[TLS] About the key block generation for different ciphers.
nilesh <nilesh.tayade@netscout.com> Tue, 04 October 2011 11:35 UTC
Return-Path: <Nilesh.Tayade@netscout.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9182D21F8CB0 for <tls@ietfa.amsl.com>; Tue, 4 Oct 2011 04:35:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzfG-KhWAGpE for <tls@ietfa.amsl.com>; Tue, 4 Oct 2011 04:35:42 -0700 (PDT)
Received: from exprod6ob111.obsmtp.com (exprod6ob111.obsmtp.com [64.18.1.26]) by ietfa.amsl.com (Postfix) with SMTP id EF23921F8CAE for <tls@ietf.org>; Tue, 4 Oct 2011 04:35:41 -0700 (PDT)
Received: from nsmailfe2k3.netscout.com ([12.187.89.175]) (using TLSv1) by exprod6ob111.postini.com ([64.18.5.12]) with SMTP; Tue, 04 Oct 2011 04:38:46 PDT
Received: from nsmail.netscout.com ([192.168.39.90]) by nsmailfe2k3.netscout.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 4 Oct 2011 07:38:38 -0400
Received: from [172.16.32.29] ([172.16.32.29]) by nsmail.netscout.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 4 Oct 2011 07:38:38 -0400
Message-ID: <4E8AF03D.2080702@netscout.com>
Date: Tue, 04 Oct 2011 17:08:37 +0530
From: nilesh <nilesh.tayade@netscout.com>
Organization: NetScout
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Thunderbird/3.1.13
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 04 Oct 2011 11:38:38.0273 (UTC) FILETIME=[28749B10:01CC828A]
X-TM-AS-Product-Ver: SMEX-10.0.0.4152-6.800.1017-18424.004
X-TM-AS-Result: No--2.483500-8.000000-31
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No
Subject: [TLS] About the key block generation for different ciphers.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2011 11:35:42 -0000
Hi, In case of SSL/TLS we generate the master_secret and then the key_block. The size of the key block depends upon the cipher suit that is negotiated. Do we have any reference where I can understand the fields in key_block? E.g. I could identify that For AES_256_CBC_SHA we need - 2 * 32 bytes of keys and 2 * 20 bytes of MAC. For 3DES_EDE_CBC_SHA we need - 2 * 24bytes of keys, 2 * 20bytes of MAC and 2 * 8bytes of IV. So based on the above information I can generate 104bytes of key_block for these ciphers and extract the required keys. So for AES_256_CBC_SHA- key_block[0..19] - MAC for client, key_block[20..39] - MAC for server. key_block[40..71] - client write key and key_block[72..104] - server write key. Could someone please advice any reference on how to get the key_block details for a give cipher suit? -- Thanks, Nilesh