4

I understand that a cipher suite should contain the MAC algorithm at the end.

So ECDHE-RSA-AES128-SHA256 should use SHA256 in HMAC for the MAC.

But what about the PRF? From the RFC this is what I understand: new cipher suites need to include the PRF at the end. The only "new" cipher suites I can think of is AES-GCM: ECDHE-ECDSA-AES128-GCM-SHA256 and here if I understand correctly, since no MAC is used SHA256 refers to the PRF p_SHA256?

I'm confused

David 天宇 Wong
  • 1,535
  • 11
  • 26

1 Answers1

4

HMAC is the underlying primitive used to construct the PRF. The cryptographic hash is used to construct the HMAC.

It is (at least) used to derive the session keys. The only thing that changes is that records that transport the data do not rely on the HMAC function anymore.

The PRF (and therefore the underlying HMAC) has one configuration parameter: the underlying hash function. This is what is specified at the end of the ciphersuite.

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
  • 1
    ah I see, so if I see 256, it is used as HMAC_256 for both the HMAC and the HMAC in the PRF. Except for AEAD ciphers where it is only used in the PRF. – David 天宇 Wong Mar 07 '16 at 20:02
  • 1
    Yes, although there is no such thing as HMAC_256. There is only HMAC_SHA256. HMAC requires a specific hash (you could for instance also construct HMAC_SHA3_256 although the HMAC construction isn't really required for SHA-3. In other words, the hash is the configuration parameter, not the output size. – Maarten Bodewes Mar 07 '16 at 20:43