GSS-API extensions for AEAD
Luke Howard <lukeh@PADL.COM> Sat, 11 September 2004 07:16 UTC
Return-Path: <kitten-bounces@lists.ietf.org>
Received: from solipsist-nation ([unix socket]) by solipsist-nation (Cyrus v2.1.5-Debian2.1.5-1) with LMTP; Sat, 11 Sep 2004 03:16:24 -0400
X-Sieve: CMU Sieve 2.2
Return-Path: <kitten-bounces@lists.ietf.org>
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by suchdamage.org (Postfix) with ESMTP id 05221131AC for <ietf.kitten@mailboxes.suchdamage.org>; Sat, 11 Sep 2004 03:16:23 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C625b-0005hO-7l; Sat, 11 Sep 2004 03:14:27 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1C622E-00053I-SN for kitten@megatron.ietf.org; Sat, 11 Sep 2004 03:10:59 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA28690 for <kitten@ietf.org>; Sat, 11 Sep 2004 03:10:57 -0400 (EDT)
Received: from au.padl.com ([203.13.32.1]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1C626S-0003Cr-3w for kitten@ietf.org; Sat, 11 Sep 2004 03:15:21 -0400
Received: (from lukeh@localhost) by au.padl.com (8.9.3/8.9.3) id RAA16219; Sat, 11 Sep 2004 17:10:22 +1000 (EST)
From: Luke Howard <lukeh@PADL.COM>
Message-Id: <200409110710.RAA16219@au.padl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Organization: PADL Software Pty Ltd
To: kitten@ietf.org
Date: Sat, 11 Sep 2004 17:10:21 +1000
Versions: dmail (bsd44) 2.6d/makemail 2.10
X-Spam-Score: 0.0 (/)
X-Scan-Signature: d0bdc596f8dd1c226c458f0b4df27a88
Cc: tridge@samba.org
Subject: GSS-API extensions for AEAD
X-BeenThere: kitten@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: lukeh@PADL.COM
List-Id: Common Authentication Technologies - Next Generation <kitten.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kitten>
List-Post: <mailto:kitten@lists.ietf.org>
List-Help: <mailto:kitten-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@lists.ietf.org?subject=subscribe>
Sender: kitten-bounces@lists.ietf.org
Errors-To: kitten-bounces@lists.ietf.org
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on solipsist-nation.suchdamage.org
X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.63
X-Spam-Level:
Status: RO
Content-Length: 2304
Lines: 78
We need to support AEAD in GSS-API in order to interoperate with some vendor implementations of DCE RPC. I've extended our GSS-API implementation, which is based on Heimdal, to add the GSS_Unwrap_Ex() and GSS_Wrap_Ex() APIs. The C bindings are as follows: /* * GSS_Unwrap() with support for associated data. * * Notes: * * token_header_buffer contains the GSS-API token as * received from the peer * * associated_data_buffer contains the complete data * over which the checksum is to be verified; * * input_message_buffer contains the complete data to * be decrypted if confidentiality was requested; * * input_message_buffer value must point into the value * of associated_data_buffer (hence input_message_buffer * just specifies a span within associated_data_buffer). * * On returning GSS_S_COMPLETE, output_message_buffer * will contain input_message_buffer after unwrapping and; * * associated_data_buffer will have been authenticated * */ OM_uint32 gss_unwrap_ex(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t token_header_buffer, const gss_buffer_t associated_data_buffer, const gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, gss_qop_t *qop_state); /* * GSS_Wrap() with support for associated data. * * Notes: * * associated_data_buffer contains the complete data * over which the checksum is to be verified; * * input_message_buffer contains the data to be * encrypted if conf_req_flag == TRUE. * * On returning GSS_S_COMPLETE, output_token_buffer * will contain the GSS-API tokenheader, and; * * output_message_buffer will contain input_message_buffer * after wrapping (including any padding) */ OM_uint32 gss_wrap_ex(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t associated_data_buffer, const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_token_buffer, gss_buffer_t output_message_buffer); Any comments? Worth writing this up as an Internet Draft? -- Luke _______________________________________________ Kitten mailing list Kitten@lists.ietf.org https://www1.ietf.org/mailman/listinfo/kitten
- Re: GSS-API extensions for AEAD Ken Raeburn
- GSS-API extensions for AEAD Luke Howard
- Re: GSS-API extensions for AEAD Luke Howard
- Re: GSS-API extensions for AEAD Luke Howard
- Re: GSS-API extensions for AEAD Martin Rex
- Re: GSS-API extensions for AEAD Sam Hartman
- Re: GSS-API extensions for AEAD Sam Hartman
- Re: GSS-API extensions for AEAD Luke Howard
- Re: GSS-API extensions for AEAD Simon Josefsson
- Re: GSS-API extensions for AEAD Nicolas Williams
- Re: GSS-API extensions for AEAD Sam Hartman
- Re: GSS-API extensions for AEAD Luke Howard
- Re: GSS-API extensions for AEAD Luke Howard
- Re: GSS-API extensions for AEAD Martin Rex
- Re: GSS-API extensions for AEAD Luke Howard
- Re: GSS-API extensions for AEAD Luke Howard