Cryptographic Token Interface Standard


TLS PRF (pseudorandom function)

PRF (pseudo random function) in TLS, denoted CKM_TLS_PRF, is a mechanism used to produce a securely generated pseudo-random output of arbitrary length. The keys it uses are generic secret keys.

It has a parameter, a CK_TLS_PRF_PARAMS structure, which allows for the passing of the input seed and its length, the passing of an identifying label and its length and the passing of the length of the output to the token and for receiving the output.

This mechanism produces securely generated pseudo-random output of the length specified in the parameter.

This mechanism departs from the other key derivation mechanisms in Cryptoki in not using the template sent along with this mechanism during a C_DeriveKey function call, which means the template shall be a NULL_PTR. For most key-derivation mechanisms, C_DeriveKey returns a single key handle as a result of a successful completion. However, since the CKM_TLS_PRF mechanism returns the requested number of output bytes in the CK_TLS_PRF_PARAMS structure specified as the mechanism parameter, the parameter phKey passed to C_DeriveKey is unnecessary, and should be a NULL_PTR.

If a call to C_DeriveKey with this mechanism fails, then no output will be generated.

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v220