You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/24 11:50:52 UTC
[11/18] directory-kerby git commit: Revert "DIRKRB-571 - Add
encryptRaw interface for GssToken encryption"
Revert "DIRKRB-571 - Add encryptRaw interface for GssToken encryption"
This reverts commit 135a67f4a41b65d8dba60c30aabf683a81bf58f7.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/95e4ada3
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/95e4ada3
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/95e4ada3
Branch: refs/heads/1.0.x-fixes
Commit: 95e4ada3115dbabb0422f213df2378c39b7bdf57
Parents: d4ab11f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 24 12:46:07 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 24 12:46:07 2017 +0100
----------------------------------------------------------------------
.../kerberos/kerb/crypto/EncTypeHandler.java | 12 ---
.../kerb/crypto/enc/AbstractEncTypeHandler.java | 40 +---------
.../kerberos/kerb/crypto/enc/DesCbcEnc.java | 25 +------
.../kerby/kerberos/kerb/crypto/enc/KeKiEnc.java | 77 +++++++++-----------
.../kerberos/kerb/crypto/enc/Rc4HmacEnc.java | 13 +---
5 files changed, 42 insertions(+), 125 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/95e4ada3/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
index ac40935..09bad5d 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
@@ -54,21 +54,9 @@ public interface EncTypeHandler extends CryptoTypeHandler {
byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
int usage) throws KrbException;
- byte[] encryptRaw(byte[] data, byte[] key, int usage)
- throws KrbException;
-
- byte[] encryptRaw(byte[] data, byte[] key, byte[] ivec,
- int usage) throws KrbException;
-
byte[] decrypt(byte[] cipher, byte[] key, int usage)
throws KrbException;
byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec,
int usage) throws KrbException;
-
- byte[] decryptRaw(byte[] data, byte[] key, int usage)
- throws KrbException;
-
- byte[] decryptRaw(byte[] cipher, byte[] key, byte[] ivec,
- int usage) throws KrbException;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/95e4ada3/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
index 3d8c432..28303c0 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
@@ -123,29 +123,12 @@ public abstract class AbstractEncTypeHandler
int[] workLens = new int[] {confounderLen, checksumLen,
inputLen, paddingLen};
- encryptWith(workBuffer, workLens, key, iv, usage, false);
- return workBuffer;
- }
-
- @Override
- public byte[] encryptRaw(byte[] data, byte[] key, int usage) throws KrbException {
- byte[] iv = new byte[encProvider().blockSize()];
- return encryptRaw(data, key, iv, usage);
- }
-
- @Override
- public byte[] encryptRaw(byte[] data, byte[] key, byte[] iv, int usage) throws KrbException {
- int checksumLen = checksumSize();
- int[] workLens = new int[] {0, checksumLen, data.length, 0};
- byte[] workBuffer = new byte[data.length];
- System.arraycopy(data, 0, workBuffer, 0, data.length);
-
- encryptWith(workBuffer, workLens, key, iv, usage, true);
+ encryptWith(workBuffer, workLens, key, iv, usage);
return workBuffer;
}
protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+ byte[] key, byte[] iv, int usage) throws KrbException {
}
@@ -164,26 +147,11 @@ public abstract class AbstractEncTypeHandler
int dataLen = totalLen - (confounderLen + checksumLen);
int[] workLens = new int[] {confounderLen, checksumLen, dataLen};
- return decryptWith(cipher, workLens, key, iv, usage, false);
- }
-
- @Override
- public byte[] decryptRaw(byte[] cipher, byte[] key, int usage)
- throws KrbException {
- byte[] iv = new byte[encProvider().blockSize()];
- return decryptRaw(cipher, key, iv, usage);
- }
-
- @Override
- public byte[] decryptRaw(byte[] cipher, byte[] key, byte[] iv, int usage)
- throws KrbException {
- int checksumLen = checksumSize();
- int[] workLens = new int[] {0, checksumLen, cipher.length};
- return decryptWith(cipher, workLens, key, iv, usage, true);
+ return decryptWith(cipher, workLens, key, iv, usage);
}
protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+ byte[] key, byte[] iv, int usage) throws KrbException {
return null;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/95e4ada3/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
index f57c498..6834d0b 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
@@ -58,16 +58,7 @@ abstract class DesCbcEnc extends AbstractEncTypeHandler {
@Override
protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
- if (!raw) {
- doEncryptWith(workBuffer, workLens, key, iv);
- } else {
- encProvider().encrypt(key, iv, workBuffer);
- }
- }
-
- private void doEncryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv) throws KrbException {
+ byte[] key, byte[] iv, int usage) throws KrbException {
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int dataLen = workLens[2];
@@ -92,19 +83,7 @@ abstract class DesCbcEnc extends AbstractEncTypeHandler {
@Override
protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
- if (!raw) {
- return doDecryptWith(workBuffer, workLens, key, iv);
- } else {
- encProvider().decrypt(key, iv, workBuffer);
- byte[] data = new byte[workBuffer.length];
- System.arraycopy(workBuffer, 0, data, 0, data.length);
- return data;
- }
- }
-
- private byte[] doDecryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv) throws KrbException {
+ byte[] key, byte[] iv, int usage) throws KrbException {
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int dataLen = workLens[2];
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/95e4ada3/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
index 6e98d2a..23e7a6c 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
@@ -52,7 +52,7 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
@Override
protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+ byte[] key, byte[] iv, int usage) throws KrbException {
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int inputLen = workLens[2];
@@ -75,35 +75,31 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
* so need to adjust the workBuffer arrangement
*/
- if (!raw) {
- byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen];
- // confounder
- byte[] confounder = Confounder.makeBytes(confounderLen);
- System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen);
-
- // data
- System.arraycopy(workBuffer, confounderLen + checksumLen,
- tmpEnc, confounderLen, inputLen);
-
- // padding
- for (int i = confounderLen + inputLen; i < paddingLen; ++i) {
- tmpEnc[i] = 0;
- }
-
- // checksum & encrypt
- byte[] checksum = makeChecksum(ki, tmpEnc, checksumLen);
- encProvider().encrypt(ke, iv, tmpEnc);
-
- System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
- System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length);
- } else {
- encProvider().encrypt(ke, iv, workBuffer);
+ byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen];
+ // confounder
+ byte[] confounder = Confounder.makeBytes(confounderLen);
+ System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen);
+
+ // data
+ System.arraycopy(workBuffer, confounderLen + checksumLen,
+ tmpEnc, confounderLen, inputLen);
+
+ // padding
+ for (int i = confounderLen + inputLen; i < paddingLen; ++i) {
+ tmpEnc[i] = 0;
}
+
+ // checksum & encrypt
+ byte[] checksum = makeChecksum(ki, tmpEnc, checksumLen);
+ encProvider().encrypt(ke, iv, tmpEnc);
+
+ System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
+ System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length);
}
@Override
protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+ byte[] key, byte[] iv, int usage) throws KrbException {
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int dataLen = workLens[2];
@@ -120,25 +116,20 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
byte[] tmpEnc = new byte[confounderLen + dataLen];
System.arraycopy(workBuffer, 0,
tmpEnc, 0, confounderLen + dataLen);
- if (!raw) {
- byte[] checksum = new byte[checksumLen];
- System.arraycopy(workBuffer, confounderLen + dataLen,
- checksum, 0, checksumLen);
-
- encProvider().decrypt(ke, iv, tmpEnc);
- byte[] newChecksum = makeChecksum(ki, tmpEnc, checksumLen);
-
- if (!checksumEqual(checksum, newChecksum)) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
- }
-
- byte[] data = new byte[dataLen];
- System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen);
- return data;
- } else {
- encProvider().decrypt(ke, iv, tmpEnc);
- return tmpEnc;
+ byte[] checksum = new byte[checksumLen];
+ System.arraycopy(workBuffer, confounderLen + dataLen,
+ checksum, 0, checksumLen);
+
+ encProvider().decrypt(ke, iv, tmpEnc);
+ byte[] newChecksum = makeChecksum(ki, tmpEnc, checksumLen);
+
+ if (!checksumEqual(checksum, newChecksum)) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
}
+
+ byte[] data = new byte[dataLen];
+ System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen);
+ return data;
}
protected abstract byte[] makeChecksum(byte[] key, byte[] data, int hashSize)
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/95e4ada3/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
index f9a2f49..2f4aa59 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
@@ -80,13 +80,8 @@ public class Rc4HmacEnc extends AbstractEncTypeHandler {
return CheckSumType.HMAC_MD5_ARCFOUR;
}
- @Override
protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
- if (raw) {
- throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP,
- "Raw mode not supported for this encryption type");
- }
+ byte[] key, byte[] iv, int usage) throws KrbException {
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int dataLen = workLens[2];
@@ -138,11 +133,7 @@ public class Rc4HmacEnc extends AbstractEncTypeHandler {
@Override
protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
- if (raw) {
- throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP,
- "Raw mode not supported for this encryption type");
- }
+ byte[] key, byte[] iv, int usage) throws KrbException {
int confounderLen = workLens[0];
int checksumLen = workLens[1];
int dataLen = workLens[2];