Class SymmetricState

java.lang.Object
com.southernstorm.noise.protocol.SymmetricState
All Implemented Interfaces:
Destroyable

public class SymmetricState extends Object implements Destroyable
Symmetric state for helping manage a Noise handshake.
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected CipherState
     
    protected byte[]
     
    protected byte[]
     
    protected MessageDigest
     
    protected String
     
    protected byte[]
     
  • Constructor Summary

    Constructors
    Constructor
    Description
    SymmetricState​(String protocolName, String cipherName, String hashName)
    Constructs a new symmetric state object.
  • Method Summary

    Modifier and Type
    Method
    Description
    int
    decryptAndHash​(byte[] ciphertext, int ciphertextOffset, byte[] plaintext, int plaintextOffset, int length)
    Decrypts a block of ciphertext and mixes it into the handshake hash.
    void
    Destroys all sensitive state in the current object.
    int
    encryptAndHash​(byte[] plaintext, int plaintextOffset, byte[] ciphertext, int ciphertextOffset, int length)
    Encrypts a block of plaintext and mixes the ciphertext into the handshake hash.
    byte[]
    Gets the current value of the handshake hash.
    int
    Gets the length of MAC values in the current state.
    Gets the name of the Noise protocol.
    void
    mixHash​(byte[] data, int offset, int length)
    Mixes data into the handshake hash.
    void
    mixKey​(byte[] data, int offset, int length)
    Mixes data into the chaining key.
    void
    mixPreSharedKey​(byte[] key)
    Mixes a pre-shared key into the chaining key and handshake hash.
    void
    Mixes a pre-supplied public key into the handshake hash.
    void
    Mixes a pre-supplied public key into the chaining key.
    Splits the symmetric state into two ciphers for session encryption.
    split​(byte[] secondaryKey, int offset, int length)
    Splits the symmetric state into two ciphers for session encryption, and optionally mixes in a secondary symmetric key.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • name

      protected final String name
    • cipher

      protected CipherState cipher
    • hash

      protected MessageDigest hash
    • ck

      protected byte[] ck
    • h

      protected byte[] h
    • prev_h

      protected byte[] prev_h
  • Constructor Details

    • SymmetricState

      public SymmetricState(String protocolName, String cipherName, String hashName) throws NoSuchAlgorithmException
      Constructs a new symmetric state object.
      Parameters:
      protocolName - The name of the Noise protocol, which is assumed to be valid.
      cipherName - The name of the cipher within protocolName.
      hashName - The name of the hash within protocolName.
      Throws:
      NoSuchAlgorithmException - The cipher or hash algorithm in the protocol name is not supported.
  • Method Details

    • getProtocolName

      public String getProtocolName()
      Gets the name of the Noise protocol.
      Returns:
      The protocol name.
    • getMACLength

      public int getMACLength()
      Gets the length of MAC values in the current state.
      Returns:
      The length of the MAC value for the underlying cipher or zero if the cipher has not yet been initialized with a key.
    • mixKey

      public void mixKey(byte[] data, int offset, int length)
      Mixes data into the chaining key.
      Parameters:
      data - The buffer containing the data to mix in.
      offset - The offset of the first data byte to mix in.
      length - The number of bytes to mix in.
    • mixHash

      public void mixHash(byte[] data, int offset, int length)
      Mixes data into the handshake hash.
      Parameters:
      data - The buffer containing the data to mix in.
      offset - The offset of the first data byte to mix in.
      length - The number of bytes to mix in.
    • mixPreSharedKey

      public void mixPreSharedKey(byte[] key)
      Mixes a pre-shared key into the chaining key and handshake hash.
      Parameters:
      key - The pre-shared key value.
    • mixPublicKey

      public void mixPublicKey(DHState dh)
      Mixes a pre-supplied public key into the handshake hash.
      Parameters:
      dh - The object containing the public key.
    • mixPublicKeyIntoCK

      public void mixPublicKeyIntoCK(DHState dh)
      Mixes a pre-supplied public key into the chaining key.
      Parameters:
      dh - The object containing the public key.
    • encryptAndHash

      public int encryptAndHash(byte[] plaintext, int plaintextOffset, byte[] ciphertext, int ciphertextOffset, int length) throws ShortBufferException
      Encrypts a block of plaintext and mixes the ciphertext into the handshake hash.
      Parameters:
      plaintext - The buffer containing the plaintext to encrypt.
      plaintextOffset - The offset within the plaintext buffer of the first byte or plaintext data.
      ciphertext - The buffer to place the ciphertext in. This can be the same as the plaintext buffer.
      ciphertextOffset - The first offset within the ciphertext buffer to place the ciphertext and the MAC tag.
      length - The length of the plaintext.
      Returns:
      The length of the ciphertext plus the MAC tag.
      Throws:
      ShortBufferException
    • decryptAndHash

      public int decryptAndHash(byte[] ciphertext, int ciphertextOffset, byte[] plaintext, int plaintextOffset, int length) throws ShortBufferException, BadPaddingException
      Decrypts a block of ciphertext and mixes it into the handshake hash.
      Parameters:
      ciphertext - The buffer containing the ciphertext to decrypt.
      ciphertextOffset - The offset within the ciphertext buffer of the first byte of ciphertext data.
      plaintext - The buffer to place the plaintext in. This can be the same as the ciphertext buffer.
      plaintextOffset - The first offset within the plaintext buffer to place the plaintext.
      length - The length of the incoming ciphertext plus the MAC tag.
      Returns:
      The length of the plaintext with the MAC tag stripped off.
      Throws:
      ShortBufferException - There is not enough space in the plaintext buffer for the decrypted data.
      BadPaddingException - The MAC value failed to verify.

      The plaintext and ciphertext buffers can be the same for in-place decryption. In that case, ciphertextOffset must be identical to plaintextOffset.

    • split

      public CipherStatePair split()
      Splits the symmetric state into two ciphers for session encryption.
      Returns:
      The pair of ciphers for sending and receiving.
    • split

      public CipherStatePair split(byte[] secondaryKey, int offset, int length)
      Splits the symmetric state into two ciphers for session encryption, and optionally mixes in a secondary symmetric key.
      Parameters:
      secondaryKey - The buffer containing the secondary key.
      offset - The offset of the first secondary key byte.
      length - The length of the secondary key in bytes, which must be either 0 or 32.
      Returns:
      The pair of ciphers for sending and receiving.
      Throws:
      IllegalArgumentException - The length is not 0 or 32.
    • getHandshakeHash

      public byte[] getHandshakeHash()
      Gets the current value of the handshake hash.
      Returns:
      The handshake hash. This must not be modified by the caller.

      The handshake hash value is only of use to the application after split() has been called.

    • destroy

      public void destroy()
      Description copied from interface: Destroyable
      Destroys all sensitive state in the current object.
      Specified by:
      destroy in interface Destroyable