Prince Sultan University
College of Computer & Information Sciences
Department of Computer Science
CS391: Network & Computer Security
Assignment 4
SSL Key Generation Process
Objective:
You are required to write an implementation of the SSL key generation process, where both
parties simultaneously generate the common keys. The common keys include:



The HMAC key used for hashing purposes
The Symmetric Encryption key used to encrypt exchanged messages
The Initialization Vector (IV) used in the RC4 encryption process
Details:
The key generation process is initiated in Phase 3 by the SSL client. The Client generates a 48 bit
Premaster Secret key and sends it to the server after encrypting it in the Public Key of the
Server. Both parties then generate the Master Secret using the relation:
Sm = H1(Spm || H2 (‘A’ || Spm || Rc || Rs)) ||
H1(spm || H2 (‘BB’ || spm || Rc || Rs)) ||
H1(spm || H2 (‘CCC’ || Spm || Rc || Rs))
The actual key set is generated using the relation:
Kb = H1(Sm || H2 (‘A’ || Sm || Rc || Rs)) ||
H1(Sm || H2 (‘BB’ || Sm || Rc || Rs)) ||
H1(Sm || H2 (‘CCC’ || Sm || Rc || Rs))
Where:
Spm is the Premaster Secret, Rc is the Client Random, Rs is the Server Random, A, BB, CCC are
literals, H1 and H2 are hash functions.