com.google.crypto.tink.streamingaead.internal

Class LegacyFullStreamingAead

java.lang.Object

com.google.crypto.tink.streamingaead.internal.LegacyFullStreamingAead

All Implemented Interfaces:

StreamingAead

public class LegacyFullStreamingAead
extends Object
implements StreamingAead

Takes an arbitrary raw StreamingAead and makes it a full primitive. ("Full" doesn't make much difference in case of Streaming AEADs, but we keep the name and the wrapper structure for consistency with the other primitives.) This is a class that helps us transition onto the new Keys and Configurations interface, by bringing potential user-defined primitives to a common denominator with our primitives over which we have control.

Method Summary

Modifier and Type	Method and Description
static StreamingAead	create(LegacyProtoKey key) Covers the cases where users created their own streaming AEAD / key classes.
ReadableByteChannel	newDecryptingChannel(ReadableByteChannel ciphertextSource, byte[] associatedData)
InputStream	newDecryptingStream(InputStream ciphertextSource, byte[] associatedData) Returns a wrapper around ciphertextSource, such that any read-operation via the wrapper results in AEAD-decryption of the underlying ciphertext, using associatedData as associated authenticated data.
WritableByteChannel	newEncryptingChannel(WritableByteChannel ciphertextDestination, byte[] associatedData) Returns a WritableByteChannel for plaintext.
OutputStream	newEncryptingStream(OutputStream ciphertextDestination, byte[] associatedData) Returns a wrapper around ciphertextDestination, such that any write-operation via the wrapper results in AEAD-encryption of the written data, using associatedData as associated authenticated data.
SeekableByteChannel	newSeekableDecryptingChannel(SeekableByteChannel ciphertextSource, byte[] associatedData) Returns a SeekableByteChannel that allows to access the plaintext.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

create

public static StreamingAead create(LegacyProtoKey key)
                            throws GeneralSecurityException

Covers the cases where users created their own streaming AEAD / key classes.

Throws:

GeneralSecurityException

newEncryptingChannel

public WritableByteChannel newEncryptingChannel(WritableByteChannel ciphertextDestination,
                                                byte[] associatedData)
                                         throws GeneralSecurityException,
                                                IOException

Description copied from interface: StreamingAead

Returns a WritableByteChannel for plaintext. Any data written to the returned channel will be encrypted and the resulting ciphertext written to the provided ciphertextDestination

Specified by:

newEncryptingChannel in interface StreamingAead

Parameters:

ciphertextDestination - the channel to which the ciphertext is written.

associatedData - data associated with the plaintext. This data is authenticated but not encrypted. It must be passed into the decryption.

Throws:

GeneralSecurityException

IOException

newSeekableDecryptingChannel

public SeekableByteChannel newSeekableDecryptingChannel(SeekableByteChannel ciphertextSource,
                                                        byte[] associatedData)
                                                 throws GeneralSecurityException,
                                                        IOException

Description copied from interface: StreamingAead

Returns a SeekableByteChannel that allows to access the plaintext.

This method does not work on Android Marshmallow (API level 23) or older because these Android versions don't have the java.nio.channels.SeekableByteChannel interface.

Specified by:

newSeekableDecryptingChannel in interface StreamingAead

Parameters:

ciphertextSource - the ciphertext

associatedData - the data associated with the ciphertext.

Returns:

SeekableByteChannel that allows random read access to the plaintext. The following methods of SeekableByteChannel are implemented:

• long position() Returns the channel's position in the plaintext.
• SeekableByteChannel position(long newPosition) Sets the channel's position. Setting the position to a value greater than the plaintext size is legal. A later attempt to read byte will immediately return an end-of-file indication.
• int read(ByteBuffer dst) Bytes are read starting at the channel's position, and then the position is updated with the number of bytes actually read. All bytes returned have been authenticated. If the end of the stream has been reached -1 is returned. A result of -1 is authenticated (e.g. by checking the MAC of the last ciphertext chunk.) A call to this function attempts to fill dst, but it may return fewer bytes than requested, e.g. if the underlying ciphertextSource does not provide the requested number of bytes or if the plaintext ended.

  Throws IOException if a MAC verification failed. TODO: Should we extend the interface with read(ByteBuffer dst, long position) to avoid race conditions?

• long size() Returns the size of the plaintext. TODO: Decide whether the result should be authenticated)
• SeekableByteChannel truncate(long size) throws NonWritableChannelException because the channel is read-only.
• int write(ByteBuffer src) throws NonWritableChannelException because the channel is read-only.
• close() closes the channel
• isOpen()

Throws:

GeneralSecurityException - if the header of the ciphertext is corrupt or if associatedData is not correct.

IOException - if an IOException occurred while reading from ciphertextDestination.

newDecryptingChannel

public ReadableByteChannel newDecryptingChannel(ReadableByteChannel ciphertextSource,
                                                byte[] associatedData)
                                         throws GeneralSecurityException,
                                                IOException

Specified by:

newDecryptingChannel in interface StreamingAead

Throws:

GeneralSecurityException

IOException

newEncryptingStream

public OutputStream newEncryptingStream(OutputStream ciphertextDestination,
                                        byte[] associatedData)
                                 throws GeneralSecurityException,
                                        IOException

Description copied from interface: StreamingAead

Returns a wrapper around ciphertextDestination, such that any write-operation via the wrapper results in AEAD-encryption of the written data, using associatedData as associated authenticated data. The associated data is not included in the ciphertext and has to be passed in as parameter for decryption.

Specified by:

newEncryptingStream in interface StreamingAead

Throws:

GeneralSecurityException

IOException

newDecryptingStream

public InputStream newDecryptingStream(InputStream ciphertextSource,
                                       byte[] associatedData)
                                throws GeneralSecurityException,
                                       IOException

Description copied from interface: StreamingAead

Returns a wrapper around ciphertextSource, such that any read-operation via the wrapper results in AEAD-decryption of the underlying ciphertext, using associatedData as associated authenticated data.

The returned InputStream may support mark()/reset(), but does not have to do it -- markSupported() provides the corresponding info.

The returned InputStream supports skip(), yet possibly in an inefficient way, i.e. by reading a sequence of blocks until the desired position. If a more efficient skip()-functionality is needed, the Channel-based API can be used.

Specified by:

newDecryptingStream in interface StreamingAead

Throws:

GeneralSecurityException

IOException