0

Am trying to understand the phase where the symmetric key is getting generating. From what I am understanding Diffie-Hellman is used to derive the symmetric key in TLS1.3

I am reading this tls explanation and so many keys are derived

Is the shared secret the symmetric key and from it, we can generate the following keys?

early_secret= HKDF-Extract( salt=00,  key=00...)
empty_hash= SHA256("")
derived_secret= HKDF-Expand-Label(key = early_secret,  label = "derived",  context = empty_hash, len = 32)
handshake_secret= HKDF-Extract(salt = derived_secret, key = shared_secret)
client_handshake_traffic_secret= HKDF-Expand-Label(key = handshake_secret, label = "c hs traffic", context = hello_hash, len = 32)
server_handshake_traffic_secret= HKDF-Expand-Label(key = handshake_secret, label = "s hs traffic", context = hello_hash,len = 32)
client_handshake_key=HKDF-Expand-Label(key= client_handshake_traffic_secret, label = "key", context = "", len = 16)
server_handshake_key=HKDF-Expand-Label(key=server_handshake_traffic_secret, label = "key", context = "",  len = 16)
client_handshake_iv= HKDF-Expand-Label( key = client_handshake_traffic_secret,  label = "iv",  context = "", len = 12)
server_handshake_iv=HKDF-Expand-Label(key= server_handshake_traffic_secret,  label = "iv", context = "", len = 12)

So which is the symmetric key that inserts as input in AEAD?

Z.T.
  • 7,768
  • 1
  • 20
  • 35
loutsi1
  • 41
  • 7
  • The value called key and iv for the client are the input to the AEAD the client uses to write (and server uses to read), and the values called key and iv for the server are the inputs to the AEAD the server uses to write and the client uses to read. – Z.T. Jan 29 '21 at 14:39
  • @ Z.T. thanks I was thought that was the shared_secret that get into the symmetric cipher and then into AEAD? Also, the link above generates application keys. Where are they using? Last here https://dev.to/techschoolguru/a-complete-overview-of-ssl-tls-and-its-cryptographic-system-36pd they use a nonce value into the symmetric algorithm and AEAD? Can I use the nonce value instead of IV key? – loutsi1 Jan 29 '21 at 14:48
  • Why do you you so adamantly refuse to read the RFCs? Every effort is made so you could read them. Do you have a language barrier problem? Symmetric primitives use a value, called IV or nonce, and they specify the requirements for it and its size (there are differences which cause the change in term). Things like TLS that use symmetric primitives and have used CBC with IV in the 90s and now use AEAD with nonce maybe have not updated the terminology, but they spell out what to do. What are "application keys"? Is that a term from the RFC? – Z.T. Jan 29 '21 at 14:56
  • I have a meta-question. You have asked a lot of questions about TLS recently. It seems you are trying to figure out how it works, as if you are trying to build an implementation, or maybe just verify one. But your questions do not demonstrate enough familiarity with the basics of the cryptographic primitives and cryptographic protocols (the way primitives are combined safely) for anyone to trust you to do anything correctly by yourself. What are you trying to achieve? Why? Why are you not doing the most straightforward thing, read the RFCs and the open source implementations? – Z.T. Jan 29 '21 at 15:01
  • @Z.T."anyone to trust you to do anything correctly by yourself". You have the right to not answer any question here but you can not tell anyone those things. I think that you offend me here Mr. Let's close all the security forum and lets just read the rfcs – loutsi1 Jan 29 '21 at 15:16
  • security.SE has enough answers for "how does TLS work?". We don't need to turn every paragraph in the RFC into a question of the form "what does the RFC say about X" with an answer that just rephrases the RFC. There are plenty of good questions that are not just "what does the RFC say about X", for example "why does the RFC say X?" or "how to solve this real world problem?". On all platforms that allow user submitted questions (even forums), the questions for which the answers are easily googleable are a waste of time. – Z.T. Jan 29 '21 at 15:34
  • Security is a little special in that for most software, "it works" might be enough to ship it. "It is robust to cat on keyboard" is an actually a pretty high bar in the real world. "interoperable between dozens of implementations that did not coordinate with each other" is a very high bar. But for real security software, the bar is even higher - "will withstand effort to break it by national intelligence agencies". This is ridiculously hard. So there are a bunch of things to learn. They are all learnable. But maybe not very quickly. And the way it is learned is by reading prose (and code). – Z.T. Jan 29 '21 at 15:40
  • @ Z.T. I do not agree with you. Speak with the moderators if you have suggestions about how the forums should work or begins yours. Please do not add any other comments to my questions. – loutsi1 Jan 29 '21 at 15:41

0 Answers0