/** * Decrypts the data using DES in CBC mode. * * @param cipher the input buffer. * @param key the key to decrypt the data. * @param ivec initialization vector. * @modified by Yanni Zhang, Dec 6 99. */ public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage) throws KrbApErrException, KrbCryptoException { /* * To meet export control requirements, double check that the * key being used is no longer than 64 bits. * * Note that from a protocol point of view, an * algorithm that is not DES will be rejected before this * point. Also, a DES key that is not 64 bits will be * rejected by a good JCE provider. */ if (key.length > 8) throw new KrbCryptoException("Invalid DES Key!"); byte[] data = new byte[cipher.length]; Des.cbc_encrypt(cipher, data, key, ivec, false); if (!isChecksumValid(data)) throw new KrbApErrException(Krb5.KRB_AP_ERR_BAD_INTEGRITY); return data; }
/** * Encrypts the data using DES in CBC mode. * * @param data the buffer for plain text. * @param key the key to encrypt the data. * @param ivec initialization vector. * @return buffer for encrypted data. * @modified by Yanni Zhang, Feb 24 00. */ public byte[] encrypt(byte[] data, byte[] key, byte[] ivec, int usage) throws KrbCryptoException { /* * To meet export control requirements, double check that the * key being used is no longer than 64 bits. * * Note that from a protocol point of view, an * algorithm that is not DES will be rejected before this * point. Also, a DES key that is not 64 bits will be * rejected by a good implementations of JCE. */ if (key.length > 8) throw new KrbCryptoException("Invalid DES Key!"); int new_size = data.length + confounderSize() + checksumSize(); byte[] new_data; byte pad; /*Data padding: using Kerberos 5 GSS-API mechanism (1.2.2.3), Jun 1996. *Before encryption, plaintext data is padded to the next higest multiple of blocksize. *by appending between 1 and 8 bytes, the value of each such byte being the total number *of pad bytes. For example, if new_size = 10, blockSize is 8, we should pad 2 bytes, *and the value of each byte is 2. *If plaintext data is a multiple of blocksize, we pad a 8 bytes of 8. */ if (new_size % blockSize() == 0) { new_data = new byte[new_size + blockSize()]; pad = (byte) 8; } else { new_data = new byte[new_size + blockSize() - new_size % blockSize()]; pad = (byte) (blockSize() - new_size % blockSize()); } for (int i = new_size; i < new_data.length; i++) { new_data[i] = pad; } byte[] conf = Confounder.bytes(confounderSize()); System.arraycopy(conf, 0, new_data, 0, confounderSize()); System.arraycopy(data, 0, new_data, startOfData(), data.length); byte[] cksum = calculateChecksum(new_data, new_data.length); System.arraycopy(cksum, 0, new_data, startOfChecksum(), checksumSize()); byte[] cipher = new byte[new_data.length]; Des.cbc_encrypt(new_data, cipher, key, ivec, true); return cipher; }