| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
7.10.3 Keying material exporters
The TLS PRF can be used by other protocols to derive keys based on
the TLS master secret. The API to use is gnutls_prf. The
function needs to be provided with the label in the parameter
label, and the extra data to mix in the
extra parameter. Depending on whether you want to mix in the
client or server random data first, you can set the
server_random_first parameter.
For example, after establishing a TLS session using gnutls_handshake, you can invoke the TLS PRF with this call:
#define MYLABEL "EXPORTER-FOO"
#define MYCONTEXT "some context data"
char out[32];
rc = gnutls_prf (session, strlen (MYLABEL), MYLABEL, 0,
strlen (MYCONTEXT), MYCONTEXT, 32, out);
If you don’t want to mix in the client/server random, there is a low-level TLS PRF interface called gnutls_prf_raw.
This document was generated on March 23, 2012 using texi2html 5.0.