You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/24 11:50:52 UTC

[11/18] directory-kerby git commit: Revert "DIRKRB-571 - Add encryptRaw interface for GssToken encryption"

Revert "DIRKRB-571 - Add encryptRaw interface for GssToken encryption"

This reverts commit 135a67f4a41b65d8dba60c30aabf683a81bf58f7.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/95e4ada3
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/95e4ada3
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/95e4ada3

Branch: refs/heads/1.0.x-fixes
Commit: 95e4ada3115dbabb0422f213df2378c39b7bdf57
Parents: d4ab11f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 24 12:46:07 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 24 12:46:07 2017 +0100

----------------------------------------------------------------------
 .../kerberos/kerb/crypto/EncTypeHandler.java    | 12 ---
 .../kerb/crypto/enc/AbstractEncTypeHandler.java | 40 +---------
 .../kerberos/kerb/crypto/enc/DesCbcEnc.java     | 25 +------
 .../kerby/kerberos/kerb/crypto/enc/KeKiEnc.java | 77 +++++++++-----------
 .../kerberos/kerb/crypto/enc/Rc4HmacEnc.java    | 13 +---
 5 files changed, 42 insertions(+), 125 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/95e4ada3/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
index ac40935..09bad5d 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
@@ -54,21 +54,9 @@ public interface EncTypeHandler extends CryptoTypeHandler {
     byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
         int usage) throws KrbException;
 
-    byte[] encryptRaw(byte[] data, byte[] key, int usage)
-            throws KrbException;
-
-    byte[] encryptRaw(byte[] data, byte[] key, byte[] ivec,
-        int usage) throws KrbException;
-
     byte[] decrypt(byte[] cipher, byte[] key, int usage)
         throws KrbException;
 
     byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec,
         int usage) throws KrbException;
-
-    byte[] decryptRaw(byte[] data, byte[] key, int usage)
-            throws KrbException;
-
-    byte[] decryptRaw(byte[] cipher, byte[] key, byte[] ivec,
-                   int usage) throws KrbException;
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/95e4ada3/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
index 3d8c432..28303c0 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
@@ -123,29 +123,12 @@ public abstract class AbstractEncTypeHandler
         int[] workLens = new int[] {confounderLen, checksumLen,
                 inputLen, paddingLen};
 
-        encryptWith(workBuffer, workLens, key, iv, usage, false);
-        return workBuffer;
-    }
-
-    @Override
-    public byte[] encryptRaw(byte[] data, byte[] key, int usage) throws KrbException {
-        byte[] iv = new byte[encProvider().blockSize()];
-        return encryptRaw(data, key, iv, usage);
-    }
-
-    @Override
-    public byte[] encryptRaw(byte[] data, byte[] key, byte[] iv, int usage) throws KrbException {
-        int checksumLen = checksumSize();
-        int[] workLens = new int[] {0, checksumLen, data.length, 0};
-        byte[] workBuffer = new byte[data.length];
-        System.arraycopy(data, 0, workBuffer, 0, data.length);
-
-        encryptWith(workBuffer, workLens, key, iv, usage, true);
+        encryptWith(workBuffer, workLens, key, iv, usage);
         return workBuffer;
     }
 
     protected void encryptWith(byte[] workBuffer, int[] workLens,
-                          byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+                          byte[] key, byte[] iv, int usage) throws KrbException {
 
     }
 
@@ -164,26 +147,11 @@ public abstract class AbstractEncTypeHandler
         int dataLen = totalLen - (confounderLen + checksumLen);
 
         int[] workLens = new int[] {confounderLen, checksumLen, dataLen};
-        return decryptWith(cipher, workLens, key, iv, usage, false);
-    }
-
-    @Override
-    public byte[] decryptRaw(byte[] cipher, byte[] key, int usage)
-            throws KrbException {
-        byte[] iv = new byte[encProvider().blockSize()];
-        return decryptRaw(cipher, key, iv, usage);
-    }
-
-    @Override
-    public byte[] decryptRaw(byte[] cipher, byte[] key, byte[] iv, int usage)
-            throws KrbException {
-        int checksumLen = checksumSize();
-        int[] workLens = new int[] {0, checksumLen, cipher.length};
-        return decryptWith(cipher, workLens, key, iv, usage, true);
+        return decryptWith(cipher, workLens, key, iv, usage);
     }
 
     protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
-                               byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+                               byte[] key, byte[] iv, int usage) throws KrbException {
         return null;
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/95e4ada3/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
index f57c498..6834d0b 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
@@ -58,16 +58,7 @@ abstract class DesCbcEnc extends AbstractEncTypeHandler {
 
     @Override
     protected void encryptWith(byte[] workBuffer, int[] workLens,
-                               byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
-        if (!raw) {
-            doEncryptWith(workBuffer, workLens, key, iv);
-        } else {
-            encProvider().encrypt(key, iv, workBuffer);
-        }
-    }
-
-    private void doEncryptWith(byte[] workBuffer, int[] workLens,
-                                 byte[] key, byte[] iv) throws KrbException {
+                                 byte[] key, byte[] iv, int usage) throws KrbException {
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int dataLen = workLens[2];
@@ -92,19 +83,7 @@ abstract class DesCbcEnc extends AbstractEncTypeHandler {
 
     @Override
     protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
-                                 byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
-        if (!raw) {
-            return doDecryptWith(workBuffer, workLens, key, iv);
-        } else {
-            encProvider().decrypt(key, iv, workBuffer);
-            byte[] data = new byte[workBuffer.length];
-            System.arraycopy(workBuffer, 0, data, 0, data.length);
-            return data;
-        }
-    }
-
-    private byte[] doDecryptWith(byte[] workBuffer, int[] workLens,
-                                 byte[] key, byte[] iv) throws KrbException {
+                                 byte[] key, byte[] iv, int usage) throws KrbException {
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int dataLen = workLens[2];

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/95e4ada3/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
index 6e98d2a..23e7a6c 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
@@ -52,7 +52,7 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
 
     @Override
     protected void encryptWith(byte[] workBuffer, int[] workLens,
-                               byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+                               byte[] key, byte[] iv, int usage) throws KrbException {
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int inputLen = workLens[2];
@@ -75,35 +75,31 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
          * so need to adjust the workBuffer arrangement
          */
 
-        if (!raw) {
-            byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen];
-            // confounder
-            byte[] confounder = Confounder.makeBytes(confounderLen);
-            System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen);
-
-            // data
-            System.arraycopy(workBuffer, confounderLen + checksumLen,
-                    tmpEnc, confounderLen, inputLen);
-
-            // padding
-            for (int i = confounderLen + inputLen; i < paddingLen; ++i) {
-                tmpEnc[i] = 0;
-            }
-
-            // checksum & encrypt
-            byte[] checksum = makeChecksum(ki, tmpEnc, checksumLen);
-            encProvider().encrypt(ke, iv, tmpEnc);
-
-            System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
-            System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length);
-        } else {
-            encProvider().encrypt(ke, iv, workBuffer);
+        byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen];
+        // confounder
+        byte[] confounder = Confounder.makeBytes(confounderLen);
+        System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen);
+
+        // data
+        System.arraycopy(workBuffer, confounderLen + checksumLen,
+                tmpEnc, confounderLen, inputLen);
+
+        // padding
+        for (int i = confounderLen + inputLen; i < paddingLen; ++i) {
+            tmpEnc[i] = 0;
         }
+
+        // checksum & encrypt
+        byte[] checksum = makeChecksum(ki, tmpEnc, checksumLen);
+        encProvider().encrypt(ke, iv, tmpEnc);
+
+        System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
+        System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length);
     }
 
     @Override
     protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
-                                 byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
+                                 byte[] key, byte[] iv, int usage) throws KrbException {
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int dataLen = workLens[2];
@@ -120,25 +116,20 @@ public abstract class KeKiEnc extends AbstractEncTypeHandler {
         byte[] tmpEnc = new byte[confounderLen + dataLen];
         System.arraycopy(workBuffer, 0,
                 tmpEnc, 0, confounderLen + dataLen);
-        if (!raw) {
-            byte[] checksum = new byte[checksumLen];
-            System.arraycopy(workBuffer, confounderLen + dataLen,
-                    checksum, 0, checksumLen);
-
-            encProvider().decrypt(ke, iv, tmpEnc);
-            byte[] newChecksum = makeChecksum(ki, tmpEnc, checksumLen);
-
-            if (!checksumEqual(checksum, newChecksum)) {
-                throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
-            }
-
-            byte[] data = new byte[dataLen];
-            System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen);
-            return data;
-        } else {
-            encProvider().decrypt(ke, iv, tmpEnc);
-            return tmpEnc;
+        byte[] checksum = new byte[checksumLen];
+        System.arraycopy(workBuffer, confounderLen + dataLen,
+                checksum, 0, checksumLen);
+
+        encProvider().decrypt(ke, iv, tmpEnc);
+        byte[] newChecksum = makeChecksum(ki, tmpEnc, checksumLen);
+
+        if (!checksumEqual(checksum, newChecksum)) {
+            throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
         }
+
+        byte[] data = new byte[dataLen];
+        System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen);
+        return data;
     }
 
     protected abstract byte[] makeChecksum(byte[] key, byte[] data, int hashSize)

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/95e4ada3/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
index f9a2f49..2f4aa59 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
@@ -80,13 +80,8 @@ public class Rc4HmacEnc extends AbstractEncTypeHandler {
         return CheckSumType.HMAC_MD5_ARCFOUR;
     }
 
-    @Override
     protected void encryptWith(byte[] workBuffer, int[] workLens,
-                               byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
-        if (raw) {
-            throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP,
-                    "Raw mode not supported for this encryption type");
-        }
+                               byte[] key, byte[] iv, int usage) throws KrbException {
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int dataLen = workLens[2];
@@ -138,11 +133,7 @@ public class Rc4HmacEnc extends AbstractEncTypeHandler {
 
     @Override
     protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
-                                 byte[] key, byte[] iv, int usage, boolean raw) throws KrbException {
-        if (raw) {
-            throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP,
-                    "Raw mode not supported for this encryption type");
-        }
+                                 byte[] key, byte[] iv, int usage) throws KrbException {
         int confounderLen = workLens[0];
         int checksumLen = workLens[1];
         int dataLen = workLens[2];