projects / mech_eap.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
[mech_eap.git] / util_krb.c
diff --git a/util_krb.c b/util_krb.c
index 48c79a4..34d6cb6 100644 (file)
--- a/util_krb.c
+++ b/util_krb.c
@@ -30,6 +30,10 @@
  * SUCH DAMAGE.
  */
 
+/*
+ * Kerberos 5 helpers.
+ */
+
 #include "gssapiP_eap.h"
 
 static GSSEAP_THREAD_ONCE krbContextKeyOnce = GSSEAP_ONCE_INITIALIZER;
@@ -73,12 +77,13 @@ gssEapKerberosInit(OM_uint32 *minor, krb5_context *context)
 }
 
 /*
- * Derive a key for RFC 4121 use by using the following
- * derivation function:
- *
- *    random-to-key(prf(random-to-key([e]msk), "rfc4121-gss-eap"))
+ * Derive a key K for RFC 4121 use by using the following
+ * derivation function (based on RFC 4402);
  *
- * where random-to-key and prf are defined in RFC 3961.
+ * KMSK = random-to-key(MSK)
+ * Tn = pseudo-random(KMSK, n || "rfc4121-gss-eap")
+ * L = output key size
+ * K = truncate(L, T1 || T2 || .. || Tn)
  */
 OM_uint32
 gssEapDeriveRfc3961Key(OM_uint32 *minor,
Moonshot GSS-API mechanism