Cryptography Reference
In-Depth Information
2. Expand
init_parameters
as shown in Listing 8-39.
Listing 8-39:
“tls.c” init_parameters with saved verify data
void init_parameters( TLSParameters *parameters,
int renegotiate )
{
init_protection_parameters( ¶meters->pending_send_parameters );
init_protection_parameters( ¶meters->pending_recv_parameters );
if ( !renegotiate )
{
init_protection_parameters( ¶meters->active_send_parameters );
init_protection_parameters( ¶meters->active_recv_parameters );
// Always assume secure renegotiation to begin
parameters->support_secure_renegotiation = 1;
memset( parameters->client_verify_data, '\0', VERIFY_DATA_LEN );
memset( parameters->server_verify_data, '\0', VERIFY_DATA_LEN );
}
…
3. Record the verify data when it is sent or received as shown in Listing 8-40.
Listing 8-40:
“tls.c” Saving verify data
static int send_finished( int connection,
TLSParameters *parameters )
{
unsigned char verify_data[ VERIFY_DATA_LEN ];
compute_verify_data(
parameters->connection_end == connection_end_client ? “client finished” :
“server finished”,
parameters, verify_data );
// Record the verify data for later secure renegotiation
memcpy( parameters->connection_end == connection_end_client ?
parameters->client_verify_data : parameters->server_verify_data,
verify_data, VERIFY_DATA_LEN );
…
static unsigned char *parse_finished( unsigned char *read_pos,
int pdu_length,
TLSParameters *parameters )
{
unsigned char verify_data[ VERIFY_DATA_LEN ];
parameters->peer_finished = 1;
compute_verify_data(
parameters->connection_end == connection_end_client ? “server finished” :
“client finished”,
parameters, verify_data );
Search WWH ::
Custom Search