Cryptography Reference
In-Depth Information
You should have no problem fi lling in the remaining cipher suites; they all
use SHA-1 MACs, so the only change is the bulk_encrypt and bulk_decrypt
function pointers. There are no currently defi ned cipher suites that use both
AEAD encryption and ECC key exchange.
If you look at the typical SSL handshake shown in Figure 6-1, you can see
that the key exchange portion affects three messages: the certifi cate, which
was addressed earlier, the client key exchange, and, optionally, the server key
exchange. (It also affects the client certifi cate and client certifi cate verify , if client
authentication is being used). Because the cipher suites being examined here
are ECDHE cipher suites, the server is sending a key exchange message.
To complete its side of the ECDHE key exchange, the server must select a curve,
choose a random number b , multiply the curve's generator point by b , and send
the resulting point on to the client. It must also, of course, hang on to b so that
it can multiply the client's response point by this amount. Therefore, the server
key exchange must consist of a curve — either explicitly or by name — and a
point. Note that the selected curve does not have to be the same as the curve in
the certifi cate. As always, the whole server key exchange is signed according
to the previously exchanged certifi cate, unless an anonymous cipher suite is
being used.
To support ECDH, you need a place to put the ephemeral key parameters:
1. Modify the TLSParameters, as shown in Listing 9-39.
Listing 9-39: “tls.h” TLSParameters with ECDH support
typedef struct
{
dh_key server_dh_key;
elliptic_curve server_ecdh_params;
point server_ecdh_key;
int got_client_hello;
2. Modify the parse_server_key_exchange function from Listing 8-19 to
read and populate these new parameters as shown in Listing 9-40.
Listing 9-40: “tls.c” parse_server_key_exchange with ECDH support
typedef enum
{
secp192r1 = 19,
secp256r1 = 23
}
named_curve;
typedef enum
{
Search WWH ::




Custom Search