Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
According RFC 4757, ArcFourHmacMd5Encryption has the decryption algorithm as below:
+++++ cite +++++
DECRYPT (K, export, T, edata)
{
// edata looks like
struct EDATA {
struct HEADER
Header;
OCTET Data[0];
} edata;
if (export)
else
{ HMAC (K, &T, 4, K1); } memcpy (K2, K1, 16);
if (export) memset (K1+7, 0xAB, 9);
K3 = HMAC (K1, edata.Checksum);
RC4 (K3, edata.Confounder);
RC4 (K3, edata.Data);
// verify generated and received checksums
checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
if (checksum != edata.Checksum)
printf("CHECKSUM ERROR !!!!!!\n");
}
+++++ cite +++++
Current implementation is apparently not complete:
+++++ cite from bigbang +++++
public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
{
return data.getCipher();
}
+++++ cite from bigbang +++++
Attachments
Issue Links
- duplicates
-
DIRKRB-21 RC4-HMAC Encryption System
- Open
- is blocked by
-
DIRKRB-27 [kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcCrcEncryption shall not use java.util.zip.CRC32 to generate CRC32 checksum
- Open
- is duplicated by
-
DIR-225 [kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption decryption function is not complete
- Closed