hdskkeys.c

来自「Netscape公司提供的安全套接字层」· C语言 代码 · 共 484 行 · 第 1/2 页

C
484
字号
12
/*  *********************************************************************
    File: hdskkeys.c

    SSLRef 3.0 Final -- 11/19/96

    Copyright (c)1996 by Netscape Communications Corp.

    By retrieving this software you are bound by the licensing terms
    disclosed in the file "LICENSE.txt". Please read it, and if you don't
    accept the terms, delete this software.

    SSLRef 3.0 was developed by Netscape Communications Corp. of Mountain
    View, California <http://home.netscape.com/> and Consensus Development
    Corporation of Berkeley, California <http://www.consensus.com/>.

    *********************************************************************

    File: hdskkeys.c   Key calculation and encoding

    Contains code for encoding premaster secrets, generating master
    secrets from premaster secrets & key data generation from master
    secrets and following initialization of ciphers.

    ****************************************************************** */

#ifndef _SSLCTX_H_
#include "sslctx.h"
#endif

#ifndef _SSLHDSHK_H_
#include "sslhdshk.h"
#endif

#ifndef _SSLALLOC_H_
#include "sslalloc.h"
#endif

#include <string.h>

static SSLErr SSLGenerateKeyMaterial(SSLBuffer key, SSLContext *ctx);

SSLErr
SSLEncodeRSAPremasterSecret(SSLContext *ctx)
{   SSLBuffer           randData;
    SSLErr              err;
    
    if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, 48, &ctx->sysCtx)) != 0)
        return err;
    
    SSLEncodeInt(ctx->preMasterSecret.data, SSL_Version_3_0, 2);
    randData.data = ctx->preMasterSecret.data+2;
    randData.length = 46;
    if ((err = ctx->sysCtx.random(randData, ctx->sysCtx.randomRef)) != 0)
        return err;
    
    DUMP_BUFFER_NAME("premaster secret", ctx->preMasterSecret);
    
    return SSLNoErr;
}

SSLErr
SSLEncodeDHPremasterSecret(SSLContext *ctx)
{   SSLErr              err;
    int                 rsaResult;
    SSLRandomCtx        rsaRandom;
#if RSAREF
    SSLBuffer           privateValue;
#endif

/* Given the server's Diffie-Hellman parameters, prepare a public & private value,
 *  then use the public value provided by the server and our private value to
 *  generate a shared key (the premaster secret). Save our public value in
 *  ctx->dhExchangePublic to send to the server so it can calculate the matching
 *  key on its end
 */
    if (ERR(err = ReadyRandom(&rsaRandom, ctx)) != 0)
        return err;
    
#if RSAREF
    {   privateValue.data = 0;
        
        if (ERR(err = SSLAllocBuffer(&ctx->dhExchangePublic, ctx->peerDHParams.primeLen, &ctx->sysCtx)) != 0)
            goto fail;
        if (ERR(err = SSLAllocBuffer(&privateValue, ctx->dhExchangePublic.length - 16, &ctx->sysCtx)) != 0)
            goto fail;
        
        if ((rsaResult = R_SetupDHAgreement(ctx->dhExchangePublic.data, privateValue.data,
                            privateValue.length, &ctx->peerDHParams, &rsaRandom)) != 0)
        {   err = SSLUnknownErr;
            goto fail;
        }
        
        if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, ctx->peerDHParams.primeLen, &ctx->sysCtx)) != 0)
            goto fail;
        
        if ((rsaResult = R_ComputeDHAgreedKey (ctx->preMasterSecret.data, ctx->dhPeerPublic.data,
                            privateValue.data, privateValue.length,  &ctx->peerDHParams)) != 0)
        {   err = SSLUnknownErr;
            goto fail;
        }
    }
#elif BSAFE
    {   unsigned int    outputLen;
        
        if (ERR(err = SSLAllocBuffer(&ctx->dhExchangePublic, 128, &ctx->sysCtx)) != 0)
            goto fail;
        if ((rsaResult = B_KeyAgreePhase1(ctx->peerDHParams, ctx->dhExchangePublic.data,
                            &outputLen, 128, rsaRandom, NO_SURR)) != 0)
        {   err = SSLUnknownErr;
            goto fail;
        }
        ctx->dhExchangePublic.length = outputLen;
        if (ERR(err = SSLAllocBuffer(&ctx->preMasterSecret, 128, &ctx->sysCtx)) != 0)
            goto fail;
        if ((rsaResult = B_KeyAgreePhase2(ctx->peerDHParams, ctx->preMasterSecret.data,
                            &outputLen, 128, ctx->dhPeerPublic.data, ctx->dhPeerPublic.length,
                            NO_SURR)) != 0)
        {   err = SSLUnknownErr;
            goto fail;
        }
        ctx->preMasterSecret.length = outputLen;
    }
 #endif
    
    DUMP_BUFFER_NAME("premaster secret", ctx->preMasterSecret);
    
    err = SSLNoErr;
fail:
#if RSAREF
    ERR(SSLFreeBuffer(&privateValue, &ctx->sysCtx));
    R_RandomFinal(&rsaRandom);
#elif BSAFE
    B_DestroyAlgorithmObject(&rsaRandom);
#endif  
    return err;
}

SSLErr
SSLCalculateMasterSecret(SSLContext *ctx)
{   SSLErr      err;
    SSLBuffer   shaState, md5State, clientRandom,
                serverRandom, shaHash, md5Hash, leader;
    uint8       *masterProgress, shaHashData[20], leaderData[3];
    int         i;
    
    md5State.data = shaState.data = 0;
    if ((err = SSLAllocBuffer(&md5State, SSLHashMD5.contextSize, &ctx->sysCtx)) != 0)
        goto fail;
    if ((err = SSLAllocBuffer(&shaState, SSLHashSHA1.contextSize, &ctx->sysCtx)) != 0)
        goto fail;
    
    clientRandom.data = ctx->clientRandom;
    clientRandom.length = 32;
    serverRandom.data = ctx->serverRandom;
    serverRandom.length = 32;
    shaHash.data = shaHashData;
    shaHash.length = 20;
    
    masterProgress = ctx->masterSecret;
    
    for (i = 1; i <= 3; i++)
    {   if ((err = SSLHashMD5.init(md5State)) != 0)
            goto fail;
        if ((err = SSLHashSHA1.init(shaState)) != 0)
            goto fail;
        
        leaderData[0] = leaderData[1] = leaderData[2] = 0x40 + i;   /* 'A', 'B', etc. */
        leader.data = leaderData;
        leader.length = i;
        
        if ((err = SSLHashSHA1.update(shaState, leader)) != 0)
            goto fail;
        if ((err = SSLHashSHA1.update(shaState, ctx->preMasterSecret)) != 0)
            goto fail;
        if ((err = SSLHashSHA1.update(shaState, clientRandom)) != 0)
            goto fail;
        if ((err = SSLHashSHA1.update(shaState, serverRandom)) != 0)
            goto fail;
        if ((err = SSLHashSHA1.final(shaState, shaHash)) != 0)
            goto fail;
        if ((err = SSLHashMD5.update(md5State, ctx->preMasterSecret)) != 0)
            goto fail;
        if ((err = SSLHashMD5.update(md5State, shaHash)) != 0)
            goto fail;
        md5Hash.data = masterProgress;
        md5Hash.length = 16;
        if ((err = SSLHashMD5.final(md5State, md5Hash)) != 0)
            goto fail;
        masterProgress += 16;
    }
    
    DUMP_DATA_NAME("master secret",ctx->masterSecret, 48);
    
    err = SSLNoErr;
fail:
    SSLFreeBuffer(&shaState, &ctx->sysCtx);
    SSLFreeBuffer(&md5State, &ctx->sysCtx);
    return err;
}

SSLErr
SSLInitPendingCiphers(SSLContext *ctx)
{   SSLErr          err;
    SSLBuffer       key, hashCtx;
    uint8           *keyDataProgress, *keyPtr, *ivPtr;
    int             keyDataLen;
    CipherContext   *serverPending, *clientPending;
        
    key.data = hashCtx.data = 0;
    
    ctx->readPending.hash = ctx->selectedCipherSpec->macAlgorithm;
    ctx->writePending.hash = ctx->selectedCipherSpec->macAlgorithm;
    ctx->readPending.symCipher = ctx->selectedCipherSpec->cipher;
    ctx->writePending.symCipher = ctx->selectedCipherSpec->cipher;
    ctx->readPending.sequenceNum.high = ctx->readPending.sequenceNum.low = 0;
    ctx->writePending.sequenceNum.high = ctx->writePending.sequenceNum.low = 0;
    
    keyDataLen = ctx->selectedCipherSpec->macAlgorithm->digestSize +
                     ctx->selectedCipherSpec->cipher->secretKeySize;
    if (ctx->selectedCipherSpec->isExportable == NotExportable)
        keyDataLen += ctx->selectedCipherSpec->cipher->ivSize;
    keyDataLen *= 2;        /* two of everything */
    
    if ((err = SSLAllocBuffer(&key, keyDataLen, &ctx->sysCtx)) != 0)
        return err;
    if ((err = SSLGenerateKeyMaterial(key, ctx)) != 0)
        goto fail;
    DUMP_BUFFER_NAME("key data",key);
    
    if (ctx->protocolSide == SSL_ServerSide)
    {   serverPending = &ctx->writePending;
        clientPending = &ctx->readPending;
    }
    else
    {   serverPending = &ctx->readPending;
        clientPending = &ctx->writePending;
    }
    
    keyDataProgress = key.data;
    memcpy(clientPending->macSecret, keyDataProgress, ctx->selectedCipherSpec->macAlgorithm->digestSize);
    DUMP_DATA_NAME("client write mac secret", keyDataProgress, ctx->selectedCipherSpec->macAlgorithm->digestSize);
    keyDataProgress += ctx->selectedCipherSpec->macAlgorithm->digestSize;
12

hdskkeys.c - 源码说明

本页面展示了「Netscape公司提供的安全套接字层」中的 hdskkeys.c 源码文件,采用 C语言 编程语言编写,共 484 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与Netscape相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?