Cryptography Reference
In-Depth Information
TLS Client Key Exchange
If you look back at Listing 7-4, you see that after the server sends the hello done
message, it waits for the client to respond with a key exchange message. This
should contain either an RSA-encrypted premaster secret or the last half of a
Diffi e-Hellman handshake, depending on the key exchange method chosen. In
general, the server certifi cate is expected to have contained enough information
for the client to do so. (You see in the next chapter what happens if this is not
the case.)
So add the
client_key_exchange
message to
receive_tls_message
in Listing 7-13.
Listing 7-13:
“tls.c” receive_tls_msg with client_key_exchange
static int receive_tls_msg( int connection,
char *buffer,
int bufsz,
TLSParameters *parameters )
{
…
switch ( handshake.msg_type )
{
…
case client_key_exchange:
read_pos = parse_client_key_exchange( read_pos, handshake.length,
parameters );
if ( read_pos == NULL )
{
send_alert_message( connection, illegal_parameter,
¶meters->active_send_parameters );
return -1;
}
break;
parse_client_key_exchange
reads the premaster secret, expands it into a
master secret and then into key material, and updates the pending cipher spec.
Remember that the pending cipher spec cannot be made active until a change
cipher spec message is received.
TLS 1.0 supports two different key exchange methods: RSA and Diffi e-Hellman.
To process an RSA client key exchange, the server must use the private key to
decrypt the premaster secret that the client encrypts and sends. To process
a DH client key exchange, the server must compute z = Yc
a
%p; Yc will have
been sent in the client key exchange message. However, the server must
have sent
g
,
p
, and Ys = g
a
%p in the fi rst place. Although there's a provision in the
X.509 specifi cation to allow the server to send this information in the certifi cate
itself, I'm not aware of any software that generates a Diffi e-Hellman certifi -
cate. In fact, the specifi cation for Diffi e-Hellman certifi cates puts
p
and
g
in
the certifi cate, which makes perfect sense, but it also puts
Ys
in the certifi cate.
Search WWH ::
Custom Search