This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

From the wireshark logs I can see that the first 32 bytes are used for Client Write Key where in RFC5246 it stated that the first bytes are for the MAC then the Key and then the IV. What is the correct order? I'm using protocol TLS_RSA_WITH_AES_256_GCM_SHA384

Thanks

key expansion[168]:
| 74 0e 20 ea 20 ea 7b db dd d8 31 85 e6 1c ec 52 |t. . .{...1....R|
| be a0 8d ad 48 73 08 ac 0e 09 06 4f dd a4 68 5f |....Hs.....O..h_|
| 2d 4d d3 bf 92 3d 96 a8 38 a4 c0 35 21 f9 dd ce |-M...=..8..5!...|
| 9e a9 28 60 c5 a5 17 38 85 ca fe a9 66 35 db 1f |..(`...8....f5..|
| b5 68 3e 15 4c 81 23 64 7d e6 31 f0 40 79 80 17 |.h>.L.#d}.1.@y..|
| 03 06 0d 27 d5 4f 52 f0 6c 8a 30 12 65 3d 9c 70 |...'.OR.l.0.e=.p|
| 74 18 cb 6b 77 55 24 f9 e2 06 83 48 89 83 10 3c |t..kwU$....H...<|
| 59 70 83 b1 04 38 c6 cf 19 2f 17 4c 19 f5 bb 6e |Yp...8.../.L...n|
| 58 b6 d6 da 92 f0 64 14 55 8f f1 4a 43 1c ef c2 |X.....d.U..JC...|
| 7e 67 a3 8b b8 c4 b3 71 61 28 c2 58 8d 3b 1c a8 |~g.....qa(.X.;..|
| b1 fe 63 20 7b 19 61 b6                         |..c {.a.        |
Client Write key[32]:
| 74 0e 20 ea 20 ea 7b db dd d8 31 85 e6 1c ec 52 |t. . .{...1....R|
| be a0 8d ad 48 73 08 ac 0e 09 06 4f dd a4 68 5f |....Hs.....O..h_|
Server Write key[32]:
| 2d 4d d3 bf 92 3d 96 a8 38 a4 c0 35 21 f9 dd ce |-M...=..8..5!...|
| 9e a9 28 60 c5 a5 17 38 85 ca fe a9 66 35 db 1f |..(`...8....f5..|
Client Write IV[4]:
| b5 68 3e 15                                     |.h>.            |
Server Write IV[4]:
| 4c 81 23 64                                     |L.#d            |

asked 17 Oct '16, 12:15

Gil%20Fefer's gravatar image

Gil Fefer
46225
accept rate: 100%

edited 18 Oct '16, 00:55

Lekensteyn's gravatar image

Lekensteyn
2.2k3724


AEAD ciphers (like the AES-GCM family) do not need an additional MAC key since the construction already provides authentication (AEAD = Authenticated Encryption with Additional Data).

In RFC 5246 (Section 6.3) you can find the following partitioning of the key expansion block:

  client_write_MAC_key[SecurityParameters.mac_key_length]
  server_write_MAC_key[SecurityParameters.mac_key_length]
  client_write_key[SecurityParameters.enc_key_length]
  server_write_key[SecurityParameters.enc_key_length]
  client_write_IV[SecurityParameters.fixed_iv_length]
  server_write_IV[SecurityParameters.fixed_iv_length]

For TLS_RSA_WITH_AES_256_GCM_SHA384, the MAC key length is zero (as explained above). The encryption key length is 32 bytes (due to AES256). The "IV" block is actually being used as part of the GCM nonce and is four bytes.

You can find these details also in RFC 5288.

permanent link

answered 18 Oct '16, 01:38

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×75
×21
×1

question asked: 17 Oct '16, 12:15

question was seen: 1,219 times

last updated: 18 Oct '16, 01:43

p​o​w​e​r​e​d by O​S​Q​A