author | smarks |
Wed, 12 Jan 2011 13:52:09 -0800 | |
changeset 7977 | f47f211cd627 |
parent 5506 | 202f599c92aa |
permissions | -rw-r--r-- |
2 | 1 |
/* |
2 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
3 |
* |
|
4 |
* This code is free software; you can redistribute it and/or modify it |
|
5 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 6 |
* published by the Free Software Foundation. Oracle designates this |
2 | 7 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 8 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 9 |
* |
10 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
11 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
12 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
13 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
14 |
* accompanied this code). |
|
15 |
* |
|
16 |
* You should have received a copy of the GNU General Public License version |
|
17 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
18 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
19 |
* |
|
5506 | 20 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
21 |
* or visit www.oracle.com if you need additional information or have any |
|
22 |
* questions. |
|
2 | 23 |
*/ |
24 |
||
25 |
/* |
|
26 |
* |
|
27 |
* (C) Copyright IBM Corp. 1999 All Rights Reserved. |
|
28 |
* Copyright 1997 The Open Group Research Institute. All rights reserved. |
|
29 |
*/ |
|
30 |
||
31 |
package sun.security.krb5.internal.crypto; |
|
32 |
||
33 |
import javax.crypto.Cipher; |
|
34 |
import javax.crypto.spec.SecretKeySpec; |
|
35 |
import javax.crypto.SecretKeyFactory; |
|
36 |
import javax.crypto.SecretKey; |
|
37 |
import java.security.GeneralSecurityException; |
|
38 |
import javax.crypto.spec.IvParameterSpec; |
|
39 |
import sun.security.krb5.KrbCryptoException; |
|
40 |
import java.util.Arrays; |
|
3949
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
41 |
import sun.security.action.GetPropertyAction; |
2 | 42 |
|
43 |
public final class Des { |
|
44 |
||
3949
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
45 |
// RFC 3961 demands that UTF-8 encoding be used in DES's |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
46 |
// string-to-key function. For historical reasons, some |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
47 |
// implementations use a locale-specific encoding. Even |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
48 |
// so, when the client and server use different locales, |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
49 |
// they must agree on a common value, normally the one |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
50 |
// used when the password is set/reset. |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
51 |
// |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
52 |
// The following system property is provided to perform the |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
53 |
// string-to-key encoding. When set, the specified charset |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
54 |
// name is used. Otherwise, the system default charset. |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
55 |
|
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
56 |
private final static String CHARSET = |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
57 |
java.security.AccessController.doPrivileged( |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
58 |
new GetPropertyAction("sun.security.krb5.msinterop.des.s2kcharset")); |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
59 |
|
2 | 60 |
private static final long[] bad_keys = { |
61 |
0x0101010101010101L, 0xfefefefefefefefeL, |
|
62 |
0x1f1f1f1f1f1f1f1fL, 0xe0e0e0e0e0e0e0e0L, |
|
63 |
0x01fe01fe01fe01feL, 0xfe01fe01fe01fe01L, |
|
64 |
0x1fe01fe00ef10ef1L, 0xe01fe01ff10ef10eL, |
|
65 |
0x01e001e001f101f1L, 0xe001e001f101f101L, |
|
66 |
0x1ffe1ffe0efe0efeL, 0xfe1ffe1ffe0efe0eL, |
|
67 |
0x011f011f010e010eL, 0x1f011f010e010e01L, |
|
68 |
0xe0fee0fef1fef1feL, 0xfee0fee0fef1fef1L |
|
69 |
}; |
|
70 |
||
71 |
private static final byte[] good_parity = { |
|
72 |
1, 1, 2, 2, 4, 4, 7, 7, |
|
73 |
8, 8, 11, 11, 13, 13, 14, 14, |
|
74 |
16, 16, 19, 19, 21, 21, 22, 22, |
|
75 |
25, 25, 26, 26, 28, 28, 31, 31, |
|
76 |
32, 32, 35, 35, 37, 37, 38, 38, |
|
77 |
41, 41, 42, 42, 44, 44, 47, 47, |
|
78 |
49, 49, 50, 50, 52, 52, 55, 55, |
|
79 |
56, 56, 59, 59, 61, 61, 62, 62, |
|
80 |
64, 64, 67, 67, 69, 69, 70, 70, |
|
81 |
73, 73, 74, 74, 76, 76, 79, 79, |
|
82 |
81, 81, 82, 82, 84, 84, 87, 87, |
|
83 |
88, 88, 91, 91, 93, 93, 94, 94, |
|
84 |
97, 97, 98, 98, 100, 100, 103, 103, |
|
85 |
104, 104, 107, 107, 109, 109, 110, 110, |
|
86 |
112, 112, 115, 115, 117, 117, 118, 118, |
|
87 |
121, 121, 122, 122, 124, 124, 127, 127, |
|
88 |
(byte)128, (byte)128, (byte)131, (byte)131, |
|
89 |
(byte)133, (byte)133, (byte)134, (byte)134, |
|
90 |
(byte)137, (byte)137, (byte)138, (byte)138, |
|
91 |
(byte)140, (byte)140, (byte)143, (byte)143, |
|
92 |
(byte)145, (byte)145, (byte)146, (byte)146, |
|
93 |
(byte)148, (byte)148, (byte)151, (byte)151, |
|
94 |
(byte)152, (byte)152, (byte)155, (byte)155, |
|
95 |
(byte)157, (byte)157, (byte)158, (byte)158, |
|
96 |
(byte)161, (byte)161, (byte)162, (byte)162, |
|
97 |
(byte)164, (byte)164, (byte)167, (byte)167, |
|
98 |
(byte)168, (byte)168, (byte)171, (byte)171, |
|
99 |
(byte)173, (byte)173, (byte)174, (byte)174, |
|
100 |
(byte)176, (byte)176, (byte)179, (byte)179, |
|
101 |
(byte)181, (byte)181, (byte)182, (byte)182, |
|
102 |
(byte)185, (byte)185, (byte)186, (byte)186, |
|
103 |
(byte)188, (byte)188, (byte)191, (byte)191, |
|
104 |
(byte)193, (byte)193, (byte)194, (byte)194, |
|
105 |
(byte)196, (byte)196, (byte)199, (byte)199, |
|
106 |
(byte)200, (byte)200, (byte)203, (byte)203, |
|
107 |
(byte)205, (byte)205, (byte)206, (byte)206, |
|
108 |
(byte)208, (byte)208, (byte)211, (byte)211, |
|
109 |
(byte)213, (byte)213, (byte)214, (byte)214, |
|
110 |
(byte)217, (byte)217, (byte)218, (byte)218, |
|
111 |
(byte)220, (byte)220, (byte)223, (byte)223, |
|
112 |
(byte)224, (byte)224, (byte)227, (byte)227, |
|
113 |
(byte)229, (byte)229, (byte)230, (byte)230, |
|
114 |
(byte)233, (byte)233, (byte)234, (byte)234, |
|
115 |
(byte)236, (byte)236, (byte)239, (byte)239, |
|
116 |
(byte)241, (byte)241, (byte)242, (byte)242, |
|
117 |
(byte)244, (byte)244, (byte)247, (byte)247, |
|
118 |
(byte)248, (byte)248, (byte)251, (byte)251, |
|
119 |
(byte)253, (byte)253, (byte)254, (byte)254 |
|
120 |
}; |
|
121 |
||
122 |
public static final byte[] set_parity(byte[] key) { |
|
123 |
for (int i=0; i < 8; i++) { |
|
124 |
key[i] = good_parity[key[i] & 0xff]; |
|
125 |
} |
|
126 |
return key; |
|
127 |
} |
|
128 |
||
129 |
public static final long set_parity(long key) { |
|
130 |
return octet2long(set_parity(long2octet(key))); |
|
131 |
} |
|
132 |
||
133 |
public static final boolean bad_key(long key) { |
|
134 |
for (int i = 0; i < bad_keys.length; i++) { |
|
135 |
if (bad_keys[i] == key) { |
|
136 |
return true; |
|
137 |
} |
|
138 |
} |
|
139 |
return false; |
|
140 |
} |
|
141 |
||
142 |
public static final boolean bad_key(byte[] key) { |
|
143 |
return bad_key(octet2long(key)); |
|
144 |
} |
|
145 |
||
146 |
public static long octet2long(byte[] input) { |
|
147 |
return octet2long(input, 0); |
|
148 |
} |
|
149 |
||
150 |
public static long octet2long(byte[] input, int offset) { //convert a 8-byte to a long |
|
151 |
long result = 0; |
|
152 |
for (int i = 0; i < 8; i++) { |
|
153 |
if (i + offset < input.length) { |
|
154 |
result |= (((long)input[i + offset]) & 0xffL) << ((7 - i) * 8); |
|
155 |
} |
|
156 |
} |
|
157 |
return result; |
|
158 |
} |
|
159 |
||
160 |
public static byte[] long2octet(long input) { |
|
161 |
byte[] output = new byte[8]; |
|
162 |
for (int i = 0; i < 8; i++) { |
|
163 |
output[i] = (byte)((input >>> ((7 - i) * 8)) & 0xffL); |
|
164 |
} |
|
165 |
return output; |
|
166 |
} |
|
167 |
||
168 |
public static void long2octet(long input, byte[] output) { |
|
169 |
long2octet(input, output, 0); |
|
170 |
} |
|
171 |
||
172 |
public static void long2octet(long input, byte[] output, int offset) { |
|
173 |
for (int i = 0; i < 8; i++) { |
|
174 |
if (i + offset < output.length) { |
|
175 |
output[i + offset] = |
|
176 |
(byte)((input >>> ((7 - i) * 8)) & 0xffL); |
|
177 |
} |
|
178 |
} |
|
179 |
} |
|
180 |
||
181 |
/** |
|
182 |
* Creates a DES cipher in Electronic Codebook mode, with no padding. |
|
183 |
* @param input plain text. |
|
184 |
* @param output the buffer for the result. |
|
185 |
* @param key DES the key to encrypt the text. |
|
186 |
* @param ivec initialization vector. |
|
187 |
* |
|
188 |
* @created by Yanni Zhang, Dec 6 99. |
|
189 |
*/ |
|
190 |
public static void cbc_encrypt ( |
|
191 |
byte[] input, |
|
192 |
byte[] output, |
|
193 |
byte[] key, |
|
194 |
byte[] ivec, |
|
195 |
boolean encrypt) throws KrbCryptoException { |
|
196 |
||
197 |
Cipher cipher = null; |
|
198 |
||
199 |
try { |
|
200 |
cipher = Cipher.getInstance("DES/CBC/NoPadding"); |
|
201 |
} catch (GeneralSecurityException e) { |
|
202 |
KrbCryptoException ke = new KrbCryptoException("JCE provider may not be installed. " |
|
203 |
+ e.getMessage()); |
|
204 |
ke.initCause(e); |
|
205 |
throw ke; |
|
206 |
} |
|
207 |
IvParameterSpec params = new IvParameterSpec(ivec); |
|
208 |
SecretKeySpec skSpec = new SecretKeySpec(key, "DES"); |
|
209 |
try { |
|
210 |
SecretKeyFactory skf = SecretKeyFactory.getInstance("DES"); |
|
211 |
// SecretKey sk = skf.generateSecret(skSpec); |
|
212 |
SecretKey sk = (SecretKey) skSpec; |
|
213 |
if (encrypt) |
|
214 |
cipher.init(Cipher.ENCRYPT_MODE, sk, params); |
|
215 |
else |
|
216 |
cipher.init(Cipher.DECRYPT_MODE, sk, params); |
|
217 |
byte[] result; |
|
218 |
result = cipher.doFinal(input); |
|
219 |
System.arraycopy(result, 0, output, 0, result.length); |
|
220 |
} catch (GeneralSecurityException e) { |
|
221 |
KrbCryptoException ke = new KrbCryptoException(e.getMessage()); |
|
222 |
ke.initCause(e); |
|
223 |
throw ke; |
|
224 |
} |
|
225 |
} |
|
226 |
||
227 |
/** |
|
228 |
* Generates DES key from the password. |
|
229 |
* @param password a char[] used to create the key. |
|
230 |
* @return DES key. |
|
231 |
* |
|
232 |
* @modified by Yanni Zhang, Dec 6, 99 |
|
233 |
*/ |
|
234 |
public static long char_to_key(char[] passwdChars) throws KrbCryptoException { |
|
235 |
long key = 0; |
|
236 |
long octet, octet1, octet2 = 0; |
|
237 |
byte[] cbytes = null; |
|
238 |
||
239 |
// Convert password to byte array |
|
240 |
try { |
|
3949
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
241 |
if (CHARSET == null) { |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
242 |
cbytes = (new String(passwdChars)).getBytes(); |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
243 |
} else { |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
244 |
cbytes = (new String(passwdChars)).getBytes(CHARSET); |
00603a93b589
6862679: ESC: AD Authentication with user with umlauts fails
weijun
parents:
2
diff
changeset
|
245 |
} |
2 | 246 |
} catch (Exception e) { |
247 |
// clear-up sensitive information |
|
248 |
if (cbytes != null) { |
|
249 |
Arrays.fill(cbytes, 0, cbytes.length, (byte) 0); |
|
250 |
} |
|
251 |
KrbCryptoException ce = |
|
252 |
new KrbCryptoException("Unable to convert passwd, " + e); |
|
253 |
ce.initCause(e); |
|
254 |
throw ce; |
|
255 |
} |
|
256 |
||
257 |
// pad data |
|
258 |
byte[] passwdBytes = pad(cbytes); |
|
259 |
||
260 |
byte[] newkey = new byte[8]; |
|
261 |
int length = (passwdBytes.length / 8) + (passwdBytes.length % 8 == 0 ? 0 : 1); |
|
262 |
for (int i = 0; i < length; i++) { |
|
263 |
octet = octet2long(passwdBytes, i * 8) & 0x7f7f7f7f7f7f7f7fL; |
|
264 |
if (i % 2 == 1) { |
|
265 |
octet1 = 0; |
|
266 |
for (int j = 0; j < 64; j++) { |
|
267 |
octet1 |= ((octet & (1L << j)) >>> j) << (63 - j); |
|
268 |
} |
|
269 |
octet = octet1 >>> 1; |
|
270 |
} |
|
271 |
key ^= (octet << 1); |
|
272 |
} |
|
273 |
key = set_parity(key); |
|
274 |
if (bad_key(key)) { |
|
275 |
byte [] temp = long2octet(key); |
|
276 |
temp[7] ^= 0xf0; |
|
277 |
key = octet2long(temp); |
|
278 |
} |
|
279 |
||
280 |
newkey = des_cksum(long2octet(key), passwdBytes, long2octet(key)); |
|
281 |
key = octet2long(set_parity(newkey)); |
|
282 |
if (bad_key(key)) { |
|
283 |
byte [] temp = long2octet(key); |
|
284 |
temp[7] ^= 0xf0; |
|
285 |
key = octet2long(temp); |
|
286 |
} |
|
287 |
||
288 |
// clear-up sensitive information |
|
289 |
if (cbytes != null) { |
|
290 |
Arrays.fill(cbytes, 0, cbytes.length, (byte) 0); |
|
291 |
} |
|
292 |
if (passwdBytes != null) { |
|
293 |
Arrays.fill(passwdBytes, 0, passwdBytes.length, (byte) 0); |
|
294 |
} |
|
295 |
||
296 |
return key; |
|
297 |
} |
|
298 |
||
299 |
/** |
|
300 |
* Encrypts the message blocks using DES CBC and output the |
|
301 |
* final block of 8-byte ciphertext. |
|
302 |
* @param ivec Initialization vector. |
|
303 |
* @param msg Input message as an byte array. |
|
304 |
* @param key DES key to encrypt the message. |
|
305 |
* @return the last block of ciphertext. |
|
306 |
* |
|
307 |
* @created by Yanni Zhang, Dec 6, 99. |
|
308 |
*/ |
|
309 |
public static byte[] des_cksum(byte[] ivec, byte[] msg, byte[] key) throws KrbCryptoException { |
|
310 |
Cipher cipher = null; |
|
311 |
||
312 |
byte[] result = new byte[8]; |
|
313 |
try{ |
|
314 |
cipher = Cipher.getInstance("DES/CBC/NoPadding"); |
|
315 |
} catch (Exception e) { |
|
316 |
KrbCryptoException ke = new KrbCryptoException("JCE provider may not be installed. " |
|
317 |
+ e.getMessage()); |
|
318 |
ke.initCause(e); |
|
319 |
throw ke; |
|
320 |
} |
|
321 |
IvParameterSpec params = new IvParameterSpec(ivec); |
|
322 |
SecretKeySpec skSpec = new SecretKeySpec(key, "DES"); |
|
323 |
try { |
|
324 |
SecretKeyFactory skf = SecretKeyFactory.getInstance("DES"); |
|
325 |
// SecretKey sk = skf.generateSecret(skSpec); |
|
326 |
SecretKey sk = (SecretKey) skSpec; |
|
327 |
cipher.init(Cipher.ENCRYPT_MODE, sk, params); |
|
328 |
for (int i = 0; i < msg.length / 8; i++) { |
|
329 |
result = cipher.doFinal(msg, i * 8, 8); |
|
330 |
cipher.init(Cipher.ENCRYPT_MODE, sk, (new IvParameterSpec(result))); |
|
331 |
} |
|
332 |
} |
|
333 |
catch (GeneralSecurityException e) { |
|
334 |
KrbCryptoException ke = new KrbCryptoException(e.getMessage()); |
|
335 |
ke.initCause(e); |
|
336 |
throw ke; |
|
337 |
} |
|
338 |
return result; |
|
339 |
} |
|
340 |
||
341 |
/** |
|
342 |
* Pads the data so that its length is a multiple of 8 bytes. |
|
343 |
* @param data the raw data. |
|
344 |
* @return the data being padded. |
|
345 |
* |
|
346 |
* @created by Yanni Zhang, Dec 6 99. //Kerberos does not use PKCS5 padding. |
|
347 |
*/ |
|
348 |
static byte[] pad(byte[] data) { |
|
349 |
int len; |
|
350 |
if (data.length < 8) len = data.length; |
|
351 |
else len = data.length % 8; |
|
352 |
if (len == 0) return data; |
|
353 |
else { |
|
354 |
byte[] padding = new byte[ 8 - len + data.length]; |
|
355 |
for (int i = padding.length - 1; i > data.length - 1; i--) { |
|
356 |
padding[i] = 0; |
|
357 |
} |
|
358 |
System.arraycopy(data, 0, padding, 0, data.length); |
|
359 |
return padding; |
|
360 |
} |
|
361 |
} |
|
362 |
||
363 |
// Caller is responsible for clearing password |
|
364 |
public static byte[] string_to_key_bytes(char[] passwdChars) |
|
365 |
throws KrbCryptoException { |
|
366 |
return long2octet(char_to_key(passwdChars)); |
|
367 |
} |
|
368 |
} |