A Usable, Secure Communications Protocol: Client-Side TLS - Implementing SSL/TLS Using Cryptography and PKI

Cryptography Reference

In-Depth Information

rc4_40_decrypt, new_md5_digest },

{ TLS_RSA_WITH_RC4_128_MD5, 0, 0, 16, MD5_BYTE_SIZE, rc4_128_encrypt,

rc4_128_decrypt, new_md5_digest },

{ TLS_RSA_WITH_RC4_128_SHA, 0, 0, 16, SHA1_BYTE_SIZE, rc4_128_encrypt,

rc4_128_decrypt, new_sha1_digest },

{ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, 0, 0, 0, MD5_BYTE_SIZE, NULL, NULL,

new_md5_digest },

{ TLS_RSA_WITH_IDEA_CBC_SHA, 0, 0, 0, SHA1_BYTE_SIZE, NULL, NULL,

new_sha1_digest },

{ TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, 0, 0, 0, SHA1_BYTE_SIZE, NULL, NULL,

new_sha1_digest },

{ TLS_RSA_WITH_DES_CBC_SHA, 8, 8, 8, SHA1_BYTE_SIZE, des_encrypt, des_decrypt,

new_sha1_digest },

{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, 8, 8, 24, SHA1_BYTE_SIZE, des3_encrypt,

des3_decrypt, new_sha1_digest },

…

Because these instances are referred to by position, you have to list each one,

even if it's not supported. Notice, for example, that TLS_RSA_WITH_IDEA_CBC_

SHA is declared, but left empty. It is never used by this implementation, but by

allocating space for it, the rest of the code is allowed to refer to elements in the

CipherSuite structure by just referencing the suites array.

If you wanted to create a key for a 3DES cipher suite, for example, you could

invoke

suites[ TLS_RSA_WITH_3DES_EDE_CBC_SHA ].key_size

In fact, because the CipherSuiteIdentifier was added to ProtectionParameters ,

the key computation code can just invoke

suites[ parameters->suite ].key_size

when it needs to know how much keying material to retrieve from the master

secret.

Now, recall that MASTER_SECRET_LENGTH is 48 bytes, regardless of cipher suite.

If the selected cipher suite is AES 256, CBC, with SHA-1, you need 136 bytes of

keying material — 32 bytes each for the client and server keys, 16 bytes each for

the initialization vectors, and 20 bytes each for the MAC secrets. Therefore, the

master secret itself must be expanded. As you can probably guess, this is done

via the PRF; the only difference between the use of the PRF in key calculation

and the use of the PRF in master secret expansion is that the label passed in is

“key expansion” rather than “master secret” .

The key calculation routine is shown in Listing 6-41.

Listing 6-41: “tls.c” calculate_keys

/**

6.3: Compute a key block, including MAC secrets, keys, and IVs for client & server.

Notice that the seed is server random followed by client random (whereas for master

secret computation, it's client random followed by server random). Sheesh!

(Continued)

Implementing SSL/TLS Using Cryptography and PKI

Search WWH ::

Custom Search

Home