From ba1fd0a44c74089d42af244ff2b315baf506fd2f Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 15 Jan 2019 16:16:57 -0500
Subject: [PATCH] Add function and enctype flag for deprecations

krb5int_c_deprecated_enctype() checks for the ETYPE_DEPRECATED flag on
enctypes.  All ENCTYPE_WEAK enctypes are currently deprecated; not all
deprecated enctypes are considered weak.  Deprecations follow RFC 6649
and RFC 8429.

(cherry picked from commit 484a6e7712f9b66e782b2520f07b0883889e116f)
---
 src/include/k5-int.h               |  1 +
 src/lib/crypto/krb/crypto_int.h    |  9 ++++++++-
 src/lib/crypto/krb/enctype_util.c  |  7 +++++++
 src/lib/crypto/krb/etypes.c        | 19 ++++++++++---------
 src/lib/crypto/libk5crypto.exports |  1 +
 src/lib/krb5_32.def                |  3 +++
 6 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 8f9329c59..255cee822 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -2077,6 +2077,7 @@ krb5_get_tgs_ktypes(krb5_context, krb5_const_principal, krb5_enctype **);
 krb5_boolean krb5_is_permitted_enctype(krb5_context, krb5_enctype);
 
 krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype);
+krb5_boolean KRB5_CALLCONV krb5int_c_deprecated_enctype(krb5_enctype);
 krb5_error_code k5_enctype_to_ssf(krb5_enctype enctype, unsigned int *ssf_out);
 
 krb5_error_code krb5_kdc_rep_decrypt_proc(krb5_context, const krb5_keyblock *,
diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h
index e5099291e..6c1c77cac 100644
--- a/src/lib/crypto/krb/crypto_int.h
+++ b/src/lib/crypto/krb/crypto_int.h
@@ -114,7 +114,14 @@ struct krb5_keytypes {
     unsigned int ssf;
 };
 
-#define ETYPE_WEAK 1
+/*
+ * "Weak" means the enctype is believed to be vulnerable to practical attacks,
+ * and will be disabled unless allow_weak_crypto is set to true.  "Deprecated"
+ * means the enctype has been deprecated by the IETF, and affects display and
+ * logging.
+ */
+#define ETYPE_WEAK (1 << 0)
+#define ETYPE_DEPRECATED (1 << 1)
 
 extern const struct krb5_keytypes krb5int_enctypes_list[];
 extern const int krb5int_enctypes_length;
diff --git a/src/lib/crypto/krb/enctype_util.c b/src/lib/crypto/krb/enctype_util.c
index b1b40e7ec..e394f4e19 100644
--- a/src/lib/crypto/krb/enctype_util.c
+++ b/src/lib/crypto/krb/enctype_util.c
@@ -51,6 +51,13 @@ krb5int_c_weak_enctype(krb5_enctype etype)
     return (ktp != NULL && (ktp->flags & ETYPE_WEAK) != 0);
 }
 
+krb5_boolean KRB5_CALLCONV
+krb5int_c_deprecated_enctype(krb5_enctype etype)
+{
+    const struct krb5_keytypes *ktp = find_enctype(etype);
+    return ktp != NULL && (ktp->flags & ETYPE_DEPRECATED) != 0;
+}
+
 krb5_error_code KRB5_CALLCONV
 krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2,
                        krb5_boolean *similar)
diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c
index 53d4a5c79..8f44c37e7 100644
--- a/src/lib/crypto/krb/etypes.c
+++ b/src/lib/crypto/krb/etypes.c
@@ -33,6 +33,7 @@
    that the keytypes are all near each other.  I'd rather not make
    that assumption. */
 
+/* Deprecations come from RFC 6649 and RFC 8249. */
 const struct krb5_keytypes krb5int_enctypes_list[] = {
     { ENCTYPE_DES_CBC_CRC,
       "des-cbc-crc", { 0 }, "DES cbc mode with CRC-32",
@@ -42,7 +43,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_des_string_to_key, k5_rand2key_des,
       krb5int_des_prf,
       CKSUMTYPE_RSA_MD5_DES,
-      ETYPE_WEAK, 56 },
+      ETYPE_WEAK | ETYPE_DEPRECATED, 56 },
     { ENCTYPE_DES_CBC_MD4,
       "des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4",
       &krb5int_enc_des, &krb5int_hash_md4,
@@ -51,7 +52,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_des_string_to_key, k5_rand2key_des,
       krb5int_des_prf,
       CKSUMTYPE_RSA_MD4_DES,
-      ETYPE_WEAK, 56 },
+      ETYPE_WEAK | ETYPE_DEPRECATED, 56 },
     { ENCTYPE_DES_CBC_MD5,
       "des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5",
       &krb5int_enc_des, &krb5int_hash_md5,
@@ -60,7 +61,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_des_string_to_key, k5_rand2key_des,
       krb5int_des_prf,
       CKSUMTYPE_RSA_MD5_DES,
-      ETYPE_WEAK, 56 },
+      ETYPE_WEAK | ETYPE_DEPRECATED, 56 },
     { ENCTYPE_DES_CBC_RAW,
       "des-cbc-raw", { 0 }, "DES cbc mode raw",
       &krb5int_enc_des, NULL,
@@ -69,7 +70,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_des_string_to_key, k5_rand2key_des,
       krb5int_des_prf,
       0,
-      ETYPE_WEAK, 56 },
+      ETYPE_WEAK | ETYPE_DEPRECATED, 56 },
     { ENCTYPE_DES3_CBC_RAW,
       "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw",
       &krb5int_enc_des3, NULL,
@@ -78,7 +79,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_dk_string_to_key, k5_rand2key_des3,
       NULL, /*PRF*/
       0,
-      ETYPE_WEAK, 112 },
+      ETYPE_WEAK | ETYPE_DEPRECATED, 112 },
 
     { ENCTYPE_DES3_CBC_SHA1,
       "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" },
@@ -89,7 +90,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_dk_string_to_key, k5_rand2key_des3,
       krb5int_dk_prf,
       CKSUMTYPE_HMAC_SHA1_DES3,
-      0 /*flags*/, 112 },
+      ETYPE_DEPRECATED, 112 },
 
     { ENCTYPE_DES_HMAC_SHA1,
       "des-hmac-sha1", { 0 }, "DES with HMAC/sha1",
@@ -99,7 +100,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_dk_string_to_key, k5_rand2key_des,
       NULL, /*PRF*/
       0,
-      ETYPE_WEAK, 56 },
+      ETYPE_WEAK | ETYPE_DEPRECATED, 56 },
 
     /* rc4-hmac uses a 128-bit key, but due to weaknesses in the RC4 cipher, we
      * consider its strength degraded and assign it an SSF value of 64. */
@@ -113,7 +114,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
       k5_rand2key_direct, krb5int_arcfour_prf,
       CKSUMTYPE_HMAC_MD5_ARCFOUR,
-      0 /*flags*/, 64 },
+      ETYPE_DEPRECATED, 64 },
     { ENCTYPE_ARCFOUR_HMAC_EXP,
       "arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" },
       "Exportable ArcFour with HMAC/md5",
@@ -124,7 +125,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
       k5_rand2key_direct, krb5int_arcfour_prf,
       CKSUMTYPE_HMAC_MD5_ARCFOUR,
-      ETYPE_WEAK, 40
+      ETYPE_WEAK | ETYPE_DEPRECATED, 40
     },
 
     { ENCTYPE_AES128_CTS_HMAC_SHA1_96,
diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports
index 82eb5f30c..90afdf5f7 100644
--- a/src/lib/crypto/libk5crypto.exports
+++ b/src/lib/crypto/libk5crypto.exports
@@ -109,3 +109,4 @@ k5_allow_weak_pbkdf2iter
 krb5_c_prfplus
 krb5_c_derive_prfplus
 k5_enctype_to_ssf
+krb5int_c_deprecated_enctype
diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def
index c35022931..e6a487593 100644
--- a/src/lib/krb5_32.def
+++ b/src/lib/krb5_32.def
@@ -487,3 +487,6 @@ EXPORTS
 	encode_krb5_pa_spake				@444 ; PRIVATE
 	decode_krb5_pa_spake				@445 ; PRIVATE
 	k5_free_pa_spake				@446 ; PRIVATE
+
+; new in 1.18
+	krb5int_c_deprecated_enctype			@450 ; PRIVATE