draft-ietf-kitten-gssapi-prf-00.txt   draft-ietf-kitten-gssapi-prf-01.txt 
NETWORK WORKING GROUP N. Williams NETWORK WORKING GROUP N. Williams
Internet-Draft Sun Internet-Draft Sun
Expires: December 30, 2004 July 2004 Expires: December 30, 2004 July 2004
A PRF API extension for the GSS-API A PRF API extension for the GSS-API
draft-ietf-kitten-gssapi-prf-00.txt draft-ietf-kitten-gssapi-prf-01.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, I certify that any applicable By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed, patent or other IPR claims of which I am aware have been disclosed,
and any of which I become aware will be disclosed, in accordance with and any of which I become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 2, line 10 skipping to change at page 2, line 10
security context. The primary intended use of this function is to security context. The primary intended use of this function is to
key secure session layers that don't or cannot use GSS-API key secure session layers that don't or cannot use GSS-API
per-message MIC (message integrity check) and wrap tokens for session per-message MIC (message integrity check) and wrap tokens for session
protection. protection.
Table of Contents Table of Contents
1. Conventions used in this document . . . . . . . . . . . . . . 3 1. Conventions used in this document . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. GSS_Pseudo_random() . . . . . . . . . . . . . . . . . . . . . 5 3. GSS_Pseudo_random() . . . . . . . . . . . . . . . . . . . . . 5
3.1 C-Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1 C-Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7
5. Normative . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 7 5.1 Normative References . . . . . . . . . . . . . . . . . . . . . 8
Intellectual Property and Copyright Statements . . . . . . . . 8 5.2 Informative References . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8
Intellectual Property and Copyright Statements . . . . . . . . 9
1. Conventions used in this document 1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Introduction 2. Introduction
A need has arisen for users of the GSS-API to key applications' A need has arisen for users of the GSS-API to key applications'
cryptographic protocols using established GSS-API security contexts. cryptographic protocols using established GSS-API security contexts.
Such applications can use the GSS-API for authentication, but not for Such applications can use the GSS-API for authentication, but not for
transport security (for whatever reasons), and since the GSS-API does transport security (for whatever reasons), and since the GSS-API does
not provide a method for obtaining keying material from established not provide a method for obtaining keying material from established
security contexts such applications cannot make effective use of the security contexts such applications cannot make effective use of the
GSS-API. GSS-API.
To address this need we define a PRF extension to the GSS-API. To address this need we define a pseudo-random function (PRF)
extension to the GSS-API.
3. GSS_Pseudo_random() 3. GSS_Pseudo_random()
Inputs: Inputs:
o context CONTEXT handle, o context CONTEXT handle,
o prf_in OCTET STRING, o prf_in OCTET STRING,
o desired_output_len INTEGER o desired_output_len INTEGER
Outputs: Outputs:
skipping to change at page 5, line 26 skipping to change at page 5, line 26
o minor_status INTEGER, o minor_status INTEGER,
o prf_out OCTET STRING o prf_out OCTET STRING
Return major_status codes: Return major_status codes:
o GSS_S_COMPLETE indicates no error. o GSS_S_COMPLETE indicates no error.
o GSS_S_NO_CONTEXT indicates that a null context has been provided o GSS_S_NO_CONTEXT indicates that a null context has been provided
as input. as input.
o GSS_S_CONTEXT_EXPIRED indicates that an expired context has been o GSS_S_CONTEXT_EXPIRED indicates that an expired context has been
provided as input. provided as input.
o GSS_S_UNAVAILABLE indicates that the mechanism lacks support for o GSS_S_UNAVAILABLE indicates that the mechanism lacks support for
this functions. this function.
o GSS_S_FAILURE indicates failure or lack of support; the minor o GSS_S_FAILURE indicates failure or lack of support; the minor
status code may provide additional information. status code may provide additional information.
This function applies the established context's mechanism's keyed PRF This function applies the established context's mechanism's keyed PRF
function to the input data (prf_in), keyed with key material function to the input data (prf_in), keyed with key material
associated with the given security context and outputs the resulting associated with the given security context and outputs the resulting
octet string (prf_out) of desired_output_len length. octet string (prf_out) of desired_output_len length.
The output string of this function MUST be a pseudo-random function
[GGM1][GGM2] of the input keyed with key material from the
established security context -- the chances of getting the same
output given different input parameters should be exponentially
small.
This function, applied to the same inputs by an initiator and
acceptor using the same established context, MUST produce the *same
results* for both, the initiator and acceptor, even if called
multiple times for the same context.
Mechanisms MAY limit the output of the PRF according, possibly in Mechanisms MAY limit the output of the PRF according, possibly in
ways related to the types of cryptographic keys available for the PRF ways related to the types of cryptographic keys available for the PRF
function, thus the prf_out output of GSS_Pseudo_random() MAY be function, thus the prf_out output of GSS_Pseudo_random() MAY be
smaller than requested. smaller than requested.
This function, applied to the same inputs by an initiator and
acceptor using the same established context, produces the *same
results* for both, the initiator and acceptor.
Applications SHOULD NOT make more than one GSS PRF call
per-established security context.
If an application makes multiple calls, per established security
context, to the GSS PRF, then it is up to the application to ensure
synchronization of order of function calls between initiator and
acceptor; such applications SHOULD provide different input octet
strings to each such GSS PRF call. The result of making multiple
calls to the GSS PRF in different order on the initiator and acceptor
sides is undefined.
3.1 C-Bindings 3.1 C-Bindings
OM_uint32 gss_pseudo_random( OM_uint32 gss_pseudo_random(
OM_uint32 *minor_status, OM_uint32 *minor_status,
gss_ctx_id_t context, gss_ctx_id_t context,
const gss_buffer_t prf_in, const gss_buffer_t prf_in,
ssize_t desired_output_len, ssize_t desired_output_len,
gss_buffer_t prf_out gss_buffer_t prf_out
); );
4. Security Considerations 4. Security Considerations
skipping to change at page 7, line 14 skipping to change at page 8, line 5
4. Security Considerations 4. Security Considerations
Care should be taken in properly designing a mechanism's PRF Care should be taken in properly designing a mechanism's PRF
function. function.
GSS mechanisms' PRF functions should use a key derived from contexts' GSS mechanisms' PRF functions should use a key derived from contexts'
session keys and should preserve the forward security properties of session keys and should preserve the forward security properties of
the mechanisms' key exchanges. the mechanisms' key exchanges.
5 Normative 5. References
5.1 Normative References
[GGM1] Goldreich, O., Goldwasser, S. and S. Micali, "How to
Construct Random Functions", October 1986.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2743] Linn, J., "Generic Security Service Application Program [RFC2743] Linn, J., "Generic Security Service Application Program
Interface Version 2, Update 1", RFC 2743, January 2000. Interface Version 2, Update 1", RFC 2743, January 2000.
[RFC2744] Wray, J., "Generic Security Service API Version 2 : [RFC2744] Wray, J., "Generic Security Service API Version 2 :
C-bindings", RFC 2744, January 2000. C-bindings", RFC 2744, January 2000.
5.2 Informative References
[GGM2] Goldreich, O., Goldwasser, S. and S. Micali, "On the
Cryptographic Applications of Random Functions", 1985.
[RFC1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
Recommendations for Security", RFC 1750, December 1994.
Author's Address Author's Address
Nicolas Williams Nicolas Williams
Sun Microsystems Sun Microsystems
5300 Riata Trace Ct 5300 Riata Trace Ct
Austin, TX 78727 Austin, TX 78727
US US
EMail: Nicolas.Williams@sun.com EMail: Nicolas.Williams@sun.com
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/