// Copyright 2024 The Go Authors. All rights reserved.// Use of this source code is governed by a BSD-style// license that can be found in the LICENSE file.package tls12import ()// PRF implements the TLS 1.2 pseudo-random function, as defined in RFC 5246,// Section 5 and allowed by SP 800-135, Revision 1, Section 4.2.2.func ( func() hash.Hash, []byte, string, []byte, int) []byte { := make([]byte, len()+len())copy(, )copy([len():], ) := make([]byte, )pHash(, , , )return}// pHash implements the P_hash function, as defined in RFC 5246, Section 5.func ( func() hash.Hash, , , []byte) { := hmac.New(, ) .Write() := .Sum(nil)forlen() > 0 { .Reset() .Write() .Write() := .Sum(nil) := copy(, ) = [:] .Reset() .Write() = .Sum(nil) }}constmasterSecretLength = 48constextendedMasterSecretLabel = "extended master secret"// MasterSecret implements the TLS 1.2 extended master secret derivation, as// defined in RFC 7627 and allowed by SP 800-135, Revision 1, Section 4.2.2.func ( func() hash.Hash, , []byte) []byte {// [uTLS SECTION BEGIN] // "The TLS 1.2 KDF is an approved KDF when the following conditions are // satisfied: [...] (3) P_HASH uses either SHA-256, SHA-384 or SHA-512." // h := hash() // switch any(h).(type) { // case *sha256.Digest: // if h.Size() != 32 { // fips140.RecordNonApproved() // } // case *sha512.Digest: // if h.Size() != 46 && h.Size() != 64 { // fips140.RecordNonApproved() // } // default: // fips140.RecordNonApproved() // } // [uTLS SECTION END]returnPRF(, , extendedMasterSecretLabel, , masterSecretLength)}
The pages are generated with Goldsv0.8.4. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds.
