Once the SecureChannelis established the Messagesare signed and encrypted with keys derived from the Noncesexchanged in the OpenSecureChannelcall. These keys are derived by passing the Noncesto a pseudo-random function (PRF) which produces a sequence of bytes from a set of inputs. A pseudo-random function is represented by the following function declaration:

Byte[] PRF(

Byte[] secret,

Byte[] seed,

Int32 length,

Int32 offset)

Where lengthis the number of bytes to return and offsetis a number of bytes from the beginning of the sequence.

The lengths of the keys that need to be generated depend on the SecurityPolicyused for the channel. The following information is specified by the SecurityPolicy:

  1. SigningKeyLength(from the DerivedSignatureKeyLength);
  2. EncryptingKeyLength(implied by the SymmetricEncryptionAlgorithm);
  3. IntializationVectorLength(from by the IntializationVectorLength).

The pseudo random function requires a secret and a seed. These values are derived from the Noncesexchanged in the OpenSecureChannelrequest and response. Table 58specifies how to derive the secrets and seeds when using RSA based SecurityPolicies.

Table 58– PRF inputs for RSA based SecurityPolicies

Name

Derivation

ClientSecret

The value of the ClientNonceprovided in the OpenSecureChannelrequest.

ClientSeed

The value of the ClientNonceprovided in the OpenSecureChannelrequest.

ServerSecret

The value of the ServerNonceprovided in the OpenSecureChannelresponse.

ServerSeed

The value of the ServerNonceprovided in the OpenSecureChannelresponse.

The parameters passed to the pseudo random function are specified in Table 59.

Table 59– Cryptography key generation parameters

Key

Secret

Seed

Length

Offset

ClientSigningKey

ServerSecret

ClientSeed

SigningKeyLength

0

ClientEncryptingKey

ServerSecret

ClientSeed

EncryptingKeyLength

SigningKeyLength

ClientInitializationVector

ServerSecret

ClientSeed

IntializationVectorLength

SigningKeyLength+EncryptingKeyLength

ServerSigningKey

ClientSecret

ServerSeed

SigningKeyLength

0

ServerEncryptingKey

ClientSecret

ServerSeed

EncryptingKeyLength

SigningKeyLength

ServerInitializationVector

ClientSecret

ServerSeed

IntializationVectorLength

SigningKeyLength+EncryptingKeyLength

The Clientkeys are used to secure Messagessent by the Client. The Serverkeys are used to secure Messagessent by the Server.

The SSL/TLSspecification defines a pseudo random function called P_HASH which is used for this purpose. The function is iterated until it produces enough data for all of the required keys. The Offset in Table 59references to the offset from the start of the generated data.

The P_ hash algorithm is defined as follows:

P_HASH(secret, seed) = HMAC_HASH(secret, A(1) + seed) +

HMAC_HASH(secret, A(2) + seed) +

HMAC_HASH(secret, A(3) + seed) + ...

Where A(n) is defined as:

A(0) = seed

A(n) = HMAC_HASH(secret, A(n-1))

+ indicates that the results are appended to previous results.

Where ‘HASH’ is a hash function such as SHA256. The hash function to use depends on the SecurityPolicyUri.