我正试图根据6.2.3.2here中给出的细节,使用CBC计算tlsv1.1客户端完成包的MAC!在
以下是我编写的函数:
def SendSSLPacket(self, hsMsg, seq, renegotiate):
rec = hsMsg
recLen = len(rec)
rec_len_packed = pack('>H', recLen)
#
# The following initIV is just for testing
# Will be replaced by random number later
#
initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"
rec1 = ""
for index in range(0, len(rec)):
rec1 = rec1 + chr(ord(rec[index]) ^ ord(initIV[index]))
self.seqNum = pack('>Q', seq)
m = hmac.new(initIV,
digestmod=sha1)
m.update(self.seqNum)
m.update("\x16")
m.update("\x03")
m.update("\x02")
m.update(rec_len_packed)
m.update(rec)
m = m.digest()
self.HexStrDisplay("Final MAC", Str2HexStr(m))
currentLength = len(rec + m) + 1
blockLength = 16
pad_len = blockLength - \
(currentLength % blockLength)
self.log("Padding Length: %s" % (str(pad_len)))
padding = ''
for iter in range(0, pad_len + 1):
padding = padding + \
struct.pack('B', pad_len)
self.HexStrDisplay("Padding", Str2HexStr(padding))
self.sslStruct['recordPlusMAC'] = \
initIV + rec1 + m + padding
self.HexStrDisplay("Final Packet", Str2HexStr(
self.sslStruct['recordPlusMAC']))
if renegotiate == 1:
enc_hs_with_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'])
encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC'])
if renegotiate == 0:
enc_hs_wo_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'] )
encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC'])
packLen = len(encryptedData)
self.sslStruct['encryptedRecordPlusMAC'] = \
tls11RecHeaderDefault + \
Pack2Bytes(packLen) + encryptedData
self.HexStrDisplay("Encrypted Packet",
Str2HexStr(self.sslStruct['encryptedRecordPlusMAC']))
self.socket.send(
self.sslStruct['encryptedRecordPlusMAC'])
但是服务器正在引发以下错误:
^{pr2}$如果有人能帮我找出问题所在那就太好了
好吧,通过了polarssl代码(看起来简单明了)
以下几点对我有用:
相关问题 更多 >
编程相关推荐