On 10/11/20 6:16 AM, Egor wrote: > Good day. > I am searching for detailed AES256 kerberos algorithm implementation. > I am interested espeсially in nfold algorithm in it. I know, how nfold > algorithm works, but it is very important for me to know, which constants > except string "kerberos" are used in key derivation with the help of nfold > algorithm. I have heard that these constants depends on the type of traffic > packet (AS_REG, AS_REP, TGS_REP) > Could you please help to find it, it is very important?
RFC 3961 and 3962 are the references here. RFC 3961 defines the overall framework and (in section 5) the simplified profile. RFC 3962 defines the AES-SHA1 enctypes using the simplified profile. In the simplified profile, the protocol key is used to derive three subkeys named Kc, Ke, and Ki. Ke and Ki are used for encryption (Ki for the integrity tag, Ke to encrypt the plaintext) and Kc is used for the checksum operation. The derivation of these subkeys is specified at the very end of RFC 3961 section 5.3. The n-folded constant used in these derivations is the key usage number (as a four-byte big-endian integer) with a different byte appended for each subkey. The key usage number is determined by the Kerberos or application protocol operation being performed. Specific key usage numbers are defined in RFC 4120 section 7.5.1 and in the ad hoc registry at: https://github.com/krb5/krb5-assignments/blob/master/key-usage As you noted, the constant "kerberos" is also used at the end of the string-to-key operation. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
