In several cases, after a TLS connection is established, it is desirable to derive keys to be used in another application or protocol (e.g., in an other TLS session using pre-shared keys). The following describe GnuTLS’ implementation of RFC5705 to extract keys based on a session’s master secret.
The API to use is gnutls_prf. The
function needs to be provided with a label,
and additional context data to mix in the
Moreover, the API allows to switch the mix of the
client and server random nonces, using the
In typical uses you don’t need it, so a zero value should be provided in
For example, after establishing a TLS session using gnutls_handshake, you can obtain 32-bytes to be used as key, using this call:
#define MYLABEL "EXPORTER-My-protocol-name" #define MYCONTEXT "my-protocol's-1st-session" char out; rc = gnutls_prf (session, sizeof(MYLABEL)-1, MYLABEL, 0, sizeof(MYCONTEXT)-1, MYCONTEXT, 32, out);
The output key depends on TLS’ master secret, and is the same on both client and server.
If you don’t want to use the RFC5705 interface and not mix in the client and server random nonces, there is a low-level TLS PRF interface called gnutls_prf_raw.