You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/05/07 01:14:53 UTC
svn commit: r535673 -
/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/
Author: erodriguez
Date: Sun May 6 16:14:52 2007
New Revision: 535673
URL: http://svn.apache.org/viewvc?view=rev&rev=535673
Log:
Updated encryption types to support "key usage."
Modified:
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ArcFourHmacMd5Encryption.java
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java
Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java?view=diff&rev=535673&r1=535672&r2=535673
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java Sun May 6 16:14:52 2007
@@ -70,27 +70,27 @@
protected abstract int getKeyLength();
- public byte[] calculateChecksum( byte[] data, byte[] key )
+ public byte[] calculateChecksum( byte[] data, byte[] key, KeyUsage usage )
{
- byte[] Kc = deriveKey( key, usageKc, 128, getKeyLength() );
+ byte[] Kc = deriveKey( key, getUsageKc( usage ), 128, getKeyLength() );
byte[] checksum = processChecksum( data, Kc );
return removeTrailingBytes( checksum, 0, checksum.length - getChecksumLength() );
}
- public byte[] calculateIntegrity( byte[] data, byte[] key )
+ public byte[] calculateIntegrity( byte[] data, byte[] key, KeyUsage usage )
{
- byte[] Ki = deriveKey( key, usageKi, 128, getKeyLength() );
+ byte[] Ki = deriveKey( key, getUsageKi( usage ), 128, getKeyLength() );
byte[] checksum = processChecksum( data, Ki );
return removeTrailingBytes( checksum, 0, checksum.length - getChecksumLength() );
}
- public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException
+ public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
{
- byte[] Ke = deriveKey( key.getKeyValue(), usageKe, 128, getKeyLength() );
+ byte[] Ke = deriveKey( key.getKeyValue(), getUsageKe( usage ), 128, getKeyLength() );
byte[] encryptedData = data.getCipherText();
@@ -109,7 +109,7 @@
byte[] withoutConfounder = removeLeadingBytes( decryptedData, getConfounderLength(), 0 );
// calculate a new checksum
- byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue() );
+ byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
// compare checksums
if ( !Arrays.equals( oldChecksum, newChecksum ) )
@@ -121,15 +121,15 @@
}
- public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText )
+ public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText, KeyUsage usage )
{
- byte[] Ke = deriveKey( key.getKeyValue(), usageKe, 128, getKeyLength() );
+ byte[] Ke = deriveKey( key.getKeyValue(), getUsageKe( usage ), 128, getKeyLength() );
// build the ciphertext structure
byte[] conFounder = getRandomBytes( getConfounderLength() );
byte[] dataBytes = concatenateBytes( conFounder, plainText );
- byte[] checksumBytes = calculateIntegrity( dataBytes, key.getKeyValue() );
+ byte[] checksumBytes = calculateIntegrity( dataBytes, key.getKeyValue(), usage );
byte[] encryptedData = encrypt( dataBytes, Ke );
byte[] cipherText = concatenateBytes( encryptedData, checksumBytes );
Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ArcFourHmacMd5Encryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ArcFourHmacMd5Encryption.java?view=diff&rev=535673&r1=535672&r2=535673
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ArcFourHmacMd5Encryption.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ArcFourHmacMd5Encryption.java Sun May 6 16:14:52 2007
@@ -38,13 +38,13 @@
}
- public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException
+ public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
{
return data.getCipherText();
}
- public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText )
+ public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText, KeyUsage usage )
{
return new EncryptedData( getEncryptionType(), key.getKeyVersion(), plainText );
}
@@ -62,7 +62,7 @@
}
- public byte[] calculateIntegrity( byte[] data, byte[] key )
+ public byte[] calculateIntegrity( byte[] data, byte[] key, KeyUsage usage )
{
try
{
Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java?view=diff&rev=535673&r1=535672&r2=535673
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java Sun May 6 16:14:52 2007
@@ -117,14 +117,15 @@
*
* @param key The key to use for encrypting.
* @param encodable The Kerberos object to encode.
+ * @param usage The key usage.
* @return The Kerberos EncryptedData.
* @throws KerberosException
*/
- public EncryptedData seal( EncryptionKey key, Encodable encodable ) throws KerberosException
+ public EncryptedData seal( EncryptionKey key, Encodable encodable, KeyUsage usage ) throws KerberosException
{
try
{
- return encrypt( key, encode( encodable ) );
+ return encrypt( key, encode( encodable ), usage );
}
catch ( IOException ioe )
{
@@ -144,17 +145,20 @@
* @param hint The class the encrypted data is expected to contain.
* @param key The key to use for decryption.
* @param data The data to decrypt.
+ * @param usage The key usage.
* @return The Kerberos object resulting from a successful decrypt and decode.
* @throws KerberosException
*/
- public Encodable unseal( Class hint, EncryptionKey key, EncryptedData data ) throws KerberosException
+ public Encodable unseal( Class hint, EncryptionKey key, EncryptedData data, KeyUsage usage )
+ throws KerberosException
{
try
{
- return decode( hint, decrypt( key, data ) );
+ return decode( hint, decrypt( key, data, usage ) );
}
catch ( IOException ioe )
{
+ ioe.printStackTrace();
throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
}
catch ( ClassCastException cce )
@@ -164,19 +168,19 @@
}
- private EncryptedData encrypt( EncryptionKey key, byte[] plainText ) throws KerberosException
+ private EncryptedData encrypt( EncryptionKey key, byte[] plainText, KeyUsage usage ) throws KerberosException
{
EncryptionEngine engine = getEngine( key );
- return engine.getEncryptedData( key, plainText );
+ return engine.getEncryptedData( key, plainText, usage );
}
- private byte[] decrypt( EncryptionKey key, EncryptedData data ) throws KerberosException
+ private byte[] decrypt( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
{
EncryptionEngine engine = getEngine( key );
- return engine.getDecryptedData( key, data );
+ return engine.getDecryptedData( key, data, usage );
}
Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java?view=diff&rev=535673&r1=535672&r2=535673
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java Sun May 6 16:14:52 2007
@@ -79,25 +79,25 @@
}
- public byte[] calculateChecksum( byte[] data, byte[] key )
+ public byte[] calculateChecksum( byte[] data, byte[] key, KeyUsage usage )
{
- byte[] Kc = deriveKey( key, usageKc, 64, 168 );
+ byte[] Kc = deriveKey( key, getUsageKc( usage ), 64, 168 );
return processChecksum( data, Kc );
}
- public byte[] calculateIntegrity( byte[] data, byte[] key )
+ public byte[] calculateIntegrity( byte[] data, byte[] key, KeyUsage usage )
{
- byte[] Ki = deriveKey( key, usageKi, 64, 168 );
+ byte[] Ki = deriveKey( key, getUsageKi( usage ), 64, 168 );
return processChecksum( data, Ki );
}
- public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException
+ public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
{
- byte[] Ke = deriveKey( key.getKeyValue(), usageKe, 64, 168 );
+ byte[] Ke = deriveKey( key.getKeyValue(), getUsageKe( usage ), 64, 168 );
byte[] encryptedData = data.getCipherText();
@@ -116,7 +116,7 @@
byte[] withoutConfounder = removeLeadingBytes( decryptedData, getConfounderLength(), 0 );
// calculate a new checksum
- byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue() );
+ byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
// compare checksums
if ( !Arrays.equals( oldChecksum, newChecksum ) )
@@ -128,15 +128,15 @@
}
- public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText )
+ public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText, KeyUsage usage )
{
- byte[] Ke = deriveKey( key.getKeyValue(), usageKe, 64, 168 );
+ byte[] Ke = deriveKey( key.getKeyValue(), getUsageKe( usage ), 64, 168 );
// build the ciphertext structure
byte[] conFounder = getRandomBytes( getConfounderLength() );
byte[] paddedPlainText = padString( plainText );
byte[] dataBytes = concatenateBytes( conFounder, paddedPlainText );
- byte[] checksumBytes = calculateIntegrity( dataBytes, key.getKeyValue() );
+ byte[] checksumBytes = calculateIntegrity( dataBytes, key.getKeyValue(), usage );
//byte[] encryptedData = encrypt( paddedDataBytes, key.getKeyValue() );
byte[] encryptedData = encrypt( dataBytes, Ke );
Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java?view=diff&rev=535673&r1=535672&r2=535673
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java Sun May 6 16:14:52 2007
@@ -66,7 +66,7 @@
}
- public byte[] calculateIntegrity( byte[] data, byte[] key )
+ public byte[] calculateIntegrity( byte[] data, byte[] key, KeyUsage usage )
{
CRC32 crc32 = new CRC32();
crc32.update( data );
@@ -89,7 +89,7 @@
}
- public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException
+ public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
{
// decrypt the data
byte[] decryptedData = decrypt( data.getCipherText(), key.getKeyValue() );
@@ -105,7 +105,7 @@
}
// calculate a new checksum
- byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue() );
+ byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
// compare checksums
if ( !Arrays.equals( oldChecksum, newChecksum ) )
@@ -118,14 +118,14 @@
}
- public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText )
+ public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText, KeyUsage usage )
{
// build the ciphertext structure
byte[] conFounder = getRandomBytes( getConfounderLength() );
byte[] zeroedChecksum = new byte[getChecksumLength()];
byte[] paddedPlainText = padString( plainText );
byte[] dataBytes = concatenateBytes( conFounder, concatenateBytes( zeroedChecksum, paddedPlainText ) );
- byte[] checksumBytes = calculateIntegrity( dataBytes, null );
+ byte[] checksumBytes = calculateIntegrity( dataBytes, null, usage );
byte[] paddedDataBytes = padString( dataBytes );
// lay the checksum into the ciphertext
Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java?view=diff&rev=535673&r1=535672&r2=535673
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java Sun May 6 16:14:52 2007
@@ -66,7 +66,7 @@
}
- public byte[] calculateIntegrity( byte[] data, byte[] key )
+ public byte[] calculateIntegrity( byte[] data, byte[] key, KeyUsage usage )
{
try
{
@@ -80,7 +80,7 @@
}
- public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException
+ public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
{
// decrypt the data
byte[] decryptedData = decrypt( data.getCipherText(), key.getKeyValue() );
@@ -96,7 +96,7 @@
}
// calculate a new checksum
- byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue() );
+ byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
// compare checksums
if ( !Arrays.equals( oldChecksum, newChecksum ) )
@@ -109,14 +109,14 @@
}
- public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText )
+ public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText, KeyUsage usage )
{
// build the ciphertext structure
byte[] conFounder = getRandomBytes( getConfounderLength() );
byte[] zeroedChecksum = new byte[getChecksumLength()];
byte[] paddedPlainText = padString( plainText );
byte[] dataBytes = concatenateBytes( conFounder, concatenateBytes( zeroedChecksum, paddedPlainText ) );
- byte[] checksumBytes = calculateIntegrity( dataBytes, null );
+ byte[] checksumBytes = calculateIntegrity( dataBytes, null, usage );
byte[] paddedDataBytes = padString( dataBytes );
// lay the checksum into the ciphertext
Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java?view=diff&rev=535673&r1=535672&r2=535673
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java Sun May 6 16:14:52 2007
@@ -49,13 +49,13 @@
}
- public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException
+ public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
{
return data.getCipherText();
}
- public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText )
+ public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText, KeyUsage usage )
{
return new EncryptedData( getEncryptionType(), key.getKeyVersion(), plainText );
}
@@ -73,7 +73,7 @@
}
- public byte[] calculateIntegrity( byte[] plainText, byte[] key )
+ public byte[] calculateIntegrity( byte[] plainText, byte[] key, KeyUsage usage )
{
return null;
}