TLS v 1.1 MAC计算

def SendSSLPacket(self, hsMsg, seq, renegotiate): rec = hsMsg recLen = len(rec) rec_len_packed = pack('>H', recLen) # # The following initIV is just for testing # Will be replaced by random number later # initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02" rec1 = "" for index in range(0, len(rec)): rec1 = rec1 + chr(ord(rec[index]) ^ ord(initIV[index])) self.seqNum = pack('>Q', seq) m = hmac.new(initIV, digestmod=sha1) m.update(self.seqNum) m.update("\x16") m.update("\x03") m.update("\x02") m.update(rec_len_packed) m.update(rec) m = m.digest() self.HexStrDisplay("Final MAC", Str2HexStr(m)) currentLength = len(rec + m) + 1 blockLength = 16 pad_len = blockLength - \ (currentLength % blockLength) self.log("Padding Length: %s" % (str(pad_len))) padding = '' for iter in range(0, pad_len + 1): padding = padding + \ struct.pack('B', pad_len) self.HexStrDisplay("Padding", Str2HexStr(padding)) self.sslStruct['recordPlusMAC'] = \ initIV + rec1 + m + padding self.HexStrDisplay("Final Packet", Str2HexStr( self.sslStruct['recordPlusMAC'])) if renegotiate == 1: enc_hs_with_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr']) encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC']) if renegotiate == 0: enc_hs_wo_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'] ) encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC']) packLen = len(encryptedData) self.sslStruct['encryptedRecordPlusMAC'] = \ tls11RecHeaderDefault + \ Pack2Bytes(packLen) + encryptedData self.HexStrDisplay("Encrypted Packet", Str2HexStr(self.sslStruct['encryptedRecordPlusMAC'])) self.socket.send( self.sslStruct['encryptedRecordPlusMAC'])

1条回答

网友

1楼 · 发布于 2024-09-28 21:33:35

好吧，通过了polarssl代码（看起来简单明了）

以下几点对我有用：

def SendSSLPacket(self, hsMsg, seq, renegotiate):
        rec = hsMsg
        recLen = len(rec)
        rec_len_packed = pack('>H', recLen)

        self.seqNum = pack('>Q', seq)

        #
        # The following initIV is just for testing
        # Will be replaced by random number later
        #
        initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"


        m = hmac.new(self.sslStruct['wMacPtr'], 
            digestmod=sha1)
        m.update(self.seqNum)
        m.update("\x16")
        m.update("\x03")
        m.update("\x02")
        m.update(rec_len_packed)
        m.update(rec)
        m = m.digest()


        self.HexStrDisplay("Final MAC", Str2HexStr(m))

        currentLength = len(rec + m) + 1
        blockLength = 16
        pad_len = blockLength - \
            (currentLength % blockLength)

        if pad_len == blockLength:
            pad_len = 0

        self.log("Padding Length: %s" % (str(pad_len)))

        padding = ''
        for iter in range(0, pad_len + 1):
            padding = padding + \
            struct.pack('B', pad_len)

        self.HexStrDisplay("Padding", Str2HexStr(padding))

        self.sslStruct['recordPlusMAC'] = \
            initIV + rec + m + padding
        self.HexStrDisplay("Final Packet", Str2HexStr(
            self.sslStruct['recordPlusMAC']))

        if renegotiate == 1:
            enc_hs_with_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr'])
            encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC'])

        if renegotiate == 0:
            enc_hs_wo_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr'] )
            encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC'])


        packLen = len(encryptedData)

        self.sslStruct['encryptedRecordPlusMAC'] = \
            tls11RecHeaderDefault + \
            Pack2Bytes(packLen) + encryptedData
        self.HexStrDisplay("Encrypted Packet",
            Str2HexStr(self.sslStruct['encryptedRecordPlusMAC']))

        self.socket.send(
            self.sslStruct['encryptedRecordPlusMAC'])

相关问题更多 >

编程相关推荐

热门问题

热门文章