Package org.bouncycastle.crypto.modes

Class OCBBlockCipher

  • All Implemented Interfaces:
    AEADBlockCipher, AEADCipher
    public class OCBBlockCipher
extends java.lang.Object
implements AEADBlockCipher
    An implementation of RFC 7253 on The OCB Authenticated-Encryption Algorithm. For those still concerned about the original patents around this, please see:

    https://mailarchive.ietf.org/arch/msg/cfrg/qLTveWOdTJcLn4HP3ev-vrj05Vg/

    Text reproduced below. Phillip Rogaway >rogaway@cs.ucdavis.edu< Sat, 27 February 2021 02:46 UTCShow header I can confirm that I have abandoned all OCB patents and placed into the public domain all OCB-related IP of mine. While I have been telling people this for quite some time, I don't think I ever made a proper announcement to the CFRG or on the OCB webpage. Consider that done.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void clear​(byte[] bs)  
      int doFinal​(byte[] output, int outOff)
      Finish the operation either appending or verifying the MAC at the end of the data.
      java.lang.String getAlgorithmName()
      Return the name of the algorithm.
      protected byte[] getLSub​(int n)  
      byte[] getMac()
      Return the value of the MAC associated with the last stream processed.
      int getOutputSize​(int len)
      return the size of the output buffer required for a processBytes plus a doFinal with an input of len bytes.
      BlockCipher getUnderlyingCipher()
      return the BlockCipher this object wraps.
      int getUpdateOutputSize​(int len)
      return the size of the output buffer required for a processBytes an input of len bytes.
      void init​(boolean forEncryption, CipherParameters parameters)
      initialise the underlying cipher.
      protected static byte[] OCB_double​(byte[] block)  
      protected static void OCB_extend​(byte[] block, int pos)  
      protected static int OCB_ntz​(long x)  
      void processAADByte​(byte input)
      Add a single byte to the associated data check.
      void processAADBytes​(byte[] input, int off, int len)
      Add a sequence of bytes to the associated data check.
      int processByte​(byte input, byte[] output, int outOff)
      encrypt/decrypt a single byte.
      int processBytes​(byte[] input, int inOff, int len, byte[] output, int outOff)
      process a block of bytes from in putting the result into out.
      protected void processHashBlock()  
      protected void processMainBlock​(byte[] output, int outOff)  
      protected int processNonce​(byte[] N)  
      void reset()
      Reset the cipher.
      protected void reset​(boolean clearMac)  
      protected static int shiftLeft​(byte[] block, byte[] output)  
      protected void updateHASH​(byte[] LSub)  
      protected static void xor​(byte[] block, byte[] val)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • getAlgorithmName

        public java.lang.String getAlgorithmName()
        Description copied from interface: AEADCipher
        Return the name of the algorithm.
        Specified by:
        getAlgorithmName in interface AEADCipher
        Returns:
        the algorithm name.

      • init

        public void init​(boolean forEncryption,
                 CipherParameters parameters)
          throws java.lang.IllegalArgumentException
        Description copied from interface: AEADCipher
        initialise the underlying cipher. Parameter can either be an AEADParameters or a ParametersWithIV object.
        Specified by:
        init in interface AEADCipher
        Parameters:
        forEncryption - true if we are setting up for encryption, false otherwise.
        parameters - the necessary parameters for the underlying cipher to be initialised.
        Throws:
        java.lang.IllegalArgumentException - if the params argument is inappropriate.

      • processNonce

        protected int processNonce​(byte[] N)

      • getMac

        public byte[] getMac()
        Description copied from interface: AEADCipher
        Return the value of the MAC associated with the last stream processed.
        Specified by:
        getMac in interface AEADCipher
        Returns:
        MAC for plaintext data.

      • getOutputSize

        public int getOutputSize​(int len)
        Description copied from interface: AEADCipher
        return the size of the output buffer required for a processBytes plus a doFinal with an input of len bytes.

        The returned size may be dependent on the initialisation of this cipher and may not be accurate once subsequent input data is processed - this method should be invoked immediately prior to a call to final processing of input data and a call to AEADCipher.doFinal(byte[], int).

        Specified by:
        getOutputSize in interface AEADCipher
        Parameters:
        len - the length of the input.
        Returns:
        the space required to accommodate a call to processBytes and doFinal with len bytes of input.

      • getUpdateOutputSize

        public int getUpdateOutputSize​(int len)
        Description copied from interface: AEADCipher
        return the size of the output buffer required for a processBytes an input of len bytes.

        The returned size may be dependent on the initialisation of this cipher and may not be accurate once subsequent input data is processed - this method should be invoked immediately prior to input data being processed.

        Specified by:
        getUpdateOutputSize in interface AEADCipher
        Parameters:
        len - the length of the input.
        Returns:
        the space required to accommodate a call to processBytes with len bytes of input.

      • processAADByte

        public void processAADByte​(byte input)
        Description copied from interface: AEADCipher
        Add a single byte to the associated data check. If the implementation supports it, this will be an online operation and will not retain the associated data.
        Specified by:
        processAADByte in interface AEADCipher
        Parameters:
        input - the byte to be processed.

      • processAADBytes

        public void processAADBytes​(byte[] input,
                            int off,
                            int len)
        Description copied from interface: AEADCipher
        Add a sequence of bytes to the associated data check. If the implementation supports it, this will be an online operation and will not retain the associated data.
        Specified by:
        processAADBytes in interface AEADCipher
        Parameters:
        input - the input byte array.
        off - the offset into the in array where the data to be processed starts.
        len - the number of bytes to be processed.

      • processByte

        public int processByte​(byte input,
                       byte[] output,
                       int outOff)
                throws DataLengthException
        Description copied from interface: AEADCipher
        encrypt/decrypt a single byte.
        Specified by:
        processByte in interface AEADCipher
        Parameters:
        input - the byte to be processed.
        output - the output buffer the processed byte goes into.
        outOff - the offset into the output byte array the processed data starts at.
        Returns:
        the number of bytes written to out.
        Throws:
        DataLengthException - if the output buffer is too small.

      • processBytes

        public int processBytes​(byte[] input,
                        int inOff,
                        int len,
                        byte[] output,
                        int outOff)
                 throws DataLengthException
        Description copied from interface: AEADCipher
        process a block of bytes from in putting the result into out.
        Specified by:
        processBytes in interface AEADCipher
        Parameters:
        input - the input byte array.
        inOff - the offset into the in array where the data to be processed starts.
        len - the number of bytes to be processed.
        output - the output buffer the processed bytes go into.
        outOff - the offset into the output byte array the processed data starts at.
        Returns:
        the number of bytes written to out.
        Throws:
        DataLengthException - if the output buffer is too small.

      • doFinal

        public int doFinal​(byte[] output,
                   int outOff)
            throws java.lang.IllegalStateException,
                   InvalidCipherTextException
        Description copied from interface: AEADCipher
        Finish the operation either appending or verifying the MAC at the end of the data.
        Specified by:
        doFinal in interface AEADCipher
        Parameters:
        output - space for any resulting output data.
        outOff - offset into out to start copying the data at.
        Returns:
        number of bytes written into out.
        Throws:
        java.lang.IllegalStateException - if the cipher is in an inappropriate state.
        InvalidCipherTextException - if the MAC fails to match.

      • reset

        public void reset()
        Description copied from interface: AEADCipher
        Reset the cipher. After resetting the cipher is in the same state as it was after the last init (if there was one).
        Specified by:
        reset in interface AEADCipher

      • clear

        protected void clear​(byte[] bs)

      • getLSub

        protected byte[] getLSub​(int n)

      • processHashBlock

        protected void processHashBlock()

      • processMainBlock

        protected void processMainBlock​(byte[] output,
                                int outOff)

      • reset

        protected void reset​(boolean clearMac)

      • updateHASH

        protected void updateHASH​(byte[] LSub)

      • OCB_double

        protected static byte[] OCB_double​(byte[] block)

      • OCB_extend

        protected static void OCB_extend​(byte[] block,
                                 int pos)

      • OCB_ntz

        protected static int OCB_ntz​(long x)

      • shiftLeft

        protected static int shiftLeft​(byte[] block,
                               byte[] output)

      • xor

        protected static void xor​(byte[] block,
                          byte[] val)