在SSL中解析ServerKeyExchange消息

时间:2016-03-24 00:30:45

标签: ssl tls1.2

我正在构建一个Java解析器来读取和处理SSL Handshake消息。每ietf spec,ServerKeyExchange消息表示如下:

struct {
      select (KeyExchangeAlgorithm) {
          case dh_anon:
              ServerDHParams params;
          case dhe_dss:
          case dhe_rsa:
              ServerDHParams params;
              digitally-signed struct {
                  opaque client_random[32];
                  opaque server_random[32];
                  ServerDHParams params;
              } signed_params;
          case rsa:
          case dh_dss:
          case dh_rsa:
              struct {} ;
             /* message is omitted for rsa, dh_dss, and dh_rsa */
          /* may be extended, e.g., for ECDH -- see [TLSECC] */
      };
  } ServerKeyExchange;

..而ServerDHParams的定义如下:

struct {
   opaque dh_p<1..2^16-1>;
   opaque dh_g<1..2^16-1>;
   opaque dh_Ys<1..2^16-1>;
} ServerDHParams;     /* Ephemeral DH parameters */

现在,当我使用wireshark查看包含Server Key Exchange实例的示例跟踪时,我看到的格式不符合上述定义:

Screenshot from wireshark

如何使用ietf定义来解析此类服务器密钥交换消息?

1 个答案:

答案 0 :(得分:1)

他们都是正确的。 DHE和ECDHE是不同的算法。 RFC 5246中的结构定义指定了DHE的消息格式,而在Wireshark中,您看到的是ECDHE密钥交换。对于ECDHE,您可以在RFC 4492中找到它的定义,这与您在WireShark中看到的相同:

ec_diffie_hellman: Indicates the ServerKeyExchange message contains an ECDH public key.

    select (KeyExchangeAlgorithm) {
        case ec_diffie_hellman:
            ServerECDHParams    params;
            Signature           signed_params;
    } ServerKeyExchange;

    struct {
        ECParameters    curve_params;
        ECPoint         public;
    } ServerECDHParams;
相关问题
最新问题