org.apache.directory.server.kerberos.shared.crypto.encryption
Class DesStringToKey

java.lang.Object
  extended by org.apache.directory.server.kerberos.shared.crypto.encryption.DesStringToKey

public class DesStringToKey
extends java.lang.Object

An implementation of the DES string-to-key function as originally described in RFC 1510, "The Kerberos Network Authentication Service (V5)," and clarified in RFC 3961, "Encryption and Checksum Specifications for Kerberos 5."

Version:
$Rev: 502338 $, $Date: 2007-02-01 11:59:43 -0800 (Thu, 01 Feb 2007) $
Author:
Apache Directory Project

Constructor Summary
DesStringToKey()
           
 
Method Summary
protected  byte[] calculateChecksum(byte[] data, byte[] keyBytes)
          Calculates the checksum as described in "String or Random-Data to Key Transformation." An intermediate key is used to generate a DES CBC "checksum" on the initial passphrase+salt.
protected  byte[] characterEncodeString(java.lang.String string)
          Encodes string with UTF-8 encoding.
protected  byte[] fanFold(byte[] paddedByteArray)
          "The top bit of each octet (always zero if the password is plain ASCII, as was assumed when the original specification was written) is discarded, and the remaining seven bits of each octet form a bitstring.
protected  byte[] generateKey(java.lang.String passPhrase)
          Returns a DES symmetric key for the given input String.
protected  int getBit(byte[] data, int pos)
          Gets a bit at a given position.
 byte[] getKey(java.lang.String passPhrase)
          Returns a DES symmetric key for the given passphrase.
 byte[] getKey(java.lang.String password, java.lang.String realmName, java.lang.String userName)
          Returns a DES symmetric key for the given input String components, which will be concatenated in the order described in RFC's 1510 and 3961, namely password+realm+username.
protected  byte[] getStrongKey(byte[] secretKey)
          If the secret key is weak, correct by exclusive OR'ing with the constant 0xF0.
protected  byte[] padString(byte[] encodedString)
          Add padding to make an exact multiple of 8 bytes.
protected  void setBit(byte[] data, int pos, int val)
          Sets a bit at a given position.
protected  byte[] setParity(byte[] in)
          Set odd parity on an eight-byte array.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DesStringToKey

public DesStringToKey()
Method Detail

getKey

public byte[] getKey(java.lang.String passPhrase)
Returns a DES symmetric key for the given passphrase.

Parameters:
passPhrase - The passphrase to derive a symmetric DES key from.
Returns:
The derived symmetric DES key.

getKey

public byte[] getKey(java.lang.String password,
                     java.lang.String realmName,
                     java.lang.String userName)
Returns a DES symmetric key for the given input String components, which will be concatenated in the order described in RFC's 1510 and 3961, namely password+realm+username.

Parameters:
password - The password.
realmName - The name of the realm.
userName - The username.
Returns:
The derived symmetric DES key.

generateKey

protected byte[] generateKey(java.lang.String passPhrase)
Returns a DES symmetric key for the given input String.

Parameters:
passPhrase - The passphrase.
Returns:
The DES key.
Throws:
java.lang.Exception

setParity

protected byte[] setParity(byte[] in)
Set odd parity on an eight-byte array.

Parameters:
in - The byte array to set parity on.
Returns:
The parity-adjusted byte array.

getBit

protected int getBit(byte[] data,
                     int pos)
Gets a bit at a given position.

Parameters:
data -
pos -
Returns:
The value of the bit.

setBit

protected void setBit(byte[] data,
                      int pos,
                      int val)
Sets a bit at a given position.

Parameters:
data -
pos -
val -

fanFold

protected byte[] fanFold(byte[] paddedByteArray)
"The top bit of each octet (always zero if the password is plain ASCII, as was assumed when the original specification was written) is discarded, and the remaining seven bits of each octet form a bitstring. This is then fan-folded and eXclusive-ORed with itself to produce a 56-bit string. An eight-octet key is formed from this string, each octet using seven bits from the bitstring, leaving the least significant bit unassigned."

Parameters:
paddedByteArray - The padded byte array.
Returns:
The fan-folded intermediate DES key.

calculateChecksum

protected byte[] calculateChecksum(byte[] data,
                                   byte[] keyBytes)
Calculates the checksum as described in "String or Random-Data to Key Transformation." An intermediate key is used to generate a DES CBC "checksum" on the initial passphrase+salt. The encryption key is also used as the IV. The final eight-byte block is returned as the "checksum."

Parameters:
data - The data to encrypt.
keyBytes - The bytes of the intermediate key.
Returns:
The final eight-byte block as the checksum.

getStrongKey

protected byte[] getStrongKey(byte[] secretKey)
If the secret key is weak, correct by exclusive OR'ing with the constant 0xF0.

Parameters:
secretKey - The key to correct, if necessary.
Returns:
The corrected key.

characterEncodeString

protected byte[] characterEncodeString(java.lang.String string)
Encodes string with UTF-8 encoding.

Parameters:
string - The String to encode.
Returns:
The encoded String.

padString

protected byte[] padString(byte[] encodedString)
Add padding to make an exact multiple of 8 bytes.

Parameters:
encodedString -
Returns:
The padded byte array.


Copyright © 2003-2009 Apache Software Foundation. All Rights Reserved.