Cryptography Reference
In-Depth Information
// “client random” are the GMT unix time computed above.
memcpy( parameters->client_random, &package.random.gmt_unix_time, 4 );
memcpy( package.random.random_bytes, parameters->client_random + 4, 28 );
package.session_id_length = 0;
package.session_id = NULL;
// note that this is bytes, not count.
package.cipher_suites_length = htons( 2 );
supported_suites[ 0 ] = htons( TLS_RSA_WITH_3DES_EDE_CBC_SHA );
package.cipher_suites = supported_suites;
package.compression_methods_length = 1;
supported_compression_methods[ 0 ] = 0;
package.compression_methods = supported_compression_methods;
NOTE
Notice that the client
random
isn't entirely random — the specifi cation
actually mandates that the fi rst four bytes be the number of seconds since
January 1, 1970. Fortunately, C has a built-in time function to compute this.
The remaining 28 bytes are supposed to be random. The most important thing
here is that they be different for each connection.
The session ID is left empty, indicating that a new session is being requested
(session reuse is examined in Chapter 8). To complete the
ClientHello
structure,
the supported cipher suites and compression methods are indicated. Only one of
each is given here: For the cipher suite, it's RSA key exchange; 3DES (EDE) with
CBC for encryption; and SHA-1 for MAC. The compression method selected is
“no compression.” TLS allows the client and sender to agree to compress the
stream before encrypting.
You may be wondering, legitimately, what compression has to do with security.
Nothing, actually — however, it was added to TLS and, at the very least, both
sides have to agree not to compress. If the stream is going to be compressed,
however, it is important that compression be applied before encryption. One
property of secure ciphers is that they specifi cally not be compressible, so if you
try to compress after encrypting, it will be too late.
Describing Cipher Suites
So, what about this
TLS_RSA_WITH_3DES_EDE_CBC_SHA
value? Strictly speaking,
it's not always safe to “mix and match” encryption functions with key exchange
and MAC functions, so TLS defi nes them in triples rather than allowing the
two sides to select them à la carte. As a result, each allowed triple has a unique
identifi er:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
is 10 or 0x0A hex. Go ahead and
defi ne a
CipherSuiteIdentifier
enumeration as shown in Listing 6-10.
Listing 6-10:
“tls.h” CipherSuiteIdentifi er list
typedef enum
{
TLS_NULL_WITH_NULL_NULL = 0x0000,
Search WWH ::
Custom Search