[OpenAFS-devel] Problem with des3-cbc-sha1 keys and OpenAFS 1.8.X
Benjamin Kaduk
kaduk@mit.edu
Mon, 4 May 2020 21:06:34 -0700
Hi John,
That sounds like an accurate diagnosis and plausible patch.
"But what's really impressive is that triple-DES is used at all!"
Please let me know if you're in a position to submit the patch to gerrit or
I should do so on your behalf. (In review I'll have to check that it works
for builds against both Heimdal and MIT APIs.)
Thanks again,
Ben
On Wed, Apr 29, 2020 at 01:53:06PM -0500, John P Janosik wrote:
>
>
> Hello
>
> I hit a problem with "ticket contained unknown key version number" errors
> while trying to stand up a new OpenAFS 1.8.X server in a cell using non
> single-DES keys for the afs service principal. Any tokens created from a
> des3-cbc-sha1 service ticket fail against the OpenAFS 1.8.X server, but
> work against the IBM AFS servers which use rxkad.keytab to hold the keys.
> The KeyFileExt on the OpenAFS 1.8.x server was generated by running
> akeycovert after copying the rxkad.keytab from one of the
> production/working servers. I believe this is a bug in this section of
> code from rxkad/ticket5.c:tkt_DecodeTicket5 because it passes the wrong key
> size to get_key_enctype for des3-cbc-sha1 keys:
>
> 266 code = krb5_enctype_keybits(context, t5.enc_part.etype,
> &keysize);
> 267 if (code != 0) {
> 268 krb5_free_context(context);
> 269 goto unknown_key;
> 270 }
> 271 keysize = keysize / 8;
> 272 allocsiz = keysize;
> 273 keybuf = rxi_Alloc(allocsiz);
> 274 /* this is not quite a hole for afsconf_GetKeyByTypes. A
> wrapper
> 275 that calls afsconf_GetKeyByTypes and
> afsconf_typedKey_values
> 276 is needed */
> 277 code = get_key_enctype(get_key_rock, v5_serv_kvno,
> t5.enc_part.etype,
> 278 keybuf, &keysize);
> 279 if (code) {
> 280 rxi_Free(keybuf, allocsiz);
> 281 krb5_free_context(context);
> 282 goto unknown_key;
> 283 }
>
> The key bits for des3-cbc-sha1 is 168, but key size is 24. Dividing 168 by
> 8 at line 271 results in 21 instead of 24. When in
> auth/authcon.c:auth_afsconf_GetRxkadKrb5Key AFSCONF_BADKEY is returned due
> to the size mismatch:
>
> 45 static int _afsconf_GetRxkadKrb5Key(void *arock, int kvno, int
> enctype, void *outkey,
> 46 size_t *keylen)
> 47 {
> 48 struct afsconf_dir *adir = arock;
> 49 struct afsconf_typedKey *kobj;
> 50 struct rx_opaque *keymat;
> 51 afsconf_keyType tktype;
> 52 int tkvno, tenctype;
> 53 int code;
> 54
> 55 code = afsconf_GetKeyByTypes(adir, afsconf_rxkad_krb5, kvno,
> enctype, &kobj);
> 56 if (code != 0)
> 57 return code;
> 58 afsconf_typedKey_values(kobj, &tktype, &tkvno, &tenctype,
> &keymat);
> 59 if (*keylen < keymat->len) {
> 60 afsconf_typedKey_put(&kobj);
> 61 return AFSCONF_BADKEY;
> 62 }
> 63 memcpy(outkey, keymat->val, keymat->len);
> 64 *keylen = keymat->len;
> 65 afsconf_typedKey_put(&kobj);
> 66 return 0;
> 67 }
>
> I created the following patch which is working with tokens generated from
> all the key types I tested(des3-cbc-sha1, aes128-cts-hmac-sha1-96,
> aes256-cts-hmac-sha1-96, and arcfour-hmac):
>
> diff -Nrup openafs-1.8.5-orig/src/rxkad/ticket5.c
> openafs-1.8.5-changed/src/rxkad/ticket5.c
> --- openafs-1.8.5-orig/src/rxkad/ticket5.c 2020-04-28
> 15:52:40.455888457 -0500
> +++ openafs-1.8.5-changed/src/rxkad/ticket5.c 2020-04-28
> 15:37:46.788413717 -0500
> @@ -263,12 +263,11 @@ tkt_DecodeTicket5(char *ticket, afs_int3
> krb5_free_context(context);
> goto unknown_key;
> }
> - code = krb5_enctype_keybits(context, t5.enc_part.etype, &keysize);
> + code = krb5_enctype_keysize(context, t5.enc_part.etype, &keysize);
> if (code != 0) {
> krb5_free_context(context);
> goto unknown_key;
> }
> - keysize = keysize / 8;
> allocsiz = keysize;
> keybuf = rxi_Alloc(allocsiz);
> /* this is not quite a hole for afsconf_GetKeyByTypes. A wrapper
>
>
> Thanks,
>
> John Janosik
> jpjanosi@us.ibm.com