Does sec_protocol_metadata_create_secret implement RFC 5705?

Based on the sec_protocol_metadata_create_secret() and sec_protocol_metadata_create_secret_with_context() parameters, it seems like these functions might implement RFC 5705, but there's very little documentation for these functions. Can someone confirm whether or not these functions implement RFC 5705 https://tools.ietf.org/html/rfc5705?


Thank you.

Up vote post of neiljac Down vote post of neiljac
668 views
Posted by
neiljac
Reply
Add a Comment

Replies

More information on how sec_protocol_metadata_create_secret_with_context and sec_protocol_metadata_create_secret work can be found in the TLS 1.3 specification, section 7.5, with references to RFC5705. I would recommending section 7.5 for more information on implementation.

Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment
I just did some experiments, with Network Framework on the client side, OpenSSL on the server side.

I compared the output from 
Code Block 
sec_protocol_metadata_create_secret()

and
Code Block 
SSL_export_keying_material()

Outputs are the same in TLS 1.3 but different in TLS 1.2.

I guess sec_protocol_metadata_create_secret might uses the TLS 1.3 key deriving function even in TLS 1.2. But I can't prove it.
If that's true, the function is just useless unless your implementation is TLS 1.3 only.

I wish someone can tell me I am wrong...
Posted by ForumsContributor
Up vote reply of Down vote reply of
Add a Comment

If you find that you hit a wall here, I would recommend opening a TSI so I can look at your situation more in-depth. Make sure to reference this thread if you do end up opening a TSI.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment