Programmer Reference : Cryptography : Symmetric Ciphers
Symmetric Ciphers
Module Implementation: OpenSSLCryptoInterfaceCIPH
This module provides symmetric cipher algorithms for encryption/decryption.
Note: Internal classes are italicized and will only contain a short description.
See the class-side examples in the OpenSSLSymmetricCipherExamples class for additional usage detail.
Ciphers
OpenSSLCipherData
This object encapsulates input/output parameters for encryption/decryption routines.
Class methods: Creation
on: anInputByteObject
Answer a new instance of an <OpenSSLCipherData> configured to use @anInputByteObject
as the input to encrypt/decrypt methods.
Arguments:
anInputByteObject - @see implementors of isOpenSSLByteObject for types
Answers:
<OpenSSLCipherData> - cipher data
 
on: anInputByteObject length: aLength
Answer a new instance of an <OpenSSLCipherData> configured to use @anInputByteObject
with length @aLength as the input to encrypt/decrypt methods.
Arguments:
anInputByteObject - @see implementors of isOpenSSLByteObject for types
<OSPtr> are also allowed since length is specified
aLength - <Integer>
Answers:
<OpenSSLCipherData> - cipher data
 
Class methods: Factory
cipherDataClassFor: aCipher
Factory Method
Arguments:
aCipher - <OSSslCipher>
Answers:
<OpenSSLCipherData or subclass> class
 
Instance methods: Accessing
input
Answer the input byte object
Answers:
<Object>
 
input: aByteObject
Set the input byte object.
If @aByteObject does not answer true to isOpenSSLByteObject,
then the inputLength must also be set.
Arguments:
aByteObject - @see implementors of isOpenSSLByteObject for types
<OSPtr> but you must set the inputLength
 
inputLength
Answers the length of the input, or 0 if not set
Answers:
<Integer>
 
inputLength: anInteger
Set the length of the input object
Arguments:
anInteger - <Integer>
 
output
Answer the output byte object
Answers:
<Object>
 
output: aByteObject
Set the output byte object
Argument:
aByteObject - <Object>
 
outputClass
Answer the class that should instantiate the output object
Answers:
<Class> - output class
 
outputClass: anObject
Set the class that should instantiate the output object
Arguments:
anObject - <Class>
 
outputLength
Answers the length of the output, or 0 if not set
Answers:
<Integer> - output length
 
outputLength: anInteger
Set the length of the output object
Arguments:
anInteger - <Integer>
 
Instance methods: API
freeInput
Free native input only
 
freeOutput
Free native output only
 
Instance methods: Conversion
asOpenSSLCipherDataFor: aCipher
Answers self
 
Instance methods: Testing
isOpenSSLCipherData
Answers true
 
OpenSSLCipherAuthData
This object encapsulates input/output parameters for authenticated encryption/decryption routines.
Class methods: Creation
on: anInputByteObject tag: aTagByteObject
Answer a new instance of an <OpenSSLCipherAuthData> configured to use @anInputByteObject
as the input to decryption methods and @aTagByteObject as the authorization tag.
Arguments:
anInputByteObject - @see implementors of isOpenSSLByteObject for types
aTagByteObject - @see implementors of isOpenSSLByteObject for types
Answers:
<OpenSSLCipherAuthData> - cipher auth data
 
on: anInputByteObject tagLength: aTagLength
Answer a new instance of an <OpenSSLCipherAuthData> configured to use @anInputByteObject
as input to encryption methods which should answer an authorization tag of length @aTagLength.
Arguments:
anInputByteObject - @see implementors of isOpenSSLByteObject for types
aTagLength - <Integer>
Answers:
<OpenSSLCipherAuthData> - cipher data
 
Instance methods: Accessing
tagData
Answer the input byte object
Answers:
<Object>
 
tagData: aByteObject
Set the input byte object.
If @aByteObject does not answer true to isOpenSSLByteObject,
then the inputLength must also be set.
Arguments:
aByteObject - @see implementors of isOpenSSLByteObject for types
<OSPtr> but you must set the inputLength
 
tagLength
Answers the length of the input, or 0 if not set
Answers:
<Integer>
 
tagLength: anInteger
Set the length of the input object
Arguments:
anInteger - <Integer>
 
Instance methods: Testing
isOpenSSLCipherAuthData
This is data suitable for ciphers supporting Authenticated Encryption
Answers:
<Boolean>
 
OpenSSLCipherAEAD
This object encapsulates input/output parameters for authenticated with associated data encryption/decryption routines.
Class methods: Creation
on: anInputByteObject tag: aTagByteObject aad: anAAD
Answer a new instance of an <OpenSSLCipherAuthData> configured to use @anInputByteObject
as the input to decryption methods and @aTagByteObject as the authorization tag.
Arguments:
anInputByteObject - @see implementors of isOpenSSLByteObject for types
aTagByteObject - @see implementors of isOpenSSLByteObject for types
anAAD - @see implementors of isOpenSSLByteObject for types
<Collection> of ByteObjects
Answers:
<OpenSSLCipherAuthData> - cipher auth data
 
on: anInputByteObject tagLength: aTagLength aad: anAAD
Answer a new instance of an <OpenSSLCipherAEAD> configured to use @anInputByteObject
as input to encryption methods which should answer an authorization tag of length @aTagLength.
with associated data @anAAD
Arguments:
anInputByteObject - @see implementors of isOpenSSLByteObject for types
aTagLength - <Integer>
anAAD - @see implementors of isOpenSSLByteObject for types
<Collection> of ByteObjects
Answers:
<OpenSSLCipherAuthData> - cipher data
 
Instance methods: Accessing
aad
Answer the value for the additional associated data.
Answers:
<Object>
 
aad: anObject
Sets the value for the additional associated data.
Arguments:
<Object>
 
isOpenSSLCipherAEAD
This is data suitable for ciphers supporting
Authenticated Encryption with Associated Data (AEAD)
Answers:
<Boolean>
 
OSSslCipher
This object wraps a specific symmetric cipher algorithm. It contains an API for one-shot encryption/decryption
Class methods: API
allCipherNames
Answer a sorted listing of all supported cipher names. This will take the external library into account since what ciphers are available depend on compiler flags used.
Answers:
<SequenceableCollection> cipher names
 
allCiphersCollect: aBlock
Answer a Collection that is created by iteratively evaluating the one argument block, aBlock using each element of the receiver as an argument.
Arguments:
aBlock - <Block> 1-arg
Answers:
< SequenceableCollection>
 
allCiphersDo: aBlock
Evaluate a one-arg block on all supported ciphers. The external library may only support a subset based on how it was compiled, so a check is performed to see if it is included in the list
Arguments:
aBlock - <Block> 1-arg block with cipher <OSSslCipher> as param
 
allCiphersSelect: aBlock
Answer a SequenceableCollection that is created by iteratively evaluating the one argument block, aBlock using an element of receiver and adding the element to the returned SequenceableCollection only if aBlock evaluates to the Boolean true.
Arguments:
aBlock - <Block> 1-arg
Answers:
< SequenceableCollection>
 
Class methods: Creation
named: aCipherName
Answer the <OSSslCipher> associated with @aCipherName. This performs a fast lookup, and if that fails then it queries OpenSSL.If OpenSSL is unable to locate it, it could be because the library was compiled in such a way that it left it out.
Arguments:
aCipherName - <String>
Answers:
<OSSslCipher> - cipher object
<OpenSSLError> - error object
 
Class methods: Factory
The methods in this category all have the same name as the Cipher algorithm and answer an OSSslCipher instance.
Note: OpenSSL may have been compiled without support for some of the factory algorithms, in this case error objects will be answered.
Example:
aes_256_cbc
Answer the Cipher Object for the AES_256_CBC algorithm.
Answers:
<OSSslCipher>
 
Class methods: Utility
emptyIV
Answers a new initialization vector of max length initialized with all 0s
Answers:
< ByteArray>
 
emptyKey
Answers a new key of max length initialized with all 0s
Answers:
< ByteArray>
 
Instance methods: Accessing
blockSize
Answer the block size of the cipher in bytes
Answers:
<Integer>
 
cipherDataClass
Answer the cipher input class to be used for cipher encrypt/descrypt cipher APIs
Answers:
<OpenSSLCipherData or subclass>
 
defaultTagLength
Answer the default authorization tag length for this cipher. This only applies to authenticating ciphers
Answers:
<Integer>
 
flags
Answer the flags set for the cipher
Answers:
<Integer> - cipher flags
 
ivLength
Answer the IV LENGTH of the cipher.
Answer 0 if the cipher does not use an IV
Answers:
<Integer>
 
keyLength
Answer the key length of the cipher
Answers:
<Integer> - cipher key length
 
longName
Answer the longName <String> of this cipher
Answers:
<String> - long name
 
mode
Answer the mode of the cipher.
Block Cipher Modes: ECB, CBC, CFB, OFB, CTR, GCM, CCM, XTS, WRAP, OCB
Stream Cipher Modes: STREAM
Answers:
<Integer> - mode constant
 
name
Answer the shortName <String> of this cipher
Answers:
<String> - short name
 
nid
Answers the NID of the cipher
Answers:
<Integer> - cipher nid
 
shortName
Answer the shortName <String> of this cipher
Answers:
<String> - short name
 
type
Answers the type of the passed cipher or context.
Answers:
<Integer> - type
 
typeName
Answer the type name <String> of this cipher
Answers:
<String> - type name
 
Instance methods: API - Crypt
cipherDataFor: aByteObject
Answer a new cipher input to wrap @aByteObject which will be the input data.
The cipher will return a cipher input object appropriate to the cipher mode (i.e. Unauthenticated or AEAD)
Arguments:
aByteObject - @see implementors of isOpenSSLByteObject for types
Answers:
<OpenSSLCipherData or subclass>
 
cipherDataFor: aByteObject length: aLength
Answer a new cipher input to wrap @aByteObject which will be the input data.
The cipher will return a cipher input object appropriate to the cipher mode (i.e. Unauthenticated or AEAD)
Arguments:
aByteObject - @see implementors of @isOpenSSLByteObject for types
aLength - length of the object
Answers:
<OpenSSLCipherData or subclass>
 
decrypt: aByteData key: aKey iv: anIVNonce
Perform a Decryption Operation on @aByteData
@see OSSslCipherCtx>>decrypt:key:iv:pad: for details
Arguments:
aByteData - <OpenSSLCipherData or subclass> cipher data (required for authenticated ciphers).
or @see implementors of isOpenSSLByteObject for types
aKey - @see implementors of isOpenSSLByteObject for types
anIVNonce - @see implementors of isOpenSSLByteObject for types
Answers:
<ByteArray> if the input was a <String> or <ByteArray>
OpenSSLCipherData>>outputClass if the input was a <OpenSSLCipherData>
 
decrypt: aByteData key: aKey iv: anIVNonce pad: shouldPad
Perform a Decryption Operation on @aByteData with explicit padding specification
@see OSSslCipherCtx>>decrypt:key:iv:pad: for details
Arguments:
aByteObject - <OpenSSLCipherData or subclass> cipher data (required for authenticated ciphers).
or @see implementors of isOpenSSLByteObject for types
aKey - @see implementors of isOpenSSLByteObject for types
anIVNonce - @see implementors of isOpenSSLByteObject for types
shouldPad - <Boolean> padding enabled? If unsure, put true
Answers:
<ByteArray> if the input was a <String> or <ByteArray>
OpenSSLCipherData>>outputClass if the input was a <OpenSSLCipherData>
 
encrypt: aByteData key: aKey iv: anIVNonce
Perform an Encryption Operation on @aByteData
@see OSSslCipherCtx>>encrypt:key:iv:pad: for details
Arguments:
aByteData - <OpenSSLCipherData or subclass> cipher data (required for authenticated ciphers).
or @see implementors of isOpenSSLByteObject for types
aKey - @see implementors of isOpenSSLByteObject for types
anIVNonce - @see implementors of isOpenSSLByteObject for types
Answers:
<ByteArray> if the input was a <String> or <ByteArray>
OpenSSLCipherData>>outputClass if the input was a <OpenSSLCipherData>
 
encrypt: aByteObject key: aKey iv: anIV pad: shouldPad
Perform an Encryption Operation on @aByteData with explicit padding specification.
@see OSSslCipherCtx>>encrypt:key:iv:pad: for details
Arguments:
aByteData - <OpenSSLCipherData or subclass> cipher data (required for authenticated ciphers).
or @see implementors of isOpenSSLByteObject for types
aKey - @see implementors of isOpenSSLByteObject for types
anIVNonce - @see implementors of isOpenSSLByteObject for types
shouldPad - <Boolean> padding enabled? If unsure, put true
Answers:
<ByteArray> if the input was a <String> or <ByteArray>
OpenSSLCipherData>>outputClass if the input was a <OpenSSLCipherData>
 
Instance methods: RNG
randomIV
Answer a new random IV sized for the cipher
Answers:
<ByteArray> - initialization vector
 
randomKey
Answer a new random key sized for the cipher
Answers:
<ByteArray> - random key
 
securedRandomKey
Answer a new random key sized for the cipher allocated from the secure heap and encrypted (if encryption is supported)
Answers:
<OSSslSecureBytes> - random key
 
Instance methods: Testing
isAEAD
Answer true if the cipher is AEAD (Authenticated encryption with associated data)
Answers:
<Boolean> - true if an authenticated cipher, false otherwise
 
isAuthenticated
Answer true if the cipher is an authenticating encryption.
This is a cipher that provides authentication, but not additional associated data
like AEAD ciphers.
In OpenSSL version 1.1.0, CCM became an AEAD compliant cipher
Answers:
<Boolean> - true if an authenticated cipher, false otherwise
 
isBitOriented
Answer true if the cipher is bit-oriented as opposed to byte oriented
Answers:
<Boolean> - true if an bit-oriented, false otherwise
 
isBlockCipher
Answer true if the cipher is a block cipher
Answers:
<Boolean> - true if block cipher, false if stream cipher
 
isByteOriented
Answer true if the cipher is byte-oriented as opposed to bit oriented.
The only known bit-oriented cipher are those in CFB1 mode.
Answers:
<Boolean> - true if byte-oriented, false otherwise
 
isCtx
Test if this is a context object
Answers:
<Boolean> - false
 
isStreamCipher
Answer true if the cipher is a stream cipher
Answers:
<Boolean> - true if stream cipher, false if block cipher
 
ivRequired
Modes that must have IV's present
Answers:
<Boolean>
 
OSSslCipherCtx
This is the context object that represents a particular session of symmetric encryption/decryption. It contains an API for one-shot and streaming encryption/decryption.
Class methods: Creation
createNew
Create a new EVP_CIPHER_CTX instance and initialize it.
Answers:
< OSSslCipherCtx > - new instance
<OpenSSLError compatible error> - error object
 
createNewFromCipher: aCipher
Create a new EVP_CIPHER_CTX instance
Arguments:
aCipher - <OSSslCipher> cipher algorithm object
Answers:
<OSSslCipherCtx> - new instance
<OpenSSLError compatible error> - error object
 
Instance methods: Accessing
blockSize
Answer the block size of the cipher
Answers:
<Integer>
 
contextFlags
Answer the cipher context flags...this is for padding
Answers:
<Integer> - context flags
 
flags
Answer the flags set for the cipher context
Answers:
<Integer> - cipher context flags
 
iv: anIVNonce
Sets the initialization vector for the cipher context
Arguments:
anIVNonce - initialization vector/nonce - @see implementors of isOpenSSLByteObject for types
Answers:
<Object> - anIVNonce
 
ivLength
Answer the IV LENGTH of the cipher.
Answer 0 if the cipher does not use an IV
Answers:
<Integer>
 
ivLength: aLength
Set the IV LENGTH of the cipher.
This is only required for AEAD mode ciphers
Arguments:
aLength - <Integer> iv length
Answers:
<OSSslCipherCtx> self
 
key: aKey
Sets the key for the cipher context.
Arguments:
aKey - <ByteArray> secret key
Answers:
<ByteArray> - actual key
 
key: aKey iv: anIVNonce
Convenience Function to set the key and ivNonce.
These may be coerced to fit the given algorithm mode requirements.
The possibly modified key->iv is answered as an Association
Arguments:
aKey - Secret Key - @see implementors of isOpenSSLByteObject for types
anIVNonce - initialization vector/nonce - @see implementors of isOpenSSLByteObject for types
Answers:
<Association> key -> ivNonce
 
keyLength
Answer the key length of the cipher
Answers:
<Integer> - cipher key length
 
keyLength: anInteger
Sets and answers the key length of the cipher.
Arguments:
anInteger - <Integer> key length
Answers:
<Integer> - cipher key length
 
mode
Answer the mode of the cipher.
Block Cipher Modes: ECB, CBC, CFB, OFB, CTR, GCM, CCM, XTS, WRAP, OCB
Stream Cipher Modes: STREAM
Answers:
<Integer> - mode constant
 
nid
Answers the NID of the cipher
Answers:
<Integer> - cipher nid
 
padding: aBoolean
Enables or disables padding.
Answers:
<Integer> - always answers 1
 
tagData: aByteObject
Sets the authentication tag data to be used during decryption of AEAD ciphers.
Arguments:
aByteObject - tag data - @see implementors of isOpenSSLByteObject for types
Answers:
<OSSslCipherCtx> self
 
tagLength: aLength
Sets the authentication tag length to be used during encryption of AEAD ciphers.
Some modes (i.e. OCB) will require this during decryption also.
Arguments:
aByteObject - tag data
Answers:
<OSSslCipherCtx> self
 
Instance methods: Duplication
duplicate
Answers a managed duplicate of this Cipher Context.
Answers:
<OSSslCipherCtx> - new duplicate instance
 
Instance methods: High-Level API - Crypt
decrypt: aByteData key: aKey iv: anIVNonce pad: shouldPad
Perform a Decrypt Operation on @aByteData
@aByteData must be a byte object. @see implementors of isOpenSSLByteObject for types
@aKey is the secret key byte object. @see implementors of isOpenSSLByteObject for types
@anIVNonce is the initialization vector/nonce byte object. @see implementors of isOpenSSLByteObject for types
@shouldPad defines if padding should be used.
If this is an authenticated cipher, then @aByteData is required to be a <OpenSSLCipherAuthData or subclass>.
The additional authTag and aad (additional associated data) from @aByteData will also be used.
Padding should generally be enabled (@shouldPad = true) unless you have good
control over the input and can ensure the input is a multiple of the cipher block size.

Return Value: This method returns an object whose type depends on @aByteObject input.
Input: <String> or <ByteArray> Output: <ByteArray>
Input: <OpenSSLCipherData> Output: OpenSSLCipherData>>outputClass
Arguments:
aByteData - a <OpenSSLCipherData or subclass> cipher data (required for authenticated ciphers).
or @see implementors of isOpenSSLByteObject for types
aKey - @see implementors of isOpenSSLByteObject for types
anIVNonce - @see implementors of isOpenSSLByteObject for types
shouldPad - <Boolean | UndefinedObject> padding enabled or default if nil
Answers:
<Object> - See 'Return Value' above
 
encrypt: aByteData key: aKey iv: anIVNonce pad: shouldPad
Perform Encrypt Operation on @aByteData.

@aByteData must be a byte object. @see implementors of isOpenSSLByteObject for types
@aKey is the secret key byte object. @see implementors of isOpenSSLByteObject for types
@anIVNonce is the initialization vector/nonce byte object. @see implementors of isOpenSSLByteObject for types
@shouldPad defines if padding should be used

If this is an authenticated cipher, then @aByteData is required to be a <OpenSSLCipherAuthData or subclass>.
The additional authTag and aad (additional associated data) from @aByteData will also be used.

Padding should generally be enabled (@shouldPad = true) unless you have good
control over the input and can ensure the input is a multiple of the cipher block size.

Return Value: This method returns an object whose type depends on @aByteObject input.
Input: <String> or <ByteArray> Output: <ByteArray>
Input: <OpenSSLCipherData> Output: OpenSSLCipherData>>outputClass
Arguments:
aByteObject - <OpenSSLCipherData or subclass> cipher data (required for authenticated ciphers).
or @see implementors of isOpenSSLByteObject for types
aKey - @see implementors of isOpenSSLByteObject for types
anIVNonce - @see implementors of isOpenSSLByteObject for types
shouldPad - <Boolean | UndefinedObject> padding enabled or default if nil
Answers:
<Object> - See 'Return Value' above
 
Instance methods: Low-Level API - Crypt
finish
Answers the remaining cipher value from the context After calling this...no more update: operations are allowed. You must call reset to reinit the state.
Answers:
<ByteArray> - encrypted bytes
 
finishInto: aByteObject
Retrieves the remaining cipher result from the context and places it in aByteObject. Answers the number of data bytes actually written. This will be the cipher's block size at most.
@aByteObject is allowed to be an OSObject, but be careful when using these. It is expected that aByteObject has AT LEAST the length of the cipher's block size as it's allocated size. After calling this...no more update: operations are allowed. You must call reset reinit the state.
Arguments:
aByteObject - byte @see implementors of #isOpenSSLByteObject
Answers:
<Integer> - number of bytes written
 
iv: anIVNonce
Sets the initialization vector for the cipher context.
Arguments:
anIVNonce - initialization vector/nonce - @see implementors of isOpenSSLByteObject for types
Answers:
<Object> - anIVNonce
 
key: aKey
Sets the key for the cipher context.
This can be modified based on the cipher constraints which is why
this method answers the actual key to be used since it will be needed for decryption.
Arguments:
aKey - Secret Key - @see implementors of isOpenSSLByteObject for types
Answers:
@see implementors of isOpenSSLByteObject for types - actual key
 
key: aKey iv: anIVNonce
Convenience Function to set the key and ivNonce.
This These may be coerced to fit the given algorithm mode requirements.
The possibly modified key->iv is answered as an Association
Arguments:
aKey - Secret Key - @see implementors of isOpenSSLByteObject for types
Answers:
@see implementors of isOpenSSLByteObject for types - actual key
 
padding: aBoolean
Enables or disables padding.
By default encryption operations are padded using standard block padding and the padding is checked and removed when decrypting.
If the pad parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple
of the block size or an error will occur.
Answers:
<Integer> - always answer 1
 
reset
Resets the Cipher to its default sate with the associated cipher
Answers:
<OSSslCipherCtx> self
 
setupForDecryption
Prepare the internals of this cipher context for decryption
Answers:
<Integer> 1 for success
 
setupForEncryption
Prepare the internals of this cipher context for encryption
Answers:
<Integer> 1 for success
 
update: aByteObject
Update the cipher encrypt/decrypt with the bytes from @aByteObject
Arguments:
aByteObject - @see implementors of isOpenSSLByteObject for types
Answers:
<ByteArray> - encrypted/decrypted bytes
 
update: aByteObject length: length
Update @length number of bytes from @aByteObject which will cause some number of encrypted/decrypted bytes to be written into a new ByteArray whose size is dynamically determined.
Arguments:
aByteObject - @see implementors of isOpenSSLByteObject for types
length - <Integer> length of @aByteObject
Answers:
<ByteArray> - encrypted/decrypted bytes
 
update: anInputByteObject length: inputLength into: anOutputByteObject length: outputLength
Update @inputLength number of bytes from @anInputByteObject which will cause some number of encrypted/decrypted bytes to be written into anOutputByteObject.
This length can not exceed @outputLength which is the total size of @anOutputByteObject or an error is returned.
Arguments:
anInputByteObject - @see implementors of isOpenSSLByteObject for types
inputLength - <Integer> length of @anInputByteObject
anOutputByteObject - @see implementors of isOpenSSLByteObject for types
outputLength - <Integer> length of @anOutputByteObject
Answers:
<Integer> encrypted/decrypted bytes actually written to anOutputByteObject
 
Instance methods: Low-Level API - Crypt AEAD
inputLength: aLength
Set the total length of the plaintext/ciphertext.
Only necessary for authenticated encryption in CCM mode
Arguments:
aLength - <Integer>
Answers:
<OSSslCipherCtx> self
 
ivLength: aLength
Set the IV LENGTH of the cipher.
This is only required for AEAD mode ciphers
Arguments:
aLength - <Integer> iv length
Answers:
<OSSslCipherCtx> self
 
tagData: aByteObject
Sets the authentication tag data to be used during decryption of AEAD ciphers
Arguments:
aByteObject - tag data - @see implementors of isOpenSSLByteObject for types
Answers:
<OSSslCipherCtx> self
 
tagLength: aLength
Sets the authentication tag length to be used during encryption of AEAD ciphers.
Some modes (i.e. OCB) will require this during decryption also.
Arguments:
aLength - tag length
Answers:
<OSSslCipherCtx> self
 
updateAAD: aByteObject
Updates the additional authenticated data for AEAD ciphers.
This is unencrypted, but authenticated, data.
Arguments:
aByteObject - aad - @see implementors of isOpenSSLByteObject for types
Answers:
<OSSslCipherCtx> self
 
updateTagData: aByteObject
Retrieves the tag data and puts it into the arguments.
Arguments:
aByteObject - @see implementors of isOpenSSLByteObject for types
Answers:
aByteObject
 
Instance methods: RNG
randomIV
Answer a new random IV sized for the cipher.
Answers:
<ByteArray> - initialization vector
 
randomKey
Answer a new random key sized for the cipher.
Answers:
<ByteArray> - random key
 
securedRandomKey
Answer a new random key sized for the cipher allocated from the secure heap and encrypted (if encryption is supported)
Answers:
<OSSslSecureBytes> - random key
 
Instance methods: Testing
isAEAD
Answer true if the cipher for this context is AEAD (Authenticated encryption with associated data)
Answers:
<Boolean> - true if an authenticated cipher ctx, false otherwise
 
isAuthenticated
Answer true if the cipher for this context is an authenticating encryption.
This is a cipher that provides authentication, but not additional associated data
like AEAD ciphers.
In OpenSSL version 1.1.0, CCM became an AEAD compliant cipher
Answers:
<Boolean> - true if an authenticated cipher, false otherwise
 
isBitOriented
Answer true if the cipher for this context is bit-oriented as opposed to byte oriented
Answers:
<Boolean> - true if an bit-oriented, false otherwise
 
isBlockCipher
Answer true if the cipher for this context is a block cipher
Answers:
<Boolean> - true if block cipher, false if stream cipher
 
isByteOriented
Answer true if the cipher for this context is byte-oriented as opposed to bit oriented.
The only known bit-oriented cipher are those in CFB1 mode.
Answers:
<Boolean> - true if byte-oriented, false otherwise
 
isCtx
Test if this is a context object
Answers:
<Boolean> - true
 
isStreamCipher
Answer true if the cipher for this context is a stream cipher
Answers:
<Boolean> - true if stream cipher, false if block cipher
 
ivRequired
Modes that must have IV's present
Answers:
<Boolean>
 
BIO
OSSslCipherBIO
OpenSSL BIO object that performs symmetric encryption on data written to it and symmetric decryption on data read from it. It can be chained together with other BIOs to create a high-performance crypto pipeline.
Class methods: Creation
createNewFromCipher: anOSSslCipher
Create a new instance of the cipher BIO from the cipher.
Arguments:
anOSSslCipher- <OSSslCipher>
Answers:
<OSSslCipherBIO> new instance
<OpenSSLError compatible error> - error object
 
Instance methods: Accessing
authData
Answers:
<OpenSSLCipherAuthData>
 
authData: aCipherAuthData
Arguments:
aCipherAuthData - <OpenSSLCipherAuthData>
 
Instance methods: API - AEAD
aad
Answer the value for the additional associated data.
Answers:
nil - Not used
ByteObject - @see implementors of isOpenSSLByteObject for types
<Collection> of ByteObjects
 
aad: anObject
Sets the value for the additional associated data.
Arguments:
nil - Not used
ByteObject - @see implementors of isOpenSSLByteObject for types
<Collection> of ByteObjects
 
inputLength: aLength
Set the total length of the plaintext/ciphertext.
Only necessary for authenticated encryption in CCM mode.
This must be done before any setup for encrypt/decrypt.
Arguments:
aLength - <Integer>
Answers:
< OSSslCipherCtx > self
 
tagData
Answer the authTag from the AEAD data.
Answers:
@see implementors of isOpenSSLByteObject for types
 
tagData: aByteObject
Update the authTag for the AEAD data.
Arguments:
aByteObject - Length of the tag data
 
tagLength
Answer the authTagLength from the AEAD data.
Answers:
<Integer>
 
tagLength: aLength
Update the authTagLength for the AEAD data.
Arguments:
aLength - Length of the tag data
 
Instance methods: API - BIO
flush
Flushes any buffered output.
Answers:
<Boolean> true for success, false otherwise
 
isOk
Answer the status of the bio decrypt.
Answers:
<Boolean> - true if everything is ok, false if something went wrong
 
Instance methods: API - Crypt
configureCipherCtx: aConfigureBlock
Evaluate the one-arg block @aConfigureBlock to set various features of the bio's cipher context. This method will ensure that the state of the bio stays in-sync with the changes that are occurring.
Arguments:
<Block> - 1-arg block that passes in the cipher context
 
isFilter
Cipher BIOs are Filters
Answers:
<Boolean> - true
 
isOk
Answers the status of the bio decrypt.
Answers:
<Boolean> true if everything is ok, false if something went wrong
 
randomIV
Answer a new random IV sized for the cipher.
Answers:
<ByteArray> - initialization vector
 
randomKey
Answer a new random key sized for the cipher.
Answers:
<ByteArray> - random key
 
securedRandomKey
Answer a new random key sized for the cipher allocated from the secure heap and encrypted (if encryption is supported)
Answers:
<OSSslSecureBytes> - random key
 
setupForDecryption: aKey iv: anIVNonce padding: usePadding
Prepare this cipher bio for decryption using the supplied key/iv. Specify is padding is used. Typically this is true unless you know otherwise.
Arguments:
aKey - Secret Key - @see implementors of isOpenSSLByteObject for types
anIVNonce - Initialization Vector - @see implementors of isOpenSSLByteObject for types
usePadding - <Boolean>
Answers:
<OSSslCipherBIO> - self
<OpenSSLError compatible error> - error object
 
setupForEncryption: aKey iv: anIVNonce padding: usePadding
Prepare this cipher bio for encryption using the supplied key/iv. Specify is padding is used. Typically this is true unless you know otherwise.
Arguments:
aKey - Secret Key - @see implementors of isOpenSSLByteObject for types
anIVNonce - Initialization Vector - @see implementors of isOpenSSLByteObject for types
usePadding - <Boolean>
Answers:
<OSSslCipherBIO> - self
<OpenSSLError compatible error> - error object
Extensions
Object
 
asOpenSSLCipherDataFor: aCipher
Answer a new cipher data that wraps this object, which will be the input to the cipher routines (i.e. plainText/cipherText).
Answers:
<OpenSSLCipherData or subclass>
 
isOpenSSLCipherAEAD
Answer false.
Answers:
<Boolean>
 
isOpenSSLCipherAuthData
Answer false.
Answers:
<Boolean>
 
isOpenSSLCipherData
Answer false
Answers:
<Boolean>
OSSslBIO
 
newCipherBIO: aCipher
Convenience Method for creating message cipher BIOs
Answers:
< OSSslCipherBIO>
OSSslBIOMethod
 
cipher
Answer the Cipher BIO-Method.
Answers:
< OSSslBIOMethod> cipher bio method
 
Last modified date: 08/09/2017