Closed Bug 1529813 Opened 5 years ago Closed 5 years ago

Expose HKDF functions for QUIC

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mt, Assigned: mt)

References

Details

Attachments

(2 files)

Bug 1529813 - Expose HKDF-Expand-Label, r?ekr
47 bytes, text/x-phabricator-request
Details | Review
Bug 1529813 - Expose Hkdf-Expand-Label with mechanism, r?ekr
47 bytes, text/x-phabricator-request
Details | Review

QUIC needs HKDF-Extract. It also needs to do DeriveSecret (not the more general form of HKDF-Expand-Label). Exposing functions that take a version and ciphersuite as input rather than CK_MECHANISM_TYPE and SSLHashType would be advisable.

See Also: → 1528175

https://hg.mozilla.org/projects/nss/rev/a5f74f7c1d73390d724b40d2a7b5da7605d5fc12

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.43

I forgot about packet number encryption. This will help with that.

I decided to replace DeriveSecret with this. No point in having that when you have this.

It turns out that leaf keys sometimes need to be exposed with different
mechanisms and sizes. The default function provides something good enough for
use with the AEAD functions that were exposed, but if you want to use the key
directly, that isn't enough. So here we are: new arguments for specifying the
mechanism and key size are needed.

Reopening. Should be able to re-close this very soon.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

trunk: https://hg.mozilla.org/projects/nss/rev/03d7bcade60aa49fa7561215c83c176d0709b200
3.43 branch: https://hg.mozilla.org/projects/nss/rev/cf30a49bf53e6ae06a55c4ed63302c893c072b74

Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: