/// <summary> /// Encrypt the payload using the symmetric key according to params, and return /// an EncryptedContent. /// </summary> /// /// <param name="payload">The data to encrypt.</param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptSymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); Blob initialVector = paras.getInitialVector(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc) { if (initialVector.size() != net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE) { throw new Exception("incorrect initial vector size"); } } Blob encryptedPayload = net.named_data.jndn.encrypt.algo.AesAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); result.setInitialVector(initialVector); return(result); } else { throw new Exception("Unsupported encryption method"); } }
/// <summary> /// Encrypt the payload using the asymmetric key according to params, and /// return an EncryptedContent. /// </summary> /// /// <param name="payload"></param> /// <param name="key">The key value.</param> /// <param name="keyName">The key name for the EncryptedContent key locator.</param> /// <param name="params">The parameters for encryption.</param> /// <returns>A new EncryptedContent.</returns> private static EncryptedContent encryptAsymmetric(Blob payload, Blob key, Name keyName, EncryptParams paras) { EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); KeyLocator keyLocator = new KeyLocator(); keyLocator.setType(net.named_data.jndn.KeyLocatorType.KEYNAME); keyLocator.setKeyName(keyName); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { Blob encryptedPayload = net.named_data.jndn.encrypt.algo.RsaAlgorithm.encrypt(key, payload, paras); EncryptedContent result = new EncryptedContent(); result.setAlgorithmType(algorithmType); result.setKeyLocator(keyLocator); result.setPayload(encryptedPayload); return(result); } else { throw new Exception("Unsupported encryption method"); } }
/// <summary> /// Create an EncryptedContent where all the values are unspecified. /// </summary> /// public EncryptedContent() { this.algorithmType_ = net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.NONE; this.keyLocator_ = new KeyLocator(); this.initialVector_ = new Blob(); this.payload_ = new Blob(); }
/// <summary> /// Create an EncryptParams with the given parameters. /// </summary> /// /// <param name="algorithmType">The algorithm type, or null if not specified.</param> /// <param name="initialVectorLength"></param> public EncryptParams(EncryptAlgorithmType algorithmType, int initialVectorLength) { algorithmType_ = algorithmType; if (initialVectorLength > 0) { ByteBuffer initialVector = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(initialVectorLength); net.named_data.jndn.util.Common.getRandom().nextBytes(initialVector.array()); initialVector_ = new Blob(initialVector, false); } else initialVector_ = new Blob(); }
/// <summary> /// Create an EncryptParams with the given parameters. /// </summary> /// /// <param name="algorithmType">The algorithm type, or null if not specified.</param> /// <param name="initialVectorLength"></param> public EncryptParams(EncryptAlgorithmType algorithmType, int initialVectorLength) { algorithmType_ = algorithmType; if (initialVectorLength > 0) { ByteBuffer initialVector = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(initialVectorLength); net.named_data.jndn.util.Common.getRandom().nextBytes(initialVector.array()); initialVector_ = new Blob(initialVector, false); } else { initialVector_ = new Blob(); } }
/// <summary> /// Encrypt the plainData using the keyBits according the encrypt algorithm type. /// </summary> /// /// <param name="plainData">The data to encrypt.</param> /// <param name="algorithmType"></param> /// <returns>The encrypted data.</returns> public Blob encrypt(byte[] plainData, EncryptAlgorithmType algorithmType) { System.SecurityPublicKey publicKey = keyFactory_ .generatePublic(new X509EncodedKeySpec(keyDer_ .getImmutableArray())); String transformation; if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs) { if (keyType_ != net.named_data.jndn.security.KeyType.RSA) { throw new Exception("The key type must be RSA"); } transformation = "RSA/ECB/PKCS1Padding"; } else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { if (keyType_ != net.named_data.jndn.security.KeyType.RSA) { throw new Exception("The key type must be RSA"); } transformation = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"; } else { throw new Exception("unsupported padding scheme"); } Cipher cipher = javax.crypto.Cipher.getInstance(transformation); cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, publicKey); return(new Blob(cipher.doFinal(plainData), false)); }
/// <summary> /// Decrypt the cipherText using this private key according the encryption /// algorithmType. Only RSA encryption is supported for now. /// </summary> /// /// <param name="cipherText">The cipher text byte buffer.</param> /// <param name="algorithmType">This decrypts according to algorithmType.</param> /// <returns>The decrypted data.</returns> /// <exception cref="TpmPrivateKey.Error">if the private key is not loaded, ifdecryption is not supported for this key type, or for error decrypting.</exception> public Blob decrypt(ByteBuffer cipherText, EncryptAlgorithmType algorithmType) { if (keyType_ == null) { throw new TpmPrivateKey.Error( "decrypt: The private key is not loaded"); } String transformation; if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs) { transformation = "RSA/ECB/PKCS1Padding"; } else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { transformation = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"; } else { throw new TpmPrivateKey.Error("unsupported padding scheme"); } try { Cipher cipher = javax.crypto.Cipher.getInstance(transformation); cipher.init(javax.crypto.Cipher.DECRYPT_MODE, privateKey_); // Use Blob to get the byte array. byte[] cipherByteArray = new Blob(cipherText, false) .getImmutableArray(); return(new Blob(cipher.doFinal(cipherByteArray), false)); } catch (Exception ex) { throw new TpmPrivateKey.Error("Error decrypting with private key: " + ex.Message); } }
/// <summary> /// Set the algorithm type. /// </summary> /// /// <param name="algorithmType">The algorithm type. If not specified, set to null.</param> /// <returns>This EncryptParams so that you can chain calls to update values.</returns> public EncryptParams setAlgorithmType( EncryptAlgorithmType algorithmType) { algorithmType_ = algorithmType; return(this); }
/// <summary> /// Create an EncryptParams with the given algorithmType and an unspecified /// initial vector. /// </summary> /// /// <param name="algorithmType">The algorithm type, or null if not specified.</param> public EncryptParams(EncryptAlgorithmType algorithmType) { algorithmType_ = algorithmType; initialVector_ = new Blob(); }
/// <summary> /// Set the algorithm type. /// </summary> /// /// <param name="algorithmType">The algorithm type. If not specified, set to null.</param> /// <returns>This EncryptParams so that you can chain calls to update values.</returns> public EncryptParams setAlgorithmType( EncryptAlgorithmType algorithmType) { algorithmType_ = algorithmType; return this; }
/// <summary> /// Prepare an encrypted data packet by encrypting the payload using the key /// according to the params. In addition, this prepares the encoded /// EncryptedContent with the encryption result using keyName and params. The /// encoding is set as the content of the data packet. If params defines an /// asymmetric encryption algorithm and the payload is larger than the maximum /// plaintext size, this encrypts the payload with a symmetric key that is /// asymmetrically encrypted and provided as a nonce in the content of the data /// packet. The packet's /{dataName}/ is updated to be /// /{dataName}/FOR/{keyName} /// </summary> /// /// <param name="data">The data packet which is updated.</param> /// <param name="payload">The payload to encrypt.</param> /// <param name="keyName">The key name for the EncryptedContent.</param> /// <param name="key">The encryption key value.</param> /// <param name="params">The parameters for encryption.</param> public static void encryptData(Data data, Blob payload, Name keyName, Blob key, EncryptParams paras) { Name dataName = data.getName(); dataName.append(NAME_COMPONENT_FOR).append(keyName); data.setName(dataName); EncryptAlgorithmType algorithmType = paras.getAlgorithmType(); if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesEcb) { EncryptedContent content = encryptSymmetric(payload, key, keyName, paras); data.setContent(content.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get())); } else if (algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaPkcs || algorithmType == net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.RsaOaep) { // Java doesn't have a direct way to get the maximum plain text size, so // try to encrypt the payload first and catch the error if it is too big. try { EncryptedContent content_0 = encryptAsymmetric(payload, key, keyName, paras); data.setContent(content_0.wireEncode(net.named_data.jndn.encoding.TlvWireFormat.get())); return; } catch (IllegalBlockSizeException ex) { // The payload is larger than the maximum plaintext size. Continue. } // 128-bit nonce. ByteBuffer nonceKeyBuffer = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(16); net.named_data.jndn.util.Common.getRandom().nextBytes(nonceKeyBuffer.array()); Blob nonceKey = new Blob(nonceKeyBuffer, false); Name nonceKeyName = new Name(keyName); nonceKeyName.append("nonce"); EncryptParams symmetricParams = new EncryptParams( net.named_data.jndn.encrypt.algo.EncryptAlgorithmType.AesCbc, net.named_data.jndn.encrypt.algo.AesAlgorithm.BLOCK_SIZE); EncryptedContent nonceContent = encryptSymmetric(payload, nonceKey, nonceKeyName, symmetricParams); EncryptedContent payloadContent = encryptAsymmetric(nonceKey, key, keyName, paras); Blob nonceContentEncoding = nonceContent.wireEncode(); Blob payloadContentEncoding = payloadContent.wireEncode(); ByteBuffer content_1 = ILOG.J2CsMapping.NIO.ByteBuffer.allocate(nonceContentEncoding .size() + payloadContentEncoding.size()); content_1.put(payloadContentEncoding.buf()); content_1.put(nonceContentEncoding.buf()); content_1.flip(); data.setContent(new Blob(content_1, false)); } else { throw new Exception("Unsupported encryption method"); } }
/// <summary> /// Set the algorithm type. /// </summary> /// /// <param name="algorithmType">The algorithm type. If not specified, set to null.</param> /// <returns>This EncryptedContent so that you can chain calls to update values.</returns> public EncryptedContent setAlgorithmType( EncryptAlgorithmType algorithmType) { algorithmType_ = algorithmType; return(this); }
getNumericType(this EncryptAlgorithmType algorithmType) { return((int)algorithmType); }
/// <summary> /// Encrypt the plainData using the keyBits according the encrypt algorithm type. /// </summary> /// /// <param name="plainData">The data to encrypt.</param> /// <param name="algorithmType"></param> /// <returns>The encrypted data.</returns> public Blob encrypt(Blob plainData, EncryptAlgorithmType algorithmType) { return(encrypt(plainData.getImmutableArray(), algorithmType)); }
/// <summary> /// Set the algorithm type. /// </summary> /// /// <param name="algorithmType"></param> /// <returns>This EncryptedContent so that you can chain calls to update values.</returns> public EncryptedContent setAlgorithmType( EncryptAlgorithmType algorithmType) { algorithmType_ = algorithmType; return this; }