DTLS 1.2 Master key derivation

Question

I am implementing DTLS 1.2 and using cipher TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

I am creating pre-master secret and master secret key using following steps

1- Open algorithm provider using API BCryptOpenAlgorithmProvider

2- Generate key pair using API BCryptGenerateKeyPair

3- Than export public key using API BCryptExportKey

4- Than import other party public key using API BCryptImportKeyPair

5- After that generate secret agreement handle using my private key and other party public key by using API BCryptSecretAgreement

6- Finally get secret key using API BCryptDeriveKey

Am i missing something because my master key is not correct.

score 1 · Answer 1 · answered Jun 10 '16 at 14:57

1

I guess it all depends on the parameters you are passing to BCryptDeriveKey. You should specify the TLS 1.2 pseudorandom function in the parameters which is based on SHA256 and not on MD5 and SHA1 as TLS 1.1 / DTLS 1.0.

answered Jun 10 '16 at 14:57

user6450657

11
1

DTLS 1.2 Master key derivation

1 Answers1