git://git.openafs.org / openafs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b1587d0) | patch
Derive DES/fcrypt session key from other key types
authorChaskiel Grundman <cg2v@andrew.cmu.edu>
Mon, 18 Mar 2013 01:58:47 +0000 (21:58 -0400)
committerSimon Wilkinson <sxw@your-file-system.com>
Tue, 23 Jul 2013 11:55:33 +0000 (12:55 +0100)
commit443ee5d89f1bbee3b6b9e26748422a245925fff4
treea65827faa2f2e9435777eda61f4908b6eb3759f1tree | snapshot
parentb1587d03eec39fc57b3ea8cfc331de73c3de8e82commit | diff
Derive DES/fcrypt session key from other key types

If a kerberos 5 ticket has a session key with a non-DES enctype,
use the NIST SP800-108 KDF in counter mode with HMAC_MD5 as the PRF to
construct a DES key to be used by rxkad.

To satisfy the requirements of the KDF, DES3 keys are first compressed into a
168 bit form by reversing the RFC3961 random-to-key algorithm

Change-Id: I4dc8e83a641f9892b31c109fb9025251de3dcb27
src/aklog/aklog_main.c diff | blob | history
src/rxkad/rxkad_prototypes.h diff | blob | history
src/rxkad/ticket5.c diff | blob | history
src/shlibafsrpc/mapfile diff | blob | history
OpenAFS Master Repository