krb5: implement draft-ietf-kitten-aes-cts-hmac-sha2-07

heimdal · Oct 8, 2016 · 7b720cf · 7b720cf
1 parent a3bece1
commit 7b720cf
Show file tree

Hide file tree

Showing 32 changed files with 1,661 additions and 381 deletions.
diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
@@ -1106,11 +1106,33 @@ get_pa_etype_info(krb5_context context,
  *
  */
 
-extern int _krb5_AES_string_to_default_iterator;
+extern int _krb5_AES_SHA1_string_to_default_iterator;
+extern int _krb5_AES_SHA2_string_to_default_iterator;
+
+static krb5_error_code
+make_s2kparams(int value, size_t len, krb5_data **ps2kparams)
+{
+    krb5_data *s2kparams;
+    krb5_error_code ret;
+
+    ALLOC(s2kparams);
+    if (s2kparams == NULL)
+	return ENOMEM;
+    ret = krb5_data_alloc(s2kparams, len);
+    if (ret) {
+	free(s2kparams);
+	return ret;
+    }
+    _krb5_put_int(s2kparams->data, value, len);
+    *ps2kparams = s2kparams;
+    return 0;
+}
 
 static krb5_error_code
 make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
 {
+    krb5_error_code ret;
+
     ent->etype = key->key.keytype;
     if(key->salt) {
 	ALLOC(ent->salt);
@@ -1132,44 +1154,28 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
     switch (key->key.keytype) {
     case ETYPE_AES128_CTS_HMAC_SHA1_96:
     case ETYPE_AES256_CTS_HMAC_SHA1_96:
-	ALLOC(ent->s2kparams);
-	if (ent->s2kparams == NULL)
-	    return ENOMEM;
-	ent->s2kparams->length = 4;
-	ent->s2kparams->data = malloc(ent->s2kparams->length);
-	if (ent->s2kparams->data == NULL) {
-	    free(ent->s2kparams);
-	    ent->s2kparams = NULL;
-	    return ENOMEM;
-	}
-	_krb5_put_int(ent->s2kparams->data,
-		      _krb5_AES_string_to_default_iterator,
-		      ent->s2kparams->length);
+	ret = make_s2kparams(_krb5_AES_SHA1_string_to_default_iterator,
+			     4, &ent->s2kparams);
+	break;
+    case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128:
+    case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192:
+	ret = make_s2kparams(_krb5_AES_SHA2_string_to_default_iterator,
+			     4, &ent->s2kparams);
 	break;
     case ETYPE_DES_CBC_CRC:
     case ETYPE_DES_CBC_MD4:
     case ETYPE_DES_CBC_MD5:
 	/* Check if this was a AFS3 salted key */
-	if(key->salt && key->salt->type == hdb_afs3_salt){
-	    ALLOC(ent->s2kparams);
-	    if (ent->s2kparams == NULL)
-		return ENOMEM;
-	    ent->s2kparams->length = 1;
-	    ent->s2kparams->data = malloc(ent->s2kparams->length);
-	    if (ent->s2kparams->data == NULL) {
-		free(ent->s2kparams);
-		ent->s2kparams = NULL;
-		return ENOMEM;
-	    }
-	    _krb5_put_int(ent->s2kparams->data,
-			  1,
-			  ent->s2kparams->length);
-	}
+	if(key->salt && key->salt->type == hdb_afs3_salt)
+	    ret = make_s2kparams(1, 1, &ent->s2kparams);
+	else
+	    ret = 0;
 	break;
     default:
+	ret = 0;
 	break;
     }
-    return 0;
+    return ret;
 }
 
 /*

diff --git a/lib/asn1/krb5.asn1 b/lib/asn1/krb5.asn1
@@ -233,6 +233,8 @@ CKSUMTYPE ::= INTEGER {
 	CKSUMTYPE_SHA1(14),
 	CKSUMTYPE_HMAC_SHA1_96_AES_128(15),
 	CKSUMTYPE_HMAC_SHA1_96_AES_256(16),
+	CKSUMTYPE_HMAC_SHA256_128_AES128(19),
+	CKSUMTYPE_HMAC_SHA384_192_AES256(20),
 	CKSUMTYPE_GSSAPI(0x8003),
 	CKSUMTYPE_HMAC_MD5(-138),	-- unofficial microsoft number
 	CKSUMTYPE_HMAC_MD5_ENC(-1138)	-- even more unofficial
@@ -252,6 +254,8 @@ ENCTYPE ::= INTEGER {
 	KRB5_ENCTYPE_DES3_CBC_SHA1(16),	-- with key derivation
 	KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96(17),
 	KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96(18),
+	KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128(19),
+	KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192(20),
 	KRB5_ENCTYPE_ARCFOUR_HMAC_MD5(23),
 	KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56(24),
 	KRB5_ENCTYPE_ENCTYPE_PK_CROSS(48),

diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c
@@ -423,16 +423,10 @@ init_auth
     /*
      * This is hideous glue for (NFS) clients that wants to limit the
      * available enctypes to what it can support (encryption in
-     * kernel). If there is no enctypes selected for this credential,
-     * reset it to the default set of enctypes.
+     * kernel).
      */
-    {
-	krb5_enctype *enctypes = NULL;
-
-	if (cred && cred->enctypes)
-	    enctypes = cred->enctypes;
-	krb5_set_default_in_tkt_etypes(context, enctypes);
-    }
+    if (cred && cred->enctypes)
+	krb5_set_default_in_tkt_etypes(context, cred->enctypes);
 
     ret = gsskrb5_get_creds(minor_status, context, ctx->ccache,
 			    ctx, name, time_req, time_rec);

diff --git a/lib/hcrypto/evp.h b/lib/hcrypto/evp.h
@@ -98,6 +98,7 @@
 #define EVP_sha256 hc_EVP_sha256
 #define EVP_sha384 hc_EVP_sha384
 #define EVP_sha512 hc_EVP_sha512
+#define PKCS5_PBKDF2_HMAC hc_PKCS5_PBKDF2_HMAC
 #define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1
 #define EVP_BytesToKey hc_EVP_BytesToKey
 #define EVP_get_cipherbyname hc_EVP_get_cipherbyname
@@ -333,6 +334,9 @@ int	EVP_CipherFinal_ex(EVP_CIPHER_CTX *, void *, int *);
 
 int	EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t);
 
+int	PKCS5_PBKDF2_HMAC(const void *, size_t, const void *, size_t,
+			  unsigned long, const EVP_MD *, size_t, void *);
+
 int	PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t,
 			       unsigned long, size_t, void *);
 

diff --git a/lib/hcrypto/libhcrypto-exports.def b/lib/hcrypto/libhcrypto-exports.def
@@ -276,6 +276,7 @@ EXPORTS
 	hc_OpenSSL_add_all_algorithms_conf
 	hc_OpenSSL_add_all_algorithms_noconf
 	hc_PKCS12_key_gen
+	hc_PKCS5_PBKDF2_HMAC
 	hc_PKCS5_PBKDF2_HMAC_SHA1
 	hc_RAND_add
 	hc_RAND_bytes

diff --git a/lib/hcrypto/pkcs5.c b/lib/hcrypto/pkcs5.c
@@ -49,6 +49,7 @@
  * @param salt Salt
  * @param salt_len Length of salt.
  * @param iter iteration counter.
+ * @param md the digest function.
  * @param keylen the output key length.
  * @param key the output key.
  *
@@ -58,21 +59,23 @@
  */
 
 int
-PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len,
-		       const void * salt, size_t salt_len,
-		       unsigned long iter,
-		       size_t keylen, void *key)
+PKCS5_PBKDF2_HMAC(const void * password, size_t password_len,
+		  const void * salt, size_t salt_len,
+		  unsigned long iter,
+		  const EVP_MD *md,
+		  size_t keylen, void *key)
 {
     size_t datalen, leftofkey, checksumsize;
     char *data, *tmpcksum;
     uint32_t keypart;
-    const EVP_MD *md;
     unsigned long i;
     int j;
     char *p;
     unsigned int hmacsize;
 
-    md = EVP_sha1();
+    if (md == NULL)
+	return 0;
+
     checksumsize = EVP_MD_size(md);
     datalen = salt_len + 4;
 
@@ -122,3 +125,28 @@ PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len,
 
     return 1;
 }
+
+/**
+ * As descriped in PKCS5, convert a password, salt, and iteration counter into a crypto key.
+ *
+ * @param password Password.
+ * @param password_len Length of password.
+ * @param salt Salt
+ * @param salt_len Length of salt.
+ * @param iter iteration counter.
+ * @param keylen the output key length.
+ * @param key the output key.
+ *
+ * @return 1 on success, non 1 on failure.
+ *
+ * @ingroup hcrypto_misc
+ */
+int
+PKCS5_PBKDF2_HMAC_SHA1(const void * password, size_t password_len,
+		       const void * salt, size_t salt_len,
+		       unsigned long iter,
+		       size_t keylen, void *key)
+{
+    return PKCS5_PBKDF2_HMAC(password, password_len, salt, salt_len, iter,
+			     EVP_sha1(), keylen, key);
+}
diff --git a/lib/hcrypto/test_pkcs5.c b/lib/hcrypto/test_pkcs5.c
@@ -107,24 +107,24 @@ test_pkcs5_pbe2(const struct tests *t)
     unsigned char key[32];
     int ret, error = 0;
 
-    ret = PKCS5_PBKDF2_HMAC_SHA1(t->password, strlen(t->password),
-				 t->salt, strlen(t->salt),
-				 t->iterations,
-				 16, key);
+    ret = PKCS5_PBKDF2_HMAC(t->password, strlen(t->password),
+			    t->salt, strlen(t->salt),
+			    t->iterations, EVP_sha1(),
+			    16, key);
     if (ret != 1)
-	errx(1, "PKCS5_PBKDF2_HMAC_SHA1: %d", ret);
+	errx(1, "PKCS5_PBKDF2_HMAC: %d", ret);
 
     if (memcmp(t->pbkdf2_128, key, 16) != 0) {
 	printf("incorrect 128 key\n");
 	error++;
     }
 
-    ret = PKCS5_PBKDF2_HMAC_SHA1(t->password, strlen(t->password),
-				 t->salt, strlen(t->salt),
-				 t->iterations,
-				 32, key);
+    ret = PKCS5_PBKDF2_HMAC(t->password, strlen(t->password),
+			    t->salt, strlen(t->salt),
+			    t->iterations, EVP_sha1(),
+			    32, key);
     if (ret != 1)
-	errx(1, "PKCS5_PBKDF2_HMAC_SHA1: %d", ret);
+	errx(1, "PKCS5_PBKDF2_HMAC: %d", ret);
 
     if (memcmp(t->pbkdf2_256, key, 32) != 0) {
 	printf("incorrect 256 key\n");

diff --git a/lib/hcrypto/undef.h b/lib/hcrypto/undef.h
@@ -133,6 +133,7 @@
 #undef EVP_sha256
 #undef EVP_sha384
 #undef EVP_sha512
+#undef PKCS5_PBKDF2_HMAC
 #undef PKCS5_PBKDF2_HMAC_SHA1
 #undef EVP_BytesToKey
 #undef EVP_get_cipherbyname

diff --git a/lib/hcrypto/version-script.map b/lib/hcrypto/version-script.map
@@ -261,6 +261,7 @@ HEIMDAL_CRYPTO_1.0 {
 		hc_OpenSSL_add_all_algorithms_conf;
 		hc_OpenSSL_add_all_algorithms_noconf;
 		hc_PKCS12_key_gen;
+		hc_PKCS5_PBKDF2_HMAC;
 		hc_PKCS5_PBKDF2_HMAC_SHA1;
 		hc_RAND_add;
 		hc_RAND_bytes;