[Freeipa-devel] [PATCH 0014] [py3] Replace M2Crypto RC4 with python-cryptography ARC4
Alexander Bokovoy
abokovoy at redhat.com
Thu Jul 23 09:40:58 UTC 2015
On Thu, 23 Jul 2015, Christian Heimes wrote:
>On 2015-07-23 11:06, Alexander Bokovoy wrote:
>> On Thu, 23 Jul 2015, Christian Heimes wrote:
>>> This patch removes the dependency on M2Crypto in favor for cryptography.
>>> Cryptography is more strict about the key size and doesn't support
>>> non-standard key sizes:
>>>
>>>>>> from M2Crypto import RC4
>>>>>> from ipaserver.dcerpc import arcfour_encrypt
>>>>>> RC4.RC4(b'key').update(b'data')
>>> 'o\r@\x8c'
>>>>>> arcfour_encrypt(b'key', b'data')
>>> Traceback (most recent call last):
>>> ...
>>> ValueError: Invalid key size (24) for RC4.
>>>
>>> Standard key sizes 40, 56, 64, 80, 128, 192 and 256 are supported:
>>>
>>>>>> arcfour_encrypt(b'key12', b'data')
>>> '\xcd\xf80d'
>>>>>> RC4.RC4(b'key12').update(b'data')
>>> '\xcd\xf80d'
>> Note that we are using NTLMv2 or Kerberos user session keys which are
>> 128 bit long in this context.
>>
>> And please rework the spec file change as Honza noted.
>
>Thanks for the feedback regarding the key size, 128bit works.
>
>Is RC4 really the only supported algorithm for session keys? RC4 is
>insecure, especially the first few bytes have a high bias. It may not be
>much of an issue for short-lived session keys, though.
It is not a session key algorithm. It is an algorithm used to encrypt
trust authentication information when passing it over. We pass trust
authentication information in clear, then encrypt it with a session key
for the transfer and on the receiving side DC does unwrapping and uses
the clear-text version of the trust secret to derive all needed
cross-realm keys.
MS-LSAD puts it this way (5.1.1):
-------------------------
Implementations of this protocol protect the LSAPR_TRUSTED_DOMAIN_AUTH_BLOB
structure by encrypting the data referenced by that structure's AuthBlob
field. The RC4 algorithm is used to encrypt the data on request (and
reply) and decrypt the data on receipt. The key, required during
runtime by the RC4 algorithm, is the 16-byte key specified by the method
that uses this structure (for example, see section 3.1.4.7.10). The size
of data (the AuthSize field of LSAPR_TRUSTED_DOMAIN_AUTH_BLOB) must
remain unencrypted.
------------------------
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list