AS-REP checksum calculation question
Greg Hudson
ghudson at mit.edu
Tue Feb 21 12:45:29 EST 2017
On 02/19/2017 09:23 AM, Turner, Jonathan wrote:
> If there is a forum that I would be better using for this query please let
> me know as I could not find one.
No worries; this list is appropriate for this kind of question.
> The issue I have is with calculating the checksum of the encrypted part of
> AS-REP messages.
> If, in the AS-REQ, I pass an empty PA data of type PA-REQ-ENC-PA-REP (RFC
> 6806) I get a response where my client code successfully decrypts the
> encrypted part and successfully validates the integrity checksum. However,
> if I do not pass any PA data in the AS-REQ, I get a response from my KDC
> which my client code successfully decrypts (the values are the same as I
> see when I analyse the packets with wireshark) but the integrity checksum I
> calculate is not the same as the trailing bytes of the encrypted part. The
> response for this also includes PA data with a PA-ETYPE-INFO2 type entry.
As far as I know (and can tell from rechecking the code), the presence
of PA-REQ-ENC-PA-REP does not affect how we encrypt the reply, only what
bytes we put inside the encrypted part.
When I have run into crypto interop problems like this in the past, the
only good method I know of is to step through the same operation in both
code bases (in this case, krb5_c_decrypt() and the equivalent in your Go
code, using the same key and RFC 3962 token as input) and compare the
inputs to each crypto operation to see where there is a mismatch.
More information about the Kerberos
mailing list