You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/10 14:30:50 UTC
[06/42] directory-kerberos git commit: Initially import Haox codebase
(https://github.com/drankye/haox)
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java
new file mode 100644
index 0000000..02e8567
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Hmac.java
@@ -0,0 +1,63 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 hmac.c
+ */
+public class Hmac {
+
+ public static byte[] hmac(HashProvider hashProvider, byte[] key,
+ byte[] data, int outputSize) throws KrbException {
+ return hmac(hashProvider, key, data, 0, data.length, outputSize);
+ }
+
+ public static byte[] hmac(HashProvider hashProvider, byte[] key, byte[] data,
+ int start, int len, int outputSize) throws KrbException {
+ byte[] hash = Hmac.hmac(hashProvider, key, data, start, len);
+
+ byte[] output = new byte[outputSize];
+ System.arraycopy(hash, 0, output, 0, outputSize);
+ return output;
+ }
+
+ public static byte[] hmac(HashProvider hashProvider,
+ byte[] key, byte[] data) throws KrbException {
+ return hmac(hashProvider, key, data, 0, data.length);
+ }
+
+ public static byte[] hmac(HashProvider hashProvider,
+ byte[] key, byte[] data, int start, int len) throws KrbException {
+
+ int blockLen = hashProvider.blockSize();
+ byte[] innerPaddedKey = new byte[blockLen];
+ byte[] outerPaddedKey = new byte[blockLen];
+
+ // Create the inner padded key
+ Arrays.fill(innerPaddedKey, (byte)0x36);
+ for (int i = 0; i < key.length; i++) {
+ innerPaddedKey[i] ^= key[i];
+ }
+
+ // Create the outer padded key
+ Arrays.fill(outerPaddedKey, (byte)0x5c);
+ for (int i = 0; i < key.length; i++) {
+ outerPaddedKey[i] ^= key[i];
+ }
+
+ hashProvider.hash(innerPaddedKey);
+
+ hashProvider.hash(data, start, len);
+
+ byte[] tmp = hashProvider.output();
+
+ hashProvider.hash(outerPaddedKey);
+ hashProvider.hash(tmp);
+
+ tmp = hashProvider.output();
+ return tmp;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Md4.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Md4.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Md4.java
new file mode 100644
index 0000000..5877234
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Md4.java
@@ -0,0 +1,339 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerberos.kerb.crypto;
+
+import java.security.DigestException;
+import java.security.MessageDigest;
+import java.security.MessageDigestSpi;
+
+/**
+ * MD4.java - An implementation of Ron Rivest's MD4 message digest algorithm.
+ * The MD4 algorithm is designed to be quite fast on 32-bit machines. In
+ * addition, the MD4 algorithm does not require any large substitution
+ * tables.
+ *
+ * @see The <a href="http://www.ietf.org/rfc/rfc1320.txt">MD4</a> Message-
+ * Digest Algorithm by R. Rivest.
+ *
+ * @author <a href="http://mina.apache.org">Apache MINA Project</a>
+ * @since MINA 2.0.0-M3
+ */
+
+/**
+ * Copied from Mina project and modified a bit
+ */
+public class Md4 extends MessageDigest {
+
+ /**
+ * The MD4 algorithm message digest length is 16 bytes wide.
+ */
+ public static final int BYTE_DIGEST_LENGTH = 16;
+
+ /**
+ * The MD4 algorithm block length is 64 bytes wide.
+ */
+ public static final int BYTE_BLOCK_LENGTH = 64;
+
+ /**
+ * The initial values of the four registers. RFC gives the values
+ * in LE so we converted it as JAVA uses BE endianness.
+ */
+ private final static int A = 0x67452301;
+
+ private final static int B = 0xefcdab89;
+
+ private final static int C = 0x98badcfe;
+
+ private final static int D = 0x10325476;
+
+ /**
+ * The four registers initialized with the above IVs.
+ */
+ private int a = A;
+
+ private int b = B;
+
+ private int c = C;
+
+ private int d = D;
+
+ /**
+ * Counts the total length of the data being digested.
+ */
+ private long msgLength;
+
+ /**
+ * The internal buffer is {@link BLOCK_LENGTH} wide.
+ */
+ private final byte[] buffer = new byte[BYTE_BLOCK_LENGTH];
+
+ /**
+ * Default constructor.
+ */
+ public Md4() {
+ super("MD4");
+ engineReset();
+ }
+
+ /**
+ * Returns the digest length in bytes.
+ *
+ * @return the digest length in bytes.
+ */
+ protected int engineGetDigestLength() {
+ return BYTE_DIGEST_LENGTH;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineUpdate(byte b) {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ buffer[pos] = b;
+ msgLength++;
+
+ // If buffer contains enough data then process it.
+ if (pos == (BYTE_BLOCK_LENGTH - 1)) {
+ process(buffer, 0);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineUpdate(byte[] b, int offset, int len) {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ int nbOfCharsToFillBuf = BYTE_BLOCK_LENGTH - pos;
+ int blkStart = 0;
+
+ msgLength += len;
+
+ // Process each full block
+ if (len >= nbOfCharsToFillBuf) {
+ System.arraycopy(b, offset, buffer, pos, nbOfCharsToFillBuf);
+ process(buffer, 0);
+ for (blkStart = nbOfCharsToFillBuf; blkStart + BYTE_BLOCK_LENGTH - 1 < len; blkStart += BYTE_BLOCK_LENGTH) {
+ process(b, offset + blkStart);
+ }
+ pos = 0;
+ }
+
+ // Fill buffer with the remaining data
+ if (blkStart < len) {
+ System.arraycopy(b, offset + blkStart, buffer, pos, len - blkStart);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected byte[] engineDigest() {
+ byte[] p = pad();
+ engineUpdate(p, 0, p.length);
+ byte[] digest = { (byte) a, (byte) (a >>> 8), (byte) (a >>> 16), (byte) (a >>> 24), (byte) b, (byte) (b >>> 8),
+ (byte) (b >>> 16), (byte) (b >>> 24), (byte) c, (byte) (c >>> 8), (byte) (c >>> 16), (byte) (c >>> 24),
+ (byte) d, (byte) (d >>> 8), (byte) (d >>> 16), (byte) (d >>> 24) };
+
+ engineReset();
+
+ return digest;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected int engineDigest(byte[] buf, int offset, int len) throws DigestException {
+ if (offset < 0 || offset + len >= buf.length) {
+ throw new DigestException("Wrong offset or not enough space to store the digest");
+ }
+ int destLength = Math.min(len, BYTE_DIGEST_LENGTH);
+ System.arraycopy(engineDigest(), 0, buf, offset, destLength);
+ return destLength;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected void engineReset() {
+ a = A;
+ b = B;
+ c = C;
+ d = D;
+ msgLength = 0;
+ }
+
+ /**
+ * Pads the buffer by appending the byte 0x80, then append as many zero
+ * bytes as necessary to make the buffer length a multiple of 64 bytes.
+ * The last 8 bytes will be filled with the length of the buffer in bits.
+ * If there's no room to store the length in bits in the block i.e the block
+ * is larger than 56 bytes then an additionnal 64-bytes block is appended.
+ *
+ * @see sections 3.1 & 3.2 of the RFC 1320.
+ *
+ * @return the pad byte array
+ */
+ private byte[] pad() {
+ int pos = (int) (msgLength % BYTE_BLOCK_LENGTH);
+ int padLength = (pos < 56) ? (64 - pos) : (128 - pos);
+ byte[] pad = new byte[padLength];
+
+ // First bit of the padding set to 1
+ pad[0] = (byte) 0x80;
+
+ long bits = msgLength << 3;
+ int index = padLength - 8;
+ for (int i = 0; i < 8; i++) {
+ pad[index++] = (byte) (bits >>> (i << 3));
+ }
+
+ return pad;
+ }
+
+ /**
+ * Process one 64-byte block. Algorithm is constituted by three rounds.
+ * Note that F, G and H functions were inlined for improved performance.
+ *
+ * @param in the byte array to process
+ * @param offset the offset at which the 64-byte block is stored
+ */
+ private void process(byte[] in, int offset) {
+ // Save previous state.
+ int aa = a;
+ int bb = b;
+ int cc = c;
+ int dd = d;
+
+ // Copy the block to process into X array
+ int[] X = new int[16];
+ for (int i = 0; i < 16; i++) {
+ X[i] = (in[offset++] & 0xff) | (in[offset++] & 0xff) << 8 | (in[offset++] & 0xff) << 16
+ | (in[offset++] & 0xff) << 24;
+ }
+
+ // Round 1
+ a += ((b & c) | (~b & d)) + X[0];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[1];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[2];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[3];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[4];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[5];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[6];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[7];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[8];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[9];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[10];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[11];
+ b = b << 19 | b >>> (32 - 19);
+ a += ((b & c) | (~b & d)) + X[12];
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & b) | (~a & c)) + X[13];
+ d = d << 7 | d >>> (32 - 7);
+ c += ((d & a) | (~d & b)) + X[14];
+ c = c << 11 | c >>> (32 - 11);
+ b += ((c & d) | (~c & a)) + X[15];
+ b = b << 19 | b >>> (32 - 19);
+
+ // Round 2
+ a += ((b & (c | d)) | (c & d)) + X[0] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[4] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[8] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[12] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[1] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[5] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[9] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[13] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[2] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[6] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[10] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[14] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+ a += ((b & (c | d)) | (c & d)) + X[3] + 0x5a827999;
+ a = a << 3 | a >>> (32 - 3);
+ d += ((a & (b | c)) | (b & c)) + X[7] + 0x5a827999;
+ d = d << 5 | d >>> (32 - 5);
+ c += ((d & (a | b)) | (a & b)) + X[11] + 0x5a827999;
+ c = c << 9 | c >>> (32 - 9);
+ b += ((c & (d | a)) | (d & a)) + X[15] + 0x5a827999;
+ b = b << 13 | b >>> (32 - 13);
+
+ // Round 3
+ a += (b ^ c ^ d) + X[0] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[8] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[4] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[12] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[2] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[10] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[6] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[14] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[1] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[9] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[5] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[13] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+ a += (b ^ c ^ d) + X[3] + 0x6ed9eba1;
+ a = a << 3 | a >>> (32 - 3);
+ d += (a ^ b ^ c) + X[11] + 0x6ed9eba1;
+ d = d << 9 | d >>> (32 - 9);
+ c += (d ^ a ^ b) + X[7] + 0x6ed9eba1;
+ c = c << 11 | c >>> (32 - 11);
+ b += (c ^ d ^ a) + X[15] + 0x6ed9eba1;
+ b = b << 15 | b >>> (32 - 15);
+
+ //Update state.
+ a += aa;
+ b += bb;
+ c += cc;
+ d += dd;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nfold.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nfold.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nfold.java
new file mode 100644
index 0000000..29c2362
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nfold.java
@@ -0,0 +1,83 @@
+package org.apache.kerberos.kerb.crypto;
+
+import java.util.Arrays;
+
+/**
+ * Based on MIT krb5 nfold.c
+ */
+
+/*
+ * n-fold(k-bits):
+ * l = lcm(n,k)
+ * r = l/k
+ * s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
+ * compute the 1's complement sum:
+ * n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
+ */
+public class Nfold {
+
+ /**
+ * representation: msb first, assume n and k are multiples of 8, and
+ * that k>=16. this is the case of all the cryptosystems which are
+ * likely to be used. this function can be replaced if that
+ * assumption ever fails.
+ */
+ public static byte[] nfold(byte[] inBytes, int size) {
+ int inBytesNum = inBytes.length; // count inBytes byte
+ int outBytesNum = size; // count inBytes byte
+
+ int a, b, c, lcm;
+ a = outBytesNum;
+ b = inBytesNum;
+
+ while (b != 0) {
+ c = b;
+ b = a % b;
+ a = c;
+ }
+ lcm = (outBytesNum * inBytesNum) / a;
+
+ byte[] outBytes = new byte[outBytesNum];
+ Arrays.fill(outBytes, (byte)0);
+
+ int tmpByte = 0;
+ int msbit, i, tmp;
+
+ for (i = lcm-1; i >= 0; i--) {
+ // first, start with the msbit inBytes the first, unrotated byte
+ tmp = ((inBytesNum<<3)-1);
+ // then, for each byte, shift to the right for each repetition
+ tmp += (((inBytesNum<<3)+13)*(i/inBytesNum));
+ // last, pick outBytes the correct byte within that shifted repetition
+ tmp += ((inBytesNum-(i%inBytesNum)) << 3);
+
+ msbit = tmp % (inBytesNum << 3);
+
+ // pull outBytes the byte value itself
+ tmp = ((((inBytes[((inBytesNum - 1)-(msbit >>> 3)) % inBytesNum] & 0xff) << 8) |
+ (inBytes[((inBytesNum) - (msbit >>> 3)) % inBytesNum] & 0xff))
+ >>>((msbit & 7)+1)) & 0xff;
+
+ tmpByte += tmp;
+ tmp = (outBytes[i % outBytesNum] & 0xff);
+ tmpByte += tmp;
+
+ outBytes[i % outBytesNum] = (byte) (tmpByte & 0xff);
+
+ tmpByte >>>= 8;
+ }
+
+ // if there's a carry bit left over, add it back inBytes
+ if (tmpByte != 0) {
+ for (i = outBytesNum-1; i >= 0; i--) {
+ // do the addition
+ tmpByte += (outBytes[i] & 0xff);
+ outBytes[i] = (byte) (tmpByte & 0xff);
+
+ tmpByte >>>= 8;
+ }
+ }
+
+ return outBytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nonce.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nonce.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nonce.java
new file mode 100644
index 0000000..4dad9e6
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Nonce.java
@@ -0,0 +1,13 @@
+package org.apache.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public class Nonce {
+
+ private static SecureRandom srand = new SecureRandom();
+
+ public static synchronized int value() {
+ int value = srand.nextInt();
+ return value & 0x7fffffff;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Pbkdf.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Pbkdf.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Pbkdf.java
new file mode 100644
index 0000000..4869951
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Pbkdf.java
@@ -0,0 +1,21 @@
+package org.apache.kerberos.kerb.crypto;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import java.security.GeneralSecurityException;
+
+public class Pbkdf {
+
+ public static byte[] PBKDF2(char[] secret, byte[] salt,
+ int count, int keySize) throws GeneralSecurityException {
+
+ PBEKeySpec ks = new PBEKeySpec(secret, salt, count, keySize * 8);
+ SecretKeyFactory skf =
+ SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+ SecretKey key = skf.generateSecret(ks);
+ byte[] result = key.getEncoded();
+
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Random.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Random.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Random.java
new file mode 100644
index 0000000..096a9b0
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Random.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.crypto;
+
+import java.security.SecureRandom;
+
+public final class Random {
+
+ private static SecureRandom srand = new SecureRandom();
+
+ public static byte[] makeBytes(int size) {
+ byte[] data = new byte[size];
+ srand.nextBytes(data);
+ return data;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java
new file mode 100644
index 0000000..1253a8f
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java
@@ -0,0 +1,44 @@
+package org.apache.kerberos.kerb.crypto;
+
+/**
+ * Based on MIT krb5 enc_rc4.c
+ */
+public class Rc4 {
+
+ private static byte[] L40 = "fortybits".getBytes();
+
+ public static byte[] getSalt(int usage, boolean exportable) {
+ int newUsage = convertUsage(usage);
+ byte[] salt;
+
+ if (exportable) {
+ salt = new byte[14];
+ System.arraycopy(L40, 0, salt, 0, 9);
+ BytesUtil.int2bytes(newUsage, salt, 10, false);
+ } else {
+ salt = new byte[4];
+ BytesUtil.int2bytes(newUsage, salt, 0, false);
+ }
+
+ return salt;
+ }
+
+ private static int convertUsage(int usage) {
+ switch (usage) {
+ case 1: return 1; /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, */
+ case 2: return 2; /* ticket from kdc */
+ case 3: return 8; /* as-rep encrypted part */
+ case 4: return 4; /* tgs-req authz data */
+ case 5: return 5; /* tgs-req authz data in subkey */
+ case 6: return 6; /* tgs-req authenticator cksum */
+ case 7: return 7; /* tgs-req authenticator */
+ case 8: return 8;
+ case 9: return 9; /* tgs-rep encrypted with subkey */
+ case 10: return 10; /* ap-rep authentication cksum (never used by MS) */
+ case 11: return 11; /* app-req authenticator */
+ case 12: return 12; /* app-rep encrypted part */
+ case 23: return 13; /* sign wrap token*/
+ default: return usage;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Util.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Util.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Util.java
new file mode 100644
index 0000000..58117b9
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Util.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb.crypto;
+
+public class Util {
+
+ public static void xor(byte[] input, int offset, byte[] output) {
+ int a, b;
+ for (int i = 0; i < output.length / 4; ++i) {
+ a = BytesUtil.bytes2int(input, offset + i * 4, true);
+ b = BytesUtil.bytes2int(output, i * 4, true);
+ b = a ^ b;
+ BytesUtil.int2bytes(b, output, i * 4, true);
+ }
+ }
+
+ public static void xor(byte[] a, byte[] b, byte[] output) {
+ int av, bv, v;
+ for (int i = 0; i < a.length / 4; ++i) {
+ av = BytesUtil.bytes2int(a, i * 4, true);
+ bv = BytesUtil.bytes2int(b, i * 4, true);
+ v = av ^ bv;
+ BytesUtil.int2bytes(v, output, i * 4, true);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
new file mode 100644
index 0000000..cdf0b70
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractCheckSumTypeHandler.java
@@ -0,0 +1,93 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.AbstractCryptoTypeHandler;
+import org.apache.kerberos.kerb.crypto.CheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractCheckSumTypeHandler
+ extends AbstractCryptoTypeHandler implements CheckSumTypeHandler {
+
+ private int computeSize;
+ private int outputSize;
+
+ public AbstractCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider);
+ this.computeSize = computeSize;
+ this.outputSize = outputSize;
+ }
+
+ @Override
+ public String name() {
+ return cksumType().getName();
+ }
+
+ @Override
+ public String displayName() {
+ return cksumType().getDisplayName();
+ }
+
+ @Override
+ public int computeSize() {
+ return computeSize;
+ }
+
+ @Override
+ public int outputSize() {
+ return outputSize;
+ }
+
+ public boolean isSafe() {
+ return false;
+ }
+
+ public int cksumSize() {
+ return 4;
+ }
+
+ public int keySize() {
+ return 0;
+ }
+
+ public int confounderSize() {
+ return 0;
+ }
+
+ @Override
+ public byte[] checksum(byte[] data) throws KrbException {
+ return checksum(data, 0, data.length);
+ }
+
+ @Override
+ public byte[] checksum(byte[] data, int start, int size) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public boolean verify(byte[] data, byte[] checksum) throws KrbException {
+ return verify(data, 0, data.length, checksum);
+ }
+
+ @Override
+ public boolean verify(byte[] data, int start, int size, byte[] checksum) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data,
+ byte[] key, int usage) throws KrbException {
+ return checksumWithKey(data, 0, data.length, key, usage);
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data, int start, int size,
+ byte[] key, int usage) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+ @Override
+ public boolean verifyWithKey(byte[] data,
+ byte[] key, int usage, byte[] checksum) throws KrbException {
+ throw new UnsupportedOperationException();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
new file mode 100644
index 0000000..3755b63
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/AbstractKeyedCheckSumTypeHandler.java
@@ -0,0 +1,56 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.crypto.key.KeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractKeyedCheckSumTypeHandler extends AbstractCheckSumTypeHandler {
+
+ private KeyMaker keyMaker;
+
+ public AbstractKeyedCheckSumTypeHandler(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider, computeSize, outputSize);
+ }
+
+ protected void keyMaker(KeyMaker keyMaker) {
+ this.keyMaker = keyMaker;
+ }
+
+ protected KeyMaker keyMaker() {
+ return keyMaker;
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data,
+ byte[] key, int usage) throws KrbException {
+ return checksumWithKey(data, 0, data.length, key, usage);
+ }
+
+ @Override
+ public byte[] checksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ int outputSize = outputSize();
+
+ byte[] tmp = doChecksumWithKey(data, start, len, key, usage);
+ if (outputSize < tmp.length) {
+ byte[] output = new byte[outputSize];
+ System.arraycopy(tmp, 0, output, 0, outputSize);
+ return output;
+ } else {
+ return tmp;
+ }
+ }
+
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ return new byte[0];
+ }
+
+ @Override
+ public boolean verifyWithKey(byte[] data, byte[] key,
+ int usage, byte[] checksum) throws KrbException {
+ byte[] newCksum = checksumWithKey(data, key, usage);
+ return checksumEqual(checksum, newCksum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
new file mode 100644
index 0000000..1d62ae2
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia128CheckSum.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class CmacCamellia128CheckSum extends CmacKcCheckSum {
+
+ public CmacCamellia128CheckSum() {
+ super(new Camellia128Provider(), 16, 16);
+
+ keyMaker(new CamelliaKeyMaker((Camellia128Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CMAC_CAMELLIA128;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
new file mode 100644
index 0000000..5380813
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacCamellia256CheckSum.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.apache.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class CmacCamellia256CheckSum extends CmacKcCheckSum {
+
+ public CmacCamellia256CheckSum() {
+ super(new Camellia256Provider(), 16, 16);
+
+ keyMaker(new CamelliaKeyMaker((Camellia256Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CMAC_CAMELLIA256;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
new file mode 100644
index 0000000..796d260
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
@@ -0,0 +1,17 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.Cmac;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class CmacKcCheckSum extends KcCheckSum {
+
+ public CmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) {
+ super(encProvider, null, computeSize, outputSize);
+ }
+
+ protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
+ byte[] mac = Cmac.cmac(encProvider(), Kc, data, start, len);
+ return mac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
new file mode 100644
index 0000000..0b6d5a3
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/ConfounderedDesCheckSum.java
@@ -0,0 +1,101 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.Confounder;
+import org.apache.kerberos.kerb.crypto.enc.provider.DesProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+import javax.crypto.spec.DESKeySpec;
+import java.security.InvalidKeyException;
+
+public abstract class ConfounderedDesCheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public ConfounderedDesCheckSum(HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(new DesProvider(), hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ int computeSize = computeSize();
+ int blockSize = encProvider().blockSize();
+ int hashSize = hashProvider().hashSize();
+
+ byte[] workBuffer = new byte[computeSize];
+
+ // confounder
+ byte[] conf = Confounder.makeBytes(blockSize);
+
+ // confounder | data
+ byte[] toHash = new byte[blockSize + len];
+ System.arraycopy(conf, 0, toHash, 0, blockSize);
+ System.arraycopy(data, start, toHash, blockSize, len);
+
+ HashProvider hashProvider = hashProvider();
+ hashProvider.hash(toHash);
+ byte[] hash = hashProvider.output();
+
+ // confounder | hash
+ System.arraycopy(conf, 0, workBuffer, 0, blockSize);
+ System.arraycopy(hash, 0, workBuffer, blockSize, hashSize);
+
+ // key
+ byte[] newKey = deriveKey(key);
+
+ encProvider().encrypt(newKey, workBuffer);
+ return workBuffer;
+ }
+
+ protected byte[] deriveKey(byte[] key) {
+ return fixKey(xorKey(key));
+ }
+
+ protected byte[] xorKey(byte[] key) {
+ byte[] xorKey = new byte[encProvider().keySize()];
+ System.arraycopy(key, 0, xorKey, 0, key.length);
+ for (int i = 0; i < xorKey.length; i++) {
+ xorKey[i] = (byte) (xorKey[i] ^ 0xf0);
+ }
+
+ return xorKey;
+ }
+
+ private byte[] fixKey(byte[] key) {
+ boolean isWeak = true;
+ try {
+ isWeak = DESKeySpec.isWeak(key, 0);
+ } catch (InvalidKeyException e) {
+ e.printStackTrace();
+ }
+ if (isWeak) {
+ key[7] = (byte)(key[7] ^ 0xF0);
+ }
+
+ return key;
+ }
+
+ @Override
+ public boolean verifyWithKey(byte[] data,byte[] key,
+ int usage, byte[] checksum) throws KrbException {
+ int computeSize = computeSize();
+ int blockSize = encProvider().blockSize();
+ int hashSize = hashProvider().hashSize();
+
+ // key
+ byte[] newKey = deriveKey(key);
+
+ encProvider().decrypt(newKey, checksum);
+ byte[] decrypted = checksum; // confounder | hash
+
+ // confounder | data
+ byte[] toHash = new byte[blockSize + data.length];
+ System.arraycopy(decrypted, 0, toHash, 0, blockSize);
+ System.arraycopy(data, 0, toHash, blockSize, data.length);
+
+ HashProvider hashProvider = hashProvider();
+ hashProvider.hash(toHash);
+ byte[] newHash = hashProvider.output();
+
+ return checksumEqual(newHash, decrypted, blockSize, hashSize);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Crc32CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
new file mode 100644
index 0000000..5fda3bb
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Crc32CheckSum.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Crc32Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class Crc32CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public Crc32CheckSum() {
+ super(new Crc32Provider(), 4, 4);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.CRC32;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
new file mode 100644
index 0000000..0eaddfb
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/DesCbcCheckSum.java
@@ -0,0 +1,14 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class DesCbcCheckSum extends ConfounderedDesCheckSum {
+
+ public DesCbcCheckSum() {
+ super(null, 8, 8);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.DES_CBC;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HashProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HashProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HashProvider.java
new file mode 100644
index 0000000..2028419
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HashProvider.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.KrbException;
+
+/**
+ * krb5_hash_provider
+ */
+public interface HashProvider {
+
+ public int hashSize();
+ public int blockSize();
+
+ public void hash(byte[] data, int start, int size) throws KrbException;
+ public void hash(byte[] data) throws KrbException;
+ public byte[] output();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
new file mode 100644
index 0000000..5e55617
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
@@ -0,0 +1,18 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.Hmac;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class HmacKcCheckSum extends KcCheckSum {
+
+ public HmacKcCheckSum(EncryptProvider encProvider, int computeSize, int outputSize) {
+ super(encProvider, new Sha1Provider(), computeSize, outputSize);
+ }
+
+ protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
+ byte[] hmac = Hmac.hmac(hashProvider(), Kc, data, start, len);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
new file mode 100644
index 0000000..ec9a6d3
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
@@ -0,0 +1,54 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.Hmac;
+import org.apache.kerberos.kerb.crypto.Rc4;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacMd5Rc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public HmacMd5Rc4CheckSum() {
+ super(null, new Md5Provider(), 16, 16);
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_MD5_ARCFOUR;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+
+ byte[] Ksign = null;
+ byte[] signKey = "signaturekey".getBytes();
+ byte[] newSignKey = new byte[signKey.length + 1];
+ System.arraycopy(signKey, 0, newSignKey, 0, signKey.length);
+ Ksign = Hmac.hmac(hashProvider(), key, newSignKey);
+
+ byte[] salt = Rc4.getSalt(usage, false);
+
+ hashProvider().hash(salt);
+ hashProvider().hash(data, start, len);
+ byte[] hashTmp = hashProvider().output();
+
+ byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
new file mode 100644
index 0000000..23617c7
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes128CheckSum.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Aes128Provider;
+import org.apache.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Aes128CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Aes128CheckSum() {
+ super(new Aes128Provider(), 20, 12);
+
+ keyMaker(new AesKeyMaker((Aes128Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES128;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 12; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
new file mode 100644
index 0000000..974cfdf
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Aes256CheckSum.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Aes256Provider;
+import org.apache.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Aes256CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Aes256CheckSum() {
+ super(new Aes256Provider(), 20, 12);
+
+ keyMaker(new AesKeyMaker((Aes256Provider) encProvider()));
+ }
+
+ public int confounderSize() {
+ return 16;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES256;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 12; // bytes
+ }
+
+ public int keySize() {
+ return 32; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
new file mode 100644
index 0000000..dfb38e9
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/HmacSha1Des3CheckSum.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Des3Provider;
+import org.apache.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class HmacSha1Des3CheckSum extends HmacKcCheckSum {
+
+ public HmacSha1Des3CheckSum() {
+ super(new Des3Provider(), 20, 20);
+
+ keyMaker(new Des3KeyMaker(encProvider()));
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.HMAC_SHA1_DES3;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 20; // bytes
+ }
+
+ public int keySize() {
+ return 24; // bytes
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/KcCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/KcCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/KcCheckSum.java
new file mode 100644
index 0000000..ac58ecd
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/KcCheckSum.java
@@ -0,0 +1,29 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.crypto.key.DkKeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class KcCheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public KcCheckSum(EncryptProvider encProvider, HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(encProvider, hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+ byte[] Kc;
+ byte[] constant = new byte[5];
+ BytesUtil.int2bytes(usage, constant, 0, true);
+ constant[4] = (byte) 0x99;
+ Kc = ((DkKeyMaker) keyMaker()).dk(key, constant);
+
+ byte[] mac = mac(Kc, data, start, len);
+ return mac;
+ }
+
+ protected abstract byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
new file mode 100644
index 0000000..47b96ab
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
@@ -0,0 +1,51 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.Hmac;
+import org.apache.kerberos.kerb.crypto.Rc4;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Rc4Provider;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class Md5HmacRc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
+
+ public Md5HmacRc4CheckSum() {
+ super(new Rc4Provider(), new Md5Provider(), 16, 16);
+ }
+
+ public int confounderSize() {
+ return 8;
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.MD5_HMAC_ARCFOUR;
+ }
+
+ public boolean isSafe() {
+ return true;
+ }
+
+ public int cksumSize() {
+ return 16; // bytes
+ }
+
+ public int keySize() {
+ return 16; // bytes
+ }
+
+ @Override
+ protected byte[] doChecksumWithKey(byte[] data, int start, int len,
+ byte[] key, int usage) throws KrbException {
+
+ byte[] Ksign = key;
+
+ byte[] salt = Rc4.getSalt(usage, false);
+
+ hashProvider().hash(salt);
+ hashProvider().hash(data, start, len);
+ byte[] hashTmp = hashProvider().output();
+
+ byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
+ return hmac;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
new file mode 100644
index 0000000..89679e7
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4CheckSum.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md4Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd4CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public RsaMd4CheckSum() {
+ super(new Md4Provider(), 16, 16);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD4;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java
new file mode 100644
index 0000000..6d023d0
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd4DesCheckSum.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md4Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd4DesCheckSum extends ConfounderedDesCheckSum {
+
+ public RsaMd4DesCheckSum() {
+ super(new Md4Provider(), 24, 24);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD4_DES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java
new file mode 100644
index 0000000..346f0e2
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5CheckSum.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class RsaMd5CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public RsaMd5CheckSum() {
+ super(new Md5Provider(), 16, 16);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD5;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java
new file mode 100644
index 0000000..47a337b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/RsaMd5DesCheckSum.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public final class RsaMd5DesCheckSum extends ConfounderedDesCheckSum {
+
+ public RsaMd5DesCheckSum() {
+ super(new Md5Provider(), 24, 24);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.RSA_MD5_DES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Sha1CheckSum.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Sha1CheckSum.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Sha1CheckSum.java
new file mode 100644
index 0000000..fd9d443
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/Sha1CheckSum.java
@@ -0,0 +1,16 @@
+package org.apache.kerberos.kerb.crypto.cksum;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.AbstractUnkeyedCheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+
+public class Sha1CheckSum extends AbstractUnkeyedCheckSumTypeHandler {
+
+ public Sha1CheckSum() {
+ super(new Sha1Provider(), 20, 20);
+ }
+
+ public CheckSumType cksumType() {
+ return CheckSumType.NIST_SHA;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java
new file mode 100644
index 0000000..f8decee
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractHashProvider.java
@@ -0,0 +1,33 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractHashProvider implements HashProvider {
+ private int blockSize;
+ private int hashSize;
+
+ public AbstractHashProvider(int hashSize, int blockSize) {
+ this.hashSize = hashSize;
+ this.blockSize = blockSize;
+ }
+
+ protected void init() {
+
+ }
+
+ @Override
+ public int hashSize() {
+ return hashSize;
+ }
+
+ @Override
+ public int blockSize() {
+ return blockSize;
+ }
+
+ @Override
+ public void hash(byte[] data) throws KrbException {
+ hash(data, 0, data.length);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java
new file mode 100644
index 0000000..99af260
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/AbstractUnkeyedCheckSumTypeHandler.java
@@ -0,0 +1,35 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerberos.kerb.crypto.cksum.AbstractCheckSumTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractUnkeyedCheckSumTypeHandler extends AbstractCheckSumTypeHandler {
+
+ public AbstractUnkeyedCheckSumTypeHandler(HashProvider hashProvider,
+ int computeSize, int outputSize) {
+ super(null, hashProvider, computeSize, outputSize);
+ }
+
+ @Override
+ public byte[] checksum(byte[] data, int start, int len) throws KrbException {
+ int outputSize = outputSize();
+
+ HashProvider hp = hashProvider();
+ hp.hash(data, start, len);
+ byte[] workBuffer = hp.output();
+
+ if (outputSize < workBuffer.length) {
+ byte[] output = new byte[outputSize];
+ System.arraycopy(workBuffer, 0, output, 0, outputSize);
+ return output;
+ }
+ return workBuffer;
+ }
+
+ @Override
+ public boolean verify(byte[] data, int start, int len, byte[] checksum) throws KrbException {
+ byte[] newCksum = checksum(data, start, len);
+ return checksumEqual(newCksum, checksum);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
new file mode 100644
index 0000000..303c506
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
@@ -0,0 +1,21 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerberos.kerb.crypto.Crc32;
+
+public class Crc32Provider extends AbstractHashProvider {
+ private byte[] output;
+
+ public Crc32Provider() {
+ super(4, 1);
+ }
+
+ @Override
+ public void hash(byte[] data, int start, int size) {
+ output = Crc32.crc(data, start, size);
+ }
+
+ @Override
+ public byte[] output() {
+ return output;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md4Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md4Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md4Provider.java
new file mode 100644
index 0000000..f3147c3
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md4Provider.java
@@ -0,0 +1,15 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerberos.kerb.crypto.Md4;
+
+public class Md4Provider extends MessageDigestHashProvider {
+
+ public Md4Provider() {
+ super(16, 64, "MD4");
+ }
+
+ @Override
+ protected void init() {
+ messageDigest = new Md4();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md5Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md5Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md5Provider.java
new file mode 100644
index 0000000..76ce18d
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Md5Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+public class Md5Provider extends MessageDigestHashProvider {
+
+ public Md5Provider() {
+ super(16, 64, "MD5");
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java
new file mode 100644
index 0000000..c7903c6
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/MessageDigestHashProvider.java
@@ -0,0 +1,37 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+import org.apache.kerberos.kerb.KrbException;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class MessageDigestHashProvider extends AbstractHashProvider {
+ private String algorithm;
+ protected MessageDigest messageDigest;
+
+ public MessageDigestHashProvider(int hashSize, int blockSize, String algorithm) {
+ super(hashSize, blockSize);
+ this.algorithm = algorithm;
+
+ init();
+ }
+
+ @Override
+ protected void init() {
+ try {
+ messageDigest = MessageDigest.getInstance(algorithm);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException("Failed to init JCE provider", e);
+ }
+ }
+
+ @Override
+ public void hash(byte[] data, int start, int len) throws KrbException {
+ messageDigest.update(data, start, len);
+ }
+
+ @Override
+ public byte[] output() {
+ return messageDigest.digest();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java
new file mode 100644
index 0000000..0fce138
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/cksum/provider/Sha1Provider.java
@@ -0,0 +1,8 @@
+package org.apache.kerberos.kerb.crypto.cksum.provider;
+
+public class Sha1Provider extends MessageDigestHashProvider {
+
+ public Sha1Provider() {
+ super(20, 64, "SHA1");
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
new file mode 100644
index 0000000..0099db2
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
@@ -0,0 +1,141 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.AbstractCryptoTypeHandler;
+import org.apache.kerberos.kerb.crypto.EncTypeHandler;
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.crypto.key.KeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+
+public abstract class AbstractEncTypeHandler
+ extends AbstractCryptoTypeHandler implements EncTypeHandler {
+
+ private KeyMaker keyMaker;
+
+ public AbstractEncTypeHandler(EncryptProvider encProvider,
+ HashProvider hashProvider) {
+ super(encProvider, hashProvider);
+ }
+
+ protected void keyMaker(KeyMaker keyMaker) {
+ this.keyMaker = keyMaker;
+ }
+
+ protected KeyMaker keyMaker() {
+ return keyMaker;
+ }
+
+ @Override
+ public String name() {
+ return eType().getName();
+ }
+
+ @Override
+ public String displayName() {
+ return eType().getDisplayName();
+ }
+
+ protected int paddingLength(int inputLen) {
+ int payloadLen = confounderSize() + checksumSize() + inputLen;
+ int padding = paddingSize();
+
+ if (padding == 0 || (payloadLen % padding) == 0) {
+ return 0;
+ }
+
+ return padding - (payloadLen % padding);
+ }
+
+ @Override
+ public int keyInputSize() {
+ return encProvider().keyInputSize();
+ }
+
+ @Override
+ public int keySize() {
+ return encProvider().keySize();
+ }
+
+ @Override
+ public int confounderSize() {
+ return encProvider().blockSize();
+ }
+
+ @Override
+ public int checksumSize() {
+ return hashProvider().hashSize();
+ }
+
+ @Override
+ public int paddingSize() {
+ return encProvider().blockSize();
+ }
+
+ @Override
+ public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
+ return keyMaker.str2key(string, salt, param);
+ }
+
+ @Override
+ public byte[] random2Key(byte[] randomBits) throws KrbException {
+ return keyMaker.random2Key(randomBits);
+ }
+
+ @Override
+ public byte[] encrypt(byte[] data, byte[] key, int usage) throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ return encrypt(data, key, iv, usage);
+ }
+
+ @Override
+ public byte[] encrypt(byte[] data, byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = confounderSize();
+ int checksumLen = checksumSize();
+ int headerLen = confounderLen + checksumLen;
+ int inputLen = data.length;
+ int paddingLen = paddingLength(inputLen);
+
+ /**
+ * E(Confounder | Checksum | Plaintext | Padding), or
+ * header | data | padding | trailer, where trailer may be absent
+ */
+
+ int workLength = headerLen + inputLen + paddingLen;
+
+ byte[] workBuffer = new byte[workLength];
+ System.arraycopy(data, 0, workBuffer, headerLen, data.length);
+
+ int [] workLens = new int[] {confounderLen, checksumLen,
+ inputLen, paddingLen};
+
+ encryptWith(workBuffer, workLens, key, iv, usage);
+ return workBuffer;
+ }
+
+ protected void encryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+
+ }
+
+ public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+ throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ return decrypt(cipher, key, iv, usage);
+ }
+
+ public byte[] decrypt(byte[] cipher, byte[] key, byte[] iv, int usage)
+ throws KrbException {
+
+ int totalLen = cipher.length;
+ int confounderLen = confounderSize();
+ int checksumLen = checksumSize();
+ int dataLen = totalLen - (confounderLen + checksumLen);
+
+ int[] workLens = new int[] {confounderLen, checksumLen, dataLen};
+ return decryptWith(cipher, workLens, key, iv, usage);
+ }
+
+ protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
new file mode 100644
index 0000000..263864e
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes128CtsHmacSha1Enc.java
@@ -0,0 +1,29 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Aes128Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.AesProvider;
+import org.apache.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Aes128CtsHmacSha1Enc extends KeKiHmacSha1Enc {
+
+ public Aes128CtsHmacSha1Enc() {
+ super(new Aes128Provider(), new Sha1Provider());
+ keyMaker(new AesKeyMaker((AesProvider) encProvider()));
+ }
+
+ @Override
+ public int checksumSize() {
+ return 96 / 8;
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.AES128_CTS_HMAC_SHA1_96;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES128;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
new file mode 100644
index 0000000..4911113
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Aes256CtsHmacSha1Enc.java
@@ -0,0 +1,29 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Aes256Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.AesProvider;
+import org.apache.kerberos.kerb.crypto.key.AesKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Aes256CtsHmacSha1Enc extends KeKiHmacSha1Enc {
+
+ public Aes256CtsHmacSha1Enc() {
+ super(new Aes256Provider(), new Sha1Provider());
+ keyMaker(new AesKeyMaker((AesProvider) encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.AES256_CTS_HMAC_SHA1_96;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.HMAC_SHA1_96_AES256;
+ }
+
+ @Override
+ public int checksumSize() {
+ return 96 / 8;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java
new file mode 100644
index 0000000..bbfa63c
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia128CtsCmacEnc.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Camellia128CtsCmacEnc extends KeKiCmacEnc {
+
+ public Camellia128CtsCmacEnc() {
+ super(new Camellia128Provider());
+ keyMaker(new CamelliaKeyMaker((Camellia128Provider) encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.CAMELLIA128_CTS_CMAC;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.CMAC_CAMELLIA128;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java
new file mode 100644
index 0000000..ad4b42b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Camellia256CtsCmacEnc.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.apache.kerberos.kerb.crypto.key.CamelliaKeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Camellia256CtsCmacEnc extends KeKiCmacEnc {
+
+ public Camellia256CtsCmacEnc() {
+ super(new Camellia256Provider());
+ keyMaker(new CamelliaKeyMaker((Camellia256Provider) encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.CAMELLIA256_CTS_CMAC;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.CMAC_CAMELLIA256;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
new file mode 100644
index 0000000..7ec07c2
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/Des3CbcSha1Enc.java
@@ -0,0 +1,23 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Sha1Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Des3Provider;
+import org.apache.kerberos.kerb.crypto.key.Des3KeyMaker;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class Des3CbcSha1Enc extends KeKiHmacSha1Enc {
+
+ public Des3CbcSha1Enc() {
+ super(new Des3Provider(), new Sha1Provider());
+ keyMaker(new Des3KeyMaker(this.encProvider()));
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.DES3_CBC_SHA1;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.HMAC_SHA1_DES3;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java
new file mode 100644
index 0000000..8318eef
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcCrcEnc.java
@@ -0,0 +1,36 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Crc32Provider;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class DesCbcCrcEnc extends DesCbcEnc {
+
+ public DesCbcCrcEnc() {
+ super(new Crc32Provider());
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.DES_CBC_CRC;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.CRC32;
+ }
+
+ @Override
+ public byte[] encrypt(byte[] data, byte[] key, int usage) throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ System.arraycopy(key, 0, iv, 0, key.length);
+ return encrypt(data, key, iv, usage);
+ }
+
+ @Override
+ public byte[] decrypt(byte[] cipher, byte[] key, int usage)
+ throws KrbException {
+ byte[] iv = new byte[encProvider().blockSize()];
+ System.arraycopy(key, 0, iv, 0, key.length);
+ return decrypt(cipher, key, iv, usage);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcEnc.java
new file mode 100644
index 0000000..162db4a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcEnc.java
@@ -0,0 +1,69 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.KrbErrorCode;
+import org.apache.kerberos.kerb.crypto.Confounder;
+import org.apache.kerberos.kerb.crypto.cksum.HashProvider;
+import org.apache.kerberos.kerb.crypto.enc.provider.DesProvider;
+import org.apache.kerberos.kerb.crypto.key.DesKeyMaker;
+import org.apache.kerberos.kerb.KrbException;
+
+abstract class DesCbcEnc extends AbstractEncTypeHandler {
+
+ public DesCbcEnc(HashProvider hashProvider) {
+ super(new DesProvider(), hashProvider);
+ keyMaker(new DesKeyMaker(this.encProvider()));
+ }
+
+ @Override
+ protected void encryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = workLens[0];
+ int checksumLen = workLens[1];
+ int dataLen = workLens[2];
+ int paddingLen = workLens[3];
+
+ // confounder
+ byte[] confounder = Confounder.makeBytes(confounderLen);
+ System.arraycopy(confounder, 0, workBuffer, 0, confounderLen);
+
+ // padding
+ for (int i = confounderLen + checksumLen + dataLen; i < paddingLen; ++i) {
+ workBuffer[i] = 0;
+ }
+
+ // checksum
+ hashProvider().hash(workBuffer);
+ byte[] cksum = hashProvider().output();
+ System.arraycopy(cksum, 0, workBuffer, confounderLen, checksumLen);
+
+ encProvider().encrypt(key, iv, workBuffer);
+ }
+
+ @Override
+ protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
+ byte[] key, byte[] iv, int usage) throws KrbException {
+ int confounderLen = workLens[0];
+ int checksumLen = workLens[1];
+ int dataLen = workLens[2];
+
+ encProvider().decrypt(key, iv, workBuffer);
+
+ byte[] checksum = new byte[checksumLen];
+ for (int i = 0; i < checksumLen; i++) {
+ checksum[i] = workBuffer[confounderLen + i];
+ workBuffer[confounderLen + i] = 0;
+ }
+
+ hashProvider().hash(workBuffer);
+ byte[] newChecksum = hashProvider().output();
+ if (! checksumEqual(checksum, newChecksum)) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+ }
+
+ byte[] data = new byte[dataLen];
+ System.arraycopy(workBuffer, confounderLen + checksumLen,
+ data, 0, dataLen);
+
+ return data;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd4Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd4Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd4Enc.java
new file mode 100644
index 0000000..5a1520a
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd4Enc.java
@@ -0,0 +1,20 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md4Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class DesCbcMd4Enc extends DesCbcEnc {
+
+ public DesCbcMd4Enc() {
+ super(new Md4Provider());
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.DES_CBC_MD4;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.RSA_MD4_DES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd5Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd5Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd5Enc.java
new file mode 100644
index 0000000..ba1c34b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/DesCbcMd5Enc.java
@@ -0,0 +1,20 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.crypto.cksum.provider.Md5Provider;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+
+public class DesCbcMd5Enc extends DesCbcEnc {
+
+ public DesCbcMd5Enc() {
+ super(new Md5Provider());
+ }
+
+ public EncryptionType eType() {
+ return EncryptionType.DES_CBC_MD5;
+ }
+
+ public CheckSumType checksumType() {
+ return CheckSumType.RSA_MD5_DES;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/23c1fd12/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/EncryptProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/EncryptProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/EncryptProvider.java
new file mode 100644
index 0000000..3533e4b
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/enc/EncryptProvider.java
@@ -0,0 +1,24 @@
+package org.apache.kerberos.kerb.crypto.enc;
+
+import org.apache.kerberos.kerb.KrbException;
+
+/**
+ * krb5_enc_provider
+ */
+public interface EncryptProvider {
+
+ public int keyInputSize(); //input size to make key
+ public int keySize(); //output key size
+ public int blockSize(); //crypto block size
+
+ public void encrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException;
+ public void decrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException;
+ public void encrypt(byte[] key, byte[] data) throws KrbException;
+ public void decrypt(byte[] key, byte[] data) throws KrbException;
+ public byte[] cbcMac(byte[] key, byte[] iv, byte[] data) throws KrbException;
+ public boolean supportCbcMac();
+
+ public byte[] initState(byte[] key, int keyUsage);
+ public void cleanState();
+ public void cleanKey();
+}