Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C50BE17789 for ; Thu, 22 Jan 2015 00:56:27 +0000 (UTC) Received: (qmail 23596 invoked by uid 500); 22 Jan 2015 00:56:27 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 23433 invoked by uid 500); 22 Jan 2015 00:56:27 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 22768 invoked by uid 99); 22 Jan 2015 00:56:27 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Jan 2015 00:56:27 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 12457E0ED0; Thu, 22 Jan 2015 00:56:25 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: drankye@apache.org To: commits@directory.apache.org Date: Thu, 22 Jan 2015 00:56:44 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [20/50] [abbrv] directory-kerberos git commit: Many changes with newname http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java new file mode 100644 index 0000000..23c3097 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java @@ -0,0 +1,34 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider; +import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider; + +public interface CryptoTypeHandler { + + public String name(); + + public String displayName(); + + public EncryptProvider encProvider(); + + public HashProvider hashProvider(); +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java new file mode 100644 index 0000000..db3e637 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java @@ -0,0 +1,84 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +/** + * Based on MIT krb5 weak_key.c + */ +public class Des { + + /* + * The following are the weak DES keys: + */ + static byte[][] WEAK_KEYS = { + /* weak keys */ + {(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01}, + {(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe}, + {(byte) 0x1f,(byte) 0x1f,(byte) 0x1f,(byte) 0x1f,(byte) 0x0e,(byte) 0x0e,(byte) 0x0e,(byte) 0x0e}, + {(byte) 0xe0,(byte) 0xe0,(byte) 0xe0,(byte) 0xe0,(byte) 0xf1,(byte) 0xf1,(byte) 0xf1,(byte) 0xf1}, + + /* semi-weak */ + {(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe}, + {(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01}, + + {(byte) 0x1f,(byte) 0xe0,(byte) 0x1f,(byte) 0xe0,(byte) 0x0e,(byte) 0xf1,(byte) 0x0e,(byte) 0xf1}, + {(byte) 0xe0,(byte) 0x1f,(byte) 0xe0,(byte) 0x1f,(byte) 0xf1,(byte) 0x0e,(byte) 0xf1,(byte) 0x0e}, + + {(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xf1,(byte) 0x01,(byte) 0xf1}, + {(byte) 0xe0,(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xf1,(byte) 0x01,(byte) 0xf1,(byte) 0x01}, + + {(byte) 0x1f,(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe}, + {(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe,(byte) 0x0e}, + + {(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x0e,(byte) 0x01,(byte) 0x0e}, + {(byte) 0x1f,(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x0e,(byte) 0x01,(byte) 0x0e,(byte) 0x01}, + + {(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe}, + {(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1} + }; + + public static boolean isWeakKey(byte[] key, int offset, int len) { + boolean match; + for (byte[] weakKey : WEAK_KEYS) { + match = true; + if (weakKey.length == len) { + for (int i = 0; i < len; i++) { + if (weakKey[i] != key[i]) { + match = false; + break; + } + } + } + if (match) { + return true; + } + } + return false; + } + + /** + * MIT krb5 FIXUP(k) in s2k_des.c + */ + public static void fixKey(byte[] key, int offset, int len) { + if (isWeakKey(key, offset, len)) { + key[offset + 7] ^= (byte) 0xf0; + } + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java new file mode 100644 index 0000000..de0e78e --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java @@ -0,0 +1,58 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +import org.apache.kerby.kerberos.kerb.KrbException; +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; +import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType; + +public interface EncTypeHandler extends CryptoTypeHandler { + + public EncryptionType eType(); + + public int keyInputSize(); + + public int keySize(); + + public int confounderSize(); + + public int checksumSize(); + + public int paddingSize(); + + public byte[] str2key(String string, + String salt, byte[] param) throws KrbException; + + public byte[] random2Key(byte[] randomBits) throws KrbException; + + public CheckSumType checksumType(); + + public byte[] encrypt(byte[] data, byte[] key, int usage) + throws KrbException; + + public byte[] encrypt(byte[] data, byte[] key, byte[] ivec, + int usage) throws KrbException; + + public byte[] decrypt(byte[] cipher, byte[] key, int usage) + throws KrbException; + + public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, + int usage) throws KrbException; +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java new file mode 100644 index 0000000..ac0f6be --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java @@ -0,0 +1,174 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +import org.apache.kerby.kerberos.kerb.KrbErrorCode; +import org.apache.kerby.kerberos.kerb.crypto.enc.*; +import org.apache.kerby.kerberos.kerb.KrbException; +import org.apache.kerby.kerberos.kerb.spec.common.*; + +public class EncryptionHandler { + + public static EncryptionType getEncryptionType(String eType) throws KrbException { + EncryptionType result = EncryptionType.fromName(eType); + return result; + } + + public static EncTypeHandler getEncHandler(String eType) throws KrbException { + EncryptionType result = EncryptionType.fromName(eType); + return getEncHandler(result); + } + + public static EncTypeHandler getEncHandler(int eType) throws KrbException { + EncryptionType eTypeEnum = EncryptionType.fromValue(eType); + return getEncHandler(eTypeEnum); + } + + public static EncTypeHandler getEncHandler(EncryptionType eType) throws KrbException { + return getEncHandler(eType, false); + } + + private static EncTypeHandler getEncHandler(EncryptionType eType, boolean check) throws KrbException { + EncTypeHandler encHandler = null; + + switch (eType) { + case DES_CBC_CRC: + encHandler = new DesCbcCrcEnc(); + break; + + case DES_CBC_MD5: + case DES: + encHandler = new DesCbcMd5Enc(); + break; + + case DES_CBC_MD4: + encHandler = new DesCbcMd4Enc(); + break; + + case DES3_CBC_SHA1: + case DES3_CBC_SHA1_KD: + case DES3_HMAC_SHA1: + encHandler = new Des3CbcSha1Enc(); + break; + + case AES128_CTS_HMAC_SHA1_96: + case AES128_CTS: + encHandler = new Aes128CtsHmacSha1Enc(); + break; + + case AES256_CTS_HMAC_SHA1_96: + case AES256_CTS: + encHandler = new Aes256CtsHmacSha1Enc(); + break; + + case CAMELLIA128_CTS_CMAC: + case CAMELLIA128_CTS: + encHandler = new Camellia128CtsCmacEnc(); + break; + + case CAMELLIA256_CTS_CMAC: + case CAMELLIA256_CTS: + encHandler = new Camellia256CtsCmacEnc(); + break; + + case RC4_HMAC: + case ARCFOUR_HMAC: + case ARCFOUR_HMAC_MD5: + encHandler = new Rc4HmacEnc(); + break; + + case RC4_HMAC_EXP: + case ARCFOUR_HMAC_EXP: + case ARCFOUR_HMAC_MD5_EXP: + encHandler = new Rc4HmacExpEnc(); + break; + + case NONE: + default: + break; + } + + if (encHandler == null && ! check) { + String message = "Unsupported encryption type: " + eType.name(); + throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP, message); + } + + return encHandler; + } + + public static EncryptedData encrypt(byte[] plainText, EncryptionKey key, KeyUsage usage) throws KrbException { + EncTypeHandler handler = getEncHandler(key.getKeyType()); + byte[] cipher = handler.encrypt(plainText, key.getKeyData(), usage.getValue()); + + EncryptedData ed = new EncryptedData(); + ed.setCipher(cipher); + ed.setEType(key.getKeyType()); + ed.setKvno(key.getKvno()); + + return ed; + } + + public static byte[] decrypt(byte[] data, EncryptionKey key, KeyUsage usage) throws KrbException { + EncTypeHandler handler = getEncHandler(key.getKeyType()); + + byte[] plainData = handler.decrypt(data, key.getKeyData(), usage.getValue()); + return plainData; + } + + public static byte[] decrypt(EncryptedData data, EncryptionKey key, KeyUsage usage) throws KrbException { + EncTypeHandler handler = getEncHandler(key.getKeyType()); + + byte[] plainData = handler.decrypt(data.getCipher(), key.getKeyData(), usage.getValue()); + return plainData; + } + + public static boolean isImplemented(EncryptionType eType) { + EncTypeHandler handler = null; + try { + handler = getEncHandler(eType, true); + } catch (KrbException e) { + return false; + } + return handler != null; + } + + public static EncryptionKey string2Key(String principalName, + String passPhrase, EncryptionType eType) throws KrbException { + PrincipalName principal = new PrincipalName(principalName); + return string2Key(passPhrase, + PrincipalName.makeSalt(principal), null, eType); + } + + public static EncryptionKey string2Key(String string, String salt, + byte[] s2kparams, EncryptionType eType) throws KrbException { + EncTypeHandler handler = getEncHandler(eType); + byte[] keyBytes = handler.str2key(string, salt, s2kparams); + return new EncryptionKey(eType, keyBytes); + } + + public static EncryptionKey random2Key(EncryptionType eType) throws KrbException { + EncTypeHandler handler = getEncHandler(eType); + + byte[] randomBytes = Random.makeBytes(handler.keyInputSize()); + byte[] keyBytes = handler.random2Key(randomBytes); + EncryptionKey encKey = new EncryptionKey(eType, keyBytes); + return encKey; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java new file mode 100644 index 0000000..e7a7614 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java @@ -0,0 +1,82 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider; +import org.apache.kerby.kerberos.kerb.KrbException; + +import java.util.Arrays; + +/** + * Based on MIT krb5 hmac.c + */ +public class Hmac { + + public static byte[] hmac(HashProvider hashProvider, byte[] key, + byte[] data, int outputSize) throws KrbException { + return hmac(hashProvider, key, data, 0, data.length, outputSize); + } + + public static byte[] hmac(HashProvider hashProvider, byte[] key, byte[] data, + int start, int len, int outputSize) throws KrbException { + byte[] hash = Hmac.hmac(hashProvider, key, data, start, len); + + byte[] output = new byte[outputSize]; + System.arraycopy(hash, 0, output, 0, outputSize); + return output; + } + + public static byte[] hmac(HashProvider hashProvider, + byte[] key, byte[] data) throws KrbException { + return hmac(hashProvider, key, data, 0, data.length); + } + + public static byte[] hmac(HashProvider hashProvider, + byte[] key, byte[] data, int start, int len) throws KrbException { + + int blockLen = hashProvider.blockSize(); + byte[] innerPaddedKey = new byte[blockLen]; + byte[] outerPaddedKey = new byte[blockLen]; + + // Create the inner padded key + Arrays.fill(innerPaddedKey, (byte)0x36); + for (int i = 0; i < key.length; i++) { + innerPaddedKey[i] ^= key[i]; + } + + // Create the outer padded key + Arrays.fill(outerPaddedKey, (byte)0x5c); + for (int i = 0; i < key.length; i++) { + outerPaddedKey[i] ^= key[i]; + } + + hashProvider.hash(innerPaddedKey); + + hashProvider.hash(data, start, len); + + byte[] tmp = hashProvider.output(); + + hashProvider.hash(outerPaddedKey); + hashProvider.hash(tmp); + + tmp = hashProvider.output(); + return tmp; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java new file mode 100644 index 0000000..4a4f1a0 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java @@ -0,0 +1,338 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +import java.security.DigestException; +import java.security.MessageDigest; + +/** + * MD4.java - An implementation of Ron Rivest's MD4 message digest algorithm. + * The MD4 algorithm is designed to be quite fast on 32-bit machines. In + * addition, the MD4 algorithm does not require any large substitution + * tables. + * + * @see The MD4 Message- + * Digest Algorithm by R. Rivest. + * + * @author Apache MINA Project + * @since MINA 2.0.0-M3 + */ + +/** + * Copied from Mina project and modified a bit + */ +public class Md4 extends MessageDigest { + + /** + * The MD4 algorithm message digest length is 16 bytes wide. + */ + public static final int BYTE_DIGEST_LENGTH = 16; + + /** + * The MD4 algorithm block length is 64 bytes wide. + */ + public static final int BYTE_BLOCK_LENGTH = 64; + + /** + * The initial values of the four registers. RFC gives the values + * in LE so we converted it as JAVA uses BE endianness. + */ + private final static int A = 0x67452301; + + private final static int B = 0xefcdab89; + + private final static int C = 0x98badcfe; + + private final static int D = 0x10325476; + + /** + * The four registers initialized with the above IVs. + */ + private int a = A; + + private int b = B; + + private int c = C; + + private int d = D; + + /** + * Counts the total length of the data being digested. + */ + private long msgLength; + + /** + * The internal buffer is {@link BLOCK_LENGTH} wide. + */ + private final byte[] buffer = new byte[BYTE_BLOCK_LENGTH]; + + /** + * Default constructor. + */ + public Md4() { + super("MD4"); + engineReset(); + } + + /** + * Returns the digest length in bytes. + * + * @return the digest length in bytes. + */ + protected int engineGetDigestLength() { + return BYTE_DIGEST_LENGTH; + } + + /** + * {@inheritDoc} + */ + protected void engineUpdate(byte b) { + int pos = (int) (msgLength % BYTE_BLOCK_LENGTH); + buffer[pos] = b; + msgLength++; + + // If buffer contains enough data then process it. + if (pos == (BYTE_BLOCK_LENGTH - 1)) { + process(buffer, 0); + } + } + + /** + * {@inheritDoc} + */ + protected void engineUpdate(byte[] b, int offset, int len) { + int pos = (int) (msgLength % BYTE_BLOCK_LENGTH); + int nbOfCharsToFillBuf = BYTE_BLOCK_LENGTH - pos; + int blkStart = 0; + + msgLength += len; + + // Process each full block + if (len >= nbOfCharsToFillBuf) { + System.arraycopy(b, offset, buffer, pos, nbOfCharsToFillBuf); + process(buffer, 0); + for (blkStart = nbOfCharsToFillBuf; blkStart + BYTE_BLOCK_LENGTH - 1 < len; blkStart += BYTE_BLOCK_LENGTH) { + process(b, offset + blkStart); + } + pos = 0; + } + + // Fill buffer with the remaining data + if (blkStart < len) { + System.arraycopy(b, offset + blkStart, buffer, pos, len - blkStart); + } + } + + /** + * {@inheritDoc} + */ + protected byte[] engineDigest() { + byte[] p = pad(); + engineUpdate(p, 0, p.length); + byte[] digest = { (byte) a, (byte) (a >>> 8), (byte) (a >>> 16), (byte) (a >>> 24), (byte) b, (byte) (b >>> 8), + (byte) (b >>> 16), (byte) (b >>> 24), (byte) c, (byte) (c >>> 8), (byte) (c >>> 16), (byte) (c >>> 24), + (byte) d, (byte) (d >>> 8), (byte) (d >>> 16), (byte) (d >>> 24) }; + + engineReset(); + + return digest; + } + + /** + * {@inheritDoc} + */ + protected int engineDigest(byte[] buf, int offset, int len) throws DigestException { + if (offset < 0 || offset + len >= buf.length) { + throw new DigestException("Wrong offset or not enough space to store the digest"); + } + int destLength = Math.min(len, BYTE_DIGEST_LENGTH); + System.arraycopy(engineDigest(), 0, buf, offset, destLength); + return destLength; + } + + /** + * {@inheritDoc} + */ + protected void engineReset() { + a = A; + b = B; + c = C; + d = D; + msgLength = 0; + } + + /** + * Pads the buffer by appending the byte 0x80, then append as many zero + * bytes as necessary to make the buffer length a multiple of 64 bytes. + * The last 8 bytes will be filled with the length of the buffer in bits. + * If there's no room to store the length in bits in the block i.e the block + * is larger than 56 bytes then an additionnal 64-bytes block is appended. + * + * @see sections 3.1 & 3.2 of the RFC 1320. + * + * @return the pad byte array + */ + private byte[] pad() { + int pos = (int) (msgLength % BYTE_BLOCK_LENGTH); + int padLength = (pos < 56) ? (64 - pos) : (128 - pos); + byte[] pad = new byte[padLength]; + + // First bit of the padding set to 1 + pad[0] = (byte) 0x80; + + long bits = msgLength << 3; + int index = padLength - 8; + for (int i = 0; i < 8; i++) { + pad[index++] = (byte) (bits >>> (i << 3)); + } + + return pad; + } + + /** + * Process one 64-byte block. Algorithm is constituted by three rounds. + * Note that F, G and H functions were inlined for improved performance. + * + * @param in the byte array to process + * @param offset the offset at which the 64-byte block is stored + */ + private void process(byte[] in, int offset) { + // Save previous state. + int aa = a; + int bb = b; + int cc = c; + int dd = d; + + // Copy the block to process into X array + int[] X = new int[16]; + for (int i = 0; i < 16; i++) { + X[i] = (in[offset++] & 0xff) | (in[offset++] & 0xff) << 8 | (in[offset++] & 0xff) << 16 + | (in[offset++] & 0xff) << 24; + } + + // Round 1 + a += ((b & c) | (~b & d)) + X[0]; + a = a << 3 | a >>> (32 - 3); + d += ((a & b) | (~a & c)) + X[1]; + d = d << 7 | d >>> (32 - 7); + c += ((d & a) | (~d & b)) + X[2]; + c = c << 11 | c >>> (32 - 11); + b += ((c & d) | (~c & a)) + X[3]; + b = b << 19 | b >>> (32 - 19); + a += ((b & c) | (~b & d)) + X[4]; + a = a << 3 | a >>> (32 - 3); + d += ((a & b) | (~a & c)) + X[5]; + d = d << 7 | d >>> (32 - 7); + c += ((d & a) | (~d & b)) + X[6]; + c = c << 11 | c >>> (32 - 11); + b += ((c & d) | (~c & a)) + X[7]; + b = b << 19 | b >>> (32 - 19); + a += ((b & c) | (~b & d)) + X[8]; + a = a << 3 | a >>> (32 - 3); + d += ((a & b) | (~a & c)) + X[9]; + d = d << 7 | d >>> (32 - 7); + c += ((d & a) | (~d & b)) + X[10]; + c = c << 11 | c >>> (32 - 11); + b += ((c & d) | (~c & a)) + X[11]; + b = b << 19 | b >>> (32 - 19); + a += ((b & c) | (~b & d)) + X[12]; + a = a << 3 | a >>> (32 - 3); + d += ((a & b) | (~a & c)) + X[13]; + d = d << 7 | d >>> (32 - 7); + c += ((d & a) | (~d & b)) + X[14]; + c = c << 11 | c >>> (32 - 11); + b += ((c & d) | (~c & a)) + X[15]; + b = b << 19 | b >>> (32 - 19); + + // Round 2 + a += ((b & (c | d)) | (c & d)) + X[0] + 0x5a827999; + a = a << 3 | a >>> (32 - 3); + d += ((a & (b | c)) | (b & c)) + X[4] + 0x5a827999; + d = d << 5 | d >>> (32 - 5); + c += ((d & (a | b)) | (a & b)) + X[8] + 0x5a827999; + c = c << 9 | c >>> (32 - 9); + b += ((c & (d | a)) | (d & a)) + X[12] + 0x5a827999; + b = b << 13 | b >>> (32 - 13); + a += ((b & (c | d)) | (c & d)) + X[1] + 0x5a827999; + a = a << 3 | a >>> (32 - 3); + d += ((a & (b | c)) | (b & c)) + X[5] + 0x5a827999; + d = d << 5 | d >>> (32 - 5); + c += ((d & (a | b)) | (a & b)) + X[9] + 0x5a827999; + c = c << 9 | c >>> (32 - 9); + b += ((c & (d | a)) | (d & a)) + X[13] + 0x5a827999; + b = b << 13 | b >>> (32 - 13); + a += ((b & (c | d)) | (c & d)) + X[2] + 0x5a827999; + a = a << 3 | a >>> (32 - 3); + d += ((a & (b | c)) | (b & c)) + X[6] + 0x5a827999; + d = d << 5 | d >>> (32 - 5); + c += ((d & (a | b)) | (a & b)) + X[10] + 0x5a827999; + c = c << 9 | c >>> (32 - 9); + b += ((c & (d | a)) | (d & a)) + X[14] + 0x5a827999; + b = b << 13 | b >>> (32 - 13); + a += ((b & (c | d)) | (c & d)) + X[3] + 0x5a827999; + a = a << 3 | a >>> (32 - 3); + d += ((a & (b | c)) | (b & c)) + X[7] + 0x5a827999; + d = d << 5 | d >>> (32 - 5); + c += ((d & (a | b)) | (a & b)) + X[11] + 0x5a827999; + c = c << 9 | c >>> (32 - 9); + b += ((c & (d | a)) | (d & a)) + X[15] + 0x5a827999; + b = b << 13 | b >>> (32 - 13); + + // Round 3 + a += (b ^ c ^ d) + X[0] + 0x6ed9eba1; + a = a << 3 | a >>> (32 - 3); + d += (a ^ b ^ c) + X[8] + 0x6ed9eba1; + d = d << 9 | d >>> (32 - 9); + c += (d ^ a ^ b) + X[4] + 0x6ed9eba1; + c = c << 11 | c >>> (32 - 11); + b += (c ^ d ^ a) + X[12] + 0x6ed9eba1; + b = b << 15 | b >>> (32 - 15); + a += (b ^ c ^ d) + X[2] + 0x6ed9eba1; + a = a << 3 | a >>> (32 - 3); + d += (a ^ b ^ c) + X[10] + 0x6ed9eba1; + d = d << 9 | d >>> (32 - 9); + c += (d ^ a ^ b) + X[6] + 0x6ed9eba1; + c = c << 11 | c >>> (32 - 11); + b += (c ^ d ^ a) + X[14] + 0x6ed9eba1; + b = b << 15 | b >>> (32 - 15); + a += (b ^ c ^ d) + X[1] + 0x6ed9eba1; + a = a << 3 | a >>> (32 - 3); + d += (a ^ b ^ c) + X[9] + 0x6ed9eba1; + d = d << 9 | d >>> (32 - 9); + c += (d ^ a ^ b) + X[5] + 0x6ed9eba1; + c = c << 11 | c >>> (32 - 11); + b += (c ^ d ^ a) + X[13] + 0x6ed9eba1; + b = b << 15 | b >>> (32 - 15); + a += (b ^ c ^ d) + X[3] + 0x6ed9eba1; + a = a << 3 | a >>> (32 - 3); + d += (a ^ b ^ c) + X[11] + 0x6ed9eba1; + d = d << 9 | d >>> (32 - 9); + c += (d ^ a ^ b) + X[7] + 0x6ed9eba1; + c = c << 11 | c >>> (32 - 11); + b += (c ^ d ^ a) + X[15] + 0x6ed9eba1; + b = b << 15 | b >>> (32 - 15); + + //Update state. + a += aa; + b += bb; + c += cc; + d += dd; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java new file mode 100644 index 0000000..9c98fcc --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java @@ -0,0 +1,102 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +import java.util.Arrays; + +/** + * Based on MIT krb5 nfold.c + */ + +/* + * n-fold(k-bits): + * l = lcm(n,k) + * r = l/k + * s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1) + * compute the 1's complement sum: + * n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1] + */ +public class Nfold { + + /** + * representation: msb first, assume n and k are multiples of 8, and + * that k>=16. this is the case of all the cryptosystems which are + * likely to be used. this function can be replaced if that + * assumption ever fails. + */ + public static byte[] nfold(byte[] inBytes, int size) { + int inBytesNum = inBytes.length; // count inBytes byte + int outBytesNum = size; // count inBytes byte + + int a, b, c, lcm; + a = outBytesNum; + b = inBytesNum; + + while (b != 0) { + c = b; + b = a % b; + a = c; + } + lcm = (outBytesNum * inBytesNum) / a; + + byte[] outBytes = new byte[outBytesNum]; + Arrays.fill(outBytes, (byte)0); + + int tmpByte = 0; + int msbit, i, tmp; + + for (i = lcm-1; i >= 0; i--) { + // first, start with the msbit inBytes the first, unrotated byte + tmp = ((inBytesNum<<3)-1); + // then, for each byte, shift to the right for each repetition + tmp += (((inBytesNum<<3)+13)*(i/inBytesNum)); + // last, pick outBytes the correct byte within that shifted repetition + tmp += ((inBytesNum-(i%inBytesNum)) << 3); + + msbit = tmp % (inBytesNum << 3); + + // pull outBytes the byte value itself + tmp = ((((inBytes[((inBytesNum - 1)-(msbit >>> 3)) % inBytesNum] & 0xff) << 8) | + (inBytes[((inBytesNum) - (msbit >>> 3)) % inBytesNum] & 0xff)) + >>>((msbit & 7)+1)) & 0xff; + + tmpByte += tmp; + tmp = (outBytes[i % outBytesNum] & 0xff); + tmpByte += tmp; + + outBytes[i % outBytesNum] = (byte) (tmpByte & 0xff); + + tmpByte >>>= 8; + } + + // if there's a carry bit left over, add it back inBytes + if (tmpByte != 0) { + for (i = outBytesNum-1; i >= 0; i--) { + // do the addition + tmpByte += (outBytes[i] & 0xff); + outBytes[i] = (byte) (tmpByte & 0xff); + + tmpByte >>>= 8; + } + } + + return outBytes; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java new file mode 100644 index 0000000..0f22f97 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java @@ -0,0 +1,32 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +import java.security.SecureRandom; + +public class Nonce { + + private static SecureRandom srand = new SecureRandom(); + + public static synchronized int value() { + int value = srand.nextInt(); + return value & 0x7fffffff; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java new file mode 100644 index 0000000..989772b --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java @@ -0,0 +1,40 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import java.security.GeneralSecurityException; + +public class Pbkdf { + + public static byte[] PBKDF2(char[] secret, byte[] salt, + int count, int keySize) throws GeneralSecurityException { + + PBEKeySpec ks = new PBEKeySpec(secret, salt, count, keySize * 8); + SecretKeyFactory skf = + SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); + SecretKey key = skf.generateSecret(ks); + byte[] result = key.getEncoded(); + + return result; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java new file mode 100644 index 0000000..cd6bf71 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java @@ -0,0 +1,33 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +import java.security.SecureRandom; + +public final class Random { + + private static SecureRandom srand = new SecureRandom(); + + public static byte[] makeBytes(int size) { + byte[] data = new byte[size]; + srand.nextBytes(data); + return data; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java new file mode 100644 index 0000000..b45c4eb --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java @@ -0,0 +1,63 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto; + +/** + * Based on MIT krb5 enc_rc4.c + */ +public class Rc4 { + + private static byte[] L40 = "fortybits".getBytes(); + + public static byte[] getSalt(int usage, boolean exportable) { + int newUsage = convertUsage(usage); + byte[] salt; + + if (exportable) { + salt = new byte[14]; + System.arraycopy(L40, 0, salt, 0, 9); + BytesUtil.int2bytes(newUsage, salt, 10, false); + } else { + salt = new byte[4]; + BytesUtil.int2bytes(newUsage, salt, 0, false); + } + + return salt; + } + + private static int convertUsage(int usage) { + switch (usage) { + case 1: return 1; /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, */ + case 2: return 2; /* ticket from kdc */ + case 3: return 8; /* as-rep encrypted part */ + case 4: return 4; /* tgs-req authz data */ + case 5: return 5; /* tgs-req authz data in subkey */ + case 6: return 6; /* tgs-req authenticator cksum */ + case 7: return 7; /* tgs-req authenticator */ + case 8: return 8; + case 9: return 9; /* tgs-rep encrypted with subkey */ + case 10: return 10; /* ap-rep authentication cksum (never used by MS) */ + case 11: return 11; /* app-req authenticator */ + case 12: return 12; /* app-rep encrypted part */ + case 23: return 13; /* sign wrap token*/ + default: return usage; + } + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java new file mode 100644 index 0000000..49a62c7 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java @@ -0,0 +1,112 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.AbstractCryptoTypeHandler; +import org.apache.kerby.kerberos.kerb.crypto.CheckSumTypeHandler; +import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider; +import org.apache.kerby.kerberos.kerb.KrbException; + +public abstract class AbstractCheckSumTypeHandler + extends AbstractCryptoTypeHandler implements CheckSumTypeHandler { + + private int computeSize; + private int outputSize; + + public AbstractCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider, + int computeSize, int outputSize) { + super(encProvider, hashProvider); + this.computeSize = computeSize; + this.outputSize = outputSize; + } + + @Override + public String name() { + return cksumType().getName(); + } + + @Override + public String displayName() { + return cksumType().getDisplayName(); + } + + @Override + public int computeSize() { + return computeSize; + } + + @Override + public int outputSize() { + return outputSize; + } + + public boolean isSafe() { + return false; + } + + public int cksumSize() { + return 4; + } + + public int keySize() { + return 0; + } + + public int confounderSize() { + return 0; + } + + @Override + public byte[] checksum(byte[] data) throws KrbException { + return checksum(data, 0, data.length); + } + + @Override + public byte[] checksum(byte[] data, int start, int size) throws KrbException { + throw new UnsupportedOperationException(); + } + + @Override + public boolean verify(byte[] data, byte[] checksum) throws KrbException { + return verify(data, 0, data.length, checksum); + } + + @Override + public boolean verify(byte[] data, int start, int size, byte[] checksum) throws KrbException { + throw new UnsupportedOperationException(); + } + + @Override + public byte[] checksumWithKey(byte[] data, + byte[] key, int usage) throws KrbException { + return checksumWithKey(data, 0, data.length, key, usage); + } + + @Override + public byte[] checksumWithKey(byte[] data, int start, int size, + byte[] key, int usage) throws KrbException { + throw new UnsupportedOperationException(); + } + @Override + public boolean verifyWithKey(byte[] data, + byte[] key, int usage, byte[] checksum) throws KrbException { + throw new UnsupportedOperationException(); + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java new file mode 100644 index 0000000..3f17454 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java @@ -0,0 +1,75 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider; +import org.apache.kerby.kerberos.kerb.crypto.key.KeyMaker; +import org.apache.kerby.kerberos.kerb.KrbException; + +public abstract class AbstractKeyedCheckSumTypeHandler extends AbstractCheckSumTypeHandler { + + private KeyMaker keyMaker; + + public AbstractKeyedCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider, + int computeSize, int outputSize) { + super(encProvider, hashProvider, computeSize, outputSize); + } + + protected void keyMaker(KeyMaker keyMaker) { + this.keyMaker = keyMaker; + } + + protected KeyMaker keyMaker() { + return keyMaker; + } + + @Override + public byte[] checksumWithKey(byte[] data, + byte[] key, int usage) throws KrbException { + return checksumWithKey(data, 0, data.length, key, usage); + } + + @Override + public byte[] checksumWithKey(byte[] data, int start, int len, + byte[] key, int usage) throws KrbException { + int outputSize = outputSize(); + + byte[] tmp = doChecksumWithKey(data, start, len, key, usage); + if (outputSize < tmp.length) { + byte[] output = new byte[outputSize]; + System.arraycopy(tmp, 0, output, 0, outputSize); + return output; + } else { + return tmp; + } + } + + protected byte[] doChecksumWithKey(byte[] data, int start, int len, + byte[] key, int usage) throws KrbException { + return new byte[0]; + } + + @Override + public boolean verifyWithKey(byte[] data, byte[] key, + int usage, byte[] checksum) throws KrbException { + byte[] newCksum = checksumWithKey(data, key, usage); + return checksumEqual(checksum, newCksum); + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java new file mode 100644 index 0000000..eaf7dc1 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java @@ -0,0 +1,53 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia128Provider; +import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker; +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; + +public class CmacCamellia128CheckSum extends CmacKcCheckSum { + + public CmacCamellia128CheckSum() { + super(new Camellia128Provider(), 16, 16); + + keyMaker(new CamelliaKeyMaker((Camellia128Provider) encProvider())); + } + + public int confounderSize() { + return 16; + } + + public CheckSumType cksumType() { + return CheckSumType.CMAC_CAMELLIA128; + } + + public boolean isSafe() { + return true; + } + + public int cksumSize() { + return 16; // bytes + } + + public int keySize() { + return 16; // bytes + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java new file mode 100644 index 0000000..a30c15c --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java @@ -0,0 +1,53 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia256Provider; +import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker; +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; + +public class CmacCamellia256CheckSum extends CmacKcCheckSum { + + public CmacCamellia256CheckSum() { + super(new Camellia256Provider(), 16, 16); + + keyMaker(new CamelliaKeyMaker((Camellia256Provider) encProvider())); + } + + public int confounderSize() { + return 16; + } + + public CheckSumType cksumType() { + return CheckSumType.CMAC_CAMELLIA256; + } + + public boolean isSafe() { + return true; + } + + public int cksumSize() { + return 16; // bytes + } + + public int keySize() { + return 16; // bytes + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java new file mode 100644 index 0000000..16122d2 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java @@ -0,0 +1,36 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.Cmac; +import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider; +import org.apache.kerby.kerberos.kerb.KrbException; + +public abstract class CmacKcCheckSum extends KcCheckSum { + + public CmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) { + super(encProvider, null, computeSize, outputSize); + } + + protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException { + byte[] mac = Cmac.cmac(encProvider(), Kc, data, start, len); + return mac; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java new file mode 100644 index 0000000..8259849 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java @@ -0,0 +1,120 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.Confounder; +import org.apache.kerby.kerberos.kerb.crypto.enc.provider.DesProvider; +import org.apache.kerby.kerberos.kerb.KrbException; + +import javax.crypto.spec.DESKeySpec; +import java.security.InvalidKeyException; + +public abstract class ConfounderedDesCheckSum extends AbstractKeyedCheckSumTypeHandler { + + public ConfounderedDesCheckSum(HashProvider hashProvider, + int computeSize, int outputSize) { + super(new DesProvider(), hashProvider, computeSize, outputSize); + } + + @Override + protected byte[] doChecksumWithKey(byte[] data, int start, int len, + byte[] key, int usage) throws KrbException { + int computeSize = computeSize(); + int blockSize = encProvider().blockSize(); + int hashSize = hashProvider().hashSize(); + + byte[] workBuffer = new byte[computeSize]; + + // confounder + byte[] conf = Confounder.makeBytes(blockSize); + + // confounder | data + byte[] toHash = new byte[blockSize + len]; + System.arraycopy(conf, 0, toHash, 0, blockSize); + System.arraycopy(data, start, toHash, blockSize, len); + + HashProvider hashProvider = hashProvider(); + hashProvider.hash(toHash); + byte[] hash = hashProvider.output(); + + // confounder | hash + System.arraycopy(conf, 0, workBuffer, 0, blockSize); + System.arraycopy(hash, 0, workBuffer, blockSize, hashSize); + + // key + byte[] newKey = deriveKey(key); + + encProvider().encrypt(newKey, workBuffer); + return workBuffer; + } + + protected byte[] deriveKey(byte[] key) { + return fixKey(xorKey(key)); + } + + protected byte[] xorKey(byte[] key) { + byte[] xorKey = new byte[encProvider().keySize()]; + System.arraycopy(key, 0, xorKey, 0, key.length); + for (int i = 0; i < xorKey.length; i++) { + xorKey[i] = (byte) (xorKey[i] ^ 0xf0); + } + + return xorKey; + } + + private byte[] fixKey(byte[] key) { + boolean isWeak = true; + try { + isWeak = DESKeySpec.isWeak(key, 0); + } catch (InvalidKeyException e) { + e.printStackTrace(); + } + if (isWeak) { + key[7] = (byte)(key[7] ^ 0xF0); + } + + return key; + } + + @Override + public boolean verifyWithKey(byte[] data,byte[] key, + int usage, byte[] checksum) throws KrbException { + int computeSize = computeSize(); + int blockSize = encProvider().blockSize(); + int hashSize = hashProvider().hashSize(); + + // key + byte[] newKey = deriveKey(key); + + encProvider().decrypt(newKey, checksum); + byte[] decrypted = checksum; // confounder | hash + + // confounder | data + byte[] toHash = new byte[blockSize + data.length]; + System.arraycopy(decrypted, 0, toHash, 0, blockSize); + System.arraycopy(data, 0, toHash, blockSize, data.length); + + HashProvider hashProvider = hashProvider(); + hashProvider.hash(toHash); + byte[] newHash = hashProvider.output(); + + return checksumEqual(newHash, decrypted, blockSize, hashSize); + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java new file mode 100644 index 0000000..e884144 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java @@ -0,0 +1,35 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler; +import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Crc32Provider; +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; + +public class Crc32CheckSum extends AbstractUnkeyedCheckSumTypeHandler { + + public Crc32CheckSum() { + super(new Crc32Provider(), 4, 4); + } + + public CheckSumType cksumType() { + return CheckSumType.CRC32; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java new file mode 100644 index 0000000..a7baf69 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java @@ -0,0 +1,33 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; + +public class DesCbcCheckSum extends ConfounderedDesCheckSum { + + public DesCbcCheckSum() { + super(null, 8, 8); + } + + public CheckSumType cksumType() { + return CheckSumType.DES_CBC; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java new file mode 100644 index 0000000..1586fb1 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java @@ -0,0 +1,35 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.KrbException; + +/** + * krb5_hash_provider + */ +public interface HashProvider { + + public int hashSize(); + public int blockSize(); + + public void hash(byte[] data, int start, int size) throws KrbException; + public void hash(byte[] data) throws KrbException; + public byte[] output(); +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java new file mode 100644 index 0000000..84d9031 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java @@ -0,0 +1,37 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.Hmac; +import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider; +import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider; +import org.apache.kerby.kerberos.kerb.KrbException; + +public abstract class HmacKcCheckSum extends KcCheckSum { + + public HmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) { + super(encProvider, new Sha1Provider(), computeSize, outputSize); + } + + protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException { + byte[] hmac = Hmac.hmac(hashProvider(), Kc, data, start, len); + return hmac; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java new file mode 100644 index 0000000..1ef5489 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java @@ -0,0 +1,73 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.Hmac; +import org.apache.kerby.kerberos.kerb.crypto.Rc4; +import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider; +import org.apache.kerby.kerberos.kerb.KrbException; +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; + +public class HmacMd5Rc4CheckSum extends AbstractKeyedCheckSumTypeHandler { + + public HmacMd5Rc4CheckSum() { + super(null, new Md5Provider(), 16, 16); + } + + public int confounderSize() { + return 8; + } + + public CheckSumType cksumType() { + return CheckSumType.HMAC_MD5_ARCFOUR; + } + + public boolean isSafe() { + return true; + } + + public int cksumSize() { + return 16; // bytes + } + + public int keySize() { + return 16; // bytes + } + + @Override + protected byte[] doChecksumWithKey(byte[] data, int start, int len, + byte[] key, int usage) throws KrbException { + + byte[] Ksign = null; + byte[] signKey = "signaturekey".getBytes(); + byte[] newSignKey = new byte[signKey.length + 1]; + System.arraycopy(signKey, 0, newSignKey, 0, signKey.length); + Ksign = Hmac.hmac(hashProvider(), key, newSignKey); + + byte[] salt = Rc4.getSalt(usage, false); + + hashProvider().hash(salt); + hashProvider().hash(data, start, len); + byte[] hashTmp = hashProvider().output(); + + byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp); + return hmac; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java new file mode 100644 index 0000000..c1a9c49 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java @@ -0,0 +1,53 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes128Provider; +import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker; +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; + +public class HmacSha1Aes128CheckSum extends HmacKcCheckSum { + + public HmacSha1Aes128CheckSum() { + super(new Aes128Provider(), 20, 12); + + keyMaker(new AesKeyMaker((Aes128Provider) encProvider())); + } + + public int confounderSize() { + return 16; + } + + public CheckSumType cksumType() { + return CheckSumType.HMAC_SHA1_96_AES128; + } + + public boolean isSafe() { + return true; + } + + public int cksumSize() { + return 12; // bytes + } + + public int keySize() { + return 16; // bytes + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java new file mode 100644 index 0000000..6a5195b --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java @@ -0,0 +1,53 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes256Provider; +import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker; +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; + +public class HmacSha1Aes256CheckSum extends HmacKcCheckSum { + + public HmacSha1Aes256CheckSum() { + super(new Aes256Provider(), 20, 12); + + keyMaker(new AesKeyMaker((Aes256Provider) encProvider())); + } + + public int confounderSize() { + return 16; + } + + public CheckSumType cksumType() { + return CheckSumType.HMAC_SHA1_96_AES256; + } + + public boolean isSafe() { + return true; + } + + public int cksumSize() { + return 12; // bytes + } + + public int keySize() { + return 32; // bytes + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java new file mode 100644 index 0000000..4f2080e --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java @@ -0,0 +1,53 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Des3Provider; +import org.apache.kerby.kerberos.kerb.crypto.key.Des3KeyMaker; +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; + +public class HmacSha1Des3CheckSum extends HmacKcCheckSum { + + public HmacSha1Des3CheckSum() { + super(new Des3Provider(), 20, 20); + + keyMaker(new Des3KeyMaker(encProvider())); + } + + public int confounderSize() { + return 8; + } + + public CheckSumType cksumType() { + return CheckSumType.HMAC_SHA1_DES3; + } + + public boolean isSafe() { + return true; + } + + public int cksumSize() { + return 20; // bytes + } + + public int keySize() { + return 24; // bytes + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java new file mode 100644 index 0000000..ee8faea --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java @@ -0,0 +1,48 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.BytesUtil; +import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider; +import org.apache.kerby.kerberos.kerb.crypto.key.DkKeyMaker; +import org.apache.kerby.kerberos.kerb.KrbException; + +public abstract class KcCheckSum extends AbstractKeyedCheckSumTypeHandler { + + public KcCheckSum(EncryptProvider encProvider, HashProvider hashProvider, + int computeSize, int outputSize) { + super(encProvider, hashProvider, computeSize, outputSize); + } + + @Override + protected byte[] doChecksumWithKey(byte[] data, int start, int len, + byte[] key, int usage) throws KrbException { + byte[] Kc; + byte[] constant = new byte[5]; + BytesUtil.int2bytes(usage, constant, 0, true); + constant[4] = (byte) 0x99; + Kc = ((DkKeyMaker) keyMaker()).dk(key, constant); + + byte[] mac = mac(Kc, data, start, len); + return mac; + } + + protected abstract byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException; +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java new file mode 100644 index 0000000..4939027 --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java @@ -0,0 +1,70 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.Hmac; +import org.apache.kerby.kerberos.kerb.crypto.Rc4; +import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider; +import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Rc4Provider; +import org.apache.kerby.kerberos.kerb.KrbException; +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; + +public class Md5HmacRc4CheckSum extends AbstractKeyedCheckSumTypeHandler { + + public Md5HmacRc4CheckSum() { + super(new Rc4Provider(), new Md5Provider(), 16, 16); + } + + public int confounderSize() { + return 8; + } + + public CheckSumType cksumType() { + return CheckSumType.MD5_HMAC_ARCFOUR; + } + + public boolean isSafe() { + return true; + } + + public int cksumSize() { + return 16; // bytes + } + + public int keySize() { + return 16; // bytes + } + + @Override + protected byte[] doChecksumWithKey(byte[] data, int start, int len, + byte[] key, int usage) throws KrbException { + + byte[] Ksign = key; + + byte[] salt = Rc4.getSalt(usage, false); + + hashProvider().hash(salt); + hashProvider().hash(data, start, len); + byte[] hashTmp = hashProvider().output(); + + byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp); + return hmac; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java new file mode 100644 index 0000000..73d6ebc --- /dev/null +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java @@ -0,0 +1,35 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.crypto.cksum; + +import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler; +import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md4Provider; +import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType; + +public class RsaMd4CheckSum extends AbstractUnkeyedCheckSumTypeHandler { + + public RsaMd4CheckSum() { + super(new Md4Provider(), 16, 16); + } + + public CheckSumType cksumType() { + return CheckSumType.RSA_MD4; + } +}