Cryptography Reference
In-Depth Information
new_sha256_digest( &sha256_digest );
update_digest( &sha256_digest, parameters->client_random, RANDOM_LENGTH );
update_digest( &sha256_digest, parameters->server_random, RANDOM_LENGTH );
update_digest( &sha256_digest, message, message_len );
finalize_digest( &sha256_digest );
verified = ecdsa_verify( &parameters->server_public_key.ecdsa_curve,
&parameters->server_public_key.ecdsa_public_key,
sha256_digest.hash,
SHA256_BYTE_SIZE,
&received_signature );
}
if ( !verified )
{
free_huge( &received_signature.r );
free_huge( &received_signature.s );
return 0;
}
NOTE
The ECDSA verifi cation routine itself was shown in Listing 4-40.
To support ECDHE on the client side, in the most common case of server-
only authentication, the only thing left is to actually perform the key exchange.
Modify send_client_key_exchange from Listing 6-33 to recognize ECDHE as
an option, as shown in Listing 9-42.
Listing 9-42: “tls.c” send_client_key_exchange with ECDHE support
static int send_client_key_exchange( int connection, TLSParameters *parameters )
{
switch ( parameters->pending_send_parameters.suite ) {
case TLS_NULL_WITH_NULL_NULL:
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
premaster_secret_len = parameters->server_ecdh_params.p.size;
premaster_secret = malloc( premaster_secret_len );
key_exchange_message_len = ecdh_key_exchange(
&parameters->server_ecdh_key, &parameters->server_ecdh_params,
premaster_secret, &key_exchange_message );
break;
default:
break;
}
The rest of send_client_key_exchange doesn't change in the case of ECDH;
the key exchange function itself populates the handshake message and the
premaster secret. All that's left is to implement the ECDH key exchange itself
 
Previous Page
Next Page
Implementing SSL/TLS Using Cryptography and PKI
Search WWH ::




Custom Search
Home