Cryptography Reference
In-Depth Information
The server hello done is always followed by a client key exchange, whether the
key exchange was an ephemeral one or not. In this case, the client key exchange is
signifi cantly shorter than in the case of an RSA key exchange, especially because
the “secret” value
A
was hardcoded to be 6 by this implementation. Because
g
is 2 (see the preceding code), Yc = 2
6
%p = 64. To complete the key exchange, the
server must compute 64
B
%p. I can't show you this computation because I don't
know what
B
was. No matter how hard I try, I shouldn't be able to fi gure it out.
The client must compute Ys
6
%p to settle on the premaster secret.
The remainder of the handshake continues as in the RSA key exchange case;
now that the premaster secret has been successfully exchanged, the client sends
a change cipher spec, followed by a fi nished message, which the server recip-
rocates as shown below.
21:35:48.488513 IP localhost.59349 > localhost.8443: Flags [P.], ack 1159, win
275, options [nop,nop,TS val 4294952116 ecr 4294952116], length 51
0x0000: 4500 0067 6de1 4000 4006 cead 7f00 0001 E..gm.@.@.......
0x0010: 7f00 0001 e7d5 20fb aa9d a98b ab00 79b0 ..............y.
0x0020: 8018 0113 fe5b 0000 0101 080a ffff c4b4 .....[..........
0x0030: ffff c4b4
1403 0100 0101 1603 0100 28ac
..............(.
0x0040:
cc09 37ea 64f2 4677 68e8 0025 bf96 f1df
..7.d.Fwh..%....
0x0050:
92f3 f83a b5a9 cb9e 6672 e245 4687 2259
...:....fr.EF.”Y
0x0060:
9135 c6f2 707a b6
.5..pz.
21:35:48.488901 IP localhost.8443 > localhost.59349: Flags [P.], ack 114, win
256, options [nop,nop,TS val 4294952116 ecr 4294952116], length 51
0x0000: 4500 0067 b1be 4000 4006 8ad0 7f00 0001 E..g..@.@.......
0x0010: 7f00 0001 20fb e7d5 ab00 79b0 aa9d a9be ..........y.....
0x0020: 8018 0100 fe5b 0000 0101 080a ffff c4b4 .....[..........
0x0030: ffff c4b4
1403 0100 0101 1603 0100 2827
..............('
0x0040:
a9bf 753d f061 2e90 62b3 5cfa 19f8 52f4
..u=.a..b.\...R.
0x0050:
4ad5 6a59 5d4e 5bba 7f89 3ce3 9e25 c15f
J.jY]N[...<..%._
0x0060:
5e1d 0ef8 a8ce 22
^.....”
This works for all of the
DHE_RSA_xxx
cipher suites — that is, those whose
certifi cate includes an RSA public key. What about the
DHE_DSS_xxx
cipher suites?
If you recall from Listing 6-5, the
TLSParameters
structure is declared to have
space only for an RSA public key. If the server returns a DSA public key, it is
ignored. Back then, that was a sensible decision because you were just focusing
on RSA-based key exchanges, but now you can actually do something with a
DSA certifi cate.
To support DSA verifi cation, change the
TLSParameters server_public_key
type
from an
rsa_key
to the
public_key_info
structure that is defi ned in Listing 5-26.
This has a section for either an rsa_key or a dsa key, plus the required dsa
params. This is shown in Listing 8-22.
Listing 8-22:
“tls.h” TLSParameters with dsa key support
typedef struct
{
Search WWH ::
Custom Search