Aller au contenu principal

3. Bootstrapping in TLS 1.3

TLS-POK utilise certificate-based authentication avec un EPSK. L EPSK est derive du BSK public key et importe avec RFC 9258. Le client presente le BSK comme raw public key et s authentifie avec ECDSA.

3.1. EPSK Derivation

epskid = HKDF-Expand(HKDF-Extract(<>, Base Key),
"tls13-bspsk-identity", L)
where:
- epskid is the EPSK External Identity
- Base Key is the DER-encoded ASN.1 subjectPublicKeyInfo
representation of the BSK public key
- L equals 32, the length in octets of the SHA-256 output
- <> is a NULL salt, which is a string of L zeros
struct {
opaque external_identity<1...2^16-1>;
opaque context<0..2^16-1>;
uint16 target_protocol;
uint16 target_kdf;
} ImportedIdentity;

external_identity = epskid, context = "tls13-bsk", target_protocol = TLS1.3(0x0304), target_kdf follows RFC 9258. The context value MUST be "tls13-bsk".

3.2. TLS 1.3 Handshake Details

ClientHello includes "tls_cert_with_extern_psk" and "client_certificate_type" with RawPublicKey. Server MUST send CertificateRequest. Client MUST NOT share the BSK public key before ServerHello processing and TLS key schedule verification. Server MUST verify that Certificate public key matches the BSK public key.

Client                                            Server
-------- --------
ClientHello
+ cert_with_extern_psk
+ client_cert_type=RawPublicKey
+ key_share
+ pre_shared_key -------->
ServerHello
+ cert_with_extern_psk
+ client_cert_type=RawPublicKey
+ key_share
+ pre_shared_key
{EncryptedExtensions}
{CertificateRequest}
{Certificate}
{CertificateVerify}
<-------- {Finished}
{Certificate}
{CertificateVerify}
{Finished} -------->