I have two questions about the sessions keys generated during the last steps of the Handshake phase:
Do the "client write key" and the "server write key" have the same value, even though both keys are generated independently on both sides?
(Same question) Do the "client write MAC key" and the "server write MAC key" have also the same value?
General question: Do the client and server arrive at the same results while generating the session keys?
Do the "client write key" and the "server write key" have the same value, even though both keys are generated independently on both sides?
No, see the next answer.
For encryption keys this is less important as the message is MAC'ed anyway. However, within TLS 1.2 and before MAC-then-encrypt is used, which may expose some unwanted vulnerabilities. E.g. if the sender is vulnerable to oracle attacks, then you might use that to decrypt messages when the same key would be used. This shows that key separation is always a good idea, as padding oracle attacks were initially not envisioned.
(Same question) Do the "client write MAC key" and the "server write MAC key" have also the same value?
No, they are deliberately different so that you cannot have the senders have their own message being replayed back to them. Basically a KDF (the PRF in TLS 1.2 parlance) uses a different label for each key, which means that each derived key will only be dependent on the master key (using a one way function).
General question: Do the client and server arrive at the same results while generating the session keys?
Yes, that they do. But they simply end up with the same values for each specific key. The client and server derive identical master secrets, and then proceed to use the same labels for the specific keys. So both sides will have the "client write key", but the server will use it to decrypt the messages.
key_blockand thus they are different. – Steffen Ullrich Aug 15 '20 at 14:37