Cryptography Reference
In-Depth Information
However, what makes this a bit more complicated, and useful, is that the whole
client_finished
message — and every subsequent packet transmitted over
this connection — should be encrypted with the newly negotiated session keys.
ssl_connect
makes the “pending” cipher spec the active one:
parameters->active_cipher_spec = parameters->proposed_cipher_spec;
parameters->proposed_cipher_spec = NULL;
Sending the
client_finished
method in Listing C-23 is straightforward.
Listing C-23:
“ssl.c” send_client_fi nished
static int send_client_finished( int connection,
SSLParameters *parameters )
{
int status = 0;
unsigned char *send_buffer, *write_buffer;
int buf_len;
ClientFinished package;
package.connection_id = malloc( parameters->connection_id_len );
memcpy( package.connection_id, parameters->connection_id,
parameters->connection_id_len );
buf_len = parameters->connection_id_len;
write_buffer = send_buffer = malloc( buf_len );
write_buffer = append_buffer( write_buffer, package.connection_id,
parameters->connection_id_len );
status = send_handshake_message( connection, SSL_MT_CLIENT_FINISHED,
send_buffer, buf_len, parameters );
free( send_buffer );
free( package.connection_id );
return status;
}
There shouldn't be any surprises here. Fill in a structure, fl atten it, and send
it via
send_handshake_message
.
To actually support encryption, extend
send_message
in Listing C-24 to check
to see if the
active_cipher_spec
parameter of the
SSLParameters
argument in
non-null. If it is, it is used to encrypt and MAC the packet.
Listing C-24:
“ssl.c” send_message with encryption support
if ( parameters->active_cipher_spec == NULL )
{
Search WWH ::
Custom Search