我正在使用 OpenSSL,我想从会话中提取我的 HMAC 密钥和 AES 密钥,以便我可以在应用程序中使用 GPU 加速 HMAC 和 AES 加密。
之后在哪里可以拿到钥匙SSL_accept?AES 密钥是否存储在SSLHandle->enc_write_ctx->cipher_data? HMAC 密钥存储在哪里?
问问题
957 次
1 回答
0
If you have the SSL* called ssl, then look at ssl->session for the master key and ssl->s3 for the current hamc key.
ssl.h has a struct ssl_session_st, and that's the ssl->session above. The master key is stored in struct ssl_session_st.
struct ssl_session_st
{
int ssl_version; /* what ssl version session info is
* being kept in here? */
/* only really used in SSLv2 */
unsigned int key_arg_length;
unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
int master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
...
}
Some derivation goes on, and you can see it in, for example, s3_clnt.c. SSL2 uses two session keys - one in each direction (client to server; and server to client). The key is used for both privacy and integrity protection. SSLv3 and above uses 6 keys - three in each direction (client to server; and server to client). One key is used for privacy, the second is used for integrity, and the third is used as a nonce or iv.
To see what the HMAC key is, take a look at, for example, n_ssl3_mac in s3_enc.c around line 700. You will see something like:
int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
{
SSL3_RECORD *rec;
unsigned char *mac_sec,*seq;
EVP_MD_CTX md_ctx;
...
if (send)
{
rec= &(ssl->s3->wrec);
mac_sec= &(ssl->s3->write_mac_secret[0]);
seq= &(ssl->s3->write_sequence[0]);
hash=ssl->write_hash;
}
else
{
rec= &(ssl->s3->rrec);
mac_sec= &(ssl->s3->read_mac_secret[0]);
seq= &(ssl->s3->read_sequence[0]);
hash=ssl->read_hash;
}
...
TLS also uses the ssl->s3 member. For example, from t1_enc.c around line 445:
mac_secret= &(s->s3->write_mac_secret[0]);
mac_secret_size = &(s->s3->write_mac_secret_size);
You might also be able to get a good look at the data in the SSL* object with SSL_SESSION_print using a BIO or SSL_SESSION_print_fp.
于 2013-11-28T09:05:34.693 回答