PRF for des3-cbc-hmac-sha1-kd
Yukiyo Akisada
akisada at tahi.org
Sun Apr 5 20:12:59 EDT 2009
Thanks, Srinivas.
I'll post this to krb5-bugs.
Regards,
On Fri, 3 Apr 2009 09:43:10 +0530
"Srinivas Cheruku" <srinivas.cheruku at gmail.com> wrote:
> For me, your changes look good.
>
> -----Original Message-----
> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
> Of Yukiyo Akisada
> Sent: 01 April 2009 13:46
> To: kerberos at mit.edu
> Subject: PRF for des3-cbc-hmac-sha1-kd
>
> Hi, all.
>
> I may misunderstand RFC 3961,
> but in my understanding, des3-cbc-hmac-sha1-kd (etype=16) uses
> PRF on Simplified Profile as its pseudo-random function.
>
> Now, I want to use PRF function
> from Krb5-1.8 perl module which is based on MIT krb5-1.6.3 implementation.
>
> Krb5: <http://search.cpan.org/dist/Krb5/>
>
> But, PRF function for ENCTYPE_DES3_CBC_SHA1 has not be
> defined in <krb5-1.6.3/src/lib/crypto/etypes.c>.
>
> Indeed,
> I need some modification into Krb5-1.8 to export prf function from
> krb5-1.6.3,
> but I also need the following modification into krb5-1.6.3.
>
> In this moment,
> the following modification matches with my expected behavior,
> but I'm not sure whether this modification against krb5-1.6.3 is correct or
> not.
>
> Do you have any idea about this?
>
> --- krb5-1.6.3/src/lib/crypto/etypes.c.orig 2009-04-01
> 17:02:56.000000000 +0900
> +++ krb5-1.6.3/src/lib/crypto/etypes.c 2009-04-01 14:42:01.000000000
> +0900
> @@ -94,26 +94,26 @@
> { ENCTYPE_DES3_CBC_SHA1,
> "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
> &krb5int_enc_des3, &krb5int_hash_sha1,
> - 8,
> + 16,
> krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
> krb5int_dk_string_to_key,
> - NULL, /*PRF*/
> + krb5int_dk_prf, /*PRF*/
> CKSUMTYPE_HMAC_SHA1_DES3 },
> { ENCTYPE_DES3_CBC_SHA1, /* alias */
> "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
> &krb5int_enc_des3, &krb5int_hash_sha1,
> - 8,
> + 16,
> krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
> krb5int_dk_string_to_key,
> - NULL, /*PRF*/
> + krb5int_dk_prf, /*PRF*/
> CKSUMTYPE_HMAC_SHA1_DES3 },
> { ENCTYPE_DES3_CBC_SHA1, /* alias */
> "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
> &krb5int_enc_des3, &krb5int_hash_sha1,
> - 8,
> + 16,
> krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
> krb5int_dk_string_to_key,
> - NULL, /*PRF*/
> + krb5int_dk_prf, /*PRF*/
> CKSUMTYPE_HMAC_SHA1_DES3 },
>
> { ENCTYPE_DES_HMAC_SHA1,
>
> Regards,
>
>
> --
> Yukiyo Akisada <akisada at tahi.org>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Yukiyo Akisada <akisada at tahi.org>
More information about the Kerberos
mailing list