How to offload TLS 1.2 key derivation to HSE via pkcs11-provider (and role of OP-TEE)?

[ashwiniprabhug]

Hello,

I’m working on a setup where I need to offload TLS 1.2 key derivation to the HSE (Hardware Security Engine) using pkcs11-provider.

I have a few questions around this:

How can I offload the key derivation process for TLS 1.2 to HSE via pkcs11-provider?

    Which APIs/mechanisms should I use?

    Is there native support for key derivation (e.g., PRF/HKDF) through the provider?

What is the role of OP-TEE in this flow?

    Does OP-TEE need to act as the PKCS#11 middleware, or can pkcs11-provider talk to HSE directly?

    How do I configure the trusted applications (TAs) if OP-TEE is required?

What configurations are needed?

    Provider configuration in OpenSSL

    PKCS#11 module or slot configuration for HSE

    Any specific settings for TLS 1.2 key material derivation

I’m essentially trying to ensure that all key material never leaves HSE, and the TLS handshake key derivation steps are entirely offloaded.

Any guidance, examples, or configuration pointers would be greatly appreciated.

Thanks!

[simo5]

TLS 1.2 does not use HKDF, it uses a TLS 1 specific set of derivations.
pkcs11-provider currently only support HKDF and TLS1.3 for offloading.

[ashwiniprabhug]

Thank you so much for the reply. What if i need TLS 1.2 to be offloaded to pkcs11 is ther no possible way out?

…

________________________________ From: Simo Sorce ***@***.***> Sent: Wednesday, July 30, 2025 3:27 PM To: latchset/pkcs11-provider ***@***.***> Cc: Ashwini G ***@***.***>; Author ***@***.***> Subject: Re: [latchset/pkcs11-provider] How to offload TLS 1.2 key derivation to HSE via pkcs11-provider (and role of OP-TEE)? (Discussion #601) TLS 1.2 does not use HKDF, it uses a TLS 1 specific set of derivations. pkcs11-provider currently only support HKDF and TLS1.3 for offloading. — Reply to this email directly, view it on GitHub<#601 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BIRRITGWMYPGN3QTQDBKFBT3LCJHBAVCNFSM6AAAAACCQI5OBCVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGOJTGI3TIMY>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[simo5]

Requires developing the missing code

[ashwiniprabhug]

Could you show me an example demo where TLS 1.3 communication is offloaded to pkcs11?

…

________________________________ From: Simo Sorce ***@***.***> Sent: Wednesday, July 30, 2025 3:27 PM To: latchset/pkcs11-provider ***@***.***> Cc: Ashwini G ***@***.***>; Author ***@***.***> Subject: Re: [latchset/pkcs11-provider] How to offload TLS 1.2 key derivation to HSE via pkcs11-provider (and role of OP-TEE)? (Discussion #601) TLS 1.2 does not use HKDF, it uses a TLS 1 specific set of derivations. pkcs11-provider currently only support HKDF and TLS1.3 for offloading. — Reply to this email directly, view it on GitHub<#601 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BIRRITGWMYPGN3QTQDBKFBT3LCJHBAVCNFSM6AAAAACCQI5OBCVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGOJTGI3TIMY>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[simo5]

sorry it is not that simple, you need to know how openssl internal works, and once you do you'll already know how to answer your own question

[ashwiniprabhug]

In TLS 1.2 using the cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, when offloading AES-GCM operations to a hardware security engine on the client side, does the TLS stack provide the IV, authentication tag to the HSM, or must the client explicitly generate/provide these values? Specifically, how are the IV (nonce), and GCM tag derived or passed to the crypto hardware during record encryption/decryption?

…

________________________________ From: Simo Sorce ***@***.***> Sent: Wednesday, July 30, 2025 6:33 PM To: latchset/pkcs11-provider ***@***.***> Cc: Ashwini G ***@***.***>; Author ***@***.***> Subject: Re: [latchset/pkcs11-provider] How to offload TLS 1.2 key derivation to HSE via pkcs11-provider (and role of OP-TEE)? (Discussion #601) sorry it is not that simple, you need to know how openssl internal works, and once you do you'll already know how to answer your own question — Reply to this email directly, view it on GitHub<#601 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/BIRRITBHIWD4KK3V6NL7TFT3LC7B7AVCNFSM6AAAAACCQI5OBCVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGOJTGQ2DSNI>. You are receiving this because you authored the thread.Message ID: ***@***.***>