directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DIRKRB-188) Calculating FAST armor key
Date Mon, 23 Mar 2015 02:52:11 GMT

     [ https://issues.apache.org/jira/browse/DIRKRB-188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kai Zheng updated DIRKRB-188:
-----------------------------
    Description: 
According to the FAST spec, in section of https://tools.ietf.org/html/rfc6113#page-17, we
need to implement the facility for calculating armor key given key1, key2, pepper1, and pepper2,
as defined as follows.
{noformat}
   KRB-FX-CF2() combines two protocol keys based on the pseudo-random()
   function defined in [RFC3961].

   Given two input keys, K1 and K2, where K1 and K2 can be of two
   different enctypes, the output key of KRB-FX-CF2(), K3, is derived as
   follows:

       KRB-FX-CF2(protocol key, protocol key, octet string,
                 octet string)  ->  (protocol key)

       PRF+(K1, pepper1) -> octet-string-1
       PRF+(K2, pepper2) -> octet-string-2
       KRB-FX-CF2(K1, K2, pepper1, pepper2) :=
              random-to-key(octet-string-1 ^ octet-string-2)

   Where ^ denotes the exclusive-OR operation.  PRF+() is defined as
   follows:

    PRF+(protocol key, octet string) -> (octet string)

    PRF+(key, shared-info) := pseudo-random( key,  1 || shared-info ) ||
                  pseudo-random( key, 2 || shared-info ) ||
                  pseudo-random( key, 3 || shared-info ) || ...
{noformat}

  was:According to the FAST spec, in section of https://tools.ietf.org/html/rfc6113#page-17,
we need to implement the facility for calculating armor key given key1, key2, pepper1, and
pepper2. 


> Calculating FAST armor key
> --------------------------
>
>                 Key: DIRKRB-188
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-188
>             Project: Directory Kerberos
>          Issue Type: New Feature
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>
> According to the FAST spec, in section of https://tools.ietf.org/html/rfc6113#page-17,
we need to implement the facility for calculating armor key given key1, key2, pepper1, and
pepper2, as defined as follows.
> {noformat}
>    KRB-FX-CF2() combines two protocol keys based on the pseudo-random()
>    function defined in [RFC3961].
>    Given two input keys, K1 and K2, where K1 and K2 can be of two
>    different enctypes, the output key of KRB-FX-CF2(), K3, is derived as
>    follows:
>        KRB-FX-CF2(protocol key, protocol key, octet string,
>                  octet string)  ->  (protocol key)
>        PRF+(K1, pepper1) -> octet-string-1
>        PRF+(K2, pepper2) -> octet-string-2
>        KRB-FX-CF2(K1, K2, pepper1, pepper2) :=
>               random-to-key(octet-string-1 ^ octet-string-2)
>    Where ^ denotes the exclusive-OR operation.  PRF+() is defined as
>    follows:
>     PRF+(protocol key, octet string) -> (octet string)
>     PRF+(key, shared-info) := pseudo-random( key,  1 || shared-info ) ||
>                   pseudo-random( key, 2 || shared-info ) ||
>                   pseudo-random( key, 3 || shared-info ) || ...
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message