Directory Kerberos
  1. Directory Kerberos
  2. DIRKRB-2

[kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption decryption function is not complete

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 2.0.0-RC1
    • Component/s: None
    • Labels:
      None

      Description

      According RFC 4757, ArcFourHmacMd5Encryption has the decryption algorithm as below:
      +++++ cite +++++
      DECRYPT (K, export, T, edata)
      {
      // edata looks like
      struct EDATA {
      struct HEADER

      { OCTET Checksum[16]; OCTET Confounder[8]; }

      Header;
      OCTET Data[0];
      } edata;
      if (export)

      { *((DWORD *)(L40+10)) = T; HMAC (K, L40, 14, K1); }

      else

      { HMAC (K, &T, 4, K1); }

      memcpy (K2, K1, 16);
      if (export) memset (K1+7, 0xAB, 9);
      K3 = HMAC (K1, edata.Checksum);
      RC4 (K3, edata.Confounder);
      RC4 (K3, edata.Data);
      // verify generated and received checksums
      checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
      if (checksum != edata.Checksum)
      printf("CHECKSUM ERROR !!!!!!\n");
      }
      +++++ cite +++++

      Current implementation is apparently not complete:
      +++++ cite from bigbang +++++
      public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException

      { return data.getCipher(); }

      +++++ cite from bigbang +++++

        Issue Links

          Activity

          spark shen created issue -
          spark shen made changes -
          Field Original Value New Value
          Link This issue is blocked by DIRSERVER-1107 [ DIRSERVER-1107 ]
          spark shen made changes -
          Link This issue is duplicated by DIR-225 [ DIR-225 ]
          spark shen made changes -
          Attachment rc4_hmac_decrypt.diff [ 12371202 ]
          Emmanuel Lecharny made changes -
          Assignee Emmanuel Lecharny [ elecharny ]
          Emmanuel Lecharny made changes -
          Attachment rc4_hmac_decrypt.diff [ 12371202 ]
          Enrique Rodriguez made changes -
          Link This issue duplicates DIRSERVER-156 [ DIRSERVER-156 ]
          Emmanuel Lecharny made changes -
          Fix Version/s 2.0.0 [ 12312396 ]
          Christine Koppelt made changes -
          Project Directory ApacheDS [ 12310260 ] Directory Kerberos [ 12310910 ]
          Key DIRSERVER-1108 DIRKRB-2
          Component/s kerberos [ 12310716 ]
          Fix Version/s 2.0.0 [ 12312396 ]
          Emmanuel Lecharny made changes -
          Fix Version/s 2.0.0-RC1 [ 12315256 ]

            People

            • Assignee:
              Emmanuel Lecharny
              Reporter:
              spark shen
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Development