TLS 1.2 PRF

E192650

TLS 1.2 PRF is a pseudorandom function used in the TLS 1.2 protocol to derive cryptographic keying material and verify handshake integrity from shared secrets and handshake data.

All labels observed (1)

Label Occurrences
TLS 1.2 PRF canonical 1

How this entity was disambiguated

Statements (47)

Predicate Object
instanceOf cryptographic primitive
pseudorandom function
A_nDefinition A(1) = HMAC_hash(secret, seed)
A(i) = HMAC_hash(secret, A(i-1)) for i > 1
backwardCompatibleWith TLS 1.0
basedOn HMAC
category key derivation function
construction HMAC-based key derivation function
definedBy TLS 1.2 cipher suite PRF hash
derives IVs
MAC keys
encryption keys
key block
master secret
designGoal backward compatibility with earlier TLS versions
improved cryptographic agility
domain TLS
surface form: Transport Layer Security
improvesOver MD5-SHA1 combined PRF of TLS 1.0
inputIncludes label
secret
seed
introducedIn TLS version 1.2
operatesAt transport layer security protocol level
outputLength arbitrary length
outputType byte string
P_hashDefinition P_hash(secret, seed) = HMAC_hash(secret, A(1) || seed) || HMAC_hash(secret, A(2) || seed) || ...
primaryPurpose handshake integrity verification
key derivation
relevantFor secure channel establishment
replaces TLS 1.0
surface form: TLS 1.0 PRF
securityDependsOn underlying hash function
specifiedAs PRF(secret, label, seed) = P_hash(secret, label || seed)
standardizedIn RFC 5246
supports negotiable hash algorithms
takesAsInput client random
pre-master secret
server random
usedBy TLS 1.2 implementations
usedDuring TLS handshake
TLS session key establishment
usedFor Finished message verification
exporter keying material
usedInProtocol TLS 1.2
usesComponent P_hash function
usesHashFunction SHA-256
SHA-384
other negotiated hash function

How these facts were elicited

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.