Hello, [EMAIL PROTECTED] wrote on 06/17/2008 03:21:08 PM:
> Hi, > > I do know for a fact that part of the Finish message is encrypted. My question was > actually if the Message type field is also part of the encrypted part? In which case, as > I had pointed out earlier, there is a chance that the first byte of the encrypted > {message_type + message} can be equal to one of the Standard Message types hence > misleading the client to the type of packet that is actually being sent. To put it > another way, IMHO, it does not make sense to have a field in a packet whose value does > not give us any information of the packet itself. i.e. if the field contains 14 (in base > 10), should it be interpreted as a Finish packet with encrypted data whose first byte > also happens to be 14 or a ServerHelloDone packet? Finished packet is built with: Protcol header: --------------- 22 - protocol (1 byte) 3 - ssl/tls wersion (2 bytes, this and next) 0/1 len1 - data length (2 bytes, this and next) len2 Handshake header: ----------------- 20 - type hs_len1 - handhsake data length (3 bytes, this and next two) hs_len2 hs_len3 Handshake data: --------------- signed digest1 - MD5 for RSA signed digest2 - SHA1 for RSA,DSA SSL/TLS is built with layers, encryption is used ad record layer where handshake layer and data layer are above this layer. >From record layer point of view there is not difference between application data and handshake packet, all is encrypted and send to other party or decrypted and send to layer above. There is only one sign of type of data sent: first byte which tells what kind of data is carried by packet but this is used to defend against reply attacks too (this byte is used in MAC calculation). So, in case of Finised packet, record layer puts handshake header and data, add MAC and PAD, encrypt this, encapsulate encrypted data with 5 byte protocol header and sent to peer: protocol_header, {handshake_header,handshake_data,MAC,PAD} ^^^^^^^^^^ ENCRYPTED ^^^^^^^^^^^^^^^^^^^^ Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]