[TLS] Derive-Secret(foo, "bar", "")
Ilari Liusvaara <ilariliusvaara@welho.com> Tue, 21 March 2017 09:45 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5D6C12947D for <tls@ietfa.amsl.com>; Tue, 21 Mar 2017 02:45:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g5DIgJSsmUC7 for <tls@ietfa.amsl.com>; Tue, 21 Mar 2017 02:45:33 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) by ietfa.amsl.com (Postfix) with ESMTP id 9A6671294CE for <tls@ietf.org>; Tue, 21 Mar 2017 02:45:33 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id 32B921F63C for <tls@ietf.org>; Tue, 21 Mar 2017 11:45:31 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id 9zFd47GS-twA for <tls@ietf.org>; Tue, 21 Mar 2017 11:45:31 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-51-204.bb.dnainternet.fi [87.92.51.204]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id 082A421C for <tls@ietf.org>; Tue, 21 Mar 2017 11:45:31 +0200 (EET)
Date: Tue, 21 Mar 2017 11:45:30 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: tls@ietf.org
Message-ID: <20170321094530.GA493@LK-Perkele-V2.elisa-laajakaista.fi>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1KXerIAeaa_aRXCv0AKdoCMUJ4E>
Subject: [TLS] Derive-Secret(foo, "bar", "")
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 09:45:36 -0000
What is the correct HkdfLabel for Derive-Secret(foo, "bar", "") in TLS 1.3 draft-19? I ask, because I ran into interop problems because of this, between my implementation and OpenSSL, and I traced it to this. Let's assume PRF-hash is SHA256 (32 bytes output) I interpret the spec so that the HkdfLabel is: 00 20 0C "TLS 1.3, bar" 00 That is, 32 bytes output, 12 byte raw label "TLS 1.3, bar" and 0 byte context. OpenSSL seems to interpret it as: 00 20 0C "TLS 1.3, bar" 20 e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 Where the e3b0c442... bit is the SHA-256 hash of empty string. That is, 32 bytes output, 12 byte raw label "TLS 1.3, bar" and 32 byte context, holding SHA-256 of empty input. Which is correct? Or neither? -Ilari
- [TLS] Derive-Secret(foo, "bar", "") Ilari Liusvaara
- Re: [TLS] Derive-Secret(foo, "bar", "") Eric Rescorla
- Re: [TLS] Derive-Secret(foo, "bar", "") Ilari Liusvaara