directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Diwaker Gupta (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-2) [kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption decryption function is not complete
Date Thu, 20 Mar 2014 15:58:50 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-2?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13941875#comment-13941875
] 

Diwaker Gupta commented on DIRKRB-2:
------------------------------------

Folks, is there any update on this? (cc/ [~elecharny]) 2.0.0-RC1 has long come and gone and
AFAICT, the decryption function remains incomplete. This seems like a pretty big blocker to
using ApacheDS against ActiveDirectory.

> [kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption
decryption function is not complete
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DIRKRB-2
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-2
>             Project: Directory Kerberos
>          Issue Type: Bug
>            Reporter: spark shen
>            Assignee: Emmanuel Lecharny
>             Fix For: 2.0.0-RC1
>
>
> According RFC 4757, ArcFourHmacMd5Encryption has the decryption algorithm as below:
> +++++ cite +++++
> DECRYPT (K, export, T, edata)
> {
>   // edata looks like
>   struct EDATA {
>     struct HEADER {
>       OCTET Checksum[16];
>       OCTET Confounder[8];
>     } Header;
>     OCTET Data[0];
>   } edata;
>   if (export){
>     *((DWORD *)(L40+10)) = T;
>     HMAC (K, L40, 14, K1);
>   }
>   else
>   {
>     HMAC (K, &T, 4, K1);
>   }
>   memcpy (K2, K1, 16);
>   if (export) memset (K1+7, 0xAB, 9);
>   K3 = HMAC (K1, edata.Checksum);
>   RC4 (K3, edata.Confounder);
>   RC4 (K3, edata.Data);
>   // verify generated and received checksums
>   checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
>   if (checksum != edata.Checksum)
>   printf("CHECKSUM ERROR !!!!!!\n");
> }
> +++++ cite +++++
> Current implementation is apparently not complete:
> +++++ cite from bigbang +++++
> public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage
) throws KerberosException
> {
>     return data.getCipher();
> }
> +++++ cite from bigbang +++++



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message