directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <>
Subject [Kerberos Client] KERB_CHECKSUM_HMAC_MD5 in Java?
Date Sat, 24 Apr 2010 22:51:13 GMT

So I've made considerable progress in implementing s4u in the kerberos
client.  I've created the PA-FOR-USER data type and am able to
generate a s4u2self request.  However I think my checksum is
incorrect.  From MS-S4U:

cksum: A checksum of userName, userRealm, and auth-package. This is
calculated using the KERB_CHECKSUM_HMAC_MD5 function ([RFC4757]). The
value of the is first encoded as a 4-byte integer
in little endian byte order, then these 4 bytes are concatenated with
all string values in the sequence of strings contained in the field, then the string value of the userRealm
field, and then the string value of auth-package field, in that order,
to form a byte array which can be called S4UByteArray. Note that, in
the computation of S4UByteArray, the null terminator is not included
when concatenating the strings. Finally cksum is computed by calling
the KERB_CHECKSUM_HMAC_MD5 hash with the following three parameters:
the session key of the TGT of the service performing the S4U2Self
request, the message type value of 17, and the byte array

And from RFC 4757:

There is one checksum type used in this encryption type.  The
   Kerberos constant for this type is:

           #define KERB_CHECKSUM_HMAC_MD5 (-138)

      The function is defined as follows:

      K = the Key
      T = the message type, encoded as a little-endian four-byte integer

      CHKSUM(K, T, data)

           Ksign = HMAC(K, "signaturekey")  //includes zero octet at end
           tmp = MD5(concat(T, data))
           CHKSUM = HMAC(Ksign, tmp)

Here is my checksum code:

//Compute the Ksign
Mac mac = Mac.getInstance( "HmacMD5" );
mac.init( tgt.getSessionKey() );
byte[] Ksign = mac.doFinal();
//Mesage type is 17
byte[] msgType = new byte[4];
msgType[0] = (byte) 17;
msgType[1] = (byte)(17 >>> 8);
msgType[2] = (byte)(17 >>> 16);
msgType[3] = (byte)(17 >>> 24);
//calculate tmp
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] tmp = md.digest();
//initialize with Ksign
mac.init(new SecretKeySpec(Ksign,"HMAC"));
//generate final checksum
byte[] chksum = mac.doFinal();
return new Checksum( ChecksumType.HMAC_MD5, chksum );

When I send the message I get the response "KRB5KRB_AP_ERR_MODIFIED".

Any thoughts?


View raw message