[30956] in Kerberos
RE: PRF for des3-cbc-hmac-sha1-kd
daemon@ATHENA.MIT.EDU (Srinivas Cheruku)
Fri Apr 3 00:14:32 2009
X-Barracuda-Envelope-From: srinivas.cheruku@gmail.com
From: "Srinivas Cheruku" <srinivas.cheruku@gmail.com>
To: "'Yukiyo Akisada'" <akisada@tahi.org>
In-Reply-To: <20090401171605.3a7772ae.akisada@tahi.org>
Date: Fri, 3 Apr 2009 09:43:10 +0530
Message-ID: <49d58cd8.0707d00a.7c60.0eff@mx.google.com>
MIME-Version: 1.0
Content-Language: en-in
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
For me, your changes look good.
-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On Behalf
Of Yukiyo Akisada
Sent: 01 April 2009 13:46
To: kerberos@mit.edu
Subject: PRF for des3-cbc-hmac-sha1-kd
Hi, all.
I may misunderstand RFC 3961,
but in my understanding, des3-cbc-hmac-sha1-kd (etype=16) uses
PRF on Simplified Profile as its pseudo-random function.
Now, I want to use PRF function
from Krb5-1.8 perl module which is based on MIT krb5-1.6.3 implementation.
Krb5: <http://search.cpan.org/dist/Krb5/>
But, PRF function for ENCTYPE_DES3_CBC_SHA1 has not be
defined in <krb5-1.6.3/src/lib/crypto/etypes.c>.
Indeed,
I need some modification into Krb5-1.8 to export prf function from
krb5-1.6.3,
but I also need the following modification into krb5-1.6.3.
In this moment,
the following modification matches with my expected behavior,
but I'm not sure whether this modification against krb5-1.6.3 is correct or
not.
Do you have any idea about this?
--- krb5-1.6.3/src/lib/crypto/etypes.c.orig 2009-04-01
17:02:56.000000000 +0900
+++ krb5-1.6.3/src/lib/crypto/etypes.c 2009-04-01 14:42:01.000000000
+0900
@@ -94,26 +94,26 @@
{ ENCTYPE_DES3_CBC_SHA1,
"des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
&krb5int_enc_des3, &krb5int_hash_sha1,
- 8,
+ 16,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
krb5int_dk_string_to_key,
- NULL, /*PRF*/
+ krb5int_dk_prf, /*PRF*/
CKSUMTYPE_HMAC_SHA1_DES3 },
{ ENCTYPE_DES3_CBC_SHA1, /* alias */
"des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
&krb5int_enc_des3, &krb5int_hash_sha1,
- 8,
+ 16,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
krb5int_dk_string_to_key,
- NULL, /*PRF*/
+ krb5int_dk_prf, /*PRF*/
CKSUMTYPE_HMAC_SHA1_DES3 },
{ ENCTYPE_DES3_CBC_SHA1, /* alias */
"des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
&krb5int_enc_des3, &krb5int_hash_sha1,
- 8,
+ 16,
krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
krb5int_dk_string_to_key,
- NULL, /*PRF*/
+ krb5int_dk_prf, /*PRF*/
CKSUMTYPE_HMAC_SHA1_DES3 },
{ ENCTYPE_DES_HMAC_SHA1,
Regards,
--
Yukiyo Akisada <akisada@tahi.org>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
