[Heimdal-source-changes] [heimdal/heimdal] 9269a4: Add missing KRB-FX-CF2 test vectors (3DES broken)
GitHub
noreply at github.com
Mon Mars 17 04:58:09 CET 2014
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 9269a4428a40a5a462abf2279050f1d983bf5da3
https://github.com/heimdal/heimdal/commit/9269a4428a40a5a462abf2279050f1d983bf5da3
Author: Nicolas Williams <nico at cryptonector.com>
Date: 2014-03-16 (Sun, 16 Mar 2014)
Changed paths:
M lib/krb5/test_fx.c
Log Message:
-----------
Add missing KRB-FX-CF2 test vectors (3DES broken)
Note that this shows that the our KRB-FX-CF2 is broken as to 3DES (and
the 1DES PRF is still missing).
Commit: cdf39f13699e1a8ad972d70e33ce31f1bbc5f497
https://github.com/heimdal/heimdal/commit/cdf39f13699e1a8ad972d70e33ce31f1bbc5f497
Author: Greg Hudson <ghudson at mit.edu>
Date: 2014-03-16 (Sun, 16 Mar 2014)
Changed paths:
M lib/krb5/crypto-des3.c
Log Message:
-----------
Fix DES3 PRF
RFC 3961 says the simplified profile PRF should truncate the hash
output to "multiple of m", which MIT krb5 interprets as the largest
possible multiple of m. RFC 6113 appendix A also uses that
interpretation for the KRB-FX-CF2 test vector. So the DES3 PRF should
truncate the 20-byte SHA-1 result to 16 bytes, not 8. Also make
krb5_crypto_prf_length work with DES3 by giving the DES3 enctype a
non-zero PRF length.
Signed-off-by: Nicolas Williams <nico at cryptonector.com>
Commit: ad5786899621ab612a9de8d941a3d2f8b769a8ae
https://github.com/heimdal/heimdal/commit/ad5786899621ab612a9de8d941a3d2f8b769a8ae
Author: Benjamin Kaduk <kaduk at mit.edu>
Date: 2014-03-16 (Sun, 16 Mar 2014)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
Fix KRB-FX-CF2 for enctypes with non-dense keyspaces
It is necessary to use the RFC3961 random_to_key operation when
creating a key from a bitstring.
Signed-off-by: Nicolas Williams <nico at cryptonector.com>
Compare: https://github.com/heimdal/heimdal/compare/ae2df333cd7d...ad5786899621
More information about the Heimdal-source-changes
mailing list