krb5 commit: Add SPAKE preauth support
Greg Hudson
ghudson at mit.edu
Mon Mar 26 21:26:54 EDT 2018
https://github.com/krb5/krb5/commit/7447259401569c92b1fb2e31cb02edbbffd67d35
commit 7447259401569c92b1fb2e31cb02edbbffd67d35
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Sep 25 17:47:35 2015 -0400
Add SPAKE preauth support
This is an implementation of draft-ietf-kitten-krb-spake-preauth-05.
SPAKE preauth authenticates using the client principal long-term key,
but protects against offline dictionary attacks.
SPAKE preauth negotiates a group for use by the SPAKE2 algorithm. The
edwards25519 group is implemented using code adapted from BoringSSL.
The P-256, P-384, and P-521 groups are implemented against OpenSSL.
edwards25519 is enabled by default on the client; no groups are
enabled by default on the KDC.
SPAKE preauth can also include a second factor. Second factor support
isn't included in this implementation; comments have been left to
indicate what should change when it is added in.
Integration tests (tests/t_spake.py) are included with good coverage
of the negotiation scenarios.
Test vectors from the draft are checked against the group's "result"
operation. The "keygen" operation is inherently random and is
therefore not tested against the vectors, but is effectively exercised
by the integration tests.
KDC optimistic challenge is implemented. In the future we should
implement client optimistic SPAKE as well; this will require changes
to the generic client preauth framework.
In the future we should add per-realm configuration to deny encrypted
timestamp and encrypted challenge on a per-realm basis. This
configuration should stick across client realm referrals.
In the future we should avoid attempting encrypting timestamp or
encrypted challenge if the KDC replies to a single-factor
SPAKEResponse message with PREAUTH_FAILED. This will require a change
to the generic client preauth framework.
In the future we should make SPAKE support apply to the Windows build,
either by adding support for building plugin DLLs or by moving the
edwards25519 and client code to libkrb5.
[npmccallum at redhat.com: split up internal headers; split out group
registry contents; implemented P-384 and P-521]
ticket: 8647 (new)
NOTICE | 51 +
doc/admin/conf_files/kdc_conf.rst | 22 +-
doc/admin/conf_files/krb5_conf.rst | 15 +
doc/admin/index.rst | 1 +
doc/admin/spake.rst | 46 +
doc/formats/cookie.rst | 37 +
doc/notice.rst | 47 +
src/Makefile.in | 2 +
src/config/pre.in | 6 +
src/configure.in | 20 +
src/include/k5-int.h | 3 +
src/include/krb5/krb5.hin | 2 +
src/kdc/kdc_preauth.c | 2 +
src/lib/krb5/krb/preauth2.c | 2 +
src/lib/krb5/os/trace.c | 1 +
src/plugins/preauth/spake/AUTHORS | 16 +
src/plugins/preauth/spake/Makefile.in | 39 +
src/plugins/preauth/spake/deps | 73 +
src/plugins/preauth/spake/edwards25519.c | 2651 ++++++++
src/plugins/preauth/spake/edwards25519_tables.h | 7881 +++++++++++++++++++++++
src/plugins/preauth/spake/groups.c | 442 ++
src/plugins/preauth/spake/groups.h | 148 +
src/plugins/preauth/spake/iana.c | 108 +
src/plugins/preauth/spake/iana.h | 65 +
src/plugins/preauth/spake/openssl.c | 315 +
src/plugins/preauth/spake/spake.exports | 2 +
src/plugins/preauth/spake/spake_client.c | 363 ++
src/plugins/preauth/spake/spake_kdc.c | 590 ++
src/plugins/preauth/spake/t_krb5.conf | 2 +
src/plugins/preauth/spake/t_vectors.c | 476 ++
src/plugins/preauth/spake/trace.h | 74 +
src/plugins/preauth/spake/util.c | 211 +
src/plugins/preauth/spake/util.h | 56 +
src/tests/Makefile.in | 1 +
src/tests/t_spake.py | 151 +
35 files changed, 13917 insertions(+), 4 deletions(-)
Diff larger than 5000 lines; suppressing.
More information about the cvs-krb5
mailing list