org.apache.sshd.common.cipher

Interface Cipher

All Superinterfaces:

AlgorithmNameProvider, CipherInformation, KeySizeIndicator

All Known Implementing Classes:

BaseCBCCipher, BaseCipher, BaseCTRCipher, BaseGCMCipher, BaseRC4Cipher, ChaCha20Cipher, CipherNone

public interface Cipher
extends CipherInformation

Wrapper for a cryptographic cipher, used either for encryption or decryption.

Author:

Apache MINA SSHD Project

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	Cipher.Mode

Method Summary

Modifier and Type	Method and Description
static boolean	checkSupported(String xform, int keyLength)
void	init(Cipher.Mode mode, byte[] key, byte[] iv) Initialize the cipher for encryption or decryption with the given key and initialization vector
default void	update(byte[] input) Performs in-place encryption or decryption on the given data.
void	update(byte[] input, int inputOffset, int inputLen) Performs in-place encryption or decryption on the given data.
default void	updateAAD(byte[] data) Adds the provided input data as additional authenticated data during encryption or decryption.
void	updateAAD(byte[] data, int offset, int length) Adds the provided input data as additional authenticated data during encryption or decryption.
default void	updateWithAAD(byte[] input, int offset, int aadLen, int inputLen) Performs in-place authenticated encryption or decryption with additional data (AEAD).

Methods inherited from interface org.apache.sshd.common.cipher.CipherInformation

getAuthenticationTagSize, getCipherBlockSize, getIVSize, getKdfSize, getTransformation

Methods inherited from interface org.apache.sshd.common.AlgorithmNameProvider

getAlgorithm

Methods inherited from interface org.apache.sshd.common.keyprovider.KeySizeIndicator

getKeySize

Method Detail

init

void init(Cipher.Mode mode,
          byte[] key,
          byte[] iv)
   throws Exception

Initialize the cipher for encryption or decryption with the given key and initialization vector

Parameters:

mode - Encrypt/Decrypt initialization

key - Key bytes

iv - Initialization vector bytes

Throws:

Exception - If failed to initialize

update

default void update(byte[] input)
             throws Exception

Performs in-place encryption or decryption on the given data.

Note:input.length must be a multiple of the cipher's block size.

Parameters:

input - The input/output bytes

Throws:

Exception - If failed to execute

See Also:

update(byte[], int, int)

update

void update(byte[] input,
            int inputOffset,
            int inputLen)
     throws Exception

Performs in-place encryption or decryption on the given data.

Parameters:

input - The input/output bytes

inputOffset - The offset of the data in the data buffer

inputLen - The number of bytes to update, starting at the given offset; must be a multiple of the cipher's block size

Throws:

Exception - If failed to execute

updateAAD

default void updateAAD(byte[] data)
                throws Exception

Adds the provided input data as additional authenticated data during encryption or decryption.

Parameters:

data - The data to authenticate

Throws:

Exception - If failed to execute

updateAAD

void updateAAD(byte[] data,
               int offset,
               int length)
        throws Exception

Adds the provided input data as additional authenticated data during encryption or decryption.

Parameters:

data - The additional data to authenticate

offset - The offset of the additional data in the buffer

length - The number of bytes in the buffer to use for authentication

Throws:

Exception - If failed to execute

updateWithAAD

default void updateWithAAD(byte[] input,
                           int offset,
                           int aadLen,
                           int inputLen)
                    throws Exception

Performs in-place authenticated encryption or decryption with additional data (AEAD). Authentication tags are implicitly appended after the output ciphertext or implicitly verified after the input ciphertext. Header data indicated by the aadLen parameter are authenticated but not encrypted/decrypted, while payload data indicated by the inputLen parameter are authenticated and encrypted/decrypted.

Note: on encryption the input must have enough space after offset + aadLen + inputLength to store the authentication tag. On decryption, the authentication tag is assumed to be in the input at that offset (i.e., after the payload data).

Parameters:

input - The input/output bytes

offset - The offset of the data in the input buffer

aadLen - The number of bytes to use as additional authenticated data - starting at offset

inputLen - The number of bytes to update, starting at offset + aadLen; must be a multiple of the cipher's block size

Throws:

Exception - If failed to execute

checkSupported

static boolean checkSupported(String xform,
                              int keyLength)

Parameters:

xform - The full cipher transformation - e.g., AES/CBC/NoPadding - never null/empty

keyLength - The required key length in bits - always positive

Returns:

true if the cipher transformation and required key length are supported

See Also:

Cipher.getMaxAllowedKeyLength(String)