Cryptography Reference
In-Depth Information
0x0010: 7f00 0001 01bb daef 1e28 e546 1e32 646b .........(.F.2dk
0x0020: 8018 0100 fe63 0000 0101 080a 00c1 6160 .....c........a`
0x0030: 00c1 6160 1403 0100 0101 1603 0100 30c8 ..a`..........0.
0x0040: 5afc e4c0 1560 ec3b 4db9 6185 f4f4 f1b1 Z....`.;M.a.....
0x0050: bcb1 3528 c8a6 5862 f512 30e6 02d5 62a8 ..5(..Xb..0...b.
0x0060: 6e4d f925 8048 d19b 0a2d 6296 4b6c e9 nM.%.H...-b.Kl.
The fi nished message is encrypted just as the client's was, but because you
know the keys you can decrypt it:
[jdavies@localhost ssl]$ ./aes -d 0xc2a545f7a8515c42c367599cdd52cf6e \
0xd18324dbfb7645103f191455421cceca \
0xc85afce4c01560ec3b4db96185f4f4f1b1bcb13528c8a65\
862f51230e602d562a86e4df9258048d19b0a2d62964b6ce9
1400000c45c4904ac71a5948a7198e18b8618774e12b8f58f49216bcf
59a914f236b6fef0b0b0b0b0b0b0b0b0b0b0b0b
Of course, you must use the second set of keys to decrypt this properly. You
can verify the MAC as well.
Also, notice that, in this case, the verify data is 45c4904ac71a5948a7198e18 — it
does not match the verify data that the client sent. Why not? Because the cli-
ent's fi nished message is included in the computation of the verify data that
the server sends.
Exchanging Application Data
The TLS handshake is complete; it's time for the top-level protocol, in this case
HTTP, to take over. The TLS header is present, but this time, it identifi es appli-
cation data:
12:37:04.049299 IP localhost.localdomain.56047 > localhost.localdomain.https: P
185:238(53) ack 881 win 270 <nop,nop,timestamp 12673378 12673376>
0x0000: 4500 0069 0347 4000 4006 3946 7f00 0001 E..i.G@.@.9F....
0x0010: 7f00 0001 daef 01bb 1e32 646b 1e28 e581 .........2dk.(..
0x0020: 8018 010e fe5d 0000 0101 080a 00c1 6162 .....]........ab
0x0030: 00c1 6160 1703 0100 301d 6070 ca35 be42 ..a`....0.`p.5.B
0x0040: 29da cf8a 9654 391c 08a5 981a 8d15 e87a )....T9........z
0x0050: c058 437c 834d 957a d446 b9eb dd78 f392 .XC|.M.z.F...x..
0x0060: 0375 de85 e852 b6e6 c0 .u...R...
This is decrypted just like the fi nished message was. However, remember
that the initialization vector used to decrypt this packet is the last 16 bytes of
the previously sent packet:
[jdavies@localhost ssl]$ ./aes -d 0x6dbb1276d318c6551ef8245888420cf4 \
0x874f495ac78c897dcc1ee3ad37b25e8d \
0x1d6070ca35be4229dacf8a9654391c08a5981a8d15e87ac\
058437c834d957ad446b9ebdd78f3920375de85e852b6e6c0
474554202f696e6465782e68746d6c20485454502f312e310d0a200e496b9e2dadcf20bb5c9
2c4047baf348b1f7b0101
Search WWH ::




Custom Search