Skip Menu |
 

Download (untitled) / with headers
text/plain 1.2KiB
From lha@nutcracker.stacken.kth.se Sat Jun 21 19:02:36 2003
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by krbdev.mit.edu (8.9.3) with ESMTP
id TAA17057; Sat, 21 Jun 2003 19:02:35 -0400 (EDT)
Received: from nutcracker.stacken.kth.se (FLARE-ARROW.MIT.EDU [18.101.1.26])
by fort-point-station.mit.edu (8.12.4/8.9.2) with ESMTP id h5LN2ZGg025802
for <krb5-bugs@mit.edu>; Sat, 21 Jun 2003 19:02:35 -0400 (EDT)
Received: by nutcracker.stacken.kth.se (Postfix, from userid 913)
id 59AF3F38E7; Sun, 22 Jun 2003 01:02:27 +0200 (CEST)
To: krb5-bugs@mit.edu
Subject: aes enctype not implemented
From: lha@kth.se
Reply-To: lha@kth.se
X-send-pr-version: 3.95
Message-Id: <20030621230227.59AF3F38E7@nutcracker.stacken.kth.se>
Date: Sun, 22 Jun 2003 01:02:27 +0200 (CEST)


Show quoted text
>Submitter-Id: net
>Originator: Love
>Organization:
whatever
Show quoted text
>Confidential: no
>Synopsis: aes enctype not implemented
>Severity: critical
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: krb5-current-20030614
>Environment:

Show quoted text
>Description:

krb5-current-2003-06-16/src/lib/crypto/cksumtypes.c

doesn't include the checksum types hmac-sha1-96-aes128
and hmac-sha1-96-aes256

heimdal will use the by default.

Show quoted text
>How-To-Repeat:

use current heimdal and try tgs request

Show quoted text
>Fix:
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1621] AutoReply: aes enctype not implemented
From: Love <lha@kth.se>
Date: Sun, 22 Jun 2003 04:47:27 +0200
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.1KiB

If I patch the code to make it use md5 as the checksum instead it works

$ ./kgetcred aes@M.KRBTEST.COM
$ klist
Credentials cache: FILE:/tmp/krb5cc_18549a
Principal: aes@M.KRBTEST.COM

Issued Expires Principal
Jun 21 21:23:38 Jun 22 07:23:38 krbtgt/M.KRBTEST.COM@M.KRBTEST.COM
Jun 22 04:04:21 Jun 22 07:23:38 aes@M.KRBTEST.COM

But HMAC-SHA1-96-AES256 is required in clarifications.

Love


Index: mk_req_ext.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/krb5/mk_req_ext.c,v
retrieving revision 1.26
diff -u -u -w -r1.26 mk_req_ext.c
--- mk_req_ext.c 2 Sep 2002 17:13:52 -0000 1.26
+++ mk_req_ext.c 22 Jun 2003 02:03:50 -0000
@@ -110,6 +110,15 @@
in_data->data,
in_data->length,
&c);
+ } else if(ac->keyblock->keytype == ETYPE_AES256_CTS_HMAC_SHA1_96) {
+ /* this is to make MIT kdcs happy */
+ ret = krb5_create_checksum(context,
+ NULL,
+ 0,
+ CKSUMTYPE_RSA_MD5,
+ in_data->data,
+ in_data->length,
+ &c);
} else {
krb5_crypto crypto;

Download (untitled)
application/pgp-signature 823B

Message body not shown because it is not plain text.

To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1621] AutoReply: aes enctype not implemented
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Sun, 22 Jun 2003 02:55:13 -0400
RT-Send-Cc:

"lha@kth.se via RT" <rt-comment@krbdev.mit.edu> writes:
Show quoted text
> If I patch the code to make it use md5 as the checksum instead it works

Well, that's some good news...


Not only is the checksum type not in the table, but we didn't notice
it because we're still always using kdc_req_sumtype value from the
krb5_context even with non-DES encryption keys. (And
default_ap_req_sumtype and default_safe_sumtype are probably similarly
misused.)

*aarrgh*

I'm out of town tomorrow afternoon. I'll dig into it when I get back.
From: raeburn@mit.edu
Subject: CVS Commit
* k5-int.h (struct krb5_cksumtypes): Add new field trunc_size.


To generate a diff of this commit:



cvs diff -r1.373 -r1.374 krb5/src/include/ChangeLog
cvs diff -r1.149 -r1.150 krb5/src/include/k5-int.h
From: raeburn@mit.edu
Subject: CVS Commit
* cksumtypes.c (krb5_cksumtypes_list): Add aes128/256 hmacs, with new
trunc_size field.

* make_checksum.c (krb5_c_make_checksum): If trunc_size is specified, shrink
the computed checksum down to the indicated size.


To generate a diff of this commit:



cvs diff -r5.142 -r5.143 krb5/src/lib/crypto/ChangeLog
cvs diff -r5.6 -r5.7 krb5/src/lib/crypto/cksumtypes.c
cvs diff -r5.9 -r5.10 krb5/src/lib/crypto/make_checksum.c
To: lha@kth.se
Cc: rt@krbdev.mit.edu
Subject: [krbdev.mit.edu #1621] aes checksum types not implemented
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Mon, 23 Jun 2003 22:57:47 -0400
RT-Send-Cc:
Apparently the decision is to implement the new checksum types, and
accept them, but not use them by default, because we've got some
crufty code dealing with DCE interoperability that's getting in the
way. It turns out we've been using md5 even with triple-DES, without
realizing it.

Please try out the snapshot that will be generated tonight, or an
updated cvs tree, and let me know if the patches I've checked in work
for you. If so, and assuming no problems come up in our testing (they
shouldn't, because the code I added shouldn't get run), we'll put the
code into 1.3.

Ken

P.S. Is your current AES code available by ftp or anon cvs?
To: lha@kth.se
Cc: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1621] aes checksum types not implemented
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Mon, 23 Jun 2003 23:12:40 -0400
RT-Send-Cc:
I wrote:
Show quoted text
> P.S. Is your current AES code available by ftp or anon cvs?

Never mind, I just noticed the reference to the repository in your
email was to AFS.... I'll try to run some tests in the morning.

Ken
To: Ken Raeburn <raeburn@MIT.EDU>
Cc: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1621] aes checksum types not implemented
From: Love <lha@kth.se>
Date: Tue, 24 Jun 2003 05:29:24 +0200
RT-Send-Cc:

Ken Raeburn <raeburn@MIT.EDU> writes:

Show quoted text
> P.S. Is your current AES code available by ftp or anon cvs?

yes, readonly afs (as you already know) or snapshots ever monday
on the ftp site.

Note that I've not checked in any etype2 code for the kdc or krb5 lib
yet. So the client will only work when using the aes draft specified
s2kparam.

kgetcred in heimdal is the equvalent of kvno in mit krb, useful to know
when you are testing.

Love
Download (untitled)
application/pgp-signature 823B

Message body not shown because it is not plain text.

To: Love <lha@kth.se>
Cc: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1621] aes checksum types not implemented
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Wed, 25 Jun 2003 19:33:54 -0400
RT-Send-Cc:

Okay, with the fencepost error fixed in the heimdal-20030623 snapshot,
and the AES enctype added to set_keys.c:make_keys, I was able to
create a database, and add a user principal. I could then use the MIT
client programs to get a TGT and then get a service ticket for the
same test principal, all using AES keys. So, it looks like our
support for the new checksum types -- at least, the flavor using the
256-bit AES key -- is working compatibly with Heimdal.

I'll mark it for pullup to the 1.3 branch, and file a separate bug
about our not using it by default when creating various message types.

Ken
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1621] aes checksum types not implemented
From: Love <lha@kth.se>
Date: Thu, 26 Jun 2003 01:59:24 +0200
RT-Send-Cc:

"Ken Raeburn via RT" <rt-comment@krbdev.mit.edu> writes:

Show quoted text
> Okay, with the fencepost error fixed in the heimdal-20030623 snapshot,
> and the AES enctype added to set_keys.c:make_keys, I was able to
> create a database, and add a user principal.

So both of these should be fixed now.

Show quoted text
> I could then use the MIT
> client programs to get a TGT and then get a service ticket for the
> same test principal, all using AES keys. So, it looks like our
> support for the new checksum types -- at least, the flavor using the
> 256-bit AES key -- is working compatibly with Heimdal.

Oh, I was testing the opposite, MIT kdc with heimdal client. Will try
again when I get to work later today.

Love
Download (untitled)
application/pgp-signature 823B

Message body not shown because it is not plain text.

I was testing in the wrong direction (MIT client, Heimdal server).
Testing in the correct direction (Heimdal client, MIT server), I find it
doesn't work.
Probably just a checksum length error, should be fixed soon.
From: raeburn@mit.edu
Subject: CVS Commit
With this patch, things seem to work with a Heimdal client and MIT KDC.

* checksum_length.c (krb5_c_checksum_length): Handle trunc_size.


To generate a diff of this commit:



cvs diff -r5.143 -r5.144 krb5/src/lib/crypto/ChangeLog
cvs diff -r5.3 -r5.4 krb5/src/lib/crypto/checksum_length.c
To: rt@krbdev.mit.edu, lha@kth.se
Subject: Re: [krbdev.mit.edu #1621] aes checksum types not implemented
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Wed, 25 Jun 2003 21:31:25 -0400
RT-Send-Cc:
"lha@kth.se via RT" <rt-comment@krbdev.mit.edu> writes:
Show quoted text
> Oh, I was testing the opposite, MIT kdc with heimdal client. Will try
> again when I get to work later today.

Oops.

I ran my tests in that direction, and found a problem, which I've
checked in the fix for. My small testing (run kinit and kgetcred)
seems to indicate that things are working, but if you're still set up
for more comprehensive interoperability tests, running those for AES
with the current MIT code would be helpful.

Ken
From: tlyu@mit.edu
Subject: CVS Commit
pullup from trunk


To generate a diff of this commit:



cvs diff -r1.348.2.18 -r1.348.2.19 krb5/src/include/ChangeLog
cvs diff -r1.135.2.11 -r1.135.2.12 krb5/src/include/k5-int.h
cvs diff -r5.136.2.5 -r5.136.2.6 krb5/src/lib/crypto/ChangeLog
cvs diff -r5.3 -r5.3.2.1 krb5/src/lib/crypto/checksum_length.c
cvs diff -r5.6 -r5.6.2.1 krb5/src/lib/crypto/cksumtypes.c
cvs diff -r5.9 -r5.9.2.1 krb5/src/lib/crypto/make_checksum.c