Ticket History #8490: Add aes-sha2 enctype support

# Tue Sep 06 11:29:41 2016 ghudson@mit.edu (Greg Hudson) - Ticket created

Subject:

Add aes-sha2 enctype support

Download (untitled) / with headers
text/plain 103B

We should implement draft-ietf-kitten-aes-cts-hmac-sha2-11, which is soon
to be an informational RFC.

# Tue Sep 06 11:29:58 2016 ghudson@mit.edu (Greg Hudson) - Tags enhancement added

# Mon Oct 03 16:02:41 2016 ghudson@mit.edu (Greg Hudson) - Given to ghudson@mit.edu (Greg Hudson)

# Mon Oct 03 16:02:41 2016 ghudson@mit.edu (Greg Hudson) - Status changed from 'open' to 'review'

# Mon Oct 03 16:02:41 2016 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 1.4KiB

Add libk5crypto SHA-256 and SHA-384 hash providers

Add SHA-256 and SHA-384 hash providers to each of the libk5crypto back
ends, in preparation for AES-SHA2 support. For the builtin back end,
adapt SHA-512 code from Heimdal (SHA-384 is just truncated SHA-512
with different initial values). Replace builtin/sha2/t_sha256.c with
a program under crypto_tests which tests SHA-256 and SHA-384 in all
back ends.

https://github.com/krb5/krb5/commit/c438227afd763997c131339c1476f61d1628a20d
Author: Greg Hudson <ghudson@mit.edu>
Commit: c438227afd763997c131339c1476f61d1628a20d
Branch: master
src/lib/crypto/builtin/hash_provider/Makefile.in | 11 +-
src/lib/crypto/builtin/hash_provider/deps | 13 +
src/lib/crypto/builtin/hash_provider/hash_sha2.c | 88 +++++++
src/lib/crypto/builtin/sha2/Makefile.in | 20 +--
src/lib/crypto/builtin/sha2/deps | 10 +
src/lib/crypto/builtin/sha2/sha2.h | 23 ++
src/lib/crypto/builtin/sha2/sha512.c | 305 ++++++++++++++++++++++
src/lib/crypto/builtin/sha2/t_sha256.c | 117 ---------
src/lib/crypto/crypto_tests/Makefile.in | 13 +-
src/lib/crypto/crypto_tests/deps | 12 +
src/lib/crypto/crypto_tests/t_sha2.c | 145 ++++++++++
src/lib/crypto/krb/crypto_int.h | 2 +
src/lib/crypto/openssl/hash_provider/hash_evp.c | 20 ++
src/lib/crypto/openssl/hmac.c | 4 +
14 files changed, 642 insertions(+), 141 deletions(-)

# Mon Oct 03 16:02:42 2016 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 1.1KiB

Enable PBKDF2 with SHA-256 and SHA-384

Rename krb5int_pbkdf2_hmac_sha1() to krb5int_pbkdf2_hmac() and add a
hash parameter. In the OpenSSL implementation, look up the
corresponding PBKDF2 parameter based on the hash pointer. In
pbkdf2_string_to_key(), pass the hash function for the key type if one
is present, and use SHA-1 if it does not (as for the Camellia
enctypes).

In the builtin implementation, use the hash provider instead of
assuming SHA-1. Remove the functional parameterization of the PRF and
turn it into an hmac() helper function. Use krb5int_hmac_keyblock()
to remove the need for a krb5_key object containing the password.
Rename the internal function from krb5int_pbkdf2() to pbkdf2().

https://github.com/krb5/krb5/commit/dc967ce5c4a03201b2a6ff477f6c4e33b07e90f0
Author: Greg Hudson <ghudson@mit.edu>
Commit: dc967ce5c4a03201b2a6ff477f6c4e33b07e90f0
Branch: master
src/lib/crypto/builtin/pbkdf2.c | 93 +++++++++++++++++----------------------
src/lib/crypto/krb/crypto_int.h | 12 +++---
src/lib/crypto/krb/s2k_pbkdf2.c | 4 +-
src/lib/crypto/openssl/pbkdf2.c | 27 ++++++++----
4 files changed, 68 insertions(+), 68 deletions(-)

# Mon Oct 03 16:02:43 2016 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 1.7KiB

Add aes-sha2 enctype support

Add support to libk5crypto for the aes128-cts-hmac-sha256-128 and
aes256-cts-hmac-sha384-192 encryption types, and the
hmac-sha256-128-aes128 and hmac-sha384-192-aes256 checksum types.

Key derivation for the new encryption types uses a hash, so we need to
add a hash parameter to the krb5int_derive_ functions, which can be
null except when DERIVE_SP800_108_HMAC is given. Rename the helper
function derive_random_sp800_108_cmac() to
derive_random_sp800_108_feedback_cmac() to make it clear that feedback
mode is used, since the new enctype uses counter mode.

https://github.com/krb5/krb5/commit/135a9ac3c58b444998361a3b13f5decfdece2105
Author: Greg Hudson <ghudson@mit.edu>
Commit: 135a9ac3c58b444998361a3b13f5decfdece2105
Branch: master
src/include/krb5/krb5.hin | 20 ++-
src/lib/crypto/crypto_tests/t_derive.c | 2 +-
src/lib/crypto/krb/Makefile.in | 9 +
src/lib/crypto/krb/checksum_dk_cmac.c | 3 +-
src/lib/crypto/krb/checksum_dk_hmac.c | 2 +-
src/lib/crypto/krb/checksum_etm.c | 65 ++++++++
src/lib/crypto/krb/cksumtypes.c | 12 ++
src/lib/crypto/krb/combine_keys.c | 5 +-
src/lib/crypto/krb/crypto_int.h | 31 ++++-
src/lib/crypto/krb/derive.c | 74 +++++++++-
src/lib/crypto/krb/enc_dk_cmac.c | 6 +-
src/lib/crypto/krb/enc_dk_hmac.c | 8 +-
src/lib/crypto/krb/enc_etm.c | 257 ++++++++++++++++++++++++++++++++
src/lib/crypto/krb/etypes.c | 21 +++
src/lib/crypto/krb/prf_aes2.c | 42 +++++
src/lib/crypto/krb/prf_cmac.c | 2 +-
src/lib/crypto/krb/prf_dk.c | 3 +-
src/lib/crypto/krb/s2k_pbkdf2.c | 16 ++-
18 files changed, 548 insertions(+), 30 deletions(-)

# Mon Oct 03 16:02:44 2016 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 444B

Add aes128-sha1, aes256-sha1 enctype aliases

For parallelism with aes128-sha2 and aes256-sha2, add enctype aliases
aes128-sha1 and aes256-sha1 for the older AES enctypes.

https://github.com/krb5/krb5/commit/694d15f1588e5bf700f67065797cdf88a0b8d421
Author: Greg Hudson <ghudson@mit.edu>
Commit: 694d15f1588e5bf700f67065797cdf88a0b8d421
Branch: master
src/lib/crypto/krb/etypes.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

# Mon Oct 03 16:02:45 2016 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 1.5KiB

Add aes-sha2 test cases

Add test cases for all of the test vectors in the aes-sha2 draft. In
t_cksums.c and t_decrypt.c, modify the test structure to allow for
binary plaintexts. In t_str2key.c, modify the test structure to allow
for binary salts. In t_derive.c, allow tests to have outputs which
don't match the key size, using krb5int_derive_random() instead of
krb5int_derive_key().

Add test cases for KRB-FX-CF2 and for gss_pseudo_random() using test
vectors generated ourselves.

Add k5test and dejagnu test passes for aes-sha2 enctypes.

https://github.com/krb5/krb5/commit/d4efd9fe567631b9d5f3ffa8b53a22953e5069cb
Author: Greg Hudson <ghudson@mit.edu>
Commit: d4efd9fe567631b9d5f3ffa8b53a22953e5069cb
Branch: master
src/lib/crypto/crypto_tests/t_cf2.expected | 2 +
src/lib/crypto/crypto_tests/t_cf2.in | 10 ++
src/lib/crypto/crypto_tests/t_cksums.c | 67 ++++++---
src/lib/crypto/crypto_tests/t_decrypt.c | 210 ++++++++++++++++++++-------
src/lib/crypto/crypto_tests/t_derive.c | 121 ++++++++++++++--
src/lib/crypto/crypto_tests/t_encrypt.c | 2 +
src/lib/crypto/crypto_tests/t_prf.c | 22 +++
src/lib/crypto/crypto_tests/t_short.c | 2 +
src/lib/crypto/crypto_tests/t_str2key.c | 169 +++++++++++++----------
src/lib/crypto/libk5crypto.exports | 3 +
src/tests/dejagnu/config/default.exp | 24 +++
src/tests/gssapi/t_prf.c | 16 ++-
src/util/k5test.py | 20 +++
13 files changed, 503 insertions(+), 165 deletions(-)

# Mon Oct 03 16:02:46 2016 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 524B

Add aes-sha2 to permitted_enctypes and aes family

Add the new aes-sha2 enctypes to the default value of
permitted_enctype, and to the enctypes implied by the "aes" family
when parsing enctype lists.

https://github.com/krb5/krb5/commit/d1ec317288278d10ae34fde9b2414e4fca5c52dd
Author: Greg Hudson <ghudson@mit.edu>
Commit: d1ec317288278d10ae34fde9b2414e4fca5c52dd
Branch: master
src/lib/krb5/krb/init_ctx.c | 3 +++
src/lib/krb5/krb/t_etypes.c | 15 +++++++++++----
2 files changed, 14 insertions(+), 4 deletions(-)

# Mon Oct 03 16:02:47 2016 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 496B

Document aes-sha2 enctypes

Add minimal documentation for the new aes-sha2 enctypes.

https://github.com/krb5/krb5/commit/6fd74a89ac6c2444a347a357fac51b3490467284
Author: Greg Hudson <ghudson@mit.edu>
Commit: 6fd74a89ac6c2444a347a357fac51b3490467284
Branch: master
doc/admin/conf_files/kdc_conf.rst | 15 +++++++++++----
doc/admin/enctypes.rst | 30 ++++++++++++++++--------------
doc/appdev/refs/macros/index.rst | 4 ++++
3 files changed, 31 insertions(+), 18 deletions(-)

# Thu Oct 13 16:45:43 2016 tlyu (Taylor Yu) - Status changed from 'review' to 'resolved'

# Thu Oct 13 16:45:43 2016 tlyu (Taylor Yu) - Version_Fixed 1.15 added