You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Kai Zheng (JIRA)" <ji...@apache.org> on 2015/03/23 03:52:11 UTC
[jira] [Updated] (DIRKRB-188) Calculating FAST armor key
[ https://issues.apache.org/jira/browse/DIRKRB-188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kai Zheng updated DIRKRB-188:
-----------------------------
Description:
According to the FAST spec, in section of https://tools.ietf.org/html/rfc6113#page-17, we need to implement the facility for calculating armor key given key1, key2, pepper1, and pepper2, as defined as follows.
{noformat}
KRB-FX-CF2() combines two protocol keys based on the pseudo-random()
function defined in [RFC3961].
Given two input keys, K1 and K2, where K1 and K2 can be of two
different enctypes, the output key of KRB-FX-CF2(), K3, is derived as
follows:
KRB-FX-CF2(protocol key, protocol key, octet string,
octet string) -> (protocol key)
PRF+(K1, pepper1) -> octet-string-1
PRF+(K2, pepper2) -> octet-string-2
KRB-FX-CF2(K1, K2, pepper1, pepper2) :=
random-to-key(octet-string-1 ^ octet-string-2)
Where ^ denotes the exclusive-OR operation. PRF+() is defined as
follows:
PRF+(protocol key, octet string) -> (octet string)
PRF+(key, shared-info) := pseudo-random( key, 1 || shared-info ) ||
pseudo-random( key, 2 || shared-info ) ||
pseudo-random( key, 3 || shared-info ) || ...
{noformat}
was:According to the FAST spec, in section of https://tools.ietf.org/html/rfc6113#page-17, we need to implement the facility for calculating armor key given key1, key2, pepper1, and pepper2.
> Calculating FAST armor key
> --------------------------
>
> Key: DIRKRB-188
> URL: https://issues.apache.org/jira/browse/DIRKRB-188
> Project: Directory Kerberos
> Issue Type: New Feature
> Reporter: Kai Zheng
> Assignee: Kai Zheng
>
> According to the FAST spec, in section of https://tools.ietf.org/html/rfc6113#page-17, we need to implement the facility for calculating armor key given key1, key2, pepper1, and pepper2, as defined as follows.
> {noformat}
> KRB-FX-CF2() combines two protocol keys based on the pseudo-random()
> function defined in [RFC3961].
> Given two input keys, K1 and K2, where K1 and K2 can be of two
> different enctypes, the output key of KRB-FX-CF2(), K3, is derived as
> follows:
> KRB-FX-CF2(protocol key, protocol key, octet string,
> octet string) -> (protocol key)
> PRF+(K1, pepper1) -> octet-string-1
> PRF+(K2, pepper2) -> octet-string-2
> KRB-FX-CF2(K1, K2, pepper1, pepper2) :=
> random-to-key(octet-string-1 ^ octet-string-2)
> Where ^ denotes the exclusive-OR operation. PRF+() is defined as
> follows:
> PRF+(protocol key, octet string) -> (octet string)
> PRF+(key, shared-info) := pseudo-random( key, 1 || shared-info ) ||
> pseudo-random( key, 2 || shared-info ) ||
> pseudo-random( key, 3 || shared-info ) || ...
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)