Cryptography Reference
In-Depth Information
{
key_block_ptr = read_buffer( send_parameters->MAC_secret, key_block,
suite->hash_size );
key_block_ptr = read_buffer( recv_parameters->MAC_secret, key_block_ptr,
suite->hash_size );
key_block_ptr = read_buffer( send_parameters->key, key_block_ptr,
suite->key_size );
key_block_ptr = read_buffer( recv_parameters->key, key_block_ptr,
suite->key_size );
key_block_ptr = read_buffer( send_parameters->IV, key_block_ptr,
suite->IV_size );
key_block_ptr = read_buffer( recv_parameters->IV, key_block_ptr,
suite->IV_size );
}
else // I'm the server
{
key_block_ptr = read_buffer( recv_parameters->MAC_secret, key_block,
suite->hash_size );
key_block_ptr = read_buffer( send_parameters->MAC_secret, key_block_ptr,
suite->hash_size );
key_block_ptr = read_buffer( recv_parameters->key, key_block_ptr,
suite->key_size );
key_block_ptr = read_buffer( send_parameters->key, key_block_ptr,
suite->key_size );
key_block_ptr = read_buffer( recv_parameters->IV, key_block_ptr,
suite->IV_size );
key_block_ptr = read_buffer( send_parameters->IV, key_block_ptr,
suite->IV_size );
}
The benefi t of this approach is that
tls_recv
and
tls_send
work exactly as before.
They don't care whether they're operating in the context of a client or a server.
TLS Change Cipher Spec
After receiving the key exchange and parsing it correctly, the server must send
a
change cipher spec
message. It can't send one until the key exchange is complete
because it doesn't know the keys. This message informs the client that it is start-
ing to encrypt every following packet, and it expects the client to do the same.
The
send_change_cipher_spec
function is the same one shown in Listing
6-40; it looks exactly the same when the server sends it as it does when the cli-
ent sends it.
TLS Finished
Finally, the server sends its
fi nished
message. Recall from Listing 7-4 that the cli-
ent sends its fi nished message before the server does. Making sure to keep this
ordering straight is important because one of the fi nished messages includes
the other one in the handshake digest. The protocol would have worked just as
Search WWH ::
Custom Search