restrict AEAD usage to GSS-API CFX

heimdal · Dec 17, 2015 · eae7fa1 · eae7fa1
1 parent d8e7b27
commit eae7fa1
Showing 1 changed file with 20 additions and 6 deletions.
diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
@@ -1475,14 +1475,28 @@ iov_ivec_aead(krb5_context context,
     krb5_error_code ret;
     struct _krb5_key_data *dkey;
 
-    if (derived_crypto(context, crypto)) {
-	ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
-	if (ret)
-	    return ret;
-    } else {
-	dkey = &crypto->key;
+    /*
+     * Allow GSS-API CFX key usages as they have appropriately constructed
+     * initialization vectors.
+     *
+     * This is brittle but will stop AEAD being used with long-term keys.
+     * In the future, we may derive a key from a salt placed in the header
+     * for usages aside from GSS-API.
+     */
+    switch (usage) {
+    case KRB5_KU_USAGE_ACCEPTOR_SEAL:
+    case KRB5_KU_USAGE_ACCEPTOR_SIGN:
+    case KRB5_KU_USAGE_INITIATOR_SEAL:
+    case KRB5_KU_USAGE_INITIATOR_SIGN:
+	break;
+    default:
+	return KRB5_PROG_ETYPE_NOSUPP;
     }
 
+    ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
+    if (ret)
+	return ret;
+
     ret = _key_schedule(context, dkey);
     if (ret)
 	return ret;