A Usable, Secure Communications Protocol: Client-Side TLS - Implementing SSL/TLS Using Cryptography and PKI

Cryptography Reference

In-Depth Information

You can reproduce the master secret with this information:

[jdavies@localhost ssl]$ ./prf \

0x030102030405060708090a0b0c0d0e0f101112131415161718\

191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f “master secret” \

0x4c4f193f00000000000000000000000000000000000000000000000000000000\

4c4f193fe58513ecbaf3966b6ab96fbfbee41052ae1b643c93174f38a6548e53 48

2dee06e1ba5e41722dd1c24286ae5a0cfbd89b38bd4688fa

fb97c3dc05a2647be55490ba733406807df8023ae75d0a0a

The master secret is always exactly 48 bytes long.

The master secret itself isn't used for key material; instead, it's used as a seed

into the PRF again. The PRF also needs to know how many bytes to generate in

order to determine how many times to iterate. How many bytes are needed for

the selected cipher suite? AES-128 uses 16-byte keys, and a 16-byte block size, so

you need 32 bytes of keying material and 32 bytes of IV — one of each for each

side of the conversation. SHA-1 uses a 20-byte MAC key, so you need 40 bytes

of MAC secret; this works out to 104 bytes of keying material.

You can reproduce the keys by running the PRF algorithm with this input:

[jdavies@localhost ssl]$ ./prf \

0x2dee06e1ba5e41722dd1c24286ae5a0cfbd89b38bd4688\

fafb97c3dc05a2647be55490ba733406807df8023ae75d0a0a “key expansion” \

0x4c4f193fe58513ecbaf3966b6ab96fbfbee41052ae1b643c93174f38a6548e\

534c4f193f00000000000000000000000000000000000000000000000000000000 104

3a1ee25b3fa7efb9a2c8f112de47c3276917a2bbb0f81a9a389dbc82c3fc2a073e97aa31087f312

96dbb1276d318c6551ef8245888420cf4c2a545f7a8515c42c367599cdd52cf6ef6bb0cc22615db

9c0d93ad3c21d2f58ed18324dbfb7645103f191455421cceca

Notice that the seed in this case is the server random, followed by the client

random, whereas for the master secret expansion, it was the other way around.

If you overlook this fact, you will end up tearing your hair out for days trying

to fi gure out why your code isn't working. (Don't ask me how I know).

The key material block starts with the MAC secrets, then the keys, then the

initialization vectors, so this works out to what is shown in Table 6-1.

Table 6-1: The Key Material Block

PURPOSE

CLIENT/WRITE

SERVER/READ

MAC secret

3a1ee25b3fa7efb9a2c8f112de

47c3276917a2bb

b0f81a9a389dbc82c3f

c2a073e97aa31087f3129

Encryption Key

6dbb1276d318c6551e

f8245888420cf4

c2a545f7a8515c42c367599cd

d52cf6e

Initialization

Vector

f6bb0cc22615db9c

0d93ad3c21d2f58e

d18324dbfb7645103f

191455421cceca

Implementing SSL/TLS Using Cryptography and PKI

Search WWH ::

Custom Search

Home