5.3.7.1 Non-FIPS
The encryption and the decryption keys are updated after 4,096 packets have been sent or received.
Generating an updated session key requires:
The initial session keys (generated as described in section 5.3.5).
The current session keys (if no update has been performed, the current and initial session keys will be identical).
Knowledge of the RC4 key length (computed using Table 1 and the negotiated key length).
The following sequence of steps shows how updated client and server encryption keys are generated (the same steps are used to update the client and server decryption keys). The following padding constants are used.
-
Pad1 = 0x36 repeated 40 times to give 320 bits Pad2 = 0x5C repeated 48 times to give 384 bits
If the negotiated key strength is 128-bit, then the full 128 bits of the initial and current encryption key will be used.
-
InitialEncryptKey = InitialEncryptKey128 CurrentEncryptKey = CurrentEncryptKey128
If the negotiated key strength is 40-bit or 56-bit, then the first 64 bits of the initial and current encryption keys will be used.
-
InitialEncryptKey = First64Bits(InitialEncryptKeyN) CurrentEncryptKey = First64Bits(CurrentEncryptKeyN) InitialEncryptKeyN is either InitialEncryptKey40 or InitialEncryptKey56, depending on the negotiated key strength, while CurrentEncryptKeyN is either CurrentEncryptKey40 or CurrentEncryptKey56, depending on the negotiated key strength.
The initial and current keys are concatenated and hashed together with padding to form a temporary key as follows.
-
SHAComponent = SHA(InitialEncryptKey + Pad1 + CurrentEncryptKey) TempKey128 = MD5(InitialEncryptKey + Pad2 + SHAComponent)
If the key strength is 128 bits, then the temporary key (TempKey128) is used to reinitialize the associated RC4 substitution table. (For more information on RC4 substitution table initialization, see [[SCHNEIER]] section 17.1.)
-
S-TableEncrypt = InitRC4(TempKey128)
RC4 is then used to encrypt TempKey128 to obtain the new 128-bit encryption key.
-
NewEncryptKey128 = RC4(TempKey128, S-TableEncrypt)
Finally, the associated RC4 substitution table is reinitialized with the new encryption key (NewEncryptKey128), which can then be used to encrypt a further 4,096 packets.
-
S-Table = InitRC4(NewEncryptKey128)
If 40-bit or 56-bit keys are being used, then the first 64 bits of the temporary key (TempKey128) are used to reinitialize the associated RC4 substitution table.
-
TempKey64 = First64Bits(TempKey128) S-TableEncrypt = InitRC4(TempKey64)
RC4 is then used to encrypt these 64 bits, and the first few bytes are salted according to the key strength to derive a new 40-bit or 56-bit encryption key (see section 5.3.5.1 for details on how to perform the salting operation).
-
PreSaltKey = RC4(TempKey64, S-TableEncrypt) NewEncryptKey40 = 0xD1269E + Last40Bits(PreSaltKey) NewEncryptKey56 = 0xD1 + Last56Bits(PreSaltKey)
Finally, the new 40-bit or 56-bit encryption key (NewEncryptKey40 or NewEncryptKey56) is used to reinitialize the associated RC4 substitution table.