[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: arcfour-hmac checksum salt value

To: "Love Hörnquist Åstrand" <lha@kth.se>
Subject: Re: arcfour-hmac checksum salt value
From: "Kevin Coffman" <kwc@citi.umich.edu>
Date: Fri, 14 Mar 2008 13:34:08 -0400
Cc: heimdal-discuss@sics.se, "Kerberos developers list" <krbdev@mit.edu>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=t5Sfny3c8UjzlLyaHOFaputmFUnqAUbC5HQ7MslOBNI=; b=KRfXiWwpW23PpVm1r/dtwSdNa+PGAhZS/G/X+Nvkk4lwCIKs01e4W0R/EC0twd8tLpSVy3mA8t7q7z/XYC5rDoLNfQhq739cMcx0r/FcFW/Q+A2MtWO73mDrFgEVMm6njQgKhrnvR4hmdp6u+t5+WauZlwH3FzvSwgLFNkQdQLc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=fXeehzbtxt3PwtLl4SNGkBY3I9FORbhjktAH0gqR/9czGbJyzz1bfBvgcRZHxgEowYbaBvr71WCdJMOzvtLKKhIL7dvgYCMxs4WeS4TTrvgMv/BLbdpRt7CkslT1Qd8/mlAIELeWG4u0w53myg6QKkEkqkJSyZ74n9xxj85004A=
In-Reply-To: <2EEB7FD4-EE67-4C0B-AAE7-5B02DFE3EC43@kth.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <4d569c330803110942t4e60b15dv960d7b3893f95095@mail.gmail.com> <2E719B42-7671-4C17-B941-0AF9F58F6762@kth.se> <4d569c330803140834g4c7b8ec4p4aec6f6c0a7ecf25@mail.gmail.com> <2EEB7FD4-EE67-4C0B-AAE7-5B02DFE3EC43@kth.se>
Reply-To: heimdal-discuss@sics.se, "Kevin Coffman" <kwc@citi.umich.edu>
Sender: kwcoffman@gmail.com

On Fri, Mar 14, 2008 at 1:03 PM, Love Hörnquist Åstrand <lha@kth.se> wrote:
> >>> While implementing arcfour-hmac for Linux Kernel NFS use, I have run
>  >>> into the following issue:
>  >>>
>
> >>  From where do you get 13 in heimdal ?
>  >>
>  >>  From what I can read, heimdal uses KRB5_KU_USAGE_SIGN that later in
>  >> the crypto layer is mapped to 15 for the mic checksum.
>  >>
>
> > Function usage2arcfour() when given KRB5_KU_USAGE_SEAL.
>  >
>  > _gsskrb5_wrap()
>  >  --> _gssapi_wrap_arcfour()
>  >    --> arcfour_mic_cksum()
>  >      --> krb5_create_checksum()
>  >        --> usage2arcfour()
>  >
>  > I was only looking at your code (and testing my code against Solaris).
>  >
>  > Let me know if I'm misreading this...
>
>  Ah, confused wrap with mic. if you look at older drafts they uses 13
>  for wrap [1]. 15 must be a copy and paste error.
>
>
>  Love
>
>  [1] http://tools.ietf.org/html/draft-brezak-win2k-krb-rc4-hmac-02

Thanks!  It makes more sense now.  I will submit an errata report for rfc4757.

K.C.

References:
- arcfour-hmac checksum salt value
  - From: "Kevin Coffman" <kwc@citi.umich.edu>
- Re: arcfour-hmac checksum salt value
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: arcfour-hmac checksum salt value
  - From: "Kevin Coffman" <kwc@citi.umich.edu>
- Re: arcfour-hmac checksum salt value
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: arcfour-hmac checksum salt value
Next by Date: Re: [PATCH] Enforce EKU requirements for client tokens during PKINIT
Prev by thread: Re: arcfour-hmac checksum salt value
Next by thread: Separate keytab with mod_auth_kerb
Index(es):
- Date
- Thread