RFR 8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5

Weijun Wang weijun.wang at oracle.com
Wed Dec 20 00:04:39 UTC 2017



> On Dec 20, 2017, at 12:02 AM, Jamil Nimeh <jamil.j.nimeh at oracle.com> wrote:
>> 
>>> - can you verify if the new proposed KDF API could be used for the key-derivation parts in the future?
>> I'll try.
> I took a quick look at the dr() method and I'm pretty sure this can fit into the KDF API as it currently sits.  I'd like to read that section of the RFC just to be sure, but it looks pretty straightforward.  Out of curiosity does this KDF get used anywhere other than Kerberos?

I don't think so. You can see it is defined inside the Kerberos RFC.

There are 2 key derivations inside Kerberos. You can see them inside the test [1]:

1. From (passphrase,salt,(optional) iteration count) to a basekey, lines 53, 56.

2. From (basekey, usage, type) to an application key, line 165. Here type can be one of checksum, encryption or integrity, and usage can be an arbitrary integer (For example, 1 for issuing a key, 2 for send a message).

It looks the KDF API can be called this way:

KDC kdf = KDF.getInstance("Kerberos5/base");
kdf.init(passphraseAsKey, (salt+count), List.of(empty));
Key baseKey = kdf.deriveKey();

KDC kdf2 = KDF.getInstance("Kerberos5/app");
kdf2.init(baseKey, null, List.of(usage+type));
Key appKey = kdf2.deriveKey();

and either kdf2.init() should be run again and again for different usage+type, or create kdf2 each time.

Or, if there is a deriveKey(DerivationParameterSpec) method, it can be simpler

KDC kdf = KDF.getInstance("Kerberos5");
kdf.init(passphraseAsKey, (salt+count));
Key appKey = kdf2.deriveKey(usage+type);

Thanks
Max

[1] http://cr.openjdk.java.net/~weijun/8014628/webrev.00/test/jdk/sun/security/krb5/etype/KerberosAesSha2.java.html


More information about the security-dev mailing list