diff options
| author | Greg Hudson <ghudson@mit.edu> | 2015-09-25 17:47:35 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2018-03-26 20:59:30 -0400 |
| commit | 7447259401569c92b1fb2e31cb02edbbffd67d35 (patch) | |
| tree | d29e6008f3ec820f9c9047c715a0fbc5afdbcd27 /src/include/krb5/krb5.hin | |
| parent | 9172599008f3a6790d4a9a67acff58049742dcb6 (diff) | |
| download | krb5-7447259401569c92b1fb2e31cb02edbbffd67d35.zip krb5-7447259401569c92b1fb2e31cb02edbbffd67d35.tar.gz krb5-7447259401569c92b1fb2e31cb02edbbffd67d35.tar.bz2 | |
Add SPAKE preauth support
This is an implementation of draft-ietf-kitten-krb-spake-preauth-05.
SPAKE preauth authenticates using the client principal long-term key,
but protects against offline dictionary attacks.
SPAKE preauth negotiates a group for use by the SPAKE2 algorithm. The
edwards25519 group is implemented using code adapted from BoringSSL.
The P-256, P-384, and P-521 groups are implemented against OpenSSL.
edwards25519 is enabled by default on the client; no groups are
enabled by default on the KDC.
SPAKE preauth can also include a second factor. Second factor support
isn't included in this implementation; comments have been left to
indicate what should change when it is added in.
Integration tests (tests/t_spake.py) are included with good coverage
of the negotiation scenarios.
Test vectors from the draft are checked against the group's "result"
operation. The "keygen" operation is inherently random and is
therefore not tested against the vectors, but is effectively exercised
by the integration tests.
KDC optimistic challenge is implemented. In the future we should
implement client optimistic SPAKE as well; this will require changes
to the generic client preauth framework.
In the future we should add per-realm configuration to deny encrypted
timestamp and encrypted challenge on a per-realm basis. This
configuration should stick across client realm referrals.
In the future we should avoid attempting encrypting timestamp or
encrypted challenge if the KDC replies to a single-factor
SPAKEResponse message with PREAUTH_FAILED. This will require a change
to the generic client preauth framework.
In the future we should make SPAKE support apply to the Windows build,
either by adding support for building plugin DLLs or by moving the
edwards25519 and client code to libkrb5.
[npmccallum@redhat.com: split up internal headers; split out group
registry contents; implemented P-384 and P-521]
ticket: 8647 (new)
Diffstat (limited to 'src/include/krb5/krb5.hin')
| -rw-r--r-- | src/include/krb5/krb5.hin | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index b298bb0..6d99de4 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -1028,6 +1028,7 @@ krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype, #define KRB5_KEYUSAGE_ENC_CHALLENGE_KDC 55 #define KRB5_KEYUSAGE_AS_REQ 56 #define KRB5_KEYUSAGE_CAMMAC 64 +#define KRB5_KEYUSAGE_SPAKE 65 /* Key usage values 512-1023 are reserved for uses internal to a Kerberos * implementation. */ @@ -1877,6 +1878,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, #define KRB5_PADATA_PKINIT_KX 147 /**< RFC 6112 */ #define KRB5_ENCPADATA_REQ_ENC_PA_REP 149 /**< RFC 6806 */ #define KRB5_PADATA_AS_FRESHNESS 150 /**< RFC 8070 */ +#define KRB5_PADATA_SPAKE 151 #define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 #define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 |