本文整理汇总了Java中sun.security.krb5.Confounder.bytes方法的典型用法代码示例。如果您正苦于以下问题:Java Confounder.bytes方法的具体用法?Java Confounder.bytes怎么用?Java Confounder.bytes使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类sun.security.krb5.Confounder的用法示例。
在下文中一共展示了Confounder.bytes方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: randInit
import sun.security.krb5.Confounder; //导入方法依赖的package包/类
public synchronized void randInit() {
/*
* Sequence numbers fall in the range 0 through 2^32 - 1 and wrap
* to zero following the value 2^32 - 1.
* Previous implementations used signed sequence numbers.
* Workaround implementation incompatibilities by not generating
* initial sequence numbers greater than 2^30, as done
* in MIT distribution.
*/
// get the random confounder
byte[] data = Confounder.bytes(4);
data[0] = (byte)(data[0] & 0x3f);
int result = ((data[3] & 0xff) |
((data[2] & 0xff) << 8) |
((data[1] & 0xff) << 16) |
((data[0] & 0xff) << 24));
if (result == 0) {
result = 1;
}
lastSeqNumber = result;
}
示例2: WrapToken
import sun.security.krb5.Confounder; //导入方法依赖的package包/类
public WrapToken(Krb5Context context, MessageProp prop,
byte[] dataBytes, int dataOffset, int dataLen)
throws GSSException {
super(Krb5Token.WRAP_ID, context);
confounder = Confounder.bytes(CONFOUNDER_SIZE);
padding = getPadding(dataLen);
dataSize = confounder.length + dataLen + padding.length;
this.dataBytes = dataBytes;
this.dataOffset = dataOffset;
this.dataLen = dataLen;
/*
debug("\nWrapToken cons: data to wrap is [" +
getHexBytes(confounder) + " " +
getHexBytes(dataBytes, dataOffset, dataLen) + " " +
// padding is never null for Wrap
getHexBytes(padding) + "]\n");
*/
genSignAndSeqNumber(prop,
confounder,
dataBytes, dataOffset, dataLen,
padding);
/*
* If the application decides to ask for privacy when the context
* did not negotiate for it, do not provide it. The peer might not
* have support for it. The app will realize this with a call to
* pop.getPrivacy() after wrap().
*/
if (!context.getConfState())
prop.setPrivacy(false);
privacy = prop.getPrivacy();
}
示例3: calculateKeyedChecksum
import sun.security.krb5.Confounder; //导入方法依赖的package包/类
/**
* Calculates keyed checksum.
* @param data the data used to generate the checksum.
* @param size length of the data.
* @param key the key used to encrypt the checksum.
* @return keyed checksum.
*
* @modified by Yanni Zhang, 12/08/99.
*/
public byte[] calculateKeyedChecksum(byte[] data, int size, byte[] key,
int usage) throws KrbCryptoException {
//prepend confounder
byte[] new_data = new byte[size + confounderSize()];
byte[] conf = Confounder.bytes(confounderSize());
System.arraycopy(conf, 0, new_data, 0, confounderSize());
System.arraycopy(data, 0, new_data, confounderSize(), size);
//calculate md5 cksum
byte[] mdc_cksum = calculateChecksum(new_data, new_data.length);
byte[] cksum = new byte[cksumSize()];
System.arraycopy(conf, 0, cksum, 0, confounderSize());
System.arraycopy(mdc_cksum, 0, cksum, confounderSize(),
cksumSize() - confounderSize());
//compute modified key
byte[] new_key = new byte[keySize()];
System.arraycopy(key, 0, new_key, 0, key.length);
for (int i = 0; i < new_key.length; i++)
new_key[i] = (byte)(new_key[i] ^ 0xf0);
//check for weak keys
try {
if (DESKeySpec.isWeak(new_key, 0)) {
new_key[7] = (byte)(new_key[7] ^ 0xF0);
}
} catch (InvalidKeyException ex) {
// swallow, since it should never happen
}
byte[] ivec = new byte[new_key.length];
//des-cbc encrypt
byte[] enc_cksum = new byte[cksum.length];
Des.cbc_encrypt(cksum, enc_cksum, new_key, ivec, true);
return enc_cksum;
}
示例4: WrapToken_v2
import sun.security.krb5.Confounder; //导入方法依赖的package包/类
/**
* Writes a WrapToken_v2 object
*/
public WrapToken_v2(Krb5Context context, MessageProp prop,
byte[] dataBytes, int dataOffset, int dataLen)
throws GSSException {
super(Krb5Token.WRAP_ID_v2, context);
confounder = Confounder.bytes(CONFOUNDER_SIZE);
// debug("\nWrapToken cons: data to wrap is [" +
// getHexBytes(confounder) + " " +
// getHexBytes(dataBytes, dataOffset, dataLen) + "]\n");
genSignAndSeqNumber(prop, dataBytes, dataOffset, dataLen);
/*
* If the application decides to ask for privacy when the context
* did not negotiate for it, do not provide it. The peer might not
* have support for it. The app will realize this with a call to
* pop.getPrivacy() after wrap().
*/
if (!context.getConfState())
prop.setPrivacy(false);
privacy = prop.getPrivacy();
if (!privacy) {
// Wrap Tokens (without confidentiality) =
// { 16 byte token_header | plaintext | 12-byte HMAC }
// where HMAC is on { plaintext | token_header }
tokenData = new byte[dataLen + checksum.length];
System.arraycopy(dataBytes, dataOffset, tokenData, 0, dataLen);
System.arraycopy(checksum, 0, tokenData, dataLen, checksum.length);
} else {
// Wrap Tokens (with confidentiality) =
// { 16 byte token_header |
// Encrypt(16-byte confounder | plaintext | token_header) |
// 12-byte HMAC }
tokenData = cipherHelper.encryptData(this, confounder, getTokenHeader(),
dataBytes, dataOffset, dataLen, getKeyUsage());
}
}
示例5: encrypt
import sun.security.krb5.Confounder; //导入方法依赖的package包/类
/**
* Encrypts the data using DES in CBC mode.
* @param data the buffer for plain text.
* @param key the key to encrypt the data.
* @param ivec initialization vector.
* @return buffer for encrypted data.
*
* @modified by Yanni Zhang, Feb 24 00.
*/
public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
int usage) throws KrbCryptoException {
/*
* To meet export control requirements, double check that the
* key being used is no longer than 64 bits.
*
* Note that from a protocol point of view, an
* algorithm that is not DES will be rejected before this
* point. Also, a DES key that is not 64 bits will be
* rejected by a good implementations of JCE.
*/
if (key.length > 8)
throw new KrbCryptoException("Invalid DES Key!");
int new_size = data.length + confounderSize() + checksumSize();
byte[] new_data;
byte pad;
/*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996.
*Before encryption, plain text data is padded to the next highest multiple of blocksize.
*by appending between 1 and 8 bytes, the value of each such byte being the total number
*of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes,
*and the value of each byte is 2.
*If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8.
*/
if (new_size % blockSize() == 0) {
new_data = new byte[new_size + blockSize()];
pad = (byte)8;
}
else {
new_data = new byte[new_size + blockSize() - new_size % blockSize()];
pad = (byte)(blockSize() - new_size % blockSize());
}
for (int i = new_size; i < new_data.length; i++) {
new_data[i] = pad;
}
byte[] conf = Confounder.bytes(confounderSize());
System.arraycopy(conf, 0, new_data, 0, confounderSize());
System.arraycopy(data, 0, new_data, startOfData(), data.length);
byte[] cksum = calculateChecksum(new_data, new_data.length);
System.arraycopy(cksum, 0, new_data, startOfChecksum(),
checksumSize());
byte[] cipher = new byte[new_data.length];
Des.cbc_encrypt(new_data, cipher, key, ivec, true);
return cipher;
}
示例6: encryptCTS
import sun.security.krb5.Confounder; //导入方法依赖的package包/类
/**
* Encrypt AES in CBC-CTS mode using derived keys.
*/
private byte[] encryptCTS(byte[] baseKey, int usage, byte[] ivec,
byte[] new_ivec, byte[] plaintext, int start, int len,
boolean confounder_exists)
throws GeneralSecurityException, KrbCryptoException {
byte[] Ke = null;
byte[] Ki = null;
if (debug) {
System.err.println("usage: " + usage);
if (ivec != null) {
traceOutput("old_state.ivec", ivec, 0, ivec.length);
}
traceOutput("plaintext", plaintext, start, Math.min(len, 32));
traceOutput("baseKey", baseKey, 0, baseKey.length);
}
try {
// derive Encryption key
byte[] constant = new byte[5];
constant[0] = (byte) ((usage>>24)&0xff);
constant[1] = (byte) ((usage>>16)&0xff);
constant[2] = (byte) ((usage>>8)&0xff);
constant[3] = (byte) (usage&0xff);
constant[4] = (byte) 0xaa;
Ke = dk(baseKey, constant); // Encryption key
byte[] toBeEncrypted = null;
if (confounder_exists) {
byte[] confounder = Confounder.bytes(BLOCK_SIZE);
toBeEncrypted = new byte[confounder.length + len];
System.arraycopy(confounder, 0, toBeEncrypted,
0, confounder.length);
System.arraycopy(plaintext, start, toBeEncrypted,
confounder.length, len);
} else {
toBeEncrypted = new byte[len];
System.arraycopy(plaintext, start, toBeEncrypted, 0, len);
}
// encryptedData + HMAC
byte[] output = new byte[toBeEncrypted.length + hashSize];
// AES in JCE
Cipher cipher = Cipher.getInstance("AES/CTS/NoPadding");
SecretKeySpec secretKey = new SecretKeySpec(Ke, "AES");
IvParameterSpec encIv = new IvParameterSpec(ivec, 0, ivec.length);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, encIv);
cipher.doFinal(toBeEncrypted, 0, toBeEncrypted.length, output);
// Derive integrity key
constant[4] = (byte) 0x55;
Ki = dk(baseKey, constant);
if (debug) {
traceOutput("constant", constant, 0, constant.length);
traceOutput("Ki", Ki, 0, Ke.length);
}
// Generate checksum
// H1 = HMAC(Ki, conf | plaintext | pad)
byte[] hmac = getHmac(Ki, toBeEncrypted);
// encryptedData + HMAC
System.arraycopy(hmac, 0, output, toBeEncrypted.length,
hmac.length);
return output;
} finally {
if (Ke != null) {
Arrays.fill(Ke, 0, Ke.length, (byte) 0);
}
if (Ki != null) {
Arrays.fill(Ki, 0, Ki.length, (byte) 0);
}
}
}
示例7: encrypt
import sun.security.krb5.Confounder; //导入方法依赖的package包/类
/**
* Performs encryption using derived key; adds confounder.
*/
public byte[] encrypt(byte[] baseKey, int usage,
byte[] ivec, byte[] new_ivec, byte[] plaintext, int start, int len)
throws GeneralSecurityException, KrbCryptoException {
if (!KeyUsage.isValid(usage)) {
throw new GeneralSecurityException("Invalid key usage number: "
+ usage);
}
if (debug) {
System.out.println("ArcFour: ENCRYPT with key usage = " + usage);
}
// get the confounder
byte[] confounder = Confounder.bytes(confounderSize);
// add confounder to the plaintext for encryption
int plainSize = roundup(confounder.length + len, 1);
byte[] toBeEncrypted = new byte[plainSize];
System.arraycopy(confounder, 0, toBeEncrypted, 0, confounder.length);
System.arraycopy(plaintext, start, toBeEncrypted,
confounder.length, len);
/* begin the encryption, compute K1 */
byte[] k1 = new byte[baseKey.length];
System.arraycopy(baseKey, 0, k1, 0, baseKey.length);
// get the salt using key usage
byte[] salt = getSalt(usage);
// compute K2 using K1
byte[] k2 = getHmac(k1, salt);
// generate checksum using K2
byte[] checksum = getHmac(k2, toBeEncrypted);
// compute K3 using K2 and checksum
byte[] k3 = getHmac(k2, checksum);
Cipher cipher = Cipher.getInstance("ARCFOUR");
SecretKeySpec secretKey = new SecretKeySpec(k3, "ARCFOUR");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] output = cipher.doFinal(toBeEncrypted, 0, toBeEncrypted.length);
// encryptedData + HMAC
byte[] result = new byte[hashSize + output.length];
System.arraycopy(checksum, 0, result, 0, hashSize);
System.arraycopy(output, 0, result, hashSize, output.length);
return result;
}
示例8: encrypt
import sun.security.krb5.Confounder; //导入方法依赖的package包/类
/**
* Encrypts the data using DES in CBC mode.
* @param data the buffer for plain text.
* @param key the key to encrypt the data.
* @param ivec initialization vector.
* @return buffer for encrypted data.
*
* @modified by Yanni Zhang, Feb 24 00.
*/
public byte[] encrypt(byte[] data, byte[] key, byte[] ivec,
int usage) throws KrbCryptoException {
/*
* To meet export control requirements, double check that the
* key being used is no longer than 64 bits.
*
* Note that from a protocol point of view, an
* algorithm that is not DES will be rejected before this
* point. Also, a DES key that is not 64 bits will be
* rejected by a good implementations of JCE.
*/
if (key.length > 8)
throw new KrbCryptoException("Invalid DES Key!");
int new_size = data.length + confounderSize() + checksumSize();
byte[] new_data;
byte pad;
/*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996.
*Before encryption, plaintext data is padded to the next higest multiple of blocksize.
*by appending between 1 and 8 bytes, the value of each such byte being the total number
*of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes,
*and the value of each byte is 2.
*If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8.
*/
if (new_size % blockSize() == 0) {
new_data = new byte[new_size + blockSize()];
pad = (byte)8;
}
else {
new_data = new byte[new_size + blockSize() - new_size % blockSize()];
pad = (byte)(blockSize() - new_size % blockSize());
}
for (int i = new_size; i < new_data.length; i++) {
new_data[i] = pad;
}
byte[] conf = Confounder.bytes(confounderSize());
System.arraycopy(conf, 0, new_data, 0, confounderSize());
System.arraycopy(data, 0, new_data, startOfData(), data.length);
byte[] cksum = calculateChecksum(new_data, new_data.length);
System.arraycopy(cksum, 0, new_data, startOfChecksum(),
checksumSize());
byte[] cipher = new byte[new_data.length];
Des.cbc_encrypt(new_data, cipher, key, ivec, true);
return cipher;
}