sun.security.krb5.KrbCryptoException Java Examples

/**
 * Decrypts keyed checksum.
 * @param enc_cksum the buffer for encrypted checksum.
 * @param key the key.
 * @return the checksum.
 *
 * @modified by Yanni Zhang, 12/08/99.
 */
private byte[] decryptKeyedChecksum(byte[] enc_cksum, byte[] key) throws KrbCryptoException {
    byte[] new_key = new byte[keySize()];
    System.arraycopy(key, 0, new_key, 0, key.length);
    for (int i = 0; i < new_key.length; i++)
    new_key[i] = (byte)(new_key[i] ^ 0xf0);
    //check for weak keys
    try {
        if (DESKeySpec.isWeak(new_key, 0)) {
            new_key[7] = (byte)(new_key[7] ^ 0xF0);
        }
    } catch (InvalidKeyException ex) {
        // swallow, since it should never happen
    }
    byte[] ivec = new byte[new_key.length];
    byte[] cksum = new byte[enc_cksum.length];
    Des.cbc_encrypt(enc_cksum, cksum, new_key, ivec, false);
    return cksum;
}
 

/**
 * Calculates keyed checksum.
 * @param data the data used to generate the checksum.
 * @param size length of the data.
 * @param key the key used to encrypt the checksum.
 * @return keyed checksum.
 *
 * @modified by Yanni Zhang, 12/08/99.
 */
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
    int usage) throws KrbCryptoException {
    //check for weak keys
    try {
        if (DESKeySpec.isWeak(key, 0)) {
            key[7] = (byte)(key[7] ^ 0xF0);
        }
    } catch (InvalidKeyException ex) {
        // swallow, since it should never happen
    }
    byte[] ivec = new byte[key.length];
    System.arraycopy(key, 0, ivec, 0, key.length);
    byte[] cksum = Des.des_cksum(ivec, data, key);
    return cksum;
}
 

/**
 * Decrypts the data using DES in CBC mode.
 * @param cipher the input buffer.
 * @param key the key to decrypt the data.
 * @param ivec initialization vector.
 *
 * @modified by Yanni Zhang, Dec 6 99.
 */
public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage)
    throws KrbApErrException, KrbCryptoException {

    /*
     * To meet export control requirements, double check that the
     * key being used is no longer than 64 bits.
     *
     * Note that from a protocol point of view, an
     * algorithm that is not DES will be rejected before this
     * point. Also, a DES key that is not 64 bits will be
     * rejected by a good JCE provider.
     */
    if (key.length > 8)
        throw new KrbCryptoException("Invalid DES Key!");

    byte[] data = new byte[cipher.length];
    Des.cbc_encrypt(cipher, data, key, ivec, false);
    if (!isChecksumValid(data))
        throw new KrbApErrException(Krb5.KRB_AP_ERR_BAD_INTEGRITY);
    return data;
}
 

/**
 * Verifies keyed checksum.
 * @param data the data.
 * @param size the length of data.
 * @param key the key used to encrypt the checksum.
 * @param checksum
 * @return true if verification is successful.
 *
 * @modified by Yanni Zhang, 12/08/99.
 */
public boolean verifyChecksum(byte[] data, int size,
    byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
    byte[] cksum = decryptKeyedChecksum(checksum, key);

    byte[] new_data = new byte[size + confounderSize()];
    System.arraycopy(cksum, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, confounderSize(), size);

    //check for weak keys
    try {
        if (DESKeySpec.isWeak(key, 0)) {
            key[7] = (byte)(key[7] ^ 0xF0);
        }
    } catch (InvalidKeyException ex) {
        // swallow, since it should never happen
    }
    byte[] ivec = new byte[key.length];
    byte[] new_cksum = Des.des_cksum(ivec, new_data, key);
    byte[] orig_cksum = new byte[cksumSize() - confounderSize()];
    System.arraycopy(cksum,  confounderSize(), orig_cksum, 0,
                     cksumSize() - confounderSize());
    return isChecksumEqual(orig_cksum, new_cksum);
}
 

/**
 * Performs encryption of Sequence Number using derived key.
 */
public byte[] encryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    // derive encryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 

/**
 * Performs encryption of Sequence Number using derived key.
 */
public byte[] encryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    // derive encryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 

/**
 * Verifies keyed checksum.
 * @param data the data.
 * @param size the length of data.
 * @param key the key used to encrypt the checksum.
 * @param checksum
 * @return true if verification is successful.
 *
 * @modified by Yanni Zhang, 12/08/99.
 */
public boolean verifyChecksum(byte[] data, int size,
    byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
    //decrypt checksum
    byte[] cksum = decryptKeyedChecksum(checksum, key);

    //prepend confounder
    byte[] new_data = new byte[size + confounderSize()];
    System.arraycopy(cksum, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, confounderSize(), size);

    byte[] new_cksum = calculateRawChecksum(new_data, new_data.length);
    //extract original cksum value
    byte[] orig_cksum = new byte[cksumSize() - confounderSize()];
    System.arraycopy(cksum,  confounderSize(), orig_cksum, 0,
                     cksumSize() - confounderSize());

    return isChecksumEqual(orig_cksum, new_cksum);
}
 

/**
 * Decrypts the data using DES in CBC mode.
 * @param cipher the input buffer.
 * @param key the key to decrypt the data.
 * @param ivec initialization vector.
 *
 * @modified by Yanni Zhang, Dec 6 99.
 */
public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage)
    throws KrbApErrException, KrbCryptoException {

    /*
     * To meet export control requirements, double check that the
     * key being used is no longer than 64 bits.
     *
     * Note that from a protocol point of view, an
     * algorithm that is not DES will be rejected before this
     * point. Also, a DES key that is not 64 bits will be
     * rejected by a good JCE provider.
     */
    if (key.length > 8)
        throw new KrbCryptoException("Invalid DES Key!");

    byte[] data = new byte[cipher.length];
    Des.cbc_encrypt(cipher, data, key, ivec, false);
    if (!isChecksumValid(data))
        throw new KrbApErrException(Krb5.KRB_AP_ERR_BAD_INTEGRITY);
    return data;
}
 

/**
 * Verifies keyed checksum.
 * @param data the data.
 * @param size the length of data.
 * @param key the key used to encrypt the checksum.
 * @param checksum
 * @return true if verification is successful.
 *
 * @modified by Yanni Zhang, 12/08/99.
 */
public boolean verifyChecksum(byte[] data, int size,
    byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
    //decrypt checksum
    byte[] cksum = decryptKeyedChecksum(checksum, key);

    //prepend confounder
    byte[] new_data = new byte[size + confounderSize()];
    System.arraycopy(cksum, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, confounderSize(), size);

    byte[] new_cksum = calculateRawChecksum(new_data, new_data.length);
    //extract original cksum value
    byte[] orig_cksum = new byte[cksumSize() - confounderSize()];
    System.arraycopy(cksum,  confounderSize(), orig_cksum, 0,
                     cksumSize() - confounderSize());

    return isChecksumEqual(orig_cksum, new_cksum);
}
 

/**
 * Decrypts keyed checksum.
 * @param enc_cksum the buffer for encrypted checksum.
 * @param key the key.
 * @return the checksum.
 *
 * @modified by Yanni Zhang, 12/08/99.
 */
private byte[] decryptKeyedChecksum(byte[] enc_cksum, byte[] key) throws KrbCryptoException {
    //compute modified key
    byte[] new_key = new byte[keySize()];
    System.arraycopy(key, 0, new_key, 0, key.length);
    for (int i = 0; i < new_key.length; i++)
    new_key[i] = (byte)(new_key[i] ^ 0xf0);
    //check for weak keys
    try {
        if (DESKeySpec.isWeak(new_key, 0)) {
            new_key[7] = (byte)(new_key[7] ^ 0xF0);
        }
    } catch (InvalidKeyException ex) {
        // swallow, since it should never happen
    }
    byte[] ivec = new byte[new_key.length];

    byte[] cksum = new byte[enc_cksum.length];
    Des.cbc_encrypt(enc_cksum, cksum, new_key, ivec, false);
    return cksum;
}
 

public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage)
    throws KrbApErrException, KrbCryptoException {
    try {
        return ArcFourHmac.decrypt(key, usage, ivec, cipher, 0, cipher.length);
    } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
    }
}
 

public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage)
    throws KrbApErrException, KrbCryptoException {
    try {
        return Des3.decrypt(key, usage, ivec, cipher, 0, cipher.length);
    } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
    }
}
 

/**
 * Calculates keyed checksum.
 * @param data the data used to generate the checksum.
 * @param size length of the data.
 * @param key the key used to encrypt the checksum.
 * @return keyed checksum.
 */
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
    int usage) throws KrbCryptoException {

     try {
         return ArcFourHmac.calculateChecksum(key, usage, data, 0, size);
     } catch (GeneralSecurityException e) {
         KrbCryptoException ke = new KrbCryptoException(e.getMessage());
         ke.initCause(e);
         throw ke;
     }
}
 

/**
 * Verifies keyed checksum.
 * @param data the data.
 * @param size the length of data.
 * @param key the key used to encrypt the checksum.
 * @param checksum
 * @return true if verification is successful.
 */
public boolean verifyChecksum(byte[] data, int size,
    byte[] key, byte[] checksum, int usage) throws KrbCryptoException {

     try {
         byte[] newCksum = Des3.calculateChecksum(key, usage,
             data, 0, size);

         return isChecksumEqual(checksum, newCksum);
     } catch (GeneralSecurityException e) {
         KrbCryptoException ke = new KrbCryptoException(e.getMessage());
         ke.initCause(e);
         throw ke;
     }
 }
 

public byte[] encrypt(byte[] data, byte[] key, byte[] ivec, int usage)
    throws KrbCryptoException {
    try {
        return Aes128.encrypt(key, usage, ivec, data, 0, data.length);
    } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
    }
}
 

/**
 * Verifies keyed checksum.
 * @param data the data.
 * @param size the length of data.
 * @param key the key used to encrypt the checksum.
 * @param checksum
 * @return true if verification is successful.
 */
public boolean verifyChecksum(byte[] data, int size,
    byte[] key, byte[] checksum, int usage) throws KrbCryptoException {

     try {
         byte[] newCksum = ArcFourHmac.calculateChecksum(key, usage,
             data, 0, size);

         return isChecksumEqual(checksum, newCksum);
     } catch (GeneralSecurityException e) {
         KrbCryptoException ke = new KrbCryptoException(e.getMessage());
         ke.initCause(e);
         throw ke;
     }
 }
 

public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage)
    throws KrbApErrException, KrbCryptoException {
    try {
        return Aes256.decrypt(key, usage, ivec, cipher, 0, cipher.length);
    } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
    }
}
 

/**
 * Calculates keyed checksum.
 * @param data the data used to generate the checksum.
 * @param size length of the data.
 * @param key the key used to encrypt the checksum.
 * @return keyed checksum.
 */
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
    int usage) throws KrbCryptoException {

     try {
        return Aes256.calculateChecksum(key, usage, data, 0, size);
     } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
     }
}
 

public byte[] encrypt(byte[] data, byte[] key, byte[] ivec, int usage)
    throws KrbCryptoException {
    try {
        return Des3.encrypt(key, usage, ivec, data, 0, data.length);
    } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
    }
}
 

/**
 * Calculates keyed checksum.
 * @param data the data used to generate the checksum.
 * @param size length of the data.
 * @param key the key used to encrypt the checksum.
 * @return keyed checksum.
 */
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
    int usage) throws KrbCryptoException {

     try {
        return Aes256.calculateChecksum(key, usage, data, 0, size);
     } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
     }
}
 

/**
 * Verifies keyed checksum.
 * @param data the data.
 * @param size the length of data.
 * @param key the key used to encrypt the checksum.
 * @param checksum
 * @return true if verification is successful.
 */
public boolean verifyChecksum(byte[] data, int size,
    byte[] key, byte[] checksum, int usage) throws KrbCryptoException {

     try {
        byte[] newCksum = Aes256.calculateChecksum(key, usage, data,
                                                    0, size);
        return isChecksumEqual(checksum, newCksum);
     } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
     }
}
 

private byte[] generateChecksum(byte[] data) throws KrbCryptoException{
    byte[] cksum1 = checksumField(data);
    resetChecksumField(data);
    byte[] cksum2 = calculateChecksum(data, data.length);
    copyChecksumField(data, cksum1);
    return cksum2;
}
 

public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage)
    throws KrbApErrException, KrbCryptoException {
    try {
        return Aes128.decrypt(key, usage, ivec, cipher, 0, cipher.length);
    } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
    }
}
 

public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage)
    throws KrbApErrException, KrbCryptoException {
    try {
        return Aes128.decrypt(key, usage, ivec, cipher, 0, cipher.length);
    } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
    }
}
 

private byte[] generateChecksum(byte[] data) throws KrbCryptoException{
    byte[] cksum1 = checksumField(data);
    resetChecksumField(data);
    byte[] cksum2 = calculateChecksum(data, data.length);
    copyChecksumField(data, cksum1);
    return cksum2;
}
 

/**
 * Verifies keyed checksum.
 * @param data the data.
 * @param size the length of data.
 * @param key the key used to encrypt the checksum.
 * @param checksum
 * @return true if verification is successful.
 */
public boolean verifyChecksum(byte[] data, int size,
    byte[] key, byte[] checksum, int usage) throws KrbCryptoException {

     try {
        byte[] newCksum = Aes256.calculateChecksum(key, usage, data,
                                                    0, size);
        return isChecksumEqual(checksum, newCksum);
     } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
     }
}
 

/**
 * Performs encryption using derived key; does not add confounder.
 */
public byte[] encryptRaw(byte[] baseKey, int usage,
    byte[] seqNum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    if (debug) {
        System.out.println("\nARCFOUR: encryptRaw with usage = " + usage);
    }

    // Derive encryption key for data
    //   Key derivation salt = 0
    byte[] klocal = new byte[baseKey.length];
    for (int i = 0; i <= 15; i++) {
        klocal[i] = (byte) (baseKey[i] ^ 0xF0);
    }
    byte[] salt = new byte[4];
    byte[] kcrypt = getHmac(klocal, salt);

    // Note: When using this RC4 based encryption type, the sequence number
    // is always sent in big-endian rather than little-endian order.

    // new encryption key salted with sequence number
    kcrypt = getHmac(kcrypt, seqNum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kcrypt, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 

public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage)
    throws KrbApErrException, KrbCryptoException {
    try {
        return Des3.decrypt(key, usage, ivec, cipher, 0, cipher.length);
    } catch (GeneralSecurityException e) {
        KrbCryptoException ke = new KrbCryptoException(e.getMessage());
        ke.initCause(e);
        throw ke;
    }
}
 

/**
 * Performs encryption using derived key; does not add confounder.
 */
public byte[] encryptRaw(byte[] baseKey, int usage,
    byte[] seqNum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    if (debug) {
        System.out.println("\nARCFOUR: encryptRaw with usage = " + usage);
    }

    // Derive encryption key for data
    //   Key derivation salt = 0
    byte[] klocal = new byte[baseKey.length];
    for (int i = 0; i <= 15; i++) {
        klocal[i] = (byte) (baseKey[i] ^ 0xF0);
    }
    byte[] salt = new byte[4];
    byte[] kcrypt = getHmac(klocal, salt);

    // Note: When using this RC4 based encryption type, the sequence number
    // is always sent in big-endian rather than little-endian order.

    // new encryption key salted with sequence number
    kcrypt = getHmac(kcrypt, seqNum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kcrypt, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 

/**
 * Performs encryption using derived key; adds confounder.
 */
public byte[] encrypt(byte[] baseKey, int usage,
    byte[] ivec, byte[] new_ivec, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                             + usage);
    }
    byte[] output = encryptCTS(baseKey, usage, ivec, new_ivec, plaintext,
                                    start, len, true);
    return output;
}