PKCS #11 interface for HKDF to support TLS 1.3 (S31a)
When implementing TLS 1.3 using a straightforward design for an HKDF interface in NSS, presenters ran into a number of issues that needed to be solved, particularly when running in FIPS mode. This presentation will cover those issues and how they were solved in the new HKDF interface for PKCS #11 3.0.