4.3 GSS_WrapEx with AES128-CTS-HMAC-SHA1-96

This is an example of using the encryption type AES128-CTS-HMAC-SHA1-96 with GSS_WrapEx() called with an input_message with four buffers:

  • sign1 which has Conf_req_flag == FALSE, sign == TRUE

  • enc1 which has Conf_req_flag == TRUE, sign == FALSE

  • enc2 which has Conf_req_flag == TRUE, sign == FALSE

  • sign2 which has Conf_req_flag == FALSE, sign == TRUE

Processing will proceed as illustrated in the following diagram.

Example of RRC with output message with 4 buffers

Figure 4: Example of RRC with output message with 4 buffers

The enchdr is the header ([RFC4121] section 4.2.4) for encrypted buffers. The clearhdr is the descriptive header ([RFC4121] section 4.2.6.2). GSS_WrapEx() will return an output_message with four buffers:

  • buffer 1 contains the cleartext sign1 which has Conf_state == FALSE, signed == TRUE

  • buffer 2 contains the encrypted enc1 which has Conf_state == TRUE, signed == FALSE

  • buffer 3 contains the encrypted enc2 which has Conf_state == TRUE, signed == FALSE

  • buffer 4 contains the cleartext sign2 which has Conf_state == FALSE, signed == TRUE and signature which contains the clearhdr + enchdr + checksum + confounder (for details, please see [RFC3961]).

The order of operations is as follows:

  • build

  • sign

  • encrypt

  • right rotation by (EC+RRC) count

  • split

EC is generated during the encryption process so that there is no padding; see [RFC4121] section 4.2.4.

Show: