From 95caf0d30ec2b4c1231c022335d5c6241e8c0d38 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 28 Jan 2009 23:22:27 +0000 Subject: [PATCH] disable single-DES by default Mark all single-DES enctypes as "weak", and create a new libdefaults variable "allow_weak_crypto", which defaults to "false". ticket: 6353 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21823 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int.h | 4 +++ src/kadmin/testing/proto/krb5.conf.proto | 1 + src/lib/crypto/etypes.c | 33 ++++++++++++++++-------- src/lib/crypto/etypes.h | 3 +++ src/lib/crypto/libk5crypto.exports | 1 + src/lib/crypto/valid_enctype.c | 21 +++++++++++++++ src/lib/krb5/krb/init_ctx.c | 17 ++++++++++-- src/tests/dejagnu/config/default.exp | 1 + 8 files changed, 68 insertions(+), 13 deletions(-) diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 063c30310..7de6c1a60 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1228,6 +1228,8 @@ struct _krb5_context { /* For Sun iprop code; does this really have to be here? */ struct _kdb_log_context *kdblog_context; + + krb5_boolean allow_weak_crypto; }; /* could be used in a table to find an etype and initialize a block */ @@ -2318,6 +2320,8 @@ typedef struct krb5_boolean krb5_is_permitted_enctype_ext ( krb5_context, krb5_etypes_permitted *); +krb5_boolean KRB5_CALLCONV krb5_c_weak_enctype(krb5_enctype); + krb5_error_code krb5_kdc_rep_decrypt_proc (krb5_context, const krb5_keyblock *, diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto index c2648d6c6..b6ce16bff 100644 --- a/src/kadmin/testing/proto/krb5.conf.proto +++ b/src/kadmin/testing/proto/krb5.conf.proto @@ -2,6 +2,7 @@ default_realm = __REALM__ default_keytab_name = FILE:__K5ROOT__/v5srvtab dns_fallback = no + allow_weak_crypto = true [realms] __REALM__ = { diff --git a/src/lib/crypto/etypes.c b/src/lib/crypto/etypes.c index c300f3b2c..1c969ae02 100644 --- a/src/lib/crypto/etypes.c +++ b/src/lib/crypto/etypes.c @@ -49,7 +49,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5int_des_string_to_key, NULL, /*PRF*/ CKSUMTYPE_RSA_MD5, - NULL /*AEAD*/ }, + NULL, /*AEAD*/ + ETYPE_WEAK }, { ENCTYPE_DES_CBC_MD4, "des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4", &krb5int_enc_des, &krb5int_hash_md4, @@ -58,7 +59,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5int_des_string_to_key, NULL, /*PRF*/ CKSUMTYPE_RSA_MD4, - NULL /*AEAD*/ }, + NULL, /*AEAD*/ + ETYPE_WEAK }, { ENCTYPE_DES_CBC_MD5, "des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5", &krb5int_enc_des, &krb5int_hash_md5, @@ -67,7 +69,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5int_des_string_to_key, NULL, /*PRF*/ CKSUMTYPE_RSA_MD5, - NULL /*AEAD*/ }, + NULL, /*AEAD*/ + ETYPE_WEAK }, { ENCTYPE_DES_CBC_RAW, "des-cbc-raw", { 0 }, "DES cbc mode raw", &krb5int_enc_des, NULL, @@ -76,7 +79,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5int_des_string_to_key, NULL, /*PRF*/ 0, - &krb5int_aead_raw }, + &krb5int_aead_raw, + ETYPE_WEAK }, { ENCTYPE_DES3_CBC_RAW, "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw", &krb5int_enc_des3, NULL, @@ -85,7 +89,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5int_dk_string_to_key, NULL, /*PRF*/ 0, - &krb5int_aead_raw }, + &krb5int_aead_raw, + ETYPE_WEAK }, { ENCTYPE_DES3_CBC_SHA1, "des3-cbc-sha1", { "des3-hmac-sha1", "des3-cbc-sha1-kd" }, @@ -96,7 +101,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5int_dk_string_to_key, NULL, /*PRF*/ CKSUMTYPE_HMAC_SHA1_DES3, - &krb5int_aead_dk }, + &krb5int_aead_dk, + 0 /*flags*/ }, { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1", { 0 }, "DES with HMAC/sha1", @@ -106,7 +112,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5int_dk_string_to_key, NULL, /*PRF*/ 0, - NULL }, + NULL, + ETYPE_WEAK }, { ENCTYPE_ARCFOUR_HMAC, "arcfour-hmac", { "rc4-hmac", "arcfour-hmac-md5" }, "ArcFour with HMAC/md5", @@ -117,7 +124,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, NULL, /*PRF*/ CKSUMTYPE_HMAC_MD5_ARCFOUR, - &krb5int_aead_arcfour }, + &krb5int_aead_arcfour, + 0 /*flags*/ }, { ENCTYPE_ARCFOUR_HMAC_EXP, "arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" }, "Exportable ArcFour with HMAC/md5", @@ -128,7 +136,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, NULL, /*PRF*/ CKSUMTYPE_HMAC_MD5_ARCFOUR, - &krb5int_aead_arcfour }, + &krb5int_aead_arcfour, + 0 /*flags*/ }, { ENCTYPE_AES128_CTS_HMAC_SHA1_96, "aes128-cts-hmac-sha1-96", { "aes128-cts" }, @@ -139,7 +148,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5int_aes_string_to_key, krb5int_dk_prf, CKSUMTYPE_HMAC_SHA1_96_AES128, - &krb5int_aead_aes }, + &krb5int_aead_aes, + 0 /*flags*/ }, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "aes256-cts-hmac-sha1-96", { "aes256-cts" }, "AES-256 CTS mode with 96-bit SHA-1 HMAC", @@ -149,7 +159,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5int_aes_string_to_key, krb5int_dk_prf, CKSUMTYPE_HMAC_SHA1_96_AES256, - &krb5int_aead_aes }, + &krb5int_aead_aes, + 0 /*flags*/ }, }; const int krb5_enctypes_length = diff --git a/src/lib/crypto/etypes.h b/src/lib/crypto/etypes.h index af2718d82..17b448cee 100644 --- a/src/lib/crypto/etypes.h +++ b/src/lib/crypto/etypes.h @@ -60,7 +60,10 @@ struct krb5_keytypes { krb5_prf_func prf; krb5_cksumtype required_ctype; const struct krb5_aead_provider *aead; + krb5_flags flags; }; +#define ETYPE_WEAK 1 + extern const struct krb5_keytypes krb5_enctypes_list[]; extern const int krb5_enctypes_length; diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports index 867d9a232..3cb79de26 100644 --- a/src/lib/crypto/libk5crypto.exports +++ b/src/lib/crypto/libk5crypto.exports @@ -45,6 +45,7 @@ krb5_c_valid_cksumtype krb5_c_valid_enctype krb5_c_verify_checksum krb5_c_verify_checksum_iov +krb5_c_weak_enctype krb5_calculate_checksum krb5_checksum_size krb5_cksumtype_to_string diff --git a/src/lib/crypto/valid_enctype.c b/src/lib/crypto/valid_enctype.c index f36023084..7b9a92a89 100644 --- a/src/lib/crypto/valid_enctype.c +++ b/src/lib/crypto/valid_enctype.c @@ -45,3 +45,24 @@ valid_enctype(krb5_enctype etype) { return krb5_c_valid_enctype (etype); } + +krb5_boolean KRB5_CALLCONV +krb5_c_weak_enctype(krb5_enctype etype) +{ + int i; + const struct krb5_keytypes *k; + + for (i = 0; i < krb5_enctypes_length; i++) { +#if 0 + if (krb5_enctypes_list[i].etype == etype && + krb5_enctypes_list[i].flags | ETYPE_WEAK) + return(1); +#endif + k = &krb5_enctypes_list[i]; + if (k->etype == etype && (k->flags & ETYPE_WEAK)) { + return(1); + } + } + + return(0); +} diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index f916660f9..bab143e6f 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -171,6 +171,12 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc) if ((retval = krb5_os_init_context(ctx, kdc))) goto cleanup; + retval = profile_get_boolean(ctx->profile, "libdefaults", + "allow_weak_crypto", NULL, 0, &tmp); + if (retval) + goto cleanup; + ctx->allow_weak_crypto = tmp; + /* initialize the prng (not well, but passable) */ if ((retval = krb5_c_random_os_entropy( ctx, 0, NULL)) !=0) goto cleanup; @@ -289,6 +295,8 @@ krb5_set_default_in_tkt_ktypes(krb5_context context, const krb5_enctype *ktypes) for (i = 0; ktypes[i]; i++) { if (!krb5_c_valid_enctype(ktypes[i])) return KRB5_PROG_ETYPE_NOSUPP; + if (!context->allow_weak_crypto && krb5_c_weak_enctype(ktypes[i])) + return KRB5_PROG_ETYPE_NOSUPP; } /* Now copy the default ktypes into the context pointer */ @@ -314,6 +322,7 @@ get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profst unsigned int ctx_count, krb5_enctype *ctx_list) { krb5_enctype *old_ktypes; + krb5_enctype ktype; if (ctx_count) { /* application-set defaults */ @@ -367,9 +376,11 @@ get_profile_etype_list(krb5_context context, krb5_enctype **ktypes, char *profst j = 0; i = 1; while (1) { - if (! krb5_string_to_enctype(sp, &old_ktypes[j])) + if (!krb5_string_to_enctype(sp, &ktype) && + (context->allow_weak_crypto || !krb5_c_weak_enctype(ktype))) { + old_ktypes[j] = ktype; j++; - + } if (i++ >= count) break; @@ -410,6 +421,8 @@ krb5_set_default_tgs_enctypes (krb5_context context, const krb5_enctype *ktypes) for (i = 0; ktypes[i]; i++) { if (!krb5_c_valid_enctype(ktypes[i])) return KRB5_PROG_ETYPE_NOSUPP; + if (!context->allow_weak_crypto && krb5_c_weak_enctype(ktypes[i])) + return KRB5_PROG_ETYPE_NOSUPP; } /* Now copy the default ktypes into the context pointer */ diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 2c6c56f73..aa53f333f 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -1024,6 +1024,7 @@ proc setup_krb5_conf { {type client} } { puts $conffile "\[libdefaults\]" puts $conffile " default_realm = $REALMNAME" puts $conffile " dns_lookup_kdc = false" + puts $conffile " allow_weak_crypto = true" if [info exists default_tgs_enctypes($type)] { puts $conffile \ " default_tgs_enctypes = $default_tgs_enctypes($type)" -- 2.26.2