Uploaded image for project: 'Directory Kerberos'
  1. Directory Kerberos
  2. DIRKRB-2

[kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption decryption function is not complete

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None
    • None

    Description

      According RFC 4757, ArcFourHmacMd5Encryption has the decryption algorithm as below:
      +++++ cite +++++
      DECRYPT (K, export, T, edata)
      {
      // edata looks like
      struct EDATA {
      struct HEADER

      { OCTET Checksum[16]; OCTET Confounder[8]; }

      Header;
      OCTET Data[0];
      } edata;
      if (export)

      { *((DWORD *)(L40+10)) = T; HMAC (K, L40, 14, K1); }

      else

      { HMAC (K, &T, 4, K1); }

      memcpy (K2, K1, 16);
      if (export) memset (K1+7, 0xAB, 9);
      K3 = HMAC (K1, edata.Checksum);
      RC4 (K3, edata.Confounder);
      RC4 (K3, edata.Data);
      // verify generated and received checksums
      checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
      if (checksum != edata.Checksum)
      printf("CHECKSUM ERROR !!!!!!\n");
      }
      +++++ cite +++++

      Current implementation is apparently not complete:
      +++++ cite from bigbang +++++
      public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
      {
      return data.getCipher();
      }

      +++++ cite from bigbang +++++

      Attachments

        Issue Links

          duplicates

          New Feature - A new feature of the product, which has yet to be developed. DIRKRB-21 RC4-HMAC Encryption System

          • Major - Major loss of function.
          • Open
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. DIRKRB-27 [kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcCrcEncryption shall not use java.util.zip.CRC32 to generate CRC32 checksum

          • Major - Major loss of function.
          • Open
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. DIR-225 [kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption decryption function is not complete

          • Major - Major loss of function.
          • Closed

          Activity

            People

              elecharny Emmanuel Lécharny
              spark shen spark shen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: