directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r581480 - in /directory/sandbox/erodriguez/kerberos-pkinit/src: main/java/org/apache/directory/server/kerberos/pkinit/ test/java/org/apache/directory/server/kerberos/pkinit/
Date Wed, 03 Oct 2007 02:53:22 GMT
Author: erodriguez
Date: Tue Oct  2 19:53:21 2007
New Revision: 581480

URL: http://svn.apache.org/viewvc?rev=581480&view=rev
Log:
Enhancements to PKINIT's Diffie-Hellman (DH) mechanism:
o  Fixed incorrect concatenation of DH shared secret and nonces.
o  Replaced TODO's in TestCase to use random nonces, as required.

Modified:
    directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/DhClient.java
    directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/DhServer.java
    directory/sandbox/erodriguez/kerberos-pkinit/src/test/java/org/apache/directory/server/kerberos/pkinit/DhKeyAgreementTest.java

Modified: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/DhClient.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/DhClient.java?rev=581480&r1=581479&r2=581480&view=diff
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/DhClient.java
(original)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/DhClient.java
Tue Oct  2 19:53:21 2007
@@ -86,10 +86,11 @@
         byte[] dhSharedSecret = clientKeyAgree.generateSecret();
         byte[] x = dhSharedSecret;
 
-        if ( clientDhNonce != null && clientDhNonce.length > 0 )
+        if ( ( clientDhNonce != null && clientDhNonce.length > 0 )
+            && ( serverDhNonce != null && serverDhNonce.length > 0 ) )
         {
             x = concatenateBytes( dhSharedSecret, clientDhNonce );
-            x = concatenateBytes( dhSharedSecret, serverDhNonce );
+            x = concatenateBytes( x, serverDhNonce );
         }
 
         byte[] secret = OctetString2Key.kTruncate( dhSharedSecret.length, x );

Modified: directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/DhServer.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/DhServer.java?rev=581480&r1=581479&r2=581480&view=diff
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/DhServer.java
(original)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/main/java/org/apache/directory/server/kerberos/pkinit/DhServer.java
Tue Oct  2 19:53:21 2007
@@ -96,7 +96,7 @@
             && ( serverDhNonce != null && serverDhNonce.length > 0 ) )
         {
             x = concatenateBytes( dhSharedSecret, clientDhNonce );
-            x = concatenateBytes( dhSharedSecret, serverDhNonce );
+            x = concatenateBytes( x, serverDhNonce );
         }
 
         byte[] secret = OctetString2Key.kTruncate( dhSharedSecret.length, x );

Modified: directory/sandbox/erodriguez/kerberos-pkinit/src/test/java/org/apache/directory/server/kerberos/pkinit/DhKeyAgreementTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/erodriguez/kerberos-pkinit/src/test/java/org/apache/directory/server/kerberos/pkinit/DhKeyAgreementTest.java?rev=581480&r1=581479&r2=581480&view=diff
==============================================================================
--- directory/sandbox/erodriguez/kerberos-pkinit/src/test/java/org/apache/directory/server/kerberos/pkinit/DhKeyAgreementTest.java
(original)
+++ directory/sandbox/erodriguez/kerberos-pkinit/src/test/java/org/apache/directory/server/kerberos/pkinit/DhKeyAgreementTest.java
Tue Oct  2 19:53:21 2007
@@ -20,6 +20,7 @@
 package org.apache.directory.server.kerberos.pkinit;
 
 
+import java.security.SecureRandom;
 import java.util.Arrays;
 
 import junit.framework.TestCase;
@@ -40,6 +41,9 @@
  */
 public class DhKeyAgreementTest extends TestCase
 {
+    private static SecureRandom secureRandom = new SecureRandom();
+
+
     /**
      * Tests Diffie-Hellman using Oakley 1024-bit Modular Exponential (MODP)
      * well-known group 2 [RFC2412].
@@ -73,14 +77,18 @@
      * Tests Diffie-Hellman using Oakley 1024-bit Modular Exponential (MODP)
      * well-known group 2 [RFC2412], including the optional DH nonce.
      * 
+     * "This nonce string MUST be as long as the longest key length of the symmetric
+     * key types that the client supports.  This nonce MUST be chosen randomly."
+     * 
      * @throws Exception
      */
     public void testPreGeneratedDhParamsWithNonce() throws Exception
     {
-        // TODO - Generate client nonce.
-        byte[] clientDhNonce = new byte[0];
-        // TODO - Generate server nonce.
-        byte[] serverDhNonce = new byte[0];
+        byte[] clientDhNonce = new byte[16];
+        secureRandom.nextBytes( clientDhNonce );
+
+        byte[] serverDhNonce = new byte[16];
+        secureRandom.nextBytes( serverDhNonce );
 
         DhClient client = new DhClient();
         DhServer server = new DhServer();



Mime
View raw message