RE: crypto-ISSUE-22: Should CryptoOperations be clonable [Web Cryptography API]

BCryptDuplicateHash supports SSL/TLS. It also supports other protocols which produce signatures over packets, with many packets (e.g. all packets in a specific session) sharing a common header.

CNG also has BCryptDuplicateKey. When called on a symmetric key object, this duplicates key expansion and chaining state.

All that said, I am not sure if this facility is truly required in a v1 WebCrypto API.

-----Original Message-----
From: Wan-Teh Chang [] 
Sent: Thursday, August 23, 2012 5:09 PM
To: David Dahl
Cc: Ryan Sleevi; Web Cryptography Working Group
Subject: Re: crypto-ISSUE-22: Should CryptoOperations be clonable [Web Cryptography API]

In NSS, cloning of a crypto operation is only used in the SSL/TLS protocol and only used for the handshake hashes:,3704,3731-3732#3694

In SSL/TLS, the handshake hashes are used in the Finished message, but if client authentication is used, the handshake hashes are also used in the CertificateVerify message.

A function for cloning a hash operation is also present in Windows
CNG: BCryptDuplicateHash

I suspect BCryptDuplicateHash (and its predecessor CryptDuplicateHash) was also added to support SSL/TLS.

This is the only use of cloning I know of.

If no one else comes forward with a use case or a use of cloning in some other protocol, then it doesn't seem necessary to support cloning CryptoOperations.


Received on Monday, 27 August 2012 10:00:58 UTC