You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/22 01:56:44 UTC
[20/50] [abbrv] directory-kerberos git commit: Many changes with
newname
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java
new file mode 100644
index 0000000..23c3097
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/CryptoTypeHandler.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+
+public interface CryptoTypeHandler {
+
+ public String name();
+
+ public String displayName();
+
+ public EncryptProvider encProvider();
+
+ public HashProvider hashProvider();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java
new file mode 100644
index 0000000..db3e637
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Des.java
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+/**
+ * Based on MIT krb5 weak_key.c
+ */
+public class Des {
+
+ /*
+ * The following are the weak DES keys:
+ */
+ static byte[][] WEAK_KEYS = {
+ /* weak keys */
+ {(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01,(byte) 0x01},
+ {(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe,(byte) 0xfe},
+ {(byte) 0x1f,(byte) 0x1f,(byte) 0x1f,(byte) 0x1f,(byte) 0x0e,(byte) 0x0e,(byte) 0x0e,(byte) 0x0e},
+ {(byte) 0xe0,(byte) 0xe0,(byte) 0xe0,(byte) 0xe0,(byte) 0xf1,(byte) 0xf1,(byte) 0xf1,(byte) 0xf1},
+
+ /* semi-weak */
+ {(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe},
+ {(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01,(byte) 0xfe,(byte) 0x01},
+
+ {(byte) 0x1f,(byte) 0xe0,(byte) 0x1f,(byte) 0xe0,(byte) 0x0e,(byte) 0xf1,(byte) 0x0e,(byte) 0xf1},
+ {(byte) 0xe0,(byte) 0x1f,(byte) 0xe0,(byte) 0x1f,(byte) 0xf1,(byte) 0x0e,(byte) 0xf1,(byte) 0x0e},
+
+ {(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xf1,(byte) 0x01,(byte) 0xf1},
+ {(byte) 0xe0,(byte) 0x01,(byte) 0xe0,(byte) 0x01,(byte) 0xf1,(byte) 0x01,(byte) 0xf1,(byte) 0x01},
+
+ {(byte) 0x1f,(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe},
+ {(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x1f,(byte) 0xfe,(byte) 0x0e,(byte) 0xfe,(byte) 0x0e},
+
+ {(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x0e,(byte) 0x01,(byte) 0x0e},
+ {(byte) 0x1f,(byte) 0x01,(byte) 0x1f,(byte) 0x01,(byte) 0x0e,(byte) 0x01,(byte) 0x0e,(byte) 0x01},
+
+ {(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe},
+ {(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1}
+ };
+
+ public static boolean isWeakKey(byte[] key, int offset, int len) {
+ boolean match;
+ for (byte[] weakKey : WEAK_KEYS) {
+ match = true;
+ if (weakKey.length == len) {
+ for (int i = 0; i < len; i++) {
+ if (weakKey[i] != key[i]) {
+ match = false;
+ break;
+ }
+ }
+ }
+ if (match) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * MIT krb5 FIXUP(k) in s2k_des.c
+ */
+ public static void fixKey(byte[] key, int offset, int len) {
+ if (isWeakKey(key, offset, len)) {
+ key[offset + 7] ^= (byte) 0xf0;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
new file mode 100644
index 0000000..de0e78e
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncTypeHandler.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+public interface EncTypeHandler extends CryptoTypeHandler {
+
+ public EncryptionType eType();
+
+ public int keyInputSize();
+
+ public int keySize();
+
+ public int confounderSize();
+
+ public int checksumSize();
+
+ public int paddingSize();
+
+ public byte[] str2key(String string,
+ String salt, byte[] param) throws KrbException;
+
+ public byte[] random2Key(byte[] randomBits) throws KrbException;
+
+ public CheckSumType checksumType();
+
+ public byte[] encrypt(byte[] data, byte[] key, int usage)
+ throws KrbException;
+
+ public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
+ int usage) throws KrbException;
+
+ public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+ throws KrbException;
+
+ public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec,
+ int usage) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
new file mode 100644
index 0000000..ac0f6be
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
@@ -0,0 +1,174 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.crypto.enc.*;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.*;
+
+public class EncryptionHandler {
+
+ public static EncryptionType getEncryptionType(String eType) throws KrbException {
+ EncryptionType result = EncryptionType.fromName(eType);
+ return result;
+ }
+
+ public static EncTypeHandler getEncHandler(String eType) throws KrbException {
+ EncryptionType result = EncryptionType.fromName(eType);
+ return getEncHandler(result);
+ }
+
+ public static EncTypeHandler getEncHandler(int eType) throws KrbException {
+ EncryptionType eTypeEnum = EncryptionType.fromValue(eType);
+ return getEncHandler(eTypeEnum);
+ }
+
+ public static EncTypeHandler getEncHandler(EncryptionType eType) throws KrbException {
+ return getEncHandler(eType, false);
+ }
+
+ private static EncTypeHandler getEncHandler(EncryptionType eType, boolean check) throws KrbException {
+ EncTypeHandler encHandler = null;
+
+ switch (eType) {
+ case DES_CBC_CRC:
+ encHandler = new DesCbcCrcEnc();
+ break;
+
+ case DES_CBC_MD5:
+ case DES:
+ encHandler = new DesCbcMd5Enc();
+ break;
+
+ case DES_CBC_MD4:
+ encHandler = new DesCbcMd4Enc();
+ break;
+
+ case DES3_CBC_SHA1:
+ case DES3_CBC_SHA1_KD:
+ case DES3_HMAC_SHA1:
+ encHandler = new Des3CbcSha1Enc();
+ break;
+
+ case AES128_CTS_HMAC_SHA1_96:
+ case AES128_CTS:
+ encHandler = new Aes128CtsHmacSha1Enc();
+ break;
+
+ case AES256_CTS_HMAC_SHA1_96:
+ case AES256_CTS:
+ encHandler = new Aes256CtsHmacSha1Enc();
+ break;
+
+ case CAMELLIA128_CTS_CMAC:
+ case CAMELLIA128_CTS:
+ encHandler = new Camellia128CtsCmacEnc();
+ break;
+
+ case CAMELLIA256_CTS_CMAC:
+ case CAMELLIA256_CTS:
+ encHandler = new Camellia256CtsCmacEnc();
+ break;
+
+ case RC4_HMAC:
+ case ARCFOUR_HMAC:
+ case ARCFOUR_HMAC_MD5:
+ encHandler = new Rc4HmacEnc();
+ break;
+
+ case RC4_HMAC_EXP:
+ case ARCFOUR_HMAC_EXP:
+ case ARCFOUR_HMAC_MD5_EXP:
+ encHandler = new Rc4HmacExpEnc();
+ break;
+
+ case NONE:
+ default:
+ break;
+ }
+
+ if (encHandler == null && ! check) {
+ String message = "Unsupported encryption type: " + eType.name();
+ throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP, message);
+ }
+
+ return encHandler;
+ }
+
+ public static EncryptedData encrypt(byte[] plainText, EncryptionKey key, KeyUsage usage) throws KrbException {
+ EncTypeHandler handler = getEncHandler(key.getKeyType());
+ byte[] cipher = handler.encrypt(plainText, key.getKeyData(), usage.getValue());
+
+ EncryptedData ed = new EncryptedData();
+ ed.setCipher(cipher);
+ ed.setEType(key.getKeyType());
+ ed.setKvno(key.getKvno());
+
+ return ed;
+ }
+
+ public static byte[] decrypt(byte[] data, EncryptionKey key, KeyUsage usage) throws KrbException {
+ EncTypeHandler handler = getEncHandler(key.getKeyType());
+
+ byte[] plainData = handler.decrypt(data, key.getKeyData(), usage.getValue());
+ return plainData;
+ }
+
+ public static byte[] decrypt(EncryptedData data, EncryptionKey key, KeyUsage usage) throws KrbException {
+ EncTypeHandler handler = getEncHandler(key.getKeyType());
+
+ byte[] plainData = handler.decrypt(data.getCipher(), key.getKeyData(), usage.getValue());
+ return plainData;
+ }
+
+ public static boolean isImplemented(EncryptionType eType) {
+ EncTypeHandler handler = null;
+ try {
+ handler = getEncHandler(eType, true);
+ } catch (KrbException e) {
+ return false;
+ }
+ return handler != null;
+ }
+
+ public static EncryptionKey string2Key(String principalName,
+ String passPhrase, EncryptionType eType) throws KrbException {
+ PrincipalName principal = new PrincipalName(principalName);
+ return string2Key(passPhrase,
+ PrincipalName.makeSalt(principal), null, eType);
+ }
+
+ public static EncryptionKey string2Key(String string, String salt,
+ byte[] s2kparams, EncryptionType eType) throws KrbException {
+ EncTypeHandler handler = getEncHandler(eType);
+ byte[] keyBytes = handler.str2key(string, salt, s2kparams);
+ return new EncryptionKey(eType, keyBytes);
+ }
+
+ public static EncryptionKey random2Key(EncryptionType eType) throws KrbException {
+ EncTypeHandler handler = getEncHandler(eType);
+
+ byte[] randomBytes = Random.makeBytes(handler.keyInputSize());
+ byte[] keyBytes = handler.random2Key(randomBytes);
+ EncryptionKey encKey = new EncryptionKey(eType, keyBytes);
+ return encKey;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java
new file mode 100644
index 0000000..e7a7614
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Hmac.java
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 hmac.c
+ */
+public class Hmac {
+
+ public static byte[] hmac(HashProvider hashProvider, byte[] key,
+ byte[] data, int outputSize) throws KrbException {
+ return hmac(hashProvider, key, data, 0, data.length, outputSize);
+ }
+
+ public static byte[] hmac(HashProvider hashProvider, byte[] key, byte[] data,
+ int start, int len, int outputSize) throws KrbException {
+ byte[] hash = Hmac.hmac(hashProvider, key, data, start, len);
+
+ byte[] output = new byte[outputSize];
+ System.arraycopy(hash, 0, output, 0, outputSize);
+ return output;
+ }
+
+ public static byte[] hmac(HashProvider hashProvider,
+ byte[] key, byte[] data) throws KrbException {
+ return hmac(hashProvider, key, data, 0, data.length);
+ }
+
+ public static byte[] hmac(HashProvider hashProvider,
+ byte[] key, byte[] data, int start, int len) throws KrbException {
+
+ int blockLen = hashProvider.blockSize();
+ byte[] innerPaddedKey = new byte[blockLen];
+ byte[] outerPaddedKey = new byte[blockLen];
+
+ // Create the inner padded key
+ Arrays.fill(innerPaddedKey, (byte)0x36);
+ for (int i = 0; i < key.length; i++) {
+ innerPaddedKey[i] ^= key[i];
+ }
+
+ // Create the outer padded key
+ Arrays.fill(outerPaddedKey, (byte)0x5c);
+ for (int i = 0; i < key.length; i++) {
+ outerPaddedKey[i] ^= key[i];
+ }
+
+ hashProvider.hash(innerPaddedKey);
+
+ hashProvider.hash(data, start, len);
+
+ byte[] tmp = hashProvider.output();
+
+ hashProvider.hash(outerPaddedKey);
+ hashProvider.hash(tmp);
+
+ tmp = hashProvider.output();
+ return tmp;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java
new file mode 100644
index 0000000..4a4f1a0
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Md4.java
@@ -0,0 +1,338 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.security.DigestException;
+import java.security.MessageDigest;
+
+/**
+ * MD4.java - An implementation of Ron Rivest's MD4 message digest algorithm.
+ * The MD4 algorithm is designed to be quite fast on 32-bit machines. In
+ * addition, the MD4 algorithm does not require any large substitution
+ * tables.
+ *
+ * @see The <a href="http://www.ietf.org/rfc/rfc1320.txt">MD4</a> Message-
+ * Digest Algorithm by R. Rivest.
+ *
+ * @author <a href="http://mina.apache.org">Apache MINA Project</a>
+ * @since MINA 2.0.0-M3
+ */
+
+/**
+ * Copied from Mina project and modified a bit
+ */
+public class Md4 extends MessageDigest {
+
+ /**
+ * The MD4 algorithm message digest length is 16 bytes wide.
+ */
+ public static final int BYTE_DIGEST_LENGTH = 16;
+
+ /**
+ * The MD4 algorithm block length is 64 bytes wide.
+ */
+ public static final int BYTE_BLOCK_LENGTH = 64;
+
+ /**
+ * The initial values of the four registers. RFC gives the values
+ * in LE so we converted it as JAVA uses BE endianness.
+ */
+ private final static int A = 0x67452301;
+
+ private final static int B = 0xefcdab89;
+
+ private final static int C = 0x98badcfe;
+
+ private final static int D = 0x10325476;
+
+ /**
+ * The four registers initialized with the above IVs.
+ */
+ private int a = A;
+
+ private int b = B;
+
+ private int c = C;
+
+ private int d = D;
+
+ /**
+ * Counts the total length of the data being digested.
+ */
+ private long msgLength;
+
+ /**
+ * The internal buffer is {@link BLOCK_LENGTH} wide.
+ */
+ private final byte[] buffer = new byte[BYTE_BLOCK_LENGTH];
+
+ /**
+ * Default constructor.
+ */
+ public Md4() {
+ super("MD4");
+ engineReset();
+ }
+
+ /**
+ * Returns the digest length in bytes.
+ *
+ * @return the digest length in bytes.
+ */
+ protected int engineGetDigestLength() {
+ return BYTE_DIGEST_LENGTH;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineUpdate(byte b) {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ buffer[pos] = b;
+ msgLength++;
+
+ // If buffer contains enough data then process it.
+ if (pos == (BYTE_BLOCK_LENGTH - 1)) {
+ process(buffer, 0);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineUpdate(byte[] b, int offset, int len) {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ int nbOfCharsToFillBuf = BYTE_BLOCK_LENGTH - pos;
+ int blkStart = 0;
+
+ msgLength += len;
+
+ // Process each full block
+ if (len >= nbOfCharsToFillBuf) {
+ System.arraycopy(b, offset, buffer, pos, nbOfCharsToFillBuf);
+ process(buffer, 0);
+ for (blkStart = nbOfCharsToFillBuf; blkStart + BYTE_BLOCK_LENGTH - 1 < len; blkStart += BYTE_BLOCK_LENGTH) {
+ process(b, offset + blkStart);
+ }
+ pos = 0;
+ }
+
+ // Fill buffer with the remaining data
+ if (blkStart < len) {
+ System.arraycopy(b, offset + blkStart, buffer, pos, len - blkStart);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected byte[] engineDigest() {
+ byte[] p = pad();
+ engineUpdate(p, 0, p.length);
+ byte[] digest = { (byte) a, (byte) (a >>> 8), (byte) (a >>> 16), (byte) (a >>> 24), (byte) b, (byte) (b >>> 8),
+ (byte) (b >>> 16), (byte) (b >>> 24), (byte) c, (byte) (c >>> 8), (byte) (c >>> 16), (byte) (c >>> 24),
+ (byte) d, (byte) (d >>> 8), (byte) (d >>> 16), (byte) (d >>> 24) };
+
+ engineReset();
+
+ return digest;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected int engineDigest(byte[] buf, int offset, int len) throws DigestException {
+ if (offset < 0 || offset + len >= buf.length) {
+ throw new DigestException("Wrong offset or not enough space to store the digest");
+ }
+ int destLength = Math.min(len, BYTE_DIGEST_LENGTH);
+ System.arraycopy(engineDigest(), 0, buf, offset, destLength);
+ return destLength;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineReset() {
+ a = A;
+ b = B;
+ c = C;
+ d = D;
+ msgLength = 0;
+ }
+
+ /**
+ * Pads the buffer by appending the byte 0x80, then append as many zero
+ * bytes as necessary to make the buffer length a multiple of 64 bytes.
+ * The last 8 bytes will be filled with the length of the buffer in bits.
+ * If there's no room to store the length in bits in the block i.e the block
+ * is larger than 56 bytes then an additionnal 64-bytes block is appended.
+ *
+ * @see sections 3.1 & 3.2 of the RFC 1320.
+ *
+ * @return the pad byte array
+ */
+ private byte[] pad() {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ int padLength = (pos < 56) ? (64 - pos) : (128 - pos);
+ byte[] pad = new byte[padLength];
+
+ // First bit of the padding set to 1
+ pad[0] = (byte) 0x80;
+
+ long bits = msgLength << 3;
+ int index = padLength - 8;
+ for (int i = 0; i < 8; i++) {
+ pad[index++] = (byte) (bits >>> (i << 3));
+ }
+
+ return pad;
+ }
+
+ /**
+ * Process one 64-byte block. Algorithm is constituted by three rounds.
+ * Note that F, G and H functions were inlined for improved performance.
+ *
+ * @param in the byte array to process
+ * @param offset the offset at which the 64-byte block is stored
+ */
+ private void process(byte[] in, int offset) {
+ // Save previous state.
+ int aa = a;
+ int bb = b;
+ int cc = c;
+ int dd = d;
+
+ // Copy the block to process into X array
+ int[] X = new int[16];
+ for (int i = 0; i < 16; i++) {
+ X[i] = (in[offset++] & 0xff) | (in[offset++] & 0xff) << 8 | (in[offset++] & 0xff) << 16
+ | (in[offset++] & 0xff) << 24;
+ }
+
+ // Round 1
+ a += ((b & c) | (~b & d)) + X[0];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[1];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[2];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[3];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[4];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[5];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[6];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[7];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[8];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[9];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[10];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[11];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[12];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[13];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[14];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[15];
+ b = b << 19 | b >>> (32 - 19);
+
+ // Round 2
+ a += ((b & (c | d)) | (c & d)) + X[0] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[4] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[8] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[12] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[1] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[5] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[9] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[13] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[2] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[6] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[10] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[14] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[3] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[7] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[11] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[15] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+
+ // Round 3
+ a += (b ^ c ^ d) + X[0] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[8] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[4] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[12] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[2] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[10] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[6] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[14] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[1] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[9] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[5] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[13] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[3] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[11] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[7] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[15] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+
+ //Update state.
+ a += aa;
+ b += bb;
+ c += cc;
+ d += dd;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java
new file mode 100644
index 0000000..9c98fcc
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nfold.java
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 nfold.c
+ */
+
+/*
+ * n-fold(k-bits):
+ * l = lcm(n,k)
+ * r = l/k
+ * s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
+ * compute the 1's complement sum:
+ * n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
+ */
+public class Nfold {
+
+ /**
+ * representation: msb first, assume n and k are multiples of 8, and
+ * that k>=16. this is the case of all the cryptosystems which are
+ * likely to be used. this function can be replaced if that
+ * assumption ever fails.
+ */
+ public static byte[] nfold(byte[] inBytes, int size) {
+ int inBytesNum = inBytes.length; // count inBytes byte
+ int outBytesNum = size; // count inBytes byte
+
+ int a, b, c, lcm;
+ a = outBytesNum;
+ b = inBytesNum;
+
+ while (b != 0) {
+ c = b;
+ b = a % b;
+ a = c;
+ }
+ lcm = (outBytesNum * inBytesNum) / a;
+
+ byte[] outBytes = new byte[outBytesNum];
+ Arrays.fill(outBytes, (byte)0);
+
+ int tmpByte = 0;
+ int msbit, i, tmp;
+
+ for (i = lcm-1; i >= 0; i--) {
+ // first, start with the msbit inBytes the first, unrotated byte
+ tmp = ((inBytesNum<<3)-1);
+ // then, for each byte, shift to the right for each repetition
+ tmp += (((inBytesNum<<3)+13)*(i/inBytesNum));
+ // last, pick outBytes the correct byte within that shifted repetition
+ tmp += ((inBytesNum-(i%inBytesNum)) << 3);
+
+ msbit = tmp % (inBytesNum << 3);
+
+ // pull outBytes the byte value itself
+ tmp = ((((inBytes[((inBytesNum - 1)-(msbit >>> 3)) % inBytesNum] & 0xff) << 8) |
+ (inBytes[((inBytesNum) - (msbit >>> 3)) % inBytesNum] & 0xff))
+ >>>((msbit & 7)+1)) & 0xff;
+
+ tmpByte += tmp;
+ tmp = (outBytes[i % outBytesNum] & 0xff);
+ tmpByte += tmp;
+
+ outBytes[i % outBytesNum] = (byte) (tmpByte & 0xff);
+
+ tmpByte >>>= 8;
+ }
+
+ // if there's a carry bit left over, add it back inBytes
+ if (tmpByte != 0) {
+ for (i = outBytesNum-1; i >= 0; i--) {
+ // do the addition
+ tmpByte += (outBytes[i] & 0xff);
+ outBytes[i] = (byte) (tmpByte & 0xff);
+
+ tmpByte >>>= 8;
+ }
+ }
+
+ return outBytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java
new file mode 100644
index 0000000..0f22f97
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Nonce.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public class Nonce {
+
+ private static SecureRandom srand = new SecureRandom();
+
+ public static synchronized int value() {
+ int value = srand.nextInt();
+ return value & 0x7fffffff;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java
new file mode 100644
index 0000000..989772b
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Pbkdf.java
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import java.security.GeneralSecurityException;
+
+public class Pbkdf {
+
+ public static byte[] PBKDF2(char[] secret, byte[] salt,
+ int count, int keySize) throws GeneralSecurityException {
+
+ PBEKeySpec ks = new PBEKeySpec(secret, salt, count, keySize * 8);
+ SecretKeyFactory skf =
+ SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+ SecretKey key = skf.generateSecret(ks);
+ byte[] result = key.getEncoded();
+
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java
new file mode 100644
index 0000000..cd6bf71
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Random.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public final class Random {
+
+ private static SecureRandom srand = new SecureRandom();
+
+ public static byte[] makeBytes(int size) {
+ byte[] data = new byte[size];
+ srand.nextBytes(data);
+ return data;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java
new file mode 100644
index 0000000..b45c4eb
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/Rc4.java
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto;
+
+/**
+ * Based on MIT krb5 enc_rc4.c
+ */
+public class Rc4 {
+
+ private static byte[] L40 = "fortybits".getBytes();
+
+ public static byte[] getSalt(int usage, boolean exportable) {
+ int newUsage = convertUsage(usage);
+ byte[] salt;
+
+ if (exportable) {
+ salt = new byte[14];
+ System.arraycopy(L40, 0, salt, 0, 9);
+ BytesUtil.int2bytes(newUsage, salt, 10, false);
+ } else {
+ salt = new byte[4];
+ BytesUtil.int2bytes(newUsage, salt, 0, false);
+ }
+
+ return salt;
+ }
+
+ private static int convertUsage(int usage) {
+ switch (usage) {
+ case 1: return 1; /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, */
+ case 2: return 2; /* ticket from kdc */
+ case 3: return 8; /* as-rep encrypted part */
+ case 4: return 4; /* tgs-req authz data */
+ case 5: return 5; /* tgs-req authz data in subkey */
+ case 6: return 6; /* tgs-req authenticator cksum */
+ case 7: return 7; /* tgs-req authenticator */
+ case 8: return 8;
+ case 9: return 9; /* tgs-rep encrypted with subkey */
+ case 10: return 10; /* ap-rep authentication cksum (never used by MS) */
+ case 11: return 11; /* app-req authenticator */
+ case 12: return 12; /* app-rep encrypted part */
+ case 23: return 13; /* sign wrap token*/
+ default: return usage;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
new file mode 100644
index 0000000..49a62c7
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.AbstractCryptoTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.CheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class AbstractCheckSumTypeHandler
+ extends AbstractCryptoTypeHandler implements CheckSumTypeHandler {
+
+ private int computeSize;
+ private int outputSize;
+
+ public AbstractCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider);
+ this.computeSize = computeSize;
+ this.outputSize = outputSize;
+ }
+
+ @Override
+ public String name() {
+ return cksumType().getName();
+ }
+
+ @Override
+ public String displayName() {
+ return cksumType().getDisplayName();
+ }
+
+ @Override
+ public int computeSize() {
+ return computeSize;
+ }
+
+ @Override
+ public int outputSize() {
+ return outputSize;
+ }
+
+ public boolean isSafe() {
+ return false;
+ }
+
+ public int cksumSize() {
+ return 4;
+ }
+
+ public int keySize() {
+ return 0;
+ }
+
+ public int confounderSize() {
+ return 0;
+ }
+
+ @Override
+ public byte[] checksum(byte[] data) throws KrbException {
+ return checksum(data, 0, data.length);
+ }
+
+ @Override
+ public byte[] checksum(byte[] data, int start, int size) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean verify(byte[] data, byte[] checksum) throws KrbException {
+ return verify(data, 0, data.length, checksum);
+ }
+
+ @Override
+ public boolean verify(byte[] data, int start, int size, byte[] checksum) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data,
+ byte[] key, int usage) throws KrbException {
+ return checksumWithKey(data, 0, data.length, key, usage);
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data, int start, int size,
+ byte[] key, int usage) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+ @Override
+ public boolean verifyWithKey(byte[] data,
+ byte[] key, int usage, byte[] checksum) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
new file mode 100644
index 0000000..3f17454
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.crypto.key.KeyMaker;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class AbstractKeyedCheckSumTypeHandler extends AbstractCheckSumTypeHandler {
+
+ private KeyMaker keyMaker;
+
+ public AbstractKeyedCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider, computeSize, outputSize);
+ }
+
+ protected void keyMaker(KeyMaker keyMaker) {
+ this.keyMaker = keyMaker;
+ }
+
+ protected KeyMaker keyMaker() {
+ return keyMaker;
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data,
+ byte[] key, int usage) throws KrbException {
+ return checksumWithKey(data, 0, data.length, key, usage);
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ int outputSize = outputSize();
+
+ byte[] tmp = doChecksumWithKey(data, start, len, key, usage);
+ if (outputSize < tmp.length) {
+ byte[] output = new byte[outputSize];
+ System.arraycopy(tmp, 0, output, 0, outputSize);
+ return output;
+ } else {
+ return tmp;
+ }
+ }
+
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ return new byte[0];
+ }
+
+ @Override
+ public boolean verifyWithKey(byte[] data, byte[] key,
+ int usage, byte[] checksum) throws KrbException {
+ byte[] newCksum = checksumWithKey(data, key, usage);
+ return checksumEqual(checksum, newCksum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
new file mode 100644
index 0000000..eaf7dc1
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class CmacCamellia128CheckSum extends CmacKcCheckSum {
+
+ public CmacCamellia128CheckSum() {
+ super(new Camellia128Provider(), 16, 16);
+
+ keyMaker(new CamelliaKeyMaker((Camellia128Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CMAC_CAMELLIA128;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
new file mode 100644
index 0000000..a30c15c
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class CmacCamellia256CheckSum extends CmacKcCheckSum {
+
+ public CmacCamellia256CheckSum() {
+ super(new Camellia256Provider(), 16, 16);
+
+ keyMaker(new CamelliaKeyMaker((Camellia256Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CMAC_CAMELLIA256;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
new file mode 100644
index 0000000..16122d2
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Cmac;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class CmacKcCheckSum extends KcCheckSum {
+
+ public CmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) {
+ super(encProvider, null, computeSize, outputSize);
+ }
+
+ protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
+ byte[] mac = Cmac.cmac(encProvider(), Kc, data, start, len);
+ return mac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
new file mode 100644
index 0000000..8259849
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
@@ -0,0 +1,120 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Confounder;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.DesProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import javax.crypto.spec.DESKeySpec;
+import java.security.InvalidKeyException;
+
+public abstract class ConfounderedDesCheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public ConfounderedDesCheckSum(HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(new DesProvider(), hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ int computeSize = computeSize();
+ int blockSize = encProvider().blockSize();
+ int hashSize = hashProvider().hashSize();
+
+ byte[] workBuffer = new byte[computeSize];
+
+ // confounder
+ byte[] conf = Confounder.makeBytes(blockSize);
+
+ // confounder | data
+ byte[] toHash = new byte[blockSize + len];
+ System.arraycopy(conf, 0, toHash, 0, blockSize);
+ System.arraycopy(data, start, toHash, blockSize, len);
+
+ HashProvider hashProvider = hashProvider();
+ hashProvider.hash(toHash);
+ byte[] hash = hashProvider.output();
+
+ // confounder | hash
+ System.arraycopy(conf, 0, workBuffer, 0, blockSize);
+ System.arraycopy(hash, 0, workBuffer, blockSize, hashSize);
+
+ // key
+ byte[] newKey = deriveKey(key);
+
+ encProvider().encrypt(newKey, workBuffer);
+ return workBuffer;
+ }
+
+ protected byte[] deriveKey(byte[] key) {
+ return fixKey(xorKey(key));
+ }
+
+ protected byte[] xorKey(byte[] key) {
+ byte[] xorKey = new byte[encProvider().keySize()];
+ System.arraycopy(key, 0, xorKey, 0, key.length);
+ for (int i = 0; i < xorKey.length; i++) {
+ xorKey[i] = (byte) (xorKey[i] ^ 0xf0);
+ }
+
+ return xorKey;
+ }
+
+ private byte[] fixKey(byte[] key) {
+ boolean isWeak = true;
+ try {
+ isWeak = DESKeySpec.isWeak(key, 0);
+ } catch (InvalidKeyException e) {
+ e.printStackTrace();
+ }
+ if (isWeak) {
+ key[7] = (byte)(key[7] ^ 0xF0);
+ }
+
+ return key;
+ }
+
+ @Override
+ public boolean verifyWithKey(byte[] data,byte[] key,
+ int usage, byte[] checksum) throws KrbException {
+ int computeSize = computeSize();
+ int blockSize = encProvider().blockSize();
+ int hashSize = hashProvider().hashSize();
+
+ // key
+ byte[] newKey = deriveKey(key);
+
+ encProvider().decrypt(newKey, checksum);
+ byte[] decrypted = checksum; // confounder | hash
+
+ // confounder | data
+ byte[] toHash = new byte[blockSize + data.length];
+ System.arraycopy(decrypted, 0, toHash, 0, blockSize);
+ System.arraycopy(data, 0, toHash, blockSize, data.length);
+
+ HashProvider hashProvider = hashProvider();
+ hashProvider.hash(toHash);
+ byte[] newHash = hashProvider.output();
+
+ return checksumEqual(newHash, decrypted, blockSize, hashSize);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
new file mode 100644
index 0000000..e884144
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Crc32Provider;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class Crc32CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public Crc32CheckSum() {
+ super(new Crc32Provider(), 4, 4);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CRC32;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
new file mode 100644
index 0000000..a7baf69
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class DesCbcCheckSum extends ConfounderedDesCheckSum {
+
+ public DesCbcCheckSum() {
+ super(null, 8, 8);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.DES_CBC;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java
new file mode 100644
index 0000000..1586fb1
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * krb5_hash_provider
+ */
+public interface HashProvider {
+
+ public int hashSize();
+ public int blockSize();
+
+ public void hash(byte[] data, int start, int size) throws KrbException;
+ public void hash(byte[] data) throws KrbException;
+ public byte[] output();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
new file mode 100644
index 0000000..84d9031
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Hmac;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class HmacKcCheckSum extends KcCheckSum {
+
+ public HmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) {
+ super(encProvider, new Sha1Provider(), computeSize, outputSize);
+ }
+
+ protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
+ byte[] hmac = Hmac.hmac(hashProvider(), Kc, data, start, len);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
new file mode 100644
index 0000000..1ef5489
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Hmac;
+import org.apache.kerby.kerberos.kerb.crypto.Rc4;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacMd5Rc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public HmacMd5Rc4CheckSum() {
+ super(null, new Md5Provider(), 16, 16);
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_MD5_ARCFOUR;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+
+ byte[] Ksign = null;
+ byte[] signKey = "signaturekey".getBytes();
+ byte[] newSignKey = new byte[signKey.length + 1];
+ System.arraycopy(signKey, 0, newSignKey, 0, signKey.length);
+ Ksign = Hmac.hmac(hashProvider(), key, newSignKey);
+
+ byte[] salt = Rc4.getSalt(usage, false);
+
+ hashProvider().hash(salt);
+ hashProvider().hash(data, start, len);
+ byte[] hashTmp = hashProvider().output();
+
+ byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
new file mode 100644
index 0000000..c1a9c49
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Aes128CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Aes128CheckSum() {
+ super(new Aes128Provider(), 20, 12);
+
+ keyMaker(new AesKeyMaker((Aes128Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES128;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 12; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
new file mode 100644
index 0000000..6a5195b
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes256Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Aes256CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Aes256CheckSum() {
+ super(new Aes256Provider(), 20, 12);
+
+ keyMaker(new AesKeyMaker((Aes256Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES256;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 12; // bytes
+ }
+
+ public int keySize() {
+ return 32; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
new file mode 100644
index 0000000..4f2080e
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Des3Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Des3CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Des3CheckSum() {
+ super(new Des3Provider(), 20, 20);
+
+ keyMaker(new Des3KeyMaker(encProvider()));
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_DES3;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 20; // bytes
+ }
+
+ public int keySize() {
+ return 24; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
new file mode 100644
index 0000000..ee8faea
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.crypto.key.DkKeyMaker;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class KcCheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public KcCheckSum(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ byte[] Kc;
+ byte[] constant = new byte[5];
+ BytesUtil.int2bytes(usage, constant, 0, true);
+ constant[4] = (byte) 0x99;
+ Kc = ((DkKeyMaker) keyMaker()).dk(key, constant);
+
+ byte[] mac = mac(Kc, data, start, len);
+ return mac;
+ }
+
+ protected abstract byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
new file mode 100644
index 0000000..4939027
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Hmac;
+import org.apache.kerby.kerberos.kerb.crypto.Rc4;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Rc4Provider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class Md5HmacRc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public Md5HmacRc4CheckSum() {
+ super(new Rc4Provider(), new Md5Provider(), 16, 16);
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.MD5_HMAC_ARCFOUR;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+
+ byte[] Ksign = key;
+
+ byte[] salt = Rc4.getSalt(usage, false);
+
+ hashProvider().hash(salt);
+ hashProvider().hash(data, start, len);
+ byte[] hashTmp = hashProvider().output();
+
+ byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
new file mode 100644
index 0000000..73d6ebc
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md4Provider;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd4CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public RsaMd4CheckSum() {
+ super(new Md4Provider(), 16, 16);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD4;
+ }
+}