Class Blowfishcbc

java.lang.Object
  extended by Blowfishcbc

public final class Blowfishcbc
extends java.lang.Object

This class was created since creating the Blowfish key schedule is a time-consuming process. The class is designed to create the schedule once. This class produces an array of 6 Cipher objects using blowfishcbcinit(). Three of these do EDE encryption. The other three do DED decryption. An array of 6 objects of type Cipher used to be returned by an init member function and the encryption and decryption functions were static. This allowed the class to be immutable. The problem was, it created a mutable array of Cipher objects that got lobbed around in feralcore code. In the end it was decided that this class should store that array internally to minimize the exposure of the Cipher array.

Blowfishcbc.encrypt() was implemented with the knowledge that Java provides stream ciphers. This was done since: (1) we need precise ciphertext lengths in Feralcore across all platforms and Java API versions and we found no explanation of the size of ciphertexts in the Java API documentation, and (2) the stream ciphers we found in the Java API did not include integrity checks on the plaintext. We found PKCS #5 based padding schemes, etc., but no strong integrity checks. We wanted a stream cipher that has a cryptographic integrity check built-in. So, we implemented the stream cipher based on standard CBC to achieve these goals.


Field Summary
static int MIN_CBC_LENGTH
           
 
Constructor Summary
Blowfishcbc(ByteArray key)
           
 
Method Summary
 Blowfishcbcdec decrypt(ByteArray ciphertext)
           
 ByteArray encrypt(ByteArray plaintext, ByteArray randbytes)
          This CBC encryption algorithm allows for arbitrary octet padding to be appended to the resulting ciphertext without inhibiting the ability of decrypt() to work properly on the resulting octet string.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

MIN_CBC_LENGTH

public static final int MIN_CBC_LENGTH
See Also:
Constant Field Values
Constructor Detail

Blowfishcbc

public Blowfishcbc(ByteArray key)
            throws java.security.NoSuchAlgorithmException,
                   javax.crypto.NoSuchPaddingException,
                   java.security.InvalidKeyException
Throws:
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.InvalidKeyException
Method Detail

encrypt

public ByteArray encrypt(ByteArray plaintext,
                         ByteArray randbytes)
                  throws FeralcoreException,
                         javax.crypto.IllegalBlockSizeException,
                         javax.crypto.BadPaddingException,
                         java.io.FileNotFoundException,
                         java.io.IOException,
                         java.security.NoSuchAlgorithmException,
                         java.lang.CloneNotSupportedException
This CBC encryption algorithm allows for arbitrary octet padding to be appended to the resulting ciphertext without inhibiting the ability of decrypt() to work properly on the resulting octet string. During encryption a random 128 bit marker is generated. This is used to mark both the beginning and the ending of the plaintext. During decryption the starting marker is picked up near the start of decryption and is used to determine when decryption ends. Since the marker is a random 128-bit string, it is a hard problem to predict the marker when choosing a plaintext (so it is hard for the caller to foil correct marker checking during decryption). Here is the benefit of using this marker: we can take the ciphertext output of the encryption function, append an octet stream to the end of it, and the resulting string is still a valid ciphertext. The appended octets are stripped automatically during decryption. So, this permits obfuscation of the ciphertext length at a higher level in the Java code base. Argument randbytes must be a reference to 32 random bytes. This argument makes encrypt() purely functional since it doesn't take a reference to a mutable YYrandom object as input.

Throws:
FeralcoreException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException
java.io.FileNotFoundException
java.io.IOException
java.security.NoSuchAlgorithmException
java.lang.CloneNotSupportedException

decrypt

public Blowfishcbcdec decrypt(ByteArray ciphertext)
                       throws java.security.NoSuchAlgorithmException,
                              javax.crypto.IllegalBlockSizeException,
                              javax.crypto.BadPaddingException
Throws:
java.security.NoSuchAlgorithmException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException