Java Code Examples for sun.security.krb5.Confounder#bytes()

The following examples show how to use sun.security.krb5.Confounder#bytes() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: LocalSeqNumber.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
public synchronized void randInit() {
    /*
     * Sequence numbers fall in the range 0 through 2^32 - 1 and wrap
     * to zero following the value 2^32 - 1.
     * Previous implementations used signed sequence numbers.
     * Workaround implementation incompatibilities by not generating
     * initial sequence numbers greater than 2^30, as done
     * in MIT distribution.
     */
    // get the random confounder
    byte[] data = Confounder.bytes(4);
    data[0] = (byte)(data[0] & 0x3f);
    int result = ((data[3] & 0xff) |
                    ((data[2] & 0xff) << 8) |
                    ((data[1] & 0xff) << 16) |
                    ((data[0] & 0xff) << 24));
    if (result == 0) {
       result = 1;
    }
    lastSeqNumber = result;
}
 
Example 2
Source File: LocalSeqNumber.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
public synchronized void randInit() {
    /*
     * Sequence numbers fall in the range 0 through 2^32 - 1 and wrap
     * to zero following the value 2^32 - 1.
     * Previous implementations used signed sequence numbers.
     * Workaround implementation incompatibilities by not generating
     * initial sequence numbers greater than 2^30, as done
     * in MIT distribution.
     */
    // get the random confounder
    byte[] data = Confounder.bytes(4);
    data[0] = (byte)(data[0] & 0x3f);
    int result = ((data[3] & 0xff) |
                    ((data[2] & 0xff) << 8) |
                    ((data[1] & 0xff) << 16) |
                    ((data[0] & 0xff) << 24));
    if (result == 0) {
       result = 1;
    }
    lastSeqNumber = result;
}
 
Example 3
Source File: RsaMd5DesCksumType.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Calculates keyed checksum.
 * @param data the data used to generate the checksum.
 * @param size length of the data.
 * @param key the key used to encrypt the checksum.
 * @return keyed checksum.
 *
 * @modified by Yanni Zhang, 12/08/99.
 */
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
    int usage) throws KrbCryptoException {
    //prepend confounder
    byte[] new_data = new byte[size + confounderSize()];
    byte[] conf = Confounder.bytes(confounderSize());
    System.arraycopy(conf, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, confounderSize(), size);

    //calculate md5 cksum
    byte[] mdc_cksum = calculateRawChecksum(new_data, new_data.length);
    byte[] cksum = new byte[cksumSize()];
    System.arraycopy(conf, 0, cksum, 0, confounderSize());
    System.arraycopy(mdc_cksum, 0, cksum, confounderSize(),
                     cksumSize() - confounderSize());

    //compute modified key
    byte[] new_key = new byte[keySize()];
    System.arraycopy(key, 0, new_key, 0, key.length);
    for (int i = 0; i < new_key.length; i++)
    new_key[i] = (byte)(new_key[i] ^ 0xf0);
    //check for weak keys
    try {
        if (DESKeySpec.isWeak(new_key, 0)) {
            new_key[7] = (byte)(new_key[7] ^ 0xF0);
        }
    } catch (InvalidKeyException ex) {
        // swallow, since it should never happen
    }
    byte[] ivec = new byte[new_key.length];

    //des-cbc encrypt
    byte[] enc_cksum = new byte[cksum.length];
    Des.cbc_encrypt(cksum, enc_cksum, new_key, ivec, true);
    return enc_cksum;
}
 
Example 4
Source File: RsaMd5DesCksumType.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Calculates keyed checksum.
 * @param data the data used to generate the checksum.
 * @param size length of the data.
 * @param key the key used to encrypt the checksum.
 * @return keyed checksum.
 *
 * @modified by Yanni Zhang, 12/08/99.
 */
public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key,
    int usage) throws KrbCryptoException {
    //prepend confounder
    byte[] new_data = new byte[size + confounderSize()];
    byte[] conf = Confounder.bytes(confounderSize());
    System.arraycopy(conf, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, confounderSize(), size);

    //calculate md5 cksum
    byte[] mdc_cksum = calculateChecksum(new_data, new_data.length);
    byte[] cksum = new byte[cksumSize()];
    System.arraycopy(conf, 0, cksum, 0, confounderSize());
    System.arraycopy(mdc_cksum, 0, cksum, confounderSize(),
                     cksumSize() - confounderSize());

    //compute modified key
    byte[] new_key = new byte[keySize()];
    System.arraycopy(key, 0, new_key, 0, key.length);
    for (int i = 0; i < new_key.length; i++)
    new_key[i] = (byte)(new_key[i] ^ 0xf0);
    //check for weak keys
    try {
        if (DESKeySpec.isWeak(new_key, 0)) {
            new_key[7] = (byte)(new_key[7] ^ 0xF0);
        }
    } catch (InvalidKeyException ex) {
        // swallow, since it should never happen
    }
    byte[] ivec = new byte[new_key.length];

    //des-cbc encrypt
    byte[] enc_cksum = new byte[cksum.length];
    Des.cbc_encrypt(cksum, enc_cksum, new_key, ivec, true);
    return enc_cksum;
}
 
Example 5
Source File: WrapToken.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public WrapToken(Krb5Context context, MessageProp prop,
                 byte[] dataBytes, int dataOffset, int dataLen)
    throws GSSException {

    super(Krb5Token.WRAP_ID, context);

    confounder = Confounder.bytes(CONFOUNDER_SIZE);

    padding = getPadding(dataLen);
    dataSize = confounder.length + dataLen + padding.length;
    this.dataBytes = dataBytes;
    this.dataOffset = dataOffset;
    this.dataLen = dataLen;

    /*
      debug("\nWrapToken cons: data to wrap is [" +
      getHexBytes(confounder) + " " +
      getHexBytes(dataBytes, dataOffset, dataLen) + " " +
      // padding is never null for Wrap
      getHexBytes(padding) + "]\n");
     */

    genSignAndSeqNumber(prop,
                        confounder,
                        dataBytes, dataOffset, dataLen,
                        padding);

    /*
     * If the application decides to ask for privacy when the context
     * did not negotiate for it, do not provide it. The peer might not
     * have support for it. The app will realize this with a call to
     * pop.getPrivacy() after wrap().
     */
    if (!context.getConfState())
        prop.setPrivacy(false);

    privacy = prop.getPrivacy();
}
 
Example 6
Source File: RsaMd5DesCksumType.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Calculates keyed checksum.
 * @param data the data used to generate the checksum.
 * @param size length of the data.
 * @param key the key used to encrypt the checksum.
 * @return keyed checksum.
 *
 * @modified by Yanni Zhang, 12/08/99.
 */
public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key,
    int usage) throws KrbCryptoException {
    //prepend confounder
    byte[] new_data = new byte[size + confounderSize()];
    byte[] conf = Confounder.bytes(confounderSize());
    System.arraycopy(conf, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, confounderSize(), size);

    //calculate md5 cksum
    byte[] mdc_cksum = calculateChecksum(new_data, new_data.length);
    byte[] cksum = new byte[cksumSize()];
    System.arraycopy(conf, 0, cksum, 0, confounderSize());
    System.arraycopy(mdc_cksum, 0, cksum, confounderSize(),
                     cksumSize() - confounderSize());

    //compute modified key
    byte[] new_key = new byte[keySize()];
    System.arraycopy(key, 0, new_key, 0, key.length);
    for (int i = 0; i < new_key.length; i++)
    new_key[i] = (byte)(new_key[i] ^ 0xf0);
    //check for weak keys
    try {
        if (DESKeySpec.isWeak(new_key, 0)) {
            new_key[7] = (byte)(new_key[7] ^ 0xF0);
        }
    } catch (InvalidKeyException ex) {
        // swallow, since it should never happen
    }
    byte[] ivec = new byte[new_key.length];

    //des-cbc encrypt
    byte[] enc_cksum = new byte[cksum.length];
    Des.cbc_encrypt(cksum, enc_cksum, new_key, ivec, true);
    return enc_cksum;
}
 
Example 7
Source File: WrapToken.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public WrapToken(Krb5Context context, MessageProp prop,
                 byte[] dataBytes, int dataOffset, int dataLen)
    throws GSSException {

    super(Krb5Token.WRAP_ID, context);

    confounder = Confounder.bytes(CONFOUNDER_SIZE);

    padding = getPadding(dataLen);
    dataSize = confounder.length + dataLen + padding.length;
    this.dataBytes = dataBytes;
    this.dataOffset = dataOffset;
    this.dataLen = dataLen;

    /*
      debug("\nWrapToken cons: data to wrap is [" +
      getHexBytes(confounder) + " " +
      getHexBytes(dataBytes, dataOffset, dataLen) + " " +
      // padding is never null for Wrap
      getHexBytes(padding) + "]\n");
     */

    genSignAndSeqNumber(prop,
                        confounder,
                        dataBytes, dataOffset, dataLen,
                        padding);

    /*
     * If the application decides to ask for privacy when the context
     * did not negotiate for it, do not provide it. The peer might not
     * have support for it. The app will realize this with a call to
     * pop.getPrivacy() after wrap().
     */
    if (!context.getConfState())
        prop.setPrivacy(false);

    privacy = prop.getPrivacy();
}
 
Example 8
Source File: WrapToken.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public WrapToken(Krb5Context context, MessageProp prop,
                 byte[] dataBytes, int dataOffset, int dataLen)
    throws GSSException {

    super(Krb5Token.WRAP_ID, context);

    confounder = Confounder.bytes(CONFOUNDER_SIZE);

    padding = getPadding(dataLen);
    dataSize = confounder.length + dataLen + padding.length;
    this.dataBytes = dataBytes;
    this.dataOffset = dataOffset;
    this.dataLen = dataLen;

    /*
      debug("\nWrapToken cons: data to wrap is [" +
      getHexBytes(confounder) + " " +
      getHexBytes(dataBytes, dataOffset, dataLen) + " " +
      // padding is never null for Wrap
      getHexBytes(padding) + "]\n");
     */

    genSignAndSeqNumber(prop,
                        confounder,
                        dataBytes, dataOffset, dataLen,
                        padding);

    /*
     * If the application decides to ask for privacy when the context
     * did not negotiate for it, do not provide it. The peer might not
     * have support for it. The app will realize this with a call to
     * pop.getPrivacy() after wrap().
     */
    if (!context.getConfState())
        prop.setPrivacy(false);

    privacy = prop.getPrivacy();
}
 
Example 9
Source File: AesDkCrypto.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Encrypt AES in CBC-CTS mode using derived keys.
 */
private byte[] encryptCTS(byte[] baseKey, int usage, byte[] ivec,
    byte[] new_ivec, byte[] plaintext, int start, int len,
    boolean confounder_exists)
    throws GeneralSecurityException, KrbCryptoException {

    byte[] Ke = null;
    byte[] Ki = null;

    if (debug) {
        System.err.println("usage: " + usage);
        if (ivec != null) {
            traceOutput("old_state.ivec", ivec, 0, ivec.length);
        }
        traceOutput("plaintext", plaintext, start, Math.min(len, 32));
        traceOutput("baseKey", baseKey, 0, baseKey.length);
    }

    try {
        // derive Encryption key
        byte[] constant = new byte[5];
        constant[0] = (byte) ((usage>>24)&0xff);
        constant[1] = (byte) ((usage>>16)&0xff);
        constant[2] = (byte) ((usage>>8)&0xff);
        constant[3] = (byte) (usage&0xff);
        constant[4] = (byte) 0xaa;
        Ke = dk(baseKey, constant);  // Encryption key

        byte[] toBeEncrypted = null;
        if (confounder_exists) {
            byte[] confounder = Confounder.bytes(BLOCK_SIZE);
            toBeEncrypted = new byte[confounder.length + len];
            System.arraycopy(confounder, 0, toBeEncrypted,
                                    0, confounder.length);
            System.arraycopy(plaintext, start, toBeEncrypted,
                                    confounder.length, len);
        } else {
            toBeEncrypted = new byte[len];
            System.arraycopy(plaintext, start, toBeEncrypted, 0, len);
        }

        // encryptedData + HMAC
        byte[] output = new byte[toBeEncrypted.length + hashSize];

        // AES in JCE
        Cipher cipher = Cipher.getInstance("AES/CTS/NoPadding");
        SecretKeySpec secretKey = new SecretKeySpec(Ke, "AES");
        IvParameterSpec encIv = new IvParameterSpec(ivec, 0, ivec.length);
        cipher.init(Cipher.ENCRYPT_MODE, secretKey, encIv);
        cipher.doFinal(toBeEncrypted, 0, toBeEncrypted.length, output);

        // Derive integrity key
        constant[4] = (byte) 0x55;
        Ki = dk(baseKey, constant);
        if (debug) {
            traceOutput("constant", constant, 0, constant.length);
            traceOutput("Ki", Ki, 0, Ke.length);
        }

        // Generate checksum
        // H1 = HMAC(Ki, conf | plaintext | pad)
        byte[] hmac = getHmac(Ki, toBeEncrypted);

        // encryptedData + HMAC
        System.arraycopy(hmac, 0, output, toBeEncrypted.length,
                            hmac.length);
        return output;
    } finally {
        if (Ke != null) {
            Arrays.fill(Ke, 0, Ke.length, (byte) 0);
        }
        if (Ki != null) {
            Arrays.fill(Ki, 0, Ki.length, (byte) 0);
        }
    }
}
 
Example 10
Source File: WrapToken_v2.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Writes a WrapToken_v2 object
 */
public WrapToken_v2(Krb5Context context, MessageProp prop,
                 byte[] dataBytes, int dataOffset, int dataLen)
        throws GSSException {

    super(Krb5Token.WRAP_ID_v2, context);

    confounder = Confounder.bytes(CONFOUNDER_SIZE);

    // debug("\nWrapToken cons: data to wrap is [" +
    // getHexBytes(confounder) + " " +
    // getHexBytes(dataBytes, dataOffset, dataLen) + "]\n");

    genSignAndSeqNumber(prop, dataBytes, dataOffset, dataLen);

    /*
     * If the application decides to ask for privacy when the context
     * did not negotiate for it, do not provide it. The peer might not
     * have support for it. The app will realize this with a call to
     * pop.getPrivacy() after wrap().
     */
    if (!context.getConfState())
        prop.setPrivacy(false);

    privacy = prop.getPrivacy();

    if (!privacy) {
        // Wrap Tokens (without confidentiality) =
        // { 16 byte token_header | plaintext | 12-byte HMAC }
        // where HMAC is on { plaintext | token_header }

        tokenData = new byte[dataLen + checksum.length];
        System.arraycopy(dataBytes, dataOffset, tokenData, 0, dataLen);
        System.arraycopy(checksum, 0, tokenData, dataLen, checksum.length);
    } else {
        // Wrap Tokens (with confidentiality) =
        // { 16 byte token_header |
        // Encrypt(16-byte confounder | plaintext | token_header) |
        // 12-byte HMAC }

        tokenData = cipherHelper.encryptData(this, confounder, getTokenHeader(),
            dataBytes, dataOffset, dataLen, getKeyUsage());
    }
}
 
Example 11
Source File: WrapToken_v2.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Writes a WrapToken_v2 object
 */
public WrapToken_v2(Krb5Context context, MessageProp prop,
                 byte[] dataBytes, int dataOffset, int dataLen)
        throws GSSException {

    super(Krb5Token.WRAP_ID_v2, context);

    confounder = Confounder.bytes(CONFOUNDER_SIZE);

    // debug("\nWrapToken cons: data to wrap is [" +
    // getHexBytes(confounder) + " " +
    // getHexBytes(dataBytes, dataOffset, dataLen) + "]\n");

    genSignAndSeqNumber(prop, dataBytes, dataOffset, dataLen);

    /*
     * If the application decides to ask for privacy when the context
     * did not negotiate for it, do not provide it. The peer might not
     * have support for it. The app will realize this with a call to
     * pop.getPrivacy() after wrap().
     */
    if (!context.getConfState())
        prop.setPrivacy(false);

    privacy = prop.getPrivacy();

    if (!privacy) {
        // Wrap Tokens (without confidentiality) =
        // { 16 byte token_header | plaintext | 12-byte HMAC }
        // where HMAC is on { plaintext | token_header }

        tokenData = new byte[dataLen + checksum.length];
        System.arraycopy(dataBytes, dataOffset, tokenData, 0, dataLen);
        System.arraycopy(checksum, 0, tokenData, dataLen, checksum.length);
    } else {
        // Wrap Tokens (with confidentiality) =
        // { 16 byte token_header |
        // Encrypt(16-byte confounder | plaintext | token_header) |
        // 12-byte HMAC }

        tokenData = cipherHelper.encryptData(this, confounder, getTokenHeader(),
            dataBytes, dataOffset, dataLen, getKeyUsage());
    }
}
 
Example 12
Source File: DesCbcEType.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Encrypts the data using DES in CBC mode.
 * @param data the buffer for plain text.
 * @param key the key to encrypt the data.
 * @param ivec initialization vector.
 * @return buffer for encrypted data.
 *
 * @modified by Yanni Zhang, Feb 24 00.
 */
public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
    int usage) throws KrbCryptoException {

    /*
     * To meet export control requirements, double check that the
     * key being used is no longer than 64 bits.
     *
     * Note that from a protocol point of view, an
     * algorithm that is not DES will be rejected before this
     * point. Also, a  DES key that is not 64 bits will be
     * rejected by a good implementations of JCE.
     */
    if (key.length > 8)
    throw new KrbCryptoException("Invalid DES Key!");

    int new_size = data.length + confounderSize() + checksumSize();
    byte[] new_data;
    byte pad;
    /*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996.
     *Before encryption, plain text data is padded to the next highest multiple of blocksize.
     *by appending between 1 and 8 bytes, the value of each such byte being the total number
     *of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes,
     *and the value of each byte is 2.
     *If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8.
     */
    if (new_size % blockSize() == 0) {
        new_data = new byte[new_size + blockSize()];
        pad = (byte)8;
    }
    else {
        new_data = new byte[new_size + blockSize() - new_size % blockSize()];
        pad = (byte)(blockSize() - new_size % blockSize());
    }
    for (int i = new_size; i < new_data.length; i++) {
        new_data[i] = pad;
    }
    byte[] conf = Confounder.bytes(confounderSize());
    System.arraycopy(conf, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, startOfData(), data.length);
    byte[] cksum = calculateChecksum(new_data, new_data.length);
    System.arraycopy(cksum, 0, new_data, startOfChecksum(),
                     checksumSize());
    byte[] cipher = new byte[new_data.length];
    Des.cbc_encrypt(new_data, cipher, key, ivec, true);
    return cipher;
}
 
Example 13
Source File: AesDkCrypto.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Encrypt AES in CBC-CTS mode using derived keys.
 */
private byte[] encryptCTS(byte[] baseKey, int usage, byte[] ivec,
    byte[] new_ivec, byte[] plaintext, int start, int len,
    boolean confounder_exists)
    throws GeneralSecurityException, KrbCryptoException {

    byte[] Ke = null;
    byte[] Ki = null;

    if (debug) {
        System.err.println("usage: " + usage);
        if (ivec != null) {
            traceOutput("old_state.ivec", ivec, 0, ivec.length);
        }
        traceOutput("plaintext", plaintext, start, Math.min(len, 32));
        traceOutput("baseKey", baseKey, 0, baseKey.length);
    }

    try {
        // derive Encryption key
        byte[] constant = new byte[5];
        constant[0] = (byte) ((usage>>24)&0xff);
        constant[1] = (byte) ((usage>>16)&0xff);
        constant[2] = (byte) ((usage>>8)&0xff);
        constant[3] = (byte) (usage&0xff);
        constant[4] = (byte) 0xaa;
        Ke = dk(baseKey, constant);  // Encryption key

        byte[] toBeEncrypted = null;
        if (confounder_exists) {
            byte[] confounder = Confounder.bytes(BLOCK_SIZE);
            toBeEncrypted = new byte[confounder.length + len];
            System.arraycopy(confounder, 0, toBeEncrypted,
                                    0, confounder.length);
            System.arraycopy(plaintext, start, toBeEncrypted,
                                    confounder.length, len);
        } else {
            toBeEncrypted = new byte[len];
            System.arraycopy(plaintext, start, toBeEncrypted, 0, len);
        }

        // encryptedData + HMAC
        byte[] output = new byte[toBeEncrypted.length + hashSize];

        // AES in JCE
        Cipher cipher = Cipher.getInstance("AES/CTS/NoPadding");
        SecretKeySpec secretKey = new SecretKeySpec(Ke, "AES");
        IvParameterSpec encIv = new IvParameterSpec(ivec, 0, ivec.length);
        cipher.init(Cipher.ENCRYPT_MODE, secretKey, encIv);
        cipher.doFinal(toBeEncrypted, 0, toBeEncrypted.length, output);

        // Derive integrity key
        constant[4] = (byte) 0x55;
        Ki = dk(baseKey, constant);
        if (debug) {
            traceOutput("constant", constant, 0, constant.length);
            traceOutput("Ki", Ki, 0, Ke.length);
        }

        // Generate checksum
        // H1 = HMAC(Ki, conf | plaintext | pad)
        byte[] hmac = getHmac(Ki, toBeEncrypted);

        // encryptedData + HMAC
        System.arraycopy(hmac, 0, output, toBeEncrypted.length,
                            hmac.length);
        return output;
    } finally {
        if (Ke != null) {
            Arrays.fill(Ke, 0, Ke.length, (byte) 0);
        }
        if (Ki != null) {
            Arrays.fill(Ki, 0, Ki.length, (byte) 0);
        }
    }
}
 
Example 14
Source File: DesCbcEType.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Encrypts the data using DES in CBC mode.
 * @param data the buffer for plain text.
 * @param key the key to encrypt the data.
 * @param ivec initialization vector.
 * @return buffer for encrypted data.
 *
 * @modified by Yanni Zhang, Feb 24 00.
 */
public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
    int usage) throws KrbCryptoException {

    /*
     * To meet export control requirements, double check that the
     * key being used is no longer than 64 bits.
     *
     * Note that from a protocol point of view, an
     * algorithm that is not DES will be rejected before this
     * point. Also, a  DES key that is not 64 bits will be
     * rejected by a good implementations of JCE.
     */
    if (key.length > 8)
    throw new KrbCryptoException("Invalid DES Key!");

    int new_size = data.length + confounderSize() + checksumSize();
    byte[] new_data;
    byte pad;
    /*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996.
     *Before encryption, plain text data is padded to the next highest multiple of blocksize.
     *by appending between 1 and 8 bytes, the value of each such byte being the total number
     *of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes,
     *and the value of each byte is 2.
     *If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8.
     */
    if (new_size % blockSize() == 0) {
        new_data = new byte[new_size + blockSize()];
        pad = (byte)8;
    }
    else {
        new_data = new byte[new_size + blockSize() - new_size % blockSize()];
        pad = (byte)(blockSize() - new_size % blockSize());
    }
    for (int i = new_size; i < new_data.length; i++) {
        new_data[i] = pad;
    }
    byte[] conf = Confounder.bytes(confounderSize());
    System.arraycopy(conf, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, startOfData(), data.length);
    byte[] cksum = calculateChecksum(new_data, new_data.length);
    System.arraycopy(cksum, 0, new_data, startOfChecksum(),
                     checksumSize());
    byte[] cipher = new byte[new_data.length];
    Des.cbc_encrypt(new_data, cipher, key, ivec, true);
    return cipher;
}
 
Example 15
Source File: DesCbcEType.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Encrypts the data using DES in CBC mode.
 * @param data the buffer for plain text.
 * @param key the key to encrypt the data.
 * @param ivec initialization vector.
 * @return buffer for encrypted data.
 *
 * @modified by Yanni Zhang, Feb 24 00.
 */
public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
    int usage) throws KrbCryptoException {

    /*
     * To meet export control requirements, double check that the
     * key being used is no longer than 64 bits.
     *
     * Note that from a protocol point of view, an
     * algorithm that is not DES will be rejected before this
     * point. Also, a  DES key that is not 64 bits will be
     * rejected by a good implementations of JCE.
     */
    if (key.length > 8)
    throw new KrbCryptoException("Invalid DES Key!");

    int new_size = data.length + confounderSize() + checksumSize();
    byte[] new_data;
    byte pad;
    /*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996.
     *Before encryption, plain text data is padded to the next highest multiple of blocksize.
     *by appending between 1 and 8 bytes, the value of each such byte being the total number
     *of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes,
     *and the value of each byte is 2.
     *If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8.
     */
    if (new_size % blockSize() == 0) {
        new_data = new byte[new_size + blockSize()];
        pad = (byte)8;
    }
    else {
        new_data = new byte[new_size + blockSize() - new_size % blockSize()];
        pad = (byte)(blockSize() - new_size % blockSize());
    }
    for (int i = new_size; i < new_data.length; i++) {
        new_data[i] = pad;
    }
    byte[] conf = Confounder.bytes(confounderSize());
    System.arraycopy(conf, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, startOfData(), data.length);
    byte[] cksum = calculateChecksum(new_data, new_data.length);
    System.arraycopy(cksum, 0, new_data, startOfChecksum(),
                     checksumSize());
    byte[] cipher = new byte[new_data.length];
    Des.cbc_encrypt(new_data, cipher, key, ivec, true);
    return cipher;
}
 
Example 16
Source File: WrapToken_v2.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Writes a WrapToken_v2 object
 */
public WrapToken_v2(Krb5Context context, MessageProp prop,
                 byte[] dataBytes, int dataOffset, int dataLen)
        throws GSSException {

    super(Krb5Token.WRAP_ID_v2, context);

    confounder = Confounder.bytes(CONFOUNDER_SIZE);

    // debug("\nWrapToken cons: data to wrap is [" +
    // getHexBytes(confounder) + " " +
    // getHexBytes(dataBytes, dataOffset, dataLen) + "]\n");

    genSignAndSeqNumber(prop, dataBytes, dataOffset, dataLen);

    /*
     * If the application decides to ask for privacy when the context
     * did not negotiate for it, do not provide it. The peer might not
     * have support for it. The app will realize this with a call to
     * pop.getPrivacy() after wrap().
     */
    if (!context.getConfState())
        prop.setPrivacy(false);

    privacy = prop.getPrivacy();

    if (!privacy) {
        // Wrap Tokens (without confidentiality) =
        // { 16 byte token_header | plaintext | 12-byte HMAC }
        // where HMAC is on { plaintext | token_header }

        tokenData = new byte[dataLen + checksum.length];
        System.arraycopy(dataBytes, dataOffset, tokenData, 0, dataLen);
        System.arraycopy(checksum, 0, tokenData, dataLen, checksum.length);
    } else {
        // Wrap Tokens (with confidentiality) =
        // { 16 byte token_header |
        // Encrypt(16-byte confounder | plaintext | token_header) |
        // 12-byte HMAC }

        tokenData = cipherHelper.encryptData(this, confounder, getTokenHeader(),
            dataBytes, dataOffset, dataLen, getKeyUsage());
    }
}
 
Example 17
Source File: ArcFourCrypto.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Performs encryption using derived key; adds confounder.
 */
public byte[] encrypt(byte[] baseKey, int usage,
    byte[] ivec, byte[] new_ivec, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                             + usage);
    }

    if (debug) {
        System.out.println("ArcFour: ENCRYPT with key usage = " + usage);
    }

    // get the confounder
    byte[] confounder = Confounder.bytes(confounderSize);

    // add confounder to the plaintext for encryption
    int plainSize = roundup(confounder.length + len, 1);
    byte[] toBeEncrypted = new byte[plainSize];
    System.arraycopy(confounder, 0, toBeEncrypted, 0, confounder.length);
    System.arraycopy(plaintext, start, toBeEncrypted,
                            confounder.length, len);

    /* begin the encryption, compute K1 */
    byte[] k1 = new byte[baseKey.length];
    System.arraycopy(baseKey, 0, k1, 0, baseKey.length);

    // get the salt using key usage
    byte[] salt = getSalt(usage);

    // compute K2 using K1
    byte[] k2 = getHmac(k1, salt);

    // generate checksum using K2
    byte[] checksum = getHmac(k2, toBeEncrypted);

    // compute K3 using K2 and checksum
    byte[] k3 = getHmac(k2, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(k3, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(toBeEncrypted, 0, toBeEncrypted.length);

    // encryptedData + HMAC
    byte[] result = new byte[hashSize + output.length];
    System.arraycopy(checksum, 0, result, 0, hashSize);
    System.arraycopy(output, 0, result, hashSize, output.length);

    return result;
}
 
Example 18
Source File: DesCbcEType.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Encrypts the data using DES in CBC mode.
 * @param data the buffer for plain text.
 * @param key the key to encrypt the data.
 * @param ivec initialization vector.
 * @return buffer for encrypted data.
 *
 * @modified by Yanni Zhang, Feb 24 00.
 */
public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
    int usage) throws KrbCryptoException {

    /*
     * To meet export control requirements, double check that the
     * key being used is no longer than 64 bits.
     *
     * Note that from a protocol point of view, an
     * algorithm that is not DES will be rejected before this
     * point. Also, a  DES key that is not 64 bits will be
     * rejected by a good implementations of JCE.
     */
    if (key.length > 8)
    throw new KrbCryptoException("Invalid DES Key!");

    int new_size = data.length + confounderSize() + checksumSize();
    byte[] new_data;
    byte pad;
    /*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996.
     *Before encryption, plain text data is padded to the next highest multiple of blocksize.
     *by appending between 1 and 8 bytes, the value of each such byte being the total number
     *of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes,
     *and the value of each byte is 2.
     *If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8.
     */
    if (new_size % blockSize() == 0) {
        new_data = new byte[new_size + blockSize()];
        pad = (byte)8;
    }
    else {
        new_data = new byte[new_size + blockSize() - new_size % blockSize()];
        pad = (byte)(blockSize() - new_size % blockSize());
    }
    for (int i = new_size; i < new_data.length; i++) {
        new_data[i] = pad;
    }
    byte[] conf = Confounder.bytes(confounderSize());
    System.arraycopy(conf, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, startOfData(), data.length);
    byte[] cksum = calculateChecksum(new_data, new_data.length);
    System.arraycopy(cksum, 0, new_data, startOfChecksum(),
                     checksumSize());
    byte[] cipher = new byte[new_data.length];
    Des.cbc_encrypt(new_data, cipher, key, ivec, true);
    return cipher;
}
 
Example 19
Source File: AesDkCrypto.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Encrypt AES in CBC-CTS mode using derived keys.
 */
private byte[] encryptCTS(byte[] baseKey, int usage, byte[] ivec,
    byte[] new_ivec, byte[] plaintext, int start, int len,
    boolean confounder_exists)
    throws GeneralSecurityException, KrbCryptoException {

    byte[] Ke = null;
    byte[] Ki = null;

    if (debug) {
        System.err.println("usage: " + usage);
        if (ivec != null) {
            traceOutput("old_state.ivec", ivec, 0, ivec.length);
        }
        traceOutput("plaintext", plaintext, start, Math.min(len, 32));
        traceOutput("baseKey", baseKey, 0, baseKey.length);
    }

    try {
        // derive Encryption key
        byte[] constant = new byte[5];
        constant[0] = (byte) ((usage>>24)&0xff);
        constant[1] = (byte) ((usage>>16)&0xff);
        constant[2] = (byte) ((usage>>8)&0xff);
        constant[3] = (byte) (usage&0xff);
        constant[4] = (byte) 0xaa;
        Ke = dk(baseKey, constant);  // Encryption key

        byte[] toBeEncrypted = null;
        if (confounder_exists) {
            byte[] confounder = Confounder.bytes(BLOCK_SIZE);
            toBeEncrypted = new byte[confounder.length + len];
            System.arraycopy(confounder, 0, toBeEncrypted,
                                    0, confounder.length);
            System.arraycopy(plaintext, start, toBeEncrypted,
                                    confounder.length, len);
        } else {
            toBeEncrypted = new byte[len];
            System.arraycopy(plaintext, start, toBeEncrypted, 0, len);
        }

        // encryptedData + HMAC
        byte[] output = new byte[toBeEncrypted.length + hashSize];

        // AES in JCE
        Cipher cipher = Cipher.getInstance("AES/CTS/NoPadding");
        SecretKeySpec secretKey = new SecretKeySpec(Ke, "AES");
        IvParameterSpec encIv = new IvParameterSpec(ivec, 0, ivec.length);
        cipher.init(Cipher.ENCRYPT_MODE, secretKey, encIv);
        cipher.doFinal(toBeEncrypted, 0, toBeEncrypted.length, output);

        // Derive integrity key
        constant[4] = (byte) 0x55;
        Ki = dk(baseKey, constant);
        if (debug) {
            traceOutput("constant", constant, 0, constant.length);
            traceOutput("Ki", Ki, 0, Ke.length);
        }

        // Generate checksum
        // H1 = HMAC(Ki, conf | plaintext | pad)
        byte[] hmac = getHmac(Ki, toBeEncrypted);

        // encryptedData + HMAC
        System.arraycopy(hmac, 0, output, toBeEncrypted.length,
                            hmac.length);
        return output;
    } finally {
        if (Ke != null) {
            Arrays.fill(Ke, 0, Ke.length, (byte) 0);
        }
        if (Ki != null) {
            Arrays.fill(Ki, 0, Ki.length, (byte) 0);
        }
    }
}
 
Example 20
Source File: WrapToken_v2.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Writes a WrapToken_v2 object
 */
public WrapToken_v2(Krb5Context context, MessageProp prop,
                 byte[] dataBytes, int dataOffset, int dataLen)
        throws GSSException {

    super(Krb5Token.WRAP_ID_v2, context);

    confounder = Confounder.bytes(CONFOUNDER_SIZE);

    // debug("\nWrapToken cons: data to wrap is [" +
    // getHexBytes(confounder) + " " +
    // getHexBytes(dataBytes, dataOffset, dataLen) + "]\n");

    genSignAndSeqNumber(prop, dataBytes, dataOffset, dataLen);

    /*
     * If the application decides to ask for privacy when the context
     * did not negotiate for it, do not provide it. The peer might not
     * have support for it. The app will realize this with a call to
     * pop.getPrivacy() after wrap().
     */
    if (!context.getConfState())
        prop.setPrivacy(false);

    privacy = prop.getPrivacy();

    if (!privacy) {
        // Wrap Tokens (without confidentiality) =
        // { 16 byte token_header | plaintext | 12-byte HMAC }
        // where HMAC is on { plaintext | token_header }

        tokenData = new byte[dataLen + checksum.length];
        System.arraycopy(dataBytes, dataOffset, tokenData, 0, dataLen);
        System.arraycopy(checksum, 0, tokenData, dataLen, checksum.length);
    } else {
        // Wrap Tokens (with confidentiality) =
        // { 16 byte token_header |
        // Encrypt(16-byte confounder | plaintext | token_header) |
        // 12-byte HMAC }

        tokenData = cipherHelper.encryptData(this, confounder, getTokenHeader(),
            dataBytes, dataOffset, dataLen, getKeyUsage());
    }
}