1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
|
<!DOCTYPE html>
<html lang="en" data-content_root="../">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<title>KDC cookie format — MIT Kerberos Documentation</title>
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" />
<link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" />
<script src="../_static/documentation_options.js?v=6dbce55c"></script>
<script src="../_static/doctools.js?v=888ff710"></script>
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
<link rel="author" title="About these documents" href="../about.html" />
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="copyright" title="Copyright" href="../copyright.html" />
<link rel="next" title="PKINIT freshness tokens" href="freshness_token.html" />
<link rel="prev" title="Replay cache file format" href="rcache_file_format.html" />
</head><body>
<div class="header-wrapper">
<div class="header">
<h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
<div class="rel">
<a href="../index.html" title="Full Table of Contents"
accesskey="C">Contents</a> |
<a href="rcache_file_format.html" title="Replay cache file format"
accesskey="P">previous</a> |
<a href="freshness_token.html" title="PKINIT freshness tokens"
accesskey="N">next</a> |
<a href="../genindex.html" title="General Index"
accesskey="I">index</a> |
<a href="../search.html" title="Enter search criteria"
accesskey="S">Search</a> |
<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC cookie format">feedback</a>
</div>
</div>
</div>
<div class="content-wrapper">
<div class="content">
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<section id="kdc-cookie-format">
<h1>KDC cookie format<a class="headerlink" href="#kdc-cookie-format" title="Link to this heading">¶</a></h1>
<p><span class="target" id="index-0"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6113.html"><strong>RFC 6113</strong></a> section 5.2 specifies a pa-data type PA-FX-COOKIE, which
clients are required to reflect back to the KDC during
pre-authentication. The MIT krb5 KDC uses the following formats for
cookies.</p>
<section id="trivial-cookie-version-0">
<h2>Trivial cookie (version 0)<a class="headerlink" href="#trivial-cookie-version-0" title="Link to this heading">¶</a></h2>
<p>If there is no pre-authentication mechanism state information to save,
a trivial cookie containing the value “MIT” is used. A trivial cookie
is needed to indicate that the conversation can continue.</p>
</section>
<section id="secure-cookie-version-1">
<h2>Secure cookie (version 1)<a class="headerlink" href="#secure-cookie-version-1" title="Link to this heading">¶</a></h2>
<p>In release 1.14 and later, a secure cookie can be sent if there is any
mechanism state to save for the next request. A secure cookie
contains the concatenation of the following:</p>
<ul class="simple">
<li><p>the four bytes “MIT1”</p></li>
<li><p>a four-byte big-endian kvno value</p></li>
<li><p>an <span class="target" id="index-1"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3961.html"><strong>RFC 3961</strong></a> ciphertext</p></li>
</ul>
<p>The ciphertext is encrypted in the cookie key with key usage
number 513. The cookie key is derived from a key in the local krbtgt
principal entry for the realm (e.g. <code class="docutils literal notranslate"><span class="pre">krbtgt/KRBTEST.COM@KRBTEST.COM</span></code>
if the request is to the <code class="docutils literal notranslate"><span class="pre">KRBTEST.COM</span></code> realm). The first krbtgt key
for the indicated kvno value is combined with the client principal as
follows:</p>
<div class="highlight-abnf notranslate"><div class="highlight"><pre><span></span><span class="nc">cookie-key</span><span class="w"> </span><-<span class="w"> </span><span class="nc">random-to-key</span><span class="p">(</span><span class="nc">PRF</span>+<span class="p">(</span><span class="nc">tgt-key</span>,<span class="w"> </span><span class="l">"COOKIE"</span><span class="w"> </span>|<span class="w"> </span><span class="nc">client-princ</span><span class="p">))</span>
</pre></div>
</div>
<p>where <strong>random-to-key</strong> is the <span class="target" id="index-2"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3961.html"><strong>RFC 3961</strong></a> random-to-key operation for
the krbtgt key’s encryption type, <strong>PRF+</strong> is defined in <span class="target" id="index-3"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6113.html"><strong>RFC 6113</strong></a>,
and <code class="docutils literal notranslate"><span class="pre">|</span></code> denotes concatenation. <em>client-princ</em> is the request client
principal name with realm, marshalled according to <span class="target" id="index-4"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1964.html"><strong>RFC 1964</strong></a> section
2.1.1.</p>
<p>The plain text of the encrypted part of a cookie is the DER encoding
of the following ASN.1 type:</p>
<div class="highlight-bnf notranslate"><div class="highlight"><pre><span></span>SecureCookie <span class="o">::=</span> SEQUENCE {
time INTEGER,
data SEQUENCE OF PA-DATA,
...
}
</pre></div>
</div>
<p>The time field represents the cookie creation time; for brevity, it is
encoded as an integer giving the POSIX timestamp rather than as an
ASN.1 GeneralizedTime value. The data field contains one element for
each pre-authentication type which requires saved state. For
mechanisms which have separate request and reply types, the request
type is used; this allows the KDC to determine whether a cookie is
relevant to a request by comparing the request pa-data types to the
cookie data types.</p>
</section>
<section id="spake-cookie-format-version-1">
<h2>SPAKE cookie format (version 1)<a class="headerlink" href="#spake-cookie-format-version-1" title="Link to this heading">¶</a></h2>
<p>Inside the SecureCookie wrapper, a data value of type 151 contains
state for SPAKE pre-authentication. This data has the following
binary format with big-endian integer encoding:</p>
<div class="highlight-bnf notranslate"><div class="highlight"><pre><span></span>cookie <span class="o">::=</span>
version (16 bits) [with the value 1]
stage number (16 bits)
group number (32 bits)
SPAKE value length (32 bits)
SPAKE value
transcript hash length (32 bits)
transcript hash
second factor record 1 (factor-record)
second factor record 2 (factor-record)
...
factor-record <span class="o">::=</span>
second factor type (32 bits)
second factor data length (32 bits)
second factor data
</pre></div>
</div>
<p>The stage value is 0 if the cookie was sent with a challenge message.
Otherwise it is 1 for the first encdata message sent by the KDC during
an exchange, 2 for the second, etc..</p>
<p>The group value indicates the group number used in the SPAKE challenge.</p>
<p>For a stage-0 cookie, the SPAKE value is the KDC private key,
represented in the scalar marshalling form of the group. For other
cookies, the SPAKE value is the SPAKE result K, represented in the
group element marshalling form.</p>
<p>For a stage-0 cookie, the transcript hash is the intermediate hash
after updating with the client support message (if one was sent) and
challenge. For other cookies it is the final hash.</p>
<p>For a stage-0 cookie, there may be any number of second-factor
records, including none; a second-factor type need not create a state
field if it does not need one, and no record is created for SF-NONE.
For other cookies, there must be exactly one second-factor record
corresponding to the factor type chosen by the client.</p>
</section>
</section>
<div class="clearer"></div>
</div>
</div>
</div>
</div>
<div class="sidebar">
<h2>On this page</h2>
<ul>
<li><a class="reference internal" href="#">KDC cookie format</a><ul>
<li><a class="reference internal" href="#trivial-cookie-version-0">Trivial cookie (version 0)</a></li>
<li><a class="reference internal" href="#secure-cookie-version-1">Secure cookie (version 1)</a></li>
<li><a class="reference internal" href="#spake-cookie-format-version-1">SPAKE cookie format (version 1)</a></li>
</ul>
</li>
</ul>
<br/>
<h2>Table of contents</h2>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li>
<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li>
<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file formats</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cache file format</a></li>
<li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file format</a></li>
<li class="toctree-l2"><a class="reference internal" href="rcache_file_format.html">Replay cache file format</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">KDC cookie format</a></li>
<li class="toctree-l2"><a class="reference internal" href="freshness_token.html">PKINIT freshness tokens</a></li>
<li class="toctree-l2"><a class="reference internal" href="database_formats.html">Kerberos Database (KDB) Formats</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
</ul>
<br/>
<h4><a href="../index.html">Full Table of Contents</a></h4>
<h4>Search</h4>
<form class="search" action="../search.html" method="get">
<input type="text" name="q" size="18" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<div class="clearer"></div>
</div>
</div>
<div class="footer-wrapper">
<div class="footer" >
<div class="right" ><i>Release: 1.22.1</i><br />
© <a href="../copyright.html">Copyright</a> 1985-2025, MIT.
</div>
<div class="left">
<a href="../index.html" title="Full Table of Contents"
>Contents</a> |
<a href="rcache_file_format.html" title="Replay cache file format"
>previous</a> |
<a href="freshness_token.html" title="PKINIT freshness tokens"
>next</a> |
<a href="../genindex.html" title="General Index"
>index</a> |
<a href="../search.html" title="Enter search criteria"
>Search</a> |
<a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC cookie format">feedback</a>
</div>
</div>
</div>
</body>
</html>
|
