Key derivation when encrypting the sequence number in gss_wrap
Joseph Harfouch
harfouj at au1.ibm.com
Thu Jan 5 02:56:38 EST 2006
Hi,
My name is Joseph Harfouch and I have been recently working on Kerberos and
gss related products at IBM.
We recently had a problem interoperating with a JAVA implementation of
Kerberos/gss. The problem is that JAVA seems to be doing a key derivation
when encrypting the sequence number in gss_wrap (Which I think is the
correct behavior for encryption type ENCTYPE_DES3_CBC_SHA1), and we don't.
However, we seem to interoperate correctly with you which seems to suggest
that you have the same behavior as us (Which we believe to be faulty).
The code in kg_encrypt suggests that you are trying to do key derivation
using KG_USAGE_SEQ , but since the encryption of ctx->seq has been modified
earlier to ENCTYPE_DES3_CBC_RAW in krb5_gss_accept_sec_context, and that
encryption type does not perform key derivation, no derivation is
performed, and changing the USAGE value in the kg_encrypt call in
kg_make_seq_num (The file is util_seqnum.c) has no effect.
We are still in the early stages of investigating the problem, but we are
concerned that any fix we do, does not break interoperability with you, but
we want to correctly follow the RFC of course. Could you please give us
your opinion/analysis of this.
Your feedback is much appreciated.
Regards
Joseph
More information about the krbdev
mailing list