diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-12-08 11:14:58 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-12-08 11:14:58 +0100 |
| commit | e59a3d4b166cf6773e6c2f425a0f03bf44006d08 (patch) | |
| tree | f535f8c0709eb4212cc93b2ffd017f3b92a810f1 | |
| parent | ee1740e38db69c6353f6b13beed894c15ce1b5d1 (diff) | |
| download | gnutls-303-provide-a-consistent-set-of-default-ciphers-across-supported-protocols.tar.gz | |
doc: reference gnutls_prf_rfc5705 instead of gnutls_prf303-provide-a-consistent-set-of-default-ciphers-across-supported-protocols
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | doc/cha-gtls-app.texi | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 99bda239b8..b30c3e2d89 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1791,12 +1791,11 @@ to derive keys to be used in another application or protocol (e.g., in an other TLS session using pre-shared keys). The following describe GnuTLS' implementation of RFC5705 to extract keys based on a session's master secret. -The API to use is @funcref{gnutls_prf}. The +The API to use is @funcref{gnutls_prf_rfc5705}. The function needs to be provided with a label, -and additional context data to mix in the @code{extra} parameter. -Moreover, the API allows to switch the mix of the -client and server random nonces, using the @code{server_random_first} parameter. -In typical uses you don't need it, so a zero value should be provided in @code{server_random_first}. +and additional context data to mix in the @code{context} parameter. + +@showfuncdesc{gnutls_prf_rfc5705} For example, after establishing a TLS session using @funcref{gnutls_handshake}, you can obtain 32-bytes to be used as key, using this call: @@ -1806,15 +1805,19 @@ For example, after establishing a TLS session using #define MYCONTEXT "my-protocol's-1st-session" char out[32]; -rc = gnutls_prf (session, sizeof(MYLABEL)-1, MYLABEL, 0, - sizeof(MYCONTEXT)-1, MYCONTEXT, 32, out); +rc = gnutls_prf_rfc5705 (session, sizeof(MYLABEL)-1, MYLABEL, + sizeof(MYCONTEXT)-1, MYCONTEXT, 32, out); @end example The output key depends on TLS' master secret, and is the same on both client and server. -If you don't want to use the RFC5705 interface and not mix in the client and server random -nonces, there is a low-level TLS PRF interface called @funcref{gnutls_prf_raw}. +For legacy applications which need to use a more flexible API, there is +@funcref{gnutls_prf}, which in addition, allows to switch the mix of the +client and server random nonces, using the @code{server_random_first} parameter. +For additional flexibility and low-level access to the TLS1.2 PRF, +there is a low-level TLS PRF interface called @funcref{gnutls_prf_raw}. +That however is not functional under newer protocol versions. @node Channel Bindings @subsection Channel bindings |