Re: Difference in packet contents

Tue, 17 Jun 2008 06:59:45 -0700 

Hello,

[EMAIL PROTECTED] wrote on 06/17/2008 03:21:08 PM:

> Hi,
> 
> I do know for a fact that part of the Finish message is encrypted. My 
question was 
> actually if the Message type field is also part of the encrypted part? 
In which case, as
> I had pointed out earlier, there is a chance that the first byte of the 
encrypted 
> {message_type + message} can be equal to one of the Standard Message 
types hence 
> misleading the client to the type of packet that is actually being sent. 
To put it 
> another way, IMHO, it does not make sense to have a field in a packet 
whose value does 
> not give us any information of the packet itself. i.e. if the field 
contains 14 (in base
> 10), should it be interpreted as a Finish packet with encrypted data 
whose first byte 
> also happens to be 14 or a ServerHelloDone packet?

Finished packet is built with:

Protcol header:
---------------
22   - protocol (1 byte)
3    - ssl/tls wersion (2 bytes, this and next) 
0/1
len1 - data length (2 bytes, this and next)
len2

Handshake header:
-----------------
20      - type
hs_len1 - handhsake data length (3 bytes, this and next two)
hs_len2
hs_len3

Handshake data:
---------------
signed digest1  -  MD5 for RSA
signed digest2  -  SHA1 for RSA,DSA

SSL/TLS is built with layers, encryption is used ad record layer
where handshake layer and data layer are above this layer.
>From record layer point of view there is not difference between
application data and handshake packet, all is encrypted and send
to other party or decrypted and send to layer above.
There is only one sign of type of data sent: first byte
which tells what kind of data is carried by packet but this is
used to defend against reply attacks too (this byte is used in MAC 
calculation).

So, in case of Finised packet, record layer puts handshake header and 
data,
add MAC and PAD, encrypt this, encapsulate encrypted data with 5 byte
protocol header and sent to peer:

protocol_header, {handshake_header,handshake_data,MAC,PAD}
                 ^^^^^^^^^^ ENCRYPTED ^^^^^^^^^^^^^^^^^^^^
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to