java.lang.Object
com.southernstorm.noise.protocol.SymmetricState
- All Implemented Interfaces:
Destroyable
Symmetric state for helping manage a Noise handshake.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected CipherStateprotected byte[]protected byte[]protected MessageDigestprotected Stringprotected byte[] -
Constructor Summary
ConstructorsConstructorDescriptionSymmetricState(String protocolName, String cipherName, String hashName)Constructs a new symmetric state object. -
Method Summary
Modifier and TypeMethodDescriptionintdecryptAndHash(byte[] ciphertext, int ciphertextOffset, byte[] plaintext, int plaintextOffset, int length)Decrypts a block of ciphertext and mixes it into the handshake hash.voiddestroy()Destroys all sensitive state in the current object.intencryptAndHash(byte[] plaintext, int plaintextOffset, byte[] ciphertext, int ciphertextOffset, int length)Encrypts a block of plaintext and mixes the ciphertext into the handshake hash.byte[]Gets the current value of the handshake hash.intGets the length of MAC values in the current state.Gets the name of the Noise protocol.voidmixHash(byte[] data, int offset, int length)Mixes data into the handshake hash.voidmixKey(byte[] data, int offset, int length)Mixes data into the chaining key.voidmixPreSharedKey(byte[] key)Mixes a pre-shared key into the chaining key and handshake hash.voidmixPublicKey(DHState dh)Mixes a pre-supplied public key into the handshake hash.voidMixes a pre-supplied public key into the chaining key.split()Splits the symmetric state into two ciphers for session encryption.split(byte[] secondaryKey, int offset, int length)Splits the symmetric state into two ciphers for session encryption, and optionally mixes in a secondary symmetric key.
-
Field Details
-
name
-
cipher
-
hash
-
ck
protected byte[] ck -
h
protected byte[] h -
prev_h
protected byte[] prev_h
-
-
Constructor Details
-
SymmetricState
public SymmetricState(String protocolName, String cipherName, String hashName) throws NoSuchAlgorithmExceptionConstructs a new symmetric state object.- Parameters:
protocolName- The name of the Noise protocol, which is assumed to be valid.cipherName- The name of the cipher within protocolName.hashName- The name of the hash within protocolName.- Throws:
NoSuchAlgorithmException- The cipher or hash algorithm in the protocol name is not supported.
-
-
Method Details
-
getProtocolName
Gets the name of the Noise protocol.- Returns:
- The protocol name.
-
getMACLength
public int getMACLength()Gets the length of MAC values in the current state.- Returns:
- The length of the MAC value for the underlying cipher or zero if the cipher has not yet been initialized with a key.
-
mixKey
public void mixKey(byte[] data, int offset, int length)Mixes data into the chaining key.- Parameters:
data- The buffer containing the data to mix in.offset- The offset of the first data byte to mix in.length- The number of bytes to mix in.
-
mixHash
public void mixHash(byte[] data, int offset, int length)Mixes data into the handshake hash.- Parameters:
data- The buffer containing the data to mix in.offset- The offset of the first data byte to mix in.length- The number of bytes to mix in.
-
mixPublicKey
Mixes a pre-supplied public key into the handshake hash.- Parameters:
dh- The object containing the public key.
-
mixPublicKeyIntoCK
Mixes a pre-supplied public key into the chaining key.- Parameters:
dh- The object containing the public key.
-
encryptAndHash
public int encryptAndHash(byte[] plaintext, int plaintextOffset, byte[] ciphertext, int ciphertextOffset, int length) throws ShortBufferExceptionEncrypts a block of plaintext and mixes the ciphertext into the handshake hash.- Parameters:
plaintext- The buffer containing the plaintext to encrypt.plaintextOffset- The offset within the plaintext buffer of the first byte or plaintext data.ciphertext- The buffer to place the ciphertext in. This can be the same as the plaintext buffer.ciphertextOffset- The first offset within the ciphertext buffer to place the ciphertext and the MAC tag.length- The length of the plaintext.- Returns:
- The length of the ciphertext plus the MAC tag.
- Throws:
ShortBufferException
-
decryptAndHash
public int decryptAndHash(byte[] ciphertext, int ciphertextOffset, byte[] plaintext, int plaintextOffset, int length) throws ShortBufferException, BadPaddingExceptionDecrypts a block of ciphertext and mixes it into the handshake hash.- Parameters:
ciphertext- The buffer containing the ciphertext to decrypt.ciphertextOffset- The offset within the ciphertext buffer of the first byte of ciphertext data.plaintext- The buffer to place the plaintext in. This can be the same as the ciphertext buffer.plaintextOffset- The first offset within the plaintext buffer to place the plaintext.length- The length of the incoming ciphertext plus the MAC tag.- Returns:
- The length of the plaintext with the MAC tag stripped off.
- Throws:
ShortBufferException- There is not enough space in the plaintext buffer for the decrypted data.BadPaddingException- The MAC value failed to verify.The plaintext and ciphertext buffers can be the same for in-place decryption. In that case, ciphertextOffset must be identical to plaintextOffset.
-
split
Splits the symmetric state into two ciphers for session encryption.- Returns:
- The pair of ciphers for sending and receiving.
-
split
Splits the symmetric state into two ciphers for session encryption, and optionally mixes in a secondary symmetric key.- Parameters:
secondaryKey- The buffer containing the secondary key.offset- The offset of the first secondary key byte.length- The length of the secondary key in bytes, which must be either 0 or 32.- Returns:
- The pair of ciphers for sending and receiving.
- Throws:
IllegalArgumentException- The length is not 0 or 32.
-
getHandshakeHash
public byte[] getHandshakeHash()Gets the current value of the handshake hash.- Returns:
- The handshake hash. This must not be modified by the caller.
The handshake hash value is only of use to the application after split() has been called.
-
destroy
public void destroy()Description copied from interface:DestroyableDestroys all sensitive state in the current object.- Specified by:
destroyin interfaceDestroyable
-