Cryptography Reference
In-Depth Information
Remember from Listing 6-33 that the TLS PRF defi ned a
P_hash
function that
took as input a label and a seed, and securely generated an arbitrary number
of bytes based on a hash function. In TLS 1.1 and earlier, this
P_hash
function
was called twice; once with the hash function MD5, and once with the hash
function SHA-1. The two calls each got half of the secret, and the outputs were
XORed together to create the fi nal output. Getting the PRF right is by far the
most diffi cult part of implementing TLS.
If you're cringing in terror at what new horrors might await you with the
complexity of TLS 1.2's modifi cations to the PRF, you'll be pleasantly surprised
that TLS 1.2 actually simplifi es the PRF. The
P_hash
function stays the same, but
it's no longer a combination of two separate hash functions. You just call
P_hash
one time, give it the whole secret, and return the results directly as the output.
You may be wondering, of course, which hash function you should use if
you're calling
P_hash
just one time. MD5 or SHA-1? Actually, TLS 1.2 makes
this confi gurable; there's a new client hello extension that enables the client to
suggest a hash function that should be used. If the client doesn't suggest one,
though, both sides should default to SHA-256. Modify the PRF function from
Listing 6-29 as shown in Listing 9-4.
Listing 9-4:
“prf.c” PRF2
void PRF( const unsigned char *secret,
int secret_len,
const unsigned char *label,
int label_len,
const unsigned char *seed,
int seed_len,
unsigned char *output,
int out_len )
{
unsigned char *concat = ( unsigned char * ) malloc( label_len + seed_len );
memcpy( concat, label, label_len );
memcpy( concat + label_len, seed, seed_len );
P_hash( secret, secret_len, concat, label_len + seed_len, output,
out_len, new_sha256_digest );
free( concat );
}
As you can see, you almost don't need a PRF function anymore; you could
just as easily change the callers to directly invoke
P_hash
because
PRF
isn't really
adding any value anymore. Leaving it in place minimizes the changes to other
code, though; everything else can stay just as it is.
Search WWH ::
Custom Search