Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Things are not as simple as they seems at first. -- Edward Thorp

devel / comp.protocols.kerberos / Re: Using PKINIT with ECC

SubjectAuthor
o Re: Using PKINIT with ECCGreg Hudson

1
Re: Using PKINIT with ECC

<mailman.54.1700200413.2263420.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=432&group=comp.protocols.kerberos#432

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: ghud...@mit.edu (Greg Hudson)
Newsgroups: comp.protocols.kerberos
Subject: Re: Using PKINIT with ECC
Date: Fri, 17 Nov 2023 00:53:17 -0500
Organization: TNet Consulting
Lines: 35
Message-ID: <mailman.54.1700200413.2263420.kerberos@mit.edu>
References: <8984fe41-f9a0-434b-a09c-df2bc88125dc@sec4mail.de>
<ae76ed5c-1399-401e-988c-ed2dbdfff6e7@mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="13946"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla Thunderbird
To: Goetz Golla <mit@sec4mail.de>, <kerberos@mit.edu>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu; dkim=pass (2048-bit key,
unprotected) header.d=mit.edu header.i=@mit.edu header.a=rsa-sha256
header.s=outgoing header.b=gYUEdXfb
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing;
t=1700200408; bh=PUWAO/RSWmd7+Vry55u8qJjNGwOorOVhhe5pzJ7drgU=;
h=Message-ID:Date:MIME-Version:Subject:From:Content-Type;
b=gYUEdXfbAhi8E91phBYWFtClTkt2vAqY+yRjP5IbkVP5aPn/LbXMWE0FRmwEtaHRr
CNudD9GeJ8yAfXz3MrmK0Pc25f3mibcc7RIcP/3hTj8R7JWxmGUuHVOlZBr7fj4/e0
hjd21Q07mwyb94Zf/rgsduxzfLkKKSIPv63uSm183Fry9840mA8E4X+EBl2Ei+Rzij
NhcXiWtqzgpaupPyswtkcnTCKaqPBesnAySCQB4l75uUCl+/DTNKcgUCiU3f8qz5k/
HoR4+iCncSa/jkdUbreMY5rJ3kqi426nDvpjHY0DyyXabrpGRZSkHIJayKV3QPFOfd
Y5MgW2gt9cQjg==
Authentication-Results: spf=pass (sender IP is 18.9.28.11)
smtp.mailfrom=mit.edu; dkim=pass (signature was verified)
header.d=mit.edu;dmarc=pass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates
18.9.28.11 as permitted sender) receiver=protection.outlook.com;
client-ip=18.9.28.11; helo=outgoing.mit.edu; pr=C
Content-Language: en-US
In-Reply-To: <8984fe41-f9a0-434b-a09c-df2bc88125dc@sec4mail.de>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL02EPF0001A101:EE_|DM8PR01MB6838:EE_
X-MS-Office365-Filtering-Correlation-Id: cb7a22ce-cc33-4523-0caa-08dbe7318238
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: WvT8PRfNbkbi2Luk4SJ35b72/pQRh7zVQ5MXdqScT0sr+uUg5mc8cJltRZV5etsA0w24MXY+hrYxCrk9Tf+fNYHjAcJZfl51lOOXqu6SwkeFK94wjiKNymYdMCNB0cVW7+KxUXgHDZBUrYJxgxgVTD7GS1oFe5Y+t0rZYez2Jz6O9fNXGyNohRvYN9bHnLEei/EoSb7DAoRA+iZDwe7owNv5iLHRNsujEkfzuN9BG2N7ngOn5Wxygf+JEhOjDscbfbSQt1RGOSzUnITPqcl7IuUFWHXtXXT18XQR1Q5HIloMFeSn63Edt2RT5WZJJ7FJQPPPtHkGfUng+pzQC8wcwEdzQLEa3u5Zu/upLW31bWIh04+WlCtQ9PPHQrjUpDAuZNnlf2lhL/m4/N7POm4PNd2BMEGWGBVrtG0SYRVLP6HLaAiStsgfp/PBEPzv/sH8Zub2J9rfK2qUwQyqGCXCRg3UCQlvRzzVArhvG3+Uv8NT5BoZWg15KKbgo0U3Cn+1X8JF8q6z2lIfQrCTLZZWxGuEFNAZ77ZF807RlmL/AZ8fcWVnxGSml7Kt96wEvvd5hW7Aook/8oUdeJsYnWJx4eMBGz/2lC9DVgCZaX92oxpHLEoJSiYre+ClHICUOQ2635ioikgUV6cNK8FOcwvh8HOYXb4JYHo2obE/XFvi6IRqglye+4+t/aDtLnqAYE941CMMnO6blrH5aTYDsnJwG9nNsg0Xcb/kjuxHNUD2IlYcceArtAdTYlfUgwrzky+cLFxTq+HAYqMlmO9xku+7GQ==
X-Forefront-Antispam-Report: CIP:18.9.28.11; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:CAL; SFV:NSPM; H:outgoing.mit.edu; PTR:outgoing-auth-1.mit.edu; CAT:NONE;
SFS:(13230031)(4636009)(376002)(346002)(136003)(39860400002)(396003)(1800799009)(64100799003)(451199024)(75432002)(36756003)(956004)(336012)(426003)(26005)(6666004)(53546011)(2616005)(6636002)(3480700007)(83380400001)(5660300002)(8676002)(478600001)(2906002)(7696005)(786003)(316002)(6706004)(31696002)(68406010)(70586007)(86362001)(356005)(31686004)(43740500002);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2023 05:53:22.4994 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: cb7a22ce-cc33-4523-0caa-08dbe7318238
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BL02EPF0001A101.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR01MB6838
X-OriginatorOrg: mit.edu
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <ae76ed5c-1399-401e-988c-ed2dbdfff6e7@mit.edu>
X-Mailman-Original-References: <8984fe41-f9a0-434b-a09c-df2bc88125dc@sec4mail.de>
 by: Greg Hudson - Fri, 17 Nov 2023 05:53 UTC

On 11/15/23 23:22, Goetz Golla wrote:
> * Does MIT Kerberos support PKINIT with Elliptic Curves as described
> in RFC 5349 ?

A P-384 EC client certificate works in my tests, with either krb5-1.17
or the current code, as long as the KDC is also running MIT krb5.

Ken is correct that there is a hardcoded reference to RSA in the source:

p7si->digest_enc_alg->algorithm =
OBJ_nid2obj(NID_sha256WithRSAEncryption);

and this probably means the CMS signature has a piece of incorrect
metadata when an EC certificate is used. But this field is not used
when generating the signature contents and is ignored by OpenSSL when
verifying the signature (when the KDC is running MIT krb5).

> * Could it be that for ECC client certificates the KDC certificate
> also needs the be ECC ?

In my tests the KDC certificate was an RSA cert, so no.

Of course, my experience doesn't match yours. From your trace, I
believe that the failure occurs in the client code, not on the KDC, so
inspecting the KDC logs would not help. But the trace log does not
contain any detailed information about the failure.

You can sometimes improve the diagnostics for PKINIT failures by
removing the long-term keys associated with the principal, so that
authentication does not fall back to encrypted timestamp:

kadmin purgekeys -all user

If that doesn't help, it may be necessary to build the code with
debugging symbols and and step through it to find out where it is failing.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor