Cryptography Reference
In-Depth Information
why you should keep the IV pointer in
parameters
at all given that the
IV is being generated randomly each time a message is sent. Well, don't
forget that the IV parameter was used as a generic state area for stream
ciphers such as RC4 and needs to be kept intact, because RC4 looks just
the same in TLS 1.1+ as it does in TLS 1.0.
5. Listing 9-3 details the converse changes that you must make to
tls_decrypt
to properly decode buffers that are written this way.
Listing 9-3:
“tls.c” tls_decrypt with explicit IVs
CipherSuite *active_suite = &( suites[ parameters->suite ] );
encrypted_length -= active_suite->IV_size;
*decrypted_message = ( unsigned char * ) malloc( encrypted_length );
if ( active_suite->bulk_decrypt )
{
if ( active_suite->IV_size )
{
memcpy( parameters->IV, encrypted_message, active_suite->IV_size );
}
active_suite->bulk_decrypt( encrypted_message
+ active_suite->IV_size
,
encrypted_length, *decrypted_message,
parameters->IV, parameters->key );
To decrypt, it's even easier; just check to see if the cipher suite calls for
an IV, and, if so, copy the fi rst
IV_size
bytes of the message into the
parameters->IV
.
If you change the
TLS_MINOR_VERSION
to 2, you actually now have a TLS
1.1-compliant implementation. You can probably easily see how this code could
have been structured to allow the same function to service TLS 1.1 and TLS 1.0
with a handful of
if
statements. You might even want to try to do this as an
exercise.
NOTE
Note that this code makes no attempt at checking versions. If a client
asks for version 3.1, it gets version 3.3, which is actually an error. To be prop-
erly compliant, the server should either negotiate the version requested by
the client, or the highest version it supports. It can never negotiate a version
higher than was requested.
TLS 1.2 Modifi cations to the PRF
The code in the previous section is still not TLS 1.2 compliant. TLS 1.2 made two
signifi cant structural changes to the message formats. The fi rst was a change
in the PRF.
Search WWH ::
Custom Search