On Thu, 23 Jul 2015, Christian Heimes wrote:
On 2015-07-23 11:06, Alexander Bokovoy wrote:
On Thu, 23 Jul 2015, Christian Heimes wrote:
This patch removes the dependency on M2Crypto in favor for cryptography.
Cryptography is more strict about the key size and doesn't support
non-standard key sizes:

from M2Crypto import RC4
from ipaserver.dcerpc import arcfour_encrypt
arcfour_encrypt(b'key', b'data')
Traceback (most recent call last):
ValueError: Invalid key size (24) for RC4.

Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported:

arcfour_encrypt(b'key12', b'data')
Note that we are using NTLMv2 or Kerberos user session keys which are
128 bit long in this context.

And please rework the spec file change as Honza noted.

Thanks for the feedback regarding the key size, 128bit works.

Is RC4 really the only supported algorithm for session keys? RC4 is
insecure, especially the first few bytes have a high bias. It may not be
much of an issue for short-lived session keys, though.
It is not a session key algorithm. It is an algorithm used to encrypt
trust authentication information when passing it over. We pass trust
authentication information in clear, then encrypt it with a session key
for the transfer and on the receiving side DC does unwrapping and uses
the clear-text version of the trust secret to derive all needed
cross-realm keys.

MS-LSAD puts it this way (5.1.1):
Implementations of this protocol protect the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
structure by encrypting the data referenced by that structure's AuthBlob
field.  The RC4 algorithm is used to encrypt the data on request (and
reply) and decrypt the data on receipt.  The key, required during
runtime by the RC4 algorithm, is the 16-byte key specified by the method
that uses this structure (for example, see section The size
of data (the AuthSize field of LSAPR_TRUSTED_DOMAIN_AUTH_BLOB) must
remain unencrypted.
/ Alexander Bokovoy

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to