Skip Menu |
 

Subject: PKINIT pa_pk_as_req_draft9 encoding issues
Download (untitled) / with headers
text/plain 1.9KiB
draft-ietf-cat-kerberos-pk-init-09 defines PA-PK-AS-REQ as:

PA-PK-AS-REQ ::= SEQUENCE {
signedAuthPack [0] SignedData
trustedCertifiers [1] SEQUENCE OF TrustedCas OPTIONAL,
kdcCert [2] IssuerAndSerialNumber OPTIONAL
encryptionCert [3] IssuerAndSerialNumber OPTIONAL
}

Per this spec, all four fields (when present) should have constructed
context-specific tags wrapping universal constructed sequence tags, with
the sequence contents for SignedData and IssuerAndSerialNumber defined
by RFC 2630.

Our encoder for this type generates primitive context tags for the
first, third, and fourth fields, as if the CMS encodings were wrapped in
IMPLICIT OCTET STRING. (CMS types in PKINIT are actually specified this
way in draft 20 and onward, but not in draft 9.)

Our decoder for this type is not consistent with either the draft or the
encoder. It expects a primitive context tag for the first field, but
expects a constructed context tag for the third and fourth fields. It
also expects the fourth field to have the context tag number 2 instead
of 3, which is apparently a typo.

For reference, Heimdal defines its version of the structure as:

PA-PK-AS-REQ-Win2k ::= SEQUENCE {
signed-auth-pack [0] IMPLICIT OCTET STRING,
trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL,
kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL,
encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL
}

Note that (like us) this definition uses primtive context tags for the
CMS types; unlike us, the tag numbers for the second, third, and fourth
field are shifted upward by one.

The purpose of our draft9 code is to interoperate with Windows 2000, not
to faithfully implement the draft9 spec, so we probably don't want to
change anything without interop testing. It seems likely that decoding
pa_pk_as_req_draft9 was never tested, so it's probably an unusual case
(Windows 2000 client against MIT KDC).
The PKINIT client code sets the signedAuthPack and kdcCert fields in
draft9 requests before encoding a draft9 PA-PK-AS-REQ. It contains code
to set the trustedCertifiers field (using, I think, the caName
alternative), but it is #if'd out with the comment "W2K3 KDC doesn't like
this". There is no code to set the encryptionCert field.

The PKINIT server code (if it was ever tested against Microsoft clients)
only appears to care about the signedAuthPack field of a draft9 request.

Heimdal only ever sets the signedAuthPack field when encoding, and never
attempts to decode a draft9 PA-PK-AS-REQ. So the apparently shifted
fields in the Heimdal ASN.1 module probably aren't significant.
Moot now that draft9 support has been removed (ticket 8817).