94 |
87 |
95 ClientCertKeyEx |
88 ClientCertKeyEx |
96 (*CLIENT CERTIFICATE and KEY EXCHANGE. M is the pre-master-secret. |
89 (*CLIENT CERTIFICATE and KEY EXCHANGE. M is the pre-master-secret. |
97 Note that A encrypts using the supplied KB, not pubK B.*) |
90 Note that A encrypts using the supplied KB, not pubK B.*) |
98 "[| evs: tls; A ~= B; Nonce M ~: used evs; |
91 "[| evs: tls; A ~= B; Nonce M ~: used evs; |
99 Says B' A {|Nonce NA, Nonce NB, Agent XB, |
92 Says B' A {|Nonce NA, Nonce NB, Agent XB, certificate B KB|} |
100 certificate B KB|} : set evs |] |
93 : set evs |] |
101 ==> Says A B {|certificate A (pubK A), |
94 ==> Says A B {|certificate A (pubK A), Crypt KB (Nonce M)|} |
102 Crypt KB (Nonce M)|} |
|
103 # evs : tls" |
95 # evs : tls" |
104 |
96 |
105 CertVerify |
97 CertVerify |
106 (*The optional CERTIFICATE VERIFY message contains the specific |
98 (*The optional CERTIFICATE VERIFY message contains the specific |
107 components listed in the security analysis, Appendix F.1.1.2. |
99 components listed in the security analysis, Appendix F.1.1.2; |
108 By checking the signature, B is assured of A's existence: |
100 it also contains the pre-master-secret. Checking the signature, |
109 the only use of A's certificate.*) |
101 which is the only use of A's certificate, assures B of A's presence*) |
110 "[| evs: tls; A ~= B; |
102 "[| evs: tls; A ~= B; |
111 Says B' A {|Nonce NA, Nonce NB, Agent XB, |
103 Says B' A {|Nonce NA, Nonce NB, Agent XB, certificate B KB|} |
112 certificate B KB|} : set evs |] |
104 : set evs; |
|
105 Says A B {|certificate A (pubK A), Crypt KB (Nonce M)|} |
|
106 : set evs |] |
113 ==> Says A B (Crypt (priK A) |
107 ==> Says A B (Crypt (priK A) |
114 (Hash{|Nonce NB, |
108 (Hash{|Nonce NB, certificate B KB, Nonce M|})) |
115 certificate B KB|})) |
|
116 # evs : tls" |
109 # evs : tls" |
117 |
110 |
118 (*Finally come the FINISHED messages, confirming XA and XB among |
111 (*Finally come the FINISHED messages, confirming XA and XB among |
119 other things. The master-secret is the hash of NA, NB and M. |
112 other things. The master-secret is the hash of NA, NB and M. |
120 Either party may sent its message first.*) |
113 Either party may sent its message first.*) |
121 |
114 |
122 ClientFinished |
115 ClientFinished |
123 "[| evs: tls; A ~= B; |
116 "[| evs: tls; A ~= B; |
124 Says A B {|Agent A, Nonce NA, Agent XA|} : set evs; |
117 Says A B {|Agent A, Nonce NA, Agent XA|} : set evs; |
125 Says B' A {|Nonce NA, Nonce NB, Agent XB, |
118 Says B' A {|Nonce NA, Nonce NB, Agent XB, certificate B KB|} |
126 certificate B KB|} : set evs; |
119 : set evs; |
127 Says A B {|certificate A (pubK A), |
120 Says A B {|certificate A (pubK A), Crypt KB (Nonce M)|} |
128 Crypt KB (Nonce M)|} : set evs |] |
121 : set evs |] |
129 ==> Says A B (Crypt (clientK(NA,NB,M)) |
122 ==> Says A B (Crypt (clientK(NA,NB,M)) |
130 (Hash{|Hash{|Nonce NA, Nonce NB, Nonce M|}, |
123 (Hash{|Hash{|Nonce NA, Nonce NB, Nonce M|}, |
131 Nonce NA, Agent XA, |
124 Nonce NA, Agent XA, |
132 certificate A (pubK A), |
125 certificate A (pubK A), |
133 Nonce NB, Agent XB, Agent B|})) |
126 Nonce NB, Agent XB, Agent B|})) |