Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: ghudson@mit.edu Subject: git commit RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 1779 Add aes-sha2 enctype support Add support to libk5crypto for the aes128-cts-hmac-sha256-128 and aes256-cts-hmac-sha384-192 encryption types, and the hmac-sha256-128-aes128 and hmac-sha384-192-aes256 checksum types. Key derivation for the new encryption types uses a hash, so we need to add a hash parameter to the krb5int_derive_ functions, which can be null except when DERIVE_SP800_108_HMAC is given. Rename the helper function derive_random_sp800_108_cmac() to derive_random_sp800_108_feedback_cmac() to make it clear that feedback mode is used, since the new enctype uses counter mode. https://github.com/krb5/krb5/commit/135a9ac3c58b444998361a3b13f5decfdece2105 Author: Greg Hudson Commit: 135a9ac3c58b444998361a3b13f5decfdece2105 Branch: master src/include/krb5/krb5.hin | 20 ++- src/lib/crypto/crypto_tests/t_derive.c | 2 +- src/lib/crypto/krb/Makefile.in | 9 + src/lib/crypto/krb/checksum_dk_cmac.c | 3 +- src/lib/crypto/krb/checksum_dk_hmac.c | 2 +- src/lib/crypto/krb/checksum_etm.c | 65 ++++++++ src/lib/crypto/krb/cksumtypes.c | 12 ++ src/lib/crypto/krb/combine_keys.c | 5 +- src/lib/crypto/krb/crypto_int.h | 31 ++++- src/lib/crypto/krb/derive.c | 74 +++++++++- src/lib/crypto/krb/enc_dk_cmac.c | 6 +- src/lib/crypto/krb/enc_dk_hmac.c | 8 +- src/lib/crypto/krb/enc_etm.c | 257 ++++++++++++++++++++++++++++++++ src/lib/crypto/krb/etypes.c | 21 +++ src/lib/crypto/krb/prf_aes2.c | 42 +++++ src/lib/crypto/krb/prf_cmac.c | 2 +- src/lib/crypto/krb/prf_dk.c | 3 +- src/lib/crypto/krb/s2k_pbkdf2.c | 16 ++- 18 files changed, 548 insertions(+), 30 deletions(-)