提交 b226215c 编写于 作者: A andrew

8229951: Better Ticket Granting Services

Reviewed-by: mbalao
上级 4bb32bc1
......@@ -69,6 +69,7 @@ public class Checksum {
// draft-brezak-win2k-krb-rc4-hmac-04.txt
public static final int CKSUMTYPE_HMAC_MD5_ARCFOUR = -138;
// default checksum type, -1 if not set
static int CKSUMTYPE_DEFAULT;
static int SAFECKSUMTYPE_DEFAULT;
......@@ -83,26 +84,19 @@ public class Checksum {
try {
cfg = Config.getInstance();
temp = cfg.get("libdefaults", "default_checksum");
if (temp != null)
{
if (temp != null) {
CKSUMTYPE_DEFAULT = Config.getType(temp);
} else {
/*
* If the default checksum is not
* specified in the configuration we
* set it to RSA_MD5. We follow the MIT and
* SEAM implementation.
*/
CKSUMTYPE_DEFAULT = CKSUMTYPE_RSA_MD5;
CKSUMTYPE_DEFAULT = -1;
}
} catch (Exception exc) {
if (DEBUG) {
System.out.println("Exception in getting default checksum "+
"value from the configuration " +
"Setting default checksum to be RSA-MD5");
"value from the configuration. " +
"No default checksum set.");
exc.printStackTrace();
}
CKSUMTYPE_DEFAULT = CKSUMTYPE_RSA_MD5;
CKSUMTYPE_DEFAULT = -1;
}
......@@ -112,117 +106,100 @@ public class Checksum {
{
SAFECKSUMTYPE_DEFAULT = Config.getType(temp);
} else {
SAFECKSUMTYPE_DEFAULT = CKSUMTYPE_RSA_MD5_DES;
SAFECKSUMTYPE_DEFAULT = -1;
}
} catch (Exception exc) {
if (DEBUG) {
System.out.println("Exception in getting safe default " +
"checksum value " +
"from the configuration Setting " +
"safe default checksum to be RSA-MD5");
"from the configuration Setting. " +
"No safe default checksum set.");
exc.printStackTrace();
}
SAFECKSUMTYPE_DEFAULT = CKSUMTYPE_RSA_MD5_DES;
SAFECKSUMTYPE_DEFAULT = -1;
}
}
/**
* Constructs a new Checksum using the raw data and type.
*
* This constructor is only used by Authenticator Checksum
* {@link sun.security.jgss.krb5.InitialToken.OverloadedChecksum}
* where the checksum type must be 0x8003
* (see https://tools.ietf.org/html/rfc4121#section-4.1.1)
* and checksum field/value is used to convey service flags,
* channel bindings, and optional delegation information.
* This special type does NOT have a {@link CksumType} and has its
* own calculating and verification rules. It does has the same
* ASN.1 encoding though.
*
* @data the byte array of checksum.
* @new_cksumType the type of checksum.
*
*/
// used in InitialToken
public Checksum(byte[] data, int new_cksumType) {
cksumType = new_cksumType;
checksum = data;
}
/**
* Constructs a new Checksum by calculating the checksum over the data
* using specified checksum type.
* @new_cksumType the type of checksum.
* @data the data that needs to be performed a checksum calculation on.
*/
public Checksum(int new_cksumType, byte[] data)
throws KdcErrException, KrbCryptoException {
cksumType = new_cksumType;
CksumType cksumEngine = CksumType.getInstance(cksumType);
if (!cksumEngine.isSafe()) {
checksum = cksumEngine.calculateChecksum(data, data.length);
} else {
throw new KdcErrException(Krb5.KRB_AP_ERR_INAPP_CKSUM);
}
}
/**
* Constructs a new Checksum by calculating the keyed checksum
* over the data using specified checksum type.
* @new_cksumType the type of checksum.
* @data the data that needs to be performed a checksum calculation on.
* Constructs a new Checksum by calculating over the data using
* the specified checksum type. If the checksum is unkeyed, key
* and usage are ignored.
*
* @param new_cksumType the type of checksum. If set to -1, the
* {@linkplain EType#checksumType() mandatory checksum type}
* for the encryption type of {@code key} will be used
* @param data the data that needs to be performed a checksum calculation on
* @param key the key used by a keyed checksum
* @param usage the usage used by a keyed checksum
*/
// KrbSafe, KrbTgsReq
public Checksum(int new_cksumType, byte[] data,
EncryptionKey key, int usage)
throws KdcErrException, KrbApErrException, KrbCryptoException {
if (new_cksumType == -1) {
cksumType = EType.getInstance(key.getEType()).checksumType();
} else {
cksumType = new_cksumType;
CksumType cksumEngine = CksumType.getInstance(cksumType);
if (!cksumEngine.isSafe())
throw new KrbApErrException(Krb5.KRB_AP_ERR_INAPP_CKSUM);
checksum =
cksumEngine.calculateKeyedChecksum(data,
data.length,
key.getBytes(),
usage);
}
checksum = CksumType.getInstance(cksumType).calculateChecksum(
data, data.length, key.getBytes(), usage);
}
/**
* Verifies the keyed checksum over the data passed in.
*/
public boolean verifyKeyedChecksum(byte[] data, EncryptionKey key,
int usage)
public boolean verifyKeyedChecksum(byte[] data, EncryptionKey key, int usage)
throws KdcErrException, KrbApErrException, KrbCryptoException {
CksumType cksumEngine = CksumType.getInstance(cksumType);
if (!cksumEngine.isSafe())
if (!cksumEngine.isKeyed()) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_INAPP_CKSUM);
return cksumEngine.verifyKeyedChecksum(data,
data.length,
key.getBytes(),
checksum,
usage);
}
// =============== ATTENTION! Use with care ==================
// According to https://tools.ietf.org/html/rfc3961#section-6.1,
// An unkeyed checksum should only be used "in limited circumstances
// where the lack of a key does not provide a window for an attack,
// preferably as part of an encrypted message".
public boolean verifyAnyChecksum(byte[] data, EncryptionKey key,
int usage)
throws KdcErrException, KrbCryptoException {
CksumType cksumEngine = CksumType.getInstance(cksumType);
if (!cksumEngine.isSafe()) {
return cksumEngine.verifyChecksum(data, checksum);
} else {
return cksumEngine.verifyKeyedChecksum(data,
data.length,
key.getBytes(),
checksum,
usage);
return cksumEngine.verifyChecksum(
data, data.length, key.getBytes(), checksum, usage);
}
}
/*
public Checksum(byte[] data) throws KdcErrException, KrbCryptoException {
this(Checksum.CKSUMTYPE_DEFAULT, data);
}
/**
* Verifies the checksum over the data passed in. The checksum might
* be a keyed or not.
*
* =============== ATTENTION! Use with care ==================
* According to https://tools.ietf.org/html/rfc3961#section-6.1,
* An unkeyed checksum should only be used "in limited circumstances
* where the lack of a key does not provide a window for an attack,
* preferably as part of an encrypted message".
*/
public boolean verifyAnyChecksum(byte[] data, EncryptionKey key, int usage)
throws KdcErrException, KrbCryptoException {
return CksumType.getInstance(cksumType).verifyChecksum(
data, data.length, key.getBytes(), checksum, usage);
}
boolean isEqual(Checksum cksum) throws KdcErrException {
if (cksumType != cksum.cksumType)
if (cksumType != cksum.cksumType) {
return false;
CksumType cksumEngine = CksumType.getInstance(cksumType);
}
return CksumType.isChecksumEqual(checksum, cksum.checksum);
}
......
......@@ -320,26 +320,8 @@ public class KrbTgsReq {
byte[] temp = reqBody.asn1Encode(Krb5.KRB_TGS_REQ);
// if the checksum type is one of the keyed checksum types,
// use session key.
Checksum cksum;
switch (Checksum.CKSUMTYPE_DEFAULT) {
case Checksum.CKSUMTYPE_RSA_MD4_DES:
case Checksum.CKSUMTYPE_DES_MAC:
case Checksum.CKSUMTYPE_DES_MAC_K:
case Checksum.CKSUMTYPE_RSA_MD4_DES_K:
case Checksum.CKSUMTYPE_RSA_MD5_DES:
case Checksum.CKSUMTYPE_HMAC_SHA1_DES3_KD:
case Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR:
case Checksum.CKSUMTYPE_HMAC_SHA1_96_AES128:
case Checksum.CKSUMTYPE_HMAC_SHA1_96_AES256:
cksum = new Checksum(Checksum.CKSUMTYPE_DEFAULT, temp, key,
Checksum cksum = new Checksum(Checksum.CKSUMTYPE_DEFAULT, temp, key,
KeyUsage.KU_PA_TGS_REQ_CKSUM);
break;
case Checksum.CKSUMTYPE_CRC32:
case Checksum.CKSUMTYPE_RSA_MD4:
case Checksum.CKSUMTYPE_RSA_MD5:
default:
cksum = new Checksum(Checksum.CKSUMTYPE_DEFAULT, temp);
}
// Usage will be KeyUsage.KU_PA_TGS_REQ_AUTHENTICATOR
......
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -133,6 +133,7 @@ public class PAForUserEnc {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), name.getRealm().asn1Encode());
try {
// MS-SFU 2.2.1: use hmac-md5 checksum regardless of key type
Checksum cks = new Checksum(
Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR,
getS4UByteArray(),
......
/*
* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -31,10 +31,7 @@
package sun.security.krb5.internal.crypto;
import sun.security.krb5.Config;
import sun.security.krb5.Checksum;
import sun.security.krb5.EncryptedData;
import sun.security.krb5.KrbException;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.internal.*;
......@@ -81,6 +78,7 @@ public abstract class CksumType {
cksumTypeName =
"sun.security.krb5.internal.crypto.HmacSha1Aes128CksumType";
break;
case Checksum.CKSUMTYPE_HMAC_SHA1_96_AES256:
cksumType = new HmacSha1Aes256CksumType();
cksumTypeName =
......@@ -117,32 +115,11 @@ public abstract class CksumType {
return cksumType;
}
/**
* Returns default checksum type.
*/
public static CksumType getInstance() throws KdcErrException {
// this method provided for Kerberos applications.
int cksumType = Checksum.CKSUMTYPE_RSA_MD5; // default
try {
Config c = Config.getInstance();
if ((cksumType = (Config.getType(c.get("libdefaults",
"ap_req_checksum_type")))) == - 1) {
if ((cksumType = Config.getType(c.get("libdefaults",
"checksum_type"))) == -1) {
cksumType = Checksum.CKSUMTYPE_RSA_MD5; // default
}
}
} catch (KrbException e) {
}
return getInstance(cksumType);
}
public abstract int confounderSize();
public abstract int cksumType();
public abstract boolean isSafe();
public abstract boolean isKeyed();
public abstract int cksumSize();
......@@ -150,18 +127,12 @@ public abstract class CksumType {
public abstract int keySize();
public abstract byte[] calculateChecksum(byte[] data, int size)
throws KrbCryptoException;
public abstract byte[] calculateKeyedChecksum(byte[] data, int size,
// Note: key and usage will be ignored for an unkeyed checksum.
public abstract byte[] calculateChecksum(byte[] data, int size,
byte[] key, int usage) throws KrbCryptoException;
public boolean verifyChecksum(byte[] data, byte[] checksum)
throws KrbCryptoException {
throw new UnsupportedOperationException("Not supported");
}
public abstract boolean verifyKeyedChecksum(byte[] data, int size,
// Note: key and usage will be ignored for an unkeyed checksum.
public abstract boolean verifyChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) throws KrbCryptoException;
public static boolean isChecksumEqual(byte[] cksum1, byte[] cksum2) {
......
......@@ -32,7 +32,6 @@ package sun.security.krb5.internal.crypto;
import sun.security.krb5.*;
import sun.security.krb5.internal.*;
import java.util.zip.CRC32;
public class Crc32CksumType extends CksumType {
......@@ -47,7 +46,7 @@ public class Crc32CksumType extends CksumType {
return Checksum.CKSUMTYPE_CRC32;
}
public boolean isSafe() {
public boolean isKeyed() {
return false;
}
......@@ -63,18 +62,15 @@ public class Crc32CksumType extends CksumType {
return 0;
}
public byte[] calculateChecksum(byte[] data, int size) {
return crc32.byte2crc32sum_bytes(data, size);
}
public byte[] calculateKeyedChecksum(byte[] data, int size,
public byte[] calculateChecksum(byte[] data, int size,
byte[] key, int usage) {
return null;
return crc32.byte2crc32sum_bytes(data, size);
}
public boolean verifyKeyedChecksum(byte[] data, int size,
public boolean verifyChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) {
return false;
return CksumType.isChecksumEqual(checksum,
crc32.byte2crc32sum_bytes(data));
}
public static byte[] int2quad(long input) {
......
......@@ -53,7 +53,7 @@ public class DesCbcCrcEType extends DesCbcEType {
}
public int checksumType() {
return Checksum.CKSUMTYPE_CRC32;
return Checksum.CKSUMTYPE_RSA_MD5;
}
public int checksumSize() {
......
......@@ -49,7 +49,7 @@ public class DesMacCksumType extends CksumType {
return Checksum.CKSUMTYPE_DES_MAC;
}
public boolean isSafe() {
public boolean isKeyed() {
return true;
}
......@@ -65,10 +65,6 @@ public class DesMacCksumType extends CksumType {
return 8;
}
public byte[] calculateChecksum(byte[] data, int size) {
return null;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
......@@ -78,7 +74,7 @@ public class DesMacCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key,
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
int usage) throws KrbCryptoException {
byte[] new_data = new byte[size + confounderSize()];
byte[] conf = Confounder.bytes(confounderSize());
......@@ -130,7 +126,7 @@ public class DesMacCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public boolean verifyKeyedChecksum(byte[] data, int size,
public boolean verifyChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
byte[] cksum = decryptKeyedChecksum(checksum, key);
......
......@@ -48,7 +48,7 @@ public class DesMacKCksumType extends CksumType {
return Checksum.CKSUMTYPE_DES_MAC_K;
}
public boolean isSafe() {
public boolean isKeyed() {
return true;
}
......@@ -64,10 +64,6 @@ public class DesMacKCksumType extends CksumType {
return 8;
}
public byte[] calculateChecksum(byte[] data, int size) {
return null;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
......@@ -77,7 +73,7 @@ public class DesMacKCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key,
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
int usage) throws KrbCryptoException {
//check for weak keys
try {
......@@ -93,9 +89,9 @@ public class DesMacKCksumType extends CksumType {
return cksum;
}
public boolean verifyKeyedChecksum(byte[] data, int size,
public boolean verifyChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
byte[] new_cksum = calculateKeyedChecksum(data, data.length, key, usage);
byte[] new_cksum = calculateChecksum(data, data.length, key, usage);
return isChecksumEqual(checksum, new_cksum);
}
......
/*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -28,8 +28,6 @@ package sun.security.krb5.internal.crypto;
import sun.security.krb5.Checksum;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.internal.*;
import javax.crypto.spec.DESKeySpec;
import java.security.InvalidKeyException;
import java.security.GeneralSecurityException;
/**
......@@ -51,7 +49,7 @@ public class HmacMd5ArcFourCksumType extends CksumType {
return Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR;
}
public boolean isSafe() {
public boolean isKeyed() {
return true;
}
......@@ -67,10 +65,6 @@ public class HmacMd5ArcFourCksumType extends CksumType {
return 16; // bytes
}
public byte[] calculateChecksum(byte[] data, int size) {
return null;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
......@@ -78,7 +72,7 @@ public class HmacMd5ArcFourCksumType extends CksumType {
* @param key the key used to encrypt the checksum.
* @return keyed checksum.
*/
public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key,
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
int usage) throws KrbCryptoException {
try {
......@@ -98,7 +92,7 @@ public class HmacMd5ArcFourCksumType extends CksumType {
* @param checksum
* @return true if verification is successful.
*/
public boolean verifyKeyedChecksum(byte[] data, int size,
public boolean verifyChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
try {
......
/*
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -28,8 +28,6 @@ package sun.security.krb5.internal.crypto;
import sun.security.krb5.Checksum;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.internal.*;
import javax.crypto.spec.DESKeySpec;
import java.security.InvalidKeyException;
import java.security.GeneralSecurityException;
/*
......@@ -51,7 +49,7 @@ public class HmacSha1Aes128CksumType extends CksumType {
return Checksum.CKSUMTYPE_HMAC_SHA1_96_AES128;
}
public boolean isSafe() {
public boolean isKeyed() {
return true;
}
......@@ -67,10 +65,6 @@ public class HmacSha1Aes128CksumType extends CksumType {
return 16; // bytes
}
public byte[] calculateChecksum(byte[] data, int size) {
return null;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
......@@ -78,7 +72,7 @@ public class HmacSha1Aes128CksumType extends CksumType {
* @param key the key used to encrypt the checksum.
* @return keyed checksum.
*/
public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key,
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
int usage) throws KrbCryptoException {
try {
......@@ -98,7 +92,7 @@ public class HmacSha1Aes128CksumType extends CksumType {
* @param checksum
* @return true if verification is successful.
*/
public boolean verifyKeyedChecksum(byte[] data, int size,
public boolean verifyChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
try {
......
/*
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -28,8 +28,6 @@ package sun.security.krb5.internal.crypto;
import sun.security.krb5.Checksum;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.internal.*;
import javax.crypto.spec.DESKeySpec;
import java.security.InvalidKeyException;
import java.security.GeneralSecurityException;
/*
......@@ -51,7 +49,7 @@ public class HmacSha1Aes256CksumType extends CksumType {
return Checksum.CKSUMTYPE_HMAC_SHA1_96_AES256;
}
public boolean isSafe() {
public boolean isKeyed() {
return true;
}
......@@ -67,10 +65,6 @@ public class HmacSha1Aes256CksumType extends CksumType {
return 32; // bytes
}
public byte[] calculateChecksum(byte[] data, int size) {
return null;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
......@@ -78,7 +72,7 @@ public class HmacSha1Aes256CksumType extends CksumType {
* @param key the key used to encrypt the checksum.
* @return keyed checksum.
*/
public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key,
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
int usage) throws KrbCryptoException {
try {
......@@ -98,7 +92,7 @@ public class HmacSha1Aes256CksumType extends CksumType {
* @param checksum
* @return true if verification is successful.
*/
public boolean verifyKeyedChecksum(byte[] data, int size,
public boolean verifyChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
try {
......
/*
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -28,8 +28,6 @@ package sun.security.krb5.internal.crypto;
import sun.security.krb5.Checksum;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.internal.*;
import javax.crypto.spec.DESKeySpec;
import java.security.InvalidKeyException;
import java.security.GeneralSecurityException;
public class HmacSha1Des3KdCksumType extends CksumType {
......@@ -45,7 +43,7 @@ public class HmacSha1Des3KdCksumType extends CksumType {
return Checksum.CKSUMTYPE_HMAC_SHA1_DES3_KD;
}
public boolean isSafe() {
public boolean isKeyed() {
return true;
}
......@@ -61,10 +59,6 @@ public class HmacSha1Des3KdCksumType extends CksumType {
return 24; // bytes
}
public byte[] calculateChecksum(byte[] data, int size) {
return null;
}
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
......@@ -72,7 +66,7 @@ public class HmacSha1Des3KdCksumType extends CksumType {
* @param key the key used to encrypt the checksum.
* @return keyed checksum.
*/
public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key,
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
int usage) throws KrbCryptoException {
try {
......@@ -92,7 +86,7 @@ public class HmacSha1Des3KdCksumType extends CksumType {
* @param checksum
* @return true if verification is successful.
*/
public boolean verifyKeyedChecksum(byte[] data, int size,
public boolean verifyChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
try {
......
......@@ -33,8 +33,6 @@ import sun.security.krb5.Checksum;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.internal.*;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.Security;
public final class RsaMd5CksumType extends CksumType {
......@@ -49,7 +47,7 @@ public final class RsaMd5CksumType extends CksumType {
return Checksum.CKSUMTYPE_RSA_MD5;
}
public boolean isSafe() {
public boolean isKeyed() {
return false;
}
......@@ -74,7 +72,8 @@ public final class RsaMd5CksumType extends CksumType {
* @modified by Yanni Zhang, 12/08/99.
*/
public byte[] calculateChecksum(byte[] data, int size) throws KrbCryptoException{
public byte[] calculateChecksum(byte[] data, int size,
byte[] key, int usage) throws KrbCryptoException{
MessageDigest md5;
byte[] result = null;
try {
......@@ -91,18 +90,9 @@ public final class RsaMd5CksumType extends CksumType {
return result;
}
public byte[] calculateKeyedChecksum(byte[] data, int size,
byte[] key, int usage) throws KrbCryptoException {
return null;
}
public boolean verifyKeyedChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
return false;
}
@Override
public boolean verifyChecksum(byte[] data, byte[] checksum)
public boolean verifyChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage)
throws KrbCryptoException {
try {
byte[] calculated = MessageDigest.getInstance("MD5").digest(data);
......
......@@ -33,12 +33,8 @@ import sun.security.krb5.Checksum;
import sun.security.krb5.Confounder;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.internal.*;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.DESKeySpec;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.Security;
import java.security.InvalidKeyException;
public final class RsaMd5DesCksumType extends CksumType {
......@@ -54,7 +50,7 @@ public final class RsaMd5DesCksumType extends CksumType {
return Checksum.CKSUMTYPE_RSA_MD5_DES;
}
public boolean isSafe() {
public boolean isKeyed() {
return true;
}
......@@ -79,7 +75,7 @@ public final class RsaMd5DesCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key,
public byte[] calculateChecksum(byte[] data, int size, byte[] key,
int usage) throws KrbCryptoException {
//prepend confounder
byte[] new_data = new byte[size + confounderSize()];
......@@ -88,7 +84,7 @@ public final class RsaMd5DesCksumType extends CksumType {
System.arraycopy(data, 0, new_data, confounderSize(), size);
//calculate md5 cksum
byte[] mdc_cksum = calculateChecksum(new_data, new_data.length);
byte[] mdc_cksum = calculateRawChecksum(new_data, new_data.length);
byte[] cksum = new byte[cksumSize()];
System.arraycopy(conf, 0, cksum, 0, confounderSize());
System.arraycopy(mdc_cksum, 0, cksum, confounderSize(),
......@@ -125,7 +121,7 @@ public final class RsaMd5DesCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public boolean verifyKeyedChecksum(byte[] data, int size,
public boolean verifyChecksum(byte[] data, int size,
byte[] key, byte[] checksum, int usage) throws KrbCryptoException {
//decrypt checksum
byte[] cksum = decryptKeyedChecksum(checksum, key);
......@@ -135,7 +131,7 @@ public final class RsaMd5DesCksumType extends CksumType {
System.arraycopy(cksum, 0, new_data, 0, confounderSize());
System.arraycopy(data, 0, new_data, confounderSize(), size);
byte[] new_cksum = calculateChecksum(new_data, new_data.length);
byte[] new_cksum = calculateRawChecksum(new_data, new_data.length);
//extract original cksum value
byte[] orig_cksum = new byte[cksumSize() - confounderSize()];
System.arraycopy(cksum, confounderSize(), orig_cksum, 0,
......@@ -181,7 +177,7 @@ public final class RsaMd5DesCksumType extends CksumType {
*
* @modified by Yanni Zhang, 12/08/99.
*/
public byte[] calculateChecksum(byte[] data, int size) throws KrbCryptoException{
private byte[] calculateRawChecksum(byte[] data, int size) throws KrbCryptoException{
MessageDigest md5;
byte[] result = null;
try {
......@@ -197,5 +193,4 @@ public final class RsaMd5DesCksumType extends CksumType {
}
return result;
}
}
......@@ -726,7 +726,7 @@ public class KDC {
* @return the key
* @throws sun.security.krb5.KrbException for unknown/unsupported etype
*/
private EncryptionKey keyForUser(PrincipalName p, int etype, boolean server)
EncryptionKey keyForUser(PrincipalName p, int etype, boolean server)
throws KrbException {
try {
// Do not call EncryptionKey.acquireSecretKeys(), otherwise
......@@ -797,7 +797,7 @@ public class KDC {
int e2 = eTypes[0]; // etype for outgoing session key
int e3 = eTypes[0]; // etype for outgoing ticket
PAData[] pas = KDCReqDotPAData(tgsReq);
PAData[] pas = tgsReq.pAData;
Ticket tkt = null;
EncTicketPart etp = null;
......@@ -828,7 +828,6 @@ public class KDC {
for (PAData pa: pas) {
if (pa.getType() == Krb5.PA_TGS_REQ) {
APReq apReq = new APReq(pa.getValue());
EncryptedData ed = apReq.authenticator;
tkt = apReq.ticket;
int te = tkt.encPart.getEType();
EncryptionKey kkey = keyForUser(tkt.sname, te, true);
......@@ -1282,7 +1281,7 @@ public class KDC {
outPAs.add(new PAData(Krb5.PA_ETYPE_INFO, eid.toByteArray()));
}
PAData[] inPAs = KDCReqDotPAData(asReq);
PAData[] inPAs = asReq.pAData;
List<PAData> enc_outPAs = new ArrayList<>();
byte[] paEncTimestamp = null;
......@@ -2100,7 +2099,6 @@ public class KDC {
}
// Calling private methods thru reflections
private static final Field getPADataField;
private static final Field getEType;
private static final Constructor<EncryptedData> ctorEncryptedData;
private static final Method stringToKey;
......@@ -2110,8 +2108,6 @@ public class KDC {
try {
ctorEncryptedData = EncryptedData.class.getDeclaredConstructor(DerValue.class);
ctorEncryptedData.setAccessible(true);
getPADataField = KDCReq.class.getDeclaredField("pAData");
getPADataField.setAccessible(true);
getEType = KDCReqBody.class.getDeclaredField("eType");
getEType.setAccessible(true);
stringToKey = EncryptionKey.class.getDeclaredMethod(
......@@ -2133,13 +2129,6 @@ public class KDC {
throw new AssertionError(e);
}
}
private static PAData[] KDCReqDotPAData(KDCReq req) {
try {
return (PAData[])getPADataField.get(req);
} catch (Exception e) {
throw new AssertionError(e);
}
}
private static int[] KDCReqBodyDotEType(KDCReqBody body) {
try {
return (int[]) getEType.get(body);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册