Skip Menu |
 

To: krb5-bugs@mit.edu
Subject: kadm5_setkey_principal does not validate keyblocks.
Date: Fri, 01 Aug 2008 14:37:46 -0400
From: Roland Dowdeswell <elric@imrryr.org>
Download (untitled) / with headers
text/plain 9.4KiB
Looks like kadm5_setkey_principal() and krb5_kt_add_entry() do not
validate the length of the keys that are in the krb5_keyblocks
passed in.

This will allow you to set invalid keys in either the Kerberos DB
or in keytabs. From a quick code perusal, it seemed that if you
set a key in the DB of aes256-cts but with a key length of 16 then
the KDC will simply use aes128-cts. This seems a little wrong.

The attached patch defines krb5_c_valid_keyblock() which returns
false if:

1. the magic number is incorrect,

2. the encryption type can't be found, or

3. the key length does not correspond to the encryption
type.

This is by no means a complete solution, as in a more perfect world,
one would want to define some extra error codes and return something
a little more precise than a boolean value.

But it does at least prevent programming mistakes from inserting
inappropriate keys into the DB.

It should also be called from a lot more locations rather than just
these two.

Index: lib/crypto/Makefile.in
===================================================================
RCS file: /ms/dev/kerberos/mitkrb5/cvs-dirs/mitkrb5-1.4/mitkrb5/src/lib/crypto/Makefile.in,v
retrieving revision 1.1.1.2
diff -u -b -U10 -r1.1.1.2 Makefile.in
--- lib/crypto/Makefile.in 26 Sep 2006 20:29:54 -0000 1.1.1.2
+++ lib/crypto/Makefile.in 1 Aug 2008 17:15:53 -0000
@@ -55,20 +55,21 @@
nfold.o \
old_api_glue.o \
pbkdf2.o \
prng.o \
state.o \
string_to_cksumtype.o \
string_to_enctype.o \
string_to_key.o \
valid_cksumtype.o \
valid_enctype.o \
+ valid_keyblock.o \
verify_checksum.o

OBJS=\
$(OUTPRE)block_size.$(OBJEXT) \
$(OUTPRE)checksum_length.$(OBJEXT) \
$(OUTPRE)cksumtype_to_string.$(OBJEXT) \
$(OUTPRE)cksumtypes.$(OBJEXT) \
$(OUTPRE)coll_proof_cksum.$(OBJEXT) \
$(OUTPRE)combine_keys.$(OBJEXT) \
$(OUTPRE)crypto_libinit.$(OBJEXT) \
@@ -88,20 +89,21 @@
$(OUTPRE)nfold.$(OBJEXT) \
$(OUTPRE)old_api_glue.$(OBJEXT) \
$(OUTPRE)pbkdf2.$(OBJEXT) \
$(OUTPRE)prng.$(OBJEXT) \
$(OUTPRE)state.$(OBJEXT) \
$(OUTPRE)string_to_cksumtype.$(OBJEXT) \
$(OUTPRE)string_to_enctype.$(OBJEXT) \
$(OUTPRE)string_to_key.$(OBJEXT) \
$(OUTPRE)valid_cksumtype.$(OBJEXT) \
$(OUTPRE)valid_enctype.$(OBJEXT) \
+ $(OUTPRE)valid_keyblock.$(OBJEXT) \
$(OUTPRE)verify_checksum.$(OBJEXT)

SRCS=\
$(srcdir)/block_size.c \
$(srcdir)/checksum_length.c \
$(srcdir)/cksumtype_to_string.c \
$(srcdir)/cksumtypes.c \
$(srcdir)/coll_proof_cksum.c \
$(srcdir)/combine_keys.c \
$(srcdir)/crypto_libinit.c \
@@ -120,21 +122,21 @@
$(srcdir)/mandatory_sumtype.c \
$(srcdir)/nfold.c \
$(srcdir)/old_api_glue.c \
$(srcdir)/pbkdf2.c \
$(srcdir)/prng.c \
$(srcdir)/state.c \
$(srcdir)/string_to_cksumtype.c \
$(srcdir)/string_to_enctype.c \
$(srcdir)/string_to_key.c \
$(srcdir)/valid_cksumtype.c \
- $(srcdir)/valid_enctype.c \
+ $(srcdir)/valid_keyblock.c \
$(srcdir)/verify_checksum.c


LIBBASE=k5crypto
LIBMAJOR=3
LIBMINOR=0
LIBINITFUNC=cryptoint_initialize_library
LIBFINIFUNC=cryptoint_cleanup_library
RELDIR=crypto

@@ -538,20 +540,26 @@
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(SRCTOP)/include/krb5/kdb.h etypes.h
valid_cksumtype.so valid_cksumtype.po $(OUTPRE)valid_cksumtype.$(OBJEXT): valid_cksumtype.c \
$(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
$(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \
$(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
$(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
cksumtypes.h
valid_enctype.so valid_enctype.po $(OUTPRE)valid_enctype.$(OBJEXT): valid_enctype.c $(SRCTOP)/include/k5-int.h \
+ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+ $(SRCTOP)/include/krb5/kdb.h etypes.h
+valid_keyblock.so valid_keyblock.po $(OUTPRE)valid_keyblock.$(OBJEXT): valid_keyblock.c $(SRCTOP)/include/k5-int.h \
$(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
$(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
$(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
$(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
$(SRCTOP)/include/krb5/kdb.h etypes.h
verify_checksum.so verify_checksum.po $(OUTPRE)verify_checksum.$(OBJEXT): verify_checksum.c \
$(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
$(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
$(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \
$(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
Index: lib/crypto/libk5crypto.exports
===================================================================
RCS file: /ms/dev/kerberos/mitkrb5/cvs-dirs/mitkrb5-1.4/mitkrb5/src/lib/crypto/libk5crypto.exports,v
retrieving revision 1.1.1.1
diff -u -b -U10 -r1.1.1.1 libk5crypto.exports
--- lib/crypto/libk5crypto.exports 28 Mar 2005 21:43:21 -0000 1.1.1.1
+++ lib/crypto/libk5crypto.exports 1 Aug 2008 17:17:05 -0000
@@ -26,20 +26,21 @@
krb5_c_make_checksum
krb5_c_make_random_key
krb5_c_random_add_entropy
krb5_c_random_make_octets
krb5_c_random_os_entropy
krb5_c_random_seed
krb5_c_string_to_key
krb5_c_string_to_key_with_params
krb5_c_valid_cksumtype
krb5_c_valid_enctype
+krb5_c_valid_keyblock
krb5_c_verify_checksum
krb5_calculate_checksum
krb5_checksum_size
krb5_cksumtype_to_string
krb5_cksumtypes_length
krb5_cksumtypes_list
krb5_decrypt
krb5_decrypt_data
krb5_derive_key
krb5_derive_random
Index: lib/crypto/valid_keyblock.c
===================================================================
RCS file: lib/crypto/valid_keyblock.c
diff -N lib/crypto/valid_keyblock.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lib/crypto/valid_keyblock.c 1 Aug 2008 17:16:39 -0000
@@ -0,0 +1,28 @@
+
+#include "k5-int.h"
+#include "etypes.h"
+
+krb5_boolean KRB5_CALLCONV
+krb5_c_valid_keyblock(krb5_keyblock k)
+{
+ int i;
+ const struct krb5_enc_provider *enc;
+
+ if (k.magic != KV5M_KEYBLOCK)
+ return(0);
+
+ for (i=0; i<krb5_enctypes_length; i++) {
+ if (krb5_enctypes_list[i].etype == k.enctype)
+ break;
+ }
+
+ if (i == krb5_enctypes_length)
+ return(0);
+
+ enc = krb5_enctypes_list[i].enc;
+
+ if (k.length != enc->keylength)
+ return(0);
+
+ return(1);
+}
Index: lib/kadm5/srv/svr_principal.c
===================================================================
RCS file: /ms/dev/kerberos/mitkrb5/cvs-dirs/mitkrb5-1.4/mitkrb5/src/lib/kadm5/srv/svr_principal.c,v
retrieving revision 1.4
diff -u -b -U10 -r1.4 svr_principal.c
--- lib/kadm5/srv/svr_principal.c 26 Sep 2006 20:50:37 -0000 1.4
+++ lib/kadm5/srv/svr_principal.c 1 Aug 2008 17:35:51 -0000
@@ -1687,20 +1687,23 @@
CHECK_HANDLE(server_handle);

if (principal == NULL || keyblocks == NULL)
return EINVAL;
if (hist_princ && /* this will be NULL when initializing the databse */
((krb5_principal_compare(handle->context,
principal, hist_princ)) == TRUE))
return KADM5_PROTECT_PRINCIPAL;

for (i = 0; i < n_keys; i++) {
+ if (!krb5_c_valid_keyblock(keyblocks[i]))
+ return EINVAL;
+
for (j = i+1; j < n_keys; j++) {
if ((ret = krb5_c_enctype_compare(handle->context,
keyblocks[i].enctype,
keyblocks[j].enctype,
&similar)))
return(ret);
if (similar) {
if (n_ks_tuple) {
if (ks_tuple[i].ks_salttype == ks_tuple[j].ks_salttype)
return KADM5_SETKEY_DUP_ENCTYPES;
Index: lib/krb5/keytab/ktadd.c
===================================================================
RCS file: /ms/dev/kerberos/mitkrb5/cvs-dirs/mitkrb5-1.4/mitkrb5/src/lib/krb5/keytab/ktadd.c,v
retrieving revision 1.1.1.1
diff -u -b -U10 -r1.1.1.1 ktadd.c
--- lib/krb5/keytab/ktadd.c 28 Mar 2005 21:43:35 -0000 1.1.1.1
+++ lib/krb5/keytab/ktadd.c 1 Aug 2008 17:43:07 -0000
@@ -25,15 +25,18 @@
*
*
* krb5_kt_add_entry()
*/

#include "k5-int.h"

krb5_error_code KRB5_CALLCONV
krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
{
+ if (!krb5_c_valid_keyblock(entry->key))
+ return EINVAL; /* XXXrcd: bad error code, choose another one. */
+
if (id->ops->add)
return (*id->ops->add)(context, id, entry);
else
return KRB5_KT_NOWRITE;
}
Index: include/krb5.hin
===================================================================
RCS file: /ms/dev/kerberos/mitkrb5/cvs-dirs/mitkrb5-1.4/mitkrb5/src/include/krb5.hin,v
retrieving revision 1.1.1.2
diff -u -b -U10 -r1.1.1.2 krb5.hin
--- include/krb5.hin 26 Sep 2006 20:29:10 -0000 1.1.1.2
+++ include/krb5.hin 1 Aug 2008 17:19:04 -0000
@@ -542,20 +542,22 @@
#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24

/* Defined in hardware preauth draft */

#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25
#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26
#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27

krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype
(krb5_enctype ktype);
+krb5_boolean KRB5_CALLCONV krb5_c_valid_keyblock
+ (krb5_keyblock key);
krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype
(krb5_cksumtype ctype);
krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum
(krb5_cksumtype ctype);
krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum
(krb5_cksumtype ctype);

#if KRB5_PRIVATE
/* Use the above four instead. */
krb5_boolean KRB5_CALLCONV valid_enctype
Download (untitled) / with headers
text/plain 2.7KiB
From krb5-bugs-incoming-bounces@PCH.MIT.EDU Fri Sep 12 12:14:08 2008
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP
id m8CGE8o4011378; Fri, 12 Sep 2008 12:14:08 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CGE3A3026769;
Fri, 12 Sep 2008 12:14:03 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CFjWho020381
for <krb5-bugs-incoming@PCH.mit.edu>; Fri, 12 Sep 2008 11:45:32 -0400
Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
m8CFjK4u005949
for <krb5-bugs@mit.edu>; Fri, 12 Sep 2008 11:45:21 -0400 (EDT)
Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36])
(using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mit.edu (Spam Firewall) with ESMTP id 5C7A510ACBC3
for <krb5-bugs@mit.edu>; Fri, 12 Sep 2008 11:45:00 -0400 (EDT)
Received: from root by spam.ifs.umich.edu with local (Exim 4.69)
(envelope-from <mdw@umich.edu>)
id 1KeApP-0005uk-UX; Fri, 12 Sep 2008 11:44:59 -0400
To: krb5-bugs@mit.edu
Subject: kadm5 setkey can create illegal keys in kdb
From: mdw@umich.edu
X-send-pr-version: 3.99
Message-Id: <E1KeApP-0005uk-UX@spam.ifs.umich.edu>
Date: Fri, 12 Sep 2008 11:44:59 -0400
X-Spam-Score: 0.55
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Fri, 12 Sep 2008 12:14:01 -0400
Cc: kwc@umich.edu, vpliakas@umich.edu, mdw@umich.edu
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: mdw@umich.edu
Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU
Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU

Show quoted text
>Submitter-Id: net
>Originator: mdw@umich.edu
>Organization:
University of Michigan
Show quoted text
>Confidential: no
>Synopsis: kadm5 setkey rpc can create illegal keys in kdb.
>Severity: non-critical
>Priority: low
>Category: krb5-admin
>Class: sw-bug
>Release: 1.6.3
>Environment:
dell pe1750 running umce linux, krb5 1.6.3+patches
System: Linux strawdogs.ifs.umich.edu 2.6.23.1 #3 SMP Tue Oct 23 11:37:43 EDT 2007 i686 GNU/Linux

Architecture: i686

Show quoted text
>Description:
While the cli doesn't expose it, there's a "setkey" rpc in the
kadm5 protocol. Using this provides an elegant way to handle
adding service keys such as for afs with less downtime.
Show quoted text
>How-To-Repeat:
Write a program which calls kadm5_setkey_principal_3. Run it on
a principal. Then run kadmin & look at the resulting key type.
In 1.4.3 this worked fine; in stock 1.6.3, this results
in an enctype and kvno of 0.
Show quoted text
>Fix:
Run-time workaround, don't call kadm5_setkey_principal_3.
Compile-time fix, apply the patch in
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.3-setkey1.patch