The issue I am having is on validating the checksum returned in the PA-Data
from the KDC. Below is the outline of the steps I am taking.
I need the checksum key and the value of the AS-REQ over which to compute
To get the key:
1) Decrypt the encpart of the AS-REP
2) From the decrypted encpart get the key value
3) Derive the key to use for the checksum by using the usage number 56 read
in big-endian and concatenated with 0x99.
4) Call the etype's derive key function with the key and the usage number.
I use the etype corresponding to the type indicated in the key. I'm pretty
sure this derive key function is correct as I use it elsewhere successfully.
To get the value of the AS-REQ
1) ASN1 marshal the AS-REQ sent to get the bytes of the AS-REQ
Now pass the AS-REQ bytes and the key into the hash function of the etype.
Compare the output of this with the bytes returned in the PA-Data's
Do the steps above look correct or am I missing something?
Any help is appreciated as I've be staring at this for quite a while now
and I'm out of ideas :)
RFC 6806 says "The checksum key is the reply key", meaning the key used
to encrypt the KDC reply. The key value inside the EncKDCRepPart is the
ticket session key, which is a different key. You want to be using the
same protocol key as you would use to decrypt the EncKDCRepPart to
compute the checksum.
> 3) Derive the key to use for the checksum by using the usage number 56 read
> in big-endian and concatenated with 0x99.
> 4) Call the etype's derive key function with the key and the usage number.
Concatenating the big-endian key usage number with 0x99 is an
enctype-specific step in key derivation, albeit one used by multiple
enctypes. I don't think this is a practical issue.
> Any help is appreciated as I've be staring at this for quite a while now
> and I'm out of ideas :)
I hope I've identified the issue. If not, the only way I know to debug
these kind of mismatches is to step through two implementations in a
debugger (or adding print statements) until I find a mismatch in the
inputs to a crypto function.
Kerberos mailing list [hidden email] https://mailman.mit.edu/mailman/listinfo/kerberos