Once the SecureChannel is established the Messages are signed and encrypted with keys derived from the Nonces exchanged in the OpenSecureChannel call. These keys are derived by passing the Nonces to a pseudo-random function (PRF) which produces a sequence of bytes from a set of inputs. A pseudo-random function is represented by the following function declaration:

Byte[] PRF(

Byte[] secret,

Byte[] seed,

Int32 length,

Int32 offset)

Where length is the number of bytes to return and offset is a number of bytes from the beginning of the sequence.

The lengths of the keys that need to be generated depend on the SecurityPolicy used for the channel. The following information is specified by the SecurityPolicy:

  1. SigningKeyLength (from the DerivedSignatureKeyLength);
  2. EncryptingKeyLength (implied by the SymmetricEncryptionAlgorithm);
  3. IntializationVectorLength (from by the IntializationVectorLength).

The pseudo random function requires a secret and a seed. These values are derived from the Nonces exchanged in the OpenSecureChannel request and response. Table 61 specifies how to derive the secrets and seeds when using RSA based SecurityPolicies.

Table 61 – PRF inputs for RSA based SecurityPolicies

Name

Derivation

ClientSecret

The value of the ClientNonce provided in the OpenSecureChannel request.

ClientSeed

The value of the ClientNonce provided in the OpenSecureChannel request.

ServerSecret

The value of the ServerNonce provided in the OpenSecureChannel response.

ServerSeed

The value of the ServerNonce provided in the OpenSecureChannel response.

The parameters passed to the pseudo random function are specified in Table 62.

Table 62 – Cryptography key generation parameters

Key

Secret

Seed

Length

Offset

ClientSigningKey

ServerSecret

ClientSeed

SigningKeyLength

0

ClientEncryptingKey

ServerSecret

ClientSeed

EncryptingKeyLength

SigningKeyLength

ClientInitializationVector

ServerSecret

ClientSeed

IntializationVectorLength

SigningKeyLength+EncryptingKeyLength

ServerSigningKey

ClientSecret

ServerSeed

SigningKeyLength

0

ServerEncryptingKey

ClientSecret

ServerSeed

EncryptingKeyLength

SigningKeyLength

ServerInitializationVector

ClientSecret

ServerSeed

IntializationVectorLength

SigningKeyLength+EncryptingKeyLength

The Client keys are used to secure Messages sent by the Client. The Server keys are used to secure Messages sent by the Server.

The TLS specification defines a pseudo random function called P_HASH which is used for this purpose. The function is iterated until it produces enough data for all of the required keys. The Offset in Table 62 references to the offset from the start of the generated data.

The P_ hash algorithm is defined as follows:

P_HASH(secret, seed) = HMAC_HASH(secret, A(1) + seed) +

HMAC_HASH(secret, A(2) + seed) +

HMAC_HASH(secret, A(3) + seed) + ...

Where A(n) is defined as:

A(0) = seed

A(n) = HMAC_HASH(secret, A(n-1))

+ indicates that the results are appended to previous results.

Where ‘HASH’ is a hash function such as SHA256. The hash function to use depends on the SecurityPolicyUri.