From fcusack@ratbert.iconnet.net  Wed Nov 25 15:56:03 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA01439 for <bugs@RT-11.MIT.EDU>; Wed, 25 Nov 1998 15:56:02 -0500
Received: from ratbert.iconnet.net by MIT.EDU with SMTP
	id AA12192; Wed, 25 Nov 98 15:55:45 EST
Received: (from fcusack@localhost)
	by ratbert.iconnet.net (8.9.1/8.9.1) id PAA09774;
	Wed, 25 Nov 1998 15:56:34 -0500 (EST)
Message-Id: <199811252056.PAA09774@ratbert.iconnet.net>
Date: Wed, 25 Nov 1998 15:56:34 -0500 (EST)
From: fcusack@iconnet.net
Reply-To: fcusack@iconnet.net
To: krb5-bugs@MIT.EDU
Cc: fcusack@iconnet.net
Subject: checksum vulnerability in SAM preauth
X-Send-Pr-Version: 3.99

>Number:         664
>Category:       krb5-kdc
>Synopsis:       checksum vulnerability in SAM preauth
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Wed Nov 25 15:57:01 EST 1998
>Last-Modified:
>Originator:     Frank Cusack
>Organization:
Icon CMT Corp.
>Release:        krb5-current-19981119
>Environment:
N/A
System: SunOS ratbert 5.6 Generic_105181-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4

>Description:
	a) sam-checksums are probably going away, and just the
	krb-error checksum field will be used. (?)
	b) checksum should not be calculated when the range of
	the sad is small.
	c) the checksum code didn't work under the new crypo API
	anyway.

	I just ifdef'd it out.
>How-To-Repeat:
>Fix:
Index: kdc/preauth/pa_sam_cryptocard.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_cryptocard.c,v
retrieving revision 1.3
diff -u -r1.3 pa_sam_cryptocard.c
--- pa_sam_cryptocard.c	1998/11/25 06:13:10	1.3
+++ pa_sam_cryptocard.c	1998/11/25 20:50:59
@@ -301,7 +301,8 @@
     sc.sam_pk_for_sad.length = 0;
     sc.sam_nonce = 0;
 
-    /* Generate checksum */
+#if 0
+    /* We don't calculate a checksum since it could be used to crack the SAD */
     sc.sam_cksum.length = krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES);
     if ((sc.sam_cksum.contents = malloc(sc.sam_cksum.length)) == NULL) {
 	retval = ENOMEM;
@@ -316,6 +317,7 @@
 					 &sc.sam_cksum)) {
 	goto cleanup;
     }
+#endif /* 0 */
       
     if (retval = encode_krb5_sam_challenge(&sc, &scratch))
 	 goto cleanup;
Index: kdc/preauth/pa_sam_digi_path.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_digi_path.c,v
retrieving revision 1.3
diff -u -r1.3 pa_sam_digi_path.c
--- pa_sam_digi_path.c	1998/11/25 06:13:10	1.3
+++ pa_sam_digi_path.c	1998/11/25 20:50:59
@@ -205,7 +205,8 @@
     sc.sam_pk_for_sad.length = 0;
     sc.sam_nonce = 0;
 
-    /* Generate checksum */
+#if 0
+    /* We don't calculate a checksum since it could be used to crack the SAD */
     sc.sam_cksum.length = krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES);
     if ((sc.sam_cksum.contents = malloc(sc.sam_cksum.length)) == NULL) {
 	retval = ENOMEM;
@@ -220,6 +221,7 @@
 					 &sc.sam_cksum)) {
 	goto cleanup;
     }
+#endif /* 0 */
       
     if (retval = encode_krb5_sam_challenge(&sc, &scratch))
 	 goto cleanup;
Index: kdc/preauth/pa_sam_grail.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_grail.c,v
retrieving revision 1.1
diff -u -r1.1 pa_sam_grail.c
--- pa_sam_grail.c	1998/11/25 04:06:18	1.1
+++ pa_sam_grail.c	1998/11/25 20:50:59
@@ -105,7 +105,8 @@
     sc.sam_pk_for_sad.length = 0;
     sc.sam_nonce = 0;
 
-    /* Generate checksum */
+#if 0
+    /* We don't calculate a checksum since it could be used to crack the SAD */
     sc.sam_cksum.length = krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES);
     if ((sc.sam_cksum.contents = malloc(sc.sam_cksum.length)) == NULL) {
 	retval = ENOMEM;
@@ -120,6 +121,7 @@
 					 &sc.sam_cksum)) {
 	goto cleanup;
     }
+#endif /* 0 */
       
     if (retval = encode_krb5_sam_challenge(&sc, &scratch))
 	goto cleanup;
Index: kdc/preauth/pa_sam_securid.c
===================================================================
RCS file: /icon/d04/cvsroot/3rd-party/krb5-19981119/kdc/preauth/pa_sam_securid.c,v
retrieving revision 1.2
diff -u -r1.2 pa_sam_securid.c
--- pa_sam_securid.c	1998/11/25 18:34:20	1.2
+++ pa_sam_securid.c	1998/11/25 20:51:00
@@ -201,7 +201,8 @@
     sc.sam_pk_for_sad.length = 0;
     sc.sam_nonce = 0;
 
-    /* Generate checksum */
+#if 0
+    /* We don't calculate a checksum since it could be used to crack the SAD */
     sc.sam_cksum.length = krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES);
     if ((sc.sam_cksum.contents = malloc(sc.sam_cksum.length)) == NULL) {
 	return ENOMEM;
@@ -215,6 +216,7 @@
 					 &sc.sam_cksum)) {
 	goto cleanup;
     }
+#endif /* 0 */
       
     if (retval = encode_krb5_sam_challenge(&sc, &scratch))
 	goto cleanup;
>Audit-Trail:
>Unformatted: