directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r534675 - in /directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src: main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/
Date Thu, 03 May 2007 01:26:15 GMT
Author: erodriguez
Date: Wed May  2 18:26:14 2007
New Revision: 534675

URL: http://svn.apache.org/viewvc?view=rev&rev=534675
Log:
o  Overhaul of the SessionKeyFactory to support DES, DES3, AES, and RC4-HMAC.
o  Test case covering session key generation.

Added:
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactoryTest.java
  (with props)
Modified:
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactory.java

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactory.java?view=diff&rev=534675&r1=534674&r2=534675
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactory.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactory.java
Wed May  2 18:26:14 2007
@@ -20,13 +20,16 @@
 package org.apache.directory.server.kerberos.shared.crypto.encryption;
 
 
-import java.security.InvalidKeyException;
-import java.security.SecureRandom;
+import java.security.NoSuchAlgorithmException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
+import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
-import javax.crypto.spec.DESKeySpec;
-import javax.crypto.spec.SecretKeySpec;
 
+import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 
 
@@ -38,105 +41,64 @@
  */
 public class SessionKeyFactory
 {
-    /**
-     * SecureRandom.nextBytes() is synchronized, making this safe for static use.
-     */
-    private static final SecureRandom random = new SecureRandom();
+    /** a map of the default encryption types to the encryption engine class names */
+    private static final Map<EncryptionType, String> DEFAULT_CIPHERS;
 
-
-    /**
-     * Get a new random session key.
-     *
-     * @return The new random session key.
-     */
-    public static EncryptionKey getSessionKey()
+    static
     {
-        // Only need 7 bytes.  With parity will result in 8 bytes.
-        byte[] raw = new byte[7];
-
-        // SecureRandom.nextBytes is already synchronized
-        random.nextBytes( raw );
-
-        byte[] keyBytes = addParity( raw );
-
-        try
-        {
-            // check for weakness
-            if ( DESKeySpec.isWeak( keyBytes, 0 ) )
-            {
-                keyBytes = getStrongKey( keyBytes );
-            }
-        }
-        catch ( InvalidKeyException ike )
-        {
-            /*
-             * Will only get here if the key is null or less
-             * than 8 bytes, which won't ever happen.
-             */
-            return null;
-        }
+        Map<EncryptionType, String> map = new HashMap<EncryptionType, String>();
 
-        SecretKey key = new SecretKeySpec( keyBytes, "DES" );
-        byte[] subSessionKey = key.getEncoded();
+        map.put( EncryptionType.DES_CBC_MD5, "DES" );
+        map.put( EncryptionType.DES3_CBC_SHA1_KD, "DESede" );
+        map.put( EncryptionType.RC4_HMAC, "RC4" );
+        map.put( EncryptionType.AES128_CTS_HMAC_SHA1_96, "AES" );
+        map.put( EncryptionType.AES256_CTS_HMAC_SHA1_96, "AES" );
 
-        return new EncryptionKey( EncryptionType.DES_CBC_MD5, subSessionKey );
+        DEFAULT_CIPHERS = Collections.unmodifiableMap( map );
     }
 
 
     /**
-     * Adds parity to 7-bytes to form an 8-byte DES key.
-     *
-     * @param sevenBytes
-     * @return The 8-byte DES key with parity.
+     * Get a new random session key for a given {@link EncryptionType}.
+     * 
+     * @param encryptionType 
+     * 
+     * @return The new random session key.
+     * @throws KerberosException 
      */
-    static byte[] addParity( byte[] sevenBytes )
+    public static EncryptionKey getSessionKey( EncryptionType encryptionType ) throws KerberosException
     {
-        byte[] result = new byte[8];
+        String algorithm = DEFAULT_CIPHERS.get( encryptionType );
 
-        // Keeps track of the bit position in the result.
-        int resultIndex = 1;
-
-        // Used to keep track of the number of 1 bits in each 7-bit chunk.
-        int bitCount = 0;
+        if ( algorithm == null )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_ETYPE_NOSUPP, encryptionType.getName()
+                + " is not a supported encryption type." );
+        }
 
-        // Process each of the 56 bits.
-        for ( int i = 0; i < 56; i++ )
+        try
         {
-            // Get the bit at bit position i
-            boolean bit = ( sevenBytes[6 - i / 8] & ( 1 << ( i % 8 ) ) ) > 0;
+            KeyGenerator keyGenerator = KeyGenerator.getInstance( algorithm );
 
-            // If set, set the corresponding bit in the result.
-            if ( bit )
+            if ( encryptionType.equals( EncryptionType.AES128_CTS_HMAC_SHA1_96 ) )
             {
-                result[7 - resultIndex / 8] |= ( 1 << ( resultIndex % 8 ) ) & 0xFF;
-                bitCount++;
+                keyGenerator.init( 128 );
             }
 
-            // Set the parity bit after every 7 bits.
-            if ( ( i + 1 ) % 7 == 0 )
+            if ( encryptionType.equals( EncryptionType.AES256_CTS_HMAC_SHA1_96 ) )
             {
-                if ( bitCount % 2 == 0 )
-                {
-                    // Set low-order bit (parity bit) if bit count is even.
-                    result[7 - resultIndex / 8] |= 1;
-                }
-                resultIndex++;
-                bitCount = 0;
+                keyGenerator.init( 256 );
             }
-            resultIndex++;
-        }
 
-        return result;
-    }
+            SecretKey key = keyGenerator.generateKey();
 
+            byte[] keyBytes = key.getEncoded();
 
-    /**
-     * Corrects the weak key by exclusive OR with 0xF0 constant.
-     */
-    private static byte[] getStrongKey( byte keyValue[] )
-    {
-        keyValue[7] ^= 0xf0;
-
-        return keyValue;
+            return new EncryptionKey( encryptionType, keyBytes );
+        }
+        catch ( NoSuchAlgorithmException nsae )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_ETYPE_NOSUPP, nsae.getMessage()
);
+        }
     }
 }

Added: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactoryTest.java?view=auto&rev=534675
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactoryTest.java
(added)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactoryTest.java
Wed May  2 18:26:14 2007
@@ -0,0 +1,118 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.crypto.encryption;
+
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.DESKeySpec;
+
+import junit.framework.TestCase;
+
+
+/**
+ * Test cases for random-to-key functions for DES-, DES3-, AES-, and RC4-based
+ * encryption types.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class SessionKeyFactoryTest extends TestCase
+{
+    /**
+     * Tests that random DES keys can be generated.
+     *
+     * @throws Exception
+     */
+    public void testGenerateDesKey() throws Exception
+    {
+        KeyGenerator keygen = KeyGenerator.getInstance( "DES" );
+        SecretKey key = keygen.generateKey();
+        assertEquals( "DES key size", 8, key.getEncoded().length );
+        assertTrue( DESKeySpec.isParityAdjusted( key.getEncoded(), 0 ) );
+    }
+
+
+    /**
+     * Tests that random Triple-DES keys can be generated.
+     *
+     * @throws Exception
+     */
+    public void testGenerateTripleDesKey() throws Exception
+    {
+        KeyGenerator keygen = KeyGenerator.getInstance( "DESede" );
+        SecretKey key = keygen.generateKey();
+        assertEquals( "DESede key size", 24, key.getEncoded().length );
+    }
+
+
+    /**
+     * Tests that random AES128 keys can be generated.
+     *
+     * @throws Exception
+     */
+    public void testGenerateAes128Key() throws Exception
+    {
+        KeyGenerator keygen = KeyGenerator.getInstance( "AES" );
+        keygen.init( 128 );
+        SecretKey key = keygen.generateKey();
+        assertEquals( "AES key size", 16, key.getEncoded().length );
+    }
+
+
+    /**
+     * Tests that random AES256 keys can be generated.
+     *
+     * @throws Exception
+     */
+    public void testGenerateAes256Key() throws Exception
+    {
+        // KeyGenerator keygen = KeyGenerator.getInstance( "AES" );
+        // keygen.init( 256 );
+        // SecretKey key = keygen.generateKey();
+        // assertEquals( "AES key size", 32, key.getEncoded().length );
+    }
+
+
+    /**
+     * Tests that random ARCFOUR keys can be generated.
+     *
+     * @throws Exception
+     */
+    public void testGenerateArcFourKey() throws Exception
+    {
+        KeyGenerator keygen = KeyGenerator.getInstance( "ARCFOUR" );
+        SecretKey key = keygen.generateKey();
+        assertEquals( "ARCFOUR key size", 16, key.getEncoded().length );
+    }
+
+
+    /**
+     * Tests that random RC4 keys can be generated.
+     *
+     * @throws Exception
+     */
+    public void testGenerateRc4Key() throws Exception
+    {
+        KeyGenerator keygen = KeyGenerator.getInstance( "RC4" );
+        SecretKey key = keygen.generateKey();
+        assertEquals( "RC4 key size", 16, key.getEncoded().length );
+    }
+}

Propchange: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/SessionKeyFactoryTest.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message