Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This is an example of using the encryption type AES128-CTS-HMAC-SHA1-96 with GSS_WrapEx() called with an input_message with four buffers:
sign1 which has Conf_req_flag == FALSE, sign == TRUE
enc1 which has Conf_req_flag == TRUE, sign == FALSE
enc2 which has Conf_req_flag == TRUE, sign == FALSE
sign2 which has Conf_req_flag == FALSE, sign == TRUE
Processing will proceed as illustrated in the following diagram.
Figure 4: Example of RRC with output message with 4 buffers
The clearhdr is the descriptive header ([RFC4121] section 4.2.6.2). The enchdr is the header ([RFC4121] section 4.2.4) for encrypted buffers. GSS_WrapEx() will return an output_message with a signature that contains the clearhdr + padding + enchdr + checksum + confounder and four buffers:
buffer 1 contains the cleartext sign1 which has Conf_state == FALSE, signed == TRUE
buffer 2 contains the encrypted enc1 which has Conf_state == TRUE, signed == FALSE
buffer 3 contains the encrypted enc2 which has Conf_state == TRUE, signed == FALSE
buffer 4 contains the cleartext sign2 which has Conf_state == FALSE, signed == TRUE
The order of operations is as follows:
build
sign
encrypt
right rotation by (EC+RRC) count
split
The extra count (EC) is generated during the encryption process ([RFC4121] section 4.2.4).