/**
* Decrypts the data using DES in CBC mode.
*
* @param cipher the input buffer.
* @param key the key to decrypt the data.
* @param ivec initialization vector.
* @modified by Yanni Zhang, Dec 6 99.
*/
public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage)
throws KrbApErrException, KrbCryptoException {
/*
* To meet export control requirements, double check that the
* key being used is no longer than 64 bits.
*
* Note that from a protocol point of view, an
* algorithm that is not DES will be rejected before this
* point. Also, a DES key that is not 64 bits will be
* rejected by a good JCE provider.
*/
if (key.length > 8) throw new KrbCryptoException("Invalid DES Key!");
byte[] data = new byte[cipher.length];
Des.cbc_encrypt(cipher, data, key, ivec, false);
if (!isChecksumValid(data)) throw new KrbApErrException(Krb5.KRB_AP_ERR_BAD_INTEGRITY);
return data;
}
/**
* Encrypts the data using DES in CBC mode.
*
* @param data the buffer for plain text.
* @param key the key to encrypt the data.
* @param ivec initialization vector.
* @return buffer for encrypted data.
* @modified by Yanni Zhang, Feb 24 00.
*/
public byte[] encrypt(byte[] data, byte[] key, byte[] ivec, int usage) throws KrbCryptoException {
/*
* To meet export control requirements, double check that the
* key being used is no longer than 64 bits.
*
* Note that from a protocol point of view, an
* algorithm that is not DES will be rejected before this
* point. Also, a DES key that is not 64 bits will be
* rejected by a good implementations of JCE.
*/
if (key.length > 8) throw new KrbCryptoException("Invalid DES Key!");
int new_size = data.length + confounderSize() + checksumSize();
byte[] new_data;
byte pad;
/*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996.
*Before encryption, plaintext data is padded to the next higest multiple of blocksize.
*by appending between 1 and 8 bytes, the value of each such byte being the total number
*of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes,
*and the value of each byte is 2.
*If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8.
*/
if (new_size % blockSize() == 0) {
new_data = new byte[new_size + blockSize()];
pad = (byte) 8;
} else {
new_data = new byte[new_size + blockSize() - new_size % blockSize()];
pad = (byte) (blockSize() - new_size % blockSize());
}
for (int i = new_size; i < new_data.length; i++) {
new_data[i] = pad;
}
byte[] conf = Confounder.bytes(confounderSize());
System.arraycopy(conf, 0, new_data, 0, confounderSize());
System.arraycopy(data, 0, new_data, startOfData(), data.length);
byte[] cksum = calculateChecksum(new_data, new_data.length);
System.arraycopy(cksum, 0, new_data, startOfChecksum(), checksumSize());
byte[] cipher = new byte[new_data.length];
Des.cbc_encrypt(new_data, cipher, key, ivec, true);
return cipher;
}
