rpms/krb5
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Remove krb5int_c_combine_keys() and no-flags SAM-2 preauth

Browse Source
This commit is contained in:
Robbie Harwood 2019-05-30 13:32:37 -04:00
parent 3f80a77313
commit 48af99c1f7
4 changed files with 590 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Add-zapfreedata-convenience-function.patch Normal file
View File

@ -0,0 +1,31 @@
From c83490ced3ef77d1933caa893efbc4a54d03a1ad Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 14 Mar 2019 11:26:44 -0400
Subject: [PATCH] Add zapfreedata() convenience function
(cherry picked from commit abd974cf867db5a398aa87ba9b9aaa34346e12a4)
---
src/include/k5-int.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index e0c557554..2bc59e636 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -663,6 +663,16 @@ zapfreestr(void *str)
}
}
+/* Convenience function: zap and free krb5_data pointer if it is non-NULL. */
+static inline void
+zapfreedata(krb5_data *data)
+{
+ if (data != NULL) {
+ zapfree(data->data, data->length);
+ free(data);
+ }
+}
+
/*
* Combine two keys (normally used by the hardware preauth mechanism)
*/

479
Remove-krb5int_c_combine_keys.patch Normal file
View File

@ -0,0 +1,479 @@
From 320f2d5b0f2671e41b383161093a73d9dea5cbf7 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 18 Apr 2019 17:27:07 -0400
Subject: [PATCH] Remove krb5int_c_combine_keys()
This method of combining keys was specified by
draft-ietf-krb-wg-kerberos-sam for DES and 3DES enctypes, and is
otherwise unused. Remove it.
[ghudson@mit.edu: rewrote commit message]
ticket: 8812
(cherry picked from commit 925a7df2f486aaa3ff137d2bcdf8ff57186638c6)
[rharwood@redhat.com: conflicts: .gitignore]
---
src/include/k5-int.h | 7 -
src/lib/crypto/crypto_tests/Makefile.in | 12 +-
src/lib/crypto/crypto_tests/deps | 10 --
src/lib/crypto/crypto_tests/t_combine.c | 62 -------
src/lib/crypto/krb/Makefile.in | 3 -
src/lib/crypto/krb/combine_keys.c | 227 ------------------------
src/lib/crypto/krb/deps | 13 --
src/lib/crypto/libk5crypto.exports | 1 -
8 files changed, 3 insertions(+), 332 deletions(-)
delete mode 100644 src/lib/crypto/crypto_tests/t_combine.c
delete mode 100644 src/lib/crypto/krb/combine_keys.c
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 2bc59e636..0857fd1cc 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -673,13 +673,6 @@ zapfreedata(krb5_data *data)
}
}
-/*
- * Combine two keys (normally used by the hardware preauth mechanism)
- */
-krb5_error_code
-krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
- krb5_keyblock *key2, krb5_keyblock *outkey);
-
void krb5int_c_free_keyblock(krb5_context, krb5_keyblock *key);
void krb5int_c_free_keyblock_contents(krb5_context, krb5_keyblock *);
krb5_error_code krb5int_c_init_keyblock(krb5_context, krb5_enctype enctype,
diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in
index 09feeb50e..0295ee14f 100644
--- a/src/lib/crypto/crypto_tests/Makefile.in
+++ b/src/lib/crypto/crypto_tests/Makefile.in
@@ -23,8 +23,7 @@ EXTRADEPSRCS=\
$(srcdir)/t_short.c \
$(srcdir)/t_str2key.c \
$(srcdir)/t_derive.c \
- $(srcdir)/t_fork.c \
- $(srcdir)/t_combine.c
+ $(srcdir)/t_fork.c
##DOS##BUILDTOP = ..\..\..
@@ -33,8 +32,7 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
aes-test \
camellia-test \
t_mddriver4 t_mddriver \
- t_cts t_sha2 t_short t_str2key t_derive t_fork t_cf2 \
- t_combine
+ t_cts t_sha2 t_short t_str2key t_derive t_fork t_cf2
$(RUN_TEST) ./t_nfold
$(RUN_TEST) ./t_encrypt
$(RUN_TEST) ./t_decrypt
@@ -59,7 +57,6 @@ check-unix: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
$(RUN_TEST) ./t_fork
$(RUN_TEST) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output
diff t_cf2.output $(srcdir)/t_cf2.expected
- $(RUN_TEST) ./t_combine
# $(RUN_TEST) ./t_pkcs5
t_nfold$(EXEEXT): t_nfold.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
@@ -134,9 +131,6 @@ t_fork$(EXEEXT): t_fork.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
t_cf2$(EXEEXT): t_cf2.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o $@ t_cf2.$(OBJEXT) $(KRB5_BASE_LIBS)
-t_combine$(EXEEXT): t_combine.$(OBJEXT) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $@ t_combine.$(OBJEXT) $(KRB5_BASE_LIBS)
-
clean:
$(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o \
t_decrypt.o t_decrypt t_prng.o t_prng t_cmac.o t_cmac \
@@ -149,7 +143,7 @@ clean:
t_str2key.o t_derive t_derive.o t_fork t_fork.o \
t_mddriver$(EXEEXT) $(OUTPRE)t_mddriver.$(OBJEXT) \
camellia-test camellia-test.o camellia-vt.txt \
- t_cf2 t_cf2.o t_cf2.output t_combine.o t_combine
+ t_cf2 t_cf2.o t_cf2.output
-$(RM) t_prng.output
-$(RM) t_prf.output
diff --git a/src/lib/crypto/crypto_tests/deps b/src/lib/crypto/crypto_tests/deps
index 19fef2582..0d10d4a1a 100644
--- a/src/lib/crypto/crypto_tests/deps
+++ b/src/lib/crypto/crypto_tests/deps
@@ -226,13 +226,3 @@ $(OUTPRE)t_fork.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h t_fork.c
-$(OUTPRE)t_combine.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
- $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h t_combine.c
diff --git a/src/lib/crypto/crypto_tests/t_combine.c b/src/lib/crypto/crypto_tests/t_combine.c
deleted file mode 100644
index ba0622bcf..000000000
--- a/src/lib/crypto/crypto_tests/t_combine.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* lib/crypto/crypto_tests/t_combine.c - krb5int_c_combine_keys tests */
-/*
- * Copyright (C) 2014 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "k5-int.h"
-
-unsigned char des3_key1[] = "\x10\xB6\x75\xD5\x5B\xD9\x6E\x73"
- "\xFD\x54\xB3\x3D\x37\x52\xC1\x2A\xF7\x43\x91\xFE\x1C\x02\x37\x13";
-unsigned char des3_key2[] = "\xC8\xDA\x3E\xA7\xB6\x64\xAE\x7A"
- "\xB5\x70\x2A\x29\xB3\xBF\x9B\xA8\x46\x7C\x5B\xA8\x8A\x46\x70\x10";
-unsigned char des3_result[] = "\x2F\x79\x97\x3E\x3E\xA4\x73\x1A"
- "\xB9\x3D\xEF\x5E\x7C\x29\xFB\x2A\x68\x86\x1F\xC1\x85\x0E\x79\x92";
-
-int
-main(int argc, char **argv)
-{
- krb5_keyblock kb1, kb2, result;
-
- kb1.enctype = ENCTYPE_DES3_CBC_SHA1;
- kb1.contents = des3_key1;
- kb1.length = 24;
- kb2.enctype = ENCTYPE_DES3_CBC_SHA1;
- kb2.contents = des3_key2;
- kb2.length = 24;
- memset(&result, 0, sizeof(result));
- if (krb5int_c_combine_keys(NULL, &kb1, &kb2, &result) != 0)
- abort();
- if (result.enctype != ENCTYPE_DES3_CBC_SHA1 || result.length != 24 ||
- memcmp(result.contents, des3_result, 24) != 0)
- abort();
- krb5_free_keyblock_contents(NULL, &result);
-
- return 0;
-}
diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in
index c0e0b791b..536bacb6e 100644
--- a/src/lib/crypto/krb/Makefile.in
+++ b/src/lib/crypto/krb/Makefile.in
@@ -22,7 +22,6 @@ STLIBOBJS=\
cksumtypes.o \
cmac.o \
coll_proof_cksum.o \
- combine_keys.o \
crypto_length.o \
crypto_libinit.o \
default_state.o \
@@ -84,7 +83,6 @@ OBJS=\
$(OUTPRE)cksumtypes.$(OBJEXT) \
$(OUTPRE)cmac.$(OBJEXT) \
$(OUTPRE)coll_proof_cksum.$(OBJEXT) \
- $(OUTPRE)combine_keys.$(OBJEXT) \
$(OUTPRE)crypto_length.$(OBJEXT) \
$(OUTPRE)crypto_libinit.$(OBJEXT) \
$(OUTPRE)default_state.$(OBJEXT) \
@@ -146,7 +144,6 @@ SRCS=\
$(srcdir)/cksumtypes.c \
$(srcdir)/cmac.c \
$(srcdir)/coll_proof_cksum.c \
- $(srcdir)/combine_keys.c \
$(srcdir)/crypto_length.c \
$(srcdir)/crypto_libinit.c \
$(srcdir)/default_state.c \
diff --git a/src/lib/crypto/krb/combine_keys.c b/src/lib/crypto/krb/combine_keys.c
deleted file mode 100644
index c36434e17..000000000
--- a/src/lib/crypto/krb/combine_keys.c
+++ /dev/null
@@ -1,227 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* Copyright (c) 2002 Naval Research Laboratory (NRL/CCS) */
-/*
- * Permission to use, copy, modify and distribute this software and its
- * documentation is hereby granted, provided that both the copyright
- * notice and this permission notice appear in all copies of the software,
- * derivative works or modified versions, and any portions thereof.
- *
- * NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND
- * DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER
- * RESULTING FROM THE USE OF THIS SOFTWARE.
- */
-
-/*
- * Key combination function.
- *
- * If Key1 and Key2 are two keys to be combined, the algorithm to combine
- * them is as follows.
- *
- * Definitions:
- *
- * k-truncate is defined as truncating to the key size the input.
- *
- * DR is defined as the generate "random" data from a key
- * (defined in crypto draft)
- *
- * DK is defined as the key derivation function (krb5int_derive_key())
- *
- * (note: | means "concatenate")
- *
- * Combine key algorithm:
- *
- * R1 = DR(Key1, n-fold(Key2)) [ Output is length of Key1 ]
- * R2 = DR(Key2, n-fold(Key1)) [ Output is length of Key2 ]
- *
- * rnd = n-fold(R1 | R2) [ Note: output size of nfold must be appropriately
- * sized for random-to-key function ]
- * tkey = random-to-key(rnd)
- * Combine-Key(Key1, Key2) = DK(tkey, CombineConstant)
- *
- * CombineConstant is defined as the byte string:
- *
- * { 0x63 0x6f 0x6d 0x62 0x69 0x6e 0x65 }, which corresponds to the
- * ASCII encoding of the string "combine"
- */
-
-#include "crypto_int.h"
-
-static krb5_error_code dr(const struct krb5_enc_provider *enc,
- const krb5_keyblock *inkey, unsigned char *outdata,
- const krb5_data *in_constant);
-
-/*
- * We only support this combine_keys algorithm for des and 3des keys.
- * Everything else should use the PRF defined in the crypto framework.
- * We don't implement that yet.
- */
-
-static krb5_boolean
-enctype_ok(krb5_enctype e)
-{
- switch (e) {
- case ENCTYPE_DES3_CBC_SHA1:
- return TRUE;
- default:
- return FALSE;
- }
-}
-
-krb5_error_code
-krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
- krb5_keyblock *key2, krb5_keyblock *outkey)
-{
- unsigned char *r1 = NULL, *r2 = NULL, *combined = NULL, *rnd = NULL;
- unsigned char *output = NULL;
- size_t keybytes, keylength;
- const struct krb5_enc_provider *enc;
- krb5_data input, randbits;
- krb5_keyblock tkeyblock;
- krb5_key tkey = NULL;
- krb5_error_code ret;
- const struct krb5_keytypes *ktp;
- krb5_boolean myalloc = FALSE;
-
- if (!enctype_ok(key1->enctype) || !enctype_ok(key2->enctype))
- return KRB5_CRYPTO_INTERNAL;
-
- if (key1->length != key2->length || key1->enctype != key2->enctype)
- return KRB5_CRYPTO_INTERNAL;
-
- /* Find our encryption algorithm. */
- ktp = find_enctype(key1->enctype);
- if (ktp == NULL)
- return KRB5_BAD_ENCTYPE;
- enc = ktp->enc;
-
- keybytes = enc->keybytes;
- keylength = enc->keylength;
-
- /* Allocate and set up buffers. */
- r1 = k5alloc(keybytes, &ret);
- if (ret)
- goto cleanup;
- r2 = k5alloc(keybytes, &ret);
- if (ret)
- goto cleanup;
- rnd = k5alloc(keybytes, &ret);
- if (ret)
- goto cleanup;
- combined = k5calloc(2, keybytes, &ret);
- if (ret)
- goto cleanup;
- output = k5alloc(keylength, &ret);
- if (ret)
- goto cleanup;
-
- /*
- * Get R1 and R2 (by running the input keys through the DR algorithm.
- * Note this is most of derive-key, but not all.
- */
-
- input.length = key2->length;
- input.data = (char *) key2->contents;
- ret = dr(enc, key1, r1, &input);
- if (ret)
- goto cleanup;
-
- input.length = key1->length;
- input.data = (char *) key1->contents;
- ret = dr(enc, key2, r2, &input);
- if (ret)
- goto cleanup;
-
- /*
- * Concatenate the two keys together, and then run them through
- * n-fold to reduce them to a length appropriate for the random-to-key
- * operation. Note here that krb5int_nfold() takes sizes in bits, hence
- * the multiply by 8.
- */
-
- memcpy(combined, r1, keybytes);
- memcpy(combined + keybytes, r2, keybytes);
-
- krb5int_nfold((keybytes * 2) * 8, combined, keybytes * 8, rnd);
-
- /*
- * Run the "random" bits through random-to-key to produce a encryption
- * key.
- */
-
- randbits.length = keybytes;
- randbits.data = (char *) rnd;
- tkeyblock.length = keylength;
- tkeyblock.contents = output;
- tkeyblock.enctype = key1->enctype;
-
- ret = (*ktp->rand2key)(&randbits, &tkeyblock);
- if (ret)
- goto cleanup;
-
- ret = krb5_k_create_key(NULL, &tkeyblock, &tkey);
- if (ret)
- goto cleanup;
-
- /*
- * Run through derive-key one more time to produce the final key.
- * Note that the input to derive-key is the ASCII string "combine".
- */
-
- input.length = 7;
- input.data = "combine";
-
- /*
- * Just FYI: _if_ we have space here in the key, then simply use it
- * without modification. But if the key is blank (no allocated storage)
- * then allocate some memory for it. This allows programs to use one of
- * the existing keys as the output key, _or_ pass in a blank keyblock
- * for us to allocate. It's easier for us to allocate it since we already
- * know the crypto library internals
- */
-
- if (outkey->length == 0 || outkey->contents == NULL) {
- outkey->contents = k5alloc(keylength, &ret);
- if (ret)
- goto cleanup;
- outkey->length = keylength;
- outkey->enctype = key1->enctype;
- myalloc = TRUE;
- }
-
- ret = krb5int_derive_keyblock(enc, NULL, tkey, outkey, &input,
- DERIVE_RFC3961);
- if (ret) {
- if (myalloc) {
- free(outkey->contents);
- outkey->contents = NULL;
- }
- goto cleanup;
- }
-
-cleanup:
- zapfree(r1, keybytes);
- zapfree(r2, keybytes);
- zapfree(rnd, keybytes);
- zapfree(combined, keybytes * 2);
- zapfree(output, keylength);
- krb5_k_free_key(NULL, tkey);
- return ret;
-}
-
-/* Our DR function, a simple wrapper around krb5int_derive_random(). */
-static krb5_error_code
-dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
- unsigned char *out, const krb5_data *in_constant)
-{
- krb5_data outdata = make_data(out, enc->keybytes);
- krb5_key key = NULL;
- krb5_error_code ret;
-
- ret = krb5_k_create_key(NULL, inkey, &key);
- if (ret != 0)
- return ret;
- ret = krb5int_derive_random(enc, NULL, key, &outdata, in_constant,
- DERIVE_RFC3961);
- krb5_k_free_key(NULL, key);
- return ret;
-}
diff --git a/src/lib/crypto/krb/deps b/src/lib/crypto/krb/deps
index f9a740860..2f4af1906 100644
--- a/src/lib/crypto/krb/deps
+++ b/src/lib/crypto/krb/deps
@@ -191,19 +191,6 @@ coll_proof_cksum.so coll_proof_cksum.po $(OUTPRE)coll_proof_cksum.$(OBJEXT): \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h coll_proof_cksum.c \
crypto_int.h
-combine_keys.so combine_keys.po $(OUTPRE)combine_keys.$(OBJEXT): \
- $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \
- $(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
- $(top_srcdir)/include/socket-utils.h combine_keys.c \
- crypto_int.h
crypto_length.so crypto_length.po $(OUTPRE)crypto_length.$(OBJEXT): \
$(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
$(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports
index 63804299f..451d5e035 100644
--- a/src/lib/crypto/libk5crypto.exports
+++ b/src/lib/crypto/libk5crypto.exports
@@ -58,7 +58,6 @@ krb5_c_prf_length
krb5int_c_mandatory_cksumtype
krb5_c_fx_cf2_simple
krb5int_c_weak_enctype
-krb5int_c_combine_keys
krb5_encrypt_data
krb5int_c_copy_keyblock
krb5int_c_copy_keyblock_contents

73
Remove-support-for-no-flags-SAM-2-preauth.patch Normal file
View File

@ -0,0 +1,73 @@
From 2c6a5bea4319b6b1705d6c9c6a2bb78c9999089f Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 17 Apr 2019 17:07:46 -0400
Subject: [PATCH] Remove support for no-flags SAM-2 preauth
When neither the send-encrypted-sad nor the use-sad-as-key flag is set
in the SAM-2 challenge, the protocol calls for the AS key to be
combined with the string-to-key of the SAD using a key combination
method which has only been implemented for DES and 3DES enctypes.
Rather than extending key combination, remove support for this case.
[ghudson@mit.edu: rewrote commit message, added comment]
ticket: 8812 (new)
(cherry picked from commit c30e0af224ef3716513744fd86aec3eeea90abf9)
---
src/lib/krb5/krb/preauth_sam2.c | 40 +++++++++------------------------
1 file changed, 11 insertions(+), 29 deletions(-)
diff --git a/src/lib/krb5/krb/preauth_sam2.c b/src/lib/krb5/krb/preauth_sam2.c
index c7484c47e..fda86bee2 100644
--- a/src/lib/krb5/krb/preauth_sam2.c
+++ b/src/lib/krb5/krb/preauth_sam2.c
@@ -211,38 +211,20 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata,
/* Get encryption key to be used for checksum and sam_response */
if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
/* Retain as_key from above gak_fct call. */
-
- if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) {
- /* as_key = combine_key (as_key, string_to_key(SAD)) */
- krb5_keyblock tmp_kb;
-
- retval = krb5_c_string_to_key(context, sc2b->sam_etype,
- &response_data, salt, &tmp_kb);
-
- if (retval) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- if (defsalt.length) free(defsalt.data);
- return(retval);
- }
-
- /* This should be a call to the crypto library some day */
- /* key types should already match the sam_etype */
- retval = krb5int_c_combine_keys(context, &ctx->as_key, &tmp_kb,
- &ctx->as_key);
-
- if (retval) {
- krb5_free_sam_challenge_2(context, sc2);
- krb5_free_sam_challenge_2_body(context, sc2b);
- if (defsalt.length) free(defsalt.data);
- return(retval);
- }
- krb5_free_keyblock_contents(context, &tmp_kb);
- }
-
if (defsalt.length)
free(defsalt.data);
+ if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) {
+ /*
+ * If no flags are set, the protocol calls for us to combine the
+ * initial reply key with the SAD, using a method which is only
+ * specified for DES and 3DES enctypes. We no longer support this
+ * case.
+ */
+ krb5_free_sam_challenge_2(context, sc2);
+ krb5_free_sam_challenge_2_body(context, sc2b);
+ return(KRB5_SAM_UNSUPPORTED);
+ }
} else {
/* as_key = string_to_key(SAD) */

8
krb5.spec
View File

@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.17
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
Release: 26%{?dist}
Release: 27%{?dist}
# lookaside-cached sources; two downloads and a build artifact
Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz
@ -103,6 +103,9 @@ Patch138: Update-test-suite-to-avoid-single-DES-enctypes.patch
Patch139: Remove-support-for-single-DES-and-CRC.patch
Patch140: Display-unsupported-enctype-names.patch
Patch141: krb5-1.17post3-FIPS-with-PRNG-SPAKE-and-RADIUS.patch
Patch142: Add-zapfreedata-convenience-function.patch
Patch143: Remove-support-for-no-flags-SAM-2-preauth.patch
Patch144: Remove-krb5int_c_combine_keys.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@ -712,6 +715,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
* Thu May 30 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-27
- Remove krb5int_c_combine_keys() and no-flags SAM-2 preauth
* Tue May 28 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-26
- Remove support for single-DES and CRC