�
Master Secret 分两个步骤生成：
�
2015-5-23
�
Exchange pre_master_secret（交换次密钥） Compute the master_secret（双方计算主密钥）
主秘密的创建（续）
�
For Asymmetric cryptographic computations （非对称密码算法计算）
2015-5-23
其他密码参数的创建：加密密钥和MAC密钥（续）
�
The following inputs are available to the key definition process:
� � �
[48] MasterSecret MasterSecret[48] ClientHello.random ServerHello.random the master secret is used as an entropy source（熵源） and the random values provide unencrypted salt material and IVs for exportable ciphers.
问题
�ቤተ መጻሕፍቲ ባይዱ
�
Question：在handshake协议中，只交换了一个秘 密（称之为次秘密），请问，SSL是如何得到通 信中需要的加密密钥（即工作密钥）、MAC计算 密钥和密码算法需要的IV 值的？ Answer：回答这个问题需要知道 SSL的密钥计算 规则
2015-5-23
第二&三阶段交换结果：六对密钥
总结
SSL Client SSL Server
C>S
S>C
C>S
S>C Encryption MAC IV
2015-5-23
密码参数的生成
次秘密 （ pre_master_secret） 主秘密 （master secret）
Client write MAC secret Client write secret Client write IV
�
When generating keys and MAC secrets
� �
2015-5-23
master_secret = MD5(pre_master_secret + SHA('A' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('BB' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('CCC' + pre_master_secret + ClientHello.random + ServerHello.random));
Server write MAC secret Server write secret Server write IV
2015-5-23
主秘密的创建
�
共享主秘密(Master Secret) 由客户机和服务器 共享，是依据通过安全密钥交换后得到的次秘 密（ pre_master_secret ）来生成的一次性48字 节值（384）
2015-5-23
其他密码参数的创建：加密密钥和 MAC密钥
�
Converting the master secret into keys and MAC secrets
�
�
�
The master secret is hashed into a sequence of secure bytes, which are assigned to the MAC secrets, keys, and non-export IVs required by the current CipherSpec （当 前的密码参数）. CipherSpecs require a client write MAC secret , a server secret, write MAC secret, a client write key , a server write key ,a key, key, client write IV , and a server write IV , which are IV, IV, generated from the master secret in that order. Unused values, such as FORTEZZA keys communicated in the KeyExchange message, are empty.
2015-5-23
其他密码参数的创建
�
Symmetric cryptographic calculations and the CipherSpec（SSL中的密码规约参数）
�
� �
�
The technique used to encrypt and verify the integrity of SSL records is specified by the currently active CipherSpec(密码规约）. A typical example would be to encrypt data using . DES and generate authentication codes using MD5 MD5. The encryption and MAC algorithms are set to SSL_NULL_WITH_NULL_NULL at the beginning of the SSL Handshake Protocol, indicating that no message authentication or encryption is performed （SSL协议开始是并不进行加密或完整性验证）. The handshake protocol is used to negotiate a more secure CipherSpec and to generate cryptographic keys（握手协议用来协商密码参数，并生成密钥）
�
次密钥pre_master_secret 交换方法主要有两种：
�
�
RSA：由客户端生成 48字节的次密钥，并用服务器的 RSA公钥加密后发送到服务器，服务器用其密钥解 密，得到次密钥 Diffie-Hellman：客户端和服务器同时生成 DiffieHellman公钥，密钥交换后双方执行 Diffie-Hellman计 算，创建共享次密钥
master_secret = MD5(pre_master_secret + SHA('A' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('BB' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('CCC' + pre_master_secret + ClientHello.random + ServerHello.random));
2015-5-23
主秘密的创建（续）
�
对于Diffie-Hellman
�
� �
A conventional Diffie-Hellman computation is performed The negotiated key (K) is used as the pre_master_secret and is converted into the master_secret, as specified above.
�
The pre_master_secret should be deleted from memory once the master_secret has been computed（计算后需 从内存中删除）
master_secret = MD5(pre_master_secret + SHA('A' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('BB' + pre_master_secret + ClientHello.random + ServerHello.random)) + MD5(pre_master_secret + SHA('CCC' + pre_master_secret + ClientHello.random + ServerHello.random));
�
The asymmetric algorithms are used in the handshake protocol to authenticate parties and to generate shared keys and secrets.
�
The pre_master_secret should be deleted from memory once the master_secret has been computed（计算后需从内存中删除）
2015-5-23
主秘密的创建（续）
�
对于 RSA � When RSA is used for server authentication and key exchange
�
� � �
A 48-byte pre_master_secret is generated by the client Encrypted under the server's public key , and sent to the server The server uses its private key to decrypt the pre_master_secret Both parties then convert the pre_master_secret into the master_secret, as specified above.