diff --git a/doc/standardisation/draft-ietf-kitten-gssapi-prf-01.txt b/doc/standardisation/draft-ietf-kitten-gssapi-prf-01.txt new file mode 100644 index 000000000..99676165d --- /dev/null +++ b/doc/standardisation/draft-ietf-kitten-gssapi-prf-01.txt @@ -0,0 +1,505 @@ + + +NETWORK WORKING GROUP N. Williams +Internet-Draft Sun +Expires: December 30, 2004 July 2004 + + + A PRF API extension for the GSS-API + draft-ietf-kitten-gssapi-prf-01.txt + +Status of this Memo + + By submitting this Internet-Draft, I certify that any applicable + patent or other IPR claims of which I am aware have been disclosed, + and any of which I become aware will be disclosed, in accordance with + RFC 3668. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF), its areas, and its working groups. Note that + other groups may also distribute working documents as + Internet-Drafts. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + The list of current Internet-Drafts can be accessed at + http://www.ietf.org/ietf/1id-abstracts.txt. + + The list of Internet-Draft Shadow Directories can be accessed at + http://www.ietf.org/shadow.html. + + This Internet-Draft will expire on December 30, 2004. + +Copyright Notice + + Copyright (C) The Internet Society (2004). All Rights Reserved. + +Abstract + + This document defines a Pseudo-Random Function (PRF) extension to the + Generic Security Service Applicatoin Programming Interface (GSS-API) + for keying application protocols given an established GSS-API + security context. The primary intended use of this function is to + key secure session layers that don't or cannot use GSS-API + per-message MIC (message integrity check) and wrap tokens for session + protection. + + + + + + +Williams Expires December 30, 2004 [Page 1] + +Internet-Draft A PRF Extension for the GSS-API July 2004 + + +Table of Contents + + 1. Conventions used in this document . . . . . . . . . . . . . . 3 + 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 3. GSS_Pseudo_random() . . . . . . . . . . . . . . . . . . . . . 5 + 3.1 C-Bindings . . . . . . . . . . . . . . . . . . . . . . . . . . 5 + 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 + 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 + 5.1 Normative References . . . . . . . . . . . . . . . . . . . . . 8 + 5.2 Informative References . . . . . . . . . . . . . . . . . . . . 8 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8 + Intellectual Property and Copyright Statements . . . . . . . . 9 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Williams Expires December 30, 2004 [Page 2] + +Internet-Draft A PRF Extension for the GSS-API July 2004 + + +1. Conventions used in this document + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Williams Expires December 30, 2004 [Page 3] + +Internet-Draft A PRF Extension for the GSS-API July 2004 + + +2. Introduction + + A need has arisen for users of the GSS-API to key applications' + cryptographic protocols using established GSS-API security contexts. + Such applications can use the GSS-API for authentication, but not for + transport security (for whatever reasons), and since the GSS-API does + not provide a method for obtaining keying material from established + security contexts such applications cannot make effective use of the + GSS-API. + + To address this need we define a pseudo-random function (PRF) + extension to the GSS-API. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Williams Expires December 30, 2004 [Page 4] + +Internet-Draft A PRF Extension for the GSS-API July 2004 + + +3. GSS_Pseudo_random() + + Inputs: + + o context CONTEXT handle, + o prf_in OCTET STRING, + o desired_output_len INTEGER + + Outputs: + + o major_status INTEGER, + o minor_status INTEGER, + o prf_out OCTET STRING + + Return major_status codes: + o GSS_S_COMPLETE indicates no error. + o GSS_S_NO_CONTEXT indicates that a null context has been provided + as input. + o GSS_S_CONTEXT_EXPIRED indicates that an expired context has been + provided as input. + o GSS_S_UNAVAILABLE indicates that the mechanism lacks support for + this function. + o GSS_S_FAILURE indicates failure or lack of support; the minor + status code may provide additional information. + + This function applies the established context's mechanism's keyed PRF + function to the input data (prf_in), keyed with key material + associated with the given security context and outputs the resulting + octet string (prf_out) of desired_output_len length. + + The output string of this function MUST be a pseudo-random function + [GGM1][GGM2] of the input keyed with key material from the + established security context -- the chances of getting the same + output given different input parameters should be exponentially + small. + + This function, applied to the same inputs by an initiator and + acceptor using the same established context, MUST produce the *same + results* for both, the initiator and acceptor, even if called + multiple times for the same context. + + Mechanisms MAY limit the output of the PRF according, possibly in + ways related to the types of cryptographic keys available for the PRF + function, thus the prf_out output of GSS_Pseudo_random() MAY be + smaller than requested. + +3.1 C-Bindings + + + + +Williams Expires December 30, 2004 [Page 5] + +Internet-Draft A PRF Extension for the GSS-API July 2004 + + + OM_uint32 gss_pseudo_random( + OM_uint32 *minor_status, + gss_ctx_id_t context, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out + ); + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Williams Expires December 30, 2004 [Page 6] + +Internet-Draft A PRF Extension for the GSS-API July 2004 + + +4. Security Considerations + + Care should be taken in properly designing a mechanism's PRF + function. + + GSS mechanisms' PRF functions should use a key derived from contexts' + session keys and should preserve the forward security properties of + the mechanisms' key exchanges. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Williams Expires December 30, 2004 [Page 7] + +Internet-Draft A PRF Extension for the GSS-API July 2004 + + +5. References + +5.1 Normative References + + [GGM1] Goldreich, O., Goldwasser, S. and S. Micali, "How to + Construct Random Functions", October 1986. + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC2743] Linn, J., "Generic Security Service Application Program + Interface Version 2, Update 1", RFC 2743, January 2000. + + [RFC2744] Wray, J., "Generic Security Service API Version 2 : + C-bindings", RFC 2744, January 2000. + +5.2 Informative References + + [GGM2] Goldreich, O., Goldwasser, S. and S. Micali, "On the + Cryptographic Applications of Random Functions", 1985. + + [RFC1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness + Recommendations for Security", RFC 1750, December 1994. + + +Author's Address + + Nicolas Williams + Sun Microsystems + 5300 Riata Trace Ct + Austin, TX 78727 + US + + EMail: Nicolas.Williams@sun.com + + + + + + + + + + + + + + + + + +Williams Expires December 30, 2004 [Page 8] + +Internet-Draft A PRF Extension for the GSS-API July 2004 + + +Intellectual Property Statement + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + + +Disclaimer of Validity + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + + +Copyright Statement + + Copyright (C) The Internet Society (2004). This document is subject + to the rights, licenses and restrictions contained in BCP 78, and + except as set forth therein, the authors retain all their rights. + + +Acknowledgment + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + +Williams Expires December 30, 2004 [Page 9] + + diff --git a/doc/standardisation/draft-ietf-kitten-krb5-gssapi-prf-01.txt b/doc/standardisation/draft-ietf-kitten-krb5-gssapi-prf-01.txt new file mode 100644 index 000000000..a15914721 --- /dev/null +++ b/doc/standardisation/draft-ietf-kitten-krb5-gssapi-prf-01.txt @@ -0,0 +1,393 @@ + + +NETWORK WORKING GROUP N. Williams +Internet-Draft Sun +Expires: December 30, 2004 July 2004 + + + A PRF for the Kerberos V GSS-API Mechanism + draft-ietf-kitten-krb5-gssapi-prf-01.txt + +Status of this Memo + + By submitting this Internet-Draft, I certify that any applicable + patent or other IPR claims of which I am aware have been disclosed, + and any of which I become aware will be disclosed, in accordance with + RFC 3668. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF), its areas, and its working groups. Note that + other groups may also distribute working documents as + Internet-Drafts. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + The list of current Internet-Drafts can be accessed at + http://www.ietf.org/ietf/1id-abstracts.txt. + + The list of Internet-Draft Shadow Directories can be accessed at + http://www.ietf.org/shadow.html. + + This Internet-Draft will expire on December 30, 2004. + +Copyright Notice + + Copyright (C) The Internet Society (2004). All Rights Reserved. + +Abstract + + This document defines the Pseudo-Random Function (PRF) for the + Kerberos V mechanism for the Generic Security Service Application + Programming Interface (GSS-API), based on the PRF defined for the + Kerberos V cryptographic framework, for keying application protocols + given an established Kerberos V GSS-API security context. + + + + + + + + +Williams Expires December 30, 2004 [Page 1] + +Internet-Draft A PRF for the Kerberos V Mech July 2004 + + +Table of Contents + + 1. Conventions used in this document . . . . . . . . . . . . . . . 3 + 2. Kerberos V GSS Mechanism PRF . . . . . . . . . . . . . . . . . . 4 + 3. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 + 4. Normative References . . . . . . . . . . . . . . . . . . . . . . 5 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 + Intellectual Property and Copyright Statements . . . . . . . . . 7 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Williams Expires December 30, 2004 [Page 2] + +Internet-Draft A PRF for the Kerberos V Mech July 2004 + + +1. Conventions used in this document + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Williams Expires December 30, 2004 [Page 3] + +Internet-Draft A PRF for the Kerberos V Mech July 2004 + + +2. Kerberos V GSS Mechanism PRF + + The GSS-API PRF [GSS-PRF] function for the Kerberos V mechanism [CFX] + shall be the output of a PRF+ function based on the enctype's PRF + function keyed with the negotiated session key of the security + context and key usage X (TBD). + + The security context MUST be fully established, else the mechanism + MUST fail with GSS_S_FAILURE as the major status code and + GSS_KRB5_S_KG_CTX_INCOMPLETE as the minor status code. + + This PRF+ MUST be keyed with a key derived, with key usage (TBD), + from the session used by the initiator and acceptor, after the + security context is fully established, to derive keys for per-message + tokens. For the current Kerberos V mechanism [CFX] this means that + the PRF+ MUST be keyed with the acceptor-asserted subkey, if it did + assert such a key, or the initiator's sub-session key otherwise. + + The PRF+ function is a simple counter-based extension of the Kerberos + V pseudo-random function [KRB5-CRYPTO] for the enctype of the + security context's keys: + + PRF+(K, L, S) = truncate(L, T1 || T2 || .. || Tn) + + Tn = pseudo-random-function(K, n || S) + + where '||' is the concatenation operator, 'n' is encoded as a + network byte order 32-bit unsigned binary number, and where + truncate(L, S) truncates the input octet string S to length L. + + The maximum output size of the Kerberos V mechanism's GSS-API PRF + then is, necessarily, 2^32 octets. + + Implementations MUST support output size of up to 2^14 octets at + least. + + If the implementation cannot produce the desired output then it MUST + output what it can. + + The minimum input octet string length that implementations MUST + support is also 2^14 octets. If the input octet string is longer + than the maximum that an implementation can process then the + implementation MUST fail with GSS_S_FAILURE as the major status code + and GSS_KRB5_S_KG_INPUT_TOO_LONG as the minor status code. + + + + + + + +Williams Expires December 30, 2004 [Page 4] + +Internet-Draft A PRF for the Kerberos V Mech July 2004 + + +3. Security Considerations + + Kerberos V enctypes' PRF functions use a key derived from contexts' + session keys and should preserve the forward security properties of + the mechanisms' key exchanges. + + Legacy Kerberos V enctypes may be weak, particularly the single-DES + enctypes. + + See also [GSS-PRF] for generic security considerations of + GSS_Pseudo_random(). + + The computational cost of computing this PRF+ may vary depending on + the Kerberos V enctypes being used, but generally the computation of + this PRF+ gets more expensive as the input and output octet string + lengths grow (note that the use of a counter in the PRF+ construction + allows for parallelization). This means that if an application can + be tricked into providing very large input octet strings and + requesting very long output octet strings then that may constitue a + denial of service attack on the application; therefore applications + SHOULD place appropriate limits on the size of any input octet + strings received from their peers without integrity protection. + +4 Normative References + + [CFX] Zhu, L., Jaganathan, K. and S. Hartman, "The Kerberos + Version 5 GSS-API Mechanism: Version 2". + + [GSS-PRF] Williams, N., "A PRF API extension for the GSS-API". + + [KRB5-CRYPTO] + Raeburn, K., "Encryption and Checksum Specifications for + Kerberos 5". + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC2743] Linn, J., "Generic Security Service Application Program + Interface Version 2, Update 1", RFC 2743, January 2000. + + [RFC2744] Wray, J., "Generic Security Service API Version 2 : + C-bindings", RFC 2744, January 2000. + + +Author's Address + + Nicolas Williams + Sun Microsystems + + + +Williams Expires December 30, 2004 [Page 5] + +Internet-Draft A PRF for the Kerberos V Mech July 2004 + + + 5300 Riata Trace Ct + Austin, TX 78727 + US + + EMail: Nicolas.Williams@sun.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Williams Expires December 30, 2004 [Page 6] + +Internet-Draft A PRF for the Kerberos V Mech July 2004 + + +Intellectual Property Statement + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + + +Disclaimer of Validity + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + + +Copyright Statement + + Copyright (C) The Internet Society (2004). This document is subject + to the rights, licenses and restrictions contained in BCP 78, and + except as set forth therein, the authors retain all their rights. + + +Acknowledgment + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + +Williams Expires December 30, 2004 [Page 7] + +