Get signature size from gss_wrap

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Get signature size from gss_wrap

Николай Кинаш
Hello.
I have two questions.
1. Is there any way to get a size of the signature from gss_wrap output
buffer?

2. I'm using aes256-cts-hmac-sha1-96 scheme. The first 16 bytes of output
buffer from gss_wrap is a header as specified in
https://www.ietf.org/rfc/rfc4121.txt and right after the header there is a
signature, right?

Regards,
Nikolay Kinash
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Get signature size from gss_wrap

Benjamin Kaduk-2
On Fri, 15 Jan 2016, Николай Кинаш wrote:

> Hello.
> I have two questions.
> 1. Is there any way to get a size of the signature from gss_wrap output
> buffer?

I'm not entirely sure what you're asking for.  Wrap tokens generally are
using symmetric-keyed MICs for message authenticity, not asymmetric crypto
signatures.

In any case, are you asking how to determine just the length of the
integrity-protection portion of the wrap token?  This is something below
the GSS-API layer (which deals only in whole tokens), and so will be
determined by the specification for the individual mechanism in use.

> 2. I'm using aes256-cts-hmac-sha1-96 scheme. The first 16 bytes of output
> buffer from gss_wrap is a header as specified in
> https://www.ietf.org/rfc/rfc4121.txt and right after the header there is a
> signature, right?

The on-the-wire layout again is now enctype-specific, depending on the RFC
3961 encryption profile in use.  That enctype is specified in RFC 3962,
but uses the "simplified profile" specified in RFC 3961.  That simplified
profile puts the ciphertext first and then the MIC (see page 15).

In the gss_wrap context, the wire layout can also be influenced by whether
"DCE-style" tokens are used, which "rotate" the bits as in a circular
buffer before putting on the wire.  But you probably would know if that
was the case you're looking at.

-Ben
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev