Cryptography Reference
In-Depth Information
1. Obviously, you should change the version number declared in the header
fi le from 3.1 to 3.3 as shown in Listing 9-1.
Listing 9-1:
“tls.h” TLS 1.2 version declaration
#define TLS_VERSION_MAJOR 3
#define TLS_VERSION_MINOR
3
2. After this, you need to make the code TLS 1.1 compliant. If you recall from
Chapter 6, the most signifi cant difference between TLS 1.0 and TLS 1.1 is
that, for CBC-based block ciphers, TLS 1.1 prepends the IV to each block
rather than computing it from the master secret. TLS 1.2 does this as well.
3. You can go ahead and remove the IV calculation from the
calculate_keys
routine if you're so inclined. However, it's not really important that you do;
for TLS 1.1+, computing an unused set of IVs just becomes a few wasted
clock cycles.
4. You do, however, have to modify
send_message
and
tls_decrypt
to
prepend the IVs and recognize them, respectively.
The necessary changes to
send_message
are shown in Listing 9-2.
Listing 9-2:
“tls.c” send_message with explicit IVs
// Finally, write the whole thing out as a single packet.
if ( active_suite->bulk_encrypt )
{
unsigned char *encrypted_buffer = malloc( send_buffer_size +
active_suite->IV_size
);
int plaintext_len;
// TODO make this random
memset( parameters->IV, '\0', active_suite->IV_size );
// The first 5 bytes (the header) and the IV aren't encrypted
memcpy( encrypted_buffer, send_buffer, 5 );
memcpy( encrypted_buffer + 5, parameters->IV, active_suite->IV_size );
plaintext_len = 5 + active_suite->IV_size;
active_suite->bulk_encrypt( send_buffer + 5,
send_buffer_size - 5, encrypted_buffer +
plaintext_len
,
parameters->IV, parameters->key );
free( send_buffer );
send_buffer = encrypted_buffer;
send_buffer_size += active_suite->IV_size;
As you can see, there's not much to change, here; just make sure to
overwrite the IV with random bytes before encrypting, and put the IV in
between the send buffer header and the encrypted data. You may wonder
Search WWH ::
Custom Search