directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [09/45] directory-kerberos git commit: DIRKRB-149 New layout structure with the new name "Apache Kerby"
Date Thu, 22 Jan 2015 21:47:48 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaEncTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaEncTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaEncTest.java
new file mode 100644
index 0000000..3a7ffe9
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaEncTest.java
@@ -0,0 +1,113 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.apache.kerby.util.HexUtil;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public class CamelliaEncTest {
+
+    private List<String> outputs = new ArrayList<String>();
+    private int keySize;
+
+    private byte[] plain = new byte[16];
+    private byte[] cipher = new byte[16];
+    private EncryptProvider encProvider;
+
+    private List<String> getExpectedLines() throws IOException {
+        InputStream res = CamelliaEncTest.class.getResourceAsStream("/camellia-expect-vt.txt");
+        BufferedReader br = new BufferedReader(new InputStreamReader(res));
+
+        List<String> results = new ArrayList<String>();
+        String line;
+        while ((line = br.readLine()) != null) {
+            line = line.trim();
+            if (! line.isEmpty()) {
+                results.add(line);
+            }
+        }
+        return results;
+    }
+
+    @Test
+    public void testEnc() throws IOException, KrbException {
+        List<String> expectedLines = getExpectedLines();
+
+        testWith(16);
+        outputs.add("==========");
+        testWith(32);
+        outputs.add("==========");
+
+        List<String> newLines = expectedLines;
+        Assert.assertEquals("Comparing new lines with expected lines",
+                expectedLines, outputs);
+    }
+
+    private void testWith(int keySize) throws KrbException {
+        this.keySize = keySize;
+        outputs.add("KEYSIZE=" + (keySize * 8));
+
+        encProvider = keySize == 16 ?
+                new Camellia128Provider() : new Camellia256Provider();
+
+        byte[] key = new byte[keySize];
+        Arrays.fill(key, (byte) 0);
+        hexDump("KEY", key);
+
+        for (int i = 0; i < 16 * 8; ++i) {
+            Arrays.fill(plain, (byte) 0);
+            setBit(plain, i);
+            outputs.add("I=" + (i + 1));
+            hexDump("PT", plain);
+            encWith(key);
+            hexDump("CT", cipher);
+        }
+    }
+
+    private void hexDump(String label, byte[] bytes) {
+        String line = label + "=" + HexUtil.bytesToHex(bytes);
+        outputs.add(line);
+    }
+
+    private static void setBit(byte[] bytes, int bitnum) {
+        int bytenum = bitnum / 8;
+        bitnum %= 8;
+        // First bit is the high bit!
+        bytes[bytenum] = (byte) (1 << (7 - bitnum));
+    }
+
+    private void encWith(byte[] key) throws KrbException {
+        System.arraycopy(plain, 0, cipher, 0, plain.length);
+        encProvider.encrypt(key, cipher);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTest.java
new file mode 100644
index 0000000..c47d9d4
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTest.java
@@ -0,0 +1,109 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.spec.common.*;
+import org.apache.kerby.util.HexUtil;
+import org.junit.Test;
+
+/**
+ * Only used to test for rsa-md4-des and rsa-md5-des
+ */
+public class CheckSumTest {
+
+    static class CksumTest {
+        CheckSumType cksumType;
+        String plainText;
+        String knownChecksum;
+
+        CksumTest(CheckSumType cksumType, String plainText, String knownChecksum) {
+            this.cksumType = cksumType;
+            this.plainText = plainText;
+            this.knownChecksum = knownChecksum;
+        }
+    }
+
+    static CksumTest[] testCases = new CksumTest[] {
+            new CksumTest(
+                    CheckSumType.RSA_MD4_DES,
+                    "this is a test",
+                    "e3f76a07f3401e3536b43a3f54226c39422c35682c354835"
+            ),
+            new CksumTest(
+                    CheckSumType.RSA_MD5_DES,
+                    "this is a test",
+                    "e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53"
+            )
+    };
+
+    static byte[] TESTKEY = { (byte)0x45, (byte)0x01, (byte)0x49, (byte)0x61, (byte)0x58,
+            (byte)0x19, (byte)0x1a, (byte)0x3d };
+
+    @Test
+    public void testCheckSums() {
+        for (CksumTest tc : testCases) {
+            System.err.println("Checksum testing for " + tc.cksumType.getName());
+            try {
+                testWith(tc);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+    }
+
+    private void testWith(CksumTest testCase) throws Exception {
+        byte[] knownChecksum = HexUtil.hex2bytes(testCase.knownChecksum);
+        byte[] plainData = testCase.plainText.getBytes();
+        CheckSum newCksum;
+
+        if (! CheckSumHandler.isImplemented(testCase.cksumType)) {
+            System.err.println("Checksum type not supported yet: "
+                    + testCase.cksumType.getName());
+            return;
+        }
+
+        EncryptionKey key = new EncryptionKey(EncryptionType.DES_CBC_CRC, TESTKEY);
+
+        newCksum = CheckSumHandler.checksumWithKey(testCase.cksumType, plainData, key.getKeyData(), KeyUsage.NONE);
+
+        if (CheckSumHandler.verifyWithKey(newCksum, plainData, key.getKeyData(), KeyUsage.NONE)) {
+            System.err.println("Checksum verifying is OK for " + testCase.cksumType.getName());
+        } else {
+            System.err.println("Checksum verifying failed for " + testCase.cksumType.getName());
+        }
+
+        // corrupt and verify again
+        byte[] cont = newCksum.getChecksum();
+        cont[0]++;
+        newCksum.setChecksum(cont);
+        if (CheckSumHandler.verifyWithKey(newCksum, plainData, key.getKeyData(), KeyUsage.NONE)) {
+            System.err.println("Checksum verifying failed with corrupt data for " + testCase.cksumType.getName());
+        } else {
+            System.err.println("Checksum verifying is OK with corrupt data for " + testCase.cksumType.getName());
+        }
+
+        CheckSum knwnCksum = new CheckSum(testCase.cksumType, knownChecksum);
+        if (CheckSumHandler.verifyWithKey(knwnCksum, plainData, key.getKeyData(), KeyUsage.NONE)) {
+            System.err.println("Checksum verifying is OK with known checksum for " + testCase.cksumType.getName());
+        } else {
+            System.err.println("Checksum verifying failed with known checksum for " + testCase.cksumType.getName());
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumsTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumsTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumsTest.java
new file mode 100644
index 0000000..3b21e7a
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumsTest.java
@@ -0,0 +1,233 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.common.KeyUsage;
+import org.apache.kerby.util.HexUtil;
+import org.junit.Test;
+
+import static org.junit.Assert.fail;
+
+/**
+ * These are to test the checksums of good answers, and the checksums
+ * are deterministic. For other cases, look at CheckSumTest.
+ */
+public class CheckSumsTest {
+
+    private static class CksumTest {
+        String plainText;
+        CheckSumType cksumType;
+        EncryptionType encType;
+        String key;
+        int keyUsage;
+        String answer;
+
+        CksumTest(String plainText, CheckSumType cksumType, EncryptionType encType,
+                  int keyUsage, String key, String answer) {
+            this.plainText = plainText;
+            this.cksumType = cksumType;
+            this.encType = encType;
+            this.key = key;
+            this.keyUsage = keyUsage;
+            this.answer = answer;
+        }
+    }
+
+    @Test
+    public void testCheckSums_CRC32() throws Exception {
+        performTest(new CksumTest(
+            "abc",
+            CheckSumType.CRC32, EncryptionType.NONE, 0, "",
+            "D09865CA"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_RSA_MD4() throws Exception {
+        performTest(new CksumTest(
+            "one",
+            CheckSumType.RSA_MD4, EncryptionType.NONE, 0, "",
+            "305DCC2C0FDD5339969552C7B8996348"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_RSA_MD5() throws Exception {
+        performTest(new CksumTest(
+            "two three four five",
+            CheckSumType.RSA_MD5, EncryptionType.NONE, 0, "",
+            "BAB5321551E1084490869635B3C26815"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_NIST_SHA() throws Exception {
+        performTest(new CksumTest(
+            "",
+            CheckSumType.NIST_SHA, EncryptionType.NONE, 0, "",
+            "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_HMAC_SHA1_DES3() throws Exception {
+        performTest(new CksumTest(
+            "six seven",
+            CheckSumType.HMAC_SHA1_DES3, EncryptionType.DES3_CBC_SHA1, 2,
+            "7A25DF8992296DCEDA0E135BC4046E2375B3C14C98FBC162",
+            "0EEFC9C3E049AABC1BA5C401677D9AB699082BB4"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_HMAC_SHA1_96_AES128() throws Exception {
+        performTest(new CksumTest(
+            "eight nine ten eleven twelve thirteen",
+            CheckSumType.HMAC_SHA1_96_AES128, EncryptionType.AES128_CTS_HMAC_SHA1_96, 3,
+            "9062430C8CDA3388922E6D6A509F5B7A",
+            "01A4B088D45628F6946614E3"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_HMAC_SHA1_96_AES256() throws Exception {
+        performTest(new CksumTest(
+            "fourteen",
+            CheckSumType.HMAC_SHA1_96_AES256, EncryptionType.AES256_CTS_HMAC_SHA1_96, 4,
+            "B1AE4CD8462AFF1677053CC9279AAC30B796FB81CE21474DD3DDBCFEA4EC76D7",
+            "E08739E3279E2903EC8E3836"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_MD5_HMAC_ARCFOUR() throws Exception {
+        performTest(new CksumTest(
+            "fifteen sixteen",
+            CheckSumType.MD5_HMAC_ARCFOUR, EncryptionType.ARCFOUR_HMAC, 5,
+            "F7D3A155AF5E238A0B7A871A96BA2AB2",
+            "9F41DF304907DE735447001FD2A197B9"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_HMAC_MD5_ARCFOUR() throws Exception {
+        performTest(new CksumTest(
+            "seventeen eighteen nineteen twenty",
+            CheckSumType.HMAC_MD5_ARCFOUR, EncryptionType.ARCFOUR_HMAC, 6,
+            "F7D3A155AF5E238A0B7A871A96BA2AB2",
+            "EB38CC97E2230F59DA4117DC5859D7EC"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_CMAC_CAMELLIA128_1() throws Exception {
+        performTest(new CksumTest(
+            "abcdefghijk",
+            CheckSumType.CMAC_CAMELLIA128, EncryptionType.CAMELLIA128_CTS_CMAC, 7,
+            "1DC46A8D763F4F93742BCBA3387576C3",
+            "1178E6C5C47A8C1AE0C4B9C7D4EB7B6B"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_CMAC_CAMELLIA128_2() throws Exception {
+        performTest(new CksumTest(
+            "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+            CheckSumType.CMAC_CAMELLIA128, EncryptionType.CAMELLIA128_CTS_CMAC, 8,
+            "5027BC231D0F3A9D23333F1CA6FDBE7C",
+            "D1B34F7004A731F23A0C00BF6C3F753A"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_CMAC_CAMELLIA256_1() throws Exception {
+        performTest(new CksumTest(
+            "123456789",
+            CheckSumType.CMAC_CAMELLIA256, EncryptionType.CAMELLIA256_CTS_CMAC, 9,
+            "B61C86CC4E5D2757545AD423399FB7031ECAB913CBB900BD7A3C6DD8BF92015B",
+            "87A12CFD2B96214810F01C826E7744B1"
+        ));
+    }
+
+    @Test
+    public void testCheckSums_CMAC_CAMELLIA256_2() throws Exception {
+        performTest(new CksumTest(
+            "!@#$%^&*()!@#$%^&*()!@#$%^&*()",
+            CheckSumType.CMAC_CAMELLIA256, EncryptionType.CAMELLIA256_CTS_CMAC, 10,
+            "32164C5B434D1D1538E4CFD9BE8040FE8C4AC7ACC4B93D3314D2133668147A05",
+            "3FA0B42355E52B189187294AA252AB64"
+        ));
+    }
+
+    /**
+     * Perform checksum checks using the testcase data object
+     * @param testCase
+     * @throws Exception
+     */
+    private static void performTest(CksumTest testCase) throws Exception {
+        byte[] answer = HexUtil.hex2bytes(testCase.answer);
+        byte[] plainData = testCase.plainText.getBytes();
+        CheckSum newCksum;
+
+        if (! CheckSumHandler.isImplemented(testCase.cksumType)) {
+            fail("Checksum type not supported yet: "
+                + testCase.cksumType.getName());
+            return;
+        }
+
+        if (testCase.encType != EncryptionType.NONE) {
+            /**
+             * For keyed checksum types
+             */
+            if (! EncryptionHandler.isImplemented(testCase.encType)) {
+                fail("Key type not supported yet: " + testCase.encType.getName());
+                return;
+            }
+
+            byte[] key = HexUtil.hex2bytes(testCase.key);
+            KeyUsage keyUsage = KeyUsage.fromValue(testCase.keyUsage);
+            newCksum = CheckSumHandler.checksumWithKey(testCase.cksumType, plainData, key, keyUsage);
+            if (CheckSumHandler.verifyWithKey(newCksum, plainData, key, keyUsage)) {
+                System.out.println("Checksum test OK for " + testCase.cksumType.getName());
+            } else {
+                fail("Checksum test failed for " + testCase.cksumType.getName());
+            }
+        } else {
+            /**
+             * For un-keyed checksum types
+             */
+            newCksum = CheckSumHandler.checksum(testCase.cksumType, plainData);
+            if (CheckSumHandler.verify(newCksum, plainData)) {
+                System.out.println("Checksum and verifying OK for " + testCase.cksumType.getName());
+            } else {
+                fail("Checksum and verifying failed for " + testCase.cksumType.getName());
+            }
+        }
+
+        if (! newCksum.isEqual(answer)) {
+            fail("Checksum test failed for " + testCase.cksumType.getName());
+        } else {
+            System.out.println("Checksum test OK for " + testCase.cksumType.getName());
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java
new file mode 100644
index 0000000..049b578
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java
@@ -0,0 +1,85 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerby.util.HexUtil;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class CmacTest {
+
+    /* All examples use the following Camellia-128 key. */
+    static String keyBytes = "2b7e151628aed2a6" +
+            "abf7158809cf4f3c";
+
+    /* Example inputs are this message truncated to 0, 16, 40, and 64 bytes. */
+    static String inputBytes = "6bc1bee22e409f96" +
+            "e93d7e117393172a" +
+            "ae2d8a571e03ac9c" +
+            "9eb76fac45af8e51" +
+            "30c81c46a35ce411" +
+            "e5fbc1191a0a52ef" +
+            "f69f2445df4f9b17" +
+            "ad2b417be66c3710";
+
+    /* Expected result of CMAC on empty inputBytes. */
+    static String cmac1 = "ba925782aaa1f5d9" +
+            "a00f89648094fc71";
+
+    /* Expected result of CMAC on first 16 bytes of inputBytes. */
+    static String cmac2 = "6d962854a3b9fda5" +
+            "6d7d45a95ee17993";
+
+    /* Expected result of CMAC on first 40 bytes of inputBytes. */
+    static String cmac3 = "5c18d119ccd67661" +
+            "44ac1866131d9f22";
+
+    /* Expected result of CMAC on all 64 bytes of inputBytes. */
+    static String cmac4 = "c2699a6eba55ce9d" +
+            "939a8a4e19466ee9";
+
+
+    @Test
+    public void testCmac() throws KrbException, KrbException {
+        byte[] key = HexUtil.hex2bytes(keyBytes);
+        byte[] input = HexUtil.hex2bytes(inputBytes);
+        EncryptProvider encProvider = new Camellia128Provider();
+        byte[] result;
+
+        // test 1
+        result = Cmac.cmac(encProvider, key, input, 0, 0);
+        Assert.assertArrayEquals("Test 1", HexUtil.hex2bytes(cmac1), result);
+
+        // test 2
+        result = Cmac.cmac(encProvider, key, input, 0, 16);
+        Assert.assertArrayEquals("Test 2", HexUtil.hex2bytes(cmac2), result);
+
+        // test 3
+        result = Cmac.cmac(encProvider, key, input, 0, 40);
+        Assert.assertArrayEquals("Test 3", HexUtil.hex2bytes(cmac3), result);
+
+        // test 4
+        result = Cmac.cmac(encProvider, key, input, 0, 64);
+        Assert.assertArrayEquals("Test 4", HexUtil.hex2bytes(cmac4), result);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/Crc32Test.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/Crc32Test.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/Crc32Test.java
new file mode 100644
index 0000000..59879d7
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/Crc32Test.java
@@ -0,0 +1,119 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.util.HexUtil;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class Crc32Test {
+
+    static class TestCase {
+        String data;
+        long answer;
+
+        public TestCase(String data, long answer) {
+            this.data = data;
+            this.answer = answer;
+        }
+    }
+
+    static TestCase[] testCases = new TestCase[] {
+            new TestCase("01", 0x77073096),
+            new TestCase("02", 0xee0e612c),
+            new TestCase("04", 0x076dc419),
+            new TestCase("08", 0x0edb8832),
+            new TestCase("10", 0x1db71064),
+            new TestCase("20", 0x3b6e20c8),
+            new TestCase("40", 0x76dc4190),
+            new TestCase("80", 0xedb88320),
+            new TestCase("0100", 0x191b3141),
+            new TestCase("0200", 0x32366282),
+            new TestCase("0400", 0x646cc504),
+            new TestCase("0800", 0xc8d98a08),
+            new TestCase("1000", 0x4ac21251),
+            new TestCase("2000", 0x958424a2),
+            new TestCase("4000", 0xf0794f05),
+            new TestCase("8000", 0x3b83984b),
+            new TestCase("0001", 0x77073096),
+            new TestCase("0002", 0xee0e612c),
+            new TestCase("0004", 0x076dc419),
+            new TestCase("0008", 0x0edb8832),
+            new TestCase("0010", 0x1db71064),
+            new TestCase("0020", 0x3b6e20c8),
+            new TestCase("0040", 0x76dc4190),
+            new TestCase("0080", 0xedb88320),
+            new TestCase("01000000", 0xb8bc6765),
+            new TestCase("02000000", 0xaa09c88b),
+            new TestCase("04000000", 0x8f629757),
+            new TestCase("08000000", 0xc5b428ef),
+            new TestCase("10000000", 0x5019579f),
+            new TestCase("20000000", 0xa032af3e),
+            new TestCase("40000000", 0x9b14583d),
+            new TestCase("80000000", 0xed59b63b),
+            new TestCase("00010000", 0x01c26a37),
+            new TestCase("00020000", 0x0384d46e),
+            new TestCase("00040000", 0x0709a8dc),
+            new TestCase("00080000", 0x0e1351b8),
+            new TestCase("00100000", 0x1c26a370),
+            new TestCase("00200000", 0x384d46e0),
+            new TestCase("00400000", 0x709a8dc0),
+            new TestCase("00800000", 0xe1351b80),
+            new TestCase("00000100", 0x191b3141),
+            new TestCase("00000200", 0x32366282),
+            new TestCase("00000400", 0x646cc504),
+            new TestCase("00000800", 0xc8d98a08),
+            new TestCase("00001000", 0x4ac21251),
+            new TestCase("00002000", 0x958424a2),
+            new TestCase("00004000", 0xf0794f05),
+            new TestCase("00008000", 0x3b83984b),
+            new TestCase("00000001", 0x77073096),
+            new TestCase("00000002", 0xee0e612c),
+            new TestCase("00000004", 0x076dc419),
+            new TestCase("00000008", 0x0edb8832),
+            new TestCase("00000010", 0x1db71064),
+            new TestCase("00000020", 0x3b6e20c8),
+            new TestCase("00000040", 0x76dc4190),
+            new TestCase("00000080", 0xedb88320),
+            new TestCase("666F6F", 0x7332bc33),
+            new TestCase("7465737430313233343536373839", 0xb83e88d6),
+            new TestCase("4D4153534143485653455454532049" +
+                    "4E53544954565445204F4620544543484E4F4C4F4759", 0xe34180f7)
+    };
+
+    @Test
+    public void testCrc32() {
+        boolean isOk = true;
+        for (TestCase tc : testCases) {
+            if (! testWith(tc)) {
+                isOk = false;
+                System.err.println("Test with data " + tc.data + " failed");
+            }
+        }
+
+        Assert.assertTrue(isOk);
+    }
+
+    private boolean testWith(TestCase testCase) {
+        byte[] data = HexUtil.hex2bytes(testCase.data);
+        long value = Crc32.crc(0, data, 0, data.length);
+        return value == testCase.answer;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DecryptionTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DecryptionTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DecryptionTest.java
new file mode 100644
index 0000000..8d0c5ca
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DecryptionTest.java
@@ -0,0 +1,985 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.common.KeyUsage;
+import org.apache.kerby.util.HexUtil;
+import org.junit.Test;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/**
+ * Decryption test with known ciphertexts.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class DecryptionTest {
+    /**
+     * The class used to store the test values
+     */
+    private static class TestCase {
+        EncryptionType encType;
+        String plainText;
+        int keyUsage;
+        String key;
+        String cipher;
+
+        TestCase(EncryptionType encType, String plainText,
+                 int keyUsage, String key, String cipher) {
+            this.encType = encType;
+            this.plainText = plainText;
+            this.keyUsage = keyUsage;
+            this.key = key;
+            this.cipher = cipher;
+        }
+    }
+
+    /**
+     * Actually do the test
+     */
+    private boolean testDecrypt(TestCase testCase) throws Exception {
+        KeyUsage ku = KeyUsage.fromValue(testCase.keyUsage);
+
+        byte[] cipherBytes = HexUtil.hex2bytes(testCase.cipher);
+        byte[] keyBytes = HexUtil.hex2bytes(testCase.key);
+
+        EncryptionKey encKey = new EncryptionKey(testCase.encType, keyBytes);
+        byte[] decrypted = EncryptionHandler.decrypt(cipherBytes, encKey, ku);
+        String plainText = new String(decrypted);
+
+        return plainText.startsWith(testCase.plainText);
+    }
+
+    /**
+     * Perform all the checks for a testcase
+     */
+    private void performTestDecrypt(TestCase testCase) {
+        //assertTrue(EncryptionHandler.isImplemented(testCase.encType));
+        if (! EncryptionHandler.isImplemented(testCase.encType)) {
+            System.err.println("Not implemented yet: " + testCase.encType.getDisplayName());
+            return;
+        }
+
+        try {
+            assertTrue(testDecrypt(testCase));
+        } catch (Exception e) {
+            fail(e.getMessage());
+        }
+    }
+
+    /**
+     * Test for DES_CBC_CRC encryption type, with 0 byte
+     */
+    @Test
+    public void testDecryptDES_CBC_CRC_0() {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_CRC,
+                "", 0,
+                "45E6087CDF138FB5",
+                "28F6B09A012BCCF72FB05122B2839E6E");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_CRC encryption type, with 1 byte
+     */
+    @Test
+    public void testDecryptDES_CBC_CRC_1() {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_CRC,
+                "1", 1,
+                "92A7155810586B2F",
+                "B4C871C2F3E7BF7605EFD62F2EEEC205");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_CRC encryption type, with 9 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_CRC_9() {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_CRC,
+                "9 bytesss", 2,
+                "A4B9514A61646423",
+                "5F14C35178D33D7CDE0EC169C623CC83" +
+                        "21B7B8BD34EA7EFE");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_CRC encryption type, with 13 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_CRC_13() {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_CRC,
+                "13 bytes byte", 3,
+                "2F16A2A7FDB05768",
+                "0B588E38D971433C9D86D8BAEBF63E4C" +
+                        "1A01666E76D8A54A3293F72679ED88C9");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_CRC encryption type, with 30 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_CRC_30() {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_CRC,
+                "30 bytes bytes bytes bytes byt", 4,
+                "BC8F70FD2097D67C",
+                "38D632D2C20A7C2EA250FC8ECE42938E" +
+                        "92A9F5D302502665C1A33729C1050DC2" +
+                        "056298FBFB1682CEEB65E59204FDA7DF");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_MD4 encryption type, with 0 byte
+     */
+    @Test
+    public void testDecryptDES_CBC_MD4_0() {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_MD4,
+                "", 0,
+                "13EF45D0D6D9A15D",
+                "1FB202BF07AF3047FB7801E588568686" +
+                        "BA63D78BE3E87DC7");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_MD4 encryption type, with 1 byte
+     */
+    @Test
+    public void testDecryptDES_CBC_MD4_1() {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_MD4,
+                "1", 1,
+                "64688654DC269E67",
+                "1F6CB9CECB73F755ABFDB3D565BD31D5" +
+                        "A2E64BFE44C491E20EEBE5BD20E4D2A9");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_MD4 encryption type, with 9 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_MD4_9() {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_MD4,
+                "9 bytesss", 2,
+                "6804FB26DF8A4C32",
+                "08A53D62FEC3338AD1D218E60DBDD3B2" +
+                        "12940679D125E0621B3BAB4680CE0367" +
+                        "6A2C420E9BE784EB");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_MD4 encryption type, with 13 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_MD4_13() {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_MD4,
+                "13 bytes byte", 3,
+                "234A436EC72FA80B",
+                "17CD45E14FF06B2840A6036E9AA7A414" +
+                        "4E29768144A0C1827D8C4BC7C9906E72" +
+                        "CD4DC328F6648C99");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_MD4 encryption type, with 30 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_MD4_30()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_MD4,
+                "30 bytes bytes bytes bytes byt", 4,
+                "1FD5F74334C4FB8C",
+                "51134CD8951E9D57C0A36053E04CE03E" +
+                        "CB8422488FDDC5C074C4D85E60A2AE42" +
+                        "3C3C701201314F362CB07448091679C6" +
+                        "A496C11D7B93C71B");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_MD5 encryption type, with 0 byte
+     */
+    @Test
+    public void testDecryptDES_CBC_MD5_0()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_MD5,
+                "", 0,
+                "4A545E0BF7A22631",
+                "784CD81591A034BE82556F56DCA3224B" +
+                        "62D9956FA90B1B93");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_MD5 encryption type, with 1 byte
+     */
+    @Test
+    public void testDecryptDES_CBC_MD5_1()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_MD5,
+                "1", 1,
+                "D5804A269DC4E645",
+                "FFA25C7BE287596BFE58126E90AAA0F1" +
+                        "2D9A82A0D86DF6D5F9074B6B399E7FF1");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_MD5 encryption type, with 9 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_MD5_9()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_MD5,
+                "9 bytesss", 2,
+                "C8312F7F83EA4640",
+                "E7850337F2CC5E3F35CE3D69E2C32986" +
+                        "38A7AA44B878031E39851E47C15B5D0E" +
+                        "E7E7AC54DE111D80");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_MD5 encryption type, with 13 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_MD5_13()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_MD5,
+                "13 bytes byte", 3,
+                "7FDA3E62AD8AF18C",
+                "D7A8032E19994C928777506595FBDA98" +
+                        "83158A8514548E296E911C29F465C672" +
+                        "366000558BFC2E88");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_MD5 encryption type, with 30 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_MD5_30()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES_CBC_MD5,
+                "30 bytes bytes bytes bytes byt", 4,
+                "D3D6832970A73752",
+                "8A48166A4C6FEAE607A8CF68B381C075" +
+                        "5E402B19DBC0F81A7D7CA19A25E05223" +
+                        "F6064409BF5A4F50ACD826639FFA7673" +
+                        "FD324EC19E429502");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_SHA1 encryption type, with 0 byte
+     */
+    @Test
+    public void testDecryptDES_CBC_SHA1_0()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES3_CBC_SHA1,
+                "", 0,
+                "7A25DF8992296DCEDA0E135BC4046E23" +
+                        "75B3C14C98FBC162",
+                "548AF4D504F7D723303F12175FE8386B" +
+                        "7B5335A967BAD61F3BF0B143");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_SHA1 encryption type, with 1 byte
+     */
+    @Test
+    public void testDecryptDES_CBC_SHA1_1()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES3_CBC_SHA1,
+                "1", 1,
+                "BC0783891513D5CE57BC138FD3C11AE6" +
+                        "40452385322962B6",
+                "9C3C1DBA4747D85AF2916E4745F2DCE3" +
+                        "8046796E5104BCCDFB669A91D44BC356" +
+                        "660945C7");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_SHA1 encryption type, with 9 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_SHA1_9()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES3_CBC_SHA1,
+                "9 bytesss", 2,
+                "2FD0F725CE04100D2FC8A18098831F85" +
+                        "0B45D9EF850BD920",
+                "CF9144EBC8697981075A8BAD8D74E5D7" +
+                        "D591EB7D9770C7ADA25EE8C5B3D69444" +
+                        "DFEC79A5B7A01482D9AF74E6");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_SHA1 encryption type, with 13 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_SHA1_13()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES3_CBC_SHA1,
+                "13 bytes byte", 3,
+                "0DD52094E0F41CECCB5BE510A764B351" +
+                        "76E3981332F1E598",
+                "839A17081ECBAFBCDC91B88C6955DD3C" +
+                        "4514023CF177B77BF0D0177A16F705E8" +
+                        "49CB7781D76A316B193F8D30");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for DES_CBC_SHA1 encryption type, with 30 bytes
+     */
+    @Test
+    public void testDecryptDES_CBC_SHA1_30()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.DES3_CBC_SHA1,
+                "30 bytes bytes bytes bytes byt", 4,
+                "F11686CBBC9E23EA54FECD2A3DCDFB20" +
+                        "B6FE98BF2645C4C4",
+                "89433E83FD0EA3666CFFCD18D8DEEBC5" +
+                        "3B9A34EDBEB159D9F667C6C2B9A96440" +
+                        "1D55E7E9C68D648D65C3AA84FFA3790C" +
+                        "14A864DA8073A9A95C4BA2BC");
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for ARCFOUR_HMAC encryption type, with 0 byte
+     */
+    @Test
+    public void testDecryptARC_FOUR_0()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.ARCFOUR_HMAC,
+                "", 0,
+                "F81FEC39255F5784E850C4377C88BD85",
+                "02C1EB15586144122EC717763DD348BF" +
+                        "00434DDC6585954C"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for ARCFOUR_HMAC encryption type, with 1 byte
+     */
+    @Test
+    public void testDecryptARC_FOUR_1()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.ARCFOUR_HMAC,
+                "1", 1,
+                "67D1300D281223867F9647FF48721273",
+                "6156E0CC04E0A0874F9FDA008F498A7A" +
+                        "DBBC80B70B14DDDBC0"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for ARCFOUR_HMAC encryption type, with 9 bytes
+     */
+    @Test
+    public void testDecryptARC_FOUR_9()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.ARCFOUR_HMAC,
+                "9 bytesss", 2,
+                "3E40AB6093695281B3AC1A9304224D98",
+                "0F9AD121D99D4A09448E4F1F718C4F5C" +
+                        "BE6096262C66F29DF232A87C9F98755D" +
+                        "55"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for ARCFOUR_HMAC encryption type, with 13 bytes
+     */
+    @Test
+    public void testDecryptARC_FOUR_13()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.ARCFOUR_HMAC,
+                "13 bytes byte", 3,
+                "4BA2FBF0379FAED87A254D3B353D5A7E",
+                "612C57568B17A70352BAE8CF26FB9459" +
+                        "A6F3353CD35FD439DB3107CBEC765D32" +
+                        "6DFC04C1DD"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for ARCFOUR_HMAC encryption type, with 30 bytes
+     */
+    @Test
+    public void testDecryptARC_FOUR_30()
+    {
+        TestCase testCase = new TestCase(
+                EncryptionType.ARCFOUR_HMAC,
+                "30 bytes bytes bytes bytes byt", 4,
+                "68F263DB3FCE15D031C9EAB02D67107A",
+                "95F9047C3AD75891C2E9B04B16566DC8" +
+                        "B6EB9CE4231AFB2542EF87A7B5A0F260" +
+                        "A99F0460508DE0CECC632D07C354124E" +
+                        "46C5D2234EB8"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for ARCFOUR_HMAC_EXP encryption type, with 0 byte
+     */
+    @Test
+    public void testDecryptARCFOUR_HMAC_EXP_0() {
+        TestCase testCase = new TestCase(
+                EncryptionType.ARCFOUR_HMAC_EXP,
+                "", 0,
+                "F7D3A155AF5E238A0B7A871A96BA2AB2",
+                "2827F0E90F62E7460C4E2FB39F9657BA" +
+                        "8BFAA991D7FDADFF"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for ARCFOUR_HMAC encryption type, with 1 byte
+     */
+    @Test
+    public void testDecryptARCFOUR_HMAC_EXP_1() {
+        TestCase testCase = new TestCase(
+                EncryptionType.ARCFOUR_HMAC_EXP,
+                "1", 1,
+                "DEEAA0607DB799E2FDD6DB2986BB8D65",
+                "3DDA392E2E275A4D75183FA6328A0A4E" +
+                        "6B752DF6CD2A25FA4E"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for ARCFOUR_HMAC encryption type, with 9 bytes
+     */
+    @Test
+    public void testDecryptARCFOUR_HMAC_EXP_9() {
+        TestCase testCase = new TestCase(
+                EncryptionType.ARCFOUR_HMAC_EXP,
+                "9 bytesss", 2,
+                "33AD7FC2678615569B2B09836E0A3AB6",
+                "09D136AC485D92644EC6701D6A0D03E8" +
+                        "982D7A3CA7EFD0F8F4F83660EF4277BB" +
+                        "81"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for ARCFOUR_HMAC encryption type, with 13 bytes
+     */
+    @Test
+    public void testDecryptARCFOUR_HMAC_EXP_13() {
+        TestCase testCase = new TestCase(
+                EncryptionType.ARCFOUR_HMAC_EXP,
+                "13 bytes byte", 3,
+                "39F25CD4F0D41B2B2D9D300FCB2981CB",
+                "912388D7C07612819E3B640FF5CECDAF" +
+                        "72E5A59DF10F1091A6BEC39CAAD748AF" +
+                        "9BD2D8D546"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for ARCFOUR_HMAC encryption type, with 30 bytes
+     */
+    @Test
+    public void testDecryptARCFOUR_HMAC_EXP_30() {
+        TestCase testCase = new TestCase(
+                EncryptionType.ARCFOUR_HMAC_EXP,
+                "30 bytes bytes bytes bytes byt", 4,
+                "9F725542D9F72AA1F386CBE7896984FC",
+                "78B35A08B08BE265AEB4145F076513B6" +
+                        "B56EFED3F7526574AF74F7D2F9BAE96E" +
+                        "ABB76F2D87386D2E93E3A77B99919F1D" +
+                        "976490E2BD45"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for AES128_CTS_HMAC_SHA1_96 encryption type, with 0 byte
+     */
+    @Test
+    public void testDecryptAES128_CTS_HMAC_SHA1_96_0() {
+        TestCase testCase = new TestCase(
+                EncryptionType.AES128_CTS_HMAC_SHA1_96,
+                "", 0,
+                "5A5C0F0BA54F3828B2195E66CA24A289",
+                "49FF8E11C173D9583A3254FBE7B1F1DF" +
+                        "36C538E8416784A1672E6676"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for AES128_CTS_HMAC_SHA1_96 encryption type, with 1 byte
+     */
+    @Test
+    public void testDecryptAES128_CTS_HMAC_SHA1_96_1() {
+        TestCase testCase = new TestCase(
+                EncryptionType.AES128_CTS_HMAC_SHA1_96,
+                "1", 1,
+                "98450E3F3BAA13F5C99BEB936981B06F",
+                "F86742F537B35DC2174A4DBAA920FAF9" +
+                        "042090B065E1EBB1CAD9A65394"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for AES128_CTS_HMAC_SHA1_96 encryption type, with 9 bytes
+     */
+    @Test
+    public void testDecryptAES128_CTS_HMAC_SHA1_96_9() {
+        TestCase testCase = new TestCase(
+                EncryptionType.AES128_CTS_HMAC_SHA1_96,
+                "9 bytesss", 2,
+                "9062430C8CDA3388922E6D6A509F5B7A",
+                "68FB9679601F45C78857B2BF820FD6E5" +
+                        "3ECA8D42FD4B1D7024A09205ABB7CD2E" +
+                        "C26C355D2F"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for AES128_CTS_HMAC_SHA1_96 encryption type, with 13 bytes
+     */
+    @Test
+    public void testDecryptAES128_CTS_HMAC_SHA1_96_13() {
+        TestCase testCase = new TestCase(
+                EncryptionType.AES128_CTS_HMAC_SHA1_96,
+                "13 bytes byte", 3,
+                "033EE6502C54FD23E27791E987983827",
+                "EC366D0327A933BF49330E650E49BC6B" +
+                        "974637FE80BF532FE51795B4809718E6" +
+                        "194724DB948D1FD637"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for AES128_CTS_HMAC_SHA1_96 encryption type, with 30 bytes
+     */
+    @Test
+    public void testDecryptAES128_CTS_HMAC_SHA1_96_30() {
+        TestCase testCase = new TestCase(
+                EncryptionType.AES128_CTS_HMAC_SHA1_96,
+                "30 bytes bytes bytes bytes byt", 4,
+                "DCEEB70B3DE76562E689226C76429148",
+                "C96081032D5D8EEB7E32B4089F789D0F" +
+                        "AA481DEA74C0F97CBF3146DDFCF8E800" +
+                        "156ECB532FC203E30FF600B63B350939" +
+                        "FECE510F02D7FF1E7BAC"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for AES256_CTS_HMAC_SHA1_96 encryption type, with 0 byte
+     */
+    @Test
+    public void testDecryptAES256_CTS_HMAC_SHA1_96_0() {
+        TestCase testCase = new TestCase(
+                EncryptionType.AES256_CTS_HMAC_SHA1_96,
+                "", 0,
+                "17F275F2954F2ED1F90C377BA7F4D6A3" +
+                        "69AA0136E0BF0C927AD6133C693759A9",
+                "E5094C55EE7B38262E2B044280B06937" +
+                        "9A95BF95BD8376FB3281B435"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for AES256_CTS_HMAC_SHA1_96 encryption type, with 1 byte
+     */
+    @Test
+    public void testDecryptAES256_CTS_HMAC_SHA1_96_1() {
+        TestCase testCase = new TestCase(
+                EncryptionType.AES256_CTS_HMAC_SHA1_96,
+                "1", 1,
+                "B9477E1FF0329C0050E20CE6C72D2DFF" +
+                        "27E8FE541AB0954429A9CB5B4F7B1E2A",
+                "406150B97AEB76D43B36B62CC1ECDFBE" +
+                        "6F40E95755E0BEB5C27825F3A4"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for AES256_CTS_HMAC_SHA1_96 encryption type, with 9 bytes
+     */
+    @Test
+    public void testDecryptAES256_CTS_HMAC_SHA1_96_9() {
+        TestCase testCase = new TestCase(
+                EncryptionType.AES256_CTS_HMAC_SHA1_96,
+                "9 bytesss", 2,
+                "B1AE4CD8462AFF1677053CC9279AAC30" +
+                        "B796FB81CE21474DD3DDBCFEA4EC76D7",
+                "09957AA25FCAF88F7B39E4406E633012" +
+                        "D5FEA21853F6478DA7065CAEF41FD454" +
+                        "A40824EEC5"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for AES256_CTS_HMAC_SHA1_96 encryption type, with 13 bytes
+     */
+    @Test
+    public void testDecryptAES256_CTS_HMAC_SHA1_96_13() {
+        TestCase testCase = new TestCase(
+                EncryptionType.AES256_CTS_HMAC_SHA1_96,
+                "13 bytes byte", 3,
+                "E5A72BE9B7926C1225BAFEF9C1872E7B" +
+                        "A4CDB2B17893D84ABD90ACDD8764D966",
+                "D8F1AAFEEC84587CC3E700A774E56651" +
+                        "A6D693E174EC4473B5E6D96F80297A65" +
+                        "3FB818AD893E719F96"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for AES256_CTS_HMAC_SHA1_96 encryption type, with 30 bytes
+     */
+    @Test
+    public void testDecryptAES256_CTS_HMAC_SHA1_96_30() {
+        TestCase testCase = new TestCase(
+                EncryptionType.AES256_CTS_HMAC_SHA1_96,
+                "30 bytes bytes bytes bytes byt", 4,
+                "F1C795E9248A09338D82C3F8D5B56704" +
+                        "0B0110736845041347235B1404231398",
+                "D1137A4D634CFECE924DBC3BF6790648" +
+                        "BD5CFF7DE0E7B99460211D0DAEF3D79A" +
+                        "295C688858F3B34B9CBD6EEBAE81DAF6" +
+                        "B734D4D498B6714F1C1D"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for CAMELLIA128_CTS_CMAC encryption type, with 0 byte
+     */
+    @Test
+    public void testDecryptCAMELIA128_CTS_CMAC_0() {
+        TestCase testCase = new TestCase(
+                EncryptionType.CAMELLIA128_CTS_CMAC,
+                "", 0,
+                "1DC46A8D763F4F93742BCBA3387576C3",
+                "C466F1871069921EDB7C6FDE244A52DB" +
+                        "0BA10EDC197BDB8006658CA3CCCE6EB8"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for CAMELLIA128_CTS_CMAC encryption type, with 1 byte
+     */
+    @Test
+    public void testDecryptCAMELIA128_CTS_CMAC_1() {
+        TestCase testCase = new TestCase(
+                EncryptionType.CAMELLIA128_CTS_CMAC,
+                "1", 1,
+                "5027BC231D0F3A9D23333F1CA6FDBE7C",
+                "842D21FD950311C0DD464A3F4BE8D6DA" +
+                        "88A56D559C9B47D3F9A85067AF661559" +
+                        "B8"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for CAMELLIA128_CTS_CMAC encryption type, with 9 bytes
+     */
+    @Test
+    public void testDecryptCAMELIA128_CTS_CMAC_9() {
+        TestCase testCase = new TestCase(
+                EncryptionType.CAMELLIA128_CTS_CMAC,
+                "9 bytesss", 2,
+                "A1BB61E805F9BA6DDE8FDBDDC05CDEA0",
+                "619FF072E36286FF0A28DEB3A352EC0D" +
+                        "0EDF5C5160D663C901758CCF9D1ED33D" +
+                        "71DB8F23AABF8348A0"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for CAMELLIA128_CTS_CMAC encryption type, with 13 bytes
+     */
+    @Test
+    public void testDecryptCAMELIA128_CTS_CMAC_13() {
+        TestCase testCase = new TestCase(
+                EncryptionType.CAMELLIA128_CTS_CMAC,
+                "13 bytes byte", 3,
+                "2CA27A5FAF5532244506434E1CEF6676",
+                "B8ECA3167AE6315512E59F98A7C50020" +
+                        "5E5F63FF3BB389AF1C41A21D640D8615" +
+                        "C9ED3FBEB05AB6ACB67689B5EA"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for CAMELLIA128_CTS_CMAC encryption type, with 30 bytes
+     */
+    @Test
+    public void testDecryptCAMELIA128_CTS_CMAC_30() {
+        TestCase testCase = new TestCase(
+                EncryptionType.CAMELLIA128_CTS_CMAC,
+                "30 bytes bytes bytes bytes byt", 4,
+                "7824F8C16F83FF354C6BF7515B973F43",
+                "A26A3905A4FFD5816B7B1E27380D0809" +
+                        "0C8EC1F304496E1ABDCD2BDCD1DFFC66" +
+                        "0989E117A713DDBB57A4146C1587CBA4" +
+                        "356665591D2240282F5842B105A5"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for CAMELLIA256_CTS_CMAC encryption type, with 0 byte
+     */
+    @Test
+    public void testDecryptCAMELIA256_CTS_CMAC_0() {
+        TestCase testCase = new TestCase(
+                EncryptionType.CAMELLIA256_CTS_CMAC,
+                "", 0,
+                "B61C86CC4E5D2757545AD423399FB703" +
+                        "1ECAB913CBB900BD7A3C6DD8BF92015B",
+                "03886D03310B47A6D8F06D7B94D1DD83" +
+                        "7ECCE315EF652AFF620859D94A259266"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for CAMELLIA256_CTS_CMAC encryption type, with 1 byte
+     */
+    @Test
+    public void testDecryptCAMELIA256_CTS_CMAC_1() {
+        TestCase testCase = new TestCase(
+                EncryptionType.CAMELLIA256_CTS_CMAC,
+                "1", 1,
+                "1B97FE0A190E2021EB30753E1B6E1E77" +
+                        "B0754B1D684610355864104963463833",
+                "2C9C1570133C99BF6A34BC1B0212002F" +
+                        "D194338749DB4135497A347CFCD9D18A12"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for CAMELLIA256_CTS_CMAC encryption type, with 9 bytes
+     */
+    @Test
+    public void testDecryptCAMELIA256_CTS_CMAC_9() {
+        TestCase testCase = new TestCase(
+                EncryptionType.CAMELLIA256_CTS_CMAC,
+                "9 bytesss", 2,
+                "32164C5B434D1D1538E4CFD9BE8040FE" +
+                        "8C4AC7ACC4B93D3314D2133668147A05",
+                "9C6DE75F812DE7ED0D28B2963557A115" +
+                        "640998275B0AF5152709913FF52A2A9C" +
+                        "8E63B872F92E64C839"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for CAMELLIA256_CTS_CMAC encryption type, with 13 bytes
+     */
+    @Test
+    public void testDecryptCAMELIA256_CTS_CMAC_13() {
+        TestCase testCase = new TestCase(
+                EncryptionType.CAMELLIA256_CTS_CMAC,
+                "13 bytes byte", 3,
+                "B038B132CD8E06612267FAB7170066D8" +
+                        "8AECCBA0B744BFC60DC89BCA182D0715",
+                "EEEC85A9813CDC536772AB9B42DEFC57" +
+                        "06F726E975DDE05A87EB5406EA324CA1" +
+                        "85C9986B42AABE794B84821BEE"
+        );
+
+        performTestDecrypt(testCase);
+    }
+
+
+    /**
+     * Test for CAMELLIA256_CTS_CMAC encryption type, with 30 bytes
+     */
+    @Test
+    public void testDecryptCAMELIA256_CTS_CMAC_30() {
+        TestCase testCase = new TestCase(
+                EncryptionType.CAMELLIA256_CTS_CMAC,
+                "30 bytes bytes bytes bytes byt", 4,
+                "CCFCD349BF4C6677E86E4B02B8EAB924" +
+                        "A546AC731CF9BF6989B996E7D6BFBBA7",
+                "0E44680985855F2D1F1812529CA83BFD" +
+                        "8E349DE6FD9ADA0BAAA048D68E265FEB" +
+                        "F34AD1255A344999AD37146887A6C684" +
+                        "5731AC7F46376A0504CD06571474"
+        );
+
+        performTestDecrypt(testCase);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DesKeyMakerTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DesKeyMakerTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DesKeyMakerTest.java
new file mode 100644
index 0000000..0c5f9c2
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DesKeyMakerTest.java
@@ -0,0 +1,64 @@
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.crypto.key.DesKeyMaker;
+import org.apache.kerby.util.HexUtil;
+import org.junit.Assert;
+
+/**
+ * This is just for my experimental tweaking, so pleas bear it.
+ */
+public class DesKeyMakerTest {
+
+    /**
+     * The class used to store the test values
+     */
+    private static class TestCase {
+        String salt;
+        String passwd;
+        String passwdSaltBytes;
+        String fanFoldedKey;
+        String intermediateKey;
+        String finalKey;
+
+        private TestCase(String salt, String passwd, String passwdSaltBytes,
+                         String fanFoldedKey, String intermediateKey, String finalKey) {
+            this.salt = salt;
+            this.passwd = passwd;
+            this.passwdSaltBytes = passwdSaltBytes;
+            this.fanFoldedKey = fanFoldedKey;
+            this.intermediateKey = intermediateKey;
+            this.finalKey = finalKey;
+        }
+    }
+
+    /**
+     * Actually do the test
+     */
+    private void test(TestCase tc) {
+        byte[] expectedValue = HexUtil.hex2bytes(tc.passwdSaltBytes);
+        byte[] value = DesKeyMaker.makePasswdSalt(tc.passwd, tc.salt);
+        Assert.assertArrayEquals("PasswdSalt bytes", expectedValue, value);
+
+        expectedValue = HexUtil.hex2bytes(tc.fanFoldedKey);
+        value = DesKeyMaker.fanFold(tc.passwd, tc.salt, null);
+        Assert.assertArrayEquals("FanFold result", expectedValue, value);
+
+        expectedValue = HexUtil.hex2bytes(tc.intermediateKey);
+        value = DesKeyMaker.intermediateKey(value);
+        Assert.assertArrayEquals("IntermediateKey result", expectedValue, value);
+
+        // finalKey check ignored here and it's done in String2keyTest.
+    }
+
+    /**
+     * This is just for my experimental tweaking, so pleas bear it.
+     */
+    //@Test
+    public void testCase1() {
+        TestCase tc = new TestCase("ATHENA.MIT.EDUraeburn",
+                "password", "70617373776f7264415448454e412e4d49542e4544557261656275726e",
+                "c01e38688ac86c2e", "c11f38688ac86d2f", "cbc22fae235298e3");
+
+        test(tc);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/KeyDeriveTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/KeyDeriveTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/KeyDeriveTest.java
new file mode 100644
index 0000000..eb04804
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/KeyDeriveTest.java
@@ -0,0 +1,228 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.*;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerby.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerby.kerberos.kerb.crypto.key.DkKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerby.util.HexUtil;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+/**
+ * Key derivation test with known values.
+ */
+public class KeyDeriveTest {
+
+    static class TestCase {
+        EncryptionType encType;
+        String inkey;
+        String constant;
+        String answer;
+
+        TestCase(EncryptionType encType, String inkey,
+                 String constant, String answer) {
+            this.encType = encType;
+            this.inkey = inkey;
+            this.constant = constant;
+            this.answer = answer;
+        }
+    }
+
+    static TestCase[] testCases = new TestCase[] {
+    /* Kc, Ke, Kei for a DES3 key */
+            new TestCase(
+                    EncryptionType.DES3_CBC_SHA1,
+                    "850BB51358548CD05E86768C313E3BFE" +
+                            "F7511937DCF72C3E",
+                    "0000000299",
+                    "F78C496D16E6C2DAE0E0B6C24057A84C" +
+                            "0426AEEF26FD6DCE"
+            ),
+            new TestCase(
+                    EncryptionType.DES3_CBC_SHA1,
+                    "850BB51358548CD05E86768C313E3BFE" +
+                            "F7511937DCF72C3E",
+                    "00000002AA",
+                    "5B5723D0B634CB684C3EBA5264E9A70D" +
+                            "52E683231AD3C4CE"
+            ),
+            new TestCase(
+                    EncryptionType.DES3_CBC_SHA1,
+                    "850BB51358548CD05E86768C313E3BFE" +
+                            "F7511937DCF72C3E",
+                    "0000000255",
+                    "A77C94980E9B7345A81525C423A737CE" +
+                            "67F4CD91B6B3DA45"
+            ),
+
+    /* Kc, Ke, Ki for an AES-128 key */
+            new TestCase(
+                    EncryptionType.AES128_CTS_HMAC_SHA1_96,
+                    "42263C6E89F4FC28B8DF68EE09799F15",
+                    "0000000299",
+                    "34280A382BC92769B2DA2F9EF066854B"
+            ),
+            new TestCase(
+                    EncryptionType.AES128_CTS_HMAC_SHA1_96,
+                    "42263C6E89F4FC28B8DF68EE09799F15",
+                    "00000002AA",
+                    "5B14FC4E250E14DDF9DCCF1AF6674F53"
+            ),
+            new TestCase(
+                    EncryptionType.AES128_CTS_HMAC_SHA1_96,
+                    "42263C6E89F4FC28B8DF68EE09799F15",
+                    "0000000255",
+                    "4ED31063621684F09AE8D89991AF3E8F"
+            ),
+
+    /* Kc, Ke, Ki for an AES-256 key */
+            new TestCase(
+                    EncryptionType.AES256_CTS_HMAC_SHA1_96,
+                    "FE697B52BC0D3CE14432BA036A92E65B" +
+                            "BB52280990A2FA27883998D72AF30161",
+                    "0000000299",
+                    "BFAB388BDCB238E9F9C98D6A878304F0" +
+                            "4D30C82556375AC507A7A852790F4674"
+            ),
+            new TestCase(
+                    EncryptionType.AES256_CTS_HMAC_SHA1_96,
+                    "FE697B52BC0D3CE14432BA036A92E65B" +
+                            "BB52280990A2FA27883998D72AF30161",
+                    "00000002AA",
+                    "C7CFD9CD75FE793A586A542D87E0D139" +
+                            "6F1134A104BB1A9190B8C90ADA3DDF37"
+            ),
+            new TestCase(
+                    EncryptionType.AES256_CTS_HMAC_SHA1_96,
+                    "FE697B52BC0D3CE14432BA036A92E65B" +
+                            "BB52280990A2FA27883998D72AF30161",
+                    "0000000255",
+                    "97151B4C76945063E2EB0529DC067D97" +
+                            "D7BBA90776D8126D91F34F3101AEA8BA"
+            ),
+
+    /* Kc, Ke, Ki for a Camellia-128 key */
+            new TestCase(
+                    EncryptionType.CAMELLIA128_CTS_CMAC,
+                    "57D0297298FFD9D35DE5A47FB4BDE24B",
+                    "0000000299",
+                    "D155775A209D05F02B38D42A389E5A56"
+            ),
+            new TestCase(
+                    EncryptionType.CAMELLIA128_CTS_CMAC,
+                    "57D0297298FFD9D35DE5A47FB4BDE24B",
+                    "00000002AA",
+                    "64DF83F85A532F17577D8C37035796AB"
+            ),
+            new TestCase(
+                    EncryptionType.CAMELLIA128_CTS_CMAC,
+                    "57D0297298FFD9D35DE5A47FB4BDE24B",
+                    "0000000255",
+                    "3E4FBDF30FB8259C425CB6C96F1F4635"
+            ),
+
+    /* Kc, Ke, Ki for a Camellia-256 key */
+            new TestCase(
+                    EncryptionType.CAMELLIA256_CTS_CMAC,
+                    "B9D6828B2056B7BE656D88A123B1FAC6" +
+                            "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
+                    "0000000299",
+                    "E467F9A9552BC7D3155A6220AF9C1922" +
+                            "0EEED4FF78B0D1E6A1544991461A9E50"
+            ),
+            new TestCase(
+                    EncryptionType.CAMELLIA256_CTS_CMAC,
+                    "B9D6828B2056B7BE656D88A123B1FAC6" +
+                            "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
+                    "00000002AA",
+                    "412AEFC362A7285FC3966C6A5181E760" +
+                            "5AE675235B6D549FBFC9AB6630A4C604"
+            ),
+            new TestCase(
+                    EncryptionType.CAMELLIA256_CTS_CMAC,
+                    "B9D6828B2056B7BE656D88A123B1FAC6" +
+                            "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
+                    "0000000255",
+                    "FA624FA0E523993FA388AEFDC67E67EB" +
+                            "CD8C08E8A0246B1D73B0D1DD9FC582B0"
+            )
+    };
+
+    static DkKeyMaker getKeyMaker(EncryptionType encType) {
+        switch (encType) {
+            case DES3_CBC_SHA1:
+                return new Des3KeyMaker(new Des3Provider());
+            case AES128_CTS_HMAC_SHA1_96:
+                return new AesKeyMaker(new Aes128Provider());
+            case AES256_CTS_HMAC_SHA1_96:
+                return new AesKeyMaker(new Aes256Provider());
+            case CAMELLIA128_CTS_CMAC:
+                return new CamelliaKeyMaker(new Camellia128Provider());
+            case CAMELLIA256_CTS_CMAC:
+                return new CamelliaKeyMaker(new Camellia256Provider());
+            default:
+                return null;
+        }
+    }
+
+    @Test
+    public void testDeriveKeys() {
+        boolean overallResult = true;
+
+        for (TestCase tc : testCases) {
+            System.err.println("Key deriving test for " + tc.encType.getName());
+            try {
+                if (! testWith(tc)) {
+                    overallResult = false;
+                }
+            } catch (Exception e) {
+                e.printStackTrace();
+                overallResult = false;
+            }
+        }
+
+        if (!overallResult) {
+            Assert.fail();
+        }
+    }
+
+    private boolean testWith(TestCase testCase) throws Exception {
+        byte[] answer = HexUtil.hex2bytes(testCase.answer);
+        byte[] inkey = HexUtil.hex2bytes(testCase.inkey);
+        byte[] constant = HexUtil.hex2bytes(testCase.constant);
+        byte[] outkey;
+
+        DkKeyMaker km = getKeyMaker(testCase.encType);
+        outkey = km.dk(inkey, constant);
+        if (! Arrays.equals(answer, outkey)) {
+            System.err.println("failed with:");
+            System.err.println("outKey:" + HexUtil.bytesToHex(outkey));
+            System.err.println("answer:" + testCase.answer);
+            return false;
+        }
+        return true;
+    }
+}


Mime
View raw message