* help on how to use OCF for SSL v3.0 protocol's cryptographic operations
@ 2009-03-05 14:02 lakshmi prasanna
2009-03-06 0:49 ` David McCullough
0 siblings, 1 reply; 3+ messages in thread
From: lakshmi prasanna @ 2009-03-05 14:02 UTC (permalink / raw)
To: linux-crypto
Hi,
I am using OCF's ixp driver for Cryptographic operations.
TLS protocol is working fine, since it uses only a single
Authentication operation to be performed.
Since SSL v3.0 protocol needs two rounds of operations to be
performed to calculate the MAC, I am calling OCF crypto_dispatch()
twice with the relevant data.
Since I am using SHA, 40 bytes of 0x36 and 0x5c pads are used
Round 1 : HMAC(Initial seed+data)
Initial seed = Client_write_mac_secret+40 bytes of 0x36+sequence
number+application type(0x17)+data length
Round 2: HMAC(Final Seed+result of Round 1)
Final Seed = Client_write_mac_secret+40 bytes of 0x5C
The calculated MAC is different from the client generated MAC.
Can anyone help me with what data to be passed to the OCF, the seeds
to be used for SSLv3.0, and other required data.
I have gone through the SSLv3.0 draft, and surely I'm passing the
right seeds and offsets to the OCF, still the thing does not work...
May be I'm missing out something....
Please help......
thanks,
Lakshmi Prasanna
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: help on how to use OCF for SSL v3.0 protocol's cryptographic operations
2009-03-05 14:02 help on how to use OCF for SSL v3.0 protocol's cryptographic operations lakshmi prasanna
@ 2009-03-06 0:49 ` David McCullough
2009-03-06 4:39 ` lakshmi prasanna
0 siblings, 1 reply; 3+ messages in thread
From: David McCullough @ 2009-03-06 0:49 UTC (permalink / raw)
To: lakshmi prasanna; +Cc: linux-crypto, ocf-linux-users
Jivin lakshmi prasanna lays it down ...
> Hi,
>
> I am using OCF's ixp driver for Cryptographic operations.
> TLS protocol is working fine, since it uses only a single
> Authentication operation to be performed.
You probably want to move this to the ocf-linux mailing list:
http://lists.sourceforge.net/mailman/listinfo/ocf-linux-users
> Since SSL v3.0 protocol needs two rounds of operations to be
> performed to calculate the MAC, I am calling OCF crypto_dispatch()
> twice with the relevant data.
> Since I am using SHA, 40 bytes of 0x36 and 0x5c pads are used
>
> Round 1 : HMAC(Initial seed+data)
> Initial seed = Client_write_mac_secret+40 bytes of 0x36+sequence
> number+application type(0x17)+data length
>
> Round 2: HMAC(Final Seed+result of Round 1)
> Final Seed = Client_write_mac_secret+40 bytes of 0x5C
>
> The calculated MAC is different from the client generated MAC.
>
> Can anyone help me with what data to be passed to the OCF, the seeds
> to be used for SSLv3.0, and other required data.
>
> I have gone through the SSLv3.0 draft, and surely I'm passing the
> right seeds and offsets to the OCF, still the thing does not work...
> May be I'm missing out something....
> Please help......
Which OCF crypto driver are you using ? Talitos or cryptosoft or
something else ?
Cheers,
Davidm
--
David McCullough, david_mccullough@securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: help on how to use OCF for SSL v3.0 protocol's cryptographic operations
2009-03-06 0:49 ` David McCullough
@ 2009-03-06 4:39 ` lakshmi prasanna
0 siblings, 0 replies; 3+ messages in thread
From: lakshmi prasanna @ 2009-03-06 4:39 UTC (permalink / raw)
To: David McCullough; +Cc: linux-crypto, ocf-linux-users
Hi,
I am using OCF ixp4 crypto driver. The problem is present with cryptosoft also.
I guess I am passing wrong data to OCF to compute the MAC, can anyone
tell me what is the correct data that is to be passed to the driver
for SSLv3.0 protocol.
thanks,
Lakshmi Prasanna
At 06:19 AM 3/6/2009, David McCullough wrote:
>Jivin lakshmi prasanna lays it down ...
> > Hi,
> >
> > I am using OCF's ixp driver for Cryptographic operations.
> > TLS protocol is working fine, since it uses only a single
> > Authentication operation to be performed.
>
>
>You probably want to move this to the ocf-linux mailing list:
>
> http://lists.sourceforge.net/mailman/listinfo/ocf-linux-users
>
> > Since SSL v3.0 protocol needs two rounds of operations to be
> > performed to calculate the MAC, I am calling OCF crypto_dispatch()
> > twice with the relevant data.
> > Since I am using SHA, 40 bytes of 0x36 and 0x5c pads are used
> >
> > Round 1 : HMAC(Initial seed+data)
> > Initial seed = Client_write_mac_secret+40 bytes of 0x36+sequence
> > number+application type(0x17)+data length
> >
> > Round 2: HMAC(Final Seed+result of Round 1)
> > Final Seed = Client_write_mac_secret+40 bytes of 0x5C
> >
> > The calculated MAC is different from the client generated MAC.
> >
> > Can anyone help me with what data to be passed to the OCF, the seeds
> > to be used for SSLv3.0, and other required data.
> >
> > I have gone through the SSLv3.0 draft, and surely I'm passing the
> > right seeds and offsets to the OCF, still the thing does not work...
> > May be I'm missing out something....
> > Please help......
>
>Which OCF crypto driver are you using ? Talitos or cryptosoft or
>something else ?
>
>Cheers,
>Davidm
>
>--
>David McCullough, david_mccullough@securecomputing.com, Ph:+61 734352815
>McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
thanks,
Lakshmi Prasanna
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-03-06 4:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-03-05 14:02 help on how to use OCF for SSL v3.0 protocol's cryptographic operations lakshmi prasanna
2009-03-06 0:49 ` David McCullough
2009-03-06 4:39 ` lakshmi prasanna
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.