Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id ACF8510606 for ; Mon, 12 Jan 2015 13:06:09 +0000 (UTC) Received: (qmail 75223 invoked by uid 500); 12 Jan 2015 13:06:11 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 75115 invoked by uid 500); 12 Jan 2015 13:06:11 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 74203 invoked by uid 99); 12 Jan 2015 13:06:10 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Jan 2015 13:06:10 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 4CBDB9ABA58; Mon, 12 Jan 2015 13:06:10 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: drankye@apache.org To: commits@directory.apache.org Date: Mon, 12 Jan 2015 13:06:26 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [18/50] [abbrv] directory-kerberos git commit: Renaming packages in haox-kerb projects, using "apache" http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java new file mode 100644 index 0000000..070c748 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacEnc.java @@ -0,0 +1,130 @@ +package org.apache.kerberos.kerb.crypto.enc; + +import org.apache.kerberos.kerb.KrbErrorCode; +import org.apache.kerberos.kerb.crypto.BytesUtil; +import org.apache.kerberos.kerb.crypto.Confounder; +import org.apache.kerberos.kerb.crypto.Rc4; +import org.apache.kerberos.kerb.crypto.Hmac; +import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider; +import org.apache.kerberos.kerb.crypto.enc.provider.Rc4Provider; +import org.apache.kerberos.kerb.crypto.key.Rc4KeyMaker; +import org.apache.kerberos.kerb.KrbException; +import org.apache.kerberos.kerb.spec.common.CheckSumType; +import org.apache.kerberos.kerb.spec.common.EncryptionType; + +public class Rc4HmacEnc extends AbstractEncTypeHandler { + private boolean exportable; + + public Rc4HmacEnc() { + this(false); + } + + public Rc4HmacEnc(boolean exportable) { + super(new Rc4Provider(), new Md5Provider()); + keyMaker(new Rc4KeyMaker(this.encProvider())); + this.exportable = exportable; + } + + public EncryptionType eType() { + return EncryptionType.ARCFOUR_HMAC; + } + + @Override + public int confounderSize() { + return 8; + } + + @Override + public int paddingSize() { + return 0; + } + + public CheckSumType checksumType() { + return CheckSumType.HMAC_MD5_ARCFOUR; + } + + protected void encryptWith(byte[] workBuffer, int[] workLens, + byte[] key, byte[] iv, int usage) throws KrbException { + int confounderLen = workLens[0]; + int checksumLen = workLens[1]; + int dataLen = workLens[2]; + + /** + * Instead of E(Confounder | Checksum | Plaintext | Padding), + * Checksum | E(Confounder | Plaintext) + */ + + // confounder + byte[] confounder = Confounder.makeBytes(confounderLen); + System.arraycopy(confounder, 0, workBuffer, checksumLen, confounderLen); + + // no padding + + /* checksum and encryption */ + byte[] usageKey = makeUsageKey(key, usage); + + byte[] checksum = Hmac.hmac(hashProvider(), usageKey, workBuffer, + checksumLen, confounderLen + dataLen); + + byte[] encKey = makeEncKey(usageKey, checksum); + + byte[] tmpEnc = new byte[confounderLen + dataLen]; + System.arraycopy(workBuffer, checksumLen, + tmpEnc, 0, confounderLen + dataLen); + encProvider().encrypt(encKey, iv, tmpEnc); + System.arraycopy(checksum, 0, workBuffer, 0, checksumLen); + System.arraycopy(tmpEnc, 0, workBuffer, checksumLen, tmpEnc.length); + } + + protected byte[] makeUsageKey(byte[] key, int usage) throws KrbException { + byte[] salt = Rc4.getSalt(usage, exportable); + byte[] usageKey = Hmac.hmac(hashProvider(), key, salt); + return usageKey; + } + + protected byte[] makeEncKey(byte[] usageKey, byte[] checksum) throws KrbException { + byte[] tmpKey = usageKey; + + if (exportable) { + tmpKey = BytesUtil.duplicate(usageKey); + for (int i = 0; i < 9; ++i) { + tmpKey[i + 7] = (byte) 0xab; + } + } + + byte[] encKey = Hmac.hmac(hashProvider(), tmpKey, checksum); + return encKey; + } + + @Override + protected byte[] decryptWith(byte[] workBuffer, int[] workLens, + byte[] key, byte[] iv, int usage) throws KrbException { + int confounderLen = workLens[0]; + int checksumLen = workLens[1]; + int dataLen = workLens[2]; + + /* checksum and decryption */ + byte[] usageKey = makeUsageKey(key, usage); + + byte[] checksum = new byte[checksumLen]; + System.arraycopy(workBuffer, 0, checksum, 0, checksumLen); + + byte[] encKey = makeEncKey(usageKey, checksum); + + byte[] tmpEnc = new byte[confounderLen + dataLen]; + System.arraycopy(workBuffer, checksumLen, + tmpEnc, 0, confounderLen + dataLen); + encProvider().decrypt(encKey, iv, tmpEnc); + + byte[] newChecksum = Hmac.hmac(hashProvider(), usageKey, tmpEnc); + if (! checksumEqual(checksum, newChecksum)) { + throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY); + } + + byte[] data = new byte[dataLen]; + System.arraycopy(tmpEnc, confounderLen, + data, 0, dataLen); + + return data; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java new file mode 100644 index 0000000..adfde46 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Rc4HmacExpEnc.java @@ -0,0 +1,14 @@ +package org.apache.kerberos.kerb.crypto.enc; + +import org.apache.kerberos.kerb.spec.common.EncryptionType; + +public class Rc4HmacExpEnc extends Rc4HmacEnc { + + public Rc4HmacExpEnc() { + super(true); + } + + public EncryptionType eType() { + return EncryptionType.ARCFOUR_HMAC_EXP; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java new file mode 100644 index 0000000..9d35e7a --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AbstractEncryptProvider.java @@ -0,0 +1,80 @@ +package org.apache.kerberos.kerb.crypto.enc.provider; + +import org.apache.kerberos.kerb.crypto.enc.EncryptProvider; +import org.apache.kerberos.kerb.KrbException; + +public abstract class AbstractEncryptProvider implements EncryptProvider { + private int blockSize; + private int keyInputSize; + private int keySize; + + public AbstractEncryptProvider(int blockSize, int keyInputSize, int keySize) { + this.blockSize = blockSize; + this.keyInputSize = keyInputSize; + this.keySize = keySize; + } + + @Override + public int keyInputSize() { + return keyInputSize; + } + + @Override + public int keySize() { + return keySize; + } + + @Override + public int blockSize() { + return blockSize; + } + + @Override + public byte[] initState(byte[] key, int keyUsage) { + return new byte[0]; + } + + @Override + public void encrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException { + doEncrypt(data, key, cipherState, true); + } + + @Override + public void decrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException { + doEncrypt(data, key, cipherState, false); + } + + @Override + public void encrypt(byte[] key, byte[] data) throws KrbException { + byte[] cipherState = new byte[blockSize()]; + encrypt(key, cipherState, data); + } + + @Override + public void decrypt(byte[] key, byte[] data) throws KrbException { + byte[] cipherState = new byte[blockSize()]; + decrypt(key, cipherState, data); + } + + protected abstract void doEncrypt(byte[] data, byte[] key, byte[] cipherState, boolean encrypt) throws KrbException; + + @Override + public byte[] cbcMac(byte[] key, byte[] iv, byte[] data) throws KrbException { + throw new UnsupportedOperationException(); + } + + @Override + public boolean supportCbcMac() { + return false; + } + + @Override + public void cleanState() { + + } + + @Override + public void cleanKey() { + + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java new file mode 100644 index 0000000..2efd4f0 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes128Provider.java @@ -0,0 +1,8 @@ +package org.apache.kerberos.kerb.crypto.enc.provider; + +public class Aes128Provider extends AesProvider { + + public Aes128Provider() { + super(16, 16, 16); + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java new file mode 100644 index 0000000..377de2b --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Aes256Provider.java @@ -0,0 +1,8 @@ +package org.apache.kerberos.kerb.crypto.enc.provider; + +public class Aes256Provider extends AesProvider { + + public Aes256Provider() { + super(16, 32, 32); + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java new file mode 100644 index 0000000..d2ecf6a --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/AesProvider.java @@ -0,0 +1,43 @@ +package org.apache.kerberos.kerb.crypto.enc.provider; + +import org.apache.kerberos.kerb.KrbException; + +import javax.crypto.Cipher; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.GeneralSecurityException; + +public abstract class AesProvider extends AbstractEncryptProvider { + + public AesProvider(int blockSize, int keyInputSize, int keySize) { + super(blockSize, keyInputSize, keySize); + } + + @Override + protected void doEncrypt(byte[] data, byte[] key, + byte[] cipherState, boolean encrypt) throws KrbException { + Cipher cipher = null; + try { + cipher = Cipher.getInstance("AES/CTS/NoPadding"); + } catch (GeneralSecurityException e) { + KrbException ke = new KrbException("JCE provider may not be installed. " + + e.getMessage()); + ke.initCause(e); + throw ke; + } + + try { + SecretKeySpec secretKey = new SecretKeySpec(key, "AES"); + IvParameterSpec param = new IvParameterSpec(cipherState); + + cipher.init(encrypt ? + Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey, param); + byte[] output = cipher.doFinal(data); + System.arraycopy(output, 0, data, 0, output.length); + } catch (GeneralSecurityException e) { + KrbException ke = new KrbException(e.getMessage()); + ke.initCause(e); + throw ke; + } + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java new file mode 100644 index 0000000..3e8efaa --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia128Provider.java @@ -0,0 +1,8 @@ +package org.apache.kerberos.kerb.crypto.enc.provider; + +public class Camellia128Provider extends CamelliaProvider { + + public Camellia128Provider() { + super(16, 16, 16); + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java new file mode 100644 index 0000000..66efdb7 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Camellia256Provider.java @@ -0,0 +1,8 @@ +package org.apache.kerberos.kerb.crypto.enc.provider; + +public class Camellia256Provider extends CamelliaProvider { + + public Camellia256Provider() { + super(16, 32, 32); + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java new file mode 100644 index 0000000..0e8e7b6 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/CamelliaProvider.java @@ -0,0 +1,39 @@ +package org.apache.kerberos.kerb.crypto.enc.provider; + +import org.apache.kerberos.kerb.crypto.Camellia; +import org.apache.kerberos.kerb.KrbException; + +public abstract class CamelliaProvider extends AbstractEncryptProvider { + + public CamelliaProvider(int blockSize, int keyInputSize, int keySize) { + super(blockSize, keyInputSize, keySize); + } + + @Override + protected void doEncrypt(byte[] data, byte[] key, + byte[] cipherState, boolean encrypt) throws KrbException { + + Camellia cipher = new Camellia(); + cipher.setKey(encrypt, key); + if (encrypt) { + cipher.encrypt(data, cipherState); + } else { + cipher.decrypt(data, cipherState); + } + } + + @Override + public boolean supportCbcMac() { + return true; + } + + @Override + public byte[] cbcMac(byte[] key, byte[] cipherState, byte[] data) { + Camellia cipher = new Camellia(); + cipher.setKey(true, key); + + int blocksNum = data.length / blockSize(); + cipher.cbcEnc(data, 0, blocksNum, cipherState); + return data; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java new file mode 100644 index 0000000..a2b7e28 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Des3Provider.java @@ -0,0 +1,46 @@ +package org.apache.kerberos.kerb.crypto.enc.provider; + +import org.apache.kerberos.kerb.KrbException; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.DESedeKeySpec; +import javax.crypto.spec.IvParameterSpec; +import java.security.GeneralSecurityException; +import java.security.spec.KeySpec; + +public class Des3Provider extends AbstractEncryptProvider { + + public Des3Provider() { + super(8, 21, 24); + } + + @Override + protected void doEncrypt(byte[] input, byte[] key, + byte[] cipherState, boolean encrypt) throws KrbException { + + Cipher cipher = null; + try { + cipher = Cipher.getInstance("DESede/CBC/NoPadding"); + } catch (GeneralSecurityException e) { + throw new KrbException("Failed to init cipher", e); + } + + try { + IvParameterSpec params = new IvParameterSpec(cipherState); + KeySpec skSpec = new DESedeKeySpec(key, 0); + + SecretKeyFactory skf = SecretKeyFactory.getInstance("desede"); + SecretKey secretKey = skf.generateSecret(skSpec); + + cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey, params); + + byte[] output = cipher.doFinal(input); + System.arraycopy(output, 0, input, 0, output.length); + } catch (GeneralSecurityException e) { + throw new KrbException("Failed to doEncrypt", e); + } + } + +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java new file mode 100644 index 0000000..9a35500 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/DesProvider.java @@ -0,0 +1,79 @@ +package org.apache.kerberos.kerb.crypto.enc.provider; + +import org.apache.kerberos.kerb.KrbException; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.GeneralSecurityException; + +public class DesProvider extends AbstractEncryptProvider { + + public DesProvider() { + super(8, 7, 8); + } + + @Override + protected void doEncrypt(byte[] input, byte[] key, + byte[] cipherState, boolean encrypt) throws KrbException { + + Cipher cipher = null; + try { + cipher = Cipher.getInstance("DES/CBC/NoPadding"); + } catch (GeneralSecurityException e) { + throw new KrbException("Failed to init cipher", e); + } + IvParameterSpec params = new IvParameterSpec(cipherState); + SecretKeySpec skSpec = new SecretKeySpec(key, "DES"); + try { + SecretKeyFactory skf = SecretKeyFactory.getInstance("DES"); + SecretKey sk = (SecretKey) skSpec; + + cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, sk, params); + + byte[] output = cipher.doFinal(input); + System.arraycopy(output, 0, input, 0, output.length); + } catch (GeneralSecurityException e) { + KrbException ke = new KrbException(e.getMessage()); + ke.initCause(e); + throw ke; + } + } + + @Override + public byte[] cbcMac(byte[] key, byte[] cipherState, byte[] data) throws KrbException { + Cipher cipher = null; + try { + cipher = Cipher.getInstance("DES/CBC/NoPadding"); + } catch (GeneralSecurityException e) { + throw new KrbException("Failed to init cipher", e); + } + IvParameterSpec params = new IvParameterSpec(cipherState); + SecretKeySpec skSpec = new SecretKeySpec(key, "DES"); + + byte[] output = null; + try { + SecretKeyFactory skf = SecretKeyFactory.getInstance("DES"); + // SecretKey sk = skf.generateSecret(skSpec); + SecretKey sk = (SecretKey) skSpec; + cipher.init(Cipher.ENCRYPT_MODE, sk, params); + for (int i = 0; i < data.length / 8; i++) { + output = cipher.doFinal(data, i * 8, 8); + cipher.init(Cipher.ENCRYPT_MODE, sk, (new IvParameterSpec(output))); + } + } + catch (GeneralSecurityException e) { + KrbException ke = new KrbException(e.getMessage()); + ke.initCause(e); + throw ke; + } + return output; + } + + @Override + public boolean supportCbcMac() { + return true; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java new file mode 100644 index 0000000..3fbfece --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/provider/Rc4Provider.java @@ -0,0 +1,30 @@ +package org.apache.kerberos.kerb.crypto.enc.provider; + +import org.apache.kerberos.kerb.KrbException; + +import javax.crypto.Cipher; +import javax.crypto.spec.SecretKeySpec; +import java.security.GeneralSecurityException; + +public class Rc4Provider extends AbstractEncryptProvider { + + public Rc4Provider() { + super(1, 16, 16); + } + + @Override + protected void doEncrypt(byte[] data, byte[] key, + byte[] cipherState, boolean encrypt) throws KrbException { + try { + Cipher cipher = Cipher.getInstance("ARCFOUR"); + SecretKeySpec secretKey = new SecretKeySpec(key, "ARCFOUR"); + cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey); + byte[] output = cipher.doFinal(data); + System.arraycopy(output, 0, data, 0, output.length); + } catch (GeneralSecurityException e) { + KrbException ke = new KrbException(e.getMessage()); + ke.initCause(e); + throw ke; + } + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java new file mode 100644 index 0000000..5e12151 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AbstractKeyMaker.java @@ -0,0 +1,67 @@ +package org.apache.kerberos.kerb.crypto.key; + +import org.apache.kerberos.kerb.crypto.BytesUtil; +import org.apache.kerberos.kerb.crypto.enc.EncryptProvider; +import org.apache.kerberos.kerb.KrbException; + +import java.io.UnsupportedEncodingException; + +public abstract class AbstractKeyMaker implements KeyMaker { + + protected static final byte[] KERBEROS_CONSTANT = "kerberos".getBytes(); + + private EncryptProvider encProvider; + + public AbstractKeyMaker(EncryptProvider encProvider) { + this.encProvider = encProvider; + } + + protected EncryptProvider encProvider() { + return encProvider; + } + + @Override + public byte[] random2Key(byte[] randomBits) throws KrbException { + return new byte[0]; + } + + protected static char[] makePasswdSalt(String password, String salt) { + char[] result = new char[password.length() + salt.length()]; + System.arraycopy(password.toCharArray(), 0, result, 0, password.length()); + System.arraycopy(salt.toCharArray(), 0, result, password.length(), salt.length()); + + return result; + } + + protected static int getIterCount(byte[] param, int defCount) { + int iterCount = defCount; + + if (param != null) { + if (param.length != 4) { + throw new IllegalArgumentException("Invalid param to str2Key"); + } + iterCount = BytesUtil.bytes2int(param, 0, true); + } + + return iterCount; + } + + protected static byte[] getSaltBytes(String salt, String pepper) + throws UnsupportedEncodingException { + byte[] saltBytes = salt.getBytes("UTF-8"); + if (pepper != null && ! pepper.isEmpty()) { + byte[] pepperBytes = pepper.getBytes("UTF-8"); + int len = saltBytes.length; + len += 1 + pepperBytes.length; + byte[] results = new byte[len]; + System.arraycopy(pepperBytes, 0, results, 0, pepperBytes.length); + results[pepperBytes.length] = (byte) 0; + System.arraycopy(saltBytes, 0, + results, pepperBytes.length + 1, saltBytes.length); + + return results; + } else { + return saltBytes; + } + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java new file mode 100644 index 0000000..7317657 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/AesKeyMaker.java @@ -0,0 +1,46 @@ +package org.apache.kerberos.kerb.crypto.key; + +import org.apache.kerberos.kerb.KrbException; +import org.apache.kerberos.kerb.crypto.Pbkdf; +import org.apache.kerberos.kerb.crypto.enc.provider.AesProvider; + +import java.io.UnsupportedEncodingException; +import java.security.GeneralSecurityException; + +public class AesKeyMaker extends DkKeyMaker { + + public AesKeyMaker(AesProvider encProvider) { + super(encProvider); + } + + @Override + public byte[] random2Key(byte[] randomBits) throws KrbException { + return randomBits; + } + + @Override + public byte[] str2key(String string, String salt, byte[] param) throws KrbException { + int iterCount = getIterCount(param, 4096); + + byte[] saltBytes = null; + try { + saltBytes = getSaltBytes(salt, null); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + + int keySize = encProvider().keySize(); + byte[] random = new byte[0]; + try { + random = Pbkdf.PBKDF2(string.toCharArray(), saltBytes, iterCount, keySize); + } catch (GeneralSecurityException e) { + throw new KrbException("PBKDF2 failed", e); + } + + byte[] tmpKey = random2Key(random); + byte[] result = dk(tmpKey, KERBEROS_CONSTANT); + + return result; + } + +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java new file mode 100644 index 0000000..2d89178 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/CamelliaKeyMaker.java @@ -0,0 +1,102 @@ +package org.apache.kerberos.kerb.crypto.key; + +import org.apache.kerberos.kerb.crypto.BytesUtil; +import org.apache.kerberos.kerb.crypto.Cmac; +import org.apache.kerberos.kerb.crypto.Pbkdf; +import org.apache.kerberos.kerb.crypto.enc.provider.CamelliaProvider; +import org.apache.kerberos.kerb.KrbException; + +import java.io.UnsupportedEncodingException; +import java.security.GeneralSecurityException; + +public class CamelliaKeyMaker extends DkKeyMaker { + + public CamelliaKeyMaker(CamelliaProvider encProvider) { + super(encProvider); + } + + @Override + public byte[] random2Key(byte[] randomBits) throws KrbException { + return randomBits; + } + + @Override + public byte[] str2key(String string, String salt, byte[] param) throws KrbException { + int iterCount = getIterCount(param, 32768); + + byte[] saltBytes = null; + try { + saltBytes = getSaltBytes(salt, getPepper()); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + + int keySize = encProvider().keySize(); + byte[] random = new byte[0]; + try { + random = Pbkdf.PBKDF2(string.toCharArray(), saltBytes, iterCount, keySize); + } catch (GeneralSecurityException e) { + throw new KrbException("PBKDF2 failed", e); + } + + byte[] tmpKey = random2Key(random); + byte[] result = dk(tmpKey, KERBEROS_CONSTANT); + + return result; + } + + private String getPepper() { + int keySize = encProvider().keySize(); + String pepper = keySize == 16 ? "camellia128-cts-cmac" : "camellia256-cts-cmac"; + return pepper; + } + + /* + * NIST SP800-108 KDF in feedback mode (section 5.2). + */ + @Override + protected byte[] dr(byte[] key, byte[] constant) throws KrbException { + + int blocksize = encProvider().blockSize(); + int keyInuptSize = encProvider().keyInputSize(); + byte[] keyBytes = new byte[keyInuptSize]; + byte[] Ki; + + int len = 0; + // K(i-1): the previous block of PRF output, initially all-zeros. + len += blocksize; + // four-byte big-endian binary string giving the block counter + len += 4; + // the fixed derived-key input + len += constant.length; + // 0x00: separator byte + len += 1; + // four-byte big-endian binary string giving the output length + len += 4; + + Ki = new byte[len]; + System.arraycopy(constant, 0, Ki, blocksize + 4, constant.length); + BytesUtil.int2bytes(keyInuptSize * 8, Ki, len - 4, true); + + int i, n = 0; + byte[] tmp; + for (i = 1, n = 0; n < keyInuptSize; i++) { + // Update the block counter + BytesUtil.int2bytes(i, Ki, blocksize, true); + + // Compute a CMAC checksum, update Ki with the result + tmp = Cmac.cmac(encProvider(), key, Ki); + System.arraycopy(tmp, 0, Ki, 0, blocksize); + + if (n + blocksize >= keyInuptSize) { + System.arraycopy(Ki, 0, keyBytes, n, keyInuptSize - n); + break; + } + + System.arraycopy(Ki, 0, keyBytes, n, blocksize); + n += blocksize; + } + + return keyBytes; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java new file mode 100644 index 0000000..e3ae1c9 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java @@ -0,0 +1,101 @@ +package org.apache.kerberos.kerb.crypto.key; + +import org.apache.kerberos.kerb.crypto.Des; +import org.apache.kerberos.kerb.crypto.Nfold; +import org.apache.kerberos.kerb.crypto.enc.EncryptProvider; +import org.apache.kerberos.kerb.KrbException; + +import java.io.UnsupportedEncodingException; + +public class Des3KeyMaker extends DkKeyMaker { + + public Des3KeyMaker(EncryptProvider encProvider) { + super(encProvider); + } + + @Override + public byte[] str2key(String string, String salt, byte[] param) throws KrbException { + char[] passwdSalt = makePasswdSalt(string, salt); + int keyInputSize = encProvider().keyInputSize(); + try { + byte[] utf8Bytes = new String(passwdSalt).getBytes("UTF-8"); + byte[] tmpKey = random2Key(Nfold.nfold(utf8Bytes, keyInputSize)); + return dk(tmpKey, KERBEROS_CONSTANT); + } catch (UnsupportedEncodingException e) { + throw new KrbException("str2key failed", e); + } + } + + /* + * The 168 bits of random key data are converted to a protocol key value + * as follows. First, the 168 bits are divided into three groups of 56 + * bits, which are expanded individually into 64 bits as in des3Expand(). + * Result is a 24 byte (192-bit) key. + */ + @Override + public byte[] random2Key(byte[] randomBits) throws KrbException { + byte[] one = Des.fixKey(des3Expand(randomBits, 0, 7)); + byte[] two = Des.fixKey(des3Expand(randomBits, 7, 14)); + byte[] three = Des.fixKey(des3Expand(randomBits, 14, 21)); + + byte[] key = new byte[24]; + System.arraycopy(one, 0, key, 0, 8); + System.arraycopy(two, 0, key, 8, 8); + System.arraycopy(three, 0, key, 16, 8); + + return key; + } + + /** + * Expands a 7-byte array into an 8-byte array that contains parity bits. + * The 56 bits are expanded into 64 bits as follows: + * 1 2 3 4 5 6 7 p + * 9 10 11 12 13 14 15 p + * 17 18 19 20 21 22 23 p + * 25 26 27 28 29 30 31 p + * 33 34 35 36 37 38 39 p + * 41 42 43 44 45 46 47 p + * 49 50 51 52 53 54 55 p + * 56 48 40 32 24 16 8 p + * + * (PI,P2,...,P8) are reserved for parity bits computed on the preceding + * seven independent bits and set so that the parity of the octet is odd, + * i.e., there is an odd number of "1" bits in the octet. + */ + private static byte[] des3Expand(byte[] input, int start, int end) { + if ((end - start) != 7) + throw new IllegalArgumentException( + "Invalid length of DES Key Value:" + start + "," + end); + + byte[] result = new byte[8]; + byte last = 0; + System.arraycopy(input, start, result, 0, 7); + byte posn = 0; + + // Fill in last row + for (int i = start; i < end; i++) { + byte bit = (byte) (input[i]&0x01); + + ++posn; + if (bit != 0) { + last |= (bit<>> j) << (63 - j); + } + l = l1 >>> 1; + } + lKey ^= (l << 1); + } + + return lKey; + } + + private byte[] passwd2key(char[] passwdChars) throws KrbException { + int keySize = 8; + + byte[] bytes = (new String(passwdChars)).getBytes(); + byte[] passwdBytes = BytesUtil.padding(bytes, keySize); + long lKey = passwd2long(passwdBytes); + + byte[] keyBytes = BytesUtil.long2bytes(lKey, true); + fixKey(keyBytes); + + byte[] iv = keyBytes; + byte[] encKey = keyBytes; + + byte[] bKey = null; + if (encProvider().supportCbcMac()) { + bKey = encProvider().cbcMac(iv, encKey, passwdBytes); + } else { + throw new KrbException("cbcMac should be supported by the provider: " + + encProvider().getClass()); + } + + fixKey(bKey); + + return bKey; + } + + private void fixKey(byte[] key) { + setParity(key); + if (Des.isWeakKey(key)) { + Des.fixKey(key); + } + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java new file mode 100644 index 0000000..a29e0e1 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DkKeyMaker.java @@ -0,0 +1,54 @@ +package org.apache.kerberos.kerb.crypto.key; + +import org.apache.kerberos.kerb.KrbException; +import org.apache.kerberos.kerb.crypto.Nfold; +import org.apache.kerberos.kerb.crypto.enc.EncryptProvider; + +public abstract class DkKeyMaker extends AbstractKeyMaker { + + public DkKeyMaker(EncryptProvider encProvider) { + super(encProvider); + } + + // DK(Key, Constant) = random-to-key(DR(Key, Constant)) + public byte[] dk(byte[] key, byte[] constant) throws KrbException { + return random2Key(dr(key, constant)); + } + + /* + * K1 = E(Key, n-fold(Constant), initial-cipher-state) + * K2 = E(Key, K1, initial-cipher-state) + * K3 = E(Key, K2, initial-cipher-state) + * K4 = ... + * DR(Key, Constant) = k-truncate(K1 | K2 | K3 | K4 ...) + */ + protected byte[] dr(byte[] key, byte[] constant) throws KrbException { + + int blocksize = encProvider().blockSize(); + int keyInuptSize = encProvider().keyInputSize(); + byte[] keyBytes = new byte[keyInuptSize]; + byte[] Ki; + + if (constant.length != blocksize) { + Ki = Nfold.nfold(constant, blocksize); + } else { + Ki = new byte[constant.length]; + System.arraycopy(constant, 0, Ki, 0, constant.length); + } + + int n = 0, len; + while (n < keyInuptSize) { + encProvider().encrypt(key, Ki); + + if (n + blocksize >= keyInuptSize) { + System.arraycopy(Ki, 0, keyBytes, n, keyInuptSize - n); + break; + } + + System.arraycopy(Ki, 0, keyBytes, n, blocksize); + n += blocksize; + } + + return keyBytes; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java new file mode 100644 index 0000000..a0789d9 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/KeyMaker.java @@ -0,0 +1,10 @@ +package org.apache.kerberos.kerb.crypto.key; + +import org.apache.kerberos.kerb.KrbException; + +public interface KeyMaker { + + public byte[] str2key(String string, String salt, byte[] param) throws KrbException; + + public byte[] random2Key(byte[] randomBits) throws KrbException; +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java new file mode 100644 index 0000000..e64ffe3 --- /dev/null +++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Rc4KeyMaker.java @@ -0,0 +1,33 @@ +package org.apache.kerberos.kerb.crypto.key; + +import org.apache.kerberos.kerb.crypto.enc.EncryptProvider; +import org.apache.kerberos.kerb.KrbException; +import sun.security.provider.MD4; + +import java.io.UnsupportedEncodingException; +import java.security.MessageDigest; + +public class Rc4KeyMaker extends AbstractKeyMaker { + + public Rc4KeyMaker(EncryptProvider encProvider) { + super(encProvider); + } + + @Override + public byte[] str2key(String string, String salt, byte[] param) throws KrbException { + + if (param != null && param.length > 0) { + throw new RuntimeException("Invalid param to str2Key"); + } + + try { + byte[] passwd = string.getBytes("UTF-16LE"); // to unicode + MessageDigest md = MD4.getInstance(); + md.update(passwd); + return md.digest(); + } catch (UnsupportedEncodingException e) { + throw new KrbException("str2key failed", e); + } + } + +} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/AbstractCryptoTypeHandler.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/AbstractCryptoTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/AbstractCryptoTypeHandler.java deleted file mode 100644 index 18a06fb..0000000 --- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/AbstractCryptoTypeHandler.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.haox.kerb.crypto; - -import org.haox.kerb.crypto.cksum.HashProvider; -import org.haox.kerb.crypto.enc.EncryptProvider; - -import java.util.Arrays; - -public abstract class AbstractCryptoTypeHandler implements CryptoTypeHandler { - - private EncryptProvider encProvider; - private HashProvider hashProvider; - - public AbstractCryptoTypeHandler(EncryptProvider encProvider, - HashProvider hashProvider) { - this.encProvider = encProvider; - this.hashProvider = hashProvider; - } - - @Override - public EncryptProvider encProvider() { - return encProvider; - } - - @Override - public HashProvider hashProvider() { - return hashProvider; - } - - protected static boolean checksumEqual(byte[] cksum1, byte[] cksum2) { - return Arrays.equals(cksum1, cksum2); - } - - protected static boolean checksumEqual(byte[] cksum1, byte[] cksum2, int cksum2Start, int len) { - if (cksum1 == cksum2) - return true; - if (cksum1 == null || cksum2 == null) - return false; - - if (len <= cksum2.length && len <= cksum1.length) { - for (int i = 0; i < len; i++) - if (cksum1[i] != cksum2[cksum2Start + i]) - return false; - } else { - return false; - } - - return true; - } -} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/BytesUtil.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/BytesUtil.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/BytesUtil.java deleted file mode 100644 index 33721a7..0000000 --- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/BytesUtil.java +++ /dev/null @@ -1,144 +0,0 @@ -package org.haox.kerb.crypto; - -public class BytesUtil { - - public static short bytes2short(byte[] bytes, int offset, boolean bigEndian) { - short val = 0; - - if (bigEndian) { - val += (bytes[offset + 0] & 0xff) << 8; - val += (bytes[offset + 1] & 0xff); - } else { - val += (bytes[offset + 1] & 0xff) << 8; - val += (bytes[offset + 0] & 0xff); - } - - return val; - } - - public static short bytes2short(byte[] bytes, boolean bigEndian) { - return bytes2short(bytes, 0, bigEndian); - } - - public static byte[] short2bytes(int val, boolean bigEndian) { - byte[] bytes = new byte[2]; - - short2bytes(val, bytes, 0, bigEndian); - - return bytes; - } - - public static void short2bytes(int val, byte[] bytes, int offset, boolean bigEndian) { - if (bigEndian) { - bytes[offset + 0] = (byte) ((val >> 8) & 0xff); - bytes[offset + 1] = (byte) ((val) & 0xff); - } else { - bytes[offset + 1] = (byte) ((val >> 8) & 0xff); - bytes[offset + 0] = (byte) ((val ) & 0xff); - } - } - - public static int bytes2int(byte[] bytes, boolean bigEndian) { - return bytes2int(bytes, 0, bigEndian); - } - - public static int bytes2int(byte[] bytes, int offset, boolean bigEndian) { - int val = 0; - - if (bigEndian) { - val += (bytes[offset + 0] & 0xff) << 24; - val += (bytes[offset + 1] & 0xff) << 16; - val += (bytes[offset + 2] & 0xff) << 8; - val += (bytes[offset + 3] & 0xff); - } else { - val += (bytes[offset + 3] & 0xff) << 24; - val += (bytes[offset + 2] & 0xff) << 16; - val += (bytes[offset + 1] & 0xff) << 8; - val += (bytes[offset + 0] & 0xff); - } - - return val; - } - - public static byte[] int2bytes(int val, boolean bigEndian) { - byte[] bytes = new byte[4]; - - int2bytes(val, bytes, 0, bigEndian); - - return bytes; - } - - public static void int2bytes(int val, byte[] bytes, int offset, boolean bigEndian) { - if (bigEndian) { - bytes[offset + 0] = (byte) ((val >> 24) & 0xff); - bytes[offset + 1] = (byte) ((val >> 16) & 0xff); - bytes[offset + 2] = (byte) ((val >> 8) & 0xff); - bytes[offset + 3] = (byte) ((val) & 0xff); - } else { - bytes[offset + 3] = (byte) ((val >> 24) & 0xff); - bytes[offset + 2] = (byte) ((val >> 16) & 0xff); - bytes[offset + 1] = (byte) ((val >> 8) & 0xff); - bytes[offset + 0] = (byte) ((val) & 0xff); - } - } - - public static byte[] long2bytes(long val, boolean bigEndian) { - byte[] bytes = new byte[8]; - long2bytes(val, bytes, 0, bigEndian); - return bytes; - } - - public static void long2bytes(long val, byte[] bytes, int offset, boolean bigEndian) { - if (bigEndian) { - for (int i = 0; i < 8; i++) { - bytes[i + offset] = (byte) ((val >> ((7 - i) * 8)) & 0xffL); - } - } else { - for (int i = 0; i < 8; i++) { - bytes[i + offset] = (byte) ((val >> (i * 8)) & 0xffL); - } - } - } - - public static long bytes2long(byte[] bytes, boolean bigEndian) { - return bytes2long(bytes, 0, bigEndian); - } - - public static long bytes2long(byte[] bytes, int offset, boolean bigEndian) { - long val = 0; - - if (bigEndian) { - for (int i = 0; i < 8; i++) { - val |= (((long) bytes[i + offset]) & 0xffL) << ((7 - i) * 8); - } - } else { - for (int i = 0; i < 8; i++) { - val |= (((long) bytes[i + offset]) & 0xffL) << (i * 8); - } - } - - return val; - } - - public static byte[] padding(byte[] data, int block) { - int len = data.length; - int paddingLen = len % block != 0 ? 8 - len % block : 0; - if (paddingLen == 0) { - return data; - } - - byte[] result = new byte[len + + paddingLen]; - System.arraycopy(data, 0, result, 0, len); - return result; - } - - public static byte[] duplicate(byte[] bytes) { - return duplicate(bytes, 0, bytes.length); - } - - public static byte[] duplicate(byte[] bytes, int offset, int len) { - byte[] dup = new byte[len]; - System.arraycopy(bytes, offset, dup, 0, len); - return dup; - } -} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/Camellia.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/Camellia.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/Camellia.java deleted file mode 100644 index cff5e9d..0000000 --- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/Camellia.java +++ /dev/null @@ -1,229 +0,0 @@ -package org.haox.kerb.crypto; - -/** - * Camellia - based on RFC 3713, about half the size of CamelliaEngine. - */ - -public class Camellia { - private static final int BLOCK_SIZE = 16; - private int[] state = new int[4]; // for encryption and decryption - - private CamelliaKey camKey; - - public void setKey(boolean forEncryption, byte[] key) { - camKey = new CamelliaKey(key, forEncryption); - } - - private void process128Block(byte[] in, int inOff, - byte[] out, int outOff) { - for (int i = 0; i < 4; i++) { - state[i] = BytesUtil.bytes2int(in, inOff + (i * 4), true); - state[i] ^= camKey.kw[i]; - } - - camKey.f2(state, camKey.subkey, 0); - camKey.f2(state, camKey.subkey, 4); - camKey.f2(state, camKey.subkey, 8); - camKey.fls(state, camKey.ke, 0); - camKey.f2(state, camKey.subkey, 12); - camKey.f2(state, camKey.subkey, 16); - camKey.f2(state, camKey.subkey, 20); - camKey.fls(state, camKey.ke, 4); - camKey.f2(state, camKey.subkey, 24); - camKey.f2(state, camKey.subkey, 28); - camKey.f2(state, camKey.subkey, 32); - - state[2] ^= camKey.kw[4]; - state[3] ^= camKey.kw[5]; - state[0] ^= camKey.kw[6]; - state[1] ^= camKey.kw[7]; - - BytesUtil.int2bytes(state[2], out, outOff, true); - BytesUtil.int2bytes(state[3], out, outOff + 4, true); - BytesUtil.int2bytes(state[0], out, outOff + 8, true); - BytesUtil.int2bytes(state[1], out, outOff + 12, true); - } - - private void processBlockLargerBlock(byte[] in, int inOff, - byte[] out, int outOff) { - for (int i = 0; i < 4; i++) { - state[i] = BytesUtil.bytes2int(in, inOff + (i * 4), true); - state[i] ^= camKey.kw[i]; - } - - camKey.f2(state, camKey.subkey, 0); - camKey.f2(state, camKey.subkey, 4); - camKey.f2(state, camKey.subkey, 8); - camKey.fls(state, camKey.ke, 0); - camKey.f2(state, camKey.subkey, 12); - camKey.f2(state, camKey.subkey, 16); - camKey.f2(state, camKey.subkey, 20); - camKey.fls(state, camKey.ke, 4); - camKey.f2(state, camKey.subkey, 24); - camKey.f2(state, camKey.subkey, 28); - camKey.f2(state, camKey.subkey, 32); - camKey.fls(state, camKey.ke, 8); - camKey.f2(state, camKey.subkey, 36); - camKey.f2(state, camKey.subkey, 40); - camKey.f2(state, camKey.subkey, 44); - - state[2] ^= camKey.kw[4]; - state[3] ^= camKey.kw[5]; - state[0] ^= camKey.kw[6]; - state[1] ^= camKey.kw[7]; - - BytesUtil.int2bytes(state[2], out, outOff, true); - BytesUtil.int2bytes(state[3], out, outOff + 4, true); - BytesUtil.int2bytes(state[0], out, outOff + 8, true); - BytesUtil.int2bytes(state[1], out, outOff + 12, true); - } - - public void processBlock(byte[] in, int inOff) { - byte[] out = new byte[BLOCK_SIZE]; - - if (camKey.is128()) { - process128Block(in, inOff, out, 0); - } else { - processBlockLargerBlock(in, inOff, out, 0); - } - - System.arraycopy(out, 0, in, inOff, BLOCK_SIZE); - } - - public void encrypt(byte[] data, byte[] iv) { - byte[] cipher = new byte[BLOCK_SIZE]; - byte[] cipherState = new byte[BLOCK_SIZE]; - - int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE; - int lastBlockLen = data.length - (blocksNum - 1) * BLOCK_SIZE; - if (blocksNum == 1) { - cbcEnc(data, 0, 1, cipherState); - return; - } - - if (iv != null) { - System.arraycopy(iv, 0, cipherState, 0, BLOCK_SIZE); - } - - int contBlocksNum, offset = 0; - while (blocksNum > 2) { - contBlocksNum = (data.length - offset) / BLOCK_SIZE; - if (contBlocksNum > 0) { - // Encrypt a series of contiguous blocks in place if we can, but - // don't touch the last two blocks. - contBlocksNum = (contBlocksNum > blocksNum - 2) ? blocksNum - 2 : contBlocksNum; - cbcEnc(data, offset, contBlocksNum, cipherState); - offset += contBlocksNum * BLOCK_SIZE; - blocksNum -= contBlocksNum; - } else { - cbcEnc(data, offset, 1, cipherState); - offset += BLOCK_SIZE; - blocksNum--; - } - } - - // Encrypt the last two blocks and store the results in reverse order - byte[] blockN2 = new byte[BLOCK_SIZE]; - byte[] blockN1 = new byte[BLOCK_SIZE]; - - System.arraycopy(data, offset, blockN2, 0, BLOCK_SIZE); - cbcEnc(blockN2, 0, 1, cipherState); - System.arraycopy(data, offset + BLOCK_SIZE, blockN1, 0, lastBlockLen); - cbcEnc(blockN1, 0, 1, cipherState); - - System.arraycopy(blockN1, 0, data, offset, BLOCK_SIZE); - System.arraycopy(blockN2, 0, data, offset + BLOCK_SIZE, lastBlockLen); - - if (iv != null) { - System.arraycopy(cipherState, 0, iv, 0, BLOCK_SIZE); - } - } - - public void decrypt(byte[] data, byte[] iv) { - byte[] cipher = new byte[BLOCK_SIZE]; - byte[] cipherState = new byte[BLOCK_SIZE]; - - int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE; - int lastBlockLen = data.length - (blocksNum - 1) * BLOCK_SIZE; - if (blocksNum == 1) { - cbcDec(data, 0, 1, cipherState); - return; - } - - if (iv != null) { - System.arraycopy(iv, 0, cipherState, 0, BLOCK_SIZE); - } - - int contBlocksNum, offset = 0; - while (blocksNum > 2) { - contBlocksNum = (data.length - offset) / BLOCK_SIZE; - if (contBlocksNum > 0) { - // Decrypt a series of contiguous blocks in place if we can, but - // don't touch the last two blocks. - contBlocksNum = (contBlocksNum > blocksNum - 2) ? blocksNum - 2 : contBlocksNum; - cbcDec(data, offset, contBlocksNum, cipherState); - offset += contBlocksNum * BLOCK_SIZE; - blocksNum -= contBlocksNum; - } else { - cbcDec(data, offset, 1, cipherState); - offset += BLOCK_SIZE; - blocksNum--; - } - } - - // Decrypt the last two blocks - byte[] blockN2 = new byte[BLOCK_SIZE]; - byte[] blockN1 = new byte[BLOCK_SIZE]; - System.arraycopy(data, offset, blockN2, 0, BLOCK_SIZE); - System.arraycopy(data, offset + BLOCK_SIZE, blockN1, 0, lastBlockLen); - if (iv != null) { - System.arraycopy(blockN2, 0, iv, 0, BLOCK_SIZE); - } - - byte[] tmpCipherState = new byte[BLOCK_SIZE]; - System.arraycopy(blockN1, 0, tmpCipherState, 0, BLOCK_SIZE); - cbcDec(blockN2, 0, 1, tmpCipherState); - System.arraycopy(blockN2, lastBlockLen, blockN1, lastBlockLen, BLOCK_SIZE - lastBlockLen); - cbcDec(blockN1, 0, 1, cipherState); - - System.arraycopy(blockN1, 0, data, offset, BLOCK_SIZE); - System.arraycopy(blockN2, 0, data, offset + BLOCK_SIZE, lastBlockLen); - } - - /** - * CBC encrypt nblocks blocks of data in place, using and updating iv. - */ - public void cbcEnc(byte[] data, int offset, int blocksNum, byte[] cipherState) { - byte[] cipher = new byte[BLOCK_SIZE]; - for (int i = 0; i < blocksNum; ++i) { - System.arraycopy(data, offset + i * BLOCK_SIZE, cipher, 0, BLOCK_SIZE); - Util.xor(cipherState, 0, cipher); - processBlock(cipher, 0); - System.arraycopy(cipher, 0, data, offset + i * BLOCK_SIZE, BLOCK_SIZE); - System.arraycopy(cipher, 0, cipherState, 0, BLOCK_SIZE); - } - } - - /** - * CBC encrypt nblocks blocks of data in place, using and updating iv. - */ - public void cbcDec(byte[] data, int offset, int blocksNum, byte[] cipherState) { - byte[] lastBlock = new byte[BLOCK_SIZE]; - byte[] cipher = new byte[BLOCK_SIZE]; - - System.arraycopy(data, offset + (blocksNum - 1) * BLOCK_SIZE, lastBlock, 0, BLOCK_SIZE); - for (int i = blocksNum; i > 0; i--) { - System.arraycopy(data, offset + (i - 1) * BLOCK_SIZE, cipher, 0, BLOCK_SIZE); - processBlock(cipher, 0); - - if (i == 1) { - Util.xor(cipherState, 0, cipher); - } else { - Util.xor(data, offset + (i - 2) * BLOCK_SIZE, cipher); - } - - System.arraycopy(cipher, 0, data, offset + (i - 1) * BLOCK_SIZE, BLOCK_SIZE); - } - System.arraycopy(lastBlock, 0, cipherState, 0, BLOCK_SIZE); - } -} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CamelliaKey.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CamelliaKey.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CamelliaKey.java deleted file mode 100644 index c1ae502..0000000 --- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CamelliaKey.java +++ /dev/null @@ -1,412 +0,0 @@ -package org.haox.kerb.crypto; - -/** - * Camellia - based on RFC 3713, about half the size of CamelliaEngine. - */ - -public class CamelliaKey { - private int keySize; - - protected int[] subkey = new int[24 * 4]; - protected int[] kw = new int[4 * 2]; // for whitening - protected int[] ke = new int[6 * 2]; // for FL and FL^(-1) - - private static final int SIGMA[] = { - 0xa09e667f, 0x3bcc908b, - 0xb67ae858, 0x4caa73b2, - 0xc6ef372f, 0xe94f82be, - 0x54ff53a5, 0xf1d36f1c, - 0x10e527fa, 0xde682d1d, - 0xb05688c2, 0xb3e6c1fd - }; - - // S-box data - protected static final byte SBOX1[] = { - (byte)112, (byte)130, (byte)44, (byte)236, - (byte)179, (byte)39, (byte)192, (byte)229, - (byte)228, (byte)133, (byte)87, (byte)53, - (byte)234, (byte)12, (byte)174, (byte)65, - (byte)35, (byte)239, (byte)107, (byte)147, - (byte)69, (byte)25, (byte)165, (byte)33, - (byte)237, (byte)14, (byte)79, (byte)78, - (byte)29, (byte)101, (byte)146, (byte)189, - (byte)134, (byte)184, (byte)175, (byte)143, - (byte)124, (byte)235, (byte)31, (byte)206, - (byte)62, (byte)48, (byte)220, (byte)95, - (byte)94, (byte)197, (byte)11, (byte)26, - (byte)166, (byte)225, (byte)57, (byte)202, - (byte)213, (byte)71, (byte)93, (byte)61, - (byte)217, (byte)1, (byte)90, (byte)214, - (byte)81, (byte)86, (byte)108, (byte)77, - (byte)139, (byte)13, (byte)154, (byte)102, - (byte)251, (byte)204, (byte)176, (byte)45, - (byte)116, (byte)18, (byte)43, (byte)32, - (byte)240, (byte)177, (byte)132, (byte)153, - (byte)223, (byte)76, (byte)203, (byte)194, - (byte)52, (byte)126, (byte)118, (byte)5, - (byte)109, (byte)183, (byte)169, (byte)49, - (byte)209, (byte)23, (byte)4, (byte)215, - (byte)20, (byte)88, (byte)58, (byte)97, - (byte)222, (byte)27, (byte)17, (byte)28, - (byte)50, (byte)15, (byte)156, (byte)22, - (byte)83, (byte)24, (byte)242, (byte)34, - (byte)254, (byte)68, (byte)207, (byte)178, - (byte)195, (byte)181, (byte)122, (byte)145, - (byte)36, (byte)8, (byte)232, (byte)168, - (byte)96, (byte)252, (byte)105, (byte)80, - (byte)170, (byte)208, (byte)160, (byte)125, - (byte)161, (byte)137, (byte)98, (byte)151, - (byte)84, (byte)91, (byte)30, (byte)149, - (byte)224, (byte)255, (byte)100, (byte)210, - (byte)16, (byte)196, (byte)0, (byte)72, - (byte)163, (byte)247, (byte)117, (byte)219, - (byte)138, (byte)3, (byte)230, (byte)218, - (byte)9, (byte)63, (byte)221, (byte)148, - (byte)135, (byte)92, (byte)131, (byte)2, - (byte)205, (byte)74, (byte)144, (byte)51, - (byte)115, (byte)103, (byte)246, (byte)243, - (byte)157, (byte)127, (byte)191, (byte)226, - (byte)82, (byte)155, (byte)216, (byte)38, - (byte)200, (byte)55, (byte)198, (byte)59, - (byte)129, (byte)150, (byte)111, (byte)75, - (byte)19, (byte)190, (byte)99, (byte)46, - (byte)233, (byte)121, (byte)167, (byte)140, - (byte)159, (byte)110, (byte)188, (byte)142, - (byte)41, (byte)245, (byte)249, (byte)182, - (byte)47, (byte)253, (byte)180, (byte)89, - (byte)120, (byte)152, (byte)6, (byte)106, - (byte)231, (byte)70, (byte)113, (byte)186, - (byte)212, (byte)37, (byte)171, (byte)66, - (byte)136, (byte)162, (byte)141, (byte)250, - (byte)114, (byte)7, (byte)185, (byte)85, - (byte)248, (byte)238, (byte)172, (byte)10, - (byte)54, (byte)73, (byte)42, (byte)104, - (byte)60, (byte)56, (byte)241, (byte)164, - (byte)64, (byte)40, (byte)211, (byte)123, - (byte)187, (byte)201, (byte)67, (byte)193, - (byte)21, (byte)227, (byte)173, (byte)244, - (byte)119, (byte)199, (byte)128, (byte)158 - }; - - public CamelliaKey(byte[] key, boolean isEncrypt) { - init(key, isEncrypt); - } - - protected boolean is128() { - return keySize == 16; - } - - private static int rightRotate(int x, int s) { - return (((x) >>> (s)) + ((x) << (32 - s))); - } - - private static int leftRotate(int x, int s) { - return ((x) << (s)) + ((x) >>> (32 - s)); - } - - private static void roldq(int rot, int[] ki, int ioff, - int[] ko, int ooff) { - ko[0 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot)); - ko[1 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot)); - ko[2 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot)); - ko[3 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot)); - ki[0 + ioff] = ko[0 + ooff]; - ki[1 + ioff] = ko[1 + ooff]; - ki[2 + ioff] = ko[2 + ooff]; - ki[3 + ioff] = ko[3 + ooff]; - } - - private static void decroldq(int rot, int[] ki, int ioff, - int[] ko, int ooff) { - ko[2 + ooff] = (ki[0 + ioff] << rot) | (ki[1 + ioff] >>> (32 - rot)); - ko[3 + ooff] = (ki[1 + ioff] << rot) | (ki[2 + ioff] >>> (32 - rot)); - ko[0 + ooff] = (ki[2 + ioff] << rot) | (ki[3 + ioff] >>> (32 - rot)); - ko[1 + ooff] = (ki[3 + ioff] << rot) | (ki[0 + ioff] >>> (32 - rot)); - ki[0 + ioff] = ko[2 + ooff]; - ki[1 + ioff] = ko[3 + ooff]; - ki[2 + ioff] = ko[0 + ooff]; - ki[3 + ioff] = ko[1 + ooff]; - } - - private static void roldqo32(int rot, int[] ki, int ioff, - int[] ko, int ooff) - { - ko[0 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot)); - ko[1 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot)); - ko[2 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot)); - ko[3 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot)); - ki[0 + ioff] = ko[0 + ooff]; - ki[1 + ioff] = ko[1 + ooff]; - ki[2 + ioff] = ko[2 + ooff]; - ki[3 + ioff] = ko[3 + ooff]; - } - - private static void decroldqo32(int rot, int[] ki, int ioff, - int[] ko, int ooff) { - ko[2 + ooff] = (ki[1 + ioff] << (rot - 32)) | (ki[2 + ioff] >>> (64 - rot)); - ko[3 + ooff] = (ki[2 + ioff] << (rot - 32)) | (ki[3 + ioff] >>> (64 - rot)); - ko[0 + ooff] = (ki[3 + ioff] << (rot - 32)) | (ki[0 + ioff] >>> (64 - rot)); - ko[1 + ooff] = (ki[0 + ioff] << (rot - 32)) | (ki[1 + ioff] >>> (64 - rot)); - ki[0 + ioff] = ko[2 + ooff]; - ki[1 + ioff] = ko[3 + ooff]; - ki[2 + ioff] = ko[0 + ooff]; - ki[3 + ioff] = ko[1 + ooff]; - } - - private byte lRot8(byte v, int rot) - { - return (byte)((v << rot) | ((v & 0xff) >>> (8 - rot))); - } - - private int sbox2(int x) - { - return (lRot8(SBOX1[x], 1) & 0xff); - } - - private int sbox3(int x) - { - return (lRot8(SBOX1[x], 7) & 0xff); - } - - private int sbox4(int x) - { - return (SBOX1[((int)lRot8((byte)x, 1) & 0xff)] & 0xff); - } - - protected void fls(int[] s, int[] fkey, int keyoff) { - s[1] ^= leftRotate(s[0] & fkey[0 + keyoff], 1); - s[0] ^= fkey[1 + keyoff] | s[1]; - - s[2] ^= fkey[3 + keyoff] | s[3]; - s[3] ^= leftRotate(fkey[2 + keyoff] & s[2], 1); - } - - protected void f2(int[] s, int[] skey, int keyoff) { - int t1, t2, u, v; - - t1 = s[0] ^ skey[0 + keyoff]; - u = sbox4((t1 & 0xff)); - u |= (sbox3(((t1 >>> 8) & 0xff)) << 8); - u |= (sbox2(((t1 >>> 16) & 0xff)) << 16); - u |= ((int)(SBOX1[((t1 >>> 24) & 0xff)] & 0xff) << 24); - - t2 = s[1] ^ skey[1 + keyoff]; - v = (int)SBOX1[(t2 & 0xff)] & 0xff; - v |= (sbox4(((t2 >>> 8) & 0xff)) << 8); - v |= (sbox3(((t2 >>> 16) & 0xff)) << 16); - v |= (sbox2(((t2 >>> 24) & 0xff)) << 24); - - v = leftRotate(v, 8); - u ^= v; - v = leftRotate(v, 8) ^ u; - u = rightRotate(u, 8) ^ v; - s[2] ^= leftRotate(v, 16) ^ u; - s[3] ^= leftRotate(u, 8); - - t1 = s[2] ^ skey[2 + keyoff]; - u = sbox4((t1 & 0xff)); - u |= sbox3(((t1 >>> 8) & 0xff)) << 8; - u |= sbox2(((t1 >>> 16) & 0xff)) << 16; - u |= ((int)SBOX1[((t1 >>> 24) & 0xff)] & 0xff) << 24; - - t2 = s[3] ^ skey[3 + keyoff]; - v = ((int)SBOX1[(t2 & 0xff)] & 0xff); - v |= sbox4(((t2 >>> 8) & 0xff)) << 8; - v |= sbox3(((t2 >>> 16) & 0xff)) << 16; - v |= sbox2(((t2 >>> 24) & 0xff)) << 24; - - v = leftRotate(v, 8); - u ^= v; - v = leftRotate(v, 8) ^ u; - u = rightRotate(u, 8) ^ v; - s[0] ^= leftRotate(v, 16) ^ u; - s[1] ^= leftRotate(u, 8); - } - - private void init(byte[] key, boolean isEncrypt) { - keySize = key.length; - - int[] k = new int[8]; - int[] ka = new int[4]; - int[] kb = new int[4]; - int[] t = new int[4]; - - switch (key.length) { - case 16: - k[0] = BytesUtil.bytes2int(key, 0, true); - k[1] = BytesUtil.bytes2int(key, 4, true); - k[2] = BytesUtil.bytes2int(key, 8, true); - k[3] = BytesUtil.bytes2int(key, 12, true); - k[4] = k[5] = k[6] = k[7] = 0; - break; - case 24: - k[0] = BytesUtil.bytes2int(key, 0, true); - k[1] = BytesUtil.bytes2int(key, 4, true); - k[2] = BytesUtil.bytes2int(key, 8, true); - k[3] = BytesUtil.bytes2int(key, 12, true); - k[4] = BytesUtil.bytes2int(key, 16, true); - k[5] = BytesUtil.bytes2int(key, 20, true); - k[6] = ~k[4]; - k[7] = ~k[5]; - break; - case 32: - k[0] = BytesUtil.bytes2int(key, 0, true); - k[1] = BytesUtil.bytes2int(key, 4, true); - k[2] = BytesUtil.bytes2int(key, 8, true); - k[3] = BytesUtil.bytes2int(key, 12, true); - k[4] = BytesUtil.bytes2int(key, 16, true); - k[5] = BytesUtil.bytes2int(key, 20, true); - k[6] = BytesUtil.bytes2int(key, 24, true); - k[7] = BytesUtil.bytes2int(key, 28, true); - break; - default: - throw new - IllegalArgumentException("Invalid key size, only support 16/24/32 bytes"); - } - - for (int i = 0; i < 4; i++) { - ka[i] = k[i] ^ k[i + 4]; - } - - /* compute KA */ - f2(ka, SIGMA, 0); - for (int i = 0; i < 4; i++) { - ka[i] ^= k[i]; - } - f2(ka, SIGMA, 4); - - if (keySize == 16) { - if (isEncrypt) { - /* KL dependant keys */ - kw[0] = k[0]; - kw[1] = k[1]; - kw[2] = k[2]; - kw[3] = k[3]; - roldq(15, k, 0, subkey, 4); - roldq(30, k, 0, subkey, 12); - roldq(15, k, 0, t, 0); - subkey[18] = t[2]; - subkey[19] = t[3]; - roldq(17, k, 0, ke, 4); - roldq(17, k, 0, subkey, 24); - roldq(17, k, 0, subkey, 32); - /* KA dependant keys */ - subkey[0] = ka[0]; - subkey[1] = ka[1]; - subkey[2] = ka[2]; - subkey[3] = ka[3]; - roldq(15, ka, 0, subkey, 8); - roldq(15, ka, 0, ke, 0); - roldq(15, ka, 0, t, 0); - subkey[16] = t[0]; - subkey[17] = t[1]; - roldq(15, ka, 0, subkey, 20); - roldqo32(34, ka, 0, subkey, 28); - roldq(17, ka, 0, kw, 4); - - } else { // decryption - /* KL dependant keys */ - kw[4] = k[0]; - kw[5] = k[1]; - kw[6] = k[2]; - kw[7] = k[3]; - decroldq(15, k, 0, subkey, 28); - decroldq(30, k, 0, subkey, 20); - decroldq(15, k, 0, t, 0); - subkey[16] = t[0]; - subkey[17] = t[1]; - decroldq(17, k, 0, ke, 0); - decroldq(17, k, 0, subkey, 8); - decroldq(17, k, 0, subkey, 0); - /* KA dependant keys */ - subkey[34] = ka[0]; - subkey[35] = ka[1]; - subkey[32] = ka[2]; - subkey[33] = ka[3]; - decroldq(15, ka, 0, subkey, 24); - decroldq(15, ka, 0, ke, 4); - decroldq(15, ka, 0, t, 0); - subkey[18] = t[2]; - subkey[19] = t[3]; - decroldq(15, ka, 0, subkey, 12); - decroldqo32(34, ka, 0, subkey, 4); - roldq(17, ka, 0, kw, 0); - } - } else { // 192bit or 256bit - /* compute KB */ - for (int i = 0; i < 4; i++) { - kb[i] = ka[i] ^ k[i + 4]; - } - f2(kb, SIGMA, 8); - - if (isEncrypt) { - /* KL dependant keys */ - kw[0] = k[0]; - kw[1] = k[1]; - kw[2] = k[2]; - kw[3] = k[3]; - roldqo32(45, k, 0, subkey, 16); - roldq(15, k, 0, ke, 4); - roldq(17, k, 0, subkey, 32); - roldqo32(34, k, 0, subkey, 44); - /* KR dependant keys */ - roldq(15, k, 4, subkey, 4); - roldq(15, k, 4, ke, 0); - roldq(30, k, 4, subkey, 24); - roldqo32(34, k, 4, subkey, 36); - /* KA dependant keys */ - roldq(15, ka, 0, subkey, 8); - roldq(30, ka, 0, subkey, 20); - /* 32bit rotation */ - ke[8] = ka[1]; - ke[9] = ka[2]; - ke[10] = ka[3]; - ke[11] = ka[0]; - roldqo32(49, ka, 0, subkey, 40); - - /* KB dependant keys */ - subkey[0] = kb[0]; - subkey[1] = kb[1]; - subkey[2] = kb[2]; - subkey[3] = kb[3]; - roldq(30, kb, 0, subkey, 12); - roldq(30, kb, 0, subkey, 28); - roldqo32(51, kb, 0, kw, 4); - - } else { // decryption - /* KL dependant keys */ - kw[4] = k[0]; - kw[5] = k[1]; - kw[6] = k[2]; - kw[7] = k[3]; - decroldqo32(45, k, 0, subkey, 28); - decroldq(15, k, 0, ke, 4); - decroldq(17, k, 0, subkey, 12); - decroldqo32(34, k, 0, subkey, 0); - /* KR dependant keys */ - decroldq(15, k, 4, subkey, 40); - decroldq(15, k, 4, ke, 8); - decroldq(30, k, 4, subkey, 20); - decroldqo32(34, k, 4, subkey, 8); - /* KA dependant keys */ - decroldq(15, ka, 0, subkey, 36); - decroldq(30, ka, 0, subkey, 24); - /* 32bit rotation */ - ke[2] = ka[1]; - ke[3] = ka[2]; - ke[0] = ka[3]; - ke[1] = ka[0]; - decroldqo32(49, ka, 0, subkey, 4); - - /* KB dependant keys */ - subkey[46] = kb[0]; - subkey[47] = kb[1]; - subkey[44] = kb[2]; - subkey[45] = kb[3]; - decroldq(30, kb, 0, subkey, 32); - decroldq(30, kb, 0, subkey, 16); - roldqo32(51, kb, 0, kw, 0); - } - } - } -} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumHandler.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumHandler.java deleted file mode 100644 index 0a1b5c6..0000000 --- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumHandler.java +++ /dev/null @@ -1,134 +0,0 @@ -package org.haox.kerb.crypto; - -import org.haox.kerb.KrbErrorCode; -import org.haox.kerb.KrbException; -import org.haox.kerb.crypto.cksum.*; -import org.haox.kerb.spec.common.CheckSum; -import org.haox.kerb.spec.common.CheckSumType; -import org.haox.kerb.spec.common.KeyUsage; - -public class CheckSumHandler { - - public static CheckSumTypeHandler getCheckSumHandler(String cksumType) throws KrbException { - CheckSumType eTypeEnum = CheckSumType.fromName(cksumType); - return getCheckSumHandler(eTypeEnum); - } - - public static CheckSumTypeHandler getCheckSumHandler(int cksumType) throws KrbException { - CheckSumType eTypeEnum = CheckSumType.fromValue(cksumType); - return getCheckSumHandler(eTypeEnum); - } - - public static boolean isImplemented(CheckSumType cksumType) throws KrbException { - return getCheckSumHandler(cksumType, true) != null; - } - - public static CheckSumTypeHandler getCheckSumHandler(CheckSumType cksumType) throws KrbException { - return getCheckSumHandler(cksumType, false); - } - - private static CheckSumTypeHandler getCheckSumHandler(CheckSumType cksumType, boolean check) throws KrbException { - CheckSumTypeHandler cksumHandler = null; - switch (cksumType) { - case CRC32: - cksumHandler = new Crc32CheckSum(); - break; - - case DES_MAC: - cksumHandler = new DesCbcCheckSum(); - break; - - case RSA_MD4: - cksumHandler = new RsaMd4CheckSum(); - break; - - case RSA_MD5: - cksumHandler = new RsaMd5CheckSum(); - break; - - case NIST_SHA: - cksumHandler = new Sha1CheckSum(); - break; - - case RSA_MD4_DES: - cksumHandler = new RsaMd4DesCheckSum(); - break; - - case RSA_MD5_DES: - cksumHandler = new RsaMd5DesCheckSum(); - break; - - case HMAC_SHA1_DES3: - case HMAC_SHA1_DES3_KD: - cksumHandler = new HmacSha1Des3CheckSum(); - break; - - case HMAC_SHA1_96_AES128: - cksumHandler = new HmacSha1Aes128CheckSum(); - break; - - case HMAC_SHA1_96_AES256: - cksumHandler = new HmacSha1Aes256CheckSum(); - break; - - case CMAC_CAMELLIA128: - cksumHandler = new CmacCamellia128CheckSum(); - break; - - case CMAC_CAMELLIA256: - cksumHandler = new CmacCamellia256CheckSum(); - break; - - case HMAC_MD5_ARCFOUR: - cksumHandler = new HmacMd5Rc4CheckSum(); - break; - - case MD5_HMAC_ARCFOUR: - cksumHandler = new Md5HmacRc4CheckSum(); - break; - - default: - break; - } - - if (cksumHandler == null && ! check) { - String message = "Unsupported checksum type: " + cksumType.name(); - throw new KrbException(KrbErrorCode.KDC_ERR_SUMTYPE_NOSUPP, message); - } - - return cksumHandler; - } - - public static CheckSum checksum(CheckSumType checkSumType, byte[] bytes) throws KrbException { - CheckSumTypeHandler handler = getCheckSumHandler(checkSumType); - byte[] checksumBytes = handler.checksum(bytes); - CheckSum checkSum = new CheckSum(); - checkSum.setCksumtype(checkSumType); - checkSum.setChecksum(checksumBytes); - return checkSum; - } - - public static boolean verify(CheckSum checkSum, byte[] bytes) throws KrbException { - CheckSumType checkSumType = checkSum.getCksumtype(); - CheckSumTypeHandler handler = getCheckSumHandler(checkSumType); - return handler.verify(bytes, checkSum.getChecksum()); - } - - public static CheckSum checksumWithKey(CheckSumType checkSumType, - byte[] bytes, byte[] key, KeyUsage usage) throws KrbException { - CheckSumTypeHandler handler = getCheckSumHandler(checkSumType); - byte[] checksumBytes = handler.checksumWithKey(bytes, key, usage.getValue()); - CheckSum checkSum = new CheckSum(); - checkSum.setCksumtype(checkSumType); - checkSum.setChecksum(checksumBytes); - return checkSum; - } - - public static boolean verifyWithKey(CheckSum checkSum, byte[] bytes, - byte[] key, KeyUsage usage) throws KrbException { - CheckSumType checkSumType = checkSum.getCksumtype(); - CheckSumTypeHandler handler = getCheckSumHandler(checkSumType); - return handler.verifyWithKey(bytes, key, - usage.getValue(), checkSum.getChecksum()); - } -} http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumTypeHandler.java ---------------------------------------------------------------------- diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumTypeHandler.java deleted file mode 100644 index f151152..0000000 --- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/CheckSumTypeHandler.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.haox.kerb.crypto; - -import org.haox.kerb.KrbException; -import org.haox.kerb.spec.common.CheckSumType; - -public interface CheckSumTypeHandler extends CryptoTypeHandler { - - public int confounderSize(); - - public CheckSumType cksumType(); - - public int computeSize(); // allocation size for checksum computation - - public int outputSize(); // possibly truncated output size - - public boolean isSafe(); - - public int cksumSize(); - - public int keySize(); - - public byte[] checksum(byte[] data) throws KrbException; - - public byte[] checksum(byte[] data, int start, int len) throws KrbException; - - public boolean verify(byte[] data, byte[] checksum) throws KrbException; - - public boolean verify(byte[] data, int start, int len, byte[] checksum) throws KrbException; - - public byte[] checksumWithKey(byte[] data, - byte[] key, int usage) throws KrbException; - - public byte[] checksumWithKey(byte[] data, int start, int len, - byte[] key, int usage) throws KrbException; - - public boolean verifyWithKey(byte[] data, - byte[] key, int usage, byte[] checksum) throws KrbException; -}