mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 02:24:16 +01:00
Convert TLS1.2 KDF descriptions to multistep key derivation
Convert the description of PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS to the key derivation API that takes one input at a time rather than the old {secret,salt,label} interface. Define a new input category "seed".
This commit is contained in:
parent
6c6195d7ba
commit
2cb9e39b50
@ -1232,11 +1232,14 @@
|
|||||||
* specified in Section 5 of RFC 5246. It is based on HMAC and can be
|
* specified in Section 5 of RFC 5246. It is based on HMAC and can be
|
||||||
* used with either SHA-256 or SHA-384.
|
* used with either SHA-256 or SHA-384.
|
||||||
*
|
*
|
||||||
* For the application to TLS-1.2, the salt and label arguments passed
|
* This key derivation algorithm uses the following inputs:
|
||||||
* to psa_key_derivation() are what's called 'seed' and 'label' in RFC 5246,
|
* - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
|
||||||
* respectively. For example, for TLS key expansion, the salt is the
|
* - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
|
||||||
|
* - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
|
||||||
|
*
|
||||||
|
* For the application to TLS-1.2 key expansion, the seed is the
|
||||||
* concatenation of ServerHello.Random + ClientHello.Random,
|
* concatenation of ServerHello.Random + ClientHello.Random,
|
||||||
* while the label is "key expansion".
|
* and the label is "key expansion".
|
||||||
*
|
*
|
||||||
* For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
|
* For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
|
||||||
* TLS 1.2 PRF using HMAC-SHA-256.
|
* TLS 1.2 PRF using HMAC-SHA-256.
|
||||||
@ -1273,10 +1276,15 @@
|
|||||||
* The latter is based on HMAC and can be used with either SHA-256
|
* The latter is based on HMAC and can be used with either SHA-256
|
||||||
* or SHA-384.
|
* or SHA-384.
|
||||||
*
|
*
|
||||||
* For the application to TLS-1.2, the salt passed to psa_key_derivation()
|
* This key derivation algorithm uses the following inputs:
|
||||||
* (and forwarded to the TLS-1.2 PRF) is the concatenation of the
|
* - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
|
||||||
* ClientHello.Random + ServerHello.Random, while the label is "master secret"
|
* - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
|
||||||
* or "extended master secret".
|
* - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
|
||||||
|
*
|
||||||
|
* For the application to TLS-1.2, the seed (which is
|
||||||
|
* forwarded to the TLS-1.2 PRF) is the concatenation of the
|
||||||
|
* ClientHello.Random + ServerHello.Random,
|
||||||
|
* and the label is "master secret" or "extended master secret".
|
||||||
*
|
*
|
||||||
* For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
|
* For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
|
||||||
* TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
|
* TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
|
||||||
@ -1586,6 +1594,12 @@
|
|||||||
*/
|
*/
|
||||||
#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
|
#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
|
||||||
|
|
||||||
|
/** A seed for key derivation.
|
||||||
|
*
|
||||||
|
* This must be a direct input.
|
||||||
|
*/
|
||||||
|
#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t)0x0204)
|
||||||
|
|
||||||
/**@}*/
|
/**@}*/
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_VALUES_H */
|
#endif /* PSA_CRYPTO_VALUES_H */
|
||||||
|
Loading…
Reference in New Issue
Block a user