java.lang.Object
cryptix.sasl.srp.CALG
- public final class CALG
- extends java.lang.Object
A Factory class that returns CALG (Confidentiality Algorithm) instances that
operate as described in the draft-burdis-cat-sasl-srp-04. Specifically the
following description, from the specs, is relevant:
The designated CALG block cipher should be used in OFB (Output
Feedback Block) mode in the ISO variant, as described in [16],
algorithm 7.20.
Let k be the block size of the chosen symmetric cipher algorithm;
e.g. for AES this is 128 bits or 16 octets. The OFB mode used shall
be of length/size k.
It is recommended that Block ciphers operating in OFB mode be used
with an Initial Vector (the mode's IV). For the SASL mechanisms
described in this document, the IV shall be an all-zero octet
sequence of size k.
In such a mode of operation - OFB with key re-use - the IV, which
need not be secret, must be changed. Otherwise an identical
keystream results; and, by XORing corresponding ciphertexts, an
adversary may reduce cryptanalysis to that of a running-key cipher
with one plaintext as the running key. To counter the effect of
fixing the IV to an all-zero octet sequence, the sender should use a
one k-octet sequence as the value of its first block, constructed as
follows:
o the first (most significant) (k-2) octets are random,
o the octets at position #k-1 and #k, assuming the first octet is
at position #1, are exact copies of those at positions #1 and #2
respectively.
The input data to the confidentiality protection algorithm shall be
a multiple of the symmetric cipher block size k. When the input
length is not a multiple of k octets, the data shall be padded
according to the following scheme (described in [17] which itself is
based on RFC1423 [18]):
Assuming the length of the input is l octets, (k - (l mod k))
octets, all having the value (k - (l mod k)), shall be appended
to the original data. In other words, the input is padded at the
trailing end with one of the following sequences:
01 -- if l mod k = k-1
02 02 -- if l mod k = k-2
...
...
...
k k ... k k -- if l mod k = 0
The padding can be removed unambiguously since all input is
padded and no padding sequence is a suffix of another. This
padding method is well-defined if and only if k < 256 octets,
which is the case with symmetric block ciphers today, and in the
forseeable future.
The output of this stage, when it is active, is:
at the sending side: CALG(K, ENCRYPT)( bytes(p1) )
at the receiving side: CALG(K, DECRYPT)( bytes(p1) )
If the receiver, after decrypting the first block, finds that the
last two octets do not match the value of the first two, it MUST
signal an exception and abort the exchange.
- Since:
- draft-burdis-cat-sasl-srp-04
- Version:
- $Revision: 1.1 $
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
cat
private static org.apache.log4j.Category cat
ENCRYPT
public static final int ENCRYPT
- See Also:
- Constant Field Values
DECRYPT
public static final int DECRYPT
- See Also:
- Constant Field Values
prng
private static final java.util.Random prng
algorithm
private java.lang.String algorithm
cipher
private javax.crypto.Cipher cipher
encrypting
private boolean encrypting
blockSize
private int blockSize
firstBlock
private boolean firstBlock
iv
private byte[] iv
CALG
private CALG(java.lang.String algorithm,
int blockSize,
javax.crypto.Cipher cipher,
boolean encrypting)
throws javax.security.sasl.SaslException
- Trivial private constructor to enforce Singleton pattern.
getInstance
public static CALG getInstance(java.lang.String algorithm,
javax.crypto.SecretKey K,
int mode)
throws javax.security.sasl.SaslException
- Returns an instance of a SASL-SRP CALG implementation.
doFinal
public byte[] doFinal(byte[] data)
throws cryptix.sasl.ConfidentialityException
- Encrypts or decrypts, depending on the mode already set, a designated
array of bytes and returns the result.
JAVADOC | 
SOURCE | 
DOWNLOAD | NESTED | FIELD | CONSTR | METHOD