-
Notifications
You must be signed in to change notification settings - Fork 79
Diffie Hellman Key Exchange
Diffie-Hellman key exchange derives the session keys from the computed shared secret. The exchange proceeds as a standard Diffie-Hellman exchange after which the shared secret is converted into a byte array. The byte array is hashed using SHA-384 and its first 16 bytes used as the AES-128-CBC session encryption key Kenc and its last 32 bytes used as the HMAC-SHA256 session HMAC key Khmac. This scheme provides perfect forward secrecy.
This scheme is identified by the string DH.
N.B. The Diffie-Hellman public keys and computed shared secret must be converted into a byte array for transport over the wire and for use in the key derivation respectively. The byte array will be the minimum number of bytes required for the two’s complement representation in big-endian byte-order (the most significant byte is first) including at least one sign bit, with exactly one zero byte in the zeroth element. As a result, a shared secret value of zero will be represented by an array of length one containing a single byte with a value of zero. This representation is compatible with the Java BigInteger.toByteArray() function and BigInteger(byte[]) constructor.
keydata = {
"#mandatory" : [ "parametersid", "publickey" ],
"parametersid" : "string",
"publickey" : "binary"
}| Field | Description |
|---|---|
| parametersid | Diffie-Hellman parameters identifier |
| publickey | Diffie-Hellman public key |
The parameters ID identifies the Diffie-Hellman parameters to use for key generation.
The public key should contain exactly one zero byte in the zeroth element. When creating or upon receipt of key request data this zero byte must be prepended if missing.
keydata = {
"#mandatory" : [ "parametersid", "publickey" ],
"parametersid" : "string",
"publickey" : "binary"
}| Field | Description |
|---|---|
| parametersid | Diffie-Hellman parameters identifier |
| publickey | Diffie-Hellman public key |
The parameters ID identifies the Diffie-Hellman parameters to use for key generation. This value should match the value in the key request data.
The public key should contain exactly one zero byte in the zeroth element. When creating or upon receipt of key response data this zero byte must be prepended if missing.
The key derivation function uses SHA-384 to generate the raw keying material. The session encryption key Kenc and session HMAC key Khmac are created directly from the keying material.
Since the computed shared secret is a numeric value (typically a BigInteger) it must be converted into a byte array when computing the SHA384. To ensure both entities involved in the key exchange derive the same keys, the byte array must also obey the Diffie-Hellman public key encoding rule described above.
Key Derivation Pseudocode
bytes = SHA384(shared_secret); Kenc' = bytes[0...15] Khmac' = bytes[16...47]
A Netflix Original Production
Tech Blog | Twitter @NetflixOSS | Jobs
- Introduction
- Encoding & Normalization
- Cryptography
- Versioning
- MSL Networks
- Entity Authentication
- User Authentication
- Key Exchange
- Service Tokens
- Messages
- Error Messages
- Application Security Requirements
- Protocol Implementation
- Configuration Guide