I have a local server and I'm dissecting my server's input SSL/TLS packets captured by the NIC. As you know in TLS handshake process after the client hello message and server hello message(server hello + certificate + verification of certificate by client) are sent, the client will send a Client Key Exchange message which includes the Encrypted Pre-master Secret used by server to generate the session master key. As the RFC says the formula for measuring the master key is:
master_secret = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random) [0..47];
Also the random numbers are 32 bytes randoms which had exchanged during the Client Hello and Server Hello messages.
My questions are:
- Which function of OpenSSL I can use to get the master secret? What is the PRF in my session?
- For decrypting the
Encrypted Pre-Master Key(which my server's private key is going to be used) what is the decryption algorithm? Is it the key exchange algorithm mentioned in selected cipher suite by server in server hello message?(e.g. inTLS_DH_RSA_WITH_AES_128_CBC_SHAcipher suite the key exchange algorithm is Deffie-Hellman) If it is, what is the function in OpenSSL library which inputs thekey exchange algo, private key, encrypted_bufferand outputs the decrypted buffer! - Is the summation of two randoms like:
uint8_t sum[32];
for(int i=0; i<32; ++i)
sum[i] = ClientHello.random[i] + ServerHello.random[i];
If it is, overflows aren't considered?
Thanks previously for any response :))
Aucun commentaire:
Enregistrer un commentaire