Once the SecureChannel is established the Messages are signed and encrypted with keys derived from the Nonces exchanged in the OpenSecureChannel call. These keys are derived by passing the Nonces to a pseudo-random function (PRF) which produces a sequence of bytes from a set of inputs. A pseudo-random function is represented by the following function declaration:
Byte PRF( Byte secret, Byte seed, Int32 length, Int32 offset)
Where length is the number of bytes to return and offset is a number of bytes from the beginning of the sequence.
The lengths of the keys that need to be generated depend on the SecurityPolicy used for the channel. The following information is specified by the SecurityPolicy:
- SigningKeyLength (from the DerivedSignatureKeyLength);
- EncryptingKeyLength (implied by the SymmetricEncryptionAlgorithm);
- IntializationVectorLength (from by the IntializationVectorLength).
The pseudo random function requires a secret and a seed. These values are derived from the Nonces exchanged in the OpenSecureChannel request and response. Table 58 specifies how to derive the secrets and seeds when using RSA based SecurityPolicies.
Table 58 – PRF inputs for RSA based SecurityPolicies
|ClientSecret||The value of the ClientNonce provided in the OpenSecureChannel request.|
|ClientSeed||The value of the ClientNonce provided in the OpenSecureChannel request.|
|ServerSecret||The value of the ServerNonce provided in the OpenSecureChannel response.|
|ServerSeed||The value of the ServerNonce provided in the OpenSecureChannel response.|
The parameters passed to the pseudo random function are specified in Table 59.
Table 59 – Cryptography key generation parameters
The Client keys are used to secure Messages sent by the Client. The Server keys are used to secure Messages sent by the Server.
The SSL/TLS specification defines a pseudo random function called P_HASH which is used for this purpose. The function is iterated until it produces enough data for all of the required keys. The Offset in Table 59 references to the offset from the start of the generated data.
The P_ hash algorithm is defined as follows:
P_HASH(secret, seed) = HMAC_HASH(secret, A(1) + seed) + HMAC_HASH(secret, A(2) + seed) + HMAC_HASH(secret, A(3) + seed) + ... Where A(n) is defined as: A(0) = seed A(n) = HMAC_HASH(secret, A(n-1)) + indicates that the results are appended to previous results.
Where ‘HASH’ is a hash function such as SHA256. The hash function to use depends on the SecurityPolicyUri.