Next: , Previous: , Up: Advanced topics   [Contents][Index]

6.12.5 Deriving keys for other applications/protocols

In several cases, after a TLS connection is established, it is desirable to derive keys to be used in another application or protocol (e.g., in an other TLS session using pre-shared keys). The following describe GnuTLS’ implementation of RFC5705 to extract keys based on a session’s master secret.

The API to use is gnutls_prf. The function needs to be provided with a label, and additional context data to mix in the extra parameter. Moreover, the API allows to switch the mix of the client and server random nonces, using the server_random_first parameter. In typical uses you don’t need it, so a zero value should be provided in server_random_first.

For example, after establishing a TLS session using gnutls_handshake, you can obtain 32-bytes to be used as key, using this call:

#define MYLABEL "EXPORTER-My-protocol-name"
#define MYCONTEXT "my-protocol's-1st-session"

char out[32];
rc = gnutls_prf (session, sizeof(MYLABEL)-1, MYLABEL, 0,
                 sizeof(MYCONTEXT)-1, MYCONTEXT, 32, out);

The output key depends on TLS’ master secret, and is the same on both client and server.

If you don’t want to use the RFC5705 interface and not mix in the client and server random nonces, there is a low-level TLS PRF interface called gnutls_prf_raw.