Example #1
0
  /**
   * Decrypts the data using DES in CBC mode.
   *
   * @param cipher the input buffer.
   * @param key the key to decrypt the data.
   * @param ivec initialization vector.
   * @modified by Yanni Zhang, Dec 6 99.
   */
  public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage)
      throws KrbApErrException, KrbCryptoException {

    /*
     * To meet export control requirements, double check that the
     * key being used is no longer than 64 bits.
     *
     * Note that from a protocol point of view, an
     * algorithm that is not DES will be rejected before this
     * point. Also, a DES key that is not 64 bits will be
     * rejected by a good JCE provider.
     */
    if (key.length > 8) throw new KrbCryptoException("Invalid DES Key!");

    byte[] data = new byte[cipher.length];
    Des.cbc_encrypt(cipher, data, key, ivec, false);
    if (!isChecksumValid(data)) throw new KrbApErrException(Krb5.KRB_AP_ERR_BAD_INTEGRITY);
    return data;
  }
Example #2
0
  /**
   * Encrypts the data using DES in CBC mode.
   *
   * @param data the buffer for plain text.
   * @param key the key to encrypt the data.
   * @param ivec initialization vector.
   * @return buffer for encrypted data.
   * @modified by Yanni Zhang, Feb 24 00.
   */
  public byte[] encrypt(byte[] data, byte[] key, byte[] ivec, int usage) throws KrbCryptoException {

    /*
     * To meet export control requirements, double check that the
     * key being used is no longer than 64 bits.
     *
     * Note that from a protocol point of view, an
     * algorithm that is not DES will be rejected before this
     * point. Also, a  DES key that is not 64 bits will be
     * rejected by a good implementations of JCE.
     */
    if (key.length > 8) throw new KrbCryptoException("Invalid DES Key!");

    int new_size = data.length + confounderSize() + checksumSize();
    byte[] new_data;
    byte pad;
    /*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996.
     *Before encryption, plaintext data is padded to the next higest multiple of blocksize.
     *by appending between 1 and 8 bytes, the value of each such byte being the total number
     *of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes,
     *and the value of each byte is 2.
     *If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8.
     */
    if (new_size % blockSize() == 0) {
      new_data = new byte[new_size + blockSize()];
      pad = (byte) 8;
    } else {
      new_data = new byte[new_size + blockSize() - new_size % blockSize()];
      pad = (byte) (blockSize() - new_size % blockSize());
    }
    for (int i = new_size; i < new_data.length; i++) {
      new_data[i] = pad;
    }
    byte[] conf = Confounder.bytes(confounderSize());
    System.arraycopy(conf, 0, new_data, 0, confounderSize());
    System.arraycopy(data, 0, new_data, startOfData(), data.length);
    byte[] cksum = calculateChecksum(new_data, new_data.length);
    System.arraycopy(cksum, 0, new_data, startOfChecksum(), checksumSize());
    byte[] cipher = new byte[new_data.length];
    Des.cbc_encrypt(new_data, cipher, key, ivec, true);
    return cipher;
  }