 1):
padding = padding + \
struct.pack('B', pad_len)
self.HexStrDisplay("Padding", Str2HexStr(padding))
self.sslStruct['recordPlusMAC'] = \
initIV + rec1 + m + padding
self.HexStrDisplay("Final Packet", Str2HexStr(
self.sslStruct['recordPlusMAC']))
if renegotiate == 1:
enc_hs_with_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'])
encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC'])
if renegotiate == 0:
enc_hs_wo_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'] )
encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC'])
packLen = len(encryptedData)
self.sslStruct['encryptedRecordPlusMAC'] = \
tls11RecHeaderDefault + \
Pack2Bytes(packLen) + encryptedData
self.HexStrDisplay("Encrypted Packet",
Str2HexStr(self.sslStruct['encryptedRecordPlusMAC']))
self.socket.send(
self.sslStruct['encryptedRecordPlusMAC'])
服务器虽然抛出了以下错误:
3079400200:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:496:
如果有人可以帮助我找出问题,那就太棒了
答案 0 :(得分:1)
嗯,完成了polarssl代码(看起来简单明了)
以下对我有用:
def SendSSLPacket(self, hsMsg, seq, renegotiate):
rec = hsMsg
recLen = len(rec)
rec_len_packed = pack('>H', recLen)
self.seqNum = pack('>Q', seq)
#
# The following initIV is just for testing
# Will be replaced by random number later
#
initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"
m = hmac.new(self.sslStruct['wMacPtr'],
digestmod=sha1)
m.update(self.seqNum)
m.update("\x16")
m.update("\x03")
m.update("\x02")
m.update(rec_len_packed)
m.update(rec)
m = m.digest()
self.HexStrDisplay("Final MAC", Str2HexStr(m))
currentLength = len(rec + m) + 1
blockLength = 16
pad_len = blockLength - \
(currentLength % blockLength)
if pad_len == blockLength:
pad_len = 0
self.log("Padding Length: %s" % (str(pad_len)))
padding = ''
for iter in range(0, pad_len + 1):
padding = padding + \
struct.pack('B', pad_len)
self.HexStrDisplay("Padding", Str2HexStr(padding))
self.sslStruct['recordPlusMAC'] = \
initIV + rec + m + padding
self.HexStrDisplay("Final Packet", Str2HexStr(
self.sslStruct['recordPlusMAC']))
if renegotiate == 1:
enc_hs_with_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr'])
encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC'])
if renegotiate == 0:
enc_hs_wo_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr'] )
encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC'])
packLen = len(encryptedData)
self.sslStruct['encryptedRecordPlusMAC'] = \
tls11RecHeaderDefault + \
Pack2Bytes(packLen) + encryptedData
self.HexStrDisplay("Encrypted Packet",
Str2HexStr(self.sslStruct['encryptedRecordPlusMAC']))
self.socket.send(
self.sslStruct['encryptedRecordPlusMAC'])