Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Not able to calculate the mac for client finish correctly

I amusing TLS 1.2, both client and server using openssl openssl s_client -tls1_2 -ciphersuites TLS_RSA_WITH_AES_256_CBC_SHA256 -connect 10.254.254.101:4444 -keylogfile dk-rsa.txt openssl s_server -accept 4444 -www -tls1_2 -ciphersuites TLS_RSA_WITH_AES_256_CBC_SHA256 -key rsa-priv.pem -cert cert-rsa.pem

From my Wireshark Debug file, I am able to get the secrets ClientMacKey mackey='18db0fb10326e5511f278e0a88edbbfaa1280e28202875ac62ed46f4d7fab273'

Client Write Key hexkey='ccd8389905abd3b5f3daf5349ab7e62fcdbac970c0705f770b51b9d5c2fbd59c'

I am using Encrypt then Mac extension. When I look at the encrypted client finish message, I see 80 Bytes of Cipher text Ciphertext[80]: | 8f 77 7c 98 ae ae 89 6c b3 40 45 d3 93 a2 01 23 |.w|....l.@E....#| | 26 2d dd 1f f7 92 9c c5 ba 40 0b 1f 47 bb 95 3a |&[email protected]..:| | 54 3e 0b da be 92 32 ae 54 45 90 78 a4 ec be 14 |T>....2.TE.x....| | 5e d5 70 77 cc 59 77 bd 10 88 89 0e d3 8b 9a 35 |^.pw.Yw........5| | a1 17 db 0b fa f2 0f 7f ff f0 d7 db c6 f1 22 26 |.............."&| I am assuming the first 16 Bytes are IV, the next 32 Bytes are Message+Pad+Padlength and the last 32 bytes are mac. My Problem is when I try to calculate the mac , I dont get the value shown in the ciphertext: Here are my Keys from the Debug file: Client MAC key[32]: | 18 db 0f b1 03 26 e5 51 1f 27 8e 0a 88 ed bb fa |.....&.Q.'......| | a1 28 0e 28 20 28 75 ac 62 ed 46 f4 d7 fa b2 73 |.(.( (u.b.F....s| Server MAC key[32]: | 6a 70 2f 39 af 12 53 d4 aa c6 09 b1 0d e3 65 9f |jp/9..S.......e.| | 75 cf d0 cd cc ff 14 5d 6a 55 be 1c 5d df 86 0b |u......]jU..]...| Client Write key[32]: | cc d8 38 99 05 ab d3 b5 f3 da f5 34 9a b7 e6 2f |..8........4.../| | cd ba c9 70 c0 70 5f 77 0b 51 b9 d5 c2 fb d5 9c |...p.p_w.Q......| Server Write key[32]: | aa c7 16 8c 9c 88 cd 0b 79 58 ce 39 80 9a de 33 |........yX.9...3| | c5 ba b9 d2 ec 87 62 38 3a 93 e5 52 ba 6e d6 11 |......b8:..R.n..| Client Write IV[16]: | 14 21 f3 67 41 10 36 19 aa 64 8d fb 4e c4 90 b6 |.!.gA.6..d..N...| Server Write IV[16]: | b1 cb 9a e0 3e 8e 6b cd 67 08 f9 6e 32 66 49 59 |....>.k.g..n2fIY|

This is how I am checking the Hash:

sequence='0000000000000000'

rechdr='16 03 03'

datalen='00 50'

iv='8f 77 7c 98 ae ae 89 6c b3 40 45 d3 93 a2 01 23'

echo $sequence $rechdr $datalen $iv $data | xxd -r -p | openssl dgst -sha256 -mac HMAC -macopt hexkey:$mackey

(stdin)= 32c869452c5a4da6e718ae7a6c52e74cd3317a58c422c03a8886f06018c51205

datalen='00 10''

datalen='00 10'

echo $sequence $rechdr $datalen $iv $data | xxd -r -p | openssl dgst -sha256 -mac HMAC -macopt hexkey:$mackey

(stdin)= 6688d64bf4a405b82fb6b01cafc7ce27e05254076e56b9a986d5bd027a4c9169

I somehow dont get the 32 Byte Mac I see in the debug file . Where am I wrong ? Greatly appreciate any support. I am stuck for the last 3 days with this Issue. I even tried the other way and built the mac as per rfc 7366. My Decryption is fine. But the mac is not as per the wireshark debug file. Thanks Dinesh

Not able to calculate the mac for client finish correctly

I amusing am using TLS 1.2, both client and server using openssl openssl

openssl s_client -tls1_2 -ciphersuites TLS_RSA_WITH_AES_256_CBC_SHA256 -connect 10.254.254.101:4444  -keylogfile dk-rsa.txt
 openssl s_server -accept 4444 -www -tls1_2 -ciphersuites TLS_RSA_WITH_AES_256_CBC_SHA256 -key rsa-priv.pem -cert cert-rsa.pem

cert-rsa.pem

From my Wireshark Debug file, I am able to get the secrets secrets

ClientMacKey
mackey='18db0fb10326e5511f278e0a88edbbfaa1280e28202875ac62ed46f4d7fab273'

mackey='18db0fb10326e5511f278e0a88edbbfaa1280e28202875ac62ed46f4d7fab273' Client Write Key hexkey='ccd8389905abd3b5f3daf5349ab7e62fcdbac970c0705f770b51b9d5c2fbd59c'

hexkey='ccd8389905abd3b5f3daf5349ab7e62fcdbac970c0705f770b51b9d5c2fbd59c'

I am using Encrypt then Mac extension. When I look at the encrypted client finish message, I see 80 Bytes of Cipher text text

Ciphertext[80]:
| 8f 77 7c 98 ae ae 89 6c b3 40 45 d3 93 a2 01 23 |.w|....l.@E....#|
| 26 2d dd 1f f7 92 9c c5 ba 40 0b 1f 47 bb 95 3a |&[email protected]..:|
| 54 3e 0b da be 92 32 ae 54 45 90 78 a4 ec be 14 |T>....2.TE.x....|
| 5e d5 70 77 cc 59 77 bd 10 88 89 0e d3 8b 9a 35 |^.pw.Yw........5|
| a1 17 db 0b fa f2 0f 7f ff f0 d7 db c6 f1 22 26 |.............."&|

I am assuming the first 16 Bytes are IV, the next 32 Bytes are Message+Pad+Padlength and the last 32 bytes are mac. My Problem is when I try to calculate the mac , I dont get the value shown in the ciphertext: Here are my Keys from the Debug file: file:

Client MAC key[32]:
| 18 db 0f b1 03 26 e5 51 1f 27 8e 0a 88 ed bb fa |.....&.Q.'......|
| a1 28 0e 28 20 28 75 ac 62 ed 46 f4 d7 fa b2 73 |.(.( (u.b.F....s|
Server MAC key[32]:
| 6a 70 2f 39 af 12 53 d4 aa c6 09 b1 0d e3 65 9f |jp/9..S.......e.|
| 75 cf d0 cd cc ff 14 5d 6a 55 be 1c 5d df 86 0b |u......]jU..]...|
Client Write key[32]:
| cc d8 38 99 05 ab d3 b5 f3 da f5 34 9a b7 e6 2f |..8........4.../|
| cd ba c9 70 c0 70 5f 77 0b 51 b9 d5 c2 fb d5 9c |...p.p_w.Q......|
Server Write key[32]:
| aa c7 16 8c 9c 88 cd 0b 79 58 ce 39 80 9a de 33 |........yX.9...3|
| c5 ba b9 d2 ec 87 62 38 3a 93 e5 52 ba 6e d6 11 |......b8:..R.n..|
Client Write IV[16]:
| 14 21 f3 67 41 10 36 19 aa 64 8d fb 4e c4 90 b6 |.!.gA.6..d..N...|
Server Write IV[16]:
| b1 cb 9a e0 3e 8e 6b cd 67 08 f9 6e 32 66 49 59 |....>.k.g..n2fIY|

|....>.k.g..n2fIY|

This is how I am checking the Hash:

sequence='0000000000000000'

rechdr='16
#sequence='0000000000000000'
#rechdr='16 03 03'

datalen='00 50'

iv='8f 03' #datalen='00 50' #iv='8f 77 7c 98 ae ae 89 6c b3 40 45 d3 93 a2 01 23'

echo 23' #echo $sequence $rechdr $datalen $iv $data | xxd -r -p | openssl dgst -sha256 -mac HMAC -macopt hexkey:$mackey

hexkey:$mackey (stdin)= 32c869452c5a4da6e718ae7a6c52e74cd3317a58c422c03a8886f06018c51205

datalen='00 10''

datalen='00 10'

echo 32c869452c5a4da6e718ae7a6c52e74cd3317a58c422c03a8886f06018c51205 #datalen='00 10'' #datalen='00 10' #echo $sequence $rechdr $datalen $iv $data | xxd -r -p | openssl dgst -sha256 -mac HMAC -macopt hexkey:$mackey

hexkey:$mackey (stdin)= 6688d64bf4a405b82fb6b01cafc7ce27e05254076e56b9a986d5bd027a4c9169

6688d64bf4a405b82fb6b01cafc7ce27e05254076e56b9a986d5bd027a4c9169

I somehow dont get the 32 Byte Mac I see in the debug file . Where am I wrong ? Greatly appreciate any support. I am stuck for the last 3 days with this Issue. I even tried the other way and built the mac as per rfc 7366. My Decryption is fine. But the mac is not as per the wireshark debug file. Thanks Dinesh