http://www.tech-invite.com SSL Time-Diagram Second Variant: Generation of an Ephemeral Diffie-Hellman Key This document provides a detailed description of the sequence of first exchanges between an SSL and an SSL. This is the second variant to the main scenario described in another document. It reflects the providing of the PFS (perfect forward secrecy) service via the generation of an ephemeral Diffie- Hellman key for calculating the pre-master key. The type of encryption algorithm used is "block cipher" in CBC mode, with this scenario. V1.0 March 2, 2005 7 pages
Summary of Exchanges Connect Hello Key Exchange Hello Certificate Key Exchange Hello Done
(1) Ephemeral Diffie-Hellman Connection HTTP HTTP 'https://...' Connect port #443 Connect
(2) Ephemeral Diffie-Hellman Hello Hello (1) Protocol Version : 3.0 Random : CHr Session ID : null List of Cipher Suites : Key Encrypt Hash exch. algorithm algor. ------- ------------ ------- DHE_RSA 3DES SHA DHE_RSA DES SHA Compression Method : null content Hello (1)
(3) Ephemeral Diffie-Hellman Hello & Key Exchange Hello (2) Protocol Version : 3.0 Random : SHr Session ID : ses_id Cipher Suite: DHE_RSA / 3DES / SHA Compression Method : null Hello (2) - Cipher Spec MAC algorithm : SHA Encryption algorithm : 3DES content DHParams = dh_p + dh_g + dh_ys dh_p : prime modulus dh_g : generator dh_ys : server's DH public value (g dh_xs mod p) md5_hash= MD5(CHr + SHr + DHParams ) sha_hash = SHA (CHr + SHr + DHParams ) Signature = E RSA KRs (md5_hash + sha_hash ) - Cipher Spec MAC algorithm : SHA Encryption algorithm : 3DES Certificate (11) List of Certificates: Certificate (KUs) Issuer Certificate(s) KeyExchange (12) DHParams Signature HelloDone (14) (2) + (11) + (12) + (14)
(4) Ephemeral Diffie-Hellman Authentication of Temporary RSA Key Certificate (11) Validate 's Certificate: KUs - Cipher Spec MAC algorithm : SHA Encryption algorithm : 3DES - Peer Certificate : KUs KeyExchange (12) Check DHParams signature with KUs HelloDone (14)
(5) Ephemeral Diffie-Hellman Generation of PreMasterKey Select DH private value: dh_xc Calculate DH public value: dh_yc = dh_g dh_xc mod dh_p KeyExchange (16) dh_yc KeyExchange (16) pms = dh_ys dh_xc mod dh_p pms = dh_yc dh_xs mod dh_p - Cipher Spec algorithms MAC : SHA Encryption : 3DES - Peer Certificate : KUs - Master Secret : MS - MAC secret Write : cwm Write : swm - Bulk Encryption Key Write : cwk Write : swk - Initialization Vector IV : civ IV : siv To produce the 48-byte master secret, the pre-master secret is hashed with the server-random and client-random numbers and the "mixers": MS =MD5 (pms + SHA('A' + pms + CHr + SHr)) + MD5 (pms + SHA('BB' + pms + CHr + SHr)) + MD5 (pms + SHA('CCC' + pms + CHr + SHr)); key_block = MD5 (MS + SHA('A' + MS + SHr + CHr)) + MD5 (MS + SHA('BB' + MS + SHr + CHr)) + MD5 (MS + SHA('CCC' + MS + SHr + CHr)) + [...]; until enough output has been generated Then the key_block is partitioned as follows: cwm [CipherSpec.hash_size] swm [CipherSpec.hash_size] cwk [CipherSpec.key_material] swk [CipherSPec.key_material] civ [CipherSpec.IV_size] siv [CipherSpec.IV_size] - Cipher Spec algorithms MAC : SHA Encryption : 3DES - Peer Certificate : KUs - Master Secret : MS - MAC secret Write : cwm Write : swm - Bulk Encryption Key Write : cwk Write : swk - Initialization Vector IV : civ IV : siv