package org.bouncycastle.crypto.modes; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.DataLengthException; /** * Implements OpenPGP's rather strange version of Cipher-FeedBack (CFB) mode * on top of a simple cipher. This class assumes the IV has been prepended * to the data stream already, and just accomodates the reset after * (blockSize + 2) bytes have been read. * <p> * For further info see <a href="http://www.ietf.org/rfc/rfc2440.html">RFC 2440</a>. */ public class OpenPGPCFBBlockCipher implements BlockCipher { private byte[] IV; private byte[] FR; private byte[] FRE; private byte[] tmp; private BlockCipher cipher; private int count; private int blockSize; private boolean forEncryption; /** * Basic constructor. * * @param cipher the block cipher to be used as the basis of the * feedback mode. */ public OpenPGPCFBBlockCipher( BlockCipher cipher) { this.cipher = cipher; this.blockSize = cipher.getBlockSize(); this.IV = new byte[blockSize]; this.FR = new byte[blockSize]; this.FRE = new byte[blockSize]; this.tmp = new byte[blockSize]; } /** * return the underlying block cipher that we are wrapping. * * @return the underlying block cipher that we are wrapping. */ public BlockCipher getUnderlyingCipher() { return cipher; } /** * return the algorithm name and mode. * * @return the name of the underlying algorithm followed by "/PGPCFB" * and the block size in bits. */ public String getAlgorithmName() { return cipher.getAlgorithmName() + "/OpenPGPCFB"; } /** * return the block size we are operating at. * * @return the block size we are operating at (in bytes). */ public int getBlockSize() { return cipher.getBlockSize(); } /** * Process one block of input from the array in and write it to * the out array. * * @param in the array containing the input data. * @param inOff offset into the in array the data starts at. * @param out the array the output data will be copied into. * @param outOff the offset into the out array the output will start at. * @exception DataLengthException if there isn't enough data in in, or * space in out. * @exception IllegalStateException if the cipher isn't initialised. * @return the number of bytes processed and produced. */ public int processBlock( byte[] in, int inOff, byte[] out, int outOff) throws DataLengthException, IllegalStateException { return (forEncryption) ? encryptBlock(in, inOff, out, outOff) : decryptBlock(in, inOff, out, outOff); } /** * reset the chaining vector back to the IV and reset the underlying * cipher. */ public void reset() { count = 0; for (int i = 0; i != FR.length; i++) { FR[i] = IV[i]; } cipher.reset(); } /** * Initialise the cipher and, possibly, the initialisation vector (IV). * If an IV isn't passed as part of the parameter, the IV will be all zeros. * An IV which is too short is handled in FIPS compliant fashion. * * @param forEncryption if true the cipher is initialised for * encryption, if false for decryption. * @param param the key and other data required by the cipher. * @exception IllegalArgumentException if the params argument is * inappropriate. */ public void init( boolean forEncryption, CipherParameters params) throws IllegalArgumentException { this.forEncryption = forEncryption; reset(); cipher.init(true, params); } /** * Encrypt one byte of data according to CFB mode. * @param data the byte to encrypt * @param where am i in the current block, determines when to resync the block * @returns the encrypted byte */ private byte encryptByte(byte data, int blockOff) { return (byte)(FRE[blockOff] ^ data); } /** * Do the appropriate processing for CFB IV mode encryption. * * @param in the array containing the data to be encrypted. * @param inOff offset into the in array the data starts at. * @param out the array the encrypted data will be copied into. * @param outOff the offset into the out array the output will start at. * @exception DataLengthException if there isn't enough data in in, or * space in out. * @exception IllegalStateException if the cipher isn't initialised. * @return the number of bytes processed and produced. */ private int encryptBlock( byte[] in, int inOff, byte[] out, int outOff) throws DataLengthException, IllegalStateException { if ((inOff + blockSize) > in.length) { throw new DataLengthException("input buffer too short"); } if ((outOff + blockSize) > out.length) { throw new DataLengthException("output buffer too short"); } if (count > blockSize) { FR[blockSize - 2] = out[outOff] = encryptByte(in[inOff], blockSize - 2); FR[blockSize - 1] = out[outOff + 1] = encryptByte(in[inOff + 1], blockSize - 1); cipher.processBlock(FR, 0, FRE, 0); for (int n = 2; n < blockSize; n++) { out[outOff + n] = encryptByte(in[inOff + n], n - 2); } System.arraycopy(out, outOff + 2, FR, 0, blockSize - 2); } else if (count == 0) { cipher.processBlock(FR, 0, FRE, 0); for (int n = 0; n < blockSize; n++) { out[outOff + n] = encryptByte(in[inOff + n], n); } System.arraycopy(out, outOff, FR, 0, blockSize); count += blockSize; } else if (count == blockSize) { cipher.processBlock(FR, 0, FRE, 0); out[outOff] = encryptByte(in[inOff], 0); out[outOff + 1] = encryptByte(in[inOff + 1], 1); // // do reset // System.arraycopy(FR, 2, FR, 0, blockSize - 2); System.arraycopy(out, outOff, FR, blockSize - 2, 2); cipher.processBlock(FR, 0, FRE, 0); for (int n = 2; n < blockSize; n++) { out[outOff + n] = encryptByte(in[inOff + n], n - 2); } System.arraycopy(out, outOff + 2, FR, 0, blockSize - 2); count += blockSize; } return blockSize; } /** * Do the appropriate processing for CFB IV mode decryption. * * @param in the array containing the data to be decrypted. * @param inOff offset into the in array the data starts at. * @param out the array the encrypted data will be copied into. * @param outOff the offset into the out array the output will start at. * @exception DataLengthException if there isn't enough data in in, or * space in out. * @exception IllegalStateException if the cipher isn't initialised. * @return the number of bytes processed and produced. */ private int decryptBlock( byte[] in, int inOff, byte[] out, int outOff) throws DataLengthException, IllegalStateException { if ((inOff + blockSize) > in.length) { throw new DataLengthException("input buffer too short"); } if ((outOff + blockSize) > out.length) { throw new DataLengthException("output buffer too short"); } if (count > blockSize) { // copy in buffer so that this mode works if in and out are the same System.arraycopy(in, inOff, tmp, 0, blockSize); out[outOff + 0] = encryptByte(tmp[0], blockSize - 2); out[outOff + 1] = encryptByte(tmp[1], blockSize - 1); System.arraycopy(tmp, 0, FR, blockSize - 2, 2); cipher.processBlock(FR, 0, FRE, 0); for (int n = 2; n < blockSize; n++) { out[outOff + n] = encryptByte(tmp[n], n - 2); } System.arraycopy(tmp, 2, FR, 0, blockSize - 2); } else if (count == 0) { cipher.processBlock(FR, 0, FRE, 0); for (int n = 0; n < blockSize; n++) { FR[n] = in[inOff + n]; out[n] = encryptByte(in[inOff + n], n); } count += blockSize; } else if (count == blockSize) { System.arraycopy(in, inOff, tmp, 0, blockSize); cipher.processBlock(FR, 0, FRE, 0); out[outOff + 0] = encryptByte(tmp[0], 0); out[outOff + 1] = encryptByte(tmp[1], 1); System.arraycopy(FR, 2, FR, 0, blockSize - 2); FR[blockSize - 2] = tmp[0]; FR[blockSize - 1] = tmp[1]; cipher.processBlock(FR, 0, FRE, 0); for (int n = 2; n < blockSize; n++) { FR[n - 2] = in[inOff + n]; out[outOff + n] = encryptByte(in[inOff + n], n - 2); } count += blockSize;; } return blockSize; } }