Package org.bouncycastle.crypto.modes

Class OCBBlockCipher

java.lang.Object
org.bouncycastle.crypto.modes.OCBBlockCipher
All Implemented Interfaces:
AEADBlockCipher, AEADCipher
public class OCBBlockCipher extends Object implements AEADBlockCipher
An implementation of RFC 7253 on The OCB Authenticated-Encryption Algorithm. For those still concerned about the original patents around this, please see:

https://mailarchive.ietf.org/arch/msg/cfrg/qLTveWOdTJcLn4HP3ev-vrj05Vg/

Text reproduced below.
Phillip Rogaway >rogaway@cs.ucdavis.edu< Sat, 27 February 2021 02:46 UTCShow header I can confirm that I have abandoned all OCB patents and placed into the public domain all OCB-related IP of mine. While I have been telling people this for quite some time, I don't think I ever made a proper announcement to the CFRG or on the OCB webpage. Consider that done.

  • Constructor Summary

    Constructors
    Constructor
    Description
    OCBBlockCipher(BlockCipher hashCipher, BlockCipher mainCipher)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    clear(byte[] bs)
     
    int
    doFinal(byte[] output, int outOff)
    Finish the operation either appending or verifying the MAC at the end of the data.
    String
    getAlgorithmName()
    Return the name of the algorithm.
    protected byte[]
    getLSub(int n)
     
    byte[]
    getMac()
    Return the value of the MAC associated with the last stream processed.
    int
    getOutputSize(int len)
    return the size of the output buffer required for a processBytes plus a doFinal with an input of len bytes.
    BlockCipher
    getUnderlyingCipher()
    return the BlockCipher this object wraps.
    int
    getUpdateOutputSize(int len)
    return the size of the output buffer required for a processBytes an input of len bytes.
    void
    init(boolean forEncryption, CipherParameters parameters)
    initialise the underlying cipher.
    protected static byte[]
    OCB_double(byte[] block)
     
    protected static void
    OCB_extend(byte[] block, int pos)
     
    protected static int
    OCB_ntz(long x)
     
    void
    processAADByte(byte input)
    Add a single byte to the associated data check.
    void
    processAADBytes(byte[] input, int off, int len)
    Add a sequence of bytes to the associated data check.
    int
    processByte(byte input, byte[] output, int outOff)
    encrypt/decrypt a single byte.
    int
    processBytes(byte[] input, int inOff, int len, byte[] output, int outOff)
    process a block of bytes from in putting the result into out.
    protected void
    processHashBlock()
     
    protected void
    processMainBlock(byte[] output, int outOff)
     
    protected int
    processNonce(byte[] N)
     
    void
    reset()
    Reset the cipher.
    protected void
    reset(boolean clearMac)
     
    protected static int
    shiftLeft(byte[] block, byte[] output)
     
    protected void
    updateHASH(byte[] LSub)
     
    protected static void
    xor(byte[] block, byte[] val)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

  • Method Details

    • getUnderlyingCipher

      public BlockCipher getUnderlyingCipher()
      Description copied from interface: AEADBlockCipher
      return the BlockCipher this object wraps.
      Specified by:
      getUnderlyingCipher in interface AEADBlockCipher
      Returns:
      the BlockCipher this object wraps.

    • getAlgorithmName

      public String getAlgorithmName()
      Description copied from interface: AEADCipher
      Return the name of the algorithm.
      Specified by:
      getAlgorithmName in interface AEADCipher
      Returns:
      the algorithm name.

    • init

      public void init(boolean forEncryption, CipherParameters parameters) throws IllegalArgumentException
      Description copied from interface: AEADCipher
      initialise the underlying cipher. Parameter can either be an AEADParameters or a ParametersWithIV object.
      Specified by:
      init in interface AEADCipher
      Parameters:
      forEncryption - true if we are setting up for encryption, false otherwise.
      parameters - the necessary parameters for the underlying cipher to be initialised.
      Throws:
      IllegalArgumentException - if the params argument is inappropriate.

    • processNonce

      protected int processNonce(byte[] N)

    • getMac

      public byte[] getMac()
      Description copied from interface: AEADCipher
      Return the value of the MAC associated with the last stream processed.
      Specified by:
      getMac in interface AEADCipher
      Returns:
      MAC for plaintext data.

    • getOutputSize

      public int getOutputSize(int len)
      Description copied from interface: AEADCipher
      return the size of the output buffer required for a processBytes plus a doFinal with an input of len bytes.

      The returned size may be dependent on the initialisation of this cipher and may not be accurate once subsequent input data is processed - this method should be invoked immediately prior to a call to final processing of input data and a call to AEADCipher.doFinal(byte[], int).

      Specified by:
      getOutputSize in interface AEADCipher
      Parameters:
      len - the length of the input.
      Returns:
      the space required to accommodate a call to processBytes and doFinal with len bytes of input.

    • getUpdateOutputSize

      public int getUpdateOutputSize(int len)
      Description copied from interface: AEADCipher
      return the size of the output buffer required for a processBytes an input of len bytes.

      The returned size may be dependent on the initialisation of this cipher and may not be accurate once subsequent input data is processed - this method should be invoked immediately prior to input data being processed.

      Specified by:
      getUpdateOutputSize in interface AEADCipher
      Parameters:
      len - the length of the input.
      Returns:
      the space required to accommodate a call to processBytes with len bytes of input.

    • processAADByte

      public void processAADByte(byte input)
      Description copied from interface: AEADCipher
      Add a single byte to the associated data check.
      If the implementation supports it, this will be an online operation and will not retain the associated data.
      Specified by:
      processAADByte in interface AEADCipher
      Parameters:
      input - the byte to be processed.

    • processAADBytes

      public void processAADBytes(byte[] input, int off, int len)
      Description copied from interface: AEADCipher
      Add a sequence of bytes to the associated data check.
      If the implementation supports it, this will be an online operation and will not retain the associated data.
      Specified by:
      processAADBytes in interface AEADCipher
      Parameters:
      input - the input byte array.
      off - the offset into the in array where the data to be processed starts.
      len - the number of bytes to be processed.

    • processByte

      public int processByte(byte input, byte[] output, int outOff) throws DataLengthException
      Description copied from interface: AEADCipher
      encrypt/decrypt a single byte.
      Specified by:
      processByte in interface AEADCipher
      Parameters:
      input - the byte to be processed.
      output - the output buffer the processed byte goes into.
      outOff - the offset into the output byte array the processed data starts at.
      Returns:
      the number of bytes written to out.
      Throws:
      DataLengthException - if the output buffer is too small.

    • processBytes

      public int processBytes(byte[] input, int inOff, int len, byte[] output, int outOff) throws DataLengthException
      Description copied from interface: AEADCipher
      process a block of bytes from in putting the result into out.
      Specified by:
      processBytes in interface AEADCipher
      Parameters:
      input - the input byte array.
      inOff - the offset into the in array where the data to be processed starts.
      len - the number of bytes to be processed.
      output - the output buffer the processed bytes go into.
      outOff - the offset into the output byte array the processed data starts at.
      Returns:
      the number of bytes written to out.
      Throws:
      DataLengthException - if the output buffer is too small.

    • doFinal

      public int doFinal(byte[] output, int outOff) throws IllegalStateException, InvalidCipherTextException
      Description copied from interface: AEADCipher
      Finish the operation either appending or verifying the MAC at the end of the data.
      Specified by:
      doFinal in interface AEADCipher
      Parameters:
      output - space for any resulting output data.
      outOff - offset into out to start copying the data at.
      Returns:
      number of bytes written into out.
      Throws:
      IllegalStateException - if the cipher is in an inappropriate state.
      InvalidCipherTextException - if the MAC fails to match.

    • reset

      public void reset()
      Description copied from interface: AEADCipher
      Reset the cipher. After resetting the cipher is in the same state as it was after the last init (if there was one).
      Specified by:
      reset in interface AEADCipher

    • clear

      protected void clear(byte[] bs)

    • getLSub

      protected byte[] getLSub(int n)

    • processHashBlock

      protected void processHashBlock()

    • processMainBlock

      protected void processMainBlock(byte[] output, int outOff)

    • reset

      protected void reset(boolean clearMac)

    • updateHASH

      protected void updateHASH(byte[] LSub)

    • OCB_double

      protected static byte[] OCB_double(byte[] block)

    • OCB_extend

      protected static void OCB_extend(byte[] block, int pos)

    • OCB_ntz

      protected static int OCB_ntz(long x)

    • shiftLeft

      protected static int shiftLeft(byte[] block, byte[] output)

    • xor

      protected static void xor(byte[] block, byte[] val)