directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [08/18] directory-kerby git commit: DIRKRB-571 - Add encryptRaw interface for GssToken encryption
Date Fri, 21 Jul 2017 15:03:25 GMT
DIRKRB-571 - Add encryptRaw interface for GssToken encryption


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/135a67f4
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/135a67f4
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/135a67f4

Branch: refs/heads/trunk
Commit: 135a67f4a41b65d8dba60c30aabf683a81bf58f7
Parents: 706b85e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Jul 21 14:55:56 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Jul 21 14:55:56 2017 +0100

----------------------------------------------------------------------
 .../kerberos/kerb/crypto/EncTypeHandler.java    | 12 +++
 .../kerb/crypto/enc/AbstractEncTypeHandler.java | 40 +++++++++-
 .../kerberos/kerb/crypto/enc/DesCbcEnc.java     | 25 ++++++-
 .../kerby/kerberos/kerb/crypto/enc/KeKiEnc.java | 77 +++++++++++---------
 .../kerberos/kerb/crypto/enc/Rc4HmacEnc.java    | 13 +++-
 5 files changed, 125 insertions(+), 42 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/135a67f4/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
index 09bad5d..ac40935 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
@@ -54,9 +54,21 @@ public interface EncTypeHandler extends CryptoTypeHandler {
     byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
         int usage) throws KrbException;
 
+    byte[] encryptRaw(byte[] data, byte[] key, int usage)
+            throws KrbException;
+
+    byte[] encryptRaw(byte[] data, byte[] key, byte[] ivec,
+        int usage) throws KrbException;
+
     byte[] decrypt(byte[] cipher, byte[] key, int usage)
         throws KrbException;
 
     byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec,
         int usage) throws KrbException;
+
+    byte[] decryptRaw(byte[] data, byte[] key, int usage)
+            throws KrbException;
+
+    byte[] decryptRaw(byte[] cipher, byte[] key, byte[] ivec,
+                   int usage) throws KrbException;
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/135a67f4/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
index 28303c0..3d8c432 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
@@ -123,12 +123,29 @@ public abstract class AbstractEncTypeHandler
         int[] workLens = new int[] {confounderLen, checksumLen,
                 inputLen, paddingLen};
 
-        encryptWith(workBuffer, workLens, key, iv, usage);
+        encryptWith(workBuffer, workLens, key, iv, usage, false);
+        return workBuffer;
+    }
+
+    @Override
+    public byte[] encryptRaw(byte[] data, byte[] key, int usage) throws KrbException {
+        byte[] iv = new byte[encProvider().blockSize()];
+        return encryptRaw(data, key, iv, usage);
+    }
+
+    @Override
+    public byte[] encryptRaw(byte[] data, byte[] key, byte[] iv, int usage) throws KrbException
{
+        int checksumLen = checksumSize();
+        int[] workLens = new int[] {0, checksumLen, data.length, 0};
+        byte[] workBuffer = new byte[data.length];
+        System.arraycopy(data, 0, workBuffer, 0, data.length);
+
+        encryptWith(workBuffer, workLens, key, iv, usage, true);
         return workBuffer;
     }
 
     protected void encryptWith(byte[] workBuffer, int[] workLens,
-                          byte[] key, byte[] iv, int usage) throws KrbException {
+                          byte[] key, byte[] iv, int usage, boolean raw) throws KrbException
{
 
     }
 
@@ -147,11 +164,26 @@ public abstract class AbstractEncTypeHandler
         int dataLen = totalLen - (confounderLen + checksumLen);
 
         int[] workLens = new int[] {confounderLen, checksumLen, dataLen};
-        return decryptWith(cipher, workLens, key, iv, usage);
+        return decryptWith(cipher, workLens, key, iv, usage, false);
+    }
+
+    @Override
+    public byte[] decryptRaw(byte[] cipher, byte[] key, int usage)
+            throws KrbException {
+        byte[] iv = new byte[encProvider().blockSize()];
+        return decryptRaw(cipher, key, iv, usage);
+    }
+
+    @Override
+    public byte[] decryptRaw(byte[] cipher, byte[] key, byte[] iv, int usage)
+            throws KrbException {
+        int checksumLen = checksumSize();
+        int[] workLens = new int[] {0, checksumLen, cipher.length};
+        return decryptWith(cipher, workLens, key, iv, usage, true);
     }
 
     protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
-                               byte[] key, byte[] iv, int usage) throws KrbException {
+                               byte[] key, byte[] iv, int usage, boolean raw) throws KrbException
{
         return null;
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/135a67f4/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
index 6834d0b..f57c498 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
@@ -58,7 +58,16 @@ abstract class DesCbcEnc extends AbstractEncTypeHandler {
 
     @Override
     protected void encryptWith(byte[] workBuffer, int[] workLens,
-                                 byte[] key, byte[] iv, int usage) throws KrbException {
+                               byte[] key, byte[] iv, int usage, boolean raw) throws KrbException
{
+        if (!raw) {
+            doEncryptWith(workBuffer, workLens, key, iv);
+        } else {
+            encProvider().encrypt(key, iv, workBuffer);
+        }
+    }
+
+    private void doEncryptWith(byte[] workBuffer, int[] workLens,
+                                 byte[] key, byte[] iv) throws KrbException {
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int dataLen = workLens[2];
@@ -83,7 +92,19 @@ abstract class DesCbcEnc extends AbstractEncTypeHandler {
 
     @Override
     protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
-                                 byte[] key, byte[] iv, int usage) throws KrbException {
+                                 byte[] key, byte[] iv, int usage, boolean raw) throws KrbException
{
+        if (!raw) {
+            return doDecryptWith(workBuffer, workLens, key, iv);
+        } else {
+            encProvider().decrypt(key, iv, workBuffer);
+            byte[] data = new byte[workBuffer.length];
+            System.arraycopy(workBuffer, 0, data, 0, data.length);
+            return data;
+        }
+    }
+
+    private byte[] doDecryptWith(byte[] workBuffer, int[] workLens,
+                                 byte[] key, byte[] iv) throws KrbException {
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int dataLen = workLens[2];

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/135a67f4/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
index 23e7a6c..6e98d2a 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
@@ -52,7 +52,7 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
 
     @Override
     protected void encryptWith(byte[] workBuffer, int[] workLens,
-                               byte[] key, byte[] iv, int usage) throws KrbException {
+                               byte[] key, byte[] iv, int usage, boolean raw) throws KrbException
{
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int inputLen = workLens[2];
@@ -75,31 +75,35 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
          * so need to adjust the workBuffer arrangement
          */
 
-        byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen];
-        // confounder
-        byte[] confounder = Confounder.makeBytes(confounderLen);
-        System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen);
-
-        // data
-        System.arraycopy(workBuffer, confounderLen + checksumLen,
-                tmpEnc, confounderLen, inputLen);
-
-        // padding
-        for (int i = confounderLen + inputLen; i < paddingLen; ++i) {
-            tmpEnc[i] = 0;
+        if (!raw) {
+            byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen];
+            // confounder
+            byte[] confounder = Confounder.makeBytes(confounderLen);
+            System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen);
+
+            // data
+            System.arraycopy(workBuffer, confounderLen + checksumLen,
+                    tmpEnc, confounderLen, inputLen);
+
+            // padding
+            for (int i = confounderLen + inputLen; i < paddingLen; ++i) {
+                tmpEnc[i] = 0;
+            }
+
+            // checksum & encrypt
+            byte[] checksum = makeChecksum(ki, tmpEnc, checksumLen);
+            encProvider().encrypt(ke, iv, tmpEnc);
+
+            System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
+            System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length);
+        } else {
+            encProvider().encrypt(ke, iv, workBuffer);
         }
-
-        // checksum & encrypt
-        byte[] checksum = makeChecksum(ki, tmpEnc, checksumLen);
-        encProvider().encrypt(ke, iv, tmpEnc);
-
-        System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
-        System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length);
     }
 
     @Override
     protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
-                                 byte[] key, byte[] iv, int usage) throws KrbException {
+                                 byte[] key, byte[] iv, int usage, boolean raw) throws KrbException
{
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int dataLen = workLens[2];
@@ -116,20 +120,25 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
         byte[] tmpEnc = new byte[confounderLen + dataLen];
         System.arraycopy(workBuffer, 0,
                 tmpEnc, 0, confounderLen + dataLen);
-        byte[] checksum = new byte[checksumLen];
-        System.arraycopy(workBuffer, confounderLen + dataLen,
-                checksum, 0, checksumLen);
-
-        encProvider().decrypt(ke, iv, tmpEnc);
-        byte[] newChecksum = makeChecksum(ki, tmpEnc, checksumLen);
-
-        if (!checksumEqual(checksum, newChecksum)) {
-            throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+        if (!raw) {
+            byte[] checksum = new byte[checksumLen];
+            System.arraycopy(workBuffer, confounderLen + dataLen,
+                    checksum, 0, checksumLen);
+
+            encProvider().decrypt(ke, iv, tmpEnc);
+            byte[] newChecksum = makeChecksum(ki, tmpEnc, checksumLen);
+
+            if (!checksumEqual(checksum, newChecksum)) {
+                throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+            }
+
+            byte[] data = new byte[dataLen];
+            System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen);
+            return data;
+        } else {
+            encProvider().decrypt(ke, iv, tmpEnc);
+            return tmpEnc;
         }
-
-        byte[] data = new byte[dataLen];
-        System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen);
-        return data;
     }
 
     protected abstract byte[] makeChecksum(byte[] key, byte[] data, int hashSize)

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/135a67f4/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
index 2f4aa59..f9a2f49 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
@@ -80,8 +80,13 @@ public class Rc4HmacEnc extends AbstractEncTypeHandler {
         return CheckSumType.HMAC_MD5_ARCFOUR;
     }
 
+    @Override
     protected void encryptWith(byte[] workBuffer, int[] workLens,
-                               byte[] key, byte[] iv, int usage) throws KrbException {
+                               byte[] key, byte[] iv, int usage, boolean raw) throws KrbException
{
+        if (raw) {
+            throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP,
+                    "Raw mode not supported for this encryption type");
+        }
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int dataLen = workLens[2];
@@ -133,7 +138,11 @@ public class Rc4HmacEnc extends AbstractEncTypeHandler {
 
     @Override
     protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
-                                 byte[] key, byte[] iv, int usage) throws KrbException {
+                                 byte[] key, byte[] iv, int usage, boolean raw) throws KrbException
{
+        if (raw) {
+            throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP,
+                    "Raw mode not supported for this encryption type");
+        }
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int dataLen = workLens[2];


Mime
View raw message