Author: erodriguez
Date: Tue Nov 9 19:29:34 2004
New Revision: 57122
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcEncryption.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcMd5Encryption.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcSha1Encryption.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcCrcEncryption.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcEncryption.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcMd4Encryption.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcMd5Encryption.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/EncryptionEngine.java
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/NullEncryption.java
Log:
Refactoring. Added template methods getBlockCipher and getChecksumEngine which
allow a good amount of Kerberos cipher text processing to move into the
EncryptionEngine base class. Also eliminated some triplicated block cipher
processing code.
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcEncryption.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcEncryption.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcEncryption.java
Tue Nov 9 19:29:34 2004
@@ -16,50 +16,29 @@
*/
package org.apache.kerberos.crypto.encryption;
-import org.bouncycastle.crypto.engines.*;
-import org.bouncycastle.crypto.modes.*;
-import org.bouncycastle.crypto.params.*;
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.engines.DESedeEngine;
-public abstract class Des3CbcEncryption extends EncryptionEngine {
+public abstract class Des3CbcEncryption extends EncryptionEngine
+{
+ public BlockCipher getBlockCipher()
+ {
+ return new DESedeEngine();
+ }
- public CipherType keyType() {
+ public CipherType keyType()
+ {
return CipherType.DES3;
}
- public int blockSize() {
+ public int blockSize()
+ {
return 8;
}
- public int keySize() {
+ public int keySize()
+ {
return 24;
- }
-
- // TODO - duplicated in CryptoService.
- protected synchronized byte[] processBlockCipher(boolean encrypt,
byte[] data, byte[] key, byte[] ivec) {
- byte[] returnData = new byte[data.length];
- CBCBlockCipher cbcCipher = new CBCBlockCipher(new
DESedeEngine());
- KeyParameter keyParameter = new KeyParameter(key);
-
- if (ivec != null) {
- ParametersWithIV kpWithIV = new
ParametersWithIV(keyParameter, ivec);
- cbcCipher.init(encrypt, kpWithIV);
- } else
- cbcCipher.init(encrypt, keyParameter);
-
- int offset = 0;
- int processedBytesLength = 0;
-
- while (offset < returnData.length) {
- try {
- processedBytesLength =
cbcCipher.processBlock(data, offset, returnData, offset);
- offset += processedBytesLength;
- } catch (Exception e) {
- e.printStackTrace();
- break;
- }
- }
-
- return returnData;
}
}
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcMd5Encryption.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcMd5Encryption.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcMd5Encryption.java
Tue Nov 9 19:29:34 2004
@@ -16,27 +16,39 @@
*/
package org.apache.kerberos.crypto.encryption;
-import org.apache.kerberos.crypto.checksum.*;
+import org.apache.kerberos.crypto.checksum.ChecksumEngine;
+import org.apache.kerberos.crypto.checksum.ChecksumType;
+import org.apache.kerberos.crypto.checksum.RsaMd5Checksum;
-public class Des3CbcMd5Encryption extends Des3CbcEncryption {
+public class Des3CbcMd5Encryption extends Des3CbcEncryption
+{
+ public ChecksumEngine getChecksumEngine()
+ {
+ return new RsaMd5Checksum();
+ }
- public EncryptionType encryptionType() {
+ public EncryptionType encryptionType()
+ {
return EncryptionType.DES3_CBC_MD5;
}
- public ChecksumType checksumType() {
+ public ChecksumType checksumType()
+ {
return ChecksumType.RSA_MD5;
}
- public int confounderSize() {
+ public int confounderSize()
+ {
return 8;
}
- public int checksumSize() {
+ public int checksumSize()
+ {
return 16;
}
- public int minimumPadSize() {
+ public int minimumPadSize()
+ {
return 0;
}
}
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcSha1Encryption.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcSha1Encryption.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/Des3CbcSha1Encryption.java
Tue Nov 9 19:29:34 2004
@@ -16,27 +16,39 @@
*/
package org.apache.kerberos.crypto.encryption;
-import org.apache.kerberos.crypto.checksum.*;
+import org.apache.kerberos.crypto.checksum.ChecksumEngine;
+import org.apache.kerberos.crypto.checksum.ChecksumType;
+import org.apache.kerberos.crypto.checksum.Sha1Checksum;
-public class Des3CbcSha1Encryption extends Des3CbcEncryption {
+public class Des3CbcSha1Encryption extends Des3CbcEncryption
+{
+ public ChecksumEngine getChecksumEngine()
+ {
+ return new Sha1Checksum();
+ }
- public EncryptionType encryptionType() {
+ public EncryptionType encryptionType()
+ {
return EncryptionType.DES3_CBC_SHA1;
}
- public ChecksumType checksumType() {
+ public ChecksumType checksumType()
+ {
return ChecksumType.SHA1;
}
- public int confounderSize() {
+ public int confounderSize()
+ {
return 8;
}
- public int checksumSize() {
+ public int checksumSize()
+ {
return 20;
}
- public int minimumPadSize() {
+ public int minimumPadSize()
+ {
return 0;
}
}
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcCrcEncryption.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcCrcEncryption.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcCrcEncryption.java
Tue Nov 9 19:29:34 2004
@@ -16,31 +16,44 @@
*/
package org.apache.kerberos.crypto.encryption;
-import org.apache.kerberos.crypto.checksum.*;
+import org.apache.kerberos.crypto.checksum.ChecksumEngine;
+import org.apache.kerberos.crypto.checksum.ChecksumType;
+import org.apache.kerberos.crypto.checksum.Crc32Checksum;
+
+public class DesCbcCrcEncryption extends DesCbcEncryption
+{
+ public ChecksumEngine getChecksumEngine()
+ {
+ return new Crc32Checksum();
+ }
-public class DesCbcCrcEncryption extends DesCbcEncryption {
-
- public EncryptionType encryptionType() {
+ public EncryptionType encryptionType()
+ {
return EncryptionType.DES_CBC_CRC;
}
- public ChecksumType checksumType() {
+ public ChecksumType checksumType()
+ {
return ChecksumType.CRC32;
}
- public CipherType cipherType() {
+ public CipherType cipherType()
+ {
return CipherType.DES;
}
- public int confounderSize() {
+ public int confounderSize()
+ {
return 8;
}
- public int checksumSize() {
+ public int checksumSize()
+ {
return 4;
}
- public int minimumPadSize() {
+ public int minimumPadSize()
+ {
return 4;
}
}
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcEncryption.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcEncryption.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcEncryption.java
Tue Nov 9 19:29:34 2004
@@ -16,50 +16,29 @@
*/
package org.apache.kerberos.crypto.encryption;
-import org.bouncycastle.crypto.engines.*;
-import org.bouncycastle.crypto.modes.*;
-import org.bouncycastle.crypto.params.*;
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.engines.DESEngine;
-public abstract class DesCbcEncryption extends EncryptionEngine {
+public abstract class DesCbcEncryption extends EncryptionEngine
+{
+ public BlockCipher getBlockCipher()
+ {
+ return new DESEngine();
+ }
- public CipherType keyType() {
+ public CipherType keyType()
+ {
return CipherType.DES;
}
- public int blockSize() {
+ public int blockSize()
+ {
return 8;
}
- public int keySize() {
+ public int keySize()
+ {
return 8;
- }
-
- // TODO - duplicated in CryptoService.
- protected synchronized byte[] processBlockCipher(boolean encrypt,
byte[] data, byte[] key, byte[] ivec) {
- byte[] returnData = new byte[data.length];
- CBCBlockCipher cbcCipher = new CBCBlockCipher(new DESEngine());
- KeyParameter keyParameter = new KeyParameter(key);
-
- if (ivec != null) {
- ParametersWithIV kpWithIV = new
ParametersWithIV(keyParameter, ivec);
- cbcCipher.init(encrypt, kpWithIV);
- } else
- cbcCipher.init(encrypt, keyParameter);
-
- int offset = 0;
- int processedBytesLength = 0;
-
- while (offset < returnData.length) {
- try {
- processedBytesLength =
cbcCipher.processBlock(data, offset, returnData, offset);
- offset += processedBytesLength;
- } catch (Exception e) {
- e.printStackTrace();
- break;
- }
- }
-
- return returnData;
}
}
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcMd4Encryption.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcMd4Encryption.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcMd4Encryption.java
Tue Nov 9 19:29:34 2004
@@ -16,27 +16,39 @@
*/
package org.apache.kerberos.crypto.encryption;
-import org.apache.kerberos.crypto.checksum.*;
+import org.apache.kerberos.crypto.checksum.ChecksumEngine;
+import org.apache.kerberos.crypto.checksum.ChecksumType;
+import org.apache.kerberos.crypto.checksum.RsaMd4Checksum;
-public class DesCbcMd4Encryption extends DesCbcEncryption {
+public class DesCbcMd4Encryption extends DesCbcEncryption
+{
+ public ChecksumEngine getChecksumEngine()
+ {
+ return new RsaMd4Checksum();
+ }
- public EncryptionType encryptionType() {
+ public EncryptionType encryptionType()
+ {
return EncryptionType.DES_CBC_MD4;
}
- public ChecksumType checksumType() {
+ public ChecksumType checksumType()
+ {
return ChecksumType.RSA_MD4;
}
- public int confounderSize() {
+ public int confounderSize()
+ {
return 8;
}
- public int checksumSize() {
+ public int checksumSize()
+ {
return 16;
}
- public int minimumPadSize() {
+ public int minimumPadSize()
+ {
return 0;
}
}
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcMd5Encryption.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcMd5Encryption.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/DesCbcMd5Encryption.java
Tue Nov 9 19:29:34 2004
@@ -16,27 +16,39 @@
*/
package org.apache.kerberos.crypto.encryption;
-import org.apache.kerberos.crypto.checksum.*;
+import org.apache.kerberos.crypto.checksum.ChecksumEngine;
+import org.apache.kerberos.crypto.checksum.ChecksumType;
+import org.apache.kerberos.crypto.checksum.RsaMd5Checksum;
-public class DesCbcMd5Encryption extends DesCbcEncryption {
+public class DesCbcMd5Encryption extends DesCbcEncryption
+{
+ public ChecksumEngine getChecksumEngine()
+ {
+ return new RsaMd5Checksum();
+ }
- public EncryptionType encryptionType() {
+ public EncryptionType encryptionType()
+ {
return EncryptionType.DES_CBC_MD5;
}
- public ChecksumType checksumType() {
+ public ChecksumType checksumType()
+ {
return ChecksumType.RSA_MD5;
}
- public int confounderSize() {
+ public int confounderSize()
+ {
return 8;
}
- public int checksumSize() {
+ public int checksumSize()
+ {
return 16;
}
- public int minimumPadSize() {
+ public int minimumPadSize()
+ {
return 0;
}
}
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/EncryptionEngine.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/EncryptionEngine.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/EncryptionEngine.java
Tue Nov 9 19:29:34 2004
@@ -16,46 +16,162 @@
*/
package org.apache.kerberos.crypto.encryption;
-import org.apache.kerberos.crypto.*;
-import org.apache.kerberos.crypto.checksum.*;
-import org.apache.kerberos.kdc.*;
+import org.apache.kerberos.crypto.checksum.ChecksumEngine;
+import org.apache.kerberos.crypto.checksum.ChecksumType;
+import org.apache.kerberos.kdc.KerberosException;
+import org.apache.kerberos.messages.value.EncryptedData;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+
+import java.security.SecureRandom;
+
+public abstract class EncryptionEngine
+{
+ private static final SecureRandom random = new SecureRandom();
-public abstract class EncryptionEngine {
+ public abstract ChecksumEngine getChecksumEngine();
+ public abstract BlockCipher getBlockCipher();
public abstract EncryptionType encryptionType();
-
public abstract ChecksumType checksumType();
-
public abstract CipherType keyType();
-
public abstract int confounderSize();
-
public abstract int checksumSize();
-
public abstract int blockSize();
-
public abstract int minimumPadSize();
-
public abstract int keySize();
- protected abstract byte[] processBlockCipher(boolean encrypt, byte[]
data, byte[] key, byte[] ivec);
+ public byte[] getDecryptedData( EncryptionKey key, EncryptedData data )
+ throws KerberosException
+ {
+ byte[] decryptedData = decrypt( data.getCipherText(),
key.getKeyValue() );
+
+ return removeBytes( decryptedData, confounderSize(),
checksumSize() );
+ }
+
+ public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText
)
+ throws KerberosException
+ {
+ byte[] conFounder = getRandomBytes(confounderSize());
+ byte[] zeroedChecksum = new byte[checksumSize()];
+ byte[] paddedPlainText = padString(plainText);
+ byte[] dataBytes = concatenateBytes(conFounder,
concatenateBytes(zeroedChecksum, paddedPlainText));
+ byte[] checksumBytes = calculateChecksum(dataBytes);
+ byte[] paddedDataBytes = padString(dataBytes);
+
+ // lay the checksum into the ciphertext
+ for (int i = confounderSize(); i < confounderSize() +
checksumSize(); i++)
+ {
+ paddedDataBytes[i] = checksumBytes[i -
confounderSize()];
+ }
+
+ byte[] encryptedData = encrypt(paddedDataBytes,
key.getKeyValue());
- public byte[] encrypt(byte[] data, byte[] key) {
- return processBlockCipher(true, data, key, null);
+ return new EncryptedData( encryptionType(),
key.getKeyVersion(), encryptedData );
}
- public byte[] decrypt(byte[] data, byte[] key) {
- return processBlockCipher(false, data, key, null);
+ private byte[] encrypt( byte[] data, byte[] key )
+ {
+ return processBlockCipher( true, data, key, null );
}
- public byte[] calculateChecksum(byte[] data) {
- ChecksumEngine digester = null;
- try {
- digester = CryptoService.getInstance(checksumType());
- } catch (KerberosException ke) {
-
System.out.println(KerberosException.KDC_ERR_SUMTYPE_NOSUPP);
- }
+ private byte[] decrypt( byte[] data, byte[] key )
+ {
+ return processBlockCipher( false, data, key, null );
+ }
+
+ private byte[] getRandomBytes( int size )
+ {
+ byte[] bytes = new byte[size];
+
+ // SecureRandom.nextBytes is already synchronized
+ random.nextBytes(bytes);
+
+ return bytes;
+ }
+
+ private byte[] padString( byte encodedString[] )
+ {
+ int x;
+ if (encodedString.length < 8)
+ x = encodedString.length;
+ else
+ x = encodedString.length % 8;
+
+ if (x == 0)
+ return encodedString;
+
+ byte paddedByteArray[] = new byte[(8 - x) +
encodedString.length];
+ for (int y = paddedByteArray.length - 1; y >
encodedString.length - 1; y--)
+ paddedByteArray[y] = 0;
+
+ System.arraycopy(encodedString, 0, paddedByteArray, 0,
encodedString.length);
+
+ return paddedByteArray;
+ }
+
+ private byte[] concatenateBytes( byte[] array1, byte[] array2 )
+ {
+ byte concatenatedBytes[] = new byte[array1.length +
array2.length];
+
+ for (int i = 0; i < array1.length; i++)
+ concatenatedBytes[i] = array1[i];
+
+ for (int j = array1.length; j < concatenatedBytes.length; j++)
+ concatenatedBytes[j] = array2[j - array1.length];
+
+ return concatenatedBytes;
+ }
+
+ private byte[] calculateChecksum( byte[] data )
+ {
+ ChecksumEngine digester = getChecksumEngine();
+
return digester.calculateChecksum(data);
+ }
+
+ private byte[] removeBytes( byte[] array, int confounder, int checksum )
+ {
+ byte lessBytes[] = new byte[array.length - confounder -
checksum];
+
+ int j = 0;
+ for (int i = confounder + checksum; i < array.length; i++) {
+ lessBytes[j] = array[i];
+ j++;
+ }
+
+ return lessBytes;
+ }
+
+ private byte[] processBlockCipher( boolean encrypt, byte[] data, byte[]
key, byte[] ivec )
+ {
+ byte[] returnData = new byte[data.length];
+ CBCBlockCipher cbcCipher = new CBCBlockCipher(getBlockCipher());
+ KeyParameter keyParameter = new KeyParameter(key);
+
+ if (ivec != null) {
+ ParametersWithIV kpWithIV = new
ParametersWithIV(keyParameter, ivec);
+ cbcCipher.init(encrypt, kpWithIV);
+ } else
+ cbcCipher.init(encrypt, keyParameter);
+
+ int offset = 0;
+ int processedBytesLength = 0;
+
+ while (offset < returnData.length) {
+ try {
+ processedBytesLength =
cbcCipher.processBlock(data, offset, returnData, offset);
+ offset += processedBytesLength;
+ } catch (Exception e) {
+ e.printStackTrace();
+ break;
+ }
+ }
+
+ return returnData;
}
}
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/NullEncryption.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/NullEncryption.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/encryption/NullEncryption.java
Tue Nov 9 19:29:34 2004
@@ -16,47 +16,69 @@
*/
package org.apache.kerberos.crypto.encryption;
-import org.apache.kerberos.crypto.checksum.*;
+import org.apache.kerberos.crypto.checksum.ChecksumEngine;
+import org.apache.kerberos.crypto.checksum.ChecksumType;
+import org.bouncycastle.crypto.BlockCipher;
+
+public class NullEncryption extends EncryptionEngine
+{
+ public BlockCipher getBlockCipher()
+ {
+ return null;
+ }
+
+ public ChecksumEngine getChecksumEngine()
+ {
+ return null;
+ }
-public class NullEncryption extends EncryptionEngine {
-
- public EncryptionType encryptionType() {
+ public EncryptionType encryptionType()
+ {
return EncryptionType.NULL;
}
- public CipherType keyType() {
+ public CipherType keyType()
+ {
return CipherType.NULL;
}
- public ChecksumType checksumType() {
+ public ChecksumType checksumType()
+ {
return ChecksumType.NULL;
}
- public int blockSize() {
+ public int blockSize()
+ {
return 1;
}
- public int keySize() {
+ public int keySize()
+ {
return 0;
}
- public int checksumSize() {
+ public int checksumSize()
+ {
return 0;
}
- public int confounderSize() {
+ public int confounderSize()
+ {
return 0;
}
- public int minimumPadSize() {
+ public int minimumPadSize()
+ {
return 0;
}
- protected byte[] processBlockCipher(boolean encrypt, byte[] data,
byte[] key, byte[] ivec) {
+ protected byte[] processBlockCipher(boolean encrypt, byte[] data,
byte[] key, byte[] ivec)
+ {
return data;
}
- public byte[] calculateChecksum(byte[] plainText) {
+ public byte[] calculateChecksum(byte[] plainText)
+ {
return null;
}
}
