Path: csiph.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail From: Michael B Allen Newsgroups: comp.protocols.kerberos Subject: Re: GSS unwrap fails using RC4 session key instead of subkey Date: Thu, 8 May 2025 14:17:45 -0400 Organization: TNet Consulting Lines: 86 Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50"; logging-data="25029"; mail-complaints-to="newsmaster@tnetconsulting.net" To: kerberos DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid) Authentication-Results: mailman.mit.edu; dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-mitprod-onmicrosoft-com header.b=SvmrHmak; dkim=pass (2048-bit key, unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=RdMF1g10 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PBaNA0mfboLo6o2+DO1nntk02fYv63gulRMdK3kF+eZTW9r+wyP+wmVe6cSokCxBW4MKLTkuRoqoWW03kUIMMNW2hi4dHnNFwrT4NoLKpV3AAIqlHtSwkKzp4ttFstcCCCEOPzA5JcZo0ul2jAwHT58EPyKRDV14fH9h13129cZDHw5mxDlNSjYflv8hTincYTeuHlRUZsFYM9IErMgHMdQuAk94VYKSHm974jCrMDcECzpc7Dqx+pK97tW4rxJ55hoa5e5QJtvohqOgaGikO9dGI4FxbPcSZ+brxXw0UrDYVrQGcdrtLLbVGSwCF3LIU/faIUt8xi2SKVUg0sucmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BAGhG4xgKhJOW+q5AXWMLlpaSOfZ8EUHn0WAVgBdFkM=; b=G4+o9NWT7wuUqAzkCxBZk5GTQa7/i/fZqF20Nz5IxQAX+WcobnFcn9on25V5IwIsceyRUuFO7c0qtIZdjiq90VjBKLFNdwcqndY+bapyjpxMKKb42o128JDY9P7pxWzuiG16PDHDU1stYuAeLWKhGaR7LR4RjNKlgVNS0ktQXnuwuI7CT+B87a9nobK4KWBknDniiELulsQFmFMQRsKe5kILN1YBf7Nqr515T7Lz09PbmkUpfi8DqtroPmHBTbeUz3xeu8fCGdKOMoQ8ZDO4IQ1Cve4m7TduKYFgw+XinvtgqX2smECS17FOruoIgqP5AocPRuumMBnfWgpsUU/A9w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 2607:f8b0:4864:20::c2e) smtp.rcpttodomain=mit.edu smtp.mailfrom=gmail.com; dmarc=pass (p=none sp=quarantine pct=100) action=none header.from=gmail.com; dkim=pass (signature was verified) header.d=gmail.com; arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BAGhG4xgKhJOW+q5AXWMLlpaSOfZ8EUHn0WAVgBdFkM=; b=SvmrHmakrE7k31HXP4+517o9AdhbNKweOjIwDDrM8GLpkdBUph77t8tVrqMVj1N9DdnVfKshK/e4l/ltH/xNJ1W3MxabEHptFKA3XlaqS9zqva2a3zaw+tK6jEXZ/l/nAy6/A6ZuI0H9I8C5WzGU2jRviAjKIMjojSnDM+j30xw= Authentication-Results: spf=pass (sender IP is 2607:f8b0:4864:20::c2e) smtp.mailfrom=gmail.com; dkim=pass (signature was verified) header.d=gmail.com;dmarc=pass action=none header.from=gmail.com; Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates 2607:f8b0:4864:20::c2e as permitted sender) receiver=protection.outlook.com; client-ip=2607:f8b0:4864:20::c2e; helo=mail-oo1-xc2e.google.com; pr=C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746728278; x=1747333078; darn=mit.edu; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=BAGhG4xgKhJOW+q5AXWMLlpaSOfZ8EUHn0WAVgBdFkM=; b=RdMF1g10rapVCF1odYrLjHla5QdF8pB66+NtMx9pn2tSx77f68YWPofSoRkMl7cDU5 OU5OzWtdpMh4jnjtLrenpBnJPaaDUfRo5GRoHtQlh2QX5fxnKLSINNjza2QIjurCFtiM di8/Rl9Yize2nyoEpZ2fnsjAjs4HYx+SQJNrKfB8WNCxw2KZqAN3ZjlRn5umWWwRoqEX RmOfykQRDszVLVL5Ocse0cQMFXxmuLSWalNBIE5+nbk7CzINLLoCC5uH9AfDy2ZNKLJ2 giO8CdS/zG0TXr63EpD7Wgrubrdzeiv6DNfgvqeF7f5X4f/pBVVmhdnb1vYCZ15j95bK tkNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746728278; x=1747333078; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=BAGhG4xgKhJOW+q5AXWMLlpaSOfZ8EUHn0WAVgBdFkM=; b=qsl7+cM/kxLbAYvYteFqA3o3vHKAkdfIkhEZ3MckeoFYpDinxM5hHO4DkFs2cAg63h F2bjH0zGYqMmrfqz1s3Q3kIMhMS2uD5MYlhLpipUqeBYnIks8HFOYHO0ad8n8O8P7NPy Ygr50l2tfcBcdo5ew+EBhE1FutKK0mrH298mGf8kcFGGJkIh8X0N+qlWGFeG9bx1mFeC 9LcZcMjA/Uuq7oAz3LU0SH66YW8rescAy6KaCBRnSsVG+dQvbyRGAKaMwWe64Rqdvl2z LnYW2Nl7gVpCj0goiBZMyNGfFaLKHFDT9i+ImK6iNTg9kfWwPmiPD8lJFfhRUqLQszbB PSeA== X-Gm-Message-State: AOJu0Yy03UNuLzKAPufHBNMadv+dojtlpBSpGWLVEpqGX9/L0Ht5m291 G095tqUVXCCg/GeJCxJRYlD88TvAlx0feUeAWtCVttMnVo2qKxDdodXLk6RZzh3EItJvP+z6PlX f+u1Y5vbTgrlePxQw3idJfKbD7Gbu7CmU X-Gm-Gg: ASbGncuedMbCsnOI4RT6RUpLTSjBnR7PjCV5zb14kdy5vwgtw8OsZVH/pYFhYwzV/2q XaCSLma2/p3ql8rNrMCxrQfTmKUg5ggz8qtPHNG2F1jtCuDhI3DrZKve5JbPSHjKgdrDBuM5NZT tucSaa7vjKtK87uC1d5IrPEA== X-Google-Smtp-Source: AGHT+IFWQGGEuVhzkqa71re3XfSPRciDPWZGFfbLZCb/Mi5UoWSDO+txD2dFm3BGxwyslNwKYpT4dM0pS/HaAXm0zaw= X-Received: by 2002:a05:6870:4792:b0:2c2:d2b8:e179 with SMTP id 586e51a60fabf-2dba4214365mr336680fac.4.1746728277976; Thu, 08 May 2025 11:17:57 -0700 (PDT) In-Reply-To: X-Gm-Features: ATxdqUEYkaKCSJLut_XpykkHWlxDkxCGZbuBJC65F-yb1ditPDy7tTJ4igkaK9M X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001C9:EE_|CO6PR01MB7500:EE_ X-MS-Office365-Filtering-Correlation-Id: 70f3e3c7-990f-4d06-c96c-08dd8e5ca99b X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 0 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|61400799027|376014|7093399015|9140799003|48200799018|8096899003|13003099007; X-Microsoft-Antispam-Message-Info: =?utf-8?B?QVM0TG9maWRqZithT2JOWW5rY3ppUHFlOU1WWXh0SWRuRlYzZWNVZUxQVEY5?= =?utf-8?B?eG9wNTVKMnZhNmRqUjgzdm40cHg1alFVK0lrdkdQYm02VWh5Z3hydGJSMDNk?= =?utf-8?B?aU1EOS9wVlBtNEthbVIyZ29QRHlCNjd4ZkU0ZjlxVS9HOXZabVk1MkFZMURj?= =?utf-8?B?UmtFZnlGaEhIbzZXYzF4ZzNQMmphQmUxUyt2V1JWd3RNcDNYV2MvTlBZNm03?= =?utf-8?B?ZGpSN25ON1NVWG13Yjl3dmo0eHI2M1hVODdxVm1WV0E5Ty9PbkgrNGJYVCsz?= =?utf-8?B?YlRKWHFVL1BuWkJoUjM2S1RNOE1qSmZMTXZDVW9SaHIybDNtNi9aNU9VQkty?= =?utf-8?B?RFlpV3Jva3R0Z2Y2ZFN1UEtMWmtYWG1oQlYwVVNudlhMdStKNDB3dXhGVjhL?= =?utf-8?B?d0pkMlNldTZJdFl4cUc3UHlYdDNMZ05YdEcvcFRxVjR4NTBTTEExdjJJbGxV?= =?utf-8?B?TnZCUGNQOVdCSWZBRXRmWlFDNlBKa1c2ZWNNbVc5OWlvMUpTUzhSKy9hZWk4?= =?utf-8?B?bnl6d1lSK3lFclNCK09GcFYwTUdla2s5ZjAyaDBRWXdvaTlaNmRPY0hKR1hw?= =?utf-8?B?cW0yWjkvQWYvUk5lWU1DUHk5ZHhWaUFLdkRJSkt4K09GS2phb0hRektROUxt?= =?utf-8?B?M01WR2FqdE9JdUdqcDhzYk1aMlVJbmlCeDBpbi9NTXJvb3M1SnJwdkUyT0Uy?= =?utf-8?B?RFRzdXEzeTl3dmFLemZ0UW9IUlhQQlBISW1aMzJQNXlRYnBrVEFQU3BRTDZY?= =?utf-8?B?NmJIYVJ0b2U1S0k2UEJjd0Rnc3E1VVNmY2wrRjRuY3ljZENqWkF6TUxSVFZ1?= =?utf-8?B?Zlh1TENML0dtd2pNcFIvZVBmcDIvVzFna3hjeG8xa1g5N2ovTWtPcGpqYUUw?= =?utf-8?B?WGV5bEdqeGJ6VkRZdnUwZ1ZTOVUwTXJ4dURMSlZzeHMyV0xMbWw5S2dESGRN?= =?utf-8?B?NHJUMEMra1lmSy9tU0hZdERTUHVxcGw5eHZMMFQvT2FpTzFLMkdKWlppYWlj?= =?utf-8?B?TkpPTTBIbXgwcVJyOXpDM1p6RUZwa2dnWjByMFJ0UHBLc3UxQ04zNkRSeHpK?= =?utf-8?B?WW5aQng5NGs1OVliYWM5TG9PQ0hMeUlZbm9yNmFOT3Zla0VhNmhXWEUzY1ND?= =?utf-8?B?dWh4UFd6V0VpckMxODA5ZlBOZHdUQ1Fia0I1WGlHOFBka1huRTFMTXB5SEMz?= =?utf-8?B?VHo1OGU4dS9seitxeTYwbVhTek9ONWM4VWtEbVdaem5ETWpkMSt3UFcwRGJx?= =?utf-8?B?S1hWNm5XaHQ4eFpKQXIzU0dtbWVwN1RzR2hVYkZVaEZkVyt5Um1iUElDWmpQ?= =?utf-8?B?bjBqTUM5aEVBV3AzeGkwdXJXVU9XKzVmYVNGT0xybXdEWGRVNlIxWDhxVkk5?= =?utf-8?B?RjdyOFM4aWtoNGhsc2dpNlM3bzNjLzRHVUVXTnA0UzVPTFdEWWNKdTh6bTF3?= =?utf-8?B?OU1EU2hLQnBydytBSXkzREpHdWZJQWVONWplS2FGaUNDRHQxUkZERm1jY0Jn?= =?utf-8?B?RU5Fc2o2S2FhUElLd1lJVldhZW51dEQxOTQxT1dETE9PZ0JSZ0RBN05wWmNE?= =?utf-8?B?aHQ5WHdtMlp5YlVNVEJKVnNhZncrMmk2VDlHazI4VG13bmtXbGJIYU5IMGhU?= =?utf-8?B?K1N0dDhHOVZoR1RadnlCRTd3SGRvZDRVKzdUWlYxUjlYODN3Y0Q4MGNlYWZw?= =?utf-8?B?S29TZi9YTnFlTllzakdTWDNLYVZXSFo0L3gzdHpkV0pNNnZ0RGEydklvZW1G?= =?utf-8?B?L1hTSlN5cFFOY3Jaczg4M2hHdzhmSlhwREJzKzJHZTMvcHZ1ZzRORFNGT1lI?= =?utf-8?B?aVdRdEZVM3M5cmdjRnNpSHJ6YmMrM2Zqc1dTZG9zZW1IZHNFNlU3MGI2QXor?= =?utf-8?B?YUZPZ0d5ZndSTW8xblROZmRka0VUK0szb3NUT2dBamNxaW5xWjFSZ3dUR2c4?= =?utf-8?Q?ocAX75/sEkUOURkD8VYP39G3UNAgVze4?= X-Forefront-Antispam-Report: CIP:2607:f8b0:4864:20::c2e; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail-oo1-xc2e.google.com; PTR:mail-oo1-xc2e.google.com; CAT:NONE; SFS:(13230040)(61400799027)(376014)(7093399015)(9140799003)(48200799018)(8096899003)(13003099007); DIR:OUT; SFP:1101; X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b X-Auto-Response-Suppress: DR, OOF, AutoReply X-OriginatorOrg: mitprod.onmicrosoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 May 2025 18:17:58.8954 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 70f3e3c7-990f-4d06-c96c-08dd8e5ca99b X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001C9.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR01MB7500 X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: kerberos@mit.edu X-Mailman-Version: 2.1.34 Precedence: list List-Id: The Kerberos Authentication System Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: X-Mailman-Original-References: Xref: csiph.com comp.protocols.kerberos:5412 On Thu, May 8, 2025 at 12:10=E2=80=AFAM Michael B Allen = wrote: > So the session key used starts with C952. > I meant to say subkey not session key. For completeness I ran my initiator against the Windows Server SSPI acceptor, and got the following: InitStepState: Authenticator { cname: TsspiUserAes256@MEGA.CORP cksum: Checksum8003 { channelBindings: 00000000000000000000000000000000 gssflags: 0x0000403E GSS_C_DELEG_FLAG Y GSS_C_MUTUAL_FLAG Y GSS_C_REPLAY_FLAG Y GSS_C_SEQUENCE_FLAG Y GSS_C_CONF_FLAG Y GSS_C_INTEG_FLAG GSS_C_DCE_STYLE GSS_C_IDENTIFY_FLAG Y GSS_C_EXTENDED_ERROR_FLAG } cusec: 588294 ctime: 20250508174734Z subkey: (23)412213... seq-number: 656590050 } InitStepState: GssContextToken { mech: KRB5 (1.2.840.113554.1.2.2) Krb5InnerContextToken { tokId: 0x0001 ApReq { ap-options: 0x20000000 ticket: Ticket { sname: HOST/TsspiCompRc4.mega.corp@MEGA.CORP enc-part: (23)6D9EDF... } authenticator: (23)3B0B5F... } } } InitStepState: GssContextToken { mech: KRB5 (1.2.840.113554.1.2.2) Krb5InnerContextToken { tokId: 0x0002 ApRep { enc-part: (23)8A32FD... } } } InitStepState: EncAPRepPart { ctime: 20250508174734Z cusec: 588294 subkey: (23)412213... seq-number: 2110239284 } Rc4 wrap: key: 00000: 41 22 13 30 34 0D D6 44 39 7E 27 E5 91 31 30 1D |A".04.=C3=96D9~'= =C3=A5.10. As you can see, the SSPI acceptor simply uses the same key for the Authenticator subkey and AP-REP subkey. Not sure how the SSPI knows to do this. Maybe it's just hardcoded behavior of RC4. So when MITK initiates to an SSPI RC4 service, it uses the Acceptor subkey whereas the SSPI initiator will use the AP-REP subkey but it doesn't matter because the keys are the same. The bottom line is that if anyone writes an acceptor from scratch like me, and they want to support RC4, the acceptor will need to either "Negotiated enctype" to a different enctype so that the MITK initiator uses the AP-REP subkey (the MITK way), or just return the same RC4 subkey for the Authenticator and AP-REP subkeys (the SSPI way) so that does not matter if the MITK initiator uses the Authenticator subkey. Mike --=20 Michael B Allen Java AD DS Integration https://www.ioplex.com/