[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: v2.40: C_DeriveKey with CKM_TLS12_KDF
Hi TC,In the PKCS #11 v2.40 spec, I could not find a detailed description of the use of C_DeriveKey with CKM_TLS12_KDF.
For example, back in the v2.20 spec for CKM_TLS_PRF, we have a paragraph that says:
======================================================================= 12.32.3 TLS PRF (pseudorandom function)PRF (pseudo random function) in TLS,...... during a C_DeriveKey function call, which means the template shall be a NULL_PTR. For most key-derivation mechanisms, C_DeriveKey returns a single key handle as a result of a successful completion.
However, since the CKM_TLS_PRF mechanism returns the requested number of output bytes in the CK_TLS_PRF_PARAMS structure specified as the mechanism parameter, the parameter phKey passed to C_DeriveKey is unnecessary, and should be a NULL_PTR.
======================================================================= Questions: 1) do we expect the same for CKM_TLS12_KDF where we can say the followings ?"However, since the CKM_TLS12_KDF mechanism returns the requested number of output bytes in the CK_TLS12_KDF_PARAMS structure specified as the mechanism parameter, the parameter phKey passed to C_DeriveKey is unnecessary, and should be a NULL_PTR."
2) if Question 1) is correct, for its parameter definition: typedef struct CK_TLS_KDF_PARAMS { CK_MECHANISM_TYPE prfMechanism; CK_BYTE_PTR pLabel; CK_ULONG ulLabelLength; CK_SSL3_RANDOM_DATA RandomInfo; CK_BYTE_PTR pContextData; CK_ULONG ulContextDataLength; } CK_TLS_KDF_PARAMS;It should have two more fields (i.e. pOutput and pulOutputLen) such as in CK_TLS_PRF_PARAMS.
typedef struct CK_TLS_PRF_PARAMS { CK_BYTE_PTR pSeed; CK_ULONG ulSeedLen; CK_BYTE_PTR pLabel; CK_ULONG ulLabelLen; CK_BYTE_PTR pOutput; CK_ULONG_PTR pulOutputLen; } CK_TLS_PRF_PARAMS; Therefore, CK_TLS_KDF_PARAMS should be defined as follow: typedef struct CK_TLS_KDF_PARAMS { CK_MECHANISM_TYPE prfMechanism; CK_BYTE_PTR pLabel; CK_ULONG ulLabelLength; CK_SSL3_RANDOM_DATA RandomInfo; CK_BYTE_PTR pContextData; CK_ULONG ulContextDataLength; CK_BYTE_PTR pOutput; <--------- extra CK_ULONG_PTR pulOutputLen; <---- extra } CK_TLS_KDF_PARAMS; Any comments ? Thanks, Oscar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]