Cryptography Reference
In-Depth Information
send_error = htons( error_code );
memcpy( buffer + 1, &send_error, sizeof( unsigned short ) );
if ( send_message( connection, buffer, 3, parameters ) == -1 )
{
return -1;
}
return 0;
}
If a server hello response was received, and the certifi cate parsed OK, but
the client and server had no common cipher specs, the
ssl_connect
responds
with an error (note that the server could, and should, have done this instead of
sending a server hello message):
if ( parameters->proposed_cipher_spec == NULL )
{
send_error( connection, SSL_PE_NO_CIPHER, parameters );
return -1;
}
If nothing has gone wrong, at this point you have a public key, a proposed
cipher spec, and have exchanged both a challenge token and a connection ID.
You now have enough information to compute keys.
SSL Client Master Key
SSLv3+ generated keying material through a fairly complex pseudo-random
function. SSLv2 didn't; instead, it just MD5-hashed a random master key along
with the challenge token and the connection ID to produce as much keying
material — read/write keys — as it needed. This master key is the same length
as the cipher spec's symmetric key. Because you're only supporting three cipher
specs here, this is easy to enumerate: 8 bytes for DES, 24 bytes for 3DES, and 16
bytes for 128-bit RC4.
Remember that the MD5 algorithm produces 16 bytes of output, regardless
of the length of its input. For DES, that's as much key material as you need for
both sides; each side needs 8 bytes. For RC4, you have to run the MD5 algorithm
twice, and for 3DES, three times. So that you don't get the same key over and
over again, you must also increment a counter on each run.
NOTE
The last published draft specifi cation for SSLv2 (version 0.2, 1995)
stated that the counter should not be used — that is, the byte itself should be
omitted — for DES, which only requires 16 bytes of keying material. No imple-
mentation of SSLv2 ever followed this element of the specifi cation; the code to
omit this byte is shown in Listing C-19, but it's wrapped up in an
#if 0
to retain
Search WWH ::
Custom Search