/*
 * Copyright (c) 2004, 2007, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package com.sun.crypto.provider;

import javax.crypto.IllegalBlockSizeException;
import javax.crypto.ShortBufferException;

This class represents ciphers in cipher text stealing (CTS) mode.
CTS provides a way to allow block ciphers to operate on partial blocks without padding, and all bits of the message go through the encryption algorithm, rather than simply being XOR'd.
More details can be found in RFC 2040 section 8 "Description of RC5-CTS".

This mode is implemented independently of a particular cipher. Ciphers to which this mode should apply (e.g., DES) must be plugged-in using the constructor.

NOTE#1: CTS requires the input data to be at least one block long. Thus, callers of this class has to buffer the input data to make sure the input data passed to encryptFinal()/decryptFinal() is not shorter than a block.

NOTE#2: This class does not deal with buffering or padding just like all other cipher mode implementations.

Author:Valerie Peng
/** * This class represents ciphers in cipher text stealing (CTS) mode. * <br>CTS provides a way to allow block ciphers to operate on partial * blocks without padding, and all bits of the message go through * the encryption algorithm, rather than simply being XOR'd. * <br>More details can be found in RFC 2040 section 8 "Description * of RC5-CTS". * * <p>This mode is implemented independently of a particular cipher. * Ciphers to which this mode should apply (e.g., DES) must be * <i>plugged-in</i> using the constructor. * * <p>NOTE#1: CTS requires the input data to be at least one block * long. Thus, callers of this class has to buffer the input data * to make sure the input data passed to encryptFinal()/decryptFinal() * is not shorter than a block. * <p>NOTE#2: This class does not deal with buffering or padding * just like all other cipher mode implementations. * * @author Valerie Peng */
final class CipherTextStealing extends CipherBlockChaining { CipherTextStealing(SymmetricCipher embeddedCipher) { super(embeddedCipher); }
Gets the name of this feedback mode.
Returns:the string CBC
/** * Gets the name of this feedback mode. * * @return the string <code>CBC</code> */
String getFeedback() { return "CTS"; }
Performs the last encryption operation.

The input plain text plain, starting at plainOffset and ending at (plainOffset + len - 1), is encrypted. The result is stored in cipher, starting at cipherOffset.

It is the application's responsibility to make sure that plainLen is a multiple of the embedded cipher's block size, as any excess bytes are ignored.

Params:
  • plain – the buffer with the input data to be encrypted
  • plainOffset – the offset in plain
  • plainLen – the length of the input data
  • cipher – the buffer for the result
  • cipherOffset – the offset in cipher
/** * Performs the last encryption operation. * * <p>The input plain text <code>plain</code>, starting at * <code>plainOffset</code> and ending at * <code>(plainOffset + len - 1)</code>, is encrypted. * The result is stored in <code>cipher</code>, starting at * <code>cipherOffset</code>. * * <p>It is the application's responsibility to make sure that * <code>plainLen</code> is a multiple of the embedded cipher's block size, * as any excess bytes are ignored. * * @param plain the buffer with the input data to be encrypted * @param plainOffset the offset in <code>plain</code> * @param plainLen the length of the input data * @param cipher the buffer for the result * @param cipherOffset the offset in <code>cipher</code> */
void encryptFinal(byte[] plain, int plainOffset, int plainLen, byte[] cipher, int cipherOffset) throws IllegalBlockSizeException { if (plainLen < blockSize) { throw new IllegalBlockSizeException("input is too short!"); } else if (plainLen == blockSize) { encrypt(plain, plainOffset, plainLen, cipher, cipherOffset); } else { // number of bytes in the last block int nLeft = plainLen % blockSize; if (nLeft == 0) { encrypt(plain, plainOffset, plainLen, cipher, cipherOffset); // swap the last two blocks after encryption int lastBlkIndex = cipherOffset + plainLen - blockSize; int nextToLastBlkIndex = lastBlkIndex - blockSize; byte[] tmp = new byte[blockSize]; System.arraycopy(cipher, lastBlkIndex, tmp, 0, blockSize); System.arraycopy(cipher, nextToLastBlkIndex, cipher, lastBlkIndex, blockSize); System.arraycopy(tmp, 0, cipher, nextToLastBlkIndex, blockSize); } else { int newPlainLen = plainLen - (blockSize + nLeft); if (newPlainLen > 0) { encrypt(plain, plainOffset, newPlainLen, cipher, cipherOffset); plainOffset += newPlainLen; cipherOffset += newPlainLen; } // Do final CTS step for last two blocks (the second of which // may or may not be incomplete). byte[] tmp = new byte[blockSize]; // now encrypt the next-to-last block for (int i = 0; i < blockSize; i++) { tmp[i] = (byte) (plain[plainOffset+i] ^ r[i]); } byte[] tmp2 = new byte[blockSize]; embeddedCipher.encryptBlock(tmp, 0, tmp2, 0); System.arraycopy(tmp2, 0, cipher, cipherOffset+blockSize, nLeft); // encrypt the last block for (int i=0; i<nLeft; i++) { tmp2[i] = (byte) (plain[plainOffset+blockSize+i] ^ tmp2[i]); } embeddedCipher.encryptBlock(tmp2, 0, cipher, cipherOffset); } } }
Performs decryption operation.

The input cipher text cipher, starting at cipherOffset and ending at (cipherOffset + len - 1), is decrypted. The result is stored in plain, starting at plainOffset.

It is the application's responsibility to make sure that cipherLen is a multiple of the embedded cipher's block size, as any excess bytes are ignored.

It is also the application's responsibility to make sure that init has been called before this method is called. (This check is omitted here, to avoid double checking.)

Params:
  • cipher – the buffer with the input data to be decrypted
  • cipherOffset – the offset in cipherOffset
  • cipherLen – the length of the input data
  • plain – the buffer for the result
  • plainOffset – the offset in plain
/** * Performs decryption operation. * * <p>The input cipher text <code>cipher</code>, starting at * <code>cipherOffset</code> and ending at * <code>(cipherOffset + len - 1)</code>, is decrypted. * The result is stored in <code>plain</code>, starting at * <code>plainOffset</code>. * * <p>It is the application's responsibility to make sure that * <code>cipherLen</code> is a multiple of the embedded cipher's block * size, as any excess bytes are ignored. * * <p>It is also the application's responsibility to make sure that * <code>init</code> has been called before this method is called. * (This check is omitted here, to avoid double checking.) * * @param cipher the buffer with the input data to be decrypted * @param cipherOffset the offset in <code>cipherOffset</code> * @param cipherLen the length of the input data * @param plain the buffer for the result * @param plainOffset the offset in <code>plain</code> */
void decryptFinal(byte[] cipher, int cipherOffset, int cipherLen, byte[] plain, int plainOffset) throws IllegalBlockSizeException { if (cipherLen < blockSize) { throw new IllegalBlockSizeException("input is too short!"); } else if (cipherLen == blockSize) { decrypt(cipher, cipherOffset, cipherLen, plain, plainOffset); } else { // number of bytes in the last block int nLeft = cipherLen % blockSize; if (nLeft == 0) { // swap the last two blocks before decryption int lastBlkIndex = cipherOffset + cipherLen - blockSize; int nextToLastBlkIndex = cipherOffset + cipherLen - 2*blockSize; byte[] tmp = new byte[2*blockSize]; System.arraycopy(cipher, lastBlkIndex, tmp, 0, blockSize); System.arraycopy(cipher, nextToLastBlkIndex, tmp, blockSize, blockSize); int cipherLen2 = cipherLen-2*blockSize; decrypt(cipher, cipherOffset, cipherLen2, plain, plainOffset); decrypt(tmp, 0, 2*blockSize, plain, plainOffset+cipherLen2); } else { int newCipherLen = cipherLen-(blockSize+nLeft); if (newCipherLen > 0) { decrypt(cipher, cipherOffset, newCipherLen, plain, plainOffset); cipherOffset += newCipherLen; plainOffset += newCipherLen; } // Do final CTS step for last two blocks (the second of which // may or may not be incomplete). // now decrypt the next-to-last block byte[] tmp = new byte[blockSize]; embeddedCipher.decryptBlock(cipher, cipherOffset, tmp, 0); for (int i = 0; i < nLeft; i++) { plain[plainOffset+blockSize+i] = (byte) (cipher[cipherOffset+blockSize+i] ^ tmp[i]); } // decrypt the last block System.arraycopy(cipher, cipherOffset+blockSize, tmp, 0, nLeft); embeddedCipher.decryptBlock(tmp, 0, plain, plainOffset); //System.arraycopy(r, 0, tmp, 0, r.length); for (int i=0; i<blockSize; i++) { plain[plainOffset+i] = (byte) (plain[plainOffset+i]^r[i]); } } } } }