THE SSL PROTOCOL

　　CLIENT-MASTER-KEY (Phase 1; Sent primarily in the clear)
　　char MSG-CLIENT-MASTER-KEY
　　char CIPHER-KIND[3]
　　char CLEAR-KEY-LENGTH-MSB
　　char CLEAR-KEY-LENGTH-LSB
　　char ENCRYPTED-KEY-LENGTH-MSB
　　char ENCRYPTED-KEY-LENGTH-LSB
　　char KEY-ARG-LENGTH-MSB
　　char KEY-ARG-LENGTH-LSB
　　char CLEAR-KEY-DATA[MSB<<8|LSB]
　　char ENCRYPTED-KEY-DATA[MSB<<8|LSB]
　　char KEY-ARG-DATA[MSB<<8|LSB]

　　The client sends this message when it has determined a master key for the server to use. Note that when a session-identifier has been agreed upon, this message is not sent.
The CIPHER-KIND field indicates which cipher was chosen from the server's CIPHER-SPECS.

　　The CLEAR-KEY-DATA contains the clear portion of the MASTER-KEY. The CLEAR-KEY-DATA is combined with the SECRET-KEY-DATA (described shortly) to form the MASTER-KEY, with the SECRET-KEY-DATA being the least significant bytes of the final MASTER-KEY. The ENCRYPTED-KEY-DATA contains the secret portions of the MASTER-KEY, encrypted using the server's public key. The encryption block is formatted using block type 2 from PKCS#1 [5]. The data portion of the block is formatted as follows:

　　char SECRET-KEY-DATA[SECRET-LENGTH]

　　SECRET-LENGTH is the number of bytes of each session key that is being transmitted encrypted. The 　　SECRET-LENGTH plus the CLEAR-KEY-LENGTH equals the number of bytes present in the cipher key (as defined by the CIPHER-KIND). It is an error if the SECRET-LENGTH found after decrypting the PKCS#1 formatted encryption block doesn't match the expected value. It is also an error if CLEAR-KEY-LENGTH is non-zero and the CIPHER-KIND is not an export cipher.

　　If the key algorithm needs an argument (for example, DES-CBC's initialization vector) then the KEY-ARG-LENGTH fields will be non-zero and the KEY-ARG-DATA will contain the relevant data. For the SSL_CK_RC2_128_CBC_WITH_MD5, SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, SSL_CK_IDEA_128_CBC_WITH_MD5, SSL_CK_DES_64_CBC_WITH_MD5 and SSL_CK_DES_192_EDE3_CBC_WITH_MD5 algorithms the KEY-ARG data must be present and be exactly 8 bytes long.

　　Client and server session key production is a function of the CIPHER-CHOICE:

　　SSL_CK_RC4_128_WITH_MD5
　　SSL_CK_RC4_128_EXPORT40_WITH_MD5
　　SSL_CK_RC2_128_CBC_WITH_MD5
　　SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
　　SSL_CK_IDEA_128_CBC_WITH_MD5
　　KEY-MATERIAL-0 = MD5[ MASTER-KEY, "0", CHALLENGE, CONNECTION-ID ]
　　KEY-MATERIAL-1 = MD5[ MASTER-KEY, "1", CHALLENGE, CONNECTION-ID ]

　　CLIENT-READ-KEY = KEY-MATERIAL-0[0-15]
　　CLIENT-WRITE-KEY = KEY-MATERIAL-1[0-15]

　　Where KEY-MATERIAL-0[0-15] means the first 16 bytes of the KEY-MATERIAL-0 data, with KEY-MATERIAL-0[0] becoming the most significant byte of the CLIENT-READ-KEY.

　　Data is fed to the MD5 hash function in the order shown, from left to right: first the MASTER-KEY, then the "0" or "1", then the CHALLENGE and then finally the CONNECTION-ID.

　　Note that the "0" means the ascii zero character (0x30), not a zero value. "1" means the ascii 1 character (0x31). MD5 produces 128 bits of output data which are used directly as the key to the cipher algorithm (The most significant byte of the MD5 output becomes the most significant byte of the key material).

　　SSL_CK_DES_64_CBC_WITH_MD5
　　KEY-MATERIAL-0 = MD5[ MASTER-KEY, CHALLENGE, CONNECTION-ID ]

　　CLIENT-READ-KEY = KEY-MATERIAL-0[0-7]
　　CLIENT-WRITE-KEY = KEY-MATERIAL-0[8-15]

　　For DES-CBC, a single 16 bytes of key material are produced using MD5. The first 8 bytes of the MD5 digest are used as the CLIENT-READ-KEY while the remaining 8 bytes are used as the CLIENT-WRITE-KEY. The initialization vector is provided in the KEY-ARG-DATA. Note that the raw key data is not parity adjusted and that this step must be performed before the keys are legitimate DES keys.

　　SSL_CK_DES_192_EDE3_CBC_WITH_MD5
　　KEY-MATERIAL-0 = MD5[ MASTER-KEY, "0", CHALLENGE, CONNECTION-ID ]
　　KEY-MATERIAL-1 = MD5[ MASTER-KEY, "1", CHALLENGE, CONNECTION-ID ]
　　KEY-MATERIAL-2 = MD5[ MASTER-KEY, "2", CHALLENGE, CONNECTION-ID ]

　　CLIENT-READ-KEY-0 = KEY-MATERIAL-0[0-7]
　　CLIENT-READ-KEY-1 = KEY-MATERIAL-0[8-15]
　　CLIENT-READ-KEY-2 = KEY-MATERIAL-1[0-7]
　　CLIENT-WRITE-KEY-0 = KEY-MATERIAL-1[8-15]
　　CLIENT-WRITE-KEY-1 = KEY-MATERIAL-2[0-7]
　　CLIENT-WRITE-KEY-2 = KEY-MATERIAL-2[8-15]

　　Data is fed to the MD5 hash function in the order shown, from left to right: first the MASTER-KEY, then the "0", "1" or "2", then the CHALLENGE and then finally the CONNECTION-ID.

　　Note that the "0" means the ascii zero character (0x30), not a zero value. "1" means the ascii 1 character (0x31). "2" means the ascii 2 character (0x32).

　　A total of 6 keys are produced, 3 for the read side DES-EDE3 cipher and 3 for the write side DES-EDE3 function. The initialization vector is provided in the KEY-ARG-DATA. The keys that are produced are not parity adjusted. This step must be performed before proper DES keys are usable.