Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 257302009C5 for ; Mon, 16 May 2016 09:29:21 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 23F2B160A16; Mon, 16 May 2016 07:29:21 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 212A81609B0 for ; Mon, 16 May 2016 09:29:19 +0200 (CEST) Received: (qmail 24176 invoked by uid 500); 16 May 2016 07:29:19 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 24167 invoked by uid 99); 16 May 2016 07:29:19 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 May 2016 07:29:19 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id B6507DFB38; Mon, 16 May 2016 07:29:18 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: plusplusjiajia@apache.org To: commits@directory.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: directory-kerby git commit: DIRKRB-571 Add encryptRaw interface for GssToken encryption. Contributed by Wei. Date: Mon, 16 May 2016 07:29:18 +0000 (UTC) archived-at: Mon, 16 May 2016 07:29:21 -0000 Repository: directory-kerby Updated Branches: refs/heads/gssapi aa0098253 -> ca86e8dad DIRKRB-571 Add encryptRaw interface for GssToken encryption. Contributed by Wei. Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ca86e8da Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ca86e8da Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ca86e8da Branch: refs/heads/gssapi Commit: ca86e8dadbb10f73e0a96c7e92721b8acc561b82 Parents: aa00982 Author: plusplusjiajia Authored: Mon May 16 15:34:37 2016 +0800 Committer: plusplusjiajia Committed: Mon May 16 15:34:37 2016 +0800 ---------------------------------------------------------------------- .../kerberos/kerb/crypto/EncTypeHandler.java | 12 +++ .../kerb/crypto/enc/AbstractEncTypeHandler.java | 40 +++++++++- .../kerberos/kerb/crypto/enc/DesCbcEnc.java | 25 ++++++- .../kerby/kerberos/kerb/crypto/enc/KeKiEnc.java | 77 +++++++++++--------- .../kerberos/kerb/crypto/enc/Rc4HmacEnc.java | 13 +++- 5 files changed, 125 insertions(+), 42 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca86e8da/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java index 09bad5d..ac40935 100644 --- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java @@ -54,9 +54,21 @@ public interface EncTypeHandler extends CryptoTypeHandler { byte[] encrypt(byte[] data, byte[] key, byte[] ivec, int usage) throws KrbException; + byte[] encryptRaw(byte[] data, byte[] key, int usage) + throws KrbException; + + byte[] encryptRaw(byte[] data, byte[] key, byte[] ivec, + int usage) throws KrbException; + byte[] decrypt(byte[] cipher, byte[] key, int usage) throws KrbException; byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage) throws KrbException; + + byte[] decryptRaw(byte[] data, byte[] key, int usage) + throws KrbException; + + byte[] decryptRaw(byte[] cipher, byte[] key, byte[] ivec, + int usage) throws KrbException; } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca86e8da/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java index 28303c0..3d8c432 100644 --- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java @@ -123,12 +123,29 @@ public abstract class AbstractEncTypeHandler int[] workLens = new int[] {confounderLen, checksumLen, inputLen, paddingLen}; - encryptWith(workBuffer, workLens, key, iv, usage); + encryptWith(workBuffer, workLens, key, iv, usage, false); + return workBuffer; + } + + @Override + public byte[] encryptRaw(byte[] data, byte[] key, int usage) throws KrbException { + byte[] iv = new byte[encProvider().blockSize()]; + return encryptRaw(data, key, iv, usage); + } + + @Override + public byte[] encryptRaw(byte[] data, byte[] key, byte[] iv, int usage) throws KrbException { + int checksumLen = checksumSize(); + int[] workLens = new int[] {0, checksumLen, data.length, 0}; + byte[] workBuffer = new byte[data.length]; + System.arraycopy(data, 0, workBuffer, 0, data.length); + + encryptWith(workBuffer, workLens, key, iv, usage, true); return workBuffer; } protected void encryptWith(byte[] workBuffer, int[] workLens, - byte[] key, byte[] iv, int usage) throws KrbException { + byte[] key, byte[] iv, int usage, boolean raw) throws KrbException { } @@ -147,11 +164,26 @@ public abstract class AbstractEncTypeHandler int dataLen = totalLen - (confounderLen + checksumLen); int[] workLens = new int[] {confounderLen, checksumLen, dataLen}; - return decryptWith(cipher, workLens, key, iv, usage); + return decryptWith(cipher, workLens, key, iv, usage, false); + } + + @Override + public byte[] decryptRaw(byte[] cipher, byte[] key, int usage) + throws KrbException { + byte[] iv = new byte[encProvider().blockSize()]; + return decryptRaw(cipher, key, iv, usage); + } + + @Override + public byte[] decryptRaw(byte[] cipher, byte[] key, byte[] iv, int usage) + throws KrbException { + int checksumLen = checksumSize(); + int[] workLens = new int[] {0, checksumLen, cipher.length}; + return decryptWith(cipher, workLens, key, iv, usage, true); } protected byte[] decryptWith(byte[] workBuffer, int[] workLens, - byte[] key, byte[] iv, int usage) throws KrbException { + byte[] key, byte[] iv, int usage, boolean raw) throws KrbException { return null; } } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca86e8da/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java index 6834d0b..f57c498 100644 --- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java @@ -58,7 +58,16 @@ abstract class DesCbcEnc extends AbstractEncTypeHandler { @Override protected void encryptWith(byte[] workBuffer, int[] workLens, - byte[] key, byte[] iv, int usage) throws KrbException { + byte[] key, byte[] iv, int usage, boolean raw) throws KrbException { + if (!raw) { + doEncryptWith(workBuffer, workLens, key, iv); + } else { + encProvider().encrypt(key, iv, workBuffer); + } + } + + private void doEncryptWith(byte[] workBuffer, int[] workLens, + byte[] key, byte[] iv) throws KrbException { int confounderLen = workLens[0]; int checksumLen = workLens[1]; int dataLen = workLens[2]; @@ -83,7 +92,19 @@ abstract class DesCbcEnc extends AbstractEncTypeHandler { @Override protected byte[] decryptWith(byte[] workBuffer, int[] workLens, - byte[] key, byte[] iv, int usage) throws KrbException { + byte[] key, byte[] iv, int usage, boolean raw) throws KrbException { + if (!raw) { + return doDecryptWith(workBuffer, workLens, key, iv); + } else { + encProvider().decrypt(key, iv, workBuffer); + byte[] data = new byte[workBuffer.length]; + System.arraycopy(workBuffer, 0, data, 0, data.length); + return data; + } + } + + private byte[] doDecryptWith(byte[] workBuffer, int[] workLens, + byte[] key, byte[] iv) throws KrbException { int confounderLen = workLens[0]; int checksumLen = workLens[1]; int dataLen = workLens[2]; http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca86e8da/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java index 23e7a6c..6e98d2a 100644 --- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java @@ -52,7 +52,7 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler { @Override protected void encryptWith(byte[] workBuffer, int[] workLens, - byte[] key, byte[] iv, int usage) throws KrbException { + byte[] key, byte[] iv, int usage, boolean raw) throws KrbException { int confounderLen = workLens[0]; int checksumLen = workLens[1]; int inputLen = workLens[2]; @@ -75,31 +75,35 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler { * so need to adjust the workBuffer arrangement */ - byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen]; - // confounder - byte[] confounder = Confounder.makeBytes(confounderLen); - System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen); - - // data - System.arraycopy(workBuffer, confounderLen + checksumLen, - tmpEnc, confounderLen, inputLen); - - // padding - for (int i = confounderLen + inputLen; i < paddingLen; ++i) { - tmpEnc[i] = 0; + if (!raw) { + byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen]; + // confounder + byte[] confounder = Confounder.makeBytes(confounderLen); + System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen); + + // data + System.arraycopy(workBuffer, confounderLen + checksumLen, + tmpEnc, confounderLen, inputLen); + + // padding + for (int i = confounderLen + inputLen; i < paddingLen; ++i) { + tmpEnc[i] = 0; + } + + // checksum & encrypt + byte[] checksum = makeChecksum(ki, tmpEnc, checksumLen); + encProvider().encrypt(ke, iv, tmpEnc); + + System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length); + System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length); + } else { + encProvider().encrypt(ke, iv, workBuffer); } - - // checksum & encrypt - byte[] checksum = makeChecksum(ki, tmpEnc, checksumLen); - encProvider().encrypt(ke, iv, tmpEnc); - - System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length); - System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length); } @Override protected byte[] decryptWith(byte[] workBuffer, int[] workLens, - byte[] key, byte[] iv, int usage) throws KrbException { + byte[] key, byte[] iv, int usage, boolean raw) throws KrbException { int confounderLen = workLens[0]; int checksumLen = workLens[1]; int dataLen = workLens[2]; @@ -116,20 +120,25 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler { byte[] tmpEnc = new byte[confounderLen + dataLen]; System.arraycopy(workBuffer, 0, tmpEnc, 0, confounderLen + dataLen); - byte[] checksum = new byte[checksumLen]; - System.arraycopy(workBuffer, confounderLen + dataLen, - checksum, 0, checksumLen); - - encProvider().decrypt(ke, iv, tmpEnc); - byte[] newChecksum = makeChecksum(ki, tmpEnc, checksumLen); - - if (!checksumEqual(checksum, newChecksum)) { - throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY); + if (!raw) { + byte[] checksum = new byte[checksumLen]; + System.arraycopy(workBuffer, confounderLen + dataLen, + checksum, 0, checksumLen); + + encProvider().decrypt(ke, iv, tmpEnc); + byte[] newChecksum = makeChecksum(ki, tmpEnc, checksumLen); + + if (!checksumEqual(checksum, newChecksum)) { + throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY); + } + + byte[] data = new byte[dataLen]; + System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen); + return data; + } else { + encProvider().decrypt(ke, iv, tmpEnc); + return tmpEnc; } - - byte[] data = new byte[dataLen]; - System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen); - return data; } protected abstract byte[] makeChecksum(byte[] key, byte[] data, int hashSize) http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca86e8da/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java index 2f4aa59..f9a2f49 100644 --- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java +++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java @@ -80,8 +80,13 @@ public class Rc4HmacEnc extends AbstractEncTypeHandler { return CheckSumType.HMAC_MD5_ARCFOUR; } + @Override protected void encryptWith(byte[] workBuffer, int[] workLens, - byte[] key, byte[] iv, int usage) throws KrbException { + byte[] key, byte[] iv, int usage, boolean raw) throws KrbException { + if (raw) { + throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP, + "Raw mode not supported for this encryption type"); + } int confounderLen = workLens[0]; int checksumLen = workLens[1]; int dataLen = workLens[2]; @@ -133,7 +138,11 @@ public class Rc4HmacEnc extends AbstractEncTypeHandler { @Override protected byte[] decryptWith(byte[] workBuffer, int[] workLens, - byte[] key, byte[] iv, int usage) throws KrbException { + byte[] key, byte[] iv, int usage, boolean raw) throws KrbException { + if (raw) { + throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP, + "Raw mode not supported for this encryption type"); + } int confounderLen = workLens[0]; int checksumLen = workLens[1]; int dataLen = workLens[2];