]> git.michaelhowe.org Git - packages/o/openafs.git/commit
projects / packages / o / openafs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7c2f088) | patch
Derive DES/fcrypt session key from other key types
authorChaskiel Grundman <cg2v@andrew.cmu.edu>
Mon, 18 Mar 2013 01:58:47 +0000 (21:58 -0400)
committerRuss Allbery <rra@debian.org>
Mon, 22 Jul 2013 22:25:44 +0000 (15:25 -0700)
commit01913796f7c213e4ed29989ef4e17f4c16de9243
treeb5b4b3d2a954db97e624330822cf7a7441af12abtree | snapshot
parent7c2f0888f849ceb8013ea5751a7bf6c6825bedc3commit | diff
Derive DES/fcrypt session key from other key types

If a kerberos 5 ticket has a session key with a non-DES enctype,
use the NIST SP800-108 KDF in counter mode with HMAC_MD5 as the PRF to
construct a DES key to be used by rxkad.

To satisfy the requirements of the KDF, DES3 keys are first compressed into a
168 bit form by reversing the RFC3961 random-to-key algorithm

Change-Id: I4dc8e83a641f9892b31c109fb9025251de3dcb27
src/aklog/aklog_main.c diff | blob | history
src/rxkad/rxkad_prototypes.h diff | blob | history
src/rxkad/ticket5.c diff | blob | history
src/shlibafsrpc/mapfile diff | blob | history