[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] TLS 1.2 Extended Master Secret?
Itâs my understanding that FIPS 140-3 only allows TLS 1.2 implementations that use the extended master secret construction. I think this can be accomplished in PKCS#11 by using/abusing the CKM_TLS12_KDF mechanism with appropriate input. Is that the intent?
Mozilla created a vendor specific mechanism for this. We should probably add an official version of that mechanism.
/* TLS extended master secret derivation */
#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25)
#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26)
/*
Â* Parameter for the TLS extended master secret key derivation
mechanisms:
Â*
Â*Â * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE
Â*Â * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH
Â*
Â* For the TLS 1.2 PRF, the prfHashMechanism parameter determines
the hash
Â* function used. For earlier versions of the PRF, set the
prfHashMechanism
Â* value to CKM_TLS_PRF.
Â*
Â* The session hash input is expected to be the output of the same
hash
Â* function as the PRF uses (as required by
draft-ietf-tls-session-hash). So
Â* the ulSessionHashLen member must be equal the output length of
the hash
Â* function specified by the prfHashMechanism member (or, for
pre-TLS 1.2 PRF,
Â* the length of concatenated MD5 and SHA-1 digests).
Â*
Â*/
typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS {
ÂÂÂ CK_MECHANISM_TYPE prfHashMechanism;
ÂÂÂ CK_BYTE_PTR pSessionHash;
ÂÂÂ CK_ULONG ulSessionHashLen;
ÂÂÂ CK_VERSION_PTR pVersion;
} CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS;
obviously the _NSS_ wouldn't be in the extended version. We put it
there to signal that this is a vendor specific define so we aren't
hosed when the real thing gets defined in this TC:).
bob