[krbdev.mit.edu #8490] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Oct 3 16:02:43 EDT 2016
Add aes-sha2 enctype support
Add support to libk5crypto for the aes128-cts-hmac-sha256-128 and
aes256-cts-hmac-sha384-192 encryption types, and the
hmac-sha256-128-aes128 and hmac-sha384-192-aes256 checksum types.
Key derivation for the new encryption types uses a hash, so we need to
add a hash parameter to the krb5int_derive_ functions, which can be
null except when DERIVE_SP800_108_HMAC is given. Rename the helper
function derive_random_sp800_108_cmac() to
derive_random_sp800_108_feedback_cmac() to make it clear that feedback
mode is used, since the new enctype uses counter mode.
https://github.com/krb5/krb5/commit/135a9ac3c58b444998361a3b13f5decfdece2105
Author: Greg Hudson <ghudson at mit.edu>
Commit: 135a9ac3c58b444998361a3b13f5decfdece2105
Branch: master
src/include/krb5/krb5.hin | 20 ++-
src/lib/crypto/crypto_tests/t_derive.c | 2 +-
src/lib/crypto/krb/Makefile.in | 9 +
src/lib/crypto/krb/checksum_dk_cmac.c | 3 +-
src/lib/crypto/krb/checksum_dk_hmac.c | 2 +-
src/lib/crypto/krb/checksum_etm.c | 65 ++++++++
src/lib/crypto/krb/cksumtypes.c | 12 ++
src/lib/crypto/krb/combine_keys.c | 5 +-
src/lib/crypto/krb/crypto_int.h | 31 ++++-
src/lib/crypto/krb/derive.c | 74 +++++++++-
src/lib/crypto/krb/enc_dk_cmac.c | 6 +-
src/lib/crypto/krb/enc_dk_hmac.c | 8 +-
src/lib/crypto/krb/enc_etm.c | 257 ++++++++++++++++++++++++++++++++
src/lib/crypto/krb/etypes.c | 21 +++
src/lib/crypto/krb/prf_aes2.c | 42 +++++
src/lib/crypto/krb/prf_cmac.c | 2 +-
src/lib/crypto/krb/prf_dk.c | 3 +-
src/lib/crypto/krb/s2k_pbkdf2.c | 16 ++-
18 files changed, 548 insertions(+), 30 deletions(-)
More information about the krb5-bugs
mailing list