directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r534686 - in /directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto: checksum/ encryption/
Date Thu, 03 May 2007 01:56:41 GMT
Author: erodriguez
Date: Wed May  2 18:56:40 2007
New Revision: 534686

URL: http://svn.apache.org/viewvc?view=rev&rev=534686
Log:
Enhancements to the crypto subsystem:
o  New functionality to support key derivation for checksums (Kc).
o  Basic refactoring and minor optimizations.

Modified:
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacMd5Checksum.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha196Aes128Checksum.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha196Aes256Checksum.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha1Des3KdChecksum.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes128CtsSha1Encryption.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes256CtsSha1Encryption.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ArcFourHmacMd5Encryption.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java
Wed May  2 18:56:40 2007
@@ -27,14 +27,14 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public abstract class ChecksumEngine
+public interface ChecksumEngine
 {
     /**
      * Returns the checksum type of this checksum engine.
      *
      * @return The checksum type.
      */
-    public abstract ChecksumType checksumType();
+    public ChecksumType checksumType();
 
 
     /**
@@ -42,7 +42,7 @@
      *
      * @return The key type.
      */
-    public abstract CipherType keyType();
+    public CipherType keyType();
 
 
     /**
@@ -52,5 +52,5 @@
      * @param key
      * @return The checksum value.
      */
-    public abstract byte[] calculateChecksum( byte[] data, byte[] key );
+    public byte[] calculateChecksum( byte[] data, byte[] key );
 }

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
Wed May  2 18:56:40 2007
@@ -24,6 +24,9 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.Aes128CtsSha1Encryption;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.Aes256CtsSha1Encryption;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.Des3CbcSha1KdEncryption;
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.value.Checksum;
@@ -45,9 +48,9 @@
         Map<ChecksumType, Class> map = new HashMap<ChecksumType, Class>();
 
         map.put( ChecksumType.HMAC_MD5, HmacMd5Checksum.class );
-        map.put( ChecksumType.HMAC_SHA1_96_AES128, HmacSha196Aes128Checksum.class );
-        map.put( ChecksumType.HMAC_SHA1_96_AES256, HmacSha196Aes256Checksum.class );
-        map.put( ChecksumType.HMAC_SHA1_DES3_KD, HmacSha1Des3KdChecksum.class );
+        map.put( ChecksumType.HMAC_SHA1_96_AES128, Aes128CtsSha1Encryption.class );
+        map.put( ChecksumType.HMAC_SHA1_96_AES256, Aes256CtsSha1Encryption.class );
+        map.put( ChecksumType.HMAC_SHA1_DES3_KD, Des3CbcSha1KdEncryption.class );
         map.put( ChecksumType.RSA_MD5, RsaMd5Checksum.class );
 
         DEFAULT_CHECKSUMS = Collections.unmodifiableMap( map );
@@ -74,8 +77,9 @@
             throw new KerberosException( ErrorType.KDC_ERR_SUMTYPE_NOSUPP );
         }
 
-        ChecksumEngine digester = getEngine( checksum.getChecksumType() );
-        Checksum newChecksum = new Checksum( digester.checksumType(), digester.calculateChecksum(
bytes, key ) );
+        ChecksumType checksumType = checksum.getChecksumType();
+        ChecksumEngine digester = getEngine( checksumType );
+        Checksum newChecksum = new Checksum( checksumType, digester.calculateChecksum( bytes,
key ) );
 
         if ( !newChecksum.equals( checksum ) )
         {

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacMd5Checksum.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacMd5Checksum.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacMd5Checksum.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacMd5Checksum.java
Wed May  2 18:56:40 2007
@@ -33,23 +33,17 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class HmacMd5Checksum extends ChecksumEngine
+class HmacMd5Checksum implements ChecksumEngine
 {
-    HmacMd5Checksum()
-    {
-        // Package-scoped constructor; use ChecksumHandler. 
-    }
-
-
     public ChecksumType checksumType()
     {
-        return ChecksumType.HMAC_SHA1_DES3_KD;
+        return ChecksumType.HMAC_MD5;
     }
 
 
     public CipherType keyType()
     {
-        return CipherType.DES3;
+        return CipherType.ARCFOUR;
     }
 
 
@@ -57,9 +51,9 @@
     {
         try
         {
-            SecretKey sk = new SecretKeySpec( key, "DESede" );
+            SecretKey sk = new SecretKeySpec( key, "ARCFOUR" );
 
-            Mac mac = Mac.getInstance( "HmacSHA1" );
+            Mac mac = Mac.getInstance( "HmacMD5" );
             mac.init( sk );
 
             return mac.doFinal( data );

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha196Aes128Checksum.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha196Aes128Checksum.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha196Aes128Checksum.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha196Aes128Checksum.java
Wed May  2 18:56:40 2007
@@ -33,14 +33,8 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class HmacSha196Aes128Checksum extends ChecksumEngine
+class HmacSha196Aes128Checksum implements ChecksumEngine
 {
-    HmacSha196Aes128Checksum()
-    {
-        // Package-scoped constructor; use ChecksumHandler. 
-    }
-
-
     public ChecksumType checksumType()
     {
         return ChecksumType.HMAC_SHA1_96_AES128;

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha196Aes256Checksum.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha196Aes256Checksum.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha196Aes256Checksum.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha196Aes256Checksum.java
Wed May  2 18:56:40 2007
@@ -33,14 +33,8 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class HmacSha196Aes256Checksum extends ChecksumEngine
+class HmacSha196Aes256Checksum implements ChecksumEngine
 {
-    HmacSha196Aes256Checksum()
-    {
-        // Package-scoped constructor; use ChecksumHandler. 
-    }
-
-
     public ChecksumType checksumType()
     {
         return ChecksumType.HMAC_SHA1_96_AES256;

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha1Des3KdChecksum.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha1Des3KdChecksum.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha1Des3KdChecksum.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/HmacSha1Des3KdChecksum.java
Wed May  2 18:56:40 2007
@@ -33,23 +33,17 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class HmacSha1Des3KdChecksum extends ChecksumEngine
+class HmacSha1Des3KdChecksum implements ChecksumEngine
 {
-    HmacSha1Des3KdChecksum()
-    {
-        // Package-scoped constructor; use ChecksumHandler. 
-    }
-
-
     public ChecksumType checksumType()
     {
-        return ChecksumType.HMAC_MD5;
+        return ChecksumType.HMAC_SHA1_DES3_KD;
     }
 
 
     public CipherType keyType()
     {
-        return CipherType.ARCFOUR;
+        return CipherType.DES3;
     }
 
 
@@ -57,9 +51,9 @@
     {
         try
         {
-            SecretKey sk = new SecretKeySpec( key, "ARCFOUR" );
+            SecretKey sk = new SecretKeySpec( key, "DESede" );
 
-            Mac mac = Mac.getInstance( "HmacMD5" );
+            Mac mac = Mac.getInstance( "HmacSHA1" );
             mac.init( sk );
 
             return mac.doFinal( data );

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java
Wed May  2 18:56:40 2007
@@ -30,14 +30,8 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class RsaMd5Checksum extends ChecksumEngine
+class RsaMd5Checksum implements ChecksumEngine
 {
-    RsaMd5Checksum()
-    {
-        // Package-scoped constructor; use ChecksumHandler. 
-    }
-
-
     public ChecksumType checksumType()
     {
         return ChecksumType.RSA_MD5;

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes128CtsSha1Encryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes128CtsSha1Encryption.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes128CtsSha1Encryption.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes128CtsSha1Encryption.java
Wed May  2 18:56:40 2007
@@ -20,6 +20,9 @@
 package org.apache.directory.server.kerberos.shared.crypto.encryption;
 
 
+import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
+
+
 /**
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
@@ -29,6 +32,12 @@
     public EncryptionType getEncryptionType()
     {
         return EncryptionType.AES128_CTS_HMAC_SHA1_96;
+    }
+
+
+    public ChecksumType checksumType()
+    {
+        return ChecksumType.HMAC_SHA1_96_AES128;
     }
 
 

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes256CtsSha1Encryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes256CtsSha1Encryption.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes256CtsSha1Encryption.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes256CtsSha1Encryption.java
Wed May  2 18:56:40 2007
@@ -20,6 +20,9 @@
 package org.apache.directory.server.kerberos.shared.crypto.encryption;
 
 
+import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
+
+
 /**
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
@@ -29,6 +32,12 @@
     public EncryptionType getEncryptionType()
     {
         return EncryptionType.AES256_CTS_HMAC_SHA1_96;
+    }
+
+
+    public ChecksumType checksumType()
+    {
+        return ChecksumType.HMAC_SHA1_96_AES256;
     }
 
 

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
Wed May  2 18:56:40 2007
@@ -30,6 +30,7 @@
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 
+import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumEngine;
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
@@ -40,14 +41,8 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public abstract class AesCtsSha1Encryption extends EncryptionEngine
+abstract class AesCtsSha1Encryption extends EncryptionEngine implements ChecksumEngine
 {
-    private static final byte[] usageKe =
-        { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0xaa };
-
-    private static final byte[] usageKi =
-        { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x55 };
-
     private static final byte[] iv = new byte[]
         { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte
) 0x00, ( byte ) 0x00,
             ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, (
byte ) 0x00, ( byte ) 0x00,
@@ -66,19 +61,36 @@
     }
 
 
+    public CipherType keyType()
+    {
+        return CipherType.AES;
+    }
+
+
     protected abstract int getKeyLength();
 
 
-    protected byte[] deriveKey( byte[] baseKey, byte[] usage, int n, int k )
+    public byte[] calculateChecksum( byte[] data, byte[] key )
     {
-        return deriveRandom( baseKey, usage, n, k );
+        byte[] Kc = deriveKey( key, usageKc, 128, getKeyLength() );
+        byte[] checksum = processChecksum( data, Kc );
+
+        return removeTrailingBytes( checksum, 0, checksum.length - getChecksumLength() );
+    }
+
+
+    public byte[] calculateIntegrity( byte[] data, byte[] key )
+    {
+        byte[] Ki = deriveKey( key, usageKi, 128, getKeyLength() );
+        byte[] checksum = processChecksum( data, Ki );
+
+        return removeTrailingBytes( checksum, 0, checksum.length - getChecksumLength() );
     }
 
 
     public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException
     {
         byte[] Ke = deriveKey( key.getKeyValue(), usageKe, 128, getKeyLength() );
-        byte[] Ki = deriveKey( key.getKeyValue(), usageKi, 128, getKeyLength() );
 
         byte[] encryptedData = data.getCipherText();
 
@@ -97,8 +109,7 @@
         byte[] withoutConfounder = removeLeadingBytes( decryptedData, getConfounderLength(),
0 );
 
         // calculate a new checksum
-        byte[] newChecksum = calculateChecksum( decryptedData, Ki );
-        newChecksum = removeTrailingBytes( newChecksum, 0, newChecksum.length - getChecksumLength()
);
+        byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue() );
 
         // compare checksums
         if ( !Arrays.equals( oldChecksum, newChecksum ) )
@@ -113,14 +124,12 @@
     public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText )
     {
         byte[] Ke = deriveKey( key.getKeyValue(), usageKe, 128, getKeyLength() );
-        byte[] Ki = deriveKey( key.getKeyValue(), usageKi, 128, getKeyLength() );
 
         // build the ciphertext structure
         byte[] conFounder = getRandomBytes( getConfounderLength() );
         byte[] dataBytes = concatenateBytes( conFounder, plainText );
 
-        byte[] checksumBytes = calculateChecksum( dataBytes, Ki );
-        checksumBytes = removeTrailingBytes( checksumBytes, 0, checksumBytes.length - getChecksumLength()
);
+        byte[] checksumBytes = calculateIntegrity( dataBytes, key.getKeyValue() );
 
         byte[] encryptedData = encrypt( dataBytes, Ke );
         byte[] cipherText = concatenateBytes( encryptedData, checksumBytes );
@@ -141,7 +150,13 @@
     }
 
 
-    public byte[] calculateChecksum( byte[] data, byte[] key )
+    protected byte[] deriveKey( byte[] baseKey, byte[] usage, int n, int k )
+    {
+        return deriveRandom( baseKey, usage, n, k );
+    }
+
+
+    private byte[] processChecksum( byte[] data, byte[] key )
     {
         try
         {

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ArcFourHmacMd5Encryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ArcFourHmacMd5Encryption.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ArcFourHmacMd5Encryption.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ArcFourHmacMd5Encryption.java
Wed May  2 18:56:40 2007
@@ -18,7 +18,7 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class ArcFourHmacMd5Encryption extends EncryptionEngine
+class ArcFourHmacMd5Encryption extends EncryptionEngine
 {
     public EncryptionType getEncryptionType()
     {
@@ -62,7 +62,7 @@
     }
 
 
-    public byte[] calculateChecksum( byte[] data, byte[] key )
+    public byte[] calculateIntegrity( byte[] data, byte[] key )
     {
         try
         {

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
Wed May  2 18:56:40 2007
@@ -30,6 +30,8 @@
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 
+import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumEngine;
+import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
@@ -40,8 +42,13 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class Des3CbcSha1KdEncryption extends EncryptionEngine
+public class Des3CbcSha1KdEncryption extends EncryptionEngine implements ChecksumEngine
 {
+    private static final byte[] iv = new byte[]
+        { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte
) 0x00, ( byte ) 0x00,
+            ( byte ) 0x00 };
+
+
     public EncryptionType getEncryptionType()
     {
         return EncryptionType.DES3_CBC_SHA1_KD;
@@ -60,34 +67,37 @@
     }
 
 
+    public ChecksumType checksumType()
+    {
+        return ChecksumType.HMAC_SHA1_DES3_KD;
+    }
+
+
+    public CipherType keyType()
+    {
+        return CipherType.DES3;
+    }
+
+
     public byte[] calculateChecksum( byte[] data, byte[] key )
     {
-        try
-        {
-            SecretKey sk = new SecretKeySpec( key, "DESede" );
+        byte[] Kc = deriveKey( key, usageKc, 64, 168 );
 
-            Mac mac = Mac.getInstance( "HmacSHA1" );
-            mac.init( sk );
+        return processChecksum( data, Kc );
+    }
 
-            return mac.doFinal( data );
-        }
-        catch ( GeneralSecurityException nsae )
-        {
-            nsae.printStackTrace();
-            return null;
-        }
+
+    public byte[] calculateIntegrity( byte[] data, byte[] key )
+    {
+        byte[] Ki = deriveKey( key, usageKi, 64, 168 );
+
+        return processChecksum( data, Ki );
     }
 
 
     public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException
     {
-        byte[] usageKe =
-            { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0xaa };
-        byte[] usageKi =
-            { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x55 };
-
         byte[] Ke = deriveKey( key.getKeyValue(), usageKe, 64, 168 );
-        byte[] Ki = deriveKey( key.getKeyValue(), usageKi, 64, 168 );
 
         byte[] encryptedData = data.getCipherText();
 
@@ -106,7 +116,7 @@
         byte[] withoutConfounder = removeLeadingBytes( decryptedData, getConfounderLength(),
0 );
 
         // calculate a new checksum
-        byte[] newChecksum = calculateChecksum( decryptedData, Ki );
+        byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue() );
 
         // compare checksums
         if ( !Arrays.equals( oldChecksum, newChecksum ) )
@@ -120,19 +130,13 @@
 
     public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText )
     {
-        byte[] usageKe =
-            { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0xaa };
-        byte[] usageKi =
-            { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x55 };
-
         byte[] Ke = deriveKey( key.getKeyValue(), usageKe, 64, 168 );
-        byte[] Ki = deriveKey( key.getKeyValue(), usageKi, 64, 168 );
 
         // build the ciphertext structure
         byte[] conFounder = getRandomBytes( getConfounderLength() );
         byte[] paddedPlainText = padString( plainText );
         byte[] dataBytes = concatenateBytes( conFounder, paddedPlainText );
-        byte[] checksumBytes = calculateChecksum( dataBytes, Ki );
+        byte[] checksumBytes = calculateIntegrity( dataBytes, key.getKeyValue() );
 
         //byte[] encryptedData = encrypt( paddedDataBytes, key.getKeyValue() );
         byte[] encryptedData = encrypt( dataBytes, Ke );
@@ -143,6 +147,18 @@
     }
 
 
+    public byte[] encrypt( byte[] plainText, byte[] keyBytes )
+    {
+        return processCipher( true, plainText, keyBytes );
+    }
+
+
+    public byte[] decrypt( byte[] cipherText, byte[] keyBytes )
+    {
+        return processCipher( false, cipherText, keyBytes );
+    }
+
+
     /**
      * Derived Key = DK(Base Key, Well-Known Constant)
      * DK(Key, Constant) = random-to-key(DR(Key, Constant))
@@ -249,18 +265,6 @@
     }
 
 
-    public byte[] encrypt( byte[] plainText, byte[] keyBytes )
-    {
-        return processCipher( true, plainText, keyBytes );
-    }
-
-
-    public byte[] decrypt( byte[] cipherText, byte[] keyBytes )
-    {
-        return processCipher( false, cipherText, keyBytes );
-    }
-
-
     private byte[] processCipher( boolean isEncrypt, byte[] data, byte[] keyBytes )
     {
         try
@@ -268,9 +272,6 @@
             Cipher cipher = Cipher.getInstance( "DESede/CBC/NoPadding" );
             SecretKey key = new SecretKeySpec( keyBytes, "DESede" );
 
-            byte[] iv = new byte[]
-                { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
( byte ) 0x00,
-                    ( byte ) 0x00, ( byte ) 0x00 };
             AlgorithmParameterSpec paramSpec = new IvParameterSpec( iv );
 
             if ( isEncrypt )
@@ -283,6 +284,25 @@
             }
 
             return cipher.doFinal( data );
+        }
+        catch ( GeneralSecurityException nsae )
+        {
+            nsae.printStackTrace();
+            return null;
+        }
+    }
+
+
+    private byte[] processChecksum( byte[] data, byte[] key )
+    {
+        try
+        {
+            SecretKey sk = new SecretKeySpec( key, "DESede" );
+
+            Mac mac = Mac.getInstance( "HmacSHA1" );
+            mac.init( sk );
+
+            return mac.doFinal( data );
         }
         catch ( GeneralSecurityException nsae )
         {

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
Wed May  2 18:56:40 2007
@@ -41,8 +41,13 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class DesCbcMd5Encryption extends EncryptionEngine
+class DesCbcMd5Encryption extends EncryptionEngine
 {
+    private static final byte[] iv = new byte[]
+        { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte
) 0x00, ( byte ) 0x00,
+            ( byte ) 0x00 };
+
+
     public EncryptionType getEncryptionType()
     {
         return EncryptionType.DES_CBC_MD5;
@@ -61,7 +66,7 @@
     }
 
 
-    public byte[] calculateChecksum( byte[] data, byte[] key )
+    public byte[] calculateIntegrity( byte[] data, byte[] key )
     {
         try
         {
@@ -91,7 +96,7 @@
         }
 
         // calculate a new checksum
-        byte[] newChecksum = calculateChecksum( decryptedData, key.getKeyValue() );
+        byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue() );
 
         // compare checksums
         if ( !Arrays.equals( oldChecksum, newChecksum ) )
@@ -111,7 +116,7 @@
         byte[] zeroedChecksum = new byte[getChecksumLength()];
         byte[] paddedPlainText = padString( plainText );
         byte[] dataBytes = concatenateBytes( conFounder, concatenateBytes( zeroedChecksum,
paddedPlainText ) );
-        byte[] checksumBytes = calculateChecksum( dataBytes, null );
+        byte[] checksumBytes = calculateIntegrity( dataBytes, null );
         byte[] paddedDataBytes = padString( dataBytes );
 
         // lay the checksum into the ciphertext
@@ -145,9 +150,6 @@
             Cipher cipher = Cipher.getInstance( "DES/CBC/NoPadding" );
             SecretKey key = new SecretKeySpec( keyBytes, "DES" );
 
-            byte[] iv = new byte[]
-                { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
( byte ) 0x00,
-                    ( byte ) 0x00, ( byte ) 0x00 };
             AlgorithmParameterSpec paramSpec = new IvParameterSpec( iv );
 
             if ( isEncrypt )

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java
Wed May  2 18:56:40 2007
@@ -33,6 +33,24 @@
  */
 public abstract class EncryptionEngine
 {
+    /**
+     * The "well-known constant" used for the DK function is the key
+     * usage number, expressed as four octets in big-endian order,
+     * followed by one octet indicated below.
+     * 
+     *  Kc = DK(base-key, usage | 0x99);
+     *  Ke = DK(base-key, usage | 0xAA);
+     *  Ki = DK(base-key, usage | 0x55);
+     */
+    protected static final byte[] usageKc =
+        { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x99 };
+
+    protected static final byte[] usageKe =
+        { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0xaa };
+
+    protected static final byte[] usageKi =
+        { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x55 };
+
     private static final SecureRandom random = new SecureRandom();
 
 
@@ -57,7 +75,7 @@
     protected abstract byte[] decrypt( byte[] cipherText, byte[] key );
 
 
-    protected abstract byte[] calculateChecksum( byte[] plainText, byte[] key );
+    protected abstract byte[] calculateIntegrity( byte[] plainText, byte[] key );
 
 
     protected byte[] deriveRandom( byte[] key, byte[] usage, int n, int k )
@@ -181,28 +199,6 @@
         }
 
         return lessBytes;
-    }
-
-
-    /**
-     * The "well-known constant" used for the DK function is the key
-     * usage number, expressed as four octets in big-endian order,
-     * followed by one octet indicated below.
-     * 
-     *  Kc = DK(base-key, usage | 0x99);
-     *  Ke = DK(base-key, usage | 0xAA);
-     *  Ki = DK(base-key, usage | 0x55);
-     */
-    protected byte[] getUsageBytes( int usage )
-    {
-        byte[] result = new byte[4];
-
-        result[0] = ( byte ) ( usage >> 24 );
-        result[1] = ( byte ) ( ( usage << 8 ) >> 24 );
-        result[2] = ( byte ) ( ( usage << 16 ) >> 24 );
-        result[3] = ( byte ) ( ( usage << 24 ) >> 24 );
-
-        return result;
     }
 
 

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java?view=diff&rev=534686&r1=534685&r2=534686
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java
Wed May  2 18:56:40 2007
@@ -29,7 +29,7 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class NullEncryption extends EncryptionEngine
+class NullEncryption extends EncryptionEngine
 {
     public EncryptionType getEncryptionType()
     {
@@ -73,7 +73,7 @@
     }
 
 
-    public byte[] calculateChecksum( byte[] plainText, byte[] key )
+    public byte[] calculateIntegrity( byte[] plainText, byte[] key )
     {
         return null;
     }



Mime
View raw message