Cryptography Reference
In-Depth Information
The client is responsible for sending the
client hello
that gets the ball rolling and
informs the server, at a minimum, what version of the protocol it understands
and what
cipher suites
(cryptography, key exchange, and authentication triples)
it is capable of working with. It also transmits a unique random number, which
is important to guard against replay attacks and is examined in depth later.
The server selects a cipher suite, generates its own random number, and assigns
a session ID to the TLS connection; each connection gets a unique session ID.
The server also sends enough information to complete a key exchange. Most
often, this means sending a certifi cate including an RSA public key.
The client is then responsible for completing the key exchange using the
information the server provided. At this point, the connection is secured, both
sides have agreed on an encryption algorithm, a MAC algorithm, and respec-
tive keys. Of course, the whole process is quite a bit more complex than this,
but you may want to keep this high-level overview in mind as you read the
remainder of this chapter.
TLS Client Hello
Every step in the TLS handshake is responsible for updating some aspect of
the
TLSParameters
structure. As you can probably guess, the most important
values are the MAC secret, the symmetric encryption key, and, if applicable, the
initialization vector. These are defi ned in the
ProtectionParameters
structure
shown in Listing 6-4.
Listing 6-4:
“tls.h” ProtectionParameters
typedef struct
{
unsigned char *MAC_secret;
unsigned char *key;
unsigned char *IV;
...
}
ProtectionParameters;
Tracking the Handshake State in the TLSParameters Structure
TLS actually allows a different MAC secret, key, and IV to be established for the
sender and the receiver. Therefore, the
TLSParameters
structure keeps track of
two sets of
ProtectionParameters
as shown in Listing 6-5.
Listing 6-5:
“tls.h” TLSParameters
#define TLS_VERSION_MAJOR 3
#define TLS_VERSION_MINOR 1
Search WWH ::
Custom Search