You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2007/12/11 19:19:43 UTC
[jira] Commented: (DIRSERVER-1108)
[kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption
decryption function is not complete
[ https://issues.apache.org/jira/browse/DIRSERVER-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12550664 ]
Emmanuel Lecharny commented on DIRSERVER-1108:
----------------------------------------------
Removed the attachement, which seems too close to some Sun code. The issue remains, but we are expecting some genuine code.
> [kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption decryption function is not complete
> ------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-1108
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1108
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: kerberos
> Reporter: spark shen
> Assignee: Emmanuel Lecharny
>
> According RFC 4757, ArcFourHmacMd5Encryption has the decryption algorithm as below:
> +++++ cite +++++
> DECRYPT (K, export, T, edata)
> {
> // edata looks like
> struct EDATA {
> struct HEADER {
> OCTET Checksum[16];
> OCTET Confounder[8];
> } Header;
> OCTET Data[0];
> } edata;
> if (export){
> *((DWORD *)(L40+10)) = T;
> HMAC (K, L40, 14, K1);
> }
> else
> {
> HMAC (K, &T, 4, K1);
> }
> memcpy (K2, K1, 16);
> if (export) memset (K1+7, 0xAB, 9);
> K3 = HMAC (K1, edata.Checksum);
> RC4 (K3, edata.Confounder);
> RC4 (K3, edata.Data);
> // verify generated and received checksums
> checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
> if (checksum != edata.Checksum)
> printf("CHECKSUM ERROR !!!!!!\n");
> }
> +++++ cite +++++
> Current implementation is apparently not complete:
> +++++ cite from bigbang +++++
> public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
> {
> return data.getCipher();
> }
> +++++ cite from bigbang +++++
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.