RE: TLS application data MAC
Hi Avinash,
Sorry for late reply, but I didn't follow the emails
on weekend.
You sent:
.
Key for HMAC_MD5 = server_auth_key
Input msg to MAC algorithm
{
seq no = 0x00 (8bytes)
Type = 0x23 (application data)
version = 0x0301
Length = 0x05
Data = 0x01 0x07 0x00 0x05 0x01
}
The only problem I see in your email is that the
'Length' field seems to be only 1 byte long, but it
should be 2 bytes long instead (see RFC);
Please let me know if this is indeed the problem. If
no, we'll dig further; you are very close.
Also I supposeed you've verified that keys calculated
by both server and client match.
Dragos.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
RE: TLS application data MAC
Hello Dragos,
I was able to solve this issue.. thanks to Niklas and Goran :)
I was using the wrong sequence number.
Once again thank you everyone for your help.
Regards,
Avinash
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of dragos liciu
Sent: Tuesday, September 21, 2004 12:11 AM
To: [EMAIL PROTECTED]
Subject: RE: TLS application data MAC
Hi Avinash,
Sorry for late reply, but I didn't follow the emails
on weekend.
You sent:
.
Key for HMAC_MD5 = server_auth_key
Input msg to MAC algorithm
{
seq no = 0x00 (8bytes)
Type = 0x23 (application data)
version = 0x0301
Length = 0x05
Data = 0x01 0x07 0x00 0x05 0x01
}
The only problem I see in your email is that the
'Length' field seems to be only 1 byte long, but it
should be 2 bytes long instead (see RFC);
Please let me know if this is indeed the problem. If
no, we'll dig further; you are very close.
Also I supposeed you've verified that keys calculated
by both server and client match.
Dragos.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com http://mail.yahoo.com
__
OpenSSL Project http://www.openssl.org
http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: TLS application data MAC
Before seq no, there should be either the client MAC or server MAC
(depending on who you are).
Avinash Agarwal wrote:
Hello dragos,
I think you are referring to the problem with decrypting/encrypting
the TLS app data...I faced the problem but i was finally successful in
decrypting/encrypting the TLS app data...
However my question pertained to generation of the MAC data to verify a
message.
say i need to send this data
0x01 0x07 0x00 0x05 0x01 in the TLS app data. To send this I also need
to create a MAC.
Assuming I'm implementing a server..I use the server_auth_key
and HMAC_MD5 as my MAC algo.
To generate the MAC I do the following
Key for HMAC_MD5 = server_auth_key
Input msg to MAC algorithm
{
seq no = 0x00 (8bytes)
Type = 0x23 (application data)
version = 0x0301
Length = 0x05
Data = 0x01 0x07 0x00 0x05 0x01
}
The MAC generated from the above does not match ..what the client generates
for verification. this is the same case when i try to
generate a MAC on the server for any msg recieved from the client.
I'm stuck in the MAC generation part.
Can someone help me out ?
Regards,
Avinash
-Original Message-
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 9/16/04 10:38 AM
Subject: RE: TLS application data MAC
Hi Arvinash,
I think you have now exactly the same kind of problem
I had when I implemented the client: the first TLS app
data message the client was sending to the server
(after FINISHED messages) couldn't be decoded
correctly by the the server; this behaviour was caused
by the fact that I was using the same iv
(initialization vector) for all the records send by
the client (I was using 3DES cipher for symmetric
encryption).
Please check this thing on your code...I have a
feeling that this might be your problem.
If this is indeed the problem, can be solved according
to the RFC's 6.2.3.2 paragraph:
...
Note: With block ciphers in CBC mode (Cipher Block
Chaining) the initialization vector (IV) for the first
record is generated with the other keys and secrets
when the security parameters are set. The IV for
subsequent records is the last ciphertext block from
the previous record.
..
So for each new app data record (after FINISHED
message) you want to encrypt/decrypt, the IV will
change (is the last ciphertext block from the previous
record).
For stream ciphers (like RC4), the trick is different:
this time there's no IV, but you have to keep cipher
context between records.
Also keep in mind this is only for TLS 1.0; TLS 1.1
(still a draft) have a different way to compute IV.
Let me know if this solves your problem.
Dragos
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: TLS application data MAC
Look at the Appendix -- Sample Code in http://www.ietf.org/rfc/rfc2104.txt Avinash Agarwal wrote: Hello all, I'm trying to figure out how to generate the MAC for application data in TLS v1. The rfc (2246) says at ยง F.2 protecting application data Outgoing data is protected with a MAC before transmission. To prevent message replay or modification attacks, the MAC is computed from the MAC secret, the sequence number, the message length, the message contents, and two fixed character strings. What are the two fixed character strings? TIA Regards, Avinash __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: TLS application data MAC
Hi Avinash, The paragraph you mentioned is little bit vague, better look at 6.2.3.1 from the same RFC; below is a fragment from 6.2.3.1 paragraph: .. The MAC is generated as: HMAC_hash(MAC_write_secret, seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length + TLSCompressed.fragment)); where + denotes concatenation. . The two fixed character strings are 'type' and 'version'; I implemented it (in C++) just as specified above and it works. Dragos. __ Do you Yahoo!? Y! Messenger - Communicate in real time. Download now. http://messenger.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: TLS application data MAC
Hello dragos, Thanks for the input. The MAC generation mentioned below works alright for MAC generation of Client/server hanshake finished messages. However for the MAC generation for the TLS app data this is not working. Any pointers on what could be wrong? Regards, Avinash -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of dragos liciu Sent: Thursday, September 16, 2004 12:07 AM To: [EMAIL PROTECTED] Subject: Re: TLS application data MAC Hi Avinash, The paragraph you mentioned is little bit vague, better look at 6.2.3.1 from the same RFC; below is a fragment from 6.2.3.1 paragraph: .. The MAC is generated as: HMAC_hash(MAC_write_secret, seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length + TLSCompressed.fragment)); where + denotes concatenation. . The two fixed character strings are 'type' and 'version'; I implemented it (in C++) just as specified above and it works. Dragos. __ Do you Yahoo!? Y! Messenger - Communicate in real time. Download now. http://messenger.yahoo.com http://messenger.yahoo.com __ OpenSSL Project http://www.openssl.org http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
