-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This seems to be a typo.
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2793,13 +2793,14 @@ of S-IMCK is as follows: | |
~~~~ | ||
S-IMCK[0] = session_key_seed | ||
For j = 1 to n-1 do | ||
IMCK[j] = TLS-PRF(S-IMCK[j-1], "Inner Methods Compound Keys", | ||
IMCK[j] = TLS-PRF(S-IMCK[j-1], | ||
"Inner Methods Compound Keys" \|\| | ||
IMSK[j], 60) | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
jsalowey
Contributor
|
||
S-IMCK[j] = first 40 octets of IMCK[j] | ||
CMK[j] = last 20 octets of IMCK[j] | ||
~~~~ | ||
|
||
where TLS-PRF is the PRF negotiated as part of TLS handshake | ||
where "\||" denotes concatenation, and TLS-PRF is the PRF negotiated as part of TLS handshake | ||
{{RFC5246}}. | ||
|
||
## Computing the Compound MAC {#computing-compound-mac} | ||
|
The
60
is necessary and correct as it describes the length to pull from the TLS-PRF function; especially important for TLSv1.3 as every byte changes as the length requested changes.Not helping has been the other typos around the use of the TLS-PRF function may lead the reader to believe it may be an octet to concatenate instead.
The definition is
TLS-PRF(<key>, <seed> + <label>)
we can elude thatlength
becomes the final argument.So what we want is as shown above: