[OpenAFS-devel] understanding rxkad
Chaskiel M Grundman
cg2v@andrew.cmu.edu
Fri, 06 Oct 2006 13:44:39 -0400
--On Friday, October 06, 2006 09:21:51 AM -0500 John Hascall
<john@iastate.edu> wrote:
> So *how* does the server know that only the function-number is encrypted
> vs. all of the payload? (not to mention why bother encrypting the
> least sensitive bit of the whole thing!)
One of the things that is negotiated is the "rxkad level", that is, the
level of data protection ostensibly provided. this data is only in the
encrypted challenge/response packets and is not visible at the rx layer.
There are three levels:
rxkad_clear: no protection beyond the 16bit checksum in the header.
rxkad_auth: nominal integrity protection. an exta 4 byte value is prepended
to the payload. This word contains the packet sequence number, the call
number, and the packet length. the first block (8 bytes) of the payload is
encrypted. This should prevent an attacker from being able to manufacture
new packets (they can only modify existing ones) , changing the opcode of
an rpc (from say read to write) in an existing packet, or replaying packets.
rxkad_auth: confidentiality. the same 4 byte value is prepended to the
packet and the entire payload is encrypted.
I'm not sure how you got rxkad_auth in a vos request. As far as I can tell,
vsu_ClientInit still defaults to rxkad_clear.