Cryptography Reference
In-Depth Information
{
*padding = ( padding_length - 1 );
}
}
header.type = content_type;
header.version.major = 3;
header.version.minor = 1;
header.length = htons( content_len
+ active_suite->hash_size + padding_length
);
4. The send buffer itself needs to be encrypted if the cipher suite calls for it
(remember that
TLS_NULL_WITH_MD5
is a legitimate cipher suite that calls for
authentication but no encryption). The encryption is shown in Listing 6-64.
Listing 6-64:
“tls.c” send_message with encryption
memcpy( send_buffer + 5, content, content_len );
if ( active_suite->bulk_encrypt )
{
unsigned char *encrypted_buffer = malloc( send_buffer_size );
// The first 5 bytes (the header) aren't encrypted
memcpy( encrypted_buffer, send_buffer, 5 );
active_suite->bulk_encrypt( send_buffer + 5, send_buffer_size - 5,
encrypted_buffer + 5, parameters->IV, parameters->key );
free( send_buffer );
send_buffer = encrypted_buffer;
}
if ( send( connection, ( void * ) send_buffer, send_buffer_size, 0 ) <
send_buffer_size )
The original send buffer is encrypted and then thrown away; the encrypted
buffer is the send buffer, which is what's transmitted over the wire. Notice that
the header itself is not encrypted; this is necessary so that the receiver knows
how many bytes to process in the current packet. Everything following the
header is encrypted, though.
Adding Support for Stream Ciphers
The encryption routine in Listing 6-64 almost works, but not quite. Recall from
the
calculate_keys
routine in Listing 6-41 that if the cipher suite called for an
initialization vector, one was computed, but otherwise,
parameters->IV
was left
as a null pointer. This is fi ne for block ciphers, but causes a failure if you try to
use this routine for the RC4 routine, which expects a
state
vector in this position.
NOTE
The
state
vector was developed in Chapter 2, in Listing 2-47.
Search WWH ::
Custom Search