directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "spark shen (JIRA)" <j...@apache.org>
Subject [jira] Created: (DIRSERVER-1108) [kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption decryption function is not complete
Date Fri, 07 Dec 2007 05:38:43 GMT
[kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption
decryption function is not complete
------------------------------------------------------------------------------------------------------------------------------------

                 Key: DIRSERVER-1108
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1108
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: kerberos
            Reporter: spark shen


According RFC 4757, ArcFourHmacMd5Encryption has the decryption algorithm as below:
+++++ cite +++++
DECRYPT (K, export, T, edata)
{
  // edata looks like
  struct EDATA {
    struct HEADER {
      OCTET Checksum[16];
      OCTET Confounder[8];
    } Header;
    OCTET Data[0];
  } edata;
  if (export){
    *((DWORD *)(L40+10)) = T;
    HMAC (K, L40, 14, K1);
  }
  else
  {
    HMAC (K, &T, 4, K1);
  }
  memcpy (K2, K1, 16);
  if (export) memset (K1+7, 0xAB, 9);
  K3 = HMAC (K1, edata.Checksum);
  RC4 (K3, edata.Confounder);
  RC4 (K3, edata.Data);
  // verify generated and received checksums
  checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
  if (checksum != edata.Checksum)
  printf("CHECKSUM ERROR !!!!!!\n");
}
+++++ cite +++++

Current implementation is apparently not complete:
+++++ cite from bigbang +++++
public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws
KerberosException
{
    return data.getCipher();
}

+++++ cite from bigbang +++++

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message