logo_kerberos.gif

Projects/GSSAPI DCE

From K5Wiki
< Projects
Revision as of 15:38, 11 November 2008 by SamHartman (talk | contribs) (Reflect discussions about the goals of the project)

Jump to: navigation, search
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.


The GSS-API DCE project proposes to add functionality found in SSPI to MIT Kerberos; this functionality includes support for AEAD and support sufficient to implement DCE RPC on top of MIT Kerberos. This project depends on and is a companion to Projects/AEAD encryption API.


Background

SSPI architecture

The SSPI for connection-oriented contexts provides the following service model for per-messageprotection:

  • Security mechanisms may add small fixed-size padding (less than 8 bytes) to a message.
  • Security mechanisms add fixed size mechanism-specific tokens to messages.
  • Messages may contain data chunks that are encrypted and read_only chunks that are integrity protected but not encrypted.
  • So a message looks like (data+ readonly* pad token), although all the components can be reordered. In particular, when interoperating with GSS-API the token comes at the front.
  • The application gets to control the placement of token, data, read_only and pad chunks both in the input and output; chunks cannot change size.

GSS-API architecture

  • Application passes in a token for per-message protection
  • Gss-API returns a token, typically of a different size.
  • No support for AEAD
  • The application does not control placement or order of chunks.

Supporting DCE RPC

We want to make it easy to implement DCE-RPC against MIT Kerberos:
  • DCE RPC separates the security token information from the confidentiality protected information and places it elsewhere in the network PDU
  • DCE uses AEAD to integrity protect parts of the message that are not confidentiality protected.
  • DCE manages its own padding.

There are also changes to the context establishment procedure signaled by a DCE_STYLE flag; RFC 4757 briefly describes these changes.

AEAD support

DCE requires adding AEAD support to the GSS mechanism. However an application implementing DCE RPC will typically want in-place encryption APIs that expose significant detail about the structure of the GSS token. For some classes of application, this is desirable. However it is highly undesirable to force an application to pay attention to the details of GSS tokens in order to take advantage of features like AEAD. Doing so increases the probability that the application will depend on some semantic of the token and thus will not be portable across mechanisms.

Basic approach

Two new sets of APIs will be introduced. The first, the gss_iov API is similar to the AEAD encryption API and to SSPI. The second adds support for AEAD while minimizing differences with the original GSS-API.

gss_iov

A new structure is introduced:

typedef struct gss_iov_buffer_desc_struct {

   OM_uint32 type;
   OM_uint32 flags;
   gss_buffer_desc buffer;

} gss_iov_buffer_desc, *gss_iov_buffer_t;

A set of APIs is created that takes an array of gss_iov_buffer_desc structures for per-message operations. Several types of buffers are defined. A DCE style application would typically pass in

gss_*_aead

API details

Testing plan