]> git.michaelhowe.org Git - packages/o/openafs.git/commit
projects / packages / o / openafs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 33eecea) | patch
Derive DES/fcrypt session key from other key types
authorChaskiel Grundman <cg2v@andrew.cmu.edu>
Mon, 18 Mar 2013 01:58:47 +0000 (21:58 -0400)
committerSimon Wilkinson <sxw@your-file-system.com>
Tue, 16 Jul 2013 19:37:56 +0000 (20:37 +0100)
commit1c7fa1405940a136a992d65023cc690b1111ab3e
treeddbe2d6bb405cd83a3a4b1679283f0e575099211tree | snapshot
parent33eecea7db14d06c59e1081b970d4caf0af773cacommit | diff
Derive DES/fcrypt session key from other key types

If a kerberos 5 ticket has a session key with a non-DES enctype,
use the NIST SP800-108 KDF in counter mode with HMAC_MD5 as the PRF to
construct a DES key to be used by rxkad.

To satisfy the requirements of the KDF, DES3 keys are first compressed into a
168 bit form by reversing the RFC3961 random-to-key algorithm

Change-Id: I4dc8e83a641f9892b31c109fb9025251de3dcb27
src/aklog/aklog.c diff | blob | history
src/rxkad/rxkad_prototypes.h diff | blob | history
src/rxkad/ticket5.c diff | blob | history
src/shlibafsrpc/libafsrpc.map diff | blob | history