directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r533940 - in /directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption: DesCbcEncryption.java DesCbcMd5Encryption.java
Date Tue, 01 May 2007 04:50:28 GMT
Author: erodriguez
Date: Mon Apr 30 21:50:28 2007
New Revision: 533940

URL: http://svn.apache.org/viewvc?view=rev&rev=533940
Log:
o  Updated DES-CBC-MD5 encryption type to match enhanced base class.
o  Collapsed unnecessary hierarchy.

Removed:
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java
Modified:
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java?view=diff&rev=533940&r1=533939&r2=533940
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
Mon Apr 30 21:50:28 2007
@@ -20,49 +20,151 @@
 package org.apache.directory.server.kerberos.shared.crypto.encryption;
 
 
-import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumEngine;
-import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
-import org.apache.directory.server.kerberos.shared.crypto.checksum.RsaMd5Checksum;
+import java.security.GeneralSecurityException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 
 
 /**
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class DesCbcMd5Encryption extends DesCbcEncryption
+public class DesCbcMd5Encryption extends EncryptionEngine
 {
-    public ChecksumEngine getChecksumEngine()
+    public EncryptionType getEncryptionType()
     {
-        return new RsaMd5Checksum();
+        return EncryptionType.DES_CBC_MD5;
     }
 
 
-    public EncryptionType encryptionType()
+    public int getConfounderLength()
     {
-        return EncryptionType.DES_CBC_MD5;
+        return 8;
     }
 
 
-    public ChecksumType checksumType()
+    public int getChecksumLength()
     {
-        return ChecksumType.RSA_MD5;
+        return 16;
     }
 
 
-    public int confounderSize()
+    public byte[] calculateChecksum( byte[] data, byte[] key )
     {
-        return 8;
+        try
+        {
+            MessageDigest digester = MessageDigest.getInstance( "MD5" );
+            return digester.digest( data );
+        }
+        catch ( NoSuchAlgorithmException nsae )
+        {
+            return null;
+        }
     }
 
 
-    public int checksumSize()
+    public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException
     {
-        return 16;
+        // decrypt the data
+        byte[] decryptedData = decrypt( data.getCipherText(), key.getKeyValue() );
+
+        // extract the old checksum
+        byte[] oldChecksum = new byte[getChecksumLength()];
+        System.arraycopy( decryptedData, getConfounderLength(), oldChecksum, 0, oldChecksum.length
);
+
+        // zero out the old checksum in the cipher text
+        for ( int i = getConfounderLength(); i < getConfounderLength() + getChecksumLength();
i++ )
+        {
+            decryptedData[i] = 0;
+        }
+
+        // calculate a new checksum
+        byte[] newChecksum = calculateChecksum( decryptedData, key.getKeyValue() );
+
+        // compare checksums
+        if ( !Arrays.equals( oldChecksum, newChecksum ) )
+        {
+            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
+        }
+
+        // remove leading confounder and checksum
+        return removeLeadingBytes( decryptedData, getConfounderLength(), getChecksumLength()
);
+    }
+
+
+    public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText )
+    {
+        // build the ciphertext structure
+        byte[] conFounder = getRandomBytes( getConfounderLength() );
+        byte[] zeroedChecksum = new byte[getChecksumLength()];
+        byte[] paddedPlainText = padString( plainText );
+        byte[] dataBytes = concatenateBytes( conFounder, concatenateBytes( zeroedChecksum,
paddedPlainText ) );
+        byte[] checksumBytes = calculateChecksum( dataBytes, null );
+        byte[] paddedDataBytes = padString( dataBytes );
+
+        // lay the checksum into the ciphertext
+        for ( int i = getConfounderLength(); i < getConfounderLength() + getChecksumLength();
i++ )
+        {
+            paddedDataBytes[i] = checksumBytes[i - getConfounderLength()];
+        }
+
+        byte[] encryptedData = encrypt( paddedDataBytes, key.getKeyValue() );
+
+        return new EncryptedData( getEncryptionType(), key.getKeyVersion(), encryptedData
);
+    }
+
+
+    public byte[] encrypt( byte[] plainText, byte[] keyBytes )
+    {
+        return processCipher( true, plainText, keyBytes );
+    }
+
+
+    public byte[] decrypt( byte[] cipherText, byte[] keyBytes )
+    {
+        return processCipher( false, cipherText, keyBytes );
     }
 
 
-    public int minimumPadSize()
+    private byte[] processCipher( boolean isEncrypt, byte[] data, byte[] keyBytes )
     {
-        return 0;
+        try
+        {
+            Cipher cipher = Cipher.getInstance( "DES/CBC/NoPadding" );
+            SecretKey key = new SecretKeySpec( keyBytes, "DES" );
+
+            byte[] iv = new byte[]
+                { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
( byte ) 0x00,
+                    ( byte ) 0x00, ( byte ) 0x00 };
+            AlgorithmParameterSpec paramSpec = new IvParameterSpec( iv );
+
+            if ( isEncrypt )
+            {
+                cipher.init( Cipher.ENCRYPT_MODE, key, paramSpec );
+            }
+            else
+            {
+                cipher.init( Cipher.DECRYPT_MODE, key, paramSpec );
+            }
+
+            return cipher.doFinal( data );
+        }
+        catch ( GeneralSecurityException nsae )
+        {
+            nsae.printStackTrace();
+            return null;
+        }
     }
 }



Mime
View raw message