5.3.5.2 FIPS
The client and server random values are used to generate temporary 160-bit initial encryption and decryption keys by using the SHA-1 hash function. The client generates the following:
-
ClientEncryptKeyT = SHA(Last128Bits(ClientRandom) + Last128Bits(ServerRandom)) ClientDecryptKeyT = SHA(First128Bits(ClientRandom) + First128Bits(ServerRandom))
The server generates the following:
-
ServerDecryptKeyT = SHA(Last128Bits(ClientRandom) + Last128Bits(ServerRandom)) ServerEncryptKeyT= SHA(First128Bits(ClientRandom) + First128Bits(ServerRandom))
Each of these four keys are then expanded to be 168 bits in length by copying the first 8 bits of each key to the rear of the key:
-
ClientEncryptKey = ClientEncryptKeyT + First8Bits(ClientEncryptKeyT) ClientDecryptKey = ClientDecryptKeyT + First8Bits(ClientDecryptKeyT) ServerDecryptKey = ServerDecryptKeyT + First8Bits(ServerDecryptKeyT) ServerEncryptKey= ServerEncryptKeyT + First8Bits(ServerEncryptKeyT)
After expansion to 168 bits, each key is then expanded to be 192 bits in length by adding a zero-bit to every group of seven bits using the following algorithm:
Reverse every byte in the key.
Insert a zero-bit bit after every seventh bit.
Reverse every byte.
The following example (which only shows the first 5 bytes of a 21-byte key) demonstrates how a 168-bit key is expanded to 192 bits in size. Assume that the key is:
-
0xD1 0x5E 0xC4 0x7E 0xDA ...
In binary this is:
-
11010001 01011110 11000100 01111110 11011010 ...
Reversing each byte yields:
-
10001011 01111010 00100011 01111110 01011011 ...
Adding a zero-bit after each group of seven bits results in the following values:
-
10001010 10111100 10001000 01101110 11100100 ...
Finally, reversing each of the bytes yields:
-
01010001 00111101 00010001 01110110 00100111 ...
In hexadecimal this is:
-
0x51 0x3D 0x11 0x76 0x27 ...
Once each key has been expanded to 192 bits in size, the final step is to alter the least significant bit in each byte so that the entire byte has odd parity. Applying this transformation to the bytes in the previous example yields:
-
01010001 00111101 00010000 01110110 00100110 ...
In hexadecimal this is:
-
0x51 0x3D 0x10 0x76 0x26 ...
After producing the client and server encryption and decryption keys, the shared key to be used with the SHA-1 hash function to produce Hash-Based Message Authentication Codes (HMAC) ([RFC2104]) is computed by the client as follows:
-
HMACKey = SHA(ClientDecryptKeyT + ClientEncryptKeyT)
The server performs the same computation with the same data (the client encryption and server decryption keys are identical, while the server encryption and client decryption keys are identical).
-
HMACKey = SHA(ServerEncryptKeyT + ServerDecryptKeyT)
At the end of this process the client and server will each possess three symmetric keys to use with the Triple DES block cipher: an HMAC key, an encryption key, and a decryption key.