Does SChannel support key update requests for TLS v1.3?

Question

How can I request a key update on a TLS v1.3 connection implemented with Win32's SChannel?

In other words, what is the Win32 function that provides similar functionality as SSL_key_update() in OpenSSL?

I did not find any useful information in the Win32 documentation. It seems to suggest that InitializeSecurityContext() (client side) or AcceptSecurityContext() (server side) may provide this functionality, but when I call this with the current security context as suggested in Renegotiating an Schannel Connection, I get SEC_E_OK but no data is returned that I could send to the other side. And I see no flag/parameter where I could specify the update type, as in SSL_key_update.

Didn't `InitializeSecurityContext` (client side) or `AcceptSecurityContext` (server side) return *phNewContext*? — YangXiaoPo-MSFT, Jun 23 '22 at 02:30
No. I pass the same pointer to phContext and phNewContext and it is unchanged. — Andreas Mueller, Jun 23 '22 at 06:24
Is it still unchanged with [a new credential *phCredential* and optional *fContextReq*](https://learn.microsoft.com/en-us/windows/win32/secauthn/renegotiating-an-schannel-connection)? — YangXiaoPo-MSFT, Jun 23 '22 at 07:12
I provide the same phCredential as for the initial handshake. The output buffer is set to NULL/0. The question is: Is this the correct way to request a TLS v1.3 key update and if yes, which parameters are necessary in this situation, and where is this documented? — Andreas Mueller, Jun 23 '22 at 07:55

score 0 · Answer 1 · answered Jun 23 '22 at 08:31

0

NO. If providing the same phCredential as for the initial handshake, What do you want to update? As Renegotiating an Schannel Connection you attached said,

Update credentials if applicable and/or context attributes.
EncryptMessage the generated PSecBufferDesc pOutput.
Send the Encrypted data to the other side.
the other side DecryptMessage which return SEC_I_RENEGOTIATE the data.
the other side return to the negotiation loop and call AcceptSecurityContext (Schannel) or InitializeSecurityContext (Schannel), pass SECBUFFER_EXTRA returned from DecryptMessage()

answered Jun 23 '22 at 08:31

YangXiaoPo-MSFT

1,589
1
4
22

What I want is to update the key and initialization vector of the sending stream and request the same from the other side for the other direction, as described here: https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.3 . Does this really require new credentials? – Andreas Mueller Jun 23 '22 at 09:10
NO. You just need to update the **necessary** context attributes. – YangXiaoPo-MSFT Jun 23 '22 at 09:38
Which context attributes must be updated to request the key update? – Andreas Mueller Jun 23 '22 at 11:57
Consider [`(A/I)SC_REQ_USE_SESSION_KEY`](https://learn.microsoft.com/en-us/windows/win32/secauthn/context-requirements)? – YangXiaoPo-MSFT Jun 24 '22 at 01:27
No, it does not trigger a key update. I get SEC_E_OK and no data that I should send to the server side. – Andreas Mueller Jun 27 '22 at 07:05

Does SChannel support key update requests for TLS v1.3?

1 Answers1