You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/05/16 07:29:18 UTC
directory-kerby git commit: DIRKRB-571 Add encryptRaw interface for
GssToken encryption. Contributed by Wei.
Repository: directory-kerby
Updated Branches:
refs/heads/gssapi aa0098253 -> ca86e8dad
DIRKRB-571 Add encryptRaw interface for GssToken encryption. Contributed by Wei.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ca86e8da
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ca86e8da
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ca86e8da
Branch: refs/heads/gssapi
Commit: ca86e8dadbb10f73e0a96c7e92721b8acc561b82
Parents: aa00982
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon May 16 15:34:37 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon May 16 15:34:37 2016 +0800
----------------------------------------------------------------------
.../kerberos/kerb/crypto/EncTypeHandler.java | 12 +++
.../kerb/crypto/enc/AbstractEncTypeHandler.java | 40 +++++++++-
.../kerberos/kerb/crypto/enc/DesCbcEnc.java | 25 ++++++-
.../kerby/kerberos/kerb/crypto/enc/KeKiEnc.java | 77 +++++++++++---------
.../kerberos/kerb/crypto/enc/Rc4HmacEnc.java | 13 +++-
5 files changed, 125 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca86e8da/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
index 09bad5d..ac40935 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
@@ -54,9 +54,21 @@ public interface EncTypeHandler extends CryptoTypeHandler {
byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
int usage) throws KrbException;
+ byte[] encryptRaw(byte[] data, byte[] key, int usage)
+ throws KrbException;
+
+ byte[] encryptRaw(byte[] data, byte[] key, byte[] ivec,
+ int usage) throws KrbException;
+
byte[] decrypt(byte[] cipher, byte[] key, int usage)
throws KrbException;
byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec,
int usage) throws KrbException;
+
+ byte[] decryptRaw(byte[] data, byte[] key, int usage)
+ throws KrbException;
+
+ byte[] decryptRaw(byte[] cipher, byte[] key, byte[] ivec,
+ int usage) throws KrbException;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca86e8da/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
index 28303c0..3d8c432 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
@@ -123,12 +123,29 @@ public abstract class AbstractEncTypeHandler
int[] workLens = new int[] {confounderLen, checksumLen,
inputLen, paddingLen};
- encryptWith(workBuffer, workLens, key, iv, usage);
+ encryptWith(workBuffer, workLens, key, iv, usage, false);
+ return workBuffer;
+ }
+
+ @Override
+ public byte[] encryptRaw(byte[] data, byte[] key, int usage) throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ return encryptRaw(data, key, iv, usage);
+ }
+
+ @Override
+ public byte[] encryptRaw(byte[] data, byte[] key, byte[] iv, int usage) throws KrbException {
+ int checksumLen = checksumSize();
+ int[] workLens = new int[] {0, checksumLen, data.length, 0};
+ byte[] workBuffer = new byte[data.length];
+ System.arraycopy(data, 0, workBuffer, 0, data.length);
+
+ encryptWith(workBuffer, workLens, key, iv, usage, true);
return workBuffer;
}
protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
+ byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
}
@@ -147,11 +164,26 @@ public abstract class AbstractEncTypeHandler
int dataLen = totalLen - (confounderLen + checksumLen);
int[] workLens = new int[] {confounderLen, checksumLen, dataLen};
- return decryptWith(cipher, workLens, key, iv, usage);
+ return decryptWith(cipher, workLens, key, iv, usage, false);
+ }
+
+ @Override
+ public byte[] decryptRaw(byte[] cipher, byte[] key, int usage)
+ throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ return decryptRaw(cipher, key, iv, usage);
+ }
+
+ @Override
+ public byte[] decryptRaw(byte[] cipher, byte[] key, byte[] iv, int usage)
+ throws KrbException {
+ int checksumLen = checksumSize();
+ int[] workLens = new int[] {0, checksumLen, cipher.length};
+ return decryptWith(cipher, workLens, key, iv, usage, true);
}
protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
+ byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
return null;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca86e8da/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
index 6834d0b..f57c498 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
@@ -58,7 +58,16 @@ abstract class DesCbcEnc extends AbstractEncTypeHandler {
@Override
protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
+ byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+ if (!raw) {
+ doEncryptWith(workBuffer, workLens, key, iv);
+ } else {
+ encProvider().encrypt(key, iv, workBuffer);
+ }
+ }
+
+ private void doEncryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv) throws KrbException {
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int dataLen = workLens[2];
@@ -83,7 +92,19 @@ abstract class DesCbcEnc extends AbstractEncTypeHandler {
@Override
protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
+ byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+ if (!raw) {
+ return doDecryptWith(workBuffer, workLens, key, iv);
+ } else {
+ encProvider().decrypt(key, iv, workBuffer);
+ byte[] data = new byte[workBuffer.length];
+ System.arraycopy(workBuffer, 0, data, 0, data.length);
+ return data;
+ }
+ }
+
+ private byte[] doDecryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv) throws KrbException {
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int dataLen = workLens[2];
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca86e8da/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
index 23e7a6c..6e98d2a 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
@@ -52,7 +52,7 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
@Override
protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
+ byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int inputLen = workLens[2];
@@ -75,31 +75,35 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
* so need to adjust the workBuffer arrangement
*/
- byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen];
- // confounder
- byte[] confounder = Confounder.makeBytes(confounderLen);
- System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen);
-
- // data
- System.arraycopy(workBuffer, confounderLen + checksumLen,
- tmpEnc, confounderLen, inputLen);
-
- // padding
- for (int i = confounderLen + inputLen; i < paddingLen; ++i) {
- tmpEnc[i] = 0;
+ if (!raw) {
+ byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen];
+ // confounder
+ byte[] confounder = Confounder.makeBytes(confounderLen);
+ System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen);
+
+ // data
+ System.arraycopy(workBuffer, confounderLen + checksumLen,
+ tmpEnc, confounderLen, inputLen);
+
+ // padding
+ for (int i = confounderLen + inputLen; i < paddingLen; ++i) {
+ tmpEnc[i] = 0;
+ }
+
+ // checksum & encrypt
+ byte[] checksum = makeChecksum(ki, tmpEnc, checksumLen);
+ encProvider().encrypt(ke, iv, tmpEnc);
+
+ System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
+ System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length);
+ } else {
+ encProvider().encrypt(ke, iv, workBuffer);
}
-
- // checksum & encrypt
- byte[] checksum = makeChecksum(ki, tmpEnc, checksumLen);
- encProvider().encrypt(ke, iv, tmpEnc);
-
- System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
- System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length);
}
@Override
protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
+ byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int dataLen = workLens[2];
@@ -116,20 +120,25 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
byte[] tmpEnc = new byte[confounderLen + dataLen];
System.arraycopy(workBuffer, 0,
tmpEnc, 0, confounderLen + dataLen);
- byte[] checksum = new byte[checksumLen];
- System.arraycopy(workBuffer, confounderLen + dataLen,
- checksum, 0, checksumLen);
-
- encProvider().decrypt(ke, iv, tmpEnc);
- byte[] newChecksum = makeChecksum(ki, tmpEnc, checksumLen);
-
- if (!checksumEqual(checksum, newChecksum)) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+ if (!raw) {
+ byte[] checksum = new byte[checksumLen];
+ System.arraycopy(workBuffer, confounderLen + dataLen,
+ checksum, 0, checksumLen);
+
+ encProvider().decrypt(ke, iv, tmpEnc);
+ byte[] newChecksum = makeChecksum(ki, tmpEnc, checksumLen);
+
+ if (!checksumEqual(checksum, newChecksum)) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+ }
+
+ byte[] data = new byte[dataLen];
+ System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen);
+ return data;
+ } else {
+ encProvider().decrypt(ke, iv, tmpEnc);
+ return tmpEnc;
}
-
- byte[] data = new byte[dataLen];
- System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen);
- return data;
}
protected abstract byte[] makeChecksum(byte[] key, byte[] data, int hashSize)
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca86e8da/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
index 2f4aa59..f9a2f49 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
@@ -80,8 +80,13 @@ public class Rc4HmacEnc extends AbstractEncTypeHandler {
return CheckSumType.HMAC_MD5_ARCFOUR;
}
+ @Override
protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
+ byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+ if (raw) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP,
+ "Raw mode not supported for this encryption type");
+ }
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int dataLen = workLens[2];
@@ -133,7 +138,11 @@ public class Rc4HmacEnc extends AbstractEncTypeHandler {
@Override
protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
+ byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+ if (raw) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP,
+ "Raw mode not supported for this encryption type");
+ }
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int dataLen = workLens[2];