git://git.openafs.org / openafs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7ac5ddd) | patch
Derive DES/fcrypt session key from other key types
authorChaskiel Grundman <cg2v@andrew.cmu.edu>
Mon, 18 Mar 2013 01:58:47 +0000 (21:58 -0400)
committerSimon Wilkinson <sxw@your-file-system.com>
Sat, 13 Jul 2013 10:29:20 +0000 (11:29 +0100)
commit7e4e06b87a09197816b0e1ae132e38dc30090574
treeffe893d4467dd9623d655aaa78c6438ede188e43tree | snapshot
parent7ac5dddbfd439e5276ae5bea00ea22cd1b5897d3commit | diff
Derive DES/fcrypt session key from other key types

If a kerberos 5 ticket has a session key with a non-DES enctype,
use the NIST SP800-108 KDF in counter mode with HMAC_MD5 as the PRF to
construct a DES key to be used by rxkad.

To satisfy the requirements of the KDF, DES3 keys are first compressed into a
168 bit form by reversing the RFC3961 random-to-key algorithm

Windows has three additional places to get tokens, who knew?

Change-Id: I4dc8e83a641f9892b31c109fb9025251de3dcb27
src/WINNT/afsd/afskfw.c diff | blob | history
src/WINNT/aklog/aklog.c diff | blob | history
src/WINNT/netidmgr_plugin/afsfuncs.c diff | blob | history
src/aklog/aklog.c diff | blob | history
src/libafsrpc/afsrpc.def diff | blob | history
src/libafsrpc/libafsrpc.la.sym diff | blob | history
src/rxkad/liboafs_rxkad.la.sym diff | blob | history
src/rxkad/rxkad_prototypes.h diff | blob | history
src/rxkad/ticket5.c diff | blob | history
OpenAFS Master Repository