Home/ Questions/Q 7887315
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T05:32:53+00:00

I am trying to calculate MAC for TLS v 1.1 Client Finished packet using

  • 0

I am trying to calculate MAC for TLS v 1.1 Client Finished packet using CBC as per the details given in section 6.2.3.2 here!

The following is the function I have written:

def SendSSLPacket(self, hsMsg, seq, renegotiate):
        rec = hsMsg
        recLen = len(rec)
        rec_len_packed = pack('>H', recLen)

                    #
                    # The following initIV is just for testing
                    # Will be replaced by random number later
                    #
        initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"

        rec1 = ""
        for index in range(0, len(rec)):
            rec1 = rec1 + chr(ord(rec[index]) ^ ord(initIV[index]))

        self.seqNum = pack('>Q', seq)

        m = hmac.new(initIV, 
            digestmod=sha1)
        m.update(self.seqNum)
        m.update("\x16")
        m.update("\x03")
        m.update("\x02")
        m.update(rec_len_packed)
        m.update(rec)
        m = m.digest()

        self.HexStrDisplay("Final MAC", Str2HexStr(m))

        currentLength = len(rec + m) + 1
        blockLength = 16
        pad_len = blockLength - \
            (currentLength % blockLength)

        self.log("Padding Length: %s" % (str(pad_len)))

        padding = ''
        for iter in range(0, pad_len + 1):
            padding = padding + \
            struct.pack('B', pad_len)

        self.HexStrDisplay("Padding", Str2HexStr(padding))

        self.sslStruct['recordPlusMAC'] = \
            initIV + rec1 + m + padding
        self.HexStrDisplay("Final Packet", Str2HexStr(
            self.sslStruct['recordPlusMAC']))

        if renegotiate == 1:
            enc_hs_with_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'])
            encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC'])


        if renegotiate == 0:
            enc_hs_wo_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wKeyPtr'] )
            encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC'])



        packLen = len(encryptedData)

        self.sslStruct['encryptedRecordPlusMAC'] = \
            tls11RecHeaderDefault + \
            Pack2Bytes(packLen) + encryptedData
        self.HexStrDisplay("Encrypted Packet",
            Str2HexStr(self.sslStruct['encryptedRecordPlusMAC']))

        self.socket.send(
            self.sslStruct['encryptedRecordPlusMAC'])

The server is throwing the following error though:

3079400200:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:496:

It would be great if someone could help me out in finding out what went wrong

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well, went through the polarssl code (looks simple and clear)

    The following worked for me:

    def SendSSLPacket(self, hsMsg, seq, renegotiate):
        rec = hsMsg
        recLen = len(rec)
        rec_len_packed = pack('>H', recLen)

        self.seqNum = pack('>Q', seq)

        #
        # The following initIV is just for testing
        # Will be replaced by random number later
        #
        initIV = "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"


        m = hmac.new(self.sslStruct['wMacPtr'], 
            digestmod=sha1)
        m.update(self.seqNum)
        m.update("\x16")
        m.update("\x03")
        m.update("\x02")
        m.update(rec_len_packed)
        m.update(rec)
        m = m.digest()


        self.HexStrDisplay("Final MAC", Str2HexStr(m))

        currentLength = len(rec + m) + 1
        blockLength = 16
        pad_len = blockLength - \
            (currentLength % blockLength)

        if pad_len == blockLength:
            pad_len = 0

        self.log("Padding Length: %s" % (str(pad_len)))

        padding = ''
        for iter in range(0, pad_len + 1):
            padding = padding + \
            struct.pack('B', pad_len)

        self.HexStrDisplay("Padding", Str2HexStr(padding))

        self.sslStruct['recordPlusMAC'] = \
            initIV + rec + m + padding
        self.HexStrDisplay("Final Packet", Str2HexStr(
            self.sslStruct['recordPlusMAC']))

        if renegotiate == 1:
            enc_hs_with_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr'])
            encryptedData = enc_hs_with_reneg.encrypt(self.sslStruct['recordPlusMAC'])

        if renegotiate == 0:
            enc_hs_wo_reneg = AES.new( self.sslStruct['wKeyPtr'], AES.MODE_CBC, self.sslStruct['wIVPtr'] )
            encryptedData = enc_hs_wo_reneg.encrypt(self.sslStruct['recordPlusMAC'])


        packLen = len(encryptedData)

        self.sslStruct['encryptedRecordPlusMAC'] = \
            tls11RecHeaderDefault + \
            Pack2Bytes(packLen) + encryptedData
        self.HexStrDisplay("Encrypted Packet",
            Str2HexStr(self.sslStruct['encryptedRecordPlusMAC']))

        self.socket.send(
            self.sslStruct['encryptedRecordPlusMAC'])
    • 0