You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/12 14:06:50 UTC
[42/50] [abbrv] directory-kerberos git commit: Refactoring and clean
up
Refactoring and clean up
Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/0702084e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/0702084e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/0702084e
Branch: refs/heads/master
Commit: 0702084e83ceada8a4766147f50bfa86fa374275
Parents: b1df288
Author: Drankye <dr...@gmail.com>
Authored: Sun Dec 28 07:38:57 2014 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Sun Dec 28 07:38:57 2014 +0800
----------------------------------------------------------------------
.../org/apache/kerberos/kerb/crypto/Des.java | 18 ++--
.../org/apache/kerberos/kerb/crypto/Rc4.java | 27 ++++--
.../kerberos/kerb/crypto/key/Des3KeyMaker.java | 89 ++++++--------------
.../kerberos/kerb/crypto/key/DesKeyMaker.java | 4 +-
4 files changed, 59 insertions(+), 79 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/0702084e/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java
index 74a4e49..54fbc3b 100644
--- a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Des.java
@@ -37,10 +37,15 @@ public class Des {
{(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xe0,(byte) 0xfe,(byte) 0xf1,(byte) 0xfe,(byte) 0xf1}
};
- public static boolean isWeakKey(byte[] key) {
+ public static boolean isWeakKey(byte[] key, int offset, int len) {
for (byte[] weakKey : WEAK_KEYS) {
- if (Arrays.equals(weakKey, key)) {
- return true;
+ if (weakKey.length != len)
+ return false;
+
+ for (int i = 0; i < len; i++) {
+ if (weakKey[i] != key[i]) {
+ return false;
+ }
}
}
return false;
@@ -49,10 +54,9 @@ public class Des {
/**
* MIT krb5 FIXUP(k) in s2k_des.c
*/
- public static byte[] fixKey(byte[] key) {
- if (isWeakKey(key)) {
- key[7] ^= (byte) 0xf0;
+ public static void fixKey(byte[] key, int offset, int len) {
+ if (isWeakKey(key, offset, len)) {
+ key[offset + 7] ^= (byte) 0xf0;
}
- return key;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/0702084e/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java
index 43613b9..1253a8f 100644
--- a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/Rc4.java
@@ -1,30 +1,43 @@
package org.apache.kerberos.kerb.crypto;
+/**
+ * Based on MIT krb5 enc_rc4.c
+ */
public class Rc4 {
private static byte[] L40 = "fortybits".getBytes();
public static byte[] getSalt(int usage, boolean exportable) {
- int msUsage = convertUsage(usage);
+ int newUsage = convertUsage(usage);
byte[] salt;
if (exportable) {
salt = new byte[14];
System.arraycopy(L40, 0, salt, 0, 9);
- BytesUtil.int2bytes(msUsage, salt, 10, false);
+ BytesUtil.int2bytes(newUsage, salt, 10, false);
} else {
salt = new byte[4];
- BytesUtil.int2bytes(msUsage, salt, 0, false);
+ BytesUtil.int2bytes(newUsage, salt, 0, false);
}
return salt;
}
- public static int convertUsage(int usage) {
+ private static int convertUsage(int usage) {
switch (usage) {
- case 3: return 8;
- case 9: return 8;
- case 23: return 13;
+ case 1: return 1; /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, */
+ case 2: return 2; /* ticket from kdc */
+ case 3: return 8; /* as-rep encrypted part */
+ case 4: return 4; /* tgs-req authz data */
+ case 5: return 5; /* tgs-req authz data in subkey */
+ case 6: return 6; /* tgs-req authenticator cksum */
+ case 7: return 7; /* tgs-req authenticator */
+ case 8: return 8;
+ case 9: return 9; /* tgs-rep encrypted with subkey */
+ case 10: return 10; /* ap-rep authentication cksum (never used by MS) */
+ case 11: return 11; /* app-req authenticator */
+ case 12: return 12; /* app-rep encrypted part */
+ case 23: return 13; /* sign wrap token*/
default: return usage;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/0702084e/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java
index e3ae1c9..3f13899 100644
--- a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/Des3KeyMaker.java
@@ -1,9 +1,9 @@
package org.apache.kerberos.kerb.crypto.key;
+import org.apache.kerberos.kerb.KrbException;
import org.apache.kerberos.kerb.crypto.Des;
import org.apache.kerberos.kerb.crypto.Nfold;
import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
-import org.apache.kerberos.kerb.KrbException;
import java.io.UnsupportedEncodingException;
@@ -26,76 +26,39 @@ public class Des3KeyMaker extends DkKeyMaker {
}
}
- /*
- * The 168 bits of random key data are converted to a protocol key value
- * as follows. First, the 168 bits are divided into three groups of 56
- * bits, which are expanded individually into 64 bits as in des3Expand().
- * Result is a 24 byte (192-bit) key.
- */
@Override
public byte[] random2Key(byte[] randomBits) throws KrbException {
- byte[] one = Des.fixKey(des3Expand(randomBits, 0, 7));
- byte[] two = Des.fixKey(des3Expand(randomBits, 7, 14));
- byte[] three = Des.fixKey(des3Expand(randomBits, 14, 21));
-
+ /**
+ * Ref. k5_rand2key_des3 in random_to_key.c
+ * Take the seven bytes, move them around into the top 7 bits of the
+ * 8 key bytes, then compute the parity bits. Do this three times.
+ */
byte[] key = new byte[24];
- System.arraycopy(one, 0, key, 0, 8);
- System.arraycopy(two, 0, key, 8, 8);
- System.arraycopy(three, 0, key, 16, 8);
-
- return key;
- }
+ int nthByte;
+ int tmp;
+ for (int i = 0; i < 3; i++) {
+ System.arraycopy(randomBits, i * 7, key, i * 8, 7);
+ nthByte = i * 8;
- /**
- * Expands a 7-byte array into an 8-byte array that contains parity bits.
- * The 56 bits are expanded into 64 bits as follows:
- * 1 2 3 4 5 6 7 p
- * 9 10 11 12 13 14 15 p
- * 17 18 19 20 21 22 23 p
- * 25 26 27 28 29 30 31 p
- * 33 34 35 36 37 38 39 p
- * 41 42 43 44 45 46 47 p
- * 49 50 51 52 53 54 55 p
- * 56 48 40 32 24 16 8 p
- *
- * (PI,P2,...,P8) are reserved for parity bits computed on the preceding
- * seven independent bits and set so that the parity of the octet is odd,
- * i.e., there is an odd number of "1" bits in the octet.
- */
- private static byte[] des3Expand(byte[] input, int start, int end) {
- if ((end - start) != 7)
- throw new IllegalArgumentException(
- "Invalid length of DES Key Value:" + start + "," + end);
+ key[nthByte + 7] = (byte) (((key[nthByte + 0] & 1) << 1) |
+ ((key[nthByte + 1] & 1) << 2) |
+ ((key[nthByte + 2] & 1) << 3) |
+ ((key[nthByte + 3] & 1) << 4) |
+ ((key[nthByte + 4] & 1) << 5) |
+ ((key[nthByte + 5] & 1) << 6) |
+ ((key[nthByte + 6] & 1) << 7));
- byte[] result = new byte[8];
- byte last = 0;
- System.arraycopy(input, start, result, 0, 7);
- byte posn = 0;
-
- // Fill in last row
- for (int i = start; i < end; i++) {
- byte bit = (byte) (input[i]&0x01);
-
- ++posn;
- if (bit != 0) {
- last |= (bit<<posn);
+ for (int j = 0; j < 8; j++) {
+ tmp = key[nthByte + j] & 0xfe;
+ tmp |= (Integer.bitCount(tmp) & 1) ^ 1;
+ key[nthByte + j] = (byte) tmp;
}
}
- result[7] = last;
- setParityBit(result);
- return result;
- }
-
- /**
- * Sets the parity bit (0th bit) in each byte so that each byte
- * contains an odd number of 1's.
- */
- private static void setParityBit(byte[] key) {
- for (int i = 0; i < key.length; i++) {
- int b = key[i] & 0xfe;
- b |= (Integer.bitCount(b) & 1) ^ 1;
- key[i] = (byte) b;
+ for (int i = 0; i < 3; i++) {
+ Des.fixKey(key, i * 8, 8);
}
+
+ return key;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/0702084e/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
index 13974e4..dd7877a 100644
--- a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
@@ -150,8 +150,8 @@ public class DesKeyMaker extends AbstractKeyMaker {
private void fixKey(byte[] key) {
setParity(key);
- if (Des.isWeakKey(key)) {
- Des.fixKey(key);
+ if (Des.isWeakKey(key, 0, key.length)) {
+ Des.fixKey(key, 0, key.length);
}
}
}