[kerberos]org.apache.directory.server.kerberos.shared.crypto.encryption.ArcFourHmacMd5Encryption
decryption function is not complete
------------------------------------------------------------------------------------------------------------------------------------
Key: DIR-225
URL: https://issues.apache.org/jira/browse/DIR-225
Project: Directory
Issue Type: Bug
Reporter: spark shen
Assignee: Alex Karasulu
According RFC 4757, ArcFourHmacMd5Encryption has the decryption algorithm as
below:
+++++ cite +++++
DECRYPT (K, export, T, edata)
{
// edata looks like
struct EDATA {
struct HEADER {
OCTET Checksum[16];
OCTET Confounder[8];
} Header;
OCTET Data[0];
} edata;
if (export){
*((DWORD *)(L40+10)) = T;
HMAC (K, L40, 14, K1);
}
else
{
HMAC (K, &T, 4, K1);
}
memcpy (K2, K1, 16);
if (export) memset (K1+7, 0xAB, 9);
K3 = HMAC (K1, edata.Checksum);
RC4 (K3, edata.Confounder);
RC4 (K3, edata.Data);
// verify generated and received checksums
checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
if (checksum != edata.Checksum)
printf("CHECKSUM ERROR !!!!!!\n");
}
+++++ cite +++++
Current implementation is apparently not complete:
+++++ cite from bigbang +++++
public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage
usage ) throws KerberosException
{
return data.getCipher();
}
+++++ cite from bigbang +++++
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
