0

I Have a confusion here. From what I know, in TLS1.2, the Client sends Client Hello and then the Server Sends a Server Hello, Certificate(with its public key) and Certificate chain, and then a Server Hello Done.

Then, the Client sends a Client Key exchange with a Pre-Master Secret encrypted with the public key of the server. Both, Client and Server have the Pre-Master Secret, they then generate the Master-Secret through PRF and then the Session keys(Client and Server write HMAC keys, Client and Server Write Encryption keys) again through PRF.

Then Client sends a Change Cipher Spec and then Client Finished message which contains the hash of all the previous handshake messages which is then fed into a PRF with the Master Key and "Client Finished" string literal to generate a Verification Data.

For example, lets say the Cipher Suite used is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.

Questions:

  1. Is SHA256 here used to generate the handshake hash from the previous handshake messages messages?

  2. I know that the Verification data is encrypted with the CLient Write Encryption key, but what about the Client Write HMAC key? Isnt that used to generate MAC of the verification data and that is what is encrypted to form Encryption data which is sent to the other side?

Basically, I want to know if CLient Write HMAC key or Server write HMAC key is involved with any of the handshake messages or Finished messages or it is just to generate MAC for the traffic data because I know that the Encryption key is used for the traffic as well as in the Finished message.

RRHS
  • 133
  • 7
  • 1
    " in TLS1.2 ... lets say the Cipher Suite used is TLS_AES_128_GCM_SHA256" - TLS_AES_128_GCM_SHA256 isn't a TLS 1.2 cipher but only available in TLS 1.3, so this does not match. "Pre-Master Secret encrypted with the public key of the server." - what you describe here is kind of RSA key exchange which is a) obsolete and b) not available in TLS 1.3 and thus also not available with the cipher you've chosen. – Steffen Ullrich Oct 25 '23 at 03:58
  • 1
    I have edited the cipher suite. Actually, the cipher suite was just an example to know if the hashing algorithm to generate the handshake hash is also exchanged in the Hello messages as part of the cipher suite. Also, could you please help me with the question 2? All these were actually meant to understand TLS1.2. – RRHS Oct 25 '23 at 05:02
  • 1
    Now you've chosen a cipher with ECDHE, which again contradicts what you write about "Pre-Master Secret encrypted with the public key of the server." (i.e. RSA key exchange). – Steffen Ullrich Oct 25 '23 at 05:31
  • I think OP is mixing with RSA, and ECDSA, and also RSA has issues with forward secrecy (using client public key to encrypt and send the secret to server)..this is corrected in TLS 1.3 with ECDHE way of calculating the private keys/session tokens that never be shared on the network – JBone Oct 30 '23 at 14:31

0 Answers0