SSL握手完成消息 [英] SSL handshake finish message

问题描述

伙计们

我正在编写一个使用ssl版本3的小型Web服务器.现在握手已完成，但不包括完成消息.我只是想不出结束语.我认为问题在于用于计算完成消息的握手消息.

该消息的计算如下:

Good day Guys

I''m writing a small web server which uses ssl version 3. Now the handshake is complete up to but not including the finish message. I just can''t work out the finish message. I think the problem is with the handshake messages that is used to calculate the finish message.

The message is calculated as follow:

enum { client(0x434C4E54), server(0x53525652) } Sender;
     struct {
         opaque md5_hash[16];
         opaque sha_hash[20];
     } Finished;

     md5_hash       MD5(master_secret + pad2 + MD5(handshake_messages + Sender + master_secret + pad1));
     
sha_hash        SHA(master_secret + pad2 + SHA(handshake_messages + Sender + master_secret + pad1));

handshake_messages 所有握手消息中的所有数据，但不包括此消息.这只是在握手层可见的数据，不包括记录层标题.

我不知道要使用握手消息的哪一部分.我尝试了所有可以想到的组合.但是什么都行不通.我试图从openssl代码中弄清楚它是如何工作的，但是我无法弄清一件事情.我的C ++非常生锈，对它的了解也很有限.我的编程能力中等.

请帮忙.我很绝望.

顺便说一句:该文档是有限的，真的很糟糕. < draft-freier-ssl-version3-02.txt>. Google这次没有帮助:-(..

handshake_messages All of the data from all handshake messages up to but not including this message. This is only data visible at the handshake layer and does not include record layer headers.

I don''t know which part of the handshake messages to use. I have tried every combination I can think off. But nothing works. I have tried to figure out how it works from the openssl code but I can''t make out a single thing. My C++ is very rusty and I have limited knowledge of it. My programming skill is moderate.

Please help. I''m desperate.

Btw: The documentation is limited and really bad. <draft-freier-ssl-version3-02.txt>. And Google doesn''t help this time :-(.

推荐答案

The contents of ssl document is really limited, so let me answer the question with the messages dumped from openssl.

The following binary datum come from an openssl server with ciphersuite: "TLS_RSA_EXPORT_WITH_RC4_40_MD5".

Client Hello:
1:0:0:31:3:1:A2:C7:4A:48:F7:D7:E8:68:9B:82:BF:E3:CA:FA:86:E4:C3:1D:16:9B:CB:28:8C:A3:7A:40:91:CF:71:EF:EC:13:0:0:A:0:1:0:2:0:3:0:4:0:5:1:0:

Server Hello:
2:0:0:46:3:1:4E:B3:AE:F9:A2:DD:BA:37:C7:A8:C0:A5:73:D:94:12:58:FC:2D:49:59:C9:D1:CE:F2:38:F6:32:AE:D:F4:5A:20:5F:88:D6:6C:37:27:87:D9:D3:DD:90:A9:22:F5:B2:F7:F8:D6:B4:16:F2:99:DA:EC:76:E6:E0:DD:28:8E:A8:87:0:3:0:

Certificate:
B:0:3:23:0:3:20:0:3:1D:30:82:3:19:30:82:2:82:A0:3:2:1:2:2:9:0:97:10:F:3C:D5:72:2C:7D:30:D:6:9:2A:86:48:86:F7:D:1:1:5:5:0:30:67:31:B:30:9:6:3:55:4:6:13:2:75:73:31:C:30:A:6:3:55:4:8:13:3:61:62:63:31:C:30:A:6:3:55:4:7:13:3:64:65:66:31:C:30:A:6:3:55:4:A:13:3:67:68:69:31:C:30:A:6:3:55:4:B:13:3:6A:6B:6C:31:C:30:A:6:3:55:4:3:13:3:6D:6E:6F:31:12:30:10:6:9:2A:86:48:86:F7:D:1:9:1:16:3:70:71:72:30:1E:17:D:31:31:31:30:30:36:30:36:33:38:35:38:5A:17:D:31:32:31:30:30:35:30:36:33:38:35:38:5A:30:67:31:B:30:9:6:3:55:4:6:13:2:75:73:31:C:30:A:6:3:55:4:8:13:3:61:62:63:31:C:30:A:6:3:55:4:7:13:3:64:65:66:31:C:30:A:6:3:55:4:A:13:3:67:68:69:31:C:30:A:6:3:55:4:B:13:3:6A:6B:6C:31:C:30:A:6:3:55:4:3:13:3:6D:6E:6F:31:12:30:10:6:9:2A:86:48:86:F7:D:1:9:1:16:3:70:71:72:30:81:9F:30:D:6:9:2A:86:48:86:F7:D:1:1:1:5:0:3:81:8D:0:30:81:89:2:81:81:0:C6:20:BD:1A:91:F5:79:82:B1:93:76:44:EE:3F:1B:FA:BD:DE:56:7E:A5:20:45:95:C9:6D:7C:A1:EC:5F:81:AF:8:DC:45:8A:3:F7:BE:C5:BC:4E:E2:6C:F4:2D:73:A:FC:E8:58:88:89:AE:96:9B:97:83:1:52:CA:66:9E:FF:11:21:87:41:64:9A:9A:27:AD:0:8E:A5:1D:3E:4A:46:6B:D1:7:2A:85:E4:8B:A0:35:59:63:6A:B3:55:C4:94:CD:4A:25:4:6:97:13:D8:69:9A:2C:34:32:24:AD:9D:4B:92:5F:F7:93:3F:F4:50:BF:B8:81:E:33:9C:AE:93:2:3:1:0:1:A3:81:CC:30:81:C9:30:1D:6:3:55:1D:E:4:16:4:14:B5:32:45:45:18:10:E8:64:4D:7:A8:88:50:B0:C0:7:41:7E:B0:C:30:81:99:6:3:55:1D:23:4:81:91:30:81:8E:80:14:B5:32:45:45:18:10:E8:64:4D:7:A8:88:50:B0:C0:7:41:7E:B0:C:A1:6B:A4:69:30:67:31:B:30:9:6:3:55:4:6:13:2:75:73:31:C:30:A:6:3:55:4:8:13:3:61:62:63:31:C:30:A:6:3:55:4:7:13:3:64:65:66:31:C:30:A:6:3:55:4:A:13:3:67:68:69:31:C:30:A:6:3:55:4:B:13:3:6A:6B:6C:31:C:30:A:6:3:55:4:3:13:3:6D:6E:6F:31:12:30:10:6:9:2A:86:48:86:F7:D:1:9:1:16:3:70:71:72:82:9:0:97:10:F:3C:D5:72:2C:7D:30:C:6:3:55:1D:13:4:5:30:3:1:1:FF:30:D:6:9:2A:86:48:86:F7:D:1:1:5:5:0:3:81:81:0:29:83:CD:B:F3:DC:2:38:E:8E:75:1:BF:FE:E5:20:59:D1:28:FA:A0:52:EA:C4:D9:B8:4E:E8:9A:0:33:70:C5:36:DE:A4:FD:2A:FA:93:5A:7F:3E:CC:99:63:9B:18:23:2C:B:41:EA:2D:62:E:61:48:F8:EF:C4:91:1A:2E:67:30:49:FA:14:F7:91:44:CF:D1:4F:B3:92:2C:88:65:A:5E:A0:72:A0:97:94:5E:5C:DF:25:BD:5F:75:6A:89:8A:B3:7:6D:D5:92:68:4A:2B:CC:8:95:7F:24:8A:12:C5:A0:15:3B:20:31:31:7A:8C:4B:D8:C8:3:B5:17:25:

Server Key Exchange
C:0:0:C9:0:40:B5:94:8:89:B5:E3:23:98:CC:1A:DE:1F:B8:65:AE:CB:1F:6A:98:CA:A6:98:97:45:B:CD:4C:91:7:E3:9E:AE:EC:5:29:13:B5:8A:4C:A4:CC:C6:55:8C:2E:18:D4:28:79:3:E8:C6:2C:38:3C:49:23:E9:45:EA:E6:A8:B7:35:0:3:1:0:1:0:80:4C:58:4D:BC:37:5:28:C4:50:DA:22:25:DA:A5:F8:87:A3:D5:A8:5B:83:79:4F:FC:5B:63:1A:A8:7A:28:F:F7:EB:8A:32:93:60:67:73:8E:2A:B5:93:C:95:D4:1C:71:6D:FA:21:3E:86:B0:23:25:A1:20:38:1C:BA:6:25:45:68:6D:8F:DE:D3:BC:BE:D8:93:C:2E:C8:21:44:D:B:F5:15:F5:CF:EE:65:40:44:51:B6:3D:10:5C:DA:4A:B5:84:B0:41:A9:E0:E9:A1:23:CB:74:7C:69:DB:68:6A:5F:C5:6D:E5:27:D6:AD:29:D9:5B:81:26:B7:C7:F6:60:52:

Server Hello Done
E:0:0:0:

Client Key Exchange
10:0:0:42:0:40:2:49:4B:6B:BA:A2:58:E2:3E:CF:6F:28:71:94:34:D2:1:78:90:63:91:2E:E:8F:AD:B2:24:F9:42:34:12:58:53:92:8B:34:BB:3C:84:1A:36:E5:F7:6F:8B:C8:B6:5:54:9C:E8:36:C:9:55:42:69:91:F0:72:3B:92:4E:E2:

Every time server reads or writes the message, it uses its API to update the message in the to-be-digested hash. After receiving the final message, server will call hash_Final to digest all messages to a digested hash.

这篇关于SSL握手完成消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！