21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

#define SPC_CLIENT_DISTINGUISHER 0x80<br />

#define SPC_SERVER_DISTINGUISHER 0x00<br />

#define SPC_SERVER_LACKS_NONCE 0xff<br />

#define SPC_IV_IX 1<br />

#define SPC_CTR_IX 6<br />

#define SPC_IV_LEN 5<br />

#define SPC_CTR_LEN 5<br />

#define SPC_CWC_NONCE_LEN (SPC_IV_LEN + SPC_CTR_LEN + 1)<br />

typedef struct {<br />

cwc_t cwc;<br />

unsigned char nonce[SPC_CWC_NONCE_LEN];<br />

int fd;<br />

} spc_ssock_t;<br />

After the key exchange completes, the client will have a key and a file descriptor connected<br />

to the server. We can use this information to initialize an spc_ssock_t:<br />

/* keylen is in bytes. Note that, on errors, we abort(), whereas you will<br />

* probably want to perform exception handling, as discussed in Recipe 13.1.<br />

* In any event, we never report an error to the other side; simply drop the<br />

* connection (by aborting). We'll send a message when shutting down properly.<br />

*/<br />

void spc_init_client(spc_ssock_t *ctx, unsigned char *key, size_t klen, int fd) {<br />

if (klen != 16 && klen != 24 && klen != 32) abort();<br />

/* Remember that cwc_init() erases the key we pass in! */<br />

cwc_init(&(ctx->cwc), key, klen * 8);<br />

/* select 5 random bytes to place starting at nonce[1]. We use the API from<br />

* Recipe 11.2.<br />

*/<br />

spc_rand(ctx->nonce + SPC_IV_IX, SPC_IV_LEN);<br />

/* Set the 5 counterbytes to 0, indicating that we've sent no messages. */<br />

memset(ctx->nonce + SPC_CTR_IX, 0, SPC_CTR_LEN);<br />

ctx->fd = fd;<br />

/* This value always holds the value of the last person to send a message.<br />

* If the client goes to send a message, and this is sent to<br />

* SPC_CLIENT_DISTINGUISHER, then we know there has been an error.<br />

*/<br />

ctx->nonce[0] = SPC_SERVER_DISTINGUISHER;<br />

}<br />

The client may now send a message to the server using the following function, which<br />

accepts plaintext and encrypts it before sending:<br />

#define SPC_CWC_TAG_LEN 16<br />

#define SPC_MLEN_FIELD_LEN 4<br />

#define SPC_MAX_MLEN 0xffffffff<br />

Building an Authenticated Secure Channel Without SSL | 495<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!