- From: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
- Date: Mon, 27 Aug 2012 09:59:02 +0000
- To: Wan-Teh Chang <wtc@google.com>, David Dahl <ddahl@mozilla.com>
- CC: Ryan Sleevi <sleevi@google.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
BCryptDuplicateHash supports SSL/TLS. It also supports other protocols which produce signatures over packets, with many packets (e.g. all packets in a specific session) sharing a common header. CNG also has BCryptDuplicateKey. When called on a symmetric key object, this duplicates key expansion and chaining state. All that said, I am not sure if this facility is truly required in a v1 WebCrypto API. -----Original Message----- From: Wan-Teh Chang [mailto:wtc@google.com] Sent: Thursday, August 23, 2012 5:09 PM To: David Dahl Cc: Ryan Sleevi; Web Cryptography Working Group Subject: Re: crypto-ISSUE-22: Should CryptoOperations be clonable [Web Cryptography API] In NSS, cloning of a crypto operation is only used in the SSL/TLS protocol and only used for the handshake hashes: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/ssl3con.c&rev=1.186&mark=3695-3697,3704,3731-3732#3694 In SSL/TLS, the handshake hashes are used in the Finished message, but if client authentication is used, the handshake hashes are also used in the CertificateVerify message. A function for cloning a hash operation is also present in Windows CNG: BCryptDuplicateHash http://msdn.microsoft.com/en-us/library/windows/desktop/aa375413(v=vs.85).aspx I suspect BCryptDuplicateHash (and its predecessor CryptDuplicateHash) was also added to support SSL/TLS. This is the only use of cloning I know of. If no one else comes forward with a use case or a use of cloning in some other protocol, then it doesn't seem necessary to support cloning CryptoOperations. Wan-Teh
Received on Monday, 27 August 2012 10:00:58 UTC