Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-1100

[kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcCrcEncryption cannot decrypt the encryptiondata it generated.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.5.4
    • changepw
    • None

    Description

      Here is an example:

      import javax.security.auth.kerberos.KerberosKey;
      import javax.security.auth.kerberos.KerberosPrincipal;

      import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
      import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
      import org.apache.directory.server.kerberos.shared.crypto.encryption.*;

      public static void main(String[] args) throws Exception{
      final char[] PASSWORD = "PASSWORD".toCharArray();
      KerberosKey key = new KerberosKey(new KerberosPrincipal("servicetest@EXAMPLE.COM"),PASSWORD, "DES");
      byte[] keyBytes = key.getEncoded();
      EncryptionKey encryptionKey = new EncryptionKey(EncryptionType.DES_CBC_CRC, keyBytes);
      byte[] plainText =

      {1,2,3,4,5,6,7}

      ;
      DesCbcCrcEncryption encryption = new DesCbcCrcEncryption();
      EncryptedData encryptionData = encryption.getEncryptedData(encryptionKey, plainText, KeyUsage.NUMBER1); // I am not sure of which KeyUsage should use here, but it is not referenced in source code. So I think any will work.
      encryption.getDecryptedData(encryptionKey, encryptionData, KeyUsage.NUMBER1);
      System.out.println("Succeed!");
      }

      But it fails with such complain:

      Exception in thread "main" org.apache.directory.server.kerberos.shared.exceptions.KerberosException: Integrity check on decrypted field failed
      at org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcCrcEncryption.getDecryptedData(DesCbcCrcEncryption.java:113)
      at TestDESCBCCRC.main(TestDESCBCCRC.java:21)

      After I look a further into it, it is due to current implementation (r595192) there is two paddings in DesCbcCrcEncryption.getEncryptedData:

      LINE 126:
      byte[] paddedPlainText = padString( plainText );
      byte[] dataBytes = concatenateBytes( conFounder, concatenateBytes( zeroedChecksum, paddedPlainText ) );
      byte[] checksumBytes = calculateIntegrity( dataBytes, null, usage );
      byte[] paddedDataBytes = padString( dataBytes );

      But RFC 3961
      "One generates a random confounder of one block, placing it in
      'confounder'; zeros out the 'checksum' field (of length appropriate
      to exactly hold the checksum to be computed); adds the necessary
      padding; calculates the appropriate checksum over the whole sequence,
      placing the result in 'checksum'; and then encrypts using the
      specified encryption type and the appropriate key."

      So the checksum should be calculated after all padding for encryption has finished.
      It seems that the same problem occurs in other Encryption classes.

      Attachments

        1. Directory_100.diff
          1 kB
          Leo Li

        Activity

          People

            enriquer9 Enrique Rodriguez
            liyilei1979@gmail.com Leo Li
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: