org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of kerb-crypto Show documentation
Show all versions of kerb-crypto Show documentation
Kerby-kerb Crypto facility
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.kerby.kerberos.kerb.crypto;
import org.apache.kerby.kerberos.kerb.KrbErrorCode;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.crypto.enc.Aes128CtsHmacSha1Enc;
import org.apache.kerby.kerberos.kerb.crypto.enc.Aes256CtsHmacSha1Enc;
import org.apache.kerby.kerberos.kerb.crypto.enc.Camellia128CtsCmacEnc;
import org.apache.kerby.kerberos.kerb.crypto.enc.Camellia256CtsCmacEnc;
import org.apache.kerby.kerberos.kerb.crypto.enc.Des3CbcSha1Enc;
import org.apache.kerby.kerberos.kerb.crypto.enc.DesCbcCrcEnc;
import org.apache.kerby.kerberos.kerb.crypto.enc.DesCbcMd4Enc;
import org.apache.kerby.kerberos.kerb.crypto.enc.DesCbcMd5Enc;
import org.apache.kerby.kerberos.kerb.crypto.enc.Rc4HmacEnc;
import org.apache.kerby.kerberos.kerb.crypto.enc.Rc4HmacExpEnc;
import org.apache.kerby.kerberos.kerb.crypto.util.Random;
import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
/**
* Encryption handler as the highest level API for encryption stuffs defined in
* Kerberos RFC3961. It supports all the encryption types. New encryption type
* should be added updating this.
*/
public class EncryptionHandler {
/**
* Get the encryption type.
* @param eType The encryption type string.
* @return The EncryptionType
* @throws KrbException e
*/
public static EncryptionType getEncryptionType(String eType) throws KrbException {
return EncryptionType.fromName(eType);
}
/**
* Get the encryption handler.
*
* @param eType The encryption type string
* @return The EncTypeHandler
* @throws KrbException e
*/
public static EncTypeHandler getEncHandler(String eType) throws KrbException {
EncryptionType result = EncryptionType.fromName(eType);
return getEncHandler(result);
}
/**
* Get the encryption handler.
*
* @param eType The encryption type int
* @return The EncTypeHandler
* @throws KrbException e
*/
public static EncTypeHandler getEncHandler(int eType) throws KrbException {
EncryptionType eTypeEnum = EncryptionType.fromValue(eType);
return getEncHandler(eTypeEnum);
}
/**
* Get the encryption handler.
*
* @param eType The encryption type
* @return The EncTypeHandler
* @throws KrbException e
*/
public static EncTypeHandler getEncHandler(EncryptionType eType) throws KrbException {
return getEncHandler(eType, false);
}
/**
* Get the encryption handler.
*
* @param eType The encryption type
* @param check true if check
* @return The EncTypeHandler
* @throws KrbException e
*/
private static EncTypeHandler getEncHandler(EncryptionType eType,
boolean check) throws KrbException {
EncTypeHandler encHandler = null;
/**
* Ref. etypes.c in MIT krb5 project.
*/
switch (eType) {
case DES_CBC_CRC:
encHandler = new DesCbcCrcEnc();
break;
case DES_CBC_MD5:
case DES:
encHandler = new DesCbcMd5Enc();
break;
case DES_CBC_MD4:
encHandler = new DesCbcMd4Enc();
break;
case DES3_CBC_SHA1:
case DES3_CBC_SHA1_KD:
case DES3_HMAC_SHA1:
encHandler = new Des3CbcSha1Enc();
break;
case AES128_CTS_HMAC_SHA1_96:
case AES128_CTS:
encHandler = new Aes128CtsHmacSha1Enc();
break;
case AES256_CTS_HMAC_SHA1_96:
case AES256_CTS:
encHandler = new Aes256CtsHmacSha1Enc();
break;
case CAMELLIA128_CTS_CMAC:
case CAMELLIA128_CTS:
encHandler = new Camellia128CtsCmacEnc();
break;
case CAMELLIA256_CTS_CMAC:
case CAMELLIA256_CTS:
encHandler = new Camellia256CtsCmacEnc();
break;
case RC4_HMAC:
case ARCFOUR_HMAC:
case ARCFOUR_HMAC_MD5:
encHandler = new Rc4HmacEnc();
break;
case RC4_HMAC_EXP:
case ARCFOUR_HMAC_EXP:
case ARCFOUR_HMAC_MD5_EXP:
encHandler = new Rc4HmacExpEnc();
break;
case NONE:
default:
break;
}
if (encHandler == null && !check) {
String message = "Unsupported encryption type: " + eType.name();
throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP, message);
}
return encHandler;
}
/**
* Encrypt with the encryption key and key usage.
*
* @param plainText The plain test
* @param key The encryption key
* @param usage The key usage
* @return The encrypted data
* @throws KrbException e
*/
public static EncryptedData encrypt(byte[] plainText, EncryptionKey key,
KeyUsage usage) throws KrbException {
EncTypeHandler handler = getEncHandler(key.getKeyType());
byte[] cipher = handler.encrypt(plainText, key.getKeyData(), usage.getValue());
EncryptedData ed = new EncryptedData();
ed.setCipher(cipher);
ed.setEType(key.getKeyType());
if (key.getKvno() > 0) {
ed.setKvno(key.getKvno());
}
return ed;
}
/**
* Decrypt with the encryption key and key usage.
*
* @param data The encrypted data
* @param key The encryption key
* @param usage The key usage
* @return The decrypted data
* @throws KrbException e
*/
public static byte[] decrypt(byte[] data, EncryptionKey key,
KeyUsage usage) throws KrbException {
EncTypeHandler handler = getEncHandler(key.getKeyType());
return handler.decrypt(data, key.getKeyData(), usage.getValue());
}
/**
* Decrypt with the encryption key and key usage.
*
* @param data The encrypted data
* @param key The encryption key
* @param usage The key usage
* @return The decrypted data
* @throws KrbException e
*/
public static byte[] decrypt(EncryptedData data, EncryptionKey key,
KeyUsage usage) throws KrbException {
EncTypeHandler handler = getEncHandler(key.getKeyType());
return handler.decrypt(data.getCipher(),
key.getKeyData(), usage.getValue());
}
/**
* Return true if the the encryption handler is implemented.
*
* @param eType The encryption type
* @return true if the encryption handler is implemented
*/
public static boolean isImplemented(EncryptionType eType) {
EncTypeHandler handler = null;
try {
handler = getEncHandler(eType, true);
} catch (KrbException e) {
return false;
}
return handler != null;
}
/**
* String to key.
*
* @param principalName The principal name
* @param passPhrase The pass phrase
* @param eType The encryption type
* @return The encryption key
* @throws KrbException e
*/
public static EncryptionKey string2Key(String principalName,
String passPhrase, EncryptionType eType) throws KrbException {
PrincipalName principal = new PrincipalName(principalName);
return string2Key(passPhrase,
PrincipalName.makeSalt(principal), null, eType);
}
/**
* String to key.
*
* @param string The string
* @param salt The salt
* @param s2kparams The params
* @param eType The encryption type
* @return The encryption key
* @throws KrbException e
*/
public static EncryptionKey string2Key(String string, String salt,
byte[] s2kparams, EncryptionType eType) throws KrbException {
EncTypeHandler handler = getEncHandler(eType);
byte[] keyBytes = handler.str2key(string, salt, s2kparams);
return new EncryptionKey(eType, keyBytes);
}
/**
* Random to key.
*
* @param eType The encryption type
* @return The encryption key
* @throws KrbException e
*/
public static EncryptionKey random2Key(EncryptionType eType) throws KrbException {
EncTypeHandler handler = getEncHandler(eType);
byte[] randomBytes = Random.makeBytes(handler.keyInputSize());
byte[] keyBytes = handler.random2Key(randomBytes);
return new EncryptionKey(eType, keyBytes);
}
/**
* Random to key.
*
* @param eType The encryption type
* @param randomBytes The random bytes
* @return The encryption key
* @throws KrbException e
*/
public static EncryptionKey random2Key(EncryptionType eType, byte[] randomBytes) throws KrbException {
EncTypeHandler handler = getEncHandler(eType);
byte[] randomBytes1 = randomBytes;
byte[] keyBytes = handler.random2Key(randomBytes1);
return new EncryptionKey(eType, keyBytes);
}
/**
* Generate a secure and random key seeded with an existing encryption key.
* @param encKey The encryption key
* @return encryption key
*/
public static EncryptionKey makeSubkey(EncryptionKey encKey) {
//TODO: to implement.
return encKey;
}
}