org.eclipse.californium.scandium.dtls.cipher

Enum CipherSuite

java.lang.Object

java.lang.Enum<CipherSuite>

org.eclipse.californium.scandium.dtls.cipher.CipherSuite

All Implemented Interfaces:

Serializable, Comparable<CipherSuite>

public enum CipherSuite
extends Enum<CipherSuite>

A cipher suite defines a key exchange algorithm, a bulk cipher algorithm, a MAC algorithm, a pseudo random number (PRF) algorithm and a cipher type. See RFC 5246 for details. See Transport Layer Security Parameters for the official codes for the cipher suites.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CipherSuite.CertificateKeyAlgorithm Known certificate key algorithm.
static class	CipherSuite.CipherType Known cipher types.
static class	CipherSuite.KeyExchangeAlgorithm Known key exchange algorithm names.

Enum Constant Summary

Enum Constants

Enum Constant and Description
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CCM
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CCM
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 See RFC 5489 for details
TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256
TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 Note: compatibility not tested! openssl 1.1.1 seems not supporting them
TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA378
TLS_NULL_WITH_NULL_NULL
TLS_PSK_WITH_AES_128_CBC_SHA256
TLS_PSK_WITH_AES_128_CCM
TLS_PSK_WITH_AES_128_CCM_8
TLS_PSK_WITH_AES_128_GCM_SHA256
TLS_PSK_WITH_AES_256_CCM
TLS_PSK_WITH_AES_256_CCM_8
TLS_PSK_WITH_AES_256_GCM_SHA378

Field Summary

Fields

Modifier and Type	Field and Description
static int	CIPHER_SUITE_BITS

Method Summary

Methods

Modifier and Type	Method and Description
static boolean	containsCipherSuiteRequiringCertExchange(List<CipherSuite> cipherSuites) Checks if a list of cipher suite contains a cipher suite that requires the exchange of certificates.
static boolean	containsEccBasedCipherSuite(List<CipherSuite> cipherSuites) Checks if a list of cipher suite contains an ECC based cipher.
static boolean	containsPskBasedCipherSuite(List<CipherSuite> cipherSuites) Checks if a list of cipher suite contains an PSK based cipher.
static List<CipherSuite>	getCertificateCipherSuites(boolean recommendedCipherSuitesOnly, String keyAlgorithm) Get a list of all supported cipher suites with the provided key algorithm.
CipherSuite.CertificateKeyAlgorithm	getCertificateKeyAlgorithm() Gets the certificate key algorithm of the cipher suite.
static List<CipherSuite>	getCipherSuitesByKeyExchangeAlgorithm(boolean recommendedCipherSuitesOnly, boolean orderedByKeyExchangeAlgorithm, List<CipherSuite.KeyExchangeAlgorithm> keyExchangeAlgorithms) Get a list of all cipher suites using the provided key exchange algorithms.
static List<CipherSuite>	getCipherSuitesByKeyExchangeAlgorithm(boolean recommendedCipherSuitesOnly, CipherSuite.KeyExchangeAlgorithm... keyExchangeAlgorithms) Get a list of all cipher suites using the provided key exchange algorithms.
CipherSuite.CipherType	getCipherType() Gets the type of cipher used for encrypting data.
int	getCode() Gets the 16-bit IANA assigned identification code of the cipher suite.
static List<CipherSuite>	getEcdsaCipherSuites(boolean recommendedCipherSuitesOnly) Get a list of all supported ECDSA cipher suites.
int	getEncKeyLength() Gets the length of the bulk cipher algorithm's encoding key.
int	getFixedIvLength() Gets the length of the fixed initialization vector (IV) of the cipher suite's bulk cipher algorithm.
CipherSuite.KeyExchangeAlgorithm	getKeyExchange() Gets the key exchange algorithm the cipher suite employs to generate a pre-master secret.
int	getMacKeyLength() Gets the key length of the cipher suite's MAC algorithm.
int	getMacLength() Gets the output length of the cipher suite's MAC algorithm.
int	getMacMessageBlockLength() Get the message block length of hash function.
int	getMacMessageLengthBytes() Get the number of bytes used to encode the message length for hmac function.
String	getMacName() Gets the name of the cipher suite's MAC algorithm.
int	getMaxCiphertextExpansion() Get maximum expansion of cipher text using this cipher suite.
String	getMessageDigestName() Gets the name of the message digest (hash) function used by the cipher suite MAC.
static int	getOverallMaxCiphertextExpansion() Get the overall maximum ciphertext expansion for all cipher suite.
String	getPseudoRandomFunctionMacName() Gets the pseudo-random function used by the cipher suite to create (pseudo-)random data from a seed.
String	getPseudoRandomFunctionMessageDigestName() Gets the name of the pseudo-random message digest (hash) function used by the cipher suite to create the hash over the handshake messages.
static List<CipherSuite>	getPskCipherSuites(boolean recommendedCipherSuitesOnly, boolean ecdhePsk) Deprecated. use getCipherSuitesByKeyExchangeAlgorithm(boolean, KeyExchangeAlgorithm...)
int	getRecordIvLength() Gets the amount of data needed to be generated for the cipher's initialization vector.
Cipher	getThreadLocalCipher() Gets the thread local cipher used by this cipher suite.
Mac	getThreadLocalMac() Gets the thread local MAC used by this cipher suite.
MessageDigest	getThreadLocalMacMessageDigest() Gets the thread local message digest used by this cipher suite.
Mac	getThreadLocalPseudoRandomFunctionMac() Gets the thread local MAC used by the pseudo random function of this cipher suite.
MessageDigest	getThreadLocalPseudoRandomFunctionMessageDigest() Gets the thread local message digest used by the pseudo random function of this cipher suite.
String	getTransformation() Gets the Java Cryptography Architecture transformation corresponding to the suite's underlying cipher algorithm.
static CipherSuite	getTypeByCode(int code) Gets a cipher suite by its numeric code.
static CipherSuite	getTypeByName(String name) Gets a cipher suite by its (official) name.
static List<CipherSuite>	getTypesByNames(String... names) Gets a list of cipher suites by their (official) names.
boolean	isEccBased() Checks whether this cipher suite uses elliptic curve cryptography (ECC).
boolean	isPskBased() Checks whether this cipher suite use PSK key exchange.
boolean	isRecommended() Check whether this cipher suite is recommended.
boolean	isSupported() Checks whether this cipher suite is supported by the jvm implementation.
static List<CipherSuite>	listFromByteArray(byte[] byteArray, int numElements) Deprecated. use listFromReader(DatagramReader)
static List<CipherSuite>	listFromReader(org.eclipse.californium.elements.util.DatagramReader reader) Decode cipher suite list from reader.
static byte[]	listToByteArray(List<CipherSuite> cipherSuites) Transform a list of cipher suites into the appropriate bit-format.
boolean	requiresServerCertificateMessage() Checks whether this cipher suite requires the server to send a CERTIFICATE message during the handshake.
static CipherSuite	valueOf(String name) Returns the enum constant of this type with the specified name.
static CipherSuite[]	values() Returns an array containing the constants of this enum type, in the order they are declared.

Methods inherited from class java.lang.Enum

clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Enum Constant Detail

TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256

public static final CipherSuite TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256

Note: compatibility not tested! openssl 1.1.1 seems not supporting them

TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA378

public static final CipherSuite TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA378

TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256

public static final CipherSuite TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256

TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256

public static final CipherSuite TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256

TLS_PSK_WITH_AES_128_GCM_SHA256

public static final CipherSuite TLS_PSK_WITH_AES_128_GCM_SHA256

TLS_PSK_WITH_AES_256_GCM_SHA378

public static final CipherSuite TLS_PSK_WITH_AES_256_GCM_SHA378

TLS_PSK_WITH_AES_128_CCM_8

public static final CipherSuite TLS_PSK_WITH_AES_128_CCM_8

TLS_PSK_WITH_AES_256_CCM_8

public static final CipherSuite TLS_PSK_WITH_AES_256_CCM_8

TLS_PSK_WITH_AES_128_CCM

public static final CipherSuite TLS_PSK_WITH_AES_128_CCM

TLS_PSK_WITH_AES_256_CCM

public static final CipherSuite TLS_PSK_WITH_AES_256_CCM

TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256

public static final CipherSuite TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256

See RFC 5489 for details

TLS_PSK_WITH_AES_128_CBC_SHA256

public static final CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

public static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

public static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

public static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8

public static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8

TLS_ECDHE_ECDSA_WITH_AES_128_CCM

public static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM

TLS_ECDHE_ECDSA_WITH_AES_256_CCM

public static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CCM

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

public static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

public static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

public static final CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

TLS_NULL_WITH_NULL_NULL

public static final CipherSuite TLS_NULL_WITH_NULL_NULL

Field Detail

CIPHER_SUITE_BITS

public static final int CIPHER_SUITE_BITS

See Also:

Constant Field Values

Method Detail

values

public static CipherSuite[] values()

Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows:

for (CipherSuite c : CipherSuite.values())
    System.out.println(c);

Returns:

an array containing the constants of this enum type, in the order they are declared

valueOf

public static CipherSuite valueOf(String name)

Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)

Parameters:

name - the name of the enum constant to be returned.

Returns:

the enum constant with the specified name

Throws:

IllegalArgumentException - if this enum type has no constant with the specified name

NullPointerException - if the argument is null

getMaxCiphertextExpansion

public int getMaxCiphertextExpansion()

Get maximum expansion of cipher text using this cipher suite. Includes MAC, explicit nonce, and padding.

Returns:

maxnium expansion of this cipher suite

See Also:

getMacLength(), getRecordIvLength()

getTransformation

public String getTransformation()

Gets the Java Cryptography Architecture transformation corresponding to the suite's underlying cipher algorithm. The name can be used to instantiate a javax.crypto.Cipher object (if a security provider is available in the JVM supporting the transformation). See Java Security Documentation.

Returns:

the transformation

getThreadLocalCipher

public Cipher getThreadLocalCipher()

Gets the thread local cipher used by this cipher suite.

Returns:

the cipher, or null, if the cipher is not supported by the java-vm.

getCode

public int getCode()

Gets the 16-bit IANA assigned identification code of the cipher suite. See TLS Cipher Suite Registry.

Returns:

the identification code

getCertificateKeyAlgorithm

public CipherSuite.CertificateKeyAlgorithm getCertificateKeyAlgorithm()

Gets the certificate key algorithm of the cipher suite.

Returns:

the algorithm

getKeyExchange

public CipherSuite.KeyExchangeAlgorithm getKeyExchange()

Gets the key exchange algorithm the cipher suite employs to generate a pre-master secret.

Returns:

the algorithm

requiresServerCertificateMessage

public boolean requiresServerCertificateMessage()

Checks whether this cipher suite requires the server to send a CERTIFICATE message during the handshake.

Returns:

true if the message is required

isPskBased

public boolean isPskBased()

Checks whether this cipher suite use PSK key exchange.

Returns:

true if PSK key exchange is used

isEccBased

public boolean isEccBased()

Checks whether this cipher suite uses elliptic curve cryptography (ECC).

Returns:

true if ECC is used

isSupported

public boolean isSupported()

Checks whether this cipher suite is supported by the jvm implementation.

Returns:

true if cipher suite is supported

isRecommended

public boolean isRecommended()

Check whether this cipher suite is recommended.

Returns:

true if cipher suite is recommended

getMacName

public String getMacName()

Gets the name of the cipher suite's MAC algorithm. The name can be used to instantiate a javax.crypto.Mac instance. See Java Security Documentation.

Returns:

the name or null for the NULL MAC

getMessageDigestName

public String getMessageDigestName()

Gets the name of the message digest (hash) function used by the cipher suite MAC. The name can be used to instantiate a java.security.MessageDigest instance. See Java Security Documentation.

Returns:

the name or null for the NULL MAC

getThreadLocalMac

public Mac getThreadLocalMac()

Gets the thread local MAC used by this cipher suite.

Returns:

mac, or null, if not supported by vm.

getThreadLocalMacMessageDigest

public MessageDigest getThreadLocalMacMessageDigest()

Gets the thread local message digest used by this cipher suite.

Returns:

message digest, or null, if not supported by vm.

getMacLength

public int getMacLength()

Gets the output length of the cipher suite's MAC algorithm.

Returns:

the length in bytes

getMacKeyLength

public int getMacKeyLength()

Gets the key length of the cipher suite's MAC algorithm.

Returns:

the length in bytes

getMacMessageBlockLength

public int getMacMessageBlockLength()

Get the message block length of hash function.

Returns:

message block length in bytes

getMacMessageLengthBytes

public int getMacMessageLengthBytes()

Get the number of bytes used to encode the message length for hmac function.

Returns:

number of bytes for message length

getRecordIvLength

public int getRecordIvLength()

Gets the amount of data needed to be generated for the cipher's initialization vector. Zero for stream ciphers; equal to the block size for block ciphers (this is equal to SecurityParameters.record_iv_length).

Returns:

the length in bytes

getFixedIvLength

public int getFixedIvLength()

Gets the length of the fixed initialization vector (IV) of the cipher suite's bulk cipher algorithm. This is only relevant for AEAD based cipher suites.

Returns:

the length in bytes

getPseudoRandomFunctionMacName

public String getPseudoRandomFunctionMacName()

Gets the pseudo-random function used by the cipher suite to create (pseudo-)random data from a seed. The name can be used to instantiate a javax.crypto.Mac instance. See Java Security Documentation.

Returns:

the name of the pseudo-random function

getPseudoRandomFunctionMessageDigestName

public String getPseudoRandomFunctionMessageDigestName()

Gets the name of the pseudo-random message digest (hash) function used by the cipher suite to create the hash over the handshake messages. The name can be used to instantiate a java.security.MessageDigest instance. See Java Security Documentation.

Returns:

the name of the message digest

getThreadLocalPseudoRandomFunctionMac

public Mac getThreadLocalPseudoRandomFunctionMac()

Gets the thread local MAC used by the pseudo random function of this cipher suite.

Returns:

mac, or null, if not supported by vm.

getThreadLocalPseudoRandomFunctionMessageDigest

public MessageDigest getThreadLocalPseudoRandomFunctionMessageDigest()

Gets the thread local message digest used by the pseudo random function of this cipher suite.

Returns:

message digest, or null, if not supported by vm.

getCipherType

public CipherSuite.CipherType getCipherType()

Gets the type of cipher used for encrypting data.

Returns:

the type

getEncKeyLength

public int getEncKeyLength()

Gets the length of the bulk cipher algorithm's encoding key.

Returns:

the length in bytes

getOverallMaxCiphertextExpansion

public static int getOverallMaxCiphertextExpansion()

Get the overall maximum ciphertext expansion for all cipher suite.

Returns:

overall maximum ciphertext expansion.

getPskCipherSuites

@Deprecated
public static List<CipherSuite> getPskCipherSuites(boolean recommendedCipherSuitesOnly,
                                              boolean ecdhePsk)

Deprecated. use getCipherSuitesByKeyExchangeAlgorithm(boolean, KeyExchangeAlgorithm...)

Get a list of all supported PSK cipher suites.

Parameters:

recommendedCipherSuitesOnly - true use only recommended cipher suites

ecdhePsk - true include ECDHE_PSK cipher suites

Returns:

list of all supported PSK cipher suites. Ordered by their definition above.

getCipherSuitesByKeyExchangeAlgorithm

public static List<CipherSuite> getCipherSuitesByKeyExchangeAlgorithm(boolean recommendedCipherSuitesOnly,
                                                      CipherSuite.KeyExchangeAlgorithm... keyExchangeAlgorithms)

Get a list of all cipher suites using the provided key exchange algorithms.

Parameters:

recommendedCipherSuitesOnly - true use only recommended cipher suites

keyExchangeAlgorithms - list of key exchange algorithms to select cipher suites

Returns:

list of all cipher suites. Ordered by their definition above.

Throws:

NullPointerException - if keyExchangeAlgorithms is null

IllegalArgumentException - if keyExchangeAlgorithms is empty

getCipherSuitesByKeyExchangeAlgorithm

public static List<CipherSuite> getCipherSuitesByKeyExchangeAlgorithm(boolean recommendedCipherSuitesOnly,
                                                      boolean orderedByKeyExchangeAlgorithm,
                                                      List<CipherSuite.KeyExchangeAlgorithm> keyExchangeAlgorithms)

Get a list of all cipher suites using the provided key exchange algorithms.

Parameters:

recommendedCipherSuitesOnly - true use only recommended cipher suites

orderedByKeyExchangeAlgorithm - true to order the cipher suites by order of key exchange algorithms, false to use the order by their definition above.

keyExchangeAlgorithms - list of key exchange algorithms to select cipher suites

Returns:

list of all cipher suites. Ordered as specified by the provided orderedByKeyExchangeAlgorithm.

Throws:

NullPointerException - if keyExchangeAlgorithms is null

IllegalArgumentException - if keyExchangeAlgorithms is empty

Since:

2.3

getEcdsaCipherSuites

public static List<CipherSuite> getEcdsaCipherSuites(boolean recommendedCipherSuitesOnly)

Get a list of all supported ECDSA cipher suites.

Parameters:

recommendedCipherSuitesOnly - true use only recommended cipher suites

Returns:

list of all supported ECDSA cipher suites. Ordered by their definition above.

getCertificateCipherSuites

public static List<CipherSuite> getCertificateCipherSuites(boolean recommendedCipherSuitesOnly,
                                           String keyAlgorithm)

Get a list of all supported cipher suites with the provided key algorithm. Note: currently only ECDSA is supported. There are no plans to support other key algorithm

Parameters:

recommendedCipherSuitesOnly - true use only recommended cipher suites

keyAlgorithm - name of key algorithm. e.g. "EC"

Returns:

list of all supported cipher suites with the provided key algorithm. Ordered by their definition above.

getTypeByCode

public static CipherSuite getTypeByCode(int code)

Gets a cipher suite by its numeric code.

Parameters:

code - the cipher's IANA assigned code

Returns:

the cipher suite or null if the code is unknown

getTypeByName

public static CipherSuite getTypeByName(String name)

Gets a cipher suite by its (official) name.

Parameters:

name - the cipher's IANA assigned name

Returns:

the cipher suite or null if the name is unknown

getTypesByNames

public static List<CipherSuite> getTypesByNames(String... names)

Gets a list of cipher suites by their (official) names.

Parameters:

names - the cipher's IANA assigned names

Returns:

the list of cipher suite

Throws:

IllegalArgumentException - if at least one name is not available.

Since:

2.5

containsPskBasedCipherSuite

public static boolean containsPskBasedCipherSuite(List<CipherSuite> cipherSuites)

Checks if a list of cipher suite contains an PSK based cipher.

Parameters:

cipherSuites - The cipher suites to check.

Returns:

true, if the list contains an PSK based cipher suite, false, otherwise.

containsEccBasedCipherSuite

public static boolean containsEccBasedCipherSuite(List<CipherSuite> cipherSuites)

Checks if a list of cipher suite contains an ECC based cipher.

Parameters:

cipherSuites - The cipher suites to check.

Returns:

true, if the list contains an ECC based cipher suite, false, otherwise.

containsCipherSuiteRequiringCertExchange

public static boolean containsCipherSuiteRequiringCertExchange(List<CipherSuite> cipherSuites)

Checks if a list of cipher suite contains a cipher suite that requires the exchange of certificates.

Parameters:

cipherSuites - The cipher suites to check.

Returns:

true if any of the cipher suites requires the exchange of certificates, false otherwise.

listToByteArray

public static byte[] listToByteArray(List<CipherSuite> cipherSuites)

Transform a list of cipher suites into the appropriate bit-format.

Parameters:

cipherSuites - the cipher suites

Returns:

the byte[]

listFromByteArray

@Deprecated
public static List<CipherSuite> listFromByteArray(byte[] byteArray,
                                             int numElements)

Deprecated. use listFromReader(DatagramReader)

Decode cipher suite list from byte array.

Parameters:

byteArray - byte array with encoded cipher suites

numElements - number of encoded cipher suites

Returns:

list of cipher suites

Throws:

IllegalArgumentException - if provided number of cipher suites doesn't macht the provided byte array

listFromReader

public static List<CipherSuite> listFromReader(org.eclipse.californium.elements.util.DatagramReader reader)

Decode cipher suite list from reader.

Parameters:

reader - reader with encoded cipher suites

Returns:

list of cipher suites

Throws:

IllegalArgumentException - if a decode error occurs