Cryptography Reference
In-Depth Information
unsigned char handshake_hash[ ( MD5_RESULT_SIZE * sizeof( int ) ) +
( SHA1_RESULT_SIZE * sizeof( int ) ) ];
compute_handshake_hash( parameters, handshake_hash );
// First, compute the verify data
PRF( parameters->master_secret, MASTER_SECRET_LENGTH,
finished_label, strlen( finished_label ),
handshake_hash,
MD5_RESULT_SIZE * sizeof( int ) + SHA1_RESULT_SIZE * sizeof( int ),
verify_data, VERIFY_DATA_LEN );
}
Now, the same
compute_verify_data
function can be used both when send-
ing and receiving fi nished messages.
That's it, right? The key exchange is complete, and the fi nished messages have
been exchanged and verifi ed. Everything is in place except for the small matter
of actually encrypting and MAC'ing the data.
Secure Data Transfer with TLS
Conceptually, applying TLS is simple after the keys have been agreed upon.
First, the whole block of data to be sent, including the TLS message header, is
run through the MAC algorithm and the result is appended to the message.
There's a chicken-and-the-egg problem here, though. The MAC includes the
TLS header, which includes the length of the following buffer, which includes
the MAC in its length. So when MAC'ing, what length is used? The transmit-
ted length is the length of the content, plus the MAC; what's MAC'ed is just the
length of the content.
If the bulk encryption algorithm requires padding, the length also indicates
padding. Again, the MAC buffer does not refl ect the padding length. And, of
course, the whole thing — header, padding, MAC and all — are encrypted using
the bulk encryption algorithm in force before being sent.
Assigning Sequence Numbers
As a protection against replay attacks, each packet is also assigned a sequence
number. The sequence numbers start at 0 whenever a
change_cipher_spec
is
received and is incremented each time a new
TLSMessage
is sent or received.
Each side maintains a separate counter, and this counter is prepended to each
message before MAC'ing it.
Declare the sequence number as shown in Listing 6-59 and initialize it as
shown in Listing 6-60.
Search WWH ::
Custom Search