draft-ietf-kitten-gssapi-prf-01.txt   draft-ietf-kitten-gssapi-prf-02.txt 
NETWORK WORKING GROUP N. Williams NETWORK WORKING GROUP N. Williams
Internet-Draft Sun Internet-Draft Sun
Expires: December 30, 2004 July 2004 Expires: December 30, 2004 July 2004
A PRF API extension for the GSS-API A PRF API extension for the GSS-API
draft-ietf-kitten-gssapi-prf-01.txt draft-ietf-kitten-gssapi-prf-02.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, I certify that any applicable By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed, patent or other IPR claims of which I am aware have been disclosed,
and any of which I become aware will be disclosed, in accordance with and any of which I become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 2, line 10 skipping to change at page 2, line 10
security context. The primary intended use of this function is to security context. The primary intended use of this function is to
key secure session layers that don't or cannot use GSS-API key secure session layers that don't or cannot use GSS-API
per-message MIC (message integrity check) and wrap tokens for session per-message MIC (message integrity check) and wrap tokens for session
protection. protection.
Table of Contents Table of Contents
1. Conventions used in this document . . . . . . . . . . . . . . 3 1. Conventions used in this document . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. GSS_Pseudo_random() . . . . . . . . . . . . . . . . . . . . . 5 3. GSS_Pseudo_random() . . . . . . . . . . . . . . . . . . . . . 5
3.1 C-Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1 C-Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.1 Normative References . . . . . . . . . . . . . . . . . . . . . 8 5.1 Normative References . . . . . . . . . . . . . . . . . . . . . 8
5.2 Informative References . . . . . . . . . . . . . . . . . . . . 8 5.2 Informative References . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8
Intellectual Property and Copyright Statements . . . . . . . . 9 Intellectual Property and Copyright Statements . . . . . . . . 9
1. Conventions used in this document 1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
skipping to change at page 5, line 26 skipping to change at page 5, line 26
o minor_status INTEGER, o minor_status INTEGER,
o prf_out OCTET STRING o prf_out OCTET STRING
Return major_status codes: Return major_status codes:
o GSS_S_COMPLETE indicates no error. o GSS_S_COMPLETE indicates no error.
o GSS_S_NO_CONTEXT indicates that a null context has been provided o GSS_S_NO_CONTEXT indicates that a null context has been provided
as input. as input.
o GSS_S_CONTEXT_EXPIRED indicates that an expired context has been o GSS_S_CONTEXT_EXPIRED indicates that an expired context has been
provided as input. provided as input.
o GSS_S_UNAVAILABLE indicates that the mechanism lacks support for o GSS_S_UNAVAILABLE indicates that the mechanism lacks support for
this function. this function or, if the security context is not fully
established, that the context is not ready to compute the PRF.
o GSS_S_FAILURE indicates failure or lack of support; the minor o GSS_S_FAILURE indicates failure or lack of support; the minor
status code may provide additional information. status code may provide additional information.
This function applies the established context's mechanism's keyed PRF This function applies the established context's mechanism's keyed PRF
function to the input data (prf_in), keyed with key material function to the input data (prf_in), keyed with key material
associated with the given security context and outputs the resulting associated with the given security context and outputs the resulting
octet string (prf_out) of desired_output_len length. octet string (prf_out) of desired_output_len length.
The output string of this function MUST be a pseudo-random function The output string of this function MUST be a pseudo-random function
[GGM1][GGM2] of the input keyed with key material from the [GGM1][GGM2] of the input keyed with key material from the
skipping to change at page 5, line 51 skipping to change at page 5, line 52
This function, applied to the same inputs by an initiator and This function, applied to the same inputs by an initiator and
acceptor using the same established context, MUST produce the *same acceptor using the same established context, MUST produce the *same
results* for both, the initiator and acceptor, even if called results* for both, the initiator and acceptor, even if called
multiple times for the same context. multiple times for the same context.
Mechanisms MAY limit the output of the PRF according, possibly in Mechanisms MAY limit the output of the PRF according, possibly in
ways related to the types of cryptographic keys available for the PRF ways related to the types of cryptographic keys available for the PRF
function, thus the prf_out output of GSS_Pseudo_random() MAY be function, thus the prf_out output of GSS_Pseudo_random() MAY be
smaller than requested. smaller than requested.
Mechanisms may be able to compute PRFs with security contexts that
are not fully established, therefore applications MAY call
GSS_Pseudo_random() with such security contexts. Such mechanisms
MUST return GSS_S_UNAVAILABLE when called on to compute a PRF given a
security context that is not fully established and also not ready for
PRF computation. Mechanisms that allow for PRF computation prior to
full security context establishment MUST use the same PRF and key
material, for any given security context, both, before and after full
context establishment, and the PRF and key material negotiation MUT
be authenticated when the security context is fully established.
3.1 C-Bindings 3.1 C-Bindings
OM_uint32 gss_pseudo_random( OM_uint32 gss_pseudo_random(
OM_uint32 *minor_status, OM_uint32 *minor_status,
gss_ctx_id_t context, gss_ctx_id_t context,
const gss_buffer_t prf_in, const gss_buffer_t prf_in,
ssize_t desired_output_len, ssize_t desired_output_len,
gss_buffer_t prf_out gss_buffer_t prf_out
); );
4. Security Considerations 4. Security Considerations
skipping to change at page 8, line 4 skipping to change at page 7, line 13
); );
4. Security Considerations 4. Security Considerations
Care should be taken in properly designing a mechanism's PRF Care should be taken in properly designing a mechanism's PRF
function. function.
GSS mechanisms' PRF functions should use a key derived from contexts' GSS mechanisms' PRF functions should use a key derived from contexts'
session keys and should preserve the forward security properties of session keys and should preserve the forward security properties of
the mechanisms' key exchanges. the mechanisms' key exchanges.
Some mechanisms may support the GSS PRF function with security
contexts that are not fully established, but applications MUST assume
that authentication, mutual or otherwise, has not completed until the
security context is fully established
5. References 5. References
5.1 Normative References 5.1 Normative References
[GGM1] Goldreich, O., Goldwasser, S. and S. Micali, "How to [GGM1] Goldreich, O., Goldwasser, S. and S. Micali, "How to
Construct Random Functions", October 1986. Construct Random Functions", October 1986.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/