[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: arcfour-hmac checksum salt value

To: "Love Hörnquist Åstrand" <lha@kth.se>
Subject: Re: arcfour-hmac checksum salt value
From: "Kevin Coffman" <kwc@citi.umich.edu>
Date: Fri, 14 Mar 2008 11:34:01 -0400
Cc: heimdal-discuss@sics.se, "Kerberos developers list" <krbdev@mit.edu>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=Y3uCvmDJIorY7smnaFNXznrFUOxq6XTau9z49ZsrXSA=; b=kg6+g2uEbCusqiEUqmSOmoFrTlpWtS3yWWVmLdMDPDYNLqeqsVd2nSvmWJ0pPpMgZNxuE1ibCmULc9aAoEmxzfFnve6LMaur0iZU2bIk0AU0IdBntiU74JYa6YXvHt8Ugg/dRC1B9Atz70qi/kym8EwStunPR2GZXdr3Tqli+cQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=siKJRUIi289QIpjMF3yN2H0xFaeU8sKvlh8+gD0pqJB/OdMCqK+ILLLjz4WKyXyO1INY0BnXsBBWlaracakW8afJ7ffMrVfc2tj34MbE/rt165lmEOi712jFI1P/BU84MJQ7gtwv6TaZb8nmKqOpxN5HBUgbkmSsii4QRuN9GQo=
In-Reply-To: <2E719B42-7671-4C17-B941-0AF9F58F6762@kth.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <4d569c330803110942t4e60b15dv960d7b3893f95095@mail.gmail.com> <2E719B42-7671-4C17-B941-0AF9F58F6762@kth.se>
Reply-To: heimdal-discuss@sics.se, "Kevin Coffman" <kwc@citi.umich.edu>
Sender: kwcoffman@gmail.com

On Fri, Mar 14, 2008 at 11:03 AM, Love Hörnquist Åstrand <lha@kth.se> wrote:
>
>  11 mar 2008 kl. 12.42 skrev Kevin Coffman:
>
>
>
>  > While implementing arcfour-hmac for Linux Kernel NFS use, I have run
>  > into the following issue:
>  >
>  > According to rfc4757 (sections 7.2 and 7.3), the salt value when
>  > generating the checksum for both MIC and WRAP tokens is 15.  However,
>  > the MIT, Heimdal, and Java implementations all seem to map the usage
>  > values (used while creating the checksum) in WRAP tokens to a salt
>  > value of 13 instead.
>  >
>  > Can someone verify that either I'm confused, or the spec is wrong in
>  > the case of the checksum salt value that Microsoft used for WRAP
>  > tokens?
>
>   From where do you get 13 in heimdal ?
>
>   From what I can read, heimdal uses KRB5_KU_USAGE_SIGN that later in
>  the crypto layer is mapped to 15 for the mic checksum.
>
>  Love

Function usage2arcfour() when given KRB5_KU_USAGE_SEAL.

_gsskrb5_wrap()
  --> _gssapi_wrap_arcfour()
    --> arcfour_mic_cksum()
      --> krb5_create_checksum()
        --> usage2arcfour()

I was only looking at your code (and testing my code against Solaris).

Let me know if I'm misreading this...

K.C.

Follow-Ups:
- Re: arcfour-hmac checksum salt value
  - From: Love Hörnquist Åstrand <lha@kth.se>

References:
- arcfour-hmac checksum salt value
  - From: "Kevin Coffman" <kwc@citi.umich.edu>
- Re: arcfour-hmac checksum salt value
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: hi
Next by Date: Re: arcfour-hmac checksum salt value
Prev by thread: Re: arcfour-hmac checksum salt value
Next by thread: Re: arcfour-hmac checksum salt value
Index(es):
- Date
- Thread