Cryptography Reference
In-Depth Information
{
const char *label = “master secret”;
PRF( premaster_secret, premaster_secret_len,
label, strlen( label ),
// Note - cheating, since client_random & server_random are defined
// sequentially in the structure
parameters->client_random, RANDOM_LENGTH * 2,
parameters->master_secret, MASTER_SECRET_LENGTH );
}
RSA Key Exchange
After the server hello done has been received, the server believes that the client
has enough information to complete the key exchange specifi ed in the selected
cipher suite. If the key exchange is RSA, this means that the client now has the
server's public key. It's the client's problem whether to trust that key or not,
based on the certifi cate chain.
The client should thus send a key exchange as shown in Listing 6-36, in
tls_connect
.
Listing 6-36:
“tls.c” tls_connect with key exchange
// Step 3. Send client key exchange, change cipher spec (7.1) and encrypted
// handshake message
if ( !( send_client_key_exchange( connection, parameters ) ) )
{
perror( “Unable to send client key exchange” );
return 3;
}
send_client_key_exchange
is slightly complex because RSA and DH key
exchanges are so different. For now, just focus on RSA in Listing 6-37.
Listing 6-37:
“tls.c” send_client_key_exchange
/**
* Send the client key exchange message, as detailed in section 7.4.7
* Use the server's public key (if it has one) to encrypt a key. (or DH?)
* Return true if this succeeded, false otherwise.
*/
static int send_client_key_exchange( int connection, TLSParameters *parameters )
{
unsigned char *key_exchange_message;
int key_exchange_message_len;
unsigned char *premaster_secret;
int premaster_secret_len;
switch ( parameters->pending_send_parameters.suite ) {
case TLS_NULL_WITH_NULL_NULL:
// XXX this is an error, exit here
break;
(Continued)
Search WWH ::
Custom Search