sun.security.krb5.internal.crypto.KeyUsage Java Examples

The following examples show how to use sun.security.krb5.internal.crypto.KeyUsage. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KrbApRep.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
private void createMessage(
                           EncryptionKey key,
                           KerberosTime ctime,
                           int cusec,
                           EncryptionKey subKey,
                           SeqNumber seqNumber)
    throws Asn1Exception, IOException,
           KdcErrException, KrbCryptoException {

    Integer seqno = null;

    if (seqNumber != null)
        seqno = new Integer(seqNumber.current());

    encPart = new EncAPRepPart(ctime,
                               cusec,
                               subKey,
                               seqno);

    byte[] encPartEncoding = encPart.asn1Encode();

    EncryptedData encEncPart = new EncryptedData(key, encPartEncoding,
        KeyUsage.KU_ENC_AP_REP_PART);

    apRepMessg = new APRep(encEncPart);
}
 
Example #2
Source File: ArcFourCrypto.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Performs decryption of Sequence Number using derived key.
 */
public byte[] decryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] ciphertext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    // derive decryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.DECRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(ciphertext, start, len);

    return output;
}
 
Example #3
Source File: KrbApRep.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
private void createMessage(
                           EncryptionKey key,
                           KerberosTime ctime,
                           int cusec,
                           EncryptionKey subKey,
                           SeqNumber seqNumber)
    throws Asn1Exception, IOException,
           KdcErrException, KrbCryptoException {

    Integer seqno = null;

    if (seqNumber != null)
        seqno = seqNumber.current();

    encPart = new EncAPRepPart(ctime,
                               cusec,
                               subKey,
                               seqno);

    byte[] encPartEncoding = encPart.asn1Encode();

    EncryptedData encEncPart = new EncryptedData(key, encPartEncoding,
        KeyUsage.KU_ENC_AP_REP_PART);

    apRepMessg = new APRep(encEncPart);
}
 
Example #4
Source File: KrbApRep.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
private void createMessage(
                           EncryptionKey key,
                           KerberosTime ctime,
                           int cusec,
                           EncryptionKey subKey,
                           SeqNumber seqNumber)
    throws Asn1Exception, IOException,
           KdcErrException, KrbCryptoException {

    Integer seqno = null;

    if (seqNumber != null)
        seqno = new Integer(seqNumber.current());

    encPart = new EncAPRepPart(ctime,
                               cusec,
                               subKey,
                               seqno);

    byte[] encPartEncoding = encPart.asn1Encode();

    EncryptedData encEncPart = new EncryptedData(key, encPartEncoding,
        KeyUsage.KU_ENC_AP_REP_PART);

    apRepMessg = new APRep(encEncPart);
}
 
Example #5
Source File: ArcFourCrypto.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Performs decryption of Sequence Number using derived key.
 */
public byte[] decryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] ciphertext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    // derive decryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.DECRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(ciphertext, start, len);

    return output;
}
 
Example #6
Source File: KerberosPreMasterSecret.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #7
Source File: ArcFourCrypto.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Performs decryption of Sequence Number using derived key.
 */
public byte[] decryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] ciphertext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    // derive decryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.DECRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(ciphertext, start, len);

    return output;
}
 
Example #8
Source File: ArcFourCrypto.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Performs encryption of Sequence Number using derived key.
 */
public byte[] encryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    // derive encryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 
Example #9
Source File: ArcFourCrypto.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Performs encryption of Sequence Number using derived key.
 */
public byte[] encryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    // derive encryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 
Example #10
Source File: KerberosPreMasterSecret.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #11
Source File: KerberosPreMasterSecret.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #12
Source File: ArcFourCrypto.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Performs encryption of Sequence Number using derived key.
 */
public byte[] encryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    // derive encryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 
Example #13
Source File: ArcFourCrypto.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Performs encryption of Sequence Number using derived key.
 */
public byte[] encryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    // derive encryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 
Example #14
Source File: ArcFourCrypto.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Performs decryption of Sequence Number using derived key.
 */
public byte[] decryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] ciphertext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    // derive decryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.DECRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(ciphertext, start, len);

    return output;
}
 
Example #15
Source File: KrbApRep.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
private void createMessage(
                           EncryptionKey key,
                           KerberosTime ctime,
                           int cusec,
                           EncryptionKey subKey,
                           SeqNumber seqNumber)
    throws Asn1Exception, IOException,
           KdcErrException, KrbCryptoException {

    Integer seqno = null;

    if (seqNumber != null)
        seqno = new Integer(seqNumber.current());

    encPart = new EncAPRepPart(ctime,
                               cusec,
                               subKey,
                               seqno);

    byte[] encPartEncoding = encPart.asn1Encode();

    EncryptedData encEncPart = new EncryptedData(key, encPartEncoding,
        KeyUsage.KU_ENC_AP_REP_PART);

    apRepMessg = new APRep(encEncPart);
}
 
Example #16
Source File: ArcFourCrypto.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Performs decryption of Sequence Number using derived key.
 */
public byte[] decryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] ciphertext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    // derive decryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.DECRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(ciphertext, start, len);

    return output;
}
 
Example #17
Source File: ArcFourCrypto.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Performs decryption of Sequence Number using derived key.
 */
public byte[] decryptSeq(byte[] baseKey, int usage,
    byte[] checksum, byte[] ciphertext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    // derive decryption for sequence number
    byte[] salt = new byte[4];
    byte[] kSeq = getHmac(baseKey, salt);

    // derive new encryption key salted with sequence number
    kSeq = getHmac(kSeq, checksum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kSeq, "ARCFOUR");
    cipher.init(Cipher.DECRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(ciphertext, start, len);

    return output;
}
 
Example #18
Source File: KerberosPreMasterSecret.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #19
Source File: KrbCred.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
KRBCred createMessage(Credentials delegatedCreds, EncryptionKey key)
    throws KrbException, IOException {

    EncryptionKey sessionKey
        = delegatedCreds.getSessionKey();
    PrincipalName princ = delegatedCreds.getClient();
    Realm realm = princ.getRealm();
    PrincipalName tgService = delegatedCreds.getServer();

    KrbCredInfo credInfo = new KrbCredInfo(sessionKey,
                                           princ, delegatedCreds.flags, delegatedCreds.authTime,
                                           delegatedCreds.startTime, delegatedCreds.endTime,
                                           delegatedCreds.renewTill, tgService,
                                           delegatedCreds.cAddr);

    timeStamp = KerberosTime.now();
    KrbCredInfo[] credInfos = {credInfo};
    EncKrbCredPart encPart =
        new EncKrbCredPart(credInfos,
                           timeStamp, null, null, null, null);

    EncryptedData encEncPart = new EncryptedData(key,
        encPart.asn1Encode(), KeyUsage.KU_ENC_KRB_CRED_PART);

    Ticket[] tickets = {delegatedCreds.ticket};

    credMessg = new KRBCred(tickets, encEncPart);

    return credMessg;
}
 
Example #20
Source File: ArcFourCrypto.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Performs encryption using derived key; does not add confounder.
 */
public byte[] encryptRaw(byte[] baseKey, int usage,
    byte[] seqNum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    if (debug) {
        System.out.println("\nARCFOUR: encryptRaw with usage = " + usage);
    }

    // Derive encryption key for data
    //   Key derivation salt = 0
    byte[] klocal = new byte[baseKey.length];
    for (int i = 0; i <= 15; i++) {
        klocal[i] = (byte) (baseKey[i] ^ 0xF0);
    }
    byte[] salt = new byte[4];
    byte[] kcrypt = getHmac(klocal, salt);

    // Note: When using this RC4 based encryption type, the sequence number
    // is always sent in big-endian rather than little-endian order.

    // new encryption key salted with sequence number
    kcrypt = getHmac(kcrypt, seqNum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kcrypt, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 
Example #21
Source File: ArcFourCrypto.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Performs encryption using derived key; does not add confounder.
 */
public byte[] encryptRaw(byte[] baseKey, int usage,
    byte[] seqNum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    if (debug) {
        System.out.println("\nARCFOUR: encryptRaw with usage = " + usage);
    }

    // Derive encryption key for data
    //   Key derivation salt = 0
    byte[] klocal = new byte[baseKey.length];
    for (int i = 0; i <= 15; i++) {
        klocal[i] = (byte) (baseKey[i] ^ 0xF0);
    }
    byte[] salt = new byte[4];
    byte[] kcrypt = getHmac(klocal, salt);

    // Note: When using this RC4 based encryption type, the sequence number
    // is always sent in big-endian rather than little-endian order.

    // new encryption key salted with sequence number
    kcrypt = getHmac(kcrypt, seqNum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kcrypt, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 
Example #22
Source File: KrbAsRep.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Decrypts encrypted content inside AS-REP. Called by initiator.
 * @param dkey the decryption key to use
 * @param asReq the original AS-REQ sent, used to validate AS-REP
 */
private void decrypt(EncryptionKey dkey, KrbAsReq asReq)
        throws KrbException, Asn1Exception, IOException {
    byte[] enc_as_rep_bytes = rep.encPart.decrypt(dkey,
        KeyUsage.KU_ENC_AS_REP_PART);
    byte[] enc_as_rep_part = rep.encPart.reset(enc_as_rep_bytes);

    DerValue encoding = new DerValue(enc_as_rep_part);
    EncASRepPart enc_part = new EncASRepPart(encoding);
    rep.encKDCRepPart = enc_part;

    ASReq req = asReq.getMessage();
    check(true, req, rep);

    creds = new Credentials(
                            rep.ticket,
                            req.reqBody.cname,
                            rep.ticket.sname,
                            enc_part.key,
                            enc_part.flags,
                            enc_part.authtime,
                            enc_part.starttime,
                            enc_part.endtime,
                            enc_part.renewTill,
                            enc_part.caddr);
    if (DEBUG) {
        System.out.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
                           req.reqBody.cname.getNameString());
    }
}
 
Example #23
Source File: AesDkCrypto.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * @param baseKey key from which keys are to be derived using usage
 * @param ciphertext  E(Ke, conf | plaintext | padding, ivec) | H1[1..h]
 */
public byte[] decrypt(byte[] baseKey, int usage, byte[] ivec,
    byte[] ciphertext, int start, int len) throws GeneralSecurityException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    byte[] output = decryptCTS(baseKey, usage, ivec, ciphertext,
                                    start, len, true);
    return output;
}
 
Example #24
Source File: AesDkCrypto.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Decrypts data using specified key and initial vector.
 * @param baseKey encryption key to use
 * @param ciphertext  encrypted data to be decrypted
 * @param usage ignored
 */
public byte[] decryptRaw(byte[] baseKey, int usage, byte[] ivec,
    byte[] ciphertext, int start, int len)
    throws GeneralSecurityException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    byte[] output = decryptCTS(baseKey, usage, ivec, ciphertext,
                                    start, len, false);
    return output;
}
 
Example #25
Source File: AesDkCrypto.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Performs encryption using derived key; adds confounder.
 */
public byte[] encrypt(byte[] baseKey, int usage,
    byte[] ivec, byte[] new_ivec, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                             + usage);
    }
    byte[] output = encryptCTS(baseKey, usage, ivec, new_ivec, plaintext,
                                    start, len, true);
    return output;
}
 
Example #26
Source File: ArcFourCrypto.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Performs encryption using derived key; does not add confounder.
 */
public byte[] encryptRaw(byte[] baseKey, int usage,
    byte[] seqNum, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }

    if (debug) {
        System.out.println("\nARCFOUR: encryptRaw with usage = " + usage);
    }

    // Derive encryption key for data
    //   Key derivation salt = 0
    byte[] klocal = new byte[baseKey.length];
    for (int i = 0; i <= 15; i++) {
        klocal[i] = (byte) (baseKey[i] ^ 0xF0);
    }
    byte[] salt = new byte[4];
    byte[] kcrypt = getHmac(klocal, salt);

    // Note: When using this RC4 based encryption type, the sequence number
    // is always sent in big-endian rather than little-endian order.

    // new encryption key salted with sequence number
    kcrypt = getHmac(kcrypt, seqNum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kcrypt, "ARCFOUR");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(plaintext, start, len);

    return output;
}
 
Example #27
Source File: ArcFourCrypto.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Decrypts data using specified key and initial vector.
 * @param baseKey encryption key to use
 * @param ciphertext  encrypted data to be decrypted
 * @param usage ignored
 */
public byte[] decryptRaw(byte[] baseKey, int usage, byte[] ivec,
    byte[] ciphertext, int start, int len, byte[] seqNum)
    throws GeneralSecurityException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    if (debug) {
        System.out.println("\nARCFOUR: decryptRaw with usage = " + usage);
    }

    // Derive encryption key for data
    //   Key derivation salt = 0
    byte[] klocal = new byte[baseKey.length];
    for (int i = 0; i <= 15; i++) {
        klocal[i] = (byte) (baseKey[i] ^ 0xF0);
    }
    byte[] salt = new byte[4];
    byte[] kcrypt = getHmac(klocal, salt);

    // need only first 4 bytes of sequence number
    byte[] sequenceNum = new byte[4];
    System.arraycopy(seqNum, 0, sequenceNum, 0, sequenceNum.length);

    // new encryption key salted with sequence number
    kcrypt = getHmac(kcrypt, sequenceNum);

    Cipher cipher = Cipher.getInstance("ARCFOUR");
    SecretKeySpec secretKey = new SecretKeySpec(kcrypt, "ARCFOUR");
    cipher.init(Cipher.DECRYPT_MODE, secretKey);
    byte[] output = cipher.doFinal(ciphertext, start, len);

    return output;
}
 
Example #28
Source File: AesDkCrypto.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * @param baseKey key from which keys are to be derived using usage
 * @param ciphertext  E(Ke, conf | plaintext | padding, ivec) | H1[1..h]
 */
public byte[] decrypt(byte[] baseKey, int usage, byte[] ivec,
    byte[] ciphertext, int start, int len) throws GeneralSecurityException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    byte[] output = decryptCTS(baseKey, usage, ivec, ciphertext,
                                    start, len, true);
    return output;
}
 
Example #29
Source File: AesDkCrypto.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Decrypts data using specified key and initial vector.
 * @param baseKey encryption key to use
 * @param ciphertext  encrypted data to be decrypted
 * @param usage ignored
 */
public byte[] decryptRaw(byte[] baseKey, int usage, byte[] ivec,
    byte[] ciphertext, int start, int len)
    throws GeneralSecurityException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    byte[] output = decryptCTS(baseKey, usage, ivec, ciphertext,
                                    start, len, false);
    return output;
}
 
Example #30
Source File: AesDkCrypto.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Performs encryption using derived key; does not add confounder.
 */
public byte[] encryptRaw(byte[] baseKey, int usage,
    byte[] ivec, byte[] plaintext, int start, int len)
    throws GeneralSecurityException, KrbCryptoException {

    if (!KeyUsage.isValid(usage)) {
        throw new GeneralSecurityException("Invalid key usage number: "
                                            + usage);
    }
    byte[] output = encryptCTS(baseKey, usage, ivec, null, plaintext,
                                    start, len, false);
    return output;
}