英文:
Pre-master secret mistmatched when implementing Diffie-Hellman key exchange
问题
我正在尝试将DHE_DSS实现到Go的crypto/tls包中。不幸的是,我似乎无法获得相同的PreMasterSecret(Z),我的基本工作流程是:
接收服务器密钥交换消息
- 提取P、G、Ys
- 使用提供的数字签名进行验证
准备客户端密钥交换消息
- 创建客户端的Xc
- 生成Yc(Yc = G^Xc % P)
- 生成Z(Z = Ys^Xc % P)
- 发送回Yc,打包如下:
<!-- -->
ckx := make([]byte, len(yC)+2)
ckx[0] = byte(len(Yc)>>8)
ckx[1] = byte(len(Yc))
copy(ckx[2:], yBytes)
然而,当我使用gnutls-serv进行调试时,两个PreMasterSecrets(Z)是不同的。我需要对返回的Yc进行签名,或者以其他方式打包它吗?我在RFC 5246中没有看到任何建议这样做的内容。
<-- 编辑 -->
这是我更改的补丁:
英文:
I am trying to implement DHE_DSS into go's crypto/tls package. Unfortunately I can not seem to get the PreMasterSecret (Z) to be the same, my basic workflow is:
Receive Server Key Exchange Message
- Extract P, G, Ys
- Verify using the digital signature provided
Prepare Client Key Exchange Message
- Create client's Xc
- Generate Yc (Yc = G^Xc % P)
- Generate Z (Z = Ys^Xc % P)
- Send back Yc, packed like so:
<!-- -->
ckx := make([]byte, len(yC)+2)
ckx[0] = byte(len(Yc)>>8)
ckx[1] = byte(len(Yc))
copy(ckx[2:], yBytes)
However, when I am debugging this with gnutls-serv the two PreMasterSecrets (Z) are different. Do I need to sign the returned Yc, or perhaps pack it in another way? I can not see anything in RFC 5246 to suggest this.
<-- EDIT -->
Here is a patch of my changes:
答案1
得分: 1
客户端密钥交换将包含:
长度(2个字节)--> Y_C(明文)
我已经在Java中实现了TLS,并且遵循相同的结构,对我来说运行良好。
> 我需要对返回的Yc进行签名吗?
不需要 对客户端DH公共值进行签名,它是以明文传输的。
您可以获取一个pcap文件并检查是否在数据包中传输了相同的值。另外,如果GNU TLS有用于打印接收到的Y_C
的记录器,那么您可以检查是否接收到了正确的数据。
如果您仍然得到不同的Pre-Master密钥,则可能存在生成密钥的逻辑问题。
英文:
Client key exchange will contain:
length (2 bytes) --> Y_C (in plain text)
I have implemented TLS in Java and I follow the same structure and works fine for me.
> Do I need to sign the returned Yc?
No there is no need to sign the client DH public value, it is transferred in plain text.
You can take a pcap and check whether same values are being transferred in the packet. Also if GNU TLS has logger for printing the Y_C
received, then you can check if proper data is being received.
If in case you still getting different Pre-Master secret then there seems to be some issue with the logic of generation of secret.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论