[ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
7.10.3 Keying material exporters
The TLS PRF can be used by other protocols to derive keys based on
the TLS master secret. The API to use is gnutls_prf. The
function needs to be provided with the label in the parameter
label
, and the extra data to mix in the
extra
parameter. Depending on whether you want to mix in the
client or server random data first, you can set the
server_random_first
parameter.
For example, after establishing a TLS session using gnutls_handshake, you can invoke the TLS PRF with this call:
#define MYLABEL "EXPORTER-FOO" #define MYCONTEXT "some context data" char out[32]; rc = gnutls_prf (session, strlen (MYLABEL), MYLABEL, 0, strlen (MYCONTEXT), MYCONTEXT, 32, out);
If you don’t want to mix in the client/server random, there is a low-level TLS PRF interface called gnutls_prf_raw.
This document was generated on March 23, 2012 using texi2html 5.0.