[37865] in Kerberos
AS-REP checksum calculation question
daemon@ATHENA.MIT.EDU (Turner, Jonathan)
Tue Feb 21 12:09:37 2017
MIME-Version: 1.0
From: "Turner, Jonathan" <jt@jtnet.co.uk>
Date: Sun, 19 Feb 2017 14:23:26 +0000
Message-ID: <CAB0goXr3jFvu3Y+xA0Efgz8m+LY_rs+MgY++dEifEzsKEFAT_A@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I am currently working on writing a kerberos client in golang and I am
hitting an issue with checksums of encrypted parts of KDC replies.
If there is a forum that I would be better using for this query please let
me know as I could not find one.
The issue I have is with calculating the checksum of the encrypted part of
AS-REP messages.
If, in the AS-REQ, I pass an empty PA data of type PA-REQ-ENC-PA-REP (RFC
6806) I get a response where my client code successfully decrypts the
encrypted part and successfully validates the integrity checksum. However,
if I do not pass any PA data in the AS-REQ, I get a response from my KDC
which my client code successfully decrypts (the values are the same as I
see when I analyse the packets with wireshark) but the integrity checksum I
calculate is not the same as the trailing bytes of the encrypted part. The
response for this also includes PA data with a PA-ETYPE-INFO2 type entry.
As the code calculating the checksum is the same I was wondering if this PA
data in the reply changes how I should be calculating the checksum but I am
unable to find any documentation that would indicate this.
Any help to guide me on what might be the issue here would be gratefuly
recieved.
For reference, below is a summary of the steps I take to calculate the
checksum:
1) Derive the key to use for the checksum from the protocol key with a
usage number of 3 and by appending 0x55 with this to get the key that
should be used for integrity checking. (I believe the key derivation method
is correct as it works when PA-REQ-ENC-PA-REP is passed in the AS-REQ.)
2) Now do a sha1 hmac (I am using etype 18 only and this is specified in
the AS-REP also) of the decrypted bytes and compare to the trailing 12
bytes of the encrypted bytes
NB. my KDC is MIT krb5kdc version 1.14.1 running on centos7
Thanks in advance,
Jonathan
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
