Thanks, Srinivas. I'll post this to krb5-bugs.
Regards, On Fri, 3 Apr 2009 09:43:10 +0530 "Srinivas Cheruku" <[email protected]> wrote: > For me, your changes look good. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Yukiyo Akisada > Sent: 01 April 2009 13:46 > To: [email protected] > Subject: PRF for des3-cbc-hmac-sha1-kd > > Hi, all. > > I may misunderstand RFC 3961, > but in my understanding, des3-cbc-hmac-sha1-kd (etype=16) uses > PRF on Simplified Profile as its pseudo-random function. > > Now, I want to use PRF function > from Krb5-1.8 perl module which is based on MIT krb5-1.6.3 implementation. > > Krb5: <http://search.cpan.org/dist/Krb5/> > > But, PRF function for ENCTYPE_DES3_CBC_SHA1 has not be > defined in <krb5-1.6.3/src/lib/crypto/etypes.c>. > > Indeed, > I need some modification into Krb5-1.8 to export prf function from > krb5-1.6.3, > but I also need the following modification into krb5-1.6.3. > > In this moment, > the following modification matches with my expected behavior, > but I'm not sure whether this modification against krb5-1.6.3 is correct or > not. > > Do you have any idea about this? > > --- krb5-1.6.3/src/lib/crypto/etypes.c.orig 2009-04-01 > 17:02:56.000000000 +0900 > +++ krb5-1.6.3/src/lib/crypto/etypes.c 2009-04-01 14:42:01.000000000 > +0900 > @@ -94,26 +94,26 @@ > { ENCTYPE_DES3_CBC_SHA1, > "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1", > &krb5int_enc_des3, &krb5int_hash_sha1, > - 8, > + 16, > krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, > krb5int_dk_string_to_key, > - NULL, /*PRF*/ > + krb5int_dk_prf, /*PRF*/ > CKSUMTYPE_HMAC_SHA1_DES3 }, > { ENCTYPE_DES3_CBC_SHA1, /* alias */ > "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1", > &krb5int_enc_des3, &krb5int_hash_sha1, > - 8, > + 16, > krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, > krb5int_dk_string_to_key, > - NULL, /*PRF*/ > + krb5int_dk_prf, /*PRF*/ > CKSUMTYPE_HMAC_SHA1_DES3 }, > { ENCTYPE_DES3_CBC_SHA1, /* alias */ > "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1", > &krb5int_enc_des3, &krb5int_hash_sha1, > - 8, > + 16, > krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, > krb5int_dk_string_to_key, > - NULL, /*PRF*/ > + krb5int_dk_prf, /*PRF*/ > CKSUMTYPE_HMAC_SHA1_DES3 }, > > { ENCTYPE_DES_HMAC_SHA1, > > Regards, > > > -- > Yukiyo Akisada <[email protected]> > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Yukiyo Akisada <[email protected]> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
