在我研究这个问题时遇到的很多例子中,提到了长度= 12。
然而:
根据RFC,在较旧版本中,verify_data长度始终为12。但是,在TLS 1.2中,长度可能更长 - 取决于密码套件。
struct {
opaque verify_data[verify_data_length];
} Finished;
verify_data
PRF(master_secret, finished_label, Hash(handshake_messages))
[0..verify_data_length-1];
In previous versions of TLS, the verify_data was always 12 octets
long. In the current version of TLS, it depends on the cipher
suite. Any cipher suite which does not explicitly specify
verify_data_length has a verify_data_length equal to 12. This
includes all existing cipher suites. Note that this
representation has the same encoding as with previous versions.
Future cipher suites MAY specify other lengths but such length
MUST be at least 12 bytes.
verify_data使用某种算法定义为PRF。 AFAIK和根据rfc4868,当使用SHA384时,PRF输出长度将是48而不是12。
PRF-HMAC-SHA-384 = afd03944d84895626b0825f4ab46907f
15f9dadbe4101ec682aa034c7cebc59c
faea9ea9076ede7f4af152e8b2fa9cb6
我还记录了使用SHA384的SSL流的PCAP,并且verify_data长度为12:
使用SHA384时,结束消息的结构和长度应该是什么?
谢谢!