[jira] [Commented] (DIRKRB-509) Add SupportedKDFs in AuthPack
[ https://issues.apache.org/jira/browse/DIRKRB-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15071397#comment-15071397 ] Kai Zheng commented on DIRKRB-509: -- Very cool to figure this out!! Note I heard this draft but never saw it before. :( > Add SupportedKDFs in AuthPack > - > > Key: DIRKRB-509 > URL: https://issues.apache.org/jira/browse/DIRKRB-509 > Project: Directory Kerberos > Issue Type: Bug >Affects Versions: 1.0.0-RC2 >Reporter: Jiajia Li >Assignee: Jiajia Li > > In mit source code k5-int-pkinit.h: > {code} > /** AuthPack from RFC 4556*/ > typedef struct _krb5_auth_pack { > krb5_pk_authenticator pkAuthenticator; > krb5_subject_pk_info*clientPublicValue; /* Optional */ > krb5_algorithm_identifier **supportedCMSTypes; /* Optional */ > krb5_data clientDHNonce; /* Optional */ > krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */ > } krb5_auth_pack; > {code} > So we need add supportedKDFs in following define to enable decode the mit > request. > {code} > AuthPack ::= SEQUENCE { > pkAuthenticator [0] PKAuthenticator, > clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, > supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, > clientDHNonce [3] DHNonce OPTIONAL > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRKRB-509) Add SupportedKDFs in AuthPack
[ https://issues.apache.org/jira/browse/DIRKRB-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15071364#comment-15071364 ] Kai Zheng commented on DIRKRB-509: -- Good catch Jiajia!! It looks like MIT implementation is kinds of out of sync with the RFC4556 family. Did you report this to MIT KRB DEV? Noted the comment for {{AuthPack}} in the head didn't update accordingly. I will fix it. > Add SupportedKDFs in AuthPack > - > > Key: DIRKRB-509 > URL: https://issues.apache.org/jira/browse/DIRKRB-509 > Project: Directory Kerberos > Issue Type: Bug >Affects Versions: 1.0.0-RC2 >Reporter: Jiajia Li >Assignee: Jiajia Li > > In mit source code k5-int-pkinit.h: > {code} > /** AuthPack from RFC 4556*/ > typedef struct _krb5_auth_pack { > krb5_pk_authenticator pkAuthenticator; > krb5_subject_pk_info*clientPublicValue; /* Optional */ > krb5_algorithm_identifier **supportedCMSTypes; /* Optional */ > krb5_data clientDHNonce; /* Optional */ > krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */ > } krb5_auth_pack; > {code} > So we need add supportedKDFs in following define to enable decode the mit > request. > {code} > AuthPack ::= SEQUENCE { > pkAuthenticator [0] PKAuthenticator, > clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, > supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, > clientDHNonce [3] DHNonce OPTIONAL > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRKRB-509) Add SupportedKDFs in AuthPack
[ https://issues.apache.org/jira/browse/DIRKRB-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15071385#comment-15071385 ] Jiajia Li commented on DIRKRB-509: -- >From MIT KRB DEV: The define is from >https://tools.ietf.org/html/draft-ietf-krb-wg-pkinit-alg-agility-07, with some >extensions based on RFC4556. > Add SupportedKDFs in AuthPack > - > > Key: DIRKRB-509 > URL: https://issues.apache.org/jira/browse/DIRKRB-509 > Project: Directory Kerberos > Issue Type: Bug >Affects Versions: 1.0.0-RC2 >Reporter: Jiajia Li >Assignee: Jiajia Li > > In mit source code k5-int-pkinit.h: > {code} > /** AuthPack from RFC 4556*/ > typedef struct _krb5_auth_pack { > krb5_pk_authenticator pkAuthenticator; > krb5_subject_pk_info*clientPublicValue; /* Optional */ > krb5_algorithm_identifier **supportedCMSTypes; /* Optional */ > krb5_data clientDHNonce; /* Optional */ > krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */ > } krb5_auth_pack; > {code} > So we need add supportedKDFs in following define to enable decode the mit > request. > {code} > AuthPack ::= SEQUENCE { > pkAuthenticator [0] PKAuthenticator, > clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, > supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, > clientDHNonce [3] DHNonce OPTIONAL > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRKRB-509) Add SupportedKDFs in AuthPack
[ https://issues.apache.org/jira/browse/DIRKRB-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15071371#comment-15071371 ] Jiajia Li commented on DIRKRB-509: -- Not yet, I will report it, thanks. > Add SupportedKDFs in AuthPack > - > > Key: DIRKRB-509 > URL: https://issues.apache.org/jira/browse/DIRKRB-509 > Project: Directory Kerberos > Issue Type: Bug >Affects Versions: 1.0.0-RC2 >Reporter: Jiajia Li >Assignee: Jiajia Li > > In mit source code k5-int-pkinit.h: > {code} > /** AuthPack from RFC 4556*/ > typedef struct _krb5_auth_pack { > krb5_pk_authenticator pkAuthenticator; > krb5_subject_pk_info*clientPublicValue; /* Optional */ > krb5_algorithm_identifier **supportedCMSTypes; /* Optional */ > krb5_data clientDHNonce; /* Optional */ > krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */ > } krb5_auth_pack; > {code} > So we need add supportedKDFs in following define to enable decode the mit > request. > {code} > AuthPack ::= SEQUENCE { > pkAuthenticator [0] PKAuthenticator, > clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, > supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, > clientDHNonce [3] DHNonce OPTIONAL > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRKRB-509) Add SupportedKDFs in AuthPack
[ https://issues.apache.org/jira/browse/DIRKRB-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15067631#comment-15067631 ] Jiajia Li commented on DIRKRB-509: -- commit 803b3d05244d80af3447e3cdb4336fae85c2c4a9 Author: plusplusjiajiaDate: Tue Dec 22 14:44:39 2015 +0800 DIRKRB-509 Add SupportedKDFs in AuthPack. > Add SupportedKDFs in AuthPack > - > > Key: DIRKRB-509 > URL: https://issues.apache.org/jira/browse/DIRKRB-509 > Project: Directory Kerberos > Issue Type: Bug >Affects Versions: 1.0.0-RC2 >Reporter: Jiajia Li >Assignee: Jiajia Li > > In mit source code k5-int-pkinit.h: > {code} > /** AuthPack from RFC 4556*/ > typedef struct _krb5_auth_pack { > krb5_pk_authenticator pkAuthenticator; > krb5_subject_pk_info*clientPublicValue; /* Optional */ > krb5_algorithm_identifier **supportedCMSTypes; /* Optional */ > krb5_data clientDHNonce; /* Optional */ > krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */ > } krb5_auth_pack; > {code} > So we need add supportedKDFs in following define to enable decode the mit > request. > {code} > AuthPack ::= SEQUENCE { > pkAuthenticator [0] PKAuthenticator, > clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, > supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, > clientDHNonce [3] DHNonce OPTIONAL > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)