directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject directory-kerby git commit: DIRKRB-217 Implement prf function in KeKiHmacSha1Enc. Thanks Yaning for the contribution
Date Thu, 23 Apr 2015 08:03:38 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 521830f32 -> 89f859357


DIRKRB-217 Implement prf function in KeKiHmacSha1Enc. Thanks Yaning for the contribution


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/89f85935
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/89f85935
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/89f85935

Branch: refs/heads/master
Commit: 89f8593576b461eeccf9a423eb44d9a386670eb0
Parents: 521830f
Author: Drankye <drankye@gmail.com>
Authored: Fri Apr 24 00:01:13 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Fri Apr 24 00:01:13 2015 +0800

----------------------------------------------------------------------
 .../kerb/crypto/enc/Aes128CtsHmacSha1Enc.java   | 13 ++-
 .../kerb/crypto/enc/Aes256CtsHmacSha1Enc.java   | 12 ++-
 .../kerb/crypto/enc/Des3CbcSha1Enc.java         | 13 ++-
 .../kerb/crypto/enc/KeKiHmacSha1Enc.java        | 29 +++++--
 .../kerby/kerberos/kerb/crypto/PrfTest.java     | 30 +++++++
 .../kerberos/kerb/crypto/PrfTest.java.orig      | 91 ++++++++++++++++++++
 6 files changed, 169 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/89f85935/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
index a4f66ac..cc2a21f 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
@@ -6,30 +6,34 @@
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
- *  
+ *
  *    http://www.apache.org/licenses/LICENSE-2.0
- *  
+ *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License. 
- *  
+ *
  */
 package org.apache.kerby.kerberos.kerb.crypto.enc;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
 import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes128Provider;
 import org.apache.kerby.kerberos.kerb.crypto.enc.provider.AesProvider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Des3Provider;
 import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerby.kerberos.kerb.crypto.key.DkKeyMaker;
 import org.apache.kerby.kerberos.kerb.spec.base.CheckSumType;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
 
 public class Aes128CtsHmacSha1Enc extends KeKiHmacSha1Enc {
 
     public Aes128CtsHmacSha1Enc() {
-        super(new Aes128Provider(), new Sha1Provider());
+        super(new Aes128Provider(), new Sha1Provider(), new AesKeyMaker(new Aes128Provider()));
         keyMaker(new AesKeyMaker((AesProvider) encProvider()));
     }
 
@@ -45,4 +49,5 @@ public class Aes128CtsHmacSha1Enc extends KeKiHmacSha1Enc {
     public CheckSumType checksumType() {
         return CheckSumType.HMAC_SHA1_96_AES128;
     }
+
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/89f85935/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
index 0c45945..0a874ac 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
@@ -6,30 +6,33 @@
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
- *  
+ *
  *    http://www.apache.org/licenses/LICENSE-2.0
- *  
+ *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License. 
- *  
+ *
  */
 package org.apache.kerby.kerberos.kerb.crypto.enc;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes128Provider;
 import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes256Provider;
 import org.apache.kerby.kerberos.kerb.crypto.enc.provider.AesProvider;
 import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.crypto.key.DkKeyMaker;
 import org.apache.kerby.kerberos.kerb.spec.base.CheckSumType;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
 
 public class Aes256CtsHmacSha1Enc extends KeKiHmacSha1Enc {
 
     public Aes256CtsHmacSha1Enc() {
-        super(new Aes256Provider(), new Sha1Provider());
+        super(new Aes256Provider(), new Sha1Provider(), new AesKeyMaker(new Aes256Provider()));
         keyMaker(new AesKeyMaker((AesProvider) encProvider()));
     }
 
@@ -45,4 +48,5 @@ public class Aes256CtsHmacSha1Enc extends KeKiHmacSha1Enc {
     public int checksumSize() {
         return 96 / 8;
     }
+
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/89f85935/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
index 1802b8c..49ea170 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
@@ -6,29 +6,33 @@
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
- *  
+ *
  *    http://www.apache.org/licenses/LICENSE-2.0
- *  
+ *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License. 
- *  
+ *
  */
 package org.apache.kerby.kerberos.kerb.crypto.enc;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes128Provider;
 import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Des3Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
 import org.apache.kerby.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerby.kerberos.kerb.crypto.key.DkKeyMaker;
 import org.apache.kerby.kerberos.kerb.spec.base.CheckSumType;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
 
 public class Des3CbcSha1Enc extends KeKiHmacSha1Enc {
 
     public Des3CbcSha1Enc() {
-        super(new Des3Provider(), new Sha1Provider());
+        super(new Des3Provider(), new Sha1Provider(), new Des3KeyMaker(new Des3Provider()));
         keyMaker(new Des3KeyMaker(this.encProvider()));
     }
 
@@ -39,4 +43,5 @@ public class Des3CbcSha1Enc extends KeKiHmacSha1Enc {
     public CheckSumType checksumType() {
         return CheckSumType.HMAC_SHA1_DES3;
     }
+
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/89f85935/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
index b55475c..3df7959 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
@@ -6,28 +6,34 @@
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
- *  
+ *
  *    http://www.apache.org/licenses/LICENSE-2.0
- *  
+ *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License. 
- *  
+ *
  */
 package org.apache.kerby.kerberos.kerb.crypto.enc;
 
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.crypto.key.DkKeyMaker;
 import org.apache.kerby.kerberos.kerb.crypto.util.Hmac;
 import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
 import org.apache.kerby.kerberos.kerb.KrbException;
 
 public abstract class KeKiHmacSha1Enc extends KeKiEnc {
 
+    private DkKeyMaker km;
+
     public KeKiHmacSha1Enc(EncryptProvider encProvider,
-                           HashProvider hashProvider) {
+                           HashProvider hashProvider, DkKeyMaker km) {
         super(encProvider, hashProvider);
+        this.km = km;
     }
 
     @Override
@@ -36,9 +42,18 @@ public abstract class KeKiHmacSha1Enc extends KeKiEnc {
     }
 
     @Override
-    public byte[] prf(byte[] key, byte[] seed) {
-        // TODO: krb5int_dk_prf
-        return null;
+    public byte[] prf(byte[] key, byte[] seed) throws KrbException {
+        byte[] prfConst = "prf".getBytes();
+        int cksumSize = (hashProvider().hashSize() / encProvider().blockSize()) * encProvider().blockSize();
+        byte[] cksum = new byte[cksumSize];
+        byte[] kp;
+        byte[] output = new byte[prfSize()];
+        hashProvider().hash(seed);
+        System.arraycopy(hashProvider().output(), 0, cksum, 0, cksumSize);
+        kp = km.dk(key, prfConst);
+        encProvider().encrypt(kp, cksum);
+        System.arraycopy(cksum, 0, output, 0, this.prfSize());
+        return output;
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/89f85935/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/PrfTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/PrfTest.java
b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/PrfTest.java
index 739cc87..b7a2ad0 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/PrfTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/PrfTest.java
@@ -73,6 +73,36 @@ public class PrfTest {
         ));
     }
 
+    @Test
+    public void testPrf_AES128_CTS_HMAC_SHA1() throws Exception {
+        performTest(new TestCase(
+                EncryptionType.AES128_CTS_HMAC_SHA1_96,
+                "key1",
+                "0161",
+                "77b39a37a868920f2a51f9dd150c5717"
+        ));
+    }
+
+    @Test
+    public void testPrf_AES256_CTS_HMAC_SHA1() throws Exception {
+        performTest(new TestCase(
+                EncryptionType.AES256_CTS_HMAC_SHA1_96,
+                "key1",
+                "0161",
+                "b2628c788e2e9c4a9bb4644678c29f2f"
+        ));
+    }
+
+    @Test
+    public void testPrf_DES3_CBC_SHA1() throws Exception {
+        performTest(new TestCase(
+                EncryptionType.DES3_CBC_SHA1,
+                "key1",
+                "0161",
+                "bb6f4a7caa25fce1ee9baef36f1f9ee7"
+        ));
+    }
+
     private static void performTest(TestCase testCase) throws Exception {
         byte[] keyData = EncryptionHandler.getEncHandler(testCase.encType).str2key(testCase.keyData,
testCase.keyData, null);
         byte[] seed = HexUtil.hex2bytes(testCase.seed);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/89f85935/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/PrfTest.java.orig
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/PrfTest.java.orig
b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/PrfTest.java.orig
new file mode 100644
index 0000000..739cc87
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/PrfTest.java.orig
@@ -0,0 +1,91 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+import org.apache.kerby.util.HexUtil;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+import static org.assertj.core.api.Assertions.fail;
+
+public class PrfTest {
+    static class TestCase {
+        EncryptionType encType;
+        String keyData;
+        String seed;
+        String answer;
+        TestCase(EncryptionType encType, String keyData,
+                 String seed, String answer) {
+            this.encType = encType;
+            this.keyData = keyData;
+            this.seed = seed;
+            this.answer = answer;
+        }
+
+    }
+
+    @Test
+    public void testPrf_DES_CBC_CRC() throws Exception {
+        performTest(new TestCase(
+                EncryptionType.DES_CBC_CRC,
+                "key1",
+                "0161",
+                "e91cff96b939270009308b073b66313e"
+        ));
+    }
+
+    @Test
+    public void testPrf_DES_CBC_MD4() throws Exception {
+        performTest(new TestCase(
+                EncryptionType.DES_CBC_MD4,
+                "key1",
+                "0161",
+                "e91cff96b939270009308b073b66313e"
+        ));
+    }
+
+    @Test
+    public void testPrf_DES_CBC_MD5() throws Exception {
+        performTest(new TestCase(
+                EncryptionType.DES_CBC_MD5,
+                "key1",
+                "0161",
+                "e91cff96b939270009308b073b66313e"
+        ));
+    }
+
+    private static void performTest(TestCase testCase) throws Exception {
+        byte[] keyData = EncryptionHandler.getEncHandler(testCase.encType).str2key(testCase.keyData,
testCase.keyData, null);
+        byte[] seed = HexUtil.hex2bytes(testCase.seed);
+        byte[] answer = HexUtil.hex2bytes(testCase.answer);
+        byte[] outkey = EncryptionHandler.getEncHandler(testCase.encType).prf(keyData, seed);
+
+        if (! Arrays.equals(answer, outkey)) {
+            System.err.println("failed with:");
+            System.err.println("outKey:" + HexUtil.bytesToHex(outkey));
+            System.err.println("answer:" + testCase.answer);
+            fail("KeyDerive test failed for " + testCase.encType.getName());
+        } else {
+            System.out.println("Prf test OK for " + testCase.encType.getName());
+        }
+    }
+}


Mime
View raw message