1 2<!DOCTYPE html> 3 4<html> 5 <head> 6 <meta charset="utf-8" /> 7 <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" /> 8 9 <title>KDC cookie format — MIT Kerberos Documentation</title> 10 <link rel="stylesheet" type="text/css" href="../_static/pygments.css" /> 11 <link rel="stylesheet" type="text/css" href="../_static/agogo.css" /> 12 <link rel="stylesheet" type="text/css" href="../_static/kerb.css" /> 13 <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script> 14 <script src="../_static/jquery.js"></script> 15 <script src="../_static/underscore.js"></script> 16 <script src="../_static/doctools.js"></script> 17 <link rel="author" title="About these documents" href="../about.html" /> 18 <link rel="index" title="Index" href="../genindex.html" /> 19 <link rel="search" title="Search" href="../search.html" /> 20 <link rel="copyright" title="Copyright" href="../copyright.html" /> 21 <link rel="next" title="PKINIT freshness tokens" href="freshness_token.html" /> 22 <link rel="prev" title="Replay cache file format" href="rcache_file_format.html" /> 23 </head><body> 24 <div class="header-wrapper"> 25 <div class="header"> 26 27 28 <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> 29 30 <div class="rel"> 31 32 <a href="../index.html" title="Full Table of Contents" 33 accesskey="C">Contents</a> | 34 <a href="rcache_file_format.html" title="Replay cache file format" 35 accesskey="P">previous</a> | 36 <a href="freshness_token.html" title="PKINIT freshness tokens" 37 accesskey="N">next</a> | 38 <a href="../genindex.html" title="General Index" 39 accesskey="I">index</a> | 40 <a href="../search.html" title="Enter search criteria" 41 accesskey="S">Search</a> | 42 <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC cookie format">feedback</a> 43 </div> 44 </div> 45 </div> 46 47 <div class="content-wrapper"> 48 <div class="content"> 49 <div class="document"> 50 51 <div class="documentwrapper"> 52 <div class="bodywrapper"> 53 <div class="body" role="main"> 54 55 <section id="kdc-cookie-format"> 56<h1>KDC cookie format<a class="headerlink" href="#kdc-cookie-format" title="Permalink to this headline">¶</a></h1> 57<p><span class="target" id="index-0"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc6113.html"><strong>RFC 6113</strong></a> section 5.2 specifies a pa-data type PA-FX-COOKIE, which 58clients are required to reflect back to the KDC during 59pre-authentication. The MIT krb5 KDC uses the following formats for 60cookies.</p> 61<section id="trivial-cookie-version-0"> 62<h2>Trivial cookie (version 0)<a class="headerlink" href="#trivial-cookie-version-0" title="Permalink to this headline">¶</a></h2> 63<p>If there is no pre-authentication mechanism state information to save, 64a trivial cookie containing the value “MIT” is used. A trivial cookie 65is needed to indicate that the conversation can continue.</p> 66</section> 67<section id="secure-cookie-version-1"> 68<h2>Secure cookie (version 1)<a class="headerlink" href="#secure-cookie-version-1" title="Permalink to this headline">¶</a></h2> 69<p>In release 1.14 and later, a secure cookie can be sent if there is any 70mechanism state to save for the next request. A secure cookie 71contains the concatenation of the following:</p> 72<ul class="simple"> 73<li><p>the four bytes “MIT1”</p></li> 74<li><p>a four-byte big-endian kvno value</p></li> 75<li><p>an <span class="target" id="index-1"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc3961.html"><strong>RFC 3961</strong></a> ciphertext</p></li> 76</ul> 77<p>The ciphertext is encrypted in the cookie key with key usage 78number 513. The cookie key is derived from a key in the local krbtgt 79principal entry for the realm (e.g. <code class="docutils literal notranslate"><span class="pre">krbtgt/KRBTEST.COM@KRBTEST.COM</span></code> 80if the request is to the <code class="docutils literal notranslate"><span class="pre">KRBTEST.COM</span></code> realm). The first krbtgt key 81for the indicated kvno value is combined with the client principal as 82follows:</p> 83<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">cookie</span><span class="o">-</span><span class="n">key</span> <span class="o"><-</span> <span class="n">random</span><span class="o">-</span><span class="n">to</span><span class="o">-</span><span class="n">key</span><span class="p">(</span><span class="n">PRF</span><span class="o">+</span><span class="p">(</span><span class="n">tgt</span><span class="o">-</span><span class="n">key</span><span class="p">,</span> <span class="s2">"COOKIE"</span> <span class="o">|</span> <span class="n">client</span><span class="o">-</span><span class="n">princ</span><span class="p">))</span> 84</pre></div> 85</div> 86<p>where <strong>random-to-key</strong> is the <span class="target" id="index-2"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc3961.html"><strong>RFC 3961</strong></a> random-to-key operation for 87the krbtgt key’s encryption type, <strong>PRF+</strong> is defined in <span class="target" id="index-3"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc6113.html"><strong>RFC 6113</strong></a>, 88and <code class="docutils literal notranslate"><span class="pre">|</span></code> denotes concatenation. <em>client-princ</em> is the request client 89principal name with realm, marshalled according to <span class="target" id="index-4"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc1964.html"><strong>RFC 1964</strong></a> section 902.1.1.</p> 91<p>The plain text of the encrypted part of a cookie is the DER encoding 92of the following ASN.1 type:</p> 93<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">SecureCookie</span> <span class="p">:</span><span class="o">:=</span> <span class="n">SEQUENCE</span> <span class="p">{</span> 94 <span class="n">time</span> <span class="n">INTEGER</span><span class="p">,</span> 95 <span class="n">data</span> <span class="n">SEQUENCE</span> <span class="n">OF</span> <span class="n">PA</span><span class="o">-</span><span class="n">DATA</span><span class="p">,</span> 96 <span class="o">...</span> 97<span class="p">}</span> 98</pre></div> 99</div> 100<p>The time field represents the cookie creation time; for brevity, it is 101encoded as an integer giving the POSIX timestamp rather than as an 102ASN.1 GeneralizedTime value. The data field contains one element for 103each pre-authentication type which requires saved state. For 104mechanisms which have separate request and reply types, the request 105type is used; this allows the KDC to determine whether a cookie is 106relevant to a request by comparing the request pa-data types to the 107cookie data types.</p> 108</section> 109<section id="spake-cookie-format-version-1"> 110<h2>SPAKE cookie format (version 1)<a class="headerlink" href="#spake-cookie-format-version-1" title="Permalink to this headline">¶</a></h2> 111<p>Inside the SecureCookie wrapper, a data value of type 151 contains 112state for SPAKE pre-authentication. This data is the concatenation of 113the following:</p> 114<ul class="simple"> 115<li><p>a two-byte big-endian version number with the value 1</p></li> 116<li><p>a two-byte big-endian stage number</p></li> 117<li><p>a four-byte big-endian group number</p></li> 118<li><p>a four-byte big-endian length and data for the SPAKE value</p></li> 119<li><p>a four-byte big-endian length and data for the transcript hash</p></li> 120<li><p>zero or more second factor records, each consisting of: 121- a four-byte big-endian second-factor type 122- a four-byte big-endian length and data</p></li> 123</ul> 124<p>The stage value is 0 if the cookie was sent with a challenge message. 125Otherwise it is 1 for the first encdata message sent by the KDC during 126an exchange, 2 for the second, etc..</p> 127<p>The group value indicates the group number used in the SPAKE challenge.</p> 128<p>For a stage-0 cookie, the SPAKE value is the KDC private key, 129represented in the scalar marshalling form of the group. For other 130cookies, the SPAKE value is the SPAKE result K, represented in the 131group element marshalling form.</p> 132<p>For a stage-0 cookie, the transcript hash is the intermediate hash 133after updating with the client support message (if one was sent) and 134challenge. For other cookies it is the final hash.</p> 135<p>For a stage-0 cookie, there may be any number of second-factor 136records, including none; a second-factor type need not create a state 137field if it does not need one, and no record is created for SF-NONE. 138For other cookies, there must be exactly one second-factor record 139corresponding to the factor type chosen by the client.</p> 140</section> 141</section> 142 143 144 <div class="clearer"></div> 145 </div> 146 </div> 147 </div> 148 </div> 149 <div class="sidebar"> 150 151 <h2>On this page</h2> 152 <ul> 153<li><a class="reference internal" href="#">KDC cookie format</a><ul> 154<li><a class="reference internal" href="#trivial-cookie-version-0">Trivial cookie (version 0)</a></li> 155<li><a class="reference internal" href="#secure-cookie-version-1">Secure cookie (version 1)</a></li> 156<li><a class="reference internal" href="#spake-cookie-format-version-1">SPAKE cookie format (version 1)</a></li> 157</ul> 158</li> 159</ul> 160 161 <br/> 162 <h2>Table of contents</h2> 163 <ul class="current"> 164<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li> 165<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> 166<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> 167<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li> 168<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> 169<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> 170<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current"> 171<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li> 172<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li> 173<li class="toctree-l2"><a class="reference internal" href="rcache_file_format.html">Replay cache file format</a></li> 174<li class="toctree-l2 current"><a class="current reference internal" href="#">KDC cookie format</a></li> 175<li class="toctree-l2"><a class="reference internal" href="freshness_token.html">PKINIT freshness tokens</a></li> 176</ul> 177</li> 178<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> 179<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> 180<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> 181<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> 182</ul> 183 184 <br/> 185 <h4><a href="../index.html">Full Table of Contents</a></h4> 186 <h4>Search</h4> 187 <form class="search" action="../search.html" method="get"> 188 <input type="text" name="q" size="18" /> 189 <input type="submit" value="Go" /> 190 <input type="hidden" name="check_keywords" value="yes" /> 191 <input type="hidden" name="area" value="default" /> 192 </form> 193 194 </div> 195 <div class="clearer"></div> 196 </div> 197 </div> 198 199 <div class="footer-wrapper"> 200 <div class="footer" > 201 <div class="right" ><i>Release: 1.21.3</i><br /> 202 © <a href="../copyright.html">Copyright</a> 1985-2024, MIT. 203 </div> 204 <div class="left"> 205 206 <a href="../index.html" title="Full Table of Contents" 207 >Contents</a> | 208 <a href="rcache_file_format.html" title="Replay cache file format" 209 >previous</a> | 210 <a href="freshness_token.html" title="PKINIT freshness tokens" 211 >next</a> | 212 <a href="../genindex.html" title="General Index" 213 >index</a> | 214 <a href="../search.html" title="Enter search criteria" 215 >Search</a> | 216 <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC cookie format">feedback</a> 217 </div> 218 </div> 219 </div> 220 221 </body> 222</html>