Cryptography Reference
In-Depth Information
Supporting the TLS Server Key Exchange Message
To support ephemeral key exchange on the client side, the client must be pre-
pared to accept either a certifi cate or a server key exchange message. As you
can probably guess, implementing this fi rst involves adding a new case arm to
receive_tls_msg
, shown in Listing 8-18.
Listing 8-18:
“tls.c” receive_tls_msg with server key exchange
static int receive_tls_msg( int connection,
char *buffer,
int bufsz,
TLSParameters *parameters )
{
…
switch ( handshake.msg_type )
{
…
case server_key_exchange:
read_pos = parse_server_key_exchange( read_pos, parameters );
if ( read_pos == NULL )
{
send_alert_message( connection, handshake_failure,
¶meters->active_send_parameters );
return -1;
}
break;
The optional server key exchange message is sent after the server hello. Both
the certifi cate and the server key exchange handshake messages are optional,
as indicated by the dashed lines in Figure 8-4.
Recall from Listing 6-37 that the
send_client_key_exchange
was coded to
perform Diffi e-Hellman key exchange if the cipher suite called for it, so the only
thing left to do in
parse_server_key_exchange
is to store the Diffi e-Hellman
parameters for the subsequent key exchange as shown in Listing 8-19.
Listing 8-19:
“tls.c” parse_server_key_exchange
static char *parse_server_key_exchange( unsigned char *read_pos,
TLSParameters *parameters )
{
short length;
int i;
unsigned char *dh_params = read_pos;
for ( i = 0; i < 3; i++ )
{
memcpy( &length, read_pos, 2 );
length = ntohs( length );
(Continued)
Search WWH ::
Custom Search