Cryptography Reference
In-Depth Information
0x0030: 0171 7e68
8052 0206 0040 0000 0040 0008
0x0040: 8b78 24fb 8643 724b c052 5b9d 7460 ad16
0x0050: ea68 5b82 70fe 138c 9701 8261 1ec7 055f
0x0060: 7a0b ecd9 8f25 008d 62c4 f8db 8bf5 6029
0x0070: e797 1138 8b26 3c43 d889 164d 55fd cd22
0x0080: 0001 0203 0405 0607
Again, the length of the packet is 0x0052 = 82 bytes, and the message type is
0x02 =
SSL_MT_CLIENT_MASTER_KEY
.
unsigned char cipher_kind[ 3 ]; // 060040 =
// SSL_CK_DES_64_CBC_WITH_MD5
unsigned short clear_key_len; // 0000 (no cleartext key,
// not an export cipher)
unsigned short encrypted_key_len; // 0040
unsigned short key_arg_len; // 0008 (8 bytes of IV)
unsigned char *clear_key; // (empty)
unsigned char *encrypted_key; // 8b7824fb8643724bc0525b9d7460ad16
// ea685b8270fe138c970182611ec7055f
// 7a0becd98f25008d62c4f8db8bf56029
// e79711388b263c43d889164d55fdcd22
unsigned char *key_arg; // 0001020304050607
To decrypt this, you need the private key, of course. Refer to Chapter 5 to see
how to extract it from “key.pem” if you've forgotten. You can then use the
rsa
utility developed in Chapter 3 to decrypt this and verify that it is, indeed, the
master key that was generated:
[jdavies@localhost ssl]$ ./rsa -d \
0xB8C4AB64DF20DCECB49C02ACECEA1B832742550267762E4CBE39EC3A0657E779A71\
2B9DE5048313CFDE01DFDACD12E999082E08FC3FFFFABA0816E3C54337AFF \
0x1DCD8343DB05C6FCDB490AD96FC1773C99798692C3B37956619CA030DFD30FFFF601\
CEE22444C1E32C9E89B37EB8C76AC9E49FA52C3AB463306A067C05B4B1B9 \
0x8b7824fb8643724bc0525b9d7460ad16ea685b8270fe138c970182611ec7055f7a0be\
cd98f25008d62c4f8db8bf56029e79711388b263c43d889164d55fdcd22
02 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18
19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30
31 32 33 34 35 36 00 00 01 02 03 04 05 06 07 00
0001020304050607
Recall from Listing C-19 that
0001020304050607
is, in fact, the generated
master key. At this point, the key exchange is complete, and every subsequent
packet is encrypted using the chosen cipher.
Both sides now compute symmetric encryption keys. Remember that, in
SSLv2, this is done by running the MD5 algorithm against the master key, the
counter “0”, the client's challenge, and the server's connection ID. You can see
that this works out to
Search WWH ::
Custom Search