Cryptography Reference
In-Depth Information
6. With the handshake digest defi ned and updated, the client can send its
finished
message, in Listing 6-51.
Listing 6-51:
“tls.c” tls_connect with client fi nished message
if ( !( send_change_cipher_spec( connection, parameters ) ) )
{
perror( “Unable to send client change cipher spec” );
return 4;
}
// This message will be encrypted using the newly negotiated keys
if ( !( send_finished( connection, parameters ) ) )
{
perror( “Unable to send client finished” );
return 5;
}
7.
send_finished
itself is straightforward, as shown in Listing 6-52.
Listing 6-52:
“tls.c” send_fi nished
static int send_finished( int connection,
TLSParameters *parameters )
{
unsigned char verify_data[ VERIFY_DATA_LEN ];
compute_verify_data( “client finished”, parameters, verify_data );
send_handshake_message( connection, finished, verify_data, VERIFY_DATA_LEN,
parameters );
return 1;
}
8. Of course, as you can likely guess, the challenge is in the computation of
verify data
. This is shown in Listing 6-53.
Listing 6-53:
“tls.c” compute_verify_data
/**
* 7.4.9:
* verify_data = PRF( master_secret, “client finished”, MD5(handshake_messages)
* + SHA-1(handshake_messages)) [0..11]
*
* master_secret = PRF( pre_master_secret, “master secret”, ClientHello.random +
* ServerHello.random );
* always 48 bytes in length.
*/
#define VERIFY_DATA_LEN 12
static void compute_verify_data( const char *finished_label,
TLSParameters *parameters,
(Continued)
Search WWH ::
Custom Search