Cryptography Reference
In-Depth Information
Implementing the SSL Handshake
The bulk of the work in an SSL library is in the SSL handshake. When the
ssl_connect
function is called, the connection is unsecured.
ssl_connect
is
primarily responsible for performing a secure key exchange and keeping track
of the exchanged keys. Its job is to fi ll out the
SSLParameters
structure that's
passed in as shown in Listing C-4.
Listing C-4:
“ssl.h” SSLParameters declaration
// Technically, this is a variable-length parameter; the client can send
// between 16 and 32 bytes. Here, it's left as a fixed-length
// parameter.
#define CHALLENGE_LEN 16
typedef struct
{
CipherSpec *active_cipher_spec;
CipherSpec *proposed_cipher_spec;
// Flow-control variables
int got_server_hello;
int got_server_verify;
int got_server_finished;
int handshake_finished;
int connection_id_len;
rsa_key server_public_key;
unsigned char challenge[ CHALLENGE_LEN ];
unsigned char *master_key;
unsigned char *connection_id;
void *read_state;
void *write_state;
unsigned char *read_key;
unsigned char *write_key;
unsigned char *read_iv;
unsigned char *write_iv;
int read_sequence_number;
int write_sequence_number;
unsigned char *unread_buffer;
int unread_length;
}
SSLParameters;
The
server_public_key
is the key with which RSA key exchange is performed
as described in Chapter 3. (SSLv2 didn't support Diffi e-Hellman key exchange.)
Search WWH ::
Custom Search