Hi Merek,
In the following function,
md_update(&md, pad_2, 40);
Is pad_2 and pad_1 (before), of size 40 bytes. I think i
am a wrong somewhere, cos i put them as 48 bytes for md5 and 40 bytes for sha
Please let me know if i am wrong
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola <[EMAIL PROTECTED]> wrote: On Mon, 2007-12-17 at 19:39 -0800,
Suchindra Chandrahas wrote:
> Hi All,
> I am doing the following to calculate MAC
> as per SSL v3 handshake:
>
> printf("\nRESULT: Plain Record encryption:\n");
> for ( i = 0; i < rec_len; i ++)
> printf("%x ", rec[i]);
>
> total_length = rec_len + 16
> /* 16 is the size of MAC */
>
> s2n(tot_len, p);
> MD5_Init(&ctx);
> MD5_Update(&ctx,ssl->wMACptr,16);
> /* Doubtful here. wMACptr is Write MAC key of the
> client. However, i am not sure whether to use wMACkey
> or do a RC4_set_key(wMACptr...) and then use the
> result */
> MD5_Update(&ctx,pad_1_md5,48);
>
>
> /* The following sequence is only for 2 digit
> sequence number as of now
> but the total sequence number is 8 bytes
> unsigned char representation */
>
> seq[0] = (ssl->write_seq & 0xff00)>>8;
> seq[1] = ssl->write_seq & 0xff;
> MD5_Update(&ctx, seq, 8);
>
> ihash[0] = 0;
> MD5_Update(&ctx, ihash, 1);
>
>
> ihash[0] = (rec_len & 0xff00) >>8;
> ihash[1] = rec_len & 0xff;
> MD5_Update(&ctx, ihash, 2);
> MD5_Update(&ctx, rec, rec_len);
> MD5_Final(dgst,&ctx);
> //MD5_Init(&ctx);
>
> MD5_Update(&ctx,ssl->wMACptr,16);
> MD5_Update(&ctx,pad_2_md5,48);
> MD5_Update(&ctx,dgst,16);
> MD5_Final(dgst,&ctx);
>
>
> printf("\n\nRESULT: MAC Calculated:\n");
> for ( i = 0; i < 16; i ++)
> printf("%x ", dgst[i]);
>
> for ( i = 0; i < rec_len; i ++)
> *p++ = rec[i];
> for (i = 0; i < 16; i ++)
> *p++ = dgst[i];
>
> printf("\nINFO: Record Unencrypted:\n");
> for ( i = 5; i < tot_len + 5; i ++)
> printf("%x ", buf[i]);
>
> Does the calculation of MD5 (stream cipher is used in
> this case, RC4-128), require a separate RC4_set_key()
> function to be used on ssl->wMACptr (Write MAC key of
> client)?
SSL record MAC calculation is independent of negotiated stream cipher
(and stream cipher is not used in this MAC calculation)
Example code of SSL packet MAC calculation:
-------------------------------------------
/**
* Calculate SSL3 record message digest.
*
* @param ssl SSL parameters
* @param role local role
* @param proto record layer protocol
* @param buf buffer
* @param len buffer length
* @param dgst return record message digest
* @return 0
*/
int ssl3_md(ssl_t * ssl, int role, int proto, char *buf, int len, uint8_t *
dgst)
{
md_t md;
uint8_t *mac;
uint8_t *seq;
uint8_t tmp[3];
int i;
LOG_API4("ssl=[%p],proto=%d,len=%d,role=%d", ssl, proto, len, role);
if (role == SSL_SERVER) {
mac = ssl->server_mac;
seq = ssl->server_seq;
} else {
mac = ssl->client_mac;
seq = ssl->client_seq;
}
md_init(&md, ssl->md_id);
md_update(&md, mac, md.size);
md_update(&md, pad_1, 40);
md_update(&md, seq, 8);
tmp[0] = (uint8_t) (proto);
tmp[1] = (uint8_t) (len >> 8 & 0xFF);
tmp[2] = (uint8_t) (len >> 0 & 0xFF);
md_update(&md, tmp, sizeof(tmp));
md_update(&md, buf, len);
md_final(&md, dgst, NULL);
md_init(&md, ssl->md_id);
md_update(&md, mac, md.size);
md_update(&md, pad_2, 40);
md_update(&md, dgst, md.size);
md_final(&md, dgst, NULL);
/* increment packet sequence number */
for (i = 7; i >= 0; i--) {
seq[i]++;
if (seq[i] != 0) {
break;
}
}
LOG_API4("rc=%d", 0);
return (0);
}
Best regards,
--
Marek Marcola
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
---------------------------------
Never miss a thing. Make Yahoo your homepage.
