You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/22 22:47:50 UTC
[11/45] directory-kerberos git commit: DIRKRB-149 New layout
structure with the new name "Apache Kerby"
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
new file mode 100644
index 0000000..3f17454
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.crypto.key.KeyMaker;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class AbstractKeyedCheckSumTypeHandler extends AbstractCheckSumTypeHandler {
+
+ private KeyMaker keyMaker;
+
+ public AbstractKeyedCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider, computeSize, outputSize);
+ }
+
+ protected void keyMaker(KeyMaker keyMaker) {
+ this.keyMaker = keyMaker;
+ }
+
+ protected KeyMaker keyMaker() {
+ return keyMaker;
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data,
+ byte[] key, int usage) throws KrbException {
+ return checksumWithKey(data, 0, data.length, key, usage);
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ int outputSize = outputSize();
+
+ byte[] tmp = doChecksumWithKey(data, start, len, key, usage);
+ if (outputSize < tmp.length) {
+ byte[] output = new byte[outputSize];
+ System.arraycopy(tmp, 0, output, 0, outputSize);
+ return output;
+ } else {
+ return tmp;
+ }
+ }
+
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ return new byte[0];
+ }
+
+ @Override
+ public boolean verifyWithKey(byte[] data, byte[] key,
+ int usage, byte[] checksum) throws KrbException {
+ byte[] newCksum = checksumWithKey(data, key, usage);
+ return checksumEqual(checksum, newCksum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
new file mode 100644
index 0000000..eaf7dc1
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class CmacCamellia128CheckSum extends CmacKcCheckSum {
+
+ public CmacCamellia128CheckSum() {
+ super(new Camellia128Provider(), 16, 16);
+
+ keyMaker(new CamelliaKeyMaker((Camellia128Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CMAC_CAMELLIA128;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
new file mode 100644
index 0000000..a30c15c
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class CmacCamellia256CheckSum extends CmacKcCheckSum {
+
+ public CmacCamellia256CheckSum() {
+ super(new Camellia256Provider(), 16, 16);
+
+ keyMaker(new CamelliaKeyMaker((Camellia256Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CMAC_CAMELLIA256;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
new file mode 100644
index 0000000..16122d2
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Cmac;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class CmacKcCheckSum extends KcCheckSum {
+
+ public CmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) {
+ super(encProvider, null, computeSize, outputSize);
+ }
+
+ protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
+ byte[] mac = Cmac.cmac(encProvider(), Kc, data, start, len);
+ return mac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
new file mode 100644
index 0000000..8259849
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
@@ -0,0 +1,120 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Confounder;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.DesProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import javax.crypto.spec.DESKeySpec;
+import java.security.InvalidKeyException;
+
+public abstract class ConfounderedDesCheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public ConfounderedDesCheckSum(HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(new DesProvider(), hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ int computeSize = computeSize();
+ int blockSize = encProvider().blockSize();
+ int hashSize = hashProvider().hashSize();
+
+ byte[] workBuffer = new byte[computeSize];
+
+ // confounder
+ byte[] conf = Confounder.makeBytes(blockSize);
+
+ // confounder | data
+ byte[] toHash = new byte[blockSize + len];
+ System.arraycopy(conf, 0, toHash, 0, blockSize);
+ System.arraycopy(data, start, toHash, blockSize, len);
+
+ HashProvider hashProvider = hashProvider();
+ hashProvider.hash(toHash);
+ byte[] hash = hashProvider.output();
+
+ // confounder | hash
+ System.arraycopy(conf, 0, workBuffer, 0, blockSize);
+ System.arraycopy(hash, 0, workBuffer, blockSize, hashSize);
+
+ // key
+ byte[] newKey = deriveKey(key);
+
+ encProvider().encrypt(newKey, workBuffer);
+ return workBuffer;
+ }
+
+ protected byte[] deriveKey(byte[] key) {
+ return fixKey(xorKey(key));
+ }
+
+ protected byte[] xorKey(byte[] key) {
+ byte[] xorKey = new byte[encProvider().keySize()];
+ System.arraycopy(key, 0, xorKey, 0, key.length);
+ for (int i = 0; i < xorKey.length; i++) {
+ xorKey[i] = (byte) (xorKey[i] ^ 0xf0);
+ }
+
+ return xorKey;
+ }
+
+ private byte[] fixKey(byte[] key) {
+ boolean isWeak = true;
+ try {
+ isWeak = DESKeySpec.isWeak(key, 0);
+ } catch (InvalidKeyException e) {
+ e.printStackTrace();
+ }
+ if (isWeak) {
+ key[7] = (byte)(key[7] ^ 0xF0);
+ }
+
+ return key;
+ }
+
+ @Override
+ public boolean verifyWithKey(byte[] data,byte[] key,
+ int usage, byte[] checksum) throws KrbException {
+ int computeSize = computeSize();
+ int blockSize = encProvider().blockSize();
+ int hashSize = hashProvider().hashSize();
+
+ // key
+ byte[] newKey = deriveKey(key);
+
+ encProvider().decrypt(newKey, checksum);
+ byte[] decrypted = checksum; // confounder | hash
+
+ // confounder | data
+ byte[] toHash = new byte[blockSize + data.length];
+ System.arraycopy(decrypted, 0, toHash, 0, blockSize);
+ System.arraycopy(data, 0, toHash, blockSize, data.length);
+
+ HashProvider hashProvider = hashProvider();
+ hashProvider.hash(toHash);
+ byte[] newHash = hashProvider.output();
+
+ return checksumEqual(newHash, decrypted, blockSize, hashSize);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
new file mode 100644
index 0000000..e884144
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Crc32Provider;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class Crc32CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public Crc32CheckSum() {
+ super(new Crc32Provider(), 4, 4);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CRC32;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
new file mode 100644
index 0000000..a7baf69
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class DesCbcCheckSum extends ConfounderedDesCheckSum {
+
+ public DesCbcCheckSum() {
+ super(null, 8, 8);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.DES_CBC;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java
new file mode 100644
index 0000000..1586fb1
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HashProvider.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * krb5_hash_provider
+ */
+public interface HashProvider {
+
+ public int hashSize();
+ public int blockSize();
+
+ public void hash(byte[] data, int start, int size) throws KrbException;
+ public void hash(byte[] data) throws KrbException;
+ public byte[] output();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
new file mode 100644
index 0000000..84d9031
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Hmac;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class HmacKcCheckSum extends KcCheckSum {
+
+ public HmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) {
+ super(encProvider, new Sha1Provider(), computeSize, outputSize);
+ }
+
+ protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
+ byte[] hmac = Hmac.hmac(hashProvider(), Kc, data, start, len);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
new file mode 100644
index 0000000..1ef5489
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Hmac;
+import org.apache.kerby.kerberos.kerb.crypto.Rc4;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacMd5Rc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public HmacMd5Rc4CheckSum() {
+ super(null, new Md5Provider(), 16, 16);
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_MD5_ARCFOUR;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+
+ byte[] Ksign = null;
+ byte[] signKey = "signaturekey".getBytes();
+ byte[] newSignKey = new byte[signKey.length + 1];
+ System.arraycopy(signKey, 0, newSignKey, 0, signKey.length);
+ Ksign = Hmac.hmac(hashProvider(), key, newSignKey);
+
+ byte[] salt = Rc4.getSalt(usage, false);
+
+ hashProvider().hash(salt);
+ hashProvider().hash(data, start, len);
+ byte[] hashTmp = hashProvider().output();
+
+ byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
new file mode 100644
index 0000000..c1a9c49
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Aes128CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Aes128CheckSum() {
+ super(new Aes128Provider(), 20, 12);
+
+ keyMaker(new AesKeyMaker((Aes128Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES128;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 12; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
new file mode 100644
index 0000000..6a5195b
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes256Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Aes256CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Aes256CheckSum() {
+ super(new Aes256Provider(), 20, 12);
+
+ keyMaker(new AesKeyMaker((Aes256Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES256;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 12; // bytes
+ }
+
+ public int keySize() {
+ return 32; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
new file mode 100644
index 0000000..4f2080e
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Des3Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Des3CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Des3CheckSum() {
+ super(new Des3Provider(), 20, 20);
+
+ keyMaker(new Des3KeyMaker(encProvider()));
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_DES3;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 20; // bytes
+ }
+
+ public int keySize() {
+ return 24; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
new file mode 100644
index 0000000..ee8faea
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerby.kerberos.kerb.crypto.key.DkKeyMaker;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class KcCheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public KcCheckSum(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ byte[] Kc;
+ byte[] constant = new byte[5];
+ BytesUtil.int2bytes(usage, constant, 0, true);
+ constant[4] = (byte) 0x99;
+ Kc = ((DkKeyMaker) keyMaker()).dk(key, constant);
+
+ byte[] mac = mac(Kc, data, start, len);
+ return mac;
+ }
+
+ protected abstract byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
new file mode 100644
index 0000000..4939027
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.Hmac;
+import org.apache.kerby.kerberos.kerb.crypto.Rc4;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Rc4Provider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class Md5HmacRc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public Md5HmacRc4CheckSum() {
+ super(new Rc4Provider(), new Md5Provider(), 16, 16);
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.MD5_HMAC_ARCFOUR;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+
+ byte[] Ksign = key;
+
+ byte[] salt = Rc4.getSalt(usage, false);
+
+ hashProvider().hash(salt);
+ hashProvider().hash(data, start, len);
+ byte[] hashTmp = hashProvider().output();
+
+ byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
new file mode 100644
index 0000000..73d6ebc
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md4Provider;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd4CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public RsaMd4CheckSum() {
+ super(new Md4Provider(), 16, 16);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD4;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java
new file mode 100644
index 0000000..4851cee
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md4Provider;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd4DesCheckSum extends ConfounderedDesCheckSum {
+
+ public RsaMd4DesCheckSum() {
+ super(new Md4Provider(), 24, 24);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD4_DES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java
new file mode 100644
index 0000000..190dcf7
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd5CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public RsaMd5CheckSum() {
+ super(new Md5Provider(), 16, 16);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD5;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java
new file mode 100644
index 0000000..ae50041
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public final class RsaMd5DesCheckSum extends ConfounderedDesCheckSum {
+
+ public RsaMd5DesCheckSum() {
+ super(new Md5Provider(), 24, 24);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD5_DES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Sha1CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Sha1CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Sha1CheckSum.java
new file mode 100644
index 0000000..e627ec5
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Sha1CheckSum.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+
+public class Sha1CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public Sha1CheckSum() {
+ super(new Sha1Provider(), 20, 20);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.NIST_SHA;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java
new file mode 100644
index 0000000..9c6629d
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class AbstractHashProvider implements HashProvider {
+ private int blockSize;
+ private int hashSize;
+
+ public AbstractHashProvider(int hashSize, int blockSize) {
+ this.hashSize = hashSize;
+ this.blockSize = blockSize;
+ }
+
+ protected void init() {
+
+ }
+
+ @Override
+ public int hashSize() {
+ return hashSize;
+ }
+
+ @Override
+ public int blockSize() {
+ return blockSize;
+ }
+
+ @Override
+ public void hash(byte[] data) throws KrbException {
+ hash(data, 0, data.length);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java
new file mode 100644
index 0000000..3ffaeca
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.AbstractCheckSumTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class AbstractUnkeyedCheckSumTypeHandler extends AbstractCheckSumTypeHandler {
+
+ public AbstractUnkeyedCheckSumTypeHandler(HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(null, hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ public byte[] checksum(byte[] data, int start, int len) throws KrbException {
+ int outputSize = outputSize();
+
+ HashProvider hp = hashProvider();
+ hp.hash(data, start, len);
+ byte[] workBuffer = hp.output();
+
+ if (outputSize < workBuffer.length) {
+ byte[] output = new byte[outputSize];
+ System.arraycopy(workBuffer, 0, output, 0, outputSize);
+ return output;
+ }
+ return workBuffer;
+ }
+
+ @Override
+ public boolean verify(byte[] data, int start, int len, byte[] checksum) throws KrbException {
+ byte[] newCksum = checksum(data, start, len);
+ return checksumEqual(newCksum, checksum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
new file mode 100644
index 0000000..de30eca
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerby.kerberos.kerb.crypto.Crc32;
+
+public class Crc32Provider extends AbstractHashProvider {
+ private byte[] output;
+
+ public Crc32Provider() {
+ super(4, 1);
+ }
+
+ @Override
+ public void hash(byte[] data, int start, int size) {
+ output = Crc32.crc(data, start, size);
+ }
+
+ @Override
+ public byte[] output() {
+ return output;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Md4Provider.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Md4Provider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Md4Provider.java
new file mode 100644
index 0000000..e00977c
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Md4Provider.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerby.kerberos.kerb.crypto.Md4;
+
+public class Md4Provider extends MessageDigestHashProvider {
+
+ public Md4Provider() {
+ super(16, 64, "MD4");
+ }
+
+ @Override
+ protected void init() {
+ messageDigest = new Md4();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Md5Provider.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Md5Provider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Md5Provider.java
new file mode 100644
index 0000000..b586d38
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Md5Provider.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum.provider;
+
+public class Md5Provider extends MessageDigestHashProvider {
+
+ public Md5Provider() {
+ super(16, 64, "MD5");
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java
new file mode 100644
index 0000000..4efab32
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class MessageDigestHashProvider extends AbstractHashProvider {
+ private String algorithm;
+ protected MessageDigest messageDigest;
+
+ public MessageDigestHashProvider(int hashSize, int blockSize, String algorithm) {
+ super(hashSize, blockSize);
+ this.algorithm = algorithm;
+
+ init();
+ }
+
+ @Override
+ protected void init() {
+ try {
+ messageDigest = MessageDigest.getInstance(algorithm);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException("Failed to init JCE provider", e);
+ }
+ }
+
+ @Override
+ public void hash(byte[] data, int start, int len) throws KrbException {
+ messageDigest.update(data, start, len);
+ }
+
+ @Override
+ public byte[] output() {
+ return messageDigest.digest();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java
new file mode 100644
index 0000000..0f5bcf0
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.cksum.provider;
+
+public class Sha1Provider extends MessageDigestHashProvider {
+
+ public Sha1Provider() {
+ super(20, 64, "SHA1");
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
new file mode 100644
index 0000000..99828c8
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
@@ -0,0 +1,160 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.enc;
+
+import org.apache.kerby.kerberos.kerb.crypto.AbstractCryptoTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.EncTypeHandler;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.crypto.key.KeyMaker;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class AbstractEncTypeHandler
+ extends AbstractCryptoTypeHandler implements EncTypeHandler {
+
+ private KeyMaker keyMaker;
+
+ public AbstractEncTypeHandler(EncryptProvider encProvider,
+ HashProvider hashProvider) {
+ super(encProvider, hashProvider);
+ }
+
+ protected void keyMaker(KeyMaker keyMaker) {
+ this.keyMaker = keyMaker;
+ }
+
+ protected KeyMaker keyMaker() {
+ return keyMaker;
+ }
+
+ @Override
+ public String name() {
+ return eType().getName();
+ }
+
+ @Override
+ public String displayName() {
+ return eType().getDisplayName();
+ }
+
+ protected int paddingLength(int inputLen) {
+ int payloadLen = confounderSize() + checksumSize() + inputLen;
+ int padding = paddingSize();
+
+ if (padding == 0 || (payloadLen % padding) == 0) {
+ return 0;
+ }
+
+ return padding - (payloadLen % padding);
+ }
+
+ @Override
+ public int keyInputSize() {
+ return encProvider().keyInputSize();
+ }
+
+ @Override
+ public int keySize() {
+ return encProvider().keySize();
+ }
+
+ @Override
+ public int confounderSize() {
+ return encProvider().blockSize();
+ }
+
+ @Override
+ public int checksumSize() {
+ return hashProvider().hashSize();
+ }
+
+ @Override
+ public int paddingSize() {
+ return encProvider().blockSize();
+ }
+
+ @Override
+ public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+ return keyMaker.str2key(string, salt, param);
+ }
+
+ @Override
+ public byte[] random2Key(byte[] randomBits) throws KrbException {
+ return keyMaker.random2Key(randomBits);
+ }
+
+ @Override
+ public byte[] encrypt(byte[] data, byte[] key, int usage) throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ return encrypt(data, key, iv, usage);
+ }
+
+ @Override
+ public byte[] encrypt(byte[] data, byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = confounderSize();
+ int checksumLen = checksumSize();
+ int headerLen = confounderLen + checksumLen;
+ int inputLen = data.length;
+ int paddingLen = paddingLength(inputLen);
+
+ /**
+ * E(Confounder | Checksum | Plaintext | Padding), or
+ * header | data | padding | trailer, where trailer may be absent
+ */
+
+ int workLength = headerLen + inputLen + paddingLen;
+
+ byte[] workBuffer = new byte[workLength];
+ System.arraycopy(data, 0, workBuffer, headerLen, data.length);
+
+ int [] workLens = new int[] {confounderLen, checksumLen,
+ inputLen, paddingLen};
+
+ encryptWith(workBuffer, workLens, key, iv, usage);
+ return workBuffer;
+ }
+
+ protected void encryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+
+ }
+
+ public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+ throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ return decrypt(cipher, key, iv, usage);
+ }
+
+ public byte[] decrypt(byte[] cipher, byte[] key, byte[] iv, int usage)
+ throws KrbException {
+
+ int totalLen = cipher.length;
+ int confounderLen = confounderSize();
+ int checksumLen = checksumSize();
+ int dataLen = totalLen - (confounderLen + checksumLen);
+
+ int[] workLens = new int[] {confounderLen, checksumLen, dataLen};
+ return decryptWith(cipher, workLens, key, iv, usage);
+ }
+
+ protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
new file mode 100644
index 0000000..9a992e6
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.enc;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.AesProvider;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+public class Aes128CtsHmacSha1Enc extends KeKiHmacSha1Enc {
+
+ public Aes128CtsHmacSha1Enc() {
+ super(new Aes128Provider(), new Sha1Provider());
+ keyMaker(new AesKeyMaker((AesProvider) encProvider()));
+ }
+
+ @Override
+ public int checksumSize() {
+ return 96 / 8;
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.AES128_CTS_HMAC_SHA1_96;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES128;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
new file mode 100644
index 0000000..c4c4ff8
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.enc;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Aes256Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.AesProvider;
+import org.apache.kerby.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+public class Aes256CtsHmacSha1Enc extends KeKiHmacSha1Enc {
+
+ public Aes256CtsHmacSha1Enc() {
+ super(new Aes256Provider(), new Sha1Provider());
+ keyMaker(new AesKeyMaker((AesProvider) encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.AES256_CTS_HMAC_SHA1_96;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES256;
+ }
+
+ @Override
+ public int checksumSize() {
+ return 96 / 8;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java
new file mode 100644
index 0000000..0b164e3
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.enc;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+public class Camellia128CtsCmacEnc extends KeKiCmacEnc {
+
+ public Camellia128CtsCmacEnc() {
+ super(new Camellia128Provider());
+ keyMaker(new CamelliaKeyMaker((Camellia128Provider) encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.CAMELLIA128_CTS_CMAC;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.CMAC_CAMELLIA128;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java
new file mode 100644
index 0000000..402b774
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.enc;
+
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+public class Camellia256CtsCmacEnc extends KeKiCmacEnc {
+
+ public Camellia256CtsCmacEnc() {
+ super(new Camellia256Provider());
+ keyMaker(new CamelliaKeyMaker((Camellia256Provider) encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.CAMELLIA256_CTS_CMAC;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.CMAC_CAMELLIA256;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
new file mode 100644
index 0000000..2e29625
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.enc;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Des3Provider;
+import org.apache.kerby.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+public class Des3CbcSha1Enc extends KeKiHmacSha1Enc {
+
+ public Des3CbcSha1Enc() {
+ super(new Des3Provider(), new Sha1Provider());
+ keyMaker(new Des3KeyMaker(this.encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.DES3_CBC_SHA1;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.HMAC_SHA1_DES3;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java
new file mode 100644
index 0000000..7070c6b
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.enc;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Crc32Provider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+public class DesCbcCrcEnc extends DesCbcEnc {
+
+ public DesCbcCrcEnc() {
+ super(new Crc32Provider());
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.DES_CBC_CRC;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.CRC32;
+ }
+
+ @Override
+ public byte[] encrypt(byte[] data, byte[] key, int usage) throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ System.arraycopy(key, 0, iv, 0, key.length);
+ return encrypt(data, key, iv, usage);
+ }
+
+ @Override
+ public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+ throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ System.arraycopy(key, 0, iv, 0, key.length);
+ return decrypt(cipher, key, iv, usage);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
new file mode 100644
index 0000000..e3aa7d8
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/DesCbcEnc.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.enc;
+
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.crypto.Confounder;
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.crypto.enc.provider.DesProvider;
+import org.apache.kerby.kerberos.kerb.crypto.key.DesKeyMaker;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+abstract class DesCbcEnc extends AbstractEncTypeHandler {
+
+ public DesCbcEnc(HashProvider hashProvider) {
+ super(new DesProvider(), hashProvider);
+ keyMaker(new DesKeyMaker(this.encProvider()));
+ }
+
+ @Override
+ protected void encryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = workLens[0];
+ int checksumLen = workLens[1];
+ int dataLen = workLens[2];
+ int paddingLen = workLens[3];
+
+ // confounder
+ byte[] confounder = Confounder.makeBytes(confounderLen);
+ System.arraycopy(confounder, 0, workBuffer, 0, confounderLen);
+
+ // padding
+ for (int i = confounderLen + checksumLen + dataLen; i < paddingLen; ++i) {
+ workBuffer[i] = 0;
+ }
+
+ // checksum
+ hashProvider().hash(workBuffer);
+ byte[] cksum = hashProvider().output();
+ System.arraycopy(cksum, 0, workBuffer, confounderLen, checksumLen);
+
+ encProvider().encrypt(key, iv, workBuffer);
+ }
+
+ @Override
+ protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = workLens[0];
+ int checksumLen = workLens[1];
+ int dataLen = workLens[2];
+
+ encProvider().decrypt(key, iv, workBuffer);
+
+ byte[] checksum = new byte[checksumLen];
+ for (int i = 0; i < checksumLen; i++) {
+ checksum[i] = workBuffer[confounderLen + i];
+ workBuffer[confounderLen + i] = 0;
+ }
+
+ hashProvider().hash(workBuffer);
+ byte[] newChecksum = hashProvider().output();
+ if (! checksumEqual(checksum, newChecksum)) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+ }
+
+ byte[] data = new byte[dataLen];
+ System.arraycopy(workBuffer, confounderLen + checksumLen,
+ data, 0, dataLen);
+
+ return data;
+ }
+}