[kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption decryption function is not complete
------------------------------------------------------------------------------------------------------------------------------------

                 Key: DIR-225
                 URL: https://issues.apache.org/jira/browse/DIR-225
             Project: Directory
          Issue Type: Bug
            Reporter: spark shen
            Assignee: Alex Karasulu


According RFC 4757, ArcFourHmacMd5Encryption has the decryption algorithm as below:
+++++ cite +++++
DECRYPT (K, export, T, edata)
{
  // edata looks like
  struct EDATA {
    struct HEADER {
      OCTET Checksum[16];
      OCTET Confounder[8];
    } Header;
    OCTET Data[0];
  } edata;
  if (export){
    *((DWORD *)(L40+10)) = T;
    HMAC (K, L40, 14, K1);
  }
  else
  {
    HMAC (K, &T, 4, K1);
  }
  memcpy (K2, K1, 16);
  if (export) memset (K1+7, 0xAB, 9);
  K3 = HMAC (K1, edata.Checksum);
  RC4 (K3, edata.Confounder);
  RC4 (K3, edata.Data);
  // verify generated and received checksums
  checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
  if (checksum != edata.Checksum)
  printf("CHECKSUM ERROR !!!!!!\n");
}
+++++ cite +++++

Current implementation is apparently not complete:
+++++ cite from bigbang +++++
public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
{
    return data.getCipher();
}

+++++ cite from bigbang +++++

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.