HTTPS encryption process Hyper-detailed (ii)

2. Go to the Chase

The previous article describes how to set up an environment to help us analyze, today we get to the point and begin to analyze in this environment.

We use Internet Explorer to access the Test.txt file of the Web server root and grab the packet, we can catch the following 6 packets (the preceding TCP three handshake is skipped here):

The package that is decrypted with the server private key is like this:

Next we will combine these 6 packages to analyze a complete HTTPS encryption and decryption process.

1th Package

The client hello is the first step in the TLS handshake, and clients send information such as a random number, a supported cryptographic suite, a compression algorithm, and so on to the server.

2nd Package

1. Server Hello, which responds to client Hello, also contains a 32-byte random number, as well as a cryptographic suite and compression algorithm chosen by the service side.
2. Certificate, the server will send its own certificate to the client, to prove their identity, the certificate contains a public key for the subsequent key exchange use. (The client can also send a certificate to prove identity, but it is rare that we do not have a client certificate here).
3. Server Hello Done, which represents the end of the key exchange process for the service side.

3rd Package

1. Client key Exchange, which contains a pre-master key Premastersecret encrypted with the server public key, can be used to generate the key after decryption.
2. Change Cipher Spec, indicating that the handshake protocol has been completed.
3. Finished, which indicates that the handshake is over, that the message has been encrypted by a negotiated key, and that it can act as a confirmation key.

After the decryption of the finish message, where the bread contains a verify Data, is calculated using the PRF function, this function will be introduced, here we only need to know the function input parameters are: (1) Two hash value, is the previous handshake message MD5 and SHA1 ; (2) Mastersecret, generated by Premastersecret; (3) Finished_label, server finished is used by the service side, client finished is used by clients.

Next, focus on the next key generation (the decryption function in the following code uses the OpenSSL Library):

Decrypt encrypted Premastersecret

Just said Premastersecret was encrypted by the server's public key, so you need to use the server's private key decryption, directly on the code:

FILE * priv_fp = fopen("C:\\Users\\hello\\Desktop\\server.key","r");//server.key为之前生成的服务器私钥文件if (priv_fp == NULL){    printf("read key error\n");    return -1;}RSA *rsa = PEM_read_RSAPrivateKey(priv_fp, NULL, NULL, NULL);if (rsa == NULL){    printf("read key error\n");    return -1;}len = RSA_private_decrypt(128, encrypted_premaster, premaster, rsa, RSA_PKCS1_PADDING);

Can decrypt 48 bytes of Premastersecret:

Key generation

Key generation to use a very important pseudo-random function, pseudo-random fuction (PRF), the PRF function works as follows:

The function has 3 inputs, where secret is the equivalent of a key, and a label is an identifier that uses different strings in different situations, such as "Server Finished", "Master secret", and so on; seed is a seed value, such as a random number of clients and servers.

The code for this function is implemented as follows:

static int tls_prf (Data *secret,char *usage,data *rnd1,data *rnd2,data *out) {int r,_status;    Data *md5_out=0,*sha_out=0;    Data *seed;    UCHAR *ptr;    Data *s1=0,*s2=0;    int i,s_l;    if (R=r_data_alloc (&md5_out,max (out->len,16))) return-1;    if (R=r_data_alloc (&sha_out,max (out->len,20))) return-1;    if (R=r_data_alloc (&seed,strlen (usage) +rnd1->len+rnd2->len)) return-1;    ptr=seed->data; memcpy (Ptr,usage,strlen (usage));    Ptr+=strlen (usage); memcpy (Ptr,rnd1->data,rnd1->len);    ptr+=rnd1->len; memcpy (Ptr,rnd2->data,rnd2->len);        ptr+=rnd2->len;    S_L=SECRET-&GT;LEN/2 + secret->len%2;    if (R=r_data_alloc (&s1,s_l)) return-1;    if (R=r_data_alloc (&s2,s_l)) return-1;    memcpy (s1->data,secret->data,s_l);    memcpy (S2->data,secret->data + (secret->len-s_l), s_l);    if (R=tls_p_hash (S1,seed,evp_get_digestbyname ("MD5"), md5_out)) return-1; if (r=tLs_p_hash (S2,seed,evp_get_digestbyname ("SHA1"), sha_out)) return-1;    for (i=0;i<out->len;i++) out->data[i]=md5_out->data[i] ^ sha_out->data[i];    _status=0;abort:r_data_destroy (&md5_out);    R_data_destroy (&sha_out);    R_data_destroy (&seed);    R_data_destroy (&AMP;S1);    R_data_destroy (&AMP;S2); return (_status);}

PRF to use an extension function (P_hash), the schematic is as follows:

The code for this function is implemented as follows:

static int tls_P_hash(Data *secret,Data *seed,const EVP_MD *md,Data *out){    UCHAR *ptr=out->data;    int left=out->len;    int tocpy;    UCHAR *A;    UCHAR _A[20],tmp[20];    unsigned int A_l,tmp_l;    HMAC_CTX hm;    A=seed->data;    A_l=seed->len;    while(left){        HMAC_Init(&hm,secret->data,secret->len,md);        HMAC_Update(&hm,A,A_l);        HMAC_Final(&hm,_A,&A_l);        A=_A;        HMAC_Init(&hm,secret->data,secret->len,md);        HMAC_Update(&hm,A,A_l);        HMAC_Update(&hm,seed->data,seed->len);        HMAC_Final(&hm,tmp,&tmp_l);        tocpy=MIN(left,tmp_l);        memcpy(ptr,tmp,tocpy);        ptr+=tocpy;        left-=tocpy;    }    HMAC_cleanup(&hm);    return 0;}

Once the PRF function is known, it can be used for key generation (key extension), and the key generation process is fully elaborated:

The key generation code is as follows:

tls_prf(&pre_master_secret, "master secret", &random1, &random2, &master_secret);tls_prf(&master_secret, "key expansion", &random2, &random1, &key_block);for (int i=0; i<16; i++){    client_write_key[i] = key_block.data[40+i];}

For the first time, the PRF function is called, using Premastersecret, "Master Secret", and two random numbers (one of the servers and clients above) as input parameters, and output as a 48-byte master key Mastersecret:

The second call to the PRF function, Mastersecret, "key expansion" and two random numbers as input parameters, output to a Key_block, 16 bytes starting from 41 bytes is client Write key, the next 16 bytes is the server Write key, which is the RC4 key that is used by the next two communication:

4th Package

1. Change Cipher Spec, indicating that the handshake protocol has been completed.
2. Finished, which indicates that the handshake is over and that the message has been encrypted by a negotiated key.

5th, 6 pack

The next step is to transfer the application layer information, which is encrypted using the previously negotiated key (client write key, Server write key) and, for example, the decryption code as follows:

EVP_CIPHER_CTX ctx;EVP_CIPHER_CTX_init(&ctx);int rv, outl;rv = EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, client_write_key, iv);//初始向量IV为0EVP_DecryptUpdate(&ctx, out, &outl, ciphertext, ciphertextlen);

The last 20 bytes after decryption are Mac checksums, and the SHA1 algorithm is used here.

Decrypted client data:

Similarly, the decrypted service-side data:

At this point, a complete HTTPS plus decryption process is over, the process is relatively simple, but if you implement some of the details will be more headaches, give the code can take a few detours, as for more complex cryptographic suite, here is no longer introduced, the process should not be too much, interested friends can study.

Reference: http://www.360doc.com/content/16/0320/21/30136251_543905971.shtml

HTTPS encryption process Hyper-detailed (ii)