Cryptography Reference
In-Depth Information
chapter does this, in fact). To handle either case, modify
tls_connect
to keep
receiving TLS messages until
server_hello_done
is set, as in Listing 6-32.
Listing 6-32:
“tls.c” tls_connect multiple handshake messages
// Step 2. Receive the server hello response (will also have gotten
// the server certificate along the way)
parameters->server_hello_done = 0;
while ( !parameters->server_hello_done )
{
if ( receive_tls_msg( connection, parameters ) < 0 )
{
perror( “Unable to receive server hello” );
return 2;
}
}
TLS Client Key Exchange
Now it's time for the client to do a key exchange, which is the most critical part
of the whole TLS handshake. You might reasonably expect that if RSA is used
as a key exchange method then the client selects a set of keys, encrypts them,
and sends them on. If DH was used as a key exchange method, both sides would
agree on
Z
and that would be used as the key. As it turns out, however, TLS
mandates a bit more complexity here; the key exchange is used to exchange
a
premaster secret
, which is expanded using a pseudo-random function into a
master secret
which is used for keying material. This procedure guards against
weaknesses in the client's key generation routines.
Sharing Secrets Using TLS PRF (Pseudo-Random Function)
In several places during the TLS negotiation, the algorithm calls for a lot of data
to be generated deterministically so that both sides agree on the same result,
based on a seed. This process is referred to as
pseudo-random
, just like the soft-
ware pseudo-random generator that's built into every C implementation. TLS
has a fairly complex pseudo-random function called the PRF that generates data
from a seed in such a way that two compliant implementations, given the same
seed data, generate the same data, but that the output is randomly distributed
and follows no observable pattern.
It should come as no surprise at this point that this pseudo-random function
is based on secure hash algorithms, which deterministically generate output
from input in a non-predictable way. TLS's PRF is actually based on the HMAC
algorithm. It takes as input three values: the
seed
, a
label
, and a
secret
. The seed
and the label are both used as input to the HMAC algorithm.
The PRF for TLS v1.0 involves both MD5 and SHA-1 (and the use of these
specifi c hash algorithms is hard-coded into the specifi cation). MD5 and SHA-1
Search WWH ::
Custom Search