Cryptography Reference
In-Depth Information
case TLS_RSA_WITH_NULL_MD5:
case TLS_RSA_WITH_NULL_SHA:
…
case TLS_RSA_WITH_DES_CBC_SHA:
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
case TLS_RSA_WITH_AES_128_CBC_SHA:
case TLS_RSA_WITH_AES_256_CBC_SHA:
premaster_secret_len = MASTER_SECRET_LENGTH;
premaster_secret = malloc( premaster_secret_len );
key_exchange_message_len = rsa_key_exchange(
¶meters->server_public_key.rsa_public_key,
premaster_secret, &key_exchange_message );
break;
default:
return 0;
}
if ( send_handshake_message( connection, client_key_exchange,
key_exchange_message, key_exchange_message_len ) )
{
free( key_exchange_message );
return 0;
}
free( key_exchange_message );
// Now, turn the premaster secret into an actual master secret (the
// server side will do this concurrently).
compute_master_secret( premaster_secret, premaster_secret_len, parameters );
// XXX - for security, should also “purge” the premaster secret from
// memory.
calculate_keys( parameters );
free( premaster_secret );
return 1;
}
The goal of the key exchange is to exchange a premaster secret, turn it into a
master secret, and use that to calculate the keys that are used for the remainder
of the connection. As you can see,
send_client_key_exchange
starts by check-
ing if the key exchange method is RSA. If the key exchange method is RSA,
send_client_key_exchange
calls
rsa_key_exchange
to build the appropriate
handshake message.
compute_master_secret
has already been examined in
Listing 6-35, and
calculate_keys
is examined later in Listing 6-41.
This routine goes ahead and lets the
rsa_key_exchange
function select the
premaster secret. There's no reason why
send_client_key_exchange
couldn't
Search WWH ::
Custom Search