TLS/SSL Handshake with RSA and DHE - Desklib
VerifiedAdded on  2023/06/10
|16
|2305
|399
AI Summary
This article explains the TLS/SSL Handshake with RSA and DHE, including the steps for establishing the connection, authentication, and code execution. It also provides references for further reading. This content is relevant for computer science and engineering courses in universities and colleges. Get solved assignments, essays, and dissertations on Desklib.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
INSTITUTION:
FACULTY:
DEPARTMENT:
COURSE TITLE:
COURSE CODE:
NAME:
REGISTRATION NUMBER:
YEAR OF STUDY:
TUTOR:
FACULTY:
DEPARTMENT:
COURSE TITLE:
COURSE CODE:
NAME:
REGISTRATION NUMBER:
YEAR OF STUDY:
TUTOR:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of contents.
1 introduction……………………………………………………………………….1.0
2 TLS server…………………………………………………………………………..2.0
2.1 steps for establishing the connection…………………………….2.1
3 SSL client……………………………………………………………………………..3.0
3.1 Authentication………………………………………………………………..3.1
3.2 code………………………………………………………………………………..3.2
4 how to execute a TLS/SSL handshake program…………………….4.0
1 introduction……………………………………………………………………….1.0
2 TLS server…………………………………………………………………………..2.0
2.1 steps for establishing the connection…………………………….2.1
3 SSL client……………………………………………………………………………..3.0
3.1 Authentication………………………………………………………………..3.1
3.2 code………………………………………………………………………………..3.2
4 how to execute a TLS/SSL handshake program…………………….4.0
TLS/SSL HANDSHAKE WITH RSA AND DHE.
1 Introduction
Brabson,2011 found out that handshake is an authentication program between these two protocols
which acknowledges the communication between them. In this communication there are sockets for
both the client and the server, a server is made from the available two choices, either TLS or SSL but in
this project TLS is the server while SSL is the client and the communication uses RSA and DHE. Using RSA
and DHE the communication is very secure between the client and the server. RSA is an encryption
algorithm which does not necessarily need to exchange secret keys separately. It is used for both public
key encryption and digital signatures. The security of RSA encryption is almost guaranteed thus making it
very popular.
2 TLS server.
Creating the TLS server, Oppliger,2016, writes that firstly an open ssl is needed, so the ssl is created as
the first step in the making of the server, this is done by initializing the int_openssl () function then load
the strings that are used for error messages. After creation of the server, an SSL_CTX also called the SSL
context is then created. This is achieved by use of the SSLv23_server method and the context configured
therein. To do this configuration a function SSL_CTX_set_ecdh_auto tells the openssl() to handle the
elliptic curves. This is followed by specification of the certificates and the private keys.
From creating the openssl and the whole procedure there comes normal socket programming which
now handles the actual communication. SSL structure is created to hold the information which pertains
the connection. Using the SSL_set_fd to communicate to the openssl() the kind of file descriptor to be
used.
2.1 Steps for establishing the connection.
1. The client sends a " hello" message to the server, alongside the random value for the client and
reinforced cipher suites.
2. The server replies by sending a " hello too" to the client, alongside the random value for the
server.
3. The server sends its certificate to the client for substantiation and requests a certificate from the
client though not very necessary
4. If the server had requested for a certificate from the client, the client sends it to the server.
1 Introduction
Brabson,2011 found out that handshake is an authentication program between these two protocols
which acknowledges the communication between them. In this communication there are sockets for
both the client and the server, a server is made from the available two choices, either TLS or SSL but in
this project TLS is the server while SSL is the client and the communication uses RSA and DHE. Using RSA
and DHE the communication is very secure between the client and the server. RSA is an encryption
algorithm which does not necessarily need to exchange secret keys separately. It is used for both public
key encryption and digital signatures. The security of RSA encryption is almost guaranteed thus making it
very popular.
2 TLS server.
Creating the TLS server, Oppliger,2016, writes that firstly an open ssl is needed, so the ssl is created as
the first step in the making of the server, this is done by initializing the int_openssl () function then load
the strings that are used for error messages. After creation of the server, an SSL_CTX also called the SSL
context is then created. This is achieved by use of the SSLv23_server method and the context configured
therein. To do this configuration a function SSL_CTX_set_ecdh_auto tells the openssl() to handle the
elliptic curves. This is followed by specification of the certificates and the private keys.
From creating the openssl and the whole procedure there comes normal socket programming which
now handles the actual communication. SSL structure is created to hold the information which pertains
the connection. Using the SSL_set_fd to communicate to the openssl() the kind of file descriptor to be
used.
2.1 Steps for establishing the connection.
1. The client sends a " hello" message to the server, alongside the random value for the client and
reinforced cipher suites.
2. The server replies by sending a " hello too" to the client, alongside the random value for the
server.
3. The server sends its certificate to the client for substantiation and requests a certificate from the
client though not very necessary
4. If the server had requested for a certificate from the client, the client sends it to the server.
5. The client then generates a random Pre-Master Secret and then encrypts it with the public key
emanating from the server's certificate, then sends the encrypted Pre-Master Secret to the
server.
6. The server accepts the Pre-Master Secret. The server and client each of them generates the
Master Secret and session key basing on the Pre-Master Secret.
7. The client sends "Alter cipher specification" notice to server to designate that the client will now
or sooner flinch using the new session key for hashing and even encrypting messages. Client also
sends "Client is done" message. For acknowledgement, now when all these steps are executed
successfully, a TLS/SSL handshake is said to have occurred.
8. Server accepts "Changes cipher specifications" and switches its handshake layer security state
to symmetrical encryption by use of the session keys. Server relays "Server complete"
notification to the client.
9. Client and server can therein exchange application data over the secured communication
channel that has been established. All messages and notifications sent from client to server and
from server to client are encrypted by use of session key thus very safe even in the
communication channel. Basically it is an end to end encrypted kind of channel between the
server side and the client side. Below is a conceptualized overview of the handshake concept.
emanating from the server's certificate, then sends the encrypted Pre-Master Secret to the
server.
6. The server accepts the Pre-Master Secret. The server and client each of them generates the
Master Secret and session key basing on the Pre-Master Secret.
7. The client sends "Alter cipher specification" notice to server to designate that the client will now
or sooner flinch using the new session key for hashing and even encrypting messages. Client also
sends "Client is done" message. For acknowledgement, now when all these steps are executed
successfully, a TLS/SSL handshake is said to have occurred.
8. Server accepts "Changes cipher specifications" and switches its handshake layer security state
to symmetrical encryption by use of the session keys. Server relays "Server complete"
notification to the client.
9. Client and server can therein exchange application data over the secured communication
channel that has been established. All messages and notifications sent from client to server and
from server to client are encrypted by use of session key thus very safe even in the
communication channel. Basically it is an end to end encrypted kind of channel between the
server side and the client side. Below is a conceptualized overview of the handshake concept.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SSL client.
The TLS/SSL protocol provides for a possibility of a secure communication over the internet, the two
have got two layers over which they communicate, record protocol and handshake over TCP/IP.
Retrieved from http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt.
Other files are assistant files in c++ which makes serve-client communication possible but important in
the completion of the program.
3.1 Authentication.
In TLS/SSL communication the server has to prove its authenticity as well as the client for the
communication be successful, this uses the private/public key pairs. The server and the client exchange
random numbers and a unique number known as the Pre-master secret. The numbers are pooled with
extra data authorizing client and server to create the shared secret, termed the Master Secret. The
Master Secret is used by client and server to produce the write MAC secret; the session key used
in hashing, and the write key, the session used for encryption.
The TLS/SSL protocol provides for a possibility of a secure communication over the internet, the two
have got two layers over which they communicate, record protocol and handshake over TCP/IP.
Retrieved from http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt.
Other files are assistant files in c++ which makes serve-client communication possible but important in
the completion of the program.
3.1 Authentication.
In TLS/SSL communication the server has to prove its authenticity as well as the client for the
communication be successful, this uses the private/public key pairs. The server and the client exchange
random numbers and a unique number known as the Pre-master secret. The numbers are pooled with
extra data authorizing client and server to create the shared secret, termed the Master Secret. The
Master Secret is used by client and server to produce the write MAC secret; the session key used
in hashing, and the write key, the session used for encryption.
3.2 code.
Below are the codes for the TLS/SSL handshake:
Server:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <pthread.h>
#include <string>
#include <fstream>
#include <iostream>
#include "ssl_server.h"
using namespace std;
#define NUM_THREADS 2
void* handle_client(void* args) {
SSL* ssl_cxn = (SSL*)args;
if ( ssl_cxn != NULL ) {
string recv_msg;
int code = ssl_cxn->recv(&recv_msg);
printf("s: received '%s'%d\n", recv_msg.c_str(), code);
}
Below are the codes for the TLS/SSL handshake:
Server:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <pthread.h>
#include <string>
#include <fstream>
#include <iostream>
#include "ssl_server.h"
using namespace std;
#define NUM_THREADS 2
void* handle_client(void* args) {
SSL* ssl_cxn = (SSL*)args;
if ( ssl_cxn != NULL ) {
string recv_msg;
int code = ssl_cxn->recv(&recv_msg);
printf("s: received '%s'%d\n", recv_msg.c_str(), code);
}
pthread_exit(NULL);
}
int main() {
SslServer *s = new SslServer();
if ( s->start() != 0 ) {
cout << "s: couldn't start server" << endl;
return 1;
}
// cout << "a" << endl;
string hostname = s->get_hostname();
int port = s->get_port();
cout << "s: started on " << hostname << " " << port << endl;
ofstream addrfile;
addrfile.open("address.txt");
addrfile << hostname << endl << port << endl;
addrfile.close();
// cout << "b" << endl;
pthread_t threads[NUM_THREADS];
for( int i = 0 ; i < NUM_THREADS ; i += 1 ) {
SSL* client = s->accept();
if ( client == NULL ) {
cerr << "Error: couldn't accept" << endl;
}
int main() {
SslServer *s = new SslServer();
if ( s->start() != 0 ) {
cout << "s: couldn't start server" << endl;
return 1;
}
// cout << "a" << endl;
string hostname = s->get_hostname();
int port = s->get_port();
cout << "s: started on " << hostname << " " << port << endl;
ofstream addrfile;
addrfile.open("address.txt");
addrfile << hostname << endl << port << endl;
addrfile.close();
// cout << "b" << endl;
pthread_t threads[NUM_THREADS];
for( int i = 0 ; i < NUM_THREADS ; i += 1 ) {
SSL* client = s->accept();
if ( client == NULL ) {
cerr << "Error: couldn't accept" << endl;
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
exit(1);
}
cout << "s: accepted " << i+1 << " client(s)" << endl;
int retcode;
retcode = pthread_create(&threads[i], NULL, handle_client, (void *)client);
if ( retcode != 0 ) {
perror("Error: can't create thread.\n");
exit(1);
}
}
// cout << "c" << endl;
void* status;
for( int i = 0 ; i < NUM_THREADS ; i += 1 ) {
int retcode;
retcode = pthread_join(threads[i], &status);
if (retcode){
cerr << "Error:unable to join," << retcode << endl;
exit(1);
}
// cout << "Main: completed thread id :" << i ;
// cout << " exiting with status :" << status << endl;
}
cout << "s: broadcasting " << endl;
}
cout << "s: accepted " << i+1 << " client(s)" << endl;
int retcode;
retcode = pthread_create(&threads[i], NULL, handle_client, (void *)client);
if ( retcode != 0 ) {
perror("Error: can't create thread.\n");
exit(1);
}
}
// cout << "c" << endl;
void* status;
for( int i = 0 ; i < NUM_THREADS ; i += 1 ) {
int retcode;
retcode = pthread_join(threads[i], &status);
if (retcode){
cerr << "Error:unable to join," << retcode << endl;
exit(1);
}
// cout << "Main: completed thread id :" << i ;
// cout << " exiting with status :" << status << endl;
}
cout << "s: broadcasting " << endl;
if ( s->broadcast("Server says \"HELLO ALL\"") < 0 ) {
cerr << "Error: couldn't broadcast" << endl;
exit(1);
}
cout << "s: shutting down " << endl;
if ( s->shutdown() != 0 ) {
cerr << "Error: couldn't shut down" << endl;
exit(1);
}
cout << "s: free-ing " << endl;
sleep(2);
delete s;
cout << "s: exiting " << endl;
return 0;
}
Server side:
#include "ssl_server.h"
#include <stdlib.h>
#include <string.h>
cerr << "Error: couldn't broadcast" << endl;
exit(1);
}
cout << "s: shutting down " << endl;
if ( s->shutdown() != 0 ) {
cerr << "Error: couldn't shut down" << endl;
exit(1);
}
cout << "s: free-ing " << endl;
sleep(2);
delete s;
cout << "s: exiting " << endl;
return 0;
}
Server side:
#include "ssl_server.h"
#include <stdlib.h>
#include <string.h>
#include <iostream>
#include <sstream>
#include "dh.h"
#include "integer.h"
#include "osrng.h"
#include "crypto_adaptor.h"
#include "tcp.h"
#include "logger.h"
#include "utils.h"
using namespace std;
SslServer::SslServer() {
string datetime;
if ( get_datetime(&datetime, "%Y%m%d-%H%M%S") != 0 ) {
exit(1);
}
this->logger_ = new Logger(("ssl_server_"+datetime+".log"));
this->tcp_->set_logger(this->logger_);
get_datetime(&datetime, "%Y/%m/%d %H:%M:%S");
this->logger_->log("Server Log at " + datetime);
this->closed_ = false;
// init dhe
generate_pqg(this->dh_p_, this->dh_q_, this->dh_g_);
#include <sstream>
#include "dh.h"
#include "integer.h"
#include "osrng.h"
#include "crypto_adaptor.h"
#include "tcp.h"
#include "logger.h"
#include "utils.h"
using namespace std;
SslServer::SslServer() {
string datetime;
if ( get_datetime(&datetime, "%Y%m%d-%H%M%S") != 0 ) {
exit(1);
}
this->logger_ = new Logger(("ssl_server_"+datetime+".log"));
this->tcp_->set_logger(this->logger_);
get_datetime(&datetime, "%Y/%m/%d %H:%M:%S");
this->logger_->log("Server Log at " + datetime);
this->closed_ = false;
// init dhe
generate_pqg(this->dh_p_, this->dh_q_, this->dh_g_);
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
// init rsa
generate_rsa_keys(this->private_key_, this->public_key_);
}
SslServer::~SslServer() {
if ( !this->closed_ ) {
this->shutdown();
}
delete this->logger_;
}
int SslServer::start(int num_clients) {
if ( this->closed_ ) {
return -1;
}
return this->tcp_->socket_listen(num_clients);
}
SSL* SslServer::accept() {
if ( this->closed_ ) {
return NULL;
}
TCP* cxn = this->tcp_->socket_accept();
if ( cxn == NULL ) {
cerr << "error when accepting" << endl;
generate_rsa_keys(this->private_key_, this->public_key_);
}
SslServer::~SslServer() {
if ( !this->closed_ ) {
this->shutdown();
}
delete this->logger_;
}
int SslServer::start(int num_clients) {
if ( this->closed_ ) {
return -1;
}
return this->tcp_->socket_listen(num_clients);
}
SSL* SslServer::accept() {
if ( this->closed_ ) {
return NULL;
}
TCP* cxn = this->tcp_->socket_accept();
if ( cxn == NULL ) {
cerr << "error when accepting" << endl;
return NULL;
}
cxn->set_logger(this->logger_);
SSL* new_ssl_cxn = new SSL(cxn);
this->clients_.push_back(new_ssl_cxn);
// IMPLEMENT HANDSHAKE HERE
return NULL;
}
int SslServer::shutdown() {
if ( this->closed_ ) {
return -1;
}
// pop all clients
while ( !this->clients_.empty() ) {
SSL* cxn = this->clients_.back();
this->clients_.pop_back();
if ( cxn != NULL ) {
delete cxn;
}
}
return 0;
}
}
cxn->set_logger(this->logger_);
SSL* new_ssl_cxn = new SSL(cxn);
this->clients_.push_back(new_ssl_cxn);
// IMPLEMENT HANDSHAKE HERE
return NULL;
}
int SslServer::shutdown() {
if ( this->closed_ ) {
return -1;
}
// pop all clients
while ( !this->clients_.empty() ) {
SSL* cxn = this->clients_.back();
this->clients_.pop_back();
if ( cxn != NULL ) {
delete cxn;
}
}
return 0;
}
vector<SSL*> SslServer::get_clients() const {
return vector<SSL*>(this->clients_);
}
int SslServer::broadcast(const string &msg) {
if ( this->closed_ ) {
return -1;
}
int num_sent = 0;
// this->logger_->log("broadcast:");
// this->logger_->log_raw(msg);
for ( vector<SSL*>::iterator it = this->clients_.begin() ;
it != this->clients_.end() ; ++it ) {
ssize_t send_len;
send_len = (*it)->send(msg);
if ( send_len == (unsigned int)msg.length() ) {
num_sent += 1;
}
}
return num_sent;
}
4 How to Execute handshake program.
To execute the program, a c++ terminal running software must be installed in this case minGW is used
but Cygwin can as well be used. Also the path for minGW or Cygwin has to be specified well during the
installation of c++ development software, netbeans or code blocks, this is important and otherwise the
program will not be executed and if executes it will be with errors not to the desired requirements.
return vector<SSL*>(this->clients_);
}
int SslServer::broadcast(const string &msg) {
if ( this->closed_ ) {
return -1;
}
int num_sent = 0;
// this->logger_->log("broadcast:");
// this->logger_->log_raw(msg);
for ( vector<SSL*>::iterator it = this->clients_.begin() ;
it != this->clients_.end() ; ++it ) {
ssize_t send_len;
send_len = (*it)->send(msg);
if ( send_len == (unsigned int)msg.length() ) {
num_sent += 1;
}
}
return num_sent;
}
4 How to Execute handshake program.
To execute the program, a c++ terminal running software must be installed in this case minGW is used
but Cygwin can as well be used. Also the path for minGW or Cygwin has to be specified well during the
installation of c++ development software, netbeans or code blocks, this is important and otherwise the
program will not be executed and if executes it will be with errors not to the desired requirements.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
In the event of fatal errors in the compiler such as sys.h not found or the directory does not exist,
Just make that header file if it is netbeans, click on the left-most + sign at the top.
In the event or error: fatal error: no input files found, ensure all the project files are in one directory or
add the files in the execute command path(for windows).
Just make that header file if it is netbeans, click on the left-most + sign at the top.
In the event or error: fatal error: no input files found, ensure all the project files are in one directory or
add the files in the execute command path(for windows).
References:
Brabson, R. F. (2011). U.S. Patent No. 8,086,846. Washington, DC: U.S. Patent and Trademark Office.
Oppliger, R. (2016). SSL and TLS: Theory and Practice. Artech House.
Brabson, R. F. (2011). U.S. Patent No. 8,086,846. Washington, DC: U.S. Patent and Trademark Office.
Oppliger, R. (2016). SSL and TLS: Theory and Practice. Artech House.
1 out of 16
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.