Cryptography Reference
In-Depth Information
Recall that every packet is prefi xed with a 16-byte MD5 hash of the key, the
data, the padding, and a sequence number (which starts at 1). You can verify
the hash:
[jdavies@localhost ssl]$ ./digest -md5 \
0x14f258c2fe6bf2910500010203040506070809\
0a0b0c0d0e0f0000000000000000000001
490d1f61abaf26ace8326dbaa79b5f28
Read Key
14f258c2fe6bf291
Payload
05000102030405060708090a0b0c0d0e0f
Padding
00000000000000
Sequence Number
00000001
Because the MAC matches, the packet is accepted. The rest is a
server_
verify
packet (type 0x05), which consists of the challenge echoed back to the
client. The client sends its
ClientFinished
message, which consists of
the
connection_ID
. The
connection_ID
can be decrypted similarly, using the
write key instead of the read key:
15:57:38.916839 IP localhost.localdomain.50704 >
localhost.localdomain.pcsync-https: P 121:164(43)
ack 936 win 271 <nop,nop,timestamp 24215214 24215213>
0x0000: 4500 005f 001e 4000 4006 3c79 7f00 0001
0x0010: 7f00 0001 c610 20fb 9b92 7ef7 9bb0 f5a0
0x0020: 8018 010f fe53 0000 0101 080a 0171 7eae
0x0030: 0171 7ead
0028 0772 7318 5138 ed06 b8d1
0x0040: d324 e85d 9ac6 7342 41d0 d104 3f24 ac88
0x0050: 6e3f e2d0 ae7f f45c b4cd f646 399c 5e
[jdavies@localhost ssl]$ ./des -d 0xb84ce9aeebc6d4d8 \
0x0001020304050607 \
0x7273185138ed06b8d1d324e85d9ac6734241d0d1043f24ac88\
6e3fe2d0ae7ff45cb4cdf646399c5e8b44c2a7fef149494ed138\
76c15ce73303b73b8d2a4c35192bf6ffe87b0137877200000000000000
[jdavies@localhost ssl]$ ./digest -md5 \
0xb84ce9aeebc6d4d803b73b8d2a4c35192bf6ffe87b01378772\
0000000000000000000002
8b44c2a7fef149494ed13876c15ce733
Notice that, when verifying the MAC, this is message #2 — the fi rst (#0) was
the client hello, and the second was the client master key message. You can
verify that the payload consists of the
SSL_MT_CLIENT_FINISHED
byte (0x03)
and the
connection_ID
received from the server, refl ected back. If you send
the wrong
connection_ID
, or if it fails to decrypt properly, the server will just
close the connection.
Search WWH ::
Custom Search