3.1.4.2 Generating Cryptographic Keys

  • Article

This optional interface is applicable only for the SMB 3.x dialect family.

When cryptographic keys are to be generated by processing as specified in sections 3.2.5.3 and 3.3.5.5, the Key Derivation specification in [SP800-108] is used with the following inputs:

  • The key to be used for key derivation.

  • The string to be used as label.

  • The length of the label string.

  • The string to be used as the context.

  • The length of the context string.

The cryptographic keys MUST be generated using the KDF algorithm in Counter Mode, as specified in [SP800-108] section 5.1, with the following values:

  • 'r' value initialized to 32.

  • If Connection.CipherId is AES-128-CCM or AES-128-GCM, 'L' value is initialized to 128. If Connection.CipherId is AES-256-CCM or AES-256-GCM, ā€˜Lā€™ value is initialized to 256.

  • The PRF used in the key derivation MUST be HMAC-SHA256.