gnu.crypto.sasl.srp
public final class CALG extends Object
A Factory class that returns CALG (Confidentiality Algorithm) instances that operate as described in the draft-burdis-cat-sasl-srp-08.
The designated CALG block cipher should be used in OFB (Output Feedback Block) mode in the ISO variant, as described in The Handbook of Applied Cryptography, algorithm 7.20.
Let k
be the block size of the chosen symmetric key block
cipher algorithm; e.g. for AES this is 128
bits or 16
octets. The OFB mode used shall be of length/size k
.
It is recommended that block ciphers operating in OFB mode be used with an
Initial Vector (the mode's IV). In such a mode of operation - OFB with key
re-use - the IV need not be secret. For the mechanism in question the IVs
shall be a random octet sequence of k
bytes.
k
. When the input
length is not a multiple of k
octets, the data shall be padded
according to the following scheme:
Assuming the length of the input is l
octets,
(k - (l mod k))
octets, all having the value
(k - (l mod k))
, shall be appended to the original data. In
other words, the input is padded at the trailing end with one of the
following sequences:
01 -- if l mod k = k-1 02 02 -- if l mod k = k-2 ... ... ... k k ... k k -- if l mod k = 0
The padding can be removed unambiguously since all input is padded and no
padding sequence is a suffix of another. This padding method is well-defined
if and only if k < 256
octets, which is the case with
symmetric key block ciphers today, and in the forseeable future.
Version: $Revision: 1.5 $
Method Summary | |
---|---|
byte[] | doFinal(byte[] data) Encrypts or decrypts, depending on the mode already set, a designated array of bytes and returns the result. |
byte[] | doFinal(byte[] data, int offset, int length) Encrypts or decrypts, depending on the mode already set, a designated array of bytes and returns the result. |
static CALG | getInstance(String algorithm) Returns an instance of a SASL-SRP CALG implementation. |
void | init(KDF kdf, byte[] iv, Direction dir) Initialises a SASL-SRP CALG implementation. |
Encrypts or decrypts, depending on the mode already set, a designated array of bytes and returns the result.
Parameters: data the data to encrypt/decrypt.
Returns: the decrypted/encrypted result.
Throws: ConfidentialityException if an exception occurs duirng the process.
Encrypts or decrypts, depending on the mode already set, a designated array of bytes and returns the result.
Parameters: data the data to encrypt/decrypt. offset where to start in data
. length how many bytes to consider in data
.
Returns: the decrypted/encrypted result.
Throws: ConfidentialityException if an exception occurs duirng the process.
Returns an instance of a SASL-SRP CALG implementation.
Parameters: algorithm the name of the symmetric cipher algorithm.
Returns: an instance of this object.
Initialises a SASL-SRP CALG implementation.
Parameters: kdf the key derivation function. iv the initial vector value to use. dir whether this CALG is used for encryption or decryption.