Support special salt type in default krb5_dbe_cpw

This change allows the "special" salt type to be used in
supported_enctypes or in the argument to kadmin's cpw -e.  If used,
kadmind will pick a salt consisting of 64 random bits represented as
16 printable ASCII characters.  The use of random explicit salts
creates some interoperability issues and is not generally recommended,
but can be useful for interop testing, as a workaround for obscure
bugs, or to increase the difficulty of brute-force password searches
in situations where none of the interoperability issues apply.

ticket: 6964

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25226 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 36 insertions, 0 deletions

diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index 88811e71b1..abaae4f7c4 100644
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -339,6 +339,37 @@ krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry)
     return(retval);
 }
 
+/* Construct a random explicit salt. */
+static krb5_error_code
+make_random_salt(krb5_context context, krb5_keysalt *salt_out)
+{
+    krb5_error_code retval;
+    unsigned char rndbuf[8];
+    krb5_data salt, rnd = make_data(rndbuf, sizeof(rndbuf));
+    unsigned int i;
+
+    /*
+     * Salts are limited by RFC 4120 to 7-bit ASCII.  For ease of examination
+     * and to avoid certain folding issues for older enctypes, we use printable
+     * characters with four fixed bits and four random bits, encoding 64
+     * psuedo-random bits into 16 bytes.
+     */
+    retval = krb5_c_random_make_octets(context, &rnd);
+    if (retval)
+        return retval;
+    retval = alloc_data(&salt, sizeof(rndbuf) * 2);
+    if (retval)
+        return retval;
+    for (i = 0; i < sizeof(rndbuf); i++) {
+        salt.data[i * 2] = 0x40 | (rndbuf[i] >> 4);
+        salt.data[i * 2 + 1] = 0x40 | (rndbuf[i] & 0xf);
+    }
+
+    salt_out->type = KRB5_KDB_SALTTYPE_SPECIAL;
+    salt_out->data = salt;
+    return 0;
+}
+
 /*
  * Add key_data for a krb5_db_entry
  * If passwd is NULL the assumes that the caller wants a random password.
@@ -431,6 +462,11 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
                 return retval;
             key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/
             break;
+        case KRB5_KDB_SALTTYPE_SPECIAL:
+            retval = make_random_salt(context, &key_salt);
+            if (retval)
+                return retval;
+            break;
         default:
             return(KRB5_KDB_BAD_SALTTYPE);
         }