The RFC gives the formula
PRF(secret, label, seed) = P_MD5(S1, label + seed) XOR
P_SHA-1(S2, label + seed);
for doing this.P_hash in turn has the following formula:
P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
HMAC_hash(secret, A(2) + seed) +
HMAC_hash(secret, A(3) + seed) + ...
The RFC also says
P_hash can be iterated as many times as is necessary to produce the required quantity of data. For example, if P_SHA-1 was being used to create 64 bytes of data, it would have to be iterated 4 times (through A(4)), creating 80 bytes of output data; the last 16 bytes of the final iteration would then be discarded, leaving 64 bytes of output data.
I find "P_hash can be iterated as many times as is necessary to produce the required quantity of data" confusing.Just how many times is necessary?Is there a threshold after which it doesn't matter how much it is? If so, what is this threshold?
I'm pretty sure that in TLS 1.0, the premaster secret and the master secret are always 48bytes long, but then when you create your key block further down the line, it can be longer than 48 bytes. ie if your cipher uses sha1 and aes256, you will need 136 bytes.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.