当我按照RFC5246给出的公式计算客户端finish消息的mac时,与正确的值不一致,而且现在的mac好像是明文拼接到报文后面的
MAC(MAC_write_key, seq_num +
TLSCompressed.type +
TLSCompressed.version +
TLSCompressed.length +
TLSCompressed.fragment);
这里是wireshark抓包日志,其中有finished消息明文数据以及client_write_mac_key,但是计算不出正确的值,想请教各位专家,是哪里出了问题呀
Client MAC key[32]:
| be c2 87 5e 1b fa 69 9e a8 61 3b ce 3d eb af d7 |...^..i..a;.=...|
| 0a f6 89 1b 2b 0e 3f a7 a0 ea 67 2e 0b 83 82 14 |....+.?...g.....|
Server MAC key[32]:
| 6c c7 27 ec 07 7e cd 89 c0 86 ea 8b 29 7f 57 16 |l.'..~......).W.|
| 89 4f 42 e8 2c 10 eb 23 23 bf 01 7a 41 e4 2a 91 |.OB.,..##..zA.*.|
Client Write key[16]:
| 79 07 b9 22 ff dc 62 62 e4 39 06 2c 23 5e 32 ce |y.."..bb.9.,#^2.|
Server Write key[16]:
| f9 13 8f 4c 8c 04 3e b2 89 34 37 ba 00 c1 8c e7 |...L..>..47.....|
Client Write IV[16]:
| eb 95 f2 99 9a e5 78 a8 60 ef a4 81 d5 75 97 b6 |......x.`....u..|
Server Write IV[16]:
| 1d 8c b5 4e 7b fc 62 27 33 62 51 1b f5 df 13 63 |...N{.b'3bQ....c|
ssl_decrypt_record ciphertext len 80
Ciphertext[80]:
| 45 d0 b2 af 1e 10 06 c1 13 a2 b0 1b 19 e4 be a5 |E...............|
| 28 cf 73 d3 9a 62 81 65 71 10 2a b9 97 5b d2 df |(.s..b.eq.*..[..|
| 63 86 6c e3 e5 3f e6 24 97 2a 1d cc e1 9a 6b bb |c.l..?.$.*....k.|
| 1c 09 6e 76 c0 8b 51 fd 78 32 3f 5e f2 dd e0 c2 |..nv..Q.x2?^....|
| 5e a3 b7 5a 84 50 79 7e a5 a4 0d ae 7f cc cf f1 |^..Z.Py~........|
ssl_decrypt_record: allocating 112 bytes for decrypt data (old len 32)
Plaintext[32]:
| 14 00 00 0c 44 c2 59 5a 0c 91 06 27 4c f0 f8 74 |....D.YZ...'L..t|
| 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f |................|
ssl_decrypt_record found padding 15 final len 16
checking mac (len 16, version 303, ct 22 seq 0)
tls_check_mac mac type:SHA256 md 8
Mac[32]:
| 1c 09 6e 76 c0 8b 51 fd 78 32 3f 5e f2 dd e0 c2 |..nv..Q.x2?^....|
| 5e a3 b7 5a 84 50 79 7e a5 a4 0d ae 7f cc cf f1 |^..Z.Py~........|
ssl_decrypt_record: mac ok
以下是我的代码:
int MAC_SHA256(unsigned char *data, unsigned char *key, unsigned char *out, int data_len){
const EVP_MD *md = EVP_sha256();
unsigned int len = 0;
HMAC(md, key, 32, data, data_len, out, &len);
int i;
for(i = 0; i < len; i++){
printf("%02X", out[i]);
}
printf("\n");
return 1;
}
int main(){
unsigned char key[] = {
0xbe, 0xc2, 0x87, 0x5e, 0x1b, 0xfa, 0x69, 0x9e,
0xa8, 0x61, 0x3b, 0xce, 0x3d, 0xeb, 0xaf, 0xd7,
0x0a, 0xf6, 0x89, 0x1b, 0x2b, 0x0e, 0x3f, 0xa7,
0xa0, 0xea, 0x67, 0x2e, 0x0b, 0x83, 0x82, 0x14
};
unsigned char data[] =
"\x00\x00\x00\x00\x00\x00\x00\x00\x16\x03\x03\x00\x10"
"\x14\x00\x00\x0c\x44\xc2\x59\x5a\x0c\x91\x06\x27\x4c\xf0\xf8\x74";
unsigned char out[32];
MAC_SHA256(data, key, out, 29);
}
输出为290816B11AF5F613E44FE3DE1FF7C84DB63E212662EBAD485EC578135C242EB8,与原文不一致
一开始我以为原mac是加密的,对mac解密后为6AC5DF7209F6FD37ABCF2587CB55A6723A780E1540189C9A43058C3888F7FC73还是不一致