Cryptography Reference
In-Depth Information
*/
static void calculate_keys( TLSParameters *parameters )
{
// XXX assuming send suite & recv suite will always be the same
CipherSuite *suite = &( suites[ parameters->pending_send_parameters.suite ] );
const char *label = “key expansion”;
int key_block_length =
suite->hash_size * 2 +
suite->key_size * 2 +
suite->IV_size * 2;
char seed[ RANDOM_LENGTH * 2 ];
unsigned char *key_block = ( unsigned char * ) malloc( key_block_length );
unsigned char *key_block_ptr;
ProtectionParameters *send_parameters = ¶meters->pending_send_parameters;
ProtectionParameters *recv_parameters = ¶meters->pending_recv_parameters;
memcpy( seed, parameters->server_random, RANDOM_LENGTH );
memcpy( seed + RANDOM_LENGTH, parameters->client_random, RANDOM_LENGTH );
PRF( parameters->master_secret, MASTER_SECRET_LENGTH,
label, strlen( label ),
seed, RANDOM_LENGTH * 2,
key_block, key_block_length );
send_parameters->MAC_secret = ( unsigned char * ) malloc( suite->hash_size );
recv_parameters->MAC_secret = ( unsigned char * ) malloc( suite->hash_size );
send_parameters->key = ( unsigned char * ) malloc( suite->key_size );
recv_parameters->key = ( unsigned char * ) malloc( suite->key_size );
send_parameters->IV = ( unsigned char * ) malloc( suite->IV_size );
recv_parameters->IV = ( unsigned char * ) malloc( suite->IV_size );
key_block_ptr = read_buffer( send_parameters->MAC_secret, key_block,
suite->hash_size );
key_block_ptr = read_buffer( recv_parameters->MAC_secret, key_block_ptr,
suite->hash_size );
key_block_ptr = read_buffer( send_parameters->key, key_block_ptr,
suite->key_size );
key_block_ptr = read_buffer( recv_parameters->key, key_block_ptr,
suite->key_size );
key_block_ptr = read_buffer( send_parameters->IV, key_block_ptr,
suite->IV_size );
key_block_ptr = read_buffer( recv_parameters->IV, key_block_ptr,
suite->IV_size );
free( key_block );
}
NOTE
One interesting point to note about this key generation routine: It
assumes that all keys are equally valid. If you recall from Chapter 2, strictly
speaking, DES requires that each byte of its keys be parity adjusted. If you
Search WWH ::
Custom Search