Category: Updating TLS secrets
Updating TLS secrets – Secrets and Keys in TLS 1.3
12.4 Updating TLS secrets At any time after a successful handshake, Alice and Bob can update their application traffic keys using the KeyUpdate message. They accomplish this by first deriving new secrets server˙application˙traffic˙secret˙N+1 and client˙application˙traffic˙secret˙N+1 using the HKDF-Expand-Label function HEL as shown in Figure 12.13. After that, new application traffic keys are computed using a…
Read MoreServerHello – Secrets and Keys in TLS 1.3
12.6.3 ServerHello Upon receiving a ClientHello message from Bob, Alice responds with the ServerHello message to continue the TLS handshake – if Alice is able to select a feasible set of cryptographic parameters based on the choices offered by Bob in his ClientHello message. The structure of ServerHello is shown in Listing 12.3. Listing 12.3:…
Read MoreFinished message – TLS Handshake Protocol Revisited
13.3 Finished message Bob’s Finished is the final message in the TLS handshake protocol. This message authenticates the handshake as well as the secret shared keys that Alice and Bob agreed upon. Both Alice and Bob (when he receives Alice’s Finished message while in state WF ) verify the correctness of this message’s contents and…
Read MoreOpenSSL s_client – TLS Handshake Protocol Revisited
13.6 OpenSSL s_client OpenSSL is an open source project implementing the OpenSSL software, a commercial-grade, feature-rich toolkit for cryptography and TLS [137]. OpenSSL’s technical decision making is governed by the OpenSSL Technical Committee (OTC) and the software is published under an Apache-style license, making it suitable for both non-commercial and commercial purposes. At the time…
Read MoreTLS experiments with openssl-s_client – TLS Handshake Protocol Revisited
13.6.3 TLS experiments with openssl-s_client So, what kind of experiments can we do using openssl-s˙client to better understand how TLS works under the hood? Well, we could start by looking into the protocol messages of an actual TLS session. As an example, we could perform a TLS handshake with the Packt web server: # openssl…
Read MoreThe big picture – Block Ciphers and Their Modes of Operation
14.1 The big picture In the last part of the book, we covered in detail the TLS Handshake protocol and the cryptography needed to implement the main security objectives of the TLS Handshake protocol, namely entity authentication and key agreement. For the latter of these goals, public-key cryptography was needed, for the former, we used…
Read MorePseudorandom permutations – Block Ciphers and Their Modes of Operation
14.2.4 Pseudorandom permutations Simply put, a permutation is a function that rearranges the order of elements in a set. A random permutation is a permutation that is randomly chosen from all possible permutations for a given set. A pseudorandom permutation looks like a random permutation to any polynomial-time observer, but is actually a deterministic algorithm.…
Read MoreConstants in cryptographic algorithms – Block Ciphers and Their Modes of Operation
14.2.6 Constants in cryptographic algorithms Specifications of cryptographic algorithms often contain constants. As an example, the SHA-2 family of hash functions specified in the FIPS 180-4 standard must set the initial hash value H(0) before the computation of the SHA algorithm begins. The initial hash value for the SHA-224 function is composed of these eight…
Read MoreOverall structure – Block Ciphers and Their Modes of Operation
14.3.1 Overall structure AES has a fixed block length of 128 bits and, as required by the initial call for algorithms, a flexible key length of 128, 192, or 256 bits. AES is a substitution-permutation network consisting of 10, 12, or 14 rounds, depending on the key length. The 128 plaintext bits are arranged in…
Read MoreKey scheduling – Block Ciphers and Their Modes of Operation
14.3.3 Key scheduling As a round key is added to the 128-bit plaintext block before the first encryption round and at the end of each encryption round, the AES key k needs to be expanded into r + 1 different round keys ki, where each round key has 128 bits and r ∈{10,12,14}. Suppose k…
Read More