Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Pre-Master Key (PRG) (Firefox)

61 views
Skip to first unread message

konstantinos Alexiou

unread,
Aug 19, 2015, 4:55:11 AM8/19/15
to dev-se...@lists.mozilla.org
As known, during the ClientKeyExchange phase of the Handshake of TLS, the
client generates a 48-byte random number called premaster secret using a
Pseudo Random Generator which is used to calculate the master key and the
key sessions.

I would like to know which Pseudo Random Generator functions are used to
compute and produce the pre-master Secret which are used in TLS1.2 in
firefox.
Thank you very much in advance.

Gervase Markham

unread,
Aug 19, 2015, 8:23:18 AM8/19/15
to konstantinos Alexiou
On 19/08/15 09:54, konstantinos Alexiou wrote:
> As known, during the ClientKeyExchange phase of the Handshake of TLS, the
> client generates a 48-byte random number called premaster secret using a
> Pseudo Random Generator which is used to calculate the master key and the
> key sessions.

This would be happening in the NSS code; mozilla.dev.tech.crypto might
be a better place to ask.

Gerv

Richard Barnes

unread,
Aug 19, 2015, 9:51:47 AM8/19/15
to konstantinos Alexiou, dev-se...@lists.mozilla.org
On Wed, Aug 19, 2015 at 4:54 AM, konstantinos Alexiou <
konstant...@gmail.com> wrote:

> As known, during the ClientKeyExchange phase of the Handshake of TLS, the
> client generates a 48-byte random number called premaster secret using a
> Pseudo Random Generator which is used to calculate the master key and the
> key sessions.
>
> I would like to know which Pseudo Random Generator functions are used to
> compute and produce the pre-master Secret which are used in TLS1.2 in
> firefox.
>


As you know, the PMS is generated differently in the RSA and DH cases. I
assume you're talking about the RSA case, since that's the only one where
the PRNG feeds directly into the PMS. The short answer is that it uses the
same PRNG as everything else in NSS. Here are some links if you want to
look in more detail:

https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/ssl3con.c#5898
https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/ssl3con.c#9324
https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/softoken/pkcs11c.c#3862
https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/freebl/drbg.c#567




> Thank you very much in advance.
> _______________________________________________
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
>
0 new messages