summaryrefslogtreecommitdiff
path: root/doc/standardisation/draft-ietf-kitten-gssapi-prf-04.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/standardisation/draft-ietf-kitten-gssapi-prf-04.txt')
-rw-r--r--doc/standardisation/draft-ietf-kitten-gssapi-prf-04.txt505
1 files changed, 0 insertions, 505 deletions
diff --git a/doc/standardisation/draft-ietf-kitten-gssapi-prf-04.txt b/doc/standardisation/draft-ietf-kitten-gssapi-prf-04.txt
deleted file mode 100644
index 8a3bb4d34..000000000
--- a/doc/standardisation/draft-ietf-kitten-gssapi-prf-04.txt
+++ /dev/null
@@ -1,505 +0,0 @@
-
-
-
-NETWORK WORKING GROUP N. Williams
-Internet-Draft Sun
-Expires: December 15, 2005 June 13, 2005
-
-
- A PRF API extension for the GSS-API
- draft-ietf-kitten-gssapi-prf-04.txt
-
-Status of this Memo
-
- By submitting this Internet-Draft, each author represents that any
- applicable patent or other IPR claims of which he or she is aware
- have been or will be disclosed, and any of which he or she becomes
- aware will be disclosed, in accordance with Section 6 of BCP 79.
-
- Internet-Drafts are working documents of the Internet Engineering
- Task Force (IETF), its areas, and its working groups. Note that
- other groups may also distribute working documents as Internet-
- Drafts.
-
- Internet-Drafts are draft documents valid for a maximum of six months
- and may be updated, replaced, or obsoleted by other documents at any
- time. It is inappropriate to use Internet-Drafts as reference
- material or to cite them other than as "work in progress."
-
- The list of current Internet-Drafts can be accessed at
- http://www.ietf.org/ietf/1id-abstracts.txt.
-
- The list of Internet-Draft Shadow Directories can be accessed at
- http://www.ietf.org/shadow.html.
-
- This Internet-Draft will expire on December 15, 2005.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2005).
-
-Abstract
-
- This document defines a Pseudo-Random Function (PRF) extension to the
- Generic Security Service Application Programming Interface (GSS-API)
- for keying application protocols given an established GSS-API
- security context. The primary intended use of this function is to
- key secure session layers that don't or cannot use GSS-API per-
- message MIC (message integrity check) and wrap tokens for session
- protection.
-
-
-
-
-
-Williams Expires December 15, 2005 [Page 1]
-
-Internet-Draft A PRF Extension for the GSS-API June 2005
-
-
-Table of Contents
-
- 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
- 1.1 Conventions used in this document . . . . . . . . . . . . . . 3
- 2. GSS_Pseudo_random() . . . . . . . . . . . . . . . . . . . . . 3
- 2.1 C-Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . 5
- 2.2 Java Bindings . . . . . . . . . . . . . . . . . . . . . . . . 6
- 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
- 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6
- 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
- 5.1 Normative References . . . . . . . . . . . . . . . . . . . . . 7
- 5.2 Informative References . . . . . . . . . . . . . . . . . . . . 7
- Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8
- Intellectual Property and Copyright Statements . . . . . . . . 9
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Williams Expires December 15, 2005 [Page 2]
-
-Internet-Draft A PRF Extension for the GSS-API June 2005
-
-
-1. Introduction
-
- A need has arisen for users of the GSS-API to key applications'
- cryptographic protocols using established GSS-API security contexts.
- Such applications can use the GSS-API for authentication, but not for
- transport security (for whatever reasons), and since the GSS-API does
- not provide a method for obtaining keying material from established
- security contexts such applications cannot make effective use of the
- GSS-API.
-
- To address this need we define a pseudo-random function (PRF)
- extension to the GSS-API.
-
-1.1 Conventions used in this document
-
- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in [RFC2119].
-
-2. GSS_Pseudo_random()
-
- Inputs:
-
-
- o context CONTEXT handle,
-
- o prf_key INTEGER,
-
- o prf_in OCTET STRING,
-
- o desired_output_len INTEGER
-
- Outputs:
-
-
- o major_status INTEGER,
-
- o minor_status INTEGER,
-
- o prf_out OCTET STRING
-
- Return major_status codes:
-
- o GSS_S_COMPLETE indicates no error.
-
- o GSS_S_NO_CONTEXT indicates that a null context has been provided
- as input.
-
-
-
-
-Williams Expires December 15, 2005 [Page 3]
-
-Internet-Draft A PRF Extension for the GSS-API June 2005
-
-
- o GSS_S_CONTEXT_EXPIRED indicates that an expired context has been
- provided as input.
-
- o GSS_S_UNAVAILABLE indicates that the mechanism lacks support for
- this function or, if the security context is not fully
- established, that the context is not ready to compute the PRF with
- the given prf_key, or that the given prf_key is not available.
-
- o GSS_S_FAILURE indicates general failure, possibly due to the given
- input data being too large or of zero length, or due to the
- desired_output_len being zero; the minor status code may provide
- additional information.
-
- This function applies the established context's mechanism's keyed
- pseudo-random function (PRF) to the input data ('prf_in'), keyed with
- key material associated with the given security context and
- identified by 'prf_key', and outputs the resulting octet string
- ('prf_out') of desired_output_len length.
-
- The minimum input data length is one octet.
-
- Mechanisms MUST be able to consume all the provided prf_in input data
- that is 2^14 or fewer octets.
-
- If a mechanism cannot consume as much input data as provided by the
- caller, then GSS_Pseudo_random() MUST return GSS_S_FAILURE.
-
- The minimum desired_output_len is one.
-
- Mechanisms MUST be able to output at least up to 2^14 octets.
-
- If the implementation cannot produce the desired output due to lack
- of resources then it MUST output what it can and still return
- GSS_S_COMPLETE.
-
- The prf_key can take on the following values: GSS_C_PRF_KEY_FULL,
- GSS_C_PRF_KEY_PARTIAL or mechanism-specific values, if any. This
- parameter is intended to distinguish between the best cryptographic
- keys that may be available only after full security context
- establishment and keys that may be available prior to full security
- context establishment. For some mechanisms, or contexts, those two
- prf_key values MAY refer to the same cryptographic keys; for
- mechanisms like the Kerberos V GSS-API mechanism [RFC1964] where one
- peer may assert a key that may be considered better than the others
- they MAY be different keys.
-
- GSS_C_PRF_KEY_PARTIAL corresponds to a key that would be have been
- used while the security context was partially established, even if it
-
-
-
-Williams Expires December 15, 2005 [Page 4]
-
-Internet-Draft A PRF Extension for the GSS-API June 2005
-
-
- is fully established when GSS_Pseudo_random() is actually called.
- Mechanism-specific prf_key values are intended to refer to any other
- keys that may be available.
-
- The GSS_C_PRF_KEY_FULL value corresponds to the best key available
- for fully-established security contexts.
-
- GSS_Pseudo_random() has the following properties:
-
- o its output string MUST be a pseudo-random function [GGM1] [GGM2]
- of the input keyed with key material from the given security
- context -- the chances of getting the same output given different
- input parameters should be exponentially small.
-
- o when successfully applied to the same inputs by an initiator and
- acceptor using the same security context, it MUST produce the
- _same results_ for both, the initiator and acceptor, even if
- called multiple times (as long as the security context is not
- expired).
-
- o upon full establishment of a security context all cryptographic
- keys and/or negotiations used for computing the PRF with any
- prf_key MUST be authenticated (mutually, if mutual authentication
- is in effect for the given security context).
-
- o the outputs of the mechanism's GSS_Pseudo_random() (for different
- inputs) and its per-message tokens for the given security context
- MUST be "cryptographically separate;" in other words, it must not
- be feasible to recover key material for one mechanism operation or
- transform its tokens and PRF outputs from one to the other given
- only said tokens and PRF outputs. [This is a fancy way of saying
- that key derivation and strong cryptographic operations and
- constructions must be used.]
-
- o as implied by the above requirement, it MUST NOT be possible to
- access any raw keys of a security context through
- GSS_Pseudo_random(), no matter what inputs are given.
-
- Mechanisms MAY limit the output of the PRF, possibly in ways related
- to the types of cryptographic keys available for the PRF function,
- thus the prf_out output of GSS_Pseudo_random() MAY be smaller than
- requested.
-
-2.1 C-Bindings
-
- #define GSS_C_PRF_KEY_FULL 0
- #define GSS_C_PRF_KEY_PARTIAL 1
-
-
-
-
-Williams Expires December 15, 2005 [Page 5]
-
-Internet-Draft A PRF Extension for the GSS-API June 2005
-
-
- OM_uint32 gss_pseudo_random(
- OM_uint32 *minor_status,
- gss_ctx_id_t context,
- int prf_key,
- const gss_buffer_t prf_in,
- ssize_t desired_output_len,
- gss_buffer_t prf_out
- );
-
- Additional major status codes for the C-bindings:
-
- o GSS_S_CALL_INACCESSIBLE_READ
-
- o GSS_S_CALL_INACCESSIBLE_WRITE
-
- See [RFC2744].
-
-2.2 Java Bindings
-
- For Java GSS_Pseudo_random() maps to a GSSContext method, 'prf':
-
- public static final int GSS_C_PRF_KEY_FULL = 0
- public static final int GSS_C_PRF_KEY_PARTIAL = 1
-
- public byte[] prf(int prf_key, byte inBuf[], int outlen)
- throws GSSException
-
- See [RFC2853].
-
-3. IANA Considerations
-
- This document has no IANA considerations currently. If and when a
- relevant IANA registry of GSS-API symbols is created then the generic
- and language-specific function names, constant names and constant
- values described above should be added to such a registry.
-
-4. Security Considerations
-
- Care should be taken in properly designing a mechanism's PRF
- function.
-
- GSS mechanisms' PRF functions should use a key derived from contexts'
- authenticated session keys and should preserve the forward security
- properties of the mechanisms' key exchanges.
-
- Some mechanisms may support the GSS PRF function with security
- contexts that are not fully established, but applications MUST assume
- that authentication, mutual or otherwise, has not completed until the
-
-
-
-Williams Expires December 15, 2005 [Page 6]
-
-Internet-Draft A PRF Extension for the GSS-API June 2005
-
-
- security context is fully established.
-
- Callers of GSS_Pseudo_random() should avoid accidentally calling it
- with the same inputs. One useful technique is to prepend to the
- prf_in input string, by convention, a string indicating the intended
- purpose of the PRF output in such a way that unique contexts in which
- the function is called yield unique inputs to it.
-
- Pseudo-random functions are, by their nature, capable of producing
- only limited amounts of cryptographically secure output. The exact
- amount of output that one can safely use, unfortunately, varies from
- one PRF to another (which prevents us from recommending specific
- numbers). Because of this we recommend that unless you really know
- what you are doing (i.e. you are a cryptographer and are qualified to
- pass judgement on cryptographic functions in areas of period,
- presence of short cycles, etc), you limit the amount of the PRF
- output used to the necessary minimum.
-
-5. References
-
-5.1 Normative References
-
- [GGM1] Goldreich, O., Goldwasser, S., and S. Micali, "How to
- Construct Random Functions", October 1986.
-
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [RFC2743] Linn, J., "Generic Security Service Application Program
- Interface Version 2, Update 1", RFC 2743, January 2000.
-
- [RFC2744] Wray, J., "Generic Security Service API Version 2 :
- C-bindings", RFC 2744, January 2000.
-
- [RFC2853] Kabat, J. and M. Upadhyay, "Generic Security Service API
- Version 2 : Java Bindings", RFC 2853, June 2000.
-
-5.2 Informative References
-
- [GGM2] Goldreich, O., Goldwasser, S., and S. Micali, "On the
- Cryptographic Applications of Random Functions", 1985.
-
- [RFC1750] Eastlake, D., Crocker, S., and J. Schiller, "Randomness
- Recommendations for Security", RFC 1750, December 1994.
-
- [RFC1964] Linn, J., "The Kerberos Version 5 GSS-API Mechanism",
- RFC 1964, June 1996.
-
-
-
-
-Williams Expires December 15, 2005 [Page 7]
-
-Internet-Draft A PRF Extension for the GSS-API June 2005
-
-
-Author's Address
-
- Nicolas Williams
- Sun Microsystems
- 5300 Riata Trace Ct
- Austin, TX 78727
- US
-
- Email: Nicolas.Williams@sun.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Williams Expires December 15, 2005 [Page 8]
-
-Internet-Draft A PRF Extension for the GSS-API June 2005
-
-
-Intellectual Property Statement
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at
- ietf-ipr@ietf.org.
-
-
-Disclaimer of Validity
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-Copyright Statement
-
- Copyright (C) The Internet Society (2005). This document is subject
- to the rights, licenses and restrictions contained in BCP 78, and
- except as set forth therein, the authors retain all their rights.
-
-
-Acknowledgment
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-Williams Expires December 15, 2005 [Page 9]
-
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 18:19:41 +0000