RE: [OpenAFS-devel] Problem with des3-cbc-sha1 keys and OpenAFS 1.8.X

[John P Janosik]

Benjamin Kaduk <ka...@mit.edu> wrote on 05/04/2020 11:06:34 PM:

>
> Hi John,
>
> That sounds like an accurate diagnosis and plausible patch.
> "But what's really impressive is that triple-DES is used at all!"
>

Yep, luckily we found while debugging this that the old AIX machines using
triple-DES just need a config update.

> Please let me know if you're in a position to submit the patch to gerrit
or
> I should do so on your behalf.  (In review I'll have to check that it
works
> for builds against both Heimdal and MIT APIs.)
>

I checked with Yadav on the steps to submit the patch to gerrit.  Since it
is unlikely I will often be submitting patches, Yadav agreed to do the work
to submit to gerrit.  Thanks for the offer.

John

> Thanks again,
>
> Ben
>
> On Wed, Apr 29, 2020 at 01:53:06PM -0500, John P Janosik wrote:
> >
> >
> > Hello
> >
> > I hit a problem with "ticket contained unknown key version number"
errors
> > while trying to stand up a new OpenAFS 1.8.X server in a cell using non
> > single-DES keys for the afs service principal.  Any tokens created from
a
> > des3-cbc-sha1 service ticket fail against the OpenAFS 1.8.X server, but
> > work against the IBM AFS servers which use rxkad.keytab to hold the
keys.
> > The KeyFileExt on the OpenAFS 1.8.x server was generated by running
> > akeycovert after copying the rxkad.keytab from one of the
> > production/working servers.  I believe this is a bug in this section of
> > code from rxkad/ticket5.c:tkt_DecodeTicket5 because it passes the wrong
key
> > size to get_key_enctype for des3-cbc-sha1 keys:
> >
> >  266         code = krb5_enctype_keybits(context,  t5.enc_part.etype,
> > &keysize);
> >  267         if (code != 0) {
> >  268             krb5_free_context(context);
> >  269             goto unknown_key;
> >  270         }
> >  271         keysize = keysize / 8;
> >  272         allocsiz = keysize;
> >  273         keybuf = rxi_Alloc(allocsiz);
> >  274         /* this is not quite a hole for afsconf_GetKeyByTypes. A
> > wrapper
> >  275            that calls afsconf_GetKeyByTypes and
> > afsconf_typedKey_values
> >  276            is needed */
> >  277         code = get_key_enctype(get_key_rock, v5_serv_kvno,
> > t5.enc_part.etype,
> >  278                                keybuf, &keysize);
> >  279         if (code) {
> >  280             rxi_Free(keybuf, allocsiz);
> >  281             krb5_free_context(context);
> >  282             goto unknown_key;
> >  283         }
> >
> > The key bits for des3-cbc-sha1 is 168, but key size is 24.  Dividing
168 by
> > 8 at line 271 results in 21 instead of 24.  When in
> > auth/authcon.c:auth_afsconf_GetRxkadKrb5Key AFSCONF_BADKEY is returned
due
> > to the size mismatch:
> >
> >   45 static int _afsconf_GetRxkadKrb5Key(void *arock, int kvno, int
> > enctype, void *outkey,
> >   46                                     size_t *keylen)
> >   47 {
> >   48     struct afsconf_dir *adir = arock;
> >   49     struct afsconf_typedKey *kobj;
> >   50     struct rx_opaque *keymat;
> >   51     afsconf_keyType tktype;
> >   52     int tkvno, tenctype;
> >   53     int code;
> >   54
> >   55     code = afsconf_GetKeyByTypes(adir, afsconf_rxkad_krb5, kvno,
> > enctype, &kobj);
> >   56     if (code != 0)
> >   57         return code;
> >   58     afsconf_typedKey_values(kobj, &tktype, &tkvno, &tenctype,
> > &keymat);
> >   59     if (*keylen < keymat->len) {
> >   60         afsconf_typedKey_put(&kobj);
> >   61         return AFSCONF_BADKEY;
> >   62     }
> >   63     memcpy(outkey, keymat->val, keymat->len);
> >   64     *keylen = keymat->len;
> >   65     afsconf_typedKey_put(&kobj);
> >   66     return 0;
> >   67 }
> >
> > I created the following patch which is working with tokens generated
from
> > all the key types I tested(des3-cbc-sha1, aes128-cts-hmac-sha1-96,
> > aes256-cts-hmac-sha1-96, and arcfour-hmac):
> >
> > diff -Nrup openafs-1.8.5-orig/src/rxkad/ticket5.c
> > openafs-1.8.5-changed/src/rxkad/ticket5.c
> > --- openafs-1.8.5-orig/src/rxkad/ticket5.c   2020-04-28
> > 15:52:40.455888457 -0500
> > +++ openafs-1.8.5-changed/src/rxkad/ticket5.c   2020-04-28
> > 15:37:46.788413717 -0500
> > @@ -263,12 +263,11 @@ tkt_DecodeTicket5(char *ticket, afs_int3
> >         krb5_free_context(context);
> >         goto unknown_key;
> >     }
> > -   code = krb5_enctype_keybits(context,  t5.enc_part.etype, &keysize);
> > +   code = krb5_enctype_keysize(context,  t5.enc_part.etype, &keysize);
> >     if (code != 0) {
> >         krb5_free_context(context);
> >         goto unknown_key;
> >     }
> > -   keysize = keysize / 8;
> >     allocsiz = keysize;
> >     keybuf = rxi_Alloc(allocsiz);
> >     /* this is not quite a hole for afsconf_GetKeyByTypes. A wrapper
> >
> >
> > Thanks,
> >
> > John Janosik
> > jpjan...@us.ibm.com
>