Cryptography Reference
In-Depth Information
Client
Server
nonce
C
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
ServerHello
:TLS DHE sig cipher hash
ClientHello
:acceptable cipher suites
,
nonce
S
←−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
,
certificate
,
select TLS DHE sig cipher hash
))
←−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
ServerKeyExchange
:
p
,
g
,
g
x
mod
p
,
sig
(
hash
(
p
,
g
,
g
x
mod
p
select
p
,
g
, pick
x
ClientKeyExchange
:
g
y
mod
p
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
g
xy
mod
p
pick
y
pre master secret
=
Figure 12.12.
TLS key exchange using DHE DSS or DHE RSA.
his key and the selected authentication algorithm. The signed parameters are
sent in an additional
ServerKeyExchange
message which immediately
follows the
ServerHello
message. So the client can just take the signed
Diffie-Hellman parameters, check the signature by using the authenticated
public key from the certificate, pick his Diffie-Hellman public value
g
y
mod
p
, and send it to the server in the
ClientKeyExchange
message (see
Fig. 12.12).
DH anon: This is a particular case of the previous Diffie-Hellman protocols in
which the parameters are not authenticated. It does not require any certifi-
cate, but it is vulnerable to a man-in-the-middle attack. Like in the ephemeral
Diffie-Hellman algorithms, the server selects his chosen Diffie-Hellman pa-
rameters and public value (
p
g
x
mod
p
) and sends them in an additional
ServerKeyExchange
message. So the client can just take the Diffie-
Hellman parameters, pick his Diffie-Hellman public value
g
y
mod
p
, and
send it to the server in the
ClientKeyExchange
message (see Fig. 12.13).
,
g
,
12.3.7 Key Derivation
A hash algorithm
hash
defines a pseudorandom generator
P hash
. Given a secret
secret
and a seed
seed
, we define a sequence
P hash
(
secret
,
seed
)by
P hash
(
secret
,
seed
)
=
r
1
,
r
2
,
r
3
,...
where
r
i
=
,
a
i
,
seed
),
a
i
=
,
a
i
−
1
), and
a
0
=
HMAC
hash
(
secret
HMAC
hash
(
secret
seed
.
Client
Server
,
nonce
C
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
ServerHello
:TLS DH anon cipher hash
ClientHello
:acceptable cipher suites
,
nonce
S
←−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
select TLS DH anon cipher hash
ServerKeyExchange
:
p
,
g
,
g
x
mod
p
←−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
select
p
,
g
, pick
x
ClientKeyExchange
:
g
y
mod
p
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
g
xy
mod
p
pick
y
pre master secret
=
Figure 12.13.
TLS key exchange using DH anon.
Search WWH ::
Custom Search