[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
7.8 Keying Material Exporters
The TLS PRF can be used by other protocols to derive data. The API to
use is gnutls_prf. The function needs to be provided with the
label in the parameter label
, and the extra data to mix in the
extra
parameter. Depending on whether you want to mix in the
client or server random data first, you can set the
server_random_first
parameter.
For example, after establishing a TLS session using gnutls_handshake, you can invoke the TLS PRF with this call:
#define MYLABEL "EXPORTER-FOO" #define MYCONTEXT "some context data" char out[32]; rc = gnutls_prf (session, strlen (MYLABEL), MYLABEL, 0, strlen (MYCONTEXT), MYCONTEXT, 32, out); |
If you don't want to mix in the client/server random, there is a more low-level TLS PRF interface called gnutls_prf_raw.