|
Java example source code file (Des3DkCrypto.java)
The Des3DkCrypto.java Java example source code/* * Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.krb5.internal.crypto.dk; import javax.crypto.Cipher; import javax.crypto.Mac; import javax.crypto.SecretKeyFactory; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.DESKeySpec; import javax.crypto.spec.DESedeKeySpec; import javax.crypto.spec.IvParameterSpec; import java.security.spec.KeySpec; import java.security.GeneralSecurityException; import java.security.InvalidKeyException; import java.util.Arrays; public class Des3DkCrypto extends DkCrypto { private static final byte[] ZERO_IV = new byte[] {0, 0, 0, 0, 0, 0, 0, 0}; public Des3DkCrypto() { } protected int getKeySeedLength() { return 168; // bits; 3DES key material has 21 bytes } public byte[] stringToKey(char[] salt) throws GeneralSecurityException { byte[] saltUtf8 = null; try { saltUtf8 = charToUtf8(salt); return stringToKey(saltUtf8, null); } finally { if (saltUtf8 != null) { Arrays.fill(saltUtf8, (byte)0); } // Caller responsible for clearing its own salt } } private byte[] stringToKey(byte[] secretAndSalt, byte[] opaque) throws GeneralSecurityException { if (opaque != null && opaque.length > 0) { throw new RuntimeException("Invalid parameter to stringToKey"); } byte[] tmpKey = randomToKey(nfold(secretAndSalt, getKeySeedLength())); return dk(tmpKey, KERBEROS_CONSTANT); } public byte[] parityFix(byte[] value) throws GeneralSecurityException { // fix key parity setParityBit(value); return value; } /* * From RFC 3961. * * The 168 bits of random key data are converted to a protocol key value * as follows. First, the 168 bits are divided into three groups of 56 * bits, which are expanded individually into 64 bits as in des3Expand(). * Result is a 24 byte (192-bit) key. */ protected byte[] randomToKey(byte[] in) { if (in.length != 21) { throw new IllegalArgumentException("input must be 168 bits"); } byte[] one = keyCorrection(des3Expand(in, 0, 7)); byte[] two = keyCorrection(des3Expand(in, 7, 14)); byte[] three = keyCorrection(des3Expand(in, 14, 21)); byte[] key = new byte[24]; System.arraycopy(one, 0, key, 0, 8); System.arraycopy(two, 0, key, 8, 8); System.arraycopy(three, 0, key, 16, 8); return key; } private static byte[] keyCorrection(byte[] key) { // check for weak key try { if (DESKeySpec.isWeak(key, 0)) { key[7] = (byte)(key[7] ^ 0xF0); } } catch (InvalidKeyException ex) { // swallow, since it should never happen } return key; } /** * From RFC 3961. * * Expands a 7-byte array into an 8-byte array that contains parity bits. * The 56 bits are expanded into 64 bits as follows: * 1 2 3 4 5 6 7 p * 9 10 11 12 13 14 15 p * 17 18 19 20 21 22 23 p * 25 26 27 28 29 30 31 p * 33 34 35 36 37 38 39 p * 41 42 43 44 45 46 47 p * 49 50 51 52 53 54 55 p * 56 48 40 32 24 16 8 p * * (PI,P2,...,P8) are reserved for parity bits computed on the preceding * seven independent bits and set so that the parity of the octet is odd, * i.e., there is an odd number of "1" bits in the octet. * * @param start index of starting byte (inclusive) * @param end index of ending byte (exclusive) */ private static byte[] des3Expand(byte[] input, int start, int end) { if ((end - start) != 7) throw new IllegalArgumentException( "Invalid length of DES Key Value:" + start + "," + end); byte[] result = new byte[8]; byte last = 0; System.arraycopy(input, start, result, 0, 7); byte posn = 0; // Fill in last row for (int i = start; i < end; i++) { byte bit = (byte) (input[i]&0x01); if (debug) { System.out.println(i + ": " + Integer.toHexString(input[i]) + " bit= " + Integer.toHexString(bit)); } ++posn; if (bit != 0) { last |= (bit< |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.