You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/02/09 07:27:52 UTC
[11/30] directory-kerberos git commit: Cleaned some bit and
refactored some codes in kerb-crypto
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Hmac.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Hmac.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Hmac.java
new file mode 100644
index 0000000..cebb3a1
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Hmac.java
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.util;
+
+import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.util.Arrays;
+
+/**
+ * Ref. MIT krb5 hmac.c
+ */
+public class Hmac {
+
+ public static byte[] hmac(HashProvider hashProvider, byte[] key,
+ byte[] data, int outputSize) throws KrbException {
+ return hmac(hashProvider, key, data, 0, data.length, outputSize);
+ }
+
+ public static byte[] hmac(HashProvider hashProvider, byte[] key, byte[] data,
+ int start, int len, int outputSize) throws KrbException {
+ byte[] hash = Hmac.hmac(hashProvider, key, data, start, len);
+
+ byte[] output = new byte[outputSize];
+ System.arraycopy(hash, 0, output, 0, outputSize);
+ return output;
+ }
+
+ public static byte[] hmac(HashProvider hashProvider,
+ byte[] key, byte[] data) throws KrbException {
+ return hmac(hashProvider, key, data, 0, data.length);
+ }
+
+ public static byte[] hmac(HashProvider hashProvider,
+ byte[] key, byte[] data, int start, int len) throws KrbException {
+
+ int blockLen = hashProvider.blockSize();
+ byte[] innerPaddedKey = new byte[blockLen];
+ byte[] outerPaddedKey = new byte[blockLen];
+
+ // Create the inner padded key
+ Arrays.fill(innerPaddedKey, (byte)0x36);
+ for (int i = 0; i < key.length; i++) {
+ innerPaddedKey[i] ^= key[i];
+ }
+
+ // Create the outer padded key
+ Arrays.fill(outerPaddedKey, (byte)0x5c);
+ for (int i = 0; i < key.length; i++) {
+ outerPaddedKey[i] ^= key[i];
+ }
+
+ hashProvider.hash(innerPaddedKey);
+
+ hashProvider.hash(data, start, len);
+
+ byte[] tmp = hashProvider.output();
+
+ hashProvider.hash(outerPaddedKey);
+ hashProvider.hash(tmp);
+
+ tmp = hashProvider.output();
+ return tmp;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Md4.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Md4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Md4.java
new file mode 100644
index 0000000..c5a4a2a
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Md4.java
@@ -0,0 +1,338 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.util;
+
+import java.security.DigestException;
+import java.security.MessageDigest;
+
+/**
+ * MD4.java - An implementation of Ron Rivest's MD4 message digest algorithm.
+ * The MD4 algorithm is designed to be quite fast on 32-bit machines. In
+ * addition, the MD4 algorithm does not require any large substitution
+ * tables.
+ *
+ * @see The <a href="http://www.ietf.org/rfc/rfc1320.txt">MD4</a> Message-
+ * Digest Algorithm by R. Rivest.
+ *
+ * @author <a href="http://mina.apache.org">Apache MINA Project</a>
+ * @since MINA 2.0.0-M3
+ */
+
+/**
+ * Copied from Mina project and modified a bit
+ */
+public class Md4 extends MessageDigest {
+
+ /**
+ * The MD4 algorithm message digest length is 16 bytes wide.
+ */
+ public static final int BYTE_DIGEST_LENGTH = 16;
+
+ /**
+ * The MD4 algorithm block length is 64 bytes wide.
+ */
+ public static final int BYTE_BLOCK_LENGTH = 64;
+
+ /**
+ * The initial values of the four registers. RFC gives the values
+ * in LE so we converted it as JAVA uses BE endianness.
+ */
+ private final static int A = 0x67452301;
+
+ private final static int B = 0xefcdab89;
+
+ private final static int C = 0x98badcfe;
+
+ private final static int D = 0x10325476;
+
+ /**
+ * The four registers initialized with the above IVs.
+ */
+ private int a = A;
+
+ private int b = B;
+
+ private int c = C;
+
+ private int d = D;
+
+ /**
+ * Counts the total length of the data being digested.
+ */
+ private long msgLength;
+
+ /**
+ * The internal buffer is {@link BLOCK_LENGTH} wide.
+ */
+ private final byte[] buffer = new byte[BYTE_BLOCK_LENGTH];
+
+ /**
+ * Default constructor.
+ */
+ public Md4() {
+ super("MD4");
+ engineReset();
+ }
+
+ /**
+ * Returns the digest length in bytes.
+ *
+ * @return the digest length in bytes.
+ */
+ protected int engineGetDigestLength() {
+ return BYTE_DIGEST_LENGTH;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineUpdate(byte b) {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ buffer[pos] = b;
+ msgLength++;
+
+ // If buffer contains enough data then process it.
+ if (pos == (BYTE_BLOCK_LENGTH - 1)) {
+ process(buffer, 0);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineUpdate(byte[] b, int offset, int len) {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ int nbOfCharsToFillBuf = BYTE_BLOCK_LENGTH - pos;
+ int blkStart = 0;
+
+ msgLength += len;
+
+ // Process each full block
+ if (len >= nbOfCharsToFillBuf) {
+ System.arraycopy(b, offset, buffer, pos, nbOfCharsToFillBuf);
+ process(buffer, 0);
+ for (blkStart = nbOfCharsToFillBuf; blkStart + BYTE_BLOCK_LENGTH - 1 < len; blkStart += BYTE_BLOCK_LENGTH) {
+ process(b, offset + blkStart);
+ }
+ pos = 0;
+ }
+
+ // Fill buffer with the remaining data
+ if (blkStart < len) {
+ System.arraycopy(b, offset + blkStart, buffer, pos, len - blkStart);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected byte[] engineDigest() {
+ byte[] p = pad();
+ engineUpdate(p, 0, p.length);
+ byte[] digest = { (byte) a, (byte) (a >>> 8), (byte) (a >>> 16), (byte) (a >>> 24), (byte) b, (byte) (b >>> 8),
+ (byte) (b >>> 16), (byte) (b >>> 24), (byte) c, (byte) (c >>> 8), (byte) (c >>> 16), (byte) (c >>> 24),
+ (byte) d, (byte) (d >>> 8), (byte) (d >>> 16), (byte) (d >>> 24) };
+
+ engineReset();
+
+ return digest;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected int engineDigest(byte[] buf, int offset, int len) throws DigestException {
+ if (offset < 0 || offset + len >= buf.length) {
+ throw new DigestException("Wrong offset or not enough space to store the digest");
+ }
+ int destLength = Math.min(len, BYTE_DIGEST_LENGTH);
+ System.arraycopy(engineDigest(), 0, buf, offset, destLength);
+ return destLength;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineReset() {
+ a = A;
+ b = B;
+ c = C;
+ d = D;
+ msgLength = 0;
+ }
+
+ /**
+ * Pads the buffer by appending the byte 0x80, then append as many zero
+ * bytes as necessary to make the buffer length a multiple of 64 bytes.
+ * The last 8 bytes will be filled with the length of the buffer in bits.
+ * If there's no room to store the length in bits in the block i.e the block
+ * is larger than 56 bytes then an additionnal 64-bytes block is appended.
+ *
+ * @see sections 3.1 & 3.2 of the RFC 1320.
+ *
+ * @return the pad byte array
+ */
+ private byte[] pad() {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ int padLength = (pos < 56) ? (64 - pos) : (128 - pos);
+ byte[] pad = new byte[padLength];
+
+ // First bit of the padding set to 1
+ pad[0] = (byte) 0x80;
+
+ long bits = msgLength << 3;
+ int index = padLength - 8;
+ for (int i = 0; i < 8; i++) {
+ pad[index++] = (byte) (bits >>> (i << 3));
+ }
+
+ return pad;
+ }
+
+ /**
+ * Process one 64-byte block. Algorithm is constituted by three rounds.
+ * Note that F, G and H functions were inlined for improved performance.
+ *
+ * @param in the byte array to process
+ * @param offset the offset at which the 64-byte block is stored
+ */
+ private void process(byte[] in, int offset) {
+ // Save previous state.
+ int aa = a;
+ int bb = b;
+ int cc = c;
+ int dd = d;
+
+ // Copy the block to process into X array
+ int[] X = new int[16];
+ for (int i = 0; i < 16; i++) {
+ X[i] = (in[offset++] & 0xff) | (in[offset++] & 0xff) << 8 | (in[offset++] & 0xff) << 16
+ | (in[offset++] & 0xff) << 24;
+ }
+
+ // Round 1
+ a += ((b & c) | (~b & d)) + X[0];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[1];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[2];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[3];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[4];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[5];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[6];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[7];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[8];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[9];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[10];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[11];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[12];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[13];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[14];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[15];
+ b = b << 19 | b >>> (32 - 19);
+
+ // Round 2
+ a += ((b & (c | d)) | (c & d)) + X[0] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[4] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[8] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[12] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[1] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[5] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[9] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[13] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[2] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[6] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[10] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[14] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[3] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[7] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[11] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[15] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+
+ // Round 3
+ a += (b ^ c ^ d) + X[0] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[8] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[4] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[12] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[2] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[10] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[6] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[14] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[1] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[9] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[5] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[13] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[3] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[11] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[7] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[15] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+
+ //Update state.
+ a += aa;
+ b += bb;
+ c += cc;
+ d += dd;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nfold.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nfold.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nfold.java
new file mode 100644
index 0000000..4d9bcba
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nfold.java
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.util;
+
+import java.util.Arrays;
+
+/**
+ * Based on RFC3961, with ref. MIT krb5 nfold.c
+ */
+
+/*
+ * n-fold(k-bits):
+ * l = lcm(n,k)
+ * r = l/k
+ * s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
+ * compute the 1's complement sum:
+ * n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
+ */
+public class Nfold {
+
+ /**
+ * representation: msb first, assume n and k are multiples of 8, and
+ * that k>=16. this is the case of all the cryptosystems which are
+ * likely to be used. this function can be replaced if that
+ * assumption ever fails.
+ */
+ public static byte[] nfold(byte[] inBytes, int size) {
+ int inBytesNum = inBytes.length; // count inBytes byte
+ int outBytesNum = size; // count inBytes byte
+
+ int a, b, c, lcm;
+ a = outBytesNum;
+ b = inBytesNum;
+
+ while (b != 0) {
+ c = b;
+ b = a % b;
+ a = c;
+ }
+ lcm = (outBytesNum * inBytesNum) / a;
+
+ byte[] outBytes = new byte[outBytesNum];
+ Arrays.fill(outBytes, (byte)0);
+
+ int tmpByte = 0;
+ int msbit, i, tmp;
+
+ for (i = lcm-1; i >= 0; i--) {
+ // first, start with the msbit inBytes the first, unrotated byte
+ tmp = ((inBytesNum<<3)-1);
+ // then, for each byte, shift to the right for each repetition
+ tmp += (((inBytesNum<<3)+13)*(i/inBytesNum));
+ // last, pick outBytes the correct byte within that shifted repetition
+ tmp += ((inBytesNum-(i%inBytesNum)) << 3);
+
+ msbit = tmp % (inBytesNum << 3);
+
+ // pull outBytes the byte value itself
+ tmp = ((((inBytes[((inBytesNum - 1)-(msbit >>> 3)) % inBytesNum] & 0xff) << 8) |
+ (inBytes[((inBytesNum) - (msbit >>> 3)) % inBytesNum] & 0xff))
+ >>>((msbit & 7)+1)) & 0xff;
+
+ tmpByte += tmp;
+ tmp = (outBytes[i % outBytesNum] & 0xff);
+ tmpByte += tmp;
+
+ outBytes[i % outBytesNum] = (byte) (tmpByte & 0xff);
+
+ tmpByte >>>= 8;
+ }
+
+ // if there's a carry bit left over, add it back inBytes
+ if (tmpByte != 0) {
+ for (i = outBytesNum-1; i >= 0; i--) {
+ // do the addition
+ tmpByte += (outBytes[i] & 0xff);
+ outBytes[i] = (byte) (tmpByte & 0xff);
+
+ tmpByte >>>= 8;
+ }
+ }
+
+ return outBytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nonce.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nonce.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nonce.java
new file mode 100644
index 0000000..170414f
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nonce.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.util;
+
+import java.security.SecureRandom;
+
+public class Nonce {
+
+ private static SecureRandom srand = new SecureRandom();
+
+ public static synchronized int value() {
+ int value = srand.nextInt();
+ return value & 0x7fffffff;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Pbkdf.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Pbkdf.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Pbkdf.java
new file mode 100644
index 0000000..7dac089
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Pbkdf.java
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.util;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import java.security.GeneralSecurityException;
+
+public class Pbkdf {
+
+ public static byte[] PBKDF2(char[] secret, byte[] salt,
+ int count, int keySize) throws GeneralSecurityException {
+
+ PBEKeySpec ks = new PBEKeySpec(secret, salt, count, keySize * 8);
+ SecretKeyFactory skf =
+ SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+ SecretKey key = skf.generateSecret(ks);
+ byte[] result = key.getEncoded();
+
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Random.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Random.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Random.java
new file mode 100644
index 0000000..81712dd
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Random.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.util;
+
+import java.security.SecureRandom;
+
+public final class Random {
+
+ private static SecureRandom instance = new SecureRandom();
+
+ public static byte[] makeBytes(int size) {
+ byte[] data = new byte[size];
+ instance.nextBytes(data);
+ return data;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Rc4.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Rc4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Rc4.java
new file mode 100644
index 0000000..8d62ab3
--- /dev/null
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Rc4.java
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.crypto.util;
+
+/**
+ * Ref. MIT krb5 enc_rc4.c
+ */
+public class Rc4 {
+
+ private static byte[] L40 = "fortybits".getBytes();
+
+ public static byte[] getSalt(int usage, boolean exportable) {
+ int newUsage = convertUsage(usage);
+ byte[] salt;
+
+ if (exportable) {
+ salt = new byte[14];
+ System.arraycopy(L40, 0, salt, 0, 9);
+ BytesUtil.int2bytes(newUsage, salt, 10, false);
+ } else {
+ salt = new byte[4];
+ BytesUtil.int2bytes(newUsage, salt, 0, false);
+ }
+
+ return salt;
+ }
+
+ private static int convertUsage(int usage) {
+ switch (usage) {
+ case 1: return 1; /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, */
+ case 2: return 2; /* ticket from kdc */
+ case 3: return 8; /* as-rep encrypted part */
+ case 4: return 4; /* tgs-req authz data */
+ case 5: return 5; /* tgs-req authz data in subkey */
+ case 6: return 6; /* tgs-req authenticator cksum */
+ case 7: return 7; /* tgs-req authenticator */
+ case 8: return 8;
+ case 9: return 9; /* tgs-rep encrypted with subkey */
+ case 10: return 10; /* ap-rep authentication cksum (never used by MS) */
+ case 11: return 11; /* app-req authenticator */
+ case 12: return 12; /* app-rep encrypted part */
+ case 23: return 13; /* sign wrap token*/
+ default: return usage;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/main/resources/kdc-krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/resources/kdc-krb5.conf b/kerby-kerb/kerb-crypto/src/main/resources/kdc-krb5.conf
deleted file mode 100644
index d118dd1..0000000
--- a/kerby-kerb/kerb-crypto/src/main/resources/kdc-krb5.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-[libdefaults]
- default_realm = {0}
- udp_preference_limit = 1
-
-[realms]
- {0} = '{'
- kdc = {1}:{2}
- '}'
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/main/resources/kdc.ldiff
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/resources/kdc.ldiff b/kerby-kerb/kerb-crypto/src/main/resources/kdc.ldiff
deleted file mode 100644
index bc989c3..0000000
--- a/kerby-kerb/kerb-crypto/src/main/resources/kdc.ldiff
+++ /dev/null
@@ -1,46 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-dn: ou=users,dc=${0},dc=${1}
-objectClass: organizationalUnit
-objectClass: top
-ou: users
-
-dn: uid=krbtgt,ou=users,dc=${0},dc=${1}
-objectClass: top
-objectClass: person
-objectClass: inetOrgPerson
-objectClass: krb5principal
-objectClass: krb5kdcentry
-cn: KDC Service
-sn: Service
-uid: krbtgt
-userPassword: secret
-krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3}
-krb5KeyVersionNumber: 0
-
-dn: uid=ldap,ou=users,dc=${0},dc=${1}
-objectClass: top
-objectClass: person
-objectClass: inetOrgPerson
-objectClass: krb5principal
-objectClass: krb5kdcentry
-cn: LDAP
-sn: Service
-uid: ldap
-userPassword: secret
-krb5PrincipalName: ldap/${4}@${2}.${3}
-krb5KeyVersionNumber: 0
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java
index 30af03f..e210709 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java
@@ -22,6 +22,7 @@ package org.apache.kerby.kerberos.kerb.crypto;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerby.kerberos.kerb.crypto.util.Cmac;
import org.apache.kerby.util.HexUtil;
import org.junit.Test;
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/f504a173/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/Crc32Test.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/Crc32Test.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/Crc32Test.java
index e8de993..2b42f54 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/Crc32Test.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/Crc32Test.java
@@ -19,6 +19,7 @@
*/
package org.apache.kerby.kerberos.kerb.crypto;
+import org.apache.kerby.kerberos.kerb.crypto.util.Crc32;
import org.apache.kerby.util.HexUtil;
import org.junit.Test;