You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/12 14:06:24 UTC
[16/50] [abbrv] directory-kerberos git commit: Renaming packages in
haox-kerb projects, using "apache"
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Camellia128CtsCmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Camellia128CtsCmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Camellia128CtsCmacEnc.java
deleted file mode 100644
index 1614592..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Camellia128CtsCmacEnc.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.crypto.enc.provider.Camellia128Provider;
-import org.haox.kerb.crypto.key.CamelliaKeyMaker;
-import org.haox.kerb.spec.common.CheckSumType;
-import org.haox.kerb.spec.common.EncryptionType;
-
-public class Camellia128CtsCmacEnc extends KeKiCmacEnc {
-
- public Camellia128CtsCmacEnc() {
- super(new Camellia128Provider());
- keyMaker(new CamelliaKeyMaker((Camellia128Provider) encProvider()));
- }
-
- public EncryptionType eType() {
- return EncryptionType.CAMELLIA128_CTS_CMAC;
- }
-
- public CheckSumType checksumType() {
- return CheckSumType.CMAC_CAMELLIA128;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Camellia256CtsCmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Camellia256CtsCmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Camellia256CtsCmacEnc.java
deleted file mode 100644
index 9e10e51..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Camellia256CtsCmacEnc.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.crypto.enc.provider.Camellia256Provider;
-import org.haox.kerb.crypto.key.CamelliaKeyMaker;
-import org.haox.kerb.spec.common.CheckSumType;
-import org.haox.kerb.spec.common.EncryptionType;
-
-public class Camellia256CtsCmacEnc extends KeKiCmacEnc {
-
- public Camellia256CtsCmacEnc() {
- super(new Camellia256Provider());
- keyMaker(new CamelliaKeyMaker((Camellia256Provider) encProvider()));
- }
-
- public EncryptionType eType() {
- return EncryptionType.CAMELLIA256_CTS_CMAC;
- }
-
- public CheckSumType checksumType() {
- return CheckSumType.CMAC_CAMELLIA256;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Des3CbcSha1Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Des3CbcSha1Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Des3CbcSha1Enc.java
deleted file mode 100644
index 580531f..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Des3CbcSha1Enc.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.crypto.cksum.provider.Sha1Provider;
-import org.haox.kerb.crypto.enc.provider.Des3Provider;
-import org.haox.kerb.crypto.key.Des3KeyMaker;
-import org.haox.kerb.spec.common.CheckSumType;
-import org.haox.kerb.spec.common.EncryptionType;
-
-public class Des3CbcSha1Enc extends KeKiHmacSha1Enc {
-
- public Des3CbcSha1Enc() {
- super(new Des3Provider(), new Sha1Provider());
- keyMaker(new Des3KeyMaker(this.encProvider()));
- }
-
- public EncryptionType eType() {
- return EncryptionType.DES3_CBC_SHA1;
- }
-
- public CheckSumType checksumType() {
- return CheckSumType.HMAC_SHA1_DES3;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcCrcEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcCrcEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcCrcEnc.java
deleted file mode 100644
index 35fd6cb..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcCrcEnc.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.crypto.cksum.provider.Crc32Provider;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.CheckSumType;
-import org.haox.kerb.spec.common.EncryptionType;
-
-public class DesCbcCrcEnc extends DesCbcEnc {
-
- public DesCbcCrcEnc() {
- super(new Crc32Provider());
- }
-
- public EncryptionType eType() {
- return EncryptionType.DES_CBC_CRC;
- }
-
- public CheckSumType checksumType() {
- return CheckSumType.CRC32;
- }
-
- @Override
- public byte[] encrypt(byte[] data, byte[] key, int usage) throws KrbException {
- byte[] iv = new byte[encProvider().blockSize()];
- System.arraycopy(key, 0, iv, 0, key.length);
- return encrypt(data, key, iv, usage);
- }
-
- @Override
- public byte[] decrypt(byte[] cipher, byte[] key, int usage)
- throws KrbException {
- byte[] iv = new byte[encProvider().blockSize()];
- System.arraycopy(key, 0, iv, 0, key.length);
- return decrypt(cipher, key, iv, usage);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcEnc.java
deleted file mode 100644
index d25df11..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcEnc.java
+++ /dev/null
@@ -1,69 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.KrbErrorCode;
-import org.haox.kerb.crypto.Confounder;
-import org.haox.kerb.crypto.cksum.HashProvider;
-import org.haox.kerb.crypto.enc.provider.DesProvider;
-import org.haox.kerb.crypto.key.DesKeyMaker;
-import org.haox.kerb.KrbException;
-
-abstract class DesCbcEnc extends AbstractEncTypeHandler {
-
- public DesCbcEnc(HashProvider hashProvider) {
- super(new DesProvider(), hashProvider);
- keyMaker(new DesKeyMaker(this.encProvider()));
- }
-
- @Override
- protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
- int confounderLen = workLens[0];
- int checksumLen = workLens[1];
- int dataLen = workLens[2];
- int paddingLen = workLens[3];
-
- // confounder
- byte[] confounder = Confounder.makeBytes(confounderLen);
- System.arraycopy(confounder, 0, workBuffer, 0, confounderLen);
-
- // padding
- for (int i = confounderLen + checksumLen + dataLen; i < paddingLen; ++i) {
- workBuffer[i] = 0;
- }
-
- // checksum
- hashProvider().hash(workBuffer);
- byte[] cksum = hashProvider().output();
- System.arraycopy(cksum, 0, workBuffer, confounderLen, checksumLen);
-
- encProvider().encrypt(key, iv, workBuffer);
- }
-
- @Override
- protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
- int confounderLen = workLens[0];
- int checksumLen = workLens[1];
- int dataLen = workLens[2];
-
- encProvider().decrypt(key, iv, workBuffer);
-
- byte[] checksum = new byte[checksumLen];
- for (int i = 0; i < checksumLen; i++) {
- checksum[i] = workBuffer[confounderLen + i];
- workBuffer[confounderLen + i] = 0;
- }
-
- hashProvider().hash(workBuffer);
- byte[] newChecksum = hashProvider().output();
- if (! checksumEqual(checksum, newChecksum)) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
- }
-
- byte[] data = new byte[dataLen];
- System.arraycopy(workBuffer, confounderLen + checksumLen,
- data, 0, dataLen);
-
- return data;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcMd4Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcMd4Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcMd4Enc.java
deleted file mode 100644
index 4875dd1..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcMd4Enc.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.crypto.cksum.provider.Md4Provider;
-import org.haox.kerb.spec.common.CheckSumType;
-import org.haox.kerb.spec.common.EncryptionType;
-
-public class DesCbcMd4Enc extends DesCbcEnc {
-
- public DesCbcMd4Enc() {
- super(new Md4Provider());
- }
-
- public EncryptionType eType() {
- return EncryptionType.DES_CBC_MD4;
- }
-
- public CheckSumType checksumType() {
- return CheckSumType.RSA_MD4_DES;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcMd5Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcMd5Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcMd5Enc.java
deleted file mode 100644
index c9da215..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/DesCbcMd5Enc.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.crypto.cksum.provider.Md5Provider;
-import org.haox.kerb.spec.common.CheckSumType;
-import org.haox.kerb.spec.common.EncryptionType;
-
-public class DesCbcMd5Enc extends DesCbcEnc {
-
- public DesCbcMd5Enc() {
- super(new Md5Provider());
- }
-
- public EncryptionType eType() {
- return EncryptionType.DES_CBC_MD5;
- }
-
- public CheckSumType checksumType() {
- return CheckSumType.RSA_MD5_DES;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/EncryptProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/EncryptProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/EncryptProvider.java
deleted file mode 100644
index eac72f8..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/EncryptProvider.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.KrbException;
-
-/**
- * krb5_enc_provider
- */
-public interface EncryptProvider {
-
- public int keyInputSize(); //input size to make key
- public int keySize(); //output key size
- public int blockSize(); //crypto block size
-
- public void encrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException;
- public void decrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException;
- public void encrypt(byte[] key, byte[] data) throws KrbException;
- public void decrypt(byte[] key, byte[] data) throws KrbException;
- public byte[] cbcMac(byte[] key, byte[] iv, byte[] data) throws KrbException;
- public boolean supportCbcMac();
-
- public byte[] initState(byte[] key, int keyUsage);
- public void cleanState();
- public void cleanKey();
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiCmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiCmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiCmacEnc.java
deleted file mode 100644
index 7109aa5..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiCmacEnc.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.crypto.Cmac;
-import org.haox.kerb.KrbException;
-
-public abstract class KeKiCmacEnc extends KeKiEnc {
-
- public KeKiCmacEnc(EncryptProvider encProvider) {
- super(encProvider, null);
- }
-
- @Override
- public int paddingSize() {
- return 0;
- }
-
- @Override
- public int checksumSize() {
- return encProvider().blockSize();
- }
-
- @Override
- protected byte[] makeChecksum(byte[] key, byte[] data, int hashSize)
- throws KrbException {
-
- // generate hash
- byte[] hash = Cmac.cmac(encProvider(), key, data);
-
- // truncate hash
- byte[] output = new byte[hashSize];
- System.arraycopy(hash, 0, output, 0, hashSize);
- return output;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiEnc.java
deleted file mode 100644
index 87fd7ba..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiEnc.java
+++ /dev/null
@@ -1,110 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.KrbErrorCode;
-import org.haox.kerb.crypto.BytesUtil;
-import org.haox.kerb.crypto.Confounder;
-import org.haox.kerb.crypto.cksum.HashProvider;
-import org.haox.kerb.crypto.key.DkKeyMaker;
-import org.haox.kerb.KrbException;
-
-public abstract class KeKiEnc extends AbstractEncTypeHandler {
-
- public KeKiEnc(EncryptProvider encProvider,
- HashProvider hashProvider) {
- super(encProvider, hashProvider);
- }
-
- @Override
- public int paddingSize() {
- return 0;
- }
-
-
- @Override
- protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
- int confounderLen = workLens[0];
- int checksumLen = workLens[1];
- int inputLen = workLens[2];
- int paddingLen = workLens[3];
-
- byte[] Ke, Ki;
- byte[] constant = new byte[5];
- constant[0] = (byte) ((usage>>24)&0xff);
- constant[1] = (byte) ((usage>>16)&0xff);
- constant[2] = (byte) ((usage>>8)&0xff);
- constant[3] = (byte) (usage&0xff);
- constant[4] = (byte) 0xaa;
- Ke = ((DkKeyMaker) keyMaker()).dk(key, constant);
- constant[4] = (byte) 0x55;
- Ki = ((DkKeyMaker) keyMaker()).dk(key, constant);
-
- /**
- * Instead of E(Confounder | Checksum | Plaintext | Padding),
- * E(Confounder | Plaintext | Padding) | Checksum,
- * so need to adjust the workBuffer arrangement
- */
-
- byte[] tmpEnc = new byte[confounderLen + inputLen + paddingLen];
- // confounder
- byte[] confounder = Confounder.makeBytes(confounderLen);
- System.arraycopy(confounder, 0, tmpEnc, 0, confounderLen);
-
- // data
- System.arraycopy(workBuffer, confounderLen + checksumLen,
- tmpEnc, confounderLen, inputLen);
-
- // padding
- for (int i = confounderLen + inputLen; i < paddingLen; ++i) {
- tmpEnc[i] = 0;
- }
-
- // checksum & encrypt
- byte[] checksum;
- checksum = makeChecksum(Ki, tmpEnc, checksumLen);
- encProvider().encrypt(Ke, iv, tmpEnc);
-
- System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
- System.arraycopy(checksum, 0, workBuffer, tmpEnc.length, checksum.length);
- }
-
- @Override
- protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
- int confounderLen = workLens[0];
- int checksumLen = workLens[1];
- int dataLen = workLens[2];
-
- byte[] Ke, Ki;
- byte[] constant = new byte[5];
- BytesUtil.int2bytes(usage, constant, 0, true);
- constant[4] = (byte) 0xaa;
- Ke = ((DkKeyMaker) keyMaker()).dk(key, constant);
- constant[4] = (byte) 0x55;
- Ki = ((DkKeyMaker) keyMaker()).dk(key, constant);
-
- // decrypt and verify checksum
-
- byte[] tmpEnc = new byte[confounderLen + dataLen];
- System.arraycopy(workBuffer, 0,
- tmpEnc, 0, confounderLen + dataLen);
- byte[] checksum = new byte[checksumLen];
- System.arraycopy(workBuffer, confounderLen + dataLen,
- checksum, 0, checksumLen);
-
- byte[] newChecksum;
- encProvider().decrypt(Ke, iv, tmpEnc);
- newChecksum = makeChecksum(Ki, tmpEnc, checksumLen);
-
- if (! checksumEqual(checksum, newChecksum)) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
- }
-
- byte[] data = new byte[dataLen];
- System.arraycopy(tmpEnc, confounderLen, data, 0, dataLen);
- return data;
- }
-
- protected abstract byte[] makeChecksum(byte[] key, byte[] data, int hashSize)
- throws KrbException;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiHmacSha1Enc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiHmacSha1Enc.java
deleted file mode 100644
index 5a43d36..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/KeKiHmacSha1Enc.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.crypto.Hmac;
-import org.haox.kerb.crypto.cksum.HashProvider;
-import org.haox.kerb.KrbException;
-
-public abstract class KeKiHmacSha1Enc extends KeKiEnc {
-
- public KeKiHmacSha1Enc(EncryptProvider encProvider,
- HashProvider hashProvider) {
- super(encProvider, hashProvider);
- }
-
- @Override
- public int paddingSize() {
- return 0;
- }
-
- @Override
- protected byte[] makeChecksum(byte[] key, byte[] data, int hashSize)
- throws KrbException {
-
- // generate hash
- byte[] hash = Hmac.hmac(hashProvider(), key, data);
-
- // truncate hash
- byte[] output = new byte[hashSize];
- System.arraycopy(hash, 0, output, 0, hashSize);
- return output;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Rc4HmacEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Rc4HmacEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Rc4HmacEnc.java
deleted file mode 100644
index e5860cc..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Rc4HmacEnc.java
+++ /dev/null
@@ -1,130 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.KrbErrorCode;
-import org.haox.kerb.crypto.BytesUtil;
-import org.haox.kerb.crypto.Confounder;
-import org.haox.kerb.crypto.Rc4;
-import org.haox.kerb.crypto.Hmac;
-import org.haox.kerb.crypto.cksum.provider.Md5Provider;
-import org.haox.kerb.crypto.enc.provider.Rc4Provider;
-import org.haox.kerb.crypto.key.Rc4KeyMaker;
-import org.haox.kerb.KrbException;
-import org.haox.kerb.spec.common.CheckSumType;
-import org.haox.kerb.spec.common.EncryptionType;
-
-public class Rc4HmacEnc extends AbstractEncTypeHandler {
- private boolean exportable;
-
- public Rc4HmacEnc() {
- this(false);
- }
-
- public Rc4HmacEnc(boolean exportable) {
- super(new Rc4Provider(), new Md5Provider());
- keyMaker(new Rc4KeyMaker(this.encProvider()));
- this.exportable = exportable;
- }
-
- public EncryptionType eType() {
- return EncryptionType.ARCFOUR_HMAC;
- }
-
- @Override
- public int confounderSize() {
- return 8;
- }
-
- @Override
- public int paddingSize() {
- return 0;
- }
-
- public CheckSumType checksumType() {
- return CheckSumType.HMAC_MD5_ARCFOUR;
- }
-
- protected void encryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
- int confounderLen = workLens[0];
- int checksumLen = workLens[1];
- int dataLen = workLens[2];
-
- /**
- * Instead of E(Confounder | Checksum | Plaintext | Padding),
- * Checksum | E(Confounder | Plaintext)
- */
-
- // confounder
- byte[] confounder = Confounder.makeBytes(confounderLen);
- System.arraycopy(confounder, 0, workBuffer, checksumLen, confounderLen);
-
- // no padding
-
- /* checksum and encryption */
- byte[] usageKey = makeUsageKey(key, usage);
-
- byte[] checksum = Hmac.hmac(hashProvider(), usageKey, workBuffer,
- checksumLen, confounderLen + dataLen);
-
- byte[] encKey = makeEncKey(usageKey, checksum);
-
- byte[] tmpEnc = new byte[confounderLen + dataLen];
- System.arraycopy(workBuffer, checksumLen,
- tmpEnc, 0, confounderLen + dataLen);
- encProvider().encrypt(encKey, iv, tmpEnc);
- System.arraycopy(checksum, 0, workBuffer, 0, checksumLen);
- System.arraycopy(tmpEnc, 0, workBuffer, checksumLen, tmpEnc.length);
- }
-
- protected byte[] makeUsageKey(byte[] key, int usage) throws KrbException {
- byte[] salt = Rc4.getSalt(usage, exportable);
- byte[] usageKey = Hmac.hmac(hashProvider(), key, salt);
- return usageKey;
- }
-
- protected byte[] makeEncKey(byte[] usageKey, byte[] checksum) throws KrbException {
- byte[] tmpKey = usageKey;
-
- if (exportable) {
- tmpKey = BytesUtil.duplicate(usageKey);
- for (int i = 0; i < 9; ++i) {
- tmpKey[i + 7] = (byte) 0xab;
- }
- }
-
- byte[] encKey = Hmac.hmac(hashProvider(), tmpKey, checksum);
- return encKey;
- }
-
- @Override
- protected byte[] decryptWith(byte[] workBuffer, int[] workLens,
- byte[] key, byte[] iv, int usage) throws KrbException {
- int confounderLen = workLens[0];
- int checksumLen = workLens[1];
- int dataLen = workLens[2];
-
- /* checksum and decryption */
- byte[] usageKey = makeUsageKey(key, usage);
-
- byte[] checksum = new byte[checksumLen];
- System.arraycopy(workBuffer, 0, checksum, 0, checksumLen);
-
- byte[] encKey = makeEncKey(usageKey, checksum);
-
- byte[] tmpEnc = new byte[confounderLen + dataLen];
- System.arraycopy(workBuffer, checksumLen,
- tmpEnc, 0, confounderLen + dataLen);
- encProvider().decrypt(encKey, iv, tmpEnc);
-
- byte[] newChecksum = Hmac.hmac(hashProvider(), usageKey, tmpEnc);
- if (! checksumEqual(checksum, newChecksum)) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
- }
-
- byte[] data = new byte[dataLen];
- System.arraycopy(tmpEnc, confounderLen,
- data, 0, dataLen);
-
- return data;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Rc4HmacExpEnc.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Rc4HmacExpEnc.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Rc4HmacExpEnc.java
deleted file mode 100644
index c30abd5..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/Rc4HmacExpEnc.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.haox.kerb.crypto.enc;
-
-import org.haox.kerb.spec.common.EncryptionType;
-
-public class Rc4HmacExpEnc extends Rc4HmacEnc {
-
- public Rc4HmacExpEnc() {
- super(true);
- }
-
- public EncryptionType eType() {
- return EncryptionType.ARCFOUR_HMAC_EXP;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/AbstractEncryptProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/AbstractEncryptProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/AbstractEncryptProvider.java
deleted file mode 100644
index 02e5548..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/AbstractEncryptProvider.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.haox.kerb.crypto.enc.provider;
-
-import org.haox.kerb.crypto.enc.EncryptProvider;
-import org.haox.kerb.KrbException;
-
-public abstract class AbstractEncryptProvider implements EncryptProvider {
- private int blockSize;
- private int keyInputSize;
- private int keySize;
-
- public AbstractEncryptProvider(int blockSize, int keyInputSize, int keySize) {
- this.blockSize = blockSize;
- this.keyInputSize = keyInputSize;
- this.keySize = keySize;
- }
-
- @Override
- public int keyInputSize() {
- return keyInputSize;
- }
-
- @Override
- public int keySize() {
- return keySize;
- }
-
- @Override
- public int blockSize() {
- return blockSize;
- }
-
- @Override
- public byte[] initState(byte[] key, int keyUsage) {
- return new byte[0];
- }
-
- @Override
- public void encrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException {
- doEncrypt(data, key, cipherState, true);
- }
-
- @Override
- public void decrypt(byte[] key, byte[] cipherState, byte[] data) throws KrbException {
- doEncrypt(data, key, cipherState, false);
- }
-
- @Override
- public void encrypt(byte[] key, byte[] data) throws KrbException {
- byte[] cipherState = new byte[blockSize()];
- encrypt(key, cipherState, data);
- }
-
- @Override
- public void decrypt(byte[] key, byte[] data) throws KrbException {
- byte[] cipherState = new byte[blockSize()];
- decrypt(key, cipherState, data);
- }
-
- protected abstract void doEncrypt(byte[] data, byte[] key, byte[] cipherState, boolean encrypt) throws KrbException;
-
- @Override
- public byte[] cbcMac(byte[] key, byte[] iv, byte[] data) throws KrbException {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public boolean supportCbcMac() {
- return false;
- }
-
- @Override
- public void cleanState() {
-
- }
-
- @Override
- public void cleanKey() {
-
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Aes128Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Aes128Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Aes128Provider.java
deleted file mode 100644
index 093e812..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Aes128Provider.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.haox.kerb.crypto.enc.provider;
-
-public class Aes128Provider extends AesProvider {
-
- public Aes128Provider() {
- super(16, 16, 16);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Aes256Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Aes256Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Aes256Provider.java
deleted file mode 100644
index 14f7d15..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Aes256Provider.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.haox.kerb.crypto.enc.provider;
-
-public class Aes256Provider extends AesProvider {
-
- public Aes256Provider() {
- super(16, 32, 32);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/AesProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/AesProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/AesProvider.java
deleted file mode 100644
index b3e8f68..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/AesProvider.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.haox.kerb.crypto.enc.provider;
-
-import org.haox.kerb.KrbException;
-
-import javax.crypto.Cipher;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-import java.security.GeneralSecurityException;
-
-public abstract class AesProvider extends AbstractEncryptProvider {
-
- public AesProvider(int blockSize, int keyInputSize, int keySize) {
- super(blockSize, keyInputSize, keySize);
- }
-
- @Override
- protected void doEncrypt(byte[] data, byte[] key,
- byte[] cipherState, boolean encrypt) throws KrbException {
- Cipher cipher = null;
- try {
- cipher = Cipher.getInstance("AES/CTS/NoPadding");
- } catch (GeneralSecurityException e) {
- KrbException ke = new KrbException("JCE provider may not be installed. "
- + e.getMessage());
- ke.initCause(e);
- throw ke;
- }
-
- try {
- SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
- IvParameterSpec param = new IvParameterSpec(cipherState);
-
- cipher.init(encrypt ?
- Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey, param);
- byte[] output = cipher.doFinal(data);
- System.arraycopy(output, 0, data, 0, output.length);
- } catch (GeneralSecurityException e) {
- KrbException ke = new KrbException(e.getMessage());
- ke.initCause(e);
- throw ke;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Camellia128Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Camellia128Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Camellia128Provider.java
deleted file mode 100644
index bb43ae3..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Camellia128Provider.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.haox.kerb.crypto.enc.provider;
-
-public class Camellia128Provider extends CamelliaProvider {
-
- public Camellia128Provider() {
- super(16, 16, 16);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Camellia256Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Camellia256Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Camellia256Provider.java
deleted file mode 100644
index f101458..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Camellia256Provider.java
+++ /dev/null
@@ -1,8 +0,0 @@
-package org.haox.kerb.crypto.enc.provider;
-
-public class Camellia256Provider extends CamelliaProvider {
-
- public Camellia256Provider() {
- super(16, 32, 32);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/CamelliaProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/CamelliaProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/CamelliaProvider.java
deleted file mode 100644
index 2b91736..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/CamelliaProvider.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.haox.kerb.crypto.enc.provider;
-
-import org.haox.kerb.crypto.Camellia;
-import org.haox.kerb.KrbException;
-
-public abstract class CamelliaProvider extends AbstractEncryptProvider {
-
- public CamelliaProvider(int blockSize, int keyInputSize, int keySize) {
- super(blockSize, keyInputSize, keySize);
- }
-
- @Override
- protected void doEncrypt(byte[] data, byte[] key,
- byte[] cipherState, boolean encrypt) throws KrbException {
-
- Camellia cipher = new Camellia();
- cipher.setKey(encrypt, key);
- if (encrypt) {
- cipher.encrypt(data, cipherState);
- } else {
- cipher.decrypt(data, cipherState);
- }
- }
-
- @Override
- public boolean supportCbcMac() {
- return true;
- }
-
- @Override
- public byte[] cbcMac(byte[] key, byte[] cipherState, byte[] data) {
- Camellia cipher = new Camellia();
- cipher.setKey(true, key);
-
- int blocksNum = data.length / blockSize();
- cipher.cbcEnc(data, 0, blocksNum, cipherState);
- return data;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Des3Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Des3Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Des3Provider.java
deleted file mode 100644
index adc24ba..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Des3Provider.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package org.haox.kerb.crypto.enc.provider;
-
-import org.haox.kerb.KrbException;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.DESedeKeySpec;
-import javax.crypto.spec.IvParameterSpec;
-import java.security.GeneralSecurityException;
-import java.security.spec.KeySpec;
-
-public class Des3Provider extends AbstractEncryptProvider {
-
- public Des3Provider() {
- super(8, 21, 24);
- }
-
- @Override
- protected void doEncrypt(byte[] input, byte[] key,
- byte[] cipherState, boolean encrypt) throws KrbException {
-
- Cipher cipher = null;
- try {
- cipher = Cipher.getInstance("DESede/CBC/NoPadding");
- } catch (GeneralSecurityException e) {
- throw new KrbException("Failed to init cipher", e);
- }
-
- try {
- IvParameterSpec params = new IvParameterSpec(cipherState);
- KeySpec skSpec = new DESedeKeySpec(key, 0);
-
- SecretKeyFactory skf = SecretKeyFactory.getInstance("desede");
- SecretKey secretKey = skf.generateSecret(skSpec);
-
- cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey, params);
-
- byte[] output = cipher.doFinal(input);
- System.arraycopy(output, 0, input, 0, output.length);
- } catch (GeneralSecurityException e) {
- throw new KrbException("Failed to doEncrypt", e);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/DesProvider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/DesProvider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/DesProvider.java
deleted file mode 100644
index ff7f391..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/DesProvider.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package org.haox.kerb.crypto.enc.provider;
-
-import org.haox.kerb.KrbException;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-import java.security.GeneralSecurityException;
-
-public class DesProvider extends AbstractEncryptProvider {
-
- public DesProvider() {
- super(8, 7, 8);
- }
-
- @Override
- protected void doEncrypt(byte[] input, byte[] key,
- byte[] cipherState, boolean encrypt) throws KrbException {
-
- Cipher cipher = null;
- try {
- cipher = Cipher.getInstance("DES/CBC/NoPadding");
- } catch (GeneralSecurityException e) {
- throw new KrbException("Failed to init cipher", e);
- }
- IvParameterSpec params = new IvParameterSpec(cipherState);
- SecretKeySpec skSpec = new SecretKeySpec(key, "DES");
- try {
- SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
- SecretKey sk = (SecretKey) skSpec;
-
- cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, sk, params);
-
- byte[] output = cipher.doFinal(input);
- System.arraycopy(output, 0, input, 0, output.length);
- } catch (GeneralSecurityException e) {
- KrbException ke = new KrbException(e.getMessage());
- ke.initCause(e);
- throw ke;
- }
- }
-
- @Override
- public byte[] cbcMac(byte[] key, byte[] cipherState, byte[] data) throws KrbException {
- Cipher cipher = null;
- try {
- cipher = Cipher.getInstance("DES/CBC/NoPadding");
- } catch (GeneralSecurityException e) {
- throw new KrbException("Failed to init cipher", e);
- }
- IvParameterSpec params = new IvParameterSpec(cipherState);
- SecretKeySpec skSpec = new SecretKeySpec(key, "DES");
-
- byte[] output = null;
- try {
- SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
- // SecretKey sk = skf.generateSecret(skSpec);
- SecretKey sk = (SecretKey) skSpec;
- cipher.init(Cipher.ENCRYPT_MODE, sk, params);
- for (int i = 0; i < data.length / 8; i++) {
- output = cipher.doFinal(data, i * 8, 8);
- cipher.init(Cipher.ENCRYPT_MODE, sk, (new IvParameterSpec(output)));
- }
- }
- catch (GeneralSecurityException e) {
- KrbException ke = new KrbException(e.getMessage());
- ke.initCause(e);
- throw ke;
- }
- return output;
- }
-
- @Override
- public boolean supportCbcMac() {
- return true;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Rc4Provider.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Rc4Provider.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Rc4Provider.java
deleted file mode 100644
index f1319b4..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/enc/provider/Rc4Provider.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.haox.kerb.crypto.enc.provider;
-
-import org.haox.kerb.KrbException;
-
-import javax.crypto.Cipher;
-import javax.crypto.spec.SecretKeySpec;
-import java.security.GeneralSecurityException;
-
-public class Rc4Provider extends AbstractEncryptProvider {
-
- public Rc4Provider() {
- super(1, 16, 16);
- }
-
- @Override
- protected void doEncrypt(byte[] data, byte[] key,
- byte[] cipherState, boolean encrypt) throws KrbException {
- try {
- Cipher cipher = Cipher.getInstance("ARCFOUR");
- SecretKeySpec secretKey = new SecretKeySpec(key, "ARCFOUR");
- cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, secretKey);
- byte[] output = cipher.doFinal(data);
- System.arraycopy(output, 0, data, 0, output.length);
- } catch (GeneralSecurityException e) {
- KrbException ke = new KrbException(e.getMessage());
- ke.initCause(e);
- throw ke;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/AbstractKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/AbstractKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/AbstractKeyMaker.java
deleted file mode 100644
index f731cac..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/AbstractKeyMaker.java
+++ /dev/null
@@ -1,67 +0,0 @@
-package org.haox.kerb.crypto.key;
-
-import org.haox.kerb.crypto.BytesUtil;
-import org.haox.kerb.crypto.enc.EncryptProvider;
-import org.haox.kerb.KrbException;
-
-import java.io.UnsupportedEncodingException;
-
-public abstract class AbstractKeyMaker implements KeyMaker {
-
- protected static final byte[] KERBEROS_CONSTANT = "kerberos".getBytes();
-
- private EncryptProvider encProvider;
-
- public AbstractKeyMaker(EncryptProvider encProvider) {
- this.encProvider = encProvider;
- }
-
- protected EncryptProvider encProvider() {
- return encProvider;
- }
-
- @Override
- public byte[] random2Key(byte[] randomBits) throws KrbException {
- return new byte[0];
- }
-
- protected static char[] makePasswdSalt(String password, String salt) {
- char[] result = new char[password.length() + salt.length()];
- System.arraycopy(password.toCharArray(), 0, result, 0, password.length());
- System.arraycopy(salt.toCharArray(), 0, result, password.length(), salt.length());
-
- return result;
- }
-
- protected static int getIterCount(byte[] param, int defCount) {
- int iterCount = defCount;
-
- if (param != null) {
- if (param.length != 4) {
- throw new IllegalArgumentException("Invalid param to str2Key");
- }
- iterCount = BytesUtil.bytes2int(param, 0, true);
- }
-
- return iterCount;
- }
-
- protected static byte[] getSaltBytes(String salt, String pepper)
- throws UnsupportedEncodingException {
- byte[] saltBytes = salt.getBytes("UTF-8");
- if (pepper != null && ! pepper.isEmpty()) {
- byte[] pepperBytes = pepper.getBytes("UTF-8");
- int len = saltBytes.length;
- len += 1 + pepperBytes.length;
- byte[] results = new byte[len];
- System.arraycopy(pepperBytes, 0, results, 0, pepperBytes.length);
- results[pepperBytes.length] = (byte) 0;
- System.arraycopy(saltBytes, 0,
- results, pepperBytes.length + 1, saltBytes.length);
-
- return results;
- } else {
- return saltBytes;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/AesKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/AesKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/AesKeyMaker.java
deleted file mode 100644
index c631ce6..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/AesKeyMaker.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package org.haox.kerb.crypto.key;
-
-import org.haox.kerb.KrbException;
-import org.haox.kerb.crypto.Pbkdf;
-import org.haox.kerb.crypto.enc.provider.AesProvider;
-
-import java.io.UnsupportedEncodingException;
-import java.security.GeneralSecurityException;
-
-public class AesKeyMaker extends DkKeyMaker {
-
- public AesKeyMaker(AesProvider encProvider) {
- super(encProvider);
- }
-
- @Override
- public byte[] random2Key(byte[] randomBits) throws KrbException {
- return randomBits;
- }
-
- @Override
- public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
- int iterCount = getIterCount(param, 4096);
-
- byte[] saltBytes = null;
- try {
- saltBytes = getSaltBytes(salt, null);
- } catch (UnsupportedEncodingException e) {
- throw new RuntimeException(e);
- }
-
- int keySize = encProvider().keySize();
- byte[] random = new byte[0];
- try {
- random = Pbkdf.PBKDF2(string.toCharArray(), saltBytes, iterCount, keySize);
- } catch (GeneralSecurityException e) {
- throw new KrbException("PBKDF2 failed", e);
- }
-
- byte[] tmpKey = random2Key(random);
- byte[] result = dk(tmpKey, KERBEROS_CONSTANT);
-
- return result;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/CamelliaKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/CamelliaKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/CamelliaKeyMaker.java
deleted file mode 100644
index ffefcac..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/CamelliaKeyMaker.java
+++ /dev/null
@@ -1,102 +0,0 @@
-package org.haox.kerb.crypto.key;
-
-import org.haox.kerb.crypto.BytesUtil;
-import org.haox.kerb.crypto.Cmac;
-import org.haox.kerb.crypto.Pbkdf;
-import org.haox.kerb.crypto.enc.provider.CamelliaProvider;
-import org.haox.kerb.KrbException;
-
-import java.io.UnsupportedEncodingException;
-import java.security.GeneralSecurityException;
-
-public class CamelliaKeyMaker extends DkKeyMaker {
-
- public CamelliaKeyMaker(CamelliaProvider encProvider) {
- super(encProvider);
- }
-
- @Override
- public byte[] random2Key(byte[] randomBits) throws KrbException {
- return randomBits;
- }
-
- @Override
- public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
- int iterCount = getIterCount(param, 32768);
-
- byte[] saltBytes = null;
- try {
- saltBytes = getSaltBytes(salt, getPepper());
- } catch (UnsupportedEncodingException e) {
- throw new RuntimeException(e);
- }
-
- int keySize = encProvider().keySize();
- byte[] random = new byte[0];
- try {
- random = Pbkdf.PBKDF2(string.toCharArray(), saltBytes, iterCount, keySize);
- } catch (GeneralSecurityException e) {
- throw new KrbException("PBKDF2 failed", e);
- }
-
- byte[] tmpKey = random2Key(random);
- byte[] result = dk(tmpKey, KERBEROS_CONSTANT);
-
- return result;
- }
-
- private String getPepper() {
- int keySize = encProvider().keySize();
- String pepper = keySize == 16 ? "camellia128-cts-cmac" : "camellia256-cts-cmac";
- return pepper;
- }
-
- /*
- * NIST SP800-108 KDF in feedback mode (section 5.2).
- */
- @Override
- protected byte[] dr(byte[] key, byte[] constant) throws KrbException {
-
- int blocksize = encProvider().blockSize();
- int keyInuptSize = encProvider().keyInputSize();
- byte[] keyBytes = new byte[keyInuptSize];
- byte[] Ki;
-
- int len = 0;
- // K(i-1): the previous block of PRF output, initially all-zeros.
- len += blocksize;
- // four-byte big-endian binary string giving the block counter
- len += 4;
- // the fixed derived-key input
- len += constant.length;
- // 0x00: separator byte
- len += 1;
- // four-byte big-endian binary string giving the output length
- len += 4;
-
- Ki = new byte[len];
- System.arraycopy(constant, 0, Ki, blocksize + 4, constant.length);
- BytesUtil.int2bytes(keyInuptSize * 8, Ki, len - 4, true);
-
- int i, n = 0;
- byte[] tmp;
- for (i = 1, n = 0; n < keyInuptSize; i++) {
- // Update the block counter
- BytesUtil.int2bytes(i, Ki, blocksize, true);
-
- // Compute a CMAC checksum, update Ki with the result
- tmp = Cmac.cmac(encProvider(), key, Ki);
- System.arraycopy(tmp, 0, Ki, 0, blocksize);
-
- if (n + blocksize >= keyInuptSize) {
- System.arraycopy(Ki, 0, keyBytes, n, keyInuptSize - n);
- break;
- }
-
- System.arraycopy(Ki, 0, keyBytes, n, blocksize);
- n += blocksize;
- }
-
- return keyBytes;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/Des3KeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/Des3KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/Des3KeyMaker.java
deleted file mode 100644
index 644dbae..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/Des3KeyMaker.java
+++ /dev/null
@@ -1,101 +0,0 @@
-package org.haox.kerb.crypto.key;
-
-import org.haox.kerb.crypto.Des;
-import org.haox.kerb.crypto.Nfold;
-import org.haox.kerb.crypto.enc.EncryptProvider;
-import org.haox.kerb.KrbException;
-
-import java.io.UnsupportedEncodingException;
-
-public class Des3KeyMaker extends DkKeyMaker {
-
- public Des3KeyMaker(EncryptProvider encProvider) {
- super(encProvider);
- }
-
- @Override
- public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
- char[] passwdSalt = makePasswdSalt(string, salt);
- int keyInputSize = encProvider().keyInputSize();
- try {
- byte[] utf8Bytes = new String(passwdSalt).getBytes("UTF-8");
- byte[] tmpKey = random2Key(Nfold.nfold(utf8Bytes, keyInputSize));
- return dk(tmpKey, KERBEROS_CONSTANT);
- } catch (UnsupportedEncodingException e) {
- throw new KrbException("str2key failed", e);
- }
- }
-
- /*
- * The 168 bits of random key data are converted to a protocol key value
- * as follows. First, the 168 bits are divided into three groups of 56
- * bits, which are expanded individually into 64 bits as in des3Expand().
- * Result is a 24 byte (192-bit) key.
- */
- @Override
- public byte[] random2Key(byte[] randomBits) throws KrbException {
- byte[] one = Des.fixKey(des3Expand(randomBits, 0, 7));
- byte[] two = Des.fixKey(des3Expand(randomBits, 7, 14));
- byte[] three = Des.fixKey(des3Expand(randomBits, 14, 21));
-
- byte[] key = new byte[24];
- System.arraycopy(one, 0, key, 0, 8);
- System.arraycopy(two, 0, key, 8, 8);
- System.arraycopy(three, 0, key, 16, 8);
-
- return key;
- }
-
- /**
- * Expands a 7-byte array into an 8-byte array that contains parity bits.
- * The 56 bits are expanded into 64 bits as follows:
- * 1 2 3 4 5 6 7 p
- * 9 10 11 12 13 14 15 p
- * 17 18 19 20 21 22 23 p
- * 25 26 27 28 29 30 31 p
- * 33 34 35 36 37 38 39 p
- * 41 42 43 44 45 46 47 p
- * 49 50 51 52 53 54 55 p
- * 56 48 40 32 24 16 8 p
- *
- * (PI,P2,...,P8) are reserved for parity bits computed on the preceding
- * seven independent bits and set so that the parity of the octet is odd,
- * i.e., there is an odd number of "1" bits in the octet.
- */
- private static byte[] des3Expand(byte[] input, int start, int end) {
- if ((end - start) != 7)
- throw new IllegalArgumentException(
- "Invalid length of DES Key Value:" + start + "," + end);
-
- byte[] result = new byte[8];
- byte last = 0;
- System.arraycopy(input, start, result, 0, 7);
- byte posn = 0;
-
- // Fill in last row
- for (int i = start; i < end; i++) {
- byte bit = (byte) (input[i]&0x01);
-
- ++posn;
- if (bit != 0) {
- last |= (bit<<posn);
- }
- }
-
- result[7] = last;
- setParityBit(result);
- return result;
- }
-
- /**
- * Sets the parity bit (0th bit) in each byte so that each byte
- * contains an odd number of 1's.
- */
- private static void setParityBit(byte[] key) {
- for (int i = 0; i < key.length; i++) {
- int b = key[i] & 0xfe;
- b |= (Integer.bitCount(b) & 1) ^ 1;
- key[i] = (byte) b;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/DesKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/DesKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/DesKeyMaker.java
deleted file mode 100644
index d8c2009..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/DesKeyMaker.java
+++ /dev/null
@@ -1,157 +0,0 @@
-package org.haox.kerb.crypto.key;
-
-import org.haox.kerb.crypto.BytesUtil;
-import org.haox.kerb.crypto.Des;
-import org.haox.kerb.crypto.enc.EncryptProvider;
-import org.haox.kerb.KrbException;
-
-public class DesKeyMaker extends AbstractKeyMaker {
-
- private static final byte[] goodParity = {
- 1, 1, 2, 2, 4, 4, 7, 7,
- 8, 8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22,
- 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38,
- 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55,
- 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70,
- 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87,
- 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98, 100, 100, 103, 103,
- 104, 104, 107, 107, 109, 109, 110, 110,
- 112, 112, 115, 115, 117, 117, 118, 118,
- 121, 121, 122, 122, 124, 124, 127, 127,
- (byte)128, (byte)128, (byte)131, (byte)131,
- (byte)133, (byte)133, (byte)134, (byte)134,
- (byte)137, (byte)137, (byte)138, (byte)138,
- (byte)140, (byte)140, (byte)143, (byte)143,
- (byte)145, (byte)145, (byte)146, (byte)146,
- (byte)148, (byte)148, (byte)151, (byte)151,
- (byte)152, (byte)152, (byte)155, (byte)155,
- (byte)157, (byte)157, (byte)158, (byte)158,
- (byte)161, (byte)161, (byte)162, (byte)162,
- (byte)164, (byte)164, (byte)167, (byte)167,
- (byte)168, (byte)168, (byte)171, (byte)171,
- (byte)173, (byte)173, (byte)174, (byte)174,
- (byte)176, (byte)176, (byte)179, (byte)179,
- (byte)181, (byte)181, (byte)182, (byte)182,
- (byte)185, (byte)185, (byte)186, (byte)186,
- (byte)188, (byte)188, (byte)191, (byte)191,
- (byte)193, (byte)193, (byte)194, (byte)194,
- (byte)196, (byte)196, (byte)199, (byte)199,
- (byte)200, (byte)200, (byte)203, (byte)203,
- (byte)205, (byte)205, (byte)206, (byte)206,
- (byte)208, (byte)208, (byte)211, (byte)211,
- (byte)213, (byte)213, (byte)214, (byte)214,
- (byte)217, (byte)217, (byte)218, (byte)218,
- (byte)220, (byte)220, (byte)223, (byte)223,
- (byte)224, (byte)224, (byte)227, (byte)227,
- (byte)229, (byte)229, (byte)230, (byte)230,
- (byte)233, (byte)233, (byte)234, (byte)234,
- (byte)236, (byte)236, (byte)239, (byte)239,
- (byte)241, (byte)241, (byte)242, (byte)242,
- (byte)244, (byte)244, (byte)247, (byte)247,
- (byte)248, (byte)248, (byte)251, (byte)251,
- (byte)253, (byte)253, (byte)254, (byte)254
- };
-
- public DesKeyMaker(EncryptProvider encProvider) {
- super(encProvider);
- }
-
- @Override
- public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
- String error = null;
- int type = 0;
-
- if (param != null) {
- if (param.length != 1) {
- error = "Invalid param to S2K";
- }
- type = param[0];
- if (type != 0 && type != 1) {
- error = "Invalid param to S2K";
- }
- }
- if (type == 1) {
- error = "AFS not supported yet";
- }
-
- if (error != null) {
- throw new KrbException(error);
- }
-
- char[] passwdSalt = makePasswdSalt(string, salt);
- byte[] key = passwd2key(passwdSalt);
- return key;
- }
-
- @Override
- public byte[] random2Key(byte[] randomBits) throws KrbException {
- return randomBits;
- }
-
- public static final void setParity(byte[] key) {
- for (int i=0; i < 8; i++) {
- key[i] = goodParity[key[i] & 0xff];
- }
- }
-
- private long passwd2long(byte[] passwdBytes) {
- int keySize = 8;
-
- long lKey = 0;
- int n = passwdBytes.length / keySize;
- long l, l1, l2 = 0;
- for (int i = 0; i < n; i++) {
- l = BytesUtil.bytes2long(passwdBytes,
- i * keySize, true) & 0x7f7f7f7f7f7f7f7fL;
- if (i % 2 == 1) {
- l1 = 0;
- for (int j = 0; j < 64; j++) {
- l1 |= ((l & (1L << j)) >>> j) << (63 - j);
- }
- l = l1 >>> 1;
- }
- lKey ^= (l << 1);
- }
-
- return lKey;
- }
-
- private byte[] passwd2key(char[] passwdChars) throws KrbException {
- int keySize = 8;
-
- byte[] bytes = (new String(passwdChars)).getBytes();
- byte[] passwdBytes = BytesUtil.padding(bytes, keySize);
- long lKey = passwd2long(passwdBytes);
-
- byte[] keyBytes = BytesUtil.long2bytes(lKey, true);
- fixKey(keyBytes);
-
- byte[] iv = keyBytes;
- byte[] encKey = keyBytes;
-
- byte[] bKey = null;
- if (encProvider().supportCbcMac()) {
- bKey = encProvider().cbcMac(iv, encKey, passwdBytes);
- } else {
- throw new KrbException("cbcMac should be supported by the provider: "
- + encProvider().getClass());
- }
-
- fixKey(bKey);
-
- return bKey;
- }
-
- private void fixKey(byte[] key) {
- setParity(key);
- if (Des.isWeakKey(key)) {
- Des.fixKey(key);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/DkKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/DkKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/DkKeyMaker.java
deleted file mode 100644
index 1fa6019..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/DkKeyMaker.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package org.haox.kerb.crypto.key;
-
-import org.haox.kerb.KrbException;
-import org.haox.kerb.crypto.Nfold;
-import org.haox.kerb.crypto.enc.EncryptProvider;
-
-public abstract class DkKeyMaker extends AbstractKeyMaker {
-
- public DkKeyMaker(EncryptProvider encProvider) {
- super(encProvider);
- }
-
- // DK(Key, Constant) = random-to-key(DR(Key, Constant))
- public byte[] dk(byte[] key, byte[] constant) throws KrbException {
- return random2Key(dr(key, constant));
- }
-
- /*
- * K1 = E(Key, n-fold(Constant), initial-cipher-state)
- * K2 = E(Key, K1, initial-cipher-state)
- * K3 = E(Key, K2, initial-cipher-state)
- * K4 = ...
- * DR(Key, Constant) = k-truncate(K1 | K2 | K3 | K4 ...)
- */
- protected byte[] dr(byte[] key, byte[] constant) throws KrbException {
-
- int blocksize = encProvider().blockSize();
- int keyInuptSize = encProvider().keyInputSize();
- byte[] keyBytes = new byte[keyInuptSize];
- byte[] Ki;
-
- if (constant.length != blocksize) {
- Ki = Nfold.nfold(constant, blocksize);
- } else {
- Ki = new byte[constant.length];
- System.arraycopy(constant, 0, Ki, 0, constant.length);
- }
-
- int n = 0, len;
- while (n < keyInuptSize) {
- encProvider().encrypt(key, Ki);
-
- if (n + blocksize >= keyInuptSize) {
- System.arraycopy(Ki, 0, keyBytes, n, keyInuptSize - n);
- break;
- }
-
- System.arraycopy(Ki, 0, keyBytes, n, blocksize);
- n += blocksize;
- }
-
- return keyBytes;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/KeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/KeyMaker.java
deleted file mode 100644
index 999a30c..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/KeyMaker.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package org.haox.kerb.crypto.key;
-
-import org.haox.kerb.KrbException;
-
-public interface KeyMaker {
-
- public byte[] str2key(String string, String salt, byte[] param) throws KrbException;
-
- public byte[] random2Key(byte[] randomBits) throws KrbException;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/Rc4KeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/Rc4KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/Rc4KeyMaker.java
deleted file mode 100644
index e1d6aa3..0000000
--- a/haox-kerb/kerb-crypto/src/main/java/org/haox/kerb/crypto/key/Rc4KeyMaker.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package org.haox.kerb.crypto.key;
-
-import org.haox.kerb.crypto.enc.EncryptProvider;
-import org.haox.kerb.KrbException;
-import sun.security.provider.MD4;
-
-import java.io.UnsupportedEncodingException;
-import java.security.MessageDigest;
-
-public class Rc4KeyMaker extends AbstractKeyMaker {
-
- public Rc4KeyMaker(EncryptProvider encProvider) {
- super(encProvider);
- }
-
- @Override
- public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
-
- if (param != null && param.length > 0) {
- throw new RuntimeException("Invalid param to str2Key");
- }
-
- try {
- byte[] passwd = string.getBytes("UTF-16LE"); // to unicode
- MessageDigest md = MD4.getInstance();
- md.update(passwd);
- return md.digest();
- } catch (UnsupportedEncodingException e) {
- throw new KrbException("str2key failed", e);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CamelliaEncTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CamelliaEncTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CamelliaEncTest.java
new file mode 100644
index 0000000..b8bbf19
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CamelliaEncTest.java
@@ -0,0 +1,93 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia256Provider;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public class CamelliaEncTest {
+
+ private List<String> outputs = new ArrayList<String>();
+ private int keySize;
+
+ private byte[] plain = new byte[16];
+ private byte[] cipher = new byte[16];
+ private EncryptProvider encProvider;
+
+ private List<String> getExpectedLines() throws IOException {
+ InputStream res = CamelliaEncTest.class.getResourceAsStream("/camellia-expect-vt.txt");
+ BufferedReader br = new BufferedReader(new InputStreamReader(res));
+
+ List<String> results = new ArrayList<String>();
+ String line;
+ while ((line = br.readLine()) != null) {
+ line = line.trim();
+ if (! line.isEmpty()) {
+ results.add(line);
+ }
+ }
+ return results;
+ }
+
+ @Test
+ public void testEnc() throws IOException, KrbException {
+ List<String> expectedLines = getExpectedLines();
+
+ testWith(16);
+ outputs.add("==========");
+ testWith(32);
+ outputs.add("==========");
+
+ List<String> newLines = expectedLines;
+ Assert.assertEquals("Comparing new lines with expected lines",
+ expectedLines, outputs);
+ }
+
+ private void testWith(int keySize) throws KrbException {
+ this.keySize = keySize;
+ outputs.add("KEYSIZE=" + (keySize * 8));
+
+ encProvider = keySize == 16 ?
+ new Camellia128Provider() : new Camellia256Provider();
+
+ byte[] key = new byte[keySize];
+ Arrays.fill(key, (byte) 0);
+ hexDump("KEY", key);
+
+ for (int i = 0; i < 16 * 8; ++i) {
+ Arrays.fill(plain, (byte) 0);
+ setBit(plain, i);
+ outputs.add("I=" + (i + 1));
+ hexDump("PT", plain);
+ encWith(key);
+ hexDump("CT", cipher);
+ }
+ }
+
+ private void hexDump(String label, byte[] bytes) {
+ String line = label + "=" + Util.bytesToHex(bytes);
+ outputs.add(line);
+ }
+
+ private static void setBit(byte[] bytes, int bitnum) {
+ int bytenum = bitnum / 8;
+ bitnum %= 8;
+ // First bit is the high bit!
+ bytes[bytenum] = (byte) (1 << (7 - bitnum));
+ }
+
+ private void encWith(byte[] key) throws KrbException {
+ System.arraycopy(plain, 0, cipher, 0, plain.length);
+ encProvider.encrypt(key, cipher);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumTest.java
new file mode 100644
index 0000000..f5fac4c
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumTest.java
@@ -0,0 +1,89 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.spec.common.*;
+import org.junit.Test;
+
+/**
+ * Only used to test for rsa-md4-des and rsa-md5-des
+ */
+public class CheckSumTest {
+
+ static class CksumTest {
+ CheckSumType cksumType;
+ String plainText;
+ String knownChecksum;
+
+ CksumTest(CheckSumType cksumType, String plainText, String knownChecksum) {
+ this.cksumType = cksumType;
+ this.plainText = plainText;
+ this.knownChecksum = knownChecksum;
+ }
+ }
+
+ static CksumTest[] testCases = new CksumTest[] {
+ new CksumTest(
+ CheckSumType.RSA_MD4_DES,
+ "this is a test",
+ "e3f76a07f3401e3536b43a3f54226c39422c35682c354835"
+ ),
+ new CksumTest(
+ CheckSumType.RSA_MD5_DES,
+ "this is a test",
+ "e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53"
+ )
+ };
+
+ static byte[] TESTKEY = { (byte)0x45, (byte)0x01, (byte)0x49, (byte)0x61, (byte)0x58,
+ (byte)0x19, (byte)0x1a, (byte)0x3d };
+
+ @Test
+ public void testCheckSums() {
+ for (CksumTest tc : testCases) {
+ System.err.println("Checksum testing for " + tc.cksumType.getName());
+ try {
+ testWith(tc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ private void testWith(CksumTest testCase) throws Exception {
+ byte[] knownChecksum = Util.hex2bytes(testCase.knownChecksum);
+ byte[] plainData = testCase.plainText.getBytes();
+ CheckSum newCksum;
+
+ if (! CheckSumHandler.isImplemented(testCase.cksumType)) {
+ System.err.println("Checksum type not supported yet: "
+ + testCase.cksumType.getName());
+ return;
+ }
+
+ EncryptionKey key = new EncryptionKey(EncryptionType.DES_CBC_CRC, TESTKEY);
+
+ newCksum = CheckSumHandler.checksumWithKey(testCase.cksumType, plainData, key.getKeyData(), KeyUsage.NONE);
+
+ if (CheckSumHandler.verifyWithKey(newCksum, plainData, key.getKeyData(), KeyUsage.NONE)) {
+ System.err.println("Checksum verifying is OK for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum verifying failed for " + testCase.cksumType.getName());
+ }
+
+ // corrupt and verify again
+ byte[] cont = newCksum.getChecksum();
+ cont[0]++;
+ newCksum.setChecksum(cont);
+ if (CheckSumHandler.verifyWithKey(newCksum, plainData, key.getKeyData(), KeyUsage.NONE)) {
+ System.err.println("Checksum verifying failed with corrupt data for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum verifying is OK with corrupt data for " + testCase.cksumType.getName());
+ }
+
+ CheckSum knwnCksum = new CheckSum(testCase.cksumType, knownChecksum);
+ if (CheckSumHandler.verifyWithKey(knwnCksum, plainData, key.getKeyData(), KeyUsage.NONE)) {
+ System.err.println("Checksum verifying is OK with known checksum for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum verifying failed with known checksum for " + testCase.cksumType.getName());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumsTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumsTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumsTest.java
new file mode 100644
index 0000000..340178d
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CheckSumsTest.java
@@ -0,0 +1,163 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+import org.junit.Test;
+
+/**
+ * These are to test the checksums of good answers, and the checksums
+ * are deterministic. For other cases, look at CheckSumTest.
+ */
+public class CheckSumsTest {
+
+ static class CksumTest {
+ String plainText;
+ CheckSumType cksumType;
+ EncryptionType encType;
+ String key;
+ int keyUsage;
+ String answer;
+
+ CksumTest(String plainText, CheckSumType cksumType, EncryptionType encType,
+ int keyUsage, String key, String answer) {
+ this.plainText = plainText;
+ this.cksumType = cksumType;
+ this.encType = encType;
+ this.key = key;
+ this.keyUsage = keyUsage;
+ this.answer = answer;
+ }
+ }
+
+ static CksumTest[] testCases = new CksumTest[] {
+ new CksumTest(
+ "abc",
+ CheckSumType.CRC32, EncryptionType.NONE, 0, "",
+ "D09865CA"
+ ),
+ new CksumTest(
+ "one",
+ CheckSumType.RSA_MD4, EncryptionType.NONE, 0, "",
+ "305DCC2C0FDD5339969552C7B8996348"
+ ),
+ new CksumTest(
+ "two three four five",
+ CheckSumType.RSA_MD5, EncryptionType.NONE, 0, "",
+ "BAB5321551E1084490869635B3C26815"
+ ),
+ new CksumTest(
+ "",
+ CheckSumType.NIST_SHA, EncryptionType.NONE, 0, "",
+ "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709"
+ ),
+ new CksumTest(
+ "six seven",
+ CheckSumType.HMAC_SHA1_DES3, EncryptionType.DES3_CBC_SHA1, 2,
+ "7A25DF8992296DCEDA0E135BC4046E2375B3C14C98FBC162",
+ "0EEFC9C3E049AABC1BA5C401677D9AB699082BB4"
+ ),
+ new CksumTest(
+ "eight nine ten eleven twelve thirteen",
+ CheckSumType.HMAC_SHA1_96_AES128, EncryptionType.AES128_CTS_HMAC_SHA1_96, 3,
+ "9062430C8CDA3388922E6D6A509F5B7A",
+ "01A4B088D45628F6946614E3"
+ ),
+ new CksumTest(
+ "fourteen",
+ CheckSumType.HMAC_SHA1_96_AES256, EncryptionType.AES256_CTS_HMAC_SHA1_96, 4,
+ "B1AE4CD8462AFF1677053CC9279AAC30B796FB81CE21474DD3DDBCFEA4EC76D7",
+ "E08739E3279E2903EC8E3836"
+ ),
+ new CksumTest(
+ "fifteen sixteen",
+ CheckSumType.MD5_HMAC_ARCFOUR, EncryptionType.ARCFOUR_HMAC, 5,
+ "F7D3A155AF5E238A0B7A871A96BA2AB2",
+ "9F41DF304907DE735447001FD2A197B9"
+ ),
+ new CksumTest(
+ "seventeen eighteen nineteen twenty",
+ CheckSumType.HMAC_MD5_ARCFOUR, EncryptionType.ARCFOUR_HMAC, 6,
+ "F7D3A155AF5E238A0B7A871A96BA2AB2",
+ "EB38CC97E2230F59DA4117DC5859D7EC"
+ ),
+ new CksumTest(
+ "abcdefghijk",
+ CheckSumType.CMAC_CAMELLIA128, EncryptionType.CAMELLIA128_CTS_CMAC, 7,
+ "1DC46A8D763F4F93742BCBA3387576C3",
+ "1178E6C5C47A8C1AE0C4B9C7D4EB7B6B"
+ ),
+ new CksumTest(
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+ CheckSumType.CMAC_CAMELLIA128, EncryptionType.CAMELLIA128_CTS_CMAC, 8,
+ "5027BC231D0F3A9D23333F1CA6FDBE7C",
+ "D1B34F7004A731F23A0C00BF6C3F753A"
+ ),
+ new CksumTest(
+ "123456789",
+ CheckSumType.CMAC_CAMELLIA256, EncryptionType.CAMELLIA256_CTS_CMAC, 9,
+ "B61C86CC4E5D2757545AD423399FB7031ECAB913CBB900BD7A3C6DD8BF92015B",
+ "87A12CFD2B96214810F01C826E7744B1"
+ ),
+ new CksumTest(
+ "!@#$%^&*()!@#$%^&*()!@#$%^&*()",
+ CheckSumType.CMAC_CAMELLIA256, EncryptionType.CAMELLIA256_CTS_CMAC, 10,
+ "32164C5B434D1D1538E4CFD9BE8040FE8C4AC7ACC4B93D3314D2133668147A05",
+ "3FA0B42355E52B189187294AA252AB64"
+ )
+ };
+
+ @Test
+ public void testCheckSums() {
+ for (CksumTest tc : testCases) {
+ System.err.println("Checksum testing for " + tc.cksumType.getName());
+ try {
+ testWith(tc);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ private void testWith(CksumTest testCase) throws Exception {
+ byte[] answer = Util.hex2bytes(testCase.answer);
+ byte[] plainData = testCase.plainText.getBytes();
+ CheckSum newCksum;
+
+ if (! CheckSumHandler.isImplemented(testCase.cksumType)) {
+ System.err.println("Checksum type not supported yet: "
+ + testCase.cksumType.getName());
+ return;
+ }
+
+ if (testCase.encType != EncryptionType.NONE) {
+ if (! EncryptionHandler.isImplemented(testCase.encType)) {
+ System.err.println("Key type not supported yet: " + testCase.encType.getName());
+ return;
+ }
+
+ byte[] key = Util.hex2bytes(testCase.key);
+ KeyUsage keyUsage = KeyUsage.fromValue(testCase.keyUsage);
+ newCksum = CheckSumHandler.checksumWithKey(testCase.cksumType, plainData, key, keyUsage);
+ if (CheckSumHandler.verifyWithKey(newCksum, plainData, key, keyUsage)) {
+ System.err.println("Checksum test OK for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum test failed for " + testCase.cksumType.getName());
+ }
+ } else {
+ newCksum = CheckSumHandler.checksum(testCase.cksumType, plainData);
+ if (CheckSumHandler.verify(newCksum, plainData)) {
+ System.err.println("Checksum and verifying OK for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum and verifying failed for " + testCase.cksumType.getName());
+ }
+ }
+
+ if (! newCksum.isEqual(answer)) {
+ System.err.println("Checksum test failed for " + testCase.cksumType.getName());
+ } else {
+ System.err.println("Checksum test OK for " + testCase.cksumType.getName());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CmacTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CmacTest.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CmacTest.java
new file mode 100644
index 0000000..c8bbcd6
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/CmacTest.java
@@ -0,0 +1,65 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
+import org.apache.kerberos.kerb.crypto.enc.provider.Camellia128Provider;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class CmacTest {
+
+ /* All examples use the following Camellia-128 key. */
+ static String keyBytes = "2b7e151628aed2a6" +
+ "abf7158809cf4f3c";
+
+ /* Example inputs are this message truncated to 0, 16, 40, and 64 bytes. */
+ static String inputBytes = "6bc1bee22e409f96" +
+ "e93d7e117393172a" +
+ "ae2d8a571e03ac9c" +
+ "9eb76fac45af8e51" +
+ "30c81c46a35ce411" +
+ "e5fbc1191a0a52ef" +
+ "f69f2445df4f9b17" +
+ "ad2b417be66c3710";
+
+ /* Expected result of CMAC on empty inputBytes. */
+ static String cmac1 = "ba925782aaa1f5d9" +
+ "a00f89648094fc71";
+
+ /* Expected result of CMAC on first 16 bytes of inputBytes. */
+ static String cmac2 = "6d962854a3b9fda5" +
+ "6d7d45a95ee17993";
+
+ /* Expected result of CMAC on first 40 bytes of inputBytes. */
+ static String cmac3 = "5c18d119ccd67661" +
+ "44ac1866131d9f22";
+
+ /* Expected result of CMAC on all 64 bytes of inputBytes. */
+ static String cmac4 = "c2699a6eba55ce9d" +
+ "939a8a4e19466ee9";
+
+
+ @Test
+ public void testCmac() throws KrbException, KrbException {
+ byte[] key = Util.hex2bytes(keyBytes);
+ byte[] input = Util.hex2bytes(inputBytes);
+ EncryptProvider encProvider = new Camellia128Provider();
+ byte[] result;
+
+ // test 1
+ result = Cmac.cmac(encProvider, key, input, 0, 0);
+ Assert.assertArrayEquals("Test 1", Util.hex2bytes(cmac1), result);
+
+ // test 2
+ result = Cmac.cmac(encProvider, key, input, 0, 16);
+ Assert.assertArrayEquals("Test 2", Util.hex2bytes(cmac2), result);
+
+ // test 3
+ result = Cmac.cmac(encProvider, key, input, 0, 40);
+ Assert.assertArrayEquals("Test 3", Util.hex2bytes(cmac3), result);
+
+ // test 4
+ result = Cmac.cmac(encProvider, key, input, 0, 64);
+ Assert.assertArrayEquals("Test 4", Util.hex2bytes(cmac4), result);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/967d7e1c/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/Crc32Test.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/Crc32Test.java b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/Crc32Test.java
new file mode 100644
index 0000000..91048a1
--- /dev/null
+++ b/haox-kerb/kerb-crypto/src/test/java/org/apache/kerberos/kerb/crypto/Crc32Test.java
@@ -0,0 +1,99 @@
+package org.apache.kerberos.kerb.crypto;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class Crc32Test {
+
+ static class TestCase {
+ String data;
+ long answer;
+
+ public TestCase(String data, long answer) {
+ this.data = data;
+ this.answer = answer;
+ }
+ }
+
+ static TestCase[] testCases = new TestCase[] {
+ new TestCase("01", 0x77073096),
+ new TestCase("02", 0xee0e612c),
+ new TestCase("04", 0x076dc419),
+ new TestCase("08", 0x0edb8832),
+ new TestCase("10", 0x1db71064),
+ new TestCase("20", 0x3b6e20c8),
+ new TestCase("40", 0x76dc4190),
+ new TestCase("80", 0xedb88320),
+ new TestCase("0100", 0x191b3141),
+ new TestCase("0200", 0x32366282),
+ new TestCase("0400", 0x646cc504),
+ new TestCase("0800", 0xc8d98a08),
+ new TestCase("1000", 0x4ac21251),
+ new TestCase("2000", 0x958424a2),
+ new TestCase("4000", 0xf0794f05),
+ new TestCase("8000", 0x3b83984b),
+ new TestCase("0001", 0x77073096),
+ new TestCase("0002", 0xee0e612c),
+ new TestCase("0004", 0x076dc419),
+ new TestCase("0008", 0x0edb8832),
+ new TestCase("0010", 0x1db71064),
+ new TestCase("0020", 0x3b6e20c8),
+ new TestCase("0040", 0x76dc4190),
+ new TestCase("0080", 0xedb88320),
+ new TestCase("01000000", 0xb8bc6765),
+ new TestCase("02000000", 0xaa09c88b),
+ new TestCase("04000000", 0x8f629757),
+ new TestCase("08000000", 0xc5b428ef),
+ new TestCase("10000000", 0x5019579f),
+ new TestCase("20000000", 0xa032af3e),
+ new TestCase("40000000", 0x9b14583d),
+ new TestCase("80000000", 0xed59b63b),
+ new TestCase("00010000", 0x01c26a37),
+ new TestCase("00020000", 0x0384d46e),
+ new TestCase("00040000", 0x0709a8dc),
+ new TestCase("00080000", 0x0e1351b8),
+ new TestCase("00100000", 0x1c26a370),
+ new TestCase("00200000", 0x384d46e0),
+ new TestCase("00400000", 0x709a8dc0),
+ new TestCase("00800000", 0xe1351b80),
+ new TestCase("00000100", 0x191b3141),
+ new TestCase("00000200", 0x32366282),
+ new TestCase("00000400", 0x646cc504),
+ new TestCase("00000800", 0xc8d98a08),
+ new TestCase("00001000", 0x4ac21251),
+ new TestCase("00002000", 0x958424a2),
+ new TestCase("00004000", 0xf0794f05),
+ new TestCase("00008000", 0x3b83984b),
+ new TestCase("00000001", 0x77073096),
+ new TestCase("00000002", 0xee0e612c),
+ new TestCase("00000004", 0x076dc419),
+ new TestCase("00000008", 0x0edb8832),
+ new TestCase("00000010", 0x1db71064),
+ new TestCase("00000020", 0x3b6e20c8),
+ new TestCase("00000040", 0x76dc4190),
+ new TestCase("00000080", 0xedb88320),
+ new TestCase("666F6F", 0x7332bc33),
+ new TestCase("7465737430313233343536373839", 0xb83e88d6),
+ new TestCase("4D4153534143485653455454532049" +
+ "4E53544954565445204F4620544543484E4F4C4F4759", 0xe34180f7)
+ };
+
+ @Test
+ public void testCrc32() {
+ boolean isOk = true;
+ for (TestCase tc : testCases) {
+ if (! testWith(tc)) {
+ isOk = false;
+ System.err.println("Test with data " + tc.data + " failed");
+ }
+ }
+
+ Assert.assertTrue(isOk);
+ }
+
+ private boolean testWith(TestCase testCase) {
+ byte[] data = Util.hex2bytes(testCase.data);
+ long value = Crc32.crc(0, data, 0, data.length);
+ return value == testCase.answer;
+ }
+}