8370615: Improve Kerberos credentialing

Reviewed-by: abakhtin
Backport-of: 52af52817f3da0189566ca435d0395be4f16c8a5

Author: gnu-andrew

src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesDkCrypto.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -118,14 +118,7 @@ public byte[] stringToKey(char[] password, String salt, byte[] s2kparams)
     private byte[] stringToKey(char[] secret, byte[] salt, byte[] params)
         throws GeneralSecurityException {
 
-        int iter_count = DEFAULT_ITERATION_COUNT;
-        if (params != null) {
-            if (params.length != 4) {
-                throw new RuntimeException("Invalid parameter to stringToKey");
-            }
-            iter_count = readBigEndian(params, 0, 4);
-        }
-
+        int iter_count = DkCrypto.iterationCount(params, DEFAULT_ITERATION_COUNT);
         byte[] tmpKey = randomToKey(PBKDF2(secret, salt, iter_count,
                                         getKeySeedLength()));
         byte[] result = dk(tmpKey, KERBEROS_CONSTANT);
@@ -485,17 +478,4 @@ private static byte[] PBKDF2(char[] secret, byte[] salt,
 
         return result;
     }
-
-    public static final int readBigEndian(byte[] data, int pos, int size) {
-        int retVal = 0;
-        int shifter = (size-1)*8;
-        while (size > 0) {
-            retVal += (data[pos] & 0xff) << shifter;
-            shifter -= 8;
-            pos++;
-            size--;
-        }
-        return retVal;
-    }
-
 }

src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/AesSha2DkCrypto.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -122,14 +122,7 @@ public byte[] stringToKey(char[] password, String salt, byte[] s2kparams)
     private byte[] stringToKey(char[] secret, byte[] salt, byte[] params)
         throws GeneralSecurityException {
 
-        int iter_count = DEFAULT_ITERATION_COUNT;
-        if (params != null) {
-            if (params.length != 4) {
-                throw new RuntimeException("Invalid parameter to stringToKey");
-            }
-            iter_count = readBigEndian(params, 0, 4);
-        }
-
+        int iter_count = DkCrypto.iterationCount(params, DEFAULT_ITERATION_COUNT);
         byte[] saltp = new byte[26 + 1 + salt.length];
         if (keyLength == 128) {
             System.arraycopy(ETYPE_NAME_128, 0, saltp, 0, 26);
@@ -525,17 +518,4 @@ private static byte[] PBKDF2(char[] secret, byte[] salt,
 
         return result;
     }
-
-    public static final int readBigEndian(byte[] data, int pos, int size) {
-        int retVal = 0;
-        int shifter = (size-1)*8;
-        while (size > 0) {
-            retVal += (data[pos] & 0xff) << shifter;
-            shifter -= 8;
-            pos++;
-            size--;
-        }
-        return retVal;
-    }
-
 }

src/java.security.jgss/share/classes/sun/security/krb5/internal/crypto/dk/DkCrypto.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2025, Oracle and/or its affiliates. All rights reserved.
  */
 
 /*
@@ -31,8 +31,8 @@
 package sun.security.krb5.internal.crypto.dk;
 
 import javax.crypto.Cipher;
-import javax.crypto.Mac;
 import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
 import java.util.Arrays;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
@@ -692,4 +692,41 @@ static byte[] charToUtf16(char[] chars) {
         bb.get(answer, 0, len);
         return answer;
     }
+
+    static int iterationCount(byte[] params, int defaultValue)
+            throws InvalidAlgorithmParameterException {
+        if (params == null) {
+            return defaultValue;
+        }
+        if (params.length != 4) {
+            throw new InvalidAlgorithmParameterException("Invalid params");
+        }
+        if (params[0] != 0 || ((params[1] & 0xff) >= 80)) {
+            // IC should be less than 80 * 2^16. This is roughly
+            // the same as PKCS12KeyStore's 5_000_000 limit.
+            throw new InvalidAlgorithmParameterException(
+                    "Incoming iteration count is too big");
+        }
+        int iter_count = readBigEndian(params, 0, 4);
+        if (!ALLOW_WEAK_PBKDF2_ITERATION_COUNT && iter_count < defaultValue) {
+            throw new InvalidAlgorithmParameterException(
+                    "Incoming iteration count is too small");
+        }
+        return iter_count;
+    }
+
+    public static final int readBigEndian(byte[] data, int pos, int size) {
+        int retVal = 0;
+        int shifter = (size-1)*8;
+        while (size > 0) {
+            retVal += (data[pos] & 0xff) << shifter;
+            shifter -= 8;
+            pos++;
+            size--;
+        }
+        return retVal;
+    }
+
+    // Only used by test
+    public static boolean ALLOW_WEAK_PBKDF2_ITERATION_COUNT = false;
 }

test/jdk/sun/security/krb5/RFC396xTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,6 +52,7 @@ public class RFC396xTest {
     public static void main(String[] args) throws Exception {
         System.setProperty("sun.security.krb5.msinterop.des.s2kcharset",
                 "utf-8");
+        DkCrypto.ALLOW_WEAK_PBKDF2_ITERATION_COUNT = true;
         test();
     }
 

test/jdk/sun/security/krb5/auto/DiffSaltParams.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,11 +38,11 @@ public static void main(String[] args) throws Exception {
 
         OneKDC kdc = new OneKDC(null).writeJAASConf();
         kdc.addPrincipal("user1", "user1pass".toCharArray(),
-                "hello", new byte[]{0, 0, 1, 0});
+                "hello", new byte[]{0, 1, 0, 0});
         kdc.addPrincipal("user2", "user2pass".toCharArray(),
                 "hello", null);
         kdc.addPrincipal("user3", "user3pass".toCharArray(),
-                null, new byte[]{0, 0, 1, 0});
+                null, new byte[]{0, 1, 0, 0});
         kdc.addPrincipal("user4", "user4pass".toCharArray());
 
         Context.fromUserPass("user1", "user1pass".toCharArray(), true);

test/jdk/sun/security/krb5/auto/KDC.java

@@ -362,11 +362,12 @@ public void writeKtab(String tab, boolean append, String... names)
                         name.indexOf('/') < 0 ?
                                 PrincipalName.KRB_NT_UNKNOWN :
                                 PrincipalName.KRB_NT_SRV_HST);
-                ktab.addEntry(pn,
-                        getSalt(pn),
-                        pass,
-                        kvno,
-                        true);
+                int[] etypes = EType.getDefaults("default_tkt_enctypes");
+                EncryptionKey[] keys = new EncryptionKey[etypes.length];
+                for (int i = 0; i < etypes.length; i++) {
+                    keys[i] = keyForUser(pn, etypes[i], false);
+                }
+                ktab.addEntry(pn, keys, kvno, true);
             } else {
                 nativeKdc.ktadd(name, tab);
             }
@@ -667,10 +668,7 @@ private static EncryptionKey generateRandomKey(int eType)
      */
     private char[] getPassword(PrincipalName p, boolean server)
             throws KrbException {
-        String pn = p.toString();
-        if (p.getRealmString() == null) {
-            pn = pn + "@" + getRealm();
-        }
+        String pn = nameOf(p);
         char[] pass = passwords.get(pn);
         if (pass == null) {
             throw new KrbException(server?
@@ -686,10 +684,7 @@ private char[] getPassword(PrincipalName p, boolean server)
      * @return the salt
      */
     protected String getSalt(PrincipalName p) {
-        String pn = p.toString();
-        if (p.getRealmString() == null) {
-            pn = pn + "@" + getRealm();
-        }
+        String pn = nameOf(p);
         if (salts.containsKey(pn)) {
             return salts.get(pn);
         }
@@ -721,10 +716,7 @@ protected byte[] getParams(PrincipalName p, int etype) {
             case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
             case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA256_128:
             case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA384_192:
-                String pn = p.toString();
-                if (p.getRealmString() == null) {
-                    pn = pn + "@" + getRealm();
-                }
+                String pn = nameOf(p);
                 if (s2kparamses.containsKey(pn)) {
                     return s2kparamses.get(pn);
                 }
@@ -738,6 +730,23 @@ protected byte[] getParams(PrincipalName p, int etype) {
         }
     }
 
+    /**
+     * Returns the name of a PrincipalName inside KDC dbs.
+     * @param p the principal name
+     * @return the name
+     */
+    private String nameOf(PrincipalName p) {
+        String pn = p.toString();
+        if (p.getRealmString() == null) {
+            pn = pn + "@" + getRealm();
+        }
+        if (pn.startsWith("krbtgt/")) {
+            // We always register krbtgt using REALM
+            pn = "krbtgt/" + pn.substring(7).toUpperCase(Locale.ROOT);
+        }
+        return pn;
+    }
+
     /**
      * Returns the key for a given principal of the given encryption type
      * @param p the principal

test/jdk/sun/security/krb5/auto/UserIterCount.java

@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8370615
+ * @summary Improve Kerberos credentialing
+ * @library /test/lib
+ * @compile -XDignore.symbol.file UserIterCount.java
+ * @run main jdk.test.lib.FileInstaller TestHosts TestHosts
+ * @run main/othervm -Djdk.net.hosts.file=TestHosts UserIterCount
+ */
+import sun.security.krb5.PrincipalName;
+
+public class UserIterCount {
+
+    static class MyKDC extends OneKDC {
+        public MyKDC() throws Exception {
+            super(null);
+        }
+
+        @Override
+        protected byte[] getParams(PrincipalName p, int etype) {
+            if (etype == 18) {
+                if (p.toString().startsWith(OneKDC.USER)) {
+                    return new byte[]{0, 0, 16, 01};
+                } else {
+                    return new byte[]{0, 79, (byte)255, (byte)255};
+                }
+            } else {
+                return super.getParams(p, etype);
+            }
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        new MyKDC().writeJAASConf();
+        Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
+        Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, false);
+    }
+}