Anthony Nadalin
2016-04-09 22:10:31 UTC
At the informal Token Binding meeting we had a discussion of Java servers supporting TB, the support would have to come out of JSSE, kere is the analysis on what it would take to change JSSE
Implementing 5705 itself, would not take too long and appears to be pretty straightforward. The EKM is created by using the same PRF function as the creating of the key material from the TLS Master secret.
In TLS,
To generate the key material, compute
key_block = PRF(SecurityParameters.master_secret,
"key expansion",
SecurityParameters.server_random +
SecurityParameters.client_random);
For EKM,
If no context is provided, it then computes:
PRF(SecurityParameters.master_secret, label,
SecurityParameters.client_random +
SecurityParameters.server_random
)[length]
If context is provided, it computes:
PRF(SecurityParameters.master_secret, label,
SecurityParameters.client_random +
SecurityParameters.server_random +
context_value_length + context_value
)[length]
As it states in the RFC: "The issue is the designing a secure mechanism that uses exporters is not necessarily straightforward. This document only provides the exporter mechanism, but the problem of agreeing on the surrounding context and the meaning of the information passed to and from the exporter remains. Any new uses of the exporter mechanism should be subject to careful review."
Implementing 5705 itself, would not take too long and appears to be pretty straightforward. The EKM is created by using the same PRF function as the creating of the key material from the TLS Master secret.
In TLS,
To generate the key material, compute
key_block = PRF(SecurityParameters.master_secret,
"key expansion",
SecurityParameters.server_random +
SecurityParameters.client_random);
For EKM,
If no context is provided, it then computes:
PRF(SecurityParameters.master_secret, label,
SecurityParameters.client_random +
SecurityParameters.server_random
)[length]
If context is provided, it computes:
PRF(SecurityParameters.master_secret, label,
SecurityParameters.client_random +
SecurityParameters.server_random +
context_value_length + context_value
)[length]
As it states in the RFC: "The issue is the designing a secure mechanism that uses exporters is not necessarily straightforward. This document only provides the exporter mechanism, but the problem of agreeing on the surrounding context and the meaning of the information passed to and from the exporter remains. Any new uses of the exporter mechanism should be subject to careful review."