Cryptography Reference
In-Depth Information
You should be familiar with the
read_key
,
write_key
, and
write_iv
from
Chapter 2. There are a few internal variables to examine as you go through the
implementation of
ssl_connect
.
The fi rst two parameters are the
active_cipher_spec
and the
proposed_
cipher_spec
. The
cipher_spec
describes exactly what encryption and MAC
should be applied to each packet.
The format of a CipherSpec structure in Listing C-5 shouldn't be too surprising.
Listing C-5:
“ssl.h” SSLv2 CipherSpec declaration
typedef struct
{
int cipher_spec_code;
int block_size;
int IV_size;
int key_size;
int hash_size;
void (*bulk_encrypt)( const unsigned char *plaintext,
const int plaintext_len,
unsigned char ciphertext[],
void *iv,
const unsigned char *key );
void (*bulk_decrypt)( const unsigned char *ciphertext,
const int ciphertext_len,
unsigned char plaintext[],
void *iv,
const unsigned char *key );
void (*new_digest)( digest_ctx *context );
}
CipherSpec;
Each cipher and MAC combination is identifi ed by a unique, three-byte com-
bination. SSLv2 defi ned 7 cipher/MAC combinations as shown in Listing C-6.
Listing C-6:
“ssl.h” CipherSuite Declarations
#define SSL_CK_RC4_128_WITH_MD5 0x800001
#define SSL_CK_DES_64_CBC_WITH_MD5 0x400006
#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5 0xc00007
#define SSL_CK_RC4_128_EXPORT40_WITH_MD5 0x800002
#define SSL_CK_RC2_128_CBC_WITH_MD5 0x800003
#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x800004
#define SSL_CK_IDEA_128_CBC_WITH_MD5 0x800005
#define SSL_PE_NO_CIPHER 0x0100
#define SSL_PE_NO_CERTIFICATE 0x0200
#define SSL_PE_BAD_CERTIFICATE 0x0400
#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0600
(Continued)
Search WWH ::
Custom Search