directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [12/45] directory-kerberos git commit: DIRKRB-149 New layout structure with the new name "Apache Kerby"
Date Thu, 22 Jan 2015 21:47:51 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaKey.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaKey.java
new file mode 100644
index 0000000..c792910
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaKey.java
@@ -0,0 +1,433 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+/**
+ * Camellia - based on RFC 3713, about half the size of CamelliaEngine.
+ *
+ * This is based on CamelliaEngine.java from bouncycastle library.
+ */
+
+public class CamelliaKey {
+    private int keySize;
+
+    protected int[] subkey = new int[24 * 4];
+    protected int[] kw = new int[4 * 2]; // for whitening
+    protected int[] ke = new int[6 * 2]; // for FL and FL^(-1)
+
+    private static final int SIGMA[] = {
+            0xa09e667f, 0x3bcc908b,
+            0xb67ae858, 0x4caa73b2,
+            0xc6ef372f, 0xe94f82be,
+            0x54ff53a5, 0xf1d36f1c,
+            0x10e527fa, 0xde682d1d,
+            0xb05688c2, 0xb3e6c1fd
+    };
+
+    // S-box data
+    protected static final byte SBOX1[] = {
+            (byte)112, (byte)130, (byte)44, (byte)236,
+            (byte)179, (byte)39, (byte)192, (byte)229,
+            (byte)228, (byte)133, (byte)87, (byte)53,
+            (byte)234, (byte)12, (byte)174, (byte)65,
+            (byte)35, (byte)239, (byte)107, (byte)147,
+            (byte)69, (byte)25, (byte)165, (byte)33,
+            (byte)237, (byte)14, (byte)79, (byte)78,
+            (byte)29, (byte)101, (byte)146, (byte)189,
+            (byte)134, (byte)184, (byte)175, (byte)143,
+            (byte)124, (byte)235, (byte)31, (byte)206,
+            (byte)62, (byte)48, (byte)220, (byte)95,
+            (byte)94, (byte)197, (byte)11, (byte)26,
+            (byte)166, (byte)225, (byte)57, (byte)202,
+            (byte)213, (byte)71, (byte)93, (byte)61,
+            (byte)217, (byte)1, (byte)90, (byte)214,
+            (byte)81, (byte)86, (byte)108, (byte)77,
+            (byte)139, (byte)13, (byte)154, (byte)102,
+            (byte)251, (byte)204, (byte)176, (byte)45,
+            (byte)116, (byte)18, (byte)43, (byte)32,
+            (byte)240, (byte)177, (byte)132, (byte)153,
+            (byte)223, (byte)76, (byte)203, (byte)194,
+            (byte)52, (byte)126, (byte)118, (byte)5,
+            (byte)109, (byte)183, (byte)169, (byte)49,
+            (byte)209, (byte)23, (byte)4, (byte)215,
+            (byte)20, (byte)88, (byte)58, (byte)97,
+            (byte)222, (byte)27, (byte)17, (byte)28,
+            (byte)50, (byte)15, (byte)156, (byte)22,
+            (byte)83, (byte)24, (byte)242, (byte)34,
+            (byte)254, (byte)68, (byte)207, (byte)178,
+            (byte)195, (byte)181, (byte)122, (byte)145,
+            (byte)36, (byte)8, (byte)232, (byte)168,
+            (byte)96, (byte)252, (byte)105, (byte)80,
+            (byte)170, (byte)208, (byte)160, (byte)125,
+            (byte)161, (byte)137, (byte)98, (byte)151,
+            (byte)84, (byte)91, (byte)30, (byte)149,
+            (byte)224, (byte)255, (byte)100, (byte)210,
+            (byte)16, (byte)196, (byte)0, (byte)72,
+            (byte)163, (byte)247, (byte)117, (byte)219,
+            (byte)138, (byte)3, (byte)230, (byte)218,
+            (byte)9, (byte)63, (byte)221, (byte)148,
+            (byte)135, (byte)92, (byte)131, (byte)2,
+            (byte)205, (byte)74, (byte)144, (byte)51,
+            (byte)115, (byte)103, (byte)246, (byte)243,
+            (byte)157, (byte)127, (byte)191, (byte)226,
+            (byte)82, (byte)155, (byte)216, (byte)38,
+            (byte)200, (byte)55, (byte)198, (byte)59,
+            (byte)129, (byte)150, (byte)111, (byte)75,
+            (byte)19, (byte)190, (byte)99, (byte)46,
+            (byte)233, (byte)121, (byte)167, (byte)140,
+            (byte)159, (byte)110, (byte)188, (byte)142,
+            (byte)41, (byte)245, (byte)249, (byte)182,
+            (byte)47, (byte)253, (byte)180, (byte)89,
+            (byte)120, (byte)152, (byte)6, (byte)106,
+            (byte)231, (byte)70, (byte)113, (byte)186,
+            (byte)212, (byte)37, (byte)171, (byte)66,
+            (byte)136, (byte)162, (byte)141, (byte)250,
+            (byte)114, (byte)7, (byte)185, (byte)85,
+            (byte)248, (byte)238, (byte)172, (byte)10,
+            (byte)54, (byte)73, (byte)42, (byte)104,
+            (byte)60, (byte)56, (byte)241, (byte)164,
+            (byte)64, (byte)40, (byte)211, (byte)123,
+            (byte)187, (byte)201, (byte)67, (byte)193,
+            (byte)21, (byte)227, (byte)173, (byte)244,
+            (byte)119, (byte)199, (byte)128, (byte)158
+    };
+
+    public CamelliaKey(byte[] key, boolean isEncrypt) {
+        init(key, isEncrypt);
+    }
+
+    protected boolean is128() {
+        return keySize == 16;
+    }
+
+    private static int rightRotate(int x, int s) {
+        return (((x) >>> (s)) + ((x) << (32 - s)));
+    }
+
+    private static int leftRotate(int x, int s) {
+        return ((x) << (s)) + ((x) >>> (32 - s));
+    }
+
+    private static void roldq(int rot, int[] ki, int ioff,
+                              int[] ko, int ooff) {
+        ko[0 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
+        ko[1 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
+        ko[2 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
+        ko[3 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
+        ki[0 + ioff] = ko[0 + ooff];
+        ki[1 + ioff] = ko[1 + ooff];
+        ki[2 + ioff] = ko[2 + ooff];
+        ki[3 + ioff] = ko[3 + ooff];
+    }
+
+    private static void decroldq(int rot, int[] ki, int ioff,
+                                 int[] ko, int ooff) {
+        ko[2 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
+        ko[3 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
+        ko[0 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
+        ko[1 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
+        ki[0 + ioff] = ko[2 + ooff];
+        ki[1 + ioff] = ko[3 + ooff];
+        ki[2 + ioff] = ko[0 + ooff];
+        ki[3 + ioff] = ko[1 + ooff];
+    }
+
+    private static void roldqo32(int rot, int[] ki, int ioff,
+                                 int[] ko, int ooff)
+    {
+        ko[0 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
+        ko[1 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
+        ko[2 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
+        ko[3 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
+        ki[0 + ioff] = ko[0 + ooff];
+        ki[1 + ioff] = ko[1 + ooff];
+        ki[2 + ioff] = ko[2 + ooff];
+        ki[3 + ioff] = ko[3 + ooff];
+    }
+
+    private static void decroldqo32(int rot, int[] ki, int ioff,
+                                    int[] ko, int ooff) {
+        ko[2 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
+        ko[3 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
+        ko[0 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
+        ko[1 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
+        ki[0 + ioff] = ko[2 + ooff];
+        ki[1 + ioff] = ko[3 + ooff];
+        ki[2 + ioff] = ko[0 + ooff];
+        ki[3 + ioff] = ko[1 + ooff];
+    }
+
+    private byte lRot8(byte v, int rot)
+    {
+        return (byte)((v << rot) | ((v & 0xff) >>> (8 - rot)));
+    }
+
+    private int sbox2(int x)
+    {
+        return (lRot8(SBOX1[x], 1) & 0xff);
+    }
+
+    private int sbox3(int x)
+    {
+        return (lRot8(SBOX1[x], 7) & 0xff);
+    }
+
+    private int sbox4(int x)
+    {
+        return (SBOX1[((int)lRot8((byte)x, 1) & 0xff)] & 0xff);
+    }
+
+    protected void fls(int[] s, int[] fkey, int keyoff) {
+        s[1] ^= leftRotate(s[0] & fkey[0 + keyoff], 1);
+        s[0] ^= fkey[1 + keyoff] | s[1];
+
+        s[2] ^= fkey[3 + keyoff] | s[3];
+        s[3] ^= leftRotate(fkey[2 + keyoff] & s[2], 1);
+    }
+
+    protected void f2(int[] s, int[] skey, int keyoff) {
+        int t1, t2, u, v;
+
+        t1 = s[0] ^ skey[0 + keyoff];
+        u = sbox4((t1 & 0xff));
+        u |= (sbox3(((t1 >>> 8) & 0xff)) << 8);
+        u |= (sbox2(((t1 >>> 16) & 0xff)) << 16);
+        u |= ((int)(SBOX1[((t1 >>> 24) & 0xff)] & 0xff) << 24);
+
+        t2 = s[1] ^ skey[1 + keyoff];
+        v = (int)SBOX1[(t2 & 0xff)] & 0xff;
+        v |= (sbox4(((t2 >>> 8) & 0xff)) << 8);
+        v |= (sbox3(((t2 >>> 16) & 0xff)) << 16);
+        v |= (sbox2(((t2 >>> 24) & 0xff)) << 24);
+
+        v = leftRotate(v, 8);
+        u ^= v;
+        v = leftRotate(v, 8) ^ u;
+        u = rightRotate(u, 8) ^ v;
+        s[2] ^= leftRotate(v, 16) ^ u;
+        s[3] ^= leftRotate(u, 8);
+
+        t1 = s[2] ^ skey[2 + keyoff];
+        u = sbox4((t1 & 0xff));
+        u |= sbox3(((t1 >>> 8) & 0xff)) << 8;
+        u |= sbox2(((t1 >>> 16) & 0xff)) << 16;
+        u |= ((int)SBOX1[((t1 >>> 24) & 0xff)] & 0xff) << 24;
+
+        t2 = s[3] ^ skey[3 + keyoff];
+        v = ((int)SBOX1[(t2 & 0xff)] & 0xff);
+        v |= sbox4(((t2 >>> 8) & 0xff)) << 8;
+        v |= sbox3(((t2 >>> 16) & 0xff)) << 16;
+        v |= sbox2(((t2 >>> 24) & 0xff)) << 24;
+
+        v = leftRotate(v, 8);
+        u ^= v;
+        v = leftRotate(v, 8) ^ u;
+        u = rightRotate(u, 8) ^ v;
+        s[0] ^= leftRotate(v, 16) ^ u;
+        s[1] ^= leftRotate(u, 8);
+    }
+
+    private void init(byte[] key, boolean isEncrypt) {
+        keySize = key.length;
+
+        int[] k = new int[8];
+        int[] ka = new int[4];
+        int[] kb = new int[4];
+        int[] t = new int[4];
+
+        switch (key.length) {
+            case 16:
+                k[0] = BytesUtil.bytes2int(key, 0, true);
+                k[1] = BytesUtil.bytes2int(key, 4, true);
+                k[2] = BytesUtil.bytes2int(key, 8, true);
+                k[3] = BytesUtil.bytes2int(key, 12, true);
+                k[4] = k[5] = k[6] = k[7] = 0;
+                break;
+            case 24:
+                k[0] = BytesUtil.bytes2int(key, 0, true);
+                k[1] = BytesUtil.bytes2int(key, 4, true);
+                k[2] = BytesUtil.bytes2int(key, 8, true);
+                k[3] = BytesUtil.bytes2int(key, 12, true);
+                k[4] = BytesUtil.bytes2int(key, 16, true);
+                k[5] = BytesUtil.bytes2int(key, 20, true);
+                k[6] = ~k[4];
+                k[7] = ~k[5];
+                break;
+            case 32:
+                k[0] = BytesUtil.bytes2int(key, 0, true);
+                k[1] = BytesUtil.bytes2int(key, 4, true);
+                k[2] = BytesUtil.bytes2int(key, 8, true);
+                k[3] = BytesUtil.bytes2int(key, 12, true);
+                k[4] = BytesUtil.bytes2int(key, 16, true);
+                k[5] = BytesUtil.bytes2int(key, 20, true);
+                k[6] = BytesUtil.bytes2int(key, 24, true);
+                k[7] = BytesUtil.bytes2int(key, 28, true);
+                break;
+            default:
+                throw new
+                        IllegalArgumentException("Invalid key size, only support 16/24/32 bytes");
+        }
+
+        for (int i = 0; i < 4; i++) {
+            ka[i] = k[i] ^ k[i + 4];
+        }
+
+        /* compute KA */
+        f2(ka, SIGMA, 0);
+        for (int i = 0; i < 4; i++) {
+            ka[i] ^= k[i];
+        }
+        f2(ka, SIGMA, 4);
+
+        if (keySize == 16) {
+            if (isEncrypt) {
+                /* KL dependant keys */
+                kw[0] = k[0];
+                kw[1] = k[1];
+                kw[2] = k[2];
+                kw[3] = k[3];
+                roldq(15, k, 0, subkey, 4);
+                roldq(30, k, 0, subkey, 12);
+                roldq(15, k, 0, t, 0);
+                subkey[18] = t[2];
+                subkey[19] = t[3];
+                roldq(17, k, 0, ke, 4);
+                roldq(17, k, 0, subkey, 24);
+                roldq(17, k, 0, subkey, 32);
+                /* KA dependant keys */
+                subkey[0] = ka[0];
+                subkey[1] = ka[1];
+                subkey[2] = ka[2];
+                subkey[3] = ka[3];
+                roldq(15, ka, 0, subkey, 8);
+                roldq(15, ka, 0, ke, 0);
+                roldq(15, ka, 0, t, 0);
+                subkey[16] = t[0];
+                subkey[17] = t[1];
+                roldq(15, ka, 0, subkey, 20);
+                roldqo32(34, ka, 0, subkey, 28);
+                roldq(17, ka, 0, kw, 4);
+
+            } else { // decryption
+                /* KL dependant keys */
+                kw[4] = k[0];
+                kw[5] = k[1];
+                kw[6] = k[2];
+                kw[7] = k[3];
+                decroldq(15, k, 0, subkey, 28);
+                decroldq(30, k, 0, subkey, 20);
+                decroldq(15, k, 0, t, 0);
+                subkey[16] = t[0];
+                subkey[17] = t[1];
+                decroldq(17, k, 0, ke, 0);
+                decroldq(17, k, 0, subkey, 8);
+                decroldq(17, k, 0, subkey, 0);
+                /* KA dependant keys */
+                subkey[34] = ka[0];
+                subkey[35] = ka[1];
+                subkey[32] = ka[2];
+                subkey[33] = ka[3];
+                decroldq(15, ka, 0, subkey, 24);
+                decroldq(15, ka, 0, ke, 4);
+                decroldq(15, ka, 0, t, 0);
+                subkey[18] = t[2];
+                subkey[19] = t[3];
+                decroldq(15, ka, 0, subkey, 12);
+                decroldqo32(34, ka, 0, subkey, 4);
+                roldq(17, ka, 0, kw, 0);
+            }
+        } else { // 192bit or 256bit
+            /* compute KB */
+            for (int i = 0; i < 4; i++) {
+                kb[i] = ka[i] ^ k[i + 4];
+            }
+            f2(kb, SIGMA, 8);
+
+            if (isEncrypt) {
+                /* KL dependant keys */
+                kw[0] = k[0];
+                kw[1] = k[1];
+                kw[2] = k[2];
+                kw[3] = k[3];
+                roldqo32(45, k, 0, subkey, 16);
+                roldq(15, k, 0, ke, 4);
+                roldq(17, k, 0, subkey, 32);
+                roldqo32(34, k, 0, subkey, 44);
+                /* KR dependant keys */
+                roldq(15, k, 4, subkey, 4);
+                roldq(15, k, 4, ke, 0);
+                roldq(30, k, 4, subkey, 24);
+                roldqo32(34, k, 4, subkey, 36);
+                /* KA dependant keys */
+                roldq(15, ka, 0, subkey, 8);
+                roldq(30, ka, 0, subkey, 20);
+                /* 32bit rotation */
+                ke[8] = ka[1];
+                ke[9] = ka[2];
+                ke[10] = ka[3];
+                ke[11] = ka[0];
+                roldqo32(49, ka, 0, subkey, 40);
+
+                /* KB dependant keys */
+                subkey[0] = kb[0];
+                subkey[1] = kb[1];
+                subkey[2] = kb[2];
+                subkey[3] = kb[3];
+                roldq(30, kb, 0, subkey, 12);
+                roldq(30, kb, 0, subkey, 28);
+                roldqo32(51, kb, 0, kw, 4);
+
+            } else { // decryption
+                /* KL dependant keys */
+                kw[4] = k[0];
+                kw[5] = k[1];
+                kw[6] = k[2];
+                kw[7] = k[3];
+                decroldqo32(45, k, 0, subkey, 28);
+                decroldq(15, k, 0, ke, 4);
+                decroldq(17, k, 0, subkey, 12);
+                decroldqo32(34, k, 0, subkey, 0);
+                /* KR dependant keys */
+                decroldq(15, k, 4, subkey, 40);
+                decroldq(15, k, 4, ke, 8);
+                decroldq(30, k, 4, subkey, 20);
+                decroldqo32(34, k, 4, subkey, 8);
+                /* KA dependant keys */
+                decroldq(15, ka, 0, subkey, 36);
+                decroldq(30, ka, 0, subkey, 24);
+                /* 32bit rotation */
+                ke[2] = ka[1];
+                ke[3] = ka[2];
+                ke[0] = ka[3];
+                ke[1] = ka[0];
+                decroldqo32(49, ka, 0, subkey, 4);
+
+                /* KB dependant keys */
+                subkey[46] = kb[0];
+                subkey[47] = kb[1];
+                subkey[44] = kb[2];
+                subkey[45] = kb[3];
+                decroldq(30, kb, 0, subkey, 32);
+                decroldq(30, kb, 0, subkey, 16);
+                roldqo32(51, kb, 0, kw, 0);
+            }
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumHandler.java
new file mode 100644
index 0000000..2cad95b
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumHandler.java
@@ -0,0 +1,153 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.*;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.KeyUsage;
+
+public class CheckSumHandler {
+
+    public static CheckSumTypeHandler getCheckSumHandler(String cksumType) throws KrbException {
+        CheckSumType eTypeEnum = CheckSumType.fromName(cksumType);
+        return getCheckSumHandler(eTypeEnum);
+    }
+
+    public static CheckSumTypeHandler getCheckSumHandler(int cksumType) throws KrbException {
+        CheckSumType eTypeEnum = CheckSumType.fromValue(cksumType);
+        return getCheckSumHandler(eTypeEnum);
+    }
+
+    public static boolean isImplemented(CheckSumType cksumType) throws KrbException {
+        return getCheckSumHandler(cksumType, true) != null;
+    }
+
+    public static CheckSumTypeHandler getCheckSumHandler(CheckSumType cksumType) throws KrbException {
+        return getCheckSumHandler(cksumType, false);
+    }
+
+    private static CheckSumTypeHandler getCheckSumHandler(CheckSumType cksumType, boolean check) throws KrbException {
+        CheckSumTypeHandler cksumHandler = null;
+        switch (cksumType) {
+            case CRC32:
+                cksumHandler = new Crc32CheckSum();
+                break;
+
+            case DES_MAC:
+                cksumHandler = new DesCbcCheckSum();
+                break;
+
+            case RSA_MD4:
+                cksumHandler = new RsaMd4CheckSum();
+                break;
+
+            case RSA_MD5:
+                cksumHandler = new RsaMd5CheckSum();
+                break;
+
+            case NIST_SHA:
+                cksumHandler = new Sha1CheckSum();
+                break;
+
+            case RSA_MD4_DES:
+                cksumHandler = new RsaMd4DesCheckSum();
+                break;
+
+            case RSA_MD5_DES:
+                cksumHandler = new RsaMd5DesCheckSum();
+                break;
+
+            case HMAC_SHA1_DES3:
+            case HMAC_SHA1_DES3_KD:
+                cksumHandler = new HmacSha1Des3CheckSum();
+                break;
+
+            case HMAC_SHA1_96_AES128:
+                cksumHandler = new HmacSha1Aes128CheckSum();
+                break;
+
+            case HMAC_SHA1_96_AES256:
+                cksumHandler = new HmacSha1Aes256CheckSum();
+                break;
+
+            case CMAC_CAMELLIA128:
+                cksumHandler = new CmacCamellia128CheckSum();
+                break;
+
+            case CMAC_CAMELLIA256:
+                cksumHandler = new CmacCamellia256CheckSum();
+                break;
+
+            case HMAC_MD5_ARCFOUR:
+                cksumHandler = new HmacMd5Rc4CheckSum();
+                break;
+
+            case MD5_HMAC_ARCFOUR:
+                cksumHandler = new Md5HmacRc4CheckSum();
+                break;
+
+            default:
+                break;
+        }
+
+        if (cksumHandler == null && ! check) {
+            String message = "Unsupported checksum type: " + cksumType.name();
+            throw new KrbException(KrbErrorCode.KDC_ERR_SUMTYPE_NOSUPP, message);
+        }
+
+        return cksumHandler;
+    }
+
+    public static CheckSum checksum(CheckSumType checkSumType, byte[] bytes) throws KrbException {
+        CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+        byte[] checksumBytes = handler.checksum(bytes);
+        CheckSum checkSum = new CheckSum();
+        checkSum.setCksumtype(checkSumType);
+        checkSum.setChecksum(checksumBytes);
+        return checkSum;
+    }
+
+    public static boolean verify(CheckSum checkSum, byte[] bytes) throws KrbException {
+        CheckSumType checkSumType = checkSum.getCksumtype();
+        CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+        return handler.verify(bytes, checkSum.getChecksum());
+    }
+
+    public static CheckSum checksumWithKey(CheckSumType checkSumType,
+                           byte[] bytes, byte[] key, KeyUsage usage) throws KrbException {
+        CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+        byte[] checksumBytes = handler.checksumWithKey(bytes, key, usage.getValue());
+        CheckSum checkSum = new CheckSum();
+        checkSum.setCksumtype(checkSumType);
+        checkSum.setChecksum(checksumBytes);
+        return checkSum;
+    }
+
+    public static boolean verifyWithKey(CheckSum checkSum, byte[] bytes,
+                                        byte[] key, KeyUsage usage) throws KrbException {
+        CheckSumType checkSumType = checkSum.getCksumtype();
+        CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
+        return handler.verifyWithKey(bytes, key,
+                usage.getValue(), checkSum.getChecksum());
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTypeHandler.java
new file mode 100644
index 0000000..2eff5a1
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTypeHandler.java
@@ -0,0 +1,57 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public interface CheckSumTypeHandler extends CryptoTypeHandler {
+
+    public int confounderSize();
+
+    public CheckSumType cksumType();
+
+    public int computeSize(); // allocation size for checksum computation
+
+    public int outputSize(); // possibly truncated output size
+
+    public boolean isSafe();
+
+    public int cksumSize();
+
+    public int keySize();
+
+    public byte[] checksum(byte[] data) throws KrbException;
+
+    public byte[] checksum(byte[] data, int start, int len) throws KrbException;
+
+    public boolean verify(byte[] data, byte[] checksum) throws KrbException;
+
+    public boolean verify(byte[] data, int start, int len, byte[] checksum) throws KrbException;
+
+    public byte[] checksumWithKey(byte[] data,
+                                  byte[] key, int usage) throws KrbException;
+
+    public byte[] checksumWithKey(byte[] data, int start, int len,
+                                  byte[] key, int usage) throws KrbException;
+
+    public boolean verifyWithKey(byte[] data,
+                                 byte[] key, int usage, byte[] checksum) throws KrbException;
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Cmac.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Cmac.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Cmac.java
new file mode 100644
index 0000000..23314da
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Cmac.java
@@ -0,0 +1,178 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 cmac.c
+ */
+public class Cmac {
+
+    private static byte[] constRb = {
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, (byte) 0x87
+    };
+
+    public static byte[] cmac(EncryptProvider encProvider, byte[] key,
+                       byte[] data, int outputSize) throws KrbException {
+        return cmac(encProvider, key, data, 0, data.length, outputSize);
+    }
+
+    public static byte[] cmac(EncryptProvider encProvider, byte[] key, byte[] data,
+                       int start, int len, int outputSize) throws KrbException {
+        byte[] hash = Cmac.cmac(encProvider, key, data, start, len);
+        if (hash.length > outputSize) {
+            byte[] output = new byte[outputSize];
+            System.arraycopy(hash, 0, output, 0, outputSize);
+            return output;
+        } else {
+            return hash;
+        }
+    }
+
+    public static byte[] cmac(EncryptProvider encProvider,
+                              byte[] key, byte[] data) throws KrbException {
+        return cmac(encProvider, key, data, 0, data.length);
+    }
+
+    public static byte[] cmac(EncryptProvider encProvider,
+                              byte[] key, byte[] data, int start, int len) throws KrbException {
+
+        int blockSize = encProvider.blockSize();
+
+        byte[] Y = new byte[blockSize];
+        byte[] mLast = new byte[blockSize];
+        byte[] padded = new byte[blockSize];
+        byte[] K1 = new byte[blockSize];
+        byte[] K2 = new byte[blockSize];
+
+        // step 1
+        makeSubkey(encProvider, key, K1, K2);
+
+        // step 2
+        int n = (len + blockSize - 1) / blockSize;
+
+        // step 3
+        boolean lastIsComplete;
+        if (n == 0) {
+            n = 1;
+            lastIsComplete = false;
+        } else {
+            lastIsComplete = ((len % blockSize) == 0);
+        }
+
+        // Step 6 (all but last block)
+        byte[] cipherState = new byte[blockSize];
+        byte[] cipher = new byte[blockSize];
+        for (int i = 0; i < n - 1; i++) {
+            System.arraycopy(data, i * blockSize, cipher, 0, blockSize);
+            encryptBlock(encProvider, key, cipherState, cipher);
+            System.arraycopy(cipher, 0, cipherState, 0, blockSize);
+        }
+
+        // step 5
+        System.arraycopy(cipher, 0, Y, 0, blockSize);
+
+        // step 4
+        int lastPos = (n - 1) * blockSize;
+        int lastLen = lastIsComplete ? blockSize : len % blockSize;
+        byte[] lastBlock = new byte[lastLen];
+        System.arraycopy(data, lastPos, lastBlock, 0, lastLen);
+        if (lastIsComplete) {
+            BytesUtil.xor(lastBlock, K1, mLast);
+        } else {
+            padding(lastBlock, padded);
+            BytesUtil.xor(padded, K2, mLast);
+        }
+
+        // Step 6 (last block)
+        encryptBlock(encProvider, key, cipherState, mLast);
+
+        return mLast;
+    }
+
+    // Generate subkeys K1 and K2 as described in RFC 4493 figure 2.2.
+    private static void makeSubkey(EncryptProvider encProvider,
+                              byte[] key, byte[] K1, byte[] K2) throws KrbException {
+
+        // L := encrypt(K, const_Zero)
+        byte[] L = new byte[K1.length];
+        Arrays.fill(L, (byte) 0);
+        encryptBlock(encProvider, key, null, L);
+
+        // K1 := (MSB(L) == 0) ? L << 1 : (L << 1) XOR const_Rb
+        if ((L[0] & 0x80) == 0) {
+            leftShiftByOne(L, K1);
+        } else {
+            byte[] tmp = new byte[K1.length];
+            leftShiftByOne(L, tmp);
+            BytesUtil.xor(tmp, constRb, K1);
+        }
+
+        // K2 := (MSB(K1) == 0) ? K1 << 1 : (K1 << 1) XOR const_Rb
+        if ((K1[0] & 0x80) == 0) {
+            leftShiftByOne(K1, K2);
+        } else {
+            byte[] tmp = new byte[K1.length];
+            leftShiftByOne(K1, tmp);
+            BytesUtil.xor(tmp, constRb, K2);
+        }
+    }
+
+    private static void encryptBlock(EncryptProvider encProvider,
+                                     byte[] key, byte[] cipherState, byte[] block) throws KrbException {
+        if (cipherState == null) {
+            cipherState = new byte[encProvider.blockSize()];
+        }
+        if (encProvider.supportCbcMac()) {
+            encProvider.cbcMac(key, cipherState, block);
+        } else {
+            encProvider.encrypt(key, cipherState, block);
+        }
+    }
+
+    private static void leftShiftByOne(byte[] input, byte[] output) {
+        byte overflow = 0;
+
+        for (int i = input.length - 1; i >= 0; i--) {
+            output[i] = (byte) (input[i] << 1);
+            output[i] |= overflow;
+            overflow = (byte) ((input[i] & 0x80) != 0 ? 1 : 0);
+        }
+    }
+
+    // Padding out data with a 1 bit followed by 0 bits, placing the result in pad
+    private static void padding(byte[] data, byte[] padded) {
+        int len = data.length;
+
+        // original last block
+        System.arraycopy(data, 0, padded, 0, len);
+
+        padded[len] = (byte) 0x80;
+
+        for (int i = len + 1; i < padded.length; i++) {
+            padded[i] = 0x00;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Confounder.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Confounder.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Confounder.java
new file mode 100644
index 0000000..79f5848
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Confounder.java
@@ -0,0 +1,33 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public final class Confounder {
+
+    private static SecureRandom srand = new SecureRandom();
+
+    public static byte[] makeBytes(int size) {
+        byte[] data = new byte[size];
+        srand.nextBytes(data);
+        return data;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Crc32.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Crc32.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Crc32.java
new file mode 100644
index 0000000..59feee8
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Crc32.java
@@ -0,0 +1,78 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+/**
+ * Reference: http://introcs.cs.princeton.edu/java/51data/CRC32.java
+ */
+public class Crc32 {
+
+    private static long[] table = {
+            0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,
+            0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,
+            0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+            0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5,
+            0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+            0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+            0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f,
+            0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d,
+            0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+            0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+            0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
+            0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+            0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb,
+            0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9,
+            0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+            0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad,
+            0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683,
+            0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
+            0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7,
+            0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+            0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
+            0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79,
+            0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f,
+            0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
+            0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+            0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
+            0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
+            0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45,
+            0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db,
+            0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+            0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
+            0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d,
+    };
+
+    public static byte[] crc(byte[] data, int start, int size) {
+        long c = crc(0, data, start, size);
+        return BytesUtil.int2bytes((int) c, false);
+    }
+
+    public static long crc(long initial, byte[] data, int start, int len) {
+        long c = initial;
+
+        int idx;
+        for (int i = 0; i < len; i++) {
+            idx = (int) ((data[start + i] ^ c) & 0xff);
+            c = ((c & 0xffffffffL) >>> 8) ^ table[idx]; // why?
+        }
+
+        return c;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java
new file mode 100644
index 0000000..23c3097
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java
@@ -0,0 +1,34 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+
+public interface CryptoTypeHandler {
+
+    public String name();
+
+    public String displayName();
+
+    public EncryptProvider encProvider();
+
+    public HashProvider hashProvider();
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java
new file mode 100644
index 0000000..db3e637
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java
@@ -0,0 +1,84 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+/**
+ * Based on MIT krb5 weak_key.c
+ */
+public class Des {
+
+    /*
+     * The following are the weak DES keys:
+     */
+    static byte[][] WEAK_KEYS = {
+    /* weak keys */
+            {(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01},
+            {(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe},
+            {(byte) 0x1f,(byte) 0x1f,(byte) 0x1f,(byte) 0x1f,(byte) 0x0e,(byte) 0x0e,(byte) 0x0e,(byte) 0x0e},
+            {(byte) 0xe0,(byte) 0xe0,(byte) 0xe0,(byte) 0xe0,(byte) 0xf1,(byte) 0xf1,(byte) 0xf1,(byte) 0xf1},
+
+    /* semi-weak */
+            {(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe},
+            {(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01},
+
+            {(byte) 0x1f,(byte) 0xe0,(byte) 0x1f,(byte) 0xe0,(byte) 0x0e,(byte) 0xf1,(byte) 0x0e,(byte) 0xf1},
+            {(byte) 0xe0,(byte) 0x1f,(byte) 0xe0,(byte) 0x1f,(byte) 0xf1,(byte) 0x0e,(byte) 0xf1,(byte) 0x0e},
+
+            {(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xf1,(byte) 0x01,(byte) 0xf1},
+            {(byte) 0xe0,(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xf1,(byte) 0x01,(byte) 0xf1,(byte) 0x01},
+
+            {(byte) 0x1f,(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe},
+            {(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe,(byte) 0x0e},
+
+            {(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x0e,(byte) 0x01,(byte) 0x0e},
+            {(byte) 0x1f,(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x0e,(byte) 0x01,(byte) 0x0e,(byte) 0x01},
+
+            {(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe},
+            {(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1}
+    };
+
+    public static boolean isWeakKey(byte[] key, int offset, int len) {
+        boolean match;
+        for (byte[] weakKey : WEAK_KEYS) {
+            match = true;
+            if (weakKey.length == len) {
+                for (int i = 0; i < len; i++) {
+                    if (weakKey[i] != key[i]) {
+                        match = false;
+                        break;
+                    }
+                }
+            }
+            if (match) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * MIT krb5 FIXUP(k) in s2k_des.c
+     */
+    public static void fixKey(byte[] key, int offset, int len) {
+        if (isWeakKey(key, offset, len)) {
+            key[offset + 7] ^= (byte) 0xf0;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
new file mode 100644
index 0000000..de0e78e
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
@@ -0,0 +1,58 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+public interface EncTypeHandler extends CryptoTypeHandler {
+
+    public EncryptionType eType();
+
+    public int keyInputSize();
+
+    public int keySize();
+
+    public int confounderSize();
+
+    public int checksumSize();
+
+    public int paddingSize();
+
+    public byte[] str2key(String string,
+                          String salt, byte[] param) throws KrbException;
+
+    public byte[] random2Key(byte[] randomBits) throws KrbException;
+
+    public CheckSumType checksumType();
+
+    public byte[] encrypt(byte[] data, byte[] key, int usage)
+        throws KrbException;
+
+    public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
+        int usage) throws KrbException;
+
+    public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+        throws KrbException;
+
+    public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec,
+        int usage) throws KrbException;
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
new file mode 100644
index 0000000..ac0f6be
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
@@ -0,0 +1,174 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.crypto.enc.*;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.*;
+
+public class EncryptionHandler {
+
+    public static EncryptionType getEncryptionType(String eType) throws KrbException {
+        EncryptionType result = EncryptionType.fromName(eType);
+        return result;
+    }
+
+    public static EncTypeHandler getEncHandler(String eType) throws KrbException {
+        EncryptionType result = EncryptionType.fromName(eType);
+        return getEncHandler(result);
+    }
+
+    public static EncTypeHandler getEncHandler(int eType) throws KrbException {
+        EncryptionType eTypeEnum = EncryptionType.fromValue(eType);
+        return getEncHandler(eTypeEnum);
+    }
+
+    public static EncTypeHandler getEncHandler(EncryptionType eType) throws KrbException {
+        return getEncHandler(eType, false);
+    }
+
+    private static EncTypeHandler getEncHandler(EncryptionType eType, boolean check) throws KrbException {
+        EncTypeHandler encHandler = null;
+
+        switch (eType) {
+            case DES_CBC_CRC:
+                encHandler = new DesCbcCrcEnc();
+                break;
+
+            case DES_CBC_MD5:
+            case DES:
+                encHandler = new DesCbcMd5Enc();
+                break;
+
+            case DES_CBC_MD4:
+                encHandler = new DesCbcMd4Enc();
+                break;
+
+            case DES3_CBC_SHA1:
+            case DES3_CBC_SHA1_KD:
+            case DES3_HMAC_SHA1:
+                encHandler = new Des3CbcSha1Enc();
+                break;
+
+            case AES128_CTS_HMAC_SHA1_96:
+            case AES128_CTS:
+                encHandler = new Aes128CtsHmacSha1Enc();
+                break;
+
+            case AES256_CTS_HMAC_SHA1_96:
+            case AES256_CTS:
+                encHandler = new Aes256CtsHmacSha1Enc();
+                break;
+
+            case CAMELLIA128_CTS_CMAC:
+            case CAMELLIA128_CTS:
+                encHandler = new Camellia128CtsCmacEnc();
+                break;
+
+            case CAMELLIA256_CTS_CMAC:
+            case CAMELLIA256_CTS:
+                encHandler = new Camellia256CtsCmacEnc();
+                break;
+
+            case RC4_HMAC:
+            case ARCFOUR_HMAC:
+            case ARCFOUR_HMAC_MD5:
+                encHandler = new Rc4HmacEnc();
+                break;
+
+            case RC4_HMAC_EXP:
+            case ARCFOUR_HMAC_EXP:
+            case ARCFOUR_HMAC_MD5_EXP:
+                encHandler = new Rc4HmacExpEnc();
+                break;
+
+            case NONE:
+            default:
+                break;
+        }
+
+        if (encHandler == null && ! check) {
+            String message = "Unsupported encryption type: " + eType.name();
+            throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP, message);
+        }
+
+        return encHandler;
+    }
+
+    public static EncryptedData encrypt(byte[] plainText, EncryptionKey key, KeyUsage usage) throws KrbException {
+        EncTypeHandler handler = getEncHandler(key.getKeyType());
+        byte[] cipher = handler.encrypt(plainText, key.getKeyData(), usage.getValue());
+
+        EncryptedData ed = new EncryptedData();
+        ed.setCipher(cipher);
+        ed.setEType(key.getKeyType());
+        ed.setKvno(key.getKvno());
+
+        return ed;
+    }
+
+    public static byte[] decrypt(byte[] data, EncryptionKey key, KeyUsage usage) throws KrbException {
+        EncTypeHandler handler = getEncHandler(key.getKeyType());
+
+        byte[] plainData = handler.decrypt(data, key.getKeyData(), usage.getValue());
+        return plainData;
+    }
+
+    public static byte[] decrypt(EncryptedData data, EncryptionKey key, KeyUsage usage) throws KrbException {
+        EncTypeHandler handler = getEncHandler(key.getKeyType());
+
+        byte[] plainData = handler.decrypt(data.getCipher(), key.getKeyData(), usage.getValue());
+        return plainData;
+    }
+
+    public static boolean isImplemented(EncryptionType eType) {
+        EncTypeHandler handler = null;
+        try {
+            handler = getEncHandler(eType, true);
+        } catch (KrbException e) {
+            return false;
+        }
+        return  handler != null;
+    }
+
+    public static EncryptionKey string2Key(String principalName,
+          String passPhrase, EncryptionType eType) throws KrbException {
+        PrincipalName principal = new PrincipalName(principalName);
+        return string2Key(passPhrase,
+                PrincipalName.makeSalt(principal), null, eType);
+    }
+
+    public static EncryptionKey string2Key(String string, String salt,
+                   byte[] s2kparams, EncryptionType eType) throws KrbException {
+        EncTypeHandler handler = getEncHandler(eType);
+        byte[] keyBytes = handler.str2key(string, salt, s2kparams);
+        return new EncryptionKey(eType, keyBytes);
+    }
+
+    public static EncryptionKey random2Key(EncryptionType eType) throws KrbException {
+        EncTypeHandler handler = getEncHandler(eType);
+
+        byte[] randomBytes = Random.makeBytes(handler.keyInputSize());
+        byte[] keyBytes = handler.random2Key(randomBytes);
+        EncryptionKey encKey = new EncryptionKey(eType, keyBytes);
+        return encKey;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java
new file mode 100644
index 0000000..e7a7614
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java
@@ -0,0 +1,82 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 hmac.c
+ */
+public class Hmac {
+
+    public static byte[] hmac(HashProvider hashProvider, byte[] key,
+                       byte[] data, int outputSize) throws KrbException {
+        return hmac(hashProvider, key, data, 0, data.length, outputSize);
+    }
+
+    public static byte[] hmac(HashProvider hashProvider, byte[] key, byte[] data,
+                       int start, int len, int outputSize) throws KrbException {
+        byte[] hash = Hmac.hmac(hashProvider, key, data, start, len);
+
+        byte[] output = new byte[outputSize];
+        System.arraycopy(hash, 0, output, 0, outputSize);
+        return output;
+    }
+
+    public static byte[] hmac(HashProvider hashProvider,
+                              byte[] key, byte[] data) throws KrbException {
+        return hmac(hashProvider, key, data, 0, data.length);
+    }
+
+    public static byte[] hmac(HashProvider hashProvider,
+                              byte[] key, byte[] data, int start, int len) throws KrbException {
+
+        int blockLen = hashProvider.blockSize();
+        byte[] innerPaddedKey = new byte[blockLen];
+        byte[] outerPaddedKey = new byte[blockLen];
+
+        // Create the inner padded key
+        Arrays.fill(innerPaddedKey, (byte)0x36);
+        for (int i = 0; i < key.length; i++) {
+            innerPaddedKey[i] ^= key[i];
+        }
+
+        // Create the outer padded key
+        Arrays.fill(outerPaddedKey, (byte)0x5c);
+        for (int i = 0; i < key.length; i++) {
+            outerPaddedKey[i] ^= key[i];
+        }
+
+        hashProvider.hash(innerPaddedKey);
+
+        hashProvider.hash(data, start, len);
+
+        byte[] tmp = hashProvider.output();
+
+        hashProvider.hash(outerPaddedKey);
+        hashProvider.hash(tmp);
+
+        tmp = hashProvider.output();
+        return tmp;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java
new file mode 100644
index 0000000..4a4f1a0
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java
@@ -0,0 +1,338 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.security.DigestException;
+import java.security.MessageDigest;
+
+/**
+ * MD4.java - An implementation of Ron Rivest's MD4 message digest algorithm.
+ * The MD4 algorithm is designed to be quite fast on 32-bit machines. In
+ * addition, the MD4 algorithm does not require any large substitution
+ * tables.
+ *
+ * @see The <a href="http://www.ietf.org/rfc/rfc1320.txt">MD4</a> Message-
+ *    Digest Algorithm by R. Rivest.
+ *
+ * @author <a href="http://mina.apache.org">Apache MINA Project</a>
+ * @since MINA 2.0.0-M3
+ */
+
+/**
+ * Copied from Mina project and modified a bit
+ */
+public class Md4 extends MessageDigest {
+
+    /**
+     * The MD4 algorithm message digest length is 16 bytes wide.
+     */
+    public static final int BYTE_DIGEST_LENGTH = 16;
+
+    /**
+     * The MD4 algorithm block length is 64 bytes wide.
+     */
+    public static final int BYTE_BLOCK_LENGTH = 64;
+
+    /**
+     * The initial values of the four registers. RFC gives the values 
+     * in LE so we converted it as JAVA uses BE endianness.
+     */
+    private final static int A = 0x67452301;
+
+    private final static int B = 0xefcdab89;
+
+    private final static int C = 0x98badcfe;
+
+    private final static int D = 0x10325476;
+
+    /**
+     * The four registers initialized with the above IVs.
+     */
+    private int a = A;
+
+    private int b = B;
+
+    private int c = C;
+
+    private int d = D;
+
+    /**
+     * Counts the total length of the data being digested.
+     */
+    private long msgLength;
+
+    /**
+     * The internal buffer is {@link BLOCK_LENGTH} wide.
+     */
+    private final byte[] buffer = new byte[BYTE_BLOCK_LENGTH];
+
+    /**
+     * Default constructor.
+     */
+    public Md4() {
+        super("MD4");
+        engineReset();
+    }
+
+    /**
+     * Returns the digest length in bytes.
+     *
+     * @return the digest length in bytes.
+     */
+    protected int engineGetDigestLength() {
+        return BYTE_DIGEST_LENGTH;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected void engineUpdate(byte b) {
+        int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+        buffer[pos] = b;
+        msgLength++;
+
+        // If buffer contains enough data then process it.
+        if (pos == (BYTE_BLOCK_LENGTH - 1)) {
+            process(buffer, 0);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected void engineUpdate(byte[] b, int offset, int len) {
+        int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+        int nbOfCharsToFillBuf = BYTE_BLOCK_LENGTH - pos;
+        int blkStart = 0;
+
+        msgLength += len;
+
+        // Process each full block
+        if (len >= nbOfCharsToFillBuf) {
+            System.arraycopy(b, offset, buffer, pos, nbOfCharsToFillBuf);
+            process(buffer, 0);
+            for (blkStart = nbOfCharsToFillBuf; blkStart + BYTE_BLOCK_LENGTH - 1 < len; blkStart += BYTE_BLOCK_LENGTH) {
+                process(b, offset + blkStart);
+            }
+            pos = 0;
+        }
+
+        // Fill buffer with the remaining data
+        if (blkStart < len) {
+            System.arraycopy(b, offset + blkStart, buffer, pos, len - blkStart);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected byte[] engineDigest() {
+        byte[] p = pad();
+        engineUpdate(p, 0, p.length);
+        byte[] digest = { (byte) a, (byte) (a >>> 8), (byte) (a >>> 16), (byte) (a >>> 24), (byte) b, (byte) (b >>> 8),
+                (byte) (b >>> 16), (byte) (b >>> 24), (byte) c, (byte) (c >>> 8), (byte) (c >>> 16), (byte) (c >>> 24),
+                (byte) d, (byte) (d >>> 8), (byte) (d >>> 16), (byte) (d >>> 24) };
+
+        engineReset();
+
+        return digest;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected int engineDigest(byte[] buf, int offset, int len) throws DigestException {
+        if (offset < 0 || offset + len >= buf.length) {
+            throw new DigestException("Wrong offset or not enough space to store the digest");
+        }
+        int destLength = Math.min(len, BYTE_DIGEST_LENGTH);
+        System.arraycopy(engineDigest(), 0, buf, offset, destLength);
+        return destLength;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected void engineReset() {
+        a = A;
+        b = B;
+        c = C;
+        d = D;
+        msgLength = 0;
+    }
+
+    /**
+     * Pads the buffer by appending the byte 0x80, then append as many zero 
+     * bytes as necessary to make the buffer length a multiple of 64 bytes.  
+     * The last 8 bytes will be filled with the length of the buffer in bits.
+     * If there's no room to store the length in bits in the block i.e the block 
+     * is larger than 56 bytes then an additionnal 64-bytes block is appended.
+     * 
+     * @see sections 3.1 & 3.2 of the RFC 1320.
+     * 
+     * @return the pad byte array
+     */
+    private byte[] pad() {
+        int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+        int padLength = (pos < 56) ? (64 - pos) : (128 - pos);
+        byte[] pad = new byte[padLength];
+
+        // First bit of the padding set to 1
+        pad[0] = (byte) 0x80;
+
+        long bits = msgLength << 3;
+        int index = padLength - 8;
+        for (int i = 0; i < 8; i++) {
+            pad[index++] = (byte) (bits >>> (i << 3));
+        }
+
+        return pad;
+    }
+
+    /** 
+     * Process one 64-byte block. Algorithm is constituted by three rounds.
+     * Note that F, G and H functions were inlined for improved performance.
+     * 
+     * @param in the byte array to process
+     * @param offset the offset at which the 64-byte block is stored
+     */
+    private void process(byte[] in, int offset) {
+        // Save previous state.
+        int aa = a;
+        int bb = b;
+        int cc = c;
+        int dd = d;
+
+        // Copy the block to process into X array
+        int[] X = new int[16];
+        for (int i = 0; i < 16; i++) {
+            X[i] = (in[offset++] & 0xff) | (in[offset++] & 0xff) << 8 | (in[offset++] & 0xff) << 16
+                    | (in[offset++] & 0xff) << 24;
+        }
+
+        // Round 1
+        a += ((b & c) | (~b & d)) + X[0];
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & b) | (~a & c)) + X[1];
+        d = d << 7 | d >>> (32 - 7);
+        c += ((d & a) | (~d & b)) + X[2];
+        c = c << 11 | c >>> (32 - 11);
+        b += ((c & d) | (~c & a)) + X[3];
+        b = b << 19 | b >>> (32 - 19);
+        a += ((b & c) | (~b & d)) + X[4];
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & b) | (~a & c)) + X[5];
+        d = d << 7 | d >>> (32 - 7);
+        c += ((d & a) | (~d & b)) + X[6];
+        c = c << 11 | c >>> (32 - 11);
+        b += ((c & d) | (~c & a)) + X[7];
+        b = b << 19 | b >>> (32 - 19);
+        a += ((b & c) | (~b & d)) + X[8];
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & b) | (~a & c)) + X[9];
+        d = d << 7 | d >>> (32 - 7);
+        c += ((d & a) | (~d & b)) + X[10];
+        c = c << 11 | c >>> (32 - 11);
+        b += ((c & d) | (~c & a)) + X[11];
+        b = b << 19 | b >>> (32 - 19);
+        a += ((b & c) | (~b & d)) + X[12];
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & b) | (~a & c)) + X[13];
+        d = d << 7 | d >>> (32 - 7);
+        c += ((d & a) | (~d & b)) + X[14];
+        c = c << 11 | c >>> (32 - 11);
+        b += ((c & d) | (~c & a)) + X[15];
+        b = b << 19 | b >>> (32 - 19);
+
+        // Round 2
+        a += ((b & (c | d)) | (c & d)) + X[0] + 0x5a827999;
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & (b | c)) | (b & c)) + X[4] + 0x5a827999;
+        d = d << 5 | d >>> (32 - 5);
+        c += ((d & (a | b)) | (a & b)) + X[8] + 0x5a827999;
+        c = c << 9 | c >>> (32 - 9);
+        b += ((c & (d | a)) | (d & a)) + X[12] + 0x5a827999;
+        b = b << 13 | b >>> (32 - 13);
+        a += ((b & (c | d)) | (c & d)) + X[1] + 0x5a827999;
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & (b | c)) | (b & c)) + X[5] + 0x5a827999;
+        d = d << 5 | d >>> (32 - 5);
+        c += ((d & (a | b)) | (a & b)) + X[9] + 0x5a827999;
+        c = c << 9 | c >>> (32 - 9);
+        b += ((c & (d | a)) | (d & a)) + X[13] + 0x5a827999;
+        b = b << 13 | b >>> (32 - 13);
+        a += ((b & (c | d)) | (c & d)) + X[2] + 0x5a827999;
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & (b | c)) | (b & c)) + X[6] + 0x5a827999;
+        d = d << 5 | d >>> (32 - 5);
+        c += ((d & (a | b)) | (a & b)) + X[10] + 0x5a827999;
+        c = c << 9 | c >>> (32 - 9);
+        b += ((c & (d | a)) | (d & a)) + X[14] + 0x5a827999;
+        b = b << 13 | b >>> (32 - 13);
+        a += ((b & (c | d)) | (c & d)) + X[3] + 0x5a827999;
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & (b | c)) | (b & c)) + X[7] + 0x5a827999;
+        d = d << 5 | d >>> (32 - 5);
+        c += ((d & (a | b)) | (a & b)) + X[11] + 0x5a827999;
+        c = c << 9 | c >>> (32 - 9);
+        b += ((c & (d | a)) | (d & a)) + X[15] + 0x5a827999;
+        b = b << 13 | b >>> (32 - 13);
+
+        // Round 3
+        a += (b ^ c ^ d) + X[0] + 0x6ed9eba1;
+        a = a << 3 | a >>> (32 - 3);
+        d += (a ^ b ^ c) + X[8] + 0x6ed9eba1;
+        d = d << 9 | d >>> (32 - 9);
+        c += (d ^ a ^ b) + X[4] + 0x6ed9eba1;
+        c = c << 11 | c >>> (32 - 11);
+        b += (c ^ d ^ a) + X[12] + 0x6ed9eba1;
+        b = b << 15 | b >>> (32 - 15);
+        a += (b ^ c ^ d) + X[2] + 0x6ed9eba1;
+        a = a << 3 | a >>> (32 - 3);
+        d += (a ^ b ^ c) + X[10] + 0x6ed9eba1;
+        d = d << 9 | d >>> (32 - 9);
+        c += (d ^ a ^ b) + X[6] + 0x6ed9eba1;
+        c = c << 11 | c >>> (32 - 11);
+        b += (c ^ d ^ a) + X[14] + 0x6ed9eba1;
+        b = b << 15 | b >>> (32 - 15);
+        a += (b ^ c ^ d) + X[1] + 0x6ed9eba1;
+        a = a << 3 | a >>> (32 - 3);
+        d += (a ^ b ^ c) + X[9] + 0x6ed9eba1;
+        d = d << 9 | d >>> (32 - 9);
+        c += (d ^ a ^ b) + X[5] + 0x6ed9eba1;
+        c = c << 11 | c >>> (32 - 11);
+        b += (c ^ d ^ a) + X[13] + 0x6ed9eba1;
+        b = b << 15 | b >>> (32 - 15);
+        a += (b ^ c ^ d) + X[3] + 0x6ed9eba1;
+        a = a << 3 | a >>> (32 - 3);
+        d += (a ^ b ^ c) + X[11] + 0x6ed9eba1;
+        d = d << 9 | d >>> (32 - 9);
+        c += (d ^ a ^ b) + X[7] + 0x6ed9eba1;
+        c = c << 11 | c >>> (32 - 11);
+        b += (c ^ d ^ a) + X[15] + 0x6ed9eba1;
+        b = b << 15 | b >>> (32 - 15);
+
+        //Update state.
+        a += aa;
+        b += bb;
+        c += cc;
+        d += dd;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java
new file mode 100644
index 0000000..9c98fcc
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java
@@ -0,0 +1,102 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 nfold.c
+ */
+
+/*
+ * n-fold(k-bits):
+ * l = lcm(n,k)
+ * r = l/k
+ * s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
+ * compute the 1's complement sum:
+ * n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
+ */
+public class Nfold {
+
+    /**
+     * representation: msb first, assume n and k are multiples of 8, and
+     * that k>=16.  this is the case of all the cryptosystems which are
+     * likely to be used.  this function can be replaced if that
+     * assumption ever fails.
+     */
+    public static byte[] nfold(byte[] inBytes, int size) {
+        int inBytesNum = inBytes.length; // count inBytes byte
+        int outBytesNum = size; // count inBytes byte
+
+        int a, b, c, lcm;
+        a = outBytesNum;
+        b = inBytesNum;
+
+        while (b != 0) {
+            c = b;
+            b = a % b;
+            a = c;
+        }
+        lcm = (outBytesNum * inBytesNum) / a;
+
+        byte[] outBytes = new byte[outBytesNum];
+        Arrays.fill(outBytes, (byte)0);
+
+        int tmpByte = 0;
+        int msbit, i, tmp;
+
+        for (i = lcm-1; i >= 0; i--) {
+            // first, start with the msbit inBytes the first, unrotated byte
+            tmp = ((inBytesNum<<3)-1);
+            // then, for each byte, shift to the right for each repetition
+            tmp += (((inBytesNum<<3)+13)*(i/inBytesNum));
+            // last, pick outBytes the correct byte within that shifted repetition
+            tmp += ((inBytesNum-(i%inBytesNum)) << 3);
+
+            msbit = tmp % (inBytesNum << 3);
+
+            // pull outBytes the byte value itself
+            tmp =  ((((inBytes[((inBytesNum - 1)-(msbit >>> 3)) % inBytesNum] & 0xff) << 8) |
+                (inBytes[((inBytesNum) - (msbit >>> 3)) % inBytesNum] & 0xff))
+                >>>((msbit & 7)+1)) & 0xff;
+
+            tmpByte += tmp;
+            tmp = (outBytes[i % outBytesNum] & 0xff);
+            tmpByte += tmp;
+
+            outBytes[i % outBytesNum] = (byte) (tmpByte & 0xff);
+
+            tmpByte >>>= 8;
+        }
+
+        // if there's a carry bit left over, add it back inBytes
+        if (tmpByte != 0) {
+            for (i = outBytesNum-1; i >= 0; i--) {
+                // do the addition
+                tmpByte += (outBytes[i] & 0xff);
+                outBytes[i] = (byte) (tmpByte & 0xff);
+
+                tmpByte >>>= 8;
+            }
+        }
+
+        return outBytes;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java
new file mode 100644
index 0000000..0f22f97
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java
@@ -0,0 +1,32 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public class Nonce {
+
+    private static SecureRandom srand = new SecureRandom();
+
+    public static synchronized int value() {
+        int value = srand.nextInt();
+        return value & 0x7fffffff;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java
new file mode 100644
index 0000000..989772b
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java
@@ -0,0 +1,40 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import java.security.GeneralSecurityException;
+
+public class Pbkdf {
+
+    public static byte[] PBKDF2(char[] secret, byte[] salt,
+                                   int count, int keySize) throws GeneralSecurityException {
+
+        PBEKeySpec ks = new PBEKeySpec(secret, salt, count, keySize * 8);
+        SecretKeyFactory skf =
+                SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+        SecretKey key = skf.generateSecret(ks);
+        byte[] result = key.getEncoded();
+
+        return result;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java
new file mode 100644
index 0000000..cd6bf71
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java
@@ -0,0 +1,33 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public final class Random {
+
+    private static SecureRandom srand = new SecureRandom();
+
+    public static byte[] makeBytes(int size) {
+        byte[] data = new byte[size];
+        srand.nextBytes(data);
+        return data;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java
new file mode 100644
index 0000000..b45c4eb
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java
@@ -0,0 +1,63 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+/**
+ * Based on MIT krb5 enc_rc4.c
+ */
+public class Rc4 {
+
+    private static byte[] L40 = "fortybits".getBytes();
+
+    public static byte[] getSalt(int usage, boolean exportable) {
+        int newUsage = convertUsage(usage);
+        byte[] salt;
+
+        if (exportable) {
+            salt = new byte[14];
+            System.arraycopy(L40, 0, salt, 0, 9);
+            BytesUtil.int2bytes(newUsage, salt, 10, false);
+        } else {
+            salt = new byte[4];
+            BytesUtil.int2bytes(newUsage, salt, 0, false);
+        }
+
+        return salt;
+    }
+
+    private static int convertUsage(int usage) {
+        switch (usage) {
+            case 1:  return 1;   /* AS-REQ PA-ENC-TIMESTAMP padata timestamp,  */
+            case 2:  return 2;   /* ticket from kdc */
+            case 3:  return 8;   /* as-rep encrypted part */
+            case 4:  return 4;   /* tgs-req authz data */
+            case 5:  return 5;   /* tgs-req authz data in subkey */
+            case 6:  return 6;   /* tgs-req authenticator cksum */
+            case 7:  return 7;   /* tgs-req authenticator */
+            case 8:  return 8;
+            case 9:  return 9;   /* tgs-rep encrypted with subkey */
+            case 10: return 10;  /* ap-rep authentication cksum (never used by MS) */
+            case 11: return 11;  /* app-req authenticator */
+            case 12: return 12;  /* app-rep encrypted part */
+            case 23: return 13;  /* sign wrap token*/
+            default: return usage;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
new file mode 100644
index 0000000..49a62c7
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
@@ -0,0 +1,112 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.AbstractCryptoTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.CheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class AbstractCheckSumTypeHandler
+        extends AbstractCryptoTypeHandler implements CheckSumTypeHandler {
+
+    private int computeSize;
+    private int outputSize;
+
+    public AbstractCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider,
+                                       int computeSize, int outputSize) {
+        super(encProvider, hashProvider);
+        this.computeSize = computeSize;
+        this.outputSize = outputSize;
+    }
+
+    @Override
+    public String name() {
+        return cksumType().getName();
+    }
+
+    @Override
+    public String displayName() {
+        return cksumType().getDisplayName();
+    }
+
+    @Override
+    public int computeSize() {
+        return computeSize;
+    }
+
+    @Override
+    public int outputSize() {
+        return outputSize;
+    }
+
+    public boolean isSafe() {
+        return false;
+    }
+
+    public int cksumSize() {
+        return 4;
+    }
+
+    public int keySize() {
+        return 0;
+    }
+
+    public int confounderSize() {
+        return 0;
+    }
+
+    @Override
+    public byte[] checksum(byte[] data) throws KrbException {
+        return checksum(data, 0, data.length);
+    }
+
+    @Override
+    public byte[] checksum(byte[] data, int start, int size) throws KrbException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public boolean verify(byte[] data, byte[] checksum) throws KrbException {
+        return verify(data, 0, data.length, checksum);
+    }
+
+    @Override
+    public boolean verify(byte[] data, int start, int size, byte[] checksum) throws KrbException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public byte[] checksumWithKey(byte[] data,
+                                  byte[] key, int usage) throws KrbException {
+        return checksumWithKey(data, 0, data.length, key, usage);
+    }
+
+    @Override
+    public byte[] checksumWithKey(byte[] data, int start, int size,
+                                  byte[] key, int usage) throws KrbException {
+        throw new UnsupportedOperationException();
+    }
+    @Override
+    public boolean verifyWithKey(byte[] data,
+                                 byte[] key, int usage, byte[] checksum) throws KrbException {
+        throw new UnsupportedOperationException();
+    }
+}


Mime
View raw message