directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [18/50] [abbrv] directory-kerberos git commit: Renaming packages in haox-kerb projects, using "apache"
Date Mon, 12 Jan 2015 13:06:26 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
new file mode 100644
index 0000000..070c748
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
@@ -0,0 +1,130 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.Confounder;
+import org.apache.kerberos.kerb.crypto.Rc4;
+import org.apache.kerberos.kerb.crypto.Hmac;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Rc4Provider;
+import org.apache.kerberos.kerb.crypto.key.Rc4KeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Rc4HmacEnc extends AbstractEncTypeHandler {
+    private boolean exportable;
+
+    public Rc4HmacEnc() {
+        this(false);
+    }
+
+    public Rc4HmacEnc(boolean exportable) {
+        super(new Rc4Provider(), new Md5Provider());
+        keyMaker(new Rc4KeyMaker(this.encProvider()));
+        this.exportable = exportable;
+    }
+
+    public EncryptionType eType() {
+        return EncryptionType.ARCFOUR_HMAC;
+    }
+
+    @Override
+    public int confounderSize() {
+        return 8;
+    }
+
+    @Override
+    public int paddingSize() {
+        return 0;
+    }
+
+    public CheckSumType checksumType() {
+        return CheckSumType.HMAC_MD5_ARCFOUR;
+    }
+
+    protected void encryptWith(byte[] workBuffer, int[] workLens,
+         byte[] key, byte[] iv, int usage) throws KrbException {
+        int confounderLen = workLens[0];
+        int checksumLen = workLens[1];
+        int dataLen = workLens[2];
+
+        /**
+         * Instead of E(Confounder | Checksum | Plaintext | Padding),
+         * Checksum | E(Confounder | Plaintext)
+         */
+
+        // confounder
+        byte[] confounder = Confounder.makeBytes(confounderLen);
+        System.arraycopy(confounder, 0, workBuffer, checksumLen, confounderLen);
+
+        // no padding
+
+        /* checksum and encryption */
+        byte[] usageKey = makeUsageKey(key, usage);
+
+        byte[] checksum = Hmac.hmac(hashProvider(), usageKey, workBuffer,
+                checksumLen, confounderLen + dataLen);
+
+        byte[] encKey = makeEncKey(usageKey, checksum);
+
+        byte[] tmpEnc = new byte[confounderLen + dataLen];
+        System.arraycopy(workBuffer, checksumLen,
+                tmpEnc, 0, confounderLen + dataLen);
+        encProvider().encrypt(encKey, iv, tmpEnc);
+        System.arraycopy(checksum, 0, workBuffer, 0, checksumLen);
+        System.arraycopy(tmpEnc, 0, workBuffer, checksumLen, tmpEnc.length);
+    }
+
+    protected byte[] makeUsageKey(byte[] key, int usage) throws KrbException {
+        byte[] salt = Rc4.getSalt(usage, exportable);
+        byte[] usageKey = Hmac.hmac(hashProvider(), key, salt);
+        return usageKey;
+    }
+
+    protected byte[] makeEncKey(byte[] usageKey, byte[] checksum) throws KrbException {
+        byte[] tmpKey = usageKey;
+
+        if (exportable) {
+            tmpKey = BytesUtil.duplicate(usageKey);
+            for (int i = 0; i < 9; ++i) {
+                tmpKey[i + 7] = (byte) 0xab;
+            }
+        }
+
+        byte[] encKey = Hmac.hmac(hashProvider(), tmpKey, checksum);
+        return encKey;
+    }
+
+    @Override
+    protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
+                                 byte[] key, byte[] iv, int usage) throws KrbException {
+        int confounderLen = workLens[0];
+        int checksumLen = workLens[1];
+        int dataLen = workLens[2];
+
+        /* checksum and decryption */
+        byte[] usageKey = makeUsageKey(key, usage);
+
+        byte[] checksum = new byte[checksumLen];
+        System.arraycopy(workBuffer, 0, checksum, 0, checksumLen);
+
+        byte[] encKey = makeEncKey(usageKey, checksum);
+
+        byte[] tmpEnc = new byte[confounderLen + dataLen];
+        System.arraycopy(workBuffer, checksumLen,
+                tmpEnc, 0, confounderLen + dataLen);
+        encProvider().decrypt(encKey, iv, tmpEnc);
+
+        byte[] newChecksum = Hmac.hmac(hashProvider(), usageKey, tmpEnc);
+        if (! checksumEqual(checksum, newChecksum)) {
+            throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+        }
+
+        byte[] data = new byte[dataLen];
+        System.arraycopy(tmpEnc, confounderLen,
+                data, 0, dataLen);
+
+        return data;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java
new file mode 100644
index 0000000..adfde46
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Rc4HmacExpEnc extends Rc4HmacEnc {
+
+    public Rc4HmacExpEnc() {
+        super(true);
+    }
+
+    public EncryptionType eType() {
+        return EncryptionType.ARCFOUR_HMAC_EXP;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java
new file mode 100644
index 0000000..9d35e7a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java
@@ -0,0 +1,80 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractEncryptProvider implements EncryptProvider {
+    private int blockSize;
+    private int keyInputSize;
+    private int keySize;
+
+    public AbstractEncryptProvider(int blockSize, int keyInputSize, int keySize) {
+        this.blockSize = blockSize;
+        this.keyInputSize = keyInputSize;
+        this.keySize = keySize;
+    }
+
+    @Override
+    public int keyInputSize() {
+        return keyInputSize;
+    }
+
+    @Override
+    public int keySize() {
+        return keySize;
+    }
+
+    @Override
+    public int blockSize() {
+        return blockSize;
+    }
+
+    @Override
+    public byte[] initState(byte[] key, int keyUsage) {
+        return new byte[0];
+    }
+
+    @Override
+    public void encrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException {
+        doEncrypt(data, key, cipherState, true);
+    }
+
+    @Override
+    public void decrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException {
+        doEncrypt(data, key, cipherState, false);
+    }
+
+    @Override
+    public void encrypt(byte[] key, byte[] data) throws KrbException {
+        byte[] cipherState = new byte[blockSize()];
+        encrypt(key, cipherState, data);
+    }
+
+    @Override
+    public void decrypt(byte[] key, byte[] data) throws KrbException {
+        byte[] cipherState = new byte[blockSize()];
+        decrypt(key, cipherState, data);
+    }
+
+    protected abstract void doEncrypt(byte[] data, byte[] key, byte[] cipherState, boolean encrypt) throws KrbException;
+
+    @Override
+    public byte[] cbcMac(byte[] key, byte[] iv, byte[] data) throws KrbException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    public boolean supportCbcMac() {
+        return false;
+    }
+
+    @Override
+    public void cleanState() {
+
+    }
+
+    @Override
+    public void cleanKey() {
+
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java
new file mode 100644
index 0000000..2efd4f0
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+public class Aes128Provider extends AesProvider {
+
+    public Aes128Provider() {
+        super(16, 16, 16);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java
new file mode 100644
index 0000000..377de2b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+public class Aes256Provider extends AesProvider {
+
+    public Aes256Provider() {
+        super(16, 32, 32);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java
new file mode 100644
index 0000000..d2ecf6a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java
@@ -0,0 +1,43 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.KrbException;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.GeneralSecurityException;
+
+public abstract class AesProvider extends AbstractEncryptProvider {
+
+    public AesProvider(int blockSize, int keyInputSize, int keySize) {
+        super(blockSize, keyInputSize, keySize);
+    }
+
+    @Override
+    protected void doEncrypt(byte[] data, byte[] key,
+                                  byte[] cipherState, boolean encrypt) throws KrbException {
+        Cipher cipher = null;
+        try {
+            cipher = Cipher.getInstance("AES/CTS/NoPadding");
+        } catch (GeneralSecurityException e) {
+            KrbException ke = new KrbException("JCE provider may not be installed. "
+                    + e.getMessage());
+            ke.initCause(e);
+            throw ke;
+        }
+
+        try {
+            SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
+            IvParameterSpec param = new IvParameterSpec(cipherState);
+
+            cipher.init(encrypt ?
+                    Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey, param);
+            byte[] output = cipher.doFinal(data);
+            System.arraycopy(output, 0, data, 0, output.length);
+        } catch (GeneralSecurityException e) {
+            KrbException ke = new KrbException(e.getMessage());
+            ke.initCause(e);
+            throw ke;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java
new file mode 100644
index 0000000..3e8efaa
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+public class Camellia128Provider extends CamelliaProvider {
+
+    public Camellia128Provider() {
+        super(16, 16, 16);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java
new file mode 100644
index 0000000..66efdb7
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+public class Camellia256Provider extends CamelliaProvider {
+
+    public Camellia256Provider() {
+        super(16, 32, 32);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java
new file mode 100644
index 0000000..0e8e7b6
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java
@@ -0,0 +1,39 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.crypto.Camellia;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class CamelliaProvider extends AbstractEncryptProvider {
+
+    public CamelliaProvider(int blockSize, int keyInputSize, int keySize) {
+        super(blockSize, keyInputSize, keySize);
+    }
+
+    @Override
+    protected void doEncrypt(byte[] data, byte[] key,
+                             byte[] cipherState, boolean encrypt) throws KrbException {
+
+        Camellia cipher = new Camellia();
+        cipher.setKey(encrypt, key);
+        if (encrypt) {
+            cipher.encrypt(data, cipherState);
+        } else {
+            cipher.decrypt(data, cipherState);
+        }
+    }
+
+    @Override
+    public boolean supportCbcMac() {
+        return true;
+    }
+
+    @Override
+    public byte[] cbcMac(byte[] key, byte[] cipherState, byte[] data) {
+        Camellia cipher = new Camellia();
+        cipher.setKey(true, key);
+
+        int blocksNum = data.length / blockSize();
+        cipher.cbcEnc(data, 0, blocksNum, cipherState);
+        return data;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java
new file mode 100644
index 0000000..a2b7e28
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java
@@ -0,0 +1,46 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.KrbException;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.DESedeKeySpec;
+import javax.crypto.spec.IvParameterSpec;
+import java.security.GeneralSecurityException;
+import java.security.spec.KeySpec;
+
+public class Des3Provider extends AbstractEncryptProvider {
+
+    public Des3Provider() {
+        super(8, 21, 24);
+    }
+
+    @Override
+    protected void doEncrypt(byte[] input, byte[] key,
+                             byte[] cipherState, boolean encrypt) throws KrbException {
+
+        Cipher cipher = null;
+        try {
+            cipher = Cipher.getInstance("DESede/CBC/NoPadding");
+        } catch (GeneralSecurityException e) {
+            throw new KrbException("Failed to init cipher", e);
+        }
+
+        try {
+            IvParameterSpec params = new IvParameterSpec(cipherState);
+            KeySpec skSpec = new DESedeKeySpec(key, 0);
+
+            SecretKeyFactory skf = SecretKeyFactory.getInstance("desede");
+            SecretKey secretKey = skf.generateSecret(skSpec);
+
+            cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey, params);
+
+            byte[] output = cipher.doFinal(input);
+            System.arraycopy(output, 0, input, 0, output.length);
+        } catch (GeneralSecurityException e) {
+            throw new KrbException("Failed to doEncrypt", e);
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java
new file mode 100644
index 0000000..9a35500
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java
@@ -0,0 +1,79 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.KrbException;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.GeneralSecurityException;
+
+public class DesProvider extends AbstractEncryptProvider {
+
+    public DesProvider() {
+        super(8, 7, 8);
+    }
+
+    @Override
+    protected void doEncrypt(byte[] input, byte[] key,
+                                 byte[] cipherState, boolean encrypt) throws KrbException {
+
+        Cipher cipher = null;
+        try {
+            cipher = Cipher.getInstance("DES/CBC/NoPadding");
+        } catch (GeneralSecurityException e) {
+            throw new KrbException("Failed to init cipher", e);
+        }
+        IvParameterSpec params = new IvParameterSpec(cipherState);
+        SecretKeySpec skSpec = new SecretKeySpec(key, "DES");
+        try {
+            SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
+            SecretKey sk = (SecretKey) skSpec;
+
+            cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, sk, params);
+
+            byte[] output = cipher.doFinal(input);
+            System.arraycopy(output, 0, input, 0, output.length);
+        } catch (GeneralSecurityException e) {
+            KrbException ke = new KrbException(e.getMessage());
+            ke.initCause(e);
+            throw ke;
+        }
+    }
+
+    @Override
+    public byte[] cbcMac(byte[] key, byte[] cipherState, byte[] data) throws KrbException {
+        Cipher cipher = null;
+        try {
+            cipher = Cipher.getInstance("DES/CBC/NoPadding");
+        } catch (GeneralSecurityException e) {
+            throw new KrbException("Failed to init cipher", e);
+        }
+        IvParameterSpec params = new IvParameterSpec(cipherState);
+        SecretKeySpec skSpec = new SecretKeySpec(key, "DES");
+
+        byte[] output = null;
+        try {
+            SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
+            // SecretKey sk = skf.generateSecret(skSpec);
+            SecretKey sk = (SecretKey) skSpec;
+            cipher.init(Cipher.ENCRYPT_MODE, sk, params);
+            for (int i = 0; i < data.length / 8; i++) {
+                output = cipher.doFinal(data, i * 8, 8);
+                cipher.init(Cipher.ENCRYPT_MODE, sk, (new IvParameterSpec(output)));
+            }
+        }
+        catch (GeneralSecurityException e) {
+            KrbException ke = new KrbException(e.getMessage());
+            ke.initCause(e);
+            throw ke;
+        }
+        return output;
+    }
+
+    @Override
+    public boolean supportCbcMac() {
+        return true;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java
new file mode 100644
index 0000000..3fbfece
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java
@@ -0,0 +1,30 @@
+package org.apache.kerberos.kerb.crypto.enc.provider;
+
+import org.apache.kerberos.kerb.KrbException;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.GeneralSecurityException;
+
+public class Rc4Provider extends AbstractEncryptProvider {
+
+    public Rc4Provider() {
+        super(1, 16, 16);
+    }
+
+    @Override
+    protected void doEncrypt(byte[] data, byte[] key,
+                             byte[] cipherState, boolean encrypt) throws KrbException {
+        try {
+            Cipher cipher = Cipher.getInstance("ARCFOUR");
+            SecretKeySpec secretKey = new SecretKeySpec(key, "ARCFOUR");
+            cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey);
+            byte[] output = cipher.doFinal(data);
+            System.arraycopy(output, 0, data, 0, output.length);
+        } catch (GeneralSecurityException e) {
+            KrbException ke = new KrbException(e.getMessage());
+            ke.initCause(e);
+            throw ke;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java
new file mode 100644
index 0000000..5e12151
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java
@@ -0,0 +1,67 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import java.io.UnsupportedEncodingException;
+
+public abstract class AbstractKeyMaker implements KeyMaker {
+
+    protected static final byte[] KERBEROS_CONSTANT = "kerberos".getBytes();
+
+    private EncryptProvider encProvider;
+
+    public AbstractKeyMaker(EncryptProvider encProvider) {
+        this.encProvider = encProvider;
+    }
+
+    protected EncryptProvider encProvider() {
+        return encProvider;
+    }
+
+    @Override
+    public byte[] random2Key(byte[] randomBits) throws KrbException {
+        return new byte[0];
+    }
+
+    protected static char[] makePasswdSalt(String password, String salt) {
+        char[] result = new char[password.length() + salt.length()];
+        System.arraycopy(password.toCharArray(), 0, result, 0, password.length());
+        System.arraycopy(salt.toCharArray(), 0, result, password.length(), salt.length());
+
+        return result;
+    }
+
+    protected static int getIterCount(byte[] param, int defCount) {
+        int iterCount = defCount;
+
+        if (param != null) {
+            if (param.length != 4) {
+                throw new IllegalArgumentException("Invalid param to str2Key");
+            }
+            iterCount = BytesUtil.bytes2int(param, 0, true);
+        }
+
+        return iterCount;
+    }
+
+    protected static byte[] getSaltBytes(String salt, String pepper)
+            throws UnsupportedEncodingException {
+        byte[] saltBytes = salt.getBytes("UTF-8");
+        if (pepper != null && ! pepper.isEmpty()) {
+            byte[] pepperBytes = pepper.getBytes("UTF-8");
+            int len = saltBytes.length;
+            len += 1 + pepperBytes.length;
+            byte[] results = new byte[len];
+            System.arraycopy(pepperBytes, 0, results, 0, pepperBytes.length);
+            results[pepperBytes.length] = (byte) 0;
+            System.arraycopy(saltBytes, 0,
+                    results, pepperBytes.length + 1, saltBytes.length);
+
+            return results;
+        } else {
+            return saltBytes;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java
new file mode 100644
index 0000000..7317657
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java
@@ -0,0 +1,46 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.Pbkdf;
+import org.apache.kerberos.kerb.crypto.enc.provider.AesProvider;
+
+import java.io.UnsupportedEncodingException;
+import java.security.GeneralSecurityException;
+
+public class AesKeyMaker extends DkKeyMaker {
+
+    public AesKeyMaker(AesProvider encProvider) {
+        super(encProvider);
+    }
+
+    @Override
+    public byte[] random2Key(byte[] randomBits) throws KrbException {
+        return randomBits;
+    }
+
+    @Override
+    public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+        int iterCount = getIterCount(param, 4096);
+
+        byte[] saltBytes = null;
+        try {
+            saltBytes = getSaltBytes(salt, null);
+        } catch (UnsupportedEncodingException e) {
+            throw new RuntimeException(e);
+        }
+
+        int keySize = encProvider().keySize();
+        byte[] random = new byte[0];
+        try {
+            random = Pbkdf.PBKDF2(string.toCharArray(), saltBytes, iterCount, keySize);
+        } catch (GeneralSecurityException e) {
+            throw new KrbException("PBKDF2 failed", e);
+        }
+
+        byte[] tmpKey = random2Key(random);
+        byte[] result = dk(tmpKey, KERBEROS_CONSTANT);
+
+        return result;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java
new file mode 100644
index 0000000..2d89178
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java
@@ -0,0 +1,102 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.Cmac;
+import org.apache.kerberos.kerb.crypto.Pbkdf;
+import org.apache.kerberos.kerb.crypto.enc.provider.CamelliaProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import java.io.UnsupportedEncodingException;
+import java.security.GeneralSecurityException;
+
+public class CamelliaKeyMaker extends DkKeyMaker {
+
+    public CamelliaKeyMaker(CamelliaProvider encProvider) {
+        super(encProvider);
+    }
+
+    @Override
+    public byte[] random2Key(byte[] randomBits) throws KrbException {
+        return randomBits;
+    }
+
+    @Override
+    public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+        int iterCount = getIterCount(param, 32768);
+
+        byte[] saltBytes = null;
+        try {
+            saltBytes = getSaltBytes(salt, getPepper());
+        } catch (UnsupportedEncodingException e) {
+            throw new RuntimeException(e);
+        }
+
+        int keySize = encProvider().keySize();
+        byte[] random = new byte[0];
+        try {
+            random = Pbkdf.PBKDF2(string.toCharArray(), saltBytes, iterCount, keySize);
+        } catch (GeneralSecurityException e) {
+            throw new KrbException("PBKDF2 failed", e);
+        }
+
+        byte[] tmpKey = random2Key(random);
+        byte[] result = dk(tmpKey, KERBEROS_CONSTANT);
+
+        return result;
+    }
+
+    private String getPepper() {
+        int keySize = encProvider().keySize();
+        String pepper = keySize == 16 ? "camellia128-cts-cmac" : "camellia256-cts-cmac";
+        return pepper;
+    }
+
+    /*
+     * NIST SP800-108 KDF in feedback mode (section 5.2).
+     */
+    @Override
+    protected byte[] dr(byte[] key, byte[] constant) throws KrbException {
+
+        int blocksize = encProvider().blockSize();
+        int keyInuptSize = encProvider().keyInputSize();
+        byte[] keyBytes = new byte[keyInuptSize];
+        byte[] Ki;
+
+        int len = 0;
+        // K(i-1): the previous block of PRF output, initially all-zeros.
+        len += blocksize;
+        // four-byte big-endian binary string giving the block counter
+        len += 4;
+        // the fixed derived-key input
+        len += constant.length;
+        // 0x00: separator byte
+        len += 1;
+        // four-byte big-endian binary string giving the output length
+        len += 4;
+
+        Ki = new byte[len];
+        System.arraycopy(constant, 0, Ki, blocksize + 4, constant.length);
+        BytesUtil.int2bytes(keyInuptSize * 8, Ki, len - 4, true);
+
+        int i, n = 0;
+        byte[] tmp;
+        for (i = 1, n = 0; n < keyInuptSize; i++) {
+            // Update the block counter
+            BytesUtil.int2bytes(i, Ki, blocksize, true);
+
+            // Compute a CMAC checksum, update Ki with the result
+            tmp = Cmac.cmac(encProvider(), key, Ki);
+            System.arraycopy(tmp, 0, Ki, 0, blocksize);
+
+            if (n + blocksize >= keyInuptSize) {
+                System.arraycopy(Ki, 0, keyBytes, n, keyInuptSize - n);
+                break;
+            }
+
+            System.arraycopy(Ki, 0, keyBytes, n, blocksize);
+            n += blocksize;
+        }
+
+        return keyBytes;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java
new file mode 100644
index 0000000..e3ae1c9
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java
@@ -0,0 +1,101 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.crypto.Des;
+import org.apache.kerberos.kerb.crypto.Nfold;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import java.io.UnsupportedEncodingException;
+
+public class Des3KeyMaker extends DkKeyMaker {
+
+    public Des3KeyMaker(EncryptProvider encProvider) {
+        super(encProvider);
+    }
+
+    @Override
+    public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+        char[] passwdSalt = makePasswdSalt(string, salt);
+        int keyInputSize = encProvider().keyInputSize();
+        try {
+            byte[] utf8Bytes = new String(passwdSalt).getBytes("UTF-8");
+            byte[] tmpKey = random2Key(Nfold.nfold(utf8Bytes, keyInputSize));
+            return dk(tmpKey, KERBEROS_CONSTANT);
+        } catch (UnsupportedEncodingException e) {
+            throw new KrbException("str2key failed", e);
+        }
+    }
+
+    /*
+     * The 168 bits of random key data are converted to a protocol key value
+     * as follows.  First, the 168 bits are divided into three groups of 56
+     * bits, which are expanded individually into 64 bits as in des3Expand().
+     * Result is a 24 byte (192-bit) key.
+     */
+    @Override
+    public byte[] random2Key(byte[] randomBits) throws KrbException {
+        byte[] one = Des.fixKey(des3Expand(randomBits, 0, 7));
+        byte[] two = Des.fixKey(des3Expand(randomBits, 7, 14));
+        byte[] three = Des.fixKey(des3Expand(randomBits, 14, 21));
+
+        byte[] key = new byte[24];
+        System.arraycopy(one, 0, key, 0, 8);
+        System.arraycopy(two, 0, key, 8, 8);
+        System.arraycopy(three, 0, key, 16, 8);
+
+        return key;
+    }
+
+    /**
+     * Expands a 7-byte array into an 8-byte array that contains parity bits.
+     * The 56 bits are expanded into 64 bits as follows:
+     *   1  2  3  4  5  6  7  p
+     *   9 10 11 12 13 14 15  p
+     *   17 18 19 20 21 22 23  p
+     *   25 26 27 28 29 30 31  p
+     *   33 34 35 36 37 38 39  p
+     *   41 42 43 44 45 46 47  p
+     *   49 50 51 52 53 54 55  p
+     *   56 48 40 32 24 16  8  p
+     *
+     * (PI,P2,...,P8) are reserved for parity bits computed on the preceding
+     * seven independent bits and set so that the parity of the octet is odd,
+     * i.e., there is an odd number of "1" bits in the octet.
+     */
+    private static byte[] des3Expand(byte[] input, int start, int end) {
+        if ((end - start) != 7)
+            throw new IllegalArgumentException(
+                    "Invalid length of DES Key Value:" + start + "," + end);
+
+        byte[] result = new byte[8];
+        byte last = 0;
+        System.arraycopy(input, start, result, 0, 7);
+        byte posn = 0;
+
+        // Fill in last row
+        for (int i = start; i < end; i++) {
+            byte bit = (byte) (input[i]&0x01);
+
+            ++posn;
+            if (bit != 0) {
+                last |= (bit<<posn);
+            }
+        }
+
+        result[7] = last;
+        setParityBit(result);
+        return result;
+    }
+
+    /**
+     * Sets the parity bit (0th bit) in each byte so that each byte
+     * contains an odd number of 1's.
+     */
+    private static void setParityBit(byte[] key) {
+        for (int i = 0; i < key.length; i++) {
+            int b = key[i] & 0xfe;
+            b |= (Integer.bitCount(b) & 1) ^ 1;
+            key[i] = (byte) b;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
new file mode 100644
index 0000000..13974e4
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
@@ -0,0 +1,157 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.Des;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public class DesKeyMaker extends AbstractKeyMaker {
+
+    private static final byte[] goodParity = {
+            1,   1,   2,   2,   4,   4,    7,   7,
+            8,   8,   11,  11,  13,  13,  14,  14,
+            16,  16,  19,  19,  21,  21,  22,  22,
+            25,  25,  26,  26,  28,  28,  31,  31,
+            32,  32,  35,  35,  37,  37,  38,  38,
+            41,  41,  42,  42,  44,  44,  47,  47,
+            49,  49,  50,  50,  52,  52,  55,  55,
+            56,  56,  59,  59,  61,  61,  62,  62,
+            64,  64,  67,  67,  69,  69,  70,  70,
+            73,  73,  74,  74,  76,  76,  79,  79,
+            81,  81,  82,  82,  84,  84,  87,  87,
+            88,  88,  91,  91,  93,  93,  94,  94,
+            97,  97,  98,  98,  100, 100, 103, 103,
+            104, 104, 107, 107, 109, 109, 110, 110,
+            112, 112, 115, 115, 117, 117, 118, 118,
+            121, 121, 122, 122, 124, 124, 127, 127,
+            (byte)128, (byte)128, (byte)131, (byte)131,
+            (byte)133, (byte)133, (byte)134, (byte)134,
+            (byte)137, (byte)137, (byte)138, (byte)138,
+            (byte)140, (byte)140, (byte)143, (byte)143,
+            (byte)145, (byte)145, (byte)146, (byte)146,
+            (byte)148, (byte)148, (byte)151, (byte)151,
+            (byte)152, (byte)152, (byte)155, (byte)155,
+            (byte)157, (byte)157, (byte)158, (byte)158,
+            (byte)161, (byte)161, (byte)162, (byte)162,
+            (byte)164, (byte)164, (byte)167, (byte)167,
+            (byte)168, (byte)168, (byte)171, (byte)171,
+            (byte)173, (byte)173, (byte)174, (byte)174,
+            (byte)176, (byte)176, (byte)179, (byte)179,
+            (byte)181, (byte)181, (byte)182, (byte)182,
+            (byte)185, (byte)185, (byte)186, (byte)186,
+            (byte)188, (byte)188, (byte)191, (byte)191,
+            (byte)193, (byte)193, (byte)194, (byte)194,
+            (byte)196, (byte)196, (byte)199, (byte)199,
+            (byte)200, (byte)200, (byte)203, (byte)203,
+            (byte)205, (byte)205, (byte)206, (byte)206,
+            (byte)208, (byte)208, (byte)211, (byte)211,
+            (byte)213, (byte)213, (byte)214, (byte)214,
+            (byte)217, (byte)217, (byte)218, (byte)218,
+            (byte)220, (byte)220, (byte)223, (byte)223,
+            (byte)224, (byte)224, (byte)227, (byte)227,
+            (byte)229, (byte)229, (byte)230, (byte)230,
+            (byte)233, (byte)233, (byte)234, (byte)234,
+            (byte)236, (byte)236, (byte)239, (byte)239,
+            (byte)241, (byte)241, (byte)242, (byte)242,
+            (byte)244, (byte)244, (byte)247, (byte)247,
+            (byte)248, (byte)248, (byte)251, (byte)251,
+            (byte)253, (byte)253, (byte)254, (byte)254
+    };
+
+    public DesKeyMaker(EncryptProvider encProvider) {
+        super(encProvider);
+    }
+
+    @Override
+    public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+        String error = null;
+        int type = 0;
+
+        if (param != null) {
+            if (param.length != 1) {
+                error = "Invalid param to S2K";
+            }
+            type = param[0];
+            if (type != 0 && type != 1) {
+                error = "Invalid param to S2K";
+            }
+        }
+        if (type == 1) {
+            error = "AFS not supported yet";
+        }
+
+        if (error != null) {
+            throw new KrbException(error);
+        }
+
+        char[] passwdSalt = makePasswdSalt(string, salt);
+        byte[] key = passwd2key(passwdSalt);
+        return key;
+    }
+
+    @Override
+    public byte[] random2Key(byte[] randomBits) throws KrbException {
+        return randomBits;
+    }
+
+    public static final void setParity(byte[] key) {
+        for (int i=0; i < 8; i++) {
+            key[i] = goodParity[key[i] & 0xff];
+        }
+    }
+
+    private long passwd2long(byte[] passwdBytes) {
+        int keySize = 8;
+
+        long lKey = 0;
+        int n = passwdBytes.length / keySize;
+        long l, l1, l2 = 0;
+        for (int i = 0; i < n; i++) {
+            l = BytesUtil.bytes2long(passwdBytes,
+                    i * keySize, true) & 0x7f7f7f7f7f7f7f7fL;
+            if (i % 2 == 1) {
+                l1 = 0;
+                for (int j = 0; j < 64; j++) {
+                    l1 |= ((l & (1L << j)) >>> j) << (63 - j);
+                }
+                l = l1 >>> 1;
+            }
+            lKey ^= (l << 1);
+        }
+
+        return lKey;
+    }
+
+    private byte[] passwd2key(char[] passwdChars) throws KrbException {
+        int keySize = 8;
+
+        byte[] bytes = (new String(passwdChars)).getBytes();
+        byte[] passwdBytes = BytesUtil.padding(bytes, keySize);
+        long lKey = passwd2long(passwdBytes);
+
+        byte[] keyBytes = BytesUtil.long2bytes(lKey, true);
+        fixKey(keyBytes);
+
+        byte[] iv = keyBytes;
+        byte[] encKey = keyBytes;
+
+        byte[] bKey = null;
+        if (encProvider().supportCbcMac()) {
+            bKey = encProvider().cbcMac(iv, encKey, passwdBytes);
+        } else {
+            throw new KrbException("cbcMac should be supported by the provider: "
+                    + encProvider().getClass());
+        }
+
+        fixKey(bKey);
+
+        return bKey;
+    }
+
+    private void fixKey(byte[] key) {
+        setParity(key);
+        if (Des.isWeakKey(key)) {
+            Des.fixKey(key);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java
new file mode 100644
index 0000000..a29e0e1
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java
@@ -0,0 +1,54 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.Nfold;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+
+public abstract class DkKeyMaker extends AbstractKeyMaker {
+
+    public DkKeyMaker(EncryptProvider encProvider) {
+        super(encProvider);
+    }
+
+    // DK(Key, Constant) = random-to-key(DR(Key, Constant))
+    public byte[] dk(byte[] key, byte[] constant) throws KrbException {
+        return random2Key(dr(key, constant));
+    }
+
+    /*
+     * K1 = E(Key, n-fold(Constant), initial-cipher-state)
+     * K2 = E(Key, K1, initial-cipher-state)
+     * K3 = E(Key, K2, initial-cipher-state)
+     * K4 = ...
+     * DR(Key, Constant) = k-truncate(K1 | K2 | K3 | K4 ...)
+     */
+    protected byte[] dr(byte[] key, byte[] constant) throws KrbException {
+
+        int blocksize = encProvider().blockSize();
+        int keyInuptSize = encProvider().keyInputSize();
+        byte[] keyBytes = new byte[keyInuptSize];
+        byte[] Ki;
+
+        if (constant.length != blocksize) {
+            Ki = Nfold.nfold(constant, blocksize);
+        } else {
+            Ki = new byte[constant.length];
+            System.arraycopy(constant, 0, Ki, 0, constant.length);
+        }
+
+        int n = 0, len;
+        while (n < keyInuptSize) {
+            encProvider().encrypt(key, Ki);
+
+            if (n + blocksize >= keyInuptSize) {
+                System.arraycopy(Ki, 0, keyBytes, n, keyInuptSize - n);
+                break;
+            }
+
+            System.arraycopy(Ki, 0, keyBytes, n, blocksize);
+            n += blocksize;
+        }
+
+        return keyBytes;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java
new file mode 100644
index 0000000..a0789d9
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java
@@ -0,0 +1,10 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.KrbException;
+
+public interface KeyMaker {
+
+    public byte[] str2key(String string, String salt, byte[] param) throws KrbException;
+
+    public byte[] random2Key(byte[] randomBits) throws KrbException;
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java
new file mode 100644
index 0000000..e64ffe3
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java
@@ -0,0 +1,33 @@
+package org.apache.kerberos.kerb.crypto.key;
+
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+import sun.security.provider.MD4;
+
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+
+public class Rc4KeyMaker extends AbstractKeyMaker {
+
+    public Rc4KeyMaker(EncryptProvider encProvider) {
+        super(encProvider);
+    }
+
+    @Override
+    public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+
+        if (param != null && param.length > 0) {
+            throw new RuntimeException("Invalid param to str2Key");
+        }
+
+        try {
+            byte[] passwd = string.getBytes("UTF-16LE"); // to unicode
+            MessageDigest md = MD4.getInstance();
+            md.update(passwd);
+            return md.digest();
+        } catch (UnsupportedEncodingException e) {
+            throw new KrbException("str2key failed", e);
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/AbstractCryptoTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/AbstractCryptoTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/AbstractCryptoTypeHandler.java
deleted file mode 100644
index 18a06fb..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/AbstractCryptoTypeHandler.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package org.haox.kerb.crypto;
-
-import org.haox.kerb.crypto.cksum.HashProvider;
-import org.haox.kerb.crypto.enc.EncryptProvider;
-
-import java.util.Arrays;
-
-public abstract class AbstractCryptoTypeHandler implements CryptoTypeHandler {
-
-    private EncryptProvider encProvider;
-    private HashProvider hashProvider;
-
-    public AbstractCryptoTypeHandler(EncryptProvider encProvider,
-                                     HashProvider hashProvider) {
-        this.encProvider = encProvider;
-        this.hashProvider = hashProvider;
-    }
-
-    @Override
-    public EncryptProvider encProvider() {
-        return encProvider;
-    }
-
-    @Override
-    public HashProvider hashProvider() {
-        return hashProvider;
-    }
-
-    protected static boolean checksumEqual(byte[] cksum1, byte[] cksum2) {
-        return Arrays.equals(cksum1, cksum2);
-    }
-
-    protected static boolean checksumEqual(byte[] cksum1, byte[] cksum2, int cksum2Start, int len) {
-        if (cksum1 == cksum2)
-            return true;
-        if (cksum1 == null || cksum2 == null)
-            return false;
-
-        if (len <= cksum2.length && len <= cksum1.length) {
-            for (int i = 0; i < len; i++)
-                if (cksum1[i] != cksum2[cksum2Start + i])
-                    return false;
-        } else {
-            return false;
-        }
-
-        return true;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/BytesUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/BytesUtil.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/BytesUtil.java
deleted file mode 100644
index 33721a7..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/BytesUtil.java
+++ /dev/null
@@ -1,144 +0,0 @@
-package org.haox.kerb.crypto;
-
-public class BytesUtil {
-
-    public static short bytes2short(byte[] bytes, int offset, boolean bigEndian) {
-        short val = 0;
-
-        if (bigEndian) {
-            val += (bytes[offset + 0] & 0xff) << 8;
-            val += (bytes[offset + 1] & 0xff);
-        } else {
-            val += (bytes[offset + 1] & 0xff) << 8;
-            val += (bytes[offset + 0] & 0xff);
-        }
-
-        return val;
-    }
-
-    public static short bytes2short(byte[] bytes, boolean bigEndian) {
-        return bytes2short(bytes, 0, bigEndian);
-    }
-
-    public static byte[] short2bytes(int val, boolean bigEndian) {
-        byte[] bytes = new byte[2];
-
-        short2bytes(val, bytes, 0, bigEndian);
-
-        return bytes;
-    }
-
-    public static void short2bytes(int val, byte[] bytes, int offset, boolean bigEndian) {
-        if (bigEndian) {
-            bytes[offset + 0] = (byte) ((val >> 8) & 0xff);
-            bytes[offset + 1] = (byte) ((val) & 0xff);
-        } else {
-            bytes[offset + 1] = (byte) ((val >>  8) & 0xff);
-            bytes[offset + 0] = (byte) ((val      ) & 0xff);
-        }
-    }
-
-    public static int bytes2int(byte[] bytes, boolean bigEndian) {
-        return bytes2int(bytes, 0, bigEndian);
-    }
-
-    public static int bytes2int(byte[] bytes, int offset, boolean bigEndian) {
-        int val = 0;
-
-        if (bigEndian) {
-            val += (bytes[offset + 0] & 0xff) << 24;
-            val += (bytes[offset + 1] & 0xff) << 16;
-            val += (bytes[offset + 2] & 0xff) << 8;
-            val += (bytes[offset + 3] & 0xff);
-        } else {
-            val += (bytes[offset + 3] & 0xff) << 24;
-            val += (bytes[offset + 2] & 0xff) << 16;
-            val += (bytes[offset + 1] & 0xff) << 8;
-            val += (bytes[offset + 0] & 0xff);
-        }
-
-        return val;
-    }
-
-    public static byte[] int2bytes(int val, boolean bigEndian) {
-        byte[] bytes = new byte[4];
-
-        int2bytes(val, bytes, 0, bigEndian);
-
-        return bytes;
-    }
-
-    public static void int2bytes(int val, byte[] bytes, int offset, boolean bigEndian) {
-        if (bigEndian) {
-            bytes[offset + 0] = (byte) ((val >> 24) & 0xff);
-            bytes[offset + 1] = (byte) ((val >> 16) & 0xff);
-            bytes[offset + 2] = (byte) ((val >> 8) & 0xff);
-            bytes[offset + 3] = (byte) ((val) & 0xff);
-        } else {
-            bytes[offset + 3] = (byte) ((val >> 24) & 0xff);
-            bytes[offset + 2] = (byte) ((val >> 16) & 0xff);
-            bytes[offset + 1] = (byte) ((val >> 8) & 0xff);
-            bytes[offset + 0] = (byte) ((val) & 0xff);
-        }
-    }
-
-    public static byte[] long2bytes(long val, boolean bigEndian) {
-        byte[] bytes = new byte[8];
-        long2bytes(val, bytes, 0, bigEndian);
-        return bytes;
-    }
-
-    public static void long2bytes(long val, byte[] bytes, int offset, boolean bigEndian) {
-        if (bigEndian) {
-            for (int i = 0; i < 8; i++) {
-                bytes[i + offset] = (byte) ((val >> ((7 - i) * 8)) & 0xffL);
-            }
-        } else {
-            for (int i = 0; i < 8; i++) {
-                bytes[i + offset] = (byte) ((val >> (i * 8)) & 0xffL);
-            }
-        }
-    }
-
-    public static long bytes2long(byte[] bytes, boolean bigEndian) {
-        return bytes2long(bytes, 0, bigEndian);
-    }
-
-    public static long bytes2long(byte[] bytes, int offset, boolean bigEndian) {
-        long val = 0;
-
-        if (bigEndian) {
-            for (int i = 0; i < 8; i++) {
-                val |= (((long) bytes[i + offset]) & 0xffL) << ((7 - i) * 8);
-            }
-        } else {
-            for (int i = 0; i < 8; i++) {
-                val |= (((long) bytes[i + offset]) & 0xffL) << (i * 8);
-            }
-        }
-
-        return val;
-    }
-
-    public static byte[] padding(byte[] data, int block) {
-        int len = data.length;
-        int paddingLen = len % block != 0 ? 8 - len % block : 0;
-        if (paddingLen == 0) {
-            return data;
-        }
-
-        byte[] result = new byte[len + + paddingLen];
-        System.arraycopy(data, 0, result, 0, len);
-        return result;
-    }
-
-    public static byte[] duplicate(byte[] bytes) {
-        return duplicate(bytes, 0, bytes.length);
-    }
-
-    public static byte[] duplicate(byte[] bytes, int offset, int len) {
-        byte[] dup = new byte[len];
-        System.arraycopy(bytes, offset, dup, 0, len);
-        return dup;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/Camellia.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/Camellia.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/Camellia.java
deleted file mode 100644
index cff5e9d..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/Camellia.java
+++ /dev/null
@@ -1,229 +0,0 @@
-package org.haox.kerb.crypto;
-
-/**
- * Camellia - based on RFC 3713, about half the size of CamelliaEngine.
- */
-
-public class Camellia {
-    private static final int BLOCK_SIZE = 16;
-    private int[] state = new int[4]; // for encryption and decryption
-
-    private CamelliaKey camKey;
-
-    public void setKey(boolean forEncryption, byte[] key) {
-        camKey = new CamelliaKey(key, forEncryption);
-    }
-
-    private void process128Block(byte[] in, int inOff,
-                                byte[] out, int outOff) {
-        for (int i = 0; i < 4; i++) {
-            state[i] = BytesUtil.bytes2int(in, inOff + (i * 4), true);
-            state[i] ^= camKey.kw[i];
-        }
-
-        camKey.f2(state, camKey.subkey, 0);
-        camKey.f2(state, camKey.subkey, 4);
-        camKey.f2(state, camKey.subkey, 8);
-        camKey.fls(state, camKey.ke, 0);
-        camKey.f2(state, camKey.subkey, 12);
-        camKey.f2(state, camKey.subkey, 16);
-        camKey.f2(state, camKey.subkey, 20);
-        camKey.fls(state, camKey.ke, 4);
-        camKey.f2(state, camKey.subkey, 24);
-        camKey.f2(state, camKey.subkey, 28);
-        camKey.f2(state, camKey.subkey, 32);
-
-        state[2] ^= camKey.kw[4];
-        state[3] ^= camKey.kw[5];
-        state[0] ^= camKey.kw[6];
-        state[1] ^= camKey.kw[7];
-
-        BytesUtil.int2bytes(state[2], out, outOff, true);
-        BytesUtil.int2bytes(state[3], out, outOff + 4, true);
-        BytesUtil.int2bytes(state[0], out, outOff + 8, true);
-        BytesUtil.int2bytes(state[1], out, outOff + 12, true);
-    }
-
-    private void processBlockLargerBlock(byte[] in, int inOff,
-                                        byte[] out, int outOff) {
-        for (int i = 0; i < 4; i++) {
-            state[i] = BytesUtil.bytes2int(in, inOff + (i * 4), true);
-            state[i] ^= camKey.kw[i];
-        }
-
-        camKey.f2(state, camKey.subkey, 0);
-        camKey.f2(state, camKey.subkey, 4);
-        camKey.f2(state, camKey.subkey, 8);
-        camKey.fls(state, camKey.ke, 0);
-        camKey.f2(state, camKey.subkey, 12);
-        camKey.f2(state, camKey.subkey, 16);
-        camKey.f2(state, camKey.subkey, 20);
-        camKey.fls(state, camKey.ke, 4);
-        camKey.f2(state, camKey.subkey, 24);
-        camKey.f2(state, camKey.subkey, 28);
-        camKey.f2(state, camKey.subkey, 32);
-        camKey.fls(state, camKey.ke, 8);
-        camKey.f2(state, camKey.subkey, 36);
-        camKey.f2(state, camKey.subkey, 40);
-        camKey.f2(state, camKey.subkey, 44);
-
-        state[2] ^= camKey.kw[4];
-        state[3] ^= camKey.kw[5];
-        state[0] ^= camKey.kw[6];
-        state[1] ^= camKey.kw[7];
-
-        BytesUtil.int2bytes(state[2], out, outOff, true);
-        BytesUtil.int2bytes(state[3], out, outOff + 4, true);
-        BytesUtil.int2bytes(state[0], out, outOff + 8, true);
-        BytesUtil.int2bytes(state[1], out, outOff + 12, true);
-    }
-
-    public void processBlock(byte[] in, int inOff) {
-        byte[] out = new byte[BLOCK_SIZE];
-
-        if (camKey.is128()) {
-            process128Block(in, inOff, out, 0);
-        } else {
-            processBlockLargerBlock(in, inOff, out, 0);
-        }
-
-        System.arraycopy(out, 0, in, inOff, BLOCK_SIZE);
-    }
-
-    public void encrypt(byte[] data, byte[] iv) {
-        byte[] cipher = new byte[BLOCK_SIZE];
-        byte[] cipherState = new byte[BLOCK_SIZE];
-
-        int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE;
-        int lastBlockLen = data.length - (blocksNum - 1) * BLOCK_SIZE;
-        if (blocksNum == 1) {
-            cbcEnc(data, 0, 1, cipherState);
-            return;
-        }
-
-        if (iv != null) {
-            System.arraycopy(iv, 0, cipherState, 0, BLOCK_SIZE);
-        }
-
-        int contBlocksNum, offset = 0;
-        while (blocksNum > 2) {
-            contBlocksNum = (data.length - offset) / BLOCK_SIZE;
-            if (contBlocksNum > 0) {
-                // Encrypt a series of contiguous blocks in place if we can, but
-                // don't touch the last two blocks.
-                contBlocksNum = (contBlocksNum > blocksNum - 2) ? blocksNum - 2 : contBlocksNum;
-                cbcEnc(data, offset, contBlocksNum, cipherState);
-                offset += contBlocksNum * BLOCK_SIZE;
-                blocksNum -= contBlocksNum;
-            } else {
-                cbcEnc(data, offset, 1, cipherState);
-                offset += BLOCK_SIZE;
-                blocksNum--;
-            }
-        }
-
-        // Encrypt the last two blocks and store the results in reverse order
-        byte[] blockN2 = new byte[BLOCK_SIZE];
-        byte[] blockN1 = new byte[BLOCK_SIZE];
-
-        System.arraycopy(data, offset, blockN2, 0, BLOCK_SIZE);
-        cbcEnc(blockN2, 0, 1, cipherState);
-        System.arraycopy(data, offset + BLOCK_SIZE, blockN1, 0, lastBlockLen);
-        cbcEnc(blockN1, 0, 1, cipherState);
-
-        System.arraycopy(blockN1, 0, data, offset, BLOCK_SIZE);
-        System.arraycopy(blockN2, 0, data, offset + BLOCK_SIZE, lastBlockLen);
-
-        if (iv != null) {
-            System.arraycopy(cipherState, 0, iv, 0, BLOCK_SIZE);
-        }
-    }
-
-    public void decrypt(byte[] data, byte[] iv) {
-        byte[] cipher = new byte[BLOCK_SIZE];
-        byte[] cipherState = new byte[BLOCK_SIZE];
-
-        int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE;
-        int lastBlockLen = data.length - (blocksNum - 1) * BLOCK_SIZE;
-        if (blocksNum == 1) {
-            cbcDec(data, 0, 1, cipherState);
-            return;
-        }
-
-        if (iv != null) {
-            System.arraycopy(iv, 0, cipherState, 0, BLOCK_SIZE);
-        }
-
-        int contBlocksNum, offset = 0;
-        while (blocksNum > 2) {
-            contBlocksNum = (data.length - offset) / BLOCK_SIZE;
-            if (contBlocksNum > 0) {
-                // Decrypt a series of contiguous blocks in place if we can, but
-                // don't touch the last two blocks.
-                contBlocksNum = (contBlocksNum > blocksNum - 2) ? blocksNum - 2 : contBlocksNum;
-                cbcDec(data, offset, contBlocksNum, cipherState);
-                offset += contBlocksNum * BLOCK_SIZE;
-                blocksNum -= contBlocksNum;
-            } else {
-                cbcDec(data, offset, 1, cipherState);
-                offset += BLOCK_SIZE;
-                blocksNum--;
-            }
-        }
-
-        // Decrypt the last two blocks
-        byte[] blockN2 = new byte[BLOCK_SIZE];
-        byte[] blockN1 = new byte[BLOCK_SIZE];
-        System.arraycopy(data, offset, blockN2, 0, BLOCK_SIZE);
-        System.arraycopy(data, offset + BLOCK_SIZE, blockN1, 0, lastBlockLen);
-        if (iv != null) {
-            System.arraycopy(blockN2, 0, iv, 0, BLOCK_SIZE);
-        }
-
-        byte[] tmpCipherState = new byte[BLOCK_SIZE];
-        System.arraycopy(blockN1, 0, tmpCipherState, 0, BLOCK_SIZE);
-        cbcDec(blockN2, 0, 1, tmpCipherState);
-        System.arraycopy(blockN2, lastBlockLen, blockN1, lastBlockLen, BLOCK_SIZE - lastBlockLen);
-        cbcDec(blockN1, 0, 1, cipherState);
-
-        System.arraycopy(blockN1, 0, data, offset, BLOCK_SIZE);
-        System.arraycopy(blockN2, 0, data, offset + BLOCK_SIZE, lastBlockLen);
-    }
-
-    /**
-     * CBC encrypt nblocks blocks of data in place, using and updating iv.
-     */
-    public void cbcEnc(byte[] data, int offset, int blocksNum, byte[] cipherState) {
-        byte[] cipher = new byte[BLOCK_SIZE];
-        for (int i = 0; i < blocksNum; ++i) {
-            System.arraycopy(data, offset + i * BLOCK_SIZE, cipher, 0, BLOCK_SIZE);
-            Util.xor(cipherState, 0, cipher);
-            processBlock(cipher, 0);
-            System.arraycopy(cipher, 0, data, offset + i * BLOCK_SIZE, BLOCK_SIZE);
-            System.arraycopy(cipher, 0, cipherState, 0, BLOCK_SIZE);
-        }
-    }
-
-    /**
-     * CBC encrypt nblocks blocks of data in place, using and updating iv.
-     */
-    public void cbcDec(byte[] data, int offset, int blocksNum, byte[] cipherState) {
-        byte[] lastBlock = new byte[BLOCK_SIZE];
-        byte[] cipher = new byte[BLOCK_SIZE];
-
-        System.arraycopy(data, offset + (blocksNum - 1) * BLOCK_SIZE, lastBlock, 0, BLOCK_SIZE);
-        for (int i = blocksNum; i > 0; i--) {
-            System.arraycopy(data, offset + (i - 1) * BLOCK_SIZE, cipher, 0, BLOCK_SIZE);
-            processBlock(cipher, 0);
-
-            if (i == 1) {
-                Util.xor(cipherState, 0, cipher);
-            } else {
-                Util.xor(data, offset + (i - 2) * BLOCK_SIZE, cipher);
-            }
-
-            System.arraycopy(cipher, 0, data, offset + (i - 1) * BLOCK_SIZE, BLOCK_SIZE);
-        }
-        System.arraycopy(lastBlock, 0, cipherState, 0, BLOCK_SIZE);
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CamelliaKey.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CamelliaKey.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CamelliaKey.java
deleted file mode 100644
index c1ae502..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CamelliaKey.java
+++ /dev/null
@@ -1,412 +0,0 @@
-package org.haox.kerb.crypto;
-
-/**
- * Camellia - based on RFC 3713, about half the size of CamelliaEngine.
- */
-
-public class CamelliaKey {
-    private int keySize;
-
-    protected int[] subkey = new int[24 * 4];
-    protected int[] kw = new int[4 * 2]; // for whitening
-    protected int[] ke = new int[6 * 2]; // for FL and FL^(-1)
-
-    private static final int SIGMA[] = {
-            0xa09e667f, 0x3bcc908b,
-            0xb67ae858, 0x4caa73b2,
-            0xc6ef372f, 0xe94f82be,
-            0x54ff53a5, 0xf1d36f1c,
-            0x10e527fa, 0xde682d1d,
-            0xb05688c2, 0xb3e6c1fd
-    };
-
-    // S-box data
-    protected static final byte SBOX1[] = {
-            (byte)112, (byte)130, (byte)44, (byte)236,
-            (byte)179, (byte)39, (byte)192, (byte)229,
-            (byte)228, (byte)133, (byte)87, (byte)53,
-            (byte)234, (byte)12, (byte)174, (byte)65,
-            (byte)35, (byte)239, (byte)107, (byte)147,
-            (byte)69, (byte)25, (byte)165, (byte)33,
-            (byte)237, (byte)14, (byte)79, (byte)78,
-            (byte)29, (byte)101, (byte)146, (byte)189,
-            (byte)134, (byte)184, (byte)175, (byte)143,
-            (byte)124, (byte)235, (byte)31, (byte)206,
-            (byte)62, (byte)48, (byte)220, (byte)95,
-            (byte)94, (byte)197, (byte)11, (byte)26,
-            (byte)166, (byte)225, (byte)57, (byte)202,
-            (byte)213, (byte)71, (byte)93, (byte)61,
-            (byte)217, (byte)1, (byte)90, (byte)214,
-            (byte)81, (byte)86, (byte)108, (byte)77,
-            (byte)139, (byte)13, (byte)154, (byte)102,
-            (byte)251, (byte)204, (byte)176, (byte)45,
-            (byte)116, (byte)18, (byte)43, (byte)32,
-            (byte)240, (byte)177, (byte)132, (byte)153,
-            (byte)223, (byte)76, (byte)203, (byte)194,
-            (byte)52, (byte)126, (byte)118, (byte)5,
-            (byte)109, (byte)183, (byte)169, (byte)49,
-            (byte)209, (byte)23, (byte)4, (byte)215,
-            (byte)20, (byte)88, (byte)58, (byte)97,
-            (byte)222, (byte)27, (byte)17, (byte)28,
-            (byte)50, (byte)15, (byte)156, (byte)22,
-            (byte)83, (byte)24, (byte)242, (byte)34,
-            (byte)254, (byte)68, (byte)207, (byte)178,
-            (byte)195, (byte)181, (byte)122, (byte)145,
-            (byte)36, (byte)8, (byte)232, (byte)168,
-            (byte)96, (byte)252, (byte)105, (byte)80,
-            (byte)170, (byte)208, (byte)160, (byte)125,
-            (byte)161, (byte)137, (byte)98, (byte)151,
-            (byte)84, (byte)91, (byte)30, (byte)149,
-            (byte)224, (byte)255, (byte)100, (byte)210,
-            (byte)16, (byte)196, (byte)0, (byte)72,
-            (byte)163, (byte)247, (byte)117, (byte)219,
-            (byte)138, (byte)3, (byte)230, (byte)218,
-            (byte)9, (byte)63, (byte)221, (byte)148,
-            (byte)135, (byte)92, (byte)131, (byte)2,
-            (byte)205, (byte)74, (byte)144, (byte)51,
-            (byte)115, (byte)103, (byte)246, (byte)243,
-            (byte)157, (byte)127, (byte)191, (byte)226,
-            (byte)82, (byte)155, (byte)216, (byte)38,
-            (byte)200, (byte)55, (byte)198, (byte)59,
-            (byte)129, (byte)150, (byte)111, (byte)75,
-            (byte)19, (byte)190, (byte)99, (byte)46,
-            (byte)233, (byte)121, (byte)167, (byte)140,
-            (byte)159, (byte)110, (byte)188, (byte)142,
-            (byte)41, (byte)245, (byte)249, (byte)182,
-            (byte)47, (byte)253, (byte)180, (byte)89,
-            (byte)120, (byte)152, (byte)6, (byte)106,
-            (byte)231, (byte)70, (byte)113, (byte)186,
-            (byte)212, (byte)37, (byte)171, (byte)66,
-            (byte)136, (byte)162, (byte)141, (byte)250,
-            (byte)114, (byte)7, (byte)185, (byte)85,
-            (byte)248, (byte)238, (byte)172, (byte)10,
-            (byte)54, (byte)73, (byte)42, (byte)104,
-            (byte)60, (byte)56, (byte)241, (byte)164,
-            (byte)64, (byte)40, (byte)211, (byte)123,
-            (byte)187, (byte)201, (byte)67, (byte)193,
-            (byte)21, (byte)227, (byte)173, (byte)244,
-            (byte)119, (byte)199, (byte)128, (byte)158
-    };
-
-    public CamelliaKey(byte[] key, boolean isEncrypt) {
-        init(key, isEncrypt);
-    }
-
-    protected boolean is128() {
-        return keySize == 16;
-    }
-
-    private static int rightRotate(int x, int s) {
-        return (((x) >>> (s)) + ((x) << (32 - s)));
-    }
-
-    private static int leftRotate(int x, int s) {
-        return ((x) << (s)) + ((x) >>> (32 - s));
-    }
-
-    private static void roldq(int rot, int[] ki, int ioff,
-                              int[] ko, int ooff) {
-        ko[0 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
-        ko[1 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
-        ko[2 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
-        ko[3 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
-        ki[0 + ioff] = ko[0 + ooff];
-        ki[1 + ioff] = ko[1 + ooff];
-        ki[2 + ioff] = ko[2 + ooff];
-        ki[3 + ioff] = ko[3 + ooff];
-    }
-
-    private static void decroldq(int rot, int[] ki, int ioff,
-                                 int[] ko, int ooff) {
-        ko[2 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot));
-        ko[3 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot));
-        ko[0 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot));
-        ko[1 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot));
-        ki[0 + ioff] = ko[2 + ooff];
-        ki[1 + ioff] = ko[3 + ooff];
-        ki[2 + ioff] = ko[0 + ooff];
-        ki[3 + ioff] = ko[1 + ooff];
-    }
-
-    private static void roldqo32(int rot, int[] ki, int ioff,
-                                 int[] ko, int ooff)
-    {
-        ko[0 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
-        ko[1 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
-        ko[2 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
-        ko[3 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
-        ki[0 + ioff] = ko[0 + ooff];
-        ki[1 + ioff] = ko[1 + ooff];
-        ki[2 + ioff] = ko[2 + ooff];
-        ki[3 + ioff] = ko[3 + ooff];
-    }
-
-    private static void decroldqo32(int rot, int[] ki, int ioff,
-                                    int[] ko, int ooff) {
-        ko[2 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot));
-        ko[3 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot));
-        ko[0 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot));
-        ko[1 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot));
-        ki[0 + ioff] = ko[2 + ooff];
-        ki[1 + ioff] = ko[3 + ooff];
-        ki[2 + ioff] = ko[0 + ooff];
-        ki[3 + ioff] = ko[1 + ooff];
-    }
-
-    private byte lRot8(byte v, int rot)
-    {
-        return (byte)((v << rot) | ((v & 0xff) >>> (8 - rot)));
-    }
-
-    private int sbox2(int x)
-    {
-        return (lRot8(SBOX1[x], 1) & 0xff);
-    }
-
-    private int sbox3(int x)
-    {
-        return (lRot8(SBOX1[x], 7) & 0xff);
-    }
-
-    private int sbox4(int x)
-    {
-        return (SBOX1[((int)lRot8((byte)x, 1) & 0xff)] & 0xff);
-    }
-
-    protected void fls(int[] s, int[] fkey, int keyoff) {
-        s[1] ^= leftRotate(s[0] & fkey[0 + keyoff], 1);
-        s[0] ^= fkey[1 + keyoff] | s[1];
-
-        s[2] ^= fkey[3 + keyoff] | s[3];
-        s[3] ^= leftRotate(fkey[2 + keyoff] & s[2], 1);
-    }
-
-    protected void f2(int[] s, int[] skey, int keyoff) {
-        int t1, t2, u, v;
-
-        t1 = s[0] ^ skey[0 + keyoff];
-        u = sbox4((t1 & 0xff));
-        u |= (sbox3(((t1 >>> 8) & 0xff)) << 8);
-        u |= (sbox2(((t1 >>> 16) & 0xff)) << 16);
-        u |= ((int)(SBOX1[((t1 >>> 24) & 0xff)] & 0xff) << 24);
-
-        t2 = s[1] ^ skey[1 + keyoff];
-        v = (int)SBOX1[(t2 & 0xff)] & 0xff;
-        v |= (sbox4(((t2 >>> 8) & 0xff)) << 8);
-        v |= (sbox3(((t2 >>> 16) & 0xff)) << 16);
-        v |= (sbox2(((t2 >>> 24) & 0xff)) << 24);
-
-        v = leftRotate(v, 8);
-        u ^= v;
-        v = leftRotate(v, 8) ^ u;
-        u = rightRotate(u, 8) ^ v;
-        s[2] ^= leftRotate(v, 16) ^ u;
-        s[3] ^= leftRotate(u, 8);
-
-        t1 = s[2] ^ skey[2 + keyoff];
-        u = sbox4((t1 & 0xff));
-        u |= sbox3(((t1 >>> 8) & 0xff)) << 8;
-        u |= sbox2(((t1 >>> 16) & 0xff)) << 16;
-        u |= ((int)SBOX1[((t1 >>> 24) & 0xff)] & 0xff) << 24;
-
-        t2 = s[3] ^ skey[3 + keyoff];
-        v = ((int)SBOX1[(t2 & 0xff)] & 0xff);
-        v |= sbox4(((t2 >>> 8) & 0xff)) << 8;
-        v |= sbox3(((t2 >>> 16) & 0xff)) << 16;
-        v |= sbox2(((t2 >>> 24) & 0xff)) << 24;
-
-        v = leftRotate(v, 8);
-        u ^= v;
-        v = leftRotate(v, 8) ^ u;
-        u = rightRotate(u, 8) ^ v;
-        s[0] ^= leftRotate(v, 16) ^ u;
-        s[1] ^= leftRotate(u, 8);
-    }
-
-    private void init(byte[] key, boolean isEncrypt) {
-        keySize = key.length;
-
-        int[] k = new int[8];
-        int[] ka = new int[4];
-        int[] kb = new int[4];
-        int[] t = new int[4];
-
-        switch (key.length) {
-            case 16:
-                k[0] = BytesUtil.bytes2int(key, 0, true);
-                k[1] = BytesUtil.bytes2int(key, 4, true);
-                k[2] = BytesUtil.bytes2int(key, 8, true);
-                k[3] = BytesUtil.bytes2int(key, 12, true);
-                k[4] = k[5] = k[6] = k[7] = 0;
-                break;
-            case 24:
-                k[0] = BytesUtil.bytes2int(key, 0, true);
-                k[1] = BytesUtil.bytes2int(key, 4, true);
-                k[2] = BytesUtil.bytes2int(key, 8, true);
-                k[3] = BytesUtil.bytes2int(key, 12, true);
-                k[4] = BytesUtil.bytes2int(key, 16, true);
-                k[5] = BytesUtil.bytes2int(key, 20, true);
-                k[6] = ~k[4];
-                k[7] = ~k[5];
-                break;
-            case 32:
-                k[0] = BytesUtil.bytes2int(key, 0, true);
-                k[1] = BytesUtil.bytes2int(key, 4, true);
-                k[2] = BytesUtil.bytes2int(key, 8, true);
-                k[3] = BytesUtil.bytes2int(key, 12, true);
-                k[4] = BytesUtil.bytes2int(key, 16, true);
-                k[5] = BytesUtil.bytes2int(key, 20, true);
-                k[6] = BytesUtil.bytes2int(key, 24, true);
-                k[7] = BytesUtil.bytes2int(key, 28, true);
-                break;
-            default:
-                throw new
-                        IllegalArgumentException("Invalid key size, only support 16/24/32 bytes");
-        }
-
-        for (int i = 0; i < 4; i++) {
-            ka[i] = k[i] ^ k[i + 4];
-        }
-
-        /* compute KA */
-        f2(ka, SIGMA, 0);
-        for (int i = 0; i < 4; i++) {
-            ka[i] ^= k[i];
-        }
-        f2(ka, SIGMA, 4);
-
-        if (keySize == 16) {
-            if (isEncrypt) {
-                /* KL dependant keys */
-                kw[0] = k[0];
-                kw[1] = k[1];
-                kw[2] = k[2];
-                kw[3] = k[3];
-                roldq(15, k, 0, subkey, 4);
-                roldq(30, k, 0, subkey, 12);
-                roldq(15, k, 0, t, 0);
-                subkey[18] = t[2];
-                subkey[19] = t[3];
-                roldq(17, k, 0, ke, 4);
-                roldq(17, k, 0, subkey, 24);
-                roldq(17, k, 0, subkey, 32);
-                /* KA dependant keys */
-                subkey[0] = ka[0];
-                subkey[1] = ka[1];
-                subkey[2] = ka[2];
-                subkey[3] = ka[3];
-                roldq(15, ka, 0, subkey, 8);
-                roldq(15, ka, 0, ke, 0);
-                roldq(15, ka, 0, t, 0);
-                subkey[16] = t[0];
-                subkey[17] = t[1];
-                roldq(15, ka, 0, subkey, 20);
-                roldqo32(34, ka, 0, subkey, 28);
-                roldq(17, ka, 0, kw, 4);
-
-            } else { // decryption
-                /* KL dependant keys */
-                kw[4] = k[0];
-                kw[5] = k[1];
-                kw[6] = k[2];
-                kw[7] = k[3];
-                decroldq(15, k, 0, subkey, 28);
-                decroldq(30, k, 0, subkey, 20);
-                decroldq(15, k, 0, t, 0);
-                subkey[16] = t[0];
-                subkey[17] = t[1];
-                decroldq(17, k, 0, ke, 0);
-                decroldq(17, k, 0, subkey, 8);
-                decroldq(17, k, 0, subkey, 0);
-                /* KA dependant keys */
-                subkey[34] = ka[0];
-                subkey[35] = ka[1];
-                subkey[32] = ka[2];
-                subkey[33] = ka[3];
-                decroldq(15, ka, 0, subkey, 24);
-                decroldq(15, ka, 0, ke, 4);
-                decroldq(15, ka, 0, t, 0);
-                subkey[18] = t[2];
-                subkey[19] = t[3];
-                decroldq(15, ka, 0, subkey, 12);
-                decroldqo32(34, ka, 0, subkey, 4);
-                roldq(17, ka, 0, kw, 0);
-            }
-        } else { // 192bit or 256bit
-            /* compute KB */
-            for (int i = 0; i < 4; i++) {
-                kb[i] = ka[i] ^ k[i + 4];
-            }
-            f2(kb, SIGMA, 8);
-
-            if (isEncrypt) {
-                /* KL dependant keys */
-                kw[0] = k[0];
-                kw[1] = k[1];
-                kw[2] = k[2];
-                kw[3] = k[3];
-                roldqo32(45, k, 0, subkey, 16);
-                roldq(15, k, 0, ke, 4);
-                roldq(17, k, 0, subkey, 32);
-                roldqo32(34, k, 0, subkey, 44);
-                /* KR dependant keys */
-                roldq(15, k, 4, subkey, 4);
-                roldq(15, k, 4, ke, 0);
-                roldq(30, k, 4, subkey, 24);
-                roldqo32(34, k, 4, subkey, 36);
-                /* KA dependant keys */
-                roldq(15, ka, 0, subkey, 8);
-                roldq(30, ka, 0, subkey, 20);
-                /* 32bit rotation */
-                ke[8] = ka[1];
-                ke[9] = ka[2];
-                ke[10] = ka[3];
-                ke[11] = ka[0];
-                roldqo32(49, ka, 0, subkey, 40);
-
-                /* KB dependant keys */
-                subkey[0] = kb[0];
-                subkey[1] = kb[1];
-                subkey[2] = kb[2];
-                subkey[3] = kb[3];
-                roldq(30, kb, 0, subkey, 12);
-                roldq(30, kb, 0, subkey, 28);
-                roldqo32(51, kb, 0, kw, 4);
-
-            } else { // decryption
-                /* KL dependant keys */
-                kw[4] = k[0];
-                kw[5] = k[1];
-                kw[6] = k[2];
-                kw[7] = k[3];
-                decroldqo32(45, k, 0, subkey, 28);
-                decroldq(15, k, 0, ke, 4);
-                decroldq(17, k, 0, subkey, 12);
-                decroldqo32(34, k, 0, subkey, 0);
-                /* KR dependant keys */
-                decroldq(15, k, 4, subkey, 40);
-                decroldq(15, k, 4, ke, 8);
-                decroldq(30, k, 4, subkey, 20);
-                decroldqo32(34, k, 4, subkey, 8);
-                /* KA dependant keys */
-                decroldq(15, ka, 0, subkey, 36);
-                decroldq(30, ka, 0, subkey, 24);
-                /* 32bit rotation */
-                ke[2] = ka[1];
-                ke[3] = ka[2];
-                ke[0] = ka[3];
-                ke[1] = ka[0];
-                decroldqo32(49, ka, 0, subkey, 4);
-
-                /* KB dependant keys */
-                subkey[46] = kb[0];
-                subkey[47] = kb[1];
-                subkey[44] = kb[2];
-                subkey[45] = kb[3];
-                decroldq(30, kb, 0, subkey, 32);
-                decroldq(30, kb, 0, subkey, 16);
-                roldqo32(51, kb, 0, kw, 0);
-            }
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumHandler.java
deleted file mode 100644
index 0a1b5c6..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumHandler.java
+++ /dev/null
@@ -1,134 +0,0 @@
-package org.haox.kerb.crypto;
-
-import org.haox.kerb.KrbErrorCode;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.crypto.cksum.*;
-import org.haox.kerb.spec.common.CheckSum;
-import org.haox.kerb.spec.common.CheckSumType;
-import org.haox.kerb.spec.common.KeyUsage;
-
-public class CheckSumHandler {
-
-    public static CheckSumTypeHandler getCheckSumHandler(String cksumType) throws KrbException {
-        CheckSumType eTypeEnum = CheckSumType.fromName(cksumType);
-        return getCheckSumHandler(eTypeEnum);
-    }
-
-    public static CheckSumTypeHandler getCheckSumHandler(int cksumType) throws KrbException {
-        CheckSumType eTypeEnum = CheckSumType.fromValue(cksumType);
-        return getCheckSumHandler(eTypeEnum);
-    }
-
-    public static boolean isImplemented(CheckSumType cksumType) throws KrbException {
-        return getCheckSumHandler(cksumType, true) != null;
-    }
-
-    public static CheckSumTypeHandler getCheckSumHandler(CheckSumType cksumType) throws KrbException {
-        return getCheckSumHandler(cksumType, false);
-    }
-
-    private static CheckSumTypeHandler getCheckSumHandler(CheckSumType cksumType, boolean check) throws KrbException {
-        CheckSumTypeHandler cksumHandler = null;
-        switch (cksumType) {
-            case CRC32:
-                cksumHandler = new Crc32CheckSum();
-                break;
-
-            case DES_MAC:
-                cksumHandler = new DesCbcCheckSum();
-                break;
-
-            case RSA_MD4:
-                cksumHandler = new RsaMd4CheckSum();
-                break;
-
-            case RSA_MD5:
-                cksumHandler = new RsaMd5CheckSum();
-                break;
-
-            case NIST_SHA:
-                cksumHandler = new Sha1CheckSum();
-                break;
-
-            case RSA_MD4_DES:
-                cksumHandler = new RsaMd4DesCheckSum();
-                break;
-
-            case RSA_MD5_DES:
-                cksumHandler = new RsaMd5DesCheckSum();
-                break;
-
-            case HMAC_SHA1_DES3:
-            case HMAC_SHA1_DES3_KD:
-                cksumHandler = new HmacSha1Des3CheckSum();
-                break;
-
-            case HMAC_SHA1_96_AES128:
-                cksumHandler = new HmacSha1Aes128CheckSum();
-                break;
-
-            case HMAC_SHA1_96_AES256:
-                cksumHandler = new HmacSha1Aes256CheckSum();
-                break;
-
-            case CMAC_CAMELLIA128:
-                cksumHandler = new CmacCamellia128CheckSum();
-                break;
-
-            case CMAC_CAMELLIA256:
-                cksumHandler = new CmacCamellia256CheckSum();
-                break;
-
-            case HMAC_MD5_ARCFOUR:
-                cksumHandler = new HmacMd5Rc4CheckSum();
-                break;
-
-            case MD5_HMAC_ARCFOUR:
-                cksumHandler = new Md5HmacRc4CheckSum();
-                break;
-
-            default:
-                break;
-        }
-
-        if (cksumHandler == null && ! check) {
-            String message = "Unsupported checksum type: " + cksumType.name();
-            throw new KrbException(KrbErrorCode.KDC_ERR_SUMTYPE_NOSUPP, message);
-        }
-
-        return cksumHandler;
-    }
-
-    public static CheckSum checksum(CheckSumType checkSumType, byte[] bytes) throws KrbException {
-        CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
-        byte[] checksumBytes = handler.checksum(bytes);
-        CheckSum checkSum = new CheckSum();
-        checkSum.setCksumtype(checkSumType);
-        checkSum.setChecksum(checksumBytes);
-        return checkSum;
-    }
-
-    public static boolean verify(CheckSum checkSum, byte[] bytes) throws KrbException {
-        CheckSumType checkSumType = checkSum.getCksumtype();
-        CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
-        return handler.verify(bytes, checkSum.getChecksum());
-    }
-
-    public static CheckSum checksumWithKey(CheckSumType checkSumType,
-                           byte[] bytes, byte[] key, KeyUsage usage) throws KrbException {
-        CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
-        byte[] checksumBytes = handler.checksumWithKey(bytes, key, usage.getValue());
-        CheckSum checkSum = new CheckSum();
-        checkSum.setCksumtype(checkSumType);
-        checkSum.setChecksum(checksumBytes);
-        return checkSum;
-    }
-
-    public static boolean verifyWithKey(CheckSum checkSum, byte[] bytes,
-                                        byte[] key, KeyUsage usage) throws KrbException {
-        CheckSumType checkSumType = checkSum.getCksumtype();
-        CheckSumTypeHandler handler = getCheckSumHandler(checkSumType);
-        return handler.verifyWithKey(bytes, key,
-                usage.getValue(), checkSum.getChecksum());
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumTypeHandler.java
deleted file mode 100644
index f151152..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumTypeHandler.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package org.haox.kerb.crypto;
-
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.CheckSumType;
-
-public interface CheckSumTypeHandler extends CryptoTypeHandler {
-
-    public int confounderSize();
-
-    public CheckSumType cksumType();
-
-    public int computeSize(); // allocation size for checksum computation
-
-    public int outputSize(); // possibly truncated output size
-
-    public boolean isSafe();
-
-    public int cksumSize();
-
-    public int keySize();
-
-    public byte[] checksum(byte[] data) throws KrbException;
-
-    public byte[] checksum(byte[] data, int start, int len) throws KrbException;
-
-    public boolean verify(byte[] data, byte[] checksum) throws KrbException;
-
-    public boolean verify(byte[] data, int start, int len, byte[] checksum) throws KrbException;
-
-    public byte[] checksumWithKey(byte[] data,
-                                  byte[] key, int usage) throws KrbException;
-
-    public byte[] checksumWithKey(byte[] data, int start, int len,
-                                  byte[] key, int usage) throws KrbException;
-
-    public boolean verifyWithKey(byte[] data,
-                                 byte[] key, int usage, byte[] checksum) throws KrbException;
-}


Mime
View raw message