| Frames | No Frames |
1: /* OFB.java -- 2: Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc. 3: 4: This file is a part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2 of the License, or (at 9: your option) any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; if not, write to the Free Software 18: Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 19: USA 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: 39: package gnu.javax.crypto.mode; 40: 41: import gnu.java.security.Registry; 42: import gnu.javax.crypto.cipher.IBlockCipher; 43: 44: /** 45: * The Output Feedback (OFB) mode is a confidentiality mode that requires a 46: * unique <code>IV</code> for every message that is ever encrypted under the 47: * given key. The OFB mode is defined as follows: 48: * <ul> 49: * <li>OFB Encryption: 50: * <ul> 51: * <li>I<sub>1</sub> = IV;</li> 52: * <li>I<sub>j</sub> = O<sub>j -1</sub> for j = 2...n;</li> 53: * <li>O<sub>j</sub> = CIPH<sub>K</sub>(I<sub>j</sub>) for j = 1, 2...n;</li> 54: * <li>C<sub>j</sub> = P<sub>j</sub> XOR O<sub>j</sub> for j = 1, 2...n.</li> 55: * </ul> 56: * </li> 57: * <li>OFB Decryption: 58: * <ul> 59: * <li>I<sub>1</sub> = IV;</li> 60: * <li>I<sub>j</sub> = O<sub>j -1</sub> for j = 2...n;</li> 61: * <li>O<sub>j</sub> = CIPH<sub>K</sub>(I<sub>j</sub>) for j = 1, 2...n;</li> 62: * <li>P<sub>j</sub> = C<sub>j</sub> XOR O<sub>j</sub> for j = 1, 2...n.</li> 63: * </ul> 64: * </li> 65: * </ul> 66: * <p> 67: * In OFB encryption, the <code>IV</code> is transformed by the forward cipher 68: * function to produce the first output block. The first output block is 69: * exclusive-ORed with the first plaintext block to produce the first ciphertext 70: * block. The first output block is then transformed by the forward cipher 71: * function to produce the second output block. The second output block is 72: * exclusive-ORed with the second plaintext block to produce the second 73: * ciphertext block, and the second output block is transformed by the forward 74: * cipher function to produce the third output block. Thus, the successive 75: * output blocks are produced from enciphering the previous output blocks, and 76: * the output blocks are exclusive-ORed with the corresponding plaintext blocks 77: * to produce the ciphertext blocks. 78: * <p> 79: * In OFB decryption, the <code>IV</code> is transformed by the forward cipher 80: * function to produce the first output block. The first output block is 81: * exclusive-ORed with the first ciphertext block to recover the first plaintext 82: * block. The first output block is then transformed by the forward cipher 83: * function to produce the second output block. The second output block is 84: * exclusive-ORed with the second ciphertext block to produce the second 85: * plaintext block, and the second output block is also transformed by the 86: * forward cipher function to produce the third output block. Thus, the 87: * successive output blocks are produced from enciphering the previous output 88: * blocks, and the output blocks are exclusive-ORed with the corresponding 89: * ciphertext blocks to recover the plaintext blocks. 90: * <p> 91: * In both OFB encryption and OFB decryption, each forward cipher function 92: * (except the first) depends on the results of the previous forward cipher 93: * function; therefore, multiple forward cipher functions cannot be performed in 94: * parallel. However, if the <code>IV</code> is known, the output blocks can 95: * be generated prior to the availability of the plaintext or ciphertext data. 96: * <p> 97: * The OFB mode requires a unique <code>IV</code> for every message that is 98: * ever encrypted under the given key. If, contrary to this requirement, the 99: * same <code>IV</code> is used for the encryption of more than one message, 100: * then the confidentiality of those messages may be compromised. In particular, 101: * if a plaintext block of any of these messages is known, say, the j<sup>th</sup> 102: * plaintext block, then the j<sup>th</sup> output of the forward cipher 103: * function can be determined easily from the j<sup>th</sup> ciphertext block 104: * of the message. This information allows the j<sup>th</sup> plaintext block 105: * of any other message that is encrypted using the same <code>IV</code> to be 106: * easily recovered from the jth ciphertext block of that message. 107: * <p> 108: * Confidentiality may similarly be compromised if any of the input blocks to 109: * the forward cipher function for the encryption of a message is used as the 110: * <code>IV</code> for the encryption of another message under the given key. 111: * <p> 112: * References: 113: * <ol> 114: * <li><a 115: * href="http://csrc.nist.gov/encryption/modes/Recommendation/Modes01.pdf"> 116: * Recommendation for Block Cipher Modes of Operation Methods and Techniques</a>, 117: * Morris Dworkin.</li> 118: * </ol> 119: */ 120: public class OFB 121: extends BaseMode 122: implements Cloneable 123: { 124: private byte[] outputBlock; 125: 126: /** 127: * Trivial package-private constructor for use by the Factory class. 128: * 129: * @param underlyingCipher the underlying cipher implementation. 130: * @param cipherBlockSize the underlying cipher block size to use. 131: */ 132: OFB(IBlockCipher underlyingCipher, int cipherBlockSize) 133: { 134: super(Registry.OFB_MODE, underlyingCipher, cipherBlockSize); 135: } 136: 137: /** 138: * Private constructor for cloning purposes. 139: * 140: * @param that the mode to clone. 141: */ 142: private OFB(OFB that) 143: { 144: this((IBlockCipher) that.cipher.clone(), that.cipherBlockSize); 145: } 146: 147: public Object clone() 148: { 149: return new OFB(this); 150: } 151: 152: public void setup() 153: { 154: if (modeBlockSize != cipherBlockSize) 155: throw new IllegalArgumentException(IMode.MODE_BLOCK_SIZE); 156: outputBlock = (byte[]) iv.clone(); 157: } 158: 159: public void teardown() 160: { 161: } 162: 163: public void encryptBlock(byte[] in, int i, byte[] out, int o) 164: { 165: cipher.encryptBlock(outputBlock, 0, outputBlock, 0); 166: for (int j = 0; j < cipherBlockSize;) 167: out[o++] = (byte)(in[i++] ^ outputBlock[j++]); 168: } 169: 170: public void decryptBlock(byte[] in, int i, byte[] out, int o) 171: { 172: this.encryptBlock(in, i, out, o); 173: } 174: }