Cryptography Reference
In-Depth Information
decrypted_length = bufsz;
}
}
Now, if there's any data left over from a previous call, as much as the caller
asked for is returned. If there's less than the caller asked for, only what's avail-
able is returned; the caller must invoke another call if it wants the next chunk
of data. This could be made more robust — and more complicated — if it went
ahead and read the next available
TLSMessage
, concatenated
that
on top of
whatever it had buffered, and tried to fi ll up the buffer the client requested. Of
course, in any case, if the caller requested less data than is available in the buf-
fer, the remaining data must be held on to.
receive_tls_message
accomplishes
this by masquerading any buffered data as
decrypted_message
; whether the
client consumes all of it or not, it ends up in the
decrypted_length <= bufsz
else-case and is rebuffered.
If you closely compared the
display_result
listing of 6-3 to the
display_result
Listing 1-7 in Chapter 1, you may have noticed one seemingly trivial difference:
The plaintext HTTP routine reads until
recv
returns 0 bytes, indicating EOF. The
secured implementation reads until
tls_recv
returns less than 0. Why?
To frustrate attackers, it's acceptable for compliant TLS implementations to
return empty packets consisting of nothing but padding. When this function
receives such a packet, it removes the padding and the MAC and reports the
returned data length as 0.
“So,” you must certainly be wondering, “if
tls_recv
can't return 0 to indicate
an EOF condition, how does TLS handle an end-of-stream?” Read on.
Implementing TLS Shutdown
SSLv2 didn't have a specifi c shutdown mechanism; when either side was done
using the connection, it just issued a regular TCP FIN packet. The problem with
this was that it's easy for a man in the middle to generate a FIN packet; it's not
encrypted or authenticated in any way. This can be used to perform truncation
attacks as detailed in Chapter 4.
As a result, TLS has a special way to indicate shutdown. The side wishing to
shut the connection down sends an alert with the
close_notify
code of 0. Because
this is a TLS message, it's subject to the standard encryption and authentication
values currently in force and is protected.
tls_shutdown
is shown in Listing 6-75.
Listing 6-75:
“tls.c” tls_shutdown
int tls_shutdown( int connection, TLSParameters *parameters )
{
send_alert_message( connection, close_notify,
Search WWH ::
Custom Search