A.1 AEFPSK derivation function

33.1223GPPRelease 17Security aspects of Common API Framework (CAPIF) for 3GPP northbound APIsTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

AEF_PSKkey derivation shall be performed using the key derivation function (KDF) specified in TS 33.220 [8]. This subclause specifies how to construct the input string, S, to the KDF (which is input together with the relevant key).

The FC number space is controlled by TS 33.220 [8].

AEF_PSKshall be derived by the API invoker and the CAPIF core function based on Service API interface information and CAPIF-1e TLS session parameters. Length and format of TLS session parameters used for key derivation are as specified in TLS. Security profiles for TLS implementation and usage shall follow the provisions given in TS 33.310 [2], Annex E.

The following parameters shall be used to form the input S to the KDF.

FC = 0x7A

P0 = Service API interface information

L0 = Length of Service API interface information

P1 = CAPIF-1e TLS session’s Session ID, generated as part of TLS full Handshake.

L1 = Length of TLS Session ID

The input key shall be equal to CAPIF-1e TLS session’s Master Secret.

NOTE: Service API interface information is as specified in TS 23.222 [3].

Annex B (informative):
Security flows