RFR 8014628: Support AES Encryption with HMAC-SHA2 for Kerberos 5 (original) (raw)

Weijun Wang weijun.wang at oracle.com
Mon Sep 18 09:15:24 UTC 2017

• Previous message (by thread): JEP for X25519/X448 key agreement
• Next message (by thread): StackOverflowError - Java 9 Build 181
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All

Please take a review at

http://cr.openjdk.java.net/~weijun/8014628/webrev.00/

Most changes are just duplicating existing classes/methods/fields on AES-SHA1 etypes. One day we might do some refactoring to simplify this.

Real changes:

• AesSha2DkCrypto.java:

1. A new dr() method, explained in https://tools.ietf.org/html/rfc8009#section-3

2. etype name used in stringToKey(), explained in https://tools.ietf.org/html/rfc8009#section-4

3. A separate deriveKey() method. Not only it reduces duplicated codes, but it is also used in KerberosAesSha2.java the test.

• Config.java:

Previous AES-SHA1 etypes now have aliases aes128-sha1 and aes256-sha1.

• EType.java:

The default enctypes set now includes the new aes-sha2 etypes, but aes-sha1 etypes are more preferred. This is also what MIT krb5 is doing.

• KerberosAesSha2.java

Test vectors in https://tools.ietf.org/html/rfc8009#appendix-A.

Thanks Max

• Previous message (by thread): JEP for X25519/X448 key agreement
• Next message (by thread): StackOverflowError - Java 9 Build 181
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the security-dev mailing list