As a krb5 administrator I want to be able to use SHA-2 instead of SHA-1 for message protection
Description
The kitten working group is standardizing new aes-sha2 encryption types: https://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2
We should have an implementation of these enctypes ready for when the enctype and checksumtype numbers are assigned, with the hope that we can ship it in 1.15.
The work in progress is here: https://github.com/greghudson/krb5/tree/aes-sha2
Done:
Pull requests submitted for some ancillary issues discovered in testing
Add SHA-256 and SHA-384 hash providers to libk5crypto back ends
Modify the PBKDF2 implementation to work with hashes other than SHA-1
Implement aes-sha2 enctypes and checksum types
Add test cases for aes-sha2 using test vectors from draft
Add test cases for KRB-FX-CF2() and gss_pseudo_random() using test vectors we generate
Add aes-sha2 enctypes to default permitted-enctypes and to "aes" enctype family
Tested with all three back-ends (PBKDF2 does not work with NSS back end)
Update documentation
In progress:
NSS doesn't implement PBKDF-HMAC-SHA256 or PBKDF-HMAC-SHA384. Consult with Red Hat to determine what to do about this.
