Cryptography Reference
In-Depth Information
Listing C-26:
“ssl.h” ServerVerify declaration
typedef struct
{
unsigned char challenge[ CHALLENGE_LEN ];
}
ServerVerify;
NOTE
There's also a server fi nished message that is
not
analogous to the
client fi nished.
Here the server MACs, encrypts, and refl ects back the client's challenge token.
The client must verify that it can be decrypted, verifi ed, and that it matches
what the client sent initially. As discussed earlier, if anything goes wrong, no
specifi c error code is sent. The connection is just closed.
After sending
client_finished
,
ssl_connect
starts looking for
server_verify
:
while ( !parameters->got_server_verify )
{
if ( receive_ssl_message( connection, NULL, 0, parameters ) == -1 )
{
return -1;
}
}
Of course, because the key exchange has been completed, this message is
encrypted. You can still invoke
receive_ssl_message
here, but it has to be
extended to handle encrypted incoming messages.
First of all, recognize and process the three-byte lengths described in the
previous section as shown in Listing C-27.
Listing C-27:
“ssl.c” receive_ssl_message with encryption support
unsigned char padding_len = 0;
...
if ( message_len & 0x8000 )
{
// two-byte length
message_len &= 0x7FFF;
}
else
{
// three-byte length, include a padding value
if ( recv( connection, &padding_len, 1, 0 ) <= 0 )
{
return -1;
}
}
Search WWH ::
Custom Search