rfc2025.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

Adams                       Standards Track                    [Page 22]

RFC 2025                          SPKM                      October 1996


           conf-alg [1]     Conf-Alg OPTIONAL,
                                -- Confidentiality algorithm indicator
                                -- (must be NULL or one of the agreed
                                -- confidentiality algorithms for this
                                -- context).
                                -- field not present = default id.
                                -- NULL = none (no conf. applied).
           snd-seq [2]      SeqNum OPTIONAL
                                -- sequence number field.
   }



   Wrap-Body ::= SEQUENCE {
           int-cksum        BIT STRING,
                                -- Checksum of header and data,
                                -- calculated according to algorithm
                                -- specified in int-alg field.
           data             BIT STRING
                                -- encrypted or plaintext data.
   }

   Conf-Alg ::= CHOICE {
           algId [0]        AlgorithmIdentifier,
           null [1]         NULL
   }


3.2.2.1: Confounding

   As in [KRB5], an 8-byte random confounder is prepended to the data to
   compensate for the fact that an IV of zero is used for encryption.
   The result is referred to as the "confounded" data field.

3.2.2.2. Checksum

   Checksum calculation procedure (common to all algorithms): Checksums
   are calculated over the plaintext data field, logically prepended by
   the bytes of the plaintext token header (wrap-header).  As with
   gss_sign() / gss_getMIC(), the result binds the data to the entire
   plaintext header, so as to minimize the possibility of malicious
   splicing.

   The examples for md5WithRSA and DES-MAC are exactly as specified in
   3.2.1.1.

   If int-alg specifies md5-DES-CBC and conf-alg specifies anything
   other than DES-CBC, then the checksum is computed according to



Adams                       Standards Track                    [Page 23]

RFC 2025                          SPKM                      October 1996


   3.2.1.1 and the result is stored in int-cksum.  However, if conf-alg
   specifies DES-CBC then the encryption and the integrity are done as
   follows.  An MD5 [RFC-1321] hash is computed over the plaintext data
   (prepended by the header).  This 16-byte value is appended to the
   concatenation of the "confounded" data and 1-8 padding bytes (the
   padding is as specified in [KRB5] for DES-CBC).  The result is then
   CBC encrypted using the DES-CBC subkey (see Section 2.4) and placed
   in the "data" field of Wrap-Body.  The final two blocks of ciphertext
   (i.e., the encrypted MD5 hash) are also placed in the int-cksum field
   of Wrap-Body as the integrity checksum.

   If int-alg specifies sum64-DES-CBC then conf-alg must specify DES-CBC
   (i.e., confidentiality must be requested by the calling application
   or SPKM will return an error).  Encryption and integrity are done in
   a single pass using the DES-CBC subkey as follows.  The sum (modulo
   2**64 - 1) of all plaintext data blocks (prepended by the header) is
   computed.  This 8-byte value is appended to the concatenation of the
   "confounded" data and 1-8 padding bytes (the padding is as specified
   in [KRB5] for DES-CBC).  As above, the result is then CBC encrypted
   and placed in the "data" field of Wrap-Body. The final block of
   ciphertext (i.e., the encrypted sum) is also placed in the int-cksum
   field of Wrap-Body as the integrity checksum.

3.2.2.3 Sequence Number

   Sequence numbers are computed and processed for gss_wrap() exactly as
   specified in 3.2.1.2 and 3.2.1.3.

3.2.2.4: Data Encryption

   The following procedure is followed unless (a) conf-alg is NULL (no
   encryption), or (b) conf-alg is DES-CBC and int-alg is md5-DES-CBC
   (encryption as specified in 3.2.2.2), or (c) int-alg is sum64-DES-CBC
   (encryption as specified in 3.2.2.2):

   The "confounded" data is padded and encrypted according to the
   algorithm specified in the conf-alg field.  The data is encrypted
   using CBC with an IV of zero.  The key used is the appropriate subkey
   derived from the established context key using the subkey derivation
   algorithm described in Section 2.4 (this ensures that the subkey used
   for encryption and the subkey used for a separate, keyed integrity
   algorithm -- for example DES-MAC, but not sum64-DES-CBC -- are
   different).

3.2.3. Context deletion token

   The token emitted by gss_delete_sec_context() is based on the format
   for tokens emitted by gss_sign() / gss_getMIC().



Adams                       Standards Track                    [Page 24]

RFC 2025                          SPKM                      October 1996


   The SPKM-DEL token has the following format:

   SPKM-DEL ::= SEQUENCE {
           del-header       Del-Header,
           int-cksum        BIT STRING
                                -- Checksum of header, calculated
                                -- according to algorithm specified
                                -- in int-alg field.
   }

   Del-Header ::= SEQUENCE {
           tok-id           INTEGER (769),
                                -- shall contain 0301 (hex)
           context-id       Random-Integer,
           int-alg [0]      AlgorithmIdentifier OPTIONAL,
                                -- Integrity algorithm indicator (must
                                -- be one of the agreed integrity
                                -- algorithms for this context).
                                -- field not present = default id.
           snd-seq [1]      SeqNum OPTIONAL
                                -- sequence number field.
   }

   The field snd-seq will be calculated as for tokens emitted by
   gss_sign() / gss_getMIC().  The field int-cksum will be calculated as
   for tokens emitted by gss_sign() / gss_getMIC(), except that the
   user-data component of the checksum data will be a zero-length
   string.

   If a valid delete token is received, then the SPKM implementation
   will delete the context and gss_process_context_token() will return a
   major status of GSS_S_COMPLETE and a minor status of
   GSS_SPKM_S_SG_CONTEXT_DELETED.  If, on the other hand, the delete
   token is invalid, the context will not be deleted and
   gss_process_context_token() will return the appropriate major status
   (GSS_S_BAD_SIG, for example) and a minor status of
   GSS_SPKM_S_SG_BAD_DELETE_TOKEN_RECD.  The application may wish to
   take some action at this point to check the context status (such as
   sending a sealed/wrapped test message to its peer and waiting for a
   sealed/wrapped response).

4. Name Types and Object Identifiers

   No mandatory name forms have yet been defined for SPKM.  This section
   is for further study.






Adams                       Standards Track                    [Page 25]

RFC 2025                          SPKM                      October 1996


4.1. Optional Name Forms

   This section discusses name forms which may optionally be supported
   by implementations of the SPKM GSS-API mechanism.  It is recognized
   that OS-specific functions outside GSS-API are likely to exist in
   order to perform translations among these forms, and that GSS-API
   implementations supporting these forms may themselves be layered atop
   such OS-specific functions.  Inclusion of this support within GSS-API
   implementations is intended as a convenience to applications.

4.1.1. User Name Form

   This name form shall be represented by the Object Identifier {iso(1)
   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
   generic(1) user_name(1)}.  The recommended symbolic name for this
   type is "GSS_SPKM_NT_USER_NAME".

   This name type is used to indicate a named user on a local system.
   Its interpretation is OS-specific.  This name form is constructed as:

      username

4.1.2. Machine UID Form

   This name form shall be represented by the Object Identifier {iso(1)
   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
   generic(1) machine_uid_name(2)}.  The recommended symbolic name for
   this type is "GSS_SPKM_NT_MACHINE_UID_NAME".

   This name type is used to indicate a numeric user identifier
   corresponding to a user on a local system.  Its interpretation is
   OS-specific.  The gss_buffer_desc representing a name of this type
   should contain a locally-significant uid_t, represented in host byte
   order.  The gss_import_name() operation resolves this uid into a
   username, which is then treated as the User Name Form.

4.1.3. String UID Form

   This name form shall be represented by the Object Identifier {iso(1)
   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
   generic(1) string_uid_name(3)}.  The recommended symbolic name for
   this type is "GSS_SPKM_NT_STRING_UID_NAME".

   This name type is used to indicate a string of digits representing
   the numeric user identifier of a user on a local system.  Its
   interpretation is OS-specific. This name type is similar to the
   Machine UID Form, except that the buffer contains a string
   representing the uid_t.



Adams                       Standards Track                    [Page 26]

RFC 2025                          SPKM                      October 1996


5. Parameter Definitions

   This section defines parameter values used by the SPKM GSS-API
   mechanism.  It defines interface elements in support of portability.

5.1. Minor Status Codes

   This section recommends common symbolic names for minor_status values
   to be returned by the SPKM GSS-API mechanism.  Use of these
   definitions will enable independent implementors to enhance
   application portability across different implementations of the
   mechanism defined in this specification.  (In all cases,
   implementations of gss_display_status() will enable callers to
   convert minor_status indicators to text representations.) Each
   implementation must make available, through include files or other
   means, a facility to translate these symbolic names into the concrete
   values which a particular GSS-API implementation uses to represent
   the minor_status values specified in this section.  It is recognized
   that this list may grow over time, and that the need for additional
   minor_status codes specific to particular implementations may arise.

5.1.1. Non-SPKM-specific codes (Minor Status Code MSB, bit 31, SET)

5.1.1.1. GSS-Related codes (Minor Status Code bit 30 SET)

   GSS_S_G_VALIDATE_FAILED
       /* "Validation error" */
   GSS_S_G_BUFFER_ALLOC
       /* "Couldn't allocate gss_buffer_t data" */
   GSS_S_G_BAD_MSG_CTX
       /* "Message context invalid" */
   GSS_S_G_WRONG_SIZE
       /* "Buffer is the wrong size" */
   GSS_S_G_BAD_USAGE
       /* "Credential usage type is unknown" */
   GSS_S_G_UNAVAIL_QOP
       /* "Unavailable quality of protection specified" */

5.1.1.2. Implementation-Related codes (Minor Status Code bit 30 OFF)

   GSS_S_G_MEMORY_ALLOC
       /* "Couldn't perform requested memory allocation" */

5.1.2. SPKM-specific-codes (Minor Status Code MSB, bit 31, OFF)

   GSS_SPKM_S_SG_CONTEXT_ESTABLISHED
       /* "Context is already fully established" */
   GSS_SPKM_S_SG_BAD_INT_ALG_TYPE



Adams                       Standards Track                    [Page 27]

RFC 2025                          SPKM                      October 1996


       /* "Unknown integrity algorithm type in token" */
   GSS_SPKM_S_SG_BAD_CONF_ALG_TYPE
       /* "Unknown confidentiality algorithm type in token" */
   GSS_SPKM_S_SG_BAD_KEY_ESTB_ALG_TYPE
       /* "Unknown key establishment algorithm type in token" */
   GSS_SPKM_S_SG_CTX_INCOMPLETE
       /* "Attempt to use incomplete security context" */
   GSS_SPKM_S_SG_BAD_INT_ALG_SET
       /* "No integrity algorithm in common from offered set" */
   GSS_SPKM_S_SG_BAD_CONF_ALG_SET
       /* "No confidentiality algorithm in common from offered set" */
   GSS_SPKM_S_SG_BAD_KEY_ESTB_ALG_SET
       /* "No key establishment algorithm in common from offered set" */
   GSS_SPKM_S_SG_NO_PVNO_IN_COMMON
       /* "No protocol version number in common from offered set" */
   GSS_SPKM_S_SG_INVALID_TOKEN_DATA
       /* "Data is improperly f