Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 4.1KiB

Add SPAKE preauth support

This is an implementation of draft-ietf-kitten-krb-spake-preauth-05.
SPAKE preauth authenticates using the client principal long-term key,
but protects against offline dictionary attacks.

SPAKE preauth negotiates a group for use by the SPAKE2 algorithm. The
edwards25519 group is implemented using code adapted from BoringSSL.
The P-256, P-384, and P-521 groups are implemented against OpenSSL.
edwards25519 is enabled by default on the client; no groups are
enabled by default on the KDC.

SPAKE preauth can also include a second factor. Second factor support
isn't included in this implementation; comments have been left to
indicate what should change when it is added in.

Integration tests (tests/t_spake.py) are included with good coverage
of the negotiation scenarios.

Test vectors from the draft are checked against the group's "result"
operation. The "keygen" operation is inherently random and is
therefore not tested against the vectors, but is effectively exercised
by the integration tests.

KDC optimistic challenge is implemented. In the future we should
implement client optimistic SPAKE as well; this will require changes
to the generic client preauth framework.

In the future we should add per-realm configuration to deny encrypted
timestamp and encrypted challenge on a per-realm basis. This
configuration should stick across client realm referrals.

In the future we should avoid attempting encrypting timestamp or
encrypted challenge if the KDC replies to a single-factor
SPAKEResponse message with PREAUTH_FAILED. This will require a change
to the generic client preauth framework.

In the future we should make SPAKE support apply to the Windows build,
either by adding support for building plugin DLLs or by moving the
edwards25519 and client code to libkrb5.

[npmccallum@redhat.com: split up internal headers; split out group
registry contents; implemented P-384 and P-521]

https://github.com/krb5/krb5/commit/7447259401569c92b1fb2e31cb02edbbffd67d35
Author: Greg Hudson <ghudson@mit.edu>
Commit: 7447259401569c92b1fb2e31cb02edbbffd67d35
Branch: master
NOTICE | 51 +
doc/admin/conf_files/kdc_conf.rst | 22 +-
doc/admin/conf_files/krb5_conf.rst | 15 +
doc/admin/index.rst | 1 +
doc/admin/spake.rst | 46 +
doc/formats/cookie.rst | 37 +
doc/notice.rst | 47 +
src/Makefile.in | 2 +
src/config/pre.in | 6 +
src/configure.in | 20 +
src/include/k5-int.h | 3 +
src/include/krb5/krb5.hin | 2 +
src/kdc/kdc_preauth.c | 2 +
src/lib/krb5/krb/preauth2.c | 2 +
src/lib/krb5/os/trace.c | 1 +
src/plugins/preauth/spake/AUTHORS | 16 +
src/plugins/preauth/spake/Makefile.in | 39 +
src/plugins/preauth/spake/deps | 73 +
src/plugins/preauth/spake/edwards25519.c | 2651 ++++++++
src/plugins/preauth/spake/edwards25519_tables.h | 7881 +++++++++++++++++++++++
src/plugins/preauth/spake/groups.c | 442 ++
src/plugins/preauth/spake/groups.h | 148 +
src/plugins/preauth/spake/iana.c | 108 +
src/plugins/preauth/spake/iana.h | 65 +
src/plugins/preauth/spake/openssl.c | 315 +
src/plugins/preauth/spake/spake.exports | 2 +
src/plugins/preauth/spake/spake_client.c | 363 ++
src/plugins/preauth/spake/spake_kdc.c | 590 ++
src/plugins/preauth/spake/t_krb5.conf | 2 +
src/plugins/preauth/spake/t_vectors.c | 476 ++
src/plugins/preauth/spake/trace.h | 74 +
src/plugins/preauth/spake/util.c | 211 +
src/plugins/preauth/spake/util.h | 56 +
src/tests/Makefile.in | 1 +
src/tests/t_spake.py | 151 +
35 files changed, 13917 insertions(+), 4 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Add doc index entries for SPAKE constants

https://github.com/krb5/krb5/commit/c010c9031753f356bb380e8a1324cc34721f8221
Author: Greg Hudson <ghudson@mit.edu>
Commit: c010c9031753f356bb380e8a1324cc34721f8221
Branch: master
doc/appdev/refs/macros/index.rst | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Fix SPAKE memory leak

In the NIST group implementations, ossl_fini() needs to free the
groupdata container as well as its fields. Also in
spake_kdc.c:parse_data(), initialize the magic field of the resulting
data object to avoid a harmless uninitialized memory copy.

https://github.com/krb5/krb5/commit/91dad4eba37b5b56dc21d59880cb6eb4d3e6b7a5
Author: Greg Hudson <ghudson@mit.edu>
Commit: 91dad4eba37b5b56dc21d59880cb6eb4d3e6b7a5
Branch: master
src/plugins/preauth/spake/openssl.c | 1 +
src/plugins/preauth/spake/spake_kdc.c | 1 +
2 files changed, 2 insertions(+), 0 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Zap data when freeing krb5_spake_factor

krb5_spake_factor structures will sometimes hold sensitive data when
second-factor SPAKE is implemented, so should be zapped when freed.

https://github.com/krb5/krb5/commit/9cc94a3f1ce06a4430f684300a747ec079102403
Author: Greg Hudson <ghudson@mit.edu>
Commit: 9cc94a3f1ce06a4430f684300a747ec079102403
Branch: master
src/lib/krb5/krb/kfree.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)