11.7.3 Hash functions in authentication-related messages

In the previous chapters, we discussed that TLS uses the following messages uniformly, that is, as a common set, for authentication, key confirmation, and handshake integrity:

• Certificate
• CertificateVerify
• Finished

Server Alice and client Bob always send these three messages as the last messages of the TLS handshake.

Recall that server Alice and client Bob compute their TLS authentication messages all uniformly by taking the following inputs:

• Their digital certificate and their private key to be used for signing
• The so-called Handshake Context that contains all handshake messages to be included in the transcript hash
• The BaseKey used to compute a MAC key

Based on the preceding inputs, the authentication messages contain the following data:

• The Certificate to be used for authentication, including any supporting certificates in the certificate chain
• The CertificateVerify signature over the value of Transcript-Hash(Handshake Context, Certificate)
• The MAC Finished, computed using the MAC key derived from from BaseKey, over the value of

Transcript-Hash(Handshake Context, Certificate, CertificateVerify)

The CertificateVerify message

Recall that Alice and Bob use the CertificateVerify message to explicitly prove that they indeed possess the private key corresponding to the public key in their certificate. In addition, CertificateVerify is used to ensure the TLS handshake’s integrity up to this point. The structure of CertificateVerify is shown in Listing 11.5.

The signature field contains the digital signature, and the algorithm field contains the signature algorithm that was used to generate the signature. Hash output of the Transcript-Hash(Handshake Context, Certificate) function is the data covered by the digital signature.

Listing 11.5: TLS 1.3 CertificateVerify message

struct {
   SignatureScheme algorithm;
   opaque signature<0..2^16-1>;
} CertificateVerify;

The Finished message

Recall that Finished is the last handshake message in the authentication block, and that this message provides authentication of the TLS handshake and authentication of the keys computed by server Alice and client Bob. The structure of the message is shown in Listing 11.6.

Listing 11.6: Structure of Finished message in TLS 1.3

struct {
   opaque verify_data[Hash.length];
} Finished;

To generate a correct Finished message, Alice and Bob use a secret key derived from the BaseKey using the HKDF-Expand-Label function:
finished_key = HKDF-Expand-Label(BaseKey, “finished”, “”, Hash.length)

Both Alice and Bob must verify the correctness of the Finished message they receive and immediately terminate the TLS session if Finished is corrupted. The verify˙data field is computed as follows:
verify_data = HMAC(finished_key, Transcript-Hash)

The Transcript-Hash is a hash value computed over c—Handshake Context—, Certificate, and CertificateVerify. The values for Certificate and CertificateVerify are included in verify˙data computation only if they were present in the TLS handshake, that is, if either server Alice or client Bob have used digital certificates to prove their identity. Now we are going to explain how Transcript-Hash is computed in detail.

11.7.4 Transcript hash

Alice and Bob use transcript hash – the hash value of the transcript of TLS handshake messages – for many cryptographic computations in TLS. The value of the transcript hash is computed by first concatenating the handshake messages and then applying a hash function to this concatenated value:

where m1,m2,…,mn are the TLS handshake messages and h is a hash function.

More precisely, the following handshake messages – but only those that were actually sent – are used in the following order as input for the transcript hash:

1. ClientHello
2. HelloRetryRequest
3. ClientHello
4. ServerHello
5. EncryptedExtensions
6. Alice’s CertificateRequest
7. Alice’s Certificate
8. Alice’s CertificateVerify
9. Alice’s Finished
10. EndOfEarlyData
11. Bob’s Certificate
12. Bob’s CertificateVerify
13. Bob’s Finished

What, in general, is the use of a transcript of a cryptographic protocol? After a protocol run is finished, the transcript allows Alice and Bob to explicitly verify that they both saw the same messages being exchanged. This, in turn, creates an additional hurdle for Mallory to mount a man-in-the-middle attack by sending Alice a message mi and Bob a different message mi′.

11.7.5 Hash functions in TLS key derivation

Recall that in order to derive TLS session keys, Alice and Bob use HKDF defined in RFC 5869 (specifically, its HKDF-Extract and HKDF-Expand functions) as well as the following two functions:
HKDF-Expand-Label(Secret, Label, Context, Length) = HKDF-Expand(Secret, HkdfLabel, Length)

and
Derive-Secret(Secret, Label, Messages) = HKDF-Expand-Label(Secret, Label, Transcript-Hash(Messages), Hash.length)

The hash function used in Transcript-Hash, HKDF-Extract, and HKDF-Expand is the hash algorithm defined in the TLS cipher suite.Hash.length is the output length of that algorithm in bytes. Finally, Messages means the concatenation of the TLS handshake messages transmitted by Alice and Bob during that specific handshake session. The HkdfLabel is a data structure shown in Listing 11.7.

Listing 11.7: The HkdfLabel data structure

struct {
   uint16 length = Length;
   opaque label<7..255> = “tls13 ” + Label;
   opaque context<0..255> = Context;
} HkdfLabel;

11.8 Summary

In this chapter, we learned how hash functions and message authentication code work, what mathematical properties they have, and how to construct them. Moreover, we covered several popular mechanisms, such as HMAC and the SHA-256, SHA-384, and SHA-512 algorithms from the SHA-2 hash algorithm family. Last but not least, we looked into the application of hash functions and message authentication code in the TLS 1.3 handshake protocol.

This chapter introduced the last building block required to understand how the TLS handshake protocol works in detail. Congratulations: you now know what Alice and Bob actually do to establish a TLS session!

In the next chapter, we will wrap up TLS 1.3 handshake. To do this, we will zoom out of the cryptographic details and give a higher-level description of TLS handshake using state machines for the TLS server and TLS client, which are specified in RFC 8446. Moreover, we will show how you can use s˙client, a TLS client program from the popular OpenSSL toolkit, to conduct your own experiments with TLS.

12.2.1 Early secret

TLS 1.3 offers the option for Alice and Bob to use a pre-shared secret key PSK. This is a key Alice and Bob have previously agreed on independent of TLS. If Alice and Bob use a PSK for their TLS handshake, they derive the early secret from PSK and use it as input keying material (IKM) to generate binder˙key, client˙early˙traffic˙secret, and early˙exporter˙master˙secret, which will be explained later in this chapter.

12.2.2 Binder key

The binder key is used to establish a binding between Alice’s and Bob’s pre-shared secret key and their current TLS handshake as well as between the current TLS handshake and the previous TLS handshake where that PSK was generated. In other words, Bob uses the binder to prove to Alice that he indeed knows the PSK associated with the identity known to Alice.

Alice uses the PSK binder to verify that Bob actually knows the correct PSK before actually executing a PSK-based TLS handshake. If the verification fails or Bob does not present the binder to Alice, she immediately aborts the TLS handshake. This ensures that Alice does not execute a PSK-based handshake without verifying that Bob actually knows the PSK.

By binding a previous TLS session where the binder key was generated to the current TLS handshake, this mechanism also allows Alice to implicitly verify that Bob did not suffer a man-in-the-middle attack. If Mallory managed to perform a successful man-in-the-middle attack, Alice and Bob would have a different PSK and this would prevent a subsequent TLS session resumption.

12.2.3 Bob’s client early traffic secret.

If a PSK is used for the TLS handshake, client˙early˙traffic˙secret can be used to generate a key that allows Bob to encrypt early application data in the first ClientHello message of the TLS handshake. This key is only used by Bob.

12.2.4 Exporter secrets

Exporter secrets are secrets used to derive additional secret keys for use outside of the TLS protocol. Some higher-level protocols use TLS to establish a shared secret key and afterward use TLS keying material for other protocol-specific purposes. This, in turn, requires exporting keying material to higher-layer protocols or applications as well as agreeing on the context in which that keying material will be used.

For example, the DTLS-SRTP protocol first uses Datagram-TLS (DTLS) to exchange secret keys and selects the Secure Real-Time Transport Protocol (SRTP) protection suite. Subsequently, it uses DTLS master˙secret to derive SRTP keys.

To enable this, TLS offers a mechanism called Key Material Exporter, details of which are defined in RFC 5705 [145]. The exported values are referred to as Exported Keying Material (EKM). In TLS, early˙exporter˙master˙secret and exporter˙master˙secret are examples of EKM generated at different stages of the TLS handshake.

TLS exporters have the following cryptographic properties:

• They allow Bob and Alice to export the same EKM value
• For attacker Eve who does not know the master˙secret, EKM is indistinguishable from a random number
• Bob and Alice can export multiple EKM values from a single TLS connection
• Even if Eve learns one EKM value, she learns nothing about other EKM values or the master˙secret

12.2.5 Derived secrets

These are intermediate secrets that are used as salt arguments for the HKDF-Extract function (which we will shortly discuss in detail). The HKDF-Extract function, in turn, generates the Handshake Secret and the Master Secret.

12.2.6 Handshake secret

This secret is the final result of the handshake. It is either derived from the Early Secret if a PSK is in place or from the secret Alice and Bob have exchanged during a Diffie-Hellman. The Handshake Secret is used to derive the client˙handshake˙traffic˙secret for Bob and the server˙handshake˙traffic˙secret for Alice.

12.2.7 Handshake traffic secrets

Bob subsequently uses the client˙handshake˙traffic˙secret secret and Alice uses the server˙handshake˙traffic˙secret secret to generate secret keys for their handshake traffic encryption.

12.2.8 Master secret

The Master Secret is used to derive the client˙application˙traffic˙secret0 for Bob and the server˙application˙traffic˙secret0 for Alice. These secrets can be updated later during a TLS session, hence their index 0.

12.2.9 Application traffic secrets

The client˙application˙traffic˙secret0 is used by Bob and the server˙application˙traffic˙secret0 is used by Alice to generate corresponding secret keys for encryption of the application data. These keys allow Alice and Bob to establish a secure channel for the bulk application data. TLS also has an optional mechanism to update these secrets and, in turn, these keys during a TLS session.

12.2.10 Resumption master secret

This secret is used to derive the pre-shared secret key for TLS session resumption. After a successful handshake, Alice can send Bob the identity of a PSK derived during that handshake. Bob can then use this PSK identity in subsequent TLS handshakes with Alice in order to signal his desire to use the associated PSK.

We now turn to the question of how the secrets are derived from the exchanged keying material.

12.3 KDFs in TLS

TLS uses four different functions to derive secrets: HKDF-Extract, HKDF-Expand, HKDF-Expand-Label, and Derive-Secret. All these functions are based on the Hashed Message Authentication Code (HMAC)-based Extract-and-Expand Key Derivation Function (HKDF) defined in RFC 5869 [104].

We will have much more to say on hash functions, message authentication codes, and key derivation function in Chapter 11, Hash Functions and Message Authentication Codes. For now, it is sufficient to treat HKDF as an abstract function, as shown in Figure 12.2. It takes keying material as input and returns one or more secret keys as output:

Figure 12.2: High-level view of the HKDF function

HKDF follows an extract-then-expand approach consisting of two logical stages. The rationale for this two-step approach is explained nicely in the introduction of [104]: ”In many applications, the input keying material is not necessarily distributed uniformly, and the attacker may have some partial knowledge about it (for example, a Diffie-Hellman value computed by a key exchange protocol) or even partial control of it (as in some entropy-gathering applications). Thus, the goal of the extract-stage is to concentrate the possibly dispersed entropy of the input keying material into a short, but cryptographically strong, pseudorandom key. In some applications, the input may already be a good pseudorandom key; in these cases, the extract-stage is not necessary, and the ”expand” part can be used alone. The second stage expands the pseudorandom key to the desired length; the number and lengths of the output keys depend on the specific cryptographic algorithms for which the keys are needed.”

Now, let’s take a look at the extract-and-expand-functions in HKDFs.

12.3.1 HKDF-Extract

HKDF-Extract, or HE for short, implements the first stage of the HKDF, which takes the keying material as input and extracts a fixed-length pseudorandom key K from it. In particular, it is involved in the derivation of the handshake secret SH and the master secret SM (see Figure 12.9 and Figure 12.11, respectively).

HKDF-Extract is illustrated in Figure 12.3. It takes two inputs: a salt and an input keying material (IKM). The salt is a non-secret random value. If no salt is provided, HKDF-Extract takes a string of zeros of the length equal to that of the hash function output. HKDF-Extract outputs a pseudorandom key (PRK). The PRK is calculated as PRK = HMAC-Hash(salt, IKM). Since HKDF-Extract is based on the HMAC construction, which is in turn a construction template that can use different hash functions [103], HKDF-Extract can also use different cryptographic hash functions.

Figure 12.3: HKDF-Extract function used for TLS key derivation

A new TLS secret is derived using HKDF-Extract with the current TLS secret state as salt and the PSK – established out of band or derived from the resumption˙master˙secret instance of a previous TLS session – or the DHE or ECDHE based shared secret that Alice and Bob have established during the current TLS handshake as IKM.

12.3.2 HKDF-Expand

The second stage of the HKDF function expands a PRK to a pseudorandom bit string of the desired length, which can then be used to derive secret keys. HKDF-Expand is illustrated in Figure 12.4.

HKDF-Expand takes three inputs: a pseudorandom key PRK (which must have at least the length of the output of the hash function used), an optional context and application-specific information info, and the desired length in bytes of the output keying material L.

The output of HKDF-Expand is an L-byte long Output Keying Material (OKM). The OKM is calculated by first calculating the following N values, where N is the result of the ceiling function applied to (L∕HashLen):

T(0) = empty string(zero length)

T(1) = HMAC-Hash(PRK,T(0)|info|0x01)

T(2) = HMAC-Hash(PRK,T(1)|info|0x02)

 …

T(N) = HMAC-Hash(PRK,T(N − 1)|info|N)

where | denotes the bit-wise concatenation. The HMAC construction for key-dependent hash values is explained in Section 11.5, Message authentication codes. After that, the OKM is built by taking the first L octets of T = T(1)|T(2)|…|T(N).

Figure 12.4: The HKDF-Expand function HP

After each invocation of the HKDF-Extract function, the HKDF-Expand function is invoked one or more times.