CbcBlockCipher (Scandium (Sc) Core 2.8.0 API)

java.lang.Object
- org.eclipse.californium.scandium.dtls.cipher.CbcBlockCipher

public class CbcBlockCipher
extends Object

A cbc block cipher.

Constructor Summary

Constructors
Constructor and Description

CbcBlockCipher()

Constructors
Constructor and Description
`CbcBlockCipher()`

Method Summary

Methods
Modifier and Type	Method and Description
`static boolean`	`checkPadding(int padding, byte[] data, int offset)` Check padding.
`static byte[]`	`decrypt(CipherSuite suite, SecretKey key, SecretKey macKey, byte[] additionalData, byte[] ciphertext)` Converts a given TLSCiphertext.fragment to a TLSCompressed.fragment structure as defined by RFC 5246, section 6.2.3.2:
`static byte[]`	`encrypt(CipherSuite suite, SecretKey key, SecretKey macKey, byte[] additionalData, byte[] payload)` Converts a given TLSCompressed.fragment to a TLSCiphertext.fragment structure as defined by RFC 5246, section 6.2.3.2
`static byte[]`	`getBlockCipherMac(Mac hmac, SecretKey macKey, byte[] additionalData, byte[] content, int length)` Calculates a MAC for use with CBC block ciphers as specified by RFC 5246, section 6.2.3.2.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CbcBlockCipher
```
public CbcBlockCipher()
```
- Method Detail
  - decrypt
```
public static byte[] decrypt(CipherSuite suite,
             SecretKey key,
             SecretKey macKey,
             byte[] additionalData,
             byte[] ciphertext)
                      throws GeneralSecurityException
```
    Converts a given TLSCiphertext.fragment to a TLSCompressed.fragment structure as defined by RFC 5246, section 6.2.3.2:
```
 struct {
    opaque IV[SecurityParameters.record_iv_length];
    block-ciphered struct {
       opaque content[TLSCompressed.length];
       opaque MAC[SecurityParameters.mac_length];
       uint8 padding[GenericBlockCipher.padding_length];
       uint8 padding_length;
    };
 } GenericBlockCipher;
 
```
    The particular cipher to use is determined from the negotiated cipher suite in the current DTLS connection state.
    Parameters:
    suite - used cipher suite
    key - encryption key
    macKey - mac key
    additionalData - additional data. Note: the TLSCompressed.length is not available before decryption. Therefore the last two bytes will be modified with that length after the decryption.
    ciphertext - encrypted message including initial vector
    
    Returns:
    decrypted and authenticated payload.
    
    Throws:
    
    InvalidMacException - if message authentication failed
    
    GeneralSecurityException - if the ciphertext could not be decrypted
  - encrypt
```
public static byte[] encrypt(CipherSuite suite,
             SecretKey key,
             SecretKey macKey,
             byte[] additionalData,
             byte[] payload)
                      throws GeneralSecurityException
```
    Converts a given TLSCompressed.fragment to a TLSCiphertext.fragment structure as defined by RFC 5246, section 6.2.3.2
```
 struct {
    opaque IV[SecurityParameters.record_iv_length];
    block-ciphered struct {
       opaque content[TLSCompressed.length];
       opaque MAC[SecurityParameters.mac_length];
       uint8 padding[GenericBlockCipher.padding_length];
       uint8 padding_length;
    };
 } GenericBlockCipher;
 
```
    The particular cipher to use is determined from the negotiated cipher suite in the current DTLS connection state.
    Parameters:
    suite - used cipher suite
    key - encryption key
    macKey - mac key
    additionalData - additional data
    payload - message to encrypt
    
    Returns:
    encrypted message including initial vector
    
    Throws:
    
    GeneralSecurityException - if the plaintext could not be encrypted
  - getBlockCipherMac
```
public static byte[] getBlockCipherMac(Mac hmac,
                       SecretKey macKey,
                       byte[] additionalData,
                       byte[] content,
                       int length)
                                throws InvalidKeyException
```
    Calculates a MAC for use with CBC block ciphers as specified by RFC 5246, section 6.2.3.2.
    
    Parameters:
    hmac - mac function
    macKey - mac key
    additionalData - additional data
    content - payload
    length - length of payload to be used
    
    Returns:
    mac bytes
    
    Throws:
    
    InvalidKeyException - if the mac keys doesn't fit the mac
  - checkPadding
```
public static boolean checkPadding(int padding,
                   byte[] data,
                   int offset)
```
    Check padding. The check is implemented using a "time constant" approach by always comparing 256 bytes.
    
    Parameters:
    padding - padding to be checked
    data - data to be checked. Must contain at least 256 + 1 bytes from the offset on. The value of the last byte will be changed!
    offset - offset of the padding field.
    
    Returns:
    true, if padding bytes in data from the offset on contains the value of the padding byte.
    
    Throws:
    
    IllegalArgumentException - if the data array doesn't contain 257 bytes after the offset.

Class CbcBlockCipher

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CbcBlockCipher

Method Detail

decrypt

encrypt

getBlockCipherMac

checkPadding