0
Generating the master secret/key I followed the steps outlined in my shell script. I validated that I am passing data correctly to it by manually entering these steps several times (entering $key manually) and ultimately I arrive at the same outcome/data in this case
key = decrypted pre master key from previous step
03033ab0d673caefc4a9f6d35cf51d349815d67a09ac454f11dfb9741c96001a
66a3e82f688b82138403018384cf35f2
mseed.key = "master secret" + client.random + server.random The file is a binary file when I use that the hexdump xxd -p mseed.key so you can see the data:
6d617374657220736563726574 5b689404b500456eef2f1a79ec782eb3ee
aac3a8d7c02ae03c8426f363b18a33 5b6894043bb1289e158b0278ef66dc
53c9fa71e75e900739af2657cd4476ec1e
Note: the spaces are not in the data I added those manually to make it clear
client.random xxd -p crnd.bin
5b689404b500456eef2f1a79ec782eb3eeaac3a8d7c02ae03c8426f363b1
8a33
server.random xxd - srnd.bin
5b6894043bb1289e158b0278ef66dc53c9fa71e75e900739af2657cd4476
ec1e
just so I am clear those randoms also include the unix time prefixed (correct?)
key=${1} #passed to shell script
openssl dgst -sha256 -mac hmac -macopt hexkey:$key <mseed.key -binary >a1
openssl dgst -sha256 -mac hmac -macopt hexkey:$key <a1 -binary >a2
openssl dgst -sha256 -mac hmac -macopt hexkey:$key <a2 -binary >a3
openssl dgst -sha256 -mac hmac -macopt hexkey:$key <a3 -binary >a4
The next step is:
cat a1 mseed.key | openssl dgst -sha256 -mac hmac -macopt hexkey:$key -binary >k1
cat a2 mseed.key | openssl dgst -sha256 -mac hmac -macopt hexkey:$key -binary >k2
cat a3 mseed.key | openssl dgst -sha256 -mac hmac -macopt hexkey:$key -binary >k3
cat a4 mseed.key | openssl dgst -sha256 -mac hmac -macopt hexkey:$key -binary >k4
Follwed by extracting the master secret
cat k1 k2 | head -c48 | xxd -p -c48 > master_secret.hex
truncate -s-1 master_secret.hex
master_secret at this point
$cat master_secret.hex
ee45b637f95ddf3b3bf51661cdf4e07bdd63a67f2d2df776322992b3fd871fe4ba38debcd7179bf4
ef8b8bb814fe4544d
From my wireshark log I extracted the client random during the conversation and saved it as the binary file crnd.bin
Random: 5b689404b500456eef2f1a79ec782eb3eeaac3a8d7c02ae0...
GMT Unix Time: Aug 6, 2018 14:31:32.000000000 Eastern Daylight Time
Random Bytes: b500456eef2f1a79ec782eb3eeaac3a8d7c02ae03c8426f3...
Subsequently I capture the server time and random bytes and save it as srnd.bin
Random: 5b6894043bb1289e158b0278ef66dc53c9fa71e75e900739...
GMT Unix Time: Aug 6, 2018 14:31:32.000000000 Eastern Daylight Time
Random Bytes: 3bb1289e158b0278ef66dc53c9fa71e75e900739af2657cd...
Dave, At this point I am stumped what I could be missing. I don't think I am missing something like a null in a variable or anything I've meticulously gone over the data and steps and don't see what I could be missing. Do you spot anything with these steps? Thanks
David B
Posted 2018-08-09T15:11:13.133
Reputation: 41
Your
cat master_secret.hexshows a stray characterdon the end; that makes it 97 hexits (48 and a half bytes), and the correct-length value I compute ends after4544. But the commands you show shouldn't have caused this; I would wonder if this is actually an artifact of displaying a file with no newline in your environment (shell? terminal?). BTW if you're going to use this value with shell command substitution$(cat master)(or the older equivalent with backticks) you don't need to remove the newline yourself; that automatically removes trailing newlines. – dave_thompson_085 – 2018-08-10T04:19:58.613Shoot master_secret.hex does not have that d sorry about that. ee45b637f95ddf3b3bf51661cdf4e07bdd63a67f2d2df776322992b3fd871fe4ba38debcd7179bf4 ef8b8bb814fe4544d I accidently cut to much the "d" is actually part of my prompt – David B – 2018-08-10T10:34:32.587
Given that the "d" problem you noted is not actually in my data I posted the last of my steps and the subsequent data I am using here (I'm still waiting on my system admin to help set up the connection using openssl and the logs)
– David B – 2018-08-10T11:30:26.180