Package com.southernstorm.noise.protocol

Class SymmetricState

java.lang.Object

com.southernstorm.noise.protocol.SymmetricState

All Implemented Interfaces:

Destroyable

class SymmetricState
extends Object
implements Destroyable

Symmetric state for helping manage a Noise handshake.

Constructor Summary

Constructors

Constructor	Description
SymmetricState(String cipherName, String hashName)	Constructs a new symmetric state object.

Method Summary

Modifier and Type	Method	Description
int	decryptAndHash(byte[] ciphertext, int ciphertextOffset, byte[] plaintext, int plaintextOffset, int length)	Decrypts a block of ciphertext and mixes it into the handshake hash.
void	destroy()	Destroys all sensitive state in the current object.
int	encryptAndHash(byte[] plaintext, int plaintextOffset, byte[] ciphertext, int ciphertextOffset, int length)	Encrypts a block of plaintext and mixes the ciphertext into the handshake hash.
byte[]	getChainingKey()	I2P for getting chaining key for siphash calculation
byte[]	getHandshakeHash()	Gets the current value of the handshake hash.
int	getMACLength()	Gets the length of MAC values in the current state.
String	getProtocolName()	Gets the name of the Noise protocol.
void	mixHash(byte[] data, int offset, int length)	Mixes data into the handshake hash.
void	mixKey(byte[] data, int offset, int length)	Mixes data into the chaining key.
void	mixPreSharedKey(byte[] key)	Mixes a pre-shared key into the chaining key and handshake hash.
void	mixPublicKey(DHState dh)	Mixes a pre-supplied public key into the handshake hash.
void	mixPublicKeyIntoCK(DHState dh)	Mixes a pre-supplied public key into the chaining key.
CipherStatePair	split()	Splits the symmetric state into two ciphers for session encryption.
CipherStatePair	split(byte[] secondaryKey, int offset, int length)	Splits the symmetric state into two ciphers for session encryption, and optionally mixes in a secondary symmetric key.
String	toString()	I2P debug

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SymmetricState

public SymmetricState(String cipherName,
                      String hashName)
               throws NoSuchAlgorithmException

Constructs a new symmetric state object. Noise protocol name is hardcoded.

Parameters:

cipherName - The name of the cipher within protocolName.

hashName - The name of the hash within protocolName.

Throws:

NoSuchAlgorithmException - The cipher or hash algorithm in the protocol name is not supported.

Method Detail

getProtocolName

public String getProtocolName()

Gets the name of the Noise protocol.

Returns:

The protocol name.

getMACLength

public int getMACLength()

Gets the length of MAC values in the current state.

Returns:

The length of the MAC value for the underlying cipher or zero if the cipher has not yet been initialized with a key.

mixKey

public void mixKey(byte[] data,
                   int offset,
                   int length)

Mixes data into the chaining key.

Parameters:

data - The buffer containing the data to mix in.

offset - The offset of the first data byte to mix in.

length - The number of bytes to mix in.

mixHash

public void mixHash(byte[] data,
                    int offset,
                    int length)

Mixes data into the handshake hash.

Parameters:

data - The buffer containing the data to mix in.

offset - The offset of the first data byte to mix in.

length - The number of bytes to mix in.

mixPreSharedKey

public void mixPreSharedKey(byte[] key)

Mixes a pre-shared key into the chaining key and handshake hash.

Parameters:

key - The pre-shared key value.

mixPublicKey

public void mixPublicKey(DHState dh)

Mixes a pre-supplied public key into the handshake hash.

Parameters:

dh - The object containing the public key.

mixPublicKeyIntoCK

public void mixPublicKeyIntoCK(DHState dh)

Mixes a pre-supplied public key into the chaining key.

Parameters:

dh - The object containing the public key.

encryptAndHash

public int encryptAndHash(byte[] plaintext,
                          int plaintextOffset,
                          byte[] ciphertext,
                          int ciphertextOffset,
                          int length)
                   throws ShortBufferException

Encrypts a block of plaintext and mixes the ciphertext into the handshake hash.

Parameters:

plaintext - The buffer containing the plaintext to encrypt.

plaintextOffset - The offset within the plaintext buffer of the first byte or plaintext data.

ciphertext - The buffer to place the ciphertext in. This can be the same as the plaintext buffer.

ciphertextOffset - The first offset within the ciphertext buffer to place the ciphertext and the MAC tag.

length - The length of the plaintext.

Returns:

The length of the ciphertext plus the MAC tag.

Throws:

ShortBufferException - There is not enough space in the ciphertext buffer for the encrypted data plus MAC value. The plaintext and ciphertext buffers can be the same for in-place encryption. In that case, plaintextOffset must be identical to ciphertextOffset. There must be enough space in the ciphertext buffer to accomodate length + getMACLength() bytes of data starting at ciphertextOffset.

decryptAndHash

public int decryptAndHash(byte[] ciphertext,
                          int ciphertextOffset,
                          byte[] plaintext,
                          int plaintextOffset,
                          int length)
                   throws ShortBufferException,
                          BadPaddingException

Decrypts a block of ciphertext and mixes it into the handshake hash.

Parameters:

ciphertext - The buffer containing the ciphertext to decrypt.

ciphertextOffset - The offset within the ciphertext buffer of the first byte of ciphertext data.

plaintext - The buffer to place the plaintext in. This can be the same as the ciphertext buffer.

plaintextOffset - The first offset within the plaintext buffer to place the plaintext.

length - The length of the incoming ciphertext plus the MAC tag.

Returns:

The length of the plaintext with the MAC tag stripped off.

Throws:

ShortBufferException - There is not enough space in the plaintext buffer for the decrypted data.

BadPaddingException - The MAC value failed to verify. The plaintext and ciphertext buffers can be the same for in-place decryption. In that case, ciphertextOffset must be identical to plaintextOffset.

split

public CipherStatePair split()

Splits the symmetric state into two ciphers for session encryption.

Returns:

The pair of ciphers for sending and receiving.

split

public CipherStatePair split(byte[] secondaryKey,
                             int offset,
                             int length)

Splits the symmetric state into two ciphers for session encryption, and optionally mixes in a secondary symmetric key.

Parameters:

secondaryKey - The buffer containing the secondary key.

offset - The offset of the first secondary key byte.

length - The length of the secondary key in bytes, which must be either 0 or 32.

Returns:

The pair of ciphers for sending and receiving.

Throws:

IllegalArgumentException - The length is not 0 or 32.

getHandshakeHash

public byte[] getHandshakeHash()

Gets the current value of the handshake hash.

Returns:

The handshake hash. This must not be modified by the caller. The handshake hash value is only of use to the application after split() has been called.

destroy

public void destroy()

Description copied from interface: Destroyable

Destroys all sensitive state in the current object.

Specified by:

destroy in interface Destroyable

getChainingKey

public byte[] getChainingKey()

I2P for getting chaining key for siphash calculation

Returns:

a copy

toString

public String toString()

I2P debug

Overrides:

toString in class Object