PRF for des3-cbc-hmac-sha1-kd

Yukiyo Akisada akisada at tahi.org
Sun Apr 5 20:12:59 EDT 2009


Thanks, Srinivas.

I'll post this to krb5-bugs.

Regards,


On Fri, 3 Apr 2009 09:43:10 +0530
"Srinivas Cheruku" <srinivas.cheruku at gmail.com> wrote:

> For me, your changes look good.
> 
> -----Original Message-----
> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
> Of Yukiyo Akisada
> Sent: 01 April 2009 13:46
> To: kerberos at mit.edu
> Subject: PRF for des3-cbc-hmac-sha1-kd
> 
> Hi, all.
> 
> I may misunderstand RFC 3961,
> but in my understanding, des3-cbc-hmac-sha1-kd (etype=16) uses
> PRF on Simplified Profile as its pseudo-random function.
> 
> Now, I want to use PRF function
> from Krb5-1.8 perl module which is based on MIT krb5-1.6.3 implementation.
> 
>     Krb5: <http://search.cpan.org/dist/Krb5/>
> 
> But, PRF function for ENCTYPE_DES3_CBC_SHA1 has not be
> defined in <krb5-1.6.3/src/lib/crypto/etypes.c>.
> 
> Indeed,
> I need some modification into Krb5-1.8 to export prf function from
> krb5-1.6.3,
> but I also need the following modification into krb5-1.6.3.
> 
> In this moment,
> the following modification matches with my expected behavior,
> but I'm not sure whether this modification against krb5-1.6.3 is correct or
> not.
> 
> Do you have any idea about this?
> 
>     --- krb5-1.6.3/src/lib/crypto/etypes.c.orig 2009-04-01
> 17:02:56.000000000 +0900
>     +++ krb5-1.6.3/src/lib/crypto/etypes.c  2009-04-01 14:42:01.000000000
> +0900
>     @@ -94,26 +94,26 @@
>          { ENCTYPE_DES3_CBC_SHA1,
>            "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1",
>            &krb5int_enc_des3, &krb5int_hash_sha1,
>     -      8,
>     +      16,
>            krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
>            krb5int_dk_string_to_key,
>     -      NULL, /*PRF*/
>     +      krb5int_dk_prf, /*PRF*/
>            CKSUMTYPE_HMAC_SHA1_DES3 },
>          { ENCTYPE_DES3_CBC_SHA1,   /* alias */
>            "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1",
>            &krb5int_enc_des3, &krb5int_hash_sha1,
>     -      8,
>     +      16,
>            krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
>            krb5int_dk_string_to_key,
>     -      NULL, /*PRF*/
>     +      krb5int_dk_prf, /*PRF*/
>            CKSUMTYPE_HMAC_SHA1_DES3 },
>          { ENCTYPE_DES3_CBC_SHA1,   /* alias */
>            "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1",
>            &krb5int_enc_des3, &krb5int_hash_sha1,
>     -      8,
>     +      16,
>            krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
>            krb5int_dk_string_to_key,
>     -      NULL, /*PRF*/
>     +      krb5int_dk_prf, /*PRF*/
>            CKSUMTYPE_HMAC_SHA1_DES3 },
> 
>          { ENCTYPE_DES_HMAC_SHA1,
> 
> Regards,
> 
> 
> -- 
> Yukiyo Akisada <akisada at tahi.org>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 


-- 
Yukiyo Akisada <akisada at tahi.org>



More information about the Kerberos mailing list