[Eric Wedel <ewedel@xxxxxxxxxxx>]

Hi..

Trying to take your questions mostly in order, yes there is an API
to do the decryption:
  krb5_c_decrypt(context, key, usage, ivec, input, output)
in src/lib/crypto/decrypt.c.  Don't know if this is considered "public"
or not though.

Those formals are roughly:
context - passed all over the place inside MIT kerb, not used here.
key - Your key value, from a keytab, ticket or wherever.  _Includes
encryption type_
usage - A "salt" value, see below.
ivec - Might be used by some ciphers, hasn't yet been used in my ADS work.
input, output - The usual.

That "usage" value is kinda fun.  Don't really know why, but kerberos
includes
this structure-specific "salt" value which is factored into the cipher
calculations.
This value is a constant that is determined by the higher-level code which
knows
what structure it is operating on.  E.g., krb5_mk_req_extended() which
builds an
AP-REQ uses value KRB5_KEYUSAGE_AP_REQ_AUTH, which == 11, when encrypting
its
authenticator.  This is part of the protocol and cannot be avoided.

A general word on ciphertext:  kerberos always sends these as an
asn.1-structured
pair, a "blob" plus an integer encryption type.  The latter helps you to
determine
which key to grab from your keytab (along with the principal name of
course), and
as shown above is also fed in to the encryption code, which does a table
lookup based
on the etype to find the right cipher module.

The master table of known types is in src/lib/crypto/etypes.c.

Once decrypted, the ciphertext is revealed to be yet more asn.1.  You'll
need to
browse the source to see what the various fields mean.  As luck would have
it,
most of the asn.1 "structure" deserializers may be found in one file:
  src/lib/krb5/asn1./krb5_decode.c.
Or this info should be lurking in an RFC somewhere if you prefer.

---

In answer to your question about decrypting a ticket's payload, yes that
should
work, if you use the code as discussed above.  You would then need to grab
the embedded
session key and use that to decrypt further traffic in the conversation.
[iirc, there
is an optional subkey which may be specified in the AP-REP.  You thus need
to decrypt
the AP-REP to see if a subkey is being used and, if so, adopt it as your
session key.
Afraid I don't recall under what circumstances it is used.]

regards, Eric


-----Original Message-----
From: Ronnie Sahlberg [mailto:ronnie_sahlberg@xxxxxxxxxxxxxx]
Sent: Wednesday, February 04, 2004 12:54 AM
To: Eric Wedel; ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] telnet/authentication Kerberos stuff


OK. I will consider to consider your advice. maybe.
(reluctantly though, i got "advice" on how "sane" it would be to rewrite
also
smb, most of the dcerpc interfaces and h.323/voip but look where it got us
to
ignore those advices:-) )

anyway, to the point:
Right now I have a number of captures of Kerberos authenticated services and
also the corresponding host/<hostname>
keytabs containing the principals and the keys. these will be excellent for
testing and verification.

My modified version of the kerberos dissector and BER dissection makes it
very easy to pick up the
individual fields of the PDU.
Parsing the keytab files is trivial and should not require any external
software.


I want an easy to use function I can call to decrypt an encrypted array of
bytes into a new array holding the
decrypted data. Something like :
void decrypt_des_cbc_crc(char *encrypted_data, char *decrypted_data, int
len, char *key, int key_len);

Does MIT or Heimdal kerberos provide shared libraries where I can find a
function as easy to use as this
or do i need to do like 1000 lines of setup and stuff first before i can do
this easy function?

Do they proivide me with such a simple API?



I dont really need all of the stuff for things like certificates or so.
Just a simple function to do  decrypt_des_cbc_crc() and return the decrypted
blob which hopefully is asn.1
encoded which i will then manually dissect.


When this works fine I or anyone needing some other method can move on to
add support for, i dont know
des_cbc_md5(), whatever.  one by one as people need support for new types.


How hard would it be to implement a function as above to just decrypt a blob
using des-cbc and not do anything else.
No asn.1 decoding.  that will be done manually anyway after the blob is
decrypted.


It is a serious question.


Another serious question:
(Assume the encryption type is des-cbc-<something>)

Assume I have a kerberos ticket and the ticket specifies the service
principal host/foo
Assume that the encrypted part of the ticket is specified as using the
encryption type des-cbc-<something>
Assume i find in the Keytab file the 8 bytes representing the key/secret for
this principal   CALL these 8 bytes : KEY.
IF I then take the content octets from the octet string holding the
encrypted data and call it  ENC
IF I would then just try to do
    decrypt_des_cbc(ENC, CLEAR, KEY)   (assuming i have a function
decrypt_des_cbc() of course)
would that transform the ENCrypted byte string into a normal ASN.1/BER
encoded data structure?

If it would, would decrypt_des_cbc() be very difficult to implement?





*********************************************************************
This e-mail and any attachment is confidential. It may only be read, copied and used by the intended recipient(s). If you are not the intended recipient(s), you may not copy, use, distribute, forward, store or disclose this e-mail or any attachment. If you are not the intended recipient(s) or have otherwise received this e-mail in error, you should destroy it and any attachment and notify the sender by reply e-mail or send a message to sysadmin@xxxxxxxxxxx
*********************************************************************