You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Kai Zheng (JIRA)" <ji...@apache.org> on 2015/03/23 03:52:11 UTC

[jira] [Updated] (DIRKRB-188) Calculating FAST armor key

     [ https://issues.apache.org/jira/browse/DIRKRB-188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kai Zheng updated DIRKRB-188:
-----------------------------
    Description: 
According to the FAST spec, in section of https://tools.ietf.org/html/rfc6113#page-17, we need to implement the facility for calculating armor key given key1, key2, pepper1, and pepper2, as defined as follows.
{noformat}
   KRB-FX-CF2() combines two protocol keys based on the pseudo-random()
   function defined in [RFC3961].

   Given two input keys, K1 and K2, where K1 and K2 can be of two
   different enctypes, the output key of KRB-FX-CF2(), K3, is derived as
   follows:

       KRB-FX-CF2(protocol key, protocol key, octet string,
                 octet string)  ->  (protocol key)

       PRF+(K1, pepper1) -> octet-string-1
       PRF+(K2, pepper2) -> octet-string-2
       KRB-FX-CF2(K1, K2, pepper1, pepper2) :=
              random-to-key(octet-string-1 ^ octet-string-2)

   Where ^ denotes the exclusive-OR operation.  PRF+() is defined as
   follows:

    PRF+(protocol key, octet string) -> (octet string)

    PRF+(key, shared-info) := pseudo-random( key,  1 || shared-info ) ||
                  pseudo-random( key, 2 || shared-info ) ||
                  pseudo-random( key, 3 || shared-info ) || ...
{noformat}

  was:According to the FAST spec, in section of https://tools.ietf.org/html/rfc6113#page-17, we need to implement the facility for calculating armor key given key1, key2, pepper1, and pepper2. 


> Calculating FAST armor key
> --------------------------
>
>                 Key: DIRKRB-188
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-188
>             Project: Directory Kerberos
>          Issue Type: New Feature
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>
> According to the FAST spec, in section of https://tools.ietf.org/html/rfc6113#page-17, we need to implement the facility for calculating armor key given key1, key2, pepper1, and pepper2, as defined as follows.
> {noformat}
>    KRB-FX-CF2() combines two protocol keys based on the pseudo-random()
>    function defined in [RFC3961].
>    Given two input keys, K1 and K2, where K1 and K2 can be of two
>    different enctypes, the output key of KRB-FX-CF2(), K3, is derived as
>    follows:
>        KRB-FX-CF2(protocol key, protocol key, octet string,
>                  octet string)  ->  (protocol key)
>        PRF+(K1, pepper1) -> octet-string-1
>        PRF+(K2, pepper2) -> octet-string-2
>        KRB-FX-CF2(K1, K2, pepper1, pepper2) :=
>               random-to-key(octet-string-1 ^ octet-string-2)
>    Where ^ denotes the exclusive-OR operation.  PRF+() is defined as
>    follows:
>     PRF+(protocol key, octet string) -> (octet string)
>     PRF+(key, shared-info) := pseudo-random( key,  1 || shared-info ) ||
>                   pseudo-random( key, 2 || shared-info ) ||
>                   pseudo-random( key, 3 || shared-info ) || ...
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)