directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [20/50] [abbrv] directory-kerberos git commit: Many changes with newname
Date Thu, 22 Jan 2015 00:56:44 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java
new file mode 100644
index 0000000..23c3097
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java
@@ -0,0 +1,34 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+
+public interface CryptoTypeHandler {
+
+    public String name();
+
+    public String displayName();
+
+    public EncryptProvider encProvider();
+
+    public HashProvider hashProvider();
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java
new file mode 100644
index 0000000..db3e637
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java
@@ -0,0 +1,84 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+/**
+ * Based on MIT krb5 weak_key.c
+ */
+public class Des {
+
+    /*
+     * The following are the weak DES keys:
+     */
+    static byte[][] WEAK_KEYS = {
+    /* weak keys */
+            {(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01},
+            {(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe},
+            {(byte) 0x1f,(byte) 0x1f,(byte) 0x1f,(byte) 0x1f,(byte) 0x0e,(byte) 0x0e,(byte) 0x0e,(byte) 0x0e},
+            {(byte) 0xe0,(byte) 0xe0,(byte) 0xe0,(byte) 0xe0,(byte) 0xf1,(byte) 0xf1,(byte) 0xf1,(byte) 0xf1},
+
+    /* semi-weak */
+            {(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe},
+            {(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01},
+
+            {(byte) 0x1f,(byte) 0xe0,(byte) 0x1f,(byte) 0xe0,(byte) 0x0e,(byte) 0xf1,(byte) 0x0e,(byte) 0xf1},
+            {(byte) 0xe0,(byte) 0x1f,(byte) 0xe0,(byte) 0x1f,(byte) 0xf1,(byte) 0x0e,(byte) 0xf1,(byte) 0x0e},
+
+            {(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xf1,(byte) 0x01,(byte) 0xf1},
+            {(byte) 0xe0,(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xf1,(byte) 0x01,(byte) 0xf1,(byte) 0x01},
+
+            {(byte) 0x1f,(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe},
+            {(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe,(byte) 0x0e},
+
+            {(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x0e,(byte) 0x01,(byte) 0x0e},
+            {(byte) 0x1f,(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x0e,(byte) 0x01,(byte) 0x0e,(byte) 0x01},
+
+            {(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe},
+            {(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1}
+    };
+
+    public static boolean isWeakKey(byte[] key, int offset, int len) {
+        boolean match;
+        for (byte[] weakKey : WEAK_KEYS) {
+            match = true;
+            if (weakKey.length == len) {
+                for (int i = 0; i < len; i++) {
+                    if (weakKey[i] != key[i]) {
+                        match = false;
+                        break;
+                    }
+                }
+            }
+            if (match) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * MIT krb5 FIXUP(k) in s2k_des.c
+     */
+    public static void fixKey(byte[] key, int offset, int len) {
+        if (isWeakKey(key, offset, len)) {
+            key[offset + 7] ^= (byte) 0xf0;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
new file mode 100644
index 0000000..de0e78e
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
@@ -0,0 +1,58 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+public interface EncTypeHandler extends CryptoTypeHandler {
+
+    public EncryptionType eType();
+
+    public int keyInputSize();
+
+    public int keySize();
+
+    public int confounderSize();
+
+    public int checksumSize();
+
+    public int paddingSize();
+
+    public byte[] str2key(String string,
+                          String salt, byte[] param) throws KrbException;
+
+    public byte[] random2Key(byte[] randomBits) throws KrbException;
+
+    public CheckSumType checksumType();
+
+    public byte[] encrypt(byte[] data, byte[] key, int usage)
+        throws KrbException;
+
+    public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
+        int usage) throws KrbException;
+
+    public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+        throws KrbException;
+
+    public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec,
+        int usage) throws KrbException;
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
new file mode 100644
index 0000000..ac0f6be
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
@@ -0,0 +1,174 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.crypto.enc.*;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.*;
+
+public class EncryptionHandler {
+
+    public static EncryptionType getEncryptionType(String eType) throws KrbException {
+        EncryptionType result = EncryptionType.fromName(eType);
+        return result;
+    }
+
+    public static EncTypeHandler getEncHandler(String eType) throws KrbException {
+        EncryptionType result = EncryptionType.fromName(eType);
+        return getEncHandler(result);
+    }
+
+    public static EncTypeHandler getEncHandler(int eType) throws KrbException {
+        EncryptionType eTypeEnum = EncryptionType.fromValue(eType);
+        return getEncHandler(eTypeEnum);
+    }
+
+    public static EncTypeHandler getEncHandler(EncryptionType eType) throws KrbException {
+        return getEncHandler(eType, false);
+    }
+
+    private static EncTypeHandler getEncHandler(EncryptionType eType, boolean check) throws KrbException {
+        EncTypeHandler encHandler = null;
+
+        switch (eType) {
+            case DES_CBC_CRC:
+                encHandler = new DesCbcCrcEnc();
+                break;
+
+            case DES_CBC_MD5:
+            case DES:
+                encHandler = new DesCbcMd5Enc();
+                break;
+
+            case DES_CBC_MD4:
+                encHandler = new DesCbcMd4Enc();
+                break;
+
+            case DES3_CBC_SHA1:
+            case DES3_CBC_SHA1_KD:
+            case DES3_HMAC_SHA1:
+                encHandler = new Des3CbcSha1Enc();
+                break;
+
+            case AES128_CTS_HMAC_SHA1_96:
+            case AES128_CTS:
+                encHandler = new Aes128CtsHmacSha1Enc();
+                break;
+
+            case AES256_CTS_HMAC_SHA1_96:
+            case AES256_CTS:
+                encHandler = new Aes256CtsHmacSha1Enc();
+                break;
+
+            case CAMELLIA128_CTS_CMAC:
+            case CAMELLIA128_CTS:
+                encHandler = new Camellia128CtsCmacEnc();
+                break;
+
+            case CAMELLIA256_CTS_CMAC:
+            case CAMELLIA256_CTS:
+                encHandler = new Camellia256CtsCmacEnc();
+                break;
+
+            case RC4_HMAC:
+            case ARCFOUR_HMAC:
+            case ARCFOUR_HMAC_MD5:
+                encHandler = new Rc4HmacEnc();
+                break;
+
+            case RC4_HMAC_EXP:
+            case ARCFOUR_HMAC_EXP:
+            case ARCFOUR_HMAC_MD5_EXP:
+                encHandler = new Rc4HmacExpEnc();
+                break;
+
+            case NONE:
+            default:
+                break;
+        }
+
+        if (encHandler == null && ! check) {
+            String message = "Unsupported encryption type: " + eType.name();
+            throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP, message);
+        }
+
+        return encHandler;
+    }
+
+    public static EncryptedData encrypt(byte[] plainText, EncryptionKey key, KeyUsage usage) throws KrbException {
+        EncTypeHandler handler = getEncHandler(key.getKeyType());
+        byte[] cipher = handler.encrypt(plainText, key.getKeyData(), usage.getValue());
+
+        EncryptedData ed = new EncryptedData();
+        ed.setCipher(cipher);
+        ed.setEType(key.getKeyType());
+        ed.setKvno(key.getKvno());
+
+        return ed;
+    }
+
+    public static byte[] decrypt(byte[] data, EncryptionKey key, KeyUsage usage) throws KrbException {
+        EncTypeHandler handler = getEncHandler(key.getKeyType());
+
+        byte[] plainData = handler.decrypt(data, key.getKeyData(), usage.getValue());
+        return plainData;
+    }
+
+    public static byte[] decrypt(EncryptedData data, EncryptionKey key, KeyUsage usage) throws KrbException {
+        EncTypeHandler handler = getEncHandler(key.getKeyType());
+
+        byte[] plainData = handler.decrypt(data.getCipher(), key.getKeyData(), usage.getValue());
+        return plainData;
+    }
+
+    public static boolean isImplemented(EncryptionType eType) {
+        EncTypeHandler handler = null;
+        try {
+            handler = getEncHandler(eType, true);
+        } catch (KrbException e) {
+            return false;
+        }
+        return  handler != null;
+    }
+
+    public static EncryptionKey string2Key(String principalName,
+          String passPhrase, EncryptionType eType) throws KrbException {
+        PrincipalName principal = new PrincipalName(principalName);
+        return string2Key(passPhrase,
+                PrincipalName.makeSalt(principal), null, eType);
+    }
+
+    public static EncryptionKey string2Key(String string, String salt,
+                   byte[] s2kparams, EncryptionType eType) throws KrbException {
+        EncTypeHandler handler = getEncHandler(eType);
+        byte[] keyBytes = handler.str2key(string, salt, s2kparams);
+        return new EncryptionKey(eType, keyBytes);
+    }
+
+    public static EncryptionKey random2Key(EncryptionType eType) throws KrbException {
+        EncTypeHandler handler = getEncHandler(eType);
+
+        byte[] randomBytes = Random.makeBytes(handler.keyInputSize());
+        byte[] keyBytes = handler.random2Key(randomBytes);
+        EncryptionKey encKey = new EncryptionKey(eType, keyBytes);
+        return encKey;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java
new file mode 100644
index 0000000..e7a7614
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java
@@ -0,0 +1,82 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 hmac.c
+ */
+public class Hmac {
+
+    public static byte[] hmac(HashProvider hashProvider, byte[] key,
+                       byte[] data, int outputSize) throws KrbException {
+        return hmac(hashProvider, key, data, 0, data.length, outputSize);
+    }
+
+    public static byte[] hmac(HashProvider hashProvider, byte[] key, byte[] data,
+                       int start, int len, int outputSize) throws KrbException {
+        byte[] hash = Hmac.hmac(hashProvider, key, data, start, len);
+
+        byte[] output = new byte[outputSize];
+        System.arraycopy(hash, 0, output, 0, outputSize);
+        return output;
+    }
+
+    public static byte[] hmac(HashProvider hashProvider,
+                              byte[] key, byte[] data) throws KrbException {
+        return hmac(hashProvider, key, data, 0, data.length);
+    }
+
+    public static byte[] hmac(HashProvider hashProvider,
+                              byte[] key, byte[] data, int start, int len) throws KrbException {
+
+        int blockLen = hashProvider.blockSize();
+        byte[] innerPaddedKey = new byte[blockLen];
+        byte[] outerPaddedKey = new byte[blockLen];
+
+        // Create the inner padded key
+        Arrays.fill(innerPaddedKey, (byte)0x36);
+        for (int i = 0; i < key.length; i++) {
+            innerPaddedKey[i] ^= key[i];
+        }
+
+        // Create the outer padded key
+        Arrays.fill(outerPaddedKey, (byte)0x5c);
+        for (int i = 0; i < key.length; i++) {
+            outerPaddedKey[i] ^= key[i];
+        }
+
+        hashProvider.hash(innerPaddedKey);
+
+        hashProvider.hash(data, start, len);
+
+        byte[] tmp = hashProvider.output();
+
+        hashProvider.hash(outerPaddedKey);
+        hashProvider.hash(tmp);
+
+        tmp = hashProvider.output();
+        return tmp;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java
new file mode 100644
index 0000000..4a4f1a0
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java
@@ -0,0 +1,338 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.security.DigestException;
+import java.security.MessageDigest;
+
+/**
+ * MD4.java - An implementation of Ron Rivest's MD4 message digest algorithm.
+ * The MD4 algorithm is designed to be quite fast on 32-bit machines. In
+ * addition, the MD4 algorithm does not require any large substitution
+ * tables.
+ *
+ * @see The <a href="http://www.ietf.org/rfc/rfc1320.txt">MD4</a> Message-
+ *    Digest Algorithm by R. Rivest.
+ *
+ * @author <a href="http://mina.apache.org">Apache MINA Project</a>
+ * @since MINA 2.0.0-M3
+ */
+
+/**
+ * Copied from Mina project and modified a bit
+ */
+public class Md4 extends MessageDigest {
+
+    /**
+     * The MD4 algorithm message digest length is 16 bytes wide.
+     */
+    public static final int BYTE_DIGEST_LENGTH = 16;
+
+    /**
+     * The MD4 algorithm block length is 64 bytes wide.
+     */
+    public static final int BYTE_BLOCK_LENGTH = 64;
+
+    /**
+     * The initial values of the four registers. RFC gives the values 
+     * in LE so we converted it as JAVA uses BE endianness.
+     */
+    private final static int A = 0x67452301;
+
+    private final static int B = 0xefcdab89;
+
+    private final static int C = 0x98badcfe;
+
+    private final static int D = 0x10325476;
+
+    /**
+     * The four registers initialized with the above IVs.
+     */
+    private int a = A;
+
+    private int b = B;
+
+    private int c = C;
+
+    private int d = D;
+
+    /**
+     * Counts the total length of the data being digested.
+     */
+    private long msgLength;
+
+    /**
+     * The internal buffer is {@link BLOCK_LENGTH} wide.
+     */
+    private final byte[] buffer = new byte[BYTE_BLOCK_LENGTH];
+
+    /**
+     * Default constructor.
+     */
+    public Md4() {
+        super("MD4");
+        engineReset();
+    }
+
+    /**
+     * Returns the digest length in bytes.
+     *
+     * @return the digest length in bytes.
+     */
+    protected int engineGetDigestLength() {
+        return BYTE_DIGEST_LENGTH;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected void engineUpdate(byte b) {
+        int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+        buffer[pos] = b;
+        msgLength++;
+
+        // If buffer contains enough data then process it.
+        if (pos == (BYTE_BLOCK_LENGTH - 1)) {
+            process(buffer, 0);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected void engineUpdate(byte[] b, int offset, int len) {
+        int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+        int nbOfCharsToFillBuf = BYTE_BLOCK_LENGTH - pos;
+        int blkStart = 0;
+
+        msgLength += len;
+
+        // Process each full block
+        if (len >= nbOfCharsToFillBuf) {
+            System.arraycopy(b, offset, buffer, pos, nbOfCharsToFillBuf);
+            process(buffer, 0);
+            for (blkStart = nbOfCharsToFillBuf; blkStart + BYTE_BLOCK_LENGTH - 1 < len; blkStart += BYTE_BLOCK_LENGTH) {
+                process(b, offset + blkStart);
+            }
+            pos = 0;
+        }
+
+        // Fill buffer with the remaining data
+        if (blkStart < len) {
+            System.arraycopy(b, offset + blkStart, buffer, pos, len - blkStart);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected byte[] engineDigest() {
+        byte[] p = pad();
+        engineUpdate(p, 0, p.length);
+        byte[] digest = { (byte) a, (byte) (a >>> 8), (byte) (a >>> 16), (byte) (a >>> 24), (byte) b, (byte) (b >>> 8),
+                (byte) (b >>> 16), (byte) (b >>> 24), (byte) c, (byte) (c >>> 8), (byte) (c >>> 16), (byte) (c >>> 24),
+                (byte) d, (byte) (d >>> 8), (byte) (d >>> 16), (byte) (d >>> 24) };
+
+        engineReset();
+
+        return digest;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected int engineDigest(byte[] buf, int offset, int len) throws DigestException {
+        if (offset < 0 || offset + len >= buf.length) {
+            throw new DigestException("Wrong offset or not enough space to store the digest");
+        }
+        int destLength = Math.min(len, BYTE_DIGEST_LENGTH);
+        System.arraycopy(engineDigest(), 0, buf, offset, destLength);
+        return destLength;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    protected void engineReset() {
+        a = A;
+        b = B;
+        c = C;
+        d = D;
+        msgLength = 0;
+    }
+
+    /**
+     * Pads the buffer by appending the byte 0x80, then append as many zero 
+     * bytes as necessary to make the buffer length a multiple of 64 bytes.  
+     * The last 8 bytes will be filled with the length of the buffer in bits.
+     * If there's no room to store the length in bits in the block i.e the block 
+     * is larger than 56 bytes then an additionnal 64-bytes block is appended.
+     * 
+     * @see sections 3.1 & 3.2 of the RFC 1320.
+     * 
+     * @return the pad byte array
+     */
+    private byte[] pad() {
+        int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+        int padLength = (pos < 56) ? (64 - pos) : (128 - pos);
+        byte[] pad = new byte[padLength];
+
+        // First bit of the padding set to 1
+        pad[0] = (byte) 0x80;
+
+        long bits = msgLength << 3;
+        int index = padLength - 8;
+        for (int i = 0; i < 8; i++) {
+            pad[index++] = (byte) (bits >>> (i << 3));
+        }
+
+        return pad;
+    }
+
+    /** 
+     * Process one 64-byte block. Algorithm is constituted by three rounds.
+     * Note that F, G and H functions were inlined for improved performance.
+     * 
+     * @param in the byte array to process
+     * @param offset the offset at which the 64-byte block is stored
+     */
+    private void process(byte[] in, int offset) {
+        // Save previous state.
+        int aa = a;
+        int bb = b;
+        int cc = c;
+        int dd = d;
+
+        // Copy the block to process into X array
+        int[] X = new int[16];
+        for (int i = 0; i < 16; i++) {
+            X[i] = (in[offset++] & 0xff) | (in[offset++] & 0xff) << 8 | (in[offset++] & 0xff) << 16
+                    | (in[offset++] & 0xff) << 24;
+        }
+
+        // Round 1
+        a += ((b & c) | (~b & d)) + X[0];
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & b) | (~a & c)) + X[1];
+        d = d << 7 | d >>> (32 - 7);
+        c += ((d & a) | (~d & b)) + X[2];
+        c = c << 11 | c >>> (32 - 11);
+        b += ((c & d) | (~c & a)) + X[3];
+        b = b << 19 | b >>> (32 - 19);
+        a += ((b & c) | (~b & d)) + X[4];
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & b) | (~a & c)) + X[5];
+        d = d << 7 | d >>> (32 - 7);
+        c += ((d & a) | (~d & b)) + X[6];
+        c = c << 11 | c >>> (32 - 11);
+        b += ((c & d) | (~c & a)) + X[7];
+        b = b << 19 | b >>> (32 - 19);
+        a += ((b & c) | (~b & d)) + X[8];
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & b) | (~a & c)) + X[9];
+        d = d << 7 | d >>> (32 - 7);
+        c += ((d & a) | (~d & b)) + X[10];
+        c = c << 11 | c >>> (32 - 11);
+        b += ((c & d) | (~c & a)) + X[11];
+        b = b << 19 | b >>> (32 - 19);
+        a += ((b & c) | (~b & d)) + X[12];
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & b) | (~a & c)) + X[13];
+        d = d << 7 | d >>> (32 - 7);
+        c += ((d & a) | (~d & b)) + X[14];
+        c = c << 11 | c >>> (32 - 11);
+        b += ((c & d) | (~c & a)) + X[15];
+        b = b << 19 | b >>> (32 - 19);
+
+        // Round 2
+        a += ((b & (c | d)) | (c & d)) + X[0] + 0x5a827999;
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & (b | c)) | (b & c)) + X[4] + 0x5a827999;
+        d = d << 5 | d >>> (32 - 5);
+        c += ((d & (a | b)) | (a & b)) + X[8] + 0x5a827999;
+        c = c << 9 | c >>> (32 - 9);
+        b += ((c & (d | a)) | (d & a)) + X[12] + 0x5a827999;
+        b = b << 13 | b >>> (32 - 13);
+        a += ((b & (c | d)) | (c & d)) + X[1] + 0x5a827999;
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & (b | c)) | (b & c)) + X[5] + 0x5a827999;
+        d = d << 5 | d >>> (32 - 5);
+        c += ((d & (a | b)) | (a & b)) + X[9] + 0x5a827999;
+        c = c << 9 | c >>> (32 - 9);
+        b += ((c & (d | a)) | (d & a)) + X[13] + 0x5a827999;
+        b = b << 13 | b >>> (32 - 13);
+        a += ((b & (c | d)) | (c & d)) + X[2] + 0x5a827999;
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & (b | c)) | (b & c)) + X[6] + 0x5a827999;
+        d = d << 5 | d >>> (32 - 5);
+        c += ((d & (a | b)) | (a & b)) + X[10] + 0x5a827999;
+        c = c << 9 | c >>> (32 - 9);
+        b += ((c & (d | a)) | (d & a)) + X[14] + 0x5a827999;
+        b = b << 13 | b >>> (32 - 13);
+        a += ((b & (c | d)) | (c & d)) + X[3] + 0x5a827999;
+        a = a << 3 | a >>> (32 - 3);
+        d += ((a & (b | c)) | (b & c)) + X[7] + 0x5a827999;
+        d = d << 5 | d >>> (32 - 5);
+        c += ((d & (a | b)) | (a & b)) + X[11] + 0x5a827999;
+        c = c << 9 | c >>> (32 - 9);
+        b += ((c & (d | a)) | (d & a)) + X[15] + 0x5a827999;
+        b = b << 13 | b >>> (32 - 13);
+
+        // Round 3
+        a += (b ^ c ^ d) + X[0] + 0x6ed9eba1;
+        a = a << 3 | a >>> (32 - 3);
+        d += (a ^ b ^ c) + X[8] + 0x6ed9eba1;
+        d = d << 9 | d >>> (32 - 9);
+        c += (d ^ a ^ b) + X[4] + 0x6ed9eba1;
+        c = c << 11 | c >>> (32 - 11);
+        b += (c ^ d ^ a) + X[12] + 0x6ed9eba1;
+        b = b << 15 | b >>> (32 - 15);
+        a += (b ^ c ^ d) + X[2] + 0x6ed9eba1;
+        a = a << 3 | a >>> (32 - 3);
+        d += (a ^ b ^ c) + X[10] + 0x6ed9eba1;
+        d = d << 9 | d >>> (32 - 9);
+        c += (d ^ a ^ b) + X[6] + 0x6ed9eba1;
+        c = c << 11 | c >>> (32 - 11);
+        b += (c ^ d ^ a) + X[14] + 0x6ed9eba1;
+        b = b << 15 | b >>> (32 - 15);
+        a += (b ^ c ^ d) + X[1] + 0x6ed9eba1;
+        a = a << 3 | a >>> (32 - 3);
+        d += (a ^ b ^ c) + X[9] + 0x6ed9eba1;
+        d = d << 9 | d >>> (32 - 9);
+        c += (d ^ a ^ b) + X[5] + 0x6ed9eba1;
+        c = c << 11 | c >>> (32 - 11);
+        b += (c ^ d ^ a) + X[13] + 0x6ed9eba1;
+        b = b << 15 | b >>> (32 - 15);
+        a += (b ^ c ^ d) + X[3] + 0x6ed9eba1;
+        a = a << 3 | a >>> (32 - 3);
+        d += (a ^ b ^ c) + X[11] + 0x6ed9eba1;
+        d = d << 9 | d >>> (32 - 9);
+        c += (d ^ a ^ b) + X[7] + 0x6ed9eba1;
+        c = c << 11 | c >>> (32 - 11);
+        b += (c ^ d ^ a) + X[15] + 0x6ed9eba1;
+        b = b << 15 | b >>> (32 - 15);
+
+        //Update state.
+        a += aa;
+        b += bb;
+        c += cc;
+        d += dd;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java
new file mode 100644
index 0000000..9c98fcc
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java
@@ -0,0 +1,102 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 nfold.c
+ */
+
+/*
+ * n-fold(k-bits):
+ * l = lcm(n,k)
+ * r = l/k
+ * s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
+ * compute the 1's complement sum:
+ * n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
+ */
+public class Nfold {
+
+    /**
+     * representation: msb first, assume n and k are multiples of 8, and
+     * that k>=16.  this is the case of all the cryptosystems which are
+     * likely to be used.  this function can be replaced if that
+     * assumption ever fails.
+     */
+    public static byte[] nfold(byte[] inBytes, int size) {
+        int inBytesNum = inBytes.length; // count inBytes byte
+        int outBytesNum = size; // count inBytes byte
+
+        int a, b, c, lcm;
+        a = outBytesNum;
+        b = inBytesNum;
+
+        while (b != 0) {
+            c = b;
+            b = a % b;
+            a = c;
+        }
+        lcm = (outBytesNum * inBytesNum) / a;
+
+        byte[] outBytes = new byte[outBytesNum];
+        Arrays.fill(outBytes, (byte)0);
+
+        int tmpByte = 0;
+        int msbit, i, tmp;
+
+        for (i = lcm-1; i >= 0; i--) {
+            // first, start with the msbit inBytes the first, unrotated byte
+            tmp = ((inBytesNum<<3)-1);
+            // then, for each byte, shift to the right for each repetition
+            tmp += (((inBytesNum<<3)+13)*(i/inBytesNum));
+            // last, pick outBytes the correct byte within that shifted repetition
+            tmp += ((inBytesNum-(i%inBytesNum)) << 3);
+
+            msbit = tmp % (inBytesNum << 3);
+
+            // pull outBytes the byte value itself
+            tmp =  ((((inBytes[((inBytesNum - 1)-(msbit >>> 3)) % inBytesNum] & 0xff) << 8) |
+                (inBytes[((inBytesNum) - (msbit >>> 3)) % inBytesNum] & 0xff))
+                >>>((msbit & 7)+1)) & 0xff;
+
+            tmpByte += tmp;
+            tmp = (outBytes[i % outBytesNum] & 0xff);
+            tmpByte += tmp;
+
+            outBytes[i % outBytesNum] = (byte) (tmpByte & 0xff);
+
+            tmpByte >>>= 8;
+        }
+
+        // if there's a carry bit left over, add it back inBytes
+        if (tmpByte != 0) {
+            for (i = outBytesNum-1; i >= 0; i--) {
+                // do the addition
+                tmpByte += (outBytes[i] & 0xff);
+                outBytes[i] = (byte) (tmpByte & 0xff);
+
+                tmpByte >>>= 8;
+            }
+        }
+
+        return outBytes;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java
new file mode 100644
index 0000000..0f22f97
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java
@@ -0,0 +1,32 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public class Nonce {
+
+    private static SecureRandom srand = new SecureRandom();
+
+    public static synchronized int value() {
+        int value = srand.nextInt();
+        return value & 0x7fffffff;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java
new file mode 100644
index 0000000..989772b
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java
@@ -0,0 +1,40 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import java.security.GeneralSecurityException;
+
+public class Pbkdf {
+
+    public static byte[] PBKDF2(char[] secret, byte[] salt,
+                                   int count, int keySize) throws GeneralSecurityException {
+
+        PBEKeySpec ks = new PBEKeySpec(secret, salt, count, keySize * 8);
+        SecretKeyFactory skf =
+                SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+        SecretKey key = skf.generateSecret(ks);
+        byte[] result = key.getEncoded();
+
+        return result;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java
new file mode 100644
index 0000000..cd6bf71
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java
@@ -0,0 +1,33 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public final class Random {
+
+    private static SecureRandom srand = new SecureRandom();
+
+    public static byte[] makeBytes(int size) {
+        byte[] data = new byte[size];
+        srand.nextBytes(data);
+        return data;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java
new file mode 100644
index 0000000..b45c4eb
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java
@@ -0,0 +1,63 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+/**
+ * Based on MIT krb5 enc_rc4.c
+ */
+public class Rc4 {
+
+    private static byte[] L40 = "fortybits".getBytes();
+
+    public static byte[] getSalt(int usage, boolean exportable) {
+        int newUsage = convertUsage(usage);
+        byte[] salt;
+
+        if (exportable) {
+            salt = new byte[14];
+            System.arraycopy(L40, 0, salt, 0, 9);
+            BytesUtil.int2bytes(newUsage, salt, 10, false);
+        } else {
+            salt = new byte[4];
+            BytesUtil.int2bytes(newUsage, salt, 0, false);
+        }
+
+        return salt;
+    }
+
+    private static int convertUsage(int usage) {
+        switch (usage) {
+            case 1:  return 1;   /* AS-REQ PA-ENC-TIMESTAMP padata timestamp,  */
+            case 2:  return 2;   /* ticket from kdc */
+            case 3:  return 8;   /* as-rep encrypted part */
+            case 4:  return 4;   /* tgs-req authz data */
+            case 5:  return 5;   /* tgs-req authz data in subkey */
+            case 6:  return 6;   /* tgs-req authenticator cksum */
+            case 7:  return 7;   /* tgs-req authenticator */
+            case 8:  return 8;
+            case 9:  return 9;   /* tgs-rep encrypted with subkey */
+            case 10: return 10;  /* ap-rep authentication cksum (never used by MS) */
+            case 11: return 11;  /* app-req authenticator */
+            case 12: return 12;  /* app-rep encrypted part */
+            case 23: return 13;  /* sign wrap token*/
+            default: return usage;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
new file mode 100644
index 0000000..49a62c7
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
@@ -0,0 +1,112 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.AbstractCryptoTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.CheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class AbstractCheckSumTypeHandler
+        extends AbstractCryptoTypeHandler implements CheckSumTypeHandler {
+
+    private int computeSize;
+    private int outputSize;
+
+    public AbstractCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider,
+                                       int computeSize, int outputSize) {
+        super(encProvider, hashProvider);
+        this.computeSize = computeSize;
+        this.outputSize = outputSize;
+    }
+
+    @Override
+    public String name() {
+        return cksumType().getName();
+    }
+
+    @Override
+    public String displayName() {
+        return cksumType().getDisplayName();
+    }
+
+    @Override
+    public int computeSize() {
+        return computeSize;
+    }
+
+    @Override
+    public int outputSize() {
+        return outputSize;
+    }
+
+    public boolean isSafe() {
+        return false;
+    }
+
+    public int cksumSize() {
+        return 4;
+    }
+
+    public int keySize() {
+        return 0;
+    }
+
+    public int confounderSize() {
+        return 0;
+    }
+
+    @Override
+    public byte[] checksum(byte[] data) throws KrbException {
+        return checksum(data, 0, data.length);
+    }
+
+    @Override
+    public byte[] checksum(byte[] data, int start, int size) throws KrbException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public boolean verify(byte[] data, byte[] checksum) throws KrbException {
+        return verify(data, 0, data.length, checksum);
+    }
+
+    @Override
+    public boolean verify(byte[] data, int start, int size, byte[] checksum) throws KrbException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public byte[] checksumWithKey(byte[] data,
+                                  byte[] key, int usage) throws KrbException {
+        return checksumWithKey(data, 0, data.length, key, usage);
+    }
+
+    @Override
+    public byte[] checksumWithKey(byte[] data, int start, int size,
+                                  byte[] key, int usage) throws KrbException {
+        throw new UnsupportedOperationException();
+    }
+    @Override
+    public boolean verifyWithKey(byte[] data,
+                                 byte[] key, int usage, byte[] checksum) throws KrbException {
+        throw new UnsupportedOperationException();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
new file mode 100644
index 0000000..3f17454
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
@@ -0,0 +1,75 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.crypto.key.KeyMaker;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class AbstractKeyedCheckSumTypeHandler extends AbstractCheckSumTypeHandler {
+
+    private KeyMaker keyMaker;
+
+    public AbstractKeyedCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider,
+                                            int computeSize, int outputSize) {
+        super(encProvider, hashProvider, computeSize, outputSize);
+    }
+
+    protected void keyMaker(KeyMaker keyMaker) {
+        this.keyMaker = keyMaker;
+    }
+
+    protected KeyMaker keyMaker() {
+        return keyMaker;
+    }
+
+    @Override
+    public byte[] checksumWithKey(byte[] data,
+                                  byte[] key, int usage) throws KrbException {
+        return checksumWithKey(data, 0, data.length, key, usage);
+    }
+
+    @Override
+    public byte[] checksumWithKey(byte[] data, int start, int len,
+                                  byte[] key, int usage) throws KrbException {
+        int outputSize = outputSize();
+
+        byte[] tmp = doChecksumWithKey(data, start, len, key, usage);
+        if (outputSize < tmp.length) {
+            byte[] output = new byte[outputSize];
+            System.arraycopy(tmp, 0, output, 0, outputSize);
+            return output;
+        } else {
+            return tmp;
+        }
+    }
+
+    protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+                                       byte[] key, int usage) throws KrbException {
+        return new byte[0];
+    }
+
+    @Override
+    public boolean verifyWithKey(byte[] data, byte[] key,
+                                 int usage, byte[] checksum) throws KrbException {
+        byte[] newCksum = checksumWithKey(data, key, usage);
+        return checksumEqual(checksum, newCksum);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
new file mode 100644
index 0000000..eaf7dc1
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class CmacCamellia128CheckSum extends CmacKcCheckSum {
+
+    public CmacCamellia128CheckSum() {
+        super(new Camellia128Provider(), 16, 16);
+
+        keyMaker(new CamelliaKeyMaker((Camellia128Provider) encProvider()));
+    }
+
+    public int confounderSize() {
+        return 16;
+    }
+
+    public CheckSumType cksumType() {
+        return CheckSumType.CMAC_CAMELLIA128;
+    }
+
+    public boolean isSafe() {
+        return true;
+    }
+
+    public int cksumSize() {
+        return 16;  // bytes
+    }
+
+    public int keySize() {
+        return 16;   // bytes
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
new file mode 100644
index 0000000..a30c15c
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class CmacCamellia256CheckSum extends CmacKcCheckSum {
+
+    public CmacCamellia256CheckSum() {
+        super(new Camellia256Provider(), 16, 16);
+
+        keyMaker(new CamelliaKeyMaker((Camellia256Provider) encProvider()));
+    }
+
+    public int confounderSize() {
+        return 16;
+    }
+
+    public CheckSumType cksumType() {
+        return CheckSumType.CMAC_CAMELLIA256;
+    }
+
+    public boolean isSafe() {
+        return true;
+    }
+
+    public int cksumSize() {
+        return 16;  // bytes
+    }
+
+    public int keySize() {
+        return 16;   // bytes
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
new file mode 100644
index 0000000..16122d2
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
@@ -0,0 +1,36 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Cmac;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class CmacKcCheckSum extends KcCheckSum {
+
+    public CmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) {
+        super(encProvider, null, computeSize, outputSize);
+    }
+
+    protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
+        byte[] mac = Cmac.cmac(encProvider(), Kc, data, start, len);
+        return mac;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
new file mode 100644
index 0000000..8259849
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
@@ -0,0 +1,120 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Confounder;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.DesProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import javax.crypto.spec.DESKeySpec;
+import java.security.InvalidKeyException;
+
+public abstract class ConfounderedDesCheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+    public ConfounderedDesCheckSum(HashProvider hashProvider,
+                                   int computeSize, int outputSize) {
+        super(new DesProvider(), hashProvider, computeSize, outputSize);
+    }
+
+    @Override
+    protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+                                       byte[] key, int usage) throws KrbException {
+        int computeSize = computeSize();
+        int blockSize = encProvider().blockSize();
+        int hashSize = hashProvider().hashSize();
+
+        byte[] workBuffer = new byte[computeSize];
+
+        // confounder
+        byte[] conf = Confounder.makeBytes(blockSize);
+
+        // confounder | data
+        byte[] toHash = new byte[blockSize + len];
+        System.arraycopy(conf, 0, toHash, 0, blockSize);
+        System.arraycopy(data, start, toHash, blockSize, len);
+
+        HashProvider hashProvider = hashProvider();
+        hashProvider.hash(toHash);
+        byte[] hash = hashProvider.output();
+
+        // confounder | hash
+        System.arraycopy(conf, 0, workBuffer, 0, blockSize);
+        System.arraycopy(hash, 0, workBuffer, blockSize, hashSize);
+
+        // key
+        byte[] newKey = deriveKey(key);
+
+        encProvider().encrypt(newKey, workBuffer);
+        return workBuffer;
+    }
+
+    protected byte[] deriveKey(byte[] key) {
+        return fixKey(xorKey(key));
+    }
+
+    protected byte[] xorKey(byte[] key) {
+        byte[] xorKey = new byte[encProvider().keySize()];
+        System.arraycopy(key, 0, xorKey, 0, key.length);
+        for (int i = 0; i < xorKey.length; i++) {
+            xorKey[i] = (byte) (xorKey[i] ^ 0xf0);
+        }
+
+        return xorKey;
+    }
+
+    private byte[] fixKey(byte[] key) {
+        boolean isWeak = true;
+        try {
+            isWeak = DESKeySpec.isWeak(key, 0);
+        } catch (InvalidKeyException e) {
+            e.printStackTrace();
+        }
+        if (isWeak) {
+            key[7] = (byte)(key[7] ^ 0xF0);
+        }
+
+        return key;
+    }
+
+    @Override
+    public boolean verifyWithKey(byte[] data,byte[] key,
+                                 int usage, byte[] checksum) throws KrbException {
+        int computeSize = computeSize();
+        int blockSize = encProvider().blockSize();
+        int hashSize = hashProvider().hashSize();
+
+        // key
+        byte[] newKey = deriveKey(key);
+
+        encProvider().decrypt(newKey, checksum);
+        byte[] decrypted = checksum; // confounder | hash
+
+        // confounder | data
+        byte[] toHash = new byte[blockSize + data.length];
+        System.arraycopy(decrypted, 0, toHash, 0, blockSize);
+        System.arraycopy(data, 0, toHash, blockSize, data.length);
+
+        HashProvider hashProvider = hashProvider();
+        hashProvider.hash(toHash);
+        byte[] newHash = hashProvider.output();
+
+        return checksumEqual(newHash, decrypted, blockSize, hashSize);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
new file mode 100644
index 0000000..e884144
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
@@ -0,0 +1,35 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Crc32Provider;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class Crc32CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+    public Crc32CheckSum() {
+        super(new Crc32Provider(), 4, 4);
+    }
+
+    public CheckSumType cksumType() {
+        return CheckSumType.CRC32;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
new file mode 100644
index 0000000..a7baf69
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
@@ -0,0 +1,33 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class DesCbcCheckSum extends ConfounderedDesCheckSum {
+
+    public DesCbcCheckSum() {
+        super(null, 8, 8);
+    }
+
+    public CheckSumType cksumType() {
+        return CheckSumType.DES_CBC;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java
new file mode 100644
index 0000000..1586fb1
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java
@@ -0,0 +1,35 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * krb5_hash_provider
+ */
+public interface HashProvider {
+
+    public int hashSize();
+    public int blockSize();
+
+    public void hash(byte[] data, int start, int size) throws KrbException;
+    public void hash(byte[] data) throws KrbException;
+    public byte[] output();
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
new file mode 100644
index 0000000..84d9031
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
@@ -0,0 +1,37 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Hmac;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class HmacKcCheckSum extends KcCheckSum {
+
+    public HmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) {
+        super(encProvider, new Sha1Provider(), computeSize, outputSize);
+    }
+
+    protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
+        byte[] hmac = Hmac.hmac(hashProvider(), Kc, data, start, len);
+        return hmac;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
new file mode 100644
index 0000000..1ef5489
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
@@ -0,0 +1,73 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Hmac;
+import org.apache.kerby.kerberos.kerb.crypto.Rc4;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacMd5Rc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+    public HmacMd5Rc4CheckSum() {
+        super(null, new Md5Provider(), 16, 16);
+    }
+
+    public int confounderSize() {
+        return 8;
+    }
+
+    public CheckSumType cksumType() {
+        return CheckSumType.HMAC_MD5_ARCFOUR;
+    }
+
+    public boolean isSafe() {
+        return true;
+    }
+
+    public int cksumSize() {
+        return 16;  // bytes
+    }
+
+    public int keySize() {
+        return 16;   // bytes
+    }
+
+    @Override
+    protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+                                       byte[] key, int usage) throws KrbException {
+
+        byte[] Ksign = null;
+        byte[] signKey = "signaturekey".getBytes();
+        byte[] newSignKey = new byte[signKey.length + 1];
+        System.arraycopy(signKey, 0, newSignKey, 0, signKey.length);
+        Ksign = Hmac.hmac(hashProvider(), key, newSignKey);
+
+        byte[] salt = Rc4.getSalt(usage, false);
+
+        hashProvider().hash(salt);
+        hashProvider().hash(data, start, len);
+        byte[] hashTmp = hashProvider().output();
+
+        byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
+        return hmac;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
new file mode 100644
index 0000000..c1a9c49
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Aes128CheckSum extends HmacKcCheckSum {
+
+    public HmacSha1Aes128CheckSum() {
+        super(new Aes128Provider(), 20, 12);
+
+        keyMaker(new AesKeyMaker((Aes128Provider) encProvider()));
+    }
+
+    public int confounderSize() {
+        return 16;
+    }
+
+    public CheckSumType cksumType() {
+        return CheckSumType.HMAC_SHA1_96_AES128;
+    }
+
+    public boolean isSafe() {
+        return true;
+    }
+
+    public int cksumSize() {
+        return 12;  // bytes
+    }
+
+    public int keySize() {
+        return 16;   // bytes
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
new file mode 100644
index 0000000..6a5195b
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes256Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Aes256CheckSum extends HmacKcCheckSum {
+
+    public HmacSha1Aes256CheckSum() {
+        super(new Aes256Provider(), 20, 12);
+
+        keyMaker(new AesKeyMaker((Aes256Provider) encProvider()));
+    }
+
+    public int confounderSize() {
+        return 16;
+    }
+
+    public CheckSumType cksumType() {
+        return CheckSumType.HMAC_SHA1_96_AES256;
+    }
+
+    public boolean isSafe() {
+        return true;
+    }
+
+    public int cksumSize() {
+        return 12;  // bytes
+    }
+
+    public int keySize() {
+        return 32;   // bytes
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
new file mode 100644
index 0000000..4f2080e
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Des3Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Des3CheckSum extends HmacKcCheckSum {
+
+    public HmacSha1Des3CheckSum() {
+        super(new Des3Provider(), 20, 20);
+
+        keyMaker(new Des3KeyMaker(encProvider()));
+    }
+
+    public int confounderSize() {
+        return 8;
+    }
+
+    public CheckSumType cksumType() {
+        return CheckSumType.HMAC_SHA1_DES3;
+    }
+
+    public boolean isSafe() {
+        return true;
+    }
+
+    public int cksumSize() {
+        return 20;  // bytes
+    }
+
+    public int keySize() {
+        return 24;   // bytes
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
new file mode 100644
index 0000000..ee8faea
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
@@ -0,0 +1,48 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.crypto.key.DkKeyMaker;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class KcCheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+    public KcCheckSum(EncryptProvider encProvider, HashProvider hashProvider,
+                      int computeSize, int outputSize) {
+        super(encProvider, hashProvider, computeSize, outputSize);
+    }
+
+    @Override
+    protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+                                       byte[] key, int usage) throws KrbException {
+        byte[] Kc;
+        byte[] constant = new byte[5];
+        BytesUtil.int2bytes(usage, constant, 0, true);
+        constant[4] = (byte) 0x99;
+        Kc = ((DkKeyMaker) keyMaker()).dk(key, constant);
+
+        byte[] mac = mac(Kc, data, start, len);
+        return mac;
+    }
+
+    protected abstract byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException;
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
new file mode 100644
index 0000000..4939027
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
@@ -0,0 +1,70 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Hmac;
+import org.apache.kerby.kerberos.kerb.crypto.Rc4;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Rc4Provider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class Md5HmacRc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+    public Md5HmacRc4CheckSum() {
+        super(new Rc4Provider(), new Md5Provider(), 16, 16);
+    }
+
+    public int confounderSize() {
+        return 8;
+    }
+
+    public CheckSumType cksumType() {
+        return CheckSumType.MD5_HMAC_ARCFOUR;
+    }
+
+    public boolean isSafe() {
+        return true;
+    }
+
+    public int cksumSize() {
+        return 16;  // bytes
+    }
+
+    public int keySize() {
+        return 16;   // bytes
+    }
+
+    @Override
+    protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+                                       byte[] key, int usage) throws KrbException {
+
+        byte[] Ksign = key;
+
+        byte[] salt = Rc4.getSalt(usage, false);
+
+        hashProvider().hash(salt);
+        hashProvider().hash(data, start, len);
+        byte[] hashTmp = hashProvider().output();
+
+        byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
+        return hmac;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
new file mode 100644
index 0000000..73d6ebc
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
@@ -0,0 +1,35 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md4Provider;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd4CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+    public RsaMd4CheckSum() {
+        super(new Md4Provider(), 16, 16);
+    }
+
+    public CheckSumType cksumType() {
+        return CheckSumType.RSA_MD4;
+    }
+}


Mime
View raw message