Revision history [back]
Not able to calculate the mac for client finish correctly
I am using TLS 1.2, both client and server using openssl
openssl s_client -tls1_2 -ciphersuites TLS_RSA_WITH_AES_256_CBC_SHA256 -connect 10.254.254.101:4444 -keylogfile dk-rsa.txt
openssl s_server -accept 4444 -www -tls1_2 -ciphersuites TLS_RSA_WITH_AES_256_CBC_SHA256 -key rsa-priv.pem -cert cert-rsa.pem
From my Wireshark Debug file, I am able to get the secrets
ClientMacKey
mackey='18db0fb10326e5511f278e0a88edbbfaa1280e28202875ac62ed46f4d7fab273'
Client Write Key
hexkey='ccd8389905abd3b5f3daf5349ab7e62fcdbac970c0705f770b51b9d5c2fbd59c'
I am using Encrypt then Mac extension. When I look at the encrypted client finish message, I see 80 Bytes of Cipher text
Ciphertext[80]:
| 8f 77 7c 98 ae ae 89 6c b3 40 45 d3 93 a2 01 23 |.w|....l.@E....#|
| 26 2d dd 1f f7 92 9c c5 ba 40 0b 1f 47 bb 95 3a |&[email protected]..:|
| 54 3e 0b da be 92 32 ae 54 45 90 78 a4 ec be 14 |T>....2.TE.x....|
| 5e d5 70 77 cc 59 77 bd 10 88 89 0e d3 8b 9a 35 |^.pw.Yw........5|
| a1 17 db 0b fa f2 0f 7f ff f0 d7 db c6 f1 22 26 |.............."&|
I am assuming the first 16 Bytes are IV, the next 32 Bytes are Message+Pad+Padlength and the last 32 bytes are mac. My Problem is when I try to calculate the mac , I dont get the value shown in the ciphertext: Here are my Keys from the Debug file:
Client MAC key[32]:
| 18 db 0f b1 03 26 e5 51 1f 27 8e 0a 88 ed bb fa |.....&.Q.'......|
| a1 28 0e 28 20 28 75 ac 62 ed 46 f4 d7 fa b2 73 |.(.( (u.b.F....s|
Server MAC key[32]:
| 6a 70 2f 39 af 12 53 d4 aa c6 09 b1 0d e3 65 9f |jp/9..S.......e.|
| 75 cf d0 cd cc ff 14 5d 6a 55 be 1c 5d df 86 0b |u......]jU..]...|
Client Write key[32]:
| cc d8 38 99 05 ab d3 b5 f3 da f5 34 9a b7 e6 2f |..8........4.../|
| cd ba c9 70 c0 70 5f 77 0b 51 b9 d5 c2 fb d5 9c |...p.p_w.Q......|
Server Write key[32]:
| aa c7 16 8c 9c 88 cd 0b 79 58 ce 39 80 9a de 33 |........yX.9...3|
| c5 ba b9 d2 ec 87 62 38 3a 93 e5 52 ba 6e d6 11 |......b8:..R.n..|
Client Write IV[16]:
| 14 21 f3 67 41 10 36 19 aa 64 8d fb 4e c4 90 b6 |.!.gA.6..d..N...|
Server Write IV[16]:
| b1 cb 9a e0 3e 8e 6b cd 67 08 f9 6e 32 66 49 59 |....>.k.g..n2fIY|
This is how I am checking the Hash:
#sequence='0000000000000000'
#rechdr='16 03 03'
#datalen='00 50'
#iv='8f 77 7c 98 ae ae 89 6c b3 40 45 d3 93 a2 01 23'
#echo $sequence $rechdr $datalen $iv $data | xxd -r -p | openssl dgst -sha256 -mac HMAC -macopt hexkey:$mackey
(stdin)= 32c869452c5a4da6e718ae7a6c52e74cd3317a58c422c03a8886f06018c51205
#datalen='00 10''
#datalen='00 10'
#echo $sequence $rechdr $datalen $iv $data | xxd -r -p | openssl dgst -sha256 -mac HMAC -macopt hexkey:$mackey
(stdin)= 6688d64bf4a405b82fb6b01cafc7ce27e05254076e56b9a986d5bd027a4c9169
I somehow dont get the 32 Byte Mac I see in the debug file . Where am I wrong ? Greatly appreciate any support. I am stuck for the last 3 days with this Issue. I even tried the other way and built the mac as per rfc 7366. My Decryption is fine. But the mac is not as per the wireshark debug file. Thanks Dinesh
Not able to calculate the mac for client finish correctly
I am using amusing TLS 1.2, both client and server using openssl
openssl
openssl s_client -tls1_2 -ciphersuites TLS_RSA_WITH_AES_256_CBC_SHA256 -connect 10.254.254.101:4444 -keylogfile dk-rsa.txt
openssl s_server -accept 4444 -www -tls1_2 -ciphersuites TLS_RSA_WITH_AES_256_CBC_SHA256 -key rsa-priv.pem -cert cert-rsa.pem
From my Wireshark Debug file, I am able to get the secrets
secrets
ClientMacKey
mackey='18db0fb10326e5511f278e0a88edbbfaa1280e28202875ac62ed46f4d7fab273'
mackey='18db0fb10326e5511f278e0a88edbbfaa1280e28202875ac62ed46f4d7fab273' Client Write Key
hexkey='ccd8389905abd3b5f3daf5349ab7e62fcdbac970c0705f770b51b9d5c2fbd59c'
I am using Encrypt then Mac extension. When I look at the encrypted client finish message, I see 80 Bytes of Cipher text
text
Ciphertext[80]:
| 8f 77 7c 98 ae ae 89 6c b3 40 45 d3 93 a2 01 23 |.w|....l.@E....#|
| 26 2d dd 1f f7 92 9c c5 ba 40 0b 1f 47 bb 95 3a |&[email protected]..:|
| 54 3e 0b da be 92 32 ae 54 45 90 78 a4 ec be 14 |T>....2.TE.x....|
| 5e d5 70 77 cc 59 77 bd 10 88 89 0e d3 8b 9a 35 |^.pw.Yw........5|
| a1 17 db 0b fa f2 0f 7f ff f0 d7 db c6 f1 22 26 |.............."&|
I am assuming the first 16 Bytes are IV, the next 32 Bytes are Message+Pad+Padlength and the last 32 bytes are mac. My Problem is when I try to calculate the mac , I dont get the value shown in the ciphertext:
Here are my Keys from the Debug file:
file:
Client MAC key[32]:
| 18 db 0f b1 03 26 e5 51 1f 27 8e 0a 88 ed bb fa |.....&.Q.'......|
| a1 28 0e 28 20 28 75 ac 62 ed 46 f4 d7 fa b2 73 |.(.( (u.b.F....s|
Server MAC key[32]:
| 6a 70 2f 39 af 12 53 d4 aa c6 09 b1 0d e3 65 9f |jp/9..S.......e.|
| 75 cf d0 cd cc ff 14 5d 6a 55 be 1c 5d df 86 0b |u......]jU..]...|
Client Write key[32]:
| cc d8 38 99 05 ab d3 b5 f3 da f5 34 9a b7 e6 2f |..8........4.../|
| cd ba c9 70 c0 70 5f 77 0b 51 b9 d5 c2 fb d5 9c |...p.p_w.Q......|
Server Write key[32]:
| aa c7 16 8c 9c 88 cd 0b 79 58 ce 39 80 9a de 33 |........yX.9...3|
| c5 ba b9 d2 ec 87 62 38 3a 93 e5 52 ba 6e d6 11 |......b8:..R.n..|
Client Write IV[16]:
| 14 21 f3 67 41 10 36 19 aa 64 8d fb 4e c4 90 b6 |.!.gA.6..d..N...|
Server Write IV[16]:
| b1 cb 9a e0 3e 8e 6b cd 67 08 f9 6e 32 66 49 59 |....>.k.g..n2fIY|
This is how I am checking the Hash:
#sequence='0000000000000000'
#rechdr='16 sequence='0000000000000000'
rechdr='16
03datalen='00 50'
iv='8f
77 7c 98 ae ae 89 6c b3 40 45 d3 93 a2 01echo
$sequence $rechdr $datalen $iv $data | xxd -r -p | openssl dgst -sha256 -mac HMAC -macoptdatalen='00 10''
datalen='00 10'
echo
$sequence $rechdr $datalen $iv $data | xxd -r -p | openssl dgst -sha256 -mac HMAC -macoptI somehow dont get the 32 Byte Mac I see in the debug file . Where am I wrong ? Greatly appreciate any support. I am stuck for the last 3 days with this Issue. I even tried the other way and built the mac as per rfc 7366. My Decryption is fine. But the mac is not as per the wireshark debug file. Thanks Dinesh