Convert TLS1.2 KDF descriptions to multistep key derivation
Convert the description of PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS to the key derivation API that takes one input at a time rather than the old {secret,salt,label} interface. Define a new input category "seed".
This commit is contained in:
parent
6c6195d7ba
commit
2cb9e39b50
1 changed files with 22 additions and 8 deletions
|
@ -1232,11 +1232,14 @@
|
|||
* specified in Section 5 of RFC 5246. It is based on HMAC and can be
|
||||
* used with either SHA-256 or SHA-384.
|
||||
*
|
||||
* For the application to TLS-1.2, the salt and label arguments passed
|
||||
* to psa_key_derivation() are what's called 'seed' and 'label' in RFC 5246,
|
||||
* respectively. For example, for TLS key expansion, the salt is the
|
||||
* This key derivation algorithm uses the following inputs:
|
||||
* - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
|
||||
* - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
|
||||
* - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
|
||||
*
|
||||
* For the application to TLS-1.2 key expansion, the seed is the
|
||||
* concatenation of ServerHello.Random + ClientHello.Random,
|
||||
* while the label is "key expansion".
|
||||
* and the label is "key expansion".
|
||||
*
|
||||
* For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
|
||||
* TLS 1.2 PRF using HMAC-SHA-256.
|
||||
|
@ -1273,10 +1276,15 @@
|
|||
* The latter is based on HMAC and can be used with either SHA-256
|
||||
* or SHA-384.
|
||||
*
|
||||
* For the application to TLS-1.2, the salt passed to psa_key_derivation()
|
||||
* (and forwarded to the TLS-1.2 PRF) is the concatenation of the
|
||||
* ClientHello.Random + ServerHello.Random, while the label is "master secret"
|
||||
* or "extended master secret".
|
||||
* This key derivation algorithm uses the following inputs:
|
||||
* - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
|
||||
* - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
|
||||
* - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
|
||||
*
|
||||
* For the application to TLS-1.2, the seed (which is
|
||||
* forwarded to the TLS-1.2 PRF) is the concatenation of the
|
||||
* ClientHello.Random + ServerHello.Random,
|
||||
* and the label is "master secret" or "extended master secret".
|
||||
*
|
||||
* For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
|
||||
* TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
|
||||
|
@ -1586,6 +1594,12 @@
|
|||
*/
|
||||
#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
|
||||
|
||||
/** A seed for key derivation.
|
||||
*
|
||||
* This must be a direct input.
|
||||
*/
|
||||
#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t)0x0204)
|
||||
|
||||
/**@}*/
|
||||
|
||||
#endif /* PSA_CRYPTO_VALUES_H */
|
||||
|
|
Loading…
Reference in a new issue