Cryptography Reference
In-Depth Information
free( send_buffer );
return 0;
}
If the current active protection parameters include a digest, a MAC buffer
is built as described above, MAC'ed, and thrown away; after the MAC
itself has been computed, the MAC buffer is immaterial to the remainder
of the function.
2. Check to see if the active cipher suite has a block size (that is, is not a
stream cipher). If so, add any required padding, as shown in Listing 6-62.
Listing 6-62:
“tls.c” send_message with padding support
unsigned char padding_length = 0;
…
send_buffer_size = content_len + active_suite->hash_size;
if ( active_suite->block_size )
{
padding_length = active_suite->block_size -
( send_buffer_size % active_suite->block_size );
send_buffer_size += padding_length;
}
// Add space for the header, but only after computing padding
send_buffer_size +=5;
3. Build the actual send buffer. Recall Listing 6-15 where
send_message
was
initially defi ned; the send buffer was simply the TLS header followed by
the contents, verbatim. Now, it's the TLS header, followed by the contents,
followed by any required padding, followed by the MAC. The updated
send buffer is shown in Listing 6-63.
Listing 6-63:
“tls.c” send buffer
send_buffer = ( unsigned char * ) malloc( send_buffer_size );
if ( mac )
{
memcpy( send_buffer + content_len + 5, mac, active_suite->hash_size );
free( mac );
}
if ( padding_length > 0 )
{
unsigned char *padding;
for ( padding = send_buffer + send_buffer_size - 1;
padding > ( send_buffer + ( send_buffer_size - padding_length - 1 ) );
padding-- )
(Continued)
Search WWH ::
Custom Search