Any way to create a large encrypted finish message?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



One can't change the encrypted finished size unless one is using variable
padding. encrypted finished size depends on 3 parameters: protocol version,
cipher type, MAC type,

Protocol version decides if explicit IV is included in the record and
unencrypted finished message size.
For SSL3 and TLS1.0, there wouldn't be any explicit IV.
For SSL3, unencrypted finished size would be of 40 bytes (4 (handshake
header) + 16(MD5 hash)+20(SHA hash) ) and for other protocols it will be 16
bytes(4(handshake header) + 12 bytes(xor of MD5 and SHA1 hashes))

Cipher Type decides, if the data needs to be padded or not. If it is block
cipher, there would be 1 block of must padding of block length(16 for AES,
8 for DES). It also decides explicit IV length.

MAC(hash)  type decides the length of the MAC tag that will be appended to
the unencrypted data before padding.

For TLS1.2,  AES256-SHA/AES128-SHA,  encrypted finished message consists
of  16 byte explicit IV + 16 byte finished message + 20 byte hash + 16 byte
must padding. so, it will be of 68 bytes.

For DES-CBC3-SHA, it will be 8 byte explicit IV + 16 byte finished message
+ 20 byte hash + 8 byte must padding. i.e it will be 52 bytes.

Thanks,
Thulasi.

On 11 December 2014 at 04:15, Vyas Pentakota <npentako at brocade.com> wrote:

>  Hi
>
> I am working on issue involving openssl TLS 1.2 finish message decryption.
> I was wondering if anyone can tell me how I can generate ?encrypted
> handshake message? (client finish message) record larger than 64 bytes
>  only using RSA AES256-SHA/ AES128-SHA/DES-CBC3-SHA.
>
> Your suggestion is greatly appreciated.
>
> Thank you
>
> Vyas
>
>
>
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org
> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.opensslfoundation.net/pipermail/openssl-users/attachments/20141211/1ee346e7/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux