Intel EP80579 User Manual
Security Software—Using the Intel
®
QuickAssist Technology Cryptographic API
Intel
®
EP80579 Software for Security Applications on Intel
®
QuickAssist Technology
PG
August 2009
70
Order Number: 320183-004US
5. Completion of the operation, see
Note:
The API for TLS key operations is based on the TLS 1.1 standard (RFC 4346). Backward
compatibility is supported with the legacy TLS 1.0 standard (RFC 2246). The user-
defined label should be used for backward compatibility with the client write key, server
write key, and iv block. See the Cryptographic API for details of populating
CpaCyKeyGenTlsOpData, the operation data structure. Below are some examples of the
parameter mapping to the Cryptographic API.
12.8.2.6.1
Setting CpaCyKeyGenTlsOpData Structure Fields
In RFC 4346, Section 6.3 ‘key_block’ is described as:
key_block = PRF(SecurityParameters.master_secret,
"key expansion",
SecurityParameters.server_random +
SecurityParameters.client_random);
This maps to the Cryptographic API's CpaCyKeyGenTlsOpData as follows:
TLS Key-Material Derivation:
tlsOp = CPA_CY_KEY_TLS_OP_KEY_MATERIAL_DERIVE
secret = master secret key
seed = server_random + client_random
userLabel = NULL
12.8.2.6.2
Setting CpaCyKeyGenTlsOpData Structure Fields for backward compatibility
1. In RFC 2246, Section 6.3 ‘final_client_write_key’ is described as:
final_client_write_key = PRF(client_write_key,
"client write key",
client_random +
server_random)[0..15]
This maps to the Cryptographic API’s CpaCyKeyGenTlsOpData as follows:
TLS User Defined Derivation:
tlsOp = CPA_CY_KEY_TLS_OP_USER_DEFINED
secret = client_write_key
seed = client_random + server_random
userLabel = "client write key"
2. In RFC 2246, Section 6.3 ‘final_server_write_key’ is described as:
final_client_write_key = PRF(server_write_key,
"server write key",
client_random +