Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keeping track of sequence numbers #419

Open
bodgit opened this issue Dec 21, 2020 · 0 comments · May be fixed by #420
Open

Keeping track of sequence numbers #419

bodgit opened this issue Dec 21, 2020 · 0 comments · May be fixed by #420

Comments

@bodgit
Copy link
Contributor

bodgit commented Dec 21, 2020

If you specify gssapi.ContextFlagReplay or gssapi.ContextFlagSequence when negotiating your context then you should ideally keep track of the sequence numbers received in MIC or Wrap tokens (possibly in other things too). There doesn't seem to be any way currently to do that.

The MIT Kerberos source seems to rely on src/lib/gssapi/generic/util_seqstate.c which keeps track of what is the next expected sequence number as well as the last 64 received sequence numbers which appears to be considered Good Enough in terms of replay protection. Sequence protection appears to just be a stricter variant in terms of gaps in the sequence.
bodgit added a commit to bodgit/gokrb5 that referenced this issue Dec 22, 2020
@bodgit
Implement sequence tracking
95c20ce 
Based on the MIT Kerberos implementation. It tracks the 64 previously seen
sequence numbers for the purposes of out of order delivery and replay
protection.

Fixes jcmturner#419
@bodgit bodgit linked a pull request Dec 22, 2020 that will close this issue
Open
jcmturner pushed a commit to bodgit/gokrb5 that referenced this issue Jun 13, 2022
@bodgit @jcmturner
Implement sequence tracking
82c657c 
Based on the MIT Kerberos implementation. It tracks the 64 previously seen
sequence numbers for the purposes of out of order delivery and replay
protection.

Fixes jcmturner#419
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement sequence tracking bodgit/gokrb5
1 participant
@bodgit