Re: [TLS] HSM-friendly Key Computation

Ilari Liusvaara <> Fri, 17 April 2015 20:00 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C9EEE1B3021 for <>; Fri, 17 Apr 2015 13:00:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.301
X-Spam-Status: No, score=-1.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_32=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1L32pGrG05qX for <>; Fri, 17 Apr 2015 13:00:04 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C02EA1B3019 for <>; Fri, 17 Apr 2015 13:00:03 -0700 (PDT)
Received: from LK-Perkele-VII ( []) by (Postfix) with ESMTP id 116D19008F; Fri, 17 Apr 2015 23:00:00 +0300 (EEST)
Date: Fri, 17 Apr 2015 23:00:00 +0300
From: Ilari Liusvaara <>
To: Russ Housley <>
Message-ID: <20150417200000.GA6274@LK-Perkele-VII>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <>
Archived-At: <>
Subject: Re: [TLS] HSM-friendly Key Computation
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 17 Apr 2015 20:00:06 -0000

On Fri, Apr 17, 2015 at 02:59:30PM -0400, Russ Housley wrote:
> Section 6.3 of draft-ietf-tls-tls13-05 describes the key calculation from the current master secret (MS).  First a key block is computed:
>       key_block = PRF(MS,
>                       "key expansion",
>                       SecurityParameters.server_random +
>                       SecurityParameters.client_random);
> Then, the key block is divided into keys and IVs:
>       client_write_key[SecurityParameters.enc_key_length]
>       server_write_key[SecurityParameters.enc_key_length]
>       client_write_IV[SecurityParameters.fixed_iv_length]
>       server_write_IV[SecurityParameters.fixed_iv_length]
> If one wants to implement the cryptographic functions in a Hardware
> Security Module (HSM), this structure is far from ideal.  In general
> I would expect the client_write_key and server_write_key to stay
> inside the protected boundary of the HSM, but the client_write_IV
> and server_write_IV do not need this protection.  Both of these
> coming from the same key_block makes this separation very difficult
> to implement.

While if the encryption algorithm is strong, there is no real
difference between public and private nonces (if algorithm is not
strong, then all bets are off), having untrusted parts pick nonces
with non-MR AE (especially something so hair trigger as AES-GCM)
seems like asking for trouble.

> Can we get these values from different invocations of the PRF?
> I'd like to see one invocation for values that are expected to
> remain secret and a separate invocation for values that do not
> need to remain secret.

That would certainly work. Note that to implement full TLS, one
already needs to derive "public" values out of "private" ones.

On another thought, TLS library authors might not appreciate
key expansion being changed (nor KDF changes)...