001: /* ====================================================================
002: * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
003: *
004: * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
005: *
006: * Redistribution and use in source and binary forms, with or without
007: * modification, are permitted provided that the following conditions
008: * are met:
009: *
010: * 1. Redistributions of source code must retain the above copyright
011: * notice, this list of conditions and the following disclaimer.
012: *
013: * 2. Redistributions in binary form must reproduce the above copyright
014: * notice, this list of conditions and the following disclaimer in
015: * the documentation and/or other materials provided with the
016: * distribution.
017: *
018: * 3. The end-user documentation included with the redistribution,
019: * if any, must include the following acknowledgment:
020: * "This product includes software developed by Jcorporate Ltd.
021: * (http://www.jcorporate.com/)."
022: * Alternately, this acknowledgment may appear in the software itself,
023: * if and wherever such third-party acknowledgments normally appear.
024: *
025: * 4. "Jcorporate" and product names such as "Expresso" must
026: * not be used to endorse or promote products derived from this
027: * software without prior written permission. For written permission,
028: * please contact info@jcorporate.com.
029: *
030: * 5. Products derived from this software may not be called "Expresso",
031: * or other Jcorporate product names; nor may "Expresso" or other
032: * Jcorporate product names appear in their name, without prior
033: * written permission of Jcorporate Ltd.
034: *
035: * 6. No product derived from this software may compete in the same
036: * market space, i.e. framework, without prior written permission
037: * of Jcorporate Ltd. For written permission, please contact
038: * partners@jcorporate.com.
039: *
040: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
041: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
042: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
043: * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
044: * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
045: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
046: * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
047: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
048: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
049: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
050: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
051: * SUCH DAMAGE.
052: * ====================================================================
053: *
054: * This software consists of voluntary contributions made by many
055: * individuals on behalf of the Jcorporate Ltd. Contributions back
056: * to the project(s) are encouraged when you make modifications.
057: * Please send them to support@jcorporate.com. For more information
058: * on Jcorporate Ltd. and its products, please see
059: * <http://www.jcorporate.com/>.
060: *
061: * Portions of this software are based upon other open source
062: * products and are subject to their respective licenses.
063: */
064:
065: package com.jcorporate.expresso.core.security.weakencryption;
066:
067: import com.jcorporate.expresso.core.misc.ByteArrayCounter;
068: import com.jcorporate.expresso.core.security.AbstractStringEncryption;
069: import com.jcorporate.expresso.kernel.exception.ChainedException;
070:
071: /**
072: * This class provides basic string encryption. It'll provide the services of
073: * password whitening and automatic selection of encryption.
074: * <p/>
075: * Known Vulnerabilities. The actual whitened password remains in memory for
076: * performance sake. An attacker may find the actual password by looking at swap
077: * files looking for Base64 encoded strings. (Not too hard to grep out) but it requires
078: * an attacker to gain access to the swap partition of the server. Do not use this
079: * class for a personal encryption program.
080: *
081: * @author Michael Rimov
082: */
083: public class StringEncryption extends AbstractStringEncryption {
084: static final private String this Class = "com.jcorporate.expresso.core.security.weakencryption.RandomNumber";
085: static protected ByteArrayCounter ivCounter = new ByteArrayCounter(
086: 8);
087:
088: /**
089: * @throws ChainedException
090: */
091: public StringEncryption() throws ChainedException {
092: super ();
093: } /* StringEncryption() */
094:
095: /**
096: * Same as decryptString, but only deals in byte arrays. This method must be
097: * implemented by descendants of this class.
098: *
099: * @param inputData[]
100: * @return
101: */
102: public byte[] decrypt(byte[] inputData) throws ChainedException,
103: IllegalArgumentException {
104: if (inputData.length < 8) {
105:
106: /* It wasn't encrypted */
107: return inputData;
108:
109: //throw new IllegalArgumentException(myName
110: // + ":inputData must be at least of length 8");
111: }
112:
113: byte[] ivData = new byte[8];
114: byte[] rawData = new byte[inputData.length - 8];
115:
116: //NOW XOR "decrypt" everything
117: int pwCounter = 0;
118: byte[] passKey = this .getPreparedPassKey();
119:
120: for (int i = 0; i < inputData.length; i++) {
121: inputData[i] ^= passKey[pwCounter];
122: pwCounter++;
123:
124: if (pwCounter == passKey.length) {
125: pwCounter = 0;
126: }
127: }
128: //Build the final result
129: for (int i = 0; i < inputData.length; i++) {
130: if (i < 8) {
131: ivData[i] = inputData[i];
132: } else {
133: rawData[i - 8] = inputData[i];
134: }
135: }
136:
137: return rawData;
138: } /* decrypt(byte) */
139:
140: /**
141: * Same as encryptString, but only deals in byte arrays. This must be implemented
142: * by the descendants of this class.
143: *
144: * @param inputData[]
145: * @return
146: */
147: public byte[] encrypt(byte[] inputData) throws ChainedException,
148: IllegalArgumentException {
149: final String myName = this Class + ".encrypt(byte)";
150:
151: if (inputData.length == 0) {
152: throw new IllegalArgumentException(myName
153: + ":inputData must not be zero length");
154: }
155:
156: ivCounter.increment();
157:
158: byte[] ivData = ivCounter.getBytes();
159: int arrayLength = 8 + inputData.length;
160: byte[] finalData = new byte[arrayLength];
161:
162: //Assemble the final byte array by concatentating the
163: //intput vector and the algorithm outputs.
164: for (int i = 0; i < arrayLength; i++) {
165: if (i < 8) {
166: finalData[i] = ivData[i];
167: } else {
168: finalData[i] = inputData[i - 8];
169: }
170: }
171:
172: //NOW XOR encryption everything
173: int pwCounter = 0;
174: byte[] passKey = this .getPreparedPassKey();
175:
176: for (int i = 0; i < finalData.length; i++) {
177: finalData[i] ^= passKey[pwCounter];
178: pwCounter++;
179:
180: if (pwCounter == passKey.length) {
181: pwCounter = 0;
182: }
183: }
184:
185: return finalData;
186: } /* encrypt(byte) */
187:
188: } /* StringEncryption */
189:
190: /* StringEncryption */
|