On Fri, 2004-01-02 at 18:03, Schuyler Stultz wrote: > Ole Hansen wrote: > > >I now pass the 32 bytes (after the 5 bytes Record Layer Header) to my > >decrypt function and I expected a result that at least had the handshake > >protocol header as the first 4 bytes indicating the handshake type (20) > >and length but it is not. Thats what I meant with things not making > >sense. The result seems to be just as random as the input. I know a > >hashvalue is part of the Finished message but does it not have a four > >byte header as well? Maby thats the problem. > > > > > Yes, it will have the 4 byte Handshake Header, followed by 12 bytes of > the verifyData, then the X byte HMAC, and finally, any padding (if > needed.) > > So, for an example RSA 3DES EDE CBC SHA1 connection, you would have 40 > bytes that were encrypted: > 4 bytes for the Handshake header which contains 0x14 for Finished, > then 3 bytes of length (in this case, 0x0, 0x0, 0xc since it's just the > length of the handshake's verify_data) > 12 bytes of verify_data > 20 bytes of the SHA1_HMAC > 3 bytes of padding > 1 byte of pad length > ------------------------------- > 40 bytes of encrypted data. > > >I have used EVP_Decrypt*-functions to decrypt the Finished message. They > >are part of openssl-0.9.7c. I think this should be ok but I'm not quite > >sure how to use them. Not many examples from the openssl documentation. > > > > > > Hmmmm Be sure you're initializing the decrypt process with the server's > write key, and the server's IVec. Not the same keys you used to > encrypt the client messages. And one thing I also needed to do that > wasn't immediately obvious to me was to set the > EVP_CIPHER_CTX_set_padding(&cipherCtx, 0); SSL/TLS padding is different > than standard PKCS padding, so you should handle it instead of letting > the EVP_Decrypt routines. The Pad Length byte doesn't count in the > padding. So, in the above case, I would have 3 bytes of padding (set to > 3) then the pad byte is set to 3 as well. Standard PKCS padding would > have all of the padding bytes set to 4. But, if you're doing a stream > cipher (like RC4) you won't have padding... > > (Now that I've said that, does the EVP_ routines handle SSL style padding?)
Thank you for the answer and the detailed description. It helped a lot! I finally succeeded to decrypt the Finished messages :-) I had en error in my master key generation. I'm using the EVP_Decrypt*-functions to decrypt and at least the Finished messages are ok so far. Going for the application data now :) Thanks. Ole ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
