[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: C_DeriveKeys
This may or may not be a 2.40 submission, but I'd like to chat about that.This also includes some related changes to fix the issues with TLS key derivation (e.g. key data can leak into public data).
The reason for CKM_GENERIC_DERIVE is to somewhat simplify the interface for key derivation. There are way too many structures for way too many ways of dealing with key derivation. This basically takes all of those and provides a packed encoding. I admit that the rationale for this is to make life simpler for things like java.
I'm also thinking that another variation on this might deal with compound KDFs (e.g. basic mechanism is X, but needs a PRF of Y - see NIST SP800-108 for example).
Mike
Attachment:
pkcs11-derivekeys.docx
Description: application/vnd.openxmlformats-officedocument.wordprocessingml.document
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]