IETF Logo Mail Archive

Re: [kitten] krb5 gss_pseudo_random implementation/spec variance

Greg Hudson <ghudson@MIT.EDU> Sat, 18 January 2014 18:26 UTC

Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2E151ADF88 for <kitten@ietfa.amsl.com>; Sat, 18 Jan 2014 10:26:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.139
X-Spam-Level:
X-Spam-Status: No, score=-3.139 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sq3TvFQ0Y3yi for <kitten@ietfa.amsl.com>; Sat, 18 Jan 2014 10:26:01 -0800 (PST)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) by ietfa.amsl.com (Postfix) with ESMTP id C49DA1ADF6B for <kitten@ietf.org>; Sat, 18 Jan 2014 10:26:00 -0800 (PST)
X-AuditID: 1209190e-f79ee6d000000c40-82-52dac72b8911
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id FA.39.03136.B27CAD25; Sat, 18 Jan 2014 13:25:47 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s0IIPkDD008199 for <kitten@ietf.org>; Sat, 18 Jan 2014 13:25:47 -0500
Received: from localhost (equal-rites.mit.edu [18.18.1.59]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s0IIPkAw006107 for <kitten@ietf.org>; Sat, 18 Jan 2014 13:25:46 -0500
From: Greg Hudson <ghudson@MIT.EDU>
To: kitten@ietf.org
References: <CAK3OfOjMb_++w&#45; RJ2AaNDCTQyCSWO8JWBNvMMG+z4Dc&#45; VtJOkw@mail.gmail.com>
Date: Sat, 18 Jan 2014 13:25:24 -0500
Message-ID: <x7d38klkuzv.fsf@equal-rites.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrIIsWRmVeSWpSXmKPExsUixCmqrat9/FaQwcJnahZHN69icWD0WLLk J1MAYxSXTUpqTmZZapG+XQJXxtvTIgXPZSum3NvG2MA4W6qLkZNDQsBEomPmLzYIW0ziwr31 YLaQwGwmiemr2bsYuYDs44wSG/8cY4JwOpgkDrQdBatiE1CWOHj2GwuILSIgLLF76ztmEFtY wFPi6LX7TBCTIiTeP3nJCGKzCKhKLL63GqyGV8BQ4uypeSwQtqDEyZlPwGxmAS2JG/9eMk1g 5J2FJDULSWoBI9MqRtmU3Crd3MTMnOLUZN3i5MS8vNQiXWO93MwSvdSU0k2M4JCR5NvB+PWg 0iFGAQ5GJR7eB59uBgmxJpYVV+YeYpTkYFIS5VVacitIiC8pP6UyI7E4I76oNCe1+BCjBAez kghv8AagHG9KYmVValE+TEqag0VJnPcmh32QkEB6YklqdmpqQWoRTFaGg0NJgvfkUaBGwaLU 9NSKtMycEoQ0EwcnyHAeoOEfj4AMLy5IzC3OTIfIn2JUlBLn1QRpFgBJZJTmwfXCYvoVozjQ K8K8BSBVPMB0ANf9CmgwE9BgkdibIINLEhFSUg2M6Q/DSzvfFdfWc/i7m8XPmh7FYa2xMcvz askUnuV3zZUaE7pftJ9OzQ7QrD+5RSZurrlkg03eWy1rAb4rJou+df6/J3zd9kC1hJbV12ed 97ey3H68wkLA6ZpNdvX8S5fWXOtnkt1gqxFTbbCKz0HuwxVHhoRLmey73wdare79JZx468CT V/pKLMUZiYZazEXFiQCFFN3vxAIAAA==
Subject: Re: [kitten] krb5 gss_pseudo_random implementation/spec variance
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jan 2014 18:26:03 -0000

Nico wrote:
> I think we should submit an I-D with a) the update to the original, b)
> test vectors.

I'm not volunteering to submit a revised I-D, but here are some test
vectors from the MIT implementation.  I used input string lengths of 0
and 61 bytes, and an output length of 44 bytes.  61 bytes of input is
just enough to produce a partial second MD5 or SHA1 hash block with the
four-byte counter prefix, and 44 bytes of output requires two full and
one partial RFC 3961 PRF output for all existing enctypes.  All keys
were randomly generated.

Enctype: des-cbc-crc
Key: E607FE9DABB57AE0
Input: (empty string)
Output: 803C4121379FC4B87CE413B67707C4632EBED2C6D6B7
        2A55E878836E35E21600D915D590DED5B6D77BB30A1F

Enctype: des-cbc-crc
Key: 54758316B6257A75
Input: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789
Output: 279E4105F7ADC9BD6EF28ABE31D89B442FE0058388BA
        33264ACB5729562DC637950F6BD144B654BE7700B2D6

Enctype: des3-cbc-sha1
Key: 70378A19CD64134580C27C0115D6B34A1CF2FEECEF9886A2
Input: (empty string)
Output: 9F8D127C520BB826BFF3E0FE5EF352389C17E0C073D9
        AC4A333D644D21BA3EF24F4A886D143F85AC9F6377FB

Enctype: des3-cbc-sha1
Key: 3452A167DF1094BA1089E0A20E9E51ABEF1525922558B69E
Input: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789
Output: 6BF24FABC858F8DD9752E4FCD331BB831F238B5BE190
        4EEA42E38F7A60C588F075C5C96A67E7F8B7BD0AECF4

Enctype: rc4-hmac
Key: 3BB3AE288C12B3B9D06B208A4151B3B6
Input: (empty string)
Output: 9AEA11A3BCF3C53F1F91F5A0BA2132E2501ADF5F3C28
        3C8A983AB88757CE865A22132D6100EAD63E9E291AFA

Enctype: rc4-hmac
Key: 6DB7B33A01BD2B72F7655CB7B3D5FA0B
Input: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789
Output: CDA9A544869FC84873B692663A82AFDA101C8611498B
        A46138B01E927C9B95EEC953B562807434037837DDDF

Enctype: aes128-cts-hmac-sha1-96
Key: 6C742096EB896230312B73972FA28B5D
Input: (empty string)
Output: 94208D982FC1BB7778128BDD77904420B45C9DA699F3
        117BCE66E39602128EF0296611A6D191A5828530F20F

Enctype: aes128-cts-hmac-sha1-96
Key: FA61138C109D834A477D24C7311BE6DA
Input: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789
Output: 0FAEDF0F842CC834FEE750487E1B622739286B975FE5
        B7F45AB053143C75CA0DF5D3D4BBB80F6A616C7C9027

Enctype: aes256-cts-hmac-sha1-96
Key: 08FCDAFD5832611B73BA7B497FEBFF8C954B4B58031CAD9B977C3B8C25192FD6
Input: (empty string)
Output: E627EFC14EF5B6D629F830C7109DEA0D3D7D36E8CD57
        A1F301C5452494A1928F05AFFBEE3360232209D3BE0D

Enctype: aes256-cts-hmac-sha1-96
Key: F5B68B7823D8944F33F41541B4E4D38C9B2934F8D16334A796645B066152B4BE
Input: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789
Output: 112F2B2D878590653CCC7DE278E9F0AA46FA5A380B62
        59F774CB7C134FCD37F61A50FD0D9F89BF8FE1A6B593

Enctype: camellia128-cts-cmac
Key: 866E0466A178279A32AC0BDA92B72AEB
Input: (empty string)
Output: 97FBB354BF341C3A160DCC86A7A910FDA824601DF677
        68797BACEEBF5D250AE929DEC9760772084267F50A54

Enctype: camellia128-cts-cmac
Key: D4893FD37DA1A211E12DD1E03E0F03B7
Input: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789
Output: 1DEE2FF126CA563A2A2326B9DD3F0095013257414C83
        FAD4398901013D55F367C82681186B7B2FE62F746BA4

Enctype: camellia256-cts-cmac
Key: 203071B1AE77BD3D6FCE70174AF95C225B1CED46B35CF52B6479EFEB47E6B063
Input: (empty string)
Output: 9B30020634C10FDA28420CEE7B96B70A90A771CED43A
        D8346554163E5949CBAE2FB8EF36AFB6B32CE75116A0

Enctype: camellia256-cts-cmac
Key: A171AD582C1AFBBAD52ABD622EE6B6A14D19BF95C6914B2BA40FFD99A88EC660
Input: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123456789
Output: A47CBB6E104DCC77E4DB48A7A474B977F2FB6A7A1AB6
        52317D50508AE72B7BE2E4E4BA24164E029CBACF786B

v2.30.2 | Report a Bug | By Email | System Status